Nowadays China is in a race to create its own segregated network infrastructure. The freedom to bypass restrictions with a VPN is also shrinking by the day. Although the impact isn’t drastic. Gradually but surely, China is cutting all ties to the global internet.
Social media networks like Facebook and Twitter no longer work in the country. Even powerful search engines like Google are blocked.
In theory, the Chinese government decides what you can and cannot do online.
This is where Shadowsocks technology comes in. This technology works quite similar to a VPN, however, there are obvious advantages of using Shadowsocks over traditional VPNs.
Sounds promising right? It is. In this blog, I’m going to cover ShadowsocksR (SSR) and tell you guys how to build, optimize, shadowsocks download and configure a Shadowsocks server using the Shadowsocks software.
What even is Shadowsocks?
Shadowsocks is essentially an open-source technology designed to bypass geo restrictions. Since Shadowsocks service isn’t owned by any company, anyone with programming skills can use and contribute towards this technology.
That said, Shadowsocks isn’t easy to use. Building and configuring it isn’t for everyone and requires quite a bit of technical knowledge.
This is why Shadowsocks is very popular among tech-savvy folks, especially in the programming community.
Breakdown of Shadowsocks technology
Shadowsocks essentially has two components. The actual Shadowsocks server and the Shadowsocks client software to interact with the server. I’ll explain what both of these components do in separate headings below.
- A Shadowsocks server can be anywhere outside the great firewall of China.
- It enables multiple devices or users to bypass geo restrictions.
- A Shadowsocks server can be either used for personal use or rented out for others to use.
Shadowsocks client software
- A Shadowsocks client software runs on a variety of devices and platforms. Windows, Android, iOS are all supported.
- The client software is absolutely free to use.
- A Shadowsocks server can be used to connect to the remote Shadowsocks server beyond the Chinese jurisdiction.
Since this technology is relatively new, it only has two versions. The Shadowsocks (SS) and the ShadowsocksR (SSR).
- The Shadowsocks (SS) was the first ever release of this technology.
- It is the predecessor to ShadowsocksR (SSR)
- Shadowsocks (SS) is outdated by today’s standards and rarely used nowadays.
- The ShadowsocksR (SSR) is the successor to the Shadowsocks (SS).
- ShadowsocksR (SSR) improves upon the SS version and offers advanced features like encryption.
Prerequisite to building your very own Shadowsocks server
Before you get too excited, I’m going to break down the actual knowledge and resources required to build your very own working Shadowsocks server.
Familiarity with computing commands
Before you even think about making your own Shadowsocks server, you need to be familiar with Linux commands and how they work.
For reference, a Linux command looks something like this:
If you’ve never been acquainted with such commands, don’t bother investing your time and effort building a Shadowsocks server.
Shadowsocks account purchase & bearing outsourced costs
Virtual private servers are not cheap, they can range anywhere between a few dollars to a few hundred dollars.
Although the payment procedure related to shadowsocks purchase is relatively easy, you must make sure you can actually afford the cost of overseas servers.
Besides that, you do need to have firm command on the English language to communicate with global VPS providers.
Establishing a connection with the VPS
Even if you can afford VPS and know your ways around Linux commands, you still need to know how to connect to a Virtual private server using SSH. This means for a Mac user you’ll need to know how to use the built-in Terminal and Windows users must know how to use Putty.
Finally, build, optimize and get into Shadowsocks server configuration
Now that you know what it takes to SSR build your own Shadowsocks server, it’s time we delve down into the implementation.
Lest dive straight into it.
Purchase an overseas Virtual Private Server
Now there isn’t a hard and fast rule to choosing a VPS provider. You can go with any provider that meets your needs.
If you don’t know any reliable VPS vendors, here are few to get you started:
For the sake of this tutorial, I’m going to use DigitalOcean.
Create a Host VPS
Now that you’ve purchased the DigitalOcean, you need to create a virtual host using the VPS. Although this is a lengthy process, it is relatively easy. I’m going to list all the steps down below.
- First things first, use the “Create” button located at the top of the page.
- Now select “Droplets” option from the drop down menu.
- When creating “Droplets” select the options as mentioned in the steps below.
Choose an image
To choose an image, select “Ubuntu” located under Distribution.
Choose a size
Now select the size you want your droplet to be. My advice, choose the cheapest option listed under Standard Droplets (for instance, 1GB, 1vCPU, 25GB SSD Disk, 1 TB transfer, $5/month).
Just select “No”.
Add Block Storage
Just select “No”.
Choose a datacenter region
Choosing a datacenter can be tricky. If you choose a server that’s too far, you’ll get terrible Shadowsocks speed. Therefore, it is recommended to choose the US and Asian servers.
In my experience, servers on the West Coast, San Francisco (1, 2) and servers in Singapore worked really fast.
Select additional options
Just select “No”.
Add your SSH keys
Use the provided SSH public key to login to your newly purchased virtual host.
Choose a hostname
Now give your Virtual host a name. It can be anything you like.
- Now that you’re done creating the virtual host, you should see an IP address associated with your virtual host. You must remember this IP address in order to login again into your Shadowsocks account.
Connect to the host using SSH:
Now that you’ve already created a host VPS, it’s time to connect it using SSH. If you’ve ever used SSH before, you should know that the general command line to establish a connection is
"ssh root@ [IP address]".
You can run this command on both Terminal and Putty, which ever one you end up using.
Once you’ve successfully established the connection, you need to update the host using the command mentioned below.
Apt-get update && apt-get upgrade -y
Now it’s time to install ShadowsocksR. Although you can go for Shadowsocks (SS). It is recommended that you opt ShadowsocksR (SSR) because of its better performance.
Typically the installation process used to be quite challenging, however, thanks to the script provided by Teddysun it has become quite easy. You can now run a simple script and it’ll automatically install various versions of Shadowsocks.
To install Shadowsocks SSR, connect to the virtual host as Root and run the commands mentioned below.
Wget --no-check-certificate -O shadowsocks-all.sh https://raw.githubusercontent.com/teddysun/shadowsocks_install/master/shadowsocks-all.sh
Chmod +x shadowsocks-all.sh
./shadowsocks-all.sh 2>&1 | tee shadowsocks-all.log
As soon as you run the last command line, you will get a prompt like this: Which Shadowsocks server you’d select.
Since we want to install ShadowsocksR, choose a server that matches ShadowsocksR.
Now you will get an option to enter the password for ShadowsocksR. Enter a password of your choice. Make sure you remember this password because you’ll need it to for over the wall access.
Now you will get an option like this: “Please enter a port for ShadowsocksR [1-65535]”. Although you can choose any port within the range, it is recommended that you use 443.
Next, you’ll get an option like this: “Please select stream cipher for ShadowsocksR”. This option basically wants you to select a shadowsocks encryption method. Simply select chacha20-ietf.
After that, you will be asked to “Please select protocol for ShadowsocksR”. Just use Origin for this option.
Next up, you’ll get an option like this: “Please select OBFS for ShadowsocksR”. Although you can choose any obfuscation mode, it is recommended that you choose http_simple_compatible.
If everything went smoothly, you will get a prompt like this: “Press any key to start…or Press Ctrl+C to cancel”. Since you want to install ShadowsocksR (SSR), hit any key to begin the installation process.
The installation process does take quite a while, so be patient.
Once the installation process completes, you’ll see important information about your Shadowsocks server. This includes your Server IP, Server Port, obfs, Shadowsocks encryption method, Password, and shadowsocks protocol.
Make sure you note down this information somewhere.
Congratulations! You’ve now successfully installed ShadowsocksR server. If you want to change any settings after the installation, you can use the editor to modify the file mentioned below.
Once you’ve made your desired changes, you have to restart ShadowsocksR. To do this, use the command below.
Optimize Shadowsocks up the speed of your server
This step is optional. However, if you want to improve the speed of your server, you can check out some additional techniques that I’ve discussed below.
Technique 1: Use Google TCP BBR congestion control algorithm & boost server speeds
To install Google’s TCP BBR congestion control algorithm, we will use the Teddysun script.
After successfully connecting to the host as root SSH, you’ll need to run the command line mentioned below.
Wget --no-check-certificate https://github.com/teddysun/across/raw/master/bbr.sh && chmod +x bbr.sh && ./bbr.sh
Now just as before, hit the enter key to begin the installation process. Once the installation completes, you’ll need to restart the host server.
Technique 2: Increase the number of connections to run simultaneously on your server
To increase the number of connections on your server, you need to edit the “/etc/security/limits.conf” file.
You must also add the two lines mentioned below at the end of the file. (The two line mentioned below also include the * symbol).
* soft nofile 51200
* hard nofile 51200
Now exit the file and the run the command mentioned below.
Ulimit -n 51200
Technique 3: Adjust kernel settings
To modify the Kernel settings, you’ll need to edit the “/etc/sysctl.conf” file.
Now just as before, add the line mentioned below at the very end of the file.
Fs.file-max = 51200
Net.core.rmem_max = 67108864
Net.core.wmem_max = 67108864
Net.core.netdev_max_backlog = 250000
Net.core.somaxconn = 4096
Net.ipv4.tcp_syncookies = 1
Net.ipv4.tcp_tw_reuse = 1
Net.ipv4.tcp_tw_recycle = 0
Net.ipv4.tcp_fin_timeout = 30
Net.ipv4.tcp_keepalive_time = 1200
Net.ipv4.ip_local_port_range = 10000 65000
Net.ipv4.tcp_max_syn_backlog = 8192
Net.ipv4.tcp_max_tw_buckets = 5000
Net.ipv4.tcp_fastopen = 3
Net.ipv4.tcp_mem = 25600 51200 102400
Net.ipv4.tcp_rmem = 4096 87380 67108864
Net.ipv4.tcp_wmem = 4096 65536 67108864
Net.ipv4.tcp_mtu_probing = 1
Now exit the file edit and run the command mentioned below.
Finally, restart ShadowsocksR SSR server using this command:
That’s it, you’ve now successfully optimized your Shadowsocks server. You should now get way better speeds than before.
Downloading the Shadowsocks Client App
Now that you’ve successfully purchased, installed and optimized the Shadowsocks server, you’ll now need to download and configure the Shadowsocks client application.
For those of you who don’t know what shadowsocks client app is? It is basically a multi-platform application that is used to connect to the remote Shadowsocks server.
Shadowsocks client software download links
Since we have used the ShadowsocksR version in this blog, I’m listing the SSR client links for various devices, including links to mobile shadowsocks.
- For Shadowsocks Windows client, use this link: Download ShadowsocksR-win
- For Macs, use this link : Download ShadowsocksX-NG-R
- For Android devices, use this link : Download Shadowsocksr-android
- For iPhone and iPads, search either “Shadowrocket” or “Potatso Lite” in the Apple App Store. (Make sure you use an overseas Apple id).
Shadowsocks client basic configuration
Configuring the Shadowsocks client can be challenging. In order to successfully access the Shadowsocks server using the client application, you’ll need to provide the server IP, port, password, encryption and a few other information.
All the details have to absolutely accurate otherwise you won’t you won’t be able to establish a connection between the server and the client app.
Shadowsocks supported proxy modes
Shadowsocks primarily supports two proxy modes. I’ll briefly discuss both of them below. If you’re interested in learning more about what each shadowsocks proxy mode has to offers, checkout the official shadowsocks website.
Like the name suggests, this proxy mode allows access to all websites through Shadowsocks. If you normally visit regional blocked websites, the global proxy mode can grant you unrestricted access.
This mode decides what traffic does and doesn’t get to flow through Shadowsocks. It follows the rules mentioned in the PAC file. The PAC proxy mode isn’t recommended for Windows machines as the OS already uses Proxy rules.
So there you have it guys, this was my comprehensive guide on Shadowsocks. I’ve deeply covered the installation, configuration and optimization of both Shadowsocks server and Shadowsocks server client.
I hope you found this blog informative, hopefully now you can bypass all geo retraction in China.