Trojan-Go软件的升级 作者: Hogwarts 发布于: 2021-02-10 更新于: 2023-02-05 分类: 默认分类 前些天水了“Trojan-go的简单搭建”,这是面向初级用户的简单介绍,但作为强迫症患者,里面有好多需要修改的地方。此篇作为上篇的补充,把未尽的事情说完吧。 # 一、是否添加log 在/etc/trojan-go/config.json中可以添加 "log_level": 0, #或1或2或3或4或5 "log_file": "路径", 看自己的爱好吧。本人是省略的,好处就是省心(懒),缺点就是(略)。 # 二、geoip.dat和geosite.dat的问题 这两个文件就不多做说明了,尽量用最新版,而从作者处下载的应该是几天或几个月之前的,所以应该更新。本人用的是Loyalsoldier大佬的。 GitHub介绍:`https://github.com/Loyalsoldier/v2ray-rules-dat`。 现更新Trojan-go中geoip.dat和geosite.dat systemctl stop trojan-go rm /etc/trojan-go/geo* wget -P /etc/trojan-go/ https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geoip.dat https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geosite.dat systemctl restart trojan-go systemctl status trojan-go # 三、用最新版Golang编译Trojan-go 无非就是刷一下存在感。 PS:好像真不是刷存在感,相关依赖的更新确实较慢。又不是不能用。 重症强迫症患者请参考此篇: https://winamp.top/91.html # 四、不用Trojan实现的Trojan协议 先科普一下(填坑):`https://github.com/XTLS/Xray-core/issues/235` trojan是协议,trojan-gfw/trojan-go是trojan的实现,一个c语言编写,一个go语言编写。 xray的trojan支持是从v2ray继承来的,包括mux。ray系的mux公认存在一定问题(不建议使用,还没有修), trojan-go的是smux,它们是不兼容的。 smux#217 还没有合并进xary主分支,另外xtls也没有合进trojan-go主分支 (人话:目前阶段要用smux请保持客户端服务端为trojan-go,要用xtls请保持客户端服务端为xray) 不用Trojan实现的Trojan协议的软件V2ray和Xray比较广泛,本人喜欢原生的东西,不喜欢衍生的。所以从未用其它软件实现过。随着XTLS的横空问世,Xray的XTLS-trojan的实现,改变了我的看法。毕竟XTLS实在是太强了。 ## 4.1 实现的前期准备 - 申请域名和证书,在Go-shadowsocks中有介绍,略。 - 安装caddy并且监听80端口(回落端口,可任意)。 ## 4.2 安装Xray 正常安装Xray,官网有一键安装。 Xray项目:`https://github.com/XTLS/Xray-core` 一键项目:`https://github.com/XTLS/Xray-install` 推荐一键安装: bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install 注意:如果systemctl status xray报错,可能是nobody权限问题。因为xray.service的是以nobody用户运行的。执行`chown -R nobody:root /usr/local/etc/xray/`。证书和密钥的路径也要给与nobody权限。 ## 4.3 修改xray的运行文件 systemctl stop xray vim /usr/local/etc/xray/config.json 输入以下代码,需修改的地方自行修改。 { "log": { "loglevel": "warning" }, "inbounds": [ { "listen": "0.0.0.0", "port": 443, "protocol": "trojan", "settings": { "clients": [ { "password": "自行设置Trojan密码", "level": 0, "email": "a@b.com", "flow":"xtls-rprx-vision" #vision为新模式,未进行充分测试 } ], "decryption": "none", "fallbacks": [ { "dest": 80 }, { "alpn": "h2", "dest": 80 } ] }, "streamSettings": { "network": "tcp", "security": "tls", "tlsSettings": { "serverName": "你的域名", "alpn": [ "h2", "http/1.1" ], "cipherSuites":"TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", "preferServerCipherSuites": true, "certificates": [ { "certificateFile": "/etc/trojan-go/fullchain.cer", #证书路径 "keyFile": "/etc/trojan-go/private.key", #密钥路径 "ocspStapling": 86400 } ] } } } ], "outbounds":[ { "protocol":"freedom", "settings":{}, "tag":"direct" }, { "protocol":"blackhole", "settings":{}, "tag":"adblock" } ], "routing":{ "domainStrategy":"IPOnDemand", "rules":[ { "domain":[ "googleadsserving.com" ], "type":"field", "outboundTag":"adblock" }, { "type":"field", "outboundTag":"direct", "domain":["geosite:cn"] }, { "type": "field", "outboundTag": "block", "protocol": [ "bittorrent" ] } ] } } - PS:因水平有限,回落有时不大好,有时不能打开静态网页,待提高。 - 要是能更新一下geoip.dat和geosite.dat就更好了。 rm /usr/local/share/xray/geo* wget -P /usr/local/share/xray/ https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geoip.dat https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geosite.dat systemctl restart xray systemctl status xray ## 4.4 客户端的推荐 **PC端:**推荐以Xray为核心的V2rayN。 **Openwrt端:**推荐以Xray为核心,选择Xray中的trojan协议;选择 TLS;流控:硬路由选择 xtls-rprx-vision;~~软路由选择direct,尽量不要选splice流控,易翻车~~(参考:`https://github.com/XTLS/Xray-core/discussions/59`)。 **V2rayNG自定义客户端的XTLS-Trojan配置** { "dns": { "hosts": { "domain:googleapis.cn": "googleapis.com" }, "servers": [ "■远程dns", #比如:8.8.4.4 { "address": "■本地dns", #比如:119.29.29.29 "domains": [ "geosite:cn" ], "expectIPs": [ "geoip:cn" ], "port": 53 } ] }, "inbounds": [ { "port": 10808, #Qv2ray为1089 "protocol": "socks", "settings": { "auth": "noauth", "udp": true, "userLevel": 8 }, "sniffing": { "destOverride": [ "http", "tls" ], "enabled": true }, "tag": "socks" }, { "port": 10809, #Qv2ray为8889 "protocol": "http", "settings": { "userLevel": 8 }, "tag": "http" }, { "listen": "127.0.0.1", "port": 10853, "protocol": "dokodemo-door", "settings": { "address": "■远程dns", # "network": "tcp,udp", "port": 53 }, "tag": "dns-in" } ], "log": { "loglevel": "none" }, "outbounds": [ { "mux": { "concurrency": -1, "enabled": false }, "protocol": "trojan", "settings": { "servers": [ { "address": "■域名", # "level": 8, "method": "aes-128-gcm", #可改 "ota": false, "password": "■密码", # "flow": "xtls-rprx-vision", #配置文件久远,不建议使用 "port": 443 } ] }, "streamSettings": { "network": "tcp", "security": "tls", "tlsSettings": { "allowInsecure": false, "serverName": "■域名" # } }, "tag": "proxy" }, { "protocol": "freedom", "settings": {}, "tag": "direct" }, { "protocol": "blackhole", "settings": { "response": { "type": "http" } }, "tag": "block" }, { "protocol": "dns", "tag": "dns-out" } ], "policy": { "levels": { "8": { "connIdle": 300, "downlinkOnly": 1, "handshake": 4, "uplinkOnly": 1 } }, "system": { "statsOutboundUplink": true, "statsOutboundDownlink": true } }, "routing": { "domainStrategy": "IPIfNonMatch", "rules": [ { "inboundTag": [ "dns-in" ], "outboundTag": "dns-out", "type": "field" }, { "ip": [ "■远程dns" # ], "outboundTag": "proxy", "port": "53", "type": "field" }, { "ip": [ "■本地dns" # ], "outboundTag": "direct", "port": "53", "type": "field" }, { "domain": [ "domain:googleapis.cn" ], "outboundTag": "proxy", "type": "field" }, { "ip": [ "geoip:private" ], "outboundTag": "direct", "type": "field" }, { "ip": [ "geoip:cn" ], "outboundTag": "direct", "type": "field" }, { "domain": [ "geosite:cn" ], "outboundTag": "direct", "type": "field" } ] }, "stats": {} } 标签: trojan-go
尽量不要选择splice流控,易翻车。
这是为何呢?为了性能linux客户端不应该都选splice么。配置了fallback用这个会导致容易被墙?
您好,很高兴见到您能阅读我水的小文。
我感觉我的问题不是一句话所能表达的,所以把过程和问题都写下来了,请参考:https://hogwarts.blog/index.php/archives/92/有问题再共同学习。