├── _config.yml
├── src
    └── ULA-Status.png
├── README.md
├── OpenConnect-OpenWrt.md
├── How-to-choose-LAN-IPv6.md
├── LICENSE
└── OpenConnect-Server.md


/_config.yml:
--------------------------------------------------------------------------------
1 | theme: jekyll-theme-slate


--------------------------------------------------------------------------------
/src/ULA-Status.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KumaTea/CERNET-At-Home/HEAD/src/ULA-Status.png


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # CERNET-At-Home
 2 | 在家接入教育网 IPv6 的教程
 3 | 
 4 | 本教程重点是**使内网所有设备自动获得可用教育网IPv6**，无需另外单独设置；
 5 | 
 6 | 可以根据情况选用 IPv6 Relay 或者 NAT 模式。
 7 | 
 8 | ## 使用 SYSU OpenConnect VPN
 9 | 方案一：使用 SYSU OpenConnect VPN
10 | * [OpenWrt方案](./OpenConnect-OpenWrt.md)
11 | * [服务器方案](./OpenConnect-Server.md)
12 | 
13 | ## 在校内搭建 VPN 服务器
14 | 方案二：在校内搭建 VPN 服务器
15 | * [未实践，暂缺](./Server-Client.md)
16 | 
17 | ## 注意事项
18 | * [如何选择IPv6网段](./How-to-choose-LAN-IPv6.md)
19 | 
20 | ## 推荐阅读
21 | * [**openwrt.md**](https://github.com/tuna/ipv6.tsinghua.edu.cn/blob/master/openwrt.md) - [tuna / ipv6.tsinghua.edu.cn](https://github.com/tuna/ipv6.tsinghua.edu.cn)
22 |   * 每次全新配置路由器，IPv6 部分一定要照着抄的
23 | 


--------------------------------------------------------------------------------
/OpenConnect-OpenWrt.md:
--------------------------------------------------------------------------------
 1 | # 方案一：使用 SYSU OpenConnect VPN
 2 | ## OpenWrt方案
 3 | 
 4 | 由于我自己在认证阶段没有成功，所以仅提供一个思路。
 5 | 
 6 | ---
 7 | 
 8 | 1. 安装openconnect组件：
 9 | 
10 | ```bash
11 | opkg update
12 | # 默认已安装 dnsmasq-full ipv6-helper
13 | opkg install openconnect luci-proto-openconnect
14 | ```
15 | 
16 | 建议在编译固件时预编译以减少麻烦。
17 | 
18 | 2. 在 `网络 - 接口` 中 添加一个新接口（例如： `ocvpn` ），协议选用 `openconnect` ，填入地址 `https://ocvpn.sysu.edu.cn` ，输入账号密码，点击提交。
19 | 
20 | 3. 回到 `网络 - 接口` 后，如果接口 `ocvpn` 出现内网IPv4和公网IPv6地址即为成功。
21 | 
22 | 4. `全局网络选项 - IPv6 ULA 前缀` 填写一个合适的网段。请参考：[如何选择IPv6网段](./How-to-choose-LAN-IPv6.md)
23 | 
24 | 5. 修改`接口 - LAN - DHCP 服务器 - IPv6 设置` 的 `路由通告服务` 和 `DHCPv6 服务` 为 **`服务器模式`**（针对NAT）或**`混合模式`**（针对Relay）。
25 | 
26 | 6. 重启路由器
27 | 
28 | 7. 检查IPv6网络状态
29 | * [test ipv6](https://test-ipv6.com)
30 | * [ipv6 test](https://ipv6-test.com)
31 | ![ULA Status](./src/ULA-Status.png)
32 | 


--------------------------------------------------------------------------------
/How-to-choose-LAN-IPv6.md:
--------------------------------------------------------------------------------
 1 | # 如何选择IPv6网段
 2 | 
 3 | 此指南针对于提供`/128`的野蛮VPN，提供`/64`及更小的文明VPN请高强度Relay（中继），获取全球唯一单播地址`2001:0000::/23`，，，
 4 | > [其实应该是`2001:0200::/23`](https://www.iana.org/assignments/ipv6-unicast-address-assignments/ipv6-unicast-address-assignments.xhtml)
 5 | ---
 6 | 在特殊环境（IPv6通过家里到学校的连接）下，选择IPv6网段有如下建议：
 7 | 
 8 | ## unique local address (ULA)
 9 | **优选**
10 | * 网段：`fc00::/7`
11 | > The address block fc00::/7 is divided into two parts, fc00::/8 and fd00::/8.
12 | > The block fc00::/8 is undefined...
13 | * 示例：`fd11:4514:1919:810::/64`
14 | > 上述摘自维基百科 [Unique local address](https://en.wikipedia.org/wiki/Unique_local_address)
15 | * 特点：作为IPv4不通时的次选
16 | * 注意：Windows表示为“”
17 | * 优选原因：打开常用网站时直接走宽带，仅IPv6网络才使用，避免无谓的代理
18 | 
19 | ## IANA Reserved
20 | **次选**
21 | * 网段：[**任君挑选**](https://www.iana.org/assignments/ipv6-address-space/ipv6-address-space.xhtml)
22 | * 示例：`c123::/64`
23 | * 示例2：`d456::/64`
24 | * **示 例 1 1 4 5 1 4 ：`114:514:1919:810::/64`**
25 | * 特点：优先连接
26 | * 次选原因：所有网站优先代理
27 | 
28 | ## Link local address
29 | **禁选**
30 | * 网段：`fe80::/10`
31 | * 示例：`fe80:114:514:1919::/64`
32 | * 特点：无法连接
33 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2020 KumaTea
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/OpenConnect-Server.md:
--------------------------------------------------------------------------------
 1 | # 方案一：使用 SYSU OpenConnect VPN
 2 | ## 服务器方案
 3 | 
 4 | 前提条件：有一台Linux服务器。
 5 | 
 6 | 这里以刷了[Armbian](https://www.armbian.com/)的[香橙派](http://www.orangepi.cn/OrangePiOneplus/index_cn.html)为例。
 7 | 
 8 | ---
 9 | 
10 | 如果你的网络条件支持Relay（即 `/64` 或更小），请参考：[How to share an IPv6 connection to the whole LAN?](https://unix.stackexchange.com/questions/533284)
11 | 
12 | ---
13 | 
14 | 1. 安装必要软件
15 | 
16 | ```bash
17 | apt update
18 | apt install openconnect radvd
19 | ```
20 | 
21 | 2. 连接VPN
22 | 
23 | ```bash
24 | openconnect "https://ocvpn.sysu.edu.cn" -b
25 | ```
26 | 
27 | 输入账号密码。
28 | 
29 | 如果希望一行命令运行，那就使用：
30 | 
31 | ```bash
32 |  echo "<Your Password>" | sudo openconnect "https://ocvpn.sysu.edu.cn" --user="<Your NetID>" --passwd-on-stdin --servercert="8A5747DD23302A732F98494BDAB72A3120B75BDA" --background
33 | ```
34 | 
35 | 3. 设置IPv6转发及NAT
36 | 
37 | ```bash
38 | sudo echo "net.ipv6.conf.all.forwarding=1" >> /etc/sysctl.conf
39 | sysctl -p
40 | ip6tables -t nat -A POSTROUTING -o tun0 -j MASQUERADE  # Add to crontab
41 | ```
42 | 
43 | 4. 设置IPv6路由广播
44 | 选择一个合适的网段，如`fd12:3456:7980:abcd::/64`。请参考：[如何选择IPv6网段](./How-to-choose-LAN-IPv6.md)
45 | 
46 | ```
47 | # /etc/radvd.conf
48 | interface eth0 {
49 |   AdvSendAdvert on;
50 |   MinRtrAdvInterval 3;
51 |   MaxRtrAdvInterval 10;
52 |   prefix fd12:3456:7980:abcd::/64 {
53 |     AdvOnLink on;
54 |     AdvAutonomous on;
55 |     AdvRouterAddr on;
56 |   };
57 | };
58 | ```
59 | 
60 | 或者运行
61 | 
62 | ```bash
63 | echo "interface eth0 {" >> /etc/radvd.conf
64 | echo "  AdvSendAdvert on;" >> /etc/radvd.conf
65 | echo "  MinRtrAdvInterval 3;" >> /etc/radvd.conf
66 | echo "  MaxRtrAdvInterval 10;" >> /etc/radvd.conf
67 | echo "  prefix fd12:3456:7980:abcd::/64 {" >> /etc/radvd.conf
68 | echo "    AdvOnLink on;" >> /etc/radvd.conf
69 | echo "    AdvAutonomous on;" >> /etc/radvd.conf
70 | echo "    AdvRouterAddr on;" >> /etc/radvd.conf
71 | echo "  };" >> /etc/radvd.conf
72 | echo "};" >> /etc/radvd.conf
73 | ```
74 | 
75 | 随后
76 | 
77 | ```bash
78 | service radvd restart
79 | ```
80 | 
81 | 5. 检查IPv6网络状态
82 | * [test ipv6](https://test-ipv6.com)
83 | * [ipv6 test](https://ipv6-test.com)
84 | ![ULA Status](./src/ULA-Status.png)
85 | 


--------------------------------------------------------------------------------