I would like to have my company VPN setup full time on a specific NIC while my other NIC runs on my normal LAN at the house.

I would also like to lock specific applications to using only the NIC on the VPN if and only if the VPN is running, else do not connect.

I am running Fedora 29 and have no clue were to even start with this process.

The company VPN locks my computer into their Firewall rules as is to be expected, but they lock all traffic into their rules. That means I am unable to perform tasks on my Fedora system while also working. So no access to my Plex server to listen to music while I work from home...

I would like only a select group of applications, Citrix being one of them, to always go out the NIC with the VPN active and connected. If that VPN is not connected then display some kind of connection error would be great, but not required.

Thanks in advance. I plan on installing the second NIC before this weekend comes and goes.

You could run a separate Fedora instance under qemu/kvm using the new NIC to connect to the VPN. Your regular desktop and NIC can continue running normally this way.

running a VM just to handle the VPN does not seem efficient as I will be running a Citrix client on top of that.

anyone else have an idea?

Routing one nic to the vm is the easy bit. Routing certain apps to the nic in question is the difficult bit. If you're already running Citrix (poor you) as well, that's even worse. It may be possible to route certain IPs (e.g. Netflix, youtube) through a certain nic while pushing the default through the other. While you are waiting for a solution, why not forego normal access while working, if it won't route through your company VPN & firewall? This is as much a question of changing your preferred work pattern as networking. If you're using particular apps, can you store them locally and simply upload & download data? If you're maintaining their network or accessing their network for data, you don't want simultaneous external access, surely?

1 members found this post helpful.

Most VPN software prevents what is called "split tunneling" which is exactly what business_kid describes. With 2 connections open, the security of a VPN is negated because now external connections have access through the PC as an "intermediary".

I think this is the way how a VPN should work. And if you could solve what you wish - that means the VPN is not good enough.
What I could suggest is similar to post #2, probably you can do it with docker.

1 members found this post helpful.

Instead of using two nics, how about creating a network namespace and a veth pair to link to it to establish the initial vpn connection. Or, connecting to the vpn using the 2nd nic and then moving the connection into a namespace to jail it. Then any programs he runs in the namespace would have the vpn ip, and any programs he runs in regular space (or whatever you can it.. rootspace maybe?) would have his regular ip.