How to Use VPN for Only Certain Apps on Mac
Keep specific apps on VPN while others connect directly
Key Takeaways
Most VPNs force all apps through the tunnel—but you can change this
Per-app VPN lets you choose which applications need VPN protection
SplitTunnel makes it easy to specify which apps use VPN
The All-or-Nothing VPN Problem
Traditional VPNs give you two choices: everything through the tunnel, or nothing at all. Connect and all traffic goes through VPN. Disconnect and nothing is protected.
- •
Connect VPN → All apps route through tunnel
- •
Disconnect VPN → No apps protected
- •
No middle ground with most VPN clients
- •
But some apps need VPN while others work better without it
When You Need VPN for Only Certain Apps
- •
Work apps need internal network access for corporate resources
- •
Personal apps don't need to route through your employer's network
- •
Streaming apps slow down and show wrong region on VPN
- •
Gaming suffers from VPN latency
- •
Local network apps can't reach devices through VPN tunnel
Understanding Per-App VPN
Per-app VPN lets you choose exactly which applications use the VPN tunnel. Everything else connects directly to the internet.
- •
Select specific apps to route through VPN
- •
All other apps bypass VPN automatically
- •
Work apps: Secure access to internal resources
- •
Personal apps: Full speed, no VPN overhead
Setting Up VPN for Specific Apps
Step 1: Install SplitTunnel
- •
Download SplitTunnel for Mac
- •
Install and launch the app
- •
Grant network extension permission when prompted
- •
Approve in System Settings → Privacy & Security
Step 2: Connect Your VPN
- •
Use your normal VPN client as always
- •
Works with Cisco AnyConnect, GlobalProtect, OpenVPN, and others
- •
Verify VPN shows connected
Step 3: Configure App Routes
- •
Open SplitTunnel
- •
Browse the list of applications
- •
Set apps that need VPN to "VPN" route
- •
Set apps that should bypass to "Direct" route
- •
Settings apply immediately
Recommended Apps for VPN Route
Corporate Communication
- •
Slack — Access internal channels
- •
Microsoft Teams — Company meetings and chat
- •
Zoom — If company-hosted
- •
Corporate email client
Work Tools
- •
Browsers for internal web apps
- •
Development tools accessing internal servers
- •
Internal file share clients
- •
Corporate cloud storage apps
Recommended Apps for Direct Route
Entertainment
- •
Netflix, YouTube, Disney+ — Avoid region issues
- •
Spotify, Apple Music — Stop buffering
- •
Gaming platforms — Lower latency
Personal
- •
Personal email client
- •
Social media apps
- •
Banking apps
- •
Personal cloud storage
Configuration Examples
Minimal VPN (Most Direct)
- •
VPN: Only Slack and work email
- •
Direct: Everything else
- •
Best for: Occasional internal resource access
Balanced (Most Common)
- •
VPN: Work apps and one browser for internal sites
- •
Direct: Streaming, gaming, personal apps
- •
Best for: Regular remote work
Maximum VPN (Most Secure)
- •
VPN: All apps by default
- •
Direct: Only streaming and gaming
- •
Best for: Security-conscious users
Start with minimal VPN routing and add apps as needed. It's easier to add than to troubleshoot why something isn't working.
Verifying Your Configuration
Connect your VPN
Configure SplitTunnel routes
Test a VPN-routed app: Can it access internal resources?
Test a direct-routed app: Is it at full speed?
Check IPs: VPN app shows VPN IP, direct app shows real IP
Maintaining Your Setup
- •
Routes persist across VPN reconnects and reboots
- •
Add new apps to routing rules as you install them
- •
Adjust routes based on your usage patterns
- •
No need to reconfigure after updates
SplitTunnel remembers your preferences. Set it up once and your apps automatically route correctly every time you connect.
Frequently Asked Questions
Choose Which Apps Use VPN
Route work apps through VPN. Let everything else connect directly.
7-day free trial · Cancel anytime