diff --git a/inc/VpnClient.php b/inc/VpnClient.php index d90ea2b..5dd1e59 100644 --- a/inc/VpnClient.php +++ b/inc/VpnClient.php @@ -1182,6 +1182,10 @@ class VpnClient $config .= "Address = {$clientIP}/32\n"; $config .= "DNS = 1.1.1.1, 1.0.0.1\n"; $config .= "PrivateKey = {$privateKey}\n"; + // AmneziaWG obfuscation adds per-packet overhead; without a reduced MTU + // the tunnel connects but large packets are dropped (no usable traffic). + // 1280 matches the official Amnezia app default. (issue #50) + $config .= "MTU = 1280\n"; // Add AWG parameters (in the order used by Amnezia app) // For awg2 include I1-I5, S3, S4; for regular awg only H1-H4, Jc, Jmin, Jmax, S1, S2 diff --git a/migrations/064_complete_awg2_original_params.sql b/migrations/064_complete_awg2_original_params.sql index 1f7b64e..0d23745 100644 --- a/migrations/064_complete_awg2_original_params.sql +++ b/migrations/064_complete_awg2_original_params.sql @@ -5,6 +5,7 @@ SET output_template = '[Interface] Address = {{client_ip}}/32 DNS = {{dns_servers}} PrivateKey = {{private_key}} +MTU = 1280 Jc = {{Jc}} Jmin = {{Jmin}} Jmax = {{Jmax}} diff --git a/migrations/071_fix_awg2_client_mtu.sql b/migrations/071_fix_awg2_client_mtu.sql new file mode 100644 index 0000000..92f0b53 --- /dev/null +++ b/migrations/071_fix_awg2_client_mtu.sql @@ -0,0 +1,23 @@ +-- ===================================================================== +-- Migration 071: Restore client MTU for AmneziaWG 2.0 (awg2) +-- +-- Issue #50: clients connect (handshake succeeds) but no traffic flows. +-- Root cause: the awg2 client output_template lost its "MTU = 1280" line +-- when migration 064 rewrote it (migration 058 had it). With no explicit +-- MTU the client defaults to 1420, which is too large once AmneziaWG +-- obfuscation overhead (Jc junk packets, S1/S2 padding) is added on top of +-- WireGuard's own overhead: the handshake (small packets) succeeds, but +-- larger packets (TLS, web pages) exceed the path and are dropped — so the +-- tunnel is "connected" yet carries no usable traffic. 1280 is the value the +-- official Amnezia app uses for AmneziaWG clients. +-- ===================================================================== + +UPDATE protocols +SET output_template = REPLACE( + output_template, + 'PrivateKey = {{private_key}}\n', + 'PrivateKey = {{private_key}}\nMTU = 1280\n' +) +WHERE slug = 'awg2' + AND output_template LIKE '%PrivateKey = {{private_key}}%' + AND output_template NOT LIKE '%MTU%';