Campus networks require phone number authentication, but since SIM cards are costly and have been discontinued, logging in leads to a page redirecting to recharge. Although there is free IPv6, most internet services do not support IPv6 access. If you have a remote server with IPv6, you can surf the internet through that machine. Using ping tests, I found that the Baidu IP can be reached, so I conceived setting up OpenVPN over port 53 to bypass the recharge and achieve free internet access. Another option is to use a cloud server with IPv6 to simulate a local IPv4 environment.
Preparation:
- One cloud server with a public IP
- Linux system (I use CentOS 7)
Here, I introduce the setup using Soft-EtherVPN from the University of Tsukuba in Japan.
Detailed Steps
1. Open ports 443 and 53 in your cloud server’s security group
Port 443 is for management connections, port 53 is for UDP tunneling to access the internet.
2. Download and install the Linux server version
wget -b https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/releases/download/v4.29-9680-rtm/softether-vpnserver-v4.29-9680-rtm-2019.02.28-linux-x64-64bit.tar.gz
ll
tail wget-log
tar zxvf softether-vpnserver-v4.29-9680-rtm-2019.02.28-linux-x64-64bit.tar.gz
cd vpnserver
ll
make
./vpnserver start
./vpncmd
Choose option 1 and keep pressing Enter.
3. Download the VPN management tool and configure OpenVPN
Windows management tool download:
softether-vpnserver_vpnbridge-v4.29-9680-rtm-2019.02.28-windows-x86_x64-intel.exe
(GitHub can be accessed via Alibaba Cloud. If you cannot download locally, download on the cloud server and transfer it back.)
Run the management tool and connect to the server IP.
Next, manage the Virtual Hub and add users:
Set OpenVPN and port:
Find the OpenVPN settings in the bottom right, click it:
Replace the default port 1194 with 53, then OK:
Open OpenVPN settings again and generate the configuration file:
Save the config file.
4. Download client and connect to OpenVPN
Windows client download:
softether-vpnclient
Similarly, download on the cloud server if local download fails, then transfer.
After installation, import the L3 configuration file into the config folder in the installation directory.
5. Optional: Close other VPN ports
Use the management tool to close other TCP ports. We only use UDP on port 53. You can also close port 443 in the cloud security group, and reopen it when needed.
Done! The network speed is limited by your cloud server’s bandwidth. For this kind of authentication bypass VPN, it’s best to use overseas VPS because few domestic VPS support IPv6. Vultr fully supports IPv6, which can be used to get IPv4 access locally, enabling access to most websites and applications.
Summary
This article introduced bypassing authentication using port 53 (DNS) open access for VPN tunneling, which can be applied to various Wi-Fi networks requiring login, assuming no packet filtering is applied.
