How To Use ShadowsocksR To Bypass The Chinese Firewall
source link: https://greycoder.com/using-shadowsocksr-to-bypass-the-chinese-firewall/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
How To Use ShadowsocksR To Bypass The Chinese Firewall
By Grey One
/ January 11, 2019 / 5 Comments
Shadowsocks is open-source software which hides or obfuscates internet connections.
It is widely used in mainland China to circumvent Internet censorship. It was created in 2012 by a Chinese programmer named “clowwindy”, and multiple implementations of the protocol have been made available since.
Recently, the Great Firewall has started to block Shadowsocks servers in the same way that they block VPN servers. It is still possible to use Shadowsocks in China, but you may have to rebuild your server with a new IP address if it gets blocked.
The latest recommendation is to use ShadowsocksR (SSR) with obfuscation following the guide pasted below. Although ShadowsocksR can still be blocked, it is less likely to be detected.
A List Of ShadowsocksR Apps
How To Set Up ShadowsocksR on a VPS
Step 1. Get a VPS from Vultr.com.
- Rent a VPS from Vultr
- You need bitcoin, a credit card, Paypal, Alipay, UnionPay or WeChat Pay
- Go to “Servers”, click on the “+” and deploy a new instance
- Select those options:
- Server: Tokyo
- Server Type: Debian 7 x64
- Package: $2.50 (The cheapest, comes with 500GB traffic)
- Additional Features: Enable IPv6
Step 2. Install ShadowsocksR
Login to your server using Putty or any other SSH client.
wget –no-check-certificate https://raw.githubusercontent.com/teddysun/shadowsocks_install/master/shadowsocks-all.sh
chmod +x shadowsocks-all.sh
./shadowsocks-all.sh 2>&1 | tee shadowsocks-all.log
The install script will do everything for you. Choose option 2. ShadowsocksR, choose a password and port (any port will do). Press enter and wait for it to complete.
After it is done it will display the config.
Congratulations, ShadowsocksR server install completed!
Your Server IP : 0.0.0.0
Your Server Port : 8989
Your Password : password
Your Encryption Method: aes-256-cfb
Protocol : origin
obfs : plain
Step 3. Edit the config
vi /etc/shadowsocks-r/config.json
Press “i” to edit the file. Move the cursor around to change text. Change "protocol": "origin",
to "protocol": "auth_sha1_v4",
and "obfs": "plain",
to "obfs": "tls1.2_ticket_auth",
Press “esc” then type “:wq!” to save the file and go back
Restart shadowsocksr with
/etc/init.d/shadowsocks-r restart
Step 4. Download the Client
Run it, enter your IP, Port, Password and change the protocol and obfs. Done
Step 5. Protect your SSH access from bruteforce attacks
The simplest way to do that is using iptables
iptables -I INPUT -p tcp –dport 22 -i eth0 -m state –state NEW -m recent –set
iptables -I INPUT -p tcp –dport 22 -i eth0 -m state –state NEW -m recent –update –seconds 60 –hitcount 4 -j DROP
This will block IP addresses that try to login more than 3 times per minute. It only affects “NEW” connections, so properly authenticated ssh sessions will not get blocked.
Other Rumors
Is Shadowsocks currently banned? Here is what a user in China reports:
The government seems to be trying to intercept but apparently still needs to work hard. They tried to discover these hidden services by using social engineering, traffic detection and analysis, and port proactive detection. However, some service providers of Shadowsocks are also trying to counter these bans. The Shadowsocks protocol is still being maintained, and the protocol has missing a clear communication magic word to be discovered.
Ding Yufeng
This guide is similar to the set-up listed in the article above, but has a few differences:
https://www.tipsforchina.com/how-to-setup-a-fast-shadowsocks-server-on-vultr-vps-the-easy-way.html
Keep in mind, BBR doesn’t work with OpenVZ. It works for KVM, I believe. Vultr should be fine since the guide uses Vultr as well.
Let me know if that guide isn’t enough.
For KCP, if you’re familiar with SS/SSR, then it’s basically the same thing.
https://github.com/xtaci/kcptun
Basically, instead of going direct SS (client) to SS (server), you go SS (client) -> Kcp (client) -> Kcp (server) -> SS (server).
The git page has enough basics. If you have problems with that, you may need to spend some time familiarizing yourself with linux command line/vi or vim editor.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK