Today we’re going to talk about the best VPNs with split tunneling. By the time we are done, you’ll know how split tunneling works, why you might need it, why you might not want to use it, and the names of some top VPNs that include this feature. Let’s get right to it, shall we?
What is split tunneling with a VPN?
Normally, when you turn on your VPN, all message traffic between your device and the VPN server flows through the VPN’s encrypted tunnel. This is how a VPN fulfills its promise of securing your communications from snooping by your ISP, or anyone else who wants to spy on your online activities.
Split tunneling is a VPN feature that lets you send some message traffic through the VPN’s encrypted tunnel while other traffic goes outside the VPN. That might sound crazy. After all, you are paying good money to make sure your message traffic is safely encrypted. Why in the world would you want to have some traffic travel outside the secure tunnel?
Why you might need split tunneling
There are actually several reasons why you might need to use split tunneling. We can break these down into four types of needs (in no particular order). You might have:
- A need for speed
- A need for local connections
- A need to avoid blocks
- A need to go to work
Let me explain each of these now.
1. Split tunneling for speed
As you know, VPNs provide many benefits. In most cases, however, speed isn’t one of them. To understand why, let’s take a look at what happens when you communicate with a website or internet service without using a VPN.
When you communicate with a website or internet service through a VPN, communication can slow down, even with the fastest VPN. Every time a message goes out from your device, this is what happens to it:
- The VPN software on your device or router encrypts the message before sending it out onto the internet.
- The message arrives at a VPN server.
- The VPN server decrypts the message and replaces your IP address with its own before sending the message through the internet to the destination.
Regardless of the speed of your internet connection, the physical distance between your device and the destination, and any other considerations, all this extra encrypting and decrypting takes time. The result is an increase in the latency of the connection. Note that the latency of the connection and its bandwidth are two different things.
Bandwidth is how much data your internet connection can move per second. For example, a 100 Mbps internet connection can move 100 million bits of data per second.
Latency is the amount of time it takes for a message to travel from your device and for a response to return to your device. A latency of 50 ms means that it takes 50 milliseconds for a message from your device to travel to its destination and a response to return.
Note: Latency is also referred to as ping or ping time.
Bandwidth is the most important characteristic for things like streaming video or reading web pages. For tasks like these, latency doesn’t usually matter. Whether it takes 50 ms (five-hundredths of a second) or 200 ms (two-tenths of a second) for the streaming service or web page to respond to messages isn’t going to make any real difference to you.
Here’s a link of our review of the best VPNs for streaming media.
Where latency becomes important is when you are doing interactive activities like computer gaming. For most online games, the lower the latency the better. Imagine you are playing a first-person shooter. A latency of five-hundredths of a second is not likely to be a problem but a latency of two-tenths of a second is surely going to be fatal (for your character, not for you!).
What all this means is if you are doing anything online that requires real-time responsiveness, you may well need to run this particular connection outside the VPN to keep the latency down.
If gaming is important to you, check out this review of the best VPNs for gaming.
2. Split tunneling for local connections
While one benefit of using a VPN is the encrypted tunnel it provides, the other benefit is the way it hides your IP address by substituting its own. Normally that IP address swap is great. But what if you need access to resources on your local network such as a printer or NAS (Network Attached Storage)?
Those local resources will typically only be available to devices within the network’s range of acceptable IP addresses. You won’t be able to connect to them through the VPN connection, since the VPN server’s IP address definitely won’t be accepted.
The solution is to configure your VPN’s split tunneling so that you access local resources directly instead of through the VPN.
3. Split tunneling to avoid blocks
Some online services are good at keeping you from connecting using a VPN. In particular, streaming media services (Netflix, Hulu, and so on) and banks often do a good job of blocking connections from IP addresses known to be used by VPN services. Disconnecting the VPN to use these services is not only a hassle, but it prevents you from simultaneously connecting to sites and services that do require VPN use.
Split tunneling may solve this problem for you. If you are using a local streaming service (you are in the US connecting to a US-based service for example), then you won’t need the VPN to connect. And virtually all banks that allow online banking have strong encryption in place so you don’t need the VPN to protect your account.
Configuring your VPN to run local streaming and online banking outside the tunnel could get you past their VPN blocks and give you a faster connection too. But don’t forget to use the VPN whenever possible! While you are not likely to be targeted in the global hacking spree the US and allies are blaming on China, there are plenty of non-State actors out there looking to hack any vulnerable target.
4. Split tunneling to go to work
In today’s work-from-home world, you need to be careful about what you do online. Many companies require you to connect to the office network through the company’s VPN connection. Not only could this make the company network vulnerable to hackers, but it could also lead to awkward personal situations.
Imagine that you are working from home and connected to the company’s VPN. You decide to take a break and check your personal email. Because you are connected to the company VPN, all your message traffic passes through the company’s network enroute between your device and your personal email service. And in many countries, employees have no right to privacy for any messages on the company network.
In other words, if you read your personal email, or visit Facebook pages, or check out those NSFW photos from last weekend’s big party while connected to the company network, the company gets access to that stuff too. Not good. Potentially very, very bad.
The solution would be to configure split tunneling so that connections to the company go outside your VPN and through the company’s secure connection, while your personal activities remain protected by your VPN.
Types of split tunneling with VPN services
We need to talk about the types of VPN split tunneling now. But before we do, you should know that this feature isn’t very standardized. Different VPN services call their split tunneling features by different names. Surfshark calls their split tunneling feature, the Whitelister, while both ExpressVPN and NordVPN call theirs Split Tunneling.
Likewise, different VPN services implement different combinations of the different types of split tunneling. Right here we’re going to talk about the types of split tunneling that exist, and sort out which ones are used by each particular VPN service (and what each VPN calls them) in the summaries that follow.
There are three types of split tunneling we need to consider:
- App exclusion (standard split tunneling) – By default, all traffic goes through the VPN, but you can choose to exclude specific apps from using the VPN tunnel. The excluded apps connect directly to the internet.
- Inverse split tunneling – By default, all traffic goes directly to the internet, but you can choose to send traffic from certain apps through the VPN tunnel.
- Specifying URLs – This type of split tunneling is done by browser extensions. By default, all connections to websites are protected by the VPN, but you can specify certain URLs that will see your real IP address instead of the VPN server’s IP address.
Possible drawbacks of split tunneling
Split tunneling can be a real plus, but it does have some drawbacks. One is that you need to figure out which apps and/or websites you want to access through the VPN and which you want to access directly (without the VPN). It can be a pain, but it is mostly a set-it and forget-it job.
The second problem is scarier, but more nebulous. Any time you access the internet without a VPN, you expose your traffic and IP address to the world. This can create big risks depending on your situation. For example, if you are using a VPN for torrenting and forget to turn it on, you could face heavy fines for copyright violation.
How to use a split tunneling VPN
Every VPN does things a little differently and each one offers slightly different options. However, a specific example could be useful, so we’re going to walk through the steps of using split tunneling with the NordVPN desktop client running on Windows 10. This VPN doesn’t have too many options or requires lots of tricky steps to get things set up.
Setting up a VPN with split tunneling (with NordVPN)
- Launch the NordVPN desktop client. Log in (if necessary) but do not connect to a VPN server!
- Click the gear icon in the NordVPN window to open the Settings page.
- In the menu on the left side of the window, select Split tunneling. This opens the Split tunneling page shown below.
- Flip the Split tunneling toggle switch in the top right to On.
- If you want to send most of your traffic through the VPN (this is what we recommend), select Disable VPN for selected apps. If you want to only have a few apps go through the VPN tunnel, select Enable VPN for selected apps only.
- Click the Add apps button at the bottom of the page. This opens a list of the apps on your computer.
- Place a check next to the apps that will be affected by the option you selected two steps ago.
- Click the Add selected button. The list closes and you return to the Split tunneling page.
- Click the back arrow at the top left of the page to return to the main NordVPN page.
- Connect to the VPN network and enjoy split tunneling.
Now that we’ve got all that covered, it is time to look at the best VPNs for split tunneling.
The best VPNs for split tunneling
It is time to reveal our picks for the best VPNs for split tunneling. Keep in mind, the best VPN is subjective and depends on your own needs and preferences. Read the short descriptions below and see which one looks like the best match for your situation. Each VPN below offers a 30 day money-back guarantee along with 24/7 live chat support, so you can safely download and test these VPNs for split tunneling before making a long-term commitment.
In case you want more information, we’ve included links to our in-depth reviews of each of these VPNs at the end of each section.
1. NordVPN – The fastest VPN with split tunneling
|Logs||No logs (audited)|
|Support||24/7 Live chat|
Split tunneling for: Windows and Android
When it comes to raw speed, NordVPN leads the world. Since upgrading to the WireGuard VPN protocol, NordVPN has clocked the fastest VPN speeds we have tested so far. All VPNs have some negative impact on the speed of your internet connection. Many VPNs have a drastic effect, reducing the speed of your connection by 25%, 50%, even more. But NordVPN typically only slows things down by 10-15%, an amount that you won’t even notice under most circumstances.
Aside from performance, NordVPN also delivers the highest levels of privacy and security. It uses very strong encryption and offers a variety of specialized VPN servers for specific use cases. They also include CyberSec, a feature that blocks malicious ads, trackers, malware and phishing domains.
This service ranks high for both streaming and torrenting, thanks to its huge network of secure, diskless servers. Like ExpressVPN, NordVPN keeps no logs of your online activities, and has third-party audits to prove it.
NordVPN and split tunneling
When it comes to split tunneling, NordVPN supports only Windows and Android devices at this time. On the other hand, setting and using split tunneling seems a little bit easier than with other services.
If you only need Windows and/or Android split tunneling, NordVPN could be a good option. It is extremely fast, reasonably priced, and at or near the top of the pack in every one of our VPN testing categories.
Click here to read our complete NordVPN review.
2. Surfshark – The best value for split tunneling
|Based in||British Virgin Islands|
|Support||24/7 Live chat|
Split tunneling (Whitelister) for: Windows and Android
Another solid option for a split tunneling VPN is Surfshark. This VPN service brings premium security features, excellent speeds, and well-designed apps. Its network has 3,200+ servers in 65 countries, all running in diskless (ram-disk) mode for maximal security.
Like NordVPN, Surfshark offers the WireGuard VPN protocol in all their apps (except for Linux). In our speed tests, Surfshark was only bested by NordVPN, as you can see in the Surfshark vs NordVPN comparison.
Surfshark apps have a VPN kill switch that prevents data leaks that could compromise your privacy. They also offer additional privacy features like CleanWeb, which is a VPN ad blocker, and several specialized servers for particular uses.
One particularly appealing aspect of Surfshark is that each subscription allows for an unlimited number of simultaneous connections. Add in their low price, and you can see what a great value Surfshark could be in heavily connected offices or households. This is one of the cheapest VPNs that still delivers premium performance and features.
Surfshark and split tunneling
While Surfshark only offers split tunneling for Windows and for Android, it gives you more control over what gets routed through the VPN tunnel or around it. If you look at the image below, you can see that Surfshark lets you choose which apps go through the secure VPN tunnel. It also has an option to control which websites and IP addresses bypass the tunnel. This can simplify your life by putting all of your split tunneling options in one place.
If you have a lot of devices you need to connect to the internet through a VPN, or just want a great value on a high-quality VPN with split tunneling, Surfshark is worth investigating further.
Surfshark is currently the cheapest VPN on our list when you use the coupon below.
Click here to read our complete Surfshark review.
3. ExpressVPN – Split tunneling on more types of devices
|Based in||British Virgin Islands|
|Logs||No logs (audited)|
|Support||24/7 Live chat|
Split tunneling for: Windows, Mac OS, Android, and routers
ExpressVPN is a very reliable service that has always performed well across the board. It is faster than most VPNs (although slower than NordVPN and Surfshark) and has some great features. ExpressVPN does very well in the areas of security and online anonymity, thanks to very strong encryption and secure apps.
ExpressVPN offers user-friendly apps for most operating systems and devices, including routers and set-top boxes. The apps are simple to use and include leak protection thanks to their integrated Network Lock feature, which is a VPN kill switch.
If you enjoy streaming, ExpressVPN does a good job of unblocking all the major services (except for occasional problems with BBC iPlayer) and is fast enough to give good quality HD playback. If torrenting is your thing, ExpressVPN’s combination of strong encryption and reliable kill switch should keep your IP address safely hidden while you download content.
We should also point out that ExpressVPN has a very large network of VPN servers spread across 90+ countries and has had their security and no-logs VPN status affirmed by third-party audits. In short, you can be confident that ExpressVPN will keep you safe online.
ExpressVPN and split tunneling
ExpressVPN offers a full range of split tunneling features. As is common for services that support it, split tunneling is available for Windows and Android. But ExpressVPN doesn’t stop there. Split tunneling is a feature in their Mac OS and router apps as well.
The VPN router support is particularly interesting. It would allow you to apply split tunneling to all sorts of devices that would otherwise not be able to use the feature.
ExpressVPN is a little more expensive than our other picks, but if you want a reliable VPN that can do split tunneling on the greatest variety of devices, ExpressVPN could be the answer.
Read our complete ExpressVPN review for more details.
Split-Tunneling VPN FAQs
Here are a couple of the most common questions we come across when the subject is split tunneling VPNs.
Which is the best VPN for split tunneling?
Unfortunately, there isn’t a single best VPN for split tunneling. If you want to install a VPN app on your router and do split tunneling, ExpressVPN is the best VPN for split tunneling in that case. If you want to have a large number of devices protected, Surfshark, with its unlimited connections, is probably the best bet. Finally, if you want the fastest possible connection for the apps that are protected by the VPN, then NordVPN is the winner.
Does split tunneling increase latency?
No, split tunneling does not increase latency. It can decrease it. With split tunneling, if an app needs low latency or ping, you can configure the VPN so the specified app communicates outside the VPN. This can improve latency.
Apps that use the encrypted VPN tunnel will probably have a higher latency than those that don’t use the tunnel.
Conclusion: The best tunneling VPNs
In this article we learned what split tunneling is, why you might want to use it, and why you might not want to. Then we examined the three top VPNs with the split tunneling feature. Each one does its job well, but each has its own plusses and minuses, making it impossible to anoint one as the best VPN for split tunneling.
We encourage you to learn more about the split tunneling VPN service that looks best to you by following one of the links in the body of this article, or hit one of the links below to download your favorite choice and start testing it right now. Remember that each of these services offers a 30 day money-back guarantee along with 24/7 live chat support so you’ll always have the help you need.
Simplify your online life by putting split tunneling to work today!