5

Cloudflare Tunnel 内网穿透

 1 year ago
source link: https://y4er.com/posts/cloudflare-tunnel/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

居家办公,需要把公司电脑穿出来让家里电脑链接。

需要cloudflared这个工具,在下面链接下载对应的版本。

https://github.com/cloudflare/cloudflared/releases

公司机器配置

ubuntu@ubuntu:~$ cloudflared login
Please open the following URL and log in with your Cloudflare account:

https://dash.cloudflare.com/argotunnel?callback=https%3A%2F%2Flogin.cloudflareaccess.org%2FRl3hix8lZBOXDNuSgnGsRNsKoM98SsecBz_S7dSxtyg%3D

Leave cloudflared running to download the cert automatically.
You have successfully logged in.
If you wish to copy your credentials to a server, they have been saved to:
/home/ubuntu/.cloudflared/cert.pem

打开它提示的url用你的cloudflare账号登录,选择域名后会生成一个cert.pem鉴权文件。

ubuntu@ubuntu:~$ cloudflared tunnel create test
Tunnel credentials written to /home/ubuntu/.cloudflared/9a9001bf-0015-4047-b196-9568ccff947a.json. cloudflared chose this file based on where your origin certificate was found. Keep this file secret. To revoke these credentials, delete the tunnel.

Created tunnel test with id 9a9001bf-0015-4047-b196-9568ccff947a
ubuntu@ubuntu:~$ cloudflared tunnel route dns 9a9001bf-0015-4047-b196-9568ccff947a test.y4er.com
2022-09-27T09:49:04Z INF Added CNAME test.y4er.com which will route to this tunnel tunnelID=9a9001bf-0015-4047-b196-9568ccff947a
ubuntu@ubuntu:~$

这会创建一个test的tunnel,tunnel的uuid是9a9001bf-0015-4047-b196-9568ccff947a,绑定在test.y4er.com域名上。这个时候看你的dns记录会发现多了这条记录。

然后可以开始穿透了。

cloudflared tunnel --name test --url rdp://127.0.0.1
cloudflared tunnel --name test --url http://127.0.0.1:8080
cloudflared tunnel --name test --url tcp://127.0.0.1:3306

我这里是转发127.0.0.1的3389端口

ubuntu@ubuntu:~$ cloudflared tunnel --name test --url rdp://127.0.0.1
2022-09-27T09:52:52Z INF Reusing existing tunnel with this name tunnelID=9a9001bf-0015-4047-b196-9568ccff947a
2022-09-27T09:52:52Z INF Starting tunnel tunnelID=9a9001bf-0015-4047-b196-9568ccff947a
2022-09-27T09:52:52Z INF Cannot determine default configuration path. No file [config.yml config.yaml] in [~/.cloudflared ~/.cloudflare-warp ~/cloudflare-warp /etc/cloudflared /usr/local/etc/cloudflared]
2022-09-27T09:52:52Z INF Version 2022.9.1
2022-09-27T09:52:52Z INF GOOS: linux, GOVersion: go1.18.6, GoArch: amd64
2022-09-27T09:52:52Z INF Settings: map[n:test name:test url:rdp://127.0.0.1]
2022-09-27T09:52:52Z INF cloudflared will not automatically update when run from the shell. To enable auto-updates, run cloudflared as a service: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/run-tunnel/as-a-service/
2022-09-27T09:52:52Z INF Generated Connector ID: a1da23e2-cdfc-44db-a0b0-2428e8c4a85a
2022-09-27T09:52:52Z INF Initial protocol quic
2022-09-27T09:52:52Z INF Starting metrics server on 127.0.0.1:45235/metrics
2022/09/27 09:52:52 failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details.
2022-09-27T09:52:53Z INF Connection de1df8d6-3983-4944-8a70-6c62ed96404b registered connIndex=0 ip=198.41.200.33 location=SJC
2022-09-27T09:52:55Z INF Connection 815b9bee-5b7b-4abd-badc-3dc397143278 registered connIndex=2 ip=198.41.200.73 location=SJC
2022-09-27T09:52:55Z INF Connection 842a5dc0-698c-454c-8a92-7bb0c9560b0e registered connIndex=3 ip=198.41.192.107 location=LAX
2022-09-27T09:52:58Z WRN Failed to create new quic connection error="failed to dial to edge with quic: timeout: no recent network activity" connIndex=1 ip=198.41.192.227
2022-09-27T09:52:58Z INF Retrying connection in up to 2s seconds connIndex=1 ip=198.41.192.227
2022-09-27T09:52:58Z WRN Connection terminated error="failed to dial to edge with quic: timeout: no recent network activity" connIndex=1

报错是因为默认用quic协议传输数据,国内不支持,他会自动回退协议到http2上,所以报错不用管。

家里机器配置

啥也不用配置,直接运行

cloudflared access rdp --hostname test.y4er.com --listener 127.0.0.1:3389

然后公司电脑的3389就被映射到了本机的3389上。

直接mstsc链接就行了。

比向日葵好用一万倍。

懒得起一个cmd专门跑这个玩意,所以做成supervisor服务配一个自启动。

[program:cloudflared]
command=cloudflared tunnel --name test --url rdp://127.0.0.1
dircetory=/usr/local/bin/     #进程目录
autostart=true     #在supervisord启动的时候是否自动启动
autorestart=true     #程序退出后是否自动重启
#日志输出
stderr_logfile=/tmp/client_stderr.log
stdout_logfile=/tmp/client_stdout.log
user=ubuntu

注意user为你当前用户,不然cloudflared拿不到鉴权文件。

写完了才发现直接可以命令安装服务

cloudflared service install

公司电脑配置

cloudflared tunnel --name test --bastion

家里电脑配置

cloudflared access tcp --hostname test.y4er.com --listener 127.0.0.1:3389 --destination 127.0.0.1:3389

destination可以指定其他端口或其他ip。

client链接的时候挂个代理就不会特别卡了。我用着比向日葵舒服,至少不会断,tom用的时候特别卡,可能是因为代理或者家庭宽带的线路问题,因人而异吧。

文笔垃圾,措辞轻浮,内容浅显,操作生疏。不足之处欢迎大师傅们指点和纠正,感激不尽。


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK