iodine

You know what's annoying? Non-free Wi-Fi access (in airports, trains, restaurants…).

Usually you try to go on some webpages then you are redirected to some portal where you have to pay outrageous amounts to access the internet.

Quite often those Wi-Fi access let the DNS requests go through so you can try to go on a webpage before being redirected to the portal. So obviously some people had the idea to tunnel their connection through the DNS port (this technique is called IP-over-DNS or DNS tunnelling).

For this to work 2 things are needed: a server on the internet listening on DNS port (53) ready to tunnel your connection, and a client on your computer sending all your IP traffic through port 53 on the server.

One of the most popular software for doing so is iodine. In this post I will explain quickly how to set up a iodine server on a Debian server.

Prerequisites

  • a Debian server available on the internet
  • a DNS server where you can set your domain names

Installing iodine

As usual on Debian, it's brain-dead easy:

$ sudo apt-get install iodine

Configuring iodine

Iodine configuration is done in file /etc/default/iodined:

1
2
3

START_IODINED="true"
IODINED_ARGS="10.0.0.1 tunnel.example.com"
IODINED_PASSWORD="some password"
  • Line 1: tell iodine daemon to start automatically.
  • Line 2: tell iodine to use network 10.0.0.0 to do the tunnelling. Enter here a network that you don't already use. The second arguments is the name the iodine client will use to contact the server.
  • Line 3: password used to connect to the iodine server (so mostly only you can use your tunnel).

That's all for the server, only need to (re)start iodine.

Configuring the DNS

In your DNS server zone file (for the example.com domain) you need to add something like that:

1
2

iodine  IN A   12.34.56.78
tunnel  IN NS  iodine.example.com.
  • Line 1: create an A entry pointing iodine.example.com to the iodine server IP address (the public one on the internet).
  • Line 2: create a DNS entry telling that DNS requests for tunnel.example.com are handled by iodine.example.com.

Test

The guys doing iodine provide a test page. Go there and enter tunnel.example.com, you should get a "Well done" message.

So… Well done!

No you have to configure iodine client on your computer/laptop. Iodine client works on Linux/Mac OS X/Windows

Comments Add one by sending me an email.