PHHow to Setup Shadowsocks-libev(most latest updated and light) on Digital Ocean VPS!
Yeah i know there are some other shadowsocks install tutorial around here and they didn't even cover optimization etc and fast open. But did you know that there’s also another software called Shadowsocks-libev?
Shadowsocks-libev, on the other hand, is written in C programming language and thus it consumes little RAM and is a very good fit for low-end device such as routers. The latest stable version is v3.0.8 which was released on July 27, 2017.
yes we can also install shadowsocks libev as client on routers but well cover that another time
But 1st You need a VPS so if you have some extra cash to spare follow instrcutions below
Save $25 for your Cloud Computing Solution with Digital Ocean.
Use this link to You do not have permission to view the full content of this post. Log in or register now. and save your first $10.
Enter the Promocode LOWENDBOX when you choose your payment method and get another $15 discount.
Need To pay atleast 5$ via Paypal or atleast provide legit creditcard details to unlock deploying a vps
Apply LOWENDBOX first before doing so.
if you used paypal to pay and the extra 15$ didnt apply just contact support that you didnt get a additional 15$ discount by using the lowendbox code
Starting with a $25 discount is not bad for a service which only coast $5 per month
Now to Deploy our VPS
1. Press Create then click droplets
2.Click Distribution and Select Ubuntu 16.04 64
3.Choose size Click Standard and Select 5$ one
4.Choose a datacenter region of your choice
5.check monitoring
6.Finalize and create
Check email for SSH root password log in via putty
then you will be prompt to change password
log in again to log in into ROOT terminal via SSH
How to use:
Use the root user to log in and run the following command:
After the installation is complete, the script prompts as follows:
Uninstall method:
use the root user login, run the following command:
commands:
start: /etc/init.d/shadowsocks start
stop: /etc/init.d/shadowsocks stop
restart: /etc/init.d/shadowsocks restart
View Status: /etc/init.d/shadowsocks status
Want to modify Shadowsocks details like port and password?
check this out
1st
open SSH like what you did to install the server
type
and something like this will appear
now we edit like we do in notepad
p.s. you cannot use numpad and can only use the numbers below the f1-f8 keys
after editing press and hold ctrl then press o
press enter to save
then press and hold ctrl then x to close
after that you may want to restart your shadowsocks server so use our command
to restart
then you may now use your new shadowsocks settings
So you dont trust the 1 click install script eh? feeling geeky and want to do it manually?
so heres an alternative P.S this is the advanced way
bale mano mano and has new AEAD ciphers
You do not have permission to view the full content of this post. Log in or register now. only supported by shadowsocks csharp and shadowsocks android as far as i know not supprted by sscap and also sscap ended support/development so no more updates
1. SSH into You do not have permission to view the full content of this post. Log in or register now. and install git version control tool.
2. Clone the source repository from Github.
3. Install build dependencies
4. Configure build environment and compile it.
5. Install shadowsocks-libev
Before we can start the shadowsock-libev service, we need to configure the socket, password, encryption method and thing like that. So execute the following command to create a configuration file.
Replace the red-colored text with your info. In nano text editor, press CTRL+O to save the file, CTRL+X to exit. Then start shadowsocks server with the below command
To let it automatically start when Ubuntu 16.04 server is booted, we can put this command into /etc/rc.local file. edit natin yung rc.local file at insert yung command para everytime na restart mo server auto start na shadowsocks mo
Add the ss-server command above exit 0. Save and close the file.
Explanation of each field:
server: your hostname or server IP.
server_port: server port number.
local_port: local port number.
password: a password used to encrypt transfer.
timeout: connections timeout in seconds.
method: Available encryption method are, “bf-cfb”, “aes-256-cfb”, “des-cfb”, “rc4”, etc. Default is table, which is not secure. The following AEAD ciphers are recommended. Compliant Shadowsocks implementations must support AEAD_CHACHA20_POLY1305. Implementations for devices with hardware AES acceleration should also implement AEAD_AES_128_GCM, AEAD_AES_192_GCM, and AEAD_AES_256_GCM.
More Misc info if gusto mo magexperiment
Yeah i know there are some other shadowsocks install tutorial around here and they didn't even cover optimization etc and fast open. But did you know that there’s also another software called Shadowsocks-libev?
Shadowsocks-libev, on the other hand, is written in C programming language and thus it consumes little RAM and is a very good fit for low-end device such as routers. The latest stable version is v3.0.8 which was released on July 27, 2017.
yes we can also install shadowsocks libev as client on routers but well cover that another time
But 1st You need a VPS so if you have some extra cash to spare follow instrcutions below
Save $25 for your Cloud Computing Solution with Digital Ocean.
Use this link to You do not have permission to view the full content of this post. Log in or register now. and save your first $10.
Enter the Promocode LOWENDBOX when you choose your payment method and get another $15 discount.
Need To pay atleast 5$ via Paypal or atleast provide legit creditcard details to unlock deploying a vps
Apply LOWENDBOX first before doing so.
if you used paypal to pay and the extra 15$ didnt apply just contact support that you didnt get a additional 15$ discount by using the lowendbox code
Starting with a $25 discount is not bad for a service which only coast $5 per month
Now to Deploy our VPS
1. Press Create then click droplets
2.Click Distribution and Select Ubuntu 16.04 64
3.Choose size Click Standard and Select 5$ one
4.Choose a datacenter region of your choice
5.check monitoring
6.Finalize and create
Check email for SSH root password log in via putty
then you will be prompt to change password
log in again to log in into ROOT terminal via SSH
How to use:
Use the root user to log in and run the following command:
Code:
sudo wget --no-check-certificate -O https://pastebin.com/raw/wQM2YZj1 shadowsocks-libev-debian.sh
chmod +x shadowsocks-libev-debian.sh
./shadowsocks-libev-debian.sh 2>&1 | tee shadowsocks-libev-debian.logAfter the installation is complete, the script prompts as follows:
Code:
Congratulations, Shadowsocks-libev server install completed!
Your Server IP :your_server_ip
Your Server Port :your_server_port
Your Password :your_password
Your Encryption Method:your_encryption_method
Enjoy it!Uninstall method:
use the root user login, run the following command:
Code:
./shadowsocks-libev-debian.sh uninstallcommands:
start: /etc/init.d/shadowsocks start
stop: /etc/init.d/shadowsocks stop
restart: /etc/init.d/shadowsocks restart
View Status: /etc/init.d/shadowsocks status
Want to modify Shadowsocks details like port and password?
check this out
1st
open SSH like what you did to install the server
type
Code:
sudo nano /etc/shadowsocks-libev/config.json
Code:
{
"server":["[::0]","0.0.0.0"],
"server_port":your_server_port,
"local_address":"127.0.0.1",
"local_port":1080,
"password":"your_password",
"timeout":600,
"method":"aes-128-cfb"
}now we edit like we do in notepad
p.s. you cannot use numpad and can only use the numbers below the f1-f8 keys
Code:
{
"server":["[::0]","0.0.0.0"],
"server_port":443,
"local_address":"127.0.0.1",
"local_port":1080,
"password":"PeenoiseSync",
"timeout":600,
"method":"aes-256-cfb"
}after editing press and hold ctrl then press o
press enter to save
then press and hold ctrl then x to close
after that you may want to restart your shadowsocks server so use our command
Code:
/etc/init.d/shadowsocks restartthen you may now use your new shadowsocks settings
So you dont trust the 1 click install script eh? feeling geeky and want to do it manually?
so heres an alternative P.S this is the advanced way
bale mano mano and has new AEAD ciphers
You do not have permission to view the full content of this post. Log in or register now. only supported by shadowsocks csharp and shadowsocks android as far as i know not supprted by sscap and also sscap ended support/development so no more updates
1. SSH into You do not have permission to view the full content of this post. Log in or register now. and install git version control tool.
Code:
sudo apt install git2. Clone the source repository from Github.
Code:
git clone https://github.com/shadowsocks/shadowsocks-libev.git
cd shadowsocks-libev3. Install build dependencies
Code:
sudo apt install build-essential autoconf libtool libssl-dev asciidoc4. Configure build environment and compile it.
Code:
./configure && make5. Install shadowsocks-libev
Code:
sudo make installBefore we can start the shadowsock-libev service, we need to configure the socket, password, encryption method and thing like that. So execute the following command to create a configuration file.
Code:
sudo nano /etc/sslibevconfig.json
Code:
Paste the code below
pres ctrl+ letter o to save
press ctrl + x to close
{
"server":"your_server_ip",
"server_port":443,
"local_address": "127.0.0.1",
"local_port":1080,
"password":"your_passwd",
"timeout":600,
"method":"chacha20-ietf"
}Replace the red-colored text with your info. In nano text editor, press CTRL+O to save the file, CTRL+X to exit. Then start shadowsocks server with the below command
Code:
ss-server -c /etc/sslibevconfig.jsonTo let it automatically start when Ubuntu 16.04 server is booted, we can put this command into /etc/rc.local file. edit natin yung rc.local file at insert yung command para everytime na restart mo server auto start na shadowsocks mo
Code:
sudo nano /etc/rc.localAdd the ss-server command above exit 0. Save and close the file.
Explanation of each field:
server: your hostname or server IP.
server_port: server port number.
local_port: local port number.
password: a password used to encrypt transfer.
timeout: connections timeout in seconds.
method: Available encryption method are, “bf-cfb”, “aes-256-cfb”, “des-cfb”, “rc4”, etc. Default is table, which is not secure. The following AEAD ciphers are recommended. Compliant Shadowsocks implementations must support AEAD_CHACHA20_POLY1305. Implementations for devices with hardware AES acceleration should also implement AEAD_AES_128_GCM, AEAD_AES_192_GCM, and AEAD_AES_256_GCM.
Code:
[B]Name Alias
AEAD_CHACHA20_POLY1305 chacha20-ietf-poly1305
AEAD_AES_256_GCM aes-256-gcm
AEAD_AES_192_GCM aes-192-gcm
AEAD_AES_128_GCM aes-128-gcm[/B]More Misc info if gusto mo magexperiment
Code:
NAME
shadowsocks-libev - a lightweight and secure socks5 proxy
SYNOPSIS
ss-local|ss-redir|ss-server|ss-tunnel|ss-manager [-s <server_host>] [-p <server_port>] [-l <local_port>] [-k <password>] [-m <encrypt_method>] [-f <pid_file>] [-t <timeout>] [-c <config_file>]
DESCRIPTION
Shadowsocks-libev is a lightweight and secure socks5 proxy. It is a port of the original shadowsocks created by clowwindy. Shadowsocks-libev is written in pure C and takes advantage of libev to achieve both high performance and low resource consumption.
Shadowsocks-libev consists of five components. One is ss-server(1) that runs on a remote server to provide secured tunnel service.ss-local(1) and ss-redir(1) are clients on your local machines to proxy traffic(TCP/UDP or both). ss-tunnel(1) is a tool for local port forwarding.
While ss-local(1) works as a standard socks5 proxy, ss-redir(1) works as a transparent proxy and requires netfilter’s NAT module. For more information, check out the EXAMPLE section.
ss-manager(1) is a controller for multi-user management and traffic statistics, using UNIX domain socket to talk with ss-server(1). Also, it provides a UNIX domain socket or IP based API for other software. About the details of this API, please refer to the PROTOCOL section.
OPTIONS
-s <server_host>
Set the server’s hostname or IP.
-l <local_port>
Set the local port number.
Not available in server nor manager mode.
-k <password>, --password <password>
Set the password. The server and the client should use the same password.
--key <key_in_base64>
Set the key directly. The key should be encoded with URL-safe Base64.
Not available in manager mode.
-m <encrypt_method>
Set the cipher.
Shadowsocks-libev accepts 18 different ciphers:
aes-128-gcm, aes-192-gcm, aes-256-gcm, rc4-md5, aes-128-cfb, aes-192-cfb, aes-256-cfb, aes-128-ctr, aes-192-ctr, aes-256-ctr, bf-cfb, camellia-128-cfb, camellia-192-cfb, camellia-256-cfb, chacha20-ietf-poly1305, salsa20, chacha20 and chacha20-ietf.
The default cipher is rc4-md5.
If built with PolarSSL or custom OpenSSL libraries, some of these ciphers may not work.
-a <user_name>
Run as a specific user.
-f <pid_file>
Start shadowsocks as a daemon with specific pid file.
-t <timeout>
Set the socket timeout in seconds. The default value is 60.
-c <config_file>
Use a configuration file.
-n <number>
Specify max number of open files.
Not available in manager mode.
Only available on Linux.
-i <interface>
Send traffic through specific network interface.
For example, there are three interfaces in your device, which is lo (127.0.0.1), eth0 (192.168.0.1) and eth1 (192.168.0.2). Meanwhile, you configure shadowsocks-libev to listen on 0.0.0.0:8388 and bind to eth1. That results the traffic go out through eth1, but not lo nor eth0. This option is useful to control traffic in multi-interface environment.
Not available in redir mode.
-b <local_address>
Specify local address to bind.
Not available in server nor manager mode.
-u
Enable UDP relay.
TPROXY is required in redir mode. You may need root permission.
-U
Enable UDP relay and disable TCP relay.
Not available in local mode.
-L <addr:port>
Specify destination server address and port for local port forwarding.
Only available in tunnel mode.
-d <addr>
Setup name servers for internal DNS resolver (libudns). The default server is fetched from /etc/resolv.conf.
Only available in server and manager mode.
--fast-open
Enable TCP fast open.
Not available in redir nor tunnel mode, with Linux kernel > 3.7.0.
--reuse-port
Enable port reuse.
Only available with Linux kernel > 3.9.0.
--acl <acl_config>
Enable ACL (Access Control List) and specify config file.
Not available in redir nor tunnel mode.
--manager-address <path_to_unix_domain>
Specify UNIX domain socket address.
Only available in server and manager mode.
--executable <path_to_server_executable>
Specify the executable path of ss-server.
Only available in manager mode.
-v
Enable verbose mode.
-h|--help
Print help message.
CONFIG FILE
The config file is written in JSON and easy to edit.
The config file equivalent of command line options is listed as example below.
Command line JSON
-s some.server.net "server": "some.server.net"
-s some.server.net -p 1234 (client) "server": "some.server.net:1234"
-p 1234 "server_port": "1234"
-b 0.0.0.0 "local_address": "0.0.0.0"
-l 4321 "local_port": "4321"
-k "PasSworD" "password": "PasSworD"
-m "aes-256-cfb" "method": "aes-256-cfb"
-t 60 "timeout": 60
-a nobody "user": "nobody"
--fast-open "fast_open": true
--reuse-port "reuse_port": true
--plugin "obfs-server" "plugin": "obfs-server"
--plugin-opts "obfs=http" "plugin_opts": "obfs=http"
-6 "ipv6_first": true
-n "/etc/nofile" "nofile": "/etc/nofile"
-d "8.8.8.8" "nameserver": "8.8.8.8"
-L "somedns.net:53" "tunnel_address": "somedns.net:53"
-u "mode": "tcp_and_udp"
-U "mode": "udp_only"
no "-u" nor "-U" options (default) "mode": "tcp_only"
(only in ss-manager’s config) "port_password": {"1234":"PasSworD"}
EXAMPLE
ss-redir requires netfilter’s NAT function. Here is an example:
# Create new chain
root@Wrt:~# iptables -t nat -N SHADOWSOCKS
root@Wrt:~# iptables -t mangle -N SHADOWSOCKS
# Ignore your shadowsocks server's addresses
# It's very IMPORTANT, just be careful.
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 123.123.123.123 -j RETURN
# Ignore LANs and any other addresses you'd like to bypass the proxy
# See Wikipedia and RFC5735 for full list of reserved networks.
# See ashi009/bestroutetb for a highly optimized CHN route list.
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN
# Anything else should be redirected to shadowsocks's local port
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 12345
# Add any UDP rules
root@Wrt:~# ip rule add fwmark 0x01/0x01 table 100
root@Wrt:~# ip route add local 0.0.0.0/0 dev lo table 100
root@Wrt:~# iptables -t mangle -A SHADOWSOCKS -p udp --dport 53 -j TPROXY --on-port 12345 --tproxy-mark 0x01/0x01
# Apply the rules
root@Wrt:~# iptables -t nat -A PREROUTING -p tcp -j SHADOWSOCKS
root@Wrt:~# iptables -t mangle -A PREROUTING -j SHADOWSOCKS
# Start the shadowsocks-redir
root@Wrt:~# ss-redir -u -c /etc/config/shadowsocks.json -f /var/run/shadowsocks.pid
PROTOCOL
ss-manager(1) provides several APIs through UDP protocol
Send UDP commands in the following format to the manager-address provided to ss-manager(1):
command: [JSON data]
To add a port:
add: {"server_port": 8001, "password":"7cd308cc059"}
To remove a port:
remove: {"server_port": 8001}
To receive a pong:
ping
Then ss-manager(1) will send back the traffic statistics:
stat: {"8001":11370}