RKN routes for OpenVPN
Install example
- mkdir /etc/openvpn/rknroutes
- Add "client-config-dir /etc/openvpn/rknroutes" line to OpenVPN server config
- Add "curl https://rkn.darkbyte.ru/openvpn.php > /etc/openvpn/rknroutes/DEFAULT" to crontab
Route table size optimization
RKN block many single IPs (326326 in total) and adding them all as /32 routes to table seems not a good idea.
To reduce table records, some /32 neighbors combine to /31 /30 and /29 networks, you can see them in /32 table.
Also we can align banned addresses to some larger networks, for example to /29, and than again aggregate neighbors.
The table below show stats for various cases. First is a route table size and seconds shows overhead (count of not banned IP, routed via VPN).
- /32 - 153,378 - -172,948
- /31 - 118,827 - 161,120
- /30 - 94,706 - 407,026
- /29 - 72,214 - 807,570
- /28 - 51,549 - 1,402,666
- /27 - 36,179 - 2,203,274
- /26 - 26,557 - 3,288,970
- /25 - 20,984 - 4,867,786
- /24 - 16,179 - 7,427,146
- /23 - 12,700 - 11,419,978
- /22 - 10,059 - 17,539,402
- /21 - 8,084 - 27,272,522
- /20 - 6,564 - 42,698,058
- /19 - 5,368 - 67,904,842
- /18 - 4,291 - 110,265,674
- /17 - 3,383 - 178,226,506
- /16 - 2,559 - 280,626,506
- /15 - 1,853 - 442,565,962
- /14 - 1,345 - 675,480,906
- /13 - 919 - 1,013,646,666
- /12 - 592 - 1,480,262,986
- /11 - 338 - 2,086,339,914
- /10 - 174 - 2,734,359,882
- /9 - 64 - 3,220,899,146
- /8 - 20 - 3,455,780,170
- +39 routes for networks large than /32
Notes
Some ISP blocks network requests by spoof DNS, so do not forget to add routes to your DNS server via VPN, or use dnscrypt-proxy.
See also