From 871037f887dae54493be6bf73b0c14c70a6f7ac7 Mon Sep 17 00:00:00 2001
From: "vladimir.kuznetsov" <nethiuswork@gmail.com>
Date: Sat, 25 May 2024 10:04:41 +0200
Subject: [PATCH 01/53] added changelog drawer

---
 client/amnezia_application.cpp               |   8 +
 client/amnezia_application.h                 |   2 +
 client/core/controllers/apiController.cpp    |   2 +-
 client/resources.qrc                         |   3 +-
 client/ui/controllers/pageController.h       |   2 +
 client/ui/controllers/systemController.h     |   2 +-
 client/ui/controllers/updateController.cpp   | 149 +++++++++++++++++++
 client/ui/controllers/updateController.h     |  34 +++++
 client/ui/qml/Components/ChangelogDrawer.qml | 119 +++++++++++++++
 client/ui/qml/main2.qml                      |  14 ++
 ipc/ipc_interface.rep                        |   2 +
 ipc/ipcserver.cpp                            |  97 ++++++------
 ipc/ipcserver.h                              |   1 +
 13 files changed, 384 insertions(+), 51 deletions(-)
 create mode 100644 client/ui/controllers/updateController.cpp
 create mode 100644 client/ui/controllers/updateController.h
 create mode 100644 client/ui/qml/Components/ChangelogDrawer.qml

diff --git a/client/amnezia_application.cpp b/client/amnezia_application.cpp
index 06d2f9ac..1bd196fd 100644
--- a/client/amnezia_application.cpp
+++ b/client/amnezia_application.cpp
@@ -406,4 +406,12 @@ void AmneziaApplication::initControllers()
 
     m_systemController.reset(new SystemController(m_settings));
     m_engine->rootContext()->setContextProperty("SystemController", m_systemController.get());
+
+    m_updateController.reset(new UpdateController(m_settings));
+    m_engine->rootContext()->setContextProperty("UpdateController", m_updateController.get());
+    m_updateController->checkForUpdates();
+
+    connect(m_updateController.get(), &UpdateController::updateFound, this, [this]() {
+        QTimer::singleShot(1000, this, [this]() { m_pageController->showChangelogDrawer(); });
+    });
 }
diff --git a/client/amnezia_application.h b/client/amnezia_application.h
index 5561d7c7..395ed237 100644
--- a/client/amnezia_application.h
+++ b/client/amnezia_application.h
@@ -24,6 +24,7 @@
 #include "ui/controllers/sitesController.h"
 #include "ui/controllers/systemController.h"
 #include "ui/controllers/appSplitTunnelingController.h"
+#include "ui/controllers/updateController.h"
 #include "ui/models/containers_model.h"
 #include "ui/models/languageModel.h"
 #include "ui/models/protocols/cloakConfigModel.h"
@@ -130,6 +131,7 @@ private:
     QScopedPointer<SitesController> m_sitesController;
     QScopedPointer<SystemController> m_systemController;
     QScopedPointer<AppSplitTunnelingController> m_appSplitTunnelingController;
+    QScopedPointer<UpdateController> m_updateController;
 
     QNetworkAccessManager *m_nam;
 };
diff --git a/client/core/controllers/apiController.cpp b/client/core/controllers/apiController.cpp
index fa0fcaec..ab8fd5d3 100644
--- a/client/core/controllers/apiController.cpp
+++ b/client/core/controllers/apiController.cpp
@@ -99,7 +99,7 @@ void ApiController::updateServerConfigFromApi(const QString &installationUuid, c
 
         QByteArray requestBody = QJsonDocument(apiPayload).toJson();
 
-        QNetworkReply *reply = amnApp->manager()->post(request, requestBody); // ??
+        QNetworkReply *reply = amnApp->manager()->post(request, requestBody);
 
         QObject::connect(reply, &QNetworkReply::finished, [this, reply, protocol, apiPayloadData, serverIndex, serverConfig]() mutable {
             if (reply->error() == QNetworkReply::NoError) {
diff --git a/client/resources.qrc b/client/resources.qrc
index 49fd66d3..8a42e564 100644
--- a/client/resources.qrc
+++ b/client/resources.qrc
@@ -198,7 +198,7 @@
         <file>ui/qml/Pages2/PageProtocolOpenVpnSettings.qml</file>
         <file>ui/qml/Pages2/PageProtocolShadowSocksSettings.qml</file>
         <file>ui/qml/Pages2/PageProtocolCloakSettings.qml</file>
-        <file>ui/qml/Pages2/PageProtocolXraySettings.qml</file>        
+        <file>ui/qml/Pages2/PageProtocolXraySettings.qml</file>
         <file>ui/qml/Pages2/PageProtocolRaw.qml</file>
         <file>ui/qml/Pages2/PageSettingsLogging.qml</file>
         <file>ui/qml/Pages2/PageServiceSftpSettings.qml</file>
@@ -239,5 +239,6 @@
         <file>images/controls/alert-circle.svg</file>
         <file>images/controls/file-check-2.svg</file>
         <file>ui/qml/Controls2/WarningType.qml</file>
+        <file>ui/qml/Components/ChangelogDrawer.qml</file>
     </qresource>
 </RCC>
diff --git a/client/ui/controllers/pageController.h b/client/ui/controllers/pageController.h
index b286b1b1..58454ef6 100644
--- a/client/ui/controllers/pageController.h
+++ b/client/ui/controllers/pageController.h
@@ -126,6 +126,8 @@ signals:
     void forceTabBarActiveFocus();
     void forceStackActiveFocus();
 
+    void showChangelogDrawer();
+
 private:
     QSharedPointer<ServersModel> m_serversModel;
 
diff --git a/client/ui/controllers/systemController.h b/client/ui/controllers/systemController.h
index 274df234..7dbf8947 100644
--- a/client/ui/controllers/systemController.h
+++ b/client/ui/controllers/systemController.h
@@ -9,7 +9,7 @@ class SystemController : public QObject
 {
     Q_OBJECT
 public:
-    explicit SystemController(const std::shared_ptr<Settings> &setting, QObject *parent = nullptr);
+    explicit SystemController(const std::shared_ptr<Settings> &settings, QObject *parent = nullptr);
 
     static void saveFile(QString fileName, const QString &data);
 
diff --git a/client/ui/controllers/updateController.cpp b/client/ui/controllers/updateController.cpp
new file mode 100644
index 00000000..6bf6f9fd
--- /dev/null
+++ b/client/ui/controllers/updateController.cpp
@@ -0,0 +1,149 @@
+#include "updateController.h"
+
+#include <QNetworkAccessManager>
+#include <QNetworkReply>
+#include <QVersionNumber>
+#include <QtConcurrent>
+
+#include "amnezia_application.h"
+#include "core/errorstrings.h"
+#include "version.h"
+
+namespace {
+#ifdef Q_OS_MACOS
+    const QString installerPath = QStandardPaths::writableLocation(QStandardPaths::TempLocation) + "/AmneziaVPN.dmg";
+#elif defined Q_OS_WINDOWS
+    const QString installerPath = QStandardPaths::writableLocation(QStandardPaths::TempLocation) + "/AmneziaVPN.exe";
+#elif defined(Q_OS_LINUX) && !defined(Q_OS_ANDROID)
+    const QString installerPath = QStandardPaths::writableLocation(QStandardPaths::TempLocation) + "/AmneziaVPN.tar.zip";
+#endif
+}
+
+UpdateController::UpdateController(const std::shared_ptr<Settings> &settings, QObject *parent) : QObject(parent), m_settings(settings)
+{
+}
+
+QString UpdateController::getHeaderText()
+{
+    return tr("New version released: %1 (%2)").arg(m_version, m_releaseDate);
+}
+
+QString UpdateController::getChangelogText()
+{
+    return m_changelogText;
+}
+
+void UpdateController::checkForUpdates()
+{
+    QNetworkRequest request;
+    request.setTransferTimeout(7000);
+    QString endpoint = "https://api.github.com/repos/amnezia-vpn/amnezia-client/releases/latest";
+    request.setUrl(endpoint);
+
+    QNetworkReply *reply = amnApp->manager()->get(request);
+
+    QObject::connect(reply, &QNetworkReply::finished, [this, reply]() {
+        if (reply->error() == QNetworkReply::NoError) {
+            QString contents = QString::fromUtf8(reply->readAll());
+            QJsonObject data = QJsonDocument::fromJson(contents.toUtf8()).object();
+            m_version = data.value("tag_name").toString();
+
+            auto currentVersion = QVersionNumber::fromString(QString(APP_VERSION));
+            qDebug() << currentVersion;
+            auto newVersion = QVersionNumber::fromString(m_version);
+            if (newVersion > currentVersion) {
+                m_changelogText = data.value("body").toString();
+
+                QString dateString = data.value("published_at").toString();
+                QDateTime dateTime = QDateTime::fromString(dateString, "yyyy-MM-ddTHH:mm:ssZ");
+                m_releaseDate = dateTime.toString("MMM dd yyyy");
+
+                QJsonArray assets = data.value("assets").toArray();
+
+                for (auto asset : assets) {
+                    QJsonObject assetObject = asset.toObject();
+                    if (assetObject.value("name").toString().contains(".dmg")) {
+                        m_downloadUrl = assetObject.value("browser_download_url").toString();
+                    }
+                }
+
+                emit updateFound();
+            }
+        } else {
+            if (reply->error() == QNetworkReply::NetworkError::OperationCanceledError
+                || reply->error() == QNetworkReply::NetworkError::TimeoutError) {
+                qDebug() << errorString(ErrorCode::ApiConfigTimeoutError);
+            } else {
+                QString err = reply->errorString();
+                qDebug() << QString::fromUtf8(reply->readAll());
+                qDebug() << reply->error();
+                qDebug() << err;
+                qDebug() << reply->attribute(QNetworkRequest::HttpStatusCodeAttribute);
+                qDebug() << errorString(ErrorCode::ApiConfigDownloadError);
+            }
+        }
+
+        reply->deleteLater();
+    });
+
+    QObject::connect(reply, &QNetworkReply::errorOccurred,
+                     [this, reply](QNetworkReply::NetworkError error) { qDebug() << reply->errorString() << error; });
+    connect(reply, &QNetworkReply::sslErrors, [this, reply](const QList<QSslError> &errors) {
+        qDebug().noquote() << errors;
+        qDebug() << errorString(ErrorCode::ApiConfigSslError);
+    });
+}
+
+void UpdateController::runInstaller()
+{
+    QNetworkRequest request;
+    request.setTransferTimeout(7000);
+    request.setUrl(m_downloadUrl);
+
+    QNetworkReply *reply = amnApp->manager()->get(request);
+
+    QObject::connect(reply, &QNetworkReply::finished, [this, reply]() {
+        if (reply->error() == QNetworkReply::NoError) {
+            QFile file(installerPath);
+            if (file.open(QIODevice::WriteOnly)) {
+                file.write(reply->readAll());
+                file.close();
+
+                QFutureWatcher<int> watcher;
+                QFuture<int> future = QtConcurrent::run([this]() {
+                    QString t = installerPath;
+                    QRemoteObjectPendingReply<int> ipcReply = IpcClient::Interface()->mountDmg(t, true);
+                    ipcReply.waitForFinished();
+                    QProcess::execute("/Volumes/AmneziaVPN/AmneziaVPN.app/Contents/MacOS/AmneziaVPN");
+                    ipcReply = IpcClient::Interface()->mountDmg(t, false);
+                    ipcReply.waitForFinished();
+                    return ipcReply.returnValue();
+                });
+
+                QEventLoop wait;
+                connect(&watcher, &QFutureWatcher<ErrorCode>::finished, &wait, &QEventLoop::quit);
+                watcher.setFuture(future);
+                wait.exec();
+
+                qDebug() <<  future.result();
+
+//                emit errorOccured("");
+            }
+        } else {
+            if (reply->error() == QNetworkReply::NetworkError::OperationCanceledError
+                || reply->error() == QNetworkReply::NetworkError::TimeoutError) {
+                qDebug() << errorString(ErrorCode::ApiConfigTimeoutError);
+            } else {
+                QString err = reply->errorString();
+                qDebug() << QString::fromUtf8(reply->readAll());
+                qDebug() << reply->error();
+                qDebug() << err;
+                qDebug() << reply->attribute(QNetworkRequest::HttpStatusCodeAttribute);
+                qDebug() << errorString(ErrorCode::ApiConfigDownloadError);
+            }
+        }
+
+        reply->deleteLater();
+    });
+
+}
diff --git a/client/ui/controllers/updateController.h b/client/ui/controllers/updateController.h
new file mode 100644
index 00000000..986174ac
--- /dev/null
+++ b/client/ui/controllers/updateController.h
@@ -0,0 +1,34 @@
+#ifndef UPDATECONTROLLER_H
+#define UPDATECONTROLLER_H
+
+#include <QObject>
+
+#include "settings.h"
+
+class UpdateController : public QObject
+{
+    Q_OBJECT
+public:
+    explicit UpdateController(const std::shared_ptr<Settings> &settings, QObject *parent = nullptr);
+
+    Q_PROPERTY(QString changelogText READ getChangelogText NOTIFY updateFound)
+    Q_PROPERTY(QString headerText READ getHeaderText NOTIFY updateFound)
+public slots:
+    QString getHeaderText();
+    QString getChangelogText();
+
+    void checkForUpdates();
+    void runInstaller();
+signals:
+    void updateFound();
+    void errorOccured(const QString &errorMessage);
+private:
+    std::shared_ptr<Settings> m_settings;
+
+    QString m_changelogText;
+    QString m_version;
+    QString m_releaseDate;
+    QString m_downloadUrl;
+};
+
+#endif // UPDATECONTROLLER_H
diff --git a/client/ui/qml/Components/ChangelogDrawer.qml b/client/ui/qml/Components/ChangelogDrawer.qml
new file mode 100644
index 00000000..c2eae80e
--- /dev/null
+++ b/client/ui/qml/Components/ChangelogDrawer.qml
@@ -0,0 +1,119 @@
+import QtQuick
+import QtQuick.Controls
+import QtQuick.Layouts
+
+import "../Controls2"
+import "../Controls2/TextTypes"
+
+import "../Config"
+
+DrawerType2 {
+    id: root
+
+    anchors.fill: parent
+    expandedHeight: parent.height * 0.9
+
+    expandedContent: Item {
+        implicitHeight: root.expandedHeight
+
+        Connections {
+            target: root
+            enabled: !GC.isMobile()
+            function onOpened() {
+                focusItem.forceActiveFocus()
+            }
+        }
+
+        Header2TextType {
+            id: header
+            anchors.top: parent.top
+            anchors.left: parent.left
+            anchors.right: parent.right
+            anchors.topMargin: 16
+            anchors.rightMargin: 16
+            anchors.leftMargin: 16
+
+            text: UpdateController.headerText
+        }
+
+        FlickableType {
+            anchors.top: header.bottom
+            anchors.bottom: updateButton.top
+            contentHeight: changelog.height + 32
+
+            ParagraphTextType {
+                id: changelog
+                anchors.top: parent.top
+                anchors.left: parent.left
+                anchors.right: parent.right
+                anchors.topMargin: 48
+                anchors.rightMargin: 16
+                anchors.leftMargin: 16
+
+                HoverHandler {
+                    enabled: parent.hoveredLink
+                    cursorShape: Qt.PointingHandCursor
+                }
+
+                onLinkActivated: function(link) {
+                    Qt.openUrlExternally(link)
+                }
+
+                text: UpdateController.changelogText
+                textFormat: Text.MarkdownText
+            }
+        }
+
+        Item {
+            id: focusItem
+            KeyNavigation.tab: updateButton
+        }
+
+        BasicButtonType {
+            id: updateButton
+            anchors.bottom: skipButton.top
+            anchors.left: parent.left
+            anchors.right: parent.right
+            anchors.topMargin: 16
+            anchors.bottomMargin: 8
+            anchors.rightMargin: 16
+            anchors.leftMargin: 16
+
+            text: qsTr("Update")
+
+            clickedFunc: function() {
+                PageController.showBusyIndicator(true)
+                UpdateController.runInstaller()
+                PageController.showBusyIndicator(false)
+                root.close()
+            }
+
+            KeyNavigation.tab: skipButton
+        }
+
+        BasicButtonType {
+            id: skipButton
+            anchors.bottom: parent.bottom
+            anchors.left: parent.left
+            anchors.right: parent.right
+            anchors.bottomMargin: 16
+            anchors.rightMargin: 16
+            anchors.leftMargin: 16
+
+            defaultColor: "transparent"
+            hoveredColor: Qt.rgba(1, 1, 1, 0.08)
+            pressedColor: Qt.rgba(1, 1, 1, 0.12)
+            disabledColor: "#878B91"
+            textColor: "#D7D8DB"
+            borderWidth: 1
+
+            text: qsTr("Skip this version")
+
+            clickedFunc: function() {
+                root.close()
+            }
+
+            KeyNavigation.tab: focusItem
+        }
+    }
+}
diff --git a/client/ui/qml/main2.qml b/client/ui/qml/main2.qml
index 7e31bb09..a366fd2d 100644
--- a/client/ui/qml/main2.qml
+++ b/client/ui/qml/main2.qml
@@ -92,6 +92,10 @@ Window  {
             busyIndicator.visible = visible
             PageController.disableControls(visible)
         }
+
+        function onShowChangelogDrawer() {
+            changelogDrawer.open()
+        }
     }
 
     Connections {
@@ -264,4 +268,14 @@ Window  {
         onAccepted: SystemController.fileDialogClosed(true)
         onRejected: SystemController.fileDialogClosed(false)
     }
+
+    Item {
+        anchors.fill: parent
+
+        ChangelogDrawer {
+            id: changelogDrawer
+
+            anchors.fill: parent
+        }
+    }
 }
diff --git a/ipc/ipc_interface.rep b/ipc/ipc_interface.rep
index 79f2d042..7b49b8b7 100644
--- a/ipc/ipc_interface.rep
+++ b/ipc/ipc_interface.rep
@@ -32,5 +32,7 @@ class IpcInterface
     SLOT( bool enablePeerTraffic( const QJsonObject &configStr) );
     SLOT( bool enableKillSwitch( const QJsonObject &excludeAddr, int vpnAdapterIndex) );
     SLOT( bool updateResolvers(const QString& ifname, const QList<QHostAddress>& resolvers) );
+
+    SLOT( int mountDmg(const QString &path, bool mount) );
 };
 
diff --git a/ipc/ipcserver.cpp b/ipc/ipcserver.cpp
index c734912b..9b72a553 100644
--- a/ipc/ipcserver.cpp
+++ b/ipc/ipcserver.cpp
@@ -1,32 +1,33 @@
 #include "ipcserver.h"
 
-#include <QObject>
 #include <QDateTime>
-#include <QLocalSocket>
 #include <QFileInfo>
+#include <QLocalSocket>
+#include <QObject>
+#include <QProcess>
 
-#include "router.h"
 #include "logger.h"
+#include "router.h"
 
 #include "../client/protocols/protocols_defs.h"
 #ifdef Q_OS_WIN
-#include "tapcontroller_win.h"
-#include "../client/platforms/windows/daemon/windowsfirewall.h"
-#include "../client/platforms/windows/daemon/windowsdaemon.h"
+    #include "../client/platforms/windows/daemon/windowsdaemon.h"
+    #include "../client/platforms/windows/daemon/windowsfirewall.h"
+    #include "tapcontroller_win.h"
 #endif
 
 #ifdef Q_OS_LINUX
-#include "../client/platforms/linux/daemon/linuxfirewall.h"
+    #include "../client/platforms/linux/daemon/linuxfirewall.h"
 #endif
 
 #ifdef Q_OS_MACOS
-#include "../client/platforms/macos/daemon/macosfirewall.h"
+    #include "../client/platforms/macos/daemon/macosfirewall.h"
 #endif
 
-IpcServer::IpcServer(QObject *parent):
-    IpcInterfaceSource(parent)
+IpcServer::IpcServer(QObject *parent) : IpcInterfaceSource(parent)
 
-{}
+{
+}
 
 int IpcServer::createPrivilegedProcess()
 {
@@ -58,23 +59,20 @@ int IpcServer::createPrivilegedProcess()
         }
     });
 
-    QObject::connect(pd.serverNode.data(), &QRemoteObjectHost::error, this, [pd](QRemoteObjectNode::ErrorCode errorCode) {
-        qDebug() << "QRemoteObjectHost::error" << errorCode;
-    });
+    QObject::connect(pd.serverNode.data(), &QRemoteObjectHost::error, this,
+                     [pd](QRemoteObjectNode::ErrorCode errorCode) { qDebug() << "QRemoteObjectHost::error" << errorCode; });
 
-    QObject::connect(pd.serverNode.data(), &QRemoteObjectHost::destroyed, this, [pd]() {
-        qDebug() << "QRemoteObjectHost::destroyed";
-    });
+    QObject::connect(pd.serverNode.data(), &QRemoteObjectHost::destroyed, this, [pd]() { qDebug() << "QRemoteObjectHost::destroyed"; });
 
-//    connect(pd.ipcProcess.data(), &IpcServerProcess::finished, this, [this, pid=m_localpid](int exitCode, QProcess::ExitStatus exitStatus){
-//        qDebug() << "IpcServerProcess finished" << exitCode << exitStatus;
-////        if (m_processes.contains(pid)) {
-////            m_processes[pid].ipcProcess.reset();
-////            m_processes[pid].serverNode.reset();
-////            m_processes[pid].localServer.reset();
-////            m_processes.remove(pid);
-////        }
-//    });
+    //    connect(pd.ipcProcess.data(), &IpcServerProcess::finished, this, [this, pid=m_localpid](int exitCode, QProcess::ExitStatus exitStatus){
+    //        qDebug() << "IpcServerProcess finished" << exitCode << exitStatus;
+    ////        if (m_processes.contains(pid)) {
+    ////            m_processes[pid].ipcProcess.reset();
+    ////            m_processes[pid].serverNode.reset();
+    ////            m_processes[pid].localServer.reset();
+    ////            m_processes.remove(pid);
+    ////        }
+    //    });
 
     m_processes.insert(m_localpid, pd);
 
@@ -105,7 +103,7 @@ bool IpcServer::routeDeleteList(const QString &gw, const QStringList &ips)
     qDebug() << "IpcServer::routeDeleteList";
 #endif
 
-    return Router::routeDeleteList(gw ,ips);
+    return Router::routeDeleteList(gw, ips);
 }
 
 void IpcServer::flushDns()
@@ -172,7 +170,7 @@ bool IpcServer::deleteTun(const QString &dev)
     return Router::deleteTun(dev);
 }
 
-bool IpcServer::updateResolvers(const QString& ifname, const QList<QHostAddress>& resolvers)
+bool IpcServer::updateResolvers(const QString &ifname, const QList<QHostAddress> &resolvers)
 {
     return Router::updateResolvers(ifname, resolvers);
 }
@@ -194,13 +192,11 @@ void IpcServer::setLogsEnabled(bool enabled)
 
     if (enabled) {
         Logger::init();
-    }
-    else {
+    } else {
         Logger::deinit();
     }
 }
 
-
 bool IpcServer::enableKillSwitch(const QJsonObject &configStr, int vpnAdapterIndex)
 {
 #ifdef Q_OS_WIN
@@ -216,13 +212,11 @@ bool IpcServer::enableKillSwitch(const QJsonObject &configStr, int vpnAdapterInd
     QStringList allownets;
     QStringList blocknets;
 
-    if (splitTunnelType == 0)
-    {
+    if (splitTunnelType == 0) {
         blockAll = true;
         allowNets = true;
         allownets.append(configStr.value(amnezia::config_key::hostName).toString());
-    } else if (splitTunnelType == 1)
-    {
+    } else if (splitTunnelType == 1) {
         blockNets = true;
         for (auto v : splitTunnelSites) {
             blocknets.append(v.toString());
@@ -264,18 +258,17 @@ bool IpcServer::enableKillSwitch(const QJsonObject &configStr, int vpnAdapterInd
 
     // double-check + ensure our firewall is installed and enabled. This is necessary as
     // other software may disable pfctl before re-enabling with their own rules (e.g other VPNs)
-    if (!MacOSFirewall::isInstalled()) MacOSFirewall::install();
+    if (!MacOSFirewall::isInstalled())
+        MacOSFirewall::install();
 
     MacOSFirewall::ensureRootAnchorPriority();
     MacOSFirewall::setAnchorEnabled(QStringLiteral("000.allowLoopback"), true);
     MacOSFirewall::setAnchorEnabled(QStringLiteral("100.blockAll"), blockAll);
     MacOSFirewall::setAnchorEnabled(QStringLiteral("110.allowNets"), allowNets);
-    MacOSFirewall::setAnchorTable(QStringLiteral("110.allowNets"), allowNets,
-                                  QStringLiteral("allownets"), allownets);
+    MacOSFirewall::setAnchorTable(QStringLiteral("110.allowNets"), allowNets, QStringLiteral("allownets"), allownets);
 
     MacOSFirewall::setAnchorEnabled(QStringLiteral("120.blockNets"), blockNets);
-    MacOSFirewall::setAnchorTable(QStringLiteral("120.blockNets"), blockNets,
-                                  QStringLiteral("blocknets"), blocknets);
+    MacOSFirewall::setAnchorTable(QStringLiteral("120.blockNets"), blockNets, QStringLiteral("blocknets"), blocknets);
     MacOSFirewall::setAnchorEnabled(QStringLiteral("200.allowVPN"), true);
     MacOSFirewall::setAnchorEnabled(QStringLiteral("250.blockIPv6"), true);
     MacOSFirewall::setAnchorEnabled(QStringLiteral("290.allowDHCP"), true);
@@ -326,10 +319,8 @@ bool IpcServer::enablePeerTraffic(const QJsonObject &configStr)
 
     // Use APP split tunnel
     if (splitTunnelType == 0 || splitTunnelType == 2) {
-            config.m_allowedIPAddressRanges.append(
-                    IPAddress(QHostAddress("0.0.0.0"), 0));
-            config.m_allowedIPAddressRanges.append(
-                IPAddress(QHostAddress("::"), 0));
+        config.m_allowedIPAddressRanges.append(IPAddress(QHostAddress("0.0.0.0"), 0));
+        config.m_allowedIPAddressRanges.append(IPAddress(QHostAddress("::"), 0));
     }
 
     if (splitTunnelType == 1) {
@@ -337,10 +328,9 @@ bool IpcServer::enablePeerTraffic(const QJsonObject &configStr)
             QString ipRange = v.toString();
             if (ipRange.split('/').size() > 1) {
                 config.m_allowedIPAddressRanges.append(
-                    IPAddress(QHostAddress(ipRange.split('/')[0]), atoi(ipRange.split('/')[1].toLocal8Bit())));
+                        IPAddress(QHostAddress(ipRange.split('/')[0]), atoi(ipRange.split('/')[1].toLocal8Bit())));
             } else {
-                 config.m_allowedIPAddressRanges.append(
-                    IPAddress(QHostAddress(ipRange), 32));
+                config.m_allowedIPAddressRanges.append(IPAddress(QHostAddress(ipRange), 32));
             }
         }
     }
@@ -353,7 +343,7 @@ bool IpcServer::enablePeerTraffic(const QJsonObject &configStr)
         }
     }
 
-    for (const QJsonValue& i : configStr.value(amnezia::config_key::splitTunnelApps).toArray()) {
+    for (const QJsonValue &i : configStr.value(amnezia::config_key::splitTunnelApps).toArray()) {
         if (!i.isString()) {
             break;
         }
@@ -371,3 +361,14 @@ bool IpcServer::enablePeerTraffic(const QJsonObject &configStr)
 #endif
     return true;
 }
+
+int IpcServer::mountDmg(const QString &path, bool mount)
+{
+#ifdef Q_OS_MACOS
+    qDebug() << path;
+    auto res = QProcess::execute(QString("sudo hdiutil %1 %2").arg(mount ? "attach" : "unmount", path));
+    qDebug() << res;
+    return res;
+#endif
+    return 0;
+}
diff --git a/ipc/ipcserver.h b/ipc/ipcserver.h
index bd474481..21e2a591 100644
--- a/ipc/ipcserver.h
+++ b/ipc/ipcserver.h
@@ -35,6 +35,7 @@ public:
     virtual bool enableKillSwitch(const QJsonObject &excludeAddr, int vpnAdapterIndex) override;
     virtual bool disableKillSwitch() override;
     virtual bool updateResolvers(const QString& ifname, const QList<QHostAddress>& resolvers) override;
+    virtual int mountDmg(const QString &path, bool mount) override;
 
 private:
     int m_localpid = 0;

From efdd47a63da92d19bcfee0f781a90e5df750eddc Mon Sep 17 00:00:00 2001
From: aiamnezia <ai@amnezia.org>
Date: Thu, 28 Nov 2024 11:36:50 +0400
Subject: [PATCH 02/53] Created a scaffold for Linux installation

---
 client/ui/controllers/updateController.cpp | 11 ++++++-----
 ipc/ipc_interface.rep                      |  1 +
 ipc/ipcserver.cpp                          |  8 ++++++++
 ipc/ipcserver.h                            |  1 +
 4 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/client/ui/controllers/updateController.cpp b/client/ui/controllers/updateController.cpp
index 6bf6f9fd..dfabd7cd 100644
--- a/client/ui/controllers/updateController.cpp
+++ b/client/ui/controllers/updateController.cpp
@@ -62,7 +62,7 @@ void UpdateController::checkForUpdates()
 
                 for (auto asset : assets) {
                     QJsonObject assetObject = asset.toObject();
-                    if (assetObject.value("name").toString().contains(".dmg")) {
+                    if (assetObject.value("name").toString().contains(".tar.gz")) {
                         m_downloadUrl = assetObject.value("browser_download_url").toString();
                     }
                 }
@@ -112,10 +112,11 @@ void UpdateController::runInstaller()
                 QFutureWatcher<int> watcher;
                 QFuture<int> future = QtConcurrent::run([this]() {
                     QString t = installerPath;
-                    QRemoteObjectPendingReply<int> ipcReply = IpcClient::Interface()->mountDmg(t, true);
-                    ipcReply.waitForFinished();
-                    QProcess::execute("/Volumes/AmneziaVPN/AmneziaVPN.app/Contents/MacOS/AmneziaVPN");
-                    ipcReply = IpcClient::Interface()->mountDmg(t, false);
+                    QRemoteObjectPendingReply<int> ipcReply = IpcClient::Interface()->installApp(t);
+                    // QRemoteObjectPendingReply<int> ipcReply = IpcClient::Interface()->mountDmg(t, true);
+                    // ipcReply.waitForFinished();
+                    // QProcess::execute("/Volumes/AmneziaVPN/AmneziaVPN.app/Contents/MacOS/AmneziaVPN");
+                    // ipcReply = IpcClient::Interface()->mountDmg(t, false);
                     ipcReply.waitForFinished();
                     return ipcReply.returnValue();
                 });
diff --git a/ipc/ipc_interface.rep b/ipc/ipc_interface.rep
index 1647ea19..7dad63bd 100644
--- a/ipc/ipc_interface.rep
+++ b/ipc/ipc_interface.rep
@@ -34,5 +34,6 @@ class IpcInterface
     SLOT( bool updateResolvers(const QString& ifname, const QList<QHostAddress>& resolvers) );
 
     SLOT( int mountDmg(const QString &path, bool mount) );
+    SLOT (int installApp(const QString &path));
 };
 
diff --git a/ipc/ipcserver.cpp b/ipc/ipcserver.cpp
index 2565fc99..c4fe804e 100644
--- a/ipc/ipcserver.cpp
+++ b/ipc/ipcserver.cpp
@@ -377,3 +377,11 @@ int IpcServer::mountDmg(const QString &path, bool mount)
 #endif
     return 0;
 }
+
+int IpcServer::installApp(const QString &path)
+{
+#if defined(Q_OS_LINUX) && !defined(Q_OS_ANDROID)
+    return QProcess::execute(QString("sudo dpkg -i %1").arg(path));
+#endif
+    return 0;
+}
diff --git a/ipc/ipcserver.h b/ipc/ipcserver.h
index 5d8b61a2..7e5b21d1 100644
--- a/ipc/ipcserver.h
+++ b/ipc/ipcserver.h
@@ -39,6 +39,7 @@ public:
     virtual bool disableKillSwitch() override;
     virtual bool updateResolvers(const QString& ifname, const QList<QHostAddress>& resolvers) override;
     virtual int mountDmg(const QString &path, bool mount) override;
+    virtual int installApp(const QString &path) override;
 
 private:
     int m_localpid = 0;

From 99f610edf91eca0579c83968ab46ea776f67b89a Mon Sep 17 00:00:00 2001
From: aiamnezia <ai@amnezia.org>
Date: Fri, 29 Nov 2024 19:20:15 +0400
Subject: [PATCH 03/53] implement Linux updating

---
 client/ui/controllers/updateController.cpp | 27 ++-------
 ipc/ipcserver.cpp                          | 65 +++++++++++++++++++++-
 2 files changed, 70 insertions(+), 22 deletions(-)

diff --git a/client/ui/controllers/updateController.cpp b/client/ui/controllers/updateController.cpp
index dfabd7cd..32aed926 100644
--- a/client/ui/controllers/updateController.cpp
+++ b/client/ui/controllers/updateController.cpp
@@ -62,7 +62,7 @@ void UpdateController::checkForUpdates()
 
                 for (auto asset : assets) {
                     QJsonObject assetObject = asset.toObject();
-                    if (assetObject.value("name").toString().contains(".tar.gz")) {
+                    if (assetObject.value("name").toString().contains(".tar.zip")) {
                         m_downloadUrl = assetObject.value("browser_download_url").toString();
                     }
                 }
@@ -108,27 +108,12 @@ void UpdateController::runInstaller()
             if (file.open(QIODevice::WriteOnly)) {
                 file.write(reply->readAll());
                 file.close();
+                QString t = installerPath;
+                auto ipcReply = IpcClient::Interface()->installApp(t);
+                ipcReply.waitForFinished();
+                int result = ipcReply.returnValue();
 
-                QFutureWatcher<int> watcher;
-                QFuture<int> future = QtConcurrent::run([this]() {
-                    QString t = installerPath;
-                    QRemoteObjectPendingReply<int> ipcReply = IpcClient::Interface()->installApp(t);
-                    // QRemoteObjectPendingReply<int> ipcReply = IpcClient::Interface()->mountDmg(t, true);
-                    // ipcReply.waitForFinished();
-                    // QProcess::execute("/Volumes/AmneziaVPN/AmneziaVPN.app/Contents/MacOS/AmneziaVPN");
-                    // ipcReply = IpcClient::Interface()->mountDmg(t, false);
-                    ipcReply.waitForFinished();
-                    return ipcReply.returnValue();
-                });
-
-                QEventLoop wait;
-                connect(&watcher, &QFutureWatcher<ErrorCode>::finished, &wait, &QEventLoop::quit);
-                watcher.setFuture(future);
-                wait.exec();
-
-                qDebug() <<  future.result();
-
-//                emit errorOccured("");
+                // emit errorOccured("");
             }
         } else {
             if (reply->error() == QNetworkReply::NetworkError::OperationCanceledError
diff --git a/ipc/ipcserver.cpp b/ipc/ipcserver.cpp
index c4fe804e..c6ca5f52 100644
--- a/ipc/ipcserver.cpp
+++ b/ipc/ipcserver.cpp
@@ -381,7 +381,70 @@ int IpcServer::mountDmg(const QString &path, bool mount)
 int IpcServer::installApp(const QString &path)
 {
 #if defined(Q_OS_LINUX) && !defined(Q_OS_ANDROID)
-    return QProcess::execute(QString("sudo dpkg -i %1").arg(path));
+    QProcess process;
+    QString tempDir = QStandardPaths::writableLocation(QStandardPaths::TempLocation);
+    QString extractDir = tempDir + "/amnezia_update";
+    
+    qDebug() << "Installing app from:" << path;
+    qDebug() << "Using temp directory:" << extractDir;
+    
+    // Create extraction directory if it doesn't exist
+    QDir dir(extractDir);
+    if (!dir.exists()) {
+        dir.mkpath(".");
+        qDebug() << "Created extraction directory";
+    }
+    
+    // First, extract the zip archive
+    qDebug() << "Extracting ZIP archive...";
+    process.start("unzip", QStringList() << path << "-d" << extractDir);
+    process.waitForFinished();
+    if (process.exitCode() != 0) {
+        qDebug() << "ZIP extraction error:" << process.readAllStandardError();
+        return process.exitCode();
+    }
+    qDebug() << "ZIP archive extracted successfully";
+    
+    // Look for tar file in extracted files
+    qDebug() << "Looking for TAR file...";
+    QDirIterator tarIt(extractDir, QStringList() << "*.tar", QDir::Files);
+    if (!tarIt.hasNext()) {
+        qDebug() << "TAR file not found in the extracted archive";
+        return -1;
+    }
+    
+    // Extract found tar archive
+    QString tarPath = tarIt.next();
+    qDebug() << "Found TAR file:" << tarPath;
+    qDebug() << "Extracting TAR archive...";
+    
+    process.start("tar", QStringList() << "-xf" << tarPath << "-C" << extractDir);
+    process.waitForFinished();
+    if (process.exitCode() != 0) {
+        qDebug() << "TAR extraction error:" << process.readAllStandardError();
+        return process.exitCode();
+    }
+    qDebug() << "TAR archive extracted successfully";
+    
+    // Remove tar file as it's no longer needed
+    QFile::remove(tarPath);
+    qDebug() << "Removed temporary TAR file";
+    
+    // Find executable file and run it
+    qDebug() << "Looking for executable file...";
+    QDirIterator it(extractDir, QDir::Files | QDir::Executable, QDirIterator::Subdirectories);
+    if (it.hasNext()) {
+        QString execPath = it.next();
+        qDebug() << "Found executable:" << execPath;
+        qDebug() << "Launching installer...";
+        process.start("sudo", QStringList() << execPath);
+        process.waitForFinished();
+        qDebug() << "Installer finished with exit code:" << process.exitCode();
+        return process.exitCode();
+    }
+    
+    qDebug() << "No executable file found";
+    return -1; // Executable not found
 #endif
     return 0;
 }

From 42e47684839eedd7774b06cdffc61c6c13ccdb6f Mon Sep 17 00:00:00 2001
From: aiamnezia <ai@amnezia.com>
Date: Wed, 4 Dec 2024 15:38:55 +0400
Subject: [PATCH 04/53] Add debug logs about installer in service

---
 ipc/ipcserver.cpp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ipc/ipcserver.cpp b/ipc/ipcserver.cpp
index c6ca5f52..67650221 100644
--- a/ipc/ipcserver.cpp
+++ b/ipc/ipcserver.cpp
@@ -439,6 +439,8 @@ int IpcServer::installApp(const QString &path)
         qDebug() << "Launching installer...";
         process.start("sudo", QStringList() << execPath);
         process.waitForFinished();
+        qDebug() << "Installer stdout:" << process.readAllStandardOutput();
+        qDebug() << "Installer stderr:" << process.readAllStandardError();
         qDebug() << "Installer finished with exit code:" << process.exitCode();
         return process.exitCode();
     }

From 506f96c5d0405b35a0186dfdb4de3cbf8331a977 Mon Sep 17 00:00:00 2001
From: aiamnezia <ai@amnezia.org>
Date: Tue, 10 Dec 2024 17:43:25 +0400
Subject: [PATCH 05/53] Add client side of installation logic for Windows and
 MacOS

---
 client/ui/controllers/updateController.cpp | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/client/ui/controllers/updateController.cpp b/client/ui/controllers/updateController.cpp
index 32aed926..45acf190 100644
--- a/client/ui/controllers/updateController.cpp
+++ b/client/ui/controllers/updateController.cpp
@@ -62,9 +62,19 @@ void UpdateController::checkForUpdates()
 
                 for (auto asset : assets) {
                     QJsonObject assetObject = asset.toObject();
+                    #ifdef Q_OS_WINDOWS
+                    if (assetObject.value("name").toString().endsWith(".exe")) {
+                        m_downloadUrl = assetObject.value("browser_download_url").toString();
+                    }
+                    #elif defined(Q_OS_MACOS)
+                    if (assetObject.value("name").toString().endsWith(".dmg")) {
+                        m_downloadUrl = assetObject.value("browser_download_url").toString();
+                    }
+                    #elif defined(Q_OS_LINUX) && !defined(Q_OS_ANDROID)
                     if (assetObject.value("name").toString().contains(".tar.zip")) {
                         m_downloadUrl = assetObject.value("browser_download_url").toString();
                     }
+                    #endif
                 }
 
                 emit updateFound();

From e748ac35c9cf8c7aafe77eb4a1b093e110f83f96 Mon Sep 17 00:00:00 2001
From: aiamnezia <ai@amnezia.org>
Date: Tue, 10 Dec 2024 18:14:34 +0400
Subject: [PATCH 06/53] Add service side of installation logic for Windows

---
 ipc/ipcserver.cpp | 82 ++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 81 insertions(+), 1 deletion(-)

diff --git a/ipc/ipcserver.cpp b/ipc/ipcserver.cpp
index 67650221..d02fe56a 100644
--- a/ipc/ipcserver.cpp
+++ b/ipc/ipcserver.cpp
@@ -380,7 +380,87 @@ int IpcServer::mountDmg(const QString &path, bool mount)
 
 int IpcServer::installApp(const QString &path)
 {
-#if defined(Q_OS_LINUX) && !defined(Q_OS_ANDROID)
+    qDebug() << "Installing app from:" << path;
+
+#ifdef Q_OS_WINDOWS
+    // On Windows, simply run the .exe file with administrator privileges
+    QProcess process;
+    process.setProgram("powershell.exe");
+    process.setArguments(QStringList() 
+        << "Start-Process"
+        << path
+        << "-Verb" 
+        << "RunAs"
+        << "-Wait");
+    
+    qDebug() << "Launching installer with elevated privileges...";
+    process.start();
+    process.waitForFinished();
+    
+    if (process.exitCode() != 0) {
+        qDebug() << "Installation error:" << process.readAllStandardError();
+    }
+    return process.exitCode();
+
+#elif defined(Q_OS_MACOS)
+    // DRAFT
+    
+    QProcess process;
+    QString tempDir = QStandardPaths::writableLocation(QStandardPaths::TempLocation);
+    QString mountPoint = tempDir + "/AmneziaVPN_mount";
+    
+    // Create mount point
+    QDir dir(mountPoint);
+    if (!dir.exists()) {
+        dir.mkpath(".");
+    }
+    
+    // Mount DMG image
+    qDebug() << "Mounting DMG image...";
+    process.start("hdiutil", QStringList() 
+        << "attach" 
+        << path
+        << "-mountpoint" 
+        << mountPoint
+        << "-nobrowse");
+    process.waitForFinished();
+    
+    if (process.exitCode() != 0) {
+        qDebug() << "Failed to mount DMG:" << process.readAllStandardError();
+        return process.exitCode();
+    }
+    
+    // Look for .app bundle in mounted image
+    QDirIterator it(mountPoint, QStringList() << "*.app", QDir::Dirs);
+    if (!it.hasNext()) {
+        qDebug() << "No .app bundle found in DMG";
+        return -1;
+    }
+    
+    QString appPath = it.next();
+    QString targetPath = "/Applications/" + QFileInfo(appPath).fileName();
+    
+    // Copy application to /Applications
+    qDebug() << "Copying app to Applications folder...";
+    process.start("cp", QStringList() 
+        << "-R"
+        << appPath 
+        << targetPath);
+    process.waitForFinished();
+    
+    // Unmount DMG
+    qDebug() << "Unmounting DMG...";
+    process.start("hdiutil", QStringList() 
+        << "detach" 
+        << mountPoint);
+    process.waitForFinished();
+    
+    if (process.exitCode() != 0) {
+        qDebug() << "Installation error:" << process.readAllStandardError();
+    }
+    return process.exitCode();
+
+#elif defined(Q_OS_LINUX) && !defined(Q_OS_ANDROID)
     QProcess process;
     QString tempDir = QStandardPaths::writableLocation(QStandardPaths::TempLocation);
     QString extractDir = tempDir + "/amnezia_update";

From 9aef463b603cf9e531ad9c208669bdf18a8f9d8a Mon Sep 17 00:00:00 2001
From: Pokamest Nikak <pokamest@gmail.com>
Date: Fri, 6 Dec 2024 12:40:04 +0000
Subject: [PATCH 07/53] ru readme

---
 README_RU.md | 191 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 191 insertions(+)
 create mode 100644 README_RU.md

diff --git a/README_RU.md b/README_RU.md
new file mode 100644
index 00000000..8b453907
--- /dev/null
+++ b/README_RU.md
@@ -0,0 +1,191 @@
+# Amnezia VPN
+## _The best client for self-hosted VPN_
+
+[![Build Status](https://github.com/amnezia-vpn/amnezia-client/actions/workflows/deploy.yml/badge.svg?branch=dev)](https://github.com/amnezia-vpn/amnezia-client/actions/workflows/deploy.yml?query=branch:dev)
+[![Gitpod ready-to-code](https://img.shields.io/badge/Gitpod-ready--to--code-blue?logo=gitpod)](https://gitpod.io/#https://github.com/amnezia-vpn/amnezia-client)
+
+[Amnezia](https://amnezia.org) is an open-source VPN client, with a key feature that enables you to deploy your own VPN server on your server.
+
+[![Image](https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/uipic4.png)](https://amnezia.org)
+
+### [Website](https://amnezia.org) | [Alt website link](https://storage.googleapis.com/kldscp/amnezia.org) | [Documentation](https://docs.amnezia.org) | [Troubleshooting](https://docs.amnezia.org/troubleshooting)
+
+> [!TIP]
+> If the [Amnezia website](https://amnezia.org) is blocked in your region, you can use an [Alternative website link](https://storage.googleapis.com/kldscp/amnezia.org).
+
+<a href="https://amnezia.org/downloads"><img src="https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/download-website.svg" width="150" style="max-width: 100%; margin-right: 10px"></a>
+<a href="https://storage.googleapis.com/kldscp/amnezia.org/downloads"><img src="https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/download-alt.svg" width="150" style="max-width: 100%;"></a>
+
+[All releases](https://github.com/amnezia-vpn/amnezia-client/releases)
+
+<br/>
+
+<a href="https://www.testiny.io"><img src="https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/testiny.png" height="28px"></a>
+
+## Features
+
+- Very easy to use - enter your IP address, SSH login, password and Amnezia will automatically install VPN docker containers to your server and connect to the VPN.
+- Classic VPN-protocols: OpenVPN, WireGuard and IKEv2 protocols.
+- Protocols with traffic Masking (Obfuscation): OpenVPN over [Cloak](https://github.com/cbeuw/Cloak) plugin, Shadowsocks (OpenVPN over Shadowsocks), [AmneziaWG](https://docs.amnezia.org/documentation/amnezia-wg/) and XRay.
+- Split tunneling support - add any sites to the client to enable VPN only for them or add Apps (only for Android and Desktop).
+- Windows, MacOS, Linux, Android, iOS releases.
+- Support for AmneziaWG protocol configuration on [Keenetic beta firmware](https://docs.keenetic.com/ua/air/kn-1611/en/6319-latest-development-release.html#UUID-186c4108-5afd-c10b-f38a-cdff6c17fab3_section-idm33192196168192-improved).
+
+## Links
+
+- [https://amnezia.org](https://amnezia.org) - Project website | [Alternative link (mirror)](https://storage.googleapis.com/kldscp/amnezia.org)
+- [https://docs.amnezia.org](https://docs.amnezia.org) - Documentation
+- [https://www.reddit.com/r/AmneziaVPN](https://www.reddit.com/r/AmneziaVPN) - Reddit  
+- [https://t.me/amnezia_vpn_en](https://t.me/amnezia_vpn_en) - Telegram support channel (English) 
+- [https://t.me/amnezia_vpn_ir](https://t.me/amnezia_vpn_ir) - Telegram support channel (Farsi) 
+- [https://t.me/amnezia_vpn_mm](https://t.me/amnezia_vpn_mm) - Telegram support channel (Myanmar)  
+- [https://t.me/amnezia_vpn](https://t.me/amnezia_vpn) - Telegram support channel (Russian)
+- [https://vpnpay.io/en/amnezia-premium/](https://vpnpay.io/en/amnezia-premium/) - Amnezia Premium
+
+## Tech
+
+AmneziaVPN uses several open-source projects to work:
+
+- [OpenSSL](https://www.openssl.org/)
+- [OpenVPN](https://openvpn.net/)
+- [Shadowsocks](https://shadowsocks.org/)
+- [Qt](https://www.qt.io/)
+- [LibSsh](https://libssh.org) - forked from Qt Creator
+- and more...
+
+## Checking out the source code
+
+Make sure to pull all submodules after checking out the repo.
+
+```bash
+git submodule update --init --recursive
+```
+
+## Development
+
+Want to contribute? Welcome!
+
+### Help with translations
+
+Download the most actual translation files.
+
+Go to ["Actions" tab](https://github.com/amnezia-vpn/amnezia-client/actions?query=is%3Asuccess+branch%3Adev), click on the first line.
+Then scroll down to the "Artifacts" section and download "AmneziaVPN_translations".
+
+Unzip this file.
+Each *.ts file contains strings for one corresponding language.
+
+Translate or correct some strings in one or multiple *.ts files and commit them back to this repository into the ``client/translations`` folder.
+You can do it via a web-interface or any other method you're familiar with.
+
+### Building sources and deployment
+
+Check deploy folder for build scripts. 
+
+### How to build an iOS app from source code on MacOS
+
+1. First, make sure you have [XCode](https://developer.apple.com/xcode/) installed, at least version 14 or higher.
+
+2. We use QT to generate the XCode project. We need QT version 6.6.2. Install QT for MacOS [here](https://doc.qt.io/qt-6/macos.html) or [QT Online Installer](https://www.qt.io/download-open-source). Required modules:
+   - MacOS
+   - iOS
+   - Qt 5 Compatibility Module
+   - Qt Shader Tools
+   - Additional Libraries:
+     - Qt Image Formats
+     - Qt Multimedia
+     - Qt Remote Objects 
+
+3. Install CMake if required. We recommend CMake version 3.25. You can install CMake [here](https://cmake.org/download/)
+
+4. You also need to install go >= v1.16. If you don't have it installed already,
+download go from the [official website](https://golang.org/dl/) or use Homebrew. 
+The latest version is recommended. Install gomobile
+```bash
+export PATH=$PATH:~/go/bin
+go install golang.org/x/mobile/cmd/gomobile@latest
+gomobile init
+```
+
+5. Build the project
+```bash
+export QT_BIN_DIR="<PATH-TO-QT-FOLDER>/Qt/<QT-VERSION>/ios/bin"
+export QT_MACOS_ROOT_DIR="<PATH-TO-QT-FOLDER>/Qt/<QT-VERSION>/macos"
+export QT_IOS_BIN=$QT_BIN_DIR
+export PATH=$PATH:~/go/bin
+mkdir build-ios
+$QT_IOS_BIN/qt-cmake . -B build-ios -GXcode -DQT_HOST_PATH=$QT_MACOS_ROOT_DIR
+```
+Replace PATH-TO-QT-FOLDER and QT-VERSION to your environment
+
+
+If you get `gomobile: command not found` make sure to set PATH to the location 
+of the bin folder where gomobile was installed. Usually, it's in `GOPATH`.
+```bash
+export PATH=$(PATH):/path/to/GOPATH/bin
+```
+
+6. Open the XCode project. You can then run /test/archive/ship the app.
+
+If the build fails with the following error
+```
+make: *** 
+[$(PROJECTDIR)/client/build/AmneziaVPN.build/Debug-iphoneos/wireguard-go-bridge/goroot/.prepared] 
+Error 1
+```
+Add a user-defined variable to both AmneziaVPN and WireGuardNetworkExtension targets' build settings with
+key `PATH` and value `${PATH}/path/to/bin/folder/with/go/executable`, e.g. `${PATH}:/usr/local/go/bin`.
+
+if the above error persists on your M1 Mac, then most probably you need to install arch based CMake 
+```
+arch -arm64 brew install cmake
+```
+
+Build might fail with the "source files not found" error the first time you try it, because the modern XCode build system compiles dependencies in parallel, and some dependencies end up being built after the ones that
+require them. In this case, simply restart the build.
+
+## How to build the Android app
+
+_Tested on Mac OS_
+
+The Android app has the following requirements:
+* JDK 11
+* Android platform SDK 33
+* CMake 3.25.0
+
+After you have installed QT, QT Creator, and Android Studio, you need to configure QT Creator correctly.
+
+- Click in the top menu bar on `QT Creator` -> `Preferences` -> `Devices` and select the tab `Android`.
+- Set path to JDK 11
+- Set path to Android SDK (`$ANDROID_HOME`)
+
+In case you get errors regarding missing SDK or 'SDK manager not running', you cannot fix them by correcting the paths. If you have some spare GBs on your disk, you can let QT Creator install all requirements by choosing an empty folder for `Android SDK location` and clicking on `Set Up SDK`. Be aware: This will install a second Android SDK and NDK on your machine! 
+Double-check that the right CMake version is configured:  Click on `QT Creator` -> `Preferences` and click on the side menu on `Kits`. Under the center content view's `Kits` tab, you'll find an entry for `CMake Tool`. If the default selected CMake version is lower than 3.25.0, install on your system CMake >= 3.25.0 and choose `System CMake at <path>` from the drop-down list. If this entry is missing, you either have not installed CMake yet or QT Creator hasn't found the path to it. In that case, click in the preferences window on the side menu item `CMake`, then on the tab `Tools` in the center content view, and finally on the button `Add` to set the path to your installed CMake. 
+Please make sure that you have selected Android Platform SDK 33 for your project: click in the main view's side menu on `Projects`, and on the left, you'll see a section `Build & Run` showing different Android build targets. You can select any of them, Amnezia VPN's project setup is designed in a way that all Android targets will be built. Click on the targets submenu item `Build` and scroll in the center content view to `Build Steps`. Click on `Details` at the end of the headline `Build Android APK` (the `Details` button might be hidden in case the QT Creator Window is not running in full screen!). Here we are: Choose `android-33` as `Android Build Platform SDK`.
+
+That's it! You should be ready to compile the project from QT Creator!
+
+### Development flow
+
+After you've hit the build button, QT-Creator copies the whole project to a folder in the repository parent directory. The folder should look something like `build-amnezia-client-Android_Qt_<version>_Clang_<architecture>-<BuildType>`.
+If you want to develop Amnezia VPNs Android components written in Kotlin, such as components using system APIs, you need to import the generated project in Android Studio with `build-amnezia-client-Android_Qt_<version>_Clang_<architecture>-<BuildType>/client/android-build` as the projects root directory. While you should be able to compile the generated project from Android Studio, you cannot work directly in the repository's Android project. So whenever you are confident with your work in the generated project, you'll need to copy and paste the affected files to the corresponding path in the repository's Android project so that you can add and commit your changes!
+
+You may face compiling issues in QT Creator after you've worked in Android Studio on the generated project. Just do a `./gradlew clean` in the generated project's root directory (`<path>/client/android-build/.`) and you should be good to go.
+
+## License
+
+GPL v3.0
+
+## Donate
+
+Patreon: [https://www.patreon.com/amneziavpn](https://www.patreon.com/amneziavpn)
+
+Bitcoin: bc1q26eevjcg9j0wuyywd2e3uc9cs2w58lpkpjxq6p <br>
+USDT BEP20: 0x6abD576765a826f87D1D95183438f9408C901bE4 <br>
+USDT TRC20: TELAitazF1MZGmiNjTcnxDjEiH5oe7LC9d <br>
+XMR: 48spms39jt1L2L5vyw2RQW6CXD6odUd4jFu19GZcDyKKQV9U88wsJVjSbL4CfRys37jVMdoaWVPSvezCQPhHXUW5UKLqUp3 <br> 
+TON: UQDpU1CyKRmg7L8mNScKk9FRc2SlESuI7N-Hby4nX-CcVmns
+## Acknowledgments
+
+This project is tested with BrowserStack.
+We express our gratitude to [BrowserStack](https://www.browserstack.com) for supporting our project.

From 086d6c4ae389c6b5ecbe9a4bfd30787b20837bff Mon Sep 17 00:00:00 2001
From: KsZnak <ksu@amnezia.org>
Date: Fri, 6 Dec 2024 22:15:01 +0200
Subject: [PATCH 08/53] Update README_RU.md

---
 README_RU.md | 181 +++++++++------------------------------------------
 1 file changed, 30 insertions(+), 151 deletions(-)

diff --git a/README_RU.md b/README_RU.md
index 8b453907..6ebdb97f 100644
--- a/README_RU.md
+++ b/README_RU.md
@@ -1,182 +1,60 @@
 # Amnezia VPN
-## _The best client for self-hosted VPN_
+## _Лучший клиент для создания VPN на собственном сервере_
 
-[![Build Status](https://github.com/amnezia-vpn/amnezia-client/actions/workflows/deploy.yml/badge.svg?branch=dev)](https://github.com/amnezia-vpn/amnezia-client/actions/workflows/deploy.yml?query=branch:dev)
-[![Gitpod ready-to-code](https://img.shields.io/badge/Gitpod-ready--to--code-blue?logo=gitpod)](https://gitpod.io/#https://github.com/amnezia-vpn/amnezia-client)
-
-[Amnezia](https://amnezia.org) is an open-source VPN client, with a key feature that enables you to deploy your own VPN server on your server.
+[AmneziaVPN](https://amnezia.org) — это open sourse VPN-клиент, ключевая особенность которого заключается в возможности развернуть собственный VPN на вашем сервере.
 
 [![Image](https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/uipic4.png)](https://amnezia.org)
 
-### [Website](https://amnezia.org) | [Alt website link](https://storage.googleapis.com/kldscp/amnezia.org) | [Documentation](https://docs.amnezia.org) | [Troubleshooting](https://docs.amnezia.org/troubleshooting)
+### [Сайт](https://amnezia.org) | [Зеркало на сайт](https://storage.googleapis.com/kldscp/amnezia.org) | [Документация](https://docs.amnezia.org) | [Решение проблем](https://docs.amnezia.org/troubleshooting)
 
 > [!TIP]
-> If the [Amnezia website](https://amnezia.org) is blocked in your region, you can use an [Alternative website link](https://storage.googleapis.com/kldscp/amnezia.org).
+> Если [сайт Amnezia](https://amnezia.org) заблокирован в вашем регионе, вы можете воспользоваться [ссылкой на зеркало](https://storage.googleapis.com/kldscp/amnezia.org).
 
 <a href="https://amnezia.org/downloads"><img src="https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/download-website.svg" width="150" style="max-width: 100%; margin-right: 10px"></a>
 <a href="https://storage.googleapis.com/kldscp/amnezia.org/downloads"><img src="https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/download-alt.svg" width="150" style="max-width: 100%;"></a>
 
-[All releases](https://github.com/amnezia-vpn/amnezia-client/releases)
+[Все релизы](https://github.com/amnezia-vpn/amnezia-client/releases)
 
 <br/>
 
 <a href="https://www.testiny.io"><img src="https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/testiny.png" height="28px"></a>
 
-## Features
+## Особенности
 
-- Very easy to use - enter your IP address, SSH login, password and Amnezia will automatically install VPN docker containers to your server and connect to the VPN.
-- Classic VPN-protocols: OpenVPN, WireGuard and IKEv2 protocols.
-- Protocols with traffic Masking (Obfuscation): OpenVPN over [Cloak](https://github.com/cbeuw/Cloak) plugin, Shadowsocks (OpenVPN over Shadowsocks), [AmneziaWG](https://docs.amnezia.org/documentation/amnezia-wg/) and XRay.
-- Split tunneling support - add any sites to the client to enable VPN only for them or add Apps (only for Android and Desktop).
-- Windows, MacOS, Linux, Android, iOS releases.
-- Support for AmneziaWG protocol configuration on [Keenetic beta firmware](https://docs.keenetic.com/ua/air/kn-1611/en/6319-latest-development-release.html#UUID-186c4108-5afd-c10b-f38a-cdff6c17fab3_section-idm33192196168192-improved).
+- Простой в использовании — введите IP-адрес, SSH-логин и пароль, и Amnezia автоматически установит VPN-контейнеры Docker на ваш сервер и подключится к VPN.
+- Классические VPN-протоколы: OpenVPN, WireGuard и IKEv2.
+- Протоколы с маскировкой трафика (обфускацией): OpenVPN с плагином [Cloak](https://github.com/cbeuw/Cloak), Shadowsocks (OpenVPN over Shadowsocks), [AmneziaWG](https://docs.amnezia.org/documentation/amnezia-wg/) and XRay.
+- Поддержка Split Tunneling — добавляйте любые сайты или приложения в список, чтобы включить VPN только для них.
+- Поддерживает платформы: Windows, MacOS, Linux, Android, iOS.
+- Поддержка конфигурации протокола AmneziaWG на [бета-прошивке Keenetic](https://docs.keenetic.com/ua/air/kn-1611/en/6319-latest-development-release.html#UUID-186c4108-5afd-c10b-f38a-cdff6c17fab3_section-idm33192196168192-improved).
 
-## Links
+## Ссылки
 
-- [https://amnezia.org](https://amnezia.org) - Project website | [Alternative link (mirror)](https://storage.googleapis.com/kldscp/amnezia.org)
-- [https://docs.amnezia.org](https://docs.amnezia.org) - Documentation
+- [https://amnezia.org](https://amnezia.org) - Веб-сайт проекта | [Альтернативная ссылка (зеркало)](https://storage.googleapis.com/kldscp/amnezia.org)
+- [https://docs.amnezia.org](https://docs.amnezia.org) - Документация
 - [https://www.reddit.com/r/AmneziaVPN](https://www.reddit.com/r/AmneziaVPN) - Reddit  
-- [https://t.me/amnezia_vpn_en](https://t.me/amnezia_vpn_en) - Telegram support channel (English) 
-- [https://t.me/amnezia_vpn_ir](https://t.me/amnezia_vpn_ir) - Telegram support channel (Farsi) 
-- [https://t.me/amnezia_vpn_mm](https://t.me/amnezia_vpn_mm) - Telegram support channel (Myanmar)  
-- [https://t.me/amnezia_vpn](https://t.me/amnezia_vpn) - Telegram support channel (Russian)
-- [https://vpnpay.io/en/amnezia-premium/](https://vpnpay.io/en/amnezia-premium/) - Amnezia Premium
+- [https://t.me/amnezia_vpn_en](https://t.me/amnezia_vpn_en) - Канал поддржки в Telegram (Английский)
+- [https://t.me/amnezia_vpn_ir](https://t.me/amnezia_vpn_ir) - Канал поддржки в Telegram (Фарси)
+- [https://t.me/amnezia_vpn_mm](https://t.me/amnezia_vpn_mm) - Канал поддржки в Telegram (Мьянма) 
+- [https://t.me/amnezia_vpn](https://t.me/amnezia_vpn) - Канал поддржки в Telegram  (Русский)
+- [https://vpnpay.io/en/amnezia-premium/](https://vpnpay.io/en/amnezia-premium/) - Amnezia Premium | [Зеркало](https://storage.googleapis.com/kldscp/vpnpay.io/ru/amnezia-premium\)
 
-## Tech
+## Технологии
 
-AmneziaVPN uses several open-source projects to work:
+AmneziaVPN использует несколько проектов с открытым исходным кодом:
 
 - [OpenSSL](https://www.openssl.org/)
 - [OpenVPN](https://openvpn.net/)
 - [Shadowsocks](https://shadowsocks.org/)
 - [Qt](https://www.qt.io/)
-- [LibSsh](https://libssh.org) - forked from Qt Creator
-- and more...
+- [LibSsh](https://libssh.org)
+- и другие...
 
-## Checking out the source code
-
-Make sure to pull all submodules after checking out the repo.
-
-```bash
-git submodule update --init --recursive
-```
-
-## Development
-
-Want to contribute? Welcome!
-
-### Help with translations
-
-Download the most actual translation files.
-
-Go to ["Actions" tab](https://github.com/amnezia-vpn/amnezia-client/actions?query=is%3Asuccess+branch%3Adev), click on the first line.
-Then scroll down to the "Artifacts" section and download "AmneziaVPN_translations".
-
-Unzip this file.
-Each *.ts file contains strings for one corresponding language.
-
-Translate or correct some strings in one or multiple *.ts files and commit them back to this repository into the ``client/translations`` folder.
-You can do it via a web-interface or any other method you're familiar with.
-
-### Building sources and deployment
-
-Check deploy folder for build scripts. 
-
-### How to build an iOS app from source code on MacOS
-
-1. First, make sure you have [XCode](https://developer.apple.com/xcode/) installed, at least version 14 or higher.
-
-2. We use QT to generate the XCode project. We need QT version 6.6.2. Install QT for MacOS [here](https://doc.qt.io/qt-6/macos.html) or [QT Online Installer](https://www.qt.io/download-open-source). Required modules:
-   - MacOS
-   - iOS
-   - Qt 5 Compatibility Module
-   - Qt Shader Tools
-   - Additional Libraries:
-     - Qt Image Formats
-     - Qt Multimedia
-     - Qt Remote Objects 
-
-3. Install CMake if required. We recommend CMake version 3.25. You can install CMake [here](https://cmake.org/download/)
-
-4. You also need to install go >= v1.16. If you don't have it installed already,
-download go from the [official website](https://golang.org/dl/) or use Homebrew. 
-The latest version is recommended. Install gomobile
-```bash
-export PATH=$PATH:~/go/bin
-go install golang.org/x/mobile/cmd/gomobile@latest
-gomobile init
-```
-
-5. Build the project
-```bash
-export QT_BIN_DIR="<PATH-TO-QT-FOLDER>/Qt/<QT-VERSION>/ios/bin"
-export QT_MACOS_ROOT_DIR="<PATH-TO-QT-FOLDER>/Qt/<QT-VERSION>/macos"
-export QT_IOS_BIN=$QT_BIN_DIR
-export PATH=$PATH:~/go/bin
-mkdir build-ios
-$QT_IOS_BIN/qt-cmake . -B build-ios -GXcode -DQT_HOST_PATH=$QT_MACOS_ROOT_DIR
-```
-Replace PATH-TO-QT-FOLDER and QT-VERSION to your environment
-
-
-If you get `gomobile: command not found` make sure to set PATH to the location 
-of the bin folder where gomobile was installed. Usually, it's in `GOPATH`.
-```bash
-export PATH=$(PATH):/path/to/GOPATH/bin
-```
-
-6. Open the XCode project. You can then run /test/archive/ship the app.
-
-If the build fails with the following error
-```
-make: *** 
-[$(PROJECTDIR)/client/build/AmneziaVPN.build/Debug-iphoneos/wireguard-go-bridge/goroot/.prepared] 
-Error 1
-```
-Add a user-defined variable to both AmneziaVPN and WireGuardNetworkExtension targets' build settings with
-key `PATH` and value `${PATH}/path/to/bin/folder/with/go/executable`, e.g. `${PATH}:/usr/local/go/bin`.
-
-if the above error persists on your M1 Mac, then most probably you need to install arch based CMake 
-```
-arch -arm64 brew install cmake
-```
-
-Build might fail with the "source files not found" error the first time you try it, because the modern XCode build system compiles dependencies in parallel, and some dependencies end up being built after the ones that
-require them. In this case, simply restart the build.
-
-## How to build the Android app
-
-_Tested on Mac OS_
-
-The Android app has the following requirements:
-* JDK 11
-* Android platform SDK 33
-* CMake 3.25.0
-
-After you have installed QT, QT Creator, and Android Studio, you need to configure QT Creator correctly.
-
-- Click in the top menu bar on `QT Creator` -> `Preferences` -> `Devices` and select the tab `Android`.
-- Set path to JDK 11
-- Set path to Android SDK (`$ANDROID_HOME`)
-
-In case you get errors regarding missing SDK or 'SDK manager not running', you cannot fix them by correcting the paths. If you have some spare GBs on your disk, you can let QT Creator install all requirements by choosing an empty folder for `Android SDK location` and clicking on `Set Up SDK`. Be aware: This will install a second Android SDK and NDK on your machine! 
-Double-check that the right CMake version is configured:  Click on `QT Creator` -> `Preferences` and click on the side menu on `Kits`. Under the center content view's `Kits` tab, you'll find an entry for `CMake Tool`. If the default selected CMake version is lower than 3.25.0, install on your system CMake >= 3.25.0 and choose `System CMake at <path>` from the drop-down list. If this entry is missing, you either have not installed CMake yet or QT Creator hasn't found the path to it. In that case, click in the preferences window on the side menu item `CMake`, then on the tab `Tools` in the center content view, and finally on the button `Add` to set the path to your installed CMake. 
-Please make sure that you have selected Android Platform SDK 33 for your project: click in the main view's side menu on `Projects`, and on the left, you'll see a section `Build & Run` showing different Android build targets. You can select any of them, Amnezia VPN's project setup is designed in a way that all Android targets will be built. Click on the targets submenu item `Build` and scroll in the center content view to `Build Steps`. Click on `Details` at the end of the headline `Build Android APK` (the `Details` button might be hidden in case the QT Creator Window is not running in full screen!). Here we are: Choose `android-33` as `Android Build Platform SDK`.
-
-That's it! You should be ready to compile the project from QT Creator!
-
-### Development flow
-
-After you've hit the build button, QT-Creator copies the whole project to a folder in the repository parent directory. The folder should look something like `build-amnezia-client-Android_Qt_<version>_Clang_<architecture>-<BuildType>`.
-If you want to develop Amnezia VPNs Android components written in Kotlin, such as components using system APIs, you need to import the generated project in Android Studio with `build-amnezia-client-Android_Qt_<version>_Clang_<architecture>-<BuildType>/client/android-build` as the projects root directory. While you should be able to compile the generated project from Android Studio, you cannot work directly in the repository's Android project. So whenever you are confident with your work in the generated project, you'll need to copy and paste the affected files to the corresponding path in the repository's Android project so that you can add and commit your changes!
-
-You may face compiling issues in QT Creator after you've worked in Android Studio on the generated project. Just do a `./gradlew clean` in the generated project's root directory (`<path>/client/android-build/.`) and you should be good to go.
-
-## License
+## Лицензия
 
 GPL v3.0
 
-## Donate
+## Донаты
 
 Patreon: [https://www.patreon.com/amneziavpn](https://www.patreon.com/amneziavpn)
 
@@ -185,7 +63,8 @@ USDT BEP20: 0x6abD576765a826f87D1D95183438f9408C901bE4 <br>
 USDT TRC20: TELAitazF1MZGmiNjTcnxDjEiH5oe7LC9d <br>
 XMR: 48spms39jt1L2L5vyw2RQW6CXD6odUd4jFu19GZcDyKKQV9U88wsJVjSbL4CfRys37jVMdoaWVPSvezCQPhHXUW5UKLqUp3 <br> 
 TON: UQDpU1CyKRmg7L8mNScKk9FRc2SlESuI7N-Hby4nX-CcVmns
-## Acknowledgments
 
-This project is tested with BrowserStack.
-We express our gratitude to [BrowserStack](https://www.browserstack.com) for supporting our project.
+## Благодарности
+
+Этот проект тестируется с помощью BrowserStack.
+Мы выражаем благодарность [BrowserStack](https://www.browserstack.com) за поддержку нашего проекта.

From 061c63d5bd8dd1ea275e70c28c6b45f61dd667e4 Mon Sep 17 00:00:00 2001
From: KsZnak <ksu@amnezia.org>
Date: Sat, 7 Dec 2024 15:53:40 +0200
Subject: [PATCH 09/53] Add files via upload

---
 metadata/img-readme/download-website-ru.svg | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 metadata/img-readme/download-website-ru.svg

diff --git a/metadata/img-readme/download-website-ru.svg b/metadata/img-readme/download-website-ru.svg
new file mode 100644
index 00000000..386ae4fe
--- /dev/null
+++ b/metadata/img-readme/download-website-ru.svg
@@ -0,0 +1,8 @@
+<svg width="208" height="56" viewBox="0 0 208 56" fill="none" xmlns="http://www.w3.org/2000/svg">
+<rect width="208" height="56" rx="16" fill="#FBB36A"/>
+<path d="M76.012 27.24C75.0654 27.24 74.212 27.0933 73.452 26.8C72.692 26.4933 72.0454 26.0467 71.512 25.46C70.9787 24.86 70.5654 24.12 70.272 23.24C69.9787 22.3467 69.832 21.3067 69.832 20.12C69.832 18.9467 69.9787 17.9067 70.272 17C70.5654 16.08 70.9787 15.3133 71.512 14.7C72.0454 14.0733 72.692 13.6 73.452 13.28C74.212 12.96 75.0654 12.8 76.012 12.8C77.3054 12.8 78.372 13.0667 79.212 13.6C80.052 14.12 80.7254 14.9467 81.232 16.08L78.612 17.44C78.4254 16.8533 78.132 16.3867 77.732 16.04C77.3454 15.68 76.772 15.5 76.012 15.5C75.1187 15.5 74.3987 15.7933 73.852 16.38C73.3187 16.9533 73.052 17.7933 73.052 18.9V21.14C73.052 22.2467 73.3187 23.0933 73.852 23.68C74.3987 24.2533 75.1187 24.54 76.012 24.54C76.7587 24.54 77.352 24.34 77.792 23.94C78.2454 23.5267 78.5787 23.0333 78.792 22.46L81.272 23.9C80.752 24.9667 80.0654 25.7933 79.212 26.38C78.372 26.9533 77.3054 27.24 76.012 27.24ZM83.2394 16.5H86.1994V20.52H87.7194L89.0994 17.96C89.3794 17.44 89.6927 17.0667 90.0394 16.84C90.3994 16.6133 90.8594 16.5 91.4194 16.5H92.6394V18.8H91.5794L90.6794 20.48C90.4927 20.8267 90.306 21.0733 90.1194 21.22C89.946 21.3667 89.7394 21.4733 89.4994 21.54V21.64C89.726 21.6933 89.9327 21.7867 90.1194 21.92C90.3194 22.0533 90.4994 22.2667 90.6594 22.56L91.8394 24.7H92.9194V27H91.5394C90.9794 27 90.526 26.8867 90.1794 26.66C89.8327 26.4333 89.506 26.0467 89.1994 25.5L87.7194 22.82H86.1994V27H83.2394V16.5ZM102.62 27C102.087 27 101.64 26.8333 101.28 26.5C100.934 26.1667 100.714 25.72 100.62 25.16H100.5C100.34 25.84 99.9871 26.36 99.4405 26.72C98.8938 27.0667 98.2205 27.24 97.4205 27.24C96.3671 27.24 95.5605 26.96 95.0005 26.4C94.4405 25.84 94.1605 25.1 94.1605 24.18C94.1605 23.0733 94.5605 22.2533 95.3605 21.72C96.1738 21.1733 97.2738 20.9 98.6605 20.9H100.32V20.24C100.32 19.7333 100.187 19.3333 99.9205 19.04C99.6538 18.7333 99.2071 18.58 98.5805 18.58C97.9938 18.58 97.5271 18.7067 97.1805 18.96C96.8338 19.2133 96.5471 19.5 96.3205 19.82L94.5605 18.26C94.9871 17.6333 95.5205 17.1467 96.1605 16.8C96.8138 16.44 97.6938 16.26 98.8005 16.26C100.294 16.26 101.414 16.5867 102.16 17.24C102.907 17.8933 103.28 18.8467 103.28 20.1V24.7H104.26V27H102.62ZM98.5205 25.18C99.0138 25.18 99.4338 25.0733 99.7805 24.86C100.14 24.6467 100.32 24.3 100.32 23.82V22.58H98.8805C97.7205 22.58 97.1405 22.9733 97.1405 23.76V24.06C97.1405 24.4467 97.2605 24.7333 97.5005 24.92C97.7405 25.0933 98.0805 25.18 98.5205 25.18ZM111.736 22.54H111.636C111.396 22.9667 111.049 23.3067 110.596 23.56C110.156 23.8 109.596 23.92 108.916 23.92C107.729 23.92 106.862 23.6133 106.316 23C105.782 22.3867 105.516 21.4467 105.516 20.18V16.5H108.476V20.04C108.476 20.56 108.596 20.94 108.836 21.18C109.089 21.4067 109.496 21.52 110.056 21.52C110.616 21.52 111.036 21.42 111.316 21.22C111.596 21.02 111.736 20.7667 111.736 20.46V16.5H114.696V27H111.736V22.54ZM125.218 27C124.685 27 124.238 26.8333 123.878 26.5C123.531 26.1667 123.311 25.72 123.218 25.16H123.098C122.938 25.84 122.585 26.36 122.038 26.72C121.491 27.0667 120.818 27.24 120.018 27.24C118.965 27.24 118.158 26.96 117.598 26.4C117.038 25.84 116.758 25.1 116.758 24.18C116.758 23.0733 117.158 22.2533 117.958 21.72C118.771 21.1733 119.871 20.9 121.258 20.9H122.918V20.24C122.918 19.7333 122.785 19.3333 122.518 19.04C122.251 18.7333 121.805 18.58 121.178 18.58C120.591 18.58 120.125 18.7067 119.778 18.96C119.431 19.2133 119.145 19.5 118.918 19.82L117.158 18.26C117.585 17.6333 118.118 17.1467 118.758 16.8C119.411 16.44 120.291 16.26 121.398 16.26C122.891 16.26 124.011 16.5867 124.758 17.24C125.505 17.8933 125.878 18.8467 125.878 20.1V24.7H126.858V27H125.218ZM121.118 25.18C121.611 25.18 122.031 25.0733 122.378 24.86C122.738 24.6467 122.918 24.3 122.918 23.82V22.58H121.478C120.318 22.58 119.738 22.9733 119.738 23.76V24.06C119.738 24.4467 119.858 24.7333 120.098 24.92C120.338 25.0933 120.678 25.18 121.118 25.18ZM130.553 18.8H127.513V16.5H136.553V18.8H133.513V27H130.553V18.8ZM138.337 16.5H141.297V19.62H144.057C144.564 19.62 145.037 19.7 145.477 19.86C145.917 20.02 146.297 20.26 146.617 20.58C146.95 20.8867 147.21 21.2667 147.397 21.72C147.584 22.1733 147.677 22.7 147.677 23.3C147.677 23.9 147.584 24.4333 147.397 24.9C147.21 25.3533 146.95 25.74 146.617 26.06C146.297 26.3667 145.917 26.6 145.477 26.76C145.037 26.92 144.564 27 144.057 27H138.337V16.5ZM143.417 24.9C143.804 24.9 144.11 24.8 144.337 24.6C144.577 24.3867 144.697 24.0867 144.697 23.7V22.92C144.697 22.5333 144.577 22.24 144.337 22.04C144.11 21.8267 143.804 21.72 143.417 21.72H141.297V24.9H143.417Z" fill="#472402"/>
+<path opacity="0.8" d="M74.308 45.144C73.74 45.144 73.228 45.056 72.772 44.88C72.316 44.696 71.928 44.428 71.608 44.076C71.288 43.716 71.04 43.272 70.864 42.744C70.688 42.208 70.6 41.584 70.6 40.872C70.6 40.168 70.688 39.544 70.864 39C71.04 38.448 71.288 37.988 71.608 37.62C71.928 37.244 72.316 36.96 72.772 36.768C73.228 36.576 73.74 36.48 74.308 36.48C75.084 36.48 75.724 36.64 76.228 36.96C76.732 37.272 77.136 37.768 77.44 38.448L75.868 39.264C75.756 38.912 75.58 38.632 75.34 38.424C75.108 38.208 74.764 38.1 74.308 38.1C73.772 38.1 73.34 38.276 73.012 38.628C72.692 38.972 72.532 39.476 72.532 40.14V41.484C72.532 42.148 72.692 42.656 73.012 43.008C73.34 43.352 73.772 43.524 74.308 43.524C74.756 43.524 75.112 43.404 75.376 43.164C75.648 42.916 75.848 42.62 75.976 42.276L77.464 43.14C77.152 43.78 76.74 44.276 76.228 44.628C75.724 44.972 75.084 45.144 74.308 45.144ZM84.0243 45.144C83.5523 45.144 83.1323 45.068 82.7643 44.916C82.3963 44.756 82.0883 44.536 81.8403 44.256C81.5923 43.968 81.4043 43.62 81.2763 43.212C81.1483 42.804 81.0843 42.348 81.0843 41.844C81.0843 41.34 81.1483 40.888 81.2763 40.488C81.4043 40.08 81.5923 39.732 81.8403 39.444C82.0883 39.156 82.3963 38.936 82.7643 38.784C83.1323 38.632 83.5523 38.556 84.0243 38.556C84.6643 38.556 85.1963 38.7 85.6203 38.988C86.0523 39.276 86.3603 39.68 86.5443 40.2L85.1043 40.824C85.0483 40.584 84.9323 40.38 84.7563 40.212C84.5803 40.044 84.3363 39.96 84.0243 39.96C83.6643 39.96 83.3923 40.08 83.2083 40.32C83.0243 40.552 82.9323 40.868 82.9323 41.268V42.444C82.9323 42.844 83.0243 43.16 83.2083 43.392C83.3923 43.624 83.6643 43.74 84.0243 43.74C84.3443 43.74 84.5963 43.656 84.7803 43.488C84.9723 43.312 85.1123 43.084 85.2003 42.804L86.5803 43.404C86.3723 44.004 86.0483 44.444 85.6083 44.724C85.1763 45.004 84.6483 45.144 84.0243 45.144ZM92.3356 45C92.0156 45 91.7476 44.9 91.5316 44.7C91.3236 44.5 91.1916 44.232 91.1356 43.896H91.0636C90.9676 44.304 90.7556 44.616 90.4276 44.832C90.0996 45.04 89.6956 45.144 89.2156 45.144C88.5836 45.144 88.0996 44.976 87.7636 44.64C87.4276 44.304 87.2596 43.86 87.2596 43.308C87.2596 42.644 87.4996 42.152 87.9796 41.832C88.4676 41.504 89.1276 41.34 89.9596 41.34H90.9556V40.944C90.9556 40.64 90.8756 40.4 90.7156 40.224C90.5556 40.04 90.2876 39.948 89.9116 39.948C89.5596 39.948 89.2796 40.024 89.0716 40.176C88.8636 40.328 88.6916 40.5 88.5556 40.692L87.4996 39.756C87.7556 39.38 88.0756 39.088 88.4596 38.88C88.8516 38.664 89.3796 38.556 90.0436 38.556C90.9396 38.556 91.6116 38.752 92.0596 39.144C92.5076 39.536 92.7316 40.108 92.7316 40.86V43.62H93.3196V45H92.3356ZM89.8756 43.908C90.1716 43.908 90.4236 43.844 90.6316 43.716C90.8476 43.588 90.9556 43.38 90.9556 43.092V42.348H90.0916C89.3956 42.348 89.0476 42.584 89.0476 43.056V43.236C89.0476 43.468 89.1196 43.64 89.2636 43.752C89.4076 43.856 89.6116 43.908 89.8756 43.908ZM94.5116 38.7H96.2516V41.232L96.0956 42.696H96.1316L96.8636 41.352L98.6156 38.7H100.2V45H98.4596V42.468L98.6156 41.004H98.5796L97.8476 42.348L96.0956 45H94.5116V38.7ZM97.3676 38.052C96.8396 38.052 96.4116 37.936 96.0836 37.704C95.7556 37.472 95.4996 37.14 95.3156 36.708L95.0636 36.096L96.4436 35.58L96.8276 36.792C96.8756 36.816 96.9516 36.836 97.0556 36.852C97.1596 36.868 97.2636 36.876 97.3676 36.876C97.4716 36.876 97.5756 36.868 97.6796 36.852C97.7836 36.836 97.8596 36.816 97.9076 36.792L98.2916 35.58L99.6716 36.096L99.4196 36.708C99.2356 37.14 98.9796 37.472 98.6516 37.704C98.3236 37.936 97.8956 38.052 97.3676 38.052ZM103.095 40.08H101.271V38.7H106.695V40.08H104.871V45H103.095V40.08ZM112.363 45C112.043 45 111.775 44.9 111.559 44.7C111.351 44.5 111.219 44.232 111.163 43.896H111.091C110.995 44.304 110.783 44.616 110.455 44.832C110.127 45.04 109.723 45.144 109.243 45.144C108.611 45.144 108.127 44.976 107.791 44.64C107.455 44.304 107.287 43.86 107.287 43.308C107.287 42.644 107.527 42.152 108.007 41.832C108.495 41.504 109.155 41.34 109.987 41.34H110.983V40.944C110.983 40.64 110.903 40.4 110.743 40.224C110.583 40.04 110.315 39.948 109.939 39.948C109.587 39.948 109.307 40.024 109.099 40.176C108.891 40.328 108.719 40.5 108.583 40.692L107.527 39.756C107.783 39.38 108.103 39.088 108.487 38.88C108.879 38.664 109.407 38.556 110.071 38.556C110.967 38.556 111.639 38.752 112.087 39.144C112.535 39.536 112.759 40.108 112.759 40.86V43.62H113.347V45H112.363ZM109.903 43.908C110.199 43.908 110.451 43.844 110.659 43.716C110.875 43.588 110.983 43.38 110.983 43.092V42.348H110.119C109.423 42.348 109.075 42.584 109.075 43.056V43.236C109.075 43.468 109.147 43.64 109.291 43.752C109.435 43.856 109.639 43.908 109.903 43.908Z" fill="#472402"/>
+<path d="M37.4987 29.5415V37.8748L33.332 33.7082" stroke="#472402" stroke-width="3.33" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M37.5 37.8752L41.6667 33.7085" stroke="#472402" stroke-width="3.33" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M29.5766 31.9052C28.7259 31.161 28.0598 30.2292 27.631 29.1833C27.2022 28.1374 27.0224 27.0062 27.1058 25.8789C27.1893 24.7516 27.5336 23.6592 28.1118 22.6879C28.6899 21.7165 29.4859 20.8929 30.437 20.282C31.388 19.6712 32.4681 19.2898 33.5919 19.1679C34.7157 19.0461 35.8524 19.1873 36.9122 19.5802C37.9721 19.9731 38.9261 20.6071 39.6989 21.432C40.4717 22.2569 41.0422 23.2502 41.3652 24.3334H43.2298C44.2423 24.3332 45.2277 24.661 46.0385 25.2676C46.8492 25.8742 47.4418 26.727 47.7274 27.6985C48.0131 28.6699 47.9765 29.7077 47.6232 30.6566C47.2698 31.6055 46.6187 32.4145 45.7673 32.9625" stroke="#472402" stroke-width="3.33" stroke-linecap="round" stroke-linejoin="round"/>
+</svg>

From e20f8bead29b6199fa31bb9707f7fa4548da267f Mon Sep 17 00:00:00 2001
From: Nethius <nethiuswork@gmail.com>
Date: Sun, 8 Dec 2024 08:14:22 +0300
Subject: [PATCH 10/53] chore: added clang-format config files (#1293)

---
 .clang-format        | 39 +++++++++++++++++++++++++++++++++++++++
 .clang-format-ignore | 20 ++++++++++++++++++++
 2 files changed, 59 insertions(+)
 create mode 100644 .clang-format
 create mode 100644 .clang-format-ignore

diff --git a/.clang-format b/.clang-format
new file mode 100644
index 00000000..5c459fd2
--- /dev/null
+++ b/.clang-format
@@ -0,0 +1,39 @@
+BasedOnStyle: WebKit
+AccessModifierOffset: '-4'
+AlignAfterOpenBracket: Align
+AlignConsecutiveMacros: 'true'
+AlignTrailingComments: 'true'
+AllowAllArgumentsOnNextLine: 'true'
+AllowAllParametersOfDeclarationOnNextLine: 'true'
+AllowShortBlocksOnASingleLine: 'false'
+AllowShortCaseLabelsOnASingleLine: 'true'
+AllowShortEnumsOnASingleLine: 'false'
+AllowShortFunctionsOnASingleLine: None
+AlwaysBreakTemplateDeclarations: 'No'
+BreakBeforeBinaryOperators: NonAssignment
+BreakBeforeBraces: Custom
+BraceWrapping:
+    AfterClass: true
+    AfterControlStatement: false
+    AfterEnum: false
+    AfterFunction: true
+    AfterNamespace: true
+    AfterObjCDeclaration: false
+    AfterStruct: true
+    AfterUnion: false
+    BeforeCatch: false
+    BeforeElse: false
+    IndentBraces: false
+BreakConstructorInitializers: BeforeColon
+ColumnLimit: '120'
+CommentPragmas: '"^!|^:"'
+ConstructorInitializerAllOnOneLineOrOnePerLine: 'true'
+ConstructorInitializerIndentWidth: '4'
+ContinuationIndentWidth: '8'
+IndentPPDirectives: BeforeHash
+NamespaceIndentation: All
+PenaltyExcessCharacter: '10'
+PointerAlignment: Right
+SortIncludes: 'true'
+SpaceAfterTemplateKeyword: 'false'
+Standard: Auto
diff --git a/.clang-format-ignore b/.clang-format-ignore
new file mode 100644
index 00000000..4019357f
--- /dev/null
+++ b/.clang-format-ignore
@@ -0,0 +1,20 @@
+/client/3rd
+/client/3rd-prebuild
+/client/android
+/client/cmake
+/client/core/serialization
+/client/daemon
+/client/fonts
+/client/images
+/client/ios
+/client/mozilla
+/client/platforms/dummy
+/client/platforms/linux
+/client/platforms/macos
+/client/platforms/windows
+/client/server_scripts
+/client/translations
+/deploy
+/docs
+/metadata
+/service/src

From 1858bb9f8522f393b0abc83b3da5f807fdff5fbb Mon Sep 17 00:00:00 2001
From: KsZnak <ksu@amnezia.org>
Date: Sun, 8 Dec 2024 05:49:26 +0200
Subject: [PATCH 11/53] Update README_RU.md

---
 README_RU.md | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/README_RU.md b/README_RU.md
index 6ebdb97f..fe9dd286 100644
--- a/README_RU.md
+++ b/README_RU.md
@@ -1,6 +1,11 @@
 # Amnezia VPN
-## _Лучший клиент для создания VPN на собственном сервере_
 
+### _Лучший клиент для создания VPN на собственном сервере_
+
+[![Build Status](https://github.com/amnezia-vpn/amnezia-client/actions/workflows/deploy.yml/badge.svg?branch=dev)](https://github.com/amnezia-vpn/amnezia-client/actions/workflows/deploy.yml?query=branch:dev)
+[![Gitpod ready-to-code](https://img.shields.io/badge/Gitpod-ready--to--code-blue?logo=gitpod)](https://gitpod.io/#https://github.com/amnezia-vpn/amnezia-client)
+
+### [English](https://github.com/amnezia-vpn/amnezia-client/blob/dev/README.md) | Русский
 [AmneziaVPN](https://amnezia.org) — это open sourse VPN-клиент, ключевая особенность которого заключается в возможности развернуть собственный VPN на вашем сервере.
 
 [![Image](https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/uipic4.png)](https://amnezia.org)
@@ -10,8 +15,8 @@
 > [!TIP]
 > Если [сайт Amnezia](https://amnezia.org) заблокирован в вашем регионе, вы можете воспользоваться [ссылкой на зеркало](https://storage.googleapis.com/kldscp/amnezia.org).
 
-<a href="https://amnezia.org/downloads"><img src="https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/download-website.svg" width="150" style="max-width: 100%; margin-right: 10px"></a>
-<a href="https://storage.googleapis.com/kldscp/amnezia.org/downloads"><img src="https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/download-alt.svg" width="150" style="max-width: 100%;"></a>
+<a href="https://storage.googleapis.com/kldscp/amnezia.org/downloads"><img src="https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/download-website-ru.svg" width="150" style="max-width: 100%; margin-right: 10px"></a>
+
 
 [Все релизы](https://github.com/amnezia-vpn/amnezia-client/releases)
 

From 8d2fe39ea3859acc3338657c81ad213e07632e4a Mon Sep 17 00:00:00 2001
From: KsZnak <ksu@amnezia.org>
Date: Sun, 8 Dec 2024 05:34:18 +0200
Subject: [PATCH 12/53] Update README.md

---
 README.md | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 8b453907..8f887808 100644
--- a/README.md
+++ b/README.md
@@ -1,9 +1,14 @@
 # Amnezia VPN
-## _The best client for self-hosted VPN_
+
+### _The best client for self-hosted VPN_
+
 
 [![Build Status](https://github.com/amnezia-vpn/amnezia-client/actions/workflows/deploy.yml/badge.svg?branch=dev)](https://github.com/amnezia-vpn/amnezia-client/actions/workflows/deploy.yml?query=branch:dev)
 [![Gitpod ready-to-code](https://img.shields.io/badge/Gitpod-ready--to--code-blue?logo=gitpod)](https://gitpod.io/#https://github.com/amnezia-vpn/amnezia-client)
 
+### [English]([https://github.com/amnezia-vpn/amnezia-client/blob/dev/README_RU.md](https://github.com/amnezia-vpn/amnezia-client/tree/dev?tab=readme-ov-file#)) | [Русский](https://github.com/amnezia-vpn/amnezia-client/blob/dev/README_RU.md)
+
+
 [Amnezia](https://amnezia.org) is an open-source VPN client, with a key feature that enables you to deploy your own VPN server on your server.
 
 [![Image](https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/uipic4.png)](https://amnezia.org)

From 321f0727d251896500425a2c3b6aae93972a291b Mon Sep 17 00:00:00 2001
From: Nethius <nethiuswork@gmail.com>
Date: Mon, 9 Dec 2024 09:32:49 +0300
Subject: [PATCH 13/53] feature: added subscription expiration date for premium
 v2 (#1261)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* feature: added subscription expiration date for premium v2

* feature: added a check for the presence of the “services” field in the response body of the getServicesList() function

* feature: added prohibition to change location when connection is active

* bugfix: renamed public_key->end_date to public_key->expires_at according to the changes on the backend
---
 client/core/controllers/apiController.cpp     |   7 +
 client/core/defs.h                            |   1 +
 client/core/errorstrings.cpp                  |   3 +-
 .../ui/controllers/connectionController.cpp   |   2 +-
 client/ui/models/apiServicesModel.cpp         | 114 ++++++---
 client/ui/models/apiServicesModel.h           |  40 ++-
 client/ui/models/servers_model.cpp            |  33 ++-
 client/ui/models/servers_model.h              |   5 +
 .../Pages2/PageSettingsApiLanguageList.qml    |   6 +
 .../qml/Pages2/PageSettingsApiServerInfo.qml  |   7 +-
 .../ui/qml/Pages2/PageSettingsServerInfo.qml  | 227 +++++++++---------
 11 files changed, 285 insertions(+), 160 deletions(-)

diff --git a/client/core/controllers/apiController.cpp b/client/core/controllers/apiController.cpp
index c50165e7..6562632a 100644
--- a/client/core/controllers/apiController.cpp
+++ b/client/core/controllers/apiController.cpp
@@ -379,6 +379,13 @@ ErrorCode ApiController::getServicesList(QByteArray &responseBody)
 
     auto errorCode = checkErrors(sslErrors, reply);
     reply->deleteLater();
+
+    if (errorCode == ErrorCode::NoError) {
+        if (!responseBody.contains("services")) {
+            return ErrorCode::ApiServicesMissingError;
+        }
+    }
+
     return errorCode;
 }
 
diff --git a/client/core/defs.h b/client/core/defs.h
index d00d347b..c0db2e12 100644
--- a/client/core/defs.h
+++ b/client/core/defs.h
@@ -109,6 +109,7 @@ namespace amnezia
         ApiConfigSslError = 1104,
         ApiMissingAgwPublicKey = 1105,
         ApiConfigDecryptionError = 1106,
+        ApiServicesMissingError = 1107,
 
         // QFile errors
         OpenError = 1200,
diff --git a/client/core/errorstrings.cpp b/client/core/errorstrings.cpp
index 49534606..70f433c6 100644
--- a/client/core/errorstrings.cpp
+++ b/client/core/errorstrings.cpp
@@ -63,7 +63,8 @@ QString errorString(ErrorCode code) {
     case (ErrorCode::ApiConfigTimeoutError): errorMessage = QObject::tr("Server response timeout on api request"); break;
     case (ErrorCode::ApiMissingAgwPublicKey): errorMessage = QObject::tr("Missing AGW public key"); break;
     case (ErrorCode::ApiConfigDecryptionError): errorMessage = QObject::tr("Failed to decrypt response payload"); break;
-      
+    case (ErrorCode::ApiServicesMissingError): errorMessage = QObject::tr("Missing list of available services"); break;
+
     // QFile errors
     case(ErrorCode::OpenError): errorMessage = QObject::tr("QFile error: The file could not be opened"); break;
     case(ErrorCode::ReadError): errorMessage = QObject::tr("QFile error: An error occurred when reading from the file"); break;
diff --git a/client/ui/controllers/connectionController.cpp b/client/ui/controllers/connectionController.cpp
index f8516f6e..f9491d4e 100644
--- a/client/ui/controllers/connectionController.cpp
+++ b/client/ui/controllers/connectionController.cpp
@@ -55,7 +55,7 @@ void ConnectionController::openConnection()
         && !m_serversModel->data(serverIndex, ServersModel::Roles::HasInstalledContainers).toBool()) {
         emit updateApiConfigFromGateway();
     } else if (configVersion && m_serversModel->isApiKeyExpired(serverIndex)) {
-        qDebug() << "attempt to update api config by end_date event";
+        qDebug() << "attempt to update api config by expires_at event";
         if (configVersion == ApiConfigSources::Telegram) {
             emit updateApiConfigFromTelegram();
         } else {
diff --git a/client/ui/models/apiServicesModel.cpp b/client/ui/models/apiServicesModel.cpp
index 2a87bde3..81a10f87 100644
--- a/client/ui/models/apiServicesModel.cpp
+++ b/client/ui/models/apiServicesModel.cpp
@@ -27,6 +27,9 @@ namespace
         constexpr char storeEndpoint[] = "store_endpoint";
 
         constexpr char isAvailable[] = "is_available";
+
+        constexpr char subscription[] = "subscription";
+        constexpr char endDate[] = "end_date";
     }
 
     namespace serviceType
@@ -51,23 +54,23 @@ QVariant ApiServicesModel::data(const QModelIndex &index, int role) const
     if (!index.isValid() || index.row() < 0 || index.row() >= static_cast<int>(rowCount()))
         return QVariant();
 
-    QJsonObject service = m_services.at(index.row()).toObject();
-    QJsonObject serviceInfo = service.value(configKey::serviceInfo).toObject();
-    auto serviceType = service.value(configKey::serviceType).toString();
+    auto apiServiceData = m_services.at(index.row());
+    auto serviceType = apiServiceData.type;
+    auto isServiceAvailable = apiServiceData.isServiceAvailable;
 
     switch (role) {
     case NameRole: {
-        return serviceInfo.value(configKey::name).toString();
+        return apiServiceData.serviceInfo.name;
     }
     case CardDescriptionRole: {
-        auto speed = serviceInfo.value(configKey::speed).toString();
+        auto speed = apiServiceData.serviceInfo.speed;
         if (serviceType == serviceType::amneziaPremium) {
             return tr("Classic VPN for comfortable work, downloading large files and watching videos. "
                       "Works for any sites. Speed up to %1 MBit/s")
                     .arg(speed);
         } else if (serviceType == serviceType::amneziaFree){
             QString description = tr("VPN to access blocked sites in regions with high levels of Internet censorship. ");
-            if (service.value(configKey::isAvailable).isBool() && !service.value(configKey::isAvailable).toBool()) {
+            if (isServiceAvailable) {
                 description += tr("<p><a style=\"color: #EB5757;\">Not available in your region. If you have VPN enabled, disable it, return to the previous screen, and try again.</a>");
             }
             return description;
@@ -83,25 +86,24 @@ QVariant ApiServicesModel::data(const QModelIndex &index, int role) const
     }
     case IsServiceAvailableRole: {
         if (serviceType == serviceType::amneziaFree) {
-            if (service.value(configKey::isAvailable).isBool() && !service.value(configKey::isAvailable).toBool()) {
+            if (isServiceAvailable) {
                 return false;
             }
         }
         return true;
     }
     case SpeedRole: {
-        auto speed = serviceInfo.value(configKey::speed).toString();
-        return tr("%1 MBit/s").arg(speed);
+        return tr("%1 MBit/s").arg(apiServiceData.serviceInfo.speed);
     }
-    case WorkPeriodRole: {
-        auto timelimit = serviceInfo.value(configKey::timelimit).toString();
-        if (timelimit == "0") {
+    case TimeLimitRole: {
+        auto timeLimit = apiServiceData.serviceInfo.timeLimit;
+        if (timeLimit == "0") {
             return "";
         }
-        return tr("%1 days").arg(timelimit);
+        return tr("%1 days").arg(timeLimit);
     }
     case RegionRole: {
-        return serviceInfo.value(configKey::region).toString();
+        return apiServiceData.serviceInfo.region;
     }
     case FeaturesRole: {
         if (serviceType == serviceType::amneziaPremium) {
@@ -113,12 +115,15 @@ QVariant ApiServicesModel::data(const QModelIndex &index, int role) const
         }
     }
     case PriceRole: {
-        auto price = serviceInfo.value(configKey::price).toString();
+        auto price = apiServiceData.serviceInfo.price;
         if (price == "free") {
             return tr("Free");
         }
         return tr("%1 $/month").arg(price);
     }
+    case EndDateRole: {
+        return QDateTime::fromString(apiServiceData.subscription.endDate, Qt::ISODate).toLocalTime().toString("d MMM yyyy");
+    }
     }
 
     return QVariant();
@@ -128,15 +133,18 @@ void ApiServicesModel::updateModel(const QJsonObject &data)
 {
     beginResetModel();
 
-    m_countryCode = data.value(configKey::userCountryCode).toString();
-    m_services = data.value(configKey::services).toArray();
-    if (m_services.isEmpty()) {
-        QJsonObject service;
-        service.insert(configKey::serviceInfo, data.value(configKey::serviceInfo));
-        service.insert(configKey::serviceType, data.value(configKey::serviceType));
+    m_services.clear();
 
-        m_services.push_back(service);
+    m_countryCode = data.value(configKey::userCountryCode).toString();
+    auto services = data.value(configKey::services).toArray();
+
+    if (services.isEmpty()) {
+        m_services.push_back(getApiServicesData(data));
         m_selectedServiceIndex = 0;
+    } else {
+        for (const auto &service : services) {
+            m_services.push_back(getApiServicesData(service.toObject()));
+        }
     }
 
     endResetModel();
@@ -149,32 +157,32 @@ void ApiServicesModel::setServiceIndex(const int index)
 
 QJsonObject ApiServicesModel::getSelectedServiceInfo()
 {
-    QJsonObject service = m_services.at(m_selectedServiceIndex).toObject();
-    return service.value(configKey::serviceInfo).toObject();
+    auto service = m_services.at(m_selectedServiceIndex);
+    return service.serviceInfo.object;
 }
 
 QString ApiServicesModel::getSelectedServiceType()
 {
-    QJsonObject service = m_services.at(m_selectedServiceIndex).toObject();
-    return service.value(configKey::serviceType).toString();
+    auto service = m_services.at(m_selectedServiceIndex);
+    return service.type;
 }
 
 QString ApiServicesModel::getSelectedServiceProtocol()
 {
-    QJsonObject service = m_services.at(m_selectedServiceIndex).toObject();
-    return service.value(configKey::serviceProtocol).toString();
+    auto service = m_services.at(m_selectedServiceIndex);
+    return service.protocol;
 }
 
 QString ApiServicesModel::getSelectedServiceName()
 {
-    auto modelIndex = index(m_selectedServiceIndex, 0);
-    return data(modelIndex, ApiServicesModel::Roles::NameRole).toString();
+    auto service = m_services.at(m_selectedServiceIndex);
+    return service.serviceInfo.name;
 }
 
 QJsonArray ApiServicesModel::getSelectedServiceCountries()
 {
-    QJsonObject service = m_services.at(m_selectedServiceIndex).toObject();
-    return service.value(configKey::availableCountries).toArray();
+    auto service = m_services.at(m_selectedServiceIndex);
+    return service.availableCountries;
 }
 
 QString ApiServicesModel::getCountryCode()
@@ -184,8 +192,8 @@ QString ApiServicesModel::getCountryCode()
 
 QString ApiServicesModel::getStoreEndpoint()
 {
-    QJsonObject service = m_services.at(m_selectedServiceIndex).toObject();
-    return service.value(configKey::storeEndpoint).toString();
+    auto service = m_services.at(m_selectedServiceIndex);
+    return service.storeEndpoint;
 }
 
 QVariant ApiServicesModel::getSelectedServiceData(const QString roleString)
@@ -209,10 +217,46 @@ QHash<int, QByteArray> ApiServicesModel::roleNames() const
     roles[ServiceDescriptionRole] = "serviceDescription";
     roles[IsServiceAvailableRole] = "isServiceAvailable";
     roles[SpeedRole] = "speed";
-    roles[WorkPeriodRole] = "workPeriod";
+    roles[TimeLimitRole] = "timeLimit";
     roles[RegionRole] = "region";
     roles[FeaturesRole] = "features";
     roles[PriceRole] = "price";
+    roles[EndDateRole] = "endDate";
 
     return roles;
 }
+
+ApiServicesModel::ApiServicesData ApiServicesModel::getApiServicesData(const QJsonObject &data)
+{
+    auto serviceInfo =  data.value(configKey::serviceInfo).toObject();
+    auto serviceType = data.value(configKey::serviceType).toString();
+    auto serviceProtocol = data.value(configKey::serviceProtocol).toString();
+    auto availableCountries = data.value(configKey::availableCountries).toArray();
+
+    auto subscriptionObject = data.value(configKey::subscription).toObject();
+
+    ApiServicesData serviceData;
+    serviceData.serviceInfo.name = serviceInfo.value(configKey::name).toString();
+    serviceData.serviceInfo.price = serviceInfo.value(configKey::price).toString();
+    serviceData.serviceInfo.region = serviceInfo.value(configKey::region).toString();
+    serviceData.serviceInfo.speed = serviceInfo.value(configKey::speed).toString();
+    serviceData.serviceInfo.timeLimit = serviceInfo.value(configKey::timelimit).toString();
+
+    serviceData.type = serviceType;
+    serviceData.protocol = serviceProtocol;
+
+    serviceData.storeEndpoint = serviceInfo.value(configKey::storeEndpoint).toString();
+
+    if (serviceInfo.value(configKey::isAvailable).isBool()) {
+        serviceData.isServiceAvailable = data.value(configKey::isAvailable).toBool();
+    } else {
+        serviceData.isServiceAvailable = true;
+    }
+
+    serviceData.serviceInfo.object = serviceInfo;
+    serviceData.availableCountries = availableCountries;
+
+    serviceData.subscription.endDate = subscriptionObject.value(configKey::endDate).toString();
+
+    return serviceData;
+}
diff --git a/client/ui/models/apiServicesModel.h b/client/ui/models/apiServicesModel.h
index 49918940..c96a49ab 100644
--- a/client/ui/models/apiServicesModel.h
+++ b/client/ui/models/apiServicesModel.h
@@ -3,6 +3,7 @@
 
 #include <QAbstractListModel>
 #include <QJsonArray>
+#include <QJsonObject>
 
 class ApiServicesModel : public QAbstractListModel
 {
@@ -15,10 +16,11 @@ public:
         ServiceDescriptionRole,
         IsServiceAvailableRole,
         SpeedRole,
-        WorkPeriodRole,
+        TimeLimitRole,
         RegionRole,
         FeaturesRole,
-        PriceRole
+        PriceRole,
+        EndDateRole
     };
 
     explicit ApiServicesModel(QObject *parent = nullptr);
@@ -48,8 +50,40 @@ protected:
     QHash<int, QByteArray> roleNames() const override;
 
 private:
+    struct ServiceInfo
+    {
+        QString name;
+        QString speed;
+        QString timeLimit;
+        QString region;
+        QString price;
+
+        QJsonObject object;
+    };
+
+    struct Subscription
+    {
+        QString endDate;
+    };
+
+    struct ApiServicesData
+    {
+        bool isServiceAvailable;
+
+        QString type;
+        QString protocol;
+        QString storeEndpoint;
+
+        ServiceInfo serviceInfo;
+        Subscription subscription;
+
+        QJsonArray availableCountries;
+    };
+
+    ApiServicesData getApiServicesData(const QJsonObject &data);
+
     QString m_countryCode;
-    QJsonArray m_services;
+    QVector<ApiServicesData> m_services;
 
     int m_selectedServiceIndex;
 };
diff --git a/client/ui/models/servers_model.cpp b/client/ui/models/servers_model.cpp
index c87499a7..b72b10c3 100644
--- a/client/ui/models/servers_model.cpp
+++ b/client/ui/models/servers_model.cpp
@@ -22,7 +22,7 @@ namespace
         constexpr char serviceProtocol[] = "service_protocol";
 
         constexpr char publicKeyInfo[] = "public_key";
-        constexpr char endDate[] = "end_date";
+        constexpr char expiresAt[] = "expires_at";
     }
 }
 
@@ -39,6 +39,9 @@ ServersModel::ServersModel(std::shared_ptr<Settings> settings, QObject *parent)
         emit ServersModel::defaultServerNameChanged();
         updateDefaultServerContainersModel();
     });
+
+    connect(this, &ServersModel::processedServerIndexChanged, this, &ServersModel::processedServerChanged);
+    connect(this, &ServersModel::dataChanged, this, &ServersModel::processedServerChanged);
 }
 
 int ServersModel::rowCount(const QModelIndex &parent) const
@@ -79,6 +82,12 @@ bool ServersModel::setData(const QModelIndex &index, const QVariant &value, int
     return true;
 }
 
+bool ServersModel::setData(const int index, const QVariant &value, int role)
+{
+    QModelIndex modelIndex = this->index(index);
+    return setData(modelIndex, value, role);
+}
+
 QVariant ServersModel::data(const QModelIndex &index, int role) const
 {
     if (!index.isValid() || index.row() < 0 || index.row() >= static_cast<int>(m_servers.size())) {
@@ -679,6 +688,18 @@ QVariant ServersModel::getProcessedServerData(const QString roleString)
     return {};
 }
 
+bool ServersModel::setProcessedServerData(const QString &roleString, const QVariant &value)
+{
+    const auto roles = roleNames();
+    for (auto it = roles.begin(); it != roles.end(); it++) {
+        if (QString(it.value()) == roleString) {
+            return setData(m_processedServerIndex, value, it.key());
+        }
+    }
+
+    return false;
+}
+
 bool ServersModel::isDefaultServerDefaultContainerHasSplitTunneling()
 {
     auto server = m_servers.at(m_defaultServerIndex).toObject();
@@ -718,9 +739,9 @@ bool ServersModel::isApiKeyExpired(const int serverIndex)
     auto apiConfig = serverConfig.value(configKey::apiConfig).toObject();
 
     auto publicKeyInfo = apiConfig.value(configKey::publicKeyInfo).toObject();
-    const QString endDate = publicKeyInfo.value(configKey::endDate).toString();
-    if (endDate.isEmpty()) {
-        publicKeyInfo.insert(configKey::endDate, QDateTime::currentDateTimeUtc().addDays(1).toString(Qt::ISODate));
+    const QString expiresAt = publicKeyInfo.value(configKey::expiresAt).toString();
+    if (expiresAt.isEmpty()) {
+        publicKeyInfo.insert(configKey::expiresAt, QDateTime::currentDateTimeUtc().addDays(1).toString(Qt::ISODate));
         apiConfig.insert(configKey::publicKeyInfo, publicKeyInfo);
         serverConfig.insert(configKey::apiConfig, apiConfig);
         editServer(serverConfig, serverIndex);
@@ -728,8 +749,8 @@ bool ServersModel::isApiKeyExpired(const int serverIndex)
         return false;
     }
 
-    auto endDateDateTime = QDateTime::fromString(endDate, Qt::ISODate).toUTC();
-    if (endDateDateTime < QDateTime::currentDateTimeUtc()) {
+    auto expiresAtDateTime = QDateTime::fromString(expiresAt, Qt::ISODate).toUTC();
+    if (expiresAtDateTime < QDateTime::currentDateTimeUtc()) {
         return true;
     }
     return false;
diff --git a/client/ui/models/servers_model.h b/client/ui/models/servers_model.h
index 0f18ea30..78bc22cc 100644
--- a/client/ui/models/servers_model.h
+++ b/client/ui/models/servers_model.h
@@ -46,6 +46,7 @@ public:
     int rowCount(const QModelIndex &parent = QModelIndex()) const override;
 
     bool setData(const QModelIndex &index, const QVariant &value, int role = Qt::EditRole) override;
+    bool setData(const int index, const QVariant &value, int role = Qt::EditRole);
     QVariant data(const QModelIndex &index, int role = Qt::DisplayRole) const override;
     QVariant data(const int index, int role = Qt::DisplayRole) const;
 
@@ -115,6 +116,7 @@ public slots:
     QVariant getDefaultServerData(const QString roleString);
 
     QVariant getProcessedServerData(const QString roleString);
+    bool setProcessedServerData(const QString &roleString, const QVariant &value);
 
     bool isDefaultServerDefaultContainerHasSplitTunneling();
 
@@ -127,6 +129,9 @@ protected:
 
 signals:
     void processedServerIndexChanged(const int index);
+    // emitted when the processed server index or processed server data is changed
+    void processedServerChanged();
+
     void defaultServerIndexChanged(const int index);
     void defaultServerNameChanged();
     void defaultServerDescriptionChanged();
diff --git a/client/ui/qml/Pages2/PageSettingsApiLanguageList.qml b/client/ui/qml/Pages2/PageSettingsApiLanguageList.qml
index 120313cd..600db85d 100644
--- a/client/ui/qml/Pages2/PageSettingsApiLanguageList.qml
+++ b/client/ui/qml/Pages2/PageSettingsApiLanguageList.qml
@@ -54,8 +54,14 @@ PageType {
                         imageSource: "qrc:/images/controls/download.svg"
 
                         checked: index === ApiCountryModel.currentIndex
+                        checkable: !ConnectionController.isConnected
 
                         onClicked: {
+                            if (ConnectionController.isConnected) {
+                                PageController.showNotificationMessage(qsTr("Unable change server location while there is an active connection"))
+                                return
+                            }
+
                             if (index !== ApiCountryModel.currentIndex) {
                                 PageController.showBusyIndicator(true)
                                 var prevIndex = ApiCountryModel.currentIndex
diff --git a/client/ui/qml/Pages2/PageSettingsApiServerInfo.qml b/client/ui/qml/Pages2/PageSettingsApiServerInfo.qml
index 2d6c1d9b..167e56e5 100644
--- a/client/ui/qml/Pages2/PageSettingsApiServerInfo.qml
+++ b/client/ui/qml/Pages2/PageSettingsApiServerInfo.qml
@@ -56,12 +56,15 @@ PageType {
             }
 
             LabelWithImageType {
+                property bool showSubscriptionEndDate: ServersModel.getProcessedServerData("isCountrySelectionAvailable")
+
                 Layout.fillWidth: true
                 Layout.margins: 16
 
                 imageSource: "qrc:/images/controls/history.svg"
-                leftText: qsTr("Work period")
-                rightText: ApiServicesModel.getSelectedServiceData("workPeriod")
+                leftText: showSubscriptionEndDate ? qsTr("Valid until") : qsTr("Work period")
+                rightText: showSubscriptionEndDate ? ApiServicesModel.getSelectedServiceData("endDate")
+                                                   : ApiServicesModel.getSelectedServiceData("workPeriod")
 
                 visible: rightText !== ""
             }
diff --git a/client/ui/qml/Pages2/PageSettingsServerInfo.qml b/client/ui/qml/Pages2/PageSettingsServerInfo.qml
index 95ae5c8a..ffcfb441 100644
--- a/client/ui/qml/Pages2/PageSettingsServerInfo.qml
+++ b/client/ui/qml/Pages2/PageSettingsServerInfo.qml
@@ -25,6 +25,8 @@ PageType {
     property int pageSettingsApiServerInfo: 3
     property int pageSettingsApiLanguageList: 4
 
+    property var processedServer
+
     defaultActiveFocusItem: focusItem
 
     Connections {
@@ -35,8 +37,18 @@ PageType {
         }
     }
 
+    Connections {
+        target: ServersModel
+
+        function onProcessedServerChanged() {
+            root.processedServer = proxyServersModel.get(0)
+        }
+    }
+
     SortFilterProxyModel {
         id: proxyServersModel
+        objectName: "proxyServersModel"
+
         sourceModel: ServersModel
         filters: [
             ValueFilter {
@@ -44,147 +56,139 @@ PageType {
                 value: true
             }
         ]
+
+        Component.onCompleted: {
+            root.processedServer = proxyServersModel.get(0)
+        }
     }
 
     Item {
         id: focusItem
-        KeyNavigation.tab: header
+        //KeyNavigation.tab: header
     }
 
     ColumnLayout {
         anchors.fill: parent
 
-        spacing: 16
+        spacing: 4
 
-        Repeater {
-            id: header
-            model: proxyServersModel
+        BackButtonType {
+            id: backButton
 
-            activeFocusOnTab: true
-            onFocusChanged: {
-                header.itemAt(0).focusItem.forceActiveFocus()
+            Layout.topMargin: 20
+            KeyNavigation.tab: headerContent.actionButton
+
+            backButtonFunction: function() {
+                if (nestedStackView.currentIndex === root.pageSettingsApiServerInfo &&
+                        root.processedServer.isCountrySelectionAvailable) {
+                    nestedStackView.currentIndex = root.pageSettingsApiLanguageList
+                } else {
+                    PageController.closePage()
+                }
+            }
+        }
+
+        HeaderType {
+            id: headerContent
+            Layout.fillWidth: true
+            Layout.leftMargin: 16
+            Layout.rightMargin: 16
+
+            actionButtonImage: nestedStackView.currentIndex === root.pageSettingsApiLanguageList ? "qrc:/images/controls/settings.svg"
+                                                                                                 : "qrc:/images/controls/edit-3.svg"
+
+            headerText: root.processedServer.name
+            descriptionText: {
+                if (root.processedServer.isServerFromGatewayApi) {
+                    if (nestedStackView.currentIndex === root.pageSettingsApiLanguageList) {
+                        return qsTr("Subscription is valid until ") + ApiServicesModel.getSelectedServiceData("endDate")
+                    } else {
+                        return ApiServicesModel.getSelectedServiceData("serviceDescription")
+                    }
+                } else if (root.processedServer.isServerFromTelegramApi) {
+                    return root.processedServer.serverDescription
+                } else if (root.processedServer.hasWriteAccess) {
+                    return root.processedServer.credentialsLogin + " · " + root.processedServer.hostName
+                } else {
+                    return root.processedServer.hostName
+                }
             }
 
-            delegate: ColumnLayout {
+            KeyNavigation.tab: tabBar
 
-                property alias focusItem: backButton
+            actionButtonFunction: function() {
+                if (nestedStackView.currentIndex === root.pageSettingsApiLanguageList) {
+                    nestedStackView.currentIndex = root.pageSettingsApiServerInfo
+                } else {
+                    serverNameEditDrawer.open()
+                }
+            }
+        }
 
-                id: content
+        DrawerType2 {
+            id: serverNameEditDrawer
 
-                Layout.topMargin: 20
+            parent: root
 
-                BackButtonType {
-                    id: backButton
-                    KeyNavigation.tab: headerContent.actionButton
+            anchors.fill: parent
+            expandedHeight: root.height * 0.35
 
-                    backButtonFunction: function() {
-                        if (nestedStackView.currentIndex === root.pageSettingsApiServerInfo &&
-                                ServersModel.getProcessedServerData("isCountrySelectionAvailable")) {
-                            nestedStackView.currentIndex = root.pageSettingsApiLanguageList
-                        } else {
-                            PageController.closePage()
-                        }
+            onClosed: {
+                if (!GC.isMobile()) {
+                    headerContent.actionButton.forceActiveFocus()
+                }
+            }
+
+            expandedContent: ColumnLayout {
+                anchors.top: parent.top
+                anchors.left: parent.left
+                anchors.right: parent.right
+                anchors.topMargin: 32
+                anchors.leftMargin: 16
+                anchors.rightMargin: 16
+
+                Connections {
+                    target: serverNameEditDrawer
+                    enabled: !GC.isMobile()
+                    function onOpened() {
+                        serverName.textField.forceActiveFocus()
                     }
                 }
 
-                HeaderType {
-                    id: headerContent
+                Item {
+                    id: focusItem1
+                    KeyNavigation.tab: serverName.textField
+                }
+
+                TextFieldWithHeaderType {
+                    id: serverName
+
                     Layout.fillWidth: true
-                    Layout.leftMargin: 16
-                    Layout.rightMargin: 16
+                    headerText: qsTr("Server name")
+                    textFieldText: root.processedServer.name
+                    textField.maximumLength: 30
+                    checkEmptyText: true
 
-                    actionButtonImage: nestedStackView.currentIndex === root.pageSettingsApiLanguageList ? "qrc:/images/controls/settings.svg" : "qrc:/images/controls/edit-3.svg"
-
-                    headerText: name
-                    descriptionText: {
-                        if (ServersModel.getProcessedServerData("isServerFromGatewayApi")) {
-                            return ApiServicesModel.getSelectedServiceData("serviceDescription")
-                        } else if (ServersModel.getProcessedServerData("isServerFromTelegramApi")) {
-                            return serverDescription
-                        } else if (ServersModel.isProcessedServerHasWriteAccess()) {
-                            return credentialsLogin + " · " + hostName
-                        } else {
-                            return hostName
-                        }
-                    }
-
-                    KeyNavigation.tab: tabBar
-
-                    actionButtonFunction: function() {
-                        if (nestedStackView.currentIndex === root.pageSettingsApiLanguageList) {
-                            nestedStackView.currentIndex = root.pageSettingsApiServerInfo
-                        } else {
-                            serverNameEditDrawer.open()
-                        }
-                    }
+                    KeyNavigation.tab: saveButton
                 }
 
-                DrawerType2 {
-                    id: serverNameEditDrawer
+                BasicButtonType {
+                    id: saveButton
 
-                    parent: root
+                    Layout.fillWidth: true
 
-                    anchors.fill: parent
-                    expandedHeight: root.height * 0.35
+                    text: qsTr("Save")
+                    KeyNavigation.tab: focusItem1
 
-                    onClosed: {
-                        if (!GC.isMobile()) {
-                            headerContent.actionButton.forceActiveFocus()
-                        }
-                    }
-
-                    expandedContent: ColumnLayout {
-                        anchors.top: parent.top
-                        anchors.left: parent.left
-                        anchors.right: parent.right
-                        anchors.topMargin: 32
-                        anchors.leftMargin: 16
-                        anchors.rightMargin: 16
-
-                        Connections {
-                            target: serverNameEditDrawer
-                            enabled: !GC.isMobile()
-                            function onOpened() {
-                                serverName.textField.forceActiveFocus()
-                            }
+                    clickedFunc: function() {
+                        if (serverName.textFieldText === "") {
+                            return
                         }
 
-                        Item {
-                            id: focusItem1
-                            KeyNavigation.tab: serverName.textField
-                        }
-
-                        TextFieldWithHeaderType {
-                            id: serverName
-
-                            Layout.fillWidth: true
-                            headerText: qsTr("Server name")
-                            textFieldText: name
-                            textField.maximumLength: 30
-                            checkEmptyText: true
-
-                            KeyNavigation.tab: saveButton
-                        }
-
-                        BasicButtonType {
-                            id: saveButton
-
-                            Layout.fillWidth: true
-
-                            text: qsTr("Save")
-                            KeyNavigation.tab: focusItem1
-
-                            clickedFunc: function() {
-                                if (serverName.textFieldText === "") {
-                                    return
-                                }
-
-                                if (serverName.textFieldText !== name) {
-                                    name = serverName.textFieldText
-                                }
-                                serverNameEditDrawer.close()
-                            }
+                        if (serverName.textFieldText !== root.processedServer.name) {
+                            ServersModel.setProcessedServerData("name", serverName.textFieldText);
                         }
+                        serverNameEditDrawer.close()
                     }
                 }
             }
@@ -257,8 +261,7 @@ PageType {
 
         StackLayout {
             id: nestedStackView
-            Layout.preferredWidth: root.width
-            Layout.preferredHeight: root.height - tabBar.implicitHeight - header.implicitHeight
+            Layout.fillWidth: true
 
             currentIndex: ServersModel.getProcessedServerData("isServerFromGatewayApi") ?
                               (ServersModel.getProcessedServerData("isCountrySelectionAvailable") ?

From 9e7cf7fa1f5ee298f97d057f3daf990a5c6920a5 Mon Sep 17 00:00:00 2001
From: Cyril Anisimov <cyan84@gmail.com>
Date: Tue, 10 Dec 2024 03:17:16 +0100
Subject: [PATCH 14/53] feature/xray user management (#972)

* feature: implement client management functionality for Xray

---------

Co-authored-by: aiamnezia <ai@amnezia.org>
Co-authored-by: vladimir.kuznetsov <nethiuswork@gmail.com>
---
 client/configurators/xray_configurator.cpp | 165 +++++++++-
 client/configurators/xray_configurator.h   |   4 +
 client/ui/controllers/exportController.cpp |   9 +-
 client/ui/controllers/exportController.h   |   2 +-
 client/ui/models/clientManagementModel.cpp | 353 +++++++++++++++++++--
 client/ui/models/clientManagementModel.h   |   6 +
 client/ui/qml/Pages2/PageShare.qml         |   2 +-
 7 files changed, 495 insertions(+), 46 deletions(-)

diff --git a/client/configurators/xray_configurator.cpp b/client/configurators/xray_configurator.cpp
index 786da47c..514aa821 100644
--- a/client/configurators/xray_configurator.cpp
+++ b/client/configurators/xray_configurator.cpp
@@ -3,38 +3,169 @@
 #include <QFile>
 #include <QJsonDocument>
 #include <QJsonObject>
+#include <QUuid>
+#include "logger.h"
 
 #include "containers/containers_defs.h"
 #include "core/controllers/serverController.h"
 #include "core/scripts_registry.h"
 
+namespace {
+Logger logger("XrayConfigurator");
+}
+
 XrayConfigurator::XrayConfigurator(std::shared_ptr<Settings> settings, const QSharedPointer<ServerController> &serverController, QObject *parent)
     : ConfiguratorBase(settings, serverController, parent)
 {
 }
 
-QString XrayConfigurator::createConfig(const ServerCredentials &credentials, DockerContainer container, const QJsonObject &containerConfig,
-                                       ErrorCode &errorCode)
+QString XrayConfigurator::prepareServerConfig(const ServerCredentials &credentials, DockerContainer container,
+                                               const QJsonObject &containerConfig, ErrorCode &errorCode)
 {
-    QString config = m_serverController->replaceVars(amnezia::scriptData(ProtocolScriptType::xray_template, container),
-                                                     m_serverController->genVarsForScript(credentials, container, containerConfig));
-
-    QString xrayPublicKey =
-            m_serverController->getTextFileFromContainer(container, credentials, amnezia::protocols::xray::PublicKeyPath, errorCode);
-    xrayPublicKey.replace("\n", "");
-
-    QString xrayUuid = m_serverController->getTextFileFromContainer(container, credentials, amnezia::protocols::xray::uuidPath, errorCode);
-    xrayUuid.replace("\n", "");
-
-    QString xrayShortId =
-            m_serverController->getTextFileFromContainer(container, credentials, amnezia::protocols::xray::shortidPath, errorCode);
-    xrayShortId.replace("\n", "");
-
+    // Generate new UUID for client
+    QString clientId = QUuid::createUuid().toString(QUuid::WithoutBraces);
+    
+    // Get current server config
+    QString currentConfig = m_serverController->getTextFileFromContainer(
+        container, credentials, amnezia::protocols::xray::serverConfigPath, errorCode);
+    
     if (errorCode != ErrorCode::NoError) {
+        logger.error() << "Failed to get server config file";
         return "";
     }
 
-    config.replace("$XRAY_CLIENT_ID", xrayUuid);
+    // Parse current config as JSON
+    QJsonDocument doc = QJsonDocument::fromJson(currentConfig.toUtf8());
+    if (doc.isNull() || !doc.isObject()) {
+        logger.error() << "Failed to parse server config JSON";
+        errorCode = ErrorCode::InternalError;
+        return "";
+    }
+
+    QJsonObject serverConfig = doc.object();
+    
+    // Validate server config structure
+    if (!serverConfig.contains("inbounds")) {
+        logger.error() << "Server config missing 'inbounds' field";
+        errorCode = ErrorCode::InternalError;
+        return "";
+    }
+
+    QJsonArray inbounds = serverConfig["inbounds"].toArray();
+    if (inbounds.isEmpty()) {
+        logger.error() << "Server config has empty 'inbounds' array";
+        errorCode = ErrorCode::InternalError;
+        return "";
+    }
+    
+    QJsonObject inbound = inbounds[0].toObject();
+    if (!inbound.contains("settings")) {
+        logger.error() << "Inbound missing 'settings' field";
+        errorCode = ErrorCode::InternalError;
+        return "";
+    }
+
+    QJsonObject settings = inbound["settings"].toObject();
+    if (!settings.contains("clients")) {
+        logger.error() << "Settings missing 'clients' field";
+        errorCode = ErrorCode::InternalError;
+        return "";
+    }
+
+    QJsonArray clients = settings["clients"].toArray();
+    
+    // Create configuration for new client
+    QJsonObject clientConfig {
+        {"id", clientId},
+        {"flow", "xtls-rprx-vision"}
+    };
+    
+    clients.append(clientConfig);
+    
+    // Update config
+    settings["clients"] = clients;
+    inbound["settings"] = settings;
+    inbounds[0] = inbound;
+    serverConfig["inbounds"] = inbounds;
+    
+    // Save updated config to server
+    QString updatedConfig = QJsonDocument(serverConfig).toJson();
+    errorCode = m_serverController->uploadTextFileToContainer(
+        container, 
+        credentials, 
+        updatedConfig,
+        amnezia::protocols::xray::serverConfigPath,
+        libssh::ScpOverwriteMode::ScpOverwriteExisting
+    );
+    if (errorCode != ErrorCode::NoError) {
+        logger.error() << "Failed to upload updated config";
+        return "";
+    }
+
+    // Restart container
+    QString restartScript = QString("sudo docker restart $CONTAINER_NAME");
+    errorCode = m_serverController->runScript(
+        credentials, 
+        m_serverController->replaceVars(restartScript, m_serverController->genVarsForScript(credentials, container))
+    );
+
+    if (errorCode != ErrorCode::NoError) {
+        logger.error() << "Failed to restart container";
+        return "";
+    }
+
+    return clientId;
+}
+
+QString XrayConfigurator::createConfig(const ServerCredentials &credentials, DockerContainer container,
+                                       const QJsonObject &containerConfig, ErrorCode &errorCode)
+{
+    // Get client ID from prepareServerConfig
+    QString xrayClientId = prepareServerConfig(credentials, container, containerConfig, errorCode);
+    if (errorCode != ErrorCode::NoError || xrayClientId.isEmpty()) {
+        logger.error() << "Failed to prepare server config";
+        errorCode = ErrorCode::InternalError;
+        return "";
+    }
+
+    QString config = m_serverController->replaceVars(amnezia::scriptData(ProtocolScriptType::xray_template, container),
+                                                     m_serverController->genVarsForScript(credentials, container, containerConfig));
+    
+    if (config.isEmpty()) {
+        logger.error() << "Failed to get config template";
+        errorCode = ErrorCode::InternalError;
+        return "";
+    }
+
+    QString xrayPublicKey =
+            m_serverController->getTextFileFromContainer(container, credentials, amnezia::protocols::xray::PublicKeyPath, errorCode);
+    if (errorCode != ErrorCode::NoError || xrayPublicKey.isEmpty()) {
+        logger.error() << "Failed to get public key";
+        errorCode = ErrorCode::InternalError;
+        return "";
+    }
+    xrayPublicKey.replace("\n", "");
+    
+    QString xrayShortId =
+            m_serverController->getTextFileFromContainer(container, credentials, amnezia::protocols::xray::shortidPath, errorCode);
+    if (errorCode != ErrorCode::NoError || xrayShortId.isEmpty()) {
+        logger.error() << "Failed to get short ID";
+        errorCode = ErrorCode::InternalError;
+        return "";
+    }
+    xrayShortId.replace("\n", "");
+
+    // Validate all required variables are present
+    if (!config.contains("$XRAY_CLIENT_ID") || !config.contains("$XRAY_PUBLIC_KEY") || !config.contains("$XRAY_SHORT_ID")) {
+        logger.error() << "Config template missing required variables:"
+                      << "XRAY_CLIENT_ID:" << !config.contains("$XRAY_CLIENT_ID")
+                      << "XRAY_PUBLIC_KEY:" << !config.contains("$XRAY_PUBLIC_KEY")
+                      << "XRAY_SHORT_ID:" << !config.contains("$XRAY_SHORT_ID");
+        errorCode = ErrorCode::InternalError;
+        return "";
+    }
+
+    config.replace("$XRAY_CLIENT_ID", xrayClientId);
     config.replace("$XRAY_PUBLIC_KEY", xrayPublicKey);
     config.replace("$XRAY_SHORT_ID", xrayShortId);
 
diff --git a/client/configurators/xray_configurator.h b/client/configurators/xray_configurator.h
index 2acfdf71..8ed4e775 100644
--- a/client/configurators/xray_configurator.h
+++ b/client/configurators/xray_configurator.h
@@ -14,6 +14,10 @@ public:
 
     QString createConfig(const ServerCredentials &credentials, DockerContainer container, const QJsonObject &containerConfig,
                          ErrorCode &errorCode);
+
+private:
+    QString prepareServerConfig(const ServerCredentials &credentials, DockerContainer container, const QJsonObject &containerConfig,
+                                ErrorCode &errorCode);
 };
 
 #endif // XRAY_CONFIGURATOR_H
diff --git a/client/ui/controllers/exportController.cpp b/client/ui/controllers/exportController.cpp
index 2690b5b1..8681406e 100644
--- a/client/ui/controllers/exportController.cpp
+++ b/client/ui/controllers/exportController.cpp
@@ -121,9 +121,8 @@ ErrorCode ExportController::generateNativeConfig(const DockerContainer container
 
     jsonNativeConfig = QJsonDocument::fromJson(protocolConfigString.toUtf8()).object();
 
-    if (protocol == Proto::OpenVpn || protocol == Proto::WireGuard || protocol == Proto::Awg) {
-        auto clientId = jsonNativeConfig.value(config_key::clientId).toString();
-        errorCode = m_clientManagementModel->appendClient(clientId, clientName, container, credentials, serverController);
+    if (protocol == Proto::OpenVpn || protocol == Proto::WireGuard || protocol == Proto::Awg || protocol == Proto::Xray) {
+        errorCode = m_clientManagementModel->appendClient(jsonNativeConfig, clientName, container, credentials, serverController);
     }
     return errorCode;
 }
@@ -248,10 +247,10 @@ void ExportController::generateCloakConfig()
     emit exportConfigChanged();
 }
 
-void ExportController::generateXrayConfig()
+void ExportController::generateXrayConfig(const QString &clientName)
 {
     QJsonObject nativeConfig;
-    ErrorCode errorCode = generateNativeConfig(DockerContainer::Xray, "", Proto::Xray, nativeConfig);
+    ErrorCode errorCode = generateNativeConfig(DockerContainer::Xray, clientName, Proto::Xray, nativeConfig);
     if (errorCode) {
         emit exportErrorOccurred(errorCode);
         return;
diff --git a/client/ui/controllers/exportController.h b/client/ui/controllers/exportController.h
index b031ea39..a2c9fcfa 100644
--- a/client/ui/controllers/exportController.h
+++ b/client/ui/controllers/exportController.h
@@ -28,7 +28,7 @@ public slots:
     void generateAwgConfig(const QString &clientName);
     void generateShadowSocksConfig();
     void generateCloakConfig();
-    void generateXrayConfig();
+    void generateXrayConfig(const QString &clientName);
 
     QString getConfig();
     QString getNativeConfigString();
diff --git a/client/ui/models/clientManagementModel.cpp b/client/ui/models/clientManagementModel.cpp
index 7445d60f..f07eae71 100644
--- a/client/ui/models/clientManagementModel.cpp
+++ b/client/ui/models/clientManagementModel.cpp
@@ -106,6 +106,8 @@ ErrorCode ClientManagementModel::updateModel(const DockerContainer container, co
             error = getOpenVpnClients(container, credentials, serverController, count);
         } else if (container == DockerContainer::WireGuard || container == DockerContainer::Awg) {
             error = getWireGuardClients(container, credentials, serverController, count);
+        } else if (container == DockerContainer::Xray) {
+            error = getXrayClients(container, credentials, serverController, count);
         }
         if (error != ErrorCode::NoError) {
             endResetModel();
@@ -239,6 +241,68 @@ ErrorCode ClientManagementModel::getWireGuardClients(const DockerContainer conta
     }
     return error;
 }
+ErrorCode ClientManagementModel::getXrayClients(const DockerContainer container, const ServerCredentials& credentials,
+                                                const QSharedPointer<ServerController> &serverController, int &count)
+{
+    ErrorCode error = ErrorCode::NoError;
+
+    const QString serverConfigPath = amnezia::protocols::xray::serverConfigPath;
+    const QString configString = serverController->getTextFileFromContainer(container, credentials, serverConfigPath, error);
+    if (error != ErrorCode::NoError) {
+        logger.error() << "Failed to get the xray server config file from the server";
+        return error;
+    }
+
+    QJsonDocument serverConfig = QJsonDocument::fromJson(configString.toUtf8());
+    if (serverConfig.isNull()) {
+        logger.error() << "Failed to parse xray server config JSON";
+        return ErrorCode::InternalError;
+    }
+
+    if (!serverConfig.object().contains("inbounds") || serverConfig.object()["inbounds"].toArray().isEmpty()) {
+        logger.error() << "Invalid xray server config structure";
+        return ErrorCode::InternalError;
+    }
+
+    const QJsonObject inbound = serverConfig.object()["inbounds"].toArray()[0].toObject();
+    if (!inbound.contains("settings")) {
+        logger.error() << "Missing settings in xray inbound config";
+        return ErrorCode::InternalError;
+    }
+
+    const QJsonObject settings = inbound["settings"].toObject();
+    if (!settings.contains("clients")) {
+        logger.error() << "Missing clients in xray settings config"; 
+        return ErrorCode::InternalError;
+    }
+
+    const QJsonArray clients = settings["clients"].toArray();
+    for (const auto &clientValue : clients) {
+        const QJsonObject clientObj = clientValue.toObject();
+        if (!clientObj.contains("id")) {
+            logger.error() << "Missing id in xray client config";
+            continue;
+        }
+        QString clientId = clientObj["id"].toString();
+        
+        QString xrayDefaultUuid = serverController->getTextFileFromContainer(container, credentials, amnezia::protocols::xray::uuidPath, error);
+        xrayDefaultUuid.replace("\n", "");
+
+        if (!isClientExists(clientId) && clientId != xrayDefaultUuid) {
+            QJsonObject client;
+            client[configKey::clientId] = clientId;
+
+            QJsonObject userData;
+            userData[configKey::clientName] = QString("Client %1").arg(count);
+            client[configKey::userData] = userData;
+
+            m_clientsTable.push_back(client);
+            count++;
+        }
+    }
+
+    return error;
+}
 
 ErrorCode ClientManagementModel::wgShow(const DockerContainer container, const ServerCredentials &credentials,
                                         const QSharedPointer<ServerController> &serverController, std::vector<WgShowData> &data)
@@ -326,17 +390,67 @@ ErrorCode ClientManagementModel::appendClient(const DockerContainer container, c
                                               const QSharedPointer<ServerController> &serverController)
 {
     Proto protocol;
-    if (container == DockerContainer::ShadowSocks || container == DockerContainer::Cloak) {
-        protocol = Proto::OpenVpn;
-    } else if (container == DockerContainer::OpenVpn || container == DockerContainer::WireGuard || container == DockerContainer::Awg) {
-        protocol = ContainerProps::defaultProtocol(container);
-    } else {
-        return ErrorCode::NoError;
+    switch (container) {
+        case DockerContainer::ShadowSocks:
+        case DockerContainer::Cloak:
+            protocol = Proto::OpenVpn;
+            break;
+        case DockerContainer::OpenVpn:
+        case DockerContainer::WireGuard:
+        case DockerContainer::Awg:
+        case DockerContainer::Xray:
+            protocol = ContainerProps::defaultProtocol(container);
+            break;
+        default:
+            return ErrorCode::NoError;
     }
 
     auto protocolConfig = ContainerProps::getProtocolConfigFromContainer(protocol, containerConfig);
+    return appendClient(protocolConfig, clientName, container, credentials, serverController);
+}
 
-    return appendClient(protocolConfig.value(config_key::clientId).toString(), clientName, container, credentials, serverController);
+ErrorCode ClientManagementModel::appendClient(QJsonObject &protocolConfig, const QString &clientName, const DockerContainer container,
+                                              const ServerCredentials &credentials, const QSharedPointer<ServerController> &serverController)
+{
+    QString clientId;
+    if (container == DockerContainer::Xray) {
+        if (!protocolConfig.contains("outbounds")) {
+            return ErrorCode::InternalError;
+        }
+        QJsonArray outbounds = protocolConfig.value("outbounds").toArray();
+        if (outbounds.isEmpty()) {
+            return ErrorCode::InternalError;
+        }
+        QJsonObject outbound = outbounds[0].toObject();
+        if (!outbound.contains("settings")) {
+            return ErrorCode::InternalError;
+        }
+        QJsonObject settings = outbound["settings"].toObject();
+        if (!settings.contains("vnext")) {
+            return ErrorCode::InternalError;
+        }
+        QJsonArray vnext = settings["vnext"].toArray();
+        if (vnext.isEmpty()) {
+            return ErrorCode::InternalError;
+        }
+        QJsonObject vnextObj = vnext[0].toObject();
+        if (!vnextObj.contains("users")) {
+            return ErrorCode::InternalError;
+        }
+        QJsonArray users = vnextObj["users"].toArray();
+        if (users.isEmpty()) {
+            return ErrorCode::InternalError;
+        }
+        QJsonObject user = users[0].toObject();
+        if (!user.contains("id")) {
+            return ErrorCode::InternalError;
+        }
+        clientId = user["id"].toString();
+    } else {
+        clientId = protocolConfig.value(config_key::clientId).toString();
+    }
+    
+    return appendClient(clientId, clientName, container, credentials, serverController);
 }
 
 ErrorCode ClientManagementModel::appendClient(const QString &clientId, const QString &clientName, const DockerContainer container,
@@ -422,10 +536,27 @@ ErrorCode ClientManagementModel::revokeClient(const int row, const DockerContain
     auto client = m_clientsTable.at(row).toObject();
     QString clientId = client.value(configKey::clientId).toString();
 
-    if (container == DockerContainer::OpenVpn || container == DockerContainer::ShadowSocks || container == DockerContainer::Cloak) {
-        errorCode = revokeOpenVpn(row, container, credentials, serverIndex, serverController);
-    } else if (container == DockerContainer::WireGuard || container == DockerContainer::Awg) {
-        errorCode = revokeWireGuard(row, container, credentials, serverController);
+    switch(container)
+    {
+        case DockerContainer::OpenVpn:
+        case DockerContainer::ShadowSocks:
+        case DockerContainer::Cloak: {
+            errorCode = revokeOpenVpn(row, container, credentials, serverIndex, serverController);
+            break;
+        }
+        case DockerContainer::WireGuard:
+        case DockerContainer::Awg: {
+            errorCode = revokeWireGuard(row, container, credentials, serverController);
+            break;
+        }
+        case DockerContainer::Xray: {
+            errorCode = revokeXray(row, container, credentials, serverController);
+            break;
+        }
+        default: {
+            logger.error() << "Internal error: received unexpected container type";
+            return ErrorCode::InternalError;
+        }
     }
 
     if (errorCode == ErrorCode::NoError) {
@@ -463,19 +594,69 @@ ErrorCode ClientManagementModel::revokeClient(const QJsonObject &containerConfig
     }
 
     Proto protocol;
-    if (container == DockerContainer::ShadowSocks || container == DockerContainer::Cloak) {
-        protocol = Proto::OpenVpn;
-    } else if (container == DockerContainer::OpenVpn || container == DockerContainer::WireGuard || container == DockerContainer::Awg) {
-        protocol = ContainerProps::defaultProtocol(container);
-    } else {
-        return ErrorCode::NoError;
+
+    switch(container)
+    {
+        case DockerContainer::ShadowSocks:
+        case DockerContainer::Cloak: {
+            protocol = Proto::OpenVpn;
+            break;
+        }
+        case DockerContainer::OpenVpn:
+        case DockerContainer::WireGuard:
+        case DockerContainer::Awg:
+        case DockerContainer::Xray: {
+            protocol = ContainerProps::defaultProtocol(container);
+            break;
+        }
+        default: {
+            logger.error() << "Internal error: received unexpected container type";
+            return ErrorCode::InternalError;
+        }
     }
 
     auto protocolConfig = ContainerProps::getProtocolConfigFromContainer(protocol, containerConfig);
 
+    QString clientId;
+    if (container == DockerContainer::Xray) {
+        if (!protocolConfig.contains("outbounds")) {
+            return ErrorCode::InternalError;
+        }
+        QJsonArray outbounds = protocolConfig.value("outbounds").toArray();
+        if (outbounds.isEmpty()) {
+            return ErrorCode::InternalError;
+        }
+        QJsonObject outbound = outbounds[0].toObject();
+        if (!outbound.contains("settings")) {
+            return ErrorCode::InternalError;
+        }
+        QJsonObject settings = outbound["settings"].toObject();
+        if (!settings.contains("vnext")) {
+            return ErrorCode::InternalError;
+        }
+        QJsonArray vnext = settings["vnext"].toArray();
+        if (vnext.isEmpty()) {
+            return ErrorCode::InternalError;
+        }
+        QJsonObject vnextObj = vnext[0].toObject();
+        if (!vnextObj.contains("users")) {
+            return ErrorCode::InternalError;
+        }
+        QJsonArray users = vnextObj["users"].toArray();
+        if (users.isEmpty()) {
+            return ErrorCode::InternalError;
+        }
+        QJsonObject user = users[0].toObject();
+        if (!user.contains("id")) {
+            return ErrorCode::InternalError;
+        }
+        clientId = user["id"].toString();
+    } else {
+        clientId = protocolConfig.value(config_key::clientId).toString();
+    }
+
     int row;
     bool clientExists = false;
-    QString clientId = protocolConfig.value(config_key::clientId).toString();
     for (row = 0; row < rowCount(); row++) {
         auto client = m_clientsTable.at(row).toObject();
         if (clientId == client.value(configKey::clientId).toString()) {
@@ -487,11 +668,28 @@ ErrorCode ClientManagementModel::revokeClient(const QJsonObject &containerConfig
         return errorCode;
     }
 
-    if (container == DockerContainer::OpenVpn || container == DockerContainer::ShadowSocks || container == DockerContainer::Cloak) {
+    switch (container)
+    {
+    case DockerContainer::OpenVpn:
+    case DockerContainer::ShadowSocks:
+    case DockerContainer::Cloak: {
         errorCode = revokeOpenVpn(row, container, credentials, serverIndex, serverController);
-    } else if (container == DockerContainer::WireGuard || container == DockerContainer::Awg) {
-        errorCode = revokeWireGuard(row, container, credentials, serverController);
+        break;
     }
+    case DockerContainer::WireGuard:
+    case DockerContainer::Awg: {
+        errorCode = revokeWireGuard(row, container, credentials, serverController);
+        break;
+    }
+    case DockerContainer::Xray: {
+        errorCode = revokeXray(row, container, credentials, serverController);
+        break;
+    }
+    default:
+        logger.error() << "Internal error: received unexpected container type";
+        return ErrorCode::InternalError;
+    }
+
     return errorCode;
 }
 
@@ -594,6 +792,117 @@ ErrorCode ClientManagementModel::revokeWireGuard(const int row, const DockerCont
     return ErrorCode::NoError;
 }
 
+ErrorCode ClientManagementModel::revokeXray(const int row,
+                                            const DockerContainer container,
+                                            const ServerCredentials &credentials,
+                                            const QSharedPointer<ServerController> &serverController)
+{
+    ErrorCode error = ErrorCode::NoError;
+
+    // Get server config
+    const QString serverConfigPath = amnezia::protocols::xray::serverConfigPath;
+    const QString configString = serverController->getTextFileFromContainer(container, credentials, serverConfigPath, error);
+    if (error != ErrorCode::NoError) {
+        logger.error() << "Failed to get the xray server config file";
+        return error;
+    }
+
+    QJsonDocument serverConfig = QJsonDocument::fromJson(configString.toUtf8());
+    if (serverConfig.isNull()) {
+        logger.error() << "Failed to parse xray server config JSON";
+        return ErrorCode::InternalError;
+    }
+
+    // Get client ID to remove
+    auto client = m_clientsTable.at(row).toObject();
+    QString clientId = client.value(configKey::clientId).toString();
+
+    // Remove client from server config
+    QJsonObject configObj = serverConfig.object();
+    if (!configObj.contains("inbounds")) {
+        logger.error() << "Missing inbounds in xray config";
+        return ErrorCode::InternalError;
+    }
+
+    QJsonArray inbounds = configObj["inbounds"].toArray();
+    if (inbounds.isEmpty()) {
+        logger.error() << "Empty inbounds array in xray config";
+        return ErrorCode::InternalError;
+    }
+
+    QJsonObject inbound = inbounds[0].toObject();
+    if (!inbound.contains("settings")) {
+        logger.error() << "Missing settings in xray inbound config";
+        return ErrorCode::InternalError;
+    }
+
+    QJsonObject settings = inbound["settings"].toObject();
+    if (!settings.contains("clients")) {
+        logger.error() << "Missing clients in xray settings";
+        return ErrorCode::InternalError;
+    }
+
+    QJsonArray clients = settings["clients"].toArray();
+    if (clients.isEmpty()) {
+        logger.error() << "Empty clients array in xray config";
+        return ErrorCode::InternalError;
+    }
+
+    for (int i = 0; i < clients.size(); ++i) {
+        QJsonObject clientObj = clients[i].toObject();
+        if (clientObj.contains("id") && clientObj["id"].toString() == clientId) {
+            clients.removeAt(i);
+            break;
+        }
+    }
+
+    // Update server config
+    settings["clients"] = clients;
+    inbound["settings"] = settings;
+    inbounds[0] = inbound;
+    configObj["inbounds"] = inbounds;
+
+    // Upload updated config
+    error = serverController->uploadTextFileToContainer(
+        container, 
+        credentials,
+        QJsonDocument(configObj).toJson(),
+        serverConfigPath
+    );
+    if (error != ErrorCode::NoError) {
+        logger.error() << "Failed to upload updated xray config";
+        return error;
+    }
+
+    // Remove from local table
+    beginRemoveRows(QModelIndex(), row, row);
+    m_clientsTable.removeAt(row);
+    endRemoveRows();
+
+    // Update clients table file on server
+    const QByteArray clientsTableString = QJsonDocument(m_clientsTable).toJson();
+    QString clientsTableFile = QString("/opt/amnezia/%1/clientsTable")
+        .arg(ContainerProps::containerTypeToString(container));
+
+    error = serverController->uploadTextFileToContainer(container, credentials, clientsTableString, clientsTableFile);
+    if (error != ErrorCode::NoError) {
+        logger.error() << "Failed to upload the clientsTable file";
+    }
+
+    // Restart container
+    QString restartScript = QString("sudo docker restart $CONTAINER_NAME");
+    error = serverController->runScript(
+        credentials, 
+        serverController->replaceVars(restartScript, serverController->genVarsForScript(credentials, container))
+    );
+    if (error != ErrorCode::NoError) {
+        logger.error() << "Failed to restart xray container";
+        return error;
+    }
+
+    return error;
+}
+
 QHash<int, QByteArray> ClientManagementModel::roleNames() const
 {
     QHash<int, QByteArray> roles;
@@ -604,4 +913,4 @@ QHash<int, QByteArray> ClientManagementModel::roleNames() const
     roles[DataSentRole] = "dataSent";
     roles[AllowedIpsRole] = "allowedIps";
     return roles;
-}
+}
\ No newline at end of file
diff --git a/client/ui/models/clientManagementModel.h b/client/ui/models/clientManagementModel.h
index 60132abe..989120a9 100644
--- a/client/ui/models/clientManagementModel.h
+++ b/client/ui/models/clientManagementModel.h
@@ -40,6 +40,8 @@ public slots:
                           const QSharedPointer<ServerController> &serverController);
     ErrorCode appendClient(const DockerContainer container, const ServerCredentials &credentials, const QJsonObject &containerConfig,
                            const QString &clientName, const QSharedPointer<ServerController> &serverController);
+    ErrorCode appendClient(QJsonObject &protocolConfig, const QString &clientName,const DockerContainer container,
+                           const ServerCredentials &credentials, const QSharedPointer<ServerController> &serverController);
     ErrorCode appendClient(const QString &clientId, const QString &clientName, const DockerContainer container,
                            const ServerCredentials &credentials, const QSharedPointer<ServerController> &serverController);
     ErrorCode renameClient(const int row, const QString &userName, const DockerContainer container, const ServerCredentials &credentials,
@@ -64,11 +66,15 @@ private:
                             const QSharedPointer<ServerController> &serverController);
     ErrorCode revokeWireGuard(const int row, const DockerContainer container, const ServerCredentials &credentials,
                               const QSharedPointer<ServerController> &serverController);
+    ErrorCode revokeXray(const int row, const DockerContainer container, const ServerCredentials &credentials,
+                         const QSharedPointer<ServerController> &serverController);
 
     ErrorCode getOpenVpnClients(const DockerContainer container, const ServerCredentials &credentials,
                                 const QSharedPointer<ServerController> &serverController, int &count);
     ErrorCode getWireGuardClients(const DockerContainer container, const ServerCredentials &credentials,
                                   const QSharedPointer<ServerController> &serverController, int &count);
+    ErrorCode getXrayClients(const DockerContainer container, const ServerCredentials& credentials,
+                             const QSharedPointer<ServerController> &serverController, int &count);
 
     ErrorCode wgShow(const DockerContainer container, const ServerCredentials &credentials,
                      const QSharedPointer<ServerController> &serverController, std::vector<WgShowData> &data);
diff --git a/client/ui/qml/Pages2/PageShare.qml b/client/ui/qml/Pages2/PageShare.qml
index 995fa3e7..d6ce7848 100644
--- a/client/ui/qml/Pages2/PageShare.qml
+++ b/client/ui/qml/Pages2/PageShare.qml
@@ -92,7 +92,7 @@ PageType {
                 break
             }
             case PageShare.ConfigType.Xray: {
-                ExportController.generateXrayConfig()
+                ExportController.generateXrayConfig(clientNameTextField.textFieldText)
                 shareConnectionDrawer.configCaption = qsTr("Save XRay config")
                 shareConnectionDrawer.configExtension = ".json"
                 shareConnectionDrawer.configFileName = "amnezia_for_xray"

From 6a21994736ae1cad4c377a6d27e88eaf2b764482 Mon Sep 17 00:00:00 2001
From: aiamnezia <ai@amnezia.org>
Date: Tue, 10 Dec 2024 19:04:11 +0400
Subject: [PATCH 15/53] Fix formatting

---
 client/ui/controllers/updateController.cpp | 15 +++--
 client/ui/controllers/updateController.h   |  1 +
 ipc/ipcserver.cpp                          | 78 ++++++++++------------
 ipc/ipcserver.h                            | 12 ++--
 4 files changed, 50 insertions(+), 56 deletions(-)

diff --git a/client/ui/controllers/updateController.cpp b/client/ui/controllers/updateController.cpp
index 45acf190..80d04d6a 100644
--- a/client/ui/controllers/updateController.cpp
+++ b/client/ui/controllers/updateController.cpp
@@ -9,7 +9,8 @@
 #include "core/errorstrings.h"
 #include "version.h"
 
-namespace {
+namespace
+{
 #ifdef Q_OS_MACOS
     const QString installerPath = QStandardPaths::writableLocation(QStandardPaths::TempLocation) + "/AmneziaVPN.dmg";
 #elif defined Q_OS_WINDOWS
@@ -19,7 +20,8 @@ namespace {
 #endif
 }
 
-UpdateController::UpdateController(const std::shared_ptr<Settings> &settings, QObject *parent) : QObject(parent), m_settings(settings)
+UpdateController::UpdateController(const std::shared_ptr<Settings> &settings, QObject *parent)
+    : QObject(parent), m_settings(settings)
 {
 }
 
@@ -62,19 +64,19 @@ void UpdateController::checkForUpdates()
 
                 for (auto asset : assets) {
                     QJsonObject assetObject = asset.toObject();
-                    #ifdef Q_OS_WINDOWS
+#ifdef Q_OS_WINDOWS
                     if (assetObject.value("name").toString().endsWith(".exe")) {
                         m_downloadUrl = assetObject.value("browser_download_url").toString();
                     }
-                    #elif defined(Q_OS_MACOS)
+#elif defined(Q_OS_MACOS)
                     if (assetObject.value("name").toString().endsWith(".dmg")) {
                         m_downloadUrl = assetObject.value("browser_download_url").toString();
                     }
-                    #elif defined(Q_OS_LINUX) && !defined(Q_OS_ANDROID)
+#elif defined(Q_OS_LINUX) && !defined(Q_OS_ANDROID)
                     if (assetObject.value("name").toString().contains(".tar.zip")) {
                         m_downloadUrl = assetObject.value("browser_download_url").toString();
                     }
-                    #endif
+#endif
                 }
 
                 emit updateFound();
@@ -141,5 +143,4 @@ void UpdateController::runInstaller()
 
         reply->deleteLater();
     });
-
 }
diff --git a/client/ui/controllers/updateController.h b/client/ui/controllers/updateController.h
index 986174ac..ea5c22fa 100644
--- a/client/ui/controllers/updateController.h
+++ b/client/ui/controllers/updateController.h
@@ -22,6 +22,7 @@ public slots:
 signals:
     void updateFound();
     void errorOccured(const QString &errorMessage);
+
 private:
     std::shared_ptr<Settings> m_settings;
 
diff --git a/ipc/ipcserver.cpp b/ipc/ipcserver.cpp
index d02fe56a..46c96074 100644
--- a/ipc/ipcserver.cpp
+++ b/ipc/ipcserver.cpp
@@ -9,8 +9,8 @@
 #include "logger.h"
 #include "router.h"
 
-#include "../core/networkUtilities.h"
 #include "../client/protocols/protocols_defs.h"
+#include "../core/networkUtilities.h"
 #ifdef Q_OS_WIN
     #include "../client/platforms/windows/daemon/windowsdaemon.h"
     #include "../client/platforms/windows/daemon/windowsfirewall.h"
@@ -60,12 +60,15 @@ int IpcServer::createPrivilegedProcess()
         }
     });
 
-    QObject::connect(pd.serverNode.data(), &QRemoteObjectHost::error, this,
-                     [pd](QRemoteObjectNode::ErrorCode errorCode) { qDebug() << "QRemoteObjectHost::error" << errorCode; });
+    QObject::connect(pd.serverNode.data(), &QRemoteObjectHost::error, this, [pd](QRemoteObjectNode::ErrorCode errorCode) {
+        qDebug() << "QRemoteObjectHost::error" << errorCode;
+    });
 
-    QObject::connect(pd.serverNode.data(), &QRemoteObjectHost::destroyed, this, [pd]() { qDebug() << "QRemoteObjectHost::destroyed"; });
+    QObject::connect(pd.serverNode.data(), &QRemoteObjectHost::destroyed, this,
+                     [pd]() { qDebug() << "QRemoteObjectHost::destroyed"; });
 
-    //    connect(pd.ipcProcess.data(), &IpcServerProcess::finished, this, [this, pid=m_localpid](int exitCode, QProcess::ExitStatus exitStatus){
+    //    connect(pd.ipcProcess.data(), &IpcServerProcess::finished, this, [this, pid=m_localpid](int exitCode,
+    //    QProcess::ExitStatus exitStatus){
     //        qDebug() << "IpcServerProcess finished" << exitCode << exitStatus;
     ////        if (m_processes.contains(pid)) {
     ////            m_processes[pid].ipcProcess.reset();
@@ -386,17 +389,14 @@ int IpcServer::installApp(const QString &path)
     // On Windows, simply run the .exe file with administrator privileges
     QProcess process;
     process.setProgram("powershell.exe");
-    process.setArguments(QStringList() 
-        << "Start-Process"
-        << path
-        << "-Verb" 
-        << "RunAs"
-        << "-Wait");
-    
+    process.setArguments(QStringList() << "Start-Process" << path << "-Verb"
+                                       << "RunAs"
+                                       << "-Wait");
+
     qDebug() << "Launching installer with elevated privileges...";
     process.start();
     process.waitForFinished();
-    
+
     if (process.exitCode() != 0) {
         qDebug() << "Installation error:" << process.readAllStandardError();
     }
@@ -404,57 +404,47 @@ int IpcServer::installApp(const QString &path)
 
 #elif defined(Q_OS_MACOS)
     // DRAFT
-    
+
     QProcess process;
     QString tempDir = QStandardPaths::writableLocation(QStandardPaths::TempLocation);
     QString mountPoint = tempDir + "/AmneziaVPN_mount";
-    
+
     // Create mount point
     QDir dir(mountPoint);
     if (!dir.exists()) {
         dir.mkpath(".");
     }
-    
+
     // Mount DMG image
     qDebug() << "Mounting DMG image...";
-    process.start("hdiutil", QStringList() 
-        << "attach" 
-        << path
-        << "-mountpoint" 
-        << mountPoint
-        << "-nobrowse");
+    process.start("hdiutil", QStringList() << "attach" << path << "-mountpoint" << mountPoint << "-nobrowse");
     process.waitForFinished();
-    
+
     if (process.exitCode() != 0) {
         qDebug() << "Failed to mount DMG:" << process.readAllStandardError();
         return process.exitCode();
     }
-    
+
     // Look for .app bundle in mounted image
     QDirIterator it(mountPoint, QStringList() << "*.app", QDir::Dirs);
     if (!it.hasNext()) {
         qDebug() << "No .app bundle found in DMG";
         return -1;
     }
-    
+
     QString appPath = it.next();
     QString targetPath = "/Applications/" + QFileInfo(appPath).fileName();
-    
+
     // Copy application to /Applications
     qDebug() << "Copying app to Applications folder...";
-    process.start("cp", QStringList() 
-        << "-R"
-        << appPath 
-        << targetPath);
+    process.start("cp", QStringList() << "-R" << appPath << targetPath);
     process.waitForFinished();
-    
+
     // Unmount DMG
     qDebug() << "Unmounting DMG...";
-    process.start("hdiutil", QStringList() 
-        << "detach" 
-        << mountPoint);
+    process.start("hdiutil", QStringList() << "detach" << mountPoint);
     process.waitForFinished();
-    
+
     if (process.exitCode() != 0) {
         qDebug() << "Installation error:" << process.readAllStandardError();
     }
@@ -464,17 +454,17 @@ int IpcServer::installApp(const QString &path)
     QProcess process;
     QString tempDir = QStandardPaths::writableLocation(QStandardPaths::TempLocation);
     QString extractDir = tempDir + "/amnezia_update";
-    
+
     qDebug() << "Installing app from:" << path;
     qDebug() << "Using temp directory:" << extractDir;
-    
+
     // Create extraction directory if it doesn't exist
     QDir dir(extractDir);
     if (!dir.exists()) {
         dir.mkpath(".");
         qDebug() << "Created extraction directory";
     }
-    
+
     // First, extract the zip archive
     qDebug() << "Extracting ZIP archive...";
     process.start("unzip", QStringList() << path << "-d" << extractDir);
@@ -484,7 +474,7 @@ int IpcServer::installApp(const QString &path)
         return process.exitCode();
     }
     qDebug() << "ZIP archive extracted successfully";
-    
+
     // Look for tar file in extracted files
     qDebug() << "Looking for TAR file...";
     QDirIterator tarIt(extractDir, QStringList() << "*.tar", QDir::Files);
@@ -492,12 +482,12 @@ int IpcServer::installApp(const QString &path)
         qDebug() << "TAR file not found in the extracted archive";
         return -1;
     }
-    
+
     // Extract found tar archive
     QString tarPath = tarIt.next();
     qDebug() << "Found TAR file:" << tarPath;
     qDebug() << "Extracting TAR archive...";
-    
+
     process.start("tar", QStringList() << "-xf" << tarPath << "-C" << extractDir);
     process.waitForFinished();
     if (process.exitCode() != 0) {
@@ -505,11 +495,11 @@ int IpcServer::installApp(const QString &path)
         return process.exitCode();
     }
     qDebug() << "TAR archive extracted successfully";
-    
+
     // Remove tar file as it's no longer needed
     QFile::remove(tarPath);
     qDebug() << "Removed temporary TAR file";
-    
+
     // Find executable file and run it
     qDebug() << "Looking for executable file...";
     QDirIterator it(extractDir, QDir::Files | QDir::Executable, QDirIterator::Subdirectories);
@@ -524,7 +514,7 @@ int IpcServer::installApp(const QString &path)
         qDebug() << "Installer finished with exit code:" << process.exitCode();
         return process.exitCode();
     }
-    
+
     qDebug() << "No executable file found";
     return -1; // Executable not found
 #endif
diff --git a/ipc/ipcserver.h b/ipc/ipcserver.h
index 7e5b21d1..c3aaaf4e 100644
--- a/ipc/ipcserver.h
+++ b/ipc/ipcserver.h
@@ -1,11 +1,11 @@
 #ifndef IPCSERVER_H
 #define IPCSERVER_H
 
+#include "../client/daemon/interfaceconfig.h"
+#include <QJsonObject>
 #include <QLocalServer>
 #include <QObject>
 #include <QRemoteObjectNode>
-#include <QJsonObject>
-#include "../client/daemon/interfaceconfig.h"
 
 #include "ipc.h"
 #include "ipcserverprocess.h"
@@ -37,15 +37,17 @@ public:
     virtual bool enablePeerTraffic(const QJsonObject &configStr) override;
     virtual bool enableKillSwitch(const QJsonObject &excludeAddr, int vpnAdapterIndex) override;
     virtual bool disableKillSwitch() override;
-    virtual bool updateResolvers(const QString& ifname, const QList<QHostAddress>& resolvers) override;
+    virtual bool updateResolvers(const QString &ifname, const QList<QHostAddress> &resolvers) override;
     virtual int mountDmg(const QString &path, bool mount) override;
     virtual int installApp(const QString &path) override;
 
 private:
     int m_localpid = 0;
 
-    struct ProcessDescriptor {
-        ProcessDescriptor (QObject *parent = nullptr) {
+    struct ProcessDescriptor
+    {
+        ProcessDescriptor(QObject *parent = nullptr)
+        {
             serverNode = QSharedPointer<QRemoteObjectHost>(new QRemoteObjectHost(parent));
             ipcProcess = QSharedPointer<IpcServerProcess>(new IpcServerProcess(parent));
             tun2socksProcess = QSharedPointer<IpcProcessTun2Socks>(new IpcProcessTun2Socks(parent));

From 3b300a203f9c9ecdd772a9d985b43f646ff8c106 Mon Sep 17 00:00:00 2001
From: aiamnezia <ai@amnezia.org>
Date: Wed, 11 Dec 2024 20:24:59 +0400
Subject: [PATCH 16/53] Fix installation for Windows and MacOS

---
 ipc/ipcserver.cpp | 88 ++++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 75 insertions(+), 13 deletions(-)

diff --git a/ipc/ipcserver.cpp b/ipc/ipcserver.cpp
index 46c96074..1d0182b8 100644
--- a/ipc/ipcserver.cpp
+++ b/ipc/ipcserver.cpp
@@ -386,15 +386,46 @@ int IpcServer::installApp(const QString &path)
     qDebug() << "Installing app from:" << path;
 
 #ifdef Q_OS_WINDOWS
-    // On Windows, simply run the .exe file with administrator privileges
     QProcess process;
-    process.setProgram("powershell.exe");
-    process.setArguments(QStringList() << "Start-Process" << path << "-Verb"
-                                       << "RunAs"
-                                       << "-Wait");
+    QString tempDir = QStandardPaths::writableLocation(QStandardPaths::TempLocation);
+    QString extractDir = tempDir + "/amnezia_update";
 
+    // Create extraction directory if it doesn't exist
+    QDir dir(extractDir);
+    if (!dir.exists()) {
+        dir.mkpath(".");
+        qDebug() << "Created extraction directory";
+    }
+
+    // Extract ZIP archive
+    qDebug() << "Extracting ZIP archive...";
+    process.start("powershell.exe",
+                  QStringList() << "Expand-Archive"
+                                << "-Path" << path << "-DestinationPath" << extractDir << "-Force");
+    process.waitForFinished();
+
+    if (process.exitCode() != 0) {
+        qDebug() << "ZIP extraction error:" << process.readAllStandardError();
+        return process.exitCode();
+    }
+    qDebug() << "ZIP archive extracted successfully";
+
+    // Find .exe file in extracted directory
+    QDirIterator it(extractDir, QStringList() << "*.exe", QDir::Files, QDirIterator::Subdirectories);
+    if (!it.hasNext()) {
+        qDebug() << "No .exe file found in the extracted archive";
+        return -1;
+    }
+
+    QString installerPath = it.next();
+    qDebug() << "Found installer:" << installerPath;
+
+    // Run installer with elevated privileges
     qDebug() << "Launching installer with elevated privileges...";
-    process.start();
+    process.start("powershell.exe",
+                  QStringList() << "Start-Process" << installerPath << "-Verb"
+                                << "RunAs"
+                                << "-Wait");
     process.waitForFinished();
 
     if (process.exitCode() != 0) {
@@ -403,21 +434,48 @@ int IpcServer::installApp(const QString &path)
     return process.exitCode();
 
 #elif defined(Q_OS_MACOS)
-    // DRAFT
-
     QProcess process;
     QString tempDir = QStandardPaths::writableLocation(QStandardPaths::TempLocation);
+    QString extractDir = tempDir + "/amnezia_update";
+
+    // Create extraction directory
+    QDir dir(extractDir);
+    if (!dir.exists()) {
+        dir.mkpath(".");
+        qDebug() << "Created extraction directory";
+    }
+
+    // Extract ZIP archive using unzip command
+    qDebug() << "Extracting ZIP archive...";
+    process.start("unzip", QStringList() << path << "-d" << extractDir);
+    process.waitForFinished();
+
+    if (process.exitCode() != 0) {
+        qDebug() << "ZIP extraction error:" << process.readAllStandardError();
+        return process.exitCode();
+    }
+    qDebug() << "ZIP archive extracted successfully";
+
+    // Find .dmg file in extracted directory
+    QDirIterator it(extractDir, QStringList() << "*.dmg", QDir::Files, QDirIterator::Subdirectories);
+    if (!it.hasNext()) {
+        qDebug() << "No .dmg file found in the extracted archive";
+        return -1;
+    }
+
+    QString dmgPath = it.next();
+    qDebug() << "Found DMG file:" << dmgPath;
     QString mountPoint = tempDir + "/AmneziaVPN_mount";
 
     // Create mount point
-    QDir dir(mountPoint);
+    dir = QDir(mountPoint);
     if (!dir.exists()) {
         dir.mkpath(".");
     }
 
     // Mount DMG image
     qDebug() << "Mounting DMG image...";
-    process.start("hdiutil", QStringList() << "attach" << path << "-mountpoint" << mountPoint << "-nobrowse");
+    process.start("hdiutil", QStringList() << "attach" << dmgPath << "-mountpoint" << mountPoint << "-nobrowse");
     process.waitForFinished();
 
     if (process.exitCode() != 0) {
@@ -426,13 +484,13 @@ int IpcServer::installApp(const QString &path)
     }
 
     // Look for .app bundle in mounted image
-    QDirIterator it(mountPoint, QStringList() << "*.app", QDir::Dirs);
-    if (!it.hasNext()) {
+    QDirIterator appIt(mountPoint, QStringList() << "*.app", QDir::Dirs);
+    if (!appIt.hasNext()) {
         qDebug() << "No .app bundle found in DMG";
         return -1;
     }
 
-    QString appPath = it.next();
+    QString appPath = appIt.next();
     QString targetPath = "/Applications/" + QFileInfo(appPath).fileName();
 
     // Copy application to /Applications
@@ -448,6 +506,10 @@ int IpcServer::installApp(const QString &path)
     if (process.exitCode() != 0) {
         qDebug() << "Installation error:" << process.readAllStandardError();
     }
+
+    // Clean up
+    QDir(extractDir).removeRecursively();
+
     return process.exitCode();
 
 #elif defined(Q_OS_LINUX) && !defined(Q_OS_ANDROID)

From a73234ec2afbc2bf00f81fad5ac404a44832d3fc Mon Sep 17 00:00:00 2001
From: aiamnezia <ai@amnezia.org>
Date: Wed, 11 Dec 2024 18:11:46 +0400
Subject: [PATCH 17/53] Add some logs

---
 ipc/ipcserver.cpp | 135 ++++++++++++----------------------------------
 1 file changed, 33 insertions(+), 102 deletions(-)

diff --git a/ipc/ipcserver.cpp b/ipc/ipcserver.cpp
index 1d0182b8..f9519a49 100644
--- a/ipc/ipcserver.cpp
+++ b/ipc/ipcserver.cpp
@@ -383,133 +383,67 @@ int IpcServer::mountDmg(const QString &path, bool mount)
 
 int IpcServer::installApp(const QString &path)
 {
-    qDebug() << "Installing app from:" << path;
+    Logger logger("IpcServer");
+    logger.info() << "Installing app from:" << path;
 
 #ifdef Q_OS_WINDOWS
     QProcess process;
-    QString tempDir = QStandardPaths::writableLocation(QStandardPaths::TempLocation);
-    QString extractDir = tempDir + "/amnezia_update";
-
-    // Create extraction directory if it doesn't exist
-    QDir dir(extractDir);
-    if (!dir.exists()) {
-        dir.mkpath(".");
-        qDebug() << "Created extraction directory";
-    }
-
-    // Extract ZIP archive
-    qDebug() << "Extracting ZIP archive...";
+    logger.info() << "Launching installer with elevated privileges...";
     process.start("powershell.exe",
-                  QStringList() << "Expand-Archive"
-                                << "-Path" << path << "-DestinationPath" << extractDir << "-Force");
-    process.waitForFinished();
-
-    if (process.exitCode() != 0) {
-        qDebug() << "ZIP extraction error:" << process.readAllStandardError();
-        return process.exitCode();
-    }
-    qDebug() << "ZIP archive extracted successfully";
-
-    // Find .exe file in extracted directory
-    QDirIterator it(extractDir, QStringList() << "*.exe", QDir::Files, QDirIterator::Subdirectories);
-    if (!it.hasNext()) {
-        qDebug() << "No .exe file found in the extracted archive";
-        return -1;
-    }
-
-    QString installerPath = it.next();
-    qDebug() << "Found installer:" << installerPath;
-
-    // Run installer with elevated privileges
-    qDebug() << "Launching installer with elevated privileges...";
-    process.start("powershell.exe",
-                  QStringList() << "Start-Process" << installerPath << "-Verb"
+                  QStringList() << "Start-Process" << path << "-Verb"
                                 << "RunAs"
                                 << "-Wait");
     process.waitForFinished();
 
     if (process.exitCode() != 0) {
-        qDebug() << "Installation error:" << process.readAllStandardError();
+        logger.error() << "Installation error:" << process.readAllStandardError();
     }
     return process.exitCode();
 
 #elif defined(Q_OS_MACOS)
     QProcess process;
     QString tempDir = QStandardPaths::writableLocation(QStandardPaths::TempLocation);
-    QString extractDir = tempDir + "/amnezia_update";
-
-    // Create extraction directory
-    QDir dir(extractDir);
-    if (!dir.exists()) {
-        dir.mkpath(".");
-        qDebug() << "Created extraction directory";
-    }
-
-    // Extract ZIP archive using unzip command
-    qDebug() << "Extracting ZIP archive...";
-    process.start("unzip", QStringList() << path << "-d" << extractDir);
-    process.waitForFinished();
-
-    if (process.exitCode() != 0) {
-        qDebug() << "ZIP extraction error:" << process.readAllStandardError();
-        return process.exitCode();
-    }
-    qDebug() << "ZIP archive extracted successfully";
-
-    // Find .dmg file in extracted directory
-    QDirIterator it(extractDir, QStringList() << "*.dmg", QDir::Files, QDirIterator::Subdirectories);
-    if (!it.hasNext()) {
-        qDebug() << "No .dmg file found in the extracted archive";
-        return -1;
-    }
-
-    QString dmgPath = it.next();
-    qDebug() << "Found DMG file:" << dmgPath;
     QString mountPoint = tempDir + "/AmneziaVPN_mount";
 
     // Create mount point
-    dir = QDir(mountPoint);
+    QDir dir(mountPoint);
     if (!dir.exists()) {
         dir.mkpath(".");
     }
 
     // Mount DMG image
-    qDebug() << "Mounting DMG image...";
-    process.start("hdiutil", QStringList() << "attach" << dmgPath << "-mountpoint" << mountPoint << "-nobrowse");
+    logger.info() << "Mounting DMG image...";
+    process.start("hdiutil", QStringList() << "attach" << path << "-mountpoint" << mountPoint << "-nobrowse");
     process.waitForFinished();
 
     if (process.exitCode() != 0) {
-        qDebug() << "Failed to mount DMG:" << process.readAllStandardError();
+        logger.error() << "Failed to mount DMG:" << process.readAllStandardError();
         return process.exitCode();
     }
 
     // Look for .app bundle in mounted image
-    QDirIterator appIt(mountPoint, QStringList() << "*.app", QDir::Dirs);
-    if (!appIt.hasNext()) {
-        qDebug() << "No .app bundle found in DMG";
+    QDirIterator it(mountPoint, QStringList() << "*.app", QDir::Dirs);
+    if (!it.hasNext()) {
+        logger.error() << "No .app bundle found in DMG";
         return -1;
     }
 
-    QString appPath = appIt.next();
+    QString appPath = it.next();
     QString targetPath = "/Applications/" + QFileInfo(appPath).fileName();
 
     // Copy application to /Applications
-    qDebug() << "Copying app to Applications folder...";
+    logger.info() << "Copying app to Applications folder...";
     process.start("cp", QStringList() << "-R" << appPath << targetPath);
     process.waitForFinished();
 
     // Unmount DMG
-    qDebug() << "Unmounting DMG...";
+    logger.info() << "Unmounting DMG...";
     process.start("hdiutil", QStringList() << "detach" << mountPoint);
     process.waitForFinished();
 
     if (process.exitCode() != 0) {
-        qDebug() << "Installation error:" << process.readAllStandardError();
+        logger.error() << "Installation error:" << process.readAllStandardError();
     }
-
-    // Clean up
-    QDir(extractDir).removeRecursively();
-
     return process.exitCode();
 
 #elif defined(Q_OS_LINUX) && !defined(Q_OS_ANDROID)
@@ -517,67 +451,64 @@ int IpcServer::installApp(const QString &path)
     QString tempDir = QStandardPaths::writableLocation(QStandardPaths::TempLocation);
     QString extractDir = tempDir + "/amnezia_update";
 
-    qDebug() << "Installing app from:" << path;
-    qDebug() << "Using temp directory:" << extractDir;
+    logger.info() << "Using temp directory:" << extractDir;
 
     // Create extraction directory if it doesn't exist
     QDir dir(extractDir);
     if (!dir.exists()) {
         dir.mkpath(".");
-        qDebug() << "Created extraction directory";
+        logger.info() << "Created extraction directory";
     }
 
     // First, extract the zip archive
-    qDebug() << "Extracting ZIP archive...";
+    logger.info() << "Extracting ZIP archive...";
     process.start("unzip", QStringList() << path << "-d" << extractDir);
     process.waitForFinished();
     if (process.exitCode() != 0) {
-        qDebug() << "ZIP extraction error:" << process.readAllStandardError();
+        logger.error() << "ZIP extraction error:" << process.readAllStandardError();
         return process.exitCode();
     }
-    qDebug() << "ZIP archive extracted successfully";
+    logger.info() << "ZIP archive extracted successfully";
 
     // Look for tar file in extracted files
-    qDebug() << "Looking for TAR file...";
+    logger.info() << "Looking for TAR file...";
     QDirIterator tarIt(extractDir, QStringList() << "*.tar", QDir::Files);
     if (!tarIt.hasNext()) {
-        qDebug() << "TAR file not found in the extracted archive";
+        logger.error() << "TAR file not found in the extracted archive";
         return -1;
     }
 
     // Extract found tar archive
     QString tarPath = tarIt.next();
-    qDebug() << "Found TAR file:" << tarPath;
-    qDebug() << "Extracting TAR archive...";
+    logger.info() << "Found TAR file:" << tarPath;
+    logger.info() << "Extracting TAR archive...";
 
     process.start("tar", QStringList() << "-xf" << tarPath << "-C" << extractDir);
     process.waitForFinished();
     if (process.exitCode() != 0) {
-        qDebug() << "TAR extraction error:" << process.readAllStandardError();
+        logger.error() << "TAR extraction error:" << process.readAllStandardError();
         return process.exitCode();
     }
-    qDebug() << "TAR archive extracted successfully";
+    logger.info() << "TAR archive extracted successfully";
 
     // Remove tar file as it's no longer needed
     QFile::remove(tarPath);
-    qDebug() << "Removed temporary TAR file";
+    logger.info() << "Removed temporary TAR file";
 
     // Find executable file and run it
-    qDebug() << "Looking for executable file...";
+    logger.info() << "Looking for executable file...";
     QDirIterator it(extractDir, QDir::Files | QDir::Executable, QDirIterator::Subdirectories);
     if (it.hasNext()) {
         QString execPath = it.next();
-        qDebug() << "Found executable:" << execPath;
-        qDebug() << "Launching installer...";
+        logger.info() << "Found executable:" << execPath;
+        logger.info() << "Launching installer...";
         process.start("sudo", QStringList() << execPath);
         process.waitForFinished();
-        qDebug() << "Installer stdout:" << process.readAllStandardOutput();
-        qDebug() << "Installer stderr:" << process.readAllStandardError();
-        qDebug() << "Installer finished with exit code:" << process.exitCode();
+        logger.info() << "Installer finished with exit code:" << process.exitCode();
         return process.exitCode();
     }
 
-    qDebug() << "No executable file found";
+    logger.error() << "No executable file found";
     return -1; // Executable not found
 #endif
     return 0;

From bac71ed3e756ab7eb3207bd90f3ec98c496f84a6 Mon Sep 17 00:00:00 2001
From: aiamnezia <ai@amnezia.org>
Date: Wed, 11 Dec 2024 18:34:16 +0400
Subject: [PATCH 18/53] Add logs from installattion shell on Windows

---
 ipc/ipcserver.cpp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ipc/ipcserver.cpp b/ipc/ipcserver.cpp
index f9519a49..55a6e6ab 100644
--- a/ipc/ipcserver.cpp
+++ b/ipc/ipcserver.cpp
@@ -393,6 +393,8 @@ int IpcServer::installApp(const QString &path)
                   QStringList() << "Start-Process" << path << "-Verb"
                                 << "RunAs"
                                 << "-Wait");
+    logger.info() << "Installer stdout:" << process.readAllStandardOutput();
+    logger.info() << "Installer stderr:" << process.readAllStandardError();
     process.waitForFinished();
 
     if (process.exitCode() != 0) {

From 2029c108e56ad18879ede667bfa46ab8ae559d74 Mon Sep 17 00:00:00 2001
From: aiamnezia <ai@amnezia.org>
Date: Thu, 12 Dec 2024 06:54:10 +0400
Subject: [PATCH 19/53] Optimized code

---
 ipc/ipcserver.cpp | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/ipc/ipcserver.cpp b/ipc/ipcserver.cpp
index 55a6e6ab..64d046f3 100644
--- a/ipc/ipcserver.cpp
+++ b/ipc/ipcserver.cpp
@@ -389,13 +389,10 @@ int IpcServer::installApp(const QString &path)
 #ifdef Q_OS_WINDOWS
     QProcess process;
     logger.info() << "Launching installer with elevated privileges...";
-    process.start("powershell.exe",
-                  QStringList() << "Start-Process" << path << "-Verb"
-                                << "RunAs"
-                                << "-Wait");
+    process.start(path);
+    process.waitForFinished();
     logger.info() << "Installer stdout:" << process.readAllStandardOutput();
     logger.info() << "Installer stderr:" << process.readAllStandardError();
-    process.waitForFinished();
 
     if (process.exitCode() != 0) {
         logger.error() << "Installation error:" << process.readAllStandardError();

From 8de7ad6b41ca83f0b350f7f035384493a847c481 Mon Sep 17 00:00:00 2001
From: aiamnezia <ai@amnezia.com>
Date: Thu, 19 Dec 2024 18:10:46 +0400
Subject: [PATCH 20/53] Move installer running to client side for Ubuntu

---
 client/client_scripts/linux_installer.sh   | 44 +++++++++++++
 client/core/scripts_registry.cpp           | 24 +++++++
 client/core/scripts_registry.h             | 70 +++++++++++---------
 client/ui/controllers/updateController.cpp | 75 ++++++++++++++++++++--
 client/ui/controllers/updateController.h   |  8 +++
 5 files changed, 186 insertions(+), 35 deletions(-)
 create mode 100644 client/client_scripts/linux_installer.sh

diff --git a/client/client_scripts/linux_installer.sh b/client/client_scripts/linux_installer.sh
new file mode 100644
index 00000000..82987535
--- /dev/null
+++ b/client/client_scripts/linux_installer.sh
@@ -0,0 +1,44 @@
+#!/bin/bash
+
+EXTRACT_DIR="$1"
+INSTALLER_PATH="$2"
+
+# Create and clean extract directory
+rm -rf "$EXTRACT_DIR"
+mkdir -p "$EXTRACT_DIR"
+
+# Extract ZIP archive
+unzip "$INSTALLER_PATH" -d "$EXTRACT_DIR"
+if [ $? -ne 0 ]; then
+    echo 'Failed to extract ZIP archive'
+    exit 1
+fi
+
+# Find and extract TAR archive
+TAR_FILE=$(find "$EXTRACT_DIR" -name '*.tar' -type f)
+if [ -z "$TAR_FILE" ]; then
+    echo 'TAR file not found'
+    exit 1
+fi
+
+tar -xf "$TAR_FILE" -C "$EXTRACT_DIR"
+if [ $? -ne 0 ]; then
+    echo 'Failed to extract TAR archive'
+    exit 1
+fi
+
+rm -f "$TAR_FILE"
+
+# Find and run installer
+INSTALLER=$(find "$EXTRACT_DIR" -type f -executable)
+if [ -z "$INSTALLER" ]; then
+    echo 'Installer not found'
+    exit 1
+fi
+
+"$INSTALLER"
+EXIT_CODE=$?
+
+# Cleanup
+rm -rf "$EXTRACT_DIR"
+exit $EXIT_CODE 
\ No newline at end of file
diff --git a/client/core/scripts_registry.cpp b/client/core/scripts_registry.cpp
index 95b5df4a..9b02fba9 100644
--- a/client/core/scripts_registry.cpp
+++ b/client/core/scripts_registry.cpp
@@ -54,6 +54,14 @@ QString amnezia::scriptName(ProtocolScriptType type)
     }
 }
 
+QString amnezia::scriptName(ClientScriptType type)
+{
+    switch (type) {
+    case ClientScriptType::linux_installer: return QLatin1String("linux_installer.sh");
+    default: return QString();
+    }
+}
+
 QString amnezia::scriptData(amnezia::SharedScriptType type)
 {
     QString fileName = QString(":/server_scripts/%1").arg(amnezia::scriptName(type));
@@ -81,3 +89,19 @@ QString amnezia::scriptData(amnezia::ProtocolScriptType type, DockerContainer co
     data.replace("\r", "");
     return data;
 }
+
+QString amnezia::scriptData(ClientScriptType type)
+{
+    QString fileName = QString(":/client_scripts/%1").arg(amnezia::scriptName(type));
+    QFile file(fileName);
+    if (!file.open(QIODevice::ReadOnly)) {
+        qDebug() << "Warning: script missing" << fileName;
+        return "";
+    }
+    QByteArray data = file.readAll();
+    if (data.isEmpty()) {
+        qDebug() << "Warning: script is empty" << fileName;
+    }
+    data.replace("\r", "");
+    return data;
+}
diff --git a/client/core/scripts_registry.h b/client/core/scripts_registry.h
index d952dafb..2b4bf087 100644
--- a/client/core/scripts_registry.h
+++ b/client/core/scripts_registry.h
@@ -1,44 +1,52 @@
 #ifndef SCRIPTS_REGISTRY_H
 #define SCRIPTS_REGISTRY_H
 
-#include <QLatin1String>
-#include "core/defs.h"
 #include "containers/containers_defs.h"
+#include "core/defs.h"
+#include <QLatin1String>
 
-namespace amnezia {
+namespace amnezia
+{
 
-enum SharedScriptType {
-    // General scripts
-    prepare_host,
-    install_docker,
-    build_container,
-    remove_container,
-    remove_all_containers,
-    setup_host_firewall,
-    check_connection,
-    check_server_is_busy,
-    check_user_in_sudo
-};
-enum ProtocolScriptType {
-    // Protocol scripts
-    dockerfile,
-    run_container,
-    configure_container,
-    container_startup,
-    openvpn_template,
-    wireguard_template,
-    awg_template,
-    xray_template
-};
+    enum SharedScriptType {
+        // General scripts
+        prepare_host,
+        install_docker,
+        build_container,
+        remove_container,
+        remove_all_containers,
+        setup_host_firewall,
+        check_connection,
+        check_server_is_busy,
+        check_user_in_sudo
+    };
 
+    enum ProtocolScriptType {
+        // Protocol scripts
+        dockerfile,
+        run_container,
+        configure_container,
+        container_startup,
+        openvpn_template,
+        wireguard_template,
+        awg_template,
+        xray_template
+    };
 
-QString scriptFolder(DockerContainer container);
+    enum ClientScriptType {
+        // Client-side scripts
+        linux_installer
+    };
 
-QString scriptName(SharedScriptType type);
-QString scriptName(ProtocolScriptType type);
+    QString scriptFolder(DockerContainer container);
 
-QString scriptData(SharedScriptType type);
-QString scriptData(ProtocolScriptType type, DockerContainer container);
+    QString scriptName(SharedScriptType type);
+    QString scriptName(ProtocolScriptType type);
+    QString scriptName(ClientScriptType type);
+
+    QString scriptData(SharedScriptType type);
+    QString scriptData(ProtocolScriptType type, DockerContainer container);
+    QString scriptData(ClientScriptType type);
 }
 
 #endif // SCRIPTS_REGISTRY_H
diff --git a/client/ui/controllers/updateController.cpp b/client/ui/controllers/updateController.cpp
index 80d04d6a..2888ec2d 100644
--- a/client/ui/controllers/updateController.cpp
+++ b/client/ui/controllers/updateController.cpp
@@ -7,6 +7,7 @@
 
 #include "amnezia_application.h"
 #include "core/errorstrings.h"
+#include "core/scripts_registry.h"
 #include "version.h"
 
 namespace
@@ -121,10 +122,14 @@ void UpdateController::runInstaller()
                 file.write(reply->readAll());
                 file.close();
                 QString t = installerPath;
-                auto ipcReply = IpcClient::Interface()->installApp(t);
-                ipcReply.waitForFinished();
-                int result = ipcReply.returnValue();
 
+#if defined(Q_OS_WINDOWS)
+                runWindowsInstaller(t);
+#elif defined(Q_OS_MACOS)
+                runMacInstaller(t);
+#elif defined(Q_OS_LINUX) && !defined(Q_OS_ANDROID)
+                runLinuxInstaller(t);
+#endif
                 // emit errorOccured("");
             }
         } else {
@@ -140,7 +145,69 @@ void UpdateController::runInstaller()
                 qDebug() << errorString(ErrorCode::ApiConfigDownloadError);
             }
         }
-
         reply->deleteLater();
     });
 }
+
+#if defined(Q_OS_WINDOWS)
+int UpdateController::runWindowsInstaller(const QString &installerPath)
+{
+    qDebug() << "Windows installer path:" << installerPath;
+    // TODO: Implement Windows installation logic
+    return -1;
+}
+#endif
+
+#if defined(Q_OS_MACOS)
+int UpdateController::runMacInstaller(const QString &installerPath)
+{
+    qDebug() << "macOS installer path:" << installerPath;
+    // TODO: Implement macOS installation logic
+    return -1;
+}
+#endif
+
+#if defined(Q_OS_LINUX) && !defined(Q_OS_ANDROID)
+int UpdateController::runLinuxInstaller(const QString &installerPath)
+{
+    // Create temporary directory for extraction
+    QTemporaryDir extractDir;
+    extractDir.setAutoRemove(false);
+    if (!extractDir.isValid()) {
+        qDebug() << "Failed to create temporary directory";
+        return -1;
+    }
+    qDebug() << "Temporary directory created:" << extractDir.path();
+
+    // Create script file in the temporary directory
+    QString scriptPath = extractDir.path() + "/installer.sh";
+    QFile scriptFile(scriptPath);
+    if (!scriptFile.open(QIODevice::WriteOnly)) {
+        qDebug() << "Failed to create script file";
+        return -1;
+    }
+
+    // Get script content from registry
+    QString scriptContent = amnezia::scriptData(amnezia::ClientScriptType::linux_installer);
+    scriptFile.write(scriptContent.toUtf8());
+    scriptFile.close();
+    qDebug() << "Script file created:" << scriptPath;
+
+    // Make script executable
+    QFile::setPermissions(scriptPath, QFile::permissions(scriptPath) | QFile::ExeUser);
+
+    // Start detached process
+    qint64 pid;
+    bool success = QProcess::startDetached(
+            "/bin/bash", QStringList() << scriptPath << extractDir.path() << installerPath, extractDir.path(), &pid);
+
+    if (success) {
+        qDebug() << "Installation process started with PID:" << pid;
+    } else {
+        qDebug() << "Failed to start installation process";
+        return -1;
+    }
+
+    return 0;
+}
+#endif
diff --git a/client/ui/controllers/updateController.h b/client/ui/controllers/updateController.h
index ea5c22fa..85b7c48d 100644
--- a/client/ui/controllers/updateController.h
+++ b/client/ui/controllers/updateController.h
@@ -30,6 +30,14 @@ private:
     QString m_version;
     QString m_releaseDate;
     QString m_downloadUrl;
+
+#if defined(Q_OS_WINDOWS)
+    int runWindowsInstaller(const QString &installerPath);
+#elif defined(Q_OS_MACOS)
+    int runMacInstaller(const QString &installerPath);
+#elif defined(Q_OS_LINUX) && !defined(Q_OS_ANDROID)
+    int runLinuxInstaller(const QString &installerPath);
+#endif
 };
 
 #endif // UPDATECONTROLLER_H

From 11f9c7bc7cb287eef7393b536b74e1371e6e8d8f Mon Sep 17 00:00:00 2001
From: aiamnezia <ai@amnezia.org>
Date: Thu, 19 Dec 2024 19:10:40 +0400
Subject: [PATCH 21/53] Move installer launch logic to client side for Windows

---
 client/ui/controllers/updateController.cpp | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/client/ui/controllers/updateController.cpp b/client/ui/controllers/updateController.cpp
index 2888ec2d..34ad35a9 100644
--- a/client/ui/controllers/updateController.cpp
+++ b/client/ui/controllers/updateController.cpp
@@ -15,7 +15,8 @@ namespace
 #ifdef Q_OS_MACOS
     const QString installerPath = QStandardPaths::writableLocation(QStandardPaths::TempLocation) + "/AmneziaVPN.dmg";
 #elif defined Q_OS_WINDOWS
-    const QString installerPath = QStandardPaths::writableLocation(QStandardPaths::TempLocation) + "/AmneziaVPN.exe";
+    const QString installerPath =
+            QStandardPaths::writableLocation(QStandardPaths::TempLocation) + "/AmneziaVPN_installer.exe";
 #elif defined(Q_OS_LINUX) && !defined(Q_OS_ANDROID)
     const QString installerPath = QStandardPaths::writableLocation(QStandardPaths::TempLocation) + "/AmneziaVPN.tar.zip";
 #endif
@@ -152,9 +153,18 @@ void UpdateController::runInstaller()
 #if defined(Q_OS_WINDOWS)
 int UpdateController::runWindowsInstaller(const QString &installerPath)
 {
-    qDebug() << "Windows installer path:" << installerPath;
-    // TODO: Implement Windows installation logic
-    return -1;
+    // Start the installer process
+    qint64 pid;
+    bool success = QProcess::startDetached(installerPath, QStringList(), QString(), &pid);
+
+    if (success) {
+        qDebug() << "Installation process started with PID:" << pid;
+    } else {
+        qDebug() << "Failed to start installation process";
+        return -1;
+    }
+
+    return 0;
 }
 #endif
 

From fe9be2353689fec5a91b0744f140fb0ff8925481 Mon Sep 17 00:00:00 2001
From: aiamnezia <ai@amnezia.org>
Date: Thu, 19 Dec 2024 19:20:31 +0400
Subject: [PATCH 22/53] Clean service code

---
 ipc/ipc_interface.rep |   1 -
 ipc/ipcserver.cpp     | 135 +-----------------------------------------
 ipc/ipcserver.h       |   1 -
 3 files changed, 1 insertion(+), 136 deletions(-)

diff --git a/ipc/ipc_interface.rep b/ipc/ipc_interface.rep
index 7dad63bd..1647ea19 100644
--- a/ipc/ipc_interface.rep
+++ b/ipc/ipc_interface.rep
@@ -34,6 +34,5 @@ class IpcInterface
     SLOT( bool updateResolvers(const QString& ifname, const QList<QHostAddress>& resolvers) );
 
     SLOT( int mountDmg(const QString &path, bool mount) );
-    SLOT (int installApp(const QString &path));
 };
 
diff --git a/ipc/ipcserver.cpp b/ipc/ipcserver.cpp
index 64d046f3..b73ae407 100644
--- a/ipc/ipcserver.cpp
+++ b/ipc/ipcserver.cpp
@@ -4,7 +4,6 @@
 #include <QFileInfo>
 #include <QLocalSocket>
 #include <QObject>
-#include <QProcess>
 
 #include "logger.h"
 #include "router.h"
@@ -379,136 +378,4 @@ int IpcServer::mountDmg(const QString &path, bool mount)
     return res;
 #endif
     return 0;
-}
-
-int IpcServer::installApp(const QString &path)
-{
-    Logger logger("IpcServer");
-    logger.info() << "Installing app from:" << path;
-
-#ifdef Q_OS_WINDOWS
-    QProcess process;
-    logger.info() << "Launching installer with elevated privileges...";
-    process.start(path);
-    process.waitForFinished();
-    logger.info() << "Installer stdout:" << process.readAllStandardOutput();
-    logger.info() << "Installer stderr:" << process.readAllStandardError();
-
-    if (process.exitCode() != 0) {
-        logger.error() << "Installation error:" << process.readAllStandardError();
-    }
-    return process.exitCode();
-
-#elif defined(Q_OS_MACOS)
-    QProcess process;
-    QString tempDir = QStandardPaths::writableLocation(QStandardPaths::TempLocation);
-    QString mountPoint = tempDir + "/AmneziaVPN_mount";
-
-    // Create mount point
-    QDir dir(mountPoint);
-    if (!dir.exists()) {
-        dir.mkpath(".");
-    }
-
-    // Mount DMG image
-    logger.info() << "Mounting DMG image...";
-    process.start("hdiutil", QStringList() << "attach" << path << "-mountpoint" << mountPoint << "-nobrowse");
-    process.waitForFinished();
-
-    if (process.exitCode() != 0) {
-        logger.error() << "Failed to mount DMG:" << process.readAllStandardError();
-        return process.exitCode();
-    }
-
-    // Look for .app bundle in mounted image
-    QDirIterator it(mountPoint, QStringList() << "*.app", QDir::Dirs);
-    if (!it.hasNext()) {
-        logger.error() << "No .app bundle found in DMG";
-        return -1;
-    }
-
-    QString appPath = it.next();
-    QString targetPath = "/Applications/" + QFileInfo(appPath).fileName();
-
-    // Copy application to /Applications
-    logger.info() << "Copying app to Applications folder...";
-    process.start("cp", QStringList() << "-R" << appPath << targetPath);
-    process.waitForFinished();
-
-    // Unmount DMG
-    logger.info() << "Unmounting DMG...";
-    process.start("hdiutil", QStringList() << "detach" << mountPoint);
-    process.waitForFinished();
-
-    if (process.exitCode() != 0) {
-        logger.error() << "Installation error:" << process.readAllStandardError();
-    }
-    return process.exitCode();
-
-#elif defined(Q_OS_LINUX) && !defined(Q_OS_ANDROID)
-    QProcess process;
-    QString tempDir = QStandardPaths::writableLocation(QStandardPaths::TempLocation);
-    QString extractDir = tempDir + "/amnezia_update";
-
-    logger.info() << "Using temp directory:" << extractDir;
-
-    // Create extraction directory if it doesn't exist
-    QDir dir(extractDir);
-    if (!dir.exists()) {
-        dir.mkpath(".");
-        logger.info() << "Created extraction directory";
-    }
-
-    // First, extract the zip archive
-    logger.info() << "Extracting ZIP archive...";
-    process.start("unzip", QStringList() << path << "-d" << extractDir);
-    process.waitForFinished();
-    if (process.exitCode() != 0) {
-        logger.error() << "ZIP extraction error:" << process.readAllStandardError();
-        return process.exitCode();
-    }
-    logger.info() << "ZIP archive extracted successfully";
-
-    // Look for tar file in extracted files
-    logger.info() << "Looking for TAR file...";
-    QDirIterator tarIt(extractDir, QStringList() << "*.tar", QDir::Files);
-    if (!tarIt.hasNext()) {
-        logger.error() << "TAR file not found in the extracted archive";
-        return -1;
-    }
-
-    // Extract found tar archive
-    QString tarPath = tarIt.next();
-    logger.info() << "Found TAR file:" << tarPath;
-    logger.info() << "Extracting TAR archive...";
-
-    process.start("tar", QStringList() << "-xf" << tarPath << "-C" << extractDir);
-    process.waitForFinished();
-    if (process.exitCode() != 0) {
-        logger.error() << "TAR extraction error:" << process.readAllStandardError();
-        return process.exitCode();
-    }
-    logger.info() << "TAR archive extracted successfully";
-
-    // Remove tar file as it's no longer needed
-    QFile::remove(tarPath);
-    logger.info() << "Removed temporary TAR file";
-
-    // Find executable file and run it
-    logger.info() << "Looking for executable file...";
-    QDirIterator it(extractDir, QDir::Files | QDir::Executable, QDirIterator::Subdirectories);
-    if (it.hasNext()) {
-        QString execPath = it.next();
-        logger.info() << "Found executable:" << execPath;
-        logger.info() << "Launching installer...";
-        process.start("sudo", QStringList() << execPath);
-        process.waitForFinished();
-        logger.info() << "Installer finished with exit code:" << process.exitCode();
-        return process.exitCode();
-    }
-
-    logger.error() << "No executable file found";
-    return -1; // Executable not found
-#endif
-    return 0;
-}
+}
\ No newline at end of file
diff --git a/ipc/ipcserver.h b/ipc/ipcserver.h
index c3aaaf4e..0f0153aa 100644
--- a/ipc/ipcserver.h
+++ b/ipc/ipcserver.h
@@ -39,7 +39,6 @@ public:
     virtual bool disableKillSwitch() override;
     virtual bool updateResolvers(const QString &ifname, const QList<QHostAddress> &resolvers) override;
     virtual int mountDmg(const QString &path, bool mount) override;
-    virtual int installApp(const QString &path) override;
 
 private:
     int m_localpid = 0;

From 44376847e2c0d5f0969d5365598f8a07ff38b8bd Mon Sep 17 00:00:00 2001
From: aiamnezia <ai@amnezia.com>
Date: Tue, 24 Dec 2024 17:07:55 +0400
Subject: [PATCH 23/53] Add linux_install script to resources

---
 client/resources.qrc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/client/resources.qrc b/client/resources.qrc
index 5447fe71..ae015b9f 100644
--- a/client/resources.qrc
+++ b/client/resources.qrc
@@ -3,6 +3,7 @@
         <file>images/tray/active.png</file>
         <file>images/tray/default.png</file>
         <file>images/tray/error.png</file>
+        <file>client_scripts/linux_installer.sh</file>
         <file>images/AmneziaVPN.png</file>
         <file>server_scripts/remove_container.sh</file>
         <file>server_scripts/setup_host_firewall.sh</file>

From 89df1df886efce66f54fe8bca666dd64d8af43f1 Mon Sep 17 00:00:00 2001
From: aiamnezia <ai@amnezia.com>
Date: Tue, 24 Dec 2024 18:53:35 +0400
Subject: [PATCH 24/53] Add logs for UpdateController

---
 client/ui/controllers/updateController.cpp | 92 ++++++++++++++--------
 client/ui/controllers/updateController.h   |  1 -
 2 files changed, 57 insertions(+), 36 deletions(-)

diff --git a/client/ui/controllers/updateController.cpp b/client/ui/controllers/updateController.cpp
index 34ad35a9..7eb5c63f 100644
--- a/client/ui/controllers/updateController.cpp
+++ b/client/ui/controllers/updateController.cpp
@@ -8,10 +8,13 @@
 #include "amnezia_application.h"
 #include "core/errorstrings.h"
 #include "core/scripts_registry.h"
+#include "logger.h"
 #include "version.h"
 
 namespace
 {
+    Logger logger("UpdateController");
+
 #ifdef Q_OS_MACOS
     const QString installerPath = QStandardPaths::writableLocation(QStandardPaths::TempLocation) + "/AmneziaVPN.dmg";
 #elif defined Q_OS_WINDOWS
@@ -53,7 +56,6 @@ void UpdateController::checkForUpdates()
             m_version = data.value("tag_name").toString();
 
             auto currentVersion = QVersionNumber::fromString(QString(APP_VERSION));
-            qDebug() << currentVersion;
             auto newVersion = QVersionNumber::fromString(m_version);
             if (newVersion > currentVersion) {
                 m_changelogText = data.value("body").toString();
@@ -86,30 +88,40 @@ void UpdateController::checkForUpdates()
         } else {
             if (reply->error() == QNetworkReply::NetworkError::OperationCanceledError
                 || reply->error() == QNetworkReply::NetworkError::TimeoutError) {
-                qDebug() << errorString(ErrorCode::ApiConfigTimeoutError);
+                logger.error() << errorString(ErrorCode::ApiConfigTimeoutError);
             } else {
                 QString err = reply->errorString();
-                qDebug() << QString::fromUtf8(reply->readAll());
-                qDebug() << reply->error();
-                qDebug() << err;
-                qDebug() << reply->attribute(QNetworkRequest::HttpStatusCodeAttribute);
-                qDebug() << errorString(ErrorCode::ApiConfigDownloadError);
+                logger.error() << QString::fromUtf8(reply->readAll());
+                logger.error() << "Network error code:" << QString::number(static_cast<int>(reply->error()));
+                logger.error() << "Error message:" << err;
+                logger.error() << "HTTP status:" << reply->attribute(QNetworkRequest::HttpStatusCodeAttribute).toInt();
+                logger.error() << errorString(ErrorCode::ApiConfigDownloadError);
             }
         }
 
         reply->deleteLater();
     });
 
-    QObject::connect(reply, &QNetworkReply::errorOccurred,
-                     [this, reply](QNetworkReply::NetworkError error) { qDebug() << reply->errorString() << error; });
+    QObject::connect(reply, &QNetworkReply::errorOccurred, [this, reply](QNetworkReply::NetworkError error) {
+        logger.error() << "Network error occurred:" << reply->errorString() << error;
+    });
     connect(reply, &QNetworkReply::sslErrors, [this, reply](const QList<QSslError> &errors) {
-        qDebug().noquote() << errors;
-        qDebug() << errorString(ErrorCode::ApiConfigSslError);
+        QStringList errorStrings;
+        for (const QSslError &error : errors) {
+            errorStrings << error.errorString();
+        }
+        logger.error() << "SSL errors:" << errorStrings;
+        logger.error() << errorString(ErrorCode::ApiConfigSslError);
     });
 }
 
 void UpdateController::runInstaller()
 {
+    if (m_downloadUrl.isEmpty()) {
+        logger.error() << "Download URL is empty";
+        return;
+    }
+
     QNetworkRequest request;
     request.setTransferTimeout(7000);
     request.setUrl(m_downloadUrl);
@@ -119,31 +131,42 @@ void UpdateController::runInstaller()
     QObject::connect(reply, &QNetworkReply::finished, [this, reply]() {
         if (reply->error() == QNetworkReply::NoError) {
             QFile file(installerPath);
-            if (file.open(QIODevice::WriteOnly)) {
-                file.write(reply->readAll());
+            if (!file.open(QIODevice::WriteOnly)) {
+                logger.error() << "Failed to open installer file for writing:" << installerPath
+                               << "Error:" << file.errorString();
+                reply->deleteLater();
+                return;
+            }
+
+            if (file.write(reply->readAll()) == -1) {
+                logger.error() << "Failed to write installer data to file:" << installerPath
+                               << "Error:" << file.errorString();
                 file.close();
-                QString t = installerPath;
+                reply->deleteLater();
+                return;
+            }
+
+            file.close();
+            QString t = installerPath;
 
 #if defined(Q_OS_WINDOWS)
-                runWindowsInstaller(t);
+            runWindowsInstaller(t);
 #elif defined(Q_OS_MACOS)
-                runMacInstaller(t);
+            runMacInstaller(t);
 #elif defined(Q_OS_LINUX) && !defined(Q_OS_ANDROID)
-                runLinuxInstaller(t);
+            runLinuxInstaller(t);
 #endif
-                // emit errorOccured("");
-            }
         } else {
             if (reply->error() == QNetworkReply::NetworkError::OperationCanceledError
                 || reply->error() == QNetworkReply::NetworkError::TimeoutError) {
-                qDebug() << errorString(ErrorCode::ApiConfigTimeoutError);
+                logger.error() << errorString(ErrorCode::ApiConfigTimeoutError);
             } else {
                 QString err = reply->errorString();
-                qDebug() << QString::fromUtf8(reply->readAll());
-                qDebug() << reply->error();
-                qDebug() << err;
-                qDebug() << reply->attribute(QNetworkRequest::HttpStatusCodeAttribute);
-                qDebug() << errorString(ErrorCode::ApiConfigDownloadError);
+                logger.error() << QString::fromUtf8(reply->readAll());
+                logger.error() << "Network error code:" << QString::number(static_cast<int>(reply->error()));
+                logger.error() << "Error message:" << err;
+                logger.error() << "HTTP status:" << reply->attribute(QNetworkRequest::HttpStatusCodeAttribute).toInt();
+                logger.error() << errorString(ErrorCode::ApiConfigDownloadError);
             }
         }
         reply->deleteLater();
@@ -153,14 +176,13 @@ void UpdateController::runInstaller()
 #if defined(Q_OS_WINDOWS)
 int UpdateController::runWindowsInstaller(const QString &installerPath)
 {
-    // Start the installer process
     qint64 pid;
     bool success = QProcess::startDetached(installerPath, QStringList(), QString(), &pid);
 
     if (success) {
-        qDebug() << "Installation process started with PID:" << pid;
+        logger.info() << "Installation process started with PID:" << pid;
     } else {
-        qDebug() << "Failed to start installation process";
+        logger.error() << "Failed to start installation process";
         return -1;
     }
 
@@ -171,7 +193,7 @@ int UpdateController::runWindowsInstaller(const QString &installerPath)
 #if defined(Q_OS_MACOS)
 int UpdateController::runMacInstaller(const QString &installerPath)
 {
-    qDebug() << "macOS installer path:" << installerPath;
+    logger.info() << "macOS installer path:" << installerPath;
     // TODO: Implement macOS installation logic
     return -1;
 }
@@ -184,16 +206,16 @@ int UpdateController::runLinuxInstaller(const QString &installerPath)
     QTemporaryDir extractDir;
     extractDir.setAutoRemove(false);
     if (!extractDir.isValid()) {
-        qDebug() << "Failed to create temporary directory";
+        logger.error() << "Failed to create temporary directory";
         return -1;
     }
-    qDebug() << "Temporary directory created:" << extractDir.path();
+    logger.info() << "Temporary directory created:" << extractDir.path();
 
     // Create script file in the temporary directory
     QString scriptPath = extractDir.path() + "/installer.sh";
     QFile scriptFile(scriptPath);
     if (!scriptFile.open(QIODevice::WriteOnly)) {
-        qDebug() << "Failed to create script file";
+        logger.error() << "Failed to create script file";
         return -1;
     }
 
@@ -201,7 +223,7 @@ int UpdateController::runLinuxInstaller(const QString &installerPath)
     QString scriptContent = amnezia::scriptData(amnezia::ClientScriptType::linux_installer);
     scriptFile.write(scriptContent.toUtf8());
     scriptFile.close();
-    qDebug() << "Script file created:" << scriptPath;
+    logger.info() << "Script file created:" << scriptPath;
 
     // Make script executable
     QFile::setPermissions(scriptPath, QFile::permissions(scriptPath) | QFile::ExeUser);
@@ -212,9 +234,9 @@ int UpdateController::runLinuxInstaller(const QString &installerPath)
             "/bin/bash", QStringList() << scriptPath << extractDir.path() << installerPath, extractDir.path(), &pid);
 
     if (success) {
-        qDebug() << "Installation process started with PID:" << pid;
+        logger.info() << "Installation process started with PID:" << pid;
     } else {
-        qDebug() << "Failed to start installation process";
+        logger.error() << "Failed to start installation process";
         return -1;
     }
 
diff --git a/client/ui/controllers/updateController.h b/client/ui/controllers/updateController.h
index 85b7c48d..1f667c04 100644
--- a/client/ui/controllers/updateController.h
+++ b/client/ui/controllers/updateController.h
@@ -21,7 +21,6 @@ public slots:
     void runInstaller();
 signals:
     void updateFound();
-    void errorOccured(const QString &errorMessage);
 
 private:
     std::shared_ptr<Settings> m_settings;

From 5d334e365cc9af2d9c226cab9b079a0e9a046f50 Mon Sep 17 00:00:00 2001
From: aiamnezia <ai@amnezia.com>
Date: Tue, 24 Dec 2024 19:33:26 +0400
Subject: [PATCH 25/53] Add draft for MacOS installation

---
 client/client_scripts/mac_installer.sh     | 36 ++++++++++++++++
 client/core/scripts_registry.cpp           |  1 +
 client/core/scripts_registry.h             |  3 +-
 client/resources.qrc                       |  1 +
 client/ui/controllers/updateController.cpp | 48 ++++++++++++++++++++--
 5 files changed, 85 insertions(+), 4 deletions(-)
 create mode 100644 client/client_scripts/mac_installer.sh

diff --git a/client/client_scripts/mac_installer.sh b/client/client_scripts/mac_installer.sh
new file mode 100644
index 00000000..a572be8e
--- /dev/null
+++ b/client/client_scripts/mac_installer.sh
@@ -0,0 +1,36 @@
+#!/bin/bash
+
+EXTRACT_DIR="$1"
+INSTALLER_PATH="$2"
+
+# Create and clean extract directory
+rm -rf "$EXTRACT_DIR"
+mkdir -p "$EXTRACT_DIR"
+
+# Mount the DMG
+hdiutil attach "$INSTALLER_PATH" -mountpoint "$EXTRACT_DIR/mounted_dmg" -nobrowse -quiet
+if [ $? -ne 0 ]; then
+    echo "Failed to mount DMG"
+    exit 1
+fi
+
+# Copy the app to /Applications
+cp -R "$EXTRACT_DIR/mounted_dmg/AmneziaVPN.app" /Applications/
+if [ $? -ne 0 ]; then
+    echo "Failed to copy AmneziaVPN.app to /Applications"
+    hdiutil detach "$EXTRACT_DIR/mounted_dmg" -quiet
+    exit 1
+fi
+
+# Unmount the DMG
+hdiutil detach "$EXTRACT_DIR/mounted_dmg" -quiet
+if [ $? -ne 0 ]; then
+    echo "Failed to unmount DMG"
+    exit 1
+fi
+
+# Optional: Remove the DMG file
+rm "$INSTALLER_PATH"
+
+echo "Installation completed successfully"
+exit 0 
\ No newline at end of file
diff --git a/client/core/scripts_registry.cpp b/client/core/scripts_registry.cpp
index 9b02fba9..d2b17cb9 100644
--- a/client/core/scripts_registry.cpp
+++ b/client/core/scripts_registry.cpp
@@ -58,6 +58,7 @@ QString amnezia::scriptName(ClientScriptType type)
 {
     switch (type) {
     case ClientScriptType::linux_installer: return QLatin1String("linux_installer.sh");
+    case ClientScriptType::mac_installer: return QLatin1String("mac_installer.sh");
     default: return QString();
     }
 }
diff --git a/client/core/scripts_registry.h b/client/core/scripts_registry.h
index 2b4bf087..87fddbb5 100644
--- a/client/core/scripts_registry.h
+++ b/client/core/scripts_registry.h
@@ -35,7 +35,8 @@ namespace amnezia
 
     enum ClientScriptType {
         // Client-side scripts
-        linux_installer
+        linux_installer,
+        mac_installer
     };
 
     QString scriptFolder(DockerContainer container);
diff --git a/client/resources.qrc b/client/resources.qrc
index ae015b9f..4b6689e5 100644
--- a/client/resources.qrc
+++ b/client/resources.qrc
@@ -4,6 +4,7 @@
         <file>images/tray/default.png</file>
         <file>images/tray/error.png</file>
         <file>client_scripts/linux_installer.sh</file>
+        <file>client_scripts/mac_installer.sh</file>
         <file>images/AmneziaVPN.png</file>
         <file>server_scripts/remove_container.sh</file>
         <file>server_scripts/setup_host_firewall.sh</file>
diff --git a/client/ui/controllers/updateController.cpp b/client/ui/controllers/updateController.cpp
index 7eb5c63f..e62ee02f 100644
--- a/client/ui/controllers/updateController.cpp
+++ b/client/ui/controllers/updateController.cpp
@@ -193,9 +193,51 @@ int UpdateController::runWindowsInstaller(const QString &installerPath)
 #if defined(Q_OS_MACOS)
 int UpdateController::runMacInstaller(const QString &installerPath)
 {
-    logger.info() << "macOS installer path:" << installerPath;
-    // TODO: Implement macOS installation logic
-    return -1;
+    // Create temporary directory for extraction
+    QTemporaryDir extractDir;
+    extractDir.setAutoRemove(false);
+    if (!extractDir.isValid()) {
+        logger.error() << "Failed to create temporary directory";
+        return -1;
+    }
+    logger.info() << "Temporary directory created:" << extractDir.path();
+
+    // Create script file in the temporary directory
+    QString scriptPath = extractDir.path() + "/mac_installer.sh";
+    QFile scriptFile(scriptPath);
+    if (!scriptFile.open(QIODevice::WriteOnly)) {
+        logger.error() << "Failed to create script file";
+        return -1;
+    }
+
+    // Get script content from registry
+    QString scriptContent = amnezia::scriptData(amnezia::ClientScriptType::mac_installer);
+    if (scriptContent.isEmpty()) {
+        logger.error() << "macOS installer script content is empty";
+        scriptFile.close();
+        return -1;
+    }
+
+    scriptFile.write(scriptContent.toUtf8());
+    scriptFile.close();
+    logger.info() << "Script file created:" << scriptPath;
+
+    // Make script executable
+    QFile::setPermissions(scriptPath, QFile::permissions(scriptPath) | QFile::ExeUser);
+
+    // Start detached process
+    qint64 pid;
+    bool success = QProcess::startDetached(
+            "/bin/bash", QStringList() << scriptPath << extractDir.path() << installerPath, extractDir.path(), &pid);
+
+    if (success) {
+        logger.info() << "Installation process started with PID:" << pid;
+    } else {
+        logger.error() << "Failed to start installation process";
+        return -1;
+    }
+
+    return 0;
 }
 #endif
 

From eb6c40f92a1428e134b7b07961c39721ad73cd5d Mon Sep 17 00:00:00 2001
From: aiamnezia <ai@amnezia.org>
Date: Wed, 25 Dec 2024 18:17:00 +0400
Subject: [PATCH 26/53] Disable updates checking for Android and iOS

---
 client/amnezia_application.cpp | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/client/amnezia_application.cpp b/client/amnezia_application.cpp
index 3c78717c..71d84066 100644
--- a/client/amnezia_application.cpp
+++ b/client/amnezia_application.cpp
@@ -463,9 +463,12 @@ void AmneziaApplication::initControllers()
 
     m_updateController.reset(new UpdateController(m_settings));
     m_engine->rootContext()->setContextProperty("UpdateController", m_updateController.get());
-    m_updateController->checkForUpdates();
 
+#if !defined(Q_OS_ANDROID) && !defined(Q_OS_IOS)
     connect(m_updateController.get(), &UpdateController::updateFound, this, [this]() {
         QTimer::singleShot(1000, this, [this]() { m_pageController->showChangelogDrawer(); });
     });
+
+    m_updateController->checkForUpdates();
+#endif
 }

From 44082462b715d7a22af5003d4eabc5afe1df1046 Mon Sep 17 00:00:00 2001
From: "vladimir.kuznetsov" <nethiuswork@gmail.com>
Date: Thu, 2 Jan 2025 13:40:55 +0700
Subject: [PATCH 27/53] chore: fixed macos update script

---
 client/client_scripts/mac_installer.sh       | 36 +++++++++++++++-----
 client/ui/controllers/updateController.cpp   |  7 ++--
 client/ui/qml/Components/ChangelogDrawer.qml | 24 +++----------
 ipc/ipc_interface.rep                        |  2 --
 ipc/ipcserver.cpp                            | 11 ------
 ipc/ipcserver.h                              |  1 -
 6 files changed, 35 insertions(+), 46 deletions(-)

diff --git a/client/client_scripts/mac_installer.sh b/client/client_scripts/mac_installer.sh
index a572be8e..186f1502 100644
--- a/client/client_scripts/mac_installer.sh
+++ b/client/client_scripts/mac_installer.sh
@@ -8,22 +8,42 @@ rm -rf "$EXTRACT_DIR"
 mkdir -p "$EXTRACT_DIR"
 
 # Mount the DMG
-hdiutil attach "$INSTALLER_PATH" -mountpoint "$EXTRACT_DIR/mounted_dmg" -nobrowse -quiet
+MOUNT_POINT="$EXTRACT_DIR/mounted_dmg"
+hdiutil attach "$INSTALLER_PATH" -mountpoint "$MOUNT_POINT"
 if [ $? -ne 0 ]; then
     echo "Failed to mount DMG"
     exit 1
 fi
 
-# Copy the app to /Applications
-cp -R "$EXTRACT_DIR/mounted_dmg/AmneziaVPN.app" /Applications/
-if [ $? -ne 0 ]; then
-    echo "Failed to copy AmneziaVPN.app to /Applications"
-    hdiutil detach "$EXTRACT_DIR/mounted_dmg" -quiet
+# Check if the application exists in the mounted DMG
+if [ ! -d "$MOUNT_POINT/AmneziaVPN.app" ]; then
+    echo "Error: AmneziaVPN.app not found in the mounted DMG."
+    hdiutil detach "$MOUNT_POINT" #-quiet
     exit 1
 fi
 
+# Run the application
+echo "Running AmneziaVPN.app from the mounted DMG..."
+open "$MOUNT_POINT/AmneziaVPN.app"
+
+# Get the PID of the app launched from the DMG
+APP_PATH="$MOUNT_POINT/AmneziaVPN.app"
+PID=$(pgrep -f "$APP_PATH")
+
+if [ -z "$PID" ]; then
+    echo "Failed to retrieve PID for AmneziaVPN.app"
+    hdiutil detach "$MOUNT_POINT"
+    exit 1
+fi
+
+# Wait for the specific PID to exit
+echo "Waiting for AmneziaVPN.app to exit..."
+while kill -0 "$PID" 2>/dev/null; do
+    sleep 1
+done
+
 # Unmount the DMG
-hdiutil detach "$EXTRACT_DIR/mounted_dmg" -quiet
+hdiutil detach "$EXTRACT_DIR/mounted_dmg"
 if [ $? -ne 0 ]; then
     echo "Failed to unmount DMG"
     exit 1
@@ -33,4 +53,4 @@ fi
 rm "$INSTALLER_PATH"
 
 echo "Installation completed successfully"
-exit 0 
\ No newline at end of file
+exit 0 
diff --git a/client/ui/controllers/updateController.cpp b/client/ui/controllers/updateController.cpp
index e62ee02f..41b19bc1 100644
--- a/client/ui/controllers/updateController.cpp
+++ b/client/ui/controllers/updateController.cpp
@@ -147,14 +147,13 @@ void UpdateController::runInstaller()
             }
 
             file.close();
-            QString t = installerPath;
 
 #if defined(Q_OS_WINDOWS)
-            runWindowsInstaller(t);
+            runWindowsInstaller(installerPath);
 #elif defined(Q_OS_MACOS)
-            runMacInstaller(t);
+            runMacInstaller(installerPath);
 #elif defined(Q_OS_LINUX) && !defined(Q_OS_ANDROID)
-            runLinuxInstaller(t);
+            runLinuxInstaller(installerPath);
 #endif
         } else {
             if (reply->error() == QNetworkReply::NetworkError::OperationCanceledError
diff --git a/client/ui/qml/Components/ChangelogDrawer.qml b/client/ui/qml/Components/ChangelogDrawer.qml
index c2eae80e..0a919287 100644
--- a/client/ui/qml/Components/ChangelogDrawer.qml
+++ b/client/ui/qml/Components/ChangelogDrawer.qml
@@ -16,14 +16,6 @@ DrawerType2 {
     expandedContent: Item {
         implicitHeight: root.expandedHeight
 
-        Connections {
-            target: root
-            enabled: !GC.isMobile()
-            function onOpened() {
-                focusItem.forceActiveFocus()
-            }
-        }
-
         Header2TextType {
             id: header
             anchors.top: parent.top
@@ -32,6 +24,7 @@ DrawerType2 {
             anchors.topMargin: 16
             anchors.rightMargin: 16
             anchors.leftMargin: 16
+            anchors.bottomMargin: 16
 
             text: UpdateController.headerText
         }
@@ -46,9 +39,10 @@ DrawerType2 {
                 anchors.top: parent.top
                 anchors.left: parent.left
                 anchors.right: parent.right
-                anchors.topMargin: 48
+                anchors.topMargin: 16
                 anchors.rightMargin: 16
                 anchors.leftMargin: 16
+                anchors.bottomMargin: 16
 
                 HoverHandler {
                     enabled: parent.hoveredLink
@@ -64,17 +58,11 @@ DrawerType2 {
             }
         }
 
-        Item {
-            id: focusItem
-            KeyNavigation.tab: updateButton
-        }
-
         BasicButtonType {
             id: updateButton
             anchors.bottom: skipButton.top
             anchors.left: parent.left
             anchors.right: parent.right
-            anchors.topMargin: 16
             anchors.bottomMargin: 8
             anchors.rightMargin: 16
             anchors.leftMargin: 16
@@ -87,8 +75,6 @@ DrawerType2 {
                 PageController.showBusyIndicator(false)
                 root.close()
             }
-
-            KeyNavigation.tab: skipButton
         }
 
         BasicButtonType {
@@ -107,13 +93,11 @@ DrawerType2 {
             textColor: "#D7D8DB"
             borderWidth: 1
 
-            text: qsTr("Skip this version")
+            text: qsTr("Skip")
 
             clickedFunc: function() {
                 root.close()
             }
-
-            KeyNavigation.tab: focusItem
         }
     }
 }
diff --git a/ipc/ipc_interface.rep b/ipc/ipc_interface.rep
index 1647ea19..c0f031fe 100644
--- a/ipc/ipc_interface.rep
+++ b/ipc/ipc_interface.rep
@@ -32,7 +32,5 @@ class IpcInterface
     SLOT( bool enablePeerTraffic( const QJsonObject &configStr) );
     SLOT( bool enableKillSwitch( const QJsonObject &excludeAddr, int vpnAdapterIndex) );
     SLOT( bool updateResolvers(const QString& ifname, const QList<QHostAddress>& resolvers) );
-
-    SLOT( int mountDmg(const QString &path, bool mount) );
 };
 
diff --git a/ipc/ipcserver.cpp b/ipc/ipcserver.cpp
index b73ae407..648fe540 100644
--- a/ipc/ipcserver.cpp
+++ b/ipc/ipcserver.cpp
@@ -368,14 +368,3 @@ bool IpcServer::enablePeerTraffic(const QJsonObject &configStr)
 #endif
     return true;
 }
-
-int IpcServer::mountDmg(const QString &path, bool mount)
-{
-#ifdef Q_OS_MACOS
-    qDebug() << path;
-    auto res = QProcess::execute(QString("sudo hdiutil %1 %2").arg(mount ? "attach" : "unmount", path));
-    qDebug() << res;
-    return res;
-#endif
-    return 0;
-}
\ No newline at end of file
diff --git a/ipc/ipcserver.h b/ipc/ipcserver.h
index 0f0153aa..f66dae90 100644
--- a/ipc/ipcserver.h
+++ b/ipc/ipcserver.h
@@ -38,7 +38,6 @@ public:
     virtual bool enableKillSwitch(const QJsonObject &excludeAddr, int vpnAdapterIndex) override;
     virtual bool disableKillSwitch() override;
     virtual bool updateResolvers(const QString &ifname, const QList<QHostAddress> &resolvers) override;
-    virtual int mountDmg(const QString &path, bool mount) override;
 
 private:
     int m_localpid = 0;

From cda9b5d496eac7b2f78c122c7df558897a47ff4d Mon Sep 17 00:00:00 2001
From: "vladimir.kuznetsov" <nethiuswork@gmail.com>
Date: Thu, 2 Jan 2025 13:56:11 +0700
Subject: [PATCH 28/53] chore: remove duplicate lines

---
 client/resources.qrc | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/client/resources.qrc b/client/resources.qrc
index f057fda9..06fb6329 100644
--- a/client/resources.qrc
+++ b/client/resources.qrc
@@ -60,9 +60,6 @@
         <file>images/tray/error.png</file>
         <file>client_scripts/linux_installer.sh</file>
         <file>client_scripts/mac_installer.sh</file>
-        <file>images/AmneziaVPN.png</file>
-        <file>server_scripts/remove_container.sh</file>
-        <file>server_scripts/setup_host_firewall.sh</file>
         <file>server_scripts/openvpn_cloak/Dockerfile</file>
         <file>server_scripts/awg/configure_container.sh</file>
         <file>server_scripts/awg/Dockerfile</file>
@@ -177,12 +174,10 @@
         <file>ui/qml/Controls2/VerticalRadioButton.qml</file>
         <file>ui/qml/Controls2/WarningType.qml</file>
         <file>ui/qml/Components/ChangelogDrawer.qml</file>
-        <file>fonts/pt-root-ui_vf.ttf</file>
         <file>ui/qml/Modules/Style/qmldir</file>
         <file>ui/qml/Filters/ContainersModelFilters.qml</file>
         <file>ui/qml/main2.qml</file>
         <file>ui/qml/Modules/Style/AmneziaStyle.qml</file>
-        <file>ui/qml/Modules/Style/qmldir</file>
         <file>ui/qml/Pages2/PageDeinstalling.qml</file>
         <file>ui/qml/Pages2/PageDevMenu.qml</file>
         <file>ui/qml/Pages2/PageHome.qml</file>

From 694b7896e5d0f8a02386d9788aa0af9aaaac215e Mon Sep 17 00:00:00 2001
From: "vladimir.kuznetsov" <nethiuswork@gmail.com>
Date: Thu, 2 Jan 2025 14:05:25 +0700
Subject: [PATCH 29/53] chore: post merge fixes

---
 client/ui/qml/Components/ChangelogDrawer.qml | 6 +++---
 client/ui/qml/Controls2/PageType.qml         | 1 -
 client/ui/qml/main2.qml                      | 2 +-
 3 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/client/ui/qml/Components/ChangelogDrawer.qml b/client/ui/qml/Components/ChangelogDrawer.qml
index 0a919287..1bb767be 100644
--- a/client/ui/qml/Components/ChangelogDrawer.qml
+++ b/client/ui/qml/Components/ChangelogDrawer.qml
@@ -13,7 +13,7 @@ DrawerType2 {
     anchors.fill: parent
     expandedHeight: parent.height * 0.9
 
-    expandedContent: Item {
+    expandedStateContent: Item {
         implicitHeight: root.expandedHeight
 
         Header2TextType {
@@ -73,7 +73,7 @@ DrawerType2 {
                 PageController.showBusyIndicator(true)
                 UpdateController.runInstaller()
                 PageController.showBusyIndicator(false)
-                root.close()
+                root.closeTriggered()
             }
         }
 
@@ -96,7 +96,7 @@ DrawerType2 {
             text: qsTr("Skip")
 
             clickedFunc: function() {
-                root.close()
+                root.closeTriggered()
             }
         }
     }
diff --git a/client/ui/qml/Controls2/PageType.qml b/client/ui/qml/Controls2/PageType.qml
index c2ed5197..d7f3317f 100644
--- a/client/ui/qml/Controls2/PageType.qml
+++ b/client/ui/qml/Controls2/PageType.qml
@@ -20,7 +20,6 @@ Item {
         id: timer
         interval: 200 // Milliseconds
         onTriggered: {
-            console.debug(">>> PageType timer triggered")
             FocusController.resetRootObject()
             FocusController.setFocusOnDefaultItem()
         }
diff --git a/client/ui/qml/main2.qml b/client/ui/qml/main2.qml
index a2b64d32..c57bbd0a 100644
--- a/client/ui/qml/main2.qml
+++ b/client/ui/qml/main2.qml
@@ -98,7 +98,7 @@ Window  {
         }
 
         function onShowChangelogDrawer() {
-            changelogDrawer.open()
+            changelogDrawer.openTriggered()
         }
     }
 

From 574773fa7c2e947e927b5f182a0810c9d521a9f1 Mon Sep 17 00:00:00 2001
From: "vladimir.kuznetsov" <nethiuswork@gmail.com>
Date: Thu, 9 Jan 2025 15:06:25 +0700
Subject: [PATCH 30/53] chore: add missing ifdef

---
 client/ui/controllers/updateController.cpp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/client/ui/controllers/updateController.cpp b/client/ui/controllers/updateController.cpp
index 41b19bc1..770ca75c 100644
--- a/client/ui/controllers/updateController.cpp
+++ b/client/ui/controllers/updateController.cpp
@@ -117,6 +117,7 @@ void UpdateController::checkForUpdates()
 
 void UpdateController::runInstaller()
 {
+#if !defined(Q_OS_ANDROID) && !defined(Q_OS_IOS)
     if (m_downloadUrl.isEmpty()) {
         logger.error() << "Download URL is empty";
         return;
@@ -170,6 +171,7 @@ void UpdateController::runInstaller()
         }
         reply->deleteLater();
     });
+#endif
 }
 
 #if defined(Q_OS_WINDOWS)

From 49990f012244444cbea0d2d0bd9520723f3a3b2f Mon Sep 17 00:00:00 2001
From: aiamnezia <ai@amnezia.org>
Date: Fri, 10 Jan 2025 09:42:35 +0400
Subject: [PATCH 31/53] decrease version for testing

---
 CMakeLists.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 98f3be14..b1ed9839 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -2,7 +2,7 @@ cmake_minimum_required(VERSION 3.25.0 FATAL_ERROR)
 
 set(PROJECT AmneziaVPN)
 
-project(${PROJECT} VERSION 4.8.3.0
+project(${PROJECT} VERSION 4.8.2.0
         DESCRIPTION "AmneziaVPN"
         HOMEPAGE_URL "https://amnezia.org/"
 )

From 449a8070c1eeb232af16fd0f2edd02ae4ba7785b Mon Sep 17 00:00:00 2001
From: "vladimir.kuznetsov" <nethiuswork@gmail.com>
Date: Wed, 5 Mar 2025 13:14:07 +0700
Subject: [PATCH 32/53] chore: added changelog text processing depend on OS

---
 client/core/controllers/coreController.cpp | 14 +++++
 client/core/controllers/coreController.h   |  3 ++
 client/ui/controllers/updateController.cpp | 61 +++++++++++++++-------
 ipc/ipcserver.cpp                          | 21 ++------
 ipc/ipcserver.h                            | 12 ++---
 5 files changed, 68 insertions(+), 43 deletions(-)

diff --git a/client/core/controllers/coreController.cpp b/client/core/controllers/coreController.cpp
index 82232c99..b58113e5 100644
--- a/client/core/controllers/coreController.cpp
+++ b/client/core/controllers/coreController.cpp
@@ -141,6 +141,9 @@ void CoreController::initControllers()
 
     m_apiConfigsController.reset(new ApiConfigsController(m_serversModel, m_apiServicesModel, m_settings));
     m_engine->rootContext()->setContextProperty("ApiConfigsController", m_apiConfigsController.get());
+
+    m_updateController.reset(new UpdateController(m_settings));
+    m_engine->rootContext()->setContextProperty("UpdateController", m_updateController.get());
 }
 
 void CoreController::initAndroidController()
@@ -213,6 +216,7 @@ void CoreController::initSignalHandlers()
     initAutoConnectHandler();
     initAmneziaDnsToggledHandler();
     initPrepareConfigHandler();
+    initUpdateFoundHandler();
 }
 
 void CoreController::initNotificationHandler()
@@ -339,6 +343,16 @@ void CoreController::initPrepareConfigHandler()
     });
 }
 
+void CoreController::initUpdateFoundHandler()
+{
+#if !defined(Q_OS_ANDROID) && !defined(Q_OS_IOS)
+    connect(m_updateController.get(), &UpdateController::updateFound, this,
+            [this]() { QTimer::singleShot(1000, this, [this]() { m_pageController->showChangelogDrawer(); }); });
+
+    m_updateController->checkForUpdates();
+#endif
+}
+
 QSharedPointer<PageController> CoreController::pageController() const
 {
     return m_pageController;
diff --git a/client/core/controllers/coreController.h b/client/core/controllers/coreController.h
index 700504af..769c5e77 100644
--- a/client/core/controllers/coreController.h
+++ b/client/core/controllers/coreController.h
@@ -17,6 +17,7 @@
 #include "ui/controllers/settingsController.h"
 #include "ui/controllers/sitesController.h"
 #include "ui/controllers/systemController.h"
+#include "ui/controllers/updateController.h"
 
 #include "ui/models/containers_model.h"
 #include "ui/models/languageModel.h"
@@ -80,6 +81,7 @@ private:
     void initAutoConnectHandler();
     void initAmneziaDnsToggledHandler();
     void initPrepareConfigHandler();
+    void initUpdateFoundHandler();
 
     QQmlApplicationEngine *m_engine {}; // TODO use parent child system here?
     std::shared_ptr<Settings> m_settings;
@@ -102,6 +104,7 @@ private:
     QScopedPointer<SitesController> m_sitesController;
     QScopedPointer<SystemController> m_systemController;
     QScopedPointer<AppSplitTunnelingController> m_appSplitTunnelingController;
+    QScopedPointer<UpdateController> m_updateController;
 
     QScopedPointer<ApiSettingsController> m_apiSettingsController;
     QScopedPointer<ApiConfigsController> m_apiConfigsController;
diff --git a/client/ui/controllers/updateController.cpp b/client/ui/controllers/updateController.cpp
index 770ca75c..b7c5cdd5 100644
--- a/client/ui/controllers/updateController.cpp
+++ b/client/ui/controllers/updateController.cpp
@@ -18,15 +18,13 @@ namespace
 #ifdef Q_OS_MACOS
     const QString installerPath = QStandardPaths::writableLocation(QStandardPaths::TempLocation) + "/AmneziaVPN.dmg";
 #elif defined Q_OS_WINDOWS
-    const QString installerPath =
-            QStandardPaths::writableLocation(QStandardPaths::TempLocation) + "/AmneziaVPN_installer.exe";
+    const QString installerPath = QStandardPaths::writableLocation(QStandardPaths::TempLocation) + "/AmneziaVPN_installer.exe";
 #elif defined(Q_OS_LINUX) && !defined(Q_OS_ANDROID)
     const QString installerPath = QStandardPaths::writableLocation(QStandardPaths::TempLocation) + "/AmneziaVPN.tar.zip";
 #endif
 }
 
-UpdateController::UpdateController(const std::shared_ptr<Settings> &settings, QObject *parent)
-    : QObject(parent), m_settings(settings)
+UpdateController::UpdateController(const std::shared_ptr<Settings> &settings, QObject *parent) : QObject(parent), m_settings(settings)
 {
 }
 
@@ -37,7 +35,34 @@ QString UpdateController::getHeaderText()
 
 QString UpdateController::getChangelogText()
 {
-    return m_changelogText;
+    QStringList lines = m_changelogText.split("\n");
+    QStringList filteredChangeLogText;
+    bool add = false;
+    QString osSection;
+
+#ifdef Q_OS_WINDOWS
+    osSection = "### Windows";
+#elif defined(Q_OS_MACOS)
+    osSection = "### macOS";
+#elif defined(Q_OS_LINUX) && !defined(Q_OS_ANDROID)
+    osSection = "### Linux";
+#endif
+
+    for (const QString &line : lines) {
+        if (line.startsWith("### General")) {
+            add = true;
+        } else if (line.startsWith("### ") && line != osSection) {
+            add = false;
+        } else if (line == osSection) {
+            add = true;
+        }
+
+        if (add) {
+            filteredChangeLogText.append(line);
+        }
+    }
+
+    return filteredChangeLogText.join("\n");
 }
 
 void UpdateController::checkForUpdates()
@@ -47,7 +72,7 @@ void UpdateController::checkForUpdates()
     QString endpoint = "https://api.github.com/repos/amnezia-vpn/amnezia-client/releases/latest";
     request.setUrl(endpoint);
 
-    QNetworkReply *reply = amnApp->manager()->get(request);
+    QNetworkReply *reply = amnApp->networkManager()->get(request);
 
     QObject::connect(reply, &QNetworkReply::finished, [this, reply]() {
         if (reply->error() == QNetworkReply::NoError) {
@@ -127,21 +152,19 @@ void UpdateController::runInstaller()
     request.setTransferTimeout(7000);
     request.setUrl(m_downloadUrl);
 
-    QNetworkReply *reply = amnApp->manager()->get(request);
+    QNetworkReply *reply = amnApp->networkManager()->get(request);
 
     QObject::connect(reply, &QNetworkReply::finished, [this, reply]() {
         if (reply->error() == QNetworkReply::NoError) {
             QFile file(installerPath);
             if (!file.open(QIODevice::WriteOnly)) {
-                logger.error() << "Failed to open installer file for writing:" << installerPath
-                               << "Error:" << file.errorString();
+                logger.error() << "Failed to open installer file for writing:" << installerPath << "Error:" << file.errorString();
                 reply->deleteLater();
                 return;
             }
 
             if (file.write(reply->readAll()) == -1) {
-                logger.error() << "Failed to write installer data to file:" << installerPath
-                               << "Error:" << file.errorString();
+                logger.error() << "Failed to write installer data to file:" << installerPath << "Error:" << file.errorString();
                 file.close();
                 reply->deleteLater();
                 return;
@@ -149,13 +172,13 @@ void UpdateController::runInstaller()
 
             file.close();
 
-#if defined(Q_OS_WINDOWS)
+    #if defined(Q_OS_WINDOWS)
             runWindowsInstaller(installerPath);
-#elif defined(Q_OS_MACOS)
+    #elif defined(Q_OS_MACOS)
             runMacInstaller(installerPath);
-#elif defined(Q_OS_LINUX) && !defined(Q_OS_ANDROID)
+    #elif defined(Q_OS_LINUX) && !defined(Q_OS_ANDROID)
             runLinuxInstaller(installerPath);
-#endif
+    #endif
         } else {
             if (reply->error() == QNetworkReply::NetworkError::OperationCanceledError
                 || reply->error() == QNetworkReply::NetworkError::TimeoutError) {
@@ -228,8 +251,8 @@ int UpdateController::runMacInstaller(const QString &installerPath)
 
     // Start detached process
     qint64 pid;
-    bool success = QProcess::startDetached(
-            "/bin/bash", QStringList() << scriptPath << extractDir.path() << installerPath, extractDir.path(), &pid);
+    bool success =
+            QProcess::startDetached("/bin/bash", QStringList() << scriptPath << extractDir.path() << installerPath, extractDir.path(), &pid);
 
     if (success) {
         logger.info() << "Installation process started with PID:" << pid;
@@ -273,8 +296,8 @@ int UpdateController::runLinuxInstaller(const QString &installerPath)
 
     // Start detached process
     qint64 pid;
-    bool success = QProcess::startDetached(
-            "/bin/bash", QStringList() << scriptPath << extractDir.path() << installerPath, extractDir.path(), &pid);
+    bool success =
+            QProcess::startDetached("/bin/bash", QStringList() << scriptPath << extractDir.path() << installerPath, extractDir.path(), &pid);
 
     if (success) {
         logger.info() << "Installation process started with PID:" << pid;
diff --git a/ipc/ipcserver.cpp b/ipc/ipcserver.cpp
index 0d6be471..17f34499 100644
--- a/ipc/ipcserver.cpp
+++ b/ipc/ipcserver.cpp
@@ -8,8 +8,8 @@
 #include "logger.h"
 #include "router.h"
 
-#include "../client/protocols/protocols_defs.h"
 #include "../core/networkUtilities.h"
+#include "../client/protocols/protocols_defs.h"
 #ifdef Q_OS_WIN
     #include "../client/platforms/windows/daemon/windowsdaemon.h"
     #include "../client/platforms/windows/daemon/windowsfirewall.h"
@@ -55,23 +55,10 @@ int IpcServer::createPrivilegedProcess()
         }
     });
 
-    QObject::connect(pd.serverNode.data(), &QRemoteObjectHost::error, this, [pd](QRemoteObjectNode::ErrorCode errorCode) {
-        qDebug() << "QRemoteObjectHost::error" << errorCode;
-    });
+    QObject::connect(pd.serverNode.data(), &QRemoteObjectHost::error, this,
+                     [pd](QRemoteObjectNode::ErrorCode errorCode) { qDebug() << "QRemoteObjectHost::error" << errorCode; });
 
-    QObject::connect(pd.serverNode.data(), &QRemoteObjectHost::destroyed, this,
-                     [pd]() { qDebug() << "QRemoteObjectHost::destroyed"; });
-
-    //    connect(pd.ipcProcess.data(), &IpcServerProcess::finished, this, [this, pid=m_localpid](int exitCode,
-    //    QProcess::ExitStatus exitStatus){
-    //        qDebug() << "IpcServerProcess finished" << exitCode << exitStatus;
-    ////        if (m_processes.contains(pid)) {
-    ////            m_processes[pid].ipcProcess.reset();
-    ////            m_processes[pid].serverNode.reset();
-    ////            m_processes[pid].localServer.reset();
-    ////            m_processes.remove(pid);
-    ////        }
-    //    });
+    QObject::connect(pd.serverNode.data(), &QRemoteObjectHost::destroyed, this, [pd]() { qDebug() << "QRemoteObjectHost::destroyed"; });
 
     m_processes.insert(m_localpid, pd);
 
diff --git a/ipc/ipcserver.h b/ipc/ipcserver.h
index f66dae90..9810046b 100644
--- a/ipc/ipcserver.h
+++ b/ipc/ipcserver.h
@@ -1,11 +1,11 @@
 #ifndef IPCSERVER_H
 #define IPCSERVER_H
 
-#include "../client/daemon/interfaceconfig.h"
-#include <QJsonObject>
 #include <QLocalServer>
 #include <QObject>
 #include <QRemoteObjectNode>
+#include <QJsonObject>
+#include "../client/daemon/interfaceconfig.h"
 
 #include "ipc.h"
 #include "ipcserverprocess.h"
@@ -37,15 +37,13 @@ public:
     virtual bool enablePeerTraffic(const QJsonObject &configStr) override;
     virtual bool enableKillSwitch(const QJsonObject &excludeAddr, int vpnAdapterIndex) override;
     virtual bool disableKillSwitch() override;
-    virtual bool updateResolvers(const QString &ifname, const QList<QHostAddress> &resolvers) override;
+    virtual bool updateResolvers(const QString& ifname, const QList<QHostAddress>& resolvers) override;
 
 private:
     int m_localpid = 0;
 
-    struct ProcessDescriptor
-    {
-        ProcessDescriptor(QObject *parent = nullptr)
-        {
+    struct ProcessDescriptor {
+        ProcessDescriptor (QObject *parent = nullptr) {
             serverNode = QSharedPointer<QRemoteObjectHost>(new QRemoteObjectHost(parent));
             ipcProcess = QSharedPointer<IpcServerProcess>(new IpcServerProcess(parent));
             tun2socksProcess = QSharedPointer<IpcProcessTun2Socks>(new IpcProcessTun2Socks(parent));

From cb6a2c9195524e76ce8ff40b86500523b898fc8e Mon Sep 17 00:00:00 2001
From: aiamnezia <ai@amnezia.org>
Date: Thu, 22 May 2025 14:05:44 +0400
Subject: [PATCH 33/53] add .vscode to .gitignore

---
 .gitignore | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitignore b/.gitignore
index 5b90fd55..48f50891 100644
--- a/.gitignore
+++ b/.gitignore
@@ -9,6 +9,7 @@ deploy/build_32/*
 deploy/build_64/*
 winbuild*.bat
 .cache/
+.vscode/
 
 
 # Qt-es

From 68708114d5332a16f82474853443b96790f282e7 Mon Sep 17 00:00:00 2001
From: aiamnezia <ai@amnezia.org>
Date: Thu, 22 May 2025 16:50:16 +0400
Subject: [PATCH 34/53] Change updater downloading method to retrieving link
 from the gateway

---
 client/ui/controllers/updateController.cpp | 140 +++++++++++++--------
 1 file changed, 88 insertions(+), 52 deletions(-)

diff --git a/client/ui/controllers/updateController.cpp b/client/ui/controllers/updateController.cpp
index b7c5cdd5..b1705ec7 100644
--- a/client/ui/controllers/updateController.cpp
+++ b/client/ui/controllers/updateController.cpp
@@ -4,12 +4,14 @@
 #include <QNetworkReply>
 #include <QVersionNumber>
 #include <QtConcurrent>
+#include <QUrl>
 
 #include "amnezia_application.h"
 #include "core/errorstrings.h"
 #include "core/scripts_registry.h"
 #include "logger.h"
 #include "version.h"
+#include "core/controllers/gatewayController.h"
 
 namespace
 {
@@ -67,76 +69,110 @@ QString UpdateController::getChangelogText()
 
 void UpdateController::checkForUpdates()
 {
-    QNetworkRequest request;
-    request.setTransferTimeout(7000);
-    QString endpoint = "https://api.github.com/repos/amnezia-vpn/amnezia-client/releases/latest";
-    request.setUrl(endpoint);
+    qDebug() << "checkForUpdates";
+    GatewayController gatewayController(m_settings->getGatewayEndpoint(),
+                                        m_settings->isDevGatewayEnv(),
+                                        7000,
+                                        m_settings->isStrictKillSwitchEnabled());
 
-    QNetworkReply *reply = amnApp->networkManager()->get(request);
-
-    QObject::connect(reply, &QNetworkReply::finished, [this, reply]() {
-        if (reply->error() == QNetworkReply::NoError) {
-            QString contents = QString::fromUtf8(reply->readAll());
-            QJsonObject data = QJsonDocument::fromJson(contents.toUtf8()).object();
-            m_version = data.value("tag_name").toString();
+    QByteArray gatewayResponse;
+    auto err = gatewayController.get(QStringLiteral("%1v1/updater_endpoint"), gatewayResponse);
+    if (err != ErrorCode::NoError) {
+        logger.error() << errorString(err);
+        return;
+    }
+    QJsonObject gatewayData = QJsonDocument::fromJson(gatewayResponse).object();
+    qDebug() << "gatewayData:" << gatewayData;
+    QString baseUrl = gatewayData.value("url").toString();
+    if (baseUrl.endsWith('/')) {
+        baseUrl.chop(1);
+    }
 
+    // Fetch version file
+    QNetworkRequest versionReq;
+    versionReq.setTransferTimeout(7000);
+    versionReq.setUrl(QUrl(baseUrl + "/VERSION"));
+    QNetworkReply* versionReply = amnApp->networkManager()->get(versionReq);
+    // Handle network and SSL errors for VERSION fetch
+    QObject::connect(versionReply, &QNetworkReply::errorOccurred, [this, versionReply](QNetworkReply::NetworkError error) {
+        logger.error() << "Network error occurred while fetching VERSION:" << versionReply->errorString() << error;
+    });
+    QObject::connect(versionReply, &QNetworkReply::sslErrors, [this, versionReply](const QList<QSslError> &errors) {
+        QStringList errorStrings;
+        for (const QSslError &err : errors) errorStrings << err.errorString();
+        logger.error() << "SSL errors while fetching VERSION:" << errorStrings;
+    });
+    QObject::connect(versionReply, &QNetworkReply::finished, [this, versionReply, baseUrl]() {
+        if (versionReply->error() == QNetworkReply::NoError) {
+            QByteArray versionData = versionReply->readAll();
+            qDebug() << "versionReply data:" << QString::fromUtf8(versionData);
+            m_version = QString::fromUtf8(versionData).trimmed();
             auto currentVersion = QVersionNumber::fromString(QString(APP_VERSION));
             auto newVersion = QVersionNumber::fromString(m_version);
             if (newVersion > currentVersion) {
-                m_changelogText = data.value("body").toString();
-
-                QString dateString = data.value("published_at").toString();
-                QDateTime dateTime = QDateTime::fromString(dateString, "yyyy-MM-ddTHH:mm:ssZ");
-                m_releaseDate = dateTime.toString("MMM dd yyyy");
-
-                QJsonArray assets = data.value("assets").toArray();
-
-                for (auto asset : assets) {
-                    QJsonObject assetObject = asset.toObject();
-#ifdef Q_OS_WINDOWS
-                    if (assetObject.value("name").toString().endsWith(".exe")) {
-                        m_downloadUrl = assetObject.value("browser_download_url").toString();
+                // Fetch changelog file
+                QNetworkRequest changelogReq;
+                changelogReq.setTransferTimeout(7000);
+                changelogReq.setUrl(QUrl(baseUrl + "/CHANGELOG"));
+                QNetworkReply* changelogReply = amnApp->networkManager()->get(changelogReq);
+                // Handle network and SSL errors for CHANGELOG fetch
+                QObject::connect(changelogReply, &QNetworkReply::errorOccurred, [this, changelogReply](QNetworkReply::NetworkError error) {
+                    logger.error() << "Network error occurred while fetching CHANGELOG:" << changelogReply->errorString() << error;
+                });
+                QObject::connect(changelogReply, &QNetworkReply::sslErrors, [this, changelogReply](const QList<QSslError> &errors) {
+                    QStringList errorStrings;
+                    for (const QSslError &err : errors) errorStrings << err.errorString();
+                    logger.error() << "SSL errors while fetching CHANGELOG:" << errorStrings;
+                });
+                QObject::connect(changelogReply, &QNetworkReply::finished, [this, changelogReply, baseUrl]() {
+                    if (changelogReply->error() == QNetworkReply::NoError) {
+                        m_changelogText = QString::fromUtf8(changelogReply->readAll());
+                    } else {
+                        if (changelogReply->error() == QNetworkReply::NetworkError::OperationCanceledError
+                            || changelogReply->error() == QNetworkReply::NetworkError::TimeoutError) {
+                            logger.error() << errorString(ErrorCode::ApiConfigTimeoutError);
+                        } else {
+                            QString err = changelogReply->errorString();
+                            logger.error() << QString::fromUtf8(changelogReply->readAll());
+                            logger.error() << "Network error code:" << QString::number(static_cast<int>(changelogReply->error()));
+                            logger.error() << "Error message:" << err;
+                            logger.error() << "HTTP status:" << changelogReply->attribute(QNetworkRequest::HttpStatusCodeAttribute).toInt();
+                            logger.error() << errorString(ErrorCode::ApiConfigDownloadError);
+                        }
+                        m_changelogText = tr("Failed to load changelog text");
                     }
+                    changelogReply->deleteLater();
+                    m_releaseDate = QStringLiteral("TBD");
+
+                    QString fileName;
+#if defined(Q_OS_WINDOWS)
+                    fileName = QString("AmneziaVPN_%1_x64.exe").arg(m_version);
 #elif defined(Q_OS_MACOS)
-                    if (assetObject.value("name").toString().endsWith(".dmg")) {
-                        m_downloadUrl = assetObject.value("browser_download_url").toString();
-                    }
+                    fileName = QString("AmneziaVPN_%1_macos.dmg").arg(m_version);
 #elif defined(Q_OS_LINUX) && !defined(Q_OS_ANDROID)
-                    if (assetObject.value("name").toString().contains(".tar.zip")) {
-                        m_downloadUrl = assetObject.value("browser_download_url").toString();
-                    }
+                    fileName = QString("AmneziaVPN_%1_linux.tar.zip").arg(m_version);
 #endif
-                }
+                    m_downloadUrl = baseUrl + "/" + fileName;
+                    qDebug() << "m_downloadUrl:" << m_downloadUrl;
 
-                emit updateFound();
+                    emit updateFound();
+                });
             }
         } else {
-            if (reply->error() == QNetworkReply::NetworkError::OperationCanceledError
-                || reply->error() == QNetworkReply::NetworkError::TimeoutError) {
+            // Detailed error logging for VERSION fetch
+            if (versionReply->error() == QNetworkReply::NetworkError::OperationCanceledError
+                || versionReply->error() == QNetworkReply::NetworkError::TimeoutError) {
                 logger.error() << errorString(ErrorCode::ApiConfigTimeoutError);
             } else {
-                QString err = reply->errorString();
-                logger.error() << QString::fromUtf8(reply->readAll());
-                logger.error() << "Network error code:" << QString::number(static_cast<int>(reply->error()));
+                QString err = versionReply->errorString();
+                logger.error() << QString::fromUtf8(versionReply->readAll());
+                logger.error() << "Network error code:" << QString::number(static_cast<int>(versionReply->error()));
                 logger.error() << "Error message:" << err;
-                logger.error() << "HTTP status:" << reply->attribute(QNetworkRequest::HttpStatusCodeAttribute).toInt();
+                logger.error() << "HTTP status:" << versionReply->attribute(QNetworkRequest::HttpStatusCodeAttribute).toInt();
                 logger.error() << errorString(ErrorCode::ApiConfigDownloadError);
             }
         }
-
-        reply->deleteLater();
-    });
-
-    QObject::connect(reply, &QNetworkReply::errorOccurred, [this, reply](QNetworkReply::NetworkError error) {
-        logger.error() << "Network error occurred:" << reply->errorString() << error;
-    });
-    connect(reply, &QNetworkReply::sslErrors, [this, reply](const QList<QSslError> &errors) {
-        QStringList errorStrings;
-        for (const QSslError &error : errors) {
-            errorStrings << error.errorString();
-        }
-        logger.error() << "SSL errors:" << errorStrings;
-        logger.error() << errorString(ErrorCode::ApiConfigSslError);
+        versionReply->deleteLater();
     });
 }
 

From 7023b270292ec90d561862f91419f2b479967c25 Mon Sep 17 00:00:00 2001
From: aiamnezia <ai@amnezia.org>
Date: Sat, 24 May 2025 13:38:00 +0400
Subject: [PATCH 35/53] add Release date file creation to s3 deploy script

---
 deploy/deploy_s3.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/deploy/deploy_s3.sh b/deploy/deploy_s3.sh
index c109a286..862cf9fc 100755
--- a/deploy/deploy_s3.sh
+++ b/deploy/deploy_s3.sh
@@ -12,7 +12,8 @@ mkdir -p dist
 
 cd dist
 
-echo $VERSION >> VERSION
+echo $VERSION > VERSION
+curl -s https://api.github.com/repos/amnezia-vpn/amnezia-client/releases/tags/$VERSION | jq -r .published_at > RELEASE_DATE
 curl -s https://api.github.com/repos/amnezia-vpn/amnezia-client/releases/tags/$VERSION | jq -r .body | tr -d '\r' > CHANGELOG
 
 if [[ $(cat CHANGELOG) = null ]]; then

From 943e76043af2bf19217ebbcf2c0a4d15268c6861 Mon Sep 17 00:00:00 2001
From: aiamnezia <ai@amnezia.org>
Date: Sat, 24 May 2025 16:54:58 +0400
Subject: [PATCH 36/53] Add release date downloading from endpoint

---
 client/ui/controllers/updateController.cpp | 51 ++++++++++++++++++----
 1 file changed, 43 insertions(+), 8 deletions(-)

diff --git a/client/ui/controllers/updateController.cpp b/client/ui/controllers/updateController.cpp
index b1705ec7..bef1a7ac 100644
--- a/client/ui/controllers/updateController.cpp
+++ b/client/ui/controllers/updateController.cpp
@@ -142,20 +142,55 @@ void UpdateController::checkForUpdates()
                         m_changelogText = tr("Failed to load changelog text");
                     }
                     changelogReply->deleteLater();
-                    m_releaseDate = QStringLiteral("TBD");
 
-                    QString fileName;
+                    QNetworkRequest dateReq;
+                    dateReq.setTransferTimeout(7000);
+                    dateReq.setUrl(QUrl(baseUrl + "/RELEASE_DATE"));
+                    QNetworkReply* dateReply = amnApp->networkManager()->get(dateReq);
+
+                    QObject::connect(dateReply, &QNetworkReply::errorOccurred, [this, dateReply](QNetworkReply::NetworkError error) {
+                        logger.error() << "Network error occurred while fetching RELEASE_DATE:" << dateReply->errorString() << error;
+                    });
+                    QObject::connect(dateReply, &QNetworkReply::sslErrors, [this, dateReply](const QList<QSslError> &errors) {
+                        QStringList errorStrings;
+                        for (const QSslError &err : errors) errorStrings << err.errorString();
+                        logger.error() << "SSL errors while fetching RELEASE_DATE:" << errorStrings;
+                    });
+
+                    QObject::connect(dateReply, &QNetworkReply::finished, [this, dateReply, baseUrl]() {
+                        if (dateReply->error() == QNetworkReply::NoError) {
+                            m_releaseDate = QString::fromUtf8(dateReply->readAll()).trimmed();
+                        } else {
+                            // Detailed error logging for RELEASE_DATE fetch
+                            if (dateReply->error() == QNetworkReply::NetworkError::OperationCanceledError
+                                || dateReply->error() == QNetworkReply::NetworkError::TimeoutError) {
+                                logger.error() << errorString(ErrorCode::ApiConfigTimeoutError);
+                            } else {
+                                QString err = dateReply->errorString();
+                                logger.error() << QString::fromUtf8(dateReply->readAll());
+                                logger.error() << "Network error code:" << QString::number(static_cast<int>(dateReply->error()));
+                                logger.error() << "Error message:" << err;
+                                logger.error() << "HTTP status:" << dateReply->attribute(QNetworkRequest::HttpStatusCodeAttribute).toInt();
+                                logger.error() << errorString(ErrorCode::ApiConfigDownloadError);
+                            }
+                            m_releaseDate = QStringLiteral("Failed to load release date");
+                        }
+                        dateReply->deleteLater();
+
+                        // Compose installer link and notify
+                        QString fileName;
 #if defined(Q_OS_WINDOWS)
-                    fileName = QString("AmneziaVPN_%1_x64.exe").arg(m_version);
+                        fileName = QString("AmneziaVPN_%1_x64.exe").arg(m_version);
 #elif defined(Q_OS_MACOS)
-                    fileName = QString("AmneziaVPN_%1_macos.dmg").arg(m_version);
+                        fileName = QString("AmneziaVPN_%1_macos.dmg").arg(m_version);
 #elif defined(Q_OS_LINUX) && !defined(Q_OS_ANDROID)
-                    fileName = QString("AmneziaVPN_%1_linux.tar.zip").arg(m_version);
+                        fileName = QString("AmneziaVPN_%1_linux.tar.zip").arg(m_version);
 #endif
-                    m_downloadUrl = baseUrl + "/" + fileName;
-                    qDebug() << "m_downloadUrl:" << m_downloadUrl;
+                        m_downloadUrl = baseUrl + "/" + fileName;
+                        qDebug() << "m_downloadUrl:" << m_downloadUrl;
 
-                    emit updateFound();
+                        emit updateFound();
+                    });
                 });
             }
         } else {

From 6e06b86cb28de3af6d42a5633aa4d76c25a8bb40 Mon Sep 17 00:00:00 2001
From: aiamnezia <ai@amnezia.org>
Date: Tue, 17 Jun 2025 00:02:52 +0400
Subject: [PATCH 37/53] update check refactoring

---
 client/ui/controllers/updateController.cpp | 239 +++++++++++----------
 client/ui/controllers/updateController.h   |  12 ++
 2 files changed, 133 insertions(+), 118 deletions(-)

diff --git a/client/ui/controllers/updateController.cpp b/client/ui/controllers/updateController.cpp
index bef1a7ac..c98d7ccc 100644
--- a/client/ui/controllers/updateController.cpp
+++ b/client/ui/controllers/updateController.cpp
@@ -5,6 +5,9 @@
 #include <QVersionNumber>
 #include <QtConcurrent>
 #include <QUrl>
+#include <QEventLoop>
+#include <QJsonDocument>
+#include <QJsonObject>
 
 #include "amnezia_application.h"
 #include "core/errorstrings.h"
@@ -70,6 +73,18 @@ QString UpdateController::getChangelogText()
 void UpdateController::checkForUpdates()
 {
     qDebug() << "checkForUpdates";
+    if (!fetchGatewayUrl()) return;
+    if (!fetchVersionInfo()) return;
+    if (!isNewVersionAvailable()) return;
+    if (!fetchChangelog()) return;
+    if (!fetchReleaseDate()) return;
+
+    m_downloadUrl = composeDownloadUrl();
+    emit updateFound();
+}
+
+bool UpdateController::fetchGatewayUrl()
+{
     GatewayController gatewayController(m_settings->getGatewayEndpoint(),
                                         m_settings->isDevGatewayEnv(),
                                         7000,
@@ -79,138 +94,103 @@ void UpdateController::checkForUpdates()
     auto err = gatewayController.get(QStringLiteral("%1v1/updater_endpoint"), gatewayResponse);
     if (err != ErrorCode::NoError) {
         logger.error() << errorString(err);
-        return;
+        return false;
     }
+    
     QJsonObject gatewayData = QJsonDocument::fromJson(gatewayResponse).object();
     qDebug() << "gatewayData:" << gatewayData;
+    
     QString baseUrl = gatewayData.value("url").toString();
     if (baseUrl.endsWith('/')) {
         baseUrl.chop(1);
     }
+    
+    m_baseUrl = baseUrl;
+    return true;
+}
 
-    // Fetch version file
-    QNetworkRequest versionReq;
-    versionReq.setTransferTimeout(7000);
-    versionReq.setUrl(QUrl(baseUrl + "/VERSION"));
-    QNetworkReply* versionReply = amnApp->networkManager()->get(versionReq);
-    // Handle network and SSL errors for VERSION fetch
-    QObject::connect(versionReply, &QNetworkReply::errorOccurred, [this, versionReply](QNetworkReply::NetworkError error) {
-        logger.error() << "Network error occurred while fetching VERSION:" << versionReply->errorString() << error;
+bool UpdateController::fetchVersionInfo()
+{
+    QByteArray data;
+    if (!doSyncGet("/VERSION", data)) {
+        return false;
+    }
+    m_version = QString::fromUtf8(data).trimmed();
+    return true;
+}
+
+bool UpdateController::isNewVersionAvailable()
+{
+    auto currentVersion = QVersionNumber::fromString(QString(APP_VERSION));
+    auto newVersion = QVersionNumber::fromString(m_version);
+    return newVersion > currentVersion;
+}
+
+bool UpdateController::fetchChangelog()
+{
+    QByteArray data;
+    if (!doSyncGet("/CHANGELOG", data)) {
+        m_changelogText = tr("Failed to load changelog text");
+    } else {
+        m_changelogText = QString::fromUtf8(data);
+    }
+    return true;
+}
+
+bool UpdateController::fetchReleaseDate()
+{
+    QByteArray data;
+    if (!doSyncGet("/RELEASE_DATE", data)) {
+        m_releaseDate = QStringLiteral("Failed to load release date");
+    } else {
+        m_releaseDate = QString::fromUtf8(data).trimmed();
+    }
+    return true;
+}
+
+void UpdateController::setupNetworkErrorHandling(QNetworkReply* reply, const QString& operation)
+{
+    QObject::connect(reply, &QNetworkReply::errorOccurred, [this, reply, operation](QNetworkReply::NetworkError error) {
+        logger.error() << QString("Network error occurred while fetching %1: %2 %3")
+                          .arg(operation, reply->errorString(), QString::number(error));
     });
-    QObject::connect(versionReply, &QNetworkReply::sslErrors, [this, versionReply](const QList<QSslError> &errors) {
+    
+    QObject::connect(reply, &QNetworkReply::sslErrors, [this, reply, operation](const QList<QSslError> &errors) {
         QStringList errorStrings;
-        for (const QSslError &err : errors) errorStrings << err.errorString();
-        logger.error() << "SSL errors while fetching VERSION:" << errorStrings;
-    });
-    QObject::connect(versionReply, &QNetworkReply::finished, [this, versionReply, baseUrl]() {
-        if (versionReply->error() == QNetworkReply::NoError) {
-            QByteArray versionData = versionReply->readAll();
-            qDebug() << "versionReply data:" << QString::fromUtf8(versionData);
-            m_version = QString::fromUtf8(versionData).trimmed();
-            auto currentVersion = QVersionNumber::fromString(QString(APP_VERSION));
-            auto newVersion = QVersionNumber::fromString(m_version);
-            if (newVersion > currentVersion) {
-                // Fetch changelog file
-                QNetworkRequest changelogReq;
-                changelogReq.setTransferTimeout(7000);
-                changelogReq.setUrl(QUrl(baseUrl + "/CHANGELOG"));
-                QNetworkReply* changelogReply = amnApp->networkManager()->get(changelogReq);
-                // Handle network and SSL errors for CHANGELOG fetch
-                QObject::connect(changelogReply, &QNetworkReply::errorOccurred, [this, changelogReply](QNetworkReply::NetworkError error) {
-                    logger.error() << "Network error occurred while fetching CHANGELOG:" << changelogReply->errorString() << error;
-                });
-                QObject::connect(changelogReply, &QNetworkReply::sslErrors, [this, changelogReply](const QList<QSslError> &errors) {
-                    QStringList errorStrings;
-                    for (const QSslError &err : errors) errorStrings << err.errorString();
-                    logger.error() << "SSL errors while fetching CHANGELOG:" << errorStrings;
-                });
-                QObject::connect(changelogReply, &QNetworkReply::finished, [this, changelogReply, baseUrl]() {
-                    if (changelogReply->error() == QNetworkReply::NoError) {
-                        m_changelogText = QString::fromUtf8(changelogReply->readAll());
-                    } else {
-                        if (changelogReply->error() == QNetworkReply::NetworkError::OperationCanceledError
-                            || changelogReply->error() == QNetworkReply::NetworkError::TimeoutError) {
-                            logger.error() << errorString(ErrorCode::ApiConfigTimeoutError);
-                        } else {
-                            QString err = changelogReply->errorString();
-                            logger.error() << QString::fromUtf8(changelogReply->readAll());
-                            logger.error() << "Network error code:" << QString::number(static_cast<int>(changelogReply->error()));
-                            logger.error() << "Error message:" << err;
-                            logger.error() << "HTTP status:" << changelogReply->attribute(QNetworkRequest::HttpStatusCodeAttribute).toInt();
-                            logger.error() << errorString(ErrorCode::ApiConfigDownloadError);
-                        }
-                        m_changelogText = tr("Failed to load changelog text");
-                    }
-                    changelogReply->deleteLater();
-
-                    QNetworkRequest dateReq;
-                    dateReq.setTransferTimeout(7000);
-                    dateReq.setUrl(QUrl(baseUrl + "/RELEASE_DATE"));
-                    QNetworkReply* dateReply = amnApp->networkManager()->get(dateReq);
-
-                    QObject::connect(dateReply, &QNetworkReply::errorOccurred, [this, dateReply](QNetworkReply::NetworkError error) {
-                        logger.error() << "Network error occurred while fetching RELEASE_DATE:" << dateReply->errorString() << error;
-                    });
-                    QObject::connect(dateReply, &QNetworkReply::sslErrors, [this, dateReply](const QList<QSslError> &errors) {
-                        QStringList errorStrings;
-                        for (const QSslError &err : errors) errorStrings << err.errorString();
-                        logger.error() << "SSL errors while fetching RELEASE_DATE:" << errorStrings;
-                    });
-
-                    QObject::connect(dateReply, &QNetworkReply::finished, [this, dateReply, baseUrl]() {
-                        if (dateReply->error() == QNetworkReply::NoError) {
-                            m_releaseDate = QString::fromUtf8(dateReply->readAll()).trimmed();
-                        } else {
-                            // Detailed error logging for RELEASE_DATE fetch
-                            if (dateReply->error() == QNetworkReply::NetworkError::OperationCanceledError
-                                || dateReply->error() == QNetworkReply::NetworkError::TimeoutError) {
-                                logger.error() << errorString(ErrorCode::ApiConfigTimeoutError);
-                            } else {
-                                QString err = dateReply->errorString();
-                                logger.error() << QString::fromUtf8(dateReply->readAll());
-                                logger.error() << "Network error code:" << QString::number(static_cast<int>(dateReply->error()));
-                                logger.error() << "Error message:" << err;
-                                logger.error() << "HTTP status:" << dateReply->attribute(QNetworkRequest::HttpStatusCodeAttribute).toInt();
-                                logger.error() << errorString(ErrorCode::ApiConfigDownloadError);
-                            }
-                            m_releaseDate = QStringLiteral("Failed to load release date");
-                        }
-                        dateReply->deleteLater();
-
-                        // Compose installer link and notify
-                        QString fileName;
-#if defined(Q_OS_WINDOWS)
-                        fileName = QString("AmneziaVPN_%1_x64.exe").arg(m_version);
-#elif defined(Q_OS_MACOS)
-                        fileName = QString("AmneziaVPN_%1_macos.dmg").arg(m_version);
-#elif defined(Q_OS_LINUX) && !defined(Q_OS_ANDROID)
-                        fileName = QString("AmneziaVPN_%1_linux.tar.zip").arg(m_version);
-#endif
-                        m_downloadUrl = baseUrl + "/" + fileName;
-                        qDebug() << "m_downloadUrl:" << m_downloadUrl;
-
-                        emit updateFound();
-                    });
-                });
-            }
-        } else {
-            // Detailed error logging for VERSION fetch
-            if (versionReply->error() == QNetworkReply::NetworkError::OperationCanceledError
-                || versionReply->error() == QNetworkReply::NetworkError::TimeoutError) {
-                logger.error() << errorString(ErrorCode::ApiConfigTimeoutError);
-            } else {
-                QString err = versionReply->errorString();
-                logger.error() << QString::fromUtf8(versionReply->readAll());
-                logger.error() << "Network error code:" << QString::number(static_cast<int>(versionReply->error()));
-                logger.error() << "Error message:" << err;
-                logger.error() << "HTTP status:" << versionReply->attribute(QNetworkRequest::HttpStatusCodeAttribute).toInt();
-                logger.error() << errorString(ErrorCode::ApiConfigDownloadError);
-            }
+        for (const QSslError &err : errors) {
+            errorStrings << err.errorString();
         }
-        versionReply->deleteLater();
+        logger.error() << QString("SSL errors while fetching %1: %2").arg(operation, errorStrings.join("; "));
     });
 }
 
+void UpdateController::handleNetworkError(QNetworkReply* reply, const QString& operation)
+{
+    if (reply->error() == QNetworkReply::NetworkError::OperationCanceledError
+        || reply->error() == QNetworkReply::NetworkError::TimeoutError) {
+        logger.error() << errorString(ErrorCode::ApiConfigTimeoutError);
+    } else {
+        QString err = reply->errorString();
+        logger.error() << "Network error code:" << QString::number(static_cast<int>(reply->error()));
+        logger.error() << "Error message:" << err;
+        logger.error() << "HTTP status:" << reply->attribute(QNetworkRequest::HttpStatusCodeAttribute).toInt();
+        logger.error() << errorString(ErrorCode::ApiConfigDownloadError);
+    }
+}
+
+QString UpdateController::composeDownloadUrl()
+{
+    QString fileName;
+#if defined(Q_OS_WINDOWS)
+    fileName = QString("AmneziaVPN_%1_x64.exe").arg(m_version);
+#elif defined(Q_OS_MACOS)
+    fileName = QString("AmneziaVPN_%1_macos.dmg").arg(m_version);
+#elif defined(Q_OS_LINUX) && !defined(Q_OS_ANDROID)
+    fileName = QString("AmneziaVPN_%1_linux.tar.zip").arg(m_version);
+#endif
+    return m_baseUrl + "/" + fileName;
+}
+
 void UpdateController::runInstaller()
 {
 #if !defined(Q_OS_ANDROID) && !defined(Q_OS_IOS)
@@ -380,3 +360,26 @@ int UpdateController::runLinuxInstaller(const QString &installerPath)
     return 0;
 }
 #endif
+
+bool UpdateController::doSyncGet(const QString& endpoint, QByteArray& outData)
+{
+    QNetworkRequest req;
+    req.setTransferTimeout(7000);
+    req.setUrl(QUrl(m_baseUrl + endpoint));
+
+    QNetworkReply* reply = amnApp->networkManager()->get(req);
+    setupNetworkErrorHandling(reply, endpoint);
+    
+    QEventLoop loop;
+    QObject::connect(reply, &QNetworkReply::finished, &loop, &QEventLoop::quit);
+    loop.exec();
+
+    bool ok = (reply->error() == QNetworkReply::NoError);
+    if (ok) {
+        outData = reply->readAll();
+    } else {
+        handleNetworkError(reply, endpoint);
+    }
+    reply->deleteLater();
+    return ok;
+}
diff --git a/client/ui/controllers/updateController.h b/client/ui/controllers/updateController.h
index 1f667c04..4dfcf5d8 100644
--- a/client/ui/controllers/updateController.h
+++ b/client/ui/controllers/updateController.h
@@ -2,6 +2,7 @@
 #define UPDATECONTROLLER_H
 
 #include <QObject>
+#include <QNetworkReply>
 
 #include "settings.h"
 
@@ -23,8 +24,19 @@ signals:
     void updateFound();
 
 private:
+    bool fetchGatewayUrl();
+    bool fetchVersionInfo();
+    bool fetchChangelog();
+    bool fetchReleaseDate();
+    bool isNewVersionAvailable();
+    bool doSyncGet(const QString& endpoint, QByteArray& outData);
+    void setupNetworkErrorHandling(QNetworkReply* reply, const QString& operation);
+    void handleNetworkError(QNetworkReply* reply, const QString& operation);
+    QString composeDownloadUrl();
+    
     std::shared_ptr<Settings> m_settings;
 
+    QString m_baseUrl;
     QString m_changelogText;
     QString m_version;
     QString m_releaseDate;

From 26059788890ed25ab10f6ae01a743b9a37926e69 Mon Sep 17 00:00:00 2001
From: Mykola Baibuz <mykola.baibuz@gmail.com>
Date: Tue, 17 Jun 2025 05:00:41 -0700
Subject: [PATCH 38/53] fix: allow internet traffic for strict mode with split
 tunnel (#1654)

---
 client/platforms/windows/daemon/wireguardutilswindows.cpp | 1 +
 client/protocols/openvpnprotocol.cpp                      | 2 +-
 client/protocols/xrayprotocol.cpp                         | 2 +-
 client/ui/qml/Pages2/PageSettingsKillSwitch.qml           | 7 ++-----
 service/server/killswitch.cpp                             | 3 +++
 5 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/client/platforms/windows/daemon/wireguardutilswindows.cpp b/client/platforms/windows/daemon/wireguardutilswindows.cpp
index d01ef54a..a5c9c84d 100644
--- a/client/platforms/windows/daemon/wireguardutilswindows.cpp
+++ b/client/platforms/windows/daemon/wireguardutilswindows.cpp
@@ -130,6 +130,7 @@ bool WireguardUtilsWindows::addInterface(const InterfaceConfig& config) {
     // Enable the windows firewall
     NET_IFINDEX ifindex;
     ConvertInterfaceLuidToIndex(&luid, &ifindex);
+    m_firewall->allowAllTraffic();
     m_firewall->enableInterface(ifindex);
   }
 
diff --git a/client/protocols/openvpnprotocol.cpp b/client/protocols/openvpnprotocol.cpp
index 429b85a6..0bbdbd07 100644
--- a/client/protocols/openvpnprotocol.cpp
+++ b/client/protocols/openvpnprotocol.cpp
@@ -343,7 +343,7 @@ void OpenVpnProtocol::updateVpnGateway(const QString &line)
                         // killSwitch toggle
                         if (m_vpnLocalAddress == netInterfaces.at(i).addressEntries().at(j).ip().toString()) {
                             if (QVariant(m_configData.value(config_key::killSwitchOption).toString()).toBool()) {
-                                IpcClient::Interface()->enableKillSwitch(QJsonObject(), netInterfaces.at(i).index());
+                                IpcClient::Interface()->enableKillSwitch(m_configData, netInterfaces.at(i).index());
                             }
                             m_configData.insert("vpnAdapterIndex", netInterfaces.at(i).index());
                             m_configData.insert("vpnGateway", m_vpnGateway);
diff --git a/client/protocols/xrayprotocol.cpp b/client/protocols/xrayprotocol.cpp
index faad8e94..9f26d1e6 100755
--- a/client/protocols/xrayprotocol.cpp
+++ b/client/protocols/xrayprotocol.cpp
@@ -134,7 +134,7 @@ ErrorCode XrayProtocol::startTun2Sock()
                     // killSwitch toggle
                     if (m_vpnLocalAddress == netInterfaces.at(i).addressEntries().at(j).ip().toString()) {
                         if (QVariant(m_configData.value(config_key::killSwitchOption).toString()).toBool()) {
-                            IpcClient::Interface()->enableKillSwitch(QJsonObject(), netInterfaces.at(i).index());
+                            IpcClient::Interface()->enableKillSwitch(m_configData, netInterfaces.at(i).index());
                         }
                         m_configData.insert("vpnAdapterIndex", netInterfaces.at(i).index());
                         m_configData.insert("vpnGateway", m_vpnGateway);
diff --git a/client/ui/qml/Pages2/PageSettingsKillSwitch.qml b/client/ui/qml/Pages2/PageSettingsKillSwitch.qml
index 1ffcc8cf..444eb415 100644
--- a/client/ui/qml/Pages2/PageSettingsKillSwitch.qml
+++ b/client/ui/qml/Pages2/PageSettingsKillSwitch.qml
@@ -81,8 +81,7 @@ PageType {
                 Layout.leftMargin: 16
                 Layout.rightMargin: 16
 
-                visible: false
-                enabled: false //SettingsController.isKillSwitchEnabled && !ConnectionController.isConnected
+                enabled: SettingsController.isKillSwitchEnabled && !ConnectionController.isConnected
                 checked: SettingsController.strictKillSwitchEnabled
 
                 text: qsTr("Strict KillSwitch")
@@ -104,9 +103,7 @@ PageType {
                 }
             }
 
-            DividerType {
-                visible: false
-            }
+            DividerType {}
             
             LabelWithButtonType {
                 Layout.topMargin: 32
diff --git a/service/server/killswitch.cpp b/service/server/killswitch.cpp
index c44bd6a2..447be865 100644
--- a/service/server/killswitch.cpp
+++ b/service/server/killswitch.cpp
@@ -255,6 +255,9 @@ bool KillSwitch::enablePeerTraffic(const QJsonObject &configStr) {
 
 bool KillSwitch::enableKillSwitch(const QJsonObject &configStr, int vpnAdapterIndex) {
 #ifdef Q_OS_WIN
+    if (configStr.value("splitTunnelType").toInt() != 0) {
+        WindowsFirewall::create(this)->allowAllTraffic();
+    }
     return WindowsFirewall::create(this)->enableInterface(vpnAdapterIndex);
 #endif
 

From e152e84ddc949c17754509bcf5b2ddd2a4ebdcf3 Mon Sep 17 00:00:00 2001
From: lunardunno <126363523+lunardunno@users.noreply.github.com>
Date: Mon, 23 Jun 2025 06:32:56 +0400
Subject: [PATCH 39/53] feat: docker pull rate limit check (#1657)

* Docker pull rate limit

* Error code for DockerPullRateLimit

* Extended description Error 213

Extended description for the error 213: Docker Pull Rate Limit

* empty line removed
---
 client/core/controllers/serverController.cpp | 2 ++
 client/core/defs.h                           | 1 +
 client/core/errorstrings.cpp                 | 1 +
 3 files changed, 4 insertions(+)

diff --git a/client/core/controllers/serverController.cpp b/client/core/controllers/serverController.cpp
index 8ff6b6c8..f86e2865 100644
--- a/client/core/controllers/serverController.cpp
+++ b/client/core/controllers/serverController.cpp
@@ -460,6 +460,8 @@ ErrorCode ServerController::buildContainerWorker(const ServerCredentials &creden
         return ErrorCode::ServerDockerOnCgroupsV2;
     if (stdOut.contains("cgroup mountpoint does not exist"))
         return ErrorCode::ServerCgroupMountpoint;
+    if (stdOut.contains("have reached") && stdOut.contains("pull rate limit"))
+        return ErrorCode::DockerPullRateLimit;
 
     return error;
 }
diff --git a/client/core/defs.h b/client/core/defs.h
index df6a1342..64f52ce6 100644
--- a/client/core/defs.h
+++ b/client/core/defs.h
@@ -60,6 +60,7 @@ namespace amnezia
         ServerUserPasswordRequired = 210,
         ServerDockerOnCgroupsV2 = 211,
         ServerCgroupMountpoint = 212,
+        DockerPullRateLimit = 213,
 
         // Ssh connection errors
         SshRequestDeniedError = 300,
diff --git a/client/core/errorstrings.cpp b/client/core/errorstrings.cpp
index 7cc46220..bd5ccaba 100644
--- a/client/core/errorstrings.cpp
+++ b/client/core/errorstrings.cpp
@@ -28,6 +28,7 @@ QString errorString(ErrorCode code) {
     case(ErrorCode::ServerUserPasswordRequired): errorMessage = QObject::tr("The user's password is required"); break;
     case(ErrorCode::ServerDockerOnCgroupsV2): errorMessage = QObject::tr("Docker error: runc doesn't work on cgroups v2"); break;
     case(ErrorCode::ServerCgroupMountpoint): errorMessage = QObject::tr("Server error: cgroup mountpoint does not exist"); break;
+    case(ErrorCode::DockerPullRateLimit): errorMessage = QObject::tr("Docker error: The pull rate limit has been reached"); break;
 
     // Libssh errors
     case(ErrorCode::SshRequestDeniedError): errorMessage = QObject::tr("SSH request was denied"); break;

From 979ab42c5a424ccffb0fa8b843b9fcc517236f9d Mon Sep 17 00:00:00 2001
From: lunardunno <126363523+lunardunno@users.noreply.github.com>
Date: Mon, 23 Jun 2025 06:34:40 +0400
Subject: [PATCH 40/53] feat: OpenSUSE support (#1557)

* LOCK_FILE for zypper

Checking LOCK_FILE for zypper to support OpenSUSE

* Installation for OpenSUSE

Docker installation support for OpenSUSE

* quiet for zypper

* LOCK_CMD variable

Implementing the LOCK_CMD variable for different OS.

* additional exception for "server is busy"

* Replacing and with or

Replacing && with ||

* undo changes to serverController

* rpm.lock

rpm.lock for dnf yum and zypper

* LOCK_CMD

check for dnf

* Added zypper in check_user_in_sudo
---
 client/core/controllers/serverController.cpp  |  2 +-
 client/server_scripts/check_server_is_busy.sh | 11 ++++++-----
 client/server_scripts/check_user_in_sudo.sh   |  1 +
 client/server_scripts/install_docker.sh       |  1 +
 4 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/client/core/controllers/serverController.cpp b/client/core/controllers/serverController.cpp
index f86e2865..a61a638b 100644
--- a/client/core/controllers/serverController.cpp
+++ b/client/core/controllers/serverController.cpp
@@ -827,7 +827,7 @@ ErrorCode ServerController::isServerDpkgBusy(const ServerCredentials &credential
 
             if (stdOut.contains("Packet manager not found"))
                 return ErrorCode::ServerPacketManagerError;
-            if (stdOut.contains("fuser not installed"))
+            if (stdOut.contains("fuser not installed") || stdOut.contains("cat not installed"))
                 return ErrorCode::NoError;
 
             if (stdOut.isEmpty()) {
diff --git a/client/server_scripts/check_server_is_busy.sh b/client/server_scripts/check_server_is_busy.sh
index 4e6a2c26..feddfed3 100644
--- a/client/server_scripts/check_server_is_busy.sh
+++ b/client/server_scripts/check_server_is_busy.sh
@@ -1,6 +1,7 @@
-if which apt-get > /dev/null 2>&1; then LOCK_FILE="/var/lib/dpkg/lock-frontend";\
-elif which dnf > /dev/null 2>&1; then LOCK_FILE="/var/run/dnf.pid";\
-elif which yum > /dev/null 2>&1; then LOCK_FILE="/var/run/yum.pid";\
-elif which pacman > /dev/null 2>&1; then LOCK_FILE="/var/lib/pacman/db.lck";\
+if which apt-get > /dev/null 2>&1; then LOCK_CMD="fuser"; LOCK_FILE="/var/lib/dpkg/lock-frontend";\
+elif which dnf > /dev/null 2>&1; then LOCK_CMD="fuser"; LOCK_FILE="/var/cache/dnf/* /var/run/dnf/* /var/lib/dnf/* /var/lib/rpm/*";\
+elif which yum > /dev/null 2>&1; then LOCK_CMD="cat"; LOCK_FILE="/var/run/yum.pid";\
+elif which zypper > /dev/null 2>&1; then LOCK_CMD="cat"; LOCK_FILE="/var/run/zypp.pid";\
+elif which pacman > /dev/null 2>&1; then LOCK_CMD="fuser"; LOCK_FILE="/var/lib/pacman/db.lck";\
 else echo "Packet manager not found"; echo "Internal error"; exit 1; fi;\
-if command -v fuser > /dev/null 2>&1; then sudo fuser $LOCK_FILE 2>/dev/null; else echo "fuser not installed"; fi
+if command -v $LOCK_CMD > /dev/null 2>&1; then sudo $LOCK_CMD $LOCK_FILE 2>/dev/null; else echo "$LOCK_CMD not installed"; fi
diff --git a/client/server_scripts/check_user_in_sudo.sh b/client/server_scripts/check_user_in_sudo.sh
index 685e6a18..f83f2fd7 100644
--- a/client/server_scripts/check_user_in_sudo.sh
+++ b/client/server_scripts/check_user_in_sudo.sh
@@ -1,6 +1,7 @@
 if which apt-get > /dev/null 2>&1; then pm=$(which apt-get); opt="--version";\
 elif which dnf > /dev/null 2>&1; then pm=$(which dnf); opt="--version";\
 elif which yum > /dev/null 2>&1; then pm=$(which yum); opt="--version";\
+elif which zypper > /dev/null 2>&1; then pm=$(which zypper); opt="--version";\
 elif which pacman > /dev/null 2>&1; then pm=$(which pacman); opt="--version";\
 else pm="uname"; opt="-a";\
 fi;\
diff --git a/client/server_scripts/install_docker.sh b/client/server_scripts/install_docker.sh
index 619b08d6..1e41bb5a 100644
--- a/client/server_scripts/install_docker.sh
+++ b/client/server_scripts/install_docker.sh
@@ -1,6 +1,7 @@
 if which apt-get > /dev/null 2>&1; then pm=$(which apt-get); silent_inst="-yq install"; check_pkgs="-yq update"; docker_pkg="docker.io"; dist="debian";\
 elif which dnf > /dev/null 2>&1; then pm=$(which dnf); silent_inst="-yq install"; check_pkgs="-yq check-update"; docker_pkg="docker"; dist="fedora";\
 elif which yum > /dev/null 2>&1; then pm=$(which yum); silent_inst="-y -q install"; check_pkgs="-y -q check-update"; docker_pkg="docker"; dist="centos";\
+elif which zypper > /dev/null 2>&1; then pm=$(which zypper); silent_inst="-nq install"; check_pkgs="-nq refresh"; docker_pkg="docker"; dist="opensuse";\
 elif which pacman > /dev/null 2>&1; then pm=$(which pacman); silent_inst="-S --noconfirm --noprogressbar --quiet"; check_pkgs="-Sup"; docker_pkg="docker"; dist="archlinux";\
 else echo "Packet manager not found"; exit 1; fi;\
 echo "Dist: $dist, Packet manager: $pm, Install command: $silent_inst, Check pkgs command: $check_pkgs, Docker pkg: $docker_pkg";\

From f0626e2ecabf1115d264834beadc59de35a6559e Mon Sep 17 00:00:00 2001
From: aiamnezia <ai@amnezia.org>
Date: Wed, 2 Jul 2025 06:07:56 +0400
Subject: [PATCH 41/53] fix: delete premium V2 migration link from Free config
 Settings (#1671)

* delete premium V2 update link from Free config Settings

* Add debug logs

* Add property for checking if server config is premium

* remove debug logs
---
 client/ui/models/servers_model.cpp              | 9 ++++++++-
 client/ui/models/servers_model.h                | 5 ++++-
 client/ui/qml/Pages2/PageSettingsServerData.qml | 4 ++--
 3 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/client/ui/models/servers_model.cpp b/client/ui/models/servers_model.cpp
index 5a70c16f..22813312 100644
--- a/client/ui/models/servers_model.cpp
+++ b/client/ui/models/servers_model.cpp
@@ -8,6 +8,8 @@
     #include <AmneziaVPN-Swift.h>
 #endif
 
+#include "core/api/apiUtils.h"
+
 namespace
 {
     namespace configKey
@@ -427,7 +429,7 @@ void ServersModel::updateDefaultServerContainersModel()
     emit defaultServerContainersUpdated(containers);
 }
 
-QJsonObject ServersModel::getServerConfig(const int serverIndex)
+QJsonObject ServersModel::getServerConfig(const int serverIndex) const
 {
     return m_servers.at(serverIndex).toObject();
 }
@@ -814,3 +816,8 @@ const QString ServersModel::getDefaultServerImagePathCollapsed()
     }
     return QString("qrc:/countriesFlags/images/flagKit/%1.svg").arg(countryCode.toUpper());
 }
+
+bool ServersModel::processedServerIsPremium() const
+{
+    return apiUtils::isPremiumServer(getServerConfig(m_processedServerIndex));
+}
diff --git a/client/ui/models/servers_model.h b/client/ui/models/servers_model.h
index c4803708..c36b6534 100644
--- a/client/ui/models/servers_model.h
+++ b/client/ui/models/servers_model.h
@@ -63,6 +63,9 @@ public:
     Q_PROPERTY(bool isDefaultServerFromApi READ isDefaultServerFromApi NOTIFY defaultServerIndexChanged)
 
     Q_PROPERTY(int processedIndex READ getProcessedServerIndex WRITE setProcessedServerIndex NOTIFY processedServerIndexChanged)
+    Q_PROPERTY(bool processedServerIsPremium READ processedServerIsPremium NOTIFY processedServerChanged)
+
+    bool processedServerIsPremium() const;
 
 public slots:
     void setDefaultServerIndex(const int index);
@@ -92,7 +95,7 @@ public slots:
     void removeServer();
     void removeServer(const int serverIndex);
 
-    QJsonObject getServerConfig(const int serverIndex);
+    QJsonObject getServerConfig(const int serverIndex) const;
 
     void reloadDefaultServerContainerConfig();
     void updateContainerConfig(const int containerIndex, const QJsonObject config);
diff --git a/client/ui/qml/Pages2/PageSettingsServerData.qml b/client/ui/qml/Pages2/PageSettingsServerData.qml
index 995ca74b..82552958 100644
--- a/client/ui/qml/Pages2/PageSettingsServerData.qml
+++ b/client/ui/qml/Pages2/PageSettingsServerData.qml
@@ -260,7 +260,7 @@ PageType {
 
             LabelWithButtonType {
                 id: labelWithButton6
-                visible: ServersModel.getProcessedServerData("isServerFromTelegramApi")
+                visible: ServersModel.getProcessedServerData("isServerFromTelegramApi") && ServersModel.processedServerIsPremium
                 Layout.fillWidth: true
 
                 text: qsTr("Switch to the new Amnezia Premium subscription")
@@ -273,7 +273,7 @@ PageType {
             }
 
             DividerType {
-                visible: ServersModel.getProcessedServerData("isServerFromTelegramApi")
+                visible: ServersModel.getProcessedServerData("isServerFromTelegramApi") && ServersModel.processedServerIsPremium
             }
         }
     }

From b0a6bcc05536c9d615b835a790a90d6d42657d1a Mon Sep 17 00:00:00 2001
From: Mitternacht822 <sb@amnezia.org>
Date: Wed, 2 Jul 2025 06:11:22 +0400
Subject: [PATCH 42/53] =?UTF-8?q?fix:=20fixed=20issue=20when=20native=20co?=
 =?UTF-8?q?nnection=20format=20preserved=20after=20switching=20p=E2=80=A6?=
 =?UTF-8?q?=20(#1659)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* fixed issue when native connection format preserved after switching protocol

* moved newly added code into handler section
---
 client/ui/qml/Pages2/PageShare.qml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/client/ui/qml/Pages2/PageShare.qml b/client/ui/qml/Pages2/PageShare.qml
index 48f74acf..0f0976bc 100644
--- a/client/ui/qml/Pages2/PageShare.qml
+++ b/client/ui/qml/Pages2/PageShare.qml
@@ -429,6 +429,11 @@ PageType {
 
                         fillConnectionTypeModel()
 
+                        if (exportTypeSelector.currentIndex >= root.connectionTypesModel.length) {
+                            exportTypeSelector.currentIndex = 0
+                            exportTypeSelector.text = root.connectionTypesModel[0].name
+                        }
+
                         if (accessTypeSelector.currentIndex === 1) {
                             PageController.showBusyIndicator(true)
                             ExportController.updateClientManagementModel(ContainersModel.getProcessedContainerIndex(),

From 9dca80de18a9f2b3fd8339044eafc0b44fd91bd6 Mon Sep 17 00:00:00 2001
From: Mitternacht822 <sb@amnezia.org>
Date: Wed, 2 Jul 2025 06:11:52 +0400
Subject: [PATCH 43/53] fix: notification not showing when changed some
 protocols (#1666)

* added notification about disconnecting users after applying changes for SS and Cloak servers pages

* added notification about changing protocol data for server and some minor changes
---
 .../qml/Pages2/PageProtocolCloakSettings.qml  | 51 +++++++++++++++----
 .../Pages2/PageProtocolOpenVpnSettings.qml    | 51 ++++++++++++++-----
 .../PageProtocolShadowSocksSettings.qml       | 49 +++++++++++-------
 .../Pages2/PageProtocolWireGuardSettings.qml  |  2 +-
 .../qml/Pages2/PageProtocolXraySettings.qml   | 42 +++++++++++----
 5 files changed, 146 insertions(+), 49 deletions(-)

diff --git a/client/ui/qml/Pages2/PageProtocolCloakSettings.qml b/client/ui/qml/Pages2/PageProtocolCloakSettings.qml
index 7a0fafbd..8e5129b0 100644
--- a/client/ui/qml/Pages2/PageProtocolCloakSettings.qml
+++ b/client/ui/qml/Pages2/PageProtocolCloakSettings.qml
@@ -59,10 +59,13 @@ PageType {
                 model: CloakConfigModel
 
                 delegate: Item {
-                    implicitWidth: listview.width
-                    implicitHeight: col.implicitHeight
+                    id: delegateItem
 
                     property alias trafficFromField: trafficFromField
+                    property bool isEnabled: ServersModel.isProcessedServerHasWriteAccess()
+
+                    implicitWidth: listview.width
+                    implicitHeight: col.implicitHeight
 
                     ColumnLayout {
                         id: col
@@ -78,7 +81,6 @@ PageType {
 
                         BaseHeaderType {
                             Layout.fillWidth: true
-
                             headerText: qsTr("Cloak settings")
                         }
 
@@ -88,6 +90,8 @@ PageType {
                             Layout.fillWidth: true
                             Layout.topMargin: 32
 
+                            enabled: delegateItem.isEnabled
+
                             headerText: qsTr("Disguised as traffic from")
                             textField.text: site
 
@@ -104,6 +108,8 @@ PageType {
                                     }
                                 }
                             }
+
+                            checkEmptyText: true
                         }
 
                         TextFieldWithHeaderType {
@@ -112,6 +118,8 @@ PageType {
                             Layout.fillWidth: true
                             Layout.topMargin: 16
 
+                            enabled: delegateItem.isEnabled
+
                             headerText: qsTr("Port")
                             textField.text: port
                             textField.maximumLength: 5
@@ -122,6 +130,8 @@ PageType {
                                     port = textField.text
                                 }
                             }
+
+                            checkEmptyText: true
                         }
 
                         DropDownType {
@@ -129,6 +139,8 @@ PageType {
                             Layout.fillWidth: true
                             Layout.topMargin: 16
 
+                            enabled: delegateItem.isEnabled
+
                             descriptionText: qsTr("Cipher")
                             headerText: qsTr("Cipher")
 
@@ -166,25 +178,46 @@ PageType {
                         }
 
                         BasicButtonType {
-                            id: saveRestartButton
+                            id: saveButton
 
                             Layout.fillWidth: true
                             Layout.topMargin: 24
                             Layout.bottomMargin: 24
 
+                            enabled: trafficFromField.errorText === "" &&
+                                     portTextField.errorText === ""
+
                             text: qsTr("Save")
 
                             clickedFunc: function() {
                                 forceActiveFocus()
 
-                                if (ConnectionController.isConnected && ServersModel.getDefaultServerData("defaultContainer") === ContainersModel.getProcessedContainerIndex()) {
-                                    PageController.showNotificationMessage(qsTr("Unable change settings while there is an active connection"))
-                                    return
+                                var headerText = qsTr("Save settings?")
+                                var descriptionText = qsTr("All users with whom you shared a connection with will no longer be able to connect to it.")
+                                var yesButtonText = qsTr("Continue")
+                                var noButtonText = qsTr("Cancel")
+
+                                var yesButtonFunction = function() {
+                                    if (ConnectionController.isConnected && ServersModel.getDefaultServerData("defaultContainer") === ContainersModel.getProcessedContainerIndex()) {
+                                        PageController.showNotificationMessage(qsTr("Unable change settings while there is an active connection"))
+                                        return
+                                    }
+
+                                    PageController.goToPage(PageEnum.PageSetupWizardInstalling)
+                                    InstallController.updateContainer(CloakConfigModel.getConfig())
                                 }
 
-                                PageController.goToPage(PageEnum.PageSetupWizardInstalling);
-                                InstallController.updateContainer(CloakConfigModel.getConfig())
+                                var noButtonFunction = function() {
+                                    if (!GC.isMobile()) {
+                                        saveButton.forceActiveFocus()
+                                    }
+                                }
+
+                                showQuestionDrawer(headerText, descriptionText, yesButtonText, noButtonText, yesButtonFunction, noButtonFunction)
                             }
+
+                            Keys.onEnterPressed: saveButton.clicked()
+                            Keys.onReturnPressed: saveButton.clicked()
                         }
                     }
                 }
diff --git a/client/ui/qml/Pages2/PageProtocolOpenVpnSettings.qml b/client/ui/qml/Pages2/PageProtocolOpenVpnSettings.qml
index 2e00d54a..62cbd1f6 100644
--- a/client/ui/qml/Pages2/PageProtocolOpenVpnSettings.qml
+++ b/client/ui/qml/Pages2/PageProtocolOpenVpnSettings.qml
@@ -58,10 +58,13 @@ PageType {
                 model: OpenVpnConfigModel             
 
                 delegate: Item {
-                    implicitWidth: listview.width
-                    implicitHeight: col.implicitHeight
+                    id: delegateItem
 
                     property alias vpnAddressSubnetTextField: vpnAddressSubnetTextField
+                    property bool isEnabled: ServersModel.isProcessedServerHasWriteAccess()
+
+                    implicitWidth: listview.width
+                    implicitHeight: col.implicitHeight
 
                     ColumnLayout {
                         id: col
@@ -77,7 +80,6 @@ PageType {
 
                         BaseHeaderType {
                             Layout.fillWidth: true
-
                             headerText: qsTr("OpenVPN settings")
                         }
 
@@ -87,6 +89,8 @@ PageType {
                             Layout.fillWidth: true
                             Layout.topMargin: 32
 
+                            enabled: delegateItem.isEnabled
+
                             headerText: qsTr("VPN address subnet")
                             textField.text: subnetAddress
 
@@ -97,6 +101,8 @@ PageType {
                                     subnetAddress = textField.text
                                 }
                             }
+
+                            checkEmptyText: true
                         }
 
                         ParagraphTextType {
@@ -134,7 +140,7 @@ PageType {
                             Layout.topMargin: 40
                             parentFlickable: fl
 
-                            enabled: isPortEditable
+                            enabled: delegateItem.isEnabled
 
                             headerText: qsTr("Port")
                             textField.text: port
@@ -146,6 +152,8 @@ PageType {
                                     port = textField.text
                                 }
                             }
+
+                            checkEmptyText: true
                         }
 
                         SwitcherType {
@@ -388,26 +396,45 @@ PageType {
                         }
 
                         BasicButtonType {
-                            id: saveRestartButton
+                            id: saveButton
 
                             Layout.fillWidth: true
                             Layout.topMargin: 24
                             Layout.bottomMargin: 24
 
+                            enabled: vpnAddressSubnetTextField.errorText === "" &&
+                                     portTextField.errorText === ""
+
                             text: qsTr("Save")
                             parentFlickable: fl
 
-                            clickedFunc: function() {
+                            onClicked: function() {
                                 forceActiveFocus()
 
-                                if (ConnectionController.isConnected && ServersModel.getDefaultServerData("defaultContainer") === ContainersModel.getProcessedContainerIndex()) {
-                                    PageController.showNotificationMessage(qsTr("Unable change settings while there is an active connection"))
-                                    return
-                                }
+                                var headerText = qsTr("Save settings?")
+                                var descriptionText = qsTr("All users with whom you shared a connection with will no longer be able to connect to it.")
+                                var yesButtonText = qsTr("Continue")
+                                var noButtonText = qsTr("Cancel")
 
-                                PageController.goToPage(PageEnum.PageSetupWizardInstalling);
-                                InstallController.updateContainer(OpenVpnConfigModel.getConfig())
+                                var yesButtonFunction = function() {
+                                    if (ConnectionController.isConnected && ServersModel.getDefaultServerData("defaultContainer") === ContainersModel.getProcessedContainerIndex()) {
+                                        PageController.showNotificationMessage(qsTr("Unable change settings while there is an active connection"))
+                                        return
+                                    }
+
+                                    PageController.goToPage(PageEnum.PageSetupWizardInstalling);
+                                    InstallController.updateContainer(OpenVpnConfigModel.getConfig())
+                                }
+                                var noButtonFunction = function() {
+                                    if (!GC.isMobile()) {
+                                        saveButton.forceActiveFocus()
+                                    }
+                                }
+                                showQuestionDrawer(headerText, descriptionText, yesButtonText, noButtonText, yesButtonFunction, noButtonFunction)
                             }
+
+                            Keys.onEnterPressed: saveButton.clicked()
+                            Keys.onReturnPressed: saveButton.clicked()
                         }
                     }
                 }
diff --git a/client/ui/qml/Pages2/PageProtocolShadowSocksSettings.qml b/client/ui/qml/Pages2/PageProtocolShadowSocksSettings.qml
index 63e60dcb..92df3ec7 100644
--- a/client/ui/qml/Pages2/PageProtocolShadowSocksSettings.qml
+++ b/client/ui/qml/Pages2/PageProtocolShadowSocksSettings.qml
@@ -57,15 +57,13 @@ PageType {
                 model: ShadowSocksConfigModel
 
                 delegate: Item {
+                    id: delegateItem
+
+                    property bool isEnabled: ServersModel.isProcessedServerHasWriteAccess()
+
                     implicitWidth: listview.width
                     implicitHeight: col.implicitHeight
 
-                    property var focusItemId: portTextField.enabled ?
-                                                    portTextField :
-                                                    cipherDropDown.enabled ?
-                                                        cipherDropDown :
-                                                        saveRestartButton
-
                     ColumnLayout {
                         id: col
 
@@ -80,7 +78,6 @@ PageType {
 
                         BaseHeaderType {
                             Layout.fillWidth: true
-
                             headerText: qsTr("Shadowsocks settings")
                         }
 
@@ -90,7 +87,7 @@ PageType {
                             Layout.fillWidth: true
                             Layout.topMargin: 40
 
-                            enabled: isPortEditable
+                            enabled: delegateItem.isEnabled
 
                             headerText: qsTr("Port")
                             textField.text: port
@@ -102,6 +99,8 @@ PageType {
                                     port = textField.text
                                 }
                             }
+
+                            checkEmptyText: true
                         }
 
                         DropDownType {
@@ -109,7 +108,7 @@ PageType {
                             Layout.fillWidth: true
                             Layout.topMargin: 20
 
-                            enabled: isCipherEditable
+                            enabled: delegateItem.isEnabled
 
                             descriptionText: qsTr("Cipher")
                             headerText: qsTr("Cipher")
@@ -149,27 +148,43 @@ PageType {
                         }
 
                         BasicButtonType {
-                            id: saveRestartButton
+                            id: saveButton
 
                             Layout.fillWidth: true
                             Layout.topMargin: 24
                             Layout.bottomMargin: 24
 
-                            enabled: isPortEditable | isCipherEditable
+                            enabled: portTextField.errorText === ""
 
                             text: qsTr("Save")
 
                             clickedFunc: function() {
                                 forceActiveFocus()
 
-                                if (ConnectionController.isConnected && ServersModel.getDefaultServerData("defaultContainer") === ContainersModel.getProcessedContainerIndex()) {
-                                    PageController.showNotificationMessage(qsTr("Unable change settings while there is an active connection"))
-                                    return
-                                }
+                                var headerText = qsTr("Save settings?")
+                                var descriptionText = qsTr("All users with whom you shared a connection with will no longer be able to connect to it.")
+                                var yesButtonText = qsTr("Continue")
+                                var noButtonText = qsTr("Cancel")
 
-                                PageController.goToPage(PageEnum.PageSetupWizardInstalling);
-                                InstallController.updateContainer(ShadowSocksConfigModel.getConfig())
+                                var yesButtonFunction = function() {
+                                    if (ConnectionController.isConnected && ServersModel.getDefaultServerData("defaultContainer") === ContainersModel.getProcessedContainerIndex()) {
+                                        PageController.showNotificationMessage(qsTr("Unable change settings while there is an active connection"))
+                                        return
+                                    }
+
+                                    PageController.goToPage(PageEnum.PageSetupWizardInstalling);
+                                    InstallController.updateContainer(ShadowSocksConfigModel.getConfig())
+                                }
+                                var noButtonFunction = function() {
+                                    if (!GC.isMobile()) {
+                                        saveButton.forceActiveFocus()
+                                    }
+                                }
+                                showQuestionDrawer(headerText, descriptionText, yesButtonText, noButtonText, yesButtonFunction, noButtonFunction)
                             }
+
+                            Keys.onEnterPressed: saveButton.clicked()
+                            Keys.onReturnPressed: saveButton.clicked()
                         }
                     }
                 }
diff --git a/client/ui/qml/Pages2/PageProtocolWireGuardSettings.qml b/client/ui/qml/Pages2/PageProtocolWireGuardSettings.qml
index 7b5180f3..21b35bc1 100644
--- a/client/ui/qml/Pages2/PageProtocolWireGuardSettings.qml
+++ b/client/ui/qml/Pages2/PageProtocolWireGuardSettings.qml
@@ -152,7 +152,7 @@ PageType {
                                 }
                                 var noButtonFunction = function() {
                                     if (!GC.isMobile()) {
-                                        saveRestartButton.forceActiveFocus()
+                                        saveButton.forceActiveFocus()
                                     }
                                 }
                                 showQuestionDrawer(headerText, descriptionText, yesButtonText, noButtonText, yesButtonFunction, noButtonFunction)
diff --git a/client/ui/qml/Pages2/PageProtocolXraySettings.qml b/client/ui/qml/Pages2/PageProtocolXraySettings.qml
index d22e31a2..0bcd14de 100644
--- a/client/ui/qml/Pages2/PageProtocolXraySettings.qml
+++ b/client/ui/qml/Pages2/PageProtocolXraySettings.qml
@@ -58,7 +58,10 @@ PageType {
                 model: XrayConfigModel
 
                 delegate: Item {
+                    id: delegateItem
+
                     property alias focusItemId: textFieldWithHeaderType.textField
+                    property bool isEnabled: ServersModel.isProcessedServerHasWriteAccess()
 
                     implicitWidth: listview.width
                     implicitHeight: col.implicitHeight
@@ -85,6 +88,8 @@ PageType {
                             Layout.fillWidth: true
                             Layout.topMargin: 32
 
+                            enabled: delegateItem.isEnabled
+
                             headerText: qsTr("Disguised as traffic from")
                             textField.text: site
 
@@ -101,6 +106,8 @@ PageType {
                                     }
                                 }
                             }
+
+                            checkEmptyText: true
                         }
 
                         TextFieldWithHeaderType {
@@ -130,23 +137,38 @@ PageType {
                             Layout.topMargin: 24
                             Layout.bottomMargin: 24
 
+                            enabled: portTextField.errorText === ""
+
                             text: qsTr("Save")
 
-                            onClicked: {
+                            onClicked: function() {
                                 forceActiveFocus()
 
-                                if (ConnectionController.isConnected && ServersModel.getDefaultServerData("defaultContainer") === ContainersModel.getProcessedContainerIndex()) {
-                                    PageController.showNotificationMessage(qsTr("Unable change settings while there is an active connection"))
-                                    return
-                                }
+                                var headerText = qsTr("Save settings?")
+                                var descriptionText = qsTr("All users with whom you shared a connection with will no longer be able to connect to it.")
+                                var yesButtonText = qsTr("Continue")
+                                var noButtonText = qsTr("Cancel")
 
-                                PageController.goToPage(PageEnum.PageSetupWizardInstalling);
-                                InstallController.updateContainer(XrayConfigModel.getConfig())
-                                focusItem.forceActiveFocus()
+                                var yesButtonFunction = function() {
+                                    if (ConnectionController.isConnected && ServersModel.getDefaultServerData("defaultContainer") === ContainersModel.getProcessedContainerIndex()) {
+                                        PageController.showNotificationMessage(qsTr("Unable change settings while there is an active connection"))
+                                        return
+                                    }
+
+                                    PageController.goToPage(PageEnum.PageSetupWizardInstalling);
+                                    InstallController.updateContainer(XrayConfigModel.getConfig())
+                                    //focusItem.forceActiveFocus()
+                                }
+                                var noButtonFunction = function() {
+                                    if (!GC.isMobile()) {
+                                        saveButton.forceActiveFocus()
+                                    }
+                                }
+                                showQuestionDrawer(headerText, descriptionText, yesButtonText, noButtonText, yesButtonFunction, noButtonFunction)
                             }
 
-                            Keys.onEnterPressed: basicButton.clicked()
-                            Keys.onReturnPressed: basicButton.clicked()
+                            Keys.onEnterPressed: saveButton.clicked()
+                            Keys.onReturnPressed: saveButton.clicked()
                         }
                     }
                 }

From 127f8ed3bbccf31383504eb2a71396015b3d67fb Mon Sep 17 00:00:00 2001
From: Nethius <nethiuswork@gmail.com>
Date: Wed, 2 Jul 2025 10:14:56 +0800
Subject: [PATCH 44/53] fix: fixed desktop entry version for linux (#1665)

---
 deploy/installer/config/AmneziaVPN.desktop.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/deploy/installer/config/AmneziaVPN.desktop.in b/deploy/installer/config/AmneziaVPN.desktop.in
index 2a53074e..03ab570c 100755
--- a/deploy/installer/config/AmneziaVPN.desktop.in
+++ b/deploy/installer/config/AmneziaVPN.desktop.in
@@ -2,7 +2,7 @@
 [Desktop Entry]
 Type=Application
 Name=AmneziaVPN
-Version=@CMAKE_PROJECT_VERSION@
+Version=1.0
 Comment=Client of your self-hosted VPN
 Exec=AmneziaVPN
 Icon=/usr/share/pixmaps/AmneziaVPN.png

From b34193486300bc951219c655fd2734f6860feb9f Mon Sep 17 00:00:00 2001
From: Mykola Baibuz <mykola.baibuz@gmail.com>
Date: Tue, 1 Jul 2025 19:16:58 -0700
Subject: [PATCH 45/53] fix: allow secondary DNS usage when AmneziaDNS is
 disabled (#1583)

* Allow secondary DNS usage when AmneziaDNS is disabled

* Don't setup secondary DNS for OpenVPN with AmneziaDNS

---------

Co-authored-by: vladimir.kuznetsov <nethiuswork@gmail.com>
---
 client/configurators/openvpn_configurator.cpp | 12 +++++++++
 client/daemon/daemon.cpp                      | 26 +++++++++++++-----
 client/daemon/interfaceconfig.cpp             | 13 ++++++---
 client/daemon/interfaceconfig.h               |  3 ++-
 client/mozilla/localsocketcontroller.cpp      |  9 ++++++-
 .../linux/daemon/wireguardutilslinux.cpp      |  5 +++-
 .../macos/daemon/wireguardutilsmacos.cpp      | 27 ++++++++++---------
 .../windows/daemon/windowsfirewall.cpp        | 23 +++++++++++++---
 client/protocols/xrayprotocol.cpp             |  7 ++++-
 service/server/killswitch.cpp                 | 23 +++++++++++++---
 10 files changed, 116 insertions(+), 32 deletions(-)

diff --git a/client/configurators/openvpn_configurator.cpp b/client/configurators/openvpn_configurator.cpp
index 6d6603da..f6996320 100644
--- a/client/configurators/openvpn_configurator.cpp
+++ b/client/configurators/openvpn_configurator.cpp
@@ -118,6 +118,12 @@ QString OpenVpnConfigurator::processConfigWithLocalSettings(const QPair<QString,
         QRegularExpression regex("redirect-gateway.*");
         config.replace(regex, "");
         
+        // We don't use secondary DNS if primary DNS is AmneziaDNS
+        if (dns.first.contains(protocols::dns::amneziaDnsIp)) {
+            QRegularExpression dnsRegex("dhcp-option DNS " + dns.second);
+            config.replace(dnsRegex, "");
+        }
+
         if (!m_settings->isSitesSplitTunnelingEnabled()) {
             config.append("\nredirect-gateway def1 ipv6 bypass-dhcp\n");
             config.append("block-ipv6\n");
@@ -161,6 +167,12 @@ QString OpenVpnConfigurator::processConfigWithExportSettings(const QPair<QString
     QRegularExpression regex("redirect-gateway.*");
     config.replace(regex, "");
 
+    // We don't use secondary DNS if primary DNS is AmneziaDNS
+    if (dns.first.contains(protocols::dns::amneziaDnsIp)) {
+        QRegularExpression dnsRegex("dhcp-option DNS " + dns.second);
+        config.replace(dnsRegex, "");
+    }
+
     config.append("\nredirect-gateway def1 ipv6 bypass-dhcp\n");
 
     // Prevent ipv6 leak
diff --git a/client/daemon/daemon.cpp b/client/daemon/daemon.cpp
index 24e72629..33ec8cbc 100644
--- a/client/daemon/daemon.cpp
+++ b/client/daemon/daemon.cpp
@@ -169,11 +169,14 @@ bool Daemon::maybeUpdateResolvers(const InterfaceConfig& config) {
   if ((config.m_hopType == InterfaceConfig::MultiHopExit) ||
       (config.m_hopType == InterfaceConfig::SingleHop)) {
     QList<QHostAddress> resolvers;
-    resolvers.append(QHostAddress(config.m_dnsServer));
+    resolvers.append(QHostAddress(config.m_primaryDnsServer));
+    if (!config.m_secondaryDnsServer.isEmpty()) {
+        resolvers.append(QHostAddress(config.m_secondaryDnsServer));
+    }
 
     // If the DNS is not the Gateway, it's a user defined DNS
     // thus, not add any other :)
-    if (config.m_dnsServer == config.m_serverIpv4Gateway) {
+    if (config.m_primaryDnsServer == config.m_serverIpv4Gateway) {
       resolvers.append(QHostAddress(config.m_serverIpv6Gateway));
     }
 
@@ -279,15 +282,26 @@ bool Daemon::parseConfig(const QJsonObject& obj, InterfaceConfig& config) {
   config.m_serverIpv4Gateway = obj.value("serverIpv4Gateway").toString();
   config.m_serverIpv6Gateway = obj.value("serverIpv6Gateway").toString();
 
-  if (!obj.contains("dnsServer")) {
-    config.m_dnsServer = QString();
+  if (!obj.contains("primaryDnsServer")) {
+    config.m_primaryDnsServer = QString();
   } else {
-    QJsonValue value = obj.value("dnsServer");
+    QJsonValue value = obj.value("primaryDnsServer");
     if (!value.isString()) {
       logger.error() << "dnsServer is not a string";
       return false;
     }
-    config.m_dnsServer = value.toString();
+    config.m_primaryDnsServer = value.toString();
+  }
+
+  if (!obj.contains("secondaryDnsServer")) {
+    config.m_secondaryDnsServer = QString();
+  } else {
+    QJsonValue value = obj.value("secondaryDnsServer");
+    if (!value.isString()) {
+      logger.error() << "dnsServer is not a string";
+      return false;
+    }
+    config.m_secondaryDnsServer = value.toString();
   }
 
   if (!obj.contains("hopType")) {
diff --git a/client/daemon/interfaceconfig.cpp b/client/daemon/interfaceconfig.cpp
index f0adcc92..846cfebe 100644
--- a/client/daemon/interfaceconfig.cpp
+++ b/client/daemon/interfaceconfig.cpp
@@ -28,7 +28,8 @@ QJsonObject InterfaceConfig::toJson() const {
       (m_hopType == InterfaceConfig::SingleHop)) {
     json.insert("serverIpv4Gateway", QJsonValue(m_serverIpv4Gateway));
     json.insert("serverIpv6Gateway", QJsonValue(m_serverIpv6Gateway));
-    json.insert("dnsServer", QJsonValue(m_dnsServer));
+    json.insert("primaryDnsServer", QJsonValue(m_primaryDnsServer));
+    json.insert("secondaryDnsServer", QJsonValue(m_secondaryDnsServer));
   }
 
   QJsonArray allowedIPAddesses;
@@ -100,11 +101,15 @@ QString InterfaceConfig::toWgConf(const QMap<QString, QString>& extra) const {
     out << "MTU = " << m_deviceMTU << "\n";
   }
 
-  if (!m_dnsServer.isNull()) {
-    QStringList dnsServers(m_dnsServer);
+  if (!m_primaryDnsServer.isNull()) {
+    QStringList dnsServers;
+    dnsServers.append(m_primaryDnsServer);
+    if (!m_secondaryDnsServer.isNull()) {
+        dnsServers.append(m_secondaryDnsServer);
+    }
     // If the DNS is not the Gateway, it's a user defined DNS
     // thus, not add any other :)
-    if (m_dnsServer == m_serverIpv4Gateway) {
+    if (m_primaryDnsServer == m_serverIpv4Gateway) {
       dnsServers.append(m_serverIpv6Gateway);
     }
     out << "DNS = " << dnsServers.join(", ") << "\n";
diff --git a/client/daemon/interfaceconfig.h b/client/daemon/interfaceconfig.h
index ee43a253..6ae400c2 100644
--- a/client/daemon/interfaceconfig.h
+++ b/client/daemon/interfaceconfig.h
@@ -32,7 +32,8 @@ class InterfaceConfig {
   QString m_serverIpv4AddrIn;
   QString m_serverPskKey;
   QString m_serverIpv6AddrIn;
-  QString m_dnsServer;
+  QString m_primaryDnsServer;
+  QString m_secondaryDnsServer;
   int m_serverPort = 0;
   int m_deviceMTU = 1420;
   QList<IPAddress> m_allowedIPAddressRanges;
diff --git a/client/mozilla/localsocketcontroller.cpp b/client/mozilla/localsocketcontroller.cpp
index afa29c47..67924d47 100644
--- a/client/mozilla/localsocketcontroller.cpp
+++ b/client/mozilla/localsocketcontroller.cpp
@@ -149,7 +149,14 @@ void LocalSocketController::activate(const QJsonObject &rawConfig) {
   json.insert("serverPort", wgConfig.value(amnezia::config_key::port).toInt());
   json.insert("serverIpv4Gateway", wgConfig.value(amnezia::config_key::hostName));
   //  json.insert("serverIpv6Gateway", QJsonValue(hop.m_server.ipv6Gateway()));
-  json.insert("dnsServer", rawConfig.value(amnezia::config_key::dns1));
+
+  json.insert("primaryDnsServer", rawConfig.value(amnezia::config_key::dns1));
+
+  // We don't use secondary DNS if primary DNS is AmneziaDNS
+  if (!rawConfig.value(amnezia::config_key::dns1).toString().
+    contains(amnezia::protocols::dns::amneziaDnsIp)) {
+    json.insert("secondaryDnsServer", rawConfig.value(amnezia::config_key::dns2));
+  }
 
   QJsonArray jsAllowedIPAddesses;
 
diff --git a/client/platforms/linux/daemon/wireguardutilslinux.cpp b/client/platforms/linux/daemon/wireguardutilslinux.cpp
index 0fbb65a8..a12b8582 100644
--- a/client/platforms/linux/daemon/wireguardutilslinux.cpp
+++ b/client/platforms/linux/daemon/wireguardutilslinux.cpp
@@ -140,7 +140,10 @@ bool WireguardUtilsLinux::addInterface(const InterfaceConfig& config) {
     } else {
         if (config.m_killSwitchEnabled) {
             FirewallParams params { };
-            params.dnsServers.append(config.m_dnsServer);
+            params.dnsServers.append(config.m_primaryDnsServer);
+            if (!config.m_secondaryDnsServer.isEmpty()) {
+                params.dnsServers.append(config.m_secondaryDnsServer);
+            }
             if (config.m_allowedIPAddressRanges.contains(IPAddress("0.0.0.0/0"))) {
                 params.blockAll = true;
                 if (config.m_excludedAddresses.size()) {
diff --git a/client/platforms/macos/daemon/wireguardutilsmacos.cpp b/client/platforms/macos/daemon/wireguardutilsmacos.cpp
index 1d8aa6e0..37170f20 100644
--- a/client/platforms/macos/daemon/wireguardutilsmacos.cpp
+++ b/client/platforms/macos/daemon/wireguardutilsmacos.cpp
@@ -136,26 +136,29 @@ bool WireguardUtilsMacos::addInterface(const InterfaceConfig& config) {
   if (err != 0) {
     logger.error() << "Interface configuration failed:" << strerror(err);
   } else {
-      if (config.m_killSwitchEnabled) {
-        FirewallParams params { };
-        params.dnsServers.append(config.m_dnsServer);
+    if (config.m_killSwitchEnabled) {
+      FirewallParams params { };
+      params.dnsServers.append(config.m_primaryDnsServer);
+      if (!config.m_secondaryDnsServer.isEmpty()) {
+          params.dnsServers.append(config.m_secondaryDnsServer);
+      }
 
-        if (config.m_allowedIPAddressRanges.contains(IPAddress("0.0.0.0/0"))) {
+      if (config.m_allowedIPAddressRanges.contains(IPAddress("0.0.0.0/0"))) {
           params.blockAll = true;
           if (config.m_excludedAddresses.size()) {
-            params.allowNets = true;
-            foreach (auto net, config.m_excludedAddresses) {
-              params.allowAddrs.append(net.toUtf8());
-            }
+              params.allowNets = true;
+              foreach (auto net, config.m_excludedAddresses) {
+                  params.allowAddrs.append(net.toUtf8());
+              }
           }
-        } else {
+      } else {
           params.blockNets = true;
           foreach (auto net, config.m_allowedIPAddressRanges) {
-            params.blockAddrs.append(net.toString());
+              params.blockAddrs.append(net.toString());
           }
-        }
-        applyFirewallRules(params);
       }
+      applyFirewallRules(params);
+    }
   }
   return (err == 0);
 }
diff --git a/client/platforms/windows/daemon/windowsfirewall.cpp b/client/platforms/windows/daemon/windowsfirewall.cpp
index 1834452e..2556c417 100644
--- a/client/platforms/windows/daemon/windowsfirewall.cpp
+++ b/client/platforms/windows/daemon/windowsfirewall.cpp
@@ -291,15 +291,32 @@ bool WindowsFirewall::enablePeerTraffic(const InterfaceConfig& config) {
                       "Block Internet", config.m_serverPublicKey)) {
     return false;
   }
-  if (!config.m_dnsServer.isEmpty()) {
-    if (!allowTrafficTo(QHostAddress(config.m_dnsServer), 53, HIGH_WEIGHT,
+  if (!config.m_primaryDnsServer.isEmpty()) {
+    if (!allowTrafficTo(QHostAddress(config.m_primaryDnsServer), 53, HIGH_WEIGHT,
                         "Allow DNS-Server", config.m_serverPublicKey)) {
       return false;
     }
     // In some cases, we might configure a 2nd DNS server for IPv6, however
     // this should probably be cleaned up by converting m_dnsServer into
     // a QStringList instead.
-    if (config.m_dnsServer == config.m_serverIpv4Gateway) {
+    if (config.m_primaryDnsServer == config.m_serverIpv4Gateway) {
+      if (!allowTrafficTo(QHostAddress(config.m_serverIpv6Gateway), 53,
+                          HIGH_WEIGHT, "Allow extra IPv6 DNS-Server",
+                          config.m_serverPublicKey)) {
+        return false;
+      }
+    }
+  }
+
+  if (!config.m_secondaryDnsServer.isEmpty()) {
+    if (!allowTrafficTo(QHostAddress(config.m_secondaryDnsServer), 53, HIGH_WEIGHT,
+                        "Allow DNS-Server", config.m_serverPublicKey)) {
+      return false;
+    }
+    // In some cases, we might configure a 2nd DNS server for IPv6, however
+    // this should probably be cleaned up by converting m_dnsServer into
+    // a QStringList instead.
+    if (config.m_secondaryDnsServer == config.m_serverIpv4Gateway) {
       if (!allowTrafficTo(QHostAddress(config.m_serverIpv6Gateway), 53,
                           HIGH_WEIGHT, "Allow extra IPv6 DNS-Server",
                           config.m_serverPublicKey)) {
diff --git a/client/protocols/xrayprotocol.cpp b/client/protocols/xrayprotocol.cpp
index 9f26d1e6..84922634 100755
--- a/client/protocols/xrayprotocol.cpp
+++ b/client/protocols/xrayprotocol.cpp
@@ -98,8 +98,13 @@ ErrorCode XrayProtocol::startTun2Sock()
         if (vpnState == Vpn::ConnectionState::Connected) {
             setConnectionState(Vpn::ConnectionState::Connecting);
             QList<QHostAddress> dnsAddr;
+
             dnsAddr.push_back(QHostAddress(m_configData.value(config_key::dns1).toString()));
-            dnsAddr.push_back(QHostAddress(m_configData.value(config_key::dns2).toString()));
+            // We don't use secondary DNS if primary DNS is AmneziaDNS
+            if (!m_configData.value(amnezia::config_key::dns1).toString().
+                 contains(amnezia::protocols::dns::amneziaDnsIp)) {
+                dnsAddr.push_back(QHostAddress(m_configData.value(config_key::dns2).toString()));
+            }
 #ifdef Q_OS_WIN
             QThread::msleep(8000);
 #endif
diff --git a/service/server/killswitch.cpp b/service/server/killswitch.cpp
index 447be865..d0cba03a 100644
--- a/service/server/killswitch.cpp
+++ b/service/server/killswitch.cpp
@@ -192,7 +192,14 @@ bool KillSwitch::addAllowedRange(const QStringList &ranges) {
 bool KillSwitch::enablePeerTraffic(const QJsonObject &configStr) {
 #ifdef Q_OS_WIN
     InterfaceConfig config;
-    config.m_dnsServer = configStr.value(amnezia::config_key::dns1).toString();
+
+    config.m_primaryDnsServer = configStr.value(amnezia::config_key::dns1).toString();
+
+    // We don't use secondary DNS if primary DNS is AmneziaDNS
+    if (!config.m_primaryDnsServer.contains(amnezia::protocols::dns::amneziaDnsIp)) {
+        config.m_secondaryDnsServer = configStr.value(amnezia::config_key::dns2).toString();
+    }
+
     config.m_serverPublicKey = "openvpn";
     config.m_serverIpv4Gateway = configStr.value("vpnGateway").toString();
     config.m_serverIpv4AddrIn = configStr.value("vpnServer").toString();
@@ -307,8 +314,14 @@ bool KillSwitch::enableKillSwitch(const QJsonObject &configStr, int vpnAdapterIn
     LinuxFirewall::setAnchorEnabled(LinuxFirewall::Both, QStringLiteral("300.allowLAN"), true);
     LinuxFirewall::setAnchorEnabled(LinuxFirewall::IPv4, QStringLiteral("310.blockDNS"), true);
     QStringList dnsServers;
+
     dnsServers.append(configStr.value(amnezia::config_key::dns1).toString());
-    dnsServers.append(configStr.value(amnezia::config_key::dns2).toString());
+
+    // We don't use secondary DNS if primary DNS is AmneziaDNS
+    if (!configStr.value(amnezia::config_key::dns1).toString().contains(amnezia::protocols::dns::amneziaDnsIp)) {
+        dnsServers.append(configStr.value(amnezia::config_key::dns2).toString());
+    }
+
     dnsServers.append("127.0.0.1");
     dnsServers.append("127.0.0.53");
     
@@ -345,7 +358,11 @@ bool KillSwitch::enableKillSwitch(const QJsonObject &configStr, int vpnAdapterIn
 
     QStringList dnsServers;
     dnsServers.append(configStr.value(amnezia::config_key::dns1).toString());
-    dnsServers.append(configStr.value(amnezia::config_key::dns2).toString());
+
+    // We don't use secondary DNS if primary DNS is AmneziaDNS
+    if (!configStr.value(amnezia::config_key::dns1).toString().contains(amnezia::protocols::dns::amneziaDnsIp)) {
+        dnsServers.append(configStr.value(amnezia::config_key::dns2).toString());
+    }
     
     for (auto dns : configStr.value(amnezia::config_key::allowedDnsServers).toArray()) {
         if (!dns.isString()) {

From 4d17e913b52a02d80381b61d94a4a767e9bc00cf Mon Sep 17 00:00:00 2001
From: Yaroslav <yaroslav.yashin@gmail.com>
Date: Thu, 3 Jul 2025 04:51:11 +0300
Subject: [PATCH 46/53] feat: native macos installer distribution (#1633)

* Add uninstall option and output pkg

Improve installer mode detection

Fix macOS installer packaging

Fix default selection for uninstall choice

Remove obsolete tar handling and clean script copies

* Improve macOS build script

* fix: update macos firewall and package scripts for better compatibility and cleanup

* Add DeveloperID certificate and improve macOS signing script

Use keychain option for codesign and restore login keychain to list
after signing

* Update build_macos.sh

* feat: add script to quit GUI application during uninstall on macos

* fix: handle macos post-install when app is unpacked into localized folder

* fix: improve post_install script to handle missing service plist and provide error logging
---
 .github/workflows/deploy.yml                  |  18 +-
 .../platforms/macos/daemon/macosfirewall.cpp  |  14 +-
 deploy/DeveloperIDG2CA.cer                    | Bin 0 -> 1090 bytes
 deploy/build_macos.sh                         | 258 +++++++++++-------
 deploy/data/macos/check_install.sh            |   5 +
 deploy/data/macos/check_uninstall.sh          |   5 +
 deploy/data/macos/distribution.xml            |  17 ++
 deploy/data/macos/distribution_uninstall.xml  |  13 +
 deploy/data/macos/post_install.sh             |  41 ++-
 deploy/data/macos/post_uninstall.sh           |  50 ++++
 deploy/data/macos/uninstall_conclusion.html   |   7 +
 deploy/data/macos/uninstall_welcome.html      |   7 +
 deploy/installer/config.cmake                 |   5 -
 deploy/installer/config/macos.xml.in          |  27 --
 14 files changed, 311 insertions(+), 156 deletions(-)
 create mode 100644 deploy/DeveloperIDG2CA.cer
 mode change 100755 => 100644 deploy/build_macos.sh
 create mode 100755 deploy/data/macos/check_install.sh
 create mode 100755 deploy/data/macos/check_uninstall.sh
 create mode 100644 deploy/data/macos/distribution.xml
 create mode 100644 deploy/data/macos/distribution_uninstall.xml
 create mode 100644 deploy/data/macos/uninstall_conclusion.html
 create mode 100644 deploy/data/macos/uninstall_welcome.html
 delete mode 100644 deploy/installer/config/macos.xml.in

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 86779f33..0c9dfb32 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -255,7 +255,6 @@ jobs:
     env:
       # Keep compat with MacOS 10.15 aka Catalina by Qt 6.4
       QT_VERSION: 6.4.3
-      QIF_VERSION: 4.6
       PROD_AGW_PUBLIC_KEY: ${{ secrets.PROD_AGW_PUBLIC_KEY }}
       PROD_S3_ENDPOINT: ${{ secrets.PROD_S3_ENDPOINT }}
       DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }}
@@ -283,11 +282,6 @@ jobs:
         set-env: 'true'
         extra: '--external 7z --base ${{ env.QT_MIRROR }}'
 
-    - name: 'Install Qt Installer Framework ${{ env.QIF_VERSION }}'
-      run: |
-        mkdir -pv ${{ runner.temp }}/Qt/Tools/QtInstallerFramework
-        wget https://qt.amzsvc.com/tools/ifw/${{ env.QIF_VERSION }}.zip
-        unzip ${{ env.QIF_VERSION }}.zip -d ${{ runner.temp }}/Qt/Tools/QtInstallerFramework/
 
     - name: 'Get sources'
       uses: actions/checkout@v4
@@ -301,14 +295,13 @@ jobs:
     - name: 'Build project'
       run: |
         export QT_BIN_DIR="${{ runner.temp }}/Qt/${{ env.QT_VERSION }}/macos/bin"
-        export QIF_BIN_DIR="${{ runner.temp }}/Qt/Tools/QtInstallerFramework/${{ env.QIF_VERSION }}/bin"
         bash deploy/build_macos.sh
 
     - name: 'Upload installer artifact'
       uses: actions/upload-artifact@v4
       with:
         name: AmneziaVPN_MacOS_old_installer
-        path: AmneziaVPN.dmg
+        path: deploy/build/pkg/AmneziaVPN.pkg
         retention-days: 7
 
     - name: 'Upload unpacked artifact'
@@ -325,7 +318,6 @@ jobs:
 
     env:
       QT_VERSION: 6.8.0
-      QIF_VERSION: 4.8.1
       PROD_AGW_PUBLIC_KEY: ${{ secrets.PROD_AGW_PUBLIC_KEY }}
       PROD_S3_ENDPOINT: ${{ secrets.PROD_S3_ENDPOINT }}
       DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }}
@@ -353,11 +345,6 @@ jobs:
         set-env: 'true'
         extra: '--external 7z --base ${{ env.QT_MIRROR }}'
 
-    - name: 'Install Qt Installer Framework ${{ env.QIF_VERSION }}'
-      run: |
-        mkdir -pv ${{ runner.temp }}/Qt/Tools/QtInstallerFramework
-        wget https://qt.amzsvc.com/tools/ifw/${{ env.QIF_VERSION }}.zip
-        unzip ${{ env.QIF_VERSION }}.zip -d ${{ runner.temp }}/Qt/Tools/QtInstallerFramework/
 
     - name: 'Get sources'
       uses: actions/checkout@v4
@@ -371,14 +358,13 @@ jobs:
     - name: 'Build project'
       run: |
         export QT_BIN_DIR="${{ runner.temp }}/Qt/${{ env.QT_VERSION }}/macos/bin"
-        export QIF_BIN_DIR="${{ runner.temp }}/Qt/Tools/QtInstallerFramework/${{ env.QIF_VERSION }}/bin"
         bash deploy/build_macos.sh
 
     - name: 'Upload installer artifact'
       uses: actions/upload-artifact@v4
       with:
         name: AmneziaVPN_MacOS_installer
-        path: AmneziaVPN.dmg
+        path: deploy/build/pkg/AmneziaVPN.pkg
         retention-days: 7
 
     - name: 'Upload unpacked artifact'
diff --git a/client/platforms/macos/daemon/macosfirewall.cpp b/client/platforms/macos/daemon/macosfirewall.cpp
index 0fe51f23..5211c440 100644
--- a/client/platforms/macos/daemon/macosfirewall.cpp
+++ b/client/platforms/macos/daemon/macosfirewall.cpp
@@ -43,8 +43,16 @@ namespace {
 
 #include "macosfirewall.h"
 
-#define ResourceDir qApp->applicationDirPath() + "/pf"
-#define DaemonDataDir qApp->applicationDirPath() + "/pf"
+#include <QDir>
+#include <QStandardPaths>
+
+// Read-only rules bundled with the application.
+#define ResourceDir (qApp->applicationDirPath() + "/pf")
+
+// Writable location that does NOT live inside the signed bundle.  Using a
+// constant path under /Library/Application Support keeps the signature intact
+// and is accessible to the root helper.
+#define DaemonDataDir QStringLiteral("/Library/Application Support/AmneziaVPN/pf")
 
 #include <QProcess>
 
@@ -121,6 +129,8 @@ void MacOSFirewall::install()
     logger.info() << "Installing PF root anchor";
 
     installRootAnchors();
+    // Ensure writable directory exists, then store the token there.
+    QDir().mkpath(DaemonDataDir);
     execute(QStringLiteral("pfctl -E 2>&1 | grep -F 'Token : ' | cut -c9- > '%1/pf.token'").arg(DaemonDataDir));
 }
 
diff --git a/deploy/DeveloperIDG2CA.cer b/deploy/DeveloperIDG2CA.cer
new file mode 100644
index 0000000000000000000000000000000000000000..8cbcf6f46ce8dcd0fb6e55441867a4608c032860
GIT binary patch
literal 1090
zcmXqLVzD!5Vpdzg%*4pVBvQYH!T#)Y&#KeSzLS=8RTLj;iFG#MW#iOp^Jx3d%gD&h
z%3zRW$Zf#M#vIDRCd?EXY$$9X2;y)Fb2%0i<fJNi<|XSHsu`$&1i6J}A%f1SMJ1VO
znaPPInfZANj-@3T`9+x}m4;#lA|Q3l!n_c5LHYS53eJuOa^k#3h6a{KMurxqriKPl
z;=IN{uA#XB7(^Mw8R{BngLU$#xTKb)=HwTo7AbhTDB!XP>SS&nCU+yalX;MxjO;0c
zCPpP>Z!@woFgG#sGXTZ8n3@<F87}Kg%}@-P*tI{k@Q{Sxx3jztCu)>lXWlhc{<6@_
zAeVa$Zs~tCyBS(Lx(wQVee%4v9DmC6_<FL>sxz<N+;-BRSgZOneu=kMNWS<QgZY{o
zCQIu3pH@7MRn}5;yU=+!{zumIxrNdaD>m_*Wacv6#I#)Z>*hPs%}3Q09g3DcH!m}M
zzME}-$);}wYkbz|o;?}o+I{{v$FroX4pX<9$DEPod-(p&(x<&A1GYQN=TcU6b?Bdx
zUj1OoE6d9jOHD2wI{m=7UT>Su;iqa>RnM*J)hhopPh{Hk2Vdj$KD}68xZHa2OrI*H
z#lG(g1g~CeYi#<MZampI%3<TABddz1$sURM|M0ar6Eh<N<Ko8m290kFgn;oNE6m9F
zpM}GK4M;IDG8o8%#FSYi48$5lv@c}3PbuU4_a(bm&tchjci(!BI0F|p4sA9@R#tXK
zMivVLGXoPC-+-}ABcr6Gz)D{~Ke@O-FA<ce^pf*)!CV7lU9dnAFr6eP8t8$nk!Mji
zP&H6qptwN3O%|#(xhMxoCrGs(P{=?Qq@IsOj78*!6;GyM*@L%hF1}tC`OEz3k<blt
z27DlCevnUCfZ2h~K!A-4obZ!V*qGQ@n1E>?H7fwq1S7-2zs_8d`#)~n?ko^>O~S}P
zBuwq0phvQHX3=yH`M&5=acZK!OOzXoLyRRCDz!!3*x{YIYWcZo(++VRH_f_`f37RD
zIVso6^6S55-|LI6bjZK$IKcnor?K1?f$fK41kGK{SvD+jncI`WTU{$#cV_G457+W-
zMXMT?mRx?=Uwf(Jh2ioUN9FH7YKmOf(3s#R_GaGBE{9dpS`QQ3xOxisZ+hvx@ma(w
zc&)N$X|k%KGE@HK=&108*Ije(pZQ)tKmPXdw<*i>UG(#PZ7V9c!nRmnw>qJnx@hvN
w+Yzt&uIxN=z~GOOl<%%dJSvtmnyePgy!ZUclRbQUTGvOdj=AvX_8Ec00Cez?EdT%j

literal 0
HcmV?d00001

diff --git a/deploy/build_macos.sh b/deploy/build_macos.sh
old mode 100755
new mode 100644
index 5f6e9786..03f286fc
--- a/deploy/build_macos.sh
+++ b/deploy/build_macos.sh
@@ -1,4 +1,15 @@
 #!/bin/bash
+# -----------------------------------------------------------------------------
+# Usage:
+#   Export the required signing credentials before running this script, e.g.:
+#     export MAC_APP_CERT_PW='pw-for-DeveloperID-Application'
+#     export MAC_INSTALL_CERT_PW='pw-for-DeveloperID-Installer'
+#     export MAC_SIGNER_ID='Developer ID Application: Some Company Name (XXXXXXXXXX)'
+#     export MAC_INSTALLER_SIGNER_ID='Developer ID Installer: Some Company Name (XXXXXXXXXX)'
+#     export APPLE_DEV_EMAIL='your@email.com'
+#     export APPLE_DEV_PASSWORD='<your-password>'
+#     bash deploy/build_macos.sh [-n]
+# -----------------------------------------------------------------------------
 echo "Build script started ..."
 
 set -o errexit -o nounset
@@ -14,10 +25,10 @@ done
 PROJECT_DIR=$(pwd)
 DEPLOY_DIR=$PROJECT_DIR/deploy
 
-mkdir -p $DEPLOY_DIR/build
-BUILD_DIR=$DEPLOY_DIR/build
+mkdir -p "$DEPLOY_DIR/build"
+BUILD_DIR="$DEPLOY_DIR/build"
 
-echo "Project dir: ${PROJECT_DIR}" 
+echo "Project dir: ${PROJECT_DIR}"
 echo "Build dir: ${BUILD_DIR}"
 
 APP_NAME=AmneziaVPN
@@ -28,39 +39,45 @@ PLIST_NAME=$APP_NAME.plist
 OUT_APP_DIR=$BUILD_DIR/client
 BUNDLE_DIR=$OUT_APP_DIR/$APP_FILENAME
 
+# Prebuilt deployment assets are available via the symlink under deploy/data
 PREBUILT_DEPLOY_DATA_DIR=$PROJECT_DIR/deploy/data/deploy-prebuilt/macos
 DEPLOY_DATA_DIR=$PROJECT_DIR/deploy/data/macos
 
-INSTALLER_DATA_DIR=$BUILD_DIR/installer/packages/$APP_DOMAIN/data
-INSTALLER_BUNDLE_DIR=$BUILD_DIR/installer/$APP_FILENAME
-DMG_FILENAME=$PROJECT_DIR/${APP_NAME}.dmg
 
 # Search Qt
 if [ -z "${QT_VERSION+x}" ]; then
-QT_VERSION=6.4.3;
-QIF_VERSION=4.6
+QT_VERSION=6.8.3;
 QT_BIN_DIR=$HOME/Qt/$QT_VERSION/macos/bin
-QIF_BIN_DIR=$QT_BIN_DIR/../../../Tools/QtInstallerFramework/$QIF_VERSION/bin
 fi
 
 echo "Using Qt in $QT_BIN_DIR"
-echo "Using QIF in $QIF_BIN_DIR"
 
 
 # Checking env
-$QT_BIN_DIR/qt-cmake --version
+"$QT_BIN_DIR/qt-cmake" --version
 cmake --version
 clang -v
 
 # Build App
 echo "Building App..."
-cd $BUILD_DIR
+cd "$BUILD_DIR"
 
-$QT_BIN_DIR/qt-cmake -S $PROJECT_DIR -B $BUILD_DIR
+"$QT_BIN_DIR/qt-cmake" -S "$PROJECT_DIR" -B "$BUILD_DIR"
 cmake --build . --config release --target all
 
 # Build and run tests here
 
+# Create a temporary keychain and import certificates
+KEYCHAIN_PATH="$PROJECT_DIR/mac_sign.keychain"
+trap 'echo "Cleaning up mac_sign.keychain..."; security delete-keychain "$KEYCHAIN_PATH" 2>/dev/null || true; rm -f "$KEYCHAIN_PATH" 2>/dev/null || true' EXIT
+KEYCHAIN=$(security default-keychain -d user | tr -d '"[:space:]"')
+security list-keychains -d user -s "$KEYCHAIN_PATH" "$KEYCHAIN" "$(security list-keychains -d user | tr '\n' ' ')"
+security create-keychain -p "" "$KEYCHAIN_PATH"
+security import "$DEPLOY_DIR/DeveloperIdApplicationCertificate.p12" -k "$KEYCHAIN_PATH" -P "$MAC_APP_CERT_PW" -T /usr/bin/codesign
+security import "$DEPLOY_DIR/DeveloperIdInstallerCertificate.p12" -k "$KEYCHAIN_PATH" -P "$MAC_INSTALL_CERT_PW" -T /usr/bin/codesign
+security import "$DEPLOY_DIR/DeveloperIDG2CA.cer" -k "$KEYCHAIN_PATH" -T /usr/bin/codesign
+security list-keychains -d user -s "$KEYCHAIN_PATH"
+
 echo "____________________________________"
 echo "............Deploy.................."
 echo "____________________________________"
@@ -69,102 +86,159 @@ echo "____________________________________"
 echo "Packaging ..."
 
 
-cp -Rv $PREBUILT_DEPLOY_DATA_DIR/* $BUNDLE_DIR/Contents/macOS
-$QT_BIN_DIR/macdeployqt $OUT_APP_DIR/$APP_FILENAME -always-overwrite -qmldir=$PROJECT_DIR
-cp -av $BUILD_DIR/service/server/$APP_NAME-service $BUNDLE_DIR/Contents/macOS
-cp -Rv $PROJECT_DIR/deploy/data/macos/* $BUNDLE_DIR/Contents/macOS
-rm -f $BUNDLE_DIR/Contents/macOS/post_install.sh $BUNDLE_DIR/Contents/macOS/post_uninstall.sh
+cp -Rv "$PREBUILT_DEPLOY_DATA_DIR"/* "$BUNDLE_DIR/Contents/macOS"
+"$QT_BIN_DIR/macdeployqt" "$OUT_APP_DIR/$APP_FILENAME" -always-overwrite -qmldir="$PROJECT_DIR"
+cp -av "$BUILD_DIR/service/server/$APP_NAME-service" "$BUNDLE_DIR/Contents/macOS"
+rsync -av --exclude="$PLIST_NAME" --exclude=post_install.sh --exclude=post_uninstall.sh "$DEPLOY_DATA_DIR/" "$BUNDLE_DIR/Contents/macOS/"
 
-if [ "${MAC_CERT_PW+x}" ]; then
+if [ "${MAC_APP_CERT_PW+x}" ]; then
 
-  CERTIFICATE_P12=$DEPLOY_DIR/PrivacyTechAppleCertDeveloperId.p12
-  WWDRCA=$DEPLOY_DIR/WWDRCA.cer
-  KEYCHAIN=amnezia.build.macos.keychain
-  TEMP_PASS=tmp_pass
+  # Path to the p12 that contains the Developer ID *Application* certificate
+  CERTIFICATE_P12=$DEPLOY_DIR/DeveloperIdApplicationCertificate.p12
 
-  security create-keychain -p $TEMP_PASS $KEYCHAIN || true
-  security default-keychain -s $KEYCHAIN
-  security unlock-keychain -p $TEMP_PASS $KEYCHAIN
+  # Ensure launchd plist is bundled, but place it inside Resources so that
+  # the bundle keeps a valid structure (nothing but `Contents` at the root).
+  mkdir -p "$BUNDLE_DIR/Contents/Resources"
+  cp "$DEPLOY_DATA_DIR/$PLIST_NAME" "$BUNDLE_DIR/Contents/Resources/$PLIST_NAME"
 
-  security default-keychain
-  security list-keychains
-
-  security import $WWDRCA -k $KEYCHAIN -T /usr/bin/codesign || true
-  security import $CERTIFICATE_P12 -k $KEYCHAIN -P $MAC_CERT_PW -T /usr/bin/codesign || true
-
-  security set-key-partition-list -S apple-tool:,apple: -k $TEMP_PASS $KEYCHAIN
-  security find-identity -p codesigning
+  # Show available signing identities (useful for debugging)
+  security find-identity -p codesigning || true
 
   echo "Signing App bundle..."
-  /usr/bin/codesign --deep --force --verbose --timestamp -o runtime --sign "$MAC_SIGNER_ID" $BUNDLE_DIR
-  /usr/bin/codesign --verify -vvvv $BUNDLE_DIR || true
-  spctl -a -vvvv $BUNDLE_DIR || true
+  /usr/bin/codesign --deep --force --verbose --timestamp -o runtime --keychain "$KEYCHAIN_PATH" --sign "$MAC_SIGNER_ID" "$BUNDLE_DIR"
+  /usr/bin/codesign --verify -vvvv "$BUNDLE_DIR" || true
+  spctl -a -vvvv "$BUNDLE_DIR" || true
 
-  if [ "${NOTARIZE_APP+x}" ]; then
-    echo "Notarizing App bundle..."
-    /usr/bin/ditto -c -k --keepParent $BUNDLE_DIR $PROJECT_DIR/Bundle_to_notarize.zip
-    xcrun notarytool submit $PROJECT_DIR/Bundle_to_notarize.zip --apple-id $APPLE_DEV_EMAIL --team-id $MAC_TEAM_ID --password $APPLE_DEV_PASSWORD
-    rm $PROJECT_DIR/Bundle_to_notarize.zip
-    sleep 300
-    xcrun stapler staple $BUNDLE_DIR
-    xcrun stapler validate $BUNDLE_DIR
-    spctl -a -vvvv $BUNDLE_DIR || true
-  fi
 fi
 
 echo "Packaging installer..."
-mkdir -p $INSTALLER_DATA_DIR
-cp -av $PROJECT_DIR/deploy/installer $BUILD_DIR
-cp -av $DEPLOY_DATA_DIR/post_install.sh $INSTALLER_DATA_DIR/post_install.sh
-cp -av $DEPLOY_DATA_DIR/post_uninstall.sh $INSTALLER_DATA_DIR/post_uninstall.sh
-cp -av $DEPLOY_DATA_DIR/$PLIST_NAME $INSTALLER_DATA_DIR/$PLIST_NAME
+PKG_DIR=$BUILD_DIR/pkg
+# Remove any stale packaging data from previous runs
+rm -rf "$PKG_DIR"
+PKG_ROOT=$PKG_DIR/root
+SCRIPTS_DIR=$PKG_DIR/scripts
+RESOURCES_DIR=$PKG_DIR/resources
+INSTALL_PKG=$PKG_DIR/${APP_NAME}_install.pkg
+UNINSTALL_PKG=$PKG_DIR/${APP_NAME}_uninstall.pkg
+FINAL_PKG=$PKG_DIR/${APP_NAME}.pkg
+UNINSTALL_SCRIPTS_DIR=$PKG_DIR/uninstall_scripts
 
-chmod a+x $INSTALLER_DATA_DIR/post_install.sh $INSTALLER_DATA_DIR/post_uninstall.sh
+mkdir -p "$PKG_ROOT/Applications" "$SCRIPTS_DIR" "$RESOURCES_DIR" "$UNINSTALL_SCRIPTS_DIR"
 
-cd $BUNDLE_DIR 
-tar czf $INSTALLER_DATA_DIR/$APP_NAME.tar.gz ./
+cp -R "$BUNDLE_DIR" "$PKG_ROOT/Applications"
+# launchd plist is already inside the bundle; no need to add it again after signing
+/usr/bin/codesign --deep --force --verbose --timestamp -o runtime --keychain "$KEYCHAIN_PATH" --sign "$MAC_SIGNER_ID" "$PKG_ROOT/Applications/$APP_FILENAME"
+/usr/bin/codesign --verify --deep --strict --verbose=4 "$PKG_ROOT/Applications/$APP_FILENAME" || true
+cp "$DEPLOY_DATA_DIR/post_install.sh" "$SCRIPTS_DIR/post_install.sh"
+cp "$DEPLOY_DATA_DIR/post_uninstall.sh" "$UNINSTALL_SCRIPTS_DIR/postinstall"
+mkdir -p "$RESOURCES_DIR/scripts"
+cp "$DEPLOY_DATA_DIR/check_install.sh" "$RESOURCES_DIR/scripts/check_install.sh"
+cp "$DEPLOY_DATA_DIR/check_uninstall.sh" "$RESOURCES_DIR/scripts/check_uninstall.sh"
 
-echo "Building installer..."
-$QIF_BIN_DIR/binarycreator --offline-only -v -c $BUILD_DIR/installer/config/macos.xml -p $BUILD_DIR/installer/packages -f $INSTALLER_BUNDLE_DIR
+cat > "$SCRIPTS_DIR/postinstall" <<'EOS'
+#!/bin/bash
+SCRIPT_DIR="$(dirname "$0")"
+bash "$SCRIPT_DIR/post_install.sh"
+exit 0
+EOS
 
-if [ "${MAC_CERT_PW+x}" ]; then
-  echo "Signing installer bundle..."
-  security unlock-keychain -p $TEMP_PASS $KEYCHAIN
-  /usr/bin/codesign --deep --force --verbose --timestamp -o runtime --sign "$MAC_SIGNER_ID" $INSTALLER_BUNDLE_DIR
-  /usr/bin/codesign --verify -vvvv $INSTALLER_BUNDLE_DIR || true
+chmod +x "$SCRIPTS_DIR"/*
+chmod +x "$UNINSTALL_SCRIPTS_DIR"/*
+chmod +x "$RESOURCES_DIR/scripts"/*
+cp "$PROJECT_DIR/LICENSE" "$RESOURCES_DIR/LICENSE"
 
-  if [ "${NOTARIZE_APP+x}" ]; then
-    echo "Notarizing installer bundle..."
-    /usr/bin/ditto -c -k --keepParent $INSTALLER_BUNDLE_DIR $PROJECT_DIR/Installer_bundle_to_notarize.zip
-    xcrun notarytool submit $PROJECT_DIR/Installer_bundle_to_notarize.zip --apple-id $APPLE_DEV_EMAIL --team-id $MAC_TEAM_ID --password $APPLE_DEV_PASSWORD
-    rm $PROJECT_DIR/Installer_bundle_to_notarize.zip
-    sleep 300
-    xcrun stapler staple $INSTALLER_BUNDLE_DIR
-    xcrun stapler validate $INSTALLER_BUNDLE_DIR
-    spctl -a -vvvv $INSTALLER_BUNDLE_DIR || true
-  fi
+APP_VERSION=$(grep -m1 -E 'project\(' "$PROJECT_DIR/CMakeLists.txt" | sed -E 's/.*VERSION ([0-9.]+).*/\1/')
+echo "Building component package $INSTALL_PKG ..."
+
+# Disable bundle relocation so the app always ends up in /Applications even if
+# another copy is lying around somewhere. We do this by letting pkgbuild
+# analyse the contents, flipping the BundleIsRelocatable flag to false for every
+# bundle it discovers and then feeding that plist back to pkgbuild.
+
+COMPONENT_PLIST="$PKG_DIR/component.plist"
+# Create the component description plist first
+pkgbuild --analyze --root "$PKG_ROOT" "$COMPONENT_PLIST"
+
+# Turn all `BundleIsRelocatable` keys to false (PlistBuddy is available on all
+# macOS systems). We first convert to xml1 to ensure predictable formatting.
+
+# Turn relocation off for every bundle entry in the plist. PlistBuddy cannot
+# address keys that contain slashes without quoting, so we iterate through the
+# top-level keys it prints.
+plutil -convert xml1 "$COMPONENT_PLIST"
+for bundle_key in $(/usr/libexec/PlistBuddy -c "Print" "$COMPONENT_PLIST" | awk '/^[ \t]*[A-Za-z0-9].*\.app/ {print $1}'); do
+  /usr/libexec/PlistBuddy -c "Set :'${bundle_key}':BundleIsRelocatable false" "$COMPONENT_PLIST" || true
+done
+
+# Now build the real payload package with the edited plist so that the final
+# PackageInfo contains relocatable="false".
+pkgbuild --root "$PKG_ROOT" \
+         --identifier "$APP_DOMAIN" \
+         --version "$APP_VERSION" \
+         --install-location "/" \
+         --scripts "$SCRIPTS_DIR" \
+         --component-plist "$COMPONENT_PLIST" \
+         --sign "$MAC_INSTALLER_SIGNER_ID" \
+         "$INSTALL_PKG"
+
+# Build uninstaller component package
+UNINSTALL_COMPONENT_PKG=$PKG_DIR/${APP_NAME}_uninstall_component.pkg
+echo "Building uninstaller component package $UNINSTALL_COMPONENT_PKG ..."
+pkgbuild --nopayload \
+         --identifier "$APP_DOMAIN.uninstall" \
+         --version "$APP_VERSION" \
+         --scripts "$UNINSTALL_SCRIPTS_DIR" \
+         --sign "$MAC_INSTALLER_SIGNER_ID" \
+         "$UNINSTALL_COMPONENT_PKG"
+
+# Wrap uninstaller component in a distribution package for clearer UI
+echo "Building uninstaller distribution package $UNINSTALL_PKG ..."
+UNINSTALL_RESOURCES=$PKG_DIR/uninstall_resources
+rm -rf "$UNINSTALL_RESOURCES"
+mkdir -p "$UNINSTALL_RESOURCES"
+cp "$DEPLOY_DATA_DIR/uninstall_welcome.html" "$UNINSTALL_RESOURCES"
+cp "$DEPLOY_DATA_DIR/uninstall_conclusion.html" "$UNINSTALL_RESOURCES"
+productbuild \
+  --distribution "$DEPLOY_DATA_DIR/distribution_uninstall.xml" \
+  --package-path "$PKG_DIR" \
+  --resources "$UNINSTALL_RESOURCES" \
+  --sign "$MAC_INSTALLER_SIGNER_ID" \
+  "$UNINSTALL_PKG"
+
+cp "$PROJECT_DIR/deploy/data/macos/distribution.xml" "$PKG_DIR/distribution.xml"
+
+echo "Creating final installer $FINAL_PKG ..."
+productbuild --distribution "$PKG_DIR/distribution.xml" \
+             --package-path "$PKG_DIR" \
+             --resources "$RESOURCES_DIR" \
+             --sign "$MAC_INSTALLER_SIGNER_ID" \
+             "$FINAL_PKG"
+
+if [ "${MAC_INSTALL_CERT_PW+x}" ] && [ "${NOTARIZE_APP+x}" ]; then
+  echo "Notarizing installer package..."
+  xcrun notarytool submit "$FINAL_PKG" \
+    --apple-id "$APPLE_DEV_EMAIL" \
+    --team-id "$MAC_TEAM_ID" \
+    --password "$APPLE_DEV_PASSWORD" \
+    --wait
+
+  echo "Stapling ticket..."
+  xcrun stapler staple "$FINAL_PKG"
+  xcrun stapler validate "$FINAL_PKG"
 fi
 
-echo "Building DMG installer..."
-# Allow Terminal to make changes in Privacy & Security > App Management
-hdiutil create -size 256mb -volname AmneziaVPN -srcfolder $BUILD_DIR/installer/$APP_NAME.app -ov -format UDZO $DMG_FILENAME
-
-if [ "${MAC_CERT_PW+x}" ]; then
-  echo "Signing DMG installer..."
-  security unlock-keychain -p $TEMP_PASS $KEYCHAIN
-  /usr/bin/codesign --deep --force --verbose --timestamp -o runtime --sign "$MAC_SIGNER_ID" $DMG_FILENAME
-  /usr/bin/codesign --verify -vvvv $DMG_FILENAME || true
-
-  if [ "${NOTARIZE_APP+x}" ]; then
-    echo "Notarizing DMG installer..."
-    xcrun notarytool submit $DMG_FILENAME --apple-id $APPLE_DEV_EMAIL --team-id $MAC_TEAM_ID --password $APPLE_DEV_PASSWORD
-    sleep 300
-    xcrun stapler staple $DMG_FILENAME
-    xcrun stapler validate $DMG_FILENAME
-  fi
+if [ "${MAC_INSTALL_CERT_PW+x}" ]; then
+  /usr/bin/codesign --verify -vvvv "$FINAL_PKG" || true
+  spctl -a -vvvv "$FINAL_PKG" || true
 fi
 
-echo "Finished, artifact is $DMG_FILENAME"
+# Sign app bundle
+/usr/bin/codesign --deep --force --verbose --timestamp -o runtime --keychain "$KEYCHAIN_PATH" --sign "$MAC_SIGNER_ID" "$BUNDLE_DIR"
+spctl -a -vvvv "$BUNDLE_DIR" || true
 
-# restore keychain
-security default-keychain -s login.keychain
+# Restore login keychain as the only user keychain and delete the temporary keychain
+KEYCHAIN="$HOME/Library/Keychains/login.keychain-db"
+security list-keychains -d user -s "$KEYCHAIN"
+security delete-keychain "$KEYCHAIN_PATH"
+
+echo "Finished, artifact is $FINAL_PKG"
diff --git a/deploy/data/macos/check_install.sh b/deploy/data/macos/check_install.sh
new file mode 100755
index 00000000..adf63550
--- /dev/null
+++ b/deploy/data/macos/check_install.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+if [ -d "/Applications/AmneziaVPN.app" ] || pgrep -x "AmneziaVPN-service" >/dev/null; then
+  exit 1
+fi
+exit 0
diff --git a/deploy/data/macos/check_uninstall.sh b/deploy/data/macos/check_uninstall.sh
new file mode 100755
index 00000000..e7a6f7e0
--- /dev/null
+++ b/deploy/data/macos/check_uninstall.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+if [ -d "/Applications/AmneziaVPN.app" ] || pgrep -x "AmneziaVPN-service" >/dev/null; then
+  exit 0
+fi
+exit 1
diff --git a/deploy/data/macos/distribution.xml b/deploy/data/macos/distribution.xml
new file mode 100644
index 00000000..c0a1dc68
--- /dev/null
+++ b/deploy/data/macos/distribution.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<installer-gui-script minSpecVersion="1">
+    <title>AmneziaVPN Installer</title>
+    <license file="LICENSE"/>
+    <choices-outline>
+        <line choice="install"/>
+        <line choice="uninstall"/>
+    </choices-outline>
+    <choice id="install" title="Install AmneziaVPN" start_selected="true">
+        <pkg-ref id="org.amneziavpn.package"/>
+    </choice>
+    <choice id="uninstall" title="Uninstall AmneziaVPN" start_selected="false">
+        <pkg-ref id="org.amneziavpn.uninstall"/>
+    </choice>
+    <pkg-ref id="org.amneziavpn.package" auth="Root" install-check="scripts/check_install.sh">AmneziaVPN_install.pkg</pkg-ref>
+    <pkg-ref id="org.amneziavpn.uninstall" auth="Root" install-check="scripts/check_uninstall.sh">AmneziaVPN_uninstall_component.pkg</pkg-ref>
+</installer-gui-script>
diff --git a/deploy/data/macos/distribution_uninstall.xml b/deploy/data/macos/distribution_uninstall.xml
new file mode 100644
index 00000000..cf8932b9
--- /dev/null
+++ b/deploy/data/macos/distribution_uninstall.xml
@@ -0,0 +1,13 @@
+<installer-gui-script minSpecVersion="1">
+    <title>Uninstall AmneziaVPN</title>
+    <options customize-install-button="always"/>
+    <welcome file="uninstall_welcome.html"/>
+    <conclusion file="uninstall_conclusion.html"/>
+    <choices-outline>
+        <line choice="uninstall"/>
+    </choices-outline>
+    <choice id="uninstall" title="Uninstall AmneziaVPN" start_selected="true">
+        <pkg-ref id="org.amneziavpn.uninstall"/>
+    </choice>
+    <pkg-ref id="org.amneziavpn.uninstall" auth="Root">AmneziaVPN_uninstall_component.pkg</pkg-ref>
+</installer-gui-script>
diff --git a/deploy/data/macos/post_install.sh b/deploy/data/macos/post_install.sh
index acd3f93f..053c8e13 100755
--- a/deploy/data/macos/post_install.sh
+++ b/deploy/data/macos/post_install.sh
@@ -7,29 +7,42 @@ LOG_FOLDER=/var/log/$APP_NAME
 LOG_FILE="$LOG_FOLDER/post-install.log"
 APP_PATH=/Applications/$APP_NAME.app
 
-if launchctl list "$APP_NAME-service" &> /dev/null; then
-    launchctl unload $LAUNCH_DAEMONS_PLIST_NAME
-    rm -f $LAUNCH_DAEMONS_PLIST_NAME
+# Handle new installations unpacked into localized folder
+if [ -d "/Applications/${APP_NAME}.localized" ]; then
+  echo "`date` Detected ${APP_NAME}.localized, migrating to standard path" >> $LOG_FILE
+  sudo rm -rf "$APP_PATH"
+  sudo mv "/Applications/${APP_NAME}.localized/${APP_NAME}.app" "$APP_PATH"
+  sudo rm -rf "/Applications/${APP_NAME}.localized"
 fi
 
-tar xzf	$APP_PATH/$APP_NAME.tar.gz -C $APP_PATH
-rm -f	$APP_PATH/$APP_NAME.tar.gz
-sudo chmod -R a-w $APP_PATH/
-sudo chown -R root $APP_PATH/
-sudo chgrp -R wheel $APP_PATH/
+if launchctl list "$APP_NAME-service" &> /dev/null; then
+    launchctl unload "$LAUNCH_DAEMONS_PLIST_NAME"
+    rm -f "$LAUNCH_DAEMONS_PLIST_NAME"
+fi
+
+sudo chmod -R a-w "$APP_PATH/"
+sudo chown -R root "$APP_PATH/"
+sudo chgrp -R wheel "$APP_PATH/"
 
 rm -rf	$LOG_FOLDER
 mkdir -p $LOG_FOLDER
 
 echo "`date` Script started" > $LOG_FILE
 
-killall -9 $APP_NAME-service 2>> $LOG_FILE
+echo "Requesting ${APP_NAME} to quit gracefully" >> "$LOG_FILE"
+osascript -e 'tell application "AmneziaVPN" to quit'
 
-mv -f $APP_PATH/$PLIST_NAME $LAUNCH_DAEMONS_PLIST_NAME 2>> $LOG_FILE
-chown root:wheel $LAUNCH_DAEMONS_PLIST_NAME
-launchctl load $LAUNCH_DAEMONS_PLIST_NAME
+PLIST_SOURCE="$APP_PATH/Contents/Resources/$PLIST_NAME"
+if [ -f "$PLIST_SOURCE" ]; then
+  mv -f "$PLIST_SOURCE" "$LAUNCH_DAEMONS_PLIST_NAME" 2>> $LOG_FILE
+else
+  echo "`date` ERROR: service plist not found at $PLIST_SOURCE" >> $LOG_FILE
+fi
+
+chown root:wheel "$LAUNCH_DAEMONS_PLIST_NAME"
+launchctl load "$LAUNCH_DAEMONS_PLIST_NAME"
+echo "`date` Launching ${APP_NAME} application" >> $LOG_FILE
+open -a "$APP_PATH" 2>> $LOG_FILE || true
 
 echo "`date` Service status: $?" >> $LOG_FILE
 echo "`date` Script finished" >> $LOG_FILE
-
-#rm -- "$0"
diff --git a/deploy/data/macos/post_uninstall.sh b/deploy/data/macos/post_uninstall.sh
index de7846db..d6c5cdbd 100755
--- a/deploy/data/macos/post_uninstall.sh
+++ b/deploy/data/macos/post_uninstall.sh
@@ -9,6 +9,19 @@ SYSTEM_APP_SUPPORT="/Library/Application Support/$APP_NAME"
 LOG_FOLDER="/var/log/$APP_NAME"
 CACHES_FOLDER="$HOME/Library/Caches/$APP_NAME"
 
+# Attempt to quit the GUI application if it's currently running
+if pgrep -x "$APP_NAME" > /dev/null; then
+    echo "Quitting $APP_NAME..."
+    osascript -e 'tell application "'"$APP_NAME"'" to quit' || true
+    # Wait up to 10 seconds for the app to terminate gracefully
+    for i in {1..10}; do
+        if ! pgrep -x "$APP_NAME" > /dev/null; then
+            break
+        fi
+        sleep 1
+    done
+fi
+
 # Stop the running service if it exists
 if pgrep -x "${APP_NAME}-service" > /dev/null; then
     sudo killall -9 "${APP_NAME}-service"
@@ -32,3 +45,40 @@ sudo rm -rf "$LOG_FOLDER"
 
 # Remove any caches left behind
 rm -rf "$CACHES_FOLDER"
+
+# Remove PF data directory created by firewall helper, if present
+sudo rm -rf "/Library/Application Support/${APP_NAME}/pf"
+
+# ---------------- PF firewall cleanup ----------------------
+# Rules are loaded under the anchor "amn" (see macosfirewall.cpp)
+# Flush only that anchor to avoid destroying user/system rules.
+
+PF_ANCHOR="amn"
+
+### Flush all PF rules, NATs, and tables under our anchor and sub-anchors ###
+anchors=$(sudo pfctl -s Anchors 2>/dev/null | awk '/^'"${PF_ANCHOR}"'/ {sub(/\*$/, "", $1); print $1}')
+for anc in $anchors; do
+    echo "Flushing PF anchor $anc"
+    sudo pfctl -a "$anc" -F all 2>/dev/null || true
+    # flush tables under this anchor
+    tables=$(sudo pfctl -s Tables 2>/dev/null | awk '/^'"$anc"'/ {print}')
+    for tbl in $tables; do
+        echo "Killing PF table $tbl"
+        sudo pfctl -t "$tbl" -T kill 2>/dev/null || true
+    done
+done
+
+### Reload default PF config to restore system rules ###
+if [ -f /etc/pf.conf ]; then
+    echo "Restoring system PF config"
+    sudo pfctl -f /etc/pf.conf 2>/dev/null || true
+fi
+
+### Disable PF if no rules remain ###
+if sudo pfctl -s info 2>/dev/null | grep -q '^Status: Enabled' && \
+   ! sudo pfctl -sr 2>/dev/null | grep -q .; then
+    echo "Disabling PF"
+    sudo pfctl -d 2>/dev/null || true
+fi
+
+# -----------------------------------------------------------
diff --git a/deploy/data/macos/uninstall_conclusion.html b/deploy/data/macos/uninstall_conclusion.html
new file mode 100644
index 00000000..f5b8bb63
--- /dev/null
+++ b/deploy/data/macos/uninstall_conclusion.html
@@ -0,0 +1,7 @@
+<html>
+<head><title>Uninstall Complete</title></head>
+<body>
+<h1>AmneziaVPN has been uninstalled</h1>
+<p>Thank you for using AmneziaVPN. The application and its components have been removed.</p>
+</body>
+</html>
\ No newline at end of file
diff --git a/deploy/data/macos/uninstall_welcome.html b/deploy/data/macos/uninstall_welcome.html
new file mode 100644
index 00000000..9f3d97cb
--- /dev/null
+++ b/deploy/data/macos/uninstall_welcome.html
@@ -0,0 +1,7 @@
+<html>
+<head><title>Uninstall AmneziaVPN</title></head>
+<body>
+<h1>Uninstall AmneziaVPN</h1>
+<p>This process will remove AmneziaVPN from your system. Click Continue to proceed.</p>
+</body>
+</html>
\ No newline at end of file
diff --git a/deploy/installer/config.cmake b/deploy/installer/config.cmake
index 13f09986..3c33a33c 100644
--- a/deploy/installer/config.cmake
+++ b/deploy/installer/config.cmake
@@ -4,11 +4,6 @@ if(WIN32)
         ${CMAKE_CURRENT_LIST_DIR}/config/windows.xml.in
         ${CMAKE_BINARY_DIR}/installer/config/windows.xml
     )
-elseif(APPLE AND NOT IOS)
-    configure_file(
-        ${CMAKE_CURRENT_LIST_DIR}/config/macos.xml.in
-        ${CMAKE_BINARY_DIR}/installer/config/macos.xml
-    )
 elseif(LINUX)
     set(ApplicationsDir "@ApplicationsDir@")
     configure_file(
diff --git a/deploy/installer/config/macos.xml.in b/deploy/installer/config/macos.xml.in
deleted file mode 100644
index 3888d08d..00000000
--- a/deploy/installer/config/macos.xml.in
+++ /dev/null
@@ -1,27 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Installer>
-    <Name>AmneziaVPN</Name>
-    <Version>@CMAKE_PROJECT_VERSION@</Version>
-    <Title>AmneziaVPN</Title>
-    <Publisher>AmneziaVPN</Publisher>
-    <StartMenuDir>AmneziaVPN</StartMenuDir>
-    <TargetDir>/Applications/AmneziaVPN.app</TargetDir>
-    <WizardDefaultWidth>600</WizardDefaultWidth>
-    <WizardDefaultHeight>380</WizardDefaultHeight>
-    <WizardStyle>Mac</WizardStyle>
-    <RemoveTargetDir>true</RemoveTargetDir>
-    <AllowSpaceInPath>true</AllowSpaceInPath>
-    <AllowNonAsciiCharacters>false</AllowNonAsciiCharacters>
-    <ControlScript>controlscript.js</ControlScript>
-    <RepositorySettingsPageVisible>false</RepositorySettingsPageVisible>
-    <DependsOnLocalInstallerBinary>true</DependsOnLocalInstallerBinary>
-    <SupportsModify>false</SupportsModify>
-    <DisableAuthorizationFallback>true</DisableAuthorizationFallback>
-    <RemoteRepositories>
-        <Repository>
-            <Url>https://amneziavpn.org/updates/macos</Url>
-            <Enabled>true</Enabled>
-            <DisplayName>AmneziaVPN - repository for macOS</DisplayName>
-        </Repository>
-    </RemoteRepositories>
-</Installer>

From efcc0b7efc9fd8f15081db44cf48e9ff205cb407 Mon Sep 17 00:00:00 2001
From: Nethius <nethiuswork@gmail.com>
Date: Thu, 3 Jul 2025 09:58:23 +0800
Subject: [PATCH 47/53] feat: xray api support (#1679)

* refactoring: moved shared code into reusable functions for ApiConfigsController

* feat: add xray support in apiConfigsController

* feat: added a temporary switch for the xray protocol on api settings page

* feat: added supported protocols field processing

* refactoring: moved IsProtocolSelectionSupported to apiAccountInfoModel
---
 client/core/api/apiDefs.h                     |   1 +
 .../controllers/api/apiConfigsController.cpp  | 484 ++++++++++--------
 .../ui/controllers/api/apiConfigsController.h |  18 +-
 client/ui/models/api/apiAccountInfoModel.cpp  |  11 +
 client/ui/models/api/apiAccountInfoModel.h    |   5 +-
 .../qml/Pages2/PageSettingsApiServerInfo.qml  |  26 +
 6 files changed, 330 insertions(+), 215 deletions(-)

diff --git a/client/core/api/apiDefs.h b/client/core/api/apiDefs.h
index 4588ef04..12c8051f 100644
--- a/client/core/api/apiDefs.h
+++ b/client/core/api/apiDefs.h
@@ -32,6 +32,7 @@ namespace apiDefs
         constexpr QLatin1String stackType("stack_type");
         constexpr QLatin1String serviceType("service_type");
         constexpr QLatin1String cliVersion("cli_version");
+        constexpr QLatin1String supportedProtocols("supported_protocols");
 
         constexpr QLatin1String vpnKey("vpn_key");
         constexpr QLatin1String config("config");
diff --git a/client/ui/controllers/api/apiConfigsController.cpp b/client/ui/controllers/api/apiConfigsController.cpp
index 4c58140c..eb693a9a 100644
--- a/client/ui/controllers/api/apiConfigsController.cpp
+++ b/client/ui/controllers/api/apiConfigsController.cpp
@@ -18,6 +18,7 @@ namespace
     {
         constexpr char cloak[] = "cloak";
         constexpr char awg[] = "awg";
+        constexpr char vless[] = "vless";
 
         constexpr char apiEndpoint[] = "api_endpoint";
         constexpr char accessToken[] = "api_key";
@@ -35,10 +36,6 @@ namespace
         constexpr char serviceInfo[] = "service_info";
         constexpr char serviceProtocol[] = "service_protocol";
 
-        constexpr char aesKey[] = "aes_key";
-        constexpr char aesIv[] = "aes_iv";
-        constexpr char aesSalt[] = "aes_salt";
-
         constexpr char apiPayload[] = "api_payload";
         constexpr char keyPayload[] = "key_payload";
 
@@ -47,6 +44,169 @@ namespace
 
         constexpr char config[] = "config";
     }
+
+    struct ProtocolData
+    {
+        OpenVpnConfigurator::ConnectionData certRequest;
+
+        QString wireGuardClientPrivKey;
+        QString wireGuardClientPubKey;
+
+        QString xrayUuid;
+    };
+
+    struct GatewayRequestData
+    {
+        QString osVersion;
+        QString appVersion;
+
+        QString installationUuid;
+
+        QString userCountryCode;
+        QString serverCountryCode;
+        QString serviceType;
+        QString serviceProtocol;
+
+        QJsonObject authData;
+
+        QJsonObject toJsonObject() const
+        {
+            QJsonObject obj;
+            if (!osVersion.isEmpty()) {
+                obj[configKey::osVersion] = osVersion;
+            }
+            if (!appVersion.isEmpty()) {
+                obj[configKey::appVersion] = appVersion;
+            }
+            if (!installationUuid.isEmpty()) {
+                obj[configKey::uuid] = installationUuid;
+            }
+            if (!userCountryCode.isEmpty()) {
+                obj[configKey::userCountryCode] = userCountryCode;
+            }
+            if (!serverCountryCode.isEmpty()) {
+                obj[configKey::serverCountryCode] = serverCountryCode;
+            }
+            if (!serviceType.isEmpty()) {
+                obj[configKey::serviceType] = serviceType;
+            }
+            if (!serviceProtocol.isEmpty()) {
+                obj[configKey::serviceProtocol] = serviceProtocol;
+            }
+            if (!authData.isEmpty()) {
+                obj[configKey::authData] = authData;
+            }
+            return obj;
+        }
+    };
+
+    ProtocolData generateProtocolData(const QString &protocol)
+    {
+        ProtocolData protocolData;
+        if (protocol == configKey::cloak) {
+            protocolData.certRequest = OpenVpnConfigurator::createCertRequest();
+        } else if (protocol == configKey::awg) {
+            auto connData = WireguardConfigurator::genClientKeys();
+            protocolData.wireGuardClientPubKey = connData.clientPubKey;
+            protocolData.wireGuardClientPrivKey = connData.clientPrivKey;
+        } else if (protocol == configKey::vless) {
+            protocolData.xrayUuid = QUuid::createUuid().toString(QUuid::WithoutBraces);
+        }
+
+        return protocolData;
+    }
+
+    void appendProtocolDataToApiPayload(const QString &protocol, const ProtocolData &protocolData, QJsonObject &apiPayload)
+    {
+        if (protocol == configKey::cloak) {
+            apiPayload[configKey::certificate] = protocolData.certRequest.request;
+        } else if (protocol == configKey::awg) {
+            apiPayload[configKey::publicKey] = protocolData.wireGuardClientPubKey;
+        } else if (protocol == configKey::vless) {
+            apiPayload[configKey::publicKey] = protocolData.xrayUuid;
+        }
+    }
+
+    ErrorCode fillServerConfig(const QString &protocol, const ProtocolData &apiPayloadData, const QByteArray &apiResponseBody,
+                               QJsonObject &serverConfig)
+    {
+        QString data = QJsonDocument::fromJson(apiResponseBody).object().value(config_key::config).toString();
+
+        data.replace("vpn://", "");
+        QByteArray ba = QByteArray::fromBase64(data.toUtf8(), QByteArray::Base64UrlEncoding | QByteArray::OmitTrailingEquals);
+
+        if (ba.isEmpty()) {
+            qDebug() << "empty vpn key";
+            return ErrorCode::ApiConfigEmptyError;
+        }
+
+        QByteArray ba_uncompressed = qUncompress(ba);
+        if (!ba_uncompressed.isEmpty()) {
+            ba = ba_uncompressed;
+        }
+
+        QString configStr = ba;
+        if (protocol == configKey::cloak) {
+            configStr.replace("<key>", "<key>\n");
+            configStr.replace("$OPENVPN_PRIV_KEY", apiPayloadData.certRequest.privKey);
+        } else if (protocol == configKey::awg) {
+            configStr.replace("$WIREGUARD_CLIENT_PRIVATE_KEY", apiPayloadData.wireGuardClientPrivKey);
+            auto newServerConfig = QJsonDocument::fromJson(configStr.toUtf8()).object();
+            auto containers = newServerConfig.value(config_key::containers).toArray();
+            if (containers.isEmpty()) {
+                qDebug() << "missing containers field";
+                return ErrorCode::ApiConfigEmptyError;
+            }
+            auto container = containers.at(0).toObject();
+            QString containerName = ContainerProps::containerTypeToString(DockerContainer::Awg);
+            auto serverProtocolConfig = container.value(containerName).toObject();
+            auto clientProtocolConfig =
+                    QJsonDocument::fromJson(serverProtocolConfig.value(config_key::last_config).toString().toUtf8()).object();
+            serverProtocolConfig[config_key::junkPacketCount] = clientProtocolConfig.value(config_key::junkPacketCount);
+            serverProtocolConfig[config_key::junkPacketMinSize] = clientProtocolConfig.value(config_key::junkPacketMinSize);
+            serverProtocolConfig[config_key::junkPacketMaxSize] = clientProtocolConfig.value(config_key::junkPacketMaxSize);
+            serverProtocolConfig[config_key::initPacketJunkSize] = clientProtocolConfig.value(config_key::initPacketJunkSize);
+            serverProtocolConfig[config_key::responsePacketJunkSize] = clientProtocolConfig.value(config_key::responsePacketJunkSize);
+            serverProtocolConfig[config_key::initPacketMagicHeader] = clientProtocolConfig.value(config_key::initPacketMagicHeader);
+            serverProtocolConfig[config_key::responsePacketMagicHeader] = clientProtocolConfig.value(config_key::responsePacketMagicHeader);
+            serverProtocolConfig[config_key::underloadPacketMagicHeader] = clientProtocolConfig.value(config_key::underloadPacketMagicHeader);
+            serverProtocolConfig[config_key::transportPacketMagicHeader] = clientProtocolConfig.value(config_key::transportPacketMagicHeader);
+            container[containerName] = serverProtocolConfig;
+            containers.replace(0, container);
+            newServerConfig[config_key::containers] = containers;
+            configStr = QString(QJsonDocument(newServerConfig).toJson());
+        }
+
+        QJsonObject newServerConfig = QJsonDocument::fromJson(configStr.toUtf8()).object();
+        serverConfig[config_key::dns1] = newServerConfig.value(config_key::dns1);
+        serverConfig[config_key::dns2] = newServerConfig.value(config_key::dns2);
+        serverConfig[config_key::containers] = newServerConfig.value(config_key::containers);
+        serverConfig[config_key::hostName] = newServerConfig.value(config_key::hostName);
+
+        if (newServerConfig.value(config_key::configVersion).toInt() == apiDefs::ConfigSource::AmneziaGateway) {
+            serverConfig[config_key::configVersion] = newServerConfig.value(config_key::configVersion);
+            serverConfig[config_key::description] = newServerConfig.value(config_key::description);
+            serverConfig[config_key::name] = newServerConfig.value(config_key::name);
+        }
+
+        auto defaultContainer = newServerConfig.value(config_key::defaultContainer).toString();
+        serverConfig[config_key::defaultContainer] = defaultContainer;
+
+        QVariantMap map = serverConfig.value(configKey::apiConfig).toObject().toVariantMap();
+        map.insert(newServerConfig.value(configKey::apiConfig).toObject().toVariantMap());
+        auto apiConfig = QJsonObject::fromVariantMap(map);
+
+        if (newServerConfig.value(config_key::configVersion).toInt() == apiDefs::ConfigSource::AmneziaGateway) {
+            apiConfig.insert(apiDefs::key::supportedProtocols,
+                             QJsonDocument::fromJson(apiResponseBody).object().value(apiDefs::key::supportedProtocols).toArray());
+        }
+
+        serverConfig[configKey::apiConfig] = apiConfig;
+
+        qDebug() << serverConfig;
+
+        return ErrorCode::NoError;
+    }
 }
 
 ApiConfigsController::ApiConfigsController(const QSharedPointer<ServersModel> &serversModel,
@@ -63,24 +223,26 @@ bool ApiConfigsController::exportNativeConfig(const QString &serverCountryCode,
         return false;
     }
 
-    GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs,
-                                        m_settings->isStrictKillSwitchEnabled());
-
     auto serverConfigObject = m_serversModel->getServerConfig(m_serversModel->getProcessedServerIndex());
     auto apiConfigObject = serverConfigObject.value(configKey::apiConfig).toObject();
 
-    QString protocol = apiConfigObject.value(configKey::serviceProtocol).toString();
-    ApiPayloadData apiPayloadData = generateApiPayloadData(protocol);
+    GatewayRequestData gatewayRequestData { QSysInfo::productType(),
+                                            QString(APP_VERSION),
+                                            m_settings->getInstallationUuid(true),
+                                            apiConfigObject.value(configKey::userCountryCode).toString(),
+                                            serverCountryCode,
+                                            apiConfigObject.value(configKey::serviceType).toString(),
+                                            m_apiServicesModel->getSelectedServiceProtocol(),
+                                            serverConfigObject.value(configKey::authData).toObject() };
 
-    QJsonObject apiPayload = fillApiPayload(protocol, apiPayloadData);
-    apiPayload[configKey::userCountryCode] = apiConfigObject.value(configKey::userCountryCode);
-    apiPayload[configKey::serverCountryCode] = serverCountryCode;
-    apiPayload[configKey::serviceType] = apiConfigObject.value(configKey::serviceType);
-    apiPayload[configKey::authData] = serverConfigObject.value(configKey::authData);
-    apiPayload[apiDefs::key::cliVersion] = QString(APP_VERSION);
+    QString protocol = apiConfigObject.value(configKey::serviceProtocol).toString();
+    ProtocolData protocolData = generateProtocolData(protocol);
+
+    QJsonObject apiPayload = gatewayRequestData.toJsonObject();
+    appendProtocolDataToApiPayload(gatewayRequestData.serviceProtocol, protocolData, apiPayload);
 
     QByteArray responseBody;
-    ErrorCode errorCode = gatewayController.post(QString("%1v1/native_config"), apiPayload, responseBody);
+    ErrorCode errorCode = executeRequest(QString("%1v1/native_config"), apiPayload, responseBody);
     if (errorCode != ErrorCode::NoError) {
         emit errorOccurred(errorCode);
         return false;
@@ -88,7 +250,7 @@ bool ApiConfigsController::exportNativeConfig(const QString &serverCountryCode,
 
     QJsonObject jsonConfig = QJsonDocument::fromJson(responseBody).object();
     QString nativeConfig = jsonConfig.value(configKey::config).toString();
-    nativeConfig.replace("$WIREGUARD_CLIENT_PRIVATE_KEY", apiPayloadData.wireGuardClientPrivKey);
+    nativeConfig.replace("$WIREGUARD_CLIENT_PRIVATE_KEY", protocolData.wireGuardClientPrivKey);
 
     SystemController::saveFile(fileName, nativeConfig);
     return true;
@@ -96,24 +258,22 @@ bool ApiConfigsController::exportNativeConfig(const QString &serverCountryCode,
 
 bool ApiConfigsController::revokeNativeConfig(const QString &serverCountryCode)
 {
-    GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs,
-                                        m_settings->isStrictKillSwitchEnabled());
-
     auto serverConfigObject = m_serversModel->getServerConfig(m_serversModel->getProcessedServerIndex());
     auto apiConfigObject = serverConfigObject.value(configKey::apiConfig).toObject();
 
-    QString protocol = apiConfigObject.value(configKey::serviceProtocol).toString();
-    ApiPayloadData apiPayloadData = generateApiPayloadData(protocol);
+    GatewayRequestData gatewayRequestData { QSysInfo::productType(),
+                                            QString(APP_VERSION),
+                                            m_settings->getInstallationUuid(true),
+                                            apiConfigObject.value(configKey::userCountryCode).toString(),
+                                            serverCountryCode,
+                                            apiConfigObject.value(configKey::serviceType).toString(),
+                                            m_apiServicesModel->getSelectedServiceProtocol(),
+                                            serverConfigObject.value(configKey::authData).toObject() };
 
-    QJsonObject apiPayload = fillApiPayload(protocol, apiPayloadData);
-    apiPayload[configKey::userCountryCode] = apiConfigObject.value(configKey::userCountryCode);
-    apiPayload[configKey::serverCountryCode] = serverCountryCode;
-    apiPayload[configKey::serviceType] = apiConfigObject.value(configKey::serviceType);
-    apiPayload[configKey::authData] = serverConfigObject.value(configKey::authData);
-    apiPayload[apiDefs::key::cliVersion] = QString(APP_VERSION);
+    QJsonObject apiPayload = gatewayRequestData.toJsonObject();
 
     QByteArray responseBody;
-    ErrorCode errorCode = gatewayController.post(QString("%1v1/revoke_native_config"), apiPayload, responseBody);
+    ErrorCode errorCode = executeRequest(QString("%1v1/revoke_native_config"), apiPayload, responseBody);
     if (errorCode != ErrorCode::NoError && errorCode != ErrorCode::ApiNotFoundError) {
         emit errorOccurred(errorCode);
         return false;
@@ -144,14 +304,11 @@ void ApiConfigsController::copyVpnKeyToClipboard()
 
 bool ApiConfigsController::fillAvailableServices()
 {
-    GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs,
-                                        m_settings->isStrictKillSwitchEnabled());
-
     QJsonObject apiPayload;
     apiPayload[configKey::osVersion] = QSysInfo::productType();
 
     QByteArray responseBody;
-    ErrorCode errorCode = gatewayController.post(QString("%1v1/services"), apiPayload, responseBody);
+    ErrorCode errorCode = executeRequest(QString("%1v1/services"), apiPayload, responseBody);
     if (errorCode == ErrorCode::NoError) {
         if (!responseBody.contains("services")) {
             errorCode = ErrorCode::ApiServicesMissingError;
@@ -170,34 +327,36 @@ bool ApiConfigsController::fillAvailableServices()
 
 bool ApiConfigsController::importServiceFromGateway()
 {
-    if (m_serversModel->isServerFromApiAlreadyExists(m_apiServicesModel->getCountryCode(), m_apiServicesModel->getSelectedServiceType(),
-                                                     m_apiServicesModel->getSelectedServiceProtocol())) {
+    GatewayRequestData gatewayRequestData { QSysInfo::productType(),
+                                            QString(APP_VERSION),
+                                            m_settings->getInstallationUuid(true),
+                                            m_apiServicesModel->getCountryCode(),
+                                            "",
+                                            m_apiServicesModel->getSelectedServiceType(),
+                                            m_apiServicesModel->getSelectedServiceProtocol(),
+                                            QJsonObject() };
+
+    if (m_serversModel->isServerFromApiAlreadyExists(gatewayRequestData.userCountryCode, gatewayRequestData.serviceType,
+                                                     gatewayRequestData.serviceProtocol)) {
         emit errorOccurred(ErrorCode::ApiConfigAlreadyAdded);
         return false;
     }
 
-    GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs,
-                                        m_settings->isStrictKillSwitchEnabled());
+    ProtocolData protocolData = generateProtocolData(gatewayRequestData.serviceProtocol);
 
-    auto installationUuid = m_settings->getInstallationUuid(true);
-    auto userCountryCode = m_apiServicesModel->getCountryCode();
-    auto serviceType = m_apiServicesModel->getSelectedServiceType();
-    auto serviceProtocol = m_apiServicesModel->getSelectedServiceProtocol();
-
-    ApiPayloadData apiPayloadData = generateApiPayloadData(serviceProtocol);
-
-    QJsonObject apiPayload = fillApiPayload(serviceProtocol, apiPayloadData);
-    apiPayload[configKey::userCountryCode] = userCountryCode;
-    apiPayload[configKey::serviceType] = serviceType;
-    apiPayload[configKey::uuid] = installationUuid;
-    apiPayload[apiDefs::key::cliVersion] = QString(APP_VERSION);
+    QJsonObject apiPayload = gatewayRequestData.toJsonObject();
+    appendProtocolDataToApiPayload(gatewayRequestData.serviceProtocol, protocolData, apiPayload);
 
     QByteArray responseBody;
-    ErrorCode errorCode = gatewayController.post(QString("%1v1/config"), apiPayload, responseBody);
+    ErrorCode errorCode = executeRequest(QString("%1v1/config"), apiPayload, responseBody);
 
     QJsonObject serverConfig;
     if (errorCode == ErrorCode::NoError) {
-        fillServerConfig(serviceProtocol, apiPayloadData, responseBody, serverConfig);
+        errorCode = fillServerConfig(gatewayRequestData.serviceProtocol, protocolData, responseBody, serverConfig);
+        if (errorCode != ErrorCode::NoError) {
+            emit errorOccurred(errorCode);
+            return false;
+        }
 
         QJsonObject apiConfig = serverConfig.value(configKey::apiConfig).toObject();
         apiConfig.insert(configKey::userCountryCode, m_apiServicesModel->getCountryCode());
@@ -218,39 +377,33 @@ bool ApiConfigsController::importServiceFromGateway()
 bool ApiConfigsController::updateServiceFromGateway(const int serverIndex, const QString &newCountryCode, const QString &newCountryName,
                                                     bool reloadServiceConfig)
 {
-    GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs,
-                                        m_settings->isStrictKillSwitchEnabled());
-
     auto serverConfig = m_serversModel->getServerConfig(serverIndex);
     auto apiConfig = serverConfig.value(configKey::apiConfig).toObject();
-    auto authData = serverConfig.value(configKey::authData).toObject();
 
-    auto installationUuid = m_settings->getInstallationUuid(true);
-    auto userCountryCode = apiConfig.value(configKey::userCountryCode).toString();
-    auto serviceType = apiConfig.value(configKey::serviceType).toString();
-    auto serviceProtocol = apiConfig.value(configKey::serviceProtocol).toString();
+    GatewayRequestData gatewayRequestData { QSysInfo::productType(),
+                                            QString(APP_VERSION),
+                                            m_settings->getInstallationUuid(true),
+                                            apiConfig.value(configKey::userCountryCode).toString(),
+                                            newCountryCode,
+                                            apiConfig.value(configKey::serviceType).toString(),
+                                            apiConfig.value(configKey::serviceProtocol).toString(),
+                                            serverConfig.value(configKey::authData).toObject() };
 
-    ApiPayloadData apiPayloadData = generateApiPayloadData(serviceProtocol);
+    ProtocolData protocolData = generateProtocolData(gatewayRequestData.serviceProtocol);
 
-    QJsonObject apiPayload = fillApiPayload(serviceProtocol, apiPayloadData);
-    apiPayload[configKey::userCountryCode] = userCountryCode;
-    apiPayload[configKey::serviceType] = serviceType;
-    apiPayload[configKey::uuid] = installationUuid;
-    apiPayload[apiDefs::key::cliVersion] = QString(APP_VERSION);
-
-    if (!newCountryCode.isEmpty()) {
-        apiPayload[configKey::serverCountryCode] = newCountryCode;
-    }
-    if (!authData.isEmpty()) {
-        apiPayload[configKey::authData] = authData;
-    }
+    QJsonObject apiPayload = gatewayRequestData.toJsonObject();
+    appendProtocolDataToApiPayload(gatewayRequestData.serviceProtocol, protocolData, apiPayload);
 
     QByteArray responseBody;
-    ErrorCode errorCode = gatewayController.post(QString("%1v1/config"), apiPayload, responseBody);
+    ErrorCode errorCode = executeRequest(QString("%1v1/config"), apiPayload, responseBody);
 
     QJsonObject newServerConfig;
     if (errorCode == ErrorCode::NoError) {
-        fillServerConfig(serviceProtocol, apiPayloadData, responseBody, newServerConfig);
+        errorCode = fillServerConfig(gatewayRequestData.serviceProtocol, protocolData, responseBody, newServerConfig);
+        if (errorCode != ErrorCode::NoError) {
+            emit errorOccurred(errorCode);
+            return false;
+        }
 
         QJsonObject newApiConfig = newServerConfig.value(configKey::apiConfig).toObject();
         newApiConfig.insert(configKey::userCountryCode, apiConfig.value(configKey::userCountryCode));
@@ -259,7 +412,7 @@ bool ApiConfigsController::updateServiceFromGateway(const int serverIndex, const
         newApiConfig.insert(apiDefs::key::vpnKey, apiConfig.value(apiDefs::key::vpnKey));
 
         newServerConfig.insert(configKey::apiConfig, newApiConfig);
-        newServerConfig.insert(configKey::authData, authData);
+        newServerConfig.insert(configKey::authData, gatewayRequestData.authData);
 
         if (serverConfig.value(config_key::nameOverriddenByUser).toBool()) {
             newServerConfig.insert(config_key::name, serverConfig.value(config_key::name));
@@ -294,10 +447,13 @@ bool ApiConfigsController::updateServiceFromTelegram(const int serverIndex)
     auto installationUuid = m_settings->getInstallationUuid(true);
 
     QString serviceProtocol = serverConfig.value(configKey::protocol).toString();
-    ApiPayloadData apiPayloadData = generateApiPayloadData(serviceProtocol);
+    ProtocolData protocolData = generateProtocolData(serviceProtocol);
 
-    QJsonObject apiPayload = fillApiPayload(serviceProtocol, apiPayloadData);
+    QJsonObject apiPayload;
+    appendProtocolDataToApiPayload(serviceProtocol, protocolData, apiPayload);
     apiPayload[configKey::uuid] = installationUuid;
+    apiPayload[configKey::osVersion] = QSysInfo::productType();
+    apiPayload[configKey::appVersion] = QString(APP_VERSION);
     apiPayload[configKey::accessToken] = serverConfig.value(configKey::accessToken).toString();
     apiPayload[configKey::apiEndpoint] = serverConfig.value(configKey::apiEndpoint).toString();
 
@@ -305,7 +461,11 @@ bool ApiConfigsController::updateServiceFromTelegram(const int serverIndex)
     ErrorCode errorCode = gatewayController.post(QString("%1v1/proxy_config"), apiPayload, responseBody);
 
     if (errorCode == ErrorCode::NoError) {
-        fillServerConfig(serviceProtocol, apiPayloadData, responseBody, serverConfig);
+        errorCode = fillServerConfig(serviceProtocol, protocolData, responseBody, serverConfig);
+        if (errorCode != ErrorCode::NoError) {
+            emit errorOccurred(errorCode);
+            return false;
+        }
 
         m_serversModel->editServer(serverConfig, serverIndex);
         emit updateServerFromApiFinished();
@@ -318,9 +478,6 @@ bool ApiConfigsController::updateServiceFromTelegram(const int serverIndex)
 
 bool ApiConfigsController::deactivateDevice()
 {
-    GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs,
-                                        m_settings->isStrictKillSwitchEnabled());
-
     auto serverIndex = m_serversModel->getProcessedServerIndex();
     auto serverConfigObject = m_serversModel->getServerConfig(serverIndex);
     auto apiConfigObject = serverConfigObject.value(configKey::apiConfig).toObject();
@@ -329,19 +486,19 @@ bool ApiConfigsController::deactivateDevice()
         return true;
     }
 
-    QString protocol = apiConfigObject.value(configKey::serviceProtocol).toString();
-    ApiPayloadData apiPayloadData = generateApiPayloadData(protocol);
+    GatewayRequestData gatewayRequestData { QSysInfo::productType(),
+                                            QString(APP_VERSION),
+                                            m_settings->getInstallationUuid(true),
+                                            apiConfigObject.value(configKey::userCountryCode).toString(),
+                                            apiConfigObject.value(configKey::serverCountryCode).toString(),
+                                            apiConfigObject.value(configKey::serviceType).toString(),
+                                            "",
+                                            serverConfigObject.value(configKey::authData).toObject() };
 
-    QJsonObject apiPayload = fillApiPayload(protocol, apiPayloadData);
-    apiPayload[configKey::userCountryCode] = apiConfigObject.value(configKey::userCountryCode);
-    apiPayload[configKey::serverCountryCode] = apiConfigObject.value(configKey::serverCountryCode);
-    apiPayload[configKey::serviceType] = apiConfigObject.value(configKey::serviceType);
-    apiPayload[configKey::authData] = serverConfigObject.value(configKey::authData);
-    apiPayload[configKey::uuid] = m_settings->getInstallationUuid(true);
-    apiPayload[apiDefs::key::cliVersion] = QString(APP_VERSION);
+    QJsonObject apiPayload = gatewayRequestData.toJsonObject();
 
     QByteArray responseBody;
-    ErrorCode errorCode = gatewayController.post(QString("%1v1/revoke_config"), apiPayload, responseBody);
+    ErrorCode errorCode = executeRequest(QString("%1v1/revoke_config"), apiPayload, responseBody);
     if (errorCode != ErrorCode::NoError && errorCode != ErrorCode::ApiNotFoundError) {
         emit errorOccurred(errorCode);
         return false;
@@ -355,9 +512,6 @@ bool ApiConfigsController::deactivateDevice()
 
 bool ApiConfigsController::deactivateExternalDevice(const QString &uuid, const QString &serverCountryCode)
 {
-    GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs,
-                                        m_settings->isStrictKillSwitchEnabled());
-
     auto serverIndex = m_serversModel->getProcessedServerIndex();
     auto serverConfigObject = m_serversModel->getServerConfig(serverIndex);
     auto apiConfigObject = serverConfigObject.value(configKey::apiConfig).toObject();
@@ -366,19 +520,19 @@ bool ApiConfigsController::deactivateExternalDevice(const QString &uuid, const Q
         return true;
     }
 
-    QString protocol = apiConfigObject.value(configKey::serviceProtocol).toString();
-    ApiPayloadData apiPayloadData = generateApiPayloadData(protocol);
+    GatewayRequestData gatewayRequestData { QSysInfo::productType(),
+                                            QString(APP_VERSION),
+                                            uuid,
+                                            apiConfigObject.value(configKey::userCountryCode).toString(),
+                                            serverCountryCode,
+                                            apiConfigObject.value(configKey::serviceType).toString(),
+                                            "",
+                                            serverConfigObject.value(configKey::authData).toObject() };
 
-    QJsonObject apiPayload = fillApiPayload(protocol, apiPayloadData);
-    apiPayload[configKey::userCountryCode] = apiConfigObject.value(configKey::userCountryCode);
-    apiPayload[configKey::serverCountryCode] = serverCountryCode;
-    apiPayload[configKey::serviceType] = apiConfigObject.value(configKey::serviceType);
-    apiPayload[configKey::authData] = serverConfigObject.value(configKey::authData);
-    apiPayload[configKey::uuid] = uuid;
-    apiPayload[apiDefs::key::cliVersion] = QString(APP_VERSION);
+    QJsonObject apiPayload = gatewayRequestData.toJsonObject();
 
     QByteArray responseBody;
-    ErrorCode errorCode = gatewayController.post(QString("%1v1/revoke_config"), apiPayload, responseBody);
+    ErrorCode errorCode = executeRequest(QString("%1v1/revoke_config"), apiPayload, responseBody);
     if (errorCode != ErrorCode::NoError && errorCode != ErrorCode::ApiNotFoundError) {
         emit errorOccurred(errorCode);
         return false;
@@ -417,108 +571,29 @@ bool ApiConfigsController::isConfigValid()
     return true;
 }
 
-ApiConfigsController::ApiPayloadData ApiConfigsController::generateApiPayloadData(const QString &protocol)
+void ApiConfigsController::setCurrentProtocol(const QString &protocolName)
 {
-    ApiConfigsController::ApiPayloadData apiPayload;
-    if (protocol == configKey::cloak) {
-        apiPayload.certRequest = OpenVpnConfigurator::createCertRequest();
-    } else if (protocol == configKey::awg) {
-        auto connData = WireguardConfigurator::genClientKeys();
-        apiPayload.wireGuardClientPubKey = connData.clientPubKey;
-        apiPayload.wireGuardClientPrivKey = connData.clientPrivKey;
-    }
-    return apiPayload;
+    auto serverIndex = m_serversModel->getProcessedServerIndex();
+    auto serverConfigObject = m_serversModel->getServerConfig(serverIndex);
+    auto apiConfigObject = serverConfigObject.value(configKey::apiConfig).toObject();
+
+    apiConfigObject[configKey::serviceProtocol] = protocolName;
+
+    serverConfigObject.insert(configKey::apiConfig, apiConfigObject);
+
+    m_serversModel->editServer(serverConfigObject, serverIndex);
 }
 
-QJsonObject ApiConfigsController::fillApiPayload(const QString &protocol, const ApiPayloadData &apiPayloadData)
+bool ApiConfigsController::isVlessProtocol()
 {
-    QJsonObject obj;
-    if (protocol == configKey::cloak) {
-        obj[configKey::certificate] = apiPayloadData.certRequest.request;
-    } else if (protocol == configKey::awg) {
-        obj[configKey::publicKey] = apiPayloadData.wireGuardClientPubKey;
+    auto serverIndex = m_serversModel->getProcessedServerIndex();
+    auto serverConfigObject = m_serversModel->getServerConfig(serverIndex);
+    auto apiConfigObject = serverConfigObject.value(configKey::apiConfig).toObject();
+
+    if (apiConfigObject[configKey::serviceProtocol].toString() == "vless") {
+        return true;
     }
-
-    obj[configKey::osVersion] = QSysInfo::productType();
-    obj[configKey::appVersion] = QString(APP_VERSION);
-
-    return obj;
-}
-
-void ApiConfigsController::fillServerConfig(const QString &protocol, const ApiPayloadData &apiPayloadData,
-                                            const QByteArray &apiResponseBody, QJsonObject &serverConfig)
-{
-    QString data = QJsonDocument::fromJson(apiResponseBody).object().value(config_key::config).toString();
-
-    data.replace("vpn://", "");
-    QByteArray ba = QByteArray::fromBase64(data.toUtf8(), QByteArray::Base64UrlEncoding | QByteArray::OmitTrailingEquals);
-
-    if (ba.isEmpty()) {
-        emit errorOccurred(ErrorCode::ApiConfigEmptyError);
-        return;
-    }
-
-    QByteArray ba_uncompressed = qUncompress(ba);
-    if (!ba_uncompressed.isEmpty()) {
-        ba = ba_uncompressed;
-    }
-
-    QString configStr = ba;
-    if (protocol == configKey::cloak) {
-        configStr.replace("<key>", "<key>\n");
-        configStr.replace("$OPENVPN_PRIV_KEY", apiPayloadData.certRequest.privKey);
-    } else if (protocol == configKey::awg) {
-        configStr.replace("$WIREGUARD_CLIENT_PRIVATE_KEY", apiPayloadData.wireGuardClientPrivKey);
-        auto newServerConfig = QJsonDocument::fromJson(configStr.toUtf8()).object();
-        auto containers = newServerConfig.value(config_key::containers).toArray();
-        if (containers.isEmpty()) {
-            return; // todo process error
-        }
-        auto container = containers.at(0).toObject();
-        QString containerName = ContainerProps::containerTypeToString(DockerContainer::Awg);
-        auto containerConfig = container.value(containerName).toObject();
-        auto protocolConfig = QJsonDocument::fromJson(containerConfig.value(config_key::last_config).toString().toUtf8()).object();
-        containerConfig[config_key::junkPacketCount] = protocolConfig.value(config_key::junkPacketCount);
-        containerConfig[config_key::junkPacketMinSize] = protocolConfig.value(config_key::junkPacketMinSize);
-        containerConfig[config_key::junkPacketMaxSize] = protocolConfig.value(config_key::junkPacketMaxSize);
-        containerConfig[config_key::initPacketJunkSize] = protocolConfig.value(config_key::initPacketJunkSize);
-        containerConfig[config_key::responsePacketJunkSize] = protocolConfig.value(config_key::responsePacketJunkSize);
-        containerConfig[config_key::initPacketMagicHeader] = protocolConfig.value(config_key::initPacketMagicHeader);
-        containerConfig[config_key::responsePacketMagicHeader] = protocolConfig.value(config_key::responsePacketMagicHeader);
-        containerConfig[config_key::underloadPacketMagicHeader] = protocolConfig.value(config_key::underloadPacketMagicHeader);
-        containerConfig[config_key::transportPacketMagicHeader] = protocolConfig.value(config_key::transportPacketMagicHeader);
-        container[containerName] = containerConfig;
-        containers.replace(0, container);
-        newServerConfig[config_key::containers] = containers;
-        configStr = QString(QJsonDocument(newServerConfig).toJson());
-    }
-
-    QJsonObject newServerConfig = QJsonDocument::fromJson(configStr.toUtf8()).object();
-    serverConfig[config_key::dns1] = newServerConfig.value(config_key::dns1);
-    serverConfig[config_key::dns2] = newServerConfig.value(config_key::dns2);
-    serverConfig[config_key::containers] = newServerConfig.value(config_key::containers);
-    serverConfig[config_key::hostName] = newServerConfig.value(config_key::hostName);
-
-    if (newServerConfig.value(config_key::configVersion).toInt() == apiDefs::ConfigSource::AmneziaGateway) {
-        serverConfig[config_key::configVersion] = newServerConfig.value(config_key::configVersion);
-        serverConfig[config_key::description] = newServerConfig.value(config_key::description);
-        serverConfig[config_key::name] = newServerConfig.value(config_key::name);
-    }
-
-    auto defaultContainer = newServerConfig.value(config_key::defaultContainer).toString();
-    serverConfig[config_key::defaultContainer] = defaultContainer;
-
-    QVariantMap map = serverConfig.value(configKey::apiConfig).toObject().toVariantMap();
-    map.insert(newServerConfig.value(configKey::apiConfig).toObject().toVariantMap());
-    auto apiConfig = QJsonObject::fromVariantMap(map);
-
-    if (newServerConfig.value(config_key::configVersion).toInt() == apiDefs::ConfigSource::AmneziaGateway) {
-        apiConfig.insert(configKey::serviceInfo, QJsonDocument::fromJson(apiResponseBody).object().value(configKey::serviceInfo).toObject());
-    }
-
-    serverConfig[configKey::apiConfig] = apiConfig;
-
-    return;
+    return false;
 }
 
 QList<QString> ApiConfigsController::getQrCodes()
@@ -535,3 +610,10 @@ QString ApiConfigsController::getVpnKey()
 {
     return m_vpnKey;
 }
+
+ErrorCode ApiConfigsController::executeRequest(const QString &endpoint, const QJsonObject &apiPayload, QByteArray &responseBody)
+{
+    GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs,
+                                        m_settings->isStrictKillSwitchEnabled());
+    return gatewayController.post(endpoint, apiPayload, responseBody);
+}
diff --git a/client/ui/controllers/api/apiConfigsController.h b/client/ui/controllers/api/apiConfigsController.h
index 2fe981e4..a04a142c 100644
--- a/client/ui/controllers/api/apiConfigsController.h
+++ b/client/ui/controllers/api/apiConfigsController.h
@@ -35,6 +35,9 @@ public slots:
 
     bool isConfigValid();
 
+    void setCurrentProtocol(const QString &protocolName);
+    bool isVlessProtocol();
+
 signals:
     void errorOccurred(ErrorCode errorCode);
 
@@ -46,23 +49,12 @@ signals:
     void vpnKeyExportReady();
 
 private:
-    struct ApiPayloadData
-    {
-        OpenVpnConfigurator::ConnectionData certRequest;
-
-        QString wireGuardClientPrivKey;
-        QString wireGuardClientPubKey;
-    };
-
-    ApiPayloadData generateApiPayloadData(const QString &protocol);
-    QJsonObject fillApiPayload(const QString &protocol, const ApiPayloadData &apiPayloadData);
-    void fillServerConfig(const QString &protocol, const ApiPayloadData &apiPayloadData, const QByteArray &apiResponseBody,
-                          QJsonObject &serverConfig);
-
     QList<QString> getQrCodes();
     int getQrCodesCount();
     QString getVpnKey();
 
+    ErrorCode executeRequest(const QString &endpoint, const QJsonObject &apiPayload, QByteArray &responseBody);
+
     QList<QString> m_qrCodes;
     QString m_vpnKey;
 
diff --git a/client/ui/models/api/apiAccountInfoModel.cpp b/client/ui/models/api/apiAccountInfoModel.cpp
index fdd4e2ca..bd3027a4 100644
--- a/client/ui/models/api/apiAccountInfoModel.cpp
+++ b/client/ui/models/api/apiAccountInfoModel.cpp
@@ -75,6 +75,12 @@ QVariant ApiAccountInfoModel::data(const QModelIndex &index, int role) const
         }
         return false;
     }
+    case IsProtocolSelectionSupportedRole: {
+        if (m_accountInfoData.supportedProtocols.size() > 1) {
+            return true;
+        }
+        return false;
+    }
     }
 
     return QVariant();
@@ -95,6 +101,10 @@ void ApiAccountInfoModel::updateModel(const QJsonObject &accountInfoObject, cons
 
     accountInfoData.configType = apiUtils::getConfigType(serverConfig);
 
+    for (const auto &protocol : accountInfoObject.value(apiDefs::key::supportedProtocols).toArray()) {
+        accountInfoData.supportedProtocols.push_back(protocol.toString());
+    }
+
     m_accountInfoData = accountInfoData;
 
     m_supportInfo = accountInfoObject.value(apiDefs::key::supportInfo).toObject();
@@ -159,6 +169,7 @@ QHash<int, QByteArray> ApiAccountInfoModel::roleNames() const
     roles[ServiceDescriptionRole] = "serviceDescription";
     roles[IsComponentVisibleRole] = "isComponentVisible";
     roles[HasExpiredWorkerRole] = "hasExpiredWorker";
+    roles[IsProtocolSelectionSupportedRole] = "isProtocolSelectionSupported";
 
     return roles;
 }
diff --git a/client/ui/models/api/apiAccountInfoModel.h b/client/ui/models/api/apiAccountInfoModel.h
index ead92488..f0203967 100644
--- a/client/ui/models/api/apiAccountInfoModel.h
+++ b/client/ui/models/api/apiAccountInfoModel.h
@@ -18,7 +18,8 @@ public:
         ServiceDescriptionRole,
         EndDateRole,
         IsComponentVisibleRole,
-        HasExpiredWorkerRole
+        HasExpiredWorkerRole,
+        IsProtocolSelectionSupportedRole
     };
 
     explicit ApiAccountInfoModel(QObject *parent = nullptr);
@@ -51,6 +52,8 @@ private:
         int maxDeviceCount;
 
         apiDefs::ConfigType configType;
+
+        QStringList supportedProtocols;
     };
 
     AccountInfoData m_accountInfoData;
diff --git a/client/ui/qml/Pages2/PageSettingsApiServerInfo.qml b/client/ui/qml/Pages2/PageSettingsApiServerInfo.qml
index 93118755..75832fa6 100644
--- a/client/ui/qml/Pages2/PageSettingsApiServerInfo.qml
+++ b/client/ui/qml/Pages2/PageSettingsApiServerInfo.qml
@@ -158,6 +158,32 @@ PageType {
 
             readonly property bool isVisibleForAmneziaFree: ApiAccountInfoModel.data("isComponentVisible")
 
+            SwitcherType {
+                id: switcher
+
+                readonly property bool isVlessProtocol: ApiConfigsController.isVlessProtocol()
+
+                Layout.fillWidth: true
+                Layout.topMargin: 24
+                Layout.rightMargin: 16
+                Layout.leftMargin: 16
+
+                visible: ApiAccountInfoModel.data("isProtocolSelectionSupported")
+
+                text: qsTr("Use VLESS protocol")
+                checked: switcher.isVlessProtocol
+                onToggled: function() {
+                    if (ServersModel.isDefaultServerCurrentlyProcessed() && ConnectionController.isConnected) {
+                        PageController.showNotificationMessage(qsTr("Cannot change protocol during active connection"))
+                    } else {
+                        PageController.showBusyIndicator(true)
+                        ApiConfigsController.setCurrentProtocol(switcher.isVlessProtocol ? "awg" : "vless")
+                        ApiConfigsController.updateServiceFromGateway(ServersModel.processedIndex, "", "", true)
+                        PageController.showBusyIndicator(false)
+                    }
+                }
+            }
+
             WarningType {
                 id: warning
 

From f8bea71716826fe757be584b655f5d1f8133e6e2 Mon Sep 17 00:00:00 2001
From: "vladimir.kuznetsov" <nethiuswork@gmail.com>
Date: Mon, 7 Jul 2025 10:26:16 +0800
Subject: [PATCH 48/53] chore: temporarily hide the strict killswitch

---
 client/ui/qml/Pages2/PageSettingsKillSwitch.qml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/client/ui/qml/Pages2/PageSettingsKillSwitch.qml b/client/ui/qml/Pages2/PageSettingsKillSwitch.qml
index 444eb415..ca1cd0d4 100644
--- a/client/ui/qml/Pages2/PageSettingsKillSwitch.qml
+++ b/client/ui/qml/Pages2/PageSettingsKillSwitch.qml
@@ -62,7 +62,8 @@ PageType {
                 Layout.leftMargin: 16
                 Layout.rightMargin: 16
 
-                enabled: SettingsController.isKillSwitchEnabled && !ConnectionController.isConnected
+                visible: false
+                // enabled: SettingsController.isKillSwitchEnabled && !ConnectionController.isConnected
                 checked: !SettingsController.strictKillSwitchEnabled
 
                 text: qsTr("Soft KillSwitch")
@@ -73,7 +74,9 @@ PageType {
                 }
             }
 
-            DividerType {}
+            DividerType {
+                visible: false
+            }
 
             VerticalRadioButton {
                 id: strictKillSwitch

From 42661618dc060d05794cc0dd503ed03cf579cf5d Mon Sep 17 00:00:00 2001
From: Nethius <nethiuswork@gmail.com>
Date: Mon, 7 Jul 2025 10:44:35 +0800
Subject: [PATCH 49/53] chore: bump version (#1696)

---
 CMakeLists.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 424dcf3a..fec613de 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -2,7 +2,7 @@ cmake_minimum_required(VERSION 3.25.0 FATAL_ERROR)
 
 set(PROJECT AmneziaVPN)
 
-project(${PROJECT} VERSION 4.8.7.2
+project(${PROJECT} VERSION 4.8.8.1
         DESCRIPTION "AmneziaVPN"
         HOMEPAGE_URL "https://amnezia.org/"
 )
@@ -11,7 +11,7 @@ string(TIMESTAMP CURRENT_DATE "%Y-%m-%d")
 set(RELEASE_DATE "${CURRENT_DATE}")
 
 set(APP_MAJOR_VERSION ${CMAKE_PROJECT_VERSION_MAJOR}.${CMAKE_PROJECT_VERSION_MINOR}.${CMAKE_PROJECT_VERSION_PATCH})
-set(APP_ANDROID_VERSION_CODE 2086)
+set(APP_ANDROID_VERSION_CODE 2087)
 
 if(${CMAKE_SYSTEM_NAME} STREQUAL "Linux")
     set(MZ_PLATFORM_NAME "linux")

From 2380cd5cfbe75b610c2bba4c3748aef5982f50fa Mon Sep 17 00:00:00 2001
From: Nethius <nethiuswork@gmail.com>
Date: Mon, 7 Jul 2025 12:03:25 +0800
Subject: [PATCH 50/53] feat: amneziawg 1.5 support (#1692)

* Version bump 4.2.1.0

* feat: add special handshake params to ui

* feat: finish adding params

* feat: android/ios & fix qml

* chore: fix android impl & update 3rd-prebuilt branch

* chore: trigger build with windows build

* fix: special handshake params to client

* chore: update submodule

* feat: s3, s4

* chore: update submodule

* feat: s3 s4 cont

* fix: kt set

* chore: update submodule

* feat: add default values for s3, s4

* fix: make new parameters optional

* chore: update submodules

* chore: restore translation files

* fix: fixed awg native config import with new junk

* chore: restore translation files

* AWG v1.5 Build

* refactoring: removed s3 s4 fileds from ui part

* chore: update link to amneziawg-apple

---------

Co-authored-by: pokamest <pokamest@gmail.com>
Co-authored-by: Mark Puha <p.mark95@gmail.com>
Co-authored-by: albexk <albexk@proton.me>
Co-authored-by: Mykola Baibuz <mykola.baibuz@gmail.com>
---
 .gitmodules                                   |   1 +
 client/3rd-prebuilt                           |   2 +-
 client/3rd/amneziawg-apple                    |   2 +-
 .../vpn/protocol/wireguard/Wireguard.kt       |  11 +
 .../vpn/protocol/wireguard/WireguardConfig.kt |  59 +++++-
 client/configurators/awg_configurator.cpp     |  15 ++
 client/core/controllers/serverController.cpp  |  18 +-
 client/daemon/daemon.cpp                      |  37 +++-
 client/daemon/interfaceconfig.cpp             |  16 ++
 client/daemon/interfaceconfig.h               |   5 +
 client/mozilla/localsocketcontroller.cpp      |  39 +++-
 client/platforms/ios/WGConfig.swift           |  22 +-
 client/platforms/ios/ios_controller.mm        |  26 ++-
 .../linux/daemon/wireguardutilslinux.cpp      |  16 ++
 .../macos/daemon/wireguardutilsmacos.cpp      |  16 ++
 client/protocols/protocols_defs.h             |  23 ++
 client/resources.qrc                          |   1 +
 client/server_scripts/awg/Dockerfile          |   5 +-
 .../server_scripts/awg/configure_container.sh |   1 +
 .../controllers/api/apiConfigsController.cpp  |  18 ++
 client/ui/controllers/importController.cpp    |  56 +++--
 client/ui/controllers/installController.cpp   |  56 ++++-
 client/ui/models/protocols/awgConfigModel.cpp | 109 +++++++++-
 client/ui/models/protocols/awgConfigModel.h   |  33 ++-
 client/ui/qml/Components/AwgTextField.qml     |  15 ++
 .../Pages2/PageProtocolAwgClientSettings.qml  | 198 +++++++++++++-----
 .../ui/qml/Pages2/PageProtocolAwgSettings.qml | 144 +++++--------
 27 files changed, 758 insertions(+), 186 deletions(-)
 create mode 100644 client/ui/qml/Components/AwgTextField.qml

diff --git a/.gitmodules b/.gitmodules
index decab9b7..90edb582 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -7,6 +7,7 @@
 [submodule "client/3rd-prebuilt"]
 	path = client/3rd-prebuilt
 	url = https://github.com/amnezia-vpn/3rd-prebuilt
+	branch = feature/special-handshake
 [submodule "client/3rd/amneziawg-apple"]
 	path = client/3rd/amneziawg-apple
 	url = https://github.com/amnezia-vpn/amneziawg-apple
diff --git a/client/3rd-prebuilt b/client/3rd-prebuilt
index 0f3748ef..840b7b07 160000
--- a/client/3rd-prebuilt
+++ b/client/3rd-prebuilt
@@ -1 +1 @@
-Subproject commit 0f3748efd7cc04e0c914304b68931f925bed1259
+Subproject commit 840b7b070e6ac8b90dda2fac6e98859b23727c0c
diff --git a/client/3rd/amneziawg-apple b/client/3rd/amneziawg-apple
index 76e7db55..811af0a8 160000
--- a/client/3rd/amneziawg-apple
+++ b/client/3rd/amneziawg-apple
@@ -1 +1 @@
-Subproject commit 76e7db556a6d7e2582f9481df91db188a46c009c
+Subproject commit 811af0a83b3faeade89a9093a588595666d32066
diff --git a/client/android/wireguard/src/main/kotlin/org/amnezia/vpn/protocol/wireguard/Wireguard.kt b/client/android/wireguard/src/main/kotlin/org/amnezia/vpn/protocol/wireguard/Wireguard.kt
index 80cab96d..42a27de4 100644
--- a/client/android/wireguard/src/main/kotlin/org/amnezia/vpn/protocol/wireguard/Wireguard.kt
+++ b/client/android/wireguard/src/main/kotlin/org/amnezia/vpn/protocol/wireguard/Wireguard.kt
@@ -120,10 +120,21 @@ open class Wireguard : Protocol() {
         configData.optStringOrNull("Jmax")?.let { setJmax(it.toInt()) }
         configData.optStringOrNull("S1")?.let { setS1(it.toInt()) }
         configData.optStringOrNull("S2")?.let { setS2(it.toInt()) }
+        configData.optStringOrNull("S3")?.let { setS3(it.toInt()) }
+        configData.optStringOrNull("S4")?.let { setS4(it.toInt()) }
         configData.optStringOrNull("H1")?.let { setH1(it.toLong()) }
         configData.optStringOrNull("H2")?.let { setH2(it.toLong()) }
         configData.optStringOrNull("H3")?.let { setH3(it.toLong()) }
         configData.optStringOrNull("H4")?.let { setH4(it.toLong()) }
+        configData.optStringOrNull("I1")?.let { setI1(it) }
+        configData.optStringOrNull("I2")?.let { setI2(it) }
+        configData.optStringOrNull("I3")?.let { setI3(it) }
+        configData.optStringOrNull("I4")?.let { setI4(it) }
+        configData.optStringOrNull("I5")?.let { setI5(it) }
+        configData.optStringOrNull("J1")?.let { setJ1(it) }
+        configData.optStringOrNull("J2")?.let { setJ2(it) }
+        configData.optStringOrNull("J3")?.let { setJ3(it) }
+        configData.optStringOrNull("Itime")?.let { setItime(it.toInt()) }
     }
 
     private fun start(config: WireguardConfig, vpnBuilder: Builder, protect: (Int) -> Boolean) {
diff --git a/client/android/wireguard/src/main/kotlin/org/amnezia/vpn/protocol/wireguard/WireguardConfig.kt b/client/android/wireguard/src/main/kotlin/org/amnezia/vpn/protocol/wireguard/WireguardConfig.kt
index 7ae3d43b..2dfbbae8 100644
--- a/client/android/wireguard/src/main/kotlin/org/amnezia/vpn/protocol/wireguard/WireguardConfig.kt
+++ b/client/android/wireguard/src/main/kotlin/org/amnezia/vpn/protocol/wireguard/WireguardConfig.kt
@@ -20,10 +20,21 @@ open class WireguardConfig protected constructor(
     val jmax: Int?,
     val s1: Int?,
     val s2: Int?,
+    val s3: Int?,
+    val s4: Int?,
     val h1: Long?,
     val h2: Long?,
     val h3: Long?,
-    val h4: Long?
+    val h4: Long?,
+    var i1: String?,
+    var i2: String?,
+    var i3: String?,
+    var i4: String?,
+    var i5: String?,
+    var j1: String?,
+    var j2: String?,
+    var j3: String?,
+    var itime: Int?
 ) : ProtocolConfig(protocolConfigBuilder) {
 
     protected constructor(builder: Builder) : this(
@@ -39,10 +50,21 @@ open class WireguardConfig protected constructor(
         builder.jmax,
         builder.s1,
         builder.s2,
+        builder.s3,
+        builder.s4,
         builder.h1,
         builder.h2,
         builder.h3,
-        builder.h4
+        builder.h4,
+        builder.i1,
+        builder.i2,
+        builder.i3,
+        builder.i4,
+        builder.i5,
+        builder.j1,
+        builder.j2,
+        builder.j3,
+        builder.itime
     )
 
     fun toWgUserspaceString(): String = with(StringBuilder()) {
@@ -61,10 +83,21 @@ open class WireguardConfig protected constructor(
             appendLine("jmax=$jmax")
             appendLine("s1=$s1")
             appendLine("s2=$s2")
+            s3?.let { appendLine("s3=$it") }
+            s4?.let { appendLine("s4=$it") }
             appendLine("h1=$h1")
             appendLine("h2=$h2")
             appendLine("h3=$h3")
             appendLine("h4=$h4")
+            i1?.let { appendLine("i1=$it") }
+            i2?.let { appendLine("i2=$it") }
+            i3?.let { appendLine("i3=$it") }
+            i4?.let { appendLine("i4=$it") }
+            i5?.let { appendLine("i5=$it") }
+            j1?.let { appendLine("j1=$it") }
+            j2?.let { appendLine("j2=$it") }
+            j3?.let { appendLine("j3=$it") }
+            itime?.let { appendLine("itime=$it") }
         }
     }
 
@@ -117,10 +150,21 @@ open class WireguardConfig protected constructor(
         internal var jmax: Int? = null
         internal var s1: Int? = null
         internal var s2: Int? = null
+        internal var s3: Int? = null
+        internal var s4: Int? = null
         internal var h1: Long? = null
         internal var h2: Long? = null
         internal var h3: Long? = null
         internal var h4: Long? = null
+        internal var i1: String? = null
+        internal var i2: String? = null
+        internal var i3: String? = null
+        internal var i4: String? = null
+        internal var i5: String? = null
+        internal var j1: String? = null
+        internal var j2: String? = null
+        internal var j3: String? = null
+        internal var itime: Int? = null
 
         fun setEndpoint(endpoint: InetEndpoint) = apply { this.endpoint = endpoint }
 
@@ -139,10 +183,21 @@ open class WireguardConfig protected constructor(
         fun setJmax(jmax: Int) = apply { this.jmax = jmax }
         fun setS1(s1: Int) = apply { this.s1 = s1 }
         fun setS2(s2: Int) = apply { this.s2 = s2 }
+        fun setS3(s3: Int) = apply { this.s3 = s3 }
+        fun setS4(s4: Int) = apply { this.s4 = s4 }
         fun setH1(h1: Long) = apply { this.h1 = h1 }
         fun setH2(h2: Long) = apply { this.h2 = h2 }
         fun setH3(h3: Long) = apply { this.h3 = h3 }
         fun setH4(h4: Long) = apply { this.h4 = h4 }
+        fun setI1(i1: String) = apply { this.i1 = i1 }
+        fun setI2(i2: String) = apply { this.i2 = i2 }
+        fun setI3(i3: String) = apply { this.i3 = i3 }
+        fun setI4(i4: String) = apply { this.i4 = i4 }
+        fun setI5(i5: String) = apply { this.i5 = i5 }
+        fun setJ1(j1: String) = apply { this.j1 = j1 }
+        fun setJ2(j2: String) = apply { this.j2 = j2 }
+        fun setJ3(j3: String) = apply { this.j3 = j3 }
+        fun setItime(itime: Int) = apply { this.itime = itime }
 
         override fun build(): WireguardConfig = configBuild().run { WireguardConfig(this@Builder) }
     }
diff --git a/client/configurators/awg_configurator.cpp b/client/configurators/awg_configurator.cpp
index 21b61ba4..f83acb19 100644
--- a/client/configurators/awg_configurator.cpp
+++ b/client/configurators/awg_configurator.cpp
@@ -1,4 +1,5 @@
 #include "awg_configurator.h"
+#include "protocols/protocols_defs.h"
 
 #include <QJsonDocument>
 #include <QJsonObject>
@@ -39,6 +40,20 @@ QString AwgConfigurator::createConfig(const ServerCredentials &credentials, Dock
     jsonConfig[config_key::responsePacketMagicHeader] = configMap.value(config_key::responsePacketMagicHeader);
     jsonConfig[config_key::underloadPacketMagicHeader] = configMap.value(config_key::underloadPacketMagicHeader);
     jsonConfig[config_key::transportPacketMagicHeader] = configMap.value(config_key::transportPacketMagicHeader);
+
+    // jsonConfig[config_key::cookieReplyPacketJunkSize] = configMap.value(config_key::cookieReplyPacketJunkSize);
+    // jsonConfig[config_key::transportPacketJunkSize] = configMap.value(config_key::transportPacketJunkSize);
+
+    // jsonConfig[config_key::specialJunk1] = configMap.value(amnezia::config_key::specialJunk1);
+    // jsonConfig[config_key::specialJunk2] = configMap.value(amnezia::config_key::specialJunk2);
+    // jsonConfig[config_key::specialJunk3] = configMap.value(amnezia::config_key::specialJunk3);
+    // jsonConfig[config_key::specialJunk4] = configMap.value(amnezia::config_key::specialJunk4);
+    // jsonConfig[config_key::specialJunk5] = configMap.value(amnezia::config_key::specialJunk5);
+    // jsonConfig[config_key::controlledJunk1] = configMap.value(amnezia::config_key::controlledJunk1);
+    // jsonConfig[config_key::controlledJunk2] = configMap.value(amnezia::config_key::controlledJunk2);
+    // jsonConfig[config_key::controlledJunk3] = configMap.value(amnezia::config_key::controlledJunk3);
+    // jsonConfig[config_key::specialHandshakeTimeout] = configMap.value(amnezia::config_key::specialHandshakeTimeout);
+
     jsonConfig[config_key::mtu] =
             containerConfig.value(ProtocolProps::protoToString(Proto::Awg)).toObject().value(config_key::mtu).toString(protocols::awg::defaultMtu);
 
diff --git a/client/core/controllers/serverController.cpp b/client/core/controllers/serverController.cpp
index a61a638b..3c24edea 100644
--- a/client/core/controllers/serverController.cpp
+++ b/client/core/controllers/serverController.cpp
@@ -349,7 +349,7 @@ bool ServerController::isReinstallContainerRequired(DockerContainer container, c
         if ((oldProtoConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress)
              != newProtoConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress))
             || (oldProtoConfig.value(config_key::port).toString(protocols::awg::defaultPort)
-             != newProtoConfig.value(config_key::port).toString(protocols::awg::defaultPort))
+                != newProtoConfig.value(config_key::port).toString(protocols::awg::defaultPort))
             || (oldProtoConfig.value(config_key::junkPacketCount).toString(protocols::awg::defaultJunkPacketCount)
                 != newProtoConfig.value(config_key::junkPacketCount).toString(protocols::awg::defaultJunkPacketCount))
             || (oldProtoConfig.value(config_key::junkPacketMinSize).toString(protocols::awg::defaultJunkPacketMinSize)
@@ -366,8 +366,13 @@ bool ServerController::isReinstallContainerRequired(DockerContainer container, c
                 != newProtoConfig.value(config_key::responsePacketMagicHeader).toString(protocols::awg::defaultResponsePacketMagicHeader))
             || (oldProtoConfig.value(config_key::underloadPacketMagicHeader).toString(protocols::awg::defaultUnderloadPacketMagicHeader)
                 != newProtoConfig.value(config_key::underloadPacketMagicHeader).toString(protocols::awg::defaultUnderloadPacketMagicHeader))
-            || (oldProtoConfig.value(config_key::transportPacketMagicHeader).toString(protocols::awg::defaultTransportPacketMagicHeader)
-                != newProtoConfig.value(config_key::transportPacketMagicHeader).toString(protocols::awg::defaultTransportPacketMagicHeader)))
+            || (oldProtoConfig.value(config_key::transportPacketMagicHeader).toString(protocols::awg::defaultTransportPacketMagicHeader))
+                    != newProtoConfig.value(config_key::transportPacketMagicHeader).toString(protocols::awg::defaultTransportPacketMagicHeader))
+            // || (oldProtoConfig.value(config_key::cookieReplyPacketJunkSize).toString(protocols::awg::defaultCookieReplyPacketJunkSize)
+            //     != newProtoConfig.value(config_key::cookieReplyPacketJunkSize).toString(protocols::awg::defaultCookieReplyPacketJunkSize))
+            // || (oldProtoConfig.value(config_key::transportPacketJunkSize).toString(protocols::awg::defaultTransportPacketJunkSize)
+            //     != newProtoConfig.value(config_key::transportPacketJunkSize).toString(protocols::awg::defaultTransportPacketJunkSize))
+
             return true;
     }
 
@@ -375,7 +380,7 @@ bool ServerController::isReinstallContainerRequired(DockerContainer container, c
         if ((oldProtoConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress)
              != newProtoConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress))
             || (oldProtoConfig.value(config_key::port).toString(protocols::wireguard::defaultPort)
-            != newProtoConfig.value(config_key::port).toString(protocols::wireguard::defaultPort)))
+                != newProtoConfig.value(config_key::port).toString(protocols::wireguard::defaultPort)))
             return true;
     }
 
@@ -455,7 +460,7 @@ ErrorCode ServerController::buildContainerWorker(const ServerCredentials &creden
             runScript(credentials,
                       replaceVars(amnezia::scriptData(SharedScriptType::build_container), genVarsForScript(credentials, container, config)),
                       cbReadStdOut, cbReadStdErr);
-    
+
     if (stdOut.contains("doesn't work on cgroups v2"))
         return ErrorCode::ServerDockerOnCgroupsV2;
     if (stdOut.contains("cgroup mountpoint does not exist"))
@@ -641,6 +646,9 @@ ServerController::Vars ServerController::genVarsForScript(const ServerCredential
     vars.append({ { "$UNDERLOAD_PACKET_MAGIC_HEADER", amneziaWireguarConfig.value(config_key::underloadPacketMagicHeader).toString() } });
     vars.append({ { "$TRANSPORT_PACKET_MAGIC_HEADER", amneziaWireguarConfig.value(config_key::transportPacketMagicHeader).toString() } });
 
+    vars.append({ { "$COOKIE_REPLY_PACKET_JUNK_SIZE", amneziaWireguarConfig.value(config_key::cookieReplyPacketJunkSize).toString() } });
+    vars.append({ { "$TRANSPORT_PACKET_JUNK_SIZE", amneziaWireguarConfig.value(config_key::transportPacketJunkSize).toString() } });
+
     // Socks5 proxy vars
     vars.append({ { "$SOCKS5_PROXY_PORT", socks5ProxyConfig.value(config_key::port).toString(protocols::socks5Proxy::defaultPort) } });
     auto username = socks5ProxyConfig.value(config_key::userName).toString();
diff --git a/client/daemon/daemon.cpp b/client/daemon/daemon.cpp
index 33ec8cbc..2faff0ef 100644
--- a/client/daemon/daemon.cpp
+++ b/client/daemon/daemon.cpp
@@ -405,6 +405,13 @@ bool Daemon::parseConfig(const QJsonObject& obj, InterfaceConfig& config) {
   if (!obj.value("S2").isNull()) {
     config.m_responsePacketJunkSize = obj.value("S2").toString();
   }
+  if (!obj.value("S3").isNull()) {
+    config.m_cookieReplyPacketJunkSize = obj.value("S3").toString();
+  }
+  if (!obj.value("S4").isNull()) {
+    config.m_transportPacketJunkSize = obj.value("S4").toString();
+  }
+
   if (!obj.value("H1").isNull()) {
     config.m_initPacketMagicHeader = obj.value("H1").toString();
   }
@@ -418,6 +425,34 @@ bool Daemon::parseConfig(const QJsonObject& obj, InterfaceConfig& config) {
     config.m_transportPacketMagicHeader = obj.value("H4").toString();
   }
 
+  if (!obj.value("I1").isNull()) {
+    config.m_specialJunk["I1"] = obj.value("I1").toString();
+  }
+  if (!obj.value("I2").isNull()) {
+    config.m_specialJunk["I2"] = obj.value("I2").toString();
+  }
+  if (!obj.value("I3").isNull()) {
+    config.m_specialJunk["I3"] = obj.value("I3").toString();
+  }
+  if (!obj.value("I4").isNull()) {
+    config.m_specialJunk["I4"] = obj.value("I4").toString();
+  }
+  if (!obj.value("I5").isNull()) {
+    config.m_specialJunk["I5"] = obj.value("I5").toString();
+  }
+  if (!obj.value("J1").isNull()) {
+    config.m_controlledJunk["J1"] = obj.value("J1").toString();
+  }
+  if (!obj.value("J2").isNull()) {
+    config.m_controlledJunk["J2"] = obj.value("J2").toString();
+  }
+  if (!obj.value("J3").isNull()) {
+    config.m_controlledJunk["J3"] = obj.value("J3").toString();
+  }
+  if (!obj.value("Itime").isNull()) {
+    config.m_specialHandshakeTimeout = obj.value("Itime").toString();
+  }
+
   return true;
 }
 
@@ -460,7 +495,7 @@ bool Daemon::deactivate(bool emitSignals) {
 
   m_connections.clear();
   // Delete the interface
-  return wgutils()->deleteInterface();  
+  return wgutils()->deleteInterface();
 }
 
 QString Daemon::logs() {
diff --git a/client/daemon/interfaceconfig.cpp b/client/daemon/interfaceconfig.cpp
index 846cfebe..53da5d36 100644
--- a/client/daemon/interfaceconfig.cpp
+++ b/client/daemon/interfaceconfig.cpp
@@ -130,6 +130,12 @@ QString InterfaceConfig::toWgConf(const QMap<QString, QString>& extra) const {
   if (!m_responsePacketJunkSize.isNull()) {
     out << "S2 = " << m_responsePacketJunkSize << "\n";
   }
+  if (!m_cookieReplyPacketJunkSize.isNull()) {
+    out << "S3 = " << m_cookieReplyPacketJunkSize << "\n";
+  }
+  if (!m_transportPacketJunkSize.isNull()) {
+    out << "S4 = " << m_transportPacketJunkSize << "\n";
+  }
   if (!m_initPacketMagicHeader.isNull()) {
     out << "H1 = " << m_initPacketMagicHeader << "\n";
   }
@@ -143,6 +149,16 @@ QString InterfaceConfig::toWgConf(const QMap<QString, QString>& extra) const {
     out << "H4 = " << m_transportPacketMagicHeader << "\n";
   }
 
+  for (const QString& key : m_specialJunk.keys()) {
+    out << key << " = " << m_specialJunk[key] << "\n";
+  }
+  for (const QString& key : m_controlledJunk.keys()) {
+    out << key << " = " << m_controlledJunk[key] << "\n";
+  }
+  if (!m_specialHandshakeTimeout.isNull()) {
+    out << "Itime = " << m_specialHandshakeTimeout << "\n";
+  }
+
   // If any extra config was provided, append it now.
   for (const QString& key : extra.keys()) {
     out << key << " = " << extra[key] << "\n";
diff --git a/client/daemon/interfaceconfig.h b/client/daemon/interfaceconfig.h
index 6ae400c2..06288e80 100644
--- a/client/daemon/interfaceconfig.h
+++ b/client/daemon/interfaceconfig.h
@@ -50,10 +50,15 @@ class InterfaceConfig {
   QString m_junkPacketMaxSize;
   QString m_initPacketJunkSize;
   QString m_responsePacketJunkSize;
+  QString m_cookieReplyPacketJunkSize;
+  QString m_transportPacketJunkSize;
   QString m_initPacketMagicHeader;
   QString m_responsePacketMagicHeader;
   QString m_underloadPacketMagicHeader;
   QString m_transportPacketMagicHeader;
+  QMap<QString, QString> m_specialJunk;
+  QMap<QString, QString> m_controlledJunk;
+  QString m_specialHandshakeTimeout;
 
   QJsonObject toJson() const;
   QString toWgConf(
diff --git a/client/mozilla/localsocketcontroller.cpp b/client/mozilla/localsocketcontroller.cpp
index 67924d47..9abab81c 100644
--- a/client/mozilla/localsocketcontroller.cpp
+++ b/client/mozilla/localsocketcontroller.cpp
@@ -38,7 +38,7 @@ LocalSocketController::LocalSocketController() {
   m_socket = new QLocalSocket(this);
   connect(m_socket, &QLocalSocket::connected, this,
           &LocalSocketController::daemonConnected);
-  connect(m_socket, &QLocalSocket::disconnected, this, 
+  connect(m_socket, &QLocalSocket::disconnected, this,
           [&] { errorOccurred(QLocalSocket::PeerClosedError); });
   connect(m_socket, &QLocalSocket::errorOccurred, this,
           &LocalSocketController::errorOccurred);
@@ -135,7 +135,7 @@ void LocalSocketController::activate(const QJsonObject &rawConfig) {
 
   // set up IPv6 unique-local-address, ULA, with "fd00::/8" prefix, not globally routable.
   // this will be default IPv6 gateway, OS recognizes that IPv6 link is local and switches to IPv4.
-  // Otherwise some OSes (Linux) try IPv6 forever and hang. 
+  // Otherwise some OSes (Linux) try IPv6 forever and hang.
   // https://en.wikipedia.org/wiki/Unique_local_address (RFC 4193)
   // https://man7.org/linux/man-pages/man5/gai.conf.5.html
   json.insert("deviceIpv6Address", "fd58:baa6:dead::1"); // simply "dead::1" is globally-routable, don't use it
@@ -244,28 +244,61 @@ void LocalSocketController::activate(const QJsonObject &rawConfig) {
     json.insert(amnezia::config_key::junkPacketMaxSize, wgConfig.value(amnezia::config_key::junkPacketMaxSize));
     json.insert(amnezia::config_key::initPacketJunkSize, wgConfig.value(amnezia::config_key::initPacketJunkSize));
     json.insert(amnezia::config_key::responsePacketJunkSize, wgConfig.value(amnezia::config_key::responsePacketJunkSize));
+    json.insert(amnezia::config_key::cookieReplyPacketJunkSize, wgConfig.value(amnezia::config_key::cookieReplyPacketJunkSize));
+    json.insert(amnezia::config_key::transportPacketJunkSize, wgConfig.value(amnezia::config_key::transportPacketJunkSize));
     json.insert(amnezia::config_key::initPacketMagicHeader, wgConfig.value(amnezia::config_key::initPacketMagicHeader));
     json.insert(amnezia::config_key::responsePacketMagicHeader, wgConfig.value(amnezia::config_key::responsePacketMagicHeader));
     json.insert(amnezia::config_key::underloadPacketMagicHeader, wgConfig.value(amnezia::config_key::underloadPacketMagicHeader));
     json.insert(amnezia::config_key::transportPacketMagicHeader, wgConfig.value(amnezia::config_key::transportPacketMagicHeader));
+    json.insert(amnezia::config_key::specialJunk1, wgConfig.value(amnezia::config_key::specialJunk1));
+    json.insert(amnezia::config_key::specialJunk2, wgConfig.value(amnezia::config_key::specialJunk2));
+    json.insert(amnezia::config_key::specialJunk3, wgConfig.value(amnezia::config_key::specialJunk3));
+    json.insert(amnezia::config_key::specialJunk4, wgConfig.value(amnezia::config_key::specialJunk4));
+    json.insert(amnezia::config_key::specialJunk5, wgConfig.value(amnezia::config_key::specialJunk5));
+    json.insert(amnezia::config_key::controlledJunk1, wgConfig.value(amnezia::config_key::controlledJunk1));
+    json.insert(amnezia::config_key::controlledJunk2, wgConfig.value(amnezia::config_key::controlledJunk2));
+    json.insert(amnezia::config_key::controlledJunk3, wgConfig.value(amnezia::config_key::controlledJunk3));
+    json.insert(amnezia::config_key::specialHandshakeTimeout, wgConfig.value(amnezia::config_key::specialHandshakeTimeout));
   } else if (!wgConfig.value(amnezia::config_key::junkPacketCount).isUndefined()
              && !wgConfig.value(amnezia::config_key::junkPacketMinSize).isUndefined()
              && !wgConfig.value(amnezia::config_key::junkPacketMaxSize).isUndefined()
              && !wgConfig.value(amnezia::config_key::initPacketJunkSize).isUndefined()
              && !wgConfig.value(amnezia::config_key::responsePacketJunkSize).isUndefined()
+             && !wgConfig.value(amnezia::config_key::cookieReplyPacketJunkSize).isUndefined()
+             && !wgConfig.value(amnezia::config_key::transportPacketJunkSize).isUndefined()
              && !wgConfig.value(amnezia::config_key::initPacketMagicHeader).isUndefined()
              && !wgConfig.value(amnezia::config_key::responsePacketMagicHeader).isUndefined()
              && !wgConfig.value(amnezia::config_key::underloadPacketMagicHeader).isUndefined()
-             && !wgConfig.value(amnezia::config_key::transportPacketMagicHeader).isUndefined()) {
+             && !wgConfig.value(amnezia::config_key::transportPacketMagicHeader).isUndefined()
+             && !wgConfig.value(amnezia::config_key::specialJunk1).isUndefined()
+             && !wgConfig.value(amnezia::config_key::specialJunk2).isUndefined()
+             && !wgConfig.value(amnezia::config_key::specialJunk3).isUndefined()
+             && !wgConfig.value(amnezia::config_key::specialJunk4).isUndefined()
+             && !wgConfig.value(amnezia::config_key::specialJunk5).isUndefined()
+             && !wgConfig.value(amnezia::config_key::controlledJunk1).isUndefined()
+             && !wgConfig.value(amnezia::config_key::controlledJunk2).isUndefined()
+             && !wgConfig.value(amnezia::config_key::controlledJunk3).isUndefined()
+             && !wgConfig.value(amnezia::config_key::specialHandshakeTimeout).isUndefined()) {
     json.insert(amnezia::config_key::junkPacketCount, wgConfig.value(amnezia::config_key::junkPacketCount));
     json.insert(amnezia::config_key::junkPacketMinSize, wgConfig.value(amnezia::config_key::junkPacketMinSize));
     json.insert(amnezia::config_key::junkPacketMaxSize, wgConfig.value(amnezia::config_key::junkPacketMaxSize));
     json.insert(amnezia::config_key::initPacketJunkSize, wgConfig.value(amnezia::config_key::initPacketJunkSize));
     json.insert(amnezia::config_key::responsePacketJunkSize, wgConfig.value(amnezia::config_key::responsePacketJunkSize));
+    json.insert(amnezia::config_key::cookieReplyPacketJunkSize, wgConfig.value(amnezia::config_key::cookieReplyPacketJunkSize));
+    json.insert(amnezia::config_key::transportPacketJunkSize, wgConfig.value(amnezia::config_key::transportPacketJunkSize));
     json.insert(amnezia::config_key::initPacketMagicHeader, wgConfig.value(amnezia::config_key::initPacketMagicHeader));
     json.insert(amnezia::config_key::responsePacketMagicHeader, wgConfig.value(amnezia::config_key::responsePacketMagicHeader));
     json.insert(amnezia::config_key::underloadPacketMagicHeader, wgConfig.value(amnezia::config_key::underloadPacketMagicHeader));
     json.insert(amnezia::config_key::transportPacketMagicHeader, wgConfig.value(amnezia::config_key::transportPacketMagicHeader));
+    json.insert(amnezia::config_key::specialJunk1, wgConfig.value(amnezia::config_key::specialJunk1));
+    json.insert(amnezia::config_key::specialJunk2, wgConfig.value(amnezia::config_key::specialJunk2));
+    json.insert(amnezia::config_key::specialJunk3, wgConfig.value(amnezia::config_key::specialJunk3));
+    json.insert(amnezia::config_key::specialJunk4, wgConfig.value(amnezia::config_key::specialJunk4));
+    json.insert(amnezia::config_key::specialJunk5, wgConfig.value(amnezia::config_key::specialJunk5));
+    json.insert(amnezia::config_key::controlledJunk1, wgConfig.value(amnezia::config_key::controlledJunk1));
+    json.insert(amnezia::config_key::controlledJunk2, wgConfig.value(amnezia::config_key::controlledJunk2));
+    json.insert(amnezia::config_key::controlledJunk3, wgConfig.value(amnezia::config_key::controlledJunk3));
+    json.insert(amnezia::config_key::specialHandshakeTimeout, wgConfig.value(amnezia::config_key::specialHandshakeTimeout));
   }
 
   write(json);
diff --git a/client/platforms/ios/WGConfig.swift b/client/platforms/ios/WGConfig.swift
index e3b67efe..8f693387 100644
--- a/client/platforms/ios/WGConfig.swift
+++ b/client/platforms/ios/WGConfig.swift
@@ -4,7 +4,10 @@ struct WGConfig: Decodable {
   let initPacketMagicHeader, responsePacketMagicHeader: String?
   let underloadPacketMagicHeader, transportPacketMagicHeader: String?
   let junkPacketCount, junkPacketMinSize, junkPacketMaxSize: String?
-  let initPacketJunkSize, responsePacketJunkSize: String?
+  let initPacketJunkSize, responsePacketJunkSize, cookieReplyPacketJunkSize, transportPacketJunkSize: String?
+  let specialJunk1, specialJunk2, specialJunk3, specialJunk4, specialJunk5: String?
+  let controlledJunk1, controlledJunk2, controlledJunk3: String?
+  let specialHandshakeTimeout: String?
   let dns1: String
   let dns2: String
   let mtu: String
@@ -23,7 +26,10 @@ struct WGConfig: Decodable {
     case initPacketMagicHeader = "H1", responsePacketMagicHeader = "H2"
     case underloadPacketMagicHeader = "H3", transportPacketMagicHeader = "H4"
     case junkPacketCount = "Jc", junkPacketMinSize = "Jmin", junkPacketMaxSize = "Jmax"
-    case initPacketJunkSize = "S1", responsePacketJunkSize = "S2"
+    case initPacketJunkSize = "S1", responsePacketJunkSize = "S2", cookieReplyPacketJunkSize = "S3", transportPacketJunkSize = "S4"
+    case specialJunk1 = "I1", specialJunk2 = "I2", specialJunk3 = "I3", specialJunk4 = "I4", specialJunk5 = "I5"
+    case controlledJunk1 = "J1", controlledJunk2 = "J2", controlledJunk3 = "J3"
+    case specialHandshakeTimeout = "Itime"
     case dns1
     case dns2
     case mtu
@@ -47,11 +53,21 @@ struct WGConfig: Decodable {
     Jmax = \(junkPacketMaxSize!)
     S1 = \(initPacketJunkSize!)
     S2 = \(responsePacketJunkSize!)
+    S3 = \(cookieReplyPacketJunkSize!)
+    S4 = \(transportPacketJunkSize!)
     H1 = \(initPacketMagicHeader!)
     H2 = \(responsePacketMagicHeader!)
     H3 = \(underloadPacketMagicHeader!)
     H4 = \(transportPacketMagicHeader!)
-
+    I1 = \(specialJunk1!)
+    I2 = \(specialJunk2!)
+    I3 = \(specialJunk3!)
+    I4 = \(specialJunk4!)
+    I5 = \(specialJunk5!)
+    J1 = \(controlledJunk1!)
+    J2 = \(controlledJunk2!)
+    J3 = \(controlledJunk3!)
+    Itime = \(specialHandshakeTimeout!)
     """
   }
 
diff --git a/client/platforms/ios/ios_controller.mm b/client/platforms/ios/ios_controller.mm
index 85fb50b7..e64c6dce 100644
--- a/client/platforms/ios/ios_controller.mm
+++ b/client/platforms/ios/ios_controller.mm
@@ -507,6 +507,8 @@ bool IosController::setupWireGuard()
 
         wgConfig.insert(config_key::initPacketJunkSize, config[config_key::initPacketJunkSize]);
         wgConfig.insert(config_key::responsePacketJunkSize, config[config_key::responsePacketJunkSize]);
+        wgConfig.insert(config_key::cookieReplyPacketJunkSize, config[config_key::cookieReplyPacketJunkSize]);
+        wgConfig.insert(config_key::transportPacketJunkSize, config[config_key::transportPacketJunkSize]);
 
         wgConfig.insert(config_key::junkPacketCount, config[config_key::junkPacketCount]);
         wgConfig.insert(config_key::junkPacketMinSize, config[config_key::junkPacketMinSize]);
@@ -605,11 +607,23 @@ bool IosController::setupAwg()
 
     wgConfig.insert(config_key::initPacketJunkSize, config[config_key::initPacketJunkSize]);
     wgConfig.insert(config_key::responsePacketJunkSize, config[config_key::responsePacketJunkSize]);
+    wgConfig.insert(config_key::cookieReplyPacketJunkSize, config[config_key::cookieReplyPacketJunkSize]);
+    wgConfig.insert(config_key::transportPacketJunkSize, config[config_key::transportPacketJunkSize]);
 
     wgConfig.insert(config_key::junkPacketCount, config[config_key::junkPacketCount]);
     wgConfig.insert(config_key::junkPacketMinSize, config[config_key::junkPacketMinSize]);
     wgConfig.insert(config_key::junkPacketMaxSize, config[config_key::junkPacketMaxSize]);
 
+    wgConfig.insert(config_key::specialJunk1, config[config_key::specialJunk1]);
+    wgConfig.insert(config_key::specialJunk2, config[config_key::specialJunk2]);
+    wgConfig.insert(config_key::specialJunk3, config[config_key::specialJunk3]);
+    wgConfig.insert(config_key::specialJunk4, config[config_key::specialJunk4]);
+    wgConfig.insert(config_key::specialJunk5, config[config_key::specialJunk5]);
+    wgConfig.insert(config_key::controlledJunk1, config[config_key::controlledJunk1]);
+    wgConfig.insert(config_key::controlledJunk2, config[config_key::controlledJunk2]);
+    wgConfig.insert(config_key::controlledJunk3, config[config_key::controlledJunk3]);
+    wgConfig.insert(config_key::specialHandshakeTimeout, config[config_key::specialHandshakeTimeout]);
+
     QJsonDocument wgConfigDoc(wgConfig);
     QString wgConfigDocStr(wgConfigDoc.toJson(QJsonDocument::Compact));
 
@@ -794,9 +808,9 @@ bool IosController::shareText(const QStringList& filesToSend) {
     if (!qtController) return;
 
     UIActivityViewController *activityController = [[UIActivityViewController alloc] initWithActivityItems:sharingItems applicationActivities:nil];
-    
+
     __block bool isAccepted = false;
-    
+
     [activityController setCompletionWithItemsHandler:^(NSString *activityType, BOOL completed, NSArray *returnedItems, NSError *activityError) {
         isAccepted = completed;
         emit finished();
@@ -808,11 +822,11 @@ bool IosController::shareText(const QStringList& filesToSend) {
         popController.sourceView = qtController.view;
         popController.sourceRect = CGRectMake(100, 100, 100, 100);
     }
-    
+
     QEventLoop wait;
     QObject::connect(this, &IosController::finished, &wait, &QEventLoop::quit);
     wait.exec();
-    
+
     return isAccepted;
 }
 
@@ -826,7 +840,7 @@ QString IosController::openFile() {
     if (!qtController) return;
 
     [qtController presentViewController:documentPicker animated:YES completion:nil];
-    
+
     __block QString filePath;
 
     documentPickerDelegate.documentPickerClosedCallback = ^(NSString *path) {
@@ -841,7 +855,7 @@ QString IosController::openFile() {
     QEventLoop wait;
     QObject::connect(this, &IosController::finished, &wait, &QEventLoop::quit);
     wait.exec();
-    
+
     return filePath;
 }
 
diff --git a/client/platforms/linux/daemon/wireguardutilslinux.cpp b/client/platforms/linux/daemon/wireguardutilslinux.cpp
index a12b8582..cfde73e2 100644
--- a/client/platforms/linux/daemon/wireguardutilslinux.cpp
+++ b/client/platforms/linux/daemon/wireguardutilslinux.cpp
@@ -121,6 +121,12 @@ bool WireguardUtilsLinux::addInterface(const InterfaceConfig& config) {
     if (!config.m_responsePacketJunkSize.isEmpty()) {
         out << "s2=" << config.m_responsePacketJunkSize << "\n";
     }
+    if (!config.m_cookieReplyPacketJunkSize.isEmpty()) {
+        out << "s3=" << config.m_cookieReplyPacketJunkSize << "\n";
+    }
+    if (!config.m_transportPacketJunkSize.isEmpty()) {
+        out << "s4=" << config.m_transportPacketJunkSize << "\n";
+    }
     if (!config.m_initPacketMagicHeader.isEmpty()) {
         out << "h1=" << config.m_initPacketMagicHeader << "\n";
     }
@@ -134,6 +140,16 @@ bool WireguardUtilsLinux::addInterface(const InterfaceConfig& config) {
         out << "h4=" << config.m_transportPacketMagicHeader << "\n";
     }
 
+    for (const QString& key : config.m_specialJunk.keys()) {
+        out << key.toLower() << "=" << config.m_specialJunk.value(key) << "\n";
+    }
+    for (const QString& key : config.m_controlledJunk.keys()) {
+        out << key.toLower() << "=" << config.m_controlledJunk.value(key) << "\n";
+    }
+    if (!config.m_specialHandshakeTimeout.isEmpty()) {
+        out << "itime=" << config.m_specialHandshakeTimeout << "\n";
+    }
+
     int err = uapiErrno(uapiCommand(message));
     if (err != 0) {
         logger.error() << "Interface configuration failed:" << strerror(err);
diff --git a/client/platforms/macos/daemon/wireguardutilsmacos.cpp b/client/platforms/macos/daemon/wireguardutilsmacos.cpp
index 37170f20..cce4afab 100644
--- a/client/platforms/macos/daemon/wireguardutilsmacos.cpp
+++ b/client/platforms/macos/daemon/wireguardutilsmacos.cpp
@@ -119,6 +119,12 @@ bool WireguardUtilsMacos::addInterface(const InterfaceConfig& config) {
   if (!config.m_responsePacketJunkSize.isEmpty()) {
     out << "s2=" << config.m_responsePacketJunkSize << "\n";
   }
+  if (!config.m_cookieReplyPacketJunkSize.isEmpty()) {
+    out << "s3=" << config.m_cookieReplyPacketJunkSize << "\n";
+  }
+  if (!config.m_transportPacketJunkSize.isEmpty()) {
+    out << "s4=" << config.m_transportPacketJunkSize << "\n";
+  }
   if (!config.m_initPacketMagicHeader.isEmpty()) {
     out << "h1=" << config.m_initPacketMagicHeader << "\n";
   }
@@ -132,6 +138,16 @@ bool WireguardUtilsMacos::addInterface(const InterfaceConfig& config) {
     out << "h4=" << config.m_transportPacketMagicHeader << "\n";
   }
 
+  for (const QString& key : config.m_specialJunk.keys()) {
+      out << key.toLower() << "=" << config.m_specialJunk.value(key) << "\n";
+  }
+  for (const QString& key : config.m_controlledJunk.keys()) {
+      out << key.toLower() << "=" << config.m_controlledJunk.value(key) << "\n";
+  }
+  if (!config.m_specialHandshakeTimeout.isEmpty()) {
+      out << "itime=" << config.m_specialHandshakeTimeout << "\n";
+  }
+
   int err = uapiErrno(uapiCommand(message));
   if (err != 0) {
     logger.error() << "Interface configuration failed:" << strerror(err);
diff --git a/client/protocols/protocols_defs.h b/client/protocols/protocols_defs.h
index c2d51454..b4cbb6de 100644
--- a/client/protocols/protocols_defs.h
+++ b/client/protocols/protocols_defs.h
@@ -72,10 +72,21 @@ namespace amnezia
         constexpr char junkPacketMaxSize[] = "Jmax";
         constexpr char initPacketJunkSize[] = "S1";
         constexpr char responsePacketJunkSize[] = "S2";
+        constexpr char cookieReplyPacketJunkSize[] = "S3";
+        constexpr char transportPacketJunkSize[] = "S4";
         constexpr char initPacketMagicHeader[] = "H1";
         constexpr char responsePacketMagicHeader[] = "H2";
         constexpr char underloadPacketMagicHeader[] = "H3";
         constexpr char transportPacketMagicHeader[] = "H4";
+        constexpr char specialJunk1[] = "I1";
+        constexpr char specialJunk2[] = "I2";
+        constexpr char specialJunk3[] = "I3";
+        constexpr char specialJunk4[] = "I4";
+        constexpr char specialJunk5[] = "I5";
+        constexpr char controlledJunk1[] = "J1";
+        constexpr char controlledJunk2[] = "J2";
+        constexpr char controlledJunk3[] = "J3";
+        constexpr char specialHandshakeTimeout[] = "Itime";
 
         constexpr char openvpn[] = "openvpn";
         constexpr char wireguard[] = "wireguard";
@@ -216,10 +227,22 @@ namespace amnezia
             constexpr char defaultJunkPacketMaxSize[] = "30";
             constexpr char defaultInitPacketJunkSize[] = "15";
             constexpr char defaultResponsePacketJunkSize[] = "18";
+            constexpr char defaultCookieReplyPacketJunkSize[] = "20";
+            constexpr char defaultTransportPacketJunkSize[] = "23";
+
             constexpr char defaultInitPacketMagicHeader[] = "1020325451";
             constexpr char defaultResponsePacketMagicHeader[] = "3288052141";
             constexpr char defaultTransportPacketMagicHeader[] = "2528465083";
             constexpr char defaultUnderloadPacketMagicHeader[] = "1766607858";
+            constexpr char defaultSpecialJunk1[] = "";
+            constexpr char defaultSpecialJunk2[] = "";
+            constexpr char defaultSpecialJunk3[] = "";
+            constexpr char defaultSpecialJunk4[] = "";
+            constexpr char defaultSpecialJunk5[] = "";
+            constexpr char defaultControlledJunk1[] = "";
+            constexpr char defaultControlledJunk2[] = "";
+            constexpr char defaultControlledJunk3[] = "";
+            constexpr char defaultSpecialHandshakeTimeout[] = "";
         }
 
         namespace socks5Proxy
diff --git a/client/resources.qrc b/client/resources.qrc
index 72eb15c7..54b5846c 100644
--- a/client/resources.qrc
+++ b/client/resources.qrc
@@ -239,6 +239,7 @@
         <file>ui/qml/Components/ApiPremV1MigrationDrawer.qml</file>
         <file>ui/qml/Components/ApiPremV1SubListDrawer.qml</file>
         <file>ui/qml/Components/OtpCodeDrawer.qml</file>
+        <file>ui/qml/Components/AwgTextField.qml</file>
     </qresource>
     <qresource prefix="/countriesFlags">
         <file>images/flagKit/ZW.svg</file>
diff --git a/client/server_scripts/awg/Dockerfile b/client/server_scripts/awg/Dockerfile
index 8c536fc7..a6118a84 100644
--- a/client/server_scripts/awg/Dockerfile
+++ b/client/server_scripts/awg/Dockerfile
@@ -10,7 +10,7 @@ RUN mkdir -p /opt/amnezia
 RUN echo -e "#!/bin/bash\ntail -f /dev/null" > /opt/amnezia/start.sh
 RUN chmod a+x /opt/amnezia/start.sh
 
-# Tune network  
+# Tune network
 RUN echo -e " \n\
   fs.file-max = 51200 \n\
   \n\
@@ -40,7 +40,8 @@ RUN echo -e " \n\
   echo -e " \n\
   * soft nofile 51200 \n\
   * hard nofile 51200 \n\
-  " | sed -e 's/^\s\+//g' | tee -a /etc/security/limits.conf  
+  " | sed -e 's/^\s\+//g' | tee -a /etc/security/limits.conf
 
 ENTRYPOINT [ "dumb-init", "/opt/amnezia/start.sh" ]
 CMD [ "" ]
+
diff --git a/client/server_scripts/awg/configure_container.sh b/client/server_scripts/awg/configure_container.sh
index 2000c965..e327f080 100644
--- a/client/server_scripts/awg/configure_container.sh
+++ b/client/server_scripts/awg/configure_container.sh
@@ -23,4 +23,5 @@ H1 = $INIT_PACKET_MAGIC_HEADER
 H2 = $RESPONSE_PACKET_MAGIC_HEADER
 H3 = $UNDERLOAD_PACKET_MAGIC_HEADER
 H4 = $TRANSPORT_PACKET_MAGIC_HEADER
+
 EOF
diff --git a/client/ui/controllers/api/apiConfigsController.cpp b/client/ui/controllers/api/apiConfigsController.cpp
index eb693a9a..0b0a9b92 100644
--- a/client/ui/controllers/api/apiConfigsController.cpp
+++ b/client/ui/controllers/api/apiConfigsController.cpp
@@ -162,6 +162,9 @@ namespace
             auto serverProtocolConfig = container.value(containerName).toObject();
             auto clientProtocolConfig =
                     QJsonDocument::fromJson(serverProtocolConfig.value(config_key::last_config).toString().toUtf8()).object();
+
+            //TODO looks like this block can be removed after v1 configs EOL
+
             serverProtocolConfig[config_key::junkPacketCount] = clientProtocolConfig.value(config_key::junkPacketCount);
             serverProtocolConfig[config_key::junkPacketMinSize] = clientProtocolConfig.value(config_key::junkPacketMinSize);
             serverProtocolConfig[config_key::junkPacketMaxSize] = clientProtocolConfig.value(config_key::junkPacketMaxSize);
@@ -171,6 +174,21 @@ namespace
             serverProtocolConfig[config_key::responsePacketMagicHeader] = clientProtocolConfig.value(config_key::responsePacketMagicHeader);
             serverProtocolConfig[config_key::underloadPacketMagicHeader] = clientProtocolConfig.value(config_key::underloadPacketMagicHeader);
             serverProtocolConfig[config_key::transportPacketMagicHeader] = clientProtocolConfig.value(config_key::transportPacketMagicHeader);
+
+            serverProtocolConfig[config_key::cookieReplyPacketJunkSize] = clientProtocolConfig.value(config_key::cookieReplyPacketJunkSize);
+            serverProtocolConfig[config_key::transportPacketJunkSize] = clientProtocolConfig.value(config_key::transportPacketJunkSize);
+            serverProtocolConfig[config_key::specialJunk1] = clientProtocolConfig.value(config_key::specialJunk1);
+            serverProtocolConfig[config_key::specialJunk2] = clientProtocolConfig.value(config_key::specialJunk2);
+            serverProtocolConfig[config_key::specialJunk3] = clientProtocolConfig.value(config_key::specialJunk3);
+            serverProtocolConfig[config_key::specialJunk4] = clientProtocolConfig.value(config_key::specialJunk4);
+            serverProtocolConfig[config_key::specialJunk5] = clientProtocolConfig.value(config_key::specialJunk5);
+            serverProtocolConfig[config_key::controlledJunk1] = clientProtocolConfig.value(config_key::controlledJunk1);
+            serverProtocolConfig[config_key::controlledJunk2] = clientProtocolConfig.value(config_key::controlledJunk2);
+            serverProtocolConfig[config_key::controlledJunk3] = clientProtocolConfig.value(config_key::controlledJunk3);
+            serverProtocolConfig[config_key::specialHandshakeTimeout] = clientProtocolConfig.value(config_key::specialHandshakeTimeout);
+
+            //
+
             container[containerName] = serverProtocolConfig;
             containers.replace(0, container);
             newServerConfig[config_key::containers] = containers;
diff --git a/client/ui/controllers/importController.cpp b/client/ui/controllers/importController.cpp
index fdc06120..ea1d5d8e 100644
--- a/client/ui/controllers/importController.cpp
+++ b/client/ui/controllers/importController.cpp
@@ -12,6 +12,7 @@
 #include "core/errorstrings.h"
 #include "core/qrCodeUtils.h"
 #include "core/serialization/serialization.h"
+#include "protocols/protocols_defs.h"
 #include "systemController.h"
 #include "utilities.h"
 
@@ -286,6 +287,19 @@ void ImportController::processNativeWireGuardConfig()
         clientProtocolConfig[config_key::underloadPacketMagicHeader] = "3";
         clientProtocolConfig[config_key::transportPacketMagicHeader] = "4";
 
+        // clientProtocolConfig[config_key::cookieReplyPacketJunkSize] = "0";
+        // clientProtocolConfig[config_key::transportPacketJunkSize] = "0";
+
+        // clientProtocolConfig[config_key::specialJunk1] = "";
+        // clientProtocolConfig[config_key::specialJunk2] = "";
+        // clientProtocolConfig[config_key::specialJunk3] = "";
+        // clientProtocolConfig[config_key::specialJunk4] = "";
+        // clientProtocolConfig[config_key::specialJunk5] = "";
+        // clientProtocolConfig[config_key::controlledJunk1] = "";
+        // clientProtocolConfig[config_key::controlledJunk2] = "";
+        // clientProtocolConfig[config_key::controlledJunk3] = "";
+        // clientProtocolConfig[config_key::specialHandshakeTimeout] = "0";
+
         clientProtocolConfig[config_key::isObfuscationEnabled] = true;
 
         serverProtocolConfig[config_key::last_config] = QString(QJsonDocument(clientProtocolConfig).toJson());
@@ -438,21 +452,33 @@ QJsonObject ImportController::extractWireGuardConfig(const QString &data)
     lastConfig[config_key::allowed_ips] = allowedIpsJsonArray;
 
     QString protocolName = "wireguard";
-    if (!configMap.value(config_key::junkPacketCount).isEmpty() && !configMap.value(config_key::junkPacketMinSize).isEmpty()
-        && !configMap.value(config_key::junkPacketMaxSize).isEmpty() && !configMap.value(config_key::initPacketJunkSize).isEmpty()
-        && !configMap.value(config_key::responsePacketJunkSize).isEmpty() && !configMap.value(config_key::initPacketMagicHeader).isEmpty()
-        && !configMap.value(config_key::responsePacketMagicHeader).isEmpty()
-        && !configMap.value(config_key::underloadPacketMagicHeader).isEmpty()
-        && !configMap.value(config_key::transportPacketMagicHeader).isEmpty()) {
-        lastConfig[config_key::junkPacketCount] = configMap.value(config_key::junkPacketCount);
-        lastConfig[config_key::junkPacketMinSize] = configMap.value(config_key::junkPacketMinSize);
-        lastConfig[config_key::junkPacketMaxSize] = configMap.value(config_key::junkPacketMaxSize);
-        lastConfig[config_key::initPacketJunkSize] = configMap.value(config_key::initPacketJunkSize);
-        lastConfig[config_key::responsePacketJunkSize] = configMap.value(config_key::responsePacketJunkSize);
-        lastConfig[config_key::initPacketMagicHeader] = configMap.value(config_key::initPacketMagicHeader);
-        lastConfig[config_key::responsePacketMagicHeader] = configMap.value(config_key::responsePacketMagicHeader);
-        lastConfig[config_key::underloadPacketMagicHeader] = configMap.value(config_key::underloadPacketMagicHeader);
-        lastConfig[config_key::transportPacketMagicHeader] = configMap.value(config_key::transportPacketMagicHeader);
+
+    const QStringList requiredJunkFields = { config_key::junkPacketCount,           config_key::junkPacketMinSize,
+                                             config_key::junkPacketMaxSize,         config_key::initPacketJunkSize,
+                                             config_key::responsePacketJunkSize,    config_key::initPacketMagicHeader,
+                                             config_key::responsePacketMagicHeader, config_key::underloadPacketMagicHeader,
+                                             config_key::transportPacketMagicHeader };
+
+    const QStringList optionalJunkFields = { // config_key::cookieReplyPacketJunkSize,
+                                             // config_key::transportPacketJunkSize,
+                                             config_key::specialJunk1,    config_key::specialJunk2,    config_key::specialJunk3,
+                                             config_key::specialJunk4,    config_key::specialJunk5,    config_key::controlledJunk1,
+                                             config_key::controlledJunk2, config_key::controlledJunk3, config_key::specialHandshakeTimeout
+    };
+
+    bool hasAllRequiredFields = std::all_of(requiredJunkFields.begin(), requiredJunkFields.end(),
+                                            [&configMap](const QString &field) { return !configMap.value(field).isEmpty(); });
+    if (hasAllRequiredFields) {
+        for (const QString &field : requiredJunkFields) {
+            lastConfig[field] = configMap.value(field);
+        }
+
+        for (const QString &field : optionalJunkFields) {
+            if (!configMap.value(field).isEmpty()) {
+                lastConfig[field] = configMap.value(field);
+            }
+        }
+
         protocolName = "awg";
         m_configType = ConfigTypes::Awg;
     }
diff --git a/client/ui/controllers/installController.cpp b/client/ui/controllers/installController.cpp
index eab8979a..d7f9dfbc 100755
--- a/client/ui/controllers/installController.cpp
+++ b/client/ui/controllers/installController.cpp
@@ -8,6 +8,7 @@
 #include <QStandardPaths>
 #include <QtConcurrent>
 
+#include "core/api/apiUtils.h"
 #include "core/controllers/serverController.h"
 #include "core/controllers/vpnConfigurationController.h"
 #include "core/networkUtilities.h"
@@ -15,7 +16,6 @@
 #include "ui/models/protocols/awgConfigModel.h"
 #include "ui/models/protocols/wireguardConfigModel.h"
 #include "utilities.h"
-#include "core/api/apiUtils.h"
 
 namespace
 {
@@ -79,12 +79,36 @@ void InstallController::install(DockerContainer container, int port, TransportPr
 
                 int s1 = QRandomGenerator::global()->bounded(15, 150);
                 int s2 = QRandomGenerator::global()->bounded(15, 150);
-                while (s1 + AwgConstant::messageInitiationSize == s2 + AwgConstant::messageResponseSize) {
+                // int s3 = QRandomGenerator::global()->bounded(15, 150);
+                // int s4 = QRandomGenerator::global()->bounded(15, 150);
+
+                // Ensure all values are unique and don't create equal packet sizes
+                QSet<int> usedValues;
+                usedValues.insert(s1);
+
+                while (usedValues.contains(s2) || s1 + AwgConstant::messageInitiationSize == s2 + AwgConstant::messageResponseSize) {
                     s2 = QRandomGenerator::global()->bounded(15, 150);
                 }
+                usedValues.insert(s2);
+
+                // while (usedValues.contains(s3)
+                //        || s1 + AwgConstant::messageInitiationSize == s3 + AwgConstant::messageCookieReplySize
+                //        || s2 + AwgConstant::messageResponseSize == s3 + AwgConstant::messageCookieReplySize) {
+                //     s3 = QRandomGenerator::global()->bounded(15, 150);
+                // }
+                // usedValues.insert(s3);
+
+                // while (usedValues.contains(s4)
+                //        || s1 + AwgConstant::messageInitiationSize == s4 + AwgConstant::messageTransportSize
+                //        || s2 + AwgConstant::messageResponseSize == s4 + AwgConstant::messageTransportSize
+                //        || s3 + AwgConstant::messageCookieReplySize == s4 + AwgConstant::messageTransportSize) {
+                //     s4 = QRandomGenerator::global()->bounded(15, 150);
+                // }
 
                 QString initPacketJunkSize = QString::number(s1);
                 QString responsePacketJunkSize = QString::number(s2);
+                // QString cookieReplyPacketJunkSize = QString::number(s3);
+                // QString transportPacketJunkSize = QString::number(s4);
 
                 QSet<QString> headersValue;
                 while (headersValue.size() != 4) {
@@ -108,6 +132,21 @@ void InstallController::install(DockerContainer container, int port, TransportPr
                 containerConfig[config_key::responsePacketMagicHeader] = responsePacketMagicHeader;
                 containerConfig[config_key::underloadPacketMagicHeader] = underloadPacketMagicHeader;
                 containerConfig[config_key::transportPacketMagicHeader] = transportPacketMagicHeader;
+
+                // TODO:
+                // containerConfig[config_key::cookieReplyPacketJunkSize] = cookieReplyPacketJunkSize;
+                // containerConfig[config_key::transportPacketJunkSize] = transportPacketJunkSize;
+
+                // containerConfig[config_key::specialJunk1] = specialJunk1;
+                // containerConfig[config_key::specialJunk2] = specialJunk2;
+                // containerConfig[config_key::specialJunk3] = specialJunk3;
+                // containerConfig[config_key::specialJunk4] = specialJunk4;
+                // containerConfig[config_key::specialJunk5] = specialJunk5;
+                // containerConfig[config_key::controlledJunk1] = controlledJunk1;
+                // containerConfig[config_key::controlledJunk2] = controlledJunk2;
+                // containerConfig[config_key::controlledJunk3] = controlledJunk3;
+                // containerConfig[config_key::specialHandshakeTimeout] = specialHandshakeTimeout;
+
             } else if (container == DockerContainer::Sftp) {
                 containerConfig.insert(config_key::userName, protocols::sftp::defaultUserName);
                 containerConfig.insert(config_key::password, Utils::getRandomString(16));
@@ -401,6 +440,19 @@ ErrorCode InstallController::getAlreadyInstalledContainers(const ServerCredentia
                         containerConfig[config_key::transportPacketMagicHeader] =
                                 serverConfigMap.value(config_key::transportPacketMagicHeader);
 
+                        // containerConfig[config_key::cookieReplyPacketJunkSize] = serverConfigMap.value(config_key::cookieReplyPacketJunkSize);
+                        // containerConfig[config_key::transportPacketJunkSize] = serverConfigMap.value(config_key::transportPacketJunkSize);
+
+                        // containerConfig[config_key::specialJunk1] = serverConfigMap.value(config_key::specialJunk1);
+                        // containerConfig[config_key::specialJunk2] = serverConfigMap.value(config_key::specialJunk2);
+                        // containerConfig[config_key::specialJunk3] = serverConfigMap.value(config_key::specialJunk3);
+                        // containerConfig[config_key::specialJunk4] = serverConfigMap.value(config_key::specialJunk4);
+                        // containerConfig[config_key::specialJunk5] = serverConfigMap.value(config_key::specialJunk5);
+                        // containerConfig[config_key::controlledJunk1] = serverConfigMap.value(config_key::controlledJunk1);
+                        // containerConfig[config_key::controlledJunk2] = serverConfigMap.value(config_key::controlledJunk2);
+                        // containerConfig[config_key::controlledJunk3] = serverConfigMap.value(config_key::controlledJunk3);
+                        // containerConfig[config_key::specialHandshakeTimeout] = serverConfigMap.value(config_key::specialHandshakeTimeout);
+
                     } else if (protocol == Proto::WireGuard) {
                         QString serverConfig = serverController->getTextFileFromContainer(container, credentials,
                                                                                           protocols::wireguard::serverConfigPath, errorCode);
diff --git a/client/ui/models/protocols/awgConfigModel.cpp b/client/ui/models/protocols/awgConfigModel.cpp
index 860c8395..e14a3152 100644
--- a/client/ui/models/protocols/awgConfigModel.cpp
+++ b/client/ui/models/protocols/awgConfigModel.cpp
@@ -28,7 +28,17 @@ bool AwgConfigModel::setData(const QModelIndex &index, const QVariant &value, in
     case Roles::ClientJunkPacketCountRole: m_clientProtocolConfig.insert(config_key::junkPacketCount, value.toString()); break;
     case Roles::ClientJunkPacketMinSizeRole: m_clientProtocolConfig.insert(config_key::junkPacketMinSize, value.toString()); break;
     case Roles::ClientJunkPacketMaxSizeRole: m_clientProtocolConfig.insert(config_key::junkPacketMaxSize, value.toString()); break;
-
+    case Roles::ClientSpecialJunk1Role: m_clientProtocolConfig.insert(config_key::specialJunk1, value.toString()); break;
+    case Roles::ClientSpecialJunk2Role: m_clientProtocolConfig.insert(config_key::specialJunk2, value.toString()); break;
+    case Roles::ClientSpecialJunk3Role: m_clientProtocolConfig.insert(config_key::specialJunk3, value.toString()); break;
+    case Roles::ClientSpecialJunk4Role: m_clientProtocolConfig.insert(config_key::specialJunk4, value.toString()); break;
+    case Roles::ClientSpecialJunk5Role: m_clientProtocolConfig.insert(config_key::specialJunk5, value.toString()); break;
+    case Roles::ClientControlledJunk1Role: m_clientProtocolConfig.insert(config_key::controlledJunk1, value.toString()); break;
+    case Roles::ClientControlledJunk2Role: m_clientProtocolConfig.insert(config_key::controlledJunk2, value.toString()); break;
+    case Roles::ClientControlledJunk3Role: m_clientProtocolConfig.insert(config_key::controlledJunk3, value.toString()); break;
+    case Roles::ClientSpecialHandshakeTimeoutRole:
+        m_clientProtocolConfig.insert(config_key::specialHandshakeTimeout, value.toString());
+        break;
     case Roles::ServerJunkPacketCountRole: m_serverProtocolConfig.insert(config_key::junkPacketCount, value.toString()); break;
     case Roles::ServerJunkPacketMinSizeRole: m_serverProtocolConfig.insert(config_key::junkPacketMinSize, value.toString()); break;
     case Roles::ServerJunkPacketMaxSizeRole: m_serverProtocolConfig.insert(config_key::junkPacketMaxSize, value.toString()); break;
@@ -36,6 +46,12 @@ bool AwgConfigModel::setData(const QModelIndex &index, const QVariant &value, in
     case Roles::ServerResponsePacketJunkSizeRole:
         m_serverProtocolConfig.insert(config_key::responsePacketJunkSize, value.toString());
         break;
+    // case Roles::ServerCookieReplyPacketJunkSizeRole:
+    //     m_serverProtocolConfig.insert(config_key::cookieReplyPacketJunkSize, value.toString());
+    //     break;
+    // case Roles::ServerTransportPacketJunkSizeRole:
+    //     m_serverProtocolConfig.insert(config_key::transportPacketJunkSize, value.toString());
+    //     break;
     case Roles::ServerInitPacketMagicHeaderRole: m_serverProtocolConfig.insert(config_key::initPacketMagicHeader, value.toString()); break;
     case Roles::ServerResponsePacketMagicHeaderRole:
         m_serverProtocolConfig.insert(config_key::responsePacketMagicHeader, value.toString());
@@ -66,12 +82,23 @@ QVariant AwgConfigModel::data(const QModelIndex &index, int role) const
     case Roles::ClientJunkPacketCountRole: return m_clientProtocolConfig.value(config_key::junkPacketCount);
     case Roles::ClientJunkPacketMinSizeRole: return m_clientProtocolConfig.value(config_key::junkPacketMinSize);
     case Roles::ClientJunkPacketMaxSizeRole: return m_clientProtocolConfig.value(config_key::junkPacketMaxSize);
+    case Roles::ClientSpecialJunk1Role: return m_clientProtocolConfig.value(config_key::specialJunk1);
+    case Roles::ClientSpecialJunk2Role: return m_clientProtocolConfig.value(config_key::specialJunk2);
+    case Roles::ClientSpecialJunk3Role: return m_clientProtocolConfig.value(config_key::specialJunk3);
+    case Roles::ClientSpecialJunk4Role: return m_clientProtocolConfig.value(config_key::specialJunk4);
+    case Roles::ClientSpecialJunk5Role: return m_clientProtocolConfig.value(config_key::specialJunk5);
+    case Roles::ClientControlledJunk1Role: return m_clientProtocolConfig.value(config_key::controlledJunk1);
+    case Roles::ClientControlledJunk2Role: return m_clientProtocolConfig.value(config_key::controlledJunk2);
+    case Roles::ClientControlledJunk3Role: return m_clientProtocolConfig.value(config_key::controlledJunk3);
+    case Roles::ClientSpecialHandshakeTimeoutRole: return m_clientProtocolConfig.value(config_key::specialHandshakeTimeout);
 
     case Roles::ServerJunkPacketCountRole: return m_serverProtocolConfig.value(config_key::junkPacketCount);
     case Roles::ServerJunkPacketMinSizeRole: return m_serverProtocolConfig.value(config_key::junkPacketMinSize);
     case Roles::ServerJunkPacketMaxSizeRole: return m_serverProtocolConfig.value(config_key::junkPacketMaxSize);
     case Roles::ServerInitPacketJunkSizeRole: return m_serverProtocolConfig.value(config_key::initPacketJunkSize);
     case Roles::ServerResponsePacketJunkSizeRole: return m_serverProtocolConfig.value(config_key::responsePacketJunkSize);
+    // case Roles::ServerCookieReplyPacketJunkSizeRole: return m_serverProtocolConfig.value(config_key::cookieReplyPacketJunkSize);
+    // case Roles::ServerTransportPacketJunkSizeRole: return m_serverProtocolConfig.value(config_key::transportPacketJunkSize);
     case Roles::ServerInitPacketMagicHeaderRole: return m_serverProtocolConfig.value(config_key::initPacketMagicHeader);
     case Roles::ServerResponsePacketMagicHeaderRole: return m_serverProtocolConfig.value(config_key::responsePacketMagicHeader);
     case Roles::ServerUnderloadPacketMagicHeaderRole: return m_serverProtocolConfig.value(config_key::underloadPacketMagicHeader);
@@ -94,7 +121,8 @@ void AwgConfigModel::updateModel(const QJsonObject &config)
     m_serverProtocolConfig.insert(config_key::transport_proto,
                                   serverProtocolConfig.value(config_key::transport_proto).toString(defaultTransportProto));
     m_serverProtocolConfig[config_key::last_config] = serverProtocolConfig.value(config_key::last_config);
-    m_serverProtocolConfig[config_key::subnet_address] = serverProtocolConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress);
+    m_serverProtocolConfig[config_key::subnet_address] =
+            serverProtocolConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress);
     m_serverProtocolConfig[config_key::port] = serverProtocolConfig.value(config_key::port).toString(protocols::awg::defaultPort);
     m_serverProtocolConfig[config_key::junkPacketCount] =
             serverProtocolConfig.value(config_key::junkPacketCount).toString(protocols::awg::defaultJunkPacketCount);
@@ -106,6 +134,10 @@ void AwgConfigModel::updateModel(const QJsonObject &config)
             serverProtocolConfig.value(config_key::initPacketJunkSize).toString(protocols::awg::defaultInitPacketJunkSize);
     m_serverProtocolConfig[config_key::responsePacketJunkSize] =
             serverProtocolConfig.value(config_key::responsePacketJunkSize).toString(protocols::awg::defaultResponsePacketJunkSize);
+    // m_serverProtocolConfig[config_key::cookieReplyPacketJunkSize] =
+    //         serverProtocolConfig.value(config_key::cookieReplyPacketJunkSize).toString(protocols::awg::defaultCookieReplyPacketJunkSize);
+    // m_serverProtocolConfig[config_key::transportPacketJunkSize] =
+    //         serverProtocolConfig.value(config_key::transportPacketJunkSize).toString(protocols::awg::defaultTransportPacketJunkSize);
     m_serverProtocolConfig[config_key::initPacketMagicHeader] =
             serverProtocolConfig.value(config_key::initPacketMagicHeader).toString(protocols::awg::defaultInitPacketMagicHeader);
     m_serverProtocolConfig[config_key::responsePacketMagicHeader] =
@@ -124,6 +156,24 @@ void AwgConfigModel::updateModel(const QJsonObject &config)
             clientProtocolConfig.value(config_key::junkPacketMinSize).toString(m_serverProtocolConfig[config_key::junkPacketMinSize].toString());
     m_clientProtocolConfig[config_key::junkPacketMaxSize] =
             clientProtocolConfig.value(config_key::junkPacketMaxSize).toString(m_serverProtocolConfig[config_key::junkPacketMaxSize].toString());
+    m_clientProtocolConfig[config_key::specialJunk1] =
+            clientProtocolConfig.value(config_key::specialJunk1).toString(protocols::awg::defaultSpecialJunk1);
+    m_clientProtocolConfig[config_key::specialJunk2] =
+            clientProtocolConfig.value(config_key::specialJunk2).toString(protocols::awg::defaultSpecialJunk2);
+    m_clientProtocolConfig[config_key::specialJunk3] =
+            clientProtocolConfig.value(config_key::specialJunk3).toString(protocols::awg::defaultSpecialJunk3);
+    m_clientProtocolConfig[config_key::specialJunk4] =
+            clientProtocolConfig.value(config_key::specialJunk4).toString(protocols::awg::defaultSpecialJunk4);
+    m_clientProtocolConfig[config_key::specialJunk5] =
+            clientProtocolConfig.value(config_key::specialJunk5).toString(protocols::awg::defaultSpecialJunk5);
+    m_clientProtocolConfig[config_key::controlledJunk1] =
+            clientProtocolConfig.value(config_key::controlledJunk1).toString(protocols::awg::defaultControlledJunk1);
+    m_clientProtocolConfig[config_key::controlledJunk2] =
+            clientProtocolConfig.value(config_key::controlledJunk2).toString(protocols::awg::defaultControlledJunk2);
+    m_clientProtocolConfig[config_key::controlledJunk3] =
+            clientProtocolConfig.value(config_key::controlledJunk3).toString(protocols::awg::defaultControlledJunk3);
+    m_clientProtocolConfig[config_key::specialHandshakeTimeout] =
+            clientProtocolConfig.value(config_key::specialHandshakeTimeout).toString(protocols::awg::defaultSpecialHandshakeTimeout);
     endResetModel();
 }
 
@@ -141,6 +191,15 @@ QJsonObject AwgConfigModel::getConfig()
         jsonConfig[config_key::junkPacketCount] = m_clientProtocolConfig[config_key::junkPacketCount];
         jsonConfig[config_key::junkPacketMinSize] = m_clientProtocolConfig[config_key::junkPacketMinSize];
         jsonConfig[config_key::junkPacketMaxSize] = m_clientProtocolConfig[config_key::junkPacketMaxSize];
+        jsonConfig[config_key::specialJunk1] = m_clientProtocolConfig[config_key::specialJunk1];
+        jsonConfig[config_key::specialJunk2] = m_clientProtocolConfig[config_key::specialJunk2];
+        jsonConfig[config_key::specialJunk3] = m_clientProtocolConfig[config_key::specialJunk3];
+        jsonConfig[config_key::specialJunk4] = m_clientProtocolConfig[config_key::specialJunk4];
+        jsonConfig[config_key::specialJunk5] = m_clientProtocolConfig[config_key::specialJunk5];
+        jsonConfig[config_key::controlledJunk1] = m_clientProtocolConfig[config_key::controlledJunk1];
+        jsonConfig[config_key::controlledJunk2] = m_clientProtocolConfig[config_key::controlledJunk2];
+        jsonConfig[config_key::controlledJunk3] = m_clientProtocolConfig[config_key::controlledJunk3];
+        jsonConfig[config_key::specialHandshakeTimeout] = m_clientProtocolConfig[config_key::specialHandshakeTimeout];
 
         m_serverProtocolConfig[config_key::last_config] = QString(QJsonDocument(jsonConfig).toJson());
     }
@@ -159,6 +218,17 @@ bool AwgConfigModel::isPacketSizeEqual(const int s1, const int s2)
     return (AwgConstant::messageInitiationSize + s1 == AwgConstant::messageResponseSize + s2);
 }
 
+// bool AwgConfigModel::isPacketSizeEqual(const int s1, const int s2, const int s3, const int s4)
+// {
+//     int initSize = AwgConstant::messageInitiationSize + s1;
+//     int responseSize = AwgConstant::messageResponseSize + s2;
+//     int cookieSize = AwgConstant::messageCookieReplySize + s3;
+//     int transportSize = AwgConstant::messageTransportSize + s4;
+
+//     return (initSize == responseSize || initSize == cookieSize || initSize == transportSize || responseSize == cookieSize
+//             || responseSize == transportSize || cookieSize == transportSize);
+// }
+
 bool AwgConfigModel::isServerSettingsEqual()
 {
     const AwgConfig oldConfig(m_fullConfig.value(config_key::awg).toObject());
@@ -178,12 +248,24 @@ QHash<int, QByteArray> AwgConfigModel::roleNames() const
     roles[ClientJunkPacketCountRole] = "clientJunkPacketCount";
     roles[ClientJunkPacketMinSizeRole] = "clientJunkPacketMinSize";
     roles[ClientJunkPacketMaxSizeRole] = "clientJunkPacketMaxSize";
+    roles[ClientSpecialJunk1Role] = "clientSpecialJunk1";
+    roles[ClientSpecialJunk2Role] = "clientSpecialJunk2";
+    roles[ClientSpecialJunk3Role] = "clientSpecialJunk3";
+    roles[ClientSpecialJunk4Role] = "clientSpecialJunk4";
+    roles[ClientSpecialJunk5Role] = "clientSpecialJunk5";
+    roles[ClientControlledJunk1Role] = "clientControlledJunk1";
+    roles[ClientControlledJunk2Role] = "clientControlledJunk2";
+    roles[ClientControlledJunk3Role] = "clientControlledJunk3";
+    roles[ClientSpecialHandshakeTimeoutRole] = "clientSpecialHandshakeTimeout";
 
     roles[ServerJunkPacketCountRole] = "serverJunkPacketCount";
     roles[ServerJunkPacketMinSizeRole] = "serverJunkPacketMinSize";
     roles[ServerJunkPacketMaxSizeRole] = "serverJunkPacketMaxSize";
     roles[ServerInitPacketJunkSizeRole] = "serverInitPacketJunkSize";
     roles[ServerResponsePacketJunkSizeRole] = "serverResponsePacketJunkSize";
+    roles[ServerCookieReplyPacketJunkSizeRole] = "serverCookieReplyPacketJunkSize";
+    roles[ServerTransportPacketJunkSizeRole] = "serverTransportPacketJunkSize";
+
     roles[ServerInitPacketMagicHeaderRole] = "serverInitPacketMagicHeader";
     roles[ServerResponsePacketMagicHeaderRole] = "serverResponsePacketMagicHeader";
     roles[ServerUnderloadPacketMagicHeaderRole] = "serverUnderloadPacketMagicHeader";
@@ -200,6 +282,16 @@ AwgConfig::AwgConfig(const QJsonObject &serverProtocolConfig)
     clientJunkPacketCount = clientProtocolConfig.value(config_key::junkPacketCount).toString(protocols::awg::defaultJunkPacketCount);
     clientJunkPacketMinSize = clientProtocolConfig.value(config_key::junkPacketMinSize).toString(protocols::awg::defaultJunkPacketMinSize);
     clientJunkPacketMaxSize = clientProtocolConfig.value(config_key::junkPacketMaxSize).toString(protocols::awg::defaultJunkPacketMaxSize);
+    clientSpecialJunk1 = clientProtocolConfig.value(config_key::specialJunk1).toString(protocols::awg::defaultSpecialJunk1);
+    clientSpecialJunk2 = clientProtocolConfig.value(config_key::specialJunk2).toString(protocols::awg::defaultSpecialJunk2);
+    clientSpecialJunk3 = clientProtocolConfig.value(config_key::specialJunk3).toString(protocols::awg::defaultSpecialJunk3);
+    clientSpecialJunk4 = clientProtocolConfig.value(config_key::specialJunk4).toString(protocols::awg::defaultSpecialJunk4);
+    clientSpecialJunk5 = clientProtocolConfig.value(config_key::specialJunk5).toString(protocols::awg::defaultSpecialJunk5);
+    clientControlledJunk1 = clientProtocolConfig.value(config_key::controlledJunk1).toString(protocols::awg::defaultControlledJunk1);
+    clientControlledJunk2 = clientProtocolConfig.value(config_key::controlledJunk2).toString(protocols::awg::defaultControlledJunk2);
+    clientControlledJunk3 = clientProtocolConfig.value(config_key::controlledJunk3).toString(protocols::awg::defaultControlledJunk3);
+    clientSpecialHandshakeTimeout =
+            clientProtocolConfig.value(config_key::specialHandshakeTimeout).toString(protocols::awg::defaultSpecialHandshakeTimeout);
 
     subnetAddress = serverProtocolConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress);
     port = serverProtocolConfig.value(config_key::port).toString(protocols::awg::defaultPort);
@@ -209,6 +301,10 @@ AwgConfig::AwgConfig(const QJsonObject &serverProtocolConfig)
     serverInitPacketJunkSize = serverProtocolConfig.value(config_key::initPacketJunkSize).toString(protocols::awg::defaultInitPacketJunkSize);
     serverResponsePacketJunkSize =
             serverProtocolConfig.value(config_key::responsePacketJunkSize).toString(protocols::awg::defaultResponsePacketJunkSize);
+    // serverCookieReplyPacketJunkSize =
+    //         serverProtocolConfig.value(config_key::cookieReplyPacketJunkSize).toString(protocols::awg::defaultCookieReplyPacketJunkSize);
+    // serverTransportPacketJunkSize =
+    //         serverProtocolConfig.value(config_key::transportPacketJunkSize).toString(protocols::awg::defaultTransportPacketJunkSize);
     serverInitPacketMagicHeader =
             serverProtocolConfig.value(config_key::initPacketMagicHeader).toString(protocols::awg::defaultInitPacketMagicHeader);
     serverResponsePacketMagicHeader =
@@ -224,6 +320,8 @@ bool AwgConfig::hasEqualServerSettings(const AwgConfig &other) const
     if (subnetAddress != other.subnetAddress || port != other.port || serverJunkPacketCount != other.serverJunkPacketCount
         || serverJunkPacketMinSize != other.serverJunkPacketMinSize || serverJunkPacketMaxSize != other.serverJunkPacketMaxSize
         || serverInitPacketJunkSize != other.serverInitPacketJunkSize || serverResponsePacketJunkSize != other.serverResponsePacketJunkSize
+        // || serverCookieReplyPacketJunkSize != other.serverCookieReplyPacketJunkSize
+        // || serverTransportPacketJunkSize != other.serverTransportPacketJunkSize
         || serverInitPacketMagicHeader != other.serverInitPacketMagicHeader
         || serverResponsePacketMagicHeader != other.serverResponsePacketMagicHeader
         || serverUnderloadPacketMagicHeader != other.serverUnderloadPacketMagicHeader
@@ -236,7 +334,12 @@ bool AwgConfig::hasEqualServerSettings(const AwgConfig &other) const
 bool AwgConfig::hasEqualClientSettings(const AwgConfig &other) const
 {
     if (clientMtu != other.clientMtu || clientJunkPacketCount != other.clientJunkPacketCount
-        || clientJunkPacketMinSize != other.clientJunkPacketMinSize || clientJunkPacketMaxSize != other.clientJunkPacketMaxSize) {
+        || clientJunkPacketMinSize != other.clientJunkPacketMinSize || clientJunkPacketMaxSize != other.clientJunkPacketMaxSize
+        || clientSpecialJunk1 != other.clientSpecialJunk1 || clientSpecialJunk2 != other.clientSpecialJunk2
+        || clientSpecialJunk3 != other.clientSpecialJunk3 || clientSpecialJunk4 != other.clientSpecialJunk4
+        || clientSpecialJunk5 != other.clientSpecialJunk5 || clientControlledJunk1 != other.clientControlledJunk1
+        || clientControlledJunk2 != other.clientControlledJunk2 || clientControlledJunk3 != other.clientControlledJunk3
+        || clientSpecialHandshakeTimeout != other.clientSpecialHandshakeTimeout) {
         return false;
     }
     return true;
diff --git a/client/ui/models/protocols/awgConfigModel.h b/client/ui/models/protocols/awgConfigModel.h
index c1f8bb27..0c2374fc 100644
--- a/client/ui/models/protocols/awgConfigModel.h
+++ b/client/ui/models/protocols/awgConfigModel.h
@@ -6,9 +6,12 @@
 
 #include "containers/containers_defs.h"
 
-namespace AwgConstant {
+namespace AwgConstant
+{
     const int messageInitiationSize = 148;
     const int messageResponseSize = 92;
+    const int messageCookieReplySize = 64;
+    const int messageTransportSize = 32;
 }
 
 struct AwgConfig
@@ -22,12 +25,23 @@ struct AwgConfig
     QString clientJunkPacketCount;
     QString clientJunkPacketMinSize;
     QString clientJunkPacketMaxSize;
+    QString clientSpecialJunk1;
+    QString clientSpecialJunk2;
+    QString clientSpecialJunk3;
+    QString clientSpecialJunk4;
+    QString clientSpecialJunk5;
+    QString clientControlledJunk1;
+    QString clientControlledJunk2;
+    QString clientControlledJunk3;
+    QString clientSpecialHandshakeTimeout;
 
     QString serverJunkPacketCount;
     QString serverJunkPacketMinSize;
     QString serverJunkPacketMaxSize;
     QString serverInitPacketJunkSize;
     QString serverResponsePacketJunkSize;
+    QString serverCookieReplyPacketJunkSize;
+    QString serverTransportPacketJunkSize;
     QString serverInitPacketMagicHeader;
     QString serverResponsePacketMagicHeader;
     QString serverUnderloadPacketMagicHeader;
@@ -35,7 +49,6 @@ struct AwgConfig
 
     bool hasEqualServerSettings(const AwgConfig &other) const;
     bool hasEqualClientSettings(const AwgConfig &other) const;
-
 };
 
 class AwgConfigModel : public QAbstractListModel
@@ -51,16 +64,28 @@ public:
         ClientJunkPacketCountRole,
         ClientJunkPacketMinSizeRole,
         ClientJunkPacketMaxSizeRole,
+        ClientSpecialJunk1Role,
+        ClientSpecialJunk2Role,
+        ClientSpecialJunk3Role,
+        ClientSpecialJunk4Role,
+        ClientSpecialJunk5Role,
+        ClientControlledJunk1Role,
+        ClientControlledJunk2Role,
+        ClientControlledJunk3Role,
+        ClientSpecialHandshakeTimeoutRole,
 
         ServerJunkPacketCountRole,
         ServerJunkPacketMinSizeRole,
         ServerJunkPacketMaxSizeRole,
         ServerInitPacketJunkSizeRole,
         ServerResponsePacketJunkSizeRole,
+        ServerCookieReplyPacketJunkSizeRole,
+        ServerTransportPacketJunkSizeRole,
+
         ServerInitPacketMagicHeaderRole,
         ServerResponsePacketMagicHeaderRole,
         ServerUnderloadPacketMagicHeaderRole,
-        ServerTransportPacketMagicHeaderRole
+        ServerTransportPacketMagicHeaderRole,
     };
 
     explicit AwgConfigModel(QObject *parent = nullptr);
@@ -75,7 +100,7 @@ public slots:
     QJsonObject getConfig();
 
     bool isHeadersEqual(const QString &h1, const QString &h2, const QString &h3, const QString &h4);
-    bool isPacketSizeEqual(const int s1, const int s2);
+    bool isPacketSizeEqual(const int s1, const int s2/*, const int s3, const int s4*/);
 
     bool isServerSettingsEqual();
 
diff --git a/client/ui/qml/Components/AwgTextField.qml b/client/ui/qml/Components/AwgTextField.qml
new file mode 100644
index 00000000..87b023d9
--- /dev/null
+++ b/client/ui/qml/Components/AwgTextField.qml
@@ -0,0 +1,15 @@
+pragma ComponentBehavior: Bound
+
+import QtQuick
+import QtQuick.Layouts
+
+import "../Controls2"
+
+TextFieldWithHeaderType {
+    Layout.fillWidth: true
+    Layout.topMargin: 16
+
+    textField.validator: IntValidator { bottom: 0 }
+
+    checkEmptyText: true
+}
diff --git a/client/ui/qml/Pages2/PageProtocolAwgClientSettings.qml b/client/ui/qml/Pages2/PageProtocolAwgClientSettings.qml
index b8cf5f93..d97d09e8 100644
--- a/client/ui/qml/Pages2/PageProtocolAwgClientSettings.qml
+++ b/client/ui/qml/Pages2/PageProtocolAwgClientSettings.qml
@@ -115,14 +115,10 @@ PageType {
                     KeyNavigation.tab: junkPacketCountTextField.textField
                 }
 
-                TextFieldWithHeaderType {
+                AwgTextField {
                     id: junkPacketCountTextField
-                    Layout.fillWidth: true
-                    Layout.topMargin: 16
-
                     headerText: "Jc - Junk packet count"
                     textField.text: clientJunkPacketCount
-                    textField.validator: IntValidator { bottom: 0 }
 
                     textField.onEditingFinished: {
                         if (textField.text !== clientJunkPacketCount) {
@@ -130,19 +126,13 @@ PageType {
                         }
                     }
 
-                    checkEmptyText: true
-
                     KeyNavigation.tab: junkPacketMinSizeTextField.textField
                 }
 
-                TextFieldWithHeaderType {
+                AwgTextField {
                     id: junkPacketMinSizeTextField
-                    Layout.fillWidth: true
-                    Layout.topMargin: 16
-
                     headerText: "Jmin - Junk packet minimum size"
                     textField.text: clientJunkPacketMinSize
-                    textField.validator: IntValidator { bottom: 0 }
 
                     textField.onEditingFinished: {
                         if (textField.text !== clientJunkPacketMinSize) {
@@ -150,28 +140,144 @@ PageType {
                         }
                     }
 
-                    checkEmptyText: true
-
                     KeyNavigation.tab: junkPacketMaxSizeTextField.textField
                 }
 
-                TextFieldWithHeaderType {
+                AwgTextField {
                     id: junkPacketMaxSizeTextField
-                    Layout.fillWidth: true
-                    Layout.topMargin: 16
-
                     headerText: "Jmax - Junk packet maximum size"
                     textField.text: clientJunkPacketMaxSize
-                    textField.validator: IntValidator { bottom: 0 }
 
                     textField.onEditingFinished: {
                         if (textField.text !== clientJunkPacketMaxSize) {
                             clientJunkPacketMaxSize = textField.text
                         }
                     }
+                }
 
-                    checkEmptyText: true
+                AwgTextField {
+                    id: specialJunk1TextField
+                    headerText: qsTr("I1 - First special junk packet")
+                    textField.text: clientSpecialJunk1
+                    textField.validator: null
+                    checkEmptyText: false
 
+                    textField.onEditingFinished: {
+                        if (textField.text !== clientSpecialJunk1) {
+                            clientSpecialJunk1 = textField.text
+                        }
+                    }
+                }
+
+                AwgTextField {
+                    id: specialJunk2TextField
+                    headerText: qsTr("I2 - Second special junk packet")
+                    textField.text: clientSpecialJunk2
+                    textField.validator: null
+                    checkEmptyText: false
+
+                    textField.onEditingFinished: {
+                        if (textField.text !== clientSpecialJunk2) {
+                            clientSpecialJunk2 = textField.text
+                        }
+                    }
+                }
+
+                AwgTextField {
+                    id: specialJunk3TextField
+                    headerText: qsTr("I3 - Third special junk packet")
+                    textField.text: clientSpecialJunk3
+                    textField.validator: null
+                    checkEmptyText: false
+
+                    textField.onEditingFinished: {
+                        if (textField.text !== clientSpecialJunk3) {
+                            clientSpecialJunk3 = textField.text
+                        }
+                    }
+                }
+
+                AwgTextField {
+                    id: specialJunk4TextField
+                    headerText: qsTr("I4 - Fourth special junk packet")
+                    textField.text: clientSpecialJunk4
+                    textField.validator: null
+                    checkEmptyText: false
+
+                    textField.onEditingFinished: {
+                        if (textField.text !== clientSpecialJunk4) {
+                            clientSpecialJunk4 = textField.text
+                        }
+                    }
+                }
+
+                AwgTextField {
+                    id: specialJunk5TextField
+                    headerText: qsTr("I5 - Fifth special junk packet")
+                    textField.text: clientSpecialJunk5
+                    textField.validator: null
+                    checkEmptyText: false
+
+                    textField.onEditingFinished: {
+                        if (textField.text !== clientSpecialJunk5 ) {
+                            clientSpecialJunk5 = textField.text
+                        }
+                    }
+                }
+
+                AwgTextField {
+                    id: controlledJunk1TextField
+                    headerText: qsTr("J1 - First controlled junk packet")
+                    textField.text: clientControlledJunk1
+                    textField.validator: null
+                    checkEmptyText: false
+
+                    textField.onEditingFinished: {
+                        if (textField.text !== clientControlledJunk1) {
+                            clientControlledJunk1 = textField.text
+                        }
+                    }
+                }
+
+                AwgTextField {
+                    id: controlledJunk2TextField
+                    headerText: qsTr("J2 - Second controlled junk packet")
+                    textField.text: clientControlledJunk2
+                    textField.validator: null
+                    checkEmptyText: false
+
+                    textField.onEditingFinished: {
+                        if (textField.text !== clientControlledJunk2) {
+                            clientControlledJunk2 = textField.text
+                        }
+                    }
+                }
+
+                AwgTextField {
+                    id: controlledJunk3TextField
+                    headerText: qsTr("J3 - Third controlled junk packet")
+                    textField.text: clientControlledJunk3
+                    textField.validator: null
+                    checkEmptyText: false
+
+                    textField.onEditingFinished: {
+                        if (textField.text !== clientControlledJunk3) {
+                            clientControlledJunk3 = textField.text
+                        }
+                    }
+                }
+
+                AwgTextField {
+                    id: iTimeTextField
+                    headerText: qsTr("Itime - Special handshake timeout")
+                    textField.text: clientSpecialHandshakeTimeout
+                    checkEmptyText: false
+
+                    textField.onEditingFinished: {
+                        if (textField.text !== clientSpecialHandshakeTimeout) {
+                            clientSpecialHandshakeTimeout = textField.text
+                        }
+                    }
                 }
 
                 Header2TextType {
@@ -181,82 +287,78 @@ PageType {
                     text: qsTr("Server settings")
                 }
 
-                TextFieldWithHeaderType {
+                AwgTextField {
                     id: portTextField
-                    Layout.fillWidth: true
-                    Layout.topMargin: 8
-
                     enabled: false
 
                     headerText: qsTr("Port")
                     textField.text: port
                 }
 
-                TextFieldWithHeaderType {
+                AwgTextField {
                     id: initPacketJunkSizeTextField
-                    Layout.fillWidth: true
-                    Layout.topMargin: 16
-
                     enabled: false
 
                     headerText: "S1 - Init packet junk size"
                     textField.text: serverInitPacketJunkSize
                 }
 
-                TextFieldWithHeaderType {
+                AwgTextField {
                     id: responsePacketJunkSizeTextField
-                    Layout.fillWidth: true
-                    Layout.topMargin: 16
-
                     enabled: false
 
                     headerText: "S2 - Response packet junk size"
                     textField.text: serverResponsePacketJunkSize
                 }
 
-                TextFieldWithHeaderType {
-                    id: initPacketMagicHeaderTextField
-                    Layout.fillWidth: true
-                    Layout.topMargin: 16
+                // AwgTextField {
+                //     id: cookieReplyPacketJunkSizeTextField
+                //     enabled: false
 
+                //     headerText: "S3 - Cookie Reply packet junk size"
+                //     textField.text: serverCookieReplyPacketJunkSize
+                // }
+
+                // AwgTextField {
+                //     id: transportPacketJunkSizeTextField
+                //     enabled: false
+
+                //     headerText: "S4 - Transport packet junk size"
+                //     textField.text: serverTransportPacketJunkSize
+                // }
+
+                AwgTextField {
+                    id: initPacketMagicHeaderTextField
                     enabled: false
 
                     headerText: "H1 - Init packet magic header"
                     textField.text: serverInitPacketMagicHeader
                 }
 
-                TextFieldWithHeaderType {
+                AwgTextField {
                     id: responsePacketMagicHeaderTextField
-                    Layout.fillWidth: true
-                    Layout.topMargin: 16
-
                     enabled: false
 
                     headerText: "H2 - Response packet magic header"
                     textField.text: serverResponsePacketMagicHeader
                 }
 
-                TextFieldWithHeaderType {
+                AwgTextField {
                     id: underloadPacketMagicHeaderTextField
-                    Layout.fillWidth: true
-                    Layout.topMargin: 16
-
                     enabled: false
 
                     headerText: "H3 - Underload packet magic header"
                     textField.text: serverUnderloadPacketMagicHeader
                 }
 
-                TextFieldWithHeaderType {
+                AwgTextField {
                     id: transportPacketMagicHeaderTextField
-                    Layout.fillWidth: true
-                    Layout.topMargin: 16
-
                     enabled: false
 
                     headerText: "H4 - Transport packet magic header"
                     textField.text: serverTransportPacketMagicHeader
                 }
+
             }
         }
     }
diff --git a/client/ui/qml/Pages2/PageProtocolAwgSettings.qml b/client/ui/qml/Pages2/PageProtocolAwgSettings.qml
index e8fd2b94..699ae724 100644
--- a/client/ui/qml/Pages2/PageProtocolAwgSettings.qml
+++ b/client/ui/qml/Pages2/PageProtocolAwgSettings.qml
@@ -138,184 +138,139 @@ PageType {
                     checkEmptyText: true
                 }
 
-                TextFieldWithHeaderType {
+                AwgTextField {
                     id: junkPacketCountTextField
-                    Layout.fillWidth: true
-                    Layout.topMargin: 16
-
                     headerText: qsTr("Jc - Junk packet count")
                     textField.text: serverJunkPacketCount
-                    textField.validator: IntValidator { bottom: 0 }
 
                     textField.onEditingFinished: {
-                        if (textField.text === "") {
-                            textField.text = "0"
-                        }
-
                         if (textField.text !== serverJunkPacketCount) {
                             serverJunkPacketCount = textField.text
                         }
                     }
-
-                    checkEmptyText: true
                 }
 
-                TextFieldWithHeaderType {
+                AwgTextField {
                     id: junkPacketMinSizeTextField
-                    Layout.fillWidth: true
-                    Layout.topMargin: 16
-
                     headerText: qsTr("Jmin - Junk packet minimum size")
                     textField.text: serverJunkPacketMinSize
-                    textField.validator: IntValidator { bottom: 0 }
 
                     textField.onEditingFinished: {
                         if (textField.text !== serverJunkPacketMinSize) {
                             serverJunkPacketMinSize = textField.text
                         }
                     }
-
-                    checkEmptyText: true
                 }
 
-                TextFieldWithHeaderType {
+                AwgTextField {
                     id: junkPacketMaxSizeTextField
-                    Layout.fillWidth: true
-                    Layout.topMargin: 16
-
                     headerText: qsTr("Jmax - Junk packet maximum size")
                     textField.text: serverJunkPacketMaxSize
-                    textField.validator: IntValidator { bottom: 0 }
 
                     textField.onEditingFinished: {
                         if (textField.text !== serverJunkPacketMaxSize) {
                             serverJunkPacketMaxSize = textField.text
                         }
                     }
-
-                    checkEmptyText: true
                 }
 
-                TextFieldWithHeaderType {
+                AwgTextField {
                     id: initPacketJunkSizeTextField
-                    Layout.fillWidth: true
-                    Layout.topMargin: 16
-
                     headerText: qsTr("S1 - Init packet junk size")
                     textField.text: serverInitPacketJunkSize
-                    textField.validator: IntValidator { bottom: 0 }
 
                     textField.onEditingFinished: {
                         if (textField.text !== serverInitPacketJunkSize) {
                             serverInitPacketJunkSize = textField.text
                         }
                     }
-
-                    checkEmptyText: true
-
-                    onActiveFocusChanged: {
-                        if(activeFocus) {
-                            listview.positionViewAtEnd()
-                        }
-                    }
                 }
 
-                TextFieldWithHeaderType {
+                AwgTextField {
                     id: responsePacketJunkSizeTextField
-                    Layout.fillWidth: true
-                    Layout.topMargin: 16
-
                     headerText: qsTr("S2 - Response packet junk size")
                     textField.text: serverResponsePacketJunkSize
-                    textField.validator: IntValidator { bottom: 0 }
 
                     textField.onEditingFinished: {
                         if (textField.text !== serverResponsePacketJunkSize) {
                             serverResponsePacketJunkSize = textField.text
                         }
                     }
-
-                    checkEmptyText: true
-
-                    onActiveFocusChanged: {
-                        if(activeFocus) {
-                            listview.positionViewAtEnd()
-                        }
-                    }
                 }
 
-                TextFieldWithHeaderType {
-                    id: initPacketMagicHeaderTextField
-                    Layout.fillWidth: true
-                    Layout.topMargin: 16
+                // AwgTextField {
+                //     id: cookieReplyPacketJunkSizeTextField
+                //     headerText: qsTr("S3 - Cookie reply packet junk size")
+                //     textField.text: serverCookieReplyPacketJunkSize
 
+                //     textField.onEditingFinished: {
+                //         if (textField.text !== serverCookieReplyPacketJunkSize) {
+                //             serverCookieReplyPacketJunkSize = textField.text
+                //         }
+                //     }
+                // }
+
+                // AwgTextField {
+                //     id: transportPacketJunkSizeTextField
+                //     headerText: qsTr("S4 - Transport packet junk size")
+                //     textField.text: serverTransportPacketJunkSize
+
+                //     textField.onEditingFinished: {
+                //         if (textField.text !== serverTransportPacketJunkSize) {
+                //             serverTransportPacketJunkSize = textField.text
+                //         }
+                //     }
+                // }
+
+                AwgTextField {
+                    id: initPacketMagicHeaderTextField
                     headerText: qsTr("H1 - Init packet magic header")
                     textField.text: serverInitPacketMagicHeader
-                    textField.validator: IntValidator { bottom: 0 }
 
                     textField.onEditingFinished: {
                         if (textField.text !== serverInitPacketMagicHeader) {
                             serverInitPacketMagicHeader = textField.text
                         }
                     }
-
-                    checkEmptyText: true
                 }
 
-                TextFieldWithHeaderType {
+                AwgTextField {
                     id: responsePacketMagicHeaderTextField
-                    Layout.fillWidth: true
-                    Layout.topMargin: 16
-
                     headerText: qsTr("H2 - Response packet magic header")
                     textField.text: serverResponsePacketMagicHeader
-                    textField.validator: IntValidator { bottom: 0 }
 
                     textField.onEditingFinished: {
                         if (textField.text !== serverResponsePacketMagicHeader) {
                             serverResponsePacketMagicHeader = textField.text
                         }
                     }
-
-                    checkEmptyText: true
                 }
 
-                TextFieldWithHeaderType {
-                    id: transportPacketMagicHeaderTextField
-                    Layout.fillWidth: true
-                    Layout.topMargin: 16
-
-                    headerText: qsTr("H4 - Transport packet magic header")
-                    textField.text: serverTransportPacketMagicHeader
-                    textField.validator: IntValidator { bottom: 0 }
-
-                    textField.onEditingFinished: {
-                        if (textField.text !== serverTransportPacketMagicHeader) {
-                            serverTransportPacketMagicHeader = textField.text
-                        }
-                    }
-
-                    checkEmptyText: true
-                }
-
-                TextFieldWithHeaderType {
+                AwgTextField {
                     id: underloadPacketMagicHeaderTextField
-                    Layout.fillWidth: true
-                    Layout.topMargin: 16
-
                     headerText: qsTr("H3 - Underload packet magic header")
                     textField.text: serverUnderloadPacketMagicHeader
-                    textField.validator: IntValidator { bottom: 0 }
 
                     textField.onEditingFinished: {
                         if (textField.text !== serverUnderloadPacketMagicHeader) {
                             serverUnderloadPacketMagicHeader = textField.text
                         }
                     }
-
-                    checkEmptyText: true
                 }
 
+                AwgTextField {
+                    id: transportPacketMagicHeaderTextField
+                    headerText: qsTr("H4 - Transport packet magic header")
+                    textField.text: serverTransportPacketMagicHeader
+
+                    textField.onEditingFinished: {
+                        if (textField.text !== serverTransportPacketMagicHeader) {
+                            serverTransportPacketMagicHeader = textField.text
+                        }
+                    }
+                }
+
+
                 BasicButtonType {
                     id: saveRestartButton
 
@@ -328,6 +283,8 @@ PageType {
                              responsePacketMagicHeaderTextField.errorText === "" &&
                              initPacketMagicHeaderTextField.errorText === "" &&
                              responsePacketJunkSizeTextField.errorText === "" &&
+                             // cookieReplyHeaderJunkTextField.errorText === "" &&
+                             // transportHeaderJunkTextField.errorText === "" &&
                              initPacketJunkSizeTextField.errorText === "" &&
                              junkPacketMaxSizeTextField.errorText === "" &&
                              junkPacketMinSizeTextField.errorText === "" &&
@@ -360,6 +317,13 @@ PageType {
                                 PageController.showErrorMessage(qsTr("The value of the field S1 + message initiation size (148) must not equal S2 + message response size (92)"))
                                 return
                             }
+                            // if (AwgConfigModel.isPacketSizeEqual(parseInt(initPacketJunkSizeTextField.textField.text),
+                            //                                     parseInt(responsePacketJunkSizeTextField.textField.text),
+                            //                                     parseInt(cookieReplyPacketJunkSizeTextField.textField.text),
+                            //                                     parseInt(transportPacketJunkSizeTextField.textField.text))) {
+                            //     PageController.showErrorMessage(qsTr("The value of the field S1 + message initiation size (148) must not equal S2 + message response size (92) + S3 + cookie reply size (64) + S4 + transport packet size (32)"))
+                            //     return
+                            // }
                         }
 
                         var headerText = qsTr("Save settings?")

From 5445e6637b6f126db78c3666828e2f9ed0c5e964 Mon Sep 17 00:00:00 2001
From: Nethius <nethiuswork@gmail.com>
Date: Tue, 8 Jul 2025 14:25:03 +0800
Subject: [PATCH 51/53] chore: minor fixes (#1616)

* chore: removed unnecessary qdebug

* fix: return soft and hide strict killswitch
---
 .../ui/controllers/api/apiConfigsController.cpp   |  2 --
 client/ui/qml/Pages2/PageSettingsKillSwitch.qml   | 15 ++++++++-------
 2 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/client/ui/controllers/api/apiConfigsController.cpp b/client/ui/controllers/api/apiConfigsController.cpp
index 0b0a9b92..0f42beb7 100644
--- a/client/ui/controllers/api/apiConfigsController.cpp
+++ b/client/ui/controllers/api/apiConfigsController.cpp
@@ -221,8 +221,6 @@ namespace
 
         serverConfig[configKey::apiConfig] = apiConfig;
 
-        qDebug() << serverConfig;
-
         return ErrorCode::NoError;
     }
 }
diff --git a/client/ui/qml/Pages2/PageSettingsKillSwitch.qml b/client/ui/qml/Pages2/PageSettingsKillSwitch.qml
index ca1cd0d4..d6d73b20 100644
--- a/client/ui/qml/Pages2/PageSettingsKillSwitch.qml
+++ b/client/ui/qml/Pages2/PageSettingsKillSwitch.qml
@@ -62,8 +62,7 @@ PageType {
                 Layout.leftMargin: 16
                 Layout.rightMargin: 16
 
-                visible: false
-                // enabled: SettingsController.isKillSwitchEnabled && !ConnectionController.isConnected
+                enabled: SettingsController.isKillSwitchEnabled && !ConnectionController.isConnected
                 checked: !SettingsController.strictKillSwitchEnabled
 
                 text: qsTr("Soft KillSwitch")
@@ -74,9 +73,7 @@ PageType {
                 }
             }
 
-            DividerType {
-                visible: false
-            }
+            DividerType {}
 
             VerticalRadioButton {
                 id: strictKillSwitch
@@ -84,7 +81,9 @@ PageType {
                 Layout.leftMargin: 16
                 Layout.rightMargin: 16
 
-                enabled: SettingsController.isKillSwitchEnabled && !ConnectionController.isConnected
+                visible: false
+                enabled: false
+                // enabled: SettingsController.isKillSwitchEnabled && !ConnectionController.isConnected
                 checked: SettingsController.strictKillSwitchEnabled
 
                 text: qsTr("Strict KillSwitch")
@@ -106,7 +105,9 @@ PageType {
                 }
             }
 
-            DividerType {}
+            DividerType {
+                visible: false
+            }
             
             LabelWithButtonType {
                 Layout.topMargin: 32

From 10a107716cf3a566f77e99a56066140e61bdae0b Mon Sep 17 00:00:00 2001
From: Nethius <nethiuswork@gmail.com>
Date: Tue, 8 Jul 2025 15:06:52 +0800
Subject: [PATCH 52/53] fix: fixed awg 1.5 fields processing for ios (#1700)

---
 client/platforms/ios/WGConfig.swift | 76 ++++++++++++++++++++---------
 1 file changed, 53 insertions(+), 23 deletions(-)

diff --git a/client/platforms/ios/WGConfig.swift b/client/platforms/ios/WGConfig.swift
index 8f693387..537687f1 100644
--- a/client/platforms/ios/WGConfig.swift
+++ b/client/platforms/ios/WGConfig.swift
@@ -46,29 +46,59 @@ struct WGConfig: Decodable {
   }
 
   var settings: String {
-    junkPacketCount == nil ? "" :
-    """
-    Jc = \(junkPacketCount!)
-    Jmin = \(junkPacketMinSize!)
-    Jmax = \(junkPacketMaxSize!)
-    S1 = \(initPacketJunkSize!)
-    S2 = \(responsePacketJunkSize!)
-    S3 = \(cookieReplyPacketJunkSize!)
-    S4 = \(transportPacketJunkSize!)
-    H1 = \(initPacketMagicHeader!)
-    H2 = \(responsePacketMagicHeader!)
-    H3 = \(underloadPacketMagicHeader!)
-    H4 = \(transportPacketMagicHeader!)
-    I1 = \(specialJunk1!)
-    I2 = \(specialJunk2!)
-    I3 = \(specialJunk3!)
-    I4 = \(specialJunk4!)
-    I5 = \(specialJunk5!)
-    J1 = \(controlledJunk1!)
-    J2 = \(controlledJunk2!)
-    J3 = \(controlledJunk3!)
-    Itime = \(specialHandshakeTimeout!)
-    """
+    guard junkPacketCount != nil else { return "" }
+    
+    var settingsLines: [String] = []
+    
+    // Required parameters when junkPacketCount is present
+    settingsLines.append("Jc = \(junkPacketCount!)")
+    settingsLines.append("Jmin = \(junkPacketMinSize!)")
+    settingsLines.append("Jmax = \(junkPacketMaxSize!)")
+    settingsLines.append("S1 = \(initPacketJunkSize!)")
+    settingsLines.append("S2 = \(responsePacketJunkSize!)")
+    
+    settingsLines.append("H1 = \(initPacketMagicHeader!)")
+    settingsLines.append("H2 = \(responsePacketMagicHeader!)")
+    settingsLines.append("H3 = \(underloadPacketMagicHeader!)")
+    settingsLines.append("H4 = \(transportPacketMagicHeader!)")
+
+    // Optional parameters - only add if not nil and not empty
+    if let s3 = cookieReplyPacketJunkSize, !s3.isEmpty {
+      settingsLines.append("S3 = \(s3)")
+    }
+    if let s4 = transportPacketJunkSize, !s4.isEmpty {
+      settingsLines.append("S4 = \(s4)")
+    }
+    
+    if let i1 = specialJunk1, !i1.isEmpty {
+      settingsLines.append("I1 = \(i1)")
+    }
+    if let i2 = specialJunk2, !i2.isEmpty {
+      settingsLines.append("I2 = \(i2)")
+    }
+    if let i3 = specialJunk3, !i3.isEmpty {
+      settingsLines.append("I3 = \(i3)")
+    }
+    if let i4 = specialJunk4, !i4.isEmpty {
+      settingsLines.append("I4 = \(i4)")
+    }
+    if let i5 = specialJunk5, !i5.isEmpty {
+      settingsLines.append("I5 = \(i5)")
+    }
+    if let j1 = controlledJunk1, !j1.isEmpty {
+      settingsLines.append("J1 = \(j1)")
+    }
+    if let j2 = controlledJunk2, !j2.isEmpty {
+      settingsLines.append("J2 = \(j2)")
+    }
+    if let j3 = controlledJunk3, !j3.isEmpty {
+      settingsLines.append("J3 = \(j3)")
+    }
+    if let itime = specialHandshakeTimeout, !itime.isEmpty {
+      settingsLines.append("Itime = \(itime)")
+    }
+    
+    return settingsLines.joined(separator: "\n")
   }
 
   var str: String {