All About Cookies is an independent, advertising-supported website. Some of the offers that appear on this site are from third-party advertisers from which All About Cookies receives compensation. This compensation may impact how and where products appear on this site (including, for example, the order in which they appear).
All About Cookies does not include all financial or credit offers that might be available to consumers nor do we include all companies or all available products. Information is accurate as of the publishing date and has not been provided or endorsed by the advertiser.
The All About Cookies editorial team strives to provide accurate, in-depth information and reviews to help you, our reader, make online privacy decisions with confidence. Here's what you can expect from us:
- All About Cookies makes money when you click the links on our site to some of the products and offers that we mention. These partnerships do not influence our opinions or recommendations. Read more about how we make money.
- Partners are not able to review or request changes to our content except for compliance reasons.
- We aim to make sure everything on our site is up-to-date and accurate as of the publishing date, but we cannot guarantee we haven't missed something. It's your responsibility to double-check all information before making any decision. If you spot something that looks wrong, please let us know.
With a virtual private network (VPN), you can add a layer of security to your everyday internet activities. VPNs encrypt data traveling across the network, making it unusable to anyone without the decryption key. Even if a malicious actor managed to intercept your information while you were using a public Wi-FI network, using a VPN means they won’t be able to read or use it.
Unfortunately, many people don’t use a VPN because the process slows down their internet connection. Just like when you take a detour around highway construction, your data takes the long way around when you use a VPN. When your computer sends a request to a website, that request needs to go through the VPN server before getting to the final destination. Then, when the resource responds, the data has to go back through the VPN server before getting to your computer.
With split tunneling, you can send some data across the digital version of a carpool lane. Split tunneling is a feature that enables you to define the applications or devices that access the internet using the VPN, giving you a way to enhance security around sensitive data while speeding up access for other applications. It allows you to balance your security and functionality VPN needs.
By understanding how split tunneling works, you can determine whether the benefits outweigh the negatives and make an informed decision about which VPN provider is right for you.
Benefits of using split tunneling
Risks of using split tunneling
How to turn on split tunneling
Split tunneling FAQs
How does split tunneling work?
Split tunneling creates rules for how data travels across your network, which can be visualized as two different traffic routes. Sensitive data can be routed to the VPN’s server for encryption, while the regular server handles all other data as normal.
When you set up your VPN, you can create rules for which information needs to go through the encrypted VPN tunnel. For example, you might want to access your banking applications through the VPN to protect your personal information. Meanwhile, your regular online activities, like checking news or streaming sports, can be on an unencrypted, faster connection.
Types of split tunneling
If you want to try split tunneling, you should understand the three basic types so that you can make an informed technology decision.
URL-based tunneling typically uses a VPN browser extension. With this process, you specifically add URLs that you want to access through the encrypted channel. For example, if you access your health records through an online portal, you may want to require encryption for that connection.
Like URL-based, app-based is a method where you specifically choose applications that connect to the internet using the VPN. For example, you may want to use your VPN for money transfer apps like PayPal, CashApp, or Venmo.
App-based and URL-based split tunneling require you to decide what traffic goes through the VPN. With inverse split tunneling, everything goes through the VPN except the resources that you specify don’t need encryption. Inverse split tunneling defaults to protecting data, helping you reduce the likelihood that you’ll forget to require encryption for an important application.
Benefits of using split tunneling
If you’re trying to balance data protection with internet usability, then split tunneling can provide several benefits.
Improve internet speed
When you enable split tunneling, you get better connectivity. When you send all your data through the VPN server, it creates a digital traffic jam as all requests try to merge into a single server “lane.” By sending less data through the VPN server, you reduce the VPN’s data use, improving internet speed.
Avoid data limits
If your VPN service has data limits, then split tunneling allows you to reduce the amount of data that goes through your VPN. By focusing on the data that needs the most protection, you can improve security while staying within limitations.
Secure remote access
Some companies use split tunneling to enhance their security. They require remote employees to access corporate resources through the VPN while allowing them to browse the web without the added protection. This gives companies a way to balance speed and security, especially when employees use public wireless networks.
Connect to multiple networks
Essentially, split tunneling creates two separate network connections. You can use split tunneling to access your corporate network while still accessing other resources, like local printers, on your home network.
Leave VPN on
Some applications use your IP address to authenticate you or block traffic coming from known VPN servers. You can route traffic to these applications through your regular internet connection without having to switch your VPN on and off to access them.
Get around VPN blocks
Some websites block VPNs because malicious actors use them to perpetrate fraud or spread malware. For example, cybercriminals use VPNs to hide where their web traffic originates when committing ad fraud. By turning on split tunneling, you can still access the sites that block VPN use while keeping your other internet activity encrypted.
Additionally, some streaming services have VPN blocks to prevent people from using them to access geographically restricted content. For example, with split tunneling, you can watch Netflix with a VPN without any hassle.
Protect online video gaming
Remaining anonymous when gaming online has become increasingly important, especially if you’re worried about someone finding out your location or malicious actors deploying a distributed denial of service (DDoS) attack against your home network. Split tunneling allows you to hide your location when gaming while still sending other traffic through the higher-speed network.
Risks of using split tunneling
Although split tunneling provides several benefits, it’s not a perfect security and privacy solution.
Lack of control
Many companies require employees to use a VPN because routing all traffic through one server gives them a way to set up additional security controls, like using intrusion prevention systems (IPS) that look for malicious content.
Malware starts by infecting your devices and then exploits your ability to interact with networks and applications. With split tunneling, some of the user IDs and passwords remain unencrypted. If you reuse credentials, then the ones compromised place other resources at risk.
Every time your computer sends a request to a website or app, the information is visible to your internet service provider (ISP). A DNS leak is when the requests somehow end up outside the VPN’s encrypted tunnel with all browsing activity visible, including IP address, geographic location, and web searches.
If you accidentally forget to add a URL or application to your VPN split tunneling rules, then you don’t have the protection you want. For example, if you want to secure your banking activity with app-based and URL-based split tunneling rules, you need to proactively include both the website and the downloaded application.
How to turn on split tunneling
Although split tunneling sounds confusing, most VPN providers make it easy for people to use.
Find a VPN provider
If you want all the benefits of split tunneling, then you’ll need to find a service provider. Typically, split tunneling is only available if you’re paying a subscription fee. Some VPN providers that offer split tunneling include NordVPN, ExpressVPN, and Surfshark.
You also need to make sure that the service you choose enables split tunneling for your current operating systems. For example, some VPNs only work with Microsoft Windows 10 or later. Meanwhile, others don’t offer split tunneling for macOS.
Depending on the application, you will end up going to any of the following areas in your VPN app.
Activate and configure split tunneling
From here, you can “turn on” split tunneling. Depending on the VPN service, you might see different options like:
- Manage on a per-app basis
- Disable VPN for selected apps
- Enable VPN for selected app only
Many VPNs give you the option to click on a button labeled Settings or Add Apps. In Windows, this will open up the list of applications that the VPN can protect, including:
- Browsers, like Chrome or Firefox
- Streaming media, like Spotify or Netflix
- Communication tools, like Slack or Teams
If you’re worried about potential privacy and security configuration mistakes, your best option is to use the “disable for selected apps or URLs” option. This will default to sending requests through the VPN service. Basically, everything is protected except the items you tell it to leave public.
Split tunneling FAQs
Is VPN split tunneling good or bad?
VPN split tunneling offers several key benefits, including:
- Faster internet speeds
- Remote workforce security
- Multiple network connections
- Online gaming protection
- Working around VPN blockers
However, it’s important to remember that for split tunneling to protect data security and privacy, you need to set it up correctly. Otherwise, you place yourself at risk for things like malware infections and data leakage.
Does NordVPN offer split tunneling?
NordVPN offers split tunneling as follows:
- App-based: Windows 8.1 or later
- Inverse: Windows 8.1 or later, Android, and Android TV
The service does not offer split tunneling for Apple products, like Macbooks, iPhones, or Apple TVs.
What is the difference between a tunnel mode VPN and a split tunneling VPN?
Full tunneling routes all of your internet traffic through the VPN server, maintaining a secure connection that encrypts and protects all data. However, it can also slow down your internet speed, especially when you access resources that are far away from the VPN server.
With split tunneling, you can choose to route some traffic through the VPN server and other traffic through your local network. If you use resources that don't need the extra security layer that the VPN provides, this process can improve your internet speed.
What are the best VPNs for split tunneling?
Some of the best VPNs for split tunneling include:
- NordVPN: Nord offers split tunneling on Windows, Android, and browser extensions.
- ExpressVPN: For the most compatibility, ExpressVPN has split tunneling in the apps for Mac, Windows, Android, and routers.
- Surfshark: Known as Bypasser, Surfshark’s split tunneling feature works with Windows, Android, and routers.
- CyberGhost: Although it's not available on most operating systems, the CyberGhost mobile app for Android has an app split tunneling feature.
If you want to balance data protection and usability, split tunneling is a useful technique. By understanding how to configure split tunneling appropriately, you can get faster internet speed while enhancing data security and privacy.
When choosing a VPN, you also need to understand that beyond encrypting data, the service hides your physical location behind a fake IP address. The process makes some streaming services mistake this for IP spoofing, which can get in the way of seeing your favorite shows or listening to your favorite music. If you're considering a VPN for privacy reasons, you can review our list of best no-logs VPNs.
- High-quality VPN offering safety and speed
- Loads of servers for multiple connection options
- Works with popular streaming services, including Netflix
- Too many confusing plans