Support AmneziaWG

Started by Lucid1010, August 05, 2025, 02:50:51 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 05, 2025, 02:50:51 PM
https://docs.amnezia.org/documentation/amnezia-wg/


This is even better than regular Wireguard. I'm really looking forward to its support!
August 05, 2025, 03:54:11 PM #1
Well, it was added and then quickly removed from freebsd:

https://www.freshports.org/net/amneziawg-tools/

https://reviews.freebsd.org/D51265

Not a good start.
Hardware:
DEC740
October 09, 2025, 10:02:36 AM #2
Well, they removed it just to rename the whole thing without "wg" in the name.
Port is available:

https://www.freshports.org/net/amnezia-tools/
https://www.freshports.org/net/amnezia-kmod/

Can it be supported in OPNsense?
October 09, 2025, 01:02:53 PM #3
What should be the scope of "supported in OPNsense"?

As soon as a port exists, you are free to pull the port (e.g. from github) and build the binary via "make build".

Do you mean like offering a prebuilt binary via the package manager? Or even a plugin?

The last two things need somebody who makes an effort.
Hardware:
DEC740
October 29, 2025, 08:59:48 PM #4
What about: https://github.com/antspopov/opnsense_amnezia_plugin (I am not afflifiated with this repo) ? Does it look complete?
October 29, 2025, 09:09:02 PM #5 Last Edit: October 29, 2025, 09:12:06 PM by Monviech (Cedrik)
Whats the benefit of such a wireguard implementation, wouldnt it be better to use something protocol agnostic that can tunnel any protocol through a websocket like:

https://github.com/erebe/wstunnel

https://github.com/erebe/wstunnel?tab=readme-ov-file#wireguard-and-wstunnel-

Hardware:
DEC740
November 13, 2025, 10:35:02 AM #6
Did you manage to get AmneziaWG plug-in installed and working? Curious to know of it is working well.
Deciso DEC850v2
November 26, 2025, 12:07:20 PM #7
Quote from: haemm0r on October 29, 2025, 08:59:48 PMWhat about: https://github.com/antspopov/opnsense_amnezia_plugin (I am not afflifiated with this repo) ? Does it look complete?
Let's hope they implement it.
Wstunnel is fine but no UI is made for it.
November 26, 2025, 12:21:17 PM #8
We need PRs for this we will not implement this ourselves.
Hardware:
DEC740
February 22, 2026, 10:25:25 PM #9
This possibility is very exciting indeed. A WireGuard VPN protocol with features to protect it against DPI is something I can see myself having running around the clock on my Firewall.
February 22, 2026, 10:35:20 PM #10
And why don't you just use Wireguard, if you control the firewall?

As far as I understand AmneziaWG is intentionally circumventing/bypassing corporate firewall and compliance policies. As such I would strongly recommend against including it in OPNsense.

If you control OPNsense just run WG.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
February 22, 2026, 11:55:41 PM #11 Last Edit: Today at 12:07:10 AM by OPNenthu
Quote from: Patrick M. Hausen on February 22, 2026, 10:35:20 PMAnd why don't you just use Wireguard, if you control the firewall?
Because upstream firewalls?

Think: Empire v. Alliance. :)

https://mullvad.net/en/blog/introducing-quic-obfuscation-for-wireguard

(unless I completely misread the purpose of this tool...)

Side note: really unfortunate choice for a project logo, IMO.
N5105 | 8/250GB | 4xi226-V | Community
Today at 12:08:53 AM #12
What upstream firewalls? If they exist there is a reason. If you live in an authoritarian country you should probably use tor. Amnezia will probably allow you to connect but it's not making you anonymous.

I will never promote circumventing a company or school or uni ... firewall.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Print
Go Up Pages1
User actions