翻墙程序：amnezia-client

 

Amnezia VPN Client (Desktop+Mobile)

amnezia.org 

The best client for self-hosted VPN

English 

Amnezia is an open-source VPN client, with a key feature that enables you to deploy your own VPN server on your server.

Website | Alt website link | Documentation | Troubleshooting

Tip

If the Amnezia website is blocked in your region, you can use an Alternative website link.

All releases

Features

• Very easy to use - enter your IP address, SSH login, password and Amnezia will automatically install VPN docker containers to your server and connect to the VPN.
• Classic VPN-protocols: OpenVPN, WireGuard and IKEv2 protocols.
• Protocols with traffic Masking (Obfuscation): OpenVPN over Cloak plugin, Shadowsocks (OpenVPN over Shadowsocks), AmneziaWG and XRay.
• Split tunneling support - add any sites to the client to enable VPN only for them or add Apps (only for Android and Desktop).
• Windows, MacOS, Linux, Android, iOS releases.
• Support for AmneziaWG protocol configuration on Keenetic beta firmware.

Links

• https://amnezia.org - Project website | Alternative link (mirror)
• https://docs.amnezia.org - Documentation
• https://www.reddit.com/r/AmneziaVPN - Reddit
• https://t.me/amnezia_vpn_en - Telegram support channel (English)
• https://t.me/amnezia_vpn_ir - Telegram support channel (Farsi)
• https://t.me/amnezia_vpn_mm - Telegram support channel (Myanmar)
• https://t.me/amnezia_vpn - Telegram support channel (Russian)
• https://vpnpay.io/en/amnezia-premium/ - Amnezia Premium

Tech

AmneziaVPN uses several open-source projects to work:

• OpenSSL
• OpenVPN
• Shadowsocks
• Qt
• LibSsh - forked from Qt Creator
• and more...

Checking out the source code

Make sure to pull all submodules after checking out the repo.

git submodule update --init --recursive

Building sources and deployment

Check deploy folder for build scripts.

How to build an iOS app from source code on MacOS

1. First, make sure you have XCode installed, at least version 14 or higher.

2. We use QT to generate the XCode project. We need QT version 6.6.2. Install QT for MacOS here or QT Online Installer. Required modules:

   • MacOS
   • iOS
   • Qt 5 Compatibility Module
   • Qt Shader Tools
   • Additional Libraries:
     • Qt Image Formats
     • Qt Multimedia
     • Qt Remote Objects

3. Install CMake if required. We recommend CMake version 3.25. You can install CMake here

4. You also need to install go >= v1.16. If you don't have it installed already, download go from the official website or use Homebrew. The latest version is recommended. Install gomobile

export PATH=$PATH:~/go/bin
go install golang.org/x/mobile/cmd/gomobile@latest
gomobile init

5. Build the project

export QT_BIN_DIR="<PATH-TO-QT-FOLDER>/Qt/<QT-VERSION>/ios/bin"
export QT_MACOS_ROOT_DIR="<PATH-TO-QT-FOLDER>/Qt/<QT-VERSION>/macos"
export QT_IOS_BIN=$QT_BIN_DIR
export PATH=$PATH:~/go/bin
mkdir build-ios
$QT_IOS_BIN/qt-cmake . -B build-ios -GXcode -DQT_HOST_PATH=$QT_MACOS_ROOT_DIR

Replace PATH-TO-QT-FOLDER and QT-VERSION to your environment

If you get gomobile: command not found make sure to set PATH to the location of the bin folder where gomobile was installed. Usually, it's in GOPATH.

export PATH=$(PATH):/path/to/GOPATH/bin

6. Open the XCode project. You can then run /test/archive/ship the app.

If the build fails with the following error

make: *** 
[$(PROJECTDIR)/client/build/AmneziaVPN.build/Debug-iphoneos/wireguard-go-bridge/goroot/.prepared] 
Error 1

Add a user-defined variable to both AmneziaVPN and WireGuardNetworkExtension targets' build settings with key PATH and value ${PATH}/path/to/bin/folder/with/go/executable, e.g. ${PATH}:/usr/local/go/bin.

if the above error persists on your M1 Mac, then most probably you need to install arch based CMake

arch -arm64 brew install cmake

Build might fail with the "source files not found" error the first time you try it, because the modern XCode build system compiles dependencies in parallel, and some dependencies end up being built after the ones that require them. In this case, simply restart the build.

How to build the Android app

Tested on Mac OS

The Android app has the following requirements:

• JDK 11
• Android platform SDK 33
• CMake 3.25.0

After you have installed QT, QT Creator, and Android Studio, you need to configure QT Creator correctly.

• Click in the top menu bar on QT Creator -> Preferences -> Devices and select the tab Android.
• Set path to JDK 11
• Set path to Android SDK ($ANDROID_HOME)

In case you get errors regarding missing SDK or 'SDK manager not running', you cannot fix them by correcting the paths. If you have some spare GBs on your disk, you can let QT Creator install all requirements by choosing an empty folder for Android SDK location and clicking on Set Up SDK. Be aware: This will install a second Android SDK and NDK on your machine!  Double-check that the right CMake version is configured:  Click on QT Creator -> Preferences and click on the side menu on Kits. Under the center content view's Kits tab, you'll find an entry for CMake Tool. If the default selected CMake version is lower than 3.25.0, install on your system CMake >= 3.25.0 and choose System CMake at <path> from the drop-down list. If this entry is missing, you either have not installed CMake yet or QT Creator hasn't found the path to it. In that case, click in the preferences window on the side menu item CMake, then on the tab Tools in the center content view, and finally on the button Add to set the path to your installed CMake.  Please make sure that you have selected Android Platform SDK 33 for your project: click in the main view's side menu on Projects, and on the left, you'll see a section Build & Run showing different Android build targets. You can select any of them, Amnezia VPN's project setup is designed in a way that all Android targets will be built. Click on the targets submenu item Build and scroll in the center content view to Build Steps. Click on Details at the end of the headline Build Android APK (the Details button might be hidden in case the QT Creator Window is not running in full screen!). Here we are: Choose android-33 as Android Build Platform SDK.

That's it! You should be ready to compile the project from QT Creator!

Development flow

After you've hit the build button, QT-Creator copies the whole project to a folder in the repository parent directory. The folder should look something like build-amnezia-client-Android_Qt_<version>_Clang_<architecture>-<BuildType>. If you want to develop Amnezia VPNs Android components written in Kotlin, such as components using system APIs, you need to import the generated project in Android Studio with build-amnezia-client-Android_Qt_<version>_Clang_<architecture>-<BuildType>/client/android-build as the projects root directory. While you should be able to compile the generated project from Android Studio, you cannot work directly in the repository's Android project. So whenever you are confident with your work in the generated project, you'll need to copy and paste the affected files to the corresponding path in the repository's Android project so that you can add and commit your changes!

You may face compiling issues in QT Creator after you've worked in Android Studio on the generated project. Just do a ./gradlew clean in the generated project's root directory (<path>/client/android-build/.) and you should be good to go.

from https://github.com/amnezia-vpn/amnezia-client 

(download url: https://github.com/amnezia-vpn/amnezia-client/releases/download/4.8.5.0/AmneziaVPN_4.8.5.0_x64.exe )    

--------------------------------------------------------------

 

AmneziaWG is a contemporary version of the popular VPN protocol, WireGuard. It's a fork of WireGuard-Go and offers protection against detection by Deep Packet Inspection (DPI) systems. At the same time, it retains the simplified architecture and high performance of the original.

The progenitor of AmneziaWG, WireGuard, is known for its efficiency, but it does have issues with detection due to distinctive packet signatures.
AmneziaWG addresses this problem by employing advanced obfuscation methods, allowing its traffic to blend seamlessly with regular internet traffic.
As a result, AmneziaWG maintains high performance while adding an extra layer of stealth, making it a superb choice for those seeking a fast and discreet VPN connection.

Features of AmneziaWG include:

• Availability with AmneziaVPN on all platforms.
• Low energy consumption.
• Minimal configuration needed.
• Undetectable by DPI analysis systems, resistant to blocking.
• Operates over the UDP network protocol.

Working Principle:

AmneziaWG operates with backward compatibility. This means that the AmneziaWG implementation allows for modifications to certain static parameters in WireGuard, which are typically recognized by DPI systems. If these parameters are left at their default values (equal to 0), the protocol functions like standard WireGuard.

In AmneziaWG, headers of all packets have been modified:

• Initiator to Responder.
• Responder to Initiator.
• Data packet.
• Special "Under Load" packet – by default, random values are set, but these can be manually adjusted in the settings.

Since every user has different headers, it's nearly impossible to draft a universal tracking rule based on these headers to detect and block the protocol.

Another vulnerability of WireGuard lies in the sizes of its authentication packets.
In AmneziaWG, random bytes are appended to every auth packet to alter their size.
Thus, "init and response handshake packets" have added "junk" at the beginning of their data, the size of which is determined by the values S1 and S2.
By default, the initiating handshake packet has a fixed size (148 bytes). After adding the junk, its size becomes 148 bytes + S1.
AmneziaWG also incorporates another trick for more reliable masking. Before initiating a session, Amnezia sends a certain number of "junk" packets to thoroughly confuse DPI systems. The number of these packets and their minimum and maximum byte sizes can also be adjusted in the settings, using parameters Jc, Jmin, and Jmax.

Links:

AmneziaWG - main repository

Supporting utilities:

For Android
For Windows
For MacOS и IOS
For WireGuard

Installation of AmneziaWG via the console:

Installing AmneziaWG and other necessary utilities on a VDS server

Installing AmneziaWG on an Android device

Installing AmneziaWG on an OpenWRT device

Configurations with the AmneziaWG protocol can be used not only in the AmneziaVPN application but also in the native AmneziaWG client:

For Android on Google Play

For iOS on the App Store

For Windows on the Github

from  https://docs.amnezia.org/documentation/amnezia-wg

-------

 https://docs.amnezia.org/documentation/alternative-clients/

-----------

 

Go Implementation of AmneziaWG

AmneziaWG is a contemporary version of the WireGuard protocol. It's a fork of WireGuard-Go and offers protection against detection by Deep Packet Inspection (DPI) systems. At the same time, it retains the simplified architecture and high performance of the original.

The precursor, WireGuard, is known for its efficiency but had issues with detection due to its distinctive packet signatures. AmneziaWG addresses this problem by employing advanced obfuscation methods, allowing its traffic to blend seamlessly with regular internet traffic. As a result, AmneziaWG maintains high performance while adding an extra layer of stealth, making it a superb choice for those seeking a fast and discreet VPN connection.

Usage

Simply run:

$ amneziawg-go wg0

This will create an interface and fork into the background. To remove the interface, use the usual ip link del wg0, or if your system does not support removing interfaces directly, you may instead remove the control socket via rm -f /var/run/amneziawg/wg0.sock, which will result in amneziawg-go shutting down.

To run amneziawg-go without forking to the background, pass -f or --foreground:

$ amneziawg-go -f wg0

When an interface is running, you may use amneziawg-tools to configure it, as well as the usual ip(8) and ifconfig(8) commands.

To run with more logging you may set the environment variable LOG_LEVEL=debug.

Platforms

Linux

This will run on Linux; you should run amnezia-wg instead of using default linux kernel module.

macOS

This runs on macOS using the utun driver. It does not yet support sticky sockets, and won't support fwmarks because of Darwin limitations. Since the utun driver cannot have arbitrary interface names, you must either use utun[0-9]+ for an explicit interface name or utun to have the kernel select one for you. If you choose utun as the interface name, and the environment variable WG_TUN_NAME_FILE is defined, then the actual name of the interface chosen by the kernel is written to the file specified by that variable. This runs on MacOS, you should use it from amneziawg-apple

Windows

This runs on Windows, you should use it from amneziawg-windows, which uses this as a module.

Building

This requires an installation of the latest version of Go.

$ git clone https://github.com/amnezia-vpn/amneziawg-go
$ cd amneziawg-go
$ make 

from  https://github.com/amnezia-vpn/amneziawg-go