mirror of
https://github.com/fatedier/frp.git
synced 2026-05-15 08:05:49 -06:00
[GH-ISSUE #3343] How might one configure frp to facilitate Verizon's Certificate Management Protocol (CMP) server? #2677
Labels
No labels
In Progress
WIP
WaitingForInfo
bug
doc
duplicate
easy
enhancement
future
help wanted
invalid
lifecycle/stale
need-issue-template
need-usage-help
no plan
proposal
pull-request
question
todo
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: github-starred/frp#2677
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @ylluminate on GitHub (Mar 6, 2023).
Original GitHub issue: https://github.com/fatedier/frp/issues/3343
Bug Description
I have a situation with a Verizon LTE Network Extender behind a Starlink ISP connection. Due to Starlink's CG-NAT (Carrier Grade NAT) that gives a single IP to multiple client premises, it appears that the Verizon LTE Network Extender device is having a hard time negotiating a certificate.
The messages in question are specifically:
Some suggestions appear to be to use port forwarding, but I don't see a clear path to do this except with and through FRP in some creative fashion:
https://libreddit.tiekoetter.com/r/Starlink/comments/teecu4/help_with_verizon_lte_extender_and_bypassing/i0pjvk9/?context=3
Any thoughts on what I might do specifically kinda of facilitate a DMZ-like scenario that would allow some level of direct communication of the Verizon device through FRP-client to an endpoint server I have already running FRP's server?
I'm not entirely sure how to visualize how FRP would orchestrate this with the remote dedicated IP FRP server.
frpc Version
0.46.1
frps Version
0.46.1
System Architecture
linux/amd64
Configurations
Not yet sure - need input
Logs
No response
Steps to reproduce
...
Affected area
@Becods commented on GitHub (Mar 7, 2023):
I do not quite understand what you want to say.
For your question, you need to consult your equipment supplier.
frp will only help you to expose your local server behind NAT or firewall to the Internet.
@ylluminate commented on GitHub (Mar 7, 2023):
The equipment supplier / Verizon does not know anything and cannot help. The problem here is that it appears that due to their negotiating their own VPN for the range extenders for their phone systems in areas that have poor or no coverage.
For example, note this thread from last year:
https://libreddit.tiekoetter.com/r/Starlink/comments/teecu4/help_with_verizon_lte_extender_and_bypassing/
You will see how one person suggests that ports 50, 53, 80, 123, 500, and 4500 need to be opened.
Starlink simply does not allow this due to their CG-NAT (Carrier Grade NAT) implementation that uses a shared IP for multiple customer premises and therefore has no way to NAT over.
FRP has worked great to facilitate getting into various services on my LAN so far...
But I'd like to understand if there's a mechanism to expand this in FRP to allow all of these ports to be open for this device in a way that would allow the Verizon Range Extender function as it is expecting to. For example, the simplest option I can think of is that a dedicated public IP address could be assigned and all ports forwarded like a DMZ. Another option might be to use a (different) IP address and forward all of these ports since 80 appears to be needed perhaps (this is not 100% clear for port 80 yet).
Does this make more sense? Any ideas?
@fatedier commented on GitHub (Mar 8, 2023):
@ylluminate For your particular situation, using a VPN would be more suitable.
@github-actions[bot] commented on GitHub (Apr 8, 2023):
Issues go stale after 30d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.