Build Home Router with OpenWrt – Setup SS Server
Ubuntu 16.04
Shadowsocks 2.8.2
Python 2.7.15rc1
Setup and Configuration
Deploy ss server on vps is pretty easy, logon to vps and execute the following script:
apt-get install openssl
apt-get install python-pip -y
pip install setuptools
pip install wheel
pip install shadowsocks
# Create ss config
echo '{
"server":"0.0.0.0",
"server_port":11135,
"local_address":"127.0.0.1",
"local_port":1080,
"password":"yourpassword",
"timeout":300,
"method":"aes-256-cfb",
"fast_open":false
}' > /etc/shadowsocks.json
# Fixed 'undefined symbol: EVP_CIPHER_CTX_cleanup'
sed -i 's/EVP_CIPHER_CTX_cleanup/EVP_CIPHER_CTX_reset/g' /usr/local/lib/python2.7/dist-packages/shadowsocks/crypto/openssl.py
ssserver -c /etc/shadowsocks.json -d start
Add above command to /etc/rc.local to enable start at system bootup.
Stop ss server with:
ssserver -c /etc/shadowsocks.json -d stop
Performance Tuning
Increase the maximum number of open file descriptors
Add these two lines to /etc/security/limits.conf:
* soft nofile 51200
* hard nofile 51200
with sed:
sed -i '$i* soft nofile 51200\n* hard nofile 51200\n' /etc/security/limits.conf
Then, set the ulimit with ulimit -n 51200 before starting ss server.
Tune the kernel parameters
The priciples of tuning parameters for shadowsocks are:
- Reuse ports and conections as soon as possible.
- Enlarge the queues and buffers as large as possible.
- Choose the TCP congestion algorithm for large latency and high throughput.
Here is recommended config for production servers:
cat << EOT >> /etc/sysctl.conf
fs.file-max = 51200
net.core.rmem_max = 67108864
net.core.wmem_max = 67108864
net.core.netdev_max_backlog = 250000
net.core.somaxconn = 4096
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
# net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 10000 65000
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_fastopen = 3
net.ipv4.tcp_mem = 25600 51200 102400
net.ipv4.tcp_rmem = 4096 87380 67108864
net.ipv4.tcp_wmem = 4096 65536 67108864
net.ipv4.tcp_mtu_probing = 1
net.ipv4.tcp_congestion_control = hybla
EOT
Execute sysctl -p to reload the config.
Note:
I commented out tcp_tw_recycle because this is removed from kernel (commit
4396e46).
Shadowsocks Clients
shadowsocks.org lists plenty of clients for various platforms, currently I have installed clients for Android phone and my Openwrt Router, but for ios it is not that easy, I have tried to install Outline with diawi following Jayprakash Dubey’s instruction at stackoverflow, but to no avail.
Also tried to install with iTune, no luck.
Finally get it working by download from app store(Australia).
Generate shadowsocks access-key
Follow official Quick Guide to generate your access key with in Try it yourself section.