Before we start

Configure client side

Open the client .ovpn file.

Add this line to use SOCKS5 proxy on localhost port 1080.

socks-proxy 127.0.0.1 1080

Add this line to skip routing the connection to Shadowsocks server via OpenVPN.

route SHADOWSOCKS_SERVER_IP 255.255.255.255 net_gateway

Add necessary routing if you needed. For example, this skips connection in LAN connecting via OpenVPN.

route 192.168.0.0 255.255.0.0 net_gateway

Eventually your .opvn file will look like below:

client
dev tun
proto tcp
remote [OPENVPN_SERVER_IP] [OPENVPN_SERVER_PORT]
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
ignore-unknown-option block-outside-dns
block-outside-dns
verb 3

socks-proxy 127.0.0.1 1080
route SHADOWSOCKS_SERVER_IP 255.255.255.255 net_gateway
route 192.168.0.0 255.255.0.0 net_gateway

<ca>
...
</ca>
<cert>
...
</cert>
<key>
...
</key>
<tls-crypt>
...
</tls-crypt>

To connect:

sudo openvpn --config client.ovpn

To connect OpenVPN automatically after boot, change the filename from .ovpn to .conf, and move the file to /etc/openvpn/client/

sudo mv client.opvn /etc/openvpn/client.conf

Enable and start the service.

sudo systemctl enable [email protected]
sudo systemctl start [email protected]