Communication Security and Optimization
Encryption and Compression
Note: When TLS is enabled between frpc and frps, traffic will be globally encrypted, and encryption on individual proxies is no longer needed. This is enabled by default in newer versions.
Each proxy can choose whether to enable encryption and compression features.
The encryption algorithm uses aes-128-cfb, and the compression algorithm uses snappy.
Specify in each proxy’s configuration using the following parameters:
[[proxies]]
name = "ssh"
type = "tcp"
localPort = 22
remotePort = 6000
transport.useEncryption = true
transport.useCompression = true
By setting transport.useEncryption = true
, the communication content between frpc and frps will be encrypted during transmission, effectively preventing transmission content from being intercepted.
If the transmitted packet length is long, setting transport.useCompression = true
to compress the transmission content can effectively reduce network traffic between frpc and frps, speed up traffic forwarding, but will consume some additional CPU resources.
TCP Multiplexing
The connection between client and server supports multiplexing, no longer requiring a connection to be created for each user request, reducing connection establishment latency and avoiding occupying large numbers of file descriptors, allowing frp to handle higher concurrency.
This feature is enabled by default. To disable it, configure in both frps.toml and frpc.toml. This configuration must be consistent between server and client:
# In both frps.toml and frpc.toml
transport.tcpMux = false
Connection Pool
By default, frps will only request frpc to actively establish a connection with the backend service after a user request establishes a connection. When connection pooling is enabled for a specified proxy, frp will pre-establish a specified number of connections with the backend service. Each time a user request is received, a connection will be taken from the connection pool and associated with the user connection, avoiding the time of waiting to establish a connection with the backend service and passing control information between frpc and frps.
This feature is suitable for scenarios with a large number of short connections.
Note: When TCP multiplexing is enabled, the improvement from connection pooling is limited and generally not needed in common scenarios.
-
First, you can set the upper limit of connection pools that each proxy can create in frps.toml to avoid occupying large amounts of resources. Client settings exceeding this configuration will be adjusted to the current value:
# frps.toml transport.maxPoolCount = 5
-
Enable connection pooling for the client in frpc.toml, specifying the number of pre-created connections:
# frpc.toml transport.poolCount = 1
KCP Protocol Support
The underlying communication protocol supports selecting KCP protocol. Compared to TCP, transmission efficiency is significantly improved in weak network environments, but there will be some additional traffic consumption.
Enable KCP protocol support:
-
Enable KCP protocol support in frps.toml, specifying a UDP port for receiving client requests:
# frps.toml bindPort = 7000 # kcp binds to UDP port, can be the same as bindPort kcpBindPort = 7000
-
Specify the protocol type to use in frpc.toml, other proxy configurations don’t need to change:
# frpc.toml serverAddr = "x.x.x.x" # serverPort specifies frps's kcpBindPort serverPort = 7000 transport.protocol = "kcp"
QUIC Protocol Support
The underlying communication protocol supports selecting QUIC protocol, which uses UDP transmission at the bottom layer, solving some problems with TCP, with higher transmission efficiency and lower connection latency.
Enable QUIC protocol support:
-
Enable QUIC protocol support in frps.toml, specifying a UDP port for receiving client requests:
# frps.toml bindPort = 7000 # QUIC binds to UDP port, can be the same as bindPort quicBindPort = 7000
-
Specify the protocol type to use in frpc.toml, other proxy configurations don’t need to change:
# frpc.toml serverAddr = "x.x.x.x" # serverPort specifies frps's quicBindPort serverPort = 7000 transport.protocol = "quic"