TCP Handshake and TCP RTT when using VPN
From my server I'm measuring the TCP RTT and I was wondering what would be the difference between clients that use VPN compared to non-VPN clients.
So in the case of a non-VPN client the TCP session is established directly with the customer, which means that I'm actually measuring the RTT of the full path. What is happening with clients who connect through a VPN server?
Does the VPN server maintain two separate TCP sessions, one with the VPN client and one with HTTP server, or it just changes the IP headers and there's only one TCP session between the HTTP server and the client? In the first case the TCP RTT would measure only a partial latency, which would be misleading.
For example, if a client is using NordVPN to connect to my server, is the TCP RTT that I observe the RTT to the NordVPN server or to the client?
Solution 1:
Normally VPN encapsulates TCP. From the client TCP gets to the VPN server and is routed on. So there is even no TCP connection to the VPN server.