From ArchWiki
Jump to navigation Jump to search

Trojan is a proxy server, client and protocol, designed to bypass the Great Firewall of China by imitating HTTPS. Trojan claims to be unidentifiable.

Warning: Trojan has not undergone proper degrees of security auditing. Use it with caution!


Install the trojan package or trojan-gitAUR for the development version.


Trojan cannot run without proper configuration. It uses JSON as its config format. All configuration work is done in /etc/trojan/. Detailed explanations of each field of the config file can be found here.

Examples of config files are at /usr/share/doc/trojan/examples/.

TLS certificate

You'll need to provide a TLS certificate and private key for Trojan servers to work. You can either apply for a free certificate with Let's Encrypt or generate a self-signed one in this[dead link 2020-02-26] way. Then, set the cert, key, and key_password fields in the config accordingly. Note that you should pin the certificate by setting cert on the client if you generate a self-signed certificate.

TCP Fast Open

For TCP Fast Open on servers to work, you'll need to turn it on in your OS:

# echo 3 > /proc/sys/net/ipv4/tcp_fastopen


Trojan servers can be disguised as other services over TLS to prevent active probing. This can be done by, for example, running a web server with nginx and pointing remote_addr and remote_port fields to the server address and port.


Systemd services

Trojan can be controlled with trojan.service and trojan@.service. For example, to start and enable Trojan with config file /etc/trojan/xxx.json, you can run:

# systemctl start trojan@xxx
# systemctl enable trojan@xxx


# systemctl start trojan
# systemctl enable trojan

will start and enable trojan with /etc/trojan/config.json.


Trojan can also start in a shell, by running:

$ trojan /etc/trojan/config.json

You can replace /etc/trojan/config.json with any other config files. Note that Trojan outputs its log to stderr, so you'll have to redirect it to a file if you want to keep the log.

See also

GitHub Project