Good day, I have a question. Is it possible to set up a VPN for specific applications running on my PC/smartphone using OpenWRT?
Specifically, is it possible to connect a WireGuard client that will only work with the Steam client of the PC and smartphone, but will not affect the traffic of other applications.
Is it possible to do this and if so, how difficult is it?
You can use Policy Based Routing for this purpose, provided that you have information about the destination domains/IP addresses, destination port numbers and/or protocols that are used for the connections that you wish to steer into the VPN.
If I knew any of this I wouldn't need OpenWRT for this
If you don't have any of that information, no system will be able to help you selectively steer certain connections to the VPN while leaving others to route via the wan.
OpenWrt (with PBR) allows you to do what would not necessarily be possible if you weren't running OpenWrt (or another similar firmware that has policy based routing options). So... you will still need OpenWrt in order to achieve the goal, but you first need to do some homework to gather the relevant information to make such policies.
With that in mind, there is another approach you can take, but it's not nearly as granular....
You could create a second local network that tunnels all traffic through the VPN while the main network does not (this would also be achieved by PBR). Then, when you are running that specific application, you switch to the second network and your traffic will go via the VPN. This will, however, mean that all traffic from the device will go through the VPN while it is connected to the second network, not just the specific application.
I can do this on a PC without OpenWrt. Using, for example, the TunnlTo WireGuard client, in this client I can specify which specific applications to run through the VPN. And the NekoBox program can do even more, control not only programs but also URL addresses. But this client uses completely different protocols...
The huge problem is that this will only work on a PC, but not on a smartphone. I have not found such advanced VPN clients for Android. So I am asking if it is possible to somehow do this through a router
Judging by your answers, this is extremely difficult to do. If I knew the list of all IP addresses that Steam works with, I would be able to implement this even on a router with factory firmware...
Actually it's quite easy to do as long as you have the information required.
You can think of it like buying a new vehicle.... you first need to know what requirements you have for said vehicle. If you don't qualify it with any details and say "I need to commute to work," I'd say "how about a road bike?" Eventually you tell me that you've got to haul big/heavy/dirty stuff to a construction site for your commute... well, maybe a pickup truck is the best option. Information is key.
I am not the developer of this application, how can I know how it works? I name a specific application but I do not know how it works.
Google? The website from the application itself that might talk about connectivity requirements? etc.
Google is an unreliable source, I found a lot of information that contradicted each other and my personal observations. I found 3 different ranges of IP addresses for this program, and all of them did not match the addresses to which this application connected. There are hundreds of them! I tried to block the found addresses through the firewall, but Steam reconnected to new and new addresses each time. To addresses that were not in Google.
So what do you want from me if even Google does not know about this?
This is not uncommon with content distribution networks, clouds, and the like.
Ask the developer or the support resources for the app.
I'm not telling you what I want. I'm telling you what you need in order to make this possible. If you're appropriately motivated to find the answers, I'm sure you can succeed. If you don't put in the effort, it simply isn't possible to do.
Geomate - Geographic Game Server Filter for OpenWrt might be able to help here ...
Realistically, your router has no way of knowing if traffic comes from program 'a' or program 'b' on one of your network clients. PBR can only be kludge to get 'some' of this (perhaps) classified correctly, if you supply it with the correct rules.
Are there ways to do this, sure, but only if you either do classifying on the host running the program (e.g. network namespaces and more) or routing traffic on a (v)host base. OpenWrt can only be a minor cog in this gearbox, the real work is all yours.
And do you think I need to hack Steam to get access to classified information? I'm not a hacker!
"just" use the primary source then: