When you connect to a Virtual Private Network, data travels between your device and the web via a proxy server that acts as a middle man. In many cases, you might not want all of your traffic to travel through the VPN server. Some VPN apps have a function called “split tunneling” that allows you to choose which apps, websites, or devices use the VPN and which use a direct connection to the internet. That way your sensitive data is kept to yourself and away from prying eyes.
We cover several providers in detail below, but if you only have time for a quick glance, below is our list of the best VPNs for split tunneling.
Best VPNs for Split-Tunneling:
- NordVPN Our first choice for split tunneling. Gives you the option of only tunneling web traffic.
- Surfshark Budget VPN. Fast and privacy-conscious, this VPN lets you tunnel your apps or certain websites.
- ExpressVPN Offers a variety of split tunneling methods in both its apps and its custom router firmware. Superfast servers in 94 countries, top-notch privacy, and includes a 30-day money-back guarantee.
- CyberGhost Includes “smart rules” that divert different apps through different servers.
- IPVanish Offers split tunneling on its Android and Fire OS apps.
- PureVPN Implements a split tunneling feature in its Windows and Android apps.
- Hotspot Shield A very fast, novice-friendly VPN that allows users to tunnel browser traffic.
Though it’s possible to set up split tunneling on various operating systems even if it’s not built into your VPN, it’s far simpler to configure if it’s integrated into the VPN app. In this post, we reveal the best VPNs for split tunneling and how to get started with one.
Best VPNs for split tunneling
There wouldn’t be much point in getting a VPN that includes split tunneling if other areas of the service are below par. We included a number of other criteria in our decision, including:
- Fast, reliable service
- Strong focus on security and privacy
- Prompt and knowledgeable customer support
- Wide server selection
- Securely accesses major streaming services (BBC, Amazon Prime Video etc).
All of our selected VPNs for split tunneling below meet these standards.
Money-back guarantee: 30 DAYS
NordVPN apps are available for Windows, macOS, Linux, iOS, and Android devices. However, it’s the service’s browser extensions for Chrome and Firefox that will give you the ability to implement split tunneling. You can choose which websites use the VPN and which use a direct internet connection.
Note that to do this, you must leave the desktop app off and turn the browser extension on. All of your browser traffic will go through the VPN tunnel while all other apps on your device will be unprotected. Granted, this doesn’t offer a ton of flexibility for your split tunneling setup, but it might be suitable for some users.
NordVPN offers excellent security and the ability to securely access a wide range of streaming services, including Netflix. It offers access to servers in 62 countries and you get six simultaneous connections.
- Split tunnel to cover just browser traffic
- Decent speeds
- Works with Netflix USA and other streaming sites
- Extra security features
- Server connection can sometimes be slow
BEST VPN FOR SPLIT TUNNELING:NordVPN is our top pick for split tunneling. Having the chance to use split tunneling as well as enjoying extra security features makes this VPN a strong choice. NordVPN offers a 30-day fuss-free money-back guarantee with each subscription.
Read our full NordVPN review.
Money-back guarantee: 30 DAYS
Surfshark runs 1,000+ servers in more than 60 countries, which makes it easy to obtain a high-speed, low-latency connection, wherever you are. It’s capable of securely accessing popular services like Netflix US and Amazon Prime Video from anywhere in the world, and as there’s no connection limit, you can secure every device you own with a single account.
This VPN’s split tunneling feature allows you to let specific apps or websites bypass the VPN entirely. There’s also 256-bit AES encryption, a kill switch (in all versions), and protection against IPv6, DNS, and WebRTC leaks, as well as a NoBorders feature that bypasses country-wide internet blocking. Surfshark doesn’t log any data that could identify you but if you’re concerned, you can sign up almost completely anonymously using cryptocurrency and a throwaway email address. Support is on-hand 24/7 over live chat in case of any issues.
Surfshark provides apps for iOS, Windows, MacOS, Android, and Linux devices. Wireless routers are also supported but must be configured manually.
- Lets you protect all of your devices at once
- Puts major emphasis on security
- Doesn’t keep any logs
- Fairly limited network
- Server speeds vary somewhat
Read our full Surfshark review
BEST BUDGET OPTION:Surfshark has no connection limit, a no-logging policy, and cutting-edge security features, which means users can rest assured that their privacy is in good hands. A 30-day money-back guarantee is also included.
Money-back guarantee: 30 DAYS
ExpressVPN is very thorough when it comes to split tunneling. This feature is available in the Windows and macOS desktop apps. In both cases, the settings area of the VPN app includes a split tunneling definition page.
You can send all traffic through the VPN, send only traffic originating from specified apps, or send all traffic except for that originating from specified apps. These are known as ‘split-include’ and ‘split-exclude’ options. Most VPNs that implement split tunneling only work on one of these methods, but with ExpressVPN you get both.
ExpressVPN is one of the few providers that includes an app to install on your flashed wifi router. This app includes options to implement another type of split tunneling. You can specify which devices in your home will have all of their traffic channeled through the VPN and which will be left unprotected. The router split tunneling screen lists all recently connected devices and shows an on/off toggle next to each – the devices don’t have to be connected at the time of nomination.
Standard features on ExpressVPN include strong encryption, access to servers in 94 countries (with local IP addresses), an allowance of five simultaneous connections, and the ability to securely access etflix and many other streaming services. Apps are available for Windows, macOS, Linux, Android, and iOS.
- Split tunneling per device at the router level
- Both split-include and split-exclude possible with the desktop apps
- Very good speeds
- 24/7 live chat customer support
- Works with Netflix
- Slightly more expensive than other providers
GOOD ALL-ROUNDER:ExpressVPN is a good choice and gives you a lot of options for split tunneling. Fast speeds and strong security complete the package. ExpressVPN gives a 30-day no-fuss money-back guarantee to all customers which means you can try it risk-free.
Read our full ExpressVPN review.
Money-back guarantee: 45 DAYS
CyberGhost‘s split-exclude option lets you pick websites which websites should use the VPN and which should use a direct connection. If you prefer a website-based split tunneling feature in addition to an app-based one, this is the VPN for you.
The split-include option lets you decide which applications should be covered by the VPN. You can specify a different server location for each app that you nominate for protection.
Split tunneling can be accessed through the Preferences tab of the desktop app. The Smart Rules section of the Preferences settings has two versions of split tunneling.
This VPN gives access to servers in 90 countries (with local IP addresses). It works with a wide range of streaming services including Netflix. Apps are available for Windows, macOS, Android, iOS, Linux, Amazon Fire TV, and Amazon Fire Stick. You can connect seven devices at a time.
- Split-exclude feature for websites and split-include feature for applications
- Ability to connect to multiple servers simultaneously on the same device
- Fast, reliable service
- Doesn’t work in China or the UAE
STRONG SECURITY:CyberGhost offers excellent flexibility when it comes to split tunneling as well as high-grade encryption and anonymous accounts. The company gives a no-questions-asked 45-day money-back guarantee.
Read our full CyberGhost review.
Money-back guarantee: 30 DAYS
The IPVanish apps for Fire OS and Android include a split tunneling feature. This lets you have some applications running through the VPN while leaving other traffic outside of the tunnel. For example, Kodi can run through the VPN while Netflix uses a direct connection.
In the Settings menu, the Split Tunneling section of the Connection preferences leads to a list of all apps detected on the device. Any applications that you mark with a check box in this screen will be excluded from the tunnel.
IPVanish has some of the fastest speeds we’ve seen, which makes it great for streaming and torrenting. The company provides apps for Windows, macOS, Android, iOS, Linux Mint, Amazon Fire TV, and Amazon Fire Stick. The VPN can be set up manually on Ubuntu, Kali, and Fedora Linux, and select routers and set-top boxes. It’s a favorite among Kodi users.
IPVanish explains that its split tunneling feature was developed specifically to enable users to securely access services like Hulu and Netflix outside of the VPN connection.
IPVanish operates servers in 60 countries. Users get an unlimited number of simultaneous connections.
- Split-exclude available on Fire OS and Android apps
- Very fast speeds
- No-logs policy
- Allows you to connect all of your devices at once
- Customer support is a little slow
- Doesn’t accept cryptocurrencies
ANDROID AND FIRE OS:IPVanish is a good choice for split tunneling on Android and Fire OS devices. Its fast speeds make it excellent for streaming and downloading and you can use it on all of your devices at once. IPVanish gives a 7-day money-back guarantee on each subscription.
Read our full IPVanish review.
Money-back guarantee: 31 DAYS
PureVPN was one of the first VPNs to offer split tunneling. Although the company produces an app for Windows, macOS, Linux, iOS, and Android devices, its split tunneling capabilities can only be used on the Windows and Android operating systems. PureVPN uses a split-include configuration, which means you choose the apps you want to protect with the VPN. All other connections will go to the internet by a default route and not be sent to the VPN server.
Another method of split tunneling is made available through the browser extensions for Chrome and Firefox. The browser extensions include WebRTC and IP leak protection. However, they are SOCKS5 proxies that lack strong encryption.
The service gives you secure access to servers in 141 countries. PureVPN is based in Hong Kong and is the right choice for those trying to access the internet in China. Its high speeds and privacy controls make it a reliable option for torrenting and video streaming.
You can get a Kodi addon version of PureVPN and apps for Android TV boxes, Amazon Fire TV, and Amazon Fire Stick. The VPN can be installed manually on other set-top boxes and select routers. PureVPN works with a wide range of video streaming services including Netflix US and UK and BBC iPlayer.
- Per-app split-include configuration for Windows and Android
- Secure service
- Large server network
- Transfer speeds can be slow with some servers
- Questionable privacy reputation
LARGE SERVER NETWORK:PureVPN offers split tunneling as a feature in some apps and provides a reliable, secure service. It offers a 31-day money-back guarantee on each subscription.
Read our full PureVPN review.
Money-back guarantee: 45 DAYS
Editor’s Note: Hotspot Shield is owned by Pango, Comparitech’s parent company.
Hotspot Shield is a high-speed VPN with a network of over 3,000 servers in 70+ countries. This service not only works with some of the most popular streaming services (such as Netflix and BBC iPlayer) abroad, it allows you to watch free from lag or buffering, even at high resolutions. With up to five simultaneous connections allowed, you can protect all of your most commonly used devices with one account.
This VPN offers partial split tunneling functionality in that it allows users to bypass the VPN on certain websites. Your traffic is secured using DNS and IPv6 leak protection, a kill switch, and 256-bit encryption. As an added bonus, this service blocks ads and malware automatically. Hotspot Shield doesn’t keep personally identifiable information after your session ends so it can’t reveal details of your online activities even if asked to. Support is available 24/7 over live chat.
Hotspot Shield has user-friendly apps for Linux, iOS, Android, Windows, and MacOS.
- Very high speeds
- Works with plenty of region-locked services
- Wide range of powerful security features
- No anonymous payment options
- Spotty privacy record
Read our full Hotspot Shield review
BROWSE SECURELY ANYWHERE:Hotspot Shield boasts strong security, high speeds, and the ability to tunnel your browser traffic for maximum versatility. Additionally, this service comes with a generous 45-day money-back guarantee.
VPN testing methodology
Comparitech aims to publish the most accurate, useful, and comprehensive VPN reviews and recommendations on the internet. To do that, our team personally uses and tests each VPN based on expert analysis, real-world experience, and several performance and security tests. When it comes to split tunneling VPNs, we specifically look at:
- Split tunneling support: We prefer VPNs that offer split tunneling across all of their apps.
- Speed: We measure download speeds on connections to VPN servers located around the world.
- Security: Split tunneling can introduce serious security risks if not implemented properly. We ensure VPNs use adequate encryption and are free of data leaks.
Streaming: We conduct real-world tests to find out which VPNs can reliably access popular streaming services.
- Customer support: Our reviewers contact each VPN’s customer support staff as secret shoppers to gauge response times and quality.
- Value for money: We favor VPNs that offer more bang for your buck and don’t engage in shady billing practices.
Learn more about how we rate and review VPNs on our testing methodology page.
Split tunneling and an always-on VPN
As mentioned, ExpressVPN’s router app enables you to choose which devices are covered by the VPN. This is ideal if you also have the VPN app installed on all of your mobile devices.
It’s convenient to keep your VPN on all of the time. However, if you install the VPN on your home wifi router, when your mobile apps are connected to the home network, they’ll be connected to the VPN twice: through the router and through the native mobile app.
Ordinarily, it would be advisable to turn the VPN mobile app off during these times. But if you’re able to exclude specific devices from your router VPN, you can exclude the mobile devices and leave the VPN apps on those gadgets running. By this method, you will still be able to benefit from the wifi connection on mobile devices while at home, without having to worry about turning off the VPN.
Different types of split tunneling
VPN split tunneling can take a few different forms depending on how it decides what goes through the VPN and what doesn’t.
Most of the providers we recommend above let you split tunnel by app. You decide which apps use the VPN and which use a direct, unencrypted connection to the internet.
If you set up your VPN on a router, you could split tunnel by device. You can, for example, set your phone to use a normal connection and your PC to use the VPN.
Lastly, you can split tunnel according to your destination on the internet. The VPN could be configured to only kick in when you visit certain websites, for example. This is much less common than the other two types.
Pros and Cons of Split tunneling
- You can simultaneously use a direct connection and a VPN connection
- Conserves VPN bandwidth
- You can still access your local network, including printers and smart home devices
- Latency won’t suffer on non-VPN apps and devices
The main disadvantage of split tunneling is security. In theory, an attacker could exploit split tunneling by using it as a back door. An attack on your direct, non-VPN connection could infiltrate your VPN-protected connection through your device. But so long as it’s configured properly, split tunneling is safe for most users.
How to use a split tunneling VPN
The exact process for split tunneling varies by VPN, but below is a general guide.
Here’s how to use a split tunneling VPN:
- Open your VPN app and sign in if necessary.
- Before you connect, find the split tunneling setting in your app’s menu
- Add the apps that you want to go through the VPN to the list (or, if inverse split tunneling, the devices you don’t want to connect to the VPN)
- Ensure split tunneling is enabled. You might need to check a box.
- Connect to the VPN.
Split-Tunneling VPN FAQ
Can I use a free VPN for split tunneling?
Although there are quite a few free VPNs available, we advise against using them. The facility for split tunneling is only available in very few VPNs and none of those specialized VPNs are free to use.
Free VPNs typically can’t get past location blocks on video streaming sites and they can really slow down your connection.
Be cautious of free VPNs because a lot of them are scams. One of the key services included in VPNs is encryption to prevent strangers from snooping on your internet activity. Many free VPNs don’t include any encryption at all. These are not only useless, but dangerous, because they give people a false sense of security.
Although some VPNs are free of charge, they are not charities. Some make money by forcing their users to watch adverts before they connect. Other sneakily inject adverts into the web pages that they channel. Some free VPNs even track the internet activities of their users and sell that information on to marketers. This is ironic because one of the main selling points of VPNs is that they are supposed to protect your privacy on the web.
All-in-all, you are better off avoiding free VPNs and opting for a quality VPN service.
How can I use split tunneling?
Split tunneling boasts a number of advantages and is quite handy in a lot of situations:
- Users in China can access foreign-only and China-only content at the same time. Works for other countries as well.
- Set which apps use the VPN, such as those that require more privacy. Your web browser can use a direct connection while your torrenting app uses the VPN, for example.
- If your wi-fi router supports split tunneling (e.g. ExpressVPN's router firmware), you can choose which devices use the VPN and which do not. Game consoles can use a direct connection with less lag, for example, while your phone and laptop use the VPN.
- Access local network devices such as printers, smart home devices, and routers while using the VPN.
- Connect to local-only resources in a school or office while at the same time accessing websites and apps from behind a web filter
What is inverse split tunneling?
Inverse split tunneling functions the same way as normal split tunneling in most respects. Normal split tunneling protects all connected apps or devices except for those specifically excluded.
Inverse split tunneling only protects specified apps or devices, and everything else is excluded by default.
Just think of the difference between a whitelist and a blacklist; it's conceptually the same thing. The "list" might be a list of devices, apps, websites, or even port numbers that connect---or do not connect---to the VPN.
Is split tunneling safe?
Split tunneling is perfectly safe assuming it's well-implemented and you are fully aware of what data travels through the VPN and what doesn't.
Can a VPN be restricted to a single site?
It depends on how split tunneling is implemented in your VPN app.
CyberGhost, for example, only allows for split tunneling of entire apps, and not specific websites.
Surfshark, in contrast, allows users to split tunnel specific websites and even IP addresses. You can enter which websites and IP addresses bypass the VPN while split tunneling is enabled (note: Surfshark calls this feature a "Whitelister").
Does split tunneling add latency?
Apps and websites that bypass the VPN through split tunneling have no added latency or ping time.
Apps and websites that do route through the VPN will have the usual added latency that you would get with any VPN connection.
Are there any security risks of split tunneling?
Yes, split tunneling does come with some security risks. Put simply, attackers can infiltrate your device through the non-VPN connection, which in turn gives them access to your VPN connection as well as the sites, apps, and services you use while on the VPN.
Consumer VPNs generally don’t restrict or monitor users’ traffic and give open access to the internet, so the security risks are not too severe in most cases. This is a bigger concern for corporate environments using enterprise VPNs for, say, remote workers. Split tunneling could allow attackers to access a company’s private server through the client’s unencrypted connection.
Which protocols don't support split tunneling?
Split tunneling is usually achieved with OpenVPN, but the feature is not really limited to any specific protocol. It can also be set up with Wireguard or IKEv2, for example.
Does OpenVPN have split tunneling?
OpenVPN supports split tunneling, but not every VPN that uses the OpenVPN protocol offers split tunneling.
See also: Best VPNs for routers