Shadowsocks with kcptun - Fast & Free Proxy Using Your Own Server

Author Avatar
Nathaniel Nov 12, 2016

Your school or company network may intentionally block the access to a few specific websites. To bypass such restriction, I’d highly recommend Shadowsocks, since it is the easiest proxy tool I’ve ever found, and it’s FREE (of course iff you have your own server running).

In this tutorial, we’re going to setup Shadowsocks on both the Linux server and the local device. Also, we’ll use an accelerator called kcptun.

Although Shadowsocks works perfectly by itself, it’s highly recommended to use it alongside with kcptun, because kcptun can make it several times faster.


Install & Run Shadowsocks

First of all, make sure you have a few packages installed on your server.

$ sudo apt-get install python3 python3-pip python-m2crypto

Then, install Shadowsocks using pip.

$ sudo pip3 install shadowsocks

Create a configuration file at /etc/shadowsocks.json, with the following content, and don’t forget to replace the <server-ip> and <password>.


Finally, we’re ready to start the shadowsocks server that runs in the background (see Troubleshooting below if this step fails).

$ sudo ssserver -c /etc/shadowsocks.json -d start

If you wish to stop the Shadowsocks server, do this:

$ sudo ssserver -c /etc/shadowsocks.json -d stop


If you see the following error message when starting the shadowsocks server:

AttributeError: /usr/lib/x86_64-linux-gnu/ undefined symbol: EVP_CIPHER_CTX_cleanup

Try install shadowsocks from another source:

$ sudo pip3 install -U git+[email protected]

Download & Run kcptun

First, download the latest release to your server and unzip the file so that you can get an executable. In this tutorial, we’re assuming that the server is running 64-bit Linux, so the executable file is called server_linux_amd64.

Create a folder somewhere, and move the executable file into it. From that folder, start a new screen session:

$ screen -S kcptun

Then, create a configuration file config.json with the following content:

    "listen": ":4000",
    "target": "<server-ip>:8388",
    "key": "<key>",
    "mode": "fast2",
    "mtu": 1400,
    "sndwnd": 2048,
    "rcvwnd": 2048

Where <server-ip> is the IP address of the server, and <key> is a random long string that is hard to guess.

Run the kcptun accelerator:

$ ./server_linux_amd64 -c config.json

If you wish not to display any log in the screen, use the following command instead:

$ ./server_linux_amd64 -c config.json --log /etc/null

Finally, detach the screen session by pressing ctrl + A then press D.

If you wish to stop kcptun, first, reattach the screen session,

$ screen -r kcptun

Then in the screen window, ctrl + C to stop the accelerator process, then exit.



There is a client app called ShadowsocksX-NG for macOS that has built-in support for kcptun.

Configure the Server Preference like this:



Download & Run kcptun

First, download the executable from here for your specific platform, for example, client_linux_amd64.

Then, open a Terminal window, cd to the directory where the executable is located, and create a configuration file config.json with the following content:

    "remoteaddr": "<server-ip>:4000",
    "localaddr": ":8388",
    "key": "<key>",
    "mode": "fast2",
    "mtu": 1400,
    "sndwnd": 2048,
    "rcvwnd": 2048

where the <key> must be the same as in the server configuration file.

Run the following command:

$ ./client_linux_amd64 -c config.json

Do not close the Terminal window while you are using the proxy.

Install & Run Shadowsocks

Download the GUI client application from here for your local device, and setup the server IP address and password.

If you are using kcptun, you’ll also need to set the Shadowsocks server address on the client device to (i.e. the local port that the kcptun client listens to).

What to do next?

Global Proxy

When you turn on Shadowsocks on your local machine, it actually sets up a local SOCKS5 proxy at (or :1086 if you are using the app for macOS), and only HTTP traffic will be redirected through the proxy.

If you want to enfore global proxy for all TCP traffic on your device, you’ll need some additional software. For example, Proxifier is a cross platform app for both macOS and Windows which could enforce the redirection of all TCP traffic through a SOCKS proxy you specify.

However, in the global proxy app, always remember to turn on direct-connect for Shadowsocks to avoid infinit loops.

Increase Process Priority on Server (Not Sure about Effectiveness)

If no other user process on your server is as important as Shadowsocks and kcptun, you may choose to increase the priority of both processes.

First, find the process IDs of both processes using something like htop.

Then, change the niceness/priority by

$ sudo renice -n -19 -p <process-id>

You need to enter this line of command twice, one for each of the two processes (Shadowsocks and kcptun).