VLESS-Reality proxy + Tor; Can the VPS host see the traffic?

I’ve seen many similar topics, but haven’t found exactly matching my case.

I have a rented VPS.
On the server I have a self-hosted proxy running with 3x-ui VLESS-Reality protocol (a few words about it at the bottom).
I connect to the proxy via Hiddify-Next on a host machine; it creates a tun adapter to connect.
Then I start Tor browser.

So it is
Home > VLESS-Reality Proxy > Tor > Internet

It is not a VPN, it’s still a proxy though secured one.

1. Can the VPS provider see the pages visited through Tor?
2. What are the flaws of my method?
3. How do I manage to run Whonix, not Tor browser bundle, after this proxy?

Basically I want to connect to Tor without standing out too much.
Nowadays in my country significantly more VPN users than Tor users.
The bridges don’t work for some reason.

Regarding the issue of trust.
They say that when choosing whether to use a VPS/VPN before Tor or not, it is a matter of trust, who do you trust more, the ISP or the VPS hoster.
Why should I trust my ISP more than some random server in another country somewhere far away?
The ISP definitely keeps logs, while the same is not known about the VPS host.
And in the worst case, what can the VPS hoster do if they don’t like something about the user’s behavior? Complain to who? Shut down your server? Well that’s not a big problem.
At the same time, a government-controlled ISP is quite capable of turning you inside out for any reason. Simply because they are nearby and supported by state power.

About VLESS-Reality.
As far as I know this protocol was specifically designed to hide the fact you are using proxy from the ISP. It makes the traffic looks like a normal traffic to a real site. Yet it is still a proxy.


Neither your ISP nor your VPS provider can see the pages visited through Tor, regardless of your network configuration. Privacy is the core principle of Tor.

By using encrypted proxy, you’re “moving” the ability of your ISP to collect metadata based on IP addresses, to your VPS company. In other words, with proxy your VPS provider can detect that you’re using Tor, but not your ISP. Neither can detect which domains and which content are you opening within Tor (but Tor exit nodes can, to the extent what ISP can).

It all depends on what you count as a flaw, on the threat model.
From the technical standpoint, as you’re using proxy, you may have issues connecting via Snowflake browser nodes in Tor, as proxies don’t work good with NAT punching in general. But that’s minor for your case.

Well, since you have a network interface emulation by proxy software, you just run it then. What’s the question?

Oh no, not at all, that’s quite hard to achieve. It was specifically designed to combat proxy/VPN auto-detection systems based on packet analysis and active probing, that’s why it makes the traffic looks like a normal traffic to a real site if you directly open websites via that proxy.

For human, it’s in most cases trivial to detect that you’re tunneling all the traffic via single proxy/VPN with simple statistical methods, as there would be minimal to none traffic for a very long periods of time to other IPs/hostnames from your system, no DNS resolution, and high amount of data only to a single IP address or domain.

Moreover, the most common proxy setup without connection multiplexing (single TCP connection is a single proxy connection) makes it totally obvious that you’re using proxy.

1 Like

Thank you for your answer.

Do you mean, in this case, the ISP cannot see Tor being used through proxy with standard DPI measures, or they cannot see it at all, even if they wanted to?

The most realistic threat would be just unwanted attention from the local regulator, who may suddenly want to find out why you are using Tor, aren’t you some kind of criminal or so, and stick their noses into my private life. Since Tor, not being illegal itself, has a shady reputation as tool used only by criminals, drug-dealers, and pedophiles.
The worst but less realistic threat includes a more closer investigation of this, since every Tor user is somewhat suspicious to them for the reason described above.
And the government in my country tends to take control over the Internet in my country. While today Tor is legal, and tomorrow it’s usage may suddenly be considered as violation of some fancy new law.
So I don’t want to stick out.

It just doesn’t work. Whonix Workstation cannot connect to the internet at all. I guess it is because Virtualbox creates it’s own virtual network adapter for a virtual machine.
So I would be glad to read a solution for this.

I don’t know about that, most people probably think of Julian Assange & Edward Snowden when they hear tor. The browser is used by over one million people per day and they certainly aren’t all criminals.

Just connect through a VPN so your ISP can’t see tor and tor can’t see your ISP

That’s why I want to connect through proxy before Tor.

But I still didn’t manage how to run Whonix after proxy.
It just doesn’t work. Whonix Workstation cannot connect to the internet at all while my proxy is on.
I guess it is because Virtualbox creates it’s own virtual network adapter for a virtual machine.
I also tried a system proxy mode in Hiddify but it didn’t work out.

So I would be glad to hear a solution for this.