What is VPN split tunneling and should I be using it? (2024)

A VPN is a service that protects your privacy and security by encrypting your all of your traffic and hiding your IP address. Bad actors (criminals, invasive advertisers, etc.) will see the VPN's IP address instead of yours, if they spy on your online activities. Likewise, anyone attempting to intercept your traffic will find it useless due to built-in encryption. VPNs can also circumvent regional lockouts on online content, letting you stream shows and movies that aren't normally available in your country or region.

For a more information on how VPNs work, read our detailed VPN guide.

Split tunneling is a feature provided by some VPNs that allows you to decide which connected apps, games, and services use the VPN for connectivity, and which use your standard connection. This differs from regular or "full tunnel" VPN setups, which encrypt and reroute all traffic on your system, regardless of origin or destination. Without split tunneling, you'll need to disable your VPN every time you want to use your standard connection and enable it when you want its added security.

Also: What is an IP address and how do you change it with a VPN?

The ability to choose which apps and services use your VPN of choice and which don't is incredibly powerful. Activities like remote work, browsing your bank's website, or online shopping via public Wi-Fi can definitely benefit from the added security of a VPN, but other pursuits, like playing online games or streaming readily available content, can be hurt by the slight delay VPNs may add to your traffic.

Also:How the top VPNs compare

The modest decrease to your connection speed is barely noticeable for browsing, but can be disastrous for online games. Being able to simultaneously connect to sensitive sites and services through your secure VPN, and to non-sensitive games and apps means you won't constantly need to enable and disable your VPN connection when switching tasks. This is important as forgetting to enable it at the wrong time could leave you exposed to security risks.

There are three main types of split tunneling: URL-based, app-based, and inverse

URL-based split tunnelingtargets traffic being routed to specific URLs, encrypting only that traffic. This type of setup could be configured to encrypt all traffic directed toward your bank's website, your office's sign-in and HR pages, or your medical providers' portal. Any traffic tied to a specific URL can be filtered in this way, while traffic to any unspecified URLs remains on your standard connection. Many VPNs offer a browser extension to help users set which URLs will be encrypted.

App-based split tunnelingis nearly identical to the URL-based variety, but it filters the traffic of specific apps, rather than specific URLs. A few coordinating examples would be logging into your bank's mobile app, accessing your company's Slack, or using your medical insurance providers' telehealth software. An app-based split tunneling setup will encrypt any traffic associated with those apps, while less sensitive data, like your TikTok scrolling, would stay unencrypted. It's particularly useful for use withmobile device VPN installations.

Inverse split tunnelingis best for people that want nearly all of their traffic encrypted. The above two options leave your traffic unencrypted unless you specifically add it to their encryption lists. Inverse split tunneling does the opposite by encrypting everything on your system by default. Anything you don't want encrypted will then need to be specified. To continue the above examples, your banking, work, and medical traffic would automatically be encrypted, while your TikTok activity would need to be manually set to use an unencrypted connection.

Deciding this is a simple matter of asking yourself three questions. Once you answer these questions, listed below, you'll know which route to allow that specific app, site, or service to take.

Also: The fastest VPNs: Get great speeds without sacrificing security

1)Does this app, site, or service interact with private or sensitive data? This includes things like financial information, personal and medical data, log-in credentials, two-factor authentication, and even photos of your family.

• Yes-- You should almost certainly use your VPN for this data to protect it from bad actors.

• No -- It's probably safe to transmit over your standard, open network.

2)Am I trying to access content that isn't available in my country or region? One popular use for VPNs is to gain access to streaming media that isn't normally available in your region.

• Yes-- You'll want to route your traffic through your VPN, specifically through an available region where the content you want to watch is available.

• No -- VPNs typically don't provide any benefit for basic streaming that was already available in your area. Skip it.

3)Does my current activity require the best possible speed? Activities like online gaming and certain high-resolution video streams will suffer from even the very slightly degraded speedsprovided by the fastest VPNs.

• Yes -- Skip the VPN unless you absolutely need it. Even excellent VPN services introduce a little latency and reduce speeds slightly. It could ruin a highly competitive game, or 4K video stream.

• No-- Feel free to use your VPN's connection.

• Never having to enable or disable your VPN when switching between activities that need to be secured by it and those that don't.

• Keeping your remote work activities secure while your private activities remain on your standard network.

• Helping you access region-locked streaming media content without impacting all of your traffic.

• Enjoying the full speed of your standard connection for things like games and readily available streaming content, while also securing sensitive data.

As with almost any technology, split tunneling comes with a few inherent risks, most of which can be mitigated.

Also:Best VPN for streaming: Unlock Hulu, Netflix, and more

The most common risk is aDNS leak. Without delving into the technical details, a DNS leak happens when you unintentionally expose the details of your traffic to bad actors. A full tunnel VPN deployment encrypts everything, while split tunneling encrypts only a portion. This means there's always a risk, however small, that some traffic that should have been encrypted will remain unsecured. This can be mitigated by ensuring that you've correctly configured which apps, sites, and services use your VPN and which don't.

Poor configurationis behind most DNS leaks, which are caused by users being unaware that they're leaving sensitive data exposed. For those worried that they may forget to secure something sensitive, inverse tunneling is a great option due to it encrypting everything by default, with only the apps and sites you manually choose reverting to your standard network.

Below is a list of the VPNs we've confirmed support split tunneling. We also highly recommend checking your VPN provider's websites for specific information on their split tunneling support.

Also:The best cheap VPNs

You can find reviews and additional coverage for most of these providers by clicking on their names below.

• ExpressVPN
• NordVPN
• Surfshark
  
• Private Internet Access
  
• ProtonVPN
  
• CyberGhost
  
• IPVanish
  
• PureVPN
  
• Atlas VPN
  
• Ivacy