From ArchWiki
Jump to: navigation, search

Trojan is an unidentifiable mechanism that helps you bypass the Great Firewall of China. It consists of a proxy client and a proxy server.


Trojan can be installed with the trojan or trojan-gitAUR package.


Trojan cannot run without proper configuration. It uses JSON as its config format. All configuration work is done in /etc/trojan/. Detailed explanations of each field of the config file can be found here. A convenient config generator is right here.

Examples of client and server configuration are at /etc/trojan/client.json-example and /etc/trojan/server.json-example.

TLS Certificate

You'll need to provide a TLS certificate and private key for trojan servers to work. You can either apply for a free certificate with Let's Encrypt or generate a self-signed one in this way. Then, set the cert, key, and key_password fields in the config accordingly. Note that you should pin the certificate by setting cert on the client if you generate a self-signed certificate.

TCP Fast Open

For TCP Fast Open on servers to work, you'll need to turn it on in your OS:

# echo 3 > /proc/sys/net/ipv4/tcp_fastopen


Trojan servers can be disguised as other services over TLS to prevent active probing. This can be done by, for example, running a web server with nginx and pointing remote_addr and remote_port fields to the server address and port.


Systemd Service

Trojan can be controlled with trojan.service and trojan@.service. For example, to start and enable trojan with config file /etc/trojan/xxx.json, you can run:

# systemctl start trojan@xxx
# systemctl enable trojan@xxx


# systemctl start trojan
# systemctl enable trojan

will start and enable trojan with /etc/trojan/config.json.


Trojan can also start in a shell, by running:

$ trojan /etc/trojan/config.json

You can replace /etc/trojan/config.json with any other config files. Note that trojan outputs its log to stderr, so you'll have to redirect it to a file if you want to keep the log.

See also

GitHub Project