Servers – Shadowsocks
Pythonshadowsocks-python is the initial version written by @clowwindy. It aims to provide a simple-to-use and easy-to-deploy implementation with basic features of PIFirst, make sure you have Python 2. 6 or 2. 7. $ python –version
Python 2. 6. 8Then install from PIP$ pip install shadowsocksGitHubCheckout the source codes and run the scripts directly. is licensed under the Apache License, Version 2. is the next-generation Shadowsocks in Go, maintained by @riobard, superseds the discontinued tHubUse go get to install. $ go get -u -v is licensed under the Apache License, Version 2. from Outlineoutline-ss-server is the shadowsocks implementation used by the Outline Server, but it can be used standalone. Main features:Multiple users on a single port and multiple ports. Whitebox monitoring of the service using updates via config change + SIGHUPProhibits unsafe access to localhost ports and usage of non-AEAD ciphersGitHubDownload pre-built binaries from the GitHub releases or build it from source:go get
$(go env GOPATH)/bin/outline-ss-server -metrics=127. 0. 1:9091outline-ss-server is licensed under the Apache License, Version 2. C with libevshadowsocks-libev is a lightweight and full featured port for embedded devices and low end boxes. It’s a pure C implementation and has a very small footprint (several megabytes) for thousands of connections. This port is maintained by is available in the official repository for Debian 9(“Stretch”), unstable, Ubuntu 16. 10 and later derivatives:sudo apt update
sudo apt install shadowsocks-libevFor Debian Jessie users, please install it from jessie-backports:sudo sh -c ‘printf “deb jessie-backports
main” > /etc/apt/’
sudo apt-get update
sudo apt-get -t jessie-backports install shadowsocks-libevDockershadowsocks-libev is shipped also in containers, which makes it a great choice if your cloud provider is Docker-ready or if you aim to build a scalable pull shadowsocks/shadowsocks-libev
docker run -e PASSWORD=
libssl-dev gawk debhelper dh-systemd init-system-helpers pkg-config asciidoc
xmlto apg libpcre3-dev zlib1g-dev libev-dev libudns-dev libsodium-dev libmbedtls-dev libc-ares-dev automake
$ git clone $ cd shadowsocks-libev
$ git submodule update –init
$. / &&. /configure && make
$ sudo make installshadowsocks-libev is licensed under the GNU General Public License v3. C++ with QtlibQtShadowsocks is a lightweight and ultra-fast shadowsocks library written in C++ with Qt 5. The client shadowsocks-libqss can be used in both client-side and server-side. This port is maintained by ebuilt binariesDownload pre-built binaries from git clone $ cd libQtShadowsocks
$ make -j4
$ sudo make installlibQtShadowsocks is licensed under the GNU Lesser General Public License, version 3. 0PerlNet::Shadowsocks is an asynchronous, non-blocking Shadowsocks client and server Perl module maintained by tting upYou need a Perl interpreter to execute Perl program. Any Unix like system, including Linux and Mac OS X, has Perl pre-installed. Windows does not have Perl installed by default, you need to install Strawberry source code is available on CPAN and github. Download from CPAN or download from github Unix like systems, either$ perl
$. /Build test
$. /Build installor$ perl
$ make test
$ make installYou might need to change make to dmake or nmake depending on the compiler toolchain used on Windows. If You have cpan, you can also install using this command$ cpan Net::ShadowsocksRunningThere is a script under the eg directory. Put your in the same directory as and run the script is licensed under the [Artistic License (2. 0)] ().
Shadowsocks vs. VPNs — Everything You Need to Know – vpnMentor
If you have ever taken interest in the Great Firewall of China, you have probably heard of Shadowsocks. It is often mistaken for a VPN-based technology — but while some of the functions overlap, Shadowsocks and VPNs are two completely different things.
This article will help you understand the different aspects of the two technologies. We will also give you a rundown of each one’s benefits, complete with scenarios where Shadowsocks may be more suitable than a VPN, and vice versa.
What Is Shadowsocks?
An open-source SOCKS5-based proxy project, Shadowsocks is an intermediary that is mainly designed to bypass censorship. It was first released in 2012 by its creator, a Chinese programmer under the pseudonym “clowwindy”.
In 2015, the programmer announced that they were retiring from the project due to pressure from the Chinese police. Since then, Shadowsocks has remained open source, maintained and improved by many collaborators.
How Is Shadowsocks Different from VPN?
There is one major similarity between VPN and Shadowsocks — their ability to connect you to certain websites that are normally off-limits due to government censorship, geoblocks, or otherwise.
Given its original objective of bypassing the Great Firewall of China, Shadowsocks focuses on circumventing traffic restrictions. It utilizes HTTPS, thus disguising traffic so that it can move past the censorship measures in place.
Unlike VPN, Shadowsocks isn’t designed for privacy and anonymity. While both VPN and Shadowsocks encrypt data, Shadowsocks is much more lightweight. VPN uses many layers of military-grade encryption protocols to completely hide the traffic on its servers. Shadowsocks makes data ‘blank’ to look more like HTTPS traffic, so that it can move around unrestricted. It is not hidden, like on VPN, just disguised.
Due to its use of SOCKS5 proxies, Shadowsocks doesn’t send all your traffic through a server, as opposed to VPN. And in contrast to traditional ssh SOCKS5 proxies, Shadowsocks works with multiple TCP connections. The result is much faster speeds compared to the alternatives.
Benefits of Shadowsocks
The biggest advantage of Shadowsocks is its easy setup. The technology is a simple and capable proxy that doesn’t take long to set up and is perfect for accessing restricted content. Shadowsocks is also completely open source, with contributors making improvements regularly.
Another benefit of Shadowsocks is its selective disguising of traffic. You can choose which part of your traffic is affected by Shadowsocks — this makes it possible to access restricted content both inside and outside of your location.
Take the following scenario for example: you are in China and you want to access Gmail. By using Shadowsocks, you can choose the Gmail traffic to be “camouflaged”, thus bypassing the Chinese government’s block.
However, you will still be able to access the China-only websites. By contrast, a VPN would encrypt all traffic to your chosen server, thus making China-exclusive sites unavailable on the same device.
Last but not least, Shadowsocks is very difficult — if not impossible — to detect and block. The masking of traffic to make it appear as HTTPS is the main reason for that.
On the other hand, VPN’s modus operandi and its immense popularity have made it easier for governments and platforms to block the technology or force major corporations to remove VPN products from their stores (Apple removing VPN apps from the Chinese App Store is an example).
Understanding the Threat Model
While Shadowsocks is a great technology for bypassing content restrictions, its functionality beyond that is limited. As such, this superproxy is a viable option only if it fits a certain threat model — your ISP.
What is a threat model? Simply put, it is the reason you are looking for a VPN, VPS or DNS proxy in the first place. There are many aspects of the Internet that may demand a higher level of security — examples of threat models are public Wi-Fi hotspots, ISP-related issues such as data monitoring and logging, keeping your online identity hidden, etc.
Shadowsocks does not help your online privacy and security. You should use it only if your main concern is working around censorship.
Other threat models, which involve keeping your identity well-hidden on the Internet, are areas where Shadowsocks falls short. One could argue that it wasn’t designed for such functionality, and we agree. This is where VPN outshines Shadowsocks.
When Is VPN the Better Choice?
When compared to Shadowsocks, VPN is the “mainstream” technology. It’s widespread and its effectiveness is well-documented and indisputable.
If you are looking for something that will protect your identity online while fully erasing your digital footprint, VPN is your go-to tool. It goes without saying that not every VPN out there is perfect — the sheer number of providers is proof enough that there are both solid and lackluster VPN services on the market.
However, with some research, you can ensure you make the right choice. We reviewed some of the best VPNs currently available, and we made a list of the most reliable providers for your guaranteed privacy, security, and accessibility on the Internet.
The bottom line is that a quality VPN will provide you with everything you need for safe, anonymous, and unrestricted web surfing.
While VPN blocks still exist (and we don’t see them going away in the near future), there are multiple providers out there who have proven that they will continue to find ways to give users around the world what they want, whether it’s access to geographically-limited platforms such as Netflix, HBO, and BBC, or a workaround for government censorships in countries like China and Russia.
If you want to learn more about VPN’s extensive capabilities, we recommend you check out our beginner’s guide.
To sum up, Shadowsocks is a great way of bypassing digital censorship. It was created in a country where this is a rather big issue, but today it has expanded globally thanks to its open-source nature and ease of use.
In the long run, however, VPN is a much more suitable option for you if identity protection and anonymity on the Internet are on your agenda.
To summarize, the best VPNs in 2021 are…
Your data is exposed to the websites you visit!
The information above can be used to track you, target you for ads, and monitor what you do online.
VPNs can help you hide this information from websites so that you are protected at all times. We recommend ExpressVPN — the #1 VPN out of over 350 providers we’ve tested. It has military-grade encryption and privacy features that will ensure your digital security, plus — it’s currently offering 49% off.
Install Shadowsocks-libev SOCKS5 proxy server – Tutorial
Tutorials How to install Shadowsocks-libev SOCKS5 proxy server
Shadowsocks is a free open-source SOCKS5 proxy widely used to protect privacy on the Internet. Shadowsocks-libev, written in C, ports Shadowsocks to create a regularly maintained, lighter and faster version of the original Shadowsocks. The data passing through the Shadowsocks-server and Shadowsocks-client is encrypted and can be made indistinguishable from any other web traffic to avoid third-party monitoring.
In this tutorial, we’ll show the steps for installing Shadowsocks-libev on a cloud server, configuring the proxy server, and using a client to connect to the proxy. The instructions are given here for CentOS 8, Debian 10 and Ubuntu 20. 04 but the process should be much the same on any operating system supported by Snap.
Test hosting on UpCloud!
Shadowsocks-libev recommends using their Snap releases for an easy way to install the latest binaries.
On CentOS 8 servers you will need EPEL repository before you can install Snap. Add it using the following commands:
sudo dnf install -y epel-release
sudo dnf update -y
Then install and enable Snap by running the next two commands:
sudo dnf install -y snapd
sudo systemctl enable –now
For Debian 10 and Ubuntu 20. 04 systems, first, update the server software and then install Snap with the commands below.
sudo apt update && apt upgrade -y
sudo apt install -y snapd
Before installing Shadowsocks-libev, you may wish to install haveged to improve randomness but this is optional.
# CentOS 8
sudo dnf install -y haveged
# Debian 10 and Ubuntu 20. 04
sudo apt install -y haveged
Once you have Snap and the optional haveged installed, reboot the server before continuing.
When your cloud server is up and running again, log back in over SSH. Then install Shadowsocks-libev proxy via Snap using the following command:
sudo snap install shadowsocks-libev
Once you’ve installed Shadowsocks-libev, continue to the next section about how to configure the proxy server.
Configuring proxy server
Snap will install Shadowsocks-libev for you but it’ll need a little help with the setup. Make a directory to hold your configuration files.
sudo mkdir -p /var/snap/shadowsocks-libev/common/etc/shadowsocks-libev
Next, create a JSON file for Shadowsocks-libev configuration. It can be named anything. Here we are using simple config as the name.
sudo touch /var/snap/shadowsocks-libev/common/etc/shadowsocks-libev/
Then edit the file and add the following configuration to the file.
sudo nano /var/snap/shadowsocks-libev/common/etc/shadowsocks-libev/
“server”:[“[::0]”, “0. 0. 0”],
“nameserver”:”1. 1. 1″}
Let’s go over each of the configuration parameteres and what they do.
The example configuration uses the server definition values which accept any IP address, both IPv6 and IPv4:
“server”:[“::0”, “0. 0”],
Not binding to a specific address can be useful if you wish to create a template of the configuration or a custom image of your Shadowsock server. This way the configuration will work regardless of the public IP address.
You can also use your public IPv6 and IPv4 addresses, for example:
“server”:[“2a04:3543:1000:2312:4631:c1ff:feb5:01f0”, “95. 123. 198. 234”],
If you have a domain name that resolves to your cloud server’s IP address, you can also use it to have the proxy only respond to a certain domain.
The different modes define the data communication protocol used by the proxy. There are three valid values for “mode”:
Using both TCP and UDP allows the proxy to negotiate the best connection available at the time and should be fine. If your network has specific requirements or restrictions, you may need to select tcp_only.
Our example Shadowsocks config uses the port 443 but it can be set to any free port. If you’re not using HTTP (80) or HTTPS (443) ports by hosting a website on the same server, you should use either of these ports. Note that using a common port such as 80 or 443 can attract unauthorised connection attempts so make sure your password is secure.
The server password is used to authenticate connections to the proxy. Make sure to select a secure password with adequate complexity and length.
This is the socket timeout in seconds. The example value of 60 should be fine. However, if you installed Shadowsocks from backports you might need to set it higher but it’s suggested you keep it under 5 minutes, i. e. 300 seconds.
The method refers to the encryption cipher used by the proxy to secure the communications. The cipher used in the example config is a modern and efficient option:
You can choose other ciphers if you want. Another popular alternative is:
Our example also includes a domain name server which is not strictly necessary. Without this parameter the proxy will use the DNS used by your cloud server. You can have Shadowsocks use your preferred DNS by setting the nameserver in your config file.
For example, to use Google’s DNS, enter the following:
“nameserver”:”8. 8. 8″
Or if you prefer Cloudflare’s DNS, use their IP address instead:
Once you are done editing the configuration, save the file ctrl+o and exit the editor ctrl+x.
Creating systemd service unit
Shadowsocks-libev can be run manually in the terminal but this isn’t very practical in the long-term. Instead, create a systemd service unit file using the following command:
sudo touch /etc/systemd/system/[email protected]
Next, open the newly created file for edit:
sudo nano /etc/systemd/system/[email protected]
Then copy and paste the following content into the file:
Description=Shadowsocks-Libev Custom Server Service for%I
ExecStart=/usr/bin/snap run -c /var/snap/shadowsocks-libev/common/etc/shadowsocks-libev/
Afterwards, save the file and exit the editor.
You can then enable the systemd service unit for your config file by running the following command. Note that the @config is used to select the configuration file, in this case, but without the file format notation.
sudo systemctl enable –now [email protected]
Check that the server started up successfully by using the status command:
sudo systemctl status [email protected]
You should see Shadowsocks listening to the IP addresses, ports and protocols you defined in the configuration. In our example output below, you can see both TCP and UDP running on IPv4 and IPv6 addresses as set in the configuration step.
● [email protected] – Shadowsocks-Libev Custom Server Service for config
Loaded: loaded (/etc/systemd/system/[email protected]; enabled; vendor preset: enabled)
Active: active (running) since Sun 2020-08-30 10:37:06 UTC; 3s ago
Main PID: 1229 (ss-server)
Tasks: 1 (limit: 1074)
Memory: 18. 0M
CGroup: /x2dlibev[email protected]
└─1229 /snap/shadowsocks-libev/508/bin/ss-server -c /var/snap/shadowsocks-libev/common/etc/shadowsocks-libev/
Aug 30 10:37:06 systemd: Started Shadowsocks-Libev Custom Server Service for config.
Aug 30 10:37:07 snap: 2020-08-30 10:37:07 INFO: UDP relay enabled
Aug 30 10:37:07 snap: 2020-08-30 10:37:07 INFO: initializing ciphers… chacha20-ietf-poly1305
Aug 30 10:37:07 snap: 2020-08-30 10:37:07 INFO: using nameserver: 1. 1
Aug 30 10:37:07 snap: 2020-08-30 10:37:07 INFO: tcp server listening at [::0]:443
Aug 30 10:37:07 snap: 2020-08-30 10:37:07 INFO: tcp server listening at 0. 0:443
Aug 30 10:37:07 snap: 2020-08-30 10:37:07 INFO: udp server listening at [::0]:443
Aug 30 10:37:07 snap: 2020-08-30 10:37:07 INFO: udp server listening at 0. 0:443
Aug 30 10:37:07 snap: 2020-08-30 10:37:07 INFO: running from root user
With Shadowsocks-libev proxy server up and running, we are almost ready to start testing the connection. Before then, check the next part of the tutorial to configure your firewall to allow a connection.
Allowing connection through firewall
If you are using a firewall like UFW or firewalld, make sure you open up the port used by server_port as set in the configuration file, port 443 in this example.
sudo ufw allow 443
sudo firewall-cmd –add-service= –permanent
sudo firewall-cmd –reload
If you’re not using a software firewall on your server we recommend enabling the UpCloud’s Firewall service on your cloud server.
Check out the tutorial for managing UpCloud Firewall to find out more.
Connecting using proxy client
Shadowsocks-libev is now ready for proxy connections. To be able to connect to your Shadowsocks proxy server, you’ll need a client.
Shadowsocks is supported by a number of different clients and devices. You can find the list of available clients for your devices at the Shadowsocks download page.
Install a client of your choosing and test out the connection with the help of the details below.
For example, you can use the same Shadowsocks-libev software in client mode by installing it on your local system. Follow the installation steps like when installing the Shadowsocks-libev server then continue in the Linux client configuration step underneath.
Configuring mobile devices
As a light-weight proxy, Shadowsocks-libev works great with mobile devices. If you want a quick way to connect using a smartphone, go to the Shadowsocks’ QR generator and fill your config details in the following format:
Replace the hostname with your server’s public IP if you are using the IPs instead of a domain name. For example:
Then import the generated URI or QR code on your device using the client software. Select the imported profile and activate the connection. And finally, configure your system to use the proxy.
In mobile devices like iOS and Android, the connection can serve as a full VPN.
Configuring another Linux host
Connecting using the Shadowsock-libev as a client can be done by configuring the proxy in localhost mode. Once installed, create file as underneath.
Set the file to include the server IP address and port as you configured on the proxy server. Also, include local address and port like shown below. Lastly, set the password and encryption method to match your Shadowsocks proxy server.
Next, create a systemd unit file for the Shadowsocks client and edit it to have the following content.
Description=Shadowsocks-Libev Local Service for%I
Once done, save the file and exit the editor.
Then start the client proxy using the following command. Note that the @config is used to select the configuration file, e. g. but without the file format.
sudo systemctl start [email protected]
The local proxy creates a connection to your cloud server and allows data to pass through them. To actually have application data to use the proxy, you’ll need to configure your web browser or operating system to use the local proxy. The actual process depends on your use case but by our configuration, the proxy is running on the IP 127. 1 and port 1080.
Testing the connection
Once you are connected, check that your traffic is running through the proxy. For example, open the following URL to test the IP address you are connecting from as seen by others on the Internet.
Alternatively, you can test it directly by using curl in the terminal:
curl –proxy socks5127. 1:1080 Or by starting Google Chrome with the following command-line option:
google-chrome –proxy-server=”socks5127. 1:1080″
You should then see your connection details listing the IP address of your cloud server instead of the IP of your client device.
Note that using a VPN connection to your cloud server does not guarantee anonymity and any network traffic must comply with UpCloud Terms of Service and Acceptable Use Policy.
Making further optimisations
You should now have a fully functional proxy securing your connection to your cloud server. You may not need any additional optimisations, but in the off-chance that you are having a less than ideal experience, the following tweaks might help.
Increasing open file descriptors
Check the current values by running:
If open files parameter shows less than 51200, do the following:
Open the file in a text editor.
sudo nano /etc/security/
Then add the following lines just before the # End of file:
* soft nofile 51200
* hard nofile 51200
Alternatively, use the following if the proxy server is running as root:
root soft nofile 51200
root hard nofile 51200
Tuning the kernel parameters
Depending on the performance of your proxy server, you may wish to make the following changes to your system configuration:
sudo nano /etc/
Add the following lines to the end of the file:
p_syncookies = 1
p_tw_reuse = 1
p_tw_recycle = 0
p_fin_timeout = 30
p_keepalive_time = 1200
net. ipv4. ip_local_port_range = 10000 65000
p_max_syn_backlog = 8192
p_max_tw_buckets = 5000
p_fastopen = 3
p_mtu_probing = 1
p_mem = 25600 51200 102400
p_rmem = 4096 87380 67108864
p_wmem = 4096 65536 67108864
Then save the file and run the command below to reload the settings.
sudo sysctl -p
Using TCP BBR
TCP BBR is a TCP congestion control algorithm developed by Google and its been reported to improve performance on certain networks. You can enable it by adding the following to lines to your system configuration file.
Then save the file and reload the settings.
Check the changes by running the next command.
sudo sysctl p_congestion_control
If the output is as follows the setting was applied successfully.
p_congestion_control = bbr
These optimisations should help alleviate any possible performance issues.
In the capital city of Finland, you will find our headquarters, and our first data centre. This is where we handle most of our development and innovation.
London was our second office to open, and a important step in introducing UpCloud to the world. Here our amazing staff can help you with both sales and support, in addition to host tons of interesting meetups.
Singapore was our 3rd office to be opened, and enjoys one of most engaged and fastest growing user bases we have ever seen.
Seattle is our 4th and latest office to be opened, and our way to reach out across the pond to our many users in the Americas.
Frequently Asked Questions about shadowsocks service
Is Shadowsocks a VPN?
Unlike VPN, Shadowsocks isn’t designed for privacy and anonymity. … Due to its use of SOCKS5 proxies, Shadowsocks doesn’t send all your traffic through a server, as opposed to VPN. And in contrast to traditional ssh SOCKS5 proxies, Shadowsocks works with multiple TCP connections.
Is Shadowsocks a SOCKS5?
Shadowsocks is a free open-source SOCKS5 proxy widely used to protect privacy on the Internet.Nov 6, 2020
How do I connect to Shadowsocks server?
3. Connect using ShadowsocksIn the Shadowsocks app, select your new configuration and then tap on the connect icon (a paper airplane)In the OpenVPN app, connect to the server you just finished editing by tapping on the name (not the edit icon) of the profile. … Both apps should show as being connected.More items…•May 15, 2021