How To Easily Install Trojan GFW on Ubuntu - A Step by Step Tutorial

Note: If you are struggling with VPN installations, or simply do not have time, head over to installvpx, where you can get VPN installed on your server for FREE. You can find more information on installvpx.com.

    Contents

  1. What is trojanGFW?
  2. Choosing VPS
  3. Installing trojanGFW
  4. Managing trojanGFW
  5. trojanGFW Clients
en English
ar Arabiczh-CN Chinese (Simplified)nl Dutchen Englishfr Frenchde Germanit Italianfa Persianpt Portugueseru Russianes Spanishtr Turkish

What is trojanGFW?

The developers of the trojan GFW give us following description:
An unidentifiable mechanism that helps you bypass GFW. Trojan features multiple protocols over TLS to avoid both active/passive detections and ISP QoS limitations. Trojan is not a fixed program or protocol. It’s an idea, an idea that imitating the most common service, to an extent that it behaves identically, could help you get across the Great FireWall permanently, without being identified ever. On penetrating GFW, people assume that strong encryption and random obfuscation may cheat GFW’s filtration mechanism. However, trojan implements the direct opposite: it imitates the most common protocol across the wall, HTTPS, to trick GFW into thinking that it is HTTPS.
So, at the core trojan GFW is also an encrypted proxy, which makes it similar to v2ray. According to the v2ray developers trojan GFW is similar to v2ray+ws+cdn. Here are similarities between the two protocols (v2ray+ws+cdn and trojanGFW):
  • both are encrypted proxies
  • both can use CDN
  • both claim to be hard to get detected by GFW like firewalls
  • both have good speed
Also, these are differences between the two:
  • v2ray supports TCP and UDP (Skype, WhatsApp etc calls), whereas trojan GFW supports only TCP
  • v2ray is supported by many 3rd party apps, whereas for now there are not many apps that support trojan GFW
Similar to v2ray+ws+cdn, trojan GFW also hides your VPS IP address behind an IP address from a major CDN provider like Cloudflare, as a result most ISPs do not block those IP addresses. If you are interested in v2ray setup tutorial, you can check the previous tutorial. Trojan GFW has several simple installation scripts. For this tutorial I am using johnrosen1’s script, which includes many bonuses like multi-user panel, dnsmasq, automatically issues and renewes SSL, mail, fail2ban, fake website and etc.

Choosing a VPS

You should:
  • Before making a payment ping an IP address of the VPS provider. Look for looking glass pages.
  • Prefer hourly billing VPS services
  • Prefer less popular VPS services
  • Check for ratings and user reviews
  • Prefer KVM virtualization
  • Use a VPN when using Putty or an alternative SSH programme, to prevent IP address blocking

I have used these VPS services:

  1. Vultr – hourly billing – starting from $3.5 per month – vultr.com (get a $100 bonus)
  2. DigitalOcean – hourly billing – starting from $5 per month – digitalocean.com (get a $100 bonus)
  3. RackNerd – monthly billing – starting from $2 per month (annual subscription) – racknerd.com
  4. Contabo – monthly billing – starting from € 3.99 per month  – contabo.com
  5. Ramnode – hourly billing – starting from $3 per month – ramnode.com

Installing trojanGFW

Thanks to the one-command script by johnrosen1, you can install trojanGFW easily, even if you are not familiar with Linux commands. 

You need to have Ubuntu and Debian. This guide will be for Ubuntu.

The setup consists of two parts. 

First, you need to purchase a domain and configure Cloudflare. Second, install the trojanGFW script.

Part one – domain name and Cloudflare

You will need:
  • A domain name
  • A Cloudflare account
  • Point your nameservers to Cloudflare
  • Point your VPS IP to your domain name

To get an SSL certificate, you need a domain name (www.example.com), preferably a paid one from providers like namecheap or porkbun, and a Cloudflare account. Both Porkbun and Namecheap have free Whois Guard. When it comes to pricing, Porkbun has an upper hand, you can find domain names for under $3 per year. Please do check the renewal prices before purchasing a domain.

 1. Nameservers configuration

When adding your domain name to your Cloudflare account, Cloudflare will ask you to redirect your nameservers. It will be something like this: 
example1.ns.cloudflare.com
example2.ns.cloudflare.com
You need to copy those from Cloudflare to your domain name registrar (ex: namecheap.com). On Namecheap you can find it on Domain List > Manage > Nameservers. Change the DNS to Custom DNS and add Cloudflare nameservers. After a while, Cloudflare will inform you that the setup is done.,
cloudflare_account_setup
cloudflare_account_setup2
namecheap_DNS
2. Connecting your domain name to the VPS IP address
On Cloudflare,
  1. Go to DNS Management
  2. Press “Add Record”
  3. Type your sub-domain name or domain name to “Name”  (ex: write test for test.example.com or @ for example.com)
  4. Write your VPS IP to “IPv4 address”.
  5. Make sure the color of “Proxy status” is gray and says DNS Only. (You should change it to Proxied after installing trojanGFW to use CDN)
And lastly change SSL/TLS mode to Full or Full (strict).
cloudflare_DNS
cloudflare_SSL

Part two – install trojanGFW

Now SSH to your VPS using Putty.

  1. 1. Check firewall status, enable firewall if inactive and open ports 80 and 443
sudo ufw status verbose
sudo ufw enable
sudo ufw allow http
sudo ufw allow https
  1. 2. Install updates, curl and the trojanGFW.
sudo apt-get update && apt-get install sudo curl -y && curl -Ss https://raw.githubusercontent.com/johnrosen1/vpstoolbox/master/vps.sh | sudo bash

 1. 3. Next, several steps of trojanGFW installation.

1. You will be asked to choose system language. 
Select ENGLISH 
2. Accept MIT License. 
Select YES
3. VPS Toolbox Menu.  
Select INSTALL
trojan_guide_part1 
4. What do you want to install?
Select 1,3,4,5,6,7,13,15,16
You can choose others as well, if you want to install them
5. Enter your domain name or subdomain.
yourdomain.com

 

6. You will be asked enter trojan profile one and profile two passwords.
password1 and password2
7. Netdata, Qbittorrent etc. directory
Press OK (no need to change anything)
8. You are asked whether you want to enter your CDN API
 and email address key for SSL certificate.
Choose YES, then choose Cloudflare, then copy your Cloudflare API key.
Next, enter your Cloudflare email address.
To get the API go to Cloudflare -> My Profile -> API -> Global API key
trojan_guide_part3
trojan_guide_part4

 

9. Reboot server.
Select YES

And, that is it for the installation part.

Managing  trojan GFW

Adding a user

After the setup is complete, you can see which services are active on your server. Also, there will be link to a guide.  On my example it is as following: 
https://domain.com/test.html
In that guide, you can find your link for the trojan GFW web panel. To add a user, you need to go to “Register”, press add button and fill in the blanks according to  your preferences.
  • Username – here you can write anything you want, needed for trojanGFW
  • Email – you can write here made up email, but do not forget it
  • Password – atleast 6 characters, needed for trojanGFW
The first user account you register, is the Admin, with this user you can manage other users and set bandwidth usage limit. To add more users, just repeat the registration process.
When using trojanGFW on a device, for example Android, you need following:
  • Domain/subdomain – example.com
  • Port – 443
  • Pasword – Username:Password
I would like to thank the developers for this easy trojanGFW multi-user management panel. 
trojan_guide_18
trojangfw_webpanel

Installing trojan GFW Client on Your Devices

trojanGFW apps for Android

You can use trojan on several apps on Android, and all of them are available for free on Google Play.

  • Igniter (Official)
  • Clash for Android
  • Trojan
 

trojanGFW apps for iOS

On your you can use trojan only by buying paid apps.

  • ShadowRocket
  • PharosPro

trojanGFW clients for Windows and macOS

For your Windows or mac, you can choose one of these clinets on Github.

 

VPN services that offer trojanGFW

Sometimes IP blocks are so often that you may want a solution without a hassle and go for a paid option. If that is the case for you, caonima.io which focuses on users in China offers trojanGFW, along with other VPN protocols. Wanna check other VPNs? Head over to the VPN Comparison Table, and find the best VPN that fits you.