GitHub - bivlked/amneziawg-installer: One-command install script for self-hosted AmneziaWG 2.0 VPN — Ubuntu & Debian, DPI bypass, traffic obfuscation, auto-hardening, client management
github.com
One-command install script for self-hosted AmneziaWG 2.0 VPN — Ubuntu & Debian, DPI bypass, traffic obfuscation, auto-hardening, client management - bivlked/amneziawg-installer

WireGuard is blocked by DPI in 10+ countries now. AmneziaWG 2.0 is a fork that makes the traffic look like random noise - DPI can’t tell it apart from normal UDP. Same crypto under the hood, negligible speed overhead.

I wrote an installer that handles the whole setup in one command on a clean Ubuntu/Debian VPS - kernel module, firewall, hardening, client configs with QR codes. Pure bash, no dependencies, runs on any $3/month box. MIT license.

Been running it from Russia where stock WireGuard stopped working mid-2025.

    • bivlked@lemmy.worldOPEnglish
      1·
      1 day ago

      Blocking has to happen real-time on every packet — a DPI box needs a fixed pattern to match. AWG shifts its headers per install, so there’s no stable rule to write. Statistical detection (what litchralee described above) is possible but too slow and expensive to run inline at ISP scale - you’d need to collect and analyze flow data over hours before making a call. By then the connection is long gone.