diff --git a/scripts/awg_downgrade_obfuscation.sh b/scripts/awg_downgrade_obfuscation.sh new file mode 100644 index 0000000..983cda7 --- /dev/null +++ b/scripts/awg_downgrade_obfuscation.sh @@ -0,0 +1,59 @@ +#!/bin/sh +# ===================================================================== +# Downgrade an AmneziaWG server's obfuscation to a "classic" (AmneziaWG 1.0) +# set that older router AmneziaWG implementations accept. +# +# Keeps : Jc, Jmin, Jmax, S1, S2 (widely supported AWG 1.0 junk params) +# Converts: H1-H4 from "a-b" ranges -> single value "a" +# Drops : S3, S4 and I1-I5 (AWG 1.5/2.0-only padding & magic packets) +# +# After running this you MUST regenerate every client config in the panel +# (create new clients / re-export) and re-import them on phones too — the old +# AWG 2.0 client configs no longer match the server and will stop connecting. +# +# Usage (on the VPS host that runs the container): +# sh awg_downgrade_obfuscation.sh [container_name] +# Defaults to container "amnezia-awg2". +# ===================================================================== +set -e + +CONTAINER="${1:-amnezia-awg2}" + +if ! docker inspect "$CONTAINER" >/dev/null 2>&1; then + echo "Container '$CONTAINER' not found. Pass the correct name as the 1st arg." >&2 + exit 1 +fi + +# Locate the config inside the container (awg0.conf for AWG2, wg0.conf legacy). +CONF="" +for f in /opt/amnezia/awg/awg0.conf /opt/amnezia/awg/wg0.conf /etc/wireguard/wg0.conf; do + if docker exec "$CONTAINER" test -f "$f" 2>/dev/null; then CONF="$f"; break; fi +done +[ -n "$CONF" ] || { echo "WireGuard config not found inside $CONTAINER" >&2; exit 1; } + +echo "Container : $CONTAINER" +echo "Config : $CONF" +echo "Before:" +docker exec "$CONTAINER" sh -c "grep -E '^(Jc|Jmin|Jmax|S[0-9]|H[0-9]|I[0-9])[[:space:]]*=' '$CONF' || true" + +# Rewrite the [Interface] obfuscation params, then reload the interface using +# whichever tool the image provides (awg on amneziawg-go, wg on the Amnezia image). +docker exec "$CONTAINER" sh -c ' + set -e + CONF="'"$CONF"'" + IFACE="$(basename "$CONF" .conf)" + cp "$CONF" "${CONF}.bak" 2>/dev/null || true + + # H1-H4: "a-b" -> "a" + sed -i -E "s/^([[:space:]]*H[1-4][[:space:]]*=[[:space:]]*[0-9]+)-[0-9]+/\1/" "$CONF" + # Drop S3, S4 and I1-I5 lines entirely + sed -i -E "/^[[:space:]]*(S3|S4|I[1-5])[[:space:]]*=/d" "$CONF" + + QUICK="$(command -v awg-quick || command -v wg-quick)" + "$QUICK" down "$CONF" 2>/dev/null || "$QUICK" down "$IFACE" 2>/dev/null || true + "$QUICK" up "$CONF" +' + +echo "After:" +docker exec "$CONTAINER" sh -c "grep -E '^(Jc|Jmin|Jmax|S[0-9]|H[0-9]|I[0-9])[[:space:]]*=' '$CONF' || true" +echo "Done. Now regenerate all client configs in the panel and re-import them."