Split tunneling is a powerful feature that allows you to decide which apps are covered by your encrypted VPN tunnel and which ones bypass it. It’s offered by practically all of the top VPN services available today.
While it's useful to secure your whole internet connection, sometimes you need a little more flexibility. Bank apps tend not to play nicely with VPNs, or you might want to watch streaming content from your home Netflix account while you’re overseas on vacation.
I’ll explore split tunneling, how it works, why you might want to use it, and which of today's best VPNs include it in their subscriptions.
What is split tunneling?
Split tunneling gives you the choice of routing your app’s traffic through a VPN tunnel or over your normal internet connection.
Almost all split tunneling implementations allow you to pick apps on an exclusionary basis, but some VPNs also allow you to pick only specific apps to use the VPN connection instead.
The key advantage of split tunneling is control
The key advantage of split tunneling is control. It allows you to decide which apps you think benefit most from the advantages of a VPN, giving you the best of both worlds: enhanced security for sensitive activities, like browsing the web, while maintaining speed and unrestricted access for activities that don’t need VPN protection, like online gaming.
Split tunneling is available across various operating systems, including Windows, MacOS, iOS, and Android. So, no matter whether you’re on desktop or mobile, you’ll be able to access split tunneling.
However, VPN providers are notorious for not offering split tunneling across all devices consistently, especially on mobile clients. This is because the way they’re implemented differs between OSes – so, it's worth checking that the provider you’re using supports split tunneling for your device.
How does split tunneling work?
When you enable split tunneling on your VPN, the traffic from your device is divided into two streams. Let's run through the process.
Connect to a VPN via a client app, and it'll create a new network interface that all of your internet traffic goes through. This is how it enforces encryption – by ensuring that none of your data is sent out over your default unencrypted internet connection.
Interested in how VPNs do their thing? Check out our jargon-free guide to how VPNs work.
As this traffic is encrypted, it’s hidden from your ISP, too, and anyone monitoring your connection. Your IP address is also masked and your connections appear to come from the VPN server.
Split tunneling allows you to pick which apps don’t use this VPN connection, allowing them to send traffic back and forth over your regular internet.
This traffic isn’t encrypted by the VPN, however, and will appear as though it's coming from your local network, revealing your real IP address and location. In essence, you’ve now got two “streams”: one for your VPN connection, and one for all the traffic you want to send normally.
When to use split tunneling
There are many scenarios where split tunneling comes in handy. Here are a few of the most common use cases:
- Accessing local content: if you need to check out a service or website that’s only available in your local country (such as banking or streaming services), split tunneling allows you to access these sites with your real IP address, while still keeping your VPN connection up for everything else. While you could drop the VPN connection entirely, this keeps your connection to other apps open in the meantime.
- Bypass VPN blocks: some services block users who are connected through a VPN. While a VPN provider attempts to provide access to as many of these sites as possible, it’s impossible to unblock everything. You may also end up having to solve more captchas, as you’re sharing your IP with many other users simultaneously. Split tunneling allows you to access these sites directly.
- Improve performance: even the best gaming VPNs sometimes slow things down due to the added overhead that comes from the encryption process, as well as the additional latency from chaining your connection through an extra server. Keeping your latency low is vital to a smooth online gaming experience, so split tunneling can help you by sending only your gaming traffic through your default connection.
- Prioritize sensitive data: While it’s best practice to always keep your VPN switched on, if you’re in an environment with limited bandwidth and need to prioritize the security of certain applications, split tunneling allows you to route this sensitive traffic through the VPN while leaving other, less important tasks to bypass the VPN for better performance.
- Traveling: when you’re traveling abroad, split tunneling helps you keep work and personal information secure by routing it through the VPN, while still allowing you access to local services and websites. Very handy if you need to check local news or weather while still streaming Netflix content from your home country.
- Access LAN devices: if you're at home or a private office and having trouble accessing your network devices through your VPN (like printers or file servers), split tunneling can help you access these work resources through your local connection – while keeping your VPN connection intact for internet-facing applications.
Are there risks to split tunneling?
Split tunneling has dozens of use cases, but it's important to understand that there are a few risks involved, too.
First and foremost, when you enable split tunneling, you're essentially “turning off” your VPN for that app. That means all of the data it sends and receives is transmitted over the open internet.
While this isn’t much of an issue if the app you’re using handles its own encryption, unprotected data can be exposed to potential attackers, especially if you’re connected to unsecured networks like public Wi-Fi hotspots.
This also means that the data you’re sending through those apps is bypassing any anti-malware checks or site blocklists that the VPN uses which could, in turn, expose you to malicious websites, third-party tracking, or spyware.
If implemented incorrectly, split tunneling can cause traffic that should be covered by your VPN to drop back to your normal connection
Split tunneling can also lull you into a sense of false security – giving hackers an advantage. If your provider hasn’t implemented it properly, it could cause traffic that should be covered by your VPN to drop back to your normal connection.
It's a rare issue, but I've seen ExpressVPN identify it in one of its split tunneling implementations. It led to DNS leaks in that instance but, thankfully, it has since been fixed. It really underscores the value of making sure your VPN provider is building its client apps correctly, however.
The real value of a VPN is that it’s always on. If you, for example, enable split tunneling on your browser for a single session and forget to turn it off afterward, you could inadvertently expose your real IP address when connecting to other sites.
This negates a lot of the privacy advantages that a VPN offers, so you need to make sure that you’re only using split tunneling for the time you really need it – and only on apps that send encrypted traffic anyway.
Some VPN providers have recognized this issue and now provide a “pause” function, letting you turn off your VPN for a set amount of time so you don’t forget to turn it back on.
Which VPNs offer split tunneling?
Virtually every secure VPN out there offers split tunneling - though some have a different name for it. So, whether you go with NordVPN, Surfshark, ExpressVPN, Proton VPN, or PrivadoVPN, you'll have access to a reliable split tunneling feature.
