option to add/remove static route to nameserver used

[yarrick]

It would be nice to have an option for iodine (client) that would cause the process to add a static route to the DNS server it uses via the default gateway (or maybe a specific IP), e.g.

 iodine … -r … my.dns.domain          → route via default gw
 iodine … -r 1.2.3.4 … my.dns.domain  → route via 1.2.3.4

The reason is that one usually adds 0/1 and 128/1 routes (or redirects the default route) via the iodined IP, but the DNS server must stay reachable.

The iodine client knows best which DNS IP it uses, which is why I think it should provide that option. It would make it trivial to add if-up.d/if-down.d hooks to automate the setup (I would send a patch later).

It goes without saying that termination of the iodine process should also remove the static route as well.

[yarrick]

I like this idea. There are a few things that have to be solved:

• First we have to find the default route (The iodine helper scripts I have seen have not solved this in a nice way)
• Removing the route becomes harder if we have dropped privileges. I guess some kind of IPC is needed to make part of the program still running as root to remove it.

[yarrick]

source:  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534185

[guest]

There's a new idea at the mentioned Debian bug report:

One thing that could be done is to allow adding a route when the interface is brought up.

For example if I want to use iodine to access the external network 220.245.30.0/24 I could pass a parameter telling iodine this and have it insert the route appropriately.

Usually when I use iodine I don't actually want to access the entire Internet. I just want to access my mail server, a web proxy, and the ssh port of a shell server. One or two network routes would allow this without messing with whatever routing is necessary to get the Iodine tunnel working.

(gregoa@…)