SplitTunnel with OpenVPN
How per-app routing works alongside OpenVPN on macOS
Key Takeaways
SplitTunnel works alongside any OpenVPN client without modifying VPN configuration
Routing is managed at the macOS level using Apple-approved native technology
Apps routed through VPN get the same OpenVPN tunnel protection as before
How SplitTunnel Works with OpenVPN
OpenVPN creates an encrypted tunnel between your Mac and a VPN server. SplitTunnel operates at a different layer of the macOS networking stack, managing which applications send traffic through that tunnel and which connect directly over your physical interface.
The two work independently. OpenVPN manages the tunnel — encryption, authentication, and the secure connection. SplitTunnel manages per-app routing decisions at the OS level.
Compatible OpenVPN Clients
SplitTunnel works alongside any OpenVPN client on macOS:
- •
Tunnelblick
- •
Viscosity
- •
OpenVPN Connect
- •
Any other client that creates an OpenVPN tunnel
What Per-App Routing Means
Traditional VPN routing works at the network level — traffic to certain IP ranges goes through the tunnel. Per-app routing works at the application level — you choose which apps use VPN and which connect directly.
- •
Apps routed through VPN get full OpenVPN tunnel protection
- •
Apps routed direct connect over your physical network interface
- •
Your OpenVPN client stays connected and unmodified
- •
Routing rules persist across VPN reconnections
How It Works
SplitTunnel runs as an approved macOS system extension, giving it the ability to manage per-app routing without modifying your VPN connection.
- •
Runs as a macOS system extension (not a kernel extension)
- •
Requires explicit user permission to install
- •
Manages routing decisions per application
- •
Does not inspect, log, or modify packet contents
SplitTunnel never modifies your OpenVPN configuration files, certificates, or connection settings. It operates separately from your VPN client.
Setting Up SplitTunnel with OpenVPN
Install SplitTunnel and grant the system permission when prompted
Connect to OpenVPN using your preferred client as you normally would
Open SplitTunnel from the menu bar and set routing rules for your apps
Apps route according to your rules — VPN or direct
Example Configuration
Route Through VPN
- •
Slack, Microsoft Teams
- •
Work email client
- •
Browsers used for internal tools
- •
Corporate applications
Route Direct
- •
Spotify, Apple Music
- •
Netflix, YouTube
- •
Personal browser
- •
FaceTime, personal video calls
Verifying the Setup
Confirm your OpenVPN client shows Connected
Open SplitTunnel and check app routing status
Test a work app — should reach internal resources normally
Test a direct app — should reflect your physical connection speed
Confirm OpenVPN remains connected throughout
Compatibility Notes
- •
Works with OpenVPN 2.x protocol connections on macOS
- •
Compatible with any OpenVPN client (Tunnelblick, Viscosity, OpenVPN Connect)
- •
Routing rules persist across OpenVPN reconnections
- •
Compatible with OpenVPN's DNS and proxy settings
Troubleshooting
Internal resources unreachable
Verify the app is set to route through VPN in SplitTunnel. Check that your OpenVPN client still shows a connected status.
Direct apps still slow
Confirm the app is set to direct in SplitTunnel. Some apps use helper processes — you may need to add those as well.
DNS issues
OpenVPN may configure DNS settings as part of the connection. SplitTunnel handles DNS routing automatically alongside the OpenVPN DNS configuration.
Frequently Asked Questions
Works With Any OpenVPN Client
Per-app routing at the macOS level. Your OpenVPN connection stays untouched.
7-day free trial · Cancel anytime