Is VPN-over-ICMP/DNS just a marketing trick?

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
VitaR
Posts: 2
Joined: Fri May 22, 2020 1:35 pm

Is VPN-over-ICMP/DNS just a marketing trick?

Post by VitaR » Fri May 22, 2020 3:00 pm

According to the Manual and a several forum posts,
1st, it enabled very easy with the only one check-mark in the server's config and nothing more,
2nd, it activated automatically when the two "generic" (Direct and NAT-T) ways to connect fails,
3rd, it's impossible to forcibly activate this mode.
But a lot of post are flying around the Net about a bunch of tests that brings up very critical thoughts.

Let's take a very basic logic and think:
- I've set up a remote server and it works,
- I've enabled these "over-something" in its config,
(condition "1st" completed)
- I've created the respective connection to this server and tested it,
- this connection works both directly and via NAT-T,
- next in my firewall I've blocked both TCP and UDP and explicitly enabled any ICMP, everything pointing to/from my-server-ip, and checked it of course,
(condition "2nd" completed)
- and then I've tried to make connection again.

Now, taking in account these 3 conditions described at the beginning, what result shall I wait for? Remember, we're thinking logically! Connection made via this VPN-over-ICMP, right?

Boo! You lose!

So, just a pair of very simple questions:
1. How to set up this super-mega-feature right?
2. How to prove it works?

drkrool
Posts: 43
Joined: Mon May 25, 2020 4:38 am
Location: Quebec, Canada

Re: Is VPN-over-ICMP/DNS just a marketing trick?

Post by drkrool » Mon May 25, 2020 5:12 am

Curious about this as well. I remember trying without success years ago, but don't quote me on that as I had few firewall knowledge back then

Have you tried the vpn over dns feature as well?

VitaR
Posts: 2
Joined: Fri May 22, 2020 1:35 pm

Re: Is VPN-over-ICMP/DNS just a marketing trick?

Post by VitaR » Wed May 27, 2020 10:37 am

drkrool wrote:
Mon May 25, 2020 5:12 am
Have you tried the vpn over dns feature as well?
No, I didn't. I see no meaning difference between this and a "generic" tcp/udp, except a worldwide passing port. May be I'll check it sometime later, but the one only thing that will make me count this variant as a something different is a eDNS payload usage or something like that.

Post Reply