How to Install Trojan on IPv6 VPS

Posted on

In this tutorial, we will install Trojan on an IPv6 VPS, moreover, we will also make IPv6 VPS accessible to both IPv4 and IPv6 networks so that you can connect from any network to your Trojan server and support SNI.

 

Requirements : Ubuntu 20.04 & IPv6

  1. If you dont have a VPS yet, you can create a free ipv6 VPS on Hax.co.id, Hax’s free VPS is hosted in Singapore so connection may be slow to EU/US except in Asia so use this server for learning only , this is my IPv6:
    2001:470:1:be9:0000:0002:098f:db26
  2. Check this tutorial for how to connect to ipv6 vps
  3. Get your IPv4 and Port by using this tool: IPv4 to access IPv6
    we will open port 1194 on our VPS so you have to set the destination is [ipv6]:1194 and the protocol is TCP, for IPv4 port, you can use any port, in this example I am using port 2233 as the image below

  4. Connect to your Virtual Machine(VM) then update your OS and install curl, nano
    apt update -y 
    apt install curl nano -y
  5. Install Xray core
    bash -c "$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)" @ install -u root
  6. Generate a self signed certificate and type in anything you like
    cd ~;openssl genrsa -out key.pem 2048
    openssl req -new -x509 -key key.pem -out cert.pem -days 4095
  7. Create trojan configuration
    rm /usr/local/etc/xray/config.json
    nano /usr/local/etc/xray/config.json

    and paste the config below, “password”:”Hax@ipv6″ is your trojan password

    {
        "log": {
            "loglevel": "none"
        },
        "inbounds": [
            {
                "port": 1194,
                "protocol": "trojan",
                "settings": {
                    "clients": [
                        {
                            "password":"Hax@ipv6",
                            "email": "admin@hax"
                        }
                    ]
                },
                "dns": {
                    "servers": [
                      "2001:67c:2b0::4",
                      "2001:67c:2b0::6"
                    ]
                },			
                "streamSettings": {
                    "network": "tcp",
                    "security": "tls",
                    "tlsSettings": {
                        "alpn": [
                            "http/1.1"
                        ],
                        "certificates": [
                            {
                                "certificateFile": "/root/cert.pem",
                                "keyFile": "/root/key.pem"
                            }
                        ]
                    }
                }
            }
        ],
        "outbounds": [
        {
          "domainStrategy": "UseIPv6",
          "tag": "direct",
          "protocol": "freedom",
          "settings": {}
        },    
        {
          "tag": "blocked",
          "protocol": "blackhole",
          "settings": {}
        }
        ]
    }
    

     

  8. Allow traffic forwarding
    echo "net.ipv6.conf.all.forwarding=1" >> /etc/sysctl.conf;
    echo "net.ipv6.conf.all.disable_ipv6=0" >> /etc/sysctl.conf;
    echo "net.ipv6.conf.default.disable_ipv6=0" >> /etc/sysctl.conf;
    sysctl -p
  9. Restart service and verify it
    service xray restart
    netstat -tulpn

  10. Connect to your Trojan Server
    Your trojan configuration will look like this, you can copy and import on any trojan app

    trojan://Hax@[email protected]:2233?sni=s.youtube.com#trojan+hax

    Hax@ipv6 is my password in step 7
    103.253.24.40:2233 is the IPv4 and port in step 3
    please set both accordingly and dont forget to change the DNS to IPv6 DNS and enable IPv6 route on your app

    2001:67c:2b0::4

     

    We have test it on Xray VPN app

See also  How to use acme.sh for issue ssl cert with ipv6