Like me, you may have faced this situation when you really need Internet but only have access to non-free WiFi hotspots (in an airport, tube, train, etc.). And even worst, when you cannot establish a single SSH connexion nor VPN proxy because the firewall is blocking everything. Fortunately, DNS tunneling is here to save us!
One of the most famous DNS tunneling tool is iodine, which is quite easy to setup. Unfortunately the latest client version (0.6.0-rc1) was not available for iOS, until I decided to compile it and push it on my Cydia Repository. So you can now enjoy DNS tunneling on your jailbroken iPhone, iPad or iPod Touch!
The package “iodine 0.6.0-rc1 (IPv4 over DNS tunnel)” installs the latest and patched version of iodine on your iDevice. This tool lets you tunnel IPv4 data through a DNS server. This can be usable in different situations where internet access is firewalled, but DNS queries are allowed.
How do I install this package?
Is it safe?
The iodine client should be safe to use. The most dangerous aspect of DNS tunneling is that anyone can see your traffic and do nasty things with it. Nothing is encrypted. So if you really wish to do DNS tunneling you should use a SSH tunnel inside the DNS tunnel.
I recommend you to read those lines carefully. They have been extracted from the manpage:
Login is a relatively secure challenge-response MD5 hash, with the password never passing the wire. However, all other data is NOT encrypted in any way. The DNS traffic is also vulnerable to replay, injection and man-in-the-middle attacks, especially when iodined is used with the -c option. Use of ssh or vpn tunneling is strongly recommended. On both server and client, use iptables, pf or other firewalls to block all traffic coming in from the tun interfaces, except to the used ssh or vpn ports.
What about performances?
DNS tunneling is very slow. But you have to understand that using such a trick allows you to have Internet in the worst scenario, just by accessing a WiFi hotspot that performs DNS queries (most of them do). Depending of the payload size you can pipe into the DNS tunnel, you can have very bad performances such as 5kb/s but that can go up to 200kb/s.
Enjoy Internet everywhere!
Big thanks to Kryo, yarrick, Doorman, D4rkM4t3r and all iodine contributors.
- http://code.kryo.se/iodine/ – Official iodine website, kryo.se: iodine (IP-over-DNS, IPv4 over DNS tunnel).
- https://github.com/yarrick/iodine – A maintained iodine version. This is the one I used.
- http://doorman.danssaert.be/?p=51 – An old iodine version (0.5.2) compiled for iOS with diff provided by Doorman.
- https://github.com/D4rkM4t3r/libpcap-iphone – libpcap for iOS. Awesome script by D4rkM4t3r.
- http://code.gerade.org/tunemu/ – tunemu, a tun device emulation for Darwin.