Running VPNs at application level?

Bind Windows Application to Specific Network Adapter with ForceBindIP

 

You could run a Windows or Linux VM in VMware Player (which is free). Prebuilt Linux VMs are available. For Windows, you'd probably need to create your own VM using VMware Player and an installation CD with a valid license. Such a Win XP / Win XP setup is usable on an old notebook with a single-core CPU.

 

See for example http://www.technize.com/connect-different-applications-to-different-internet-connections/. Isn't this what you're trying to do?

 

Some VPN providers such as Ivacy have an software allowing to select which application has to connect through vpn, and which app doesn't (but this software only works with pptp and l2tp/ipsec connections, not openvpn). In the future, if the user's demand is strong enough, many others vpn providers will propose same kind of ability.

You can use SSH tunneling as well (but in that case, UDP flow is not tunnelized, only TCP one, as with Tor)

The easiest and most efficient way imo to secure your vpn connection is to use route deletion as explained here (see the FAQ).

You can use a .bat file for that, so 2/3 mouse clicks are sufficient.

Virtualization is very good idea too (and you can use vpn through vpns), although a bit less simple imo, and (as you notice) a bit ressources consuming.

 

Perhaps these links may help you craft a solution:
http://blog.dmbcllc.com/2008/08/26/bypass-vpn-for-regular-traffic/
http://superuser.com/questions/17963/bypass-vpn-for-certain-apps
http://superuser.com/questions/26350/setting-vista-to-send-only-some-traffic-through-vpn
http://superuser.com/questions/1329/how-to-keep-multiple-connections-to-internet
http://stevenharman.net/blog/archive/2007/01/26/VPN_Connections_and_Default_Gateways.aspx
http://forums.whirlpool.net.au/forum-replies-archive.cfm/395051.html
http://superuser.com/questions/9055...n-and-one-regular-connection-at-the-same-time
http://support.microsoft.com/kb/894564
http://arstechnica.com/civis/viewtopic.php?f=10&t=1116349
http://en.wikipedia.org/wiki/Split_tunneling

 

You're welcome .

Here's a relevant topic in the ForceBindIP forum: http://www.r1ch.net/forum/index.php?topic=1648.0.

 

If you want to test stuff, you could install Returnil. I would at least try http://blog.dmbcllc.com/2008/08/26/bypass-vpn-for-regular-traffic/, in conjunction with ForceBindIP. If that doesn't work, then make your physical connection have a higher priority than the VPN connection, and use ForceBindIP to bind those programs that you wish to use with the VPN connection.

 

What you say is true. You only use the VPN for the stuff you don't want associated with you. And you don't use it for anything that identifies you. And, if there are multiple types of stuff that you don't want associated with you, or with each other, you use a different VPN for each type. And if there's stuff that you REALLY don't want associated with you, you route a VPN running on a VM through another VPN running on the host, and you encrypt everything (host, container holding guest files, and guest).

 

Does your OpenVPN server.conf file have the line push "redirect-gateway def1"? If so, maybe removing it would help.

More linkage:
http://forums.untangle.com/openvpn/3797-openvpn-tunnel-web-traffic.html
http://www.openvpn.net/index.php/open-source/documentation/howto.html#redirect
http://www.ultravpn.fr/forum/index.php?topic=477.0

 

I'm sure that you could do that, although I don't know how. I suspect that it'd be harder than specifying which traffic uses the VPN and which doesn't.

It's hard enough to lock down VPNs so there's no leakage. Attempting to route each app's traffic differently seems pointlessly risky.

You don't need all your apps on the VM - just browser, email client, torrent client and whatever. You want to use those only via the VM, and never for anything that's associated with you IRL. It's not just accounts and such. Keep your interests compartmentalized. For example, I never read Wilders except as hierophant via XeroBank, and I don't talk about Wilders with IRL friends.

 

I have an XP box and a Win 7 x64 box. There is a VPN connection courtesy of JanusVM on the XP box, but the XP box isn't bootable right now. I've never worked with OpenVPN before.

I'm not sure if what you want can be done or not. You may wish to browse the forums for some popular VPNs.

 

Avoid UltraVPN, IMHO. It hides the TAP adapter, using OpenVPN flags, and the setting persists for subsequently-installed VPNs. I never figured out how to reverse it (just deleted the VM I was using).

 

Avoid SSH tunnels, IMHO.

 

I haven't done Usenet for years. Why so much memory? Can you force it to use a disk cache? Perhaps it's possible to have your VM host use disk for memory.

 

AFAIK, OpenVPN links are the best mix of security and simplicity, if you want all traffic routed. For routing specific apps, that may not be so. And I wouldn't go that route.

 

Hi Simply the Best,

VPN's are not by nature intended to run at the application level - i.e. VPN's are networking software and by their very nature will never be able to manifest at that level.

-- Tom

 

Concerning route deletion, it could looks complicated, but is really simple and very efficient. You could see my post in this thread. I currently use this method. My VPN being connected, all I have to do is to type in my comman window:

And in fact I even don't ave to type this: I only click on a .bat file containing this command.

Ivacy Monitor do this job:

In protection mode, enable "application started via secure launch". Then, choose your connection mode (e.g. IPsec to russian server), then click on "connect", and then start e.g. µTorrent in clicking on "µTorrent" in Secure Launch window.

As a result µTorrent, and only µTorrent, is "hooked" by Ivacy vpn.


So:

1) If you start (without Secure Launch) e.g. your browser , you will navigate outside the vpn, with your ISP IP.

2) If for some reason the vpn disconnects, all µTorrent's connection close, preventing your ISP IP to be revealed on the Torrent network you was participating.

Your two wishes (secure connection + hability for some apps to connect trough vpn, some others bypassing it) seem to come true

 

At the time being, Ivacy Monitor doesn't work with non ivacy vpn (for non ununderstandable reasons). And it works with ivacy L2tp/Ipsec vpn (and pptp, too).

But having at least one vpn able to do what you attempt is already better than nothing. Better than "impossible, nowhere, never".

Moreover, the fact that at least one vpn provider succeeded to built a soft allowing certain applications to be linked through the vpn, leaving others going through your normal connexion, proves that it is entirely possible. As coders working at Ivacy are not much more hyperbrained than their competitors, on can hope that what Ivacy has been able to do, others coders are able to do, too.

So, if your demand is strong enough, the vast majority of vpn providers will some days offer applications such as ivacy moditor, doing the same job (or even better) than Ivacy monitor does, but for their own vpn.

A good challenge for coders (if coders are reading this thread).

 

Hi Simply The Best and Lyx,

What both of you appear to be talking about is to essentially force an application to use a VPN, n'est pas?

If so, it sounds reminiscent of using the wrapper(s) torkify or torify to make applications use either tork or tor respectively. You may want to look at the code for those wrappers to be able to concoct such a wrapper for your applications to access your VPNs.

In any event, it seems like it would be worth a try, eh?

-- Tom