Split tunneling is a VPN technology that splits internet traffic into two separate tunnels, one uses a secure VPN tunnel to encrypt internet traffic and the other connects directly to the internet.
What is split tunneling?
Split tunneling is a feature that allows you to choose which data flows through the VPN and which data doesn’t. This can be helpful if your company needs to access both private and public networks, such as sending emails from your email server while connected to the VPN. Split tunneling also helps prevent any potential leaks of sensitive information on unsecured networks.
Split tunneling is a VPN technique that allows you to choose which traffic goes through your VPN and which traffic goes directly onto the internet. You can use this feature for torrents or other P2P file-sharing programs that might not be allowed by your company’s firewall. This post will walk you through how to set up split tunneling on Windows 10!
How does split tunneling work?
When split tunneling is enabled, only traffic to destinations outside the corporate network is sent through the VPN. Traffic to destinations inside the corporate network is sent directly, through your normal connection. A variant of this split tunneling is called “inverse” split tunneling.
Internet Traffic that’s destined for other networks (also known as “Tunneled” traffic) passes through any external firewall or NAT device (e.g. your Internet gateway/router) before reaching the VPN server and is forwarded to its original destination after being encrypted by the VPN server
This method basically gives you:
Secure and fast internet access to any sites or services without restrictions (the things that are not allowed by your firewall). This includes accessing ALL types of web content, such as different websites, streaming services, news sites, etc.
Secure access to your local network resources (LAN) behind your company firewall. Split tunneling can really improve your online experience — by excluding some apps from the encrypted VPN tunnel.
So basically split-tunnel separates “corporate” data from “non-corporate” data. You can securely access all the web content you want while ensuring that everything that’s related to work stays on the corporate local area network with a secure connection. Use split tunneling to access local devices with encrypted VPN connection mainly by the internet service provider. That’s how VPN split tunneling works!
The difference between split tunneling and double encapsulation?
Many people may often refer to the use of OpenVPN with Authentication using Certificates as “double encapsulation”. Double encapsulation is a very misleading and incorrect term and it describes incorrectly what happens during an OpenVPN authentication & encryption session:
A packet goes out from your computer –> Your Internet gateway/router encrypts it and sends it to your VPN server –> The VPN server decrypts it and then re-encrypts it using a different encryption cipher and keys before sending it out –> Your Internet gateway/router receives the packet, decrypts it using the same key that was used to encrypt this data in step 1 –> The Internet gateway/router encrypts it again using different encryption cipher and keys before sending it out
This is why people often refer to OpenVPN connections as “double encapsulations”. But in reality, there’s no double encapsulation happening here because each packet goes through the exact same process twice. This creates an unnecessary processing overhead that slows down the overall network connection, reduces performance, and wastes CPU power.
So how exactly does your network is encrypted, so there’s no need to encrypt the same packet twice. That is how you can support split tunneling!
Benefits of Split tunneling
The dynamic split tunneling includes the following features!
1. Faster internet access
2. Security of your local network resources (LAN) behind your company firewall
3. Allows you to securely access different websites such as news, streaming services, and other content that may be restricted by the firewall on your computer/device
4. Securely access Intranet resources without exposing them to the outside world
5. Ability to route only the traffic you want while allowing anything else to go through your normal ISP connection
How can I configure split tunneling on my OpenVPN application?
There are two ways that allow you to add a route for selected applications or add specific routes for individual IP addresses from the LAN network. Enable split tunneling for convenience!
The first method involves adding a route for selected applications via the GUI client
1) Open the OpenVPN GUI client.
2) Select “network” from the top menu bar and click on “routes”.
3) Click on “Add Route” to add a new route.
4) From here you can set your gateway IP address which is usually your VPN server’s IP address.
You can also add a network range instead of an individual IP address, but this requires you to know the exact ranges that need to be routed through the VPN interface. If you don’t already know your LAN network addressing schema then use the individual IP approach.
5) Enter a description for this route. Make sure you choose something that easily distinguishes it from other routes. It’s best to use something like “MyIntranet” so you know whether the network route is for your intranet or your local LAN resources or some other type of network connection.
6) Click on the “Gateway” box and select which interface should be used for this route.
7) Click on “Save” to save your modifications and click “Apply Changes” when you are finished making the changes. This will close the OpenVPN GUI client, apply the settings, then re-open it up again.
8) You will need to set this route for each VPN connection you use (if you’re using more than one).