段落1、需求描述
在服务器上通过apt-get install shadowsocks-libev安装了Shadowsocks,算法设置为aes-128-gcm,重启服务端,查看状态,发现
ERROR: Invalid cipher name: aes-128-gcm, use rc4-md5 instead
报错提示的意思是,加密算法,本版本的服务端不支持,用rc4-md5这个简单算法代替了
段落2、分析
查看服务器端的shadowsocks的版本
root@c501:~# ss-server -help shadowsocks-libev 2.6.3 with mbed TLS 2.4.2 maintained by Max Lv <max.c.lv@gmail.com> and Linus Yang <laokongzi@gmail.com> usage: ss-server -s <server_host> Host name or IP address of your remote server. -p <server_port> Port number of your remote server. -l <local_port> Port number of your local server. -k <password> Password of your remote server. -m <encrypt_method> Encrypt method: table, rc4, rc4-md5, aes-128-cfb, aes-192-cfb, aes-256-cfb, aes-128-ctr, aes-192-ctr, aes-256-ctr, bf-cfb, camellia-128-cfb, camellia-192-cfb, camellia-256-cfb, cast5-cfb, des-cfb, idea-cfb, rc2-cfb, seed-cfb, salsa20 and chacha20. The default cipher is rc4-md5.
可以看到,我这台服务器上,通过apt-get install shadowsocks-libev安装的版本是2.6.3,支持的加密算法为
rc4, rc4-md5, aes-128-cfb, aes-192-cfb, aes-256-cfb, aes-128-ctr, aes-192-ctr, aes-256-ctr, bf-cfb, camellia-128-cfb, camellia-192-cfb, camellia-256-cfb, cast5-cfb, des-cfb, idea-cfb, rc2-cfb, seed-cfb, salsa20 and chacha20
简单点说,就是没有带AEAD算法的库, 自己编译安装一下就行
段落3、需补充安装的Mbed-TLS和libsodium两个项目的信息
libsodium 项目地址 https://github.com/jedisct1/libsodium
Mbed-TLS 项目地址 https://github.com/Mbed-TLS/mbedtls
Shadowsocks-libev 项目地址 https://github.com/shadowsocks/shadowsocks-libev
写这篇文章的时间是 2022-4-5 13:59,当前最新的版本
Mbed-TLS 2.28.0,这个用2.X.X的最高版本
https://github.com/Mbed-TLS/mbedtls/archive/refs/tags/v2.28.0.tar.gz
libsodium 1.0.18
https://github.com/jedisct1/libsodium/releases/download/1.0.18-RELEASE/libsodium-1.0.18.tar.gz
shadowsocks-libev 3.3.5
段落4、实施部署
安装必要的依赖
apt-get update apt-get install gettext build-essential unzip gzip python3 curl openssl libssl-dev autoconf automake libtool gcc make perl cpio libpcre3 libpcre3-dev zlib1g-dev libev-dev libc-ares-dev
下载源代码
mkdir -p /root/src cd /root/src/ # Mbed-TLS 2.28.0 wget https://github.com/Mbed-TLS/mbedtls/archive/refs/tags/v2.28.0.tar.gz # libsodium 1.0.18 wget https://github.com/jedisct1/libsodium/releases/download/1.0.18-RELEASE/libsodium-1.0.18.tar.gz # shadowsocks-libev 3.3.5 wget https://github.com/shadowsocks/shadowsocks-libev/releases/download/v3.3.5/shadowsocks-libev-3.3.5.tar.gz
# 安装 Mbed-TLS 2.28.0 cd /root/src tar -zxf v2.28.0.tar.gz cd mbedtls-2.28.0 make SHARED=1 CFLAGS=-fPIC make DESTDIR=/usr install
# 安装 libsodium 1.0.18 cd /root/src tar -zxf libsodium-1.0.18.tar.gz cd libsodium-1.0.18 ./configure --prefix=/usr && make && make install ldconfig -p echo '/usr/lib' > /etc/ld.so.conf.d/usr_lib.conf ldconfig
# 安装 shadowsocks-libev 3.3.5 mkdir -p /etc/shadowsocks-libev cd /root/src tar -zxf shadowsocks-libev-3.3.5.tar.gz cd shadowsocks-libev-3.3.5 ./configure --prefix=/usr --disable-documentation && make && make install
# 配置服务,修改配置文件,设置开机启动 创建 /etc/systemd/system/shadowsocks-libev.service [Unit] Description=Shadowsocks-libev Default Server Service After=network-online.target network-online.target [Service] Type=simple LimitNOFILE=32768 ExecStart=/usr/bin/ss-server -c /etc/shadowsocks-libev/config.json CapabilityBoundingSet=CAP_NET_BIND_SERVICE [Install] WantedBy=multi-user.target
# 服务端的一个示例配置 /etc/shadowsocks-libev/config.json { "server":["[::0]", "0.0.0.0"], "server_port":16805, "local_port":1080, "password":"P1122330099", "timeout":60, "method":"aes-128-gcm", "nameserver":"1.1.1.1", "mode":"tcp_only", "ipv6_first": true }
# 如果不需要IPv6优先,则把对应规则删除即可 # 如果仅需要IPv4,监听为"0.0.0.0" # 如果要UDP,则mode为 tcp_and_udp # 服务端的一个示例配置 /etc/shadowsocks-libev/config.json { "server":"0.0.0.0", "server_port":16805, "local_port":1080, "password":"P1122330099", "timeout":60, "method":"aes-128-gcm", "nameserver":"1.1.1.1", "mode":"tcp_and_udp" }
# 如果不需要IPv6优先,则把对应规则删除即可 # 如果仅需要IPv4,监听为"0.0.0.0" # 如果要UDP,则mode为 tcp_and_udp # 如果需求为,国内服务器的,国内代理,nameserver需为国内的DNS服务器 # 服务端的一个示例配置 /etc/shadowsocks-libev/config.json { "server":"0.0.0.0", "server_port":16805, "local_port":1080, "password":"P1122330099", "timeout":60, "method":"aes-128-gcm", "nameserver":"114.114.114.114", "mode":"tcp_and_udp" }
支持的加密算法
Encrypt method: rc4-md5,
aes-128-gcm, aes-192-gcm, aes-256-gcm,
aes-128-cfb, aes-192-cfb, aes-256-cfb,
aes-128-ctr, aes-192-ctr, aes-256-ctr,
camellia-128-cfb, camellia-192-cfb,
camellia-256-cfb, bf-cfb,
chacha20-ietf-poly1305,
xchacha20-ietf-poly1305,
salsa20, chacha20 and chacha20-ietf.
The default cipher is chacha20-ietf-poly1305
附录1、可能的报错
checking whether mbedtls supports Cipher Feedback mode or not… configure: error: MBEDTLS_CIPHER_MODE_CFB required
这个报错,说明mbedtls没有安装,或者mbedtls 没有用对2.X.Y版本
附录2、参考链接
参考链接 https://raw.githubusercontent.com/teddysun/shadowsocks_install/master/shadowsocks-all.sh
参考链接 https://github.com/shadowsocks/shadowsocks-libev/issues/663