Transparently tunnel any TCP connection (system wide) over SOCKS5/SSH over DNS

## ipodns.sh
#!/bin/bash

set -e

# This is client side, with:
#   apt install iodine redsocks
#   systemctl disable redsocks
#
# For the server side:
#   apt install iodine
#   cat /etc/default/iodine
#     START_IODINED="true"
#     IODINED_ARGS="192.168.99.1 ipodns.example.com"
#     IODINED_PASSWORD="changeme"

IODINE_PWD=changeme
IODINE_PUBLIC_ADDR=ipodns.example.com
IODINE_PRIVATE_ADDR=192.168.99.1
SSH_USER=$USER

function reverse() {
  trap - EXIT ERR INT
  set +e

  sudo iptables -t nat -D OUTPUT -p tcp -j REDSOCKS
  sudo iptables -t nat -F REDSOCKS
  sudo iptables -t nat -X REDSOCKS

  [ -z "$PID_SSH" ] || sudo kill -9 $PID_SSH &> /dev/null
  [ -z "$PID_IODINE" ] || sudo kill -9 $PID_IODINE &> /dev/null

  sudo systemctl stop redsocks

  exit 0
}

trap reverse EXIT ERR INT

sudo iptables -t nat -N REDSOCKS
sudo iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN
sudo iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN
sudo iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345
sudo iptables -t nat -A OUTPUT -p tcp -j REDSOCKS

sudo systemctl start redsocks

sudo iodine -I 50 -f -P "${IODINE_PWD}" "${IODINE_PUBLIC_ADDR}" &> /tmp/ipodns_iodine.log &
PID_IODINE=$!

echo Waiting for dns0...
while ! ip link show dns0 &> /dev/null; do sleep 1; done
echo '=> dns0 ready'

ssh -ND 1080 "${SSH_USER}@${IODINE_PRIVATE_ADDR}" &> /tmp/ipodns_ssh.log &
PID_SSH=$!

echo Waiting for SOCKS...
while ! netstat -4nl | grep -q :1080; do sleep 1; done
echo '=> SOCKS ready'

# IPv6: https://github.com/darkk/redsocks/issues/89
cat <<EOF

Your IPv4: $(curl -s ip.yunohost.org)
All TCP sessions are now over DNS...

Press Enter to stop
EOF

read -s

exit 0
	#!/bin/bash

	set -e

	# This is client side, with:
	# apt install iodine redsocks
	# systemctl disable redsocks
	#
	# For the server side:
	# apt install iodine
	# cat /etc/default/iodine
	# START_IODINED="true"
	# IODINED_ARGS="192.168.99.1 ipodns.example.com"
	# IODINED_PASSWORD="changeme"

	IODINE_PWD=changeme
	IODINE_PUBLIC_ADDR=ipodns.example.com
	IODINE_PRIVATE_ADDR=192.168.99.1
	SSH_USER=$USER

	function reverse() {
	trap - EXIT ERR INT
	set +e

	sudo iptables -t nat -D OUTPUT -p tcp -j REDSOCKS
	sudo iptables -t nat -F REDSOCKS
	sudo iptables -t nat -X REDSOCKS

	[ -z "$PID_SSH" ] \|\| sudo kill -9 $PID_SSH &> /dev/null
	[ -z "$PID_IODINE" ] \|\| sudo kill -9 $PID_IODINE &> /dev/null

	sudo systemctl stop redsocks

	exit 0
	}

	trap reverse EXIT ERR INT

	sudo iptables -t nat -N REDSOCKS
	sudo iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
	sudo iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
	sudo iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
	sudo iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
	sudo iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
	sudo iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
	sudo iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
	sudo iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN
	sudo iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN
	sudo iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345
	sudo iptables -t nat -A OUTPUT -p tcp -j REDSOCKS

	sudo systemctl start redsocks

	sudo iodine -I 50 -f -P "${IODINE_PWD}" "${IODINE_PUBLIC_ADDR}" &> /tmp/ipodns_iodine.log &
	PID_IODINE=$!

	echo Waiting for dns0...
	while ! ip link show dns0 &> /dev/null; do sleep 1; done
	echo '=> dns0 ready'

	ssh -ND 1080 "${SSH_USER}@${IODINE_PRIVATE_ADDR}" &> /tmp/ipodns_ssh.log &
	PID_SSH=$!

	echo Waiting for SOCKS...
	while ! netstat -4nl \| grep -q :1080; do sleep 1; done
	echo '=> SOCKS ready'

	# IPv6: https://github.com/darkk/redsocks/issues/89
	cat <<EOF

	Your IPv4: $(curl -s ip.yunohost.org)
	All TCP sessions are now over DNS...

	Press Enter to stop
	EOF

	read -s

	exit 0