VPN Bypass: Open-Source macOS Split Tunneling (Fast Look)
Working with a corporate VPN is a pain when all you want is Spotify to play without buffering or AirPlay to find your Apple TV. Most business VPNs route every single packet through the tunnel — leaving local network features broken and streaming services crawling. So what if you could pick and choose which traffic goes through the VPN and which goes directly to your home router?
VPN Bypass is a free, open-source macOS menu bar app that does exactly that. It lets you define which domains and services should bypass your VPN connection, routing them through your regular internet instead. No terminal config files to edit, no command-line knowledge required. But it does need admin privileges for route management — a one-time prompt on first launch.
Here’s what makes it different from your VPN’s built-in split tunneling: most commercial VPNs offer app-level controls or coarse routing rules. VPN Bypass works at the domain level and supports 10+ corporate VPN types — GlobalProtect, Cisco AnyConnect, OpenVPN, WireGuard, Fortinet, Zscaler, and more. So it basically fills the gap that neither your IT department nor your personal VPN provider has bothered to fix for macOS.
Hands-On With VPN Bypass
I tested VPN Bypass on a MacBook Pro M3 running macOS 14.5 Sonoma with a GlobalProtect corporate tunnel active. The install took under two minutes — brew install --cask vpn-bypass — and the shield icon appeared in the menu bar immediately.
Still, the first launch triggered a Gatekeeper warning because the app is ad-hoc signed. A quick xattr -cr /Applications/VPN\ Bypass.app sorted it out. Worth knowing if you’re planning to try it yourself.
The services tab comes preloaded with templates for Telegram, YouTube, WhatsApp, Spotify, and Tailscale. I clicked Telegram, hit Apply, and within seconds the app showed resolved IPs and active routes. My Telegram desktop client connected instantly — no more “waiting for network” errors while the VPN was active.
And the route verification feature is a nice touch. The app pings each bypassed domain after applying routes and flags any failures. That kind of feedback loop is rare in free tools.
| Feature | VPN Bypass | Typical Built-in Split Tunneling |
|---|---|---|
| Routing granularity | Domain-level | App-level only |
| macOS native support | ✅ Yes | ❌ Windows/Android only |
| Corporate VPN compatibility | ✅ 10+ types | ❌ Not available |
| Built-in service templates | ✅ 10+ (Spotify, Telegram, etc.) | ❌ None |
| Auto-apply on VPN connect | ✅ Yes | ❌ Manual |
| Route verification | ✅ Ping test after apply | ❌ None |
| Open source / auditable | ✅ GPL-3.0 | ❌ Proprietary |
| Install | Homebrew / DMG | Built-in (if available at all) |
Where It Falls Short
VPN Bypass is a single-developer project — 84 stars and 3 forks at the time of writing. The codebase is solid (Swift 5.9, XCTest tests, Codecov coverage), but there’s no real community around it. So if you hit a bug with an obscure VPN client, you’re filing a GitHub issue and waiting.
The Gatekeeper issue is another friction point. Ad-hoc signing means every macOS update or reinstall triggers the same “damaged” warning. Not a dealbreaker, but it’s not a smooth experience for non-technical users either.
I also noticed the auto-apply feature only triggers on VPN connect events. If your corporate VPN session expires silently — some do — the bypass routes stay applied, but they don’t auto-refresh until the next connect. So periodic route verification is worth keeping enabled.
How It Complements Your Existing VPN
If you already use a personal VPN like NordVPN or ProtonVPN, their built-in split tunneling on macOS has gotten better. NordVPN’s NordLynx offers app-level exclusion. ProtonVPN’s macOS client supports selective routing since version 4.6.
But neither handles corporate VPNs. So the real use case here is: use your personal VPN for privacy, and let VPN Bypass handle selective routing inside your corporate tunnel. They solve different problems, and together they cover the full split tunneling picture on macOS.
Bottom Line
VPN Bypass solves a real, specific problem: corporate VPN users on macOS who need domain-level traffic control and don’t have it. It’s free, open-source, actively maintained, and genuinely useful for the niche it targets. For two minutes of setup and zero cost, it’s worth a try if you spend your workday with a corporate VPN tunnel open and wonder why your local apps keep breaking.
Disclosure: Some links below are affiliate links. If you sign up through them, I may earn a commission at no extra cost to you.
- NordVPN — app-level split tunneling since NordLynx, from $3.09/mo