Use VPN connection only for selected applications

networking windows internet privacy vpn

I have access to a VPN and want to use it only for some applications, not all.

For example:
If I connect to a VPN I want only the applications Opera and Newsbin to use that VPN connection. All other applications, like f.e. Outlook, should use the normal internet connection (while the VPN is connected/open).

Afaik this isn't possible, but I'm not totally sure. So therefore my question: is it doable?


Solution 1:

It is possible to accomplish this, at least on Linux (and I'm thinking on BSD and OS X as well). You can do so by:

  • Create an exra user for all VPN traffic.
  • Create an extra routing table with 1 default route via the VPN.
  • Configure Netfilter through Iptables to use the other routing table for all traffic originating from a specific User ID.
  • Run the applications that should use the VPN under their own user. For example with 'sudo'.

There are scripts for accomplishing the above steps here or there is another guide here.

Here is a detailed guide for routing Transmission via a VPN (using a VPN server that you own.

Solution 2:

You could use the Windows Firewall to accomplish this (provided you are using Win 7 or Vista) - I wrote a guide on this

  1. Connect to your VPN as you normally would.

  2. Open the Network and Sharing Center - right-click on the Internet connection icon in the taskbar and choose "Open Network and Sharing Center" (see below)

  3. You should see (at least) two networks listed under "View Your Active Networks" - your VPN connection and one called "Network" - a.k.a. your ISP Connection. Ensure that your VPN is a "Public Network", and your ISP connection is "Home Network". If you need to change either connection, click it and an option window will appear (see below).

  4. Go to the Control Panel and click System and Security (see below).

  5. In the resulting window, click Windows Firewall (see below).

  6. In the Windows Firewall window, click Advanced Settings on the left pane (see below). Note: You must be logged in as an Adminstrator to make changes to the Firewall Settings.

  7. You should see a window titled Windows Firewall with Advanced Security. In this window, click Inbound Rules (see below).

  8. On the right pane, you will see an option for a New Rule. Click it (see below).

  9. In the New Inbound Rule Wizard (which should appear), do the following:

    • Choose Program and click Next.

    • Choose the program you wish to block all traffic to except on the VPN connection, and click next.

    • Choose Block the Connection.

    • Tick Domain and Private. Make sure Public is left unticked.

  10. Repeat Step 9 for Outbound Rules.

Solution 3:

You can do it with network namespaces on GNU/Linux.

Here's how to run OpenVPN and a single application in a separate namespace:

Create the net network namespace:

ip netns add myvpn

Start the loopback interface in the namespace (otherwise many things don't work as expected…)

ip netns exec myvpn ip addr add 127.0.0.1/8 dev lo
ip netns exec myvpn ip link set lo up

Create virtual network interfaces that will let OpenVPN (in the namespace) access the real network, and configure the interface in the namespace (vpn1) to use the interface out of the namespace (vpn0) as its default gateway

ip link add vpn0 type veth peer name vpn1
ip link set vpn0 up
ip link set vpn1 netns myvpn up
ip addr add 10.200.200.1/24 dev vpn0
ip netns exec myvpn ip addr add 10.200.200.2/24 dev vpn1
ip netns exec myvpn ip route add default via 10.200.200.1 dev vpn1

Enable IPv4 routing and NAT for the interface in the namespace. As my default interface is a wireless one, I use wl+ (which may match wlan0, wlp3s0, etc.) in iptables for the outgoing interface; if you use a wired interface you should probably use en+ (or br+ for a bridged interface)

iptables -A INPUT \! -i vpn0 -s 10.200.200.0/24 -j DROP
iptables -t nat -A POSTROUTING -s 10.200.200.0/24 -o wl+ -j MASQUERADE
sysctl -q net.ipv4.ip_forward=1

Configure the nameserver to use inside the namespace

mkdir -p /etc/netns/myvpn
echo 'nameserver 8.8.8.8' > /etc/netns/myvpn/resolv.conf

Almost done, now we should have full network access in the namespace

ip netns exec myvpn ping www.google.com

Finally start OpenVPN in the namespace

ip netns exec myvpn openvpn --config /etc/openvpn/myvpn.conf

Once tun0 is up in the namespace, you're ready to start the program you wanted!

while ! ip netns exec myvpn ip a show dev tun0 up; do sleep .5; done
ip netns exec myvpn sudo -u $MYSELF popcorntime

SOURCE article.

Also there is a wrapper script in the source article you can adapt for your needs.

Related

UDP traffic through SSH tunnel
16 GB USB flash drive capacity down to 938 MB
How can I find out what motherboard is in my computer?
Why is 'ping' unable to resolve a name when 'nslookup' works fine?
How to monitor a folder and trigger a command-line action when a file is created or edited?
Windows equivalent of the Linux command 'touch'?
How to disable internet search results in start menu post Creators Update?
How can I auto generate date based on number of contacts in a company?
Is there any benefit from installing Windows 7 64-bit when you have less than 4GB of RAM?
Can I install the free Windows 7/8 -> 10 upgrade on a new empty drive?
Windows OS on external hard drive
Why does copying the same amount of data take longer if spread across many separate files?