VPN with Tails — The Basics You Need to Know

Updated on: 12 July 2020
Updated on:12 July 2020

Introduction to Tails and Tor

The Amnesic Incognito Live System, or simply known as Tails, is a Debian-based Linux operating system whose ultimate goal is to preserve your privacy and anonymity. To achieve this, Tails forces all your internet traffic to route through Tor — software that lets you browse the internet anonymously. Tails is also equipped with an instant messaging client, an email client, and an office suite all pre-configured with security in place.

Tails is simple and easy to use, even if you’re a novice user. With Tails OS, you can prevent third-party applications from tracking your online activities.

To learn more about Tails or Tor, follow either of these links:

We assume you have some working knowledge about VPNs. So in this guide, we’ll focus on how to use VPN with Tails to keep you secure.

VPN with Tails

Advantages of Using Tails

  • Skip setup. As Tails is pre-configured to route all your network traffic through Tor, no setup is required.
  • Secure your PC.
  • Protect your privacy and browsing history when using someone else’s machine.
  • Leave no trace of visited websites, entered passwords, opened files, and many more.
  • Save chosen files and configurations to an encrypted persistent storage.
  • Access a variety of software to work with sensitive information and communicate safely.
  • Avoid mistakes. Tails will block applications that try to connect the internet without Tor, encrypt persistent storage, and delete all memory at shutdown

Pros and Cons of Using VPNs with Tails

The Tails organization doesn’t recommend using VPNs as a replacement for Tor, as their goals are incompatible. However, certain use cases might warrant that you use a VPN with Tails for even greater benefits.

Note that to experience the best of both technologies, significant modifications would have to be made to get VPN to work with Tails.

There are two primary ways to use a VPN with the Tails operating system.

1. Tails → Tor → VPN (VPN over Tor)

This method adds a VPN hop after the Tor network’s end.

  • It enables access to services and features you could otherwise get only through a VPN.
  • You can access services and websites that Tor would otherwise block.

There are a considerable number of disadvantages, too, when using a VPN connection after Tor.

  • You have access to no Tor-hidden services.
  • If the Tor network gets compromised, your real IP address will be leaked.
  • If there are third parties or other providers that want to flush you out, they’ll only have to focus on breaking the VPN, not the whole Tor network.

2. Tails → VPN → Tor (Tor over VPN)

Here, the VPN connection is established before connecting to Tor. This method offers many benefits.

  • You can use Tails at airports.
  • VPNs can help access Tor on censored networks.
  • This enables customers to connect when Tails is unusable to their internet service providers (ISPs), or when ISPs have blocked use of the Tor Browser.
  • The Tor network treats your traffic as originating from an anonymous VPN server.
  • If Tor gets compromised, you’ll still have a staunch defender in the form of the VPN server protecting you.

Despite the benefits of using a VPN connection before the Tor network, there are still some reasons why using a VPN isn’t recommended.

  • If the VPN network is compromised, your data could potentially be exposed to third parties.
  • The best VPNs are services you have to subscribe to and pay for.
  • VPNs may introduce a permanent entry guard if they’re set up before the Tor network.

Using Anonymous OpenVPN with Tails

Anonymous VPN offers security services for many platforms, including Windows, Linux, and macOS.

You can download anonymous OpenVPN through https://anonymous-vpn.biz/buy-vpn/

Prerequisites

Unlock and configure Persistent Storage.

  • Unlock persistent storage at the Welcome page by adding a passphrase.
  • Add the VPN application you’ll download later to the persistent storage.

Tails Setup

Set an administrator password.

  • Find the administration password option under “Additional Settings” by clicking the “+” button.
  • Set and confirm the password; you’ll be prompted to enter this in the terminal for many operations.

Tails Setup Page

Configure your internet connection.

Steps

Method 1

  • Purchase a VPN.
  • Download and install a Dedicated VPN.
  • After installation is complete, download the Dedicated VPN keys.
  • Rename DeicatedVPN**.ovpn as tov.ovpn and copy them to the persistent storage.
  • Download a script to connect OpenVPN in Tails and copy it to your persistent storage as tails.sh.
  • Tails Setup Step 4

  • Open a terminal where these files are located (Persistent Storage), or navigate to the folder where these files will be located after opening the terminal.
  • Switch to root.
  • Tails Setup Terminal Settings

  • Enter the command chmod +x tails.sh to set the execution rights.
  • Run the tails.sh script file with ./tails.sh
  • Tails Setup Terminal

  • Enter your username and password to authorize the VPN connection.
  • Upon successful completion, restart Tor and make sure it works by entering the relevant commands.
  • Tails Setup Commands

Method 2

  • Open the Synaptic Package Manager.
  • Search for OpenVPN under the “Not Installed” tab.
  • Check all the packages and mark them to be installed.
  • OpenVPN Tails

  • Apply the changes.
  • OpenVPN on Tails

    OpenVPN Tails Settings

  • Configure your VPN.
  • Add the configured ovpn file to VPN in the network settings.
  • OpenVPN Settings

VPN Service Providers and Tails

VPN Service Services to Tails
ExpressVPN VPN settings and configurations not fully tested with the Tails OS, so ExpressVPN can’t yet be installed in Tails.

Since Tails is a Linux-based OS, you may refer to our manual setup link below using PPTP on Ubuntu, though this isn’t guaranteed to work.

PureVPN Not tested with Tails; therefore, not guaranteed to work.
NordVPN Incompatible, as Tails doesn’t support the use of VPNs directly.
Credit card details, account balance up to $1000 $12
OpenVPN/Anonymous OpenVPN Not directly supported, but can be set up with a few workarounds.

Is Using VPN With Tails as Bad as They Say?

The Tails VPN Support page insists that combining Tails and VPNs is a bad idea.

Moreover, replacing Tor with a VPN is apparently a bad idea as well. If you’re inexperienced, it’s all too easy to make a mistake during the process. As shown earlier, setting up a VPN isn’t too straightforward.

Disabling Tor is a bad idea, yes, but VPNs aren’t intrinsically bad or lacking in security, as suggested by an official statement in the Tails VPN Support page.

Example

If you use Bitcoins to purchase a subscription to a reliable VPN, then the level of security you get is at least on par with that of Tor.

Data packets go from the computer to the VPN, and then to the Tor network by a permanent entry guard which creates an endpoint server to receive data before reaching the Tor network.

The connection is encrypted by the VPN. Therefore, there’s little difference between a permanent entry guard and a direct connection from the computer to the Tor network.

Here, if Tor is compromised, the attacker would have to bypass the VPN’s security as well. This is much safer than accessing Tor directly.

Risks of Using VPN Over Tor Network

Use VPN with Tails or with a Tor network only when absolutely necessary, as this may weaken your anonymity and cause other problems if not configured properly. When considering a VPN, definitely consider the use cases previously discussed.

Circuit Switching isn’t supported when using a VPN over the Tor network.

Internet traffic goes through different exit relays when using a Tor network. This means network requests have different paths or different addresses to access the internet. However, the use of a VPN introduces a permanent exit node for internet traffic, allowing others to identify which location your data is coming from. If your Tor network gets compromised in any way, third parties will find what you requested and from where.

The anonymity of the network built with VPN over Tor greatly depends on the VPN’s anonymity.

People prefer to use Tails because of its anonymity and how it doesn’t trust the services of other applications in securing user privacy. However, if you think adding one more hop with a VPN to the process of what Tails does will increase your safety, you’d be mistaken. The purpose of using Tails is wasted if your VPN provider sells you out. Make sure the VPN you choose is reliable and trustworthy.

Use a VPN over the Tor network only when necessary.

When using a VPN service over Tor, two instances are established in your machine: one will let you route VPN over Tor, and the other will use Tails normally with Tor. It might be inconvenient to have to go through CAPTCHA so often, but you should always make sure to use the VPN instance only when you absolutely must. Some websites may also block VPN users as well.

And if you’re new to VPN and Tails, aside from the recommendations outlined here, it’s still a good idea to go through all documentation carefully.

Conclusion

Tails with Tor Browser might be the answer to many of your concerns with security and private browsing. Although there’s no consensus about whether it’s a good idea to use Tails with a VPN, the combination may in fact be extremely helpful when used in the correct manner.

If you want to track your traffic or eavesdrop on your online conversations, setting up the Tails OS to go through the VPN and then to the Tor Network will cut off all access routes to you.

This setup will give you peace of mind and keep you out of harm’s way permanently.

Written by: Shanika W.

Connect with him:

Shanika Wickramasinghe is a software engineer by profession. She works for WSO2, one of the leading open-source software companies in the world. One of the biggest projects she has worked on is building the WSO2 identity server which has helped her gain insight on security issues. She is keen to share her knowledge and considers writing as the best medium to do so. Cybersecurity is one of her favorite topics to write about. Being a graduate in Information Technology, she has gained expertise in Cybersecurity, Python, and Web Development. She is passionate about everything she does, but apart from her busy schedule she always finds time to travel and enjoy nature.

2 thoughts on “VPN with Tails — The Basics You Need to Know”

  1. Tim.smy says:

    Since you have reinstall everything on each boot what would be simple method in your view. Thankyou. Timothy

  2. Klaus says:

    What if you use tor bridges or Tails>VPN>TOR>VPN/SOCKS5? Would this be possible?
    I need to access the clearnet from an IP in my city but cannot connect my ID to it, hows this possible through Tails? How can I “choose” my IP in Tails?

    The way I’m thinking is how I mentioned above, with a paid socks5 at the end and a paid VPN before TOR, all acquired anon w BTC

    Merci Mult

Leave a Reply

Your email address will not be published. Required fields are marked *