IP traffic over ICMP tunneling

SoftEther, a multi platform and open-source software supports ICMP and DNS tunnelling among other things (SSL, OpenVPN, IPsec, etc)<p><a href="http:&#x2F;&#x2F;www.softether.org" rel="nofollow">http:&#x2F;&#x2F;www.softether.org</a>

Not the first of its kind, just look-up in Wikipedia: <a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;ICMP_tunnel" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;ICMP_tunnel</a><p>Any captive portal these days block also ICMP.<p>Most firewalls block ICMP these days, because the days of blacklisting are over and ICMP is not the one who is getting white listed. Why?<p>The only way these days is to misuse DNS. But even that works less and less reliable.

A few years back, I was assigned to work at a BigCorp&#x27;s premises. They had really tight network security: all outward connections were blocked except through a dedicated HTTP proxy. This was bad news, since stuff like SSH are absolutely essential in my job.<p>After few days of mobile tethering, I realized I could ask their HTTP proxy to open an HTTPS connection to a server outside the network, but instead of sending HTTPS traffic through the proxy, I could send any traffic - like SSH. With this, I was ultimately able to open an SSH-tunnel to my own shell server running OpenVPN outside their network, which then allowed a (surprisingly stable and fast) access to the internet at wide – via an OpenVPN-tunnel wrapped in an SSH-tunnel pretending to be an HTTPS-tunnel.<p>I don&#x27;t recall whether ICMP was allowed out at the BigCorp., but I am pretty sure someone will one day find a tool like this quite useful in a similar situation.. :)

I just tried iodine and icmptunnel. Can&#x27;t say for sure but I think icmptunnel was faster. At least for my internet

The documentation for this is superb! I know what it does, why I&#x27;d want to use it, how to use it, where to use it and what it looks like in wireshark. Well done!

For anybody that&#x27;s tried both - how do these compare to DNS tunnels (e.g. iodine), in terms of speed and reliability?

I remember postponing my payments to the ISP, which hadn&#x27;t blocked ICMP for anybody, by using ptunnel: <a href="http:&#x2F;&#x2F;www.cs.uit.no&#x2F;~daniels&#x2F;PingTunnel&#x2F;" rel="nofollow">http:&#x2F;&#x2F;www.cs.uit.no&#x2F;~daniels&#x2F;PingTunnel&#x2F;</a><p>It was pretty much usable circa 2008...<p>btw, in debian (and probably, derivatives), it is just apt-get away from being installed.

Hans is a nice one too: <a href="http:&#x2F;&#x2F;code.gerade.org&#x2F;hans&#x2F;" rel="nofollow">http:&#x2F;&#x2F;code.gerade.org&#x2F;hans&#x2F;</a>

Using ICMP reply only in both side is more convinient than ICMP reques&#x2F;reply. In this case you do not need to write this, for example echo 1 | dd of=&#x2F;proc&#x2F;sys&#x2F;net&#x2F;ipv4&#x2F;icmp_echo_ignore_all

I use to restrict ICMP to echo&#x2F;reply using -m icmp on iptables, but this uses just that kind of packets...<p>Is there anyway to stop things like this at the corporate firewall?

There are DNS tunneling apps which will (usually) get past those captive portals that block ICMP. It&#x27;s just slower.

Can someone explain to a non-network person the significance of being able to tunnel IP traffic over ICMP?

Some of the very early IP telephony apps (20 yrs ago) used the very same trick.

Anyone test this against China GFW and get it working?