Shadowsocks

If your provider does not implement our VPNGUI API, you can create Shadowsocks connections manually as described below.

File format

Our sample configuration file server.shadowsocks:

remote 23.38.20.31:8000
cipher chacha20
onetimeauth yes
;vpngui setproxy
;vpngui dns 8.8.8.8
;vpngui dns 8.8.4.4
blist excludefromvpn.com
blist 192.168.0.0/16
blist /^https?:\\/\\/([^\\/]+\\.)*excludefromvpn\\.(com|net|org)\\/.*/
wlist includeinvpn.com
wlist 172.217.0.0/16
wlist /^https?:\\/\\/([^\\/]+\\.)*includeinvpn\\.(com|net|org)\\/.*/

Parameters

  • remote: the IP address or hostname followed by the port number of the Shadowsocks server.
  • cipher: the encryption cipher to use. VPNGUI supports:
    • chacha20-ietf-poly1305
    • aes-256-gcm
    • chacha20
    • chacha20-ietf
    • aes-128-cfb
    • aes-256-cfb
  • onetimeauth: yes to enable one time authentication, no to disable it.
  • ;vpngui setproxy: tells VPNGUI to configure your system-proxy settings.
  • ;vpngui dns: the IP address of the DNS server to use. Optional.
  • blist: exclude from VPN based on domain name, IP address or regular expression.
  • wlist: include in VPN based on domain name, IP address or regular expression.
  • Important: you can use blist OR wlist. You cannot use both at the same time.

Secret

The Shadowsocks secret is not specified in the configuration file. VPNGUI will ask you for the secret the first time you connect to the Shadowsocks server.