Support AmneziaWG

Started by Lucid1010, August 05, 2025, 02:50:51 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
February 23, 2026, 11:20:00 AM #15
Maybe I misinterpreted the link in the OP?

The things it discusses seem to have more to do with punching through for access purposes (avoiding VPN blocks) rather than anonymity.  Tor is solving a different problem, no?
N5105 | 8/250GB | 4xi226-V | Community

https://www.youtube.com/watch?v=XI9NG068TwI
February 23, 2026, 11:39:26 AM #16
Yes, but in which scenario would you legitimately need to punch holes through a firewall that not also asks for anonymity?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
February 23, 2026, 12:16:05 PM #17 Last Edit: February 23, 2026, 12:17:59 PM by OPNenthu
Either when fear of repercussion is low (no real consequence of getting around a block) or in high numbers (a country in revolution/protest all accessing information together).  In some cases I guess getting information can be more important than hiding the fact, especially if Tor can be blocked.

In typical situations, I think I agree with you.  Most casual VPN users probably desire some level of anonymity or at least blocking data collection from a network operator (maybe some people are employed by their ISP, for example).

I'm reaching a bit here, but I'm trying :)
N5105 | 8/250GB | 4xi226-V | Community

https://www.youtube.com/watch?v=XI9NG068TwI
February 23, 2026, 12:46:15 PM #18
Quote from: OPNenthu on February 23, 2026, 12:16:05 PMMost casual VPN users probably desire some level of anonymity or at least blocking data collection from a network operator

The funny thing is that at least in the EU your ISP is way more trustworthy than any so called "VPN provider". With a commercial "VPN" you hand all your communication metadata to a single entity, frequently a company located not in the EU. While your ISP is bound by GDPR and strong consumer protection laws and all hell will break loose should they ever get caught sniffing.

For me a VPN is something where I control both ends. Hence the quotes (") above.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
February 23, 2026, 05:14:13 PM #19
Quote from: Patrick M. Hausen on February 23, 2026, 12:46:15 PMThe funny thing is that at least in the EU your ISP is way more trustworthy than any so called "VPN provider". With a commercial "VPN" you hand all your communication metadata to a single entity, frequently a company located not in the EU. While your ISP is bound by GDPR and strong consumer protection laws and all hell will break loose should they ever get caught sniffing.
Actually there is no right choice there :

- VPN Company = Often someone you don't really know...
Even tho I know that at least two of them are "serious bastards" when it comes to their demands when they rent their servers from a hosting company : Private Internet Access and Mullvad.
- You can't trust your ISP either because (at least in The Netherlands) they are forced to allow the Police/Government to sniff/monitor their network whenever they want...

So the only option left is maybe some Server or VPS hosted in a country your own country has no connections to and host your own VPN there... hopefully...

The whole Tor VPN thing is also one big unknown for most people so even there the question is if you can trust it...



#WeAreAllSooScrewed!!! ^_^
Weird guy who likes everything Linux and *BSD on PC/Laptop/Tablet/Mobile and funny little ARM based boards :)
March 31, 2026, 07:18:50 PM #20
I would very much like to see AmneziaWG included in OPNsense. It seems like an ideal alternative to the openvpn XOR patch which is no longer supported.

Personally I need VPN obfuscation to avoid aggressive throttling when connecting to my home network from outside.
April 08, 2026, 09:28:18 AM #21
I made some comments from a project perspective here https://github.com/opnsense/tools/pull/504

I'm not opposed, but I'm missing a commitment that this is "the next best thing" since wireguard brought upon us the kernel module madness (if anyone remembers why hiring the wrong guy is not a good idea) and the fact that someone will have to write and review a plugin too. That's a big commitment/promise IMO and I think a bit late to the party...


Cheers,
Franco
April 10, 2026, 04:08:04 PM #22
Take the UAE as an example. VPN is allowed IF you use it for legitimate reasons.
The problem is that most hotels and mobile providers block VPNs.
I would see this as a fallback if standard WG isn't working.
April 12, 2026, 06:21:10 PM #23
Admins and developers who don't prioritize privacy or censorship resistance may not find this significant.

However, government and ISP censorship is intensifying not only in Russia and the EU but across many other nations as well.

I earnestly hope that os-amneziawg will be developed and implemented as an official OPNsense plugin, just like os-wireguard.
April 12, 2026, 06:31:52 PM #24 Last Edit: April 12, 2026, 06:34:26 PM by Monviech (Cedrik)
It would be better to wrap wireguard inside something that is independant from it, like wstunnel.

https://github.com/erebe/wstunnel

Everything that alters and ships wireguard directly is very inflexible and technical debt once DPIs got a hang of it too.

The more widespread and mainstream such an obfuscation technique becomes the more likely it will be blocked as well in time.

Better to be able to change the technique independantly from the tunneling protocol in the long run.

Also, wstunnel seems sponsored by an NL company.
Hardware:
DEC740
Today at 03:11:33 AM #25 Last Edit: Today at 05:01:18 AM by OPNenthu
Quote from: Lucid1010 on April 12, 2026, 06:21:10 PMAdmins and developers who don't prioritize privacy or censorship resistance may not find this significant.

Tools have a place and it's good to have options (whether in OPNsense or not), but we should be clear that resistance is a political process.  Just evading blocks isn't going to effect meaningful change.
N5105 | 8/250GB | 4xi226-V | Community

https://www.youtube.com/watch?v=XI9NG068TwI
Today at 08:12:34 AM #26
This isn't about tools or politics.

When OpenVPN XOR patch was needed 10 years ago OpenVPN upstream declined to use the extension. FreeBSD ports maintainer reluctantly added it and tried to kill it every chance he got, too. The patch was rather small and controllable and completely optional.  You could use it from the advanced parameters found in the OpenVPN legacy GUI. We gladly kept it in OPNsense and defended it in FreeBSD ports as long as we could.

Fast forward 10 years and now we're asking:

Kernel module that can potentially crash the whole system or take it over. A toolkit to configure it. A user-space alternative that WireGuard itself abandoned years ago. And there is no plugin that was written yet... looking at the evolution of WireGuard plugin that is a lot of work to be made by someone, too.  Then somebody will drop an AI generated plugin as becoming customary nowadays. Is that really the way to go?

So I'm asking for a commitment here, because it's asking a lot of the project. WireGuard was rough (with community plugin being the first few years), NetBird and Tailscale do work but I don't particularly enjoy the complexity and the plugins IMO need a lot more work (including documentation). I just don't see that happening here and adding another hoping this one will do it will not help either.

Again, nothing against it, but it needs a committment from someone and then they are asking for a commitment on review and keeping it afloat when bugs arise from the community and us.



Cheers,
Franco
Today at 09:13:48 AM #27
Understood and thanks, though my last post wasn't arguing for inclusion.  The arguments against are convincing enough :)
N5105 | 8/250GB | 4xi226-V | Community

https://www.youtube.com/watch?v=XI9NG068TwI
Today at 02:51:04 PM #28
Print
Go Up Pages 1 2
User actions