infosave
24a6cb276f
Final piece of "connects but no traffic": with the reduced client MTU (1280) the upload direction fits, but full-size download packets (web pages, TLS responses) still exceeded the AmneziaWG tunnel and were dropped — handshake and small packets worked, browsing stalled. Confirmed on a live server: the client's encrypted packets reached the server but large return packets never made it back. Adding a server-side TCP MSS clamp to 1240 (= 1280 - 40) made real traffic flow (verified: 1.6 MiB transferred, FORWARD/MASQUERADE counters incrementing). - VpnClient::addClientToServer(): after applying the peer, idempotently ensure net.ipv4.ip_forward=1 and a `mangle FORWARD ... TCPMSS --set-mss 1240` rule (-C then -A). Re-applied on every client creation, so it survives container restarts/reinstalls and covers adopted native Amnezia containers. - migrations/072 + 064: add the same MSS clamp to the awg2 install script PostUp (and remove it in PostDown) for panel-installed servers. Verified end-to-end: removing the rule and creating a client via the panel re-adds it automatically; the live phone client now browses normally. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Database Migrations
This directory contains SQL migration files that are automatically executed when the database container is first initialized.
Execution Order
Migration files are executed in alphabetical order by MySQL's Docker entrypoint. Files are numbered to ensure correct execution sequence:
001_init.sql- Main database schema and tables002_translations_ru.sql- Russian translations003_translations_es.sql- Spanish translations004_translations_de.sql- German translations005_translations_fr.sql- French translations006_translations_zh.sql- Chinese translations
Adding New Migrations
When creating new migration files:
- Use numerical prefix (e.g.,
007_add_feature.sql) - Ensure the number is higher than existing migrations
- Use descriptive names
- Always use
ON DUPLICATE KEY UPDATEfor INSERT statements to make migrations idempotent
Manual Execution
To manually run migrations in an existing database:
# Single migration
docker compose exec db mysql -uroot -prootpassword amnezia_panel < migrations/001_init.sql
# All migrations in order
for file in migrations/*.sql; do
echo "Executing $file..."
docker compose exec -T db mysql -uroot -prootpassword amnezia_panel < "$file"
done
Regenerating Translation Migrations
To regenerate translation migrations from the current database:
# Export translations for a specific language
docker compose exec -T db mysql -uroot -prootpassword amnezia_panel \
--default-character-set=utf8mb4 \
-e "SELECT CONCAT('(''', language_code, ''', ''', translation_key, ''', ''',
REPLACE(translation_value, '''', ''''''), '''),')
FROM translations WHERE language_code = 'ru' ORDER BY translation_key;" \
| grep -v "CONCAT" > /tmp/translations_ru.sql
# Then wrap with INSERT statement and ON DUPLICATE KEY UPDATE