Currently the Tun inbound allows for specifying rulesets to include or exclude, which makes it quite efficient at bypassing domestic destinations. In most use cases, private destinations are not meant to be proxied and routing them through the Tun interface and then using a rule to use direct outbound is pointless, it would be much better if there were options like route_exclude_private_ip and route_include_private_ip which would add the private ip cidrs to the nftables/firewall rules so that they would be routed more efficiently.
Currently the Tun inbound allows for specifying rulesets to include or exclude, which makes it quite efficient at bypassing domestic destinations. In most use cases, private destinations are not meant to be proxied and routing them through the Tun interface and then using a rule to use direct outbound is pointless, it would be much better if there were options like
route_exclude_private_ipandroute_include_private_ipwhich would add the private ip cidrs to the nftables/firewall rules so that they would be routed more efficiently.