Split tunneling is a feature of Virtual Private Networks (VPNs) that let you route your internet traffic through two different tunnels, one of which is encrypted while the other one is your open network.
Sound complicated? To understand split tunneling, you need to get to grips with VPNs. So how does split tunneling work? What benefits does split tunneling give you? And which VPNs offer it?
How Does Split Tunneling Work?
To understand how split tunneling works, you need to know how VPNs work. Essentially, when you're connected to the internet, your browser connects with your ISP's server, which subsequently requests a website's server for specific content. This is an overly simplified way of putting it, but that should work for now.
When you use a VPN, there's one more server that your internet traffic travels through. Your computer first connects with a VPN server, which then access the internet for you. This is why you can use a VPN to mask your IP address and access geo-restricted websites from wherever you are.
So that's how a VPN works. What about split tunneling?
With split tunneling, you can instruct the VPN to only route traffic from certain apps or URLs via the secured channel, while the rest of the traffic will continue being transmitted via the open network. It's essentially the best of both worlds.
Sounds interesting, right? But why would you want to do something like this?
Why Would I Need Split Tunneling?
Have you noticed that your internet speed sometimes slows down when you connect to a server using a VPN? That's because your internet traffic is now routed through an intermediary server, and so it takes data packets longer to travel between these points.
When you route only a portion of your internet traffic through a VPN's encrypted tunnel, it allows you to utilize the rest of the bandwidth fully for other activities.
For instance, say you're watching Netflix and you get a call from your employer that you need to work on something confidential that's hosted on a secure server. Connecting to a VPN means you'll get slower speeds that could possibly result in buffering while you're binge-watching your favorite sitcom.
But instead, split tunneling allows you to use the VPN's secure tunnel only for routing the sensitive data, while still allowing you to utilize full bandwidth for Netflix.
Related: The Best Netflix VPNs to Watch Anything
Do note that speeds depend on VPN provider. You might not feel a lag at all, or if so, it might be negligible. Nonetheless, split tunneling can help you keep only what's important encrypted.
Which VPNs Offer Split Tunneling?
Split tunneling isn't available on all VPNs. Here are two of the best VPN services you could choose from.
ExpressVPN
ExpressVPN allows in-app split tunneling, which means you can choose which apps will use the secured tunnel and which ones won't.
If you're trying to use split tunneling on ExpressVPN, you can do so from the Options window.
Click on the triple bar icon at the top-left of the interface, select Options > General, and check the box beside Manage connection on a per-app basis. Then, click on Settings below to select which apps should use the secure VPN tunnel.
ExpressVPN is a premium VPN with lots of bells and whistles, and the benefits more than outweigh the costs. And you can save through MUO's exclusive offer page
However, you don't get URL-based split tunneling on ExpressVPN. For that, you could use NordVPN.
NordVPN
NordVPN offers both app-based and URL-based split tunneling. Plus, it's a lot cheaper than ExpressVPN. There's just one catch. You'll need NordVPN's Chrome extension to use URL-based split tunneling.
You can still use app-based split tunneling from its desktop interface though. Click on the cog wheel at the top-right of the app, then on Split tunneling from the left sidebar, and toggle the split tunneling button on.
And you can save even more using NordVPN.
Inverse vs. App- or URL-Based Split Tunneling
Both ExpressVPN and NordVPN allow you to either select apps (or URLs) that you want to disable the VPN for, or select ones that you want to enable the VPN for.
Who cares—same thing, right?
Not quite. Selecting what you want to disable the VPN for is called inverse split tunneling, while enabling the VPN for specific apps (or URLs) is called app- or URL-based split tunneling. And it matters which one you choose.
Ideally, you should choose inverse split tunneling. Why?
When you choose inverse split tunneling, all of your internet traffic travels through the secure tunnel except for the apps you "whitelist". However, when you choose app- or URL-based split tunneling, all your internet traffic except from the apps you've selected will travel through an unsecured tunnel.
Ultimately, both accomplish the same purpose, but inverse split tunneling is just a safer bet.
Should You Use Split Tunneling?
After all's said and done, should you actually go ahead and use split tunneling?
It makes sense to use split tunneling in a few situations. For instance, when you need to use your full bandwidth for something while you're simultaneously doing data-sensitive tasks. Or, perhaps you want to access a website like Wikipedia that doesn't allow editing pages if you're connected to a VPN.
However, some people claim that split tunneling can sometimes compromise the overall security that the VPN provides. This is more about setting up split tunneling incorrectly rather than the feature being inherently unsafe, though.
Split Those Tunnels
Split tunneling gives you more control over your internet traffic when you're using a VPN. It solves several challenges that you'd face as a VPN user, and gives you the flexibility to hit the sweet spot between utilizing your full bandwidth and ensuring security.
To always keep your traffic security airtight, make sure you use inverse split tunneling. You should also be careful when choosing your VPN service provider. Select one that offers a good combination of security and privacy features like AES-256 encryption, a kill switch, DNS leak protection, and a strict no logs policy.
When you have the right setup, you'll be able to make the most of this nifty feature. However, if you're trying to keep your employees from using split tunneling at work, you can install the VPN on your office router. It's still possible to use split tunneling on router firmware like DD-WRT, but you can easily restrict your employees' access to the routers.