Rodrigo Franco's Notes

Free Internet with IODINE

Originally written for 2600: The Hacker Quarterly. Published in 2019.

I spend a LOT of time in airports or cafes, most of them laden with open wireless networks that – surprise! – require me to pay a fee before I’m able to access the internet. This isn’t fun at all.

Even with these payment requirements in place, you’re often able to resolve hostnames, as the system allows DNS queries to be issued. This led me to thinking – what if by some form of wizardry, I was able to squeeze my internet traffic through a DNS server?

After a few hours researching (which resulted in me drinking far too much coffee) my mission was complete. I had found a way.

If you’re also a slave to the information superhighway undergods and looking to try this trick for yourself, I’ve outlined a few easy steps.

You’ll need access to a Linux server, a domain name which you can add new DNS records too, and a few pieces of software to be installed on both the server you’re your local machine. Make sure everything’s configured before the moment you need it. Once your equipment is in order, here’s what you’ll need to do…

Install iodine

Depending on the Linux flavor you’re running, your distribution may already have prebuilt iodine packages. If you want to install from the source, download the tarball from here: https://code.kryo.se/iodine/ and check the COMPILING session of the README file. There’s also package options for Android, Windows and Mac.  Both the server and the client need to speak the exact same protocol. In most cases, this will mean they need to run the same version of Iodine.

Get the DNS records in place

It's now time to add a DNS record pointing to the server IP address.

Delegate a hostname (let's say t1.hostname.com) to your server as an NS entry. If your server has a dynamic IP, use a dynamic DNS provider like noip.org and point your NS entry to the hostname provided by them.

From now on, any DNS queries for domains ending in t1.mydomain.com will be sent to your iodined server. You may need to flush your nameserver cache in order for this to take place.

Start iodine in your server

./iodined 10.0.0.1 t1.hostname.com

The first argument is an IP address you will use for the tunnel, which can be from any range that you don't use yet (for example 10.0.0.1), and the second argument is the assigned domain (in this case t1.hostname.com).

You’ll be asked to enter a password upon running this. Make sure you keep note of it as we’ll use the password to create the tunnel.

Nice work - the server is now ready to receive incoming connections!

Connecting to the server

Ready to give this a go?

Fire up your local terminal console and run the iodine command, with -P as first param (and the password after it) and the assigned domain you defined before:

./iodine -P password t1.hostname.com

If everything’s running according to plan, you should now be able to ping the IP address on the other end of the tunnel. In this case, ping 10.0.0.1 from the client, and 10.0.0.2 from the server.

What now?

The sky’s the limit! Use something like this to create a proxy server usable by your web browser:

ssh -N -D 8080 user@10.0.0.1

Where user is the user who is running iodine in the server.

This is how you set up the proxy in OSX:

If all you’re after is a SSH session, you can SSH into the server and access the internet from there:

shell ssh user@10.0.0.1

That’s all! Take a deep breath. Grab another cup of coffee. You made it. The speed may be slow, but you’re connected to the Internet, and you didn’t pay a single dollar for the privilege. Maybe you can afford a croissant as well!

Page References