RKN routes for OpenVPN
Install example
- mkdir /etc/openvpn/rknroutes
- Add "client-config-dir /etc/openvpn/rknroutes" line to OpenVPN server config
- Add "curl https://rkn.darkbyte.ru/openvpn.php > /etc/openvpn/rknroutes/DEFAULT" to crontab
Route table size optimization
RKN block many single IPs (102146 in total) and adding them all as /32 routes to table seems not a good idea.
To reduce table records, some /32 neighbors combine to /31 /30 and /29 networks, you can see them in /32 table.
Also we can align banned addresses to some larger networks, for example to /29, and than again aggregate neighbors.
The table below show stats for various cases. First is a route table size and seconds shows overhead (count of not banned IP, routed via VPN).
- /32 - 62,684 - -39,462
- /31 - 48,622 - 66,638
- /30 - 38,991 - 161,890
- /29 - 32,192 - 321,614
- /28 - 26,048 - 584,590
- /27 - 20,615 - 996,030
- /26 - 16,639 - 1,634,942
- /25 - 14,046 - 2,650,110
- /24 - 10,941 - 4,401,150
- /23 - 8,909 - 7,102,206
- /22 - 7,276 - 11,440,382
- /21 - 5,945 - 18,614,526
- /20 - 4,887 - 30,122,238
- /19 - 4,029 - 48,787,710
- /18 - 3,289 - 80,441,598
- /17 - 2,673 - 131,887,358
- /16 - 2,053 - 213,807,358
- /15 - 1,524 - 348,549,374
- /14 - 1,101 - 542,535,934
- /13 - 786 - 827,224,318
- /12 - 542 - 1,207,857,406
- /11 - 323 - 1,753,116,926
- /10 - 185 - 2,424,205,566
- /9 - 82 - 3,019,796,734
- /8 - 26 - 3,305,009,406
- +61 routes for networks large than /32
Notes
Some ISP blocks network requests by spoof DNS, so do not forget to add routes to your DNS server via VPN, or use dnscrypt-proxy.
See also