Since their inception, Virtual Private Networks have seen a major overhaul in terms of security features, functionalities, and protocols. While the base of a VPN service is the same and relies on 256-bit encryption to function, other features make it more reliable, secure, and safe. One of these advanced features is split tunneling.
It is often found in premium providers and goes under the radar of many people who don’t know what is VPN split tunneling. Little do they know, this feature is quite handy and can help you in many ways.
Today, we’re going to discuss split tunneling in VPNs, explain how it works, mention types of split tunneling, and present our top 3 providers with this feature on the list. If you want to use this feature and you don’t know how, well, now is a good time to learn something new.
What Is Split Tunneling? (Definition)
To explain what is split tunneling and how it works, we first need to remind ourselves about how a Virtual Private Network works. This service changes your IP, encrypts your connection, and routes it through a virtual tunnel, which makes it untraceable by your ISP, hackers, and other online entities.
Many people call it an encrypted tunnel and think of it as a completely different lane on the road. Imagine having several lanes where people drive, yet, you’re driving in a lane completely wrapped in a tunnel, separate from the others, where no one can see you.
That is what a VPN will do for you – encrypt the connection with 256-bit encryption, making sure no one can trace your browsing activities and find your identity. This is done by connecting to a server in another country, where you get assigned an IP address from that server.
Just to make it clear, this is done “globally” which means your ENTIRE connection is affected.
Now, split tunneling allows you to exclude certain apps from the VPN tunnel. Not only apps but we’ll talk more about it later. By enabling split tunneling, you can choose which apps will use the Virtual Private Network and which will bypass it and not take advantage of it.
For example, if you have a banking app, you will not need to use a VPN. This app is probably linked to your location and signing in as if you’re located somewhere else will make the app see you as a bot or hacker, which can prevent your access.
In this case, you can exclude this app from using a VPN tunnel so that it uses your native IP address, which is necessary for the banking app to function. On the other hand, you don’t want to exclude your uTorrent client from using a Virtual Private Network to ensure safe and anonymous torrenting.
Types of Split Tunneling
When it comes to VPN split tunneling, you should know that there are a couple of types of this feature. While they all work the same – more or less – they’re different in terms of their “area of effect.” Here’s what I mean by that.
App Split Tunneling
The most common type of VPN split tunneling is the one that affects the applications. We’ve seen this feature in ExpressVPN or Surfshark, for example, but NordVPN offers it as well. In fact, of all providers that offer this feature, I’d say 9/10 offer this type.
Conversely, this type of split tunneling is very easy to set up, as you just need to enable the feature and then list all the applications you want to be excluded. Most of the time, the VPN will detect the installed apps on your computer/phone, so it’s a matter of clicking on the app to apply the effect.
If the app isn’t on the list, you can search for it on your computer and add it to the list regardless, which is quite handy if the VPN doesn’t detect it. Some providers allow you to apply split tunneling in reverse i.e. to ALLOW only a handful of apps to use a Virtual Private Network.
ExpressVPN, for instance, lets you do that, letting you allow only a small portion of your apps to use a VPN tunnel. This, of course, isn’t recommended as other apps can be used as a backdoor for hackers and snoopers looking to steal your data.
Website/IP/Domain Split Tunneling
Another type of VPN split tunneling applies its effect on websites, or if you want – IP addresses and domains. ExpressVPN and NordVPN don’t offer this type, instead, you get only app split tunneling, which can exclude your web browser from using a tunnel but not particular sites.
CyberGhost, on the other hand, offers something called Exceptions, which lets you exclude URLs. The great thing about it is that it’s extremely easy to use, as you just need to copy and paste the URL of the site into the app and click on Add.
In doing so, you’ll always visit this site using your native IP address without routing your connection through a VPN server. However, this type of split tunneling doesn’t affect your applications, so you can’t exclude games or banking apps, for example, although you can exclude your banking site if you want.
Device Split Tunneling
Device split tunneling is even less common and if you’re using a VPN service on your computer, smartphone, tablet, or any other “typical” device, you’ll never find it. That’s because this feature is available only when you use a VPN on your router.
ExpressVPN is known for this feature which perfectly complements its phenomenal router support. When you install a Virtual Private Network on a router, each device connected to that router will get protection, which is something you might not always want.
That’s where device split tunneling comes in. ExpressVPN lets you choose which devices to exclude, which still lets you connect to your WiFi router with these devices but without the added benefits of a VPN. Other devices you haven’t excluded will take advantage of a VPN, though.
This type of split tunneling is, as said, extremely rare, and aside from ExpressVPN, very few providers will offer it. That’s why, when I talk about router VPNs, I always recommend this provider as the #1 choice.
When Should I Use VPN Split Tunneling? And When NOT to Use It?
Using VPN split tunneling isn’t something you should always do because doing it with particular apps can seriously hinder your online privacy. That said, you should consider which apps, domains, and devices you should place on the list carefully.
In this part of the article, I will talk about several cases in which you should and shouldn’t use this feature.
When to Use Split Tunneling
Using split tunneling is a smart idea for applications that don’t need the advantages of a VPN service. If we take your banking app, as said, it’s most likely going to flag the new IP you got from a Virtual Private Network and detect you as a potential threat to your account.
In many instances, if a banking app detects an IP from another country, it can go as far as blocking your account completely until you go to the bank physically and explain it was you trying to sign in. That said, you shouldn’t allow your banking app to use a VPN as the potential for problems is high.
Another instance in which using split tunneling isn’t a good idea is food delivery and shopping. We all use food delivery on our lazy days but to be able to order stuff to your address, you shouldn’t alter your online location.
Instead, exclude the app from the tunnel for it to be able to see your location for delivery. Besides, a local food delivery or shopping site might not work with an IP from somewhere else, so it’s always good to use your native IP at least while shopping or ordering food.
Gaming: Should I Use this Feature?
Gaming is a scenario in which it can be hard to decide whether or not to use a split tunneling VPN. You see, some providers will decrease your performance when connected to them, which won’t have a positive effect on your gaming experience.
If you’re using a slow VPN, chances are you’ll experience high ping in games that will make everything sluggish and laggy. In this case, you should exclude your games to maximize performance but you’ll get no protection from DDoS/swatting attacks and you’ll have your IP exposed.
If you use a fast VPN like ExpressVPN, speed reductions will be brought to a minimum. In this case, you don’t need split tunneling for gaming because you’ll feel free to let it take advantage of a VPN due to no speed reductions and added protection against cyber attacks.
When Not to Use VPN Split Tunneling
In my recent article, I talked about a VPN kill switch and explained that you should pretty much always use it. However, when it comes to split tunneling, the situation is a bit different. I do not recommend using this feature whenever you need anonymity and privacy.
For example, if you’re often downloading torrents, you should never exclude your torrent client from using a VPN tunnel. Torrenting is unsafe and not only your ISP but also other peers who download the same file can see your IP address and location.
This is extremely dangerous from a privacy perspective and having in mind your ISP’s ability to spy on your downloads, you can easily get into unwanted trouble. Another case in which you shouldn’t use this feature is when you’re trying to access geo-restricted content.
If we’re talking about website split tunneling, you don’t want to prevent a geo-restricted site from using the IP-changing nature of a VPN. The same applies to watching foreign TV channels or unblocking online bookies abroad – none of these sites/apps should be excluded from using a Virtual Private Network.
One more thing. Many people use a VPN with Tor Browser. If you’re one of them and you’re looking to get on the dark web securely, never put Tor on your exclusion list while using split tunneling. This will prevent you from going on the dark web anonymously and remove the layer of VPN protection.
As such, you’ll be easy prey on the dark web, especially knowing that hackers are often lurking there. And with an exposed IP address, you’re gambling with your luck and just asking for trouble. In short – don’t use split tunneling in any of these cases!
Best Split Tunneling VPN Services
Split tunneling, despite being a prominent feature in the VPN industry, isn’t offered by all providers. For example, providers like Hola VPN, Opera VPN, and many others don’t offer it. In this case, however, we’re talking about free providers.
The bad news is that even some premium providers don’t offer this feature, so if you need it explicitly, think about your next choice. Or perhaps, you don’t have to think much because we prepared the 3 best split tunneling VPNs that you can use in 2024.
1. ExpressVPN
By far my favorite provider on this list is ExpressVPN. To be honest, this is my overall favorite VPN provider due to its high level of reliability, excellent performance, and top-grade security. As stated earlier, ExpressVPN comes with two levels of split tunneling, which is the best-case scenario.
On one hand, you have a typical app split tunneling functionality, working to block certain apps from going through an encrypted tunnel. On the other hand, you have so-called device split tunneling that you can use once you install ExpressVPN on a router.
Both of these are very handy, making this provider far more versatile than its competition. Not only that but these features work well, and coupled with 256-bit encryption, strong Lightway protocol, and an audited no-logs policy, you get an almighty VPN service that reigns supreme.
ExpressVPN is a great provider for streaming too and its 3,000 servers in 105 countries will help you bypass geo-blocks and access blocked sites effortlessly. As you can guess, it’s not free but there’s a noticeable 49% discount for the annual plan, with 3 free months on top of that.
The company even offers a 30-day money-back guarantee with no conditions, letting you get a FULL refund in the first 30 days. If you’re looking for the absolute best split-tunneling VPN, this is the one to go for.
2. CyberGhost
CyberGhost belongs to the same father company as ExpressVPN – Kape Technologies. Yet, this Romanian provider takes a different approach by including split tunneling for websites and not applications, which can also be useful.
Here, this option is called Exceptions and lets you exclude certain domains from using a VPN. It works reliably and is easy to use, allowing even newcomers to get into it effortlessly. CyberGhost is feature-rich in terms of security and privacy.
It sports a no-logging policy which comes with transparency reports for added trustworthiness. Moreover, there’s AES-256 encryption, an ad blocker, and even support for WireGuard, helping you achieve the best possible performance and speeds.
CyberGhost offers dedicated torrenting and streaming servers too. They’ll help you for obvious purposes, and so will NoSpy servers that aim to increase your level of anonymity. Compared to ExpressVPN, CyberGhost is definitely much cheaper.
This is even further accentuated by its 45-day money-back guarantee for all long-term plans. A commodity like this is rarely experienced in a VPN service, but in this case, you can enjoy up to 45 days of risk-free use and get a refund if you want.
3. NordVPN
My final choice for today is NordVPN. NordVPN is known for a myriad of quality features that are updated frequently, such as its awesome NordLynx protocol. This provider offers split tunneling too and it works only for apps as opposed to the website split tunneling feature in CyberGhost.
Regardless, this feature works wonders and you’ll have zero issues with it. Once you add the app to the list, it’ll never use your VPN connection, which is useful for banking apps and other situations where you don’t need to alter your IP address to another country.
NordVPN follows up this feature with Threat Protection for keeping malware, viruses, and ads out of your system. There’s this Meshnet feature for secure LAN parties, and I like Dark Web Monitor for detecting your password/email leaks online.
The provider also offers a no-logging policy and you get VPN split tunneling on pretty much all devices. NordVPN offers 6 simultaneous connections on one subscription and its 24/7 support through live chat is perhaps among the best in the business.
Price-wise, it sits between ExpressVPN and CyberGhost, so you can say it’s affordable. Its 2-year plan is my choice and all plans are sprinkled with a 30-day money-back guarantee, making it easy to get reimbursed if you’re dissatisfied.
Free VPNs With Split Tunneling
When discussing split tunneling, you should know it’s usually located in premium VPNs. Besides, this isn’t a mandatory feature like AES-256 encryption or a kill switch. However, that’s not to say that free VPNs don’t offer split tunneling – at least some of them.
To be clear, we don’t recommend using free services, especially when pitted against paid VPNs. They’re bandwidth-limited, much slower, and incapable of streaming and torrenting. Again, exceptions to the rule are there but with these providers, you’re always at a disadvantage.
You should especially be careful with 100% free services like Hola or Urban VPN. These offer unlimited traffic and a lot of servers only to store logs on the other side. In doing so, they violate your privacy and make you easy prey for third parties and hackers to steal your data.
To counter this, we found two free VPNs with split tunneling that can be decent.
Atlas VPN
Atlas VPN offers a phenomenal paid service at incredibly cheap prices. However, you also get a free version with a heap of security features. One of them is split tunneling which you can use on Android but not on other platforms for some reason.
Still, Atlas VPN’s split tunneling functions well. You can select which apps to route through the tunnel and which to exclude. From there, the settings are immediately taking effect and you’re all set. Atlas, on the flip side, limits you to 5 GB of bandwdith a month – critically low.
Another downside is that it’s not the best for streaming, as it can’t unblock many Netflix catalogs. At least, you can enjoy 256-bit-AES encryption, WireGuard support, and a kill switch. But its premium version offers way more in terms of an ad blocker, MultiHop+, and SafeSwap servers.
ProtonVPN
ProtonVPN comes with no traffic limits. Alas, it’s slower than Atlas, using only 3 server locations with 1 Gbps servers. We’re talking about Japan, the US, and the Netherlands. The good thing is that ProtonVPN has split tunneling that you can use for free at any time.
You can route only specific apps or domains through the tunnel to make sure you’re safe online. Aside from that, ProtonVPN has WireGuard plus bank-grade encryption. We also like its features like a VPN Accelerator, port forwarding, and a kill switch.
The free version can’t block ads and doesn’t include Secure Core servers. But hey, it’s free, and as said, you’ll always have some limits. One of the most annoying ones is an inability to download torrents. You can counter this by buying ProtonVPN and unlocking everything.
Bottom Line
So, what did you learn about split tunneling VPNs and this feature in general? For one, this feature is useful when you don’t want the Virtual Private Network to “interfere” with certain applications that won’t take advantage of it.
Second, split tunneling, when enabled, prevents particular apps, domains, or even devices from using a VPN, which is its main definition. This feature isn’t mandatory, so to speak, and you won’t find it in every VPN, especially free services that usually don’t offer it, except for a few of them.
The best split tunneling VPNs include ExpressVPN, CyberGhost, and NordVPN. If you think you need this feature, you should choose according to your needs. I recommend ExpressVPN due to its app and device split tunneling that you can use on a router.
However, if you need a provider to block certain sites from using a VPN and you don’t want to restrict the entire apps, CyberGhost’s Exceptions will do the job. NordVPN offers the app split tunneling, but being cheaper than ExpressVPN, it’s a formidable money-saving option.
Frequently Asked Questions
Let’s finally answer a few relevant questions regarding the subject matter.
Can I use split tunneling on my phone?
It is available on mobile devices too, although mostly on Android. Many providers offer this feature primarily on desktop platforms but some of them even go as far as offering it only on mobile platforms for some reason.
If you want to use split tunneling on your phone, I recently tested IPVanish, a VPN that offers this feature on Android. ExpressVPN, NordVPN, and CyberGhost limit their split tunneling functionalities only to desktop users.
Is using split tunneling going to affect my anonymity?
Well, it is going to affect it in a way. That’s because the apps that aren’t using a VPN tunnel are still not secured and this could be a backdoor for a snooper or hacker who wants to steal your data. Therefore, it’s easy to see why exercising caution with split tunneling is recommended.
As a rule of thumb, we usually recommend not using this feature while using an untrustworthy network. For example, when connected to public WiFi, do NOT use this functionality. Instead, focus on encrypting your entire connection and securing it fully to avoid cyber attacks.
How to use VPN split tunneling?
As explained previously, this feature can be used in a few simple steps:
- Enabling split tunneling in the Settings menu.
- Adding apps/domains on the list of apps/domains that won’t use a VPN.
- Applying the settings you put in place.
If you’re using ExpressVPN and you want to apply device split tunneling on a router, the process is a bit more complex but the provider offers full in-depth tutorials for this scenario. For “normal” cases, the process is always the same and doesn’t require you to be tech-savvy to figure it out.