iodine lets you tunnel IPv4 data through a DNS server. This can be useful in situations where Internet access is firewalled, but DNS queries are allowed. It needs a TUN/TAP device to operate. The bandwidth is asymmetrical with limited upstream and up to 1 Mbit/s downstream.
|Tags||Communications Internet DNS Security Networking|
|Operating Systems||POSIX BSD NetBSD Linux OpenBSD FreeBSD Mac OS X Windows|
Release Notes: A new raw UDP mode was added, which can give very high throughput if packets are allowed through by the firewall. Instead of just the NULL type, iodine can now use CNAME, A, MX, TXT, and SRV query types, and has much lower latency. Lots of fixes were made overall, including better TAP32 support on Win32.
Release Notes: A segmentation fault was fixed for Mac OS X and FreeBSD.
Release Notes: Windows support was added using the OpenVPN TAP32 driver. The autoprobe functionality has received a number of fixes. iodined now logs to syslog when users log in.
Release Notes: iodine now does automatic probing of maximum accepted size on downstream data, and the server will fragment using this value. This enhanced throughput and ease of use because big packets like SSH login will work even if relay only allows 512 bytes. iodined now also replies to NS requests and can relay other queries to another DNS server on the same host. The client also uses one more bit of data per byte (base64) in upstream data, if accepted by the relay.
Release Notes: Groups are now cleared when dropping privileges. Many small patches have been applied. UDP ports are no longer checked, so users behind NAT should not have any problems. This was also needed because most DNS servers are now fixed to randomize ports.