Updated README with IPv6 details and fixed a bug with IPV6 only

enabled on one end of the tunnelx
This commit is contained in:
Chris Hellberg 2022-05-09 01:02:23 +00:00
parent 846082f13e
commit ab7e5b8656
3 changed files with 55 additions and 37 deletions

View file

@ -123,7 +123,7 @@ end of the tunnel. In this case, `ping 192.168.99.1` from the iodine client, and
### MISC. INFO ### MISC. INFO
#### IPv6 #### IPv6
The data inside the tunnel is IPv4 only. The data inside the tunnel may be IPv4 or IPv6.
The server listens to both IPv4 and IPv6 for incoming requests by default. The server listens to both IPv4 and IPv6 for incoming requests by default.
Use options `-4` or `-6` to only listen on one protocol. Raw mode will be Use options `-4` or `-6` to only listen on one protocol. Raw mode will be
@ -141,6 +141,14 @@ to your DNS setup. Extending the example above would look like this:
t1ns IN A 10.15.213.99 t1ns IN A 10.15.213.99
t1ns IN AAAA 2001:db8::1001:99 t1ns IN AAAA 2001:db8::1001:99
On the server, specify -S followed by an IPv6 address that will be the server end
of the IPv6 pool to allocate to clients. The server only supports a /64 subnet
mask, which is assumed and can be omitted. The first 64 bits are the network from
which IPv6 addresses are allocated from.
The client will automatically check for IPv6 capability on the server and
assign the allocated address to its tunnel interface. No flags are needed.
#### Routing #### Routing
It is possible to route all traffic through the DNS tunnel. To do this, first It is possible to route all traffic through the DNS tunnel. To do this, first
add a host route to the nameserver used by iodine over the wired/wireless add a host route to the nameserver used by iodine over the wired/wireless

View file

@ -2440,11 +2440,12 @@ int
handshake_check_v6(int dns_fd) handshake_check_v6(int dns_fd)
{ {
char in[4096]; char in[4096];
char server6[1024]; char server6[INET6_ADDRSTRLEN];
char client6[1024]; char client6[INET6_ADDRSTRLEN];
int i; int i;
int read; int read;
int netmask6 = 0; int netmask6 = 0;
int length_recieved;
fprintf(stderr, "Autoprobing server IPV6 tunnel support\n"); fprintf(stderr, "Autoprobing server IPV6 tunnel support\n");
@ -2468,10 +2469,13 @@ handshake_check_v6(int dns_fd)
fprintf(stderr, "Server tunnel IPv6 is %s\n", server6); fprintf(stderr, "Server tunnel IPv6 is %s\n", server6);
fprintf(stderr, "Local tunnel IPv6 is %s\n", client6); fprintf(stderr, "Local tunnel IPv6 is %s\n", client6);
length_recieved = strlen(client6);
if (length_recieved > 2) {
if (tun_setip6(client6, server6, netmask6) == 0) { if (tun_setip6(client6, server6, netmask6) == 0) {
use_v6 = true; use_v6 = true;
return 0; return 0;
} else { } else {
errx(4, "Failed to set IPv6 tunnel address"); errx(4, "Failed to set IPv6 tunnel address");
} }
@ -2479,6 +2483,7 @@ handshake_check_v6(int dns_fd)
fprintf(stderr, "Received bad IPv6 tunnel handshake\n"); fprintf(stderr, "Received bad IPv6 tunnel handshake\n");
} }
} }
}
fprintf(stderr, "Retrying IPv6 tunnel handshake...\n"); fprintf(stderr, "Retrying IPv6 tunnel handshake...\n");
} }

View file

@ -90,8 +90,8 @@ static int my_mtu;
static in_addr_t my_ip; static in_addr_t my_ip;
char display_ip6[INET6_ADDRSTRLEN]; char display_ip6[INET6_ADDRSTRLEN];
char *display_ip6_buffer; char *display_ip6_buffer = NULL;
char *ip6_netmask_buffer; char *ip6_netmask_buffer = NULL;
static struct in6_addr my_ip6; static struct in6_addr my_ip6;
static int netmask; static int netmask;
@ -2590,8 +2590,11 @@ main(int argc, char **argv)
} }
if (display_ip6_buffer != NULL) {
ip6_netmask_buffer = strchr(display_ip6_buffer, '/'); ip6_netmask_buffer = strchr(display_ip6_buffer, '/');
if (ip6_netmask_buffer) {
if (ip6_netmask_buffer != NULL) {
if (atoi(ip6_netmask_buffer+1) != ip6_netmask) { if (atoi(ip6_netmask_buffer+1) != ip6_netmask) {
warnx("IPv6 address must be a 64-bit mask."); warnx("IPv6 address must be a 64-bit mask.");
usage(); usage();
@ -2606,6 +2609,7 @@ main(int argc, char **argv)
warnx("Bad IPv6 address to use inside tunnel."); warnx("Bad IPv6 address to use inside tunnel.");
usage(); usage();
} }
}
topdomain = strdup(argv[1]); topdomain = strdup(argv[1]);
if (check_topdomain(topdomain, 1, &errormsg)) { if (check_topdomain(topdomain, 1, &errormsg)) {
@ -2753,10 +2757,11 @@ main(int argc, char **argv)
} }
if (display_ip6_buffer != NULL) {
if (tun_setip6(display_ip6, display_other_ip6, ip6_netmask) != 0 ) { if (tun_setip6(display_ip6, display_other_ip6, ip6_netmask) != 0 ) {
retval = 1; retval = 1;
goto cleanup; goto cleanup;
}
} }
if ((mtu < 1280) && (sizeof(display_ip6)) != 0) { if ((mtu < 1280) && (sizeof(display_ip6)) != 0) {