Hi everybody,

Is it possible to chain VPN as it is possible to chain proxies ?

More precisely, I have 2 (PPTP) VPN, say VPN provider A, and VPN provider B.

I would be able to create an encrypted connexion to VPN provider B, through an encrypted connection to VPN provider A, in order to obtain:


Me ** (A+B encrypted)** <VPNprov. A>**(B encrypted)**<VPNProv B>--<net>
Me *****(connexion)****



When on XP, I simply run VPN A and then VPN B, a proxy checker shows an IP from VPN provider B. Seems fine, but I am not sure this simple method really do what it is supposed to do: Is my connexion to VPN Prov A really "A+B encrypted" ?

Moreover, when running emule, I always get with this method a lowid ( although I always get high id when I use VPN A or VPN B separately) :confused:

So perhaps have I to reconfigure my routeur, but I don't understand exactly how .

So, I need some help ... :wink:

Hi everybody,

Is it possible to chain VPN as it is possible to chain proxies ?

More precisely, I have 2 (PPTP) VPN, say VPN provider A, and VPN provider B.

I would be able to create an encrypted connexion to VPN provider B, through an encrypted connection to VPN provider A, in order to obtain:


Me ** (A+B encrypted)** <VPNprov. A>**(B encrypted)**<VPNProv B>--<net>
Me *****(connexion)****

If I'm not mistaken, you want something like this, right?

http://img389.imageshack.us/img389/1491/trafficzo3.gif


When on XP, I simply run VPN A and then VPN B, a proxy checker shows an IP from VPN provider B. Seems fine, but I am not sure this simple method really do what it is supposed to do: Is my connexion to VPN Prov A really "A+B encrypted" ?

I have once done this test too, and Outpost and smsniff said it is.


Moreover, when running emule, I always get with this method a lowid ( although I always get high id when I use VPN A or VPN B separately) :confused:

That's normal, since other eMule users will try to contact VPN B's IP, but since its server isn't running eMule you'll appear as NATed. Same goes for anything else that needs to make an incoming connection to you (port checker tools, BitTorrent, etc.), so I wouldn't recommend this method unless you really need security.

Depending on your configuration, establishing a connection to VPN B may break the connection to VPN A. What do you get for an IP after establishing the chain then disconnecting from VPN B?

I saw a method for nesting multiple VPNs (http://www.ab9il.net/crypto/multi-vpn.html) that works fine if you use a virtual machine for your p2p or other activities. Basically, you use VPN A on the host computer, then VPN B for the virtual machine. Anything you connect to on the VM gets double protection and the IP of VPN B.

Hope this helps.

Depending on your configuration, establishing a connection to VPN B may break the connection to VPN A. What do you get for an IP after establishing the chain then disconnecting from VPN B?

I saw a method for nesting multiple VPNs (http://www.ab9il.net/crypto/multi-vpn.html) that works fine if you use a virtual machine for your p2p or other activities. Basically, you use VPN A on the host computer, then VPN B for the virtual machine. Anything you connect to on the VM gets double protection and the IP of VPN B.

Hope this helps.


Thanks a lot. The title of this old post was incorrect. I found a way no only to chain vpn, but to encapsulate them in each other, as russian dolls.

My goal was in fact to mimic tor with vpn: The entry vpn see who I'm but not what I do, the exit vpn see what I do, not who I am.

I think the way you are speaking about is exactly answer to the title I should have to write.

The problem is, virtualization is ressource consuming, and my system tends to be exhausted for many reasons (plus, I'm not good in virtualization because I've never done that : :confused:).

So, for the time being, until I buy a more powerfull PC, I use the following trick: I first connect to a pptp or L2TP/Ipsec vpn, and then I run an opvpn one. It seems to work, but being nated by the openvpn, I'm not sure I really anonym for the openvpn provider....

The problem is, virtualization is ressource consuming, and my system tends to be exhausted for many reasons (plus, I'm not good in virtualization because I've never done that : :confused:).

Using a VirtualBox shouldn't be hard, but that's pretty inefficient resource-wise.