ICT VPN Alt

README.md

🌐 ICT VPN Alt

💭 Preface

This documentation introduces an alternative to Sangfor EasyConnect client, which is quite outdated and annoying.

By following this tutorial, you'll be able to:

• Access your server in ICT via SSH (given that you can already access it via EasyConnect)
• ...To be completed...

But, you will NOT be able to:

• Access the OA system via your browser (maybe I haven't configured correctly? If you know how to, please leave a comment.)
• ...To be completed...

📥 Setup

1. Navigate to Releases of zju-connect.
2. Download the latest binary for your platform and extract to a convenient folder, say "Folder X".
3. If on Windows, download wintun.dll and place it in "Folder X".
4. Download sample configuration file config.toml, modify the following fields, and place it in "Folder X".

• username
• password
• cert_password

5. Place your certificate in "Folder X" and rename it to ict.p12.

Now your "Folder X" should look like:

config.toml
ict.p12
wintun.dll      # Windows only
zju-connect.exe # zju-connect if not Windows

🤔 Usage

On Unix:

sudo ./zju-connect -config config.toml

On Windows, you'll need to run with Administrator privileges:

./zju-connect.exe -config config.toml

Or if you have enabled sudo on Windows, you can also:

sudo ./zju-connect.exe -config config.toml

You'll see logs like:

2025/10/19 16:43:56 Start ZJU Connect v0.9.0
2025/10/19 16:43:56 Exec func on initial: check bind port
2025/10/19 16:43:56 Exec func on initial  check bind port success
2025/10/19 16:43:56 Request: https://<REDACTED>:443/por/login_auth.csp?apiversion=1
2025/10/19 16:43:56 VPN server version: M7.6.0
...
2025/10/19 16:44:01 Add route to <REDACTED>/32
2025/10/19 16:44:01 Starting DNS server at <REDACTED>:53
2025/10/19 16:44:01 HTTP server listening on :1081
2025/10/19 16:44:01 vpn.ict.ac.cn -> <REDACTED>
2025/10/19 16:44:01 Socket: connected to: <REDACTED>:443
2025/10/19 16:44:01 TLS: connected to: <REDACTED>:443
2025/10/19 16:44:01 Socket: connected to: <REDACTED>:443
2025/10/19 16:44:01 TLS: connected to: <REDACTED>:443

And now you can SSH into your server.

🗑️ Uninstall EasyConnect

If you wish to uninstall EasyConnect, you may refer to this tutorial.

🎉 Credits

• zju-connect
• easyconn-socks5-for-HITsz
• EasierConnect / NJUConnect

config.toml

username = "YOUR-STUDENT-ID"
password = "YOUR-VPN-PASSWORD"
totp_secret = ""
cert_file = "./ict.p12"
cert_password = "YOUR-CERT-PASSWORD"

# Advanced settings
server_address = "vpn.ict.ac.cn"
server_port = 443
disable_server_config = false
skip_domain_resource = false
disable_zju_config = true
disable_zju_dns = true
disable_multi_line = false
proxy_all = false
socks_bind = ""
socks_user = ""
socks_passwd = ""
http_bind = ":1081"
shadowsocks_url = "" # "ss://aes-128-gcm:password@:1082"
dial_direct_proxy = "" # "http://127.0.0.1:7890" or "socks://127.0.0.1:7890"
tun_mode = true
add_route = true
dns_ttl = 3600
disable_keep_alive = true
zju_dns_server = "auto"
secondary_dns_server = "114.114.114.114"
dns_server_bind = ""
dns_hijack = true
debug_dump = false

# Port forwarding
port_forwarding = [
#    { network_type = "tcp", bind_address = "127.0.0.1:9898", remote_address = "10.10.98.98:80" },
#    { network_type = "tcp", bind_address = "127.0.0.1:9899", remote_address = "10.10.98.98:80" },
#    { network_type = "udp", bind_address = "127.0.0.1:1053", remote_address = "10.10.0.21:53" }
]

custom_dns = [
#    { host_name = "appservice.zju.edu.cn", ip = "10.203.8.198"},
#    { host_name = "www.cc98.org", ip = "10.10.98.98"}
]

custom_proxy_domain = [
#    "science.org",
#    "nature.com",
#    "oa.ict.ac.cn"
]