Skip to main content

Protocols info

We do not recommend using OpenVPN, WireGuard®, IKEv2 protocols without traffic masking in countries with high levels of censorship, as your VPS IP address may be blocked. To avoid blocking, use only AmneziaWG.

OpenVPN

The time-tested most popular VPN protocol. Uses proprietary security protocol with SSL/TLS for encryption and key exchange and supports various authentication methods, making it suitable for different devices and operating systems.

  • Normal power consumption on mobile devices.
  • Flexible customization to meet user needs to work with different operating systems and devices.
  • Recognized by DPI analysis systems, and therefore susceptible to blocking.
  • Can operate over both TCP and UDP network protocols.

ShadowSocks

It is based on the SOCKS5 proxy protocol, which protects the connection using the AEAD cipher - roughly along the same lines as SSH tunneling. A Shadowsocks connection is difficult to identify because it is virtually identical to a normal HTTPS connection. However, some traffic analysis systems can still recognize a ShadowSocks connection, so in countries with high levels of censorship we recommend using OpenVPN in conjunction with Cloak.

  • Average power consumption on mobile devices (higher than OpenVPN).
  • It is possible to customize the encryption protocol.
  • Recognized by some DPI analysis systems.
  • Works only via TCP network protocol.

OpenVPN over Cloak

This is a combination of the OpenVPN protocol and the Cloak plugin. OpenVPN provides a secure VPN connection by encrypting all internet traffic between the client and server, while the Cloak plugin protects the OpenVPN protocol from detection and blocking.

Cloak can modify packet metadata and disguise VPN traffic as regular web traffic, as well as protect the VPN from detection through Active Probing. Immediately upon receiving the first data packet, Cloak authenticates the incoming connection. In case of authentication failure, the plugin disguises the server as a selected website, making your VPN undetectable to analysis systems.

In regions with high levels of internet censorship, it is advisable to use OpenVPN over Cloak from the first connection.

  • Average power consumption on mobile devices (higher than OpenVPN).
  • It is possible to customize the encryption protocol.
  • Recognized by some DPI analysis systems.
  • Works only via TCP network protocol.

OpenVPN over Cloak versions installed on client versions younger than 3 are not compatible with subsequent versions of the client. subsequent versions of the client. If you installed OpenVPN over Cloak on version 1 or 2 of the client, you must reinstall the protocol to make it work on versions 3 and 4.

The website used for masking in the settings of the Cloak plugin should be foreign and accessible from your country without a VPN. It must not have a login or password form, and it is preferable for it to be large and popular, so that your traffic remains inconspicuous.

In rare cases, website owners may file phishing complaints with your provider, so it is recommended to carefully select the website.

WireGuard®

Relatively new popular VPN protocol with simplified architecture. Provides stable VPN connection, high performance on all devices. Uses hard-coded encryption settings. WireGuard® compared to OpenVPN has lower latency and better data throughput.

  • Low power consumption on mobile devices.
  • Minimum number of settings.
  • Easily recognized by DPI analysis systems, susceptible to blocking.
  • Works via UDP network protocol.

IKEv2

Modern stable protocol. IKEv2 with IPSec encryption layer. Transmits data over fixed UDP ports 500 and 4500 protecting them with strong 3DES and AES crypto algorithms. Allows very fast switching between networks and devices. Due to its security, stability and speed, IKEv2 is currently one of the best VPN solutions for mobile devices. Vulnerable to detection and blocking.

  • Low power consumption, on mobile devices.
  • Minimal amount of customization.
  • Recognized by DPI analysis systems.
  • Works only over UDP network protocol.

AmneziaWG

A modern iteration of the popular VPN protocol, AmneziaWG builds upon the foundation set by WireGuard®, retaining its simplified architecture and high-performance capabilities across devices. While WireGuard® is known for its efficiency, it had issues with being easily detected due to its distinct packet signatures. AmneziaWG solves this problem by using better obfuscation methods, making its traffic blend in with regular internet traffic. This means that AmneziaWG keeps the fast performance of the original while adding an extra layer of stealth, making it a great choice for those wanting a fast and discreet VPN connection.

  • Available in the AmneziaVPN across all platforms Low power consumption.
  • Minimum number of settings.
  • Not recognised by DPI analysis systems, resistant to blocking.
  • Works over UDP network protocol.

XRay Reality

Reality is suitable for countries with the highest levels of internet censorship; it is currently being used in China and Iran and is protected against detection methods such as active probing. Reality can detect censors during the TLS handshake stage. If Reality identifies that a request is coming from its client, the server initiates a VPN tunnel for them. However, if any other request comes to port 443, the TLS connection is redirected to another real website, such as google.com. The censor will then receive a genuine TLS certificate from google.com and all the actual data from that site.

From the perspective of traffic analysis systems, this appears as a legitimate connection to a real website; the server delivers an authentic TLS certificate of that site, and everything (including the server's TLS fingerprint) looks very genuine and does not raise suspicion.

It's particularly noteworthy that Reality’s performance and connection speed are quite good compared to other options, like OpenVPN over Cloak.

  • Available on AmneziaVPN across all platforms.
  • Minimal configuration required.
  • Undetectable by DPI analysis systems, resistant to blocking.
  • Operates over the TCP network protocol.

When choosing a website for Reality camouflage, it's important to follow these conditions: It must not have a login or password form, and it is preferable for it to be large and popular, so that your traffic remains inconspicuous.

In rare cases, website owners may file phishing complaints with your provider, so it is recommended to carefully select the website.

Contact the chat for help if something does not work
Products
Amnezia VPN
Links
DocumentationTroubleshootingFAQ
Contacts
GithubTelegramReddit