[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor -> VPN Clarification

On Fri, Jan 30, 2015 at 10:05:46AM +0000, Squeak wrote:
> Hello,
> Relative newbie here, and I was wondering if someone could help me with
> something please. I keep seeing people describing connections to the Tor
> and is VPN connections in the following two ways:
> Tor -> VPN
> VPN -> Tor

As with all security, it depends on your goals, what you want to protect,
and from whom. I have used Tor in both ways for various reasons.

Tor -> VPN

Some possible examples of what this is good for.  You might want to
use this if you want to hide your current network location but you
need to log into a VPN to access certain services available only via
the VPN, or if the VPN is associate with you (e.g. run by your
employer) and you don't want the local ISP to see you log into the

Since you log into the VPN, everything you do there can be tied to
your account. If you are concerned that your activity "leaving" the
VPN can be tied to you by someone who might compromise the VPN in some
way, then anything the VPN knows about you from that account will be
potentially vulnerable to this. If this is not something you are
worried about or a risk you consider unlikely or not bad enough should
it happen, then you might use this configuration.

VPN -> Tor

You might not have a choice: your computer is currently configured to
direct all connections via the VPN, and you want to use Tor to either
hide your destinations from the VPN or to hide that you are using that
VPN from your destinations or you may want to access something at a
.onion address or....

Or you may have a choice and some reason to use Tor, but you are in a
location that blocks the public Tor relays. You could also use
bridges, but you know the VPN is not blocked and this is more
convenient or it better fits your trust/threat concerns than a bridge
would. Or you may know the location of access to the VPN and you are
happy to have your access to the VPN visible to the local ISP, but you
don't want it to see you accessing the Tor network or possibly
unexpected destinations such as a bridge.

I have certainly not given all the reasons for using either
configuration, nor have I spelled out all the risks from every
possible adversary.  But I hope this helps.

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to