diff --git a/pillar/credentials/vault.sls b/pillar/credentials/vault.sls
--- a/pillar/credentials/vault.sls
+++ b/pillar/credentials/vault.sls
@@ -225,6 +225,9 @@
 
     - ops/secrets/dereckson/wordpress/secrets
 
+  tunnel-dns:
+    - ops/secrets/network/iodine
+
   viperserv:
     - ops/secrets/nasqueron.viperserv.vault
 
diff --git a/roles/tunnel-dns/init.sls b/roles/tunnel-dns/init.sls
new file mode 100644
--- /dev/null
+++ b/roles/tunnel-dns/init.sls
@@ -0,0 +1,9 @@
+#   -------------------------------------------------------------
+#   Salt —  tunnel IPv4 data through a DNS server
+#   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+#   Project:        Nasqueron
+#   License:        Trivial work, not eligible to copyright
+#   -------------------------------------------------------------
+
+include:
+  - .iodine
diff --git a/roles/tunnel-dns/iodine/files/iodined.rc b/roles/tunnel-dns/iodine/files/iodined.rc
new file mode 100644
--- /dev/null
+++ b/roles/tunnel-dns/iodine/files/iodined.rc
@@ -0,0 +1,18 @@
+#   -------------------------------------------------------------
+#   Iodine
+#   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+#   Project:        Nasqueron
+#   License:        Trivial work, not eligible to copyright
+#   Source file:    roles/tunnel-dns/iodine/files/iodined.rc
+#   -------------------------------------------------------------
+#
+#   <auto-generated>
+#       This file is managed by our rOPS SaltStack repository.
+#
+#       Changes to this file may cause incorrect behavior
+#       and will be lost if the state is redeployed.
+#   </auto-generated>
+
+iodined_enable="YES"
+iodined_password="{{ password }}"
+iodined_domain="ty.nasqueron.org"
diff --git a/roles/tunnel-dns/iodine/init.sls b/roles/tunnel-dns/iodine/init.sls
new file mode 100644
--- /dev/null
+++ b/roles/tunnel-dns/iodine/init.sls
@@ -0,0 +1,31 @@
+#   -------------------------------------------------------------
+#   Salt —  tunnel IPv4 data through a DNS server
+#   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+#   Project:        Nasqueron
+#   License:        Trivial work, not eligible to copyright
+#   -------------------------------------------------------------
+
+#   -------------------------------------------------------------
+#   Software
+#   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+iodine:
+  pkg.installed
+
+#   -------------------------------------------------------------
+#   Service
+#   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{% if grains["os"] == "FreeBSD" %}
+/etc/rc.conf.d/iodine:
+  file.managed:
+    - source: salt://roles/tunnel-dns/iodine/files/iodined.rc
+    - template: jinja
+    - context:
+        password: {{ salt["credentials.get_password"]("network/iodine") }}
+{% endif %}
+
+service_iodine:
+  service.running:
+    - name: iodined
+    - enable: True
diff --git a/top.sls b/top.sls
--- a/top.sls
+++ b/top.sls
@@ -16,6 +16,7 @@
     - roles/builder
     - roles/dbserver-mysql
     - roles/devserver
+    - roles/tunnel-dns
     - roles/viperserv
     - roles/webserver-core
     - roles/webserver-legacy