Split Tunneling

Split tunneling lets you route some traffic through the VPN while allowing other traffic to use your regular internet connection. This is useful when you need VPN protection for most activities but want certain apps or websites to connect directly.

Why Use Split Tunneling?

While routing all traffic through VPN provides maximum protection, there are legitimate reasons to bypass it for specific applications:

Streaming services. Netflix, Hulu, and other platforms sometimes detect VPN usage and restrict content. Excluding these apps lets you stream while keeping everything else protected.

Banking and financial sites. Some banks flag VPN connections as suspicious. Direct connections to your bank avoid potential account lockouts.

Online gaming. Games are latency-sensitive. Bypassing VPN for gaming reduces ping while maintaining protection for everything else.

Local network access. Devices on your home network (printers, NAS, smart home) may be unreachable through VPN. Split tunneling restores local access.

Work applications. Corporate VPNs or work apps may conflict with Stealth. Excluding them prevents connectivity issues.

Configuring Split Tunneling

Open Split Tunneling from Settings → Tools. You'll see two lists: excluded applications and excluded domains.

Excluding Applications

Click Add Application and select an application's executable file. That application's traffic will bypass the VPN entirely.

Common applications to exclude:

Netflix	Avoids VPN detection for streaming
Steam	Reduces latency for game downloads and multiplayer
Banking apps	Prevents security flags from VPN IP addresses
Work VPN clients	Avoids conflicts with corporate VPN

Excluding Domains

Click Add Domain and enter a domain name (e.g., netflix.com). All traffic to that domain and its subdomains will bypass the VPN.

Domain exclusions work at the network level, affecting all applications that connect to those addresses.

How It Works

When split tunneling is active, Stealth maintains two routing paths:

VPN tunnel - Encrypted traffic to Stealth servers (default for all traffic)
Direct connection - Unencrypted traffic through your normal ISP (for excluded apps/domains)

The routing decision is made per-connection. An excluded app uses your real IP address and regular internet connection, while everything else continues through the VPN.

Security note: Traffic from excluded applications is not encrypted by Stealth and will reveal your real IP address to those destinations. Only exclude apps and domains where this is acceptable.

Testing Your Configuration

After adding exclusions, verify they're working:

Open the excluded application
Visit a site that shows your IP address (like whatismyip.com)
Confirm it shows your real IP, not the VPN IP
Check a non-excluded browser to confirm VPN is still active there

Removing Exclusions

To route an app or domain through VPN again, simply remove it from the exclusion list. Click the X or delete button next to the entry. Changes take effect immediately for new connections.

Best Practices

Start minimal. Only exclude what's necessary. Every exclusion is traffic that isn't protected.

Use domain exclusions carefully. App exclusions are more precise. Domain exclusions affect all apps connecting to that domain.

Review periodically. Remove exclusions you no longer need. Streaming services update their VPN detection regularly, so exclusions that were once necessary may no longer be needed.