Self-Hosted Connection via the AmneziaWG Protocol Does Not Work

This guide will help you solve connection issues with the AmneziaWG protocol installed on a server using Amnezia Self-hosted in the AmneziaVPN app. Before trying the steps below, make sure your server is paid for and active.

The information in this guide about internet restrictions based on "whitelists" is relevant for users located in Russia.

What should you do if you cannot connect to the VPN, or the connection succeeds but there is no traffic, meaning websites do not open and content in apps does not load?

First, you need to understand how your internet connection works without VPN right now:

• only blocked websites do not open, such as YouTube and Instagram
• only websites from the “whitelist” open, while foreign websites do not

One of the easiest ways to check this is to open https://nperf.com using the same internet connection that fails with the VPN, and run a speed test to any foreign server.

If the site does not open, or the download/upload speed fluctuates at just a few kilobits per second, you can safely assume that your internet access is currently limited to an “whitelist” or is otherwise heavily restricted. In such cases, changing your internet source can help. Sometimes mobile internet from a different carrier works, but the most reliable solution is to connect over Wi-Fi to a wired internet connection.

Here is one of many articles online that can help you better understand how “whitelist” internet restrictions are usually bypassed: https://habr.com/ru/articles/985674 (you need VPN enabled to open the article).

If the speed test result on nperf looks acceptable, the problem is either that the server is unreachable or that the AmneziaWG protocol settings are causing the issue.

Keep using the same internet connection that has the VPN issue, and try the following:

• connect to the server over SSH
• open the VPN user management section in the AmneziaVPN app

If the server is unreachable over SSH and you cannot open the VPN user management section either, the most likely cause is that your server IP address has been blocked by your mobile carrier or internet provider. In that case, the solution is either to change the server IP address through your hosting provider’s support team or to use a server from a different hosting provider that has not been blocked.

If the server is reachable over SSH and the VPN user management section is also available, the most likely cause of the VPN issue is that one or more AmneziaWG protocol parameters are being blocked.

The first thing to check is whether you manually changed any protocol settings other than the port number, which we will cover separately. This refers to the values of Jc/Jmin/Jmax, S1-S4, H1-H4, and I1-I5. If you changed any of these values, we recommend reinstalling the AmneziaWG protocol on the server and testing the VPN connection without changing the protocol parameters.

If the VPN connection does not work with the protocol settings preconfigured by the AmneziaVPN app, try changing them:

1. Open the AmneziaWG protocol settings and go to AmneziaWG connection settings.

If you make changes to the protocol settings under AmneziaWG server settings, all issued AmneziaWG connection keys and user configuration files will stop working.

2. If the value of Jc is lower than 6, change it to 6.

At this stage, you can already try saving the changes and testing the VPN connection.

3. Delete the current value of I1 and paste one of the following:

   <r 2><b 0x858000010001000000000669636c6f756403636f6d0000010001c00c000100010000105a00044d583737>

   <b 0x084481800001000300000000077469636b65747306776964676574096b696e6f706f69736b0272750000010001c00c0005000100000039001806776964676574077469636b6574730679616e646578c025c0390005000100000039002b1765787465726e616c2d7469636b6574732d776964676574066166697368610679616e646578036e657400c05d000100010000001c000457fafe25>

   <b 0xc70000000108ce1bf31eec7d93360000449e227e4596ed7f75c4d35ce31880b4133107c822c6355b51f0d7c1bba96d5c210a48aca01885fed0871cfc37d59137d73b506dc013bb4a13c060ca5b04b7ae215af71e37d6e8ff1db235f9fe0c25cb8b492471054a7c8d0d6077d430d07f6e87a8699287f6e69f54263c7334a8e144a29851429bf2e350e519445172d36953e96085110ce1fb641e5efad42c0feb4711ece959b72cc4d6f3c1e83251adb572b921534f6ac4b10927167f41fe50040a75acef62f45bded67c0b45b9d655ce374589cad6f568b8475b2e8921ff98628f86ff2eb5bcce6f3ddb7dc89e37c5b5e78ddc8d93a58896e530b5f9f1448ab3b7a1d1f24a63bf981634f6183a21af310ffa52e9ddf5521561760288669de01a5f2f1a4f922e68d0592026bbe4329b654d4f5d6ace4f6a23b8560b720a5350691c0037b10acfac9726add44e7d3e880ee6f3b0d6429ff33655c297fee786bb5ac032e48d2062cd45e305e6d8d8b82bfbf0fdbc5ec09943d1ad02b0b5868ac4b24bb10255196be883562c35a713002014016b8cc5224768b3d330016cf8ed9300fe6bf39b4b19b3667cddc6e7c7ebe4437a58862606a2a66bd4184b09ab9d2cd3d3faed4d2ab71dd821422a9540c4c5fa2a9b2e6693d411a22854a8e541ed930796521f03a54254074bc4c5bca152a1723260e7d70a24d49720acc544b41359cfc252385bda7de7d05878ac0ea0343c77715e145160e6562161dfe2024846dfda3ce99068817a2418e66e4f37dea40a21251c8a034f83145071d93baadf050ca0f95dc9ce2338fb082d64fbc8faba905cec66e65c0e1f9b003c32c943381282d4ab09bef9b6813ff3ff5118623d2617867e25f0601df583c3ac51bc6303f79e68d8f8de4b8363ec9c7728b3ec5fcd5274edfca2a42f2727aa223c557afb33f5bea4f64aeb252c0150ed734d4d8eccb257824e8e090f65029a3a042a51e5cc8767408ae07d55da8507e4d009ae72c47ddb138df3cab6cc023df2532f88fb5a4c4bd917fafde0f3134be09231c389c70bc55cb95a779615e8e0a76a2b4d943aabfde0e394c985c0cb0376930f92c5b6998ef49ff4a13652b787503f55c4e3d8eebd6e1bc6db3a6d405d8405bd7a8db7cefc64d16e0d105a468f3d33d29e5744a24c4ac43ce0eb1bf6b559aed520b91108cda2de6e2c4f14bc4f4dc58712580e07d217c8cca1aaf7ac04bab3e7b1008b966f1ed4fba3fd93a0a9d3a27127e7aa587fbcc60d548300146bdc126982a58ff5342fc41a43f83a3d2722a26645bc961894e339b953e78ab395ff2fb854247ad06d446cc2944a1aefb90573115dc198f5c1efbc22bc6d7a74e41e666a643d5f85f57fde81b87ceff95353d22ae8bab11684180dd142642894d8dc34e402f802c2fd4a73508ca99124e428d67437c871dd96e506ffc39c0fc401f666b437adca41fd563cbcfd0fa22fbbf8112979c4e677fb533d981745cceed0fe96da6cc0593c430bbb71bcbf924f70b4547b0bb4d41c94a09a9ef1147935a5c75bb2f721fbd24ea6a9f5c9331187490ffa6d4e34e6bb30c2c54a0344724f01088fb2751a486f425362741664efb287bce66c4a544c96fa8b124d3c6b9eaca170c0b530799a6e878a57f402eb0016cf2689d55c76b2a91285e2273763f3afc5bc9398273f5338a06d>

4. Save the changes and try connecting to the VPN.

If the connection still does not work, test it one by one with each of the I1 values listed above.

We recommend starting by cycling through the signatures (I1 values), because at the moment one of the most common causes of connection issues is blocking by signature.

In addition, testing the connection with modified Jc and I1-I5 values does not require:

• reissuing keys and files for users who already use AmneziaWG VPN connections
• making changes to the server settings of the AmneziaWG protocol, which would require all current VPN users to get new keys and files

If the VPN connection does not work with any I1 value, the problem may be related to the port used for the AmneziaWG connection. For example, some Russian internet providers have already started blocking UDP traffic over ports above 9999.

To rule out port-based blocking, you need to change the port in the server settings of the AmneziaWG protocol. This means that all configuration files and connection keys currently used for AmneziaWG VPN connections to this server will stop working.

1. Open the AmneziaWG protocol settings and go to AmneziaWG server settings.
2. Change the port number to any other value below 9999, for example 585 or 1234.

In rare cases, the most effective option is to change the port to 443, as long as the XRay protocol is not installed on the server, because XRay most often uses that port. If you use port 443 for AmneziaWG, we strongly recommend using the third signature (I1 value) from the list above. Otherwise, UDP traffic over port 443 will look highly suspicious, which may cause the connection to be blocked.

3. Save the changes and try connecting to the VPN.

If the connection still does not work, test it with different ports.

If the VPN connection still does not work after cycling through signatures and ports, ask for help in our Telegram group or contact Amnezia Self-hosted user support:

• https://t.me/amnezia_support_bot
• support@amnezia.org