For example, suppose a user utilizes a remote access VPN software client connecting to a campus network using a hotelwireless network. The user with split tunneling enabled is able to connect to file servers, database servers, mail servers and other servers on the corporate network through the VPN connection. When the user connects to Internet resources (websites, FTP sites, etc.), the connection request goes directly out the gateway provided by the hotel network. However, not every VPN allows split tunneling. Some VPNs with split tunneling include Private Internet Access (PIA), ExpressVPN, and Surfshark.[1]
Split tunneling is sometimes categorized based on how it is configured. A split tunnel configured to only tunnel traffic destined to a specific set of destinations is called a split-include tunnel. When configured to accept all traffic except traffic destined to a specific set of destinations, it is called a split-exclude tunnel.[2][3][4]
One advantage of using split tunneling is that it alleviates bottlenecks and conserves bandwidth as Internet traffic does not have to pass through the VPN server.
Another advantage is in the case where a user works at a supplier or partner site and needs access to network resources on both networks. Split tunneling prevents the user from having to continually connect and disconnect.
Disadvantagesedit
A disadvantage is that when split tunneling is enabled, users bypass gateway level security that might be in place within the company infrastructure.[5] For example, if web or content filtering is in place, this is something usually controlled at a gateway level, not the client PC.
A variant of this split tunneling is called "inverse" split tunneling. By default all datagrams enter the tunnel except those destination IPs explicitly allowed by VPN gateway. The criteria for allowing datagrams to exit the local network interface (outside the tunnel) may vary from vendor to vendor (i.e.: port, service, etc.) This keeps control of network gateways to a centralized policy device such as the VPN terminator. This can be augmented by endpoint policy enforcement technologies such as an interface firewall on the endpoint device's network interface driver, group policy object or anti-malware agent. This is related in many ways to network access control (NAC).[6]
Dynamic split tunnelingedit
A form of split-tunneling that derives the IP addresses to include/exclude at runtime-based on a list of hostname rules/policies. [Dynamic Split Tunneling] (DST)[7]
IPv6 dual-stack networkingedit
Internal IPv6 content can be hosted and presented to sites via a unique local address range at the VPN level, while external IPv4 & IPv6 content can be accessed via site routers.
Referencesedit
^Long, Moe (July 22, 2021). "Best VPN for Split Tunneling". Tech Up Your Life. Retrieved October 21, 2021.
^Jeffery, Eric (June 19, 2020). "VPN Split-Tunneling – To Enable or Not To Enable". Infosecurity Magazine. Retrieved October 19, 2020.
^Mackie, Kurt (March 26, 2020). "Microsoft Touts Split Tunneling with VPNs To Support Remote Workers -- Redmondmag.com". Redmondmag. Retrieved October 19, 2020.
^Michael Cooney. "Cisco, others, shine a light on VPN split-tunneling". Network World. Retrieved October 19, 2020.
^Remote Access VPN and a Twist on the Dangers of Split Tunneling, May 10, 2005, retrieved December 5, 2017
^Richard Bramante; Al Martin; James Edwards (2006). Nortel Guide to VPN Routing for Security and VoIP. Wiley. p. 454. ISBN9780470073001.
^"AnyConnect Split Tunneling (Local Lan Access, Split Tunneling, Static & Dynamic (Domain)". March 24, 2020.
Further readingedit
Juniper(r) Networks Secure Access SSL VPN Configuration Guide, By Rob Cameron, Neil R. Wyler, 2011, ISBN9780080556635, P. 241
Citrix Access Suite 4 Advanced Concepts: The Official Guide, 2/E, By Steve Kaplan, Andy Jones, 2006, ISBN9780071501743, McGraw-Hill Education
Microsoft Forefront Uag 2010 Administrator's Handbook, By Erez Ben-Ari, Ran Dolev, 2011, ISBN9781849681636, Packt Publishing
Cisco ASA Configuration By Richard Deal, 2009, page 413, ISBN9780071622684 , McGraw-Hill Education
External linksedit
Wikimedia Commons has media related to Networking.
Split Tunneling in Linux
March 17, 2024
split, tunneling, this, article, needs, additional, citations, verification, please, help, improve, this, article, adding, citations, reliable, sources, unsourced, material, challenged, removed, find, sources, news, newspapers, books, scholar, jstor, march, 20. This article needs additional citations for verification Please help improve this article by adding citations to reliable sources Unsourced material may be challenged and removed Find sources Split tunneling news newspapers books scholar JSTOR March 2020 Learn how and when to remove this template message Split tunneling is a computer networking concept which allows a user to access dissimilar security domains like a public network e g the Internet and a local area network or wide area network at the same time using the same or different network connections This connection state is usually facilitated through the simultaneous use of a LAN network interface controller NIC radio NIC Wireless LAN WLAN NIC and VPN client software application without the benefit of an access control For example suppose a user utilizes a remote access VPN software client connecting to a campus network using a hotel wireless network The user with split tunneling enabled is able to connect to file servers database servers mail servers and other servers on the corporate network through the VPN connection When the user connects to Internet resources websites FTP sites etc the connection request goes directly out the gateway provided by the hotel network However not every VPN allows split tunneling Some VPNs with split tunneling include Private Internet Access PIA ExpressVPN and Surfshark 1 Split tunneling is sometimes categorized based on how it is configured A split tunnel configured to only tunnel traffic destined to a specific set of destinations is called a split include tunnel When configured to accept all traffic except traffic destined to a specific set of destinations it is called a split exclude tunnel 2 3 4 Contents 1 Advantages 2 Disadvantages 3 Variants and related technology 3 1 Inverse split tunneling 3 2 Dynamic split tunneling 3 3 IPv6 dual stack networking 4 References 5 Further reading 6 External linksAdvantages editOne advantage of using split tunneling is that it alleviates bottlenecks and conserves bandwidth as Internet traffic does not have to pass through the VPN server Another advantage is in the case where a user works at a supplier or partner site and needs access to network resources on both networks Split tunneling prevents the user from having to continually connect and disconnect Disadvantages editA disadvantage is that when split tunneling is enabled users bypass gateway level security that might be in place within the company infrastructure 5 For example if web or content filtering is in place this is something usually controlled at a gateway level not the client PC ISPs that implement DNS hijacking break name resolution of private addresses with a split tunnel Variants and related technology editInverse split tunneling edit A variant of this split tunneling is called inverse split tunneling By default all datagrams enter the tunnel except those destination IPs explicitly allowed by VPN gateway The criteria for allowing datagrams to exit the local network interface outside the tunnel may vary from vendor to vendor i e port service etc This keeps control of network gateways to a centralized policy device such as the VPN terminator This can be augmented by endpoint policy enforcement technologies such as an interface firewall on the endpoint device s network interface driver group policy object or anti malware agent This is related in many ways to network access control NAC 6 Dynamic split tunneling edit A form of split tunneling that derives the IP addresses to include exclude at runtime based on a list of hostname rules policies Dynamic Split Tunneling DST 7 IPv6 dual stack networking edit Internal IPv6 content can be hosted and presented to sites via a unique local address range at the VPN level while external IPv4 amp IPv6 content can be accessed via site routers References edit Long Moe July 22 2021 Best VPN for Split Tunneling Tech Up Your Life Retrieved October 21 2021 Jeffery Eric June 19 2020 VPN Split Tunneling To Enable or Not To Enable Infosecurity Magazine Retrieved October 19 2020 Mackie Kurt March 26 2020 Microsoft Touts Split Tunneling with VPNs To Support Remote Workers Redmondmag com Redmondmag Retrieved October 19 2020 Michael Cooney Cisco others shine a light on VPN split tunneling Network World Retrieved October 19 2020 Remote Access VPN and a Twist on the Dangers of Split Tunneling May 10 2005 retrieved December 5 2017 Richard Bramante Al Martin James Edwards 2006 Nortel Guide to VPN Routing for Security and VoIP Wiley p 454 ISBN 9780470073001 AnyConnect Split Tunneling Local Lan Access Split Tunneling Static amp Dynamic Domain March 24 2020 Further reading editJuniper r Networks Secure Access SSL VPN Configuration Guide By Rob Cameron Neil R Wyler 2011 ISBN 9780080556635 P 241 Citrix Access Suite 4 Advanced Concepts The Official Guide 2 E By Steve Kaplan Andy Jones 2006 ISBN 9780071501743 McGraw Hill Education Microsoft Forefront Uag 2010 Administrator s Handbook By Erez Ben Ari Ran Dolev 2011 ISBN 9781849681636 Packt Publishing Cisco ASA Configuration By Richard Deal 2009 page 413 ISBN 9780071622684 McGraw Hill EducationExternal links edit nbsp Wikimedia Commons has media related to Networking Split Tunneling in Linux Retrieved from https en wikipedia org w index php title Split tunneling amp oldid 1107447332, wikipedia, wiki, book, books, library,
