Tunneling a VPN Within a VPN: Is It Possible?

  • Thread starter Thread starter Steven Ellet
  • Start date Start date
  • Tags Tags
    Tunneling
Click For Summary

Discussion Overview

The discussion centers on the feasibility of nesting a VPN within another VPN, exploring the implications, methods, and potential security benefits of such an arrangement. The conversation touches on theoretical aspects, practical applications, and user experiences related to VPN configurations.

Discussion Character

  • Exploratory
  • Technical explanation
  • Debate/contested

Main Points Raised

  • One participant questions the necessity of nesting a VPN within another, suggesting that while data can be encrypted multiple times, it may not enhance security.
  • Another participant draws a comparison to the Tor browser, noting that it operates on a different principle of routing through multiple servers for anonymity rather than using VPNs.
  • A user describes a method of using a global VPN at the OS level alongside a browser VPN, sharing their experience that this setup may not significantly increase security but does slow down browsing.
  • Some participants clarify the distinction between chaining and nesting VPNs, with one emphasizing that the original poster's inquiry seems to focus on nesting rather than chaining.
  • Another participant provides a visual example of how nesting works with a specific VPN service, mentioning that it claims to enhance privacy and reduce correlation attack risks, while expressing skepticism about the necessity of such a setup.

Areas of Agreement / Disagreement

Participants express differing views on the concept of nesting versus chaining VPNs, with some agreeing on the technical possibility of nesting but questioning its practical benefits. The discussion remains unresolved regarding the overall effectiveness and necessity of such configurations.

Contextual Notes

Participants acknowledge that the discussion involves assumptions about security, encryption, and the specific configurations of VPNs, which may vary based on individual use cases and definitions.

Steven Ellet
Messages
85
Reaction score
3
TL;DR
Layered VPN
Is it possible to put a vpn inside of another vpn, kind of like a tunnel in a tunnel? If so, how?
 
Technology news on Phys.org
Why?

In principle data is data, and you can encrypt it as many times as you'd like. However, it doesn't add security, and whether someone has written a stack to do this is uncertain.
 
  • Like
Likes   Reactions: berkeman
You can use a global VPN working at the OS level in your PC, @Steven Ellet, then run a VPN app in your browser to achieve a layered VPN. I've occasionally done this inadvertently, and I doubt it increases my security much...but it does slow down my browsing!

There's no magic in the routing, you can set the two VPN end points differently and external parties will see two different IP addresses, depending on what they're able to see (browser traffic in LA, for example, non-browser traffic in NY, assuming those are the VPN end points you've set) it's just that the browser traffic will be forced to transit LA to reach NY, and thence to the service you are browsing.
 
You can certainly chain VPNs, but I don't think that is what the OP is asking about (hence my "Why?"). He is talking about nesting them. Now, maybe he meant chaining them, but until he says otherwise, we should probably assume he meant what he asked.
 
Vanadium 50 said:
You can certainly chain VPNs, but I don't think that is what the OP is asking about (hence my "Why?"). He is talking about nesting them. Now, maybe he meant chaining them, but until he says otherwise, we should probably assume he meant what he asked.
A VPN at the OS layer and a VPN in a browser is nested, @Vanadium 50.

The browser traffic - encrypted by the browser app VPN - is carried over the OS' underlying transport service, also encrypted. Maybe me picking two end points as an example suggests it is chained, but here's a visual of the nesting using Windscribe, both exiting at their LA Dogg site:

1658534646128.png


And within the browser, the VPN knows it is tunnelling with the 'double hop' notification:

1658534693576.png


Windscribe note that doing this "provides enhanced privacy and anonymity as it significantly reduces the chance of a correlation attack on one of our servers" but my tin foil hat is not that firmly attached that I bother with this double layer of security.
 

Similar threads

  • · Replies 1 ·
Replies
1
Views
2K
  • · Replies 2 ·
Replies
2
Views
1K
  • · Replies 14 ·
Replies
14
Views
1K
  • · Replies 5 ·
Replies
5
Views
1K
  • · Replies 1 ·
Replies
1
Views
2K
Replies
3
Views
2K
  • · Replies 40 ·
2
Replies
40
Views
4K
  • · Replies 2 ·
Replies
2
Views
3K
Replies
4
Views
3K
  • · Replies 15 ·
Replies
15
Views
4K