From nobody Sun Aug 10 01:27:54 2025 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4c00Wn6Xxbz64rf2; Sun, 10 Aug 2025 01:28:05 +0000 (UTC) (envelope-from eduardo@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4c00Wn605tz3qQJ; Sun, 10 Aug 2025 01:28:05 +0000 (UTC) (envelope-from eduardo@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1754789285; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=n3xPdwzso02MZXTmd3EkR43z4oFH3K3gChrgxyxN1mM=; b=IKjqG2qSeEU2X/NiHEY9zWGwwa0yVqQzk8CK/nwpcOcrkAEwOY/dJHVpwsvZRCmaw+ko4m Z02F7th4t7qqDCrfx6RfqjNRPAQb3U57ot8ZbtXw3lTgZS6JPgal3M6ztk3f9OIZqmTZXl wDJgb/BMFXynwechjkEXTc8no0w7DT3VPz8L55uw4QWKqPI4Ucq8n1SqD0ip24+I6+Eyms gTsHyC8V4w/LecJa+jMlV/WDwbVj4SR+64E54ay+BagGeo1W/bZ4aMmEloD9+Kg6uLNkHi hiSRc2DbHBLQwkVjFwi6Gn3XGdShXROiE6cPzJpsx5naZkjwUkAHGXLnzrtdAQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1754789285; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=n3xPdwzso02MZXTmd3EkR43z4oFH3K3gChrgxyxN1mM=; b=TSd+xk/0kRK9BzJVT7rjn9E6Snmg82gVlcjQqgYfJ8K3s63bBX1+5YO3aieVFwnLv9fUGX yoz+HG3TUbZedt2JTdwuMMfFhF+0Tr4hHnxyvWN8gPZkgj2kCXCCnA+x2cgmVzm7oV70ZZ QnNXg618rfieGblmLY9ATn27g+o2PmlZyqA2ndDh8rCEq4pMWCpvF/dI59JRvdLQfb/3AV r5jVP84GylBNLmfJJmqcwI2olZz9Wsk0klpvJ+ZBwqvinM/BpkbqF33FqfYB77Ezv/7+Dd gj1GsQJkVkmszoYajtZ/vmq4eIAK8c6FZJ73U67BhWfHlmdWgB8HlN7CBSKBRQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1754789285; a=rsa-sha256; cv=none; b=JSCqLVLb06HGmBWH/eEFlU11bmWz1dHRHOzMN/zJuBcCjVvu8sKBy8mdeg7+HxUwnDj6RO Wj5eU2horxHj/kCgIOB0HPYc+MSi759mpKx1AEGzbe2LXElQkO+Yj0tmBBcyiMtltHu8kv TPYcEmzhlOQUJoBZs6IzWMtBAfPu8P5BHJW3NuUKUnm7rvGycUCFMCuN2q9cEMm083FOg+ zNF0U+niqoDIvndP8UvrnqQb/PLpnlBhiSvpMoxwD9w/n3TQ/5ckNLxQF7liZA3SnJLQo5 A46Gpkgw266BLtAfha8sKWiJEw+WRGeDnqIzXWy5pF71d4IRVFYhQtOsTYgBUw== Received: from mail-qt1-f170.google.com (mail-qt1-f170.google.com [209.85.160.170]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) (Authenticated sender: eduardo) by smtp.freebsd.org (Postfix) with ESMTPSA id 4c00Wn5DNnz5r0; Sun, 10 Aug 2025 01:28:05 +0000 (UTC) (envelope-from eduardo@freebsd.org) Received: by mail-qt1-f170.google.com with SMTP id d75a77b69052e-4b0632ae199so7483021cf.1; Sat, 09 Aug 2025 18:28:05 -0700 (PDT) X-Forwarded-Encrypted: i=1; AJvYcCWWV1G2lUNDZ4ykiCf4Zais3XkkVGckdsr7Z945LBCDGQWSgfSSTAZB437CEBf/eqyk5C15rmKWagNABCTE1Nck6+pPFu267g==@freebsd.org, AJvYcCWYRDV5s49rAgBQUDw+48+H/xWd64MX5nSoA+IV/9eIj780+R/Aj24UgimjUGALj7jVMJg9bGjOTT/pBbSTduBX7AfrnEE=@freebsd.org X-Gm-Message-State: AOJu0Yy1jId5SXa/Cv5qI8WJAgdF2ob+VT7Oii7RAEP3C/SXwAcgTKkd FaMWv38hLZuYqstgai/Tq0YegoGOonIvnTX7tYRrwWYSAfZ/dOJ2uVP9tek0hgyK5SXoikqO8EL +gls3BKaMYJNUS/B5tKbc0S6sFhYHcQg= X-Google-Smtp-Source: AGHT+IEx4j5nwhrWKVr3OEwwRDRpFmmGEFio5flzqXJTg2bFLSMYZ1Xyv023qo52DfGqtsPvv2jkMNbrnGW5kHGDO3c= X-Received: by 2002:a05:622a:1997:b0:4ab:5d26:db88 with SMTP id d75a77b69052e-4b0bec0e824mr35488371cf.3.1754789285107; Sat, 09 Aug 2025 18:28:05 -0700 (PDT) List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-ports-main@freebsd.org Sender: owner-dev-commits-ports-main@FreeBSD.org MIME-Version: 1.0 References: <202508092137.579LbgRi037426@gitrepo.freebsd.org> In-Reply-To: <202508092137.579LbgRi037426@gitrepo.freebsd.org> From: Nuno Teixeira Date: Sun, 10 Aug 2025 02:27:54 +0100 X-Gmail-Original-Message-ID: X-Gm-Features: Ac12FXy6rCEWsbL2wewp9KGfyroxvF5gXfasinukkoFzmNxubhWhxPctmXW4PP4 Message-ID: Subject: Re: git: c90e6c2d0308 - main - net/amnezia-tools: Improve port To: Vladimir Druzenko Cc: ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org, dev-commits-ports-main@freebsd.org Content-Type: multipart/alternative; boundary="000000000000fe9faa063bf8b79d" --000000000000fe9faa063bf8b79d Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hello, MASTER_SITES should be removed since USE_GITHUB is fetching. Cheers, Vladimir Druzenko escreveu (s=C3=A1bado, 9/08/2025 =C3=A0= (s) 22:37): > The branch main has been updated by vvd: > > URL: > https://cgit.FreeBSD.org/ports/commit/?id=3Dc90e6c2d0308cfb17ebdb543f1c09= 1fcbc10e7f0 > > commit c90e6c2d0308cfb17ebdb543f1c091fcbc10e7f0 > Author: Vova > AuthorDate: 2025-08-09 21:31:32 +0000 > Commit: Vladimir Druzenko > CommitDate: 2025-08-09 21:36:38 +0000 > > net/amnezia-tools: Improve port > > - Move "-tools" from PORTNAME to PKGNAMESUFFIX. > - Properly use PREFIX and ETCDIR. > - Add shebangfix. > - Make portclippy happy. > - Fix manpages. > - Fix bash completion. > > PR: 288730 > Co-authored-by: Vladimir Druzenko > --- > net/amnezia-tools/Makefile | 26 +-- > net/amnezia-tools/distinfo | 6 +- > net/amnezia-tools/files/amnezia.in | 7 +- > net/amnezia-tools/files/patch-man_wg-quick.8 | 204 > +++++++++++++++++++++ > net/amnezia-tools/files/patch-man_wg.8 | 140 +++++++++++++- > .../files/patch-wg-quick_freebsd.bash | 2 +- > 6 files changed, 364 insertions(+), 21 deletions(-) > > diff --git a/net/amnezia-tools/Makefile b/net/amnezia-tools/Makefile > index 2c15bcdb024f..f017fea7b5e1 100644 > --- a/net/amnezia-tools/Makefile > +++ b/net/amnezia-tools/Makefile > @@ -1,8 +1,10 @@ > -PORTNAME=3D amnezia-tools > -PORTVERSION=3D 1.0.20241018 > -PORTREVISION=3D 1 > +PORTNAME=3D amnezia > +DISTVERSIONPREFIX=3D v > +DISTVERSION=3D 1.0.20241018 > +PORTREVISION=3D 2 > CATEGORIES=3D net net-vpn > MASTER_SITES=3D https://github.com/amnezia-vpn/amneziawg-tools/ > +PKGNAMESUFFIX=3D -tools > > MAINTAINER=3D vova@zote.me > COMMENT=3D Fast, modern and secure VPN Tunnel with AmneziaVPN > anti-detection > @@ -12,27 +14,29 @@ LICENSE=3D GPLv2 > > RUN_DEPENDS=3D bash:shells/bash > > -USES=3D gmake > +USES=3D gmake shebangfix > USE_GITHUB=3D yes > GH_ACCOUNT=3D amnezia-vpn > GH_PROJECT=3D amneziawg-tools > -GH_TAGNAME=3D v${PORTVERSION} > +USE_RC_SUBR=3D ${PORTNAME} > + > +SHEBANG_FILES=3D wg-quick/freebsd.bash > > -WRKSRC_SUBDIR=3D src > MAKE_ARGS+=3D DEBUG=3Dno WITH_BASHCOMPLETION=3Dyes WITH_SYSTEMDUNITS= =3Dno > MAKE_ENV+=3D MANDIR=3D"${PREFIX}/share/man" \ > SYSCONFDIR=3D"${PREFIX}/etc" > > -USE_RC_SUBR=3D amnezia > - > -.include > +WRKSRC_SUBDIR=3D src > > post-patch: > - @${REINPLACE_CMD} -e 's|wg s|awg s|g' \ > + @${REINPLACE_CMD} -e 's|wg s|awg s|g; \ > + s|/usr/local/etc/wireguard|${ETCDIR}|' \ > ${WRKSRC}/completion/wg-quick.bash-completion > + @${REINPLACE_CMD} -e 's|%%ETCDIR%%|${ETCDIR}|' \ > + ${WRKSRC}/wg-quick/freebsd.bash > > post-install: > - @${RMDIR} ${STAGEDIR}${PREFIX}/etc/amnezia/amneziawg > + @${RMDIR} ${STAGEDIR}${ETCDIR}/amneziawg > ${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/awg > > .include > diff --git a/net/amnezia-tools/distinfo b/net/amnezia-tools/distinfo > index 3703c8bf36a2..4121ea84aa23 100644 > --- a/net/amnezia-tools/distinfo > +++ b/net/amnezia-tools/distinfo > @@ -1,3 +1,3 @@ > -TIMESTAMP =3D 1744661306 > -SHA256 > (amnezia-vpn-amneziawg-tools-1.0.20241018-v1.0.20241018_GH0.tar.gz) =3D > 60f1cec1774fb871a2d8dc24e4f731625516d90f663d6e0d2c77d9247222f2f9 > -SIZE (amnezia-vpn-amneziawg-tools-1.0.20241018-v1.0.20241018_GH0.tar.gz) > =3D 156259 > +TIMESTAMP =3D 1754646104 > +SHA256 (amnezia-vpn-amneziawg-tools-v1.0.20241018_GH0.tar.gz) =3D > 60f1cec1774fb871a2d8dc24e4f731625516d90f663d6e0d2c77d9247222f2f9 > +SIZE (amnezia-vpn-amneziawg-tools-v1.0.20241018_GH0.tar.gz) =3D 156259 > diff --git a/net/amnezia-tools/files/amnezia.in b/net/amnezia-tools/files= / > amnezia.in > index 11a5daf89861..98010c013bdb 100644 > --- a/net/amnezia-tools/files/amnezia.in > +++ b/net/amnezia-tools/files/amnezia.in > @@ -17,7 +17,7 @@ > # (default: > "if_amn", "" - no module) > # > # amnezia_confdirs (str): Directory to store the configuration file= s. > -# (default: > "/usr/local/etc/amnezia") > +# (default: > "%%ETCDIR%%") > > . /etc/rc.subr > > @@ -33,7 +33,6 @@ status_cmd=3D"${name}_status" > amnezia_start() > { > kmod=3D${amnezia_kmod:-if_amn} > - ${amnezia_confdirs:+eval export > AWG_QUICK_CONFIG_SEARCH_PATHS=3D"$amnezia_confdirs"} > ${amnezia_env:+eval export $amnezia_env} > [ -n "${kmod}" ] && kldstat -q -n ${kmod} || kldload -n ${kmod} > > @@ -76,6 +75,8 @@ load_rc_config $name > : ${amnezia_interfaces=3D""} > : ${amnezia_env=3D""} > : ${amnezia_kmod=3D"if_amn"} > -: ${amnezia_confdirs=3D"/usr/local/etc/amnezia"} > +: ${amnezia_confdirs=3D"%%ETCDIR%%"} > + > +${amnezia_confdirs:+eval export > AWG_QUICK_CONFIG_SEARCH_PATHS=3D"$amnezia_confdirs"} > > run_rc_command "$1" > diff --git a/net/amnezia-tools/files/patch-man_wg-quick.8 > b/net/amnezia-tools/files/patch-man_wg-quick.8 > new file mode 100644 > index 000000000000..96d988cf7162 > --- /dev/null > +++ b/net/amnezia-tools/files/patch-man_wg-quick.8 > @@ -0,0 +1,204 @@ > +--- man/wg-quick.8.orig 2024-10-01 13:02:42 UTC > ++++ man/wg-quick.8 > +@@ -1,10 +1,10 @@ > +-.TH WG-QUICK 8 "2016 January 1" ZX2C4 "WireGuard" > ++.TH AWG-QUICK 8 "2025 August 8" AWG "AmneziaWG" > + > + .SH NAME > +-wg-quick - set up a WireGuard interface simply > ++awg-quick - set up a WireGuard interface simply > + > + .SH SYNOPSIS > +-.B wg-quick > ++.B awg-quick > + [ > + .I up > + | > +@@ -13,6 +13,8 @@ wg-quick - set up a WireGuard interface simply > + .I save > + | > + .I strip > ++| > ++.I reload > + ] [ > + .I CONFIG_FILE > + | > +@@ -31,9 +33,9 @@ with all > + runs pre/post down scripts. Running \fIsave\fP saves the configuration > of an existing > + interface without bringing the interface down. Use \fIstrip\fP to outpu= t > a configuration file > + with all > +-.BR wg-quick (8)-specific > ++.BR awg-quick (8)-specific > + options removed, suitable for use with > +-.BR wg (8). > ++.BR awg (8). > + > + \fICONFIG_FILE\fP is a configuration file, whose filename is the > interface name > + followed by `.conf'. Otherwise, \fIINTERFACE\fP is an interface name, > with configuration > +@@ -41,24 +43,24 @@ Generally speaking, this utility is just a simple sc= ri > + search paths. > + > + Generally speaking, this utility is just a simple script that wraps > invocations to > +-.BR wg (8) > ++.BR awg (8) > + and > +-.BR ip (8) > +-in order to set up a WireGuard interface. It is designed for users with > simple > ++.BR ifconfig (8) > ++in order to set up a AmneziaWG interface. It is designed for users with > simple > + needs, and users with more advanced needs are highly encouraged to use = a > more > + specific tool, a more complete network manager, or otherwise just use > +-.BR wg (8) > ++.BR awg (8) > + and > +-.BR ip (8), > ++.BR route (8), > + as usual. > + > + .SH CONFIGURATION > + > + The configuration file adds a few extra configuration values to the > format understood by > +-.BR wg (8) > ++.BR awg (8) > + in order to configure additional attributes of an interface. It handles > the > + values that it understands, and then it passes the remaining ones > directly to > +-.BR wg (8) > ++.BR awg (8) > + for further processing. > + > + It infers all routes from the list of peers' allowed IPs, and > automatically adds > +@@ -67,7 +69,7 @@ to handle overriding of the default gateway. > + .BR ip-rule (8) > + to handle overriding of the default gateway. > + > +-The configuration file will be passed directly to \fBwg\fP(8)'s `setcon= f' > ++The configuration file will be passed directly to \fBawg\fP(8)'s > `setconf' > + sub-command, with the exception of the following additions to the > \fIInterface\fP section, > + which are handled by this tool: > + > +@@ -102,9 +104,29 @@ interface is removed will therefore be overwritten. > + SaveConfig \(em if set to `true', the configuration is saved from the > current state of the > + interface upon shutdown. Any changes made to the configuration file > before the > + interface is removed will therefore be overwritten. > ++.IP \(bu > ++Description \(em will setup interface description visible in ifconfig > and SNMP. > ++.IP \(bu > ++UserLand \(em enforce to use amnezia-go instead of kernel driver, you > can use > ++\fBamnezia-wireguard-go\fP to install it. > ++.IP \(bu > ++Routes \(em list of routes for the peer to be installed into FIB - that > option provides a way to have AllowedIPs list wider then routes installed= . > Empty list is allowed. > ++That is useful if routing protocol will work over the link. > ++But remember that internal wireguard routing will happen according to > AllowedIPs anyway. > ++Suggested use in case dynamic route - one interface -> one link. > ++.IP \(bu > ++Monitor default route change \(em do not run `route monitor` when there > is no need to do anything on default > ++change. That will help to avoid keeping two bashes and one route binari= es > ++per interface always. > ++Default value is true. > ++.IP \(bu > ++Track DNS Changes \(em if peer endpoint defined as a hostname - > periodically (timeout in seconds) > ++check if hostname was changed, and if changed update peer endpoint > according > ++to new hostname. Quite useful in case of DDNS configurations. > ++Default values is 0, disabled. > + > + .P > +-Recommended \fIINTERFACE\fP names include `wg0' or `wgvpn0' or even > `wgmgmtlan0'. > ++Recommended \fIINTERFACE\fP names include `amn0' or `awg0'. > + However, the number at the end is in fact optional, and really > + any free-form string [a-zA-Z0-9_=3D+.-]{1,15} will work. So even interf= ace > names corresponding > + to geographic locations would suffice, such as `cincinnati', `nyc', or > `paris', if that's > +@@ -113,9 +135,9 @@ These examples draw on the same syntax found for > + .SH EXAMPLES > + > + These examples draw on the same syntax found for > +-.BR wg (8), > ++.BR awg (8), > + and a more complete description may be found there. Bold lines below ar= e > for options that extend > +-.BR wg (8). > ++.BR awg (8). > + > + The following might be used for connecting as a client to a VPN gateway > for tunneling all > + traffic: > +@@ -151,15 +173,15 @@ two lines `PostUp` and `PreDown` lines to the > `[Interf > + to prevent the flow of unencrypted packets through the non-WireGuard > interfaces, by adding the following > + two lines `PostUp` and `PreDown` lines to the `[Interface]` section: > + > +- \fBPostUp =3D iptables -I OUTPUT ! -o %i -m mark ! --mark $(wg show= %i > fwmark) -m addrtype ! --dst-type LOCAL -j REJECT\fP > ++ \fBPostUp =3D iptables -I OUTPUT ! -o %i -m mark ! --mark $(awg sho= w > %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT\fP > + .br > +- \fBPreDown =3D iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg sho= w > %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT\fP > ++ \fBPreDown =3D iptables -D OUTPUT ! -o %i -m mark ! --mark $(awg sh= ow > %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT\fP > + .br > + > + The `PostUp' and `PreDown' fields have been added to specify an > + .BR iptables (8) > + command which, when used with interfaces that have a peer that specifie= s > 0.0.0.0/0 as part of the > +-`AllowedIPs', works together with wg-quick's fwmark usage in order to > drop all packets that > ++`AllowedIPs', works together with awg-quick's fwmark usage in order to > drop all packets that > + are either not coming out of the tunnel encrypted or not going through > the tunnel itself. (Note > + that this continues to allow most DHCP traffic through, since most DHCP > clients make use of PF_PACKET > + sockets, which bypass Netfilter.) When IPv6 is in use, additional > similar lines could be added using > +@@ -168,7 +190,7 @@ Or, perhaps it is desirable to store private keys in= e > + Or, perhaps it is desirable to store private keys in encrypted form, > such as through use of > + .BR pass (1): > + > +- \fBPreUp =3D wg set %i private-key <(pass WireGuard/private-keys/%i= )\fP > ++ \fBPreUp =3D awg set %i private-key <(pass > WireGuard/private-keys/%i)\fP > + .br > + > + For use on a server, the following is a more complicated example > involving multiple peers: > +@@ -242,36 +264,43 @@ in the filename: > + These configuration files may be placed in any directory, putting the > desired interface name > + in the filename: > + > +-\fB # wg-quick up /path/to/wgnet0.conf\fP > ++\fB # awg-quick up amn0\fP > + > ++or > ++ > ++\fB # awg-quick up /path/to/amn0.conf\fP > ++ > + For convenience, if only an interface name is supplied, it automaticall= y > chooses a path in > + `/etc/wireguard/': > + > +-\fB # wg-quick up wgnet0\fP > ++\fB # awg-quick up amn0\fP > + > + This will load the configuration file `/etc/wireguard/wgnet0.conf'. > + > + The \fIstrip\fP command is useful for reloading configuration files > without disrupting active > + sessions: > + > +-\fB # wg syncconf wgnet0 <(wg-quick strip wgnet0)\fP > ++\fB # awg syncconf amn0 <(awg-quick strip amn)\fP > + > ++or > ++ > ++\fB # awg-quick reload amn0\fP > ++ > ++ > + .SH SEE ALSO > +-.BR wg (8), > +-.BR ip (8), > +-.BR ip-link (8), > +-.BR ip-address (8), > +-.BR ip-route (8), > +-.BR ip-rule (8), > +-.BR resolvconf (8). > ++.BR awg (8), > ++.BR ifconfig (8), > ++.BR route (8), > + > + .SH AUTHOR > ++.B awg-quick > ++based on > + .B wg-quick > + was written by > + .MT Jason@zx2c4.com > + Jason A. Donenfeld > + .ME . > + For updates and more information, a project page is available on the > +-.UR https://\:www.wireguard.com/ > ++.UR https://\:github.com/amnezia-vpn/amneziawg-tools/ > + World Wide Web > + .UE . > diff --git a/net/amnezia-tools/files/patch-man_wg.8 > b/net/amnezia-tools/files/patch-man_wg.8 > index ab226a3cc1e7..87e018ff2856 100644 > --- a/net/amnezia-tools/files/patch-man_wg.8 > +++ b/net/amnezia-tools/files/patch-man_wg.8 > @@ -1,15 +1,60 @@ > --- man/wg.8.orig 2024-10-01 13:02:42 UTC > +++ man/wg.8 > -@@ -55,7 +55,7 @@ by \fICONFIGURATION FILE FORMAT\fP below. > +@@ -1,10 +1,10 @@ > +-.TH WG 8 "2015 August 13" ZX2C4 "WireGuard" > ++.TH AWG 8 "2025 August 8" AWG "AmneziaWG" > + > + .SH NAME > +-wg - set and retrieve configuration of WireGuard interfaces > ++awg - set and retrieve configuration of WireGuard interfaces > + > + .SH SYNOPSIS > +-.B wg > ++.B awg > + [ > + .I COMMAND > + ] [ > +@@ -15,17 +15,15 @@ wg - set and retrieve configuration of WireGuard int= er > + > + .SH DESCRIPTION > + > +-.B wg > ++.B awg > + is the configuration utility for getting and setting the configuration = of > + WireGuard tunnel interfaces. The interfaces themselves can be added and > removed > + using > +-.BR ip-link (8) > ++.BR ifconfig (8) > + and their IP addresses and routing tables can be set using > +-.BR ip-address (8) > +-and > +-.BR ip-route (8). > ++.BR route (8). > + The > +-.B wg > ++.B awg > + utility provides a series of sub-commands for changing WireGuard-specif= ic > + aspects of WireGuard interfaces. > + > +@@ -36,7 +34,7 @@ Sub-commands that take an INTERFACE must be passed a W > + .SH COMMANDS > + > + .TP > +-\fBshow\fP { \fI\fP | \fIall\fP | \fIinterfaces\fP } > [\fIpublic-key\fP | \fIprivate-key\fP | \fIlisten-port\fP | \fIfwmark\fP = | > \fIpeers\fP | \fIpreshared-keys\fP | \fIendpoints\fP | \fIallowed-ips\fP = | > \fIlatest-handshakes\fP | \fIpersistent-keepalive\fP | \fItransfer\fP | > \fIdump\fP] > ++\fBshow\fP { \fI\fP | \fIall\fP | \fIinterfaces\fP } > [\fIpublic-key\fP | \fIprivate-key\fP | \fIlisten-port\fP | \fIfwmark\fP = | > \fIpeers\fP | \fIpreshared-keys\fP | \fIendpoints\fP | \fIallowed-ips\fP = | > \fIlatest-handshakes\fP | \fIpersistent-keepalive\fP | \fItransfer\fP | > \fIdump\fP | \fIjc\fP | \fIjmin\fP | \fIjmax\fP | \fIs1\fP | \fIs2\fP | > \fIh1\fP | \fIh2\fP | \fIh3\fP | \fIh4\fP] > + Shows current WireGuard configuration and runtime information of > specified \fI\fP. > + If no \fI\fP is specified, \fI\fP defaults to > \fIall\fP. > + If \fIinterfaces\fP is specified, prints a list of all WireGuard > interfaces, > +@@ -55,7 +53,7 @@ by \fICONFIGURATION FILE FORMAT\fP below. > Shows the current configuration of \fI\fP in the format > described > by \fICONFIGURATION FILE FORMAT\fP below. > .TP > -\fBset\fP \fI\fP [\fIlisten-port\fP \fI\fP] > [\fIfwmark\fP \fI\fP] [\fIprivate-key\fP \fI\fP] > [\fIpeer\fP \fI\fP [\fIremove\fP] [\fIpreshared-key\fP > \fI\fP] [\fIendpoint\fP \fI:\fP] > [\fIpersistent-keepalive\fP \fI\fP] [\fIallowed-ips\fP > \fI/\fP[,\fI/\fP]...] ]... > -+\fBset\fP \fI\fP [\fIlisten-port\fP \fI\fP] > [\fIfwmark\fP \fI\fP] [\fIprivate-key\fP \fI\fP] > [\fIpeer\fP \fI\fP [\fIremove\fP] [\fIpreshared-key\fP > \fI\fP] [\fIendpoint\fP \fI:\fP] > [\fIpersistent-keepalive\fP \fI\fP] [\fIallowed-ips\fP > \fI[+|-]/\fP[,\fI[+|-]/\fP]...] ]... > ++\fBset\fP \fI\fP [\fIlisten-port\fP \fI\fP] > [\fIfwmark\fP \fI\fP] [\fIprivate-key\fP \fI\fP] [\fIj= c > ]\fP [\fI]\fP [\fIjmax \fP] [\fIs1 \fP] [\fIs2 > \fP] [\fIh1\fP] [\fIh2

\fP] [\fIh3

\fP] [\fIh4

\fP] > [\fIpeer\fP \fI\fP [\fIremove\fP] [\fIpreshared-key\fP > \fI\fP] [\fIendpoint\fP \fI:\fP] > [\fIpersistent-keepalive\fP \fI\fP] [\fIallowed-ips\fP > \fI[+|-]/\fP[,\fI[+|-]/\fP]...] ]... > Sets configuration values for the specified \fI\fP. Multiple > \fIpeer\fPs may be specified, and if the \fIremove\fP argument is given > for a peer, that peer is removed, not configured. If \fIlisten-port\fP > -@@ -72,7 +72,11 @@ If \fIallowed-ips\fP is specified, but the value is t= h > +@@ -72,7 +70,11 @@ If \fIallowed-ips\fP is specified, but the value is t= h > it adds an additional layer of symmetric-key cryptography to be mixed > into > the already existing public-key cryptography, for post-quantum > resistance. > If \fIallowed-ips\fP is specified, but the value is the empty string, a= ll > @@ -22,3 +67,92 @@ > is optional and is by default off; setting it to 0 or "off" disables it= . > Otherwise it represents, in seconds, between 1 and 65535 inclusive, how > often > to send an authenticated empty packet to the peer, for the purpose of > keeping > +@@ -119,11 +121,52 @@ A private key and a corresponding public key may b= e > ge > + .br > + $ umask 077 > + .br > +- $ wg genkey | tee private.key | wg pubkey > public.key > ++ $ awg genkey | tee private.key | awg pubkey > public.key > + .TP > + \fBhelp\fP > + Shows usage message. > + > ++.SH AMNEZIA OPTIONS > ++Configuration options to be use in order to bypass DPI filters, these > options appears in > ++\fBshow\fP, \fBset\fP, \fBsetconf\fP, \fBaddconf\fP commands. > ++ > ++.TP > ++\fBjc\fP > ++Number of junk packets before handshake. > ++.br > ++1=E2=80=93128 (recomended 3=E2=80=9310) > ++ > ++.TP > ++\fBjmin\fP > ++Minimum size of junk packets. > ++.br > ++jmin: < jmax (recomended ~ 8) > ++ > ++.TP > ++\fBjmax\fP > ++Maximum size of junk packets. > ++.br > ++jmax: =E2=89=A4 1280 (recomended ~ 80) > ++ > ++.TP > ++\fBs1\fP > ++Size of handshake initiation packet prepend junk. Should be the same on > both ends. > ++.br > ++0=E2=80=931132 (recomended 15=E2=80=93150), s1 + 56 =E2=89=A0 s2 > ++ > ++.TP > ++\fBs2\fP > ++Size of handshake response packet prepend junk. Should be the same on > both ends. > ++.br > ++0=E2=80=931188 (recomended 15=E2=80=93150), s1 + 56 =E2=89=A0 s2 > ++ > ++.TP > ++\fBh1-h4\fP > ++Custom identifiers for initiation/response/cookie/data packets. Should > be the same on both ends. > ++.br > ++The unique value in range of 5 - 4,294,967,295 (0x5 - 0xFFFFFFFF), h1 != =3D > h2 !=3D h3 !=3D h4 > ++ > ++ > + .SH CONFIGURATION FILE FORMAT > + The configuration file format is based on \fIINI\fP. There are two top > level sections > + -- \fIInterface\fP and \fIPeer\fP. Multiple \fIPeer\fP sections may be > specified, but > +@@ -224,7 +267,7 @@ on a per-interface basis by using > + on a per-interface basis by using > + .BR ifconfig (1): > + > +-\fB # ifconfig wg0 debug > ++\fB # ifconfig amn0 debug\fP > + > + On userspace implementations, it is customary to set the \fILOG_LEVEL\f= P > environment variable to \fIverbose\fP. > + > +@@ -240,19 +283,18 @@ If set to an integer or to \fIinfinity\fP, DNS > resolut > + If set to an integer or to \fIinfinity\fP, DNS resolution for each > peer's endpoint will be retried that many times for non-permanent errors, > with an increasing delay between retries. If unset, the default is 15 > retries. > + > + .SH SEE ALSO > +-.BR wg-quick (8), > +-.BR ip (8), > +-.BR ip-link (8), > +-.BR ip-address (8), > +-.BR ip-route (8). > ++.BR awg-quick (8), > ++.BR ifconfig (8), > ++.BR route (8). > + > + .SH AUTHOR > ++awg based on > + .B wg > +-was written by > ++that was written by > + .MT Jason@zx2c4.com > + Jason A. Donenfeld > + .ME . > + For updates and more information, a project page is available on the > +-.UR https://\:www.wireguard.com/ > ++.UR https://\:github.com/amnezia-vpn/amneziawg-tools/ > + World Wide Web > + .UE . > diff --git a/net/amnezia-tools/files/patch-wg-quick_freebsd.bash > b/net/amnezia-tools/files/patch-wg-quick_freebsd.bash > index f130e5f49a6d..6d218f256182 100644 > --- a/net/amnezia-tools/files/patch-wg-quick_freebsd.bash > +++ b/net/amnezia-tools/files/patch-wg-quick_freebsd.bash > @@ -26,7 +26,7 @@ > } > > -CONFIG_SEARCH_PATHS=3D( /etc/amnezia/amneziawg > /usr/local/etc/amnezia/amneziawg ) > -+CONFIG_SEARCH_PATHS=3D( > ${AWG_QUICK_CONFIG_SEARCH_PATHS:-/usr/local/etc/amnezia} ) > ++CONFIG_SEARCH_PATHS=3D( ${AWG_QUICK_CONFIG_SEARCH_PATHS:-%%ETCDIR%%} ) > > unset ORIGINAL_TMPDIR > make_temp() { > --=20 Nuno Teixeira FreeBSD UNIX: Web: https://FreeBSD.org --000000000000fe9faa063bf8b79d Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hello,

MASTER_SITES should b= e removed since USE_GITHUB is fetching.

Cheers,

Vladimir Druzenko <= vvd@freebsd.org> escreveu (s=C3=A1bado, 9/08/2025 =C3=A0(s) 22:37):<= br>
The branch main = has been updated by vvd:

URL: https://cgi= t.FreeBSD.org/ports/commit/?id=3Dc90e6c2d0308cfb17ebdb543f1c091fcbc10e7f0

commit c90e6c2d0308cfb17ebdb543f1c091fcbc10e7f0
Author:=C2=A0 =C2=A0 =C2=A0Vova <vova@fbsd.ru>
AuthorDate: 2025-08-09 21:31:32 +0000
Commit:=C2=A0 =C2=A0 =C2=A0Vladimir Druzenko <vvd@FreeBSD.org>
CommitDate: 2025-08-09 21:36:38 +0000

=C2=A0 =C2=A0 net/amnezia-tools: Improve port

=C2=A0 =C2=A0 - Move "-tools" from PORTNAME to PKGNAMESUFFIX.
=C2=A0 =C2=A0 - Properly use PREFIX and ETCDIR.
=C2=A0 =C2=A0 - Add shebangfix.
=C2=A0 =C2=A0 - Make portclippy happy.
=C2=A0 =C2=A0 - Fix manpages.
=C2=A0 =C2=A0 - Fix bash completion.

=C2=A0 =C2=A0 PR:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0288730
=C2=A0 =C2=A0 Co-authored-by: Vladimir Druzenko <vvd@FreeBSD.org>
---
=C2=A0net/amnezia-tools/Makefile=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0|=C2=A0 26 +--
=C2=A0net/amnezia-tools/distinfo=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0|=C2=A0 =C2=A06 +-
=C2=A0net/amnezia-tools/files/amnezia.in=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0|=C2=A0 =C2=A07 +-
=C2=A0net/amnezia-tools/files/patch-man_wg-quick.8=C2=A0 =C2=A0 =C2=A0 =C2= =A0| 204 +++++++++++++++++++++
=C2=A0net/amnezia-tools/files/patch-man_wg.8=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0| 140 +++++++++++++-
=C2=A0.../files/patch-wg-quick_freebsd.bash=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 |=C2=A0 =C2=A02 +-
=C2=A06 files changed, 364 insertions(+), 21 deletions(-)

diff --git a/net/amnezia-tools/Makefile b/net/amnezia-tools/Makefile
index 2c15bcdb024f..f017fea7b5e1 100644
--- a/net/amnezia-tools/Makefile
+++ b/net/amnezia-tools/Makefile
@@ -1,8 +1,10 @@
-PORTNAME=3D=C2=A0 =C2=A0 =C2=A0 amnezia-tools
-PORTVERSION=3D=C2=A0 =C2=A01.0.20241018
-PORTREVISION=3D=C2=A0 1
+PORTNAME=3D=C2=A0 =C2=A0 =C2=A0 amnezia
+DISTVERSIONPREFIX=3D=C2=A0 =C2=A0 =C2=A0v
+DISTVERSION=3D=C2=A0 =C2=A01.0.20241018
+PORTREVISION=3D=C2=A0 2
=C2=A0CATEGORIES=3D=C2=A0 =C2=A0 net net-vpn
=C2=A0MASTER_SITES=3D=C2=A0 https://github.com/amnezi= a-vpn/amneziawg-tools/
+PKGNAMESUFFIX=3D -tools

=C2=A0MAINTAINER=3D=C2=A0 =C2=A0 vova@zote.me
=C2=A0COMMENT=3D=C2=A0 =C2=A0 =C2=A0 =C2=A0Fast, modern and secure VPN Tunn= el with AmneziaVPN anti-detection
@@ -12,27 +14,29 @@ LICENSE=3D=C2=A0 =C2=A0 GPLv2

=C2=A0RUN_DEPENDS=3D=C2=A0 =C2=A0bash:shells/bash

-USES=3D=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 gmake
+USES=3D=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 gmake shebangfix
=C2=A0USE_GITHUB=3D=C2=A0 =C2=A0 yes
=C2=A0GH_ACCOUNT=3D=C2=A0 =C2=A0 amnezia-vpn
=C2=A0GH_PROJECT=3D=C2=A0 =C2=A0 amneziawg-tools
-GH_TAGNAME=3D=C2=A0 =C2=A0 v${PORTVERSION}
+USE_RC_SUBR=3D=C2=A0 =C2=A0${PORTNAME}
+
+SHEBANG_FILES=3D wg-quick/freebsd.bash

-WRKSRC_SUBDIR=3D src
=C2=A0MAKE_ARGS+=3D=C2=A0 =C2=A0 DEBUG=3Dno WITH_BASHCOMPLETION=3Dyes WITH_= SYSTEMDUNITS=3Dno
=C2=A0MAKE_ENV+=3D=C2=A0 =C2=A0 =C2=A0MANDIR=3D"${PREFIX}/share/man&qu= ot; \
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 SYSCONFDIR=3D"= ${PREFIX}/etc"

-USE_RC_SUBR=3D=C2=A0 =C2=A0amnezia
-
-.include <bsd.port.options.mk>
+WRKSRC_SUBDIR=3D src

=C2=A0post-patch:
-=C2=A0 =C2=A0 =C2=A0 =C2=A0@${REINPLACE_CMD} -e 's|wg s|awg s|g' \=
+=C2=A0 =C2=A0 =C2=A0 =C2=A0@${REINPLACE_CMD} -e 's|wg s|awg s|g; \
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0s|/usr/local/etc/wi= reguard|${ETCDIR}|' \
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 ${WRKSRC}/completio= n/wg-quick.bash-completion
+=C2=A0 =C2=A0 =C2=A0 =C2=A0@${REINPLACE_CMD} -e 's|%%ETCDIR%%|${ETCDIR= }|' \
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0${WRKSRC}/wg-quick/= freebsd.bash

=C2=A0post-install:
-=C2=A0 =C2=A0 =C2=A0 =C2=A0@${RMDIR} ${STAGEDIR}${PREFIX}/etc/amnezia/amne= ziawg
+=C2=A0 =C2=A0 =C2=A0 =C2=A0@${RMDIR} ${STAGEDIR}${ETCDIR}/amneziawg
=C2=A0 =C2=A0 =C2=A0 =C2=A0 ${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/awg

=C2=A0.include <bsd.port.mk>
diff --git a/net/amnezia-tools/distinfo b/net/amnezia-tools/distinfo
index 3703c8bf36a2..4121ea84aa23 100644
--- a/net/amnezia-tools/distinfo
+++ b/net/amnezia-tools/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP =3D 1744661306
-SHA256 (amnezia-vpn-amneziawg-tools-1.0.20241018-v1.0.20241018_GH0.tar.gz)= =3D 60f1cec1774fb871a2d8dc24e4f731625516d90f663d6e0d2c77d9247222f2f9
-SIZE (amnezia-vpn-amneziawg-tools-1.0.20241018-v1.0.20241018_GH0.tar.gz) = =3D 156259
+TIMESTAMP =3D 1754646104
+SHA256 (amnezia-vpn-amneziawg-tools-v1.0.20241018_GH0.tar.gz) =3D 60f1cec1= 774fb871a2d8dc24e4f731625516d90f663d6e0d2c77d9247222f2f9
+SIZE (amnezia-vpn-amneziawg-tools-v1.0.20241018_GH0.tar.gz) =3D 156259
diff --git a/net/amnezia-tools/files/amnezia.in b/net/amnezia-tools/files/amnezia.in
index 11a5daf89861..98010c013bdb 100644
--- a/net/amnezia-tools/files/amnezia.in
+++ b/net/amnezia-tools/files/amnezia.in
@@ -17,7 +17,7 @@
=C2=A0#=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 (default: "if_amn&quo= t;, "" - no module)
=C2=A0#
=C2=A0# amnezia_confdirs (str):=C2=A0 =C2=A0 =C2=A0 Directory to store the = configuration files.
-#=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 (default: "/usr/local/etc/am= nezia")
+#=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 (default: "%%ETCDIR%%")=

=C2=A0. /etc/rc.subr

@@ -33,7 +33,6 @@ status_cmd=3D"${name}_status"
=C2=A0amnezia_start()
=C2=A0{
=C2=A0 =C2=A0 =C2=A0 =C2=A0 kmod=3D${amnezia_kmod:-if_amn}
-=C2=A0 =C2=A0 =C2=A0 =C2=A0${amnezia_confdirs:+eval export AWG_QUICK_CONFI= G_SEARCH_PATHS=3D"$amnezia_confdirs"}
=C2=A0 =C2=A0 =C2=A0 =C2=A0 ${amnezia_env:+eval export $amnezia_env}
=C2=A0 =C2=A0 =C2=A0 =C2=A0 [ -n "${kmod}" ] && kldstat -= q -n ${kmod} || kldload -n ${kmod}

@@ -76,6 +75,8 @@ load_rc_config $name
=C2=A0: ${amnezia_interfaces=3D""}
=C2=A0: ${amnezia_env=3D""}
=C2=A0: ${amnezia_kmod=3D"if_amn"}
-: ${amnezia_confdirs=3D"/usr/local/etc/amnezia"}
+: ${amnezia_confdirs=3D"%%ETCDIR%%"}
+
+${amnezia_confdirs:+eval export AWG_QUICK_CONFIG_SEARCH_PATHS=3D"$amn= ezia_confdirs"}

=C2=A0run_rc_command "$1"
diff --git a/net/amnezia-tools/files/patch-man_wg-quick.8 b/net/amnezia-too= ls/files/patch-man_wg-quick.8
new file mode 100644
index 000000000000..96d988cf7162
--- /dev/null
+++ b/net/amnezia-tools/files/patch-man_wg-quick.8
@@ -0,0 +1,204 @@
+--- man/wg-quick.8.orig=C2=A0 =C2=A0 =C2=A0 =C2=A0 2024-10-01 13:02:42 UTC=
++++ man/wg-quick.8
+@@ -1,10 +1,10 @@
+-.TH WG-QUICK 8 "2016 January 1" ZX2C4 "WireGuard"
++.TH AWG-QUICK 8 "2025 August 8" AWG "AmneziaWG"
+
+ .SH NAME
+-wg-quick - set up a WireGuard interface simply
++awg-quick - set up a WireGuard interface simply
+
+ .SH SYNOPSIS
+-.B wg-quick
++.B awg-quick
+ [
+ .I up
+ |
+@@ -13,6 +13,8 @@ wg-quick - set up a WireGuard interface simply
+ .I save
+ |
+ .I strip
++|
++.I reload
+ ] [
+ .I CONFIG_FILE
+ |
+@@ -31,9 +33,9 @@ with all
+ runs pre/post down scripts. Running \fIsave\fP saves the configuration of= an existing
+ interface without bringing the interface down. Use \fIstrip\fP to output = a configuration file
+ with all
+-.BR wg-quick (8)-specific
++.BR awg-quick (8)-specific
+ options removed, suitable for use with
+-.BR wg (8).
++.BR awg (8).
+
+ \fICONFIG_FILE\fP is a configuration file, whose filename is the interfac= e name
+ followed by `.conf'. Otherwise, \fIINTERFACE\fP is an interface name,= with configuration
+@@ -41,24 +43,24 @@ Generally speaking, this utility is just a simple scri=
+ search paths.
+
+ Generally speaking, this utility is just a simple script that wraps invoc= ations to
+-.BR wg (8)
++.BR awg (8)
+ and
+-.BR ip (8)
+-in order to set up a WireGuard interface. It is designed for users with s= imple
++.BR ifconfig (8)
++in order to set up a AmneziaWG interface. It is designed for users with s= imple
+ needs, and users with more advanced needs are highly encouraged to use a = more
+ specific tool, a more complete network manager, or otherwise just use
+-.BR wg (8)
++.BR awg (8)
+ and
+-.BR ip (8),
++.BR route (8),
+ as usual.
+
+ .SH CONFIGURATION
+
+ The configuration file adds a few extra configuration values to the forma= t understood by
+-.BR wg (8)
++.BR awg (8)
+ in order to configure additional attributes of an interface. It handles t= he
+ values that it understands, and then it passes the remaining ones directl= y to
+-.BR wg (8)
++.BR awg (8)
+ for further processing.
+
+ It infers all routes from the list of peers' allowed IPs, and automat= ically adds
+@@ -67,7 +69,7 @@ to handle overriding of the default gateway.
+ .BR ip-rule (8)
+ to handle overriding of the default gateway.
+
+-The configuration file will be passed directly to \fBwg\fP(8)'s `setc= onf'
++The configuration file will be passed directly to \fBawg\fP(8)'s `set= conf'
+ sub-command, with the exception of the following additions to the \fIInte= rface\fP section,
+ which are handled by this tool:
+
+@@ -102,9 +104,29 @@ interface is removed will therefore be overwritten. + SaveConfig \(em if set to `true', the configuration is saved from the= current state of the
+ interface upon shutdown. Any changes made to the configuration file befor= e the
+ interface is removed will therefore be overwritten.
++.IP \(bu
++Description \(em will setup interface description visible in ifconfig and= SNMP.
++.IP \(bu
++UserLand \(em enforce to use amnezia-go instead of kernel driver, you can= use
++\fBamnezia-wireguard-go\fP to install it.
++.IP \(bu
++Routes \(em list of routes for the peer to be installed into FIB - that o= ption provides a way to have AllowedIPs list wider then routes installed. E= mpty list is allowed.
++That is useful if routing protocol will work over the link.
++But remember that internal wireguard routing will happen according to All= owedIPs anyway.
++Suggested use in case dynamic route - one interface -> one link.
++.IP \(bu
++Monitor default route change \(em do not run `route monitor` when there i= s no need to do anything on default
++change. That will help to avoid keeping two bashes and one route binaries=
++per interface always.
++Default value is true.
++.IP \(bu
++Track DNS Changes \(em if peer endpoint defined as a hostname - periodica= lly (timeout in seconds)
++check if hostname was changed, and if changed update peer endpoint accord= ing
++to new hostname. Quite useful in case of DDNS configurations.
++Default values is 0, disabled.
+
+ .P
+-Recommended \fIINTERFACE\fP names include `wg0' or `wgvpn0' or ev= en `wgmgmtlan0'.
++Recommended \fIINTERFACE\fP names include `amn0' or `awg0'.
+ However, the number at the end is in fact optional, and really
+ any free-form string [a-zA-Z0-9_=3D+.-]{1,15} will work. So even interfac= e names corresponding
+ to geographic locations would suffice, such as `cincinnati', `nyc'= ;, or `paris', if that's
+@@ -113,9 +135,9 @@ These examples draw on the same syntax found for
+ .SH EXAMPLES
+
+ These examples draw on the same syntax found for
+-.BR wg (8),
++.BR awg (8),
+ and a more complete description may be found there. Bold lines below are = for options that extend
+-.BR wg (8).
++.BR awg (8).
+
+ The following might be used for connecting as a client to a VPN gateway f= or tunneling all
+ traffic:
+@@ -151,15 +173,15 @@ two lines `PostUp` and `PreDown` lines to the `[Inte= rf
+ to prevent the flow of unencrypted packets through the non-WireGuard inte= rfaces, by adding the following
+ two lines `PostUp` and `PreDown` lines to the `[Interface]` section:
+
+-=C2=A0 =C2=A0 \fBPostUp =3D iptables -I OUTPUT ! -o %i -m mark ! --mark $= (wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT\fP
++=C2=A0 =C2=A0 \fBPostUp =3D iptables -I OUTPUT ! -o %i -m mark ! --mark $= (awg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT\fP
+ .br
+-=C2=A0 =C2=A0 \fBPreDown =3D iptables -D OUTPUT ! -o %i -m mark ! --mark = $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT\fP
++=C2=A0 =C2=A0 \fBPreDown =3D iptables -D OUTPUT ! -o %i -m mark ! --mark = $(awg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT\fP
+ .br
+
+ The `PostUp' and `PreDown' fields have been added to specify an + .BR iptables (8)
+ command which, when used with interfaces that have a peer that specifies = 0.0.0.0/0= as part of the
+-`AllowedIPs', works together with wg-quick's fwmark usage in orde= r to drop all packets that
++`AllowedIPs', works together with awg-quick's fwmark usage in ord= er to drop all packets that
+ are either not coming out of the tunnel encrypted or not going through th= e tunnel itself. (Note
+ that this continues to allow most DHCP traffic through, since most DHCP c= lients make use of PF_PACKET
+ sockets, which bypass Netfilter.) When IPv6 is in use, additional similar= lines could be added using
+@@ -168,7 +190,7 @@ Or, perhaps it is desirable to store private keys in e=
+ Or, perhaps it is desirable to store private keys in encrypted form, such= as through use of
+ .BR pass (1):
+
+-=C2=A0 =C2=A0 \fBPreUp =3D wg set %i private-key <(pass WireGuard/priv= ate-keys/%i)\fP
++=C2=A0 =C2=A0 \fBPreUp =3D awg set %i private-key <(pass WireGuard/pri= vate-keys/%i)\fP
+ .br
+
+ For use on a server, the following is a more complicated example involvin= g multiple peers:
+@@ -242,36 +264,43 @@ in the filename:
+ These configuration files may be placed in any directory, putting the des= ired interface name
+ in the filename:
+
+-\fB=C2=A0 =C2=A0 # wg-quick up /path/to/wgnet0.conf\fP
++\fB=C2=A0 =C2=A0 # awg-quick up amn0\fP
+
++or
++
++\fB=C2=A0 =C2=A0 # awg-quick up /path/to/amn0.conf\fP
++
+ For convenience, if only an interface name is supplied, it automatically = chooses a path in
+ `/etc/wireguard/':
+
+-\fB=C2=A0 =C2=A0 # wg-quick up wgnet0\fP
++\fB=C2=A0 =C2=A0 # awg-quick up amn0\fP
+
+ This will load the configuration file `/etc/wireguard/wgnet0.conf'. +
+ The \fIstrip\fP command is useful for reloading configuration files witho= ut disrupting active
+ sessions:
+
+-\fB=C2=A0 =C2=A0 # wg syncconf wgnet0 <(wg-quick strip wgnet0)\fP
++\fB=C2=A0 =C2=A0 # awg syncconf amn0 <(awg-quick strip amn)\fP
+
++or
++
++\fB=C2=A0 =C2=A0 # awg-quick reload amn0\fP
++
++
+ .SH SEE ALSO
+-.BR wg (8),
+-.BR ip (8),
+-.BR ip-link (8),
+-.BR ip-address (8),
+-.BR ip-route (8),
+-.BR ip-rule (8),
+-.BR resolvconf (8).
++.BR awg (8),
++.BR ifconfig (8),
++.BR route (8),
+
+ .SH AUTHOR
++.B awg-quick
++based on
+ .B wg-quick
+ was written by
+ .MT Jason@zx2c4.com<= /a>
+ Jason A. Donenfeld
+ .ME .
+ For updates and more information, a project page is available on the
+-.UR https://\:www.wireguard.com/
++.UR https://\:github.com/amnezia-vpn/amneziawg-tools= /
+ World Wide Web
+ .UE .
diff --git a/net/amnezia-tools/files/patch-man_wg.8 b/net/amnezia-tools/fil= es/patch-man_wg.8
index ab226a3cc1e7..87e018ff2856 100644
--- a/net/amnezia-tools/files/patch-man_wg.8
+++ b/net/amnezia-tools/files/patch-man_wg.8
@@ -1,15 +1,60 @@
=C2=A0--- man/wg.8.orig=C2=A0 =C2=A0 =C2=A0 2024-10-01 13:02:42 UTC
=C2=A0+++ man/wg.8
-@@ -55,7 +55,7 @@ by \fICONFIGURATION FILE FORMAT\fP below.
+@@ -1,10 +1,10 @@
+-.TH WG 8 "2015 August 13" ZX2C4 "WireGuard"
++.TH AWG 8 "2025 August 8" AWG "AmneziaWG"
+
+ .SH NAME
+-wg - set and retrieve configuration of WireGuard interfaces
++awg - set and retrieve configuration of WireGuard interfaces
+
+ .SH SYNOPSIS
+-.B wg
++.B awg
+ [
+ .I COMMAND
+ ] [
+@@ -15,17 +15,15 @@ wg - set and retrieve configuration of WireGuard inter=
+
+ .SH DESCRIPTION
+
+-.B wg
++.B awg
+ is the configuration utility for getting and setting the configuration of=
+ WireGuard tunnel interfaces. The interfaces themselves can be added and r= emoved
+ using
+-.BR ip-link (8)
++.BR ifconfig (8)
+ and their IP addresses and routing tables can be set using
+-.BR ip-address (8)
+-and
+-.BR ip-route (8).
++.BR route (8).
+ The
+-.B wg
++.B awg
+ utility provides a series of sub-commands for changing WireGuard-specific=
+ aspects of WireGuard interfaces.
+
+@@ -36,7 +34,7 @@ Sub-commands that take an INTERFACE must be passed a W + .SH COMMANDS
+
+ .TP
+-\fBshow\fP { \fI<interface>\fP | \fIall\fP | \fIinterfaces\fP } [\f= Ipublic-key\fP | \fIprivate-key\fP | \fIlisten-port\fP | \fIfwmark\fP | \fI= peers\fP | \fIpreshared-keys\fP | \fIendpoints\fP | \fIallowed-ips\fP | \fI= latest-handshakes\fP | \fIpersistent-keepalive\fP | \fItransfer\fP | \fIdum= p\fP]
++\fBshow\fP { \fI<interface>\fP | \fIall\fP | \fIinterfaces\fP } [\f= Ipublic-key\fP | \fIprivate-key\fP | \fIlisten-port\fP | \fIfwmark\fP | \fI= peers\fP | \fIpreshared-keys\fP | \fIendpoints\fP | \fIallowed-ips\fP | \fI= latest-handshakes\fP | \fIpersistent-keepalive\fP | \fItransfer\fP | \fIdum= p\fP | \fIjc\fP | \fIjmin\fP | \fIjmax\fP | \fIs1\fP | \fIs2\fP | \fIh1\fP = | \fIh2\fP | \fIh3\fP | \fIh4\fP]
+ Shows current WireGuard configuration and runtime information of specifie= d \fI<interface>\fP.
+ If no \fI<interface>\fP is specified, \fI<interface>\fP defau= lts to \fIall\fP.
+ If \fIinterfaces\fP is specified, prints a list of all WireGuard interfac= es,
+@@ -55,7 +53,7 @@ by \fICONFIGURATION FILE FORMAT\fP below.
=C2=A0 Shows the current configuration of \fI<interface>\fP in the fo= rmat described
=C2=A0 by \fICONFIGURATION FILE FORMAT\fP below.
=C2=A0 .TP
=C2=A0-\fBset\fP \fI<interface>\fP [\fIlisten-port\fP \fI<port>= \fP] [\fIfwmark\fP \fI<fwmark>\fP] [\fIprivate-key\fP \fI<file-pat= h>\fP] [\fIpeer\fP \fI<base64-public-key>\fP [\fIremove\fP] [\fIpr= eshared-key\fP \fI<file-path>\fP] [\fIendpoint\fP \fI<ip>:<p= ort>\fP] [\fIpersistent-keepalive\fP \fI<interval seconds>\fP] [\f= Iallowed-ips\fP \fI<ip1>/<cidr1>\fP[,\fI<ip2>/<cidr2&g= t;\fP]...] ]...
-+\fBset\fP \fI<interface>\fP [\fIlisten-port\fP \fI<port>\fP] = [\fIfwmark\fP \fI<fwmark>\fP] [\fIprivate-key\fP \fI<file-path>= \fP] [\fIpeer\fP \fI<base64-public-key>\fP [\fIremove\fP] [\fIpreshar= ed-key\fP \fI<file-path>\fP] [\fIendpoint\fP \fI<ip>:<port&g= t;\fP] [\fIpersistent-keepalive\fP \fI<interval seconds>\fP] [\fIallo= wed-ips\fP \fI[+|-]<ip1>/<cidr1>\fP[,\fI[+|-]<ip2>/<ci= dr2>\fP]...] ]...
++\fBset\fP \fI<interface>\fP [\fIlisten-port\fP \fI<port>\fP] = [\fIfwmark\fP \fI<fwmark>\fP] [\fIprivate-key\fP \fI<file-path>= \fP] [\fIjc <jc>]\fP [\fI<jmin <jmin>]\fP [\fIjmax <jmax&= gt;\fP] [\fIs1 <s1>\fP] [\fIs2 <s2>\fP] [\fIh1\fP] [\fIh2 <h= 2>\fP] [\fIh3 <h3>\fP] [\fIh4 <h4>\fP] [\fIpeer\fP \fI<ba= se64-public-key>\fP [\fIremove\fP] [\fIpreshared-key\fP \fI<file-path= >\fP] [\fIendpoint\fP \fI<ip>:<port>\fP] [\fIpersistent-keep= alive\fP \fI<interval seconds>\fP] [\fIallowed-ips\fP \fI[+|-]<ip1= >/<cidr1>\fP[,\fI[+|-]<ip2>/<cidr2>\fP]...] ]...
=C2=A0 Sets configuration values for the specified \fI<interface>\fP.= Multiple
=C2=A0 \fIpeer\fPs may be specified, and if the \fIremove\fP argument is gi= ven
=C2=A0 for a peer, that peer is removed, not configured. If \fIlisten-port\= fP
-@@ -72,7 +72,11 @@ If \fIallowed-ips\fP is specified, but the value is th<= br> +@@ -72,7 +70,11 @@ If \fIallowed-ips\fP is specified, but the value is th<= br> =C2=A0 it adds an additional layer of symmetric-key cryptography to be mixe= d into
=C2=A0 the already existing public-key cryptography, for post-quantum resis= tance.
=C2=A0 If \fIallowed-ips\fP is specified, but the value is the empty string= , all
@@ -22,3 +67,92 @@
=C2=A0 is optional and is by default off; setting it to 0 or "off"= ; disables it.
=C2=A0 Otherwise it represents, in seconds, between 1 and 65535 inclusive, = how often
=C2=A0 to send an authenticated empty packet to the peer, for the purpose o= f keeping
+@@ -119,11 +121,52 @@ A private key and a corresponding public key may be = ge
+ .br
+=C2=A0 =C2=A0 =C2=A0$ umask 077
+ .br
+-=C2=A0 =C2=A0 $ wg genkey | tee private.key | wg pubkey > public.key ++=C2=A0 =C2=A0 $ awg genkey | tee private.key | awg pubkey > public.key=
+ .TP
+ \fBhelp\fP
+ Shows usage message.
+
++.SH AMNEZIA OPTIONS
++Configuration options to be use in order to bypass DPI filters, these opt= ions appears in
++\fBshow\fP, \fBset\fP, \fBsetconf\fP, \fBaddconf\fP commands.
++
++.TP
++\fBjc\fP
++Number of junk packets before handshake.
++.br
++1=E2=80=93128 (recomended 3=E2=80=9310)
++
++.TP
++\fBjmin\fP
++Minimum size of junk packets.
++.br
++jmin: < jmax (recomended ~ 8)
++
++.TP
++\fBjmax\fP
++Maximum size of junk packets.
++.br
++jmax: =E2=89=A4 1280 (recomended ~ 80)
++
++.TP
++\fBs1\fP
++Size of handshake initiation packet prepend junk. Should be the same on b= oth ends.
++.br
++0=E2=80=931132 (recomended 15=E2=80=93150), s1 + 56 =E2=89=A0 s2
++
++.TP
++\fBs2\fP
++Size of handshake response packet prepend junk. Should be the same on bot= h ends.
++.br
++0=E2=80=931188 (recomended 15=E2=80=93150), s1 + 56 =E2=89=A0 s2
++
++.TP
++\fBh1-h4\fP
++Custom identifiers for initiation/response/cookie/data packets. Should be= the same on both ends.
++.br
++The unique value in range of 5 - 4,294,967,295 (0x5 - 0xFFFFFFFF), h1 != =3D h2 !=3D h3 !=3D h4
++
++
+ .SH CONFIGURATION FILE FORMAT
+ The configuration file format is based on \fIINI\fP. There are two top le= vel sections
+ -- \fIInterface\fP and \fIPeer\fP. Multiple \fIPeer\fP sections may be sp= ecified, but
+@@ -224,7 +267,7 @@ on a per-interface basis by using
+ on a per-interface basis by using
+ .BR ifconfig (1):
+
+-\fB=C2=A0 =C2=A0 # ifconfig wg0 debug
++\fB=C2=A0 =C2=A0 # ifconfig amn0 debug\fP
+
+ On userspace implementations, it is customary to set the \fILOG_LEVEL\fP = environment variable to \fIverbose\fP.
+
+@@ -240,19 +283,18 @@ If set to an integer or to \fIinfinity\fP, DNS resol= ut
+ If set to an integer or to \fIinfinity\fP, DNS resolution for each peer&#= 39;s endpoint will be retried that many times for non-permanent errors, wit= h an increasing delay between retries. If unset, the default is 15 retries.=
+
+ .SH SEE ALSO
+-.BR wg-quick (8),
+-.BR ip (8),
+-.BR ip-link (8),
+-.BR ip-address (8),
+-.BR ip-route (8).
++.BR awg-quick (8),
++.BR ifconfig (8),
++.BR route (8).
+
+ .SH AUTHOR
++awg based on
+ .B wg
+-was written by
++that was written by
+ .MT Jason@zx2c4.com<= /a>
+ Jason A. Donenfeld
+ .ME .
+ For updates and more information, a project page is available on the
+-.UR https://\:www.wireguard.com/
++.UR https://\:github.com/amnezia-vpn/amneziawg-tools= /
+ World Wide Web
+ .UE .
diff --git a/net/amnezia-tools/files/patch-wg-quick_freebsd.bash b/net/amne= zia-tools/files/patch-wg-quick_freebsd.bash
index f130e5f49a6d..6d218f256182 100644
--- a/net/amnezia-tools/files/patch-wg-quick_freebsd.bash
+++ b/net/amnezia-tools/files/patch-wg-quick_freebsd.bash
@@ -26,7 +26,7 @@
=C2=A0 }

=C2=A0-CONFIG_SEARCH_PATHS=3D( /etc/amnezia/amneziawg /usr/local/etc/amnezi= a/amneziawg )
-+CONFIG_SEARCH_PATHS=3D( ${AWG_QUICK_CONFIG_SEARCH_PATHS:-/usr/local/etc/a= mnezia} )
++CONFIG_SEARCH_PATHS=3D( ${AWG_QUICK_CONFIG_SEARCH_PATHS:-%%ETCDIR%%} )
=C2=A0 unset ORIGINAL_TMPDIR
=C2=A0 make_temp() {


--
Nuno Teixeira
=
FreeBSD UNIX:=C2=A0 <eduardo@FreeBSD.org>=C2=A0 =C2=A0Web:=C2=A0 https://Fr= eeBSD.org
--000000000000fe9faa063bf8b79d--