common
Streisand Split Tunneling: Domestic Sites Direct, Everything Else via VPN
Goal: Domestic websites and IP addresses connect directly (bypass VPN), all other traffic goes through VPN.
Platform: macOS / iOS (English UI)
Prerequisites
- Streisand app installed
- Working VPN/proxy profile configured
Step 1: Update Geo Assets
Settings → Routing → Assets → Update All
This downloads the latest geoip and geosite databases.
Step 2: Create Routing Profile
Settings → Routing → + (Add)
| Field | Value |
|---|---|
| Name | Domestic-Direct |
| Domain Strategy | IPIfNonMatch |
| Domain Matcher | (empty) |
Step 3: Configure Rule 1 (Domestic Traffic → Direct)
Tap Rule 1:
| Field | Value |
|---|---|
| Domain Matcher | (empty) |
| Outbound Tag | direct |
| Port | (empty) |
| Source Port | (empty) |
| Network | (empty) |
Domains (tap + to add each):
| Entry |
|---|
domain:ru |
domain:su |
IP (tap + to add):
| Entry |
|---|
geoip:ru |
Replace
ruwith your country code (cn,ir,ua, etc.)
→ Done
Step 4: Configure Rule 2 (LAN + DNS → Direct)
Tap + next to Rules, then tap Rule 2:
| Field | Value |
|---|---|
| Domain Matcher | (empty) |
| Outbound Tag | direct |
| Port | (empty) |
| Source Port | (empty) |
| Network | (empty) |
Domains: (empty)
IP (tap + to add each):
| Entry |
|---|
geoip:private |
8.8.8.8 |
8.8.4.4 |
1.1.1.1 |
→ Done
Step 5: Save and Activate
- Go back to Route screen → Save
- Settings → Routing → select
Domestic-Direct - Enable Routing toggle
- Reconnect VPN
Verification
| Site | Expected Result |
|---|---|
|
Domestic IP checker |
Your real ISP IP |
|
ifconfig.me |
VPN server IP |
What Each Rule Does
Rule 1:
domain:ru/domain:su— all domains ending with these TLDs bypass VPNgeoip:ru— IPs located in your country bypass VPN (catches sites like vk.com hosted domestically but using .com TLD)
Rule 2:
geoip:private— local network (192.168.x.x, 10.x.x.x, etc.) stays direct- DNS servers (8.8.8.8, 8.8.4.4, 1.1.1.1) — prevents DNS leaks through VPN
Troubleshooting
Domestic site still shows VPN IP:
- Site may use foreign CDN/hosting
- Add domain manually:
domain:example.com
Tunnel crashes on start:
- Avoid
geosite:ruorgeosite:category-ru— too large for iOS memory limit (~50MB) - Use
domain:ruinstead
Local network devices unreachable:
- Ensure
geoip:privateis in Rule 2
Optional: Add Popular Services
These geosite categories are small enough and may work:
| Category | Covers |
|---|---|
geosite:yandex |
Yandex services (maps, mail, taxi) |
geosite:vk |
VKontakte |
geosite:mailru |
Mail.ru services |
| geosite:category-gov-ru |
Add one at a time to Rule 1 → Domains and test. Remove if tunnel crashes.
Tested: Streisand 1.6.x, macOS Sequoia
Optional:
configuration link (open it in Safari)
``` streisand://aW1wb3J0L3JvdXRlOi8vWW5Cc2FYTjBNRERVQVFJREJBVUdCd2hVYm1GdFpWUjFkV2xrWG1SdmJXRnBibE4wY21GMFpXZDVWWEoxYkdWeldWSjFMV1JwY21WamRGOFFKRFZCTVRZM05FVkRMVUV6T0VVdE5EY3pOaTFDUmtGRkxUTXlRMEZCT1RrNE5ETTNORnhKVUVsbVRtOXVUV0YwWTJpaUNSUFRDZ3NNRFJBU1ZtUnZiV0ZwYmxKcGNGdHZkWFJpYjNWdVpGUmhaNklPRDFsa2IyMWhhVzQ2Y25WWVoyVnZhWEF1Y25XaEVWaG5aVzlwY0RweWRWWmthWEpsWTNUVENnc01GQlVTb0tRV0Z4Z1pYV2RsYjJsd09uQnlhWFpoZEdWWE9DNDRMamd1T0ZjNExqZ3VOQzQwVnpFdU1TNHhMakVJRVJZYktqQTZZVzV4ZUgrQ2pwR2JwS2F2dHIyK3c5SFo0UUFBQUFBQUFBRUJBQUFBQUFBQUFCb0FBQUFBQUFBQUFBQUFBQUFBQUFEcA==
```
Sources
- Streisand App Store: https://apps.apple.com/app/streisand/id6450534064
- v2fly domain-list-community (geosite base): https://github.com/v2fly/domain-list-community
- V2Ray Routing Documentation: https://www.v2ray.com/en/configuration/routing.html
- https://github.com/vulpeace/roscomcircum —geosite:yandex/vk/mailru
- https://github.com/EvgenyNerush/easy-xray/blob/main/Streisand.ru.md
- https://help.enot.am/routing/enable — Routing в Streisand
- iOS memory limit issue: https://github.com/XTLS/Xray-core/issues/4422
- v2ray rules: https://github.com/runetfreedom/russia-v2ray-rules-dat
