The thing is, while VPNs are an amazing piece of technology that can help you become and stay anonymous on the Web, they aren’t perfect for everything. Sometimes you need certain things not to go through your VPN. That’s where split tunneling comes into play. It’s a feature that can give you control over which devices in your network get the VPN treatment and which don’t. However, the question is - what to use split-tunneling, and what to expect from this technology? Are there any risks, and why should you use split-tunneling, in the first place? We'll answer all of those questions and plenty more.
Let's say that you have two main ways to entertain yourself: you love to watch Netflix and to play multiplayer games. Even though a VPN lets you watch American Netflix, and there are some amazing VPNs for gaming, you might not want to use it all the time. Some multiplayer games are quite open when it comes to accessing their servers, so a VPN is not needed. However, how can you easily enable and disable your VPN when you switch between these two activities? Well, you can use split-tunneling to automate this process. Let's see how this technology can be used.
What Does 'Split Tunneling' Mean?
Usually, when you use a VPN, all of your network data goes through a secure VPN tunnel. None of it makes it out of the tunnel on the public Internet (as that would constitute a data leak). Obviously, when you aren’t using a VPN, all of your network traffic will get routed to the LAN or WAN destination it’s meant to. In other words, your data is visible to websites and your ISP when not using a VPN. This is why it's often said that VPNs boost your security and privacy on the Web.
With split tunneling, you can do both at the same time. You can be hooked into a private VPN network and you can access public network resources at the same time. You decide which data goes where. However, you need a capable VPN solution for this - as split-tunneling is considered to be an advanced feature. In other words, make sure to do your research about the best VPN for this job.
Why Do I Need Split Tunneling?
The truth is that VPNs have their drawbacks. When you use them as an all-or-nothing solution, you subject all of your data to those drawbacks. The main function of a VPN is to give you a secure and private channel through which you send information anonymously. However, not everything that we do on the Internet needs to be private and secure. In those cases, a VPN can be more of a nuisance.
One good example is online banking. Your bank already provides a secure environment using SSL and they already know who you are. So accessing your bank website through a VPN is redundant. Not only that but if you are changing your location using the VPN, then it could trigger an alert. After all, if someone suddenly tries to log into your bank account from what appears to be another country, it seems like suspicious behavior.
A VPN may also perform significantly worse thanks to various overheads, compared to just your naked connection. That can hurt the experience of things like video streaming or online gaming. Still, there are ways to speed up slow VPNs, so be aware of these helpful tips and tricks. And finally, if you want to use network-attached storage or a network printer on your LAN with a VPN on, you might find that it doesn’t work.
Advanced Split Tunneling Concepts
When looking at split tunneling, there are some more advanced concepts that could apply to your specific situation. While most people are likely to just use the simplified split tunneling service provided by a VPN company, you might want to take note of these extra options.
Inverse Split Tunneling
Inverse split-tunneling is basically exactly what it says on the tin. It’s 'inside-out' split tunneling. Normally, the default is for everything to go through the VPN tunnel and then certain devices or applications to be marked for exclusion from it. With inverse split tunneling, the default is for data not to go through the tunnel unless you specifically indicate that it must.
Whether you should opt for an inverse split-tunnel depends on your use case, but if you have a small, stable number of applications that need the tunnel, it’s much more convenient to use the inverted route.
IPv6 Dual-Stack Networking
If you’ve read our article on what an IP address is, you might recall that the world is running out of traditional IP addresses. Thanks to every device now having some sort of Internet connection, it won’t be long until we can provide no more unique addresses. That’s only a limitation of the current IPv4 standard. IPv6 is set to replace it with enough address combinations to serve us for the foreseeable future. However, the transition hasn’t been all that smooth. Although most modern network hardware and software supports IPv6, in practice IPv4 still dominates.
So now there’s a problem since any growth of networks is going to happen using IPv6, but people still need their content served via IPv4. Both usually can’t operate on the same network at the same time. By using a special form of split tunneling, it’s possible to use both standards in parallel. This is pretty cool, although only of real interest to network admins. Still, we may soon see VPN providers using some form of dual stacking to increase their network size.
How Do I Enable & Use Split Tunneling?
There are various ways in which split tunneling is achieved in the networking world. When it comes to commercial VPN services that offer split tunneling as an option, it’s almost always configured through the VPN client software.
That client can be the per-device software client or sometimes a configuration done at the client level. How VPN providers decide to offer split tunneling is of course up to their discretion. They might let you choose specific applications or types of traffic for exclusion from the VPN tunnel. It may also be possible to exclude specific network devices from the VPN.
A good candidate for exclusion might be a streaming box or video game console. These devices usually need lots of bandwidth and low latency. So unless you want to make it look like your streaming box is in another country to unblock content, it makes sense to exclude it from the VPN tunnel. Even if you need geo-unblocking for such devices, it might make more sense to use alternative techniques to get the job done. We're talking about so-called 'Smart DNS' solutions, such as Smart DNS Proxy VPN, Unlocator, or IronSocket.
Device exclusion from the tunnel requires a router-level VPN. If you are using a Windows VPN application or an Android VPN app, then you can only control the flow of traffic from that device to the tunnel. Other machines on the same network won’t be affected if there is no VPN client between them and the Web. In other words, you need to set up a VPN on your router. For this purpose, we recommend you to check the best VPN routers. And if you're into opening up your router's capabilities, make sure to learn more about DD-WRT firmware. Then, check the best DD-WRT routers as well.
What's The Best Split-Tunnel VPN?
Despite how useful it can be, split tunneling is still a fairly rare feature, even when it comes to paid premium VPN services. With this said, we have a rich experience of testing dozens of VPNs, so we have some recommendations for you. Here are the best VPNs for split-tunneling in 2019.
1. ExpressVPN
Without any doubt, ExpressVPN is the best VPN you'll find right now. It has a long history of protecting its users against various online dangers and comes with plenty of innovative features. Just recently, this VPN introduced a privacy-first TrustedServer technology, had its policies audited, and decided to increase the limit of simultaneous connections to five. To learn more about there and other features, here's our ExpressVPN review.
ExpressVPN offers split-tunneling on Windows, macOS, and Android. To enable it, click on the hamburger button in the top-left corner, and then select 'Options'. Under the 'General' tab, you'll find a section related to 'Split Tunneling'. Enable the 'Manage Connection on a Per-App Basis'. Then, click on the 'Settings' button, and you'll see several options. You need to create a list of apps by clicking on the 'Plus' button, where you can either include apps that use the VPN connection, or vice versa - depending on what you picked in the first place.
2. CyberGhost VPN
Next, we have another capable VPN solution. CyberGhost VPN is a highly reliable VPN solution that comes with a brilliantly designed interface. It's available on numerous platforms, offering a series of easy-to-install native applications. To learn more, here's our CyberGhost VPN review.
CyberGhost allows split-tunneling on Windows and Android. To use this feature on your computer, launch the application and click on 'Smart Rules' on the left side. Then, select 'App Protection' and enable this feature by switching its toggle to ON. Once you click on 'Add Application', you'll get to navigate to apps that you'll like to protect with your VPN automatically. This means that as soon as you launch the chosen app, it will receive protection by CyberGhost VPN. Any other application will use your regular Web connection.
3. PureVPN
PureVPN is a highly respectable VPN solution, which has been offering split-tunneling for a while now. It's based in Hong Kong, and it's known for its tough anti-VPN measures that can battle even the Great Firewall of China. You can also count on thousands of servers in more than 140 countries. If you need additional information, read our PureVPN review.
PureVPN currently offers split-tunneling on Windows and Android. On your computer, open this VPN and then visit its 'Settings' panel (hidden behind the top-right placed cogwheel icon). Choose 'Beta Features' on the left and enable this option by switching the toggle to ON (on the right side). Then, choose 'Split Tunneling', activate it, and then select 'Manage Split Tunneling'. Finally, add the applications you'd like to protect with your VPN. Any applications that you don't add to this list will use your regular Web connection.
Are There Any Risks With Split Tunneling?
The biggest risk of using split tunneling is that you mess up the settings and accidentally send traffic that should have been private straight to the public Internet. Obviously, such a mistake would be the product of a deliberate configuration setting. Features such as a kill switch won’t help since your VPN will think you want that data to be public.
You should also know that many VPNs come with some form of malware-fighting tools. In addition, ad-blocking and tracker-blocking features could be implemented. However, this will only apply to VPN-protected data. So, if you're exposing your device to the public Internet without any protection, make sure to install the tools needed to safeguard your device from malware and other online dangers.
This means that if you choose to use split tunneling, you need to be very careful. Verify that the right traffic is being excluded and included. That’s before you do anything sensitive with your connection.
Are There Any Alternatives to Split Tunneling?
If you can’t or won’t use split tunneling, then you need to find a different way to direct traffic. One option is an all-or-nothing approach, where you switch the VPN off when you need it to be gone. However, you’ll have to be much more careful in this situation. Don’t do anything 'weird' on the net while the VPN is off. You can also disable router-level VPN and manage it on a per-device basis. That can however quickly use up your allotment of concurrently connected users.
Dear readers, this is where we conclude our guide on split-tunneling. If you found this article to be helpful, why not share it online? Also, do not forget to follow us on Facebook and Twitter. Thank you!