iodine 是一个比较著名(但是好久没更新版本)的DNS Tunnel,所谓 IP over DNS,用 DNS 的协议来承载 IP 包,所以特点是慢,但是针对某些 DNS 可用的场景,可以凑合解决上网的问题。
Github: https://github.com/yarrick/iodine
实验环境:客户端和服务端都是 Ubuntu 20.04,服务端有公网IP 2.3.4.5,且开放UDP 53端口,假设域名 iodine.sskaje.me 作为目标域名且 NS 正确配置,目标内网网段 192.168.253.0/24 。
准备软件
两台机器均执行下列命令安装iodine
apt update
apt install iodine
服务端命令
需要加NAT,否则出去的包的 src 是内网IP。
iodined -c -P myP4ssw0rd -n 2.3.4.5 192.168.253.1/24 iodine
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.253.0/24 -j MASQUERADE
客户端命令
iodine -P myP4ssw0rd iodine.sskaje.me
客户端验证
root@test-vm:/home/sskaje# ifconfig
dns0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1130
inet 192.168.253.2 netmask 255.255.255.0 destination 192.168.253.2
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 4 bytes 336 (336.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 22 bytes 1812 (1.8 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
root@test-vm:/home/sskaje# ping -I dns0 www.baidu.com
PING www.a.shifen.com (110.242.68.4) from 192.168.253.2 dns0: 56(84) bytes of data.
64 bytes from 110.242.68.4 (110.242.68.4): icmp_seq=1 ttl=49 time=58.2 ms
root@test-vm:/home/sskaje# mtr -I dns0 www.baidu.com
Segmentation fault (core dumped)
root@test-vm:/home/sskaje# ip route add 110.0.0.0/8 via 192.168.253.1 dev dns0
root@test-vm:/home/sskaje# tracepath www.baidu.com
1?: [LOCALHOST] pmtu 1130
1: 192.168.253.1 30.458ms
1: 192.168.253.1 31.392ms
2: xx.xx.xx.xx 34.918ms
3: ^C
macOS (只在Catalina 下测试过)
不要使用 macports 里的版本,直接从github拉下来,make就行。
sudo /usr/local/sbin/iodine -P myP4ssword iodine.sskaje.me
No tun devices found, trying utun
iodine: open_utun: connect: Resource busy
iodine: open_utun: connect: Resource busy
Opened utun2
Opened IPv4 UDP socket
Sending DNS queries for iodine.sskaje.me to 192.168.1.1
Autodetecting DNS query type (use -T to override).......
Using DNS type NULL queries
Version ok, both using protocol v 0x00000502. You are user #0
Retrying login...
Retrying login...
Setting IP of utun2 to 192.168.253.2
Adding route 192.168.253.0/24 to 192.168.253.2
add net 192.168.253.0: gateway 192.168.253.2
Setting MTU of utun2 to 1130
Server tunnel IP is 192.168.253.1
Requesting server address to attempt raw UDP mode (skip with -r)
Server is at 2.3.4.5, trying raw login: (skip with -r) ....failed
Using EDNS0 extension
Retrying upstream codec test...
Retrying upstream codec test...
Retrying upstream codec test...
Retrying upstream codec test...
Retrying upstream codec test...
Retrying upstream codec test...
Switching upstream to codec Base64u
Retrying codec switch...
Server switched upstream to codec Base64u
No alternative downstream codec available, using default (Raw)
Switching to lazy mode for low-latency
Server switched to lazy mode
Autoprobing max downstream fragment size... (skip with -m fragsize)
768 ok.. 1152 ok.. ...1344 not ok.. ...1248 not ok.. ...1200 not ok.. 1176 ok.. 1188 ok.. will use 1188-2=1186
Setting downstream fragment size to max 1186...
Retrying set fragsize...
Connection setup complete, transmitting data.
Detaching from terminal...
macOS 测试
rmbp15:iodine sskaje$ ping -I utun2 www.baidu.com
ping: invalid multicast interface: `utun2'
rmbp15:iodine sskaje$ ping 192.168.253.1
PING 192.168.253.1 (192.168.253.1): 56 data bytes
64 bytes from 192.168.253.1: icmp_seq=0 ttl=64 time=32.821 ms
rmbp15:iodine sskaje$ netstat -nr |grep 192.168.253
192.168.253 192.168.253.2 UGSc utun2
192.168.253.2 192.168.253.2 UH utun2
rmbp15:iodine sskaje$ sudo route add -host 110.242.68.3 -interface 192.168.253.1
add host 110.242.68.3: gateway 192.168.253.1
rmbp15:iodine sskaje$ ping 110.242.68.3
PING 110.242.68.3 (110.242.68.3): 56 data bytes
64 bytes from 110.242.68.3: icmp_seq=0 ttl=49 time=63.821 ms
64 bytes from 110.242.68.3: icmp_seq=1 ttl=49 time=86.906 ms
rmbp15:iodine sskaje$ traceroute 110.242.68.3
traceroute to 110.242.68.3 (110.242.68.3), 64 hops max, 52 byte packets
1 192.168.253.1 (192.168.253.1) 171.280 ms 42.212 ms 40.669 ms
2 x.x.x.x (x.x.x.x) 52.208 ms 56.762 ms
x.x.x.x (x.x.x.x) 43.776 ms
Leave a Reply