Home Quick Setup Guide Timus Manager Timus Connect App

Split Tunnel Configuration

This article explains the process of using and managing Split Tunnelling on the Settings -> Configuration -> Tunnel Configuration page.

Split tunneling allows custom rules based on a user or team to route the client traffic through the VPN or the internet based on IP address or domain name.

  1. Go to Timus Manager -> Settings -> Configuration page and click the Tunnel Configuration tab.

  2. Click the Create New button.

  3. After clicking on Create New, you will be able to configure your split tunnel rules.

  4. You can click on Add Source or Add Destinations to add multiple sources and destinations.

Title: Name the tunnel you are about to create. It may indicate the intended use.

Tunnel Mode: Through Internet: Your traffic will be going over your internet by using your IP address. Through VPN: Your traffic will be going over the Timus Connect Application, the Timus Gateway, instead of using your IP address.

Source: You can choose either a user or a team for selecting sources, and the split tunneling will be applied accordingly.

Destination: You can choose either an IP address or a domain name for selecting destinations, and the split tunneling will be applied accordingly.

  • By default, all users and teams route their traffic through the Timus VPN unless you change it to 'Through Internet'.

  • The Split Tunnel configuration works on Windows, macOS and Android in the current version of Timus Connect when the tunnel protocol is WireGuard.

  • This feature is currently unavailable when Timus Connect's tunneling protocol is OpenVPN or your operation system is iOS.

  • The browsers such as Google Chrome or Safari utilize cache mechanism so when you define a domain-based split tunnel rule, you may face some issues like connecting to the website through the VPN even if you have already defined a rule Through Internet.

  • macOS does not consider two rules defined on the same IP address valid and applies only one of them. The conflict may arise from Domain-Based or IP-Based split tunnel rules where these two IP addresses are considered identical.

  • While defining Through Internet rules with IP ranges, you should not include the DNS addresses of WireGuard, 192.168.249.1, or OpenVPN, 192.168.255.1. Defining Through Internet rules with these can cause some connection issues such as not being able to resolve the domain names such as timusnetworks.com.

  • While defining some domain-based split tunnel rules, you need to consider that some well-known platforms such as Instagram, WhatsApp or Facebook may use the same network/location/datacenter. Therefore, you may face that two different platforms have the same IP address. Due to resolving the IP addresses of the Domains, this may cause some conflicts. Here is an example below that due to the platforms having the same IP address, whatsapp.com and facebook.com will go through Internet even if you have selected the tunnel mode Through VPN. This is because in the split tunnel rule hierarchy, the one at the top takes precedence, and once a result is found, the other rules are ignored.

  • If a Split Tunnel rule is defined for a specific user such as TIMUS-USER, and a separate rule is defined for All users or All teams, the rule specified for the individual user, TIMUS-USER, takes precedence and is effective over the general rule so that the rule defined for an individual user takes precedence over the rule set for All Users or All Teams.

  • If you are using a roaming DNS client on your end-devices, such as ScoutDNS or Cisco Umbrella, a split tunnel that excludes localhost from passing through the gateway will be required for name resolution.

  • When multiple websites utilize proxy services such as CloudFlare to enhance their security and anonymity, it can potentially result in IP address conflicting within the Split Tunnel configuration. This is because certain proxy providers, like CloudFlare, allocate the same IP address to multiple websites. For instance, if you choose to route traffic for 'test.com' through the internet using CloudFlare as a proxy provider, and simultaneously select 'test2.com' to route through a VPN also utilizing CloudFlare, you may observe that 'test.com' goes through the VPN while 'test2.com' goes through the internet. Such routing discrepancies can arise from the shared use of a proxy service, leading to conflicts between the internet and VPN routes.

  • You are not allowed to set any configurations regarding the domains belonging to Timus Networks on the Split Tunnel.

  • If you are using a roaming DNS client on your end-devices, such as ScoutDNS or Cisco Umbrella, a split tunnel that excludes localhost from passing through the gateway will be required for name resolution. The configuration would be as follows: Source: (Whoever is affected by the DNS client) Tunnel Mode: Through Internet Destination IP: 127.0.0.1/32

PreviousCreate Site to Site IPsec ConnectionsNextManage Networks

Last updated