As is known to all, the serious network blockade and censorship in Mainland China (namely the GFW founded in 1998) has given rise to numerous excellent proxy software from China, including but not limited to: Freegate, UltraSurf, SoftEther VPN, GoAgent, Shadowsocks, cow, Lantern, and more. Among them, Shadowsocks (AKA: 影梭) is a free, open-source, cross-platform, encrypted, and secure small proxy project from China. It uses the SOCKS5 proxy protocol (similar to SSH tunnel), and runs very, very fast. In China and many other countries, it’s widely used to break through the GFW-like Internet blockade and censorship and access the disturbed, blocked, or shielded web sites and web services around the world, such as Google, YouTube, FaceBook/Twitter, and more.

Shadowsocks was first created (using Python only) by clowwindy from China in 2012, and was forcibly suspended by the Chinese government in 2015. After that, the contribution of open source community developers made it evolve into an open-source project based on multiple development languages (Python, C, C++, C#, Java, JavaScript, Go, etc.), multiple running environments and multiple platforms (Windows, Mac OS X, Linux, Android, iOS, OpenWrt – a popular router firmware for achieving automatic bypassing of Internet censorship), and it continues to be maintained and improved until now.

The operating principle of Shadowsocks is basically the same with other types (HTTP, Socks, VPN, SSH) of proxy tools. That’s to say, it also needs to use a specific transit server to complete the data transmission. However, unlike an SSH tunnel (based on the RSA encryption technology, but with more obvious characteristics when creating a tunnel that can be caught and utilized by GFW), Shadowsocks can also be a proxy for the UDP traffic. On the other hand, Shadowsocks can’t replace TLS or VPN, because it is essentially a network agency protocol set with an access password. As a result, it cannot be used as anonymous communication solution. But compared with the traditional way of VPN proxy, Shadowsocks supports the PAC (proxy auto-config) list. That means it allows to intelligently switch proxy according to the rules added in PAC, thus gives consideration to both access speed and access efficiency.

In the physical plane, Shadowsocks is to bypass the Internet firewall by using the oversea servers as a springboard – First, Shadowsocks sets up an encrypted channel between users and proxy servers; next, the overseas agent requests the expected blocked Internet resources; final it returns these resources to the user through the encrypted channel. In the technical level, Shadowsocks is to effectively trick the Internet blockade by encrypting the data transmission – Shadowsocks uses a variety of encryption methods to secure the communication between client and server, then goes through the GFW as ordinary TCP packets, without obvious characteristics that GFW can easily decrypt and analyze.

Shadowsocks provides both client and server apps. That means you can build your own proxy server by buying overseas VPS hostings. To make this work, you need to first deploy Shadowsocks’ server side on your one or multiple VPS hosts (including setting server IP, server port, local port, password, timeout, encryption method, etc.), then use Shadowsocks’ client app to connect to your server end in order to create a proxy connection. After successfully connecting to the server, the client will construct a local Socks5 agent on user’s computer. This way, when you surf the Internet, your network traffic will be turned to the local Socks5 agent, and then sent to the server after being encrypted by the client. Next, the server transfers your desired Internet data traffic back to your client in the same encryption way. This does implement the indirect network communication and data exchange between proxy client and proxy server constructed by Shadowsocks.

In the end, if you’ve found that the connection speed of using the easy-to-implement SSH tunnel method to evade the Internet censorship cannot be satisfactory, and think that the security of Freegate and UltraSurf is not guaranteed, again are not willing to put up with the low stability of Lantern and SoftEther VPN. This case, Shadowsocks would be currently the most stable, the fastest, and the most hidden way of bypassing the Internet censorship existing in many countries.

// Key Features //

• System proxy configuration
• PAC mode and global mode
• GFWList and user rules
• Supports HTTP proxy
• Supports server auto switching
• Supports UDP relay (see Usage)
• Supports plugins

// System Requirements //

• Microsoft .NET Framework 4.6.2+

// Simple Tutorial //

1. Buy a cheap, low-powered VPS located outside the blockage area (shared hosing is insufficient, and the dedicated server is too wasteful)
2. Online Install and configure Shadowsocks server on this VPS (you’d better not use the default 8388 port)
3. Download and configure Shadowsocks client on your desired PC (you’d better not use the default 1080 port) to connect to your own Shadowsocks server
4. That’s all

// Tips //

• DO NOT use the default encryption algorithm or port (less than 25 may be better), then the success rate of setting up the Shadowsocks proxy server can be much higher
• Find Shadowsocks icon in the notification tray
• You can add multiple servers in servers menu
• Select Enable System Proxy menu to enable system proxy. Please disable other proxy addons in your browser, or set them to use system proxy
• You can also configure your browser proxy manually if you don’t want to enable system proxy. Set Socks5 or HTTP proxy to 127.0.0.1:1080. You can change this port in Servers -> Edit Servers
• You can change PAC rules by editing the PAC file. When you save the PAC file with any editor, Shadowsocks will notify browsers about the change automatically
• You can also update PAC file from GFWList (maintained by 3rd party)
• You can also use online PAC URL
• For UDP, you need to use SocksCap or ProxyCap to force programs you want to be proxied to tunnel over Shadowsocks

// Prompts //

• In general cases, only the software supporting socks5 can use Shadowsocks-based proxy servers.
• Don’t look down upon the GFW, it is becoming more and more powerful, and more and more intelligent – especially with help of with AI and big data.
• Both CentOS and Ubuntu are working all right, no one is better.
• If the default encryption algorithm “aes-256-cfb” does not work, use “bf-cfb” instead
• After editing the local PAC file, you need to restart Shadowsocks to make it effective

// Related Links //

• Shadowsocks Quick Guide
• Shadowsocks Advanced Settings
• Shadowsocks Troubleshooting
• GFWList (maintained by 3rd party)

// Download URLs //

License	Version	Download
Freeware	Latest	Clients | Servers

(Homepage | GitHub)