RKN routes for OpenVPN
Install example
- mkdir /etc/openvpn/rknroutes
- Add "client-config-dir /etc/openvpn/rknroutes" line to OpenVPN server config
- Add "curl https://rkn.darkbyte.ru/openvpn.php > /etc/openvpn/rknroutes/DEFAULT" to crontab
Route table size optimization
RKN block many single IPs (129231 in total) and adding them all as /32 routes to table seems not a good idea.
To reduce table records, some /32 neighbors combine to /31 /30 and /29 networks, you can see them in /32 table.
Also we can align banned addresses to some larger networks, for example to /29, and than again aggregate neighbors.
The table below show stats for various cases. First is a route table size and seconds shows overhead (count of not banned IP, routed via VPN).
- /32 - 76,326 - -52,905
- /31 - 59,077 - 80,639
- /30 - 47,571 - 197,673
- /29 - 38,671 - 394,953
- /28 - 30,197 - 713,553
- /27 - 22,854 - 1,194,609
- /26 - 17,832 - 1,895,153
- /25 - 14,768 - 2,969,905
- /24 - 11,579 - 4,773,169
- /23 - 9,505 - 7,620,401
- /22 - 7,804 - 12,247,857
- /21 - 6,342 - 19,943,217
- /20 - 5,229 - 32,270,129
- /19 - 4,313 - 52,225,841
- /18 - 3,511 - 86,001,457
- /17 - 2,833 - 142,083,889
- /16 - 2,177 - 228,919,089
- /15 - 1,611 - 372,508,465
- /14 - 1,191 - 569,247,537
- /13 - 829 - 875,956,017
- /12 - 558 - 1,288,570,673
- /11 - 328 - 1,853,753,137
- /10 - 181 - 2,487,093,041
- /9 - 60 - 3,153,987,377
- /8 - 24 - 3,304,982,321
- +60 routes for networks large than /32
Notes
Some ISP blocks network requests by spoof DNS, so do not forget to add routes to your DNS server via VPN, or use dnscrypt-proxy.
See also