<noinclude> {{Header}} </noinclude>{| class="wikitable" style="background-color: #fff;text-align: center" |- | ! VPN Installed on the Host OS (outside any virtual machines) ! VPN Installed on {{project_name_gateway_long}} ! VPN Installed on <u>both</u> the Host and {{project_name_gateway_short}} |- ! All {{project_name_short}} Traffic Routing | <code>User</code> → <code>Host</code>'s VPN → <code>Tor</code> → <code>Internet</code> | <code>User</code> → <code>Gateway</code>'s VPN → <code>Tor</code> → <code>Internet</code> | <code>User</code> → <code>Host</code>'s VPN → <code>Gateway</code>'s VPN → <code>Tor</code> → <code>Internet</code> |- ! All Host Traffic Routing | <code>User</code> → <code>Host</code>'s VPN → <code>Internet</code> | <code>User</code> → <code>Internet</code> | <code>User</code> → <code>Host</code>'s VPN → <code>Internet</code> |- ! {{project_name_gateway_short}} Compromise | Host's VPN Affords Protection | Nil Protection | Host's VPN Affords Protection |- |} To decide the best configuration in your circumstances, consider: * Is it necessary to hide <i>all traffic</i> from the ISP? <ref name=all-traffic> All traffic generated by the host OS and all applications running on the host. For example, Firefox, NTP, and anything else. This also includes traffic generated by {{project_name_short}}. </ref> Then install the VPN on the host. * Should the VPN provider be able to see <i>all traffic</i>? <ref name=all-traffic /> Then install the VPN on the host. * Should the VPN provider be limited to seeing <i>Tor traffic</i>, but not <i>clearnet traffic</i>? Then install the VPN on {{project_name_gateway_short}}.<noinclude> {{Footer}} </noinclude>