In an increasingly interconnected world, internet access remains a vital tool for communication, education, and freedom of expression. Unfortunately, in many regions, internet censorship and surveillance curtail the ability to access information and violate privacy rights. For users living in such environments, traditional Virtual Private Networks (VPNs) often come under fire from censors and can be blocked. Hence, the need for alternatives arises. Enter Shadowsocks—an open-source, secure proxy server specifically designed to allow users to bypass censorship while still keeping their web traffic secure.
Table of Contents
- Introduction
- Setting Up Shadowsocks-Rust on Linux
- Step 1: Connect to Your Server via SSH
- Step 2: Set Up Firewall Rules
- Step 3: Download Shadowsocks-Rust Binaries
- Step 4: Configure Shadowsocks-Rust Server
- Step 5: Running as Service
- Step 6: Using the Shadowsocks Service
- Shadowsocks Clients
What is Shadowsocks?
Shadowsocks is not a traditional VPN but instead operates as a Socks5 proxy. It was developed in the mid-2010s by a Chinese programmer nicknamed “clowwindy,” aiming to circumvent the Great Firewall of China. This proxy uses a client-server model and allows users to cloak their internet traffic to evade detection, which is vital in restricted environments.
Key Characteristics:
- Performance: Shadowsocks generally provides faster connections and lower latency than conventional VPN options like OpenVPN.
- Flexibility: It’s lightweight and offers multi-port and multi-server configurations, making it adaptable to various network environments.
- Resilience Against Detection: Operating at the socket level and mimicking regular HTTPS traffic makes it a robust choice against censorship.
Setting Up Shadowsocks-Rust on Linux
If you’re ready to set up your own Shadowsocks server, this guide will navigate through the process of configuring a Shadowsocks-Rust server on Ubuntu / Debian with both x86_64 and arm64 architectures.
Prerequisites
- A Virtual Machine (VM) running either Ubuntu 22 or Rocky Linux 9.x.
- Root access to your VM.
- A reliable internet connection.
Step 1: Connect to Your Server via SSH
Start by connecting to your VM via SSH using a terminal application:
ssh root@your_server_ip
Step 2: Set Up Firewall Rules
Depending on your Linux distribution, you’ll need to enable and configure firewall permissions.
sudo apt install ufw sudo ufw enable sudo ufw allow 12345
Step 3: Download Shadowsocks-Rust Binaries
- Depending on the architecture of your system, download the appropriate binary:
# For x86_64 architecture wget https://github.com/shadowsocks/shadowsocks-rust/releases/latest/download/shadowsocks-v1.21.0.x86_64-unknown-linux-gnu.tar.xz -P /opt/
- Unpack the binaries to
/sbin
:
tar xf /opt/shadowsocks-*-linux-gnu.tar.xz -C /sbin/ --owner=root --group=root rm /opt/shadowsocks-*-unknown-linux-gnu.tar.xz
Step 4: Configure Shadowsocks-Rust Server
- Create a configuration directory:
mkdir /etc/shadowsocks-rust
- Generate secure passwords for the encryption method of your choice. For example, using
aes-256-gcm
orchacha20-ietf-poly1305
:
PASSWORD_0=$(ssservice genkey -m "aes-256-gcm")
- Create a JSON configuration file
config.json
with the following template, replacing<PORT>
and<PASSWORD>
accordingly:
sudo nano /etc/shadowsocks-rust/config.json
{ "server": "0.0.0.0", "ipv6_first": false, "ipv6_only": false, "server_port": <port>, "mode": "tcp_and_udp", "password": "<password>", "method": "aes-256-gcm", "timeout": 300, "udp_timeout": 300, "udp_max_associations": 512 }
Step 5: Running as a Service
- Create a new systemd service file to manage the Shadowsocks server:
sudo nano /etc/systemd/system/shadowsocks-rust.service
- Add the following to the service file:
[Unit] Description=Shadowsocks-rust After=network.target Wants=network.target [Service] ExecStart=/usr/sbin/ssserver -c /etc/shadowsocks-rust/config.json Restart=on-failure User=root Group=root LimitNOFILE=4096 [Install] WantedBy=multi-user.target
Step 6: Using the Shadowsocks Service
- Reload systemd to apply changes and start the service:
systemctl daemon-reload systemctl start shadowsocks-rust systemctl enable shadowsocks-rust
- You can monitor the service status using:
systemctl status shadowsocks-rust
Shadowsocks Clients
Once your Shadowsocks server is set up, you can configure clients on your devices. Below are instructions for Windows, macOS, Android, and iOS users.
Windows
- Download the Latest Windows Client: Head to the official Shadowsocks GitHub repository and download the latest release of the Shadowsocks Windows client.
- Extract and Run: Extract the ZIP file and run the
Shadowsocks.exe
. - Configure the Client:
- Right-click on the tray icon, go to Servers > Server.
- Fill in the Server FQDN or Server IP, Server Port, Password, and Encryption method that matches your Shadowsocks server configuration.
- Save Settings: Click OK.
- Adjust Proxy Settings: For web browsers like Firefox, configure your proxy settings accordingly.
- Enable System Proxy: Right-click on the tray icon and choose Enable System Proxy to start using Shadowsocks.
macOS
- Download ShadowsocksX-NG: Navigate to the official ShadowsocksX-NG GitHub repository and download the latest release.
- Install the Application: Open the DMG file and drag the application to your Applications folder.
- Run ShadowsocksX-NG: Open the application.
- Configure the Client:
- Click on the tray icon, go to Servers > Server Preferences.
- Click on the + button at the bottom left.
- Fill in the Server IP, Server Port, Password, and Encryption method that matches your Shadowsocks server configuration.
- Start Shadowsocks: Click OK, then go to the tray icon and choose Turn Shadowsocks On to start using Shadowsocks.
Android
- Download Shadowsocks App: Visit the Google Play Store and download the official Shadowsocks app.
- Open the App: Launch the Shadowsocks app on your Android device.
- Add a New Server:
- Tap the “+” icon to add a new server.
- Fill in the Server IP, Server Port, Password, and select the Encryption method that corresponds to your Shadowsocks server configuration.
- Save and Connect: Once all fields are filled, tap on Save. Then, toggle the switch at the top right to connect to the Shadowsocks server.
- Verify Connection: You should see a key icon in the notification bar, indicating that the connection is active. Now your internet traffic will be routed through the Shadowsocks server.
iOS
- Download Shadowsocks App: Go to the App Store and download the official Shadowsocks app.
- Open the App: Launch the Shadowsocks app on your iOS device.
- Add a New Server:
- Tap the “+” icon in the top right corner to add a new server.
- Fill in the Server IP, Server Port, Password, and select the Encryption method that matches your Shadowsocks server configuration.
- Save and Connect: After entering all the required information, tap Save. To connect to your Shadowsocks server, toggle the connection switch at the top of the app.
- Verify Connection: Once connected, you will see a blue or green icon in the status bar, indicating that your internet traffic is now routed through the Shadowsocks server.
Troubleshooting
1) Windows 10 Proxy for Shadowsocks
After configuring the Shadowsocks client on your Windows machine, you may also want to set up the system-wide proxy settings for Windows 10. Here’s how to do it:
Step 1: Open Proxy Settings
- Click on the Start menu and then select Settings (the gear icon).
- Go to Network & Internet.
- On the left sidebar, click on Proxy.
Step 2: Configure Proxy Settings
- Manual Proxy Setup: Scroll down to the Manual proxy setup section.
- Toggle the switch to On under “Use a proxy server”.
- Enter the following details:
- Address: Enter the Server IP of your Shadowsocks server i.e.
127.0.0.1
. - Port: Enter the Server Port you used in your Shadowsocks windows app configuration e.g.
1080
. - Exclude Local Address: Add local address to exclude using proxy e.g.
192.168.1.*;192.168.2.105
. - Click Save.
Step 3: Test the Proxy Connection
- Open your web browser and navigate to a website to ensure that your traffic is routing through the Shadowsocks proxy.
- To verify if your IP address is changed and your connection is established, you can use services like WhatIsMyIP.com to check your current IP address.
2) Whatsapp and other VoIP Calls keep connecting
- Edit your JSON configuration file e.g.
sudo nano /etc/shadowsocks-rust/config.json
and make sure that it should contains the following configurations e.g.
"ipv6_first": false, "ipv6_only": false, "mode": "tcp_and_udp",
- After updating, restart your Shadowsocks server:
systemctl stop shadowsocks-rust systemctl start shadowsocks-rust
Conclusion
By following these steps, you will have successfully set up a Shadowsocks server capable of bypassing internet censorship and providing secure internet access. Now you can configure various clients, including Windows, macOS, Linux, Android, and iOS, to connect to your Shadowsocks server, enhancing your internet privacy and freedom. With Shadowsocks, you can navigate the web without fear of censorship and maintain your online privacy.