-
Notifications
You must be signed in to change notification settings - Fork 176
Route Traffic Through Domestic Server With Shadowsocks
THIS TUTORIAL ONLY AND ONLY BYPASSES OUTGOING DPI AND WILL NOT MASK YOUR DOMESTIC SERVER IP
So in Iran if you tunnel your proxy with iptables (plain route) your servers(Both) will be blocked. If you were to obfuscate the routed traffic, you would have a better chance against censorship. Here is a small diagram to explain how it used to work and will work with Shadowsocks:
Without Shadowsocks:
Client -(MTProto Traffic)-> Domestic Server -(MTProto Traffic)-> Firewall (DPI and other stuff) -(MTProto Traffic)-> Foreign Server -> Telegram Servers
As you can see, traffic passed through Firewall is MTProto packets and can be easily identified even with random padding. More info here
What happens with shadowsocks?
Client -(MTProto Traffic)-> Domestic Server -(Shadowsocks Obfuscated Traffic)-> Firewall (DPI and other stuff) -(Shadowsocks Obfuscated Traffic)-> Foreign Server -(MTProto Traffic)-> Telegram Servers
Also you can improve shadowsocks security with using plugins. (I will explain later)
Here is how setting this up goes:
At first, use one of my scripts and install MTProto Proxy on your server.
Then use teddysun's script to install Shadowsocks server on your foreign server. To ease the trouble, here is a little guide for installing Shadowsocks.
If your are using Ubuntu/Debian use this:
wget https://raw.githubusercontent.com/teddysun/shadowsocks_install/master/shadowsocks-libev-debian.sh && bash shadowsocks-libev-debian.sh
If your are using Centos use this:
wget https://raw.githubusercontent.com/teddysun/shadowsocks_install/master/shadowsocks-libev.sh && bash shadowsocks-libev.sh
Then configure the proxy like so:
- Set password to whatever you want.
- Better set the port to 443 or 80 especially if you want to configure a plugin later.
- For ciphers, if you want fast speed use
chacha20, for best security chooseaes-256-gcmorxchacha20-ietf-poly1305. It is a good idea to choosechacha20if you want to use a plugin later.
As for plugins I have already tested Cloak and V2Ray and they work quite well. (Especially Cloak) Simple obfs is deprecated and therefore should not be used.
Plugins make your traffic similar to HTTP or HTTPS at the cost of speed.
UPDATE: I've written a small script to install Shadowsocks-libev with Cloak on your server. Here is the link
In domestic server you should use ss-tunnel to forward all of your traffic to your foreign server.
At first install shadowsocks-libev on your system. You should either build that or use a repository to install that. Read More
Then you should use systemd or tmux or screen to run the command below:
ss-tunnel -s 1.1.1.1 -p 443 -l 1080 -k PaSs -m chacha20-ietf-poly1305 -b 0.0.0.0 -L 1.1.1.1:8080
Where:
-
1.1.1.1is your foreign server IP -
443is the port you choose when you installed shadowsocks -
1080is the port that receives incoming packets -
PaSsis the password of your shadowsocks server -
chacha20-ietf-poly1305is the cipher you used -
0.0.0.0means all traffics from internet will be forwarded to your foreign server -
1.1.1.1:8080is your MTProto server,1.1.1.1is your IP and8080is the port your mtproto is listening to.
Now change your proxy share link by replacing IP address with your domestic server IP address and change port to 1080 (the port that receives incoming packets).
Now all of your packets will be forwarded to your mtproto proxy server.