Posted: Sat Aug 11, 2007 22:12 Post subject: iodine (DNS Tunnel)
Has anybody got this running? Maybe somebody got it to work with his dd-wrt and can post a small howto. I have a problem with the dns part. Do you really need a first level domain? My hosting company doesn't allow forwarding...
I do not know how Iodine is implemented in dd-wrt but generally, you need to run a DNS server to connect to. Iodine then allows you to tunnel data through the connection to the DNS server, and connect to the Internet through a proxy on the server end.
Unless I am entirely mistaken, the DNS server can be any server you set up home. I.e. Ubuntu, Gentoo, Slackware and whatever distribution you can compile and run iodine under. You also need a domain name which has your DNS server set as name server. If your IP address is dynamic, use DynDNS or similar.
Further, READM says:
Quote:
To use this tunnel, you need control over a real domain (like mytunnel.com),
and a server with a static public IP number (not behind NAT) that does not
yet run a DNS server.
I got it to work (but now found out airports captive portal is protected against this ) well, if you still want to know how to do it, reply to the post and I'll try to find time to make a howto. To answer your question, yes, you DO need a domain, not necessarily a top level, but a .info only costs $2 a year, so it's not much.
Please tell. I'd really appreciate it! Been wanting to get this set up for ages but haven't had time to set up a server so far. Also been waiting for when Iodine or NSTX would be included in DD-WRT. It might come in really handy.
There was once a version of dd-wrt for the f*nera with nstx, but that was removed (don't know why). Now no version of dd-wrt comes with either iodine or nstx.
Here's what I did:
Get a top-level domain. GoDaddy sells .info just for $2 a year, so I got one of those. Then change the dns hosting to editdns.net. Here I needed to change my status to donor (extra $5 but should only need to do it once). Now configure the NS and A server just like in the man page of iodine (the NS points to the record name of the A and the A points to the ip of your dd-wrt router). Ok, phase1 is ready.
On to phase2, cross-compile iodine for dd-wrt. My advice, if you never cross-compiled before, forget it. It took me a few days to figure out how to do this, especially because iodine requires zlib, which you also need to cross-compile. As an attachment I send both binaries, server and client, precompiled for dd-wrt broadcom v24. You just need to send them to the router (I uploaded to a ftp server and then wget from the router) and run them as explained in the iodine man page.
Be sure to add:
/usr/sbin/iptables -I INPUT -p udp --dport 53 -j ACCEPT
to your firewall script to allow incoming connections and that's it. Good luck on using it where it's most needed (captive portal), I couldn't get it to work, the networks were all protected
Well since it seems I'm the only one who will compile iodine, it is done. All you have to do is compile zlib, add the headers into its include dir, add the libz.a archive into the lib dir, modify the Makefile in iodine src dir for the cross compiler gcc, and compile it.
Rather easy for a cross compile, I've tackled much much harder projects. Also I put iodined onto my buffalo router and launched it with the proper switches and it started, opened a tun device, and looked like it might possibly work. I will fully test it out within the month (unless someone else wants to test it first).
Well since it seems I'm the only one who will compile iodine, it is done. All you have to do is ...
You're the hero
I'll try tis in a couple of days (weekends), but i'm a chicken in linux, could you please clarify:
1)Is that all? Are these extensionless files - executtables?
2)Do i need to do anything else except copy them to the router and launch?
3)...may be some chmod etc?
Yes that is all, there is just iodined, which is the server, and iodine, which is the client. Keep in mind most people will probably want to use iodined, since I doubt you'd have your router with you while you're trying to connect through DNS
Yes all you need to do is copy iodined to the router, chmod +x iodined, then you can run it as follows:
Note: This expects you have iodined in the /tmp dir which is basically a ramdisk. The problem with /tmp is that anything there is erased when the router restarts or shuts off.
If you want it in jffs then you would do this instead:
/jffs/iodined -P your_password 10.0.0.1 tunnel1.yourhost.com
Posted: Sat Sep 12, 2009 19:00 Post subject: great work
thanks for for doing the compilation.
iodine runs fine and accepts connections but there are 2 things i cannot solve.
the first is that iodine doesnt work when dnsmasq is running, even when local dns is disabled in the webinterface. I tried disabling it but it still shows up in the processlist (ps). i can conly connect after i killed dnsmasq and before it restarts automatically.
Does anyone know how to do dhcp hosting without dnsmasq, or better how iodine works together with dnsmasq.
my other problem is that i can only connect from inside the network. when i connect over an external dnsserver i get SERVFAIL as reply
its not a problem on the client-side i got it working with an ubuntu laptop as server
I also have the problem that dnsmasq is interfering with this. I'd love to link dnsmasq to the inside interface and iodine to the outside interface. Any ideas? I can't get the "interface=eth0" to be accepted and I think it's because of the br0 bridge. been thinking about disabling the bridge and trusting iptables to route properly. Any suggestions, opinions, or nudges in the correct direction are appreciated!
First i want to say that english is not my first language so excuse my poor english i will do my best to explain what i did to get this working on dd-wrt
I grabed the package from this tread tranfered it to my router
started iodined whit this command: iodined -P password 192.168.10.1 tunnel.mydomain.com
i found that you should always use the -P switch. every time i tried to start my iodined server whitout i lost the control of my ssh session and i had to reconnect and kill iodined process.
i also found that iodined enter un conflict whit dnsmasq. So i disable dnsmasq option to resolve dns and set the dns server of my isp in the option to steel be able to go to internet in my internal network.
after i have been able to connect to my router and etablish a ssh session thru my dns tunnel
i only got one problem left my speed seam really slow i only got 4 or 5ko/s i dont know if it's normal but if anyone have any clue let me know please
if you have any question i will do my best to answer
thx to tech128 to have take the time to compil iodine for dd-wrt
when i put the idodined file into /tmp and run the command..
./iodined -f 10.0.0.1 test.asdf
i get an output of this
Code:
enter password on stdin:
iodined: cant resolve symbol "scanf"
what does this mean help !! thanx
Another question is after u get a .info name from go daddy what do u change the nameserver into..?? do u point it to ur home wan ip address.. when i tried to do that i get an erro msg from godaddy saying *nameserver not registered*
) well, if you still want to know how to do it, reply to the post and I'll try to find time to make a howto. To answer your question, yes, you DO need a domain, not necessarily a top level, but a .info only costs $2 a year, so it's not much.
