Skip to content

Instantly share code, notes, and snippets.

@jvaubourg
Last active May 24, 2018 17:31
Show Gist options
  • Save jvaubourg/cc70225f16eaaeb78bff2fae73dc0464 to your computer and use it in GitHub Desktop.
Save jvaubourg/cc70225f16eaaeb78bff2fae73dc0464 to your computer and use it in GitHub Desktop.
Transparently tunnel any TCP connection (system wide) over SOCKS5/SSH over DNS
#!/bin/bash
set -e
# This is client side, with:
# apt install iodine redsocks
# systemctl disable redsocks
#
# For the server side:
# apt install iodine
# cat /etc/default/iodine
# START_IODINED="true"
# IODINED_ARGS="192.168.99.1 ipodns.example.com"
# IODINED_PASSWORD="changeme"
IODINE_PWD=changeme
IODINE_PUBLIC_ADDR=ipodns.example.com
IODINE_PRIVATE_ADDR=192.168.99.1
SSH_USER=$USER
function reverse() {
trap - EXIT ERR INT
set +e
sudo iptables -t nat -D OUTPUT -p tcp -j REDSOCKS
sudo iptables -t nat -F REDSOCKS
sudo iptables -t nat -X REDSOCKS
[ -z "$PID_SSH" ] || sudo kill -9 $PID_SSH &> /dev/null
[ -z "$PID_IODINE" ] || sudo kill -9 $PID_IODINE &> /dev/null
sudo systemctl stop redsocks
exit 0
}
trap reverse EXIT ERR INT
sudo iptables -t nat -N REDSOCKS
sudo iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN
sudo iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345
sudo iptables -t nat -A OUTPUT -p tcp -j REDSOCKS
sudo systemctl start redsocks
sudo iodine -I 50 -f -P "${IODINE_PWD}" "${IODINE_PUBLIC_ADDR}" &> /tmp/ipodns_iodine.log &
PID_IODINE=$!
echo Waiting for dns0...
while ! ip link show dns0 &> /dev/null; do sleep 1; done
echo '=> dns0 ready'
ssh -ND 1080 "${SSH_USER}@${IODINE_PRIVATE_ADDR}" &> /tmp/ipodns_ssh.log &
PID_SSH=$!
echo Waiting for SOCKS...
while ! netstat -4nl | grep -q :1080; do sleep 1; done
echo '=> SOCKS ready'
# IPv6: https://github.com/darkk/redsocks/issues/89
cat <<EOF
Your IPv4: $(curl -s ip.yunohost.org)
All TCP sessions are now over DNS...
Press Enter to stop
EOF
read -s
exit 0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment