WireGuard is blocked or throttled in Russia, China, Iran, UAE, Turkmenistan, and a bunch of other countries. If yours stopped working — you can replace it with AmneziaWG 2.0 in about 5 minutes. Same WireGuard speed, same crypto, but the traffic looks like random noise to DPI.
No Linux skills needed. Three commands and you're done.
What You Need
- A clean VPS — any $3-5/month server works (1 GB RAM is plenty)
- Ubuntu 24.04 / 25.10 or Debian 12 / 13 on that server
- SSH access — your provider gives you an IP, login, and password
Don't have a VPS yet? Grab one from Hetzner, DigitalOcean, Vultr, or wherever — just make sure the datacenter is outside your country. Cheapest tier is fine.
Step 1 — Install (3 commands)
SSH into your server and run:
wget https://raw.githubusercontent.com/bivlked/amneziawg-installer/main/install_amneziawg_en.sh
chmod +x install_amneziawg_en.sh
sudo bash ./install_amneziawg_en.sh
The installer asks a few questions (port, subnet, number of clients) — defaults work for most setups. Hit Enter through them or use --yes for fully automatic mode:
sudo bash ./install_amneziawg_en.sh --yes
It reboots twice (kernel updates). Just re-run the same script after each reboot — it picks up where it left off. Whole thing takes about 5 minutes.
Step 2 — Connect Your Devices
After installation, you'll find client config files in /root/awg/:
-
.conffiles — import into any AmneziaWG client -
.pngfiles — QR codes, scan from your phone -
.vpnurifiles — one-tap import for Amnezia VPN app
Which client to use:
| Platform | Client | Link |
|---|---|---|
| All platforms | Amnezia VPN (recommended) | Download |
| Windows | AmneziaWG | Download |
| Android | AmneziaWG | Google Play |
| iOS | AmneziaWG | App Store |
| Android (FOSS) | WG Tunnel | F-Droid / GitHub |
Quickest way: Install Amnezia VPN on your phone, scan the QR code. Done.
Step 3 — Verify
Open a browser and go to ifconfig.me. If you see your server's IP instead of your home IP — you're on the VPN.
On the server:
sudo awg show awg0
Look for latest handshake under your peer — if it shows a recent timestamp, you're good.
Managing Clients
Need to add a phone, laptop, or share access with someone?
# Add a new client
sudo bash /root/awg/manage_amneziawg.sh add my_laptop
# Give someone temporary access (auto-expires)
sudo bash /root/awg/manage_amneziawg.sh add guest --expires=7d
# See who's connected and how much traffic they used
sudo bash /root/awg/manage_amneziawg.sh stats
# Remove a client
sudo bash /root/awg/manage_amneziawg.sh remove guest
# List all clients
sudo bash /root/awg/manage_amneziawg.sh list
Each add generates a new .conf + QR code + vpn:// URI.
What's Running Under the Hood
The installer sets up AmneziaWG 2.0 — a WireGuard fork that randomizes packet headers, adds padding, and sends decoy packets before the handshake. DPI can't fingerprint it because every server speaks its own "dialect" of the protocol.
It runs as a kernel module (not the slower userspace Go implementation), so you get near-WireGuard speeds. The crypto is identical — Curve25519, ChaCha20-Poly1305, same as stock WireGuard.
The installer also hardens the server — UFW firewall with deny-all policy, Fail2Ban, and some kernel/network tuning.
I wrote a detailed breakdown of how the obfuscation works here.
Links
- ⭐ amneziawg-installer on GitHub — star it if it helped you
- Amnezia VPN Client
- AmneziaWG 2.0 Docs
Router firmware with AWG support:
- AWG Manager — Keenetic
- AmneziaWG for Merlin — ASUS
Hit a problem? Open an issue or drop a comment below.
Top comments (0)