这样弄 ocserv 的 no-route 路由表有问题吗? - V2EX
首页 注册 登录
V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
lenovo
V2EX    问与答

这样弄 ocserv 的 no-route 路由表有问题吗?

  •   
  •   lenovo 2015-05-04 12:07:30 +08:00 10310 次点击
    这是一个创建于 3817 天前的主题,其中的信息可能已经有所发展或是发生改变。
    no-route = 1.0.0.0/255.0.0.0 no-route = 14.0.0.0/255.0.0.0 no-route = 27.0.0.0/255.0.0.0 no-route = 36.0.0.0/255.0.0.0 no-route = 39.0.0.0/255.0.0.0 no-route = 42.0.0.0/255.0.0.0 no-route = 43.0.0.0/255.0.0.0 no-route = 45.0.0.0/255.0.0.0 no-route = 47.0.0.0/255.0.0.0 no-route = 49.0.0.0/255.0.0.0 no-route = 54.0.0.0/255.0.0.0 no-route = 58.0.0.0/255.0.0.0 no-route = 59.0.0.0/255.0.0.0 no-route = 60.0.0.0/255.0.0.0 no-route = 61.0.0.0/255.0.0.0 no-route = 101.0.0.0/255.0.0.0 no-route = 103.0.0.0/255.0.0.0 no-route = 106.0.0.0/255.0.0.0 no-route = 110.0.0.0/255.0.0.0 no-route = 111.0.0.0/255.0.0.0 no-route = 112.0.0.0/255.0.0.0 no-route = 113.0.0.0/255.0.0.0 no-route = 114.0.0.0/255.0.0.0 no-route = 115.0.0.0/255.0.0.0 no-route = 116.0.0.0/255.0.0.0 no-route = 117.0.0.0/255.0.0.0 no-route = 118.0.0.0/255.0.0.0 no-route = 119.0.0.0/255.0.0.0 no-route = 120.0.0.0/255.0.0.0 no-route = 121.0.0.0/255.0.0.0 no-route = 122.0.0.0/255.0.0.0 no-route = 123.0.0.0/255.0.0.0 no-route = 124.0.0.0/255.0.0.0 no-route = 125.0.0.0/255.0.0.0 no-route = 139.0.0.0/255.0.0.0 no-route = 140.0.0.0/255.0.0.0 no-route = 144.0.0.0/255.0.0.0 no-route = 150.0.0.0/255.0.0.0 no-route = 152.0.0.0/255.0.0.0 no-route = 153.0.0.0/255.0.0.0 no-route = 157.0.0.0/255.0.0.0 no-route = 159.0.0.0/255.0.0.0 no-route = 161.0.0.0/255.0.0.0 no-route = 162.0.0.0/255.0.0.0 no-route = 163.0.0.0/255.0.0.0 no-route = 166.0.0.0/255.0.0.0 no-route = 167.0.0.0/255.0.0.0 no-route = 168.0.0.0/255.0.0.0 no-route = 171.0.0.0/255.0.0.0 no-route = 175.0.0.0/255.0.0.0 no-route = 180.0.0.0/255.0.0.0 no-route = 182.0.0.0/255.0.0.0 no-route = 183.0.0.0/255.0.0.0 no-route = 192.0.0.0/255.0.0.0 no-route = 202.0.0.0/255.0.0.0 no-route = 203.0.0.0/255.0.0.0 no-route = 210.0.0.0/255.0.0.0 no-route = 211.0.0.0/255.0.0.0 no-route = 218.0.0.0/255.0.0.0 no-route = 219.0.0.0/255.0.0.0 no-route = 220.0.0.0/255.0.0.0 no-route = 221.0.0.0/255.0.0.0 no-route = 222.0.0.0/255.0.0.0 no-route = 223.0.0.0/255.0.0.0

    64行,看了下ios上cisco anyconnect的路由表,貌似都收到了
    用起来貌似也分流了,就是不知道有多大误差?

    第 1 条附言    2015-05-12 22:03:26 +08:00
    最果:https://github.com/CNMan/ocserv-cn-no-route
  • Route
  • ocserv
  • anyconnect
    67 条回复    2015-08-08 13:37:56 +08:00
    LazyZhu
        1
    LazyZhu  
       2015-05-04 12:24:26 +08:00 via iPhone
    64+200 应该有个最优解的
    LazyZhu
        2
    LazyZhu  
       2015-05-04 13:35:29 +08:00 via iPhone
    route和no-route在ocserv里面哪个优先判断,这关系到路由表的分配
    sdysj
        3
    sdysj  
       2015-05-04 13:52:07 +08:00
    误差不大,就算误差都是些东南亚或者新西兰之类的,cloudflare 可能受点影响。
    regeditms
        4
    regeditms  
       2015-05-04 13:52:53 +08:00
    route 和 no-route 只能存在一个。优先判断route,这两个都能有200条,楼主你这样是过滤国内的吗?我试过 国内ip段 前200条 但是感觉效果还是不那么好。
    ddqp
        5
    ddqp  
       2015-05-04 13:56:57 +08:00 via iPhone
    这个应该放在哪里?
    lenovo
        6
    lenovo  
    OP
       2015-05-04 14:11:02 +08:00
    @LazyZhu @regeditms 我的route是空的

    @ddqp 放ocserv.conf里
    LazyZhu
        7
    LazyZhu  
       2015-05-04 14:24:38 +08:00 via iPhone
    @regeditms 看文档说明是可以一起用的
    # To set the server as the default gateway for the client just
    # comment out all routes from the server, or use the special keyword
    # ’default’.

    route = 10.10.10.0/255.255.255.0
    route = 192.168.0.0/255.255.0.0
    #route = fef4:db8:1000:1001::/64

    # Subsets of the routes above that will not be routed by
    # the server. Note, that this may currently be not be supported
    # by openconnect clients.

    no-route = 192.168.5.0/255.255.255.0


    http://www.infradead.org/ocserv/manual.html
    ddqp
        8
    ddqp  
       2015-05-04 14:27:31 +08:00 via iPhone
    谢谢,我回去试试看
    lucifer9
        9
    lucifer9  
       2015-05-04 14:28:17 +08:00
    文档只是分别说了两者的用法而已
    至于是否可以一起用,试试就知道了
    LazyZhu
        10
    LazyZhu  
       2015-05-04 14:34:28 +08:00 via iPhone
    no-route优先级别比route高,上面样例效果就是路由192.168.0.0/16 ,但是排除192.168.5.0/24
    关键是客户端也得支持
    LazyZhu
        11
    LazyZhu  
       2015-05-04 14:36:33 +08:00 via iPhone
    @lucifer9 再去读读,aboue...above...above
    Daniel65536
        12
    Daniel65536  
       2015-05-04 14:37:30 +08:00 via iPad
    Anyconnect不支持混用。以最后一条是route还是noroute决定只保留哪种。
    LazyZhu
        13
    LazyZhu  
       2015-05-04 14:38:43 +08:00 via iPhone
    @Daniel65536
    LazyZhu
        14
    LazyZhu  
       2015-05-04 14:45:05 +08:00 via iPhone
    Cisco开发人员明显偷懒了
    OpenConnect 应该支持的
    bellchu
        15
    bellchu  
       2015-05-04 14:45:58 +08:00
    帮你汇总了一下

    1.0.0.0/8
    14.0.0.0/8
    27.0.0.0/8
    36.0.0.0/8
    39.0.0.0/8
    42.0.0.0/7
    45.0.0.0/8
    47.0.0.0/8
    49.0.0.0/8
    54.0.0.0/8
    58.0.0.0/7
    60.0.0.0/7
    101.0.0.0/8
    103.0.0.0/8
    106.0.0.0/8
    110.0.0.0/7
    112.0.0.0/5
    120.0.0.0/6
    124.0.0.0/7
    139.0.0.0/8
    140.0.0.0/8
    144.0.0.0/8
    150.0.0.0/8
    152.0.0.0/7
    157.0.0.0/8
    159.0.0.0/8
    161.0.0.0/8
    162.0.0.0/7
    166.0.0.0/7
    168.0.0.0/8
    171.0.0.0/8
    175.0.0.0/8
    180.0.0.0/8
    182.0.0.0/7
    192.0.0.0/8
    202.0.0.0/7
    210.0.0.0/7
    218.0.0.0/7
    220.0.0.0/6
    bellchu
        16
    bellchu  
       2015-05-04 14:58:51 +08:00
    @LazyZhu
    应该反过来说
    OpenConnect开发人员明显偷懒了
    Cisco应该支持的

    Cisco用的是Split Tunnel,用ACL控制哪些流量走VPN Tunnel,哪些走default gateway。
    lenovo
        17
    lenovo  
    OP
       2015-05-04 15:00:31 +08:00
    @bellchu 要是支持ACL分流就精确多了
    loca1h0st
        18
    loca1h0st  
       2015-05-04 15:04:18 +08:00
    貌似熊猫翻就是用的顶楼的路由表?
    Yien
        19
    Yien  
       2015-05-04 15:04:48 +08:00 via Android
    0.10.2还是会断,不知道0.10.4解决没有。
    bellchu
        20
    bellchu  
       2015-05-04 15:14:30 +08:00
    @lenovo 楼主贴的是APNIC的Asia IP Range, 范围太大了

    这个是APNIC的所有详细IP信息

    自己用vim提取一下中国的IP就行了
    bellchu
        21
    bellchu  
       2015-05-04 15:14:53 +08:00
    @lenovo 地址没贴。。。。。
    http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest
    LazyZhu
        22
    LazyZhu  
       2015-05-04 15:15:36 +08:00 via iPhone
    @bellchu 也对也不对,其实两者一样但不兼容
    bellchu
        23
    bellchu  
       2015-05-04 15:20:39 +08:00
    @LazyZhu
    Cisco搞AnyConnect不是为了兼容OpenConnect的
    OpenConnect开发出来是号称兼容AnyConnect和Juniper的SSL VPN客户端的

    Cisco没有义务去兼容OpenConnect,ocserv与AnyConnect客户端不完全兼容总不能抱怨Cisco工程师偷懒吧。
    lenovo
        24
    lenovo  
    OP
       2015-05-04 15:33:03 +08:00
    @bellchu 这样处理是精确点,但是路由表太长了,据说客户端接收不全?
    curl 'http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest' | grep ipv4 | grep CN | awk -F\| '{ printf("%s/%d\n", $4, 32-log($5)/log(2)) }' > chnroute.txt
    kkxxxxxxx
        25
    kkxxxxxxx  
       2015-05-04 15:34:57 +08:00
    @bellchu 这种格式也可以?
    bellchu
        26
    bellchu  
       2015-05-04 15:38:08 +08:00
    @lenovo 肯定要做汇总的,不然路由条数太多会死机的。
    但是这么做至少比你用A类地址做过滤要精确的多
    bellchu
        27
    bellchu  
       2015-05-04 15:45:24 +08:00
    @lenovo 看了一下5502条记录能精确汇总到3573条
    试试看忽略16位掩码以上的IP
    bellchu
        28
    bellchu  
       2015-05-04 15:53:47 +08:00
    @kkxxxxxxx 用CIDR汇总起来比较直观,不然太多5和0看起来会眼花,至于ocserv支持不支持我真不知道,没怎么用过ocserv,只是装了下看了看效果。
    LazyZhu
        29
    LazyZhu  
       2015-05-04 18:41:12 +08:00
    @lenovo 误差非常大
    ipv4:3504465208
    reserved:592708865
    chnroute:334478336
    64-route:1073741824
    (1073741824-334478336)/(3504465208-592708865)=0.2539
    lenovo
        30
    lenovo  
    OP
       2015-05-04 19:07:57 +08:00
    @LazyZhu 那也没办法啊,有什么好的解决方案么?
    LazyZhu
        31
    LazyZhu  
       2015-05-04 19:23:21 +08:00
    @lenovo
    t/136431 改成200,误差可以缩小
    shangjiyu
        32
    shangjiyu  
       2015-05-04 19:37:55 +08:00
    @LazyZhu 这个真的没有限制么?
    https://raw.githubusercontent.com/fanyueciyuan/eazy-for-ss/master/chnroutes/ocserv.conf
    这里建议改到6000 。。。
    Daniel65536
        33
    Daniel65536  
       2015-05-04 19:47:23 +08:00 via iPad
    @shangjiyu Anyconnect写死了上限200。
    LazyZhu
        34
    LazyZhu  
       2015-05-04 20:11:08 +08:00
    @lenovo @shangjiyu 143条:
    1.0.0.0/255.128.0.0
    1.160.0.0/255.224.0.0
    1.192.0.0/255.224.0.0
    14.0.0.0/255.224.0.0
    14.96.0.0/255.224.0.0
    14.128.0.0/255.224.0.0
    14.192.0.0/255.224.0.0
    27.0.0.0/255.192.0.0
    27.96.0.0/255.224.0.0
    27.128.0.0/255.128.0.0
    36.0.0.0/255.192.0.0
    36.96.0.0/255.224.0.0
    36.128.0.0/255.128.0.0
    39.0.0.0/255.224.0.0
    39.64.0.0/255.192.0.0
    39.128.0.0/255.192.0.0
    42.0.0.0/255.0.0.0
    43.224.0.0/255.224.0.0
    45.64.0.0/255.192.0.0
    47.64.0.0/255.192.0.0
    49.0.0.0/255.128.0.0
    49.128.0.0/255.224.0.0
    49.192.0.0/255.192.0.0
    54.192.0.0/255.224.0.0
    58.0.0.0/255.128.0.0
    58.128.0.0/255.224.0.0
    58.192.0.0/255.192.0.0
    59.32.0.0/255.224.0.0
    59.64.0.0/255.192.0.0
    59.128.0.0/255.128.0.0
    60.0.0.0/255.192.0.0
    60.160.0.0/255.224.0.0
    60.192.0.0/255.192.0.0
    61.0.0.0/255.192.0.0
    61.64.0.0/255.224.0.0
    61.128.0.0/255.192.0.0
    61.224.0.0/255.224.0.0
    101.0.0.0/255.128.0.0
    101.128.0.0/255.224.0.0
    101.192.0.0/255.192.0.0
    103.0.0.0/255.192.0.0
    103.224.0.0/255.224.0.0
    106.0.0.0/255.128.0.0
    106.224.0.0/255.224.0.0
    110.0.0.0/254.0.0.0
    112.0.0.0/255.128.0.0
    112.128.0.0/255.224.0.0
    112.192.0.0/255.192.0.0
    113.0.0.0/255.128.0.0
    113.128.0.0/255.224.0.0
    113.192.0.0/255.192.0.0
    114.0.0.0/255.128.0.0
    114.128.0.0/255.224.0.0
    114.192.0.0/255.192.0.0
    115.0.0.0/255.0.0.0
    116.0.0.0/255.0.0.0
    117.0.0.0/255.128.0.0
    117.128.0.0/255.192.0.0
    118.0.0.0/255.224.0.0
    118.64.0.0/255.192.0.0
    118.128.0.0/255.128.0.0
    119.0.0.0/255.128.0.0
    119.128.0.0/255.192.0.0
    119.224.0.0/255.224.0.0
    120.0.0.0/255.192.0.0
    120.64.0.0/255.224.0.0
    120.128.0.0/255.224.0.0
    120.192.0.0/255.192.0.0
    121.0.0.0/255.128.0.0
    121.192.0.0/255.192.0.0
    122.0.0.0/254.0.0.0
    124.0.0.0/255.0.0.0
    125.0.0.0/255.128.0.0
    125.160.0.0/255.224.0.0
    125.192.0.0/255.192.0.0
    139.0.0.0/255.224.0.0
    139.128.0.0/255.128.0.0
    140.64.0.0/255.224.0.0
    140.128.0.0/255.224.0.0
    140.192.0.0/255.192.0.0
    144.0.0.0/255.192.0.0
    144.96.0.0/255.224.0.0
    144.224.0.0/255.224.0.0
    150.0.0.0/255.224.0.0
    150.96.0.0/255.224.0.0
    150.128.0.0/255.224.0.0
    150.192.0.0/255.192.0.0
    152.96.0.0/255.224.0.0
    153.0.0.0/255.192.0.0
    153.96.0.0/255.224.0.0
    157.0.0.0/255.192.0.0
    157.96.0.0/255.224.0.0
    157.128.0.0/255.224.0.0
    157.224.0.0/255.224.0.0
    159.224.0.0/255.224.0.0
    161.192.0.0/255.224.0.0
    162.96.0.0/255.224.0.0
    163.0.0.0/255.192.0.0
    163.96.0.0/255.224.0.0
    163.128.0.0/255.192.0.0
    163.192.0.0/255.224.0.0
    166.96.0.0/255.224.0.0
    167.128.0.0/255.192.0.0
    168.160.0.0/255.224.0.0
    171.0.0.0/255.128.0.0
    171.192.0.0/255.224.0.0
    175.0.0.0/255.128.0.0
    175.128.0.0/255.192.0.0
    180.64.0.0/255.192.0.0
    180.128.0.0/255.128.0.0
    182.0.0.0/255.0.0.0
    183.0.0.0/255.192.0.0
    183.64.0.0/255.224.0.0
    183.128.0.0/255.128.0.0
    192.96.0.0/255.224.0.0
    192.160.0.0/255.224.0.0
    202.0.0.0/255.128.0.0
    202.128.0.0/255.192.0.0
    202.192.0.0/255.224.0.0
    203.0.0.0/255.128.0.0
    203.128.0.0/255.192.0.0
    203.192.0.0/255.224.0.0
    210.0.0.0/255.192.0.0
    210.64.0.0/255.224.0.0
    210.160.0.0/255.224.0.0
    210.192.0.0/255.224.0.0
    211.64.0.0/255.192.0.0
    211.128.0.0/255.192.0.0
    218.0.0.0/255.128.0.0
    218.160.0.0/255.224.0.0
    218.192.0.0/255.192.0.0
    219.64.0.0/255.224.0.0
    219.128.0.0/255.224.0.0
    219.192.0.0/255.192.0.0
    220.96.0.0/255.224.0.0
    220.128.0.0/255.128.0.0
    221.0.0.0/255.224.0.0
    221.96.0.0/255.224.0.0
    221.128.0.0/255.128.0.0
    222.0.0.0/255.0.0.0
    223.0.0.0/255.224.0.0
    223.64.0.0/255.192.0.0
    223.128.0.0/255.128.0.0

    all:3504465208
    reserved:592708865
    (713031680-334478336)/(3504465208-592708865)=0.13
    误差减少了一半

    我试试route...
    lenovo
        35
    lenovo  
    OP
       2015-05-04 20:28:37 +08:00
    @LazyZhu 我这样弄不知道对不对?
    把所有/13及以上都弄成/12,然后合并,是150条
    把所有/14及以上都弄成/13,然后合并,是230条

    看来/12是最优?谁给专程CIDR格式?
    1.0.0.0-1.95.255.255
    1.112.0.0-1.127.255.255
    1.176.0.0-1.207.255.255
    14.0.0.0-14.31.255.255
    14.96.0.0-14.159.255.255
    14.192.0.0-14.223.255.255
    27.0.0.0-27.63.255.255
    27.96.0.0-27.159.255.255
    27.176.0.0-27.239.255.255
    36.0.0.0-36.63.255.255
    36.96.0.0-36.223.255.255
    36.240.0.0-36.255.255.255
    39.0.0.0-39.15.255.255
    39.64.0.0-39.111.255.255
    39.128.0.0-39.191.255.255
    42.0.0.0-42.15.255.255
    42.48.0.0-42.63.255.255
    42.80.0.0-42.255.255.255
    43.224.0.0-43.255.255.255
    45.64.0.0-45.79.255.255
    45.112.0.0-45.127.255.255
    47.80.0.0-47.127.255.255
    49.0.0.0-49.15.255.255
    49.48.0.0-49.95.255.255
    49.112.0.0-49.159.255.255
    49.208.0.0-49.255.255.255
    54.208.0.0-54.223.255.255
    58.0.0.0-58.159.255.255
    58.192.0.0-58.223.255.255
    58.240.0.0-58.255.255.255
    59.32.0.0-59.111.255.255
    59.144.0.0-60.31.255.255
    60.48.0.0-60.63.255.255
    60.160.0.0-61.63.255.255
    61.80.0.0-61.95.255.255
    61.128.0.0-61.191.255.255
    61.224.0.0-61.255.255.255
    101.0.0.0-101.159.255.255
    101.192.0.0-101.207.255.255
    101.224.0.0-101.255.255.255
    103.0.0.0-103.63.255.255
    103.224.0.0-103.255.255.255
    106.0.0.0-106.127.255.255
    106.224.0.0-106.239.255.255
    110.0.0.0-110.127.255.255
    110.144.0.0-111.95.255.255
    111.112.0.0-111.239.255.255
    112.0.0.0-112.143.255.255
    112.192.0.0-112.207.255.255
    112.224.0.0-113.143.255.255
    113.192.0.0-113.255.255.255
    114.16.0.0-114.31.255.255
    114.48.0.0-114.143.255.255
    114.192.0.0-114.255.255.255
    115.16.0.0-115.127.255.255
    115.144.0.0-115.239.255.255
    116.0.0.0-116.31.255.255
    116.48.0.0-116.95.255.255
    116.112.0.0-117.191.255.255
    118.16.0.0-118.31.255.255
    118.64.0.0-118.159.255.255
    118.176.0.0-119.191.255.255
    119.224.0.0-120.95.255.255
    120.128.0.0-120.143.255.255
    120.192.0.0-121.111.255.255
    121.192.0.0-121.207.255.255
    121.224.0.0-122.15.255.255
    122.48.0.0-122.159.255.255
    122.176.0.0-122.207.255.255
    122.224.0.0-123.15.255.255
    123.48.0.0-123.207.255.255
    123.224.0.0-124.47.255.255
    124.64.0.0-124.175.255.255
    124.192.0.0-124.255.255.255
    125.16.0.0-125.127.255.255
    125.160.0.0-125.175.255.255
    125.208.0.0-125.223.255.255
    125.240.0.0-125.255.255.255
    139.0.0.0-139.15.255.255
    139.128.0.0-139.239.255.255
    140.64.0.0-140.79.255.255
    140.128.0.0-140.143.255.255
    140.192.0.0-140.255.255.255
    144.0.0.0-144.15.255.255
    144.48.0.0-144.63.255.255
    144.112.0.0-144.127.255.255
    144.240.0.0-144.255.255.255
    150.0.0.0-150.15.255.255
    150.112.0.0-150.143.255.255
    150.208.0.0-150.223.255.255
    150.240.0.0-150.255.255.255
    152.96.0.0-152.111.255.255
    153.0.0.0-153.15.255.255
    153.32.0.0-153.47.255.255
    153.96.0.0-153.127.255.255
    157.0.0.0-157.31.255.255
    157.48.0.0-157.63.255.255
    157.112.0.0-157.127.255.255
    157.144.0.0-157.159.255.255
    157.240.0.0-157.255.255.255
    159.224.0.0-159.239.255.255
    161.192.0.0-161.207.255.255
    162.96.0.0-162.111.255.255
    163.0.0.0-163.15.255.255
    163.32.0.0-163.63.255.255
    163.112.0.0-163.143.255.255
    163.176.0.0-163.207.255.255
    166.96.0.0-166.111.255.255
    167.128.0.0-167.143.255.255
    167.176.0.0-167.191.255.255
    168.160.0.0-168.175.255.255
    171.0.0.0-171.15.255.255
    171.32.0.0-171.47.255.255
    171.80.0.0-171.127.255.255
    171.208.0.0-171.223.255.255
    175.0.0.0-175.111.255.255
    175.144.0.0-175.191.255.255
    180.64.0.0-180.239.255.255
    182.16.0.0-182.63.255.255
    182.80.0.0-182.175.255.255
    182.192.0.0-182.207.255.255
    182.224.0.0-183.95.255.255
    183.128.0.0-183.255.255.255
    192.112.0.0-192.127.255.255
    192.176.0.0-192.191.255.255
    202.0.0.0-202.207.255.255
    203.0.0.0-203.223.255.255
    210.0.0.0-210.95.255.255
    210.176.0.0-210.207.255.255
    211.64.0.0-211.111.255.255
    211.128.0.0-211.175.255.255
    218.0.0.0-218.31.255.255
    218.48.0.0-218.111.255.255
    218.176.0.0-218.207.255.255
    218.240.0.0-218.255.255.255
    219.64.0.0-219.95.255.255
    219.128.0.0-219.159.255.255
    219.208.0.0-219.255.255.255
    220.96.0.0-220.127.255.255
    220.144.0.0-220.207.255.255
    220.224.0.0-221.15.255.255
    221.112.0.0-221.143.255.255
    221.160.0.0-221.239.255.255
    222.16.0.0-222.95.255.255
    222.112.0.0-222.143.255.255
    222.160.0.0-222.223.255.255
    222.240.0.0-223.31.255.255
    223.64.0.0-223.175.255.255
    223.192.0.0-223.223.255.255
    223.240.0.0-223.255.255.255
    LazyZhu
        36
    LazyZhu  
       2015-05-04 20:35:51 +08:00
    @lenovo 配置里面的格式不是cidr,是netmask,等我转换下
    lenovo
        37
    lenovo  
    OP
       2015-05-04 21:54:26 +08:00
    @LazyZhu 转完之后又超过200行了,最后弄成/11,143行,你的是对的

    no-route = 1.0.0.0/9
    no-route = 1.160.0.0/11
    no-route = 1.192.0.0/11
    no-route = 14.0.0.0/11
    no-route = 14.96.0.0/11
    no-route = 14.128.0.0/11
    no-route = 14.192.0.0/11
    no-route = 27.0.0.0/10
    no-route = 27.96.0.0/11
    no-route = 27.128.0.0/9
    no-route = 36.0.0.0/10
    no-route = 36.96.0.0/11
    no-route = 36.128.0.0/9
    no-route = 39.0.0.0/11
    no-route = 39.64.0.0/10
    no-route = 39.128.0.0/10
    no-route = 42.0.0.0/8
    no-route = 43.224.0.0/11
    no-route = 45.64.0.0/10
    no-route = 47.64.0.0/10
    no-route = 49.0.0.0/9
    no-route = 49.128.0.0/11
    no-route = 49.192.0.0/10
    no-route = 54.192.0.0/11
    no-route = 58.0.0.0/9
    no-route = 58.128.0.0/11
    no-route = 58.192.0.0/10
    no-route = 59.32.0.0/11
    no-route = 59.64.0.0/10
    no-route = 59.128.0.0/9
    no-route = 60.0.0.0/10
    no-route = 60.160.0.0/11
    no-route = 60.192.0.0/10
    no-route = 61.0.0.0/10
    no-route = 61.64.0.0/11
    no-route = 61.128.0.0/10
    no-route = 61.224.0.0/11
    no-route = 101.0.0.0/9
    no-route = 101.128.0.0/11
    no-route = 101.192.0.0/10
    no-route = 103.0.0.0/10
    no-route = 103.224.0.0/11
    no-route = 106.0.0.0/9
    no-route = 106.224.0.0/11
    no-route = 110.0.0.0/7
    no-route = 112.0.0.0/9
    no-route = 112.128.0.0/11
    no-route = 112.192.0.0/10
    no-route = 113.0.0.0/9
    no-route = 113.128.0.0/11
    no-route = 113.192.0.0/10
    no-route = 114.0.0.0/9
    no-route = 114.128.0.0/11
    no-route = 114.192.0.0/10
    no-route = 115.0.0.0/8
    no-route = 116.0.0.0/8
    no-route = 117.0.0.0/9
    no-route = 117.128.0.0/10
    no-route = 118.0.0.0/11
    no-route = 118.64.0.0/10
    no-route = 118.128.0.0/9
    no-route = 119.0.0.0/9
    no-route = 119.128.0.0/10
    no-route = 119.224.0.0/11
    no-route = 120.0.0.0/10
    no-route = 120.64.0.0/11
    no-route = 120.128.0.0/11
    no-route = 120.192.0.0/10
    no-route = 121.0.0.0/9
    no-route = 121.192.0.0/10
    no-route = 122.0.0.0/7
    no-route = 124.0.0.0/8
    no-route = 125.0.0.0/9
    no-route = 125.160.0.0/11
    no-route = 125.192.0.0/10
    no-route = 139.0.0.0/11
    no-route = 139.128.0.0/9
    no-route = 140.64.0.0/11
    no-route = 140.128.0.0/11
    no-route = 140.192.0.0/10
    no-route = 144.0.0.0/10
    no-route = 144.96.0.0/11
    no-route = 144.224.0.0/11
    no-route = 150.0.0.0/11
    no-route = 150.96.0.0/11
    no-route = 150.128.0.0/11
    no-route = 150.192.0.0/10
    no-route = 152.96.0.0/11
    no-route = 153.0.0.0/10
    no-route = 153.96.0.0/11
    no-route = 157.0.0.0/10
    no-route = 157.96.0.0/11
    no-route = 157.128.0.0/11
    no-route = 157.224.0.0/11
    no-route = 159.224.0.0/11
    no-route = 161.192.0.0/11
    no-route = 162.96.0.0/11
    no-route = 163.0.0.0/10
    no-route = 163.96.0.0/11
    no-route = 163.128.0.0/10
    no-route = 163.192.0.0/11
    no-route = 166.96.0.0/11
    no-route = 167.128.0.0/10
    no-route = 168.160.0.0/11
    no-route = 171.0.0.0/9
    no-route = 171.192.0.0/11
    no-route = 175.0.0.0/9
    no-route = 175.128.0.0/10
    no-route = 180.64.0.0/10
    no-route = 180.128.0.0/9
    no-route = 182.0.0.0/8
    no-route = 183.0.0.0/10
    no-route = 183.64.0.0/11
    no-route = 183.128.0.0/9
    no-route = 192.96.0.0/11
    no-route = 192.160.0.0/11
    no-route = 202.0.0.0/9
    no-route = 202.128.0.0/10
    no-route = 202.192.0.0/11
    no-route = 203.0.0.0/9
    no-route = 203.128.0.0/10
    no-route = 203.192.0.0/11
    no-route = 210.0.0.0/10
    no-route = 210.64.0.0/11
    no-route = 210.160.0.0/11
    no-route = 210.192.0.0/11
    no-route = 211.64.0.0/10
    no-route = 211.128.0.0/10
    no-route = 218.0.0.0/9
    no-route = 218.160.0.0/11
    no-route = 218.192.0.0/10
    no-route = 219.64.0.0/11
    no-route = 219.128.0.0/11
    no-route = 219.192.0.0/10
    no-route = 220.96.0.0/11
    no-route = 220.128.0.0/9
    no-route = 221.0.0.0/11
    no-route = 221.96.0.0/11
    no-route = 221.128.0.0/9
    no-route = 222.0.0.0/8
    no-route = 223.0.0.0/11
    no-route = 223.64.0.0/10
    no-route = 223.128.0.0/9
    lenovo
        38
    lenovo  
    OP
       2015-05-04 22:13:29 +08:00
    CIDR不行:(

    no-route = 1.0.0.0/255.128.0.0
    no-route = 1.160.0.0/255.224.0.0
    no-route = 1.192.0.0/255.224.0.0
    no-route = 14.0.0.0/255.224.0.0
    no-route = 14.96.0.0/255.224.0.0
    no-route = 14.128.0.0/255.224.0.0
    no-route = 14.192.0.0/255.224.0.0
    no-route = 27.0.0.0/255.192.0.0
    no-route = 27.96.0.0/255.224.0.0
    no-route = 27.128.0.0/255.128.0.0
    no-route = 36.0.0.0/255.192.0.0
    no-route = 36.96.0.0/255.224.0.0
    no-route = 36.128.0.0/255.128.0.0
    no-route = 39.0.0.0/255.224.0.0
    no-route = 39.64.0.0/255.192.0.0
    no-route = 39.128.0.0/255.192.0.0
    no-route = 42.0.0.0/255.0.0.0
    no-route = 43.224.0.0/255.224.0.0
    no-route = 45.64.0.0/255.192.0.0
    no-route = 47.64.0.0/255.192.0.0
    no-route = 49.0.0.0/255.128.0.0
    no-route = 49.128.0.0/255.224.0.0
    no-route = 49.192.0.0/255.192.0.0
    no-route = 54.192.0.0/255.224.0.0
    no-route = 58.0.0.0/255.128.0.0
    no-route = 58.128.0.0/255.224.0.0
    no-route = 58.192.0.0/255.192.0.0
    no-route = 59.32.0.0/255.224.0.0
    no-route = 59.64.0.0/255.192.0.0
    no-route = 59.128.0.0/255.128.0.0
    no-route = 60.0.0.0/255.192.0.0
    no-route = 60.160.0.0/255.224.0.0
    no-route = 60.192.0.0/255.192.0.0
    no-route = 61.0.0.0/255.192.0.0
    no-route = 61.64.0.0/255.224.0.0
    no-route = 61.128.0.0/255.192.0.0
    no-route = 61.224.0.0/255.224.0.0
    no-route = 101.0.0.0/255.128.0.0
    no-route = 101.128.0.0/255.224.0.0
    no-route = 101.192.0.0/255.192.0.0
    no-route = 103.0.0.0/255.192.0.0
    no-route = 103.224.0.0/255.224.0.0
    no-route = 106.0.0.0/255.128.0.0
    no-route = 106.224.0.0/255.224.0.0
    no-route = 110.0.0.0/254.0.0.0
    no-route = 112.0.0.0/255.128.0.0
    no-route = 112.128.0.0/255.224.0.0
    no-route = 112.192.0.0/255.192.0.0
    no-route = 113.0.0.0/255.128.0.0
    no-route = 113.128.0.0/255.224.0.0
    no-route = 113.192.0.0/255.192.0.0
    no-route = 114.0.0.0/255.128.0.0
    no-route = 114.128.0.0/255.224.0.0
    no-route = 114.192.0.0/255.192.0.0
    no-route = 115.0.0.0/255.0.0.0
    no-route = 116.0.0.0/255.0.0.0
    no-route = 117.0.0.0/255.128.0.0
    no-route = 117.128.0.0/255.192.0.0
    no-route = 118.0.0.0/255.224.0.0
    no-route = 118.64.0.0/255.192.0.0
    no-route = 118.128.0.0/255.128.0.0
    no-route = 119.0.0.0/255.128.0.0
    no-route = 119.128.0.0/255.192.0.0
    no-route = 119.224.0.0/255.224.0.0
    no-route = 120.0.0.0/255.192.0.0
    no-route = 120.64.0.0/255.224.0.0
    no-route = 120.128.0.0/255.224.0.0
    no-route = 120.192.0.0/255.192.0.0
    no-route = 121.0.0.0/255.128.0.0
    no-route = 121.192.0.0/255.192.0.0
    no-route = 122.0.0.0/254.0.0.0
    no-route = 124.0.0.0/255.0.0.0
    no-route = 125.0.0.0/255.128.0.0
    no-route = 125.160.0.0/255.224.0.0
    no-route = 125.192.0.0/255.192.0.0
    no-route = 139.0.0.0/255.224.0.0
    no-route = 139.128.0.0/255.128.0.0
    no-route = 140.64.0.0/255.224.0.0
    no-route = 140.128.0.0/255.224.0.0
    no-route = 140.192.0.0/255.192.0.0
    no-route = 144.0.0.0/255.192.0.0
    no-route = 144.96.0.0/255.224.0.0
    no-route = 144.224.0.0/255.224.0.0
    no-route = 150.0.0.0/255.224.0.0
    no-route = 150.96.0.0/255.224.0.0
    no-route = 150.128.0.0/255.224.0.0
    no-route = 150.192.0.0/255.192.0.0
    no-route = 152.96.0.0/255.224.0.0
    no-route = 153.0.0.0/255.192.0.0
    no-route = 153.96.0.0/255.224.0.0
    no-route = 157.0.0.0/255.192.0.0
    no-route = 157.96.0.0/255.224.0.0
    no-route = 157.128.0.0/255.224.0.0
    no-route = 157.224.0.0/255.224.0.0
    no-route = 159.224.0.0/255.224.0.0
    no-route = 161.192.0.0/255.224.0.0
    no-route = 162.96.0.0/255.224.0.0
    no-route = 163.0.0.0/255.192.0.0
    no-route = 163.96.0.0/255.224.0.0
    no-route = 163.128.0.0/255.192.0.0
    no-route = 163.192.0.0/255.224.0.0
    no-route = 166.96.0.0/255.224.0.0
    no-route = 167.128.0.0/255.192.0.0
    no-route = 168.160.0.0/255.224.0.0
    no-route = 171.0.0.0/255.128.0.0
    no-route = 171.192.0.0/255.224.0.0
    no-route = 175.0.0.0/255.128.0.0
    no-route = 175.128.0.0/255.192.0.0
    no-route = 180.64.0.0/255.192.0.0
    no-route = 180.128.0.0/255.128.0.0
    no-route = 182.0.0.0/255.0.0.0
    no-route = 183.0.0.0/255.192.0.0
    no-route = 183.64.0.0/255.224.0.0
    no-route = 183.128.0.0/255.128.0.0
    no-route = 192.96.0.0/255.224.0.0
    no-route = 192.160.0.0/255.224.0.0
    no-route = 202.0.0.0/255.128.0.0
    no-route = 202.128.0.0/255.192.0.0
    no-route = 202.192.0.0/255.224.0.0
    no-route = 203.0.0.0/255.128.0.0
    no-route = 203.128.0.0/255.192.0.0
    no-route = 203.192.0.0/255.224.0.0
    no-route = 210.0.0.0/255.192.0.0
    no-route = 210.64.0.0/255.224.0.0
    no-route = 210.160.0.0/255.224.0.0
    no-route = 210.192.0.0/255.224.0.0
    no-route = 211.64.0.0/255.192.0.0
    no-route = 211.128.0.0/255.192.0.0
    no-route = 218.0.0.0/255.128.0.0
    no-route = 218.160.0.0/255.224.0.0
    no-route = 218.192.0.0/255.192.0.0
    no-route = 219.64.0.0/255.224.0.0
    no-route = 219.128.0.0/255.224.0.0
    no-route = 219.192.0.0/255.192.0.0
    no-route = 220.96.0.0/255.224.0.0
    no-route = 220.128.0.0/255.128.0.0
    no-route = 221.0.0.0/255.224.0.0
    no-route = 221.96.0.0/255.224.0.0
    no-route = 221.128.0.0/255.128.0.0
    no-route = 222.0.0.0/255.0.0.0
    no-route = 223.0.0.0/255.224.0.0
    no-route = 223.64.0.0/255.192.0.0
    no-route = 223.128.0.0/255.128.0.0
    lenovo
        39
    lenovo  
    OP
       2015-05-04 22:48:24 +08:00
    @LazyZhu PC客户端不知为何少一条192.160.0.0/11,iOS上是正常的
    LazyZhu
        40
    LazyZhu  
       2015-05-04 23:01:02 +08:00
    @lenovo 含内网地址的(152条):
    0.0.0.0/8
    1.0.0.0/9
    1.160.0.0/11
    1.192.0.0/11
    10.0.0.0/8
    14.0.0.0/11
    14.96.0.0/11
    14.128.0.0/11
    14.192.0.0/11
    27.0.0.0/10
    27.96.0.0/11
    27.128.0.0/9
    36.0.0.0/10
    36.96.0.0/11
    36.128.0.0/9
    39.0.0.0/11
    39.64.0.0/10
    39.128.0.0/10
    42.0.0.0/8
    43.224.0.0/11
    45.64.0.0/10
    47.64.0.0/10
    49.0.0.0/9
    49.128.0.0/11
    49.192.0.0/10
    54.192.0.0/11
    58.0.0.0/9
    58.128.0.0/11
    58.192.0.0/10
    59.32.0.0/11
    59.64.0.0/10
    59.128.0.0/9
    60.0.0.0/10
    60.160.0.0/11
    60.192.0.0/10
    61.0.0.0/10
    61.64.0.0/11
    61.128.0.0/10
    61.224.0.0/11
    100.64.0.0/10
    101.0.0.0/9
    101.128.0.0/11
    101.192.0.0/10
    103.0.0.0/10
    103.224.0.0/11
    106.0.0.0/9
    106.224.0.0/11
    110.0.0.0/7
    112.0.0.0/9
    112.128.0.0/11
    112.192.0.0/10
    113.0.0.0/9
    113.128.0.0/11
    113.192.0.0/10
    114.0.0.0/9
    114.128.0.0/11
    114.192.0.0/10
    115.0.0.0/8
    116.0.0.0/8
    117.0.0.0/9
    117.128.0.0/10
    118.0.0.0/11
    118.64.0.0/10
    118.128.0.0/9
    119.0.0.0/9
    119.128.0.0/10
    119.224.0.0/11
    120.0.0.0/10
    120.64.0.0/11
    120.128.0.0/11
    120.192.0.0/10
    121.0.0.0/9
    121.192.0.0/10
    122.0.0.0/7
    124.0.0.0/8
    125.0.0.0/9
    125.160.0.0/11
    125.192.0.0/10
    127.0.0.0/8
    139.0.0.0/11
    139.128.0.0/9
    140.64.0.0/11
    140.128.0.0/11
    140.192.0.0/10
    144.0.0.0/10
    144.96.0.0/11
    144.224.0.0/11
    150.0.0.0/11
    150.96.0.0/11
    150.128.0.0/11
    150.192.0.0/10
    152.96.0.0/11
    153.0.0.0/10
    153.96.0.0/11
    157.0.0.0/10
    157.96.0.0/11
    157.128.0.0/11
    157.224.0.0/11
    159.224.0.0/11
    161.192.0.0/11
    162.96.0.0/11
    163.0.0.0/10
    163.96.0.0/11
    163.128.0.0/10
    163.192.0.0/11
    166.96.0.0/11
    167.128.0.0/10
    168.160.0.0/11
    169.224.0.0/11
    171.0.0.0/9
    171.192.0.0/11
    172.0.0.0/11
    175.0.0.0/9
    175.128.0.0/10
    180.64.0.0/10
    180.128.0.0/9
    182.0.0.0/8
    183.0.0.0/10
    183.64.0.0/11
    183.128.0.0/9
    192.0.0.0/11
    192.64.0.0/10
    192.160.0.0/11
    198.0.0.0/10
    202.0.0.0/9
    202.128.0.0/10
    202.192.0.0/11
    203.0.0.0/9
    203.128.0.0/10
    203.192.0.0/11
    210.0.0.0/10
    210.64.0.0/11
    210.160.0.0/11
    210.192.0.0/11
    211.64.0.0/10
    211.128.0.0/10
    218.0.0.0/9
    218.160.0.0/11
    218.192.0.0/10
    219.64.0.0/11
    219.128.0.0/11
    219.192.0.0/10
    220.96.0.0/11
    220.128.0.0/9
    221.0.0.0/11
    221.96.0.0/11
    221.128.0.0/9
    222.0.0.0/8
    223.0.0.0/11
    223.64.0.0/10
    223.128.0.0/9
    224.0.0.0/3
    lenovo
        41
    lenovo  
    OP
       2015-05-04 23:12:34 +08:00
    @LazyZhu 内网好像自动丢弃了,192.160.0.0/11 含了192.168.x.x,就不接收
    排除以后好了
    192.160.0.0/255.248.0.0
    192.169.0.0/255.255.0.0
    192.170.0.0/255.254.0.0
    192.172.0.0/255.252.0.0
    192.176.0.0/255.240.0.0
    LazyZhu
        42
    LazyZhu  
       2015-05-04 23:26:27 +08:00
    @lenovo http://en.wikipedia.org/wiki/Reserved_IP_addresses
    0.0.0.0/8
    10.0.0.0/8
    100.64.0.0/10
    127.0.0.0/8
    169.254.0.0/16
    172.16.0.0/12
    192.0.0.0/24
    192.0.2.0/24
    192.88.99.0/24
    192.168.0.0/16
    198.18.0.0/15
    198.51.100.0/24
    203.0.113.0/24
    224.0.0.0/4
    240.0.0.0/4
    255.255.255.255/32
    lenovo
        43
    lenovo  
    OP
       2015-05-05 00:55:47 +08:00   2
    @LazyZhu 多谢,最终结果:
    不含内网147行: https://cnlic.com/wp-content/uploads/2015/04/cn-no-route.txt
    包含内网155行: https://cnlic.com/wp-content/uploads/2015/04/cn-no-route2.txt

    最后贴个在线转换合并的工具网页,很不错:)
    http://www.stopforumspam.com/aggregate
    wysard
        44
    wysard  
       2015-05-05 01:27:38 +08:00
    我是这么写的:
    # Option to allow sending arbitrary custom headers to the client after
    # authentication and prior to VPN tunnel establishment.
    #custom-header = "X-My-Header: hi there"

    #example: custom-header = "X-CSTP-Split-Exclude: IPrange/Mask"
    custom-header = "X-CSTP-Split-Exclude: 10.0.0.0/255.0.0.0"

    不知和路由表的实现方式是否一样。
    LazyZhu
        45
    LazyZhu  
       2015-05-05 09:44:34 +08:00 via iPhone
    You can specify either split-include or split-exclude, but you cannot specify both options.

    http://www.cisco.com/c/en/us/products/collateral/security/ios-sslvpn/prod_white_paper0900aecd80512071.html
    kkxxxxxxx
        46
    kkxxxxxxx  
       2015-05-05 15:08:15 +08:00
    @lenovo Instagram不全
    lenovo
        47
    lenovo  
    OP
       2015-05-05 15:21:04 +08:00
    @kkxxxxxxx 这个路由表是指定哪些IP不走VPN,没在这里列出的全部走VPN了,Instagram应该没有国内的IP吧
    lenovo
        48
    lenovo  
    OP
       2015-05-05 15:23:28 +08:00
    @LazyZhu 含内网的只有192.160.0.0/11这一条有问题,最后分开弄了,要不然PC端整条都接收不到
    bellchu
        49
    bellchu  
       2015-05-05 16:32:01 +08:00
    @lenovo 试过了没? 客户端接收这么多条路由记录之后慢吗?

    我看了看我的小路由器,注入了1658条路由。性能无损。
    bellchu
        50
    bellchu  
       2015-05-05 16:35:36 +08:00
    IP routing table name is default (0x0)
    IP routing table maximum-paths is 32
    Route Source Networks Subnets Replicates Overhead Memory (bytes)
    connected 0 4 0 240 720
    static 1658 1097 0 165300 495900
    internal 58 129576
    Total 1716 1101 0 165540 626196
    lenovo
        51
    lenovo  
    OP
       2015-05-05 17:15:27 +08:00
    @bellchu 部署在 /t/187793 里的VPS上了,你可以试试...
    bellchu
        52
    bellchu  
       2015-05-05 17:29:51 +08:00
    @lenovo 好的 多谢! 我有空试试看 你自己用下来客户端CPU占用率如何?
    kkxxxxxxx
        53
    kkxxxxxxx  
       2015-05-06 08:59:59 +08:00
    @lenovo 你试下,确实很多刷不出来,我现在用的这个https://github.com/humiaozuzu/ocserv-build/blob/master/config/config,相对全一些,但是也有个别影响到的
    lenovo
        54
    lenovo  
    OP
       2015-05-06 09:37:21 +08:00
    @kkxxxxxxx 服务器端要修改src/vpn.h后重新编译才行,要不就是只接收96条,你发的链接里刚好是96条

    为尽可能实现精准的国内外智能分流,需要修改src/vpn.h,增大路由表数量:找到#define MAX_CONFIG_ENTRIES 96这一行(第417行),把96改成200以上(Cisco AnyConnect最多只能接收200条路由表)
    kkxxxxxxx
        55
    kkxxxxxxx  
       2015-05-10 12:06:12 +08:00
    @lenovo 嗯,有修改200条,只是我不会写路由表,所以只能拿别人的来用,哈
    jaleo
        56
    jaleo  
       2015-05-11 13:57:19 +08:00
    @lenovo [不含内网147行: https://cnlic.com/wp-content/uploads/2015/04/cn-no-route.txt
    包含内网155行: https://cnlic.com/wp-content/uploads/2015/04/cn-no-route2.txt]
    请问这些地址是国内的IP吗?
    lenovo
        57
    lenovo  
    OP
       2015-05-11 14:04:11 +08:00
    @jaleo 范围扩大了,包含国内IP,也包含部分国外IP
    纯国内的,参考https://github.com/CNMan/ocserv-cn-no-route/blob/master/chnroute_merged.txt
    jaleo
        58
    jaleo  
       2015-05-11 14:26:18 +08:00
    @lenovo 这个太长了 有什么工具可以合并成200条之内?
    lenovo
        59
    lenovo  
    OP
       2015-05-11 16:24:15 +08:00
    @jaleo cn-no-route2.txt 就是200条之内,要想合并就要扩大范围,200条之内最优解就是143行,再加上一些内网的IP
    moonagic
        60
    moonagic  
       2015-05-14 14:29:27 +08:00
    ocserv修改后重新编译过,但是anyconnect客户端里还是只显示了96条路由
    比较费解...
    zpljd
        61
    zpljd  
       2015-06-13 13:03:56 +08:00
    请教一下,是用你的github里面的路由表.发现appstore下载或者更新全部都走VPS的流量.另外QQ发消息出现明显的延迟.这是不是还缺了点什么?anyconnect可以支持200条.您这边添加了162条 应该还有发展的空间的
    lenovo
        62
    lenovo  
    OP
       2015-06-15 09:15:26 +08:00
    @zpljd readme里说明了产生过程,现在是全部/12及以上改成/11,再要弄的话就是部分/12及以上改成/11,可以缩小点误差,但是感觉意义不大了,要是支持能支持3576行的chnroute_merged.txt的就好了...appstore走VPN可能是域名解析到no-route之外的IP了,QQ貌似是直接走IP的,出现延迟不知道是怎么回事
    lenovo
        63
    lenovo  
    OP
       2015-06-15 09:42:39 +08:00
    @moonagic 先停止ocserv进程再编译试试
    zpljd
        64
    zpljd  
       2015-06-18 21:36:46 +08:00
    @lenovo 我目前的解决方式是,在anyconnect里面打开按需连接,其中有一个"永不连接"中输入apple.com,测试用应该是解决了目前出现的会走app store的问题.我不知道您用的是ios或者是anyconnect.应该不会就我出现这个问题吧...
    另,最新的ios端的anyconnect出现了一个"应用规则"这个选项,无法在手机上上进行配置,而ocserv似乎也没有相关的配置可以添加应用规则,如果类似shadowsocks这样可以选择某些应用全局走VPN流量的话 anyconnect不是为一个牛逼的移动端解决方案.
    另外,想请教一下您,如果您使用的是ios8.3,并且VPS使用的比如是DO或者linode这类的常用的服务商,您是否会出现测速中,上传比下载快的情况?我查过相关讨论.有人建议是关闭了压缩就可以解决,事实上解决下载的确速度提高了,但是事实上视频非常卡,如果您有好的解决方案,希望您可以抽空回复一下,谢谢!
    shierji
        65
    shierji  
       2015-07-01 21:19:06 +08:00
    @lenovo 你这域名好叼炸条
    benwwchen
        66
    benwwchen  
       2015-08-08 13:16:10 +08:00
    我想请问网易云音乐为什么还是会走VPN?抓包看到DNS返回的几个IP好像都在cn-no-route.txt范围里了,但就是不直连,微信之类的是正常直连的所以路由表应该是生效了的。
    benwwchen
        67
    benwwchen  
       2015-08-08 13:37:56 +08:00
    刚刚发现原来是服务器端的pdnsd没设好导致网易云音乐解析出美国IP了……
    关于     帮助文档     自助推广系统     博客     API     FAQ     Solana     1731 人在线   最高记录 6679       Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 29ms UTC 00:00 PVG 08:00 LAX 17:00 JFK 20:00
    Do have faith in what you're doing.
    (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-11940834-2', 'v2ex.com'); ga('send', 'pageview'); ga('send', 'event', 'Node', 'topic', 'qna'); ubao msn snddm index pchome yahoo rakuten mypaper meadowduck bidyahoo youbao zxmzxm asda bnvcg cvbfg dfscv mmhjk xxddc yybgb zznbn ccubao uaitu acv GXCV ET GDG YH FG BCVB FJFH CBRE CBC GDG ET54 WRWR RWER WREW WRWER RWER SDG EW SF DSFSF fbbs ubao fhd dfg ewr dg df ewwr ewwr et ruyut utut dfg fgd gdfgt etg dfgt dfgd ert4 gd fgg wr 235 wer3 we vsdf sdf gdf ert xcv sdf rwer hfd dfg cvb rwf afb dfh jgh bmn lgh rty gfds cxv xcv xcs vdas fdf fgd cv sdf tert sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf shasha9178 shasha9178 shasha9178 shasha9178 shasha9178 liflif2 liflif2 liflif2 liflif2 liflif2 liblib3 liblib3 liblib3 liblib3 liblib3 zhazha444 zhazha444 zhazha444 zhazha444 zhazha444 dende5 dende denden denden2 denden21 fenfen9 fenf619 fen619 fenfe9 fe619 sdf sdf sdf sdf sdf zhazh90 zhazh0 zhaa50 zha90 zh590 zho zhoz zhozh zhozho zhozho2 lislis lls95 lili95 lils5 liss9 sdf0ty987 sdft876 sdft9876 sdf09876 sd0t9876 sdf0ty98 sdf0976 sdf0ty986 sdf0ty96 sdf0t76 sdf0876 df0ty98 sf0t876 sd0ty76 sdy76 sdf76 sdf0t76 sdf0ty9 sdf0ty98 sdf0ty987 sdf0ty98 sdf6676 sdf876 sd876 sd876 sdf6 sdf6 sdf9876 sdf0t sdf06 sdf0ty9776 sdf0ty9776 sdf0ty76 sdf8876 sdf0t sd6 sdf06 s688876 sd688 sdf86