Split tunneling is a VPN feature that allows you to connect to certain web resources outside of the secure connection without changing network settings or turning off the VPN. For example, split tunneling allows you to connect to a remote desktop through your VPN while also connecting to social media directly.
Types of split tunneling
Split tunneling can be set up for the following resources:
- Websites
- Apps
- Devices, e.g., to use a VPN on a desktop computer while also connecting a video game console to the Internet directly. In this case, a VPN client with split tunneling must be installed on a router or a network gateway.
There are several options for setting up split tunneling:
- A secure VPN connection is only used for a given list of apps, websites or devices.
- By default, all data is transmitted through the VPN tunnel, but you can indicate websites, apps, or devices that are allowed to use an insecure connection.
- A VPN client, i.e., a program that establishes a secure connection, uses a set of rules and policies to identify how to connect to a given resource once a user attempts to connect to it. This type of split tunneling is called dynamic split tunneling.
Advantages of split tunneling
Split tunneling allows you to:
- Save on VPN traffic
- Prevent bottlenecks when all the traffic passes through the VPN tunnel
- Avoid disabling your VPN when you need to connect to resources that require fast data transfer, or to a local network that may not be available via VPN.
Security of split tunneling
Though distributing traffic via split tunneling is more secure than not using a VPN at all, this technique imposes certain risks.
- Split tunneling allows you to bypass the security features of your VPN, i.e., websites to which you connect directly will detect your real IP address.
- Business users with split tunneling enabled can bypass corporate security policies and systems. When an employee connects directly to a malicious website from a remote device, the company won’t be able to detect the event and restrict access to this resource. In addition, the company won’t be able to track whether any sensitive information from the employee’s device is being sent outside the VPN to a third-party server.
- If you set up split tunneling improperly, you can mistakenly send sensitive information over an insecure connection.