Although VPNs are great for your online privacy and security, there might be times you don’t think you need one. This is where split tunneling comes in. Split tunneling lets you choose specific traffic to bypass the VPN tunnel, leaving the rest of your traffic encrypted.
This gives you greater flexibility as you can customize your VPN according to your needs. You’ll be able to access your local network and VPN server network at the same time, and even browse local and foreign content content simultaneously.
However, split tunneling comes with some risk. In this blog post, we’ll break down everything related to VPN split tunneling, and show you when and how to activate split tunneling safely.
Start multitasking online with CyberGhost VPN. We offer split tunneling on Android and an Exceptions feature on Windows. Download our user-friendly VPN app today!
What Is VPN Split Tunneling?
Split tunneling is a VPN feature that lets you divide your internet traffic, giving you more hands-on control over where your traffic goes. You can choose specific traffic to route through the encrypted VPN tunnel, while the remaining traffic uses your regular network connection.
How Split Tunneling Works
When you enable split tunneling in your VPN, you can exclude specific traffic from the VPN tunnel. For example, you can set up split tunneling to exclude Gmail, Venmo, and DoorDash from the VPN tunnel, meaning these sites will be able to use your standard internet connection. None of this traffic will be encrypted by the VPN, and your real IP address will be visible. Everything else will be routed through the encrypted VPN tunnel.
In terms of digital privacy, sending all your traffic through the VPN is the safest option as your connection is fortified against intrusion. However, split tunneling is a useful tool if you don’t want to disable your VPN every time you need to use your standard internet connection.
What’s the Difference between a Split Tunnel and Full Tunnel?
A full tunnel is simply a standard VPN connection. All traffic is encrypted to and from your device. When you connect to a VPN, you automatically have a full tunnel setup.
A split tunnel divides your internet traffic based on your selection. You can choose specific traffic to encrypt (or decrypt) based on your needs.
Types of Split Tunneling
- App-based split tunneling: This option lets you specify which apps to encrypt, while the rest of your traffic stays unencrypted. For instance, you can choose to encrypt specific banking apps to keep your sensitive financial data safe. Conversely, you might choose not to send your banking traffic so you’re using a local IP address to help reduce CAPTCHAs. This is the most common type of split tunneling.
- URL-based split tunneling: You can choose certain URLs to send through your VPN, while the rest of your internet traffic stays on a standard internet connection. For example, you can set up the VPN to exclude your local weather station’s site to ensure you see location-specific results.
- Inverse split tunneling: All your traffic is encrypted, bar any trusted programs you select. This option is useful in situations where speed is more important to you than security (like if you’re using a trusted gaming client and you want optimal performance).
- IP-based split tunneling: You can exclude certain IP addresses from the VPN tunnel. This is a popular option for businesses.
- Protocol-based split tunneling: This splits your traffic based on protocols. For example, you can route HTTP traffic through the VPN but exclude HTTPS traffic. Another option is routing data-heavy traffic (like downloading or streaming) through UDP, while making online payments using TCP.
Pros and Cons of VPN Split Tunneling
Pros
-
- ✅ Your real IP address is still active. You can use your ISP-assigned IP address at the same time as the VPN server’s IP address.
- ✅ You can customize your connection. You can choose which traffic to redirect through the VPN server, and which traffic to exclude. Any excluded traffic will use your regular internet connection.
- ✅ You can save bandwidth. Since VPN encryption can marginally slow down your connection, split tunneling helps you avoid encrypting any traffic that requires top speeds.
Cons
-
- ❌ Your traffic is vulnerable to snoops and cybercriminals. Any unencrypted traffic won’t be protected by a VPN’s security measures (like security protocols, a kill switch, leak protection, and more).
- ❌ You might need some tech skills. To set up split tunneling, you need to manually configure specific URLs, apps, and clients to bypass the VPN.
- ❌ Your ISP can snoop on your activity. Since your real IP address is visible, your ISP can monitor your unencrypted traffic and see what you’re doing. It can even throttle your connection if you’re using a lot of bandwidth.
When to Turn On Split Tunneling
While it’s best practice to always use a VPN, you might not always need the extra layer of security. It’s important to understand your needs before deciding to activate split tunneling.
1. Avoiding Slow Speeds
If you have slow internet speeds but still want the protection of a VPN, split tunneling can help speed things up. For instance, you can exclude your gaming client from the VPN tunnel. This allows you to game online without risking the additional lag that might come with a long-distance VPN connection, and still enjoy VPN protection over your remaining traffic.
CyberGhost VPN has optimized servers for streaming and gaming, so you don’t need to worry about slow speeds. Enjoy quality streaming and gaming, while protecing your connection at all times.
2. Browsing in Two Locations
Some websites and apps only let you view their content if you’re in a specific location. This includes news sites, government services, banks, and streaming platforms.
You can set up split tunneling to access location-specific content and continue to view content in your current location simultaneously. For example, you can exclude YouTube from the VPN tunnel so your feed will display local results. The rest of your traffic would still be routed through the VPN, so you’ll see content from the VPN server’s location.
3. Accessing Your Local Area Network (LAN)
Some local devices have been configured with your real IP address (like your printer or game console). When you connect to a VPN, your real IP address is masked behind one associated with your VPN’s server. This change can sometimes result in losing access to local devices like your printer.
Split tunneling allows you to connect to LAN devices without disconnecting from your VPN.
4. Avoiding VPN Blocks
Some websites can ban VPN usage. An example is Wikipedia, which restricts editing permissions if you have a VPN IP address. You can use split tunneling to exclude Wikipedia from the VPN tunnel.
Is Split Tunneling a Security Risk?
it’s always safer to encrypt all your traffic rather than just some of it. Unencrypted traffic won’t be protected against snooping and intrusion, so you could be putting sensitive data at risk. That said, using a split tunnel VPN to ensure some of your traffic is protected is still safer than not using a VPN at all.
How to Turn On Split Tunneling on a VPN
To configure split tunneling, you need a VPN with a split tunneling feature. CyberGhost offers split tunneling on Android and an Exceptions feature on Windows.
How to Activate VPN Split Tunneling on Android
- Launch the VPN and click the settings icon. Make sure you’re not connected to a VPN server.
- Once you’re in settings, click on VPN from the panel under Manage devices. Select App Split Tunnel at the bottom of the screen.
- Select Mode at the top left-hand corner.
- Create your split tunneling rules. Choose to protect all apps or select Custom rules to choose the apps you want to encrypt.
How to Configure Split Tunneling on Windows
The CyberGhost Windows VPN app has an Exceptions feature that lets you exclude sites (like Netflix) from the VPN tunnel.
- Launch the VPN app and log in. Click on Smart Rules.
- In the Smart rules section, select the Exceptions tab at the top.
- The Make exceptions section will appear. Toggle the On button.
- Enter the URL of the website you’d like to exclude from the CyberGhost VPN tunnel and click Add. For example, you can type Netflix.com if you want to stream Netflix on your normal, unencrypted internet connection.
- That’s it! The URL will now appear on the list of URLs that bypass the VPN tunnel. You can deactivate or delete this URL at any time.
How to Test If Your VPN Split Tunneling Is Working
Unsure if split tunneling has been activated? Here are some steps you can take.
-
- Check your VPN settings. Log in to your VPN and verify split tunneling is active.
- Visit the unencrypted channels and check your IP address. Your real IP address should be visible. You can use this free tool to check your IP address.
- Visit the encrypted channels and check your IP address. Your real IP address should be masked, and you should have a new IP address in the same location as the VPN server you connected to.
- Access local devices (like your printer or local servers). If you can establish a connection while the VPN is on, then split tunneling is active.
Is Split Tunneling the Right Choice for You?
Split tunneling has both benefits and drawbacks. On the plus side, you have greater control over your VPN traffic. On the downside, you might expose any unencrypted traffic to snooping, cyberattacks, and other security risks.
We strongly believe it’s always a good idea to encrypt all your internet traffic. However, if you do need to use VPN split tunneling, remember to stay security-conscious and ensure all your sensitive data still remains encrypted.
Customize your connection with CyberGhost VPN’s split tunneling option on Android and Windows. Sign up and become a Ghostie today!
FAQ
Split tunneling is a VPN feature that creates a second tunnel for your internet traffic. You can choose which website or app traffic is tunneled through the VPN, and which traffic remains tunneled through your regular internet connection. For example, you can set up your streaming platform to always use your regular connection, giving you access to your local content library.
You can enable split tunneling if you need to divide your traffic into two connections. For example, you can set up split tunneling to allow easy access to a public network and a local area network (like a printer) at the same time. You can also turn on split tunneling to browse local and foreign content simultaneously. It can even help you achieve faster speeds as a portion of your traffic will be unencrypted.
However, if you want to keep all your traffic secured behind VPN encryption, then you should avoid split tunneling.
No, split tunneling doesn’t slow down your internet speeds. This is because split tunneling bypasses the VPN encryption process, which uses extra bandwidth and can cause a slight decrease in speed.
Luckily, you can mitigate this by getting a fast VPN. CyberGhost VPN has 10-Gbps servers and unlimited bandwidth, so you’ll never notice any difference in speed.
Full tunnel is the default option for all VPNs. If you want to set up split tunneling, you’ll need to configure your VPN. To check whether split tunneling has been set up correctly, you can visit some of the apps or URLs you selected and see if it bypasses the VPN.
A VPN tunnel creates a secure connection between your device and the internet. It encrypts your internet traffic and prevents anyone from intercepting, monitoring, or altering your data.
For example, a VPN tunnel can keep you safe on public Wi-Fi by rerouting your traffic through its private server network. This means others sharing the public network can’t hack your device or spy on your activity.
The main disadvantage is incomplete encryption. When you split tunnel your traffic, the unencrypted traffic is exposed to cybercriminals, your ISP, and other third parties. If you’re performing data-heavy activities (like streaming), it may even lead to your ISP throttling your connection.
You also need to set up split tunneling on your VPN. This might be tricky if you’re not confident with tech, although quality VPNs always have a 24/7 customer support team available to help.
Whenever you activate split tunneling, you’re taking a risk with your online security — even if it’s only a small risk. Split tunneling leaves part of your internet traffic unencrypted, leaving you vulnerable to potential cyber threats.
Leave a comment