Split tunneling

Short description: Computer networking concept

In computer networking, split tunneling allows a user to access distinct security domains at the same time, using the same or different network connections.^[1] This connection state is usually facilitated through the simultaneous use of a LAN network interface controller (NIC), radio NIC, Wireless LAN NIC, and virtual private network client software application. Split tunneling is most commonly configured via the use of a remote-access VPN client, which allows the user to simultaneously connect to a nearby wireless network, resources on an off-site corporate network, as well as websites over the internet.

A split tunnel configured to only tunnel traffic destined to a specific set of destinations is called a split-include tunnel. When configured to accept all traffic except traffic destined to a specific set of destinations, it is called a split-exclude tunnel.^[2]^[3]^[4]

Not every VPN allows split tunneling.^[5]^[6]^[7] Advantages of split tunneling include alleviating bottlenecks, conserving bandwidth (as internet traffic does not have to pass through the VPN server), and enabling a user to not have to continually connect and disconnect when remotely accessing resources.. Disadvantages include potentially bypassing gateway-level security that might be in place within the company infrastructure.^[8] Internet service providers often use split tunneling to that implement for DNS hijacking purposes.

Variants and related technology

Inverse split tunneling

An "inverse" split tunnel is one that allows all datagrams to enter the tunnel, except those destination IPs explicitly allowed by VPN gateway. The criteria for allowing datagrams to exit the local network interface (outside the tunnel) may vary from vendor to vendor. This keeps control of network gateways to a centralized policy device such as the VPN terminator. This can be augmented by endpoint policy enforcement technologies such as an interface firewall on the endpoint device's network interface driver, group policy object or anti-malware agent. This is related in many ways to network access control (NAC).^[9]

Dynamic split tunneling

A form of split-tunneling that derives the IP addresses to include/exclude at runtime-based on a list of hostname rules/policies.^[10]

IPv6 dual-stack networking

Internal IPv6 content can be hosted and presented to sites via a unique local address range at the VPN level, while external IPv4 & IPv6 content can be accessed via site routers.

References

↑ "What is VPN Split Tunneling?" (in en). https://www.fortinet.com/resources/cyberglossary/vpn-split-tunneling.
↑ Jeffery, Eric (2020-06-19). "VPN Split-Tunneling – To Enable or Not To Enable". https://www.infosecurity-magazine.com:443/opinions/vpn-split-tunneling/.
↑ Mackie, Kurt (March 26, 2020). "Microsoft Touts Split Tunneling with VPNs To Support Remote Workers -- Redmondmag.com" (in en-US). https://redmondmag.com/articles/2020/03/26/microsoft-touts-split-tunneling-vpns.aspx.
↑ Michael Cooney. "Cisco, others, shine a light on VPN split-tunneling" (in en). Network World. https://www.networkworld.com/article/3543298/cisco-others-shine-a-light-on-vpn-split-tunneling.html.
↑ "VPN split tunneling". https://nordvpn.com/features/split-tunneling/.
↑ Long, Moe (2021-07-22). "Best VPN for Split Tunneling" (in en-US). https://techuplife.com/best-vpn-split-tunneling.
↑ "What is VPN split tunneling? All you need to know" (in en-US). https://surfshark.com/features/split-tunneling.
↑ Remote Access VPN and a Twist on the Dangers of Split Tunneling, May 10, 2005, http://techgenix.com/2004fixipsectunnel/, retrieved 2017-12-05
↑ Richard Bramante; Al Martin; James Edwards (2006). Nortel Guide to VPN Routing for Security and VoIP. Wiley. pp. 454. ISBN 9780470073001.
↑ "AnyConnect Split Tunneling (Local Lan Access, Split Tunneling, Static & Dynamic (Domain)". March 24, 2020. https://community.cisco.com/t5/security-documents/anyconnect-split-tunneling-local-lan-access-split-tunneling/ta-p/4050866.

External links

Split Tunneling in Linux

0.00

(0 votes)

Original source: https://en.wikipedia.org/wiki/Split tunneling. Read more

[1] "What is VPN Split Tunneling?" (in en). https://www.fortinet.com/resources/cyberglossary/vpn-split-tunneling.

[2] Jeffery, Eric (2020-06-19). "VPN Split-Tunneling – To Enable or Not To Enable". https://www.infosecurity-magazine.com:443/opinions/vpn-split-tunneling/.

[3] Mackie, Kurt (March 26, 2020). "Microsoft Touts Split Tunneling with VPNs To Support Remote Workers -- Redmondmag.com" (in en-US). https://redmondmag.com/articles/2020/03/26/microsoft-touts-split-tunneling-vpns.aspx.

[4] Michael Cooney. "Cisco, others, shine a light on VPN split-tunneling" (in en). Network World. https://www.networkworld.com/article/3543298/cisco-others-shine-a-light-on-vpn-split-tunneling.html.

[5] "VPN split tunneling". https://nordvpn.com/features/split-tunneling/.

[6] Long, Moe (2021-07-22). "Best VPN for Split Tunneling" (in en-US). https://techuplife.com/best-vpn-split-tunneling.

[7] "What is VPN split tunneling? All you need to know" (in en-US). https://surfshark.com/features/split-tunneling.

[8] Remote Access VPN and a Twist on the Dangers of Split Tunneling, May 10, 2005, http://techgenix.com/2004fixipsectunnel/, retrieved 2017-12-05

[9] Richard Bramante; Al Martin; James Edwards (2006). Nortel Guide to VPN Routing for Security and VoIP. Wiley. pp. 454. ISBN 9780470073001.

[10] "AnyConnect Split Tunneling (Local Lan Access, Split Tunneling, Static & Dynamic (Domain)". March 24, 2020. https://community.cisco.com/t5/security-documents/anyconnect-split-tunneling-local-lan-access-split-tunneling/ta-p/4050866.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

v t e Virtual private networking
Communications protocol	SSTP IPsec L2TP L2TPv3 PPTP Split tunneling SSL/TLS (Opportunistic: tcpcrypt)
Free software	Cloudvpn FreeLAN FreeS/WAN Libreswan n2n OpenConnect OpenIKED Openswan OpenVPN Social VPN SoftEther VPN strongSwan tcpcrypt tinc VTun WireGuard Shadowsocks
Vendor-driven protocols	Layer 2 Forwarding Protocol DirectAccess
Proprietary software	Avast SecureLine VPN Check Point VPN-1 Cisco Systems VPN Client LogMeIn Hamachi Microsoft Forefront Unified Access Gateway Hola Tunnelbear NordVPN SaferVPN ExpressVPN ProtonVPN PureVPN VPN.ht Private Internet Access
Risk vectors	Content-control software Deep content inspection Deep packet inspection IP address blocking Network enumeration Stateful firewall TCP reset attack VPN blocking

Anonymous

Search

Split tunneling

Namespaces

More

Page actions

Contents

Variants and related technology

Inverse split tunneling

Dynamic split tunneling

IPv6 dual-stack networking

References

Further reading

External links

Navigation

Navigation

Resources

Help

googletranslator

Navigation

Wiki tools

Wiki tools

Anonymous

Search

Split tunneling

Variants and related technology

Inverse split tunneling

Dynamic split tunneling

IPv6 dual-stack networking

References

Further reading

External links

Navigation

Wiki tools

Page tools

Other projects

Categories