search

pufferffish / wireproxy

Wireguard client that exposes itself as a socks5 proxy
ISC License
4.54k stars 272 forks source link

Draft: feat: replace golang.zx2c4.com/wireguard with github.com/amnezia-vpn/amneziawg-go #102

Closed juev closed 9 months ago

juev commented 9 months ago

This is essentially a draft of software changes #101

Add support wireguard with obfuscation

Currently, the library being used has been changed. Changes were tested without changing the configuration file format.

In the future, we plan to add additional obfuscation parameters to the configuration. I may have time to do this in the near future.

pufferffish commented 9 months ago

Hello, I tried finding documentation on amneziawg-go but I couldn't find any. My questions are:

  1. Is it compatible with the original wireguard protocol?
  2. What methodologies is it using to offer protection against DPI?
  3. Is the team behind it trustworthy enough to ensure no malicious code makes it to wireproxy via vendor attack? To phrase it more bluntly, why should I trust this somewhat not well known fork, instead of wireguard itself?

Personally I would rather stick with wireguard for wireproxy than replacing it with amneziawg. I'm happy to see wireproxy being forked to support another protocol of course, but I don't think I would merge it into main.

juev commented 9 months ago

Hello,

  1. Yes, the library is a fork of the original wireguard and adds only the ability to obfuscate. The standard configuration works the same as in the original client.
  2. Unfortunately, the protocol description was removed from the documentation https://amnezia.org/en/instructions/31_amneziawg, but the formal description is available on the page https://www.reddit.com/r/AmneziaVPN/comments/17g37ck/new_amneziawg_protocol_modified_wireguard/, I can contact the developers to get more information.
  3. This is a good question. To be honest, I don't have any proof of the developers ' trustworthiness. But judging by their online activity and the number of users who use their product, they can still be trusted. In addition, the library code is publicly available. And judging from what I've seen in the changes compared to the original wireguard, only what was claimed has been added.

As for preferences, I totally agree with you! But in this issue, I would still implement support for the new protocol, simply because we do not lose the old functionality, and in addition we get the ability to connect to servers using traffic masking. For a number of people, this will be very useful.

juev commented 9 months ago

I went to the developers https://t.me/amnezia_vpn_dev

I immediately came across the description page of the protocol used: https://amnezia.org/en/learn-more/31_amneziawg

juev commented 9 months ago

Sample config file:

[Interface]
PrivateKey = 
Address = 10.8.1.0/24
ListenPort = 37524
Jc = 8
Jmin = 50
Jmax = 1000
S1 = 57
S2 = 138
H1 = 32465355
H2 = 1457248667
H3 = 1456672562
H4 = 111345265
[Peer]
PublicKey = 
PresharedKey = 
AllowedIPs = 10.8.1.2/32

New options here:

Jc = 8
Jmin = 50
Jmax = 1000
S1 = 57
S2 = 138
H1 = 32465355
H2 = 1457248667
H3 = 1456672562
H4 = 111345265
pufferffish commented 9 months ago

Hello,

1. Yes, the library is a fork of the original wireguard and adds only the ability to obfuscate. The standard configuration works the same as in the original client.

2. Unfortunately, the protocol description was removed from the documentation https://amnezia.org/en/instructions/31_amneziawg, but the formal description is available on the page https://www.reddit.com/r/AmneziaVPN/comments/17g37ck/new_amneziawg_protocol_modified_wireguard/, I can contact the developers to get more information.

3. This is a good question. To be honest, I don't have any proof of the developers ' trustworthiness. But judging by their online activity and the number of users who use their product, they can still be trusted. In addition, the library code is publicly available. And judging from what I've seen in the changes compared to the original wireguard, only what was claimed has been added.

As for preferences, I totally agree with you! But in this issue, I would still implement support for the new protocol, simply because we do not lose the old functionality, and in addition we get the ability to connect to servers using traffic masking. For a number of people, this will be very useful.

I am happy to put a short mention on README to tell people about your fork. Personally while I agree the developers can be trusted, but on grounds of it being a relatively new project and not as established as vanilla wireguard itself, I don't think I am comfortable with merging this into main yet.

juev commented 9 months ago

Copy that, thank you very much! I will try to implement the changes in my fork.

artem-russkikh commented 2 months ago

@pufferffish @juev I've forked repository and add support for AmneziaWG: https://github.com/artem-russkikh/wireproxy-awg

Current link in README seems to be broken, so I propose to change it here