Page 1 of 1

excluded route not working when specified by hostname

Posted: Sun Apr 14, 2019 3:55 pm
by bribri
I'm trying to add a line to my VPN's opvn file so that it will exclude a specific website from being sent through the VPN. I'm trying to use:

Code: Select all

route website.hostname 255.255.255.255 net_gateway
...however it's not working in OpenVPN Connect on iOS. The logs never display something like:

Code: Select all

NIP: adding (excluded) IPv4 route A.B.C.D/32
If I use the site's IP address such as:

Code: Select all

route A.B.C.D 255.255.255.255 net_gateway
...it does work and I see the appropriate "adding (excluded)" in the log.

This website uses a dynamic IP, though, so it's not viable for me to exclude it only by IP address.

What's going wrong? Is using the site's hostname supported on iOS? I don't have trouble setting that up on my computer's OpenVPN client.

Here is my configuration in case it helps, with private information redacted:

Code: Select all

remote A.B.C.D X 
remote A.B.C.D Y
remote A.B.C.D Z 
auth-user-pass
client
dev tun
hand-window 120
inactive 604800
mute-replay-warnings
nobind
persist-key
persist-remote-ip
persist-tun
ping 5
ping-restart 120
redirect-gateway def1
remote-random
reneg-sec 3600
resolv-retry 60
route-delay 2
route-method exe
script-security 2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-RSA-WITH-AES-256-CBC-SHA
tls-timeout 5
verb 4
tun-ipv6
tun-mtu  1500
proto tcp
comp-lzo
cipher AES-128-CBC
auth SHA512
ignore-unknown-option ncp-disable
ncp-disable
remote-cert-tls server
key-direction 1
allow-pull-fqdn

route website.hostname 255.255.255.255 net_gateway

<ca>
...</ca>
<cert>
...</cert>
<key>
...</key>
<tls-auth>
...</tls-auth>