What does the Wireless ISP (WISP) "see" when I'm using VPN from home?

Nope. The traffic to the vpn server cannot go via the tunnel. Those packets must go via a regular connection. Those packets carry encrypted traffic which is the tunnel, but are themselves not sent via the tunnel.

Also traffic to 127.x.x.x does not go via the tunnel.

But it does work that way. See my other posts.

Funny. :-)

My point was that the *applications* (Firefox, in this case) don't know or care. They have no awareness of a VPN.

You were talking about your employer requiring to use their VPN for work. They would not allow you to use anyone else's vpn since the traffic into the business would then be unencrypted. So what is in use depends on what the employer wants. They almost certainly do not want everything you do from home routed through their site-- imagine their liability when stuff from their network were involved in a crime.

Not imaginary, encapsulated.

and your employer would want that exposure for your posts etc?

Well please stop! :) Because that's not how VPNs work.

If you have a VPN connection established and you open additional connections to various places, and now you close your VPN connection without all of the others stalling, then you've just proved to yourself that you were using a split tunnel VPN.

The OP is asking about a full tunnel VPN, so your description and advice doesn't apply.

Cute. :-) A little obvious, though.

Traffic to localhost doesn't "go" anywhere. By definition, it's local.

I did. :-)

It applies whether a full tunnel or a split tunnel, unless you are within the network not just remotely connected to it. If within the VPN then the VPN has control over everything you do when you are connected to the outside. When you logout the tunnel is gone, so the other tabs connections should disappear but they don't, as their route is gone.

Doesn't matter whether it is a full or split tunnel.

None of that made sense, but I'm certain that it doesn't apply.

That tells me that you don't know the difference. Not knowing the difference can be a problem.

It is true whether a full or split tunnel. Only the traffic that is using the connection made to the VPN is connected to the VPN. If the traffic is using anyplace/thing else other then that connection they are not using the tunnel. Doesn't matter if a different tab or program. Example, your torrent program does not use the browser at all. It can be running at the same time as your connection to the VPN. Your torrent program is not going through the tunnel that is established between you and the VPN. If the torrents were going through the tunnel when you logout of the VPN the tunnel is closed so then the torrents should lose their connections,no matter how fast it picks them up again, the routes were broken.. But the torrents never lose their connection when the tunnel is closed.The VPN does not have control over all your ports or connections, just the ones it is using.

It doesn't matter if a full or split tunnel is used. With a split tunnel then they other opened connections still use the tunnel from what you are saying. When the tunnel is closed the routes the connections that those other tabs/whatever would be gone. The complete tunnel is gone no matter if it is full or split. The only computers that have the complete benefit of a full tunnel is the computers within the network, not those outside that are just connecting for a period of time.

I am to. As I said it doesn't matter whether a full or split tunnel, a different browser or tab, or even a different program. The affects are the same when the tunnel is closed. Only those which were using the original connection lose their connection, the others don't.

agreed. They never care. They deliver a packet to the wireless software and say "send this to this address" with often an implicit port. They do not care how that delivery is accomplished. It could even be sent by carrier pigeon for all the software cares (Mind you the latency might be a bit severe). Ie, firefos NEVER cares how the message is sent.

That is exactly the question that the OP asked. Why shouldn't the email program also be controlled by the VPN. He thinks that a VPN is useless if it doesn't. I told him that it doesn't and gave him two reasons why. One it only completely controls the connection to itself and whatever uses that connection. The VPN does not control a connection that goes somewhere else then itself. I should have used a different program, not the mail program. Remember we are not talking about anything that originates from within the network only that which is from a temporary connection to the VPN. It is understandable if it doesn't make sense if you don't follow the complete thread. :)

Yes there is one tab/browser is connected to the VPN the other is not. How else is he going to connect to the VPN then his browser? Doesn't matter if its a CLI or a GUI browser. So browser is a given. It can be either a full or split tunnel, only the data that is sent to the VPN is is accepted by the VPN no mater what kind of tunnel. Just because you have a tunnel connecting you to the VPN doesn't mean that everything that connects to the internet from your computer is connected to the VPN. Can be but doesn't have to be. If a split tunnel, that tunnel is still connected to the VPN but only the traffic sent to it is accepted,the rest of your traffic goes elsewhere, it doesn't go through the VPN. If you used the connection that is connected to the VPN to go somewhere else it is sent down the other "split". If you connect to the internet from anyother connection then the one established with the VPN, no matter split or full, the VPN has nothing to do with that connection. Remember this is connecting from a remote computer for a period of time.

It applies no matter what type of connection. Not all of your internet traffic has to go through the connection to the VPN. If you are remotely connected for a period of time.

He hasn't proved it. No matter if you are connected with a full or split tunnel does all of your connections have to go through that tunnel. Only the traffic that is sent to the VPN has to. How else is he going to connect to that VPN except through his browser? If one tab in that browser is connected to the VPN the other is not unless directed at the VPN. Since it is a different connection how are you going to connect the second tab to the tunnel?