enable amnezia by default

nym-vpn-core/crates/nym-vpn-lib/Cargo.toml

@@ -103,5 +103,6 @@ vergen = { workspace = true, default-features = false, features = [
 ] }
 
 [features]
+default = ["amnezia"]
 metrics-server = ["nym-client-core/metrics-server"]
 amnezia = ["nym-wg-go/amnezia"]

nym-vpn-core/crates/nym-vpn-lib/build.rs

@@ -1,7 +1,6 @@
 // Copyright 2024 - Nym Technologies SA <[email protected]>
 // SPDX-License-Identifier: GPL-3.0-only
 
-use std::{env, path::PathBuf};
 use vergen::EmitBuilder;
 
 fn main() -> Result<(), Box<dyn std::error::Error>> {
@@ -12,39 +11,5 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
         .all_cargo()
         .emit()
         .expect("failed to extract build metadata");
-
-    let manifest_path = env::var_os("CARGO_MANIFEST_DIR").expect("manifest dir is not set");
-    let target = env::var("TARGET").expect("target is not set");
-    let target_os = env::var("CARGO_CFG_TARGET_OS").expect("target os is not set");
-
-    let mut build_dir = PathBuf::from(manifest_path)
-        .join("../../../build/lib")
-        .canonicalize()
-        .expect("failed to canonicalize build dir path");
-
-    build_dir.push(target);
-
-    // CI may only provide universal builds
-    if target_os == "macos" {
-        let target_dir_exists = build_dir
-            .try_exists()
-            .expect("failed to check existence of target dir");
-
-        if !target_dir_exists {
-            build_dir.pop();
-            build_dir.push("universal-apple-darwin");
-        }
-    }
-
-    println!("cargo::rustc-link-search={}", build_dir.display());
-
-    let link_type = match target_os.as_str() {
-        "android" => "",
-        "linux" | "macos" | "ios" => "=static",
-        "windows" => "dylib",
-        _ => panic!("Unsupported platform: {}", target_os),
-    };
-    println!("cargo:rustc-link-lib{}=wg", link_type);
-
     Ok(())
 }

nym-vpn-core/crates/nym-vpn-lib/src/wg_config.rs

@@ -7,7 +7,7 @@ use ipnetwork::{IpNetwork, Ipv4Network};
 use nym_wg_gateway_client::GatewayData;
 #[cfg(target_os = "ios")]
 use nym_wg_go::PeerEndpointUpdate;
-use nym_wg_go::{wireguard_go, PeerConfig, PrivateKey, PublicKey};
+use nym_wg_go::{amnezia::AmneziaConfig, wireguard_go, PeerConfig, PrivateKey, PublicKey};
 
 #[cfg(any(target_os = "ios", target_os = "android"))]
 use nym_wg_go::netstack;
@@ -56,6 +56,8 @@ impl fmt::Debug for WgInterface {
             .field("mtu", &self.mtu);
         #[cfg(target_os = "linux")]
         d.field("fwmark", &self.fwmark);
+        #[cfg(feature = "amnezia")]
+        d.field("amnezia", &self.azwg_config);
         d.finish()
     }
 }
@@ -157,7 +159,7 @@ impl WgNodeConfig {
                 #[cfg(target_os = "linux")]
                 fwmark: None,
                 #[cfg(feature = "amnezia")]
-                azwg_config: None,
+                azwg_config: Some(AmneziaConfig::BASE),
             },
             peer: WgPeer {
                 public_key: PublicKey::from(*gateway_data.public_key.as_bytes()),

nym-vpn-core/crates/nym-wg-go/src/amnezia.rs

@@ -67,11 +67,17 @@ pub struct AmneziaConfig {
 
 impl Default for AmneziaConfig {
     fn default() -> Self {
-        OFF.clone()
+        BASE.clone()
     }
 }
 
 impl AmneziaConfig {
+    /// Disabled Amnezia Configuration
+    pub const OFF: Self = OFF;
+    /// Enables only the minimum Amnezia features, while ensuring compatibility with plain
+    /// wireguard peers.
+    pub const BASE: Self = BASE;
+
     /// Creates a randomized configuration with parameters within suggested ranges.
     ///
     /// Attempts to retry if there is a collision in [H1, H2, H3, H4]. This should
@@ -97,36 +103,25 @@ impl AmneziaConfig {
         panic!("this should not be possible");
     }
 
-    /// Returns a configuration that disables Amnezia.
-    pub fn off() -> Self {
-        OFF.clone()
-    }
-
-    /// Returns a configuration that enables only the basic junk packet feature
-    /// of amneziawg
-    pub fn basic() -> Self {
-        BASE.clone()
-    }
-
     /// Adds the contained AmneziaWG parameters to the UAPI Config
     pub fn append_to(&self, config_builder: &mut UapiConfigBuilder) {
         if self == &OFF {
             return;
         }
-        config_builder.add("Jc", self.junk_pkt_count.to_string().as_str());
-        config_builder.add("Jmin", self.junk_pkt_min_size.to_string().as_str());
-        config_builder.add("Jmax", self.junk_pkt_max_size.to_string().as_str());
+        config_builder.add("jc", self.junk_pkt_count.to_string().as_str());
+        config_builder.add("jmin", self.junk_pkt_min_size.to_string().as_str());
+        config_builder.add("jmax", self.junk_pkt_max_size.to_string().as_str());
 
         if self == &BASE {
             return;
         }
 
-        config_builder.add("S1", self.init_pkt_junk_size.to_string().as_str());
-        config_builder.add("S2", self.response_pkt_junk_size.to_string().as_str());
-        config_builder.add("H1", self.init_pkt_magic_header.to_string().as_str());
-        config_builder.add("H2", self.response_pkt_magic_header.to_string().as_str());
-        config_builder.add("H3", self.under_load_pkt_magic_header.to_string().as_str());
-        config_builder.add("H4", self.transport_pkt_magic_header.to_string().as_str());
+        config_builder.add("s1", self.init_pkt_junk_size.to_string().as_str());
+        config_builder.add("s2", self.response_pkt_junk_size.to_string().as_str());
+        config_builder.add("h1", self.init_pkt_magic_header.to_string().as_str());
+        config_builder.add("h2", self.response_pkt_magic_header.to_string().as_str());
+        config_builder.add("h3", self.under_load_pkt_magic_header.to_string().as_str());
+        config_builder.add("h4", self.transport_pkt_magic_header.to_string().as_str());
     }
 
     /// Check if the provided configuration is valid
@@ -187,7 +182,7 @@ mod test {
 
         let mut config_builder = UapiConfigBuilder::new();
         BASE.append_to(&mut config_builder);
-        assert_eq!(config_builder.into_bytes(), b"Jc=4\nJmin=40\nJmax=70\n\n");
+        assert_eq!(config_builder.into_bytes(), b"jc=4\njmin=40\njmax=70\n\n");
 
         let c = AmneziaConfig {
             junk_pkt_count: 1,
@@ -204,7 +199,7 @@ mod test {
         c.append_to(&mut config_builder);
         assert_eq!(
             config_builder.into_bytes(),
-            b"Jc=1\nJmin=20\nJmax=30\nS1=40\nS2=50\nH1=11\nH2=12\nH3=13\nH4=14\n\n"
+            b"jc=1\njmin=20\njmax=30\ns1=40\ns2=50\nh1=11\nh2=12\nh3=13\nh4=14\n\n"
         );
     }
 }

nym-vpn-core/crates/nym-wg-go/src/wireguard_go.rs

@@ -63,7 +63,7 @@ impl Config {
             config_builder.add("fwmark", fwmark.to_string().as_str());
         }
 
-        #[cfg(feature = "amnezia")]
+        #[cfg(all(feature = "amnezia"))]
         if let Some(azwg_config) = &self.interface.azwg_config {
             azwg_config.append_to(&mut config_builder);
         }

wireguard/build-wireguard-go.sh

@@ -39,14 +39,6 @@ function parseArgs {
     echo "android:$IS_ANDROID_BUILD ios:$IS_IOS_BUILD docker:$IS_DOCKER_BUILD win_arm64:$IS_WIN_ARM64"
 }
 
-function win_deduce_lib_executable_path {
-    msbuild_path="$(which msbuild.exe)"
-    msbuild_dir=$(dirname "$msbuild_path")
-    find "$msbuild_dir/../../../../" -name "lib.exe" | \
-        grep -i "hostx64/x64" | \
-        head -n1
-}
-
 function win_gather_export_symbols {
    grep -Eo "\/\/export \w+" libwg.go libwg_windows.go | cut -d' ' -f2
 }