Knowledge is power. Information is liberating. — by Kofi Annan.
VPS
- CloudsVM
- Vultr
- DigitalOcean
- BandwagonHOST
- Client Area -> Services -> Order New Services
- 64MB RAM is enough for running both ShadowSocks and pdnsd
- Install Ubuntu LTS 32bit (x86, i686) or CentOS 7.
CentOS
Install CentOS 7 (64bit)
Shadowsocks
cd /etc/yum.repos.d/
wget https://copr.fedorainfracloud.org/coprs/librehat/shadowsocks/repo/epel-7/librehat-shadowsocks-epel-7.repo
yum update
yum install shadowsocks-libev
cd /etc/shadowsocks-libev/
vim config.json
# server should be 0.0.0.0
vi /usr/lib/systemd/system/shadowsocks-libev.service
# replace all $variables to constant values to fix the bug
systemctl enable shadowsocks-libev
systemctl start shadowsocks-libev
pdnsd
wget http://members.home.nl/p.a.rombouts/pdnsd/releases/pdnsd-1.2.9a-par_sl6.x86_64.rpm
yum localinstall pdnsd-1.2.9a-par_sl6.x86_64.rpm
vim /etc/pdnsd.conf
pdnsd.conf (replace the port)
global {
run_as = "pdnsd";
server_ip = 0.0.0.0;
server_port = [xxxx];
}
server {
label = "GoogleDNS";
ip = 8.8.8.8, 8.8.4.4;
timeout = 3;
}
Then run:
systemctl enable pdnsd
systemctl start pdnsd
Docker
Install Docker on VPS.
Remote Proxy
Install shadowsocks:
docker run -d -p <port>:<port> h12w/shadowsocks -p <port> -k <password> -m aes-128-cfb -t 60
Remote DNS server
Install pdnsd:
docker run -d -p [port]:53 -p [port]:53/udp h12w/pdnsd
To test the DNS server:
dig @xxx.xxx.xxx.xxx -p xxxx www.linux.com
Local OpenWrt Router
Install openwrt-shadowsocks & ChinaDNS on an OpenWrt router.
Follow the instructions on OpenWrt-Dist:
Check CPU model of the router:
cat /proc/cpuinfo
add the following to /etc/opkg.conf:
src/gz openwrt_dist http://openwrt-dist.sourceforge.net/releases/[cpu model]/packages
src/gz openwrt_dist_luci http://openwrt-dist.sourceforge.net/releases/luci/packages
and install:
opkg update
opkg install ChinaDNS
opkg install luci-app-chinadns
opkg install shadowsocks-libev-spec
opkg install luci-app-shadowsocks-spec
opkg install bind-dig
Or manually download IPKs of the corresponding CPU:
Copy *.ipk to router:
scp *.ipk [email protected]:/tmp
And install:
opkg install shadowsocks-libev-spec_xxx.ipk
opkg install ChinaDNS_xxx.ipk
/etc/init.d/shadowsocks enable
/etc/init.d/chinadns enable
ShadowSocks configuration in /etc/config/shadowsocks:
config shadowsocks
...
option config_file '/etc/shadowsocks/config.json'
...
option tunnel_enable '0'
...
It refers to /etc/shadowsocks/config.json:
{
"server": "xxx.xxx.xxx.xxx",
"server_port": xxxx,
"local_port": xxxx,
"password": "xxxxxx",
"method": "aes-128-cfb",
"timeout": 60
}
ChinaDNS configuration in /etc/config/chinadns:
config chinadns
...
option chnroute '/etc/shadowsocks/ignore.list'
...
option server '[isp_dns],[private_pdnsd_dns]'
...
Make sure [private_pdnsd_dns] is the same IP:PORT as the remote pdnsd server.
ucitrack configuration in /etc/config/ucitrack:
config shadowsocks
option init 'shadowsocks'
config chinadns
option init 'chinadns'
DHCP configuration in /etc/config/dhcp:
config dnsmasq
list server '127.0.0.1#5353'
option noresolv '1'
option nohosts '1'
RedSocks2
Use RedSocks2 to bypass the proxy when the target site is reachable.
Download RedSocks2:
Install RedSocks2:
scp *.ipk [email protected]:/tmp
opkg update
opkg install xxx.ipk
RedSocks2 will take effect immediately.
Upgrade OpenWRT
Download latest *.ipk above.
opkg update
opkg upgrade ipset libopenssl resolveip iptables-mod-tproxy
opkg install xxx.ipk
Merge configuration files manually.
Update ignore.list:
wget -O- 'http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest' | awk -F\| '/CN\|ipv4/ { printf("%s/%d\n", $4, 32-log($5)/log(2)) }' > ignore.list
scp ignore.list [email protected]:/etc/shadowsocks/ignore.list
reboot