iodine (DNS Tunnel)

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Goto page Previous  1, 2, 3  Next
Author Message
bombeur
DD-WRT Novice


Joined: 05 Dec 2009
Posts: 5

PostPosted: Tue Dec 08, 2009 18:41    Post subject: Reply with quote
hi guardianx4

like i said in my earlier post you need to set the password when you start iodined (-P be sure to use upercase P)or you get the error that you describe

and to set your acount on gadaddy if my memorry is right you need to enter the advenced mode to set your record manually
Sponsor
guardianx4
DD-WRT Novice


Joined: 30 Nov 2009
Posts: 13

PostPosted: Wed Dec 09, 2009 3:16    Post subject: Reply with quote
ok i got everything working. my next question would be.

after i get a connection from the dns tunnel.. how do i to ssh into my router what ip would i use??
do i use the dns tunnel server ip which is 10.0.0.1

or my home wan ip ?

Code:
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\user>"C:\Documents and Settings\user\Desktop\iodine-wi
ndow\iodine-0.5.1-win32\bin\iodine.exe" -f tunnel.guardianx.info
Enter password:
Opening device \\.\Global\{276E0EF8-832C-4422-8438-B83FE0B89205}.tap
Opened UDP socket
Opened UDP socket
Opened UDP socket
Version ok, both using protocol v 0x00000500. You are user #0
Enabling interface 'dns'
Setting IP of interface 'dns' to 10.0.0.2 (can take a few seconds)...
Ok.

Switching to Base64 codec
Server switched to codec Base64
Autoprobing max downstream fragment size... (skip with -m fragsize)
768 ok.. 1152 ok.. ...1344 not ok.. ...1248 not ok.. ...1200 not ok.. 1176 ok..
1188 ok.. will use 1188
Setting downstream fragment size to max 1188...
Sending queries for tunnel.guardianx.info to 207.69.188.185
Got SERVFAIL as reply
Got SERVFAIL as reply
Got SERVFAIL as reply
Got SERVFAIL as reply
bombeur
DD-WRT Novice


Joined: 05 Dec 2009
Posts: 5

PostPosted: Wed Dec 09, 2009 13:41    Post subject: Reply with quote
you use the ip adresse of your dns tunnel so in your case it's 10.0.0.1

after that you can tunnel anything between you and your router

be sure that you can ping your server in some case for some strange reason it was not working for me i had to restart iodine
guardianx4
DD-WRT Novice


Joined: 30 Nov 2009
Posts: 13

PostPosted: Thu Dec 10, 2009 1:11    Post subject: Reply with quote
i have no idea what is going on.
ok this is my output from the client side..

Code:
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\user>"C:\Documents and Settings\user\Desktop\iodine-wi
ndow\iodine-0.5.1-win32\bin\iodine.exe" -f tunnel.guardianx.info
Enter password:
Opening device \\.\Global\{06CA2A66-D965-4EB2-B864-C27C5DA32B0E}.tap
Opened UDP socket
Opened UDP socket
Opened UDP socket
Version ok, both using protocol v 0x00000500. You are user #0
Enabling interface 'dns'
Setting IP of interface 'dns' to 10.0.0.2 (can take a few seconds)...
Ok.

Switching to Base64 codec
Server switched to codec Base64
Autoprobing max downstream fragment size... (skip with -m fragsize)
768 ok.. 1152 ok.. ...1344 not ok.. ...1248 not ok.. ...1200 not ok.. 1176 ok..
1188 ok.. will use 1188
Setting downstream fragment size to max 1188...
Sending queries for tunnel.guardianx.info to 207.69.188.185
Got SERVFAIL as reply

but when i try to ping the server on the client with
ping 10.0.0.1 . i get no respond. that is werid because at the start it state that both version have using the same protocall and yet i cant ping the idodine tunnel..

my private network ip is 192.168.1.0 i'm not sure if this is program bug or what i did on my part.
guardianx4
DD-WRT Novice


Joined: 30 Nov 2009
Posts: 13

PostPosted: Thu Dec 10, 2009 2:11    Post subject: Reply with quote
ok i think i know what the problem is but i dont know how to fix it..

when i reboot the router .. do run the internal command to test..

/tmp/iodined -P test 10.0.0.1 test.asdf << on the server



and i run this on the client.. -f 192.168.1.1

i was able to to connect and it did the auto prob.. but then i cant ping the dsn tunnel server which is 10.0.0.1
bombeur
DD-WRT Novice


Joined: 05 Dec 2009
Posts: 5

PostPosted: Thu Dec 10, 2009 19:56    Post subject: Reply with quote
my firewall is deactivated on my router maybe its source of your problem. Try to deactivate it and tell me if this solve your problem
guardianx4
DD-WRT Novice


Joined: 30 Nov 2009
Posts: 13

PostPosted: Thu Dec 10, 2009 23:08    Post subject: Reply with quote
bombeur wrote:
my firewall is deactivated on my router maybe its source of your problem. Try to deactivate it and tell me if this solve your problem

u are right about the firewall after disabling the firewall i could ping the server and everything work.
does anyone know a way to allow the dns server to work without disable the firewall completely. how would i allow the firewall to fwd the ip between the dns server and the client without completely disabling the firewall
bombeur
DD-WRT Novice


Joined: 05 Dec 2009
Posts: 5

PostPosted: Thu Dec 10, 2009 23:55    Post subject: Reply with quote
if you can set the right rule in the firewall you will be ok but i gave up after one hour of try and error. Try to play whit the iptables command

here is a tutorial
http://www.dd-wrt.com/wiki/index.php/Iptables_command

let me know if you succeed

personnaly the firewall is not very usefull my isp block all the important port and i cant do nothing about it so disable it. But by miracle the port 53 is open so i can use iodine
ericchile
DD-WRT Novice


Joined: 21 Aug 2010
Posts: 4

PostPosted: Sat Aug 21, 2010 18:45    Post subject: Reply with quote
root@DD-WRT:/tmp/iodine_ddwrt# ./iodined -v
iodine IP over DNS tunneling server
version: 0.5.1 from 2009-03-21

Can anyone compile the latest? I think it is up to 0.6.x now...
ericchile
DD-WRT Novice


Joined: 21 Aug 2010
Posts: 4

PostPosted: Sat Aug 21, 2010 21:48    Post subject: Reply with quote
How did you guys get around DNSmasq using port 53? It seems to block everything...

I tried the -p on daemon, along with forwarding using
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 53 -j DNAT --to :5355

But it still seems to send requests to 53 to DNSmasq....
ericchile
DD-WRT Novice


Joined: 21 Aug 2010
Posts: 4

PostPosted: Thu Sep 02, 2010 1:05    Post subject: Reply with quote
Bump... I would really like to get a DNS tunnel working..
RuiPereira
DD-WRT Novice


Joined: 13 Sep 2010
Posts: 4

PostPosted: Mon Sep 13, 2010 8:53    Post subject: Reply with quote
Hi.

Here's a cross-compile of iodine 0.6.0-rc1. For memory usage sake, it's been compiled with #define USERS 1 (check iodine's README), so it only supports one connection at a time. It's working perfectly on my WRT320N/E2000 (eko 14974 big).

My startup script (I'm using jffs):

Code:

if [ x`ps | grep "iodined" | grep -v grep` == "x" ]
then
   export EXTIP=`wget -q http://checkip.dyndns.com/ -O- | sed '/^.*IP Address: /s/.* \(\([0-9.]\{1,4\}\)\{4\}\).*/\1/'`
   /jffs/iodined -P <password> -n $EXTIP 10.0.123.1 <dns server name>
fi


I'm setting my external IP explicitly although I'm not sure it is really needed.

The firewall script:

Code:

iptables -I INPUT -i dns0 -j ACCEPT
iptables -I INPUT -p udp --dport 53 -j ACCEPT


For those asking on how to disable DNSMasq:
- under Setup > Basic Setup, disable "Use DNSMasq for DHCP" + "Use DNSMasq for DNS"
- under Services > Services > DNSMasq - Disable

Cheers.



iodine.tgz
 Description:
iodine 0.6.0-rc1 (server + client)

Download
 Filename:  iodine.tgz
 Filesize:  184.55 KB
 Downloaded:  1010 Time(s)

ericchile
DD-WRT Novice


Joined: 21 Aug 2010
Posts: 4

PostPosted: Sun Sep 19, 2010 12:38    Post subject: Reply with quote
Sweet... Thanks for the cross compile. Sometime I want to figure that out.

I am so close. I have it working locally. But I can't seem to figure out the NS stuff.

I created a host with Godaddy and afraid.com. But neither allow me to add a '.' on the end of the NS like the instructions say to do?

ie. hosttun.mytunnel.com A myip
tun.mytunnel.com NS hosttun.mytunnel.com. <-- Here

Is this is step you had to do?
RuiPereira
DD-WRT Novice


Joined: 13 Sep 2010
Posts: 4

PostPosted: Mon Sep 20, 2010 13:13    Post subject: Reply with quote
There's no need for the full stop if you're using something like freedns.afraid.org to setup your NS entry. Just set a new NS entry pointing to your A domain. Wait for a bit (it may take 1 day for the new NS entry to propagate) and it should work.
StillBlue
DD-WRT User


Joined: 11 Apr 2009
Posts: 257
Location: UK

PostPosted: Mon Oct 25, 2010 20:16    Post subject: Reply with quote
OK, I am about to go away, and there are a number of times that being able to use a IP over DNS tunneling would be useful.

Now my DD-WRT v24-sp2 router has an nstx Daemon, but from what I can see, there is no Windows nstx client?

If this is the case, I guess the only option is to iodined the router?

Is this the case? After all I dont really want to add iodined to it if I could use nstx.

TIA
Goto page Previous  1, 2, 3  Next Display posts from previous:    Page 2 of 3
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum