I successfully used @TRS-80's technique to achieve this.

I work from home and have to VPN onto the corporate network for my email (I hate webmail!!).

At the same time, I need to be constantly surfing for info and also need youtube for my background music... Now you definitely don't want to stream youtube off a VPN since that makes it sound like a Robot Singing!!! :)

All I did was follow @TRS-80:

properties of the VPN, Networking tab, "Internet Protocol (TCP/IP)" properties, Advanced, untick "Use default gateway on remote network"

and then did my own:

under DNS tab, tick "register this connections addresses in DNS"

All works seamlessly!

Granted this answer does not reflect your request but i use a VM specifically for this purpose. That way only the network inside the VM is restricted by the routes.

You may find some better answers by other people but at least this may give you something to consider as it an easy solution after the VM has been created.

I found that it needed to directly point interface in route command. Without it, Windows going to use main network card interface, instead of VPN. In my case, it looks like

route -p add 192.168.10.187 mask 255.255.255.255 0.0.0.0 IF 26
::           ^destination        ^mask           ^gateway   ^interface

note the 'IF 26'.

if you have both IPV4 and IPV6 you have to uncheck the "Use default gateway on remote network" in both places, even if you only use IPV4

I want to add my solution to the mix. It runs on a Cygwin-powered UNIX shell on Windows 7 or newer but should also work with MSYS2, Bash-on-Windows [WSL] after build 14986, or Busybox for Windows). Needs to be run with admin privileges.

It has some settings and tries to detect some of the things you didn't explicitly set. It also sets the interface number (IF) explicitly to counter some problems some users (like me) had with the other solutions here.

#!/bin/sh

# these three settings are required
adapter_name='VPN Connection'
username=
password=

# This setting here might be important because it's about the target network
# and in some cases it can't be properly determined automatically so this might
# be then worth setting.
# Format is in CIDR notation with the network address and a forward slash and
# the amount of network bits
target_network=192.168.0.0/24

# the IP you will get on the target network, also the VPN gateway on your
# local machine, you normally don't need to set this as the script tries to
# detect it
ip=

# optional setting for metric which normally shouldn't be necessary,
# except in te very rare cases where it should be set to a value lower than all
# other routes that might match the target network
metric=

# experimental setting to delete routes to the target network prior and after
# should normally not be needed unless this script fails and you get error
# messages like 'The route addition failed: The object already exists.'
route_cleanup=F

prog_name=${0##*/}

msg() {
  printf '%s: %s\n' "$prog_name" "$*"
}

die() {
  msg "$*" >&2
  exit 1
}

[ "$adapter_name" ] || die "Adapter name not set!"
[ "$username" ]     || die "Username not set!"
[ "$password" ]     || die "Password not set!"

if [ "$(uname -o)" != 'MS/Windows' ]; then
  id -G | grep -qE '\<0|544\>' || die 'Not running with admin rights.'
fi

msg "Disconnecting any existing connection that might exist."
rasdial.exe "$adapter_name" /d

msg "Connecting"
rasdial.exe "$adapter_name" "$username" "$password"

if [ ! "$ip" ]; then
  msg "Getting IP address on target network."
  ip=$(netsh.exe interface ip show config name="$adapter_name" |
    grep -a 'IP Address' | awk -F'[: ]+' '{print $4}')

  [ "$ip" ] || die 'Could not get IP! Exiting.'

  msg "Detected IP address as '$ip'."
fi

if [ ! "$target_network" ]; then
  msg "Getting target network."
  target_network=$(netsh.exe interface ip show config name="$adapter_name" |
    grep -a 'Subnet Prefix' | awk -F'[: ]+' '{print $4}')

  [ "$target_network" ] || die 'Could not get target network! Exiting.'

  msg "Detected target network as '$target_network'."
fi

msg "Getting VPN interface number."
if=$(ROUTE.EXE print -4 | grep -a "$adapter_name" |
  awk -F. '{gsub(" ", "");print $1}')

[ "$if" ] || die 'Could not get interface number! Exiting.'

msg "Detected VPN interface number as '$if'."

if [ "$route_cleanup" = T ]; then
  msg "Deleting any potentially already existing routes for the target network."
  ROUTE.EXE delete "$target_network"
fi

msg "Adding route for target network."
if [ "$metric" ]; then
  ROUTE.EXE add "$target_network" "$ip" IF "$if" Metric "$metric"
else
  ROUTE.EXE add "$target_network" "$ip" IF "$if"
fi

msg "VPN should be up now."
msg "Press enter to make it stop."
read -r _

if [ "$route_cleanup" = T ]; then
  msg "Deleting route."
  ROUTE.EXE delete "$target_network"
fi

msg "Disconnecting."
rasdial.exe "$adapter_name" /d

# msg "Press enter to exit."
# read -r _

exit 0

It's also worth noting that it might be necessary to manually set a low metric or otherwise the default route will match before the traffic destined for the VPN. You do this by going to the adapter setting where you open the "… Properties" menu item for the VPN adapter → "Networking" tab → "Internet Protocol Version 4 (TCP/IP)" Properties → "Advanced" → and there you uncheck the "Automatic metric" checkbox (in addition to the "Use default gateway …" of course) and set the value in the "Interface metric:" field to a value lower than the default route (see ROUTE.EXE -4 print output).

A little old but I found a way to do this using another machine. I have a laptop where I set up the VPN connection and on there I have FreeProxy set up with Socks5..

Then I set up firefox on my client machine to use the laptop's proxy server.. the result is that if I use FireFox or anything that's set up to use that Socks5 proxy, it will use the VPN, otherwise it uses standard routing..

A 'short' guide for noobs like me, who don't know much about networks. Not much new here, but a summary of all good options described in previous answers and in other related threads. Whole procedure consists of 3 basic steps:

1) Make all traffic NOT going via VPN. For this you must uncheck Use default gateway on remote network checkbox in VPN settings. Make sure to uncheck this checkbox for both IPv4 and IPv6. Usually I simply disable IPv6 protocol completely for VPN connection.

(!) It is (sometimes) possible that unchecking that checkbox will be enough for normal work - in my experience, necessary routes (which will direct necessary traffic via VPN) can be added automatically after VPN connection is established. I don't know exactly where and how these rules are configured, but such scenario exists - probably it is some magic done by VPN network administrators.

2) Make only necessary traffic going via VPN. For this you need to define routes. Here you have 3 options:

2.1) Add permanent route via VPN gateway:

route -p add a.b.c.d/<CIDR> w.x.y.z or route -p add a.b.c.d mask e.f.g.h w.x.y.z

where 'VPN gateway' = 'your IP on VPN network' = w.x.y.z and target address/network = a.b.c.d. You can find w.x.y.z by executing ipconfig and looking for your VPN connection name or, if you use PowerShell, you can get compact output by executing ipconfig | grep -A5 PPP (which will output 5 lines after finding each PPP connection).

Cons: you will have to re-create routes if your VPN IP will change.

2.2) Add permanent route via VPN network interface:

route -p add a.b.c.d/<CIDR> 0.0.0.0 IF <interface number>

where a.b.c.d is the target address/network and interface number is identifier of your VPN connection. This ID can be found by executing netstat -rn, or, for more compact output, netstat -rn | grep -A10 'Interface List'.

Pros: no need to change anything if your VPN address (w.x.y.z) will change.

Cons: need to re-create routes with new ID if you delete your VPN connection.

2.3) Use PowerShell cmdlet:

Add-VpnConnectionRoute -ConnectionName '<VPN connection name>' -DestinationPrefix a.b.c.d/<CIDR>

Pros: necessary routes are added each time VPN connection is established and deleted each time it is disconnected.

Cons: there is no Get-VpnConnectionRoutes cmdlet so it can be hard to manage these rules.

3) Check and ensure routing works as expected!

If you added persistent routes, you can check them by executing netstat -rn | grep -A10 'Persistent Routes'.

And, finally, run a few tracert commands against both IP addresses which are supposed to be accessed via VPN and against those which should work without VPN.

You can use something like netcatcher - just add all the routes you need one time and forget it. It will automatically add and delete routes when you connect or disconnect your VPN session. If your VPN IP address is dynamically obtained (DHCP) netcatcher will catch it and update the routes right way.