Yes, the first step is to identify the IP addresses you want to route - the actual routing is fairly straightforward.
When you are connected to the VPN and do
route print
It will show a default route, something like:
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 20
The IP address of the gateway and interface will be provided by your VPN provider at connection time.
The 0.0.0.0 destination and 0.0.0.0 netmask means "match all traffic to this route, and send it to the gateway"
You want to delete this, and replace it with a default route that is out of your internet connection. Like this (assuming 10.1.1.1 was your own router):
route delete 0.0.0.0 mask 0.0.0.0 192.168.1.1
route add 0.0.0.0 mask 0.0.0.0 10.1.1.1
Now all traffic will go out of your router, and none through the VPN.
Then you figure out the hulu network range - lets say it is 200.200.200.0/24
, and add a route for it:
route add 200.200.200.0 mask 255.255.255.0 192.168.1.1
So what this is saying is, any traffic destined for any address in the range 200.200.200.0-255 should be sent to the VPN gateway.
Determining the hulu range might be difficult to deduce, but you could do some googling as you won't be the first to try and figure out what ranges they use. Failing that, you could install wireshark and observe what traffic flows through the VPN when accessing hulu (you'll want to make sure you don't run anything else at the same time).
The DNS lookup is the first part of the process. If you use their DNS, and do a lookup for one of the services they unblock, then they will return the IP address of a proxy server in the right geolocation.
Then when you go to the site you are after, your requests will instead go to their proxy which will access the site on your behalf. This is a "tunnel" in its loosest sense, it is just proxy serving - no magic.
The only part that's proxied is the geo authorization and the initial data stream (which is mangled to include your real IP). This is why it's so fast because they're only man-in-the-middle proxying up until the streaming begins (provided by gravyface in comments).
If your IP address is not registered with their service, you'll get the standard IP address resolution and go directly. So no magic needed there either.
Best Answer
Nothing special here... Overplay's SmartDNS works like Google Public DNS for normal traffic. But, in case of Netflix (for example), it points to their own servers rather than to Netflix's servers. Their own servers act as proxy to Netflix's server. That's it!
Proxy services don't involve any type of encryption, so its faster than VPNs featuring encryption. Plus, normal traffic isn't passed through their proxy servers, so its speed is normal.