RKN routes for OpenVPN
Install example
- mkdir /etc/openvpn/rknroutes
- Add "client-config-dir /etc/openvpn/rknroutes" line to OpenVPN server config
- Add "curl https://rkn.darkbyte.ru/openvpn.php > /etc/openvpn/rknroutes/DEFAULT" to crontab
Route table size optimization
RKN block many single IPs (95466 in total) and adding them all as /32 routes to table seems not a good idea.
To reduce table records, some /32 neighbors combine to /31 /30 and /29 networks, you can see them in /32 table.
Also we can align banned addresses to some larger networks, for example to /29, and than again aggregate neighbors.
The table below show stats for various cases. First is a route table size and seconds shows overhead (count of not banned IP, routed via VPN).
- /32 - 59,863 - -35,603
- /31 - 46,553 - 63,852
- /30 - 37,362 - 155,050
- /29 - 30,955 - 307,550
- /28 - 25,129 - 561,014
- /27 - 19,993 - 957,878
- /26 - 16,303 - 1,576,918
- /25 - 13,831 - 2,566,038
- /24 - 10,762 - 4,299,286
- /23 - 8,757 - 6,956,822
- /22 - 7,149 - 11,224,854
- /21 - 5,847 - 18,277,142
- /20 - 4,815 - 29,539,094
- /19 - 3,964 - 47,942,422
- /18 - 3,247 - 79,186,710
- /17 - 2,617 - 130,190,102
- /16 - 2,032 - 210,471,702
- /15 - 1,502 - 344,623,894
- /14 - 1,088 - 535,726,870
- /13 - 776 - 817,269,526
- /12 - 538 - 1,201,572,630
- /11 - 325 - 1,744,734,998
- /10 - 184 - 2,407,435,030
- /9 - 82 - 3,019,803,414
- /8 - 26 - 3,305,016,086
- +61 routes for networks large than /32
Notes
Some ISP blocks network requests by spoof DNS, so do not forget to add routes to your DNS server via VPN, or use dnscrypt-proxy.
See also