What Is VPN Split Tunneling?

Split tunneling is a setting within certain VPN software applications.

When you request a website, application, or service on the internet, the software decides whether that traffic needs to be routed through the VPN’s encrypted tunnel based on the rules you’ve specified.

These rules may refer to the application being used, or the website or IP address you’re accessing.

The traffic you’ve included travels through the VPN’s encrypted tunnel to the VPN server. Your request is then forwarded to the public internet, with your IP address hidden.

Traffic that you’ve excluded is routed directly to the internet, just as it would if you were browsing without a VPN.

Excluded traffic isn’t slowed down like typical VPN traffic, but your IP address isn’t hidden. Websites that require your real IP address or location will therefore work as normal.

The Different Types of VPN Split Tunnel

There are three different ways that a VPN service typically splits your web traffic:

There are also two different ways that you can choose which websites or apps are inside the tunnel:

In the following section, we’ll detail the benefits of split tunneling for users on both private and corporate networks:

1. You Can Keep Your VPN Switched On

Some applications and services simply won’t work with your VPN switched on. They might require your home IP address for authentication, or they might block traffic from known VPN servers altogether.

If you keep your VPN switched on permanently for full protection, you might find yourself turning it off from time to time when you need to use one of these apps or services. It’s a nuisance, and it risks you leaking data if you forget the VPN is off.

Split tunneling stops you from having to do that by enabling you to specify which apps go through the VPN tunnel.

2. Speed Up Your Connection

Using a VPN service is slower than connecting directly to the web. The extra hop to the VPN server takes some time, and the encryption that the VPN performs also causes a delay.

Among the top five fastest VPNs, you’ll typically see a connection slowdown of between 1% and 10% when connecting from the US (New York) to the UK (London), or an equivalent distance.

By using split tunneling, you can speed up the performance of apps and websites that do not need to be routed through the VPN.

3. Reduce Mobile Bandwidth Consumption

If you have a cellular plan with a fixed data cap, you’ll reach your limit faster with a VPN. In fact, you’ll consume between 4% and 20% more data with a VPN compared to browsing the web without one.

Using split tunneling, you can choose which applications go through the VPN tunnel so you can avoid using more cellular data than you need to.

4. Avoid VPN Data Limits

While most premium VPNs offer unlimited data usage, free VPNs often apply a monthly limit to the amount of data you can route through their network.

Some free VPNs with data limits such as Windscribe Free and Hide.me support split tunneling, which means you can stretch your VPN data allowance as far as possible.

5. Protect Your Torrenting Traffic

A VPN service is essential for torrenting safely and hiding your identity from copyright trolls. If you want to secure your P2P activity and access less sensitive services simultaneously, you can use split tunneling to encrypt your torrenting activity whilst leaving the rest of your browsing untouched.

6. Protect Your Gaming Activity

The use of VPN services is becoming more common in the online gaming community. Many gamers are concerned about exposing their real location, while others are looking to avoid distributed denial of service (DDoS) attacks on their network.

Using a VPN service hides your IP address, so you can’t be identified or targeted. However, gaming is incredibly data-intensive. In this case, split tunneling allows you to protect your gaming activity while routing the rest of your traffic elsewhere.

7. Access Local Network Resources

You may have heard that directing your device traffic through a VPN can cause difficulties when connecting to devices on the local area network (LAN), such as a wireless printer. Some websites recommend using split tunneling as a solution to this problem.

We’ve tested this issue with a few popular VPN services including ExpressVPN, Proton VPN, and PrivateVPN, and we recorded mixed results:

• Proton VPN and PrivateVPN both worked to print wirelessly without activating split tunneling.
• ExpressVPN worked to print without split tunneling when the setting labelled “allow access to devices on the local network” was enabled. However, printing did not work when this option was disabled. On mobile it worked by default, no special settings needed.

These results suggest that VPNs can have an impact on your ability to access LAN resources, but it’s not as much of an issue as some websites make out. If you’re using a top-tier VPN, it’s likely the VPN will provide an option to access LAN devices, or it might do so by default.

If you’re using a VPN that doesn’t work with devices on your local network, split tunneling is a viable solution.

8. Access Websites and Apps That Block VPN Traffic

Spotify, Ticketmaster, and Steam block all forms of known VPN traffic. Wikipedia blocks VPN users from editing pages, and online banking systems may require you to carry out additional authentication measures if you use a VPN.

By enabling VPN split tunneling, you can permanently secure your internet connection while routing applications that don’t work through the VPN outside the encrypted tunnel.

9. Gain Control Over Geo-Restricted Content

It’s common to use a VPN to bypass geographic content restrictions on streaming services like Netflix. However, it’s possible you’ll still need to access local search results or content that is restricted to your home region.

Split tunneling allows you to choose which applications use your home IP address and which use the IP address of a VPN server.

10. Reduce Corporate Network Load

We’ve mainly covered VPN split tunneling for personal VPN services so far, but there are other types of VPN, too. Remote access VPNs, for example, can be used to access a corporate network from a remote location.

Employees working remotely can use split tunneling to decide which websites, applications, and services they want to access through the company network, and which they want to access directly.

This reduces the load on the company’s VPN server and speeds up the web for its employees.

If you’re concerned about securing your sensitive data or protecting your browsing from ISP surveillance, we recommend using a VPN for all forms of device traffic. However, split tunneling can be useful when:

• You want to spoof your IP address for one activity (e.g. torrenting or gaming) without slowing down other non-sensitive online activities.
• You use apps or activities that don’t work well (or at all) through a VPN, such as Wikipedia editing, online banking, and Spotify streaming.
• You need to access content from two regions, such as geo-restricted video content from abroad and home country search engine results.

The following table summarizes when it’s safe to use VPN split tunneling:

When to Use VPN Split Tunneling	When Not to Use VPN Split Tunneling
For apps, websites, or network devices that won’t work through a VPN. For example: Spotify, banking websites, and printers on a local network.	When handling sensitive information. There’s a risk of information leaking accidentally through an unsecured connection.
To speed up applications that you do not consider sensitive. For example, you might torrent through a VPN service to hide your identity, but browse the web faster outside the VPN tunnel.	When you don’t need to. We recommend you only use split tunneling with good reason, to give you maximum privacy protection.
To access geographically-restricted content locally and globally. For example, a US resident might use a VPN for BBC iPlayer, but have to watch US Netflix outside the VPN.
To reduce the load on a corporate VPN server by enabling web traffic to access the web directly.

Split tunneling technology itself is completely safe, but you should use it with care. When you route traffic outside of the encrypted VPN tunnel, your IP address and the nature of that traffic are exposed.

The greatest risk of split tunneling at home is user error. If you disable the VPN for selected apps instead of enabling it (or the other way around), you won’t have the protection you need. For this reason, we don’t recommend using it if you’re handling highly sensitive information or you’re using a VPN to bypass government censorship.

Likewise, if you’re using split tunneling to route your traffic outside a corporate network, you’re potentially bypassing certain firewalls and safeguards that company has put in place.

The company servers might inspect traffic to block dangerous web addresses and stop sensitive information being leaked. If you connect to the web directly, you bypass this protection and put your device at greater risk of malware.

If an employee’s computer is compromised, it could be a potential entry point into the corporate network, at which point an attacker might be able to access company resources.

If you do choose to take advantage of VPN split tunneling, configure your client carefully.

Not many VPNs support split tunneling, and those that do rarely support it across all devices.

Windows and Android are the most widely-supported platforms, but you won’t have much choice if you’re using Linux, macOS, or FireOS.

Split tunneling is not currently supported on iOS devices.

The table below compares the highest-rated VPNs for split tunneling based on platform support:

VPN Service	macOS	Windows	Linux	Android	iOS	FireOS	Router
PIA	Yes	Yes	Yes	Yes	No	No	No
ExpressVPN	No	Yes	No	Yes	No	No	Yes
NordVPN	No	Yes	No	Yes	No	Yes	No

1. Private Internet Access (PIA): Overall Best VPN for Split Tunneling

Our Private Internet Access (PIA) tests confirm the VPN service has the best split tunneling feature.

PIA VPN is the only recommended VPN to support split tunneling on macOS 11 (Big Sur) and on Linux. On Android, split tunneling is called ‘per-app settings’.

You can set up split tunneling rules that tell PIA which apps, websites, or IP addresses you want to bypass the VPN tunnel.

PIA also offers an additional security setting letting you block certain apps from connecting outside the VPN tunnel. This helps reduce the risk of accidental data exposures.

On Windows and Linux, you can also split your DNS traffic so that only VPN-enabled apps use PIA’s DNS servers.

Other key features of Private Internet Access include 18,651 very fast and P2P-friendly servers, and access to many geo-restricted streaming platforms.

2. ExpressVPN: Best VPN Router App with Split Tunneling

We constantly test and review ExpressVPN, and we can confirm it still enables split tunneling on Windows, Android, and its router app.

Router support is particularly impressive because it lets you use split tunneling on every device, including iOS devices that connect through the router.

ExpressVPN doesn’t support split tunneling on macOS 11, but it does support it on older macOS versions.

You can configure ExpressVPN to split your traffic by application only. To get started, choose the option to “manage connection on a per-app basis” in the settings menu.

Overall, ExpressVPN is extremely fast, secure, and is currently our highest-rated VPN.

In addition to its split tunneling capabilities, ExpressVPN allows unrestricted torrenting on its 3,000 secure servers, and it unblocks geo-blocked websites, including 18 Netflix regions.

3. NordVPN: Best VPN for Split Tunneling on Fire TV Stick

Like PIA VPN and ExpressVPN, NordVPN supports split tunneling on Windows and Android.

What sets it apart is its additional support on Fire TV devices. The NordVPN app lets you choose the apps you want to exclude or include in the VPN tunnel.

NordVPN’s browser extension also lets you specify the websites you want to visit with your real IP address.

We recommend using NordVPN’s split tunneling feature in combination with its application level VPN kill switch.

By combining these two settings, you can designate specific apps to be cut off from the internet in the event of a VPN disconnection.

VPN Split Tunnel vs Full Tunnel: What’s the Difference?

Full tunnel is the default mode for a VPN service. It routes all of your traffic through the VPN and protects all of the data leaving your device. By contrast, split tunneling enables you to choose which types of traffic you want to include or exclude from the secure VPN tunnel.

Is Split Tunneling Supported on iOS?

iOS does not support split tunneling on consumer VPN services. Apple calls split tunneling ‘per app VPN’, but this feature is only available for apps that are managed using a mobile device management (MDM) solution.

MDM solutions are used by companies to control and manage employee devices. Consumer VPN services that want to offer split tunneling on iOS would need to convince users to install MDM software and give them control of the device, which is very unlikely.

Is Split Tunneling Supported on macOS 11 (Big Sur)?

Split tunneling is not widely supported on macOS 11, also known as Big Sur. The operating system update included a change that broke split tunneling for many VPN providers. However, VPNs such as Hide.me and Private Internet Access have successfully updated their apps to support split tunneling on Big Sur.