免费快速实现内网穿透:windows远程桌面连接实战
本次介绍使用frp实现内网穿透,文章是之前写的,写了很多篇,后续会一一整理出来,希望帮助到有需要的朋友。frp简介
本次介绍使用 frp 实现内网穿透,文章是之前写的,写了很多篇,后续会一一整理出来,希望帮助到有需要的朋友。
frp简介
在某些时候,我们需要远程访问某个内网的资源或服务,但是内网设备通常是无法被外部访问的,内网穿透技术就是解决这种问题。
frp是开源的内网穿透工具,轻量、容易配置,而且支持多种协议(如 http、https、tcp、udp等),并且支持多种认证方式。
frp github 中文文档:https://github/fatedier/frp/blob/master/README_zh.md
release 下载:https://github/fatedier/frp/releases
注:服务器端和客户端下载的版本要保持一致。
本次下载的版本是【v0.31.2】:https://github/fatedier/frp/releases/tag/v0.31.2
本次演示的是通过 frp 内网穿透,在远程连接一台windows电脑。
一、部署
frp由两部分组成:
frps(服务器端):运行在具有公网 IP 的服务器上frpc(客户端):运行在内网设备上本次部署的服务端是阿里云的一台 CentOS 云服务器,客户机就是本地一台 windows。
1.1 服务端部署
本次下载的文件是【frp_0.31.2_linux_amd64.tar.gz】,frps.ini 是启动的配置文件:
[common]bind_port=7000因为用到了服务器默认是 7000 端口,需要在防火墙中开启,如果是云服务器则只需要在安全组的入站方向增加一个端口即可。由于下面客户端配置的端口是 6000 ,因此一起加上:
下载并运行服务端程序:
将文件上传到服务器解压压缩包tar-zxvf frp_0.31.2_linux_amd64.tar.gz进入目录cdfrp_0.31.2_linux_amd64设置后台运行frp服务端nohup./frps -c ./frps.ini &或者输出到指定目录nohup ./frps -c ./frps.ini > log/log_202212.log 2>&1 &
查看 nohub.out 日志:
[root@VM_0_7_centos frp_0.31.2_linux_amd64]catnohup.out2020/03/2422:48:05[I][service.go:152]frpstcplistenon0.0.0.0:70002020/03/2422:48:05[I][root.go:205]startfrpssuccess[root@VM_0_7_centos frp_0.31.2_linux_amd64]说明服务端启动成功。
1.2 客户端部署
客户端是windows系统,本次下载的文件是【frp_0.31.2_windows_386.zip】。
直接解压压缩包,修改 frpc.ini 文件:
[common]server_addr=111.X.X.34server_port=7000[ssh]type= tcplocal_ip=127.0.0.1local_port=3389remote_port=6000server_addr 是服务端 ip 地址。
进入解压的根目录,输入命令frpc -c frpc.ini启动客户端:
出现 start proxy success 说明启动成功。
windows开启远程桌面功能:
二、测试
找一台非局域网的电脑远程连接上面部署的windows电脑:
校验了用户名或密码错误,出现了这个说明连接到了,下面输入正确的用户名密码:
连接成功。
如有域名的话,可以将域名解析到这个公网服务器ip,然后通过【域名+端口】访问,这样方便记忆。
三、知识点
前面介绍的是基本使用,按照上面的步骤可以立马使用起来,但是缺乏安全性、便捷性等。
3.1 压缩包内文件介绍
压缩包有这个几个文件:
[root@iZbp1itnf4brss9ptmsq9fZ frp_0.31.2_linux_amd64]lsfrpcfrpc_full.inifrpc.inifrpsfrps_full.inifrps.iniLICENSEsystemd客户端使用:frpc frpc_full.ini frpc.inifrpc:命令frpc_full.ini:配置文件完整示例frpc.ini:配置文件服务端使用:frps frps_full.ini frps.inifrps:命令frps_full.ini:配置文件完整示例frps.ini:配置文件3.2 服务端
先看下配置文件完整示例 frps_full.ini 的内容:
[root@iZbp1itnf4brss9ptmsq9fZ frp_0.31.2_linux_amd64]cat frps_full.ini[common] is integral section[common]A literal address or host name for IPv6 must be enclosedin square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"bind_addr=0.0.0.0bind_port=7000udp port to help make udp hole to penetrate natbind_udp_port=7001udp port used for kcp protocol, it can be same with bind_portif not set, kcp is disabled in frpskcp_bind_port=7000specify which address proxy will listen for, default value is same with bind_addrproxy_bind_addr = 127.0.0.1if you want to support virtual host, you must set the http port for listening (optional)Note:http port and https port can be same with bind_portvhost_http_port=80vhost_https_port=443response header timeout(seconds) for vhost http server, default is 60svhost_http_timeout = 60set dashboard_addr and dashboard_port to view dashboard of frpsdashboard_addrs default value is same with bind_addrdashboard is available only if dashboard_port is setdashboard_addr=0.0.0.0dashboard_port=7500dashboard user and passwd for basic auth protect, if not set, both default value is admindashboard_user= admindashboard_pwd= admindashboard assets directory(only for debug mode)assets_dir = ./staticconsole or real logFile path like ./frps.loglog_file= ./frps.logtrace, debug, info, warn, errorlog_level= infolog_max_days=3disable log colors when log_file is console, default is falsedisable_log_color=falseauth tokentoken=12345678heartbeat configure, its not recommended to modify the default valuethe default value of heartbeat_timeout is 90heartbeat_timeout = 90only allow frpc to bind ports you list, if you set nothing, there wont be any limitallow_ports=2000-3000,3001,3003,4000-50000pool_count in each proxy will change to max_pool_count if they exceed the maximum valuemax_pool_count=5max ports can be used for each client, default value is 0 means no limitmax_ports_per_client=0if subdomain_host is not empty, you can set subdomain when type is http or https in frpcs configure filewhen subdomain is test, the host used by routing is test.frps.comsubdomain_host= frps.comif tcp stream multiplexing is used, default is truetcp_mux=truecustom 404 page for HTTP requestscustom_404_page = /path/to/404.html[plugin.user-manager]addr=127.0.0.1:9000path= /handlerops= Login[plugin.port-manager]addr=127.0.0.1:9001path= /handlerops= NewProxy3.2.1 启用 dashboard
改成:
[common]bind_port=7000bind_udp_port=7001kcp_bind_port=7000dashboard_addr=0.0.0.0dashboard_port=7500dashboard_user= admindashboard_pwd= admin3.2.2安全认证
如果别人知道了你的服务器ip和端口,别人就能使用你的服务器做穿透了:
[common]server_addr=111.X.X.34server_port=7000为了保证安全,需要服务端和客户端添加相同的认证 token。
服务端添加如下配置后重启:
auth tokentoken= wankun666重启 frps,然后查看端口,如下已经启动成功了,我添加了很多端口:
[root@iZbp1itnf4brss9ptmsq9fZfrp_0.31.2_linux_amd64]netstat-lnpt|grepfrpstcp600:::11522:::*LISTEN1909/./frpstcp600:::6022:::*LISTEN1909/./frpstcp600:::21672:::*LISTEN1909/./frpstcp600:::7433:::*LISTEN1909/./frpstcp600:::8181:::*LISTEN1909/./frpstcp600:::11672:::*LISTEN1909/./frpstcp600:::7000:::*LISTEN1909/./frpstcp600:::9306:::*LISTEN1909/./frpstcp600:::12379:::*LISTEN1909/./frps[root@iZbp1itnf4brss9ptmsq9fZfrp_0.31.2_linux_amd64]kill-91909这个时候客户端会出现连接失败,查看最新日志,提示 authorization failed 认证失败:
[root@localhost frp_0.31.2_linux_amd64]tail-10nohup.out2022/12/1709:10:22[W][service.go:151][ed52dcb97a69fd0b]reconnecttoservererror:authorizationfailed2022/12/1709:10:42[I][service.go:148][ed52dcb97a69fd0b]trytoreconnecttoserver...2022/12/1709:10:42[E][service.go:241][ed52dcb97a69fd0b]authorizationfailed2022/12/1709:10:42[W][service.go:151][ed52dcb97a69fd0b]reconnecttoservererror:authorizationfailed2022/12/1709:11:02[I][service.go:148][ed52dcb97a69fd0b]trytoreconnecttoserver...2022/12/1709:11:02[E][service.go:241][ed52dcb97a69fd0b]authorizationfailed2022/12/1709:11:02[W][service.go:151][ed52dcb97a69fd0b]reconnecttoservererror:authorizationfailed2022/12/1709:11:22[I][service.go:148][ed52dcb97a69fd0b]trytoreconnecttoserver...2022/12/1709:11:22[E][service.go:241][ed52dcb97a69fd0b]authorizationfailed2022/12/1709:11:22[W][service.go:151][ed52dcb97a69fd0b]reconnecttoservererror:authorizationfailed...服务端重新启动也会认证失败:
[root@localhostfrp_0.31.2_linux_amd64]ps-ef|grepfrproot108615948009:17pts/000:00:00grep--color=autofrproot20274108月28?00:37:05./frpc-c./frpc.ini[root@localhostfrp_0.31.2_linux_amd64]kill-920274[root@localhostfrp_0.31.2_linux_amd64]ps-ef|grepfrproot109475948009:18pts/000:00:00grep--color=autofrp[root@localhostfrp_0.31.2_linux_amd64]./frpc-cfrpc.ini2022/12/1709:19:56[E][service.go:241]authorizationfailed2022/12/1709:19:56[W][service.go:97]login to server failed:authorizationfailedauthorizationfailed客户端再添加token配置,然后重启:
auth tokentoken= wankun666!!重启成功了:
[root@localhost frp_0.31.2_linux_amd64]./frpc-cfrpc.ini2022/12/1709:22:25[I][service.go:250][769ff70f636cb4ba]logintoserversuccess,getrunid[769ff70f636cb4ba],serverudpport[0]2022/12/1709:22:25[I][proxy_manager.go:144][769ff70f636cb4ba]proxyadded:[ssh redis12379 mssql7433 web11672 mysql9306 web8181 web11522 web21672]2022/12/1709:22:25[I][control.go:164][769ff70f636cb4ba][web8181]startproxysuccess2022/12/1709:22:25[I][control.go:164][769ff70f636cb4ba][mssql7433]startproxysuccess2022/12/1709:22:25[I][control.go:164][769ff70f636cb4ba][web11672]startproxysuccess2022/12/1709:22:25[I][control.go:164][769ff70f636cb4ba][mysql9306]startproxysuccess2022/12/1709:22:25[I][control.go:164][769ff70f636cb4ba][ssh]startproxysuccess2022/12/1709:22:25[I][control.go:164][769ff70f636cb4ba][web11522]startproxysuccess2022/12/1709:22:25[I][control.go:164][769ff70f636cb4ba][web21672]startproxysuccess2022/12/1709:22:25[I][control.go:164][769ff70f636cb4ba][redis12379]startproxysuccess由于当前窗口关闭之后,程序就结束了,最后使用命令让其后台运行nohup ./frpc -c ./frpc.ini &。
总结
本次介绍了下载安装frp服务端和客户端,配置实现了windows远程桌面连接,后续会介绍其他内容,欢迎关注我,不错过,不迷路。
(完)
