Skip to content
Yuhaiin Docs

Shadowsocks

[!NOTE] This document is partially generated by AI.

Shadowsocks is a high-performance, cross-platform secured proxy protocol. In yuhaiin, it is implemented as an outbound-only protocol.

Network Support

Section titled “Network Support”
  • TCP: Supported natively.
  • UDP: Supported natively.
    • NAT Type: Full-Cone NAT. Supports multiple remote targets through a single local port association.

Outbound Configuration

Section titled “Outbound Configuration”

When configuring a Shadowsocks outbound, the following fields are required within the shadowsocks protocol block:

Configuration Fields

Section titled “Configuration Fields”
  • method (string): The encryption algorithm used to secure the traffic.
    • Examples: aes-128-gcm, aes-256-gcm, chacha20-ietf-poly1305, xchacha20-ietf-poly1305.
    • Details: AEAD ciphers are highly recommended for better security and performance.
  • password (string): The secret key used for encryption. This must match the password configured on your Shadowsocks server.

Protocol Chain Context

Section titled “Protocol Chain Context”

Shadowsocks is usually part of a protocol chain. A typical configuration includes a simple layer to specify the server’s physical address:

  • simple layer fields:
    • host (string): Server IP or hostname.
    • port (int): Server port (e.g., 8388).

Optional Plugins

Section titled “Optional Plugins”

Additional obfuscation can be added via supplementary protocols in the chain:

  • HTTP Obfuscation (obfs_http):
    • host (string): The fake Host header to present to the network.
    • port (string): The port used by the obfuscation layer.
  • V2Ray Plugin: Configured by adding websocket or quic layers to the protocol chain.

Example Configuration

Section titled “Example Configuration”
{
  "name": "My-SS-Client",
  "protocols": [
    {
      "simple": {
        "host": "ss-server.example.com",
        "port": 8388
      }
    },
    {
      "shadowsocks": {
        "method": "aes-256-gcm",
        "password": "your-password"
      }
    }
  ]
}

Developer Details

Section titled “Developer Details”

Implementation

Section titled “Implementation”

Shadowsocks in yuhaiin implements the standard AEAD specification. It functions as a wrapper around an underlying stream connection (usually provided by the simple dialer).

Section titled “Link Parsing”

yuhaiin can parse ss:// links. The user information part (method:password) is expected to be Base64 encoded. Format: ss://[BASE64_USERINFO]@[HOST]:[PORT]#[REMARKS]