If you have heard of Surge app, which is an ‘Advanced Network Toolbox for Mac & iOS’, you probably also know Snell protocol. It is a proxy service to encrypt your network transmission (Maybe some other usages too). You must have Surge iOS or Surge Mac and a VPS to use the Snell proxy service.
It’s not an open-sourced project, so we can’ know the technical details behind it. It has the following advantages stated by the developer:
- Extreme performance.
- Traffic obfuscating is embedded (HTTP & TLS).
- The proxy server will report remote errors to the client if encounters. Clients may choose countermeasures for different scenarios.
Installation
Quick start
- Download the binary from the Release page.
- Decompress and execute the binary. A wizard will guide you to generate a new config.
- Re-execute the binary to start service.
- Add a proxy line in Surge iOS or Surge Mac (The latest beta version is required)
Proxy = snell, [SERVER ADDRESS], [GENERATED PORT], psk=[GENERATED PSK], obfs=http
Manual Installation
The tutorial is inspired by Leo and You’s post. Before start, you need to have wget
and unzip
to help the installation (Search on Google, there are lots of ways to install those two packages).
Firstly, download the latest release from the official page.
wget https://github.com/surge-networks/snell/releases/download/v1.1.1/snell-server-v1.1.1-linux-amd64.zip
Unzip the downloaded file:
unzip snell-server-v1.1.1-linux-amd64.zip
Move the binary:
mv snell-server /usr/local/bin/
Write system service:
# if you don't have this path, create first
mkdir -r /usr/lib/systemd/system/
# create service
touch /usr/lib/systemd/system/snell.service
# file content, tested on Debian 8 with Linux kernel 4.9
[Unit]
Description=Snell Proxy Service
After=network.target
[Service]
Type=simple
User=nobody
Group=nogroup
LimitNOFILE=32768
ExecStart=/usr/local/bin/snell-server -c /etc/snell-server.conf
[Install]
WantedBy=multi-user.target
Create the configuration file (you may change the listen port, the password, and the obfuscating method):
touch /etc/snell-server.conf
# content of the configuration
[snell-server]
listen = 0.0.0.0:9090
psk = password
obfs = http
Finally, start the Snell service:
systemctl daemon-reload
systemctl start snell
Client Configuration
There are two ways to configure the client. The first one is to use the GUI provided by the client. Choose the correct protocol, VPS address, port, PSK password, and obfuscating method in Surge iOS and Surge Mac. You can change the obfuscating host as you wish.
Another way is to write directly to the Surge client’s configuration file according to your Snell service set up:
Proxy = snell, [SERVER ADDRESS], [GENERATED PORT], psk=[GENERATED PSK], obfs=http
Usages
Command | Description |
---|---|
systemctl start snell | Start service |
systemctl restart snell | Restart service |
systemctl status snell | Check service status |