Why would you want to do this?
Anon21311 gave some nice examples:
I sometimes use VPN over Tor, but like parityboy asked, the big question here is "why"... Basically, it boils down to two possible answers:
a) you don't trust your VPN or you are paranoid about someone monitoring connections to the VPN and tracing those back to your home/workplace. In that case, with VPN over Tor, the VPN (and anyone watching) will only see that the connections to the VPN come from a Tor exit node.
b) you connect to sites where you need them to see a single consistent exit IP and one which is not a Tor-identified exit node. A VPN (and that includes a VPN over Tor, of course) provides that. Tor, which changes exit nodes every session and every ten minutes, does not.
The creative can figure out more.
For those interested in trying this configuration I would consider this excerpt from the Tor docs:
you -> Tor -> x[insert: x is VPN/Proxy/SSH]
This is generally a really poor plan.
Some people do this to evade Tor bans in many places. (When Tor exit nodes are blacklisted by the remote server.)
(Read first for understanding: How often does Tor change its paths?.)
Normally Tor switches frequently its path through the network. When you choose a permanent destination X, you give away this advantage, which may have serious repercussions for your anonymity.
you -> Tor -> VPN/SSH
You can also route VPN/SSH services through Tor. That hides and secures your Internet activity from Tor exit nodes. Although you are exposed to VPN/SSH exit nodes, you at least get to choose them. If you're using VPN/SSHs in this way, you'll want to pay for them anonymously (cash in the mail [beware of your fingerprint and printer fingerprint], Liberty Reserve, well-laundered Bitcoin, etc).
However, you can't readily do this without using virtual machines. And you'll need to use TCP mode for the VPNs (to route through Tor). In our experience, establishing VPN connections through Tor is chancy, and requires much tweaking.
Even if you pay for them anonymously, you're making a bottleneck where all your traffic goes -- the VPN/SSH can build a profile of everything you do, and over time that will probably be really dangerous.
-Additional privacy layer: the VPN server will not see your real IP address but the IP of the Tor exit node (you can check your Tor exit IP in the Client Area)
-Option to connect to web sites under Tor protection, even to those sites which refuse Tor connections
-Access to Tor from all the applications transparently: no need to configure each application, one by one
-Support to non-TCP applications which can not be supported by Tor
-Access to Remote Port Forwarding
-Avoidance of any traffic discrimination from Tor exit nodes (packets are still encrypted when they pass through Tor exit node)
-Major security layer in the event you pass through a compromised/malicious Tor exit node (packets are still encrypted when they pass through the Tor exit node)
-https://check.torproject.org will not work
-Fixed Tor circuit for each OpenVPN session
-Access to .onion sites only from browsers configured to connect directly to Tor
Simple Windows HOWTO:
1. Fire up Tor Browser Bundle
2. Run OpenVPN
3. Go to your OpenVPN tray icon, right click, left click settings.
4. Configure Manual Proxy Settings to:
Socks Proxy: 127.0.0.1 Port 9150
5. Connect to a TCP configured OpenVPN config file.
Client files from Cryptostorm GitHub:https://github.com/cryptostorm/cryptostorm_client_configuration_files/tree/master/windows
6. DO NOT CLOSE TOR BROWSER BUNDLE. It terminates the Tor connection.
Wham bam you should be connected. Now you can use Tor Browser Bundle for DIRECT TOR CONNECTIONS ONLY and your everyday browser for Tor->VPN browsing
But to be secured even moreso with ease, just run Whonix in a VM in any operating system.
Whonix Workstation(with Cryptostorm VPN)-->Whonix Gateway....profit
Great info/howto on Whonix:
thanks to the q's and a's in https://cryptostorm.org/viewtopic.php?f=67&t=8737