*not* just another blog ;)

Today, I will be setting up an Iodine DNS Tunnel to bypass captive portals in order to gain access to the internet. This works on mobile phones as well as Linux computers.

This tutorial will focus on using a mobile phone to gain free internet by tunnelling data through a DNS server. The main point here to note is that this is not a fast connection, it's somewhere between 56kbits to 128kbits depending on latency to your server. I have about 30ms to my server and the speed is around 64kbits solid. It's great for accessing websites, SSH, etc without any internet data.

Getting Started

First thing we need is a server or VPS with a public IP, and with TUN/TAP enabled. If you don't have that enabled, you'll get an error to remind you. Chances are it is, if not, enable it in your VPS control panel. If you're looking for a cheap VPS for this, then I recommend this one for only $6/year.

If you have your own domain and can set up A and NS records, you may skip this part.

Secondly, we need a freedns account, click here to create one. Then create a subdomain here, my example is dah85.mooo.com.

Your settings should look like this:

  • Type: A
  • Subdomain: (your choice)
  • Domain: (pick one)
  • Destination: (the IP of your vps)

Now we have the A record, we need to add an NS record. Click on Add, and set it up like this:

  • Type: NS
  • Subdomain: Same as above
  • Domain: Same as above
  • Destination: (the hostname, for example dah85.mooo.com)

Setting up Iodine

Once you have your DNS settings set up, you can install Iodine on your VPS:

apt install iodine

Now, we need to set up networking.

echo 1 > /proc/sys/net/ipv4/ip_forward

echo "net.ipv4.ip_forward=1" > /etc/sysctl.d/60-ipv4-forward.conf

iptables -t nat -A POSTROUTING -o venet0 -j MASQUERADE 

iptables -t filter -A FORWARD -i venet0 -o dns0 -m state --state RELATED,ESTABLISHED -j ACCEPT 

iptables -t filter -A FORWARD -i dns0 -o venet0 -j ACCEPT 

iptables-save > /etc/iptables.rules 

You may need to replace venet0 with eth0, depending on your setup. If you're not sure, check with ifconfig.

Now, we need to start the Iodine server:

iodined -f -c -m 1280 -DDDDD -P topsecret dah85.mooo.com &

Replace topsecret with a password you'd like to use, and replace dah85.mooo.com with your subdomain you're using.

Testing the Iodine server

Head to http://code.kryo.se/iodine/check-it/ and put your Iodine domain in and make sure it says it's all working, then we can proceed.

Setting up Andiodine on Android

Now that's done, we need to install andiodine client on your Android phone. You can get it from https://f-droid.org/packages/org.xapek.andiodine/

Once that's done, we can set it up like this:

Name: dah85.mooo.com Tunnel Topdomain: dah85.mooo.com Password: topsecret

Leave the rest as the default.

Now, connect to it and you should have a DNS tunnel working. All traffic on your phone is going through the tunnel :)

I have tested this, and confirmed that it works on the following: Telstra, Vodafone and Optus mobile phone networks in Australia. I found the SIM card doesn't even need to be registered or activated, which is a bit concerning. Basically, if you're able to access the carrier's website without credit, this will work.

Let me know in the comments how you go and if you need clarification :)

Update: I have noticed that when adding an NS entry with FreeDNS you will get a message "NS records on dynamic dns domains are currently restricted, contact an admin for assistance to have it enabled" - If you have your own domain, you can ignore this. Another alternative is to use a free Freenom domain and point it to Cloudflare's DNS and set up the A and NS records there.