Updated docs

This commit is contained in:
Erik Ekman 2006-06-23 11:38:20 +00:00
parent b320f6de56
commit d509c911c1

60
README
View File

@ -14,8 +14,8 @@ HOW TO USE:
Server side: Server side:
To use this tunnel, you need control over a real domain (like mytunnel.com), To use this tunnel, you need control over a real domain (like mytunnel.com),
and another computer with a static public IP number that does not yet run a DNS and a server with a static public IP number that does not yet run a DNS
server. Then, delegate a subdomain (say, tunnel1.mytunnel.com) to the computer. server. Then, delegate a subdomain (say, tunnel1.mytunnel.com) to the server.
If you use BIND for the domain, add these lines to the zone file: If you use BIND for the domain, add these lines to the zone file:
tunnel1host IN A 10.15.213.99 tunnel1host IN A 10.15.213.99
@ -32,14 +32,36 @@ and also start listening for DNS queries on UDP port 53. Now everything is
ready for the client. ready for the client.
Client side: Client side:
All the setup is done, just start iodine. It also takes two arguments, the All the setup is done, just start iodine. It also takes two
first is the server (10.15.213.99 or tunnel1host.mytunnel.com) and the second arguments, the first is the local relaying DNS server and the second is the
is the domain used (tunnel1.mytunnnel.com). The tunnel interface will get an IP domain used (tunnel1.mytunnnel.com). If DNS queries are allowed to any
close to the servers (in this case 192.168.99.2) and a suitable MTU. Now you computer, you can use the tunnel endpoint (example: 10.15.213.99 or
should be able to ping the other end of the tunnel from each side. tunnel1host.mytunnel.com) as the first argument. The tunnel interface will get
an IP close to the servers (in this case 192.168.99.2) and a suitable MTU. Now
you should be able to ping the other end of the tunnel from either side.
INFO: MISC. INFO:
Note that you can have only one client per server at the same time. This is
because of the fragmentation of big packets going upstream, and will be fixed
in future versions.
Try experimenting with the MTU size (-m option) to get maximum bandwidth. It is
set to 1024 by default, which seems to work with most DNS servers. If you have
problems, try setting it to below 512.
If you have problems, try inspecting the traffic with network monitoring tools
and make sure that the relaying DNS server has not cached the response. A
cached error message could mean that you started the client before the server.
The upstream data is sent gzipped encoded in hexadecimal. DNS protocol allows
one query per packet, and one query can be max 256 chars. Each domain name part
can be max 63 chars. So your domain name and subdomain should be as short as
possible to allow maximum throughput.
PORTABILITY:
iodine has been tested on Linux (x86 and SPARC64) and OpenBSD (x86). It should iodine has been tested on Linux (x86 and SPARC64) and OpenBSD (x86). It should
work on other unix-like systems as well that has TUN/TAP tunneling support. Let work on other unix-like systems as well that has TUN/TAP tunneling support. Let
@ -49,21 +71,21 @@ us know if you get it to run on other platforms.
THE NAME: THE NAME:
The name iodine was chosen since it starts with IOD (IP Over DNS) and since The name iodine was chosen since it starts with IOD (IP Over DNS) and since
iodine has atomic number 53, just like the DNS port. iodine has atomic number 53, which happens to be the DNS port number.
AUTHORS & LICENSE: AUTHORS & LICENSE:
Copyright (c) 2006 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se> Copyright (c) 2006 Bjorn Andersson <flex@kryo.se>, Erik Ekman <yarrick@kryo.se>
Permission to use, copy, modify, and distribute this software for any Permission to use, copy, modify, and distribute this software for any purpose
purpose with or without fee is hereby granted, provided that the above with or without fee is hereby granted, provided that the above copyright notice
copyright notice and this permission notice appear in all copies. and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. PERFORMANCE OF THIS SOFTWARE.