By default, when most clients connect to a vpn server all traffic initiating from your computer is sent across the VPN tunnel. However, the VPN server is configured only to treat and forward traffic with specific destinations configured as secured routes, all other traffic not matching a destination "secure network" list is dropped by the VPN server.

Split tunneling is commonly configured on the connecting client to receive pushed secure route's or set statically. In this situation, only specific traffic matching a "secure" destination address is forwarded out the virtual tunnel interface. All other traffic is routed normally and un-secured through the configured default gateway. These specific routes are configured on the VPN server and can normally be seen injected into the client's route table while connected to the VPN.

The advantages of split-tunneling is that it allows the connected client connectivity to both secure networks AND normal un-secured traffic while connected. The disadvantage is that the client is putting the remote connected network at risk because they are bypassing secure gateways that might normally be found on the remote network's infrastructure, making it accessible through the non-secured public network.