add AmneziaWG kernel module support

[mozaroc]

You made a cool panel, but unfortunately the usual WireGuard is blocked in some countries, but there is an obfuscated version that works.
https://github.com/amnezia-vpn/amneziawg-linux-kernel-module
The differences are small, a few parameters in the configuration that need to be passed to the client and in the wg-quick=awg-quick commands. and the configuration is in /etc/amnezia/amneziawg

[NOXCIS]

Comment out the _checkWireguard funct calls in wgd.sh. More modification may be required, depends on the command args for amnezia-vpn

[donaldzou]

I'll need to checkout this repo and see what's the difference between WG and this.

[DaanSelen]

Is it also not possible to add a symlink to the awg-quick binary? From wg-quick to awg-quick.

[NOXCIS]

@DaanSelen Update im having kernel source issues trying to compile amnezia in an alpine docker container. However it is still widely compatible with WGDashboard. Requiring only the wg and wg-quick commands to be updated to the amnezia variants. Will try a debian build later on

[donaldzou]

Could someone explain to me what's the major difference plz?

[NOXCIS]

@donaldzou Not much, amnezia is just using a custom wireguard kernel module and wireguard-tools where the commands are "awg " and awg-quick , instead of "wg " and "wg-quick " and etc. My issue at the moment is building then damn thing on alpine in docker. The documentation is poor so i'm not quite understanding how wireguard DPI obfuscation is being done.

[EgorChadov]

I'm using amnezia-wg in docker cotainer.
Dockerfile:

FROM alpine:latest

RUN apk update && apk add --no-cache bash openrc iptables iptables-legacy iproute2 inotify-tools dumb-init
COPY --chmod=700 --chown=root:root ./awg0.conf /etc/wireguard/awg0.conf
COPY --chmod=755 --chown=root:root ./init.sh /bin/init.sh
COPY --from=amneziavpn/amnezia-wg:latest --chmod=755 /usr/bin/wireguard-go /usr/bin/wireguard-go
COPY --from=amneziavpn/amnezia-wg:latest --chmod=755 /usr/bin/wg-quick /usr/bin/wg-quick
COPY --from=amneziavpn/amnezia-wg:latest --chmod=755 /usr/bin/wg /usr/bin/wg

ENTRYPOINT [ "dumb-init", "/bin/init.sh" ]
CMD [ "" ]

init.sh

#!/bin/bash

echo "Container startup"

# kill daemons in case of restart
wg-quick down /etc/wireguard/awg0.conf

# start daemons if configured
if [ -f /etc/wireguard/awg0.conf ]; then (wg-quick up /etc/wireguard/awg0.conf); fi

tail -f /dev/null

and awg0conf:

[Interface]
Address = 10.20.10.1/24
Jc = 15
Jmin = 50
Jmax = 1000
S1 = 68
S2 = 149
H1 = 1156457265
H2 = 249435488
H3 = 1285847463
H4 = 1646644382
SaveConfig = true
PostUp = iptables -I INPUT -p udp --dport 55520 -j ACCEPT
PostUp = iptables -I FORWARD -i eth0 -o awg0 -j ACCEPT
PostUp = iptables -I FORWARD -i awg0 -j ACCEPT
PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostUp = ip6tables -I FORWARD -i awg0 -j ACCEPT
PostUp = ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D INPUT -p udp --dport 55520 -j ACCEPT
PostDown = iptables -D FORWARD -i eth0 -o awg0 -j ACCEPT
PostDown = iptables -D FORWARD -i awg0 -j ACCEPT
PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
PostDown = ip6tables -D FORWARD -i awg0 -j ACCEPT
PostDown = ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 55520
PrivateKey = 

[Peer]
PublicKey = 
AllowedIPs = 10.20.10.2/32
PersistentKeepalive = 25

As you can see the main change is some junk variables (Jc, Jmin, Jmax, S1, S2 and etc).

I tried using it with WGDashboard. On the settings page changed Configurations Directory and for now WGDashboard show my awg0 config with peers. But when I tried to add or update peers I got stuck with a problem.

1. WGDashboard rewrite awg0.conf and deletes all junk variable
2. WGDashboard doesn't save PrivateKey to peer and I can't download conf.
3. Then I need to fix config for server and for peer myself.

In the dashboard.py I replaced all 'wg' and 'wg-quick' commands to 'docker exec -i amnezia-wg (container name) wg....'

So, maybe you can help me with it? I can't understand when WGDashboard changes conf file, I just simply need to add junk variables and I then everything must work.

[NOXCIS]

@EgorChadov You have no idea how much head ache you saved me

[NOXCIS]

@EgorChadov can you link to the repo?

[EgorChadov]

@EgorChadov can you link to the repo?

https://github.com/EgorChadov/amneziawg-docker

Collected all the files I use on my server. I don't know how correct it is, but it works and I use it to bypass the blocking of classic Wireguard.

I add new peers manually. So far it has not been possible to combine this with WGDashboard, except as a display of stats and peers.

[NOXCIS]

@EgorChadov Nice work. Dont know if @donaldzou will implement it into WGDashboard, however i will be adding it as an option in Wiregate. for the sake of internet privacy in this day and age.

[EgorChadov]

@NOXCIS Yeah, you're right! Some governments heavily restrict the use of some VPN protocols.

You can also check out the Amnezia developer repository. Their scripts are more comprehensive, but I had enough of what I have now :)

But since your project is also quite powerful, maybe this will work best for you.

https://github.com/amnezia-vpn/amnezia-client/blob/dev/client/server_scripts/awg/Dockerfile

[NOXCIS]

Three lines is wild

[NOXCIS]

@EgorChadov Good news & bad news.

• Good news, I built a fedora based image that uses the kernel module and system links from the awg commands to the wg commands.
• Bad news, won't work or arm cpus.
• Wiregate Next release should have the AmneziaWG Docker Image as an option while being current with the 4.1 dev branch of WGDashboard on all aspects except the assbackwards docker implementation.

Overall it's been an interesting study in internet anonymity. In via obfuscated WireGuard and out through the tor network.