What is Double VPN and Should I Use It? | Updated for 2021
Today, more people and devices than ever before are connected to the internet. But as this global connection grows, so too do the constantly evolving cybersecurity threats that are out there.
Much security software and infrastructure has been developed to combat the ever-increasing threats to your online privacy and security, including VPNs and double VPNs.
If all the different VPNs options have you confused, don’t worry. We’re about to break down all there is to know about VPNs and double VPNs.
What is Double VPN?
The original double VPN was just two virtual networks chained together. Out of that idea came today’s double VPN. Before diving into double VPNs, however, it’s important to understand the basics of VPNs (Virtual Private Networks).
With a VPN, an encrypted tunnel is created between your computer and the VPN server. All of the traffic you send is first encrypted by your VPN and then routed through this tunnel to the VPN server. A double VPN adds another secure tunnel and VPN server to the equation.
If your VPN normally offers AES 256-bit encryption, using a double VPN does not mean that you now have 512-bit encryption. Rather, using a double VPN just means that your traffic is re-routed (and hopefully, encrypted) twice.
While there are different types of double VPNs, the basic idea is that of using two (or more) secure tunnels together. A connection is first created between your computer and the VPN. Then a second encrypted tunnel is established between the first and the second server.
Ideally, all your traffic is then encrypted and re-routed through both these secure tunnels, consecutively. This is what is known as VPN server cascading – the core idea behind double VPNs. With a double VPN, your real IP address gets masked twice instead of just once.
Multi-Hop VPNs are another form of VPN server cascading and have become synonymous with double VPNs. With a multi-hop VPN, you aren’t restricted to just two simultaneous VPN connections, but can actually have multiple VPN connections at the same time.
True to its name, a multi-hop VPN sends your traffic hopping through multiple servers before it exits onto the public internet. Instead of two servers, your traffic can pass through three or four servers –each additional server adds a new layer of encryption and another IP address.
Multi-hop VPNs can be broken into two types: the “cascade” variety and the “nested chain” option.
A “cascade” configuration uses one primary VPN service and two or more of the service’s VPN servers. At every hop, your IP is changed and your data decrypted and then re-encrypted before being sent along.
The second type of multi-hop VPN setup is a “nested chain” in which two or more different VPN services are used, with an assortment of locations. A “nested chain” offers stronger protection against a VPN service or server that may be compromised.
“Nested chain” setups are not offered by individual VPN providers, but rather, require set up by a tech-savvy individual. This configuration actually requires running one VPN on top of another, a topic we’ll discuss in the next section.
Can You Use a VPN on a VPN?
Yes, you can use a VPN on a VPN. In fact, you can either use one VPN on your router and one on your device, or one on your device and run the second on a virtual machine on that same device.
Whichever of these setups you choose, we recommend using two different VPN providers for maximum security.
Want to use a VPN on a VPN and create your own double VPN? Here’s how:
- Install a Virtual Machine on Your Computer/Device: Get a copy of a free virtualization tool (i.e. Hyper-V, Virtual Box) and use it to install a second operating system on a virtual machine. The operating system of your computer and the virtual machine do not have to be the same.
- Install your VPN on Both Systems: Install your VPN on both your computer/device and your virtual machine. As this may count as two devices according to your provider, make sure you have not exceeded the number of devices supported by your VPN.
- Establish Your Own Double VPN: Launch your VPN and connect to a server in one country. Then turn on your virtual machine. If you use hide.me’s IP checker within a browser on your virtual machine, you should see the location of the first server as that of your IP. Next, launch the VPN on your virtual machine and choose a server in a different country.
- Use Your Double VPN: Now any traffic sent from the virtual machine will travel through the first VPN server and then the second VPN server – a VPN on a VPN.
Onion over VPN vs. Double VPN
Maybe you don’t have a VPN but want enough privacy so nobody knows if you are making requests, and to which sites those requests are made. This is where onion routing becomes useful. Onion routing is a technique used for anonymous communication over a network.
In an onion network, your traffic is encrypted repeatedly at the start and sent through a bunch of servers called onion routers. Each onion router receives an encryption key and peels a layer of encryption from the message before sending the message to the next router.
When your message reaches its destination server on the internet, the request is processed and sent back through the same nodes in reverse direction. Each onion node encrypts the message, and it returns to your computer in the form of a multi-encrypted response.
Only your computer can decrypt the response message, as only it has access to all the keys. Moreover, the intermediary servers in the network have no idea of the message’s origin, destination, and contents.
If you first connect to a VPN, and then Tor (“The Onion Router”), you get all the benefits of Tor, with the added safety bonus that no Tor server will be able to see your home IP address. Because Tor is a completely decentralized network, and anybody can become a node, this is an important feature.
Moreover, the government and your ISP will easily notice if you access the Tor network. By using a VPN with Tor, you will not get flagged by your ISP or the government for using Tor – all your home network “sees” is encrypted traffic to your VPN server.
While a double VPN and Onion over VPN may appear to be the same, there are in fact nuanced differences between the two.
When using a double VPN your traffic is encrypted by the first VPN server, routed to the second VPN server, decrypted therein and then re-encrypted before exiting the tunnel.
With Onion over VPN, your traffic is first encrypted by the VPN, then undergoes multiple layers of encryption, and is then sent through the onion network and its maze of servers. The traffic you send and receive may have many layers of encryption at any given moment, not just one.
Therefore, unless you are at risk of surveillance by an autocratic government, or you can’t afford even the slightest of data leaks, a double VPN should provide plenty of security for all your internet needs.
Benefits of Double VPN
The primary benefit of a double VPN is the added anonymity protection it provides. Anyone monitoring the traffic on your home network will only see the first connection to the VPN server, but will not know the IP address of your destination.
Additionally, the second VPN server will not know your real IP address since it will be hidden by the first VPN server. Even if this second VPN server is compromised, there is virtually no way for your traffic to be traced back to you.
The ability to bounce your traffic between servers in different geographical locations is a huge benefit to anyone wishing to avoid severe government censorship.
Perhaps you’re in China and want to access YouTube. If you connect to a server in Israel and then through a second server in the US, anyone watching your traffic in China will think you’re accessing Israeli sites, and anyone doing similarly in the US will think you are in Israel.
A double VPN is also useful if you are in a country that only allows connections to a domestic IP address and you need to circumvent censorship. First, connect to a server in that country and then select another server outside the country through which your traffic will exit.
A double VPN also protects you against more sophisticated attacks, like traffic correlation attacks [in which the metadata of incoming and outgoing traffic is processed to reveal your actual IP]. The multiple hops from server to server provide layers of anonymity that help protect your online identity.
With every hop, the new VPN server only gets the previous VPN server’s IP address. The ISP or a malicious party can identify the initial IP that connected to the VPN, but they have no way of knowing onto which server the traffic exits.
Therefore, in order to compromise your anonymity by traffic correlation, all VPN servers would need to be monitored, and a guess would have to be made as to which exit node [gateway via which encrypted traffic reaches the unprotected internet] you are using.
Even if an attacker gains physical access to the VPN server and attempts a de-anonymization attack – an attack intended to decipher users’ identities – the cascade connection protects you against this sort of attack.
Your traffic is encapsulated with an additional layer of encryption for each hop it makes. As such, no traffic, even if it is leaked, can be read or correlated with incoming traffic that may be observed.
The attacker may see the encrypted outgoing traffic to the next VPN server, but he or she can’t tell whether this is an intermediate VPN server or the final server or node before it exits the “chained” tunnel of VPNs.
To be successful in intercepting and decrypting this sort of multi-hop “cascade” traffic, the attacker would need to gain physical access to all servers used simultaneously. Such an attack is relatively impossible if the hops occur in different countries.
Do I Need Double VPN or Is My VPN Enough?
There is no question that a double VPN provides additional protection for your identity and privacy. Some say it’s overkill, while others believe it to be the next big thing in personal data privacy. The truth, however, lies somewhere in the middle.
For the average user, a multi-hop VPN is neither necessary nor worth the common performance tradeoffs. A standard, single-hop, VPN, with strong encryption, DNS leak protection, and other privacy tools (malware protection, ad blocker, etc.), will provide plenty of security.
Double VPNs are usually only offered by the most comprehensive, top-level VPN packages. These VPN options also tend to be the most expensive, making a double VPN an expensive feature.
When using a normal VPN there is sometimes a speed penalty that results from a few sources. First, there’s the extra distance that your traffic needs to travel to reach the VPN server – any network slowdowns along the way will cause additional performance issues.
The process of encryption and decryption also comes with significant computing overhead. This demand can also result in a reduction in speed. When you use a double VPN, you double up on the VPN servers used, and therefore, you double your risk for these potential slowdowns.
In fact, there is almost always a significant drop in speed when using a double VPN. Your traffic is encrypted and decrypted with each VPN server hop, and the geographic distance between servers is often large.
Before subscribing to a VPN with a double VPN, make sure your default connection is fast enough.
The additional anonymity offered by a double VPN is unquestionable. However, from a security standpoint, the double-encryption of data by a double VPN is excessive. A brute force attack would require about one billion billion years to crack an AES 128-bit encryption.
However, if your complete anonymity trumps all your other needs, the advantages of a double VPN certainly outweigh its disadvantages.
Although a standard, single-hop VPN is suitable for most people, attacks correlating incoming/outgoing traffic may still be possible, putting your anonymity at risk.
If you choose to go with a VPN offering chained VPN connections, it’s important to understand that not every VPN provider offers a fully encrypted cascade.
Many providers offering a double VPN will just forward your traffic to another VPN server without an added layer of encryption. You’ll still be vulnerable to the traffic correlation attacks mentioned above. That’s why it’s important to ask VPN providers exactly how their double VPN works.
Best VPNs for Double VPN
As you now know, not all double VPNs offer the same level of privacy protection. For that reason, if a double VPN is what you’re after, it’s important that you choose a VPN offering the best double VPN connections.
The majority of VPN providers do not offer double VPNs. VPN providers are registered companies and are thus required by law (in most areas) to keep logs and records of their clients’ actions. This may seem at odds with the no-logs policies offered by many VPN providers.
If a VPN provider wants to provide a double VPN option, they must create a new system to track and log user activity on dual VPN connections. At the same time, the logs have to be undecipherable to outside parties, in order to uphold the “no-logs” claim.
When a provider has a strict no-logs policy, it means that they keep no identifiable logs. In the event that the authorities force them to hand over their servers and their logs, nothing could be taken or deciphered from them.
Some companies are even based in remote areas in an attempt to avoid government intervention and surveillance, making these companies less vulnerable to such events (which increases the security of your data).
The effort and care that a VPN provider expends when offering a double VPN – largely in order to stand by their “no-logs” claim – is an important factor in choosing a VPN.
With this top-rated VPN below, you’ll have access to a double VPN, in addition to an already outstanding collection of privacy protection tools.
hide.me is one of our top-rated VPNs. It offers a nearly perfect combination of speed and security features across an enormous global server network.
Not only does hide.me have a reputable no-logs policy, but they are headquartered in Malaysia. This provides additional protection against any government or ISP because the country is outside the 14-eyes alliance.
Hide.me uses military-grade AES encryption and its Stealth Guard mode keeps you safe from data leaks. An automatic kill switch keeps your location hidden no matter what, and with 1,900 servers in 75 different countries, it’s a great choice for accessing tons of geoblocked streaming content from around the globe..
If that isn’t enough, hide.me’s Multihop Double VPN feature is among the simplest and most effective offered by premium VPN providers. It’s also available for all major operating systems including Windows, mac OS, Android, and iOS.
Hide.me’s 30-day money-back guarantee makes trying this top-of-the-line VPN easy and worry-free. Need more info? Here’s our detailed expert review of hide.me.
Conclusion and Further Reading
While double VPNs are sure to offer additional anonymity protection for those that really require it, a single server VPN from a premium provider will go above and beyond most users’ needs.
However, if you think a double VPN is necessary for your job or online activities, it’s important to first check that your default internet connection offers sufficient speeds. For ease of use and reliability, we recommend signing up with hide.me.
It provides elite privacy and data protection through its Multihop Double VPN features. Moreover, its other advanced features and tools greatly enhance your online experience.
You May Also Like:
- Amazing savings on VPNs
See the 5 best VPNs for Tor
Read about the top 7 Pirate Bay alternatives that still work
Your data is exposed to the websites you visit!
Your IP Address:
Your Internet Provider:
The information above can be used to track you, target you for ads, and monitor what you do online.
VPNs can help you hide this information from websites so that you are protected at all times. We recommend ExpressVPN — the #1 VPN out of over 350 providers we've tested. It has military-grade encryption and privacy features that will ensure your digital security, plus — it's currently offering 49% off.