Table of contents
Combined revision comparison
...
3.3.20 VPN over ICMP and VPN over Dns Functions
When a VPN Client or Bridge attempts to establish a VPN connection with a VPN Server, functionality is provided to encapsulate VPN communication within “ICMP” (commonly known as Ping) or “DNS” packets in cases where both TCP and UDP protocols are unavailable for communication.
With this functionality, even if routers or firewalls along the network path block TCP or UDP communication, a VPN connection can still be established as long as ICMP or DNS communication is allowed.
For example, some public Wi-Fi networks allow ICMP or DNS communication even though TCP communication is inexplicably blocked. To enable VPN communication even in such problematic wireless LAN environments, VPN over ICMP / DNS functionality is included. By encapsulating Ethernet packets into ICMP (Ping) or DNS packets, stable communication can be achieved even over such unstable public Wi-Fi networks.
The VPN over ICMP and VPN over DNS functions are designed to comply with ICMP and DNS standards as much as possible. However, in some cases, non-standard behavior may occur. Certain poorly designed routers may experience memory overflows and may freeze or reboot when a large volume of ICMP or DNS packets passes through. This could potentially have negative effects on other users. To avoid such risks, you can disable the VPN over ICMP and VPN over DNS functions by appending the suffix "/tcp" to the destination hostname string on the VPN client side.
...
Version from 14:26, 23 May 2025
...
Version as of 22:00, 5 Jun 2025
...
3.3.20 VPN over ICMP and VPN over Dns Functions
When a VPN Client or Bridge attempts to establish a VPN connection with a VPN Server, functionality is provided to encapsulate VPN communication within “ICMP” (commonly known as Ping) or “DNS” packets in cases where both TCP and UDP protocols are unavailable for communication.
With this functionality, even if routers or firewalls along the network path block TCP or UDP communication, a VPN connection can still be established as long as ICMP or DNS communication is allowed.
For example, some public Wi-Fi networks allow ICMP or DNS communication even though TCP communication is inexplicably blocked. To enable VPN communication even in such problematic wireless LAN environments, VPN over ICMP / DNS functionality is included. By encapsulating Ethernet packets into ICMP (Ping) or DNS packets, stable communication can be achieved even over such unstable public Wi-Fi networks.
The VPN over ICMP and VPN over DNS functions are designed to comply with ICMP and DNS standards as much as possible. However, in some cases, non-standard behavior may occur. Certain poorly designed routers may experience memory overflows and may freeze or reboot when a large volume of ICMP or DNS packets passes through. This could potentially have negative effects on other users. To avoid such risks, you can disable the VPN over ICMP and VPN over DNS functions by appending the suffix "/tcp" to the destination hostname string on the VPN client side.
...
