How to use a VPN with Tails? Complete Guide

Updated on: 18 January 2019 PRIVACY

Before we get to the matter at hand, let’s talk about why you should attempt to combine a VPN with Tails in the first place. To do this, definitions are needed.

You already know what a VPN is, what it does, and how you can use it to enhance your overall online privacy. It’s basically your go-to pocket cyber-cloak that you can put on whenever you surf the internet.

Tails, on the other hand, is a Linux-based operating system specifically tailored for privacy-oriented users who are afraid of third parties tracking their online snooping. What Tails does is simple – it routes all your internet traffic through Tor.

With Tor’s encryption protocols in place, even complete noobs will find it very easy to access the internet knowing that their anonymity and privacy are kept safe.

It’s also worthy of mentioning that Tor is extremely secure, to begin with. You naturally want the best of both worlds, to benefit from the popular web browser’s cyber-proof encryptions as well as a VPN’s many expansive features.

1. Stitching together a digital Frankenstein – VPN + Tails/Tor

The solution is simple. You combine the VPN of your choice with Tails over Tor and you have access to the best of both technologies.

There are three main setups to talk about and analyze:

1. Tails to VPN to Tor

Pros:

  • The Tor network treats your traffic as originating from an anonymous VPN server.
  • If and when Tor gets compromised, you will still have a staunch defender in the form of the VPN server protecting you.
  • The moment your ISP tries to block Tor, all data will be routed outside of your ISP’s area of effect, which will then allow Tor access to the traffic flow.

Cons:

  • You have to pay for the VPN
  • If the VPN network is compromised, your data will be potentially made known to third-parties.
  • Working your way around the security settings of a VPN might be difficult.

Step-by-step guide

You can do this using one of two methods:

  • Install OpenVPN inside of Tails and then properly set up the settings. You have to know your way around tech stuff to succeed with this method.

    In order to do this, you need to have sudo access when booting. Install OpenVPN, and change the network settings so as to reroute the traffic through Tor first, before it reaches the OpenVPN interface.

    Remember that these settings are not persistent. If you reboot the computer or the router, all the settings will return to their default state and you have to redo the entire process.

  • The second and simplest method is to install the VPN server between the device using Tails and the public internet. Tails will function normally in this case.

    You have to create an access point inside another computer through which you will route the traffic. Even better, you can build a Raspberry Pi or place the VPN stack inside of a router.

2. Tails to Tor to VPN

Pros:

  • You have access to features and services that you would otherwise get only through a VPN
  • You can access services and websites that Tor would be blocked by

Cons:

  • You don’t have access to any Tor hidden services.
  • If the Tor network gets compromised, your real IP address will be leaked.
  • If there are third-parties or other providers that want to flush you out, they will only have to focus on breaking the VPN, and not the whole Tor network.

Step-by-step guide

Keep in mind that this method is a bit more complicated, and it will require some basic knowledge of Linux, terminal/bash, SSh, etc.

First off, take a look at what the Tails VPN support page says:

VPN Tails

The Dynamic Forward option of the SSH command line is accessible with the -D flag. When you run SSH with this flag, the connection turns into a SOCKS proxy server.

It will route TCP and UDP network packets to a destination address. Take a look at this example to understand how it all works:

ssh -D 7777 vpn_server.com

This command line creates a SOCKS5 proxy server on port 7777 to forward data packets to vpn_server.com which you will replace with a real address. Next, you have to configure the Tor Browser to conduct its activities on this proxy server.

There you go – now, you have a static IP with which all your outgoing Tor data packets are registered with, and this is your VPN connection.

2. Is it safe to use VPN with Tails?

Interestingly enough, the Tails VPN Support page insists on trying to combine Tails and VPNs is a bad idea, to begin with.

VPN with Tails Safety

Let’s analyze what they’re actually saying for a little bit.

By saying that to replace Tor with a VPN is a bad idea, they probably wanted to give out a warning to inexperienced people that screwing around with such security details might lead to foolish mistakes on their part.

Disabling Tor is a bad idea, I agree, but VPNs are not intrinsically bad or lacking in security, as suggested by the official statement of the Tails VPN Support page.

For example, if you use Bitcoins to purchase a subscription to a well-known and reliable VPN that you know is serious, then the level of security you get is at least on par with that of Tor.

By permanent entry guard, you should understand that your data packets go from your computer to the VPN, and then to Tor. This creates an endpoint server or IP address that receive the data before it reaches the Tor network.

However, it really makes no difference whatsoever if the data went from the computer directly to the Tor network. After all, the connection is encrypted by the VPN in the first place.

In this way, if Tor is compromised, then the attacker would also have to bypass the VPN’s security countermeasures before getting to the real you. As far as he’s concerned, he cannot get to the data unless the VPN is taken care of.

Obviously, this is much safer than accessing Tor directly.

As for the permanent exit node, it means that sending your data from the computer, through Tor, and then to the VPN, all the implicated servers that receive network requests will believe those requests come from the VPN.

All the Tor exit nodes will identify the VPN server as the exit node.

In turn, this creates a few possible issues for you. If Tor is compromised, third-parties will find out who you are and what exactly you requested. This is the bad news.

The good news is that you will naturally get over Captcha attempts and other blocking techniques that some websites use to limit the Tor traffic.

3. Conclusion

Even though the official guides will warn you against using Tails with a VPN, I believe it’s actually a good idea if you want more privacy and more security countermeasures against hacking attempts.

For those who want to track your traffic or eavesdrop on your online conversations, setting up the Tails OS to go through the VPN and then to the Tor Network will cut off all access routes to you.

Whether you want added security protocols or if you’re afraid that Tor could be monitored, putting together this setup will alleviate all of your worries and put you out of harm’s way permanently.