How to configure a domain name for a split tunnel?

[siaimes]

In split tunnel model, I can set a route like 192.168.1.0/24, but wen I use domain name like *.google.com/*, it show me that skipping invalid route, why? Dose my route rule was wrong or OpenConnect can not support domain name list?

[cernekee]

The routing configuration and DNS configuration should normally be independent of each other. Maybe there are invalid characters, trailing spaces, or some other anomaly in the route list?

Bigger problem with split tunnel, in my experience, is that Android doesn't support split DNS. So you can't tell the system to resolve *.mycompany.com through the VPN DNS servers and everything else through your LAN/mobile DNS. Usually the workaround is to use the VPN DNS servers for all lookups, but that means DNS lookups for e.g. personal web browsing still goes through the VPN.

[siaimes]

@cernekee What dose mean "Android doesn't support split DNS"? Is android doesn`t support or openconnect for android doesn`t support? But when I use ShadowsocksR, it can!

[cernekee]

I think shadowsocks just tells the OS to use the remote DNS servers for lookups?

https://github.com/shadowsocks/shadowsocks-android/blob/master/core/src/main/java/com/github/shadowsocks/bg/VpnService.kt#L188

There is no Android API that tells the OS to resolve different domains through different (VPN vs. physical connection) DNS servers. It might be possible to simulate this by implementing a local DNS forwarder that is bound to different sockets.

[siaimes]

@cernekee OK, thanks, it seems that domain names can only use DNS instead of splitting tunnels.