Use public network IPv6 to remotely access intranet devices

I. Introduction

How to elegantly use the public network IPv6 for remote access in an environment where the first IPv4 public network IP number is hard to find? This article will take China Mobile's broadband and optical modem as an example to explain the settings of IPv6, and realize remote access to the Windows host on the intranet through the IPv6 address and the remote tool "mstsc" that comes with the Windows system.

Some broadband installation masters may not enable IPv6 by default, so we first log in to the background of the optical modem to confirm whether the optical modem has enabled IPv6. Since telecom broadband services are relatively easy to obtain public network IPv4 addresses, here is an example of mobile broadband. The optical modems provided by other broadband operators may be different, but the functions are similar. Please search for the corresponding operation details by yourself.

2. Confirm the IPv6 connection status

If the broadband is connected by a dial-up modem, enter the background address of the modem in the browser, for example 192.168.1.1, the background interface of the mobile modem is shown in the figure below. Generally speaking, the administrator account and password of the mobile optical modem are the same. They have applied for mobile broadband in different cities in the same province, and the account passwords of the optical modem background are as shown in the figure 账号：CMCCAdmin 密码：aDm8H%MdA. Not sure whether there are differences in different provinces. If this account password is not available, please search for it yourself or ask for it from your broadband operator.

After clicking OK, enter the background interface, press the buttons and the sequence marked in the figure, and click one by one, you can view the IPv6 connection information on the current interface.

If it is confirmed that the IPv6 has been connected correctly, in the above interface, you can pull the horizontal scroll bar to view the current IPv6 address.

If the above interface shows that IPv6 is not connected, please check whether the operator has enabled the IPv6 function for the current broadband package according to the following interface.

3. Open and view the remote host IPv6 address

Here we take the win10 system as an example. Some people’s PCs may not have IPv6 enabled by default. Follow the steps below to enable IPv6 and obtain an IPv6 address.

1. Press "windows logo" + "R" to open the run window, enter "ncpa.cpl" and press Enter to open the network adapter management interface
   
   
2. Double-click the Ethernet connection to view the current Ethernet status. If the IPv6 connection shows no network connection, open the IPv6 connection according to the instructions in the picture below
   
   
   

4. Open the IPv6 connection of the local PC

Since IPv6 needs to be used for remote connection, it is necessary to ensure that both the local PC and the remote PC have the ability to connect to IPv6. Therefore, for the local PC, it is also necessary to confirm according to the third step above.

The remote PC and the local PC can use a browser to access the IPv6 test website for connection testing.

After completing the IPv6 connection settings at both ends, you can directly use the IPv6 address to try to connect remotely. Not surprisingly, the remote access can be successfully performed at this time.

• Press "windows logo" + "R" to open the running interface, enter "mstsc", press Enter, open the remote connection interface, fill in the " IPv6 address of the remote PC " obtained in the second step, and click Connect. Under normal circumstances, a pop-up will pop up asking for a user name and password.
  

Five, the pit encountered

There may be two pits in the whole process, resulting in failure to connect:

1. By default, the optical modem enables the control and forwarding message function of the IPv6 firewall (this is described in the author's mobile optical modem), resulting in all IPv6 data packets being intercepted, so that remote connections cannot be established, and even pings cannot be passed. This function needs to be turned off in order to use IPv6 normally.
   
2. The remote PC does not have remote access turned on. The win10 home edition does not support remote desktop, and the professional edition has remote desktop turned off by default, so it needs to be opened and confirmed manually.
   
   
3. Some networks do not enable IPv6 by default, such as the company's internal network, so although the remote PC has enabled IPv6, it still cannot be remotely connected through IPv6;

6. Defects

After completing the above operations step by step, generally speaking, you can successfully use the IPv6 address for remote access. But there are still two fatal problems in use:

1. The IPv6 address is very long and inconvenient to remember;
2. The public network IPv6 address is not fixed. Under certain circumstances, the address changes. If the address cannot be obtained in time, remote access cannot be performed.

For the first defect, since the domain name can be customized and easy to remember, we can apply for a domain name (such as baidu.com, google.com) and resolve the domain name to the corresponding IP address (DNS service provider provides resolution service) , to access through the domain name.

As for the second defect, on the basis of the domain name, we also need to periodically synchronize the current IP address to the DNS service provider, modify the target IP of domain name resolution, and ensure that the domain name can be correctly resolved to our own equipment.

Due to the length of the article, it will be described in detail in the next article~