VPN Split Tunneling

Protect your internal infrastructure from traffic overload because of VPN usage

Colleagues discussing VPN split Tunneling solution

Concept overview

Why VPN Split Tunneling is needed?

Some programs need VPN protection, while others can directly access the internet. In the market, split tunneling is understood as an advanced VPN feature that lets you choose which IP addresses and networks should have a VPN tunnel and which IP addresses could benefit from faster speeds and access to local services. This solution reduces traffic overload on HQ servers, company data centers and helps save hardware costs.

Scheme of how VPN Split Tunneling looks


Split Tunnel vs Full Tunnel

The main differences between split tunneling and full tunneling your traffic are speed and security. With a full tunnel, all traffic goes through your secure VPN connection, making it the more secure option; however, this can also lead to slower speeds due to the amount of traffic that needs to be encrypted and because when all traffic is sent via HQ, it overloads the HQ infrastructure.

With split tunneling, only part of your traffic is sent through a VPN, which means that things like video streaming and video calls will have better performance and there will be less strain on the HQ infrastructure.

NordLayer is currently working on a split tunneling solution and will offer complete functionality soon. For now, NordLayer only partially helps to resolve split tunneling use cases.

Diagram of split tunnel

Split tunnel

  • Some traffic is offloaded to the VPN Client and routed to the Public Network directly. e.g., Video streaming, Zoom, MSTeams
  • Not all endpoint traffic is encrypted
  • Performance over security
Diagram of full tunnel

Full tunnel

  • All the traffic from VPN Client is routed and controlled by the VPN Server.
  • All endpoint traffic is encrypted
  • Security over performance

Our Solution

Which Split Tunneling functions does NordLayer cover?

Virtual Private Gateways at NordLayer can cover some split tunneling functions. However, it has to be configured separately through a site-to-site request form. In this case, we can split the traffic intended for HQ/Branch, and the rest will reach the internet through the VPN-encrypted tunnel. This level of security comes with a minimal effect on the performance, as NordLayer VPN servers have up to 1gbps output.

Scheme of how NordLayer’s Split Tunneling works

Here are the benefits of NordLayer Split Tunneling:

Virtual Private Gateway

All the traffic from VPN Client is routed and controlled by the Virtual Private Gateway

Endpoint traffic encryption

All endpoint traffic is encrypted

Security and performance

Security & performance

Avoid extra costs

Avoid extra costs for onsite hardware

Person researching nordlayers split tunneling solution

Protect your business with NordLayer

NordLayer's VPN split tunneling reduces traffic overload on HQ servers and company data centers and helps save costs for hardware. All while keeping your data encrypted and secure.

Additional info

Frequently Asked Questions

There may be some security risks when using VPN split tunneling. However, if you’ve set it up correctly, those risks can be minimized. In most cases, protecting all internet traffic is unnecessary, and only retaining privacy on the traffic you care about can improve the online experience without compromising security.