VPN with Tails: The Basics You Need to Know

VPN with Tails — The Basics You Need to Know

In a world where malicious entities can intercept important data, it is necessary to have the right tools to keep you safe while using the resources of the internet. One such tool is Tails, a Linux operating system that promises to keep you anonymous while you’re online. 

A Virtual Private Network (VPN) is another tool that has additional security and privacy features to keep you safe and protect your privacy. Using a VPN in combination with Tails can prove to be a formidable defense against data exposure. This article seeks to inform you about the essentials you need to know about this combination. 

What Is Tails?

The Amnesic Incognito Live System, otherwise known as Tails, is a Debian-based Linux distribution whose focus is on security and privacy. This open-source operating system works hard to ensure that its users are safe and secure while using it. In order to achieve this, Tails enforces a rule that makes all internet traffic (outgoing and incoming) pass through Tor (The Onion Router)

It also blocks any internet traffic that doesn’t go through Tor to maintain the anonymity and privacy of its users. Using Tor allows internet traffic to move through multiple nodes/servers before reaching its destination. Each time data moves through a node, the source and destination IP addresses change until it gets to its final destination.

Tails was initially released in June 2009. The Tor Project was one of the early financial supporters of the Debian-based OS. It comes with pre-configured applications and doesn’t interact with the operating system on your device (except explicitly configured to behave otherwise). This prevents it from leaving any evidence of its existence on your operating system once you finish using it and restart your system. You can easily set it up on your computing system as you can boot it through a USB stick or disk drive. 

How Secure Is Tails?

Tor works hard to ensure that you maintain anonymity, but it doesn’t entirely protect your data. It encrypts your data as it moves through the Onion network but leaves it unprotected once it exits the last node. While anyone spying on your network will not be able to see the contents of your data as it moves through multiple nodes, they can successfully have access to your data if they know the last node it exits. So Tails by extension only protects you if the exit node your data moves through is unknown to malicious entities. 

However, even if anyone intercepts your data, they cannot trace it back to you or know your location, except it can point them in that direction. Also, Tails’ browser does not have DNS leak or IP leak protection which can lead to the exposure of your IP address and location. Using Tails encourages anonymity, but in terms of security and privacy, using a VPN trumps it. 

Benefits of Using Tails

Due to the fact that Tails mainly uses the Tor network, it mostly has the same benefits as using the Tor browser on your device. Let’s take a look at a few of these benefits. 

1. Little Or No Configuration: You can easily boot Tails from a USB drive or external disk drive, and it requires little or no configuration to set it up. Also, its ability to route all network traffic through the Tor network comes pre-configured; you don’t need to configure it before it does this. 

2. Maintains Anonymity: Using Tails allows you to remain anonymous doing any activity on the internet since it uses Tor and blocks any application that refuses to connect to the Tor network. It also encrypts persistent storage on the USB or external disk drive you use. Tails does not write data to the host computer’s hard drive and deletes any data in memory during the shutdown process, except you configure it to do otherwise. For example, there will be no trace of its existence after you shut down if you’re using it on someone else’s computer. 

3. Secure Applications: Tails comes pre-configured with secure applications to prevent mistakes or applications leaking your data. Tor Browser, Thunderbird, OnionShare, LibreOffice, and KeePassXC are examples of such applications. 

Using a VPN With Tails

A VPN is a brilliant tool you can use to protect your privacy and anonymity; it creates a secure pathway for your data from your device to its destination. It is also feature-rich and usually has multiple security and privacy features. Unlike when you use Tails, a VPN encrypts your data till it reaches its final destination. There are two primary ways you can use a VPN in combination with Tails. 

Tails (or Tor) Over VPN

Using this method requires you to connect to a VPN server before using Tails. It is basically the same as Tor Over VPN. The main benefit of using this method is that it prevents the Tor network from seeing your IP address in the case of any compromise. Many VPNs are not compatible with Tails OS, and the Tails team does not recommend using a VPN with the operating system. So the best way to use a Tails over VPN is to use a pre-configured VPN router or configure a VPN on your router and connect to it. 

Connecting to a hotspot connection on a mobile device with a VPN application running on it will also work. Doing it that way allows all internet traffic to first go through a secure VPN server before going through the Onion network. It helps bypass censorship if your ISP does not allow Tor usage. The only major disadvantage of using Tails over VPN is that the Tor exit node remains vulnerable to attacks, and anyone monitoring it can see your data. 

Pros of Using Tails Over VPN:

1. You have access to services and features of the Tor network. 

2. You can bypass internet censorship in regions where ISPs block access to Tor as they cannot see beyond your VPN connection. 

3. The Tor network cannot see your IP address, only the VPN server’s IP. 

Cons of Using Tails Over VPN:

1. Your data becomes vulnerable to attacks as it leaves the Tor exit node. 

2. If the VPN network gets compromised, this will put you at risk of data exposure. 

VPN Over Tails (or Tor)

Using this method means connecting to a VPN server after connecting to Tails (or Tor). VPN over Tails ensures that the Tor exit node is no longer vulnerable as the VPN service stands between the exit node and the final destination of your data. This means anyone monitoring the exit node cannot see your data as the VPN service encrypts it. While this method allows you to access sites that block Tor exit nodes, it prevents you from accessing websites that are exclusively on Tor. This is because traffic moves from the Onion network to a VPN server before reaching its destination. 

VPN over Tails might seem like the better option, but the configuration process is usually complicated. You will need to subscribe to a VPN that supports OpenVPN, download certificates, and create configuration files. For the majority of internet users, it is a complex process. Also, any compromise in the Onion network can lead to IP address leaks. In any case, Tails over VPN or VPN over Tails, using a secure VPN service that doesn’t store logs will maintain your privacy and anonymity.

Pros of Using VPN Over Tails:

1. You have access to services and features outside the Tor network. 

2. You can bypass internet censorship in regions that allow access to Tor.

Cons of Using VPN Over Tails:

1. You don’t have access to services and features on the Tor network.

2. Your IP address will be exposed if the Tor network gets compromised.

How To Set Up a VPN Using OpenVPN on Tails

Using a VPN with Tails can be tricky, as the configuration process might be too complex. Due to the complexity of setting up VPN over Tails, we will look at the configuration process. 

Configuring VPN Over Tails

Follow these steps to configure a VPN to work with Tails once you install it and enable persistence storage. 

1. Get a VPN Subscription

Register or subscribe to a VPN service that supports OpenVPN because this configuration only works with OpenVPN. Note that you should know your service credentials (username and password) as you will need them later on.

2. Download the OpenVPN Configuration File

Most VPN services usually have an OpenVPN configuration file (.ovpn) you can just download. Once you’ve downloaded the configuration file, rename it “vot.ovpn”, create a folder called “vpn” in your persistent storage, and move the file to that folder. Also, you will need to extract the CA (anything between the <ca> and </ca> tags) from the OpenVPN configuration file, put it in a new file (name the file “vot-ca.pem”), and move the file to the same “vpn” folder. 

3. Download the vot.sh Script

The vot.sh script is a script that installs a copy of the OpenVPN client and uses it to connect to your VPN service provider via Tor. You will need to read the requirements and ensure you satisfy all conditions. Enter the following commands in your terminal to create a folder (“bin”) and a file (“vot.sh”)  to paste the contents of the script:

mkdir /home/amnesia/Persistent/bin

gedit /home/amnesia/Persistent/bin/vot.sh

Copy the script’s contents, paste it into the vot.sh file, and save it. Enter the following command to make the script executable after you exit the text editor. 

chmod u+x /home/amnesia/Persistent/bin/vot.sh

Launching VPN Over Tails

After the initial configuration steps above, follow these steps to activate your VPN over Tor connection.

1. Execute the vot.sh Script

Open a terminal window and enter the following to execute the script.

sudo ~/Persistent/bin/vot.sh

Enter your Tails password when you see the prompt. Once the script loads, it will request your VPN service credentials. Put in your credentials and wait until it stops scrolling.

2. Open a New Tor Browser Instance

Enter the following command to launch a new terminal window and a new instance of the Tor browser.

sudo -u vpnuser tor-browser –new-instance

This new Tor browser sends your data via a VPN server after it passes through the Tor network. You are likely to see some warnings/errors in the terminal while the new instance is active. 

3. Reconfigure the New Tor Browser Instance

You need to disable Tor’s SOCKS proxy and the “network.proxy.socks_remote_dns” configuration before you can use the new instance to access websites outside the Tor network. Follow the steps below to disable them. 

Go to “Preferences” in the Tor Browser menu and navigate to the “Advanced” section.

Select on the “Network” tab, click the “Settings” button beside “Connection,” and select the “No proxy” radio. Save the configuration.

Go back to the browser and type “about:config” in the address bar. Ignore the warning and continue.

Type “remote_dns” in the search bar below the address bar and change the value from true to false. 

Note that you might need to click on the arrow button beside the address bar after typing in the URL you want to reach instead of the enter key on your keyboard. You can stop the connection by exiting the Tor Browser instance and the script (use Ctrl-C). 


There is no single tool that gives absolute protection against data exposure, but combining different tools can get you close to that. Using a VPN with Tails is one of such combinations. Only use this combination if you’re sending very sensitive information or need absolute anonymity. This is because using either Tor or a VPN alone comes with a speed reduction. Their combination further results in a significant negative impact on your speed. We hope this article helps you understand the basics of using a VPN with Tails.