AmneziaWG

AmneziaWG is a WireGuard-Go fork that eliminates characteristic network signatures. Version 1.5 introduces protocol masquerading for UDP protocols like QUIC and DNS.

8 Key Advantages

DPI Invisibility — dynamic headers and randomized packet sizes
Protocol Masquerading — imitates QUIC, DNS, SIP and other UDP protocols
High Performance — kernel module with ChaCha20-Poly1305, SIMD optimization
Energy Efficiency — Go-based userspace, suitable for mobile
Cross-Platform Support
UDP Transport
Configuration Simplicity — specify masquerade protocol, rest auto-fills
Backward Compatibility — identical to standard WireGuard when obfuscation disabled

How It Works

1. Dynamic Headers

Random constants applied to 4 WireGuard packet formats (Init, Response, Data, Under-Load).

2. Handshake Length Randomization

len(init) = 148 + S1 (S1: 0-64 bytes)
len(resp) = 92 + S2 (S2: 0-64 bytes)

3. CPS (Custom Protocol Signature)

Up to 5 UDP packets sent before handshakes:

Tag	Format	Description
`b`	`<b hex_data>`	Static bytes for protocol imitation
`c`	`<c>`	32-bit packet counter
`t`	`<t>`	Unix timestamp (32-bit)
`r`	`<r length>`	Cryptographically random bytes (≤1000)

4. Junk Train (Jc)

Pseudo-random packets (Jc count) between Jmin-Jmax bytes.

5. Unchanged Encryption

Identical to WireGuard: Curve25519, ChaCha20-Poly1305, bidirectional key rotation.

Configuration Parameters

Parameter	Range	Purpose
I1-I5	hex-blob	Protocol signature packets
S1, S2	0-64 bytes	Random prefixes for Init/Response
Jc	0-10	Junk packet count
Jmin, Jmax	64-1024 bytes	Junk packet size range

INFO

Zero values = standard WireGuard behavior.

Security

Noise_IK key exchange with Curve25519, AEAD ChaCha20-Poly1305. All existing WireGuard security audits apply.

AmneziaWG ​

8 Key Advantages ​

How It Works ​

1. Dynamic Headers ​

2. Handshake Length Randomization ​

3. CPS (Custom Protocol Signature) ​

4. Junk Train (Jc) ​

5. Unchanged Encryption ​

Configuration Parameters ​

Security ​