Vpn over dns - ПК журнал

ПК журнал
5 просмотров
Рейтинг статьи
1 звезда2 звезды3 звезды4 звезды5 звезд

Vpn over dns

VPN over DNS tunneling

This tool is for penetration testing only. Never use a DNS resolver connected to the Internet on your IS.

almost any private network for free


Our VPN infrastructure is hosted on the Amazon EC2 & OVH clouds
open-source software: Java server, Flex client for Adobe AIR and Perl client are available on GitHub

Mail User Agent The major feature of our application is providing you with a very fast native Mail User Agent, integrated with GMail, HotMail, OperaMail and YahooMail, specifically designed for DNS tunneling.

Browser Another main feature of our application is an optimized Browser. To be very fast, it does not download images, JavaScript, Cookies nor Cascading Style Sheets.

Port Redirection Any legacy mail agent or browser will also work using TCP port redirection: we offer access to a full-featured web proxy agent (supporting images, JavaScript, Cookies & CSS) and tunnel SMTPs/IMAPs/POP3s, SSH and other services.

Monitoring You can monitor the running DNS queries and replies, and also the download rate, by means of our nice dynamic vintage VU-meter laying at the top of the Status screen.

Business Recovery Plan activated

On 06/07/2017, the BRP has been started for at most 24 hours: no mean to create a new account, no mean to modify mail parameters. See Facebook for more informations.

Free Pervasive Networking

VPN-over-DNS is a free Android application delivered with a free account to connect to our VPN server farm. In a few words, it lets you tunnel data through a DNS server. Data exfiltration, for those times when everything else is blocked. Intended for Ethical Hackers.
Click here to download it for free from the Google Play Android marketplace.

The technology The main advantage of this type of tunnel is that it does not require a direct Internet connection; you only need an access to a DNS resolver. On the other hand, a major disadvantage is that this technology is often very slow, even over a high speed network. Another main disadvantage is that configuring the server is rather complicated.

Our solution Our solution —> Our solution is extremely simple to install and use: you can start in less than 1 minute. Firstly, you do not need to configure the server, we have already done it for you. Secondly, our software includes a simple mail user agent and a basic text-mode web browser. They are optimized for only two things: minimal configuration and being as fast as possible on such slow connections, when tunneling data over a DNS server. Nevertheless, when you have time and you want to send/read mails with attachments or browse the Internet with pictures, on sites that exclusively work with browsers supporting stuff like Cookies , SSL, CSS & JavaScript, you can simply use our port redirection feature. You will get a full-featured Internet experience, over a DNS tunnel.

Other systems: Windows, Mac OS X, Unix, Linux & Docker

The VPN-over-DNS Windows and Mac OS X versions are named the Value Pack and both are available for free for our Android users: to install a DNS VPN client on your Windows laptop, click here, and on your Mac OS X laptop, click here. The Value Pack is based exactly on the same code than the Android version, except for the specific native implementation of DNS transactions.
The Perl open source version, targeting Unix, Linux, & Cygwin operating systems, is a complete rewrite of the VPN client and is available here. Registered Android users get advanced features using the Perl version (inbound and outbound mails queueing, free access to open proxies, . ) and anonymous users have access to basic features like SSH-over-DNS tunneling.
Many Unixes are supported: IBM/AIX, FreeBSD, Oracle/Solaris, .
It also runs on Docker and is available from Docker Hub for instant deployment.

Blind hacker’s DNS tunneling approach (Unix users only)

When you can access really nothing but dig (or nslookup) and a Perl runtime, not even root-level permission . And you need to set up a tunnel to the Internet. You can bootstrap a full VPN client and get Internet access only with dig (or nslookup) and a simple core Perl installation. Anywhere and whenever your need it. For free, using this hack.
Read the full story here, for future situations when everything else would be blocked.

Latest News

On 31th July 2016

Server and clients are now open-source: GPLv3 Explore the source tree on GitHub

On 21th June 2016

Perl version available on Docker Hub Pull the Docker image from Docker Hub

Читать еще:  Знак доллара html

third release published on the marketplace Click here to download it from Google Play! This new release is based on the open-source framework Apache Flex 4.14.1

VPN over DNS tunneling

This tool is for penetration testing only. Never use a DNS resolver connected to the Internet on your IS.

almost any private network for free


Our VPN infrastructure is hosted on the Amazon EC2 & OVH clouds
open-source software: Java server, Flex client for Adobe AIR and Perl client are available on GitHub

VPN-over-DNS Android application features

The feature list follows. To know how to configure and use those features, please refer to the documentation page.
As you can see on the following picture, the interface layout depends on the type of Android device: phone or tablet.

VPN-over-DNS is only available on Google Play. This is the Android marketplace managed by Google, previously named the Android Market. Click on the following image to download VPN-over-DNS:

The DNS requests sent by the client application only use «IN A» query type. No use of «IN TXT» or other less common query types, because they could be too easily filtered. Application-level messages are scattered into many DNS queries and the downstream is GZIP-compressed. Application-level messages are multiplexed on top of the VPN session, such that several messages can be processed simultaneously. The low-level protocol layer handles a pool of up to 20 simultaneous running queries, for optimal flow-control. In case of network congestion, queries discarded by the network are rescheduled when some timeout occurs.

Two languages are supported: English and French .

You can configure the GUI with any of the two available skins: Shiny for standard users and Geek specifically designed to meet geek requirements.

The VPN between your mobile device and our server farm is not ciphered, but your mailbox provider credentials are never transfered on the DNS tunnel. Your VPN-over-DNS credentials (the login & password you choose when you create your VPN account) and your mailbox provider credentials (the email & password used to connect to your mail provider) are exchanged with our servers over a secured SSL/TLS session. This session is secured by means of our X.509 certificate signed by UserTrust/Comodo.

Mail User Agent

You have 3 ways to read and send mails :

— using the native Mail User Agent integrated with VPN-over-DNS. It is optimized for speed and integrated with the following four major mailbox providers: GMail from Google, HotMail/Live from Microsoft, Yahoo! Mail from Yahoo! and FastMail from Opera. Limited to your 20 last new mails. Each mail content is limited to its text part only, truncated to 64 kilo bytes max. MIME attachments and HTML MIME parts inside mails are removed. The subject length is truncated to 4 kilo bytes max. The headers are removed, except for «From», «To», «Cc», «Date» and «Subject» headers. At the moment you check your mails, the server farm connects to your mailbox provider through IMAPs ou POP3s and downloads up to 20 new mails. When the download is complete, your new mails are stored in a cloud database and sent to your mobile device through our specific protocol on top of DNS queries. In case of a network outage while mails are sent back to your device, mails stored on the cloud database will be sent next time you set up the tunnel.

— using a web mail portal. If your mail provider is not one of the fourth supported by our native Mail User Agent, or if you want to get advanced features like attachements, other MIME capabilities, conversation threads filtering & multiple mailboxes handling, you may connect to your web mail portal using the VPN-over-DNS tunnel. For this purpose, you need to use our VPN-encapsulated proxy on localhost, port 8081.

— using your prefered Mail User Agent. If you prefer using a SMTPs/POP3s/IMAPs mail agent, to get advanced features like attachements, other MIME capabilities, conversation threads filtering & multiple mailboxes handling, you may use the TCP port redirection feature with VPN-over-DNS running in the background. This way, you can use any Mail User Agent.

You have 4 ways to browser the Internet :

— using the native web browser integrated with VPN-over-DNS. It is optimized for speed: no support for images, Cookies, JavaScript, Cascading Style Sheets, nor SSL features. It is mainly a text-mode Browser, like Lynx on Unix/Linux. Works well with Bing, the search engine from Microsoft. Does not work with Google, since Cookies suppport is mandatory for Google. Also works well with many web sites.

Читать еще:  Html рамка вокруг текста

— using an external browser. Instead of using the native web browser, you can use an external browser like «Chrome» or «Internet» («Internet» is the name of the default Android browser), with the same limitations as above: no support for images, Cookies, JavaScript, Cascading Style Sheets, nor SSL features. As fast as using the native browser, but with many improvements: tabs, zoom modes and bookmarks, for instance, depending on the specific external browser you choose.

— using an external browser with an optimized VPN-encapsulated proxy. You can configure a proxy on top of the VPN channel, for use by your external browser. The first proxy we provide can be accessed on localhost, port 8080. It supports cookies and web forms («POST» queries), but does not allow images, CSS, JavaScript and SSL features. Such a way, you will be able to connect to Google, and make queries on sites like Wikipedia. Most of the general purpose web sites will be available, with high download rate.

— using an external browser with a full-featured VPN-encapsulated proxy. The second proxy we provide on localhost, port 8081, supports images, CSS, JavaScript and SSL features. By this way, you can connect to any web server. Of course, the download rate will be rather slow.

Here is a table comparing the features available with each web browsing use-case:

You can securely access your own server using SSH, by means of port redirection (see next section). Just let VPN-over-DNS run in the background and use ConnectBot (the leading Android SSH implementation) or any other SSH client to connect to your server. Moreover, you can do SSH tunneling this way, adding port redirection at the SSH layer, connecting to services offered by your private infrastructure.

TCP port redirection

The VPN-over-DNS application can handle TCP port redirections on top of DNS requests, the same way a SSH client can manage TCP port redirections on top of a SSH session. An initial set of redirections is pre-configured, some for internal needs, some others for common usages and you can also define your own redirections.

VPN-over-DNS, installed on your Android device, can share the web proxies (or any other port redirected service) to your iPad or your laptop: just connect your iPad or your laptop to the same local Wi-Fi network (for instance, the one with the captive portal you want to bypass), and configure the proxy of your iPad or laptop to the IP of your Android device, and to port 8080 or 8081 depending of the VPN-over-DNS proxy you prefer (half-featured fast proxy or full-featured low-bandwidth proxy).

fig.1: first screenfig.2: create an account

3 cols:

fig.1: launch the applicationfig.2: create an accountfig.1: first screen


Latest News

On 31th July 2016

Server and clients are now open-source: GPLv3 Explore the source tree on GitHub

On 21th June 2016

Perl version available on Docker Hub Pull the Docker image from Docker Hub

third release published on the marketplace Click here to download it from Google Play! This new release is based on the open-source framework Apache Flex 4.14.1

VPN Over DNS Tunnel : SlowDNS

Описание для VPN Over DNS Tunnel : SlowDNS

SlowDNS : TunnelGuru for Android

SlowDNS — A Free VPN tool helps you to protect your online privacy , makes your browsing safe, keep your location private, where all other popular protocols fail to connect to TunnelGuru server in order to provide you privacy and safe browsing.

It tunnels your data over DNS Tunnel which is comparatively slow due to nature of underlying DNS protocol.
But it should let you access lightweight websites without much problem. It gives you full control so that you can set all necessary parameters manually and come up with best settings which give better speed in your local network.

Please note :This VPN method is very slow .it will open simple websites only.

> Protect your online privacy.
> Wi-Fi Hotspot Security.
> Let you set various DNS parameters for best connection speed.
> No speed limitation (From DNS VPN server).
> Protect your device by acting as a virtual Firewall.
> No ROOT required.
> Very Easy to use VPN.
> Mask your IP address and identity using VPN server IP.
> VPN Server locations in over 15 countries.
> All Servers are deployed in 1 Gbps network.
> A simple and easy to use VPN for your phone and tablet.
> No registration required.
> Daily Privacy protection on your 25 MB data

Читать еще:  Что такое конфигурация vpn

This App needs a few permissions:

Access Current Location.
Access External Storage.
Access Network.
Access Phone State.
Access Task List.

Не работает разрешение имен DNS при активном VPN подключении в Windows 10

В Windows 10 при активном VPN подключении в режиме Force Tunneling (включена опция “Use default gateway on remote network”/ “Использовать основной шлюз в удаленной сети”) для разрешения имен через службу DNS используются DNS сервера и суффиксы, настроенные для VPN подключения. Соответственно, вы теряете возможность резолвить DNS имена в своей локальной сети и пользоваться Интернетом через внутреннюю LAN.

При этом с Windows 10 можно выполнить ping до ресурсов в вашей LAN сети (пропингуйте ваш шлюз, соседний компьютер или принтер), но по имени они не доступны, т.к. Windows пытается разрешить имена в локальной сети через DNS сервера, указанные для VPN соединения.

В Google я нашел рекомендации по отключению IPv6 на локальном (LAN) подключении и это работает (если вы хотите использовать Force-Tunneling).

Если для VPN подключения используется режим Split Tunneling (снята галка “Use default gateway on remote network”), вы можете пользоваться интернетом через свою локальную сеть, но не можете резолвить DNS адреса в удаленной VPN сети (в этом случае не помогает отключение IPv6).

Нужно понимать, что Windows отправляет DNS запрос с сетевого интерфейса, у которого высший приоритет (меньшее значение метрики интерфейса). Допустим, ваше VPN подключение работает в режиме Split Tunneling (вы хотите пользоваться интернетом через свою LAN и корпоративными ресурсами через VPN подключение).

С помощью PowerShell проверьте значение метрик всех сетевых интерфейсов:

Get-NetIPInterface | Sort-Object Interfacemetric

На картинке выше видно, что у локального Ethernet подключения указана более низкая метрика (25), чем у VPN интерфейса (в этом примере 100). Соответственно, DNS трафик идет через интерфейс с более низким значением метрики. Это значит, что ваши DNS запросы отправляются на ваши локальные DNS сервера, а не на DNS сервера VPN подключения. Т.е. в такой конфигурации вы не можете резолвить адреса во внешней VPN сети.

Кроме того, нужно обязательно упомянуть новую фичу DNS клиента в Windows 8.1 и Windows 10. В этих версиях ОС для максимально быстрого получения ответов на DNS запросы был добавлен функционал DNS релолвера под названием Smart Multi-Homed Name Resolution (SMHNR). При использовании SMHNR система по умолчанию отправляет DNS запросы на все известные системе DNS сервера параллельно и использует тот ответ, который пришел быстрее. Это не безопасно, т.к. потенциально внешние DNS сервера (которые указаны в вашем VPN подключении) могут видеть ваши DNS запросы (утечка ваших DNS запросов вовне). Вы можете отключить SMHNR в Windows 10 с помощью групповой политики:

Computer Configuration -> Administrative Templates -> Network -> DNS Client-> Turn off smart multi-homed name resolution = Enabled.

Или командами (для Windows 8.1):

Set-ItemProperty -Path «HKLM:SoftwarePoliciesMicrosoftWindows NTDNSClient» -Name DisableSmartNameResolution -Value 1 -Type DWord
Set-ItemProperty -Path «HKLM:SYSTEMCurrentControlSetServicesDnscacheParameters» -Name DisableParallelAandAAAA -Value 1 -Type DWord

В Windows 10 Creators Update (1709) и выше DNS запросы отправляются на все известные DNS сервера по порядку, а не параллельно. Вы можете увеличить приоритет конкретного DNS, если уменьшите его метрику.

Соответственно, изменение метрики позволит вам отправлять DNS запросы через тот сетевой интерфейс (LAN или VPN), разрешение имен через который для вас более приоритетно.

Итак, чем меньше значение метрики интерфейса, тем больше приоритет такого подключения. Windows выставляет метрику IPv4 сетевым интерфейсам автоматически в зависимости от их скорости и типа. Например, для LAN подключения с скоростью >200 Мбит значение метрики интерфейса 10, а для беспроводного Wi-FI подключения со скоростью 50-80 Мбит метрика 50 (см. таблицу https://support.microsoft.com/en-us/help/299540/an-explanation-of-the-automatic-metric-feature-for-ipv4-routes).

Вы можете изменить метрику интерфейса через графический интерфейс, PowerShell или команду netsh.

Например, вы хотите, чтобы DNS запросы отправлялись через VPN подключение. Вам нужно увеличить метрики ваших локальных LAN подключений, чтобы они стали больше 100 (в моем примере).

Откройте Панель управления -> Сеть и Интернет -> Сетевые подключения, откройте свойства вашего Ethernet подключения, выберите свойства протокола TCP/IPv4, перейдите на вкладку “Дополнительные параметры TCP/IP”. Снимите галку “Автоматическое назначение метрики” и измените метрику интерфейса на 120.

Тоже самое можно сделать командами PowerShell управления сетью (используйте индекс вашего LAN интерфейса, полученный с помощью командлета Get-NetIPInterface ):

Set-NetIPInterface -InterfaceIndex 11 -InterfaceMetric 120

Или netsh (нужно указать имя вашего LAN подключения)

netsh int ip set interface interface=»Ethernet 3″ metric=120

Аналогично вы можете уменьшить значение метрики в свойствах VPN подключения.

Также вы можете изменить настройки вашего VPN подключения, изменив режим на SplitTunneling и указать DNS суффикс для подключения c помощью PowerShell:

Ссылка на основную публикацию
ВсеИнструменты 220 Вольт