-- =====================================================================
-- Migration 071: Restore client MTU for AmneziaWG 2.0 (awg2)
--
-- Issue #50: clients connect (handshake succeeds) but no traffic flows.
-- Root cause: the awg2 client output_template lost its "MTU = 1280" line
-- when migration 064 rewrote it (migration 058 had it). With no explicit
-- MTU the client defaults to 1420, which is too large once AmneziaWG
-- obfuscation overhead (Jc junk packets, S1/S2 padding) is added on top of
-- WireGuard's own overhead: the handshake (small packets) succeeds, but
-- larger packets (TLS, web pages) exceed the path and are dropped — so the
-- tunnel is "connected" yet carries no usable traffic. 1280 is the value the
-- official Amnezia app uses for AmneziaWG clients.
-- =====================================================================

UPDATE protocols
SET output_template = REPLACE(
  output_template,
  'PrivateKey = {{private_key}}\n',
  'PrivateKey = {{private_key}}\nMTU = 1280\n'
)
WHERE slug = 'awg2'
  AND output_template LIKE '%PrivateKey = {{private_key}}%'
  AND output_template NOT LIKE '%MTU%';