Split tunneling is a computer networking concept that allows a user to access dissimilar security domains like a public network (e.g., the Internet) and a local area network or wide area network at the same time, using the same or different network connections. It is a feature provided by some VPNs that allows users to decide which connected apps, games, and services use the VPN for connectivity, and which use the standard connection.
When split tunneling is enabled, traffic that would have been encrypted by the VPN is sent through the other tunnel, which can enhance performance because no encryption is necessary. Split tunneling can be categorized based on how it is configured. A split tunnel configured to only tunnel traffic destined to a specific set of destinations is called a split-include tunnel. When configured to accept all traffic except traffic destined to a specific set of destinations, it is called a split-exclude tunnel.
Advantages of split tunneling include better performance, as only the necessary traffic is encrypted and sent through the VPN, and the ability to access local resources that may not be available through the VPN. However, a disadvantage is that when split tunneling is enabled, users bypass gateway level security that might be in place within the company infrastructure. For example, if web or content filtering is in place, this is something usually controlled at a gateway level, not the client PC.
Overall, VPN split tunneling is a useful feature that can provide better performance and access to local resources, but it should be used with caution and weighed against the potential risks to information security.
