Delivery-Date: Fri, 30 Jan 2015 05:55:10 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID,UNPARSEABLE_RELAY,
	URIBL_BLOCKED autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 9E2191E0844
	for <archiver@seul.org>; Fri, 30 Jan 2015 05:55:08 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 577F6328D4;
	Fri, 30 Jan 2015 10:55:04 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id CDB0B32860
 for <tor-talk@lists.torproject.org>; Fri, 30 Jan 2015 10:55:00 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id JYnuRs-Ej57t for <tor-talk@lists.torproject.org>;
 Fri, 30 Jan 2015 10:55:00 +0000 (UTC)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id A3F852FFD3
 for <tor-talk@lists.torproject.org>; Fri, 30 Jan 2015 10:55:00 +0000 (UTC)
Received: from berryeater.riseup.net (berryeater-pn.riseup.net [10.0.1.120])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK))
 by mx1.riseup.net (Postfix) with ESMTPS id BF33241AAA
 for <tor-talk@lists.torproject.org>; Fri, 30 Jan 2015 10:54:57 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
 t=1422615297; bh=LAZBETvJ+QMmjn37oj7tltCYcbc21L0EzAUOVKsK2kU=;
 h=Date:From:To:Subject:References:In-Reply-To:From;
 b=nSWA7NYtGoH4v9PbsiJ+7UF5t4GSzNHJV11pEalQn/3jOFSPxVSbGgHcviPI5IfZC
 9PDIdpzPljWfewTp214mSFhfDt0j1ymElmvYHWHeCdbCk38ZtVbO59kBw3ib52FX1p
 IplC2vEiC8Letm0z2urhGYaet1bKkyBPAAJwlpRU=
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (Authenticated sender: mirimir) with ESMTPSA id EFD2E42D57
Message-ID: <54CB6310.1020008@riseup.net>
Date: Fri, 30 Jan 2015 03:55:12 -0700
From: Mirimir <mirimir@riseup.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <54CB577A.9000100@riseup.net>
In-Reply-To: <54CB577A.9000100@riseup.net>
X-Virus-Scanned: clamav-milter 0.98.5 at mx1
X-Virus-Status: Clean
Subject: Re: [tor-talk] Tor -> VPN  Clarification
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 01/30/2015 03:05 AM, Squeak wrote:
> Hello,
> 
> Relative newbie here, and I was wondering if someone could help me with
> something please. I keep seeing people describing connections to the Tor
> and is VPN connections in the following two ways:
> 
> Tor -> VPN
> VPN -> Tor
> 
> So if I fire up Tunnelblick, connect to my VPN provider and then open
> TBB which of the above does this describe?

That's "VPN -> Tor". Your Tor client reaches the entry guard through the
VPN provider's exit server.

> And also, is there a recommended way of connecting these two technologies?

There is none ;)

> Another thing I've noticed is in the Tunnelblick client that there is an
> option to connect to a Socks5 proxy, this suggests to me that I can send
> the VPN connection through the Tor network.

Yes. That uses the --socks-proxy option in OpenVPN.[0]

> But I am confused as to why one would want to do this, and what the
> benefits/disadvantages might be?

It's one way to access websites that reject connections from Tor exits.
Many VPN IPs are also blocked, but many aren't. More generally, websites
won't see that you're using Tor, which may be desirable. But a key
disadvantage is that the VPN connection prevents Tor from switching
circuits. So overall, there's probably less anonymity.

In order for this to be at all useful, there must be no observable
association between you and the VPN provider. You must pay for the VPN
with cash by mail, or via Tor with Bitcoins that have been _thoroughly_
anonymized via Tor. And you must never connect the VPN except through
Tor. Bottom line, you must never screw up!

There's also VPN -> Tor -> VPN. You can even add JonDonym to the mix.

> Really appreciate any help you guys could give me!
> 
> Squeak

[0]
http://openvpn.net/index.php/open-source/documentation/manuals/65-openvpn-20x-manpage.html

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

