User Tools

Site Tools


dns:vpn

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
dns:vpn [2011/11/27 13:53]
alex
dns:vpn [2012/06/10 09:22] (current)
alex
Line 4: Line 4:
 What is unique about our configuration is that we need to run [[:​dns:​authoritive|nsd]] also on the box for our domain hosting on port 53/udp so how can we run both without paying for more IPv4 space? ​ Well we turn to some iptables magic to detect iodine related traffic and bump incoming traffic to the alternative port (5353/udp) that iodine listens on (the following iptable rules are slipped into ''/​etc/​iptables.up.rules''​):​ What is unique about our configuration is that we need to run [[:​dns:​authoritive|nsd]] also on the box for our domain hosting on port 53/udp so how can we run both without paying for more IPv4 space? ​ Well we turn to some iptables magic to detect iodine related traffic and bump incoming traffic to the alternative port (5353/udp) that iodine listens on (the following iptable rules are slipped into ''/​etc/​iptables.up.rules''​):​
   iptables ​       -A INPUT      -p udp --dport 5353                                                                               -j ACCEPT   iptables ​       -A INPUT      -p udp --dport 5353                                                                               -j ACCEPT
 +  # matches on "​.t1.wormnet.eu"​ as hexdump'​ed in wireshark
   iptables -t nat -A PREROUTING -p udp --dport 53   -m string --algo bm --from 20 --hex-string "​|02743107776f726d6e657402657500|"​ -j REDIRECT --to-ports 5353   iptables -t nat -A PREROUTING -p udp --dport 53   -m string --algo bm --from 20 --hex-string "​|02743107776f726d6e657402657500|"​ -j REDIRECT --to-ports 5353
  
Line 21: Line 22:
 Once done, type (as root), '​iodine-client-start'​ when you want to use the DNS VPN service and things should just work after the system has automatically detected and configured everything. Once done, type (as root), '​iodine-client-start'​ when you want to use the DNS VPN service and things should just work after the system has automatically detected and configured everything.
  
-*N.B.** make sure you use really nothing more than SSH over the tunnel ([[:proxy]] your web traffic) as it is completely //​unencrypted//​+**N.B.** make sure you use really nothing more than SSH over the tunnel ([[:proxy]] your web traffic) as it is completely //​unencrypted//​
  
 Disconnecting from the VPN service is a pain though, you have to (as root) type 'pkill iodine'​ and then restart all your networking (for example reconnect to a wireless AP). Disconnecting from the VPN service is a pain though, you have to (as root) type 'pkill iodine'​ and then restart all your networking (for example reconnect to a wireless AP).
dns/vpn.1322402010.txt.gz ยท Last modified: 2021/09/21 15:39 (external edit)