To further increase your privacy and make your traffic harder to analyze, you can now route all your traffic through two servers instead of just one, directly in our desktop app, version 2022.1 and newer.
Our multihop feature allows you to connect to any WireGuard destination server via any WireGuard entry server, using a tunnel within a tunnel.
Selecting different servers in different jurisdictions or from different hosting providers may make data collection slightly harder. Please notice that depending on the location of the two servers, this could potentially degrade the performance to some extent.
To activate multihop go to Settings → Advanced → WireGuard settings and turn on Enable multihop.
After doing this, you can select the desired location for the entry end exit server by going back to the main view and opening the Switch location view. You’ll notice the two tabs at the top: Entry and Exit.
All the traffic is encrypted twice directly on your device. It’s a WireGuard tunnel being sent inside another WireGuard tunnel. Anything observing the traffic leaving your device will only see regular WireGuard traffic destined to the entry server. They will not be able to know that the traffic will be forwarded to another server, nor which one. The entry WireGuard server will be able to see your source IP and which exit server the traffic is headed for, but it can’t see any of the traffic. The exit server on the other hand, can see the traffic but it can’t see your original IP, only the IP of your entry server.
There might be a number of reasons why you’d want your traffic routed through two VPN servers before it goes out on the internet. You can read our WireGuard multihop guide for details.
Using multihop in the CLI
The app has supported WireGuard multihop via the command line interface since version 2021.4. See our WireGuard CLI guide for details about how to use that. The big news today is that you can easily use this feature from the graphical user interface also.