Quick question. Normally, I run Private Internet Access' VPN all the time on my home computer and on my work laptop when I'm out and about. It encrypts ALL communications from the computer and tunnels them to PIA's servers. However, I also have a Forticlient VPN that I use to access my clinic enterprise software. I only use Forticlient from outside the clinic. When I'm out of town, I'll connect to the hotel's Wi-Fi and then fire up Forticlient to do some work. Forticlient is set up by IT to create a tunnel to work, but only for our enterprise software. The rest of the time, I just fire up PIA. But what if I connect PIA and then connect Forticlient? It works just fine. I can connect, and the hotel presumably can't sniff my wireless traffic.


Since PIA is always running, what happens when I connect the Forticlient to my work VPN server? Does it create a VPN tunnel within the PIA VPN tunnel?



 
 

And is this upsetting the NSA when I do this? ;-)

I'm also amazed they both connect.  When used to use vpn to connect to work, it would pretty much disconnect or isolate my pc for the rest of my network.

If it's possible to open two tunnels side by side, that would surprise me.

sure, you can run tunnels across tunnels.  though the end result at the PC may be different depending on which one you initiate first.  as well, some VPN clients lock you out of all local network access during its connect.  and then, some VPNs may not even let you out on the internet to even connect to the WWW (you may not be able to connect to your privacy VPN after the work VPN is connected. ) It just depends on the policies the particular VPN is set up with.

you can dump the PCs routing table to see the difference after each connect (netstat -nr). run 4 tests and check the routing table after each one.  2 test just singly connecting VPN by themselves, the 2 more tests running both (3rd test connect 1 VPN first, the the other, 4th test, swap order)

then, some VPN clients periodically adjust the PC routing table in case you try to manually put a route in to circumvent VPN policy.

lots of vpn solutions out there some even include packet filters that attach to your network card and they filter traffic from there per whatever policy they include

Ok, so I'm hooked up to the Wi-Fi at a hotel conference I'm attending right now.


When connected, and with no VPN, my IP address is : 12.53.206.10




Once I connect to PIA's East Coast point, IP is: 108.61.152.252




With PIA still connected, I connected the FortisClient to get to my clinic's network. I still have the 108.61.152.252 IP address. However, I'm sitting with our IT director right now. He says that the FortisClient only tunnels those applications running on our internal IP range (10.10.*.*). As he looks at it, he thinks the FortisClient is running a tunnel inside the PIA tunnel.


 

So I guess you can run one inside another, depending on how each one is set up.