Use IPV6+DDNS to connect to the intranet host

0. Foreword

        IPV6 has been popular for many years, but as an Internet user, it seems that there is no more experience in practicality, or IPV6 has not made ordinary users feel the change. As a network practitioner, I actually didn't pay much attention to it. What is commonly encountered in work is still an IPV4-based network, such as the network of various industries, the intranet area of ​​​​the unit, and the Internet area. Static routing, dynamic routing, port mapping, security policies, etc. are also common in applications, and these are also based on IPV4. The contact with IPV6 is the IPV6 transformation encountered when docking with operators or large industries. In this scenario, the equipment I am responsible for needs to be docked.

        IT technology is changing with each passing day, and if you don't learn it, you will be eliminated. Recalling that I also learned IPV6 when I was taking the CCNA certification many years ago, so many years have passed in a flash. I also have an empty cup mentality to understand how to make IPV6 more convenient and useful on the application side.

1. Preparation

        Before preparing for the work, a simple understanding of IPV6 is required.

        Because of the shortage of the number of IPV4 addresses, so many addresses are expected when designing IPV6. After satisfying the IPV6 environment, our computers, tablets, and mobile phones can obtain a unique IPV6 address in the world, and we can access our own terminal devices through this address.

        So how do you monitor whether you have an IPV6 environment? The easiest way is to visit: http://test-ipv6.com/

        If the test passes, you have an IPV6 environment, such as:

        PS: China Unicom's IPV6 address starts with 2408, China Mobile's IPV6 address starts with 2409, and China Telecom's IPV6 address starts with 240e.       

        Most of the current operators support IPV6, and even our notebooks with open WIFI hotspots on our mobile phones will have an IPV6 network after they are connected. If there is no IPV6 address, you can check the settings of the router and optical modem (as for the router does not support IPV6, it is recommended to change the router).

        The first case is optical modem dial-up, the router supports IPV6, the router can be assigned to the public network IPV6 address, but the device under the router has only one intranet IPV6 address. If we only access IPV6 services in the LAN, there is no problem, but if we remotely access the equipment under the router, it will not work. Our next DDNS can't be realized either.

                

        The second case is optical cat bridging, router dial-up, and the router supports IPV6. At this time, the following settings are interesting.

        Let's take a look at the IPV6 settings of the router first. The following only uses the Xiaomi router AX3600 as an example.

        Set IPV6 in Common Settings - Internet Settings.

        Open the IPV6 network setting, and select the Native mode for the Internet access method.

        DNS optional automatic configuration.

         When our terminal has an IPV6 address, it can provide external services or be accessed.

        Check the IPV6 address with ipconfig:

         Our IPV6 address should be a temporary IPV6 address, because the address we obtain is dynamic and will change every time we connect.

        As for why it is a dynamic estimate, it is to protect users.

2. Test

        At this time, you can use the IPV6 address to directly access the terminal. This avoids the use of intranet penetration tools.

       Use scenarios, or tests:

         A. You can use chfs to share files.

        CuteHttpFileServer/chfs is a free, HTTP protocol file sharing server, which can be quickly accessed using a browser. It has the following characteristics:

1. Single file, core functionality requires no other files
2. Cross-platform operation, support mainstream platforms: Windows, Linux and Mac
3. Simple interface, easy to use
4. Support account authority control and address filtering

        It is recommended to use chfsgui, which is a chfs with a graphical interface under the windows platform.

         After setting the relevant data, you can start the service.

        At this time, you can use other devices to access through the IPV6 address.

         The above is the interface I accessed through my mobile phone. It should be noted that port 80 cannot be used, and the default port needs to be changed.

          Also note that the ipv6 in url format needs to be enclosed in [] symbols. like:

http://[2408:8221:33b:7d90:19da:****:****:****]:2044/

        But in my actual test, it seems that 80 can also be used. To be on the safe side, it is recommended to change the port.

        B. Remote Desktop Connection

        This function is also more practical, suitable for the situation where we want to be able to log in to the computer terminal remotely at any time.

        First open the remote desktop connection of the computer, and then open mstsc in other terminals, or install the remote desktop connection client on the mobile phone.

        

                 I am using the Android version of the RD client, and it should be noted that [ ] should be added to the address.

3. DDNS settings

        IPV6 is obviously very convenient to use, but it faces another problem, the IPV6 address is dynamic and so long.

        How can I get the latest address when the address changes?

        We can solve it through ddns. To put it simply, a dynamic IPV6 address is obtained through a fixed domain name, and the mapping relationship between the domain name and the address can be dynamically updated through tools.

        Domain names can be registered on Tencent Cloud and Alibaba Cloud. The cheapest one seems to be 8 yuan a year.

       I use Tencent Cloud dnspod, register a cheap domain name, and add AAAA records in the domain name resolution, which is the IPV6 host record. Add any corresponding address.

         After the addition is complete, a token needs to be generated. Click My Account--token Settings, click DNSPod Token.

        Click Create Key and record the token for future use.

        Search ddns on github, or directly open the URL below.

GitHub - NewFuture/DDNS: Automatically update domain name resolution to local IP (support dnspod, Ali DNS, CloudFlare, Huawei Cloud, DNSCOM...)

        Through the introduction page, you can see that it supports multiple platforms, and you can also view the usage method through the help file.

        Download the program for the corresponding platform on the release interface.

        The first run will generate config.json, and then configure the file, and fill in the token information we generated and the ipv6 domain name to be updated correctly.

        Then run run ddns.exe again

        If the configuration is correct, the dns mapping should have been updated to the correct IPV6 address of the machine.

        You can use the ping command to test:

        ping -6 ipv6.****.online

4. Summary

4.1 ddns tool

        I found a better tool to automatically update the ipv6 mapping on github, which can be added as a system tool, self-starting, and stable operation.

        GitHub - jeessy2/ddns-go: Simple and easy to use DDNS. Automatically update the domain name to resolve to the public network IP (support Alibaba Cloud, Tencent Cloud dnspod, Cloudflare, Callback, Huawei Cloud, Baidu Cloud, porkbun, GoDaddy, Google Domains) simple and easy-to-use DDNS. Automatically update domain name resolution to public IP (support Alibaba Cloud, Tencent Cloud dnspod, Cloudflare, Callback, Huawei Cloud, Baidu Cloud, porkbun, GoDaddy, Google Domains) - GitHub - jeessy2/ddns-go: Simple and easy-to-use DDNS. Automatically update domain name resolution to public network IP (support Alibaba Cloud, Tencent Cloud dnspod, Cloudflare, Callback, Huawei Cloud, Baidu Cloud, porkbun, GoDaddy, Google Domains) https://github.com/jeessy2/ddns-go       

• Support Mac, Windows, Linux system, support ARM, x86 architecture
• Supported Domain Name Service Providers Alidns(阿里云) Dnspod(腾讯云) Cloudflare 华为云 Callback 百度云 porkbun GoDaddy Google Domains
• Support interface/network card/ command to get IP
• Support running as a service
• Synchronize every 5 minutes by default
• Support simultaneous resolution of multiple domain names, a must for companies
• Support multi-level domain names
• Configuration in the webpage, simple and convenient, can be set  登录用户名和密码 / 禁止从公网访问
• It is convenient to quickly view the latest 50 logs on the web page, no need to run docker to view
• Support webhook notification
• Support TTL
• Support some dns service providers to pass custom parameters to realize regional analysis and other functions

Instructions:

•  Download and extract ddns-go from  Releases
• Double-click to run, if no configuration is found, the program will automatically open  http://127.0.0.1:9876
• [Optional] Install Services
  • Mac/Linux: sudo ./ddns-go -s install
  • Win (open cmd as an administrator): .\ddns-go.exe -s install
• [Optional] Service uninstallation
  • Mac/Linux: sudo ./ddns-go -s uninstall
  • Win (open cmd as an administrator): .\ddns-go.exe -s uninstall
• [Optional] Support parameter  -llistening address  -fsynchronization interval (seconds)  during installation or startup -c, customize configuration file path  , skip certificate verification -nowebwithout starting web service  -skipVerify. like:./ddns-go -l :9877 -f 600 -c /Users/name/ddns-go.yaml

4.2 vmware workstation 

        I used a virtual machine during the test, so I tried to use the operating system in the virtual machine to connect to the IPV6 address of the physical host in bridge and nat mode, and found that the test was normal.

        But when the notebook uses wifi, the IPV6 address cannot be obtained in bridge mode.

        After searching, it is found that this is a bug of vmware, which has not been resolved yet.