ShadowSocks is an opensource server-client based solution created to circumvent state censorship by mimicking a normal HTTPS connection.

It is not a fully-fledged VPN style but provide the necessary encryption to bypass nation censorship such as those from China, Kazakhstan, Iran, Russia…

It has many different flavors written in different languages and available also as containers or in the official repository of the major distributions.

This tutorial recommends and shows how to install the lightweight flavor written in C that provides the best performance possible.

With a simple VPC, single core and singe GB of RAM you can easily achieve 1 gbps for download and upload if your internet speed can get that fast.

Ubuntu / Raspbian / Kali / Debian

sudo apt update && sudo apt install shadowsocks-libev -y

Find more information on the official website [Link] or repository [Link].


The same application can be configured to work as Server or Client.

Server configuration:

After installing shadowsocks-libev make changes to its configuration.

sudo nano /etc/shadowsocks-libev/config.json
{
"server":"0.0.0.0",
"mode":"tcp_and_udp",
"server_port":8080,
"local_port":1080,
"password":"ENTER-PASSWORD-HERE",
"timeout":60,
"method":"chacha20-ietf-poly1305"
}

Note: by entering 0.0.0.0 the server will listen on all interfaces of the server. The port 8080 is where it will accept connections from the client. And the ENTER-PASSWORD-HERE can be any thing you want.

sudo ufw allow 8080
sudo systemctl enable shadowsocks-libev.service
sudo systemctl restart shadowsocks-libev.service
sudo systemctl status shadowsocks-libev.service

Client configuration (Linux):

After installing shadowsocks-libev stop the server and prevent it from start on boot and create a client configuration.

sudo systemctl stop shadowsocks-libev
sudo systemctl disable shadowsocks-libev
sudo cp /etc/shadowsocks-libev/config.json /etc/shadowsocks-libev/client.json
sudo nano /etc/shadowsocks-libev/client.json
{
"server":"SERVER-IP-ADDRESS",
"mode":"tcp_and_udp",
"server_port":8080,
"local_address":"127.0.0.1",
"local_port":1080,
"password":"ENTER-PASSWORD-HERE",
"timeout":60,
"method":"chacha20-ietf-poly1305"
}

Note: add the SERVER-IP-ADDRESS or a name that resolves to the server’s IP. Inform the port 8080 where the ShadowSocks is listening on and the same ENTER-PASSWORD-HERE configured on the server. In the example above the client-side will be a SOCKS5 that will listen on port 1080 locally (127.0.0.1). Feel free to make changes accordingly to your needs.

sudo systemctl enable [email protected]client.service
sudo systemctl start [email protected]client.service
sudo systemctl status [email protected]client.service

Browser configuration:

On Firefox it is recommended to use an extension called FoxyProxy [Link].

It also supports other operating systems such as MacOS, iOS, Android, and more [Link].

  • Windows
pip install shadowsocks
  • OpenWRT
opkg install shadowsocks-libev
opkg install shadowsocks-libev-polarssl