Back to blog
January 19, 2026Guides

How to Set Up Shadowsocks on VPS to Bypass Censorship

Step-by-step guide to installing and configuring Shadowsocks on Hiddence VPS for secure and fast internet censorship bypass.

How to Set Up Shadowsocks on VPS to Bypass Censorship

Shadowsocks is one of the most effective tools for bypassing internet censorship, especially popular in countries with strict restrictions. Unlike traditional VPNs, Shadowsocks uses a SOCKS5 proxy with encryption, making its traffic virtually indistinguishable from regular HTTPS. This guide will show you how to deploy your own Shadowsocks server on a Hiddence VPS in 10 minutes.

Why Shadowsocks?

  • Stealth: Traffic is masked as regular HTTPS connections, difficult to detect by DPI systems
  • Speed: Less overhead compared to VPN, near-native speed
  • Flexibility: Works at application level, can be configured for specific programs
  • Cross-platform: Clients for Windows, macOS, Linux, Android, iOS
  • Open source: Complete code transparency and security

Requirements

  • Hiddence VPS (minimum 1 GB RAM, any Linux OS)
  • Ubuntu 22.04 or 24.04 (recommended)
  • Root access to the server
  • SSH client for connection
  • 5-10 minutes of your time

Installing Shadowsocks-Rust (Recommended)

We'll use the shadowsocks-rust implementation — the fastest and most modern version, written in Rust.

Step 1: Prepare the System

bash
# Connect to server via SSH
ssh root@your-server-ip

# Update system
sudo apt update && sudo apt upgrade -y

# Install necessary packages
sudo apt install curl wget -y

Step 2: Install Shadowsocks-Rust

bash
# Download latest version
wget $(curl -s https://api.github.com/repos/shadowsocks/shadowsocks-rust/releases/latest | grep 'browser_download_url.*x86_64-unknown-linux-gnu.tar.xz' | cut -d '"' -f 4)

# Extract archive
tar -xvf shadowsocks-*.tar.xz

# Move binaries to system directory
sudo mv ssserver /usr/local/bin/
sudo mv sslocal /usr/local/bin/
sudo chmod +x /usr/local/bin/ss*

# Verify installation
ssserver --version

Step 3: Configuration

bash
# Create directory for configuration
sudo mkdir -p /etc/shadowsocks

# Create configuration file
sudo nano /etc/shadowsocks/config.json

# Insert the following configuration:
{
    "server": "0.0.0.0",
    "server_port": 8388,
    "password": "YOUR_STRONG_PASSWORD_HERE",
    "timeout": 300,
    "method": "chacha20-ietf-poly1305",
    "fast_open": true,
    "mode": "tcp_and_udp",
    "nameserver": "8.8.8.8"
}

# Replace YOUR_STRONG_PASSWORD_HERE with a strong password
# Can generate: openssl rand -base64 32

# Recommended encryption methods:
# chacha20-ietf-poly1305 (Recommended) — balance of speed and security
# aes-256-gcm — AES standard
# aes-128-gcm — faster, for mobile
# 2022-blake3-aes-256-gcm — newest SS2022

Step 4: Auto-start

Let's create a systemd service for automatic Shadowsocks startup on system boot.

bash
# Create service file
sudo nano /etc/systemd/system/shadowsocks.service

# Insert:
[Unit]
Description=Shadowsocks-Rust Server
After=network.target

[Service]
Type=simple
User=root
ExecStart=/usr/local/bin/ssserver -c /etc/shadowsocks/config.json
Restart=on-failure
RestartSec=5s

[Install]
WantedBy=multi-user.target

# Save and activate service
sudo systemctl daemon-reload
sudo systemctl enable shadowsocks
sudo systemctl start shadowsocks

# Check status
sudo systemctl status shadowsocks

Step 5: Firewall

bash
# If using UFW
sudo ufw allow 8388/tcp
sudo ufw allow 8388/udp
sudo ufw reload

# If using firewalld
sudo firewall-cmd --permanent --add-port=8388/tcp
sudo firewall-cmd --permanent --add-port=8388/udp
sudo firewall-cmd --reload

Step 6: Optimization

Let's configure the system for maximum connection speed.

bash
# Network stack optimization
sudo nano /etc/sysctl.conf

# Add to end of file:
# BBR congestion control
net.core.default_qdisc=fq
net.ipv4.tcp_congestion_control=bbr

# Increase buffers
net.core.rmem_max=134217728
net.core.wmem_max=134217728
net.ipv4.tcp_rmem=4096 87380 67108864
net.ipv4.tcp_wmem=4096 65536 67108864
net.ipv4.tcp_mtu_probing=1

# Fast Open
net.ipv4.tcp_fastopen=3

# Apply changes
sudo sysctl -p

Step 7: Clients

After setting up the server, you need to connect client devices. Detailed instructions for each platform below.

Windows Client

1. Download and Installation

Go to shadowsocks/shadowsocks-windows GitHub page and download the latest version (Shadowsocks-x.x.x.zip file). Extract the archive to any folder and run Shadowsocks.exe.

2. Adding Server

Right-click the Shadowsocks icon in the system tray (near the clock) and select Servers > Edit Servers. Fill in the details:

3. Enable Proxy

Right-click tray icon > System Proxy > Global (to proxy all traffic) or PAC (automatic mode for blocked sites). Enable 'Enable System Proxy'. Done! All your traffic now goes through Shadowsocks.

Android Client

1. App Installation

Install 'Shadowsocks' by Max Lv from Google Play Store or download APK from GitHub (shadowsocks/shadowsocks-android). Open the app after installation.

2. Adding Profile

Tap the '+' (plus) button in the bottom right corner. Select 'Manual Settings'. Fill in the fields:

3. Connection

Tap the paper plane icon at the bottom of the screen to connect. On first connection, Android will request permission to create a VPN connection — tap 'OK'. After connecting, a key icon will appear in the status bar.

iOS Client

1. App Installation

Open the App Store and search for 'Shadowrocket' (paid, ~$3) or 'Potatso Lite' (free). Shadowrocket is more functional and stable. Install the app.

2. Server Configuration

For Shadowrocket: open the app, tap '+' in the top right corner. Select Type: Shadowsocks. Fill in:

3. Activate Connection

Toggle the switch next to the server name to ON. iOS will ask for permission to add VPN configuration — confirm the action (may require Face ID / Touch ID). Status 'Connected' means successful connection.

macOS Client

1. Install ShadowsocksX-NG

Download ShadowsocksX-NG from GitHub (shadowsocks/ShadowsocksX-NG/releases). Open the DMG file and drag the application to the Applications folder. Launch ShadowsocksX-NG.

2. Add Server

Click the plane icon in the menu bar (top right). Select Servers > Server Preferences. Click '+' to add a new server:

3. Enable Proxy

Click the menu bar icon > Turn Shadowsocks On. Select proxy mode: 'Auto Proxy Mode' (recommended, uses PAC for smart routing) or 'Global Mode' (all traffic through proxy). Done!

Bonus: Multi-User Setup

If you want to share the server with friends or family, use multi-port configuration.

bash
# Edit configuration
sudo nano /etc/shadowsocks/config.json

# Use format with ports for different users:
{
    "servers": [
        {
            "server": "0.0.0.0",
            "server_port": 8388,
            "password": "user1_password",
            "method": "chacha20-ietf-poly1305"
        },
        {
            "server": "0.0.0.0",
            "server_port": 8389,
            "password": "user2_password",
            "method": "chacha20-ietf-poly1305"
        },
        {
            "server": "0.0.0.0",
            "server_port": 8390,
            "password": "user3_password",
            "method": "chacha20-ietf-poly1305"
        }
    ],
    "timeout": 300,
    "mode": "tcp_and_udp"
}

# Don't forget to open new ports in firewall
sudo ufw allow 8389:8390/tcp
sudo ufw allow 8389:8390/udp

# Restart service
sudo systemctl restart shadowsocks

Advanced: Using Obfuscation Plugins

For additional protection against DPI, use plugins that mask Shadowsocks traffic.

v2ray-plugin (Recommended)

bash
# Install v2ray-plugin
wget https://github.com/shadowsocks/v2ray-plugin/releases/download/v1.3.2/v2ray-plugin-linux-amd64-v1.3.2.tar.gz
tar -xvf v2ray-plugin-*.tar.gz
sudo mv v2ray-plugin_linux_amd64 /usr/local/bin/v2ray-plugin
sudo chmod +x /usr/local/bin/v2ray-plugin

# Update Shadowsocks configuration
{
    "server": "0.0.0.0",
    "server_port": 443,
    "password": "your_password",
    "method": "chacha20-ietf-poly1305",
    "plugin": "/usr/local/bin/v2ray-plugin",
    "plugin_opts": "server;tls;host=your-domain.com;cert=/path/to/cert.pem;key=/path/to/key.pem"
}

# On client add:
# Plugin: v2ray-plugin
# Plugin Options: tls;host=your-domain.com

Troubleshooting

Common Issues and Solutions

  • Can't connect: Check firewall and ensure port is open
  • Slow connection: Try different encryption method (aes-128-gcm is faster)
  • Periodic disconnections: Enable TCP Fast Open and BBR
  • Server gets blocked: Use obfuscation plugin and port 443
  • Check logs: sudo journalctl -u shadowsocks -f

Security Tips

  • Use strong password (minimum 20 characters, random)
  • Regularly update Shadowsocks to latest version
  • Don't share server details publicly — only with trusted people
  • Change default port (8388) to non-standard
  • Use modern encryption methods (chacha20-ietf-poly1305 or newer)
  • Consider using obfuscation plugin in regions with active censorship
  • Monitor traffic usage: sudo apt install vnstat && vnstat -l
  • Set up automatic system updates