How to Fix Slow WiFi Speeds When Using a VPN: Split Tunneling, Protocol Selection, and Router-Level Tips

Running a VPN is one of the best ways to protect your privacy online — but it comes at a cost. Encryption overhead, extra routing hops, and protocol inefficiencies can slash your effective download speed by anywhere from 20% to 60%. The good news: most of that loss is recoverable. This guide walks through the three most effective fixes: switching to a faster protocol, enabling split tunneling, and optimizing at the router level.

Why Does a VPN Slow Down WiFi?

Before fixing the problem, it helps to understand what’s actually causing it. A VPN slows your connection for three distinct reasons:

• Encryption overhead: Every packet your device sends is wrapped in an additional encryption layer. Older protocols like OpenVPN can add up to 25% bandwidth overhead per packet.
• Server distance and routing: Your traffic travels to a VPN server before reaching its destination. If that server is geographically distant or heavily loaded, round-trip latency climbs significantly.
• CPU throttling: On older devices or budget routers running VPN firmware, the processor may struggle to encrypt and decrypt traffic fast enough to saturate your connection.

Run a baseline test on our WiFi speed test tool both with and without your VPN active. The difference in the two results tells you exactly how much speed your VPN is costing you.

Fix 1: Switch to WireGuard Protocol

Protocol choice is the single biggest lever you have for VPN speed. Here’s how the three main protocols compare based on real-world benchmark data:

• WireGuard: ~892 Mbps average throughput, ~5.6% bandwidth overhead, ~8ms added latency. Connection establishes in 0.3–0.5 seconds.
• IKEv2/IPSec: ~815 Mbps average throughput, ~13.8% overhead, ~12ms added latency.
• OpenVPN (UDP): ~702 Mbps average throughput, ~25.7% overhead, ~22ms added latency. Connections take 2–4 seconds to establish.

WireGuard wins on every speed metric because it uses a leaner codebase (~4,000 lines of code vs. OpenVPN’s ~100,000) and modern cryptography (ChaCha20) that is hardware-accelerated on virtually every current CPU and mobile SoC.

How to Switch Protocols

In most VPN apps the process is the same: open Settings → Protocol (or “Connection”) and select WireGuard. If your provider doesn’t support WireGuard, IKEv2 is the next best option. Only fall back to OpenVPN TCP if you’re on a network that actively blocks UDP traffic (common on hotel or corporate WiFi).

Fix 2: Enable Split Tunneling

Split tunneling is the most impactful fix for day-to-day browsing because it lets you route only the traffic that needs VPN protection through the encrypted tunnel — everything else goes directly over your ISP connection at full speed. Studies show correctly configured split tunneling can improve overall internet performance by 45–60% compared to a full-tunnel setup.

App-Based Split Tunneling

Most VPN clients (NordVPN, ExpressVPN, Mullvad, ProtonVPN) offer per-app split tunneling:

1. Open your VPN app and navigate to Settings → Split Tunneling.
2. Choose Exclusive mode (protect only selected apps) or Inverse mode (protect everything except selected apps).
3. Add high-bandwidth apps like your streaming service, video game client, or video call app to the bypass list. Keep privacy-sensitive apps (browser, email, torrent client) on the VPN.
4. Reconnect the VPN and re-run a speed test to confirm improvement.

URL/IP-Based Split Tunneling

Some clients support split tunneling by domain or IP address instead of by app. This is useful if a single app — say, a browser — handles both sensitive traffic (banking) and bandwidth-intensive traffic (YouTube). Add the IP ranges for streaming CDNs or gaming servers to the bypass list while keeping everything else on-tunnel.

Fix 3: Choose a Closer, Less-Loaded Server

Every extra millisecond of latency compounds under a VPN because the tunnel adds a round trip to a server before your packet reaches its destination. If you’re connected to a server on a different continent — or one that’s overloaded at peak hours — you’ll see both high latency and reduced throughput.

• Select the server closest to your physical location unless you specifically need an IP from another country.
• Look for servers labeled “P2P”, “Optimized”, or with a low load percentage in your VPN app.
• Avoid servers with load above 70–80% — most premium VPN apps show live load metrics.
• Try connecting at off-peak hours (early morning) to benchmark your true maximum VPN speed vs. congestion-affected speeds.

Fix 4: Run the VPN on Your Router (for Whole-Home Use)

If you run a VPN client on each individual device, every device burns its own CPU cycles on encryption. Running the VPN at the router level centralizes that work, lets every device on the network benefit without installing any software, and — on capable hardware — offloads encryption to dedicated chips.

Router Hardware Requirements

Not all routers can handle gigabit-speed VPN traffic. A router with a dedicated VPN hardware accelerator (common on ASUS and Netgear Nighthawk models) can sustain 400–900 Mbps of WireGuard throughput. A mid-range router with a dual-core ARM processor typically maxes out around 150–200 Mbps on OpenVPN, which is a bottleneck if your ISP plan is faster than that.

For best results, look for routers explicitly advertising VPN throughput specs, or consider a dedicated mini-PC running pfSense or OPNsense as your VPN gateway.

Combining Router VPN with Split Tunneling

Many router-level VPN setups (DD-WRT, Tomato, ASUS Merlin) support policy-based routing, which is essentially split tunneling at the network level. You can route specific devices (work laptop, phone) through the VPN while keeping smart TVs and game consoles on the direct ISP connection — giving you privacy where you need it and full speed where you don’t.

Fix 5: Optimize Your WiFi Connection Independently

A VPN can’t deliver speeds faster than your WiFi connection itself. If your WiFi link is already the bottleneck, switching VPN protocols won’t help. Make sure your WiFi fundamentals are solid before blaming the VPN:

• Connect to the 5GHz or 6GHz band rather than 2.4GHz. The 2.4GHz band tops out around 150–300 Mbps in real-world conditions, which means a faster VPN protocol has no room to perform.
• Ensure your router is running recent firmware. Some routers have had firmware bugs that caused significant throughput regression. See our guide on updating router firmware.
• If your router is more than four years old, WiFi overhead from outdated 802.11ac (WiFi 5) MU-MIMO handling can compound VPN latency. A WiFi 6 or WiFi 6E router reduces per-device contention significantly.

When a VPN Can Actually Improve Speeds

In one scenario, enabling a VPN can increase your effective speed: ISP throttling. Some ISPs throttle traffic to specific services — video streaming platforms, torrents, gaming servers — when they detect the traffic type via deep packet inspection (DPI). A VPN encrypts your traffic, preventing the ISP from identifying what you’re doing, which can bypass throttling entirely. If you notice consistently slow speeds on a particular service but good speeds on others, throttling may be the cause. Our guide on checking if your ISP is throttling your connection explains how to confirm this.

Quick Reference: VPN Speed Fixes by Symptom

• All traffic slow on VPN → Switch to WireGuard, connect to a closer server.
• Streaming and gaming slow, browsing fine → Enable split tunneling, bypass those apps.
• VPN fast on phone, slow on laptop → Check laptop CPU load; old hardware may be encryption-limited.
• VPN fast in morning, slow at night → Server congestion; switch to a less-loaded server or different region.
• All speeds slow regardless of VPN → WiFi is the bottleneck, not the VPN. Run a test at wifispeed.com and compare wired vs. wireless results.