Split tunneling is a VPN feature that lets you route some apps (or destinations) through the encrypted VPN tunnel and others outside it, using your normal internet connection. The "split" is between what's tunneled and what isn't.
The opposite of full tunnel
By default, when a VPN is active, every app on your device routes its traffic through the tunnel — "full tunnel" mode. Email, web browsing, background syncs, app updates, all of it.
Split tunneling breaks this all-or-nothing. You choose which apps go through the VPN and which bypass it. The rest of your traffic is unaffected.
Common use cases
- Banking apps that block VPN traffic — route them outside the tunnel so they work.
- Local network resources — home printers, NAS devices, smart-home hubs need your real local IP.
- Latency-sensitive apps — gaming, voice calls, video conferencing benefit from skipping the VPN hop.
- Region-specific apps — weather, food delivery, ride-sharing want your real location to work correctly.
Two implementation styles
- App-based: choose which apps to include or exclude. Most common on mobile.
- IP/route-based: choose which IP ranges to include or exclude. More flexible, more common on desktop and routers.
The security trade-off
Anything you route outside the tunnel is unprotected. On a hostile network this is the opposite of what you want. On a trusted network (home, office) it's fine.
Practical rule: enable split tunneling on trusted networks; disable it on untrusted ones. Some VPN clients can switch automatically based on the network you're on.