Split tunneling

from Wikipedia, the free encyclopedia

Split tunneling is used in virtual private networks ( VPN ). Only those connections are routed through the VPN tunnel which are targeted by systems at the other end of the VPN tunnel. The VPN tunnel is ignored for all other connections.

For example, an employee has connected his notebook to the hotel's WLAN in order to have access to the Internet. As soon as access to the Internet is possible, it also connects to the company's internal network via VPN. Now the employee can z. B. open and edit a document from the company's internal file server. The connections required for this run via the VPN tunnel. Next, the employee opens a website in the browser. The connections required for this are not sent through the VPN tunnel, as this is a system outside the company network. In short, the VPN tunnel is ignored during data transmission until the user wants to address a specific destination in the VPN network.

The technical implementation of split tunneling takes place by means of changes in the routing table of the host. For each accessible IP network at the other end of the VPN tunnel, an entry is made in the routing table of the computer. The IP address of the remote end point of the VPN tunnel is used as the next hop .

advantages

Internet bandwidth can be saved by using split tunneling, since not all of the Internet traffic has to be routed through the VPN tunnel, which may only provide limited bandwidth. This is achieved in that not all network traffic is routed through the VPN tunnel, but only the connections that the network on the side of the VPN server has to the destination. (Usually the company network)

In addition, a user who z. B. Access to two company networks is required, to access the resources of both companies without constantly having to disconnect from one network and re-establish it with the other network.

disadvantage

When split tunneling is activated, a user can bypass security levels that are placed in the company structure. In addition, with the implementation of DNS hijacking, Internet providers can break the name resolution of private addresses with a split tunnel. A DNS leak can also occur when a tunnel in a VPN is split. A (incorrect) configuration of a DNS server takes place, whose communication with the Internet bypasses the VPN. This problem can be resolved manually or with a program (e.g. free DNS leak tools).

Individual evidence

  1. VPN Help - Safe on the Internet while on the move. Retrieved February 12, 2016 .
  2. Avoid DNS leak. In: spyoff.com. Retrieved February 4, 2016 .
  3. How to detect and prevent a DNS leak while using VPN? Retrieved February 12, 2016 .