What is VPN Split Tunneling?

What is VPN Split Tunneling?

There are many advantages to using a VPN. It keeps you anonymous online and makes your internet connection more secure. It can also get you around geoblocking, firewalls, and prevent bandwidth throttling.

That said, there is no such thing as a free lunch. Unfortunately, using a VPN also has some downsides – the biggest of which is it can slow down your connection.

Thankfully, there is a way we can have the best of both worlds.

After all, not all your internet traffic needs to go through a VPN and take a performance hit. Yes, it makes sense to anonymize your torrent download. But, the Netflix show you’re streaming at the same time can safely pass over your regular internet connection.

This is where a nifty VPN feature known as split tunneling comes into play.

What is split tunneling?

VPN split tunneling makes it possible for only some of your device’s traffic to pass through the encrypted VPN connection. Everything else uses your regular internet – as if you didn’t connect to the VPN at all.

It’s a more advanced feature that many of us choose not to use (or simply don’t know about). It’s also not offered by a good chunk of VPN providers – even many top-ranked ones.

But, when it’s available, it can be a very useful tool indeed.

How split tunneling works

While there are several ways to implementing split tunneling (which we’ll get to shortly), they all work similarly.

At its most basic, split tunneling works by comparing the source or destination of your internet traffic against a defined set of rules. Those rules tell your device how that data should reach the internet.

If the rules say the traffic is something you would like to protect, it’s encrypted and sent through the VPN. If protection is not needed, the data goes out over your standard internet service provider (ISP) connection.

Diagram of how VPN split tunneling works

It’s as simple as that.

Types of VPN split tunneling

There are a few ways we can configure split tunneling. Which methods are available will depend on your VPN provider.

  • Application Based

    The easiest, quickest, and most common way to enable split tunneling is on a per-app basis.

    Here, all you do is tell your VPN client which apps it should route through a VPN. Everything else is left alone to use your regular unsecured internet.

    This method lets you do things like anonymize uTorrent app traffic but nothing else.

  • Destination Based

    Destination based split tunneling lets you pick which websites or online services you access over the VPN. You’ll typically be able to do this based on the domain name or IP address.

    You can then, for example, use one Chrome tab to browse Facebook as per usual and another to send all traffic to and from your bank through an encrypted VPN tunnel.

    Some VPN providers go even further and let you list specific URLs instead of domains (ex: mybank.com/login vs. mybank.com). In practice, though, you very rarely have to break things down to that level.

  • Device Based

    You can use device based split tunneling to send all traffic from some of your devices but not from others through a VPN server. This method is a bit more advanced – you will need to run a VPN on your router to use it.

    Once set up, though, it lets you do things like have your SmartTV use the VPN to stream Netflix from another country while your phone and computer remain local. Very handy.

    The other advantage of device based split tunneling is that it works even if the VPN provider doesn’t support split tunneling. As long as you can install the VPN on a router (which plenty of VPNs let you do), you can take advantage.

  • Inverse split tunneling

    By default, all methods mentioned above will send traffic through the VPN. You have to explicitly call out which data should use your regular ISP connection.

    Inverse split tunneling reverses that. Unless you say otherwise, all your data will go out over your unsecured internet.

    Most providers let you switch to inverse split tunnelling by clicking a checkbox. It’s a handy feature when you only want to use the VPN for a few things.

Why use split tunneling

VPN split tunneling offers many benefits. And while not all of us need to use it, it is very useful in some situations.

Some of the more common reasons you may want to turn on split tunneling include:

  • Not taking a speed hit and sending low-security, high-bandwidth applications (like video streaming) over the public internet, instead of a VPN
  • Reducing lag time on latency-sensitive applications (like gaming) by not sending them through the VPN
  • Having access to other LAN devices on your local network (printers, scanners, external storage, etc.) while using a VPN
  • Accessing at the same time a mix of local services and geo-blocked or censored content from abroad

Those are but a few examples, and the above list is far from exhaustive.

Is split tunneling safe?

Split tunneling is safe to the same degree as your regular internet connection is safe.

In the worst-case scenario, split tunneling sends none of your traffic over the VPN – as if you didn’t connect to one at all. That’s as dangerous as using a split tunneling feature gets – so, in a home network setting, not at all.

My general rule is if I’m in a situation where not using a VPN is risky, I don’t turn on split tunneling – it’s all or nothing.

Using a public WiFi or an unsecured network are good examples of where I won’t split my traffic. If my device connects to one of those, it’s always 100% over a VPN.

The Best VPNs with Split Tunneling

Most VPN providers do not natively implement split tunneling. In fact, among the best of the best, only a handful have it. Those that do are listed below.

Please note that, because of operating system limitations, at this time, no VPN providers support split tunneling on iOS (at least as far as I know).

Surfshark

Surfshark logo

Surfshark does an excellent job of implementing split tunneling in a way that is easy to understand and configure. They’re my favorite provider to use it with.

You can configure the feature – which Surfshark calls Whitelister – by listing apps, websites, or IPs. Mobile devices only support websites and apps, but inverse split tunneling is available on all platforms.

Surfshark split tunneling

Surfshark is also easy to install on routers if you want to give device based traffic control a go.

On the downside, Surfshark currently offers split tunneling on Windows and Android only. While Mac and iOS versions are coming (or so I’ve been told), there is no ETA.

Overall, Surfshark is an excellent provider – one of the best out there. You get plenty of features, great performance, and unlimited connections.

And they’re the least expensive top-tier VPN too!

View Surfshark’s Deals >>


Private Internet Access

Private Internet Access logo

PIA is a VPN that’s always had a loyal following – that, in my book, is a sign of quality.

And indeed, they don’t disappoint. Split tunneling is, of course, available, and you can use the feature on all Windows, Mac, and Android devices.

Private Internet Access split tunneling

Desktops will let you control your traffic based on either app or IP address, with inverse split tunneling as an option. Android devices limit you to filtering on a per-app basis only.

I prefer to filter based on a website instead of IP address, a la Surfshark – the IP may change at any time without you knowing. But still, having the extra bit of flexibility can be useful.

You should also note that PIA does not work with Netflix all that well, if that’s something you intend to do.

Beyond that, though, it’s a provider you can’t go wrong with. And with a 30-day risk-free money-back guarantee, you get plenty of time to make that call for yourself.

View PIA’s Deals >>


ExpressVPN

ExpressVPN logo

Arguably the most recognized name in the VPN industry, ExpressVPN is another provider you would be hard-pressed to go wrong with.

With ExpressVPN, you can split tunnel your traffic per app, with a more rudimentary version of inverse split tunneling also available.

ExpressVPN’s excellent Windows, Mac, and Android clients all support the feature. Once again, though, iOS devices are left out in the cold.

Enabling split tunnelling with Express VPN

If app based filtering is all you need to do, you’ll be very happy with ExpressVPN.

But, because on desktops, you usually access your bank or Netflix with a browser, no website or IP based split tunneling is a bit of a shortcoming.

Still, ExpressVPN is an easy recommendation. Very few providers have as good of a track record as they do.

View ExpresVPN’s Deals >>


PureVPN

PureVPN logo

Last but not least is PureVPN. Split tunneling is a new addition to their feature list. It comes with the Windows, Mac, Android, and Android TV versions of their client.

Because of its recency, split tunneling still shows up as in beta on Windows and Mac – you need to opt in to use it. But, despite that label, it works well.

Enabling split tunnel in PureVPN client

On all supported platforms, PureVPN lets you filter traffic solely based on the app. Of course, inverse split tunneling also available.

Android TV support is what really sets PureVPN apart from the other providers, though. If you have an Android TV box or a television with it built it, this is the VPN for you.

And even if you don’t, with big recent improvements to speeds and a big server network spanning 73 countries, PureVPN is still well worth considering.

View PureVPN’s Deals >>


How do I know if my VPN has split tunneling?

You should have a good idea if your VPN has split tunneling by looking at the features list on their website – if it’s supported, they will advertise it. Take PureVPN’s page, for example:

Split tunneling on PureVPN's features list

It’s hard to miss.

You can also explore your VPN client’s settings menu. There too, you should pretty quickly come across split tunneling if it exists.

If you’re still unsure or don’t feel like doing detective work, ask your VPN’s customer support. It’s an easy question for them to answer, and then, you’ll know for sure.

Is split tunneling hard to set up?

As long as the VPN service you’re using offers split tunneling as a feature, setting it up is dead simple. All you need to do is go to your VPN client settings to enable and configure it.

Here is how you would do that with Surfshark:

Finding split tunneling in Surfshark's settings
Configuring Surfshark split tunnel

Things do get trickier if you want to control traffic flow based on the device or if your VPN does not natively come with split tunneling.

To use device based split tunneling, you need to get the VPN running on your router. Most VPN providers let you do that and will give you detailed step-by-step instructions. But, it won’t be as easy as clicking a few buttons.

If your VPN does not offer split tunneling, you can also configure it through your operating system.

Operating system-level split tunneling works on Windows, Mac, or Linux computers and routers. But, the setup can get quite technical and is beyond the scope of this guide.

It’s far easier and time-efficient for the vast majority of us to instead switch to a VPN providers that has it.

Can you use split tunneling on a mobile

If you’re an Android user, yes, you can use split tunneling on a mobile device. Assuming your VPN provider supports it, all you have to do is head over the app settings and enable it.

This is how you can access it on Surfshark’s Android client:

How to enable Whitelister on Surfshark's Android client

For iOS users, the news is not as good. Because of operating system restrictions, no VPN provider currently implements split tunneling on iPhones or iPads.

An Important VPN Feature?

Is split tunneling the most important VPN feature there is? No. It’s nowhere near as vital as, say, a kill switch.

That said, it can certainly be very useful.

If you’re an iOS user, you are, unfortunately, out of luck. Apple has not yet made implementing split tunneling possible.

For everyone else, enabling and configuring the feature is only a few clicks away.

The Mac users among us do have to limit themselves to using either ExpressVPN or Private Internet Access. But, if you’re on Windows or Android, split tunneling is also offered by Surfshark and PureVPN (and the latter even supports it on Android TV).

The bottom line is this. If it’s the best of both worlds you’re after – using local services while remaining anonymous online and accessing geo-blocked content all at once – split tunneling is what you need.

About Tim Tremblay

Tim is the founder of Fastest VPN Guide. He comes from a world of corporate IT security and network management and knows a thing or two about what makes VPNs tick. Cybersecurity expert by day, writer on all things VPN by night, that’s Tim. You can also follow him on Twitter and Quora.

Leave a Comment