新形穿透防火牆方式Trojan-GFW (Windows Server)教學

raywan

之前出過post講過新形穿透防火牆方式Trojan-GFW,比較過v2ray有唔少進步,速度快,client/server setting比較v2ray簡單好多,一樣可以穿透防火牆,可以睇成為VPN另一選擇,原理就唔多講,看圖就會明白原理

今日只係教大家用windows set server, 手機用android (igniter)做client
首先大家要download Trojan-GWF
https://github.com/trojan-gfw/tr ... ojan-1.14.0-win.zip
之後解壓打開trojan folder,應該見到有2個重要files(trojan.exe/config.json)
打開config.json,你會見到有O的default setting,但係唔可以直接run trojan.exe就可以行service,因為當中有O的setting係要改同加返cert,key files(TLS 加密)先可以運行
網上有個web site可以幫你做張cert/key file
https://www.selfsignedcertificate.com/
入左呢個網之後,自己求其打個自己個domain name入去就可以gen到張cert,(打咩名係唔會影響Trojan-GFW運行)
有左呢張cert同key file,就可以放入去trojan folder入面,路徑請參考以下config.json setting有寫

1. {
   
2.     "run_type": "server",
   
3.     "local_addr": "192.168.1.102",
   
4.     "local_port": 1080,
   
5.     "remote_addr": "hkepc.com",
   
6.     "remote_port": 443,
   
7.     "password": [
   
8.         "password",
   
9. "password2",
   
10. "user-passsword3"
    
11.     ],
    
12.     "log_level": 1,
    
13.     "ssl": {
    
14.         "verify": true,
    
15.         "verify_hostname": true,
    
16.         "cert": "Z:/trojan-1.14.0-win/trojan/Cert.cert",       
    
17.                 "key": "Z:/trojan-1.14.0-win/trojan/Key.key",       
    
18.         "cipher": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:RSA-AES128-GCM-SHA256:RSA-AES256-GCM-SHA384:RSA-AES128-SHA:RSA-AES256-SHA:RSA-3DES-EDE-SHA",
    
19.         "cipher_tls13":"TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384",
    
20.         "sni": "",
    
21.         "alpn": [
    
22.             "h2",
    
23.             "http/1.1"
    
24.         ],
    
25.         "reuse_session": true,
    
26.         "session_ticket": false,
    
27.         "curves": ""
    
28.     },
    
29.     "tcp": {
    
30.         "no_delay": true,
    
31.         "keep_alive": true,
    
32.         "reuse_port": false,
    
33.         "fast_open": false,
    
34.         "fast_open_qlen": 20
    
35.     }
    
36. }

複製代碼

記住config.json內"run_type": "server"先得,當然可以照我config.json copy&paste就可以,注意cert/key file要改好名,放入適當位置就可以double click trojen.exe運行
當trojen.exe成功運行,會見到以下顯示

1. Welcome to trojan 1.14.0
   
2. [2020-01-17 01:49:16] [WARN] trojan service (server) started at 192.168.1.102:1080
   
3. [2020-01-17 01:49:17] [INFO] 203.160.71.106:30107 authenticated as password

複製代碼

代表trojan.exe 已經成功運行
手機setting非常簡單

address只要打返你部電腦IP(內聯網IP/internet IP),port就係config.json內1080
不要選vertifiy certificate就可以成功運線
只要手機同PC響內聯網內,就可以成功連線,也可以響router做port forward返入內聯IP連線,當成VPN用

freefdhk

留名學野@_@

raywan

現在做緊內聯/網外手機測試,2樣都可以成功運行
感覺上比v2ray反應更快

MirageKnight

基本上係v2ray tls的簡化版. 佢會比v2ray快一點. 因為佢無咗v2ray 的第二層vmess加密, 只做TLS加密. 長城基本上唔敢亂ban 443port的TLS connection.
我自己用開v2ray + nginx tls. 依一年係大陸時未試過唔到返香港家居寛頻的v2ray. 因為用nginx起一個有content的website. 用一個sub page來redirect v2ray. 長城還未先進到 check到. . 而用trojan就有依一個問題. 如果長城進化到會check你個443 tls有無content就會出事.

raywan

基本上係v2ray tls的簡化版. 佢會比v2ray快一點. 因為佢無咗v2ray 的第二層vmess加密, 只做TLS加密. ...
MirageKnight 發表於 2020-1-17 02:27

    剛剛試過用v2ray/trojan測速,v2ray速度快過同穩定過trojan,但係jitter/ping係慢過trojan,我估係CMHK網絡商識別到trojan https加密當成普通上網,之後就不停QoS,但係v2ray就行vmess,基本上網絡商完全識別唔到係咩protocol,無得行QoS,所以全程測速v2ray真係可以行足max speed,但係torjan就時快時慢,不過trojan反應真係比v2ray快好多,用電量也比v2ray來得少

MirageKnight

剛剛試過用v2ray/trojan測速,v2ray速度快過同穩定過trojan,但係jitter/ping係慢過trojan,我估係CMHK ...
raywan 發表於 2020-1-17 02:51

v2ray websocket tls 係一定慢過trojan的. v2ray 只用 vmess唔用websocket tls係會快過trojan. 但已經會比長城係短時間內好似SS, SSR 等VMESS類加密工具 check到而block. 係大陸翻牆最安全係得返假狗443 TLS加密.

raywan

之前出過post講過新形穿透防火牆方式Trojan-GFW,比較過v2ray有唔少進步,速度快,client/server setting比較v ...
raywan 發表於 2020-1-17 01:44

    Linux install
https://github.com/trojan-gfw/trojan-quickstart

new68u

v2ray websocket tls 係一定慢過trojan的. v2ray 只用 vmess唔用websocket tls係會快過trojan. 但已經會 ...
MirageKnight 發表於 2020-1-17 02:59

ching有冇試過隻shadowsocks v2ray plug-in? 係ss個作者寫的。本身裝喺隻ac68u用開ss+obfs+tls，見有v2ray plug-in想試但係點都start唔到。

(由 HKEPC Android 手機版 發出)

raywan

ching有冇試過隻shadowsocks v2ray plug-in? 係ss個作者寫的。本身裝喺隻ac68u用開ss+obfs+tls，見有v2ra ...
new68u 發表於 2020-1-17 08:13

    無玩SS,你係跟睇邊個website教學,post來睇下,有咩error message

new68u

無玩SS,你係跟睇邊個website教學,post來睇下,有咩error message
raywan 發表於 2020-1-17 11:17

v2ray-plugin:
https://github.com/shadowsocks/v2ray-plugin

本來想試ss over https唔成功, 改為最簡單既ss over http都唔得:
ss-server -c config.json -v -u

config.json:
{
"server":"0.0.0.0",
"server_port":30168,
"password":"xxxxxx",
"timeout":600,
"method":"aes-256-gcm",
"plugin":"v2ray-plugin",
"plugin_opts":"server"
}

Error log:
2020-01-16 15:43:35 INFO: plugin "v2ray-plugin" enabled
2020-01-16 15:43:35 INFO: UDP relay enabled
2020-01-16 15:43:35 INFO: initializing ciphers... aes-256-gcm
2020-01-16 15:43:35 INFO: using nameserver: 1.1.1.1,1.0.0.1
2020-01-16 15:43:35 INFO: tcp server listening at 127.0.0.1:57726
2020-01-16 15:43:35 INFO: udp server listening at 0.0.0.0:30168
2020-01-16 15:43:35 INFO: running from root user
2020-01-16 15:43:35 ERROR: plugin service exit unexpectedly
2020-01-16 15:43:35 INFO: closed gracefully
2020-01-16 15:43:35 INFO: error on terminating the plugin.