Shell script to get a configuration file from a vpn:// URL.

Marek Küthe 5e3bde2772 Add more AmneziaFree bots 2 miesięcy temu
.woodpecker bf06e2e21f Fix CI 3 miesięcy temu
LICENSE 7730e9ac2e Initial commit 3 miesięcy temu
README.md 5e3bde2772 Add more AmneziaFree bots 2 miesięcy temu
get_amnezia_free.sh abdf02225d Add check for wg 3 miesięcy temu

README.md

get_amnezia_free

Shell script to get a configuration file from a vpn:// URL.

Amnezia Free

Telegram Bots to get Amnezia Free:

Usage

$./get_amnezia_free.sh vpn://...
Config version: 1.0
VPN name: AmneziaFree RU
VPN description: AmneziaFree for Russia
VPN protocol: awg
API endpoint: ???
API key: ???
Generate WireGuard keys...
WireGuard private key: [REDACTED]
WireGuard public key: ???
Register new client with the API server...
Create temporary file...
Temporary file: ???
Delete temporary file...
DNS 1: 1.0.0.1
DNS 2: 1.1.1.1
Hostname: ???d
Default container: amnezia-awg
Containers:
	Container type: amnezia-awg
Configuration #1 saved in amneziafree-ru.conf.

In the directory in which the script was executed, you will now receive a file with the name of received VPN name and the file extension .conf. If there are several awg containers, a numbering -2, -3, ... is added before the file extension.

Protocol

The protocol for requesting the configuration data consists of several steps. First, however, a private and a corresponding public WireGuard key are generated locally - the Amnezia Free Server therefore does not know my secret key at any time.

To extract the data such as API endpoint and API key, first the beginning vpn:// is cut off and the result is base64-decoded. Then you get JSON data with the corresponding information. Next, you can send a POST request to the API endpoint. The content type application/json and the authentication in the form of Authorization: Api-Key $api_key are passed as additional HTTP headers. JSON data is specified as the payload. This consists of a single key-value mapping. The only key used is public_key. The corresponding value is the WireGuard public key previously generated locally. JSON data is returned as the response. The only value in this is a vpn://-URI. Here again vpn:// is truncated and the whole thing is base64-decoded. However, this time you do not get JSON data, but binary data. These are compressed with zlib-deflate. To decompress the data, the first four bytes are cut off (these serve as QT6 compression headers, but are unnecessary in our case) and the remaining data is recompressed. The result is JSON data again. This contains all the information required to create a configuration file.

"Fan Facts":

  • The actual WireGuard configuration is once again encoded in JSON. This means that JSON data is encoded in a JSON string. Strange.
  • Amnezia Free does not support IPv6.