(Credit: PCMag, René Ramos, Amtitus/DigitalVision Vectors via Getty Images)
Some websites and apps—like certain banking platforms or streaming services—don't always work smoothly with the encryption a VPN provides. That's where split tunneling becomes incredibly useful. This feature lets you control which apps or websites use the VPN connection and which ones connect directly to the internet through your regular network. For example, you can keep your browser protected by the VPN while letting your online game or banking app bypass it for better speed or fewer issues with identity verification. You no longer have to turn off your VPN entirely just to access specific services.
This article was made possible in part by Proton VPN. It was written and edited independently without partner oversight.
In this guide, I’ll explain how split tunneling works, when it makes sense to use it, and what privacy and security trade-offs you should consider before enabling it.
How Does Split Tunneling Work?
Connecting to a VPN encrypts all of your outgoing network data. Applications, games, and browsers will all route through that encrypted tunnel by default. Split tunneling allows you to route specific programs through your regular network instead, thus forgoing any encryption.
Why would you want to do this? Encryption increases your latency, even with the fastest VPNs. If you're playing competitive games, every millisecond counts. Without split tunneling, you would have to decide between privacy and performance. Routing your game out of your VPN's encrypted tunnel allows you to play without forgoing privacy. You'll still be broadcasting your gaming activity to any onlookers, like your ISP, but your more sensitive data across other applications and websites will be protected as usual.
App-based split tunneling allows you to route specific apps through your VPN while keeping others on your local connection. Browser-based split tunneling usually comes in the form of a browser extension that functions as a lightweight version of your VPN that protects your general browsing rather than your entire device.
Recommended by Our Editors
A good VPN combines app and browser split tunneling into a single feature by allowing you to configure both apps and URLs in the main client. In the full app, you can filter apps on your device. The browser version lets you allowlist websites that will bypass the VPN, but you won’t be able to modify any programs without using the full client.
Some services offer what's called "inverse" split tunneling. This feature enables you to route the majority of your traffic through your regular network, and then you can pick which applications get protected by your VPN. It's useful if you have just one or two apps that you want protected, such as a torrent client or a browser for streaming. While both versions of this tool are convenient, it is best to use each one carefully. Your data will be visible while using apps or sites that are excluded from encryption.
When to Use Split Tunneling
It may not be obvious why you would want to exclude certain services from your VPN's protective encryption. After all, you're likely using a VPN because you want it to protect all of your data. However, there are a handful of reasons you should consider using split tunneling. Most come down to performance, accessibility, and preference. Here are some of the biggest reasons you may want to use split tunneling, and when not to:
- Improve performance: Routing an app outside of your VPN’s tunnel will allow it to fully use your base internet speeds. This can be critical for fast-paced tasks like gaming or data-intensive ones like downloading large files.
- Access local services: Rideshare apps and local websites can malfunction on a regular VPN connection. If you can’t get a regional service to work, consider routing it out of the encrypted tunnel.
- Work remotely: Your work laptop or office network is probably already protected by a business VPN. Your personal service could clash with it and prevent you from logging into important systems.
- Stream local content: Accessing regional streaming services like Netflix with a VPN can change the content you see depending on the location of the server you are connected to. You should use split tunneling and route your favorite streaming service through your local network if you want to view that region’s unique content. Alternatively, you can use your VPN to access a server in that region if you want to stay protected and watch your favorite shows.
- Bank online: Banks have advanced fraud detection algorithms that can go off if you try to connect to your account with a VPN. You may end up blocked, or, even worse, your account could be flagged for fraud, resulting in locked-down cards when you need them most.
- Use devices on your home network: Sometimes VPNs will prevent your device from being visible on local networks, which can make using devices like printers impossible. Good luck casting your favorite streaming app from your phone to your TV when your phone is in the UK with access to the BBC, but your TV is here at home. Routing a specific app on your device through your regular network connection instead of the VPN can fix that problem.
Is Split Tunneling Safe?
Carelessness and improper usage are the main risks with split tunneling. It’s easy to misconfigure a split tunnel and accidentally leak your IP address, location, and browsing details to your ISP and advertisers. You could get a threatening letter (or worse) from your ISP if you allow activity like torrenting to go through your regular network connection.
The actual security risks are minimal. There’s always a chance that you could connect to a compromised public network, but those attacks have become rare with the widespread adoption of HTTPS. A reputable antivirus will do more to protect your traffic against malicious attacks than any VPN, though I recommend using both for a layered security toolkit. Throw in a password manager and enable two-factor authentication to improve your privacy even further.