> Every site that successfully resumes via a session identifier after the VPN is turned on can now use the session identifier and their logs to match up my real IP address and my VPN IP address.
This would already be the case if the sites had disconnected clean instead of abruptly, since the session can still be resumed in that case.
Really what you want if you're worried about those sorts of correlations is to simply never send any traffic without the VPN. Have no default route via the physical interface at all so that if the VPN is disconnected the internet is unreachable.
This would already be the case if the sites had disconnected clean instead of abruptly, since the session can still be resumed in that case.
Really what you want if you're worried about those sorts of correlations is to simply never send any traffic without the VPN. Have no default route via the physical interface at all so that if the VPN is disconnected the internet is unreachable.