RKN routes for OpenVPN
Install example
- mkdir /etc/openvpn/rknroutes
- Add "client-config-dir /etc/openvpn/rknroutes" line to OpenVPN server config
- Add "curl https://rkn.darkbyte.ru/openvpn.php > /etc/openvpn/rknroutes/DEFAULT" to crontab
Route table size optimization
RKN block many single IPs (164975 in total) and adding them all as /32 routes to table seems not a good idea.
To reduce table records, some /32 neighbors combine to /31 /30 and /29 networks, you can see them in /32 table.
Also we can align banned addresses to some larger networks, for example to /29, and than again aggregate neighbors.
The table below show stats for various cases. First is a route table size and seconds shows overhead (count of not banned IP, routed via VPN).
- /32 - 94,693 - -70,282
- /31 - 74,131 - 99,547
- /30 - 59,759 - 248,713
- /29 - 47,340 - 500,129
- /28 - 35,810 - 891,601
- /27 - 26,601 - 1,454,065
- /26 - 20,427 - 2,263,633
- /25 - 16,800 - 3,489,553
- /24 - 13,169 - 5,559,185
- /23 - 10,754 - 8,808,337
- /22 - 8,726 - 14,021,521
- /21 - 7,128 - 22,586,257
- /20 - 5,889 - 36,436,881
- /19 - 4,825 - 58,989,457
- /18 - 3,893 - 97,008,529
- /17 - 3,105 - 159,284,113
- /16 - 2,387 - 256,015,249
- /15 - 1,735 - 407,206,801
- /14 - 1,271 - 620,854,161
- /13 - 875 - 950,893,457
- /12 - 578 - 1,375,566,737
- /11 - 326 - 2,006,809,489
- /10 - 172 - 2,621,275,025
- /9 - 62 - 3,162,340,241
- /8 - 24 - 3,338,501,009
- +42 routes for networks large than /32
Notes
Some ISP blocks network requests by spoof DNS, so do not forget to add routes to your DNS server via VPN, or use dnscrypt-proxy.
See also