首页 注册 登录
V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
V2EX 提问指南
广告
lenovo
V2EX  ›  问与答

这样弄 ocserv 的 no-route 路由表有问题吗?

  •   
  •   lenovo · 2015-05-04 12:07:30 +08:00 · 9748 次点击
    这是一个创建于 3473 天前的主题,其中的信息可能已经有所发展或是发生改变。
    no-route = 1.0.0.0/255.0.0.0
no-route = 14.0.0.0/255.0.0.0
no-route = 27.0.0.0/255.0.0.0
no-route = 36.0.0.0/255.0.0.0
no-route = 39.0.0.0/255.0.0.0
no-route = 42.0.0.0/255.0.0.0
no-route = 43.0.0.0/255.0.0.0
no-route = 45.0.0.0/255.0.0.0
no-route = 47.0.0.0/255.0.0.0
no-route = 49.0.0.0/255.0.0.0
no-route = 54.0.0.0/255.0.0.0
no-route = 58.0.0.0/255.0.0.0
no-route = 59.0.0.0/255.0.0.0
no-route = 60.0.0.0/255.0.0.0
no-route = 61.0.0.0/255.0.0.0
no-route = 101.0.0.0/255.0.0.0
no-route = 103.0.0.0/255.0.0.0
no-route = 106.0.0.0/255.0.0.0
no-route = 110.0.0.0/255.0.0.0
no-route = 111.0.0.0/255.0.0.0
no-route = 112.0.0.0/255.0.0.0
no-route = 113.0.0.0/255.0.0.0
no-route = 114.0.0.0/255.0.0.0
no-route = 115.0.0.0/255.0.0.0
no-route = 116.0.0.0/255.0.0.0
no-route = 117.0.0.0/255.0.0.0
no-route = 118.0.0.0/255.0.0.0
no-route = 119.0.0.0/255.0.0.0
no-route = 120.0.0.0/255.0.0.0
no-route = 121.0.0.0/255.0.0.0
no-route = 122.0.0.0/255.0.0.0
no-route = 123.0.0.0/255.0.0.0
no-route = 124.0.0.0/255.0.0.0
no-route = 125.0.0.0/255.0.0.0
no-route = 139.0.0.0/255.0.0.0
no-route = 140.0.0.0/255.0.0.0
no-route = 144.0.0.0/255.0.0.0
no-route = 150.0.0.0/255.0.0.0
no-route = 152.0.0.0/255.0.0.0
no-route = 153.0.0.0/255.0.0.0
no-route = 157.0.0.0/255.0.0.0
no-route = 159.0.0.0/255.0.0.0
no-route = 161.0.0.0/255.0.0.0
no-route = 162.0.0.0/255.0.0.0
no-route = 163.0.0.0/255.0.0.0
no-route = 166.0.0.0/255.0.0.0
no-route = 167.0.0.0/255.0.0.0
no-route = 168.0.0.0/255.0.0.0
no-route = 171.0.0.0/255.0.0.0
no-route = 175.0.0.0/255.0.0.0
no-route = 180.0.0.0/255.0.0.0
no-route = 182.0.0.0/255.0.0.0
no-route = 183.0.0.0/255.0.0.0
no-route = 192.0.0.0/255.0.0.0
no-route = 202.0.0.0/255.0.0.0
no-route = 203.0.0.0/255.0.0.0
no-route = 210.0.0.0/255.0.0.0
no-route = 211.0.0.0/255.0.0.0
no-route = 218.0.0.0/255.0.0.0
no-route = 219.0.0.0/255.0.0.0
no-route = 220.0.0.0/255.0.0.0
no-route = 221.0.0.0/255.0.0.0
no-route = 222.0.0.0/255.0.0.0
no-route = 223.0.0.0/255.0.0.0

    64行,看了下ios上cisco anyconnect的路由表,貌似都收到了
    用起来貌似也分流了,就是不知道有多大误差?

    第 1 条附言  ·  2015-05-12 22:03:26 +08:00
    最終結果:https://github.com/CNMan/ocserv-cn-no-route
  • Route
  • ocserv
  • anyconnect
    67 条回复    2015-08-08 13:37:56 +08:00
    LazyZhu
        1
    LazyZhu  
       2015-05-04 12:24:26 +08:00 via iPhone
    64+200 应该有个最优解的
    LazyZhu
        2
    LazyZhu  
       2015-05-04 13:35:29 +08:00 via iPhone
    route和no-route在ocserv里面哪个优先判断,这关系到路由表的分配
    sdysj
        3
    sdysj  
       2015-05-04 13:52:07 +08:00
    误差不大,就算误差都是些东南亚或者新西兰之类的,cloudflare 可能受点影响。
    regeditms
        4
    regeditms  
       2015-05-04 13:52:53 +08:00
    route 和 no-route 只能存在一个。优先判断route,这两个都能有200条,楼主你这样是过滤国内的吗?我试过 国内ip段 前200条 但是感觉效果还是不那么好。
    ddqp
        5
    ddqp  
       2015-05-04 13:56:57 +08:00 via iPhone
    这个应该放在哪里?
    lenovo
        6
    lenovo  
    OP
       2015-05-04 14:11:02 +08:00
    @LazyZhu @regeditms 我的route是空的

    @ddqp 放ocserv.conf里
    LazyZhu
        7
    LazyZhu  
       2015-05-04 14:24:38 +08:00 via iPhone
    @regeditms 看文档说明是可以一起用的
    # To set the server as the default gateway for the client just
    # comment out all routes from the server, or use the special keyword
    # ’default’.

    route = 10.10.10.0/255.255.255.0
    route = 192.168.0.0/255.255.0.0
    #route = fef4:db8:1000:1001::/64

    # Subsets of the routes above that will not be routed by
    # the server. Note, that this may currently be not be supported
    # by openconnect clients.

    no-route = 192.168.5.0/255.255.255.0


    http://www.infradead.org/ocserv/manual.html
    ddqp
        8
    ddqp  
       2015-05-04 14:27:31 +08:00 via iPhone
    谢谢,我回去试试看
    lucifer9
        9
    lucifer9  
       2015-05-04 14:28:17 +08:00
    文档只是分别说了两者的用法而已
    至于是否可以一起用,试试就知道了
    LazyZhu
        10
    LazyZhu  
       2015-05-04 14:34:28 +08:00 via iPhone
    no-route优先级别比route高,上面样例效果就是路由192.168.0.0/16 ,但是排除192.168.5.0/24
    关键是客户端也得支持
    LazyZhu
        11
    LazyZhu  
       2015-05-04 14:36:33 +08:00 via iPhone
    @lucifer9 再去读读,aboue...above...above
    Daniel65536
        12
    Daniel65536  
       2015-05-04 14:37:30 +08:00 via iPad
    Anyconnect不支持混用。以最后一条是route还是noroute决定只保留哪种。
    LazyZhu
        13
    LazyZhu  
       2015-05-04 14:38:43 +08:00 via iPhone
    @Daniel65536
    LazyZhu
        14
    LazyZhu  
       2015-05-04 14:45:05 +08:00 via iPhone
    Cisco开发人员明显偷懒了
    OpenConnect 应该支持的
    bellchu
        15
    bellchu  
       2015-05-04 14:45:58 +08:00
    帮你汇总了一下

    1.0.0.0/8
    14.0.0.0/8
    27.0.0.0/8
    36.0.0.0/8
    39.0.0.0/8
    42.0.0.0/7
    45.0.0.0/8
    47.0.0.0/8
    49.0.0.0/8
    54.0.0.0/8
    58.0.0.0/7
    60.0.0.0/7
    101.0.0.0/8
    103.0.0.0/8
    106.0.0.0/8
    110.0.0.0/7
    112.0.0.0/5
    120.0.0.0/6
    124.0.0.0/7
    139.0.0.0/8
    140.0.0.0/8
    144.0.0.0/8
    150.0.0.0/8
    152.0.0.0/7
    157.0.0.0/8
    159.0.0.0/8
    161.0.0.0/8
    162.0.0.0/7
    166.0.0.0/7
    168.0.0.0/8
    171.0.0.0/8
    175.0.0.0/8
    180.0.0.0/8
    182.0.0.0/7
    192.0.0.0/8
    202.0.0.0/7
    210.0.0.0/7
    218.0.0.0/7
    220.0.0.0/6
    bellchu
        16
    bellchu  
       2015-05-04 14:58:51 +08:00
    @LazyZhu
    应该反过来说
    OpenConnect开发人员明显偷懒了
    Cisco应该支持的

    Cisco用的是Split Tunnel,用ACL控制哪些流量走VPN Tunnel,哪些走default gateway。
    lenovo
        17
    lenovo  
    OP
       2015-05-04 15:00:31 +08:00
    @bellchu 要是支持ACL分流就精确多了
    loca1h0st
        18
    loca1h0st  
       2015-05-04 15:04:18 +08:00
    貌似熊猫翻就是用的顶楼的路由表?
    Yien
        19
    Yien  
       2015-05-04 15:04:48 +08:00 via Android
    0.10.2还是会断,不知道0.10.4解决没有。
    bellchu
        20
    bellchu  
       2015-05-04 15:14:30 +08:00
    @lenovo 楼主贴的是APNIC的Asia IP Range, 范围太大了

    这个是APNIC的所有详细IP信息

    自己用vim提取一下中国的IP就行了
    bellchu
        21
    bellchu  
       2015-05-04 15:14:53 +08:00
    @lenovo 地址没贴。。。。。
    http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest
    LazyZhu
        22
    LazyZhu  
       2015-05-04 15:15:36 +08:00 via iPhone
    @bellchu 也对也不对,其实两者一样但不兼容
    bellchu
        23
    bellchu  
       2015-05-04 15:20:39 +08:00
    @LazyZhu
    Cisco搞AnyConnect不是为了兼容OpenConnect的
    OpenConnect开发出来是号称兼容AnyConnect和Juniper的SSL VPN客户端的

    Cisco没有义务去兼容OpenConnect,ocserv与AnyConnect客户端不完全兼容总不能抱怨Cisco工程师偷懒吧。
    lenovo
        24
    lenovo  
    OP
       2015-05-04 15:33:03 +08:00
    @bellchu 这样处理是精确点,但是路由表太长了,据说客户端接收不全?
    curl 'http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest' | grep ipv4 | grep CN | awk -F\| '{ printf("%s/%d\n", $4, 32-log($5)/log(2)) }' > chnroute.txt
    kkxxxxxxx
        25
    kkxxxxxxx  
       2015-05-04 15:34:57 +08:00
    @bellchu 这种格式也可以?
    bellchu
        26
    bellchu  
       2015-05-04 15:38:08 +08:00
    @lenovo 肯定要做汇总的,不然路由条数太多会死机的。
    但是这么做至少比你用A类地址做过滤要精确的多
    bellchu
        27
    bellchu  
       2015-05-04 15:45:24 +08:00
    @lenovo 看了一下5502条记录能精确汇总到3573条
    试试看忽略16位掩码以上的IP
    bellchu
        28
    bellchu  
       2015-05-04 15:53:47 +08:00
    @kkxxxxxxx 用CIDR汇总起来比较直观,不然太多5和0看起来会眼花,至于ocserv支持不支持我真不知道,没怎么用过ocserv,只是装了下看了看效果。
    LazyZhu
        29
    LazyZhu  
       2015-05-04 18:41:12 +08:00
    @lenovo 误差非常大
    ipv4:3504465208
    reserved:592708865
    chnroute:334478336
    64-route:1073741824
    (1073741824-334478336)/(3504465208-592708865)=0.2539
    lenovo
        30
    lenovo  
    OP
       2015-05-04 19:07:57 +08:00
    @LazyZhu 那也没办法啊,有什么好的解决方案么?
    LazyZhu
        31
    LazyZhu  
       2015-05-04 19:23:21 +08:00
    @lenovo
    https://www.v2ex.com/t/136431 改成200,误差可以缩小
    shangjiyu
        32
    shangjiyu  
       2015-05-04 19:37:55 +08:00
    @LazyZhu 这个真的没有限制么?
    https://raw.githubusercontent.com/fanyueciyuan/eazy-for-ss/master/chnroutes/ocserv.conf
    这里建议改到6000 。。。
    Daniel65536
        33
    Daniel65536  
       2015-05-04 19:47:23 +08:00 via iPad
    @shangjiyu Anyconnect写死了上限200。
    LazyZhu
        34
    LazyZhu  
       2015-05-04 20:11:08 +08:00
    @lenovo @shangjiyu 143条:
    1.0.0.0/255.128.0.0
    1.160.0.0/255.224.0.0
    1.192.0.0/255.224.0.0
    14.0.0.0/255.224.0.0
    14.96.0.0/255.224.0.0
    14.128.0.0/255.224.0.0
    14.192.0.0/255.224.0.0
    27.0.0.0/255.192.0.0
    27.96.0.0/255.224.0.0
    27.128.0.0/255.128.0.0
    36.0.0.0/255.192.0.0
    36.96.0.0/255.224.0.0
    36.128.0.0/255.128.0.0
    39.0.0.0/255.224.0.0
    39.64.0.0/255.192.0.0
    39.128.0.0/255.192.0.0
    42.0.0.0/255.0.0.0
    43.224.0.0/255.224.0.0
    45.64.0.0/255.192.0.0
    47.64.0.0/255.192.0.0
    49.0.0.0/255.128.0.0
    49.128.0.0/255.224.0.0
    49.192.0.0/255.192.0.0
    54.192.0.0/255.224.0.0
    58.0.0.0/255.128.0.0
    58.128.0.0/255.224.0.0
    58.192.0.0/255.192.0.0
    59.32.0.0/255.224.0.0
    59.64.0.0/255.192.0.0
    59.128.0.0/255.128.0.0
    60.0.0.0/255.192.0.0
    60.160.0.0/255.224.0.0
    60.192.0.0/255.192.0.0
    61.0.0.0/255.192.0.0
    61.64.0.0/255.224.0.0
    61.128.0.0/255.192.0.0
    61.224.0.0/255.224.0.0
    101.0.0.0/255.128.0.0
    101.128.0.0/255.224.0.0
    101.192.0.0/255.192.0.0
    103.0.0.0/255.192.0.0
    103.224.0.0/255.224.0.0
    106.0.0.0/255.128.0.0
    106.224.0.0/255.224.0.0
    110.0.0.0/254.0.0.0
    112.0.0.0/255.128.0.0
    112.128.0.0/255.224.0.0
    112.192.0.0/255.192.0.0
    113.0.0.0/255.128.0.0
    113.128.0.0/255.224.0.0
    113.192.0.0/255.192.0.0
    114.0.0.0/255.128.0.0
    114.128.0.0/255.224.0.0
    114.192.0.0/255.192.0.0
    115.0.0.0/255.0.0.0
    116.0.0.0/255.0.0.0
    117.0.0.0/255.128.0.0
    117.128.0.0/255.192.0.0
    118.0.0.0/255.224.0.0
    118.64.0.0/255.192.0.0
    118.128.0.0/255.128.0.0
    119.0.0.0/255.128.0.0
    119.128.0.0/255.192.0.0
    119.224.0.0/255.224.0.0
    120.0.0.0/255.192.0.0
    120.64.0.0/255.224.0.0
    120.128.0.0/255.224.0.0
    120.192.0.0/255.192.0.0
    121.0.0.0/255.128.0.0
    121.192.0.0/255.192.0.0
    122.0.0.0/254.0.0.0
    124.0.0.0/255.0.0.0
    125.0.0.0/255.128.0.0
    125.160.0.0/255.224.0.0
    125.192.0.0/255.192.0.0
    139.0.0.0/255.224.0.0
    139.128.0.0/255.128.0.0
    140.64.0.0/255.224.0.0
    140.128.0.0/255.224.0.0
    140.192.0.0/255.192.0.0
    144.0.0.0/255.192.0.0
    144.96.0.0/255.224.0.0
    144.224.0.0/255.224.0.0
    150.0.0.0/255.224.0.0
    150.96.0.0/255.224.0.0
    150.128.0.0/255.224.0.0
    150.192.0.0/255.192.0.0
    152.96.0.0/255.224.0.0
    153.0.0.0/255.192.0.0
    153.96.0.0/255.224.0.0
    157.0.0.0/255.192.0.0
    157.96.0.0/255.224.0.0
    157.128.0.0/255.224.0.0
    157.224.0.0/255.224.0.0
    159.224.0.0/255.224.0.0
    161.192.0.0/255.224.0.0
    162.96.0.0/255.224.0.0
    163.0.0.0/255.192.0.0
    163.96.0.0/255.224.0.0
    163.128.0.0/255.192.0.0
    163.192.0.0/255.224.0.0
    166.96.0.0/255.224.0.0
    167.128.0.0/255.192.0.0
    168.160.0.0/255.224.0.0
    171.0.0.0/255.128.0.0
    171.192.0.0/255.224.0.0
    175.0.0.0/255.128.0.0
    175.128.0.0/255.192.0.0
    180.64.0.0/255.192.0.0
    180.128.0.0/255.128.0.0
    182.0.0.0/255.0.0.0
    183.0.0.0/255.192.0.0
    183.64.0.0/255.224.0.0
    183.128.0.0/255.128.0.0
    192.96.0.0/255.224.0.0
    192.160.0.0/255.224.0.0
    202.0.0.0/255.128.0.0
    202.128.0.0/255.192.0.0
    202.192.0.0/255.224.0.0
    203.0.0.0/255.128.0.0
    203.128.0.0/255.192.0.0
    203.192.0.0/255.224.0.0
    210.0.0.0/255.192.0.0
    210.64.0.0/255.224.0.0
    210.160.0.0/255.224.0.0
    210.192.0.0/255.224.0.0
    211.64.0.0/255.192.0.0
    211.128.0.0/255.192.0.0
    218.0.0.0/255.128.0.0
    218.160.0.0/255.224.0.0
    218.192.0.0/255.192.0.0
    219.64.0.0/255.224.0.0
    219.128.0.0/255.224.0.0
    219.192.0.0/255.192.0.0
    220.96.0.0/255.224.0.0
    220.128.0.0/255.128.0.0
    221.0.0.0/255.224.0.0
    221.96.0.0/255.224.0.0
    221.128.0.0/255.128.0.0
    222.0.0.0/255.0.0.0
    223.0.0.0/255.224.0.0
    223.64.0.0/255.192.0.0
    223.128.0.0/255.128.0.0

    all:3504465208
    reserved:592708865
    (713031680-334478336)/(3504465208-592708865)=0.13
    误差减少了一半

    我试试route...
    lenovo
        35
    lenovo  
    OP
       2015-05-04 20:28:37 +08:00
    @LazyZhu 我这样弄不知道对不对?
    把所有/13及以上都弄成/12,然后合并,是150条
    把所有/14及以上都弄成/13,然后合并,是230条

    看来/12是最优?谁给专程CIDR格式?
    1.0.0.0-1.95.255.255
    1.112.0.0-1.127.255.255
    1.176.0.0-1.207.255.255
    14.0.0.0-14.31.255.255
    14.96.0.0-14.159.255.255
    14.192.0.0-14.223.255.255
    27.0.0.0-27.63.255.255
    27.96.0.0-27.159.255.255
    27.176.0.0-27.239.255.255
    36.0.0.0-36.63.255.255
    36.96.0.0-36.223.255.255
    36.240.0.0-36.255.255.255
    39.0.0.0-39.15.255.255
    39.64.0.0-39.111.255.255
    39.128.0.0-39.191.255.255
    42.0.0.0-42.15.255.255
    42.48.0.0-42.63.255.255
    42.80.0.0-42.255.255.255
    43.224.0.0-43.255.255.255
    45.64.0.0-45.79.255.255
    45.112.0.0-45.127.255.255
    47.80.0.0-47.127.255.255
    49.0.0.0-49.15.255.255
    49.48.0.0-49.95.255.255
    49.112.0.0-49.159.255.255
    49.208.0.0-49.255.255.255
    54.208.0.0-54.223.255.255
    58.0.0.0-58.159.255.255
    58.192.0.0-58.223.255.255
    58.240.0.0-58.255.255.255
    59.32.0.0-59.111.255.255
    59.144.0.0-60.31.255.255
    60.48.0.0-60.63.255.255
    60.160.0.0-61.63.255.255
    61.80.0.0-61.95.255.255
    61.128.0.0-61.191.255.255
    61.224.0.0-61.255.255.255
    101.0.0.0-101.159.255.255
    101.192.0.0-101.207.255.255
    101.224.0.0-101.255.255.255
    103.0.0.0-103.63.255.255
    103.224.0.0-103.255.255.255
    106.0.0.0-106.127.255.255
    106.224.0.0-106.239.255.255
    110.0.0.0-110.127.255.255
    110.144.0.0-111.95.255.255
    111.112.0.0-111.239.255.255
    112.0.0.0-112.143.255.255
    112.192.0.0-112.207.255.255
    112.224.0.0-113.143.255.255
    113.192.0.0-113.255.255.255
    114.16.0.0-114.31.255.255
    114.48.0.0-114.143.255.255
    114.192.0.0-114.255.255.255
    115.16.0.0-115.127.255.255
    115.144.0.0-115.239.255.255
    116.0.0.0-116.31.255.255
    116.48.0.0-116.95.255.255
    116.112.0.0-117.191.255.255
    118.16.0.0-118.31.255.255
    118.64.0.0-118.159.255.255
    118.176.0.0-119.191.255.255
    119.224.0.0-120.95.255.255
    120.128.0.0-120.143.255.255
    120.192.0.0-121.111.255.255
    121.192.0.0-121.207.255.255
    121.224.0.0-122.15.255.255
    122.48.0.0-122.159.255.255
    122.176.0.0-122.207.255.255
    122.224.0.0-123.15.255.255
    123.48.0.0-123.207.255.255
    123.224.0.0-124.47.255.255
    124.64.0.0-124.175.255.255
    124.192.0.0-124.255.255.255
    125.16.0.0-125.127.255.255
    125.160.0.0-125.175.255.255
    125.208.0.0-125.223.255.255
    125.240.0.0-125.255.255.255
    139.0.0.0-139.15.255.255
    139.128.0.0-139.239.255.255
    140.64.0.0-140.79.255.255
    140.128.0.0-140.143.255.255
    140.192.0.0-140.255.255.255
    144.0.0.0-144.15.255.255
    144.48.0.0-144.63.255.255
    144.112.0.0-144.127.255.255
    144.240.0.0-144.255.255.255
    150.0.0.0-150.15.255.255
    150.112.0.0-150.143.255.255
    150.208.0.0-150.223.255.255
    150.240.0.0-150.255.255.255
    152.96.0.0-152.111.255.255
    153.0.0.0-153.15.255.255
    153.32.0.0-153.47.255.255
    153.96.0.0-153.127.255.255
    157.0.0.0-157.31.255.255
    157.48.0.0-157.63.255.255
    157.112.0.0-157.127.255.255
    157.144.0.0-157.159.255.255
    157.240.0.0-157.255.255.255
    159.224.0.0-159.239.255.255
    161.192.0.0-161.207.255.255
    162.96.0.0-162.111.255.255
    163.0.0.0-163.15.255.255
    163.32.0.0-163.63.255.255
    163.112.0.0-163.143.255.255
    163.176.0.0-163.207.255.255
    166.96.0.0-166.111.255.255
    167.128.0.0-167.143.255.255
    167.176.0.0-167.191.255.255
    168.160.0.0-168.175.255.255
    171.0.0.0-171.15.255.255
    171.32.0.0-171.47.255.255
    171.80.0.0-171.127.255.255
    171.208.0.0-171.223.255.255
    175.0.0.0-175.111.255.255
    175.144.0.0-175.191.255.255
    180.64.0.0-180.239.255.255
    182.16.0.0-182.63.255.255
    182.80.0.0-182.175.255.255
    182.192.0.0-182.207.255.255
    182.224.0.0-183.95.255.255
    183.128.0.0-183.255.255.255
    192.112.0.0-192.127.255.255
    192.176.0.0-192.191.255.255
    202.0.0.0-202.207.255.255
    203.0.0.0-203.223.255.255
    210.0.0.0-210.95.255.255
    210.176.0.0-210.207.255.255
    211.64.0.0-211.111.255.255
    211.128.0.0-211.175.255.255
    218.0.0.0-218.31.255.255
    218.48.0.0-218.111.255.255
    218.176.0.0-218.207.255.255
    218.240.0.0-218.255.255.255
    219.64.0.0-219.95.255.255
    219.128.0.0-219.159.255.255
    219.208.0.0-219.255.255.255
    220.96.0.0-220.127.255.255
    220.144.0.0-220.207.255.255
    220.224.0.0-221.15.255.255
    221.112.0.0-221.143.255.255
    221.160.0.0-221.239.255.255
    222.16.0.0-222.95.255.255
    222.112.0.0-222.143.255.255
    222.160.0.0-222.223.255.255
    222.240.0.0-223.31.255.255
    223.64.0.0-223.175.255.255
    223.192.0.0-223.223.255.255
    223.240.0.0-223.255.255.255
    LazyZhu
        36
    LazyZhu  
       2015-05-04 20:35:51 +08:00
    @lenovo 配置里面的格式不是cidr,是netmask,等我转换下
    lenovo
        37
    lenovo  
    OP
       2015-05-04 21:54:26 +08:00
    @LazyZhu 转完之后又超过200行了,最后弄成/11,143行,你的是对的

    no-route = 1.0.0.0/9
    no-route = 1.160.0.0/11
    no-route = 1.192.0.0/11
    no-route = 14.0.0.0/11
    no-route = 14.96.0.0/11
    no-route = 14.128.0.0/11
    no-route = 14.192.0.0/11
    no-route = 27.0.0.0/10
    no-route = 27.96.0.0/11
    no-route = 27.128.0.0/9
    no-route = 36.0.0.0/10
    no-route = 36.96.0.0/11
    no-route = 36.128.0.0/9
    no-route = 39.0.0.0/11
    no-route = 39.64.0.0/10
    no-route = 39.128.0.0/10
    no-route = 42.0.0.0/8
    no-route = 43.224.0.0/11
    no-route = 45.64.0.0/10
    no-route = 47.64.0.0/10
    no-route = 49.0.0.0/9
    no-route = 49.128.0.0/11
    no-route = 49.192.0.0/10
    no-route = 54.192.0.0/11
    no-route = 58.0.0.0/9
    no-route = 58.128.0.0/11
    no-route = 58.192.0.0/10
    no-route = 59.32.0.0/11
    no-route = 59.64.0.0/10
    no-route = 59.128.0.0/9
    no-route = 60.0.0.0/10
    no-route = 60.160.0.0/11
    no-route = 60.192.0.0/10
    no-route = 61.0.0.0/10
    no-route = 61.64.0.0/11
    no-route = 61.128.0.0/10
    no-route = 61.224.0.0/11
    no-route = 101.0.0.0/9
    no-route = 101.128.0.0/11
    no-route = 101.192.0.0/10
    no-route = 103.0.0.0/10
    no-route = 103.224.0.0/11
    no-route = 106.0.0.0/9
    no-route = 106.224.0.0/11
    no-route = 110.0.0.0/7
    no-route = 112.0.0.0/9
    no-route = 112.128.0.0/11
    no-route = 112.192.0.0/10
    no-route = 113.0.0.0/9
    no-route = 113.128.0.0/11
    no-route = 113.192.0.0/10
    no-route = 114.0.0.0/9
    no-route = 114.128.0.0/11
    no-route = 114.192.0.0/10
    no-route = 115.0.0.0/8
    no-route = 116.0.0.0/8
    no-route = 117.0.0.0/9
    no-route = 117.128.0.0/10
    no-route = 118.0.0.0/11
    no-route = 118.64.0.0/10
    no-route = 118.128.0.0/9
    no-route = 119.0.0.0/9
    no-route = 119.128.0.0/10
    no-route = 119.224.0.0/11
    no-route = 120.0.0.0/10
    no-route = 120.64.0.0/11
    no-route = 120.128.0.0/11
    no-route = 120.192.0.0/10
    no-route = 121.0.0.0/9
    no-route = 121.192.0.0/10
    no-route = 122.0.0.0/7
    no-route = 124.0.0.0/8
    no-route = 125.0.0.0/9
    no-route = 125.160.0.0/11
    no-route = 125.192.0.0/10
    no-route = 139.0.0.0/11
    no-route = 139.128.0.0/9
    no-route = 140.64.0.0/11
    no-route = 140.128.0.0/11
    no-route = 140.192.0.0/10
    no-route = 144.0.0.0/10
    no-route = 144.96.0.0/11
    no-route = 144.224.0.0/11
    no-route = 150.0.0.0/11
    no-route = 150.96.0.0/11
    no-route = 150.128.0.0/11
    no-route = 150.192.0.0/10
    no-route = 152.96.0.0/11
    no-route = 153.0.0.0/10
    no-route = 153.96.0.0/11
    no-route = 157.0.0.0/10
    no-route = 157.96.0.0/11
    no-route = 157.128.0.0/11
    no-route = 157.224.0.0/11
    no-route = 159.224.0.0/11
    no-route = 161.192.0.0/11
    no-route = 162.96.0.0/11
    no-route = 163.0.0.0/10
    no-route = 163.96.0.0/11
    no-route = 163.128.0.0/10
    no-route = 163.192.0.0/11
    no-route = 166.96.0.0/11
    no-route = 167.128.0.0/10
    no-route = 168.160.0.0/11
    no-route = 171.0.0.0/9
    no-route = 171.192.0.0/11
    no-route = 175.0.0.0/9
    no-route = 175.128.0.0/10
    no-route = 180.64.0.0/10
    no-route = 180.128.0.0/9
    no-route = 182.0.0.0/8
    no-route = 183.0.0.0/10
    no-route = 183.64.0.0/11
    no-route = 183.128.0.0/9
    no-route = 192.96.0.0/11
    no-route = 192.160.0.0/11
    no-route = 202.0.0.0/9
    no-route = 202.128.0.0/10
    no-route = 202.192.0.0/11
    no-route = 203.0.0.0/9
    no-route = 203.128.0.0/10
    no-route = 203.192.0.0/11
    no-route = 210.0.0.0/10
    no-route = 210.64.0.0/11
    no-route = 210.160.0.0/11
    no-route = 210.192.0.0/11
    no-route = 211.64.0.0/10
    no-route = 211.128.0.0/10
    no-route = 218.0.0.0/9
    no-route = 218.160.0.0/11
    no-route = 218.192.0.0/10
    no-route = 219.64.0.0/11
    no-route = 219.128.0.0/11
    no-route = 219.192.0.0/10
    no-route = 220.96.0.0/11
    no-route = 220.128.0.0/9
    no-route = 221.0.0.0/11
    no-route = 221.96.0.0/11
    no-route = 221.128.0.0/9
    no-route = 222.0.0.0/8
    no-route = 223.0.0.0/11
    no-route = 223.64.0.0/10
    no-route = 223.128.0.0/9
    lenovo
        38
    lenovo  
    OP
       2015-05-04 22:13:29 +08:00
    CIDR不行:(

    no-route = 1.0.0.0/255.128.0.0
    no-route = 1.160.0.0/255.224.0.0
    no-route = 1.192.0.0/255.224.0.0
    no-route = 14.0.0.0/255.224.0.0
    no-route = 14.96.0.0/255.224.0.0
    no-route = 14.128.0.0/255.224.0.0
    no-route = 14.192.0.0/255.224.0.0
    no-route = 27.0.0.0/255.192.0.0
    no-route = 27.96.0.0/255.224.0.0
    no-route = 27.128.0.0/255.128.0.0
    no-route = 36.0.0.0/255.192.0.0
    no-route = 36.96.0.0/255.224.0.0
    no-route = 36.128.0.0/255.128.0.0
    no-route = 39.0.0.0/255.224.0.0
    no-route = 39.64.0.0/255.192.0.0
    no-route = 39.128.0.0/255.192.0.0
    no-route = 42.0.0.0/255.0.0.0
    no-route = 43.224.0.0/255.224.0.0
    no-route = 45.64.0.0/255.192.0.0
    no-route = 47.64.0.0/255.192.0.0
    no-route = 49.0.0.0/255.128.0.0
    no-route = 49.128.0.0/255.224.0.0
    no-route = 49.192.0.0/255.192.0.0
    no-route = 54.192.0.0/255.224.0.0
    no-route = 58.0.0.0/255.128.0.0
    no-route = 58.128.0.0/255.224.0.0
    no-route = 58.192.0.0/255.192.0.0
    no-route = 59.32.0.0/255.224.0.0
    no-route = 59.64.0.0/255.192.0.0
    no-route = 59.128.0.0/255.128.0.0
    no-route = 60.0.0.0/255.192.0.0
    no-route = 60.160.0.0/255.224.0.0
    no-route = 60.192.0.0/255.192.0.0
    no-route = 61.0.0.0/255.192.0.0
    no-route = 61.64.0.0/255.224.0.0
    no-route = 61.128.0.0/255.192.0.0
    no-route = 61.224.0.0/255.224.0.0
    no-route = 101.0.0.0/255.128.0.0
    no-route = 101.128.0.0/255.224.0.0
    no-route = 101.192.0.0/255.192.0.0
    no-route = 103.0.0.0/255.192.0.0
    no-route = 103.224.0.0/255.224.0.0
    no-route = 106.0.0.0/255.128.0.0
    no-route = 106.224.0.0/255.224.0.0
    no-route = 110.0.0.0/254.0.0.0
    no-route = 112.0.0.0/255.128.0.0
    no-route = 112.128.0.0/255.224.0.0
    no-route = 112.192.0.0/255.192.0.0
    no-route = 113.0.0.0/255.128.0.0
    no-route = 113.128.0.0/255.224.0.0
    no-route = 113.192.0.0/255.192.0.0
    no-route = 114.0.0.0/255.128.0.0
    no-route = 114.128.0.0/255.224.0.0
    no-route = 114.192.0.0/255.192.0.0
    no-route = 115.0.0.0/255.0.0.0
    no-route = 116.0.0.0/255.0.0.0
    no-route = 117.0.0.0/255.128.0.0
    no-route = 117.128.0.0/255.192.0.0
    no-route = 118.0.0.0/255.224.0.0
    no-route = 118.64.0.0/255.192.0.0
    no-route = 118.128.0.0/255.128.0.0
    no-route = 119.0.0.0/255.128.0.0
    no-route = 119.128.0.0/255.192.0.0
    no-route = 119.224.0.0/255.224.0.0
    no-route = 120.0.0.0/255.192.0.0
    no-route = 120.64.0.0/255.224.0.0
    no-route = 120.128.0.0/255.224.0.0
    no-route = 120.192.0.0/255.192.0.0
    no-route = 121.0.0.0/255.128.0.0
    no-route = 121.192.0.0/255.192.0.0
    no-route = 122.0.0.0/254.0.0.0
    no-route = 124.0.0.0/255.0.0.0
    no-route = 125.0.0.0/255.128.0.0
    no-route = 125.160.0.0/255.224.0.0
    no-route = 125.192.0.0/255.192.0.0
    no-route = 139.0.0.0/255.224.0.0
    no-route = 139.128.0.0/255.128.0.0
    no-route = 140.64.0.0/255.224.0.0
    no-route = 140.128.0.0/255.224.0.0
    no-route = 140.192.0.0/255.192.0.0
    no-route = 144.0.0.0/255.192.0.0
    no-route = 144.96.0.0/255.224.0.0
    no-route = 144.224.0.0/255.224.0.0
    no-route = 150.0.0.0/255.224.0.0
    no-route = 150.96.0.0/255.224.0.0
    no-route = 150.128.0.0/255.224.0.0
    no-route = 150.192.0.0/255.192.0.0
    no-route = 152.96.0.0/255.224.0.0
    no-route = 153.0.0.0/255.192.0.0
    no-route = 153.96.0.0/255.224.0.0
    no-route = 157.0.0.0/255.192.0.0
    no-route = 157.96.0.0/255.224.0.0
    no-route = 157.128.0.0/255.224.0.0
    no-route = 157.224.0.0/255.224.0.0
    no-route = 159.224.0.0/255.224.0.0
    no-route = 161.192.0.0/255.224.0.0
    no-route = 162.96.0.0/255.224.0.0
    no-route = 163.0.0.0/255.192.0.0
    no-route = 163.96.0.0/255.224.0.0
    no-route = 163.128.0.0/255.192.0.0
    no-route = 163.192.0.0/255.224.0.0
    no-route = 166.96.0.0/255.224.0.0
    no-route = 167.128.0.0/255.192.0.0
    no-route = 168.160.0.0/255.224.0.0
    no-route = 171.0.0.0/255.128.0.0
    no-route = 171.192.0.0/255.224.0.0
    no-route = 175.0.0.0/255.128.0.0
    no-route = 175.128.0.0/255.192.0.0
    no-route = 180.64.0.0/255.192.0.0
    no-route = 180.128.0.0/255.128.0.0
    no-route = 182.0.0.0/255.0.0.0
    no-route = 183.0.0.0/255.192.0.0
    no-route = 183.64.0.0/255.224.0.0
    no-route = 183.128.0.0/255.128.0.0
    no-route = 192.96.0.0/255.224.0.0
    no-route = 192.160.0.0/255.224.0.0
    no-route = 202.0.0.0/255.128.0.0
    no-route = 202.128.0.0/255.192.0.0
    no-route = 202.192.0.0/255.224.0.0
    no-route = 203.0.0.0/255.128.0.0
    no-route = 203.128.0.0/255.192.0.0
    no-route = 203.192.0.0/255.224.0.0
    no-route = 210.0.0.0/255.192.0.0
    no-route = 210.64.0.0/255.224.0.0
    no-route = 210.160.0.0/255.224.0.0
    no-route = 210.192.0.0/255.224.0.0
    no-route = 211.64.0.0/255.192.0.0
    no-route = 211.128.0.0/255.192.0.0
    no-route = 218.0.0.0/255.128.0.0
    no-route = 218.160.0.0/255.224.0.0
    no-route = 218.192.0.0/255.192.0.0
    no-route = 219.64.0.0/255.224.0.0
    no-route = 219.128.0.0/255.224.0.0
    no-route = 219.192.0.0/255.192.0.0
    no-route = 220.96.0.0/255.224.0.0
    no-route = 220.128.0.0/255.128.0.0
    no-route = 221.0.0.0/255.224.0.0
    no-route = 221.96.0.0/255.224.0.0
    no-route = 221.128.0.0/255.128.0.0
    no-route = 222.0.0.0/255.0.0.0
    no-route = 223.0.0.0/255.224.0.0
    no-route = 223.64.0.0/255.192.0.0
    no-route = 223.128.0.0/255.128.0.0
    lenovo
        39
    lenovo  
    OP
       2015-05-04 22:48:24 +08:00
    @LazyZhu PC客户端不知为何少一条192.160.0.0/11,iOS上是正常的
    LazyZhu
        40
    LazyZhu  
       2015-05-04 23:01:02 +08:00
    @lenovo 含内网地址的(152条):
    0.0.0.0/8
    1.0.0.0/9
    1.160.0.0/11
    1.192.0.0/11
    10.0.0.0/8
    14.0.0.0/11
    14.96.0.0/11
    14.128.0.0/11
    14.192.0.0/11
    27.0.0.0/10
    27.96.0.0/11
    27.128.0.0/9
    36.0.0.0/10
    36.96.0.0/11
    36.128.0.0/9
    39.0.0.0/11
    39.64.0.0/10
    39.128.0.0/10
    42.0.0.0/8
    43.224.0.0/11
    45.64.0.0/10
    47.64.0.0/10
    49.0.0.0/9
    49.128.0.0/11
    49.192.0.0/10
    54.192.0.0/11
    58.0.0.0/9
    58.128.0.0/11
    58.192.0.0/10
    59.32.0.0/11
    59.64.0.0/10
    59.128.0.0/9
    60.0.0.0/10
    60.160.0.0/11
    60.192.0.0/10
    61.0.0.0/10
    61.64.0.0/11
    61.128.0.0/10
    61.224.0.0/11
    100.64.0.0/10
    101.0.0.0/9
    101.128.0.0/11
    101.192.0.0/10
    103.0.0.0/10
    103.224.0.0/11
    106.0.0.0/9
    106.224.0.0/11
    110.0.0.0/7
    112.0.0.0/9
    112.128.0.0/11
    112.192.0.0/10
    113.0.0.0/9
    113.128.0.0/11
    113.192.0.0/10
    114.0.0.0/9
    114.128.0.0/11
    114.192.0.0/10
    115.0.0.0/8
    116.0.0.0/8
    117.0.0.0/9
    117.128.0.0/10
    118.0.0.0/11
    118.64.0.0/10
    118.128.0.0/9
    119.0.0.0/9
    119.128.0.0/10
    119.224.0.0/11
    120.0.0.0/10
    120.64.0.0/11
    120.128.0.0/11
    120.192.0.0/10
    121.0.0.0/9
    121.192.0.0/10
    122.0.0.0/7
    124.0.0.0/8
    125.0.0.0/9
    125.160.0.0/11
    125.192.0.0/10
    127.0.0.0/8
    139.0.0.0/11
    139.128.0.0/9
    140.64.0.0/11
    140.128.0.0/11
    140.192.0.0/10
    144.0.0.0/10
    144.96.0.0/11
    144.224.0.0/11
    150.0.0.0/11
    150.96.0.0/11
    150.128.0.0/11
    150.192.0.0/10
    152.96.0.0/11
    153.0.0.0/10
    153.96.0.0/11
    157.0.0.0/10
    157.96.0.0/11
    157.128.0.0/11
    157.224.0.0/11
    159.224.0.0/11
    161.192.0.0/11
    162.96.0.0/11
    163.0.0.0/10
    163.96.0.0/11
    163.128.0.0/10
    163.192.0.0/11
    166.96.0.0/11
    167.128.0.0/10
    168.160.0.0/11
    169.224.0.0/11
    171.0.0.0/9
    171.192.0.0/11
    172.0.0.0/11
    175.0.0.0/9
    175.128.0.0/10
    180.64.0.0/10
    180.128.0.0/9
    182.0.0.0/8
    183.0.0.0/10
    183.64.0.0/11
    183.128.0.0/9
    192.0.0.0/11
    192.64.0.0/10
    192.160.0.0/11
    198.0.0.0/10
    202.0.0.0/9
    202.128.0.0/10
    202.192.0.0/11
    203.0.0.0/9
    203.128.0.0/10
    203.192.0.0/11
    210.0.0.0/10
    210.64.0.0/11
    210.160.0.0/11
    210.192.0.0/11
    211.64.0.0/10
    211.128.0.0/10
    218.0.0.0/9
    218.160.0.0/11
    218.192.0.0/10
    219.64.0.0/11
    219.128.0.0/11
    219.192.0.0/10
    220.96.0.0/11
    220.128.0.0/9
    221.0.0.0/11
    221.96.0.0/11
    221.128.0.0/9
    222.0.0.0/8
    223.0.0.0/11
    223.64.0.0/10
    223.128.0.0/9
    224.0.0.0/3
    lenovo
        41
    lenovo  
    OP
       2015-05-04 23:12:34 +08:00
    @LazyZhu 内网好像自动丢弃了,192.160.0.0/11 含了192.168.x.x,就不接收
    排除以后好了
    192.160.0.0/255.248.0.0
    192.169.0.0/255.255.0.0
    192.170.0.0/255.254.0.0
    192.172.0.0/255.252.0.0
    192.176.0.0/255.240.0.0
    LazyZhu
        42
    LazyZhu  
       2015-05-04 23:26:27 +08:00
    @lenovo http://en.wikipedia.org/wiki/Reserved_IP_addresses
    0.0.0.0/8
    10.0.0.0/8
    100.64.0.0/10
    127.0.0.0/8
    169.254.0.0/16
    172.16.0.0/12
    192.0.0.0/24
    192.0.2.0/24
    192.88.99.0/24
    192.168.0.0/16
    198.18.0.0/15
    198.51.100.0/24
    203.0.113.0/24
    224.0.0.0/4
    240.0.0.0/4
    255.255.255.255/32
    lenovo
        43
    lenovo  
    OP
       2015-05-05 00:55:47 +08:00   ❤️ 2
    @LazyZhu 多谢,最终结果:
    不含内网147行: https://cnlic.com/wp-content/uploads/2015/04/cn-no-route.txt
    包含内网155行: https://cnlic.com/wp-content/uploads/2015/04/cn-no-route2.txt

    最后贴个在线转换合并的工具网页,很不错:)
    http://www.stopforumspam.com/aggregate
    wysard
        44
    wysard  
       2015-05-05 01:27:38 +08:00
    我是这么写的:
    # Option to allow sending arbitrary custom headers to the client after
    # authentication and prior to VPN tunnel establishment.
    #custom-header = "X-My-Header: hi there"

    #example: custom-header = "X-CSTP-Split-Exclude: IPrange/Mask"
    custom-header = "X-CSTP-Split-Exclude: 10.0.0.0/255.0.0.0"

    不知和路由表的实现方式是否一样。
    LazyZhu
        45
    LazyZhu  
       2015-05-05 09:44:34 +08:00 via iPhone
    You can specify either split-include or split-exclude, but you cannot specify both options.

    http://www.cisco.com/c/en/us/products/collateral/security/ios-sslvpn/prod_white_paper0900aecd80512071.html
    kkxxxxxxx
        46
    kkxxxxxxx  
       2015-05-05 15:08:15 +08:00
    @lenovo Instagram不全
    lenovo
        47
    lenovo  
    OP
       2015-05-05 15:21:04 +08:00
    @kkxxxxxxx 这个路由表是指定哪些IP不走VPN,没在这里列出的全部走VPN了,Instagram应该没有国内的IP吧
    lenovo
        48
    lenovo  
    OP
       2015-05-05 15:23:28 +08:00
    @LazyZhu 含内网的只有192.160.0.0/11这一条有问题,最后分开弄了,要不然PC端整条都接收不到
    bellchu
        49
    bellchu  
       2015-05-05 16:32:01 +08:00
    @lenovo 试过了没? 客户端接收这么多条路由记录之后慢吗?

    我看了看我的小路由器,注入了1658条路由。性能无损。
    bellchu
        50
    bellchu  
       2015-05-05 16:35:36 +08:00
    IP routing table name is default (0x0)
    IP routing table maximum-paths is 32
    Route Source Networks Subnets Replicates Overhead Memory (bytes)
    connected 0 4 0 240 720
    static 1658 1097 0 165300 495900
    internal 58 129576
    Total 1716 1101 0 165540 626196
    lenovo
        51
    lenovo  
    OP
       2015-05-05 17:15:27 +08:00
    @bellchu 部署在 /t/187793 里的VPS上了,你可以试试...
    bellchu
        52
    bellchu  
       2015-05-05 17:29:51 +08:00
    @lenovo 好的 多谢! 我有空试试看 你自己用下来客户端CPU占用率如何?
    kkxxxxxxx
        53
    kkxxxxxxx  
       2015-05-06 08:59:59 +08:00
    @lenovo 你试下,确实很多刷不出来,我现在用的这个https://github.com/humiaozuzu/ocserv-build/blob/master/config/config,相对全一些,但是也有个别影响到的
    lenovo
        54
    lenovo  
    OP
       2015-05-06 09:37:21 +08:00
    @kkxxxxxxx 服务器端要修改src/vpn.h后重新编译才行,要不就是只接收96条,你发的链接里刚好是96条

    为尽可能实现精准的国内外智能分流,需要修改src/vpn.h,增大路由表数量:找到#define MAX_CONFIG_ENTRIES 96这一行(第417行),把96改成200以上(Cisco AnyConnect最多只能接收200条路由表)
    kkxxxxxxx
        55
    kkxxxxxxx  
       2015-05-10 12:06:12 +08:00
    @lenovo 嗯,有修改200条,只是我不会写路由表,所以只能拿别人的来用,哈
    jaleo
        56
    jaleo  
       2015-05-11 13:57:19 +08:00
    @lenovo [不含内网147行: https://cnlic.com/wp-content/uploads/2015/04/cn-no-route.txt
    包含内网155行: https://cnlic.com/wp-content/uploads/2015/04/cn-no-route2.txt]
    请问这些地址是国内的IP吗?
    lenovo
        57
    lenovo  
    OP
       2015-05-11 14:04:11 +08:00
    @jaleo 范围扩大了,包含国内IP,也包含部分国外IP
    纯国内的,参考https://github.com/CNMan/ocserv-cn-no-route/blob/master/chnroute_merged.txt
    jaleo
        58
    jaleo  
       2015-05-11 14:26:18 +08:00
    @lenovo 这个太长了 有什么工具可以合并成200条之内?
    lenovo
        59
    lenovo  
    OP
       2015-05-11 16:24:15 +08:00
    @jaleo cn-no-route2.txt 就是200条之内,要想合并就要扩大范围,200条之内最优解就是143行,再加上一些内网的IP
    moonagic
        60
    moonagic  
       2015-05-14 14:29:27 +08:00
    ocserv修改后重新编译过,但是anyconnect客户端里还是只显示了96条路由
    比较费解...
    zpljd
        61
    zpljd  
       2015-06-13 13:03:56 +08:00
    请教一下,是用你的github里面的路由表.发现appstore下载或者更新全部都走VPS的流量.另外QQ发消息出现明显的延迟.这是不是还缺了点什么?anyconnect可以支持200条.您这边添加了162条 应该还有发展的空间的
    lenovo
        62
    lenovo  
    OP
       2015-06-15 09:15:26 +08:00
    @zpljd readme里说明了产生过程,现在是全部/12及以上改成/11,再要弄的话就是部分/12及以上改成/11,可以缩小点误差,但是感觉意义不大了,要是支持能支持3576行的chnroute_merged.txt的就好了...appstore走VPN可能是域名解析到no-route之外的IP了,QQ貌似是直接走IP的,出现延迟不知道是怎么回事
    lenovo
        63
    lenovo  
    OP
       2015-06-15 09:42:39 +08:00
    @moonagic 先停止ocserv进程再编译试试
    zpljd
        64
    zpljd  
       2015-06-18 21:36:46 +08:00
    @lenovo 我目前的解决方式是,在anyconnect里面打开按需连接,其中有一个"永不连接"中输入apple.com,测试用应该是解决了目前出现的会走app store的问题.我不知道您用的是ios或者是anyconnect.应该不会就我出现这个问题吧...
    另,最新的ios端的anyconnect出现了一个"应用规则"这个选项,无法在手机上上进行配置,而ocserv似乎也没有相关的配置可以添加应用规则,如果类似shadowsocks这样可以选择某些应用全局走VPN流量的话 anyconnect不是为一个牛逼的移动端解决方案.
    另外,想请教一下您,如果您使用的是ios8.3,并且VPS使用的比如是DO或者linode这类的常用的服务商,您是否会出现测速中,上传比下载快的情况?我查过相关讨论.有人建议是关闭了压缩就可以解决,事实上解决下载的确速度提高了,但是事实上视频非常卡,如果您有好的解决方案,希望您可以抽空回复一下,谢谢!
    shierji
        65
    shierji  
       2015-07-01 21:19:06 +08:00
    @lenovo 你这域名好叼炸条
    benwwchen
        66
    benwwchen  
       2015-08-08 13:16:10 +08:00
    我想请问网易云音乐为什么还是会走VPN?抓包看到DNS返回的几个IP好像都在cn-no-route.txt范围里了,但就是不直连,微信之类的是正常直连的所以路由表应该是生效了的。
    benwwchen
        67
    benwwchen  
       2015-08-08 13:37:56 +08:00
    刚刚发现原来是服务器端的pdnsd没设好导致网易云音乐解析出美国IP了……
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   3211 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 41ms · UTC 12:25 · PVG 20:25 · LAX 04:25 · JFK 07:25
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.