Shadowsocks is open-source software that hides or obfuscates internet connections.
It is widely used in mainland China to circumvent Internet censorship. It was created in 2012 by a Chinese programmer named “clowwindy”; multiple protocol implementations have been made available since.
You also consult VPN.AC — a company that specializes in obfuscating connections in China
Recently, the Great Firewall has started to block Shadowsocks servers in the same way that they block VPN servers. It is still possible to use Shadowsocks in China, but you may have to rebuild your server with a new IP address if it gets blocked.
The latest recommendation is to use ShadowsocksR (SSR) with obfuscation following the guide posted below. Although ShadowsocksR can still be blocked, it is less likely to be detected.
A List Of ShadowsocksR Apps
- ShadowsocksR for Windows
- ShadowsocksR for Android
- ShadowsocksR for Mac
- iOS Potatso Lite (FREE)
- iOS Shadowrocket ($2.99)
How To Set Up ShadowsocksR on a VPS
Step 1. Get a VPS from Vultr.com.
- Rent a VPS from Vultr
- You need bitcoin, a credit card, Paypal, Alipay, UnionPay or WeChat Pay
- Go to “Servers”, click on the “+” and deploy a new instance
- Select those options:
- Server: Tokyo
- Server Type: Debian 7 x64
- Package: $2.50 (The cheapest, comes with 500GB traffic)
- Additional Features: Enable IPv6
Step 2. Install ShadowsocksR
Login to your server using Putty or any other SSH client.
wget –no-check-certificate https://raw.githubusercontent.com/teddysun/shadowsocks_install/master/shadowsocks-all.sh
chmod +x shadowsocks-all.sh
./shadowsocks-all.sh 2>&1 | tee shadowsocks-all.log
The install script will do everything for you. Choose option 2. ShadowsocksR, choose a password and port (any port will do). Press enter and wait for it to complete.
After it is done, it will display the config.
Congratulations, ShadowsocksR server install completed!
Your Server IP : 0.0.0.0
Your Server Port : 8989
Your Password : password
Your Encryption Method: aes-256-cfb
Protocol : origin
obfs : plain
Step 3. Edit the config
vi /etc/shadowsocks-r/config.json
Press “i” to edit the file. Move the cursor around to change text. Change "protocol": "origin",
to "protocol": "auth_sha1_v4",
and "obfs": "plain",
to "obfs": "tls1.2_ticket_auth",
Press “esc” then type “:wq!” to save the file and go back
Restart shadowsocksr with
/etc/init.d/shadowsocks-r restart
Step 4. Download the Client
- ShadowsocksR for Windows
- ShadowsocksR for Android
- ShadowsocksR for Mac
- iOS Potatso Lite (FREE)
- iOS Shadowrocket ($2.99)
Run it, enter your IP, Port, Password and change the protocol and obfs. Done
Step 5. Protect your SSH access from brute-force attacks
The simplest way to do that is using iptables
iptables -I INPUT -p tcp –dport 22 -i eth0 -m state –state NEW -m recent –set
iptables -I INPUT -p tcp –dport 22 -i eth0 -m state –state NEW -m recent –update –seconds 60 –hitcount 4 -j DROP
This will block IP addresses that try to log in more than 3 times per minute. It only affects “NEW” connections, so properly authenticated ssh sessions will not get blocked.
Other Rumors
Is Shadowsocks currently banned? Here is what a user in China reports:
The government seems to be trying to intercept but apparently still needs to work hard. They tried to discover these hidden services by using social engineering, traffic detection and analysis, and port proactive detection. However, some service providers of Shadowsocks are also trying to counter these bans. The Shadowsocks protocol is still being maintained, and the protocol has missing a clear communication magic word to be discovered.
Ding Yufeng
This guide is similar to the setup listed in the article above but has a few differences:
https://www.tipsforchina.com/how-to-setup-a-fast-shadowsocks-server-on-vultr-vps-the-easy-way.html
Keep in mind BBR doesn’t work with OpenVZ. It works for KVM, I believe. Vultr should be fine since the guide uses Vultr as well.
Let me know if that guide isn’t enough.
For KCP, if you’re familiar with SS/SSR, then it’s basically the same thing.
https://github.com/xtaci/kcptun
Basically, instead of going direct SS (client) to SS (server), you go SS (client) -> Kcp (client) -> Kcp (server) -> SS (server).
The git page has enough basics. If you have problems with that, you may need to spend some time familiarizing yourself with linux command line/vi or vim editor.
I don’t want to steal my mom’s credit card. And I want to play roblox in China. Unfortunately, China is not Canada.
Warning: DO NOT use HDsocks.
They are Chinese Scammers.
I paid for a 1 year subscription and got a bunch of servers that I couldn’t connect to. They used to be OK but they are now evidently just taking people’s money and shafting them.
They are not responding to support tickets, emails or via QQ.
AVOID HDsocks at all cost or you will be scammed as well. Use another provider (eg I’m currently using Wannaflix)
Hello there! I’ve installed shadowsocksR successfully and made little changes. Here they are:
{
“server”: “0.0.0.0”,
“local_address”: “127.0.0.1”,
“local_port”: 1080,
“port_password”:{
“110”:”Me$e1edal”,
“143”:”G@@gle”,
“443”:”G@njirug”,
“465”:”passw0rd!”,
“563”:”40-Emjek?”,
“587”:”Lashgabat2@18″,
“631”:”Ke11esine!”,
“993”:”Bereke!La?”,
“994”:”B!9rek”,
“995”:”ASU_1990!”,
“1241”:”P@$$w0rd”,
“9090”:”P0lis@n2018″
},
“timeout”:120,
“method”:”chacha20-ietf”,
“protocol”:”auth_sha1_v4_compatible”,
“protocol_param”:””,
“obfs”:”tls1.2_ticket_auth_compatible”,
“obfs_param”:””,
“redirect”:””,
“dns_ipv6”:false,
“fast_open”:true,
“workers”:1
}
Each port for one user. I have a question. How can i restrict users from using one port in two or more device. So when they share ssr (in app we can share) both of devices couldn’t use it.
bitlaunch has one-click app for ssr
Is there any update to this? I’m interested to give it a try.