Attenzione

This passage provides for sure a solution to copyright issues due to certain applications being used overseas. However, the following means is not limited to such usage but also suitable for, literally speaking, general network manipulation like how VPN works — actually much better, safer, smarter, and more stable and flexible. Let's now begin to dive deep into this overwhelming mechanism supporting almost all kinds of main-stream platforms as Windows, macOS, Linux, iOS and Android.

Preface

As copyright issues become more and more irretating these years especially for oversea users when encountering online audio and video applications. Non-paid users may get copyright warnings like the following if, for example, using a music application called Netease Music originated from China. Indeed, nowadays even paid users can also be interestingly infected in some certain region.

NeteaseMusic Copyright

Solutions can be found on the internet like switching the whole computer DNS to a specified one, while complaints on unstability can also be.

To eliminate such annoying problems, here we introduce Shadowsocks, an powerful free open-source "tunnel proxy that helps you bypass firewalls", as stated on its official Github project website, together with another outstanding network tool — Proxifier, allowing "network applications that do not support working through proxy servers to operate through a SOCKS or HTTPS proxy and chains." However, ironically, one may need to break through the GFW to visit the latter official website.

Key Words

Shadowsocks, Proxifier, Proxy, Server, Copyright, Network, GFW

General Idea

  1. First of all, we need a remote cloud server pre-configured with this proxy service as a Shadowsocks server.
  2. Then we run Shadowsocks application on our local computer. Establish connection with that remote server and see if it's working properly.
  3. Configure Proxifier to specify a wanted program i.e. NeteaseMusic, data of which will go through proxy tunnel.
  4. Fault detection & optimization.

Preliminaries

  • Server
  • Here server means a virtual machine in the cloud with various choices of pre-installed operating systems. In most cases, we just communiate with a remote server by a client such as PuTTY via SSH protocol — a commandline-like shell without graphic interface.

  • Location of the server
  • In this case, we are dealing with copyright issues outside mainland of China, therefore here we need a cloud server located in mainland of China as if we really are.

    While on the contrary, when dealing with GFW issues inside mainland of China, we need one outside then.

  • Shadowsocks
  • Shadowsocks is let's say, a VPN-like tunnel proxy tool which sets itself as a kind of stand-by system service in the background and no more attention is needed once set up. The native protocol is based on socket 5 while http protocol can also be internally translated and supported. Moreover, you can also allow it to automatically start every time your computer boots up. It occupies a port of your internet and only those applications who are manually specified to listen to this port will go through the proxy without interfering with other unnecessary innocent applications — you don't want, for example, your downloaders be also proxied — thus a tunnel-based tool like Shadowsocks is preferred than ordinary globally-aimed VPN.

    Listen, or not,
    do exist there the port,
    neither will it soar,
    nor will it sink.

    你监听,或者不监听,
    端口就在那里,
    不增不减。

    —— Benny

    Nevertheless, besides Shadowsocks offers the "Manual Mode" acts as above, another two modes - Global and Auto are also available.

    • Manual Mode
    • When operating in Manual Mode, Shadowsocks only occupies a port as a service. No program will be affected if none is manually specified to listen to this port, just as if no one knows there exist such a port.

    • Global Mode
    • When operating in Global Mode, Shadowsocks not only occupies a port as a service, but also broadcast it to built-in syttem native browsers, i.e., Internet Explorer, Microsift Edge for Windows and Safari for macOS, by setting the system proxy to its socket 5 or http protocol with also the corresponding port. In this manner, any program whose proxy policy is set to "use system proxy" will also be affected. But still, your downloader will not go through the proxy if its proxy policy is set as "without any proxy". In one word, this "global" doesn't mean real global. So in real practical cases, we never use this.

    • Auto Mode
    • Auto Mode stands for "Proxy Auto Configure Mode", to some certain extent, this mode is usable in GFW cases — link of GFW rules maintained by some certain orginazions can be found online and will further continuously be updated automatically. Such rules determine whether or not proxy will be adopted to open a link in the browser. Yet, personally speaking, still not suggested.

  • Proxifier
  • As we can see, for Shadowsocks, Manual Mode is always preferred, but problems take place that certain program as Mac version of Netease Music doesn't support in-app proxy option, therefore the Manual Mode couldn't come into effect.

    We here turn to Proxifier for help, a software makes possible the capability of certain program not equipped with native in-app proxy.

  • SSH connection
  • Screen display is not our purpose, what a server need to do are just commands given by us, including but not limited to — download, extract, copy, R/W privilidge, modify and save a file. These commands can all be done by typing into a shell-like window remotely. Here we give an intuitive illustration on how PuTTY is used to remotely configure a server. (GFW breaking is also required due to the block of its official website in mainland of China.)

    ![PuTTY](/content/images/2017/04/PuTTY.png)

    • Download PuTTY
    • PuTTY provided by above link is a achieve pack of a set of tools, including what we mainly need — PUTTY.EXE

    • Connect a remote server
    • Run PUTTY.EXE on your PC and set as follows.

Getting Started

  • Grab a server
  • You can either

    • Plan A - Ask Benny for a Chinese server directly.

    or ...

    • Plan B - Buy one for yourself. Detailed procedures are as follows.
    • Public IP: 120.**.**.** (ask Benny)
      Location: Shenzhen, Guangdong, CN
      CPU: 1 core
      RAM: 1 GB
      Bandwidth: 100 Mbps (max @ 12.5 MB/s)
      Data: Priced on actual usage

      Let's take Aliyun as an example. Aliyun gives special offers to students with verified identities. Price of ECS (Elastic Cloud Server) is as low as ¥9.9/month with adjustable bandwidth up to 100Mbps.

      I believe the bandwidth is quite sufficient even for video streaming, though I doubt who'd turn to a Chinese server for Chinese video browsing? Maybe iQIYI?

      A snap of purchase is listed below as an example.

      ![Aliyun Student Server](/content/images/2017/04/Aliyun_Studnet_Server.png)

  • Connect and configure your server
  • Thanks Teddy, almost-one-click configuration manual can be found online which performs an automatic initialization to get your server ready for Shadowsocks service. However, maybe such method was intended for GFW usages, meaning that the server to be configured is outside the mainland of China, therefore download links in the script are blocked by the GFW, making the mission impossible.

    However, I can manually download and upload the required file, then modify the script by removing those lines, problems are solved.

    download_files(){
        cd ${cur_dir}
    
        if ! wget --no-check-certificate -O ${shadowsocks_libev_ver}.tar.gz ${download_link}; then
            echo "Failed to download ${shadowsocks_libev_ver}.tar.gz"
            exit 1
        fi
       ...
    }

    With the help of FileZilla, after some manual fatigue, I finally succedded in installing Shadowsocks service on a Chinese server.

  • Test your server
  • Once you've finished setting the server, we can test our server by a Shadowsocks client, actually there are many written in different computer languages. Here I prefer Shadowsocks-Windows on PC and ShadowsocksX-NG on Mac. Other versions can be found either on shadowsocks.org or of more varieties, on Github Project.

    • Configure your client
    • Set up your client as following.

      • Turn it on.

      • Add your server.

      • Type in your parameters.

      • Set it to "Global Mode" temporarily for test.
    • Try your browsers
      • Open your system built-in browsers like Safari or Internet Explorer or Edge.
      • Check if you can open baidu, if yes, then type in IP and hit search. Hope you can get the following result.
    If you've succeeded in getting the same result, you've achieved 90% of final result. The rest is to make third-party program that doesn't support in-app proxy function.
  • Specify wanted program
    • Download Proxifier suitable for your platform, then run it.
    • Set Proxifier as follows.
      • Find and check your local port of Shadowsocks to be listend. The default port is 1086 and 1080 for Mac and Windows, respectively.
      • Open Proxifier, find Proxies->Add... as following.
      • When asked Do you want Proxifier to use this proxy by default?, press No.

    • Select the program
      • In Profixier, find rules->Add..., after typing a fancy name for Netease Music program in the Namecolumn, hit + and find your program like this.

      • Then, down in Action section, choose Proxy SOCKS5 127.0.0.1:1086 like this.

      • After that, perform a quick check like the following, make sure Netease Music is going through Proxy.

      • Finally, switch Shadowsocks to Manual Mode.
  • Test your program
  • Launch Netease Music, if you've been already running it, please shut it down and re-launch it.

    Have a try on the play of a list, and keep an eye on how Proxifier responds.

    • Finally, switch Shadowsocks to Manual Mode.

Fault Detection & Optimization

  • Fault detection
  • On the second day right after I set up the server, the Shadowsocks service is not available. My first reaction was to connect the server and perform a reboot since the service has been added to the boot list after its first installation and I believe something may be wrong with the server. However, it still didn't work. I find nothing wrong with the serivce, and also the status is fine.

    I find through mobile celluar data, I can have access to the proxy service, while I just can't once switching back to Wi-Fi or Lan on computer, making the phenomenon even more weird. I started to blaming the ISP (Internet Service Provider) for their blocking my server's IP.

    ![Public and Private IP](/content/images/2017/04/Aliyun_Server_IP.png)

    After several minutes' calm deduction, I checked the configuration script of Shadowsocks service in the server, finding that the server section writes "0.0.0.0". I know this is not correct, I manually change it to the server's IP, 120.**.**.**, it still didn't work. And finally I find servers provided by Aliyun, just like ones by Amazon Cloud, are equipped with a private local IP, which is 172.**.**.**, reminding me the same situation I've encountered several years ago dealing with Amazon EC2 VPS. I changed again the server to this local private IP, resulting in a sucess eventually.

  • Optimization (Stay Tuned)
  • One promising speed up method I've been using on GFW scenarios is to adopt Kcptun, official Github Project can be found here. And tutorials can also be found online. This mechenism consumes, as stated, about 20%~30% more data transfer in order to attain a higher speed and less latency, which remains a task to put into action. But so far since the bandwidth of the server is up to 100Mbps, quite adequate for online browsing and even downloading.

Lastly

Wish you like it. And don't forget to leave a comment below.

You’ve successfully subscribed to Benny
Welcome back! You’ve successfully signed in.
Great! You’ve successfully signed up.
Your link has expired
Success! Check your email for magic link to sign-in.