a-ha, if you happen to have a Unifi router then a simpler setup would be to do policy based routing by hostnames through a vpn client maintained in the router config