The University's VPN service employs split tunneling. In this configuration, network traffic between your computer and the University network is sent across the encrypted VPN tunnel, while traffic to other sites on the Internet travels out your ISPs connection like normal. This is done as a measure to reduce load on the VPN servers.

When you make a new network connection, your computer will check the destination to determine how to send that data by looking at the routing table configured on it. In most typical configurations, your computer will have an entry for your local network (e.g. other devices on your home network) and a default gateway that tells it to send everything to your upstream router (eg. your home router). The VPN client implements split tunneling by adding more-preferred routes to your computer's routing table corresponding the UT Austin campus networks to steer that traffic to the virtual interface corresponding to the VPN tunnel back to campus. So when you attempt to establish a new connection, your computer will send traffic one of two ways:

• Campus traffic - All data that is destined for the University of Texas campus is addressed so that it is delivered to the VPN server at the University of Texas. This includes web sites, departmental servers, lab machines, and other devices on the UT campus network.

• Non-campus traffic - All other data destined to anything else on the Internet goes out via your ISP. The VPN is not involved in handling this traffic.

Two main benefits with the split tunneling approach:

• It conserves bandwidth on the campus VPN system. The VPN servers have finite capacity, and handling all Internet traffic for all UT users would overwhelm the system, resulting in poor service for all users. (To purchase enough VPN server capacity to accommodate all Internet traffic for all the University's VPN users would be a very substantial cost.)
• It helps protect privacy. The university's privacy policy strives to keep your information confidential, and this extends to your VPN connection. If you visit a Web page or server from home that is not located on the UT Austin campus, that information never reaches the VPN server. Your home network traffic will not be monitored in any way by the VPN service.

Potential Problem and Workaround

There are some potential issues that may arise from the split tunneling approach. The split tunneling is implemented by adding special, preferred entries to your computer's routing table for the network addresses used at the University, which includes some RFC1918 private network ranges commonly used on home networks. As a result, your computer may not be able to communicate with other devices on your home network while connected to the VPN.

A possible workaround is to re-address the devices on your home network to use different ranges than those used at the University. That way, traffic from your computer to those addresses will not be affected by the split-tunnel routes.

The routes that are part of the split tunnel configuration are:

The University currently does not use the 192.168.0.0 / 255.255.0.0 (address range: 192.168.0.0 - 192.168.255.255) network on campus, and thus does not include it in the split tunnel configuration. If your device needs to communicate with another private network while connected to the campus VPN service, you can use anything in that range, which will not be affected by the VPN.