Create a DNS Tunnel (IP over DNS) connection in Android using iodine

DNS Server Setup

  1. Get a domain name for your computer and set it to point to the IP address of your computer. You can use dyndns.org or no-ip.com to get one for free. If you have a dynamic IP, these services provide you with an application that updates the domain whenever the IP address changes. In the following, we assume that your computer is identified by mycomputer.dyndns.org.
  2. Get a domain name for the tunnel. Go to your registrar and create a domain (or a subdomain) for the tunnel. We assume that you created a subdomain mytunnel.mydomain.org. After you created it, point its NS entry to mycomputer.dyndns.org that you set up above. This means that all queries of the form asdfasdfasdwre.mytunnel.mydomain.org will be forwarded to your own computer, on which you run the DNS tunneling server.

Server Side

  1. Download and install iodine from http://code.kryo.se/iodine/
    wget http://code.kryo.se/iodine/iodine-0.7.0.tar.gz
    tar xzvf iodine-0.7.0.tar.gz
    cd iodine-0.7.0
    make
  2. Launch the server
    sudo ./bin/iodined -c -P my_password -d tap0 192.168.233.1/24 mytunnel.mydomain.org
  3. Setup the iptables
    # Allow the DNS server to send and receive queries
    $ sudo iptables -A INPUT -p udp -m multiport –dports 53 -i eth0 -j ACCEPT
    $ sudo iptables -A OUTPUT -p udp -m multiport –dports 53 -o eth0 -j ACCEPT# Allow the connected clients to talk to the server machine
    $ sudo iptables -A INPUT -i tap0 -j ACCEPT
    $ sudo iptables -A OUTPUT -o tap0 -j ACCEPT# Forward Internet traffic
    $ sudo iptables -A FORWARD -i tap0 -o eth0 -m state –state NEW,ESTABLISHED,RELATED -j ACCEPT
    $ sudo iptables -A FORWARD -i eth0 -o tap0 -m state –state ESTABLISHED,RELATED -j ACCEPT
    $ sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
  4. Allow ip forward
    echo 1 > /proc/sys/net/ipv4/ip_forward

Client Side

  1. Install AndIodine
    https://f-droid.org/repo/org.xapek.andiodine_3.apk
  2. Setup a connection with the password defined in server (my_password) in this case.
  3. Connected and done.

Reference

http://code.kryo.se/iodine/
http://www.magictunnel.net/install.php
https://f-droid.org/repository/browse/?fdid=org.xapek.andiodine

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s