Campus networks require phone number authentication, but since SIM cards are costly and have been discontinued, logging in leads to a page redirecting to recharge. Although there is free IPv6, most internet services do not support IPv6 access. If you have a remote server with IPv6, you can surf the internet through that machine. Using ping tests, I found that the Baidu IP can be reached, so I conceived setting up OpenVPN over port 53 to bypass the recharge and achieve free internet access. Another option is to use a cloud server with IPv6 to simulate a local IPv4 environment.

Preparation:

  1. One cloud server with a public IP
  2. Linux system (I use CentOS 7)

Here, I introduce the setup using Soft-EtherVPN from the University of Tsukuba in Japan.

Detailed Steps

1. Open ports 443 and 53 in your cloud server’s security group

Port 443 is for management connections, port 53 is for UDP tunneling to access the internet.
anquanzu

2. Download and install the Linux server version

wget -b https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/releases/download/v4.29-9680-rtm/softether-vpnserver-v4.29-9680-rtm-2019.02.28-linux-x64-64bit.tar.gz
ll
tail wget-log
tar zxvf softether-vpnserver-v4.29-9680-rtm-2019.02.28-linux-x64-64bit.tar.gz
cd vpnserver
ll
make
./vpnserver start
./vpncmd

vpn_install
Choose option 1 and keep pressing Enter.

3. Download the VPN management tool and configure OpenVPN

Windows management tool download:
softether-vpnserver_vpnbridge-v4.29-9680-rtm-2019.02.28-windows-x86_x64-intel.exe

(GitHub can be accessed via Alibaba Cloud. If you cannot download locally, download on the cloud server and transfer it back.)
Run the management tool and connect to the server IP.
manage_con

Next, manage the Virtual Hub and add users:
add_user

Set OpenVPN and port:
Find the OpenVPN settings in the bottom right, click it:
vpn_install
Replace the default port 1194 with 53, then OK:
openvpn_53

Open OpenVPN settings again and generate the configuration file:
general_config
Save the config file.

4. Download client and connect to OpenVPN

Windows client download:
softether-vpnclient

Similarly, download on the cloud server if local download fails, then transfer.
After installation, import the L3 configuration file into the config folder in the installation directory.

5. Optional: Close other VPN ports

Use the management tool to close other TCP ports. We only use UDP on port 53. You can also close port 443 in the cloud security group, and reopen it when needed.
stop_port

Done! The network speed is limited by your cloud server’s bandwidth. For this kind of authentication bypass VPN, it’s best to use overseas VPS because few domestic VPS support IPv6. Vultr fully supports IPv6, which can be used to get IPv4 access locally, enabling access to most websites and applications.

Summary

This article introduced bypassing authentication using port 53 (DNS) open access for VPN tunneling, which can be applied to various Wi-Fi networks requiring login, assuming no packet filtering is applied.