VPN > TOR > VPN benefits and drawbacks

Hello comrades

By chance, I wanted to made up a topic that is raising me a concern. Perhaps I am not on the intended section but if you could collaborate on this I would be appreciated.

I wonder if:
I have an Asus wrtmertin router connected to my ISP’s router
I connect my Asus router to NordVPN using OpenVPN and check “redirect all internet traffic”
I enable and check the “Tor” option on this router to “redirect all internet traffic”
I use my computer connected to this router to connect to CyberGhost VPN

In order to achieve:
VPN 1: Hide to my ISP that I am using Tor
Tor: Protect me from being traced back
VPN 2: Hide to websites that I am leaving a tor exit node

1- Would it have any either privacy or annonimity drawback?
2- Would this setup work as I have described/assumed here?

Hopefully we can sort this out mates
Best wishes

Privacy and anonymity is massively reduced. Do not do this unless you have a very good reason to do so. Read Tor Browser Essentials:


Yes, a VPN after Tor will hide the fact that you are using Tor to a website. The easiest way to do this (not recommended!) is to install a non-Tor browser in the Whonix workstation, and connecting to a VPN with a browser plugin.

If https://check.torproject.org/ says that you are not connected to Tor (within the Whonix workstation) you’re successfully using Tor > VPN.

The docs generally agree that vpn > tor is only useful to hide from ISP that u use tor. But then again your vpn becomes your “isp”. So make sure they keep no logs and pay with crypto. Then again, many of vpns who claimed to no log have lied in history and paying anonymously with crypto is a whole another universe and I am trying to figure it out.

But this reply comes too late anyway, so who gives a shit XD

But what is the purpose of paying anonymously if you connect with your real IP anyway?

1 Like

I have heard and read that “they” always first go for the payment methods. Money is the best trail. Its not that easy to find who accesed specific site with commercial vpns, since milions of people connect to same servers. I AM NOT AN EXPERT. I have thought of using free public wifis, but then again, they could be survellanced even more

This hasn’t been mentioned yet but it should be (in case some other user online stumbles on this thread for whatever reason) - learn how to self-host.

Whonix already caters to developers / programmers that are DIY masters. If you ever want to exist in the most secure space you can be in, Whonix is more than sufficient.

Quick Additional Information

  1. It was never stated at any point in time within the guide that it is impossible to obfuscate your traffic to the point where it would become difficult/impossible for your ISP to determine that you were using the Tor Network. However, if you were truly the target of a widespread, sweeping investigation by a national / military based power (i.e., NSA). Fortunately, if you’re domiciled in the United States and a citizen here, then the NSA does not give a fuck about what it is that you’re doing behind the scenes, even if you are committing some type of low level crime (i.e., selling drugs, pimping, etc.).

  2. Deep packet inspection is a mother fucker and a lot of major ISPs, govt’s and otherwise have access to this type of technology. If you’re merely looking to circumvent this type of scrutiny, then perhaps you should consider using something outside of the Tor Network (i.e., Shadowsocks Proxy).

  3. Expanding on the prior point, there are several other tools/instruments outside of a common VPN or proxy that can be used to better facilitate the obfuscation of one’s traffic. For example, there are pluggable transports & obfs (if you still want to go the route of Tor or find something that can be easier integrated with your use of Whonix). Beyond that there’s shadowsocks (tool I just mentioned; built by Chinese devs as a means of censorship circumvention by the GFW [Great Firewall of China]), multipath tcp/udp (more on this in a second), stunnel and other techniques that could be utilized to better accomplish the type of obfuscation you’re looking for.

My Recommendation: Consider Multipath-UDP

Multipath TCP is a standardized method of packet transmission that was formalized via RFC back in 2020 (so its still pretty new). Its under RFC 8646.

Multipath TCP (MPTCP) is primarily designed to enhance the reliability and performance of internet connections. It achieves this by allowing data transmission across multiple paths concurrently instead of sticking to a single path.

Its not inherently designed to facilitate obfuscation (at all), but given the nature of how it works…if you’re smart enough to layer it with another means of obfuscation (i.e,. proxy), then you may have something great on your hands.

Typically, UDP is a better protocol to utilize for obfuscation than TCP for reasons outside of the scope of what I’m writing here (do not feel like making this lengthy worded post even longer than it really needs to be). But let’s just say that there’s such thing as a “multipath UDP” and the creators of such a tool capable of modifying and executing the IP packet transmissions in your device in such a way created a repo on GitHub with the same goal in mind as what we’re discussing in this thread.

Its called ‘glorytun’ on GitHub.

These things should give you a start in the right direction when it comes to how you should pursue this mission. Good luck everyone! Consult the brilliant developers of Whonix if you want to get better answers and more reliable guides on how you can achieve this semi-impossible mission you all are on!