Tags
Shadowsocks is an open sourced light weight socks5 based secured/encrypted proxy, commonly used to provide uncensored internet access across GFW. shadowsocks-libev is a C port of the Shadowsocks aiming to provide a high performance and low resource requirements than the original Shadowsocks, which is a python based solution. With pkg management bootstrap installed on DS116, installing shadowsocks-libev is an easy task.
- Install the shadowsocks-libev via opkg:
opkg install shadowsocks-libev
This will install version 2.4.5 of shadowsocks-libev, which is behind the current 2.5.6 version on github.
- By default, the installed package runs the client (ss-local) other than the server. So we need to modify the startup script: /opt/etc/init.d/S22shadowsocks
PROCS=ss-server ARGS="-c /opt/etc/shadowsocks.json -f /opt/var/run/$PROCS.pid"
- Now we need to create the configuration file referred in the last step: /opt/etc/shadowsocks.json
{ "server":"my_server_ip", "server_port":8388, "local_port":1080, "password":"barfoo!", "method": "aes-128-cfb", "timeout":60 }
Please refer to this page for more information on the configuration options.
- In the startup script, we have specified “-f” option to run the ss-server as a service, this also enables shdowsocks-libev to output log to the syslog. We can define a shadowsocks file inside /usr/local/etc/syslog–ng/patterndb.d/ to have a separate log file for ss-server:
filter f_ssserver { program(ss-server); }; destination d_ssserver { file("/opt/var/log/ss-server.log"); }; log { source(src); filter(f_ssserver); destination(d_ssserver); };
- Reload the syslog-ng with the change
/usr/syno/etc.defaults/rc.sysv/syslog-ng.sh reload
- Start up the shadowsocks server
/opt/etc/init.d/S22shadowsocks start
Then refer to the official site to find and install the correct clients for your environment. For iOS devices, it is bit tricky to have a good client installed. One alternative approach is to share the shadowsocks proxy running on computer with the iOS devices. This approach has been discussehered at and a chinese version. For iOS, there is a free Wingy client.
After initial setup, we can turn on some options like tcp_fastopen to improve performance:
echo 3 > /proc/sys/net/ipv4/tcp_fastopen
We could put following to shadowsocks startup script to auto apply this when server starts:
if [ "`cat /proc/sys/net/ipv4/tcp_fastopen`" -eq "0" ]; then echo 3 > /proc/sys/net/ipv4/tcp_fastopen fi
For more optimization options, please refer to this page.