Free Internet with IODINE
Originally written for 2600: The Hacker Quarterly. Published in 2019.
I spend a LOT of time in airports or cafes, most of them laden with open wireless networks that – surprise! – require me to pay a fee before I’m able to access the internet. This isn’t fun at all.
Even with these payment requirements in place, you’re often able to resolve hostnames, as the system allows DNS queries to be issued. This led me to thinking – what if by some form of wizardry, I was able to squeeze my internet traffic through a DNS server?
After a few hours researching (which resulted in me drinking far too much coffee) my mission was complete. I had found a way.
If you’re also a slave to the information superhighway undergods and looking to try this trick for yourself, I’ve outlined a few easy steps.
You’ll need access to a Linux server, a domain name which you can add new DNS records too, and a few pieces of software to be installed on both the server you’re your local machine. Make sure everything’s configured before the moment you need it. Once your equipment is in order, here’s what you’ll need to do…
Depending on the Linux flavor you’re running, your distribution may already have prebuilt iodine packages. If you want to install from the source, download the tarball from here: https://code.kryo.se/iodine/ and check the
COMPILING session of the
README file. There’s also package options for Android, Windows and Mac. Both the server and the client need to speak the exact same protocol. In most cases, this will mean they need to run the same version of Iodine.
Get the DNS records in place
It's now time to add a DNS record pointing to the server IP address.
Delegate a hostname (let's say `t1.hostname.com`) to your server as an NS entry. If your server has a dynamic IP, use a dynamic DNS provider like noip.org and point your NS entry to the hostname provided by them.
From now on, any DNS queries for domains ending in
t1.mydomain.com will be sent to your
iodined server. You may need to flush your nameserver cache in order for this to take place.
Start iodine in your server
./iodined 10.0.0.1 t1.hostname.com
The first argument is an IP address you will use for the tunnel, which can be from any range that you don't use yet (for example
10.0.0.1), and the second argument is the assigned domain (in this case
You’ll be asked to enter a password upon running this. Make sure you keep note of it as we’ll use the password to create the tunnel.
Nice work - the server is now ready to receive incoming connections!
Connecting to the server
Ready to give this a go?
Fire up your local terminal console and run the iodine command, with -P as first param (and the password after it) and the assigned domain you defined before:
./iodine -P password t1.hostname.com
If everything’s running according to plan, you should now be able to ping the IP address on the other end of the tunnel. In this case, ping
10.0.0.1 from the client, and
10.0.0.2 from the server.
The sky’s the limit! Use something like this to create a proxy server usable by your web browser:
ssh -N -D 8080 email@example.com
Where user is the user who is running iodine in the server.
This is how you set up the proxy in OSX:
1. Go to
Settings -> Network -> Advanced -> Proxies.
2. Select “SOCKS Proxy”.
3. Set the proxy to localhost:8080.
4. Click the “OK” button.
5. Click the “Apply” button on the main network settings pane.
If all you’re after is a SSH session, you can SSH into the server and access the internet from there:
shell ssh firstname.lastname@example.org
That’s all! Take a deep breath. Grab another cup of coffee. You made it. The speed may be slow, but you’re connected to the Internet, and you didn’t pay a single dollar for the privilege. Maybe you can afford a croissant as well!