What is Split Tunneling? Everything You Need To Know
Split tunneling is a handy feature that is provided by the top VPNs, and it is very useful in various scenarios. The feature works by separating your traffic such that you leave some applications or websites outside the VPN tunnel.
This functionality brings in lots of benefits. For example, you can leave a local payment app outside the tunnel and send everything else to a server in a different country. You can also decide to only send your torrent client through the tunnel while everything else uses your regular connection.
However, you will need to understand the feature well to make the most out of it and avoid opening yourself up to potential risks. In this guide, we'll explore everything you need to know about split tunneling.
We’ll look at:
- How split tunneling works
- Types of split tunneling
- Benefits of split tunneling
- How to use split tunneling
- When to avoid split tunneling
- Best VPNs for split tunneling.
To understand how split tunneling works, here’s a primer on how a VPN works.
How A VPN Works
When you connect your VPN to a server, it encrypts your entire network traffic and sends it through a secure tunnel to the VPN server you have chosen. From there, you access the internet using the VPN server instead of directly through device.
The tunneling provided by the VPN ensures that the ISP, government, hackers, and other entities can’t intercept your traffic.
How Split Tunneling Works
Now, say you want to keep your VPN connected to a server outside the country, but you don’t want to raise your bank’s suspicion and get your account suspended.
Split tunneling comes in to provide rule-based tunneling. The feature lets your VPN create a tunnel but exempt or only include particular services. For example, if you are in the UK, you can connect your VPN to a server in the US to access American Netflix and other services while excluding BBC iPlayer, ITV, and other UK-based services.
When you exempt an app or website from the VPN tunnel using split tunneling, that service will access the internet using your regular connection.
Different Types of Split Tunneling
There are two main types of split tunnelin
- Regular Split Tunneling: Regular split tunneling encrypts all traffic except services that have been excluded from the tunnel. This is the most popular type of split tunneling.
- Inverse Split Tunneling: This type of split tunneling only allows selected services to go through the VPN. All other services access the internet using the regular connection.
These two types can then be implemented in various ways:
- App-based Split Tunneling: This split tunneling method allows the user to include or exempt specific apps from the VPN tunnel. It is usually provided on desktop and mobile apps.
- Domain-based (Dynamic) Split Tunneling: This method of split tunneling allows users to exempt specific websites from the tunnel. It can be used to exempt IP-sensitive sites such as banking websites or streaming sites.
- Device-based Split Tunneling: This method of split tunneling is used to select the devices that should be tunneled or exempted from the tunnel. It is usually provided on router applets by VPNs such as ExpressVPN.
All these types of split-tunneling are useful for different situations.
Benefits of Split Tunneling
Split tunneling brings about several advantages.
Using a VPN negatively affects your internet connection due to the added encryption and the introduction of a new server. This also increases latency as a new point of connection is introduced. Split tunneling lets you avoid the overhead for services that don’t need to use the VPN.
Split tunneling allows you to have two different connections instead of one. This means that you can take advantage of multiple services that require different IP addresses depending on the region.
Apart from that, you can also access the local network when connected to a VPN, which would not have been possible without the feature.
If your bandwidth is limited, you can conserve it by only passing specific services through the VPN. This is because the added encryption and tunneling to a distant server consume more bandwidth than you normally would. If you are only using a VPN for secure and private browsing, you can encrypt the browser only and leave the other services on the device to use the regular connection.
What Are the Downsides of Split Tunneling?
Split tunneling provides lots of benefits, but it also introduces a few issues that you need to know about before using the feature.
This is the main disadvantage of split tunneling. A VPN is meant to ensure that all internet traffic is relayed through the tunnel such that no third party can compromise your connection. However, the split tunnel leaves parts of your traffic exposed and makes it possible for malicious actors to intrude on your network. To prevent such from happening, we advise that you only use split-tunneling with secure networks, not public hotspots.
Note that in a corporate setup, split tunneling allows employees to bypass rules and restrictions set up on the corporate network. This opens up lots of security loopholes, so the feature needs to be managed appropriately.
To use split tunneling, you will need to make extra configurations on your VPN app. Reverse split tunneling is even more complicated, especially if the VPN doesn't offer that option, and you will have to do it manually. In the case of routers, you will also need to be techy enough to configure the applet. Note that you will need to disable the functionality often to restore full tunneling.
Applications of Split Tunneling
Split tunneling is useful in various scenarios.
Connecting to a Local Area Network (LAN) resources
When you connect to a VPN, it automatically blocks access to the local area network as it establishes a new private connection. Split tunneling makes it possible to access local network resources such as printers while still securing the services that need security, privacy, or anonymity.
Avoiding encryption overhead
If you are accessing resources that need lower latency, for example, if you are near a particular game server, you may want to avoid using a VPN. To do this, you can set your VPN to exclude the particular app through split tunneling.
Avoiding VPN detection
Countries like China, Iran, and the UAE, among other highly censored countries, continually monitor citizens who use VPNs. If you use a VPN that manages to bypass the blocks put in place, the government can still know you are using a VPN through their collaboration with local apps.
If you don't want to end up on the government's radar, you should set all local apps such as WeChat in China to use your regular connection. You can then access restricted apps and services such as Twitter through the VPN tunnel.
How to Set Up Split Tunneling
Split Tunneling is usually provided under Settings or Advanced Settings. However, the feature can have different names depending on the VPN that you are using. Apart from split tunneling, some of the common names are App Rules, Per-App Connection, Application Filter, and Smart Rules.
For this guide, we’ll use ExpressVPN to show you how to set up split tunneling. Other VPNs will also require a similar procedure.
How to Set Up Split Tunneling on ExpressVPN
To get started, you will need to install ExpressVPN on your device and log in using your credentials. If you don't have an account, you can create one here and install the VPN.
- From there, start the app. Click the hamburger menu icon on the top left side and select Options.
- This will open a new configuration window. On the first tab, you should see Split Tunneling. Check the box to activate it, then click Settings.
- This will now give you the option to select the type of split tunneling you’d like to use (regular or reverse). Depending on your needs, select one and then click the + button to add apps.
- You’ll now get a list of suggested apps. You can also select an app that is not included in the list by clicking Add Another App.
- Once you are done, the app will show the apps you have selected. If you are satisfied with the selection, click Ok to proceed.
You have now set up split tunneling!
How to Know If Split Tunneling Is Working
You can know whether split tunneling is working by testing it in several ways.
Test the overall functionality using a browser
There are some applications that won’t let you know whether you are using a VPN or not, so the first thing to do is test the feature using other applications. You can set up your browser to be excluded from the VPN tunnel and then connect to a server outside the country.
From there, head to ipleak.net and check your IP address. If you see your ISP IP address, then the VPN’s split tunneling functionality is working. You can go ahead and set it on your preferred app. Note that if you plan on using reverse split tunneling, that is the option you should use before setting up your browser.
Test it using your desired app
Some applications (apart from the browser) can let you know whether the VPN is working or not. For example, if you plan on encrypting your torrent client only, you can check the regular IP address and the torrent IP address using a tool such as https://ipmagnet.services.cbcdn.com/.
If you are not using split tunneling, it should show your browser IP address and your torrent IP address as the same.
If you have set your browser to use your regular connection and the torrent client to use the VPN, you should see your regular IP address as the browser IP and the torrent IP as the VPN IP address.
Best VPNs for Split Tunneling
ExpressVPN is the leader in the VPN industry thanks to its excellent speeds, superb apps, and best-in-class privacy and security. The VPN provides split tunneling functionality on its Windows, mac (although it’s not available on macOS 11), Android and router apps.
On the desktop apps, you can choose whether you’d like to use regular split tunneling or reverse split tunneling, and the same applies to Android. On the router, you can set specific devices that should use the VPN or the ones that shouldn’t.
ExpressVPN comes with a 30-day money-back guarantee, so you can test it out risk-free.
2. Surfshark VPN
Surfshark VPN has only been around since 2018, but it is already one of the top VPNs in the market. The VPN provides lots of advanced functionalities that include a kill switch, ad blocking, obfuscation, and split tunneling.
The split tunneling feature is known as Whitelister, and it’s available on Windows and Android apps. On both platforms, you can select the apps you’d like to “Route Via VPN,” apps you’d like to “Bypass VPN,” or websites you’d like to “Bypass VPN.”
NordVPN is known for its excellent privacy and security and its huge network that consists of 5500+ servers in 59 countries worldwide. The VPN provides split tunneling alongside other great features such as a kill switch, obfuscation, ad & phishing blocker, Onion over VPN, and multi-hop.
The split tunneling feature is available on Windows and Android. On the former, you can “Disable VPN for Selected Apps” or “Enable VPN for Selected Apps Only.” On Android, the feature “Disables VPN for Selected Apps.”
The VPN can also be installed on other devices such as macOS, iOS, and Linux, and it comes with a 30-day money-back guarantee.
Split Tunneling or No Split Tunneling?
Split tunneling eliminates some problems associated with the use of a VPN, and it also brings extra added benefits. The feature is quite helpful, and if used correctly, you should enjoy the benefits without opening up your device to cybercriminals.
To maximize the security provided by your VPN, encrypt all apps and only exempt a few apps. Apart from that, ensure that the connection you are using is secure, and you should enjoy the benefits of split tunneling without sacrificing security.
What happens to my DNS queries when I use split tunneling?
Normally, VPNs send all your DNS requests to the DNS servers even if you use split tunneling. If you set a third-party DNS within the VPN, this is the DNS that all apps will use.
What is dynamic split tunneling?
Dynamic split tunneling is the use of domains to determine the traffic that should be tunneled, and it applies to browser traffic. Normally split tunneling uses Access Control Lists (ACLs) to determine how it will route traffic.
Is Split Tunneling Safe?
Split tunneling leaves some parts of your traffic unencrypted, reducing the privacy and security of the apps you haven't encrypted. To avoid risks, use regular split tunneling and avoid the feature entirely when using public hotspots.