--
I am a DotA2 Player, I also like listening to Spotify while I play my DotA matches, But Spotify is blocked in my country(?)
In order to unblock Spotify I need to connect to a VPN, However connecting to a VPN causes my DotA2 traffic to go through the VPN too, which causes unnecessary lag and excess ping.
I wish there was a way to route only part of my traffic through the VPN…
Fear not, Microsoft has added a special new feature on Windows 10 called Split Tunneling, This feature is especially useful in my case and It’s documentation is rather … none existent.
On this guide I will use the L2TP VPN provided by this awesome shell script, The GitHub Repository has all the guides about both client and server configuration on a variety of Operating Systems so I won’t go through them.
Now that you have your VPN Connection set, Let’s start configuring split tunneling.
First open a PowerShell as an Administrator and run the following script in order to enable Split Tunneling.
(Note replace >Your Connection Name< with the connection name that you used when creating the VPN Connection)
"Set-VPNConnection" -Name ">Your Connection Name<" -SplitTunneling $TrueNow that you have set split tunneling to true connect to your VPN Connection and go to api.ipify.org to check your IP, It should be your normal IP not the VPN IP.
This means that right now, even though you are connected to the VPN, none of your traffic goes through the VPN.
Let’s check our routing table inside windows.
Run the following command inside the PowerShell that you opened earlier:
netsh interface ipv4 show route
This is your routing table, How this works is that for each packet windows goes through this list from the bottom and finds the first matching rule for that packet and routes it. As you can see the top most rule is very general
0.0.0.0/0 192.168.1.10.0.0.0/0 means all possible IPs.
You can look at it this way X.X.X.X where X can be anything from 0 to 255.
192.168.1.1 is my modem gateway address, basically it is my default interface.
The IP Address is made of 4, 8bit parts so each part can be a number between 0 and 255 because 2 to the power of 8 is 256.
When you write an IP address and an Slash (/) you are defining a subnet. But what is a subnet?
A subnet is a collection of IP Addresses. 0.0.0.0/0 is a subnet. it just happens to be all the possible IPs
Let’s look at an other example, For example take the Subnet 233.76.80.0/24
The number after slash means how many bits are constant in this subnet
So the 24 means that the first 24 bits of this Subnet is constant and since every part has 8 bits this means that the first 3 parts of the IP address are constant you could see this subnet as 233.76.80.X
Now you have a general idea of how the windows routing table works.
All you need to do is add the specific subnets of applications. So that their traffic will go through the VPN.
But how do you know which subnets/IPs an application uses?
You can use the Resource Monitor!
In order to open the resource monitor you can search for it inside the windows search
You first have to go to the Network tab and then below Network Activity you can see a table, Image is the process name and Address is the IP address that, the process is sending/receiving traffic to/from.
Now let’s add some routes to our routing table.
Let’s say you want to add Routes for Spotify, What you need to do first is to route all traffic through the VPN so you can get the real IP for Spotify (In case your country has censorship)
To route all your traffic through the VPN run the following command.
netsh interface ipv4 add route 0.0.0.0/0 ">VPN CONNECTION NAME<"In order to make sure that your traffic is going through the VPN you can visit api.ipify.org
Now that your traffic is going through the VPN sort your resource monitor table by TOTAL
Now open up Spotify but keep an eye on the resource monitor, The exact moment you open Spotify you will see a bunch of Spotify IPs appear!
As you can see there are a lot of IPs, But you don’t need to worry, All you have to do is start from the top with IPs that have the highest send/receive.
What you need to keep in mind is that you have to add the subnet not the IP.
A good rule of thumb is that most often than not the first 3 parts of the IP are static for example we can say that the subnet for 151.101.36.246 is 151.101.36.0/24 to route this subnet through your vpn run the following command in PowerShell.
netsh interface ipv4 add route 151.101.36.0/24 ">VPN Connection Name<"Now lets stop routing all our traffic through the VPN!
netsh interface ipv4 delete route 0.0.0.0/0 ">VPN Connection Name<"Now you can close Spotify and Start it again, If everything is loading up fine that means you added the right subnet, If not you should try again, by adding 0.0.0.0 and closing and opening Spotify again and looking for the top Send/Receives inside Resource Monitor.
You should also do this for playing music, So the music information and playlist information is on one subnet, and the actual music is on an other subnet!
You can also add single IPs inside your routing table by adding /32 on the end of the IP meaning all 32 bits of the IP address are constant.
Why we didn’t do this? because Spotify uses different IPs for content delivery and they keep changing everytime by adding the subnet of the first 24 bits we are making sure that in the future every thing will work fine too!
One of the good IP address that I recommend adding for routing through the VPN is your DNS Server address because DNS is not a secure protocol, your government can change the IP of the domain that you want to resolve and pretending being someone else, Not only that but a very cleaver hacker can also do the same thing!
That’s it! Hope you enjoyed reading this.
Happy Hacking!
