|Ⅰ||This article along with all titles and tags are the original content of AppNee. All rights reserved. To repost or reproduce, you must add an explicit footnote along with the URL to this article!|
|Ⅱ||Any manual or automated whole-website collecting/crawling behaviors are strictly prohibited.|
|Ⅲ||Any resources shared on AppNee are limited to personal study and research only, any form of commercial behaviors are strictly prohibited. Otherwise, you may receive a variety of copyright complaints and have to deal with them by yourself.|
|Ⅳ||Before using (especially downloading) any resources shared by AppNee, please first go to read our F.A.Q. page more or less. Otherwise, please bear all the consequences by yourself.|
|This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.|
As is known to all, the serious network blockade and censorship in Mainland China (namely the GFW founded in 1998) has given rise to numerous excellent proxy software from China, including but not limited to: Freegate, UltraSurf, SoftEther VPN, GoAgent, Shadowsocks, cow, Lantern, and more. Among them, Shadowsocks (AKA: 影梭) is a free, open-source, cross-platform, encrypted, and secure small proxy project from China. It uses the SOCKS5 proxy protocol (similar to SSH tunnel), and runs very, very fast. In China and many other countries, it’s widely used to break through the GFW-like Internet blockade and censorship and access the disturbed, blocked, or shielded web sites and web services around the world, such as Google, YouTube, FaceBook/Twitter, and more.
The operating principle of Shadowsocks is basically the same with other types (HTTP, Socks, VPN, SSH) of proxy tools. That’s to say, it also needs to use a specific transit server to complete the data transmission. However, unlike an SSH tunnel (based on the RSA encryption technology, but with more obvious characteristics when creating a tunnel that can be caught and utilized by GFW), Shadowsocks can also be a proxy for the UDP traffic. On the other hand, Shadowsocks can’t replace TLS or VPN, because it is essentially a network agency protocol set with an access password. As a result, it cannot be used as anonymous communication solution. But compared with the traditional way of VPN proxy, Shadowsocks supports the PAC (proxy auto-config) list. That means it allows to intelligently switch proxy according to the rules added in PAC, thus gives consideration to both access speed and access efficiency.
In the physical plane, Shadowsocks is to bypass the Internet firewall by using the oversea servers as a springboard – First, Shadowsocks sets up an encrypted channel between users and proxy servers; next, the overseas agent requests the expected blocked Internet resources; final it returns these resources to the user through the encrypted channel. In the technical level, Shadowsocks is to effectively trick the Internet blockade by encrypting the data transmission – Shadowsocks uses a variety of encryption methods to secure the communication between client and server, then goes through the GFW as ordinary TCP packets, without obvious characteristics that GFW can easily decrypt and analyze.
Shadowsocks provides both client and server apps. That means you can build your own proxy server by buying overseas VPS hostings. To make this work, you need to first deploy Shadowsocks’ server side on your one or multiple VPS hosts (including setting server IP, server port, local port, password, timeout, encryption method, etc.), then use Shadowsocks’ client app to connect to your server end in order to create a proxy connection. After successfully connecting to the server, the client will construct a local Socks5 agent on user’s computer. This way, when you surf the Internet, your network traffic will be turned to the local Socks5 agent, and then sent to the server after being encrypted by the client. Next, the server transfers your desired Internet data traffic back to your client in the same encryption way. This does implement the indirect network communication and data exchange between proxy client and proxy server constructed by Shadowsocks.
In the end, if you’ve found that the connection speed of using the easy-to-implement SSH tunnel method to evade the Internet censorship cannot be satisfactory, and think that the security of Freegate and UltraSurf is not guaranteed, again are not willing to put up with the low stability of Lantern and SoftEther VPN. This case, Shadowsocks would be currently the most stable, the fastest, and the most hidden way of bypassing the Internet censorship existing in many countries.
// Key Features //
- System proxy configuration
- PAC mode and global mode
- GFWList and user rules
- Supports HTTP proxy
- Supports server auto switching
- Supports UDP relay (see Usage)
- Supports plugins
// System Requirements //
- Microsoft .NET Framework 4.6.2+
// Simple Tutorial //
- Buy a cheap, low-powered VPS located outside the blockage area (shared hosing is insufficient, and the dedicated server is too wasteful)
- Online Install and configure Shadowsocks server on this VPS (you’d better not use the default 8388 port)
- Download and configure Shadowsocks client on your desired PC (you’d better not use the default 1080 port) to connect to your own Shadowsocks server
- That’s all
// Tips //
- DO NOT use the default encryption algorithm or port (less than 25 may be better), then the success rate of setting up the Shadowsocks proxy server can be much higher
- Find Shadowsocks icon in the notification tray
- You can add multiple servers in servers menu
Enable System Proxymenu to enable system proxy. Please disable other proxy addons in your browser, or set them to use system proxy
- You can also configure your browser proxy manually if you don’t want to enable system proxy. Set Socks5 or HTTP proxy to 127.0.0.1:1080. You can change this port in
Servers -> Edit Servers
- You can change PAC rules by editing the PAC file. When you save the PAC file with any editor, Shadowsocks will notify browsers about the change automatically
- You can also update PAC file from GFWList (maintained by 3rd party)
- You can also use online PAC URL
- For UDP, you need to use SocksCap or ProxyCap to force programs you want to be proxied to tunnel over Shadowsocks
// Prompts //
- In general cases, only the software supporting socks5 can use Shadowsocks-based proxy servers.
- Don’t look down upon the GFW, it is becoming more and more powerful, and more and more intelligent – especially with help of with AI and big data.
- Both CentOS and Ubuntu are working all right, no one is better.
- If the default encryption algorithm “aes-256-cfb” does not work, use “bf-cfb” instead
- After editing the local PAC file, you need to restart Shadowsocks to make it effective
// Related Links //
- Shadowsocks Quick Guide
- Shadowsocks Advanced Settings
- Shadowsocks Troubleshooting
- GFWList (maintained by 3rd party)
// Download URLs //
|Freeware||Latest||Clients | Servers|
|If some download link is missing, and you do need it, just please send an email (along with post link and missing link) to remind us to reupload the missing file for you. And, give us some time to respond.|
|If there is a password for an archive, it should be "appnee.com".|
|Most of the reserved downloads (including the 32-bit version) can be requested to reupload via email.|