I've actually read the opposite (there used to be something about TOR -> VPN here http://sourceforge.net/p/whonix/wiki/Tunnel_Tor_through_prox... they seem to say VPN -> TOR is safe)
I think using VPN -> Tor is normally ok since if you are running tor locally, your vpn provider won't be able to read your traffic since you have encrypted your traffic for tor locally (you've encrypted it four times in total, once for the vpn and three times for tor). The problem with lahana is that, unlike in the last case, in this case the traffic is only encrypted once locally then sent to the lahana node, decrypted, and then encrypted three times for tor. The danger here is that the person running the lahana node can read all your traffic after it is decrypted for them.
Encrypting something multiple times doesn't necessarily make something more secure. In some cases it can decrease the effectiveness of the protocols in use, but it really depends on what encryption is used and how it is used.
> The danger here is that the person running the lahana node can read all your traffic after it is decrypted for them.
So if I understand this correctly, if you're in a country with a government that monitors traffic and you connect to a malicious public lahana node that monitors traffic, run by the same government then your traffic is compromised?
But if you run your own lahana node, then it's not (excluding questions about whether or not Amazon have the ability to go into a node for example)?
Sorry if it sounds like I'm being daft I'm just trying to understand the specifics here, so I can figure out ways to address them (if they fall within the scope of lahana, vs traditional Tor uses).
I cannot recommend either, but I would note that in your link they do seem to state 'Anyway, not so many people seem to do use a tunnel before they connect to Tor, therefore it's not so well tested, do not rely on it too much.'. So I'd be wary of their advice for anything you need to bet your life on.