Split Tunneling in VPNs is a feature that allows you the flexibility to route your internet traffic via separate tunnels.
You can choose which tunnel your internet traffic is routed on an app-by-app or a website-by-website basis. For instance, consider a situation where you want to interact with devices on the local network while keeping your internet traffic encrypted. An even more relatable problem is when you need more bandwidth for a few apps but want to encrypt internet traffic for the remainder of the apps.
Split tunneling essentially gives you more power over how your data is transmitted. You can either choose the relatively slower, safer tunnel or the faster, not-so-safe tunnel. To understand why encrypted tunnels are slower, you need to know how split tunneling works in VPNs.
How Does Split Tunneling Work in VPNs?
When you connect to the internet and try to access a website, your device establishes a connection directly with the website’s server. There are no middlemen, and your connection speed is whatever your ISP provides based on your internet plan.
Once you connect with a VPN, your device first connects with a VPN server, which subsequently establishes a connection with the website’s server. The VPN server encrypts the data before transmitting it further. Since your data now needs to pass through an intermediary, it slows your connection speeds.
This is where split tunneling provides a lot of value. It helps you find the sweet spot between security and speed since it allows you to transmit a portion of the traffic through a secured and slower tunnel and other data through an unencrypted tunnel.
Best Split Tunneling VPNs
Not all VPNs come with a split tunneling feature, but here are a few of the best ones that do.
#1. ExpressVPN: Split Tunneling Based on Apps
ExpressVPN is one of the few VPNs that support in-app split tunneling. It’s pretty easy to set up. You open the Options window, and the split tunneling is right at the bottom of the General tab.
You can choose the apps you want to exclude from the VPN tunnel, and that’s it. For a VPN as expensive as ExpressVPN, the lack of a website-based split tunneling feature is a downside.
#2. NordVPN: Split Tunneling Based on Apps and Websites
There are several reasons you should consider NordVPN if you want split tunneling. First, it offers split tunneling based on apps as well as websites. App-based split tunneling is readily available on the VPN’s app.
However, the only caveat is that website-based split tunneling is available only through NordVPN’s Chrome extension, which has CyberSec (a lightweight feature that allows split tunneling). Regardless, you do have this option, unlike ExpressVPN. Plus, it costs significantly less than ExpressVPN — something to consider if you’re on a budget.
Types of Split Tunneling
Notice how both VPNs allow you to choose apps for which you want to use VPNs and apps for which you wish to disable the VPN.
While it may look like you could choose either one and move along, you’d be better off with one choice than the other. Let’s get some context on types of split tunneling as we talk about which option you should choose.
Inverse Split Tunneling
This is the method you should ideally use. Inverse split tunneling, in simpler terms, means that you use the VPN for all apps or websites except for the ones for which you add an exception. Think of it as whitelisting apps and websites that you want to connect directly to the internet. You can connect apps that require more bandwidth directly to the internet while keeping the remainder of the traffic encrypted.
App or Website-based Split Tunneling
This is the exact opposite of inverse split tunneling. Instead of whitelisting apps or websites, you set your VPN app to only focus on a few apps, such as online banking apps or torrent clients. The remainder of your traffic goes through your normal internet connection unsecured.
While choosing between the above two types, it is more about being safe than sorry. Since you can whitelist apps that require more bandwidth, it’s best to use inverse split tunneling, add exceptions and encrypt the remainder of the traffic.
When Should You Use VPN Split Tunneling?
Split tunneling is a useful feature and can provide great utility in several cases.
Here are a few split tunneling use-cases:
#1. When you’re doing something that doesn’t require much security, split tunneling will help you get things done faster. For instance, say you’re sending over sensitive information for work, and while it uploads, you’d like to sit back with some chips and watch Netflix. You may use split tunneling so you can use the unsecured tunnel to stream Netflix in HD even as your sensitive data continues to pass through an encrypted tunnel.
#2. When you want to access geo-blocked content without slowing any of your other online activities down. If you’re in China, the great firewall could keep you from accessing a lot of websites. Even if you’re elsewhere in the world, you could use a VPN to access content libraries of other countries on any streaming platform. For instance, some shows are only available on Netflix U.S., but you could access them from anywhere using a VPN. You could use split-tunneling to access geo-blocked content while still getting good connection speeds for other activities.
#3. Accessing network devices can sometimes be a problem if you’re connected to a VPN. If you have a Workgroup set up or want to interact with other devices on your local network, you’d need to disconnect from the VPN. Split tunneling can help you access these devices without having to disconnect from the VPN.
#4. Set up inverse split tunneling if you have a list of apps that you believe don’t require much security. It’s a one-time setup that takes a few minutes. You’ll continue to get good connection speeds on select apps while protecting any other data transmitted from your system.
Risks of VPN Split Tunneling
Remember what’s the primary job of a VPN? It ensures user security and privacy. That’s the number one aspect that pushed the developers to invent something like VPN technology. And for that, it masks your IP address and DNS queries from the attackers. In addition, everything that goes under that encryption tunnel converts data into cipher text.
But once you split that tunnel, whatever goes unencrypted becomes a sitting duck for cybercriminals. It may include data packets exposing your real IP address and DNS requests, which reveal your web activity.
So, a part of your system behaves normally (aka unsafe), which can be compromised. And it’s a whole lot worse if you’re logged into a corporate network. In that case, it can be the entry point for the hacker, who can further jeopardize the entire network.
Therefore, while split tunneling is an excellent time-out from the usual VPN encryption, it’s risky, especially if it isn’t configured properly.
Split Tunnel vs. Full Tunnel
A full tunnel is not standard VPN terminology. As a matter of fact, this simply means the VPN is being used normally without any split tunneling.
It means everything is encrypted, and no packets are sent outside the encrypted tunnel.
Split tunneling, on the other hand, diverts some of that traffic outside the encryption. This can be the less sensitive traffic like online games, streaming, etc.
Is Split Tunneling Safe?
Nothing is inherently unsafe about split tunneling, provided you know what you’re doing. Some claim that split tunneling can compromise the overall security that a VPN offers, but this is a baseless argument.
While any traffic that goes through a VPN tunnel is always safe, the mishaps with split tunneling are often attributable to erroneous setups. For instance, if split tunneling hasn’t been set up correctly, it could open doors for cybercriminals to gain access to your information.
Risks of VPN Split Tunneling
Remember what’s the primary job of a VPN? It ensures user security and privacy. That’s the number one aspect that pushed the developers to invent something like VPN technology. And for that, it masks your IP address and DNS queries from the attackers. In addition, everything that goes under that encryption tunnel converts data into cipher text.
But once you split that tunnel, whatever goes unencrypted becomes a sitting duck for cybercriminals. It may include data packets exposing your real IP address and DNS requests, which reveal your web activity.
So, a part of your system behaves normally (aka unsafe), which can be compromised. And it’s a whole lot worse if you’re logged into a corporate network. In that case, it can be the entry point for the hacker, who can further jeopardize the entire network.
Therefore, while split tunneling is an excellent time-out from the usual VPN encryption, it’s risky, especially if it isn’t configured properly.
Split Tunnel vs. Full Tunnel
A full tunnel is not standard VPN terminology. As a matter of fact, this simply means the VPN is being used normally without any split tunneling.
It means everything is encrypted, and no packets are sent outside the encrypted tunnel.
FAQs
The easiest way to take benefit of split tunneling is by using it with reputed VPN service providers like ExpressVPN, NordVPN, ProtonVPN, etc. Based on the VPN client, it may offer split tunneling based on websites and apps. Besides, the encryption options can be different. For instance, you can select a few apps (and/or websites) to go encrypted and leave others unhindered. Or, choose specific apps to function normally while everything else is encrypted. In the end, it depends on the specific VPN client interface.
The best way to check it is by visiting WhatIsMyIpAddress with a split tunneled web browser. If it’s working correctly, it must show two different IP addresses with split tunneling turned on and off.
Yes. Generally, it’s a one-click toggle to turn on split tunneling after you select the subject websites and applications. And when that’s switched off, the VPN returns to the standard mode (full tunneling), where everything is encrypted.
You can use it if your VPN allows split tunneling and the work computer permits installing that VPN application.
The Tunnel Dilemma 🤔
It doesn’t have to be like Sophie’s choice. Understand that split tunneling is a tool that helps you get the best of both worlds. It allows you to transmit sensitive data through an encrypted tunnel while allowing the rest of the data to be transmitted directly over the internet.
Ideally, use inverse split tunneling and don’t fall victim to misinformed advisors on the internet who claim that split tunneling weakens a VPNs overall security. All data transmitted through the encrypted tunnel is safe — provided you don’t sign up with a shady VPN service provider.