Shadowsocks | client+server setup (bash)

readme.md

Useful links

• Main info source - https://shadowsocks.org/en/config/quick-guide.html
• Main client used here "shadowsocks-libev" - https://github.com/shadowsocks/shadowsocks-libev
• Another client, not from guide - https://github.com/shadowsocks/shadowsocks-qt5/wiki/Installation
• Alternative guide - https://www.oilandfish.com/posts/shadowsocks-libev.html
• Custom install script - https://www.vpnranks.com/resources/shadowsocks-guide/
• Another good guide - https://bobbyy.org/setting-up-shadowsocks/

---

• Shadowsocks+V2Ray heroku autodeploy (My gist) - https://gist.github.com/SanariSan/0844c0cd009d76aefad456321e12b973
• Open-vpn roadwarrior - https://github.com/Nyr/openvpn-install

---

After all the steps you now able to set 127.0.0.1:1080 as a socks5 proxy in any software.

To create connection LINK (for some not mentioned clients required) use "btoa" in browser console:

console.log( "ss://" + btoa("chacha20-ietf-poly1305:PASS@IP:PORT") )

Shadowsocks-client.sh

############

# Client

############

sudo apt install -y shadowsocks-libev
sudo mkdir -p /etc/shadowsocks-libev

sudo systemctl stop shadowsocks-libev.service
sudo systemctl disable shadowsocks-libev.service

sudo setcap 'cap_net_bind_service=+ep' /usr/bin/ss-local

sudo bash -c 'cat <<EOT >/etc/shadowsocks-libev/config.json
{
    "server":"server_ip",
    "server_port":server_port,
    "local_port":1080,
    "password":"pass",
    "timeout":300,
    "method":"chacha20-ietf-poly1305",
    "nameserver":"1.1.1.1",
    "mode":"tcp_and_udp"
}
EOT
'

# Manual lauch:
# sudo ss-local -c /etc/shadowsocks-libev/config.json

# Now you can connect in browser
# Use socks5 + "Proxy DNS when using SOCKS v5" checkbox


############

# Client | Auto start on boot

############

# This step could be skipped, file is here by default
# Just in case
sudo bash -c 'cat <<EOT >/usr/lib/systemd/system/[email protected]
[Unit]
Description=Shadowsocks-Libev Custom Client Service for %I
Documentation=man:ss-local(1)
After=network-online.target

[Service]
DynamicUser=yes
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
ExecStart=/usr/bin/ss-local -c /etc/shadowsocks-libev/%i.json

[Install]
WantedBy=multi-user.target
EOT
'

sudo systemctl daemon-reload
sudo systemctl enable shadowsocks-libev-local@client
sudo systemctl start shadowsocks-libev-local@client
sudo systemctl status shadowsocks-libev-local@client

# To properly restart service after changes use both of these
# sudo systemctl stop shadowsocks-libev-local@client
# sudo systemctl disable shadowsocks-libev-local@client
# sudo systemctl daemon-reload

Shadowsocks-server.sh

############

# Server

############

sudo apt install -y shadowsocks-libev
sudo mkdir -p /etc/shadowsocks-libev

# for multiple users replace "password" with 
# "port_password": {"<port-1>": "<port-1-password>","<port-2>": "<port-2-password>"}
sudo bash -c 'cat <<EOT >/etc/shadowsocks-libev/config.json
{
    "server":"server_ip",
    "server_port":server_port,
    "local_port":1080,
    "password":"pass",
    "timeout":20,
    "method":"chacha20-ietf-poly1305",
    "nameserver":"1.1.1.1",
    "mode":"tcp_and_udp"
}
EOT
'

# This step could be skipped, file is here by default
# Just in case
sudo bash -c 'cat <<EOT >/usr/lib/systemd/system/[email protected]
[Unit]
Description=Shadowsocks-Libev Custom Server Service for %I
Documentation=man:ss-server(1)
After=network-online.target

[Service]
DynamicUser=yes
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
ExecStart=/usr/bin/ss-server -c /etc/shadowsocks-libev/%i.json

[Install]
WantedBy=multi-user.target
EOT
'

sudo ufw allow server_port
sudo systemctl daemon-reload
sudo systemctl enable shadowsocks-libev-server@config
sudo systemctl start shadowsocks-libev-server@config
sudo systemctl status shadowsocks-libev-server@config


############

# Server | Additional tweaks

############

wget --no-check-certificate https://github.com/teddysun/across/raw/master/bbr.sh && \
chmod +x bbr.sh && \
./bbr.sh

sysctl net.ipv4.tcp_available_congestion_control | grep -q 'bbr' && echo '1 Yes'; sysctl net.ipv4.tcp_congestion_control | grep -q 'bbr' && echo '2 Yes'; sysctl net.core.default_qdisc | grep -q 'fq' && echo '3 Yes'; lsmod | grep bbr | grep -q 'tcp_bbr' && echo '4 Yes'
# fallback for NO cases
#echo "net.core.default_qdisc = fq" >> /etc/sysctl.conf
#echo "net.ipv4.tcp_congestion_control = bbr" >> /etc/sysctl.conf


sudo bash -c 'cat <<EOT >>/etc/security/limits.conf
#
root soft nofile 51200
root hard nofile 51200
EOT
'

ulimit -n 51200

sudo bash -c 'cat <<EOT >>/etc/sysctl.conf
#
fs.file-max = 51200
net.core.rmem_max = 67108864
net.core.wmem_max = 67108864
net.core.netdev_max_backlog = 250000
net.core.somaxconn = 4096
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 10000 65000
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_fastopen = 3
net.ipv4.tcp_mem = 25600 51200 102400
net.ipv4.tcp_rmem = 4096 87380 67108864
net.ipv4.tcp_wmem = 4096 65536 67108864
net.ipv4.tcp_mtu_probing = 1
net.ipv4.tcp_congestion_control = hybla
EOT
'

sudo sysctl -p