For those asking about running certain applications bound to certain network interfaces on Windows, this may be a solution.

[VirtualLarry]

https://pcper.com/2019/04/rivet-networks-announces-the-2x2-wi-fi-6-killer-ax1650/

Killer DoubleShot Pro: The Killer DoubleShot Pro technology, which can combine wireless and wired networking connections for improved throughput, is enhanced by the upgrade to Wi-Fi 6. When a device is equipped with both Killer Wi-Fi and Killer Ethernet chips, users can assign certain applications to either interface. Previously, users could assign their highest priority traffic to the Ethernet interface for the best speeds and reliability, while less important traffic, such as Windows Updates or background file transfers, could be routed to the wireless interface. With Wi-Fi 6 and the Killer AX1650, the wireless interface can often now be as fast or faster than the wired interface, giving users two high-speed options for independently routing network traffic.

Sounds like this might do what you want. Set up your wired NIC for straight-to-ISP traffic, and set up your Wifi for VPN traffic, or vice-versa. Someone who owns one of these, report back if this is a possible solution, thanks.

 

[JackMDS]

When a Product states: "These include a theoretical maximum throughput of up to 2.4Gbps, up to 4 times increased throughput in dense environments, " (the emphasis on the word theoretical is mine.)

It makes me Uncomfortable.

 

[mxnerd]

Some reading here from PIA VPN forum.

https://www.privateinternetaccess.com/forum/discussion/29315/possible-to-bind-to-a-single-nic

adding a second adapter doesn't do anything for the split-tunnel situation. The problem is not multiple adapters, or that the primary adapter is "hidden" behind PIA. The problem is that there is only one global routing table for the whole system, so when the operating system needs to find out how to route traffic to an IP, it consults the routing table and picks the first valid and most precise entry in the table.

You could bind the OpenVPN process to one adapter no problem, but you would still end up with all traffic preferring to go through the TAP.

As far as I'm aware, the only way to deal with this is policy-based routing, or bind the software that listens for incoming connection to the non-VPN adapter.

According to it's description, Killer DoubleShot Pro is kind of a solution. But you can also use this free ForceBindIP utility http://www.r1ch.net/stuff/forcebindip/ to tell which NIC IP an application should bind to.

First, you have to tell OpenVPN (or any other VPN software that's based on OpenVPN) which adapter to bind to (assuming wireless adapter in your case has IP address 192.168.1.30) , ex: OpenVPN client can use "local=192.168.1.30" command in it's configuration file to tell OpebVPN to bind to this particular card. Then use DoubleShot Pro or ForceBindIP to tell to which adapter or IP a particular application (Chrome or Firefox, etc.) should bind to.

So basically you probably need to use Chrome for non VPN surfing and Firefox for VPN surfing, for example.

JackMDS mentioned VPN extensions for Chrome browser in another thread, but I have no experience with those stuff. Don't know if they support policy based routing. My wild guess is they don't.

If all you do is just browsing, using a browser with VPN extension and one without probably is the simplest solution, however. No dual NICs required.

 

[mxnerd]

Found out my FreshTomato flashed Netgear R6300v2 does support policy routing for OpenVPN. Since you have several ASUS routers, think you can also flash one of them.

firmware https://exotic.se/freshtomato-arm/v2019/2019.2/

Initially policy routing didn't work. Because it routes all traffic through VPN even if you setup policy routing. After googling, found that the problem is https://www.linksysinfo.org/index.p...uting-policy-must-be-missing-something.72210/

So, you have to check Ignore Redirect Gateway on Advanced tab for OpenVPN client page. There are two check boxes, I selected both and Redirect Internet traffic option will be disabled automatically.

Tested successfully with Routing Policy using free VPNBook service.
ipchicken.com returned my VPN IP address, yet other sites detected my WAN IP, but I can still visit https://forums.anandtech.com without being blocked.

I didn't test thoroughly, YMMV.