Hi Glen, > Such inverted ts is really huge
Huge? Excluding 1.0.0.0/8 from 0.0.0.0/0 results in eight subnets: 0.0.0.0/8,2.0.0.0/7,4.0.0.0/6,8.0.0.0/5,16.0.0.0/4,32.0.0.0/3,64.0.0.0/2,128.0.0.0/1 I think that should be workable. > I can probably manually manipulate the routing table on the client to make it > connect to these IPs directly, but that won’t work in a locked-down > environment like iOS. > > I wonder if there is any other way? Passthrough/bypass policies and routing manipulations are both possible approaches for certain clients and scenarios, but it really depends. And as you say, some clients don't provide much flexibility at all. Regards, Tobias
