VPN Split Tunneling is a feature that allows users to direct a portion of their internet traffic through an encrypted virtual private network while leaving the rest to be routed through a separate tunnel on the open network. It’s an advanced feature with specific uses that we’ll cover in detail here.
By default, a virtual private network (“VPN”) will route all internet traffic through the VPN server when you are connected. The purpose of a VPN connection, after all, is to secure your all internet traffic and prevent any DNS or unencrypted data from leaking.
But what if you need to…
- …access local network devices?
- …encrypt certain data without slowing down your entire internet connection?
This is where the VPN split tunneling feature becomes useful.
Below we’re going to answer a number of questions related to VPN split tunneling in hopes to give you a clear picture of what it is and how to use it.
Use the links above to jump down to a specific section, or continue scrolling to answer the most common questions about this VPN feature.
Note: Some of the links in this article are affiliate links, which means that at no extra cost to you, I may be compensated if you choose to use one of the services listed here. I only recommend what I personally use and try to remain as unbiased as possible.
How Does VPN Split Tunneling Work?
VPN Split tunneling is a unique technology that gives you control over which data you send through an encrypted VPN connection and which data remains open on the network.
Simply put, a split tunnel gives you complete control over which data is sent over the internet through your VPN connection and which data is kept on the faster, unencrypted open web.
There are a few different ways in which you’ll find VPN split tunneling work.
App-Based Split Tunneling
Some VPN software allows users to choose specific apps to connect through the VPN, which is known as app-based split tunneling.
Using this method, only those apps selected will be routed through the VPN secure connection, while all other internet traffic travels through the regular network.
URL-Based Split Tunneling
Another popular method of implementing VPN split tunneling is by specific website URLs, also known as “URL-based split tunneling.”
With this type of encrypted VPN tunnel, you specify exactly which URLs will require encryption through the VPN. This is usually done via a VPN browser extension.
Any other website that you visit outside that list will not be routed through the VPN tunnel.
Inverse Split Tunneling
In the above two methods, the default for all internet traffic is unencrypted. With inverse split tunneling, the opposite is true.
All traffic is sent through the VPN and you choose exactly which apps or URLs don’t go through the VPN.
Inverse split tunneling is best for those who have specific apps or websites that don’t require a secure VPN connection and would actually do worse with a slower internet connection.
While VPN split tunneling isn’t difficult to set up, it does require users to manually decide and setup which apps and URLs to either include or exclude.
Each VPN client handles this differently, and I’ll share below which I recommend.
What are the Benefits of VPN Split Tunneling?
This is the million-dollar question!
And the truth is, not everybody needs to enable split tunneling. This isn’t like the VPN kill switch feature, which is so useful that some software don’t even give you an option to turn it off.
Because a VPN encrypts internet traffic and routes it through a server in another location, it can sometimes create bottlenecks in bandwidth usage and slow down your internet.
Let’s look at a few instances where using VPN split tunneling would be helpful.
Example 1: The Expat Living Overseas
A Virtual Private Network (VPN) tends to be extremely useful for those living overseas. Not only do they help protect against government spying, they also help bypass internet censorship (such as in China, Saudi Arabia, etc.).
However, the reality is that most expatriates use a VPN for streaming their favorite content.
If the primary goal is to stream geoblocked content, there’s no need to slow down the rest of your internet connection for other activities.
By setting up a VPN split tunnel connection, you can set it up to only route you through the VPN server when you’re using Netflix or trying to access a censored website.
All other traffic is unencrypted (open to security risks) and slightly faster.
Example 2: Working on a Local Area Network
The ability to control your internet traffic can be useful when there are things you need to do on the local area network (LAN).
Say, for example, you need to use a wireless printer at home (that is, of course, connected to your secured home WiFi network!). Often, when you’re on a VPN, the encryption shields you from the local area network, meaning you can’t access LAN devices.
With VPN split tunneling, you can route traffic that needs to be connected to the VPN server while remaining linked to the local area network.
Example 3: Extra Security without Sacrificing Speed
Finally, there are some users who might want extra security when dealing with sensitive data such as banking, email or activism.
In this case, VPN split tunneling allows you the benefit of a secure network connection without sacrificing the speed on the rest of your network connection.
When set up properly, there are some legitimate benefits to using VPN split tunneling, although as I mentioned earlier, it’s not a feature everybody will use.
Is Split Tunneling Secure for VPNs?
While there’s no doubt that VPN split tunneling adds extra security, as with any technology, I always caution against over-reliance on any single feature.
There’s a lot of debate around whether this feature weakens your overall encryption and offers a backdoor for bad players to exploit.
If you’re using split tunneling as a means to stream or unblock content while maintaining the highest available speeds for the rest of your internet activity, you have nothing to worry about.
However, if your primary use of a VPN connection centers on identity protection and data security, VPN split tunneling may end up being a unnecessary liability for you in the end.
VPN Split Tunneling FAQ
Below are some of the most common questions about VPN split tunneling.
No, it’s not bad, but it’s also not always necessary. VPN split tunneling allows routing traffic through a split tunnel: one that has a VPN connection and one that doesn’t. The only bad part of a split tunnel would be the security risks of accidentally sending sensitive data through the wrong tunnel.
If you’re already subscribed to VPNs support split tunneling, there are good reasons to enable the feature. However, for the average internet user, the manual setup opens up unnecessary risks to sensitive data.
Thankfully, a split tunnel is a feature that is easy to turn off in the settings. Depending on your virtual private network, you should find the option under “Split Tunnel” and turn it off. You can also remove the VPN configuration if you prefer.
Best Split Tunneling VPN in 2024
Since split tunneling is not a feature that is offered with most commercial services, it’s worth pointing out which services do it best.
Mind you, I’m only listing services that natively offer the split tunneling feature. You can manually configure split tunneling with most services (i.e. using a browser extension), but I’m not including that here.
Also Note: As far as I know, there are no iOS-based apps that offer VPN split tunneling right now. This is a system feature that hasn’t been opened up by Apple that you can get on Android.
Ok, with that out of the way, here’s a quick list of the best split tunneling VPNs that natively offer this as a feature.
SurfShark – Best Split Tunnel for Windows & Android
- “Whitelister” feature;
- Offers app-based and URL-based tunneling;
- Unlimited simultaneous connections;
- 30 Day Money back guarantee;
VPN split tunneling can be a clunky feature, but Surfshark does the best job I’ve seen making it easy to understand and even easier to implement.
The only downside is that, as of right now, Surfshark only offers it’s “Whitelister” feature for Windows and Android devices. I’ve been told that they’re working on adding the feature to Mac and iOS apps, but it hasn’t yet been rolled out.
As I’ve already noted in my comprehensive Surfshark VPN review, not only is the VPN bypass feature quickly accessible in the app, it’s also easy to implement either by app or by URL.
If you use Windows or Android and this is a feature you’re looking for, I highly recommend Surfshark. It’s an excellent service with unlimited simultaneous connections and very inexpensive plans.
ExpressVPN: Best Split Tunnel for Mac Users
- Split tunneling on a per-app basis;
- Best overall VPN user experience;
- 30 Day Money back guarantee;
Overall, ExpressVPN is one of the top commercial services on the market and offers an amazing user experience no matter what platform you’re using.
If you’re looking for the split tunneling feature on a Mac, ExpressVPN allows you to do so on a per-app basis.
In the general settings, you’ll need to turn on the feature and then select which apps you want or don’t want to encrypt in your connection. You can see what that looks like here:
Of course, since “Netflix” or “Your Bank” isn’t an app on your computer like it is on your phone, this isn’t nearly as helpful for certain types of users.
Still, I can easily recommend ExpressVPN because of it’s best-in-class design and excellent track record. Use the links here to get 3 months of free service with any annual plan!
PureVPN: Best for Android TV
- Split tunneling on Windows, Android and Android TV;
- Numerous connection protocol options;
- 31 Day Money back guarantee;
While PureVPN offers the split tunneling VPN feature on both their Android and Windows apps (sorry Apple users!), it’s their Android TV app that sets them apart here.
If you use Android TV, it is possible to install the PureVPN app, turn on split tunneling and select exactly which apps will be routed through the VPN and which will be open on the network.
I’ve covered details on these features and more in my comprehensive PureVPN review.
The setup screen looks like this:
This is a level of control that you don’t get with many other smart TV VPN apps and can be helpful if you’re wanting to stream certain content from a certain IP address while leaving all others on a faster, open connection.
If you’re an Android TV user, PureVPN is definitely the way to go here.
Essential VPN Features to Consider
As far as the most important VPN features go, VPN split tunneling isn’t very high on the list. It’s useful in very specific cases, but it’s not absolutely necessary for everybody who uses a virtual private network.
For those who are iOS users, you’re going to be hard-pressed to find a way to use split tunneling. For you, either all your traffic goes through a VPN tunnel or it doesn’t.
However, for those using a Mac, Windows or Android device, chances are you’ll easily be able to find a split tunneling VPN that fits your need. As I shared above, I recommend Surfshark for Windows & Android, ExpressVPN for Mac users and PureVPN for Android TV users.