Should you use double VPN?
The problem with single tunnel double VPN.
I have always been a fan of Single Tunnel Double VPN (ST2) which provides extra security. For this post, I will not dive into the pros and cons of this particular solution because the majority of the problems related to this technique can be covered by some other questions. But still let's cover some of them here as this topic attracts quite a lot of attention.
First of all, should I choose such an implementation over something simpler? What is ST2? The technique has its origins from Cisco (formerly Cisco in 2015) in 2024 but the way it was invented wasn't so great, so even Cisco had problems using it correctly at first. After the changes made in 2024 and introduction of double VPN, things were a bit better. The idea of single tunneling is very simple, it enables VPN gateway to encapsulate multiple VPN tunnel instances through the same interface towards the outside world. However, it does have some downsides:
Security implications because VPN tunnel traffic leaks through the double VPN. A compromise of one VPN instance compromises both instances.
The VPN infrastructure is more complex because of double VPN setup. It also requires VPN gateway's configuration that makes troubleshooting more difficult.
For instance, if double VPN is enabled on a VPN gateway with 10 subnets (or 100) and you enable only 4 interfaces, then this method won't help you much because there is a significant traffic leakage between the tunnels and you cannot protect the traffic between 1/4 of your network. If the problem happens with real implementation, there are several ways to address this issue. Firstly, we should take a look at the implementation.
Let's have a look at how it works technically. The idea behind ST2 is to use multiple VPN tunnels between two remote sites and create a point-to-point VPN through the VPN gateways of those remote sites towards the rest of the organization. In case of the diagram below, this will appear as two VPN tunnels between our organization and remote site 1: We will use the example of remote site 1 and remote site 2 since they are usually the most problematic as far as the number of IP addresses and subnets used for connection with an attacker.
What happens if you have 2 VPNs on?
Does it make any difference if one is for example from a country that doesn't have any restrictions and the other is from a country with very strict VPN laws?
Does it even matter, since you can't see what's going on outside the VPN and most of the servers and connections are "just" between the two VNPS. I do believe that what you stated about the content is totally correct, although I was thinking the opposite as I would consider that the server on which your "unimportant" content is stored, is actually doing something to help conceal your IP address and in this case maybe the content is only of the order of magnitude of 10.000 MB.
My personal experiences has lead me to consider that the server storing the data will be just there as an infrastructure but not as a "dissimulation tool". What I consider important is if the server is "on a different continent", but maybe it does matter because of latency / round trip time.
I also would go as far as to say that a VPN server would never be used just for anonymity / security issues, they are usually aimed at providing fast connections / bandwidth (or similar) and thus to get access to services on the internet. For me, I would use the same server for both reasons if possible.
I can't find a definitive answer though, but I'll be interested to hear the answers from those guys having their hands on the matter. I could say that all three servers are probably in different countries. But that could be misleading because I've seen (in some cases) that all the files come from Asia but with different server locations. The server that stores the "important" information would probably be where my original download server downloads from. In which case, the server might be in a different location than my actual origin. It's tough to be sure unless there is an independent witness or expert to see if the content is different on another server.
But I can agree with you that if you set up a server for this type of usage (where the origin server gets it from), it makes no sense to use the same server for the VPN.
Is double VPN overkill?
The more data a VPN service processes, the more likely it is to get a virus.
And the faster it does so, the more likely it is to get a virus. The question of whether or not a VPN service should be double-VPNed is a tricky one.
If you're in a situation where the security of your traffic is truly compromised, then it's probably best to double-VPN. But if you're more concerned about getting a virus on your laptop than you are about getting access to your sensitive information, then it might be enough to do just one VPN.
A few years ago, I was lucky enough to travel to London to speak at an event hosted by NordVPN. After the event, I had a chance to speak with some of the people behind the service, and I asked them about the decision to build a second VPN server on the back end.
When they were founded, the NordVPN team didn't have any other clients. So, they started with a single VPN server, and the service grew from there. But after some time, they realized that the demand for their service was so high that they needed to add more capacity.
So, they did. And while the first VPN server they launched was fairly small, the second server they launched was a beast.
When we started NordVPN, we wanted to build a good product that could be used by people around the world, said the company's Chief Technology Officer, Chris Brummer. I think that's what we accomplished. We've grown our servers to over 50,000 IP addresses and over 100 GB of total bandwidth.
The servers are currently spread across four countries: the Netherlands, the US, Sweden, and Canada. Brummer noted that, in addition to the servers, the company also has over 30,000 users around the world, and that the service is growing at a rate of 10% a month.
It's been really exciting to watch it grow. We built this from the ground up with one goal in mind: to make it easy for people to get access to the Internet safely, he said. And it's great to see that people are using it to make that happen.
What is the difference between NordVPN onion and double VPN?
When you use NordVPN, your activity on the internet is encrypted through the double VPN.
With a double VPN, the Internet traffic goes through another VPN that is run on a server, which makes it more secure.
This is in comparison to using the onion VPN that is not based on a double VPN, which means that all your internet traffic goes through the same VPN server, making it vulnerable to any third-party access. The best double VPN for NordVPN users. The Best Double VPN for NordVPN Users is ExpressVPN. ExpressVPN is the only VPN provider that offers both a double VPN and an onion VPN, which makes it the best double VPN. You can read our detailed ExpressVPN review here. What is NordVPN's unique double VPN feature? NordVPN also offers the unique double VPN feature. The double VPN feature makes it difficult for the third-party access, and keeps you anonymous.
In case of the double VPN, your internet traffic is encrypted through another VPN that is run on a server. This way, even if there is a 3rd party access, they are unable to decrypt the data.
Best double VPNs for NordVPN. The Best Double VPN for NordVPN is IPVanish. IPVanish has the best double VPN feature for NordVPN. You can read our IPVanish review here.
How does NordVPN double VPN work? NordVPN onion VPN is not a double VPN as it is based on the OpenVPN protocol and not double VPN. NordVPN uses the double VPN feature only to protect the anonymity of its users and make it difficult for the third-party access. What is the difference between the VPN onion and double VPN? The VPN onion and the double VPN differ in their working principle. VPN onion is not based on the double VPN and it encrypts only the traffic of NordVPN servers, whereas, the double VPN encrypts the traffic of both the NordVPN servers and the VPN server in the background. So, the VPN onion is not safe if the NordVPN server is compromised. But, with the double VPN, NordVPN is safe, as the VPN server in the background encrypts the traffic and keeps you anonymous.
What is the Best VPN for NordVPN and which is the Best double VPN for NordVPN?
What is the difference between single VPN and double VPN?
Double VPN allows you to keep both your personal and company usage in separate private networks, which means your personal traffic is encrypted at the VPN server and no one will be able to see your actual location and activity unless you're completely oblivious or foolish.
In case there are any security breaches or suspicious activities, only your personal activity (even it isn't encrypted) will get stolen.
What are the advantages of Double VPN over single VPN? For your private life, a double VPN is a lot more secure because everything that happens on your device is invisible, including browsing, banking, shopping, downloading and all types of data on Wi-Fi hotspots. Double VPN means no data exchange and no data leakage. This way even if your laptop gets stolen, stolen Wi-Fi connection, data goes through a firewall, they won't ever get stolen from their network. You can also set different levels of priority for your two networks, just in case one of your networks doesn't get a full-speed connection.
For your company's network, double VPN is a great security tool against hackers because they can see only their company's specific data but they can't find anything on your device. With double VPN you'll be able to control who can use VPN. This way, even if they use your double VPN you'll still have the option to control the device's usage and limit the access to certain things like the Internet.
What does VPN connection do? VPN encrypts traffic and allows you to change your location as though you were in that country. That's why VPN is often called "Virtual Private Network".
What's double VPN? The VPN connection enables you to split your network traffic between your desktop and your mobile device so you can use them simultaneously, at the same time and in the same place, over a secure VPN connection. Double VPN lets you connect 2 networks, 1 for your personal use and 1 for your company's use. The security comes from connecting two different systems, and being connected via a secure VPN, the networks and their users are isolated from each other.
It means: No traffic between your networks and no data leakage. Completely invisible, protected internet traffic. Your privacy, security and identity are always safe. High speed internet even if you're using Wi-Fi connections. Why double VPN instead of single VPN?
Does ExpressVPN have a double VPN?
The fact that ExpressVPN has one of the largest customer bases of any VPN provider, and it's still growing each month, is a testament to their reputation.
This also means that ExpressVPN can boast of having one of the largest number of IPs in operation at any time.
So just how do they get so many IPs up and running? Well, the answer to that question is simple: it's not a double VPN. Instead, it's a double layer of encryption, which you might say is the same as a double VPN.
There are some other VPN providers who claim that they have a double VPN, but ExpressVPN has an additional security feature called an SSL/TLS proxy, which actually does protect you from double VPN attacks. A second VPN layer allows you to access geo-restricted content, like Netflix, which would otherwise be blocked. This is because it prevents your ISP from reading what you are browsing.
So, are ExpressVPN really a double VPN, or are they just being clever with marketing? We set out to find out. VPN types and ExpressVPN. Double VPN means having two different IPs for each user. The first IP, the public IP, will be the one used by the web browser and when you download files from the Internet. It will appear on your router, as well as on the websites you visit.
The second IP, or the private IP, will be used to connect to websites using VPN protocols. The advantage of this is that it gives you more IP addresses than you would normally have, which gives you the ability to use a larger number of services.
So let's see how ExpressVPN handles the problem of double VPN protection. The main VPN protocols that they offer are: OpenVPN. Ipsec. PPTP. L2TP. ExpressVPN's IP addresses. At a quick glance, it looks like ExpressVPN does have a double VPN. And when we examined the IP addresses they're using, it seems they do have two different IPs.
We did this by looking at the number of IPs at various times of day. This is shown in the chart below. It appears that at all times of the day, they have 2-5 different IPs operating.
Related Answers
Should I use double VPN NordVPN?
I have an idea for a VPN network and I want to use NordVPN to create it, b...
Should I use double VPN NordVPN?
In general, Double VPN should show up on the 'VPN Connect' page. If you d...
Is Double VPN worth it?
VPN is an acronym for virtual private network. It is a technique used by computer u...