What is VPN split tunneling, why and when should you use it?

Abeerah Hashim Last updated: November 19, 2022 Read time: 14 minutes Disclosure

Split tunneling opens two simultaneous connections to the Internet for you. We explain how this handy feature works, list the top VPNs that support it, and more.

Sneak peek at Split Tunneling

Most VPNs offer a dedicated “Split Tunneling” feature that allows users to access local and foreign content simultaneously. It divides the internet traffic into two main streams. One moves through your regular ISP route, while the other passes via VPN connection with encryption and spoofed IP. You can easily control the data you want to send either unencrypted or under the VPN protective shield. In short, split tunneling protects the user’s sensitive data without interfering much with the system’s functionality.

Amidst the growing content censorship and geo-restrictions, VPN services have gained significant popularity among internet users. However, changing online locations also means that the users should surrender their access to local content, something infeasible for many. That’s where split tunneling helps VPN users manage their browsing requirements.

Split tunneling is a dedicated feature that allows your VPN to divide your internet traffic into two streams. One of these streams regularly goes through your ISP, and the other one passes through the VPN with full encryption and IP masking. That’s how it lets you browse content from other regions without losing access to the local stuff.

For instance, if there are any specific nodes within your local network that you won’t be able to access from an external server, you need to keep your local traffic open and your IP looking like your actual physical IP. At this point, split tunneling lets you have some of your traffic private at the same time while saving you a little bandwidth.

In most cases, your VPN’s apps or software will allow you to choose the applications on your device that should send their traffic through the VPN or your regular connection.

But do you need split tunneling for your traffic? Is there any risk involved in this? Which VPN vendors will let you do it?

Read along to find the answers to all these questions and the information you need to make split tunneling work for you.

Our short final analysis if you’re in a rush right now

Split tunneling is not the best way to go if you are serious about anonymity, security, and privacy. But it’s an incredible feature if all you need is protection on some apps and services you use without compromising your overall speeds and loading times. If that’s you, NordVPN is the best split-tunneling VPN you can give a try!

Split tunneling: How does it work?

Split tunneling is an intelligent VPN tool that grants you much more control over your traffic. With this feature, you can choose which data goes through your regular channels, which are faster but unencrypted, and which traffic must be secured by your VPN’s encryption and IP masking capabilities.

So how does split tunneling work? To understand this phenomenon, let’s first look at how a VPN server works at the basic level.

Your regular ISP service gives you a direct connection to the internet. All your traffic, incoming or outgoing, goes through that connection. Then, adding a VPN to the mix establishes a secure tunnel between your device and a VPN server before reaching the internet.

In this way, you don’t surf the internet directly, but the VPN server does it for you. The data transmitted from your device first passes through the VPN server that encrypts it and assigns its own IP address to your traffic. Consequently, the outside world won’t know your IP address — instead, they see the server’s IP as yours.

This encryption makes it impossible for any third party to track your activities. That’s because, without the decryption key, everything looks like white noise to them. Also, any external observer would find your online traffic transmitting through a single node in the net.

Because when you’re using a VPN, everything needs encryption on your device and then decryption on the VPN server, and all your data is routed through a single server, using a VPN costs you a little in terms of connection speeds. Still, it often is something that you won’t notice in terms of functionality.

So until now, everything you do goes to the internet through a single connection, whether your ISP’s regular one or your VPN’s server. Here’s where split tunneling comes in: it opens two simultaneous connections to the internet. In this way, you can choose which online activities are sensitive enough to get VPN protection, while you can have the rest of your traffic for your regular ISP connection, so it doesn’t slow down your other activities.

Flavors of VPN split tunneling

The principle for deploying VPN split tunneling is quite simple. But when it comes down to implementation, the devil is in the details, as there are several ways to achieve the same goal. Here are the most frequent ones:

  • URL-based: This mode is usually available when you use your VPN’s browser extension. With this option, you choose which URLs you want encrypted and which ones to remain open.
  • App-based: Here you’d choose the applications in your device or operating system whose traffic you want to be VPN-protected. Everything else goes through your regular channel, that is, your ISP.
  • Inverse (or Inversive): In this mode, your entire internet traffic passes through your VPN unless you specify otherwise. In simple words, with inverse split tunneling (also known as “split-exclude”), you choose which apps should not use your VPN connection.
  • Device-based: This type of split tunneling is typically available with router VPN clients. It allows you to configure your router VPN to allow specific devices bypass or use VPN tunnel. It is similar to app-based split tunneling, but it works at device-level. For example, you can specify your PC to always use VPN, and/or your mobile phone to bypass encrypted traffic.

VPN split tunneling and security: How secure is this feature?