Updated README with IPv6 details and fixed a bug with IPV6 only
enabled on one end of the tunnelx
This commit is contained in:
parent
846082f13e
commit
ab7e5b8656
10
README.md
10
README.md
|
@ -123,7 +123,7 @@ end of the tunnel. In this case, `ping 192.168.99.1` from the iodine client, and
|
||||||
### MISC. INFO
|
### MISC. INFO
|
||||||
|
|
||||||
#### IPv6
|
#### IPv6
|
||||||
The data inside the tunnel is IPv4 only.
|
The data inside the tunnel may be IPv4 or IPv6.
|
||||||
|
|
||||||
The server listens to both IPv4 and IPv6 for incoming requests by default.
|
The server listens to both IPv4 and IPv6 for incoming requests by default.
|
||||||
Use options `-4` or `-6` to only listen on one protocol. Raw mode will be
|
Use options `-4` or `-6` to only listen on one protocol. Raw mode will be
|
||||||
|
@ -141,6 +141,14 @@ to your DNS setup. Extending the example above would look like this:
|
||||||
t1ns IN A 10.15.213.99
|
t1ns IN A 10.15.213.99
|
||||||
t1ns IN AAAA 2001:db8::1001:99
|
t1ns IN AAAA 2001:db8::1001:99
|
||||||
|
|
||||||
|
On the server, specify -S followed by an IPv6 address that will be the server end
|
||||||
|
of the IPv6 pool to allocate to clients. The server only supports a /64 subnet
|
||||||
|
mask, which is assumed and can be omitted. The first 64 bits are the network from
|
||||||
|
which IPv6 addresses are allocated from.
|
||||||
|
|
||||||
|
The client will automatically check for IPv6 capability on the server and
|
||||||
|
assign the allocated address to its tunnel interface. No flags are needed.
|
||||||
|
|
||||||
#### Routing
|
#### Routing
|
||||||
It is possible to route all traffic through the DNS tunnel. To do this, first
|
It is possible to route all traffic through the DNS tunnel. To do this, first
|
||||||
add a host route to the nameserver used by iodine over the wired/wireless
|
add a host route to the nameserver used by iodine over the wired/wireless
|
||||||
|
|
49
src/client.c
49
src/client.c
|
@ -2440,44 +2440,49 @@ int
|
||||||
handshake_check_v6(int dns_fd)
|
handshake_check_v6(int dns_fd)
|
||||||
{
|
{
|
||||||
char in[4096];
|
char in[4096];
|
||||||
char server6[1024];
|
char server6[INET6_ADDRSTRLEN];
|
||||||
char client6[1024];
|
char client6[INET6_ADDRSTRLEN];
|
||||||
int i;
|
int i;
|
||||||
int read;
|
int read;
|
||||||
int netmask6 = 0;
|
int netmask6 = 0;
|
||||||
|
int length_recieved;
|
||||||
|
|
||||||
fprintf(stderr, "Autoprobing server IPV6 tunnel support\n");
|
fprintf(stderr, "Autoprobing server IPV6 tunnel support\n");
|
||||||
|
|
||||||
for (i = 0; running && i < 5; i++) {
|
for (i = 0; running && i < 5; i++) {
|
||||||
|
|
||||||
send_v6_probe(dns_fd);
|
send_v6_probe(dns_fd);
|
||||||
|
|
||||||
read = handshake_waitdns(dns_fd, in, sizeof(in), 'g', 'G', i+1);
|
read = handshake_waitdns(dns_fd, in, sizeof(in), 'g', 'G', i+1);
|
||||||
|
|
||||||
if (read > 0) {
|
if (read > 0) {
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* including a terminating dash to allow for future IPv6 options, e.g.
|
* including a terminating dash to allow for future IPv6 options, e.g.
|
||||||
* netmask. Currently assumes /64. MTU is taken from the IPv4 handshake.
|
* netmask. Currently assumes /64. MTU is taken from the IPv4 handshake.
|
||||||
* A future IPv6-only implementation would need to pass mtu
|
* A future IPv6-only implementation would need to pass mtu
|
||||||
* in the IPV6 handshake.
|
* in the IPV6 handshake.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
if (sscanf(in, "%512[^-]-%512[^-]-%d", server6, client6, &netmask6) == 3) {
|
if (sscanf(in, "%512[^-]-%512[^-]-%d", server6, client6, &netmask6) == 3) {
|
||||||
|
|
||||||
fprintf(stderr, "Server tunnel IPv6 is %s\n", server6);
|
fprintf(stderr, "Server tunnel IPv6 is %s\n", server6);
|
||||||
fprintf(stderr, "Local tunnel IPv6 is %s\n", client6);
|
fprintf(stderr, "Local tunnel IPv6 is %s\n", client6);
|
||||||
|
|
||||||
if (tun_setip6(client6, server6, netmask6) == 0) {
|
length_recieved = strlen(client6);
|
||||||
|
if (length_recieved > 2) {
|
||||||
|
if (tun_setip6(client6, server6, netmask6) == 0) {
|
||||||
|
|
||||||
use_v6 = true;
|
use_v6 = true;
|
||||||
return 0;
|
return 0;
|
||||||
} else {
|
|
||||||
errx(4, "Failed to set IPv6 tunnel address");
|
} else {
|
||||||
}
|
errx(4, "Failed to set IPv6 tunnel address");
|
||||||
} else {
|
}
|
||||||
fprintf(stderr, "Received bad IPv6 tunnel handshake\n");
|
} else {
|
||||||
}
|
fprintf(stderr, "Received bad IPv6 tunnel handshake\n");
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
fprintf(stderr, "Retrying IPv6 tunnel handshake...\n");
|
fprintf(stderr, "Retrying IPv6 tunnel handshake...\n");
|
||||||
|
|
|
@ -90,8 +90,8 @@ static int my_mtu;
|
||||||
static in_addr_t my_ip;
|
static in_addr_t my_ip;
|
||||||
|
|
||||||
char display_ip6[INET6_ADDRSTRLEN];
|
char display_ip6[INET6_ADDRSTRLEN];
|
||||||
char *display_ip6_buffer;
|
char *display_ip6_buffer = NULL;
|
||||||
char *ip6_netmask_buffer;
|
char *ip6_netmask_buffer = NULL;
|
||||||
|
|
||||||
static struct in6_addr my_ip6;
|
static struct in6_addr my_ip6;
|
||||||
static int netmask;
|
static int netmask;
|
||||||
|
@ -2590,21 +2590,25 @@ main(int argc, char **argv)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
ip6_netmask_buffer = strchr(display_ip6_buffer, '/');
|
if (display_ip6_buffer != NULL) {
|
||||||
if (ip6_netmask_buffer) {
|
|
||||||
if (atoi(ip6_netmask_buffer+1) != ip6_netmask) {
|
ip6_netmask_buffer = strchr(display_ip6_buffer, '/');
|
||||||
warnx("IPv6 address must be a 64-bit mask.");
|
|
||||||
usage();
|
if (ip6_netmask_buffer != NULL) {
|
||||||
|
if (atoi(ip6_netmask_buffer+1) != ip6_netmask) {
|
||||||
|
warnx("IPv6 address must be a 64-bit mask.");
|
||||||
|
usage();
|
||||||
}
|
}
|
||||||
/* remove masklen */
|
/* remove masklen */
|
||||||
memcpy(display_ip6, display_ip6_buffer, strlen(display_ip6_buffer) - strlen(ip6_netmask_buffer));
|
memcpy(display_ip6, display_ip6_buffer, strlen(display_ip6_buffer) - strlen(ip6_netmask_buffer));
|
||||||
display_ip6[strlen(display_ip6)+1] = '\0';
|
display_ip6[strlen(display_ip6)+1] = '\0';
|
||||||
}
|
}
|
||||||
|
|
||||||
/* IPV6 address sanity check */
|
/* IPV6 address sanity check */
|
||||||
if (inet_pton(AF_INET6, display_ip6, &my_ip6) != 1) {
|
if (inet_pton(AF_INET6, display_ip6, &my_ip6) != 1) {
|
||||||
warnx("Bad IPv6 address to use inside tunnel.");
|
warnx("Bad IPv6 address to use inside tunnel.");
|
||||||
usage();
|
usage();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
topdomain = strdup(argv[1]);
|
topdomain = strdup(argv[1]);
|
||||||
|
@ -2753,10 +2757,11 @@ main(int argc, char **argv)
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (tun_setip6(display_ip6, display_other_ip6, ip6_netmask) != 0 ) {
|
if (display_ip6_buffer != NULL) {
|
||||||
retval = 1;
|
if (tun_setip6(display_ip6, display_other_ip6, ip6_netmask) != 0 ) {
|
||||||
goto cleanup;
|
retval = 1;
|
||||||
|
goto cleanup;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((mtu < 1280) && (sizeof(display_ip6)) != 0) {
|
if ((mtu < 1280) && (sizeof(display_ip6)) != 0) {
|
||||||
|
|
Loading…
Reference in New Issue