• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1097
  • Last Modified:

VPN Question Split Tunnel vs Single Tunnel


Can someone list for me the Pros and Cons of having a clients VPN connection route all traffic through the company's connection, vs doing split tunneling and only using the companies gateway only for company subnets, and your own for other traffic.

3 Solutions
JohnBusiness Consultant (Owner)Commented:
If people have to go through your VPN to get to the Internet, it will be quite slow (having had to do this myself). Split tunnel connection allows your remote clients to use Internet as they need to without hindering you, and thereby leaving tunnel resources for company only work.

VPN (any kind) through DSL connections (very normal circumstance) is slow because the VPN traffic is working both ways and therby affected by the slow upload speed.

I only use, recommend and employ split tunnel VPN. ... Thinkpads_User
Methodman85Author Commented:
What about the fact that split tunnel lets users be on the company's network, yet not adhere to any of their web browsing policy's. They can be accessing dangerous sites while connected to the network. Also, if they're site to site access permitted by another company. The user would only be able to access the partner company's site while they're in the office.

For instance, a partner allowed our external corporate IP address to traverse their network. If a user takes their laptop home, and needs to connect to the partners network, this isn't possible with split horizon since the connection to the partner will be going out through the users ISP's IP which isn't allowed to establish a connection.
JohnBusiness Consultant (Owner)Commented:
No solution is perfect, however, responsible workers generally do not cause too much issue with access to the internet. I deal with lots of clients each day.

I don't really understand your second point. I operate with numerous clients, numerous tunnels and numerous locations and do not usually get stuck. However for your particular situation, a non-split tunnel VPN might work.

You seem to want to use non-split tunnel VPN, and so do go ahead with that. I think ultimately you will find it too slow to be practical, but only you can assess that. Also, only you can assess your users.
... Thinkpads_User
We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

below link will give u some points

QlemoBatchelor and DeveloperCommented:
I agree to what thinkpads_user said. There is a single question only you have to ask: Do you need full control over Internet actions while connected? If so, there is no discussion - no split tunneling.

IMHO, the "full control while browsing" aspect is overemphasized by many admins. The connecting VPN machine still needs to have all security means enabled before using the VPN, else it can be infected already with malware, and it does not matter if the malicious sites are browsed while VPN-connected or not.
Having full control over the protection of the VPN client (AV aso.) is worth much more, and is not related to split-tunneling, which involves extreme lags and speed issues while browsing the Internet.
Methodman85Author Commented:
Thanks for your input guys.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now