• notice
  • Congratulations on the launch of the Sought Tech site

Remote desktop control with frp

I bought a HUAWEI CLOUD server for a year and just hosted a website. Recently, I was thinking of doing something. I often need to use the company computer to copy some files when I am at home, so I want to use the Windows remote desktop.

If you want to access the company computer on the public network, you need to use the intranet penetration if there is no public network IP. There are many tools for intranet penetration, such as peanut shell, net123, ngrok, frp, peanut shell and nat123 belong to service providers The penetration provided will charge a fee (40-50 / 128Kb in January), ngrok and frp are programs that need to be manually configured and built.

I chose frp , the official document address is: https://gofrp.org/

1. Download frp

Go to releases and download the compressed package of the corresponding architecture according to your own system. If you don't know which one to choose, you can download the two shown by the arrow first, and then choose the other one if there is a problem (linux input archcommand to view)


2. Server-side configuration

After the download is complete, configure the server side

Modify the configuration file

First upload the linux compressed package to the server, I use the pagoda panel here , then unzip it and rename it

frp after decompression

Double click frps.inito modify configuration

bind_port = 7000

# The port on which the server listens for http requests (because port 80 is occupied by nginx, other ports are specified)

# The server is used to display the site port of the connection status. In the following configuration, you can log in by accessing IP: 7500 to view the frp server status and other information
dashboard_port = 7500

# The username/password corresponding to the dashboard
dashboard_user = username
dashboard_pwd = password

# log file path
#log_file = /root/net-ct/frp/frps.log

# Logging error level, divided into: trace, debug, info, warn, erro
#log_level = warn

# Maximum number of days to keep logs
#log_max_days = 3

# Client connection check code (client must be the same)
privilege_token = tokenvalue

# heartbeat configure, it's not recommended to modify the default value
# the default value of heartbeat_timeout is 90
# heartbeat_timeout = 90

# only allow frpc to bind ports you list, if you set nothing, there won't be any limit
# privilege_allow_ports = 2000-3000,3001,3003,4000-50000

# pool_count in each proxy will change to max_pool_count if they exceed the maximum value
max_pool_count = 5

# max ports can be used for each client, default value is 0 means no limit
max_ports_per_client = 0

# authentication_timeout means the timeout interval (seconds) when the frpc connects frps
# if authentication_timeout is zero, the time is not verified, default is 900s
authentication_timeout = 900

# Domain names that support external access (requires domain name resolution to IP)
subdomain_host = frps.domain.com

Open firewall ports

Firewall common commands:

1. Basic operation of firewall

View Version: firewall-cmd --version
Show Status: firewall-cmd --state
View All Open Ports:netstat -anp

turn on firewall systemctl start firewalld
turn off firewallsystemctl stop firewalld

Open the firewall service firewalld start
If you cannot open the firewall
, use it first: systemctl unmask firewalld.service
Then:systemctl start firewalld.service

2. Port query

  • Query whether the specified port is open firewall-cmd --query-port=666/tcp, and prompt yes or no

  • Query all open portsnetstat -anp

3. Open the port

If the above port query is not enabled, you need to reopen it and open the port command

  • Added firewall-cmd --zone=public --add-port=80/tcp --permanent(--permanent will take effect permanently, and it will be invalid after restart without this parameter)

  • reloadfirewall-cmd --reload

  • Checkfirewall-cmd --zone= public --query-port=80/tcp

  • deletefirewall-cmd --zone= public --remove-port=80/tcp --permanent

We only need to open the corresponding port, such as 7000port (the best ports are open)

firewall-cmd --zone=public --add-port=7000/tcp --permanent
firewall-cmd --reload
firewall-cmd --zone= public --query-port=7000/tcp # will now show yes

Change security group

Some cloud servers may also need to open the port, click Change Security Group, modify the bound security group or create a new one.

Select security group

Add three rules to the inbound rule

Open the port used

run command

cd /www/frp./frps -c 

The above command can be added to the scheduled task

Scheduled Tasks

Click to execute, view the log, prompt successfullysuccess

3. Client configuration

After the server runs, you can configure it on Windows. First, unzip the Windows compressed package and cmdopen

enter cmd

Modify the configuration filefrpc.ini

server_addr = server IP address
server_port = 7000
privilege_token = tokenvalue

type = tcp
local_port = 3389
remote_port = 7001

Excuting an order

frpc.exe -c frpc.ini



You can also set frpc to run automatically

Set as a service, self-starting: run as administrator

sc.exe create frpcservice binPath="\"D:\Program Files\frp_0.42.0_windows_386\frpc.exe\" -c \"D:\Program Files\frp_0.42.0_windows_386\frpc.ini\"" DisplayName=" frpcservice" start=delayed-auto

If an error is reported, take another way (you can execute sc delete frpcservicedelete the service)

Use winsw to frpcregister as a system service: download the file, WinSw x64.execopy it to frpthe directory where it is located and rename it to winsw.exe, create a new winsw.xmlfile , enter the following content, code asutf-8

    <name>Frpc Service</name>
    <description>Frp client start</description>
    <arguments>-c frpc.ini</arguments>
    <onfailure action="restart" delay="60 sec"/>
    <onfailure action="restart" delay="120 sec"/>

Open with administrator privileges CMD, enter the directory, and execute the command:

winsw installwinsw start

After the prompt is successful, you can enter the service view

4. Remote connection

Windows10/11 turn on in settings远程桌面

Use the built-in on the computer mstscto connect, search and RD Clientinstall on the mobile phone or iPad


After opening, fill in the name of the computer: Server IP:7001, the user account is the account and password of your own computer, and then you can connect

connection succeeded

The pits encountered are mainly firewalls and setting services


Technical otaku

Sought technology together

Related Topic


Leave a Reply