GlossaryPrivacy & SecurityIntermediate

Split Tunneling

Split tunneling is a VPN feature that lets you route some of your traffic through the encrypted VPN tunnel while other traffic goes directly to the internet. This gives you control over which apps or sites use the VPN.

Last updated June 8, 2026

Definition

Split tunneling is a VPN configuration that splits your network traffic into two paths: one that travels through the encrypted VPN tunnel and one that connects directly to the internet using your real IP address. Instead of forcing every packet through the VPN, you decide which apps, websites, or destinations get protected.

How split tunneling works

When enabled, the VPN client maintains rules that match traffic by application, IP range, or domain. Matching traffic is encrypted and sent to the VPN server; everything else bypasses the tunnel. This is typically done at the OS routing-table level or inside the VPN app itself.

Why it matters

Split tunneling improves speed for non-sensitive traffic, lets you access local network devices (like a printer or NAS) while staying connected, and allows region-specific access where some services block VPNs. For example, you can keep banking apps off the VPN while routing a scraper or browser through a foreign exit node.

  • Inverse split tunneling: route everything through the VPN except chosen apps.
  • App-based: choose specific apps to tunnel.
  • URL/IP-based: route by destination.

The trade-off is privacy: traffic outside the tunnel is exposed, so use it deliberately.

Examples

1

Streaming Netflix locally while routing a work browser through a UK VPN server

2

Accessing a home NAS or printer while connected to a corporate VPN

3

Running a web scraper through the VPN while keeping a banking app on the direct connection

Common Use Cases

Reducing latency for bandwidth-heavy apps that don't need encryption
Accessing geo-restricted services and local LAN devices simultaneously
Isolating scraping or automation traffic to a specific exit IP
Bypassing VPN blocks on selected sites while protecting the rest

Frequently Asked Questions

It is safe when configured intentionally, but any traffic routed outside the VPN tunnel uses your real IP and is unencrypted, so avoid it for sensitive activity.
No, it usually improves performance because only selected traffic is encrypted and routed through the VPN server, freeing bandwidth for direct connections.
Most major providers like NordVPN, Surfshark, and ExpressVPN offer it, though support varies by platform and is often limited on iOS.

Keep Learning

All terms

VPN

A VPN (Virtual Private Network) encrypts all of your device's internet traffic and routes it through a remote server, hiding your IP and protecting data on untrusted networks.

Read definition

Kill Switch

A kill switch automatically cuts your internet connection if your VPN drops, preventing your real IP and traffic from being exposed.

Read definition

WireGuard

WireGuard is a modern, fast and lightweight VPN protocol known for its tiny codebase, strong cryptography and excellent performance.

Read definition

Geo-Targeting

Geo-targeting is selecting proxy IPs from a specific country, region or city so your requests appear to originate from that exact location.

Read definition
Back to Glossary