A but confused by this
They won’t be able to see what you’re browsing, the only IP address that will appear to them is your connection to the VPN server, so they can only see that you are connected to a VPN but not what you’re doing through it.
It honestly depends on your IT setup, the network your connecting to, what your connecting with and whether or not it’s worth them pursuing.
Whatever your connecting to their Network with gets an IP address from them. Your VPN should keep the traffic encrypted from them but not the amount of traffic.
If you’re pulling a ton of traffic they might have a better reason to see who is using bandwidth and can probably eventually single you out.
You could bring a second phone (if that’s what’s running the VPN client) to work that isn’t tied to your actual cell number for some deniability provided they don’t realize you have 2 devices.
But again be prepared to answer some tough questions should they track you down.
Imagine your computer is a house. Whenever you access a website, you put a request in the mailbox and you get a reply soon after. The IT guys and their Network are the post. If they want, or someone snatches the mail, they can read it first then send it on its way, and even intercept the reply to see who you’re talking to and what’s being said (what websites are you visitng and what you’re posting).
When you use a VPN, as long as you’re configured right, everything is encrypted so no one can read it, then sent to a trusted person who will unencrypt your letter, then send it to the person it’s meant to go to, then encrypt the response and send it back. The post office (IT guys) can only see how much mail you’re sending, to one address, but not what’s being sent or where it’s going after.
I don’t work IT (yet) but if you’re good to your IT guys and show them respect, and not doing anything illegal or shady, you’re probably fine regardless I hear.
You need to clarify who ‘they’ are.
Yes, Facebook will know it’s you is you log into Facebook. Google will also know, as your probably logged into Google and have a few Google analytics cookies. Yes, the VPN server will see everything.
Your phone company. Only traffic to they VPN server.
Do you allow Java script? Because then any webpage grab a lot of info from your computer. Did you protect yourself against finger printing? If not, ‘they’ will know it’s you.
Also, who have admin access to your router?
First thing, first.
Who do you want to protect yourself again?
See if your VPN client allows you to change the port you connect to as well… it’s a lot easier if it’s set to 80 or 443 (the standard web browser ports) to have some deniability. But if it’s a known VPN port, then it’s an extra layer for them to go WTF are you doing.
If it’s a browser port, then you can just say, oh I had a browser window to their site open as I was taking a look, not sure what’s doing? 
With PrivateInternetAccess I specify port 443 to use…
They won’t be able to see what you’re browsing
last company I worked at could view a live feed of my screen and logged basically all keystrokes.
Sure, a VPN can protect against in-transit snooping. But just remember there is no silver bullet.
If he’s connected to their WiFi he gets a local IP address from their wireless router.
They can see the amount of encrypted traffic from that local IP.
If he’s facing the internet it’s with his VPN IP.
So one side of the tunnel is his local WiFi IP and the other is his VPN IP.
Just clarifying a little for others.
But they will know that it is me who connected to the VPN?
If you have a rooted phone, you can switch to random MAC addresses regularly so they wouldn’t even be able to trace it back to you.
You’ve got everything right. Just for clarification (I found that part a bit tricky, sry), the “postman” will only see that encrypted letters are going to a VPN server. No one on the local wi-fi network, or even internet service provider, will know where do the “letters” go from a VPN servers. To know that, they would need to hack the VPN servers, which really ain’t easy.
Also, don’t forget quality VPNs have their own DNS servers, this also helps to hide which websites exactly you’re visiting.
Actually no, because browsing will not route all traffic thought that port on that server. Normally traffic flows to different servers and port - a clear sign is all traffic only goes to one port one on server.
Yes, a local IP address, you need one to connect to other IP addresses.
Yes they can know that, they can pinpoint it by looking at the DHCP server which will provide them with the MAC address of your hardware and your device’s host name.
Look into obfuscated servers. If a VPN provider has this feature, when you turn it on it scrambles the encrypted traffic in a way to look like a normal casual traffic without a VPN, might be useful in your situation.
Edited to clarify a little, but thought the distinction is worth mentioning.
All this to browse shit on work wi fi
Amazing
They can see the traffic but it will be encrypted.
Often no one cares about it. Just if you system administrator have enough free time and wish for that. If they want to control they may use some other soft which can see your screen or smthing else.