frp icon indicating copy to clipboard operation
frp copied to clipboard

Published 20 hours ago verified publisher icon fatedier

RDP远程桌面无法连接,tls的clint hello报文没有被转发

Open Loyolichoo opened this issue 1 year ago • 8 comments

Bug Description

配置转发本地7501(frpc的webServer端口),然后远程访问是可以正常打开的。但是转发本地3389端口的时候,就会卡在无限连接上。于是对本地的loopback网口进行了抓包,同时在服务器的远程口进行抓包。发现在转发过程中,服务器抓到的tls的Client Hello报文并没有在本地的loopback网口抓到。请教一下接下来该如何继续进行定位。 原始报文: image 本地回环抓到的报文: image

frpc Version

0.54.0

frps Version

0.54.0

System Architecture

linux/amd64, windows/amd64

Configurations

frpc:

serverAddr = "*"
serverPort = 7801
transport.protocol = "quic"
log.to = "frpc.log"
log.level = "trace"
log.maxDays = 30
auth.token = "*"
webServer.port = 7501

[[proxies]]
name = "RDP-TCP"
type = "tcp"
#localIP = "127.0.0.1"
localPort = 3389
remotePort = 13389

[[proxies]]
name = "RDP-UDP"
type = "udp"
#localIP = "127.0.0.1"
localPort = 3389
remotePort = 13389

frps:

bindPort = 7801
quicBindPort = 7801
log.to = "frps.log"
log.level = "trace"
log.maxDays = 30
auth.token = "*"

Logs

frps:

2024/02/03 01:32:09 [I] [root.go:105] frps uses config file: /home/lc/opt/etc/frp/frps_3389.toml
2024/02/03 01:32:09 [I] [service.go:225] frps tcp listen on 0.0.0.0:7801
2024/02/03 01:32:09 [I] [service.go:249] frps quic listen on 0.0.0.0:7801
2024/02/03 01:32:09 [I] [root.go:114] frps started successfully
2024/02/03 01:32:13 [I] [service.go:563] [19065ba0f1dea30e] client login info: ip [111.201.29.102:9234] version [0.54.0] hostname [] os [windows] arch [amd64]
2024/02/03 01:32:13 [D] [control.go:432] [19065ba0f1dea30e] receive heartbeat
2024/02/03 01:32:13 [I] [udp.go:103] [19065ba0f1dea30e] [RDP-UDP] udp proxy listen port [13389]
2024/02/03 01:32:13 [I] [control.go:401] [19065ba0f1dea30e] new proxy [RDP-UDP] type [udp] success
2024/02/03 01:32:13 [I] [tcp.go:82] [19065ba0f1dea30e] [RDP-TCP] tcp proxy listen port [13389]
2024/02/03 01:32:13 [I] [control.go:401] [19065ba0f1dea30e] new proxy [RDP-TCP] type [tcp] success
2024/02/03 01:32:13 [D] [control.go:243] [19065ba0f1dea30e] new work connection registered
2024/02/03 01:32:14 [D] [control.go:272] [19065ba0f1dea30e] get work connection from pool
2024/02/03 01:32:14 [D] [proxy.go:131] [19065ba0f1dea30e] [RDP-UDP] get a new work connection: [111.201.29.102:9234]
2024/02/03 01:32:14 [T] [udp.go:117] [19065ba0f1dea30e] [RDP-UDP] loop waiting message from udp workConn
2024/02/03 01:32:14 [D] [control.go:243] [19065ba0f1dea30e] new work connection registered
2024/02/03 01:32:18 [I] [proxy.go:204] [19065ba0f1dea30e] [RDP-TCP] get a user connection [111.201.29.102:9247]
2024/02/03 01:32:18 [D] [control.go:272] [19065ba0f1dea30e] get work connection from pool
2024/02/03 01:32:18 [D] [proxy.go:131] [19065ba0f1dea30e] [RDP-TCP] get a new work connection: [111.201.29.102:9234]
2024/02/03 01:32:18 [T] [proxy.go:240] [19065ba0f1dea30e] [RDP-TCP] handler user tcp connection, use_encryption: false, use_compression: false
2024/02/03 01:32:18 [D] [proxy.go:261] [19065ba0f1dea30e] [RDP-TCP] join connections, workConn(l[10.0.16.4:7801] r[111.201.29.102:9234]) userConn(l[10.0.16.4:13389] r[111.201.29.102:9247])
2024/02/03 01:32:18 [D] [control.go:243] [19065ba0f1dea30e] new work connection registered
2024/02/03 01:32:29 [D] [proxy.go:271] [19065ba0f1dea30e] [RDP-TCP] join connections closed

frpc:

2024/02/03 01:32:14 [I] [root.go:142] start frpc service for config file [.\frpc_3389.toml]
2024/02/03 01:32:14 [I] [service.go:287] try to connect to server...
2024/02/03 01:32:14 [I] [service.go:279] [19065ba0f1dea30e] login to server success, get run id [19065ba0f1dea30e]
2024/02/03 01:32:14 [D] [control.go:244] [19065ba0f1dea30e] send heartbeat to server
2024/02/03 01:32:14 [I] [proxy_manager.go:173] [19065ba0f1dea30e] proxy added: [RDP-TCP RDP-UDP]
2024/02/03 01:32:14 [I] [service.go:177] admin server listen on 127.0.0.1:7501
2024/02/03 01:32:14 [T] [proxy_wrapper.go:200] [19065ba0f1dea30e] [RDP-UDP] change status from [new] to [wait start]
2024/02/03 01:32:14 [T] [proxy_wrapper.go:200] [19065ba0f1dea30e] [RDP-TCP] change status from [new] to [wait start]
2024/02/03 01:32:14 [D] [control.go:195] [19065ba0f1dea30e] receive heartbeat from server
2024/02/03 01:32:14 [I] [control.go:170] [19065ba0f1dea30e] [RDP-UDP] start proxy success
2024/02/03 01:32:14 [I] [control.go:170] [19065ba0f1dea30e] [RDP-TCP] start proxy success
2024/02/03 01:32:14 [D] [proxy_wrapper.go:260] [19065ba0f1dea30e] [RDP-UDP] start a new work connection, localAddr: [::]:50090 remoteAddr: *:7801
2024/02/03 01:32:14 [I] [udp.go:93] [19065ba0f1dea30e] [RDP-UDP] incoming a new work connection for udp proxy, *:7801
2024/02/03 01:32:19 [D] [proxy_wrapper.go:260] [19065ba0f1dea30e] [RDP-TCP] start a new work connection, localAddr: [::]:50090 remoteAddr: *:7801
2024/02/03 01:32:19 [T] [proxy.go:144] [19065ba0f1dea30e] [RDP-TCP] handle tcp work connection, useEncryption: false, useCompression: false
2024/02/03 01:32:19 [D] [proxy.go:208] [19065ba0f1dea30e] [RDP-TCP] join connections, localConn(l[127.0.0.1:12733] r[127.0.0.1:3389]) workConn(l[[::]:50090] r[*:7801])
2024/02/03 01:32:29 [D] [proxy.go:220] [19065ba0f1dea30e] [RDP-TCP] join connections closed
2024/02/03 01:32:29 [T] [proxy.go:222] [19065ba0f1dea30e] [RDP-TCP] join connections errors: [read tcp 127.0.0.1:12733->127.0.0.1:3389: use of closed network connection]
2024/02/03 01:32:44 [D] [control.go:244] [19065ba0f1dea30e] send heartbeat to server
2024/02/03 01:32:44 [D] [control.go:195] [19065ba0f1dea30e] receive heartbeat from server
2024/02/03 01:32:44 [T] [udp.go:150] [19065ba0f1dea30e] [RDP-UDP] send ping message to udp workConn
2024/02/03 01:33:14 [D] [control.go:244] [19065ba0f1dea30e] send heartbeat to server
2024/02/03 01:33:14 [D] [control.go:195] [19065ba0f1dea30e] receive heartbeat from server
2024/02/03 01:33:14 [T] [udp.go:150] [19065ba0f1dea30e] [RDP-UDP] send ping message to udp workConn
2024/02/03 01:33:44 [D] [control.go:244] [19065ba0f1dea30e] send heartbeat to server
2024/02/03 01:33:44 [D] [control.go:195] [19065ba0f1dea30e] receive heartbeat from server
2024/02/03 01:33:44 [T] [udp.go:150] [19065ba0f1dea30e] [RDP-UDP] send ping message to udp workConn

Steps to reproduce

...

Affected area

  • [ ] Docs
  • [X] Installation
  • [X] Performance and Scalability
  • [ ] Security
  • [ ] User Experience
  • [ ] Test and Release
  • [ ] Developer Infrastructure
  • [ ] Client Plugin
  • [ ] Server Plugin
  • [ ] Extensions
  • [ ] Others

Loyolichoo avatar Feb 02 '24 17:02 Loyolichoo

rdp-tcp : 3389 rdp-udp : 3391

kingwilliam avatar Feb 05 '24 22:02 kingwilliam

rdp-tcp : 3389 rdp-udp : 3391

感谢分享。尝试了下这个修改,没有看到效果,客户端抓包看了一下,没有UDP报文产生,应该是前面TLS握手过程没有完成,还不会开始跑UDP流量。然后用互联网直连的方式抓包验证了一下,我目前使用的这个版本的RDP的UDP使用的端口号还是3389。

Loyolichoo avatar Feb 06 '24 03:02 Loyolichoo 

#transport.protocol = "quic"

xqzr avatar Feb 08 '24 16:02 xqzr 

#transport.protocol = "quic"

试了一下,效果还是一样的

Loyolichoo avatar Feb 11 '24 12:02 Loyolichoo

在 frpc 捕获 7801 端口

xqzr avatar Feb 11 '24 17:02 xqzr

在 frpc 捕获 7801 端口

没太明白捕获7801端口是什么意思。如果是指客户端配置的话,现在客户端与服务器通信的已经是7801端口了。如果是指用wireshark抓包的话,我尝试修改服务器跟客户端的配置,去掉quic和auth口令鉴权,最简化配置,服务器只保留日志相关,以及在frpc的配置文件中使用tls.enable = false,然后在网口抓包7801。但最终抓到的依旧是tls报文,不过我对比了回环抓包的报文,发现在mstsc客户端输入完frpc设备的密码,点确认之后,frps是有向frpc发送tls报文的,但是此时在回环接口上抓包就没有抓到这个报文

Loyolichoo avatar Feb 21 '24 17:02 Loyolichoo

在 frpc 捕获 7801 端口

在frpc的配置文件中使用tls.enable = false,然后在网口抓包7801。但最终抓到的依旧是tls报文

https://github.com/fatedier/frp/blob/52f66b05e624233105924906f67f10347a5ed0de/conf/frpc_full_example.toml#L102

xqzr avatar Feb 21 '24 22:02 xqzr

在 frpc 捕获 7801 端口

在frpc的配置文件中使用tls.enable = false,然后在网口抓包7801。但最终抓到的依旧是tls报文

https://github.com/fatedier/frp/blob/52f66b05e624233105924906f67f10347a5ed0de/conf/frpc_full_example.toml#L102 这个配置是有效果的。重新抓了包,情况是这样的:第一轮鉴权的传输是正常的,到了RDP客户端输完密码回车的时候出问题了,此时RDP客户端向frps的13389端口发送了tls的client hello报文,而frps把RDP客户端请求的tls报文,也就是tcp的载荷完全一模一样得转发给了frpc客户端,frpc这端收到的tcp报文出来tcp头不一样,剩下的tcp载荷和RDP请求的报文完全一样。不知道frp的frps和frpc之间的交互协议是否有序列化的处理,至少我在前面的报文里没有看到有这种一模一样的载荷出现。而且这个报文没有在loopback口的3389端口上抓到,应该是被frpc丢掉了。

Loyolichoo avatar Feb 25 '24 17:02 Loyolichoo

Issues go stale after 21d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.

github-actions[bot] avatar Mar 18 '24 00:03 github-actions[bot]

@Loyolichoo 你好,方便给一个可用的支持udp的远程桌面的配置参考吗? 我一直配置不成功。 frpc Version 0.58.1

frps Version 0.58.1

frpc.toml

`serverAddr = "xxxx" serverPort = 7001 transport.protocol = "kcp" transport.tls.enable = true

[[proxies]] name = "test-http" type = "tcp" localIP = "127.0.0.1" localPort = 3389 remotePort = 6000

[[proxies]] name = "zc-udp" type = "udp" localIP = "127.0.0.1" localPort = 3389 remotePort = 6000`

frps.toml

bindPort = 7001 kcpBindPort = 7001

iwdm-cc avatar Jun 28 '24 04:06 iwdm-cc

@Loyolichoo 你好,方便给一个可用的支持udp的远程桌面的配置参考吗? 我一直配置不成功。 frpc Version 0.58.1

frps Version 0.58.1

frpc.toml

`serverAddr = "xxxx" serverPort = 7001 transport.protocol = "kcp" transport.tls.enable = true

[[proxies]] name = "test-http" type = "tcp" localIP = "127.0.0.1" localPort = 3389 remotePort = 6000

[[proxies]] name = "zc-udp" type = "udp" localIP = "127.0.0.1" localPort = 3389 remotePort = 6000`

frps.toml

bindPort = 7001 kcpBindPort = 7001

放行 UDP 6000

xqzr avatar Jun 28 '24 08:06 xqzr