Sometimes, the network traffic need to be encrypted and obfuscated. shadowsocks + simple-obfs is a simple solution. shadowsocks is a socks5 proxy, with traffic encryption. all traffic through shadosocks will be encrypted. simple-obfs is used for obfuscate traffic. The upstream traffic encapsulation in HTTP or tls stream. The outer traffic will look like an HTTP session.
Server-side config
Install shadowsocks, simple-obfs
Enable copr and install:
curl https://copr.fedorainfracloud.org/coprs/antonchen/proxy/repo/epel-7/antonchen-proxy-epel-7.repo -o /etc/yum.repos.d/antonchen-proxy-epel-7.repo
dnf install shadowsocks-libev simple-obfs
Config shadowsocks:
# cat /etc/shadowsocks-libev/config.json
{
“server”: [“[::1]“, “127.0.0.1”],
“server_port”: 8888,
“password”: “Password”,
“timeout”: 600,
“method”: “salsa20”,
“fast_open”: true,
“workers”: 2,
“plugin”: “obfs-server”,
“plugin_opts”: “obfs=http;fast-open=true”
}
server with value ["[::1]", "127.0.0.1"]
means listen 127.0.0.1 and ::1
(localhost in IPv6), not listen all interface. fast_open means use TCP Fast Open, but with plugin, so actually 8888 is listened by obfs_-server, so we add fast-open=true to plugin_opts._ ipv6_first means while proxying DNS request, use IPv6 firstly. When you access google.com via proxy, you will use IPv6. Start it, make it autostart:
systemctl start shadowsocks-libev
systemctl enable shadowsocks-libev
Then,