Route internet traffic through multiple VPN's?

So, I’m not really that paranoid that I actually need my internet traffic routed through multiple countries but I’m curious of how that would work. Right now I’m using cyberghost vpn, which reasonable secure but I can’t find any options to route through multiple servers (I’m using Ubuntu gnome).

think about it.

if you want to be more secure, you need your own botnet that you can use route your internet traffic through like internal network you have full control over it.

Do you plan on doing this on a port by port basis or a domain by domain basis?

I was planing on routing my internet traffic indiscriminately through two servers. Right know I'm running through a dutch server. I would want to route through the dutch server then say route that traffic through a Romanian server and then to the target address.

You will need a middle man connection for the second route a cheap local VPS would work for that.

if you had an in between system you could do it quite easily. So main system points at Romania then the second one that acts purely as a pass through routes to the Netherlands.

Why do I need that? I'm guessing it's not possible to connect the first server to the second server directly.

I assume you mean you want to connect to a VPN server inside another VPN like an internet turducken? Should be easy enough. If your VPN provider allows you to have multiple simultaneous connections you would just need to run one instance per connection. So established the first one then connect the second one through the first and so on.

You'll probably need to configure openvpn manually rather than using the provided client as it may not let you run multiple instances. And you may run in to problems as I've had issues with my VPN connections accidentally running inside another and having weird connectivity issues.

You may also need to manually configure static routes to make it all work.

you will need some form of routing in between the VPN servers. Unless you know a DNS that will do this for you you will have to control the middle connection.

I may be wrong so @DeusQain may correct me on this.

I'm not using the client anyway, I set it up manually.

Ah, good idea. The middle connection wouldn't be nessary then. But having a middle connection would help obfuscate it better though.

Well you should be able to set the first client to connect to server A and then have the second client connect to server B through server A. It should work as they will both redirect the default gateway, so the second connection will use the first VPN's gateway and then the rest of your traffic will use the second's.

EDIT: There are probably more elegant ways of doing it by configuring routes manually rather than relying on the default gateways overriding each other but it should work.

1 Like

It would be a lot more efficient to have the first server connect to the second rather than connecting to the second through the first as all the layers of VPN overhead will add up, but it will have the same effect. whether that effect is worth the trouble, probably not.

1 Like

My VPN provider doesn't allow multiple connections, I would need to upgrade. Maybe I'll find a free one somewhere else and route through that first.

I'm wondering about something else as well. When I connect to a VPN server, all the traffic is encrypted. And usually you encrypt data by using a key and decrypt using a cipher. But how does my computer know how to decrypt the data it gets? I mean I would assume that the cipher is exchanged before hand in order to decrypt everything, but the transferred cipher can't be sent securely because you don't have the cipher yet. But wouldn't that mean that if somebody accesses your connection from the start that thhis person could simply intercept the cipher?

It used asymmetric key exchange the same as ssl. So you ask the server for its public key, then generate a random session key which you encrypt with the public key and send back. Then the server decrypts your key and you both use it to encrypt the VPN data. So no keys are exchanged in plain text.

What wonders me is this, since public keys are accessible to everyone and not exactly secret couldn't somebody just intercept the key you send and decrypt the key using the public key cipher?

Nope. It's a type of asymmetric encryption. That means that you have one key to encrypt and another to decrypt. So when you want to establish an encrypted connection to a server the server will send it's public key to you. This key is public so it doesn't need to be kept secret. It can be verified by checking that it's been signed by a certificate authority that you trust, if it's been signed then you know that it is genuine and hasn't been modified since being signed (this works by using hashing and the same sort of public key encryption). You then use the public key to encrypt a random session key which you send back to the server. The server decrypts that message using it's private key, only the server has the private key so no one else can decrypt the message, even if they have the public key. The session key is then used to encrypt all future traffic using AES or whatever pre-shared key type cipher the server uses.

Ah okay, that makes sense. I only knew about very simplistic keys, with which you can basically extrapolate if you have the encryption key how to decrypt it.

Thank you