net4people / bbs

Forum for discussing Internet censorship circumvention
3.44k stars 82 forks source link

Easy and Fast Shadowsocks server #138

Open MohsenHNSJ opened 2 years ago

MohsenHNSJ commented 2 years ago

I'm in Iran and this method currently works for accessing the Internet. (Mobile networks too)

The only requirement is to buy a cheap VPS that is outside of Iran and also accessible by your internet connection. (you can talk or call with service providers before buying a VPS, to get an IP for ping testing their data center to know whether it's accessible or not)

Then connect to your server via any SSH client and run the following command:

sudo curl -s https://raw.githubusercontent.com/MohsenHNSJ/FastShadowsocks/master/install.sh | bash

after a few minutes, credentials for the Shadowsocks connection will be shown to you. Write them down and execute the "reboot" command, later connect to it with your Shadowsocks client application by provided credentials.

Project link here: https://github.com/MohsenHNSJ/FastShadowsocks

wkrp commented 2 years ago

Thanks for contributing this. What makes this setup different from other single-hop Shadowsocks setups, which others have reported do not work, for example here and here? Is the the preliminary step of verifying that the VPS provider network is reachable?

MohsenHNSJ commented 2 years ago

Yes, that step should be taken before purchase, however I have configured a few servers till now, with different host providers. some I couldn't connect to, so asked for another IP range and after changing it, I could connect and run Shadowsocks.

May seem a bit tedious job, calling and talking to support centers, but, the upside is that it's a Single Hop, less latency and more importantly, as I haven't found Any app for iPhone to support Proxy chaining for Multi-Hop Shadowsocks, This method also works in iPhone with a regular Shadowsocks client.

The goal of my project is to ease the process of making a Shadowsocks server, so even a non technical person could run it easily. Yet, I see it is still a bit hard for beginners who never touched a Linux or a terminal, so I'm working on a project to make this process even more simpler with the least amount of interaction required by the user.

puer777 commented 2 years ago

I am glad that this is helping people in Iran. Out of curiosity I tested this script last night in China. Leaving the connection active for 4 hours was enough for the port to be blocked. The VPS however remains accessible from a Chinese IP.

MohsenHNSJ commented 2 years ago

I am glad that this is helping people in Iran. Out of curiosity I tested this script last night in China. Leaving the connection active for 4 hours was enough for the port to be blocked. The VPS however remains accessible from a Chinese IP.

Thanks for trying it out. In Iran, some popular ports may have connection issues, that's why I set the script to choose Random ports on runtime. but I have not seen such a behavior in Iran. all the servers are up and running without the need to change ports.

However, this filtering rule may not be too far in Iran, so I think it's better to prepare it for such a situation and also make it usefull for people living in china.

What may be the problem? is it because of Shadowsocks? Have I missed a setting? Or it's a default behavior of China's firewall to block a persistent connection after a time period? What may be the solution?

puer777 commented 2 years ago

I am glad that this is helping people in Iran. Out of curiosity I tested this script last night in China. Leaving the connection active for 4 hours was enough for the port to be blocked. The VPS however remains accessible from a Chinese IP.

Thanks for trying it out. In Iran, some popular ports may have connection issues, that's why I set the script to choose Random ports on runtime. but I have not seen such a behavior in Iran. all the servers are up and running without the need to change ports.

However, this filtering rule may not be too far in Iran, so I think it's better to prepare it for such a situation and also make it usefull for people living in china.

What may be the problem? is it because of Shadowsocks? Have I missed a setting? Or it's a default behavior of China's firewall to block a persistent connection after a time period? What may be the solution?

The GFW can detect and block Shadowsocks in real time. You can read more about the way in which that happens here - https://github.com/net4people/bbs/issues/129

MohsenHNSJ commented 2 years ago

The GFW can detect and block Shadowsocks in real time. You can read more about the way in which that happens here - https://github.com/net4people/bbs/issues/129

I have read the post, and I need to educate more on Network/Protocols/TLS etc... but I see that Naïve is immune to such detection and also noted a few posts below that with the latest uTLS version and some client works, this problem may be fixed.

maybe a Fast Naïve server or something ...

Again it seems inconvenient for an inexperienced user to configure these settings. will look into a way to simplify it.

serdkc commented 2 years ago

mohsen jan , multi hop ro kar kon rosh dada

mohsen, please work on multi hop, my bro

delejos commented 2 years ago

@MohsenHNSJ Could you provide more info on what VPS to purchase and from where to make this work? I am trying to help Iranians, some can connect to my Outline VPN server while some cannot, maybe I can spin something like this up too?

MohsenHNSJ commented 2 years ago

mohsen jan , multi hop ro kar kon rosh dada

mohsen, please work on multi hop, my bro

Chashm aziz 😅

Will look into it

MohsenHNSJ commented 2 years ago

@MohsenHNSJ Could you provide more info on what VPS to purchase and from where to make this work? I am trying to help Iranians, some can connect to my Outline VPN server while some cannot, maybe I can spin something like this up too?

Each VPS should be checked prior setting-up. I bought another VPS from the same provider that I have currently and I assumed that it would also work, but it was not accessible and I asked for change in IP Range. so basically its not a guarantee that servers from a specific provider are always reachable. The block is IP based and most popular providers are most likely blocked. Best chance is to choose a trusted yet not so popular provider and again test connection to a sample IP of their database.

ghost commented 2 years ago

The block is IP based and most popular providers are most likely blocked. Best chance is to choose a trusted yet not so popular provider and again test connection to a sample IP of their database.

This point is confirmed in another thread on this bbs.

@wkrp posted in #136 a link to a report. The report says:

"If hosted on home network or low profile service providers, and only used by a small number of users, they are typically the most resilient solution and their IPs remain unblocked."

So use a low-profile VPS provider (or host with a friend overseas who has a residential IP address and a good ISP).

Also, at the start of #136, @gfw-report posted on the need to further obfuscate SS so that it doesn't look like SS. That is needed for China. Maybe it is not need for Iran yet.

MohsenHNSJ commented 2 years ago

Also, at the start of #136, @gfw-report posted on the need to further obfuscate SS so that it doesn't look like SS. That is needed for China. Maybe it is not need for Iran yet.

As GFW is a few steps ahead of Iran, I do think it's better get prepared rather than be surprised. so this obfuscation OR a method for Naïve protocol will be added soon. As I'm working full time on my job, I have to find spare time to start working on it.

sMohammad14 commented 2 years ago

I am glad that this is helping people in Iran. Out of curiosity I tested this script last night in China. Leaving the connection active for 4 hours was enough for the port to be blocked. The VPS however remains accessible from a Chinese IP.

@puer777 GFW now can detect shadowsocks and sub protocols (Vmess, Vless and ect)!?

ghost commented 2 years ago

The GFW can detect and block Shadowsocks in real time.

Some people continue to use Shadowsocks without any problems. Some quotes from Reddit:

"Absolutely no issue with Shadowsocks and Wireguard, easy to setup on VPS in HK, it worked smoothy for months if not years now. Just need to switch IP when it gets banned (happened 2 times this year, wasn't happening before)."

"Shadowsocks - 'on mobile data smooth as butter' (confirmed with rightell sim card) & on wifi speeds differ, 'doesn't bypass safe search in Iran, but allows connection to any domains'"

So there are more factors involved than just the protocol. People have mentioned factors such as choice of data center, choice of port, amount of traffic sent to one IP, and number of users of the proxy. GFW Report also had some recommendations for choice of password and choice of cipher.

poorp commented 2 years ago

mohsen jan , multi hop ro kar kon rosh dada

mohsen, please work on multi hop, my bro

You can do multi-hop pretty easily with vless (xray-core). Though I'm not sure how this would help because nearly everything that's happening or has happened to normal ISPs is happening to datacenters as well. Also, unfortunately, I've heard that for the next time they are planning and pulling the plug completely and disconnecting everything in a way that even they won't be able to use the internet themselves so I don't think there is much point in 2hop RN. We need to focus on finding a way to connect on a single hop as it is cheaper, less dangerous and also faster. vless+ws is working fine right now from my limited experience so try that if you can "dashe golam".