Written by: Bogdan Patru
Before we get to the matter at hand, let’s talk about why you should attempt to combine a VPN with Tails in the first place. To do this, definitions are needed.
You already know what a VPN is, what it does, and how you can use it to enhance your overall online privacy. It’s basically your go-to pocket cyber-cloak that you can put on whenever you surf the internet.
Tails, on the other hand, is a Linux-based operating system specifically tailored for privacy-oriented users who are afraid of third parties tracking their online snooping. What Tails does is simple – it routes all your internet traffic through Tor.
With Tor’s encryption protocols in place, even complete noobs will find it very easy to access the internet knowing that their anonymity and privacy are kept safe.
It’s also worthy of mentioning that Tor is extremely secure, to begin with. You naturally want the best of both worlds, to benefit from the popular web browser’s cyber-proof encryptions as well as a VPN’s many expansive features.
The solution is simple. You combine the VPN of your choice with Tails over Tor and you have access to the best of both technologies.
There are three main setups to talk about and analyze:
You can do this using one of two methods:
In order to do this, you need to have sudo access when booting. Install OpenVPN, and change the network settings so as to reroute the traffic through Tor first, before it reaches the OpenVPN interface.
Remember that these settings are not persistent. If you reboot the computer or the router, all the settings will return to their default state and you have to redo the entire process.
You have to create an access point inside another computer through which you will route the traffic. Even better, you can build a Raspberry Pi or place the VPN stack inside of a router.
Keep in mind that this method is a bit more complicated, and it will require some basic knowledge of Linux, terminal/bash, SSh, etc.
First off, take a look at what the Tails VPN support page says:
The Dynamic Forward option of the SSH command line is accessible with the -D flag. When you run SSH with this flag, the connection turns into a SOCKS proxy server.
It will route TCP and UDP network packets to a destination address. Take a look at this example to understand how it all works:
ssh -D 7777 vpn_server.com
This command line creates a SOCKS5 proxy server on port 7777 to forward data packets to vpn_server.com which you will replace with a real address. Next, you have to configure the Tor Browser to conduct its activities on this proxy server.
There you go – now, you have a static IP with which all your outgoing Tor data packets are registered with, and this is your VPN connection.
Interestingly enough, the Tails VPN Support page insists on trying to combine Tails and VPNs is a bad idea, to begin with.
Let’s analyze what they’re actually saying for a little bit.
By saying that to replace Tor with a VPN is a bad idea, they probably wanted to give out a warning to inexperienced people that screwing around with such security details might lead to foolish mistakes on their part.
Disabling Tor is a bad idea, I agree, but VPNs are not intrinsically bad or lacking in security, as suggested by the official statement of the Tails VPN Support page.
For example, if you use Bitcoins to purchase a subscription to a well-known and reliable VPN that you know is serious, then the level of security you get is at least on par with that of Tor.
By permanent entry guard, you should understand that your data packets go from your computer to the VPN, and then to Tor. This creates an endpoint server or IP address that receive the data before it reaches the Tor network.
However, it really makes no difference whatsoever if the data went from the computer directly to the Tor network. After all, the connection is encrypted by the VPN in the first place.
In this way, if Tor is compromised, then the attacker would also have to bypass the VPN’s security countermeasures before getting to the real you. As far as he’s concerned, he cannot get to the data unless the VPN is taken care of.
Obviously, this is much safer than accessing Tor directly.
As for the permanent exit node, it means that sending your data from the computer, through Tor, and then to the VPN, all the implicated servers that receive network requests will believe those requests come from the VPN.
All the Tor exit nodes will identify the VPN server as the exit node.
In turn, this creates a few possible issues for you. If Tor is compromised, third-parties will find out who you are and what exactly you requested. This is the bad news.
The good news is that you will naturally get over Captcha attempts and other blocking techniques that some websites use to limit the Tor traffic.
Even though the official guides will warn you against using Tails with a VPN, I believe it’s actually a good idea if you want more privacy and more security countermeasures against hacking attempts.
For those who want to track your traffic or eavesdrop on your online conversations, setting up the Tails OS to go through the VPN and then to the Tor Network will cut off all access routes to you.
Whether you want added security protocols or if you’re afraid that Tor could be monitored, putting together this setup will alleviate all of your worries and put you out of harm’s way permanently.