Shadowsocks with kcptun - Fast & Free Proxy Using Your Own Server

Your school or company network may intentionally block the access to a few specific websites. To bypass the access restriction, I’d highly recommend Shadowsocks, since it is the easiest proxy tool I’ve ever found, and it’s FREE (of course iff you have your own server running).

In this tutorial, we’re going to setup Shadowsocks on both of the Linux server and the local machine, together with an accelerator called kcptun.

Although Shadowsocks works perfectly by itself, it’s highly recommended to use it alongside with kcptun, as kcptun can make it several times faster.

Server

Install & Run Shadowsocks

First of all, make sure you have a few packages installed on your server:

$ sudo apt-get install python3 python3-pip python-m2crypto

Then, install Shadowsocks using pip

$ sudo pip install shadowsocks

Create a configuration file at /etc/shadowsocks.json, with the following content:

{
"server":"<server-ip>",
"server_port":8388,
"local_port":0,
"password":"<password>",
"timeout":600,
"method":"aes-256-cfb"
}

Don’t forget to change the <server-ip> and <password>.

Finally, we’re ready to start the shadowsocks server that runs in the background by

$ sudo ssserver -c /etc/shadowsocks.json -d start

If you wish to stop the Shadowsocks server, do this

$ sudo ssserver -c /etc/shadowsocks.json -d stop

Download & Run kcptun

First, download the latest release to your server and unzip the file so that you can get an executable. In this tutorial, we’re assuming that the server is running 64-bit Linux, so the executable file is called server_linux_amd64.

Create a folder somewhere, and move the executable file into it. From that folder, start a new screen session:

$ screen -S kcptun

Then, create a configuration file config.json with the following content:

{
"listen": ":4000",
"target": "<server-ip>:8388",
"key": "<key>",
"mode": "fast2",
"mtu": 1400,
"sndwnd": 2048,
"rcvwnd": 2048
}

Where <server-ip> is the IP address of the server, and <key> is a random long string that is hard to guess.

Run the kcptun accelerator:

$ ./server_linux_amd64 -c config.json

If you wish not to display any log in the screen, use the following command instead:

$ ./server_linux_amd64 -c config.json --log /etc/null

Finally, detach the screen session by pressing ctrl + A then press D.

If you wish to stop kcptun, first, reattach the screen session,

$ screen -r kcptun

Then in the screen window, ctrl + C to stop the accelerator process, then exit.

Client

macOS

There is a client app called ShadowsocksX-NG for macOS that has built-in support for kcptun.

Configure the Server Preference like this:

mac-config

Linux/Windows

Download & Run kcptun

First, download the executable from here for your specific platform, for example, client_linux_amd64.

Then, open a Terminal window, cd to the directory where the executable is located, and create a configuration file config.json:

{
"remoteaddr": "<server-ip>:4000",
"localaddr": ":8388",
"key": "<key>",
"mode": "fast2",
"mtu": 1400,
"sndwnd": 2048,
"rcvwnd": 2048
}

Run the following command:

$ ./client_linux_amd64 -c config.json

Where <key> is same as in the server command.

DO NOT close the Terminal window while you are using the proxy.

Install & Run Shadowsocks

Download the GUI client application from here for your local machine, and setup the server IP address and password.

If you are using kcptun, you’ll also need to set the Shadowsocks server address on the client device to 127.0.0.1:8388 (i.e. the local port that the kcptun client listens to).

What to do next?

Global Proxy

When you turn on Shadowsocks on your local machine, it actually sets up a local SOCKS5 proxy at 127.0.0.1:1080 (or :1086 if you are using the app for macOS), and only HTTP traffic will be redirected through the proxy.

If you want to enfore global proxy for all TCP traffic on your local machine, you’ll need some additional tools. For example, Proxifier is a cross platform app for both masOS and Windows that can redirect all TCP traffic through the SOCKS proxy that Shadowsocks created.

However, in the global proxy app, always remember to turn on direct-connect for Shadowsocks to avoid infinit loop.

Increase Process Priority on Server

If no other user process on your server is as important as Shadowsocks and kcptun, you may choose to increase the priority of both processes.

First, find the process IDs of both processes using something like htop.

Then, change the niceness/priority by

$ sudo renice -n -19 -p <process-id>

You need to enter this line of command twice, one for each of the two processes (Shadowsocks and kcptun).