Skip to content

yury-sannikov/addon-amnezia-wireguard

 
 

Repository files navigation

AmneziaWG

AmneziaWG (AmneziaWireGuard) is a fork of the regular WireGuard-Go with the addition of functions to bypass blocking and reduce the likelihood of protocol detection. One of the key features of AmneziaWG is backward compatibility with WireGuard. This means that when using AmneziaWG, unless the configuration specifies specific parameters for protocol obfuscation, it will act as a standard WireGuard.

What's special?

Before the session starts, the client sends several packets with random data (the number of such packets Jc and their minimum and maximum size in bytes Jmin, Jmax is set in the config)

The header of the handshake packet (Initiator to Responder) and the response packet (Responder to Initiator) have been changed; these values are also set in the config (H1 and H2)

Init handshake packets additionally have garbage at the beginning of the data, the dimensions are determined by the values of S1 and S2. (by default, the initial handshake packet has a fixed size (148 bytes), after adding garbage, its size will be 148 + the length of random bytes).

The header of data packages and special “Under Load” packages has been changed - H4 and H3, respectively. More details about the new custom fields:

  • junk_packet_count Jc (Junk packet count) - the number of packets with random data that are sent before the start of the session
  • junk_packet_min_size JMin (Junk packet minimum size) - minimum packet size for Junk packet. That is, all randomly generated packets will have a size no less than Jmin
  • junk_packet_max_size JMax (Junk packet maximum size) - maximum size for Junk packets
  • init_packet_junk_size S1 (Init packet junk size) - the size of random data that will be added to the init packet, the size of which is initially fixed
  • response_packet_junk_size S2 (Response packet junk size) - the size of random data that will be added to the response, the size of which is initially fixed
  • init_packet_magic_header H1 (Init packet magic header) - header of the first byte of the handshake
  • response_packet_magic_header H2 (Response packet magic header) - header of the first byte of the handshake response
  • transport_packet_magic_header H3 (Transport packet magic header) - header of the transmitted data packet
  • uload_packet_magic_header H4 (Underload packet magic header) - UnderLoad packet header

As you can guess, the headings H1, H2, H3, H4 should be different. If you set Jc, S1 and S2 to zero, then there will be no garbage.

NOTE: A regular WG server can work with the AmneziaWG configuration in which Jc, Jmin, Jmax are set, and the remaining fields are zero. Thus, the AWG client will simply send garbage packets before init packets, which has absolutely no effect on the operation of the WG protocol, but may confuse DPI.


Home Assistant Community Add-on: WireGuard

GitHub Release Project Stage License

Supports armhf Architecture Supports armv7 Architecture Supports aarch64 Architecture Supports amd64 Architecture Supports i386 Architecture

Github Actions Project Maintenance GitHub Activity

Discord Community Forum

Sponsor Frenck via GitHub Sponsors

Support Frenck on Patreon

WireGuard: fast, modern, secure VPN tunnel.

About

WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache.

It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general-purpose VPN for running on embedded interfaces and supercomputers alike, fit for many different circumstances.

Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable, including via an Hass.io add-on!

WireGuard is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and the simplest VPN solution in the industry.

📚 Read the full add-on documentation

Support

Got questions?

You have several options to get them answered:

You could also open an issue here GitHub.

Contributing

This is an active open-source project. We are always open to people who want to use the code or contribute to it.

We have set up a separate document containing our contribution guidelines.

Thank you for being involved! 😍

Authors & contributors

The original setup of this repository is by Franck Nijhof.

For a full list of all authors and contributors, check the contributor's page.

We have got some Home Assistant add-ons for you

Want some more functionality to your Home Assistant instance?

We have created multiple add-ons for Home Assistant. For a full list, check out our GitHub Repository.

License

MIT License

Copyright (c) 2019-2023 Franck Nijhof

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

About

WireGuard - Home Assistant Community Add-ons

Resources

License

Code of conduct

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Shell 69.4%
  • Jinja 17.5%
  • Dockerfile 13.1%