Knowledge is power. Information is liberating. — by Kofi Annan.

VPS

  • CloudsVM
  • Vultr
  • DigitalOcean
  • BandwagonHOST
    • Client Area -> Services -> Order New Services
    • 64MB RAM is enough for running both ShadowSocks and pdnsd
    • Install Ubuntu LTS 32bit (x86, i686) or CentOS 7.

CentOS

Install CentOS 7 (64bit)

Shadowsocks

cd /etc/yum.repos.d/
wget https://copr.fedorainfracloud.org/coprs/librehat/shadowsocks/repo/epel-7/librehat-shadowsocks-epel-7.repo
yum update
yum install shadowsocks-libev
cd /etc/shadowsocks-libev/
vim config.json
# server should be 0.0.0.0

vi /usr/lib/systemd/system/shadowsocks-libev.service
# replace all $variables to constant values to fix the bug

systemctl enable shadowsocks-libev
systemctl start shadowsocks-libev

pdnsd

wget http://members.home.nl/p.a.rombouts/pdnsd/releases/pdnsd-1.2.9a-par_sl6.x86_64.rpm
yum localinstall pdnsd-1.2.9a-par_sl6.x86_64.rpm
vim /etc/pdnsd.conf

pdnsd.conf (replace the port)

global {
	run_as      = "pdnsd";
	server_ip   = 0.0.0.0;
	server_port = [xxxx];
}

server {
	label   = "GoogleDNS";
	ip      = 8.8.8.8, 8.8.4.4;
	timeout = 3;
}

Then run:

systemctl enable pdnsd
systemctl start pdnsd

Docker

Install Docker on VPS.

Remote Proxy

Install shadowsocks:

docker run -d -p <port>:<port> h12w/shadowsocks -p <port> -k <password> -m aes-128-cfb -t 60

Remote DNS server

Install pdnsd:

docker run -d -p [port]:53 -p [port]:53/udp h12w/pdnsd

To test the DNS server:

dig @xxx.xxx.xxx.xxx -p xxxx www.linux.com

Local OpenWrt Router

Install openwrt-shadowsocks & ChinaDNS on an OpenWrt router.

Follow the instructions on OpenWrt-Dist:

Check CPU model of the router:

cat /proc/cpuinfo

add the following to /etc/opkg.conf:

src/gz openwrt_dist http://openwrt-dist.sourceforge.net/releases/[cpu model]/packages
src/gz openwrt_dist_luci http://openwrt-dist.sourceforge.net/releases/luci/packages

and install:

opkg update
opkg install ChinaDNS
opkg install luci-app-chinadns
opkg install shadowsocks-libev-spec
opkg install luci-app-shadowsocks-spec

opkg install bind-dig

Or manually download IPKs of the corresponding CPU:

Copy *.ipk to router:

scp *.ipk root@192.168.2.1:/tmp

And install:

opkg install shadowsocks-libev-spec_xxx.ipk
opkg install ChinaDNS_xxx.ipk
/etc/init.d/shadowsocks enable
/etc/init.d/chinadns enable

ShadowSocks configuration in /etc/config/shadowsocks:

config shadowsocks
	...
	option config_file '/etc/shadowsocks/config.json'
	...
	option tunnel_enable '0'
	...

It refers to /etc/shadowsocks/config.json:

{
    "server":      "xxx.xxx.xxx.xxx",
    "server_port": xxxx,
    "local_port":  xxxx,
    "password":    "xxxxxx",
    "method":      "aes-128-cfb",
    "timeout":     60
}

ChinaDNS configuration in /etc/config/chinadns:

config chinadns
    ...
    option chnroute '/etc/shadowsocks/ignore.list'
    ...
    option server '[isp_dns],[private_pdnsd_dns]'
    ...

Make sure [private_pdnsd_dns] is the same IP:PORT as the remote pdnsd server.

ucitrack configuration in /etc/config/ucitrack:

config shadowsocks
    option init 'shadowsocks'

config chinadns
    option init 'chinadns'

DHCP configuration in /etc/config/dhcp:

config dnsmasq
    list server '127.0.0.1#5353'
    option noresolv '1'
    option nohosts '1'

RedSocks2

Use RedSocks2 to bypass the proxy when the target site is reachable.

Download RedSocks2:

Install RedSocks2:

scp *.ipk root@192.168.2.1:/tmp
opkg update
opkg install xxx.ipk

RedSocks2 will take effect immediately.

Upgrade OpenWRT

Download latest *.ipk above.

opkg update
opkg upgrade ipset libopenssl resolveip iptables-mod-tproxy
opkg install xxx.ipk

Merge configuration files manually.

Update ignore.list:

wget -O- 'http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest' | awk -F\| '/CN\|ipv4/ { printf("%s/%d\n", $4, 32-log($5)/log(2)) }' > ignore.list
scp ignore.list root@192.168.2.1:/etc/shadowsocks/ignore.list
reboot

Android Client

shadowsocks-android.