Shadowsocks

Shadowsocks is a lightweight socks5 proxy, written in python.

Installation

Install the shadowsocks package.

Setup

Shadowsocks configuration may be done with a JSON formatted file. The following example configuration is included in the package:

/etc/shadowsocks/example.json
{
    "server":"my_server_ip",
    "server_port":8388,
    "local_address": "127.0.0.1",
    "local_port":1080,
    "password":"mypassword",
    "timeout":300,
    "method":"aes-128-ctr",
    "fast_open": false,
    "workers": 1
}
Tip: To specify multiple server IPs, the following syntax can be used "server":["1.1.1.1","2.2.2.2"],
Tip: If CPU does not support AES hardware acceleration, please use "method":"chacha20",
Name Explanation
server the address your server listens
server_port server port
local_address the address your local listens
local_port local port
password password used for encryption
timeout in seconds
method default: "aes-256-cfb", see Encryption
fast_open use TCP-Fast-Open, true / false
workers number of workers

To adjust the logging level, the option "verbose": value may be added, with one of the following value:

  • 2: full logging
  • 1: debug
  • 0: default
  • -1: warnings
  • -2: errors

Client

From the command line

The client is started with the sslocal command. To start it using the configuration file /etc/shadowsocks/config.json:

$ sslocal -c /etc/shadowsocks/config.json

Alternatively, the configuration may be specified directly on the command:

$ sslocal -s server_address -p server_port -l local_port -k password -m encryption_method

Using systemd

The Shadowsocks client can be controlled with an instance of shadowsocks@.service.

For example, to start and enable the service using the configuration file /etc/shadowsocks/config.json, use the service shadowsocks@config.service.

GUI client

Install shadowsocks-qt5AUR.

Server

From the command line

The server is started with the ssserver command.

To start it in the foreground using the configuration file /etc/shadowsocks/config.json:

$ ssserver -c /etc/shadowsocks/config.json

To run in the background:

$ ssserver -c /etc/shadowsocks/config.json -d start
$ ssserver -c /etc/shadowsocks/config.json -d stop

Using systemd

The Shadowsocks server can be controlled with an instance of shadowsocks-server@.service.

For example, to start and enable the service using the configuration file /etc/shadowsocks/config.json, use the service shadowsocks-server@config.service.

To bind Shadowsocks to a privileged port (less than 1024), the server should be started as user root:

/etc/systemd/system/shadowsocks-server@.service.d/start-as-root.conf
[Service]
User=root

Encryption

Installing the python2-m2crypto package will make encryption a little faster.

To use Salsa20 or ChaCha20 cyphers, install the libsodium package.

See also