v2ray shadowsocks config json

Extract the contents of the archive. . Open Windows PowerShell (right-click on Windows Start button, then select Windows Terminal). 2019-01-19 Update the information of v2ray-plugin of Shadowsocks. v2ray (net/v2ray) Updated: 1 week, 1 day ago Add to my watchlist 4 A proxy server for bypassing network restrictions. After trial and error for nearly 2 hours, hmm.Eventually I got 404 Nothing in Error.log Very frustrating so is it ok to ask question here in future, or where else would you suggest we get help? It comes with a list of key value pairs. Specify the SOCKS Host at IP address 127.0.0.1, Port 1080. Both ss & vray_plugin android clients are downloaded from the GooglePlay Store. On Linux and macOS, you can use the terminal command ssh to reach your server. "plugin_opts":"server;host=example.com;path=/example;loglevel=none". Only two booleans are true and false. V2Ray can be configured as either a Shadowsocks server or a client. Note that you would need extra configuration on your client shadowsocks application so that obfuscation works. then, i modified the ss-android config as following. SS works as with IPv4, so with IPv6. i hv always thought we cant ask question not relate to development in here. Select the option Add/Remove Snap-in. The Go module system was introduced in Go 1.11 and is the official dependency management It's also worth mentioning that some Wi-Fi networks have firewalls that stop connections to other ports except for normal ports such as 443, 80, 22, etc. It will be named something like v2ray-plugin-windows-amd64-v1.3.1.tar.gz. The server received the packets but it seems shadowsocks with v2-ray plugin on the server side cannot handle the UDP packet. By deploying the Shadowsocks server in 443 port, your Shadowsocks data stream looks more like a data stream for web browsing via HTTPS. will read more and try installing another version with nginx. Theme NexT works best with JavaScript enabled, openssl ecparam -out ca.key -name secp384r1 -genkey, openssl req -new -sha256 -key ca.key -out ca.csr, State or Province Name (full name) [Some-State]:NSW. go build; Alternatively, you can grab the latest nightly from Circle CI by logging into Circle CI or adding #artifacts at the end of URL like such: . When AEAD encryption is used, this field has no effect. thanks alot. It's http://localhost:8388; NOT http://localhost:8388/; . Server may choose to enable, disable or auto. Create a directory to hold your certificates: Change into the directory that will hold your certificates: Generate a private key for your CA certificate: Enter anything you like for Country Name, State or Province Name, Locality Name, Organization Name, and Organizational Unit Name. Think up a port number. Time to embrace a bigger world! When AEAD encryption is used, ota has no effect. Please select stream cipher for shadowsocks-libev: Which cipher you'd select(Default: aes-256-gcm):1, Press any key to startor press Ctrl+C to cancel. I think you're almost there. v2ray-plugin will look for TLS certificates signed by acme.sh by default. HTTP Outcoming Sometimes its faster than directly connecting to your vps (depending on the vps location). I think listening on 80 at the same time won't impact anything of tls. If nothing happens, download Xcode and try again. the vps or cdn? May be a relative path . There is no issue. By following this post, you can create an SS + V2Ray plugin server without having to buy a domain name. Sign in You can then type service v2ray start to start v2ray. V2Ray's Shadowsocks protocol has been followed by AEAD, but it is still compatible with OTA. chacha20-ietf-poly1305. SSH into your server. Boolean types do not need to be double quoted. Learn more about bidirectional Unicode characters . Just configure V2Ray and just look at it here. If you do not already have Firefox installed, install Firefox now from https://www.mozilla.org/en-US/firefox/new. If you're not logged in as root, then become root as follows. super******.mooo.com is a subdomain name I registered linked to my VPS. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. as the other forums(linux, ubuntu, etc) dont hv this topic. First, you need to make sure you have go-lang on your server. Boolean value, has to be either true or false, without quotation mark. to your account. Extract the contents of the archive. Required. The client-server must have an incoming and outgoing configuration. From the Firefox hamburger menu, choose Settings. The implementation of Shadowsocks in V2Ray is compatible with Shadowsocks-libev, Go-shadowsocks2 and other clients based on the Shadowsocks protocol. vray_plugin should listen both ipv4 and ipv6. Name: shadowsocks. Stories about how and why companies use Go, How Go can help keep you secure by default, Tips for writing clear, performant, and idiomatic Go code, A complete introduction to building software with Go, Reference documentation for Go's standard library, Learn and network with Go developers from around the world. For Password put your chosen password, e.g. Server may choose to enable, disable or auto. The easiest way to check is if the traffic is running, then everything is fine. Alternatively, you can specify path to your certificates using option cert and key. What about resolver? Cautious users should refrain from using this mode. For Server IP, put the IP address of your server, e.g. However, because V2Ray supports many functions, the configuration is inevitably more complicated. Compatibility with official version: Supports both TCP and UDP connections, where UDP can be optional turned off. gistv2ray config.json . Run the install script by issuing the command: Enter your choise of password, port, and encryption method. You client should specify the nginx port 80 instead of 8348. apt update apt install -y --no-install-recommends gettext build-essential autoconf libtool libpcre3-dev asciidoc xmlto libev-dev . Shadowsocks-libev Docker Image by Teddysun. Install 7-Zip from https://www.7-zip.org if you do not have it on your PC already. is that ok? i did try installing before from the reddit post, but somehow stuck at getting the certificate - authentication error, so after many tries, i decide to try another method. Or, perhaps Nginx couldn't handle the UDP packets. It pretends your data stream as you are accessing a normal website now. My phone is rooted so I have no issue with pushing the file back to the phone. There is no documentation for this package. First, you need to make sure you have go-lang on your server Thus, it has been suggested that AES based algorithms shall be used for desktop clients, while chacha based algorithms shall be used for mobile clients. Instead of using cert to pass the certificate file, certRaw could be used to pass in PEM format certificate, that is the content between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- without the line breaks. Before V2Ray runs, it automatically converts JSON config into protobuf. solution for Go. Yet another SIP003 plugin for shadowsocks, based on v2ray, https://circleci.com/gh/shadowsocks/v2ray-plugin/20#artifacts, Alternatively, you can grab the latest nightly from Circle CI by logging into Circle CI or adding. Sign the certificate signing request, creating your certificate: Generate a private key for your server certificate: Make the server private key readable by Nginx: Delete the default contents, and enter contents as below: Change /abcdefgh to a secret path of your choice. what is the UDP Fallback use for in SS Client on Android? V2Ray supports many protocols, including Socks, HTTP, Shadowsocks, VMess, and more. Default value is false. Copy v2ray-plugin_windows_amd64.exe into the Shadowsocks folder Downloads\Shadowsocks-4.4.0.185. .win). Instead of using cert to pass the certificate file, certRaw could be used to pass in PEM format certificate, that is the content between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- without the line breaks. This creates a folder Downloads\Shadowsocks-4.4.0.185. sign in Well occasionally send you account related emails. 4. yup, all internet surfing working fine :) saw a post before saying that we could inspect the traffic header to make sure no 'thumbprint' so will not flag by by gfw's dpi, ss will only work for http/https traffic, any other protocol will be route(go directly) to the destination? netstat show ss server is listening both on tcp and udp. and one last question - would using a webserver(nginx proxy_pass) more secure? client. Check access.log and error.log in /var/log/nginx to see if your request is received and processed. Choose an encryption method. Cautious users should refrain from using this mode. May be IPv4, IPv6 or domain address. I almost give up, but I succeed with last attempt. Can be any string. so gfw will only see that im going to the cdn, but wont know where is my real destination. but the website with tls works fine. thought i did something wrong when it shows my vps ip instead of the cdn's ip. If you would like to shut down the server, use ps -ef | grep ss-server to get the pid of your shadowsocks server, and then kill the process using kill. There could be a lot of reasons leading to this. Besides, this gist suggests AES based algorithm performs badly on ARM processors. Then continue like this: Open a browser and go to https://github.com/shadowsocks/shadowsocks-windows/releases. ss will only work with IPv4 only, IPv6 will be route(go directly) to the destination? They will be referenced in the rest of docs. Congratulations, Shadowsocks-libev server install completed! Sign up for a free GitHub account to open an issue and contact its maintainers and the community. For the purpose of installing plugins for obfuscation (in the following section), the Shadowsocks-libev is chosen here. Before this section is finished, I would like to talk more about some details about the configuration. Do you use "official" shadowsocks and v2ray plugin client? Select Computer account, and click Next. I checked the profile.db-wal with notepad and incorrect arguments are passed to the plugin, thats why it never connects. Our example is aes-256-gcm. It does work. SS+any plugin will work only with any TCP traffic. At the moment, in the config.json I have specified the listening port "8348", but eveytime I run the line above, it displays "tcp server listening at 127.0.0.1:41415", 45321,52344, etc. JSON, or JavaScript Object Notation, in short is objects in Javascript. Copy the binary into the same folder as the extracted shadowsocks binaries. Theme NexT works best with JavaScript enabled. This means the HTTP connection is not good. URI of the configuration. Required. No. Shadowsocks protocol, for both inbound and outbound connections. so here's the full text of the/etc/nginx/nginx.conf. Now use the following command to start v2ray serving in a background process. By entering ss-server -h in the console, all the parameters of the command ss-server are given. If not, you can install it by following this instruction. Domain name is the easiest part. Hello Im using the V2Ray plugin, I need to pass the plugin arguments like this: I've setup a Google Cloud instance, firewall has port 3128 open. chacha20-poly1305 a.k.a. It keeps changing. p/s - bcoz of the pandemic, not sure when could travel to china, so hopefully could setup eveyrthing and make sure its running when we can travel. However, because V2Ray supports many functions, the configuration is inevitably more complicated. Caution "server":["[::1]", "127.0.0.1"], What'more, I found a detailed instruction on setting-up vray-plugins and nginx server for Chinese-speaking rookies. Expand the tree in the left pane. Please All strings must be enclosed in double quotes " ", as all keys strings, so keys should also be enclosed in double quotes. sudo apt install shadowsocks-libev. In addition, I think I need to add a few points to the introduction of the document: All punctuation marks in JSON file must use half-width symbols (English symbols). Or, if you want the shadowsocks server run as a background process (as most people do), execute the following command instead. Email address. Already on GitHub? all is working perfectly. Restart Shadowsocks with your configuration file which now specifies the V2Ray plugin: Now you are going to work on the Windows PC that will be your client. Shadowsocks is a secure socks5 proxy and was designed to protect your internet traffic. Type of supported networks. In some usages, the address part can be omitted, like ":443". active v2ray-plugin plugin, and set plugin opts as host=n3ro.me;path=/ss, set port as 80, if with tls, then set plugin opts as tls;host=n3ro.me;path=/ss and port as 443. remove = from location = /ss m like location /ss, i dont belive you can pass nginx -t with your config; See Encryption methods for available values. See command line args for advanced usages. As protobuf format is less readable, V2Ray also supports configuration in JSON. starting shadowsocks command. See command line args for advanced usages. Download the v2ray-plugin for Linux 64-bit from GitHub. Alternatively, you can specify path to your certificates using option cert and key. Installation Download the v2ray-plugin for Linux 64-bit from GitHub. shadowsocks-libev. Finally, the shadowsocks server can be started as the previous section mentioned. You can confirm the service is running by netstat -ltp, and check if the port is actually in LISTEN state and served by corresponding v2ray plugin. The configuration is similar to VMess. ss-server -c config.json -p 443 --plugin v2ray-plugin --plugin-opts "server;mode=quic;host=mydomain.me" v2ray. There was a problem preparing your codespace, please try again. Thus you see the port number changing between ss-libev service restarts. but when I only add tls support for nginx and modify client config accordingly, it did not work. sudo nano /etc/init.d/v2ray. Then attach the following lines to your configuration file so that Shadowsocks-libev uses v2ray-plugin to obfuscate its data stream. For the server side, try to use this nginx configuration: I bought a domain name super*****.xyz. Configure Firefox to use a Manual proxy configuration. And each protocol may have its own transport, such as TCP, mKCP, WebSocket, etc. VMess If true and the incoming connection doesn't enable OTA, V2Ray will reject this connection. config.json-shadowsocks client from toutyrater This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. A domain name costs much less than your VPS. Your run of the script will look like this: Wait while the installs and compiles take place. Give it a try. Better yet, V2Ray has built in obfuscation to hide traffic in TLS, and can run in parallel with web servers. (124** Android 4G; 222** Windows PC) Shadowsocks server address. Import CA Certificate on Client. A typical object is like below: V2Ray supports comments in JSONannotated by "//" or "/* */". 2018-11-09 Adapt to v4.0+ configuration format. You'd better test your setup with a PC client so that to tell if the problem is at the client side. I have nginx on port 3128 forwarding to port 10001 internally, and v2ray-plugin configured to 127.0.0.1:10001. In the Microsoft Management Console: Click File. This is because sometimes localhost are resolved to ipv6 address. Create a VPN server with ShadowSocks+v2ray connection protocol. Here's some sample commands for issuing a certificate using CloudFlare. to use Codespaces. Here's some sample commands for issuing a certificate using CloudFlare. The nginx access log above shows you're getting http 499 responses. https://blog.icpz.dev/articles/bypass-gfw/shadowsocks-with-v2ray-plugin/. Right-click on the download, and use 7-Zip to extract v2ray-plugin-windows-amd64-v1.3.1.tar. In an editor that doesn't support comments, they may get displayed as errors, but comments actually work fine in V2Ray. the problem here is v2ray-plugin behind nginx with tls does not work.