How to route only certain IP Addresses to your VPN in Windows
Version 0.51

Recently I found out how to create my own VPN by firing up a Digitalocean droplet and simply running this script here.

However, Windows 7 (in my case, but it should be similar for Windows 10 too) routes my whole PC's Internet through the VPN making GMail to flag my account, Facebook to do extra verification, websites to be inaccessible, captchas, etc.

The main reason I needed the VPN was to route selected games through it as my ISP's (Singtel) peering was very bad for that particular game and the Digitalocean datacentre was a good middleman slashing my ping by as much as 200ms.

Here's how to make it such that only traffic to the IP addresses you choose will be routed through the VPN.

Disclaimer

Proceed at your own risk! The information here is accurate to the best of our knowledge. We will not be held responsible if this document causes your computer to explode or burst into flames.

In real serious terms, if any corruption of data, hardware damage or any other kind of damage/losses/etc. arises from the use of this document, we cannot be held responsible for it. If you don't like this, please don't read any further.

Before Starting

This guide assumes you have installed and setup the VPN script here. There should be a VPN connection setup for you in Network Adapters.

It is best to work on a copy of the VPN connection in case things do not work out. Simply right-clicking and making a copy of the connection will not work. After creating a copy, you'll want to make sure the connection copy works before proceeding

Disable "Use default gateway" to prevent all traffic going through the VPN

1. Right-click on your VPN connection in Network Connections
2. Click Properties
3. Click Networking tab
4. Select (click once) on the word Internet Protocal Version 4 (TCP/IPv4). Do not click on the box to untick it
5. Click Properties
6. Click Advanced
7. Uncheck "Use default gateway on remote network"
8. Uncheck Autometic Metric and set it to 306
9. OK all the way out

Start your VPN before attempting the commands below. You'll notice that your whole system is no longer VPN'ed.

How to route only one IP address

This is the easiest to do. If you know the server IP address, follow the steps below in the command prompt (Start > Run > CMD)

route print

Note the interface number of your VPN

structure the command as follows

route ADD <IP ADDRESS> <VPN IP ADDRESS> METRIC 306 IF <INTERFACE ID)

How to route a subnet of IP addresses

Big games like Overwatch have lots of IP addresses. You'll need to get all the relevant IP addresses with their subnet mask.

If unsure, use a gaming VPN such as mudfish (new accounts come with free credit) to find the routes and subnet mask. Simply run route print before/after the VPN is active for that game, spot the differences and note the routes.

Once you have obtained the IP addresses, follow the steps below in the command prompt (Start > Run > CMD)

route print

To figure out the subnet for a range of IP address, you can use the tool at the bottom of this page. Input the IP address range, click "Calculate". Copy and paste the answer to the "CIDR to IP Range" box above and hit "Calculate". The subnet mask will be under "Netmask". For long lists of CIDR addresses such as Amazon, you will need to use this link.

Note the interface number of your VPN

structure the command as follows

route ADD <IP ADDRESS> MASK <SUBNET> <VPN IP ADDRESS> METRIC 306 IF <INTERFACE ID)

You can even have two VPNs active at the same time

Just use the same commands above and change the INTERFACE ID as required

You need to make sure you don't get the same IP address in both VPNs though. If you are using the VPN script I linked above, the solution to that is here.

Note: I am not sure of what the Metric exactly means

Do you have more to share? Comment below!

Last Updated 27 July 2022.

Errors? Omissions? Need Help? Know something? Post your queries in the comments below.

This document is Copyright(©) 2019 by G.Ganesh. Visit Bootstrike.Com (http://bootstrike.com).