wenil/amneziavpnphp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3562d8950a8b0ef9890c32b55c1cd4a53979cdfc
amneziavpnphp/migrations/051_fix_awg_fresh_install.sql
T
infosave2007 ddaf9360be fix(awg): fix AWG Advanced install script - create container before generating keys 
- Container now starts FIRST with docker run, then wg genkey is called inside it
- After config creation, explicitly reload wg0 interface with 'ip link del wg0' + 'wg-quick up'
- This ensures AWG obfuscation parameters (Jc, S1, S2, H1-H4) are applied to kernel
- Removed duplicate 'amnezia-xray' protocol from migration 047
2026-01-27 14:46:38 +03:00

156 lines
6.0 KiB
SQL
Raw Blame History

-- Fix AWG Advanced install script: create container BEFORE generating keys
-- The issue was that the script tried to call docker exec wg genkey before the container existed
UPDATE protocols SET
install_script = '#!/bin/bash
set -euo pipefail
CONTAINER_NAME="${CONTAINER_NAME:-amnezia-awg}"
PORT_RANGE_START=${PORT_RANGE_START:-30000}
PORT_RANGE_END=${PORT_RANGE_END:-65000}
VPN_PORT=${VPN_PORT:-$((RANDOM % (PORT_RANGE_END - PORT_RANGE_START + 1) + PORT_RANGE_START))}
MTU=${MTU:-1420}
mkdir -p /opt/amnezia/awg
# Check if container exists and is running
container_running() {
docker inspect --format="{{.State.Running}}" "$CONTAINER_NAME" 2>/dev/null | grep -q true
}
# Clean up broken configs
if [ -f /opt/amnezia/awg/wg0.conf ]; then
if grep -q "PRIVATE_KEY" /opt/amnezia/awg/wg0.conf 2>/dev/null; then
rm -f /opt/amnezia/awg/wg0.conf
fi
if grep -Eiq "^S3[[:space:]]*=" /opt/amnezia/awg/wg0.conf 2>/dev/null; then
rm -f /opt/amnezia/awg/wg0.conf
fi
if grep -Eiq "^H[1-4][[:space:]]*=[[:space:]]*0x" /opt/amnezia/awg/wg0.conf 2>/dev/null; then
rm -f /opt/amnezia/awg/wg0.conf
fi
if grep -Eiq "^H1[[:space:]]*=[[:space:]]*1$" /opt/amnezia/awg/wg0.conf 2>/dev/null; then
rm -f /opt/amnezia/awg/wg0.conf
fi
fi
# If valid config exists, just ensure container is running
if [ -f /opt/amnezia/awg/wg0.conf ]; then
echo "Found existing configuration"
VPN_PORT=$(grep -E "^ListenPort" /opt/amnezia/awg/wg0.conf | cut -d= -f2 | tr -d " " || echo "$VPN_PORT")
if ! container_running; then
docker rm -f "$CONTAINER_NAME" 2>/dev/null || true
docker run -d --name "$CONTAINER_NAME" --restart always --privileged --cap-add=NET_ADMIN --cap-add=SYS_MODULE -p "${VPN_PORT}:${VPN_PORT}/udp" -v /lib/modules:/lib/modules -v /opt/amnezia/awg:/opt/amnezia/awg amneziavpn/amnezia-wg:latest sh -c "wg-quick up /opt/amnezia/awg/wg0.conf && sleep infinity"
sleep 3
# Force reload interface to apply AWG params
docker exec "$CONTAINER_NAME" ip link del wg0 2>/dev/null || true
docker exec "$CONTAINER_NAME" wg-quick up /opt/amnezia/awg/wg0.conf
fi
PUBKEY=$(cat /opt/amnezia/awg/wireguard_server_public_key.key 2>/dev/null || echo "")
PSK=$(cat /opt/amnezia/awg/wireguard_psk.key 2>/dev/null || echo "")
JC=$(grep -E "^Jc" /opt/amnezia/awg/wg0.conf | cut -d= -f2 | tr -d " ")
JMIN=$(grep -E "^Jmin" /opt/amnezia/awg/wg0.conf | cut -d= -f2 | tr -d " ")
JMAX=$(grep -E "^Jmax" /opt/amnezia/awg/wg0.conf | cut -d= -f2 | tr -d " ")
S1=$(grep -E "^S1" /opt/amnezia/awg/wg0.conf | cut -d= -f2 | tr -d " ")
S2=$(grep -E "^S2" /opt/amnezia/awg/wg0.conf | cut -d= -f2 | tr -d " ")
H1=$(grep -E "^H1" /opt/amnezia/awg/wg0.conf | cut -d= -f2 | tr -d " ")
H2=$(grep -E "^H2" /opt/amnezia/awg/wg0.conf | cut -d= -f2 | tr -d " ")
H3=$(grep -E "^H3" /opt/amnezia/awg/wg0.conf | cut -d= -f2 | tr -d " ")
H4=$(grep -E "^H4" /opt/amnezia/awg/wg0.conf | cut -d= -f2 | tr -d " ")
echo "Using existing AmneziaWG configuration"
echo "Variable: server_port=$VPN_PORT"
echo "Variable: server_public_key=$PUBKEY"
echo "Variable: preshared_key=$PSK"
echo "Variable: container_name=$CONTAINER_NAME"
echo "Variable: Jc=$JC"
echo "Variable: Jmin=$JMIN"
echo "Variable: Jmax=$JMAX"
echo "Variable: S1=$S1"
echo "Variable: S2=$S2"
echo "Variable: H1=$H1"
echo "Variable: H2=$H2"
echo "Variable: H3=$H3"
echo "Variable: H4=$H4"
exit 0
fi
# FRESH INSTALL
echo "Starting fresh AmneziaWG Advanced installation..."
# Remove old container if exists
docker rm -f "$CONTAINER_NAME" 2>/dev/null || true
# Start container FIRST so we can use wg tools inside it
docker run -d --name "$CONTAINER_NAME" --restart always --privileged --cap-add=NET_ADMIN --cap-add=SYS_MODULE -p "${VPN_PORT}:${VPN_PORT}/udp" -v /lib/modules:/lib/modules -v /opt/amnezia/awg:/opt/amnezia/awg amneziavpn/amnezia-wg:latest sh -c "while [ ! -f /opt/amnezia/awg/wg0.conf ]; do sleep 1; done; wg-quick up /opt/amnezia/awg/wg0.conf && sleep infinity"
sleep 3
# Generate keys using the container
PRIVATE_KEY=$(docker exec "$CONTAINER_NAME" wg genkey)
PUBLIC_KEY=$(echo "$PRIVATE_KEY" | docker exec -i "$CONTAINER_NAME" wg pubkey)
PRESHARED_KEY=$(docker exec "$CONTAINER_NAME" wg genpsk)
# Generate random obfuscation parameters
JC=$((RANDOM % 8 + 3))
JMIN=50
JMAX=$((RANDOM % 500 + 500))
S1=$((RANDOM % 150 + 50))
S2=$((RANDOM % 150 + 50))
H1=$(od -vAn -N4 -tu4 < /dev/urandom | tr -d " ")
H2=$(od -vAn -N4 -tu4 < /dev/urandom | tr -d " ")
H3=$(od -vAn -N4 -tu4 < /dev/urandom | tr -d " ")
H4=$(od -vAn -N4 -tu4 < /dev/urandom | tr -d " ")
# Create config file
cat > /opt/amnezia/awg/wg0.conf << WGCONF
[Interface]
PrivateKey = $PRIVATE_KEY
Address = 10.8.1.1/24
ListenPort = $VPN_PORT
MTU = $MTU
Jc = $JC
Jmin = $JMIN
Jmax = $JMAX
S1 = $S1
S2 = $S2
H1 = $H1
H2 = $H2
H3 = $H3
H4 = $H4
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
WGCONF
# Save keys
echo "$PRIVATE_KEY" > /opt/amnezia/awg/wireguard_server_private_key.key
echo "$PUBLIC_KEY" > /opt/amnezia/awg/wireguard_server_public_key.key
echo "$PRESHARED_KEY" > /opt/amnezia/awg/wireguard_psk.key
echo "[]" > /opt/amnezia/awg/clientsTable
# Restart container and explicitly reload WG interface to apply AWG params
docker restart "$CONTAINER_NAME"
sleep 2
# CRITICAL: Force reload interface to apply AWG obfuscation parameters
docker exec "$CONTAINER_NAME" ip link del wg0 2>/dev/null || true
docker exec "$CONTAINER_NAME" wg-quick up /opt/amnezia/awg/wg0.conf
sleep 1
echo "AmneziaWG Advanced installed successfully"
echo "Variable: server_port=$VPN_PORT"
echo "Variable: server_public_key=$PUBLIC_KEY"
echo "Variable: preshared_key=$PRESHARED_KEY"
echo "Variable: container_name=$CONTAINER_NAME"
echo "Variable: Jc=$JC"
echo "Variable: Jmin=$JMIN"
echo "Variable: Jmax=$JMAX"
echo "Variable: S1=$S1"
echo "Variable: S2=$S2"
echo "Variable: H1=$H1"
echo "Variable: H2=$H2"
echo "Variable: H3=$H3"
echo "Variable: H4=$H4"
'
WHERE slug = 'amnezia-wg-advanced';
Reference in New Issue View Git Blame Copy Permalink