How to forward local port using shadowsocks
The purpose here is to forward local port 3080 to remote port 2.2.2.2:1194 (where an openvpn server is listening) using shadowsocks.
To do this we'll use shadowsocks-rust:
First we download the latest binaries for linux:
wget https://github.com/shadowsocks/shadowsocks-rust/releases/download/v1.16.1/shadowsocks-v1.16.1.x86_64-unknown-linux-gnu.tar.xz
and extract the files:
mkdir shadowsocks
tar xvf shadowsocks-v1.16.1.x86_64-unknown-linux-gnu.tar.xz -C shadowsocks
Now we cd into the folder and make the binaries executable and move them to /usr/local/bin:
cd shadowsocks/
chmod +x ss*
sudo mv ss* /usr/local/bin
Verify installation using this command:
sslocal --version
Now we are ready to create our local tunnel.
To do this we obviously need a shadowsocks server. There are many tutorials for setting up one. However here is how you can quickly set up a shadowsocks server on a debian/ubuntu VPS:
sudo apt install shadowsocks-libev simple-obfs
sudo nano /etc/shadowsocks-libev/config.json
with the following content:
{
"server": "0.0.0.0",
"server_port": DESIRED PORT,
"password": "DESIRED PASSWORD",
"timeout": 300,
"method": "chacha20-ietf-poly1305",
"mode": "tcp_only",
"dns":"1.1.1.1",
"plugin":"obfs-server",
"plugin_opts": "obfs=http;obfs-host=cloudfront.net",
"fast_open": false
}
*(Please note simple-obfs is obsolete and you should consider using a more secure pluging such as xray.)
*
sudo systemctl restart shadowsocks-libev.service
Now back to our local system, we create a shadowsocks tunnel configuration file:
nano sstunnel.json
and paste these lines. Make necessary adjustments based on your shadowsocks server configuration:
{
"locals": [
{
"protocol": "tunnel",
"local_address": "127.0.0.1",
"local_port": 3080,
"forward_address":"2.2.2.2",
"forward_port": 1194,
}
],
"server": "SHADOWSOCKS_SERVER_IP",
"server_port": SHADOWSOCKS_SERVER_PORT,
"password": "SHADOWSOCKS_SERVER_PASSWORD",
"method": "chacha20-ietf-poly1305",
"mode": "tcp_only",
"plugin": "obfs-local",
"plugin_opts": "obfs=http;obfs-host=cloudfront.net"
}
This file tells shadowsocks to forward connections to 127.0.0.1:3080 to the remote port 2.2.2.2:1194 which is our openvpn server, for example.
Now we can run the tunnel:
/usr/local/bin/sslocal -c sstunnel.json
This is the output on my system:
$ /usr/local/bin/sslocal -c sstest.json
2023-09-09T02:08:53.356339957+03:30 INFO shadowsocks local 1.16.1 build 2023-09-01T05:08:00.031376835+00:00
2023-09-09 02:08:53 [simple-obfs] INFO: obfuscating enabled
2023-09-09 02:08:53 [simple-obfs] INFO: obfuscation http method: GET
2023-09-09 02:08:53 [simple-obfs] INFO: obfuscating hostname: cloudfront.net
2023-09-09 02:08:53 [simple-obfs] INFO: tcp port reuse enabled
2023-09-09 02:08:53 [simple-obfs] INFO: listening at 127.0.0.1:41681
2023-09-09T02:08:53.357713632+03:30 INFO shadowsocks TCP tunnel listening on 127.0.0.1:3080
As you can see the last line
TCP tunnel listening on 127.0.0.1:3080
shows sslocal is listening at port 3080.
How to connect to openvpn over shadowsocks
Now let's assume we have an client.ovpn file for connecting to our 2.2.2.2:1194 openvpn server.
We open the client.ovpn file and make two changes:
- We change remote line to 127.0.0.1 3080
- We also tell openvpn to route the shadowsocks server IP through default gateway, not through the vpn tunnel:
route SHADOWSOCKS_SERVER_IP 255.255.255.255 net_gateway
This is how my openvpn client configuration looks now:
client
proto tcp-client
remote 127.0.0.1 3080
route SHADOWSOCKS_SERVER_IP 255.255.255.255 net_gateway
....
The rest of the configuration file remains intact.
Now I can connect to openvpn using this command:
sudo openvpn --config client.ovpn
P.S: instead of creating a shadowsocks tunnel configuration file we can also use the following command:
sslocal --protocol tunnel -b "127.0.0.1:3080" -f "2.2.2.2:1194" --server-url "ss://...."
or
/usr/local/bin/sslocal --protocol tunnel -b "127.0.0.1:3080" -f "2.2.2.2:1194" -s "SHADOWSOCKS_SERVER_IP:PORT" -m "chacha20-ietf-poly1305" -k "SHADOWSOCKS_SERVER_PASSWORD" --plugin "obfs-local" --plugin-opts "obfs=http;obfs-host=cloudfront.net"
Top comments (0)