Shadowsocks

This article or section needs expansion.

Reason: See zh-hans:Shadowsocks#为其它程序配置代理. (Discuss in Talk:Shadowsocks)

Shadowsocks is a lightweight proxy. It is based on the SOCKS5 protocol, but additionally uses encryption, which improves security and helps to bypass firewalls.

Installation

Install the shadowsocks-rust package.

Alternative implementations

shadowsocks-go^AUR — written in Go.
shadowsocks-git^AUR — written in Python. No longer in development.
shadowsocks-libev-static^AUR — written in C. No longer in development.
go-shadowsocks2^AUR — written in Go. No longer in development.

Configuration

Shadowsocks configuration is done with a JSON formatted file. See Configuration via Config File.

Tip

To specify multiple server IPs, the following syntax can be used "server":["1.1.1.1","2.2.2.2"],.
To find out the fastest method running on your machine, you can benchmark with the script iperf.sh.

Usage

Client

Warning The udns package is used as a stub resolver for DNS. In order to prevent DNS request leaking of client applications (like browsers), further applications must be employed. For example, privoxy or a full DNS resolver on the client. [1] [2]

From the command line

The client is started with the ss-local (shadowsocks-libev) or sslocal (shadowsocks, shadowsocks-rust) command, see sslocal(1) for details:

sslocal -b 127.0.0.1:1080 --server-url ss://

Or via config file:

sslocal -c config.json

config.json

{
 "remarks": "Server name",
 "server": "111.111.111.111",
 "server_port": 804,
 "local_port": 1080,
 "method": "chacha20-ietf-poly1305",
 "password": "server_password"
}

Daemon management

The Shadowsocks client can be controlled with an instance of shadowsocks@.service (shadowsocks) or shadowsocks-libev@.service (shadowsocks-libev) through systemctl. To use the configuration file /etc/shadowsocks/config.json, start and enable shadowsocks-libev-server@config.service or shadowsocks-server@config.service.

You may also be interested in running an instance of shadowsocks@ or shadowsocks-libev@ after the network is up.

Server

From the command line

The server is started with the ss-server (shadowsocks-libev) or ssserver (shadowsocks, shadowserver-rust) command, see the ssserver(1) manual.

Daemon management

The Shadowsocks server can be controlled with an instance of shadowsocks-rust-server@.service (shadowsocks-rust) or shadowsocks-server@.service (shadowsocks). To use the configuration file /etc/shadowsocks/config.json, start and enable shadowsocks-rust-server@config.service or shadowsocks-server@config.service.

To bind Shadowsocks to a privileged port (less than 1024), the server should be started as user root:

/etc/systemd/system/shadowsocks-server@.service.d/start-as-root.conf

[Service]
User=root

Tips and tricks

Performance optimization

Use common ports such as 443. The Great Firewall checks relatively few commonly used ports to reduce stress.
Enable TCP Fast Open.
Enable BBR.
Install python-gevent to increase the speed of shadowsocks.
Optimize kernel parameters, see Optimizing Shadowsocks.

Encryption

See AEAD Ciphers.

Installing the python-m2crypto^AUR package will make encryption a little faster.

To use Salsa20 or ChaCha20 ciphers, install the libsodium package.

Installation

Alternative implementations

Configuration

Usage

Client

From the command line

Daemon management

Server

From the command line

Daemon management

Tips and tricks

Performance optimization

Encryption

See also