A Virtual Private Network (VPN) establishes a secure link between a client computer and a VPN server. The remote server acts as a proxy. It forwards requests for internet resources and webpages over that link from the client. It also receives all responses to those requests and passes them back down the secure link.
That secure link is referred to as “tunnel.” In split tunneling, the VPN client program directs some traffic down the secure link to the VPN server, and some over regular connections. Those non-tunneled connections are managed by an Internet Service Provider (ISP). The ISP forwards messages to neighboring routers, not to the VPN server.
Businesses regularly use VPNs to protect the internet traffic of employees working away from the office. Communication with these workers needs to be treated as though they were connected directly to the office network. However, if the remote worker is using their own computer for work, they may very well also have personal applications running on that device at the same time. For example, the homeworker might be streaming entertainment through the home computer from a music service such as Spotify. They might also keep a webpage open to check on their private webmail.
Where a VPN user has a specific group of apps that need to connect through the tunnel, and other apps that don’t, it can be annoying that all of the traffic from that computer has to go to the VPN server. Split tunneling offers the opportunity to protect some traffic through a VPN, but not all of it.
There are different methods available for implementing split tunneling. If you’ve manually set up a VPN on your computer, you can manipulate the way that the VPN network behaves through command line instructions. However, that method is complicated and technical. As such, for this report, we’ve focused on VPNs that include split tunneling utilities within their apps. Take a look at our five best VPNs for split tunneling below. You can also read more about implementing the strategy later on in this report.
Best VPN sservices for VPN Split Tunneling: Summary
Special Deal: Save 49% Today!
- 30-day money-back guarantee
- Servers 94 countries
- Device-based split-tunneling for routers
- Split tunneling feature in the Mac OS X and macOS app
- Good for video streaming
- Only three simultaneous connections allowed
ExpressVPN only has a specific split tunneling feature for its Mac OS X and macOS app versions. This feature has both a split-include and a split-exclude option. You control it by a radio button at the top of the split tunneling page. You don't have to know the addresses of the connections that you want to include or exclude for tunneling because this setup screen accepts the names of apps rather than addresses. Another split tunneling option lies in the VPN's router implementation. In this case, you can nominate which devices the VPN should protect. The VPN setup screen includes a list of recently connected devices and there is an On/Off toggle next to each entry in the list. This enables you to include or exclude that device from the tunnel.
Our ExpressVPN review found the service offers servers in 94 countries. It can get through the location restrictions on most streaming services in the world. The company is based in the British Virgin Islands. It keeps no logs on users' activities, so offers good protection for those who want to download entertainment with peer-to-peer (P2P) networks.
Visit ExpressVPN »30-day money-back guarantee
- Seven-day money-back guarantee
- Three-day trial option
- Servers in 141 countries
- Uses split-include tunneling for apps
- No logs
- Some servers are slow
PureVPN was the pioneer of split tunneling in the VPN industry. Although the company produces an app for Windows, Mac OS X, macOS, iOS, and
Android devices, you can only implement its split tunneling capabilities on the Windows and Android operating systems. PureVPN uses a split-include configuration, which means that you nominate apps that you want the VPN to protect. All other connections go to the internet by a regular route, rather than being sent to the VPN server.
When reviewing PureVPN we found more than 750 servers in 141 countries. This is a particularly good VPN service for China, as the VPN is very good at getting through blocks undetected. The company is based in Hong Kong.
- Seven-day money-back guarantee
- Servers in 52 countries
- Allowance of five simultaneous connections
- App-based split-include tunnel
- Kill switch
- Some servers can be slow
Ivacy is based in Singapore. It has good speeds for streaming video and downloading files. The company keeps no logs, so offers good protection for torrenters. The split tunneling feature of the VPN client allows you to nominate apps that the service should protect. The VPN also has a feature that automatically adjusts the settings of the VPN according to your intended activities, such as video streaming or downloading.
This VPN has more than 200 servers in 52 countries. It allows each user to connect five devices to the service at the same time.
- Seven-day refund guarantee
- Cheap three-day trial account
- Choice of split-include or split-exclude configurations
- Gets around the Great Firewall of China
- Selective kill switch
- Difficult to set up
AirVPN has a Routes tab in its settings system. This enables you to nominate connections for the tunnel. A toggle allows you to select whether you want to implement a split-include or a split-exclude tunnel. You need to enter the IP addresses of the connections that you want in your include/exclude list. The VPN app has a kill switch, which is called a "network lock." Those connections designated to be outside the tunnel won't be blocked when the kill switch is turned on but the VPN isn't engaged. These features are available in the app for Windows, OS X, macOS, and Linux.
AirVPN is a good service if you want to go to China because it can evade detection by the Chinese authorities. The detection evasion capabilities of this service also work well at video streaming sites that implement location access restrictions. The team at AirVPN is fine with customers using the network for P2P download protection and it keeps no activity logs.
- 15-day money-back guarantee
- One-day free trial
- Gets around regional restrictions
- Manual setup for split-exclude tunnel
- Additional Smart DNS
- Takes time to discover all of the features
You can use the ibVPN app or the third party OpenVPN GUI interface with this service. Split tunneling is implemented in the OpenVPN GUI interface, and not in the ibVPN app. In order to use the split tunnel you need to edit the configuration file for the OpenVPN GUI. Although this task is a little technical, there's a page on the ibVPN website that explains how to do it. The split works on a split-exclude basis and you have to enter the IP addresses of the websites that you want to exclude from the tunnel.
As an alternative method of splitting your traffic routing rules, you could use the ibDNS service instead. This is a Smart Domain Name System (DNS) service that selectively routes you traffic through a proxy automatically, without you having to nominate destinations for the split. This service focuses on diverting requests to video streaming services and other location-restricted sites. This is an encrypted service, so it is more secure than a standard Smart DNS, but not as safe as a full VPN.
- Our Score
- Visit Site
VPN Split Tunneling: Considerations
Split Tunnel Definition
There are two basic ways to create a split tunnel. With a split-include tunnel, you nominate the connections that the VPN protects. All other connections are sent over the internet by the standard route. The other method is a split-exclude tunnel. There, the user defines the connections that shouldn’t go down the tunnel. In that case, all other traffic is be sent to the VPN server by default.
The method of implementing the split tunnel definition depends on the VPN client software that the user has installed. Strictly speaking, the definition of the connections to include or exclude should be registered as a list of IP addresses. However, the client interface may also allow you to enter web addresses (URLs) instead. You can also implement a split tunnel by allocating the traffic from selected applications to the tunnel, rather than the connections to a list of addresses.
Split Tunneling for Home Use
You don’t have to be a business VPN user to benefit from split tunneling. Split tunneling can help you gain access to banned websites and services. It can also defeat location access controls on many websites.
You may have been driven to install a VPN because there is one site in particular that you want to get access to. For example, you can access TV station websites over the internet. However, those sites ban international access, so if you move abroad, you’ll need a VPN to get in. In this example, you would include all video streaming services in the tunnel. Thus, whenever you access one of those sites, you’ll appear to be in your home country. As such, you’ll be able to get around the location restrictions that previously locked you out. All of the other sites that you access, such as news sites and your webmail, don’t lock you out because of your location, so you can access those outside the tunnel.
VPNs for Split Tunneling: Conclusion
Split tunneling is a relatively obscure facility. Very few VPNs implement it. As you can see from our list, some VPNs only offer split tunneling on their implementations for a few operating systems and not all types of devices. ExpressVPN has the easiest-to-use implementation, but that is only available for its Mac-based apps. AirVPN’s split tunneling facility is probably the most comprehensive, but it requires the entry of IP addresses, rather than the names of apps.
If you’re a telecommuter, implementing a split tunnel will help you protect your work connections, while letting your everyday apps run as usual. If you want to get into overseas video streaming services, you’ll need the VPN for that traffic, but not for the rest of your apps. The services on our list of the five best VPNs for split tunneling all offer money-back periods, or free or cheap trial periods, so you can give any of them a try at no risk.
Best VPNs for Split Tunneling: Side-by-Side Summary
- Our Score
- Visit Site
- $6.67PER MONTH
- $3.25PER MONTH
- $1.66PER MONTH
- $4.82PER MONTH
- $4.08PER MONTH
Image Credit: Vladislav Lazutin/Shutterstock.com