How to allow all internet traffic through a specified NIC?


I am looking for a way to direct all internet traffic through a specific NIC, here is the scenario:

I am running a VPN client on a Windows computer. When the user logs in, the VPN client automatically connects (rather, the tunnel is established without the user authenticating), and the user is unable to disconnect the VPN, (e.g. Cloudflare WARP, with switch mode off). The VPN split-tunneling is set to off, so all traffic goes through the VPN adapter/tunnel. <

The VPN is used for secure browsing and remote access.

This works fine because when a user logs into the computer and starts to use it for internet browsing, I can track all traffic to the device and I can content filter the traffic also via the VPN server side. Here is the twist, I would like to force the user to authenticate the VPN when they log into the Windows desktop, that way, they authenticate before accessing the resources or browsing the internet. That I can do (allow them to authenticate before accessing the remote resources), but the challenge is can’t block them from using the internet without first authenticating the VPN and establishing the tunnel.

Which, leads me to my question, is there a way I can set internet access via a specific NIC? That way I can set internet traffic to flow via the VPN connection,

  1. But if I block the internet on all other NICs, how will the VPN client itself establish the tunnel?
  2. I was playing around with Windows firewall but was not getting what I wanted.
  3. If I can allow access only to the port that the VPN client needs, and block all other traffic until the tunnel is established

Thanks for your help in advance