Gå til hovedinnhold

Split tunneling on macOS

App 

Split tunneling was introduced earlier last year to the macOS app. The 2025.2 release irons out some issues that remained, and the feature is now considered stable on all desktop platforms.

 

Split tunneling allows you to exclude select apps from the VPN, for example if you need to use services that do not work well with VPNs. Read more here: Split tunneling with the Mullvad app .

The initial release for macOS was included in version 2024.4 of the app. This new release includes fixes for issues with packet loss, improved user experience for handling permissions, and ensures that the feature does not affect network traffic when disabled.

How to use it

You can find the feature under Settings > Split tunneling. It can also be configured using the command-line interface: run mullvad split-tunnel for more information.

When using the feature for the first time, you may be prompted to enable full-disk access for the app. This permission allows the Mullvad daemon to track processes and ensure that only selected apps bypass the VPN tunnel.

Limitations

Although it supports many common uses, there are several caveats. Some are listed below.

Cannot exclude Safari (and WebKit)

WebKit renders pages in processes that are not forked from the browser process. We currently cannot determine that such traffic should be excluded, given that we only exclude processes and their subprocesses. This limitation affects interprocess communication in general.

You can make sure that the browser is excluded by visiting our connection check page, and noting that it displays a red warning with the text “Not using Mullvad VPN”.

Performance

Split tunneling relies on tunneling all traffic through an additional tunnel interface, so there is a significant overhead, for both excluded apps and VPN traffic. All apps will likely have slower connectivity when split tunneling is enabled.

OS version

Split tunneling is only available on macOS 13 and above.

Tunnel lifetime 

Sometimes connections break when toggling split tunneling or disconnecting from the VPN. This is because connections are tied to the lifetime of the tunnel interface. For many applications, this does not matter, but it may cause interruptions.