Raspberry pi 3 has quad core Arm A53 64-bit high performance CPU and 1GB of RAM. The dream candidate for real-time encryption and decryption.

LEDE is a Linux distribution for embedded devices. Therefore, it’s well known to be good at networking and extensibility.

The GFW is getting stronger. People fighting for freedom should look for alternative methods other than VPN to circumvent the high wall.

Shadowsocks aims to provide lightweight SOCK5 proxy with strong encryption to anonymize internet traffic.

KCPTunnel uses Forward Error Correction in congestion with UDP to overcome slow network speed over TCP in a high delay and congested network environment.

I want to say thank you to all the せんぱい for their hard work to make this happen.

Let’s get started!

Install LEDE on rpi3

Go to LEDE to download the image and flash it on a micro SD card.

The flash tool for Windows is Win32DiskImager.

Connect to rpi3

After first boot, you should be able to connect via ethernet to the rpi. The address is 192.168.1.1 by default.

Install Shadowsocks

shadowsocks-libev provides ss-redir and ss-tunnel to redirect internet traffic and DNS requests.

luci-app-shadowsocks provides simple GUI based on LUCI.

Install ChinaDNS

ChinaDNS prevents DNS pollution and returns correct DNS query intelligently.

Install KCPTunnel

KCPTunnel speeds up network transfer rate, with a cost of more network traffic.

Link everything together

Change dnsmasq settings to make al DNS requests go through ChinaDNS.
Set-up KCPTun client to connect to the remote KCPTun server.
Go to shadowsocks luci configuration page to enable global proxy to the local KCPTun client.
UDP packages cannot go through KCPTun, ss-tunnel should go directly to the remote ss-server.
Set-up ChinaDNS’s one of upstream servers to be the ss-tunneled 8.8.8.8, the other server to be 114.114.114.114.

Backup rpi3 image

Next time your rpi3 breaks, you can just restore the backed-up image.

Use Win32Imager.

Tick Read Only Allocated Partitions to reduce image size.