Add hostName exclusion from routes for AWG/Wireguard

Signed-off-by: Iurii Egorov <ye@amnezia.org>

client/android/wireguard/src/main/kotlin/org/amnezia/vpn/protocol/wireguard/Wireguard.kt

@@ -127,6 +127,8 @@ open class Wireguard : Protocol() {
             }
         }
 
+        configDataJson.getString("hostName").let { excludeRoute(InetNetwork.parse(it)) }
+
         configData["Endpoint"]?.let { setEndpoint(InetEndpoint.parse(it)) }
         configData["PersistentKeepalive"]?.let { setPersistentKeepalive(it.toInt()) }
         configData["PrivateKey"]?.let { setPrivateKeyHex(it.base64ToHex()) }

client/daemon/daemon.cpp

@@ -253,7 +253,7 @@ bool Daemon::parseConfig(const QJsonObject& obj, InterfaceConfig& config) {
 
   if (!obj.contains("deviceMTU") || obj.value("deviceMTU").toString().toInt() == 0)
   {
-    config.m_deviceMTU = 1420;
+    config.m_deviceMTU = 1280;
   } else {
     config.m_deviceMTU = obj.value("deviceMTU").toString().toInt();
 #ifdef Q_OS_WINDOWS
@@ -373,6 +373,10 @@ bool Daemon::parseConfig(const QJsonObject& obj, InterfaceConfig& config) {
     return false;
   }
 
+  if (!obj.value("mtu").isNull()) {
+    config.m_mtu = obj.value("mtu").toString();
+  }
+
   if (!obj.value("Jc").isNull() && !obj.value("Jmin").isNull() 
   && !obj.value("Jmax").isNull() && !obj.value("S1").isNull() 
   && !obj.value("S2").isNull() && !obj.value("H1").isNull() 

client/daemon/interfaceconfig.h

@@ -33,7 +33,7 @@ class InterfaceConfig {
   QString m_serverIpv6AddrIn;
   QString m_dnsServer;
   int m_serverPort = 0;
-  int m_deviceMTU = 1420;
+  int m_deviceMTU = 1280;
   QList<IPAddress> m_allowedIPAddressRanges;
   QStringList m_excludedAddresses;
   QStringList m_vpnDisabledApps;
@@ -41,6 +41,7 @@ class InterfaceConfig {
   QString m_installationId;
 #endif
 
+  QString m_mtu;
   QString m_junkPacketCount;
   QString m_junkPacketMinSize;
   QString m_junkPacketMaxSize;

client/platforms/linux/daemon/wireguardutilslinux.cpp

@@ -18,7 +18,7 @@
 #include "logger.h"
 
 constexpr const int WG_TUN_PROC_TIMEOUT = 5000;
-constexpr const char* WG_RUNTIME_DIR = "/var/run/wireguard";
+constexpr const char* WG_RUNTIME_DIR = "/var/run/amneziawg";
 
 namespace {
 Logger logger("WireguardUtilsLinux");
@@ -103,6 +103,10 @@ bool WireguardUtilsLinux::addInterface(const InterfaceConfig& config) {
     out << "private_key=" << QString(privateKey.toHex()) << "\n";
     out << "replace_peers=true\n";
 
+    if (config.m_mtu != "") {
+      out << "mtu=" << config.m_mtu << "\n";
+    }
+
     if (config.m_junkPacketCount != "") {
         out << "jc=" << config.m_junkPacketCount << "\n";
         out << "jmin=" << config.m_junkPacketMinSize << "\n";

client/platforms/macos/daemon/wireguardutilsmacos.cpp

@@ -16,7 +16,7 @@
 #include "logger.h"
 
 constexpr const int WG_TUN_PROC_TIMEOUT = 5000;
-constexpr const char* WG_RUNTIME_DIR = "/var/run/wireguard";
+constexpr const char* WG_RUNTIME_DIR = "/var/run/amneziawg";
 
 namespace {
 Logger logger("WireguardUtilsMacos");
@@ -101,6 +101,10 @@ bool WireguardUtilsMacos::addInterface(const InterfaceConfig& config) {
   out << "private_key=" << QString(privateKey.toHex()) << "\n";
   out << "replace_peers=true\n";
 
+  if (config.m_mtu != "") {
+    out << "mtu=" << config.m_mtu << "\n";
+  }
+
   if (config.m_junkPacketCount != "") {
     out << "jc=" << config.m_junkPacketCount << "\n";
     out << "jmin=" << config.m_junkPacketMinSize << "\n";

client/protocols/protocols_defs.h

@@ -152,7 +152,7 @@ namespace amnezia
             constexpr char defaultSubnetCidr[] = "24";
 
             constexpr char defaultPort[] = "51820";
-            constexpr char defaultMtu[] = "1420";
+            constexpr char defaultMtu[] = "1280";
             constexpr char serverConfigPath[] = "/opt/amnezia/wireguard/wg0.conf";
             constexpr char serverPublicKeyPath[] = "/opt/amnezia/wireguard/wireguard_server_public_key.key";
             constexpr char serverPskKeyPath[] = "/opt/amnezia/wireguard/wireguard_psk.key";
@@ -168,7 +168,7 @@ namespace amnezia
         namespace awg
         {
             constexpr char defaultPort[] = "55424";
-            constexpr char defaultMtu[] = "1420";
+            constexpr char defaultMtu[] = "1280";
 
             constexpr char serverConfigPath[] = "/opt/amnezia/awg/wg0.conf";
             constexpr char serverPublicKeyPath[] = "/opt/amnezia/awg/wireguard_server_public_key.key";

client/server_scripts/awg/Dockerfile

@@ -1,4 +1,4 @@
-FROM amneziavpn/amnezia-wg:latest
+FROM epamiuriiegorov/awg:latest
 
 LABEL maintainer="AmneziaVPN"
 

client/server_scripts/awg/configure_container.sh

@@ -14,6 +14,7 @@ cat > /opt/amnezia/awg/wg0.conf <<EOF
 PrivateKey = $WIREGUARD_SERVER_PRIVATE_KEY
 Address = $WIREGUARD_SUBNET_IP/$WIREGUARD_SUBNET_CIDR
 ListenPort = $AWG_SERVER_PORT
+MTU = 1280
 Jc = $JUNK_PACKET_COUNT
 Jmin = $JUNK_PACKET_MIN_SIZE
 Jmax = $JUNK_PACKET_MAX_SIZE

client/server_scripts/awg/run_container.sh

@@ -5,7 +5,7 @@ sudo docker run -d \
 --privileged \
 --cap-add=NET_ADMIN \
 --cap-add=SYS_MODULE \
--p $AWG_SERVER_PORT:$AWG_SERVER_PORT/udp \
+-p 443:443 \
 -v /lib/modules:/lib/modules \
 --sysctl="net.ipv4.conf.all.src_valid_mark=1" \
 --name $CONTAINER_NAME \

client/server_scripts/awg/template.conf

@@ -2,6 +2,7 @@
 Address = $WIREGUARD_CLIENT_IP/32
 DNS = $PRIMARY_DNS, $SECONDARY_DNS
 PrivateKey = $WIREGUARD_CLIENT_PRIVATE_KEY
+MTU = 1280
 Jc = $JUNK_PACKET_COUNT
 Jmin = $JUNK_PACKET_MIN_SIZE
 Jmax = $JUNK_PACKET_MAX_SIZE