Split Tunneling Is Your VPN’s Most Underrated Feature

VPNs are a fantastic security tool. While they aren’t infallible, a properly configured VPN can secure your traffic across apps and websites. But the added network latency can slow down apps that rely on high bandwidth usage or lock you out from those that specifically ban network spoofing, putting up roadblocks as you try to use the internet. That’s where split tunneling comes in.

Split tunneling is a relatively new VPN feature that lets you route specific apps or websites through your VPN, while the rest of your device’s network uses your unencrypted network. That way, you can stay protected while browsing the internet while allowing exceptions for your banking app or local printer. While not all VPN providers support it on every device, split tunneling remains a very useful feature that takes only a few clicks to enable and customize. It gives you greater control over your digital footprint and prioritizes convenience without hurting your security. 

What split tunneling does with your VPN

By default, VPN providers will route all your network traffic through an encrypted tunnel that hides your IP address once enabled. It’s great for maintaining privacy or avoiding censorship, but it can create problems for you when you’re using your banking app, printing something over wifi, or using banking apps that need to verify your geographical location. 

What split tunneling does is carve out exceptions for certain apps and websites. This can either work as a blocklist that lets you pick which apps to route through your VPN, or a whitelist that grants direct network exceptions for specific apps and services. While it’s useful and practical, split tunneling support is wildly inconsistent across different vendors. Some VPNs like Proton have good support across all platforms. Others, like NordVPN, seem to struggle with operating systems that enforce stricter network rules, like macOS or iPhone. 

How split tunneling works

Split tunneling works in one of two ways. Typically, VPN services offer it as a whitelist that lets you add specific websites or apps as exceptions to your VPN connection, so that any incoming or outgoing traffic routed through those websites and apps can pass through your regular network without the VPN encryption. This is how Surfshark and IPVanish do it. Alternatively, VPN providers like ExpressVPN go the opposite route. Instead of a list of exceptions, you configure a list of apps and websites that should benefit from the encryption tunnel. Everything except for the list of apps and services you configure will pass through your normal network without VPN encryption. 

Then, there are platforms like NordVPN and CyberGhost, which offer both split-include and split-exclude options so that you can choose the implementation that’s easier for you to configure. Some leading providers also offer router-level configuration options. That way you can configure split tunneling on your wifi network directly from the router as long as you use one that’s supported by the VPN. Depending on how much network security you need day-to-day, you might lean towards one implementation of split tunneling over another. 

Here’s when split tunneling is worth enabling

Split tunneling offers better control over your network so that you can avoid server latency and access high-security services without having to switch off your VPN every time. It’s certainly not a must-have for every user, though, so here’s a quick rundown of scenarios where you might need it:

• When accessing devices connected to your local network, such as printers, doorcams, or smart speakers that don’t require an encrypted connection. 

• High-security apps and services like banking websites or zero-trust digital workspaces, which specifically block IP addresses common to VPN providers. 

• Bandwidth-heavy tasks like online gaming, video calls, or streaming in 4K that might not be possible on a VPN without a fast internet connection. 

• Services that rely on geolocation data for accurate results, like weather apps or ridesharing services, which usually work best when using your direct network.

When to avoid split tunneling 

While bypassing your VPN might improve network performance, split tunneling also reveals your IP address, geolocation data, and other identifiable markers to apps or websites with unencrypted access to your network. It also often disables features that protect you from online tracers or intrusive ads that your VPN typically blocks. Think of it like this: Creating a split tunnel is like automatically flipping the off switch on your VPN when accessing certain apps or services, leaving you entirely exposed to anything that it was designed to protect against. 

For example, I would not want to use split tunneling on a public wifi network or when using an ISP that I don’t fully trust. Also keep in mind that even though some VPN providers let you use split tunneling while continuing to mask your DNS (domain name server), DNS requests can nevertheless leak through depending on whether the provider has proper security in place. If you’re concerned about whether your VPN suffers from DNS leak issues with split tunneling, try using a DNS leak test tool like BrowserLeaks, IPLeak, or the free tools from ExpressVPN and Surfshark to make sure everything is working as intended. 

These VPN providers support split tunneling

Split tunneling is a newer VPN feature that hasn’t made its way to every provider. Even among providers that support it, Apple’s network protection tools for iOS and macOS make it difficult to implement. Because of this, support and functionality are wildly inconsistent between providers, and no two companies offer the same level of functionality. 

Still, several major VPNs support split tunneling. These include:

• Surfshark: The company has a tool called Bypasser that allows unchecked access to your home network to specific apps and services that you whitelist. It’s available across Windows, macOS, Android, iOS, and iPadOS. Even the browser extension has a separate Bypasser implementation. That makes it the platform with the most well-rounded split tunnel VPN in my book. 

• ProtonVPN: The company behind ProtonMail is known for its security features, so it’s unsurprising that their VPN supports split tunneling on every OS, including Linux. That said, Linux support is more limited than other platforms due to technical limitations.

• Norton VPN: Norton VPN has supported split tunneling on Windows and Android devices for a while. As of June 2026, it now supports the feature for Mac and iOS devices.

• NordVPN: Nord does not support native split tunneling on Apple devices, even though it’s one of the biggest players in this market. However, NordVPN’s split tunneling implementation on Windows and Android is well done and highly configurable.

• ExpressVPN: While support for Apple devices is new and still improving, ExpressVPN has pretty decent split tunneling features for Windows, Android, and Linux users. Better still, it can work with popular router models directly at the network level, before traffic is routed to any device.