Extremely long routing tables
Posted: Sat Nov 19, 2016 2:42 pm
I'm using OpenVPN for circumventing Russian Internet firewall right now using my own server abroad.
In order to do that I've configured some scripts that fetch the list of all blacklisted IPs, merge them into networks where possible, and generate the file with all the route commands for OpenVPN on the server side.
There are some problems with that.
On Windows adding all the 26812 routes (and the number is growing every week) takes very long time, especially on slow computers. It wouldn't be a big problem if OpenVPN started working before adding routes, but it doesn't forward packets until all the routes are set up by Windows. And since OpenVPN does not signal an established connection, it sometimes disconnect it and tries to reconnect before all the routes are added, because some timeout has passed. When it does so, it deletes all the added routes one by one, which is as slow as adding them, and this disconnect-reconnect cycle may repeat endlessly. Right now I have to set connection timeout settings to incredible values (6 hours), and as a result detection of a genuine connection failure that would require a reconnect fails.
If OpenVPN didn't add the specific route yet I see "Website is blacklisted" message from my ISP. If OpenVPN has already added the specific route, but not all routes are added yet, I just see "connection timeout" because OpenVPN doesn't forward packets yet. And only after all the routes are added, it starts working.
Is it possible to make OpenVPN signal connection active before all the routes are added, and make it forward packets while those routes are being added one by one in background? This way I may even be able to prioritize routes in the list, making important/popular ones be added sooner after connection.
In order to do that I've configured some scripts that fetch the list of all blacklisted IPs, merge them into networks where possible, and generate the file with all the route commands for OpenVPN on the server side.
There are some problems with that.
On Windows adding all the 26812 routes (and the number is growing every week) takes very long time, especially on slow computers. It wouldn't be a big problem if OpenVPN started working before adding routes, but it doesn't forward packets until all the routes are set up by Windows. And since OpenVPN does not signal an established connection, it sometimes disconnect it and tries to reconnect before all the routes are added, because some timeout has passed. When it does so, it deletes all the added routes one by one, which is as slow as adding them, and this disconnect-reconnect cycle may repeat endlessly. Right now I have to set connection timeout settings to incredible values (6 hours), and as a result detection of a genuine connection failure that would require a reconnect fails.
If OpenVPN didn't add the specific route yet I see "Website is blacklisted" message from my ISP. If OpenVPN has already added the specific route, but not all routes are added yet, I just see "connection timeout" because OpenVPN doesn't forward packets yet. And only after all the routes are added, it starts working.
Is it possible to make OpenVPN signal connection active before all the routes are added, and make it forward packets while those routes are being added one by one in background? This way I may even be able to prioritize routes in the list, making important/popular ones be added sooner after connection.