NordLayer - Network Security

VPN Split Tunneling

Protect your internal infrastructure from traffic overload because of VPN usage


What is VPN Split Tunneling?

Some programs need VPN protection, while others can directly access the internet. Split tunneling is an advanced VPN feature that lets you choose which programs and apps should have a secure VPN tunnel and which could benefit from faster speeds and access to local services. This feature reduces traffic overload on HQ servers and company data centers and helps save costs for hardware.


Split Tunnel vs Full Tunnel

The main differences between split tunneling and full tunneling your traffic are speed and security. With a full tunnel, all traffic goes through your secure VPN connection, making it the more secure option; however, this can also lead to slower speeds due to the amount of traffic that needs to be encrypted and because when all traffic is sent via HQ, it overloads the HQ infrastructure.

With split tunneling, only part of your traffic is sent through a VPN, which means that things like video streaming and video calls will have better performance and there will be less strain on the HQ infrastructure.

Split tunnel

  • Some traffic is offloaded to the VPN Client and routed to the Public Network directly. e.g., Video streaming, Zoom, MSTeams
  • Not all endpoint traffic is encrypted
  • Performance over security

Full tunnel

  • All the traffic from VPN Client is routed and controlled by the VPN Server.
  • All endpoint traffic is encrypted
  • Security over performance


How does Split Tunneling work in NordLayer?

VPN split tunneling in NordLayer is enabled by default. Before splitting, all traffic goes through a Virtual Private Gateway so you get the best of both worlds. The HQ/Branch is protected from unnecessary traffic with all endpoint traffic also being encrypted. This level of security comes with a minimal effect on performance as NordLayer VPN servers have up to 1Gbps output.

Here are the benefits of NordLayer Split Tunneling:

All the traffic from VPN Client is routed and controlled by the Virtual Private Gateway

All endpoint traffic is encrypted

Security & performance

Avoid extra costs for onsite hardware

Additional info

Frequently Asked Questions

There may be some security risks when using VPN split tunneling. However, if you’ve set it up correctly, those risks can be minimized. In most cases, protecting all internet traffic is unnecessary, and only retaining privacy on the traffic you care about can improve the online experience without compromising security.

No, all traffic is split according to a default setting that is the most optimal choice for both security and performance.