Academic · By Ujitha Rodrigo ·
In today’s rapidly evolving digital landscape, modern network infrastructures demand secure and flexible remote access solutions. With the advancement of UniFi gateways (both cloud-managed and non-cloud consoles), administrators now have access to multiple VPN technologies such as WireGuard, OpenVPN, IPsec, and PPTP.
Among these, OpenVPN remains one of the most widely used and reliable solutions for implementing remote access VPN (client-to-site) and site-to-site VPNs.
However, many network administrators configure VPN access without a clear understanding of two critical concepts:
- Full Tunnel VPN
- Split Tunnel VPN
This article by OneAccess Technologies explains these concepts in a practical context and demonstrates how to enable Split Tunneling using OpenVPN on UniFi Cloud Gateways.
Real-World Scenario
Let’s consider a practical deployment scenario:
- Your office is equipped with a UniFi UDM-Pro Gateway
- LAN network: 192.168.0.0/24
- Public static IP: 223.212.244.2/30 (WAN interface)
- You have multiple remote employees working from home
- They need secure access to an internal ERP system hosted within the office network
As a network administrator, your task is to:
- Configure an OpenVPN server on the UniFi gateway
- Generate and distribute .ovpn configuration files to users
- Allow users to connect via the OpenVPN client application
Once connected, remote users can securely access internal resources such as servers, databases, and ERP systems.
The Key Decision: Full Tunnel vs Split Tunnel
At this stage, a critical configuration decision must be made:
Should all user traffic pass through the VPN, or only traffic intended for the office network?
This is where Full Tunneling and Split Tunneling come into play.
What is Full Tunnel VPN?
In a Full Tunnel VPN configuration, all internet traffic and vpn Traffic from the remote user is routed through the VPN tunnel to the UniFi gateway (OpenVpn Server).
Key Characteristics:
- Entire user traffic flows through the office network
- Centralized security and monitoring
- Increased bandwidth usage on the office gateway
- Potential latency for general internet browsing
Use Case: Organizations requiring strict security policies Environments where all user activity must be inspected and logged
What is Split Tunnel VPN?
In a Split Tunnel VPN configuration, only specific traffic (e.g., office LAN resources -ERP Server) is routed through the VPN, while the rest of the user’s internet traffic goes directly through their local ISP.
Key Characteristics:
- Only corporate traffic passes through VPN
- Reduced load on the UniFi gateway
- Better performance for users
- Lower latency for general internet usage
Use Case: Remote teams needing access only to internal systems (ERP, file servers, etc.) Businesses optimizing bandwidth and performance
Why Split Tunneling Matters in UniFi OpenVPN
In most real-world deployments, especially in SMB and enterprise environments, Split Tunneling is the preferred approach because:
- It prevents unnecessary routing of all user traffic through the UDM-Pro
- It improves user experience
- It optimizes network resource utilization
- It reduces VPN overhead and bottlenecks
In Part 02,
we will walk you through the complete Split Tunneling configuration process on UniFi using OpenVPN. Subscribe to OneAccess Technologies for expert-driven network solutions and in-depth technical content.