openwrt之shadowsock服务器搭建

环境

• debian10
• shadowsocks-libev

安装

官方源安装

sudo apt update
sudo apt install shadowsocks-libev

官方源最新版本安装

• 添加软件源，编辑/etc/apt/sources.list，添加：

deb http://deb.debian.org/debian buster-backports main

• 安装

sudo apt update
sudo apt-get -t buster-backports install "shadowsocks-libev"

配置

• 编辑配置文件 /etc/shadowsocks-libev/ssconfig.json

{
    "server":["::1", "0.0.0.0"],
    "mode":"tcp_and_udp",
    "port_password": {
        "port1": "password1",
        "port2": "password2",
    },
    "timeout":60,
    "method":"chacha20-ietf-poly1305",
    "fast_open":true
}

• 创建系统服务/etc/systemd/system/ssmanager.service

[Unit]
Description=Shadowsocks Manager Server
After=network.target
[Service]
User=root
Group=root
KillMode=mixed
Type=simple
ExecStart=/usr/bin/ss-manager --manager-address /var/run/shadowsocks-manager.sock -c /etc/shadowsocks-libev/ssconfig.json
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
[Install]
WantedBy=multi-user.target

• 开启服务

systemctl start ssmanager
systemctl enable ssmanager

优化

• 开启BBR

echo "tcp_bbr" | sudo tee --append /etc/modules-load.d/modules.conf

• 优化内核，编辑/etc/sysctl.conf

fs.file-max = 51200
net.core.rmem_max = 67108864
net.core.wmem_max = 67108864
net.core.netdev_max_backlog = 250000
net.core.somaxconn = 4096
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 10000 65000
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_fastopen = 3
net.ipv4.tcp_mem = 25600 51200 102400
net.ipv4.tcp_rmem = 4096 87380 67108864
net.ipv4.tcp_wmem = 4096 65536 67108864
net.ipv4.tcp_mtu_probing = 1
net.core.default_qdisc=fq
net.ipv4.tcp_congestion_control=bbr

• 重启电脑后，检查是否开启bbr

## 第一项检查：
sysctl net.ipv4.tcp_available_congestion_control | grep bbr
## 若已开启bbr，结果通常为以下两种：
net.ipv4.tcp_available_congestion_control = bbr cubic reno
net.ipv4.tcp_available_congestion_control = reno cubic bbr
## 第二项检查：
sysctl net.ipv4.tcp_congestion_control | grep bbr
## 若已开启bbr，结果如下：
net.ipv4.tcp_congestion_control = bbr
## 第三项检查：
sysctl net.core.default_qdisc | grep fq
## 若已开启bbr，结果如下：
net.core.default_qdisc = fq
## 第四项检查：
lsmod | grep bbr
## 若已开启bbr，结果可能如下。并不是所有的 VPS 都会有此返回值，若没有也属正常。
tcp_bbr 20480 2

参考文献

• shadowsocks-libev

快速搭建

• outline