I have followed a tutorial here: http://ebnj.net/sshoverdns/

This tutorial tells us how to carry all internet traffic via DNS tunnel if your airport enables no-limit outgoing DNS.

This guides us to host a DNS service on host machine and connect to the host from client on SSH tunneling.

I have tested this on a VPS server and it works like a charm. Both the DNS server and client work very well. There is a DNS service running on port 0.0.0.0:53 on server and a proxy running on port 127.0.0.1:7070 (socks5) on local client machine.

But when I was testing on a client physcially in mainland of China, it failed to negotiate with the DNS service on VPS for tunneling.

ssh -ND 7070 -o ProxyCommand="./droute.pl sshdns.mydomain.ga" myvpsuser@localhost -v

Debug:

OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Executing proxy command: exec ./droute.pl sshdns.xigua.ga debug1: identity file /home/myname/.ssh/id_rsa type 1 debug1: identity file /home/myname/.ssh/id_rsa-cert type -1 debug1: identity file /home/myname/.ssh/id_dsa type -1 debug1: identity file /home/myname/.ssh/id_dsa-cert type -1 debug1: identity file /home/myname/.ssh/id_ecdsa type -1 debug1: identity file /home/myname/.ssh/id_ecdsa-cert type -1 debug1: identity file /home/myname/.ssh/id_ed25519 type -1 debug1: identity file /home/myname/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.7 debug1: permanently_drop_suid: 1000

When I was testing on uncensored Internet in the U.S., it will not be stuck here. It would tell me to input password for user myvpsuser .

It seems that the Chinese GFW has censored and blocked the SSH or DNS traffic.

If this has nothing to do with the DNS service, can we pass the Internet traffic via another proxy instead of the one created by SSH service? Or what else can I do to solve this?