Split tunneling is a VPN feature that divides your internet traffic and sends some of it through an encrypted virtual private network (VPN) tunnel, but routes the rest through a separate tunnel on the open network. Typically, split tunneling will let you choose which apps to secure and which can connect normally.
This is a useful feature when you need to keep some of your traffic private, while still maintaining access to local network devices. So you can access foreign networks and local networks at the same time. It’s also great if you want to save some bandwidth.
But for all this, do you really need to use split tunneling? Are there any risks involved? And which VPNs support it? Read on for everything you need to know about using VPN split tunneling.
How does VPN split tunneling work?
Split tunneling is a clever VPN feature that gives you much more control over what data you encrypt and send through a VPN server, and what data travels through the faster, unencrypted open web.
So, how does it work? Well, in order to understand what VPN split tunneling is, you first need to understand the basics of a VPN server.
By default, your device will probably have a single, direct connection to the internet, through which your data will be sent and received. But, when you use a VPN, this creates a secure connection between your device and a VPN server. That VPN server then accesses the internet on your behalf. So, every single bit of data gets sent and received through the secure VPN server.
On the plus side, this keeps all your data completely encrypted. But, because everything needs to travel through the VPN, it can slow your internet speeds.
Split tunneling works by giving you two connections at the same time: the secure VPN connection and an open connection to the internet. So, you can protect your sensitive data without slowing down your other internet activities.
Different types of VPN split tunneling
There are a few different ways to implement VPN split tunneling:
- URL-based split tunneling lets you choose exactly which URLs you want to be encrypted through the VPN. This is usually done using a VPN browser extension.
- App-based split tunneling works in a similar way, as it lets you choose which apps you want to be routed through your VPN, while the rest of your traffic travels through your regular network.
- Inverse split tunneling works the opposite way. While these first two examples route everything through the open network by default and you can choose which apps and URLs you want to be routed through your VPN, with inverse split tunneling, all traffic is automatically sent through the VPN unless you specify otherwise. With inverse split tunneling, you choose what URLs and apps you don’t want to go through the VPN rather than the ones you do.
Pros & cons of VPN split tunneling
As with a lot of VPN features, there are loads of pros and cons to using VPN split tunneling. Take a look at the benefits and drawbacks to help you decide whether to use this feature.
Reasons to use VPN split tunneling
- It improves internet speeds by alleviating bottlenecks and conserving bandwidth because all your internet traffic isn’t being forced to pass through a VPN server.
- It lets you access more than one network at the same time, so you can get onto your corporate network or a foreign network while also remaining connected to your local network. This means you don’t have to keep connecting and disconnecting your VPN. So you can do things like:
- Download something without slowing down your browsing speeds
- Stream foreign films while still getting local search results on Google
- Access your network printer while maintaining your online privacy.
Reasons not to use VPN split tunneling
The main reason not to use VPN split tunneling is because it’s less secure than using a VPN all the time. But we’ll explain about the security implications of split tunneling in more detail a bit further down.
Here are some disadvantages to using split tunneling:
- It bypasses the security measures put in place by your VPN, leaving some of your online activity vulnerable to hackers.
- It takes time to set up the right split tunneling permissions for what you want. Depending on the type of split tunneling you’re using, you have to decide which URLs or apps you want to go through your VPN and which ones you want to go through the open network.
- Not all VPNs come with split tunneling features, and even then, not all of them are available on all operating systems. Luckily, there are several VPNs that offer really good split tunneling solutions. More on that later on in this guide.
Is VPN split tunneling secure?
VPN split tunneling isn’t quite as secure as routing all your traffic through your VPN. But, provided you’ve set it up correctly and you only route traffic through the open network that you don’t want protected, such as downloading a file or accessing your network printer, it can be a good compromise. After all, it lets you retain privacy on the traffic you care about without slowing down your internet speeds.
Using VPN split tunneling is much more secure than not using a VPN at all. But it’s not safe to rely on split tunneling for all your security needs, particularly if you have a lot of sensitive data you need to keep private. There is some debate around whether or not split tunneling weakens the overall encryption of your VPN and leaves you more vulnerable to hackers. This is plainly false.
Risks of split tunneling
Needless to say, there are a few risks of using VPN split tunneling, such as:
- Bypassing security measures, including proxy servers designed to keep your traffic secure.
- If it isn’t set up correctly or is not secure, it can leave room for hackers to access your information, which will also not be hidden from your ISP.
- Risking the security of a corporate system if your employee is using a less secure network.
- Employees could bypass permissions set up on your corporate network, meaning they could access blocked sites or suspicious downloads.
- Corporate IT would lose visibility on anything its employee was doing, including using less secure networks or browsing forbidden sites on company time.
When you should use split tunneling
You should use VPN split tunneling if you want to protect sensitive data without sacrificing your internet speeds. If you’re happy to split your online activity between things you want to keep private and things you’re not worried about, then VPN split tunneling could work well for you.
Here are some examples of when VPN split tunneling can be really helpful:
- Having additional security without slowing down your internet is really important to a lot of people. It’s likely you’ll want extra security for certain things, such as online banking, email correspondence or handling sensitive files. But you might be happy to sacrifice some level of privacy on more mundane online tasks in order to keep your internet speeds running smoothly. If that sounds like you then VPN split tunneling can be a really good option.
- Connecting to a Local Area Network (LAN) is often essential to everyday use. Sometimes, VPN encryption can shield you from a LAN, meaning you can’t access local devices, such as your wireless printer, for example. By using split tunneling, you can control the traffic you want to go through the VPN while remaining linked to the LAN, so you can print without having to disconnect from your VPN.
- Living overseas can be tricky these days without a VPN. After all, VPNs can protect your computer against government spying and they can bypass internet censorship if you’re living in a country that blocks a lot of online content, such as China or Saudi Arabia. And it can enable you to catch up on all your favourite TV shows from back home. The benefit of using VPN split tunneling here is that you can do all this without slowing down your other online activities.
How to use split tunneling
It’s usually really easy to enable split tunneling. All you need to do is go into the Settings or Options in your VPN and select Split tunneling. From there, it should give you options to manage your VPN connection on a per-app or per-URL basis. You can then choose what apps or sites you want to use the VPN and which you want to go through the open network.
How do you stop split tunneling?
Again, this is all very straightforward. Just go back to the Settings or Options in your VPN and disable split tunneling.
How do you test split tunneling?
A good way to test your VPN split tunneling is to try out some of the URLs or apps you selected to see if they pass through the VPN. You can do this by checking to see if you can still access region-restricted content or looking up your IP address.
Split tunnel vs full tunnel
Full tunnel means using your VPN for all your traffic, whereas split tunneling means sending part of your traffic through a VPN and part of it through the open network. This means that full tunneling is more secure than split tunneling because it encrypts all your traffic rather than just some of it.
Of course, this does mean that full tunneling usually leads to slower speeds than split tunneling as all your data needs to be encrypted. But it’s definitely the more secure option.
Which VPNs support split tunneling?
Luckily, lots of VPN providers offer split tunneling. Here are some of our favourites:
ExpressVPN split tunneling
ExpressVPN is one of the best VPNs for split tunneling. You can use it on Windows, Android, Mac or even your Wi-Fi router. It lets you use split tunneling on a per-app basis, so you can select which apps you want to be encrypted through your VPN and which you’re happy to use on the open network.
However, because ExpressVPN works on a per-app basis, this isn’t quite as helpful for users working primarily on a computer.
Surfshark split tunneling
Surfshark’s VPN split tunneling is really easy to use. And it works on a per-app and per-URL basis, meaning you can add as many different apps and websites as you like to your split tunneling.
Unfortunately, however, this currently only works on Windows and Android.
PureVPN split tunneling
PureVPN also offers a straightforward VPN split tunneling solution. It has split tunneling features built into its Windows and Android apps as well as its AndroidTV app. But unfortunately, it doesn’t support Apple or Mac users.
NordVPN split tunneling
NordVPN lets you enable split tunneling via its browser extension on Chrome or Firefox. This makes it really easy to choose which websites you want to go through the VPN and which ones you want to go through the open network.
CyberGhost split tunneling
CyberGhost lets you set Smart Rules for split tunneling, which allows you to divert your traffic through different servers.
VPN split tunneling can be a really good way of keeping your sensitive data secure without slowing down your internet speeds. But inevitably, it does make your traffic less private than using a VPN for everything, as not all your online activity will be protected.
And so, if online security is your main concern, you should probably steer clear of split tunneling and just use your VPN for all your traffic. But, if you don’t feel the need to encrypt absolutely everything you do and you just want a bit of added protection without compromising your load times, split tunneling is definitely worth a go.
What is dynamic split tunneling?
Dynamic split tunneling is a way to make your split tunneling smarter by configuring it to use Domain Name System (DNS). So, you could make some websites automatically go through a tunnel, while the other would be connected normally.
What is inversive split tunneling?
It’s a split tunneling version when all your traffic goes through a safe tunnel except the selected apps. This is different from a usual setup when all your traffic goes through your ISP, and only some of the applications are routed through a separate tunnel.
How can you make split tunneling safer?
If you’re using split tunneling, you are making a hole in your traffic. Potentially this could be nothing but depending on the program, the gap could be huge enough to leak your information. So, you should always trust the apps that you’re allowing to bypass the VPN.
Which protocols don’t support split tunneling?
Split tunneling can be set up with any tunneling protocol. There are no restrictions.