rogerxu commented 6 years ago

Install

yum

$ yum groupinstall "Development tools"
$ yum update

Python

$ python --version
Python 2.6.6

pip

Debian / Ubuntu

$ apt-get install python-pip
$ pip --version
pip 8.1.2 from /usr/lib/python2.6/site-packages (python 2.6)

CentOS

Easy Install is a python module (easy_install) bundled with setuptools that lets you automatically download, build, install, and manage Python packages.

$ yum install python-setuptools
$ easy_install pip
$ pip --version
pip 8.1.2 from /usr/lib/python2.6/site-packages (python 2.6)

Upgrade

$ pip list -o
$ pip install --upgrade pip

Shadowsocks

Shadowsocks 一键安装脚本（四合一） | 秋水逸冰

CentOS

$ pip install git+https://github.com/shadowsocks/shadowsocks.git@master

rogerxu commented 6 years ago

Run

Command Line

$ ssserver -p 443 -k password -m chacha20-ietf-poly1305

Bandwagon

/etc/rc.local

#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.

touch /var/lock/subsys/local

# net_speeder <dev> <filter>
nohup net_speeder venet0 "ip host `hostname -i` and src port `cat /root/.kiwivm-shadowsocks-port`" >/dev/null 2>&1 &

# shadowsocks in background
/usr/bin/ssserver -p `cat /root/.kiwivm-shadowsocks-port` -k `cat /root/.kiwivm-shadowsocks-password` -m `cat /root/.kiwivm-shadowsocks-encryption` --user nobody --workers 2 -d start

Config File

To run in the foreground:

$ ssserver -c /etc/shadowsocks.json

To run in the background:

$ ssserver -c /etc/shadowsocks.json -d start

To stop:

ssserver -c /etc/shadowsocks.json -d stop

rogerxu commented 6 years ago

Configuration

Configuration via Config File

Create a config file /etc/shadowsocks.json. Example:

{
    "server": "0.0.0.0",
    "server_port": 443,
    "local_address": "127.0.0.1",
    "local_port": 1080,
    "password": "mypassword",
    "timeout": 300,
    "method": "chacha20-ietf-poly1305",
    "fast_open": false,
    "workers": 2
}

Resources

Shadowsocks搭建和优化图文教程 - 233ABC

rogerxu commented 6 years ago

Ciphers

AEAD Ciphers

Shadowsocks - AEAD Ciphers

AEAD stands for Authenticated Encryption with Associated Data. AEAD ciphers simultaneously provide confidentiality, integrity, and authenticity. They have excellent performance and power efficiency on modern hardware. Users should use AEAD ciphers whenever possible.

The following AEAD ciphers are recommended. Compliant Shadowsocks implementations must support AEAD_CHACHA20_POLY1305. Implementations for devices with hardware AES acceleration should also implement AEAD_AES_128_GCM, AEAD_AES_192_GCM, and AEAD_AES_256_GCM.

Name	Alias
AEAD_CHACHA20_POLY1305	chacha20-ietf-poly1305
AEAD_AES_256_GCM	aes-256-gcm

libsodium

jedisct1/libsodium: A modern and easy-to-use crypto library.

libsodium-doc/aead.md at master · jedisct1/libsodium-doc

Resources

安装shadowsocks-python并启用chacha20加密 - 老高的技术博客

ShadowsocksR 安装libsodium 以支持 Chacha20/Chacha20-ietf 加密方式 | 逗比根据地

搭建属于自己的Shadowsocks｜Geying's blog

Availability and interoperability

Construction	Key size	Nonce size	Block size	MAC size	Availability
AES256-GCM	256 bits	96 bits	128 bits	128 bits	libsodium >= 1.0.4 but requires hardware support. IETF standard; also implemented in many other libraries.
ChaCha20-Poly1305	256 bits	64 bits	512 bits	128 bits	libsodium >= 0.6.0. Also implemented in {Libre,Open,Boring}SSL.
ChaCha20-Poly1305-IETF	256 bits	96 bits	512 bits	128 bits	libsodium >= 1.0.4. IETF standard; also implemented in Ring, {Libre,Open,Boring}SSL and other libraries.
XChaCha20-Poly1305-IETF	256 bits	192 bits	512 bits	128 bits	libsodium >= 1.0.12.

Install

Uninstall libsodium old version

$ yum erase libsodium

Build from source code

# download source code
$ wget https://github.com/jedisct1/libsodium/releases/download/1.0.13/libsodium-1.0.13.tar.gz
$ tar -xzf libsodium-1.0.13.tar.gz
$ cd libsodium-1.0.13

# build and install
$ ./configure
$ make && make install

# repair link
$ echo /usr/local/lib > /etc/ld.so.conf.d/usr_local_lib.conf
$ ldconfig

rogerxu commented 6 years ago

Encryption

Install dependencies

$ yum install swig
$ yum install m2crypto

rogerxu commented 5 years ago

ShadowsocksR

Encryption

aes-256-cfb
chacha20-ietf

Protocol

ShadowsocksR 协议插件文档

协议定义插件用于定义加密前的协议，通常用于长度混淆及增强安全性和隐蔽性，部分插件能兼容原协议。

auth_aes128_md5
auth_aes128_sha1
auth_chain_f - with none encryption

Obfuscation

SSR混淆及混淆协议参数的设置 | 搜百谷

plain
http_simple - 并非完全按照http1.1标准实现，仅仅做了一个头部的GET请求和一个简单的回应，之后依然为原协议流。
- parameter: xinhuaapp-img.img.aliyuncs.com#User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 10_2_1 like Mac OS X) AppleWebKit/602.4.6 (KHTML, like Gecko) Version/10.0 Mobile/14D27 MicroMessenger/6.5.13\nAccept: /\nConnection: keep-alive
tls1.2_ticket_auth - 模拟TLS1.2在客户端有session ticket的情况下的握手连接。
- parameter: www.icloud.com,img.alicdn.com,apps.bdimg.com

rogerxu / rogerxu.github.io

Shadowsocks #174

Install

yum

Python

pip

Debian / Ubuntu

CentOS

Upgrade

Shadowsocks

CentOS

Run

Command Line

Bandwagon

Config File

Configuration

Resources

Ciphers

AEAD Ciphers

libsodium

Resources

Availability and interoperability

Install

Encryption

Install dependencies

ShadowsocksR

Encryption

Protocol

Obfuscation