1、ubuntu 18.04 升级至 18.10
2、更新依赖
apt update
apt upgrade
3、启动bbr
注意版本,需CentOS 8或Debian ≥ 9
echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf
sysctl -p
sysctl net.ipv4.tcp_congestion_control
4配置trojan
4.1添加ppa源
apt install software-properties-common
add-apt-repository ppa:greaterfire/trojan
apt update
4.2安装trojan
apt install trojan
4.3创建CA证书
安装CA证书所需的工具
apt install gnutls-bin gnutls-doc
创建 CA 模板 ca.tmpl
vi /etc/ca-certificates/ca.tmpl
#内容为:
cn = "vps的IP地址"
organization = "Trojan"
serial = 1
expiration_days = 3650
ca
signing_key
cert_signing_key
crl_signing_key
生成 CA 密钥:
cd /etc/ca-certificates
certtool --generate-privkey --outfile ca-key.pem
生成 CA 证书:
certtool --generate-self-signed --load-privkey ca-key.pem --template ca.tmpl --outfile ca-cert.pem
创建服务器证书模板 :
vi /etc/ca-certificates/server.tmpl
#内容为:
cn = "vps的IP地址"
organization = "Trojan"
expiration_days = 3650
signing_key
encryption_key
tls_www_server
生成服务器证书密钥:
certtool --generate-privkey --outfile server-key.pem
生成服务器证书:
certtool --generate-certificate --load-privkey server-key.pem --load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem --template server.tmpl --outfile server-cert.pem
4.4修改服务器配置文件
vi /etc/trojan/config.json
#内容为:
{
"run_type": "server",
"local_addr": "0.0.0.0",
"local_port": 443,
"remote_addr": "127.0.0.1",
"remote_port": 80,
"password": [
"你的密码"
],
"log_level": 1,
"ssl": {
"cert": "/etc/ca-certificates/server-cert.pem",
"key": "/etc/ca-certificates/server-key.pem",
"key_password": "",
"cipher": "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256",
"prefer_server_cipher": true,
"alpn": [
"http/1.1"
],
"reuse_session": true,
"session_timeout": 300,
"curves": "",
"sigalgs": "",
"dhparam": ""
}
}
4.5试运行
cd
trojan /etc/trojan/config.json
4.6把命令运行为server
因为命令trojan /etc/trojan/config.json是运行在前台的,我们需要利用systemd来把该命令运行为service,运行下面命令
vi /etc/systemd/system/trojan.service
其内容为:
[Unit]
After=network.target
[Service]
ExecStart=/usr/bin/trojan /etc/trojan/config.json
Restart=always
[Install]
WantedBy=multi-user.target
4.7启动Trojan
systemctl start trojan
启用 trojan 的 systemd service
systemctl enable trojan
查看运行状态
systemctl status trojan
5 客户端
win7 客户端执行时发生vcruntime140.dll丢失,安装Microsoft visual C++
下载trojan服务器/etc/ca-certificates/文件夹下的ca-cert.pem文件,并存放到客户端的trojan文件夹内。
修改:端口、ip地址、密码、cert证书
近期评论