So, I have read a decent amount online about this but all the info seems to be all over the place, and I have a few general questions if a guru doesn't mind... With regards to a VPN and the connection path, which is the correct: Computer -> VPN(encryption takes place prior to being sent) -> LAN/WAP -> Internet. In this scenario, which would be ideal, it appears that the data would be encrypted prior to reaching whatever AP and would be unable to be deciphered without the key by somebody packet snooping/IT teams/jesus... OR Computer -> (unencrypted traffic) LAN/WAP -> VPN (encryption takes place) -> Internet. This appears to be less than ideal because the "quarries" for lack of a better word, would be completely visible for somebody to intercept from the computer at the AP level prior to reaching the VPN for encryption. This is where I'm confused and want to pin down where the encryption takes place. Sure in option 2 you would be fine in the internet world, but completely open prior from the original destination to the AP. IE.., If i open firefox and type funny pics.com, the AP would easily see/log that quarry, right? What am I missing here?