Jump to content
Not connected, Your IP: 18.97.14.83
Sign in to follow this  
zimbabwe

AmneziaWG config patcher

Recommended Posts

I've made a Linux shell script for batch-conversion of WireGuard .conf files making them AmneziaWG (awg) compatible:
https://github.com/zimbabwe303/awg_conf_patch

When patching it shuffles the H1..4 parameters; to re-shuffle you can just re-run it over the same files again. It also can shorten .conf file names generated with the AirVPN config generator to facilitate their usage with the 3rd-party smartphone WireGuard clients such as WG Tunnel (which uses AmneziaWG instead of the vanilla WireGuard).

Share this post


Link to post
@zimbabwe, wow, didn't realize AirVPN could work with AmneziaWG.
So, the difference seems to be just this block of variables in the [Interface] section?
Jc = 50
Jmin = 5
Jmax = 1500
S1 = 0
S2 = 0
H1 = 2
H2 = 4
H3 = 1
H4 = 3
Is this all part of Wireguard, or is this a custom extension by Amnezia?
Are these variables officially documented somewhere?
 

Share this post


Link to post
On 12/5/2024 at 10:10 PM, Nonsense said:
@zimbabwe, wow, didn't realize AirVPN could work with AmneziaWG.
So, the difference seems to be just this block of variables in the [Interface] section?

Jc = 50
Jmin = 5
Jmax = 1500
S1 = 0
S2 = 0
H1 = 2
H2 = 4
H3 = 1
H4 = 3
Is this all part of Wireguard, or is this a custom extension by Amnezia?
Are these variables officially documented somewhere?
 

It's the custom extension by Amnezia.
Here are their forks of the WireGuard daemon, kernel module and tools:

https://github.com/amnezia-vpn/amneziawg-go (daemon)
https://github.com/amnezia-vpn/amneziawg-linux-kernel-module (optional, works slightly faster)
https://github.com/amnezia-vpn/amneziawg-tools (CLI tools)

Here is the description of the parameters:
Jc=50      # Junk packet count
Jmin=5     # Junk packet minimum size
Jmax=1500  # Junk packet maximum size
S1=0       # Init packet junk size
S2=0       # Response packet junk size
H1=1       # Init packet magic header
H2=2       # Response packet magic header
H3=3       # Transport packet magic header
H4=4       # Underload packet magic header
To use the S1 and S2 parameters you have to have the forks installed on the server as well, thus they are set to 0 to make it work with the original Wireguard server daemons.

The method which is used here is basically the same that is used by many VPN-less DPI circumvention tools popular in Russia (GoodbyeDPI, ByeDpi, Zapret, SpoofDPI, etc.): putting junk packets before the actual handshake. The method is crude, of course, but works, at least for the today's generation of DPI boxes. It's good that WireGuard uses UDP only, for TCP a lot more is needed, hence all the intricate methods used by GoodbyeDPI, ByeDpi and especially Zapret.

Share this post


Link to post
@zimbabwe, this is quite educational, thanks :)
During my time in Russia, I was using my own VPS with Amnezia containers installed, not knowing I could use AirVPN.


Alas, I'm not sure AmneziaWG is gonna hold out for much longer.
By the end, it was no longer working on my mobile carrier connection (still worked via home ISP though) and I had to switch to XRAY.
Here's hoping VPN providers start focusing more on obfuscation, because censorship is only gonna tighten everywhere...

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...