Max Lv
1cb068fa2f
|
11 years ago | |
---|---|---|
debian | 11 years ago | |
libasyncns | 11 years ago | |
libev | 11 years ago | |
m4 | 11 years ago | |
openwrt | 11 years ago | |
src | 11 years ago | |
.gitignore | 11 years ago | |
.travis.yml | 11 years ago | |
COPYING | 11 years ago | |
INSTALL | 12 years ago | |
LICENSE | 11 years ago | |
Makefile.am | 11 years ago | |
Makefile.in | 11 years ago | |
README.md | 11 years ago | |
aclocal.m4 | 11 years ago | |
ar-lib | 11 years ago | |
autogen.sh | 12 years ago | |
compile | 11 years ago | |
config.guess | 11 years ago | |
config.h.in | 11 years ago | |
config.sub | 11 years ago | |
configure | 11 years ago | |
configure.ac | 11 years ago | |
depcomp | 11 years ago | |
install-sh | 11 years ago | |
ltmain.sh | 11 years ago | |
missing | 11 years ago | |
shadowsocks.8 | 11 years ago |
README.md
shadowsocks-libev
Intro
Shadowsocks-libev is a lightweight secured scoks5 proxy for embedded devices and low end boxes.
It is a port of shadowsocks created by @clowwindy maintained by @madeye.
Changelog
1.4.0 -- Sun, 08 Sep 2013 02:20:40 +0000
- Add standard socks5 udp support.
1.3.3 -- Fri, 21 Jun 2013 09:59:20 +0800
- Provide more info in verbose mode.
1.3.2 -- Sun, 09 Jun 2013 09:52:31 +0000
- Fix some ciphers by @linusyang.
1.3.1 -- Tue, 04 Jun 2013 00:56:17 +0000
- Support more cihpers: camellia, idea, rc2 and seed.
1.3 -- Thu, 16 May 2013 10:51:15 +0800
- Able to bind connections to specific interface
- Support more ciphers: aes-128-cfb, aes-192-cfb, aes-256-cfb, bf-cfb, cast5-cfb, des-cfb
1.2 -- Tue, 07 May 2013 14:10:33 +0800
- Close timeouted TCP connections
- Fix a high load issue
1.1 -- Wed, 10 Apr 2013 12:11:36 +0800
- Fix a IPV6 resolve issue
1.0 -- Sat, 06 Apr 2013 16:59:15 +0800
- Initial release
Features
Shadowsocks-libev is writen in pure C and only depends on libev and openssl.
In normal usage, the memory consumption is about 600KB and the CPU utilization is no more than 5% on a low-end router (Buffalo WHR-G300N V2 with a 400MHz MIPS CPU, 32MB memory and 4MB flash).
Installation
Build the binary like this:
sudo apt-get install build-essential autoconf libtool libssl-dev
./configure && make
sudo make install
Usage
usage:
ss-[local|redir|server]
-s <server_host> host name or ip address of your remote server
-p <server_port> port number of your remote server
-l <local_port>> port number of your local server
-k <password> password of your remote server
[-m <encrypt_method>] encrypt method, supporting table, rc4,
aes-128-cfb, aes-192-cfb, aes-256-cfb,
bf-cfb, camellia-128-cfb, camellia-192-cfb,
camellia-256-cfb, cast5-cfb, des-cfb,
idea-cfb, rc2-cfb and seed-cfb
[-f <pid_file>] valid path to the pid file
[-t <timeout>] socket timeout in seconds
[-c <config_file>] json format config file
[-i <interface>] specific network interface to bind,
only avaliable in local and server modes
[-b <local_address>] specific local address to bind,
only avaliable in local and redir modes
[-u] udprelay mode to supprot udp traffic
only avaliable in local and server modes
[-v] verbose mode, debug output in console
notes:
ss-redir provides a transparent proxy function and only works on the
Linux platform with iptables.
Advanced usage
The latest shadowsocks-libev has provided a redir mode. You can configure your linux based box or router to proxy all tcp traffic transparently.
# Create new chain
root@Wrt:~# iptables -t nat -N SHADOWSOCKS
# Ignore your shadowsocks server's addresses
# It's very IMPORTANT, just be careful.
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 123.123.123.123 -j RETURN
# Ignore LANs and any other addresses you'd like to bypass the proxy
# See Wikipedia and RFC5735 for full list of reserved networks.
# See ashi009/bestroutetb for a highly optimized CHN route list.
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN
# Anything else should be redirected to shadowsocks's local port
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 12345
# Apply the rules
root@Wrt:~# iptables -t nat -A OUTPUT -p tcp -j SHADOWSOCKS
# Start the shadowsocks-redir
root@Wrt:~# ss-redir -c /etc/config/shadowsocks.json -f /var/run/shadowsocks.pid
Security Tips
Although shadowsocks-libev can handle thousands of concurrent connections nicely, we still recommend to set up your server's firewall rules to limit connections from each user.
# Up to 32 connections are enough for normal usages
iptables -A INPUT -p tcp --syn --dport ${SHADOWSOCKS_PORT} -m connlimit --connlimit-above 32 -j REJECT --reject-with tcp-reset
License
Copyright (C) 2013 Max Lv max.c.lv@gmail.com
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.