WireGuard won the modern protocol argument by being small, fast, and boring in the best way. But it was never designed to hide. On networks that use deep packet inspection to find VPN traffic, plain WireGuard is one of the easiest protocols to recognize — and AmneziaWG is the project that set out to fix exactly that, without giving up the things WireGuard does well.

Short answer: AmneziaWG is an open-source fork of WireGuard that keeps the cryptography and the speed but disguises the protocol's recognizable handshake — with junk packets, random padding, and rewritten header bytes — so deep packet inspection can't match it against a WireGuard signature. Same tunnel underneath, different silhouette on the wire.

Key takeaways

  • AmneziaWG is WireGuard plus an obfuscation layer. The encryption, key model, and performance are essentially unchanged.
  • Plain WireGuard has a fixed, fingerprintable handshake — that's how censors block it without decrypting anything.
  • AmneziaWG breaks the fingerprint: junk packets before the handshake, random padding on it, and randomized header values.
  • It is not a cure-all. Blocked server addresses, UDP bans, and allow-list firewalls stop it anyway.
  • On an ordinary network it buys you nothing extra. It matters on networks that actively hunt VPN protocols.

Why plain WireGuard is easy to block

A censor doesn't need to break encryption to block a VPN. It only needs to recognize the protocol, and WireGuard makes that easy because its handshake looks the same every time. The first packet of every WireGuard session is a UDP message of exactly 148 bytes, and its first four bytes are a message-type field that always reads 1 followed by three zeros. The server's reply is exactly 92 bytes, type 2. Every implementation, every connection, everywhere.

That regularity is wonderful for engineers and miserable for anyone behind a national firewall. Inspection hardware pattern-matches the shape — the fixed sizes, the constant type bytes, the rhythm of the exchange — and drops the connection before the tunnel finishes setting up. Everything inside stays encrypted; the outside gives the game away.

This isn't an oversight. The WireGuard project lists traffic obfuscation as an explicit non-goal: the protocol is meant to stay minimal and auditable, and disguise is left to layers built on top. For years that left a gap, because the countries that filter hardest — we walk through how Iran, Russia, and China block VPNs — added WireGuard's signature to their filters early.

AmneziaWG is one answer to that gap.

What AmneziaWG changes

AmneziaWG comes from the team behind Amnezia, an open-source toolkit for self-hosted VPNs, and the easiest way to understand it is as WireGuard wearing a costume. The fork adds a set of configuration parameters that reshape what the connection looks like at exactly the moments inspection systems are watching:

  • Junk packets first (the Jc, Jmin, Jmax parameters). Before the real handshake, the client sends a burst of meaningless random packets of varying sizes. The conversation no longer opens with a tidy 148-byte message.
  • Random padding (S1, S2). The handshake initiation and response get random extra bytes attached, so packet sizes stop matching the known signature.
  • Rewritten headers (H1–H4). The four fixed message-type values that label every WireGuard packet are replaced with values both ends agree on in advance. The telltale 1, 2, 3, 4 never appears on the wire.

Newer releases push the idea further. Version 1.5 added specially crafted opening packets that imitate the first bytes of other protocols, and the 2.0 line that followed in 2026 continues in that direction — the goal shifting from "don't look like WireGuard" to "look like something harmless."

Two details matter in practice. Both ends must share the same parameter values: this is a coordinated costume, carried in the config file, not something a client improvises. And with every obfuscation parameter set to zero, AmneziaWG speaks plain WireGuard — which tells you how thin and surgical the added layer really is.

What stays the same

Underneath the costume, the protocol is untouched. The handshake mathematics, the modern ciphers, the key exchange — all inherited directly from WireGuard rather than reinvented. That's the right call: new obfuscation is cheap to get wrong and fix, while new cryptography is catastrophic to get wrong. A fork that only changes the wrapper keeps WireGuard's small, heavily reviewed core.

Performance holds up too. The junk packets add a little extra data when the connection starts, and after that the tunnel moves traffic the way WireGuard does. If you care how the major protocols compare on speed and battery, we've done that comparison in WireGuard vs OpenVPN vs IKEv2 — and AmneziaWG sits in WireGuard's column, not with the older, heavier options.

Where AmneziaWG still loses

Obfuscation raises the cost of blocking you. It doesn't make blocking impossible, and an honest comparison has to say where the costume doesn't help:

  • Blocked addresses. If a censor has already blacklisted your server's IP, it doesn't matter what your packets look like. Disguise defeats protocol filters, not address lists.
  • UDP bans and throttling. Some networks drop or choke unfamiliar UDP traffic wholesale. AmneziaWG is still UDP; on those networks, tunnels that dress up as ordinary web traffic over TCP take over.
  • Allow-list firewalls. The strictest networks flip the logic: only recognized protocols pass. There, traffic that looks like nothing is itself suspicious, and unrecognizable high-entropy flows get dropped on principle. Looking like noise helps against a blocklist and hurts against an allow-list.
  • The arms race. Censors also measure flow timing, packet-size patterns over time, and how a suspected server responds when poked. Every obfuscation scheme is a moving target, which is why the serious projects keep shipping new versions.

The realistic framing: AmneziaWG makes you expensive to block on networks that filter by protocol signature. Where blocking works by address, by transport, or by allow-list, you need different moves — we map that whole landscape in how a VPN bypasses censorship.

Do you actually need VPN obfuscation?

A question worth asking before reaching for any obfuscated VPN: is your problem actually protocol blocking? On a home connection in most countries, plain WireGuard connects fine, and obfuscation adds moving parts without adding privacy — the encryption is the same either way. The honest test is simple: if a standard VPN connects reliably on your network, you don't need the costume.

Obfuscation earns its keep in specific situations: national firewalls that fingerprint VPN protocols, ISPs that throttle recognized VPN traffic, and some corporate, campus, or hotel networks that block tunnels as a matter of policy. If one of those describes your week, the rest of this comparison is for you. If not, protocol choice — covered in our main comparison — matters more than disguise.

AmneziaWG on iPhone

There are official AmneziaWG apps, including an iOS client. If you rent a server and set it up with the Amnezia tools, you can import a config carrying the obfuscation parameters and be done. For people comfortable managing a server and keeping parameters in sync, it's a genuinely good route — and our Shadowsocks vs VPN comparison covers the proxy-shaped alternatives in the same self-hosting spirit.

Most people don't want to run infrastructure to read the internet, and shouldn't have to. The practical alternative is a VPN whose app applies obfuscation for you, with both ends managed by the same provider.

Snap VPN is built that way. The tunnel itself is WireGuard, and on top of it we apply obfuscation techniques of our own, shaping the connection so it doesn't present a textbook VPN signature to inspection systems. We deliberately keep the wire-level details out of our documentation — published disguises are the first ones added to filters — but the principle is the one AmneziaWG proves: keep WireGuard's engineering, change what the network sees. There's nothing to configure and no account to create.

Frequently asked questions

Is AmneziaWG the same as WireGuard? It's a fork. The cryptography and tunnel behavior are WireGuard's; what changes is how packets look on the wire — junk packets, padding, and randomized headers replace the recognizable signature. With those parameters zeroed out, it behaves like standard WireGuard.

Is AmneziaWG slower than WireGuard? Not meaningfully. The obfuscation adds a small amount of data at connection setup, and steady-state speed is in line with plain WireGuard — the encryption doing the actual work is identical.

Can DPI still detect AmneziaWG? It can try, and sometimes succeeds. Obfuscation removes the easy signature match, but censors can still block server addresses, throttle UDP, or flag traffic they can't classify at all. Treat it as a strong move in an ongoing arms race, not immunity.

Does AmneziaWG work on iPhone? Yes — there's an official iOS app, and your config's obfuscation parameters have to match the server's exactly. If you'd rather not manage that yourself, the alternative is a VPN app with obfuscation built in.

Bottom line

  • WireGuard is easy to block because its handshake looks identical everywhere; encryption hides the contents, not the protocol's outline.
  • AmneziaWG keeps WireGuard's cryptography and speed, and randomizes exactly the parts inspection systems match on.
  • It wins against protocol filters; it doesn't beat IP blocklists, UDP bans, or allow-list firewalls.
  • Self-hosting it on iPhone works via the official app. The low-effort path is a VPN that ships obfuscation as part of the product.

If you want WireGuard's speed with the obfuscation already handled — no server to rent, no parameters to sync, no account and no traffic logs — Snap VPN is on the App Store.