A basic, personal VPN service, such as Private Tunnel, routes the user’s traffic to the Internet through an encrypted VPN tunnel . Someone might use the personal VPN service to protect themselves on public Wi-Fi or to get around geographic content restrictions. Business VPNs are different, however. While companies may provide them to remote workers to protect them on public Wi-Fi, more often, the real purpose is to obtain secure access to the business’s private network resources.
What if you have a VPN that can’t handle the load? You may want to enable split tunneling. With split tunneling, traffic not destined to your private network does not go through the VPN. That’s one reason you may want to set it up.
Here’s more information on what it is, why you would want to set it up, and how to do that with OpenVPN Access Server.
When a VPN client connects to OpenVPN Access Server, it creates a tunnel. Data transferred is encrypted, through the Internet to the VPN server and connected to your Internal LAN. OpenVPN Access Server can be configured to route all traffic destined to the internet and not just the internal LAN through that tunnel as well.
Your employee is connected to the VPN and enters google.com into their browser.. The web traffic might follow this (simplified) route:
When you set up split tunneling, only traffic that is destined for the subnets on your Internal LAN will go through the VPN tunnel. Other traffic will go through your employee’s normal Internet connection.
Here’s a basic diagram of how traffic flows when split tunneling is enabled on OpenVPN Access Server:
How do I set it up in OpenVPN Access Server?
In the Admin Web UI, you can start split tunneling with a simple click of a toggle button. Under Configuration > VPN Settings > Routing, switch “Should client Internet traffic be routed through the VPN?” to No. Once set to ‘no’, traffic destined to your private networks will traverse the VPN. Other traffic will bypass the VPN.
In addition to this setting, you also need to define the private subnets clients need access. You can do this under Configuration > VPN Settings > Routing by specifying the subnets in the input field with the label: “Specify the private subnets to which all clients should be given access (one per line)”