github-starred/frp
2
0
Fork 0
mirror of https://github.com/fatedier/frp.git synced 2026-05-15 08:05:49 -06:00
Code Issues 40 Projects Packages Wiki Activity Actions 1

[GH-ISSUE #2911] Running VPN Server Behind NAT w/ frp #2320

New issue
Closed
opened 2026-05-05 13:29:51 -06:00 by gitea-mirror · 11 comments
gitea-mirror commented 2026-05-05 13:29:51 -06:00
Owner
Copy link

Originally created by @craftcm on GitHub (Apr 25, 2022).
Original GitHub issue: https://github.com/fatedier/frp/issues/2911

Describe the feature request

First, I'd like to thank the developers and the community for the work on this project. I've been searching for an open-source and robust alternative to ngrok and finally stumbled across frp today.

While I know this isn't a place for VPN troubleshooting, I'm hopeful that someone with a more advanced knowledge of tunneling may be able to guide me. Long story short, I live in an apartment building that provides a gigabit wired internet connection to all the residents, but it's behind a NAT and I have no ability to get a public IP or enable port forwarding. I've been running a VPN server on a Raspberry Pi w/ PiVPN (OpenVPN as the VPN service) and have it exposed to the internet w/ ngrok's paid service which supports assigned TCP tunnels. This works, but not great. The speeds I get from a wired 100 Mbps / 100 Mbps connection at another location are about 20 Mbps / 15 Mbps through ngrok. I thought I could do better (and spend less money), so I got a VPS w/ GoDaddy (2 Gbps pipe to the internet) and have been playing around with the ngrok 1.0 self-hosted option. The speeds are better - 70 Mbps down / 50 Mbps up, but still not as great as I'd like and it lacks the ability to assign a static port for TCP connections.

I've been experimenting with frp today by running the client on my Raspberry Pi to expose the VPN port to the internet and the frp server on the VPS. It works, but the speed is terrible - 20 Mbps down / 5 Mbps up. I've tested with both OpenVPN on TCP and UDP traffic as well as with WireGuard which is UDP only. frp has all the features that I'm needing and more, but the speed seems quite low. What am I missing here? Any guidance would be very much appreciated. Thank you.

Describe alternatives you've considered

ngrok self-hosed and paid, ssh reverse tunnels.

Affected area

  • Docs
  • Installation
  • Performance and Scalability
  • Security
  • User Experience
  • Test and Release
  • Developer Infrastructure
  • Client Plugin
  • Server Plugin
  • Extensions
  • Others
Originally created by @craftcm on GitHub (Apr 25, 2022). Original GitHub issue: https://github.com/fatedier/frp/issues/2911 ### Describe the feature request First, I'd like to thank the developers and the community for the work on this project. I've been searching for an open-source and robust alternative to ngrok and finally stumbled across frp today. While I know this isn't a place for VPN troubleshooting, I'm hopeful that someone with a more advanced knowledge of tunneling may be able to guide me. Long story short, I live in an apartment building that provides a gigabit wired internet connection to all the residents, but it's behind a NAT and I have no ability to get a public IP or enable port forwarding. I've been running a VPN server on a Raspberry Pi w/ PiVPN (OpenVPN as the VPN service) and have it exposed to the internet w/ ngrok's paid service which supports assigned TCP tunnels. This works, but not great. The speeds I get from a wired 100 Mbps / 100 Mbps connection at another location are about 20 Mbps / 15 Mbps through ngrok. I thought I could do better (and spend less money), so I got a VPS w/ GoDaddy (2 Gbps pipe to the internet) and have been playing around with the ngrok 1.0 self-hosted option. The speeds are better - 70 Mbps down / 50 Mbps up, but still not as great as I'd like and it lacks the ability to assign a static port for TCP connections. I've been experimenting with frp today by running the client on my Raspberry Pi to expose the VPN port to the internet and the frp server on the VPS. It works, but the speed is terrible - 20 Mbps down / 5 Mbps up. I've tested with both OpenVPN on TCP and UDP traffic as well as with WireGuard which is UDP only. frp has all the features that I'm needing and more, but the speed seems quite low. What am I missing here? Any guidance would be very much appreciated. Thank you. ### Describe alternatives you've considered ngrok self-hosed and paid, ssh reverse tunnels. ### Affected area - [ ] Docs - [ ] Installation - [X] Performance and Scalability - [ ] Security - [X] User Experience - [ ] Test and Release - [ ] Developer Infrastructure - [ ] Client Plugin - [ ] Server Plugin - [ ] Extensions - [ ] Others
gitea-mirror 2026-05-05 13:29:51 -06:00
gitea-mirror commented 2026-05-05 13:29:55 -06:00
Author
Owner
Copy link

@fatedier commented on GitHub (Apr 26, 2022):

You'd better paste your configures.

<!-- gh-comment-id:1109227551 --> @fatedier commented on GitHub (Apr 26, 2022): You'd better paste your configures.
gitea-mirror commented 2026-05-05 13:29:55 -06:00
Author
Owner
Copy link

@github-actions[bot] commented on GitHub (May 27, 2022):

Issues go stale after 30d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.

<!-- gh-comment-id:1139173624 --> @github-actions[bot] commented on GitHub (May 27, 2022): Issues go stale after 30d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.
gitea-mirror commented 2026-05-05 13:29:56 -06:00
Author
Owner
Copy link

@Nexulo commented on GitHub (Jul 11, 2022):

i have the exact same setup and the same speed problem.
did you found a solution, @craftcm ?

<!-- gh-comment-id:1180588141 --> @Nexulo commented on GitHub (Jul 11, 2022): i have the exact same setup and the same speed problem. did you found a solution, @craftcm ?
gitea-mirror commented 2026-05-05 13:29:57 -06:00
Author
Owner
Copy link

@craftcm commented on GitHub (Jul 11, 2022):

I ended up going with another package - rathole - which was worked very well for my use case. I’m behind a NAT which I cannot control (gigabit internet is provided by my apartment complex, but on their own equipment) and I wanted to be able to access my OpenVPN server at home while traveling. I got a $2/month VPS from IONOS and setup rathole per their instructions on GitHub. I’m routinely getting 75/75 speeds now from my iPhone on 5G cell connection. I’ll also say that a potential bottleneck for the issue I encountered while testing frp was that my test OpenVPN server was running inside a VM, though I am not sure if that was the exact cause for the poor throughout. I hope this is helpful.

On Jul 11, 2022, at 10:59 AM, maisen20 @.***> wrote:


i have the exact same setup and the same speed problem.
did you found a solution, @craftcm ?


Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you were mentioned.

<!-- gh-comment-id:1180601748 --> @craftcm commented on GitHub (Jul 11, 2022): I ended up going with another package - rathole - which was worked very well for my use case. I’m behind a NAT which I cannot control (gigabit internet is provided by my apartment complex, but on their own equipment) and I wanted to be able to access my OpenVPN server at home while traveling. I got a $2/month VPS from IONOS and setup rathole per their instructions on GitHub. I’m routinely getting 75/75 speeds now from my iPhone on 5G cell connection. I’ll also say that a potential bottleneck for the issue I encountered while testing frp was that my test OpenVPN server was running inside a VM, though I am not sure if that was the exact cause for the poor throughout. I hope this is helpful. > > On Jul 11, 2022, at 10:59 AM, maisen20 ***@***.***> wrote: > >  > i have the exact same setup and the same speed problem. > did you found a solution, @craftcm ? > > — > Reply to this email directly, view it on GitHub, or unsubscribe. > You are receiving this because you were mentioned.
gitea-mirror commented 2026-05-05 13:29:57 -06:00
Author
Owner
Copy link

@samratfkt commented on GitHub (Apr 9, 2023):

Hey, I have tried to install openvpn and wireguard but both are not working with FRP, I know I am doing something wrong. Can you please guide me a little bit? I know this is not appropriate to take help like this :\ but I need the feature :\

<!-- gh-comment-id:1501241820 --> @samratfkt commented on GitHub (Apr 9, 2023): Hey, I have tried to install openvpn and wireguard but both are not working with FRP, I know I am doing something wrong. Can you please guide me a little bit? I know this is not appropriate to take help like this :\ but I need the feature :\
gitea-mirror commented 2026-05-05 13:29:58 -06:00
Author
Owner
Copy link

@fgenoese commented on GitHub (Mar 24, 2024):

@craftcm could you post the frpc config file used for VPN?

<!-- gh-comment-id:2016782913 --> @fgenoese commented on GitHub (Mar 24, 2024): @craftcm could you post the frpc config file used for VPN?
gitea-mirror commented 2026-05-05 13:29:59 -06:00
Author
Owner
Copy link

@craftcm commented on GitHub (Mar 24, 2024):

@craftcm could you post the frpc config file used for VPN?

I ended up going with another project - rathole - to accomplish my goal of accessing my home network via OpenVPN (setup with PiVPN) from behind a NAT that I can't control. It's worked flawlessly for nearly two years now. I described my solution a couple of comments up.

So, I can't help with a config for frp since I didn't end up using it, but I could offer some guidance on rathole if you go with that option.

<!-- gh-comment-id:2016832309 --> @craftcm commented on GitHub (Mar 24, 2024): > @craftcm could you post the frpc config file used for VPN? I ended up going with another project - rathole - to accomplish my goal of accessing my home network via OpenVPN (setup with PiVPN) from behind a NAT that I can't control. It's worked flawlessly for nearly two years now. I described my solution a couple of comments up. So, I can't help with a config for frp since I didn't end up using it, but I could offer some guidance on rathole if you go with that option.
gitea-mirror commented 2026-05-05 13:29:59 -06:00
Author
Owner
Copy link

@fgenoese commented on GitHub (Mar 24, 2024):

@craftcm could you post the frpc config file used for VPN?

I ended up going with another project - rathole - to accomplish my goal of accessing my home network via OpenVPN (setup with PiVPN) from behind a NAT that I can't control. It's worked flawlessly for nearly two years now. I described my solution a couple of comments up.

So, I can't help with a config for frp since I didn't end up using it, but I could offer some guidance on rathole if you go with that option.

Thanks. I'd appreciate if you could share the respective config files in a gist. Not familiar with rathole, but it looks quite similar to frp.

<!-- gh-comment-id:2016835500 --> @fgenoese commented on GitHub (Mar 24, 2024): > > @craftcm could you post the frpc config file used for VPN? > > > > I ended up going with another project - rathole - to accomplish my goal of accessing my home network via OpenVPN (setup with PiVPN) from behind a NAT that I can't control. It's worked flawlessly for nearly two years now. I described my solution a couple of comments up. > > > > So, I can't help with a config for frp since I didn't end up using it, but I could offer some guidance on rathole if you go with that option. Thanks. I'd appreciate if you could share the respective config files in a gist. Not familiar with rathole, but it looks quite similar to frp.
gitea-mirror commented 2026-05-05 13:30:00 -06:00
Author
Owner
Copy link

@craftcm commented on GitHub (Mar 24, 2024):

@craftcm could you post the frpc config file used for VPN?

I ended up going with another project - rathole - to accomplish my goal of accessing my home network via OpenVPN (setup with PiVPN) from behind a NAT that I can't control. It's worked flawlessly for nearly two years now. I described my solution a couple of comments up.
So, I can't help with a config for frp since I didn't end up using it, but I could offer some guidance on rathole if you go with that option.

Thanks. I'd appreciate if you could share the respective config files in a gist. Not familiar with rathole, but it looks quite similar to frp.

Sure thing. I hope this is helpful.

server.toml which runs on my VPS:

[server]
bind_addr = "0.0.0.0:2333"

[server.services.my_vpn]
token = "redacted"
bind_addr = "0.0.0.0:1194"

client.toml which runs on the Pi alongside OpenVPN within my internal network behind the NAT:

[client]
remote_addr = "myvpsFQDN.com:2333"

[client.services.my_vpn]
token = "REDACTED"
local_addr = "127.0.0.1:1194"

Finally, here's the service file on my Pi which keeps rathole running in the background.

Create the file:

sudo nano /etc/systemd/system/rathole.service

Description=Share local port(s) with rathole
After=syslog.target network.target

[Service]
PrivateTmp=true
Type=simple
Restart=always
RestartSec=1min
StandardOutput=null
StandardError=null
ExecStart=/home/pi/rathole /home/pi/client.toml
ExecStop=/usr/bin/killall rathole

Obviously you'll need to update the paths in the next to last line to point to your rathole executable and rathole config file. Then start the service:

sudo systemctl start rathole

<!-- gh-comment-id:2016840262 --> @craftcm commented on GitHub (Mar 24, 2024): > > > @craftcm could you post the frpc config file used for VPN? > > > > > > I ended up going with another project - rathole - to accomplish my goal of accessing my home network via OpenVPN (setup with PiVPN) from behind a NAT that I can't control. It's worked flawlessly for nearly two years now. I described my solution a couple of comments up. > > So, I can't help with a config for frp since I didn't end up using it, but I could offer some guidance on rathole if you go with that option. > > Thanks. I'd appreciate if you could share the respective config files in a gist. Not familiar with rathole, but it looks quite similar to frp. Sure thing. I hope this is helpful. server.toml which runs on my VPS: ``` [server] bind_addr = "0.0.0.0:2333" [server.services.my_vpn] token = "redacted" bind_addr = "0.0.0.0:1194" ``` client.toml which runs on the Pi alongside OpenVPN within my internal network behind the NAT: ``` [client] remote_addr = "myvpsFQDN.com:2333" [client.services.my_vpn] token = "REDACTED" local_addr = "127.0.0.1:1194" ``` Finally, here's the service file on my Pi which keeps rathole running in the background. Create the file: `sudo nano /etc/systemd/system/rathole.service` ``` Description=Share local port(s) with rathole After=syslog.target network.target [Service] PrivateTmp=true Type=simple Restart=always RestartSec=1min StandardOutput=null StandardError=null ExecStart=/home/pi/rathole /home/pi/client.toml ExecStop=/usr/bin/killall rathole ``` Obviously you'll need to update the paths in the next to last line to point to your rathole executable and rathole config file. Then start the service: `sudo systemctl start rathole`
gitea-mirror commented 2026-05-05 13:30:00 -06:00
Author
Owner
Copy link

@diyaps commented on GitHub (Feb 12, 2025):

@craftcm hi, thanks for your sharing. I'm looking into something similar as your case. But why don't you directly run the openVPN server on your VPS which has the public IP? it would be faster.

<!-- gh-comment-id:2654162917 --> @diyaps commented on GitHub (Feb 12, 2025): @craftcm hi, thanks for your sharing. I'm looking into something similar as your case. But why don't you directly run the openVPN server on your VPS which has the public IP? it would be faster.
gitea-mirror commented 2026-05-05 13:30:01 -06:00
Author
Owner
Copy link

@craftcm commented on GitHub (Feb 16, 2025):

@craftcm hi, thanks for your sharing. I'm looking into something similar as your case. But why don't you directly run the openVPN server on your VPS which has the public IP? it would be faster.

I thought about this, but I had trouble figuring out how to set it up in a way that achieved my goals. If I'm understanding your suggestion - the idea would be that an OpenVPN (server?) runs on the VPS which faces the internet. My mobile devices (like iPhone or laptop while traveling) would connect to the VPS when needed. In addition, an OpenVPN (client?) within my home network with have an always-on connection to the OpenVPN server running on the VPS and serve to bridge everything together?

This may be something that I look into in the future. I realize that my way of doing this isn't very efficient, but it works and works pretty well which was my primary goal. I can VPN into my home network and - with the exception of no mDNS or multicast support - it's just like I'm back on my home WIFI. I can directly ping all of my home devices and services by their same IP address I use at home. All internet traffic is pushed through my home WAN connection including some destinations that go through a Private Internet Access VPN pipe that is setup on my home router, and all DNS queries are handled by my home PiHole DNS server. It just works. I'm open to hearing more about your suggestion - particularly if you know a way to achieve this outcome in a more elegant and faster way. Cheers!

<!-- gh-comment-id:2661169710 --> @craftcm commented on GitHub (Feb 16, 2025): > [@craftcm](https://github.com/craftcm) hi, thanks for your sharing. I'm looking into something similar as your case. But why don't you directly run the openVPN server on your VPS which has the public IP? it would be faster. I thought about this, but I had trouble figuring out how to set it up in a way that achieved my goals. If I'm understanding your suggestion - the idea would be that an OpenVPN (server?) runs on the VPS which faces the internet. My mobile devices (like iPhone or laptop while traveling) would connect to the VPS when needed. In addition, an OpenVPN (client?) within my home network with have an always-on connection to the OpenVPN server running on the VPS and serve to bridge everything together? This may be something that I look into in the future. I realize that my way of doing this isn't very efficient, but it works and works pretty well which was my primary goal. I can VPN into my home network and - with the exception of no mDNS or multicast support - it's just like I'm back on my home WIFI. I can directly ping all of my home devices and services by their same IP address I use at home. All internet traffic is pushed through my home WAN connection including some destinations that go through a Private Internet Access VPN pipe that is setup on my home router, and all DNS queries are handled by my home PiHole DNS server. It just works. I'm open to hearing more about your suggestion - particularly if you know a way to achieve this outcome in a more elegant and faster way. Cheers!
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
dev
new
master
copilot/review-pull-request-5198
v0.68.1
v0.68.0
v0.67.0
v0.66.0
v0.65.0
v0.64.0
v0.63.0
v0.62.1
v0.62.0
v0.61.2
v0.61.1
v0.61.0
v0.60.0
v0.59.0
v0.58.1
v0.58.0
v0.57.0
v0.56.0
v0.55.1
v0.55.0
v0.54.0
v0.53.2
v0.53.1
v0.53.0
v0.52.3
v0.52.2
v0.52.1
v0.52.0
v0.51.3
v0.51.2
v0.51.1
v0.51.0
v0.50.0
v0.49.0
v0.48.0
v0.47.0
v0.46.1
v0.46.0
v0.45.0
v0.44.0
v0.43.0
v0.42.0
v0.41.0
v0.40.0
v0.39.1
v0.39.0
v0.38.0
v0.37.1
v0.37.0
v0.36.2
v0.36.1
v0.36.0
v0.35.1
v0.35.0
v0.34.3
v0.34.2
v0.34.1
v0.34.0
v0.33.0
v0.32.1
v0.32.0
v0.31.2
v0.31.1
v0.31.0
v0.30.0
v0.29.1
v0.29.0
v0.28.2
v0.28.1
v0.28.0
v0.27.1
v0.27.0
v0.26.0
v0.25.3
v0.25.2
v0.25.1
v0.25.0
v0.24.1
v0.24.0
v0.23.3
v0.23.2
v0.23.1
v0.23.0
v0.22.0
v0.21.0
v0.20.0
v0.19.1
v0.19.0
v0.18.0
v0.17.0
v0.16.1
v0.16.0
v0.15.1
v0.15.0
v0.14.1
v0.14.0
v0.13.0
v0.12.0
v0.11.0
v0.10.0
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.1
v0.8.0
v0.7.0
v0.6.0
v0.5.0
v0.3.0
v0.2.0
v0.1.0
Labels
Clear labels   
In Progress

   
WIP

   
WaitingForInfo

   
bug

   
doc

   
duplicate

   
easy

   
enhancement

   
future

   
help wanted

   
invalid

   
lifecycle/stale

   
need-issue-template

   
need-usage-help

   
no plan

   
proposal

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
todo
No labels
In Progress
WIP
WaitingForInfo
bug
doc
duplicate
easy
enhancement
future
help wanted
invalid
lifecycle/stale
need-issue-template
need-usage-help
no plan
proposal
pull-request
question
todo
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/frp#2320
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?