WireGuard is blocked by DPI in 10+ countries now. AmneziaWG 2.0 is a fork that makes the traffic look like random noise - DPI can’t tell it apart from normal UDP. Same crypto under the hood, negligible speed overhead.
I wrote an installer that handles the whole setup in one command on a clean Ubuntu/Debian VPS - kernel module, firewall, hardening, client configs with QR codes. Pure bash, no dependencies, runs on any $3/month box. MIT license.
Been running it from Russia where stock WireGuard stopped working mid-2025.
Fair question. When the H1-H4 thing happened, my first thought was “why didn’t the tests catch this?” - because there wasn’t a test for it. Now there is.
I use bats - 85 tests in 10 files. The H1-H4 fix got its own test_h_ranges.bats with 10 cases, including an INT32_MAX boundary check that runs 20 iterations. All scripts also pass shellcheck with zero warnings.
Every release gets tested on a fresh VPS - Ubuntu 24.04 and Debian 13, full install through both reboots, then every manage command. For bigger changes I get a second pair of eyes on the code - that’s how we caught a restore function not enforcing 600 perms on key files before it shipped.
No CI yet though - tests run locally and on the VPS, not on every push. GitHub Actions is next. The ARM PR (#43) is already adding CI for the ARM builds, so it’s a good time to wire up x86_64 too.
Glad to see this! And thanks for getting back to me.
Btw, is there a presence for the project on Mastodon? I’d like to follow along on new stuff in this space. Or even an RSS feed that can be pulled by a bot on Mastodon?