New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Split Tunneling VPN
Hi,
A lot of VPN companies have a split tunneling feature, which allows you to use VPN on only programs that you select to run on the VPN. For example only run VPN on torrent program or a game.
I don't like the thought of spending so much on a VPN when I can just install VPN on a VPS and pay almost nothing.
How would I get split tunneling to work on VPS using OpenVPN, Wireguard, and so on...?
Is this feature only available on those expensive VPN companies? Why can't I find a guide for it on free VPN programs that I can install on VPS? Is this feature to new or something?
Any help appreciated!
Comments
For wireguard, you can write the IP subnets you want to forward to the VPN in
AllowedIPs
option.All other IP subnets will not go through this VPN.
Do you want split tunneling by app, or split tunnelling by IP?
The latter is easy - you just have to tweak the routing tables, or the AllowedIPs in WireGuard. A lot of VPNs already do something like this out-of-the-box so you can still access your local network while connected to the VPN... Basically the route for your local network has a higher priority than the route for the VPN.
Split tunnelling by app is harder and I think it'd have to be a custom client of some sort. It's quite easy on Android as each app runs as a separate system user and network connections can be isolated by user. Not sure of the best way to do it on Windows though.
You can use HTTPS or SOCKS5 proxies in some cases, but note that SOCKS5 is unencrypted so it does nothing for privacy unless you tunnel it over something like SSH. For HTTPS you can just use a regular proxy program such as Squid. SSH forwarding is also an option, or you can do SOCKS5 over SSH forwarding so that it's encrypted.
I am trying to tunnel specific windows programs, I don't have the knowledge to run my own client if that is the only option.
I guess I can only fork up a few more dollars a month for a VPN instead of a VPS. I'd rather not, but this might be only option.
Maybe I can set VPN to run only on port 10000 to 65535 since that is what ports windows torrent program uses.
If you want an app to go through VPN:
There are multiple ways to achieve first and second steps:
lxc-unpriv-create
docker --network none run
The third state is
ip link set netns
command.See WireGuard - Routing & Network Namespace Integration.
No idea how stable it is, never used.
https://www.wiresock.net/
Nice, this looks promising, was just recently updated too.
Get one of those lifetime deals from KeepSolid or FastestVPN, and they should be way cheaper than running a VPS. The services have already been running stably for years, and people (incl. me) bought in for <$20 lifetime.
Unless you have a really specific use case that these services suck at, you know? I can see how you can tweak your own VPN to be better than a VPN service, but cheaper? Hmm.
I have both of those plans.
FastestVPN split tunneling only works on websites/IP not windows programs.
KeepSolid VPN split tunneling only works on the android app not on Windows PC.
Are there any VPNs that let us route the traffic of a particular browser tab ? Browser extensions of commercial VPNs work for the whole browser when enabled.
I think maybe if you have a VPN service... something like Split Tunneling on FastestVPN. You can turn off the browser extension, turn on split tunneling on the FastestVPN windows program and add the website/ip. It will only VPN that specific site or more sites if you add them, but you won't be limited to one tab, it will VPN all tabs with that specific site.
This is how I imagine it would work, but I haven't tried it yet, but in theory it should.. Just not a specific browser tab though, but all of them for a specific website.
I'm sure some other solution is out there, but this is closest I can think of. You could also do VPN on one browser and no VPN on another browser.
EDIT: Sorry, I tried it myself, it should've worked, but the tunneling on the FastestVPN program doesn't even work/function like it supposed too.
Ah sorry, didn't know that, even though I have them as well.
I know ExpressVPN's split tunneling works perfectly on Windows, but it's expensive.
Windscribe has a Build Your Plan thing that gives you access to all DCs in 1 country for $1/mo. + unlimited traffic $1/mo. = $2/mo. I found that they've made a lot of strides in the streaming department during the years I haven't used them. Haven't checked their split tunneling, though.
Some other providers can become dirt cheap through places like TopCashback, unless the provider declines the commission and you get screwed afterwards (fuck you PrivateVPN, you owe me $40! ). ExpressVPN and PureVPN have paid up without issue.
A shadier but cheap method -- buy access to 1 device's worth of access from someone for cheap. This really depends on whether you can find a reputable seller that does things in moderation. Surfshark access get sold (abused) a lot because it allows unlimited concurrent connections per account.
I'm actually on the "my own VPN" boat, but that's because my use case is specific -- watching Korean streaming in 1080p -- and NONE of the VPN services are rock stable, most are total shit for that. So I maintain $10/mo, $5/mo, and $2/mo VPSes in Korea that work great, OK, and OK respectively, on top of 7? 8? more? VPN subscriptions that I've paid for multiple years and can't use. Just wasted money during my failed/ongoing quest to find cheap VPNs that work well.
Most torrent apps can use proxies, why not try it that way?
I just use shadowsocks on my vps and foxyproxy firefox or SwitchyOmega for chrome to auto forward the webpage to the shadowsocks
Wow this one looks interesting, and if it connects to standard Wireguard servers then it should be usable with any VPN that uses Wireguard (both commercial VPNs as well as self-hosted VPNs). TIL about "Windows Packet Filter" (which it uses), which looks like a very useful library.
Proxy is not ideal for torrents since it doesn't allow inbound connections, which you need to be able to seed. Please don't be a leech :P
For P2P networks, ideally you want a VPN that supports port forwarding. AirVPN does this, and you can do it on a self-hosted Wireguard node with nftables (or legacy iptables) rules.
very cool find ty, off to test!