No, they shouldn’t be able to see data you are sending and receiving. I never heard about this VPN, but if it’s free one, you shouldn’t be using it, most of them are not good for privacy.
If the school is providing DNS (common option on a lot of routers) then the school would also see DNS queries that the computer makes. Though they might not see the traffic, they would see which domain names the student’s tablet is trying to resolve.
Which is why you use a vpn based on port 443 not an ipsec based vpn.
I use a dedicated IP to stay behind a VPN while using streaming services. Would OP be able to use a dedicated IP to bypass the network rules if they blocked VPN traffic?
What about tor? They would still be able to see the connection to tor, but none of the traffic. If their workplace doesn’t have any rules regarding tor, they could get away with it.
This is the best answer here. Your phone’s hotspot should be able to stream to a tablet, especially if you have a 5G connection. If not, Netflix and Disney+ allow for downloads. Just download the content to your tablet and use it that way.
This is dead on. I get you’re bored but given the current environment with remote learning, I would imagine that the school is going to need all available bandwidth and will, at a minimum, frown at non-essential traffic. We’ve run into this in my office - sales weasels trying to hold remote demos only to have a couple of guys in consulting streaming Netflix or YouTube. Was an issue this morning during a remote training class until I had the offending user move to our guest network (separate ISP) like they were supposed to do in the first place if streaming.
This is the reason, bandwidth is not cheap! Yes a Gig connection to your home is $100 a month, it is nowhere near that amount for a business. We are paying thousands a month and we don’t even have a gig connection. Please don’t stream unless you absolutely have to all you are doing is hurting everyone else on the network by sucking up the bandwidth.
Yes we do bandwidth shaping but it’s still not a good thing to do. We have teachers complaining how during a certain time of day they get dropped from their Google Meet’s with kids and if you look at the bandwidth usage during that timeframe it spikes really high.
Using the guest Network, if available, sounds reasonable to me. In our office, I usually switched audio-only formats like pre-downloaded podcasts from my phone, or Spotify
Most places block VPN traffic by blocking ports such as 1194/UDP which is associated with VPNs, however port 443/TCP (which must remain open or else you would be unable to browse the web via HTTPS) can be used just as well.
As a School IT administrator, I find this hilariously accurate, IF IT WERE 2005. Nowadays, we literally click one box “Block VPN Services”. It blocks almost all VPNs, using a broad range of factors, including endpoint IPs, Port and Traffic Type filtering, and heuristic peeks at unknown high volume traffic.
So we’ve moved onto 2020. You might want to up your skills a bit 
Also, TOR? It’s another box. “Block TOR”
This is pretty much what happened at the schools I used to work with. If you’re using a VPN we’re going to assume you’re doing something worse than you probably are. Best bet is to just make buddies with an IT guy and then let him know you want to watch YouTube. They’ll probably just whitelist it for your device if possible. If not, it’s because it’s either a fireable offense, or if a school admin doesn’t like you they may use that down the line against you. We used to get asked to look pretty deep into specific employees internet usage and emails/documents over stuff they did that wasn’t even computer related.
Just as simple to blacklist the guy’s Mac Address from Meraki. One click, blocked on all networks, guest and otherwise.
You can easily watch a person/device move around a building in real time. Just monitor their calls to the AP’s and the single strength. You can pinpoint a location within 5-10 feet if there are enough of them installed.
On a personal device that had open network? Right… all the standard acceptable use says is expect no privacy and don’t do illegal shit. If he is in vpn in an open network, all they are going to see is traffic to and from the vpn proxy
The content filter is often encapsulated in the device. So, you might use your Chromebooks with Securly, automatically pushing a full-blown content-filte onto all administered devices. But the guest network probably doesn’t have that level of control. They likely have a firewall that tracks what is done, tied to an IP address, with some (much more) basic filtering.
Its not malware, is cloud OS management. They are called MDM, Mobile Device Management, and it allows the sysadmin control over the device and how its used. It can be used to spy users, however if the device is theirs, and not yours, well they kind of have an inherent right to the content on that device.
In this case though, the guy said its his personal device. So unless he signs in with his work/school account. It wont be managed.
If the answer is yes, then they can’t see shit if your on a VPN.
Can’t see the traffic inside the VPN, but it’s trivial to spot a VPN, and to block a VPN, and to track all IP addresses that try to connect to known VPN IPs.
I’ve mentioned it earlier in this thread. We click a single box “Block VPN”, and almost all VPNs are blocked, and all access is recorded.
He said it was his personal tablet, he is just on the schools network and doesn’t want their network admins logging his “YouTube” habit.
Read the post dude. Personal tablet
No, it absolutely isn’t. We can block all VPN accesses, period. And when you try to access a VPN, or a site that acts as a VPN, you are logged.