Onion over VPN: All about it, and is it better for online privacy?

Clearly, people keep seeking better ways to improve their online privacy. There are many reasons for this, such as government surveillance, snoopy ISPs, and hackers stealing data. The Tor network is one of the best options if you want to keep your browsing activities private. But, unfortunately, it provides only a single anonymity layer, which can expose some of your traffic, especially at exit nodes.

If used with Onion (Tor), a Virtual Private Network (VPN) will add an encryption layer to your Tor connection and keep your entire traffic completely anonymous. So, the Tor VPN combination is a dynamic duo that will strengthen your online security and privacy.

In this guide, we’ll give you a detailed explanation of Onion over VPN, the best VPNs for Tor, how Onion over VPN works, and more.

What is Onion over VPN

We will have to look at how the different components involved function separately so as to illustrate how Onion over VPN works. Let’s look at each briefly first and then we’ll cover the duo.

What is a VPN?

Standing for a Virtual Private Network, a VPN is a technology that passes your web traffic through intermediary servers. It encrypts the connection between your device and the server, making it impossible to intercept your information. Also, the VPN will disguise your actual IP address when you connect to the server.

There are two primary ways you can get a VPN. First, you can create a VPN server, which is a time-consuming and complicated process. On the other hand, you can purchase a subscription from a VPN service provider. The latter option comes with an extensive server network allowing you to connect to any country you want. So, for example, you can be in the UK and connect to a server in the US. This will make you seem like you’re within the country, yet you are not.

What is Tor?

Tor is the short name for The Onion Router, meaning either the Tor browser or the Tor networking system. The system is open-source, and anyone can join for anonymous communication. It functions by routing and encrypting internet traffic through multiple users’ computers. 

A singular re-routing point is called a relay or node, and it receives and forwards the data. By default, the Tor network has three relays or more between your device and the final point. This will help to encrypt your data and conceal your IP address behind several layers.

Onion over VPN explained

Onion over VPN brings together the encryption of a VPN and the anonymity of the Tor network. Hence, it adds intermediaries between your device and the server you are contacting.

First, the VPN will encrypt your connection and mask your real IP address when you connect to a server. Second, the request is routed through at least three Tor relays before reaching the destination. As a result, it becomes impossible for anyone to trace the connection back to the source.

Related read: VPN vs. Tor detailed comparison

How to set up Onion over VPN?

It is straightforward to use Onion over VPN. All you need is a Tor browser and VPN service. A tool like Tortilla can come in handy if you want to route your entire traffic through Tor. First, however, you will still need to use the Tor browser. The following steps will help you do it. 

1. Register for a VPN service. Choose a provider that has a strict no-logs policy and buy a subscription with an anonymous method. The idea is to leave as few bits of your identifiable data as possible. Our number one recommendation is NordVPN.
2. Download and install the software on your device. Then, find a server with the highest speed and connect.
3. Download and install the Tor browser. Then, open the browser and connect to the Tor network.

Once you are done with completing the above provided three steps, your traffic will be protected by two encryption sources: the Tor browser and the VPN. Note that this would apply to your entire traffic if you use a tool like Tortilla. Also, remember that the configuration involves many intermediary servers, so your connection speed to reduce significantly. Therefore, you should stick with a VPN for everyday use and add the Tor browser for sensitive activities.

Best VPNs for Tor today

Below are the top three VPN services with built-in Onion over VPN features. They will be invaluable allies if you want to access the dark web safely. In fact, all of them have integrated their apps with the Onion over VPN functionality, making the setup effortless.

1. NordVPN

Key features:

• 5,149 servers in 60 countries
• SmartPlay feature
• AES 256-bit encryption
• CyberSec adblocker
• Perfect forward secrecy
• 30-days money-back guarantee
• Compatible with Tor Browser, Windows, Android, macOS, IOS, Linux, Firefox, Chrome, RaspberryPi, and routers

NordVPN is a well-established VPN and offers high-quality services. It provides state-of-the-art security and privacy features that will come in handy when combined with the Tor network. In addition, it has consistent speeds and an affordable long-term plan if you are on a budget. 

We have featured the VPN on this list because of the inbuilt Onion over the VPN setup. In fact, it offers specially dedicated servers for Onion over VPN for a seamless connection.

NordVPN employs AES 256-bit encryption technology alongside SHA2-384 authentication and a 2048-bit DH key to safeguard your connections. In addition, it has perfect forward secrecy to alter the authentication key every time you launch the VPN. As a result, your current session will remain completely anonymous and not related to your previous activities.

Additionally, the double VPN feature will improve your security by routing your connection through two servers in different locations. Hence, no one can trace your activities because there isn’t a single line of traffic.

The automatic kill switch is another way to keep you secure all the time. It will stop web traffic from leaving the encrypted tunnel if the VPN connection drops to prevent leakage. In addition, the DNS/IPv6 leak protection will stop DNS requests and the IP address from getting exposed.

NordVPN supports Windows and other major operating systems like Android, macOS, iOS, Linux, Firefox, Chrome, and routers. Fortunately, you can connect up to 6 simultaneous devices.

Adding the Tor network will significantly slow down your internet connection. However, there is nothing to worry about as NordVPN provides blazing-fast speeds for torrenting, streaming, and gaming tasks.

Pros:

• Special Onion over Tor servers
• Robust privacy and security
• Strict no-logs policy

Cons:

• Awkward interface

2. Surfshark

Key features:

• 3,200+ servers in 65 countries
• MultiHop mode
• AES 256-bit encryption
• CleanWeb adblocker
• DNS/IP leak protection
• 30-days money-back guarantee

Surfshark is a budget-friendly VPN that you can combine with the Tor Browser to improve your online privacy. Luckily, it supports VPN over Tor configuration. This means that you will first have to install the VPN and then connect to the Tor network.

This VPN uses multiple high-end security and privacy features to keep you safe. First, it will secure your data with AES 256-bit encryption, a military-grade technology. Second, the VPN has MultiHop mode to route your traffic through multiple servers for additional protection.

Furthermore, the automatic kill switch will discontinue your traffic flow if the VPN connection breaks to stop data leakage. In addition, it provides Shadowsocks, OpenVPN, and IKEv2 protocols for reliable connections.

Surfshark has a camouflage mode that will enable you to use the Tor Browser in heavily censored countries like China. The feature will disguise your VPN traffic and make it look normal even under deep packet inspection (DPI). As a result, you will be able to access the internet anonymously.

The VPN has excellent unblocking capabilities and will bypass almost every geo-restriction. For example, I unblocked Netflix US and other popular streaming services like Disney+, Sky Go, Hulu, HBO, etc. Fortunately, the built-in CleanWeb suite will block all intrusive ads so you can have a smooth streaming experience. 

Surfshark provides dedicated apps for Android, macOS, Windows, iOS, Linux, Chrome, Firefox, and routers. Thankfully, it supports unlimited simultaneous connections, which allows you to use the Tor Browser on as many devices as you want.

Pros:

• Fast speed connections
• It doesn’t limit the number of devices
• Unblocks popular streaming services

Cons:

• Slow connections on some servers

3. ExpressVPN

Key features:

• 3,000+ servers in 94 countries
• AES 256-bit encryption
• Zero-logs policy
• TrustedServer technology
• Secure protocols
• Compatible with macOS, Windows, iOS, Tor Browser, Android, Linux, and routers

ExpressVPN is another reliable VPN option for Tor Browser. In fact, the provider recently introduced a .onion site for improved anonymity. In addition, it supports Tor over VPN setup, which will eliminate exit nodes tracking.

Like the previous VPNs, ExpressVPN also has incredible unblocking capabilities. We successfully bypassed the restrictions of BBC iPlayer and other popular services like ESPN, Netflix, Hulu, etc.

The VPN uses AES 256-bit encryption combined with 4096-bit RSA key, SHA-512 HMAC authentication, and 256-bit cipher to protect your connections. This is one of the best security combinations that is almost impossible to break.

Moreover, the perfect forward secrecy is a robust feature to maintain your anonymity online. It will assign you a new authentication key every time you start a session, erasing data from your previous sessions.

In addition, it allows you to customize the tunneling protocol so you can get the best reliable connection. For example, OpenVPN UDP is the default protocol, but you can also change to OpenVPN TCP, PPTP, and L2TP/IPsec.

The Network Lock (kill switch) helps protect your traffic even when the VPN stops working. Also, the DNS/IPv6 leak protection assures your privacy by preventing your DNS request and IP from leaking.

ExpressVPN has apps for almost all operating systems, including macOS, Android, Windows, Linux, and iOS. Fortunately, you can connect up to 5 devices simultaneously. In addition, there is an option to install it on your router if you want to add more devices.

Pros:

• Reliable and fast servers
• Support Onion over VPN
• Strong encryption protocol

Cons:

• Lacks kill switch for iOS

Is Onion over VPN safe?

Vulnerabilities in such a configuration can be attributed to the parties involved: either the Onion network or the VPN.

When it comes to VPNs, some are more reliable than others. For example, you have to choose a no-logs service to be on the safe side. Unfortunately, some providers claim not to retain logs just to lure in more users. So, check out for third-party audits by reputable firms and records of refusal to hand over data to authorities. One of the impending threats to your privacy is a VPN that keeps logs.

On the other hand, the biggest shortcoming of the Onion network is that anyone can create a Tor node. This means that malicious actors can use rogue nodes to spy on your activities.

Therefore, your privacy will be based on two separate entities when you use a VPN together with Onion. The advantage is that the chain is longer if there is a point of failure or any other risk. For example, the VPN will encrypt the traffic the Tor network cannot protect like the ICMP. Conversely, your internet service provider (ISP) can tell when you are using Tor. However, a VPN will make this impossible.

Is a VPN for Tor necessary?

The Tor Browser and VPN combination provide you with adequate privacy and security to safeguard your data and web traffic.

A standalone Tor Browser will anonymize your connections, but it’s easy to intercept the traffic at the entry and exit nodes. However, a VPN will seal all the gaps and keep you totally invisible with military-grade encryption.

The Tor browser is great for privacy but only protects the traffic by passing it through several nodes. As a result, any sites and apps outside the network can be easily exposed. This is why you need to add a VPN. It uses advanced encryption to offer robust security and anonymity, regardless of whatever you are doing online. 

Pros and cons of using Onion over Tor

These are some of the advantages of Onion over VPN:

• Makes it easy to access dark web .onion sites securely and anonymously
• Prevents your ISP from seeing that you are using VPN 
• Stops the VPN provider from seeing your traffic or the websites you visit
• Let you surf the internet anonymously and securely
• Flexibility to use a VPN with a normal browser for non-critical errands
• Thwarts the Tor exit node from seeing your actual IP address but only that of the VPN server

At the same time, there are some cons of Onion over VPN:

• The VPN provider can see your real IP address and that you are using the Tor network
• Apps and websites you visit can see your traffic emerging from a Tor exit node. In fact, they can block your connection or stop working altogether
• Compromised Tor exit nodes can potentially expose your data
• The combination of Tor and the VPN will significantly slow down your connection

Double VPN vs. Onion over VPN

Remember that the Onion over VPN configuration isn’t the only solution if you want to increase your online anonymity. There is also an option to use several VPNs simultaneously. As a result, your connection will be passed through multiple servers, and your traffic will be encrypted twice.

Fortunately, different VPNs have integrated this feature on their apps but name it differently. Some of the common names include double VPN, multi-hop, nested VPN, etc.

Moreover, you can try to set up the connection manually with two different VPN services. The problem is that there might be software compatibility issues. For example, the Windows operating system is susceptible to TAP driver errors. In addition, you may also need to pay for two different subscriptions.

Should I use Tor bridges instead of a VPN?

There is an option to connect through Tor bridges when using the Tor network. Although bridges function similarly to relays, the benefit is that bridges are not public and aren’t included in the main Tor directory. Unfortunately, it is tough to find them. Luckily, you can create them, but it’s complicated.

These bridges can improve your browsing experience significantly. Thankfully, they exist in different variants. For example, obfuscated Tor bridges will come in handy when accessing geo-blocked content in a country with heavy internet censorship like China and UAE to name a couple. Most probably, your internet service provider (ISP) won’t block private Tor bridges.

Onion over VPN vs. VPN over Onion

Besides Onion over VPN, there is also VPN over Onion. This configuration is not the same where the VPN starts and Tor follows. The setup may look similar at first glance, but it has different pros and cons and serves different purposes. Also, setting it up is a bit challenging and beyond the extent of this article. However, we will compare it with Onion over Tor.

• Your ISP can see your Tor connection but not the VPN
• Your VPN provider can track the sites you visit and even your data
• You cannot visit dark web .onion sites but only clear websites
• You can access apps and websites that block Tor connections
• Reduce susceptibility of compromised exit nodes
• You will need the VPN provider’s help to set up the configuration
• Eliminates packet discrimination by Tor exit nodes
• Tor entry nodes will see your real IP address

As you can see above, Onion over VPN provides more utility and is easier to set up than VPN over Tor. However, both options have their places. 

To whom does Onion over VPN use suit best?

The Onion over VPN setup can help a wide variety of people due to the enhanced security and simplicity it offers. These are some of the people that can benefit from Onion over VPN and why.

People with sensitive data

With the Onion over VPN setup, your ISP can see that you are using the configuration but not your activities. This is because the VPN will secure your connection and prevent any third party from tracking what you are doing online. Therefore, you will get complete privacy and confidentiality to wander the internet freely.

Residents and travelers in countries with autocratic governments

The Onion over VPN setup is effortless to operate. A single click will route your traffic through the Tor network. Fortunately, several VPN providers have integrated the onion network with their software. For instance, NordVPN offers this feature. The configuration will improve your online security and privacy such that the government authorities cannot monitor your activities.

Journalists, whistleblowers, and political activists

A VPN will encrypt your traffic and pass it through an encrypted tunnel, while the Tor network will improve your anonymity. This will enable you to browse anything on the internet privately and securely.

Conclusion

Using either the VPN or the Tor browser as a standalone service has advantages and downsides. Both options will encrypt your web traffic, but they cannot offer complete anonymity because of the way they function.

The best solution is to combine forces and use Tor together with the VPN. Besides getting double encryption, the combination will solve inherent privacy issues. NordVPN is our top recommendation because of the dedicated Onion over VPN feature, strong encryption, and blazing-fast speeds.

FAQs