Raise Shadowsocks – proxy with traffic encryption and minimal speed drop

Raise Shadowsocks – proxy with traffic encryption and minimal speed drop

The essence of its work is this: the client pretends to be a proxy server, receives incoming connections and encrypts them. It then sends it to a server and there it releases it to the Internet.

What’s so good?

  • All data that passes through the client and server is encrypted.
  • Speed of work. Compared to an SSH tunnel that operates on a similar principle, shadowsocks has a higher bandwidth.
  • The encryption algorithm is up to you.
  • The ability to customize access at the program/site level.
  • OpenVPN, Tor, SSH are quite simply defined by the Chinese firewall. Shadowsocks – no. Even if your ISP wants to trot the connection to the proxy, it is possible to screw the connection obfuscation. The plugin masks the proxy traffic as HTTPS or TLS/SSL.
  • Easy customers for any device. You can forget about untrustworthy mobile devices, download the client and connect to your own server. The battery does not eat much, although it depends on the encryption method. If you use AES, it flies on almost any smartphone, even quite old ones, because of the hardware support for encryption.
  • Protect data when using networks that do not inspire trust. For example, public wi-fi.
  • Bypass any locks, ISP firewalls. It is enough to rent a server, which is located in a country where there are no locks.
  • To protect against traffic interception. But it is more of a privacy tool than anonymity. If you do anything illegal through the server, the host will merge your data on the first request. To avoid this, you can buy a server in a Third World country where the host doesn’t really care about requests for information. But in any case there is a risk. However, it is much lower than with conventional VPNs like Nord, because they also merge data on the first request.

Let’s go to server installation

  • I will show by example a server 99r/month from a Russian host with a server in the Netherlands. Operating system – ubuntu 20.04. Features – 1 gb ozu, 1 e5-2630L v2 core and kvm virtualization. Declared network 200mbit.
  • Buy server. Choose an operating system.

 

    • You will get IP with password. Connect via ssh putty to that IP. We leave the port as standard – 22.

 



.

    • Login. According to the standard via root, if not, the hoster has specified the name of the account in the control panel/mail that it sent to the mail. The password should be there too (the fact that the password is not shown when you enter it is normal).

.

.

  • Run the following command to update the linux-soft repository (you can insert a command from the clipboard by pressing PCM in putty).
sudo apt update && apt upgrade -y
  • This will take some time. You can see the progress from the bottom left.

.

    • In addition we put snapd. The shadowsocks-libev githab says it is recommended to install the server itself via snap.

.

sudo apt install -y snapd
  • Reboot the server now:
sudo reboot
  • After that we put the shadowsocks server itself. We will use the version written in C. It is very fast and lightweight. Enter:
sudo snap install shadowsocks-libev
    • Create a directory where the configuration files will be stored:
sudo mkdir -p /var/snap/shadowsocks-libev/common/etc/shadowsocks-libev
    • After that we create and go to the server configuration file:
sudo touch /var/snap/shadowsocks-libev/common/etc/shadowsocks-libev/config.json
sudo nano /var/snap/shadowsocks-libev/common/etc/shadowsocks-libev/config.json
    • Bring it up to this point:
{
    "server": "server_ip",
    "server_port":random_port,
    "local_port":1080,
    "password": "pass",
    "timeout":20,
    "method":"chacha20-ietf-poly1305",
    "fast_open":true,
    "nameserver":"1.1.1.1",
    "mode": "tcp_and_udp"
}

.
IP in the server field is a public ip server (the one you connect to). You can listen to all network interfaces using ip 0.0.0.0



Server_port is a port of the server. I use 443 though it can be any free port. If you do not use ports 80/443 to host your site on the same server you can use them.

We leave local_port as a standard port.

The password is harder to enter. In any case you won’t have to enter it many times, only once in the client from your computer. It is possible to connect the phone through a QR code.

timeout is the time before disconnecting the socket in seconds, if the connection isn’t used. With the value in 20 seconds everything will be fine.

Method is an encryption method. Chacha20 is reliable enough that nobody will decrypt your traffic. For faster performance, if you have AES hardware acceleration or the battery on your phone is rapidly failing, you can use it. In this case, instead of chacha20-ietf-poly1305 enter aes-256-gcm. Both encryption algorithms are very powerful.

fast_open reduces latency i.e. ping. In case of problems you should try to disable it.

The nameerver is which dns server will use shadowsocks. It is possible not to specify this line, then the server will use the dns that your host uses. I will set the DNS from CloudFlare, namely 1.1.1.1.

mode – use tcp/udp traffic or both. If your network has specific requirements then you may need to install tcp_only. In other cases use tcp_and_udp.

    • Compress CTRL+O after prescribing the configuration file, and then Enter. We exit the configuration file with CTRL+X.
    • Since now we have a configured server. But it is inconvenient to run it yourself after any reboot, right? Let’s create a service that will do it for us:
sudo touch /etc/systemd/system/[email protected]
sudo nano /etc/systemd/system/[email protected]
  • Paste this:
[Unit].
Description=Shadowsocks-Libev Custom Server Service for %I
Documentation=man:ss-server(1)
After=network-online.target

[Service]
Type=simple
ExecStart=/usr/bin/snap run shadowsocks-libev.ss-server -c /var/snap/shadowsocks-libev/common/etc/shadowsocks-libev/%i.json

[Install]
WantedBy=multi-user.target

.

    • Exit, saving it all with ctrl+o.
    • Please the following command:
sudo systemctl enable --now [email protected]
    • Check if our server is running:

.

sudo systemctl status [email protected]

.

.

  • Success

Sometimes after reboot the server runs with an error and you need to manually run this command again:

sudo systemctl enable –now [email protected]

After that, the server runs fine.

Customize Client

    • Add a server, specify the data that you have entered in config.json. Select the same encryption.

.

.

    • Then we click on the icon shadowsocks, check the autoload and choose a system proxy server – for the whole system. We check the IP on a site convenient for you. To connect from your phone, download the shadowsocks on it. From your computer, go to the servers – will share the configuration of the server. Scan qr-code.
    • 2ip.ru and duckduckgo determine different locations, which is odd, but there is nothing wrong with IP – we go online not with our IP, but with the IP of our host.

.

.

.

.

    • Step a little kernel editing for maximum performance.

.

sudo nano /etc/sysctl.conf
    • At the end of the file we insert this:

.

fs.file-max = 51200
net.core.netdev_max_backlog = 250000
net.core.somaxconn = 4096
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 10000 65000
net.core.netdev_max_backlog = 4096
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_fastopen = 3
net.ipv4.tcp_mtu_probing = 1
net.core.rmem_max = 67108864
net.core.wmem_max = 67108864
net.ipv4.tcp_mem = 25600 51200 102400
net.ipv4.tcp_rmem = 4096 87380 67108864
net.ipv4.tcp_wmem = 4096 65536 67108864
    • Save. Apply the new settings:

.

sudo sysctl -p
  • Done!

Speed without proxy.

.

To use shadowsocks (2 tests at different times of day).

.

.

.

.
The fall is not so significant. The upload has somehow subsided, but still it is quite comfortable to use the Internet.

 

Source – LINK



WARNING! All links in the articles may lead to malicious sites or contain viruses. Follow them at your own risk. Those who purposely visit the article know what they are doing. Do not click on everything thoughtlessly.


17 Views

0 0 vote
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments


Do NOT follow this link or you will be banned from the site!
0
Would love your thoughts, please comment.x
()
x

Spelling error report

The following text will be sent to our editors: