What Is VPN Split Tunnelling?
VPN split tunnelling is a feature that lets you choose which of your network traffic routes through the VPN and which goes directly through your normal internet connection - Simultaneously. Instead of an all-or-nothing tunnel, split tunnelling gives you precise control over each app or IP range.
How Split Tunnelling Works
| Mode | What Gets Tunnelled | What Goes Direct | Best Use Case |
|---|---|---|---|
| App-based include | Only selected apps (e.g., torrent client, browser) | Everything else | Route only sensitive apps through VPN while gaming or streaming locally at full speed |
| App-based exclude | Everything except listed apps | Selected apps bypass VPN | Keep VPN on by default but allow local banking app to use your real IP to avoid fraud flags |
| IP/subnet-based | Traffic to specific IP ranges or domains | All other traffic | Corporate remote access - Only route company intranet traffic through work VPN |
| Inverse split tunnel | Everything except whitelisted local IPs | Local network (printers, NAS) | Access local devices while VPN is active |
Common Use Cases for Split Tunnelling
- Banking apps: Route your bank's app direct so your real IP is used - Banks may flag logins from VPN/datacenter IPs as suspicious.
- Local streaming: Keep your local streaming service (Netflix, Hulu) on your real connection for correct regional content while routing everything else through the VPN.
- Gaming: Keep your game traffic direct for lowest possible ping; route your browser through the VPN for privacy.
- Remote work: Only route traffic to your company's servers through the work VPN; keep your personal browsing separate.
- Large file downloads: Route your download manager direct for maximum speed while protecting your browser and messaging apps.
Risks of Split Tunnelling
- Traffic routed outside the VPN is visible to your ISP and any network observer - Do not assume unrouted traffic is private.
- WebRTC in your browser may leak your real IP even when the browser itself is routed through the VPN, if a non-VPN network interface is active. Test with our VPN Leak Test.
- DNS queries for excluded apps may bypass the VPN's DNS resolver - Enable DNS leak protection or set a system-wide secure DNS resolver separately.
- If your kill switch only blocks VPN-routed traffic, non-VPN traffic continues unaffected if the VPN drops - Which may be desirable or not depending on your use case.
Provider Support for Split Tunnelling
| Provider | Split Tunnelling | Platforms Supported | Type |
|---|---|---|---|
| NordVPN | ✓ Yes | Windows, Android | App-based exclude/include |
| ExpressVPN | ✓ Yes | Windows, Mac, Android, routers | App-based exclude |
| Surfshark | ✓ Yes (Bypasser) | Windows, Android | App-based + URL-based |
| ProtonVPN | ✓ Yes | Windows, Android, Linux (CLI) | App-based exclude |
| Mullvad | ✓ Yes | All platforms | Split tunnelling via app + CLI |
| Private Internet Access | ✓ Yes | Windows, Mac, Android | App-based |
| CyberGhost | Partial | Windows, Android only | App-based |
How We Evaluate VPNs
Every recommendation in our VPN guides is weighed against the same five criteria:
- No-logs policy and audits - We prioritise providers whose no-logs claims have been verified by independent auditing firms, and we note real-world events (subpoenas, server seizures) that tested those claims.
- Leak-test results - A VPN must not expose your real IP, DNS servers, or WebRTC addresses. You can run the same checks we use with our free VPN Leak Test.
- Speed impact - We favour providers supporting modern protocols (WireGuard, or equivalents like NordLynx and Lightway) that keep overhead low.
- Jurisdiction - Where a provider is incorporated determines which governments can compel it to hand over data.
- Price transparency - Clear renewal pricing and honest refund terms. We avoid quoting specific prices in guides because promotions change frequently - Always check current pricing on the provider's site.
Our assessments are based on published third-party audits, vendor documentation, and our own leak-testing tooling - We do not have insider access to any provider's infrastructure. These pages are reviewed periodically and updated when audits, ownership, or features change.
Once you have picked a provider, two practical checks matter more than any review: if your connection fails, see how to fix a VPN that won't connect; and to confirm you are actually protected, learn how to test if your VPN is working.
ⓘ Affiliate disclosure: Some links to VPN providers in these guides are affiliate links - We may earn a commission at no extra cost to you. This never affects rankings or evaluations.
Last updated: June 2026