zimbabwe 22 Posted ... I've made a Linux shell script for batch-conversion of WireGuard .conf files making them AmneziaWG (awg) compatible: https://github.com/zimbabwe303/awg_conf_patch When patching it shuffles the H1..4 parameters; to re-shuffle you can just re-run it over the same files again. It also can shorten .conf file names generated with the AirVPN config generator to facilitate their usage with the 3rd-party smartphone WireGuard clients such as WG Tunnel (which uses AmneziaWG instead of the vanilla WireGuard). 3 H12345h12345, benfitita and Nonsense reacted to this Quote Share this post Link to post
Nonsense 0 Posted ... @zimbabwe, wow, didn't realize AirVPN could work with AmneziaWG. So, the difference seems to be just this block of variables in the [Interface] section? Jc = 50 Jmin = 5 Jmax = 1500 S1 = 0 S2 = 0 H1 = 2 H2 = 4 H3 = 1 H4 = 3 Is this all part of Wireguard, or is this a custom extension by Amnezia? Are these variables officially documented somewhere? Quote Share this post Link to post
zimbabwe 22 Posted ... On 12/5/2024 at 10:10 PM, Nonsense said: @zimbabwe, wow, didn't realize AirVPN could work with AmneziaWG. So, the difference seems to be just this block of variables in the [Interface] section? Jc = 50 Jmin = 5 Jmax = 1500 S1 = 0 S2 = 0 H1 = 2 H2 = 4 H3 = 1 H4 = 3 Is this all part of Wireguard, or is this a custom extension by Amnezia? Are these variables officially documented somewhere? It's the custom extension by Amnezia. Here are their forks of the WireGuard daemon, kernel module and tools: https://github.com/amnezia-vpn/amneziawg-go (daemon) https://github.com/amnezia-vpn/amneziawg-linux-kernel-module (optional, works slightly faster) https://github.com/amnezia-vpn/amneziawg-tools (CLI tools) Here is the description of the parameters: Jc=50 # Junk packet count Jmin=5 # Junk packet minimum size Jmax=1500 # Junk packet maximum size S1=0 # Init packet junk size S2=0 # Response packet junk size H1=1 # Init packet magic header H2=2 # Response packet magic header H3=3 # Transport packet magic header H4=4 # Underload packet magic header To use the S1 and S2 parameters you have to have the forks installed on the server as well, thus they are set to 0 to make it work with the original Wireguard server daemons. The method which is used here is basically the same that is used by many VPN-less DPI circumvention tools popular in Russia (GoodbyeDPI, ByeDpi, Zapret, SpoofDPI, etc.): putting junk packets before the actual handshake. The method is crude, of course, but works, at least for the today's generation of DPI boxes. It's good that WireGuard uses UDP only, for TCP a lot more is needed, hence all the intricate methods used by GoodbyeDPI, ByeDpi and especially Zapret. Quote Share this post Link to post
Nonsense 0 Posted ... @zimbabwe, this is quite educational, thanks During my time in Russia, I was using my own VPS with Amnezia containers installed, not knowing I could use AirVPN. Alas, I'm not sure AmneziaWG is gonna hold out for much longer. By the end, it was no longer working on my mobile carrier connection (still worked via home ISP though) and I had to switch to XRAY. Here's hoping VPN providers start focusing more on obfuscation, because censorship is only gonna tighten everywhere... Quote Share this post Link to post