No more restrictions! Detailed explanation of FRP intranet penetration, making remote access simple!

1. Introduction

frp is a high-performance reverse proxy application that focuses on intranet penetration. It supports multiple protocols, including TCP, UDP, HTTP, HTTPS, etc., and has P2P communication capabilities. Using frp, you can safely and conveniently expose intranet services to the public network and transfer them through nodes with public IPs.

1. Working Principle

The basic workflow of FRP is as follows:

• Client (frpc): Deployed in the intranet, responsible for sending intranet services to the public server through the FRP protocol.
• Server (frps): Deployed in the external network, receives data from the client and forwards the request to the corresponding intranet service.

When an external network user accesses a specific port on a public server, the FRP server forwards the request to the corresponding FRP client, thereby enabling access to the intranet service.

FRP working principle diagram

2. Advantages of FRP

• High performance: FRP optimizes traffic and supports high concurrent connections.
• Flexible configuration: supports multiple protocols and can configure different services differently.
• Open source and free: FRP is an open source software, and users can modify and use it freely according to their needs.

2. Installation and configuration of FRP

Next we will introduce how to install and configure FRP on your server and intranet devices. Therefore, to use FRP to achieve intranet penetration, you first need to have a VPS.

1. Environmental Preparation

Before you begin, you need to prepare the following environment:

• A public network server (used to deploy the FRP server). This case uses the Ubuntu system. The specific versions are as follows:

• An intranet device (used to deploy the FRP client). I use the pve system for the intranet machine. The specific version is as follows:

2. Server (frps) installation and configuration

There are many ways to install the FRP server (frps). You can choose to deploy it using binary files or Docker.

(1) Binary deployment

Get the latest version of the file download through GitHub, as shown below:

After logging into the system, change to the specified directory. In this example, I have chosen the opt directory.

 cd /opt

Download the frp file and replace the link after wget with the latest version.

 wget https://github.com/fatedier/frp/releases/download/v0.60.0/frp_0.60.0_linux_amd64.tar.gz

After downloading, execute the following command to decompress the file:

 sudo tar -zxvf frp_0.60.0_linux_amd64.tar.gz

Execute the following command to rename the frp application:

 mv frp_0.60.0_linux_amd64 frp_0.60.0

File Description:

• frps: server startup file.
• frps.toml: server configuration file.

Therefore, the server only needs to keep frps and frps.toml. Edit frps.toml and the completed configuration file options can access the official template [1].

 bindAddr = "0.0.0.0" bindPort = 7000 auth.method = "token" # 用于客户端和服务器通信的身份验证令牌auth.token = "user1@1234" #秘钥格式建议配置用户+@+密码的格式，方便区分用户webServer.addr = "0.0.0.0" webServer.port = 7500 webServer.user = "user" #管理面板的用户webServer.password = "密码" #管理面板的密码# tls #transport.tls.force = true #transport.tls.certFile = "/etc/frp/ssl/server.crt" #transport.tls.keyFile = "/etc/frp/ssl/server.key" #transport.tls.trustedCaFile = "/etc/frp/ssl/ca.crt"

Configure systemd on the server to manage frp and execute the following command to create the frps.service file.

 vim /etc/systemd/system/frps.service

And write the following content in the file:

 [Unit] Description = frp server After = network.target syslog.target Wants = network.target [Service] Type = simple # 启动frps的命令，需修改为您的frps的安装路径ExecStart = /opt/frp_0.60.0/frps -c /opt/frp_0.60.0/frps.toml [Install] WantedBy = multi-user.target

Execute the following commands to enable the bootloader and start the service.

 systemctl enable frps && sudo systemctl start frps

Check whether the service is normal. Use the following command to check. If the service is not active, check the log.

 systemctl status frps

(2) 1Panel deployment

If you think the above binary deployment method is complicated, you can try to use 1Panel deployment. Since my VPS has already installed 1Panel, I can easily install frps directly through 1Panel.

Open the 1panel app store, find the frp server directly, and install it:

The deployment is complete as shown in the following figure:

The default authentication method is token. To set and obtain the token, go to the App Market, click Installed, and click the Enter Installation Directory button.

frps status

frps configuration file

3. Client Installation and Configuration

The client only needs to leave frpc and frpc.toml files. Edit frpc.toml and add the following content to the file:

 serverAddr = "xxxx" #VPS服务器的IP地址(公网IP) serverPort = 7000 #frps服务端口，对于的上面的frps配置文件bindPort的值auth.method = "token" auth.token = "token" #frps服务认证token，对于的上面的frps配置文件auth.token的值[[proxies]] name = "pve-ssh" type = "tcp" localIP = "127.0.0.1" localPort = 22 remotePort = 1022

The [[proxies]] code block above means forwarding the local port 22 through the public IP port 1022. To put it more clearly, you can access the local port 22 on the intranet through the public network port 1022.

Note: This port 1022 needs to be opened on the VPS firewall.

Configure the client systemd to manage frpc and execute the following command to create the frpc.service file.

 vim /etc/systemd/system/frpc.service

And add the following content to the file:

 [Unit] Description = frp server After = network.target syslog.target Wants = network.target [Service] Type = simple # 启动frps的命令，需修改为您的frps的安装路径ExecStart = /usr/local/frp/frpc/frpc -c /usr/local/frp/frpc/frpc.toml [Install] WantedBy = multi-user.target

Execute the following commands to enable the bootloader and start the service.

 systemctl enable frpc && sudo systemctl start frpc

Run the following command to check whether the client status is normal. If the service is not active, check the log.

 systemctl status frpc

frpc status

4. Access management web

By default, the dashboard only listens to the local 127.0.0.1 address. If you use an intranet address, please modify the webServer.addr = "xxxx" configuration field.

Server dashboard

V. Conclusion

Through the introduction of this article, I believe you have a more comprehensive understanding of FRP. From basic installation and configuration to the use of advanced functions, FRP can meet your intranet penetration needs in different scenarios. If you are looking for an efficient and easy-to-use intranet penetration tool, FRP is undoubtedly a very good choice. Hurry up and try it, so that your remote access is no longer restricted!