Split Tunneling
  • 22 Aug 2023
  • 2 Minutes to read
  • Contributors

    Split Tunneling

      Article Summary

      Understanding Split Tunneling

      • Split Tunneling lets specific data go through the VPN, while other data accesses the internet directly.
      • Useful for accessing local resources without bypassing the VPN.

      How to Set Up Split Tunneling

      This article describes how to incorporate split tunneling into your network. 
      If you would like to select specific network subnets to go through from the client to the Perimeter 81 network instead of full tunnel mode (where all the traffic is encrypted and proxied through the Perimeter 81 network), you will need to manually specify which subnets you’d like to include or exclude through the tunnel.

      To change your Split Tunneling configuration, go to Networks -> Select your network, and click on the "..." button, then "Split tunneling":


      FQDN Split Tunneling
      Split Tunneling by FQDN is available using 10.1.x agents and above. Lower-version agents will ignore Split-Tunneling settings by FQDN and revert to full tunneling if it is defined.

      Split Tunneling: Automatic

      This is the default setting, which pushes all traffic through the agent when connected. This is also called a "Full tunnel" configuration)


      Split Tunneling: Manual configuration

      The load time for Split Tunnels is determined by the availability of system resources. For example, it takes 2-3 seconds per 500 subnets in "Exclusion Mode"


      Including Subnets/Addresses in your Split Tunneling configurations will ensure that only traffic headed toward those Subnets/Addresses will go through the Perimeter 81 network.
      This is commonly used when an admin doesn't want all of the local traffic to go through the tunnel and instead only sends specific traffic through Perimeter81.

      In the following example, we only want traffic headed to "my.app.local" to be sent through the Perimeter81 agent, while any other local traffic is sent to the local ISP connection:


      Excluding Subnets/Addresses in your Split Tunneling configurations will ensure that traffic headed toward those Subnets/Addresses will not go through the Perimeter 81 network and instead go directly to the local ISP connection.
      This is commonly used to improve the latency of communication apps (such as Zoom and Webex) by excluding their IPs (and domains) from being sent via the Perimeter 81 network.

      In the following example, we want all local traffic except traffic headed to IPs that belong to Zoom to be sent through the Perimeter81 agent. Meaning traffic headed to the Zoom web conferencing application will be sent to the local ISP connection directly without going through the VPN:


      • Identify the IPs and IP ranges you want to bypass before using Split Tunneling.
      • Periodically check your configuration settings for accuracy.


      If you encounter issues during or after the setup, try reviewing your settings to ensure everything matches the instructions. In particular, check the IP addresses and other details you entered during setup. If issues persist, please consult our dedicated support.

      Support Contacts

      If you have any difficulties or questions, don't hesitate to contact Perimeter 81's support team. We offer 24/7 chat support on our website at Perimeter81.com, or you can email us at support@perimeter81.com. We're here to assist you and ensure your VPN tunnel setup is a success.

      Was this article helpful?

      What's Next