AmneziaWG (WireGuard-Go fork)

[Caesar the Dictator]

AmneziaWG purports to be a modified WireGuard protocol to circumvent DPI devices/software/tools in cases where ISPs are blocking VPN services using DPI methods. Has anyone had a chance to look this project over? Would you consider releasing a community addon for Asuswrt-Merlin if it could be useful in circumventing censorship and if possible? It seems that community packages have already been released on routers supporting OpenWRT and KeeneticOS.

Working Principle:

AmneziaWG operates with backward compatibility. This means that the AmneziaWG implementation allows for modifications to certain static parameters in WireGuard, which are typically recognized by DPI systems. If these parameters are left at their default values (equal to 0), the protocol functions like standard WireGuard.

In AmneziaWG, headers of all packets have been modified:

Initiator to Responder.
Responder to Initiator.
Data packet.
Special "Under Load" packet – by default, random values are set, but these can be manually adjusted in the settings.

Since every user has different headers, it's nearly impossible to draft a universal tracking rule based on these headers to detect and block the protocol.

Another vulnerability of WireGuard lies in the sizes of its authentication packets.
In AmneziaWG, random bytes are appended to every auth packet to alter their size.
Thus, "init and response handshake packets" have added "junk" at the beginning of their data, the size of which is determined by the values S1 and S2.
By default, the initiating handshake packet has a fixed size (148 bytes). After adding the junk, its size becomes 148 bytes + S1.
AmneziaWG also incorporates another trick for more reliable masking. Before initiating a session, Amnezia sends a certain number of "junk" packets to thoroughly confuse DPI systems. The number of these packets and their minimum and maximum byte sizes can also be adjusted in the settings, using parameters Jc, Jmin, and Jmax.

AmneziaWG | Amnezia Docs

[AmneziaWG] is a contemporary version of the popular VPN protocol, WireGuard. It's a fork of [WireGuard-Go] and offers protection against detection by Deep Packet Inspection (DPI) systems. At the same time, it retains the simplified architecture and high performance of the original.

docs.amnezia.org

AmneziaWG installing

AmneziaWG for OpenWrt. Contribute to openwrt-xiaomi/awg-openwrt development by creating an account on GitHub.

github.com

Installing VPN with AmneziaWG on Keenetic routers | Amnezia Docs

This instruction is temporarily available only in Russian.

docs.amnezia.org

 

[Ripshod]

Though I currently have no issues with WG it would be interesting to see where this goes. Subbed

 

[torrnadojj5]

AmneziaWG seems to be doing a decent job bypassing the DPI in Russia so having an option to run it on a router would be great, especially when censorship is getting more and more severe in such countries.