RKN routes for OpenVPN
Install example
- mkdir /etc/openvpn/rknroutes
- Add "client-config-dir /etc/openvpn/rknroutes" line to OpenVPN server config
- Add "curl https://rkn.darkbyte.ru/openvpn.php > /etc/openvpn/rknroutes/DEFAULT" to crontab
Route table size optimization
RKN block many single IPs (453707 in total) and adding them all as /32 routes to table seems not a good idea.
To reduce table records, some /32 neighbors combine to /31 /30 and /29 networks, you can see them in /32 table.
Also we can align banned addresses to some larger networks, for example to /29, and than again aggregate neighbors.
The table below show stats for various cases. First is a route table size and seconds shows overhead (count of not banned IP, routed via VPN).
- /32 - 213,978 - -239,729
- /31 - 175,385 - 226,409
- /30 - 141,955 - 592,161
- /29 - 110,052 - 1,189,413
- /28 - 81,463 - 2,089,669
- /27 - 59,111 - 3,381,333
- /26 - 43,578 - 5,227,509
- /25 - 33,132 - 7,910,709
- /24 - 24,403 - 11,964,085
- /23 - 17,709 - 18,113,973
- /22 - 12,761 - 26,945,461
- /21 - 9,290 - 39,084,981
- /20 - 6,883 - 56,279,989
- /19 - 5,414 - 82,269,109
- /18 - 4,283 - 123,311,029
- /17 - 3,382 - 189,502,389
- /16 - 2,580 - 291,247,029
- /15 - 1,885 - 455,021,493
- /14 - 1,354 - 693,965,749
- /13 - 927 - 1,035,539,381
- /12 - 600 - 1,506,350,005
- /11 - 336 - 2,128,155,573
- /10 - 173 - 2,746,815,413
- /9 - 61 - 3,220,771,765
- /8 - 20 - 3,455,652,789
- +39 routes for networks large than /32
Notes
Some ISP blocks network requests by spoof DNS, so do not forget to add routes to your DNS server via VPN, or use dnscrypt-proxy.
See also