Gaming ports exclusion from VPN traffic

[Trentonxx]

Hi,

 

super n00b question, I have the yearly subscription to PIA, and I have their (Windows) client installed, I can auto-connect without any problems, but I have to disable it every time I launch a game to avoid lagging or ending up on different countries' servers. and while I'm off the vpn I can't keep browsing on other screens without using my ISP connection of course.

Sadly I can't change my ISP modem to one with VPN capabilities (can't even change the DNS on this pos) and before I go out and buy a DD-WRT router (and find a way to make it work with the ISP modem which needs to be the gateway anyway) I was wonderting what's your best choice of software to make some sort of firewall filtering, allowing gaming ports to go directly through the network, while diverting HTTP/HTTPS and other traffic on the VPN tunnel from PIA, or if there's an easier solution to this.

I've read it might work creating 2 virtual Network interfaces but when I had a virtual NIC from a previous VM thinkering it caused so many problems I probably messed up something.

 

or maybe I'm approaching this problem from the wrong angle?

thanks

 

 

 

 

 

 

[Br3tt96]

Following!

[jj9987]

Without knowing what games we are talking about specifically (and even then, we might not know how they communicate), it is hard to say. Games might not be using specific ports at all and be routed outside your computer using one port and outside the router using another port, thanks to NAT. So doing this purely based on port numbers is not going to help.

 

Secondly, I am not aware of any Windows tools that support network traffic filtering/rerouting. Games do not support multiple network interfaces anyway, they use the computer's native internet connection and routing table, which tells where what connection goes.

[Trentonxx]

2 hours ago, jj9987 said:

Without knowing what games we are talking about specifically (and even then, we might not know how they communicate), it is hard to say. Games might not be using specific ports at all and be routed outside your computer using one port and outside the router using another port, thanks to NAT. So doing this purely based on port numbers is not going to help.

 

Secondly, I am not aware of any Windows tools that support network traffic filtering/rerouting. Games do not support multiple network interfaces anyway, they use the computer's native internet connection and routing table, which tells where what connection goes.

as for games atm I mostly play Fortnite and probably will be playing COD/BF, IIRC COD used to run on ports 28960, but now with matchmaking might be different.

I could just route the 80/443 ports to the VPN so at least I can keep my browser open for youtube or whatever. and I close torrent anyway while playing.

I already have a pc with a Pentium g3258 that acts like a server for 2 external HDDs with movies (primarly to decode HD movies to my tv with PLEX and generic media center hub for the internal network,  idk if I can install something there to help with my situation? a raspberry Pi only has 1 eth port and I don't think it can be useful.

 

or if I have to buy a programmable switch/router if you have any model suggestion, otherwise I think I will pick the Linksys that everyone seems to have and it's full of compatible programs

[Falconevo]

Considering you only want to send HTTP and HTTPS traffic down the tunnel (I assume at all times) the best way to do this is to have access to a proxy service in addition to the VPN.  You can use a configuration called Split Tunnelling for the VPN which allows you to route certain traffic targeted for specific IP(s) down specific 'gateways' but keep other traffic on the normal connection.

 

Here's what I would do if you can get access to a HTTP/HTTPS proxy (I can provide you credentials to test one of mine for 24 hours if you want to confirm functionality);

• Configure PIA for Split Tunnelling; 
  https://www.privateinternetaccess.com/helpdesk/guides/other-hardware/split-tunneling/how-to-split-tunnel-on-windows
• Configure a static route for the proxies IP address to be routed down the PIA gateway
• Change interface metric on VPN interface to a higher value than the normal Ethernet interface
• Configure a proxy within your web browser to the IP of the HTTP/HTTPS proxy
• Test, verify functionality

This will force all HTTP/HTTPS connections made within the browser to go via the static route, over the VPN interface and out of a proxy on the other end of the VPN.  Traffic stays encrypted from end to end.

 

There are other methods to accomplish the task also, but I would need information on the following;

1. Does your router/firewall/edge device support IPSec or OpenVPN based clients?
2. Can your router be configured for outbound routing policies based on TCP port?
3. Do you have any Linux or *BSD experience?
4. How far down the rabbit hole do you wish to venture?

[Alex Atkin UK]

You could also run a virtual machine with Linux, just for browsing, or get a cheap laptop.

I much prefer to dedicate my PC when gaming anyway and use my laptop or phone for browsing if I need to.

If you were willing to pay for a router anyway, then a cheap laptop shouldn't be unrealistic just for this purpose.