Installation and connection through ShadowSocks in Linux

Warning!!! Commands which start from '#' should be executed by root-user. '$' sign means that command should be executed by common user.

Python and ShadowSocks installation

Debian-based Linux

$ sudo apt-get install python
$ sudo apt-get install python-pip
$ sudo pip install shadowsocks

RH-based Linux

# yum install python python-pip
# pip install shadowsocks

Configuring and starting ShadowSocks

The standard client config of ShadowSocks for DeepWebVPN has name shadowsocks.json and consists of:
{
"server":"111.222.333.444",
"server_port":51688,
"local_address": "127.0.0.1",
"local_port":1080
"password":"shadowsocks",
"timeout":600,
"method":"aes-256-cfb"
}

Where 111.222.333.444 is IP of the first VPN server in a chain. The configs are unique not for the chain, but for the incoming server. In other words the config file is the same for chains SingleECC_DE1 and DoubleRSA_DE1_NL1.

ShadowSocks configs are available here: https://cabinet.deepwebvpn.net/downloads/shadowsocks and http://deepwebvpnvvotmw.onion/downloads/shadowsocks.

ShadowSocks starting

# sslocal -c /path/to/shadowsocks.json
and daemon mode:
# sslocal -c /path/to/shadowsocks.json -d start
Where /path/to/shadowsocks.json should be replaced by the path of the specific config.

VPN connection through ShadowSocks

Editing VPN config

The standard VPN config (.ovpn) of DeepWebVPN contains:
client
dev tun
remote-random
remote 111.222.333.444 1194
remote 111.222.333.444 1001

#uncomment if using ShadowSocks
#socks-proxy 127.0.0.1 1080
#route 111.222.333.444 255.255.255.255 net_gateway


proto tcp-client
tls-client
comp-lzo yes
...
It is necessary to uncomment the lines following after #uncomment if using ShadowSocks to use ShadowSocks. Open the ovpn-config in a text editor and just remove # like shown below:
client
dev tun
remote-random
remote 111.222.333.444 1194
remote 111.222.333.444 1001

#uncomment if using ShadowSocks
socks-proxy 127.0.0.1 1080
route 111.222.333.444 255.255.255.255 net_gateway


proto tcp-client
tls-client
comp-lzo yes
...

VPN connection

Be sure that ShadowSocks is running and it is using suitable config. The connection process repeats the usual connection to the VPN, only that it is using edited config (previous step).
# openvpn SingleRSA_EXAMPLESERVER1.ovpn
Sat Jan  6 07:41:52 2018 OpenVPN 2.3.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Nov 12 2015
Sat Jan  6 07:41:52 2018 library versions: OpenSSL 1.0.1t  3 May 2016, LZO 2.08
Enter Auth Username: ********
Enter Auth Password: ********
Sat Jan  6 07:41:57 2018 Control Channel Authentication: tls-auth using INLINE static key file
Sat Jan  6 07:41:57 2018 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sat Jan  6 07:41:57 2018 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sat Jan  6 07:41:57 2018 Socket Buffers: R=[87380->87380] S=[16384->16384]
Sat Jan  6 07:41:57 2018 Attempting to establish TCP connection with [AF_INET]127.0.0.1:1080 [nonblock]
Sat Jan  6 07:41:57 2018 TCP connection established with [AF_INET]127.0.0.1:1080
Sat Jan  6 07:41:57 2018 TCPv4_CLIENT link local: [undef]
Sat Jan  6 07:41:57 2018 TCPv4_CLIENT link remote: [AF_INET]127.0.0.1:1080
Sat Jan  6 07:41:57 2018 TLS: Initial packet from [AF_INET]127.0.0.1:1080, sid=a4aa6a8b ec36beaa
Sat Jan  6 07:41:57 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Jan  6 07:41:57 2018 VERIFY OK: depth=1, CN=exampleserver-rsa
Sat Jan  6 07:41:57 2018 Validating certificate key usage
Sat Jan  6 07:41:57 2018 ++ Certificate has key usage  00a0, expects 00a0
Sat Jan  6 07:41:57 2018 VERIFY KU OK
Sat Jan  6 07:41:57 2018 Validating certificate extended key usage
Sat Jan  6 07:41:57 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sat Jan  6 07:41:57 2018 VERIFY EKU OK
Sat Jan  6 07:41:57 2018 VERIFY OK: depth=0, CN=exampleserver-rsa-server
Sat Jan  6 07:42:08 2018 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sat Jan  6 07:42:08 2018 Data Channel Encrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Sat Jan  6 07:42:08 2018 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sat Jan  6 07:42:08 2018 Data Channel Decrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Sat Jan  6 07:42:08 2018 Control Channel: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 4096 bit RSA
Sat Jan  6 07:42:08 2018 [exampleserver-rsa-server] Peer Connection Initiated with [AF_INET]127.0.0.1:1080
Sat Jan  6 07:42:10 2018 SENT CONTROL [exampleserver-rsa-server]: 'PUSH_REQUEST' (status=1)
Sat Jan  6 07:42:13 2018 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.100.0.1,redirect-gateway def1,route-gateway 10.100.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.100.0.2 255.255.255.0'
Sat Jan  6 07:42:13 2018 OPTIONS IMPORT: timers and/or timeouts modified
Sat Jan  6 07:42:13 2018 OPTIONS IMPORT: --ifconfig/up options modified
Sat Jan  6 07:42:13 2018 OPTIONS IMPORT: route options modified
Sat Jan  6 07:42:13 2018 OPTIONS IMPORT: route-related options modified
Sat Jan  6 07:42:13 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sat Jan  6 07:42:13 2018 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=wlan0 HWADDR=00:1b:9e:de:89:67
Sat Jan  6 07:42:13 2018 TUN/TAP device tun0 opened
Sat Jan  6 07:42:13 2018 TUN/TAP TX queue length set to 100
Sat Jan  6 07:42:13 2018 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Jan  6 07:42:13 2018 /sbin/ip link set dev tun0 up mtu 1500
Sat Jan  6 07:42:13 2018 /sbin/ip addr add dev tun0 10.100.0.2/24 broadcast 10.100.0.255
Sat Jan  6 07:42:13 2018 /sbin/ip route add 127.0.0.1/32 via 192.168.0.1
Sat Jan  6 07:42:13 2018 /sbin/ip route add 0.0.0.0/1 via 10.100.0.1
Sat Jan  6 07:42:13 2018 /sbin/ip route add 128.0.0.0/1 via 10.100.0.1
Sat Jan  6 07:42:13 2018 /sbin/ip route add 111.222.333.444/32 via 192.168.0.1
Sat Jan  6 07:42:13 2018 Initialization Sequence Completed