Updated README with IPv6 details and fixed a bug with IPV6 only

enabled on one end of the tunnelx
This commit is contained in:
Chris Hellberg 2022-05-09 01:02:23 +00:00
parent 846082f13e
commit ab7e5b8656
3 changed files with 55 additions and 37 deletions

View file

@ -123,7 +123,7 @@ end of the tunnel. In this case, `ping 192.168.99.1` from the iodine client, and
### MISC. INFO ### MISC. INFO
#### IPv6 #### IPv6
The data inside the tunnel is IPv4 only. The data inside the tunnel may be IPv4 or IPv6.
The server listens to both IPv4 and IPv6 for incoming requests by default. The server listens to both IPv4 and IPv6 for incoming requests by default.
Use options `-4` or `-6` to only listen on one protocol. Raw mode will be Use options `-4` or `-6` to only listen on one protocol. Raw mode will be
@ -141,6 +141,14 @@ to your DNS setup. Extending the example above would look like this:
t1ns IN A 10.15.213.99 t1ns IN A 10.15.213.99
t1ns IN AAAA 2001:db8::1001:99 t1ns IN AAAA 2001:db8::1001:99
On the server, specify -S followed by an IPv6 address that will be the server end
of the IPv6 pool to allocate to clients. The server only supports a /64 subnet
mask, which is assumed and can be omitted. The first 64 bits are the network from
which IPv6 addresses are allocated from.
The client will automatically check for IPv6 capability on the server and
assign the allocated address to its tunnel interface. No flags are needed.
#### Routing #### Routing
It is possible to route all traffic through the DNS tunnel. To do this, first It is possible to route all traffic through the DNS tunnel. To do this, first
add a host route to the nameserver used by iodine over the wired/wireless add a host route to the nameserver used by iodine over the wired/wireless

View file

@ -2440,44 +2440,49 @@ int
handshake_check_v6(int dns_fd) handshake_check_v6(int dns_fd)
{ {
char in[4096]; char in[4096];
char server6[1024]; char server6[INET6_ADDRSTRLEN];
char client6[1024]; char client6[INET6_ADDRSTRLEN];
int i; int i;
int read; int read;
int netmask6 = 0; int netmask6 = 0;
int length_recieved;
fprintf(stderr, "Autoprobing server IPV6 tunnel support\n"); fprintf(stderr, "Autoprobing server IPV6 tunnel support\n");
for (i = 0; running && i < 5; i++) { for (i = 0; running && i < 5; i++) {
send_v6_probe(dns_fd); send_v6_probe(dns_fd);
read = handshake_waitdns(dns_fd, in, sizeof(in), 'g', 'G', i+1); read = handshake_waitdns(dns_fd, in, sizeof(in), 'g', 'G', i+1);
if (read > 0) { if (read > 0) {
/* /*
* including a terminating dash to allow for future IPv6 options, e.g. * including a terminating dash to allow for future IPv6 options, e.g.
* netmask. Currently assumes /64. MTU is taken from the IPv4 handshake. * netmask. Currently assumes /64. MTU is taken from the IPv4 handshake.
* A future IPv6-only implementation would need to pass mtu * A future IPv6-only implementation would need to pass mtu
* in the IPV6 handshake. * in the IPV6 handshake.
*/ */
if (sscanf(in, "%512[^-]-%512[^-]-%d", server6, client6, &netmask6) == 3) { if (sscanf(in, "%512[^-]-%512[^-]-%d", server6, client6, &netmask6) == 3) {
fprintf(stderr, "Server tunnel IPv6 is %s\n", server6); fprintf(stderr, "Server tunnel IPv6 is %s\n", server6);
fprintf(stderr, "Local tunnel IPv6 is %s\n", client6); fprintf(stderr, "Local tunnel IPv6 is %s\n", client6);
if (tun_setip6(client6, server6, netmask6) == 0) { length_recieved = strlen(client6);
if (length_recieved > 2) {
if (tun_setip6(client6, server6, netmask6) == 0) {
use_v6 = true; use_v6 = true;
return 0; return 0;
} else {
errx(4, "Failed to set IPv6 tunnel address"); } else {
} errx(4, "Failed to set IPv6 tunnel address");
} else { }
fprintf(stderr, "Received bad IPv6 tunnel handshake\n"); } else {
} fprintf(stderr, "Received bad IPv6 tunnel handshake\n");
}
}
} }
fprintf(stderr, "Retrying IPv6 tunnel handshake...\n"); fprintf(stderr, "Retrying IPv6 tunnel handshake...\n");

View file

@ -90,8 +90,8 @@ static int my_mtu;
static in_addr_t my_ip; static in_addr_t my_ip;
char display_ip6[INET6_ADDRSTRLEN]; char display_ip6[INET6_ADDRSTRLEN];
char *display_ip6_buffer; char *display_ip6_buffer = NULL;
char *ip6_netmask_buffer; char *ip6_netmask_buffer = NULL;
static struct in6_addr my_ip6; static struct in6_addr my_ip6;
static int netmask; static int netmask;
@ -2590,21 +2590,25 @@ main(int argc, char **argv)
} }
ip6_netmask_buffer = strchr(display_ip6_buffer, '/'); if (display_ip6_buffer != NULL) {
if (ip6_netmask_buffer) {
if (atoi(ip6_netmask_buffer+1) != ip6_netmask) { ip6_netmask_buffer = strchr(display_ip6_buffer, '/');
warnx("IPv6 address must be a 64-bit mask.");
usage(); if (ip6_netmask_buffer != NULL) {
if (atoi(ip6_netmask_buffer+1) != ip6_netmask) {
warnx("IPv6 address must be a 64-bit mask.");
usage();
} }
/* remove masklen */ /* remove masklen */
memcpy(display_ip6, display_ip6_buffer, strlen(display_ip6_buffer) - strlen(ip6_netmask_buffer)); memcpy(display_ip6, display_ip6_buffer, strlen(display_ip6_buffer) - strlen(ip6_netmask_buffer));
display_ip6[strlen(display_ip6)+1] = '\0'; display_ip6[strlen(display_ip6)+1] = '\0';
} }
/* IPV6 address sanity check */ /* IPV6 address sanity check */
if (inet_pton(AF_INET6, display_ip6, &my_ip6) != 1) { if (inet_pton(AF_INET6, display_ip6, &my_ip6) != 1) {
warnx("Bad IPv6 address to use inside tunnel."); warnx("Bad IPv6 address to use inside tunnel.");
usage(); usage();
}
} }
topdomain = strdup(argv[1]); topdomain = strdup(argv[1]);
@ -2753,10 +2757,11 @@ main(int argc, char **argv)
} }
if (tun_setip6(display_ip6, display_other_ip6, ip6_netmask) != 0 ) { if (display_ip6_buffer != NULL) {
retval = 1; if (tun_setip6(display_ip6, display_other_ip6, ip6_netmask) != 0 ) {
goto cleanup; retval = 1;
goto cleanup;
}
} }
if ((mtu < 1280) && (sizeof(display_ip6)) != 0) { if ((mtu < 1280) && (sizeof(display_ip6)) != 0) {