Transparently tunnel any TCP connection (system wide) over SOCKS5/SSH over DNS
#!/bin/bash | |
set -e | |
# This is client side, with: | |
# apt install iodine redsocks | |
# systemctl disable redsocks | |
# | |
# For the server side: | |
# apt install iodine | |
# cat /etc/default/iodine | |
# START_IODINED="true" | |
# IODINED_ARGS="192.168.99.1 ipodns.example.com" | |
# IODINED_PASSWORD="changeme" | |
IODINE_PWD=changeme | |
IODINE_PUBLIC_ADDR=ipodns.example.com | |
IODINE_PRIVATE_ADDR=192.168.99.1 | |
SSH_USER=$USER | |
function reverse() { | |
trap - EXIT ERR INT | |
set +e | |
sudo iptables -t nat -D OUTPUT -p tcp -j REDSOCKS | |
sudo iptables -t nat -F REDSOCKS | |
sudo iptables -t nat -X REDSOCKS | |
[ -z "$PID_SSH" ] || sudo kill -9 $PID_SSH &> /dev/null | |
[ -z "$PID_IODINE" ] || sudo kill -9 $PID_IODINE &> /dev/null | |
sudo systemctl stop redsocks | |
exit 0 | |
} | |
trap reverse EXIT ERR INT | |
sudo iptables -t nat -N REDSOCKS | |
sudo iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN | |
sudo iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN | |
sudo iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN | |
sudo iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN | |
sudo iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN | |
sudo iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN | |
sudo iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN | |
sudo iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN | |
sudo iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN | |
sudo iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345 | |
sudo iptables -t nat -A OUTPUT -p tcp -j REDSOCKS | |
sudo systemctl start redsocks | |
sudo iodine -I 50 -f -P "${IODINE_PWD}" "${IODINE_PUBLIC_ADDR}" &> /tmp/ipodns_iodine.log & | |
PID_IODINE=$! | |
echo Waiting for dns0... | |
while ! ip link show dns0 &> /dev/null; do sleep 1; done | |
echo '=> dns0 ready' | |
ssh -ND 1080 "${SSH_USER}@${IODINE_PRIVATE_ADDR}" &> /tmp/ipodns_ssh.log & | |
PID_SSH=$! | |
echo Waiting for SOCKS... | |
while ! netstat -4nl | grep -q :1080; do sleep 1; done | |
echo '=> SOCKS ready' | |
# IPv6: https://github.com/darkk/redsocks/issues/89 | |
cat <<EOF | |
Your IPv4: $(curl -s ip.yunohost.org) | |
All TCP sessions are now over DNS... | |
Press Enter to stop | |
EOF | |
read -s | |
exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment