ProPrivacy is reader supported and sometimes receives a commission when you make purchases using links on this site.

Chaining VPN servers (or “Double VPN”)

It is possible to "chain” VPN servers so that your data is routed between two or more VPN servers as it travels between you and the internet. Such chaining can provide some security benefits, but will always result in a major loss of speed.

Your PC/device -> VPN server 1 -> VPN server 2 -> Internet

Chaining VPN servers is possible using either a VPN service that offers it as a feature, or you can do it yourself using a Virtual Machine (VM).

Double-hop VPN services

Some VPN services offer multihop VPN connections, allowing you to route your VPN connection through two or more of their servers. The most prominent of these are NordVPN and IVPN, but some smaller providers (which I am not familiar with) also offer this as a feature.

The advantage of chaining VPN servers in this way is that the VPN provider does all the hard work. It is usually simply a matter of selecting the correct profile in the VPN client, and everything else is taken care of automatically.

NordVPN double-hop

NordVPN only supports "Double VPN” through its Austria -> Netherlands servers. As you can see, data is re-encrypted as it leaves each server

 

IVPN Multi-hop

IVPN, on the other hand, allows you to double-hop through any of its servers

Aside from the fact that any extra hops will seriously slow down your internet connection (see our IVPN Review for some speed test results), I am very dubious about the value of such a setup. This is because the VPN provider still routes the signal, so:

a) Adversaries will be easily able to trace a user to that VPN service, and

b) The provider still does the routing, so it knows exactly who is connected to what, no matter how many servers your data is routed through.

Of course, if the provider keeps no logs, uses shared IP’s, etc., it may not be able to turn over any information, but this is exactly the same as if a single VPN server was being used!

If the VPN provider is not compromised, then multi-hopping through servers located in countries where an adversary has no leverage might help prevent it tracking a connection back to you. For example, if you are concerned about being traced by the NSA, double-hoping through servers located China and Russia might conceivably make life difficult for the NSA. However:

a) Very few providers actually offer servers located in such locations (and China bans all VPN services)

b) Can you really trust VPN servers located in such counties?

Chaining VPN servers yourself

Another option is to chain VPN servers yourself using Virtual Machines. Virtual Machines effectively allow you run one Operating System (OS) inside another. It is therefore possible to connect to one VPN service using your primarily OS, and then connect to a second one from within the VM.

All connections from within the Virtual Machine will be routed through both VPN servers (with the one your primary OS is connected to being the first).

A 2 server chain using a Virtual Machines would, therefore, work something like this:

PC -> VPN 1 -> Virtual Machine  -> VPN 2 -> Internet

The advantages of this over using a double-hop VPN service are:

  • You are protected by 2 completely different VPN services, making it twice as difficult for an adversary to identify you. Note that this only really applies if you use privacy-friendly no logs providers
  • You are completely free to decide which servers to connect to
  • There is no limit to how many servers you can chain (except the power of your PC and how much of a speed hit you are willing to take).

Disadvantages include:

  • You now need to trust two VPN services, rather than just one
  • Can be pricey, as you need to pay for each VPN service you use (you could use free services, but this would lose many of the privacy advantages that chaining VPN servers brings. Most free services aren't trustworthy and in fact keep logs (or else have data and/or speed limits that would likely be crippling over a multihop connection)
  • It is a pain to setup
  • You will suffer the combined speed hit of connecting to every VPN server that you chain (at least!).

Example setup

Below is an example setup for chaining VPN servers yourself, using a Windows 10 PC running Oracle VM VirtualBox. Please note that if you are serious about security, you should seriously consider using some version of Linux as your primary OS instead of Windows. The process for doing this in OSX or Linux is very similar.

  1. Download some VM software and an Operating System. For this example I have used VirtualBox (available for both Windows and OSX) to create a Virtual Machine, into which I loaded the Linux Mint OS. These are both free and open source.

 

One your VM is setup, you can check your IP address by visiting IPLeak.net in your browser. It should show the IP of a server belonging to VPN service 1 (AirVPN in my case). This is because the VM’s internet connection is routed through my regular internet connection (which is routed through an AirVPN server).

  1. Install VPN service 2 inside the Virtual Machine. Most VPN providers have instructions for connecting to their service using Linux. I used IVPN (since I had a subscription for it available). As with most providers, IVPN gives detailed instructions for setting up OpenVPN in Linux using the open source Linux OpenVPN client.

 

Once connected to the VPN in the VM, visit IPLeak.net again. Here you can see that I am connected to an AirVPN Netherlands server in Windows, and an IVPN Switzerland server in the Mint VM.Chaining VPN servers

Ta da! When using the Mint VM to access the internet, I am protected chaining 2 VPN servers (and am therefore protected by both VPNs). My connection is now effectively:

PC -> Netherlands (AirVPN) -> Switzerland (IVPN) -> Internet

More than two VPN servers?

In theory, if you have a powerful enough machine, there is nothing to stop you running any number of Virtual Machines inside the other Virtual Machines, allowing you to chain as many VPN servers as you like.

In practice, however, I have been unable to get this to work. You should also be aware that if you do get this to work, each extra "leg” in the chain will seriously impact your internet performance.

Speed tests

Just to provide a rough idea of the performance hit you are likely to encounter when chaining VPN servers, I have run some speed tests o the above double-hop setup. These were performed on a 50Mbps/3Mbps UK broadband connection, using TestMy.net’s UK test server.

As I am based in the UK, I have chosen to use Netherlands and Swiss, as I believe this reflects a typical real-world use-case. Both countries are good for privacy, but are close enough to hopefully not down my connection speeds too much.

Chaining speed results download

Chaining speed results upload

As we can see, chaining two VPNs results in a major speed loss (especially for download speed). That said, on my 50Mbps connection, a chained connection is quite useable at around 10Mbps. As something of a side-note, both AirVPN and IVPN performed notably well on their own in these tests.

Conclusion

I see limited value in chaining VPN servers belonging to the same VPN provider, but chaining servers belonging to two (or more) providers does have meaningful security benefits. The main downside of this is that in addition to twice the protection, you also at least suffer twice the performance hit (probably much more). It also means that you must trust two providers, instead of just one.

The elephant in the room here is the Tor Network. If you require very high levels of security and/or anonymity, then you should use Tor instead (and the speed hit of doing this is comparable with chaining 2 VPN servers). It might also be worth considering using Tor and VPN together, which (depending on how you configure the setup) can usefully combine the advantages of both privacy technologies.

Update June 2016: I have discovered a Bash script called VPNChains. This allows experienced Linux users to chain VPNs without the need for a Virtual Machine. I have not yet tested it myself, but the script reportedly works well.

Written by: Douglas Crawford

Has worked for almost six years as senior staff writer and resident tech and VPN industry expert at ProPrivacy.com. Widely quoted on issues relating cybersecurity and digital privacy in the UK national press (The Independent & Daily Mail Online) and international technology publications such as Ars Technica.

13 Comments

Peter Jepsen
on June 9, 2018
Dear Mr. Douglas Crawford Windows 7 Pro and Windows 7 Ultimate and Windows 7 Enterprise (all 64 bit), allready contains virtualization software (see manual for Win 7 family). Two modules must be downloaded and installed, then a virtual machine (32 or 64 bit) can be defined. I have used this software to still be able to run old fashioned Windows XP Home and Pro (32 bit). However i am allmost sure, it could also be used to implement nested VPNs or chained VPNs. I look forward to a response from You Sir. Sincerely Yours Peter Jepsen. N.B.: I my self is using CyberGhost ver. 6.5.2.31 or CyberGhost ver. 6.5.1.3377 .
https://cdn.proprivacy.com/storage/images/2024/01/douglas-crawfordpng-avatar_image-small_webp.webp
Douglas Crawford replied to Peter Jepsen
on June 11, 2018
Hi Peter, Hmm. Interesting. I assume you are referring to Windows Virtual PC from Microsoft? In theory there is no reason you can't infinitely nest VMs until your PC grinds to a halt from lack of resources, but it doesn't seem to work using VirtualBox. I'm afraid that I don't really have the time at the moment to mess around with setup you suggest, but if you get around to doing it yourself I would love to hear the result.
JP
on October 26, 2017
I know I'm late to the party but had a question in your setup: PC -> Netherlands (AirVPN) -> Switzerland (IVPN) -> Internet presumably the benefit is that in the event your 2nd(IVPN) was compromised by adversaries or not honest about tossing logs, the logs would point to your first(AirVPN) VPN. But rather, isn't it true that IVPN is just setting up a tunnel directly to PC client and any compromise would point back to the your PC regardless of if you tunneled through AirVPN or just over the regular Internet?
https://cdn.proprivacy.com/storage/images/2024/01/douglas-crawfordpng-avatar_image-small_webp.webp
Douglas Crawford replied to JP
on October 27, 2017
Hi JP, Regarding the benefit, that is correct. With is setup IVPN's servers will only see that you have connected to them from an IP belonging to an AirVPN server. The VPN tunnel does go directly back to the client, but the VPN server only sees the outward-facing IP it was connected to from.
Mason
on May 25, 2017
Probably, my question is stupid, but still I will ask it. If you use VMware Workstation 12 Pro instead of VirtualBox, will the described VPN chain work ? (I do not understand the technologies of virtualization) I apologize for my English.
https://cdn.proprivacy.com/storage/images/2024/01/douglas-crawfordpng-avatar_image-small_webp.webp
Douglas Crawford replied to Mason
on May 25, 2017
Hi Mason, Not a stupid question at all! Yes - any VM software should work.
Lee
on October 25, 2016
Hi, how do you set two VPNs up, i have IPA & have just got 4 weeks with Mullvad. When i log into IPA & the green man lights up, i then log onto Mullvad and IPA turn off. What am i doing wrong? can someone let me know the set-up. Thanks
https://cdn.proprivacy.com/storage/images/2024/01/douglas-crawfordpng-avatar_image-small_webp.webp
Douglas Crawford replied to Lee
on October 26, 2016
Hi Lee, To run two VPNs simultaneously on the same machine, one of them needs to run inside a Virtual Machine (VM). If you then access web content from inside the VM, you will be protected by both VPNs. Please read through the Example Setup described in this article for step-by-step guide.

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.

We recommend you check out one of these alternatives:

The fastest VPN we test, unblocks everything, with amazing service all round

A large brand offering great value at a cheap price

One of the largest VPNs, voted best VPN by Reddit

One of the cheapest VPNs out there, but an incredibly good service