AB9IL.net

Using Multihop VPNs

Disclosure: AB9IL.net is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program such that this site earns advertising fees by linking to Amazon.com. If you make a qualifying purchase after clicking a link on this website, the associate affiliated with this site may earn a comission at no cost to you.


#Advert: Unleash your powers with a Razer laptop.

New Features: Global Quick Tune Internet SDR List Improve Your Radio Knowledge at "YouTube SDR School"
Article Index --- click here to unfold ---
Newest Pages NEW: Trumpists Kicking the Hornets Nest
NEW: Introduction to Catbird Linux
NEW: Skywave Linux Updated to ver 4.1
NEW: i3wm: Using i3-ipc to Float Windows
How to Record from WebSDR and OpenWebRX Sites
Programmatic RTL-SDR Frequency Claibration
Public KiwiSDR Lists
Malaysia Airlines Flight MH17: Simply Mass Murder
The Anonymous Cathay Pacific Employee Letter to Hong Kong
For For Cathay Crews Crossing Borders With Electronics
Photo Gallery 9: The New Life Movement in China, 1944
E Pluribus Unum: From Many, One, Dammit
HFGCS Quick Tune SDR List
The Robert Mueller Iron Triangle Speech
A Rant About One Party Rule
Best OpenWebRX and WebSDR Servers
SDR School via YouTube
ADALM-PlutoSDR on Linux Systems
MOFO Linux: Defeating State Censorship and Surveillance
Linux: Distros, Code, and Nifty Software NEW: Introduction to Catbird Linux
NEW: Skywave Linux Updated to ver 4.1
NEW: i3wm: Using i3-ipc to Float Windows
Skywave Linux: HPSDR, WebSDR, and RTL-SDR ready to run.
Siduction Linux with the Cinnamon Desktop
Siduction Linux with the LXQT Desktop
Andy's Ham Radio Linux 15 and QtRadio
Booting Multiple Linux Disc Images with Grub2
Porteus Linux Hard Drive Installation
UPDATED: MOFO Linux - For Unrestricted Internet
Aptosid with LXDE
Asus EeePC 1215N with Linux
Autostart Tweaks for KDE3 and KDE4
Broadband Speed Tweaks For Linux
Fixing the Firefox 3 Rendering Bug
Linux on Solid State Drives
Linux Wireless Interface Driver Updates
Setting Polkit to Automount USB Devices
Sidux with LXDE
Fixing Skype Inverted Video
SLAX Remix - kernel upgrades
Flash Drive Linux - Introduction
Flash Drive Knoppix 5.3 - Part 1
Flash Drive Knoppix 5.3 - Part 2
Flash Drive Knoppix 6.0 - Part 1
Flash Drive Knoppix 6.0 - Part 2
Flash Drive SLAX - Part 1
Flash Drive SLAX - Part 2
Flash Drive Bluewhite64 - Part 1
Flash Drive Bluewhite64 - Part 2
Flash Drive Linux - Basic Customization
SLAX Customization - Part 1
SLAX Customization - Part 2
Bluewhite64 Customization - Part 1
Bluewhite64 Customization - Part 2
Long Range Wi-Fi Basics of Long Range Wireless Networking
Linear Focus Parabolic Wi Fi Antenna
High Gain Wi Fi Dish Antenna
High Gain Helical Wi Fi Antenna
High Gain Yagi Wi Fi Antenna
High Power Wireless Adapters
Wi Fi Extender Antenna for Routers
Belkin F5D7050 External Wi Fi Antenna
Linksys WUSB54GC External Antenna Mod
Compat Wireless Linux Drivers
Installing WPA_Supplicant for Wi-Fi Security
Linux Wireless Interface Driver Updates
Linux Wireless Interface Driver Support
NetworkManager and Consolekit
RT73 Wireless Drivers for Linux Kernel 2.6.27+
RT2860 Wireless Drivers for Linux Kernel 2.6.27+
Radio: Amateur Radio, Aero Radio, Shortwave, etc NEW: Programmatic RTL-SDR Frequency Claibration
NEW: Public KiwiSDR Lists
NEW: GHFS Quick Tune SDR List
UPDATED: Best OpenWebRX and WebSDR Servers
UPDATED: Skywave Linux: HPSDR, WebSDR, and RTL-SDR ready to run.
CubicSDR on Debian, Ubuntu, and Linux Mint
Dump1090 for Linux Mint 17.1 and Siduction 2014.1
Software Defined Radio - An Introduction
QS1R Direct Sampling SDR
Chaining SDR Audio Interfaces
FLEX-6000 Direct Sampling SDR
UPDATED: RTL2832 Software Defined Radio
WebSDR Digimode Reception
Enabling FLASH in Jack Audio
Realtime Software Audio Processing
Liberation Technology MOFO Linux - For Unrestricted Internet
Veracrypt Encryption for Linux
Veracrypt Encryption for Windows
Using Google Within China
Popcorn Time and Flixtor for Uncensored Streaming Media
DNS Encryption using DNSCrypt
Galaxy Nexus Privacy and Robustness Enhancements
Galaxy SIII Privacy and Robustness Enhancements
Flash Drive Encryption for Linux
Flash Drive Encryption for Windows
Multihop VPN Connections for Strong Internet Privacy
Open and Free DNS Server List
OpenVPN Cloaking against Deep Packet Inspection The Serval Mesh Phone Project
Skype's Robust Security
Man in the Middle Wireless Security Risks
Wireless Security and Surveillance
Digital Audio Adjusting Audio Dynamics in VLC
Backing Track Prep Guide
Ipod Music Processing Guide
How To Record Record Live Music Performances
Realtime Software Audio Processing
Chaining SDR Audio Interfaces
Aerospace Radio, Aviation, Pontification, and Opinion NEW: Trumpists Kicking the Hornets Nest
NEW: The Anonymous Cathay Pacific Employee Letter to Hong Kong
NEW: For For Cathay Crews Crossing Borders With Electronics
NEW: E Pluribus Unum: From Many, One, Dammit
NEW: HFGCS Quick Tune SDR List
NEW: The Robert Mueller Iron Triangle Speech
NEW: A Rant About One Party Rule
Captains Authority Versus Autocratic Airline Management
Malaysia Airlines Flight MH17: Simply Mass Murder
Malaysia Airlines Flight MH370 - A Media Circus
High Gain Air Band Antennas
Apollo Unified S Band Communications
Chinese Anti-Stealth VHF Radar
Oceanic Communications - Procedures, Equipment, Voice and HFDL
Boeing 737NG Radio Equipment
Boeing 767 Radio Equipment
NAOC-TACAMO Monitoring
My Flight on 9/11
Joshua Chamberlain's Leadership Tips
Special Operations Forces Truths
TWA 800: Just Give Me Some Truth
Photo Gallery Aviation Photo Gallery 1: Snapshots From My Journeys
Aviation Photo Gallery 2: On the Road With ATA Airlines
Aviation Photo Gallery 3: More ATA Airlines
Aviation Photo Gallery 4: Southwest Airlines is the Borg Empire
Aviation Photo Gallery 5: Starting Over, Moving On...
Aviation Photo Gallery 6: More Viva Macau
Aviation Photo Gallery 7: Mainland China Airline Flying
Aviation Photo Gallery 8: Chinese Smog and Fog
NEW: Photo Gallery 9: The New Life Movement in China, 1944
Broadcasting BBC Radio Blooper - Adolf Merckle
TV DXing the World Trade Center
New York TV after 9/11
Live Music Recording Adjusting Audio Dynamics in VLC
Backing Track Prep Guide
Ipod Music Processing Guide
How To Record Record Live Music Performances
Radio Poetry and Arts In Distress, by David Wagoner
Just A Radio Operator, by Robert A. Wallace
Radio Circuit Modifications ATS-909 Modifications
ATS-909 Manuals
ATS-909 Alignment Procedure
ATS-909 Alignment Spectrograms
Very Low Frequency (VLF) Radio Internet Based VLF Radio Listening
Windows Tips Windows Performance Enhancement Tips
A Faster Windows 7
Windows 7 SSD Setup

Virtual Private Networking (VPN) services, with SSL encryption, offer the internet user an effective way to overcome censorship, surveillance, and access restrictions imposed by oppressive governments or institutions. VPNs in effect provide an encrypted connection between the end user and a distant server which serves as an internet access point. Specifically, the user's IP address appears to be the remote server's location, and any attempts to trace the end user lead to the VPN server. With a typical 128 bit key, data flowing between the user and remote VPN server is encrypted so well that an adversary monitoring the connection will need years of multi-million dollar computing time before the key can be broken by a brute-force attack.

Some VPN users have expressed concern that 128 bit SSL securty is not strong enough, or that their VPN provider does not offer enough flexibility for use of 256 bit SSL gateways. Still others want to use a trusted provider with more layers of encryption to foil surveillance efforts of dictatorial governments, organized crime organizations, or foreign governments with physical access to the VPN servers. One "do it yourself" solution which is effective yet inexpensive is to use multiple VPNs within Virtual Machines. Another solution is to use a "multihop VPN" service.


Multihop VPN protection for anonymity, privacy, and unrestricted internet access.

Services such as iVPN offer instant, inexpensive, multi hop VPN services.

Multihop VPN services are easiest for most persons needing anonymity and security on the internet. All one needs is a single VPN service account and the client software. Connect to a provider's servers and they do all of the multihop routing! Though the user connects to one server, perhaps in the USA, the data exits the VPN at another server, perhaps in the Netherlands. Such services are easy, transparent, and seamless for the end user.

#Advert: Supercharge your computing on systems and parts from Prostar


Multihop VPN protection for anonymity, privacy, and unrestricted internet access.

Using a virtual machine for handling sensitive data, with multiple layers of VPN protection.


Multiple VPNs within Virtual Machines means the user of a computer has a VPN service for the main operating system (Linux, Mac, or Windows), and has one or more virtual machines (each with a VPN service) nested within each other as a "box within a box within a box." For example, A journalist may, for example, use a laptop with Ubuntu installed as the main system (using OpenVPN), and use a Virtualbox set up with Aptosid (with its own OpenVPN software). The Ubuntu system can connect to the internet through a free service such as AirVPN while the Aptosid virtual machine uses a Witopia VPN account for security.

How are the VPN layers arranged? Somewhat like an onion - layers inside of layers. The innermost machine has a secure SSL VPN connection that is further encrypted by the main operating system's SSL VPN. The journalist does all of his internet work on the virtual machine with the benefit of two VPNs (one tunnel inside the other) protecting his data and identity. Any number of virtual machines, each with a unique VPN account, can be nested inside one another.As for his IP address, it is the IP address of the VPN gateway on the innermost virtual machine.

Do-it-yourself Multihop VPN Setup:

  1. Install a VPN service on your computer. OpenVPN works well, and works with popular VPNs such as AirVPN, VPNsteel, and Witopia.
  2. Install Windows or Linux as a virtualized system. Virtualbox, VMware, or Fusion are popular software packages for this.
  3. In the virtual machine, install another VPN client.
  4. Connect each VPN client to different gateways.

In practice, the process of making all of the connections is a bit slow. First, boot the main system. Then start the first virtual machine. If nested virtual machines are used, start each one. After all of the virtual machines are started, go to the main system and connect the outermost VPN layer. Then go to the virtual machine and connect the next deeper layer of VPN protection. For each successive VM, connect its VPN. The innermost layer is the last one to connect, and represents the user's exit point to the outside world.

There are some factors to consider that mitigate the desirability of using nested VPNs to increase security and anonymity on the internet. Using multiple VPNs can be a slow process. The more layers used, the slower will be the connection! For most situations, more than two VPN layers will not be necessary. Services like Hulu and Youtube may work through two VPNs, but will be agonizingly slow through more. VPN connections can be fragile, and three or more nested VPNs may break often enough to interfere with VOIP conversations, downloads, or streaming media. In the final analysis, a trustworthy VPN with 256 bit SSL encryption may be worth the price for all but the most financially distressed internet user.

Don't forget to be meticulous about other areas of communications and data security. Hardware and storage media should be well protected physically in addition to having strong encryption for sensitive data. Likewise, the number people handling sensitive information should be limited. Many a group with high tech encrypted hardware has been compromised by one person's carelessness, followed by the adversary's use of violent interrogation methods. Limiting data access to people with a "need to know" limits the odds of data being given up to interrogators. It is possible for an adversary to detect and interrupt the presence of a VPN connection, and block the ports it uses, but breaking the encryption is nearly impossible.

Recently, the People's Republic of China has set its "Great Firewall" to block VPN traffic using ports 1194 and 443. Witopia and other VPN services were temporarily impaired, but recovered by using other ports and IP addresses. Such is the truth of the fight. Governments that truly serve their citizens have nothing to fear from the free flow of information, while the corrupt, incompetent, or obsolete have everything to fear - and can only delay their ultimate demise with cyber war on VPN services.

Computer users with limited resources can make effective use of modern VPN and virtualization software to build secure and anonymous channels for access to the internet. Surveillance and censorship methods used by repressive governments and institutions can be defeated with nested VPN connections, allowing unfettered two way access anywhere in the world. To a limited degree, governments can interrupt such communication - none have the ability to simply decrypt data sent through a nested VPN tunnel. To use your VPN most effectively, consider these 10 tips for VPN users.



Tags: encryption, vpn, multi hop vpn, two hop vpn

©2005 - 2020 AB9IL, All Rights Reserved.
About, Contact, Privacy Policy and Affiliate Disclosure, XML Sitemap.