- Split tunneling on your VPN can help secure your organization’s networks without slowing your team’s internet access.
- Split tunneling can help your remote employees enjoy faster internet, but it can also introduce potential security concerns.
- Enable split tunneling for specific features to allow your VPN to filter data from certain sites or applications.
- This article is for business owners who want to allow employees to access work data safely while increasing internet speeds.
If you’re managing a remote workforce, you need a way for your team to access in-office networks securely without compromising them. Virtual private networks (VPNs) provide some of these benefits, but they encrypt all website traffic, slowing down internet connections. If you’re wondering about how to set up a VPN in the first place, learn about that in our how to guide to setting up a VPN.
Split tunneling is a feature that gives VPNs dual functionality, securing online activity while providing fast internet access. Let’s explore how split tunneling works as part of a VPN and how utilizing split tunneling can serve your organization.
What is split tunneling?
Split tunneling is a VPN feature that divides your online data into two routes. One path goes through an encrypted tunnel, while the other goes directly through the usual internet. In most cases, you can decide which applications to send through the VPN and which ones to route directly to the internet. This division allows you to protect your most important data while running your other internet activities at optimal speeds. [Follow these tips to improve your small business’s cybersecurity in an hour.]
How does split tunneling work?
VPN split tunneling essentially gives you two internet connections at once. It takes some of your data and routes it through the VPN before sending it to the internet. The rest of the data skips the VPN and uses the regular internet connection.
Without split tunneling, a VPN takes all of your online activity through its secure network to protect and avoid network security threats and data breaches. But you might not want all of your data to run through the encrypted tunnel. With split tunneling, you can decide to route only some of your data through the VPN.
Split tunneling uses access control lists (ACLs). These configurations act as data gatekeepers that determine which connections the VPN should allow and which ones it should send directly to the internet. They are the operating mechanism of any split tunnel.
Tip: If you’ve been hacked and need to recover from a data breach, immediately stop using any compromised equipment, back up your critical data, and consult a forensic specialist who can analyze precisely what happened.
Types of split tunneling
There are several methods of VPN split tunneling that can secure your organization’s networks and improve your employees’ web speeds.
Inverse split tunneling
Typically, you must determine which data categories you want to route through your VPN. That likely means you’ll select applications or programs that process and transmit sensitive data. Inverse split tunneling is the opposite of this approach.
With this process, the system initially sends all of your data through the VPN. You can then specify which data you want to bypass the secure network and run directly to the internet.
For example, if you use your VPN primarily while doing work-related tasks, you might send all of that data through that network. You can choose to run any other information, such as internet browsing activity, on the standard internet connection.
App-based split tunneling
Instead of working with specific data, app-based split tunneling determines which data to send through the VPN on a per-application basis. Users can add entire applications to the system list, and the service will regard them as potential sources of sensitive data. The VPN will then run all data from those applications through its network to keep the information secure.
URL-based split tunneling
With a URL-based approach, you can instruct your VPN to process data only from specific websites. When you access these websites, the VPN encrypts all of your activity through the private network for the duration of those visits. In most cases, the VPN will require a browser extension for URL-based split tunneling.
For example, let’s say you want to check your online stock portfolio while on a coffee shop’s public network. In that case, you might add the trading platform’s website to your VPN’s security list. Your VPN will then use your browser extension to determine if the website you’re visiting is one it should route through its network.
Dynamic split tunneling
Dynamic split tunneling adds another layer that determines what data is routed through (or around) the encrypted tunnel. Instead of only using ACLs to permit or deny data entry to the VPN, dynamic split tunneling also uses the Domain Name System (DNS). This way, it can read domain names and determine what traffic to protect.
Tip: If you’re accessing the internet on a Wi-Fi connection, use Wi-Fi Protected Access 3 (WPA3), a form of computer encryption for protecting wireless connections.
The benefits of split tunneling
The number of people working from home has skyrocketed since the beginning of the pandemic. Many employees must remotely access their work systems and networks. With VPNs and split tunneling, team members can gain the speedy remote access they need while maintaining your company’s security.
- Decreased bandwidth usage: Most VPNs have a maximum bandwidth allotment. A split tunneling setup gives you more control over how much data your VPN is transmitting and receiving. The network only processes specific amounts of data, freeing up space within the VPN.
- Higher internet speeds: By conserving bandwidth, split tunneling allows your VPN to process data faster, since you’re not forcing all your traffic through one tunnel. This benefit can be especially favorable to employees who are working remotely. With this system, remote employees can more easily use their work PCs from home without lowering their internet speeds.
- Control over VPN traffic: Split tunneling lets you determine what data or website traffic should be transferred through your VPN and what data should bypass it. For example, you might want to encrypt activity on a website that handles your credit card information. On the other hand, you might want to watch or download an industry presentation. This activity requires a lot of data and doesn’t require special encryption. For these reasons, you might decide to let it skip the VPN and use a standard internet connection.
- Simultaneous access to multiple networks: In addition to securing your online activity, VPNs can access websites unavailable to users outside a specific location. With split tunneling, you can access geo-blocked sites through your VPN while accessing local services through your regular internet connection. You might, for example, want to research a product that’s only available in another country. But at the same time, you want to comb through local survey data. Split tunneling allows you to do both of these activities simultaneously.
- LAN connection maintenance: Many office devices, such as multifunction printers, fax machines and file servers use local area network (LAN) connections to connect to your PC. When using a VPN, the network might restrict access to these connections. Split tunneling allows you to route the connections to these devices outside the VPN and directly to your PC.
Key takeaway: Some advantages of split tunneling advantages are faster internet, multi-network access and easier printer access.
The disadvantages of split tunneling
While split tunneling can bring several benefits to your VPN service, you should also consider a few disadvantages before enabling it.
- Privacy risks: When you enable split tunneling, you’re telling your VPN to encrypt only some of your web data and traffic. This setup leaves the rest of your online activity exposed to hackers, since standard or public internet connections lack cybersecurity features.
- Detailed setup: Using dynamic, app-based or URL-based split tunneling can take work. You’ll have to add each link and domain to your VPN’s list manually, so it knows which connections to encrypt and which to omit. You’ll also need to be thorough. Forgetting to add specific sites to your VPN could mean exposing crucial traffic.
- Limited availability: The split tunneling feature isn’t available with all VPN services. Some split tunneling features only work with specific operating systems. When shopping around for a VPN, look for options that offer split tunneling features compatible with your device’s software.
How to enable split tunneling in your VPN
Before you implement split tunneling, you’ll need to pick one of the best VPN services with this capability. Additionally, VPNs offer varying levels of split tunneling support. Make sure your service allows for the type of split tunneling (dynamic, inverse, URL-based or app-based) you want to activate.
To learn more about VPN services that include split tunneling, check out our reviews:
- ExpressVPN review
- Hotspot Shield review
- NordVPN review
- IPVanish review
- PureVPN review
- CyberGhost review
- Surfshark review
Once you’ve confirmed that your VPN offers split tunneling, check the service’s Settings tab to see the available options. Within the split tunneling menu, you can enable the feature and choose which data you want to include in – or exclude from – the VPN. You may have to restart your VPN connection to activate split tunneling.
With split tunneling enabled, you can further enhance your online security and protect your work networks. Your team will also enjoy a better online experience. The advantages could be worth the drawbacks.