Yes, enabling the AmneziaWG protocol on an already deployed AmneziaVPN self-hosted server requires specific steps. While AmneziaWG is based on WireGuard, it includes additional obfuscation features, and its setup involves more than just switching protocols. Here's a comprehensive guide:

Compatibility and Prerequisites

Before proceeding, ensure your server meets these requirements:

• Operating System: Linux (Ubuntu 22.04 or Debian 11/12 are recommended).
• Processor Architecture: x86-64.
• Virtualization: KVM.
• IPv4 Address: Required for server communication.
• RAM: At least 1 GB (2 GB recommended). Note that limited RAM may restrict available protocols.
• Kernel Version: Ensure your kernel is version 5.6 or higher.
• AmneziaVPN Version: Use the latest version of AmneziaVPN. Check with amnezia --version.

Verify your server details by connecting via SSH:

ssh user@your-server-ip -p port-number

Then, check your OS version, RAM, and virtualization:

lsb_release -a
free -h
systemd-detect-virt

Ensure your system is up-to-date:

sudo apt update
sudo apt upgrade -y

Installation of AmneziaWG

AmneziaWG is based on WireGuard but includes enhanced obfuscation. Here are the steps to install it:

1. Install Required Packages:

   sudo apt install -y wireguard-tools git

2. Clone the AmneziaWG Repository:

   git clone https://github.com/Amnezia-vpn/amnezia-wg.git
   cd amnezia-wg

3. Run the Installation Script:

   sudo bash install.sh

   This script handles the installation of necessary drivers and configurations.

Allow traffic routing:

sudo sysctl -w net.ipv4.ip_forward=1
sudo sysctl -w net.ipv6.conf.all.forwarding=1

Reboot your system to apply changes:

sudo reboot

Configuration of AmneziaWG

After installation, generate the main AmneziaWG configuration files:

1. Create a New Directory:

   sudo mkdir /etc/amnezia-wg

2. Generate the Main AWG Config:

   sudo bash generate-config.sh

3. Generate Client Configs:

   sudo bash generate-client-configs.sh

4. Add New Clients:

   Edit the main configuration file to add new clients:

   sudo nano /etc/amnezia-wg/config.yaml

5. Generate Client Configs and QR Codes:

   sudo bash generate-client-configs.sh

Start the AmneziaWG tunnel interface:

sudo wg-quick up amnezia-wg

Check the status:

sudo wg show

Alternative Configuration Method

Alternatively, you can enable AmneziaWG by modifying the AmneziaVPN configuration directly:

1. Navigate to the AmneziaVPN Installation Directory:

   cd /opt/amnezia

2. Open the Protocol Configuration File:

   nano /opt/amnezia/config/protocols.json

3. Add or Modify the AmneziaWG Block:

   If it doesn't exist, add the following block:

   {
       "protocol": "AmneziaWG",
       "enabled": true,
       "port": 51820,
       "obfuscation": true
   }

   • port: The UDP port used by AmneziaWG. Ensure this port is open in your firewall.
   • obfuscation: Set to true to enable traffic obfuscation.
4. Save and Exit the File.
5. Restart AmneziaVPN Services:

   systemctl restart amnezia

6. Check the Status:

   systemctl status amnezia

Firewall Configuration

Ensure the necessary ports are open in your firewall. AmneziaWG typically uses UDP port 51820.

Check existing rules:

ufw status

Allow UDP traffic on port 51820:

ufw allow 51820/udp

Reload firewall rules:

ufw reload

Connecting Clients

1. Copy Client Configs:

   scp /etc/amnezia-wg/client-configs/my_amneziawg_client1.conf user@client-machine:/path/to/config

2. Connect to AmneziaWG:

   On your client machine, use the WireGuard client to connect to the AmneziaWG server:

   wg-quick up my_amneziawg_client1

Alternatively, you can generate a configuration file or QR code from the AmneziaVPN client, then import it on your device.

Verifying AmneziaWG Functionality

To confirm AmneziaWG is working correctly:

• Check server logs:

  journalctl -u amnezia

  Look for entries indicating successful connections.

• Verify traffic obfuscation using a DPI testing tool.

Additional Notes

• Troubleshooting: If the connection fails, check server logs and firewall rules.
• Updating AmneziaVPN: Keep AmneziaVPN updated:

  apt update && apt install amnezia -y

• Manual Protocol Configuration: If needed, you can configure the VPN protocol manually during the setup process.

Summary

Enabling the AmneziaWG protocol on your self-hosted AmneziaVPN server involves ensuring compatibility, installing necessary packages, configuring the protocol, and setting up client connections. This process ensures a secure and obfuscated VPN connection.

For further assistance, consult the Amnezia Documentation.