Shadowsocks on GCP with Debian 9

Prepare your GCP account

Get your own Gmail account registered.

Get a Credit Card VISA/Master/AE

login to

Agree to the T&C

On Getting Started, click TRY FREE banner.

Choose Country and Agree ToS

Choose Account Type to Individual

Fill in Address

Fill in Credit Card info for verification

By now your GCP account been activated.

Create Firewall Rules

on left menu, find VPC network under NETWORKING

Click on Firewall rules, it will take a while to get ready the Compute Engine

Create a Firewall rule

assign a Name

change Targets to All instances in the network

Source IP ranges to

Protocols and ports: tcp: 7788 udp:7788 (or any number between 1024-65535) except 8388

Create VM instances

Click on Navigation menu, choose Compute Engine -> VM instances, Click Create

Assign a Name for your VM

Region: asia-east1 or asia-east2

Machine type: g1-small

Boot disk: Debian GNU/Linux 9 (stretch)

under Firewall session, click on blue expand down double arrow, click on Networking tag. Click the pencil under Network interfaces, with expended Network interface, click Ephemeral under External IP, Select Create IP address. Assign a Name for the static IP, then click reserve. Click Done with Network interface. Click Create

After few seconds, your VM instance been created.

Your public IP address can be found under External IP.

Install Shadowsocks

Click SSH on the right to your new VM instance.

enable interactive root access

sudo -i

Enable backports

nano /etc/apt/sources.list

add the following line at the bottom of the file.

deb stretch-backports main

press Ctrl+X then Y, Enter to save the updates

apt update

update the system

apt-get update
apt-get upgrade

Press Y, Enter

Install rng-tools

apt-get install rng-tools

Modify RND devices

nano /etc/default/rng-tools

add to last line


Press Ctrl+x, Y Enter to save

Reboot system


Wait for few mins, press enter

enable interactive root access

sudo -i

Install Shadowsocks-libev

apt -t stretch-backports install shadowsocks-libev

Press Y, Enter

Modify the configuration file

nano /etc/shadowsocks-libev/config.json

Replace with your own server port (the one you assigned in Firewall Rules) and your own password


Save and exit by Ctrl+x, Y and Enter

Restart the shadwosocks then check the status

systemctl restart shadowsocks-libev
systemctl status shadowsocks-libev

enable auto-start at boot time

systemctl enable shadowsocks-libev

Now your Shadowsocks on GCP shall work.

Something more - Enable BBR

Remain in the sudo mode

echo "net.core.default_qdisc=fq">>/etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control=bbr">>/etc/sysctl.conf

take the change active

sysctl -p

To Check the result

sysctl net.ipv4.tcp_available_congestion_control

The result should looks like

net.ipv4.tcp_available_congestion_control = bbr cubic reno