There are three main types of split tunneling: URL-based, app-based, and inverse
URL-based split tunneling targets traffic being routed to specific URLs, encrypting only that traffic. This type of setup could be configured to encrypt all traffic directed toward your bank’s website, your office’s sign-in and HR pages, or your medical providers’ portal. Any traffic tied to a specific URL can be filtered in this way, while traffic to any unspecified URLs remains on your standard connection. Many VPNs offer a browser extension to help users set which URLs will be encrypted.
App-based split tunneling is nearly identical to the URL-based variety, but it filters the traffic of specific apps, rather than specific URLs. A few coordinating examples would be logging into your bank’s mobile app, accessing your company’s Slack, or using your medical insurance providers’ telehealth software. An app-based split tunneling setup will encrypt any traffic associated with those apps, while less sensitive data, like your TikTok scrolling, would stay unencrypted. It’s particularly useful for use with mobile device VPN installations.
Inverse split tunneling is best for people that want nearly all of their traffic encrypted. The above two options leave your traffic unencrypted unless you specifically add it to their encryption lists. Inverse split tunneling does the opposite by encrypting everything on your system by default. Anything you don’t want encrypted will then need to be specified. To continue the above examples, your banking, work, and medical traffic would automatically be encrypted, while your TikTok activity would need to be manually set to use an unencrypted connection.
