I had an issue recently with my VPN router's killswitch glitching out and letting my home IP float through. I'd like to create a safe guard against that in the future, by connecting a second VPN router (with a different VPN service + killswitch), and placing it between the first router and my home router.
My hope was that if the first VPN router killswitch glitches again, the second router's service will still grab my IP and push through a secure VPNed IP (always keeping my home IP safe). And vice versa.
This sounds to me like a configuration error. This should be quite deterministic unless you've got a faulty config, meaning that:
You should look at your existing config and try to resolve the issue at the source
Doing a second VPN router behind the first is not necessary if things are properly configured. (and this doesn't even get into the inefficiencies of this topology and possible other issues that could arise).
I agree, however, the VPN killswitch was known to have been an issue on the VPN router since 2021 (apparently due to a change in the programming of it). And it's yet to be addressed. And I didn't realize this when I set it up on the latest version of the firmware. Previous versions that worked the "old way" apparently have a much better success rate (according to threads I've read in their forum, and from other users I've talked to). So I plan to downgrade to that version in my new setup for VPN #1.
Adding VPN#2 is more for my piece of mind. Just wanting to ensure the principal was sound (and another layer of protection).
So in theory, it should work, given everything is configured properly?
I'm also all-ears if there is something I should tweak to help ensure it's success when daisy-chaining them together.
What kill-switch specifically? And can you provide documentation about the known issue you're referring to?
When done with the firewall, it's very simple, effective, and there have been no known issues. Maybe you're using some other package/tool to serve as the kill switch??
With the exception of authoritarian governments and the like where censorship and/or criminal consequences are considerations, using VPNs doesn't necessarily protect your privacy -- it simply shifts the privacy question from your ISP to the VPN provider. The privacy practices (including data handover to a governmental agency) at that point rely entirely on the VPN and their policies.
Wrapping one VPN tunnel inside another does not provide any improvement in the privacy factor -- the VPN provider's endpooint for the inner most tunnel will be the point of privacy vulnerability.
You will, however, have increases in latency, potential risks of TCP meltdown, and now two single-points-of-failure that could make your connectoin more unreliable, but not more secure.
All valid points here. I guess I should have been more targeted with my question and not used the word "privacy" (as I take into account the issues your talking about regarding governments, and choose my VPNs accordingly).
More specifically, I'm wondering about the killswitches. Meaning, is there any reason that if VPN #1s killswitch fails, shouldn't killswitch #2 protect against my real IP being revealed (theoretically)?
The kill switch should not fail if it is implemented properly in the firewall.
It all depends on what went wrong with the first kill switch, how the second kill switch is setup, and if the second VPN is running on another router behind the router that runs the first VPN.
Again, all this is unnecessary. A kill switch should be pretty straight forward.