fatalerrors.org
Most colleges and universities have covered the education network, which is the first IPV6 network implemented in China. Therefore, the host computer in the campus network can obtain the IPV6 address. When students surf the Internet through the campus network, the traffic passes through the billing gateway. If it is IPV4 traffic, it will be charged reasonably, while IPV6 traffic is not charged.
Therefore, if the host in the campus network communicates with a host in the external network through IPV6, forwards all the resource requests to the host of the external network through IPV6, and the host of the external network obtains the resources according to the request, and then sends the obtained content to the host in the campus network through IPV6, then the host in the campus network can achieve the purpose of streaming Free Internet access in the campus network.
2.1 IPV6 address
The proxy host can choose cloud server or idle home computer. In cloud servers, Alibaba cloud and Baidu cloud provide IPV6 public network access services. If you choose a home host, you need to see whether the host can obtain the IPV6 address with the ability of public network access.
Enter ipconfig in Windows and ifconfig in Linux to view the ipv6 address.
As shown in the figure, my home host has four IPv6 addresses. The first three IPv6 addresses have the ability to access the public network. Moreover, these three addresses are dynamic, and the IP address has a certain effective time. The validity time of temporary IPv6 address is shorter, and the temporary address is usually used when communicating with the outside world. The beginning of 2409 indicates that it is in the network segment of China Mobile. For details of IPv6 network segments of major domestic operators, please refer to https://baiye.us/
The last ipv6 address at the beginning of fe80 belongs to the intranet address, which can only be used in the LAN and cannot be accessed by the external network.
2.2 Linux server
Our proxy server is built on Linux, so we need to install Linux system. If the home host is really unwilling to abandon Windows system, then install a virtual machine. The process of installing the virtual machine will not be described in detail. The key point is that the bridging mode must be selected for the network connection of the virtual machine. That’s because, after selecting the bridging mode, the network card of the virtual machine and the network card of the host computer are not closely related. It is equivalent to that two network cables are inserted into your host computer, one for the host computer and one for the virtual machine. The two network cards are separated.
2.3 preparation on Linux
In the process of building a proxy server, you need to use ifconfig to view the ip address, you need to edit the configuration file with vim, and you need to connect to the server with ssh. Therefore, install the following toolkit first:
sudo apt install net-tools
sudo apt install vim
sudo apt install openssh-server
Most importantly, shadowlocks is based on python, so you need to install Python and be able to install Python packages using the pip command. My Linux Installation comes with Python, but there is no pip command, so I still need to execute it
sudo apt install python3-pip
Install the pip command.
3.1 install shadowlocks server
First, we enter super administrator mode and switch to the root user’s home directory
sudo su
cd /root
For reasons that cannot be disclosed, the author of shadowlocks does not maintain the shadowlocks on the pip software source, and the version is fixed at 2.8.2. Similarly, the shadowlocks on GitHub are no longer updated and are frozen at 2.9.1.
Here, we install a newer version of shadowlocks with the following command.
pip3 install https://github.com/shadowsocks/shadowsocks/archive/master.zip
After installation, you can use this command to view the Shadowsocks version.
ssserver --version
create profile
mkdir /etc/shadowsocks
vim /etc/shadowsocks/config.json
Insert the following contents into the configuration file, and the password and port can be changed by customization.
{
"server":"::",
"server_port":8388,
"local_address":"127.0.0.1",
"local_port":1080,
"password":"mypassword",
"timeout":300,
"method":"aes-256-cfb",
"fast_open":false
}
After saving and exiting, we can start shadowlocks with the following command.
ssserver -c /etc/shadowsocks/config.json
3.2 configure the service and start it up
After executing the above command, we can carry out proxy access through small aircraft, which will be discussed later. However, in such a running mode, the Linux terminal is occupied by the ssserver process, and a large number of logs will be output. We expect to configure shadowlocks as a service and boot it up.
Create a new shadowlocks service management file.
vim /etc/systemd/system/shadowsocks-server.service
Enter the following in the file.
[Unit]
Description=Shadowsocks Server
After=network.target
[Service]
ExecStart=/usr/local/bin/ssserver -c /etc/shadowsocks/config.json
Restart=on-abort
[Install]
WantedBy=multi-user.target
Set shadowlocks to boot.
systemctl enable shadowsocks-server
Start shadowlocks.
systemctl start shadowsocks-server
At this point, shadowlocks is set up.
If we want to use proxy server to access the Internet, we need a shadowlocks client. Because the logo of the client is a small plane, it is usually called a small plane. Download address of small aircraft: https://github.com/shadowsocks/shadowsocks-windows/releases/
In the Linux system, enter ifconfig to view the ipv6 address of the current Linux server.
Fill in the following information on the small plane.
The specific information has been configured in the previous configuration file. Just fill it in.
Port 1080 below is the local proxy port. After the small aircraft runs, it will form a socks5 proxy server locally. Most software has its own proxy function. For example, the agent settings of TIM(QQ) are as follows.
After the small aircraft is running, right-click the small aircraft icon in the hosting taskbar and select global mode.
When no proxy is needed, you can choose to disable it.
At this point, we can open the browser and access the web page. Many software with proxy settings can also access the network after similar settings of TIM above.
5.1 SocksCap
Some software doesn’t have proxy settings. What can I do? Here we recommend two agent software. The first one is SocksCap.
After installing sockcap, set up the proxy server first.
After that, drag the program you want to take the agent into the list, select the software, and click Run in the upper right corner to let the running software take the agent flow.
5.2 Proxifier
It is not convenient to add software one by one, which is recommended here proxifier As long as it is running, the software on the system as long as it accesses the network is the agent.
After the installation is completed, similar to sockcap, the agent needs to be set up. The detailed process is as follows.
After the configuration is completed, other software can go online directly without setting up its own agent.
There are many UWP applications on Windows 10, but these applications cannot access the proxy.
In this regard, I have written a python script that can unlock the local access ability of all uwp applications. To put it bluntly, all uwp applications on the system can access local agents. See https://blog.csdn.net/qq_35436635/article/details/108473170
Small aircraft directly fill in the ipv6 address, this is very inconvenient. In addition, in order to ensure the security of the host, operators usually allocate ipv6 addresses dynamically. The ipv6 addresses obtained by each host have a certain lifetime, which can be as long as 7 days and as short as several hours. Therefore, the ipv6 address of the proxy host is always changing.
In order to solve this problem, ddns came into being. ddns can map the dynamic IP address to a fixed domain name, and resolve the IP address by dns. We only need to know the domain name to connect to the proxy server.
First of all, you need to register a domain name. Now many registered domain names are very cheap. Then open the cloud dns service. I use alicloud’s cloud resolution dns. The free version is enough for us. We need a sub account to help us update dns resolution records, and we need to assign cloud dns resolution permissions to it. The specific steps are all available on alicloud, so I won’t repeat them here.
Attached here is my python script for updating dns resolution records
import socket
import time
from netaddr.ip import IPAddress
from aliyunsdkcore.client import AcsClient
from aliyunsdkalidns.request.v20150109.UpdateDomainRecordRequest import UpdateDomainRecordRequest
def update_record(new_ip):
client = AcsClient('Alicloud sub account id', 'Alicloud account password', 'cn-hangzhou')
request = UpdateDomainRecordRequest()
request.set_accept_format('json')
request.set_RecordId("Parsing records RecordId")
request.set_RR("Secondary domain name prefix")
request.set_Type("AAAA")
request.set_Value(new_ip)
response = client.do_action_with_exception(request)
log_file = open('log.txt', 'a+', encoding='utf-8')
log_file.write(time.strftime("\n%Y-%m-%d %H:%M:%S", time.localtime()) + '\n')
log_file.write(str(response, encoding='utf-8'))
log_file.close()
# Access to the public network IPv6 address can also be crawled https://ipv6.jsonip.com/
ipv6_list = []
ips = socket.getaddrinfo('Proxy host name', 8388)
for dev in ips:
ip = dev[4][0]
addr = IPAddress(ip)
if addr.version == 6 and ip[:5] != 'fe80:':
ipv6_list.append(ip)
rec_file = open('lastip.txt', 'r', encoding='utf-8')
last_ip = rec_file.readline()
rec_file.close()
# IP address changes
if last_ip not in ipv6_list:
# print(ipv6_list[0])
update_record(ipv6_list[0])
rec_file = open('lastip.txt', 'w', encoding='utf-8')
rec_file.write(ipv6_list[0])
rec_file.close()
Finally, the script is set as a scheduled task, which is executed every 10 minutes. As long as the ipv6 address changes, the resolution records on alicloud dns can be updated. As long as we fill in the domain name directly on the small plane, we can directly connect to the proxy server.
Posted by Steven John at Sep 23, 2020 — 5:22 AM
没有评论:
发表评论