Delivery-Date: Fri, 30 Jan 2015 07:27:45 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID,UNPARSEABLE_RELAY,
	URIBL_BLOCKED autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id EB70E1E050F
	for <archiver@seul.org>; Fri, 30 Jan 2015 07:27:43 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 8ED1432AE2;
	Fri, 30 Jan 2015 12:27:38 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 84E4A32E5F
 for <tor-talk@lists.torproject.org>; Fri, 30 Jan 2015 12:27:34 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id ejE9OrpLsQRK for <tor-talk@lists.torproject.org>;
 Fri, 30 Jan 2015 12:27:34 +0000 (UTC)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 4D90632B09
 for <tor-talk@lists.torproject.org>; Fri, 30 Jan 2015 12:27:34 +0000 (UTC)
Received: from berryeater.riseup.net (berryeater-pn.riseup.net [10.0.1.120])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK))
 by mx1.riseup.net (Postfix) with ESMTPS id CCB39412AE
 for <tor-talk@lists.torproject.org>; Fri, 30 Jan 2015 12:27:30 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
 t=1422620850; bh=wTEQmPwZYIlCMMvLywL5GXNgOmCQ6DtRMN25fBIePb4=;
 h=Date:From:To:Subject:References:In-Reply-To:From;
 b=co8DBISb3sFzThHZhYzMFTSDOIfjz15QSID0oMjP1JarFotYFG7O/Ta5uq39Aivxg
 XrI8KEPyM6qTFFSdzh0eVllwhras/d1E+mChXK/75hMytKO6L9kzmkYxZwDgxAfyTw
 plf1gNQTSSx6WuCy6UZ6V2ocdG7z91BpIEVw4Qwc=
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (Authenticated sender: squeak) with ESMTPSA id E2A0740102
Message-ID: <54CB78AF.90100@riseup.net>
Date: Fri, 30 Jan 2015 12:27:27 +0000
From: Squeak <squeak@riseup.net>
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <54CB577A.9000100@riseup.net> <54CB59D5.5040300@riseup.net>
 <54CB5D63.5000108@techwang.com>
 <CABMkiz52u_5Txb1ROfZOGVAupP3=12X9_dFP0HXF-aTGP2MeMA@mail.gmail.com>
In-Reply-To: <CABMkiz52u_5Txb1ROfZOGVAupP3=12X9_dFP0HXF-aTGP2MeMA@mail.gmail.com>
X-Virus-Scanned: clamav-milter 0.98.5 at mx1
X-Virus-Status: Clean
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Subject: Re: [tor-talk] Tor -> VPN Clarification
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0434215271067100287=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============0434215271067100287==
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="7fmc9NKpU5Edfk0TjdDC1Os6RtH9wbkv2"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--7fmc9NKpU5Edfk0TjdDC1Os6RtH9wbkv2
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

Hi Guys,

Thanks for the prompt replies, they are really helpful.  The image you
posted Bill Berry was especially illuminating, thanks!

So VPN -> Tor is what I'm currently doing with Tunnelblick and TBB, but
could somebody detail how and with which programs you would achieve Tor
-> VPN please?    I'm having a little trouble visualising how that would
work.

A follow-up question about the Tunnelblick set up, if someone does
directly attack my connection and somehow manages to crack the VPN
encryption they are only going to see that I'm using Tor.  Is that correc=
t?

Thanks again!

Squeak

Ben Tasker:
> VPN + Tor may also be useful if you're on a connection where you defini=
tely
> don't want your local ISP (or perhaps someone else on/with access to th=
e
> same network) to see that you're using Tor.
>=20
> In this case, the ISP may not be a BT or a Verizon, but a hotel wireles=
s
> provider, employer, starbucks etc.
>=20
> In that instance, the local ISP might also object to a VPN, of course, =
but
> generally speaking a VPN (or an SSH tunnel) is generally seen as 'OK'.
>=20
> What you're doing there, though, is shifting the trust you'd normally h=
ave
> for your/an ISP to the VPN provider which may or may not prove wise in =
the
> long run.
>=20
> On Fri, Jan 30, 2015 at 10:30 AM, Bill Berry <bill@techwang.com> wrote:=

>=20
>> This image explains VPN + tor quite well;
>>
>> https://vigilantcanuck.files.wordpress.com/2015/01/vpn-tor.png
>>
>> IMO this setup is a pretty sensible idea given the recent de-anonymisa=
tion
>> attacks (e.g. CMU). If your Tor connection gets comprimised, all the F=
eds
>> have (hopefully) is your VPN IP.
>>
>> The best way to set this up is VPN at a router level (e.g.
>> http://wiki.hidemyass.com/OpenWRT_OpenVPN_Setup), then run Tails or To=
r
>> browser on your laptop.
>>
>>
>> On 30/01/15 10:15, Cyrus wrote:
>>
>>> Squeak:
>>>
>>>> Hello,
>>>>
>>>> Relative newbie here, and I was wondering if someone could help me w=
ith
>>>> something please. I keep seeing people describing connections to the=
 Tor
>>>> and is VPN connections in the following two ways:
>>>>
>>>> Tor -> VPN
>>>> VPN -> Tor
>>>>
>>>> So if I fire up Tunnelblick, connect to my VPN provider and then ope=
n
>>>> TBB which of the above does this describe?  And also, is there a
>>>> recommended way of connecting these two technologies?
>>>>
>>> You connect to Tor through the VPN in this case.
>>>
>>> PC <=3D> Internet <=3D> VPN server <=3D> Internet <=3D> Tor Network <=
=3D> Internet
>>>
>>>  Another thing I've noticed is in the Tunnelblick client that there i=
s an
>>>> option to connect to a Socks5 proxy, this suggests to me that I can =
send
>>>> the VPN connection through the Tor network.  But I am confused as to=
 why
>>>> one would want to do this, and what the benefits/disadvantages might=
 be?
>>>>
>>> If you don't want a log of your actual IP, doing this would be a
>>> benefit. Though if they already have logged where you are once as a
>>> customer, the point of this is moot. If you had a different account, =
you
>>> could then use the VPN anonymously.
>>>
>>>> Really appreciate any help you guys could give me!
>>>>
>>>> Squeak
>>>>
>>>>
>>>>
>>>>
>> --
>> --
>> High quality Shiba Inu at the right price! Quality dogs for over 15 ye=
ars!
>>
>>
>> --
>> tor-talk mailing list - tor-talk@lists.torproject.org
>> To unsubscribe or change other settings go to
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>>
>=20
>=20
>=20

--=20
Jabber: squeak@riseup.net
OTR: 870E5621 47EE1378 CEF24FC5 64D92F30 5801E7BF
Key ID: F15C63C08104AE96
Key Fingerprint: 86C6 6D30 31EE 741C A405  3C39 F15C 63C0 8104 AE96

--7fmc9NKpU5Edfk0TjdDC1Os6RtH9wbkv2
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJUy3ivAAoJEPFcY8CBBK6WVeUQAItLkVp3HBkINuUnSFUpKXa4
fGTOpIKnFKaKDlfikgY0L30p6kernW0fUP7JcZ64Ks0JyJdP4c95rBZWu8tGkqqN
xBqcKAwrl41RmqGNUr71WtaajcFwM5NTC21kVmMbECOhROzSfOkhs5t1mL6i3wZF
qaVN1gEQIMWb+BnNQyi2PlIJDZgtpTv7uaCqimlHRADlTyQQx+8u1SsHtHEdULuD
YccxqBMHx8ACB/Q/q9ycgiyJlS2pxt+9Q6zwi+VJUCcKlVt4HFE1jm5LoyCoQ6sG
AQ5zgPk+YthTnl8WbI1UN0aAc3mmd42qs2fQCrSCorDRlmGQZdGdvun/FjJTUqKR
CecQj8O/u+qeokPnr8ZoxFXzzZsscopnd1pSxwSGJaVaoOLgSnz+Wt31nxBc57Mr
XTj8KySqjUxqf2FAmP5mWPDGOQXz/UPS8CR2U1otGkcc/P0GR/e9q9Ja+ClOYqnM
1bjha8wTRxz5mLcJLSSHLnpDoxGyIn1Q+kmF8TGVXJfdDKCSNQwttDaTaPkxnqES
TVmWRmdP0e9bGRfQ1mA8m4k6yjZcvTg1ntZu9wwPnsbGTZ+fkajK9glpEbb5OLyt
U59vBOQPNcmZyCZts/fGj0NcjYrWzPyL8X1wzKOg7ZDdHUyiJBeTiaDahO4vnHCa
ZwQaJO7DwOIvaliQP9Gd
=vJc5
-----END PGP SIGNATURE-----

--7fmc9NKpU5Edfk0TjdDC1Os6RtH9wbkv2--

--===============0434215271067100287==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============0434215271067100287==--

