MCPcopy Index your code
hub / github.com/Mythologyli/zju-connect

github.com/Mythologyli/zju-connect @v1.1.1

Chat with this repo
repository ↗ · DeepWiki ↗ · release v1.1.1 ↗ · + Follow
531 symbols 1,622 edges 72 files 42 documented · 8%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

ZJU Connect

🚫 Disclaimer

This program is provided as is, and the author does not guarantee the correctness or reliability of the program. Please judge whether the specific scenario is suitable for using this program. The problems or consequences caused by using this program are borne by the user!


中文 | English

This program is based on EasierConnect (now Archived), thanks to the original author lyc8503.

QQ group: 1037726410, welcome to join the discussion.

Usage

Use a GUI client

You can try the EZ4Connect developed by Chenx Dust (support aTrust) or the hitsz-connect-verge developed by kowyo

Run Directly

Using EasyConnect Protocol
  • If you are a ZJU user:
  • Download the latest version for your platform from the Release page.

  • Taking macOS as an example, extract the executable file zju-connect

  • macOS users need to remove security restrictions first. Run the following in your terminal: sudo xattr -rd com.apple.quarantine zju-connect

  • Run the command: ./zju-connect -protocol easyconnect -username <Account> -password <Password>

  • By default, port 1080 is the Socks5 proxy and port 1081 is the HTTP proxy. To change these ports, please refer to the parameter descriptions.

  • If you are a non-ZJU user:

The steps are the same as above, but try setting the running parameters as follows:

./zju-connect -server <Server Address> -port <Server Port> -username xxx -password xxx -disable-zju-config -skip-domain-resource -zju-dns-server auto

For details, see this link.

If your server requires a graphic captcha, try setting the running parameters as follows:

./zju-connect -server <Server Address> -port <Server Port> -username xxx -password xxx -disable-zju-config -skip-domain-resource -zju-dns-server auto -disable-multi-line -graph-code-file graph_code.jpg

When logging in, the captcha image will be saved to the graph_code.jpg file. Please check it and manually enter the captcha code.

Using aTrust Protocol
  • If you are a ZJU user: Other steps are the same as the EasyConnect method, but set the running parameters to: ./zju-connect -protocol atrust -username <Account> -password <Password> -client-data-file client_data.json Then follow the on-screen prompts. If you do not want to save the login status, you can omit the -client-data-file parameter.

  • If you are a non-ZJU user: The steps are the same as for ZJU users; please specify the login protocol according to your situation. How to determine the Login Domain and Protocol?

  • Fetch available authentication methods: ./zju-connect -protocol atrust -server <Server Address> -port <Server Port> -auth-info.

  • Identify your parameters: The command will return a JSON array of available authentication methods. For example: json [{"loginDomain":"Radius","authType":"auth/psw","authName":"上网账号","loginUrl":""},{"loginDomain":"local","authType":"auth/psw","authName":"IDC运维账号","loginUrl":""},{"loginDomain":"radius93482","authType":"auth/psw","authName":"INTL ID","loginUrl":""}] In this example, there are three methods. To use the first method (Radius), you must append -login-domain Radius -auth-type "auth/psw" to your execution command.
  • Supported Authentication Types: auth/psw (password), auth/cas (CAS), auth/smsCheckCode (SMS verification code).

Run as a service

Link

Run in Docker

Link

Warning

  1. When using other proxy tools with TUN mode enabled and zju-connect as a downstream proxy, please be sure to provide the correct network diversion rules, refer to this issue

TUN mode precautions

  1. Need to run with administrator privileges

  2. Windows system needs to go to Wintun official website to download wintun.dll and place it in the same directory as the executable file

  3. EasyConnect Protocol: The recommended configuration is: -tun-mode -add-route -dns-hijack

  4. aTrust Protocol: The recommended configuration is: -tun-mode -add-route -dns-hijack -fake-ip. Note: When using the aTrust protocol, direct TCP traffic involving domain names via the TUN interface may fail if DNS Hijacking or Fake IP is not enabled

Arguments

General Arguments

  • protocol: Login protocol, supports easyconnect/atrust, default is easyconnect

  • server: VPN server address, default is rvpn.zju.edu.cn/vpn.zju.edu.cn

  • port: VPN server port, default is 443

  • username: Network account. For example: student ID

  • password: Network account password

  • graph-code-file: Graphic captcha file path, default is empty. In aTrust mode, if set, the program will save the captcha image to this file and ask user to input the JSON in terminal.

  • disable-zju-config: Disable ZJU related configuration, non-ZJU users may need to add this argument

  • disable-zju-dns: Disable remote DNS and use local DNS instead, generally no need to add this argument

  • socks-bind: SOCKS5 proxy listening address, default is :1080

  • socks-user: SOCKS5 proxy username, leave blank if no authentication is required

  • socks-passwd: SOCKS5 proxy password, leave blank if no authentication is required

  • http-bind: HTTP proxy listening address, default is :1081. Set to "" to disable HTTP proxy

  • shadowsocks-url: Shadowsocks server URL. For example: ss://aes-128-gcm:password@server:port. Format refer to here

  • dial-direct-proxy: When a URL does not match rules and switches to direct connection, use a proxy. Typically used in conjunction with other proxy tools, currently supports only HTTP proxy. For example: http://127.0.0.1:7890. Set to "" to disable

  • tcp-tunnel-mode: TCP tunnel mode, default is false. When enabled, only TCP traffic can be proxied through the TCP tunnel. Since only aTrust supports TCP tunneling, this mode is ineffective under EasyConnect. Enabling this will disable TUN mode

  • tun-mode: TUN mode (experimental). Please read the TUN mode precautions below

  • add-route: Add routes according to the configuration issued by the server when TUN mode is enabled

  • dns-ttl: DNS cache time, default is 3600 seconds

  • disable-keep-alive: Disable periodic keep-alive, generally no need to add this argument

  • keep-alive-url: Uses HTTP keep-alive, suitable for situations where the server does not provide DNS. Set the URL to visit, for example, https://www.cnki.net/favicon.ico. The default is empty, in which case the server-provided DNS is used for keep-alive.

  • zju-dns-server: Remote DNS server address, default is auto. Set to auto to use the DNS server obtained from the server; disable remote DNS if it fails to obtain

  • secondary-dns-server: Standby DNS server used when the remote DNS server cannot resolve, default is 114.114.114.114. Leave blank to use system default DNS, but must be set when dns-hijack is enabled

  • dns-server-bind: DNS server listening address, default is empty (disabled). For example, set to 127.0.0.1:53, then you can send DNS requests to 127.0.0.1:53

  • dns-hijack: Hijack DNS requests when TUN mode is enabled, it's recommended to add this argument when using TUN mode

  • fake-ip: Enable Fake IP mode. Works with dns-hijack. Don't enable it if you are using EasyConnect protocol

  • debug-dump: Whether to enable debugging, generally no need to add this argument

  • tcp-port-forwarding: TCP port forwarding, format is local address-remote address,local address-remote address,..., for example 127.0.0.1:9898-10.10.98.98:80,0.0.0.0:9899-10.10.98.98:80. Multiple forwardings are separated by ,

  • udp-port-forwarding: UDP port forwarding, format is local address-remote address,local address-remote address,..., for example 127.0.0.1:53-10.10.0.21:53. Multiple forwardings are separated by ,

  • custom-dns: Specify custom DNS resolution results, format is domain:IP,domain:IP,..., for example www.cc98.org:10.10.98.98,appservice.zju.edu.cn:10.203.8.198. Multiple resolutions are separated by ,

  • config: Specify the configuration file, the content refers to config.toml.example. Other parameters are ignored when the configuration file is enabled

EasyConnect Related Arguments

  • totp-secret: TOTP secret, can be used to automatically complete TOTP verification. If the server doesn't require TOTP or you want to manually enter the code, leave blank

  • cert-file: p12 certificate file path, if the server requires certificate verification, this parameter needs to be configured

  • cert-password: Certificate password

  • disable-server-config: Disable server configuration, generally no need to add this argument

  • skip-domain-resource: Do not use the domain resource provided by the server for split tunneling, generally no need to add this argument

  • disable-multi-line: Disable automatic line selection based on latency. When added, use the line specified by the server parameter

  • proxy-all: Whether to proxy all traffic, generally no need to add this argument

  • custom-proxy-domain: Specify custom domains to use RVPN proxy, format is domain,domain,..., for example nature.com,science.org. Multiple domains are separated by ,

  • twf-id: twfID login, for debugging purposes, generally no need to add this argument

aTrust Related Arguments

  • auth-type: aTrust login authentication type, supports auth/psw (password), auth/cas (CAS), auth/smsCheckCode (SMS verification code), default is auth/psw.
  • login-domain: Login domain, default is Radius.
  • client-data-file: Client data file path, used to save login status to avoid repeated verification.
  • cas-ticket: CAS verification ticket, defaults to empty, which triggers interactive verification.
  • phone: Phone number used for SMS verification code login.
  • update-best-nodes-interval: Interval for updating the optimal line automatically, in seconds, default is 300. Set to 0 to disable automatic optimal line selection.
  • auth-info: Only get aTrust authentication information without logging in, generally no need to add this argument. Can be used to check supported authentication methods.
  • sid: aTrust SID, for debugging purposes, generally no need to add this argument.
  • device-id: aTrust device ID, for debugging purposes, generally no need to add this argument.
  • sign-key: aTrust signature key, for debugging purposes, generally no need to add this argument.
  • resource-file: aTrust resource file, for debugging purposes, generally no need to add this argument.

Schedule

Completed

  • [x] Proxy TCP traffic
  • [x] Proxy UDP traffic
  • [x] SOCKS5 proxy service
  • [x] HTTP proxy service
  • [x] Shadowsocks proxy service
  • [x] Remote DNS resolution
  • [x] ZJU rules addition
  • [x] Support IPv6 direct connection
  • [x] DNS cache acceleration
  • [x] Automatic line selection
  • [x] TCP port forwarding
  • [x] UDP port forwarding
  • [x] Start through configuration file
  • [x] Periodic keep-alive
  • [x] TUN mode
  • [x] Automatical DNS hijack
  • [x] SMS verification
  • [x] TOTP verification
  • [x] Certificate verification
  • [x] aTrust protocol support
  • [ ] Fake IP

To Do

Contributors

Thanks

NodeSupport sponsored this project

Star History

Star History Chart

Extension points exported contracts — how you extend this code

Core symbols most depended-on inside this repo

Shape

Method 329
Function 122
Struct 65
Interface 7
TypeAlias 6
FuncType 2

Languages

Go100%

Modules by API surface

client/atrust/l3tunnelconn.go46 symbols
internal/zctcpip/ip.go40 symbols
internal/ping/ping.go23 symbols
stack/gvisor/stack.go21 symbols
stack/tun/tcplistener.go19 symbols
client/atrust/auth/auth.go16 symbols
log/log.go14 symbols
client/atrust/client.go14 symbols
service/shadowsocks.go12 symbols
internal/zctcpip/udp.go12 symbols
client/client.go12 symbols
client/atrust/tcptunnel.go12 symbols

For agents

$ claude mcp add zju-connect \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact

Ask about this repo answers extend the page