"We are supported by our readers and may earn a commission when you buy through links on our site"

VPN Split Tunneling – The Comprehensive Guide

Virtual Private Networks or VPNs work on a fairly simple principle: They use tunneling to protect the user’s data by passing it through an encrypted channel that extends into the broader world of the internet.

Without the tunneling process, a VPN service would not be able to protect users’ data. Tunneling enables VPNs to keep their customers anonymous on the internet, keep their data secret and ensure that the integrity of the data does not get compromised under any circumstance. If you’re using a good VPN service, you know your data will remain unaltered as it travels from your computer to your final destination over a public network like the internet.

An image featuring a VPN logo service while a person is using his laptop

This article will cover how split tunneling works, what makes it different from other technologies, and how to use the feature on a VPN. Let’s dive in:

Is Tunneling the Same as VPN?

An image featuring a VPN tunneling drawn concept

It depends on what you mean by tunneling. If you’re talking about a simple tunnel, then no, VPNs are not the same as tunneling. A tunnel is an internet-based logical formation. For example, when you use a VPN service to connect to a server and then try to go to a website, the path between your machine and the VPN server that you have connected to is what is called a tunnel.

However, there are many types of tunnels. There are IPv6 tunnels that don’t have anything to do with VPN tunneling and don’t encrypt your data.

If by tunneling, you meant SSH tunneling, then that is a completely different concept. SSH tunnel is a secure shell that isn’t perfectly suited for tasks such as forwarding network traffic. Most of the time, SSH comes in handy when one wants to acquire a remote terminal session securely and use it privately.

SSH tunnels can provide encryption as well. And if you know how to configure one, you can technically use an SSH client to work as a SOCKS proxy.

Of course, to use the SOCKS proxy, you will need another application: your web browser. Your local system is running the SOCKS proxy, your traffic enters it, and then it becomes the job of the SSH client to forward that traffic via the SSH connection. And that is SSH tunneling.

Sometimes, you’ll come across terms such as HTTP tunnel and VPN tunnel. Conceptually, both operate the same way.

In other words, both HTTP tunnel and VPN tunnel receive packets from low-level protocol and then, for the purposes of safe transportation, encapsulate the data. Then they ship that encrypted data with the help of some other high-level protocol. Before the encrypted data reaches its final destination, these tunnels unpack the packet.

Note:

VPNs have protocols that utilize mechanisms such as authorization and authentication layered on top of each other. Using a VPN with these mechanisms, a given user can access a given host from a protected and anonymous network.

HTTP tunnels make use of HTTP to transport data. Even if a user has restrictions applied to his/her connection in a protected network, the HTTP protocol is always available. Using the HTTP tunnel, users from a protected network can circumvent outbound restrictions, such as companies blocking sites like Facebook for their employees during work hours.

Is VPN Split Tunneling Safe?

Yes, VPN split tunneling is safe. But it isn’t as secure as a complete VPN connection where each and every byte of your internet traffic goes through the servers of your VPN service.

An image featuring a cloud logo with a lock and a key representing safe VPN tunneling concept

With that said, VPN split tunneling is pretty secure if you know how to set it up properly to protect some (but not all) of your internet traffic. Maybe you don’t want a VPN interfering with your connection when you’re just trying to access your network printer, but you do want your VPN to work all the time while you’re downloading a huge file through a P2P network.

It goes without saying that even using split tunneling is better than not using a VPN service at all. However, if you are serious about your privacy and data security, split tunneling is not a feature you should be using. That is especially true for people who have lots of sensitive and private information on their computers that they don’t want anyone else to see or steal. Security experts disagree on the impact of split tunneling on encryption, but quite a few hold the opinion that it leaves the user slightly more vulnerable to hacking attempts than a user who uses a VPN service fully.

Can You VPN within a VPN?

An image featuring VPN concept

The term you are looking for is Double VPN, and yes, you can use a VPN within a VPN. In the beginning, double VPN simply meant that a given service chained two VPNs together. Above, we explained that a VPN works by first creating an encrypted tunnel between the user’s computer/device and the server that the user has connected to.

Following this, all of the user’s internet traffic goes through the encrypted tunnel directly to the VPN server, and then the traffic goes to its final destination. A double VPN adds an extra tunnel and server into the mix. More specifically, let’s say you signed up for a VPN service that offers AES 256-bit encryption. Now, if you use the double VPN feature, you would effectively get ES 512-bit encryption.

Now, if you’re wondering whether or not you can connect to a VPN server from one service and then connect to another server from another service simultaneously on the same computer, then yes—you can do that as well.

For example, you can download a free VPN app like ProtonVPN and then download another free VPN app like Windscribe. You can then launch both apps at once and connect to a server of your choice on both platforms. That would work perfectly well.

Note:

But keep in mind that such an arrangement will slow down your internet connection speed by a big margin—so much so that you might have a hard time surfing text-based websites.

What’s the Difference Between a Full Tunnel and a Split Tunnel?

An image featuring a VPN logo in the middle being connected to the whole world concept

As far as VPN services go, there are two types of VPN connections. There is a full tunnel VPN connection, which is the default connection type for almost all VPN services in the market today. Then, there is the split tunnel VPN connection.

In a full tunnel VPN connection, the tunnel encrypts and then routes all requests through the server that the user has connected to, regardless of what app or website they’re accessing. Sometimes a full tunnel VPN connection can disable access to local apps, services and websites, but that can be remedied by simply disconnecting from the VPN server.

As mentioned above, security experts generally recommend a full tunnel connection since it offers more security and privacy.

In the split tunnel VPN connection, the VPN service only encrypts and routes requests over the VPN that the user has specified beforehand. More concretely, with a split tunnel connection, a user can visit websites like Zoom, Canvas, Google and Office 365 without protection, and at the same time access a site like Netflix or BBC iPlayer with full VPN protection.

How Do I Split a VPN Connection?

The most convenient and easiest method to use split tunneling is to make use of a good commercial VPN service provider that offers the split tunneling feature. Split tunneling VPNs are often hard to come by, so you might have to dig. Most of the time, you can find if a VPN service offers this feature on its official website, but there are other methods as well.

Windows 10, for instance, comes with a split tunnel feature of its own. So let’s take a look at how you can use it:

Split Tunneling via Windows 10

Step 1: Configure VPN Properties by First Clicking the Windows Start Button

There is a Windows logo button in the bottom-left corner of your screen. Click it.

An image featuring Split Tunneling via Windows 10 step1

Step 2: Click on Network Connections

An image featuring Split Tunneling via Windows 10 step2

Step 3: Find Your VPN Connection and Right-Click

An image featuring Split Tunneling via Windows 10 step3

Step 4: Click on Properties

An image featuring Split Tunneling via Windows 10 step4

Step 5: Click on the Networking Tab

An image featuring Split Tunneling via Windows 10 step5

Step 6: Pick Internet Protocol Version 4 or TCP/IPv4 from the Given Options

An image featuring Split Tunneling via Windows 10 step6

Step 7: Click on General

An image featuring Split Tunneling via Windows 10 step7

Step 8: Click on Advanced

An image featuring Split Tunneling via Windows 10 step8

Step 9: Disable the Option ‘Use Default Gateway on Remote Network’

Step 10: Restart Your Computer

And that is it—now you’re free to use split tunneling anytime you want. Now, if you want to disable any split tunneling, all you have to do is go to the same place mentioned in the last step above, then enable the option that says “Use Default Gateway on Remote Network.”

Split Tunneling via Your VPN Service Provider

Step 1: Get a VPN Service

The first step is to find a VPN you like, sign up for a subscription and go through the VPN registration process. If you’re not sure where to start, we’ve created a helpful guide to the top 10 VPNs available on the market.

If you’re new to VPNs, we recommend finding a service, such as NordVPN, that offers a 30-day money-back guarantee so you can try it out before committing.

Once you’ve found a good VPN service, navigate to the company’s website and go through the VPN registration process by subscribing and creating an account.

Step 2: Download the VPN App from the Website or App Store (Windows and Android)

Step 3: Run the VPN App

Step 4: Go to App Settings and then Network

Step 5: Enable Option Labeled ‘Split Tunnel’

Step 6: Enable ‘Allow LAN Traffic’

Step 7: Hit ‘Add Application’

Step 8: Choose Your Desired App

Step 9: Configure Your App

In this step, depending on your VPN service and what device you’re using (Windows and Android), you may choose the option labeled “Bypass VPN” (an option that should appear beside the app). You may also select the “Only VPN” option, enabling your VPN app to only allow your desired app to run on a VPN connection. Similarly, depending on the VPN service you have, you may see other options such as “All Other Apps,” “Bypass VPN” or “Use Only VPN.” Some VPN services also allow you to use split tunneling based on IP addresses.

This is important:

When you’re done setting up all this, you will need to restart the VPN app to allow the changes to take effect.

As mentioned earlier, there aren’t many VPNs in the market today that offer the split tunneling feature. If your favorite VPN does, you’ve chosen well. Some of the best VPNs on Windows and Android allow you to create your own rules when split tunneling is enabled. You can configure things like IP address lists, blacklists and whitelists, and decide whether or not you want them to always bypass the VPN or never bypass the VPN.

Does Split Tunneling Work on All Routers?

Yes, but only a few. Some routers allow people to use split tunneling if the firmware has support for it. Split tunneling at the router level enables users to share VPN connections with other devices that may not support VPN apps. Such devices come in the form of gaming consoles and streaming sticks.

Pros and Cons of VPN Split Tunneling

Pros of Split Tunneling

  • Split tunneling allows users to have the same internet speed whether or not they are connected to a VPN server. It fixes bandwidth bottlenecks and conserves data usage.
  • Split tunneling allows simultaneous access to different networks. Users can take advantage of split tunneling to connect to a foreign and local corporate network (for accessing local network devices) at the same time. If there is no split tunneling available, each user would first have to disconnect from the VPN server to access the local network server and then connect to a server again to access a foreign or corporate network.
  • Users select which apps they want to be protected and which LAN devices access local and foreign networks.

Cons of Split Tunneling

  • Split tunneling is less secure than a full tunnel VPN.
  • Some of the VPN security features will get bypassed.
  • You will have to spend a bit of time setting up split tunneling permissions and restrictions for all the apps you use.
  • Very few VPNs offer split tunneling.

Conclusion

We recommend using a split tunneling VPN that offers a 30-day money-back guarantee. That way, you’ll have ample opportunity to test the feature out when connected to the VPN and whether or not you need it (and how it goes with your internet service provider).

To summarize, a feature-rich VPN service will allow you to set up split tunneling fairly easily, and you’ll be able to use the feature on all major platforms. The best way to get started with split tunneling is to use a VPN that offers this feature. Elite VPNs make it a matter of two clicks to switch on split tunneling.

If you don’t want to do that, you can purchase a router that offers the split tunneling feature. You will also have to make sure the firmware supports this feature.

FAQ

Does Inverse Split Tunneling Exist?
Yes, inverse split tunneling is real. It is essentially split tunneling if all of your internet traffic had VPN tunnel protection except for the ones that you specified to be left alone. Inverse split tunneling exists in contrast to split tunneling, where you select which apps get VPN tunnel access while the rest of the system doesn’t get any protection.
How Does the Dynamic Split Tunneling Feature Work?
This feature makes the already-great split tunneling feature even smarter. How? Well, you basically alter its settings to use a specific Domain Name System. This, in turn, allows you to have VPN access whenever you access a set of websites while you’re able to roam the internet without a VPN on other websites.
Zohair A. Zohair is currently a content crafter at Security Gladiators and has been involved in the technology industry for more than a decade. He is an engineer by training and, naturally, likes to help people solve their tech related problems. When he is not writing, he can usually be found practicing his free-kicks in the ground beside his house.
Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.