DNS/ICMP tunneling not working as intended
Posted: Fri Jan 08, 2016 1:22 am
OS: Server is Ubuntu Server 15.10 x64, client is Windows 10 x64
I have enabled the DNS/ICMP tunneling on the server. From what I understand, if the client cannot connect to the server over UDP or TCP it will run tests to determine whether DNS or ICMP tunneling is faster, and then connect with one of those. When I'm at home or at school, this works as intended, and blocking TCP and UDP (leaving port 53 open) in the windows firewall causes the expected results, and the VPN eventually successfully connects.
However, the reason I would need DNS and ICMP tunneling is to bypass paywalls or passwords on public wifi hotspots. For example, many Linksys routers have a separate guest network that is unencrypted, but requires a user to sign in with a guest password similar to those at hotels before they can access the internet. More importantly, accessing the internet on an airplane is extremely costly ($8 per flight on southwest). DNS tunneling with Iodine (http://code.kryo.se/iodine/) works. However, I am not able to use Iodine, because the Windows client has a bug which prevents me from actually tunneling anything once it connects. I have been able to get it to work by using an Ubuntu Server VM, but this method slows down my connection enough to cause timeouts on most webpages (think 1200bps modem speeds and >5000ms ping). Not only that, but running a VM cuts my laptop's battery life in half, which is unacceptable on a 6 hour flight.
So, how is it that DNS tunneling via Iodine always works, but connecting via Softether fails in cases when it would be the most useful?
I have enabled the DNS/ICMP tunneling on the server. From what I understand, if the client cannot connect to the server over UDP or TCP it will run tests to determine whether DNS or ICMP tunneling is faster, and then connect with one of those. When I'm at home or at school, this works as intended, and blocking TCP and UDP (leaving port 53 open) in the windows firewall causes the expected results, and the VPN eventually successfully connects.
However, the reason I would need DNS and ICMP tunneling is to bypass paywalls or passwords on public wifi hotspots. For example, many Linksys routers have a separate guest network that is unencrypted, but requires a user to sign in with a guest password similar to those at hotels before they can access the internet. More importantly, accessing the internet on an airplane is extremely costly ($8 per flight on southwest). DNS tunneling with Iodine (http://code.kryo.se/iodine/) works. However, I am not able to use Iodine, because the Windows client has a bug which prevents me from actually tunneling anything once it connects. I have been able to get it to work by using an Ubuntu Server VM, but this method slows down my connection enough to cause timeouts on most webpages (think 1200bps modem speeds and >5000ms ping). Not only that, but running a VM cuts my laptop's battery life in half, which is unacceptable on a 6 hour flight.
So, how is it that DNS tunneling via Iodine always works, but connecting via Softether fails in cases when it would be the most useful?