How to Use shadowocks-libev on FreeBSD

Shadowsocks is a secure socks5 proxy, designed to protect your Internet traffic. Shadowsocks can function as a tunnel proxy that can help you bypass firewalls. In FreeBSD Shadowsocks is known as Shadowsocks-libev which was created with the C programming language based on libev, which prioritizes embedded devices and low-end boxes.

Shadowsock can encrypt the traffic between you and the server, so that Internet Service Providers cannot spy on you, once the ISP doesn't know what is running on your computer, they will not stop the traffic, so you can bypass ISP restrictions and be able to easily penetrate corporate firewalls and access censored sites. Let's say if you are in a situation where OpenVPN traffic is blocked or restricted, ShadowSocks is a good alternative to VPN that can be installed on a PFSense router to tunnel the entire network traffic.

Main features of Shadowsocks:
  1. Super Fast
  2. Cross Platform
  3. Flexible Encryption
  4. Open Source
  5. Mobile Ready
  6. Easy Deployment


1. Prerequisites

In this tutorial, we will show the steps to install Shadowsocks-libev on a FreeBSD server, configure and use the client to connect to the proxy. All instructions in this article run on FreeBSD 13.2 server. In this article we use the private IP address 192.168.5.2, name server ns6 and domain unixwinbsd.site.

The Shadowsocks-libev installation process on FreeBSD is recommended using the ports system. As a first step, we update and upgrade the FreeBSD ports system. Run the command below.
root@ns6:~ # portmaster -af
root@ns6:~ # portupgrade -af
Before installing Shadowsocks-libev, you are required to install the Shadowsocks-libev library. use below command to install library Shadowsocks-libev on your FreeBSD server.
root@ns6:~ # pkg install asciidoc xmlto libev mbedtls pcre libsodium c-ares
Once the library package is installed, run the following "make" command in your command line terminal to install Shadowsocks-libev.
root@ns6:~ # cd /usr/ports/net/shadowsocks-libev
root@ns6:~ # make config
root@ns6:/usr/ports/net/shadowsocks-libev # make install clean


2. Configuration

At this configuration stage, we will enable shadowocks-libev in /etc/rc.conf
root@ns6:/usr/ports/net/shadowsocks-libev # ee /etc/rc.conf
shadowsocks_libev_enable="YES"
shadowsocks_libev_config="/usr/local/etc/shadowsocks-libev/config.json"
With the script above, shadowsock can run automatically on the FreeBSD server.

Now before we start shahdowsocks on our server, let's we edit the json file and enter the following configuration content in it which contains the hostname or IP of your server (IPv4/IPv6), server port number, local port number, password used to encrypt the transfer, connection timeout and encryption method such as "aes -256-cfb", "bf-cfb", "des-cfb" or "rc4".

Add the following code to "/usr/local/etc/shadowsocks-libev/config.json" file.

{
    "server":["::1", "127.0.0.1"],
    "mode":"tcp_and_udp",
    "server_port":8388,
    "local_port":1080,
    "local_address": "192.168.5.2",
    "password":"router",
    "timeout":86400,
    "method":"chacha20-ietf-poly1305",
    "nameserver":"1.1.1.1",
    "fast_open": true

}

"local address 192.168.5.2" is private IP and "nameserver 1.1.1.1" is Cloudflare DNS.

OK, now let's start the Shadowsocks server:
root@ns6:~ # service shadowsocks_libev restart
Stopping shadowsocks_libev.
Waiting for PIDS: 45942.
Starting shadowsocks_libev.
 2023-12-09 14:09:13 INFO: binding to outbound IPv4 addr: 192.168.5.2
Now, Shadowsocks is running and will start automatically on system boot. You can now use Shadowsocks-libev for proxy connections. To be able to connect to the Shadowsocks proxy server, you need a client.


3. Run shadowsocks clients

Shadowsocks is supported by a number of different clients and devices. Install the client of your choice and test the connection. 

By default, shadowocks-libev runs as a server on FreeBSD. If you want to start shadowocks-libev in client mode, you need to configure the file /usr/local/etc/rc.d/shadowsocks_libev.

Open the file /usr/local/etc/rc.d/shadowsocks_libev and change the ss-server script with ss-local.
root@ns6:~ # ee /usr/local/etc/rc.d/shadowsocks_libev
# command="/usr/local/bin/ss-server"
command="/usr/local/bin/ss-local"
The script command="/usr/local/bin/ss-server" is changed to command="/usr/local/bin/ss-local". Put a "#" sign in the script command="/usr/local/bin/ss-server".

Restart shadowocks-libev.
root@ns6:~ # service shadowsocks_libev restart

Let's summarize. Shadowsocks are a great tool to fight digital censorship. With Shadowsock we can create anonymity on the internet network, making it difficult for irresponsible people to hack it.
Iwan Setiawan

I Like Adventure: Mahameru Mount, Rinjani Mount I Like Writer FreeBSD

Post a Comment

Previous Post Next Post