What Is VPN Split Tunneling, and How Does It Work?
Let’s discuss what split tunneling in VPNs means and how to use it to improve your VPN experience.
If you want to safeguard your online privacy using a virtual private network (VPN), there are certain trade-offs you have to make, the most notable of which is a decrease in internet speed.
In order to protect your online data, a VPN needs to encrypt and decrypt all incoming and outgoing traffic, as well as direct all internet communications through a VPN server. This entire process, commonly known as VPN tunneling, impacts the speed at which your traffic travels between your device and its intended destination.
But what if there was a VPN feature that would allow you to bypass that process when accessing certain apps, services, and websites, while maintaining a VPN connection for all other online communications on your device? Well, thankfully there is! This feature is called split tunneling, and it’s the focus of this guide. Let’s discuss what split tunneling is, how it works, and how you can use it.
What Is Split Tunneling?
Split tunneling is a VPN feature that essentially creates a second tunnel through which some of your online traffic can pass. Unlike the VPN tunnel, this second tunnel is not encrypted and it has no protections whatsoever. Online traffic passing through the unencrypted tunnel interacts with the internet directly and enjoys no online privacy.
The purpose of split tunneling isn’t to increase your online security, but to let you access certain apps, websites, or online services at normal internet speeds, even if you’re connected to a VPN. It also lets you access apps and services that are not VPN-friendly, such as online banking apps that block VPN IP addresses. Basically, split tunneling lets you use and not use a VPN on a single device at the same time.
FYI: Split tunneling can be useful when multitasking. Some apps don’t work well with VPNs, so if you want your device to enjoy VPN protection while using those apps, you can use split tunneling to exclude them from the VPN tunnel.
How Split Tunneling Works
When setting up split tunneling, you will decide which apps or websites will use the unencrypted tunnel. This is critical. Remember that traffic passing through the unencrypted tunnel completely bypasses the VPN tunnel, so you should be picky in terms of which apps and websites you allow to use it.
Here are some examples of online services that can benefit from the use of split tunneling:
- Netflix and other streaming services: Streaming services use your IP address to determine your location. If you want to maintain access to shows available to your region, you can let them bypass the VPN tunnel. Conversely, you can set Netflix to use the VPN tunnel to change your Netflix streaming region.
- Local services like weather and news: These apps also determine your location through your IP address. By letting them bypass the VPN tunnel, you’ll get access to the latest local updates even if your VPN IP address is set to somewhere else.
- Online banking apps: Some banking apps block VPN IP addresses or IP addresses from outside their service area, making it impossible to connect to them through a VPN tunnel. Split tunneling provides a simple solution without making you have to turn off your VPN completely.
- Closed-off networks: If you’re part of, let’s say, a local area network (LAN) and you need access to another device on the network to share files, you can route peer-to-peer file sharing through the unencrypted tunnel. Otherwise, you wouldn’t be able to access LAN devices while connected to a VPN.
Once you’ve configured which apps will bypass the VPN tunnel, they’ll be able to connect directly to the internet without encryption and VPN tunneling, whether or not your device is connected to a VPN.
Inverse Split Tunneling: What It Is and How It Works
Most of the top VPNs on the market offer a split tunneling feature, but only an elite few offer the more advanced inverse split tunneling. The concept is the same: There are two tunnels; one is encrypted and the other is not. However, rather than choosing which apps and websites will bypass the encryption, you choose which services will use the VPN tunnel.
For example, inverse split tunneling comes in handy if you want to send over a sensitive file to a co-worker but don’t want your VPN to disrupt your internet speed. Rather than use normal split tunneling and manually exclude each and every app from the VPN tunnel, you can use inverse split tunneling to select just your file-sharing app and make its traffic go through encryption.
Although it sounds simple, very few VPNs offer inverse split tunneling, such as Private Internet Access. You can read our Private Internet Access review to learn more about its unique feature.
Pro Tip: Some VPN providers call normal split tunneling “whitelisting” and inverse split tunneling “blacklisting.” Whitelisted apps have permission to use unsecure networks even when the VPN is active, while blacklisted apps can connect to the internet only through a VPN tunnel.
Things to Consider When Choosing a VPN With Split Tunneling
Just because a VPN promises a split tunneling feature doesn’t mean the experience is the same with other VPNs. Here are some things to consider when choosing a VPN with split tunneling.
App vs. Browser Split Tunneling
You can access VPNs on a device using either a VPN app or a browser extension. With the former, all internet communications on your device are encrypted. With the latter, only communications through the browser are secured.
The same applies to split tunneling. Your split tunneling settings on a VPN app affect your entire device, whereas the split tunneling settings on your browser extension affect only your browser.
Per-App Settings vs. URL/Domain Exclusion
Ideally, you want a VPN that gives you the option to exclude both specific apps and websites from the VPN tunnel, but this is not always the case. Some VPNs allow you to exclude only apps, while others let you exclude only website URLs.
The first type, known as per-app settings, provides a list of all the apps installed on your device when setting up split tunneling. From there, you can choose which apps can bypass the VPN tunnel.
FYI: Per-app split tunneling is more common on Android smartphones, whereas most Windows VPNs with split tunneling allow users to exclude both apps and websites.
With the second type, you have to manually enter URLs of the websites you want to exclude. Although it can be tedious, if your VPN doesn’t allow you to exclude both apps and websites, this method is actually preferable. While you can’t exclude a specific app directly, you can enter the URL of the corresponding service as a workaround. For example, if you want to exclude the Facebook app from going through the VPN tunnel, simply exclude “www.facebook.com” and the app will no longer be routed through the VPN.
Split Tunneling on Certain Operating Systems
Even if you use a VPN that promises a split tunneling feature, whether or not you actually get to enjoy it depends on the operating system of your devices. For example, because of the closed-off nature of iOS on iPhones and iPadOS on iPads, split tunneling is not possible on those devices. Apple’s macOS, on the other hand, used to allow split tunneling, but if you upgraded to macOS 11 (Big Sur) or later, the feature is no longer available.1
That’s why, even if you see that a prospective VPN is offering split tunneling, you should check whether or not the feature is available on the specific devices you’re using.
Conclusion: Does Split Tunneling Have Any Impact on Your Privacy?
Overall, split tunneling is a great feature to have in a VPN. It’s not always necessary, and it doesn’t have a direct effect on your privacy, but it can make your VPN experience a whole lot better. Plus, by letting you maintain both a VPN and an unencrypted connection at the same time, it eliminates the need to switch off your VPN, ensuring that your online data that needs to remain private remains private.
Ultimately, though, it’s just one of the many features and factors you need to consider when buying a VPN. To help you pick out the best VPN for your privacy needs, here’s our complete VPN buying guide.
VPN Split Tunneling FAQ
Do you have any more questions about VPN split tunneling? Check out this FAQ; you might find the answers here.
Is split tunneling good or bad for my privacy?
Split tunneling can be good for your privacy if you use it correctly. Rather than turning off your VPN completely, you can use split tunneling to maintain a VPN connection for apps and websites that need VPN protection, while excluding those that don’t work particularly well with VPNs. However, make sure to exclude only apps that you don’t mind going through unencrypted tunnels, as excluded apps enjoy no VPN protection whatsoever.
Do all VPNs offer split tunneling?
Not all VPNs offer split tunneling, but the feature is becoming increasingly common. Most of our top-pick VPNs offer split tunneling.
Is split tunneling the same as a VPN kill switch?
No. Split tunneling and a VPN kill switch are two different features. Split tunneling creates two separate tunnels so you can choose which tunnel to use with which apps. On the other hand, a VPN kill switch ensures all your online traffic goes through only the VPN tunnel by disrupting your device’s internet connection whenever the VPN connection drops.
Can I use split tunneling and a kill switch at the same time?
Yes, you can use both features at the same time with most VPNs. When both features are active, the kill switch will disrupt the internet connection of only apps and websites that are not excluded by the split tunneling feature. However, there are also some VPNs that don’t allow the use of both features simultaneously.
Should I turn on split tunneling?
You should turn on split tunneling only if you want to exclude certain apps or websites from your VPN connection. If you want your VPN to encrypt all incoming and outgoing traffic, it’s fine to turn off the split tunneling feature.
ExpressVPN. (2023, Jan 11). Split tunneling not supported on macOS 11 (Big Sur) and above.