VPN over DNS or ICMP

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
freeiran
Posts: 48
Joined: Fri Apr 05, 2013 8:17 pm

VPN over DNS or ICMP

Post by freeiran » Sun May 05, 2013 10:48 am

hi

i set up my server for vpn over ICMP and dns

which configure should i have on client.

also 53 is one of my listenning port

thanks

cedar
Site Admin
Posts: 2070
Joined: Sat Mar 09, 2013 5:37 am

Re: VPN over DNS or ICMP

Post by cedar » Tue May 07, 2013 4:52 pm

No special setting is needed.
A client tries connection by ICMP or DNS automatically, when other connection methods cannot be used.

freeiran
Posts: 48
Joined: Fri Apr 05, 2013 8:17 pm

Re: VPN over DNS or ICMP

Post by freeiran » Wed May 08, 2013 4:15 am

hi

does it possible to put 2 keys fo forcing client to connect ICMP or DNS?

thanks

cedar
Site Admin
Posts: 2070
Joined: Sat Mar 09, 2013 5:37 am

Re: VPN over DNS or ICMP

Post by cedar » Wed May 08, 2013 3:28 pm

Now, there is no way to force the use of the DNS and ICMP.

hob
Posts: 4
Joined: Fri May 10, 2013 5:41 pm

Re: VPN over DNS or ICMP

Post by hob » Fri May 10, 2013 6:00 pm

i think an option to force the vpn client to ONLY tunnel over ICMP or DNS or a certain tcp/udp port would be really interesting and useful.

sometimes tcp and udp ports are open but highly restricted. in such situations, existence of an option to force the vpn client to just tunnel over icmp would be needed.


anyway, thank you developers and admins for this great project.

good job :)

hob
Posts: 4
Joined: Fri May 10, 2013 5:41 pm

Re: VPN over DNS or ICMP

Post by hob » Sun May 12, 2013 8:19 pm

cedar wrote:
> No special setting is needed.
> A client tries connection by ICMP or DNS automatically, when other
> connection methods cannot be used.

Hi,

i started to work on forcing the VPN client to only tunnel through ICMP so i used a firewall system to block all TCP and UDP connections and only left ICMP packets to pass. i examined if the firewall is doing it right or not by pinging various servers and also by using some ICMP tunneling programs; the result was "Yes, the firewall is doing its job and everything is blocked except ICMP."

then i opened the SoftEther VPN Client and tried to connect to the server but there were no success.

this means that it doesn't try connecting through ICMP; at least when every other port and protocol is blocked.

what is really needed is an option to force the client to only use an specified port/protocol.

i think the client relies on the defined TCP port and if the specified port is not open, it wouldn't work at all.

is there any chance of forcing the client to only use ICMP (either from inside the prgram itself or with the help of a firewall)? or should we wait for an option in future releases?


thank you developers and administrators for this great project.

Post Reply