What is a Split Tunneling VPN? And the 5 best split tunnelling VPN services

What is Split Tunnelling?

Virtual Private Networks (VPNs) have many uses, from accessing content restricted by region to securing information and maintaining privacy. In all cases, the VPN acts as a ‘tunnel’ that encapsulates data passing between the client computer and the remote VPN server.

Split Tunneling is a feature that lets the user select specific traffic to be pushed through a VPN server, while the remaining data is handled by the Internet Service Provider (ISP) as it normally would be. Picking and choosing these exceptions creates what is known as interesting traffic.

Why Do I Need a Split Tunneling VPN?

VPNs help to secure internet traffic through an encrypted tunnel, protecting data from prying eyes. This is undoubtedly useful in a lot of cases, but can, unfortunately, be an inconvenience in others. VPNs can often have a considerable bottleneck on bandwidth as all traffic is automatically transmitted, ultimately slowing internet-based tasks down and preventing users from accessing LAN devices such as printers when connected.

Controlling interesting traffic allows users to connect the necessary devices or applications to a VPN, simultaneously remaining linked to their local network to access connected LAN devices. This is the best of both worlds, as some programs can utilize the security and features that only a VPN can provide, while others benefit from full internet speeds.

Consumers might very well want to access the American version of Netflix or download files safely with a remote VPN without sacrificing bandwidth when surfing the local web. It can also be beneficial to those utilizing online banking, which already ensures anonymized data and could potentially flag an unrecognized IP as suspicious. Although there are some VPN services that cater to gamers, latency-sensitive applications such as video games also benefit from the exemption.

Split tunneling is also prominent in the business world, specifically for remote workers that need access to professional services from an unsecured network, such as the home. It allows them to keep webmail private and secure while indulging in personal activities like streaming music from Spotify.

Can You Use a Split Tunneling VPN on Mobile?

Mobile VPNs are particularly favorable among Android and iOS users concerned about privacy, especially as an increasing amount of applications set the location as a requirement of usage. They can even help gamers in territories where mobile games are facing scrutiny, with Pokémon Go receiving a ban in Iran and PUBG Mobile outlawed in various Indian cities, Iraq and China (pending alterations to the title’s bloody elements). The United Kingdom, in particular, is likely to see a boom in demand in the near future when the local government implements its controversial porn ban.

Sadly, VPNs can increase data usage from anywhere between 5% and 15% depending on the size of the encryption applied to the transmission. Like their desktop counterparts, split tunneling on mobile allows users to circumvent these restrictions without limiting the performance of their entire handset, reducing the amount of data used by omitting certain applications from using the VPN.

Types of Split Tunneling

Although traditional split tunneling routes all traffic through the ISP by default, requiring a user to manually choose what runs through the VPN, there are a number of other types available. Inverse split tunneling reverses the standard by pushing all information through the VPN by default. Otherwise known as “split-exclude,” users can utilize inverse split tunneling to customize what traffic is exempt from this.

Users with a bit of know-how or the desire to learn can instead opt to cover all devices within a home or business at once with a DD-WRT VPN service placed directly on the router. IP-based routing usually dictates that an information packet goes directly to its destination, but network administrators can use policy-based routing as a form of split tunneling. This changes the routing table based on alternative criteria, including the size of the packet and other information in the payload.

Is Split Tunneling Secure?

The benefits of split tunneling are clear, but the feature isn’t without its detractors. Although all transmissions sent through the VPN receive the same protection whether split tunneling is enabled or disabled, some businesses fear that the unsecured tunnels could act as a gateway for an attacker or malware to hit sensitive networks. This continues to be debated in the industry to this day.

In the consumer space, it is simply recommended that the user doesn’t use split tunneling when on a public or unsecured network.

5 Best Split Tunneling VPN services

1. ExpressVPN

ExpressVPN stands as the best split tunneling app, supporting the feature on Mac OS X, Windows, iOS, Android, and even directly onto the router. Split tunneling is relatively easy to find on most devices in the “Settings” menu, although this is a little more tucked away in “Options” for those on Windows and “Preferences” for those on Mac. Once the user has chosen to allow or disallow apps using the VPN, they are presented with a checklist of applications by name, or the ability to manually navigate their files. Those using router implementation can also easily split tunnel per-device.

Currently, ExpressVPN houses 160 servers across 94 countries across Asia Pacific, Europe, Americas, Middle East and Africa, while being based in the British Virgin Islands. You get what you pay for with its higher price tag thanks to its ability to penetrate most restrictions, including Netflix. Its refusal to log personal data also makes it a prime candidate for those wanting to engage in peer-to-peer (P2P) downloads, such as torrents.

2. PureVPN

PureVPN offers applications across a range of operating systems, including Windows, Android, Mac OS X, macOS and iOS. Unfortunately, Apple fans are still waiting for split tunneling as the feature is currently only available on Windows and Android devices.

Based in China, those that do wish to purchase PureVPN are likely to be impressed by its price point compared to competition, particularly as it grants access to over 2000 servers across 141 countries. It has a respectable multi-login count that allows up to 5 devices to be connected at once and an Internet Kill Switch, which protects information by automatically shutting down all online activity should the VPN server unexpectedly disconnect.

3. Ivacy

Ivacy is regularly recognised for its achievements within the VPN sector and as luck would have it, the service is a pioneer in split tunneling. Apple users have sadly been snubbed once again, but the feature is available on a wide range of Windows and Android devices.

The VPN is based in Singapore and has more than 1000 servers across 56 countries and prides itself on complete privacy by keeping no logs on its users. Ivacy automatically optimizes its settings based on the tasks of its user, helping to preserve its title as one of the fastest VPN services out there. Should anything go wrong with the server, there is a built-in kill switch that is ready to shut down online activity to ensure protection.

4. AirVPN

AirVPN’s Eddie isn’t the prettiest client out there, but it does offer split tunneling across Windows, OS X, macOS, and Linux thanks to its ‘Routes’ tab. This is nestled away in Preferences on the desktop application and it requires users to manually input the IP/Host/Range instead of selecting from a list of names, but it does allow for a wide range of customised protocols.

Italy isn’t the strongest location to be based in, but the service covers number of servers across 21 different countries. AirVPN boasts that all of these servers match the same premium quality as one another, as the company opts for performance rather than “another flag” to brag about. The company also refuses to keep logs, making P2P an option and has been known to evade Chinese restrictions.

5. ibVPN

You can use the ibVPN app or the third party OpenVPN GUI interface with this service. Split tunneling is implemented in the OpenVPN GUI interface, and not in the ibVPN app. In order to use the split tunnel you need to edit the configuration file for the OpenVPN GUI. Although this task is a little technical, there's a page on the ibVPN website that explains how to do it. The split works on a split-exclude basis and you have to enter the IP addresses of the websites that you want to exclude from the tunnel.

As an alternative method of splitting your traffic routing rules, you could use the ibDNS service instead. This is a Smart Domain Name System (DNS) service that selectively routes you traffic through a proxy automatically, without you having to nominate destinations for the split. This service focuses on diverting requests to video streaming services and other location-restricted sites. This is an encrypted service, so it is more secure than a standard Smart DNS, but not as safe as a full VPN.

Is Split Tunnelling difficult to set up?

Although there are still many services that don’t include the feature, split tunneling with a VPN has never been easier. Native support for split tunneling means that users don’t need to manually configure operating systems to be able to customize what they want from their VPN. It’s simply a case of setting up the VPN on Windows, Mac, Android or iOS and heading into the settings.

Written by: Damien Mason

Damien is ProPrivacy’s latest expert reviewer with over 2 years’ worth of technical writing under his belt. Originally setting out to be a screenwriter, he turned his attention towards computers thanks to his lifelong love of video games. Whenever he’s not embracing the classics like The Legend of Zelda or Metal Gear Solid, he can be found climbing the ranks on Rainbow Six Siege.


  1. sal

    on July 7, 2018

    I like how PureVPN's tag line is "World's Fastest VPN Service" and directly underneath that the one con is "Some servers are slow", lol

    1. Douglas Crawford replied to sal

      on July 9, 2018

      Hi sal, Nice spot. Stephen is no longer with us, and an error has clearly crept in. Looking at our latest sped test results, PureVPN turns in a very respectable result, but is certainly not the “World’s Fastest VPN Service”. I have updated the page to reflect this.

  2. Kevin

    on May 30, 2018

    ExpressVPN ONLY does split tunneling for Windows and mac. Not android or linux.

    1. sal replied to Kevin

      on December 2, 2018

      "ExpressVPN ONLY does split tunneling for Windows and mac." and it is currently very hit and miss with Windows. With Win 10 1809 there is a problem with several VPN app's split tunneling feature. ExpressVPN at least acknowledges that it is a problem and are working on it. Ivacy's support is absolutely clueless. Microsoft has acknowledged this: https://support.microsoft.com/en-us/help/4464619/windows-10-update-history Scroll down to November 16, 2018 4:15 PM PT "After updating to Window 10 version 1809, F5 VPN clients may lose network connectivity when the VPN service is in a split tunnel configuration. Workaround: To mitigate this issue, you can manually configure your systems to force all traffic through the VPN tunnel. " ExpressVPN's tunnel failed for me immediately after upgrading to Win 10 1809 and they have yet to provide a solution.

    2. Douglas Crawford replied to Kevin

      on May 30, 2018

      Hi Kevin, Given that only AirVPN and Mullvad have full clients Linux clients, that is hardy surprising (ExpressVPN does have a Linux client, but its very basic and command-line only).

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.