From nobody Sat Jul 26 14:21:17 2025
X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bq6Ns6K9Jz623Pg;
	Sat, 26 Jul 2025 14:21:17 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4bq6Ns666Mz48WC;
	Sat, 26 Jul 2025 14:21:17 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1753539677;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=i76iMgCbWLaG7nXuepW/k9O+h2KmPhkGZsFhFQoOJho=;
	b=p0I1o+FM8BnHkp4keYDvbyXF3eUDphX/ONjxoQ4nlWHnG7jU2TFU0l9kN3pXwOK06jNOOC
	OPLTYtQ6YOtLvHVmSNB5LeApKQ2GKXobdIGO9La7BC+R7CsXTTHvmlPbNzX5FZtH4o3gtU
	muyTB+IMi7hWKLTH+POuwA9IPveWF+AduTTYMQZIzxGjUDT/WGGH0AjWIBD0uY4+PLsmI6
	JF8qdPOEHzkp4P4FMJJJJ0FiZkDdpIMLGNCda+8kjwiYlDQZ/h2P04GA8rDX1dRKH1ZnId
	itb/msOcK6fjkJzG6nFb29KLlXRbkiOnUse5bN3LOmdRu/p6dL+2jwRxlItC8A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1753539677;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=i76iMgCbWLaG7nXuepW/k9O+h2KmPhkGZsFhFQoOJho=;
	b=lndDxHFTacZ6aHzaSGdLq7bFkK8Wsc9TG4pGzzCBgRKcYBvt+5XK76ugsFQXCALHGWJtCH
	5GwkHHdXwlo1zTI4gdCpw/2buWjFZhfY8SLhHquiiJx8pTGwY3RPX59Gt9Y3fjNPsNxXDK
	fEBSvz8PQkeV4bEPmu5HzsvgR4xJz23O9C2i2fNbe44Rr/lA7Gllh9w9OR3To/qZap14K3
	rjYkwRHx/pqo1VlcLOvkWXEJ0cTKK22kHgdap79tzxeuPehE6G9FwntsTEZJ7VbIGoJeaa
	fjRFfNRHJ8YTiRO9IDZ57SwkcKzSrwTjNd4+GBfeeqEeSZAv3L0ipSKZgUWP9Q==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1753539677; a=rsa-sha256; cv=none;
	b=HWToKBhRfWO+8s6xF/ce6O6d4rFsJbLMEIER7SrAeyN1gUJBKeP+jsZpCgtUHRZ3U20pCY
	1f/Pp+eHwN1wuR5yqLRngId8jKlnnHI6USxc3TbMCbIkqlW4Ws7weGkZlrHUaokPby/kBW
	0bNvbCy9aFptI9owHnj3si6oo6x6d2DnKuX6Fa/MfQv9CQU0xFjgjhoOARc6IULGvHvMpw
	gep7ckFaZ3C/+9jRsGXelAcAsRuKPmCnGRbHm9n/i04j+C3ETk3QDz8ptuceEOAywPhe3e
	HpmxBqS0fcTLKqAwIWzkpGLB+CCxIoO5eJfRaPMTQUsf36e8kouaTIxHXqPDzw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4bq6Ns5dGFzZCq;
	Sat, 26 Jul 2025 14:21:17 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 56QELHKd058220;
	Sat, 26 Jul 2025 14:21:17 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 56QELH5o058217;
	Sat, 26 Jul 2025 14:21:17 GMT
	(envelope-from git)
Date: Sat, 26 Jul 2025 14:21:17 GMT
Message-Id: <202507261421.56QELH5o058217@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
        dev-commits-ports-main@FreeBSD.org
From: Eugene Grosbein <eugen@FreeBSD.org>
Subject: git: 1f27d54496be - main - net/amneziawg-kmod, net/amneziawg-kmod:
  new ports
List-Id: Commits to the main branch of the FreeBSD ports repository <dev-commits-ports-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main
List-Help: <mailto:dev-commits-ports-main+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-main+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-ports-main@freebsd.org
Sender: owner-dev-commits-ports-main@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: eugen
X-Git-Repository: ports
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 1f27d54496bed7a922c70a31d07f03223e314429
Auto-Submitted: auto-generated

The branch main has been updated by eugen:

URL: https://cgit.FreeBSD.org/ports/commit/?id=1f27d54496bed7a922c70a31d07f03223e314429

commit 1f27d54496bed7a922c70a31d07f03223e314429
Author:     Eugene Grosbein <eugen@FreeBSD.org>
AuthorDate: 2025-07-26 14:15:14 +0000
Commit:     Eugene Grosbein <eugen@FreeBSD.org>
CommitDate: 2025-07-26 14:20:45 +0000

    net/amneziawg-kmod, net/amneziawg-kmod: new ports
    
    AmneziaWG is a contemporary version of the popular VPN protocol,
    WireGuard. It offers protection against detection
    by Deep Packet Inspection (DPI) systems. At the same time,
    it retains the simplified architecture and high performance
    of the original.
    
    Differential Revision:  https://reviews.freebsd.org/D51265
---
 net/Makefile                                       |   2 +
 net/amneziawg-kmod/Makefile                        |  23 +++
 net/amneziawg-kmod/distinfo                        |   3 +
 net/amneziawg-kmod/files/patch-Makefile            |   9 +
 net/amneziawg-kmod/files/patch-if__wg.c            | 173 +++++++++++++++++++
 net/amneziawg-kmod/pkg-descr                       |  12 ++
 net/amneziawg-tools/Makefile                       |  36 ++++
 net/amneziawg-tools/distinfo                       |   3 +
 net/amneziawg-tools/files/amneziawg.in             |  74 ++++++++
 net/amneziawg-tools/files/patch-config.c           |  11 ++
 net/amneziawg-tools/files/patch-ipc-freebsd.h      |  11 ++
 .../files/patch-wg-quick_freebsd.bash              | 192 +++++++++++++++++++++
 net/amneziawg-tools/pkg-descr                      |   2 +
 net/amneziawg-tools/pkg-plist                      |   7 +
 14 files changed, 558 insertions(+)

diff --git a/net/Makefile b/net/Makefile
index 1d7962c2c074..07dde2dad8f7 100644
--- a/net/Makefile
+++ b/net/Makefile
@@ -17,6 +17,8 @@
     SUBDIR += akonadi-search
     SUBDIR += alligator
     SUBDIR += aluminum
+    SUBDIR += amneziawg-kmod
+    SUBDIR += amneziawg-tools
     SUBDIR += amqpcat
     SUBDIR += aoe
     SUBDIR += apache-commons-net
diff --git a/net/amneziawg-kmod/Makefile b/net/amneziawg-kmod/Makefile
new file mode 100644
index 000000000000..c09d7aba58b0
--- /dev/null
+++ b/net/amneziawg-kmod/Makefile
@@ -0,0 +1,23 @@
+PORTNAME=	amneziawg
+PORTVERSION=	1.0.6
+DISTVERSIONPREFIX=	v
+CATEGORIES=	net net-vpn
+PKGNAMESUFFIX=	-kmod
+
+MAINTAINER=	vova@zote.me
+COMMENT=	AmneziaWG FreeBSD kernel module implementation
+WWW=		https://github.com/vgrebenschikov/wireguard-amnezia-kmod
+
+LICENSE=	MIT
+LICENSE_FILE=	${WRKSRC}/COPYING
+
+BROKEN_FreeBSD_13=	Depends on kernel sources of recent FreeBSD 14 or newer
+
+USES=		kmod uidfix
+USE_GITHUB=	yes
+GH_ACCOUNT=	vgrebenschikov
+GH_PROJECT=	wireguard-amnezia-kmod
+
+PLIST_FILES=	${KMODDIR}/if_awg.ko
+
+.include <bsd.port.mk>
diff --git a/net/amneziawg-kmod/distinfo b/net/amneziawg-kmod/distinfo
new file mode 100644
index 000000000000..56fc58cc48dc
--- /dev/null
+++ b/net/amneziawg-kmod/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1753385001
+SHA256 (vgrebenschikov-wireguard-amnezia-kmod-v1.0.6_GH0.tar.gz) = 916438447143bff815d0c6617796ff12c98c25dd5439413d67faab19c4dd65fd
+SIZE (vgrebenschikov-wireguard-amnezia-kmod-v1.0.6_GH0.tar.gz) = 52053
diff --git a/net/amneziawg-kmod/files/patch-Makefile b/net/amneziawg-kmod/files/patch-Makefile
new file mode 100644
index 000000000000..90abd540b7f1
--- /dev/null
+++ b/net/amneziawg-kmod/files/patch-Makefile
@@ -0,0 +1,9 @@
+--- Makefile.orig	2025-07-22 17:42:41 UTC
++++ Makefile
+@@ -1,5 +1,5 @@
+ 
+-KMOD= if_wg
++KMOD= if_awg
+ 
+ SRCS= if_wg.c wg_cookie.c wg_crypto.c wg_noise.c
+ SRCS+= opt_inet.h opt_inet6.h device_if.h bus_if.h
diff --git a/net/amneziawg-kmod/files/patch-if__wg.c b/net/amneziawg-kmod/files/patch-if__wg.c
new file mode 100644
index 000000000000..88733e895b1e
--- /dev/null
+++ b/net/amneziawg-kmod/files/patch-if__wg.c
@@ -0,0 +1,173 @@
+--- if_wg.c.orig	2025-07-22 17:38:01 UTC
++++ if_wg.c
+@@ -278,21 +278,21 @@ static volatile unsigned long peer_counter = 0;
+ static int clone_count;
+ static uma_zone_t wg_packet_zone;
+ static volatile unsigned long peer_counter = 0;
+-static const char wgname[] = "wg";
++static const char wgname[] = "awg";
+ static unsigned wg_osd_jail_slot;
+ 
+ static struct sx wg_sx;
+-SX_SYSINIT(wg_sx, &wg_sx, "wg_sx");
++SX_SYSINIT(wg_sx, &wg_sx, "awg_sx");
+ 
+ static LIST_HEAD(, wg_softc) wg_list = LIST_HEAD_INITIALIZER(wg_list);
+ 
+ static TASKQGROUP_DEFINE(wg_tqg, mp_ncpus, 1);
+ 
+-MALLOC_DEFINE(M_WG, "WG", "wireguard");
++MALLOC_DEFINE(M_WG, "AWG", "amneziawg");
+ 
+-VNET_DEFINE_STATIC(struct if_clone *, wg_cloner);
++VNET_DEFINE_STATIC(struct if_clone *, awg_cloner);
+ 
+-#define	V_wg_cloner	VNET(wg_cloner)
++#define	V_awg_cloner	VNET(awg_cloner)
+ #define	WG_CAPS		IFCAP_LINKSTATE
+ 
+ struct wg_timespec64 {
+@@ -386,10 +386,10 @@ static int wg_ioctl(if_t, u_long, caddr_t);
+ static void wg_reassign(if_t, struct vnet *, char *unused);
+ static void wg_init(void *);
+ static int wg_ioctl(if_t, u_long, caddr_t);
+-static void vnet_wg_init(const void *);
+-static void vnet_wg_uninit(const void *);
+-static int wg_module_init(void);
+-static void wg_module_deinit(void);
++static void vnet_awg_init(const void *);
++static void vnet_awg_uninit(const void *);
++static int awg_module_init(void);
++static void awg_module_deinit(void);
+ 
+ /* TODO Peer */
+ static struct wg_peer *
+@@ -408,7 +408,7 @@ wg_peer_alloc(struct wg_softc *sc, const uint8_t pub_k
+ 
+ 	cookie_maker_init(&peer->p_cookie, pub_key);
+ 
+-	rw_init(&peer->p_endpoint_lock, "wg_peer_endpoint");
++	rw_init(&peer->p_endpoint_lock, "awg_peer_endpoint");
+ 
+ 	wg_queue_init(&peer->p_stage_queue, "stageq");
+ 	wg_queue_init(&peer->p_encrypt_serial, "txq");
+@@ -428,9 +428,9 @@ wg_peer_alloc(struct wg_softc *sc, const uint8_t pub_k
+ 	peer->p_handshake_retries = 0;
+ 
+ 	GROUPTASK_INIT(&peer->p_send, 0, (gtask_fn_t *)wg_deliver_out, peer);
+-	taskqgroup_attach(qgroup_wg_tqg, &peer->p_send, peer, NULL, NULL, "wg send");
++	taskqgroup_attach(qgroup_wg_tqg, &peer->p_send, peer, NULL, NULL, "awg send");
+ 	GROUPTASK_INIT(&peer->p_recv, 0, (gtask_fn_t *)wg_deliver_in, peer);
+-	taskqgroup_attach(qgroup_wg_tqg, &peer->p_recv, peer, NULL, NULL, "wg recv");
++	taskqgroup_attach(qgroup_wg_tqg, &peer->p_recv, peer, NULL, NULL, "awg recv");
+ 
+ 	LIST_INIT(&peer->p_aips);
+ 	peer->p_aips_num = 0;
+@@ -3286,26 +3286,26 @@ static void
+ }
+ 
+ static void
+-vnet_wg_init(const void *unused __unused)
++vnet_awg_init(const void *unused __unused)
+ {
+ 	struct if_clone_addreq req = {
+ 		.create_f = wg_clone_create,
+ 		.destroy_f = wg_clone_destroy,
+ 		.flags = IFC_F_AUTOUNIT,
+ 	};
+-	V_wg_cloner = ifc_attach_cloner(wgname, &req);
++	V_awg_cloner = ifc_attach_cloner(wgname, &req);
+ }
+-VNET_SYSINIT(vnet_wg_init, SI_SUB_PROTO_IFATTACHDOMAIN, SI_ORDER_ANY,
+-	     vnet_wg_init, NULL);
++VNET_SYSINIT(vnet_awg_init, SI_SUB_PROTO_IFATTACHDOMAIN, SI_ORDER_ANY,
++	     vnet_awg_init, NULL);
+ 
+ static void
+-vnet_wg_uninit(const void *unused __unused)
++vnet_awg_uninit(const void *unused __unused)
+ {
+-	if (V_wg_cloner)
+-		ifc_detach_cloner(V_wg_cloner);
++	if (V_awg_cloner)
++		ifc_detach_cloner(V_awg_cloner);
+ }
+-VNET_SYSUNINIT(vnet_wg_uninit, SI_SUB_PROTO_IFATTACHDOMAIN, SI_ORDER_ANY,
+-	       vnet_wg_uninit, NULL);
++VNET_SYSUNINIT(vnet_awg_uninit, SI_SUB_PROTO_IFATTACHDOMAIN, SI_ORDER_ANY,
++    vnet_awg_uninit, NULL);
+ 
+ static int
+ wg_prison_remove(void *obj, void *data __unused)
+@@ -3352,14 +3352,14 @@ static int
+ #endif
+ 
+ static int
+-wg_module_init(void)
++awg_module_init(void)
+ {
+ 	int ret;
+ 	osd_method_t methods[PR_MAXMETHOD] = {
+ 		[PR_METHOD_REMOVE] = wg_prison_remove,
+ 	};
+ 
+-	wg_packet_zone = uma_zcreate("wg packet", sizeof(struct wg_packet),
++	wg_packet_zone = uma_zcreate("awg packet", sizeof(struct wg_packet),
+ 	     NULL, NULL, NULL, NULL, 0, 0);
+ 
+ 	ret = crypto_init();
+@@ -3378,15 +3378,15 @@ static void
+ }
+ 
+ static void
+-wg_module_deinit(void)
++awg_module_deinit(void)
+ {
+ 	VNET_ITERATOR_DECL(vnet_iter);
+ 	VNET_LIST_RLOCK();
+ 	VNET_FOREACH(vnet_iter) {
+-		struct if_clone *clone = VNET_VNET(vnet_iter, wg_cloner);
++		struct if_clone *clone = VNET_VNET(vnet_iter, awg_cloner);
+ 		if (clone) {
+ 			ifc_detach_cloner(clone);
+-			VNET_VNET(vnet_iter, wg_cloner) = NULL;
++			VNET_VNET(vnet_iter, awg_cloner) = NULL;
+ 		}
+ 	}
+ 	VNET_LIST_RUNLOCK();
+@@ -3401,13 +3401,13 @@ static int
+ }
+ 
+ static int
+-wg_module_event_handler(module_t mod, int what, void *arg)
++awg_module_event_handler(module_t mod, int what, void *arg)
+ {
+ 	switch (what) {
+ 		case MOD_LOAD:
+-			return wg_module_init();
++			return awg_module_init();
+ 		case MOD_UNLOAD:
+-			wg_module_deinit();
++			awg_module_deinit();
+ 			break;
+ 		default:
+ 			return (EOPNOTSUPP);
+@@ -3415,12 +3415,12 @@ wg_module_event_handler(module_t mod, int what, void *
+ 	return (0);
+ }
+ 
+-static moduledata_t wg_moduledata = {
+-	"if_wg",
+-	wg_module_event_handler,
++static moduledata_t awg_moduledata = {
++	"if_awg",
++	awg_module_event_handler,
+ 	NULL
+ };
+ 
+-DECLARE_MODULE(if_wg, wg_moduledata, SI_SUB_PSEUDO, SI_ORDER_ANY);
+-MODULE_VERSION(if_wg, WIREGUARD_VERSION);
+-MODULE_DEPEND(if_wg, crypto, 1, 1, 1);
++DECLARE_MODULE(if_awg, awg_moduledata, SI_SUB_PSEUDO, SI_ORDER_ANY);
++MODULE_VERSION(if_awg, WIREGUARD_VERSION);
++MODULE_DEPEND(if_awg, crypto, 1, 1, 1);
diff --git a/net/amneziawg-kmod/pkg-descr b/net/amneziawg-kmod/pkg-descr
new file mode 100644
index 000000000000..d493982cbd6e
--- /dev/null
+++ b/net/amneziawg-kmod/pkg-descr
@@ -0,0 +1,12 @@
+AmneziaWG is a contemporary version of the popular VPN protocol, WireGuard.
+It offers protection against detection by Deep Packet Inspection (DPI) systems.
+At the same time, it retains the simplified architecture and high performance
+of the original.
+
+The progenitor of AmneziaWG, WireGuard, is known for its efficiency, but
+it does have issues with detection due to distinctive packet signatures.
+AmneziaWG addresses this problem by employing advanced obfuscation methods,
+allowing its traffic to blend seamlessly with regular internet traffic.
+As a result, AmneziaWG maintains high performance while adding an extra layer
+of stealth, making it a superb choice for those seeking a fast and discreet
+VPN connection.
diff --git a/net/amneziawg-tools/Makefile b/net/amneziawg-tools/Makefile
new file mode 100644
index 000000000000..99af37f70786
--- /dev/null
+++ b/net/amneziawg-tools/Makefile
@@ -0,0 +1,36 @@
+PORTNAME=	amneziawg-tools
+PORTVERSION=	1.0.20241018
+CATEGORIES=	net net-vpn
+MASTER_SITES=	https://github.com/amnezia-vpn/amneziawg-tools/
+
+MAINTAINER=	vova@zote.me
+COMMENT=	Fast, modern and secure VPN Tunnel with AmneziaVPN anti-detection
+WWW=		https://github.com/amnezia-vpn/amneziawg-tools/
+
+LICENSE=	GPLv2
+
+RUN_DEPENDS=	bash:shells/bash
+
+USES=		gmake
+USE_GITHUB=	yes
+GH_ACCOUNT=	amnezia-vpn
+GH_TAGNAME=	v${PORTVERSION}
+
+WRKSRC_SUBDIR=	src
+MAKE_ARGS+=	DEBUG=no WITH_BASHCOMPLETION=yes WITH_SYSTEMDUNITS=no
+MAKE_ENV+=	MANDIR="${PREFIX}/share/man" \
+		SYSCONFDIR="${PREFIX}/etc"
+
+USE_RC_SUBR=	amneziawg
+
+.include <bsd.port.options.mk>
+
+post-patch:
+	@${REINPLACE_CMD} -e 's|wg s|awg s|g' \
+		${WRKSRC}/completion/wg-quick.bash-completion
+
+post-install:
+	@${MKDIR} ${STAGEDIR}${PREFIX}/etc/amnezia/amneziawg
+	${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/awg
+
+.include <bsd.port.mk>
diff --git a/net/amneziawg-tools/distinfo b/net/amneziawg-tools/distinfo
new file mode 100644
index 000000000000..3703c8bf36a2
--- /dev/null
+++ b/net/amneziawg-tools/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1744661306
+SHA256 (amnezia-vpn-amneziawg-tools-1.0.20241018-v1.0.20241018_GH0.tar.gz) = 60f1cec1774fb871a2d8dc24e4f731625516d90f663d6e0d2c77d9247222f2f9
+SIZE (amnezia-vpn-amneziawg-tools-1.0.20241018-v1.0.20241018_GH0.tar.gz) = 156259
diff --git a/net/amneziawg-tools/files/amneziawg.in b/net/amneziawg-tools/files/amneziawg.in
new file mode 100644
index 000000000000..beb12e026827
--- /dev/null
+++ b/net/amneziawg-tools/files/amneziawg.in
@@ -0,0 +1,74 @@
+#!/bin/sh
+
+# PROVIDE: amneziawg
+# REQUIRE: NETWORKING
+# KEYWORD: shutdown
+#
+# amneziawg_enable (bool):    Set to "YES" to enable amneziawg.
+#                             (default: "NO")
+#
+# amneziawg_interfaces (str): List of interfaces to bring up/down
+#                             on start/stop. (eg: "awg0 awg1")
+#                             (default: "")
+# amneziawg_env (str):        Environment variables for the userspace
+#                             implementation. (eg: "LOG_LEVEL=debug")
+
+. /etc/rc.subr
+
+name=amneziawg
+rcvar=amneziawg_enable
+extra_commands="reload status"
+
+start_cmd="${name}_start"
+stop_cmd="${name}_stop"
+reload_cmd="${name}_reload"
+status_cmd="${name}_status"
+
+amneziawg_start()
+{
+	${amneziawg_env:+eval export $amneziawg_env}
+    kldload -n if_awg
+
+	for interface in ${amneziawg_interfaces}; do
+		%%PREFIX%%/bin/awg-quick up ${interface}
+	done
+}
+
+amneziawg_stop()
+{
+	for interface in ${amneziawg_interfaces}; do
+		%%PREFIX%%/bin/awg-quick down ${interface}
+	done
+}
+
+amneziawg_reload()
+{
+	${amneziawg_env:+eval export $amneziawg_env}
+
+	for interface in ${amneziawg_interfaces}; do
+		tmpfile="`mktemp`"
+		%%PREFIX%%/bin/awg-quick strip ${interface} > ${tmpfile}
+		%%PREFIX%%/bin/awg syncconf ${interface} ${tmpfile}
+		rm -f ${tmpfile}
+	done
+}
+
+amneziawg_status()
+{
+	${amneziawg_env:+eval export $amneziawg_env}
+	amneziawg_status="0"
+
+	for interface in ${amneziawg_interfaces}; do
+		%%PREFIX%%/bin/awg show ${interface} || amneziawg_status="1"
+	done
+
+	return ${amneziawg_status}
+}
+
+load_rc_config $name
+
+: ${amneziawg_enable="NO"}
+: ${amneziawg_interfaces=""}
+: ${amneziawg_env=""}
+
+run_rc_command "$1"
diff --git a/net/amneziawg-tools/files/patch-config.c b/net/amneziawg-tools/files/patch-config.c
new file mode 100644
index 000000000000..6e00e1f19d4d
--- /dev/null
+++ b/net/amneziawg-tools/files/patch-config.c
@@ -0,0 +1,11 @@
+--- config.c.orig	2025-06-13 09:33:11 UTC
++++ config.c
+@@ -252,7 +252,7 @@ static inline bool parse_endpoint(struct sockaddr *end
+ 		 *
+ 		 * So this is what we do, except FreeBSD removed EAI_NODATA some time ago, so that's conditional.
+ 		 */
+-		if (ret == EAI_NONAME || ret == EAI_FAIL ||
++		if (/* ret == EAI_NONAME || */ ret == EAI_FAIL ||
+ 			#ifdef EAI_NODATA
+ 				ret == EAI_NODATA ||
+ 			#endif
diff --git a/net/amneziawg-tools/files/patch-ipc-freebsd.h b/net/amneziawg-tools/files/patch-ipc-freebsd.h
new file mode 100644
index 000000000000..9660fa0126ed
--- /dev/null
+++ b/net/amneziawg-tools/files/patch-ipc-freebsd.h
@@ -0,0 +1,11 @@
+--- ipc-freebsd.h.orig	2025-07-22 19:01:39 UTC
++++ ipc-freebsd.h
+@@ -21,7 +21,7 @@ static int kernel_get_wireguard_interfaces(struct stri
+ 
+ static int kernel_get_wireguard_interfaces(struct string_list *list)
+ {
+-	struct ifgroupreq ifgr = { .ifgr_name = "wg" };
++	struct ifgroupreq ifgr = { .ifgr_name = "awg" };
+ 	struct ifg_req *ifg;
+ 	int s = get_dgram_socket(), ret = 0;
+ 
diff --git a/net/amneziawg-tools/files/patch-wg-quick_freebsd.bash b/net/amneziawg-tools/files/patch-wg-quick_freebsd.bash
new file mode 100644
index 000000000000..c259697256a7
--- /dev/null
+++ b/net/amneziawg-tools/files/patch-wg-quick_freebsd.bash
@@ -0,0 +1,192 @@
+--- wg-quick/freebsd.bash.orig	2024-10-01 13:02:42 UTC
++++ wg-quick/freebsd.bash
+@@ -25,11 +25,17 @@ CONFIG_FILE=""
+ POST_DOWN=( )
+ SAVE_CONFIG=0
+ CONFIG_FILE=""
++DESCRIPTION=""
++USERLAND=0
+ PROGRAM="${0##*/}"
+ ARGS=( "$@" )
+ 
+ IS_ASESCURITY_ON=0
+ 
++
++declare -A ROUTES
++
++
+ cmd() {
+ 	echo "[#] $*" >&3
+ 	"$@"
+@@ -40,7 +46,7 @@ die() {
+ 	exit 1
+ }
+ 
+-CONFIG_SEARCH_PATHS=( /etc/amnezia/amneziawg /usr/local/etc/amnezia/amneziawg )
++CONFIG_SEARCH_PATHS=( /usr/local/etc/amnezia/amneziawg  /usr/local/etc/wireguard )
+ 
+ unset ORIGINAL_TMPDIR
+ make_temp() {
+@@ -64,7 +70,7 @@ parse_options() {
+ }
+ 
+ parse_options() {
+-	local interface_section=0 line key value stripped path v
++	local interface_section=0 line key value stripped path v last_public_key 
+ 	CONFIG_FILE="$1"
+ 	if [[ $CONFIG_FILE =~ ^[a-zA-Z0-9_=+.-]{1,15}$ ]]; then
+ 		for path in "${CONFIG_SEARCH_PATHS[@]}"; do
+@@ -82,7 +88,7 @@ parse_options() {
+ 		stripped="${line%%\#*}"
+ 		key="${stripped%%=*}"; key="${key##*([[:space:]])}"; key="${key%%*([[:space:]])}"
+ 		value="${stripped#*=}"; value="${value##*([[:space:]])}"; value="${value%%*([[:space:]])}"
+-		[[ $key == "["* ]] && interface_section=0
++		[[ $key == "["* ]] && interface_section=0 && last_public_key=""
+ 		[[ $key == "[Interface]" ]] && interface_section=1
+ 		if [[ $interface_section -eq 1 ]]; then
+ 			case "$key" in
+@@ -96,9 +102,12 @@ parse_options() {
+ 			PreDown) PRE_DOWN+=( "$value" ); continue ;;
+ 			PostUp) POST_UP+=( "$value" ); continue ;;
+ 			PostDown) POST_DOWN+=( "$value" ); continue ;;
++			Description) DESCRIPTION="$value"; continue ;;
+ 			SaveConfig) read_bool SAVE_CONFIG "$value"; continue ;;
++			UserLand) read_bool USERLAND "$value"; continue ;;
+ 			esac
+ 			case "$key" in
++			
+ 			Jc);&
+ 			Jmin);&
+ 			Jmax);&
+@@ -109,6 +118,12 @@ parse_options() {
+ 			H3);&
+ 			H4) IS_ASESCURITY_ON=1;;
+ 			esac
++		else
++			case "$key" in
++			PublicKey) last_public_key="$value" ;;
++			Routes) ROUTES["$last_public_key"]="$value"; continue ;;
++			DynamicRoutes) continue ;;
++			esac
+ 		fi
+ 		WG_CONFIG+="$line"$'\n'
+ 	done < "$CONFIG_FILE"
+@@ -130,11 +145,14 @@ add_if() {
+ add_if() {
+ 	local ret rc
+-	local cmd="ifconfig wg create name "$INTERFACE""
+-	if [[ $IS_ASESCURITY_ON == 1 ]]; then
++	local cmd="ifconfig awg create name "$INTERFACE""
++	if [[ $USERLAND == 1 ]]; then
+ 		cmd="amneziawg-go "$INTERFACE"";
+ 	fi
+-	if ret="$(cmd $cmd 2>&1 >/dev/null)"; then
+-		return 0
++	if [ -n "$DESCRIPTION" ]; then
++		ret="$(cmd $cmd description "$DESCRIPTION" 2>&1 >/dev/null)" && return 0
++	else
++
++		ret="$(cmd $cmd 2>&1 >/dev/null)" && return 0
+ 	fi
+ 	rc=$?
+ 	if [[ $ret == *"ifconfig: ioctl SIOCSIFNAME (set name): File exists"* ]]; then
+@@ -209,7 +227,7 @@ set_mtu() {
+ 		[[ ${BASH_REMATCH[1]} == *:* ]] && family=inet6
+ 		output="$(route -n get "-$family" "${BASH_REMATCH[1]}" || true)"
+ 		[[ $output =~ interface:\ ([^ ]+)$'\n' && $(ifconfig "${BASH_REMATCH[1]}") =~ mtu\ ([0-9]+) && ${BASH_REMATCH[1]} -gt $mtu ]] && mtu="${BASH_REMATCH[1]}"
+-	done < <(wg show "$INTERFACE" endpoints)
++	done < <(awg show "$INTERFACE" endpoints)
+ 	if [[ $mtu -eq 0 ]]; then
+ 		read -r output < <(route -n get default || true) || true
+ 		[[ $output =~ interface:\ ([^ ]+)$'\n' && $(ifconfig "${BASH_REMATCH[1]}") =~ mtu\ ([0-9]+) && ${BASH_REMATCH[1]} -gt $mtu ]] && mtu="${BASH_REMATCH[1]}"
+@@ -242,7 +260,7 @@ collect_endpoints() {
+ 	while read -r _ endpoint; do
+ 		[[ $endpoint =~ ^\[?([a-z0-9:.]+)\]?:[0-9]+$ ]] || continue
+ 		ENDPOINTS+=( "${BASH_REMATCH[1]}" )
+-	done < <(wg show "$INTERFACE" endpoints)
++	done < <(awg show "$INTERFACE" endpoints)
+ }
+ 
+ set_endpoint_direct_route() {
+@@ -301,14 +319,13 @@ monitor_daemon() {
+ 	(make_temp
+ 	trap 'del_routes; clean_temp; exit 0' INT TERM EXIT
+ 	exec >/dev/null 2>&1
+-	exec 19< <(exec route -n monitor)
++	exec 19< <(exec stdbuf -oL route -n monitor)
+ 	local event pid=$!
+ 	# TODO: this should also check to see if the endpoint actually changes
+ 	# in response to incoming packets, and then call set_endpoint_direct_route
+ 	# then too. That function should be able to gracefully cleanup if the
+ 	# endpoints change.
+ 	while read -u 19 -r event; do
+-		[[ $event == RTM_* ]] || continue
+ 		ifconfig "$INTERFACE" >/dev/null 2>&1 || break
+ 		[[ $AUTO_ROUTE4 -eq 1 || $AUTO_ROUTE6 -eq 1 ]] && set_endpoint_direct_route
+ 		# TODO: set the mtu as well, but only if up
+@@ -354,7 +371,7 @@ set_config() {
+ }
+ 
+ set_config() {
+-	echo "$WG_CONFIG" | cmd wg setconf "$INTERFACE" /dev/stdin
++	echo "$WG_CONFIG" | cmd awg setconf "$INTERFACE" /dev/stdin
+ }
+ 
+ save_config() {
+@@ -386,7 +403,7 @@ save_config() {
+ 	done
+ 	old_umask="$(umask)"
+ 	umask 077
+-	current_config="$(cmd wg showconf "$INTERFACE")"
++	current_config="$(cmd awg showconf "$INTERFACE")"
+ 	trap 'rm -f "$CONFIG_FILE.tmp"; clean_temp; exit' INT TERM EXIT
+ 	echo "${current_config/\[Interface\]$'\n'/$new_config}" > "$CONFIG_FILE.tmp" || die "Could not write configuration file"
+ 	sync "$CONFIG_FILE.tmp"
+@@ -433,6 +450,20 @@ cmd_usage() {
+ 	_EOF
+ }
+ 
++get_routes() {
++	while read -r pub_key i; do
++		if [[ -v "ROUTES[$pub_key]" ]]; then
++			for route in ${ROUTES[$pub_key]//,/ }; do
++				echo "$route"
++			done
++		else
++			for j in $i; do 
++				[[ $j =~ ^[0-9a-z:.]+/[0-9]+$ ]] && echo "$j"
++			done
++		fi
++	done < <(awg show "$INTERFACE" allowed-ips) | sort -nr -k 2 -t /
++}
++
+ cmd_up() {
+ 	local i
+ 	[[ -z $(ifconfig "$INTERFACE" 2>/dev/null) ]] || die "\`$INTERFACE' already exists"
+@@ -446,7 +477,7 @@ cmd_up() {
+ 	set_mtu
+ 	up_if
+ 	set_dns
+-	for i in $(while read -r _ i; do for i in $i; do [[ $i =~ ^[0-9a-z:.]+/[0-9]+$ ]] && echo "$i"; done; done < <(wg show "$INTERFACE" allowed-ips) | sort -nr -k 2 -t /); do
++	for i in $(get_routes); do
+ 		add_route "$i"
+ 	done
+ 	[[ $AUTO_ROUTE4 -eq 1 || $AUTO_ROUTE6 -eq 1 ]] && set_endpoint_direct_route
+@@ -456,7 +487,7 @@ cmd_down() {
+ }
+ 
+ cmd_down() {
+-	[[ " $(wg show interfaces) " == *" $INTERFACE "* ]] || die "\`$INTERFACE' is not a WireGuard interface"
++	[[ " $(awg show interfaces) " == *" $INTERFACE "* ]] || die "\`$INTERFACE' is not a WireGuard interface"
+ 	execute_hooks "${PRE_DOWN[@]}"
+ 	[[ $SAVE_CONFIG -eq 0 ]] || save_config
+ 	del_if
+@@ -465,7 +496,7 @@ cmd_save() {
+ }
+ 
+ cmd_save() {
+-	[[ " $(wg show interfaces) " == *" $INTERFACE "* ]] || die "\`$INTERFACE' is not a WireGuard interface"
++	[[ " $(awg show interfaces) " == *" $INTERFACE "* ]] || die "\`$INTERFACE' is not a WireGuard interface"
+ 	save_config
+ }
+ 
diff --git a/net/amneziawg-tools/pkg-descr b/net/amneziawg-tools/pkg-descr
new file mode 100644
index 000000000000..fdd8572d80a5
--- /dev/null
+++ b/net/amneziawg-tools/pkg-descr
@@ -0,0 +1,2 @@
+This supplies the main userspace tooling for using and configuring
+WireGuard tunnels, including the wg(8) and wg-quick(8) utilities.
diff --git a/net/amneziawg-tools/pkg-plist b/net/amneziawg-tools/pkg-plist
new file mode 100644
index 000000000000..c0a76bc03aa3
--- /dev/null
+++ b/net/amneziawg-tools/pkg-plist
@@ -0,0 +1,7 @@
+bin/awg
+bin/awg-quick
+share/bash-completion/completions/awg
+share/bash-completion/completions/awg-quick
+share/man/man8/awg.8.gz
+share/man/man8/awg-quick.8.gz
+@dir etc/amnezia/amneziawg