Home » Jolly Roger’s Security Guide for Beginners » CONNECTING TOR -> VPN FOR WINDOWS USERS
Click Here To Hide Tor


After a long search, I have found a way you can connect TOR -> VPN. It is not perfect, and some might not agree with doing things this way, but it works and I am giving it to you as an option, but it only works for Windows users at this time.

>>>Be sure to use a VPN with Tor. Click here to see the best VPN’s<<<

If you look back at my previous posts regarding combining VPN and TOR then you will find the reasons why you would want to do so, and some of the reasons why you might not want to do it. But I was unable to provide you with a way to connect to a VPN using TOR so that the VPN does not know who you are. When it comes to TOR -> VPN, if you cannot trust your VPN, which you rarely should, then keeping your identity anonymous from your VPN is a good idea. Also, with more and more people using TOR, but with only around 4000 TOR exit nodes, many of the exit node IP addresses are being flagged as spammers on popular websites and limiting the usage of well meaning TOR users to post on message boards like Stack Exchange and so forth.

The way that I found you can do TOR -> VPN is by using a virtual machine, preferrably Virtual Box and running another instance of Windows, preferrably one that uses less memory than your current version. You also want to run TOR Expert and Tortilla on your host OS. I talk about how to do this in previous posts. Next set your Virtual Box to route all it’s network traffic through Tortilla (bridge adapter), which routes it all through TOR. Currently Tortilla is only supported by Windows, which is why this option is only available to Windows users at this time. Doing this also makes it easier to do things like watch videos on YouTube.

Now that you have your Windows Virtual Machine running on TOR, you can install a VPN of your choice, preferrably one using OpenVPN on your Windows Guest OS and connect to it. Check your IP address before connecting and after and you should see a different IP address. If all went well, you now have a virtual machine running TOR -> VPN. Then if you want to add another layer, you can download TOR browser bundle onto your virtual machine and run that as well giving you TOR -> VPN -> TOR for another layer of security.  Also you have the option using this method to use a VPN on your host OS, then Tor Expert with Tortilla, then another VPN on your guest OS, then TOR browser, giving you VPN -> TOR -> VPN -> TOR.

I am not advocating any whcih method, you need to make that decision on your own, I am just giving you the knowledge necesary to make an informed decison and you can ultimately choose which method you feel most comfortable with. Sometimes doing TOR -> VPN is necessary because of the spam filter reasons I mentioned above and other times having TOR as your last node to the internet is necessary like when accessing the onion network. It is completely up to you and I know that we are trying to shy away from Windows usage because of all the exploits and other reasons spoken about in the previous posts, but if you have no other way of staying anonymous from your VPN than this, then I think it is a good compromise until we have something like Tortilla that is compatible with Linux distributions.


  1. With this method why do you need Windows in the VB? Tortilla is running on the Host Windows OS and all VB traffic is routed to it but can’t any OS then be installed in the VB and connect to the VPN?

    • Russell

      How to setup TOR->VPN in any OS:
      Run the Whonix Gateway OS in a VM.
      Then run whatever OS you want in another VM and in virtualbox, under the network settings for the second virtual machine, select ‘Internal Network’ from the ‘Attached to’ drop-down box and set ‘Whonix’ as the name.
      In the second VM/OS setup your VPN.

      • In that case, couldn’t you run any number of virtual devices through a hypervisor for instance and configure your network into any permutation of VPNs and TOR networking that you like?

  2. I am using Tor Debian Linux running on VMware in Win 7 64-bit. Works fine. Like this:
    TOR –> Debian –> Vmware –> Windows –> OpenVPN

  3. Hi, I have tried this method (among others) and have been unable to connect to any vpn I have tried (PPTP). I thought this method would circumvent the GRE protocol problem that prevents access to a PPTP server through NAT.
    Any suggestions?

  4. Is it possible to use a mobile phone to generate a tor only wifi hotspot using some app).

    If the hotspot was 100 per cent Tor only… then it would be relatively easy to connect to the hotspot and use a multitude of different vpn options….

    Any ideas?

  5. OR why not use a burner phone and pay someone to buy Wi-Fi cards from whereever. Then just use good OPSEC and connect from different locations and times so as not to leave a traceable pattern. Remove SIM from burner when done and find a reliable place to stash the card and phone not within 5 miles of your home. Be sure to use the wi-fi card close to your home every now and again to ensure you don’t create a web that shows you logging in everywhere but this one specific area which would be an indicator of your possible home base. You can use this strategy to give a flase indicator however. If you are a vendor, never visit post offices near your wi-fi use locations. This to me, seems like a safe way to stay completely annonymous with having nothing that can be specifically linked to you. I would say to use a bogus account for browsing from your home network using proper OPSEC but never letting the two worlds collide. If LE knows you are using Onion sites but find no traces of use in your home, you could identify yourself as the possible annonymous person using a burner and air card, although they would still need to prove it which could be very difficult if you do properly. Just a thought I have had when reading all of this stuff. Am I missing something or would this be a good strategy??

Leave a Reply

Your email address will not be published. Required fields are marked *


Captcha: *