- #SHADOWSOCKS CLIENT LINUX HOW TO#
- #SHADOWSOCKS CLIENT LINUX INSTALL#
- #SHADOWSOCKS CLIENT LINUX UPDATE#
- #SHADOWSOCKS CLIENT LINUX FULL#
Q: Should I change the server_port to some common ports like 443?Ī: No. Point the owners to this tutorial, as well as this post and this summary. Q: But my “airport” is still using stream cipher?Ī: Then it is clear sign that your “airport” has very poor security awareness.
#SHADOWSOCKS CLIENT LINUX FULL#
More devastatingly, an attacker can get full decryption of recorded Shadowsocks sessions, without knowing the password. Even the latest version of Shadowsocks-libev operating in stream cipher mode is vulnerable to active probing (see Figure 10).
Q: Should I use any stream cipher in Shadowsocks?Ī: No. It is also the default encryption method for both Shadowsocks-libev and OutlineVPN. Q: Why do you use chacha20-ietf-poly1305?Ī: Because it is one of the AEAD ciphers, which can defend the active probings by the GFW.
#SHADOWSOCKS CLIENT LINUX UPDATE#
To manually update immediately: sudo snap refresh. Q: How can I update Shadowsocks-libev via snap?Ī: Usually you don’t have to update it manually because snap automatically updates all apps once per day. For example, as of January 2021, the version included in Debian buster repo was v3.2.5, which was not sufficient to defend active probings from the GFW (see Figure 10).
#SHADOWSOCKS CLIENT LINUX INSTALL#
Q: Should I install Shadowsocks-libev from a distribution repo?Ī: A distribution repo may not always include the latest version of Shadowsocks-libev. We also encourage you report the block to us and we will carefully investigate it. If your server got blocked, too, please consider using the backup ports to mitigate the blocking. Since this tutorial can defend all known active probing attacks by the GFW, it is likely that the censor has employed some unknown attacks against Shadowsocks-libev. Q&A Q: Why did my server still get blocked when I followed your tutorial?Ī: As of November 7 2021, we indeed received a few report on the blocking of Shadowsocks. Note that setting a PREROUTING rule on ephermeral ports ( /proc/sys/net/ipv4/ip_local_port_range) will not disrupt normal outgoing connections that use those ephermeral ports as source ports. Now double check you have both snapd and Snap core installed:Ĭhain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
#SHADOWSOCKS CLIENT LINUX HOW TO#
This tutorial documents how to install, configure and maintain a Shadowsocks-libev server.īy following this tutorial, your Shadowsocks-libev servers should be able to defend against various attacks,