Custom VPN technology #vpn #fptn #fuck-putin
10K+
FPTN is a VPN technology built from the ground up to provide secure, censorship- and block-resistant connections that can bypass censorship and network filtering.
session_id field. This allows the server to authenticate clients without exposing a visible VPN protocol or additional negotiation phase.Create a folder to store all server files and configurations. This keeps your setup organized.
mkdir fptn-server && cd fptn-server
services:
fptn-server:
restart: unless-stopped
image: fptnvpn/fptn-vpn-server:latest
privileged: true
cap_add:
- NET_ADMIN
- SYS_MODULE
- NET_RAW
- SYS_ADMIN
- SYS_RESOURCE
sysctls:
net.ipv4.ip_local_port_range: "1024 65535"
ulimits:
nproc:
soft: 524288
hard: 524288
nofile:
soft: 524288
hard: 524288
memlock:
soft: 524288
hard: 524288
devices:
- /dev/net/tun:/dev/net/tun
ports:
- "${FPTN_PORT}:443/tcp"
volumes:
- ./fptn-server-data:/etc/fptn
environment:
- ENABLE_DETECT_PROBING=${ENABLE_DETECT_PROBING}
- DEFAULT_PROXY_DOMAIN=${DEFAULT_PROXY_DOMAIN}
- ALLOWED_SNI_LIST=${ALLOWED_SNI_LIST}
- DISABLE_BITTORRENT=${DISABLE_BITTORRENT}
- PROMETHEUS_SECRET_ACCESS_KEY=${PROMETHEUS_SECRET_ACCESS_KEY}
- USE_REMOTE_SERVER_AUTH=${USE_REMOTE_SERVER_AUTH}
- REMOTE_SERVER_AUTH_HOST=${REMOTE_SERVER_AUTH_HOST}
- REMOTE_SERVER_AUTH_PORT=${REMOTE_SERVER_AUTH_PORT}
- MAX_ACTIVE_SESSIONS_PER_USER=${MAX_ACTIVE_SESSIONS_PER_USER}
- SERVER_EXTERNAL_IPS=${SERVER_EXTERNAL_IPS}
- MTU_SIZE=${MTU_SIZE:-1500}
- USING_DNS_SERVER=${USING_DNS_SERVER:-dnsmasq}
- DNS_IPV6_ENABLE=${DNS_IPV6_ENABLE:-false}
- DNS_IPV4_PRIMARY=${DNS_IPV4_PRIMARY:-8.8.8.8}
- DNS_IPV4_SECONDARY=${DNS_IPV4_SECONDARY:-8.8.4.4}
- DNS_IPV6_PRIMARY=${DNS_IPV6_PRIMARY:-2001:4860:4860::8888}
- DNS_IPV6_SECONDARY=${DNS_IPV6_SECONDARY:-2001:4860:4860::8844}
healthcheck:
test: ["CMD", "sh", "-c", "pgrep fptn-server"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s
networks:
- fptn-network
networks:
fptn-network:
driver: bridge
enable_ipv6: true
ipam:
config:
- subnet: dead:beef:cafe::/48
gateway: dead:beef:cafe::1
- subnet: 192.168.200.0/24
gateway: 192.168.200.1
.env file and configure server options.# ============================================
# FPTN SERVER
# ============================================
FPTN_PORT=443
# Comma-separated list of server's public IPv4 addresses.
# IMPORTANT: Set all server public IPs to prevent proxy loops when server receives requests to itself
# Example: SERVER_EXTERNAL_IPS=1.2.3.4,5.6.7.8
SERVER_EXTERNAL_IPS=
# Enable detection of probing attempts (accepted values: true or false)
ENABLE_DETECT_PROBING=true
# Default domain where non-VPN client traffic will be redirected
# When someone scans your server (not using VPN), their connection will be forwarded to this domain instead
DEFAULT_PROXY_DOMAIN=rutube.ru
# Comma-separated list of allowed website domains for non-VPN clients
# This acts like a "whitelist" of websites that scanning bots are allowed to reach
# Behavior logic:
# - List is empty (default): allows ALL domains, proxy all non-VPN traffic to the SNI in the TLS-handshake
# - List is NOT empty: use as whitelist:
# - Client SNI in list -> proxy to client's SNI
# - Client SNI not in list -> proxy to --default-proxy-domain
# Domain matching includes all subdomains:
# - If "example.com" is in the list, it will match:
# - example.com (exact match)
# - www.example.com
# - api.example.com
# - any.other.sub.example.com
# Examples:
# ALLOWED_SNI_LIST=example.com,test.org
# This allows: example.com, test.org and ALL their subdomains
# ALLOWED_SNI_LIST=vprok.ru,vk.com,perekrestok.ru,x5.ru,yandex.ru,yandex.com,max.ru,alfabank.ru,ozone.ru,rutube.ru
ALLOWED_SNI_LIST=
# Block BitTorrent traffic to prevent abuse (accepted values: true or false)
DISABLE_BITTORRENT=true
# Set the USE_REMOTE_SERVER_AUTH variable to true if you need to
# redirect requests to a master FPTN server for authorization.
# This is used for cluster operations.
USE_REMOTE_SERVER_AUTH=false
# Specify the remote FPTN server's host address for authorization.
# This should be the IP address or domain name of the server.
REMOTE_SERVER_AUTH_HOST=127.0.0.1
# Specify the port of the remote FPTN server for authorization.
# The default is port 443 for secure HTTPS connections.
REMOTE_SERVER_AUTH_PORT=443
# Set a secret key to allow Prometheus to access the server's statistics.
# This key must be alphanumeric (letters and numbers only) and must not include spaces or special characters.
PROMETHEUS_SECRET_ACCESS_KEY=
# Maximum number of active sessions allowed per VPN user
MAX_ACTIVE_SESSIONS_PER_USER=3
# ============================================
# DNS SERVER
# ============================================
# Choose which DNS server will be used for the VPN clients
# Available options:
# - dnsmasq : Lightweight, caching DNS forwarder
# - unbound : Recursive, validating DNS resolver
# Default: dnsmasq
USING_DNS_SERVER=unbound
# Enable/disable IPv6 DNS resolution
# Values: true, false
# Default: false
DNS_IPV6_ENABLE=false
# DNS SETTINGS IPv4
# These settings are used ONLY when USING_DNS_SERVER=dnsmasq
DNS_IPV4_PRIMARY=8.8.8.8
DNS_IPV4_SECONDARY=8.8.4.4
# DNS SETTINGS IPv6
# These settings are used ONLY when USING_DNS_SERVER=dnsmasq
DNS_IPV6_PRIMARY=2001:4860:4860::8888
DNS_IPV6_SECONDARY=2001:4860:4860::8844
SERVER_EXTERNAL_IPS (REQUIRED) - Comma-separated list of your server's public IPv4 addresses. Example: 1.2.3.4,5.6.7.8
Create a private key and self-signed certificate for HTTPS. Required for secure client connections.
docker compose run --rm fptn-server sh -c "cd /etc/fptn && openssl genrsa -out server.key 2048"
docker compose run --rm fptn-server sh -c "cd /etc/fptn && openssl req -new -x509 -key server.key -out server.crt -days 365"
docker compose run --rm fptn-server sh -c "openssl x509 -noout -fingerprint -md5 -in /etc/fptn/server.crt | cut -d'=' -f2 | tr -d ':' | tr 'A-F' 'a-f' | xargs -I {} echo 'MD5 Fingerprint: {}'"
Launch the VPN server container in detached mode.
docker compose up -d
Ensure the container is running and healthy.
docker compose ps
Create a VPN user that clients will use to connect. You can set a per-user bandwidth limit.
docker compose exec fptn-server fptn-passwd --add-user <username> --bandwidth 100
<username> with the desired username.--bandwidth option sets the maximum connection speed in Mbps for this user.Generate a token for the VPN client. This token includes the username, password, and server IP, and is used in the client app to connect.
docker compose run --rm fptn-server token-generator --user <username> --password <password> --server-ip <server_public_ip> --port <server_public_port>
Replace:
<username> — the VPN username you created<password> — the password for this user<server_public_ip> — the public IP address of your VPN server<server_public_port> — port number for the VPN server (default: 443, range: 1-65535)Content type
Image
Digest
sha256:cf9de1b18…
Size
79.8 MB
Last updated
about 21 hours ago
docker pull fptnvpn/fptn-vpn-server:test-speed