What Is VPN Split Tunneling?

The average cost of downtime is $5,600 per minute. Leverage split tunneling with Perimeter 81’s NaaS and secure your traffic controls.

VPN split tunneling enables you to route some of your device traffic through the encrypted VPN tunnel and the rest of the traffic gets routed through a separate tunnel on the open network. 

This feature is extremely useful for accessing foreign networks and remaining connected to a local area network (LAN) while conserving bandwidth. For example, you can access a network printer or download sensitive files without having to worry about security threats.  

Although we don’t give it much thought, we use a printer for our everyday needs to print out important documents for both work and personal use. But we typically do not place enough emphasis on the security of our printers, and that is cause for concern. 

In 2020, a team of researchers found 800,000 printers had been exposed online by using the IoT search engines. The research team successfully managed to print out PDF documents on 27,944 unprotected devices out of 50,000 selected open printers (a 56% success rate).

VPN split tunneling ensures that you can still use your printer without compromising sensitive information if you remain connected to a corporate network.

Looking to implement VPN Split Tunneling ?

How Does VPN Split Tunneling Work?

Split tunneling is an incredibly useful feature that gives you more control over which data you encrypt through a VPN and which data remains open on the network.

A traditional VPN works by routing your traffic through an encrypted tunnel over a private network. A VPN is also useful for hiding your IP address and giving you more security over a public Wi-Fi hotspot or network.

Businesses rely on a Corporate VPN to secure their applications and allow for the safe transfer of data from cloud-based resources such as Google Drive or Office 365. 

Although the default setting of most traditional VPNs is more for personal use, the split tunneling VPN feature enables you to access local applications while still encrypting data on specific applications.

One of the advantages of split tunneling is that you can speed up your internet connection as it can route confidential information through the VPN itself and allow the rest of the traffic to go through the internet. This saves you a great deal of bandwidth as well. 

Another benefit of split tunneling is the conservation of bandwidth. Since you can choose specific applications to pass through the VPN server, you will be able to access faster internet access without clogging your bandwidth.

In essence, the split tunneling VPN represents the best of both worlds by giving two connections simultaneously – the direct (open) connection to the internet and the tunnel (VPN) connection to the Internet.

This way, you can use your network as needed with security protocols without multiple devices at a given time. More so, the usability of the split tunneling VPN alleviates the possible issues you may encounter with the same network for all connections or the need to swap out networks before usage.

Remote workers can also take advantage of the split tunneling VPN feature and will be able to safely access resources through any device in any part of the world.

Corporate networks that need to reduce traffic can also enable split-tunneling on their Business VPN to increase speed for specific tasks and grant privacy to specific end users.

VPN split tunneling becomes extremely important for remote employees as critical company resources are not transmitted through an open public Wi-Fi network or port and remain encrypted through the VPN tunnel.

According to Kaspersky, 1 out of every 4 Wi-Fi hotspots is unsecured. Split tunneling divides the traffic so sensitive information remains protected at all times.

Different Types of VPN Split Tunneling

There are several ways in which VPN split tunneling can be used to ensure that traffic gets routed and when you might need to use them. 

App-based split tunneling

Similar to URL-based split tunneling, you decide which applications will get routed through the VPN tunnel and which to exclude. You might want to use this feature if you have banking or medical apps open as the data contained is highly sensitive.

Inverse split tunneling

Inverse split tunneling allows you to choose which particular apps and URLs will get routed through your VPN. This process is similar to a Firewall as a Service where you create Firewall policies based on user-defined roles to your network resources.

URL-based split tunneling

You can encrypt specific URLs and send the rest of the traffic over the internet and particularly important for remote workers. Certain URLs should be encrypted from the public, such as open login forms or databases which could be potentially exposed. This process can be performed using a VPN browser extension.

Looking to Implement VPN Split Tunneling ?

VPN Split Tunneling Risks

VPN split tunneling is notable for increasing internet access speed and decreasing bandwidth. However, there are some security risks. These risks can be managed depending on your company’s access and security policies. Here are a few possible VPN split tunneling security risks:

• Remote Access Concerns – The freedom and advantages in which the WFH model allows for both employers and employees are tremendous. However, with that freedom comes added risk for external attacks. If a team member connects to an unsecured Wi-Fi network, you could be facing a major data breach. A secure Cloud VPN can keep your cloud-based resources safe from such an attack. 
  
• Incorrect VPN Setup – Setting up your VPN incorrectly and not checking to see that the VPN is in your desired location can cause hackers to access your information. You may want to check your VPN connection or if specific ports are opened. Running a speed test can also let you know if the problem is with your VPN provider or ISP. 
  
• Access Restrictions – 74% of organizations in the United States experienced a successful phishing attack in 2020. Your organization may have restricted access to some sites or have unapproved downloads. Using a VPN split tunnel enables employees to bypass restrictions set up on your company’s network.

How To Tell If a VPN Is Split Tunneling

It is important to test a split-tunnel VPN connection before accessing the Internet. Here is how the process works: 

• Click on the settings options in your VPN
• Select Split tunneling to get options to manage your VPN connection based on the URL or application
• Select the applications or sites you want with VPN and the one you want to access directly with the open network
• Complete the settings
• Test the VPN split tunnel connection by clicking on a selected URL to see if they pass through the VPN or not

How To Enable VPN Split Tunneling in Windows 10

The most effective way to set up split tunneling is either by using PowerShell or by editing the Windows VPN connection. 

To configure VPN split tunneling on Windows 10, begin by editing the Windows VPN connection properties;

• Right-click the Windows 10 start button
• Click on the Network Connections icon
• Click on the ‘Change Adapter Options’
• Click on VPN connection and open ‘Properties’
• Select TCP/IPv4 from the Networking tab
• Click ‘Advanced’ in the General tab
• Disable ‘Use default gateway on remote network’
• Restart your VPN connection to launch the changes

Windows 10 Always On VPN Split Tunnel Configuration

The Always On VPN split tunnel feature does not show up by default. To set the always on feature, you must sign up as the Windows administrator. Then, decide to choose between split tunneling and full tunneling to get started. Alternatively, you can integrate Perimeter 81’s Always On VPN solution to secure cloud resources and sensitive data.

Azure Point To Site VPN Split Tunneling

A Point-to-Site (P2S) VPN gateway is a secure connection which allows remote workers to safely connect from a VNet or virtual network. This type of VPN connection can be implemented at a conference or live event when secured network connection becomes a major risk factor.

Azure P2S VPN uses split tunneling by default. Organizations attending large conferences or trade shows seldom place Wi-Fi security atop their list but cybercriminals rely on companies letting their guards down for a split second to steal sensitive information.

Always check with event management before setting up your laptops or other electronic devices to ensure that the event location has secure Wi-Fi access for guests.

VPN Split Tunneling Using PowerShell

Powershell VPN split tunnel can be enabled by running the Powershell command. 

To set up windows 10 VPN split tunneling with PowerShell:

• In the start bar, right-click and select the Windows PowerShell (Admin)
• If the name of your VPN connection is unknown, simply use ‘Get-VPNconnection’ to see the names of all the connections on your device
• To configure split tunneling on your preferred VPN connection, type in this command
• ‘Set-VPNconnection – Name (VPN Name) – SplitTunnelung $True’
• Replace your VPNconnection with the actual name and hit Enter.
• Check to see if the split tunneling has been enabled by retyping the ‘Get-VPNConnection Command.’

AWS VPN Split Tunnel Configuration

The AWS Client VPN split tunnel gives you the flexibility to decide which traffic should pass through the Client VPN endpoint. With the split tunnel feature, you can optimize the traffic routing from the client by having only the specific traffic move across the VPN tunnel. 

AWS Client VPN split tunneling has several benefits including the optimization of routing traffic from clients and lower data transfer costs as you are able to reduce the volume from outgoing traffic. Organizations working in AWS cloud environments might want to consider this option to allow only relevant traffic to pass through the AWS Client VPN to keep documents, files, and other forms of internal communication safe.

VPN Protocols

A VPN protocol functions as a set of instructions that determine how data routes between a connection such as your laptop and the VPN server. These protocols ensure a secure and stable connection through VPN tunnels and enable you to bypass firewall restrictions. 

There are different types of VPN protocols, and each of them is categorized according to their benefits. Some protocols focus on providing throughput speed while others are made for more secured privacy and general security. Let’s take a closer look at each one.

OpenVPN

The open-source VPN protocol has grown in popularity due to its high-security encryption and scalability. It relies on 256-bit AES encryption and is simple to deploy. The protocol supports various types of algorithms and provides a good range of internet speed. 

If you are looking for an open-source VPN protocol that does not require a lengthy configuration process, you should check our OpenVPN replacement solution.

Setting up OpenVPN is not easy, can drain your budget with IT costs and maintenance. Also, the server options are very limited. It supports about 50 servers only, which may restrict you.

L2TP/IPSec VPN

The Layer 2 Tunneling Protocol was developed to replace the limitations of the PPTP protocol. However, it lacks the additional security measures and instead, uses encryption for its control messages. 

The L2TP protocol is used together with IPSec to increase security levels.  One thing to take into consideration about this protocol is that the L2TP/IPSec VPN relies on the Point-to-point protocol connection in order to perform user authentication and protocol configuration. However, the L2TP protocol supports a limited number of ports and produces less speed.

PPTP VPN

The Point-to-Point Tunneling Protocol was developed by Microsoft in the mid-90s and was particularly designed for dial-up connections. While this protocol has pretty fast internet speed, it is also outdated and contains many security vulnerabilities. 

Security levels offered by the protocol are limited to 128-bit encryption only, which can work to an attacker’s advantage. Therefore, you should only use this protocol with a bit of caution or not at all.

SSTP VPN

Microsoft developed the Secure Socket Tunneling Protocol (SSTP) back in 2007. It fully integrates with various Microsoft operating systems, including Windows, Linux, and FreeBSD. The protocol uses 2048-bit certificates for authentication and 256-bit level encryption. If you are looking for a protocol that bypasses most firewalls with ease while still fast and secure, you can choose the SSEP. 

The SSTP protocol leverages SSL/TLS handshakes which enables the SSL or TLS client and server to establish the secret keys with which they communicate. The drawback of SSTP is the fact that it was developed by Microsoft and so developers do not have access to the code. The protocol was made for Windows-based devices. 

The SSTP protocol is also vulnerable to POODLE attacks which are man-in-the-middle eavesdropping attacks. That is due to the fact that the SSTP protocol is built upon SSL 3.0 which contains security flaws in its encryption.

IKEv2 VPN

The Internet Key Exchange version 2 is arguably one of the most common VPN tunneling protocols. Being based on IPSec, IKEv2 provides high data encryption and authentication. 

The IKEv2 protocol is highly stable and secure due to its support for various algorithms and good reconnection capabilities. It enables you to seamlessly switch connections between Wi-FI and mobile data without speed limitations. 

Compared to other types of VPN protocols, the IKEv2 works well on mobile devices. Aside from the VPN’s benefits, it is essential to note that the protocol does not offer so many cross-platform compatibilities like other protocols.

WireGuard VPN

The WireGuard VPN is one of the best recently developed tunneling protocols. It is notable for its high-ended performance, high-security maintenance, and connection speeds.

The protocol uses ChaCha20 for encryption and cryptography algorithms, BLAKE2s for hashing, and Poly1305 for data authentication. It also offers easy configuration and cross-platform use.

If you are a developer looking for a protocol that offers extensions and add-on scripts for more layers of security, the WireGuard VPN is a perfect option. WireGuard is also 58% faster in terms of bandwidth than OpenVPN.

Looking to Implement VPN Split Tunneling ?

SSL VPN Split Tunnel

The SSL VPN alternates between the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols to provide a secure and more remotely accessible VPN. With the SSL VPN, you can leverage end-to-end encryption to protect transmitted data. To configure SSL VPN split tunneling settings;

1. Open the VPN application
2. Click on the SSL-VPN portals to create ‘my split tunnel portal’
3. Enable split tunneling
4. Select a routing address to define the network that will be routed through the tunnel

Split Tunnel VPN vs. Full Tunnel: What Is The Difference?

A full tunnel uses your VPN to pass all traffic along while a split tunnel routes only part of your traffic. Using a split tunnel in this case leaves you open for potential attacks as it is not 100% fully secured or encrypted. 

The full tunnel is the default VPN tunnel which routes all traffic requests through the VPN regardless of where the service is hosted. In essence, traffic results will be dependent on the VPN.

Forced tunneling enables visibility and control, and privacy, while Split VPN tunneling enables distributed internet access. The split tunnel is a modified VPN tunnel that routes certain requests over the VPN and routes others over the open local network. In essence, traffic destined to a site like Zoom will not go through the VPN

With the full tunnel, you have to use your VPN for all your traffic, while the split tunnel gives you a more inclusive option. Unlike full tunneling, only some of your traffic will be encrypted. 

Using any of the tunnels is dependent on the user. If you handle highly confidential data, you may want to leverage the full tunnel to ensure there are no loopholes for hacking. You may also choose the split tunnel if you are more concerned about reducing bandwidth or if you are working from a Local Area Network (LAN).

What Are The Advantages of VPN Split Tunneling?

There are several key advantages of using VPN split tunneling. Let’s go over a few of them.

Provide Secure Remote Access

Split tunneling enables remote workers to access public networks from any location at any given time. Unsecured public connections pave the way for a multitude of attacks. Cybercriminals look for weaknesses in outdated or unpatched software, evil twin attacks, and even ransomware. 

Organizations can use a honeypot which tricks criminals into thinking that they are actually targeting the user, when in fact, they are helping to catch them in the act. There are different types of honeypots that can act as a decoy for malware or even spiders to block bots.

Conserve Bandwidth

Bandwidth conservation is one of the most notable advantages of VPN split tunneling. Split tunneling enables you to securely access open connections and VPN connections. By not forcing all internet traffic to pass through your VPN server, you can reduce bandwidth between two multiple parties attempting to connect simultaneously.

Access Multiple Networks At Once

Split tunneling VPN enables you to access multiple networks (private and public) at once without having to disconnect and reconnect your VPN.

URL-based split tunneling

Streaming content might be out of your local network when hopping on a plane or when attempting to access it from foreign countries. Certain countries restrict or outright block your access to the internet. Split tunneling enables you to stream both general and location-based content.

What Are The Disadvantages of VPN Split Tunneling VPN?

Risk of a DNS Leak

A DNS leak is very common to most VPN users. The leak exposes your real identity and gives away your data to the public. Having a split-tunneling VPN could make your privacy vulnerable enough to leak your identity as traffic is still being sent over the local network.

Compromised Mobile Devices

Malware is a costly problem. 98% of mobile malware targets Android devices but that doesn’t mean that iPhone users are immune either. Mobile devices are more vulnerable than desktops. Leveraging split tunneling gives the hacker access to data in the open network, which can also be used to trace data in the old secured network.

Poor Configuration

Poor configuration or improper setup is another disadvantage of VPN split tunneling. It leaves your data fully exposed and can easily get into the hands of malicious actors.

In 2015, Anthem was hit with an enormous data breach that exposed over 37.5 million records that criminals stole from the health insurance company’s servers. Take the time to check that your VPN is set up properly or use a secured Corporate VPN to keep internal resources out of harm’s way.

How To Securely Incorporate VPN Split Tunneling Into Your Network with Perimeter 81

VPN split tunneling is a great way to safely transmit sensitive data while reducing bandwidth. Perimeter 81 offers secure remote access VPN split tunneling with built-in fully customized network capabilities.

You can set up DNS filtering to protect your employees from accessing unauthorized websites and secure critical resources with private servers and dedicated IPs.  Monitor remote network access better and secure your servers, whether on-premise or in the cloud with Perimeter 81’s VPN split tunneling features.

Discover how Perimeter 81 can help improve your network security and deploy your entire organization within a single day.