Article Directory
Scene description
Use the off-campus network to connect directly to the laboratory machine without ssh through the school VPN. You need a VPS. You can use Tencent Cloud’s free one-month package. The network speed is 3M, which is not enough for remote desktop. If you want to remote For desktop, it is recommended to purchase a high-bandwidth VPS.
- Required tools open source software frp
- A VPS, my side is centos 7.6 system, Tencent Cloud
- Laboratory machine (My side is ubuntu, if it is windows, the difference lies in the installation and operation of the frp client, the configuration file remains unchanged, you can refer to the official documentation for details
Specific steps
The first two steps are the same on the laboratory machine and the VPS
One, golang operating environment
Frp relies on golang, you can go version
check whether there is a go environment, here is 1.15.7
wget https://studygolang.com/dl/golang/go1.15.7.linux-amd64.tar.gz
sudo tar -zxf go1.15.7.linux-amd64.tar.gz -C /opt
echo 'PATH=/opt/go/bin:${PATH}' >> ~/.bashrc
source ~/.bashrc
# 确认Go环境
go version
Second, get the frp package
This step may be too slow on the Tencent Cloud server, it is best to download it and pass it directly
wget https://github.com/fatedier/frp/releases/download/v0.35.0/frp_0.35.0_linux_amd64.tar.gz
tar -zxf frp_0.35.0_linux_amd64.tar.gz
cd frp_0.35.0_linux_amd64
Three, install frp server
- The first two steps must be performed on the laboratory machine and the VPS, this step is performed on the VPS
- Configure the default
7000
port, if you want to change it, you can changefrps.ini
the port number corresponding to the file, and then open the corresponding port on the Tencent Cloud control panel firewall - Start the frps service on vps. Under normal circumstances, the Tencent Cloud server should not hang up. If you want to create a daemon process so that the service can be restarted after it hangs, you can refer to the following client installation method.
nohup ./frps -c ./frps.ini &
Test whether it can be connected on the laboratory machine, here 公网ip
refers to the public network ip of vps, the following result appears, indicating that the firewall configuration is ok
$ telnet 公网ip 7000
Trying 公网ip...
Connected to 公网ip.
Escape character is '^]'.
If there is a failure, it should be because the firewall is not properly repaired and you can solve it by yourself.
Four, install frp client
This step is executed on the laboratory machine to
modify the frpc.ini
file
[common]
server_addr = 公网ip
server_port = 7000
[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 22
remote_port = 6000
# (optional) windows remote desktop
[rdp]
type = tcp
local_ip = 127.0.0.1
local_port = 3389
remote_port = 3389
# (optional) nomachine
[nx]
type = tcp
local_ip = 127.0.0.1
local_port = 4000
remote_port = 4000
Others can be added to the configuration file, and then make sure that the corresponding ones remote_port
are open to the outside world on the VPS .
Since the laboratory machine may be powered off, it is best to implement a double layer of protection and modify the power manager function of the BIOS to make the laboratory machine automatically restart after a power is received.
If the laboratory computer restarts or the service of unknown factors hangs up, I hope it can restart itself, so I need to create a daemon process, let it start by itself, and restart after it hangs up.
sudo vim /etc/systemd/system/frpc.service
# 内容如下
[Unit]
Description=frpc
After=network.target
[Service]
Type=simple
Restart=always
User=yourusername
Group=yourusername
ExecStart=/yourpath/frpc -c /yourpath/frpc.ini
[Install]
WantedBy=multi-user.target
Among them, yourpath
refers to the full address of the directory after FRP pressurization, and yourusername
refers to the user name on the laboratory machine
- Save it, and then execute
sudo systemctl daemon-reload
reload configuration file - Execute again,
sudo systemctl enable frpc.service
set to boot up - Start service
systemctl start frpc.service
If you don’t want to create a daemon, just execute nohup ./frpc -c ./frpc.ini &
Five, functional verification
On a machine connected to the external network, it can be a mobile phone hotspot, ssh to the server
ssh user@公网ip -p 6000
In the same way, if it is nomachine or rdp, just fill in the public network ip and read the corresponding port directly.