🚫 Disclaimer
This program is provided as is, and the author does not guarantee the correctness or reliability of the program. Please judge whether the specific scenario is suitable for using this program. The problems or consequences caused by using this program are borne by the user!
中文 | English
This program is based on EasierConnect (now Archived), thanks to the original author lyc8503.
QQ group: 1037726410, welcome to join the discussion.
rvpn.zju.edu.cn:443You can try the EZ4Connect developed by Chenx Dust (support aTrust) or the hitsz-connect-verge developed by kowyo
Download the latest version for your platform from the Release page.
Taking macOS as an example, extract the executable file zju-connect
macOS users need to remove security restrictions first. Run the following in your terminal: sudo xattr -rd com.apple.quarantine zju-connect
Run the command: ./zju-connect -protocol easyconnect -username <Account> -password <Password>
By default, port 1080 is the Socks5 proxy and port 1081 is the HTTP proxy. To change these ports, please refer to the parameter descriptions.
If you are a non-ZJU user:
The steps are the same as above, but try setting the running parameters as follows:
./zju-connect -server <Server Address> -port <Server Port> -username xxx -password xxx -disable-zju-config -skip-domain-resource -zju-dns-server auto
For details, see this link.
If your server requires a graphic captcha, try setting the running parameters as follows:
./zju-connect -server <Server Address> -port <Server Port> -username xxx -password xxx -disable-zju-config -skip-domain-resource -zju-dns-server auto -disable-multi-line -graph-code-file graph_code.jpg
When logging in, the captcha image will be saved to the graph_code.jpg file. Please check it and manually enter the captcha code.
If you are a ZJU user:
Other steps are the same as the EasyConnect method, but set the running parameters to:
./zju-connect -protocol atrust -username <Account> -password <Password> -client-data-file client_data.json
Then follow the on-screen prompts. If you do not want to save the login status, you can omit the -client-data-file parameter.
If you are a non-ZJU user: The steps are the same as for ZJU users; please specify the login protocol according to your situation. How to determine the Login Domain and Protocol?
Fetch available authentication methods: ./zju-connect -protocol atrust -server <Server Address> -port <Server Port> -auth-info.
json
[{"loginDomain":"Radius","authType":"auth/psw","authName":"上网账号","loginUrl":""},{"loginDomain":"local","authType":"auth/psw","authName":"IDC运维账号","loginUrl":""},{"loginDomain":"radius93482","authType":"auth/psw","authName":"INTL ID","loginUrl":""}]
In this example, there are three methods. To use the first method (Radius), you must append -login-domain Radius -auth-type "auth/psw" to your execution command.auth/psw (password), auth/cas (CAS), auth/smsCheckCode (SMS verification code).Need to run with administrator privileges
Windows system needs to go to Wintun official website to download wintun.dll and place it in the same directory as the executable file
EasyConnect Protocol: The recommended configuration is: -tun-mode -add-route -dns-hijack
aTrust Protocol: The recommended configuration is: -tun-mode -add-route -dns-hijack -fake-ip. Note: When using the aTrust protocol, direct TCP traffic involving domain names via the TUN interface may fail if DNS Hijacking or Fake IP is not enabled
protocol: Login protocol, supports easyconnect/atrust, default is easyconnect
server: VPN server address, default is rvpn.zju.edu.cn/vpn.zju.edu.cn
port: VPN server port, default is 443
username: Network account. For example: student ID
password: Network account password
graph-code-file: Graphic captcha file path, default is empty. In aTrust mode, if set, the program will save the captcha image to this file and ask user to input the JSON in terminal.
disable-zju-config: Disable ZJU related configuration, non-ZJU users may need to add this argument
disable-zju-dns: Disable remote DNS and use local DNS instead, generally no need to add this argument
socks-bind: SOCKS5 proxy listening address, default is :1080
socks-user: SOCKS5 proxy username, leave blank if no authentication is required
socks-passwd: SOCKS5 proxy password, leave blank if no authentication is required
http-bind: HTTP proxy listening address, default is :1081. Set to "" to disable HTTP proxy
shadowsocks-url: Shadowsocks server URL. For example: ss://aes-128-gcm:password@server:port. Format refer to here
dial-direct-proxy: When a URL does not match rules and switches to direct connection, use a proxy. Typically used in conjunction with other proxy tools, currently supports only HTTP proxy. For example: http://127.0.0.1:7890. Set to "" to disable
tcp-tunnel-mode: TCP tunnel mode, default is false. When enabled, only TCP traffic can be proxied through the TCP tunnel. Since only aTrust supports TCP tunneling, this mode is ineffective under EasyConnect. Enabling this will disable TUN mode
tun-mode: TUN mode (experimental). Please read the TUN mode precautions below
add-route: Add routes according to the configuration issued by the server when TUN mode is enabled
dns-ttl: DNS cache time, default is 3600 seconds
disable-keep-alive: Disable periodic keep-alive, generally no need to add this argument
keep-alive-url: Uses HTTP keep-alive, suitable for situations where the server does not provide DNS. Set the URL to visit, for example, https://www.cnki.net/favicon.ico. The default is empty, in which case the server-provided DNS is used for keep-alive.
zju-dns-server: Remote DNS server address, default is auto. Set to auto to use the DNS server obtained from the server; disable remote DNS if it fails to obtain
secondary-dns-server: Standby DNS server used when the remote DNS server cannot resolve, default is 114.114.114.114. Leave blank to use system default DNS, but must be set when dns-hijack is enabled
dns-server-bind: DNS server listening address, default is empty (disabled). For example, set to 127.0.0.1:53, then you can send DNS requests to 127.0.0.1:53
dns-hijack: Hijack DNS requests when TUN mode is enabled, it's recommended to add this argument when using TUN mode
fake-ip: Enable Fake IP mode. Works with dns-hijack. Don't enable it if you are using EasyConnect protocol
debug-dump: Whether to enable debugging, generally no need to add this argument
tcp-port-forwarding: TCP port forwarding, format is local address-remote address,local address-remote address,..., for example 127.0.0.1:9898-10.10.98.98:80,0.0.0.0:9899-10.10.98.98:80. Multiple forwardings are separated by ,
udp-port-forwarding: UDP port forwarding, format is local address-remote address,local address-remote address,..., for example 127.0.0.1:53-10.10.0.21:53. Multiple forwardings are separated by ,
custom-dns: Specify custom DNS resolution results, format is domain:IP,domain:IP,..., for example www.cc98.org:10.10.98.98,appservice.zju.edu.cn:10.203.8.198. Multiple resolutions are separated by ,
config: Specify the configuration file, the content refers to config.toml.example. Other parameters are ignored when the configuration file is enabled
totp-secret: TOTP secret, can be used to automatically complete TOTP verification. If the server doesn't require TOTP or you want to manually enter the code, leave blank
cert-file: p12 certificate file path, if the server requires certificate verification, this parameter needs to be configured
cert-password: Certificate password
disable-server-config: Disable server configuration, generally no need to add this argument
skip-domain-resource: Do not use the domain resource provided by the server for split tunneling, generally no need to add this argument
disable-multi-line: Disable automatic line selection based on latency. When added, use the line specified by the server parameter
proxy-all: Whether to proxy all traffic, generally no need to add this argument
custom-proxy-domain: Specify custom domains to use RVPN proxy, format is domain,domain,..., for example nature.com,science.org. Multiple domains are separated by ,
twf-id: twfID login, for debugging purposes, generally no need to add this argument
auth-type: aTrust login authentication type, supports auth/psw (password), auth/cas (CAS), auth/smsCheckCode (SMS verification code), default is auth/psw.login-domain: Login domain, default is Radius.client-data-file: Client data file path, used to save login status to avoid repeated verification.cas-ticket: CAS verification ticket, defaults to empty, which triggers interactive verification.phone: Phone number used for SMS verification code login.update-best-nodes-interval: Interval for updating the optimal line automatically, in seconds, default is 300. Set to 0 to disable automatic optimal line selection.auth-info: Only get aTrust authentication information without logging in, generally no need to add this argument. Can be used to check supported authentication methods.sid: aTrust SID, for debugging purposes, generally no need to add this argument.device-id: aTrust device ID, for debugging purposes, generally no need to add this argument.sign-key: aTrust signature key, for debugging purposes, generally no need to add this argument.resource-file: aTrust resource file, for debugging purposes, generally no need to add this argument.NodeSupport sponsored this project
$ claude mcp add zju-connect \
-- python -m otcore.mcp_server <graph>