Shadowsocks

From ArchWiki
Jump to: navigation, search

Shadowsocks is a lightweight socks5 proxy, Originally written in Python.

Installation

Install the package shadowsocks-libev or shadowsocks.

Setup

Shadowsocks configuration may be done with a JSON formatted file. The following example configuration is included in the package:

/etc/shadowsocks/example.json
{
    "server":"my_server_ip",
    "server_port":8388,
    "local_address": "127.0.0.1",
    "local_port":1080,
    "password":"mypassword",
    "timeout":300,
    "method":"chacha20-ietf-poly1305",
    "fast_open": false,
    "workers": 1
}
Tip: To specify multiple server IPs, the following syntax can be used "server":["1.1.1.1","2.2.2.2"],
Tip: To find out the fastest method running on your machine, you can benchmark with the script[1]
Name Explanation
server the address your server listens
server_port server port
local_address the address your local listens
local_port local port
password password used for encryption
timeout in seconds
method see Encryption
fast_open use TCP-Fast-Open, true / false
workers number of workers


Client

Warning: The udns package is used as a stub resolver for DNS. In order to prevent DNS request leaking of client applications (like browsers), further applications must be employed. For example, privoxy or a full DNS resolver on the client.[2] [3]

From the command line

The client is started with the ss-local command. To start it using the configuration file /etc/shadowsocks/config.json:

$ ss-local -c /etc/shadowsocks/config.json

Alternatively, the configuration may be specified directly on the command:

$ ss-local -s server_address -p server_port -l local_port -k password -m encryption_method

To use verbose log, add -v to the command:

$ ss-local -s server_address -p server_port -l local_port -k password -m encryption_method -v

Using systemd

The Shadowsocks client can be controlled with an instance of shadowsocks@.service.

For example, to start and enable the service using the configuration file /etc/shadowsocks/config.json, use the service shadowsocks-libev@config.service.

GUI client

Install shadowsocks-qt5.

Server

From the command line

The server is started with the ss-server(shadowsocks-libev) or ssserver(shadowsocks) command.

To start it in the foreground using the configuration file /etc/shadowsocks/config.json:

shadowsocks-libev

$ ss-server -c /etc/shadowsocks/config.json

shadowsocks

$ ssserver -c /etc/shadowsocks/config.json

To run in the background:

shadowsocks-libev

$ ss-server -c /etc/shadowsocks/config.json -d start
$ ss-server -c /etc/shadowsocks/config.json -d stop

shadowsocks

$ ssserver -c /etc/shadowsocks/config.json -d start
$ ssserver -c /etc/shadowsocks/config.json -d stop

Using systemd

The Shadowsocks server can be controlled with an instance of shadowsocks-server@.service.

For example, to start and enable the service using the configuration file /etc/shadowsocks/config.json, use the service shadowsocks-libev-server@config.service(shadowsocks-libev) or shadowsocks-server@config.service(shadowsocks).

To bind Shadowsocks to a privileged port (less than 1024), the server should be started as user root:

/etc/systemd/system/shadowsocks-server@.service.d/start-as-root.conf
[Service]
User=root

Encryption

Installing the python2-m2crypto package will make encryption a little faster.

To use Salsa20 or ChaCha20 cyphers, install the libsodium package.

See also