Shadowsocks

Shadowsocks is a lightweight socks5 proxy, Originally written in Python.

Installation

Install the shadowsocks-libev package.

Setup

Shadowsocks configuration may be done with a JSON formatted file. The following example configuration is included in the package:

/etc/shadowsocks/example.json
{
    "server":"my_server_ip",
    "server_port":8388,
    "local_address": "127.0.0.1",
    "local_port":1080,
    "password":"mypassword",
    "timeout":300,
    "method":"chacha20-ietf-poly1305",
    "fast_open": false,
    "workers": 1
}
Tip: To specify multiple server IPs, the following syntax can be used "server":["1.1.1.1","2.2.2.2"],
Tip: To find out the fastest method running on your machine, you can benchmark with the script[1]
Name Explanation
server the address your server listens
server_port server port
local_address the address your local listens
local_port local port
password password used for encryption
timeout in seconds
method see Encryption
fast_open use TCP-Fast-Open, true / false
workers number of workers

To adjust the logging level, the option "verbose": value may be added, with one of the following value:

  • 2: full logging
  • 1: debug
  • 0: default
  • -1: warnings
  • -2: errors

Client

From the command line

The client is started with the ss-local command. To start it using the configuration file /etc/shadowsocks/config.json:

$ ss-local -c /etc/shadowsocks/config.json

Alternatively, the configuration may be specified directly on the command:

$ ss-local -s server_address -p server_port -l local_port -k password -m encryption_method

Using systemd

The Shadowsocks client can be controlled with an instance of shadowsocks@.service.

For example, to start and enable the service using the configuration file /etc/shadowsocks/config.json, use the service shadowsocks-libev@config.service.

GUI client

Install shadowsocks-qt5.

Server

From the command line

The server is started with the ss-server command.

To start it in the foreground using the configuration file /etc/shadowsocks/config.json:

$ ss-server -c /etc/shadowsocks/config.json

To run in the background:

$ ss-server -c /etc/shadowsocks/config.json -d start
$ ss-server -c /etc/shadowsocks/config.json -d stop

Using systemd

The Shadowsocks server can be controlled with an instance of shadowsocks-server@.service.

For example, to start and enable the service using the configuration file /etc/shadowsocks/config.json, use the service shadowsocks-libev-server@config.service.

To bind Shadowsocks to a privileged port (less than 1024), the server should be started as user root:

/etc/systemd/system/shadowsocks-server@.service.d/start-as-root.conf
[Service]
User=root

Encryption

Installing the python2-m2crypto package will make encryption a little faster.

To use Salsa20 or ChaCha20 cyphers, install the libsodium package.

See also