[iodine-users] Doubts regarding iodine

Wicher wicher at gavagai.eu
Thu Apr 11 17:40:19 CEST 2013


On Thu, Apr 11, 2013 at 1:14 PM, Bishneet Kaur <psxbk3 at nottingham.ac.uk> wrote:
> Thanks Wicher, I have understood little bit and will tell you. Tell me where I am wrong.
>
> You set a system configuring a domain name in that and giving fake NS as your iodine server which responds to query of some subdomain. This system is anything EXCEPT iodine client and server. (let say it as system_abc)

It would be nice if said system would be a proper member of the global
DNS hierarchy, so that any other system (for instance, the system of
the hotel that you're staying at) knows how to reach it.

> At iodine server you run iodine daemon.

Yes.

> At iodine client, you establish connection with this iodine server with client asking its DNS server which will query recursively to reach machine (system_abc). Then a connection with server is established and a tunnel is created.

Yes.

> You can now ping client and server using NEW IPs assigned to newly created dns interfaces.

Yes.

> Now 2 questions?
>
> 1. What after that? I want to send data using these interfaces. How Can I do that?

If you're pinging, and get responses, then you're already sending data
bidirectionally. It's an IP tunnel, so anything IP goes. If you don't
want to do routing, run a SOCKS proxy on the server's iodine
interface, and connect to that from the client's iodine interface.

> 2. Suppose at stating I don't want to use any (system_abc) as in this system, I have to give IP of Iodine server.

If you directly connect to the Iodine server, then it's behaving like
a regular VPN (with weak encryption). If you only want a VPN, there
are better options (try tinc).

> Suppose this IP is such that it changes frequently. So, I don't want to touch any faraway system (system_abc) frequently to change IP of my Iodine server. So Is there any way, I can configure domain name locally. If yes, what are the pros and cons?

If that IP changes frequently, you'll have to reconfigure the NS
record often, so give it a low TTL. You may be able to reconfigure it
automatically every time the server changes its IP.
But if you're connecting to the iodine server directly (in which case
you'd be better off with a proper VPN), without an upstream server
doing recursive resolving, then you could also just use any dynamic
DNS service (or build your own) to be able to know the IP of the
iodine server.

Cheers, Wicher

PS Please do not reply just to me personally, CC the list as well.



More information about the iodine-users mailing list