Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
SS-TUNNEL(1)		   Shadowsocks-libev Manual		  SS-TUNNEL(1)

       ss-tunnel - shadowsocks tools for local port forwarding,	libev port

       ss-tunnel [-uUv6] [-h|--help] [-s _server_host_]	[-p _server_port_] [-l
       _local_port_] [-k _password_] [-m _encrypt_method_] [-f _pid_file_] [-t
       _timeout_] [-c _config_file_] [-i _interface_] [-b _local_address_] [-a
       _user_name_] [-n	_nofile_] [-L addr:port] [--mtu	_MTU_] [--mptcp]
       [--reuse-port] [--no-delay] [--plugin _plugin_name_] [--plugin-opts
       _plugin_options_] [--key	_key_in_base64_]

       Shadowsocks-libev is a lightweight and secure socks5 proxy. It is a
       port of the original shadowsocks	created	by clowwindy.
       Shadowsocks-libev is written in pure C and takes	advantage of libev to
       achieve both high performance and low resource consumption.

       Shadowsocks-libev consists of five components. ss-tunnel(1) is a	tool
       for local port forwarding. See OPTIONS section for special option
       needed by ss-tunnel(1). For more	information, check out

       -s _server_host_
	   Set the server's hostname or	IP.

       -p _server_port_
	   Set the server's port number.

       -l _local_port_
	   Set the local port number.

       -k _password_, --password _password_
	   Set the password. The server	and the	client should use the same

       --key _key_in_base64_
	   Set the key directly. The key should	be encoded with	URL-safe

       -m _encrypt_method_
	   Set the cipher.

	   Shadowsocks-libev accepts 19	different ciphers:

	   aes-128-gcm,	aes-192-gcm, aes-256-gcm, rc4-md5, aes-128-cfb,
	   aes-192-cfb,	aes-256-cfb, aes-128-ctr, aes-192-ctr, aes-256-ctr,
	   bf-cfb, camellia-128-cfb, camellia-192-cfb, camellia-256-cfb,
	   chacha20-ietf-poly1305, xchacha20-ietf-poly1305, salsa20, chacha20
	   and chacha20-ietf.

	   The default cipher is chacha20-ietf-poly1305.

	   If built with PolarSSL or custom OpenSSL libraries, some of these
	   ciphers may not work.

       -a _user_name_
	   Run as a specific user.

       -f _pid_file_
	   Start shadowsocks as	a daemon with specific pid file.

       -t _timeout_
	   Set the socket timeout in seconds. The default value	is 60.

       -c _config_file_
	   Use a configuration file.

	   Refer to shadowsocks-libev(8) CONFIG	FILE section for more details.

       -n _number_
	   Specify max number of open files.

	   Only	available on Linux.

       -i _interface_
	   Send	traffic	through	specific network interface.

	   For example,	there are three	interfaces in your device, which is lo
	   (,	eth0 ( and eth1 ( Meanwhile,
	   you configure ss-tunnel to listen on and bind to eth1.
	   That	results	the traffic go out through eth1, but not lo nor	eth0.
	   This	option is useful to control traffic in multi-interface

       -b _local_address_
	   Specify the local address to	use while this client is making
	   outbound connections	to the server.

	   Enable UDP relay.

	   Enable UDP relay and	disable	TCP relay.

	   Resovle hostname to IPv6 address first.

       -L _addr:port_
	   Specify destination server address and port for local port

	   Only	used and available in tunnel mode.

       --mtu _MTU_
	   Specify the MTU of your network interface.

	   Enable Multipath TCP.

	   Only	available with MPTCP enabled Linux kernel.

	   Enable port reuse.

	   Only	available with Linux kernel > 3.9.0.

	   Enable TCP_NODELAY.

       --plugin	_plugin_name_
	   Enable SIP003 plugin. (Experimental)

       --plugin-opts _plugin_options_
	   Set SIP003 plugin options. (Experimental)

	   Enable verbose mode.

	   Print help message.

       ss-local(1), ss-server(1), ss-redir(1), ss-manager(1),
       shadowsocks-libev(8), iptables(8), /etc/shadowsocks-libev/config.json

Shadowsocks-libev 3.3.5		  03/01/2021			  SS-TUNNEL(1)


Want to link to this manual page? Use this URL:

home | help