When privacy is an absolute must, the standard methods to shake off surveillance might just not cut it. Using a VPN is, in itself, a pretty secure method to stay anonymous on the web. So is using the Tor network, which also directs your connection through several random nodes to make it impossible to trace the connection back to you. However, these two methods can also be combined, which is known as Tor over VPN (or Onion over VPN). Here’s what you should know about it.
Tor and VPN
It’s impossible to explain how Onion over VPN works without touching how each component works separately. Many people who are looking for anonymity indeed usually use just one of them. As with everything, there are benefits as well as drawbacks.
What is a VPN?
A VPN is a virtual private network, a technology to route your connection through an intermediary server. The connection between your device and the server is encrypted, making your connection impossible to intercept from the outside. It also disguises your real IP address with that of a VPN server.
You can set up a VPN server yourself or buy a subscription from a VPN service provider. The latter allows you to connect to large server fleets with the possibility to pick almost any country in the world. Thus, disguising your IP and making it seem as if you’re connecting from a different country.
What is Tor?
Tor is (or used to be) an abbreviation of The Onion Router. It can mean either the Tor networking system or the Tor browser. The networking system operates on an open network that anyone can join. It works by routing and encrypting connections through several other users’ computers. Each such re-routing point is known as a relay or node, and they receive and send the data forward. By default, Tor uses at least three relays between your device and the final connection hiding your IP address behind several layers and encrypting the data.
How does Tor or Onion over VPN work?
Onion over VPN combines the encryption of the VPN between your device and the server. Plus, it adds several Tor relays between the VPN server and the final network request. It greatly extends the intermediaries in between the server you’re contacting and your device:
- You connect to a VPN server, which encrypts your connection and hides your real IP address.
- The request is then sent through a minimum of three relays to reach the intended destination
Suppose someone wanted to trace back the connection to the source – that would be almost impossible to do. Especially if you’re using a no-logs VPN service that you paid for anonymously.
Best VPNs for Tor
- NordVPN – best VPN for safe Tor browsing
- Surfshark – great low-cost VPN for Tor
- Private Internet Access – the most customizable VPN for Tor
- ExpressVPN – excellent VPN for fast Tor speeds
- Astrill VPN – the VPN that works without the Tor browser
I’ve selected some of the best VPNs for the Tor browser. If you want to make your trips to the dark web safer, these will prove to be invaluable allies. Some of them have Onion over VPN functionality built-in, which makes your setup even easier. Regardless of which one you end up choosing, you can have several layers worth of protection with each of these VPNs and Tor.
NordVPN is one of the safest VPNs that money can buy. It also works perfectly with the Tor browser. Onion over VPN functionality is built-in, meaning that you’ll only need to choose this server type and connect to all the anonymity benefits it brings.
There are a lot of other useful features like NordLynx tunneling protocol and split tunneling. So, you will be getting top speeds and have good control of the app itself. As Tor connections are very slow, starting with a fast VPN gives you a head start. For more NordVPN features, see our NordVPN review.
NordVPN Pros and Cons:
- Strong security suite
- Built-in Tor over VPN feature
- Independently audited no-logs policy
- Fast connection speeds
- Kill switch on all clients
- Large server fleet
- 30-day money-back guarantee
- Linux client has no graphic interface
- No free trial
One of the most recent contenders to the best Tor VPN list is Surfshark. This new service provider can contribute to the cause if surfing with Tor browser is something you’re looking for. Not only it allows you to switch between two different types of encryption, but it also supports WireGuard tunneling protocol.
Speed-wise, the service is one of the fastest. It should help you if you don’t want to lose speeds when you’re connected through the Tor browser. It doesn’t hurt that the service is also one of the cheapest. Overall, you’re getting a superb value package. For more information, read our Surfshark VPN review.
Surfshark Pros and Cons:
- Strong security features
- Privacy-friendly business location
- RAM-only servers
- Very fast
- WireGuard protocol
- Superb customer support
- No split tunneling on iOS
- Apple product apps are slightly weaker
Private Internet Access
Private Internet Access should probably hold the Guinness World record for most VPN servers. Yet, this isn’t the only thing that they’re offering. This VPN makes a superb match with Tor browsers. So when you’re visiting a dark web and want guaranteed privacy, this is the way to go.
Your anonymity is ensured with their military-grade encryption and cutting-edge tunneling protocols. There won’t be any leaks outside of your VPN tunnel. Everything that you’ll do with the Tor browser will remain secret, forever! For more information, read our Private Internet Access review.
PIA Pros and Cons:
- Kill switch on all clients
- Full Linux app
- 30-day money-back guarantee
- Highly configurable
- Good security options
- Shadowsocks proxy
- No independent audit
- Based in a 5-Eyes country
- Speeds could be better
ExpressVPN is one of the best-known VPNs that are also making outstanding pairing with the Tor browser. The service is hermetically sealed against DNS or IP leaks. All of this should be music to your ears if you’re looking for a privacy-focused VPN.
Their speeds are also nothing to scoff at. With their proprietary Lightway tunneling protocol, you’ll barely notice that you’re using a VPN. More features can win you over, like split tunneling or stealth servers. The latter will be used automatically if your VPN detects network restrictions. Find more information in our ExpressVPN review.
ExpressVPN Pros and Cons:
- Record-breaking VPN speeds
- Split tunneling on macOS
- Automatic stealth servers
- Superb coverage
- No DNS or IP address leaks
- Independently audited
- Speeds are inconsistent
- High price
- No extra features
Astrill is a go-to pick if you need everything in one place. Not only is this VPN dedicated to protecting your anonymity, but it also has the means to do it. From military-grade AES encryption to tunneling protocols, their setup is without flaws.
Still, if you need some extra protection, you can add StealthVPN servers to the list. There are more features like built-in Onion over VPN servers, split tunneling, simple VPN connection sharing, and more. You will be getting a premium package for a premium price. Read more in our AstrillVPN review.
AstrillVPN Pros and Cons
- Good VPN speeds
- No DNS leaks
- Extensive customization options
- Functional kill switch
- Split tunneling
- 5 simultaneous connections
- Modest list of servers
- Very expensive
- Outdated UI
- No money-back guarantee
Is Onion over VPN safe?
The major vulnerabilities in such a network configuration can fall on the separate intermediaries: either the VPN or the Onion network.
In the case of VPNs, not all of them are made equal. You have to be positive that the service is a no-logs VPN service. Don’t take the provider’s word for it. Records of refusal to collaborate with law enforcement, third-party audits can essentially prove whether you can trust a service. If the VPN keeps your logs, your privacy claims are invalidated, and it’s one of the potential threats to your anonymity.
In the case of the Onion network, the biggest downside is that it’s community-based, and everyone can set up a Tor node. It means that there are some rogue nodes managed by hackers that can potentially be spying on you. It isn’t as cookie-cutter to de-anonymize your connection. It would likely require a level of funding only available to national governments. Albeit a very theoretical possibility, it’s a point to consider.
When using Onion in tandem with a VPN, the best part is that your anonymity rests on two entities that are separate from each other. Even if there are risks and potential points of failure, the chain is longer, and there are more added safety measures than you would get if you used the service on its own. Plus, the VPN also encrypts some of the internet traffic that the Tor doesn’t encrypt, for example, ICMP. Plus, if you’re using just the Tor network, your ISP can tell that you’re using it. With a VPN, it becomes impossible to tell.
Do you need a VPN for Tor?
You can use the Tor browser or set up the connection so that all your traffic would go through their servers. Your traffic is encrypted, but your ISP can still see that you’re connecting to Tor. Plus, the first Tor node that you connect to can see your real IP address.
A VPN isn’t a requirement to use Tor, but it helps a lot. It encrypts your whole traffic, masking it from the ISP. In short, it’s much safer to use Tor with a VPN.
Pros & cons of using Onion over VPN
- Multiple layers of encryption
- Even if the Tor network is compromised, your real IP remains unknown
- VPN features like a kill switch remain in place, protecting you while you browse
- Many ISPs block the Tor networks altogether, so the only way to access them is via VPN
- Neither the ISP nor VPN provider can see what you’re doing
- Your speeds will be very slow due to the longer chain of intermediary servers
- Tor exit nodes can get blocked at random times, cutting off your connection
How to use Tor over VPN?
Using Onion over VPN is simple. You’ll need a VPN service and the Tor Browser. If you want to route all of your traffic through Tor, you can use tools like Tortilla. This tool will route all your web traffic through Tor nodes. However, in most cases, you’ll likely be using the Tor Browser. Here’s how you can do it.
- Sign up for a VPN service. Anonymous payment options are your friends, and generally, you want to leave as little personally identifiable information as possible.
- Download and install the client on your device. Once you do, connect to whichever server gives you the best speeds.
- Download and install the Tor Browser. Launch the browser and connect to the Tor network.
Your browser connection is now under two sources of encryption: the VPN, and the Tor Browser. If you used Tortilla, this would apply to all your traffic. Keep in mind that such a setup would depend on many intermediary servers, so the network’s maximum speed would be very low. Hence, it’s better to stick to the Tor browser for truly private activities and use just a VPN for everyday usage.
VPNs with built-in Onion over VPN feature
There are only a few VPNs that integrate Tor functionalities into their services.
The leader in this area is NordVPN, which has a built-in Onion over VPN feature. You don’t have to add additional configuration to use it. The setup is pre-configured so that you could browse anonymously from the get-go and without the Tor browser or Tortilla.
Onion over VPN vs. Double VPN
Keep in mind that if you want to remain anonymous, Onion over VPN is far from the only solution. Tor isn’t the only method to interconnect several secure connections. It’s also possible to use several VPNs. That way, your traffic is routed through several servers, and your traffic is encrypted twice.
Different VPN providers that have this built-in feature name it differently. It’s called as multi-hop, double VPN, nested VPN, or other. There is also the option to try and set it up yourself with two different VPN providers. However, you may encounter software compatibility issues (especially when Windows is prone to TAP driver errors). You could also be required to pay two subscription prices.
Should I use Tor bridges instead of a VPN?
When using the Tor network, you have an option to connect via Tor bridges. Bridges work in a similar way to relays, but they aren’t public and don’t appear in the main Tor directory. However, finding one can be a pain. You could set up one yourself, but this isn’t easy. Otherwise, it’s already public if you’ve found it, which also means that it can be blocked.
Tor bridges can add additional flexibility to your browsing experience. There are particular variants of them, for example obfuscated tor bridges that can be useful when accessing restricted content. Your ISP, in most cases, cannot block private Tor bridges.
Tor over VPN may seem like overkill. However, relying on just VPN or just Tor leaves may not be enough if you’re a journalist or political activist under an oppressive regime. With only the VPN, you’re trusting your service provider with the entirety of your data. With only Tor, the encryption might not be sufficient, plus the communal nature of Tor puts too much trust in every node to be trustworthy, which isn’t always the case. However, when used these services in conjunction, Onion over VPN is one of the most secure solutions that should be sufficient for whistleblowers and activists.
Thinking of trying out a VPN service? Read one of our VPN guides or reviews
Do you need a VPN for Tor?
You don’t need to use a VPN for Tor. It will work without it. However, using it decreases the chance of being exposed during your trips to the dark web.
Can you use Tor for normal browsing?
Most common websites have the Tor version. This applies even to sites like Facebook. However, the connection will be so slow that you should use a VPN for normal browsing, which will allow you to use the standard versions with better connection speeds.
How do I know if my Tor is working?
If you know your regular IP address, it’s easy to check what is shown when you’re connected with Tor. If the address doesn’t match your regular IP address, then you can be sure that your address is changed.
Is it dangerous to download Tor?
Tor has many legitimate uses. There are dark web boards used by activists and journalists. So, you shouldn’t be afraid of the tool. However, it is true that it’s also often used for illegal things, as well.