Without interface reload, AWG obfuscation params (Jc, S1, S2, H1-H4) are not
applied to the kernel, and connections fail because client uses AWG but
server uses standard WireGuard protocol.
- Container now starts FIRST with docker run, then wg genkey is called inside it
- After config creation, explicitly reload wg0 interface with 'ip link del wg0' + 'wg-quick up'
- This ensures AWG obfuscation parameters (Jc, S1, S2, H1-H4) are applied to kernel
- Removed duplicate 'amnezia-xray' protocol from migration 047
- Modified migrations/048_enable_xray_stats.sql to accept existing keys via env vars (PRIVATE_KEY, SHORT_ID)
- Updated InstallProtocolManager.php to extract and store reality_private_key after XRay installation
- Added key restoration logic in buildExports() to reuse saved keys during reinstallation
- Fixed VpnClient.php to correctly parse JSON stats output from XRay API
- Security fix: removed exposed port 2375 from docker-compose.yml (dind container)
- Added InstallProtocolManager::addClient and fallback logic for X-Ray VLESS
to update server configuration (server.json) and restart container.
- Updated VpnClient::create to invoke InstallProtocolManager::addClient for
scripted protocols, enabling dynamic user addition.
- Ensured UUID generation for X-Ray clients.
Instead of generating a JSON config for X-Ray, pass the raw VLESS URI string
wrapped in a JSON object inside .
This matches the behavior of WireGuard config handling in the master branch
and is likely the expected format for Amnezia Android X-Ray import.
- Added 'isThirdPartyConfig' => true to X-Ray config object. This flag is present in imported configs in Amnezia Android.
- Reordered keys so protocol object ('xray') comes before 'container' key, matching the order seen in WireGuard QR codes.
Reverting header to 12-byte format (0x07C00100 + compressedLen + uncompressedLen).
This header format is known to be scanned correctly by Amnezia app.
Previous failure with this header was due to missing config wrapping.
Now we have both: correct header AND correct content structure.
The format that likely works with Amnezia Android is:
HEADER: 0x07C00100 (Magic 1984, Count 1, Id 0)
PAYLOAD: [UncompressedLen (4b)] + [Zlib Data]
This satisfies the Chunked QR check (magic 0x07C0) and then passes
the payload to qUncompress, which expects the 4-byte uncompressed length prefix.
Previous attempts failed because:
1. 12-byte header included compressedLen, which qUncompress interpreted as uncompressedLen (causing size mismatch error)
2. 4-byte header (Qt only) failed the Magic check
Amnezia Android expects the contents of 'last_config' to be a JSON object
containing a 'config' field which holds the actual protocol configuration string.
Previously we were putting the configuration directly into 'last_config',
which caused the import to fail.
The working QR format from Amnezia app uses:
- 12-byte header: version (0x07C00100) + compressedLen + uncompressedLen
- zlib compressed JSON data
Previously I incorrectly changed this to Qt qCompress format (4-byte header).
This commit reverts to the correct Amnezia-compatible format.
Amnezia Android uses qUncompress which expects:
- 4-byte big-endian uncompressed length prefix
- zlib compressed data (gzcompress output)
Previously we used a custom 12-byte header (version, compressedLen, uncompressedLen)
which was incompatible with Qt's qUncompress.
This fix ensures X-Ray QR codes can be properly decoded by Amnezia VPN app.
- Fix docker run command in install script (use single line instead of
backslash continuations which break when stored in MySQL)
- Handle new xray x25519 output format that uses 'Password' instead of 'Public key'
- Make addClientToServer method public for backup restore functionality
- Created migration 046 with complete fix for X-Ray VLESS protocol
- Add PHP LDAP extension to Docker container
- Implement LdapSync class for authentication and user synchronization
- Add automatic user sync via cron (every 30 minutes)
- Create role-based access control system (admin, manager, viewer)
- Add LDAP configuration UI in settings
- Support for both Active Directory and OpenLDAP
- Group-to-role mapping with flexible configuration
- Add 50+ translations (EN + RU) for LDAP features
- Include comprehensive setup documentation
- Enhance Auth::login() with LDAP fallback
- Add LDAP settings page with connection testing
infosave2007