Have you ever noticed your Internet connection is slower when connected to a VPN? Then enabling Split Tunnel may be the answer for you!.
In a VPN connection, split tunneling is the practice of routing only some traffic over the VPN, while letting other traffic directly access the Internet. Usually, what is routed over the VPN will be traffic destined for internal resources, while web surfing, email, skype, etc. will go directly to the Internet. An advantage of using split tunneling, is that it alleviates bottlenecks and conserves bandwidth as Internet traffic, does not have to pass through the VPN server.
Split tunneling can be used for several different purposes including:
- Allowing normal use of the internet while simultaneously accessing resources only available to VPN users, such as a business server
- Setting up specific devices, such as game consoles or streaming media boxes, to use (or not use) the VPN without affecting other devices on the network
- Sending all of a device’s traffic through the VPN except when accessing content or services that don’t allow VPN connections, such as MLB.tv or Netflix
- Sending all traffic through the VPN except for content and services that require low latency, such as VoIP applications and online games
- Only routing torrent traffic through the VPN, while all other internet traffic goes to the default network
- Access the VPN without affecting your connection to other devices on the local network, such as printers or a Plex Media Server
If you are going to split tunnel, then you are going to reduce the overall bandwidth impact on your Internet circuit. Only the traffic that needs to come over the VPN will, so anything a user is doing that is not “work related” will not consume bandwidth. In addition, anything external to your network, that is also latency sensitive will not suffer from the additional latency introduced by tunneling everything over the VPN to the corporate network, then back out to the Internet, and the return traffic routing over the reverse. Users will get the best experience in terms of network performance, and the company will consume the least bandwidth.
If security is supposed to monitor all network traffic, or perhaps merely protect users from malware and other Internet threats by filtering traffic, users who are split tunneling will not get this protection and security will be unable to monitor traffic for threats or inappropriate activity. Users on open networks such as hotel wireless or hotspots will also be transmitting much of their traffic in the clear. Traffic to websites that use HTTPS will still be protected, but other traffic will be vulnerable to snooping.
How to Enable Spit Tunnel in Windows 10
In order to enable Split Tunnel in Windows 10, you must be sure the VPN is already working. If you have a problem with your VPN connection, like it is not connecting, or dropping every 5 minutes, etc. Split Tunnel won’t make a difference, so resolve those issues first. Once you have a working VPN connection, the way to change VPN Split Tunnel in Windows 10 is using Powershell.
Windows is fairly limited when it comes to split tunneling. There’s no way that we’re aware of to split tunnel by app or destination. Instead, the split tunneling option in Windows is much broader. You can choose not to tunnel IPv4 and IPv6 traffic so that only local traffic goes through the VPN. That’s useful if only need to use the VPN to access remote resources not available from your normal internet connection, but not much else.
Furthermore, Windows only split tunnels VPN protocols that it has built-in support for. That means you’ll need to configure an L2TP, SSTP, or PPTP connection first. OpenVPN won’t work here.
This example, will use your local connection to access the internet while the VPN will be used to access remote resources, such as a private business server that can only be accessed via VPN. The VPN will only be used when a host isn’t available on the local network.
In this tutorial, will use Windows 10. We’ll assume you’ve already set up your VPN connection, and you only need to enable split tunneling. You’ll need admin privileges and the destination subnet for your VPN private space.
Using Powershell to configure Split Tunnel
In your Windows search bar, type Powershell and right click it to Run as administrator split tunnel windows
Type the following command and press Enter:
This will bring up a list of all your available VPN connections. (I test a lot of VPNs so there are several in my screenshot, but you’ll likely only have one.) Make a note of the Name of the VPN you want to split tunnel.
Type the following command and hit Enter, replacing <VPN NAME> with the name you noted in the previous step:
Set-VPNConnection -Name “<VPN NAME>” -SplitTunneling $True
You can check that split tunneling is enabled by entering the Get-VPNConnection command again. The split tunneling field should now be set to True.
Next, enter this command and make a note of the Description field:
If necessary, add the route. Replace <DESTINATION SUBNET> with the subnet you want to route through the VPN, and <INTERFACE> with the name of the Description field we mentioned in the last step:
netsh interface ipv4 add route <DESTINATION SUBNET> "<INTERFACE NAME>"
If you want to disable split tunneling, enter this command:
Set-VPNConnection -Name "<VPN NAME>" -SplitTunneling $False
We hope this guide helps you with your VPN deployment. Here at Austral Tech we are VPN experts and we have experience setting up VPN tunnels with F5 Products, Checkpoint, Ubiquiti and Cloud providers (AWS, Azure and Google). So if you need help with your VPN deployment, don’t hesitate to contact us!