What is Double VPN and Should I Use It?
Today, more people and devices than ever before are connected to the internet. But as this global connection grows, so too do the constantly evolving cybersecurity threats that are out there.
Much security software and infrastructure has been developed to combat the ever-increasing threats to your online privacy and security, including VPNs and double VPNs.
If all the different VPNs options have you confused, don’t worry. We’re about to break down all there is to know about VPNs and double VPNs.
What is Double VPN?
The original double VPN was just two virtual networks chained together. Out of that idea came today’s double VPN. Before diving into double VPNs, however, it’s important to understand the basics of VPNs (Virtual Private Networks).
With a VPN, an encrypted tunnel is created between your computer and the VPN server. All of the traffic you send is first encrypted by your VPN and then routed through this tunnel to the VPN server. A double VPN adds another secure tunnel and VPN server to the equation.
If your VPN normally offers AES 256-bit encryption, using a double VPN does not mean that you now have 512-bit encryption. Rather, using a double VPN just means that your traffic is re-routed (and hopefully, encrypted) twice.
While there are different types of double VPNs, the basic idea is that of using two (or more) secure tunnels together. A connection is first created between your computer and the VPN. Then a second encrypted tunnel is established between the first and the second server.
Ideally, all your traffic is then encrypted and re-routed through both these secure tunnels, consecutively. This is what is known as VPN server cascading – the core idea behind double VPNs. With a double VPN, your real IP address gets masked twice instead of just once.
Multi-Hop VPNs are another form of VPN server cascading and have become synonymous with double VPNs. With a multi-hop VPN, you aren’t restricted to just two simultaneous VPN connections, but can actually have multiple VPN connections at the same time.
True to its name, a multi-hop VPN sends your traffic hopping through multiple servers before it exits onto the public internet. Instead of two servers, your traffic can pass through three or four servers –each additional server adds a new layer of encryption and another IP address.
Multi-hop VPNs can be broken into two types: the “cascade” variety and the “nested chain” option.
A “cascade” configuration uses one primary VPN service and two or more of the service’s VPN servers. At every hop, your IP is changed and your data decrypted and then re-encryptedbefore being sent along.
The second type of multi-hop VPN setup is a “nested chain” in which two or more different VPN services are used, with an assortment of locations. A “nested chain” offers stronger protection against a VPN service or server that may be compromised.
“Nested chain” setups are not offered by individual VPN providers, but rather, require set up by a tech-savvy individual. This configuration actually requires running one VPN on top of another, a topic we’ll discuss in the next section.
Can You Use a VPN on a VPN?
Yes, you can use a VPN on a VPN. In fact, you can either use one VPN on your router and one on your device, or one on your device and run the second on a virtual machine on that same device.
Whichever of these setups you choose, we recommend using two different VPN providers for maximum security.
Want to use a VPN on a VPN and create your own double VPN? Here’s how:
- Install a Virtual Machine on Your Computer/Device: Get a copy of a free virtualization tool (i.e. Hyper-V, Virtual Box) and use it to install a second operating system on a virtual machine. The operating system of your computer and the virtual machine do not have to be the same.
- Install your VPN on Both Systems: Install your VPN on both your computer/device and your virtual machine. As this may count as two devices according to your provider, make sure you have not exceeded the number of devices supported by your VPN.
- Establish Your Own Double VPN: Launch your VPN and connect to a server in one country. Then turn on your virtual machine. If you use ExpressVPN’s IP checker within a browser on your virtual machine, you should see the location of the first server as that of your IP. Next, launch the VPN on your virtual machine and choose a server in a different country.
- Use Your Double VPN: Now any traffic sent from the virtual machine will travel through the first VPN server and then the second VPN server – a VPN on a VPN.
Opinion over VPN vs. Double VPN
Maybe you don’t have a VPN but want enough privacy so nobody knows if you are making requests, and to which sites those requests are made. This is where onion routing becomes useful. Onion routing is a technique used for anonymous communication over a network.
In an onion network, your traffic is encrypted repeatedly at the start and sent through a bunch of servers called onion routers. Each onion router receives an encryption key and peels a layer of encryption from the message before sending the message to the next router.
When your message reaches its destination server on the internet, the request is processed and sent back through the same nodes in reverse direction. Each onion node encrypts the message, and it returns to your computer in the form of a multi-encrypted response.
Only your computer can decrypt the response message, as only it has access to all the keys. Moreover, the intermediary servers in the network have no idea of the message’s origin, destination, and contents.
Onion over VPN is a privacy option offered by NordVPN which uses an onion network without the need for the onion browser (normally required). Simply connect to an Onion over VPN server so all your traffic is routed to the VPN server and then through an onion network.
If you first connect to a VPN, and then Tor (“The Onion Router”), you get all the benefits of Tor, with the added safety bonus that no Tor server will be able to see your home IP address. Because Tor is a completely decentralized network, and anybody can become a node, this is an important feature.
Moreover, the government and your ISP will easily notice if you access the Tor network. By using a VPN with Tor, you will not get flagged by your ISP or the government for using Tor– all your home network “sees” is encrypted traffic to your VPN server.
While a double VPN and Onion over VPN may appear to be the same, there are in fact nuanced differences between the two.
When using a double VPN your traffic is encrypted by the first VPN server, routed to the second VPN server, decrypted therein and then re-encrypted before exiting the tunnel.
With Onion over VPN, your traffic is first encrypted by the VPN, then undergoes multiple layers of encryption, and is then sent through the onion network and its maze of servers. The traffic you send and receive may have many layers of encryption at any given moment, not just one.
Therefore, unless you are at risk of surveillance by an autocratic government, or you can’t afford even the slightest of data leaks, a double VPN should provide plenty of security for all your internet needs.
Benefits of Double VPN
The primary benefit of a double VPN is the added anonymity protection it provides. Anyone monitoring the traffic on your home network will only see the first connection to the VPN server, but will not know the IP address of your destination.
Additionally, the second VPN server will not know your real IP address since it will be hidden by the first VPN server. Even if this second VPN server is compromised, there is virtually no way for your traffic to be traced back to you.
The ability to bounce your traffic between servers in different geographical locations is a huge benefit to anyone wishing to avoid severe government censorship.
Perhaps you’re in China and want to access YouTube. If you connect to a server in Israel and then through a second server in the US, anyone watching your traffic in China will think you’re accessing Israeli sites, and anyone doing similarly in the US will think you are in Israel.
A double VPN is also useful if you are in a country that only allows connections to a domestic IP address and you need to circumvent censorship. First, connect to a server in that country and then select another server outside the country through which your traffic will exit.
A double VPN also protects you against more sophisticated attacks, like traffic correlation attacks [in which the metadata of incoming and outgoing traffic is processed to reveal your actual IP]. The multiple hops from server to server provide layers of anonymity that help protect your online identity.
With every hop, the new VPN server only gets the previous VPN server’s IP address. The ISP or a malicious party can identify the initial IP that connected to the VPN, but they have no way of knowing onto which server the traffic exits.
Therefore, in order to compromise your anonymity by traffic correlation, all VPN servers would need to be monitored, and a guess would have to be made as to which exit node [gateway via which encrypted traffic reaches the unprotected internet] you are using.
Even if an attacker gains physical access to the VPN server and attempts a de-anonymization attack – an attack intended to decipher users’ identities – the cascade connection protects you against this sort of attack.
Your traffic is encapsulated with an additional layer of encryption for each hop it makes. As such, no traffic, even if it is leaked, can be read or correlated with incoming traffic that may be observed.
The attacker may see the encrypted outgoing traffic to the next VPN server, but he or she can’t tell whether this is an intermediate VPN server or the final server or node before it exits the “chained” tunnel of VPNs.
To be successful in intercepting and decrypting this sort of multi-hop “cascade” traffic, the attacker would need to gain physical access to all servers used simultaneously. Such an attack is relatively impossible if the hops occur in different countries.
Do I Need Double VPN or Is My VPN Enough?
There is no question that a double VPN provides additional protection for your identity and privacy. Some say it’s overkill, while others believe it to be the next big thing in personal data privacy. The truth, however, lies somewhere in the middle.
For the average user, a multi-hop VPN is neither necessary nor worth the common performance tradeoffs. A standard, single-hop, VPN, with strong encryption, DNS leak protection, and other privacy tools (malware protection, ad blocker, etc.), will provide plenty of security.
Double VPNs are usually only offered by the most comprehensive, top-level VPN packages. These VPN options also tend to be the most expensive, making a double VPN an expensive feature.
When using a normal VPN there is sometimes a speed penalty that results from a few sources. First, there’s the extra distance that your traffic needs to travel to reach the VPN server – any network slowdowns along the way will cause additional performance issues.
The process of encryption and decryption also comes with significant computing overhead. This demand can also result in a reduction in speed. When you use a double VPN, you double up on the VPN servers used, and therefore, you double your risk for these potential slowdowns.
In fact, there is almost always a significant drop in speed when using a double VPN. Your traffic is encrypted and decrypted with each VPN server hop, and the geographic distance between servers is often large.
Before subscribing to a VPN with a double VPN, make sure your default connection is fast enough.
The additional anonymity offered by a double VPN is unquestionable. However, from a security standpoint, the double-encryption of data by a double VPN is excessive. A brute force attack would require about one billion billion years to crack an AES 128-bit encryption.
However, if your complete anonymity trumps all your other needs, the advantages of a double VPN certainly outweigh its disadvantages.
Althougha standard, single-hop VPN is suitable for most people, attacks correlating incoming/outgoing traffic may still be possible, putting your anonymity at risk.
If you choose to go with a VPN offering chained VPN connections, it’s important to understand that not every VPN provider offers a fully encrypted cascade.
Many providers offering a double VPN will just forward your traffic to another VPN server without an added layer of encryption. You’ll still be vulnerable to the traffic correlation attacks mentioned above. That’s why it’s important to ask VPN providers exactly how their double VPN works.
Best VPNs for Double VPN
As you now know, not all double VPNs offer the same level of privacy protection. For that reason, if a double VPN is what you’re after, it’s important that you choose a VPN offering the best double VPN connections.
The majority of VPN providers do not offer double VPNs. VPN providers are registered companies and are thus required by law (in most areas) to keep logs and records of their clients’ actions. This may seem at odds with the no-logs policies offered by many VPN providers.
If a VPN provider wants to provide a double VPN option, they must create a new system to track and log user activity on dual VPN connections. At the same time, the logs have to be undecipherable to outside parties, in order to uphold the “no-logs” claim.
When a provider has a strict no-logs policy, it means that they keep no identifiable logs. In the event that the authorities force them to hand over their servers and their logs, nothing could be taken or deciphered from them.
Some companies are even based in remote areas in an attempt to avoid government intervention and surveillance, making these companies less vulnerable to such events (which increases the security of your data).
The effort and care that a VPN provider expends when offering a double VPN – largely in order to stand by their “no-logs” claim – is an important factor in choosing a VPN.
With the top-rated VPNs below, you’ll have access to a double VPN, in addition to an already outstanding collection of privacy protection tools.
It’s no wonder why NordVPN is our overall top-rated VPN. It offers a nearly perfect combination of speed and security features across an enormous global server network.
Not only does NordVPN have a reputable no-logs policy, but they are headquartered in Panama. This provides additional protection against any government or ISP which may wish to gain access to their logs.
NordVPN uses military-grade AES encryption and offers a CyberSec feature that blocks malware and malicious ads. An automatic kill switch keeps your location hidden no matter what, and SmartPlay mode gives you one-click access to video streaming.
If that isn’t enough, NordVPN’s Double VPN feature is among the simplest and most effective offered by premium VPN providers. It’s also available in their Android, MacOS, and Windows apps.
NordVPN also offers Onion Over VPN if you need an even higher level of internet privacy. With Onion Over VPN, using Tor is easier and more secure than ever before. If you live or work in a country with extreme government surveillance and censorship, NordVPN is a great choice.
NordVPN’s 30-day money-back guarantee makes trying this top-of-the-line VPN easy and worry-free.
Surfshark is a relative newcomer to the VPN scene, but has already proven itself to be a top provider. Coupling great speed with a number of advanced features, this VPN provides smooth streaming, easy torrenting, and safe browsing.
Surfshark’s constantly expanding network includes 500 servers in 50 countries. While many VPN browser extensions have known security concerns, Surfshark’s extensions will never put your privacy or data at risk.
On top of it all, Surfshark offers its own double VPN option aptly called MultiHop. Not only is MultiHop accessible with a few simple clicks, but it works with Surfshark’s Windows, macOS, iOS, and Android apps.
While double VPNs often reduce the speed of your connection, MultiHop can actually improve your speed. If you wanted to access US Netflix from Taiwan, you could choose a pairing that first connects to a server in Singapore and then to a server in the US.
Your connection to the first server (in Singapore) will be at regular speeds. The long-distance hops between the Singapore and US servers will be handled exclusively by Surfshark, and the overall connection may be faster than if you connected to a US server directly.
If you’re still not convinced, you can take advantage of Surfshark’s 30-day money-back guarantee to take it for a test run, risk-free.
Conclusion and Further Reading
While double VPNs are sure to offer additional anonymity protection for those that really require it, a single server VPN from a premium provider will go above and beyond most users’ needs.
However, if you think a double VPN is necessary for your job or online activities, it’s important to first check that your default internet connection offers sufficient speeds. For ease of use and reliability, we recommend signing up with NordVPN.
You can’t go wrong trying out either VPN. Both VPNs provide elite privacy, data protection, and double VPNs. Moreover, both NordVPN and Surfshark offer a bundle of other advanced features and tools that are sure to enhance your online experience.