VPN & Proxy

Split Tunneling

About 3 min read

Last updated: 2026-03-25

What Is Split Tunneling

Split tunneling is a technology that, when connected to a VPN, routes only some traffic through the VPN tunnel while the rest uses the normal internet connection.

With a standard VPN connection (full tunnel), all internet traffic passes through the VPN server. While ideal for security, this consumes VPN server bandwidth and can cause speed reductions. Split tunneling lets you route only traffic that needs protection through the VPN, while speed-sensitive traffic like video streaming or gaming connects directly to the internet.

Types of Split Tunneling

App-based
Routes only specific applications' traffic through the VPN (or excludes them). Example: browser through VPN, video app direct. Supported by many VPN apps.
URL/domain-based
Routes only traffic to specific domains through the VPN (or excludes them). Often implemented via browser extensions.
IP address-based
Routes traffic to specific IP address ranges through the VPN. Used in enterprise VPNs to tunnel only traffic to the corporate network (e.g., 10.0.0.0/8).

There is also "inverse split tunneling," which routes all traffic through the VPN by default and only excludes specified apps or destinations. From a security perspective, this is safer than standard split tunneling.

Benefits and Use Cases

Here are specific scenarios where split tunneling is effective.

  • Remote work: Access to internal systems goes through the VPN; video conferencing and streaming connect directly. Reduces VPN server load and improves internal system response times. The most common use case deployed by enterprise IT departments.
  • Local device access: When you need to access printers or NAS on the same network while connected to a VPN. With full tunneling, local network traffic also routes through the VPN, potentially making local devices unreachable.
  • Bandwidth optimization: Exclude large downloads and streaming from the VPN to reserve VPN bandwidth for business traffic.
  • Region-restricted services: Connect to a foreign VPN server while directly accessing domestic-only services (banking, government services, etc.).

Security Considerations

Split tunneling trades convenience for security risks.

  • Traffic outside the VPN is unprotected: Traffic that does not pass through the VPN tunnel is not encrypted, and your real IP address is visible to the destination. Using split tunneling on public Wi-Fi means excluded traffic can be intercepted.
  • Increased DNS leak risk: If traffic outside the VPN uses the ISP's DNS server, your browsing destinations are exposed to the ISP.
  • Interaction with kill switch: When using split tunneling with a kill switch, how the kill switch handles traffic outside the VPN depends on the VPN app's implementation. Check settings and test to ensure the behavior matches your expectations.

In situations where security is the top priority (handling confidential information, using public Wi-Fi), disable split tunneling and use full tunneling. Choosing WireGuard as your VPN protocol minimizes speed reduction even with full tunneling.

To learn more about this topic, see What Is a VPN? How It Works, Benefits, and How to Choose One.

Common Misconceptions

Split tunneling is dangerous and should never be used
When properly configured, it is a useful feature that balances security and convenience. It is widely adopted by enterprise IT departments. The key is ensuring that traffic requiring protection goes through the VPN and understanding the risks of excluded traffic.
Using split tunneling defeats the purpose of a VPN
Traffic you want to protect (business data, confidential information) remains encrypted. By excluding high-bandwidth traffic like video streaming and software updates that do not need protection, you can dedicate VPN bandwidth to the traffic that truly needs it.

Full Tunnel vs. Split Tunnel Comparison

Full Tunnel

All traffic through VPN. Maximum security. Some speed reduction. Limited local device access. Simple configuration.

Split Tunnel

Only selected traffic through VPN. Preserves speed and convenience. Traffic outside VPN is unprotected. Requires careful configuration.

Share

Related Terms

VPN (Virtual Private Network) A technology that encrypts internet traffic and routes it through a server in an… VPN Protocol A set of rules that defines how a VPN connection is established and how data is … VPN Kill Switch A safety mechanism that automatically blocks all internet traffic if the VPN con… Proxy Server A server positioned between the client and the internet that relays communicatio… Firewall A security mechanism placed at network boundaries that inspects and controls inc… Obfuscation (VPN) A technique that disguises VPN traffic as regular HTTPS traffic to evade detecti…

Related Articles

What Is a VPN? How It Works, Benefits, and How to Choose One A comprehensive guide to VPN technology, including how it works, the benefits of using one, types of… VPN Protocol Comparison: WireGuard vs OpenVPN vs IPsec Compare the mechanisms, speed, and security of major VPN protocols to find the best option for your … What Is VPN Split Tunneling - How It Works and When to Use It Understand VPN split tunneling, how it compares to full tunnel, security considerations, and decisio…
← Glossary