Build a Shadowsocks server – an easier alternative to VPN

Hi everyone,

Last time I wrote a tutorial on how to build an PPTP server. Now a new way to connect emerged: Shadowsocks! Shadowsocks is already a hot topic among some Chinese-speaking communities but still largely unknown to the expats I think. Here we go: the first tutorial on building a shadowsocks server in English!

After finishing this tutorial you should be able to visit blocked websites on your Windows computer using your own Shadowsocks system.

Shadowsocks is a creation by clowwindy.

Step one: First get a VPS

Get a Linux VPS. A VPS is shortened for Virtual Private Server. It’s not a whole machine (too costly!) but one portion of a machine. A 256 Ram VPS is about 60-90 USD a year and that’s all you have to pay. And if you manage to sell your shadowsocks accounts, you can even make profits!

A cheap and yet very fast and stable VPS provider is digitalocean.com. Only 5$/month for a 512mb RAM SSD VPS!

For China users, vr.org offers the best Hong Kong VPS servers.

A decent VPS provider is linode.com which provides Japan and US servers fast for China.

A cheaper choice is budgetvm.com

You need to get a VPS with linux centos, Debian or Ubuntu installed. After purchasing you will get an IP for your VPS, and a SSH (never mind those terms. Few knows what they actually are) account.

Step two: install Shadowsocks server application on your VPS

Use Putty (software name) to log on to your remote VPS using the IP and SSH account provided. And you get a DOS like black Window with a command line like this:

Type at the command line:

wget --no-check-certificate https://breakwall.net/promo/install_ss.sh

And press enter
Then type at the command line:

bash install_ss.sh

to run the script.
First the script will ask you to type a password. Then it will ask you whether to install nodejs. Press ‘y’ for yes.
After the script finishes, then all is set on the server side! So easy:-)
Step Three: run the Windows client program
Click this link https://breakwall.net/soft/yingwa.zip to download the Shadowsocks Windows client. Unzip the file and run yingwa.exe, you will get this screen:

Now fill the server with your linux VPS server IP. Fill your password you have set on the server in step two. For port number type 999

And click connect. Now open IE or chrome and enjoy your work.

Both shadowsocks server and client are open source projects hosted at github.com

Posted in Uncategorized
19 comments on “Build a Shadowsocks server – an easier alternative to VPN
  1. Tom says:

    Hi,
    Great article, never heard of this before. A few questions. I’m guessing it actually works like a VPN and not a socks proxy with no need to change proxy settings in ie or Firefox or am I wrong? Is there a way to change the port the server listens on and do most vps allow this use?

  2. Yi fan says:

    Hi Tom,

    The client site actually creates a socks5 proxy. Privoxy converts the sock5 proxy into http proxy and my program sets the browser proxy automatically at connect and unsets it when disconnect. So you do not need to change proxy settings as the client program will do it for you.

    You can edit the config.json file on the server side to add new users and change ports. Search shadowsocks node.js at github.com you will find the source code and technical details.

    Technically it works on all vps. Some vps providers may not allow proxy program running on their servers though.

  3. keigan says:

    Thanks for your bash script. it make life a lot easier.

    Does this shadowsocks has the ability to obfuscate traffic?

    3 month ago i’ve had softehter successfully running on my vps, however after a week or so, GFW block my vps ip. And from then on have been reading alot about GFW and understand that GFW has DPI(deep packet inspection) ability. that is why my vpn ip was blocked. Just last week, my ip was removed from blacklist.

    I’m interested to have shadowsocks & obfsproxy work hand in hand together to minimise the chance of having my vps ip blocked again by GFW.

    Thanks.

    • Yi Fan says:

      Hi keigan,
      I am not sure the blockage is related to shadowsocks. By default it already encrypts data. You can change the encryption to a stronger one by editing the config file.

  4. keigan says:

    Thanks Yi fan,

    Sure i’ll try playing around with the config file.

    May i ask, how do i solve the 500 internal privoxy error? This only happens 2days later upon successfully using it.
    I’m using Windows client program (yingwa), and on vps side installing shadowsocks using the bash script both written by you.
    VPS Specs:
    Ubuntu 10.04 64bit
    128.00 MB / 256 MB (Burstable)

    • Yi Fan says:

      The server side shadowsocks program is down.
      Reason: you have too little ram but nodejs eats large amount of ram, especially when you watch videos.

      Solution: 1) Use shadowsocks-go (go version of shadowsocks) on the server.
      2) Rebuild your VPS to use a 32 bit system.
      3) Buy a better VPS with larger RAM.

  5. keigan says:

    Yeah, have seen the go version somewhere.

    Thanks for your help. Cheers. =)

  6. Palz says:

    Yingwa says “client connected” but

    With Chrome & IE I get
    “500 Internal Privoxy Error
    Privoxy encountered an error while processing your request:
    Could not load template file no-server-data or one of its included components.
    Please contact your proxy administrator.
    If you are the proxy administrator, please put the required file(s)in the (confdir)/templates directory. The location of the (confdir) directory is specified in the main Privoxy config file. (It’s typically the Privoxy install directory).”

    Does it work on FireFox? My real ip shows when I use it.

    Any way to use it without the Yingwa client?

    • Yi Fan says:

      1. This error occurs when something goes wrong with your shadowsocks server.
      2. If you set firefox to use “system proxy” then, it will work as chrome and IE.
      3. Yes, Yingwa is just a GUI. Without Yingwa, you will need to setup shadowsocks-local manually by editing the config file and change browser’s proxy manually

  7. Palz says:

    Thanks for the reply, Shadowsocks appears to be working
    ~/shadowsocks-nodejs# bash ./start.sh
    running and json not updated. CPU uti: 0
    ~/shadowsocks-nodejs# ps -x
    3490 pts/3 Sl 0:00 /usr/local/bin/node /root/shadowsocks-nodejs/server.js

    Any suggestions on trouble shooting as Privoxy still throws a 500 error?

  8. Palz says:

    Please ignore previous email, the problem was that I used aes-256cfb for encryption.

  9. Palz says:

    Is it using any encryption? Only the setting “table” appears to work, any other method and it doesn’t work?

    How do I change it to a stronger encryption?

    • Yi Fan says:

      Hi Palz,

      Yingwa has to use the SAME encryption method your server uses. Edit the config file of your server to change Encryption first.

      Fan

  10. keigan says:

    Here are details of my personal experience setting up shadowsocks proxy for personal usage to overcome chinese’s firewall. A little give back to this page. This may somehow do a little help for newbie who had the same purpose as it may shorten their learning curve.

    My VPS Details
    Memory Ram: 128 MB

    1. Install shadowsocks-libuv on server : A Lightweight and Super Fast Server for shadowsocks. A proxy to help you get through firewalls.

    Protocol made by clowwindy, libuv port by dndx

    Installation steps can be found on “shadowsocks-libuv” github page. (google it)

    2. Shadowsocks Client.
    I’m using Yingwa for shadowsocks client on my win8. https://breakwall.net/soft/yingwa.zip

    3. MobileShadowSocks for my Iphone 4S(jailbreak)
    Using MobileShadowSocks by linusyang on my IOS.
    Details can be found on https://github.com/linusyang/MobileShadowSocks

    It can be found on bigboss repository under name “Shadowsocks”.

    Lastly, a great Thanks for Yi Fan of having this great site and his diligent help.

    • Yi Fan says:

      libuv and go version is much more stabler than nodejs and consumes much less memory, ideal for small RAM VPSes.

  11. Steve says:

    I have been trying to get this up and running for a couple days but Privoxy still throws a 500 error.

    My VPS has 4GB of RAM and running Ubuntu 13.04. When I could not get it to work with your script, I installed directly from github. I have M2Crypto installed as wells as gevent.

    My config.json file looks like this (IP and password removed):

    “server”:”***.***.***.***”,
    “server_port”:8388,
    “local_port”:1080,
    “password”:”********”,
    “timeout”:600,
    “method”:”aes-256-cfb”
    }

    When I run ssserver I get this:
    2013-08-13 00:37:04 INFO loading config from config.json
    2013-08-13 00:37:05 INFO starting server at ***.***.***.***:8388

    Any help is much appreciated.

    • Yi Fan says:

      Could be the encryption. If you set your server side to “aes-256-cfb”, then make sure to use the same encryption on the client side.

  12. Steve says:

    Both sides have “aes-256-cfb” selected.

    I tried not using the yingwa.exe and just manually configuring the browser proxy setting and running ssocks64.exe and I get these messages:
    available remote server ***.***.***.***:999
    starting local socks5 server at port 65509 …

    Then when I try to visit a website:
    socks handshake: socks version not supported

    I have it set to use Socks 5 but seems to still be using 4?

    • Yi Fan says:

      Server side debugging can be difficult. You could try to exactly follow my instructions with no changes to see if you can make it work. Then you can think of customize




Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>