Table of Contents

Shadowsocks! Sounds like the new superhero after Deadpool. Well, in a way it is a superhero! It let’s you bypass censorship, even the GFW! 1 Okay, so what’s this fuss about? Before going further, I think it needs some introduction.

Shadowsocks is a SOCKS5 compatible proxy server/client suite which excels at being undetectable. It leaves no fingerprint even when you use deep packet inspection. 2

Whoa! Wait, What does that mean? In simple terms, this means that shadowsocks lets you access blocked resources and is hard to detect by even the best firewalls.

Seems Interesting. I would definitely want one!
Okay, but before moving further, it’s important to know how this stuff works.


Shadowsocks is some software that has to be set up individually on two systems. One is your device, or the client, which wants to bypass firewalls, and the other is a server - quite simply a device which has unrestricted access to the internet.
The client then connects to the server (which isn’t blocked by the firewall), and tunnels all its traffic through the server via shadowsocks. The firewall thinks this is legitimate traffic, and so doesn’t block you.

The Big Picture.

The Big Picture.

Why Shadowsocks

Now you might think that if the client is already allowed to connect to the server, then why do we need shadowsocks in the first place? There are a couple of reasons why I recommend shadowsocks.


Enough of the talk. Let’s get some hands dirty.

I’ll be using an android phone as the client and an ubuntu machine as the server. If you cannot arrange for a server, I’d recommend renting one online. DigitalOcean lets you buy a decent server for as low as $5 per month. You can use this link while signing up to get $10 in free credit.


I’ll be setting up the server now. 4 First, a little housekeeping.

$ apt-get update
$ apt-get install python-pip
$ pip install shadowsocks

Next, create a config file /etc/shadowsocks.json and paste this

  "server": "",
  "server_port": 465,
  "local_port": 1080,
  "password": "secret",
  "timeout": 300,
  "method": "aes-256-cfb"

There are some things worth looking out here.

You don’t need to bother about other options for now. Just keep note of the password, we’ll be using that later. Next, you need to run shadowsocks in the background.

$ ssserver -c /etc/shadowsocks.json -d start

Once a client is connected, you can check the logs in /var/log/shadowsocks.log to confirm that it’s actually working. There! Halfway done.


Coming to the client, setting up shadowsocks for android is a piece of cake. Just install the shadowsocks android app, and enter the remote port, local port, encryption method and password according to the config file you just created on the server. Enter your server’s public IP 6 in place of the server option, and you’re ready to hit the connect button.

An interesting option here is to selectively use shadowsocks for only some applications instead of a global proxy using the per app proxy setting. This works well if you only have a few apps that need tunnelling.

There! you can now enjoy unrestricted internet, even on your phone! Visit the shadowsocks wiki page to find more about configuration options, optimization, and more advanced features.

  1. The Great Firewall of China ↩︎

  2. Inspired by James Swineson’s answer on Quora ↩︎

  3. Shadowsocks is also available for routers running OpenWRT ↩︎

  4. VPNDada has a good step by step tutorial on setting up shadowsocks on a digitalocean droplet from scratch. ↩︎

  5. Here’s a nice resource to help you test open ports↩︎

  6. You could also enter a domain instead of an IP if you have one set up. ↩︎