This article will share some ideas about the campus network (WireGuard/SoftEther VPN Server based on UDP 53 port VPN three-layer white whoring, Socks 5 white whoring+scientific Internet access two in one four layer white whoring), that is, to use the campus network like ordinary users without spending a penny.
2023/2/23: Update the NAT command and L2TP method of each platform configuration, and introduce some infeasible ideas that can be abandoned directly according to the previous reply in the comment area
prerequisite
The ideas listed below all require the use of a campus network server as a transit. Therefore, a computer (raspberry pie also works) should be placed in a network environment (usually an office area or laboratory network) that can access the Internet without paying and certification; Or have the right to use any school server.
The overall idea is to find a place in the school to set up a server to transfer traffic
Various ideas
VPN three-layer white whoring based on UDP 53 port
principle : UDP 53 is the port used by the DNS protocol. In order to enable HTTP hijacking and jump to the login page, the portal authentication must enable the browser to perform DNS resolution normally. Therefore, the UDP 53 port traffic will also be released without authentication and payment.
characteristic : No campus network authentication required , you do not need to purchase a campus network, and you do not need a campus network account. In addition, because VPN has encryption, it can overcome the defect that open Wi Fi network communication is not encrypted at all.
The two ideas listed below are Layer 3 (IP) VPN methods, which can forward all Layer 3 messages, so they support the ICMP protocol (ping can be used).
be careful : If you want to use UDP 53 port, the network you are on must not DNS hijacking If your network has DNS hijacking (for example, the "DNS Redirection" function under OpenWRT DHCP/DNS is DNS hijacking), this method will fail.
Implementation idea 1: WireGuard
I particularly recommend this scheme 。 WireGuard is a nearly stateless VPN protocol. It is zero sense when switching networks, and does not need to reconnect VPN. It is especially useful for computers that often sleep wake up. You can surf the Internet immediately after waking up. In addition, WireGuard is a pure kernel implementation on Linux and Windows operating systems, with extremely high performance.
method : Set up a wireguard server, and then the port listens on 53
There are many tutorials and one click packages for building Linux server. But if you want to build a Windows server, you must Read my previous article 。
shortcoming : The setup is really complicated. In addition, the configuration file is really obscure for people who do not understand the computer network
Click Read Full Text →