openwrt之shadowsock服务器搭建

环境

• debian10
• shadowsocks-libev

安装

官方源安装

sudo apt update
sudo apt install shadowsocks-libev

官方源最新版本安装

• 添加软件源，编辑/etc/apt/sources.list，添加：

  deb http://deb.debian.org/debian buster-backports main

• 安装

  sudo apt update
  sudo apt-get -t buster-backports install "shadowsocks-libev"

配置

• 编辑配置文件 /etc/shadowsocks-libev/ssconfig.json

  {
      "server":["::1", "0.0.0.0"],
      "mode":"tcp_and_udp",
      "port_password": {
          "port1": "password1",
          "port2": "password2",
      },
      "timeout":60,
      "method":"chacha20-ietf-poly1305",
      "fast_open":true
  }

• 创建系统服务/etc/systemd/system/ssmanager.service

  [Unit]
  Description=Shadowsocks Manager Server
  After=network.target
  [Service]
  User=root
  Group=root
  KillMode=mixed
  Type=simple
  ExecStart=/usr/bin/ss-manager --manager-address /var/run/shadowsocks-manager.sock -c /etc/shadowsocks-libev/ssconfig.json
  ExecReload=/bin/kill -s HUP $MAINPID
  ExecStop=/bin/kill -s QUIT $MAINPID
  [Install]
  WantedBy=multi-user.target

• 开启服务

  systemctl start ssmanager
  systemctl enable ssmanager

  优化

• 开启BBR

  echo "tcp_bbr" | sudo tee --append /etc/modules-load.d/modules.conf

• 优化内核，编辑/etc/sysctl.conf

  fs.file-max = 51200
  net.core.rmem_max = 67108864
  net.core.wmem_max = 67108864
  net.core.netdev_max_backlog = 250000
  net.core.somaxconn = 4096
  net.ipv4.tcp_syncookies = 1
  net.ipv4.tcp_tw_reuse = 1
  net.ipv4.tcp_tw_recycle = 0
  net.ipv4.tcp_fin_timeout = 30
  net.ipv4.tcp_keepalive_time = 1200
  net.ipv4.ip_local_port_range = 10000 65000
  net.ipv4.tcp_max_syn_backlog = 8192
  net.ipv4.tcp_max_tw_buckets = 5000
  net.ipv4.tcp_fastopen = 3
  net.ipv4.tcp_mem = 25600 51200 102400
  net.ipv4.tcp_rmem = 4096 87380 67108864
  net.ipv4.tcp_wmem = 4096 65536 67108864
  net.ipv4.tcp_mtu_probing = 1
  net.core.default_qdisc=fq
  net.ipv4.tcp_congestion_control=bbr

• 重启电脑后，检查是否开启bbr

  ## 第一项检查：
  sysctl net.ipv4.tcp_available_congestion_control | grep bbr
  ## 若已开启bbr，结果通常为以下两种：
  net.ipv4.tcp_available_congestion_control = bbr cubic reno
  net.ipv4.tcp_available_congestion_control = reno cubic bbr
  ## 第二项检查：
  sysctl net.ipv4.tcp_congestion_control | grep bbr
  ## 若已开启bbr，结果如下：
  net.ipv4.tcp_congestion_control = bbr
  ## 第三项检查：
  sysctl net.core.default_qdisc | grep fq
  ## 若已开启bbr，结果如下：
  net.core.default_qdisc = fq
  ## 第四项检查：
  lsmod | grep bbr
  ## 若已开启bbr，结果可能如下。并不是所有的 VPS 都会有此返回值，若没有也属正常。
  tcp_bbr 20480 2

参考文献

• shadowsocks-libev

快速搭建

• outline