Trojan

From ArchWiki
Jump to: navigation, search

Trojan is a proxy server, client and protocol, designed to bypass the Great Firewall of China by imitating HTTPS. Trojan claims to be unidentifiable.

Installation

Install the trojan package or trojan-gitAUR for the development version.

Configuration

Trojan cannot run without proper configuration. It uses JSON as its config format. All configuration work is done in /etc/trojan/. Detailed explanations of each field of the config file can be found here.

Examples of config files are at /usr/share/doc/trojan/examples/.

TLS certificate

You'll need to provide a TLS certificate and private key for Trojan servers to work. You can either apply for a free certificate with Let's Encrypt or generate a self-signed one in this way. Then, set the cert, key, and key_password fields in the config accordingly. Note that you should pin the certificate by setting cert on the client if you generate a self-signed certificate.

TCP Fast Open

For TCP Fast Open on servers to work, you'll need to turn it on in your OS:

# echo 3 > /proc/sys/net/ipv4/tcp_fastopen

Disguise

Trojan servers can be disguised as other services over TLS to prevent active probing. This can be done by, for example, running a web server with nginx and pointing remote_addr and remote_port fields to the server address and port.

Running

Systemd services

Trojan can be controlled with trojan.service and trojan@.service. For example, to start and enable Trojan with config file /etc/trojan/xxx.json, you can run:

# systemctl start trojan@xxx
# systemctl enable trojan@xxx

Running

# systemctl start trojan
# systemctl enable trojan

will start and enable trojan with /etc/trojan/config.json.

Manually

Trojan can also start in a shell, by running:

$ trojan /etc/trojan/config.json

You can replace /etc/trojan/config.json with any other config files. Note that Trojan outputs its log to stderr, so you'll have to redirect it to a file if you want to keep the log.

See also

GitHub Project