VPN Haus: How is split tunneling impacted by IPv6 dual-stack networking?
Swen: The main thing to remember is, split tunneling needs to be specifically configured. For instance, in a “dual-stacked” world – which implements both IPv4 and IPv6 stacks — you will have to configure either both or just only one, depending on which stacks you plan to use. Once you’ve completed this configuration, split tunneling will be processed — no matter if the traffic is IPv4 or IPv6. Simply put, to enable split tunneling on IPv6, you only need to configure the stack – but otherwise it should run smoothly.
VPN Haus: How does split tunneling differ from inverse split tunneling?
Swen: I know it’s stating the obvious, but it’s inverse. Here’s what that means. With conventional split tunneling you configure some networks that are to be processed within the tunnel, which means there are others not be taken into the tunnel. With inverse split tunneling it is just the other way round. You configure those networks that are not be processed through the tunnel and all the rest will be taken into the tunnel. In other words, split tunneling becomes the rule — not the exception.
VPN Haus: In cases of split tunneling for the home office, do you recommend the corporate VPN be set as the default gateway to first route all traffic, dropping those requests deemed unnecessary to secure?
Swen: Usually yes. But ultimately, it depends on the security policies of the company. Generally, the recommended approach is to direct all of the traffic into the corporate tunnel, so that all of the company’s security protocols can apply to the traffic and fulfill the organization’s security needs.