English translation of my post, original version in Russian is here.
Just a few words before we get started. You can skip this part if you want.
Introduction.
With internet regulation and censorship on the rise, states increasingly engaging in online surveillance, and state cyber-policing capabilities rapidly evolving globally, concerns about regulatory “chilling effects” online – the idea that laws, regulations, or state surveillance can deter people from exercising their freedoms or engaging in legal activities on the internet have taken on greater urgency and public importance [1]. Today, the most popular way to bypass Internet censorship are VPN services. However, they have quite significant drawbacks, which are completely or partially solved by setting up your own shadowsocks server. In this guide I will teach how to do it.
You can ask a reasonable question: why bother so much when there is a VPN services? So, to begin with, I will list the pros and cons of a VPN over a shadowsocks server:
Pros of VPN services:
The user does not need any technical knowledge and time-consuming configuration, just install a VPN client and use it. Setting up an SS server, especially with traffic obfuscation, requires some skills and knowledge that most users do not have.
Cons:
– VPN services can be slow, including the paid ones. I won’t even mention the free ones, as they are often extremely slow and may not provide adequate privacy protection. ISPs may intentionally throttle the speed of suspicious encrypted traffic originating from VPNs. This issue can be addressed by employing traffic obfuscation through basic TLS encryption, which appears legitimate to your ISP.
– VPNs are not entirely secure. If someone is determined, they can find you relatively quickly: either the VPN service might hand over your information to authorities, or your ISP could track you using a so-called “correlation attack.” This is when an ISP compares the IP address a user utilizes to access certain online content or visit a restricted website with the IP addresses connected at that time, enabling the ISP to potentially identify an internet dissident’s real IP address. In this context, SS + v2ray + tls is a safer option for users residing in totalitarian countries like Russia or China. By the way, the Shadowsocks protocol and v2ray were developed by users in China.
Besides speed and security, circumventing internet censorship and surveillance with SS+v2ray can be absolutely free! You just need to find a shareware virtual server (for example, Oracle Cloud, which has an unlimited trial period) and a free domain (such as a .tk domain provided by Freenom). However, using free services can be somewhat risky since you don’t have full ownership, and both the VPS and domain could be taken away from you at any moment.
Steps to set up your SS server:
– Getting a virtual server (VPS) running on Debian (you can use any distro you want, but in this tutorial I’m using Debian 10)
– Getting a domain (you can go with any domain, Freenom’s .tk for example)
– Signing up on Cloudflare and linking the domain there
– Deploying the shadowsocks and a web server on the VPS
– Getting a free SSL certificate and setting up traffic obfuscation
– Setting up a client for windows/android/ios/linux.
Let’s get started.
Getting a virtual server (VPS)
Any inexpensive virtual server provider will do. Oracle Cloud and Microsoft Azure are fine and they’re free too! (though, there is a limit on the amount of traffic). There is nothing complicated in getting a virtual server, just make sure that you are provided with a dedicated static IP address and have open ports 80, 443 and 22 (usually they are opened by default). You can also choose a suitable VPS from this list: https://bitcoin-vps.com/
Getting a domain
Get any domain you want, .tk domains are free (you can get one here: https://www.freenom.com)
Signing up on Cloudflare and linking the domain (adding DNS records)
As an example, let’s take the bernd32.xyz domain. To do this, in the cloudflare, specify the IP address of our SS server, one is just bernd32.xyz, the second is www.bernd32.xyz, click next.
In this guide I’ll use one of my domains bernd32.xyz, replace with your own. We need to make two DNS records:
1) “A” record with the name “www” and IP address of your VPS
2) “A” record with the name “bernd32.xyz” and IP address of your VPS
Next, click “Continue.” Afterward, Cloudflare will generate name servers that should be entered into the control panel of your domain registrar. If you obtained your free .tk domain from Freenom, the control panel page might look something like this:
Wait for a few hours for the DNS records to update. In the meantime, let’s navigate to the Cloudflare Firewall settings and change the Security level to “Essentially Off”: