Split-Tunneling: What it is, how to use it, and what to watch out for

Turning on your VPN connection is like creating a new online identity for yourself. You get to spoof your location and access sites and services you otherwise can’t. But what about sites and services you normally can? What happens to those when you use a VPN? Do you need to turn off your VPN access just to check local news sites, or to not get locked out of any of your accounts?

That seems hardly like the right option, since turning off your VPN can expose you to a myriad of online threats — threats that won’t care whether you’re accessing local or international sites. Thankfully, split-tunneling is an option that gives you the best of both worlds, by giving you both protection and flexibility while browsing the web.


What is Split-Tunneling?

Split-tunneling, as the name suggests, “splits” your connection into two streams. One stream goes through the VPN provider, and the other stream goes through the regular internet path. That means one stream gets protected by encryption, and another stream can be viewed by your ISP and anyone enterprising enough to break into your network.

Split-tunneling is a handy feature that allows for several use cases, to be discussed in the next section. After all, there are times when a full-tunnel mode (also designated as simply “tunnel-mode” by some VPN apps) can cause just as many problems as it solves.


Advantages of Split-Tunneling

A split-tunnel allows you to do the following:

  • Maintain access to your usual networks. This is especially important for those of us who are working from home during the time of the COVID-19 pandemic. Most devices are registered to company resources by their IP address, and once these addresses change, one can no longer access these resources. Unless your company whitelists your VPN’s IP address (which is only possible if you have purchased a dedicated IP address subscription from your provider), you don’t have a choice but to turn off your VPN while at work.

Or, you can just use split-tunneling. By filtering your VPN access to exclude sites or apps you use for work, you can remain anonymous in your private browsing activities. This also works when you have to access local network devices, such as networked folders or other machines. These devices would normally block you out when they detect you are using a different IP address, but VPN split-tunneling solves this.

  • It keeps your account from being blocked. Other services, such as Netflix, can block your account for using a VPN. Maybe you’re not among those who want to access Netflix’s content from across the ocean, the local catalog giving you enough for binge-watching. Instead of risking being blocked, you can just split-tunnel your way through safety.


  • It helps you keep an online “cover”. This is especially important if your profession puts you within the sights of privacy-invading entities, such as the government. Putting all of your traffic behind a VPN may protect your privacy, but having completely no online footprint can also rouse suspicions, since it makes you stand out from the crowd. In fact, some entities use the same technique to single out those they need to keep a closer eye on.

If this is the case, you can split your web connection, so the VPN only covers sensitive data. Then you can leave the mundane browsing and internet activity in the clear, for others to sift through if they decide to eavesdrop.

  • It helps you improve VPN speeds. Sometimes, VPN servers can slow down because of demand. Routing all your traffic through that congested server can slow down your connection completely. If this happens, you can split-tunnel your way to speed by routing only the essential traffic through the VPN. You can then let your regular, non-private traffic remain in the clear at least until the VPN server stabilizes again.

Dangers of Split-Tunneling

There are no inherent dangers to split-tunneling, except if you fail to properly set the connection. This way, you fail to encrypt a connection that’s meant to be private, thus exposing it to scrutiny. As with any web-related activity you engage in, make sure to look before you leap. Remember that any unencrypted traffic can be compiled and used to build a profile of your online usage.

As always, make sure to use only a VPN service you can rely on, one that ensures your split-tunneled connection is securely encrypted!


How to Split-Tunnel

Split-tunneling can be done in a variety of ways, all depending on how robust your VPN provider’s app is. There are two primary “filters” you can use to split-tunnel:

  • Filter by App. This will allow you to exclude certain apps from having their connections enter the VPN tunnel. For example, if you turn on VPN split-tunneling in your Android device, you can filter your streaming apps to use the regular connection instead of the VPN connection, so you can access in-country content while remaining anonymous in all your other apps.
  • Filter by URL. This offers a more fine-grained control over your connection. This way, you can filter out specific URLs so accessing them does not take your through the VPN server. For example, you can access your workplace email server without making it look like you’ve migrated to another country. At the same time, you can still remain invisible while browsing other websites.

Note that there is also a concept called “inverse split tunneling”, which is just a fancy way of saying that only the apps/URLs you put in the filter will pass through the VPN server, with all other connections passing through the regular connection. This is more handy if you have dozens of apps and/or URLs to visit, and you only want VPN protection in a handful of them.