IPoverDNS: Difference between revisions
(Created page with "== Ausgangslage == (todo) == Motivation == (todo) == Anleitung == === DNS Server Setup === === Iodine Server Setup === === Iodine Client Setup === === Deactivating Iod…") |
(put in content) |
||
| Line 12: | Line 12: | ||
=== DNS Server Setup === |
=== DNS Server Setup === |
||
Setting up Iodine requires control over a domain, for which you have to register the following dns records. |
|||
You have to run your own server with a public IP that will function as nameserver for your domain “mydomain.com” managed by iodine. |
|||
Assume you have a domain called “mydomain.com” and it’s IP is “1.2.3.4”. |
|||
You have to register a subdomain, e.g. “tunnel.mydomain.com”. Also, you need another subdomain “ns.mydomain.com” for your nameserver. |
|||
For the tunnel subdomain, Iodine on your own server (1.2.3.4) will pretend to be the authoritative nameserver. |
|||
So you need to create an A record for the sub-domain (tunnel.mydomain.com) that point to IP of the private server. |
|||
<code>dns IN A 1.2.3.4 </code> |
|||
And you need a NS recod that makes the dns sub-domain the authoritative name server for the tunnel sub domain. |
|||
<code>tunnel IN NS dns.domain.tld. </code> |
|||
<code> |
|||
A ns points to 1.2.3.4 |
|||
NS tunnel managed by ns.mydomain.com |
|||
</code> |
|||
=== Iodine Server Setup === |
=== Iodine Server Setup === |
||
====install and start iodine==== |
|||
<code>$ sudo apt install iodine</code> |
|||
<code>$ sudo iodined -c -f 10.0.0.1 -P 123456 tunnel.l0m.de </code> |
|||
==== Test server ==== |
|||
http://code.kryo.se/iodine/check-it/ |
|||
=== Iodine Client Setup === |
=== Iodine Client Setup === |
||
====install and start iodine==== |
|||
<code>$ sudo apt install iodine</code> |
|||
<code>$ sudo iodine -f -P 123456 tunnel.l0m.de</code> |
|||
====Test tunnel==== |
|||
<code>$ ping 10.0.0.1</code> |
|||
====Set up routes to go through the tunnel==== |
|||
Find out dns server: |
|||
<code>$ rnmcli dev show | grep DNS</code> |
|||
Find out gateway: |
|||
<code>$ rnetstat -rn|egrep "^0.0.0.0"</code> |
|||
Find out your tunnel interface: |
|||
ifconfig -> look for something like dns0 that wasn’t there before |
|||
<code>$ route del default</code> |
|||
<code>$ route add default dns0</code> |
|||
and if dns server and gateway don’t have the the same IP adress anyway: |
|||
<code>route add -host [DNS server IP] gw [gateway IP]</code> |
|||
Revision as of 09:12, 6 October 2017
Ausgangslage
(todo)
Motivation
(todo)
Anleitung
DNS Server Setup
Setting up Iodine requires control over a domain, for which you have to register the following dns records.
You have to run your own server with a public IP that will function as nameserver for your domain “mydomain.com” managed by iodine.
Assume you have a domain called “mydomain.com” and it’s IP is “1.2.3.4”. You have to register a subdomain, e.g. “tunnel.mydomain.com”. Also, you need another subdomain “ns.mydomain.com” for your nameserver. For the tunnel subdomain, Iodine on your own server (1.2.3.4) will pretend to be the authoritative nameserver.
So you need to create an A record for the sub-domain (tunnel.mydomain.com) that point to IP of the private server.
dns IN A 1.2.3.4
And you need a NS recod that makes the dns sub-domain the authoritative name server for the tunnel sub domain.
tunnel IN NS dns.domain.tld.
A ns points to 1.2.3.4
NS tunnel managed by ns.mydomain.com
Iodine Server Setup
install and start iodine
$ sudo apt install iodine
$ sudo iodined -c -f 10.0.0.1 -P 123456 tunnel.l0m.de
Test server
http://code.kryo.se/iodine/check-it/
Iodine Client Setup
install and start iodine
$ sudo apt install iodine
$ sudo iodine -f -P 123456 tunnel.l0m.de
Test tunnel
$ ping 10.0.0.1
Set up routes to go through the tunnel
Find out dns server:
$ rnmcli dev show | grep DNS
Find out gateway:
$ rnetstat -rn|egrep "^0.0.0.0"
Find out your tunnel interface:
ifconfig -> look for something like dns0 that wasn’t there before
$ route del default
$ route add default dns0
and if dns server and gateway don’t have the the same IP adress anyway:
route add -host [DNS server IP] gw [gateway IP]