[User Guide] How can I use the experimental features？

[MQSDREAM]

How can I use the experimental features？ Do I need to set more configuration？

[MQSDREAM]

I mean can I use the experimental features with trojan plus server-end and orgin trojan client-end, only set the experimental configuration on server-end

[yuchting]

Trojan plus' experimental features need to be enabled both server-end and client-end, so if you want to use them, please update both ends into trojan plus.

If you don't use/enable experimental features, you can use trojan plus in single end to adapt original trojan.

[MQSDREAM]

Hello, I'm here again 1.my router run in nat, nothing I need change or add in router trojan config file , trojan plus will support nat udp, the options as following just change the performance of nat udp, and the options just be used on client end ? does the ssl verify must be false?

udp_socket_buf
udp_forward_socket_buf
udp_recv_buf

2.Does the experimental configs work in nat mode, the experimental configs should be added on both server end and client end or just on client end is enough , the ping value maybe different between from server to client and from client to server does the dpipeline_ack_window to need be set different value on sever and client

3.my router run in nat, does the pipeline_proxy_icmp just need to be set on router , server need to be added nothing Will it work, just run iptables commands as fowllowing on router ? Does it not to need change some config of iptables command?

ip route add local 0/0 dev lo table 100
ip rule add fwmark 1 lookup 100

iptables -t mangle -N ICMP_PROXY

iptables -t mangle -A ICMP_PROXY -p icmp -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -p icmp -j ICMP_PROXY

[MQSDREAM]

how can I debug pipeline feature？ I set the feature option on both server and client , client is router ,run_type nat Detail feature option as flollowing

"experimental":{
  "pipeline_num" : 1,
  "pipeline_ack_window" : 500,
  "pipeline_proxy_icmp": false
}

If I enable pipeline set pipeline_num greater than 0 , the connection would fail , can't ping google

[yuchting]

Sorry for delay

and the options just be used on client end ? does the ssl verify must be false?

udp_socket_buf udp_forward_socket_buf udp_recv_buf

_udp_socket_buf_ and _udp_recvbuf are both effect in client and server, _udp_forward_socket_buf_ is effect only in client in nat and forward type.

I highly recommend don't change them, delete them from your config.

does the ssl verify must be false?

And more important, if you use trojan/trojan-plus to pass through the real gfw, please DO set _ssl_verify_ true!

Does the experimental configs work in nat mode, the experimental configs should be added on both server end and client end or just on client end is enough ,

Please copy experimental configs to both in client and server , if you change one item of them, copy them both client and server.

_pipeline_proxy_icmp_ only works in pipeline mode. Pipeline mode can works in nat/client/forward/server run_type.

Oops, _ pipeline_loadbalance_configs_ works only in client, please don't copy it to server's config.

3.my router run in nat, does the pipeline_proxy_icmp just need to be set on router , server need to be added nothing Will it work, just run iptables commands as fowllowing on router ? Does it not to need change some config of iptables command?

if you want to proxy icmp packet, you must know how to use iptables to forward UDP packet. If you don't know the principle of transfer/redirect UDP packet from out of route tables to local, please don't set _pipeline_proxy_icmp_ as true.

how can I debug pipeline feature？

you can set _log_level_ of config as 0, and paste log here, I will check for you.

[MQSDREAM]

thank you I wanna run proxy on my router for passing gfw and boosting game. so I want a transparent proxy and nat type full cone. but sorry I forgot to ask you ，does trojan plus support？ and what is the nat type in your internet environment ？maybe I got a wrong way，If trojan plus not support，I would not try to debug the prombles of trojan plus in my net environment. Maybe I will try trojan plus again in the future，but not now And thank you for the support again

[yuchting]

Let me tell you my story.

I used ss-redir (ss-libev) + iptables to compose a transparent proxy in my home local net before 2 years ago, of course I used a software-router, actually, it's a ITX desktop linux system gateway.

Transparent proxy is hard to understand and hard to establish by myself, so at that time, I spent a lot of time on it, here's a simple document I referenced: https://github.com/shadowsocks/shadowsocks-libev#transparent-proxy

Transparent proxy difficult point is NOT proxy softwares, it's on config environment such as iptables, ip set, dnsmasq and so on.

Now I know a lot of tools, such as openwrt, can configure it very easily.

When I know original trojan project, I love it and want to replace my old ss-redir, but failed, because the original trojan cannot support UDP redirect by NAT, so I spent 2 weeks time to develop a new feature for original trojan to support UDP Full Cone redirect/forward, but the author didn't accept my feature, so I create this trojan-plus project and try to develop a lot new feature for this bypass gfw proxy tools.

I'm very sure to trojan-plus can support Full Cone UDP forwarding, I'm using it with my transparent proxy gateway in NAT type, using pipeline mode, loadbalance mode(I have two remote servers), and proxy ICMP, it's running more effective than ss-redir if you know how to configure it.

I'm sorry I won't write any document about how to config a transparent proxy, you might know the reasons.

PS. I'm a game developer, so I know how important UPD forwarding is for gaming ;)

[MQSDREAM]

thank you I will keep tring on trojan plus I just learn a little about iptables yesterday, not quite understand is that the fast way to get nat full cone switch my meilin router to a openwrt soft router and copy your network setting But meilin support all iptables setting ,maybe I can build transparent proxy on it For reason I know, do you have a telegram group?

[yuchting]

I'm very sorry about that, I haven't telegram and I'm afraid I can't help you about Meilin/OpenWrt system, because I haven't used them before.

Here issues list all questions will be about trojan/trojan-plus compiling and configure and bug and so on, not include any others out of these subjects.