IP-over-ICMP tunnel
Clone or download
Latest commit 33e0b82 Dec 10, 2008


This is the ICMPTX program.

This software is most recently available from http://github.com/jakkarth/icmptx

ICMPTX is a program that allows a user with root privledges to create a
virtual network link between two computers, encapsulating data inside of
ICMP packets.

-- license --

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this ICMPTX.  If not, see <http://www.gnu.org/licenses/>.

-- basic usage instructions --

First, make sure you have the tun module from your 2.6 kernel loaded up
or compiled into your kernel on both ends of your tunnel.

Second, compile the code on both the client machine and the server you
wish to tunnel your traffic between.

Third, on the server side, do something like

./icmpx -s &
sleep 1
ifconfig tun0 netmask

Fourth, on the client side, do something like

./icmptx -c &
sleep 1
ifconfig tun0 netmask

Replace with your internet-accessible IP on the server. At this
point you should have a simple link between the client and server. On
the client, you should be able to ping and get a response. Note
that there are several levels of irony involved in receiving the responses.
SSH tunneling can be used at this point for secure communication over the
channel. Note that there is no encryption capability provided directly by

Once you've confirmed that the tunnel does in fact work, routing should be
easily accomplished. The tun interfaces are just like any other ethernet
devices on your system and can be used as such, for example:

route add -net gw

executed on the client could add a route to your server's DMZ segment.
Access to systems on the subnet from the client would
then be transparently tunneled through the ICMPTX connection.

-- who's to blame for all this? --

ICMPTX has an interesting lineage. The code for the ICMP handling was
originally included from the itunnel program. Tun interface handling
was included from the VTun project, originally authored by Maxim
Krasnyansky. The two were brought together by edi / teso. From there,
Siim Põder cleaned up the code and wrote a short article about it,
possibly still available at http://www.linuxexposed.com/content/view/153/52/ .
That seems to be where Thomer Gil found it, after which he further cleaned
it up and presented it at http://thomer.com/icmptx/, which is where I,
John Plaxco, came across it. Further and newer information may be
available at the project's homepage at http://github.com/jakkarth/icmptx.