[OPSEC/Computer] Using VPN on Tails

Hi gents and gals,

as the title says I have a problem using VPN together with tails/tor. I have been using a VPN service on my host and ran Tails on a VMWare, which has its OpSec vulnerability so I'm switching to physical Tails. What program do you guys use for VPN in tails/(x)ubuntu ? How do you connect ? VPN Client > Tor (Via localhost proxy) > VPN Server ?

Thanks in advance!


Comments


[3 Points] None:

>In some situations, you might be forced to use a VPN to connect to the Internet, for example by your ISP. This is currently not possible using Tails.

You also can't connect to a VPN through Tor. Tails should definitely implement a VPN client though. Seems like something pretty easy to do.


[2 Points] thesilksheet:

Get dd-wrt firware for your router. Have router connect to VPN.


[1 Points] AutoModerator:

Fact Heroin vendors tend to be difficult to deal with.

I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.


[1 Points] fg679:

I haven't used Tails, but if there's an option to configure Tails to connect through a proxy server/gateway, you could:

  1. Run a internet gateway on a second physical machine (e.g. whonix gateway
  2. Connect to your VPN on your whonix gateway
  3. Configure tails to use the whonix gateway as its internet gateway/proxy

This means: Your internet connection -> VPN -> tor -> wherever

It's good opsec to tunnel tor over a VPN so your ISP can't 'see' that you're using tor (only your VPN provider can, so pick one that is strong on privacy). I mean, technically there's traffic correlation to worry about, but a lot of links in the chain would have to be compromised for this to be possible (so if the NSA care about DNMs, yeah this is a risk).

Or you could just run whonix workstation and gateway as VMs, probably easier to configure. And then just secure erase and recreate the VMs after each use if you're that paranoid.

These guys have some excellent opsec guides. It would take a day or two to set up the 'anal-shit paranoid' level of opsec, but worth it if you want the peace of mind...


[1 Points] MLP_is_my_OPSEC:

I posted this in another thread, but here's what I use

Host OS (GNU/Linux -- Encrypted SSD & /home) > VPN > Guest OS (GNU/Linux -- Encrypted VDI & /home) > VPN > Tor (For DN shit)

PrivateInternetAccess with OpenVPN. This is not a good carding setup. It's important to make sure your DNS isn't leaking. If you're using a VPN this shouldn't happen, but it still can.


[1 Points] 0xb44d:

If you don't know how to setup a VPN then you shouldn't be using it. Don't take offense to that, but there really are no two simple steps that will make this magically work in a secure way. Chances are that in your attempt to VPN and then Tor you'll make things worse and expose yourself.

It also sounds like you're using the VPN for the wrong reasons. All a VPN does is shifts the point of subpoena from your ISP to a shady VPN provider - your ISP connection usually has a much larger burden of probable cause and is protected in a lot of juristictions from unreasonable search. Shitty VPN providers are not, and their admins will likely give you up via blackmail or simple LE requests (as Karpeles tried to give Ulbricht up to save himself)

that said, VPN protocols have their place and are useful. the use here is just synonymous with bad vpn providers and not setting it up properly to work with tor.