feat: enhance AWG2 support with additional parameters and backward compatibility improvements
This commit is contained in:
infosave2007
@@ -0,0 +1,211 @@
|
||||
-- Complete AWG2 support with original Amnezia parameters, including I1-I5.
|
||||
|
||||
UPDATE protocols
|
||||
SET output_template = '[Interface]
|
||||
Address = {{client_ip}}/32
|
||||
DNS = {{dns_servers}}
|
||||
PrivateKey = {{private_key}}
|
||||
Jc = {{Jc}}
|
||||
Jmin = {{Jmin}}
|
||||
Jmax = {{Jmax}}
|
||||
S1 = {{S1}}
|
||||
S2 = {{S2}}
|
||||
S3 = {{S3}}
|
||||
S4 = {{S4}}
|
||||
H1 = {{H1}}
|
||||
H2 = {{H2}}
|
||||
H3 = {{H3}}
|
||||
H4 = {{H4}}
|
||||
I1 = {{I1}}
|
||||
I2 = {{I2}}
|
||||
I3 = {{I3}}
|
||||
I4 = {{I4}}
|
||||
I5 = {{I5}}
|
||||
|
||||
[Peer]
|
||||
PublicKey = {{server_public_key}}
|
||||
PresharedKey = {{preshared_key}}
|
||||
AllowedIPs = 0.0.0.0/0, ::/0
|
||||
Endpoint = {{server_host}}:{{server_port}}
|
||||
PersistentKeepalive = 25',
|
||||
install_script = '#!/bin/bash
|
||||
set -euo pipefail
|
||||
|
||||
CONTAINER_NAME="${SERVER_CONTAINER:-amnezia-awg2}"
|
||||
PORT_RANGE_START=${PORT_RANGE_START:-30000}
|
||||
PORT_RANGE_END=${PORT_RANGE_END:-65000}
|
||||
VPN_PORT="${SERVER_PORT:-$((RANDOM % (PORT_RANGE_END - PORT_RANGE_START + 1) + PORT_RANGE_START))}"
|
||||
MTU=${MTU:-1280}
|
||||
|
||||
if ! command -v git &> /dev/null; then
|
||||
apt-get update -qq && apt-get install -y -qq git >/dev/null 2>&1
|
||||
fi
|
||||
|
||||
mkdir -p /opt/amnezia/awg2
|
||||
|
||||
if [ ! -d /opt/amnezia/awg2/src ]; then
|
||||
git clone --depth=1 https://github.com/amnezia-vpn/amneziawg-go.git /opt/amnezia/awg2/src
|
||||
fi
|
||||
|
||||
docker build --no-cache -t amnezia-awg2 /opt/amnezia/awg2/src
|
||||
|
||||
EXISTING=$(docker ps -aq -f "name=$CONTAINER_NAME" 2>/dev/null | head -1)
|
||||
if [ -z "$EXISTING" ]; then
|
||||
docker run -d --name "$CONTAINER_NAME" --restart always --cap-add=NET_ADMIN --device /dev/net/tun -p "${VPN_PORT}:${VPN_PORT}/udp" -v /opt/amnezia/awg2:/opt/amnezia/awg amnezia-awg2 sh -c "while [ ! -f /opt/amnezia/awg/wg0.conf ]; do sleep 1; done; WG_QUICK_USERSPACE_IMPLEMENTATION=amneziawg-go awg-quick up /opt/amnezia/awg/wg0.conf && sleep infinity"
|
||||
sleep 2
|
||||
else
|
||||
STATUS=$(docker inspect --format="{{.State.Status}}" "$CONTAINER_NAME" 2>/dev/null || echo "")
|
||||
if [ "$STATUS" != "running" ]; then
|
||||
docker start "$CONTAINER_NAME" >/dev/null 2>&1 || true
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -f /opt/amnezia/awg2/wg0.conf ]; then
|
||||
PORT=$(grep -E "^ListenPort" /opt/amnezia/awg2/wg0.conf | cut -d= -f2 | tr -d "[:space:]")
|
||||
PSK=$(cat /opt/amnezia/awg2/wireguard_psk.key 2>/dev/null || true)
|
||||
if [ -z "$PSK" ]; then
|
||||
PSK=$(grep -E "^PresharedKey" /opt/amnezia/awg2/wg0.conf | cut -d= -f2 | tr -d "[:space:]")
|
||||
fi
|
||||
PUBKEY=$(cat /opt/amnezia/awg2/wireguard_server_public_key.key 2>/dev/null || true)
|
||||
if [ -z "$PUBKEY" ]; then
|
||||
PRIVKEY=$(cat /opt/amnezia/awg2/wireguard_server_private_key.key 2>/dev/null || true)
|
||||
if [ -n "$PRIVKEY" ]; then
|
||||
PUBKEY=$(echo "$PRIVKEY" | docker exec -i "$CONTAINER_NAME" wg pubkey)
|
||||
fi
|
||||
fi
|
||||
|
||||
echo "Using existing AmneziaWG 2.0 configuration"
|
||||
echo "Port: ${PORT:-$VPN_PORT}"
|
||||
if [ -n "${PUBKEY:-}" ]; then echo "Server Public Key: $PUBKEY"; fi
|
||||
if [ -n "${PSK:-}" ]; then echo "PresharedKey = $PSK"; fi
|
||||
|
||||
EXTERNAL_IP=$(curl -s -4 ifconfig.me 2>/dev/null || curl -s -4 icanhazip.com 2>/dev/null || echo "YOUR_SERVER_IP")
|
||||
echo "Server Host: $EXTERNAL_IP"
|
||||
|
||||
for P in Jc Jmin Jmax S1 S2 S3 S4 H1 H2 H3 H4 I1 I2 I3 I4 I5; do
|
||||
VAL=$(sed -n -E "s/^[[:space:]]*$P[[:space:]]*=[[:space:]]*//p" /opt/amnezia/awg2/wg0.conf | head -1 | tr -d "\r")
|
||||
if [ -n "$VAL" ] || [[ "$P" =~ ^I[2-5]$ ]]; then echo "Variable: $P=$VAL"; fi
|
||||
done
|
||||
echo "Variable: dns_servers=1.1.1.1, 1.0.0.1"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
PRIVATE_KEY=$(docker exec "$CONTAINER_NAME" wg genkey)
|
||||
PUBLIC_KEY=$(echo "$PRIVATE_KEY" | docker exec -i "$CONTAINER_NAME" wg pubkey)
|
||||
PRESHARED_KEY=$(docker exec "$CONTAINER_NAME" wg genpsk)
|
||||
|
||||
JC=5
|
||||
JMIN=10
|
||||
JMAX=50
|
||||
S1_VAL=51
|
||||
S2_VAL=125
|
||||
S3_VAL=13
|
||||
S4_VAL=9
|
||||
H1_VAL="1443912531-1981073285"
|
||||
H2_VAL="1984025557-2135018048"
|
||||
H3_VAL="2145217268-2146643749"
|
||||
H4_VAL="2146790761-2146860793"
|
||||
I1_VAL="<r 2><b 0x858000010001000000000669636c6f756403636f6d0000010001c00c000100010000105a00044d583737>"
|
||||
I2_VAL=""
|
||||
I3_VAL=""
|
||||
I4_VAL=""
|
||||
I5_VAL=""
|
||||
|
||||
{
|
||||
echo "[Interface]"
|
||||
echo "PrivateKey = $PRIVATE_KEY"
|
||||
echo "Address = 10.8.1.1/24"
|
||||
echo "ListenPort = $VPN_PORT"
|
||||
echo "Jc = $JC"
|
||||
echo "Jmin = $JMIN"
|
||||
echo "Jmax = $JMAX"
|
||||
echo "S1 = $S1_VAL"
|
||||
echo "S2 = $S2_VAL"
|
||||
echo "S3 = $S3_VAL"
|
||||
echo "S4 = $S4_VAL"
|
||||
echo "H1 = $H1_VAL"
|
||||
echo "H2 = $H2_VAL"
|
||||
echo "H3 = $H3_VAL"
|
||||
echo "H4 = $H4_VAL"
|
||||
echo "I1 = $I1_VAL"
|
||||
echo "PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE"
|
||||
echo "PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE"
|
||||
} > /opt/amnezia/awg2/wg0.conf
|
||||
|
||||
echo "$PRIVATE_KEY" > /opt/amnezia/awg2/wireguard_server_private_key.key
|
||||
echo "$PUBLIC_KEY" > /opt/amnezia/awg2/wireguard_server_public_key.key
|
||||
echo "$PRESHARED_KEY" > /opt/amnezia/awg2/wireguard_psk.key
|
||||
echo "[]" > /opt/amnezia/awg2/clientsTable
|
||||
|
||||
EXTERNAL_IP=$(curl -s -4 ifconfig.me 2>/dev/null || curl -s -4 icanhazip.com 2>/dev/null || echo "YOUR_SERVER_IP")
|
||||
|
||||
echo "AmneziaWG 2.0 installed successfully"
|
||||
echo "Port: $VPN_PORT"
|
||||
echo "Server Public Key: $PUBLIC_KEY"
|
||||
echo "PresharedKey = $PRESHARED_KEY"
|
||||
echo "Server Host: $EXTERNAL_IP"
|
||||
echo "Variable: Jc=$JC"
|
||||
echo "Variable: Jmin=$JMIN"
|
||||
echo "Variable: Jmax=$JMAX"
|
||||
echo "Variable: S1=$S1_VAL"
|
||||
echo "Variable: S2=$S2_VAL"
|
||||
echo "Variable: S3=$S3_VAL"
|
||||
echo "Variable: S4=$S4_VAL"
|
||||
echo "Variable: H1=$H1_VAL"
|
||||
echo "Variable: H2=$H2_VAL"
|
||||
echo "Variable: H3=$H3_VAL"
|
||||
echo "Variable: H4=$H4_VAL"
|
||||
echo "Variable: I1=$I1_VAL"
|
||||
echo "Variable: dns_servers=1.1.1.1, 1.0.0.1"'
|
||||
WHERE slug = 'awg2';
|
||||
|
||||
INSERT INTO protocol_variables (protocol_id, variable_name, variable_type, default_value, description, required)
|
||||
SELECT p.id, 'I1', 'text', '<r 2><b 0x858000010001000000000669636c6f756403636f6d0000010001c00c000100010000105a00044d583737>', 'Original AmneziaWG packet template I1', false
|
||||
FROM protocols p WHERE p.slug = 'awg2'
|
||||
AND NOT EXISTS (SELECT 1 FROM protocol_variables WHERE protocol_id = p.id AND variable_name = 'I1');
|
||||
|
||||
INSERT INTO protocol_variables (protocol_id, variable_name, variable_type, default_value, description, required)
|
||||
SELECT p.id, 'I2', 'text', '', 'Original AmneziaWG packet template I2', false
|
||||
FROM protocols p WHERE p.slug = 'awg2'
|
||||
AND NOT EXISTS (SELECT 1 FROM protocol_variables WHERE protocol_id = p.id AND variable_name = 'I2');
|
||||
|
||||
INSERT INTO protocol_variables (protocol_id, variable_name, variable_type, default_value, description, required)
|
||||
SELECT p.id, 'I3', 'text', '', 'Original AmneziaWG packet template I3', false
|
||||
FROM protocols p WHERE p.slug = 'awg2'
|
||||
AND NOT EXISTS (SELECT 1 FROM protocol_variables WHERE protocol_id = p.id AND variable_name = 'I3');
|
||||
|
||||
INSERT INTO protocol_variables (protocol_id, variable_name, variable_type, default_value, description, required)
|
||||
SELECT p.id, 'I4', 'text', '', 'Original AmneziaWG packet template I4', false
|
||||
FROM protocols p WHERE p.slug = 'awg2'
|
||||
AND NOT EXISTS (SELECT 1 FROM protocol_variables WHERE protocol_id = p.id AND variable_name = 'I4');
|
||||
|
||||
INSERT INTO protocol_variables (protocol_id, variable_name, variable_type, default_value, description, required)
|
||||
SELECT p.id, 'I5', 'text', '', 'Original AmneziaWG packet template I5', false
|
||||
FROM protocols p WHERE p.slug = 'awg2'
|
||||
AND NOT EXISTS (SELECT 1 FROM protocol_variables WHERE protocol_id = p.id AND variable_name = 'I5');
|
||||
|
||||
UPDATE protocol_variables pv
|
||||
JOIN protocols p ON p.id = pv.protocol_id
|
||||
SET pv.default_value = CASE pv.variable_name
|
||||
WHEN 'Jc' THEN '5'
|
||||
WHEN 'Jmin' THEN '10'
|
||||
WHEN 'Jmax' THEN '50'
|
||||
WHEN 'S1' THEN '51'
|
||||
WHEN 'S2' THEN '125'
|
||||
WHEN 'S3' THEN '13'
|
||||
WHEN 'S4' THEN '9'
|
||||
WHEN 'H1' THEN '1443912531-1981073285'
|
||||
WHEN 'H2' THEN '1984025557-2135018048'
|
||||
WHEN 'H3' THEN '2145217268-2146643749'
|
||||
WHEN 'H4' THEN '2146790761-2146860793'
|
||||
ELSE pv.default_value
|
||||
END
|
||||
WHERE p.slug = 'awg2'
|
||||
AND pv.variable_name IN ('Jc', 'Jmin', 'Jmax', 'S1', 'S2', 'S3', 'S4', 'H1', 'H2', 'H3', 'H4');
|
||||
|
||||
-- Fix awg_params for all existing servers using awg2 protocol
|
||||
-- Problem: H1-H4 parameters were stored with single values instead of "value1-value2" format
|
||||
-- This was causing QR codes to be detected as "legacy" instead of proper AmneziaWG 2.0 format
|
||||
UPDATE vpn_servers
|
||||
SET awg_params = '{"JC":5,"JMIN":10,"JMAX":50,"S1":51,"S2":125,"S3":13,"S4":9,"H1":"1443912531-1981073285","H2":"1984025557-2135018048","H3":"2145217268-2146643749","H4":"2146790761-2146860793","I1":"<r 2><b 0x858000010001000000000669636c6f756403636f6d0000010001c00c000100010000105a00044d583737>","I2":"","I3":"","I4":"","I5":""}'
|
||||
WHERE install_protocol = 'awg2';
|
||||
Reference in New Issue
Block a user