From January 7, Russia will completely ban VPN
Each service in Amnesia is called a container – this is because in Amnesia everything is packaged in Docker containers.
The name of the container indicates which port/protocol it has, for example, the OpenVPN container will open only one OpenVPN port (TCP or UDP depending on the choice during configuration). And you can connect to this container from the outside only through OpenVPN.
The same with the ShadowSocks container – only the ShadowSocks port sticks out. But inside this container there are already two protocols OpenVPN and ShadowSocks. That is, you can connect to this container simply with the ShadowSocks protocol, or with a bunch of OpenVPN over ShadowSocks.
TCP / 443 sticks out in the Cloak container, to which you can only connect through Cloak, you understand. And inside there is already a whole zoo, in addition to Cloak, both OpenVPN and ShadowSocks live. Accordingly, for VPN to work through this container, you need to connect with a bunch of OpenVPN over Cloak or ShadowSocks over Cloak. And it doesn’t matter if you connect with Amnesia itself, or with another client that supports such a bundle, for example, the official ShadowSocks client with the Cloak plugin connected.
A little tricky? Perhaps yes, but it creates flexibility. A list of supported containers can be found here, right in the turnip. You can read these scripts, and make sure that Amnesia does not do anything extra, and maybe even give us recommendations on how to improve them!
About config export
Amnezia has a feature, and it lies in the fact that the user can connect to a configured VPN server not only using Amnezia.
We are making a free universal tool, you can, for example, set up an Amnesia OpenVPN container, export the config for OpenVPN, and connect to it using a regular OpenVPN client by loading the generated config into it.
The same is true for all other containers, but in the case of the Cloak container, for example, you will need to get very confused to set up a bunch of OpenVPN over Cloak or ShadowSocks over Cloak yourself.
However, this is what we gave a year ago to users from Turkmenistan and Iran. And to our surprise, there were many enthusiasts who started setting up ShadowSocks over Cloak on mobile devices in this way. Recall that Amnesia for Android and iOS does not yet support connection via these bundles, we are working hard on it, it will be soon, and it will be a gun!
About OpenVPN
At the moment, Amnezia has the most complete support for the OpenVPN protocol – it works on AmneziaVPN clients for all supported platforms – Windows/MacOS/Linux/Android/iOS.
Good old OpenVPN will still give heat. And that’s why.
A little higher, I already mentioned that support was made for OpenVPN Pluggable Transport. And this means that we can hang any masking plugins on it. And not only can we do it, we have already started doing it, made a prototype, and we are embedding this OpenVPN with PT support into Amnesia.
And this, in turn, means that we will have full VPN masking for mobile devices – for Android and for iOS. In short, on mobile platforms everything is strict with VPN and access to system functions, so it’s not possible to simply launch two processes directly – OpenVPN separately and a separate plugin, as it works on desktop platforms.
Our roadmap is as follows: add OpenVPN with Pluggable Transport support, finish with a bunch of OpenVPN over Cloak for mobile platforms, then add support v2rayand then, if there is enough strength, time and resources, to make support wstunnel and other tools that will be in demand and relevant.
About Cloak
Some services, such as TOR, provide the ability to obfuscate traffic, they use a utility such as obfs4. It seemed to us that this is not a very modern utility, and the level of masking that can be achieved with obfs4 is not the highest…
Therefore, initially our choice fell on Cloak. The main feature of Cloak is that you can set up a donor site in it, under which Cloak will disguise itself, which makes blocking very difficult.
It works like this – even if the DPI equipment knocks on the server where the user has installed his VPN, then in response the DPI system will receive directly the content of the site that is predefined in Cloak. For example, you can set Habr.com there, and DPI will think that users are reading habr news, although at that moment they are sitting through a hidden VPN tunnel in the forbidden Book of Faces, Mockingbird and other devilish sites, RKN forbid me to write their names.
Cool? We think so! This is certainly not a panacea, this scheme can be burned on invalid certificates, but so far even the Great Chinese itself cannot cope with such a disgrace.
Say thanks Andy Wangfor this wonderful tool! If anything – all the arrows are on it, we just collected several utilities from the Internet into one application, isn’t it forbidden yet?
About WireGuard
And we do it too. Not everyone is lucky enough to live in countries where there is a need to use the coolest and most sophisticated VPN masking tools. We haven’t had any luck yet either, and WireGuard is still running, and all sorts of different knee VPN services using WG are working. It’s fast, it doesn’t drain the battery on mobile devices much, so for now it works – and glory God RKN.
AmneziaVPN only supports WireGuard on Windows/Android/iOS. Soon we will finish it for MacOS, and a little later for Linux.
About other VPN protocols
We generally have Napoleonic plans, we want Amnesia to be able to use all VPN protocols. We started adding support for IKEv2, while it only works on Windows.
We also managed to embed into Amnesia a container with a DNS server, a container with file storage, and even a container into which, in one click, raises a website in the TOR network with customized WordPress. Just don’t write and don’t ask why it’s all there, the most important thing is that it works!
And is it safe?
The first thing I would like to remind you is that AmneziaVPN is an open source project, that is, all our configuration scripts, all library forks and much more, all this can be found in our repository at GitHub.
The most important event in the life of the project was the fact that in the summer of 2022 AmneziaVPN passed a full independent security audit by the company 7ASecurity supported by Open Technology Fund. As a result of the check, various levels of vulnerabilities were found, which were successfully closed in the same year, updates were released. Details of the verification can be found in the official press releaseor read directly report in pdf format.
In other words, AmneziaVPN is now an established project that you can trust.
Where is Amnesia VPN available?
For desktop platforms, Windows/MacOS/Linux – distributions can be downloaded directly from the releases of our GitHub repository
On iOS, connection is currently available only via WireGuard and OpenVPN (without masking, work is underway on it). You can download directly from AppStore.
On Android, in addition to supporting OpenVPN and WireGuard, connection via Shadowsocks is supported. The app has been available for a long time play market.
Amnesia Free
By the way, for easy access to the Book of Faces, Mirror, Mockingbird, Jellyfish and all other media like CBB, NNC, we have created Telegram bot, which gives configs for WireGuard to everyone and just curious. To use it, it will ask for a subscription to our Telegram news channel AmnesiaNews, then it will issue a config and instructions on how to set up a VPN. Oh, by the way, it’s powered by WireGuard, so… let’s not panic while it’s still running.
A-A-A WHAT TO DO
If you do not pay attention to the strengthening of blocking (and everything else), then you can suddenly find yourself the hero of the famous meme “Hold the banana, take the TV, save the bear, throw me and climb into the closet”, or some other meme, but also most likely with banana.
Here is a brief guide to Internet survival in the face of tightening blocking.
Check out the list of tools that help bypass hard blocks. Let’s write them together here, I’ll start – this is of course AmnesiaVPNand also Tor, Lantern, psiphon, Ceno… write in the comments who knows what other services.
Install at least a couple of such applications, play around with them, it’s better to do it now, while it’s easy and simple. When the Internet is blocked, things can get a lot more complicated. Well, or to your taste, you can go through this quest later, at an increased difficulty level. For example, like Turkmen freelancers. Or in general, at the level of difficulty “Adept Juche“, when to bypass the blocking you need to literally bypass it on your own two feet.
Just do not forget about your inalienable right to freedom of thought, to freedom of access to information, to other points of view. If you look at the same picture for several minutes, it then stands before your eyes for a few more seconds, interrupting the real image. If you look at the same picture of the world through the screen for years, you will not see reality for a long time through the veil of thoughts that seem to be your own… © Mazai Banzaev.