We may earn a commission when you make a purchase via links on this site.
What is VPN Split Tunneling? When should you use it?
By Tibor Moes / January 2023
What is VPN Split Tunneling?
It’s natural to want to learn more about VPNs these days. Everyone advertises them, and many people use them on personal and work devices. But one term keeps popping up more than others – split tunneling – which can lead to confusion.
What is VPN split tunneling, when and why do people use it, and is it safe?
- VPN split tunneling allows you to choose what apps send data through the VPN tunnel and which ones connect to the internet normally.
- The data that flows through the VPN tunnel will be encrypted and have the IP address of the VPN server.
- The data that flows outside of it, will not be encrypted and have your real IP address, provided by your internet service provider (ISP.)
Tip: Don’t take risks online. Protect your devices against malware with antivirus software and safeguard your online privacy with a VPN.
How VPN Split Tunneling Works
VPN split tunneling is one of the most useful VPN features, along with the ability to switch between different tunneling protocols and kill switches. Essentially, VPN split tunneling gives users total control over their encryption and enables them to maximize speed and privacy on select connections.
To understand the mechanics of VPN split tunneling, learning about VPN servers and how they work is important. Devices that use VPN software can connect to VPN servers located in various locations around the world.
For example, instead of accessing the internet directly and navigating to a website, a VPN connection enables devices to connect to the VPN server and use its internet connection to navigate to websites. Incoming and outgoing data packets are first routed through the VPN server. Anyone monitoring online activities will see the VPN server as the sender and recipient of internet traffic instead of the original device.
That’s why the VPN server’s IP address and location are displayed instead of the client’s credentials.
But what is VPN split tunneling, and how does it differ from regular tunneling? Standard VPN tunneling creates a single connection from a device to the proxy server to the end destination. Split tunneling creates two connections.
One connection is routed through the VPN software – benefiting from encryption and privacy – while the secondary connection acts as an open internet connection. It works as if the user’s device hasn’t installed VPN software.
For instance, split tunneling can filter browser activities through the VPN but leave torrenting applications and video games alone to avoid sacrificing download speed and latency.
Types of VPN Split Tunneling
There are three primary types of VPN split tunneling users can implement to protect their privacy and benefit from encryption.
URL-Based Split Tunneling
URL split tunneling is the most basic method of creating separate connections through and around VPN software. Many users browse with URL-based split tunneling without even realizing it.
This type of split tunneling is generally reserved for VPN browser extensions. A browser extension-based VPN can be configured to route connections to a specific website through the VPN server or all browser connections. It doesn’t interfere with other applications on the user’s device.
Note that not all VPN browser extensions support split tunneling. To get around this, users can create their own split tunneling system by using two browsers.
One browser can have an active VPN extension that unlocks geo-restricted content. The other browser can use standard internet traffic through the ISP and connect to local websites. A setup with Chrome and Brave browsers can work great due to how well Brave balances out Chrome’s resource consumption.
App-Based Split Tunneling
An app-based split tunneling VPN enables users to create a list of apps that always have their traffic routed through a VPN server, as long as the VPN app is working. For example, users may select Skype, Outlook, and Zoom communications to use VPN connections with additional encryption and privacy.
This way browsers, streaming apps, and other programs don’t have to sacrifice connection speed. Unchecked apps can connect to the internet directly. They won’t be as secure or hidden from monitoring and tracking activities, but their speed and bandwidth will be unrestricted.
Inverse Split Tunneling
Inverse split tunneling is an interesting alternative to app-based split tunneling. It does the same thing at its core as every other type of split tunneling VPN. However, there’s a twist. This type of split tunneling routes every connection through a VPN server as a default setting. Therefore, all internet traffic is encrypted, and the user’s identity and location stay hidden.
If a user wants to allow certain apps or system processes to send and receive unencrypted traffic, they can set different priorities for those specific apps. Inverse split tunneling VPNs can be basic or highly customizable, depending on the split tunneling setup the user wants to do.
For instance, some VPN service providers may deploy an inverse split tunneling feature to enable regular internet access to basic programs. More advanced versions can enable URL-specific permissions, even though they’re embedded into system-wide VPN software.
Inverse split tunneling is arguably the safest type of VPN split tunneling. By automatically routing traffic through proxy VPN servers, the software ensures that all traffic is encrypted. This means there’s less risk of human error and leaving crucial apps unprotected.
It’s also probably the best type of VPN split tunneling for beginners or less tech-savvy users who don’t know how to configure VPN software.
Dynamic Split Tunneling
Some users may run into the term “dynamic split tunneling” and wonder why more VPN apps don’t have this option. However, this type of split tunneling is a Cisco solution for routing traffic based on the DNS instead of access control lists.
It’s mostly used in the corporate world, IT research, and other areas that use a Cisco-powered virtual private network and security analytics.
The Difference Between a Split Tunnel and a Full Tunnel
A full tunnel VPN redirects all traffic through its proxy server. All online user activities are traceable back to one of the IP addresses associated with the VPN proxy server. Although a browser extension could route all browser traffic, it isn’t a full tunnel extension.
Full tunneling usually happens when all browser, system, and app traffic goes through a third-party server and uses its internet connection to communicate with other devices. Split tunneling means that some traffic gets the VPN treatment while other traffic benefits from encryption and privacy.
Desktop and mobile VPN apps with split tunneling support can also provide full tunneling. Some do it with inverse tunneling, while others take a more traditional approach with separate app and URL permission lists.
Either approach works fine. The only significant difference is in the setup process.
Split Tunneling VPN Advantages and Disadvantages
As a VPN feature, split tunneling is highly flexible and opens up numerous opportunities to make using a VPN a more comfortable experience. But it’s not all sunshine and roses, as VPN split tunneling has a few drawbacks.
Reasons to Enable Split Tunneling
There are several standout reasons to use VPN split tunneling on any device.
A VPN with split tunneling capabilities allows users to maximize their internet speed in applications that benefit from the extra bandwidth. For example, video games, torrent programs, and streaming apps need a high-quality, reliable connection with plenty of bandwidth.
Routing this type of internet traffic through a VPN server usually sacrifices considerable speed. But someone who isn’t concerned with the monitoring of these activities may not want to use a VPN, despite needing it for other tasks. Split tunneling enables users to select internet traffic and connection encryption protocols carefully.
Another great reason to enable split tunneling is to access multiple networks simultaneously. Often, users can’t stay connected to local area networks or websites when using a VPN to access foreign streaming libraries. Or, their search engine results can get skewed because they’re sending requests from a proxy location.
Split tunneling enables devices to bypass foreign firewalls or connect to geo-restricted websites while still accessing a printer or computer on the same local area network.
Corporate Network Security
VPN software has plenty of uses in the corporate world. One of them is encrypting communications and creating another layer of protection around the corporate network infrastructure. But VPN traffic isn’t traceable. Therefore, it can give employees too much freedom.
Split tunneling can help corporate IT balance security and monitoring. Some programs and communication channels can benefit from VPN tunneling to ensure encryption and monitoring. Other apps don’t need a VPN connection. This would allow network admins to continue tracking employee activities and ensure everyone is doing what they should be. It helps keep oversight in place.
Managing Mobile Data Consumption
VPN connections consume more mobile data than standard connections. VPN split tunneling can resolve this issue by only routing low bandwidth apps through the VPN and letting other apps use the standard connection.
Managing VPN Data Consumption
Not all VPNs come with limited monthly data plans. But enough of them do, especially in lower-tier subscriptions. If someone desperately needs VPN protection, routing all internet traffic through a VPN can use up their data too fast.
A split tunneling VPN is a better option because it allows access control and can block high data use apps from connecting to the internet through VPN servers.
Use Local Area Network Devices
Some VPNs interfere with connections to other local area network devices like smart TVs, printers, and scanners. Split tunneling can offer a workaround by enabling access to LAN devices even if all other connections are routed through proxy servers.
Avoiding VPN Traffic Restrictions
Not all websites are fond of VPNs. Sites like Wikipedia may allow users to view pages but block them from signing in and editing. Streaming platforms are particularly anti-VPN and make all sorts of efforts to discourage it.
Steam, Spotify, and various other media streaming platforms block known VPN traffic. Some VPN apps might work, but eventually, they all end up in the blacklisted database. Once that happens, it can take months for a VPN to be viable again against certain filters.
Split tunneling offers a quality-of-life solution. Users can disable it for specific sites and platforms and enable it for others without constantly turning the software on and off and trying to find a new stable server.
In addition, split tunneling may speed up the login process into online banking applications. While adding more encryption to those connections is great, VPN traffic may force users to go through two- or even three-factor authentication processes.
Reasons to Disable Split Tunneling
The most obvious reason to not use split tunneling is that the feature bypasses the many security measures people want from their VPN software. Leaving connections unencrypted makes them vulnerable to interception and hacking.
Like VPN software, split tunneling is a feature that doesn’t always work as intended. Incompatibilities between VPN protocols, the software, and the operating system can cause problems. This means that connections can suddenly drop and reveal the user’s real IP address and location.
This is avoidable if the VPN has a kill switch that does its job consistently. Split tunneling incompatibilities might also lead to slower download speeds, lag, latency, and other small inconveniences.
Another potential drawback is the number of settings users must go through to configure the split tunneling feature. Someone who uses their devices multiple hours a day for work and leisure could have tens of apps to consider. And that doesn’t even account for system software and processes.
Inverse split tunneling doesn’t make things significantly easier either. Users who are particular about their connections would have to figure out which apps need unrestricted internet access and which ones must have encryption.
Finally, although it can benefit mobile users, split tunneling in its current state is far from mobile-friendly. Few Android apps or iOS apps created by VPN providers have fully functioning split tunneling features. Turning the feature on may cause more harm than good in some situations.
Most Common Uses for VPN Split Tunneling
There are two scenarios where users can benefit the most from VPN split tunneling because they require dividing internet traffic.
Browsing To and From Overseas
VPNs offer workarounds for censorship, powerful firewalls, and geo-restrictions. Anyone trying to access foreign servers may use split tunneling to bypass restrictions without losing access to local internet services.
Similarly, expats, travelers, journalists, and others located abroad may use split tunneling to connect to servers back home without compromising their anonymity in a foreign jurisdiction. In addition, the right VPN can enable users to unlock streaming libraries from back home so they can catch up on their favorite shows, live news, and more.
Securing Communications Without Compromising Speed
Some people need to communicate online on an encrypted VPN connection. That just isn’t what happens when using the internet with a standard ISP connection. Split tunneling can encrypt traffic only for select tasks and applications without interfering with other apps.
Someone might encrypt their online banking, email platform, and VoIP connections. But they probably want to stream movies without excessive buffering or download content with unlimited bandwidth. Split tunneling enables unique internet access configurations for every user.
Reliable VPN Providers with a Split Tunneling Feature
Many providers offer split tunneling and can establish a secure VPN connection without bottlenecking the entire system. Some stand out with their select split tunneling features.
ExpressVPN is one of the most popular and reliable providers. VPN users report very few security risks when they route traffic with ExpressVPN compared to using a direct connection.
Its tunneling features include app-based split tunneling and inverse split tunneling. Users can completely control device traffic and connections and create customized profiles for leisure and business activities.
The split tunneling feature in NordVPN is in the Settings menu. Again, users can choose between app-specific split tunneling or inverse split tunneling. It’s worth noting that both ExpressVPN and NordVPN are excellent VPN services regarding access to local devices.
Creating a separate tunnel for browsing activities, Outlook, Skype, and other apps enables secure and unrestricted access to other devices connected to the local network. This isn’t a VPN feature that many providers can offer.
While CyberGhost isn’t as popular as the industry giants, it has been around for a long time, and the software keeps getting better and better.
Finding the split tunneling feature requires users to access the Smart Rules menu. From there, users can go to the Exceptions tab and create a list of websites they don’t want to route traffic to through a proxy server.
Additionally, the App Rules section deals with system and third-party applications specifically. CyberGhost has every type of VPN split tunnel and can easily hide IP addresses without compromising network printer access.
Not only is SurfShark one of the fastest VPNs on the market, it also comes with impressive split tunneling capabilities.
What it lacks in geo-restriction bypassing and VPN traffic filter workarounds, it makes up for in customization.
The SurfShark VPN app doesn’t have an inverse split feature. But it lets you create both application and URL-specific lists to decide how all your internet traffic behaves and also allows access to local network devices.
Make VPN Split Tunneling Work for You
Few VPNs support split tunneling, so choosing one that does is very important. Not every URL request needs to pass through an encrypted tunnel, and not every app transmits sensitive data. A split tunnel VPN can offer the same benefits as a standard secure VPN server connection, with added perks.
Frequently Asked Questions
What is a VPN connection?
A VPN connection is an encrypted connection that gets routed through one or more proxy servers before the user reaches their destination.
What is the difference between a VPN and a VPN tunnel?
A VPN is a virtual private network. A tunnel is the process of transmitting VPN data packets through a secured connection.
Can you be tracked with a vpn?
VPN connection encryption differs between tunneling protocols and VPN software. Tracking can still be possible if the VPN doesn’t have good security.
Author: Tibor Moes
Founder & Chief Editor at SoftwareLab
Tibor is a Dutch engineer and entrepreneur. He has tested security software since 2014.
Over the years, he has tested most of the best antivirus software for Windows, Mac, Android, and iOS, as well as many VPN providers.
He uses Norton to protect his devices, CyberGhost for his privacy, and Dashlane for his passwords.
This website is hosted on a Digital Ocean server via Cloudways and is built with DIVI on WordPress.
Don't take chances online. Protect yourself today:
Protect your Devices
Protect your Privacy
Or directly visit the #1: