Shadowsocks
Shadowsocks is a lightweight proxy. It is based on the SOCKS5 protocol, but additionally uses encryption, which improves security and helps to bypass firewalls.
Installation
Several implementations are packaged for Arch Linux. You can install one of them:
- shadowsocks — the initial implementation written in Python.
- shadowsocks-rust — the newest and actively developed implementation written in Rust.
- go-shadowsocks2AUR, shadowsocks-goAUR — written in Go.
- shadowsocks-libev-staticAUR — written in C. No longer in development, superseded by shadowsocks-rust.
Configuration
Shadowsocks configuration is done with a JSON formatted file. See Configuration via Config File.
- To specify multiple server IPs, the following syntax can be used
"server":["1.1.1.1","2.2.2.2"],
. - To find out the fastest method running on your machine, you can benchmark with the script iperf.sh.
Usage
Client
From the command line
The client is started with the ss-local
(shadowsocks-libev) or sslocal
(shadowsocks) command. See ss-local(1)[dead link 2023-04-22] and sslocal(1).
sslocal -b 127.0.0.1:1080 --server-url ss://
Or via config file:
sslocal -c config.json
config.json
{ "remarks": "Server name", "server": "111.111.111.111", "server_port": 804, "local_port": 1080, "method": "chacha20-ietf-poly1305", "password": "server_password" }
Daemon management
The Shadowsocks client can be controlled with an instance of shadowsocks@.service
(shadowsocks) or shadowsocks-libev@.service
(shadowsocks-libev) through systemctl. To use the configuration file /etc/shadowsocks/config.json
, start and enable shadowsocks-libev-server@config.service
or shadowsocks-server@config.service
.
You may also be interested in running an instance of shadowsocks@
or shadowsocks-libev@
after the network is up.
Server
From the command line
The server is started with the ss-server
(shadowsocks-libev) or ssserver
(shadowsocks) command. See ss-server(1)[dead link 2023-04-22] and ssserver(1).
Daemon management
The Shadowsocks server can be controlled with an instance of shadowsocks-rust-server@.service
(shadowsocks-rust) or shadowsocks-server@.service
(shadowsocks). To use the configuration file /etc/shadowsocks/config.json
, start and enable shadowsocks-rust-server@config.service
or shadowsocks-server@config.service
.
To bind Shadowsocks to a privileged port (less than 1024
), the server should be started as user root:
/etc/systemd/system/shadowsocks-server@.service.d/start-as-root.conf
[Service] User=root
Tips and tricks
Performance optimization
- Use common ports such as
443
. The Great Firewall checks relatively few commonly used ports to reduce stress. - Enable TCP Fast Open.
- Enable BBR.
- Install python-gevent to increase the speed of shadowsocks.
- Optimize kernel parameters, see Optimizing Shadowsocks.
Encryption
See AEAD Ciphers[dead link 2023-05-20 ⓘ].
Installing the python-m2cryptoAUR package will make encryption a little faster.
To use Salsa20 or ChaCha20 ciphers, install the libsodium package.
See also
- Shadowsocks Home Page
- GitHub project (shadowsocks)
- GitHub project (shadowsocks-rust)
- GitHub project (shadowsocks-libev)
- Python package
- GitHub wiki (some suggestions for optimization)