You probably read about the topic of split tunneling when researching VPN services. You may have also seen that it is a recommended feature on many sites that advocate for virtual private network utilities.
In this article, we are examining split tunneling to find out what it is, how it works, how many types are there, as well as what its advantages and disadvantages are. Then, we are showing you how to split data traffic using our top three VPN recommendations. As a bonus, we are giving you some pointers about the best ways to use split tunneling.
Here are the topics that we prepared for today’s menu (click to jump):
- What is split tunneling?
- How it works
- Types of split tunneling
- Why you should use split tunneling
- Why you should not use split tunneling
- How to split data traffic with VPN
- Tips & tricks for using split tunneling
- In conclusion
What is split tunneling?
Split tunneling is a technique performed at the software level, which allows you to access different security domains using the same or different network interfaces. When it comes to VPN (VPN tunneling), the technique translates to sending and receiving data using both the VPN traffic and non-VPN connection at the same time.
How it works
For instance, let us assume you traveled to another country, checked into a hotel, and wanted to access your work computer. By installing a VPN service, you can establish a remote connection to your office and gain entry to your company’s resources on the intranet.
However, all your Internet traffic is routed through the virtual private network. Generally, this hurts your connection speed, especially if the hotel bandwidth is throttled, and if you are only using the VPN to connect to the workplace. But you can turn on split tunneling in your VPN application to stay connected to your office via VPN while still using the public Internet supplied by your hotel.
When split tunneling becomes active on a Windows VPN service, the OS deselects the Use default gateway on remote network option when configuring advanced TCP/IP settings in the properties panel of the VPN network connection. Also, the VPN server enforces the split tunneling policies.
Split tunneling is a major asset for corporate environments that use multiple networks since it enhances network speed and overall performance. Administrators can split data traffic with the aid of gateways, servers, and clients. They can also create specific routes over the VPN tunnel.
Types of split tunneling
Typically, the split tunneling mode can be categorized by taking into account the way it is configured. For example, virtual private network clients can be set up to allow only selected apps to use the VPN tunnel while directing the traffic of other software to the public Internet. It is known as a split-include tunnel (whitelisting).
Alternatively, it is possible to permit all Internet-enabled programs through the tunnel while cutting off the apps you specify in a list (they connect to the public Internet instead). It is known as a split-exclude tunnel (blacklisting), as well as inverse or reverse split tunneling.
The data you personally choose to include or exclude is called interesting traffic (because it has some value to you).
IPv6 dual-stack networking
IPv6 dual-stack networking is something else. Using this method, it is possible to host IPv6 content from an internal network, make it available to sites, and assign a range of unique local addresses (ULA) at the VPN level. At the same time, external IPv4 and IPv6 content remain accessible through the site routers.
The idea behind IPv6 dual-stack networking is to host both IPv4 and IPv6 content simultaneously. Therefore, if your site has both an IPv4 and IPv6 address, you can distribute resources from both addresses at the same time, thanks to split tunneling.
Why you should use split tunneling
Split tunneling is a terrific asset for Internet users who do not benefit from unlimited bandwidth. Let us assume you use a dial-up connection with a fixed monthly bandwidth negotiated with your ISP or have a limited mobile data plan.
You can resort to VPN services with split tunneling to route only the needed apps through the secure tunnel and isolate them from the rest of the tools that remain connected to the public Internet.
To minimize bandwidth usage and avoid bottlenecks
For instance, you can configure your web browser, email client, mobile banking app, and shopping app to use VPN. It is essential because you need to protect the sensitive data typed on your keyboard, smartphone or tablet when using these programs. Sensitive info means username and password, confidential emails for work, login credentials for your banking account, along with credit card details for online shopping.
However, all other apps with Internet access on your device do not require encryption, such as games, language-learning apps, news readers, maps and navigation – anything that does not require you to input personal info. Therefore, they can stay connected to the public web. This way, split tunneling saves network bandwidth and preserves it for apps that really need secure browsing ensured by VPN.
To access resources from two networks at once
Split tunneling is also an excellent solution to help you reach resources from two distinct networks simultaneously, without having to connect and disconnect repeatedly. It is ideal if you own a business and must contact the site of a partner or supplier, to name an example.
Under normal circumstances, you must sign off your own network to log into the remote one, then disconnect from the remote system when you must return to your intranet. But you can enable split tunneling within a VPN service to get rid of this hassle. For example, you can stay connected to your workplace via VPN but still be able to use your home printer.
Why you should not use split tunneling
If you confuse the concepts of blacklisting and whitelisting, you can end up accidentally excluding applications from the VPN tunnel which require secure browsing. You might log into your email account, exchange confidential business files with your boss or clients, or send your credit card details to shopping sites without even realizing that you are not using a secure connection. It is because you are actually connected to the public Internet instead of the virtual private network.
Furthermore, you have to be careful when visiting sites on the public Internet and keep in mind that you will not benefit from the protection of the VPN client. In particular, you should avoid domains that do not support HTTPS and which ask you to fill in forms using your personal information. Traffic routed outside the VPN tunnel is susceptible to sniffing tools and man-in-the-middle-attacks.
Dangers for Windows machines with IP routing enabled
Another risk of having split tunneling enabled concerns hackers. A VPN client that stays linked to both the public Internet and a private network has specially designed routes that provide access to both systems.
But danger occurs if a hacker becomes interested in intercepting the VPN data. They could use the routes to assume your identity and gain entry to the private network to steal, destroy or infect corporate data with malware, letting you take the fall for it.
All of this becomes possible if your device has IP routing enabled. By default, computers running Windows 10 have IP routing disabled. To be sure, you can run the ipconfig/all command in Command Prompt and check the status of IP Routing Enabled. If it is set to No, then you are safe from harm. If it is set to Yes, then you risk exposing your traffic to hackers when using split tunneling.
To disable IP Routing, you have to use Registry Editor (press Win+R to access the Run command and type regedit to launch the Registry Editor), go to \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters, find and double-click IPEnableRouter, then set its value to 0. Restart your computer to commit modifications and run ipconfig/all again to check the new IP Routing Enabled status (now, it should be set to No).
How to split data traffic with VPN
Although split tunneling can be configured by an administrator at the network level using intricate methods, you can do this by yourself using a VPN service. Most virtual private network applications are so intuitive that they do not require explanation on how to configure settings. It applies to split tunneling, too.
Nevertheless, here are the steps you should take from start to finish to activate split tunneling:
- Choose a VPN service and pay for a premium subscription plan
- Download and install the VPN application on your device
- Launch the VPN client and log in using your credentials
- Open the settings panel and look for a split tunneling feature
- Configure split tunneling by setting a whitelist or blacklist (depending on what the VPN client offers)
- Connect to a VPN server and enjoy secure browsing
Note: You can split data traffic on both desktops and mobile devices, depending on the capabilities of the VPN service. It can also be configured at the router level.
Our VPN recommendations
If you need a helping hand in getting past the first step, choosing the right VPN service, you can go with our top three recommendations: ExpressVPN, NordVPN and CyberGhost VPN. They happen to be the top-ranked VPN applications on our website. To learn more, make sure to click their names and check out their in-depth reviews and ratings.
Here is how you can configure split tunneling in each of the three apps.:
The split tunneling feature can be found with exactly this name in ExpressVPN: Split tunneling. It can be configured with minimum effort to create a list of apps that you want to add or remove from the VPN tunnel by following the whitelisting and blacklisting rules that we previously discussed.
To enable it, go to the options panel, stay in the General tab, check the box of Manage connection on a per-app basis, then click the Settings button below. Afterward, pick the split tunneling mode between Do not allow selected apps to use the VPN and Only allow selected apps to use the VPN. After the selection, you can create the list with the apps you want to add or remove from the VPN tunnel.
NordVPN does not have a built-in split tunneling feature in the desktop client. However, there is a workaround. You can install the browser extension for Mozilla Firefox or Google Chrome to divert browser traffic through VPN while keeping the other Internet-enabled applications connected to the public Internet.
All you have to do is add the browser addon, log in using your NordVPN credentials, and connect to a server from the list. While securely browsing using Firefox or Chrome, you can keep the NordVPN desktop client disabled.
The split tunneling feature cannot be found under this name in CyberGhost’s settings area. Instead, the VPN application has a Smart Rules feature that gives you the possibility to exclude any sites from the VPN tunnel (using Exceptions). This way, you get automatically routed through the public Internet when visiting the specified websites.
To set exceptions, go to the settings area of CyberGhost VPN, select Smart Rules from the left side, go to Exceptions, turn on Use Exceptions, then type the full domain of each site you would like to remove from the VPN tunnel. You can add as many sites as you want, as well as temporarily include them in the VPN tunnel without removing the entries from the list (toggle the Active slider).
Tips & tricks for using split tunneling
In case nothing comes to mind when it comes to split tunneling, here are some practical examples of what you can do with this feature:
Gaming + torrenting
Playing an online video game does not require encryption but downloading or uploading torrents with questionable copyright material does. A VPN service masks your IP address and displays a fake one in the torrent swarm. Thus, it protects you from warning letters that you might otherwise receive from your ISP.
Both gaming and torrenting are resource-demanding tasks which might use too much of your network bandwidth. Instead, you can use split torrenting to direct torrent traffic through the VPN while keeping the gaming app connected to the public Internet.
Browsing + streaming
Unlocking the US library of Netflix with the help of a VPN service that has optimized servers is yet another task which utilizes a high amount of network bandwidth. If you do not benefit from a quality Internet connection, you might experience slowdowns, interruptions, and various other hiccups when trying to enjoy Netflix.
If you are also trying to perform other online activities, like work on a website, check your Facebook page, or send an email while watching Netflix, it might slow down everything to a halt. But you can set up a web browser to go through the VPN tunnel, which is required to unlock Netflix, with the aid of a VPN service. At the same time, you can use a different app to carry on your normal browsing activities while staying connected to the public web.
Tor + VPN
Tor users frequently turn to the anonymous network to bypass government censorship since it has a higher success rate than VPNs. However, Tor is not recommended at all for streaming or torrenting because it is incredibly slow, cannot hide your IP address during torrenting, and does not give you the possibility to pick a new identity for streaming. But VPN services are excellent for streaming and torrenting.
If you are already a user of both Tor and VPN (or interested in becoming one), you must use split tunneling to be able to use both of them at the same time. Otherwise, you have to route Tor over VPN or VPN over Tor, which hurts your Internet speed (although it comes with some huge privacy perks). With split tunneling, you can exclude Tor from the VPN tunnel so that you can effortlessly use Tor for evading government censorship and private browsing, along with VPN-routed applications for streaming and torrenting.
Other two successful combinations in favor of split tunneling are gaming + streaming as well as browsing + torrenting.
Split tunneling is a must-have feature for Internet users who want more control over their VPN application. It gives you the possibility to optimize network bandwidth and access two networks simultaneously: the VPN tunnel and the public Internet. Although it comes with some risks, they are minimal, thanks to the fact that modern VPN clients implement all sorts of security features, such as kill switch and IP leak protection, to help the fight against hackers and malicious activities.
What do you think about split tunneling? Have you ever used it? Do you think more VPN tools should implement it? Share your thoughts in the comment section below.