excluded route not working when specified by hostname

Post Reply
bribri
OpenVpn Newbie
Posts: 2
Joined: Sun Apr 14, 2019 3:33 pm

excluded route not working when specified by hostname

Post by bribri » Sun Apr 14, 2019 3:55 pm

I'm trying to add a line to my VPN's opvn file so that it will exclude a specific website from being sent through the VPN. I'm trying to use:

Code: Select all

route website.hostname 255.255.255.255 net_gateway
...however it's not working in OpenVPN Connect on iOS. The logs never display something like:

Code: Select all

NIP: adding (excluded) IPv4 route A.B.C.D/32
If I use the site's IP address such as:

Code: Select all

route A.B.C.D 255.255.255.255 net_gateway
...it does work and I see the appropriate "adding (excluded)" in the log.

This website uses a dynamic IP, though, so it's not viable for me to exclude it only by IP address.

What's going wrong? Is using the site's hostname supported on iOS? I don't have trouble setting that up on my computer's OpenVPN client.

Here is my configuration in case it helps, with private information redacted:

Code: Select all

remote A.B.C.D X 
remote A.B.C.D Y
remote A.B.C.D Z 
auth-user-pass
client
dev tun
hand-window 120
inactive 604800
mute-replay-warnings
nobind
persist-key
persist-remote-ip
persist-tun
ping 5
ping-restart 120
redirect-gateway def1
remote-random
reneg-sec 3600
resolv-retry 60
route-delay 2
route-method exe
script-security 2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-RSA-WITH-AES-256-CBC-SHA
tls-timeout 5
verb 4
tun-ipv6
tun-mtu  1500
proto tcp
comp-lzo
cipher AES-128-CBC
auth SHA512
ignore-unknown-option ncp-disable
ncp-disable
remote-cert-tls server
key-direction 1
allow-pull-fqdn

route website.hostname 255.255.255.255 net_gateway

<ca>
...</ca>
<cert>
...</cert>
<key>
...</key>
<tls-auth>
...</tls-auth>

bribri
OpenVpn Newbie
Posts: 2
Joined: Sun Apr 14, 2019 3:33 pm

Re: excluded route not working when specified by hostname

Post by bribri » Fri Nov 01, 2019 8:58 pm

Bumping -- I still have this same problem with the latest version of OpenVPN Connect. Can anyone please assist? It's preventing me from being able to get my VPN servers configured correctly on iOS.

The same ovpn file when loaded on my mac (with either Viscosity or Tunnelblick) works correctly and the hostname I specify in the route option is correctly routed through the local gateway and not the VPN. But when I load the file in OpenVPN Connect on iOS it doesn't work!

Is "allow-pull-fqdn" simply not supported in OpenVPN Connect?

Post Reply