I’ve been working through the challenges over the past month or so (about 65-70% complete) and I really want to start on the machines, however, due to not being able to run two VPN connections I am reluctant to do so as I do not want my public IP being known to HTB. This isn’t because I don’t trust HTB, it’s that I don’t trust the fed’s. I’m not doing anything illegal online but I because of my interests I feel I would be on their radar if they knew where I lived and who I was which is, imo, a breach of a right to private life.
I am thinking about renting out a new VPS, logging into the VPS through my VPN, logging into HTB through the vps with the OpenVPN for the machines and pulling a kali docker image down to work from on the VPS.
What do you guys think? Do you see my concern? Am I being overly paranoid? How would you solve this issue? Any other feedback?
Thank you for taking the time to read this.
Not 100% sure what you threat model is, here, but that’s nothing for me to judge 
You should be able to tunnel a VPN connection through another VPN tunnel. Though this minimizes the usable payload size, due to having to cramp additional TCP/IP headers into the TCP packet, but that shouldn’t cause too much problems (if any at all).
If your VPN provider limits the allowed destination ports, you can change the HTB ovpn file to use TCP on port 443, as described on the “Access” page.
An example for EU2 Free would look similar to this:
client
dev tun
proto tcp
remote edge-eu-free-2.hackthebox.eu 443
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
comp-lzo
verb 3
cipher AES-128-CBC
auth SHA256
key-direction 1
<ca>
...
</ca>
<cert>
...
</cert>
<key>
...
</key>
<tls-crypt>
...
</tls-crypt>
Type your comment> @HomeSen said:
Not 100% sure what you threat model is, here, but that’s nothing for me to judge
You should be able to tunnel a VPN connection through another VPN tunnel. Though this minimizes the usable payload size, due to having to cramp additional TCP/IP headers into the TCP packet, but that shouldn’t cause too much problems (if any at all).
If your VPN provider limits the allowed destination ports, you can change the HTB ovpn file to use TCP on port 443, as described on the “Access” page.
An example for EU2 Free would look similar to this:
client
dev tun
proto tcp
remote edge-eu-free-2.hackthebox.eu 443
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
comp-lzo
verb 3
cipher AES-128-CBC
auth SHA256
key-direction 1
<ca>
...
</ca>
<cert>
...
</cert>
<key>
...
</key>
<tls-crypt>
...
</tls-crypt>
Thank you for your quick reply, looking at this config, it seems so simple and logical now. I had done a reasonable amount of searching before asking this question and the closest answer I found was on Stack anonymity - VPN tunnel inside other VPN tunnel - Information Security Stack Exchange. Unfortunately this didn’t solve this issue. So, once again, thank you for your reply.