VPN configuration types
VPN apps often show settings such as full tunnel, split tunneling, DNS protection, and kill switch. They all affect how traffic is routed: what goes through the VPN and what stays on the normal network.
Full tunnel and split tunneling 🌐
The most important VPN setting is which traffic uses the VPN. This changes what ISPs and destination services can see.
Main differences
| Setting | Behavior | Good fit |
|---|---|---|
| Full tunnel | Routes almost all traffic through the VPN | Public Wi-Fi protection, making traffic use the VPN exit IP |
| Split tunneling | Routes only selected apps or destinations through the VPN | Company systems through VPN, video or games over the normal network |
| Per-app VPN | Applies VPN routing app by app | Use VPN for only a browser, game, or specific app |
Cautions
- Full tunnel gives broader coverage, but can affect speed and latency.
- Split tunneling is convenient, but traffic outside the VPN uses the normal network IP.
- The choice changes what ISPs and services can see.
DNS settings and DNS leaks
DNS converts domain names to IP addresses. If DNS queries go outside the VPN, clues about visited domains may remain visible on the normal network side.
Common patterns
- Use VPN-provided DNS: easier to keep name lookups inside the VPN tunnel.
- Use OS or router DNS: depending on settings, queries may go outside the VPN.
- Use DoH/DoT: encrypts DNS itself, but whether it uses the VPN path depends on app and OS settings.
WebRTC leaks and local IPs
WebRTC powers browser voice/video features. Depending on browser and settings, it may expose local IPs or alternate path information to websites.
How to think about it
- Enable leak protection in the VPN app when available.
- Limit WebRTC IP exposure in browser settings or with an extension.
- If work apps or games need WebRTC, disabling it may affect functionality.
Kill switch and auto reconnect 🔒
A kill switch blocks normal-network fallback if the VPN disconnects. Combined with auto reconnect, it reduces accidental traffic outside the VPN.
When it helps
- When a task must keep using the VPN exit IP.
- When using public Wi-Fi and avoiding raw network fallback matters.
- For games and calls, it can interrupt traffic, so balance safety with usability.
VPN protocol types
A VPN protocol is the method used to build the tunnel. It affects speed, stability, device support, and whether restrictive networks block it.
Common examples
| Protocol | Traits | Good fit |
|---|---|---|
| WireGuard | Often lightweight and fast, friendly for mobile use | Consumer VPNs, always-on connections |
| OpenVPN | Long track record, flexible TCP/UDP configurations | Compatibility, restrictive networks |
| IPsec/IKEv2 | Widely supported by OSes and common in enterprise VPNs | Company VPNs, mobile reconnection |
| SSL-VPN | Often used with browsers or dedicated clients for internal access | Remote access, company systems |
How to choose
A practical default is full tunnel + VPN-provided DNS + kill switch, then exclude only the apps where speed or compatibility is a problem.
By use case
- Public Wi-Fi: prefer full tunnel, DNS protection, and kill switch.
- Company VPN: split routing for internal systems is common; follow company policy.
- Gaming: if latency gets worse, keep the game on the normal network and use VPN for the browser only.
- To understand visibility effects, also read What others see when you use a VPN.