SoftEther VPN User Forum

SoftEther VPN User Forum
https://forum.vpngate.net/

VPN over DNS or ICMP

https://forum.vpngate.net/viewtopic.php?f=7&t=1575

Page 1 of 1

VPN over DNS or ICMP

Posted: Sun May 05, 2013 10:48 am
by freeiran
hi

i set up my server for vpn over ICMP and dns

which configure should i have on client.

also 53 is one of my listenning port

thanks

Re: VPN over DNS or ICMP

Posted: Tue May 07, 2013 4:52 pm
by cedar
No special setting is needed.
A client tries connection by ICMP or DNS automatically, when other connection methods cannot be used.

Re: VPN over DNS or ICMP

Posted: Wed May 08, 2013 4:15 am
by freeiran
hi

does it possible to put 2 keys fo forcing client to connect ICMP or DNS?

thanks

Re: VPN over DNS or ICMP

Posted: Wed May 08, 2013 3:28 pm
by cedar
Now, there is no way to force the use of the DNS and ICMP.

Re: VPN over DNS or ICMP

Posted: Fri May 10, 2013 6:00 pm
by hob
i think an option to force the vpn client to ONLY tunnel over ICMP or DNS or a certain tcp/udp port would be really interesting and useful.

sometimes tcp and udp ports are open but highly restricted. in such situations, existence of an option to force the vpn client to just tunnel over icmp would be needed.


anyway, thank you developers and admins for this great project.

good job :)

Re: VPN over DNS or ICMP

Posted: Sun May 12, 2013 8:19 pm
by hob
cedar wrote:
> No special setting is needed.
> A client tries connection by ICMP or DNS automatically, when other
> connection methods cannot be used.

Hi,

i started to work on forcing the VPN client to only tunnel through ICMP so i used a firewall system to block all TCP and UDP connections and only left ICMP packets to pass. i examined if the firewall is doing it right or not by pinging various servers and also by using some ICMP tunneling programs; the result was "Yes, the firewall is doing its job and everything is blocked except ICMP."

then i opened the SoftEther VPN Client and tried to connect to the server but there were no success.

this means that it doesn't try connecting through ICMP; at least when every other port and protocol is blocked.

what is really needed is an option to force the client to only use an specified port/protocol.

i think the client relies on the defined TCP port and if the specified port is not open, it wouldn't work at all.

is there any chance of forcing the client to only use ICMP (either from inside the prgram itself or with the help of a firewall)? or should we wait for an option in future releases?


thank you developers and administrators for this great project.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/