Campus network intranet penetration

Enterprise 2021-01-29 10:25:15 views: null

Article Directory

Scene description

Use the off-campus network to connect directly to the laboratory machine without ssh through the school VPN. You need a VPS. You can use Tencent Cloud’s free one-month package. The network speed is 3M, which is not enough for remote desktop. If you want to remote For desktop, it is recommended to purchase a high-bandwidth VPS.

  • Required tools open source software frp
  • A VPS, my side is centos 7.6 system, Tencent Cloud
  • Laboratory machine (My side is ubuntu, if it is windows, the difference lies in the installation and operation of the frp client, the configuration file remains unchanged, you can refer to the official documentation for details

Specific steps

The first two steps are the same on the laboratory machine and the VPS

One, golang operating environment

Frp relies on golang, you can go versioncheck whether there is a go environment, here is 1.15.7

wget https://studygolang.com/dl/golang/go1.15.7.linux-amd64.tar.gz
sudo tar -zxf go1.15.7.linux-amd64.tar.gz -C /opt
echo 'PATH=/opt/go/bin:${PATH}' >> ~/.bashrc
source ~/.bashrc
# 确认Go环境
go version

Second, get the frp package

This step may be too slow on the Tencent Cloud server, it is best to download it and pass it directly

wget https://github.com/fatedier/frp/releases/download/v0.35.0/frp_0.35.0_linux_amd64.tar.gz
tar -zxf frp_0.35.0_linux_amd64.tar.gz
cd frp_0.35.0_linux_amd64

Three, install frp server

  • The first two steps must be performed on the laboratory machine and the VPS, this step is performed on the VPS
  • Configure the default 7000port, if you want to change it, you can change frps.inithe port number corresponding to the file, and then open the corresponding port on the Tencent Cloud control panel firewall
  • Start the frps service on vps. Under normal circumstances, the Tencent Cloud server should not hang up. If you want to create a daemon process so that the service can be restarted after it hangs, you can refer to the following client installation method.
nohup ./frps -c ./frps.ini &

Test whether it can be connected on the laboratory machine, here 公网iprefers to the public network ip of vps, the following result appears, indicating that the firewall configuration is ok

$ telnet 公网ip 7000
Trying 公网ip...
Connected to 公网ip.
Escape character is '^]'.

If there is a failure, it should be because the firewall is not properly repaired and you can solve it by yourself.

Four, install frp client

This step is executed on the laboratory machine to
modify the frpc.inifile

[common]
server_addr = 公网ip
server_port = 7000

[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 22
remote_port = 6000

# (optional) windows remote desktop
[rdp]
type = tcp
local_ip = 127.0.0.1
local_port = 3389
remote_port = 3389

# (optional) nomachine
[nx]
type = tcp
local_ip = 127.0.0.1
local_port = 4000
remote_port = 4000

Others can be added to the configuration file, and then make sure that the corresponding ones remote_portare open to the outside world on the VPS .

Since the laboratory machine may be powered off, it is best to implement a double layer of protection and modify the power manager function of the BIOS to make the laboratory machine automatically restart after a power is received.

If the laboratory computer restarts or the service of unknown factors hangs up, I hope it can restart itself, so I need to create a daemon process, let it start by itself, and restart after it hangs up.

sudo vim /etc/systemd/system/frpc.service 
# 内容如下
[Unit]
Description=frpc
After=network.target

[Service]
Type=simple
Restart=always
User=yourusername
Group=yourusername

ExecStart=/yourpath/frpc -c /yourpath/frpc.ini

[Install]
WantedBy=multi-user.target

Among them, yourpathrefers to the full address of the directory after FRP pressurization, and yourusernamerefers to the user name on the laboratory machine

  • Save it, and then execute sudo systemctl daemon-reloadreload configuration file
  • Execute again, sudo systemctl enable frpc.serviceset to boot up
  • Start service systemctl start frpc.service

If you don’t want to create a daemon, just execute nohup ./frpc -c ./frpc.ini &

Five, functional verification

On a machine connected to the external network, it can be a mobile phone hotspot, ssh to the server

ssh user@公网ip -p 6000

In the same way, if it is nomachine or rdp, just fill in the public network ip and read the corresponding port directly.

Guess you like

Origin blog.csdn.net/Fei20140908/article/details/113354646
Recommended
Ranking
APPIUM operation package, based on java-client-7.0.0
Find the answer
A Case Study of Internal Network Security Analysis of a Hospital
java-springboot简单易学的员工管理系统
php20 invoicing
hyperledger fabric information
Fourth day of June 2019 No. 20 (do do things according to plan)
Linux desktop share breaks through 3%
Pinpointing the nuances JSON format beautify
System modeling software SpecialModeler
Daily
More
2024-07-05(0)
2024-07-04(0)
2024-07-03(0)
2024-07-02(0)
2024-07-01(0)
2024-06-30(0)
2024-06-29(0)
2024-06-28(0)
2024-06-27(0)
2024-06-26(0)

Code World

© 2018 codetd.com