Setting up OpenVPN in Windows 10 for specific applications

Configure OpenVPN in Windows 10 for Specific Applications Without Virtual Machine Using Split Tunneling

You can configure OpenVPN in Windows 10 to work with specific applications only without using a virtual machine by implementing split tunneling, which allows you to route selected application traffic through the VPN tunnel while keeping the rest of your internet traffic on your direct connection. There are built-in Windows tools, lightweight utilities, and command-line routing methods that don’t require virtual machines and consume minimal system resources. The main approaches include using the OpenVPN GUI application with configuration settings, Windows Filtering Platform (WFP) for application-level traffic management, and creating custom routes through the command line.

Contents

• What is split tunneling and how it works in Windows 10
• Methods for setting up split tunneling for OpenVPN in Windows 10
• Using built-in Windows tools
• Lightweight utilities for traffic management
• Setting up routing via command line
• Practical configuration examples
• Comparison of different approaches
• Conclusion

What is split tunneling and how it works in Windows 10

Split tunneling is a VPN feature that allows you to route some internet traffic through the VPN connection while keeping other traffic on your regular internet connection. In the context of Windows 10 and OpenVPN, this means you can choose which specific applications or network services will use the VPN while others remain on a direct internet connection.

Key difference from virtual machines: Split tunneling works directly within the Windows 10 operating system without the need to create and maintain a virtual machine, which significantly reduces system resource consumption.

In Windows 10, split tunneling is implemented through several mechanisms:

• Windows Filtering Platform (WFP) - A traffic filtering platform at the operating system level
• Application-level routing - Defining rules for specific executable files (EXE)
• IP/port-level routing - Defining rules for specific network addresses and ports

According to research from Microsoft, the company strongly recommends using split tunneling when working with VPNs, especially for services like Microsoft Teams, to avoid performance and compatibility issues.

Methods for setting up split tunneling for OpenVPN in Windows 10

Through OpenVPN configuration file

The most flexible method for setting up split tunneling is using an OpenVPN configuration file with routing directives. To do this, you need to edit the OpenVPN client configuration file (usually with the .ovpn extension) and add the appropriate parameters.

# Prevents automatic addition of default route through VPN
route-nopull

# Adds a route for a specific application or service
route 192.168.1.0 255.255.255.0

# Excludes specific IP addresses from the VPN tunnel
route-exclude 192.168.1.0 255.255.255.0

As noted in the setup guide, the route-nopull directive is key to preventing all traffic from being automatically redirected through the VPN.

Through OpenVPN GUI application

Many modern VPN clients, including OpenVPN GUI, have built-in interfaces for configuring split tunneling:

1. Launch the OpenVPN GUI application
2. Right-click the icon in the system tray
3. Select “Edit Config” or “Edit Configuration”
4. Add the necessary routes in the route section or use the route-nopull directives
5. Save the configuration file and restart the connection

This method is particularly convenient for users who prefer a graphical interface over editing text files.

Using built-in Windows tools

Windows Filtering Platform (WFP)

Windows 10 provides a powerful mechanism for managing network traffic through the Windows Filtering Platform (WFP). While this requires more technical knowledge, WFP allows you to create complex routing rules.

Main WFP capabilities for split tunneling:

• Application-level traffic filtering
• Routing based on IP addresses and ports
• Creating exceptions for specific network services

To configure through WFP, you can use PowerShell or specialized tools like Windows Firewall Control, which provide a convenient graphical interface.

Routing via PowerShell

Windows 10 allows you to manage routing through the PowerShell command line:

# Adding a static route
New-NetRoute -DestinationPrefix "192.168.1.0/24" -InterfaceIndex (Get-NetAdapter | Where-Object {$_.Name -like "*TAP*"}).ifIndex -NextHop "10.8.0.1"

# Viewing current routes
Get-NetRoute

# Removing a route
Remove-NetRoute -DestinationPrefix "192.168.1.0/24" -Confirm:$false

This method is particularly useful for automating configuration and integrating into deployment scripts.

Lightweight utilities for traffic management

OpenVPN with routing plugins

There are lightweight utilities that extend OpenVPN functionality for traffic management:

1. route-helper - An OpenVPN plugin that allows automatic route management based on connected applications
2. tun2socks - A tool for redirecting traffic through a SOCKS proxy
3. proxychains - A utility for forcing traffic through proxy servers

These utilities don’t require significant system resources and can be configured to work only with selected applications.

VPN clients with built-in split tunneling

Many modern VPN services provide their own clients with split tunneling support:

• ProtonVPN - As noted in research, supports split tunneling on Windows
• ExpressVPN - Allows you to select specific applications to work through the VPN
• Surfshark - Offers flexible traffic routing settings

The advantage of these solutions is that they are already optimized for Windows 10 and don’t require complex manual configuration.

Setting up routing via command line

Using .route files

For Windows 10, you can create a special .route file that will be automatically applied when connecting to OpenVPN:

1. Create a file with the .route extension (for example, myapp.route)
2. Add the necessary routes to it:
   192.168.1.0 MASK 255.255.255.0 10.8.0.1
   

3. Save the file in the OpenVPN configuration folder
4. Specify the path to this file in the main OpenVPN configuration using the route-file directive

Automation via scripts

To automate the process, you can use PowerShell or CMD scripts:

# Script for setting up split tunneling when connecting to VPN
$vpnInterface = Get-NetAdapter | Where-Object {$_.Name -like "*TAP*"}
$vpnGateway = (Get-NetRoute -InterfaceAlias $vpnInterface.Name).NextHop

New-NetRoute -DestinationPrefix "192.168.1.0/24" -InterfaceIndex $vpnInterface.ifIndex -NextHop $vpnGateway

Such scripts can be run automatically when connecting to VPN through Task Scheduler or through special OpenVPN plugins.

Practical configuration examples

Example 1: Only browser through VPN

To configure it so that only the browser uses the VPN while other applications remain on the direct connection:

# In the OpenVPN configuration file
route-nopull

# Route for browser (example for Chrome)
route 8.8.8.8 255.255.255.255
route 8.8.4.4 255.255.255.255

Example 2: Excluding local network

To exclude local network traffic from the VPN tunnel:

# Exclude local subnet
route-exclude 192.168.1.0 255.255.255.0

# Exclude specific IP
route-exclude 192.168.1.100 255.255.255.255

Example 3: Only specific ports

To route traffic only on specific ports through the VPN:

# Routing for port 8080
route 203.0.113.0 255.255.255.0

These examples show how to flexibly configure split tunneling for specific user needs.

Comparison of different approaches

As shown in research, most users prefer to use VPN clients with built-in split tunneling support due to the ease of setup and good integration with Windows 10.

Conclusion

Configuring OpenVPN in Windows 10 to work with specific applications only without using a virtual machine is fully possible and preferable from a system resource consumption perspective. The main conclusions are:

1. Split tunneling is the optimal solution for managing VPN traffic without virtual machines, allowing you to route only selected applications or services through the VPN.

2. The simplest methods include using OpenVPN configuration files with route-nopull and route directives, as well as modern VPN clients with built-in split tunneling support.

3. Built-in Windows tools provide powerful capabilities through Windows Filtering Platform and PowerShell, but require more technical knowledge.

4. Lightweight utilities and specialized plugins offer a good balance between simplicity and functionality, making them suitable for most users.

5. Automation through scripts can simplify the setup process and ensure reliable split tunneling operation in various usage scenarios.

It’s recommended to start by using a VPN client with built-in split tunneling support, and if necessary, move to more complex configuration methods through configuration files or built-in Windows tools.

Sources

1. Split tunneling using OpenVPN - Mullvad VPN
2. How to Set Up Split-Tunneling on OpenVPN Using Routing Tables - PrivateProxyGuide
3. What Is VPN Split Tunneling? How to Make It Work - PrivateProxyGuide
4. Why Microsoft Mandates Split Tunneling with VPNs - panagenda
5. Split VPN Tunnelling and Routing Based on Packet Protocol and Port - Jon’s FOSS Blog
6. Set Up a VPN Connection with Windows 10/11 Built-In Client - Windows Forum
7. Split tunneling vs. full tunneling: Which should you use? - ExpressVPN
8. Split Tunnel vs Full Tunnel: Which Is Best for You? - CyberGhost VPN
9. SSH Connecting Via VPN Fails - How To Fix? - Dev Problems
10. ProtonVPN - Softonic