Trojan
Trojan is a proxy server, client and protocol, designed to bypass the Great Firewall of China by imitating HTTPS. Trojan claims to be unidentifiable.
Contents
Installation
Install the trojan package or trojan-gitAUR for the development version.
Configuration
Trojan cannot run without proper configuration. It uses JSON as its config format. All configuration work is done in /etc/trojan/
. Detailed explanations of each field of the config file can be found here.
Examples of config files are at /usr/share/doc/trojan/examples/
.
TLS certificate
You'll need to provide a TLS certificate and private key for Trojan servers to work. You can either apply for a free certificate with Let's Encrypt or generate a self-signed one in this[dead link 2020-02-26] way. Then, set the cert
, key
, and key_password
fields in the config accordingly. Note that you should pin the certificate by setting cert
on the client if you generate a self-signed certificate.
TCP Fast Open
For TCP Fast Open on servers to work, you'll need to turn it on in your OS:
# echo 3 > /proc/sys/net/ipv4/tcp_fastopen
Disguise
Trojan servers can be disguised as other services over TLS to prevent active probing. This can be done by, for example, running a web server with nginx and pointing remote_addr
and remote_port
fields to the server address and port.
Running
Systemd services
Trojan can be controlled with trojan.service
and trojan@.service
. For example, to start and enable Trojan with config file /etc/trojan/xxx.json
, you can run:
# systemctl start trojan@xxx # systemctl enable trojan@xxx
Running
# systemctl start trojan # systemctl enable trojan
will start and enable trojan with /etc/trojan/config.json
.
Manually
Trojan can also start in a shell, by running:
$ trojan /etc/trojan/config.json
You can replace /etc/trojan/config.json
with any other config files. Note that Trojan outputs its log to stderr, so you'll have to redirect it to a file if you want to keep the log.