What is VPN split tunneling, why and when should you use it?
Amidst the growing content censorship and geo-restrictions, VPN services have gained significant popularity among internet users. However, changing online locations also means that the users should surrender their access to local content, something infeasible for many. That’s where split tunneling helps VPN users manage their browsing requirements.
Split tunneling is a dedicated feature that allows your VPN to divide your internet traffic into two streams. One of these streams regularly goes through your ISP, and the other one passes through the VPN with full encryption and IP masking. That’s how it lets you browse content from other regions without losing access to the local stuff.
For instance, if there are any specific nodes within your local network that you won’t be able to access from an external server, you need to keep your local traffic open and your IP looking like your actual physical IP. At this point, split tunneling lets you have some of your traffic private at the same time while saving you a little bandwidth.
In most cases, your VPN’s apps or software will allow you to choose the applications on your device that should send their traffic through the VPN or your regular connection.
But do you really need split tunneling for your traffic? Is there any risk involved in this? Which VPN vendors will let you do it?
Read along to find the answers to all these questions and the information you will ever need to make split tunneling work for you.
Our short final analysis if you’re in rush right now
Split tunneling is not the best way to go if you are serious about anonymity, security, and privacy. But it’s an incredible feature if all you need is protection on some apps and services you use without compromising your overall speeds and loading times. If that’s you, NordVPN is the best split-tunneling VPN you can give a try!
Split tunneling: How does it work?
Split tunneling is an intelligent VPN tool that grants you much more control over your traffic. With this feature, you can choose which data goes through your regular channels, which are faster but unencrypted, and which traffic must be secured by your VPN’s encryption and IP masking capabilities.
So how does split tunneling work? To understand this phenomenon, let’s first look at how a VPN server works at the basic level.
Your regular ISP service gives you a direct connection to the internet. All your traffic, incoming or outgoing, goes through that connection. Then, adding a VPN to the mix establishes a secure tunnel between your device and a VPN server before reaching the internet.
In this way, you don’t surf the internet directly, but the VPN server does it for you. The data transmitted from your device first passes through the VPN server that encrypts it and assigns its own IP address to your traffic. Consequently, the outside world won’t know your IP address — instead, they see the server’s IP as yours.
This encryption makes it impossible for any third party to track your activities. That’s because, without the decryption key, everything looks like white noise to them. Also, any external observer would find your online traffic transmitting through a single node in the net.
Because when you’re using a VPN, everything needs encryption on your device and then decryption on the VPN server, and all your data is routed through a single server, using a VPN costs you a little in terms of connection speeds. Still, it often is something that you won’t notice in terms of functionality.
So until now, everything you do goes to the internet through a single connection, whether your ISP’s regular one or your VPN’s server. Here’s where split tunneling comes in: it opens two simultaneous connections to the internet. In this way, you can choose which online activities are sensitive enough to get VPN protection, while you can have the rest of your traffic for your regular ISP connection, so it doesn’t slow down your other activities.
Flavors of VPN split tunneling
The principle for deploying VPN split tunneling is quite simple. But when it comes down to implementation, the devil is in the details, as there are several ways to achieve the same goal. Here are the most frequent ones:
- URL-based: This mode is usually available when you use your VPN’s browser extension. With this option, you choose which URLs you want encrypted and which ones to remain open.
- App-based: Here you’d choose the applications in your device or operating system whose traffic you want to be VPN-protected. Everything else goes through your regular channel, that is, your ISP.
- Inverse (or Inversive): In this mode, your entire internet traffic passes through your VPN unless you specify otherwise. In simple words, with inverse split tunneling (also known as “split-exclude”), you choose which apps should not use your VPN connection.
- Device-based: This type of split tunneling is typically available with router VPN clients. It allows you to configure your router VPN to allow specific devices bypass or use VPN tunnel. It is similar to app-based split tunneling, but it works at device-level. For example, you can specify your PC to always use VPN, and/or your mobile phone to bypass encrypted traffic.
VPN split tunneling and security: How secure is this feature?
VPN split tunneling can’t possibly be as secure as sending all your traffic through your VPN server. However, if you set everything up correctly, know what you’re doing, and make sure that all the data that goes through your open connection is not sensitive, then split tunneling could give you the right balance between security and functionality.
And while split tunneling can’t ever be as secure as the full VPN connection, it remains better than not having any VPN protection at all. So, yes, go ahead and split your internet usage if you must. But, be wise. Any data you need to keep private or too sensitive should not remain on the open connection.
But, this doesn’t mean split tunneling is insecure at all. Although, some people defend the idea that split tunneling brings down the strength of the encryption in your overall connection. Yet, this notion is utterly baseless and depicts a lack of understanding about cryptography.
Split tunneling: The pros and cons
When it comes to security, any measure you take comes with advantages and disadvantages. Split tunneling is no exception.
Here is a quick look at why, or why not, you should consider using split tunneling if your VPN offers it.
The advantages of split tunneling
- It’s more efficient with connection speeds. In addition, having two connections for your traffic prevents bottlenecks because you’re not forcing every packet to go through the secure tunnel.
- Connection versatility. Split tunneling allows you to connect to two networks simultaneously. In this way, you can be on your local corporate network as usual, while simultaneously accessing a foreign network. And you don’t need to sacrifice either connection.
The disadvantages of VPN split tunneling
The main reason to avoid split tunneling is security. It obviously can’t be as safe as having all of your traffic routed through the VPN.
Leaving part of your internet traffic unencrypted somehow risks your overall privacy, leaving you vulnerable to traffic interception, online tracking, and other threats.
The risks of split tunneling
Ironically, every security measure you can implement implies accepting some risks. But that’s the way of digital technology, and it applies to split tunneling as well. Below are some of the common risks associated with using this feature.
- Bypassing security measures. That also include proxy servers which help keep your traffic safe.
- Completeness. If you’re going to go with split tunneling, you have to set everything up all the way or not touch it at all. If you leave any loose ends hanging, any hacker worth its salt will have a field day with your traffic.
- Risking corporate security. If any of your staff members or colleagues at your workplace uses an insecure network, that could be the weakest link in the chain, putting the whole business system in danger.
- It empowers users against corporate or academic permissions. Your company or your school indeed has a policy about sites that should not be accessed by workers or downloads that shouldn’t take place within the network. The split tunneling connection allows for users in your network to do whatever they want, as if they were not inside your network, through the VPN connection while their traffic in the open part of the traffic will look normal.
- Corporate IT becomes blind. Your IT people won’t be able to tell if one of the company’s employees is wasting his working time on forbidden sites or using risky networks.
So, as you can see now, VPNs are all about empowering end-users. But if you are those users’ employers, how powerful do you want them to be?
When to use split tunneling
Split tunneling’s primary use case is to protect your most sensitive data without losing too much of your internet speed. If you know the data you must keep private and you’re willing to take the time to set up your connection correctly, VPN split tunneling will be an excellent feature for your user experience.
VPN split tunneling can be exceedingly helpful in many scenarios; here are some of them:
- Enhancing security without compromising transfer speeds. Every internet user on the planet loves to browse with high speeds while having their online activities protected without sacrificing functionality. Not every action you perform on the internet requires the same degree of security, of course. Online banking, some email exchanges, transferring confidential files are examples of activities that need the utmost care. But for other activities, like browsing the web for news or other relatively trivial things, you would probably be fine with giving up the basic security fast speeds. That’s where VPN split tunneling might facilitate you.
- Connecting to your LAN (Local Area Network). Your LAN is where you perform your daily work, so you need to have unfettered access to it. But, when using VPNs, you remain outside your LAN because your local server will consider you’re not in the right physical place. Here, split tunneling helps you choose which apps should use your LAN’s resources while allowing the rest to go to the broader internet, but securely.
- Being abroad. Living overseas has always been a tricky thing. While it’s a cliché that the internet knows no borders, every website tracks users’ physical locations. Many of them are programmed to accept connections only from a limited zone or offer different content to users from other countries. Countries like China or Saudi Arabia are notorious for the blockages they inflict on their internet users. But even Netflix won’t show a Brazilian user the same catalog of videos that it will show to a US-based client. So, while the internet is not a real-estate business, the location remains a crucial variable in many instances. A VPN connection will show you as a user connecting from elsewhere in the world, depending on the server you choose. In that way, you can use the encrypted portion of your data flow to enjoy many activities unavailable to the rest of the users in your local network or jurisdiction. That too, without sacrificing the functionality you need from your local resources.
How to use split tunneling
Setting up split tunneling depends on the VPN you choose. Nonetheless, there is a general procedure that applies to most cases:
- Open your VPN app and sign in.
- Find the split tunneling setting in your app’s menu before you connect.
- Add all the apps you want to be protected by the VPN servers. If your provider uses inverse split tunneling, choose the ones you don’t want to cover.
- Ensure that split tunneling is enabled.
- Connect to the VPN.
Full tunnel vs. split tunnel: What is the difference?
If you are in full tunnel mode, every single byte of your incoming and outgoing traffic goes through your VPN server.
In contrast, according to your setup, the split tunnel allows some of your data to reach the internet through your regular ISP’s open connection.
It follows that full tunnel connections are safer because they encrypt all of your traffic instead of a fraction. Yes, that extra security comes at the price of slower speeds when using a VPN, but it’s safer nonetheless.
Best VPNs for split tunneling
Many of the best VPN vendors support split tunneling connections. Here are some of those finalized after thorough tests and research.
You can manage NordVPN‘s split tunneling through a Google Chrome or a Mozilla Firefox browser extension. This makes it very easy for you to pick the URLs you want to be encrypted.
The Surfshark feature is effortless to use, and it’s versatile because it admits both per-app and per-URL setups. The one drawback with this network is that the option is available only in Windows and Android apps.
ExpressVPN is one of the best VPNs in general, but it shines particularly brightly in the split tunneling arena. It’s available in Windows, macOS, Android. You can set it up on your WiFi router as well.
The configuration is on a per-app basis. This feature keeps things very simple for most users, but if you’re working from a computer, for the most part, you could find that it’s not so helpful.
Split tunneling allows you to keep your most sensitive data safe without lowering your internet speeds. But that gain in speed comes by sacrificing some of your privacy and anonymity online, leaving part of your online activities unsecured.
In short, split-tunnel connections are not the way to go if you are serious about your security, anonymity, and privacy. Instead, you’ll be better off if you take advantage of your VPN’s power for all of your traffic.
However, nobody knows your online habits better than you do. So you’re the one who can decide if not everything you do online needs to be encrypted by a VPN. Furthermore, you can decide if all you need is a bit of extra protection that doesn’t compromise your system’s functionality regarding speeds and loading times. If that’s who you are, then split tunneling is all you need.
Frequently Asked Questions
About the author
Abeerah is a passionate technology blogger and cybersecurity enthusiast. She yearns to know everything about the latest technology developments. Specifically, she’s crazy about the three C’s; computing, cybersecurity, and communication. When she is not writing, she’s reading about the tech world.