Open rogerxu opened 6 years ago
$ yum groupinstall "Development tools"
$ yum update
$ python --version
Python 2.6.6
$ apt-get install python-pip
$ pip --version
pip 8.1.2 from /usr/lib/python2.6/site-packages (python 2.6)
Easy Install is a python module (easy_install
) bundled with setuptools
that lets you automatically download, build, install, and manage Python packages.
$ yum install python-setuptools
$ easy_install pip
$ pip --version
pip 8.1.2 from /usr/lib/python2.6/site-packages (python 2.6)
$ pip list -o
$ pip install --upgrade pip
Shadowsocks 一键安装脚本(四合一) | 秋水逸冰
$ pip install git+https://github.com/shadowsocks/shadowsocks.git@master
$ ssserver -p 443 -k password -m chacha20-ietf-poly1305
/etc/rc.local
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.
touch /var/lock/subsys/local
# net_speeder <dev> <filter>
nohup net_speeder venet0 "ip host `hostname -i` and src port `cat /root/.kiwivm-shadowsocks-port`" >/dev/null 2>&1 &
# shadowsocks in background
/usr/bin/ssserver -p `cat /root/.kiwivm-shadowsocks-port` -k `cat /root/.kiwivm-shadowsocks-password` -m `cat /root/.kiwivm-shadowsocks-encryption` --user nobody --workers 2 -d start
To run in the foreground:
$ ssserver -c /etc/shadowsocks.json
To run in the background:
$ ssserver -c /etc/shadowsocks.json -d start
To stop:
ssserver -c /etc/shadowsocks.json -d stop
Configuration via Config File
Create a config file /etc/shadowsocks.json
. Example:
{
"server": "0.0.0.0",
"server_port": 443,
"local_address": "127.0.0.1",
"local_port": 1080,
"password": "mypassword",
"timeout": 300,
"method": "chacha20-ietf-poly1305",
"fast_open": false,
"workers": 2
}
AEAD stands for Authenticated Encryption with Associated Data. AEAD ciphers simultaneously provide confidentiality, integrity, and authenticity. They have excellent performance and power efficiency on modern hardware. Users should use AEAD ciphers whenever possible.
The following AEAD ciphers are recommended. Compliant Shadowsocks implementations must support AEAD_CHACHA20_POLY1305. Implementations for devices with hardware AES acceleration should also implement AEAD_AES_128_GCM, AEAD_AES_192_GCM, and AEAD_AES_256_GCM.
Name | Alias |
---|---|
AEAD_CHACHA20_POLY1305 | chacha20-ietf-poly1305 |
AEAD_AES_256_GCM | aes-256-gcm |
jedisct1/libsodium: A modern and easy-to-use crypto library.
libsodium-doc/aead.md at master · jedisct1/libsodium-doc
安装shadowsocks-python并启用chacha20加密 - 老高的技术博客
ShadowsocksR 安装libsodium 以支持 Chacha20/Chacha20-ietf 加密方式 | 逗比根据地
搭建属于自己的Shadowsocks|Geying's blog
Construction | Key size | Nonce size | Block size | MAC size | Availability |
---|---|---|---|---|---|
AES256-GCM | 256 bits | 96 bits | 128 bits | 128 bits | libsodium >= 1.0.4 but requires hardware support. IETF standard; also implemented in many other libraries. |
ChaCha20-Poly1305 | 256 bits | 64 bits | 512 bits | 128 bits | libsodium >= 0.6.0. Also implemented in {Libre,Open,Boring}SSL. |
ChaCha20-Poly1305-IETF | 256 bits | 96 bits | 512 bits | 128 bits | libsodium >= 1.0.4. IETF standard; also implemented in Ring, {Libre,Open,Boring}SSL and other libraries. |
XChaCha20-Poly1305-IETF | 256 bits | 192 bits | 512 bits | 128 bits | libsodium >= 1.0.12. |
Uninstall libsodium old version
$ yum erase libsodium
Build from source code
# download source code
$ wget https://github.com/jedisct1/libsodium/releases/download/1.0.13/libsodium-1.0.13.tar.gz
$ tar -xzf libsodium-1.0.13.tar.gz
$ cd libsodium-1.0.13
# build and install
$ ./configure
$ make && make install
# repair link
$ echo /usr/local/lib > /etc/ld.so.conf.d/usr_local_lib.conf
$ ldconfig
$ yum install swig
$ yum install m2crypto
aes-256-cfb
chacha20-ietf
协议定义插件用于定义加密前的协议,通常用于长度混淆及增强安全性和隐蔽性,部分插件能兼容原协议。
auth_aes128_md5
auth_aes128_sha1
auth_chain_f
- with none
encryptionplain
http_simple
- 并非完全按照http1.1标准实现,仅仅做了一个头部的GET请求和一个简单的回应,之后依然为原协议流。
xinhuaapp-img.img.aliyuncs.com#User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 10_2_1 like Mac OS X) AppleWebKit/602.4.6 (KHTML, like Gecko) Version/10.0 Mobile/14D27 MicroMessenger/6.5.13\nAccept: /\nConnection: keep-alive
tls1.2_ticket_auth
- 模拟TLS1.2在客户端有session ticket的情况下的握手连接。
www.icloud.com,img.alicdn.com,apps.bdimg.com
Shadowsocks - A secure socks5 proxy