What does the Wireless ISP (WISP) "see" when I'm using VPN from home?

He's talking about something else entirely. It doesn't apply to you.

No. That's precisely why some people use a VPN service.

You're on the right track. :)

Right.

He's asking about a full tunnel VPN situation, so none of that applies.

It doesn't work that way. :)

Traffic is routed through the tunnel only if it goes through the same connection, then that traffic only goes to the VPN, If other traffic doesn't go through that specific connection the VPN doesn't even know that that traffic even exists. The VPN doesn't care about that traffic. If it is a split tunnel then the traffic that bypasses the VPN and never uses anything from the VPN, but you still have to be connected to the VPN to use that split because it is the VPN's tunnel not yours. You still have to use the same connection to that VPN for anything/program else. That tunnel full or split is not created until you login. Any other connections that don't go through that connection are not part of the VPN and have no protections from the VPN. If you open another tab or anything else that doesn't go through that VPN connection, and don't login to the VPN will not use the VPN. An example. You are connected to the VPN then you open another tab and go to Google. What happens to the Google connection when you logout of the VPN in the first Tab? The tunnel no longer exists. Is the connection to Google in the second tab broken? No, and why not? Because the connection to Google wasn't connected to the VPN and or using that tunnel. The only tab/window/program that use the original connection to the VPN are using the tunnel/VPN.

"The PC" is not a single entity. There are various layers in the networking stack. The application, Firefox in this case, can very well think it's sending a request to a remote address and remote port 80, but before the traffic leaves the PC the VPN layer in the networking stack takes that traffic and encapsulates it. Suddenly, it has a completely different destination IP:port combo, and Firefox is completely unaware!

Umm, that's basically the definition of 'full tunnel'.

There's nothing tab-specific in that case, nor even anything browser-specific.

He's explicitly asking about a full tunnel VPN. There will be very little traffic outside of the tunnel, if any. By agreeing to the use of a full VPN tunnel, all traffic is then 'aimed' at the VPN tunnel. That's what full tunnel means.

Try to see the humor in it. :)

Fortunately, it doesn't work that way at all.

I'll let him explain that, because it doesn't describe VPN behavior. He must be talking about something else. Sounds like some kind of anonymizing web site, similar to Tor, perhaps? Anyway, not at all what you asked about so irrelevant to the discussion.

Right, you're accurately describing a full tunnel VPN.

:-)

It (meaning full tunnel VPN) works the way that you've described. It has absolutely nothing to do with your browser, let alone a single tab in your browser.

So what are we discussing then? It's the same for ports as it is for traffic. Once the connection is made then the tunnel is created and only uses the port/ports to which it was attached. It sees all the ports when creating the tunnel but only uses the port/ports that it needs. Browsers/other programs can get out to the internet and not use that tunnel. If it was any different then all connections from anything else would be broken when the tunnel closes and they are not broken, when you log out. The only computers that has all it's ports tied to a VPN's tunnel are ones that are within that network not those outside of that network that are just connected to it. No matter how long that computer is connected.

You've accurately described a split tunnel VPN, but he keeps asking about a full tunnel VPN, in which case ALL of his outbound traffic should go into the VPN tunnel.

You keep describing a split tunnel VPN, but then you confuse it even further by somehow linking it to a browser tab. None of that applies to the situation as the OP has provided it.

See what I mean? That's not at all what "full tunnel VPN" means or implies. It's not browser based or tab based. I'm not sure what you're describing, but it's not anything that I've ever seen, and it's certainly not a full tunnel VPN.

So in other words, it would be like a full tunnel VPN! Now we're getting somewhere. :-)

Not the VPN, but the VPN provider. Close enough.

That doesn't make sense, but I know what you meant to say. It won't be that way with a full tunnel VPN.

A full tunnel can be very useful regardless of who sets it up. It's simply an imaginary connection between two endpoints. You can own both ends of the tunnel, or a third party or employer can own the other end. Whoever owns the VPN gets to decide how it's going to be configured. By that I mean they get to decide if it's a split tunnel (only some of your traffic will be captured and encapsulated before being stuffed into the tunnel), or a full tunnel (all of the traffic is captured and encapsulated before being stuffed into the tunnel).

My employer uses a split tunnel VPN. When I connect to it, *some* of my traffic goes through the tunnel. In this case, it's traffic destined to company resources. All other traffic goes around the tunnel as if it's not even there, regardless of the application I'm using.

OTOH, I have a full tunnel VPN configured between the laptop that I travel with and my desktop PC at home. When I'm in a hotel or a coffee shop and I want additional security, I connect to my personal VPN, and since it's configured (by me) as a full tunnel, *all* of my outgoing traffic goes through the tunnel, across the Internet to my house where it pops out of the tunnel, and then out to the Internet where it looks like it came from my PC at home.

That has to be one of the more confusing paragraphs I've read recently. :)

You're describing no VPN that I've ever seen...

Okay what's different. The op asked if the WISP could tell if he was a VPN. Later he asked if all web traffic uses the same port that the VPN is using and so going through the VPN. The answer is no. Then it went to if you are connected to a VPN can you only go to the VPN. No again. Then it went to a discussion to a disagreement of basically whether or not all your traffic goes and is encrypted by the VPN. Again no. Only if you are within the VPN not just remotely connected to it. This is asking if all traffic must be routed through the VPN and if not why not. Again no. We are talking about remotely connecting to the VPN. So where am I talking about something completely different?

They can see all three web sites but not that it is you connected. The question asked if the ISP can see all web sites not you/him/whatever.

Caver1 wrote, on Sat, 06 Sep 2014 10:01:44 -0400:

It's a totally different story to set up your own VPN versus using an existing VPN server on a wholly different network.

Why?

Not one of those sentences did I understand. Maybe it's too deep for me.

The *only* situation I'm concerned with is: a. An existing VPN server on a network other than mine, b. Full (and complete) tunneling.