Banking apps that block VPNs
Add your banking app to the bypass list — it sees your real IP and works normally, while your browser and other apps stay tunneled.
//05Split tunneling
Route only the apps you want through the VPN.
Stream on your local IP while your browser tunnels. Or do the opposite — keep your office's VPN intact while everything else exits via SecureFox.
//01Why this matters
All-or-nothing is rarely what you want.
Two real-world problems: your banking app refuses to load over a VPN IP, and your office's Citrix needs your real IP to authenticate. With all-or-nothing VPN, you have to disconnect every time you switch apps — and the moment you forget, you've leaked something. Split tunneling solves both: pick which apps go through the VPN, the rest exit through your ISP. The choice is per-app and persistent, not a per-session toggle you can forget to flip.
//02How it works
Per-app routing at the OS level.
Android's VpnService natively supports per-app allow/disallow lists — we expose this directly. Windows uses WFP per-app filters, scoped to executable path. macOS uses pf rules tagged with the app's bundle identifier. iOS doesn't permit per-app routing without an MDM profile (Apple restriction), so split tunneling on iOS is configured at the destination level (allow list of bypass hostnames) rather than per-app.
AndroidVpnService per-app allow / disallow
WindowsWFP filter scoped to .exe path
macOSpfctl per-bundle-id
iOSPer-destination bypass list (MDM not required)
//03Use cases
Common reasons people use split tunneling.
Streaming local content
Watch your home country's Netflix or Spotify from abroad through your VPN, while local apps (food delivery, transit) keep working with your actual location.
Work VPNs alongside SecureFox
Route only personal browsing through SecureFox while your work VPN keeps your corporate IP.
LAN access while connected
Bypass the VPN for local IPs (printers, NAS, Chromecast, AirDrop) so your home setup stays accessible.
//04What you get
Granular control without the friction.
- Per-app allow / disallow lists (Android, Windows, macOS)
- Per-destination bypass lists for iOS
- Persistent across reboots and app launches
- Live preview: see which app is using which exit
- One-tap toggle to disable split tunneling temporarily
//05Split tunneling FAQ
Common questions about per-app routing.
Is split tunneling less secure than all-or-nothing?+
It depends on which apps you bypass. The traffic that goes through the VPN is just as protected; the traffic that bypasses is as exposed as if you weren't using a VPN at all. Use it deliberately.
Why doesn't iOS support per-app routing?+
Apple reserves that capability for MDM-managed (enterprise) devices. For consumer apps, only per-destination bypass is allowed. Android, Windows, and macOS have no such restriction.
Will it leak DNS for bypassed apps?+
Bypassed apps use your system DNS (typically your ISP's). If you want consistent DNS for bypassed traffic too, set a third-party DNS in your OS network settings.
Can I bypass by domain instead of by app?+
Yes on iOS (per-destination bypass list). On other platforms, per-app is the default but we expose a per-domain rule for advanced users in Settings → Advanced.
//06Features
Related features
[ Ready ]
Try it free.
Anonymous mode gives you 1 GB every week, no account required. Sign up later for 2 GB.