Shadowsocks with kcptun - Fast & Free Proxy Using Your Own Server
Your school or company network may intentionally block the access to a few specific websites. To bypass such restriction, I’d highly recommend Shadowsocks, since it is the easiest proxy tool I’ve ever found, and it’s FREE (of course iff you have your own server running).
In this tutorial, we’re going to setup Shadowsocks on both the Linux server and the local device. Also, we’ll use an accelerator called kcptun.
Although Shadowsocks works perfectly by itself, it’s highly recommended to use it alongside with kcptun, because kcptun can make it several times faster.
Server
Install & Run Shadowsocks
First of all, make sure you have a few packages installed on your server.
$ sudo apt-get install python3 python3-pip python-m2crypto
(See Troubleshooting below if this step fails.)
Then, install Shadowsocks using pip.
$ sudo pip3 install shadowsocks
Create a configuration file at /etc/shadowsocks.json, with the following content, and don’t forget to replace the <server-ip> and <password>.
{
"server":"<server-ip>",
"server_port":8388,
"local_port":0,
"password":"<password>",
"timeout":600,
"method":"aes-256-cfb"
}
Finally, we’re ready to start the shadowsocks server that runs in the background.
$ sudo ssserver -c /etc/shadowsocks.json -d start
(See Troubleshooting below if this step fails.)
If you wish to stop the Shadowsocks server, do this:
$ sudo ssserver -c /etc/shadowsocks.json -d stop
Troubleshooting
Cannot Install python-m2crypto
If you see the following error message when running apt-get install python-m2crypto:
E: Package 'python-m2crypto' has no installation candidate
Try install them in another way:
$ sudo apt-get install build-essential libssl-dev swig python3 python3-pip
$ sudo pip3 install M2Crypto
Cannot Start Shadowsocks
If you see the following error message when starting the shadowsocks server:
AttributeError: /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1: undefined symbol: EVP_CIPHER_CTX_cleanup
Try install shadowsocks from another source:
$ sudo pip3 install -U git+https://github.com/shadowsocks/shadowsocks.git@master
Download & Run kcptun
First, download the latest release to your server and unzip the file so that you can get an executable. In this tutorial, we’re assuming that the server is running 64-bit Linux, so the executable file is called server_linux_amd64.
Create a folder somewhere, and move the executable file into it. From that folder, start a new screen session:
$ screen -S kcptun
Then, create a configuration file config.json with the following content:
{
"listen": ":4000",
"target": "<server-ip>:8388",
"key": "<key>",
"mode": "fast2",
"mtu": 1400,
"sndwnd": 2048,
"rcvwnd": 2048
}
Where <server-ip> is the IP address of the server, and <key> is a random long string that is hard to guess.
Run the kcptun accelerator:
$ ./server_linux_amd64 -c config.json
If you wish not to display any log in the screen, use the following command instead:
$ ./server_linux_amd64 -c config.json --log /etc/null
Finally, detach the screen session by pressing ctrl + A then press D.
If you wish to stop kcptun, first, reattach the screen session,
$ screen -r kcptun
Then in the screen window, ctrl + C to stop the accelerator process, then exit.
Client
macOS
There is a client app called ShadowsocksX-NG for macOS that has built-in support for kcptun.
Configure the Server Preference like this:
Linux/Windows
Download & Run kcptun
First, download the executable from here for your specific platform, for example, client_linux_amd64.
Then, open a Terminal window, cd to the directory where the executable is located, and create a configuration file config.json with the following content:
{
"remoteaddr": "<server-ip>:4000",
"localaddr": ":8388",
"key": "<key>",
"mode": "fast2",
"mtu": 1400,
"sndwnd": 2048,
"rcvwnd": 2048
}
where the <key> must be the same as in the server configuration file.
Run the following command:
$ ./client_linux_amd64 -c config.json
Do not close the Terminal window while you are using the proxy.
Install & Run Shadowsocks
Download the GUI client application from here for your local device, and setup the server IP address and password.
If you are using kcptun, you’ll also need to set the Shadowsocks server address on the client device to 127.0.0.1:8388 (i.e. the local port that the kcptun client listens to).
What to do next?
Global Proxy
When you turn on Shadowsocks on your local machine, it actually sets up a local SOCKS5 proxy at 127.0.0.1:1080 (or :1086 if you are using the app for macOS), and only HTTP traffic will be redirected through the proxy.
If you want to enfore global proxy for all TCP traffic on your device, you’ll need some additional software. For example, Proxifier is a cross platform app for both macOS and Windows which could enforce the redirection of all TCP traffic through a SOCKS proxy you specify.
However, in the global proxy app, always remember to turn on direct-connect for Shadowsocks to avoid infinit loops.
Increase Process Priority on Server (Not Sure about Effectiveness)
If no other user process on your server is as important as Shadowsocks and kcptun, you may choose to increase the priority of both processes.
First, find the process IDs of both processes using something like htop.
Then, change the niceness/priority by
$ sudo renice -n -19 -p <process-id>
You need to enter this line of command twice, one for each of the two processes (Shadowsocks and kcptun).