Disclosure: Top10VPN is editorially independent. We may earn commissions if you buy a VPN through links on our site.

What Is VPN Split Tunneling?

Headshot of Top10VPN.com Site Editor Callum Tennent

Callum oversees how we test and review VPN services. He's a member of the IAPP, and his advice about VPNs has featured in Forbes and the Internet Society. Read full bio

VPN split tunneling is an advanced feature designed to help you manage and control your VPN traffic. This guide explains how it works, its advantages, and exactly how to stay safe while split tunneling your data.

vpn split tunneling illustration

Virtual Private Network (VPN) split tunneling is a feature that enables you to route some of your device traffic outside of the encrypted VPN tunnel.

When split tunneling is enabled, you’ll be able to use two different network connections simultaneously.

The secure VPN connection is only used for the sensitive traffic that requires it, while apps that don’t work through the VPN can access the web directly. This prevents your other traffic from being slowed down unnecessarily, and allows you to specify which apps and services use your public IP address.

In this guide, we’ll explain the benefits of split tunneling, how it works, and how you can set it up on your VPN. We recommend the five best VPNs for split tunneling, and answer the most frequently asked questions about split tunneling.

How Does VPN Split Tunneling Work?

Split tunneling is a feature of the VPN software installed on your device. When you request a website, application, or service on the internet, the software decides whether that traffic needs to be routed through the VPN’s encrypted tunnel based on the rules you’ve specified. These rules might refer to the app being used, or the website or IP address you’re accessing.

The traffic that you’ve included will travel through the VPN’s encrypted tunnel to the VPN server. Your request is then forwarded to the public internet, with your IP address hidden.

Traffic that you’ve excluded will be routed directly to the internet, just as it would if you were browsing without a VPN. This traffic isn’t slowed down like typical VPN traffic, and your IP address is not hidden – so websites that require your real IP address or location work as they do normally.

VPN split tunneling diagram

The Different Types of VPN Split Tunnel

There are three different ways that a VPN service typically splits your web traffic:

  • App-based split tunneling enables you to choose which applications connect through the VPN, and which connect directly to the internet. This feature is usually configured using VPN software running on your device.
  • URL-based split tunneling enables you to choose which specific websites you want to access through the VPN, and which ones you want to connect to directly. This feature is usually found in VPN browser extensions.
  • IP address split tunneling is less common than the other two approaches. It allows you to specify which IP addresses you want to connect to with or without the VPN.

There are also two different ways that you can choose which websites or apps are inside the tunnel:

  • A split-exclude tunnel sends everything except your chosen traffic through the VPN.
  • A split-include tunnel sends only your chosen traffic through the VPN. This is also called inverse split tunneling.

EXPERT TIP: If you want to exclude certain URLs but your VPN only supports app-based split tunneling, consider using two browsers. Route one browser through the VPN, and use the other one for applications that need your true IP address or location.

10 Benefits of VPN Split Tunneling

In the following section, we’ll detail the benefits of split tunneling for users on both private and corporate networks:

1. You Can Keep Your VPN Switched On

Some applications and services simply won’t work with your VPN switched on. They might require your home IP address for authentication, or they might block traffic from known VPN servers altogether.

If you keep your VPN switched on permanently for full protection, you might find yourself turning it off from time to time when you need to use one of these apps or services. It’s a nuisance, and it risks you leaking data if you forget the VPN is off.

Split tunneling stops you from having to do that by enabling you to specify which apps go through the VPN tunnel.

2. Speed Up Your Connection

Using a VPN service is slower than connecting directly to the web. The extra hop to the VPN server takes some time, and the encryption that the VPN performs also causes a delay.

Among the top five fastest VPNs, you’ll typically see a connection slowdown of between 10% and 35% when connecting from the UK (London) to the US (New York), or an equivalent distance.

By using split tunneling, you can speed up the performance of apps and websites that do not need to be routed through the VPN.

3. Reduce Mobile Bandwidth Consumption

If you have a cellular plan with a fixed data cap, you’ll reach your limit faster with a VPN. In fact, you’ll consume between 4% and 20% more data with a VPN compared to browsing the web without one.

Using split tunneling, you can choose which applications go through the VPN tunnel so you can avoid using more cellular data than you need to.

4. Avoid VPN Data Limits

While most premium VPNs offer unlimited data usage, free VPNs often apply a monthly limit to the amount of data you can route through their network.

Some free VPNs with data limits such as Windscribe Free and Hide.me support split tunneling, which means you can stretch your VPN data allowance as far as possible.

5. Protect Your Torrenting Traffic

A VPN service is essential for torrenting safely and hiding your identity from copyright trolls. If you want to secure your P2P activity and access less sensitive services simultaneously, you can use split tunneling to encrypt your torrenting activity whilst leaving the rest of your browsing untouched.

6. Protect Your Gaming Activity

The use of VPN services is becoming more common in the online gaming community. Many gamers are concerned about exposing their real location, while others are looking to avoid distributed denial of service (DDoS) attacks on their network.

Using a VPN service hides your IP address, so you can’t be identified or targeted. However, gaming is incredibly data-intensive. In this case, split tunneling allows you to protect your gaming activity while routing the rest of your traffic elsewhere.

7. Access Local Network Resources

You may have heard that directing your device traffic through a VPN can cause difficulties when connecting to devices on the local area network (LAN), such as a wireless printer. Some websites recommend using split tunneling as a solution to this problem.

We’ve tested this issue with a few popular VPN services including ExpressVPN, ProtonVPN, and PrivateVPN, and we recorded mixed results:

  • ProtonVPN and PrivateVPN both worked to print wirelessly without activating split tunneling.
  • ExpressVPN worked to print without split tunneling when the setting labelled “allow access to devices on the local network” was enabled. However, printing did not work when this option was disabled. On mobile it worked by default, no special settings needed.

These results suggest that VPNs can have an impact on your ability to access LAN resources, but it’s not as much of an issue as some websites make out. If you’re using a top-tier VPN, it’s likely the VPN will provide an option to access LAN devices, or it might do so by default.

If you’re using a VPN that doesn’t work with devices on your local network, split tunneling is a viable solution.

8. Access Websites and Apps That Block VPN Traffic

Spotify, Ticketmaster, and Steam block all forms of known VPN traffic. Wikipedia blocks VPN users from editing pages, and online banking systems may require you to carry out additional authentication measures if you use a VPN.

By enabling VPN split tunneling, you can permanently secure your internet connection while routing applications that don’t work through the VPN outside the encrypted tunnel.

9. Gain Control Over Geo-Restricted Content

It’s common to use a VPN to bypass geographic content restrictions on streaming services like Netflix. However, it’s possible you’ll still need to access local search results or content that is restricted to your home region.

Split tunneling allows you to choose which applications use your home IP address and which use the IP address of a VPN server.

10. Reduce Corporate Network Load

We’ve mainly covered VPN split tunneling for personal VPN services so far, but there are other types of VPN, too. Remote access VPNs, for example, can be used to access a corporate network from a remote location.

Employees working remotely can use split tunneling to decide which websites, applications, and services they want to access through the company network, and which they want to access directly.

This reduces the load on the company’s VPN server and speeds up the web for its employees.

When Should You Use VPN Split Tunneling?

If you’re concerned about securing your sensitive data or protecting your browsing from ISP surveillance, we recommend using a VPN for all forms of device traffic. However, split tunneling can be useful when:

  • You want to spoof your IP address for one activity (e.g. torrenting or gaming) without slowing down other non-sensitive online activities.
  • You use apps or activities that don’t work well (or at all) through a VPN, such as Wikipedia editing, online banking, and Spotify streaming.
  • You need to access content from two regions, such as geo-restricted video content from abroad and home country search engine results.
  • Here’s a quick table summarizing when it’s safe to use VPN split tunneling:

    When to Use VPN Split Tunneling When Not to Use VPN Split Tunneling
    • For apps, websites, or network devices that won’t work through a VPN. For example: Spotify, banking websites, and printers on a local network.
    • To speed up applications that you do not consider sensitive. For example, you might torrent through a VPN service to hide your identity, but browse the web faster outside the VPN tunnel.
    • To access geographically-restricted content locally and globally. For example, a US resident might use a VPN for BBC iPlayer, but have to watch US Netflix outside the VPN.
    • To reduce the load on a corporate VPN server by enabling web traffic to access the web directly.
    • When handling sensitive information. There’s a risk of information leaking accidentally through an unsecured connection.
    • When you don’t need to. We recommend you only use split tunneling with good reason, to give you maximum privacy protection.

Is VPN Split Tunneling Completely Safe?

Split tunneling technology itself is completely safe, but you should use it with care. When you route traffic outside of the encrypted VPN tunnel, your IP address and the nature of that traffic are exposed.

The greatest risk of split tunneling at home is user error. If you disable the VPN for selected apps instead of enabling it (or the other way around), you won’t have the protection you need. For this reason, we don’t recommend using it if you’re handling highly sensitive information or you’re using a VPN to bypass government censorship.

Likewise, if you’re using split tunneling to route your traffic outside a corporate network, you’re potentially bypassing certain firewalls and safeguards that company has put in place.

The company servers might inspect traffic to block dangerous web addresses and stop sensitive information being leaked. If you connect to the web directly, you bypass this protection and put your device at greater risk of malware.

If an employee’s computer is compromised, it could be a potential entry point into the corporate network, at which point an attacker might be able to access company resources.

If you do choose to take advantage of VPN split tunneling, configure your client carefully.

How to Set Up Split Tunneling On Your VPN

Different VPN services implement split tunneling in different ways, but it’s typically extremely easy to set up.

We’ll use the example of split tunneling with NordVPN on Windows to show you how it works:

  1. Open NordVPN and go to the Settings menu by clicking the cog on the navigation bar.
  2. Select Split Tunneling on the left.
  3. Toggle the switch on the right to turn split tunneling on.
  4. Choose whether you want to disable the VPN for certain apps, or enable it only for the apps you choose.
  5. Select Add Apps at the bottom. You can now choose which apps you want to exclude or include in the VPN tunnel, depending on the option you chose above.

The Three Best VPNs for Split Tunneling

Not many VPNs support split tunneling, and those that do rarely support it across all devices. Windows and Android are the most widely-supported platforms, but you won’t have much choice if you’re using Linux, MacOS, or FireOS. Split tunneling is not currently supported on iOS.

Here’s a table comparing the top VPNs for split tunneling based on platform support:

VPN Service MacOS Windows Linux Android iOS FireOS Router
PIA Yes Yes Yes Yes No No No
ExpressVPN No Yes No Yes No No Yes
NordVPN No Yes No Yes No Yes No

1. Private Internet Access (PIA)

Private Internet Access (PIA) is our top recommendation for split tunneling. It’s one of the few VPN services to work on MacOS 11 (Big Sur), and it is the only recommended VPN to support split tunneling on Linux. On Android, split tunneling is called ‘per-app settings’.

You can set up split tunneling rules that tell PIA which apps, websites, or IP addresses you want to bypass the VPN tunnel. PIA also offers an additional security feature that allows you to block certain apps unless they connect through the VPN, which helps reduce the risk of accidentally exposing data.

On Windows and Linux, you can also split your DNS traffic so that only VPN-enabled apps use PIA’s DNS servers.

PIA has 35,900 servers in total, all of which support torrenting. It’s also one of the fastest VPNs on local connections. It works well for streaming, although it can only access five Netflix regions.

2. ExpressVPN

ExpressVPN enables split tunneling on Windows, Android, and its router app. Router support is particularly impressive because it allows you to use split tunneling on every device, including iOS devices that connect through the router.

ExpressVPN doesn’t support split tunneling on MacOS 11, but it’s supported on older MacOS versions.

You can configure the ExpressVPN to split your traffic by application only. To get started, choose the option to “manage connection on a per-app basis” in the settings menu.

In addition to its split tunneling capabilities, ExpressVPN is our top-rated VPN overall, with 3,000 servers, unrestricted torrenting, and excellent streaming support.

3. NordVPN

Like the other VPNs recommended here, NordVPN supports split tunneling on Windows and Android. What sets it apart is its additional support for FireOS.

The NordVPN app allows you to choose the apps you want to exclude or include in the VPN tunnel. The browser extension also allows you to specify the websites you want to use with your real IP address.

The service has a network of over 5,000 VPN servers, fast speeds, and wide support for torrenting, which makes it the second highest-rated VPN overall.

VPN Split Tunneling FAQs

VPN Split Tunnel vs Full Tunnel: What’s the Difference?

Full tunnel is the default mode for a VPN service. It routes all of your traffic through the VPN and protects all of the data leaving your device. By contrast, split tunneling enables you to choose which types of traffic you want to include or exclude from the secure VPN tunnel.

Is Split Tunneling Supported on iOS?

iOS does not support split tunneling on consumer VPN services. Apple calls split tunneling ‘per app VPN’, but this feature is only available for apps that are managed using a mobile device management (MDM) solution.

MDM solutions are used by companies to control and manage employee devices. Consumer VPN services that want to offer split tunneling on iOS would need to convince users to install MDM software and give them control of the device, which is very unlikely.

Is Split Tunneling Supported on MacOS 11 (Big Sur)?

Split tunneling is not widely supported on MacOS 11, also known as Big Sur. The operating system update included a change that broke split tunneling for many VPN providers. However, Private Internet Access and Hide.me have successfully updated their apps to support split tunneling on Big Sur.

About the Author


  • Headshot of Top10VPN.com Site Editor Callum Tennent

    Callum Tennent

    Callum oversees how we test and review VPN services. He's a member of the IAPP, and his advice about VPNs has featured in Forbes and the Internet Society. Read full bio