Setting VPN just for some special software, not for all parts of system?

@see superuser question about different interfaces for different processes

This answer requires some compiling (see above for more), root access and ip command from iproute package

sudo apt-get install iproute

This will retrieve and compile bind.so PRELOAD library in your current directory.

wget http://www.ryde.net/code/bind.c.txt -O bind.c
gcc -nostartfiles -fpic -shared bind.c -o bind.so -ldl -D_GNU_SOURCE

Now, let's assume that your VPN is online and you know your tunnel device name (like tun0). Let's also assume that you know your default gw (route |awk '/default/ {print $2 }') And your tunnel/other device gateway route |awk '/tun0/ {print $2 }'

## run as root:
## which device to route out with (tun0, eth0, wlan0) 
export DEV=tun0
## default gw to use for that device (see above for advice)
export DEVGW=192.168.1.1
# which routing table to use
export TABLE=special_table1
# get ip for "$DEV"
export BINDIP=$(ifconfig $DEV | perl -ne 'if (/inet addr:([\d\.]+)/) {print $1}')

## create empty routing tables
# match name to TABLE variable above with unique number before it.
# like: (creates two tables)
echo 201 special_table1 >> /etc/iproute2/rt_tables
echo 202 special_table2 >> /etc/iproute2/rt_tables

## add default gw for special routing table
ip route add default via $DEVGW dev $DEV table $TABLE
## source route all traffice from you bound ip through that
ip rule add from $BINDIP table $TABLE

# flush routing cache
ip route flush cache

To look at your routing tables:

# This is the main table (should basically have same info as `route -n`)
ip route show table main
# your special_table1
ip route show table special_table1

# this this you can see which source ips trigger which routing table
ip rule show

Running a program like firefox with bind.so PRELOADED and binding it to the interface you want to route out traffic with.

### run as user 
## change DEV to with route/device you want your program to bind to 
export DEV=tun0
export BINDIP=$(ifconfig $DEV | perl -ne 'if (/inet addr:([\d\.]+)/) {print $1}')
BIND_ADDR="$BINDIP" LD_PRELOAD=./bind.so "PROGRAM NAME"

#like:
BIND_ADDR="$BINDIP" LD_PRELOAD=./bind.so firefox

If you want you can repeat this for as many interfaces you want and you bind.so so that the specific application is bound to specific interface. All applications not started with bind.so route out as your main routing table specifies.

If you can determine the specific IP addresses and/or ports that you want to use with VPN or vice versa, then the ip command will help you do that by allowing/disallowing a route for such and such.

The ip command is found in the iproute package:

sudo apt-get install iproute
man ip

I've been using it in a very limited fashion so I do not want to give you detailed information, but I'm pretty sure you can figure it out with the documentation. You may also find good example online on how to do such things with the ip command.

It is possible to configure a listening socket (i.e. a program that offers a service) to use a specific adapter. But client programs such as Firefox will usually simply send IP packets to the OS (by binding to 0.0.0.0) and leave it up to the OS as to how those packets reach the internet.

Some client programs do allow you to configure binding to a specific adapter IP address, but how to do this is down to each applications configuration.

It is possible to configure IPTABLES2 to use the PID (process ID) to route IP to a given adapter, but this PID will keep changing so would require the firewall rules to be continuously updated.

A better solution is to install a simple SOCKS proxy, such as Squid (which is rather complicated), tinyproxy, Dante or SS5.

Bind the proxy server to offer SOCKS5 on the lo adapter and configure it to send all IP via the VPN adapter.

If you bind the proxy server to an Ethernet port, other machines in the same network can use the same SOCKS server.

Configure each app that needs to use the VPN to use the proxy server.

There are tools such as soxify and tsocks that can be used to force programs that don't natively support SOCKS to use it.

If you want to use the vpn to route your trafic trough it, and you want for example to use it with firefox for example this is what you do: You enter Firefox, go to Options menu:

Go to Advance -> Network Tab

Now in the Connection Settings dialog:

Select Manual configuration
In SOCKS Host, enter your loopback ip address (always 127.0.0.1)
Use the port you chose above (80, or 8080 or whatever if you don’t want to use 80)
Make sure SOCKS v5 is chosen
If you don’t want to proxy some addresses (maybe localhost or something) enter those
addresses\domains in the “No Proxy for:” text box
Click OK.

And you should be good to go. You can check your ip to see if it is working corectly. http://www.whatismyip.org
The procedure should be the same for the rest of the applications. Note that not all have these options.