By default, when VPN clients connect to a Windows VPN server, all Internet and network traffic will first flow through the VPN tunnel to the server.
If the only purpose for the end-user to use a VPN is to remotely access network shares and resources, you can greatly reduce wasted bandwidth on the VPN by using a method commonly called Split Tunneling. This makes the VPN client first direct traffic to the local network and only direct traffic through the VPN when a host isn’t available on the local network, such as when accessing file shares on the network where the VPN server resides. This means when they are browsing websites and accessing other servers on the web they are using the Internet connection of the local network instead of the VPN.
If the end-user is on a public network (Wi-Fi hotspot or Internet port) or unsecured Wi-Fi network, then you should not enable Split Tunneling. There are security risks of using this technique when on untrusted networks, and you probably want to secure their traffic from the local network as well.
To enable Split Tunneling in Windows:
- On the Network Connections window, right-click the VPN connection and select Properties.
- Select the Network tab and double-click Internet Protocol (TCP/IP).
- Click the Advanced button and uncheck Use default gateway on remote network.
- Click OK on the dialog boxes to save changes.