Installing amneziawg on Keenetic router can help bypass restrictions imposed by your Internet Service Provider (ISP) by concealing the operation of WireGuard. Unlike traditional VPN setups, amneziawg masks the WireGuard protocol, making it difficult for the ISP to detect that you’re using a VPN. This stealth feature prevents the provider from identifying and blocking the VPN traffic, ensuring a seamless and unrestricted internet experience even in environments where VPN usage is typically monitored or restricted by government-controlled firewalls. Creating a WireGuard connection with additional asc parameters in the updated interface of Keenetic OS 4.2 routers. Step 1 Open the management page of the router in your browser: http://192.168.0.1 Log in using your username and password login.png Step 2 Move to: Management → System settings
  • expand the “startup-config” item and save a backup copy of your router’s current settings.
system settings.png Step3 Check which version of KeeneticOS is installed on the router, and whether KeeneticOS is being updated to version 4.2., since WireGuard support with asc parameters in KeeneticOS has appeared since version 4.2 Alpha 2. If the KeeneticOS 4.2 release has not yet been released for your router, try switching the update channel to “Preview”. version.png Step4 More important backup a system files before upgrading. Save firmware, startup-config, default-config, and running-config. It will help to restore if failure occurs during the upgrade. save systemfiles.png Step5 On the “System Component Options” page that opens, in the “Network Functions” section, check if the “WireGuard VPN” component is installed. If the “WireGuard VPN” component is not installed, check the appropriate checkbox for installation, and click the “Update KeeneticOS” button that appears below. Wait for the router to update and reboot. wireguardcomponent.png Step6 If you get insufficient memory to install all select components in a new window that appears during the system update, click to View changes and disable components, and uncheck the unnecessary components to free up memory. !If the update is interrupted with the message “Not enough space”, you need to disable unnecessary components in the list to reduce the size of the update. memoryout.png Step7 After that, upgrade the router to version 4.2 or later by clicking the Update KeeneticOS button on the System Settings page. During the update process, the router will reboot. Step8 After updating and restarting the router, you need to log in again on the router management page. newversion.png Step 9 Make sure that Keenetic OS has been updated to version 4.2, and that the necessary WireGuard VPN component is installed. newversioninstalled.png Step 10 Now, you need to go back to the router settings, go to the Internet section, and select Other connections. otherconnections.png Step 11 Select the Wireguard section, create a new connection in it, and import the saved AmneziaWG configuration file. To do this, click on the “Import from file” link. importconfig.png Step 12 Choose the config file and press enter. You should get the following, where VPS_IP_ADDRESS is the IP address of VPS, and 42666 is the port. The new connection should appear in the Wireguard section, with the same name as the imported file. But it’s too early to use the connection that has appeared. You need to go to its settings for editing by clicking on its line anywhere except the switcher. addamneziawgconfig.png !The internal IP address of the new connection must be unique among existing Wireguard connections to avoid conflicts. If a conflict occurs, create a new configuration file with a different IP address for one of the conflicting connections. Step 13 In the connection settings window that opens, mark the Use to access the Internet checkbox, then save the changes by clicking the Save button at the bottom of the settings page. connectionsettings.png Step 14 Now you need to go to the web version of the Keenetic router command line to execute several commands. To do this, go to settings, click on the gear image in the upper-right corner of the web page, and click on the Command line link. commandline.png Step 15 Enter show interface command and click the Send Request button. Information about all available interfaces is displayed below. showinterface.png Step 16 Now you need to find out the name of the desired interface by the name of the previously created connection. To do this, open the search on the page (this can be done by pressing two keys at the same time, Ctrl+F). Enter the name of the previously created connection for the search. In this example, it is my_amneziawg_client1 . A single, unique name must be found in the “description” field. And next to it, there will be another field, “interface-name”, which displays the name of the desired interface. In this example, this is Wireguard 0. showinterface_name_wireguard0.png Step 17 Now, you know the name of the interface and the values of the asc parameters from the file my_amneziawg_client1.conf that we saved earlier. You need to replace all the template values in parentheses with your values and delete the brackets themselves. 
interface {name} wireguard asc {jc} {jmin} {jmax} {s1} {s2} {h1} {h2} {h3} {h4}
Open the my_amneziawg_client1.conf on your computer. From this file, you will need the values of the parameters Jc, Jmin, Jmax, S1, S2, H1, H2, H3, H4 - these are the asc parameters. 
[Interface]
PrivateKey = kHcPwRvI3FRc4qcE+Fgrln1K1qxQNM3jl4CpPzaYx4o=
#_PublicKey = 7vzU3tVk39Dj+XvjpX3e9yZzDZhfbTZUde2Elju3nRM=
Address = 10.10.8.2/32
DNS = 8.8.8.8
Jc = 120
Jmin = 60
Jmax = 1266
S1 = 11
S2 = 54
H1 = 563549684
H2 = 1544213701
H3 = 529241130
H4 = 981267317

[Peer]
AllowedIPs = 0.0.0.0/5, 8.0.0.0/7, 11.0.0.0/8, 12.0.0.0/6, 16.0.0.0/4, 32.0.0.0/3, 64.0.0.0/2, 128.0.0.0/3, 160.0.0.0/5, 168.0.0.0/6, 172.0.0.0/12, 172.32.0.0/11, 172.64.0.0/10, 172.128.0.0/9, 173.0.0.0/8, 174.0.0.0/7, 176.0.0.0/4, 192.0.0.0/9, 192.128.0.0/11, 192.160.0.0/13, 192.169.0.0/16, 192.170.0.0/15, 192.172.0.0/14, 192.176.0.0/12, 192.192.0.0/10, 193.0.0.0/8, 194.0.0.0/7, 196.0.0.0/6, 200.0.0.0/5, 208.0.0.0/4, 8.8.8.8/32
Endpoint = VPS_REMOTE_IP:54666
PersistentKeepalive = 60
PublicKey = 7gExcFjYZ6rR5nU7F3xzrDQchtGu4OCxEwGjSlRGwnE=
In this example, the string will look like: 
interface Wireguard0 wireguard asc 120 60 1266 11 54 563549684 1544213701 529241130 981267317
The resulting line should be inserted into the web version of the router’s command line, and click the “Send request” button. If you entered the correct command, the result of processing the request will be displayed below, as in the screenshot. commandwireguardasc.png Step 18 The execute system configuration save into the web version of the router’s command line, and click the “Send request” button. commandsaveconfiguration.png Step 19 Go to the Internet section and select Connection Policies. connectionpolicies.png Step 20 In the Connection Policies section add a new policy. For example, write amneziawg policy name and click on to Save button. createamneziawgpolicy.png Step 21 Click on amneziawg policy and move my_amneziawg_client1 that it will be on the top and set checkbox. Click save to save this setting. activaterutepolicyamneziawg.png In the Access Policy settings in the Default Policy, the created VPN connection (my_amneziawg_client1) should go below your main Internet connection in order to avoid problems with reconnecting the router when the main Internet connection is interrupted. Step 22 Now you need to go to the Internet section, then Other connections, and check the functionality of the created WireGuard connection by switching its state to “Enabled”. After a few seconds, the activity mark of the feast should change color from gray to green. Also, information about incoming/outgoing traffic and the time since the last “handshake” should be displayed. activateamneziawg.png Step 23 Move again to Internet → Connection Policies → Policy Bindings. In the Default policy section choose the device (for example it is SamsungSmartTv) for which you want to route traffic through amneziawg. In the switcher menu choose our amneziawg policy and click to Confirm. installpolicyforsamsungsmarttv.png The device will be moved to amneziawg policy. samsungsmarttvpolicyinstalled.png Step 24 To verify that the VPN connection is working correctly for the selected device, you can check its IP address. Use a website like “whoer.net” on the device to confirm that its IP address has changed to that of your VPN server. This step ensures that the traffic from your Samsung Smart TV (or other chosen device) is now being routed through the AmneziaWG VPN connection. Enjoy 🏄‍♂️!