search

ming12713 / badvpn

Automatically exported from code.google.com/p/badvpn
Other
0 stars 0 forks source link

Possible to forward DNS lookups through socks server? #6

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?

DNS lookups are not sent through socks server

Is it possible to send DNS lookups through the SOCKS server so that they are 
also forwarded through the tunnel?

Thanks

Original issue reported on code.google.com by mi...@wangled.com on 11 Mar 2013 at 5:16

GoogleCodeExporter commented 8 years ago 
That depends. If you are able to run programs on the remote server, then yes; 
see the "UDP forwarding" section on the wiki.

On the other hand, if you want the SOCKS5 UDP support to be used, no, it's not 
possible. If you would like to request this feature, please open an issue for 
SOCKS5 UDP support specifically. However first make sure this is really what 
you want (for example, "ssh -D" SOCKS server doesn't support it so it would be 
useless with ssh).

Original comment by ambr...@gmail.com on 11 Mar 2013 at 5:21

GoogleCodeExporter commented 8 years ago 
I'm not sure if I understand you correctly with SOCKS5 UDP so let me explain my 
situation a little more.

I use a custom socks server / tunnel program running on my local machine so I 
would not be using SSH for my tunnel. This socks/tunnel does support DNS via 
SOCKS.

On the remote side I use this DNS lookup information to store the actual 
connection address rather than just the connection IP address.

For my needs I ideally want to be able to send the actual hostname into the 
SOCKS connection so rather than having the DNS lookups done on the local 
machine.

Would that be possible?

Original comment by mi...@wangled.com on 11 Mar 2013 at 5:29

GoogleCodeExporter commented 8 years ago 
I see that the SOCKS protocol allows connections by hostname (instead of IP 
address), i.e. there is a single CONNECT command that makes the SOCKS server 
resolve the hostname and connect to it, as a single operation.

However, it is not (even in theory) possible to exploit this from tun2socks, 
because tun2socks works on the IP layer. When a connection it made, the IP 
address must already have been resolved by the application that is connecting. 
Even if tun2socks simulated a DNS server, it would be unable to use the above 
mentioned SOCKS mechanism for this, because the SOCKS server doesn't return 
resolved addresses (just checked rfc1928).

Original comment by ambr...@gmail.com on 11 Mar 2013 at 5:54

GoogleCodeExporter commented 8 years ago 
So the options here are:
- If you are able to get access to a machine on the other side of the SOCKS, 
run badvpn-udpgw there and tell tun2socks to use it.
- If your SOCKS server supports UDP, and you can reach a DNS server through 
this, I may be able to implement SOCKS5 UDP support.

Original comment by ambr...@gmail.com on 11 Mar 2013 at 5:59

GoogleCodeExporter commented 8 years ago 
Yes, I understand the issue now.

Thanks for considering this, I'll think about the best way forward from my end.

Original comment by mi...@wangled.com on 11 Mar 2013 at 6:43

GoogleCodeExporter commented 8 years ago 
Okay, nothing to be fixed here.

Original comment by ambr...@gmail.com on 11 Mar 2013 at 9:17