How to add v2Ray Plugin to ShadowSocks (gl-ss)

Hi,

ShadowSocks got picked up by DPI (they have FortiGuard). I have added the v2ray plugin to my server, and routed it through CloudFlare.

But now I need to add the v2ray plugin to OpenWRT/gl-ss. Should I ditch the gl-ss and instead install manually the shadowsocks-libdev and v2ray plugin? I’d love to be able to keep the gl-ss installation and GUI front end, and only add the executable v2ray plugin to the config.

1 Like

Did you figure it out?

From my notes;

Using ss-local Client

The OpenWRT software (GL-AR300M) has gl-ss (Shadowsocks Client) available in the GUI packages.

Install the v2ray-plugin for OpenWRT

    1. Get the v2ray plugin for OpenWRT here; https://github.com/chenhw2/openwrt-v2ray-plugin/releases. It is the v2ray-plugin_*_ mips_24kc .ipk release.
    1. Copy the file to /tmp (this is FLASH memory), as there is not enough memory available on the main storage to install otherwise.
    1. Run the command opkg install v2ray-plugin_*_ mips_24kc .ipk
    1. The binary file is copied to /usr/bin

When you go to Tools | Advanced of OpenWRT will take you to the generic LuCI screens, where settings for Shadowsocks are more complete. You can enter plugin and plugin-opts here. When you enter the details, and start the SOCKS5 proxy, it loads the program like this;

ss-local –c -l 1080 -f /var/run/ss-local..pid

LuCI stores its configuration in /etc/config/shadowsocks.

The generated configuration is performed during the service start up. You can see how that is performed by looking in the /etc/init.d/shadowsocks file.

You can run ss-local as a daemon from the command prompt;

sudo ss-local -s server.example.com -p 443 –b 0.0.0.0 -l 1080 -m aes-256-cfb -k password -v --plugin v2ray-plugin --plugin-opts “tls;host=example.com” -f /var/run/ss-local.pid

ss-local is a normal SOCKS5 proxy. You need to configure clients to use it.

ss-redir is a transparent proxy. That means you don’t need to configure the clients to use it. As soon as traffic arrives at the router, it transports it via the proxy (transparently)

On Windows 10 Chrome; the ‘System Proxy’ must not be SOCKS5 (possibly SOCKS4?). To load Chrome with SOCKS5, start it like this;

chrome.exe --proxy-server=“socks5://proxy:1080”

1 Like

Thanks. I’ve been trying to get this to work but I keep getting this in my logs:

Fri Aug 23 14:58:29 2019 daemon.info ss-redir[13084]: initializing ciphers... chacha20-ietf-poly1305
Fri Aug 23 14:58:29 2019 daemon.info ss-redir[13084]: tcp port reuse enabled
Fri Aug 23 14:58:29 2019 daemon.info ss-redir[13084]: listening at 0.0.0.0:1234
Fri Aug 23 14:58:29 2019 daemon.info ss-redir[13084]: running from root user
Fri Aug 23 14:58:30 2019 daemon.err ss-redir[13084]: plugin service exit unexpectedly

Here’s how my client config looks like:

config general
	option startup_delay '0'

config transparent_proxy
	option udp_relay_server 'nil'
	option local_port '1234'
	option mtu '1492'
	list main_server 'nil'

config socks5_proxy
	list server 'nil'
	option local_port '1080'
	option mtu '1492'

config port_forward
	list server 'nil'
	option local_port '5300'
	option destination '8.8.4.4:53'
	option mtu '1492'

config servers
	option alias 'sample'
	option fast_open '0'
	option no_delay '0'
	option server '127.0.0.1'
	option server_port '8388'
	option timeout '60'
	option password 'barfoo!'
	option encrypt_method 'rc4-md5'

config access_control
	option self_proxy '1'
	option wan_bp_list '/etc/chinadns_chnroute.txt'
	option lan_target 'SS_SPEC_WAN_AC'

config servers
	option alias 'ls-hk1'
	option fast_open '0'
	option no_delay '0'
	option server 'MY SERVER IP'
	option server_port 'MY SERVER PORT'
	option timeout '60'
	option password 'MY SERVER PASSWORD'
	option encrypt_method 'chacha20-ietf-poly1305'
	option plugin 'v2ray-plugin'

Any idea what’s causing the error? I can run /usr/bin/v2ray-plugin --help fine.

Strangely, it is now working after adding loglevel=none to the plugin options. See https://github.com/shadowsocks/v2ray-plugin/issues/55