This guide will show you how to use the split tunneling feature on the ExpressVPN apps for Windows, Mac, and Linux.
Jump to…
What is the split tunneling feature?
What happens to my DNS queries when I use split tunneling?
How to use VPN split tunneling on Windows
How to use VPN split tunneling on Mac
How to use VPN split tunneling on Linux
What is the split tunneling feature?
The split tunneling feature allows you to decide which apps use the VPN and which apps don’t when your device is connected to ExpressVPN.
For example, if you want all of your apps except Firefox to use the VPN, you can configure ExpressVPN to “split tunnel” the traffic so that only Firefox won’t go through the encrypted VPN tunnel.
Need help? Contact the ExpressVPN Support Team for immediate assistance.
What happens to my DNS queries when I use split tunneling?
As long as you are connected to ExpressVPN, all of your DNS queries should go through ExpressVPN’s servers, no matter how you configure your split-tunneling settings.
Need help? Contact the ExpressVPN Support Team for immediate assistance.
How to use VPN split tunneling on Windows
Note: If using the WireGuard protocol, you’ll need to disconnect and reconnect to the VPN to apply your split-tunneling settings. When using any other protocol, the changes should apply automatically.
To change your split-tunnel settings:
- Click the Profile tab and select Split Tunneling.
- Toggle Split tunneling on.
From there, you can select different split-tunneling options, including which apps use or bypass the VPN. You can also configure it so specific websites can get around the VPN tunnel, which is useful for sites that block VPNs (like bank sites). Learn more about each settings option below:
Add apps
- Click Add App.
- Click the app you want to set up split tunneling rules for, then click Add.
- Click the dropdown next to the app you just added and choose either:
- Bypass VPN: These apps won’t use the VPN tunnel.
- Only VPN: These apps will use the VPN tunnel.
Add IP addresses
- Click Add IP.
- Enter an IPv4/IPv6 address or a subnet in CIDR notation and click OK.
Note: Excluding an IP address from the VPN will not work reliably for large websites. This is because these services do not use a single fixed IP address. The IP address of the same website can be different every time you look it up, and the same IP address can be shared by multiple unrelated websites. As a result, the split tunneling rule may apply to websites you did not intend to exclude from the VPN.
All other apps
This option enables you to decide the split tunneling rules for all the other apps on your device.
To adjust the settings for other apps, click the dropdown menu next to All Other Apps and choose either Bypass VPN or Use VPN.
Need help? Contact the ExpressVPN Support Team for immediate assistance.
How to use VPN split tunneling on Mac
Note: If using the WireGuard protocol, you’ll need to disconnect and reconnect to the VPN to apply your split-tunneling settings. When using any other protocol, the changes should apply automatically.
To change your split-tunnel settings:
- Click the Profile tab and click Split Tunneling.
- Click the toggle next to Split tunneling to enable it.
From there, you can specify which apps to use or bypass the VPN and select the websites you want to exclude from the VPN tunnel. Learn more about each settings option below:
Add apps
- Click Add App.
- Find and click on the app you want to add, and click Open.
- Click the dropdown next to the app you just added and choose either Bypass VPN or Only VPN.
Add IP addresses
- Click Add IP.
- Enter an IPv4/IPv6 address or a subnet in CIDR notation and click OK.
Note: Excluding an IP address from the VPN will not work reliably for large websites. This is because these services do not use a single fixed IP address. The IP address of the same website can be different every time you look it up, and the same IP address can be shared by multiple unrelated websites. As a result, the split tunneling rule may apply to websites you did not intend to exclude from the VPN.
All other apps
This option enables you to decide the split tunneling rules for all the other apps on your device, excluding the ones you manually set split-tunneling settings for.
To adjust the settings for other apps, click the dropdown menu next to All Other Apps and choose either Bypass VPN or Use VPN.
Enable Split Tunneling on your Mac
Your Mac may block the system extension required for split tunneling until you manually allow it. If you see a notification that the extension was blocked, follow the steps below:
- Open System Settings.
- Click General, and then click Login Items & Extensions.
- Scroll down to Network Extensions, click the info (i) button, and toggle ExpressVPN Split Tunnel on.
- Enter your password or use Touch ID to confirm.
- If prompted, click Allow to enable ExpressVPN to add proxy configurations, then click Done.
Need help? Contact the ExpressVPN Support Team for immediate assistance.
How to use VPN split tunneling on Linux
To change your split-tunnel settings:
- Click Profile, then Split Tunneling.
- Toggle Split tunneling on.
From there, you can adjust your split tunneling settings. Expand the list below to learn more about each settings option:
Add apps
- Click Add App.
- Click the app you want to set up split tunneling rules for, then click Open.
- Click the dropdown next to the app you just added. Then, choose either Bypass VPN or Only VPN.
Add IP addresses
- Click Add IP.
- Enter an IPv4/IPv6 address or a subnet in CIDR notation, and click OK.
Note: Excluding an IP address from the VPN will not work reliably for large websites. This is because these services do not use a single fixed IP address. The IP address of the same website can be different every time you look it up, and the same IP address can be shared by multiple unrelated websites. As a result, the split tunneling rule may apply to websites you did not intend to exclude from the VPN.
All other apps
This option enables you to decide the split tunneling rules for all the other apps on your device.
To adjust the settings for other apps, click the dropdown menu next to All Other Apps, and choose either Bypass VPN or Use VPN.
The CLI app on Linux lets you split tunnel apps only. You can choose which apps use the VPN and which apps bypass it when you are connected to ExpressVPN.
To enable split tunneling, run the command:
expressvpnctl set splittunnel true
Once enabled, you can decide which apps bypass the VPN and which apps use the VPN.
To get the path of an app, run the command:
which app-name
In the case of Firefox, the command can be “which firefox.” This can result in:
/usr/bin/firefox
To add apps to bypass the VPN
Run the command:
expressvpnctl set split-app bypass:ROUTE/TO/APPLICATION/EXECUTABLE
For example, if you wanted the VPN to bypass Firefox, you would run the command:
expressvpnctl set split-app bypass:/usr/bin/firefox
To add apps to use the VPN
Run the command:
expressvpnctl set split-app vpn:ROUTE/TO/APPLICATION/EXECUTABLE
For example, if you wanted the VPN to use Firefox, you would run the command:
expressvpnctl set split-app vpn:/usr/lib/firefox/firefox
To delete split tunneling rules for an app, run the command:
expressvpnctl set split-app remove:ROUTE/TO/APPLICATION/EXECUTABLE
Need help? Contact the ExpressVPN Support Team for immediate assistance.