Difference between revisions of "Shadowsocks"

From ArchWiki
Jump to: navigation, search
(Setup: Add link to manpage about JSON syntax, example JSON is NOT included in package)
m (add info about Github wiki page link)
Line 6: Line 6:
 
== Installation ==
 
== Installation ==
  
[[Install]] the package {{Pkg|shadowsocks-libev}} or {{pkg|shadowsocks}}.
+
[[Install]] the package {{Pkg|shadowsocks-libev}}(c++) or {{pkg|shadowsocks}}(python).
  
 
== Setup ==
 
== Setup ==
Line 127: Line 127:
 
* [http://shadowsocks.org Shadowsocks website]
 
* [http://shadowsocks.org Shadowsocks website]
 
* [https://pypi.python.org/pypi/shadowsocks Python package]
 
* [https://pypi.python.org/pypi/shadowsocks Python package]
* [https://github.com/shadowsocks/shadowsocks/wiki GitHub wiki]
+
* [https://github.com/shadowsocks/shadowsocks/wiki GitHub wiki] (some suggestions for optimization)
 
* [https://github.com/shadowsocks-backup/shadowsocks Backup GitHub project] (the original project has been "removed according to regulations" in August 2015)
 
* [https://github.com/shadowsocks-backup/shadowsocks Backup GitHub project] (the original project has been "removed according to regulations" in August 2015)

Revision as of 09:44, 16 March 2018

Shadowsocks is a lightweight socks5 proxy, originally written in Python.

Installation

Install the package shadowsocks-libev(c++) or shadowsocks(python).

Setup

Shadowsocks configuration may be done with a JSON formatted file. Example configuration:

/etc/shadowsocks/example.json
{
    "server":"my_server_ip",
    "server_port":8388,
    "local_address": "127.0.0.1",
    "local_port":1080,
    "password":"mypassword",
    "timeout":300,
    "method":"chacha20-ietf-poly1305",
    "fast_open": false,
    "workers": 1
}
Tip: To specify multiple server IPs, the following syntax can be used "server":["1.1.1.1","2.2.2.2"],
Tip: To find out the fastest method running on your machine, you can benchmark with the script[1]
Name Explanation
server the address your server listens
server_port server port
local_address the address your local listens
local_port local port
password password used for encryption
timeout in seconds
method see Encryption
fast_open use TCP-Fast-Open, true / false
workers number of workers
Tip: refer to CONFIG FILE section of shadowsocks-libev(8) for JSON syntax


Client

Warning: The udns package is used as a stub resolver for DNS. In order to prevent DNS request leaking of client applications (like browsers), further applications must be employed. For example, privoxy or a full DNS resolver on the client.[2] [3]

From the command line

The client is started with the ss-local command. To start it using the configuration file /etc/shadowsocks/config.json:

$ ss-local -c /etc/shadowsocks/config.json

Alternatively, the configuration may be specified directly on the command:

$ ss-local -s server_address -p server_port -l local_port -k password -m encryption_method

To use verbose log, add -v to the command:

$ ss-local -s server_address -p server_port -l local_port -k password -m encryption_method -v

Using systemd

The Shadowsocks client can be controlled with an instance of shadowsocks@.service.

For example, to start and enable the service using the configuration file /etc/shadowsocks/config.json, use the service shadowsocks-libev@config.service.

GUI client

Install shadowsocks-qt5.

Server

From the command line

The server is started with the ss-server(shadowsocks-libev) or ssserver(shadowsocks) command.

To start it in the foreground using the configuration file /etc/shadowsocks/config.json:

shadowsocks-libev

$ ss-server -c /etc/shadowsocks/config.json

shadowsocks

$ ssserver -c /etc/shadowsocks/config.json

To run in the background:

shadowsocks-libev

$ ss-server -c /etc/shadowsocks/config.json -d start
$ ss-server -c /etc/shadowsocks/config.json -d stop

shadowsocks

$ ssserver -c /etc/shadowsocks/config.json -d start
$ ssserver -c /etc/shadowsocks/config.json -d stop

Using systemd

The Shadowsocks server can be controlled with an instance of shadowsocks-server@.service.

For example, to start and enable the service using the configuration file /etc/shadowsocks/config.json, use the service shadowsocks-libev-server@config.service(shadowsocks-libev) or shadowsocks-server@config.service(shadowsocks).

To bind Shadowsocks to a privileged port (less than 1024), the server should be started as user root:

/etc/systemd/system/shadowsocks-server@.service.d/start-as-root.conf
[Service]
User=root

Encryption

Installing the python2-m2crypto package will make encryption a little faster.

To use Salsa20 or ChaCha20 cyphers, install the libsodium package.

See also