inet4_route_address doesn't work on iOS

Operating system

iOS

System version

16.6.1

Installation type

sing-box for iOS Graphical Client

If you are using a graphical client, please provide the version of the client.

1.8.5

Version

No response

Description

Hello! I use inet4_route_address and it good works on Android. But same config doesn't work on iOS how I waiting.

For example I use:

inet4_route_address

"inet4_route_address": [ "178.62.9.171/32", "31.13.24.0/21", "31.13.64.0/18", "45.64.40.0/22", "57.144.0.0/14", "66.220.144.0/20", "69.63.176.0/20", "69.171.224.0/19", "74.119.76.0/22", "102.132.96.0/20", "103.4.96.0/22", "129.134.0.0/17", "157.240.0.0/17", "157.240.192.0/18", "163.70.128.0/17", "163.77.128.0/17", "173.252.64.0/18", "179.60.192.0/22", "185.60.216.0/22", "185.89.216.0/22", "204.15.20.0/22" ]

And proxy uses only for these adresses. It works on Android. I check myip.ru (178.62.9.171/32 on config) - and see IP from my VPS. I check other sites (like ifconfig.me) - and see IP from my ISP.

But on iOS it doesn't work :( All traffic goes via proxy.

I found similar issue https://github.com/SagerNet/sing-box/issues/1216 And I tryed use: "inet4_route_exclude_address": ["0.0.0.0/0"] But it doesn't take effect. Then for experiment I tryed use: "inet4_route_exclude_address": ["195.201.201.35/32"] and it works, this adress goes via ISP.

Can you fix it or gives me another solution? Now I have to use 'rules' in outbounds section for use proxy only puted adresses, but it non optimal solution for phone battery...

Reproduction

Full config:


{
  "dns": {
        "reverse_mapping": true,
        "strategy": "ipv4_only",
        "independent_cache": true,
    "rules": [
      {
        "domain": [
          "MY VPS for shadowsocks",
          "MY another VPS for json config",
          "dns.google"
        ],
        "server": "dns-direct"
      }
    ],
    "servers": [
      {
        "address": "https://dns.google/dns-query",
        "address_resolver": "dns-direct",
        "tag": "dns-remote"
      },
      {
        "address": "local",
        "address_resolver": "dns-local",
        "detour": "direct",
        "tag": "dns-direct"
      },
      {
        "address": "local",
        "detour": "direct",
        "tag": "dns-local"
      },
      {
        "address": "rcode://success",
        "tag": "dns-block"
      }
    ]
  },
  "inbounds": [
    {
      "domain_strategy": "ipv4_only",
      "endpoint_independent_nat": false,
      "inet4_address": [
        "172.19.0.1/28"
      ],
      "inet4_route_address": [
        "178.62.9.171/32",
        "31.13.24.0/21",
        "31.13.64.0/18",
        "45.64.40.0/22",
        "57.144.0.0/14",
        "66.220.144.0/20",
        "69.63.176.0/20",
        "69.171.224.0/19",
        "74.119.76.0/22",
        "102.132.96.0/20",
        "103.4.96.0/22",
        "129.134.0.0/17",
        "157.240.0.0/17",
        "157.240.192.0/18",
        "163.70.128.0/17",
        "163.77.128.0/17",
        "173.252.64.0/18",
        "179.60.192.0/22",
        "185.60.216.0/22",
        "185.89.216.0/22",
        "204.15.20.0/22"
      ],
      "mtu": 9000,
      "sniff": true,
      "sniff_override_destination": false,
      "stack": "mixed",
      "interface_name": "tun0",
      "auto_route": true,
      "tag": "tun-in",
      "type": "tun"
    }
  ],
  "log": {
    "level": "warn"
  },
  "outbounds": [
    {
      "method": "2022-blake3-aes-128-gcm",
      "password": "password:password",
      "server": "MY VPS",
      "server_port": MY VPS port,
      "type": "shadowsocks",
      "domain_strategy": "ipv4_only",
      "tag": "proxy"
    },
    {
      "tag": "direct",
      "type": "direct"
    },
    {
      "tag": "bypass",
      "type": "direct"
    },
    {
      "tag": "block",
      "type": "block"
    },
    {
      "tag": "dns-out",
      "type": "dns"
    }
  ],
  "route": {
    "auto_detect_interface": true,
    "rules": [
      {
        "protocol": "dns",
        "outbound": "dns-out"
      }
    ]
  }
}

Logs

No response

Integrity requirements

[X] I confirm that I have read the documentation, understand the meaning of all the configuration items I wrote, and did not pile up seemingly useful options or default values.
[X] I confirm that I have provided the server and client configuration files and process that can be reproduced locally, instead of a complicated client configuration file that has been stripped of sensitive data.
[X] I confirm that I have provided the simplest configuration that can be used to reproduce the error I reported, instead of depending on remote servers, TUN, graphical interface clients, or other closed-source software.
[X] I confirm that I have provided the complete configuration files and logs, rather than just providing parts I think are useful out of confidence in my own intelligence.

SagerNet / sing-box