Guide: Shadowsocks setup on OpenWrt for beginners

Hello,

as an OpenWrt and proxy beginner, I've spent quite a lot of time figuring out how to set up shadowsocks on OpenWrt due to many outdated guides, how-tos and forum discussions. Thus, here's a summary on how to install and setup shadowsocks on a fresh OpenWrt installation:

  1. Install packages:
    The names of the packages have changed from what many guides state. These are working at the time of writing. Install the following packages using opkg:
luci-app-shadowsocks-libev
shadowsocks-libev-ss-local
shadowsocks-libev-ss-redir
shadowsocks-libev-ss-rules
shadowsocks-libev-ss-tunnel
  1. Configure server:
    In the Luci Web UI, head to Services > Shadowsocks-libev > Remote Servers and edit the existing sss0 server (or add a new one). Set at least IP, port, method and password, and don't forget to untick the Disable checkbox.

  2. Configure services and rules:
    The simplest recipe is to forward all traffic through the tunnel. Follow the steps outlined in the readme file under Recipes > forward all: https://github.com/openwrt/packages/blob/master/net/shadowsocks-libev/README.md#recipes
    You can do this either via command line or in the web interface.

  3. Change DNS config:
    This must be done via command line according to the instructions in https://github.com/openwrt/packages/blob/master/net/shadowsocks-libev/README.md#recipes

I hope this small guide helps you setting up your shadowsocks tunnel! Feel free to comment and update the content, if necessary.

Additional steps required for shadowsocks on a NanoPi R2S:
The NanoPi R2S is a cheap little device with two ethernet ports that can easily be plugged between the modem and wifi router to provide tunneling service to your entire network, even if the wifi router doesn's support OpenWrt (or you don't want to change it due to warranty reasons). Unfortunately, at the time of writing, the operating system shipped with the NanoPi (FriendlyWrt fork of OpenWrt) has some issues and doesn't allow an easy installation of shadowsocks. The packages kmod-ipt-tproxy and iptables-mod-tproxy are missing from the release repositories and need to be downloaded and installed manually. Follow the instructions in this post: https://github.com/openwrt/packages/issues/11457#issuecomment-711164213

3 Likes

@bobafetthotmail Where in the wiki could these instructions be placed?

Shadowsocks is an encrypted proxy so it should go here https://openwrt.org/docs/guide-user/services/proxy/start

I've created the article now https://openwrt.org/docs/guide-user/services/proxy/shadowsocks

1 Like

Thanks guys, you're right, the wiki is a better place for this guide! I'll keep updating the content over there from now on.

3 Likes