getting started with VPN's

[Nathan Dorfman]

On Sat, Oct 11, 2014 at 11:41 AM, thufir <hawat.thufir at gmail.com> wrote:
> ok, and once connected to the VPN, any internet traffic is sent through
> the VPN?

That's up to you. If you're using the VPN to connect to a private
network, then you probably only want the traffic destined for that
network to be sent over the VPN. If, on the other hand, you want to
use a commercial VPN to hide your Internet activity from your ISP,
then you might want to send all your traffic over it, or perhaps just
a subset of it, like a certain application.

All of it is possible. Once configured, the VPN appears as a virtual
network interface, and you can configure any kind of routing scheme
you like using the standard Linux tools, in much the same way you
would a machine with two physical Ethernet interfaces.

If you're using the NetworkManager applet to set up your VPN, there
should be a checkbox labeled "Use this connection only for resources
on its network." That should cover the simple cases; if you want
something more elaborate you'll have to get your hands a bit dirty.

> How does this relate to deep packet inspection, if at all?

This should probably be answered by a real security expert, but until
one shows up, here's what I think:

It's impossible for your ISP to inspect the plaintext contents of your
packets if you're using a VPN. The only traffic they'll see passing
through their network would be the encrypted data between you and your
VPN provider.

They're not foolproof, however. For one thing, you must place absolute
trust in your VPN provider to keep your secrets. For another, they're
almost certainly insufficient if the adversary you're concerned about
has the capability to surveil the entire Internet and perform advanced
traffic analysis techniques.

-nd.