Delaying inbound connections to your application is relatively simple:
stunnel allows you to redirect traffic to specific ports through an SSL tunnel. This requires you to run it at both ends.
Most worthy SSH clients like OpenSSH or PuTTY also support port forwarding, with the added benefit that any remote SSH server can usually act as the other end of the tunnel without any changes.
You can also use OpenVPN and other VPN solutions, but this requires that special forwarding rules be added to the remote server.
Forwarding outgoing connections, however, is more difficult without modifying your application. The right way to do this is to implement the SOCKS protocol, preferably SOCKS5 . Alternatively, you can use an external application such as FreeCap to redirect any connections from your application.
After that, you can redirect your connections to any SOCKS server. Most SSH clients, for example, allow you to use the SOCKS protocol to route outgoing connections through a remote server.
As an alert, OpenVPN servers do not necessarily become the default gateway for all your traffic. Some of them push this route table entry to customers, but you can change it. In my own OpenVPN installation, I use VPN only to access the private network and do not route everything through it.
If you can force the application to bind all outgoing sockets to one or more specific ports, you can use the IP filtering rules on your system to route any connections from these ports through a VPN.
EDIT:
Tunneling UDP packets is somewhat more complicated. Typically, you need a proxy process both on the remote server and on the local client, which tunnels incoming and outgoing connections through a permanent TCP connection.
The best option would be to fully implement the SOCKS5 client in your application, including the UDP-ASSOCIATE command for UDP packets. Then you will need to find the SOCKS5 proxy server that supports tunneling.
I sometimes used Delegate , which seems like a Swiss pocket proxy knife. As far as I know, it supports the UDP-ASSOCIATE command in its SOCKS5 implementation, and also supports connecting two delegation processes through a TCP connection. It is also available for both Linux and Windows. I donβt remember if it can also encrypt this TCP connection, but you could always tunnel it through stunnel or SSH if you need to.
If you have system administrator rights on a remote VPN server, you can probably have a simpler setup:
Ask the P2P application to associate its outgoing UDP sockets with the VPN client interface. You need to configure an additional default route for this interface. Thus, the outgoing packets of your application will pass through the remote server.
The remote server forwards incoming UDP packets to specific ports through a VPN connection to you.
This should be a simpler setup, although if you really care about anonymity, you might be interested in keeping your P2P application from leaking DNS or other requests that can be tracked.