1. Summary of premises
Most colleges and universities have covered the education network, which is the first IPV6 network implemented in China. Therefore, the host computer in the campus network can obtain the IPV6 address. When students surf the Internet through the campus network, the traffic passes through the billing gateway. If it is IPV4 traffic, it will be charged reasonably, while IPV6 traffic is not charged.
Therefore, if the host in the campus network communicates with a host in the external network through IPV6, forwards all the resource requests to the host of the external network through IPV6, and the host of the external network obtains the resources according to the request, and then sends the obtained content to the host in the campus network through IPV6, then the host in the campus network can achieve the purpose of streaming Free Internet access in the campus network.
2. Preparatory work
2.1 IPV6 address
The proxy host can choose cloud server or idle home computer. In cloud servers, Alibaba cloud and Baidu cloud provide IPV6 public network access services. If you choose a home host, you need to see whether the host can obtain the IPV6 address with the ability of public network access.
Enter ipconfig in Windows and ifconfig in Linux to view the ipv6 address.
As shown in the figure, my home host has four IPv6 addresses. The first three IPv6 addresses have the ability to access the public network. Moreover, these three addresses are dynamic, and the IP address has a certain effective time. The validity time of temporary IPv6 address is shorter, and the temporary address is usually used when communicating with the outside world. The beginning of 2409 indicates that it is in the network segment of China Mobile. For details of IPv6 network segments of major domestic operators, please refer to https://baiye.us/
The last ipv6 address at the beginning of fe80 belongs to the intranet address, which can only be used in the LAN and cannot be accessed by the external network.
2.2 Linux server
Our proxy server is built on Linux, so we need to install Linux system. If the home host is really unwilling to abandon Windows system, then install a virtual machine. The process of installing the virtual machine will not be described in detail. The key point is that the bridging mode must be selected for the network connection of the virtual machine. That's because, after selecting the bridging mode, the network card of the virtual machine and the network card of the host computer are not closely related. It is equivalent to that two network cables are inserted into your host computer, one for the host computer and one for the virtual machine. The two network cards are separated.
2.3 preparation on Linux
In the process of building a proxy server, you need to use ifconfig to view the ip address, you need to edit the configuration file with vim, and you need to connect to the server with ssh. Therefore, install the following toolkit first:
sudo apt install net-tools sudo apt install vim sudo apt install openssh-server
Most importantly, shadowlocks is based on python, so you need to install Python and be able to install Python packages using the pip command. My Linux Installation comes with Python, but there is no pip command, so I still need to execute it
sudo apt install python3-pip
Install the pip command.
(omit part3 and part4)
5. Global agent software
5.1 SocksCap
Some software doesn't have proxy settings. What can I do? Here we recommend two agent software. The first one is SocksCap.
After installing sockcap, set up the proxy server first.
After that, drag the program you want to take the agent into the list, select the software, and click Run in the upper right corner to let the running software take the agent flow.
5.2 Proxifier
It is not convenient to add software one by one, which is recommended here proxifier As long as it is running, the software on the system as long as it accesses the network is the agent.
After the installation is completed, similar to sockcap, the agent needs to be set up. The detailed process is as follows.
After the configuration is completed, other software can go online directly without setting up its own agent.
Six UWP access agents
There are many UWP applications on Windows 10, but these applications cannot access the proxy.
In this regard, I have written a python script that can unlock the local access ability of all uwp applications. To put it bluntly, all uwp applications on the system can access local agents. See https://blog.csdn.net/qq_35436635/article/details/108473170
Seven DDNS
Small aircraft directly fill in the ipv6 address, this is very inconvenient. In addition, in order to ensure the security of the host, operators usually allocate ipv6 addresses dynamically. The ipv6 addresses obtained by each host have a certain lifetime, which can be as long as 7 days and as short as several hours. Therefore, the ipv6 address of the proxy host is always changing.
In order to solve this problem, ddns came into being. ddns can map the dynamic IP address to a fixed domain name, and resolve the IP address by dns. We only need to know the domain name to connect to the proxy server.
First of all, you need to register a domain name. Now many registered domain names are very cheap. Then open the cloud dns service. I use alicloud's cloud resolution dns. The free version is enough for us. We need a sub account to help us update dns resolution records, and we need to assign cloud dns resolution permissions to it. The specific steps are all available on alicloud, so I won't repeat them here.
Attached here is my python script for updating dns resolution records
import socket import time from netaddr.ip import IPAddress from aliyunsdkcore.client import AcsClient from aliyunsdkalidns.request.v20150109.UpdateDomainRecordRequest import UpdateDomainRecordRequest def update_record(new_ip): client = AcsClient('Alicloud sub account id', 'Alicloud account password', 'cn-hangzhou') request = UpdateDomainRecordRequest() request.set_accept_format('json') request.set_RecordId("Parsing records RecordId") request.set_RR("Secondary domain name prefix") request.set_Type("AAAA") request.set_Value(new_ip) response = client.do_action_with_exception(request) log_file = open('log.txt', 'a+', encoding='utf-8') log_file.write(time.strftime("\n%Y-%m-%d %H:%M:%S", time.localtime()) + '\n') log_file.write(str(response, encoding='utf-8')) log_file.close() # Access to the public network IPv6 address can also be crawled https://ipv6.jsonip.com/ ipv6_list = [] ips = socket.getaddrinfo('Proxy host name', 8388) for dev in ips: ip = dev[4][0] addr = IPAddress(ip) if addr.version == 6 and ip[:5] != 'fe80:': ipv6_list.append(ip) rec_file = open('lastip.txt', 'r', encoding='utf-8') last_ip = rec_file.readline() rec_file.close() # IP address changes if last_ip not in ipv6_list: # print(ipv6_list[0]) update_record(ipv6_list[0]) rec_file = open('lastip.txt', 'w', encoding='utf-8') rec_file.write(ipv6_list[0]) rec_file.close()
Finally, the script is set as a scheduled task, which is executed every 10 minutes. As long as the ipv6 address changes, the resolution records on alicloud dns can be updated. As long as we fill in the domain name directly on the small plane, we can directly connect to the proxy server.
from https://www.fatalerrors.org/a/1th30A.html
No comments:
Post a Comment