Skip to content
/ trojan-oxide Public

A Rust implementation of Trojan with QUIC tunnel, Lite-TLS and more.

License

GPL-3.0 license
32 stars 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

3andne/trojan-oxide

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

207 Commits
benches
benches
 
 
src
src
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
readme.md
readme.md
 
 

Repository files navigation

Trojan-Oxide

A Rust implementation of Trojan with QUIC tunnel, Lite-TLS and more.

Overview

  1. Full support for the original Trojan Protocol, including TCP and UDP traffic.
  2. Pure Rust implementation with no comprimise on security and speed.
    • Highly efficient Tokio-based async network io.
    • Minimized memory consumption.
    • Predictable performance with no runtime garbage collector.
    • Poll based UDP Traffic.
  3. QUIC tunnel. The stealth Trojan implementation is still undetectable in the HTTP/3 era.
  4. Lite-TLS. Avoid redundant encrpytion with TLS traffics without modifying the underlying TLS library. We do things in the Trojan way, i.e., we imitate rather than create.
  5. Zero-Copy (Linux Kernel >= 5.8 is required). With Lite-TLS enabled, we can achieve maximum efficiency on both the client and server sides. Up to 60% improvement is observed in a TCP echo server based on io-uring.

License

GPL-3

Examples

Install Rust

Please follow the instructions.

Build Trojan-Oxide From Source

git clone https://github.com/3andne/trojan-oxide.git && cd ./trojan-oxide
cargo build --release

The executable binary file is ./target/release/trojan-oxide.

Build Selected Features

You can select features according to your needs; the default configuration builds both the server and client.

Server Only
cargo build --release --features server_full
Client Only
cargo build --release --features client_full
Zero Copy Feature

This feature is disabled by default since it only works on Linux with a kernel >= 5.8. The following command will build this feature.

cargo build --release --features client_full,zio
cargo build --release --features server_full,zio

Run Server

Suppose you have a server your.website.com.

  • Your TLS certificate is in "/path/to/cert/fullchain.cert".

  • Your TLS private key is in "/path/to/key/private.key".

  • You want the server to listen on port 443, and re-direct unauthenticated traffics to 80.

  • You set password to your_password. If your password contains '$', please write it as '\$'.

Then you should start the server by:

./target/release/trojan-oxide -s -w "your_password" -k "/path/to/key/private.key" -c "/path/to/cert/fullchain.cert" -u "your.website.com" -x 443 -f 80

Note that rustls (the underlying tls library) doesn't support ECC keys as of this moment. Please Follow the instructions if you have a pair of ECC keys.

Run Client

If you have a tcp-tls trojan service on your.website.com:443 with the password your_password. You can start your client by:

./target/release/trojan-oxide -w "your_password" -u you.website.com -x 443 -m t

  • the default tunnel is TCP-TLS

    • use -m q if you want to use the QUIC tunnel
    • use -m l if you want to use the Lite-TLS tunnel

  • you can also specify your server ip by:

    ./target/release/trojan-oxide -w "your_password" -u you.website.com -d 114.51.4.191 -x 443 -m t

  • The default http and socks5 port is 8888 and 8889 respectively. Please specify them by -h and -5.

Run Zero Copy Endpoints

Note that this feature only works when Linux kernel >= 5.8. Please build the client/server with zio feature first.

Then start the client in Lite-TLS mode.

./target/release/trojan-oxide -w "your_password" -u you.website.com -d 114.51.4.191 -x 443 -m l

You don't need to configure the server.

Manual

./target/release/trojan-oxide --help

USAGE:
    trojan-oxide [FLAGS] [OPTIONS] --password <password> [remote-socket-addr]

FLAGS:
        --help       
            Prints help information

    -s, --server     
            whether to start as server

    -V, --version    
            Prints version information


OPTIONS:
        --ca <ca>                              
            

    -c, --cert <cert>                          
            TLS certificate in PEM format

    -m, --connection-mode <connection-mode>    
            Connetion Mode:
            
            - t (for tcp-tls)
            
            - q (for quic)
            
            - l (for lite-tls) [default: t]
    -f, --fallback-port <fallback-port>        
            port to re-direct unauthenticated connections [default: 0]

    -k, --key <key>                            
            TLS private key in PEM format

    -h, --http_port <local-http-addr>          
            client http proxy port [default: 8888]

    -5, --socks5_port <local-socks5-addr>      
            client socks5 proxy port [default: 8889]

    -l, --log-level <log-level>                
            Log level (from least to most verbose):
            
            error < warn < info < debug < trace [default: info]
    -w, --password <password>                  
            the password to authenticate connections

    -u, --server-hostname <server-hostname>    
            Server Name Indication (sni), or Hostname [default: localhost]

    -d, --server-ip <server-ip>                
            server ip address [default: ]

    -x, --server-port <server-port>            
            server proxy port [default: 443]

About

A Rust implementation of Trojan with QUIC tunnel, Lite-TLS and more.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

32 stars

Watchers

2 watching

Forks

6 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages