Have you ever needed to access a local web server, SSH, or Remote Desktop on your home computer from the outside world, but couldn't? Maybe your ISP puts you behind CGNAT (no public IP), or you don't have access to the router's port forwarding settings.
FRP (Fast Reverse Proxy) is the solution. It connects a client behind a firewall (your home network) to a server with a public IP (a cheap VPS), creating a tunnel that lets you access your local services from anywhere.
FRP consists of two parts:
- frps (Server): Runs on a VPS with a public IP.
- frpc (Client): Runs on your local network (Linux, Windows, macOS, or routers like pfSense).
Part 1: Setting up the Server (frps)
We will use a Linux (Ubuntu/Debian) VPS for the server.
1. Download and Install
Find the latest release on the GitHub Releases page. Download the Linux version (usually linux_amd64):
wget https://github.com/fatedier/frp/releases/download/v0.52.0/frp_0.52.0_linux_amd64.tar.gz
tar -zxvf frp_0.52.0_linux_amd64.tar.gz
cd frp_0.52.0_linux_amd64
# Move the binary to a system path
sudo mv frps /usr/local/bin/
sudo mkdir /etc/frp
sudo mv frps.toml /etc/frp/2. Configure Server
Edit /etc/frp/frps.toml. This file defines how the server listens and secures the connection.
# /etc/frp/frps.toml
bindPort = 7000 # Port for frpc to connect to
# Security (Required)
auth.token = "MySuperSecretToken123!" # Change this!
# Dashboard (Optional but Recommended)
webServer.addr = "0.0.0.0"
webServer.port = 7500
webServer.user = "admin"
webServer.password = "admin123" # Change this!3. Create Systemd Service
To keep frps running in the background, create a service file:
sudo nano /etc/systemd/system/frps.servicePaste this content:
[Unit]
Description=Frp Server Service
After=network.target
[Service]
Type=simple
User=root
ExecStart=/usr/local/bin/frps -c /etc/frp/frps.toml
Restart=on-failure
RestartSec=5s
[Install]
WantedBy=multi-user.targetEnable and start the server:
sudo systemctl enable frps
sudo systemctl start frps
sudo systemctl status frpsYou can now access the admin dashboard at http://YOUR_VPS_IP:7500.
Part 2: Setting up the Client (frpc)
The client runs on the machine you want to expose.
1. Installation
The installation process is identical to the server (download tar.gz, extract), but you move frpc instead of frps.
sudo mv frpc /usr/local/bin/
sudo mkdir -p /etc/frp
sudo mv frpc.toml /etc/frp/2. Configure Client (Linux Example)
Edit /etc/frp/frpc.toml to connect to your VPS and expose a service (e.g., SSH).
# /etc/frp/frpc.toml
serverAddr = "x.x.x.x" # Your VPS Public IP
serverPort = 7000
auth.token = "MySuperSecretToken123!"
# Example: Expose local SSH (port 22) to remote port 6000
[[proxies]]
name = "ssh-home"
type = "tcp"
localIP = "127.0.0.1"
localPort = 22
remotePort = 6000After starting frpc (using a similar systemd file as above, but pointing to frpc), you can SSH into your home machine via the VPS:
ssh -p 6000 user@YOUR_VPS_IPUsing pfSense as a Client
If you have a pfSense router, you can run the client directly on your router to expose multiple internal network devices.
- Install the Package: Go to System > Package Manager > Available Packages and search for
frp. Install it. - Configuration:
- Go to Services > FRP.
- Check "Enable".
- Server Address: Your VPS IP.
- Server Port:
7000. - Token:
MySuperSecretToken123!.
- Proxies List:
- Click "Add" to define a new proxy.
- Type:
TCP. - Local IP: The internal IP of the device you want to expose (e.g.,
192.168.1.50). - Local Port: The service port (e.g.,
80for web,3389for RDP). - Remote Port: The port on the VPS to listen on (e.g.,
8080).
Once saved, the FRP service on pfSense will maintain the tunnel, and you can access your internal device via YOUR_VPS_IP:8080.
Conclusion
FRP is a powerful, lightweight tool that punches through restrictive network environments. With the Admin Dashboard, you can easily monitor traffic and connection status for all your tunnels.