Skip to content

Shadowsocks

GOST's support for shadowsocks is based on the shadowsocks/shadowsocks-go and shadowsocks/go-shadowsocks2 libraries.

Standard Proxy

gost -L ss://chacha20-ietf-poly1305:pass@:8338
services:
- name: service-0
  addr: :8338
  handler:
    type: ss
    auth:
      username: chacha20-ietf-poly1305
      password: pass
  listener:
    type: tcp

Delay Sending

By default, the shadowsocks protocol will wait for request data, and when it receives the request data, it will send the protocol header information to the server together with the request data. When the client option nodelay is set to true, the protocol header information will be sent to the server immediately without waiting for the user's request data. When the server connected through the proxy actively sends data to the client (such as FTP, VNC, MySQL), this option needs to be turned on to avoid abnormal connection.

UDP

The TCP and UDP services of shadowsocks in GOST are two independent services.

gost -L ssu://chacha20-ietf-poly1305:pass@:8338

is equivalent to

gost -L ssu+udp://chacha20-ietf-poly1305:pass@:8338
services:
- name: service-0
  addr: :8338
  handler:
    type: ssu
    auth:
      username: chacha20-ietf-poly1305
      password: pass
  listener:
    type: udp

Port Forwarding

Shadowsocks UDP relay can be used with UDP port forwarding:

gost -L udp://:10053/1.1.1.1:53 -F ssu://chacha20-ietf-poly1305:123456@:8338
services:
- name: service-0
  addr: :10053
  handler:
    type: udp
    chain: chain-0
  listener:
    type: udp
  forwarder:
    nodes:
    - name: target-0
      addr: 1.1.1.1:53
chains:
- name: chain-0
  hops:
  - name: hop-0
    nodes:
    - name: node-0
      addr: :8338
      connector:
        type: ssu
        auth:
          username: chacha20-ietf-poly1305
          password: "123456"
      dialer:
        type: udp

Data Channel

Shadowsocks proxy can be used in combination with various data channels.

SS Over TLS

gost -L ss+tls://:8443
services:
- name: service-0
  addr: :8443
  handler:
    type: ss
  listener:
    type: tls

Double Encryption

In order to avoid double encryption, Shadowsocks does not use any encryption method and adopts plain text transmission.

SS Over Websocket

gost -L ss+ws://:8080
gost -L ss+wss://:8080
services:
- name: service-0
  addr: :8080
  handler:
    type: ss
  listener:
    type: ws
    # type: wss

SS Over KCP

gost -L ss+kcp://:8080
services:
- name: service-0
  addr: :8080
  handler:
    type: ss
  listener:
    type: kcp

Comments