Install the package or AUR for the development version.
Trojan cannot run without proper configuration. It uses JSON as its config format. All configuration work is done in
/etc/trojan/. Detailed explanations of each field of the config file can be found here.
Examples of config files are at
You'll need to provide a TLS certificate and private key for Trojan servers to work. You can either apply for a free certificate with Let's Encrypt or generate a self-signed one in this[dead link 2020-02-26] way. Then, set the
key_password fields in the config accordingly. Note that you should pin the certificate by setting
cert on the client if you generate a self-signed certificate.
TCP Fast Open
For TCP Fast Open on servers to work, you'll need to turn it on in your OS:
# echo 3 > /proc/sys/net/ipv4/tcp_fastopen
Trojan servers can be disguised as other services over TLS to prevent active probing. This can be done by, for example, running a web server with nginx and pointing
remote_port fields to the server address and port.
# systemctl start trojan@xxx # systemctl enable trojan@xxx
# systemctl start trojan # systemctl enable trojan
Trojan can also start in a shell, by running:
$ trojan /etc/trojan/config.json
You can replace
/etc/trojan/config.json with any other config files. Note that Trojan outputs its log to stderr, so you'll have to redirect it to a file if you want to keep the log.