![]() Point the owners to this tutorial, as well as this post and this summary. Q: But my “airport” is still using stream cipher?Ī: Then it is clear sign that your “airport” has very poor security awareness. More devastatingly, an attacker can get full decryption of recorded Shadowsocks sessions, without knowing the password. Even the latest version of Shadowsocks-libev operating in stream cipher mode is vulnerable to active probing (see Figure 10). Q: Should I use any stream cipher in Shadowsocks?Ī: No. It is also the default encryption method for both Shadowsocks-libev and OutlineVPN. Q: Why do you use chacha20-ietf-poly1305?Ī: Because it is one of the AEAD ciphers, which can defend the active probings by the GFW. To manually update immediately: sudo snap refresh. Q: How can I update Shadowsocks-libev via snap?Ī: Usually you don’t have to update it manually because snap automatically updates all apps once per day. For example, as of January 2021, the version included in Debian buster repo was v3.2.5, which was not sufficient to defend active probings from the GFW (see Figure 10). Q: Should I install Shadowsocks-libev from a distribution repo?Ī: A distribution repo may not always include the latest version of Shadowsocks-libev. ![]() We also encourage you report the block to us and we will carefully investigate it. If your server got blocked, too, please consider using the backup ports to mitigate the blocking. Since this tutorial can defend all known active probing attacks by the GFW, it is likely that the censor has employed some unknown attacks against Shadowsocks-libev. Q&A Q: Why did my server still get blocked when I followed your tutorial?Ī: As of November 7 2021, we indeed received a few report on the blocking of Shadowsocks. Note that setting a PREROUTING rule on ephermeral ports ( /proc/sys/net/ipv4/ip_local_port_range) will not disrupt normal outgoing connections that use those ephermeral ports as source ports. Now double check you have both snapd and Snap core installed:Ĭhain PREROUTING (policy ACCEPT 0 packets, 0 bytes) ![]() If your server is running some other Linux distributions, simply follow the corresponding installation instructions.If your server is running Ubuntu 16.04 LTS or later, Snap is already installed.Snap is the officially recommended way to install Shadowsocks-libev. Please let us know and we will improve the documentation. If you get lost at any step of this tutorial, This tutorial is intended to be friendly to non-technical users. Please consider bookmark this page because we commit to make this tutorial up-to-date and provide latest best practices to defend against emerging attacks. ![]() We thus share a way to setup backup ports to mitigate the inconvenience caused by port blocking. We compile a list of commonly asked questions, debunking common myths of Shadowsocks-libev.Īs of November 7, 2021, we received a few reports on the blocking of Shadowsocks ports. Including active probing from the GFW and the partitioning oracle attack. This tutorial documents how to install, configure and maintain a Shadowsocks-libev server.īy following this tutorial, your Shadowsocks-libev servers should be able to defend against various attacks,
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |