I have a Windows VM set up with dual virtual NICs. I only want PIA to use one of them, so unVPN'd traffic can come in and out on the 2nd virtual NIC. Is this possible?
This is not really possible without split tunnelling and policy-based routing.
In general, having two network adapters working together is quite painful: usually you always use one and at best have one on standby.
You can have OpenVPN bind to one specific adapter with the "--local" configuration option, but in all cases it will create a third one (TAP-Windows Adapter V9) that corresponds to the VPN connection.
I'm not sure I quite understand the use case there: what does the second NIC do differently than the first one?
The use case is I have an application that on the backend is connecting to a service where I need to obscure my IP address and be able to change it quickly should my IP get banned (to be blunt, this is for a Pokemon Go scanner).. The application also has a web based front end that I want to allow public access to. So either I would need split tunneling which PIA doesn't support, or my thoughts were if it was supported, bind a single NIC to PIA, and set up static routes to control what goes where. I've done a lot of searching through these forums since I first posted and based on what I've read, it doesn't seem PIA is going to do the trick. I've had a subscription to PIA for years, so wanted to try getting this working with what I already had before investigating alternative solutions.
Yeah, adding a second adapter doesn't do anything for the split-tunnel situation. The problem is not multiple adapters, or that the primary adapter is "hidden" behind PIA. The problem is that there is only one global routing table for the whole system, so when the operating system needs to find out how to route traffic to an IP, it consults the routing table and picks the first valid and most precise entry in the table.
You could bind the OpenVPN process to one adapter no problem, but you would still end up with all traffic preferring to go through the TAP.
As far as I'm aware, the only way to deal with this is policy-based routing, or bind the software that listens for incoming connection to the non-VPN adapter.
Comments
In general, having two network adapters working together is quite painful: usually you always use one and at best have one on standby.
You can have OpenVPN bind to one specific adapter with the "--local" configuration option, but in all cases it will create a third one (TAP-Windows Adapter V9) that corresponds to the VPN connection.
I'm not sure I quite understand the use case there: what does the second NIC do differently than the first one?
You could bind the OpenVPN process to one adapter no problem, but you would still end up with all traffic preferring to go through the TAP.
As far as I'm aware, the only way to deal with this is policy-based routing, or bind the software that listens for incoming connection to the non-VPN adapter.