What Is VPN Split Tunneling and Why Does It Matter for Travelers?
Standard VPN operation routes all your internet traffic through an encrypted tunnel to a VPN server — everything goes through the VPN. This is secure, but it has drawbacks: your connection to local services (like local news, neighborhood websites, or local streaming) may be slower or blocked, while your connection to your home country's services may be fast but unnecessarily encrypted.
VPN split tunneling solves this by giving you granular control. You decide which apps, websites, or IP addresses go through the VPN tunnel and which bypass it to use your regular internet connection directly. For international travelers, this is transformative: you can stream your home country's Netflix through the VPN while browsing local restaurants and maps without VPN overhead — simultaneously, on the same device.
How Split Tunneling Works: Technical Overview
Split tunneling operates at either the application level or the IP/route level. Application-level split tunneling lets you select specific apps (like your browser, banking app, or streaming app) to use or bypass the VPN tunnel. IP/route-level split tunneling is more granular, routing traffic based on destination IP addresses or domain names.
When you enable split tunneling, your VPN client maintains two network paths simultaneously: the encrypted VPN tunnel for designated traffic, and your standard network connection for everything else. The VPN server sees only the traffic you intentionally routed through it, while local services see your actual local IP address.
VPNs with the Best Split Tunneling in 2026
1. ExpressVPN — Best Split Tunneling Implementation
ExpressVPN offers "App Split Tunneling" in its Windows, Mac, Android, and router apps. You can designate specific apps to use or not use the VPN tunnel with a simple checkbox interface. It also supports URL-based split tunneling on its MediaStreamer DNS service. The split tunneling feature is available on all platforms except iOS, where Apple restricts this capability.
| Feature | Details |
|---|---|
| Splittunnel Type | App-level (desktop/mobile), URL-level (MediaStreamer) |
| Platforms | Windows, Mac, Android, Router (not iOS) |
| Ease of Use | Excellent — simple toggle interface |
| Inverse Mode | Yes — use VPN for all except selected apps |
| Price | $6.67/month (15-month plan) |
2. NordVPN — App Split Tunneling with Good Flexibility
NordVPN provides app-level split tunneling on Windows, Android, and Android TV apps. You can choose which apps bypass the VPN. It also offers a "Custom DNS" feature for advanced users who want domain-based routing. NordVPN's split tunneling is straightforward to configure and reliable in practice.
3. Surfshark — Intuitive and Full-Featured
Surfshark's split tunneling feature called "Bypasser" lets you create two types of rules: apps that use the VPN and apps that bypass it. The interface is clean and intuitive, making it accessible for non-technical users. Surfshark's implementation works on Windows and Android, with Mac support through its browser extension.
4. CyberGhost — Good for Streaming-Focused Users
CyberGhost offers split tunneling through its "Exceptions" feature, where you can add websites and apps to exclude from the VPN tunnel. It's particularly useful for users who primarily want VPN protection but need to occasionally access local services without the encryption overhead.
Practical Use Cases for Split Tunneling While Traveling
Accessing Home and Local Content Simultaneously
The most common traveler scenario: you need your home country's services (banking, streaming, government portals) via VPN while also using local services (maps, translation, local news, food delivery) that work better without VPN interference. Split tunneling makes this seamless.
Configure your streaming app and banking browser to use the VPN tunnel, while your maps app, translation app, and local browser tabs use your direct connection — all running at the same time without switching servers.
Gaming with Reduced Latency
Online gaming is latency-sensitive. Routing game traffic through a VPN server in another country adds 100-300ms of delay — making fast-paced games unplayable. Split tunneling lets you route your game traffic outside the VPN tunnel while protecting your other browsing and communication apps through the VPN.
Video Conferencing Optimization
Business travelers rely on Zoom, Microsoft Teams, and Google Meet for remote work. These platforms perform best with low latency and consistent bandwidth — conditions that VPN routing can sometimes compromise, especially when connecting to servers far from your physical location. Split tunneling lets you route video calls outside the VPN tunnel while keeping your corporate network access, email, and file transfers protected.
Local Streaming Without Speed Penalties
If you're watching local news or a local streaming service (like a hotel's in-room entertainment system, or a local sports broadcast), the VPN overhead is unnecessary and may cause buffering. With split tunneling, you can exclude local streaming domains from the VPN tunnel for smooth, direct playback.
Split Tunneling: Security vs. Convenience Trade-offs
Split tunneling inherently reduces your security footprint for whatever traffic you route outside the VPN tunnel. Traffic that bypasses the VPN travels over the public internet unencrypted — visible to your ISP, network administrator, or potential eavesdroppers on public WiFi. This trade-off is acceptable for low-risk activities (browsing public maps, checking local weather), but inadvisable for sensitive activities.
VPN Split Tunneling Comparison Table
| VPN | Splittunnel Type | Platforms | Ease of Use | Inverse Mode | Price/mo |
|---|---|---|---|---|---|
| ExpressVPN | App + URL | Win, Mac, Android, Router | ★★★★★ | Yes | $6.67 |
| NordVPN | App + Custom DNS | Win, Android | ★★★★ | Yes | $3.39 |
| Surfshark | App-based Bypasser | Win, Android | ★★★★★ | Yes | $1.99 |
| CyberGhost | App/URL Exceptions | Win, Mac, Android | ★★★★ | Yes | $2.11 |
| Proton VPN | App-based | Win, Mac, Android | ★★★★ | Yes | $3.99 |
How to Configure Split Tunneling on ExpressVPN
- Open ExpressVPN and click the hamburger menu (three lines) in the top-left corner.
- Select Options (Windows) or Preferences (Mac).
- Go to the General tab and scroll to Split Tunneling.
- Enable split tunneling by checking the box.
- Choose your mode: Only allow selected apps to use the VPN (restrictive) or Allow all apps to use VPN except selected apps (permissive).
- Add apps by clicking Add App and browsing to the executable.
- Click OK and reconnect to your VPN server.
Troubleshooting Common Split Tunneling Issues
Websites Still Detecting Your Real IP
If a website is still detecting your real IP despite split tunneling, WebRTC leaks are likely the culprit. WebRTC (Web Real-Time Communication) is a browser feature that can expose your real IP address even when a VPN is active. Disable WebRTC in your browser settings or use an extension that blocks WebRTC leaks. Chrome: disable in about:flags. Firefox: set media.peerconnection.enabled to false in about:config.
App Not Respecting Split Tunneling Rules
Some apps (especially those using QUIC/HTTP3 or DoH/DoT DNS) may bypass your split tunneling configuration by DNS-encrypting their traffic in a way that prevents the VPN client from seeing their domain requests. Try switching your DNS settings to a standard DNS provider and disabling DoH in your browser to force apps through the standard network path where split tunneling rules apply.
VPN Disconnects When Bypassed Apps Are Active
Some VPN kill switches are overly aggressive and disconnect when any traffic bypasses the tunnel. If your VPN keeps disconnecting when you use split tunneling, check that your kill switch is set to "soft" or "application-level" rather than a system-wide network lock that requires all traffic to go through the VPN.
When Not to Use Split Tunneling
- On highly restricted networks: If you're in China, UAE, or another high-censorship country, avoid split tunneling. Bypassed traffic may alert network monitors to your VPN usage, potentially resulting in service restrictions or device confiscation.
- For sensitive financial transactions: Always route banking, investment, and healthcare portal access through the VPN tunnel, especially on public networks.
- When on corporate networks: Corporate IT policies often prohibit split tunneling as a data exfiltration risk. Respect your organization's security policy.
- For anonymous browsing: Any traffic outside the VPN tunnel reveals your true IP address to the destination server, reducing your anonymity.
Final Thoughts
Split tunneling is one of the most powerful VPN features for international travelers, enabling simultaneous access to home and local services without the speed penalty of routing everything through a VPN tunnel. For most travelers, ExpressVPN or Surfshark offer the most accessible split tunneling implementations. Configure your split tunneling rules once before your trip, and you'll enjoy seamless access to both home and local internet resources throughout your travels — all without compromising on security for your sensitive traffic.