FPTN is a VPN technology engineered from the ground up to provide secure, robust, and censorship-resistant connections capable of bypassing network filtering and deep packet inspection (DPI). Key Technical Features:
- L3 Tunnel (Network Layer)
- IP Packet Tunneling: Encapsulates and transmits raw IP packets (IPv4/IPv6) over a secure tunnel to the VPN server.
- Split Tunneling: Provides granular control over routing policies. Users can define rules (based on domains or IP networks) to specify which traffic is routed through the VPN tunnel; all other traffic uses the direct internet connection.
- Server-side NAT: Implements Network Address Translation (NAT) on the server. Future roadmap includes support for user grouping into virtual LANs (VLANs) for peer-to-peer communication within the VPN.
- Traffic Obfuscation and Blocking Evasion
- Resistance to active Deep Packet Inspection (DPI): The server can identify FPTN clients during the TLS handshake by analyzing the session_id (which the FPTN client can set using a special time-based method). If the client is not recognized as an FPTN client, the server acts as a transparent proxy and returns legitimate content for the requested domain.
- The VPN connection is masqueraded as regular HTTPS traffic (a mode for short-lived HTTPS connections is also under development).
- Three implemented methods for bypassing blocks:
- SNI Spoofing: A fake domain name is set in the TLS ClientHello packet that initiates the connection. Traffic analysis systems observe a legitimate TLS connection, while the traffic is actually routed to the VPN server.
- Obfuscation: The traffic is disguised as an already established TLS session, hiding the initial TLS handshake and preventing detection by DPI systems.
- Reality Mode with SNI Spoofing: The client initiates a connection to the VPN server using a spoofed Server Name Indication (SNI), receives a genuine TLS handshake response from the actual (spoofed) website, and then continues data exchange with the VPN server within the same connection.
- The desktop client includes an integrated
SNI scanner utility.
- Transport Protocol
- Uses a proprietary transport protocol based on Protocol Buffers (Protobuf) for data exchange between the client and server.
- Protocol-level padding: Data packets are padded with random data to randomize traffic patterns and complicate analysis.
- The server provides a REST API for client authentication and retrieving specific configuration settings.
- Advanced Functionality
- Built-in filtering of unwanted traffic (e.g., the BitTorrent protocol).
- Per-user bandwidth and traffic control: The server employs a traffic shaper based on the Leaky Bucket algorithm, allowing for granular bandwidth policy configuration.
- Support for a multi-server architecture with a single master server that stores all user data and configuration.
- System monitoring via Prometheus and visualization dashboards in Grafana.
- Ability for users to connect and manage their service via a Telegram bot.
- Cross-Platform Clients
- A cross-platform core library, libfptn, has been developed for use across various operating systems. It implements the FPTN network protocol, connection management, and data transmission mechanisms for the VPN tunnel.
- Desktop Clients: Windows, macOS, Linux — a minimalist client focused on ease of use.
- Mobile Clients: Android, iOS (under development).
- Simple Token-Based Configuration
- A Token is a specially generated configuration file containing all necessary settings for the system.
- Enables connection to the VPN without manual configuration: the user simply imports the token into the client application to begin using the service.
🍏🍎MacOS users are recommended to review the macOS installation guide, as macOS includes additional security measures that may require specific actions.
Download the FPTN client from the website or GitHub. After downloading, install and launch the client.
The client is a compact application whose icon resides in the system tray.
Simply click the icon to open the context menu.
Navigate to the "Settings" menu, where you need to add an access token. Obtain a token by contacting our Telegram bot,
Copy the token, click the "Add Token" button, paste it into the form, and save.
After this, available servers will appear in the list.
Ease of use:
You can also easily turn your Raspberry Pi or Orange Pi into a WiFi access point and install the FPTN client on it. In this case, all devices connected to this WiFi network will be able to access the internet, bypassing any restrictions. Read more here
Installing and Configuring the FPTN Server
Setting up and running your own FPTN server is done via Docker. This ensures easy deployment, convenient updates, and environment isolation. Instructions are available on DockerHub.
You can also deploy your own management and monitoring tools:
- Telegram bot – issuing tokens to users sysadmin-tools/telegram-bot/README.md.
- Grafana + Prometheus – monitoring server and user status sysadmin-tools/grafana/README.md
Building the Project from Source
- Install required dependencies
- Install Conan (version 2.22.2):
pip install conan==2.22.2- Detect and configure the Conan profile:
conan profile detect --force- Install dependencies, build, and install:
conan install . --output-folder=build --build=missing -s compiler.cppstd=17 -o with_gui_client=True --settings build_type=Release
# Linux & macOS only
cmake .. -DCMAKE_TOOLCHAIN_FILE=conan_toolchain.cmake -DCMAKE_BUILD_TYPE=Debug
# Windows only
cmake .. -G "Visual Studio 17 2022" -DCMAKE_TOOLCHAIN_FILE="conan_toolchain.cmake" -DCMAKE_BUILD_TYPE=Debug
cmake --build . --config Release
ctest- Building the Installer
-
Windows
cmake --build . --config Release --target build-installer -
Ubuntu
cmake --build . --config Release --target build-deb-gui -
macOS
cmake --build . --target build-pkg
Using CLion IDE for Development
Run the following command in the project's root folder:
conan install . --output-folder=cmake-build-debug --build=missing -s compiler.cppstd=17 -o with_gui_client=True --settings build_type=DebugOpen the project in CLion. After opening, the Open Project Wizard window will appear automatically. In it, you need to add the following CMake parameter:
-DCMAKE_TOOLCHAIN_FILE=conan_toolchain.cmakeFPTN is developed by a team of volunteers and independent developers.
If you wish to support the project, you can donate via Boosty. Project sponsors have speed limits removed on our servers and (optionally) have their usernames published in FPTN clients.
Our Telegram chat for users and developers: FPTN Project
Join the community and the development team!