Split Tunneling Is the Most Underrated Feature of Your VPN.

Posted on by

VPNs are a fantastic security tool. While they’re not foolproof , a properly configured VPN can protect your traffic between apps and websites. However, the added network latency can slow down bandwidth-intensive apps or block access to those that specifically prohibit network traffic spoofing, creating obstacles when trying to use the internet. This is where split tunneling comes in handy.

Split tunneling is a relatively new VPN feature that allows you to route specific apps or websites through the VPN while the rest of your device’s network remains unencrypted. This way, you can stay protected while browsing the internet, while allowing exceptions for things like your banking app or local printer. While not all VPN providers support this feature on every device, split tunneling remains a very useful feature that requires just a few clicks to enable and configure. It gives you greater control over your digital footprint and prioritizes convenience without compromising your security.

What does split tunneling do to your VPN?

By default, VPN providers route all your network traffic through an encrypted tunnel, which hides your IP address once enabled. This is great for privacy or avoiding censorship, but it can create problems when using a banking app, printing documents over Wi-Fi, or banking apps that require verification of your geographic location.

You may also like

Split tunneling creates exceptions for specific apps and websites. This can work either as a blacklist, allowing you to select which apps pass through your VPN, or as a whitelist, providing direct network exceptions for specific apps and services. While useful and practical, split tunneling support is extremely inconsistent across providers. Some VPNs, such as Proton, provide good support across all platforms. Others, such as NordVPN , experience issues with operating systems that enforce stricter network rules, such as macOS or iPhone.

How split tunneling works

Split tunneling works in two ways. VPN services typically offer it as a whitelist, allowing you to add specific websites or apps as exceptions to your VPN connection so that any incoming or outgoing traffic passing through these websites and apps can pass through your regular network without VPN encryption. This is how Surfshark and IPVanish do it. Alternatively, VPN providers like ExpressVPN use the opposite approach. Instead of a whitelist, you configure a list of apps and websites that should benefit from encrypted tunneling. Everything except the list of apps and services you configure will pass through your regular network without VPN encryption.

Additionally, platforms like NordVPN and CyberGhost offer both split-tunneling and split-tunneling options, allowing you to choose the most convenient configuration option. Some leading providers also offer router-level configuration options. This means you can configure split tunneling on your Wi-Fi network directly from your router if you’re using one supported by a VPN. Depending on how important network security is to you in your daily work, you may prefer one split-tunneling option over another.

This is when it makes sense to enable split tunneling.

Split tunneling provides greater control over your network, allowing you to avoid server lag and access highly secure services without having to disconnect your VPN each time. While it’s not a requirement for every user, here’s a quick overview of scenarios where it might be useful:

What do you think at the moment?

  • When accessing devices connected to your local network, such as printers, doorbell cameras, or smart speakers that do not require an encrypted connection.

  • High-security apps and services, such as banking websites or zero-trust digital workspaces, specifically block IP addresses commonly used by VPN providers.

  • Bandwidth-intensive tasks like online gaming, video calling, or 4K video streaming may not be possible using a VPN without a fast internet connection.

  • Services that rely on location data to provide accurate results, such as weather apps or ride-sharing services, generally work best when using your own network.

When to Avoid Tunnel Forking

While bypassing a VPN can improve network performance, split tunneling also exposes your IP address, geolocation data, and other identifying information to apps or websites accessing your network unencrypted. Furthermore, it often disables features that protect you from online tracking or intrusive ads that your VPN would normally block. Think of it this way: creating split tunneling is like automatically disabling your VPN when you access certain apps or services, leaving you completely vulnerable to everything it was designed to protect you from.

For example, I wouldn’t use split tunneling on a public Wi-Fi network or when using an ISP I don’t fully trust. Also, keep in mind that while some VPN providers allow split tunneling while maintaining DNS (domain name server) masking, DNS requests may still leak, depending on how secure the provider is. If you’re concerned about the possibility of a DNS leak when using split tunneling with your VPN, try using a DNS leak tester like BrowserLeaks , IPLeak , or free tools from ExpressVPN and Surfshark to ensure everything is working as intended.

These VPN providers support split tunneling.

Split tunneling is a relatively new VPN feature that isn’t available with all providers. Even among those that support it, Apple’s firewalls for iOS and macOS make it difficult to implement. Because of this, support and functionality vary greatly across providers, and no one company offers the same level of functionality.

However, several major VPN services support split tunneling. These include:

  • Surfshark: The company has a tool called Bypasser, which allows unfettered access to your home network for specific apps and services you whitelist. It’s available for Windows, macOS, Android, iOS, and iPadOS. Even the browser extension has a dedicated Bypasser implementation. This makes it the platform with the most balanced split-tunneling VPN service, in my opinion.

  • ProtonVPN: The company behind ProtonMail is known for its security features, so it’s no surprise that their VPN supports split tunneling on all operating systems, including Linux. However, Linux support is more limited than on other platforms due to technical limitations.

  • Norton VPN: Norton VPN has supported split tunneling on Windows and Android devices for some time now. As of June 2026, this feature is now supported on Mac and iOS devices.

  • NordVPN: Despite being one of the largest players in this market, NordVPN doesn’t support built-in split tunneling on Apple devices. However, NordVPN’s split tunneling implementation on Windows and Android is well-executed and highly customizable.

  • ExpressVPN: While support for Apple devices is a new feature that’s still being improved, ExpressVPN has fairly decent split-tunneling capabilities for Windows, Android, and Linux users. Furthermore, it can work directly with popular router models at the network level, before traffic is routed to any device.

More…

Privacy

Leave a Reply