Private Internet Access questions

          I've been contemplating getting Private internet access, But im not sure how compatible it is with where ill be using it. The school I go to has utterly stupid amounts of monitoring and I don't enjoy having my every movement watched. My question is, will the Private internet Access hinder my ability to use my schools WiFi, I dont want to waste my money on software I cant really use.

You might not be able to use it.( they might be blocking VPN traffic) However if you can use it considering the crazy amount of monitoring they do You may want to use it all the time I suggest paying the $7 for 1 month of access and see how it works out.

Ok I'll do that, thank you.

I would check your school's network policy. I know my University allows VPNs but you have to register your computer as one using a VPN on their network otherwise it boots you off immediately as soon as you turn the VPN on, since my University has a private VPN to keep its network more secure. So I in effect have a double VPN on my laptop while at school.

TL:DR > go to your schools website and see what their network policy is on VPNs, and if they don't have one, I would say give it a try, its not that expensive.

Have you tried using a configuration to get around restrictive networks on the VPN (TCP 443)? Usually you need to disable it temporarily when connecting to a captive portal but what you're saying is that it actively boots you off the network and there's something about a double VPN. What does that mean exactly?

Do you already use a VPN to connect to the school's wifi in the first place?

he means he has nested tunnels. he is required to use a vpn to connect to the schools network then he uses a private VPN. Im not sure exactly what that accomplishes beyond hiding his activity from the school.  

You get limited devices per Private Internet Access account. I don't think it would be best used in a school environment. Can't you do your personal web browsing outside of school?

I'm having picturing the school's topology. Maybe I'm too tired ><

/rant 

So there's definitely a VPN used to connect to the school's network itself and that explains the false report of an instant disconnect by the school. He's disconnecting himself to join the internet-side vpn but that kicks him off the vpn used to connect to the local lan.

I'm not sure how it would be possible to do multiple client side vpns if one needs to tunnel into another one (multiple independent virtual NICs) but you could always do that with virtual machines and a virtual router and a client VM inside the router. Yeah so that implies that it should be possible to do the same thing with only one layer of clients instead of 2 Vms. You should really just need one virtual nic connected to the gschools Lan and the second chained to take in all traffic natively, then pass it to the virtual nic connected to the school's vpn. If the routing works then it would effectively forward the data through the school's lan (still with the outer) internet vpn in place, and deposit it safely onto the internet side vpn. The local routing table would be insane tho.

If going to 10.x.x.x go to School's nic → VPN software forwards all traffic from here through physical NIC to school's internal vpn 

else forward traffic to internet-side nic → VPN software forwards all from here to traffic to school NIC

As a side note doing so would require several layers of NAT assuming TUN adapters and manually modifying routing tables.

The school's VPN can be done any number of ways but then how does the school handle whitlisting clients?

Picturing this from the client's PoV, where does a connection go? Suppose prior to the vpn gateway it could hit a firewall appliance and the firewall could pretend that it's been authenticated the client (called pre-registering) and then send the client to the router but then that should allow direct bypass of anyone who knows the router's direct address unless the firewall was physically wired in front of the router. Or it could allow the bypass for anyone who knows a white listed mac address.

That seems a bit complicated, so wouldn't the school just use a captive portal instead? That could be easier to manage since it's all application-level UI stuff and “whitelisting” would be easier. Yeah that school's security paranoid if they favored an actual VPN infrastructure over WPA2-Ent secured wifi combined with a captive portal or just separating the wireless from the wired and being done with it all.

For registering then I'm assuming that's a MAC address recorder and I'd be surprised if they do more than superfical DPI, then again Harvard records are detailed enough to identify Tor traffic so it's not unreasonable. How does that whitelisting work? The implementation topology can vary in so many ways depending upon their VPN techology. Or can it? I'll think about this more when I wake up good.night~ ~/end rant