The term “Onion over VPN” refers to a configuration in which both a VPN and Tor are utilized concurrently. Also known as Tor over VPN, this configuration provides many security and privacy benefits over utilizing either of the two technologies alone.
To configure an Onion over VPN, just three things are required:
- Access to the internet.
- A virtual private network.
- Tor Browser or another connection method to the Tor network.
Below, we’ll discuss the pros, drawbacks, topologies, and alternatives to Onion over VPN. However, if you’re looking for faster instructions, here’s how to configure Onion over VPN:
- Connect to your VPN by opening the app. NordVPN is recommended.
- After establishing a VPN connection, launch the Tor Browser.
That is all. Really? You may now benefit from both Tor and a VPN’s combined anonymity, security, and privacy.
Why would you choose Onion over a VPN? Advantages and disadvantages
The Onion over VPN configuration has many advantages:
- Your ISP will see that you are using a VPN but will not notice that you are using Tor.
- Your VPN is unable to monitor the websites you visit or the content of your connection.
- You may browse both the dark web .onion sites and the white web .onion sites.
- You may browse the clear web anonymously.
- The Tor entry node does not have access to your actual IP address; it only has access to the VPN server’s.
- You get the freedom to use a VPN in isolation from a standard browser for non-critical activities.
However, there are certain disadvantages:
- Websites and applications may detect when you access them through a Tor exit node. As a consequence, certain websites may ban you or cease to operate properly.
- Your VPN server may be able to see your true IP address and is aware that you are using Tor.
- You risk exposing data to hacked Tor exit nodes.
- Combining a VPN with Tor severely slows down your connection.
Onion over VPN encryption and traffic flow
When you use Tor over VPN, the following is the outbound internet data flow:
- The VPN encrypts data.
- Tor encrypts the data once again.
- The VPN server receives the data.
- Although the VPN decrypts the data, Tor continues to encrypt it.
- The Tor network is used to transmit data.
What happens next is determined by whether you’re on the dark web or the open web. When you access a .onion site on the dark web, your data is encrypted upon arrival. When you browse the clear web, data is encrypted and sent to the website through a Tor exit node.
Inbound traffic is routed as follows:
- Data is sent from a website, an application, or a service.
- Tor secures the data.
- The data is transmitted to the VPN server through the Tor network.
- The VPN then encrypts the data once again.
- The VPN server transmits the twice-encrypted data to the end user device.
- Tor decrypts the information.
- VPN re-encrypts the data.
VPNs with built-in support for Onion over VPN
A few VPNs provide built-in support for Onion over VPN, which eliminates the requirement for the Tor browser. Simply connect to a Tor over VPN server and you’re set.
Several VPN providers provide onion over VPN servers, including the following:
- NordVPN (our top recommendation)
Take note, however, that such a function has both advantages and disadvantages.
On the positive side, Tor now supports any program, not just the Tor browser. Configuring separate apps to utilize Tor may be cumbersome, so having it integrated within the VPN is unquestionably handy.
On the negative side, your VPN provider may theoretically examine your traffic before it being encrypted by the Tor network. Choose one that adheres to a “no logs” policy. Additionally, you lose access to Tor’s other advantages, such as scripting and tracker blocking. Even if you use a standard browser, websites may still be able to identify you through stored cookies and other identifiers.
Using an Onion over a VPN vs. using a VPN over an Onion
VPN over onion is an alternative to Onion over VPN. It reverses the flow order by switching between Tor and the VPN. Although it may seem identical at first sight, it often serves a completely different function and has distinct advantages and disadvantages. Configuring a VPN over onion is more complicated and outside the scope of this post, but we’ll compare it to onion over VPN:
- Your ISP will be able to see that you are using Tor, but not the VPN.
- You may only access clear websites; you may not access dark web .onion sites.
- Your VPN provider has access to your data and the websites you visit.
- You may access websites and applications that are usually inaccessible through Tor exit nodes.
- Less prone to compromise via compromised exit nodes.
- Tor exit nodes make no packet discrimination.
- Setup requires help from a VPN provider.
- Your actual IP address is visible to Tor entry nodes.
While onion over VPN is often simpler to set up and more useful than VPN over Tor, both have their place.