VXVX Docs

Shadowsocks

Shadowsocks and Shadowsocks 2022 configuration

Classic Shadowsocks and Shadowsocks 2022 use different protobuf messages, configured via the Any field in inbound protocol / outbound protocol.

Shadowsocks (classic)

Proto: protos/proto/vx/proxy/shadowsocks/shadowsocks.proto

Supports TCP and UDP.

ShadowsocksCipherType

AES_128_GCM
0
AES_256_GCM
1
CHACHA20_POLY1305
2
NONE
3

Use enum names in JSON (for example "cipherType": "CHACHA20_POLY1305"). NONE means no payload encryption, typically used only when combined with outer TLS, etc.

ShadowsocksServerConfig

cipherType
ShadowsocksCipherType

Encryption algorithm

ivCheck
bool

When true, enable IV replay detection (Bloom filter) and reject duplicate IVs

user
UserConfig

Single user; secret is the Shadowsocks password

experimentReducedIvHeadEntropy
bool

Experimental option: map the first 6 bytes of the IV to printable characters, reducing IV entropy for certain traffic disguise scenarios

{
  "@type": "type.googleapis.com/vx.proxy.shadowsocks.ShadowsocksServerConfig",
  "cipherType": "CHACHA20_POLY1305",
  "ivCheck": true,
  "user": { "secret": "your-password" }
}

ShadowsocksClientConfig

cipherType
ShadowsocksCipherType

Must match the server cipherType

password
string

Pre-shared key (PSK), same as the server user.secret

{
  "@type": "type.googleapis.com/vx.proxy.shadowsocks.ShadowsocksClientConfig",
  "cipherType": "CHACHA20_POLY1305",
  "password": "your-password"
}

Shadowsocks 2022

Proto: protos/proto/vx/proxy/shadowsocks2022/shadowsocks2022.proto

AEAD 2022 implementation based on sing-shadowsocks. Supported method values:

  • 2022-blake3-aes-128-gcm — PSK 16 bytes
  • 2022-blake3-aes-256-gcm — PSK 32 bytes
  • 2022-blake3-chacha20-poly1305 — PSK 32 bytes

The PSK can be valid base64 (with the required length); otherwise the core derives the required length from the plaintext password using BLAKE3.

Shadowsocks2022ServerConfig

method
string

Cipher suite string (see supported list above)

user
UserConfig

Single user; secret is the PSK (base64 or plaintext; client-side handling is the same)

networks
Network[]

Allowed networks (TCP, UDP, etc.). When empty, defaults to TCP and UDP.

{
  "@type": "type.googleapis.com/vx.proxy.shadowsocks2022.Shadowsocks2022ServerConfig",
  "method": "2022-blake3-aes-128-gcm",
  "user": { "secret": "base64-or-raw-key" }
}

Shadowsocks2022ClientConfig

method
string

Must match the server method

key
string

PSK / key material, same as the server user.secret

{
  "@type": "type.googleapis.com/vx.proxy.shadowsocks2022.Shadowsocks2022ClientConfig",
  "method": "2022-blake3-aes-128-gcm",
  "key": "base64-or-raw-key"
}

Comments

On this page

Shadowsocks (classic)ShadowsocksCipherTypeShadowsocksServerConfigShadowsocksClientConfigShadowsocks 2022Shadowsocks2022ServerConfigShadowsocks2022ClientConfigRelated