Home » Network & Privacy » Chinese VPN Shadowsocks Simple Installation and Configuration

Chinese VPN Shadowsocks Simple Installation and Configuration

Author Reading 6 min Views 19 Modified by

If encrypting traffic to a trusted server is your only goal, then OpenVPN is too complex to configure for such a purpose, and Dante – A free SOCKS server does not encrypt out of the box.

Since 2012, a free open-source project named Shadowsocks has been created in China. This is a pair of programs for a server and a client operating on the following principle: the client acts as a SOCKS5 proxy server, receives incoming connections, encrypts them, transmits them to the server, and then releases them to the Internet. The principle of operation is similar to an SSH tunnel, but it has a lot of advantages and a couple of disadvantages compared to it.

Contents
  1. Advantages and Disadvantages of Shadowsocks
  2. Shadowsocks Server Configuration
  3. Client Configuration
  4. Configuring a Desktop Client using Windows as an Example
  5. Configuring a Desktop Client using Linux as an Example
  6. Conclusion

Advantages and Disadvantages of Shadowsocks

Advantages of Shadowsocks:

  • Easy configuration of the server (the standard config is just 5 lines) and the client. Clients exist for all operating systems.
  • The client does not need admin rights to run.
  • Easy to configure access at the level of individual programs. In the browser, using extensions like Proxy Toggle/OmegaSwitchy, it can be done at the level of individual addresses using complex rules.
  • Unlike a VPN, which on most systems is implemented via a virtual network card, the Shadowsocks client does not crash if the connection drops. So your traffic will not flow unprotected on its own. Moreover, even if the Shadowsocks application itself crashes, programs will not connect directly unless configured to do so. When using a VPN, you have to implement a kill-switch, and they, especially for Windows, are unreliable and have side effects.
  • Compared to an SSH tunnel, it provides high throughput, supporting thousands of clients with a lot of connections from each.
  • Graphical configuration of clients. You can generate a QR code, and when scanned, the clients configure themselves. You configure one Windows client, generate the code, and distribute it to 20 smartphones in a minute. You can also post the QR code on a website.

Disadvantages of Shadowsocks:

  • It does not separate users. It can be taught to listen on multiple ports with different passwords, but on a single port, there is only one password.
  • It cannot forward a port in the reverse direction. That means everyone sits as if behind a NAT.
  • It cannot compress traffic with an archiver. In the age of HTTP 2.0, this does not matter.

Shadowsocks Server Configuration

There are two versions of Shadowsocks: the reference version, written in Python, and shadowsocks-libev, which is the same thing but rewritten in pure C for speed.

In Ubuntu 22, let’s install the utilities, Shadowsocks server, and the v2ray plugin:

apt-get install dialog htop lsof

apt install shadowsocks-libev shadowsocks-v2ray-plugin

After installation, the server is already running with the configuration file /etc/shadowsocks-libev/config.json:

 systemctl status shadowsocks-libev.service
● shadowsocks-libev.service - Shadowsocks-libev Default Server Service
...
     CGroup: /system.slice/shadowsocks-libev.service
             └─1762 /usr/bin/ss-server -c /etc/shadowsocks-libev/config.json

By default, config.json does not work; to launch it, it is minimally necessary to change the “server” parameter. You can also change the encryption method. Bring the config.json file to the following form:

{
"server":["xxx.xxx.xxx.xxx"],
"mode":"tcp_and_udp",
"server_port":8388,
"local_port":1080,
"password":"your_password",
"timeout":86400,
"method":"aes-256-gsm"
}

Client Configuration

Note: If extensions that manage the choice of proxy server (VPN extensions, Switchy Omega) are installed in the browser, enabling Shadowsocks via System Proxy – Global will have no effect on the browser. You need to either disable them or reconfigure them to use the system proxy, if such an option is available.

Configuring a Desktop Client using Windows as an Example

  1. Download the client and unpack shadowsocks.
  2. Download the v2ray plugin suitable for your platform. Extract the file from the archive and rename it to v2ray.exe (or just v2ray if your file explorer does not display file extensions). Place it in the same directory as shadowsocks.
  3. Launch shadowsocks.
  4. Configure the connection. The parameters correspond to the server config.
  5. Right-click on the shadowsocks icon in the system tray and enable the proxy by selecting System Proxy – Global in the same context menu.
  6. Done!

Configuring a Desktop Client using Linux as an Example

This method can also be used on MacOS and Windows to run the console client.

  1. Download and unpack go-shadowsocks2.
  2. Download and unpack the plugin v2ray-plugin-linux-amd64-v1.3.2.tar.gz.
  3. Place both executable files in the same directory. Navigate to this directory in the terminal.
  4. Rename the plugin executable file to v2ray.
  5. Make both files executable:
    chmod +x shadowsocks2linux v2ray
  6. Launch the proxy with the command, where instead of DOMAIN (in two places) and PASSWORD, use your domain and password:
./shadowsocks2-linux -c "ss://AEAD_CHACHA20_POLY1305:PASSWORD@DOMAIN:443" -verbose -socks :1080 -u -plugin v2ray -plugin-opts "tls;host=DOMAIN"

After launching, a SOCKS5 proxy will be available on local port 1080 at the address 127.0.0.1. It can already be used in programs.

Conclusion

From the very beginning, Shadowsocks was developed as a tool to bypass blocks in China, and it succeeds quite well in this task. At some point, it gained the ability to connect external plugin modules to wrap Shadowsocks traffic into various types of network connections. This significantly expands the boundaries of its application.

Shadowsocks is an encrypted network tunnel, the client side of which provides applications with access to the network as a SOCKS proxy running on the same device. There are Shadowsocks client applications that allow traffic to be routed into it like a VPN. V2Ray stands out due to its advanced tunneling methods, modular design, and support for multiple protocols such as VMess, Socks, and HTTP. An optimized VPS for V2Ray is offered by 1Gbits.

Obfs-proxy. It allows you to wrap Shadowsocks traffic into pure, unremarkable SSL and send it to port 443. This is useful for those who are already facing protocol whitelists.

Rork

Linux hobbyist into networking and digital privacy. I use this hub to translate and store technical notes on sysadmin tasks and anonymity tools. Tech should work for people, not the other way around.

Rate author
Add a comment

© 2026 Linux Hub