What is VPN Split Tunneling?
Split tunneling is a VPN feature that lets you route some of your internet traffic through the VPN while allowing other traffic to go directly through your normal connection, giving you control over what gets encrypted and what doesn't.
VPN split tunneling is a feature that divides your internet traffic into two simultaneous paths: some traffic is routed through the encrypted VPN tunnel, and the rest travels directly through your regular internet connection. Instead of sending everything through the VPN, split tunneling lets you choose what gets protected — and what doesn't.
It's called "split" tunneling because your connection is split: part of it goes through the private tunnel, part of it doesn't. This gives you the privacy and security of a VPN where you need it, without forcing all your traffic through it.
How Split Tunneling Works
Without split tunneling, all traffic on your device travels through the VPN. With split tunneling enabled, you get granular control:
- App-based split tunneling — Specific apps use the VPN; others connect normally
- URL/domain-based split tunneling — Specific websites go through the VPN; others bypass it
- Inverse split tunneling — Everything goes through the VPN except apps or sites you exclude
Common Use Cases
- Streaming — Access Netflix US through the VPN while simultaneously accessing your local bank (which may block VPN IPs) without the VPN
- Gaming — Keep gaming traffic outside the VPN to reduce latency, while browsing through the VPN
- Work + personal — Route work applications through the VPN while personal browsing goes direct
- Local device access — Some split tunneling setups allow you to reach printers and local network devices that would otherwise be unreachable through the VPN
Split Tunneling and Speed
Routing all traffic through a VPN can slow your connection — encryption takes computing resources, and traffic has further to travel. Split tunneling lets you apply the VPN only where needed, which can significantly improve overall performance for non-sensitive tasks.
Security Trade-Offs
Split tunneling does reduce your protection by design. Traffic that bypasses the VPN is visible to your ISP and subject to bandwidth throttling. Your real IP address is exposed for any connections outside the tunnel. If DNS leak protection isn't configured carefully, split traffic can also reveal DNS queries.
This doesn't mean split tunneling is unsafe — it means you need to be deliberate about which traffic you exclude. Sensitive activity (financial accounts, private browsing, work files) should stay inside the tunnel.
Should You Use Split Tunneling?
Split tunneling is most useful when:
- You need to access a local device (printer, NAS) while keeping other traffic encrypted
- A site or service actively blocks VPN IP addresses (common with banks and some streaming services)
- You're working remotely and want work traffic routed through a corporate VPN without slowing down personal browsing
- You want to reduce VPN-related speed impact for non-sensitive activity like gaming
If your goal is maximum privacy across all traffic — for example, on public Wi-Fi — full tunnel mode (no split tunneling) is the safer choice.
Full Tunnel vs. Split Tunnel: Quick Comparison
| Full Tunnel | Split Tunneling | |
|---|---|---|
| All traffic encrypted | Yes | No — only selected traffic |
| Speed impact | Higher | Lower for excluded traffic |
| ISP visibility | None | Sees bypassed traffic |
| Real IP exposure | Hidden for all traffic | Exposed for bypassed traffic |
| Local network access | Often blocked | Usually works |
Which VPNs Support Split Tunneling?
ExpressVPN, NordVPN, and Surfshark all support split tunneling on Windows and Android. iOS support is limited by Apple's platform-level restrictions — full split tunneling is not possible on iOS due to how Apple handles network extensions. ProtonVPN also offers split tunneling on Android and Windows.