> VPNs are literally MITM: they terminate your encrypted connection with the client and stablish a new connection with the outside world from their end
I think you misunderstand how VPNs work.
They tunnel, not terminate traffic. It is effectively a NAT service, with extra steps.
Take the scenario of a TLS connection to www.example.com:443 [1.2.3.4:443]
Connection A: Direct to the internet through my ISP.
I'll make an outbound connection to 1.2.3.4:443, and the IP that the remote sees will be the public IP that my ISP has assigned me. All traffic on that TLS connection is encrypted and my ISP can't view the content.
Connection B: Using a VPN Service
I'll make an outbound connection to 1.2.3.4:443, and the IP that the remote sees will be the public IP that my VPN Service has assigned me. All traffic on that TLS connection is encrypted and neither my ISP or the VPN provider can view the content.
In both scenarios, the TLS Connection is direct to 1.2.3.4:443, and my client will and should verify that the presented certificate is for cn=www.example.com (or a SAN with that cn), and signed by one of the Root CAs that my computer/software trusts.
I think you misunderstand how VPNs work.
They tunnel, not terminate traffic. It is effectively a NAT service, with extra steps.
Take the scenario of a TLS connection to www.example.com:443 [1.2.3.4:443]
Connection A: Direct to the internet through my ISP.
I'll make an outbound connection to 1.2.3.4:443, and the IP that the remote sees will be the public IP that my ISP has assigned me. All traffic on that TLS connection is encrypted and my ISP can't view the content.
Connection B: Using a VPN Service
I'll make an outbound connection to 1.2.3.4:443, and the IP that the remote sees will be the public IP that my VPN Service has assigned me. All traffic on that TLS connection is encrypted and neither my ISP or the VPN provider can view the content.
In both scenarios, the TLS Connection is direct to 1.2.3.4:443, and my client will and should verify that the presented certificate is for cn=www.example.com (or a SAN with that cn), and signed by one of the Root CAs that my computer/software trusts.