SecuremeVPN ©

TUTORIAL
ShadowsocksR setup


This tutorial will show you step-by-step instructions to set up your own speed optimized ShadowsocksR (SSR) server on a Ubuntu VPS. This guide includes installation of the bbr add-on for increased speed on high latency networks and how to use the clients for Windows, Mac, iOS, and Android.


Choosing a VPS provider to host your server

Why I am using Vultr (Affiliate link. Please sign under it so YOU and I can get some free time on Vultr) for this tutorial

With servers starting from $5/month and good routing to China Telecom, Vultr offers a good combination of price and speed. It's not the fastest server you can buy, but it does offer the best value for money in my opinion.

Vultr servers are always billed hourly. This is a very useful feature for 2 reasons.

1. If you mess something up and want to start over again, just destroy the VPS and make a new one. It will only cost you $0.01 if you destroy the VPS within the first 2 hours. This is a great way for beginners to learn to use Linux.

2. If your server gets blocked, you can just destroy it and make a new one. You won't lose money because you only pay for the amount of hours you use the server for.

Once you have used the server for 625 hours (~26 days), then you will pay the monthly price. If you destroy your server before 625 hours, then you will pay for the number of hours that you used. You will see both the monthly and hourly price when you choose your instance. This is not an option to choose, it is just showing you both prices.

Vultr offers a very generous bandwidth allowance that you will likely never go over. Note that the data allowance is pro-rated for the amount of hours if you use the server for less than 1 month.

Tip - If you go over this allowance, it's cheaper to shut down your instance and start a new one rather than paying the excess data fee (or upgrade to a higher price instance).
Vultr Alternatives

If this is your first time setting up a ShadowsocksR server, then just stick with Vultr for now and follow this tutorial exactly to the letter.

After you learn the process of making a server using Vultr or if you are already familiar with Linux, you may want to consider some other providers for higher performance (if you are willing to spend more and take the risk of paying monthly/annually instead of hourly).

If you want to try other providers, make sure you choose Ubuntu 18.04 64 bit as the OS and KVM as the virtualization (if available).

Previously this tutorial did not work for OpenVZ virtualization because it is not possible to change the kernel to install BBR. However, now that BBR comes pre-installed on Ubuntu 18.04, this tutorial might work with Ubuntu 18.04 on OpenVZ virtualization (not sure, someone please confirm in the comments if you have tried it).


Choose the best server locations for your ISP

Before we get started, it's a good idea to do some network analysis to find the best Vultr server location for your ShadowsocksR server.

Using the hostnames below, send a ping command to each server to check the latency to your location. Remember to turn off any existing VPN connections, because we want to check the latency between your ISP and the Vultr servers.

The locations shown in bold have the best routing to China Telecom.
 Tokyo, Japan  hnd-jp-ping.vultr.com
 Singapore  sgp-ping.vultr.com
 Silicon Valley, California  sjo-ca-us-ping.vultr.com
 Los Angeles, California  lax-ca-us-ping.vultr.com
 Seattle, Washington  wa-us-ping.vultr.com
 Frankfurt, DE  fra-de-ping.vultr.com
 Amsterdam, NL  ams-nl-ping.vultr.com
 Paris, France  par-fr-ping.vultr.com
 London, UK  lon-gb-ping.vultr.com
 New York (NJ)  nj-us-ping.vultr.com
 Chicago, Illinois  il-us-ping.vultr.com
 Atlanta, Georgia  ga-us-ping.vultr.com
 Miami, Florida  fl-us-ping.vultr.com
 Dallas, Texas  tx-us-ping.vultr.com
 Sydney, Australia  syd-au-ping.vultr.com
If you are using Windows, you can download my Vultr ping script to automatically ping all of Vultr servers.

I have identified 4 servers that have a decent ping time to my China Telecom connection.

Tokyo
Singapore
Silicon Valley
Los Angeles
I am going try a Tokyo server and a Los Angeles server.

To avoid confusion, I will just show the instructions for setting up 1 of the servers, although I am actually doing both at the same time.


Deploy your instance

The first step is to go to Vultr and create an account if you don't already have one. You will need to fund your account with a minimum $5 deposit using PayPal or verify a valid credit card.

I recommend turning off your VPN if you are using a Chinese credit card or Chinese PayPal account to avoid this fraud detection. If you are are using an overseas credit card, you may want to connect to a VPN in the same country as your credit card, or turn your VPN off. I'm not sure which option is better in this case.

Although Vultr offers WeChat payments, this won't work for you unless you have a Chinese ID card (only Chinese citizens can use WeChat and Alipay for merchants outside of China).

Once your account is funded/verified then you can deploy a new instance (VPS).
Choose your location

Choose the server type (OS). For this tutorial, I am using Ubuntu 18.04 x64

Ok, time to connect to our server using SSH.

If you are using Mac, you can use the Terminal program to start an SSH session with your server.

Open Terminal and enter the following command (Mac users only):

ssh server_ip -p 22 -l root

replace server_ip with the IP address of your server.

For example, using my server in this tutorial, you would enter the following.

ssh 45.32.50.230 -p 22 -l root

Unlike Mac, Windows does not come with an SSH client.

I am using Windows, so I have downloaded Putty.

If you are using Putty for Windows, enter the IP address of your Vultr server and press open to connect to it. Leave all of the settings as default. You can save the session so you don't need to enter the IP address next time.
I saved the settings as
"Vultr Tokyo"

Accept the security warning and then login as root and enter the password from the Vultr server management page.

Tip - To paste text from the clipboard using Putty, simply press the right mouse button once and whatever is in the clipboard will get pasted. When typing or pasting your password, you won't see anything on the screen. Just press enter after you have typed it or pasted it by single clicking the right mouse button.
If your SSH connection is not successful, wait a few more minutes and try again. When you first create a server, it can take up to 5 minutes until it's ready to use.

If you still can't connect after your server is ready, that means your IP address is blocked by the Great Firewall of China (probably due to the person who used that IP address before you).

This can be confirmed by connecting to a VPN to see if you can connect.

If your IP is blocked, then destroy your instance and make a new one.
Once you have a good IP address that is not blocked and you are logged in successfully, your screen should look like this.


Install ShadowsocksR

Update and upgrade the machine by entering the command below.

sudo apt-get update && sudo apt-get upgrade -y

Any time that you see highlighted text like the text in the above line, enter it as a command. I will only show the screenshot for the first command, shown below.

After you enter the command, press enter to execute it.

When executing this first commend, you may get a message that says something like this:

"A new version of configuration file /etc/default/grub is available, but the version installed currently has been locally modified. What do you want to do about modified configuration file grub?"

You can just press enter to keep the default option of using the current one.

Now, let's install ShadowsocksR on the server. There are many different versions of shadowsocks and many different ways to install them. I am going to install ShadowsocksR (SSR) using an installation script from GitHub user teddysun.

Teddysun has made some great scripts that make it very easy to install different versions of shadowsocks and other linux applications.

There used to be a donation page (https://teddysun.com/donate) where you could send a donation to Teddy Sun by WeChat or Alipay to support his good work. However, that link is now dead and I can't find any similar page on his website now. If anyone knows how to support the work of Teddy Sun, please let me know what link I can include here.

Enter the following 3 commands to download the run the SSR installation script.

wget --no-check-certificate https://raw.githubusercontent.com/teddysun/shadowsocks_install/master/shadowsocksR.sh

Note - The above command is shown on 2 lines because it's too long. Make sure you copy the full command starting with wget and ending with shadowsocksR.sh

chmod +x shadowsocksR.sh

./shadowsocksR.sh 2>&1 | tee shadowsocksR.log

Enter the parameters that you want to use for your server. Here is what I am using for this tutorial. You can always change these settings later if you want so don't think about it too much.

Password: testing
Port: 443
cipher: chacha20
protocol: origin
obfs: http_simple_compatible

After you enter all of the settings, press any key to start the installation. It will take about 5 minutes.
Try protocol auth_sha1_v4_compatible instead of origin


If you want to make any changes to the configuration, enter the command below to edit the server config file.

nano /etc/shadowsocks.json
Press Ctrl + X to exit. When asked to save the modified buffer, press the y key once and then press enter to keep the same file name.

Every time you make changes to this file, you need to restart shadowsocks so the changes will take effect. Restart shadowsocks using the command below (if you have changed the config file).

/etc/init.d/shadowsocks restart

The server is already running, you can download a shadowsocks client and try it now.


Download a client and test your server

The standard Shadowsocks (SS) client is no longer stable in China. I recommend using the ShadowsocksR (SSR) client if you are in China.

SSR Clients (recommended for China)

ShadowsocksR for Windows (Download version 4.9.0, the newer ones have DNS leaks)
ShadowsocksR for Android
ShadowsocksR for Mac
iOS Potatso Lite (FREE)
iOS Shadowrocket ($2.99)


Install Google BBR and Optimize the Server

Google BBR is a TCP congestion control algorithm that can give a huge speed boost on networks with high packet loss (basically all of the networks in/out of China).

October 2018 Update - As Google BBR is now included by default with Ubuntu 18.04 on Vultr, you can skip this step. You will still need to do this if you are using a different version of Ubuntu or if using another VPS that doesn't include BBR with their Ubuntu 18.04 image.

To confirm whether Google BBR is already installed, enter the following command.

lsmod | grep bbr

If you see a text output from this command with the words "tcp_bbr" and a number beside it, then you already have BBR. You can skip the next command.

If you are using an older version of Ubuntu or don't have BBR installed, then install it using the command below (another great script from Teddy Sun).

wget --no-check-certificate https://github.com/teddysun/across/raw/master/bbr.sh && chmod +x bbr.sh && ./bbr.sh

If you have an incompatible kernel, you will be asked to reboot your server after the kernel is changed. You will need to re-connect using Putty after rebooting.

You can confirm that the installation was successful by using the "lsmod | grep bbr" command again.

Now that bbr is installed, we just have a few more settings to optimize.

Next, change the kernel configuration settings.

nano /etc/sysctl.conf

Add the following lines at the bottom of the file after the net.ipv4.tcp_congestion_control = bbr line.
fs.file-max = 51200
net.core.rmem_max = 67108864
net.core.wmem_max = 67108864
net.core.netdev_max_backlog = 250000
net.core.somaxconn = 4096
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 10000 65000
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_fastopen = 3
net.ipv4.tcp_mem = 25600 51200 102400
net.ipv4.tcp_rmem = 4096 87380 67108864
net.ipv4.tcp_wmem = 4096 65536 67108864
net.ipv4.tcp_mtu_probing = 1
Press Ctrl + X to exit and then press Y to save the file, and press enter to keep the same file name.

Apply the new settings by entering the command below.

sysctl -p

Let's make a few more optimisations.

nano /etc/security/limits.conf

Add these lines to the bottom of the file, include the * symbol.
* soft nofile 51200
* hard nofile 51200
Press Ctrl + X to exit and then press Y to save the file, and press enter to keep the same file name.

Next, enter this command.

nano /etc/pam.d/common-session

Add the following line at the end of the file.
session required pam_limits.so
Press Ctrl + X to exit and then press Y to save the file, and press enter to keep the same file name.

nano /etc/profile

Add the following line at the end of the file.
ulimit -n 51200
Finally, type the command below.

ulimit -n 51200

Restart the shadowsocks server again.

/etc/init.d/shadowsocks restart

The optimizations are finished!

ENJOY and please send us your feedback!
You can always save your time and Buy a subscription with us.

Surf safely while connected
Set it up once and surf not worrying about censored sources being unaccessible

Coming soon ...

Antivirus
Antispam 
Antimalware 

© Copyright 2020 Secureme - All Rights Reserved