iodine client/server on CentOS 7

From http://code.kryo.se/iodine/:

iodine lets you tunnel IPv4 data through a DNS server. This can be usable in different situations where internet access is firewalled, but DNS queries are allowed.

DNS Setup

Name     Type    Value            
iodine   NS      tunnel.domain.com
tunnel   A       123.123.123.123

Server:

Install:

yum install iodine-server -y

Configure iodine-server.service in “/etc/sysconfig/iodine-server”:

OPTIONS="-f -P 'good password' 172.21.21.1/24 iodine.domain.com"

where 172.21.21.1/24 is the tunnel ip/netmask

Start the server:

[root@iodine ~]# systemctl start iodine-server.service
[root@iodine ~]# systemctl status iodine-server.service
iodine-server.service - Iodine Server
 Loaded: loaded (/usr/lib/systemd/system/iodine-server.service; enabled)
 Active: active (running) since Sat 2015-06-20 02:24:28 GMT; 42s ago
 Main PID: 1960 (iodined)
 CGroup: /system.slice/iodine-server.service
 └─1960 /usr/sbin/iodined -f -P 172.21.21.1 24 iodine.domain.com

Jun 20 02:24:28 iodine.domain.com systemd[1]: Starting Iodine Server...
Jun 20 02:24:28 iodine.domain.com systemd[1]: Started Iodine Server.
Jun 20 02:24:28 iodine.domain.com iodined[1960]: Opened dns0
Jun 20 02:24:28 iodine.domain.com iodined[1960]: Setting IP of dns0 to 172.21.21.1
Jun 20 02:24:28 iodine.domain.com iodined[1960]: Setting MTU of dns0 to 1130
Jun 20 02:24:28 iodine.domain.com iodined[1960]: Opened IPv4 UDP socket
Jun 20 02:24:28 iodine.domain.com iodined[1960]: Listening to dns for domain iodine.domain.com
Jun 20 02:24:28 iodine.domain.com iodined[1960]: started, listening on port 53

Enable IPv4 forwarding in the kernel:

echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.d/99-sysctl.conf
sysctl -p /etc/sysctl.d/99-sysctl.conf

Client:

Install:

yum install iodine-client

Configure iodine-client.service in “/etc/sysconfig/iodine-client”:

iodine -f -r 123.123.123.123 iodine.domain.com -P 'good password'

Start the client:

[root@iodine-client ~]# systemctl start iodine-client
[root@iodine-client ~]# systemctl status iodine-client
iodine-client.service - Iodine Client
 Loaded: loaded (/usr/lib/systemd/system/iodine-client.service; disabled)
 Active: active (running) since Sat 2015-06-20 02:27:46 GMT; 3s ago
 Main PID: 2020 (iodine)
 CGroup: /system.slice/iodine-client.service
 └─2020 /usr/sbin/iodine -f -r 123.123.123.123 iodine.domain.com -P

Jun 20 02:27:46 iodine-client.domain.com iodine[2020]: Using EDNS0 extension
Jun 20 02:27:46 iodine-client.domain.com iodine[2020]: Switching upstream to codec Base128
Jun 20 02:27:46 iodine-client.domain.com iodine[2020]: Server switched upstream to codec Base128
Jun 20 02:27:46 iodine-client.domain.com iodine[2020]: No alternative downstream codec available, using default (Raw)
Jun 20 02:27:46 iodine-client.domain.com iodine[2020]: Switching to lazy mode for low-latency
Jun 20 02:27:46 iodine-client.domain.com iodine[2020]: Server switched to lazy mode
Jun 20 02:27:46 iodine-client.domain.com iodine[2020]: Autoprobing max downstream fragment size... (skip with -m fragsize)
Jun 20 02:27:46 iodine-client.domain.com iodine[2020]: 768 ok.. 1152 ok.. 1344 ok.. 1440 ok.. 1488 ok.. 1512 ok.. 1524 ok.. will use 1524-2=1522
Jun 20 02:27:46 iodine-client.domain.com iodine[2020]: Setting downstream fragment size to max 1522...
Jun 20 02:27:46 iodine-client.domain.com iodine[2020]: Connection setup complete, transmitting data.

Test client -> server and server -> client ping:

[root@iodine-client ~]# ping 172.21.21.1
PING 172.21.21.1 (172.21.21.1) 56(84) bytes of data.
64 bytes from 172.21.21.1: icmp_seq=1 ttl=64 time=0.045 ms
64 bytes from 172.21.21.1: icmp_seq=2 ttl=64 time=0.054 ms
64 bytes from 172.21.21.1: icmp_seq=3 ttl=64 time=0.038 ms
64 bytes from 172.21.21.1: icmp_seq=4 ttl=64 time=0.057 ms
^C
--- 172.21.21.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3000ms
rtt min/avg/max/mdev = 0.038/0.048/0.057/0.010 ms
[root@iodine-client ~]#
[root@iodine ~]# ping 172.21.21.2
PING 172.21.21.2 (172.21.21.2) 56(84) bytes of data.
64 bytes from 172.21.21.2: icmp_seq=1 ttl=64 time=0.063 ms
64 bytes from 172.21.21.2: icmp_seq=2 ttl=64 time=0.062 ms
64 bytes from 172.21.21.2: icmp_seq=3 ttl=64 time=0.064 ms
64 bytes from 172.21.21.2: icmp_seq=4 ttl=64 time=0.057 ms
^C
--- 172.21.21.2 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3000ms
rtt min/avg/max/mdev = 0.057/0.061/0.064/0.008 ms
[root@iodine ~]#

Example of an ssh tunnel (socks proxy) through the iodine server:

ssh 172.21.21.1 -p 443 -D 8080 -f -N

Or if you are using the iodine NetworkManager plugin:

dnf install NetworkManager-iodine-gnome -y

Screenshot from 2015-06-20 01-58-57

Screenshot from 2015-06-20 01-59-14

Screenshot from 2015-06-20 02-00-44

Screenshot from 2015-06-20 02-02-43

Screenshot from 2015-06-20 02-02-48

 

iodine GitHub: https://github.com/yarrick/iodine

 

Advertisements
iodine client/server on CentOS 7

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s