Running AI workloads privately requires more than just a VPN. A single VPN only shifts trust from your ISP to the VPN provider. This guide explains how to combine ProtonVPN's no-log exit nodes with Tailscale's WireGuard mesh to create a layered network where your AI traffic is both encrypted and unattributable — even to the VPN provider.
Get more guides like this in your inbox
No spam. Unsubscribe anytime.
The Problem with a Single VPN
When you connect to a VPN, your ISP can no longer see your traffic — but the VPN provider can. If the VPN provider keeps logs (or is compelled to), your traffic is attributable. ProtonVPN is audited and has a proven no-logs policy, but for the most sensitive workloads, you want defense in depth. The layered approach in this guide means: (1) your ISP sees only encrypted WireGuard traffic to Tailscale's relay, (2) Tailscale sees only encrypted WireGuard traffic between your nodes, (3) ProtonVPN sees only the destination IP of your exit traffic, not which Tailscale node originated it.
Architecture Overview
The setup has three components: your local machine, a Tailscale exit node (a small VPS or home server), and ProtonVPN running on that exit node. All traffic from your local machine routes through the Tailscale mesh to the exit node, which then routes outbound traffic through ProtonVPN. Your AI API calls (to RunPod, Hetzner, etc.) exit through ProtonVPN's servers in a jurisdiction of your choice.
Step 1: Set Up Tailscale
Install Tailscale on both your local machine and your exit node (a Hetzner CX22 at €4/month works well). On the exit node, enable subnet routing and exit node advertisement:
# On your local Mac
brew install tailscale
sudo tailscale up
# On the exit node (Linux VPS)
curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale up --advertise-exit-node --accept-routes
# In the Tailscale admin console:
# Machines → your exit node → Edit route settings → Enable exit nodeStep 2: Install ProtonVPN on the Exit Node
On the exit node, install the ProtonVPN CLI and connect to a server in your preferred jurisdiction. ProtonVPN's Secure Core servers route through privacy-friendly countries (Switzerland, Iceland, Sweden) before exiting — adding another hop that makes traffic correlation harder:
# Install ProtonVPN CLI on Ubuntu
wget https://repo.protonvpn.com/debian/dists/stable/main/binary-all/protonvpn-stable-release_1.0.3_all.deb
sudo dpkg -i protonvpn-stable-release_1.0.3_all.deb
sudo apt update && sudo apt install proton-vpn-gnome-desktop
# Or use the CLI-only version
sudo apt install protonvpn-cli
# Connect to a Secure Core server
protonvpn-cli connect --sc # Secure Core, fastest available
# Verify your exit IP
curl https://api.ipify.orgStep 3: Route AI Traffic Through the Stack
On your local machine, set the Tailscale exit node as your default route. All traffic — including calls to your RunPod pods, Hetzner servers, and any external AI APIs — will now flow through the Tailscale mesh to the exit node, then through ProtonVPN:
# On your local machine — use the Tailscale exit node
sudo tailscale up --exit-node=<exit-node-tailscale-ip>
# Verify your apparent IP is now ProtonVPN's exit IP
curl https://api.ipify.org
# Should show a ProtonVPN IP, not your home IPMaintaining the Stack
ProtonVPN connections can drop. On the exit node, set up a systemd service that reconnects automatically and kills the network if ProtonVPN is down (a 'kill switch'). This prevents your AI traffic from ever routing unprotected. The ProtonVPN CLI has a built-in kill switch: run protonvpn-cli killswitch --on to enable it. Combine with a systemd WantedBy=network.target service to ensure ProtonVPN starts before any other network traffic.