How to chain two commercial vpns?

Say I want to double hop but between different providers. Like Proton and Mullvad.

I could set one up on my router and another on my OS. Or one on my host OS and another on a VM. Simple enough.

But what about both running chained on the same OS?

Surely it must be possible.

Here is a nice guide for chaining your own Wireguard server and Mullvad:

But what about Proton and Mullvad or any two providers. Can it be done?

Iirc there’s no such thing as VPN Chaining and even then (if it is which I guess the article might validate it) you’re not gaining any privacy or security benefit and you’re essentially trusting the VPNs you’re connecting to anyway. Simple as that.
The closest you’ll get is something like Proton’s secure core which does multi hop servers, actually does it and has a little bit of a benefit here over what you’re trying to do.
Maybe I’m just wrong but that’s where If I recall correctly

this is so hilariously wrong

@doublehop yes one on router and one on your OS is the way to go. proton and mullvad are the best options available for this.

the odds that your adversary has not only compromised two vpns in different jurisdictions at the same time and correlate both accounts is extremely low. in fact, if this is unacceptable in your threat model then you probably should stay off the internet

1 Like

hey as I said I could be wrong, i didn’t want to claim im correct so. Thanks for clarifying

As a poster said above, device + router seems to be the only easy way.

Apparently RDNS is working on a wireguard upon wireguard implementation, so maybe keep a lookout for that?

Chaining WireGuard works beautifully, it is stable, & bug free for straightforward usecases (we tested with Amnezia + Proton without port forwarding / P2P / PMTUD etc) & so it will land in the next version, v055o, due a release once the lead developer is back from their vacay.

2 Likes

This is huge! Thanks for all the work you do. Honestly discovering rdns has improved my network security much more than almost every other measure combined (because it doesn’t depend on my router always existing). An awesome swiss knife.

off topic whitelists

Is there also any update on exporting whitelists for app isolation? I have a decently long list built now for common apps. Currently I am looking to create a github gist containing them, but using them this way would be hard.

Can you also post on the forum once it is live? I think it will be a great tool for a lot of folks here.

2 Likes

Not really. There are other pressing issues we are pursuing. This one … is far way down in the list.

Could be wrong but don’t think PG prefers developers themselves start discussions on new releases?

1 Like

I am also not sure. I’ll keep an eye out then :slight_smile: