How To Install Shadowsocks on Fedora 42

Shadowsocks has emerged as one of the most reliable lightweight SOCKS5 proxy tools for users seeking enhanced privacy and secure internet access. Fedora 42, with its cutting-edge features and robust security mechanisms, provides an excellent platform for running Shadowsocks. This guide walks you through the complete process of installing, configuring, and optimizing Shadowsocks on Fedora 42, ensuring you can establish a secure connection efficiently.

Table of Contents

Understanding Shadowsocks and Its Benefits

Shadowsocks is an open-source, high-performance proxy designed to provide secure internet access through encrypted connections. Unlike traditional VPN solutions, Shadowsocks operates as a lightweight SOCKS5 proxy that efficiently tunnels network traffic through a secure channel.

The technology was initially developed to provide secure internet access in regions with restricted connectivity. Its client-server architecture works by encrypting the connection between your device and the Shadowsocks server, allowing your traffic to bypass network restrictions while maintaining privacy.

There are several Shadowsocks implementations available, including:

Shadowsocks-libev: Written in C, offering the highest performance and lowest resource consumption
Shadowsocks-python: The original implementation, easier to set up but slightly less efficient
Shadowsocks-go: Written in Go, balancing performance and ease of use
Shadowsocks-rust: A newer implementation with a focus on security

For Fedora 42, Shadowsocks-libev is recommended due to its superior performance, lower memory footprint, and comprehensive support for various encryption methods including the highly secure AEAD ciphers.

Prerequisites for Installing Shadowsocks on Fedora 42

Before proceeding with the Shadowsocks installation, ensure your system meets the following requirements:

An up-to-date Fedora 42 installation
Administrative (sudo) privileges
Basic familiarity with terminal commands
Sufficient system resources (minimal requirements: 1GB RAM, 10GB disk space)
A stable internet connection

First, update your system to ensure all packages are current:

sudo dnf update -y

Install the necessary dependencies:

sudo dnf install -y gettext build-essential autoconf libtool libpcre3-dev asciidoc xmlto libev-dev automake libmbedtls-dev libsodium-dev git python-m2crypto libc-ares-dev

Method 1: Installing Shadowsocks via COPR Repository

The COPR (Cool Other Package Repo) repository provides an easy way to install Shadowsocks on Fedora 42. This method simplifies package management and updates.

Step 1: Enable the Shadowsocks COPR Repository

First, enable the appropriate COPR repository:

sudo dnf copr enable librehat/shadowsocks

Step 2: Update Package Index

Refresh your package index to include the newly added repository:

sudo dnf update

Step 3: Install Shadowsocks-libev

Now install the Shadowsocks-libev package:

sudo dnf install shadowsocks-libev

This command installs the core Shadowsocks-libev server, client tools, and supporting utilities.

Step 4: Verify Installation

Confirm that Shadowsocks was installed correctly:

ss-server --version

You should see output displaying the version number of the installed Shadowsocks server, confirming a successful installation.

Troubleshooting COPR Installation Issues

If you encounter any issues during installation, check the following:

Ensure your network connection is stable
Verify that the COPR repository was added correctly
Check for any conflicting packages with sudo dnf list installed | grep shadowsocks
Review the installation logs for specific error messages: journalctl -xeu dnf

Method 2: Installing Shadowsocks via Snap Package

For those who prefer containerized applications, Snap provides an alternative installation method.

Step 1: Install Snap Core

First, install Snap if it’s not already available on your system:

sudo dnf install snapd
sudo systemctl enable --now snapd.socket
sudo ln -s /var/lib/snapd/snap /snap

Step 2: Install Shadowsocks via Snap

After setting up Snap, install Shadowsocks-libev:

sudo snap install shadowsocks-libev

You can choose between the stable and edge channels:

# For stable version
sudo snap install shadowsocks-libev --channel=stable

# For edge version (more recent but potentially less stable)
sudo snap install shadowsocks-libev --channel=edge

Step 3: Verify Snap Installation

Confirm that the installation was successful:

snap list | grep shadowsocks

While Snap offers ease of installation, be aware that Snap packages run in isolated environments, which may impact performance and system integration. For production environments, the COPR repository method is generally recommended.

Configuring Shadowsocks Server on Fedora 42

Proper configuration is crucial for a functional and secure Shadowsocks server. Let’s set up a basic configuration that you can later customize according to your needs.

Creating a Configuration File

Create a directory for your Shadowsocks configuration:

sudo mkdir -p /etc/shadowsocks

Create and edit the configuration file:

sudo nano /etc/shadowsocks/config.json

Add the following basic configuration, making sure to replace placeholder values with your actual information:

{
    "server":"0.0.0.0",
    "server_port":8388,
    "password":"your_secure_password",
    "timeout":300,
    "method":"aes-256-gcm",
    "fast_open":false,
    "workers":2
}

Understanding Configuration Parameters

The configuration file contains several important parameters:

server: Sets the IP address the server listens on. Use “0.0.0.0” to listen on all interfaces.
server_port: The port Shadowsocks will listen on (default is 8388).
password: Your authentication password. Choose a strong, unique password.
timeout: Connection timeout in seconds.
method: Encryption algorithm. AES-256-GCM is recommended for its security and performance.
fast_open: Enables TCP Fast Open for reduced latency (requires kernel support).
workers: Number of worker processes (set based on available CPU cores).

Testing Your Configuration

Validate your configuration file’s syntax:

ss-server -c /etc/shadowsocks/config.json --validate

If no errors are reported, your configuration file is syntactically correct and ready to use.

Adjusting Firewall Settings for Shadowsocks

Fedora 42 uses firewalld as its default firewall manager. You’ll need to open the necessary ports to allow Shadowsocks traffic through your firewall.

Opening Ports in Firewalld

Open the port specified in your Shadowsocks configuration:

sudo firewall-cmd --permanent --add-port=8388/tcp
sudo firewall-cmd --permanent --add-port=8388/udp
sudo firewall-cmd --reload

Replace “8388” with your actual port number if you’ve configured a different one.

Verifying Firewall Configuration

Confirm that the port has been correctly opened:

sudo firewall-cmd --list-all

You should see your specified port listed in the output, indicating that the firewall will allow Shadowsocks traffic.

Security Considerations

While opening ports is necessary for Shadowsocks to function, it also creates potential security vulnerabilities. Consider these security enhancements:

Use a non-standard port to avoid automated scanning
Implement IP restrictions if your clients have static IPs
Monitor connection attempts with intrusion detection systems
Keep your Shadowsocks installation updated with security patches

Starting and Managing the Shadowsocks Service

Fedora 42 uses systemd to manage services, making it straightforward to control the Shadowsocks server.

Starting the Shadowsocks Service

Start the Shadowsocks service with:

sudo systemctl start shadowsocks-libev-server@config

The @config suffix refers to the configuration file at /etc/shadowsocks/config.json. If you named your configuration file differently, adjust the command accordingly.

Enabling Automatic Startup

To ensure that Shadowsocks starts automatically when your system boots:

sudo systemctl enable shadowsocks-libev-server@config

Checking Service Status

Verify that the service is running correctly:

sudo systemctl status shadowsocks-libev-server@config

Look for “active (running)” in the output, which indicates that the service is operating normally.

Managing the Service

Common service management commands include:

# Stop the service
sudo systemctl stop shadowsocks-libev-server@config

# Restart the service
sudo systemctl restart shadowsocks-libev-server@config

# View real-time logs
sudo journalctl -fu shadowsocks-libev-server@config

Advanced Configuration Options for Shadowsocks

Once you have a basic Shadowsocks server running, you can explore more advanced configurations to enhance performance, security, and functionality.

Enabling TCP Fast Open

TCP Fast Open can significantly reduce connection latency. To enable it:

Ensure your kernel supports it (Linux kernel 3.7.1 or higher)
Modify your configuration file:
```
{
    "fast_open": true
}
```
Check kernel support and enable it if necessary:
```
echo 3 > /proc/sys/net/ipv4/tcp_fastopen
```

Setting Up Traffic Obfuscation with Simple-Obfs

To make Shadowsocks traffic less detectable, you can use the simple-obfs plugin:

sudo dnf install simple-obfs

Then modify your configuration to use the plugin:

{
    "plugin": "obfs-server",
    "plugin_opts": "obfs=http;host=www.example.com"
}

This makes your Shadowsocks traffic resemble regular HTTP traffic.

Multi-User Configuration

To support multiple users with different passwords:

{
    "server": "0.0.0.0",
    "port_password": {
        "8388": "password1",
        "8389": "password2",
        "8390": "password3"
    },
    "timeout": 300,
    "method": "aes-256-gcm",
    "fast_open": false,
    "workers": 2
}

Each port-password pair allows a different user to connect using their own credentials.

Client Setup and Configuration

To use your Shadowsocks server, you’ll need to configure a client on your devices.

Installing Shadowsocks Client on Fedora

To install the Shadowsocks client on a Fedora 42 desktop:

sudo dnf install shadowsocks-qt5

Creating Client Profiles

Launch the Shadowsocks-Qt5 client
Click “Connection” > “Add” > “Manually”
Enter your server information:
- Server Address: Your server’s IP or domain
- Server Port: The port from your server configuration
- Password: Your authentication password
- Encryption Method: Match the method used on your server
Click “OK” to save the profile
Select the profile and click “Connect”

Connecting Automatically on Startup

To configure the client to connect automatically when your system starts:

Go to “Settings” > “General Settings”
Check “Start at system startup”
Check “Auto connect on application start”
Select your default profile

Testing Client Connectivity

Verify your connection is working:

With the client connected, visit a website like ipinfo.io
Confirm your apparent IP address matches your server’s location
Test your connection speed using a service like speedtest.net

Browser Configuration for Shadowsocks

Configure your web browsers to use the Shadowsocks proxy for a seamless browsing experience.

Firefox Configuration

Open Firefox and go to Settings
Scroll down to “Network Settings” and click “Settings”
Select “Manual proxy configuration”
Enter “127.0.0.1” for SOCKS Host and “1080” for Port (default)
Select “SOCKS v5”
Check “Proxy DNS when using SOCKS v5”
Click “OK” to save changes

Chrome/Chromium Configuration

For Chrome or Chromium, install the SwitchyOmega extension:

Install SwitchyOmega from the Chrome Web Store
Click the SwitchyOmega icon and select “Options”
Create a new profile called “Shadowsocks”
Set Protocol to “SOCKS5”, Server to “127.0.0.1”, and Port to “1080”
Click “Apply changes”
Switch between direct connection and Shadowsocks by clicking the extension icon

Security Best Practices for Shadowsocks

Maintaining a secure Shadowsocks setup requires ongoing attention to security principles.

Password Security

Use a strong password with at least 16 characters
Include a mix of uppercase, lowercase, numbers, and special characters
Change your password regularly
Avoid using the same password across multiple services

Encryption Methods

Choose a secure encryption method, preferably an AEAD cipher:

aes-256-gcm: Good balance of security and performance
chacha20-ietf-poly1305: Excellent on systems without AES hardware acceleration
xchacha20-ietf-poly1305: Extended nonce version for additional security

Avoid older methods like bf-cfb, which have known vulnerabilities.

Regular Updates

Keep your Shadowsocks installation up to date:

sudo dnf update shadowsocks-libev

For source installations, pull the latest code and recompile:

cd /path/to/shadowsocks-libev
git pull
./configure && make && sudo make install

Performance Optimization for Shadowsocks

Fine-tune your Shadowsocks server for optimal performance with these adjustments.

Kernel Parameter Optimization

Create a system configuration file to optimize kernel parameters:

sudo nano /etc/sysctl.d/local.conf

Add the following optimizations:

# TCP congestion control
net.ipv4.tcp_congestion_control = bbr
net.core.default_qdisc = fq

# Increase system file descriptor limit
fs.file-max = 51200

# Increase the length of the processor input queue
net.core.netdev_max_backlog = 250000

# Maximum number of packets queued on interface input
net.core.netdev_budget = 50000

# Increase TCP max buffer size
net.core.rmem_max = 67108864
net.core.wmem_max = 67108864

# Increase TCP auto tuning buffer limits
net.ipv4.tcp_rmem = 4096 87380 67108864
net.ipv4.tcp_wmem = 4096 65536 67108864

Apply the changes:

sudo sysctl -p /etc/sysctl.d/local.conf

Server-Side Optimizations

Increase the number of worker processes to match your CPU cores:
```
{
    "workers": 4
}
```

Enable UDP relay if needed:

{
    "server_port": 8388,
    "mode": "tcp_and_udp"
}

Adjust timeout values based on your usage patterns:
```
{
    "timeout": 300
}
```

Troubleshooting Common Shadowsocks Issues

Even with careful setup, you might encounter issues with your Shadowsocks installation. Here’s how to diagnose and fix common problems.

Connection Failed

If you can’t connect to your Shadowsocks server:

Verify the server is running:

sudo systemctl status shadowsocks-libev-server@config

Check firewall settings:
```
sudo firewall-cmd --list-all
```
Ensure your client configuration matches the server (port, password, encryption method)
Test basic connectivity with ping:
```
ping your_server_ip
```

Slow Connection Speeds

If your connection is slower than expected:

Try different encryption methods (chacha20-ietf-poly1305 might be faster on some hardware)
Check for network congestion with MTR:
```
mtr your_server_ip
```
Use TCP Fast Open if your kernel supports it
Adjust the workers value to match your CPU cores

Service Won’t Start

If the Shadowsocks service fails to start:

Check logs for specific errors:

journalctl -xeu shadowsocks-libev-server@config

Validate your configuration file:

ss-server -c /etc/shadowsocks/config.json --validate

Check for port conflicts:
```
sudo netstat -tulpn | grep 8388
```
Ensure you have sufficient permissions for the configuration file.

Congratulations! You have successfully installed Shadowsocks. Thanks for using this tutorial for installing the Shadowsocks on Fedora 42 Linux system. For additional help or useful information, we recommend you check the official Shadowsocks website.

VPS Manage Service Offer

If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!