Split tunneling in VPN is a feature that allows you to direct Internet traffic through different tunnels. You can choose which tunnel your Internet traffic is routed to, for each application or for each website.
For example, consider a situation where you want to communicate with devices on your local network while keeping your Internet traffic encrypted. An even more common problem is when you need more bandwidth for a few applications but you want to encrypt the Internet traffic for the rest of your applications.
Split tunneling essentially gives you more control over how your data is transmitted. You can choose either a relatively slower and more secure tunnel, or a faster and less secure one.
To understand why encrypted tunnels are slower, you need to know how split tunneling works in a VPN.
How does split tunneling in a VPN work?
When you connect to the Internet and try to access a website, your device establishes a connection directly to the website server. There are no middle connection here, and the speed of your connection will be whatever your ISP.
When you connect to the VPN, your device first connects to the VPN server, which then establishes a connection to the website server. VPN server encrypts the data before transmitting it further. Since your data now has to go through an intermediary, this slows down the speed of your connection. This is where split tunneling provides the most value.
Split tunneling helps you find the right balance between security and speed because it allows some traffic to pass through the secure and slower tunnel, and other data through the unencrypted tunnel.
Split tunneling types
Note that VPNs allow you to choose applications for which you can use a VPN and applications for which you cannot.
While it may seem like you can choose either one and move on, you’re better off choosing one option over the other. Let’s dig in a little bit about the types of split tunneling and discuss which option you’re better off with.
Inverse split tunnelling
This is the method you should ideally use. Inverse split tunneling, simply put, means that you use the VPN for all applications or websites except those for which you have added an exception.
You can connect bandwidth-hungry applications directly to the Internet while keeping the rest of your traffic encrypted.
App-based or website-based split tunneling
App based split tunneling is the opposite of inverse split tunneling. Instead of whitelisting applications or websites, you configure your VPN application to focus only on a few applications, such as online banking applications or torrent clients. The rest of your traffic flows through your normal internet connection without protection.
Is split tunneling safe?
There is nothing dangerous about split tunneling if you know what you are doing. Some people argue that split tunneling might compromise the overall security that a VPN provides, but frankly, this is not an argument.
Although any traffic that passes through a VPN tunnel is always secure, split tunneling mishaps are often due to faulty configuration. For example, if split tunneling is configured incorrectly, it can allow intruders to access your information.