====== NSTX - IP Over DNS Tunneling ====== Using ''nstx'', you can (mis-)use the mostly free DNS resolution of many commercial Hotspots to gather internet for free. ===== NSTXD Configuration ===== To run a NSTX service, you need: * to own a domain * to have control over the authoritative nameserver * another host (or at least IP) to serve ''nstx'' via it's port 53 ==== Create A Simple Subdomain ==== Create a dedicated subdomain of your domain using a Glue-Record, e.g.: $ORIGIN nstx.example.com. @ IN NS ns ns IN A 1.2.3.4 where ''1.2.3.4'' is the IP ''nstxd'' is listening on. ==== Install and Configure NSTXD ==== Make sure the kernel of the system you want to run ''nstxd'' at provides tun/tap support. After installing ''nstx'', the daemon has to be run like so: nstxd -i where '''' in this case is ''1.2.3.4'' and '''' is ''nstx.example.com''. The running daemon creates a device named ''tun0'' which has to be configured appropriately. Further steps of configuration may have to be done to allow routing between tunnel and internet. ===== NSTXCD Configuration ===== The NSTX Client Daemon is the client-side counterpart to ''nstxd'' and therefore has to be run on the Hotspot client. Consider the situation where you have local network access, including DNS. Having a kernel with support for the tun/tap device, all you need to do is run ''nstxcd'' with the correct options: nstxcd where '''' in this case is ''nstx.example.com'' and '''' the IP of the local nameserver. The created ''tun0'' device has to be configured accordingly. For full internet access, a default route via the tunnel endpoints IP has to be used. ===== Caveats ===== * Setting a tunnel MTU of 500 may prevent connectivity problems, especially when using SSH. * When the local nameserver is reachable via routing only, setting the new default route is problematic. In this case a host route is necessary to prevent routing DNS requests via the tunnel. ===== Further Information ===== [[http://thomer.com/howtos/nstx.html|NSTX Howto]]