AmneziaWG

AmneziaWG is a fork of WireGuard-Go, inheriting the architectural simplicity and high performance of the original implementation, but eliminating the identifiable network signatures that make WireGuard easily detectable by Deep Packet Inspection (DPI) systems.

Version 1.5 took obfuscation to the next level: traffic can now be disguised as common UDP protocols (such as QUIC, DNS, etc.).

Version 2.0 extends this approach to full "mimicry": traffic becomes even less recognizable to DPI not only at connection time but also during data transmission, thanks to constantly changing headers and packet sizes. This reduces the likelihood of VPN traffic being identified by characteristic patterns and complicates heuristic analysis.

The predecessor of AmneziaWG, WireGuard, has established itself as a fast and reliable VPN protocol thanks to its compact codebase and high efficiency. However, its fixed packet headers and predictable packet sizes create an easily recognizable signature. DPI systems can effortlessly identify these packets and immediately terminate connections — a critical issue in countries with strict internet censorship.

AmneziaWG 1.5 addressed this issue through multi-level obfuscation at the transport layer: it modified packet headers, randomized handshake message sizes, and allowed traffic to be disguised as popular UDP protocols.

AmneziaWG 2.0 further strengthens obfuscation: it uses dynamic ranges for headers instead of static values, adds random padding bytes to all WireGuard message types, and extends the signature CPS packets before handshakes to more convincingly mimic UDP protocols. At the same time, the fundamental cryptographic core of WireGuard remains unchanged, preserving its performance and security.

Key Advantages

Invisibility to DPI — dynamic headers from specified ranges and randomized sizes for all packet types.
Protocol Masking — mimics QUIC, DNS, SIP, and other UDP protocols.
High Performance — operates as a Linux kernel module, with encryption using the single-pass AEAD algorithm ChaCha20-Poly1305 optimized with SIMD, identical to WireGuard.
Energy Efficiency — Go-based implementation running in user space without heavy cryptography, making it suitable for mobile devices and routers.
Cross-platform Support — compatible with all major operating systems.
UDP Transport — all traffic transmitted over UDP, simplifying circumvention of censorship and reducing latency.
Ease of Configuration — simply specify the signature of the masking protocol; remaining parameters are filled automatically.
Backward Compatibility — when masking parameters are disabled, AmneziaWG configuration is fully compatible with WireGuard.

How It Works

Below is a step-by-step explanation of how AmneziaWG 2.0 transforms classic WireGuard traffic into an indistinguishable stream of UDP packets.

Dynamic Headers for All Packet Types (H1-H4)

During tunnel initialization, the library generates random values from specified ranges, applied to each of the four WireGuard packet formats: Init, Response, Cookie, and Data. These values:
- Replace predictable WireGuard packet identifiers;
- Shift offsets of Version/Type fields;
- Modify reserved bits.
For each packet sent, a random value is selected from the configured range; on reception, any value within the range is accepted. This makes the header unpredictable even for the same packet type.

Important: H1-H4 ranges must not overlap.

As a result, no two clients have identical headers, making it impossible to write a universal DPI rule.
Packet Length Randomization (S1-S4)

In WireGuard, the Init packet is exactly 148 bytes, Response is 92 bytes, Cookie is 64 bytes, and Data has variable size (payload). AmneziaWG adds pseudorandom prefixes S1, S2, S3, and S4 (0 to 32/64 bytes):
```
len(init) = 148 + random(0..S1)
len(resp) = 92 + random(0..S2)
len(cookie) = 64 + random(0..S3)
len(data) = payload + random(0..S4)
```
For correct operation, the following rules are recommended:
- S1 + 56 ≠ S2
- S4 ≤ 32

Obfuscation Packets I1-I5 (Signature Chain) and CPS (Custom Protocol Signature)

Before each handshake (every 120 seconds), the client may send up to five different UDP packets fully described by the user in the CPS format. The primary packet I1 contains a hex snapshot of an actual protocol (e.g., a QUIC Initial handshake), which can also be randomized. The remaining packets, I2-I5, increase entropy through counters, timestamps, and random data.

We named this format CPS — Custom Protocol Signature:

i{n} = <tag1><tag2><tag3>...<tagN>

Tag Types

Tag	Format	Description	Constraints	Example
b	`<b hex_data>`	Static bytes for protocol imitation	Arbitrary length	`<b 0xf6ab3267fa>`
c	`<c>`	Packet counter (32-bit, network byte order)	Unique within the sequence	Auto: 1, 2, 3...
t	`<t>`	Unix timestamp (32-bit, network byte order)	Unique within the sequence	Unix time
r	`<r length>`	Cryptographically secure random bytes	length ≤ 1000	`<r 20>`
rc	`<rc N>`	Random ASCII alphanumeric characters `[A-Za-z0-9]` — for text protocol mimicry	N ≤ 1000	`<rc 10>` → "aB3dEf9H2k"
rd	`<rd N>`	Random decimal digits `[0-9]` — for numeric field simulation	N ≤ 1000	`<rd 5>` → "13654"

Example of a CPS packet:

i1 = <b 0xc7000000010><rc 8><c><t><r 50>

Important: If the parameter I1 is missing, the entire chain (I2-I5) is skipped, and AmneziaWG behaves as AmneziaWG 1.0, simplifying compatibility.

Junk-train (Jc)

Immediately following the sequence of I-packets, a series Jc of pseudorandom packets with lengths varying between Jmin and Jmax is sent. These packets blur the timing and size profile of the session start, significantly complicating handshake detection.
Cookie Reply Packet

In WireGuard, Cookie Reply messages are used when the server is under load and issues cookie challenges (DoS mitigation). AmneziaWG obfuscates these packets like the other message types: the 32-bit message type is replaced with the configured magic header H3 (a value selected from the configured range), and then a random-length padding prefix of 0..S3 bytes is prepended (so the packet size becomes 64 + random(0..S3)).
UDP Transport with Unmodified Encryption

At the cryptographic layer, AmneziaWG remains identical to WireGuard, using Curve25519, ChaCha20-Poly1305, and bidirectional key rotation. Obfuscation operates strictly at the transport layer, leaving the payload fully compatible with the original WireGuard protocol. AmneziaWG modifies only the packet headers.

Summary: DPI sees only a randomized sequence of UDP packets with unpredictable headers, packet lengths, a blurred handshake, and unique per-user signatures. Meanwhile, the tunnel's speed and reliability remain virtually indistinguishable from WireGuard.

Configuration Parameters

Parameter	Range	Description
I1-I5	arbitrary hex-blob	Signature packets for protocol imitation
S1-S4	0-64 (S1-S3) or 0-32 (S4) bytes	Random prefixes for Init/Response/Cookie/Data packets
Jc	0-10	Number of junk packets following I1-I5
Jmin, Jmax	64-1024 bytes	Size range for random junk packets
H1-H4	0-4,294,967,295	Dynamic headers for packet types

With all parameters set to zero, behavior defaults to standard WireGuard — facilitating a smooth migration.

Security

AmneziaWG 2.0 does not alter WireGuard's cryptography, thus inheriting its proven security (the Noise_IK key-exchange protocol with Curve25519 and AEAD ChaCha20-Poly1305). Obfuscation fields are authenticated using the same MAC tags as the primary headers.

Security Audit: Since the cryptographic core remains unchanged, all existing security analyses of WireGuard remain applicable.

Next Steps

Detailed deployment and configuration instructions:

Using the AmneziaWG 1.5/2.0 Protocol on Self-hosted Servers

Additional Resources

Native AmneziaWG Clients

Configurations can be used not only within AmneziaVPN but also with specialized clients:

AmneziaWG

Key Advantages​

How It Works​

Configuration Parameters​

Security​

Next Steps​

Additional Resources​

Native AmneziaWG Clients​