Amnezia flavoured WireGuard

[ignoramous]

A user writes,

This will be an extremely convenient option for residents of countries such as China, Russia, Egypt, and other countries where the usual Wireguard is blocked by communication operators or supervisory authorities.

Brief information on the parameters from the developers themselves:

"AmneziaWG (AmneziaWireGuard) is a fork of the WireGuard-Go with added features to bypass blocking and reduce the probability of protocol detection. One of the key features of AmneziaWG is backward compatibility with WireGuard. This means that when using AmneziaWG, unless specific parameters for protocol obfuscation are specified in the configuration, it will work like standard WireGuard.

• Before starting a session the client sends several packets with random data (the number of such packets Jc and their minimum and maximum size in bytes Jmin, Jmax is set in the config).
• The header of handshake packet (Initiator to Responder) and response packet (Responder to Initiator) has been changed, these values are also set in config (H1 and H2).
• Handshake init packets additionally have garbage at the beginning of the data, the sizes are determined by S1 and S2 values. (by default, the handshake init packet has a fixed size (148 bytes), after adding garbage its size will be 148 + size of random bytes).
• The header of data packets and special “Under Load” packets has been changed - H4 and H3 respectively.

More details about new customizable fields:

   Jc (Junk packet count) - number of packets with random data that are sent before the start of the session
   Jmin (Junk packet minimum size) - minimum packet size for Junk packet. That is, all randomly generated packets will have a size no smaller than Jmin.
   Jmax (Junk packet maximum size) - maximum size for Junk packets
   S1 (Init packet junk size) - the size of random data that will be added to the init packet, the size of which is initially fixed.
   S2 (Response packet junk size) - the size of random data that will be added to the response packet, the size of which is initially fixed.
   H1 (Init packet magic header) - the header of the first byte of the handshake
   H2 (Response packet magic header) - header of the first byte of the handshake response
   H4 (Transport packet magic header) - header of the packet of the data packet
   H3 (Underload packet magic header) - UnderLoad packet header."

Refs:

• https://github.com/amnezia-vpn/amneziawg-go
• https://github.com/amnezia-vpn/amneziawg-android
• https://play.google.com/store/apps/details?id=org.amnezia.awg

[ignoramous]

Also:

• Bepass flavour Wireguard #1408
• Advanced security amnezia-vpn/amneziawg-go#2

[ignoramous]

This stands done, and will be part of the next version, v055o.

Amnezia-flavour WireGuard profiles will be specially marked (with a chip or a badge) in the UI, if set up.

We prioritised implementing this after seeing Amnezia banned in the country where it has been the most effective; Russia.