What is VPN Split Tunneling?
VPN split tunneling is a feature that lets you decide which apps or websites route through the VPN tunnel and which connect directly through your regular internet connection. Without split tunneling, all your traffic goes through the VPN. With split tunneling, you can send some traffic through the VPN (for privacy and security) while other traffic bypasses it (for speed and direct access).
This solves a common VPN problem: when you connect to a VPN, your local network devices (printers, NAS drives, smart home hubs) become unreachable because your traffic is rerouted through a remote server. Split tunneling lets you keep local network access while still protecting internet traffic.
How Split Tunneling Works
Your device normally sends all traffic to one network gateway: your router, which connects to the internet. When you connect to a VPN, a new virtual network interface is created and all traffic is redirected to that interface, which routes through the VPN server.
With split tunneling, your VPN client sets routing rules that say: traffic to these destinations goes through the VPN interface, and traffic to these other destinations goes through the regular interface. Two simultaneous connections, different traffic on each.
There are three common implementations:
App-based split tunneling: You specify which applications use the VPN. Example: your browser routes through the VPN, but your banking app connects directly.
Address-based split tunneling: You specify IP ranges or domains. Example: all traffic goes through the VPN except 192.168.x.x (your local network).
Inverse split tunneling: The default is no VPN; you specify which apps or addresses should use the VPN. Useful when you only need the VPN for specific services.
When Split Tunneling is Useful
Local network access: You want to print to your home printer or access a NAS drive while connected to a VPN. Without split tunneling, local network traffic is unreachable. With split tunneling, you route local traffic (192.168.x.x range) directly.
Work VPN plus personal browsing: Your employer's VPN routes all your traffic through company servers. You want your personal browsing to go through a commercial VPN for privacy. Split tunneling on your personal VPN lets you route work traffic through the work VPN and personal traffic through NordVPN or similar.
Streaming from home while abroad: You use a VPN to access home-country streaming services. But when you browse or check email, you do not want the VPN adding latency. Route streaming services through the VPN, everything else direct.
Gaming: VPNs add latency to gaming. Split tunneling lets you play games with a direct connection while keeping browser traffic through the VPN.
Which VPNs Support Split Tunneling?
Most major VPNs support split tunneling on Windows and Android. iOS support is more limited due to Apple's restrictions on network extensions.
NordVPN: Split tunneling available on Windows and Android. Not available on iOS or macOS. App-based: you choose which apps bypass the VPN.
ExpressVPN: Split tunneling on Windows, macOS, Android, and Linux. App-based split tunneling with an option to specify which apps use the VPN and which bypass it. Not available on iOS.
Surfshark: Split tunneling (called Bypasser) on Windows, macOS, and Android. Supports both app-based and URL-based rules.
ProtonVPN: Split tunneling on Windows, macOS, Android, and Linux. Supports both app-based and IP/domain-based rules.
Mullvad: Split tunneling on Windows, macOS, and Linux. App-based exclusions.
iOS limitation: Apple restricts VPN apps from creating fine-grained routing rules on iOS. True app-based split tunneling is not available on iPhone or iPad for most VPN providers. The on-demand rules feature (auto-connect on specific networks) is the closest iOS equivalent.
Split Tunneling and Security Considerations
Split tunneling reduces your security guarantees. If your browser is protected by the VPN but your email client connects directly, emails can be correlated to your real IP address. Attackers who monitor your unprotected traffic can still build a profile of your activity.
For most people this tradeoff is acceptable: the goal is specific protection (streaming geo-unblocking, local network access) rather than comprehensive anonymity. But if your goal is to hide all internet activity from your ISP or network administrator, do not use split tunneling. Route all traffic through the VPN.
Do not use split tunneling in high-security environments: corporate networks with sensitive data, connections from countries with active surveillance, or any situation where complete traffic isolation is required.
How to Set Up Split Tunneling
The exact steps vary by VPN app, but the general process:
- Open your VPN application
- Go to Settings or Preferences
- Find Split Tunneling, Bypasser, or similar
- Enable the feature
- Choose your mode: which apps or addresses bypass the VPN, or which apps must use the VPN
- Add the apps or addresses you want to configure
- Connect to the VPN
For local network access specifically: add the IP range 192.168.0.0/16 to the bypass list. This lets all local network devices communicate normally while all internet traffic routes through the VPN.
The Bottom Line
Split tunneling is a powerful feature that makes VPNs more practical for daily use. It solves the most common frustration (losing local network access) and lets you control exactly which traffic gets VPN protection. The tradeoff is reduced privacy for the unprotected traffic, which is acceptable for most use cases but should be understood before enabling it.