What's new

Using shadowsocks to replace OpenVPN setup

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

stfn

Occasional Visitor
Hi all,

This is my first post and I am really new to this. So please go easy on me.

I know you are all very busy so all I am asking is a nudge in the right direction.
Due to increased GFW activity and VPN interferences I am forced to look into a different solution. With OpenVPN basically shut down I will probably give shadowsocks a try. This means I'll rent a VPS through e.g. digitalocean, install a recent Ubuntu (>14) and run a shadowsocks server there. This doesn't seem difficult at all and the clients all look easy enough. Except for the router (RT68U).
My current (quick&dirty) setup allows me to run Astrill VPN on the 2.4GHz WiFi and run 5GHz without VPN. I also run a transmission daemon on the router but since traffic is unlimited with Astrill I don't care about that. However, with a VPS traffic will be severely limited. 1TB per month with the cheapest plan.
Here are my questions:
  • I've installed shadowsocks-libev-polarssl 2.2.3-1 through Entware-NG. Is the polarssl version preferable over the openssl?
  • Will I be able to control what's going through the shadowsocks proxy? Can I exclude clients or, for instance, the transmission daemon? Can I set up 2 WiFis; one going through shadowsocks, the other one bypassing it?
I guess I would like to recreate my current VPN setup for shadowsocks with traffic limitations in mind. Again, sorry for asking but the whole shadowsocks topic is barely documented or in Chinese.

Thanks for nudging...
 
Sounds like you've lost your Netflix, eh?
Haha, I wish it was just that. I basically lost the internet. All of Google (including search, Maps, GMail, PlayStore, calendar, YouTube, etc.), social media (FB, twitter, tumblr, etc.), news (NYTimes, BBC, buzzfeed, etc.), messengers (Telegram, Signal, etc.) to name just a few things at the top of my head. Heck, even SoundCloud and dribbble.com are blocked. Please don't ask me why ;)
You actually have no idea how limiting this. I can hardly talk to my family over the internet. Social media does not affect me much but not being able to simply google something or download an app or navigate somewhere is like being teleported back to the early 90s. That's no fun at all.
 
I basically lost the internet. All of Google (including search, Maps, GMail, PlayStore, calendar, YouTube, etc.), social media (FB, twitter, tumblr, etc.), news (NYTimes, BBC, buzzfeed, etc.), messengers (Telegram, Signal, etc.) to name just a few things at the top of my head. Heck, even SoundCloud and dribbble.com are blocked.

Well, something's pretty odd - those are all general public accessible web-sites in most of the free world.

Care to share the upstream situation if you can? Are you located in a region that is in conflict or very repressive?
 
Well, something's pretty odd - those are all general public accessible web-sites in most of the free world.

Care to share the upstream situation if you can? Are you located in a region that is in conflict or very repressive?
Yes, I am in the internet's maximum security camp. A place where things get blocked without any (apparent) reason. The Great FireWall (GFW) of China is probably the most sophisticated digital censorship machine. Have a look at how far reaching it actually is.
By the way: I wish I was in the position that I had lost Netflix. That would imply I used to have it before. While the VPN situation would have technically allowed watching Netflix (with out-servers in almost 100 different countries), the reality is far from that. When I get home after work (internet rushhour) the throughput is usually too low to stream anything anyways.
And using shadowsocks instead of VPN will exclude me from Netflix all together, taking away all hypothetical chances. I will have to bind myself to one explicit out-server of the VPS. Currently this will probably be Singapore or Hong Kong.
So if you were thinking of gifting me a Netflix subscription I will have to politely decline.

Oh, I copy/paste every post/reply before I hit the "post" button because you can never trust your internet connection here.
 
It seems to me you are making this too complicated. I've been in China for almost 14 years now and have always had interesting but solvable problems with the GFW. Even now, with the increased blockage because of the national meetings, I can use Astrill without too much difficulty. I use Astrill on my desktops and the Astrill plug-in for the AC88U for my wireless devices (Roku, AppleTV, etc.). I am watching Netflix (I'm a paid U.S. subscriber) as I type this. On good days, I get 90% of my rated bandwidth (~45M according to Speedtest.net and DSL) with most Astrill servers. Some of your issues could be related to your carrier.
 
It seems to me you are making this too complicated. I've been in China for almost 14 years now and have always had interesting but solvable problems with the GFW. Even now, with the increased blockage because of the national meetings, I can use Astrill without too much difficulty. I use Astrill on my desktops and the Astrill plug-in for the AC88U for my wireless devices (Roku, AppleTV, etc.). I am watching Netflix (I'm a paid U.S. subscriber) as I type this. On good days, I get 90% of my rated bandwidth (~45M according to Speedtest.net and DSL) with most Astrill servers. Some of your issues could be related to your carrier.
Thanks for your input. But after 14 years of China (respect!) you know much better than I do how much mileage will vary. You might be lucky with (or more knowledgeable in selecting) your ISP (mine is pretty shirte without VPN already) but basically everyone I know reports of barely working Astrill services. We could go into a lengthy discussion about this but there is plenty of that on reddit already. So from my (limited, very personal and obviously biased) experience OpenVPN is mostly down since last week. So is OpenWeb. StealthVPN still works but my 30 days of Astrill make-up gift are running out (after their massive and entirely out of line fallout on CNY). Now I could theoretically invest more into Astrill technology. That is, purchasing more of their products like StealthVPN and VIP services. But this gets very pricey. And it doesn't help my router at home which only runs OpenVPN or RouterPro. Latter, though, didn't prove to be any better/more reliable than OpenVPN when I tested it for a few days several months ago. And I doubt it has gotten any better ever since the GFW seemed to have tightened the screws.
Maybe it is based on your location but downtown Shanghai with zero choice in ISPs is not going too well...
 
Thanks for your input. But after 14 years of China (respect!) you know much better than I do how much mileage will vary. You might be lucky with (or more knowledgeable in selecting) your ISP (mine is pretty shirte without VPN already) but basically everyone I know reports of barely working Astrill services. We could go into a lengthy discussion about this but there is plenty of that on reddit already. So from my (limited, very personal and obviously biased) experience OpenVPN is mostly down since last week. So is OpenWeb. StealthVPN still works but my 30 days of Astrill make-up gift are running out (after their massive and entirely out of line fallout on CNY). Now I could theoretically invest more into Astrill technology. That is, purchasing more of their products like StealthVPN and VIP services. But this gets very pricey. And it doesn't help my router at home which only runs OpenVPN or RouterPro. Latter, though, didn't prove to be any better/more reliable than OpenVPN when I tested it for a few days several months ago. And I doubt it has gotten any better ever since the GFW seemed to have tightened the screws.
Maybe it is based on your location but downtown Shanghai with zero choice in ISPs is not going too well...

I understand what you are saying. I'm not particularly advocating Astrill only explaining it is working for me just fine right now (Stealth). Granted, only about 20% of their servers are working from here but they are staying up for now. I never had much luck w/OpenVPN since the military absolutely knows how to block that and it is never as fast form me compared to Stealth. There are a lot of other things at work as well. Everyone has different situations and a lot of the restrictions will go away soon. Good luck.
 
Everyone has different situations and a lot of the restrictions will go away soon. Good luck.
The second part I find very interesting: how do you know that a lot of the restrictions will go away soon? Ever since I've been here things have only gotten worse, never better.
StealthVPN seems to be okay so far, but speed is still not amazing and hunting down the handful of servers that are still working (out of dozens) is very inconvenient and time-consuming. Moreover, Astrill is just getting way too expensive with all the necessary add-ons. And I need a router-based solution at home anyways.

Vultr has a 2 month free trial so I really would like to give it a try. Would be great if someone could help with my initial question. Thx
 
The second part I find very interesting: how do you know that a lot of the restrictions will go away soon? Ever since I've been here things have only gotten worse, never better.
StealthVPN seems to be okay so far, but speed is still not amazing and hunting down the handful of servers that are still working (out of dozens) is very inconvenient and time-consuming. Moreover, Astrill is just getting way too expensive with all the necessary add-ons. And I need a router-based solution at home anyways.

Vultr has a 2 month free trial so I really would like to give it a try. Would be great if someone could help with my initial question. Thx

How do I know? Because historically, they always have. China basically shuts down the Internet two time a year. Once during Spring Festival and the other during the CCCP & NCP meetings that are happening now. Afterwards, things have always gotten back to "China normal" meaning VPN's work again. In the past, all the Astrill servers have started working just fine when these events conclude. "Expensive" is a relative term. I don't think it is but then again my company pays. You only really need the Stealth add-on the others are personal choice. For instance the VIP option is useless, in my opinion. Keep in mind that a home router based solution will almost always be slower than a client on a desktop.
 
I appreciate your input and as I pointed out earlier you simply know better about Chinese (internet) oddities. And you have the convenience of a company that acknowledges the necissity of a proper VPN. Mine is actually actively targeting the use of VPNs on the company network.
And I really, REALLY do enjoy all my devices connected to the internet at once at home. Hence the desktop-based solutions are not satisfying for me.
BTW, when do you reckon the CCCP & NCP meetings will come to their well deserved end? I mean I feel sorry for the poor politicians having to attend constant meetings.
 
I appreciate your input and as I pointed out earlier you simply know better about Chinese (internet) oddities. And you have the convenience of a company that acknowledges the necissity of a proper VPN. Mine is actually actively targeting the use of VPNs on the company network.
And I really, REALLY do enjoy all my devices connected to the internet at once at home. Hence the desktop-based solutions are not satisfying for me.
BTW, when do you reckon the CCCP & NCP meetings will come to their well deserved end? I mean I feel sorry for the poor politicians having to attend constant meetings.

Apparently, the meetings concluded yesterday. It usually takes a few days to get back to "China normal", I hope.
 
Fingers crossed! My stealthVPN CNY-aftermath free subscription just expired. Now I am left with Lantern (which works great btw) which at least covers desktop and mobile.
 
you might give AirVPN a try. They offer openvpn through an SSL tunnel. Since we can install entware you can then install stunnel to run the SSL tunnel. just download config files for linux, not router.
 
you might give AirVPN a try. They offer openvpn through an SSL tunnel. Since we can install entware you can then install stunnel to run the SSL tunnel. just download config files for linux, not router.
AirVPN sounds interesting and I might give it a try if the shadowsocks solution is not for me. I assume you don't have any experience with it in China?
Thanks for the input, I will keep this in mind. From what I've heard from people around ExpressVPN is considered okay at the moment but they are even more expensive :(
 
AirVPN sounds interesting and I might give it a try if the shadowsocks solution is not for me. I assume you don't have any experience with it in China?
Thanks for the input, I will keep this in mind. From what I've heard from people around ExpressVPN is considered okay at the moment but they are even more expensive :(

I have not used it from China. But, there are some who do in their forum. It's a gamble whether it will work or not. I think some VPN IP addresses are blocked so you won't even be able to connect. But, you should be able to get a free trial so you can test.
 
Apparently, the meetings concluded yesterday. It usually takes a few days to get back to "China normal", I hope.
Chapeau! OpenVPN started to connect again on the weekend. We even had some data trickling through. Nevertheless, still intrigued by shadowsocks.

@cosmoxl: I will look into AirVPN as soon as I abandon the shadowsocks "project" (which hasn't even been kicked off yet)
 
Astrill has been down for heckloads of people i know. Some claim PPTP still works for them. Others have switched to earthvpn or vyprvpn. The rest have been using free apps available on the appstore and psiphon. Personally, I use openvpn on my AC68U. It can go for upto 2 days without any issues at times but lately I've had to reset the connection (flick the on/off switch in openvpn) quite regularly I have to say. It is undoubtedly extremely annoying when you wanna google something but instead have to first spend time logging into the router to reset the connection. But hey, that's how its been in China. I have the desktop and mobile apps too but just like you I also prefer to have all my devices connected at the same time.
 
Astrill has been down for heckloads of people i know. Some claim PPTP still works for them. Others have switched to earthvpn or vyprvpn. The rest have been using free apps available on the appstore and psiphon. Personally, I use openvpn on my AC68U. It can go for upto 2 days without any issues at times but lately I've had to reset the connection (flick the on/off switch in openvpn) quite regularly I have to say. It is undoubtedly extremely annoying when you wanna google something but instead have to first spend time logging into the router to reset the connection. But hey, that's how its been in China. I have the desktop and mobile apps too but just like you I also prefer to have all my devices connected at the same time.
ˆ^this. Free apps on my work computer. My company's IT is a joke and they probably only know Astrill so free apps work better at the moment and OpenVPN and Astrill show signs of betterment.
BTW, do you use the built-in VPN client or do you use the Astrill applet? I use the latter because it is quite convenient.

But seriously, what's the point of messing with OpenVPN? They don't shut it off fully (even though they've just proven again they can) but they make it utterly slow and inconvenient. As far as I know OpenVPN is still the standard protocol for most corporate VPNs that so many foreign and domestic companies (have to) rely on.

But back to my main question :) (how) can I create an exception for a service that runs on the router to bypass a socks5 proxy?

Sorry for being so persistent about this but I view this as a chance to learn a bit about networking fundamentals (where I am very clearly lacking the essentials). I do, however, enjoy the offtopic discussion quite a bit ;)
 
Offtopic: Astrill is still basically down for me. Speed test responds for CN Optimised 3 as the only server. Ping is a laughable 1335ms and speed is 38 kbps. I cannot open a single page on OpenWeb, OpenVPN does not connect. My router at home sometimes manages to squeeze a bit out of OpenVPN but it's far from what (pathetic) speeds I had before.
So so far I cannot say 'the ban has been lifted' after the concluded meetings.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top