DNS/ICMP tunneling not working as intended

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
silvertriclops
Posts: 3
Joined: Thu Jan 07, 2016 9:48 pm

DNS/ICMP tunneling not working as intended

Post by silvertriclops » Fri Jan 08, 2016 1:22 am

OS: Server is Ubuntu Server 15.10 x64, client is Windows 10 x64

I have enabled the DNS/ICMP tunneling on the server. From what I understand, if the client cannot connect to the server over UDP or TCP it will run tests to determine whether DNS or ICMP tunneling is faster, and then connect with one of those. When I'm at home or at school, this works as intended, and blocking TCP and UDP (leaving port 53 open) in the windows firewall causes the expected results, and the VPN eventually successfully connects.

However, the reason I would need DNS and ICMP tunneling is to bypass paywalls or passwords on public wifi hotspots. For example, many Linksys routers have a separate guest network that is unencrypted, but requires a user to sign in with a guest password similar to those at hotels before they can access the internet. More importantly, accessing the internet on an airplane is extremely costly ($8 per flight on southwest). DNS tunneling with Iodine (http://code.kryo.se/iodine/) works. However, I am not able to use Iodine, because the Windows client has a bug which prevents me from actually tunneling anything once it connects. I have been able to get it to work by using an Ubuntu Server VM, but this method slows down my connection enough to cause timeouts on most webpages (think 1200bps modem speeds and >5000ms ping). Not only that, but running a VM cuts my laptop's battery life in half, which is unacceptable on a 6 hour flight.

So, how is it that DNS tunneling via Iodine always works, but connecting via Softether fails in cases when it would be the most useful?

thisjun
Posts: 2458
Joined: Mon Feb 24, 2014 11:03 am

Re: DNS/ICMP tunneling not working as intended

Post by thisjun » Thu Jan 21, 2016 6:42 am

What problem did occur on Windows actually?

silvertriclops
Posts: 3
Joined: Thu Jan 07, 2016 9:48 pm

Re: DNS/ICMP tunneling not working as intended

Post by silvertriclops » Thu Jan 21, 2016 11:04 am

thisjun wrote:
> What problem did occur on Windows actually?

With Iodine? It would connect to the server but the tap adapter would say no network connection, and I wasn't able to ping the server much less ssh tunnel or softether to it.

erikodiony
Posts: 7
Joined: Thu Jan 21, 2016 9:45 pm

Re: DNS/ICMP tunneling not working as intended

Post by erikodiony » Thu Jan 21, 2016 9:50 pm

softether not supported ip over dns like iodine / dns2tcp or heyoka, and only connect with to server udp 53 not using locally dns to transmitting data

chaoscreater
Posts: 12
Joined: Fri Jun 30, 2017 12:32 am

Re: DNS/ICMP tunneling not working as intended

Post by chaoscreater » Fri Jun 30, 2017 12:36 am

Sorry to hijack your topic, but did you have to port forward 53 on router router to your server, so that Softether client can use VPN over DNS to connect to the server?

silvertriclops
Posts: 3
Joined: Thu Jan 07, 2016 9:48 pm

Re: DNS/ICMP tunneling not working as intended

Post by silvertriclops » Fri Jun 30, 2017 2:30 pm

chaoscreater wrote:
> Sorry to hijack your topic, but did you have to port forward 53 on router
> router to your server, so that Softether client can use VPN over DNS to
> connect to the server?

I am using a VPS which by default has all ports open. If you run your VPN server behind a router, you'll have to forward any ports that you want to use.

Post Reply