A Detailed Guide to Using Shadowsocks-libev on Linux

Before setting up Shadowsocks-libev, choosing the right server is crucial for optimal performance and security. Below are some key factors to consider when selecting a server:

Selecting a Server for Shadowsocks-libev

When selecting a server to run Shadowsocks-libev, keep in mind the following considerations:

1. Location:

   • The server's location can significantly impact connection speed and latency. For lower latency, choose a server that is geographically closer to you or your users.

   • If the goal is to bypass censorship or access geo-restricted content, select a server in a region with free internet access.

2. Bandwidth:

   • Shadowsocks is used to proxy traffic, so higher bandwidth is essential, especially if multiple users will be connecting simultaneously or if you expect to handle high traffic volumes.

   • Look for servers offering at least 1 Gbps bandwidth for smooth performance.

3. CPU and Memory:

   • Shadowsocks-libev is lightweight and doesn’t require powerful hardware. However, if you expect heavy usage or need to support many users, ensure the server has sufficient CPU and memory resources.

   • A server with 1 to 2 CPU cores and 1 to 2 GB of RAM is usually sufficient for most users.

4. Storage:

   • The storage requirements for Shadowsocks are minimal, but you may need more space if you're also storing logs or other data. Typically, a server with 20 GB of storage is more than enough for Shadowsocks purposes.

5. Server Provider:

   • Choose a reliable cloud provider with good uptime guarantees and strong customer support. Some popular cloud service providers include DigitalOcean, AWS, Linode, and Vultr.

   • Ensure the provider allows for flexibility in upgrading or scaling your server as traffic grows.

6. Network Throughput:

   • Check the server's network throughput capacity, especially if you plan to handle significant traffic or high-speed downloads.

7. IP Address:

   • Opt for a server with a dedicated IP address. This is particularly important if you plan to control access or whitelist certain users.

   • Ensure the provider offers protection against Distributed Denial of Service (DDoS) attacks, especially if you're hosting in regions with heavy censorship.

Once you've selected a suitable server based on these criteria, you can move forward with installing and configuring Shadowsocks-libev.

---

Shadowsocks-libev Setup on Linux

Shadowsocks-libev is a lightweight proxy software widely used for bypassing internet censorship and ensuring privacy. It is based on the SOCKS5 protocol and supports encrypted, secure communication. This guide will walk you through installing, configuring, and using Shadowsocks-libev on a Linux system.

1. Installing Shadowsocks-libev

Shadowsocks-libev is available in the repositories of most Linux distributions. Below are the steps to install it on both Ubuntu and CentOS.

Ubuntu/Debian

First, update your package list and install the required package:

sudo apt update
sudo apt install shadowsocks-libev

CentOS/RHEL

For CentOS, you need to enable the EPEL repository first:

sudo yum install epel-release

Then, install Shadowsocks-libev:

sudo yum install shadowsocks-libev

2. Configuring Shadowsocks-libev

Shadowsocks-libev uses a JSON configuration file to set up the server and client. The default configuration file path is /etc/shadowsocks-libev/config.json, but you can customize it as needed.

Create or edit the configuration file:

sudo nano /etc/shadowsocks-libev/config.json

Add the following content to the file:

{
    "server": "0.0.0.0",
    "server_port": 8388,
    "local_address": "127.0.0.1",
    "local_port": 1080,
    "password": "your_password",
    "timeout": 300,
    "method": "chacha20-ietf-poly1305"
}

Explanation of the parameters:

• server: The server IP address. If you are configuring the server, use 0.0.0.0 to listen on all interfaces. For client setups, use the actual Shadowsocks server address.

• server_port: The port on which the server listens, typically 8388.

• local_address: The local proxy address, usually 127.0.0.1.

• local_port: The local proxy port, usually 1080, for SOCKS5 proxy connections.

• password: The password for connecting to the server. This must match the server configuration.

• timeout: Connection timeout in seconds. A good default is 300.

• method: The encryption method. In this case, chacha20-ietf-poly1305 is recommended for its speed and security.

3. Starting Shadowsocks-libev

After setting up the configuration file, you can start the Shadowsocks service with the following command:

sudo systemctl start shadowsocks-libev

To ensure the service starts automatically on boot, enable it:

sudo systemctl enable shadowsocks-libev

4. Verifying Shadowsocks is Running

After starting the service, you can check its status with:

sudo systemctl status shadowsocks-libev

If the service shows active (running), it is running properly.

5. Client Setup

If you're using Shadowsocks as a client, you only need to configure your system to route traffic through the local proxy address and port defined in the configuration file. You can use command-line tools or desktop applications like proxychains or browser extensions such as SwitchyOmega.

For example, to test the proxy using curl:

curl --socks5 127.0.0.1:1080 http://ipinfo.io

This command will access ipinfo.io through the Shadowsocks proxy and return your public IP information.

6. Firewall Configuration

Ensure that the Shadowsocks server port is open in your firewall. Use the following commands to open the port (e.g., 8388):

• For Ubuntu/Debian:

sudo ufw allow 8388

• For CentOS/RHEL:

sudo firewall-cmd --permanent --add-port=8388/tcp
sudo firewall-cmd --reload

7. Security Optimization

For enhanced security, consider the following steps:

1. Use a strong password: Ensure that the password is sufficiently random and strong.

2. Restrict IP access: If possible, set the server field to a specific IP address to restrict connections.

3. Use a non-default port: Avoid using the default port 8388 by choosing a random high port number to increase security.

4. Choose a secure encryption method: chacha20-ietf-poly1305 is a modern encryption method offering both strong security and good performance.

8. Logs and Troubleshooting

If you encounter any issues, check the logs to troubleshoot. Shadowsocks-libev logs can usually be found in /var/log/syslog. You can use the following command to view the logs in real-time:

sudo tail -f /var/log/syslog | grep shadowsocks

This will help you track any errors or issues with the Shadowsocks service.

---

Connect Your Device to a Shadowsocks Proxy Server

To connect your computer or smartphone to the Shadowsocks-libev proxy server, follow the steps below for different operating systems. The overall process involves configuring your device to route internet traffic through the Shadowsocks server.

1. Connect on Windows (with Shadowsocks Client)

Step-by-step guide:

1. Download the Shadowsocks Windows Client:

   • Visit the official Shadowsocks GitHub page and download the latest release.

2. Install the Client:

   • Extract the downloaded file and run the Shadowsocks.exe file to launch the client.

3. Configure the Shadowsocks Client:

   • Open the Shadowsocks client and enter the server details you configured earlier on the Linux server:

     • Server IP: The public IP address of your Shadowsocks server.

     • Server Port: The port number (e.g., 8388).

     • Password: The same password you set in the server's config.json.

     • Encryption Method: Choose chacha20-ietf-poly1305 as the encryption method.

4. Enable the Proxy:

   • After configuring the server details, right-click on the Shadowsocks client icon in the taskbar and select System Proxy. This will route all internet traffic on your Windows system through the Shadowsocks proxy.

5. Test the Connection:

   • Open your browser and try visiting a blocked website or check your IP on a site like ipinfo.io to ensure your traffic is routed through the proxy.

2. Connect on macOS (with ShadowsocksX-NG)

Step-by-step guide:

1. Download ShadowsocksX-NG:

   • Download the ShadowsocksX-NG client for macOS.

2. Install the Client:

   • Drag the app to your Applications folder and launch it.

3. Configure the Client:

   • Click on the ShadowsocksX-NG icon in the menu bar and open Preferences.

   • Enter the server details:

     • Server: Your server’s public IP.

     • Port: The port number (e.g., 8388).

     • Password: The server password.

     • Method: Choose chacha20-ietf-poly1305 as the encryption method.

4. Enable the Proxy:

   • After entering the details, click OK, then click on the Shadowsocks icon in the menu bar and select Global Mode or PAC Mode to enable the proxy.

5. Test the Connection:

   • Open your browser or any other internet application to check if the proxy is working.

3. Connect on Android (with Shadowsocks App)

Step-by-step guide:

1. Download the Shadowsocks App:

   • Install the official Shadowsocks app for Android from the Google Play Store.

2. Configure the App:

   • Open the app and click the + button to add a new profile.

   • Select Manual Settings and input the server details:

     • Server: Your server’s public IP.

     • Remote Port: The port number (e.g., 8388).

     • Password: The server password.

     • Encrypt Method: Select chacha20-ietf-poly1305.

3. Enable the Proxy:

   • After saving the profile, toggle the switch to connect.

   • Once connected, your internet traffic will be routed through the Shadowsocks proxy.

4. Test the Connection:

   • Open your browser or any internet-based app to verify that traffic is going through the proxy.

4. Connect on iOS (with Potatso Lite or Shadowrocket)

Option 1: Potatso Lite (Free)

1. Download Potatso Lite:

   • Install Potatso Lite from the App Store.

2. Configure the App:

   • Open the app and tap Add to create a new proxy configuration.

   • Enter the server details:

     • Server: Your Shadowsocks server’s IP.

     • Port: The port number (e.g., 8388).

     • Password: The same password used on your server.

     • Method: Select chacha20-ietf-poly1305.

3. Enable the Proxy:

   • After saving the configuration, toggle the switch to connect.

   • You will be prompted to allow the app to add VPN configurations; accept this.

4. Test the Connection:

   • Open your browser or another app to verify that the proxy is working.

Option 2: Shadowrocket (Paid)

1. Download Shadowrocket:

   • Install Shadowrocket from the App Store (this is a paid app).

2. Configure the App:

   • Open the app and add a new server configuration by tapping the + icon.

   • Fill in the server details:

     • Server: Your Shadowsocks server IP.

     • Port: The port number (e.g., 8388).

     • Password: The server password.

     • Encrypt Method: Select chacha20-ietf-poly1305.

3. Enable the Proxy:

   • Save the profile and toggle the switch to connect.

   • Allow the app to set up a VPN connection when prompted.

4. Test the Connection:

   • Open any app or browser to ensure your traffic is routed through the proxy.

---

These methods should allow you to connect your devices to the Shadowsocks proxy server. Once connected, your internet traffic will be encrypted and routed through the server, bypassing local restrictions and improving privacy.

Conclusion

Shadowsocks-libev is an efficient proxy tool that provides encrypted communication for privacy and censorship circumvention. This guide has covered how to install, configure, and run Shadowsocks-libev on a Linux system, along with some best practices for security and troubleshooting. By following these steps, you should be able to set up Shadowsocks-libev successfully for various proxy use cases.