Split tunneling or VPN split tunneling is a technology that gives control over which data is encrypted and sent through a VPN and which data stays unencrypted.
The great advantage of split tunneling is that you may use a VPN only for those applications that need to take advantage of the VPN benefits (browser, torrent client, streaming app) and let the other apps access the Internet directly.
For example, you may stream content from a service that is blocked on your location, whilst using the same device to access a food delivery app on your regular Internet connection that will be delivered to your house.
This article explains what VPN split tunneling is, how does it work, how to get it on your devices, and lists several VPN services that offer split tunneling.
What is VPN split tunneling – A Transylvanian war story
The eternal rivalry between TomBat’s gang and the Megabats, the impressive-looking neighbors, has almost degenerated into an open fight.
A whisper about an attack planned by the Megabats was recorded by RoboBat, the perfect bat-spy. The rumor spread panic like wildfire in the TomBat’s pack. In a matter of minutes, the ad-hoc bat council decided to take refugee in Vlad’s castle.
And here they were behind the strong walls of the castle preparing their defense, with GrandPaBat, the oldest bat in the pack, in the role of Gandalf.
GrandPaBat did what VPN split tunneling usually does: he split his bat army in two. The first division: the strong-armed squad (for the sake of our tech article, the data traffic that is encrypted using the VPN) formed by bats carrying shields and sabers. Their role was to defend the walls and maintain their position.
The role of the second group, the archery patrol (the apps that directly connect to the Internet), holding only their light bows, was to rapidly move between battlefronts and attack the enemies.
They were prepared for the worst!
What was the result of the fight? TomBat and his friends have recorded a glorious victory as Megabats did not show up. It seemed that the rumor about the attack was simply… fake news.
Now that you have an idea about split tunneling, let’s talk tech!
What is VPN split tunneling?
The name split tunneling actually describes its function: it is used to split a user’s Internet traffic.
By default, a VPN client routes all your traffic through a VPN server. However, when split tunneling is activated, some of the Internet traffic is routed through a VPN network, but at the same time, specific apps or devices are allowed to access the Internet directly.
How does split tunneling works?
A Virtual Private Network (VPN) acts as an intermediate between your device and the Internet. The data traffic that the applications installed on your device exchange with the Internet is encrypted and transferred from the device to a VPN server and from there to the destination network.
VPN split tunneling is a function of the VPN client that is able to let some of the applications connect directly to the Internet. Additionally, some advanced VPN clients implement the so-called inverse split tunneling that routes to VPN only specific traffic, from selected applications.
Split tunneling allows users control over which data should be transmitted over the Internet on the unencrypted, faster web and which should be done via a VPN.
Why do you need VPN split tunneling?
The function of a VPN is to assist in securing data traffic by routing it through a tunnel that is encrypted. This serves to protect data from unauthorized access or prying eyes.
Although this is very useful in many cases, it is also, unfortunately, an inconvenience in other scenarios. A VPN often suffers from a considerable bandwidth bottleneck. This is due to all traffic being transmitted automatically, and this ultimately slows down tasks based on the Internet and prevents users from accessing devices such as printers that are connected to the LAN while the computer is connected to the VPN.
Controlling relevant traffic via split tunneling enables users to connect applications and devices that required encrypted connections to a VPN, while at the same time staying linked to the local network, allowing them to access devices connected to the LAN. This is actually a very convenient way of doing things, as some applications can still use a VPN that will provide its own security and features, while other applications not using the VPN will benefit from full Internet speed.
Users may, for example, want to access Netflix from a different location, unblock Youtube videos, and download files securely by using a remote VPN without having to sacrifice bandwidth while surfing the local network.
It may also benefit users that do online banking. This type of application already anonymizes data and may potentially flag an IP as suspicious if it is not recognized due to it being supplied by a VPN. Even though several VPN services cater specifically for gamers in terms of providing low latency solutions, applications such as video games that are sensitive to latency also benefit from not having to be routed through a VPN.
In the business world, just like VPN concentrators, split tunneling is also often used, particularly when employees work remotely from home or anywhere else and need to access professional services or secure networks from an unsecured network. It will, for example, allow them to keep webmail secure and private, while they can still indulge in personal activities like streaming music or other content.
To sum up, a split tunnel VPN offers the important benefit of using an encrypted and anonymizing connection for certain applications while maintaining the regular Internet connection for others.
Advantages and disadvantages of using VPN split tunneling
Before setting up a VPN split tunneling you should be aware of the pros and cons of using this approach. Make sure you read and understand the disadvantages!
Advantages of using split tunneling
- You have complete control over what gets encrypted and what uses the regular Internet connection.
- You may get the perfect mix between security and speed. As you probably know already, VPNs may slow down your Internet connection. Thus, you may want to utilize a VPN only for specific apps and URLs.
- You may watch local and overseas streaming channels without turning the VPN on and off. For example, you may set the split-tunneling to connect to VPN every time you access the BBC iPlayer website while being able to watch Netflix with your local flavor.
- It is convenient for torrenting. If you download torrents frequently, you may apply the split-tunneling to force the torrent application to use a VPN for torrenting, while maintaining the regular Internet connection for the other apps.
Disadvantages of using split tunneling
- From control comes responsibility. When split tunneling is activated, it is your job to decide whether an app or URL is secured through a VPN tunnel or not. If you fail to utilize an encrypted tunnel when necessary you may get hacked or get exposed.
- It may be (somehow) difficult to understand the basic concepts of split tunneling and how to set it up.
Types of split tunneling
There are several different methods that can be used to implement this type of technology.
- App-based: The VPN client that implements the split tunneling requires users to select specific applications that should connect through the VPN. When this method is used, only the apps that have been selected will utilize the VPN, while all other Internet traffic is done via the regular network.
- URL-based: Split tunneling can also be implemented by using the URLs specific websites. When using this method, the user specifies exactly which URLs need to be encrypted by sending it through the VPN. This method is normally implemented by using VPN browser extensions.
- Inverse split tunneling: When this technique is implemented, the default is for all Internet traffic to be encrypted by sending it via a VPN. The user then selects exactly which URLs or apps should not be sent through the VPN, but through the normal, unencrypted Internet.
Although split tunneling is not particularly difficult to configure, it does need users to configure which URLs or apps should be either included or excluded manually. Every VPN solution handles this differently.
How to set up a VPN split tunneling
Firstly, you have to decide what is your main objective, what you need to obtain, in order to know what type of split-tunneling to choose. And, here are some possible scenarios:
- You want to unblock a specific streaming channel. Then you may set up an URL-based or an app-based VPN split tunneling. The approach that I recommend is to choose a browser that you don’t use for your daily tasks (browsing, email, online banking, etc.), add it to the apps that use VPN, and every time you want to access the streaming website do it using the selected browser.
- You need to protect your torrent downloads. Again, app-based split tunneling is the way to go: add the torrent app to the apps that need to be managed by the encrypted tunnel.
Secondly, you need access to a split tunneling solution:
- The handiest method to set a split-tunneling VPN is from a native VPN client, VPN software offered by the VPN provider.
- Manually set it up from the command line on Windows or macOS.
- Employ OpenVPN configuration files to implement the URL-based split tunneling.
- Another option is to use a VPN browser extension or VPN browser addons (not quite a split tunneling solution, but it does the trick).
Use VPN client apps
For non-techies, the simplest approach is to subscribe to a VPN service that offers split tunneling in its applications (we recommend ExpressVPN). Thus, after installing the VPN application, the only thing to do is to define the rules for the applications to use (or not use) the VPN tunnel.
Use command-line configuration on Windows or macOS
This is a more complicated approach and consists of using the command line to instruct the computer operating system (Windows, macOS) to bypass the VPN for selected destination websites.
And here is how you can proceed:
Use OpenVPN configuration files
If you are using OpenVPN config files (.ovpn) for configuring your VPN connection then it is easy to distribute your VPN traffic:
- Find the IP address of the server or the website you want to be routed through the VPN.
- Add the following commands to the .ovpn file:
route-nopul route 1.x.x.x //the IP address of the destination host
Test your VPN split tunnel connection
Don’t forget to test your VPN connection! Depending on your goal, test several scenarios to make sure the split-tunneling works as expected:
- Test the URLs or apps that are supposed to pass the encrypted tunnel (VPN).
- Perform some leak testing (WebRTC leak test, DNS leak test, IP leak test) to make sure the VPN connection works as expected.
- Load an IP locator website to check your public IP address for the URLs or browsers that are not using a VPN.
The best VPN services with split tunneling
Split-tunneling is an option that not many VPN providers offer. And fewer have it implemented in their VPN applications.
There is always the option to go for the manual setup as presented above, but if you want to have it working in a matter of seconds then you don’t have many options.
VPN services that we recommend are ExpressVPN (with the best split tunneling apps) and NordVPN.
ExpressVPN is a fast, reliable VPN service with easy-to-use applications.
It supports the split tunneling feature on Windows, macOS, and Android.
Additionally, you may install the ExpressVPN firmware on your VPN router and set the split-tunneling directly on the router, with the advantage that you may implement policies at the device-level.
You may find the option under the Settings or Preferences menu.
Then, click on the Settings button to choose the type of split:
- All apps use the VPN.
- Do not allow selected apps to use the VPN – inverse split tunneling.
- Only allow selected apps to use the VPN.
Important! No matter the type of split tunnel selected you still need to turn the VPN on in order to enable it.
On mobile devices, ExpressVPN does support split tunneling on Android, but it does not support it on iOS.
NordVPN is one of the top VPN providers in regards to speed, security, and reliability. But, it lacks split tunneling from its applications.
However, you may manually set it for Windows or macOS as explained above.
Tips to get the most from your VPN split tunneling
Now that you understand how to split tunneling works you deserve several tips to make sure you get the most of your VPN experience:
- Establish your goals clearly (what you need the VPN for, what you need to unblock, or to secure and what are the apps that need to access the Internet directly) and set the split tunnel accordingly.
- Test your split tunneling setup from time to time to make sure it works as expected.
- As it seems to be the best option, get an ExpressVPN subscription.
- Do not use free VPN services for split tunneling. You may end up with unpleasant surprises.
VPN split tunneling FAQ
Is split tunnelling difficult to set up?
If the VPN provider offers a VPN client that implements split tunneling then all you need to do is to choose the URLs or applications to use the VPN. Otherwise, the set up may require some advanced technical skills, as presented above.
Can I use split-tunneling VPN on mobile devices?
Android devices can benefit from this useful feature by installing the OpenVPN Connect app. However, on iOS, split tunneling is not available. In this case, you may consider Vilfo, a VPN router with advanced features.
Is split tunneling safe?
Using split tunneling to exclude specific traffic from a VPN’s protection does carry an inherent risk as the exposed traffic would be vulnerable to outside snooping.
Only connections protected by a VPN should be used to handle torrents, downloads, or sensitive data.
Split tunneling gives you the best of both worlds as you can still protect sensitive network traffic with a VPN, while at the same time utilizing normal, fast internet speeds for connections that are not sensitive. Simply ensure that you configure things correctly to not inadvertently expose sensitive data.
Finally, don’t forget to subscribe to our newsletter (below) and we will send you regular and funny updates. You will make a Transylvanian baby-bat very happy. 😃