Hi Henning, That's an interesting inquiry. I guess the thing to point out is that generally speaking, the networking stack is per-system, rather than per-user. That means that while you're using your OpenVPN profile with your account, some process still running by somebody else in your family could be transferring data over it! Linux has network namespaces to assist with properly separating, and I _think_ that possibly the UWP VPN api on Windows might support this? But I'm not sure. It's possible to match packets using WFP with FWPM_CONDITION_ALE_USER_ID, but I haven't yet worked out how to apply this to routing rules (and doing a VPN in a filter driver rather than an adapter driver isn't very appealing).
In other words, neither OpenVPN nor WireGuard actually support your use case. OpenVPN characteristically just opens up a potential security hole, so you think it's doing what you want, but it really isn't. So the short story is that for the time being, I'm not sure how to do per-user VPN on Windows with what we've got (adapter-level redirection using the routing table), but I also haven't looked very hard, so it's not a total impossibility either. Jason
