PDA

View Full Version : ShadowSocks proxy installation on Linux server + Windows/Android client



Fli
02-15-2016, 04:06 PM
ShadowSocks (https://github.com/shadowsocks/shadowsocks-libev) - lightweight UDP, TCP SOCKS5 proxy with encryption can be hosted on the Linux server and client can be running Windows/Android/Mac etc. Lets start with server side installation:

NOTE: On Linux client i am not happy with the client software shadowsocks-qt5 (it looks to have memory leaks and is not maintained (https://github.com/shadowsocks/shadowsocks-qt5)), i ended up using v2ray (https://www.ecosia.org/search?q=v2ray+proxy+setup+server+client+tutorial)/tutorial2 (https://www.v2ray.com/en/welcome/install.html) instead, though it is not only alternative: https://getoutline.org/tutorial (https://blog.ssdnodes.com/blog/outline-vpn-tutorial-vps/) or brook (https://github.com/txthinking/brook)? My v2ray Linux server to Linux client tutorial is here (https://internetlifeforum.com/linux-forums/16806-how-i-setup-v2ray-shadowsocks-proxy-linux-server-centos-client-manjaro-arch/), it worked.

SERVER SIDE INSTALLATION:

Order approx. 128MB RAM (during my test, 81MB RAM was used while 62MB out of that was cached) Linux CentOS 6.x VPS from there: http://instantcpanelhosting.com/cart.php?gid=4

Connect to the VPS using software called PuTTY using credentials from the e-mail you received after purchase.

In case of CentOS Linux, download appropriate .repo file into /etc/yum.repos.d/ . Example i have CentOS 6 (command: cat /etc/red*), so i used this command to download the repository:

wget -P /etc/yum.repos.d/ https://copr.fedorainfracloud.org/coprs/librehat/shadowsocks/repo/epel-6/librehat-shadowsocks-epel-6.repo

For CentOS 7, command was: wget -P /etc/yum.repos.d/ https://copr.fedorainfracloud.org/coprs/librehat/shadowsocks/repo/epel-7/librehat-shadowsocks-epel-7.repo

For any Linux, including CentOS, continue like this:

yum clean all 2>/dev/null && yum update 2>/dev/null || apt update 2>/dev/null

yum install shadowsocks-libev -y 2>/dev/null || apt install shadowsocks-libev -y 2>/dev/null;apt install shadowsocks 2>/dev/null

service should already be set to run at boot (on):

chkconfig --list 2>/dev/null|grep soc||systemctl list-unit-files 2>/dev/null|grep "sock"

shadowsocks-libev 0:off 1:off 2:on 3:on 4:on 5:on 6:off

If no output/not enabled, try: systemctl enable shadowsocks-libev;systemctl enable shadowsocks 2>/dev/null
or: chkconfig shadowsocks-libev on

edit server configuration file:

vi /etc/shadowsocks*/config.json

and make it to be:


{
"server":"0.0.0.0",
"server_port":8388,
"local_port":1082,
"password":"YOURPROXYPASSWORD",
"timeout":60,
"method":"aes-256-cfb"
}

start the proxy service:

service shadowsocks-libev restart

logfile might be: tail /var/log/messages
manual page: man shadowsocks-libev
quit manual page by typing: q

Might be good to increase open files limit, read here: https://shadowsocks.org/en/config/advanced.html

CLIENT SIDE INSTALLATION:

Download & run ShadowSocks client software from https://shadowsocks.org/en/download/clients.html
For Android, search Google Play for shadow socks, setup is similar like for Windows. In Android, app was failing to autostart/connect at phone start, so i had to use MacroDroid app to setup autolaunch.

Example Shadowsocks 2.5.6:

257
the port is one you set in server config file (1082 maybe) and Encryption method is one you used in server config file.

then global enable proxy in the Internet Explorer (IE) settings:

258
(PAC mode not worked for me)

After client software is configured and connection with proxy established, one can set system proxy to be: 127.0.0.1:1082 (or whatever port you used in server/client configuration), i also made sure to whitelist that port in Windows firewall configuration (UDP+TCP).

And it worked for me. Verified on IP site like http://myip.ms
Then veriffy yourself on the leak test: https://ipleak.net/ . If there are DNS servers of your ISP or other open DNS, try to install pdnsd + ipset + dnsmasq to proxiffy DNS requests too.



---- Example ShadowSocks-libev configuration files ----

SERVER CONFIG: vi /etc/shadowsocks*/config.json

{
"server":"0.0.0.0",
"server_port":8388,
"local_port":1082,
"password":"myproxypasswordhere",
"timeout":60,
"method":"aes-256-cfb"
}

CLIENT CONFIG: C:\Users\Username\Desktop\Shadowsocks-win-2.5.6\gui-config.json

{
"configs" : [
{
"server" : "myserveriphere",
"server_port" : 8388,
"password" : "myproxypasswordhere",
"method" : "aes-256-cfb",
"remarks" : ""}

],
"strategy" : null,
"index" : 0,
"global" : false,
"enabled" : false,
"shareOverLan" : false,
"isDefault" : false,
"localPort" : 1082,
"pacUrl" : null,
"useOnlinePac" : false,
"availabilityStatistics" : false}


--------

If server configuration file is modified, one need to restart ss service:
service shadowsocks-libev restart