./net/iodine, Tool to tunnel IPv4 over DNS

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 0.7.0, Package name: iodine-0.7.0, Maintainer: mwilhelmy

iodine lets you tunnel IPv4 data through a DNS server. This can be usable in
different situations where internet access is firewalled, but DNS queries are
allowed.

It runs on Linux, Mac OS X, FreeBSD, NetBSD and OpenBSD and needs a TUN/TAP
device. The bandwidth is assymetrical with limited upstream and up to 1 Mbit/s
downstream.

Compared to other DNS tunnel implementations, iodine offers:
* Higher performance: iodine uses the NULL type that allows the downstream
data to be sent without encoding. Each DNS reply can contain nearly a
kilobyte of payload data.

* Portability: iodine runs on many different UNIX-like systems. Tunnels can be
set up between two hosts no matter their endianness or operating system.

* Security: iodine uses challenge-response login secured by MD5 hash. It also
filters out any packets not coming from the IP and port used when logging
in.

* Less setup: iodine handles setting IP number on interfaces automatically,
and up to 8 users can share one server at the same time.


Required to build:
[pkgtools/cwrappers]

Master sites:

Filesize: 93.927 KB

Version history: (Expand)


CVS history: (Expand)


   2021-10-26 13:07:15 by Nia Alarie | Files touched by this commit (958)
Log message:
net: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Not committed (merge conflicts...):

net/radsecproxy/distinfo

The following distfiles could not be fetched (fetched conditionally?):

./net/citrix_ica/distinfo citrix_ica-10.6.115659/en.linuxx86.tar.gz
./net/djbdns/distinfo dnscache-1.05-multiple-ip.patch
./net/djbdns/distinfo djbdns-1.05-test28.diff.xz
./net/djbdns/distinfo djbdns-1.05-ignoreip2.patch
./net/djbdns/distinfo djbdns-1.05-multiip.diff
./net/djbdns/distinfo djbdns-cachestats.patch
   2021-10-07 16:43:07 by Nia Alarie | Files touched by this commit (962)
Log message:
net: Remove SHA1 hashes for distfiles
   2020-01-26 18:32:28 by Roland Illig | Files touched by this commit (981)
Log message:
all: migrate homepages from http to https

pkglint -r --network --only "migrate"

As a side-effect of migrating the homepages, pkglint also fixed a few
indentations in unrelated lines. These and the new homepages have been
checked manually.
   2015-11-04 01:35:47 by Alistair G. Crooks | Files touched by this commit (748)
Log message:
Add SHA512 digests for distfiles for net category

Problems found with existing digests:
	Package haproxy distfile haproxy-1.5.14.tar.gz
	159f5beb8fdc6b8059ae51b53dc935d91c0fb51f [recorded]
	da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]

Problems found locating distfiles:
	Package bsddip: missing distfile bsddip-1.02.tar.Z
	Package citrix_ica: missing distfile citrix_ica-10.6.115659/en.linuxx86.tar.gz
	Package djbdns: missing distfile djbdns-1.05-test25.diff.bz2
	Package djbdns: missing distfile djbdns-cachestats.patch
	Package djbdns: missing distfile 0002-dnscache-cache-soa-records.patch
	Package gated: missing distfile gated-3-5-11.tar.gz
	Package owncloudclient: missing distfile owncloudclient-2.0.2.tar.xz
	Package poink: missing distfile poink-1.6.tar.gz
	Package ra-rtsp-proxy: missing distfile rtspd-src-1.0.0.0.tar.gz
	Package ucspi-ssl: missing distfile ucspi-ssl-0.70-ucspitls-0.1.patch
	Package waste: missing distfile waste-source.tar.gz

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
   2014-06-26 20:54:09 by Thomas Klausner | Files touched by this commit (5)
Log message:
Update to 0.7.0, fixing a security issue.

2014-06-16: 0.7.0 "Kryoptonite"
	- Partial IPv6 support (#107)
	   Client can connect to iodined through an relaying IPv6
	   nameserver. Server only supports IPv4 for now.
	   Traffic inside tunnel is IPv4.
	- Add socket activation for systemd, by Michael Scherer.
	- Add automated lookup of external ip (via -n auto).
	- Bugfix for OS X (Can't assign requested address)
	- Fix DNS tunneling bug caused by uninitialized variable, #94
	- Handle spaces when entering password interactively, fixes #93.
		Patch by Hagar.
	- Add -R option to set OpenBSD routing domain for the DNS socket.
		Patch by laurent at gouloum fr, fixes #95.
	- Add android patches and makefile, from Marcel Bokhorst, fixes #105.
	- Added missing break in iodine.c, by Pavel Pergamenshchik, #108.
	- A number of minor patches from Frank Denis, Gregor Herrmann and
		Barak A. Pearlmutter.
	- Testcase compilation fixes for OS X and FreeBSD
	- Do not let sockets be inherited by sub-processes, fixes #99.
	- Add unspecified RR type (called PRIVATE; id 65399, in private use
		range). For servers with RFC3597 support. Fixes #97.
	- Fix authentication bypass vulnerability; found by Oscar Reparaz.
   2013-07-12 12:45:05 by Jonathan Perkin | Files touched by this commit (181)
Log message:
Bump PKGREVISION of all packages which create users, to pick up change of
sysutils/user_* packages.
   2012-12-12 14:19:06 by Thomas Klausner | Files touched by this commit (6)
Log message:
Import iodine-0.6.0rc1 as net/iodine, packaged for wip by Moritz Wilhelmy,
Georg Schwarz and MJ Turner.

iodine lets you tunnel IPv4 data through a DNS server. This can be usable in
different situations where internet access is firewalled, but DNS queries are
allowed.

It runs on Linux, Mac OS X, FreeBSD, NetBSD and OpenBSD and needs a TUN/TAP
device. The bandwidth is assymetrical with limited upstream and up to 1 Mbit/s
downstream.

Compared to other DNS tunnel implementations, iodine offers:
 * Higher performance: iodine uses the NULL type that allows the downstream
   data to be sent without encoding. Each DNS reply can contain nearly a
   kilobyte of payload data.

 * Portability: iodine runs on many different UNIX-like systems. Tunnels can be
   set up between two hosts no matter their endianness or operating system.

 * Security: iodine uses challenge-response login secured by MD5 hash. It also
   filters out any packets not coming from the IP and port used when logging
   in.

 * Less setup: iodine handles setting IP number on interfaces automatically,
   and up to 8 users can share one server at the same time.