What is It?
Split tunneling is a computer network concept which allows a VPN user to access to Internet and to the resources on the VPN at the same. To state it differently, this feature, lets the users to connect to two different security domains at the same, one of them being the VPN connected network and the other being non-VPN connection.
The word split tunneling comes from using two separate connections (tunnels) for two different security domains. Through split tunneling, users can direct a portion of their Internet traffic through VPN (encrypted) and leave the rest to be routed unencrypted.
How Does Split Tunneling Work?
Split tunneling technology gives the user complete control over which data is sent in clear and faster (unencrypted) and which data is sent protected (encrypted) over the Internet. In general there are 3 methods for separating the data sent in clear or encrypted:
- Application Based: In this method, users can select which applications connect through VPN and simply let others go through the unencrypted connection.
- URL Based: Similarly, in this method users can choose which browser traffic goes over the VPN by specifying website URLs. Rest of the website traffic will be sent in clear.
- Inverse Split Tunneling: In the previously defined two methods, users select which traffic (app or URL) goes over the VPN. Inverse split tunneling is just the inverse of this approach, as the name implies. This time, by default all the traffic is sent over the VPN, with the exception of a select list of applications or URLs that is directed over the unencrypted connection.
What Are the Advantages and Disadvantages?
Supported by many major VPN services, this feature offers the following advantages:
- For the first advantage, split tunneling alleviates bottlenecks on the VPN as the Internet traffic does not have to pass through the VPN server.
- Secondly, it it prevents all user traffic from slowing down due to encryption on the VPN, as some portion of the traffic is sent unencrypted on the Internet.
Besides its advantages, split tunneling has some disadvantages, especially with respect to security:
- When split tunneling is enabled, it renders both the VPN client installed device and the VPN connected network vulnerable to attacks through the public network, as the security measures provided on the VPN connected network are bypassed.
- For another disadvantage, since users bypass gateway level security implemented on the VPN connected network, user security policy checks cannot be enforced (for the non-VPN connection traffic). For instance, if content filtering or web whitelisting/blacklisting is in place on the VPN connected network, users can access these resources through the non-VPN connection.
For a final remark, though split tunneling is a convenient feature for the users, it is considered to weaken the overall security of your system. Thus, it needs to be used cautiously and implemented securely in a VPN product.