High level of protection
Cryptographic algorithm resistant to date is used for encryption AES-256-GCM
Bypass of the blockings
Full access to YouTube content, Unblocking of FaceBook, VKontakte and other social networks.
Large number of countries!
When connecting, you will be assigned an IP-address of the server you have chosen!

Telegram

Subscribe to our Telegram channel and get all important service news as quickly and conveniently as possible!

Read More...

Twitter

Fresh feed of news via Twitter!

Worldwide IT and security news via our Twitter by MultiVPN...

Read More...

Blog MultiVPN

Official MultiVPN Blog. Top news of MultiVPN service, updates, files and rest urgent important information!

Read More...

Using ShadowSocks and OpenVPN on Fedora Linux

This instruction is intended to bypass DPI (deep packet inspection) locks using the example of Fedora Linux OS.

Download the ShadowSocks.zip archive.

https://multivpn.su/files/ShadowSocks.zip

It is necessary to download the archive from the service site using a browser, because Anti-DDoS tools will not allow you to do this via wget, curl and other download managers.
It is assumed that the archive will be saved in /home/user/Downloads/ShadowSocks.zip

Open a terminal. First of all, you should get superuser rights:


  [[email protected] ~]$ su
  Password:
  [[email protected] user]# id
  uid=0(root) gid=0(root) groups=0(root)
  [[email protected] user]#

Update your system:


  [[email protected] user]# dnf -y update
  Last metadata expiration check: 2:42:35 ago on Sat 06 Mar 2021 12:21:18 PM EST.
  Dependencies resolved.
  Nothing to do.
  Complete!
  [[email protected] user]#

Check if you have OpenVPN installed:


  [[email protected] user]# openvpn --version
  OpenVPN 2.4.10 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Dec 9 2020
  library versions: OpenSSL 1.1.1i FIPS 8 Dec 2020, LZO 2.10
  Originally developed by James Yonan
  Copyright (C) 2002-2018 OpenVPN Inc
  Compile time defines: enable_async_push=yes enable_comp_stub=no enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=yes enable_fragment=yes enable_iproute2=yes enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=yes enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no
  [[email protected] user]#

If there is no OpenVPN package, install it:


  [[email protected] user]# dnf -y install openvpn
  Last metadata expiration check: 0:02:20 ago on Sat 06 Mar 2021 03:32:39 PM EST.
  Package openvpn-2.4.10-1.fc32.x86_64 is already installed.
  Dependencies resolved.
  Nothing to do.
  Complete!
  [[email protected] user]#

Install the "shadowsocks-libev" package:


  [[email protected] user]# cd /etc/yum.repos.d/
  [[email protected] yum.repos.d]# wget https://copr.fedorainfracloud.org/coprs/librehat/shadowsocks/repo/fedora-30/librehat-shadowsocks-fedora-30.repo
  --2021-03-06 15:40:32-- https://copr.fedorainfracloud.org/coprs/librehat/shadowsocks/repo/fedora-30/librehat-shadowsocks-fedora-30.repo
  Resolving copr.fedorainfracloud.org (copr.fedorainfracloud.org)... 3.225.109.36, 2600:1f18:8ee:ae00:7029:de62:a198:cfd7
  Connecting to copr.fedorainfracloud.org (copr.fedorainfracloud.org)|3.225.109.36|:443... connected.
  HTTP request sent, awaiting response... 200 OK
  [there is a lot of cut text here]
  [[email protected] yum.repos.d]# dnf update
  Copr repo for shadowsocks owned by librehat
  Dependencies resolved.
  Nothing to do.
  Complete!
  [[email protected] yum.repos.d]# dnf -y install shadowsocks-libev
  Last metadata expiration check: 0:00:10 ago on Sat 06 Mar 2021 03:40:51 PM EST.
  Dependencies resolved.
  [there is a lot of cut text here]
  Complete!
  [[email protected] yum.repos.d]#

Go to "/home/user/Downloads/" and extract the ShadowSocks.zip archive:


  [[email protected] yum.repos.d]# cd /home/user/Downloads/
  [[email protected] Downloads]# unzip ShadowSocks.zip
  Archive: ShadowSocks.zip
  creating: ShadowSocks/
  [there is a lot of cut text here]
  [[email protected] Downloads]#

Transfer the contents of ShadowSocks to "/etc/openvpn/ShadowSocks/" and go to the specified directory:


  [[email protected] Downloads]# mv ShadowSocks /etc/openvpn/
  [[email protected] Downloads]# cd /etc/openvpn/ShadowSocks/
  [[email protected] ShadowSocks]# ls -la
  total 28
  drwxr-xr-x. 6 root root 4096 Mar 4 11:50 .
  drwxr-xr-x. 5 root root 4096 Mar 6 16:15 ..
  drwxr-xr-x. 4 root root 4096 Mar 4 11:49 ConfigFiles
  drwxr-xr-x. 2 root root 4096 Mar 4 11:49 json
  drwxr-xr-x. 2 root root 4096 Mar 4 11:49 OpenVPN
  -rw-r--r--. 1 root root 3013 Mar 4 12:02 ReadMe.txt
  drwxr-xr-x. 6 root root 4096 Mar 4 11:49 SSCapV4.0
  [[email protected] ShadowSocks]#

At this stage, the installation process is complete.
Next, we will connect to the OpenVPN server through ShadowSocks.
We need two terminals with superuser rights.
In this example, we will connect to the UA1 server in Ukraine.
In the current terminal we continue:

Change to the "json" directory, here are the configuration files for ShadowSocks:


  [[email protected] ShadowSocks]# cd json/
  [[email protected] json]# ls -la
  total 92
  drwxr-xr-x. 2 root root 4096 Mar 4 11:49 .
  drwxr-xr-x. 6 root root 4096 Mar 4 11:50 ..
  -rw-r--r--. 1 root root 168 Dec 29 06:33 AU1-ShadowSocks.json
  [there is a lot of cut text here]
  -rw-r--r--. 1 root root 166 Dec 29 06:34 UA1-ShadowSocks.json
  -rw-r--r--. 1 root root 165 Aug 31 2020 UK1-ShadowSocks.json
  -rw-r--r--. 1 root root 167 Dec 29 06:34 US1-ShadowSocks.json
  -rw-r--r--. 1 root root 168 Dec 29 06:34 US2-ShadowSocks.json
  [[email protected] json]#

We start ShadowSocks in the terminal to let OpenVPN traffic through an obfuscated connection (in this case, the UA1 connection server - Ukraine):


  [[email protected] json]# ss-local -c UA1-ShadowSocks.json
  2021-03-06 16:26:22 INFO: initializing ciphers... aes-256-cfb
  2021-03-06 16:26:22 INFO: listening at 127.0.0.1:1080
  2021-03-06 16:26:22 INFO: running from root user

Don't close the ShadowSocks terminal. Open another terminal and get superuser rights:


  [[email protected] ~]$ su
  Password:
  [[email protected] user]# id
  uid=0(root) gid=0(root) groups=0(root)
  [[email protected] user]#

Go to the directory with the configuration files to connect to the OpenVPN server. In this example, a connection will be used according to the "OpenVPN" tariff plan (for the "DoubleVPN" tariff plan - the actions will be the same):


  [[email protected] user]# cd /etc/openvpn/ShadowSocks/ConfigFiles/
  [[email protected] ConfigFiles]# ls -la
  total 16
  drwxr-xr-x. 4 root root 4096 Mar 4 11:49 .
  drwxr-xr-x. 6 root root 4096 Mar 4 11:50 ..
  drwxr-xr-x. 23 root root 4096 Mar 4 11:49 DoubleVPN
  drwxr-xr-x. 2 root root 4096 Mar 4 11:49 OpenVPN
  [[email protected] ConfigFiles]# cd OpenVPN/
  [[email protected] OpenVPN]# ls -la
  total 260
  drwxr-xr-x. 2 root root 4096 Mar 4 11:49 .
  drwxr-xr-x. 4 root root 4096 Mar 4 11:49 ..
  -rw-r--r--. 1 root root 9755 Dec 29 05:27 SS-AU1-OpenVPN.ovpn
  [there is a lot of cut text here]
  -rw-r--r--. 1 root root 9743 Dec 29 05:52 SS-UA1-OpenVPN.ovpn
  -rw-r--r--. 1 root root 9743 Nov 12 23:53 SS-UK1-OpenVPN.ovpn
  -rw-r--r--. 1 root root 9751 Dec 29 06:00 SS-US1-OpenVPN.ovpn
  -rw-r--r--. 1 root root 9755 Dec 29 06:04 SS-US2-OpenVPN.ovpn
  [[email protected] OpenVPN]#

Since the obfuscated tunnel through ShadowSocks is open to the UA1 server - Ukraine, we will connect via OpenVPN to the identical UA1 server:


  [[email protected] OpenVPN]# openvpn SS-UA1-OpenVPN.ovpn
  Sat Mar 6 16:49:23 2021 Unrecognized option or missing or extra parameter(s) in SS-UA1-OpenVPN.ovpn:16: data-ciphers (2.4.10)
  Sat Mar 6 16:49:23 2021 OpenVPN 2.4.10 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Dec 9 2020
  Sat Mar 6 16:49:23 2021 library versions: OpenSSL 1.1.1i FIPS 8 Dec 2020, LZO 2.10
  Enter Auth Username: [email protected]
  Enter Auth Password:
  Sat Mar 6 16:49:30 2021 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
  Sat Mar 6 16:49:30 2021 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
  Sat Mar 6 16:49:30 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:1080
  Sat Mar 6 16:49:30 2021 Socket Buffers: R=[131072->131072] S=[16384->16384]
  Sat Mar 6 16:49:30 2021 Attempting to establish TCP connection with [AF_INET]127.0.0.1:1080 [nonblock]
  Sat Mar 6 16:49:30 2021 TCP connection established with [AF_INET]127.0.0.1:1080
  Sat Mar 6 16:49:30 2021 TCP_CLIENT link local: (not bound)
  Sat Mar 6 16:49:30 2021 TCP_CLIENT link remote: [AF_INET]127.0.0.1:1080
  Sat Mar 6 16:49:30 2021 TLS: Initial packet from [AF_INET]127.0.0.1:1080, sid=5ccade37 f7cde01e
  Sat Mar 6 16:49:31 2021 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, name=EasyRSA, [email protected]
  Sat Mar 6 16:49:31 2021 VERIFY KU OK
  Sat Mar 6 16:49:31 2021 Validating certificate extended key usage
  Sat Mar 6 16:49:31 2021 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
  Sat Mar 6 16:49:31 2021 VERIFY EKU OK
  Sat Mar 6 16:49:31 2021 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=server, name=EasyRSA, [email protected]
  Sat Mar 6 16:49:33 2021 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 4096 bit RSA
  Sat Mar 6 16:49:33 2021 [server] Peer Connection Initiated with [AF_INET]127.0.0.1:1080
  Sat Mar 6 16:49:34 2021 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
  Sat Mar 6 16:49:34 2021 PUSH: Received control message: 'PUSH_REPLY,route 192.168.9.0 255.255.255.0,redirect-gateway def1,dhcp-option DNS 192.71.244.22,dhcp-option DNS 54.39.94.211,block-outside-dns,route 192.168.9.1,topology net30,ping 10,ping-restart 120,ifconfig 192.168.9.6 192.168.9.5,peer-id 0,cipher AES-256-GCM'
  Sat Mar 6 16:49:34 2021 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:5: block-outside-dns (2.4.10)
  Sat Mar 6 16:49:34 2021 OPTIONS IMPORT: timers and/or timeouts modified
  Sat Mar 6 16:49:34 2021 OPTIONS IMPORT: --ifconfig/up options modified
  Sat Mar 6 16:49:34 2021 OPTIONS IMPORT: route options modified
  Sat Mar 6 16:49:34 2021 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
  Sat Mar 6 16:49:34 2021 OPTIONS IMPORT: peer-id set
  Sat Mar 6 16:49:34 2021 OPTIONS IMPORT: adjusting link_mtu to 1627
  Sat Mar 6 16:49:34 2021 OPTIONS IMPORT: data channel crypto options modified
  Sat Mar 6 16:49:34 2021 Data Channel: using negotiated cipher 'AES-256-GCM'
  Sat Mar 6 16:49:34 2021 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
  Sat Mar 6 16:49:34 2021 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
  Sat Mar 6 16:49:34 2021 ROUTE_GATEWAY 10.0.2.2/255.255.255.0 IFACE=enp0s3 HWADDR=08:00:27:ea:5d:49
  Sat Mar 6 16:49:35 2021 TUN/TAP device tun0 opened
  Sat Mar 6 16:49:35 2021 TUN/TAP TX queue length set to 100
  Sat Mar 6 16:49:35 2021 /sbin/ip link set dev tun0 up mtu 1500
  Sat Mar 6 16:49:35 2021 /sbin/ip addr add dev tun0 local 192.168.9.6 peer 192.168.9.5
  Sat Mar 6 16:49:37 2021 /sbin/ip route add 127.0.0.1/32 via 10.0.2.2
  Sat Mar 6 16:49:37 2021 /sbin/ip route add 0.0.0.0/1 via 192.168.9.5
  Sat Mar 6 16:49:37 2021 /sbin/ip route add 128.0.0.0/1 via 192.168.9.5
  Sat Mar 6 16:49:37 2021 /sbin/ip route add 5.188.6.103/32 via 10.0.2.2
  Sat Mar 6 16:49:37 2021 /sbin/ip route add 192.168.9.0/24 via 192.168.9.5
  Sat Mar 6 16:49:37 2021 /sbin/ip route add 192.168.9.1/32 via 192.168.9.5
  Sat Mar 6 16:49:37 2021 Initialization Sequence Completed

OpenVPN will ask for a login and password to connect:


  Enter Auth Username: <<< Here enter your E-Mail from your personal account
  Enter Auth Password: <<< Any password or nothing

Do not close the console with the OpenVPN app and ShadowSocks as long as you want to use an OpenVPN connection.

Most likely, you will need to configure DNS servers for your connection: NS1 - 192.71.244.22 and NS2 - 54.39.94.211.

If you want to disconnect from the OpenVPN server, in the terminal with the OpenVPN application, press the key combination Ctrl+C


  ^CSat Mar 6 17:05:59 2021 event_wait : Interrupted system call (code=4)
  Sat Mar 6 17:05:59 2021 /sbin/ip route del 5.188.6.103/32
  Sat Mar 6 17:05:59 2021 /sbin/ip route del 192.168.9.0/24
  Sat Mar 6 17:05:59 2021 /sbin/ip route del 192.168.9.1/32
  Sat Mar 6 17:05:59 2021 /sbin/ip route del 127.0.0.1/32
  Sat Mar 6 17:05:59 2021 /sbin/ip route del 0.0.0.0/1
  Sat Mar 6 17:05:59 2021 /sbin/ip route del 128.0.0.0/1
  Sat Mar 6 17:05:59 2021 Closing TUN/TAP interface
  Sat Mar 6 17:05:59 2021 /sbin/ip addr del dev tun0 local 192.168.9.6 peer 192.168.9.5
  Sat Mar 6 17:05:59 2021 SIGINT[hard,] received, process exiting
  [[email protected] OpenVPN]#

Now, you can quit ShadowSocks. Press the key combination Ctrl+C in the corresponding terminal.


Linux instructions