How to Set Up Split Tunneling
- When you click links on this page, we may earn an affiliate commission. By using this website you agree to our terms and conditions and privacy policy.
- Participation in online gambling may be illegal in your country and is subject to age restrictions (18, 19, or 21, depending on the jurisdiction). Verify legality and age requirements before participating. Learn more
Split tunnelling is the VPN feature that splits your traffic into two: some of it travels through the encrypted tunnel to the VPN server, and the rest goes straight out through your internet service provider as it normally would. Setting it up takes about five minutes once you’ve decided which apps belong on each side.
Before you start
You’ll need three things:
- A VPN that supports split tunnelling. Not all do, and availability depends on your device: app-based split tunnelling is common on Windows and Android, more limited on macOS, and restricted on iOS because of how Apple handles VPN connections. Check your provider’s support for your device first.
- A clear idea of which apps go where. Decide what needs the VPN (your browser, say) and what should bypass it (a banking app that blocks VPNs, or a local printer). If you’re unsure what the feature does, read our explainer on what split tunnelling is.
- The VPN already installed and signed in. If you haven’t done that yet, see how to set up a VPN.
How to set up split tunneling
The steps below follow the typical desktop and Android app. Labels vary slightly between providers, but the sequence is the same.
Step 1: Open split tunnelling in your VPN settings
Open your VPN app, go to Settings, and find the split tunnelling option (sometimes listed as “App split tunnelling” or “Bypasser”). If you can’t find it, confirm that your plan and device support it, as some apps hide it on platforms where it isn’t available.
Step 2: Choose how the split should work
Decide which way round the rule runs, because the two modes are the same mechanism with the default reversed. Most apps offer one or both:
- Route only chosen apps through the VPN. Everything uses your normal connection except the apps you add. Good when you want just one or two apps protected.
- Route all apps through the VPN except chosen ones (inverse split tunnelling). Everything is protected by default, and you list the apps that bypass the VPN. This is the safer default, because an app you forget to add stays protected rather than exposed.
Pick inverse split tunnelling unless you have a reason not to.
Step 3: Add the apps to your list
Add each app to whichever list your mode uses. The app shows your installed programs; tick the ones that should be in the tunnel (or the ones to exclude, if you chose inverse). Be deliberate here, because anything you route outside the tunnel is unprotected and uses your real IP address (the number that identifies your connection). Keep sensitive apps inside the tunnel.
Step 4: Save and connect
Save your settings, then connect to a VPN server. The rule takes effect once you’re connected, and the app applies it whenever you launch any of the listed programs. If your provider offers URL- or domain-based split tunnelling via a browser extension, set that up separately in the extension, as it controls websites rather than whole apps.
How to confirm it worked
Check both sides of the split, because a setup that protects only some apps is only doing half its job if the wrong app ends up on the wrong side. Open an app you routed through the VPN and visit an IP-checking site; it should show the VPN server’s location.
Now open an app you excluded and do the same; it should show your real location. To be thorough, run a DNS leak test while connected, as careless split tunnelling is a common cause of leaks. If each app appears where you intended it to, your split is working.
Troubleshooting
- The split tunnelling option is missing. Your device or plan may not support it (iOS is the usual case). Confirm support, and update the app to the latest version.
- An excluded app still routes through the VPN. Close the app fully and reopen it so the rule applies, then reconnect the VPN.
- A protected app is exposing your real location. Check it’s actually on the tunnel list, and confirm you didn’t enable the “only chosen apps” mode while expecting inverse behaviour.
- Local devices still won’t connect. Add the relevant app, or the local network exception if your VPN offers one, to the bypass list so traffic to your own network skips the tunnel.
Frequently asked questions
Should I use a kill switch with split tunnelling?
Yes, where your app allows both. A kill switch cuts your internet if the VPN drops, protecting the apps inside the tunnel during a brief outage. It generally applies to tunnelled traffic, not the apps you’ve deliberately routed outside, so the two features work together rather than against each other.
Why isn't split tunnelling available on my iPhone?
Apple restricts how third-party VPNs handle per-app routing on iOS, so most providers can’t offer app-based split tunnelling there. Some offer a limited alternative, but if per-app control is essential, you’ll find fuller support on Windows or Android.
Does split tunnelling slow down my connection?
Not in a way you’ll usually notice. If anything, excluding a large download or a video call from the VPN can recover speed for that task, since it skips the small overhead a VPN adds. The traffic you keep in the tunnel performs as it would on a normal VPN connection.
You’re set
You can now keep the VPN on for the traffic that needs it without the side effects of tunnelling everything, and you’ve confirmed each app sits on the side you intended. The one thing to watch is your exclusions: anything you route outside the tunnel is unprotected, so review the list whenever you add a sensitive app. For the concept behind the feature, see what split tunnelling is, and if your VPN lacks reliable split tunnelling on your device, it’s one of the features we weigh in how to choose a VPN.
