shadowsocks for opnsense

[Laven7]

Could you add a shadowsocks plugin for opnsense

[fichtner]

shadowsocks-libev is in packages... though which specific shadowsocks application are you referring to?

[mimugmail]

Is there really a need for this? Config seems really easy .. if there are one or two more guys interested in this I can build a UI.

[Laven7]

Many people interested in shadowsocks in China. If we could config shadowsocks like openwrt, we'll be very thankful for what you do

[fichtner]

Did you know we also have OpenVPN with XOR patch?

https://tunnelblick.net/cOpenvpn_xorpatch.html

Unless you tell me it's not working anymore for reasons beyond the software itself, that would be good to know too.

[mimugmail]

Every pkg to make it harder for GFOC is a good one! :D Give me some days ..

[Laven7]

I have configured shadowsocks-libev in my opnsense, but it seems it doesn't work on my PC. I've heard of OpenVPN, but many people like Shadowsocks much more than OpenVPN in China.

[mimugmail]

@Laven7 down the shadowsocks also works without a password? Is this a common setup or is password a must?

[Laven7]

@mimugmail I have a shadowsocks server in my google vps.

[mimugmail]

@fichtner which value determines the name of the rc script? I'm using shadawsocks everywhere, but the rc script is called shadowsocks_libev. Will I have to rename everything of is this just one value somewhere?

Besides this the plugin is ready/finished ...

[mimugmail]

forget it .. stupid question :/

[fabianfrz]

plugin has been merged - closing this

[mimugmail]

@Laven7 Were you able to test the plugin? Does it work for you?

[Laven7]

@mimugmail Sorry, I can't get version 18.1.r2 yet.

[mimugmail]

When you download RC1 ISO and so a fresh Install you can upgrade to RC2

[fichtner]

It will also be in 17.7.12 tomorrow.

# pkg install os-shadowsocks-devel

Cheers, Franco

[mimugmail]

shadowsocks, not openconnect :)

[fichtner]

whoops, fixed :D

[Laven7]

I'm trying to download RC1 now, but the network doesn't work well. When I get the test result, I'll let you know. @mimugmail

[Laven7]

@mimugmail It doesn't work for me. I have two shadowsocks server and I have tried them all. My server port is 443, local port is 1080, server encryption is aes-256-cfb. but I can't find server encryption configuration in the plugin.

The log said "bind: Can't assign requested address"

[mimugmail]

Because your Admin GUI already use 443?

[Laven7]

NO, I try to set other server port, but it doesn't work.

[mimugmail]

Would you mind to give me the details so I can test here? If yes just drop me the settings at https://github.com/opnsense/plugins/blob/master/net/shadowsocks/Makefile#L5

[Laven7]

@mimugmail I have sent an email to you, about my server details.

[mimugmail]

Ok, we had a misunderstanding here. The current package only offers server mode .. it can only bind to a local address. What you need might be tunnel, correct?

[Laven7]

correct

[mimugmail]

@fichtner we have to reopen this. The init script for this package only uses ss-server, this would only fit if you want to run the server (like a tor entry node). What we need is ss-tunnel (no rc script) which would behave like the tor plugin. What to do? rewrite the existing rc for ss-tunnel, since running server on OPNsense is highly unusual?

[fichtner]

sure, adapt what we have, maybe making sure the rc.d script name reflects that. I didn't know we had a server instance with openconnect anyway?

[mimugmail]

OpenConnect? Not in the repo .. ;)

[fichtner]

man I keep mixing those two up...

[mimugmail]

@Laven7 Ok, I got it working with ss-local Successfully connected to you shadowsocks-server I guess.

@fichtner what do you think, leave the current plugin as server-only and do a new plugin as client/relay or rewrite the existing one as client/relay only? @Laven7 any opinion on this?

[fabianfrz]

@mimugmail it may be like os-tor, which is a client and a server at the same time.

[mimugmail]

@fabianfrz the problem is the rc script is only for ss-server, there's also ss-tunnel and ss-local. @Laven7 just to be sure .. you don't need ss-tunnel for static port tunneling? I don't want to make it too complicated :)

[Laven7]

sure

[mimugmail]

@Laven7 when you have 0.1 still installed and update to 18.1.2 you'll receive 0.2 which now has a "General" service to deploy a server and "Local" for just ss-local client connecting to an external server. Hopefully it works for you now :) Please test it when you find the time ..

[mimugmail]

@Laven7 ? :)

[mimugmail]

@lattera my friend of privacy .. you like to test with me the shadow socks plugin? I'd need some external system hosting a shadow server where my client can connect to.

As you drive a tor relay perhaps you'd also try shadow for our chinese OPN users?

[lattera]

I'd be happy to. Can you give me a test plan?

[mimugmail]

pkg install os-shadowsocks-devel

Configure a server instance, leave everything besides pw default and send it to me. Don't forget to allow connection on the port via your WAN.

Then I'll start a local instance on my OPNsense machine and tunnel OpenVPN though it ..

[lattera]

Cool. I'll set up a separate OPNsense box and install this behind my primary box and do port forwarding. I prefer to leave my primary box in pristine condition. I'll do that this weekend.

[Laven7]

@mimugmail I'm so sorry, I'm too busy to check my git message last month. I'll give you my test details ASAP. And I'll send my shadowsocks server info to you. You also can use it to test.

[Laven7]

@mimugmail How can I get your email, I forgot it.

[mimugmail]

https://github.com/opnsense/plugins/blob/master/net/shadowsocks/Makefile#L5

[mimugmail]

@Laven7 It's working, great! :) @lattera If you still interested in testing, I'm on it . @fichtner You can merge the current master code base to stable!

Thanks to everyone ...

[fichtner]

You can merge the current master code base to stable!

That's already the case. Or do you mean you want to release 1.0 ?

[mimugmail]

Yep, an remove devel tag

Franco Fichtner notifications@github.com schrieb am Fr., 23. März 2018, 08:34:

You can merge the current master code base to stable!

That's already the case. Or do you mean you want to release 1.0 ?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/opnsense/plugins/issues/467#issuecomment-375567923, or mute the thread https://github.com/notifications/unsubscribe-auth/ATfeoTMyydoNKKxjFTMnk6N6Yq4iDlSQks5thKVpgaJpZM4RUARB .

[mimugmail]

Please close this one too ...

[samirmhsnv]

any support for v2ray plugin?

[mimugmail]

There is a pkg but no plugin. So you can install and configure via CLI

[samirmhsnv]

There is a pkg but no plugin. So you can install and configure via CLI

thank you for fast reply 🚀