Is this vpn setup stupid?

Hello,

I have looked at a lot of threads regarding a vpn setup, but because i still have no idea what the hell i should/need to do i wanted to do this setup. (And hopefully have a secure/leak proof setup)

VM

---->

VPN-Mullvad-GUI (Mullvad + Wireguard on Qubes-OS - #6 by turkja)

----->

PROXY-VM (GitHub - tasket/Qubes-vpn-support: VPN configuration in Qubes OS)

----->

PROXY-VM (micahflee com/2019/11/using-mullvad-in-qubes/)

---->

Firewall-VM

------->

NET-VM

Is this setup really really stupid but still works good? Or am i making everything worse?

help

I’d go for Qubes-vpn-support if I didn’t need to easily and quickly change the used VPN server or mullvad gui if I need it.
Also do you have 3 chained proxy-vm using the same VPN provider? I’d say that it’s useless and won’t increase your anonymity.

Yeah all three are mullvad. I just want to make sure nothing leaks even if one fails. (bc no idea how any of that works). And i thought multihop makes it harder to trace back traffic?

All those discussions I have read on this forum lately regarding it-security are lacking critical questions, I believe.

What are your objectives?
What is your thread model?
How do you define “being hacked” or “leaking data”?
How advanced is your adversary and what kind of resources does he have?

For instance I have got a quick glance on a video linked around here which could hint on a browser hooked by BeEF. Could have been a malfunctioning browser or a lack of RAM or swapspace or both, but what the heck. Now, QubesOS won’t be much of a help against that. One could argue not to visit shady websites, but an advanced adversary might even use the NY-Times web presence to attack a certain user’s browser. This is called a water-hole-attack, btw.

On the other hand switching off javascript in your browser prevents an attack with BeEF.

Coming back to your question:

And hopefully have a secure/leak proof setup

What data do you want to prevent to leak?

Just my ip adress (torrenting some linux isos). I just read in some threads that the can be leaks if something fails (ex. network manager). Just trying to avoid some letters from coming in. I am not under direct attack or anything.

Aren’t bittorrent-clients relying on UDP?
Isn’t Tor dropping UDP-traffic?

I’m not into that topic, but if you use VPN-providers which have your credit card number and your name you are trusting them to not log your traffic. I can not recommend that.

If your VPN provider is compromised by attacker then your 3 proxy-vm will be compromised as well.
If you’d use 3 different VPN providers then attacker will need to compromise all 3 of them before he reach your real IP.
Also read about Traffic Analysis and Timing Attacks here:

With such attacks it doesn’t matter how many hops you’ll use.

how would you protect yourself? Just pay with monero and different vpn providers?

thanks i will take a look!

how would you protect yourself?

As long as you just want hide your IP when downloading a linux iso, one VPN provider should be enough.

I haven’t read the article in full but I believe it even uses iptables to ensure your VPN-tunnel is used or otherwise traffic is blocked.

If you are using the bittorrent protocol for hollywood movies, there is a not to neglect likelyhood that your VPN-provider is going to give them your identity.

Traffic Analysis and Timing Attacks are most likely used in scenarios like this:

That’s why I wrote you got to ask the right questions. :laughing:

yeah thank you very much!