README
¶
Trojan-Go 
A complete Trojan proxy implemented using Go, compatible with the original Trojan protocol and configuration file format. Secure, efficient, lightweight, and easy to use.
Trojan-Go supports multiplexing to improve concurrency performance, uses a routing module to implement domestic and foreign traffic distribution, supports CDN traffic forwarding (based on WebSocket over TLS), supports secondary encryption of Trojan traffic using AEAD (based on Shadowsocks AEAD), and supports pluggable transport layer plugins that allow for the replacement of TLS and the use of other encrypted tunnel transport Trojan protocol traffic.
Pre-compiled binary executable files can be downloaded from the Release page. Once unpacked, they can be run directly without any other component dependencies.
If you encounter configuration and usage issues, find bugs, or have better ideas, please join the Telegram communication feedback group.
Introduction:
For a full introduction and configuration tutorial, see Trojan-Go Documentation.
Trojan-Go is compatible with most of the original Trojan's features, including but not limited to:
- TLS tunnel transmission
- UDP proxy
- Transparent proxy (NAT mode, iptables settings refer to here)
- Mechanisms to resist passive and active detection by the GFW
- MySQL data persistence solution
- MySQL user authorization
- User traffic statistics and quota restrictions
In addition, Trojan-Go also extends and implements more efficient and easy-to-use functional features, including:
- "Easy mode" for quick deployment
- Socks5/HTTP proxy automatic adaptation
- Transparent proxy based on TProxy (TCP/UDP)
- Full platform support without special dependencies
- Reducing latency and improving concurrency performance based on multiplexing (smux)
- Custom routing module, which can implement domestic and foreign traffic distribution/ad blocking and other functions
- Websocket transmission support to achieve CDN traffic forwarding (based on WebSocket over TLS) and resist GFW man-in-the-middle attacks
- TLS fingerprint forgery to resist GFW feature recognition of TLS Client Hello
- API support based on gRPC to achieve user management and speed limitation, etc.
- Pluggable transport layer that can replace TLS with other protocols or plaintext transmission, while fully supporting Shadowsocks obfuscation plugins
- Supports a more user-friendly YAML configuration file format
Graphical User Interface (GUI) clients:
Trojan-Go server is compatible with all original Trojan clients, such as Igniter and ShadowRocket. The following are clients that support Trojan-Go extension features (Websocket/Mux, etc.):
- Qv2ray: Cross-platform client supporting Windows, macOS, and Linux. It uses the Trojan-Go core and supports all Trojan-Go extension features.
- Igniter-Go: Android client forked from Igniter, which replaces Igniter's core with Trojan-Go and makes some modifications to support all Trojan-Go extension features.
Usage
-
Quick start server and client (Easy mode)
-
Server
sudo ./trojan-go -server -remote 127.0.0.1:80 -local 0.0.0.0:443 -key ./your_key.key -cert ./your_cert.crt -password your_password -
Client
./trojan-go -client -remote example.com:443 -local 127.0.0.1:1080 -password your_password
-
-
Start client/server/transparent proxy/relay using configuration files (Normal mode)
./trojan-go -config config.json -
Start the client using a URL (see documentation for format)
./trojan-go -url 'trojan-go://password@cloudflare.com/?type=ws&path=%2Fpath&host=your-site.com' -
Deploy using Docker
docker run \ --name trojan-go \ -d \ -v /etc/trojan-go/:/etc/trojan-go \ --network host \ p4gefau1t/trojan-goOr
docker run \ --name trojan-go \ -d \ -v /path/to/host/config:/path/in/container \ --network host \ p4gefau1t/trojan-go \ /path/in/container/config.json
Features
In general, Trojan-Go and Trojan are mutually compatible, but once you use the extended features introduced below (such as multiplexing, Websocket, etc.), they will not be compatible.
Portability
The Trojan-Go executable file compiled does not depend on any other components. At the same time, you can easily compile (or cross-compile) Trojan-Go and deploy it on your server, PC, Raspberry Pi, or even a router. You can use build tags to remove modules and reduce the size of the executable file.
For example, to cross-compile a Trojan-Go executable file with only client functionality that can run on a MIPS processor and a Linux operating system, execute the following command. The resulting executable file can be run directly on the target platform:
CGO_ENABLED=0 GOOS=linux GOARCH=mips go build -tags "client" -trimpath -ldflags "-s -w -buildid="
### Ease of Use
The configuration file format is compatible with the original Trojan, but it has been greatly simplified. Fields that are not specified are given default values, making it easier to deploy the server and client. The following is a simple example. The complete configuration file can be found [here](https://p4gefau1t.github.io/trojan-go).
Server configuration file `server.json`:
```json
{
"run_type": "server",
"local_addr": "0.0.0.0",
"local_port": 443,
"remote_addr": "127.0.0.1",
"remote_port": 80,
"password": ["your_awesome_password"],
"ssl": {
"cert": "your_cert.crt",
"key": "your_key.key",
"sni": "www.your-awesome-domain-name.com"
}
}
Client configuration file client.json:
```json
{
"run_type": "client",
"local_addr": "127.0.0.1",
"local_port": 1080,
"remote_addr": "www.your-awesome-domain-name.com",
"remote_port": 443,
"password": ["your_awesome_password"]
}
You can also use the more concise and readable YAML syntax for configuration. The following is an example of a client that is equivalent to client.json above:
Client configuration file client.yaml:
run-type: client
local-addr: 127.0.0.1
local-port: 1080
remote-addr: www.your-awesome-domain_name.com
remote-port: 443
password:
- your_awesome_password
WebSocket
Trojan-Go supports using TLS + Websocket to carry Trojan protocol, making it possible to use CDN for traffic forwarding.
To enable Websocket support, simply add the websocket option to both server and client configuration files, for example:
"websocket": {
"enabled": true,
"path": "/your-websocket-path",
"hostname": "www.your-awesome-domain-name.com"
}
For a complete list of options, see the Trojan-Go documentation.
hostname can be omitted, but the path of the server and client must be consistent. After enabling Websocket support on the server, it can handle both Websocket and regular Trojan traffic. Clients that are not configured with the Websocket option can still work normally.
Note that Trojan does not support Websocket. Therefore, although a Trojan-Go server with Websocket support can be compatible with all clients, if you want to use Websocket to carry traffic, make sure both sides use Trojan-Go.
Multiplexing
Under poor network conditions, a TLS handshake may take a long time. Trojan-Go supports multiplexing (based on smux) which carries multiple TCP connections over a single TLS tunnel, reducing the delay caused by TCP and TLS handshakes and aiming to improve performance in high-concurrency scenarios.
Enabling multiplexing does not improve the link speed measured by speed test, but it can reduce latency and improve the network experience in scenarios with a large number of concurrent requests, such as browsing web pages with many images.
You can enable it by setting the enabled field in the client's mux option to true:
"mux": {
"enabled": true
}
Simply enabling the client mux configuration is sufficient, and the server will automatically detect and support multiplexing. For a complete option description, see the Trojan-Go documentation.
Routing Module
Trojan-Go client has a built-in simple and practical routing module for easy implementation of custom routing functions such as domestic direct connection and overseas proxy.
There are three routing policies:
Proxy: proxies the request through the TLS tunnel and connects to the destination address by the Trojan server.Bypass: connects directly to the destination address using the local device.Block: does not send the request and closes the connection directly.
To activate the routing module, add the router option in the configuration file and set the enabled field to true:
"router": {
"enabled": true,
"bypass": [
"geoip:cn",
"geoip:private",
"full:localhost"
],
"block": [
"cidr:192.168.1.1/24",
],
"proxy": [
"domain:google.com",
],
"default_policy": "proxy"
}
For a complete option description, see the Trojan-Go documentation.
AEAD Encryption
Trojan-Go supports secondary encryption of Trojan protocol traffic based on Shadowsocks AEAD to ensure that WebSocket transmission traffic cannot be recognized and reviewed by untrusted CDNs:
"shadowsocks": {
"enabled": true,
"password": "my-password"
}
If you need to enable it, both the server and client must enable it and ensure that the password is consistent.
Transport Layer Plugin
Trojan-Go supports pluggable transport layer plugins and supports Shadowsocks SIP003 standard obfuscation plugins. Here is an example using v2ray-plugin:
This configuration is not secure and is for demonstration purposes only
Server configuration:
"transport_plugin": {
"enabled": true,
"type": "shadowsocks",
"command": "./v2ray-plugin",
"arg": ["-server", "-host", "www.baidu.com"]
}
Client configuration:
"transport_plugin": {
"enabled": true,
"type": "shadowsocks",
"command": "./v2ray-plugin",
"arg": ["-host", "www.baidu.com"]
}
For full options, please refer to the Trojan-Go documentation.
Build
Please ensure Go version >= 1.14
Compile using make:
git clone https://github.com/RunawayVPN/trojan-go.git
cd trojan-go
make
make install #optional, installs systemd service, etc.
Or compile with Go:
go build -tags "full"
Go supports cross-compilation by setting environment variables. For example:
Compile an executable file for 64-bit Windows operating system:
CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -tags "full"
Compile an executable file for Apple Silicon:
CGO_ENABLED=0 GOOS=macos GOARCH=arm64 go build -tags "full"
Compile an executable file for 64-bit Linux operating system:
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -tags "full"
Acknowledgments
Stargazers over time
Documentation
¶
There is no documentation for this package.
Source Files
Directories