Quick Guide – Shadowsocks
Config FileShadowsocks accepts JSON format configs like this:{
“server”:”my_server_ip”,
“server_port”:8388,
“local_port”:1080,
“password”:”barfoo! “,
“method”:”chacha20-ietf-poly1305″}Explanation of each field:server: your hostname or server IP (IPv4/IPv6). server_port: server port number. local_port: local port ssword: a password used to encrypt encryption method. Encryption MethodThe strongest option is an AEAD cipher. The recommended choice is “chacha20-ietf-poly1305” or “aes-256-gcm”. Other stream ciphers are implemented but do not provide integrity and authenticity. Unless otherwise specified the encryption method defaults to “table”, which is not and QR codeShadowsocks for Android / iOS also accepts BASE64 encoded URI format configs: ssBASE64-ENCODED-STRING-WITHOUT-PADDING#TAGWhere the plain URI should be: ssmethod:[email protected]:portNote that the above URI doesn’t follow RFC3986. It means the password here should be plain text, not example, we have a server at 192. 168. 100. 1:8888 using bf-cfb encryption method and password test/[email protected]#:. Then, with the plain URI ssbf-cfb:test/[email protected]#:@192. 1:8888, we can generate the BASE64 encoded URI: > ( “ss” + btoa(“bf-cfb:test/[email protected]#:@192. 1:8888”))
ssYmYtY2ZiOnRlc3QvIUAjOkAxOTIuMTY4LjEwMC4xOjg4ODgTo help organize and identify these URIs, you can append a tag after the BASE64 encoded string: ssYmYtY2ZiOnRlc3QvIUAjOkAxOTIuMTY4LjEwMC4xOjg4ODg#example-serverThis URI can also be encoded to QR code. Then, just scan it with your Android / iOS devices:Try it yourselfSIP002There is also a new URI scheme proposed in SIP002. Any client or server which supports SIP003 plugin should use SIP002 URI scheme instead.
Shadowsocks – ArchWiki
Shadowsocks is a lightweight socks5 proxy, originally written in Python.
Installation
Install the package shadowsocks-libev(c) or shadowsocks(python). shadowsocks-libev is recommended.
Setup
Shadowsocks configuration may be done with a JSON formatted file. Example configuration:
/etc/shadowsocks/
{
“server”: “my_server_ip”,
“server_port”: 8388,
“local_address”: “127. 0. 1”,
“local_port”: 1080,
“password”: “mypassword”,
“timeout”: 300,
“method”: “chacha20-ietf-poly1305”,
“fast_open”: false,
“workers”: 1}
Tip: To specify multiple server IPs, the following syntax can be used “server”:[“1. 1. 1”, “2. 2. 2”],
Tip: To find out the fastest method running on your machine, you can benchmark with the script
Name
Explanation
server
the address your server listens
server_port
server port
local_address
the address your local listens
local_port
local port
password
password used for encryption
timeout
in seconds
method
see Stream Ciphers and AEAD Ciphers
fast_open
use TCP-Fast-Open, true / false
workers
number of workers
Client
Warning: The udns package is used as a stub resolver for DNS. In order to prevent DNS request leaking of client applications (like browsers), further applications must be employed. For example, privoxy or a full DNS resolver on the client. [1] [2]
From the command line
The client is started with the ss-local command.
To start it using the configuration file /etc/shadowsocks/
$ ss-local -c /etc/shadowsocks/
Alternatively, the configuration may be specified directly on the command:
$ ss-local -s server_address -p server_port -l local_port -k password -m encryption_method
To use verbose log, add -v to the command:
$ ss-local -s server_address -p server_port -l local_port -k password -m encryption_method -v
Using systemd
Make sure that the configuration file is in /etc/shadowsocks. For example, the configuration file is /etc/shadowsocks/
The Shadowsocks client can be controlled with an instance of rvice or rvice through systemctl. You may also be interested in running an instance of [email protected] after the network is up.
Tip: Run journalctl -u [email protected] as root to see the logs.
GUI client
Install shadowsocks-qt5.
Server
The server is started with the ss-server(shadowsocks-libev) or ssserver(shadowsocks) command.
To start it in the foreground using the configuration file /etc/shadowsocks/
shadowsocks-libev
$ ss-server -c /etc/shadowsocks/
shadowsocks
$ ssserver -c /etc/shadowsocks/
To run in the background:
$ ss-server -c /etc/shadowsocks/ -d start
$ ss-server -c /etc/shadowsocks/ -d stop
$ ssserver -c /etc/shadowsocks/ -d start
$ ssserver -c /etc/shadowsocks/ -d stop
The Shadowsocks server can be controlled with an instance of rvice.
For example, to start and enable the service using the configuration file /etc/shadowsocks/, use the service rvice(shadowsocks-libev) or rvice(shadowsocks).
To bind Shadowsocks to a privileged port (less than 1024), the server should be started as user root:
/etc/systemd/system/rvice. d/
[Service]
User=root
Encryption
Installing the python-m2crypto package will make encryption a little faster.
To use Salsa20 or ChaCha20 ciphers, install the libsodium package.
See also
Shadowsocks website
Python package
GitHub wiki (some suggestions for optimization)
Backup GitHub project (the original project has been “removed according to regulations” in August 2015)
Shadowsocks for Android – Guides | Mullvad VPN
Unable to surf the entire web because you’re stuck behind a restrictive firewall? Then Shadowsocks might be your answer.
In this Android guide, we’ll walk you through the steps to use this proxy to connect to Mullvad’s servers using the OpenVPN client.
What is Shadowsocks?
Please see our Intro to Shadowsocks guide.
Requirements
To use this guide, you need
an Android device
to have completed our guide on setting up Mullvad on Android before continuing.
Set-up instructions
1. Set up the Shadowsocks app
From the Play Store on your device, search for and install the Shadowsocks app (from TrueNight) or get the Shadowsocks FOSS app from F-Droid
Open the app once it has installed.
Tap on the ☰ menu icon, then Settings.
Tap on Service mode and select Proxy only.
Tap on your device’s back button.
Tap on the plus icon and select Manual Settings.
Tap on Server, change the number to the IP address of one of our bridge servers (uncheck OpenVPN and WireGuard on the Servers page), and click OK. To get the IP address you can ping the hostname, for example ping
Tap on Remote Port, change the number to “443”, and click OK.
Tap on Password, change the entry to “23#dfsbbb”, and click OK.
Tap on Encrypt Method, select CHACHA20, and click OK.
Tap on the checkmark icon to save your settings.
2. Set up the OpenVPN app
First install OpenVPN for Android
Download OpenVPN configuration file for Android from our website and make sure Connect via bridges is checked
Open the OpenVPN for Android app.
Tap on the + icon and tap on import and then select the OpenVPN configuration file that you downloaded in step #2
Tap on the edit icon next to the profile you want to use as your exit location.
In the top menu, tap on ADVANCED, CUSTOM OPTIONS
Add the line: socks-proxy 127. 0. 1 1080
Swipe the top menu until you see ALLOWED APPS. Tap on it.
Make sure that VPN is used for all apps but exclude selected is enabled.
Scroll down the list and enable Shadowsocks.
3. Connect using Shadowsocks
In the Shadowsocks app, select your new configuration and then tap on the connect icon (a paper airplane)
In the OpenVPN app, connect to the server you just finished editing by tapping on the name (not the edit icon) of the profile. The first time you connect to a profile, you will be asked for a username and password:
username – use your Mullvad account number (without any spaces)
password – use the letter m
Both apps should show as being connected. Congrats!
Test your connection with our Connection check. Note that it will only show the OpenVPN exit server, not the Shadowsocks server.
Frequently Asked Questions about shadowsocks config
How do I configure Shadowsocks?
Set-up instructionsFrom the Play Store on your device, search for and install the Shadowsocks app (from TrueNight) or get the Shadowsocks FOSS app from F-Droid.Open the app once it has installed.Tap on the ☰ menu icon, then Settings.Tap on Service mode and select Proxy only.Tap on your device’s back button.More items…•May 15, 2021
How do I create a Shadowsocks config file?
Configure the Shadowsocks ServerCreate a new system user for Shadowsocks: Ubuntu 16.04 adduser –system –no-create-home –group shadowsocks. … Create a new directory for the configuration file: mkdir -m 755 /etc/shadowsocks.Create the Shadowsocks configuration file located at /etc/shadowsocks/shadowsocks. json .Dec 7, 2017
How do I change my Shadowsocks port?
Steps to Reproduce the ProblemChange the server port on VPS in /etc/shadowsocks-libev/config.json to 443.Reboot VPS.Change the shadowsocks port to 443 via /luci/admin/services/shadowsocks-libev/servers.Reboot router.Jul 29, 2019
