Sorry, I forgot to say, in my real case, I have quite a few holes to punch, leaving very fragmented ip ranges, thus the huge size.
From your reply, I assume they are the only two ways to enable split tunnel? > On Oct 28, 2019, at 5:28 PM, Tobias Brunner <[email protected]> wrote: > > Hi Glen, > >> Such inverted ts is really huge > > Huge? Excluding 1.0.0.0/8 from 0.0.0.0/0 results in eight subnets: > > > 0.0.0.0/8,2.0.0.0/7,4.0.0.0/6,8.0.0.0/5,16.0.0.0/4,32.0.0.0/3,64.0.0.0/2,128.0.0.0/1 > > I think that should be workable. > >> I can probably manually manipulate the routing table on the client to make >> it connect to these IPs directly, but that won’t work in a locked-down >> environment like iOS. >> >> I wonder if there is any other way? > > Passthrough/bypass policies and routing manipulations are both possible > approaches for certain clients and scenarios, but it really depends. > And as you say, some clients don't provide much flexibility at all. > > Regards, > Tobias
