We Just Added Support for VPN Over ICMP & DNS
We’re happy to announce that, as of today, CactusVPN will be offering support for VPN over ICMP (Internet Control Message Protocol, a supporting protocol that sends error messages if a service or a host/router can’t be reached/isn’t available) and DNS (Domain Name System, which is responsible for translating domain names into IP addresses, and vice versa).
This only works through SoftEther VPN protocol, and is only supported on our Los Angeles, Bucharest and Tokyo VPN servers. Switching to SoftEther is easily done through the SoftEther VPN Client for Windows, plus it’s an efficient protocol – fast and stable.
Why Is VPN Over ICMP and DNS Important?
There are certain networks (not a lot, but enough to matter) that only pass ICMP and DNS packets. They are set up to automatically filter out TCP and UDP packets and traffic.
It’s not really known why they are so heavily restricted, though we can assume they might be WiFi networks belonging to businesses. Such restrictions might be used to control employee traffic, or to prevent unwanted network activity.
Besides that, certain governments might employ this technique to enforce content restrictions on the Internet – like Iran and China, for example.
This is where VPN over ICMP and DNS comes into play – it’s a powerful function that allows the SoftEther protocol to bypass these restrictions and establish client-server connections. Essentially, all VPN packets will be capsuled in ICMP and DNS packets based on ICMP and DNS protocol specifications, allowing them to be transited over the firewall.
Afterwards, the receiver-side endpoint will extract the VPN packets from the ICMP and DNS packets.
In short, if you’re in a country that uses packet filtering to block online content, or you’re at work or in public and the WiFi network you want to use filters TCP and UDP traffic, VPN over ICMP and DNS can potentially help you bypass that problem.