Top10VPN is editorially independent. We may earn commissions if you buy a VPN via our links.

What Is VPN Split Tunneling?

Callum Tennent oversees how we test and review VPN services. He's a member of the IAPP, and his VPN advice has featured in Forbes and the Internet Society.

VPN split tunneling is an advanced feature of virtual private network software, designed to help you better manage and control your VPN traffic. This guide explains how split tunneling works, its benefits, and how to use it safely.

vpn split tunneling illustration

Virtual Private Network (VPN) split tunneling is a feature available in VPN software, although not all VPN applications include it.

Split tunneling lets you use two different network connections simultaneously. This lets you dictate which applications and services must use the encrypted VPN tunnel, and which ones must use your standard internet connection.

The option to choose which connection your programs must use prevents some of your web traffic being slowed down unnecessarily, and sometimes prevents programs from not working properly.

Another way to look at it is that VPN split tunneling lets you specify which apps and services must use the public IP address assigned by your internet service provider.

Below is a video demonstrating how quick and easy it is to set up VPN split tunneling. We used Private Internet Access on macOS as an example.

PIA VPN's split tunneling setting worked smoothly in our latest tests.

In this guide, we’ll explain the benefits of VPN split tunneling, how it works, and how you can set it up on your VPN.

We also recommend the best VPNs with a split tunneling setting, and answer the most frequently asked questions about split tunneling.

EXPERT ADVICE: The VPN with the best split tunneling feature is PIA VPN. It’s fast, secure, doesn’t log internet activity, and unblocks many geo-restricted websites. Use its refund promise and try PIA risk-free for 30 days.

Why Trust Us?

We’re fully independent and have been reviewing VPNs since 2016. Our advice is based on our own testing results and is unaffected by financial incentives. Learn who we are and how we test VPNs.

How Does VPN Split Tunneling Work?

Split tunneling is a setting within certain VPN software applications.

When you request a website, application, or service on the internet, the software decides whether that traffic needs to be routed through the VPN’s encrypted tunnel based on the rules you’ve specified.

VPN split tunneling diagram

VPN split tunneling routes your excluded traffic outside the encrypted VPN connection.

These rules may refer to the application being used, or the website or IP address you’re accessing.

The traffic you’ve included travels through the VPN’s encrypted tunnel to the VPN server. Your request is then forwarded to the public internet, with your IP address hidden.

Traffic that you’ve excluded is routed directly to the internet, just as it would if you were browsing without a VPN.

Excluded traffic isn’t slowed down like typical VPN traffic, but your IP address isn’t hidden. Websites that require your real IP address or location will therefore work as normal.

The Different Types of VPN Split Tunnel

There are three different ways that a VPN service typically splits your web traffic:

  • App-based split tunneling enables you to choose which applications connect through the VPN, and which connect directly to the internet. This feature is usually configured using VPN software running on your device.
  • URL-based split tunneling enables you to choose which specific websites you want to access through the VPN, and which ones you want to connect to directly. This feature is usually found in VPN browser extensions.
  • IP address split tunneling is less common than the other two approaches. It allows you to specify which IP addresses you want to connect to with or without the VPN.

There are also two different ways that you can choose which websites or apps are inside the tunnel:

  • A split-exclude tunnel sends everything except your chosen traffic through the VPN.
  • A split-include tunnel sends only your chosen traffic through the VPN. This is also called inverse split tunneling.

EXPERT ADVICE: To exclude specific URLs using a VPN that only supports app-based split tunneling, consider using two web browsers. Route one browser through the VPN, and use the other one for applications that need your true IP address or location.

10 Benefits of VPN Split Tunneling

In the following section, we’ll detail the benefits of split tunneling for users on both private and corporate networks:

1. You Can Keep Your VPN Switched On

Some applications and services simply won’t work with your VPN switched on. They might require your home IP address for authentication, or they might block traffic from known VPN servers altogether.

If you keep your VPN switched on permanently for full protection, you might find yourself turning it off from time to time when you need to use one of these apps or services. It’s a nuisance, and it risks you leaking data if you forget the VPN is off.

Split tunneling stops you from having to do that by enabling you to specify which apps go through the VPN tunnel.

2. Speed Up Your Connection

Using a VPN service is slower than connecting directly to the web. The extra hop to the VPN server takes some time, and the encryption that the VPN performs also causes a delay.

Among the top five fastest VPNs, you’ll typically see a connection slowdown of between 1% and 10% when connecting from the US (New York) to the UK (London), or an equivalent distance.

By using split tunneling, you can speed up the performance of apps and websites that do not need to be routed through the VPN.

3. Reduce Mobile Bandwidth Consumption

If you have a cellular plan with a fixed data cap, you’ll reach your limit faster with a VPN. In fact, you’ll consume between 4% and 20% more data with a VPN compared to browsing the web without one.

Using split tunneling, you can choose which applications go through the VPN tunnel so you can avoid using more cellular data than you need to.

4. Avoid VPN Data Limits

While most premium VPNs offer unlimited data usage, free VPNs often apply a monthly limit to the amount of data you can route through their network.

Some free VPNs with data limits such as Windscribe Free and support split tunneling, which means you can stretch your VPN data allowance as far as possible.

5. Protect Your Torrenting Traffic

A VPN service is essential for torrenting safely and hiding your identity from copyright trolls. If you want to secure your P2P activity and access less sensitive services simultaneously, you can use split tunneling to encrypt your torrenting activity whilst leaving the rest of your browsing untouched.

6. Protect Your Gaming Activity

The use of VPN services is becoming more common in the online gaming community. Many gamers are concerned about exposing their real location, while others are looking to avoid distributed denial of service (DDoS) attacks on their network.

Using a VPN service hides your IP address, so you can’t be identified or targeted. However, gaming is incredibly data-intensive. In this case, split tunneling allows you to protect your gaming activity while routing the rest of your traffic elsewhere.

7. Access Local Network Resources

You may have heard that directing your device traffic through a VPN can cause difficulties when connecting to devices on the local area network (LAN), such as a wireless printer. Some websites recommend using split tunneling as a solution to this problem.

We’ve tested this issue with a few popular VPN services including ExpressVPN, Proton VPN, and PrivateVPN, and we recorded mixed results:

  • Proton VPN and PrivateVPN both worked to print wirelessly without activating split tunneling.
  • ExpressVPN worked to print without split tunneling when the setting labelled “allow access to devices on the local network” was enabled. However, printing did not work when this option was disabled. On mobile it worked by default, no special settings needed.

These results suggest that VPNs can have an impact on your ability to access LAN resources, but it’s not as much of an issue as some websites make out. If you’re using a top-tier VPN, it’s likely the VPN will provide an option to access LAN devices, or it might do so by default.

If you’re using a VPN that doesn’t work with devices on your local network, split tunneling is a viable solution.

8. Access Websites and Apps That Block VPN Traffic

Spotify, Ticketmaster, and Steam block all forms of known VPN traffic. Wikipedia blocks VPN users from editing pages, and online banking systems may require you to carry out additional authentication measures if you use a VPN.

By enabling VPN split tunneling, you can permanently secure your internet connection while routing applications that don’t work through the VPN outside the encrypted tunnel.

9. Gain Control Over Geo-Restricted Content

It’s common to use a VPN to bypass geographic content restrictions on streaming services like Netflix. However, it’s possible you’ll still need to access local search results or content that is restricted to your home region.

Split tunneling allows you to choose which applications use your home IP address and which use the IP address of a VPN server.

10. Reduce Corporate Network Load

We’ve mainly covered VPN split tunneling for personal VPN services so far, but there are other types of VPN, too. Remote access VPNs, for example, can be used to access a corporate network from a remote location.

Employees working remotely can use split tunneling to decide which websites, applications, and services they want to access through the company network, and which they want to access directly.

This reduces the load on the company’s VPN server and speeds up the web for its employees.

When Should You Use VPN Split Tunneling?

If you’re concerned about securing your sensitive data or protecting your browsing from ISP surveillance, we recommend using a VPN for all forms of device traffic. However, split tunneling can be useful when:

  • You want to spoof your IP address for one activity (e.g. torrenting or gaming) without slowing down other non-sensitive online activities.
  • You use apps or activities that don’t work well (or at all) through a VPN, such as Wikipedia editing, online banking, and Spotify streaming.
  • You need to access content from two regions, such as geo-restricted video content from abroad and home country search engine results.

The following table summarizes when it’s safe to use VPN split tunneling:

When to Use VPN Split Tunneling When Not to Use VPN Split Tunneling
For apps, websites, or network devices that won’t work through a VPN. For example: Spotify, banking websites, and printers on a local network. When handling sensitive information. There’s a risk of information leaking accidentally through an unsecured connection.
To speed up applications that you do not consider sensitive. For example, you might torrent through a VPN service to hide your identity, but browse the web faster outside the VPN tunnel. When you don’t need to. We recommend you only use split tunneling with good reason, to give you maximum privacy protection.
To access geographically-restricted content locally and globally. For example, a US resident might use a VPN for BBC iPlayer, but have to watch US Netflix outside the VPN.
To reduce the load on a corporate VPN server by enabling web traffic to access the web directly.

Is VPN Split Tunneling Completely Safe?

Split tunneling technology itself is completely safe, but you should use it with care. When you route traffic outside of the encrypted VPN tunnel, your IP address and the nature of that traffic are exposed.

The greatest risk of split tunneling at home is user error. If you disable the VPN for selected apps instead of enabling it (or the other way around), you won’t have the protection you need. For this reason, we don’t recommend using it if you’re handling highly sensitive information or you’re using a VPN to bypass government censorship.

Likewise, if you’re using split tunneling to route your traffic outside a corporate network, you’re potentially bypassing certain firewalls and safeguards that company has put in place.

The company servers might inspect traffic to block dangerous web addresses and stop sensitive information being leaked. If you connect to the web directly, you bypass this protection and put your device at greater risk of malware.

If an employee’s computer is compromised, it could be a potential entry point into the corporate network, at which point an attacker might be able to access company resources.

If you do choose to take advantage of VPN split tunneling, configure your client carefully.

How to Set Up Split Tunneling On Your VPN

Different VPN services implement split tunneling in different ways, but it’s typically extremely easy to set up.

We’ll use the example of split tunneling with NordVPN on Windows to show you how it works:

  1. Open NordVPN and go to the Settings menu by clicking the cog on the navigation bar.
  2. Select Split Tunneling on the left.
  3.  NordVPN split tunneling setup

    NordVPN’s split tunneling feature can be found in the settings menu.

  4. Toggle the switch on the right to turn split tunneling on.
  5. Choose whether you want to disable the VPN for certain apps, or enable it only for the apps you choose.
  6. Select Add Apps at the bottom. You can now choose which apps you want to exclude or include in the VPN tunnel, depending on the option you chose above.

The Best VPNs for Split Tunneling

Not many VPNs support split tunneling, and those that do rarely support it across all devices.

Windows and Android are the most widely-supported platforms, but you won’t have much choice if you’re using Linux, macOS, or FireOS.

Split tunneling is not currently supported on iOS devices.

The table below compares the highest-rated VPNs for split tunneling based on platform support:

VPN Service macOS Windows Linux Android iOS FireOS Router
PIA Yes Yes Yes Yes No No No
ExpressVPN No Yes No Yes No No Yes
NordVPN No Yes No Yes No Yes No

1. Private Internet Access (PIA): Overall Best VPN for Split Tunneling

Our Private Internet Access (PIA) tests confirm the VPN service has the best split tunneling feature.

PIA VPN is the only recommended VPN to support split tunneling on macOS 11 (Big Sur) and on Linux. On Android, split tunneling is called ‘per-app settings’.

You can set up split tunneling rules that tell PIA which apps, websites, or IP addresses you want to bypass the VPN tunnel.

PIA's split tunneling tool on macOS.

PIA’s split tunneling tool is straightforward and easy to use.

PIA also offers an additional security setting letting you block certain apps from connecting outside the VPN tunnel. This helps reduce the risk of accidental data exposures.

On Windows and Linux, you can also split your DNS traffic so that only VPN-enabled apps use PIA’s DNS servers.

Other key features of Private Internet Access include 18,651 very fast and P2P-friendly servers, and access to many geo-restricted streaming platforms.

2. ExpressVPN: Best VPN Router App with Split Tunneling

We constantly test and review ExpressVPN, and we can confirm it still enables split tunneling on Windows, Android, and its router app.

Router support is particularly impressive because it lets you use split tunneling on every device, including iOS devices that connect through the router.

ExpressVPN doesn’t support split tunneling on macOS 11, but it does support it on older macOS versions.

The split tunneling setting in the ExpressVPN PC app

We tested ExpressVPN’s split tunneling by restricting VPN traffic to our Chrome browser only.

You can configure ExpressVPN to split your traffic by application only. To get started, choose the option to “manage connection on a per-app basis” in the settings menu.

Overall, ExpressVPN is extremely fast, secure, and is currently our highest-rated VPN.

In addition to its split tunneling capabilities, ExpressVPN allows unrestricted torrenting on its 3,000 secure servers, and it unblocks geo-blocked websites, including 18 Netflix regions.

3. NordVPN: Best VPN for Split Tunneling on Fire TV Stick

Like PIA VPN and ExpressVPN, NordVPN supports split tunneling on Windows and Android.

NordVPN split tunneling setup

NordVPN’s split tunneling feature can be found in the settings menu.

What sets it apart is its additional support on Fire TV devices. The NordVPN app lets you choose the apps you want to exclude or include in the VPN tunnel.

NordVPN’s browser extension also lets you specify the websites you want to visit with your real IP address.

We recommend using NordVPN’s split tunneling feature in combination with its application level VPN kill switch.

By combining these two settings, you can designate specific apps to be cut off from the internet in the event of a VPN disconnection.

VPN Split Tunneling FAQs

VPN Split Tunnel vs Full Tunnel: What’s the Difference?

Full tunnel is the default mode for a VPN service. It routes all of your traffic through the VPN and protects all of the data leaving your device. By contrast, split tunneling enables you to choose which types of traffic you want to include or exclude from the secure VPN tunnel.

Is Split Tunneling Supported on iOS?

iOS does not support split tunneling on consumer VPN services. Apple calls split tunneling ‘per app VPN’, but this feature is only available for apps that are managed using a mobile device management (MDM) solution.

MDM solutions are used by companies to control and manage employee devices. Consumer VPN services that want to offer split tunneling on iOS would need to convince users to install MDM software and give them control of the device, which is very unlikely.

Is Split Tunneling Supported on macOS 11 (Big Sur)?

Split tunneling is not widely supported on macOS 11, also known as Big Sur. The operating system update included a change that broke split tunneling for many VPN providers. However, VPNs such as and Private Internet Access have successfully updated their apps to support split tunneling on Big Sur.