# Shadowsocks-rust — Fast Encrypted SOCKS5 Proxy in Rust > Shadowsocks-rust is the Rust implementation of the Shadowsocks protocol, a lightweight encrypted proxy designed to bypass network restrictions. It offers high performance, modern cipher support, and cross-platform compatibility. ## Install Save in your project root: # Shadowsocks-rust — Fast Encrypted SOCKS5 Proxy in Rust ## Quick Use ```bash # Install via cargo cargo install shadowsocks-rust # Start server ssserver -s "[::]:8388" -m "aes-256-gcm" -k "your-password" # Start local client sslocal -b "127.0.0.1:1080" -s "server-ip:8388" -m "aes-256-gcm" -k "your-password" ``` ## Introduction Shadowsocks is a secure split-proxy protocol that encrypts traffic between a local SOCKS5 client and a remote server. The Rust implementation delivers memory-safe, high-throughput performance and supports the latest AEAD 2022 ciphers. ## What Shadowsocks-rust Does - Runs an encrypted SOCKS5 proxy with a lightweight protocol designed to resist traffic analysis - Supports AEAD ciphers (AES-256-GCM, ChaCha20-Poly1305) and the newer AEAD-2022 specification - Provides both client (`sslocal`) and server (`ssserver`) binaries in one package - Handles TCP and UDP relay for full protocol coverage - Supports multi-server configurations with automatic load balancing ## Architecture Overview The client listens locally as a SOCKS5 or HTTP proxy, encrypts outbound traffic with a symmetric cipher, and forwards it to the remote server over TCP or UDP. The server decrypts and forwards requests to their destination. The AEAD-2022 protocol adds replay protection and header encryption. The Rust async runtime (Tokio) handles thousands of concurrent connections efficiently. ## Self-Hosting & Configuration - Install via cargo, pre-built binaries, or Docker (`ghcr.io/shadowsocks/ssserver-rust`) - Configuration via JSON file or command-line flags - Server requires only a port, password, and cipher selection - ACL (Access Control List) rules can bypass the proxy for specific destinations - Supports SIP003 plugins like v2ray-plugin for traffic obfuscation over WebSocket/TLS ## Key Features - AEAD-2022 cipher support with per-session subkeys and replay protection - Multi-server load balancing with latency-based selection - UDP relay support including UDP-over-TCP for restricted networks - Plugin system (SIP003/SIP003u) for transport obfuscation - DNS resolution over the tunnel to prevent DNS leaks ## Comparison with Similar Tools - **V2Ray/Xray** — multi-protocol proxy with more transport options; Shadowsocks-rust is simpler and lighter - **Trojan** — TLS-based proxy mimicking HTTPS traffic; Shadowsocks uses its own lighter protocol - **WireGuard** — full VPN tunneling all system traffic; Shadowsocks is a per-application SOCKS5 proxy - **TUIC** — QUIC-based proxy for lower latency; Shadowsocks-rust supports TCP and UDP but not QUIC natively - **Original Python/Go Shadowsocks** — functional but slower; the Rust version offers better throughput and memory safety ## FAQ **Q: Is Shadowsocks a VPN?** A: No. It is a SOCKS5 proxy that encrypts traffic per-application. Use it with a system-wide proxy setting or tools like `proxychains` to route all traffic through it. **Q: What cipher should I use?** A: `2022-blake3-aes-256-gcm` for the latest spec with replay protection, or `aes-256-gcm` for maximum client compatibility. **Q: Can I run both client and server on the same machine for testing?** A: Yes. Point sslocal at 127.0.0.1 where ssserver listens. This is useful for validating configurations before deploying to a remote server. **Q: How does Shadowsocks compare to a commercial VPN?** A: Shadowsocks gives you full control over the server and protocol, with no logging by third parties. It requires you to provision and maintain your own server. ## Sources - https://github.com/shadowsocks/shadowsocks-rust - https://shadowsocks.org --- Source: https://tokrepo.com/en/workflows/asset-93e9acea Author: AI Open Source