Introduction

From one month ago, my ISP implemented a mechanism to throttle any encrypted traffic on TCP or UDP and that upgrade affected my ShadowSocks Proxy which i use to tunnel my VPN and escape censorship.

ShadowSocks & VPN speed became very slow and connection became unstable.

After some investigation for alternative, i have found Cloak.

Cloak is an encrypted proxy utilize HTTPS as Transport Layer.

Cloak consist of two software packages

• Cloak Proxy: Responsible for HTTPS transmission and mainly uses Plain encryption (No Encryption)
• ShadowSocks Proxy: Responsible for encryption and tunneled throw Cloak proxy.

After implementing Cloak in my internal network as global proxy for the firewall (OPNSense), i have been able to bypass the ISP throttling because HTTPS throttling is very hard task for the ISP.

In this article i will explain how to setup Cloak in your network.

For more understanding about OPNSense & ShadowSocks review this article [OPNSENSE + NORDVPN + SHADOWSOCKS (ULTIMATE SECURITY)]

Requirments

• Buy Linode Debian VPS (5$/Month)
• Install Cloak Server on Linode

Technical Steps

1) Create new Linode VPS with Linux Debian Template (Guide)

Note: Linode cloud offer multiple plans (affect CPU,RAM,Traffic Quota, Inbound/Outbound Traffic Bandwidth) so choose what you need. the lowest price shared plan (5$) is very good plan and can meet a personal/home traffic needs.

2) Lets Install Clock Server on Linode VPS

• First connect to the VPS you created using SSH with Root account.
• Run this script on the VPS shell and follow the installer straight forward.

curl -o Cloak-Installer.sh -L https://git.io/fj5mh && bash Cloak-Installer.sh

3) Confirm that Cloak and ShadowSocks installed successfully from Linux Services

4) Goto “/etc/cloak” on the server and take “shadowsocks.json” on your local machine for client setup later.

5) Lets setup the client on another machine in your internal network which will be used as proxy gateway.

• Build a Ubuntu machine in your internal network or use existing machine.
• Install the latest Cloak client on your Ubuntu machine
• Create json file for client configuration and name it “ckclient.json” (use VIM Editor for that)
• Use this below template to build your configuration, and the required data exist in “shadowsocks.json” we just downloaded earlier.

{
  "Transport": "direct",
  "ProxyMethod": "shadowsocks",
  "EncryptionMethod": "plain",
  "UID": "From ShadowSocks Json Server",
  "PublicKey": "From ShadowSocks Json Server",
  "ServerName": "From ShadowSocks Json Server",
  "NumConn": 4,
  "BrowserSig": "chrome",
  "StreamTimeout": 300,
  "KeepAlive": 5
}

6) To start the client you need to use this shell command. Note: modify your paths if required

/root/ck-client-linux-amd64-v2.5.4 -s [Remote IP] -p [Remote Port] -i [Local IP] -l [Local Port] -c /root/ckclient.json

• [Remote IP] is the server IP on Linode
• [Remote Port] is the server port. always is 443 to appear like HTTPS
• [Local IP] is the local machine IP which exposed in your internal network. for example 192.168.1.6
• [Local Port] is the local machine port which your internal ShadowSocks client will connect to in your internal network.

7) To confirm that your Cloak client is working after running the previous command, you have to see this lines on your shell

Starting standalone mode
Listening on TCP [Local IP]:[Local Port] for shadowsocks client
Attempting to start a new session
Session [Number] established

8) Now the last step is to connect your ShadowSocks client to your Cloak client. In this step i will show you my configuration on my OPNSense firewall but this configuration is the same in any ShadowSocks client

Congratulations, Now you can connect to your ShadowSocks proxy normally and Transmit your data over Cloak on HTTPS

Last thing, there are more optimizations for Cloak server & client for achieving more stealth, performance & autostart with OS, but in this article I’m explaining the basic steps for the beginners.