A double VPN feature consists of a VPN connection routed through two consecutive VPN servers instead of one. It’s also known as “multi-hop.” The feature adds an extra layer of encryption to the user’s traffic, thus increasing security, privacy, and anonymity.
Unfortunately, most VPN networks do not support multi-hop connections. Why don’t they? Which are the ones that do? In this article, we will answer those questions and many more.
How to configure a double VPN ā Quick steps
- Sign up for a VPN service that supports double VPN. We recommend NordVPN for its speed even after routing your traffic twice and employing AES 256-bit encryption.Ā
- Activate the multi-hop feature. For NordVPN, find the āSpeciality serversā and tap double VPN. This process may differ from other VPNs.
- Browse securely. You will be connected to the fastest available server to surf the web anonymously and securely.
What is a Multi-hop or Double VPN?
As the name suggests, the feature enables users to route their traffic through two VPN servers instead of one. In this way, traffic encryption happens twice (once on each server), thus providing an extra layer of security for your online activities. However, one significant difference from the regular connections is that even in the VPNs that support such a feature, not every server within the network is suitable, so your choices are limited to those nodes that can be paired together.
Multi-hop connections are not the industry standard by any means. Most VPNs do not support it. The reason behind that is that the demand for this feature tends to be low because the additional layer of encryption and routing times cost something in connection speeds. In other words, its connections are significantly slower than regular single ones. Also, double VPN connections demand more resources from the provider, which also plays a role.
Double VPNs come at a cost to the network and the user; that much is clear. Nevertheless, the multi-hop feature is a valuable service for a particular user who must ensure their privacy and security are guaranteed at all costs.
For example, suppose you are a political activist, especially of the dissident kind, working in a repressive country; you could also be a journalist writing on sensitive topics that could awaken a giant’s anger, or you are a whistleblower passing on sensitive information to third parties. Those three cases are the most obvious scenarios in which double VPNs are critical in keeping a user safe from potential enemies, but they’re not the only ones.
So, are multi-hop connections an option for you? Answering that question requires you to know the pros and cons first. Let’s see them.
Multi-hop VPN connections: The advantages and disadvantages
Most VPNs offer added features that enhance a user’s security, such as kill switches, leak protection, and malware blockers. So, multi hop is not a compulsory feature for a network to be a regular (even a premium) VPN service.
A good VPN always performs two services for you: traffic encryption and IP masking; any additional advantage is welcome but not vital. Thus, its connections are not on any provider’s “must-have” list. We’ll see why in this section, but let’s start with the positive side of the coin.
Double VPNs: The advantages
Multi-hop connections enhance security, privacy, and anonymity. How they achieve that goal is an advantage in themselves.
- Double encryption. Each server in a multi-hop connection encrypts the traffic in full. A single AES-128 encryption stage is impossible to crack with the current technology. Two stages of AES-256 encryption make the traffic utterly impossible to decipher.
- Extra IP.Ā The server hides your IP address from the world in a single VPN connection and assigns you a new one. This happens twice in a multi hop, so your IP address is twice removed from the world.
- Keeping your ISP in the dark. If your ISP is interested in your online activities (which it shouldn’t be), he won’t be able to know anything about what you’re doing. The internet service provider will know that all your traffic is directed to a single node on the Internet (your VPN server). But it won’t understand what your traffic is about, what sites you are visiting, or anything else.
- Hidden whereabouts. Any mildly competent hacker can figure out your location from your IP address. In a double VPN connection, any third party will think you are at the second server’s location, which is typically very far away.
- Protocol combinations. If double encryption still seems insufficient, you can set up your double connection so that one server uses TCP within the OpenVPN protocol and the other uses UDP.
- Bypass censorship. Even the most liberal countries in the world impose some restrictions on their domestic internet access, not to mention China, North Korea, or other jurisdictions where the lack of online freedom is notorious and world-famous. Single VPN connections allow you to circumvent those restrictions. It ensures that it can’t be traced back to you.
The disadvantages of Double VPNs
Double VPNs are an extreme security measure. As such, they’re not meant to be the default mode of any user. That’s why so many industry players do not offer it –and have no intention to change their minds. Also, the decision-makers in the VPN world consider that single VPN connections are good enough for any task in terms of security.
Furthermore, they are versatile enough to serve activities such as torrenting or unblocking streaming websites. Thus, in their minds, a multi hop is overkill, an enhancement of a service that perfectly meets its purpose.
While we also consider that those multi-hop connections are for paranoids for the most part (though we have mentioned three cases in which the paranoia is justified), if you decide that doubling down on security is your cup of tea, go right ahead. Just keep in mind that there’s a price to pay.
- Loss of speed. The most evident cost you’ll have to pay for a multi hop comes in lower speeds when connected to a VPN. Even a single connection reduces connection speeds because encryption and traffic routing take time and computing power. If you add another VPN stage, things slow down so much more. In addition, if you want to transfer large files, use your BitTorrent client, or see streaming videos, the chances are that the multi-hop will not be optimal for your user experience.
- No Tor over VPN. If you have ever used Tor to protect your security, you already know that navigation speeds in the Tor network are low. You can double down on security by launching your Tor browser over a single VPN connection. Adding a further VPN layer will make snail races look exciting.
- Resource intensive. Double VPN connections mean more work for your device, not just your VPN provider. Your battery will drain quickly, and the other tasks on your device will slow down. If you can be plugged in, that’s not a problem, but if you’re on the go (which is the point in mobile devices), you won’t be able to be online for long.
- Server choice. As far as we’ve seen in most VPN networks, the server list for multi-hop users is much smaller than the regular list. Also, you can’t choose each server separately. Instead, you must choose from a list of already paired servers.
So, the primary drawbacks of double VPNs are inefficient speeds and battery use. Your dual connection may be manageable if you have an astonishingly fast internet service provider. On the lack of variety of server choices, most of the available pairs are located in the countries where the servers are most useful for almost every task (the US, UK, Netherlands, etc.), so lack of choice does not translate into a lack of flexibility.
Double VPN: How does it work?
If the idea of any VPN is to encrypt your traffic and hide your IP address, what you want for your multi-hop service is to do that twice. You could do this three, four, or more times.
However, doubling a VPN connection is already so redundant, decreasing functionality so much that going triple or quadruple is pointless. Furthermore, securing a connection against God’s angels’ best computer won’t help if the speeds are so slow that you can’t even check your email.
Let’s improve our understanding of multi-hop connections by knowing what happens in a single scenario. It goes like this:
- Your local VPN app (or Chrome extension or router if it’s VPN-enabled) encrypts your outgoing traffic and sends it to your VPN server.
- The server decrypts your traffic.
- The server then sends your unencrypted traffic to the designated target. This target sees your IP address as the servers’.
- The exact process occurs backward as you get your answer from the target.
So far, so good? Ok, so here’s how it goes when you double down on your VPN connections:
- Your local VPN app (or Chrome extension or router if it’s VPN-enabled) encrypts your outgoing traffic and sends it to your VPN first server.
- The first Server encrypts your traffic again (instead of decrypting it) and hides your IP.
- The first server sends this traffic to the second VPN server.
- The second server sends your traffic to the wanted target after decryption.
- Then, the process repeats itself in the opposite direction, bringing you the target’s answer.
So, if everything is done correctly, your traffic is encrypted twice, and your target never sees your IP address or the first server’s. Instead, it will think all traffic originates in the second server.
But beware of some VPN providers claiming to give you multi-hop connections that do not encrypt your traffic twice. Instead, those services will decrypt your data twice. In this scenario, your privacy is not enhanced but emperiled because a successful attack against only one of the servers is enough to intercept all your traffic. But your IP address will remain hidden after the first VPN server if that’s any consolation to you.
Are Multi-hop connections safer than regular single VPN connections?
Yes, double VPN connections are always safer than regular ones. This remains true even if your VPN does not encrypt your data twice. Even in that scenario, your IP is masked twice. Moreover, the encryption process makes a brute-force attack useless even when not stacked.
Double split is yet another reason why multi-hop connections are much safer. By “double split,” we mean this: the VPN server knows your IP address and destination in a single connection. However, in the double connection, neither server knows everything. One knows your IP address but not your destination. The other one knows the destination but not your IP address. So, even a successful attack against either server can’t get all the information necessary to locate you or determine your actions.
However, in the final analysis, your double VPN connection is only as safe as your VPN. For instance, a no-logs policy is more critical to protect your privacy than a double connection if a government forces your provider to give up its logs. If your provider doesn’t stick to the no-logs practice, there’s no reason to use a double connection.
And this is precisely why one of the most important things to do regarding your digital security is to choose the correct VPN vendor — in this regard; policies are as important as technology. So, it would be best to always look for a VPN service that’s been audited independently and whose policy has been held up in court. The first requisite narrows down the provider choice because only OpenVPN has been audited extensively from all the VPN protocols open in the industry.
Another thing to look for in a VPN provider is RAM-only servers. These machines are inherently incapable of logging traffic because all their data is volatile, evaporating into oblivion as soon as the active session goes offline.
Other factors to keep in mind include safety against IP leaks, a good kill switch, and the parent company is in a privacy-friendly jurisdiction — this is a rare case in which banana-republic-based corporations are preferable to those based in the most advanced countries of the world.
When do you need a Multi-hop VPN?
Your grandparents probably never looked back at their lives, wondering why they didn’t use a multi hop with regret. Maybe you won’t, either. But let’s not forget that their world was different and that digital security is paramount today.
If you come to a point where you must regret it, it’s already too late, and the consequences can be exceedingly grievous. So here are a few scenarios in which using a double VPN is a good idea:
Public WiFi hotspots
Do you love to go to your nearest public WiFi hotspot and do your day’s work while you enjoy your favorite meal or hot beverage? The hackers love it, too.
Unfortunately, public WiFi hotspots are notoriously unsafe. Here is where you broadcast all your information to the world. It doesn’t mean there is no encryption. But the encryption is trivial to crack, so hackers can collect your traffic and save it for later analysis.
If you’re not on a VPN, they can track all your online steps, and if you log into any critical account through the WiFi hotspot, they’ll learn your passwords and usernames. In everyday situations, few are as dangerous for your safety as public WiFi spots.
Fortunately, a VPN connection will keep you safe even against the most skilled hackers. Is a double VPN twice as good in this situation? No. It’s exponentially better.
Steering clear of surveillance
Governments keep an eye on their citizens. Yes, it happens everywhere to some degree. So why allow your government (or a foreign one) to discover everything you do online? Double VPNs will thwart any effort by a third party to surveil you and know if you’re visiting blocked websites, downloading illegal content, or going against the status quo in any way.
Activism or journalism
If you are writing about sensitive topics or taking economic or political action against the powers that be, you can rest assured that there are people worldwide who would like to see you fail. Why give them that pleasure? Suppose you protect yourself, your collaborators, your family, or your sources with a double VPN. In that case, you will have extra security and access to web resources unavailable to regular users in your country.
When is a Double VPN not needed?
A VPN will slow your speed because your traffic is rerouted to an intermediary server, and your data travels further. The situation becomes worse when a second encryption layer is added.
Therefore, data-intensive activities like streaming, gaming, and torrenting may not require the additional protection layer.
Streaming Geo-Restricted Content
Multi-Hop VPN is unreliable when accessing regionally restricted content like Netflix, Spotify, and HBO GO. Streaming online content requires a speedy internet connection. However, using a double VPN will cause the stream to buffer as it directs your traffic to multiple servers before connecting to the streaming site.
Moreover, its servers are available in a few locations. Server coverage is vital for streaming as it allows you to access content exclusively restricted in various regions.
Torrenting activity
Torrenting is a common way to download content online. Double VPN uses two or more hops between your home computer and the VPN server to enhance online privacy, which is necessary when downloading torrents.
Also, a VPN helps hide your IP address from the torrent swarm, cipher your P2P traffic, and conceal your torrenting activity from your ISP. However, the extra rerouting of your data can cause slow internet speed, resulting in lags and buffering.
Gaming
Gaming online requires sufficient internet speed to maintain a connection to the server and avoid delay. A VPN will enable you to access games in other regions and keep you safe, especially when playing multiplayer games. However, a multi-hop will double the number of pings as it routes the traffic to another server, which isn’t good for gaming.
Double VPN and VPN over VPN – What is the difference?
Double VPN connections and VPN over VPN connections are very alike for the most part. In both cases, you are using two VPN servers instead of one. The difference is this: double VPNs use two servers maintained by the same provider. VPN over VPN uses two servers, each from a different provider.
So, the difference seems negligible, but that slight difference can make a huge difference. For example, suppose your VPN logs your data, and a law enforcement agency raids its servers and grabs all the stored user data. If you use two servers in this network, all your data (IP address included) is there for the law to see.
A VPN over a VPN is different because none of the two servers has enough data about you to complete the whole picture. One server will know your IP address and destination, but none will know both. So, the VPN over VPN option ensures that no external party can get any incriminating information on you.
Of course, a VPN over VPN connection means that you must pay for two VPNs at the same time to be more expensive. But if you value your security enough, then the additional cost is worth it because it allows you to keep your eggs in different baskets — almost literally. In this regard, choosing VPN vendors from different countries would always be best.
However, technical complications may arise when setting up a VPN over a VPN connection. Most providers do not design their software with another VPN in mind, so launching different VPN clients simultaneously can be tricky. More on that after the next section.
Which is safer: Double VPN or Tor over VPN?
Both are reliable security features that serve different purposes. For example, Double VPN routes your traffic through two servers, encrypting it twice. This adds an extra security layer to your connection. On the other hand, Onion/Tor over VPN improves your security when accessing the Tor/Onion network.
Tor over VPN can mean two things. One, you can use a VPN and the Tor (Onion) browser to increase your safety when accessing Onion sites. Two, āOnion/Tor over VPNā can be a VPN’s built-in feature that provides extra protection when using the Tor browser (Onion Network).
The combination of the VPN and the Onion Network is more secure as it encrypts your traffic twice. Conversely, Tor over VPN routes your traffic through multiple Tor Nodes and a VPN, encrypting your data four times. As a result, your connection becomes more anonymous and less susceptible to traffic correlation attacks. Many āhopsā and ānodesā make it harder to identify your traffic origin.
Onion/Tor over VPN gives you more options when choosing a VPN, as almost all VPNs can work with the Tor Browser. This differs from the double VPN feature, as only a few VPNs offer it, limiting your choices.
Best services with multi-hop today
VPNs used to be a tool for the nerdiest among us. However, as the public interest in online privacy and security has exploded over the last few years, many more users started getting a VPN service. Thus, the market is overcrowded now, and picking the best VPN for your needs is difficult. It takes time, attention, and a bit of expertise.
We want to save you the hard work, which is why, in this section, we will tell you about the three best VPNs that we tested and known to be excellent for having a double VPN feature for the clients who want it.
1. NordVPN
NordVPN is our favorite VPN vendor for any task at all. Period. Its service is fantastic, versatile, and cost-effective. It does everything a great VPN should do for you, including much more. The VPN offers multi-hop in macOS (the OpenVPN version), Windows, and Android apps. Enabling the feature requires only a click.
Another perk of NordVPN is the native support for Tor over VPN, one of the security methods we mentioned earlier. This is great for users who want to use the Tor network but are not too expert.
2. Proton VPN
Proton VPN includes the “Secure Core” feature that allows you to establish multiple VPN connections.
When you activate the option, you’ll connect to a server in a privacy-friendly jurisdiction. Then your traffic goes to another country, a more problematic one regarding internet regulations, surveillance, and restrictions.
Secure Core is available in ProtonVPN’s Android and Windows apps. You can also set it up by hand if you’re on Linux, iOS, Android, or macOS.
3. Windscribe
Windscribe offers a “double hop” feature, which is nothing but a double VPN feature.
Only desktop users can use the option but without specialized servers. Instead, Windscribe suggests that users establish VPN connections simultaneously using its browser extension with the client software.
The limitation of that arrangement lies in that the double feature protects only the browser’s traffic. The rest either goes through regular traffic or a single VPN connection.
Creating your own double VPN setup
There is a very slight chance that all you will need to do to have a VPN over VPN connection working correctly will be to launch the first one (it will know your IP address), then the second one (it will know your traffic’s target). While this is possible, it’s not very likely. You will often have to tinker around a bit to get things going.
If nothing works after launching both VPNs, it could be because of a conflict between security protocols. You can resolve this problem by ensuring each service uses a different protocol. For instance, if you have OpenVPN on one server, pick IKEv2 for the other.
If you already configured each VPN to use a different tunneling protocol and your connection remains useless, you can install each service on a different device. This will work fine if the issue arises from each VPN’s virtual network cards.
So you don’t have many devices to play with, we hear you say? That’s not a problem. You can still try two different strategies.
Many good VPN services can be installed directly into your home router. This guarantees that the VPN will protect all the traffic in and out of your home or office through the router. Once that bit is ready, you launch the other VPN on your device, and everything should be peachy.
The other option is to set up a virtual machine. So, in this scenario, you launch one VPN in your regular environment and the other inside the virtual operating system. In this case, everything should go smoothly, too.
Lastly, there is another option but with a limited scope. Many VPNs make their network available through a browser extension. So you could set up a VPN for regular use, then launch the extension within your browser. However, it only protects your web traffic; the rest will go through a single VPN connection.
Maximizing your protection with additional VPN features
We already explained why a double VPN connection itself guarantees nothing. If other variables do not line up, you remain exposed (albeit in a fancier manner). The most critical additional feature is that your provider must not keep any logs or have an affiliation with governmental agencies. Also, the VPN network itself must be secure.
Then, there are other desirable VPN features that you should require. A good kill switch is one. The kill switch shuts down all your traffic when your connection to the VPN server is lost, preventing any IP leakages.
FAQs
A Tor browser over a VPN connection is safer than a double VPN. The reason is that the Onion network routes your traffic through many nodes in the network, three nodes at least. So in Tor, the chain is longer, making it safer.
Yes, they can be traced. VPNs aren’t magical invisibility cloaks that can make you utterly invisible on the Internet. VPNs won’t hide their traffic from ISPs and other snoopers without obfuscated technology. However, the fact remains that a good VPN service will significantly enhance your online privacy, security, and anonymity.
In the best-case scenario, if you run two VPN clients simultaneously on the same device, your traffic will be encrypted twice, and your IP address will be masked twice. But this is unlikely. The most probable result is that both VPNs work in parallel, not serialized. Unfortunately, this is terrible news because both VPNs will work incorrectly, so you must be careful. If you want to set up a double VPN by hand, the shortest path is to set up a virtual machine, then run a VPN client inside the virtual machine and the second one on your regular environment.
