richard
/
shadowsocks-libev
mirror of https://github.com/shadowsocks/shadowsocks-libev.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
815 Commits
8 Branches
85 Tags
14 MiB
Tree: 6d79387715
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6d79387715'
${ noResults }
shadowsocks-libev/README.md

357 lines
11 KiB
Raw Normal View History

add readme
12 years ago
update README
12 years ago
add readme
12 years ago
update README
11 years ago
fix typo
10 years ago
update readme
11 years ago
update README
11 years ago
update URLs
10 years ago
update README
11 years ago
Add @linusyang as a major maintainer
11 years ago
update README
11 years ago
bump version
9 years ago
Update README.md
9 years ago
add readme
12 years ago
update README
11 years ago
add readme
12 years ago
update readme
11 years ago
update README
11 years ago
Fix MinGW PolarSSL build and update readme
11 years ago
update README
11 years ago
Update README.md
10 years ago
update README
11 years ago
update README
11 years ago
update README
12 years ago
add readme
12 years ago
Add some notes about PolarSSL in README.md
11 years ago
Fix MinGW PolarSSL build and update readme
11 years ago
Add some notes about PolarSSL in README.md
11 years ago
Fix MinGW PolarSSL build and update readme
11 years ago
Update the Debian/Ubuntu installation section
11 years ago
Mod: update building from source for debian in README.md
10 years ago
fix #221
9 years ago
Update README.md Fix a typo for Debian/Ubuntu sources list file name
10 years ago
Update the Debian/Ubuntu installation section
11 years ago
completely rename as shadowsocks-libev. it's not conflicted with shadowsocks-python now. users can install both python and libev ports of shaowsocks now. but they should migrate their old configuration file from /etc/shadowsocks/config.json to /etc/shadowsocks-libev/config.json
10 years ago
Mod: update building from source for debian in README.md
10 years ago
Update the Debian/Ubuntu installation section
11 years ago
Mod: update building from source for debian in README.md
10 years ago
Update README.md add unsigned flag by default, for the people who do not have secret key.
10 years ago
Mod: update building from source for debian in README.md
10 years ago
completely rename as shadowsocks-libev. it's not conflicted with shadowsocks-python now. users can install both python and libev ports of shaowsocks now. but they should migrate their old configuration file from /etc/shadowsocks/config.json to /etc/shadowsocks-libev/config.json
10 years ago
Mod: update building from source for debian in README.md
10 years ago
Update the Debian/Ubuntu installation section
11 years ago
completely rename as shadowsocks-libev. it's not conflicted with shadowsocks-python now. users can install both python and libev ports of shaowsocks now. but they should migrate their old configuration file from /etc/shadowsocks/config.json to /etc/shadowsocks-libev/config.json
10 years ago
Update the Debian/Ubuntu installation section
11 years ago
completely rename as shadowsocks-libev. it's not conflicted with shadowsocks-python now. users can install both python and libev ports of shaowsocks now. but they should migrate their old configuration file from /etc/shadowsocks/config.json to /etc/shadowsocks-libev/config.json
10 years ago
Update the Debian/Ubuntu installation section
11 years ago
RHEL/CentOS is supported by Fedora Copr now.
10 years ago
no more fedora 19 updates now. Fedora 19 is officially end of life.
9 years ago
RHEL/CentOS is supported by Fedora Copr now.
10 years ago
add fedora repo to readme
10 years ago
RHEL/CentOS is supported by Fedora Copr now.
10 years ago
add fedora repo to readme
10 years ago
update README, fix #19
11 years ago
update README
11 years ago
Add initial support for native win32 platform Should be built against MinGW, and please note that only ss-local is ported due to lack win32 support of libasyncns. And libev doesn't support IOCP but only supports select
11 years ago
add readme
12 years ago
update README
12 years ago
update README
11 years ago
update README
12 years ago
update README
11 years ago
update README
11 years ago
update README
11 years ago
update README
11 years ago
Update FreeBSD section of README.md I have updated the freebsd port to include a default config.json file, which will be installed into /usr/local/etc/shadowsocks-libev by default. To enable shadowsocks-libev on freebsd, it's as simple as adding the shadowsocks_libev_enable variable to /etc/rc.conf
11 years ago
update README
11 years ago
Update FreeBSD section of README.md I have updated the freebsd port to include a default config.json file, which will be installed into /usr/local/etc/shadowsocks-libev by default. To enable shadowsocks-libev on freebsd, it's as simple as adding the shadowsocks_libev_enable variable to /etc/rc.conf
11 years ago
update README
11 years ago
update README
11 years ago
update README
11 years ago
update README
11 years ago
update README
11 years ago
update URLs
10 years ago
update README
11 years ago
add OS X's install instruction
9 years ago
update README
11 years ago
update README
11 years ago
Add initial support for native win32 platform Should be built against MinGW, and please note that only ss-local is ported due to lack win32 support of libasyncns. And libev doesn't support IOCP but only supports select
11 years ago
Fix MinGW PolarSSL build and update readme
11 years ago
Add initial support for native win32 platform Should be built against MinGW, and please note that only ss-local is ported due to lack win32 support of libasyncns. And libev doesn't support IOCP but only supports select
11 years ago
Fix MinGW PolarSSL build and update readme
11 years ago
Add initial support for native win32 platform Should be built against MinGW, and please note that only ss-local is ported due to lack win32 support of libasyncns. And libev doesn't support IOCP but only supports select
11 years ago
update README
11 years ago
Add initial support for native win32 platform Should be built against MinGW, and please note that only ss-local is ported due to lack win32 support of libasyncns. And libev doesn't support IOCP but only supports select
11 years ago
Fix MinGW PolarSSL build and update readme
11 years ago
Add initial support for native win32 platform Should be built against MinGW, and please note that only ss-local is ported due to lack win32 support of libasyncns. And libev doesn't support IOCP but only supports select
11 years ago
Fix MinGW PolarSSL build and update readme
11 years ago
Add initial support for native win32 platform Should be built against MinGW, and please note that only ss-local is ported due to lack win32 support of libasyncns. And libev doesn't support IOCP but only supports select
11 years ago
update README
11 years ago
Add initial support for native win32 platform Should be built against MinGW, and please note that only ss-local is ported due to lack win32 support of libasyncns. And libev doesn't support IOCP but only supports select
11 years ago
Fix MinGW PolarSSL build and update readme
11 years ago
update README
11 years ago
update README
12 years ago
update README
10 years ago
update documents
10 years ago
update README.md
9 years ago
Update README.md
9 years ago
update README.md
9 years ago
add onetime authentication
9 years ago
update README.md
9 years ago
fix #271
9 years ago
update README.md
9 years ago
bump version
9 years ago
update README.md
9 years ago
Update README.md
9 years ago
add ip addr support
9 years ago
update README.md
9 years ago
add readme
12 years ago
update usage
11 years ago
update README
12 years ago
Update README.md
11 years ago
update README
11 years ago
Update README.md
11 years ago
Add TPROXY support for redir mode
9 years ago
Update README.md
11 years ago
Add TPROXY support for redir mode
9 years ago
Update README.md
11 years ago
Add TPROXY support for redir mode
9 years ago
Update README.md
11 years ago
Add TPROXY support for redir mode
9 years ago
update README
11 years ago
update
11 years ago
update README
11 years ago
Update README.md
10 years ago
update README
11 years ago
  1. shadowsocks-libev
  2. =================
  4. Intro
  5. -----
  7. [Shadowsocks-libev](http://shadowsocks.org) is a lightweight secured socks5
  8. proxy for embedded devices and low end boxes.
  10. It is a port of [shadowsocks](https://github.com/shadowsocks/shadowsocks)
  11. created by [@clowwindy](https://github.com/clowwindy) maintained by
  12. [@madeye](https://github.com/madeye) and [@linusyang](https://github.com/linusyang).
  14. Current version: 2.3.2 | [Changelog](debian/changelog)
  16. Travis CI: [![Travis CI](https://travis-ci.org/shadowsocks/shadowsocks-libev.png?branch=master)](https://travis-ci.org/shadowsocks/shadowsocks-libev) | Jenkins Matrix: [![Jenkins](https://jenkins.shadowvpn.org/buildStatus/icon?job=Shadowsocks-libev)](https://jenkins.shadowvpn.org/job/Shadowsocks-libev/)
  18. Features
  19. --------
  21. Shadowsocks-libev is writen in pure C and only depends on
  22. [libev](http://software.schmorp.de/pkg/libev.html) and
  23. [openssl](http://www.openssl.org/) or [polarssl](https://polarssl.org/).
  25. In normal usage, the memory footprint is about 600KB and the CPU utilization is
  26. no more than 5% on a low-end router (Buffalo WHR-G300N V2 with a 400MHz MIPS CPU,
  27. 32MB memory and 4MB flash).
  29. Installation
  30. ------------
  32. #### Notes about PolarSSL
  34. * Default crypto library is OpenSSL. To build against PolarSSL,
  35. specify `--with-crypto-library=polarssl` and `--with-polarssl=/path/to/polarssl`
  36. when running `./configure`.
  37. * PolarSSL __1.2.5 or newer__ is required. Currently, PolarSSL does __NOT__ support
  38. CAST5-CFB, DES-CFB, IDEA-CFB, RC2-CFB and SEED-CFB.
  39. * RC4 is only support by PolarSSL __1.3.0 or above__.
  41. ### Debian & Ubuntu
  43. #### Install from repository
  45. Add GPG public key
  47. ```bash
  48. wget -O- http://shadowsocks.org/debian/1D27208A.gpg | sudo apt-key add -
  49. ```
  51. Add either of the following lines to your /etc/apt/sources.list
  53. ```
  54. # Debian Wheezy, Ubuntu 12.04 or any distribution with libssl > 1.0.1
  55. deb http://shadowsocks.org/debian wheezy main
  57. # Debian Squeeze, Ubuntu 11.04, or any distribution with libssl > 0.9.8, but < 1.0.0
  58. deb http://shadowsocks.org/debian squeeze main
  59. ```
  61. Then,
  63. ``` bash
  64. sudo apt-get update
  65. sudo apt-get install shadowsocks-libev
  66. ```
  68. #### Build package from source
  70. ``` bash
  71. cd shadowsocks-libev
  72. sudo apt-get install build-essential autoconf libtool libssl-dev gawk debhelper
  73. dpkg-buildpackage -us -uc
  74. cd ..
  75. sudo dpkg -i shadowsocks-libev*.deb
  76. ```
  78. #### Configure and start the service
  80. ```
  81. # Edit the configuration
  82. sudo vim /etc/shadowsocks-libev/config.json
  84. # Start the service
  85. sudo /etc/init.d/shadowsocks-libev start
  86. ```
  88. ### Fedora & RHEL
  90. Supported distributions include
  91. - Fedora 20, 21, rawhide
  92. - RHEL 6, 7 and derivatives (including CentOS, Scientific Linux)
  94. #### Install from repository
  96. Enable repo via `dnf`:
  98. ```
  99. su -c 'dnf copr enable librehat/shadowsocks'
  100. ```
  102. Or download yum repo on [Fedora Copr](https://copr.fedoraproject.org/coprs/librehat/shadowsocks/) and put it inside `/etc/yum.repos.d/`. The release `Epel` is for RHEL and its derivatives.
  104. Then, install `shadowsocks-libev` via `dnf`:
  106. ```bash
  107. su -c 'dnf update'
  108. su -c 'dnf install shadowsocks-libev'
  109. ```
  111. or `yum`:
  113. ```bash
  114. su -c 'yum update'
  115. su -c 'yum install shadowsocks-libev'
  116. ```
  118. ### Linux
  120. For Unix-like systems, especially Debian-based systems,
  121. e.g. Ubuntu, Debian or Linux Mint, you can build the binary like this:
  123. ```bash
  124. sudo apt-get install build-essential autoconf libtool libssl-dev
  125. ./configure && make
  126. sudo make install
  127. ```
  129. ### FreeBSD
  131. ```bash
  132. su
  133. cd /usr/ports/net/shadowsocks-libev
  134. make install
  135. ```
  137. Edit your config.json file. By default, it's located in /usr/local/etc/shadowsocks-libev
  139. To enable shadowsocks-libev, add the following rc variable to your /etc/rc.conf file.
  141. ```
  142. shadowsocks_libev_enable="YES"
  143. ```
  145. Start the shadowsocks server:
  147. ```bash
  148. service shadowsocks_libev start
  149. ```
  151. ### OpenWRT
  153. ```bash
  154. # At OpenWRT build root
  155. pushd package
  156. git clone https://github.com/shadowsocks/shadowsocks-libev.git
  157. popd
  159. # Enable shadowsocks-libev in network category
  160. make menuconfig
  162. # Optional
  163. make -j
  165. # Build the package
  166. make V=99 package/shadowsocks-libev/openwrt/compile
  167. ```
  169. ### OS X
  170. For OS X , use [homebrew](http://brew.sh) to install or build.
  172. Install homebrew
  174. ```bash
  175. ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
  176. ```
  177. Install shadowsocks-libev
  179. ```bash
  180. brew install shadowsocks-libev
  181. ```
  183. ### Windows
  185. For Windows, use either MinGW (msys) or Cygwin to build.
  186. At the moment, only `ss-local` is supported to build against MinGW (msys).
  188. If you are using MinGW (msys), please download OpenSSL or PolarSSL source tarball
  189. to the home directory of msys, and build it like this (may take a few minutes):
  191. * OpenSSL
  193. ```bash
  194. tar zxf openssl-1.0.1e.tar.gz
  195. cd openssl-1.0.1e
  196. ./config --prefix="$HOME/prebuilt" --openssldir="$HOME/prebuilt/openssl"
  197. make && make install
  198. ```
  200. * PolarSSL
  202. ```bash
  203. tar zxf polarssl-1.3.2-gpl.tgz
  204. cd polarssl-1.3.2
  205. make lib WINDOWS=1
  206. make install DESTDIR="$HOME/prebuilt"
  207. ```
  209. Then, build the binary using the commands below, and all `.exe` files
  210. will be built at `$HOME/ss/bin`:
  212. * OpenSSL
  214. ```bash
  215. ./configure --prefix="$HOME/ss" --with-openssl="$HOME/prebuilt"
  216. make && make install
  217. ```
  219. * PolarSSL
  221. ```bash
  222. ./configure --prefix="$HOME/ss" --with-crypto-library=polarssl --with-polarssl=$HOME/prebuilt
  223. make && make install
  224. ```
  226. Usage
  227. -----
  229. ```
  230. ss-[local|redir|server|tunnel]
  232. -s <server_host> host name or ip address of your remote server
  234. -p <server_port> port number of your remote server
  236. -l <local_port> port number of your local server
  238. -k <password> password of your remote server
  240. [-m <encrypt_method>] encrypt method: table, rc4, rc4-md5,
  241. aes-128-cfb, aes-192-cfb, aes-256-cfb,
  242. bf-cfb, camellia-128-cfb, camellia-192-cfb,
  243. camellia-256-cfb, cast5-cfb, des-cfb, idea-cfb,
  244. rc2-cfb, seed-cfb, salsa20 and chacha20
  246. [-f <pid_file>] the file path to store pid
  248. [-t <timeout>] socket timeout in seconds
  250. [-c <config_file>] the path to config file
  252. [-i <interface>] network interface to bind,
  253. not available in redir mode
  255. [-b <local_address>] local address to bind,
  256. not available in server mode
  258. [-u] enable udprelay mode,
  259. TPROXY is required in redir mode
  261. [-U] enable UDP relay and disable TCP relay,
  262. not available in local mode
  264. [-A] enable onetime authentication
  266. [-L <addr>:<port>] specify destination server address and port
  267. for local port forwarding,
  268. only available in tunnel mode
  270. [-d <addr>] setup name servers for internal DNS resolver,
  271. only available in server mode
  273. [--fast-open] enable TCP fast open,
  274. only available in local and server mode,
  275. with Linux kernel > 3.7.0
  277. [--acl <acl_file>] config file of ACL (Access Control List)
  278. only available in local and server mode
  280. [--manager-address <addr>] UNIX domain socket address
  281. only available in server and manager mode
  283. [--executable <path>] path to the executable of ss-server
  284. only available in manager mode
  286. [-v] verbose mode
  288. notes:
  290. ss-redir provides a transparent proxy function and only works on the
  291. Linux platform with iptables.
  293. ```
  295. ## Advanced usage
  297. The latest shadowsocks-libev has provided a *redir* mode. You can configure your linux based box or router to proxy all tcp traffic transparently.
  299. # Create new chain
  300. root@Wrt:~# iptables -t nat -N SHADOWSOCKS
  301. root@Wrt:~# iptables -t mangle -N SHADOWSOCKS
  303. # Ignore your shadowsocks server's addresses
  304. # It's very IMPORTANT, just be careful.
  305. root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 123.123.123.123 -j RETURN
  307. # Ignore LANs and any other addresses you'd like to bypass the proxy
  308. # See Wikipedia and RFC5735 for full list of reserved networks.
  309. # See ashi009/bestroutetb for a highly optimized CHN route list.
  310. root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
  311. root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
  312. root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
  313. root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN
  314. root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN
  315. root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN
  316. root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN
  317. root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN
  319. # Anything else should be redirected to shadowsocks's local port
  320. root@Wrt:~# iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 12345
  322. # Add any UDP rules
  323. root@Wrt:~# ip rule add fwmark 0x01/0x01 table 100
  324. root@Wrt:~# ip route add local 0.0.0.0/0 dev lo table 100
  325. root@Wrt:~# iptables -t mangle -A SHADOWSOCKS -p udp --dport 53 -j TPROXY --on-port 12345 --tproxy-mark 0x01/0x01
  327. # Apply the rules
  328. root@Wrt:~# iptables -t nat -A PREROUTING -p tcp -j SHADOWSOCKS
  329. root@Wrt:~# iptables -t mangle -A PREROUTING -j SHADOWSOCKS
  331. # Start the shadowsocks-redir
  332. root@Wrt:~# ss-redir -u -c /etc/config/shadowsocks.json -f /var/run/shadowsocks.pid
  334. ## Security Tips
  336. Although shadowsocks-libev can handle thousands of concurrent connections nicely, we still recommend to
  337. set up your server's firewall rules to limit connections from each user.
  339. # Up to 32 connections are enough for normal usages
  340. iptables -A INPUT -p tcp --syn --dport ${SHADOWSOCKS_PORT} -m connlimit --connlimit-above 32 -j REJECT --reject-with tcp-reset
  342. ## License
  344. Copyright (C) 2014 Max Lv <max.c.lv@gmail.com>
  346. This program is free software: you can redistribute it and/or modify
  347. it under the terms of the GNU General Public License as published by
  348. the Free Software Foundation, either version 3 of the License, or
  349. (at your option) any later version.
  351. This program is distributed in the hope that it will be useful,
  352. but WITHOUT ANY WARRANTY; without even the implied warranty of
  353. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  354. GNU General Public License for more details.
  356. You should have received a copy of the GNU General Public License
  357. along with this program. If not, see <http://www.gnu.org/licenses/>.