VPN Split Tunneling: What It Is and When to Use It

Split tunneling is a feature that enables you to define the applications or devices that access the internet using a virtual private network (VPN), giving you a way to enhance security around sensitive data while speeding up access for other applications. It allows you to balance your security and functionality VPN needs.

With a VPN, you can add a layer of security to your everyday internet activities. VPNs encrypt data traveling across the network, making it unusable to anyone without the decryption key. Even if a malicious actor managed to intercept your information while you were using a public Wi-FI network, using a VPN means they won’t be able to read or use it.

By understanding how split tunneling works, you can determine whether the benefits outweigh the negatives and make an informed decision about which VPN provider is right for you.

How does split tunneling work?

Split tunneling creates rules for how data travels across your network, which can be visualized as two different traffic routes. Sensitive data can be routed to the VPN’s server for encryption, while the regular server handles all other data as normal.

When you set up your VPN, you can create rules for which information needs to go through the encrypted VPN tunnel. For example, you might want to access your banking applications through the VPN to protect your personal information. Meanwhile, your regular online activities, like checking news or streaming sports, can be on an unencrypted, faster connection.

Types of split tunneling

If you want to try split tunneling, you should understand the three basic types so that you can make an informed decision.

URL-based

URL-based split tunneling typically uses a VPN browser extension. With this process, you specifically add URLs that you want to access through the encrypted channel. For example, if you access your health records through an online portal, you may want to require encryption for that connection.

App-based

Like URL-based, app-based split tunneling is a method where you specifically choose applications that connect to the internet using the VPN. For example, you may want to use your VPN for money transfer apps like PayPal, CashApp, or Venmo.

Inverse

App-based and URL-based split tunneling require you to decide what traffic goes through the VPN. With inverse split tunneling, everything goes through the VPN except the resources that you specify don’t need encryption. Inverse split tunneling defaults to protecting data, helping you reduce the likelihood that you’ll forget to require encryption for an important application.

Benefits of using split tunneling

If you’re trying to balance data protection with internet usability, then split tunneling can provide several benefits.

Improve internet speed

When you enable split tunneling, you get better connectivity. When you send all your data through the VPN server, it creates a digital traffic jam as all requests try to merge into a single server “lane.” By sending less data through the VPN server, you reduce the VPN’s data use, improving internet speed.

Avoid data limits

If your VPN service has data limits, then split tunneling allows you to reduce the amount of data that goes through your VPN. By focusing on the data that needs the most protection, you can improve security while staying within limitations.

Secure remote access

Some companies use split tunneling to enhance their security. They require remote employees to access corporate resources through the VPN while allowing them to browse the web without the added protection. This gives companies a way to balance speed and security, especially when employees use public wireless networks.

Connect to multiple networks

Essentially, split tunneling creates two separate network connections. You can use split tunneling to access your corporate network while still accessing other resources, like local printers, on your home network.

Leave your VPN on

Some applications use your IP address to authenticate you or block traffic coming from known VPN servers. You can route traffic to these applications through your regular internet connection without having to switch your VPN on and off to access them.

Get around VPN blocks

Some websites block VPNs because malicious actors use them to perpetrate fraud or spread malware. For example, cybercriminals use VPNs to hide where their web traffic originates when committing ad fraud. By turning on split tunneling, you can still access the sites that block VPN use while keeping your other internet activity encrypted.

Additionally, some streaming services have VPN blocks to prevent people from using them to access geographically restricted content. For example, with split tunneling, you can watch Netflix with a VPN without any hassle.

Protect online video gaming

Remaining anonymous when gaming online has become increasingly important, especially if you’re worried about someone finding out your location or malicious actors deploying a distributed denial of service (DDoS) attack against your home network. Split tunneling allows you to hide your location when gaming while still sending other traffic through the higher-speed network.

Risks of using split tunneling

Although split tunneling provides several benefits, it’s not a perfect security and privacy solution.

Lack of control

Many companies require employees to use a VPN because routing all traffic through one server gives them a way to set up additional security controls, like using intrusion prevention systems (IPS) that look for malicious content.

Malware attacks

Malware starts by infecting your devices and then exploits your ability to interact with networks and applications. With split tunneling, some of the user IDs and passwords remain unencrypted. If you reuse credentials, then the ones compromised place other resources at risk.

DNS leaks

Every time your computer sends a request to a website or app, the information is visible to your internet service provider (ISP). A DNS leak is when the requests somehow end up outside the VPN’s encrypted tunnel with all browsing activity visible, including IP address, geographic location, and web searches.

Misconfigurations

If you accidentally forget to add a URL or application to your VPN split tunneling rules, then you don’t have the protection you want. For example, if you want to secure your banking activity with app-based and URL-based split tunneling rules, you need to proactively include both the website and the downloaded application.

How to turn on split tunneling

Although split tunneling sounds confusing, most VPN providers make it easy for people to use.

Find a VPN provider

If you want all the benefits of split tunneling, then you’ll need to find a service provider. Typically, split tunneling is only available if you’re paying a subscription fee. Some VPN providers that offer split tunneling include NordVPN, ExpressVPN, and Surfshark.

You also need to make sure that the service you choose enables split tunneling for your current operating systems. For example, some VPNs only work with Microsoft Windows 10 or later. Meanwhile, others don’t offer split tunneling for macOS.

Open settings

Depending on the application, you will end up going to any of the following areas in your VPN app.

• Settings
• Options
• Preferences

Activate and configure split tunneling

From here, you can “turn on” split tunneling. Depending on the VPN service, you might see different options like:

• Manage on a per-app basis
• Disable VPN for selected apps
• Enable VPN for selected app only

Many VPNs give you the option to click on a button labeled Settings or Add Apps. In Windows, this will open up the list of applications that the VPN can protect, including:

• Browsers, like Chrome or Firefox
• Streaming media, like Spotify or Netflix
• Communication tools, like Slack or Teams

If you’re worried about potential privacy and security configuration mistakes, your best option is to use the “disable for selected apps or URLs” option. This will default to sending requests through the VPN service. Basically, everything is protected except the items you tell it to leave public.

Split tunneling FAQs

Bottom line

If you want to balance data protection and usability, split tunneling is a useful technique. By understanding how to configure split tunneling appropriately, you can get faster internet speed while enhancing data security and privacy.

When choosing a VPN, you also need to understand that beyond encrypting data, the service hides your physical location behind a fake IP address. The process makes some streaming services mistake this for IP spoofing, which can get in the way of seeing your favorite shows or listening to your favorite music. If you're considering a VPN for privacy reasons, you can review our list of best VPNs.