A
A
airbor2019-10-21 12:46:53
VPN
airbor, 2019-10-21 12:46:53

Is it possible to connect to VPN through VPN?

If you take and connect through one VPN application and then through the second one, does it turn out to be a VPN tunnel inside the VPN or just reconnecting from one to another?
If there are two of them, then even through the VPN service there is already traffic encrypted by another VPN service. The first VPN does not know where you are connecting, and the second does not know where you are connecting from and the content of the data. All right?

Answer the question

In order to leave comments, you need to log in

5 answer(s)
M
Markus Saar, 2019-10-21
@markus_saar

To answer the first part of your question , in order to run one and the other VPN application, you will need to differentiate between their work. For example, set up one VPN on the router, and run the other on the computer. Or run one as part of the main operating system, and run the second inside a virtual machine on the same computer.
About the second part of the question : almost so. One VPN won't know where you're connecting from, but another might if that's what the owners of the service are interested in. Read their privacy policy, study their reputation.
Summing up, I can say that there is not much point in two VPNs. You will slow down your Internet speed, and you will not get a significant increase in privacy.
Another thing is if the first VPN server will be your own, and then connect to the VPN service from it for a wider selection of servers, IP addresses, etc. As a result, the scheme can be as follows: your VPN is connected to the router, and the VPN service program is already installed on the computer.
But consider whether you really need such a paranoid scheme, or is it better to take care of other places where privacy suffers much more? At the beginning of this year I published on Habré, read: Not a single VPN. A cheat sheet on how to secure ... .

S
saniii, 2019-10-21
@saniii

Answering the second question, such a scheme is called Parallel VPN, when the ip changes twice and the traffic is encrypted inside the "second" vpn.

V
ValdikSS, 2019-10-22
@ValdikSS

If we are talking about OpenVPN, it is enough for the first VPN in the configuration file to either add:

route-nopull
route IP-ПЕРВОГО-VPN-СЕРВЕРА 255.255.255.255 net_gateway
route IP-ВТОРОГО-VPN-СЕРВЕРА 255.255.255.255 vpn_gateway

Or remove redirect-gatewayit if it exists.
Connect to the first VPN, connect to the second. Everything will work.

K
Karpion, 2019-10-23
@Karpion

VPN is traffic encapsulation (that's what buzzwords I know!), almost transparent to overlying protocols (there are problems with MTU - here they are visible to overlying protocols). Accordingly, there is no fundamental impossibility of re-encapsulation; however, not all programs for organizing a VPN tunnel can do this. And if you set it up manually, then you need to understand well how traffic should be directed - so that after encapsulation, the packet does not re-direct to the same encapsulation.
And you can set up the system so that we simply connect via VPN to two different points. For example, I am given access to two corporate networks with "gray" IP addresses like 192.168.*.*, and I connect to both at once.
I advise you to read about SSh, there was an article on Habré. It describes forwarding an SSh tunnel through several servers.
You're asking:

The first VPN does not know where you are connecting, and the second does not know where you are connecting from and the content of the data. All right?
No, it's not true. The first VPN does not know where you are connecting and the content of the data. The second VPN doesn't know where you're connecting from; but it knows the contents of the data (unless the end server uses something like HTTPS) - after all, it must send them to the server.
And of course, if VPN providers agree, they will easily match your connections. In theory, it would be nice to have VPN providers in different jurisdictions, but this does not give a guarantee.
Having your own VPN server is good. But the hosting owner can easily screw this up, especially if standard well-known methods are used. And non-standard ones are unreliable, they can be hacked by traffic analysis (however, standard ones can also be hacked by traffic analysis).
The whole question here is what forces will be thrown into the investigation. So far, the "Elusive Joe principle" helps.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question