Last active
May 24, 2018 17:31
-
-
Save jvaubourg/cc70225f16eaaeb78bff2fae73dc0464 to your computer and use it in GitHub Desktop.
Transparently tunnel any TCP connection (system wide) over SOCKS5/SSH over DNS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -e | |
# This is client side, with: | |
# apt install iodine redsocks | |
# systemctl disable redsocks | |
# | |
# For the server side: | |
# apt install iodine | |
# cat /etc/default/iodine | |
# START_IODINED="true" | |
# IODINED_ARGS="192.168.99.1 ipodns.example.com" | |
# IODINED_PASSWORD="changeme" | |
IODINE_PWD=changeme | |
IODINE_PUBLIC_ADDR=ipodns.example.com | |
IODINE_PRIVATE_ADDR=192.168.99.1 | |
SSH_USER=$USER | |
function reverse() { | |
trap - EXIT ERR INT | |
set +e | |
sudo iptables -t nat -D OUTPUT -p tcp -j REDSOCKS | |
sudo iptables -t nat -F REDSOCKS | |
sudo iptables -t nat -X REDSOCKS | |
[ -z "$PID_SSH" ] || sudo kill -9 $PID_SSH &> /dev/null | |
[ -z "$PID_IODINE" ] || sudo kill -9 $PID_IODINE &> /dev/null | |
sudo systemctl stop redsocks | |
exit 0 | |
} | |
trap reverse EXIT ERR INT | |
sudo iptables -t nat -N REDSOCKS | |
sudo iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN | |
sudo iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN | |
sudo iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN | |
sudo iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN | |
sudo iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN | |
sudo iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN | |
sudo iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN | |
sudo iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN | |
sudo iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN | |
sudo iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345 | |
sudo iptables -t nat -A OUTPUT -p tcp -j REDSOCKS | |
sudo systemctl start redsocks | |
sudo iodine -I 50 -f -P "${IODINE_PWD}" "${IODINE_PUBLIC_ADDR}" &> /tmp/ipodns_iodine.log & | |
PID_IODINE=$! | |
echo Waiting for dns0... | |
while ! ip link show dns0 &> /dev/null; do sleep 1; done | |
echo '=> dns0 ready' | |
ssh -ND 1080 "${SSH_USER}@${IODINE_PRIVATE_ADDR}" &> /tmp/ipodns_ssh.log & | |
PID_SSH=$! | |
echo Waiting for SOCKS... | |
while ! netstat -4nl | grep -q :1080; do sleep 1; done | |
echo '=> SOCKS ready' | |
# IPv6: https://github.com/darkk/redsocks/issues/89 | |
cat <<EOF | |
Your IPv4: $(curl -s ip.yunohost.org) | |
All TCP sessions are now over DNS... | |
Press Enter to stop | |
EOF | |
read -s | |
exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment