How To Setup ShadowSocks VPN On Mac, Windows And Linux

ShadowSocks is used to encrypt the data between client and server communication. ShadowSocks server is a proxy server which will communicate with ShadowSocks client use the specified encryption method. It is not a VPN, but it can act like VPN to protect you by encrypt your internet data. So this article will tell you how to setup and configure ShadowSocks server in Ubuntu and how to setup and use ShadowSocks client tool in MacOS, Windows and Linux.

1. Setup ShadowSocks Server In Ubuntu.

1. Use SSH client to connect with Ubuntu server.
2. Execute sudo -i to switch to root user.
3. Update and upgrade the OS packages with below command.

   # apt update
   # apt upgrade

4. Enable BBR by edit /etc/sysctl.conf file with gedit. Enable bbr can improve the ShadowSocks proxy performance by maximize network band width usage .

   ~# gedit /etc/sysctl.conf

5. Add below two line at end of file /etc/sysctl.conf and save.

   net.core.default_qdisc=fq
   net.ipv4.tcp_congestion_control=bbr

6. Execute command reboot to reboot the ubuntu os.
7. After reboot, run lsmod | grep bbr command to verify bbr configurations. If you see tcp_bbr line in the console output that means bbr is enabled correctly.

   ~#lsmod | grep bbr
   tcp_bbr 20480 11

8. Now you can install ShadowSocks server by either of below commands.

   ~# apt install shadowsocks
   or
   ~# apt install python-pip
   ~# pip install shadowsocks

9. After that your can run ssserver command in terminal to verify that ShadowSocks server has been installed.

2. Configure And Start ShadowSocks Server.

1. Create a directory /etc/shadowsocks if the folder do not exist.

   $ sudo mkdir /etc/shadowsocks

2. Create ShadowSocks configuration file in above folder if the file do not exist.

   $ sudo gedit /etc/shadowsocks/config.json

3. Add below json data in above file. Use your own server data in below json data.

   {
     "server":"0.0.0.0", ## Proxy server external ip address. 
     "server_port":8888, ## Proxy server listening port number.
     "local_address":"127.0.0.1",
     "local_port":1080, ## Local listening port number.
     "password":"888888", ## Proxy server connect password
     "timeout":300,
     "method":"aes-256-cfb",## Data encryption method
     "dast_open":false
   }

4. Start ShadowSocks server with below command. To make sure the shadowsocks server can be started without error, remove the -d command argument to show the server log in the console.

   ~$ sudo ssserver -c /etc/shadowsocks/config.json -d start

5. If you meet error messages like below.
   AttributeError: /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1: undefined symbol: EVP_CIPHER_CTX_cleanup
6. You need to edit /usr/local/lib/python2.7/dist-packages/shadowsocks/crypto/openssl.py file.
   Change line 52 from libcrypto.EVP_CIPHER_CTX_cleanup.argtypes = (c_void_p,) to libcrypto.EVP_CIPHER_CTX_reset.argtypes = (c_void_p,),
   Change line 111 from libcrypto.EVP_CIPHER_CTX_cleanup(self._ctx) to libcrypto.EVP_CIPHER_CTX_reset(self._ctx).
7. Then start ShadowSocks server again, the error will disappear.
8. If you meet socket.error: [Errno 99] Cannot assign requested address error when you startup shadowsocks server like below. To fix it, just change the server ip to “0.0.0.0” in /etc/shadowsocks/config.json file.

   [email protected]:~# ssserver -c /etc/shadowsocks/config.json start
   INFO: loading config from /etc/shadowsocks/config.json
   2019-02-06 09:47:00 INFO loading libcrypto from libcrypto.so.1.1
   2019-02-06 09:47:00 INFO starting server at 34.73.193.214:9090
   Traceback (most recent call last):
   File "/usr/bin/ssserver", line 11, in <module>
   load_entry_point('shadowsocks==2.9.0', 'console_scripts', 'ssserver')()
   File "/usr/lib/python2.7/dist-packages/shadowsocks/server.py", line 74, in main
   tcp_servers.append(tcprelay.TCPRelay(a_config, dns_resolver, False))
   File "/usr/lib/python2.7/dist-packages/shadowsocks/tcprelay.py", line 733, in __init__
   server_socket.bind(sa)
   File "/usr/lib/python2.7/socket.py", line 228, in meth
   return getattr(self._sock,name)(*args)
   socket.error: [Errno 99] Cannot assign requested address

3. Setup ShadowSocks Client Tool.

You can download ShadowSocks client tool from official download page.

3.1 For MacOS.

1. Download ShadowsocksX-NG from github.
2. It is a zip file, after unzip, you can use it directly.
3. When you click it to start, it will appear at the top right corner of MacOS finder bar. The first little plane icon is just it’s icon.
   
4. Click the little plane icon, it will popup a menu list, click Servers —> Server Preferences… menu item to open server manager dialog.
   
5. Click + button in the server list to add a new ShadowSocks server, input related server information, click OK button to save it.
   
6. Now you can select the ShadowSocks server in ShadossocksX NG popup menu list to use it. Open a web browser, then you can find the web traffic go through the ShadowSocks server.

3.2 For Windows.

ShadowSocks windows client tool is similar with MacOS client tool, you can download shadowsocks-win from github, and the configuration is also easy like MacOS.

3.3 For Linux.

3.3.1 Setup ShadowSocks Client Tool.

This tool will communicate with ShadowSocks server use encrypted communication data.

1. Install ShadowSocks in your Linux follow Section 1, 2 in this article.
2. ShadowSocks installation can be used as a server, but it can also be used as a client tool. When you use it as server you use ssserver command, and sslocal command will start the client tool.
3. Run below command to install ShadowSocks software.

   ~$ sudo apt install shadowsocks

4. After install, the /etc/shadowsocks/config.json file has been created. Just edit it’s content to your own.

   ~$ sudo gedit /etc/shadowsocks/config.json
   {            
      "server":"1.2.1.2",
      "server_port":8888, 
      "local_address":"127.0.0.1",      
      "local_port":1080,      
      "password":"888888",      
      "timeout":300,      
      "method":"aes-256-cfb",     
      "dast_open":false 
   }

5. Run sslocal command to start the ShadowSocks client tool. When you see below message, it means the client tool has been started successfully.

   [email protected]:~$ sslocal -c /etc/shadowsocks/config.json
   INFO: loading config from /etc/shadowsocks/config.json
   2018-10-01 21:28:25 INFO loading libcrypto from libcrypto.so.1.1
   2018-10-01 21:28:25 INFO starting local at 127.0.0.1:1080

3.3.2 Setup Local Http Proxy Server.

polipo is a caching web proxy, it can redirect your http request to socks5 proxy server. Or you can use other http proxy tool has same feature that you are familiar with.

1. Install polipo in ubuntu use below command.

   ~$ sudo apt-get install polipo

2. Stop polipo and add below proxy configuration code in polipo configuration file /etc/polipo/configure

   ~$ sudo service polipo stop
   ~$ sudo gedit /etc/polipo/config
   
   # Add below polopo settings data 
   socksParentProxy = localhost:1080
   proxyPort = 8787

3. Start polipo service again.

   ~$ sudo service polipo start

4. Run ps -ef | grep polipo to ensure polipo has started.

   [email protected]:~$ ps -ef|grep polipo
   proxy 641 1 0 15:37 ? 00:00:00 /usr/bin/polipo -c /etc/polipo/config pidFile=/var/run/polipo/polipo.pid daemonise=true

5. Add export http_proxy=http://127.0.0.1:8787 at the end of current user $HOME/.bashrc file.
6. Run source $HOME/.bashrc command to make above configuration effective.

3.3.3 Set Firefox Use polipo Local Http Proxy Server.

1. Open Firefox web browser. Click Open Menu button at top right corner, then click Preferences menu item, input proxy in the top search box, click Settings… button behind Network Proxy configuration.
   
2. Choose Manual proxy configuration radio button, and input 127.0.0.1 in the address input box, and 8787 in Port number input box. Our polipo caching proxy just run at localhost and listen on port 8787.
   

3.3.4 Set Chrome Use polipo Local Http Proxy Server.

1. Open google chrome settings dialog.
   
2. Search proxy in google chrome settings dialog.
   
3. Click Open proxy settings item to open Network configuration dialog.
   
4. Click Network Proxy item to manually change proxy server ip to 127.0.0.1 and port to 8787 which the polipo http proxy server is listening.
   

3.3.5 Set ShadowSocks Android App.

1. Download ShadowSocks android app from google play store.
2. Install it on android device.
3. Click ShadowSocks icon to start the android app.
4. Add a ShadowSocks server profile in the app.
   
5. Select a ShadowSocks server in the profiles list by click the little plane button at bottom right  to connect to the ShadowSocks server. When you see a key icon displayed at top status bar, the ShadowSocks server has been connected.
   

Reference

1. Ubuntu SSH Remote Login Installation And Configuration Example