Split Tunneling: The VPN Feature You're Probably Not Using

Full VPN tunnelling routes everything through the VPN — your online banking, your streaming, your work email, your game downloads, all of it. This protects everything but often creates problems: slower speeds, inaccessible local network devices, streaming services blocked by VPN detection. Split tunneling fixes this by letting you define which traffic goes through the VPN and which bypasses it.

How It Works

Split tunneling at the application level lets you specify which apps use the VPN. Chrome goes through the tunnel; Steam doesn't. Your work VPN client goes through; your local printer driver doesn't. The OS maintains two routing paths simultaneously — the VPN tunnel for designated traffic, the regular network stack for everything else.

IP-based split tunneling is more granular — you specify which destination IP ranges use the VPN. All traffic to 10.0.0.0/8 (your corporate network) goes through the corporate VPN. Everything else goes direct. This is exactly how most corporate VPN setups work: employee traffic to company systems is tunnelled, personal internet use isn't.

The Privacy Trade-off

Split tunneling is a privacy compromise. The traffic you route outside the VPN is visible to your ISP and the regular surveillance architecture of the open internet. If privacy is the primary reason you're using the VPN, routing some traffic outside it defeats part of the purpose.

Wait — this matters. The use case where split tunneling makes sense is when different traffic has different privacy requirements. Your sensitive browsing goes through the VPN. Your Netflix streaming — which doesn't have privacy implications but keeps getting VPN-blocked — goes direct. That's a reasonable trade.

Inverse Split Tunneling

Some VPN clients offer inverse (or 'exclusive') split tunneling — instead of specifying which apps use the VPN, you specify which apps bypass it, and everything else goes through. This is useful when you want most traffic protected but need a few specific applications to use your direct connection for performance or accessibility reasons.

Which VPNs Support It

ExpressVPN, NordVPN, Mullvad, and ProtonVPN all offer split tunneling on at least some platforms. Implementation quality varies — some only support application-level splitting, some only IP-based. Check whether your VPN client supports the granularity you need before assuming the feature works the way you expect.