trojan-go icon indicating copy to clipboard operation
trojan-go copied to clipboard

Published 20 hours ago verified publisher icon p4gefau1t

Can wireguard run through trojan-go?

Open buttbuddy2020 opened this issue 4 years ago • 2 comments

Some people run openvpn through proxies like shadowsocks or obfs4. Is the same possible with trojan-go + wireguard? I did not have any luck up to now. But maybe something is wrong with my config. I used the the local proxy address as endpoint in the wireguard config. Packets make it through, but on the remote end they seem to be garbled. At least I could not get a handshake yet. On the local machine where I start the wireguard connection I see an error in the log file of trojan-go: " socks failed to parse incoming packet | invalid ATYP 0 " So the problems already seem to start on the local machine.

Trojan-go version 0.8.2 for linux amd64, server is nginx.

Server config:

{ "run_type": "server", "local_addr": "0.0.0.0", "local_port": 443, "remote_addr": "127.0.0.1", "remote_port": 8080, "log_level": 0, "log_file": "/var/log/trojan_server.log", "password": [ "supersecret" ], "disable_http_check": true, "udp_timeout": 60, "ssl": { "cert": "/etc/server.crt", "key": "/etc/server.key", "fallback_port": 8443 }, "router": { "enabled": true, "bypass": [], "proxy": [], "block": [], "default_policy": "proxy", "domain_strategy": "as_is" } }

Client config:

{ "run_type": "client", "local_addr": "127.0.0.1", "local_port": 80, "remote_addr": "mydomain.com", "remote_port": 443, "log_level": 0, "log_file": "/var/log/trojan_client.log", "password": [ "supersecret" ], "ssl": { "cert": "/etc/server.crt", "verify": true, "verify_hostname": true, "sni": "mydomain.com", "prefer_server_cipher": false, "fingerprint": "firefox" } }

Wireguard on the server:

ip link add dev wg0 type wireguard ifconfig wg0 inet 172.16.0.1 netmask 255.255.255.0 wg set wg0 listen-port 8080 private-key serverpriv.key peer ${clientkey} allowed-ips 172.16.0.2

Wireguard on the client:

ip link add dev wg0 type wireguard ifconfig wg0 inet 172.16.0.2 netmask 255.255.255.255 wg set wg0 listen-port 8080 private-key clientpriv.key peer ${peerkey} endpoint 127.0.0.1:80 allowed-ips 0.0.0.0/0

ping -I wg0 172.16.0.1 from the client to the server gives above error. I'm not sure if the wireguards ports are correct, in particular the listen port.

Trojan-go alone works fine, also wireguard with a direct connection.

buttbuddy2020 avatar Dec 14 '20 22:12 buttbuddy2020

Confirmed works fine with WireGuard. You can try setup wireguard and trojan-go with wg-ops for a easier life. 😉

Kiritow avatar Feb 06 '22 22:02 Kiritow

Confirmed works fine with WireGuard. You can try setup wireguard and trojan-go with wg-ops for a easier life. 😉

Hi do you have any tutorials for it?

Stevemoretz avatar Dec 20 '22 10:12 Stevemoretz