Tags

, ,

Shadowsocks is an open sourced light weight socks5 based secured/encrypted proxy, commonly used to provide uncensored internet access across GFW. shadowsocks-libev is a C port of the Shadowsocks aiming to provide a high performance and low resource requirements than the original Shadowsocks, which is a python based solution. With pkg management bootstrap installed on DS116, installing shadowsocks-libev is an easy task.

  1. Install the shadowsocks-libev via opkg: 
    opkg install shadowsocks-libev

    This will install version 2.4.5 of shadowsocks-libev, which is behind the current 2.5.6 version on github.

  2. By default, the installed package runs the client (ss-local) other than the server. So we need to modify the startup script:  /opt/etc/init.d/S22shadowsocks

    PROCS=ss-server
ARGS="-c /opt/etc/shadowsocks.json -f /opt/var/run/$PROCS.pid"
  3. Now we need to create the configuration file referred in the last step: /opt/etc/shadowsocks.json

    {
    "server":"my_server_ip",
    "server_port":8388,
    "local_port":1080,
    "password":"barfoo!",
    "method": "aes-128-cfb",
    "timeout":60
}

    Please refer to this page for more information on the configuration options.

  4. In the startup script, we have specified “-f” option to run the ss-server as a service, this also enables shdowsocks-libev to output log to the syslog. We can define a shadowsocks file inside /usr/local/etc/syslogng/patterndb.d/ to have a separate log file for ss-server: 
    filter f_ssserver { program(ss-server); };
destination d_ssserver { file("/opt/var/log/ss-server.log"); };
log { source(src); filter(f_ssserver); destination(d_ssserver); };
  5. Reload the syslog-ng with the change 
    /usr/syno/etc.defaults/rc.sysv/syslog-ng.sh reload
  6. Start up the shadowsocks server 
    /opt/etc/init.d/S22shadowsocks start

Then refer to the official site to find and install the correct clients for your environment. For iOS devices, it is bit tricky to have a good client installed. One alternative approach is to share the shadowsocks proxy running on computer with the iOS devices. This approach has been discussehered at and a chinese version. For iOS, there is a free Wingy client.

After initial setup, we can turn on some options like tcp_fastopen to improve performance:

echo 3 > /proc/sys/net/ipv4/tcp_fastopen

We could put following to shadowsocks startup script to auto apply this when server starts:

if [ "`cat /proc/sys/net/ipv4/tcp_fastopen`" -eq "0" ]; then
 echo 3 > /proc/sys/net/ipv4/tcp_fastopen
fi

For more optimization options, please refer to this page.