How To: Chain VPNs for Complete Anonymity

Chain VPNs for Complete Anonymity

Big name individual hackers and hacker groups everywhere in the news are getting caught and thrown in jail. Everytime I see something like this happen, I won't lie, I get a little sad. Then I wonder, how are these guys getting caught? If a group like LulzSec, with all the fame and "1337-ness" can get caught, I think my hacker comrades are doing something wrong.

When members of LulzSec started getting captured, it was because proxy and VPN services complied to federal request and handed over the private information of its users. I think this is wrong for a number of reasons—foremost, people should be able to have their own privacy respected. Today's Null Byte will be demonstrating one of the methods around this: Chaining VPNs.

A VPN allows you to connect to a remote network, and over all ports, encrypt and forward your traffic. This also changes your IP address. Chaining VPNs is a tricky task, though there is a simple and uncommon method I know of. Using multiple VPNs together has the huge perk of being completely anonymous. 

How Does Chaining VPNs Work?

First, a person would connect to the VPN. Then, when connected to the first VPN, you chain to the second, and since a bunch of people share the same IP, the second VPN has no way of knowing who tunneled to it. An even better scenario is where you use an eastern VPN as your first, because our country has no jurisdiction to retrieve the logs from them, thus increasing your security.

However, to chain VPNs, the second VPN would need to know how the first VPN's traffic was encrypted. This flaw makes it impossible to chain them in this method, unless you own both VPNs (not very likely).

So, how can we chain VPNs then? I'll show you how by using a virtual machine!

Requirements

Step 1 Install OpenVPN & a VirtualBox Computer

Text in bold is a terminal command.

First, we need to install the VPN client for Linux users. Windows users can download the program here and here, and run the installer normally. Mac users can use this GUI for OpenVPN for Mac.

  1. Change to the Downloads directory.
  2. Configure the installation.
        ./configure
  3. Compile and install.
        make && sudo make install
  4. Now we need to install VirtualBox. This will allow us to have a virtual operating systems running from within our computer. Download VirtualBox: Windows, Mac, Linux.
  5. Install a virtual machine of your choice for Windows or Linux and Mac, then install OpenVPN to it.

Step 2 Chain the VPNs

Start up your virtual machine, and configure them both.

  1. For Windows users using the default VPN client, use this guide to connect to a VPN. Linux and Mac users, go here.
  2. Connect to VPN A with your host OS.
  3. Start up your virtual machine of choice, and connect to VPN B with it.
  4. Operate from within your virtual machine, and you will be safe from prying eyes. If you need to delete the virtual machine, make sure you securely delete it, and your information will be safe.

For Null Byte news, follow me on Twitter. Also, join the IRC and come hang out with us!

Just updated your iPhone to iOS 18? You'll find a ton of hot new features for some of your most-used Apple apps. Dive in and see for yourself:

Image via Manuel Corpa

19 Comments

man I really want a few eastern block vpn's XD

I know, right. I ought to make buddybuddy with some eastern lads ^_^.

What if you install VirtualBox inside your virtual machine, then start a new virtual machine inside your virtual machine?
Awesome :D

Haha, it works :p.

Hehe it would be quite awesome to have ~10 virtual machines connected to different VPNs :P

"Yo dawg I heard you're paranoid so I put a virtual machine inside your virtual machine so you can vpn
while you vpn!"
haha :)

I don't understand the advantage of this.

"the second VPN has no way of knowing who tunneled to it"

Well, then couldn't they simply asks for logs from the first VPN?
And, if the first VPN is an eastern VPN that doesn't keep logs, then what's the advantage of chaining a second VPN ?

you r right himura.

A free VPN can not be trusted. At all. They are free because they sell you info. You can chain two free ones together, the FEDS will get the logs and v8 you.

Reading the policies of each VPN to look at will give you an idea of what they'll do with their data logs. Some merely log when you connected and for how long, just your IP address and a timestamp. Some of them wipe their logs after a certain amount of time because logs take up a lot of space when a lot of people connect. Some VPNs don't even log you at all. Its all in the policy. If you don't feel comfortable with their policy, don't do it. (And all VPNs do is make it harder for people to track you. They have to figure out that it wasn't that computer but a computer that connected to that computer (and it could go on for a while if the VPNs were chained).

Allen said : "A free VPN can not be trusted. At all."

The one you pay aren't more reliable. Some of them only because they respect the laws (and must give their log to the authorities), others seems to be created directly by intelligence services (i had to say : that's intelligent !).

You may want to rule your own VPN server, but that's still a bad idea :
Basically, you don't have the right to let other people acces your VPN.
If you're alone on it, you're not hidden.

You may also want to give some free accounts, but in this case you have to declare yourself as a encryption distributor to authorities, and soon face many official log request, with a nice list of punishement in case you don't obey.

So it won't be smart to use a VPN for doing something reprehensive.
As i don't trust Tor, i would choose to use some open wifi network for getting some anonymity.

For baby hackers around there : there are many other way to get fun with your computer than doing illegal things. Unless you've got a clear and moral objective that deserve you may spend years in jail, don't do that !

It all depends on your threat szenario.

Depending on the country you live in a good alternative to open wifi, actually a better one, are mobile devices with simcards you dont have to register.

Like for example in the netherlands you can just buy a simcard at aldi with cash, it works out of the box. Use that with a 3G modem (paid for in cash aswell).

You can still put VPN or Tor on top of that, but if it fails the worst that can happen is that your location based on cell towers gets known. Unless of course your traffic reveals you.

I sometimes use vpn in a Vbox client and vpn in the host. Both use different servers or locations. The client shows the IP of the server used and the same with the host OS.

My understanding would be my client OS is tunneling with its own vpn through the host's vpn giving me two layers of encryption and anonymity.

What do you think?

According to me, a VPN doesn't protect our virtual machines when running in the host machine,so practically this method of chaining VPN's won't actually work

First of all thanks for alot of interesting stuff, I follow pretty much everything that's being put out there.

When this article was written you could be stealthy on the net but that is the past now..
If you wanna be untraceable .. don't turn on your computer ;).

If that is not an option your best bet is to be better than those who investigating or doing something that demands so many resources to track, that it is impossible to solve the crime.

Jean, while your are right paid VPNs aren't necessarily more private, it gives them a reason not to sell your information. Second, the legal obligation is why we choose VPNs in countries that have better privacy laws. Nobody in their right mind would choose a VPN in the US here, why? Privacy laws. It would be almost useless. A country like Sweden, on the other hand, has better privacy laws.

Using multiple vpns isnt good opsec strategy imo. Its preaty easy to track ip somebody using vpns chain. As law enforcement analyst i would do:

Last vpn: hey, i need your logs of ips connecting to this server from date and time when the crime was made, there is injunction.

Checking ip adresses and and specific persons linked to those addresses, if tehere is ip adress of another vpn:

Last but one vpn: hey, i need logs of ips connecting to this adress (our last vpn) on time and date, there is injunction. Maybe all ips connecting from your vpn to this 'last vpn' couse chaining vpns isnt very common.

If tehere is another vpn: repeat.

Share Your Thoughts

  • Hot
  • Latest