In the Android 1.1.1.1 app, the “Manage Excluded Routes” screen accepts wildcard subdomains, but they’re not actually excluded from the VPN as expected.
What steps have you taken to resolve the issue?
See the steps below.
What are the steps to reproduce the issue?
In the Android 1.1.1.1 app, enter api.whatismyip.com under the “Manage Excluded Routes” menu.
Visit whatismyip.com from the web browser and confirm the route has been excluded from the VPN (the website shows your real ISP and public IP).
Go back to the “Manage Excluded Routes” menu and replace api.whatismyip.com with *.whatismyip.com.
Visit whatismyip.com on the browser and notice the route is no longer excluded, showing a Cloudflare IP and Cloudflare as the ISP.
Hello, due to platform differences, mobile clients can only apply Split Tunnels rules when the tunnel is initially started. This means:
Domain-based Split Tunnels rules are created when the tunnel is established based on the IP address for that domain at that time. The route is refreshed each time the tunnel is established.
Wildcard domain prefixes (for example, *.example.com) are supported only if they have valid wildcard DNS records. Other wildcard domains are not supported because the client is unable to match wildcard domains to hostnames when starting up the tunnel. Unsupported wildcard domain prefixes can still exist in your configuration, but they will be ignored on mobile platforms.