Teamviewer began to charge. Sunflowers and the like are not easy to use. It's best to try windows remote desktop. Windows remote desktop is based on the underlying data communication of windows, with clear image quality, smooth operation, adaptive display resolution, and good use.
However, the office computer is on the intranet and cannot be accessed from the outside. Remote desktop port mapping does not comply with the security principles of network management. Therefore, it is decided to build frps service to realize intranet port penetration. Students without public IP can find a VPS on Alibaba cloud and Tencent cloud. Students with public IP and UBNT at home can read my article.
This article takes the UBNT # official original system edgeroouter er-x as the object to realize DDNS+frps intranet penetration without adding additional hardware.
1, Obtain public IP and configure DDNS
First, have a cordial conversation with telecom and get the IPv4 address of the public network (you can generally get it as long as you work hard).
Because the public IP changes dynamically, you need to configure DDNS and apply for a free dynamic domain name. pubyun is recommended: http://www.pubyun.com/ I've been using it for free for several years. It's stable and reliable. There's basically no problem. (just choose a name for the dynamic domain name. If you are not satisfied with the name, you can buy a low-cost static domain name and configure CNAME to resolve to the pubyun domain name)
Log in to ER-X console and input line by line
configure set service dns dynamic interface pppoe0 service custom-pubyun host-name yourdomain.f3322.net set service dns dynamic interface pppoe0 service custom-pubyun login youraccount set service dns dynamic interface pppoe0 service custom-pubyun options ssl=no set service dns dynamic interface pppoe0 service custom-pubyun password yourpassword set service dns dynamic interface pppoe0 service custom-pubyun protocol dyndns2 set service dns dynamic interface pppoe0 service custom-pubyun server www.pubyun.com commit save
Where yourdomain f3322. Net is the dynamic domain name, youraccount is the pubyun account name, and yourpassword is the pubyun password.
You can verify that DDNS is working properly by entering the following command:
ubnt@EdgeRouter:~$ show dns dynamic status
interface : pppoe0
ip address : 113.22.33.45
host-name : yourdomain.f3322.net
last update : Wed Aug 11 14:00:51 2020
update-status: good See update status: good dynamic domain name has been updated.
At this time, on any Windows system connected to the Internet, open cmd to execute:
C:\Users\Administrator> nslookup yourdomain.f3322.net The server: UnKnown Address: 192.168.1.1 Non authoritative response: name: yourdomain.f3322.net Address: 113.22.33.45
See that the Address is the public IP of the router, which proves that DDNS works normally. If you allow ICMP on the ER-X firewall, you can ping yourdomain from the Internet theoretically f3322. net. (please check the configuration of ER-X firewall by yourself)
2, Configure and run frps on EdgeOS +
Connect to ER-X through SSH. The software is unlimited. It's easy to use. The user name and password are consistent with the web login:
Download frp from GitHub: https://github.com/fatedier/frp/releases/ If you can't go up, you can turn it over. Other channels are also OK.
Note that from releases, download the latest version of linux_mipsle edition
After decompression, only the following files are retained:
Modify FRPs The contents of ini are:
# [common] is integral section [common] bind_addr = 0.0.0.0 bind_port = 7000 authentication_method = token token = ABC123456 # Set a password. The password of frpc should be the same as here
Modify FRPs The service content is:
[Unit] Description=Frp Server Service After=network.target [Service] Type=simple User=nobody Restart=on-failure RestartSec=5s ExecStart=/home/ubnt/frp/frps -c /home/ubnt/frp/frps.ini LimitNOFILE=1048576 [Install] WantedBy=multi-user.target
Upload the frp folder to the / home/ubnt directory of ER-X, and check the path and file name, which is the same as frp ExecStart of service corresponds to:
Execute the following command:
0.get into frp catalogue cd /home/ubnt/frp 1.copy frps.service reach /lib/systemd/system/ sudo cp frps.service /lib/systemd/system/ 2.Grant authority sudo chmod 777 frps sudo chmod 777 frps.ini 3.start-up frps service sudo systemctl start frps 4.Configure boot sudo systemctl enable frps
At this time, execute sudo systemctl status frps to display the running status:
Other possible commands:
Out of Service systemctl stop frps Restart service systemctl restart frps Disable boot systemctl disable frps
3, Configure the firewall and open the 7000 port and the port you want to proxy
After setting the new rules, please drag the Drop invalid state to the bottom and don't forget to open the port you need to map. Please refer to UBNT official forum for firewall configuration.
4, Configure frpc on office computer
I won't explain this part in detail. There are a lot of online content. Simply put my configuration file:
[common] server_addr = yourdomain.f3322.net server_port = 7000 token = ABC123456 [RDP_TCP] type = tcp local_ip = 127.0.0.1 local_port = 3389 remote_port = 53389 use_compression = true use_encryption = true
For security reasons, remote_port is configured as 53389 to prevent weak password scanning attacks. Port 53389 should also be allowed on the ER-X firewall.
It is recommended to use winsw to configure frpc as a Windows service to realize startup. reference resources: https://www.axay.cn/36.html
5, From then on, you can happily use remote desktop anywhere
finish