RKN routes for OpenVPN
Install example
- mkdir /etc/openvpn/rknroutes
- Add "client-config-dir /etc/openvpn/rknroutes" line to OpenVPN server config
- Add "curl https://rkn.darkbyte.ru/openvpn.php > /etc/openvpn/rknroutes/DEFAULT" to crontab
Route table size optimization
RKN block many single IPs (137389 in total) and adding them all as /32 routes to table seems not a good idea.
To reduce table records, some /32 neighbors combine to /31 /30 and /29 networks, you can see them in /32 table.
Also we can align banned addresses to some larger networks, for example to /29, and than again aggregate neighbors.
The table below show stats for various cases. First is a route table size and seconds shows overhead (count of not banned IP, routed via VPN).
- /32 - 80,602 - -56,787
- /31 - 62,410 - 85,067
- /30 - 50,328 - 209,115
- /29 - 40,546 - 418,667
- /28 - 31,294 - 754,435
- /27 - 23,516 - 1,252,435
- /26 - 18,268 - 1,968,531
- /25 - 15,096 - 3,062,611
- /24 - 11,858 - 4,909,651
- /23 - 9,728 - 7,826,259
- /22 - 7,962 - 12,545,875
- /21 - 6,457 - 20,367,187
- /20 - 5,309 - 32,929,619
- /19 - 4,364 - 53,200,723
- /18 - 3,550 - 87,385,939
- /17 - 2,856 - 144,041,811
- /16 - 2,198 - 232,384,339
- /15 - 1,624 - 374,859,603
- /14 - 1,188 - 573,433,683
- /13 - 831 - 880,142,163
- /12 - 559 - 1,284,368,211
- /11 - 328 - 1,851,647,827
- /10 - 180 - 2,499,667,795
- /9 - 61 - 3,120,424,787
- /8 - 24 - 3,304,974,163
- +60 routes for networks large than /32
Notes
Some ISP blocks network requests by spoof DNS, so do not forget to add routes to your DNS server via VPN, or use dnscrypt-proxy.
See also