add handlers to enter push

`AsNeeded` for better usability

.github/workflows/deploy.yml

@@ -255,6 +255,7 @@ jobs:
     env:
       # Keep compat with MacOS 10.15 aka Catalina by Qt 6.4
       QT_VERSION: 6.4.3
+      QIF_VERSION: 4.6
       PROD_AGW_PUBLIC_KEY: ${{ secrets.PROD_AGW_PUBLIC_KEY }}
       PROD_S3_ENDPOINT: ${{ secrets.PROD_S3_ENDPOINT }}
       DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }}
@@ -282,6 +283,11 @@ jobs:
         set-env: 'true'
         extra: '--external 7z --base ${{ env.QT_MIRROR }}'
 
+    - name: 'Install Qt Installer Framework ${{ env.QIF_VERSION }}'
+      run: |
+        mkdir -pv ${{ runner.temp }}/Qt/Tools/QtInstallerFramework
+        wget https://qt.amzsvc.com/tools/ifw/${{ env.QIF_VERSION }}.zip
+        unzip ${{ env.QIF_VERSION }}.zip -d ${{ runner.temp }}/Qt/Tools/QtInstallerFramework/
 
     - name: 'Get sources'
       uses: actions/checkout@v4
@@ -295,13 +301,14 @@ jobs:
     - name: 'Build project'
       run: |
         export QT_BIN_DIR="${{ runner.temp }}/Qt/${{ env.QT_VERSION }}/macos/bin"
+        export QIF_BIN_DIR="${{ runner.temp }}/Qt/Tools/QtInstallerFramework/${{ env.QIF_VERSION }}/bin"
         bash deploy/build_macos.sh
 
     - name: 'Upload installer artifact'
       uses: actions/upload-artifact@v4
       with:
         name: AmneziaVPN_MacOS_old_installer
-        path: deploy/build/pkg/AmneziaVPN.pkg
+        path: AmneziaVPN.dmg
         retention-days: 7
 
     - name: 'Upload unpacked artifact'
@@ -318,6 +325,7 @@ jobs:
 
     env:
       QT_VERSION: 6.8.0
+      QIF_VERSION: 4.8.1
       PROD_AGW_PUBLIC_KEY: ${{ secrets.PROD_AGW_PUBLIC_KEY }}
       PROD_S3_ENDPOINT: ${{ secrets.PROD_S3_ENDPOINT }}
       DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }}
@@ -345,6 +353,11 @@ jobs:
         set-env: 'true'
         extra: '--external 7z --base ${{ env.QT_MIRROR }}'
 
+    - name: 'Install Qt Installer Framework ${{ env.QIF_VERSION }}'
+      run: |
+        mkdir -pv ${{ runner.temp }}/Qt/Tools/QtInstallerFramework
+        wget https://qt.amzsvc.com/tools/ifw/${{ env.QIF_VERSION }}.zip
+        unzip ${{ env.QIF_VERSION }}.zip -d ${{ runner.temp }}/Qt/Tools/QtInstallerFramework/
 
     - name: 'Get sources'
       uses: actions/checkout@v4
@@ -358,13 +371,14 @@ jobs:
     - name: 'Build project'
       run: |
         export QT_BIN_DIR="${{ runner.temp }}/Qt/${{ env.QT_VERSION }}/macos/bin"
+        export QIF_BIN_DIR="${{ runner.temp }}/Qt/Tools/QtInstallerFramework/${{ env.QIF_VERSION }}/bin"
         bash deploy/build_macos.sh
 
     - name: 'Upload installer artifact'
       uses: actions/upload-artifact@v4
       with:
         name: AmneziaVPN_MacOS_installer
-        path: deploy/build/pkg/AmneziaVPN.pkg
+        path: AmneziaVPN.dmg
         retention-days: 7
 
     - name: 'Upload unpacked artifact'

.gitmodules

@@ -7,7 +7,6 @@
 [submodule "client/3rd-prebuilt"]
 	path = client/3rd-prebuilt
 	url = https://github.com/amnezia-vpn/3rd-prebuilt
-	branch = feature/special-handshake
 [submodule "client/3rd/amneziawg-apple"]
 	path = client/3rd/amneziawg-apple
 	url = https://github.com/amnezia-vpn/amneziawg-apple

CMakeLists.txt

@@ -2,7 +2,7 @@ cmake_minimum_required(VERSION 3.25.0 FATAL_ERROR)
 
 set(PROJECT AmneziaVPN)
 
-project(${PROJECT} VERSION 4.8.8.1
+project(${PROJECT} VERSION 4.8.7.2
         DESCRIPTION "AmneziaVPN"
         HOMEPAGE_URL "https://amnezia.org/"
 )
@@ -11,7 +11,7 @@ string(TIMESTAMP CURRENT_DATE "%Y-%m-%d")
 set(RELEASE_DATE "${CURRENT_DATE}")
 
 set(APP_MAJOR_VERSION ${CMAKE_PROJECT_VERSION_MAJOR}.${CMAKE_PROJECT_VERSION_MINOR}.${CMAKE_PROJECT_VERSION_PATCH})
-set(APP_ANDROID_VERSION_CODE 2087)
+set(APP_ANDROID_VERSION_CODE 2086)
 
 if(${CMAKE_SYSTEM_NAME} STREQUAL "Linux")
     set(MZ_PLATFORM_NAME "linux")

client/3rd-prebuilt

@@ -1 +1 @@
-Subproject commit 840b7b070e6ac8b90dda2fac6e98859b23727c0c
+Subproject commit 0f3748efd7cc04e0c914304b68931f925bed1259

client/3rd/amneziawg-apple

@@ -1 +1 @@
-Subproject commit 811af0a83b3faeade89a9093a588595666d32066
+Subproject commit 76e7db556a6d7e2582f9481df91db188a46c009c

client/android/wireguard/src/main/kotlin/org/amnezia/vpn/protocol/wireguard/Wireguard.kt

@@ -120,21 +120,10 @@ open class Wireguard : Protocol() {
         configData.optStringOrNull("Jmax")?.let { setJmax(it.toInt()) }
         configData.optStringOrNull("S1")?.let { setS1(it.toInt()) }
         configData.optStringOrNull("S2")?.let { setS2(it.toInt()) }
-        configData.optStringOrNull("S3")?.let { setS3(it.toInt()) }
-        configData.optStringOrNull("S4")?.let { setS4(it.toInt()) }
         configData.optStringOrNull("H1")?.let { setH1(it.toLong()) }
         configData.optStringOrNull("H2")?.let { setH2(it.toLong()) }
         configData.optStringOrNull("H3")?.let { setH3(it.toLong()) }
         configData.optStringOrNull("H4")?.let { setH4(it.toLong()) }
-        configData.optStringOrNull("I1")?.let { setI1(it) }
-        configData.optStringOrNull("I2")?.let { setI2(it) }
-        configData.optStringOrNull("I3")?.let { setI3(it) }
-        configData.optStringOrNull("I4")?.let { setI4(it) }
-        configData.optStringOrNull("I5")?.let { setI5(it) }
-        configData.optStringOrNull("J1")?.let { setJ1(it) }
-        configData.optStringOrNull("J2")?.let { setJ2(it) }
-        configData.optStringOrNull("J3")?.let { setJ3(it) }
-        configData.optStringOrNull("Itime")?.let { setItime(it.toInt()) }
     }
 
     private fun start(config: WireguardConfig, vpnBuilder: Builder, protect: (Int) -> Boolean) {

client/android/wireguard/src/main/kotlin/org/amnezia/vpn/protocol/wireguard/WireguardConfig.kt

@@ -20,21 +20,10 @@ open class WireguardConfig protected constructor(
     val jmax: Int?,
     val s1: Int?,
     val s2: Int?,
-    val s3: Int?,
-    val s4: Int?,
     val h1: Long?,
     val h2: Long?,
     val h3: Long?,
-    val h4: Long?,
-    var i1: String?,
-    var i2: String?,
-    var i3: String?,
-    var i4: String?,
-    var i5: String?,
-    var j1: String?,
-    var j2: String?,
-    var j3: String?,
-    var itime: Int?
+    val h4: Long?
 ) : ProtocolConfig(protocolConfigBuilder) {
 
     protected constructor(builder: Builder) : this(
@@ -50,21 +39,10 @@ open class WireguardConfig protected constructor(
         builder.jmax,
         builder.s1,
         builder.s2,
-        builder.s3,
-        builder.s4,
         builder.h1,
         builder.h2,
         builder.h3,
-        builder.h4,
-        builder.i1,
-        builder.i2,
-        builder.i3,
-        builder.i4,
-        builder.i5,
-        builder.j1,
-        builder.j2,
-        builder.j3,
-        builder.itime
+        builder.h4
     )
 
     fun toWgUserspaceString(): String = with(StringBuilder()) {
@@ -83,21 +61,10 @@ open class WireguardConfig protected constructor(
             appendLine("jmax=$jmax")
             appendLine("s1=$s1")
             appendLine("s2=$s2")
-            s3?.let { appendLine("s3=$it") }
-            s4?.let { appendLine("s4=$it") }
             appendLine("h1=$h1")
             appendLine("h2=$h2")
             appendLine("h3=$h3")
             appendLine("h4=$h4")
-            i1?.let { appendLine("i1=$it") }
-            i2?.let { appendLine("i2=$it") }
-            i3?.let { appendLine("i3=$it") }
-            i4?.let { appendLine("i4=$it") }
-            i5?.let { appendLine("i5=$it") }
-            j1?.let { appendLine("j1=$it") }
-            j2?.let { appendLine("j2=$it") }
-            j3?.let { appendLine("j3=$it") }
-            itime?.let { appendLine("itime=$it") }
         }
     }
 
@@ -150,21 +117,10 @@ open class WireguardConfig protected constructor(
         internal var jmax: Int? = null
         internal var s1: Int? = null
         internal var s2: Int? = null
-        internal var s3: Int? = null
-        internal var s4: Int? = null
         internal var h1: Long? = null
         internal var h2: Long? = null
         internal var h3: Long? = null
         internal var h4: Long? = null
-        internal var i1: String? = null
-        internal var i2: String? = null
-        internal var i3: String? = null
-        internal var i4: String? = null
-        internal var i5: String? = null
-        internal var j1: String? = null
-        internal var j2: String? = null
-        internal var j3: String? = null
-        internal var itime: Int? = null
 
         fun setEndpoint(endpoint: InetEndpoint) = apply { this.endpoint = endpoint }
 
@@ -183,21 +139,10 @@ open class WireguardConfig protected constructor(
         fun setJmax(jmax: Int) = apply { this.jmax = jmax }
         fun setS1(s1: Int) = apply { this.s1 = s1 }
         fun setS2(s2: Int) = apply { this.s2 = s2 }
-        fun setS3(s3: Int) = apply { this.s3 = s3 }
-        fun setS4(s4: Int) = apply { this.s4 = s4 }
         fun setH1(h1: Long) = apply { this.h1 = h1 }
         fun setH2(h2: Long) = apply { this.h2 = h2 }
         fun setH3(h3: Long) = apply { this.h3 = h3 }
         fun setH4(h4: Long) = apply { this.h4 = h4 }
-        fun setI1(i1: String) = apply { this.i1 = i1 }
-        fun setI2(i2: String) = apply { this.i2 = i2 }
-        fun setI3(i3: String) = apply { this.i3 = i3 }
-        fun setI4(i4: String) = apply { this.i4 = i4 }
-        fun setI5(i5: String) = apply { this.i5 = i5 }
-        fun setJ1(j1: String) = apply { this.j1 = j1 }
-        fun setJ2(j2: String) = apply { this.j2 = j2 }
-        fun setJ3(j3: String) = apply { this.j3 = j3 }
-        fun setItime(itime: Int) = apply { this.itime = itime }
 
         override fun build(): WireguardConfig = configBuild().run { WireguardConfig(this@Builder) }
     }

client/configurators/awg_configurator.cpp

@@ -1,5 +1,4 @@
 #include "awg_configurator.h"
-#include "protocols/protocols_defs.h"
 
 #include <QJsonDocument>
 #include <QJsonObject>
@@ -40,20 +39,6 @@ QString AwgConfigurator::createConfig(const ServerCredentials &credentials, Dock
     jsonConfig[config_key::responsePacketMagicHeader] = configMap.value(config_key::responsePacketMagicHeader);
     jsonConfig[config_key::underloadPacketMagicHeader] = configMap.value(config_key::underloadPacketMagicHeader);
     jsonConfig[config_key::transportPacketMagicHeader] = configMap.value(config_key::transportPacketMagicHeader);
-
-    // jsonConfig[config_key::cookieReplyPacketJunkSize] = configMap.value(config_key::cookieReplyPacketJunkSize);
-    // jsonConfig[config_key::transportPacketJunkSize] = configMap.value(config_key::transportPacketJunkSize);
-
-    // jsonConfig[config_key::specialJunk1] = configMap.value(amnezia::config_key::specialJunk1);
-    // jsonConfig[config_key::specialJunk2] = configMap.value(amnezia::config_key::specialJunk2);
-    // jsonConfig[config_key::specialJunk3] = configMap.value(amnezia::config_key::specialJunk3);
-    // jsonConfig[config_key::specialJunk4] = configMap.value(amnezia::config_key::specialJunk4);
-    // jsonConfig[config_key::specialJunk5] = configMap.value(amnezia::config_key::specialJunk5);
-    // jsonConfig[config_key::controlledJunk1] = configMap.value(amnezia::config_key::controlledJunk1);
-    // jsonConfig[config_key::controlledJunk2] = configMap.value(amnezia::config_key::controlledJunk2);
-    // jsonConfig[config_key::controlledJunk3] = configMap.value(amnezia::config_key::controlledJunk3);
-    // jsonConfig[config_key::specialHandshakeTimeout] = configMap.value(amnezia::config_key::specialHandshakeTimeout);
-
     jsonConfig[config_key::mtu] =
             containerConfig.value(ProtocolProps::protoToString(Proto::Awg)).toObject().value(config_key::mtu).toString(protocols::awg::defaultMtu);
 

client/configurators/openvpn_configurator.cpp

@@ -118,12 +118,6 @@ QString OpenVpnConfigurator::processConfigWithLocalSettings(const QPair<QString,
         QRegularExpression regex("redirect-gateway.*");
         config.replace(regex, "");
         
-        // We don't use secondary DNS if primary DNS is AmneziaDNS
-        if (dns.first.contains(protocols::dns::amneziaDnsIp)) {
-            QRegularExpression dnsRegex("dhcp-option DNS " + dns.second);
-            config.replace(dnsRegex, "");
-        }
-
         if (!m_settings->isSitesSplitTunnelingEnabled()) {
             config.append("\nredirect-gateway def1 ipv6 bypass-dhcp\n");
             config.append("block-ipv6\n");
@@ -167,12 +161,6 @@ QString OpenVpnConfigurator::processConfigWithExportSettings(const QPair<QString
     QRegularExpression regex("redirect-gateway.*");
     config.replace(regex, "");
 
-    // We don't use secondary DNS if primary DNS is AmneziaDNS
-    if (dns.first.contains(protocols::dns::amneziaDnsIp)) {
-        QRegularExpression dnsRegex("dhcp-option DNS " + dns.second);
-        config.replace(dnsRegex, "");
-    }
-
     config.append("\nredirect-gateway def1 ipv6 bypass-dhcp\n");
 
     // Prevent ipv6 leak

client/core/api/apiDefs.h

@@ -32,7 +32,6 @@ namespace apiDefs
         constexpr QLatin1String stackType("stack_type");
         constexpr QLatin1String serviceType("service_type");
         constexpr QLatin1String cliVersion("cli_version");
-        constexpr QLatin1String supportedProtocols("supported_protocols");
 
         constexpr QLatin1String vpnKey("vpn_key");
         constexpr QLatin1String config("config");

client/core/controllers/serverController.cpp

@@ -349,7 +349,7 @@ bool ServerController::isReinstallContainerRequired(DockerContainer container, c
         if ((oldProtoConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress)
              != newProtoConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress))
             || (oldProtoConfig.value(config_key::port).toString(protocols::awg::defaultPort)
-                != newProtoConfig.value(config_key::port).toString(protocols::awg::defaultPort))
+             != newProtoConfig.value(config_key::port).toString(protocols::awg::defaultPort))
             || (oldProtoConfig.value(config_key::junkPacketCount).toString(protocols::awg::defaultJunkPacketCount)
                 != newProtoConfig.value(config_key::junkPacketCount).toString(protocols::awg::defaultJunkPacketCount))
             || (oldProtoConfig.value(config_key::junkPacketMinSize).toString(protocols::awg::defaultJunkPacketMinSize)
@@ -366,13 +366,8 @@ bool ServerController::isReinstallContainerRequired(DockerContainer container, c
                 != newProtoConfig.value(config_key::responsePacketMagicHeader).toString(protocols::awg::defaultResponsePacketMagicHeader))
             || (oldProtoConfig.value(config_key::underloadPacketMagicHeader).toString(protocols::awg::defaultUnderloadPacketMagicHeader)
                 != newProtoConfig.value(config_key::underloadPacketMagicHeader).toString(protocols::awg::defaultUnderloadPacketMagicHeader))
-            || (oldProtoConfig.value(config_key::transportPacketMagicHeader).toString(protocols::awg::defaultTransportPacketMagicHeader))
-                    != newProtoConfig.value(config_key::transportPacketMagicHeader).toString(protocols::awg::defaultTransportPacketMagicHeader))
-            // || (oldProtoConfig.value(config_key::cookieReplyPacketJunkSize).toString(protocols::awg::defaultCookieReplyPacketJunkSize)
-            //     != newProtoConfig.value(config_key::cookieReplyPacketJunkSize).toString(protocols::awg::defaultCookieReplyPacketJunkSize))
-            // || (oldProtoConfig.value(config_key::transportPacketJunkSize).toString(protocols::awg::defaultTransportPacketJunkSize)
-            //     != newProtoConfig.value(config_key::transportPacketJunkSize).toString(protocols::awg::defaultTransportPacketJunkSize))
-
+            || (oldProtoConfig.value(config_key::transportPacketMagicHeader).toString(protocols::awg::defaultTransportPacketMagicHeader)
+                != newProtoConfig.value(config_key::transportPacketMagicHeader).toString(protocols::awg::defaultTransportPacketMagicHeader)))
             return true;
     }
 
@@ -380,7 +375,7 @@ bool ServerController::isReinstallContainerRequired(DockerContainer container, c
         if ((oldProtoConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress)
              != newProtoConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress))
             || (oldProtoConfig.value(config_key::port).toString(protocols::wireguard::defaultPort)
-                != newProtoConfig.value(config_key::port).toString(protocols::wireguard::defaultPort)))
+            != newProtoConfig.value(config_key::port).toString(protocols::wireguard::defaultPort)))
             return true;
     }
 
@@ -460,13 +455,11 @@ ErrorCode ServerController::buildContainerWorker(const ServerCredentials &creden
             runScript(credentials,
                       replaceVars(amnezia::scriptData(SharedScriptType::build_container), genVarsForScript(credentials, container, config)),
                       cbReadStdOut, cbReadStdErr);
-
+    
     if (stdOut.contains("doesn't work on cgroups v2"))
         return ErrorCode::ServerDockerOnCgroupsV2;
     if (stdOut.contains("cgroup mountpoint does not exist"))
         return ErrorCode::ServerCgroupMountpoint;
-    if (stdOut.contains("have reached") && stdOut.contains("pull rate limit"))
-        return ErrorCode::DockerPullRateLimit;
 
     return error;
 }
@@ -646,9 +639,6 @@ ServerController::Vars ServerController::genVarsForScript(const ServerCredential
     vars.append({ { "$UNDERLOAD_PACKET_MAGIC_HEADER", amneziaWireguarConfig.value(config_key::underloadPacketMagicHeader).toString() } });
     vars.append({ { "$TRANSPORT_PACKET_MAGIC_HEADER", amneziaWireguarConfig.value(config_key::transportPacketMagicHeader).toString() } });
 
-    vars.append({ { "$COOKIE_REPLY_PACKET_JUNK_SIZE", amneziaWireguarConfig.value(config_key::cookieReplyPacketJunkSize).toString() } });
-    vars.append({ { "$TRANSPORT_PACKET_JUNK_SIZE", amneziaWireguarConfig.value(config_key::transportPacketJunkSize).toString() } });
-
     // Socks5 proxy vars
     vars.append({ { "$SOCKS5_PROXY_PORT", socks5ProxyConfig.value(config_key::port).toString(protocols::socks5Proxy::defaultPort) } });
     auto username = socks5ProxyConfig.value(config_key::userName).toString();
@@ -835,7 +825,7 @@ ErrorCode ServerController::isServerDpkgBusy(const ServerCredentials &credential
 
             if (stdOut.contains("Packet manager not found"))
                 return ErrorCode::ServerPacketManagerError;
-            if (stdOut.contains("fuser not installed") || stdOut.contains("cat not installed"))
+            if (stdOut.contains("fuser not installed"))
                 return ErrorCode::NoError;
 
             if (stdOut.isEmpty()) {

client/core/defs.h

@@ -60,7 +60,6 @@ namespace amnezia
         ServerUserPasswordRequired = 210,
         ServerDockerOnCgroupsV2 = 211,
         ServerCgroupMountpoint = 212,
-        DockerPullRateLimit = 213,
 
         // Ssh connection errors
         SshRequestDeniedError = 300,

client/core/errorstrings.cpp

@@ -28,7 +28,6 @@ QString errorString(ErrorCode code) {
     case(ErrorCode::ServerUserPasswordRequired): errorMessage = QObject::tr("The user's password is required"); break;
     case(ErrorCode::ServerDockerOnCgroupsV2): errorMessage = QObject::tr("Docker error: runc doesn't work on cgroups v2"); break;
     case(ErrorCode::ServerCgroupMountpoint): errorMessage = QObject::tr("Server error: cgroup mountpoint does not exist"); break;
-    case(ErrorCode::DockerPullRateLimit): errorMessage = QObject::tr("Docker error: The pull rate limit has been reached"); break;
 
     // Libssh errors
     case(ErrorCode::SshRequestDeniedError): errorMessage = QObject::tr("SSH request was denied"); break;

client/daemon/daemon.cpp

@@ -169,14 +169,11 @@ bool Daemon::maybeUpdateResolvers(const InterfaceConfig& config) {
   if ((config.m_hopType == InterfaceConfig::MultiHopExit) ||
       (config.m_hopType == InterfaceConfig::SingleHop)) {
     QList<QHostAddress> resolvers;
-    resolvers.append(QHostAddress(config.m_primaryDnsServer));
-    if (!config.m_secondaryDnsServer.isEmpty()) {
-        resolvers.append(QHostAddress(config.m_secondaryDnsServer));
-    }
+    resolvers.append(QHostAddress(config.m_dnsServer));
 
     // If the DNS is not the Gateway, it's a user defined DNS
     // thus, not add any other :)
-    if (config.m_primaryDnsServer == config.m_serverIpv4Gateway) {
+    if (config.m_dnsServer == config.m_serverIpv4Gateway) {
       resolvers.append(QHostAddress(config.m_serverIpv6Gateway));
     }
 
@@ -282,26 +279,15 @@ bool Daemon::parseConfig(const QJsonObject& obj, InterfaceConfig& config) {
   config.m_serverIpv4Gateway = obj.value("serverIpv4Gateway").toString();
   config.m_serverIpv6Gateway = obj.value("serverIpv6Gateway").toString();
 
-  if (!obj.contains("primaryDnsServer")) {
-    config.m_primaryDnsServer = QString();
+  if (!obj.contains("dnsServer")) {
+    config.m_dnsServer = QString();
   } else {
-    QJsonValue value = obj.value("primaryDnsServer");
+    QJsonValue value = obj.value("dnsServer");
     if (!value.isString()) {
       logger.error() << "dnsServer is not a string";
       return false;
     }
-    config.m_primaryDnsServer = value.toString();
-  }
-
-  if (!obj.contains("secondaryDnsServer")) {
-    config.m_secondaryDnsServer = QString();
-  } else {
-    QJsonValue value = obj.value("secondaryDnsServer");
-    if (!value.isString()) {
-      logger.error() << "dnsServer is not a string";
-      return false;
-    }
-    config.m_secondaryDnsServer = value.toString();
+    config.m_dnsServer = value.toString();
   }
 
   if (!obj.contains("hopType")) {
@@ -405,13 +391,6 @@ bool Daemon::parseConfig(const QJsonObject& obj, InterfaceConfig& config) {
   if (!obj.value("S2").isNull()) {
     config.m_responsePacketJunkSize = obj.value("S2").toString();
   }
-  if (!obj.value("S3").isNull()) {
-    config.m_cookieReplyPacketJunkSize = obj.value("S3").toString();
-  }
-  if (!obj.value("S4").isNull()) {
-    config.m_transportPacketJunkSize = obj.value("S4").toString();
-  }
-
   if (!obj.value("H1").isNull()) {
     config.m_initPacketMagicHeader = obj.value("H1").toString();
   }
@@ -425,34 +404,6 @@ bool Daemon::parseConfig(const QJsonObject& obj, InterfaceConfig& config) {
     config.m_transportPacketMagicHeader = obj.value("H4").toString();
   }
 
-  if (!obj.value("I1").isNull()) {
-    config.m_specialJunk["I1"] = obj.value("I1").toString();
-  }
-  if (!obj.value("I2").isNull()) {
-    config.m_specialJunk["I2"] = obj.value("I2").toString();
-  }
-  if (!obj.value("I3").isNull()) {
-    config.m_specialJunk["I3"] = obj.value("I3").toString();
-  }
-  if (!obj.value("I4").isNull()) {
-    config.m_specialJunk["I4"] = obj.value("I4").toString();
-  }
-  if (!obj.value("I5").isNull()) {
-    config.m_specialJunk["I5"] = obj.value("I5").toString();
-  }
-  if (!obj.value("J1").isNull()) {
-    config.m_controlledJunk["J1"] = obj.value("J1").toString();
-  }
-  if (!obj.value("J2").isNull()) {
-    config.m_controlledJunk["J2"] = obj.value("J2").toString();
-  }
-  if (!obj.value("J3").isNull()) {
-    config.m_controlledJunk["J3"] = obj.value("J3").toString();
-  }
-  if (!obj.value("Itime").isNull()) {
-    config.m_specialHandshakeTimeout = obj.value("Itime").toString();
-  }
-
   return true;
 }
 
@@ -495,7 +446,7 @@ bool Daemon::deactivate(bool emitSignals) {
 
   m_connections.clear();
   // Delete the interface
-  return wgutils()->deleteInterface();
+  return wgutils()->deleteInterface();  
 }
 
 QString Daemon::logs() {

client/daemon/interfaceconfig.cpp

@@ -28,8 +28,7 @@ QJsonObject InterfaceConfig::toJson() const {
       (m_hopType == InterfaceConfig::SingleHop)) {
     json.insert("serverIpv4Gateway", QJsonValue(m_serverIpv4Gateway));
     json.insert("serverIpv6Gateway", QJsonValue(m_serverIpv6Gateway));
-    json.insert("primaryDnsServer", QJsonValue(m_primaryDnsServer));
-    json.insert("secondaryDnsServer", QJsonValue(m_secondaryDnsServer));
+    json.insert("dnsServer", QJsonValue(m_dnsServer));
   }
 
   QJsonArray allowedIPAddesses;
@@ -101,15 +100,11 @@ QString InterfaceConfig::toWgConf(const QMap<QString, QString>& extra) const {
     out << "MTU = " << m_deviceMTU << "\n";
   }
 
-  if (!m_primaryDnsServer.isNull()) {
-    QStringList dnsServers;
-    dnsServers.append(m_primaryDnsServer);
-    if (!m_secondaryDnsServer.isNull()) {
-        dnsServers.append(m_secondaryDnsServer);
-    }
+  if (!m_dnsServer.isNull()) {
+    QStringList dnsServers(m_dnsServer);
     // If the DNS is not the Gateway, it's a user defined DNS
     // thus, not add any other :)
-    if (m_primaryDnsServer == m_serverIpv4Gateway) {
+    if (m_dnsServer == m_serverIpv4Gateway) {
       dnsServers.append(m_serverIpv6Gateway);
     }
     out << "DNS = " << dnsServers.join(", ") << "\n";
@@ -130,12 +125,6 @@ QString InterfaceConfig::toWgConf(const QMap<QString, QString>& extra) const {
   if (!m_responsePacketJunkSize.isNull()) {
     out << "S2 = " << m_responsePacketJunkSize << "\n";
   }
-  if (!m_cookieReplyPacketJunkSize.isNull()) {
-    out << "S3 = " << m_cookieReplyPacketJunkSize << "\n";
-  }
-  if (!m_transportPacketJunkSize.isNull()) {
-    out << "S4 = " << m_transportPacketJunkSize << "\n";
-  }
   if (!m_initPacketMagicHeader.isNull()) {
     out << "H1 = " << m_initPacketMagicHeader << "\n";
   }
@@ -149,16 +138,6 @@ QString InterfaceConfig::toWgConf(const QMap<QString, QString>& extra) const {
     out << "H4 = " << m_transportPacketMagicHeader << "\n";
   }
 
-  for (const QString& key : m_specialJunk.keys()) {
-    out << key << " = " << m_specialJunk[key] << "\n";
-  }
-  for (const QString& key : m_controlledJunk.keys()) {
-    out << key << " = " << m_controlledJunk[key] << "\n";
-  }
-  if (!m_specialHandshakeTimeout.isNull()) {
-    out << "Itime = " << m_specialHandshakeTimeout << "\n";
-  }
-
   // If any extra config was provided, append it now.
   for (const QString& key : extra.keys()) {
     out << key << " = " << extra[key] << "\n";

client/daemon/interfaceconfig.h

@@ -32,8 +32,7 @@ class InterfaceConfig {
   QString m_serverIpv4AddrIn;
   QString m_serverPskKey;
   QString m_serverIpv6AddrIn;
-  QString m_primaryDnsServer;
-  QString m_secondaryDnsServer;
+  QString m_dnsServer;
   int m_serverPort = 0;
   int m_deviceMTU = 1420;
   QList<IPAddress> m_allowedIPAddressRanges;
@@ -50,15 +49,10 @@ class InterfaceConfig {
   QString m_junkPacketMaxSize;
   QString m_initPacketJunkSize;
   QString m_responsePacketJunkSize;
-  QString m_cookieReplyPacketJunkSize;
-  QString m_transportPacketJunkSize;
   QString m_initPacketMagicHeader;
   QString m_responsePacketMagicHeader;
   QString m_underloadPacketMagicHeader;
   QString m_transportPacketMagicHeader;
-  QMap<QString, QString> m_specialJunk;
-  QMap<QString, QString> m_controlledJunk;
-  QString m_specialHandshakeTimeout;
 
   QJsonObject toJson() const;
   QString toWgConf(

client/mozilla/localsocketcontroller.cpp

@@ -38,7 +38,7 @@ LocalSocketController::LocalSocketController() {
   m_socket = new QLocalSocket(this);
   connect(m_socket, &QLocalSocket::connected, this,
           &LocalSocketController::daemonConnected);
-  connect(m_socket, &QLocalSocket::disconnected, this,
+  connect(m_socket, &QLocalSocket::disconnected, this, 
           [&] { errorOccurred(QLocalSocket::PeerClosedError); });
   connect(m_socket, &QLocalSocket::errorOccurred, this,
           &LocalSocketController::errorOccurred);
@@ -135,7 +135,7 @@ void LocalSocketController::activate(const QJsonObject &rawConfig) {
 
   // set up IPv6 unique-local-address, ULA, with "fd00::/8" prefix, not globally routable.
   // this will be default IPv6 gateway, OS recognizes that IPv6 link is local and switches to IPv4.
-  // Otherwise some OSes (Linux) try IPv6 forever and hang.
+  // Otherwise some OSes (Linux) try IPv6 forever and hang. 
   // https://en.wikipedia.org/wiki/Unique_local_address (RFC 4193)
   // https://man7.org/linux/man-pages/man5/gai.conf.5.html
   json.insert("deviceIpv6Address", "fd58:baa6:dead::1"); // simply "dead::1" is globally-routable, don't use it
@@ -149,14 +149,7 @@ void LocalSocketController::activate(const QJsonObject &rawConfig) {
   json.insert("serverPort", wgConfig.value(amnezia::config_key::port).toInt());
   json.insert("serverIpv4Gateway", wgConfig.value(amnezia::config_key::hostName));
   //  json.insert("serverIpv6Gateway", QJsonValue(hop.m_server.ipv6Gateway()));
-
-  json.insert("primaryDnsServer", rawConfig.value(amnezia::config_key::dns1));
-
-  // We don't use secondary DNS if primary DNS is AmneziaDNS
-  if (!rawConfig.value(amnezia::config_key::dns1).toString().
-    contains(amnezia::protocols::dns::amneziaDnsIp)) {
-    json.insert("secondaryDnsServer", rawConfig.value(amnezia::config_key::dns2));
-  }
+  json.insert("dnsServer", rawConfig.value(amnezia::config_key::dns1));
 
   QJsonArray jsAllowedIPAddesses;
 
@@ -244,61 +237,28 @@ void LocalSocketController::activate(const QJsonObject &rawConfig) {
     json.insert(amnezia::config_key::junkPacketMaxSize, wgConfig.value(amnezia::config_key::junkPacketMaxSize));
     json.insert(amnezia::config_key::initPacketJunkSize, wgConfig.value(amnezia::config_key::initPacketJunkSize));
     json.insert(amnezia::config_key::responsePacketJunkSize, wgConfig.value(amnezia::config_key::responsePacketJunkSize));
-    json.insert(amnezia::config_key::cookieReplyPacketJunkSize, wgConfig.value(amnezia::config_key::cookieReplyPacketJunkSize));
-    json.insert(amnezia::config_key::transportPacketJunkSize, wgConfig.value(amnezia::config_key::transportPacketJunkSize));
     json.insert(amnezia::config_key::initPacketMagicHeader, wgConfig.value(amnezia::config_key::initPacketMagicHeader));
     json.insert(amnezia::config_key::responsePacketMagicHeader, wgConfig.value(amnezia::config_key::responsePacketMagicHeader));
     json.insert(amnezia::config_key::underloadPacketMagicHeader, wgConfig.value(amnezia::config_key::underloadPacketMagicHeader));
     json.insert(amnezia::config_key::transportPacketMagicHeader, wgConfig.value(amnezia::config_key::transportPacketMagicHeader));
-    json.insert(amnezia::config_key::specialJunk1, wgConfig.value(amnezia::config_key::specialJunk1));
-    json.insert(amnezia::config_key::specialJunk2, wgConfig.value(amnezia::config_key::specialJunk2));
-    json.insert(amnezia::config_key::specialJunk3, wgConfig.value(amnezia::config_key::specialJunk3));
-    json.insert(amnezia::config_key::specialJunk4, wgConfig.value(amnezia::config_key::specialJunk4));
-    json.insert(amnezia::config_key::specialJunk5, wgConfig.value(amnezia::config_key::specialJunk5));
-    json.insert(amnezia::config_key::controlledJunk1, wgConfig.value(amnezia::config_key::controlledJunk1));
-    json.insert(amnezia::config_key::controlledJunk2, wgConfig.value(amnezia::config_key::controlledJunk2));
-    json.insert(amnezia::config_key::controlledJunk3, wgConfig.value(amnezia::config_key::controlledJunk3));
-    json.insert(amnezia::config_key::specialHandshakeTimeout, wgConfig.value(amnezia::config_key::specialHandshakeTimeout));
   } else if (!wgConfig.value(amnezia::config_key::junkPacketCount).isUndefined()
              && !wgConfig.value(amnezia::config_key::junkPacketMinSize).isUndefined()
              && !wgConfig.value(amnezia::config_key::junkPacketMaxSize).isUndefined()
              && !wgConfig.value(amnezia::config_key::initPacketJunkSize).isUndefined()
              && !wgConfig.value(amnezia::config_key::responsePacketJunkSize).isUndefined()
-             && !wgConfig.value(amnezia::config_key::cookieReplyPacketJunkSize).isUndefined()
-             && !wgConfig.value(amnezia::config_key::transportPacketJunkSize).isUndefined()
              && !wgConfig.value(amnezia::config_key::initPacketMagicHeader).isUndefined()
              && !wgConfig.value(amnezia::config_key::responsePacketMagicHeader).isUndefined()
              && !wgConfig.value(amnezia::config_key::underloadPacketMagicHeader).isUndefined()
-             && !wgConfig.value(amnezia::config_key::transportPacketMagicHeader).isUndefined()
-             && !wgConfig.value(amnezia::config_key::specialJunk1).isUndefined()
-             && !wgConfig.value(amnezia::config_key::specialJunk2).isUndefined()
-             && !wgConfig.value(amnezia::config_key::specialJunk3).isUndefined()
-             && !wgConfig.value(amnezia::config_key::specialJunk4).isUndefined()
-             && !wgConfig.value(amnezia::config_key::specialJunk5).isUndefined()
-             && !wgConfig.value(amnezia::config_key::controlledJunk1).isUndefined()
-             && !wgConfig.value(amnezia::config_key::controlledJunk2).isUndefined()
-             && !wgConfig.value(amnezia::config_key::controlledJunk3).isUndefined()
-             && !wgConfig.value(amnezia::config_key::specialHandshakeTimeout).isUndefined()) {
+             && !wgConfig.value(amnezia::config_key::transportPacketMagicHeader).isUndefined()) {
     json.insert(amnezia::config_key::junkPacketCount, wgConfig.value(amnezia::config_key::junkPacketCount));
     json.insert(amnezia::config_key::junkPacketMinSize, wgConfig.value(amnezia::config_key::junkPacketMinSize));
     json.insert(amnezia::config_key::junkPacketMaxSize, wgConfig.value(amnezia::config_key::junkPacketMaxSize));
     json.insert(amnezia::config_key::initPacketJunkSize, wgConfig.value(amnezia::config_key::initPacketJunkSize));
     json.insert(amnezia::config_key::responsePacketJunkSize, wgConfig.value(amnezia::config_key::responsePacketJunkSize));
-    json.insert(amnezia::config_key::cookieReplyPacketJunkSize, wgConfig.value(amnezia::config_key::cookieReplyPacketJunkSize));
-    json.insert(amnezia::config_key::transportPacketJunkSize, wgConfig.value(amnezia::config_key::transportPacketJunkSize));
     json.insert(amnezia::config_key::initPacketMagicHeader, wgConfig.value(amnezia::config_key::initPacketMagicHeader));
     json.insert(amnezia::config_key::responsePacketMagicHeader, wgConfig.value(amnezia::config_key::responsePacketMagicHeader));
     json.insert(amnezia::config_key::underloadPacketMagicHeader, wgConfig.value(amnezia::config_key::underloadPacketMagicHeader));
     json.insert(amnezia::config_key::transportPacketMagicHeader, wgConfig.value(amnezia::config_key::transportPacketMagicHeader));
-    json.insert(amnezia::config_key::specialJunk1, wgConfig.value(amnezia::config_key::specialJunk1));
-    json.insert(amnezia::config_key::specialJunk2, wgConfig.value(amnezia::config_key::specialJunk2));
-    json.insert(amnezia::config_key::specialJunk3, wgConfig.value(amnezia::config_key::specialJunk3));
-    json.insert(amnezia::config_key::specialJunk4, wgConfig.value(amnezia::config_key::specialJunk4));
-    json.insert(amnezia::config_key::specialJunk5, wgConfig.value(amnezia::config_key::specialJunk5));
-    json.insert(amnezia::config_key::controlledJunk1, wgConfig.value(amnezia::config_key::controlledJunk1));
-    json.insert(amnezia::config_key::controlledJunk2, wgConfig.value(amnezia::config_key::controlledJunk2));
-    json.insert(amnezia::config_key::controlledJunk3, wgConfig.value(amnezia::config_key::controlledJunk3));
-    json.insert(amnezia::config_key::specialHandshakeTimeout, wgConfig.value(amnezia::config_key::specialHandshakeTimeout));
   }
 
   write(json);

client/platforms/ios/WGConfig.swift

@@ -4,10 +4,7 @@ struct WGConfig: Decodable {
   let initPacketMagicHeader, responsePacketMagicHeader: String?
   let underloadPacketMagicHeader, transportPacketMagicHeader: String?
   let junkPacketCount, junkPacketMinSize, junkPacketMaxSize: String?
-  let initPacketJunkSize, responsePacketJunkSize, cookieReplyPacketJunkSize, transportPacketJunkSize: String?
-  let specialJunk1, specialJunk2, specialJunk3, specialJunk4, specialJunk5: String?
-  let controlledJunk1, controlledJunk2, controlledJunk3: String?
-  let specialHandshakeTimeout: String?
+  let initPacketJunkSize, responsePacketJunkSize: String?
   let dns1: String
   let dns2: String
   let mtu: String
@@ -26,10 +23,7 @@ struct WGConfig: Decodable {
     case initPacketMagicHeader = "H1", responsePacketMagicHeader = "H2"
     case underloadPacketMagicHeader = "H3", transportPacketMagicHeader = "H4"
     case junkPacketCount = "Jc", junkPacketMinSize = "Jmin", junkPacketMaxSize = "Jmax"
-    case initPacketJunkSize = "S1", responsePacketJunkSize = "S2", cookieReplyPacketJunkSize = "S3", transportPacketJunkSize = "S4"
-    case specialJunk1 = "I1", specialJunk2 = "I2", specialJunk3 = "I3", specialJunk4 = "I4", specialJunk5 = "I5"
-    case controlledJunk1 = "J1", controlledJunk2 = "J2", controlledJunk3 = "J3"
-    case specialHandshakeTimeout = "Itime"
+    case initPacketJunkSize = "S1", responsePacketJunkSize = "S2"
     case dns1
     case dns2
     case mtu
@@ -46,59 +40,19 @@ struct WGConfig: Decodable {
   }
 
   var settings: String {
-    guard junkPacketCount != nil else { return "" }
-    
-    var settingsLines: [String] = []
-    
-    // Required parameters when junkPacketCount is present
-    settingsLines.append("Jc = \(junkPacketCount!)")
-    settingsLines.append("Jmin = \(junkPacketMinSize!)")
-    settingsLines.append("Jmax = \(junkPacketMaxSize!)")
-    settingsLines.append("S1 = \(initPacketJunkSize!)")
-    settingsLines.append("S2 = \(responsePacketJunkSize!)")
-    
-    settingsLines.append("H1 = \(initPacketMagicHeader!)")
-    settingsLines.append("H2 = \(responsePacketMagicHeader!)")
-    settingsLines.append("H3 = \(underloadPacketMagicHeader!)")
-    settingsLines.append("H4 = \(transportPacketMagicHeader!)")
+    junkPacketCount == nil ? "" :
+    """
+    Jc = \(junkPacketCount!)
+    Jmin = \(junkPacketMinSize!)
+    Jmax = \(junkPacketMaxSize!)
+    S1 = \(initPacketJunkSize!)
+    S2 = \(responsePacketJunkSize!)
+    H1 = \(initPacketMagicHeader!)
+    H2 = \(responsePacketMagicHeader!)
+    H3 = \(underloadPacketMagicHeader!)
+    H4 = \(transportPacketMagicHeader!)
 
-    // Optional parameters - only add if not nil and not empty
-    if let s3 = cookieReplyPacketJunkSize, !s3.isEmpty {
-      settingsLines.append("S3 = \(s3)")
-    }
-    if let s4 = transportPacketJunkSize, !s4.isEmpty {
-      settingsLines.append("S4 = \(s4)")
-    }
-    
-    if let i1 = specialJunk1, !i1.isEmpty {
-      settingsLines.append("I1 = \(i1)")
-    }
-    if let i2 = specialJunk2, !i2.isEmpty {
-      settingsLines.append("I2 = \(i2)")
-    }
-    if let i3 = specialJunk3, !i3.isEmpty {
-      settingsLines.append("I3 = \(i3)")
-    }
-    if let i4 = specialJunk4, !i4.isEmpty {
-      settingsLines.append("I4 = \(i4)")
-    }
-    if let i5 = specialJunk5, !i5.isEmpty {
-      settingsLines.append("I5 = \(i5)")
-    }
-    if let j1 = controlledJunk1, !j1.isEmpty {
-      settingsLines.append("J1 = \(j1)")
-    }
-    if let j2 = controlledJunk2, !j2.isEmpty {
-      settingsLines.append("J2 = \(j2)")
-    }
-    if let j3 = controlledJunk3, !j3.isEmpty {
-      settingsLines.append("J3 = \(j3)")
-    }
-    if let itime = specialHandshakeTimeout, !itime.isEmpty {
-      settingsLines.append("Itime = \(itime)")
-    }
-    
-    return settingsLines.joined(separator: "\n")
+    """
   }
 
   var str: String {

client/platforms/ios/ios_controller.mm

@@ -507,8 +507,6 @@ bool IosController::setupWireGuard()
 
         wgConfig.insert(config_key::initPacketJunkSize, config[config_key::initPacketJunkSize]);
         wgConfig.insert(config_key::responsePacketJunkSize, config[config_key::responsePacketJunkSize]);
-        wgConfig.insert(config_key::cookieReplyPacketJunkSize, config[config_key::cookieReplyPacketJunkSize]);
-        wgConfig.insert(config_key::transportPacketJunkSize, config[config_key::transportPacketJunkSize]);
 
         wgConfig.insert(config_key::junkPacketCount, config[config_key::junkPacketCount]);
         wgConfig.insert(config_key::junkPacketMinSize, config[config_key::junkPacketMinSize]);
@@ -607,23 +605,11 @@ bool IosController::setupAwg()
 
     wgConfig.insert(config_key::initPacketJunkSize, config[config_key::initPacketJunkSize]);
     wgConfig.insert(config_key::responsePacketJunkSize, config[config_key::responsePacketJunkSize]);
-    wgConfig.insert(config_key::cookieReplyPacketJunkSize, config[config_key::cookieReplyPacketJunkSize]);
-    wgConfig.insert(config_key::transportPacketJunkSize, config[config_key::transportPacketJunkSize]);
 
     wgConfig.insert(config_key::junkPacketCount, config[config_key::junkPacketCount]);
     wgConfig.insert(config_key::junkPacketMinSize, config[config_key::junkPacketMinSize]);
     wgConfig.insert(config_key::junkPacketMaxSize, config[config_key::junkPacketMaxSize]);
 
-    wgConfig.insert(config_key::specialJunk1, config[config_key::specialJunk1]);
-    wgConfig.insert(config_key::specialJunk2, config[config_key::specialJunk2]);
-    wgConfig.insert(config_key::specialJunk3, config[config_key::specialJunk3]);
-    wgConfig.insert(config_key::specialJunk4, config[config_key::specialJunk4]);
-    wgConfig.insert(config_key::specialJunk5, config[config_key::specialJunk5]);
-    wgConfig.insert(config_key::controlledJunk1, config[config_key::controlledJunk1]);
-    wgConfig.insert(config_key::controlledJunk2, config[config_key::controlledJunk2]);
-    wgConfig.insert(config_key::controlledJunk3, config[config_key::controlledJunk3]);
-    wgConfig.insert(config_key::specialHandshakeTimeout, config[config_key::specialHandshakeTimeout]);
-
     QJsonDocument wgConfigDoc(wgConfig);
     QString wgConfigDocStr(wgConfigDoc.toJson(QJsonDocument::Compact));
 
@@ -808,9 +794,9 @@ bool IosController::shareText(const QStringList& filesToSend) {
     if (!qtController) return;
 
     UIActivityViewController *activityController = [[UIActivityViewController alloc] initWithActivityItems:sharingItems applicationActivities:nil];
-
+    
     __block bool isAccepted = false;
-
+    
     [activityController setCompletionWithItemsHandler:^(NSString *activityType, BOOL completed, NSArray *returnedItems, NSError *activityError) {
         isAccepted = completed;
         emit finished();
@@ -822,11 +808,11 @@ bool IosController::shareText(const QStringList& filesToSend) {
         popController.sourceView = qtController.view;
         popController.sourceRect = CGRectMake(100, 100, 100, 100);
     }
-
+    
     QEventLoop wait;
     QObject::connect(this, &IosController::finished, &wait, &QEventLoop::quit);
     wait.exec();
-
+    
     return isAccepted;
 }
 
@@ -840,7 +826,7 @@ QString IosController::openFile() {
     if (!qtController) return;
 
     [qtController presentViewController:documentPicker animated:YES completion:nil];
-
+    
     __block QString filePath;
 
     documentPickerDelegate.documentPickerClosedCallback = ^(NSString *path) {
@@ -855,7 +841,7 @@ QString IosController::openFile() {
     QEventLoop wait;
     QObject::connect(this, &IosController::finished, &wait, &QEventLoop::quit);
     wait.exec();
-
+    
     return filePath;
 }
 

client/platforms/linux/daemon/wireguardutilslinux.cpp

@@ -121,12 +121,6 @@ bool WireguardUtilsLinux::addInterface(const InterfaceConfig& config) {
     if (!config.m_responsePacketJunkSize.isEmpty()) {
         out << "s2=" << config.m_responsePacketJunkSize << "\n";
     }
-    if (!config.m_cookieReplyPacketJunkSize.isEmpty()) {
-        out << "s3=" << config.m_cookieReplyPacketJunkSize << "\n";
-    }
-    if (!config.m_transportPacketJunkSize.isEmpty()) {
-        out << "s4=" << config.m_transportPacketJunkSize << "\n";
-    }
     if (!config.m_initPacketMagicHeader.isEmpty()) {
         out << "h1=" << config.m_initPacketMagicHeader << "\n";
     }
@@ -140,26 +134,13 @@ bool WireguardUtilsLinux::addInterface(const InterfaceConfig& config) {
         out << "h4=" << config.m_transportPacketMagicHeader << "\n";
     }
 
-    for (const QString& key : config.m_specialJunk.keys()) {
-        out << key.toLower() << "=" << config.m_specialJunk.value(key) << "\n";
-    }
-    for (const QString& key : config.m_controlledJunk.keys()) {
-        out << key.toLower() << "=" << config.m_controlledJunk.value(key) << "\n";
-    }
-    if (!config.m_specialHandshakeTimeout.isEmpty()) {
-        out << "itime=" << config.m_specialHandshakeTimeout << "\n";
-    }
-
     int err = uapiErrno(uapiCommand(message));
     if (err != 0) {
         logger.error() << "Interface configuration failed:" << strerror(err);
     } else {
         if (config.m_killSwitchEnabled) {
             FirewallParams params { };
-            params.dnsServers.append(config.m_primaryDnsServer);
-            if (!config.m_secondaryDnsServer.isEmpty()) {
-                params.dnsServers.append(config.m_secondaryDnsServer);
-            }
+            params.dnsServers.append(config.m_dnsServer);
             if (config.m_allowedIPAddressRanges.contains(IPAddress("0.0.0.0/0"))) {
                 params.blockAll = true;
                 if (config.m_excludedAddresses.size()) {

client/platforms/macos/daemon/macosfirewall.cpp

@@ -43,16 +43,8 @@ namespace {
 
 #include "macosfirewall.h"
 
-#include <QDir>
-#include <QStandardPaths>
-
-// Read-only rules bundled with the application.
-#define ResourceDir (qApp->applicationDirPath() + "/pf")
-
-// Writable location that does NOT live inside the signed bundle.  Using a
-// constant path under /Library/Application Support keeps the signature intact
-// and is accessible to the root helper.
-#define DaemonDataDir QStringLiteral("/Library/Application Support/AmneziaVPN/pf")
+#define ResourceDir qApp->applicationDirPath() + "/pf"
+#define DaemonDataDir qApp->applicationDirPath() + "/pf"
 
 #include <QProcess>
 
@@ -129,8 +121,6 @@ void MacOSFirewall::install()
     logger.info() << "Installing PF root anchor";
 
     installRootAnchors();
-    // Ensure writable directory exists, then store the token there.
-    QDir().mkpath(DaemonDataDir);
     execute(QStringLiteral("pfctl -E 2>&1 | grep -F 'Token : ' | cut -c9- > '%1/pf.token'").arg(DaemonDataDir));
 }
 

client/platforms/macos/daemon/wireguardutilsmacos.cpp

@@ -119,12 +119,6 @@ bool WireguardUtilsMacos::addInterface(const InterfaceConfig& config) {
   if (!config.m_responsePacketJunkSize.isEmpty()) {
     out << "s2=" << config.m_responsePacketJunkSize << "\n";
   }
-  if (!config.m_cookieReplyPacketJunkSize.isEmpty()) {
-    out << "s3=" << config.m_cookieReplyPacketJunkSize << "\n";
-  }
-  if (!config.m_transportPacketJunkSize.isEmpty()) {
-    out << "s4=" << config.m_transportPacketJunkSize << "\n";
-  }
   if (!config.m_initPacketMagicHeader.isEmpty()) {
     out << "h1=" << config.m_initPacketMagicHeader << "\n";
   }
@@ -138,43 +132,30 @@ bool WireguardUtilsMacos::addInterface(const InterfaceConfig& config) {
     out << "h4=" << config.m_transportPacketMagicHeader << "\n";
   }
 
-  for (const QString& key : config.m_specialJunk.keys()) {
-      out << key.toLower() << "=" << config.m_specialJunk.value(key) << "\n";
-  }
-  for (const QString& key : config.m_controlledJunk.keys()) {
-      out << key.toLower() << "=" << config.m_controlledJunk.value(key) << "\n";
-  }
-  if (!config.m_specialHandshakeTimeout.isEmpty()) {
-      out << "itime=" << config.m_specialHandshakeTimeout << "\n";
-  }
-
   int err = uapiErrno(uapiCommand(message));
   if (err != 0) {
     logger.error() << "Interface configuration failed:" << strerror(err);
   } else {
-    if (config.m_killSwitchEnabled) {
-      FirewallParams params { };
-      params.dnsServers.append(config.m_primaryDnsServer);
-      if (!config.m_secondaryDnsServer.isEmpty()) {
-          params.dnsServers.append(config.m_secondaryDnsServer);
-      }
+      if (config.m_killSwitchEnabled) {
+        FirewallParams params { };
+        params.dnsServers.append(config.m_dnsServer);
 
-      if (config.m_allowedIPAddressRanges.contains(IPAddress("0.0.0.0/0"))) {
+        if (config.m_allowedIPAddressRanges.contains(IPAddress("0.0.0.0/0"))) {
           params.blockAll = true;
           if (config.m_excludedAddresses.size()) {
-              params.allowNets = true;
-              foreach (auto net, config.m_excludedAddresses) {
-                  params.allowAddrs.append(net.toUtf8());
-              }
+            params.allowNets = true;
+            foreach (auto net, config.m_excludedAddresses) {
+              params.allowAddrs.append(net.toUtf8());
+            }
           }
-      } else {
+        } else {
           params.blockNets = true;
           foreach (auto net, config.m_allowedIPAddressRanges) {
-              params.blockAddrs.append(net.toString());
+            params.blockAddrs.append(net.toString());
           }
+        }
+        applyFirewallRules(params);
       }
-      applyFirewallRules(params);
-    }
   }
   return (err == 0);
 }

client/platforms/windows/daemon/windowsfirewall.cpp

@@ -291,32 +291,15 @@ bool WindowsFirewall::enablePeerTraffic(const InterfaceConfig& config) {
                       "Block Internet", config.m_serverPublicKey)) {
     return false;
   }
-  if (!config.m_primaryDnsServer.isEmpty()) {
-    if (!allowTrafficTo(QHostAddress(config.m_primaryDnsServer), 53, HIGH_WEIGHT,
+  if (!config.m_dnsServer.isEmpty()) {
+    if (!allowTrafficTo(QHostAddress(config.m_dnsServer), 53, HIGH_WEIGHT,
                         "Allow DNS-Server", config.m_serverPublicKey)) {
       return false;
     }
     // In some cases, we might configure a 2nd DNS server for IPv6, however
     // this should probably be cleaned up by converting m_dnsServer into
     // a QStringList instead.
-    if (config.m_primaryDnsServer == config.m_serverIpv4Gateway) {
-      if (!allowTrafficTo(QHostAddress(config.m_serverIpv6Gateway), 53,
-                          HIGH_WEIGHT, "Allow extra IPv6 DNS-Server",
-                          config.m_serverPublicKey)) {
-        return false;
-      }
-    }
-  }
-
-  if (!config.m_secondaryDnsServer.isEmpty()) {
-    if (!allowTrafficTo(QHostAddress(config.m_secondaryDnsServer), 53, HIGH_WEIGHT,
-                        "Allow DNS-Server", config.m_serverPublicKey)) {
-      return false;
-    }
-    // In some cases, we might configure a 2nd DNS server for IPv6, however
-    // this should probably be cleaned up by converting m_dnsServer into
-    // a QStringList instead.
-    if (config.m_secondaryDnsServer == config.m_serverIpv4Gateway) {
+    if (config.m_dnsServer == config.m_serverIpv4Gateway) {
       if (!allowTrafficTo(QHostAddress(config.m_serverIpv6Gateway), 53,
                           HIGH_WEIGHT, "Allow extra IPv6 DNS-Server",
                           config.m_serverPublicKey)) {

client/platforms/windows/daemon/wireguardutilswindows.cpp

@@ -130,7 +130,6 @@ bool WireguardUtilsWindows::addInterface(const InterfaceConfig& config) {
     // Enable the windows firewall
     NET_IFINDEX ifindex;
     ConvertInterfaceLuidToIndex(&luid, &ifindex);
-    m_firewall->allowAllTraffic();
     m_firewall->enableInterface(ifindex);
   }
 

client/protocols/openvpnprotocol.cpp

@@ -343,7 +343,7 @@ void OpenVpnProtocol::updateVpnGateway(const QString &line)
                         // killSwitch toggle
                         if (m_vpnLocalAddress == netInterfaces.at(i).addressEntries().at(j).ip().toString()) {
                             if (QVariant(m_configData.value(config_key::killSwitchOption).toString()).toBool()) {
-                                IpcClient::Interface()->enableKillSwitch(m_configData, netInterfaces.at(i).index());
+                                IpcClient::Interface()->enableKillSwitch(QJsonObject(), netInterfaces.at(i).index());
                             }
                             m_configData.insert("vpnAdapterIndex", netInterfaces.at(i).index());
                             m_configData.insert("vpnGateway", m_vpnGateway);

client/protocols/protocols_defs.h

@@ -72,21 +72,10 @@ namespace amnezia
         constexpr char junkPacketMaxSize[] = "Jmax";
         constexpr char initPacketJunkSize[] = "S1";
         constexpr char responsePacketJunkSize[] = "S2";
-        constexpr char cookieReplyPacketJunkSize[] = "S3";
-        constexpr char transportPacketJunkSize[] = "S4";
         constexpr char initPacketMagicHeader[] = "H1";
         constexpr char responsePacketMagicHeader[] = "H2";
         constexpr char underloadPacketMagicHeader[] = "H3";
         constexpr char transportPacketMagicHeader[] = "H4";
-        constexpr char specialJunk1[] = "I1";
-        constexpr char specialJunk2[] = "I2";
-        constexpr char specialJunk3[] = "I3";
-        constexpr char specialJunk4[] = "I4";
-        constexpr char specialJunk5[] = "I5";
-        constexpr char controlledJunk1[] = "J1";
-        constexpr char controlledJunk2[] = "J2";
-        constexpr char controlledJunk3[] = "J3";
-        constexpr char specialHandshakeTimeout[] = "Itime";
 
         constexpr char openvpn[] = "openvpn";
         constexpr char wireguard[] = "wireguard";
@@ -114,8 +103,6 @@ namespace amnezia
 
         constexpr char clientId[] = "clientId";
 
-        constexpr char nameOverriddenByUser[] = "nameOverriddenByUser";
-
     }
 
     namespace protocols
@@ -227,22 +214,10 @@ namespace amnezia
             constexpr char defaultJunkPacketMaxSize[] = "30";
             constexpr char defaultInitPacketJunkSize[] = "15";
             constexpr char defaultResponsePacketJunkSize[] = "18";
-            constexpr char defaultCookieReplyPacketJunkSize[] = "20";
-            constexpr char defaultTransportPacketJunkSize[] = "23";
-
             constexpr char defaultInitPacketMagicHeader[] = "1020325451";
             constexpr char defaultResponsePacketMagicHeader[] = "3288052141";
             constexpr char defaultTransportPacketMagicHeader[] = "2528465083";
             constexpr char defaultUnderloadPacketMagicHeader[] = "1766607858";
-            constexpr char defaultSpecialJunk1[] = "";
-            constexpr char defaultSpecialJunk2[] = "";
-            constexpr char defaultSpecialJunk3[] = "";
-            constexpr char defaultSpecialJunk4[] = "";
-            constexpr char defaultSpecialJunk5[] = "";
-            constexpr char defaultControlledJunk1[] = "";
-            constexpr char defaultControlledJunk2[] = "";
-            constexpr char defaultControlledJunk3[] = "";
-            constexpr char defaultSpecialHandshakeTimeout[] = "";
         }
 
         namespace socks5Proxy

client/protocols/xrayprotocol.cpp

@@ -98,13 +98,8 @@ ErrorCode XrayProtocol::startTun2Sock()
         if (vpnState == Vpn::ConnectionState::Connected) {
             setConnectionState(Vpn::ConnectionState::Connecting);
             QList<QHostAddress> dnsAddr;
-
             dnsAddr.push_back(QHostAddress(m_configData.value(config_key::dns1).toString()));
-            // We don't use secondary DNS if primary DNS is AmneziaDNS
-            if (!m_configData.value(amnezia::config_key::dns1).toString().
-                 contains(amnezia::protocols::dns::amneziaDnsIp)) {
-                dnsAddr.push_back(QHostAddress(m_configData.value(config_key::dns2).toString()));
-            }
+            dnsAddr.push_back(QHostAddress(m_configData.value(config_key::dns2).toString()));
 #ifdef Q_OS_WIN
             QThread::msleep(8000);
 #endif
@@ -139,7 +134,7 @@ ErrorCode XrayProtocol::startTun2Sock()
                     // killSwitch toggle
                     if (m_vpnLocalAddress == netInterfaces.at(i).addressEntries().at(j).ip().toString()) {
                         if (QVariant(m_configData.value(config_key::killSwitchOption).toString()).toBool()) {
-                            IpcClient::Interface()->enableKillSwitch(m_configData, netInterfaces.at(i).index());
+                            IpcClient::Interface()->enableKillSwitch(QJsonObject(), netInterfaces.at(i).index());
                         }
                         m_configData.insert("vpnAdapterIndex", netInterfaces.at(i).index());
                         m_configData.insert("vpnGateway", m_vpnGateway);

client/resources.qrc

@@ -239,7 +239,6 @@
         <file>ui/qml/Components/ApiPremV1MigrationDrawer.qml</file>
         <file>ui/qml/Components/ApiPremV1SubListDrawer.qml</file>
         <file>ui/qml/Components/OtpCodeDrawer.qml</file>
-        <file>ui/qml/Components/AwgTextField.qml</file>
     </qresource>
     <qresource prefix="/countriesFlags">
         <file>images/flagKit/ZW.svg</file>

client/server_scripts/awg/Dockerfile

@@ -10,7 +10,7 @@ RUN mkdir -p /opt/amnezia
 RUN echo -e "#!/bin/bash\ntail -f /dev/null" > /opt/amnezia/start.sh
 RUN chmod a+x /opt/amnezia/start.sh
 
-# Tune network
+# Tune network  
 RUN echo -e " \n\
   fs.file-max = 51200 \n\
   \n\
@@ -40,8 +40,7 @@ RUN echo -e " \n\
   echo -e " \n\
   * soft nofile 51200 \n\
   * hard nofile 51200 \n\
-  " | sed -e 's/^\s\+//g' | tee -a /etc/security/limits.conf
+  " | sed -e 's/^\s\+//g' | tee -a /etc/security/limits.conf  
 
 ENTRYPOINT [ "dumb-init", "/opt/amnezia/start.sh" ]
 CMD [ "" ]
-

client/server_scripts/awg/configure_container.sh

@@ -23,5 +23,4 @@ H1 = $INIT_PACKET_MAGIC_HEADER
 H2 = $RESPONSE_PACKET_MAGIC_HEADER
 H3 = $UNDERLOAD_PACKET_MAGIC_HEADER
 H4 = $TRANSPORT_PACKET_MAGIC_HEADER
-
 EOF

client/server_scripts/check_server_is_busy.sh

@@ -1,7 +1,6 @@
-if which apt-get > /dev/null 2>&1; then LOCK_CMD="fuser"; LOCK_FILE="/var/lib/dpkg/lock-frontend";\
-elif which dnf > /dev/null 2>&1; then LOCK_CMD="fuser"; LOCK_FILE="/var/cache/dnf/* /var/run/dnf/* /var/lib/dnf/* /var/lib/rpm/*";\
-elif which yum > /dev/null 2>&1; then LOCK_CMD="cat"; LOCK_FILE="/var/run/yum.pid";\
-elif which zypper > /dev/null 2>&1; then LOCK_CMD="cat"; LOCK_FILE="/var/run/zypp.pid";\
-elif which pacman > /dev/null 2>&1; then LOCK_CMD="fuser"; LOCK_FILE="/var/lib/pacman/db.lck";\
+if which apt-get > /dev/null 2>&1; then LOCK_FILE="/var/lib/dpkg/lock-frontend";\
+elif which dnf > /dev/null 2>&1; then LOCK_FILE="/var/run/dnf.pid";\
+elif which yum > /dev/null 2>&1; then LOCK_FILE="/var/run/yum.pid";\
+elif which pacman > /dev/null 2>&1; then LOCK_FILE="/var/lib/pacman/db.lck";\
 else echo "Packet manager not found"; echo "Internal error"; exit 1; fi;\
-if command -v $LOCK_CMD > /dev/null 2>&1; then sudo $LOCK_CMD $LOCK_FILE 2>/dev/null; else echo "$LOCK_CMD not installed"; fi
+if command -v fuser > /dev/null 2>&1; then sudo fuser $LOCK_FILE 2>/dev/null; else echo "fuser not installed"; fi

client/server_scripts/check_user_in_sudo.sh

@@ -1,7 +1,6 @@
 if which apt-get > /dev/null 2>&1; then pm=$(which apt-get); opt="--version";\
 elif which dnf > /dev/null 2>&1; then pm=$(which dnf); opt="--version";\
 elif which yum > /dev/null 2>&1; then pm=$(which yum); opt="--version";\
-elif which zypper > /dev/null 2>&1; then pm=$(which zypper); opt="--version";\
 elif which pacman > /dev/null 2>&1; then pm=$(which pacman); opt="--version";\
 else pm="uname"; opt="-a";\
 fi;\

client/server_scripts/install_docker.sh

@@ -1,7 +1,6 @@
 if which apt-get > /dev/null 2>&1; then pm=$(which apt-get); silent_inst="-yq install"; check_pkgs="-yq update"; docker_pkg="docker.io"; dist="debian";\
 elif which dnf > /dev/null 2>&1; then pm=$(which dnf); silent_inst="-yq install"; check_pkgs="-yq check-update"; docker_pkg="docker"; dist="fedora";\
 elif which yum > /dev/null 2>&1; then pm=$(which yum); silent_inst="-y -q install"; check_pkgs="-y -q check-update"; docker_pkg="docker"; dist="centos";\
-elif which zypper > /dev/null 2>&1; then pm=$(which zypper); silent_inst="-nq install"; check_pkgs="-nq refresh"; docker_pkg="docker"; dist="opensuse";\
 elif which pacman > /dev/null 2>&1; then pm=$(which pacman); silent_inst="-S --noconfirm --noprogressbar --quiet"; check_pkgs="-Sup"; docker_pkg="docker"; dist="archlinux";\
 else echo "Packet manager not found"; exit 1; fi;\
 echo "Dist: $dist, Packet manager: $pm, Install command: $silent_inst, Check pkgs command: $check_pkgs, Docker pkg: $docker_pkg";\

client/ui/controllers/api/apiConfigsController.cpp

@@ -18,7 +18,6 @@ namespace
     {
         constexpr char cloak[] = "cloak";
         constexpr char awg[] = "awg";
-        constexpr char vless[] = "vless";
 
         constexpr char apiEndpoint[] = "api_endpoint";
         constexpr char accessToken[] = "api_key";
@@ -36,6 +35,10 @@ namespace
         constexpr char serviceInfo[] = "service_info";
         constexpr char serviceProtocol[] = "service_protocol";
 
+        constexpr char aesKey[] = "aes_key";
+        constexpr char aesIv[] = "aes_iv";
+        constexpr char aesSalt[] = "aes_salt";
+
         constexpr char apiPayload[] = "api_payload";
         constexpr char keyPayload[] = "key_payload";
 
@@ -44,185 +47,6 @@ namespace
 
         constexpr char config[] = "config";
     }
-
-    struct ProtocolData
-    {
-        OpenVpnConfigurator::ConnectionData certRequest;
-
-        QString wireGuardClientPrivKey;
-        QString wireGuardClientPubKey;
-
-        QString xrayUuid;
-    };
-
-    struct GatewayRequestData
-    {
-        QString osVersion;
-        QString appVersion;
-
-        QString installationUuid;
-
-        QString userCountryCode;
-        QString serverCountryCode;
-        QString serviceType;
-        QString serviceProtocol;
-
-        QJsonObject authData;
-
-        QJsonObject toJsonObject() const
-        {
-            QJsonObject obj;
-            if (!osVersion.isEmpty()) {
-                obj[configKey::osVersion] = osVersion;
-            }
-            if (!appVersion.isEmpty()) {
-                obj[configKey::appVersion] = appVersion;
-            }
-            if (!installationUuid.isEmpty()) {
-                obj[configKey::uuid] = installationUuid;
-            }
-            if (!userCountryCode.isEmpty()) {
-                obj[configKey::userCountryCode] = userCountryCode;
-            }
-            if (!serverCountryCode.isEmpty()) {
-                obj[configKey::serverCountryCode] = serverCountryCode;
-            }
-            if (!serviceType.isEmpty()) {
-                obj[configKey::serviceType] = serviceType;
-            }
-            if (!serviceProtocol.isEmpty()) {
-                obj[configKey::serviceProtocol] = serviceProtocol;
-            }
-            if (!authData.isEmpty()) {
-                obj[configKey::authData] = authData;
-            }
-            return obj;
-        }
-    };
-
-    ProtocolData generateProtocolData(const QString &protocol)
-    {
-        ProtocolData protocolData;
-        if (protocol == configKey::cloak) {
-            protocolData.certRequest = OpenVpnConfigurator::createCertRequest();
-        } else if (protocol == configKey::awg) {
-            auto connData = WireguardConfigurator::genClientKeys();
-            protocolData.wireGuardClientPubKey = connData.clientPubKey;
-            protocolData.wireGuardClientPrivKey = connData.clientPrivKey;
-        } else if (protocol == configKey::vless) {
-            protocolData.xrayUuid = QUuid::createUuid().toString(QUuid::WithoutBraces);
-        }
-
-        return protocolData;
-    }
-
-    void appendProtocolDataToApiPayload(const QString &protocol, const ProtocolData &protocolData, QJsonObject &apiPayload)
-    {
-        if (protocol == configKey::cloak) {
-            apiPayload[configKey::certificate] = protocolData.certRequest.request;
-        } else if (protocol == configKey::awg) {
-            apiPayload[configKey::publicKey] = protocolData.wireGuardClientPubKey;
-        } else if (protocol == configKey::vless) {
-            apiPayload[configKey::publicKey] = protocolData.xrayUuid;
-        }
-    }
-
-    ErrorCode fillServerConfig(const QString &protocol, const ProtocolData &apiPayloadData, const QByteArray &apiResponseBody,
-                               QJsonObject &serverConfig)
-    {
-        QString data = QJsonDocument::fromJson(apiResponseBody).object().value(config_key::config).toString();
-
-        data.replace("vpn://", "");
-        QByteArray ba = QByteArray::fromBase64(data.toUtf8(), QByteArray::Base64UrlEncoding | QByteArray::OmitTrailingEquals);
-
-        if (ba.isEmpty()) {
-            qDebug() << "empty vpn key";
-            return ErrorCode::ApiConfigEmptyError;
-        }
-
-        QByteArray ba_uncompressed = qUncompress(ba);
-        if (!ba_uncompressed.isEmpty()) {
-            ba = ba_uncompressed;
-        }
-
-        QString configStr = ba;
-        if (protocol == configKey::cloak) {
-            configStr.replace("<key>", "<key>\n");
-            configStr.replace("$OPENVPN_PRIV_KEY", apiPayloadData.certRequest.privKey);
-        } else if (protocol == configKey::awg) {
-            configStr.replace("$WIREGUARD_CLIENT_PRIVATE_KEY", apiPayloadData.wireGuardClientPrivKey);
-            auto newServerConfig = QJsonDocument::fromJson(configStr.toUtf8()).object();
-            auto containers = newServerConfig.value(config_key::containers).toArray();
-            if (containers.isEmpty()) {
-                qDebug() << "missing containers field";
-                return ErrorCode::ApiConfigEmptyError;
-            }
-            auto container = containers.at(0).toObject();
-            QString containerName = ContainerProps::containerTypeToString(DockerContainer::Awg);
-            auto serverProtocolConfig = container.value(containerName).toObject();
-            auto clientProtocolConfig =
-                    QJsonDocument::fromJson(serverProtocolConfig.value(config_key::last_config).toString().toUtf8()).object();
-
-            //TODO looks like this block can be removed after v1 configs EOL
-
-            serverProtocolConfig[config_key::junkPacketCount] = clientProtocolConfig.value(config_key::junkPacketCount);
-            serverProtocolConfig[config_key::junkPacketMinSize] = clientProtocolConfig.value(config_key::junkPacketMinSize);
-            serverProtocolConfig[config_key::junkPacketMaxSize] = clientProtocolConfig.value(config_key::junkPacketMaxSize);
-            serverProtocolConfig[config_key::initPacketJunkSize] = clientProtocolConfig.value(config_key::initPacketJunkSize);
-            serverProtocolConfig[config_key::responsePacketJunkSize] = clientProtocolConfig.value(config_key::responsePacketJunkSize);
-            serverProtocolConfig[config_key::initPacketMagicHeader] = clientProtocolConfig.value(config_key::initPacketMagicHeader);
-            serverProtocolConfig[config_key::responsePacketMagicHeader] = clientProtocolConfig.value(config_key::responsePacketMagicHeader);
-            serverProtocolConfig[config_key::underloadPacketMagicHeader] = clientProtocolConfig.value(config_key::underloadPacketMagicHeader);
-            serverProtocolConfig[config_key::transportPacketMagicHeader] = clientProtocolConfig.value(config_key::transportPacketMagicHeader);
-
-            serverProtocolConfig[config_key::cookieReplyPacketJunkSize] = clientProtocolConfig.value(config_key::cookieReplyPacketJunkSize);
-            serverProtocolConfig[config_key::transportPacketJunkSize] = clientProtocolConfig.value(config_key::transportPacketJunkSize);
-            serverProtocolConfig[config_key::specialJunk1] = clientProtocolConfig.value(config_key::specialJunk1);
-            serverProtocolConfig[config_key::specialJunk2] = clientProtocolConfig.value(config_key::specialJunk2);
-            serverProtocolConfig[config_key::specialJunk3] = clientProtocolConfig.value(config_key::specialJunk3);
-            serverProtocolConfig[config_key::specialJunk4] = clientProtocolConfig.value(config_key::specialJunk4);
-            serverProtocolConfig[config_key::specialJunk5] = clientProtocolConfig.value(config_key::specialJunk5);
-            serverProtocolConfig[config_key::controlledJunk1] = clientProtocolConfig.value(config_key::controlledJunk1);
-            serverProtocolConfig[config_key::controlledJunk2] = clientProtocolConfig.value(config_key::controlledJunk2);
-            serverProtocolConfig[config_key::controlledJunk3] = clientProtocolConfig.value(config_key::controlledJunk3);
-            serverProtocolConfig[config_key::specialHandshakeTimeout] = clientProtocolConfig.value(config_key::specialHandshakeTimeout);
-
-            //
-
-            container[containerName] = serverProtocolConfig;
-            containers.replace(0, container);
-            newServerConfig[config_key::containers] = containers;
-            configStr = QString(QJsonDocument(newServerConfig).toJson());
-        }
-
-        QJsonObject newServerConfig = QJsonDocument::fromJson(configStr.toUtf8()).object();
-        serverConfig[config_key::dns1] = newServerConfig.value(config_key::dns1);
-        serverConfig[config_key::dns2] = newServerConfig.value(config_key::dns2);
-        serverConfig[config_key::containers] = newServerConfig.value(config_key::containers);
-        serverConfig[config_key::hostName] = newServerConfig.value(config_key::hostName);
-
-        if (newServerConfig.value(config_key::configVersion).toInt() == apiDefs::ConfigSource::AmneziaGateway) {
-            serverConfig[config_key::configVersion] = newServerConfig.value(config_key::configVersion);
-            serverConfig[config_key::description] = newServerConfig.value(config_key::description);
-            serverConfig[config_key::name] = newServerConfig.value(config_key::name);
-        }
-
-        auto defaultContainer = newServerConfig.value(config_key::defaultContainer).toString();
-        serverConfig[config_key::defaultContainer] = defaultContainer;
-
-        QVariantMap map = serverConfig.value(configKey::apiConfig).toObject().toVariantMap();
-        map.insert(newServerConfig.value(configKey::apiConfig).toObject().toVariantMap());
-        auto apiConfig = QJsonObject::fromVariantMap(map);
-
-        if (newServerConfig.value(config_key::configVersion).toInt() == apiDefs::ConfigSource::AmneziaGateway) {
-            apiConfig.insert(apiDefs::key::supportedProtocols,
-                             QJsonDocument::fromJson(apiResponseBody).object().value(apiDefs::key::supportedProtocols).toArray());
-        }
-
-        serverConfig[configKey::apiConfig] = apiConfig;
-
-        return ErrorCode::NoError;
-    }
 }
 
 ApiConfigsController::ApiConfigsController(const QSharedPointer<ServersModel> &serversModel,
@@ -239,26 +63,24 @@ bool ApiConfigsController::exportNativeConfig(const QString &serverCountryCode,
         return false;
     }
 
+    GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs,
+                                        m_settings->isStrictKillSwitchEnabled());
+
     auto serverConfigObject = m_serversModel->getServerConfig(m_serversModel->getProcessedServerIndex());
     auto apiConfigObject = serverConfigObject.value(configKey::apiConfig).toObject();
 
-    GatewayRequestData gatewayRequestData { QSysInfo::productType(),
-                                            QString(APP_VERSION),
-                                            m_settings->getInstallationUuid(true),
-                                            apiConfigObject.value(configKey::userCountryCode).toString(),
-                                            serverCountryCode,
-                                            apiConfigObject.value(configKey::serviceType).toString(),
-                                            m_apiServicesModel->getSelectedServiceProtocol(),
-                                            serverConfigObject.value(configKey::authData).toObject() };
-
     QString protocol = apiConfigObject.value(configKey::serviceProtocol).toString();
-    ProtocolData protocolData = generateProtocolData(protocol);
+    ApiPayloadData apiPayloadData = generateApiPayloadData(protocol);
 
-    QJsonObject apiPayload = gatewayRequestData.toJsonObject();
-    appendProtocolDataToApiPayload(gatewayRequestData.serviceProtocol, protocolData, apiPayload);
+    QJsonObject apiPayload = fillApiPayload(protocol, apiPayloadData);
+    apiPayload[configKey::userCountryCode] = apiConfigObject.value(configKey::userCountryCode);
+    apiPayload[configKey::serverCountryCode] = serverCountryCode;
+    apiPayload[configKey::serviceType] = apiConfigObject.value(configKey::serviceType);
+    apiPayload[configKey::authData] = serverConfigObject.value(configKey::authData);
+    apiPayload[apiDefs::key::cliVersion] = QString(APP_VERSION);
 
     QByteArray responseBody;
-    ErrorCode errorCode = executeRequest(QString("%1v1/native_config"), apiPayload, responseBody);
+    ErrorCode errorCode = gatewayController.post(QString("%1v1/native_config"), apiPayload, responseBody);
     if (errorCode != ErrorCode::NoError) {
         emit errorOccurred(errorCode);
         return false;
@@ -266,7 +88,7 @@ bool ApiConfigsController::exportNativeConfig(const QString &serverCountryCode,
 
     QJsonObject jsonConfig = QJsonDocument::fromJson(responseBody).object();
     QString nativeConfig = jsonConfig.value(configKey::config).toString();
-    nativeConfig.replace("$WIREGUARD_CLIENT_PRIVATE_KEY", protocolData.wireGuardClientPrivKey);
+    nativeConfig.replace("$WIREGUARD_CLIENT_PRIVATE_KEY", apiPayloadData.wireGuardClientPrivKey);
 
     SystemController::saveFile(fileName, nativeConfig);
     return true;
@@ -274,22 +96,24 @@ bool ApiConfigsController::exportNativeConfig(const QString &serverCountryCode,
 
 bool ApiConfigsController::revokeNativeConfig(const QString &serverCountryCode)
 {
+    GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs,
+                                        m_settings->isStrictKillSwitchEnabled());
+
     auto serverConfigObject = m_serversModel->getServerConfig(m_serversModel->getProcessedServerIndex());
     auto apiConfigObject = serverConfigObject.value(configKey::apiConfig).toObject();
 
-    GatewayRequestData gatewayRequestData { QSysInfo::productType(),
-                                            QString(APP_VERSION),
-                                            m_settings->getInstallationUuid(true),
-                                            apiConfigObject.value(configKey::userCountryCode).toString(),
-                                            serverCountryCode,
-                                            apiConfigObject.value(configKey::serviceType).toString(),
-                                            m_apiServicesModel->getSelectedServiceProtocol(),
-                                            serverConfigObject.value(configKey::authData).toObject() };
+    QString protocol = apiConfigObject.value(configKey::serviceProtocol).toString();
+    ApiPayloadData apiPayloadData = generateApiPayloadData(protocol);
 
-    QJsonObject apiPayload = gatewayRequestData.toJsonObject();
+    QJsonObject apiPayload = fillApiPayload(protocol, apiPayloadData);
+    apiPayload[configKey::userCountryCode] = apiConfigObject.value(configKey::userCountryCode);
+    apiPayload[configKey::serverCountryCode] = serverCountryCode;
+    apiPayload[configKey::serviceType] = apiConfigObject.value(configKey::serviceType);
+    apiPayload[configKey::authData] = serverConfigObject.value(configKey::authData);
+    apiPayload[apiDefs::key::cliVersion] = QString(APP_VERSION);
 
     QByteArray responseBody;
-    ErrorCode errorCode = executeRequest(QString("%1v1/revoke_native_config"), apiPayload, responseBody);
+    ErrorCode errorCode = gatewayController.post(QString("%1v1/revoke_native_config"), apiPayload, responseBody);
     if (errorCode != ErrorCode::NoError && errorCode != ErrorCode::ApiNotFoundError) {
         emit errorOccurred(errorCode);
         return false;
@@ -320,11 +144,14 @@ void ApiConfigsController::copyVpnKeyToClipboard()
 
 bool ApiConfigsController::fillAvailableServices()
 {
+    GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs,
+                                        m_settings->isStrictKillSwitchEnabled());
+
     QJsonObject apiPayload;
     apiPayload[configKey::osVersion] = QSysInfo::productType();
 
     QByteArray responseBody;
-    ErrorCode errorCode = executeRequest(QString("%1v1/services"), apiPayload, responseBody);
+    ErrorCode errorCode = gatewayController.post(QString("%1v1/services"), apiPayload, responseBody);
     if (errorCode == ErrorCode::NoError) {
         if (!responseBody.contains("services")) {
             errorCode = ErrorCode::ApiServicesMissingError;
@@ -343,36 +170,34 @@ bool ApiConfigsController::fillAvailableServices()
 
 bool ApiConfigsController::importServiceFromGateway()
 {
-    GatewayRequestData gatewayRequestData { QSysInfo::productType(),
-                                            QString(APP_VERSION),
-                                            m_settings->getInstallationUuid(true),
-                                            m_apiServicesModel->getCountryCode(),
-                                            "",
-                                            m_apiServicesModel->getSelectedServiceType(),
-                                            m_apiServicesModel->getSelectedServiceProtocol(),
-                                            QJsonObject() };
-
-    if (m_serversModel->isServerFromApiAlreadyExists(gatewayRequestData.userCountryCode, gatewayRequestData.serviceType,
-                                                     gatewayRequestData.serviceProtocol)) {
+    if (m_serversModel->isServerFromApiAlreadyExists(m_apiServicesModel->getCountryCode(), m_apiServicesModel->getSelectedServiceType(),
+                                                     m_apiServicesModel->getSelectedServiceProtocol())) {
         emit errorOccurred(ErrorCode::ApiConfigAlreadyAdded);
         return false;
     }
 
-    ProtocolData protocolData = generateProtocolData(gatewayRequestData.serviceProtocol);
+    GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs,
+                                        m_settings->isStrictKillSwitchEnabled());
 
-    QJsonObject apiPayload = gatewayRequestData.toJsonObject();
-    appendProtocolDataToApiPayload(gatewayRequestData.serviceProtocol, protocolData, apiPayload);
+    auto installationUuid = m_settings->getInstallationUuid(true);
+    auto userCountryCode = m_apiServicesModel->getCountryCode();
+    auto serviceType = m_apiServicesModel->getSelectedServiceType();
+    auto serviceProtocol = m_apiServicesModel->getSelectedServiceProtocol();
+
+    ApiPayloadData apiPayloadData = generateApiPayloadData(serviceProtocol);
+
+    QJsonObject apiPayload = fillApiPayload(serviceProtocol, apiPayloadData);
+    apiPayload[configKey::userCountryCode] = userCountryCode;
+    apiPayload[configKey::serviceType] = serviceType;
+    apiPayload[configKey::uuid] = installationUuid;
+    apiPayload[apiDefs::key::cliVersion] = QString(APP_VERSION);
 
     QByteArray responseBody;
-    ErrorCode errorCode = executeRequest(QString("%1v1/config"), apiPayload, responseBody);
+    ErrorCode errorCode = gatewayController.post(QString("%1v1/config"), apiPayload, responseBody);
 
     QJsonObject serverConfig;
     if (errorCode == ErrorCode::NoError) {
-        errorCode = fillServerConfig(gatewayRequestData.serviceProtocol, protocolData, responseBody, serverConfig);
-        if (errorCode != ErrorCode::NoError) {
-            emit errorOccurred(errorCode);
-            return false;
-        }
+        fillServerConfig(serviceProtocol, apiPayloadData, responseBody, serverConfig);
 
         QJsonObject apiConfig = serverConfig.value(configKey::apiConfig).toObject();
         apiConfig.insert(configKey::userCountryCode, m_apiServicesModel->getCountryCode());
@@ -393,33 +218,39 @@ bool ApiConfigsController::importServiceFromGateway()
 bool ApiConfigsController::updateServiceFromGateway(const int serverIndex, const QString &newCountryCode, const QString &newCountryName,
                                                     bool reloadServiceConfig)
 {
+    GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs,
+                                        m_settings->isStrictKillSwitchEnabled());
+
     auto serverConfig = m_serversModel->getServerConfig(serverIndex);
     auto apiConfig = serverConfig.value(configKey::apiConfig).toObject();
+    auto authData = serverConfig.value(configKey::authData).toObject();
 
-    GatewayRequestData gatewayRequestData { QSysInfo::productType(),
-                                            QString(APP_VERSION),
-                                            m_settings->getInstallationUuid(true),
-                                            apiConfig.value(configKey::userCountryCode).toString(),
-                                            newCountryCode,
-                                            apiConfig.value(configKey::serviceType).toString(),
-                                            apiConfig.value(configKey::serviceProtocol).toString(),
-                                            serverConfig.value(configKey::authData).toObject() };
+    auto installationUuid = m_settings->getInstallationUuid(true);
+    auto userCountryCode = apiConfig.value(configKey::userCountryCode).toString();
+    auto serviceType = apiConfig.value(configKey::serviceType).toString();
+    auto serviceProtocol = apiConfig.value(configKey::serviceProtocol).toString();
 
-    ProtocolData protocolData = generateProtocolData(gatewayRequestData.serviceProtocol);
+    ApiPayloadData apiPayloadData = generateApiPayloadData(serviceProtocol);
 
-    QJsonObject apiPayload = gatewayRequestData.toJsonObject();
-    appendProtocolDataToApiPayload(gatewayRequestData.serviceProtocol, protocolData, apiPayload);
+    QJsonObject apiPayload = fillApiPayload(serviceProtocol, apiPayloadData);
+    apiPayload[configKey::userCountryCode] = userCountryCode;
+    apiPayload[configKey::serviceType] = serviceType;
+    apiPayload[configKey::uuid] = installationUuid;
+    apiPayload[apiDefs::key::cliVersion] = QString(APP_VERSION);
+
+    if (!newCountryCode.isEmpty()) {
+        apiPayload[configKey::serverCountryCode] = newCountryCode;
+    }
+    if (!authData.isEmpty()) {
+        apiPayload[configKey::authData] = authData;
+    }
 
     QByteArray responseBody;
-    ErrorCode errorCode = executeRequest(QString("%1v1/config"), apiPayload, responseBody);
+    ErrorCode errorCode = gatewayController.post(QString("%1v1/config"), apiPayload, responseBody);
 
     QJsonObject newServerConfig;
     if (errorCode == ErrorCode::NoError) {
-        errorCode = fillServerConfig(gatewayRequestData.serviceProtocol, protocolData, responseBody, newServerConfig);
-        if (errorCode != ErrorCode::NoError) {
-            emit errorOccurred(errorCode);
-            return false;
-        }
+        fillServerConfig(serviceProtocol, apiPayloadData, responseBody, newServerConfig);
 
         QJsonObject newApiConfig = newServerConfig.value(configKey::apiConfig).toObject();
         newApiConfig.insert(configKey::userCountryCode, apiConfig.value(configKey::userCountryCode));
@@ -428,12 +259,8 @@ bool ApiConfigsController::updateServiceFromGateway(const int serverIndex, const
         newApiConfig.insert(apiDefs::key::vpnKey, apiConfig.value(apiDefs::key::vpnKey));
 
         newServerConfig.insert(configKey::apiConfig, newApiConfig);
-        newServerConfig.insert(configKey::authData, gatewayRequestData.authData);
+        newServerConfig.insert(configKey::authData, authData);
 
-        if (serverConfig.value(config_key::nameOverriddenByUser).toBool()) {
-            newServerConfig.insert(config_key::name, serverConfig.value(config_key::name));
-            newServerConfig.insert(config_key::nameOverriddenByUser, true);
-        }
         m_serversModel->editServer(newServerConfig, serverIndex);
         if (reloadServiceConfig) {
             emit reloadServerFromApiFinished(tr("API config reloaded"));
@@ -463,13 +290,10 @@ bool ApiConfigsController::updateServiceFromTelegram(const int serverIndex)
     auto installationUuid = m_settings->getInstallationUuid(true);
 
     QString serviceProtocol = serverConfig.value(configKey::protocol).toString();
-    ProtocolData protocolData = generateProtocolData(serviceProtocol);
+    ApiPayloadData apiPayloadData = generateApiPayloadData(serviceProtocol);
 
-    QJsonObject apiPayload;
-    appendProtocolDataToApiPayload(serviceProtocol, protocolData, apiPayload);
+    QJsonObject apiPayload = fillApiPayload(serviceProtocol, apiPayloadData);
     apiPayload[configKey::uuid] = installationUuid;
-    apiPayload[configKey::osVersion] = QSysInfo::productType();
-    apiPayload[configKey::appVersion] = QString(APP_VERSION);
     apiPayload[configKey::accessToken] = serverConfig.value(configKey::accessToken).toString();
     apiPayload[configKey::apiEndpoint] = serverConfig.value(configKey::apiEndpoint).toString();
 
@@ -477,11 +301,7 @@ bool ApiConfigsController::updateServiceFromTelegram(const int serverIndex)
     ErrorCode errorCode = gatewayController.post(QString("%1v1/proxy_config"), apiPayload, responseBody);
 
     if (errorCode == ErrorCode::NoError) {
-        errorCode = fillServerConfig(serviceProtocol, protocolData, responseBody, serverConfig);
-        if (errorCode != ErrorCode::NoError) {
-            emit errorOccurred(errorCode);
-            return false;
-        }
+        fillServerConfig(serviceProtocol, apiPayloadData, responseBody, serverConfig);
 
         m_serversModel->editServer(serverConfig, serverIndex);
         emit updateServerFromApiFinished();
@@ -494,6 +314,9 @@ bool ApiConfigsController::updateServiceFromTelegram(const int serverIndex)
 
 bool ApiConfigsController::deactivateDevice()
 {
+    GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs,
+                                        m_settings->isStrictKillSwitchEnabled());
+
     auto serverIndex = m_serversModel->getProcessedServerIndex();
     auto serverConfigObject = m_serversModel->getServerConfig(serverIndex);
     auto apiConfigObject = serverConfigObject.value(configKey::apiConfig).toObject();
@@ -502,19 +325,19 @@ bool ApiConfigsController::deactivateDevice()
         return true;
     }
 
-    GatewayRequestData gatewayRequestData { QSysInfo::productType(),
-                                            QString(APP_VERSION),
-                                            m_settings->getInstallationUuid(true),
-                                            apiConfigObject.value(configKey::userCountryCode).toString(),
-                                            apiConfigObject.value(configKey::serverCountryCode).toString(),
-                                            apiConfigObject.value(configKey::serviceType).toString(),
-                                            "",
-                                            serverConfigObject.value(configKey::authData).toObject() };
+    QString protocol = apiConfigObject.value(configKey::serviceProtocol).toString();
+    ApiPayloadData apiPayloadData = generateApiPayloadData(protocol);
 
-    QJsonObject apiPayload = gatewayRequestData.toJsonObject();
+    QJsonObject apiPayload = fillApiPayload(protocol, apiPayloadData);
+    apiPayload[configKey::userCountryCode] = apiConfigObject.value(configKey::userCountryCode);
+    apiPayload[configKey::serverCountryCode] = apiConfigObject.value(configKey::serverCountryCode);
+    apiPayload[configKey::serviceType] = apiConfigObject.value(configKey::serviceType);
+    apiPayload[configKey::authData] = serverConfigObject.value(configKey::authData);
+    apiPayload[configKey::uuid] = m_settings->getInstallationUuid(true);
+    apiPayload[apiDefs::key::cliVersion] = QString(APP_VERSION);
 
     QByteArray responseBody;
-    ErrorCode errorCode = executeRequest(QString("%1v1/revoke_config"), apiPayload, responseBody);
+    ErrorCode errorCode = gatewayController.post(QString("%1v1/revoke_config"), apiPayload, responseBody);
     if (errorCode != ErrorCode::NoError && errorCode != ErrorCode::ApiNotFoundError) {
         emit errorOccurred(errorCode);
         return false;
@@ -528,6 +351,9 @@ bool ApiConfigsController::deactivateDevice()
 
 bool ApiConfigsController::deactivateExternalDevice(const QString &uuid, const QString &serverCountryCode)
 {
+    GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs,
+                                        m_settings->isStrictKillSwitchEnabled());
+
     auto serverIndex = m_serversModel->getProcessedServerIndex();
     auto serverConfigObject = m_serversModel->getServerConfig(serverIndex);
     auto apiConfigObject = serverConfigObject.value(configKey::apiConfig).toObject();
@@ -536,19 +362,19 @@ bool ApiConfigsController::deactivateExternalDevice(const QString &uuid, const Q
         return true;
     }
 
-    GatewayRequestData gatewayRequestData { QSysInfo::productType(),
-                                            QString(APP_VERSION),
-                                            uuid,
-                                            apiConfigObject.value(configKey::userCountryCode).toString(),
-                                            serverCountryCode,
-                                            apiConfigObject.value(configKey::serviceType).toString(),
-                                            "",
-                                            serverConfigObject.value(configKey::authData).toObject() };
+    QString protocol = apiConfigObject.value(configKey::serviceProtocol).toString();
+    ApiPayloadData apiPayloadData = generateApiPayloadData(protocol);
 
-    QJsonObject apiPayload = gatewayRequestData.toJsonObject();
+    QJsonObject apiPayload = fillApiPayload(protocol, apiPayloadData);
+    apiPayload[configKey::userCountryCode] = apiConfigObject.value(configKey::userCountryCode);
+    apiPayload[configKey::serverCountryCode] = serverCountryCode;
+    apiPayload[configKey::serviceType] = apiConfigObject.value(configKey::serviceType);
+    apiPayload[configKey::authData] = serverConfigObject.value(configKey::authData);
+    apiPayload[configKey::uuid] = uuid;
+    apiPayload[apiDefs::key::cliVersion] = QString(APP_VERSION);
 
     QByteArray responseBody;
-    ErrorCode errorCode = executeRequest(QString("%1v1/revoke_config"), apiPayload, responseBody);
+    ErrorCode errorCode = gatewayController.post(QString("%1v1/revoke_config"), apiPayload, responseBody);
     if (errorCode != ErrorCode::NoError && errorCode != ErrorCode::ApiNotFoundError) {
         emit errorOccurred(errorCode);
         return false;
@@ -587,29 +413,108 @@ bool ApiConfigsController::isConfigValid()
     return true;
 }
 
-void ApiConfigsController::setCurrentProtocol(const QString &protocolName)
+ApiConfigsController::ApiPayloadData ApiConfigsController::generateApiPayloadData(const QString &protocol)
 {
-    auto serverIndex = m_serversModel->getProcessedServerIndex();
-    auto serverConfigObject = m_serversModel->getServerConfig(serverIndex);
-    auto apiConfigObject = serverConfigObject.value(configKey::apiConfig).toObject();
-
-    apiConfigObject[configKey::serviceProtocol] = protocolName;
-
-    serverConfigObject.insert(configKey::apiConfig, apiConfigObject);
-
-    m_serversModel->editServer(serverConfigObject, serverIndex);
+    ApiConfigsController::ApiPayloadData apiPayload;
+    if (protocol == configKey::cloak) {
+        apiPayload.certRequest = OpenVpnConfigurator::createCertRequest();
+    } else if (protocol == configKey::awg) {
+        auto connData = WireguardConfigurator::genClientKeys();
+        apiPayload.wireGuardClientPubKey = connData.clientPubKey;
+        apiPayload.wireGuardClientPrivKey = connData.clientPrivKey;
+    }
+    return apiPayload;
 }
 
-bool ApiConfigsController::isVlessProtocol()
+QJsonObject ApiConfigsController::fillApiPayload(const QString &protocol, const ApiPayloadData &apiPayloadData)
 {
-    auto serverIndex = m_serversModel->getProcessedServerIndex();
-    auto serverConfigObject = m_serversModel->getServerConfig(serverIndex);
-    auto apiConfigObject = serverConfigObject.value(configKey::apiConfig).toObject();
-
-    if (apiConfigObject[configKey::serviceProtocol].toString() == "vless") {
-        return true;
+    QJsonObject obj;
+    if (protocol == configKey::cloak) {
+        obj[configKey::certificate] = apiPayloadData.certRequest.request;
+    } else if (protocol == configKey::awg) {
+        obj[configKey::publicKey] = apiPayloadData.wireGuardClientPubKey;
     }
-    return false;
+
+    obj[configKey::osVersion] = QSysInfo::productType();
+    obj[configKey::appVersion] = QString(APP_VERSION);
+
+    return obj;
+}
+
+void ApiConfigsController::fillServerConfig(const QString &protocol, const ApiPayloadData &apiPayloadData,
+                                            const QByteArray &apiResponseBody, QJsonObject &serverConfig)
+{
+    QString data = QJsonDocument::fromJson(apiResponseBody).object().value(config_key::config).toString();
+
+    data.replace("vpn://", "");
+    QByteArray ba = QByteArray::fromBase64(data.toUtf8(), QByteArray::Base64UrlEncoding | QByteArray::OmitTrailingEquals);
+
+    if (ba.isEmpty()) {
+        emit errorOccurred(ErrorCode::ApiConfigEmptyError);
+        return;
+    }
+
+    QByteArray ba_uncompressed = qUncompress(ba);
+    if (!ba_uncompressed.isEmpty()) {
+        ba = ba_uncompressed;
+    }
+
+    QString configStr = ba;
+    if (protocol == configKey::cloak) {
+        configStr.replace("<key>", "<key>\n");
+        configStr.replace("$OPENVPN_PRIV_KEY", apiPayloadData.certRequest.privKey);
+    } else if (protocol == configKey::awg) {
+        configStr.replace("$WIREGUARD_CLIENT_PRIVATE_KEY", apiPayloadData.wireGuardClientPrivKey);
+        auto newServerConfig = QJsonDocument::fromJson(configStr.toUtf8()).object();
+        auto containers = newServerConfig.value(config_key::containers).toArray();
+        if (containers.isEmpty()) {
+            return; // todo process error
+        }
+        auto container = containers.at(0).toObject();
+        QString containerName = ContainerProps::containerTypeToString(DockerContainer::Awg);
+        auto containerConfig = container.value(containerName).toObject();
+        auto protocolConfig = QJsonDocument::fromJson(containerConfig.value(config_key::last_config).toString().toUtf8()).object();
+        containerConfig[config_key::junkPacketCount] = protocolConfig.value(config_key::junkPacketCount);
+        containerConfig[config_key::junkPacketMinSize] = protocolConfig.value(config_key::junkPacketMinSize);
+        containerConfig[config_key::junkPacketMaxSize] = protocolConfig.value(config_key::junkPacketMaxSize);
+        containerConfig[config_key::initPacketJunkSize] = protocolConfig.value(config_key::initPacketJunkSize);
+        containerConfig[config_key::responsePacketJunkSize] = protocolConfig.value(config_key::responsePacketJunkSize);
+        containerConfig[config_key::initPacketMagicHeader] = protocolConfig.value(config_key::initPacketMagicHeader);
+        containerConfig[config_key::responsePacketMagicHeader] = protocolConfig.value(config_key::responsePacketMagicHeader);
+        containerConfig[config_key::underloadPacketMagicHeader] = protocolConfig.value(config_key::underloadPacketMagicHeader);
+        containerConfig[config_key::transportPacketMagicHeader] = protocolConfig.value(config_key::transportPacketMagicHeader);
+        container[containerName] = containerConfig;
+        containers.replace(0, container);
+        newServerConfig[config_key::containers] = containers;
+        configStr = QString(QJsonDocument(newServerConfig).toJson());
+    }
+
+    QJsonObject newServerConfig = QJsonDocument::fromJson(configStr.toUtf8()).object();
+    serverConfig[config_key::dns1] = newServerConfig.value(config_key::dns1);
+    serverConfig[config_key::dns2] = newServerConfig.value(config_key::dns2);
+    serverConfig[config_key::containers] = newServerConfig.value(config_key::containers);
+    serverConfig[config_key::hostName] = newServerConfig.value(config_key::hostName);
+
+    if (newServerConfig.value(config_key::configVersion).toInt() == apiDefs::ConfigSource::AmneziaGateway) {
+        serverConfig[config_key::configVersion] = newServerConfig.value(config_key::configVersion);
+        serverConfig[config_key::description] = newServerConfig.value(config_key::description);
+        serverConfig[config_key::name] = newServerConfig.value(config_key::name);
+    }
+
+    auto defaultContainer = newServerConfig.value(config_key::defaultContainer).toString();
+    serverConfig[config_key::defaultContainer] = defaultContainer;
+
+    QVariantMap map = serverConfig.value(configKey::apiConfig).toObject().toVariantMap();
+    map.insert(newServerConfig.value(configKey::apiConfig).toObject().toVariantMap());
+    auto apiConfig = QJsonObject::fromVariantMap(map);
+
+    if (newServerConfig.value(config_key::configVersion).toInt() == apiDefs::ConfigSource::AmneziaGateway) {
+        apiConfig.insert(configKey::serviceInfo, QJsonDocument::fromJson(apiResponseBody).object().value(configKey::serviceInfo).toObject());
+    }
+
+    serverConfig[configKey::apiConfig] = apiConfig;
+
+    return;
 }
 
 QList<QString> ApiConfigsController::getQrCodes()
@@ -626,10 +531,3 @@ QString ApiConfigsController::getVpnKey()
 {
     return m_vpnKey;
 }
-
-ErrorCode ApiConfigsController::executeRequest(const QString &endpoint, const QJsonObject &apiPayload, QByteArray &responseBody)
-{
-    GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs,
-                                        m_settings->isStrictKillSwitchEnabled());
-    return gatewayController.post(endpoint, apiPayload, responseBody);
-}

client/ui/controllers/api/apiConfigsController.h

@@ -35,9 +35,6 @@ public slots:
 
     bool isConfigValid();
 
-    void setCurrentProtocol(const QString &protocolName);
-    bool isVlessProtocol();
-
 signals:
     void errorOccurred(ErrorCode errorCode);
 
@@ -49,12 +46,23 @@ signals:
     void vpnKeyExportReady();
 
 private:
+    struct ApiPayloadData
+    {
+        OpenVpnConfigurator::ConnectionData certRequest;
+
+        QString wireGuardClientPrivKey;
+        QString wireGuardClientPubKey;
+    };
+
+    ApiPayloadData generateApiPayloadData(const QString &protocol);
+    QJsonObject fillApiPayload(const QString &protocol, const ApiPayloadData &apiPayloadData);
+    void fillServerConfig(const QString &protocol, const ApiPayloadData &apiPayloadData, const QByteArray &apiResponseBody,
+                          QJsonObject &serverConfig);
+
     QList<QString> getQrCodes();
     int getQrCodesCount();
     QString getVpnKey();
 
-    ErrorCode executeRequest(const QString &endpoint, const QJsonObject &apiPayload, QByteArray &responseBody);
-
     QList<QString> m_qrCodes;
     QString m_vpnKey;
 

client/ui/controllers/importController.cpp

@@ -12,7 +12,6 @@
 #include "core/errorstrings.h"
 #include "core/qrCodeUtils.h"
 #include "core/serialization/serialization.h"
-#include "protocols/protocols_defs.h"
 #include "systemController.h"
 #include "utilities.h"
 
@@ -287,19 +286,6 @@ void ImportController::processNativeWireGuardConfig()
         clientProtocolConfig[config_key::underloadPacketMagicHeader] = "3";
         clientProtocolConfig[config_key::transportPacketMagicHeader] = "4";
 
-        // clientProtocolConfig[config_key::cookieReplyPacketJunkSize] = "0";
-        // clientProtocolConfig[config_key::transportPacketJunkSize] = "0";
-
-        // clientProtocolConfig[config_key::specialJunk1] = "";
-        // clientProtocolConfig[config_key::specialJunk2] = "";
-        // clientProtocolConfig[config_key::specialJunk3] = "";
-        // clientProtocolConfig[config_key::specialJunk4] = "";
-        // clientProtocolConfig[config_key::specialJunk5] = "";
-        // clientProtocolConfig[config_key::controlledJunk1] = "";
-        // clientProtocolConfig[config_key::controlledJunk2] = "";
-        // clientProtocolConfig[config_key::controlledJunk3] = "";
-        // clientProtocolConfig[config_key::specialHandshakeTimeout] = "0";
-
         clientProtocolConfig[config_key::isObfuscationEnabled] = true;
 
         serverProtocolConfig[config_key::last_config] = QString(QJsonDocument(clientProtocolConfig).toJson());
@@ -452,33 +438,21 @@ QJsonObject ImportController::extractWireGuardConfig(const QString &data)
     lastConfig[config_key::allowed_ips] = allowedIpsJsonArray;
 
     QString protocolName = "wireguard";
-
-    const QStringList requiredJunkFields = { config_key::junkPacketCount,           config_key::junkPacketMinSize,
-                                             config_key::junkPacketMaxSize,         config_key::initPacketJunkSize,
-                                             config_key::responsePacketJunkSize,    config_key::initPacketMagicHeader,
-                                             config_key::responsePacketMagicHeader, config_key::underloadPacketMagicHeader,
-                                             config_key::transportPacketMagicHeader };
-
-    const QStringList optionalJunkFields = { // config_key::cookieReplyPacketJunkSize,
-                                             // config_key::transportPacketJunkSize,
-                                             config_key::specialJunk1,    config_key::specialJunk2,    config_key::specialJunk3,
-                                             config_key::specialJunk4,    config_key::specialJunk5,    config_key::controlledJunk1,
-                                             config_key::controlledJunk2, config_key::controlledJunk3, config_key::specialHandshakeTimeout
-    };
-
-    bool hasAllRequiredFields = std::all_of(requiredJunkFields.begin(), requiredJunkFields.end(),
-                                            [&configMap](const QString &field) { return !configMap.value(field).isEmpty(); });
-    if (hasAllRequiredFields) {
-        for (const QString &field : requiredJunkFields) {
-            lastConfig[field] = configMap.value(field);
-        }
-
-        for (const QString &field : optionalJunkFields) {
-            if (!configMap.value(field).isEmpty()) {
-                lastConfig[field] = configMap.value(field);
-            }
-        }
-
+    if (!configMap.value(config_key::junkPacketCount).isEmpty() && !configMap.value(config_key::junkPacketMinSize).isEmpty()
+        && !configMap.value(config_key::junkPacketMaxSize).isEmpty() && !configMap.value(config_key::initPacketJunkSize).isEmpty()
+        && !configMap.value(config_key::responsePacketJunkSize).isEmpty() && !configMap.value(config_key::initPacketMagicHeader).isEmpty()
+        && !configMap.value(config_key::responsePacketMagicHeader).isEmpty()
+        && !configMap.value(config_key::underloadPacketMagicHeader).isEmpty()
+        && !configMap.value(config_key::transportPacketMagicHeader).isEmpty()) {
+        lastConfig[config_key::junkPacketCount] = configMap.value(config_key::junkPacketCount);
+        lastConfig[config_key::junkPacketMinSize] = configMap.value(config_key::junkPacketMinSize);
+        lastConfig[config_key::junkPacketMaxSize] = configMap.value(config_key::junkPacketMaxSize);
+        lastConfig[config_key::initPacketJunkSize] = configMap.value(config_key::initPacketJunkSize);
+        lastConfig[config_key::responsePacketJunkSize] = configMap.value(config_key::responsePacketJunkSize);
+        lastConfig[config_key::initPacketMagicHeader] = configMap.value(config_key::initPacketMagicHeader);
+        lastConfig[config_key::responsePacketMagicHeader] = configMap.value(config_key::responsePacketMagicHeader);
+        lastConfig[config_key::underloadPacketMagicHeader] = configMap.value(config_key::underloadPacketMagicHeader);
+        lastConfig[config_key::transportPacketMagicHeader] = configMap.value(config_key::transportPacketMagicHeader);
         protocolName = "awg";
         m_configType = ConfigTypes::Awg;
     }

client/ui/controllers/installController.cpp

@@ -8,7 +8,6 @@
 #include <QStandardPaths>
 #include <QtConcurrent>
 
-#include "core/api/apiUtils.h"
 #include "core/controllers/serverController.h"
 #include "core/controllers/vpnConfigurationController.h"
 #include "core/networkUtilities.h"
@@ -16,6 +15,7 @@
 #include "ui/models/protocols/awgConfigModel.h"
 #include "ui/models/protocols/wireguardConfigModel.h"
 #include "utilities.h"
+#include "core/api/apiUtils.h"
 
 namespace
 {
@@ -79,36 +79,12 @@ void InstallController::install(DockerContainer container, int port, TransportPr
 
                 int s1 = QRandomGenerator::global()->bounded(15, 150);
                 int s2 = QRandomGenerator::global()->bounded(15, 150);
-                // int s3 = QRandomGenerator::global()->bounded(15, 150);
-                // int s4 = QRandomGenerator::global()->bounded(15, 150);
-
-                // Ensure all values are unique and don't create equal packet sizes
-                QSet<int> usedValues;
-                usedValues.insert(s1);
-
-                while (usedValues.contains(s2) || s1 + AwgConstant::messageInitiationSize == s2 + AwgConstant::messageResponseSize) {
+                while (s1 + AwgConstant::messageInitiationSize == s2 + AwgConstant::messageResponseSize) {
                     s2 = QRandomGenerator::global()->bounded(15, 150);
                 }
-                usedValues.insert(s2);
-
-                // while (usedValues.contains(s3)
-                //        || s1 + AwgConstant::messageInitiationSize == s3 + AwgConstant::messageCookieReplySize
-                //        || s2 + AwgConstant::messageResponseSize == s3 + AwgConstant::messageCookieReplySize) {
-                //     s3 = QRandomGenerator::global()->bounded(15, 150);
-                // }
-                // usedValues.insert(s3);
-
-                // while (usedValues.contains(s4)
-                //        || s1 + AwgConstant::messageInitiationSize == s4 + AwgConstant::messageTransportSize
-                //        || s2 + AwgConstant::messageResponseSize == s4 + AwgConstant::messageTransportSize
-                //        || s3 + AwgConstant::messageCookieReplySize == s4 + AwgConstant::messageTransportSize) {
-                //     s4 = QRandomGenerator::global()->bounded(15, 150);
-                // }
 
                 QString initPacketJunkSize = QString::number(s1);
                 QString responsePacketJunkSize = QString::number(s2);
-                // QString cookieReplyPacketJunkSize = QString::number(s3);
-                // QString transportPacketJunkSize = QString::number(s4);
 
                 QSet<QString> headersValue;
                 while (headersValue.size() != 4) {
@@ -132,21 +108,6 @@ void InstallController::install(DockerContainer container, int port, TransportPr
                 containerConfig[config_key::responsePacketMagicHeader] = responsePacketMagicHeader;
                 containerConfig[config_key::underloadPacketMagicHeader] = underloadPacketMagicHeader;
                 containerConfig[config_key::transportPacketMagicHeader] = transportPacketMagicHeader;
-
-                // TODO:
-                // containerConfig[config_key::cookieReplyPacketJunkSize] = cookieReplyPacketJunkSize;
-                // containerConfig[config_key::transportPacketJunkSize] = transportPacketJunkSize;
-
-                // containerConfig[config_key::specialJunk1] = specialJunk1;
-                // containerConfig[config_key::specialJunk2] = specialJunk2;
-                // containerConfig[config_key::specialJunk3] = specialJunk3;
-                // containerConfig[config_key::specialJunk4] = specialJunk4;
-                // containerConfig[config_key::specialJunk5] = specialJunk5;
-                // containerConfig[config_key::controlledJunk1] = controlledJunk1;
-                // containerConfig[config_key::controlledJunk2] = controlledJunk2;
-                // containerConfig[config_key::controlledJunk3] = controlledJunk3;
-                // containerConfig[config_key::specialHandshakeTimeout] = specialHandshakeTimeout;
-
             } else if (container == DockerContainer::Sftp) {
                 containerConfig.insert(config_key::userName, protocols::sftp::defaultUserName);
                 containerConfig.insert(config_key::password, Utils::getRandomString(16));
@@ -440,19 +401,6 @@ ErrorCode InstallController::getAlreadyInstalledContainers(const ServerCredentia
                         containerConfig[config_key::transportPacketMagicHeader] =
                                 serverConfigMap.value(config_key::transportPacketMagicHeader);
 
-                        // containerConfig[config_key::cookieReplyPacketJunkSize] = serverConfigMap.value(config_key::cookieReplyPacketJunkSize);
-                        // containerConfig[config_key::transportPacketJunkSize] = serverConfigMap.value(config_key::transportPacketJunkSize);
-
-                        // containerConfig[config_key::specialJunk1] = serverConfigMap.value(config_key::specialJunk1);
-                        // containerConfig[config_key::specialJunk2] = serverConfigMap.value(config_key::specialJunk2);
-                        // containerConfig[config_key::specialJunk3] = serverConfigMap.value(config_key::specialJunk3);
-                        // containerConfig[config_key::specialJunk4] = serverConfigMap.value(config_key::specialJunk4);
-                        // containerConfig[config_key::specialJunk5] = serverConfigMap.value(config_key::specialJunk5);
-                        // containerConfig[config_key::controlledJunk1] = serverConfigMap.value(config_key::controlledJunk1);
-                        // containerConfig[config_key::controlledJunk2] = serverConfigMap.value(config_key::controlledJunk2);
-                        // containerConfig[config_key::controlledJunk3] = serverConfigMap.value(config_key::controlledJunk3);
-                        // containerConfig[config_key::specialHandshakeTimeout] = serverConfigMap.value(config_key::specialHandshakeTimeout);
-
                     } else if (protocol == Proto::WireGuard) {
                         QString serverConfig = serverController->getTextFileFromContainer(container, credentials,
                                                                                           protocols::wireguard::serverConfigPath, errorCode);

client/ui/models/api/apiAccountInfoModel.cpp

@@ -75,12 +75,6 @@ QVariant ApiAccountInfoModel::data(const QModelIndex &index, int role) const
         }
         return false;
     }
-    case IsProtocolSelectionSupportedRole: {
-        if (m_accountInfoData.supportedProtocols.size() > 1) {
-            return true;
-        }
-        return false;
-    }
     }
 
     return QVariant();
@@ -101,10 +95,6 @@ void ApiAccountInfoModel::updateModel(const QJsonObject &accountInfoObject, cons
 
     accountInfoData.configType = apiUtils::getConfigType(serverConfig);
 
-    for (const auto &protocol : accountInfoObject.value(apiDefs::key::supportedProtocols).toArray()) {
-        accountInfoData.supportedProtocols.push_back(protocol.toString());
-    }
-
     m_accountInfoData = accountInfoData;
 
     m_supportInfo = accountInfoObject.value(apiDefs::key::supportInfo).toObject();
@@ -169,7 +159,6 @@ QHash<int, QByteArray> ApiAccountInfoModel::roleNames() const
     roles[ServiceDescriptionRole] = "serviceDescription";
     roles[IsComponentVisibleRole] = "isComponentVisible";
     roles[HasExpiredWorkerRole] = "hasExpiredWorker";
-    roles[IsProtocolSelectionSupportedRole] = "isProtocolSelectionSupported";
 
     return roles;
 }

client/ui/models/api/apiAccountInfoModel.h

@@ -18,8 +18,7 @@ public:
         ServiceDescriptionRole,
         EndDateRole,
         IsComponentVisibleRole,
-        HasExpiredWorkerRole,
-        IsProtocolSelectionSupportedRole
+        HasExpiredWorkerRole
     };
 
     explicit ApiAccountInfoModel(QObject *parent = nullptr);
@@ -52,8 +51,6 @@ private:
         int maxDeviceCount;
 
         apiDefs::ConfigType configType;
-
-        QStringList supportedProtocols;
     };
 
     AccountInfoData m_accountInfoData;

client/ui/models/protocols/awgConfigModel.cpp

@@ -28,17 +28,7 @@ bool AwgConfigModel::setData(const QModelIndex &index, const QVariant &value, in
     case Roles::ClientJunkPacketCountRole: m_clientProtocolConfig.insert(config_key::junkPacketCount, value.toString()); break;
     case Roles::ClientJunkPacketMinSizeRole: m_clientProtocolConfig.insert(config_key::junkPacketMinSize, value.toString()); break;
     case Roles::ClientJunkPacketMaxSizeRole: m_clientProtocolConfig.insert(config_key::junkPacketMaxSize, value.toString()); break;
-    case Roles::ClientSpecialJunk1Role: m_clientProtocolConfig.insert(config_key::specialJunk1, value.toString()); break;
-    case Roles::ClientSpecialJunk2Role: m_clientProtocolConfig.insert(config_key::specialJunk2, value.toString()); break;
-    case Roles::ClientSpecialJunk3Role: m_clientProtocolConfig.insert(config_key::specialJunk3, value.toString()); break;
-    case Roles::ClientSpecialJunk4Role: m_clientProtocolConfig.insert(config_key::specialJunk4, value.toString()); break;
-    case Roles::ClientSpecialJunk5Role: m_clientProtocolConfig.insert(config_key::specialJunk5, value.toString()); break;
-    case Roles::ClientControlledJunk1Role: m_clientProtocolConfig.insert(config_key::controlledJunk1, value.toString()); break;
-    case Roles::ClientControlledJunk2Role: m_clientProtocolConfig.insert(config_key::controlledJunk2, value.toString()); break;
-    case Roles::ClientControlledJunk3Role: m_clientProtocolConfig.insert(config_key::controlledJunk3, value.toString()); break;
-    case Roles::ClientSpecialHandshakeTimeoutRole:
-        m_clientProtocolConfig.insert(config_key::specialHandshakeTimeout, value.toString());
-        break;
+
     case Roles::ServerJunkPacketCountRole: m_serverProtocolConfig.insert(config_key::junkPacketCount, value.toString()); break;
     case Roles::ServerJunkPacketMinSizeRole: m_serverProtocolConfig.insert(config_key::junkPacketMinSize, value.toString()); break;
     case Roles::ServerJunkPacketMaxSizeRole: m_serverProtocolConfig.insert(config_key::junkPacketMaxSize, value.toString()); break;
@@ -46,12 +36,6 @@ bool AwgConfigModel::setData(const QModelIndex &index, const QVariant &value, in
     case Roles::ServerResponsePacketJunkSizeRole:
         m_serverProtocolConfig.insert(config_key::responsePacketJunkSize, value.toString());
         break;
-    // case Roles::ServerCookieReplyPacketJunkSizeRole:
-    //     m_serverProtocolConfig.insert(config_key::cookieReplyPacketJunkSize, value.toString());
-    //     break;
-    // case Roles::ServerTransportPacketJunkSizeRole:
-    //     m_serverProtocolConfig.insert(config_key::transportPacketJunkSize, value.toString());
-    //     break;
     case Roles::ServerInitPacketMagicHeaderRole: m_serverProtocolConfig.insert(config_key::initPacketMagicHeader, value.toString()); break;
     case Roles::ServerResponsePacketMagicHeaderRole:
         m_serverProtocolConfig.insert(config_key::responsePacketMagicHeader, value.toString());
@@ -82,23 +66,12 @@ QVariant AwgConfigModel::data(const QModelIndex &index, int role) const
     case Roles::ClientJunkPacketCountRole: return m_clientProtocolConfig.value(config_key::junkPacketCount);
     case Roles::ClientJunkPacketMinSizeRole: return m_clientProtocolConfig.value(config_key::junkPacketMinSize);
     case Roles::ClientJunkPacketMaxSizeRole: return m_clientProtocolConfig.value(config_key::junkPacketMaxSize);
-    case Roles::ClientSpecialJunk1Role: return m_clientProtocolConfig.value(config_key::specialJunk1);
-    case Roles::ClientSpecialJunk2Role: return m_clientProtocolConfig.value(config_key::specialJunk2);
-    case Roles::ClientSpecialJunk3Role: return m_clientProtocolConfig.value(config_key::specialJunk3);
-    case Roles::ClientSpecialJunk4Role: return m_clientProtocolConfig.value(config_key::specialJunk4);
-    case Roles::ClientSpecialJunk5Role: return m_clientProtocolConfig.value(config_key::specialJunk5);
-    case Roles::ClientControlledJunk1Role: return m_clientProtocolConfig.value(config_key::controlledJunk1);
-    case Roles::ClientControlledJunk2Role: return m_clientProtocolConfig.value(config_key::controlledJunk2);
-    case Roles::ClientControlledJunk3Role: return m_clientProtocolConfig.value(config_key::controlledJunk3);
-    case Roles::ClientSpecialHandshakeTimeoutRole: return m_clientProtocolConfig.value(config_key::specialHandshakeTimeout);
 
     case Roles::ServerJunkPacketCountRole: return m_serverProtocolConfig.value(config_key::junkPacketCount);
     case Roles::ServerJunkPacketMinSizeRole: return m_serverProtocolConfig.value(config_key::junkPacketMinSize);
     case Roles::ServerJunkPacketMaxSizeRole: return m_serverProtocolConfig.value(config_key::junkPacketMaxSize);
     case Roles::ServerInitPacketJunkSizeRole: return m_serverProtocolConfig.value(config_key::initPacketJunkSize);
     case Roles::ServerResponsePacketJunkSizeRole: return m_serverProtocolConfig.value(config_key::responsePacketJunkSize);
-    // case Roles::ServerCookieReplyPacketJunkSizeRole: return m_serverProtocolConfig.value(config_key::cookieReplyPacketJunkSize);
-    // case Roles::ServerTransportPacketJunkSizeRole: return m_serverProtocolConfig.value(config_key::transportPacketJunkSize);
     case Roles::ServerInitPacketMagicHeaderRole: return m_serverProtocolConfig.value(config_key::initPacketMagicHeader);
     case Roles::ServerResponsePacketMagicHeaderRole: return m_serverProtocolConfig.value(config_key::responsePacketMagicHeader);
     case Roles::ServerUnderloadPacketMagicHeaderRole: return m_serverProtocolConfig.value(config_key::underloadPacketMagicHeader);
@@ -121,8 +94,7 @@ void AwgConfigModel::updateModel(const QJsonObject &config)
     m_serverProtocolConfig.insert(config_key::transport_proto,
                                   serverProtocolConfig.value(config_key::transport_proto).toString(defaultTransportProto));
     m_serverProtocolConfig[config_key::last_config] = serverProtocolConfig.value(config_key::last_config);
-    m_serverProtocolConfig[config_key::subnet_address] =
-            serverProtocolConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress);
+    m_serverProtocolConfig[config_key::subnet_address] = serverProtocolConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress);
     m_serverProtocolConfig[config_key::port] = serverProtocolConfig.value(config_key::port).toString(protocols::awg::defaultPort);
     m_serverProtocolConfig[config_key::junkPacketCount] =
             serverProtocolConfig.value(config_key::junkPacketCount).toString(protocols::awg::defaultJunkPacketCount);
@@ -134,10 +106,6 @@ void AwgConfigModel::updateModel(const QJsonObject &config)
             serverProtocolConfig.value(config_key::initPacketJunkSize).toString(protocols::awg::defaultInitPacketJunkSize);
     m_serverProtocolConfig[config_key::responsePacketJunkSize] =
             serverProtocolConfig.value(config_key::responsePacketJunkSize).toString(protocols::awg::defaultResponsePacketJunkSize);
-    // m_serverProtocolConfig[config_key::cookieReplyPacketJunkSize] =
-    //         serverProtocolConfig.value(config_key::cookieReplyPacketJunkSize).toString(protocols::awg::defaultCookieReplyPacketJunkSize);
-    // m_serverProtocolConfig[config_key::transportPacketJunkSize] =
-    //         serverProtocolConfig.value(config_key::transportPacketJunkSize).toString(protocols::awg::defaultTransportPacketJunkSize);
     m_serverProtocolConfig[config_key::initPacketMagicHeader] =
             serverProtocolConfig.value(config_key::initPacketMagicHeader).toString(protocols::awg::defaultInitPacketMagicHeader);
     m_serverProtocolConfig[config_key::responsePacketMagicHeader] =
@@ -156,24 +124,6 @@ void AwgConfigModel::updateModel(const QJsonObject &config)
             clientProtocolConfig.value(config_key::junkPacketMinSize).toString(m_serverProtocolConfig[config_key::junkPacketMinSize].toString());
     m_clientProtocolConfig[config_key::junkPacketMaxSize] =
             clientProtocolConfig.value(config_key::junkPacketMaxSize).toString(m_serverProtocolConfig[config_key::junkPacketMaxSize].toString());
-    m_clientProtocolConfig[config_key::specialJunk1] =
-            clientProtocolConfig.value(config_key::specialJunk1).toString(protocols::awg::defaultSpecialJunk1);
-    m_clientProtocolConfig[config_key::specialJunk2] =
-            clientProtocolConfig.value(config_key::specialJunk2).toString(protocols::awg::defaultSpecialJunk2);
-    m_clientProtocolConfig[config_key::specialJunk3] =
-            clientProtocolConfig.value(config_key::specialJunk3).toString(protocols::awg::defaultSpecialJunk3);
-    m_clientProtocolConfig[config_key::specialJunk4] =
-            clientProtocolConfig.value(config_key::specialJunk4).toString(protocols::awg::defaultSpecialJunk4);
-    m_clientProtocolConfig[config_key::specialJunk5] =
-            clientProtocolConfig.value(config_key::specialJunk5).toString(protocols::awg::defaultSpecialJunk5);
-    m_clientProtocolConfig[config_key::controlledJunk1] =
-            clientProtocolConfig.value(config_key::controlledJunk1).toString(protocols::awg::defaultControlledJunk1);
-    m_clientProtocolConfig[config_key::controlledJunk2] =
-            clientProtocolConfig.value(config_key::controlledJunk2).toString(protocols::awg::defaultControlledJunk2);
-    m_clientProtocolConfig[config_key::controlledJunk3] =
-            clientProtocolConfig.value(config_key::controlledJunk3).toString(protocols::awg::defaultControlledJunk3);
-    m_clientProtocolConfig[config_key::specialHandshakeTimeout] =
-            clientProtocolConfig.value(config_key::specialHandshakeTimeout).toString(protocols::awg::defaultSpecialHandshakeTimeout);
     endResetModel();
 }
 
@@ -191,15 +141,6 @@ QJsonObject AwgConfigModel::getConfig()
         jsonConfig[config_key::junkPacketCount] = m_clientProtocolConfig[config_key::junkPacketCount];
         jsonConfig[config_key::junkPacketMinSize] = m_clientProtocolConfig[config_key::junkPacketMinSize];
         jsonConfig[config_key::junkPacketMaxSize] = m_clientProtocolConfig[config_key::junkPacketMaxSize];
-        jsonConfig[config_key::specialJunk1] = m_clientProtocolConfig[config_key::specialJunk1];
-        jsonConfig[config_key::specialJunk2] = m_clientProtocolConfig[config_key::specialJunk2];
-        jsonConfig[config_key::specialJunk3] = m_clientProtocolConfig[config_key::specialJunk3];
-        jsonConfig[config_key::specialJunk4] = m_clientProtocolConfig[config_key::specialJunk4];
-        jsonConfig[config_key::specialJunk5] = m_clientProtocolConfig[config_key::specialJunk5];
-        jsonConfig[config_key::controlledJunk1] = m_clientProtocolConfig[config_key::controlledJunk1];
-        jsonConfig[config_key::controlledJunk2] = m_clientProtocolConfig[config_key::controlledJunk2];
-        jsonConfig[config_key::controlledJunk3] = m_clientProtocolConfig[config_key::controlledJunk3];
-        jsonConfig[config_key::specialHandshakeTimeout] = m_clientProtocolConfig[config_key::specialHandshakeTimeout];
 
         m_serverProtocolConfig[config_key::last_config] = QString(QJsonDocument(jsonConfig).toJson());
     }
@@ -218,17 +159,6 @@ bool AwgConfigModel::isPacketSizeEqual(const int s1, const int s2)
     return (AwgConstant::messageInitiationSize + s1 == AwgConstant::messageResponseSize + s2);
 }
 
-// bool AwgConfigModel::isPacketSizeEqual(const int s1, const int s2, const int s3, const int s4)
-// {
-//     int initSize = AwgConstant::messageInitiationSize + s1;
-//     int responseSize = AwgConstant::messageResponseSize + s2;
-//     int cookieSize = AwgConstant::messageCookieReplySize + s3;
-//     int transportSize = AwgConstant::messageTransportSize + s4;
-
-//     return (initSize == responseSize || initSize == cookieSize || initSize == transportSize || responseSize == cookieSize
-//             || responseSize == transportSize || cookieSize == transportSize);
-// }
-
 bool AwgConfigModel::isServerSettingsEqual()
 {
     const AwgConfig oldConfig(m_fullConfig.value(config_key::awg).toObject());
@@ -248,24 +178,12 @@ QHash<int, QByteArray> AwgConfigModel::roleNames() const
     roles[ClientJunkPacketCountRole] = "clientJunkPacketCount";
     roles[ClientJunkPacketMinSizeRole] = "clientJunkPacketMinSize";
     roles[ClientJunkPacketMaxSizeRole] = "clientJunkPacketMaxSize";
-    roles[ClientSpecialJunk1Role] = "clientSpecialJunk1";
-    roles[ClientSpecialJunk2Role] = "clientSpecialJunk2";
-    roles[ClientSpecialJunk3Role] = "clientSpecialJunk3";
-    roles[ClientSpecialJunk4Role] = "clientSpecialJunk4";
-    roles[ClientSpecialJunk5Role] = "clientSpecialJunk5";
-    roles[ClientControlledJunk1Role] = "clientControlledJunk1";
-    roles[ClientControlledJunk2Role] = "clientControlledJunk2";
-    roles[ClientControlledJunk3Role] = "clientControlledJunk3";
-    roles[ClientSpecialHandshakeTimeoutRole] = "clientSpecialHandshakeTimeout";
 
     roles[ServerJunkPacketCountRole] = "serverJunkPacketCount";
     roles[ServerJunkPacketMinSizeRole] = "serverJunkPacketMinSize";
     roles[ServerJunkPacketMaxSizeRole] = "serverJunkPacketMaxSize";
     roles[ServerInitPacketJunkSizeRole] = "serverInitPacketJunkSize";
     roles[ServerResponsePacketJunkSizeRole] = "serverResponsePacketJunkSize";
-    roles[ServerCookieReplyPacketJunkSizeRole] = "serverCookieReplyPacketJunkSize";
-    roles[ServerTransportPacketJunkSizeRole] = "serverTransportPacketJunkSize";
-
     roles[ServerInitPacketMagicHeaderRole] = "serverInitPacketMagicHeader";
     roles[ServerResponsePacketMagicHeaderRole] = "serverResponsePacketMagicHeader";
     roles[ServerUnderloadPacketMagicHeaderRole] = "serverUnderloadPacketMagicHeader";
@@ -282,16 +200,6 @@ AwgConfig::AwgConfig(const QJsonObject &serverProtocolConfig)
     clientJunkPacketCount = clientProtocolConfig.value(config_key::junkPacketCount).toString(protocols::awg::defaultJunkPacketCount);
     clientJunkPacketMinSize = clientProtocolConfig.value(config_key::junkPacketMinSize).toString(protocols::awg::defaultJunkPacketMinSize);
     clientJunkPacketMaxSize = clientProtocolConfig.value(config_key::junkPacketMaxSize).toString(protocols::awg::defaultJunkPacketMaxSize);
-    clientSpecialJunk1 = clientProtocolConfig.value(config_key::specialJunk1).toString(protocols::awg::defaultSpecialJunk1);
-    clientSpecialJunk2 = clientProtocolConfig.value(config_key::specialJunk2).toString(protocols::awg::defaultSpecialJunk2);
-    clientSpecialJunk3 = clientProtocolConfig.value(config_key::specialJunk3).toString(protocols::awg::defaultSpecialJunk3);
-    clientSpecialJunk4 = clientProtocolConfig.value(config_key::specialJunk4).toString(protocols::awg::defaultSpecialJunk4);
-    clientSpecialJunk5 = clientProtocolConfig.value(config_key::specialJunk5).toString(protocols::awg::defaultSpecialJunk5);
-    clientControlledJunk1 = clientProtocolConfig.value(config_key::controlledJunk1).toString(protocols::awg::defaultControlledJunk1);
-    clientControlledJunk2 = clientProtocolConfig.value(config_key::controlledJunk2).toString(protocols::awg::defaultControlledJunk2);
-    clientControlledJunk3 = clientProtocolConfig.value(config_key::controlledJunk3).toString(protocols::awg::defaultControlledJunk3);
-    clientSpecialHandshakeTimeout =
-            clientProtocolConfig.value(config_key::specialHandshakeTimeout).toString(protocols::awg::defaultSpecialHandshakeTimeout);
 
     subnetAddress = serverProtocolConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress);
     port = serverProtocolConfig.value(config_key::port).toString(protocols::awg::defaultPort);
@@ -301,10 +209,6 @@ AwgConfig::AwgConfig(const QJsonObject &serverProtocolConfig)
     serverInitPacketJunkSize = serverProtocolConfig.value(config_key::initPacketJunkSize).toString(protocols::awg::defaultInitPacketJunkSize);
     serverResponsePacketJunkSize =
             serverProtocolConfig.value(config_key::responsePacketJunkSize).toString(protocols::awg::defaultResponsePacketJunkSize);
-    // serverCookieReplyPacketJunkSize =
-    //         serverProtocolConfig.value(config_key::cookieReplyPacketJunkSize).toString(protocols::awg::defaultCookieReplyPacketJunkSize);
-    // serverTransportPacketJunkSize =
-    //         serverProtocolConfig.value(config_key::transportPacketJunkSize).toString(protocols::awg::defaultTransportPacketJunkSize);
     serverInitPacketMagicHeader =
             serverProtocolConfig.value(config_key::initPacketMagicHeader).toString(protocols::awg::defaultInitPacketMagicHeader);
     serverResponsePacketMagicHeader =
@@ -320,8 +224,6 @@ bool AwgConfig::hasEqualServerSettings(const AwgConfig &other) const
     if (subnetAddress != other.subnetAddress || port != other.port || serverJunkPacketCount != other.serverJunkPacketCount
         || serverJunkPacketMinSize != other.serverJunkPacketMinSize || serverJunkPacketMaxSize != other.serverJunkPacketMaxSize
         || serverInitPacketJunkSize != other.serverInitPacketJunkSize || serverResponsePacketJunkSize != other.serverResponsePacketJunkSize
-        // || serverCookieReplyPacketJunkSize != other.serverCookieReplyPacketJunkSize
-        // || serverTransportPacketJunkSize != other.serverTransportPacketJunkSize
         || serverInitPacketMagicHeader != other.serverInitPacketMagicHeader
         || serverResponsePacketMagicHeader != other.serverResponsePacketMagicHeader
         || serverUnderloadPacketMagicHeader != other.serverUnderloadPacketMagicHeader
@@ -334,12 +236,7 @@ bool AwgConfig::hasEqualServerSettings(const AwgConfig &other) const
 bool AwgConfig::hasEqualClientSettings(const AwgConfig &other) const
 {
     if (clientMtu != other.clientMtu || clientJunkPacketCount != other.clientJunkPacketCount
-        || clientJunkPacketMinSize != other.clientJunkPacketMinSize || clientJunkPacketMaxSize != other.clientJunkPacketMaxSize
-        || clientSpecialJunk1 != other.clientSpecialJunk1 || clientSpecialJunk2 != other.clientSpecialJunk2
-        || clientSpecialJunk3 != other.clientSpecialJunk3 || clientSpecialJunk4 != other.clientSpecialJunk4
-        || clientSpecialJunk5 != other.clientSpecialJunk5 || clientControlledJunk1 != other.clientControlledJunk1
-        || clientControlledJunk2 != other.clientControlledJunk2 || clientControlledJunk3 != other.clientControlledJunk3
-        || clientSpecialHandshakeTimeout != other.clientSpecialHandshakeTimeout) {
+        || clientJunkPacketMinSize != other.clientJunkPacketMinSize || clientJunkPacketMaxSize != other.clientJunkPacketMaxSize) {
         return false;
     }
     return true;

client/ui/models/protocols/awgConfigModel.h

@@ -6,12 +6,9 @@
 
 #include "containers/containers_defs.h"
 
-namespace AwgConstant
-{
+namespace AwgConstant {
     const int messageInitiationSize = 148;
     const int messageResponseSize = 92;
-    const int messageCookieReplySize = 64;
-    const int messageTransportSize = 32;
 }
 
 struct AwgConfig
@@ -25,23 +22,12 @@ struct AwgConfig
     QString clientJunkPacketCount;
     QString clientJunkPacketMinSize;
     QString clientJunkPacketMaxSize;
-    QString clientSpecialJunk1;
-    QString clientSpecialJunk2;
-    QString clientSpecialJunk3;
-    QString clientSpecialJunk4;
-    QString clientSpecialJunk5;
-    QString clientControlledJunk1;
-    QString clientControlledJunk2;
-    QString clientControlledJunk3;
-    QString clientSpecialHandshakeTimeout;
 
     QString serverJunkPacketCount;
     QString serverJunkPacketMinSize;
     QString serverJunkPacketMaxSize;
     QString serverInitPacketJunkSize;
     QString serverResponsePacketJunkSize;
-    QString serverCookieReplyPacketJunkSize;
-    QString serverTransportPacketJunkSize;
     QString serverInitPacketMagicHeader;
     QString serverResponsePacketMagicHeader;
     QString serverUnderloadPacketMagicHeader;
@@ -49,6 +35,7 @@ struct AwgConfig
 
     bool hasEqualServerSettings(const AwgConfig &other) const;
     bool hasEqualClientSettings(const AwgConfig &other) const;
+
 };
 
 class AwgConfigModel : public QAbstractListModel
@@ -64,28 +51,16 @@ public:
         ClientJunkPacketCountRole,
         ClientJunkPacketMinSizeRole,
         ClientJunkPacketMaxSizeRole,
-        ClientSpecialJunk1Role,
-        ClientSpecialJunk2Role,
-        ClientSpecialJunk3Role,
-        ClientSpecialJunk4Role,
-        ClientSpecialJunk5Role,
-        ClientControlledJunk1Role,
-        ClientControlledJunk2Role,
-        ClientControlledJunk3Role,
-        ClientSpecialHandshakeTimeoutRole,
 
         ServerJunkPacketCountRole,
         ServerJunkPacketMinSizeRole,
         ServerJunkPacketMaxSizeRole,
         ServerInitPacketJunkSizeRole,
         ServerResponsePacketJunkSizeRole,
-        ServerCookieReplyPacketJunkSizeRole,
-        ServerTransportPacketJunkSizeRole,
-
         ServerInitPacketMagicHeaderRole,
         ServerResponsePacketMagicHeaderRole,
         ServerUnderloadPacketMagicHeaderRole,
-        ServerTransportPacketMagicHeaderRole,
+        ServerTransportPacketMagicHeaderRole
     };
 
     explicit AwgConfigModel(QObject *parent = nullptr);
@@ -100,7 +75,7 @@ public slots:
     QJsonObject getConfig();
 
     bool isHeadersEqual(const QString &h1, const QString &h2, const QString &h3, const QString &h4);
-    bool isPacketSizeEqual(const int s1, const int s2/*, const int s3, const int s4*/);
+    bool isPacketSizeEqual(const int s1, const int s2);
 
     bool isServerSettingsEqual();
 

client/ui/models/servers_model.cpp

@@ -8,8 +8,6 @@
     #include <AmneziaVPN-Swift.h>
 #endif
 
-#include "core/api/apiUtils.h"
-
 namespace
 {
     namespace configKey
@@ -68,7 +66,6 @@ bool ServersModel::setData(const QModelIndex &index, const QVariant &value, int
         } else {
             server.insert(config_key::description, value.toString());
         }
-        server.insert(config_key::nameOverriddenByUser, true);
         m_settings->editServer(index.row(), server);
         m_servers.replace(index.row(), server);
         if (index.row() == m_defaultServerIndex) {
@@ -429,7 +426,7 @@ void ServersModel::updateDefaultServerContainersModel()
     emit defaultServerContainersUpdated(containers);
 }
 
-QJsonObject ServersModel::getServerConfig(const int serverIndex) const
+QJsonObject ServersModel::getServerConfig(const int serverIndex)
 {
     return m_servers.at(serverIndex).toObject();
 }
@@ -816,8 +813,3 @@ const QString ServersModel::getDefaultServerImagePathCollapsed()
     }
     return QString("qrc:/countriesFlags/images/flagKit/%1.svg").arg(countryCode.toUpper());
 }
-
-bool ServersModel::processedServerIsPremium() const
-{
-    return apiUtils::isPremiumServer(getServerConfig(m_processedServerIndex));
-}

client/ui/models/servers_model.h

@@ -63,9 +63,6 @@ public:
     Q_PROPERTY(bool isDefaultServerFromApi READ isDefaultServerFromApi NOTIFY defaultServerIndexChanged)
 
     Q_PROPERTY(int processedIndex READ getProcessedServerIndex WRITE setProcessedServerIndex NOTIFY processedServerIndexChanged)
-    Q_PROPERTY(bool processedServerIsPremium READ processedServerIsPremium NOTIFY processedServerChanged)
-
-    bool processedServerIsPremium() const;
 
 public slots:
     void setDefaultServerIndex(const int index);
@@ -95,7 +92,7 @@ public slots:
     void removeServer();
     void removeServer(const int serverIndex);
 
-    QJsonObject getServerConfig(const int serverIndex) const;
+    QJsonObject getServerConfig(const int serverIndex);
 
     void reloadDefaultServerContainerConfig();
     void updateContainerConfig(const int containerIndex, const QJsonObject config);

client/ui/qml/Components/AwgTextField.qml

@@ -1,15 +0,0 @@
-pragma ComponentBehavior: Bound
-
-import QtQuick
-import QtQuick.Layouts
-
-import "../Controls2"
-
-TextFieldWithHeaderType {
-    Layout.fillWidth: true
-    Layout.topMargin: 16
-
-    textField.validator: IntValidator { bottom: 0 }
-
-    checkEmptyText: true
-}

client/ui/qml/Components/SettingsContainersListView.qml

@@ -13,7 +13,7 @@ import "../Controls2"
 import "../Controls2/TextTypes"
 
 
-ListView {
+ListViewType {
     id: root
 
     width: parent.width

client/ui/qml/Controls2/FlickableType.qml

@@ -27,6 +27,5 @@ Flickable {
 
     ScrollBar.vertical: ScrollBarType {
         id: scrollBar
-        policy: fl.height >= fl.contentHeight ? ScrollBar.AlwaysOff : ScrollBar.AlwaysOn
     }
 }

client/ui/qml/Controls2/ScrollBarType.qml

@@ -7,5 +7,5 @@ import "../Controls2"
 ScrollBar {
     id: root
     
-    policy: parent.height >= parent.contentHeight ? ScrollBar.AlwaysOff : ScrollBar.AlwaysOn
+    policy: ScrollBar.AsNeeded
 }

client/ui/qml/Pages2/PageHome.qml

@@ -101,8 +101,8 @@ PageType {
                 visible: isLoggingEnabled ? true : false
                 text: qsTr("Logging enabled")
 
-                Keys.onEnterPressed: loggingButton.clicked()
-                Keys.onReturnPressed: loggingButton.clicked()
+                Keys.onEnterPressed: this.clicked()
+                Keys.onReturnPressed: this.clicked()
 
                 onClicked: {
                     PageController.goToPage(PageEnum.PageSettingsLogging)
@@ -147,8 +147,8 @@ PageType {
                 leftImageColor: ""
                 rightImageSource: "qrc:/images/controls/chevron-down.svg"
 
-                Keys.onEnterPressed: splitTunnelingButton.clicked()
-                Keys.onReturnPressed: splitTunnelingButton.clicked()
+                Keys.onEnterPressed: this.clicked()
+                Keys.onReturnPressed: this.clicked()
 
                 onClicked: {
                     homeSplitTunnelingDrawer.openTriggered()
@@ -276,8 +276,8 @@ PageType {
                         topPadding: 4
                         bottomPadding: 3
 
-                        Keys.onEnterPressed: collapsedButtonChevron.clicked()
-                        Keys.onReturnPressed: collapsedButtonChevron.clicked()
+                        Keys.onEnterPressed: this.clicked()
+                        Keys.onReturnPressed: this.clicked()
 
                         onClicked: {
                             if (drawer.isCollapsedStateActive()) {
@@ -320,6 +320,9 @@ PageType {
 
                         rightImageSource: hoverEnabled ? "qrc:/images/controls/chevron-down.svg" : ""
 
+                        Keys.onEnterPressed: this.clicked()
+                        Keys.onReturnPressed: this.clicked()
+
                         onClicked: {
                             ServersModel.processedIndex = ServersModel.defaultIndex
 

client/ui/qml/Pages2/PageProtocolAwgClientSettings.qml

@@ -115,10 +115,14 @@ PageType {
                     KeyNavigation.tab: junkPacketCountTextField.textField
                 }
 
-                AwgTextField {
+                TextFieldWithHeaderType {
                     id: junkPacketCountTextField
+                    Layout.fillWidth: true
+                    Layout.topMargin: 16
+
                     headerText: "Jc - Junk packet count"
                     textField.text: clientJunkPacketCount
+                    textField.validator: IntValidator { bottom: 0 }
 
                     textField.onEditingFinished: {
                         if (textField.text !== clientJunkPacketCount) {
@@ -126,13 +130,19 @@ PageType {
                         }
                     }
 
+                    checkEmptyText: true
+
                     KeyNavigation.tab: junkPacketMinSizeTextField.textField
                 }
 
-                AwgTextField {
+                TextFieldWithHeaderType {
                     id: junkPacketMinSizeTextField
+                    Layout.fillWidth: true
+                    Layout.topMargin: 16
+
                     headerText: "Jmin - Junk packet minimum size"
                     textField.text: clientJunkPacketMinSize
+                    textField.validator: IntValidator { bottom: 0 }
 
                     textField.onEditingFinished: {
                         if (textField.text !== clientJunkPacketMinSize) {
@@ -140,144 +150,28 @@ PageType {
                         }
                     }
 
+                    checkEmptyText: true
+
                     KeyNavigation.tab: junkPacketMaxSizeTextField.textField
                 }
 
-                AwgTextField {
+                TextFieldWithHeaderType {
                     id: junkPacketMaxSizeTextField
+                    Layout.fillWidth: true
+                    Layout.topMargin: 16
+
                     headerText: "Jmax - Junk packet maximum size"
                     textField.text: clientJunkPacketMaxSize
+                    textField.validator: IntValidator { bottom: 0 }
 
                     textField.onEditingFinished: {
                         if (textField.text !== clientJunkPacketMaxSize) {
                             clientJunkPacketMaxSize = textField.text
                         }
                     }
-                }
 
-                AwgTextField {
-                    id: specialJunk1TextField
-                    headerText: qsTr("I1 - First special junk packet")
-                    textField.text: clientSpecialJunk1
-                    textField.validator: null
-                    checkEmptyText: false
+                    checkEmptyText: true
 
-                    textField.onEditingFinished: {
-                        if (textField.text !== clientSpecialJunk1) {
-                            clientSpecialJunk1 = textField.text
-                        }
-                    }
-                }
-
-                AwgTextField {
-                    id: specialJunk2TextField
-                    headerText: qsTr("I2 - Second special junk packet")
-                    textField.text: clientSpecialJunk2
-                    textField.validator: null
-                    checkEmptyText: false
-
-                    textField.onEditingFinished: {
-                        if (textField.text !== clientSpecialJunk2) {
-                            clientSpecialJunk2 = textField.text
-                        }
-                    }
-                }
-
-                AwgTextField {
-                    id: specialJunk3TextField
-                    headerText: qsTr("I3 - Third special junk packet")
-                    textField.text: clientSpecialJunk3
-                    textField.validator: null
-                    checkEmptyText: false
-
-                    textField.onEditingFinished: {
-                        if (textField.text !== clientSpecialJunk3) {
-                            clientSpecialJunk3 = textField.text
-                        }
-                    }
-                }
-
-                AwgTextField {
-                    id: specialJunk4TextField
-                    headerText: qsTr("I4 - Fourth special junk packet")
-                    textField.text: clientSpecialJunk4
-                    textField.validator: null
-                    checkEmptyText: false
-
-                    textField.onEditingFinished: {
-                        if (textField.text !== clientSpecialJunk4) {
-                            clientSpecialJunk4 = textField.text
-                        }
-                    }
-                }
-
-                AwgTextField {
-                    id: specialJunk5TextField
-                    headerText: qsTr("I5 - Fifth special junk packet")
-                    textField.text: clientSpecialJunk5
-                    textField.validator: null
-                    checkEmptyText: false
-
-                    textField.onEditingFinished: {
-                        if (textField.text !== clientSpecialJunk5 ) {
-                            clientSpecialJunk5 = textField.text
-                        }
-                    }
-                }
-
-                AwgTextField {
-                    id: controlledJunk1TextField
-                    headerText: qsTr("J1 - First controlled junk packet")
-                    textField.text: clientControlledJunk1
-                    textField.validator: null
-                    checkEmptyText: false
-
-                    textField.onEditingFinished: {
-                        if (textField.text !== clientControlledJunk1) {
-                            clientControlledJunk1 = textField.text
-                        }
-                    }
-                }
-
-                AwgTextField {
-                    id: controlledJunk2TextField
-                    headerText: qsTr("J2 - Second controlled junk packet")
-                    textField.text: clientControlledJunk2
-                    textField.validator: null
-                    checkEmptyText: false
-
-                    textField.onEditingFinished: {
-                        if (textField.text !== clientControlledJunk2) {
-                            clientControlledJunk2 = textField.text
-                        }
-                    }
-                }
-
-                AwgTextField {
-                    id: controlledJunk3TextField
-                    headerText: qsTr("J3 - Third controlled junk packet")
-                    textField.text: clientControlledJunk3
-                    textField.validator: null
-                    checkEmptyText: false
-
-                    textField.onEditingFinished: {
-                        if (textField.text !== clientControlledJunk3) {
-                            clientControlledJunk3 = textField.text
-                        }
-                    }
-                }
-
-                AwgTextField {
-                    id: iTimeTextField
-                    headerText: qsTr("Itime - Special handshake timeout")
-                    textField.text: clientSpecialHandshakeTimeout
-                    checkEmptyText: false
-
-                    textField.onEditingFinished: {
-                        if (textField.text !== clientSpecialHandshakeTimeout) {
-                            clientSpecialHandshakeTimeout = textField.text
-                        }
-                    }
                 }
 
                 Header2TextType {
@@ -287,78 +181,82 @@ PageType {
                     text: qsTr("Server settings")
                 }
 
-                AwgTextField {
+                TextFieldWithHeaderType {
                     id: portTextField
+                    Layout.fillWidth: true
+                    Layout.topMargin: 8
+
                     enabled: false
 
                     headerText: qsTr("Port")
                     textField.text: port
                 }
 
-                AwgTextField {
+                TextFieldWithHeaderType {
                     id: initPacketJunkSizeTextField
+                    Layout.fillWidth: true
+                    Layout.topMargin: 16
+
                     enabled: false
 
                     headerText: "S1 - Init packet junk size"
                     textField.text: serverInitPacketJunkSize
                 }
 
-                AwgTextField {
+                TextFieldWithHeaderType {
                     id: responsePacketJunkSizeTextField
+                    Layout.fillWidth: true
+                    Layout.topMargin: 16
+
                     enabled: false
 
                     headerText: "S2 - Response packet junk size"
                     textField.text: serverResponsePacketJunkSize
                 }
 
-                // AwgTextField {
-                //     id: cookieReplyPacketJunkSizeTextField
-                //     enabled: false
-
-                //     headerText: "S3 - Cookie Reply packet junk size"
-                //     textField.text: serverCookieReplyPacketJunkSize
-                // }
-
-                // AwgTextField {
-                //     id: transportPacketJunkSizeTextField
-                //     enabled: false
-
-                //     headerText: "S4 - Transport packet junk size"
-                //     textField.text: serverTransportPacketJunkSize
-                // }
-
-                AwgTextField {
+                TextFieldWithHeaderType {
                     id: initPacketMagicHeaderTextField
+                    Layout.fillWidth: true
+                    Layout.topMargin: 16
+
                     enabled: false
 
                     headerText: "H1 - Init packet magic header"
                     textField.text: serverInitPacketMagicHeader
                 }
 
-                AwgTextField {
+                TextFieldWithHeaderType {
                     id: responsePacketMagicHeaderTextField
+                    Layout.fillWidth: true
+                    Layout.topMargin: 16
+
                     enabled: false
 
                     headerText: "H2 - Response packet magic header"
                     textField.text: serverResponsePacketMagicHeader
                 }
 
-                AwgTextField {
+                TextFieldWithHeaderType {
                     id: underloadPacketMagicHeaderTextField
+                    Layout.fillWidth: true
+                    Layout.topMargin: 16
+
                     enabled: false
 
                     headerText: "H3 - Underload packet magic header"
                     textField.text: serverUnderloadPacketMagicHeader
                 }
 
-                AwgTextField {
+                TextFieldWithHeaderType {
                     id: transportPacketMagicHeaderTextField
+                    Layout.fillWidth: true
+                    Layout.topMargin: 16
+
                     enabled: false
 
                     headerText: "H4 - Transport packet magic header"
                     textField.text: serverTransportPacketMagicHeader
                 }
-
             }
         }
     }

client/ui/qml/Pages2/PageProtocolAwgSettings.qml

@@ -138,138 +138,183 @@ PageType {
                     checkEmptyText: true
                 }
 
-                AwgTextField {
+                TextFieldWithHeaderType {
                     id: junkPacketCountTextField
+                    Layout.fillWidth: true
+                    Layout.topMargin: 16
+
                     headerText: qsTr("Jc - Junk packet count")
                     textField.text: serverJunkPacketCount
+                    textField.validator: IntValidator { bottom: 0 }
 
                     textField.onEditingFinished: {
+                        if (textField.text === "") {
+                            textField.text = "0"
+                        }
+
                         if (textField.text !== serverJunkPacketCount) {
                             serverJunkPacketCount = textField.text
                         }
                     }
+
+                    checkEmptyText: true
                 }
 
-                AwgTextField {
+                TextFieldWithHeaderType {
                     id: junkPacketMinSizeTextField
+                    Layout.fillWidth: true
+                    Layout.topMargin: 16
+
                     headerText: qsTr("Jmin - Junk packet minimum size")
                     textField.text: serverJunkPacketMinSize
+                    textField.validator: IntValidator { bottom: 0 }
 
                     textField.onEditingFinished: {
                         if (textField.text !== serverJunkPacketMinSize) {
                             serverJunkPacketMinSize = textField.text
                         }
                     }
+
+                    checkEmptyText: true
                 }
 
-                AwgTextField {
+                TextFieldWithHeaderType {
                     id: junkPacketMaxSizeTextField
+                    Layout.fillWidth: true
+                    Layout.topMargin: 16
+
                     headerText: qsTr("Jmax - Junk packet maximum size")
                     textField.text: serverJunkPacketMaxSize
+                    textField.validator: IntValidator { bottom: 0 }
 
                     textField.onEditingFinished: {
                         if (textField.text !== serverJunkPacketMaxSize) {
                             serverJunkPacketMaxSize = textField.text
                         }
                     }
+
+                    checkEmptyText: true
                 }
 
-                AwgTextField {
+                TextFieldWithHeaderType {
                     id: initPacketJunkSizeTextField
+                    Layout.fillWidth: true
+                    Layout.topMargin: 16
+
                     headerText: qsTr("S1 - Init packet junk size")
                     textField.text: serverInitPacketJunkSize
+                    textField.validator: IntValidator { bottom: 0 }
 
                     textField.onEditingFinished: {
                         if (textField.text !== serverInitPacketJunkSize) {
                             serverInitPacketJunkSize = textField.text
                         }
                     }
+
+                    checkEmptyText: true
+
+                    onActiveFocusChanged: {
+                        if(activeFocus) {
+                            listview.positionViewAtEnd()
+                        }
+                    }
                 }
 
-                AwgTextField {
+                TextFieldWithHeaderType {
                     id: responsePacketJunkSizeTextField
+                    Layout.fillWidth: true
+                    Layout.topMargin: 16
+
                     headerText: qsTr("S2 - Response packet junk size")
                     textField.text: serverResponsePacketJunkSize
+                    textField.validator: IntValidator { bottom: 0 }
 
                     textField.onEditingFinished: {
                         if (textField.text !== serverResponsePacketJunkSize) {
                             serverResponsePacketJunkSize = textField.text
                         }
                     }
+
+                    checkEmptyText: true
+
+                    onActiveFocusChanged: {
+                        if(activeFocus) {
+                            listview.positionViewAtEnd()
+                        }
+                    }
                 }
 
-                // AwgTextField {
-                //     id: cookieReplyPacketJunkSizeTextField
-                //     headerText: qsTr("S3 - Cookie reply packet junk size")
-                //     textField.text: serverCookieReplyPacketJunkSize
-
-                //     textField.onEditingFinished: {
-                //         if (textField.text !== serverCookieReplyPacketJunkSize) {
-                //             serverCookieReplyPacketJunkSize = textField.text
-                //         }
-                //     }
-                // }
-
-                // AwgTextField {
-                //     id: transportPacketJunkSizeTextField
-                //     headerText: qsTr("S4 - Transport packet junk size")
-                //     textField.text: serverTransportPacketJunkSize
-
-                //     textField.onEditingFinished: {
-                //         if (textField.text !== serverTransportPacketJunkSize) {
-                //             serverTransportPacketJunkSize = textField.text
-                //         }
-                //     }
-                // }
-
-                AwgTextField {
+                TextFieldWithHeaderType {
                     id: initPacketMagicHeaderTextField
+                    Layout.fillWidth: true
+                    Layout.topMargin: 16
+
                     headerText: qsTr("H1 - Init packet magic header")
                     textField.text: serverInitPacketMagicHeader
+                    textField.validator: IntValidator { bottom: 0 }
 
                     textField.onEditingFinished: {
                         if (textField.text !== serverInitPacketMagicHeader) {
                             serverInitPacketMagicHeader = textField.text
                         }
                     }
+
+                    checkEmptyText: true
                 }
 
-                AwgTextField {
+                TextFieldWithHeaderType {
                     id: responsePacketMagicHeaderTextField
+                    Layout.fillWidth: true
+                    Layout.topMargin: 16
+
                     headerText: qsTr("H2 - Response packet magic header")
                     textField.text: serverResponsePacketMagicHeader
+                    textField.validator: IntValidator { bottom: 0 }
 
                     textField.onEditingFinished: {
                         if (textField.text !== serverResponsePacketMagicHeader) {
                             serverResponsePacketMagicHeader = textField.text
                         }
                     }
+
+                    checkEmptyText: true
                 }
 
-                AwgTextField {
-                    id: underloadPacketMagicHeaderTextField
-                    headerText: qsTr("H3 - Underload packet magic header")
-                    textField.text: serverUnderloadPacketMagicHeader
-
-                    textField.onEditingFinished: {
-                        if (textField.text !== serverUnderloadPacketMagicHeader) {
-                            serverUnderloadPacketMagicHeader = textField.text
-                        }
-                    }
-                }
-
-                AwgTextField {
+                TextFieldWithHeaderType {
                     id: transportPacketMagicHeaderTextField
+                    Layout.fillWidth: true
+                    Layout.topMargin: 16
+
                     headerText: qsTr("H4 - Transport packet magic header")
                     textField.text: serverTransportPacketMagicHeader
+                    textField.validator: IntValidator { bottom: 0 }
 
                     textField.onEditingFinished: {
                         if (textField.text !== serverTransportPacketMagicHeader) {
                             serverTransportPacketMagicHeader = textField.text
                         }
                     }
+
+                    checkEmptyText: true
                 }
 
+                TextFieldWithHeaderType {
+                    id: underloadPacketMagicHeaderTextField
+                    Layout.fillWidth: true
+                    Layout.topMargin: 16
+
+                    headerText: qsTr("H3 - Underload packet magic header")
+                    textField.text: serverUnderloadPacketMagicHeader
+                    textField.validator: IntValidator { bottom: 0 }
+
+                    textField.onEditingFinished: {
+                        if (textField.text !== serverUnderloadPacketMagicHeader) {
+                            serverUnderloadPacketMagicHeader = textField.text
+                        }
+                    }
+
+                    checkEmptyText: true
+                }
 
                 BasicButtonType {
                     id: saveRestartButton
@@ -283,8 +328,6 @@ PageType {
                              responsePacketMagicHeaderTextField.errorText === "" &&
                              initPacketMagicHeaderTextField.errorText === "" &&
                              responsePacketJunkSizeTextField.errorText === "" &&
-                             // cookieReplyHeaderJunkTextField.errorText === "" &&
-                             // transportHeaderJunkTextField.errorText === "" &&
                              initPacketJunkSizeTextField.errorText === "" &&
                              junkPacketMaxSizeTextField.errorText === "" &&
                              junkPacketMinSizeTextField.errorText === "" &&
@@ -317,13 +360,6 @@ PageType {
                                 PageController.showErrorMessage(qsTr("The value of the field S1 + message initiation size (148) must not equal S2 + message response size (92)"))
                                 return
                             }
-                            // if (AwgConfigModel.isPacketSizeEqual(parseInt(initPacketJunkSizeTextField.textField.text),
-                            //                                     parseInt(responsePacketJunkSizeTextField.textField.text),
-                            //                                     parseInt(cookieReplyPacketJunkSizeTextField.textField.text),
-                            //                                     parseInt(transportPacketJunkSizeTextField.textField.text))) {
-                            //     PageController.showErrorMessage(qsTr("The value of the field S1 + message initiation size (148) must not equal S2 + message response size (92) + S3 + cookie reply size (64) + S4 + transport packet size (32)"))
-                            //     return
-                            // }
                         }
 
                         var headerText = qsTr("Save settings?")

client/ui/qml/Pages2/PageProtocolCloakSettings.qml

@@ -59,14 +59,11 @@ PageType {
                 model: CloakConfigModel
 
                 delegate: Item {
-                    id: delegateItem
-
-                    property alias trafficFromField: trafficFromField
-                    property bool isEnabled: ServersModel.isProcessedServerHasWriteAccess()
-
                     implicitWidth: listview.width
                     implicitHeight: col.implicitHeight
 
+                    property alias trafficFromField: trafficFromField
+
                     ColumnLayout {
                         id: col
 
@@ -81,6 +78,7 @@ PageType {
 
                         BaseHeaderType {
                             Layout.fillWidth: true
+
                             headerText: qsTr("Cloak settings")
                         }
 
@@ -90,8 +88,6 @@ PageType {
                             Layout.fillWidth: true
                             Layout.topMargin: 32
 
-                            enabled: delegateItem.isEnabled
-
                             headerText: qsTr("Disguised as traffic from")
                             textField.text: site
 
@@ -108,8 +104,6 @@ PageType {
                                     }
                                 }
                             }
-
-                            checkEmptyText: true
                         }
 
                         TextFieldWithHeaderType {
@@ -118,8 +112,6 @@ PageType {
                             Layout.fillWidth: true
                             Layout.topMargin: 16
 
-                            enabled: delegateItem.isEnabled
-
                             headerText: qsTr("Port")
                             textField.text: port
                             textField.maximumLength: 5
@@ -130,8 +122,6 @@ PageType {
                                     port = textField.text
                                 }
                             }
-
-                            checkEmptyText: true
                         }
 
                         DropDownType {
@@ -139,8 +129,6 @@ PageType {
                             Layout.fillWidth: true
                             Layout.topMargin: 16
 
-                            enabled: delegateItem.isEnabled
-
                             descriptionText: qsTr("Cipher")
                             headerText: qsTr("Cipher")
 
@@ -178,46 +166,25 @@ PageType {
                         }
 
                         BasicButtonType {
-                            id: saveButton
+                            id: saveRestartButton
 
                             Layout.fillWidth: true
                             Layout.topMargin: 24
                             Layout.bottomMargin: 24
 
-                            enabled: trafficFromField.errorText === "" &&
-                                     portTextField.errorText === ""
-
                             text: qsTr("Save")
 
                             clickedFunc: function() {
                                 forceActiveFocus()
 
-                                var headerText = qsTr("Save settings?")
-                                var descriptionText = qsTr("All users with whom you shared a connection with will no longer be able to connect to it.")
-                                var yesButtonText = qsTr("Continue")
-                                var noButtonText = qsTr("Cancel")
-
-                                var yesButtonFunction = function() {
-                                    if (ConnectionController.isConnected && ServersModel.getDefaultServerData("defaultContainer") === ContainersModel.getProcessedContainerIndex()) {
-                                        PageController.showNotificationMessage(qsTr("Unable change settings while there is an active connection"))
-                                        return
-                                    }
-
-                                    PageController.goToPage(PageEnum.PageSetupWizardInstalling)
-                                    InstallController.updateContainer(CloakConfigModel.getConfig())
+                                if (ConnectionController.isConnected && ServersModel.getDefaultServerData("defaultContainer") === ContainersModel.getProcessedContainerIndex()) {
+                                    PageController.showNotificationMessage(qsTr("Unable change settings while there is an active connection"))
+                                    return
                                 }
 
-                                var noButtonFunction = function() {
-                                    if (!GC.isMobile()) {
-                                        saveButton.forceActiveFocus()
-                                    }
-                                }
-
-                                showQuestionDrawer(headerText, descriptionText, yesButtonText, noButtonText, yesButtonFunction, noButtonFunction)
+                                PageController.goToPage(PageEnum.PageSetupWizardInstalling);
+                                InstallController.updateContainer(CloakConfigModel.getConfig())
                             }
-
-                            Keys.onEnterPressed: saveButton.clicked()
-                            Keys.onReturnPressed: saveButton.clicked()
                         }
                     }
                 }

client/ui/qml/Pages2/PageProtocolOpenVpnSettings.qml

@@ -58,14 +58,11 @@ PageType {
                 model: OpenVpnConfigModel             
 
                 delegate: Item {
-                    id: delegateItem
-
-                    property alias vpnAddressSubnetTextField: vpnAddressSubnetTextField
-                    property bool isEnabled: ServersModel.isProcessedServerHasWriteAccess()
-
                     implicitWidth: listview.width
                     implicitHeight: col.implicitHeight
 
+                    property alias vpnAddressSubnetTextField: vpnAddressSubnetTextField
+
                     ColumnLayout {
                         id: col
 
@@ -80,6 +77,7 @@ PageType {
 
                         BaseHeaderType {
                             Layout.fillWidth: true
+
                             headerText: qsTr("OpenVPN settings")
                         }
 
@@ -89,8 +87,6 @@ PageType {
                             Layout.fillWidth: true
                             Layout.topMargin: 32
 
-                            enabled: delegateItem.isEnabled
-
                             headerText: qsTr("VPN address subnet")
                             textField.text: subnetAddress
 
@@ -101,8 +97,6 @@ PageType {
                                     subnetAddress = textField.text
                                 }
                             }
-
-                            checkEmptyText: true
                         }
 
                         ParagraphTextType {
@@ -140,7 +134,7 @@ PageType {
                             Layout.topMargin: 40
                             parentFlickable: fl
 
-                            enabled: delegateItem.isEnabled
+                            enabled: isPortEditable
 
                             headerText: qsTr("Port")
                             textField.text: port
@@ -152,8 +146,6 @@ PageType {
                                     port = textField.text
                                 }
                             }
-
-                            checkEmptyText: true
                         }
 
                         SwitcherType {
@@ -396,45 +388,26 @@ PageType {
                         }
 
                         BasicButtonType {
-                            id: saveButton
+                            id: saveRestartButton
 
                             Layout.fillWidth: true
                             Layout.topMargin: 24
                             Layout.bottomMargin: 24
 
-                            enabled: vpnAddressSubnetTextField.errorText === "" &&
-                                     portTextField.errorText === ""
-
                             text: qsTr("Save")
                             parentFlickable: fl
 
-                            onClicked: function() {
+                            clickedFunc: function() {
                                 forceActiveFocus()
 
-                                var headerText = qsTr("Save settings?")
-                                var descriptionText = qsTr("All users with whom you shared a connection with will no longer be able to connect to it.")
-                                var yesButtonText = qsTr("Continue")
-                                var noButtonText = qsTr("Cancel")
-
-                                var yesButtonFunction = function() {
-                                    if (ConnectionController.isConnected && ServersModel.getDefaultServerData("defaultContainer") === ContainersModel.getProcessedContainerIndex()) {
-                                        PageController.showNotificationMessage(qsTr("Unable change settings while there is an active connection"))
-                                        return
-                                    }
-
-                                    PageController.goToPage(PageEnum.PageSetupWizardInstalling);
-                                    InstallController.updateContainer(OpenVpnConfigModel.getConfig())
+                                if (ConnectionController.isConnected && ServersModel.getDefaultServerData("defaultContainer") === ContainersModel.getProcessedContainerIndex()) {
+                                    PageController.showNotificationMessage(qsTr("Unable change settings while there is an active connection"))
+                                    return
                                 }
-                                var noButtonFunction = function() {
-                                    if (!GC.isMobile()) {
-                                        saveButton.forceActiveFocus()
-                                    }
-                                }
-                                showQuestionDrawer(headerText, descriptionText, yesButtonText, noButtonText, yesButtonFunction, noButtonFunction)
+
+                                PageController.goToPage(PageEnum.PageSetupWizardInstalling);
+                                InstallController.updateContainer(OpenVpnConfigModel.getConfig())
                             }
-
-                            Keys.onEnterPressed: saveButton.clicked()
-                            Keys.onReturnPressed: saveButton.clicked()
                         }
                     }
                 }

client/ui/qml/Pages2/PageProtocolShadowSocksSettings.qml

@@ -57,13 +57,15 @@ PageType {
                 model: ShadowSocksConfigModel
 
                 delegate: Item {
-                    id: delegateItem
-
-                    property bool isEnabled: ServersModel.isProcessedServerHasWriteAccess()
-
                     implicitWidth: listview.width
                     implicitHeight: col.implicitHeight
 
+                    property var focusItemId: portTextField.enabled ?
+                                                    portTextField :
+                                                    cipherDropDown.enabled ?
+                                                        cipherDropDown :
+                                                        saveRestartButton
+
                     ColumnLayout {
                         id: col
 
@@ -78,6 +80,7 @@ PageType {
 
                         BaseHeaderType {
                             Layout.fillWidth: true
+
                             headerText: qsTr("Shadowsocks settings")
                         }
 
@@ -87,7 +90,7 @@ PageType {
                             Layout.fillWidth: true
                             Layout.topMargin: 40
 
-                            enabled: delegateItem.isEnabled
+                            enabled: isPortEditable
 
                             headerText: qsTr("Port")
                             textField.text: port
@@ -99,8 +102,6 @@ PageType {
                                     port = textField.text
                                 }
                             }
-
-                            checkEmptyText: true
                         }
 
                         DropDownType {
@@ -108,7 +109,7 @@ PageType {
                             Layout.fillWidth: true
                             Layout.topMargin: 20
 
-                            enabled: delegateItem.isEnabled
+                            enabled: isCipherEditable
 
                             descriptionText: qsTr("Cipher")
                             headerText: qsTr("Cipher")
@@ -148,43 +149,27 @@ PageType {
                         }
 
                         BasicButtonType {
-                            id: saveButton
+                            id: saveRestartButton
 
                             Layout.fillWidth: true
                             Layout.topMargin: 24
                             Layout.bottomMargin: 24
 
-                            enabled: portTextField.errorText === ""
+                            enabled: isPortEditable | isCipherEditable
 
                             text: qsTr("Save")
 
                             clickedFunc: function() {
                                 forceActiveFocus()
 
-                                var headerText = qsTr("Save settings?")
-                                var descriptionText = qsTr("All users with whom you shared a connection with will no longer be able to connect to it.")
-                                var yesButtonText = qsTr("Continue")
-                                var noButtonText = qsTr("Cancel")
-
-                                var yesButtonFunction = function() {
-                                    if (ConnectionController.isConnected && ServersModel.getDefaultServerData("defaultContainer") === ContainersModel.getProcessedContainerIndex()) {
-                                        PageController.showNotificationMessage(qsTr("Unable change settings while there is an active connection"))
-                                        return
-                                    }
-
-                                    PageController.goToPage(PageEnum.PageSetupWizardInstalling);
-                                    InstallController.updateContainer(ShadowSocksConfigModel.getConfig())
+                                if (ConnectionController.isConnected && ServersModel.getDefaultServerData("defaultContainer") === ContainersModel.getProcessedContainerIndex()) {
+                                    PageController.showNotificationMessage(qsTr("Unable change settings while there is an active connection"))
+                                    return
                                 }
-                                var noButtonFunction = function() {
-                                    if (!GC.isMobile()) {
-                                        saveButton.forceActiveFocus()
-                                    }
-                                }
-                                showQuestionDrawer(headerText, descriptionText, yesButtonText, noButtonText, yesButtonFunction, noButtonFunction)
+
+                                PageController.goToPage(PageEnum.PageSetupWizardInstalling);
+                                InstallController.updateContainer(ShadowSocksConfigModel.getConfig())
                             }
-
-                            Keys.onEnterPressed: saveButton.clicked()
-                            Keys.onReturnPressed: saveButton.clicked()
                         }
                     }
                 }

client/ui/qml/Pages2/PageProtocolWireGuardSettings.qml

@@ -152,14 +152,14 @@ PageType {
                                 }
                                 var noButtonFunction = function() {
                                     if (!GC.isMobile()) {
-                                        saveButton.forceActiveFocus()
+                                        saveRestartButton.forceActiveFocus()
                                     }
                                 }
                                 showQuestionDrawer(headerText, descriptionText, yesButtonText, noButtonText, yesButtonFunction, noButtonFunction)
                             }
 
-                            Keys.onEnterPressed: saveButton.clicked()
-                            Keys.onReturnPressed: saveButton.clicked()
+                            Keys.onEnterPressed: this.clicked()
+                            Keys.onReturnPressed: this.clicked()
                         }
                     }
                 }

client/ui/qml/Pages2/PageProtocolXraySettings.qml

@@ -58,10 +58,7 @@ PageType {
                 model: XrayConfigModel
 
                 delegate: Item {
-                    id: delegateItem
-
                     property alias focusItemId: textFieldWithHeaderType.textField
-                    property bool isEnabled: ServersModel.isProcessedServerHasWriteAccess()
 
                     implicitWidth: listview.width
                     implicitHeight: col.implicitHeight
@@ -88,8 +85,6 @@ PageType {
                             Layout.fillWidth: true
                             Layout.topMargin: 32
 
-                            enabled: delegateItem.isEnabled
-
                             headerText: qsTr("Disguised as traffic from")
                             textField.text: site
 
@@ -106,8 +101,6 @@ PageType {
                                     }
                                 }
                             }
-
-                            checkEmptyText: true
                         }
 
                         TextFieldWithHeaderType {
@@ -137,38 +130,23 @@ PageType {
                             Layout.topMargin: 24
                             Layout.bottomMargin: 24
 
-                            enabled: portTextField.errorText === ""
-
                             text: qsTr("Save")
 
-                            onClicked: function() {
+                            onClicked: {
                                 forceActiveFocus()
 
-                                var headerText = qsTr("Save settings?")
-                                var descriptionText = qsTr("All users with whom you shared a connection with will no longer be able to connect to it.")
-                                var yesButtonText = qsTr("Continue")
-                                var noButtonText = qsTr("Cancel")
-
-                                var yesButtonFunction = function() {
-                                    if (ConnectionController.isConnected && ServersModel.getDefaultServerData("defaultContainer") === ContainersModel.getProcessedContainerIndex()) {
-                                        PageController.showNotificationMessage(qsTr("Unable change settings while there is an active connection"))
-                                        return
-                                    }
-
-                                    PageController.goToPage(PageEnum.PageSetupWizardInstalling);
-                                    InstallController.updateContainer(XrayConfigModel.getConfig())
-                                    //focusItem.forceActiveFocus()
+                                if (ConnectionController.isConnected && ServersModel.getDefaultServerData("defaultContainer") === ContainersModel.getProcessedContainerIndex()) {
+                                    PageController.showNotificationMessage(qsTr("Unable change settings while there is an active connection"))
+                                    return
                                 }
-                                var noButtonFunction = function() {
-                                    if (!GC.isMobile()) {
-                                        saveButton.forceActiveFocus()
-                                    }
-                                }
-                                showQuestionDrawer(headerText, descriptionText, yesButtonText, noButtonText, yesButtonFunction, noButtonFunction)
+
+                                PageController.goToPage(PageEnum.PageSetupWizardInstalling);
+                                InstallController.updateContainer(XrayConfigModel.getConfig())
+                                focusItem.forceActiveFocus()
                             }
 
-                            Keys.onEnterPressed: saveButton.clicked()
-                            Keys.onReturnPressed: saveButton.clicked()
+                            Keys.onEnterPressed: this.clicked()
+                            Keys.onReturnPressed: this.clicked()
                         }
                     }
                 }

client/ui/qml/Pages2/PageSettingsApiServerInfo.qml

@@ -158,32 +158,6 @@ PageType {
 
             readonly property bool isVisibleForAmneziaFree: ApiAccountInfoModel.data("isComponentVisible")
 
-            SwitcherType {
-                id: switcher
-
-                readonly property bool isVlessProtocol: ApiConfigsController.isVlessProtocol()
-
-                Layout.fillWidth: true
-                Layout.topMargin: 24
-                Layout.rightMargin: 16
-                Layout.leftMargin: 16
-
-                visible: ApiAccountInfoModel.data("isProtocolSelectionSupported")
-
-                text: qsTr("Use VLESS protocol")
-                checked: switcher.isVlessProtocol
-                onToggled: function() {
-                    if (ServersModel.isDefaultServerCurrentlyProcessed() && ConnectionController.isConnected) {
-                        PageController.showNotificationMessage(qsTr("Cannot change protocol during active connection"))
-                    } else {
-                        PageController.showBusyIndicator(true)
-                        ApiConfigsController.setCurrentProtocol(switcher.isVlessProtocol ? "awg" : "vless")
-                        ApiConfigsController.updateServiceFromGateway(ServersModel.processedIndex, "", "", true)
-                        PageController.showBusyIndicator(false)
-                    }
-                }
-            }
-
             WarningType {
                 id: warning
 

client/ui/qml/Pages2/PageSettingsKillSwitch.qml

@@ -71,6 +71,9 @@ PageType {
                 onClicked: function() {
                     SettingsController.strictKillSwitchEnabled = false
                 }
+
+                Keys.onEnterPressed: this.clicked()
+                Keys.onReturnPressed: this.clicked()
             }
 
             DividerType {}
@@ -82,8 +85,7 @@ PageType {
                 Layout.rightMargin: 16
 
                 visible: false
-                enabled: false
-                // enabled: SettingsController.isKillSwitchEnabled && !ConnectionController.isConnected
+                enabled: false //SettingsController.isKillSwitchEnabled && !ConnectionController.isConnected
                 checked: SettingsController.strictKillSwitchEnabled
 
                 text: qsTr("Strict KillSwitch")
@@ -103,6 +105,9 @@ PageType {
 
                     showQuestionDrawer(headerText, descriptionText, yesButtonText, noButtonText, yesButtonFunction, noButtonFunction)
                 }
+
+                Keys.onEnterPressed: this.clicked()
+                Keys.onReturnPressed: this.clicked()
             }
 
             DividerType {

client/ui/qml/Pages2/PageSettingsKillSwitchExceptions.qml

@@ -64,7 +64,7 @@ PageType {
         displayMarginBeginning: 40
         displayMarginEnd: 40
         
-        ScrollBar.vertical: ScrollBarType { }
+        ScrollBar.vertical: ScrollBarType {}
         
         footer: Item {
             width: listView.width

client/ui/qml/Pages2/PageSettingsServerData.qml

@@ -260,7 +260,7 @@ PageType {
 
             LabelWithButtonType {
                 id: labelWithButton6
-                visible: ServersModel.getProcessedServerData("isServerFromTelegramApi") && ServersModel.processedServerIsPremium
+                visible: ServersModel.getProcessedServerData("isServerFromTelegramApi")
                 Layout.fillWidth: true
 
                 text: qsTr("Switch to the new Amnezia Premium subscription")
@@ -273,7 +273,7 @@ PageType {
             }
 
             DividerType {
-                visible: ServersModel.getProcessedServerData("isServerFromTelegramApi") && ServersModel.processedServerIsPremium
+                visible: ServersModel.getProcessedServerData("isServerFromTelegramApi")
             }
         }
     }

client/ui/qml/Pages2/PageSettingsSplitTunneling.qml

@@ -286,8 +286,8 @@ PageType {
                 moreActionsDrawer.openTriggered()
             }
 
-            Keys.onReturnPressed: addSiteButtonImage.clicked()
-            Keys.onEnterPressed: addSiteButtonImage.clicked()
+            Keys.onReturnPressed: this.clicked()
+            Keys.onEnterPressed: this.clicked()
         }
     }
 

client/ui/qml/Pages2/PageSetupWizardApiServicesList.qml

@@ -91,8 +91,8 @@ PageType {
                         }
                     }
                     
-                    Keys.onEnterPressed: clicked()
-                    Keys.onReturnPressed: clicked()
+                    Keys.onEnterPressed: this.clicked()
+                    Keys.onReturnPressed: this.clicked()
                 }
             }
         }

client/ui/qml/Pages2/PageSetupWizardConfigSource.qml

@@ -234,6 +234,9 @@ PageType {
                 leftImageSource: imageSource
 
                 onClicked: { handler() }
+
+                Keys.onEnterPressed: this.clicked()
+                Keys.onReturnPressed: this.clicked()
             }
         }
 

client/ui/qml/Pages2/PageSetupWizardCredentials.qml

@@ -177,6 +177,9 @@ PageType {
                 onClicked: {
                     Qt.openUrlExternally(LanguageModel.getCurrentSiteUrl("starter-guide"))
                 }
+
+                Keys.onEnterPressed: this.clicked()
+                Keys.onReturnPressed: this.clicked()
             }
         }
     }

client/ui/qml/Pages2/PageSetupWizardEasy.qml

@@ -118,6 +118,9 @@ PageType {
                                 containers.containerDefaultPort = ProtocolProps.getPortForInstall(defaultContainerProto)
                                 containers.containerDefaultTransportProto = ProtocolProps.defaultTransportProto(defaultContainerProto)
                             }
+
+                            Keys.onEnterPressed: this.clicked()
+                            Keys.onReturnPressed: this.clicked()
                         }
                     }
                 }
@@ -147,6 +150,9 @@ PageType {
                 onClicked: function() {
                     isEasySetup = false
                 }
+
+                Keys.onEnterPressed: this.clicked()
+                Keys.onReturnPressed: this.clicked()
             }
 
             BasicButtonType {

client/ui/qml/Pages2/PageShare.qml

@@ -256,6 +256,9 @@ PageType {
                         onClicked: {
                             accessTypeSelector.currentIndex = 0
                         }
+
+                        Keys.onEnterPressed: this.clicked()
+                        Keys.onReturnPressed: this.clicked()
                     }
 
                     HorizontalRadioButton {
@@ -272,6 +275,9 @@ PageType {
                                                                          ServersModel.getProcessedServerCredentials())
                             PageController.showBusyIndicator(false)
                         }
+
+                        Keys.onEnterPressed: this.clicked()
+                        Keys.onReturnPressed: this.clicked()
                     }
                 }
             }
@@ -429,11 +435,6 @@ PageType {
 
                         fillConnectionTypeModel()
 
-                        if (exportTypeSelector.currentIndex >= root.connectionTypesModel.length) {
-                            exportTypeSelector.currentIndex = 0
-                            exportTypeSelector.text = root.connectionTypesModel[0].name
-                        }
-
                         if (accessTypeSelector.currentIndex === 1) {
                             PageController.showBusyIndicator(true)
                             ExportController.updateClientManagementModel(ContainersModel.getProcessedContainerIndex(),

deploy/build_macos.sh

@@ -1,15 +1,4 @@
 #!/bin/bash
-# -----------------------------------------------------------------------------
-# Usage:
-#   Export the required signing credentials before running this script, e.g.:
-#     export MAC_APP_CERT_PW='pw-for-DeveloperID-Application'
-#     export MAC_INSTALL_CERT_PW='pw-for-DeveloperID-Installer'
-#     export MAC_SIGNER_ID='Developer ID Application: Some Company Name (XXXXXXXXXX)'
-#     export MAC_INSTALLER_SIGNER_ID='Developer ID Installer: Some Company Name (XXXXXXXXXX)'
-#     export APPLE_DEV_EMAIL='your@email.com'
-#     export APPLE_DEV_PASSWORD='<your-password>'
-#     bash deploy/build_macos.sh [-n]
-# -----------------------------------------------------------------------------
 echo "Build script started ..."
 
 set -o errexit -o nounset
@@ -25,10 +14,10 @@ done
 PROJECT_DIR=$(pwd)
 DEPLOY_DIR=$PROJECT_DIR/deploy
 
-mkdir -p "$DEPLOY_DIR/build"
-BUILD_DIR="$DEPLOY_DIR/build"
+mkdir -p $DEPLOY_DIR/build
+BUILD_DIR=$DEPLOY_DIR/build
 
-echo "Project dir: ${PROJECT_DIR}"
+echo "Project dir: ${PROJECT_DIR}" 
 echo "Build dir: ${BUILD_DIR}"
 
 APP_NAME=AmneziaVPN
@@ -39,45 +28,39 @@ PLIST_NAME=$APP_NAME.plist
 OUT_APP_DIR=$BUILD_DIR/client
 BUNDLE_DIR=$OUT_APP_DIR/$APP_FILENAME
 
-# Prebuilt deployment assets are available via the symlink under deploy/data
 PREBUILT_DEPLOY_DATA_DIR=$PROJECT_DIR/deploy/data/deploy-prebuilt/macos
 DEPLOY_DATA_DIR=$PROJECT_DIR/deploy/data/macos
 
+INSTALLER_DATA_DIR=$BUILD_DIR/installer/packages/$APP_DOMAIN/data
+INSTALLER_BUNDLE_DIR=$BUILD_DIR/installer/$APP_FILENAME
+DMG_FILENAME=$PROJECT_DIR/${APP_NAME}.dmg
 
 # Search Qt
 if [ -z "${QT_VERSION+x}" ]; then
-QT_VERSION=6.8.3;
+QT_VERSION=6.4.3;
+QIF_VERSION=4.6
 QT_BIN_DIR=$HOME/Qt/$QT_VERSION/macos/bin
+QIF_BIN_DIR=$QT_BIN_DIR/../../../Tools/QtInstallerFramework/$QIF_VERSION/bin
 fi
 
 echo "Using Qt in $QT_BIN_DIR"
+echo "Using QIF in $QIF_BIN_DIR"
 
 
 # Checking env
-"$QT_BIN_DIR/qt-cmake" --version
+$QT_BIN_DIR/qt-cmake --version
 cmake --version
 clang -v
 
 # Build App
 echo "Building App..."
-cd "$BUILD_DIR"
+cd $BUILD_DIR
 
-"$QT_BIN_DIR/qt-cmake" -S "$PROJECT_DIR" -B "$BUILD_DIR"
+$QT_BIN_DIR/qt-cmake -S $PROJECT_DIR -B $BUILD_DIR
 cmake --build . --config release --target all
 
 # Build and run tests here
 
-# Create a temporary keychain and import certificates
-KEYCHAIN_PATH="$PROJECT_DIR/mac_sign.keychain"
-trap 'echo "Cleaning up mac_sign.keychain..."; security delete-keychain "$KEYCHAIN_PATH" 2>/dev/null || true; rm -f "$KEYCHAIN_PATH" 2>/dev/null || true' EXIT
-KEYCHAIN=$(security default-keychain -d user | tr -d '"[:space:]"')
-security list-keychains -d user -s "$KEYCHAIN_PATH" "$KEYCHAIN" "$(security list-keychains -d user | tr '\n' ' ')"
-security create-keychain -p "" "$KEYCHAIN_PATH"
-security import "$DEPLOY_DIR/DeveloperIdApplicationCertificate.p12" -k "$KEYCHAIN_PATH" -P "$MAC_APP_CERT_PW" -T /usr/bin/codesign
-security import "$DEPLOY_DIR/DeveloperIdInstallerCertificate.p12" -k "$KEYCHAIN_PATH" -P "$MAC_INSTALL_CERT_PW" -T /usr/bin/codesign
-security import "$DEPLOY_DIR/DeveloperIDG2CA.cer" -k "$KEYCHAIN_PATH" -T /usr/bin/codesign
-security list-keychains -d user -s "$KEYCHAIN_PATH"
-
 echo "____________________________________"
 echo "............Deploy.................."
 echo "____________________________________"
@@ -86,159 +69,102 @@ echo "____________________________________"
 echo "Packaging ..."
 
 
-cp -Rv "$PREBUILT_DEPLOY_DATA_DIR"/* "$BUNDLE_DIR/Contents/macOS"
-"$QT_BIN_DIR/macdeployqt" "$OUT_APP_DIR/$APP_FILENAME" -always-overwrite -qmldir="$PROJECT_DIR"
-cp -av "$BUILD_DIR/service/server/$APP_NAME-service" "$BUNDLE_DIR/Contents/macOS"
-rsync -av --exclude="$PLIST_NAME" --exclude=post_install.sh --exclude=post_uninstall.sh "$DEPLOY_DATA_DIR/" "$BUNDLE_DIR/Contents/macOS/"
+cp -Rv $PREBUILT_DEPLOY_DATA_DIR/* $BUNDLE_DIR/Contents/macOS
+$QT_BIN_DIR/macdeployqt $OUT_APP_DIR/$APP_FILENAME -always-overwrite -qmldir=$PROJECT_DIR
+cp -av $BUILD_DIR/service/server/$APP_NAME-service $BUNDLE_DIR/Contents/macOS
+cp -Rv $PROJECT_DIR/deploy/data/macos/* $BUNDLE_DIR/Contents/macOS
+rm -f $BUNDLE_DIR/Contents/macOS/post_install.sh $BUNDLE_DIR/Contents/macOS/post_uninstall.sh
 
-if [ "${MAC_APP_CERT_PW+x}" ]; then
+if [ "${MAC_CERT_PW+x}" ]; then
 
-  # Path to the p12 that contains the Developer ID *Application* certificate
-  CERTIFICATE_P12=$DEPLOY_DIR/DeveloperIdApplicationCertificate.p12
+  CERTIFICATE_P12=$DEPLOY_DIR/PrivacyTechAppleCertDeveloperId.p12
+  WWDRCA=$DEPLOY_DIR/WWDRCA.cer
+  KEYCHAIN=amnezia.build.macos.keychain
+  TEMP_PASS=tmp_pass
 
-  # Ensure launchd plist is bundled, but place it inside Resources so that
-  # the bundle keeps a valid structure (nothing but `Contents` at the root).
-  mkdir -p "$BUNDLE_DIR/Contents/Resources"
-  cp "$DEPLOY_DATA_DIR/$PLIST_NAME" "$BUNDLE_DIR/Contents/Resources/$PLIST_NAME"
+  security create-keychain -p $TEMP_PASS $KEYCHAIN || true
+  security default-keychain -s $KEYCHAIN
+  security unlock-keychain -p $TEMP_PASS $KEYCHAIN
 
-  # Show available signing identities (useful for debugging)
-  security find-identity -p codesigning || true
+  security default-keychain
+  security list-keychains
+
+  security import $WWDRCA -k $KEYCHAIN -T /usr/bin/codesign || true
+  security import $CERTIFICATE_P12 -k $KEYCHAIN -P $MAC_CERT_PW -T /usr/bin/codesign || true
+
+  security set-key-partition-list -S apple-tool:,apple: -k $TEMP_PASS $KEYCHAIN
+  security find-identity -p codesigning
 
   echo "Signing App bundle..."
-  /usr/bin/codesign --deep --force --verbose --timestamp -o runtime --keychain "$KEYCHAIN_PATH" --sign "$MAC_SIGNER_ID" "$BUNDLE_DIR"
-  /usr/bin/codesign --verify -vvvv "$BUNDLE_DIR" || true
-  spctl -a -vvvv "$BUNDLE_DIR" || true
+  /usr/bin/codesign --deep --force --verbose --timestamp -o runtime --sign "$MAC_SIGNER_ID" $BUNDLE_DIR
+  /usr/bin/codesign --verify -vvvv $BUNDLE_DIR || true
+  spctl -a -vvvv $BUNDLE_DIR || true
 
+  if [ "${NOTARIZE_APP+x}" ]; then
+    echo "Notarizing App bundle..."
+    /usr/bin/ditto -c -k --keepParent $BUNDLE_DIR $PROJECT_DIR/Bundle_to_notarize.zip
+    xcrun notarytool submit $PROJECT_DIR/Bundle_to_notarize.zip --apple-id $APPLE_DEV_EMAIL --team-id $MAC_TEAM_ID --password $APPLE_DEV_PASSWORD
+    rm $PROJECT_DIR/Bundle_to_notarize.zip
+    sleep 300
+    xcrun stapler staple $BUNDLE_DIR
+    xcrun stapler validate $BUNDLE_DIR
+    spctl -a -vvvv $BUNDLE_DIR || true
+  fi
 fi
 
 echo "Packaging installer..."
-PKG_DIR=$BUILD_DIR/pkg
-# Remove any stale packaging data from previous runs
-rm -rf "$PKG_DIR"
-PKG_ROOT=$PKG_DIR/root
-SCRIPTS_DIR=$PKG_DIR/scripts
-RESOURCES_DIR=$PKG_DIR/resources
-INSTALL_PKG=$PKG_DIR/${APP_NAME}_install.pkg
-UNINSTALL_PKG=$PKG_DIR/${APP_NAME}_uninstall.pkg
-FINAL_PKG=$PKG_DIR/${APP_NAME}.pkg
-UNINSTALL_SCRIPTS_DIR=$PKG_DIR/uninstall_scripts
+mkdir -p $INSTALLER_DATA_DIR
+cp -av $PROJECT_DIR/deploy/installer $BUILD_DIR
+cp -av $DEPLOY_DATA_DIR/post_install.sh $INSTALLER_DATA_DIR/post_install.sh
+cp -av $DEPLOY_DATA_DIR/post_uninstall.sh $INSTALLER_DATA_DIR/post_uninstall.sh
+cp -av $DEPLOY_DATA_DIR/$PLIST_NAME $INSTALLER_DATA_DIR/$PLIST_NAME
 
-mkdir -p "$PKG_ROOT/Applications" "$SCRIPTS_DIR" "$RESOURCES_DIR" "$UNINSTALL_SCRIPTS_DIR"
+chmod a+x $INSTALLER_DATA_DIR/post_install.sh $INSTALLER_DATA_DIR/post_uninstall.sh
 
-cp -R "$BUNDLE_DIR" "$PKG_ROOT/Applications"
-# launchd plist is already inside the bundle; no need to add it again after signing
-/usr/bin/codesign --deep --force --verbose --timestamp -o runtime --keychain "$KEYCHAIN_PATH" --sign "$MAC_SIGNER_ID" "$PKG_ROOT/Applications/$APP_FILENAME"
-/usr/bin/codesign --verify --deep --strict --verbose=4 "$PKG_ROOT/Applications/$APP_FILENAME" || true
-cp "$DEPLOY_DATA_DIR/post_install.sh" "$SCRIPTS_DIR/post_install.sh"
-cp "$DEPLOY_DATA_DIR/post_uninstall.sh" "$UNINSTALL_SCRIPTS_DIR/postinstall"
-mkdir -p "$RESOURCES_DIR/scripts"
-cp "$DEPLOY_DATA_DIR/check_install.sh" "$RESOURCES_DIR/scripts/check_install.sh"
-cp "$DEPLOY_DATA_DIR/check_uninstall.sh" "$RESOURCES_DIR/scripts/check_uninstall.sh"
+cd $BUNDLE_DIR 
+tar czf $INSTALLER_DATA_DIR/$APP_NAME.tar.gz ./
 
-cat > "$SCRIPTS_DIR/postinstall" <<'EOS'
-#!/bin/bash
-SCRIPT_DIR="$(dirname "$0")"
-bash "$SCRIPT_DIR/post_install.sh"
-exit 0
-EOS
+echo "Building installer..."
+$QIF_BIN_DIR/binarycreator --offline-only -v -c $BUILD_DIR/installer/config/macos.xml -p $BUILD_DIR/installer/packages -f $INSTALLER_BUNDLE_DIR
 
-chmod +x "$SCRIPTS_DIR"/*
-chmod +x "$UNINSTALL_SCRIPTS_DIR"/*
-chmod +x "$RESOURCES_DIR/scripts"/*
-cp "$PROJECT_DIR/LICENSE" "$RESOURCES_DIR/LICENSE"
+if [ "${MAC_CERT_PW+x}" ]; then
+  echo "Signing installer bundle..."
+  security unlock-keychain -p $TEMP_PASS $KEYCHAIN
+  /usr/bin/codesign --deep --force --verbose --timestamp -o runtime --sign "$MAC_SIGNER_ID" $INSTALLER_BUNDLE_DIR
+  /usr/bin/codesign --verify -vvvv $INSTALLER_BUNDLE_DIR || true
 
-APP_VERSION=$(grep -m1 -E 'project\(' "$PROJECT_DIR/CMakeLists.txt" | sed -E 's/.*VERSION ([0-9.]+).*/\1/')
-echo "Building component package $INSTALL_PKG ..."
-
-# Disable bundle relocation so the app always ends up in /Applications even if
-# another copy is lying around somewhere. We do this by letting pkgbuild
-# analyse the contents, flipping the BundleIsRelocatable flag to false for every
-# bundle it discovers and then feeding that plist back to pkgbuild.
-
-COMPONENT_PLIST="$PKG_DIR/component.plist"
-# Create the component description plist first
-pkgbuild --analyze --root "$PKG_ROOT" "$COMPONENT_PLIST"
-
-# Turn all `BundleIsRelocatable` keys to false (PlistBuddy is available on all
-# macOS systems). We first convert to xml1 to ensure predictable formatting.
-
-# Turn relocation off for every bundle entry in the plist. PlistBuddy cannot
-# address keys that contain slashes without quoting, so we iterate through the
-# top-level keys it prints.
-plutil -convert xml1 "$COMPONENT_PLIST"
-for bundle_key in $(/usr/libexec/PlistBuddy -c "Print" "$COMPONENT_PLIST" | awk '/^[ \t]*[A-Za-z0-9].*\.app/ {print $1}'); do
-  /usr/libexec/PlistBuddy -c "Set :'${bundle_key}':BundleIsRelocatable false" "$COMPONENT_PLIST" || true
-done
-
-# Now build the real payload package with the edited plist so that the final
-# PackageInfo contains relocatable="false".
-pkgbuild --root "$PKG_ROOT" \
-         --identifier "$APP_DOMAIN" \
-         --version "$APP_VERSION" \
-         --install-location "/" \
-         --scripts "$SCRIPTS_DIR" \
-         --component-plist "$COMPONENT_PLIST" \
-         --sign "$MAC_INSTALLER_SIGNER_ID" \
-         "$INSTALL_PKG"
-
-# Build uninstaller component package
-UNINSTALL_COMPONENT_PKG=$PKG_DIR/${APP_NAME}_uninstall_component.pkg
-echo "Building uninstaller component package $UNINSTALL_COMPONENT_PKG ..."
-pkgbuild --nopayload \
-         --identifier "$APP_DOMAIN.uninstall" \
-         --version "$APP_VERSION" \
-         --scripts "$UNINSTALL_SCRIPTS_DIR" \
-         --sign "$MAC_INSTALLER_SIGNER_ID" \
-         "$UNINSTALL_COMPONENT_PKG"
-
-# Wrap uninstaller component in a distribution package for clearer UI
-echo "Building uninstaller distribution package $UNINSTALL_PKG ..."
-UNINSTALL_RESOURCES=$PKG_DIR/uninstall_resources
-rm -rf "$UNINSTALL_RESOURCES"
-mkdir -p "$UNINSTALL_RESOURCES"
-cp "$DEPLOY_DATA_DIR/uninstall_welcome.html" "$UNINSTALL_RESOURCES"
-cp "$DEPLOY_DATA_DIR/uninstall_conclusion.html" "$UNINSTALL_RESOURCES"
-productbuild \
-  --distribution "$DEPLOY_DATA_DIR/distribution_uninstall.xml" \
-  --package-path "$PKG_DIR" \
-  --resources "$UNINSTALL_RESOURCES" \
-  --sign "$MAC_INSTALLER_SIGNER_ID" \
-  "$UNINSTALL_PKG"
-
-cp "$PROJECT_DIR/deploy/data/macos/distribution.xml" "$PKG_DIR/distribution.xml"
-
-echo "Creating final installer $FINAL_PKG ..."
-productbuild --distribution "$PKG_DIR/distribution.xml" \
-             --package-path "$PKG_DIR" \
-             --resources "$RESOURCES_DIR" \
-             --sign "$MAC_INSTALLER_SIGNER_ID" \
-             "$FINAL_PKG"
-
-if [ "${MAC_INSTALL_CERT_PW+x}" ] && [ "${NOTARIZE_APP+x}" ]; then
-  echo "Notarizing installer package..."
-  xcrun notarytool submit "$FINAL_PKG" \
-    --apple-id "$APPLE_DEV_EMAIL" \
-    --team-id "$MAC_TEAM_ID" \
-    --password "$APPLE_DEV_PASSWORD" \
-    --wait
-
-  echo "Stapling ticket..."
-  xcrun stapler staple "$FINAL_PKG"
-  xcrun stapler validate "$FINAL_PKG"
+  if [ "${NOTARIZE_APP+x}" ]; then
+    echo "Notarizing installer bundle..."
+    /usr/bin/ditto -c -k --keepParent $INSTALLER_BUNDLE_DIR $PROJECT_DIR/Installer_bundle_to_notarize.zip
+    xcrun notarytool submit $PROJECT_DIR/Installer_bundle_to_notarize.zip --apple-id $APPLE_DEV_EMAIL --team-id $MAC_TEAM_ID --password $APPLE_DEV_PASSWORD
+    rm $PROJECT_DIR/Installer_bundle_to_notarize.zip
+    sleep 300
+    xcrun stapler staple $INSTALLER_BUNDLE_DIR
+    xcrun stapler validate $INSTALLER_BUNDLE_DIR
+    spctl -a -vvvv $INSTALLER_BUNDLE_DIR || true
+  fi
 fi
 
-if [ "${MAC_INSTALL_CERT_PW+x}" ]; then
-  /usr/bin/codesign --verify -vvvv "$FINAL_PKG" || true
-  spctl -a -vvvv "$FINAL_PKG" || true
+echo "Building DMG installer..."
+# Allow Terminal to make changes in Privacy & Security > App Management
+hdiutil create -size 256mb -volname AmneziaVPN -srcfolder $BUILD_DIR/installer/$APP_NAME.app -ov -format UDZO $DMG_FILENAME
+
+if [ "${MAC_CERT_PW+x}" ]; then
+  echo "Signing DMG installer..."
+  security unlock-keychain -p $TEMP_PASS $KEYCHAIN
+  /usr/bin/codesign --deep --force --verbose --timestamp -o runtime --sign "$MAC_SIGNER_ID" $DMG_FILENAME
+  /usr/bin/codesign --verify -vvvv $DMG_FILENAME || true
+
+  if [ "${NOTARIZE_APP+x}" ]; then
+    echo "Notarizing DMG installer..."
+    xcrun notarytool submit $DMG_FILENAME --apple-id $APPLE_DEV_EMAIL --team-id $MAC_TEAM_ID --password $APPLE_DEV_PASSWORD
+    sleep 300
+    xcrun stapler staple $DMG_FILENAME
+    xcrun stapler validate $DMG_FILENAME
+  fi
 fi
 
-# Sign app bundle
-/usr/bin/codesign --deep --force --verbose --timestamp -o runtime --keychain "$KEYCHAIN_PATH" --sign "$MAC_SIGNER_ID" "$BUNDLE_DIR"
-spctl -a -vvvv "$BUNDLE_DIR" || true
+echo "Finished, artifact is $DMG_FILENAME"
 
-# Restore login keychain as the only user keychain and delete the temporary keychain
-KEYCHAIN="$HOME/Library/Keychains/login.keychain-db"
-security list-keychains -d user -s "$KEYCHAIN"
-security delete-keychain "$KEYCHAIN_PATH"
-
-echo "Finished, artifact is $FINAL_PKG"
+# restore keychain
+security default-keychain -s login.keychain

deploy/data/macos/check_install.sh

@@ -1,5 +0,0 @@
-#!/bin/bash
-if [ -d "/Applications/AmneziaVPN.app" ] || pgrep -x "AmneziaVPN-service" >/dev/null; then
-  exit 1
-fi
-exit 0

deploy/data/macos/check_uninstall.sh

@@ -1,5 +0,0 @@
-#!/bin/bash
-if [ -d "/Applications/AmneziaVPN.app" ] || pgrep -x "AmneziaVPN-service" >/dev/null; then
-  exit 0
-fi
-exit 1

deploy/data/macos/distribution.xml

@@ -1,17 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<installer-gui-script minSpecVersion="1">
-    <title>AmneziaVPN Installer</title>
-    <license file="LICENSE"/>
-    <choices-outline>
-        <line choice="install"/>
-        <line choice="uninstall"/>
-    </choices-outline>
-    <choice id="install" title="Install AmneziaVPN" start_selected="true">
-        <pkg-ref id="org.amneziavpn.package"/>
-    </choice>
-    <choice id="uninstall" title="Uninstall AmneziaVPN" start_selected="false">
-        <pkg-ref id="org.amneziavpn.uninstall"/>
-    </choice>
-    <pkg-ref id="org.amneziavpn.package" auth="Root" install-check="scripts/check_install.sh">AmneziaVPN_install.pkg</pkg-ref>
-    <pkg-ref id="org.amneziavpn.uninstall" auth="Root" install-check="scripts/check_uninstall.sh">AmneziaVPN_uninstall_component.pkg</pkg-ref>
-</installer-gui-script>

deploy/data/macos/distribution_uninstall.xml

@@ -1,13 +0,0 @@
-<installer-gui-script minSpecVersion="1">
-    <title>Uninstall AmneziaVPN</title>
-    <options customize-install-button="always"/>
-    <welcome file="uninstall_welcome.html"/>
-    <conclusion file="uninstall_conclusion.html"/>
-    <choices-outline>
-        <line choice="uninstall"/>
-    </choices-outline>
-    <choice id="uninstall" title="Uninstall AmneziaVPN" start_selected="true">
-        <pkg-ref id="org.amneziavpn.uninstall"/>
-    </choice>
-    <pkg-ref id="org.amneziavpn.uninstall" auth="Root">AmneziaVPN_uninstall_component.pkg</pkg-ref>
-</installer-gui-script>

deploy/data/macos/post_install.sh

@@ -7,42 +7,29 @@ LOG_FOLDER=/var/log/$APP_NAME
 LOG_FILE="$LOG_FOLDER/post-install.log"
 APP_PATH=/Applications/$APP_NAME.app
 
-# Handle new installations unpacked into localized folder
-if [ -d "/Applications/${APP_NAME}.localized" ]; then
-  echo "`date` Detected ${APP_NAME}.localized, migrating to standard path" >> $LOG_FILE
-  sudo rm -rf "$APP_PATH"
-  sudo mv "/Applications/${APP_NAME}.localized/${APP_NAME}.app" "$APP_PATH"
-  sudo rm -rf "/Applications/${APP_NAME}.localized"
-fi
-
 if launchctl list "$APP_NAME-service" &> /dev/null; then
-    launchctl unload "$LAUNCH_DAEMONS_PLIST_NAME"
-    rm -f "$LAUNCH_DAEMONS_PLIST_NAME"
+    launchctl unload $LAUNCH_DAEMONS_PLIST_NAME
+    rm -f $LAUNCH_DAEMONS_PLIST_NAME
 fi
 
-sudo chmod -R a-w "$APP_PATH/"
-sudo chown -R root "$APP_PATH/"
-sudo chgrp -R wheel "$APP_PATH/"
+tar xzf	$APP_PATH/$APP_NAME.tar.gz -C $APP_PATH
+rm -f	$APP_PATH/$APP_NAME.tar.gz
+sudo chmod -R a-w $APP_PATH/
+sudo chown -R root $APP_PATH/
+sudo chgrp -R wheel $APP_PATH/
 
 rm -rf	$LOG_FOLDER
 mkdir -p $LOG_FOLDER
 
 echo "`date` Script started" > $LOG_FILE
 
-echo "Requesting ${APP_NAME} to quit gracefully" >> "$LOG_FILE"
-osascript -e 'tell application "AmneziaVPN" to quit'
+killall -9 $APP_NAME-service 2>> $LOG_FILE
 
-PLIST_SOURCE="$APP_PATH/Contents/Resources/$PLIST_NAME"
-if [ -f "$PLIST_SOURCE" ]; then
-  mv -f "$PLIST_SOURCE" "$LAUNCH_DAEMONS_PLIST_NAME" 2>> $LOG_FILE
-else
-  echo "`date` ERROR: service plist not found at $PLIST_SOURCE" >> $LOG_FILE
-fi
-
-chown root:wheel "$LAUNCH_DAEMONS_PLIST_NAME"
-launchctl load "$LAUNCH_DAEMONS_PLIST_NAME"
-echo "`date` Launching ${APP_NAME} application" >> $LOG_FILE
-open -a "$APP_PATH" 2>> $LOG_FILE || true
+mv -f $APP_PATH/$PLIST_NAME $LAUNCH_DAEMONS_PLIST_NAME 2>> $LOG_FILE
+chown root:wheel $LAUNCH_DAEMONS_PLIST_NAME
+launchctl load $LAUNCH_DAEMONS_PLIST_NAME
 
 echo "`date` Service status: $?" >> $LOG_FILE
 echo "`date` Script finished" >> $LOG_FILE
+
+#rm -- "$0"

deploy/data/macos/post_uninstall.sh

@@ -9,19 +9,6 @@ SYSTEM_APP_SUPPORT="/Library/Application Support/$APP_NAME"
 LOG_FOLDER="/var/log/$APP_NAME"
 CACHES_FOLDER="$HOME/Library/Caches/$APP_NAME"
 
-# Attempt to quit the GUI application if it's currently running
-if pgrep -x "$APP_NAME" > /dev/null; then
-    echo "Quitting $APP_NAME..."
-    osascript -e 'tell application "'"$APP_NAME"'" to quit' || true
-    # Wait up to 10 seconds for the app to terminate gracefully
-    for i in {1..10}; do
-        if ! pgrep -x "$APP_NAME" > /dev/null; then
-            break
-        fi
-        sleep 1
-    done
-fi
-
 # Stop the running service if it exists
 if pgrep -x "${APP_NAME}-service" > /dev/null; then
     sudo killall -9 "${APP_NAME}-service"
@@ -45,40 +32,3 @@ sudo rm -rf "$LOG_FOLDER"
 
 # Remove any caches left behind
 rm -rf "$CACHES_FOLDER"
-
-# Remove PF data directory created by firewall helper, if present
-sudo rm -rf "/Library/Application Support/${APP_NAME}/pf"
-
-# ---------------- PF firewall cleanup ----------------------
-# Rules are loaded under the anchor "amn" (see macosfirewall.cpp)
-# Flush only that anchor to avoid destroying user/system rules.
-
-PF_ANCHOR="amn"
-
-### Flush all PF rules, NATs, and tables under our anchor and sub-anchors ###
-anchors=$(sudo pfctl -s Anchors 2>/dev/null | awk '/^'"${PF_ANCHOR}"'/ {sub(/\*$/, "", $1); print $1}')
-for anc in $anchors; do
-    echo "Flushing PF anchor $anc"
-    sudo pfctl -a "$anc" -F all 2>/dev/null || true
-    # flush tables under this anchor
-    tables=$(sudo pfctl -s Tables 2>/dev/null | awk '/^'"$anc"'/ {print}')
-    for tbl in $tables; do
-        echo "Killing PF table $tbl"
-        sudo pfctl -t "$tbl" -T kill 2>/dev/null || true
-    done
-done
-
-### Reload default PF config to restore system rules ###
-if [ -f /etc/pf.conf ]; then
-    echo "Restoring system PF config"
-    sudo pfctl -f /etc/pf.conf 2>/dev/null || true
-fi
-
-### Disable PF if no rules remain ###
-if sudo pfctl -s info 2>/dev/null | grep -q '^Status: Enabled' && \
-   ! sudo pfctl -sr 2>/dev/null | grep -q .; then
-    echo "Disabling PF"
-    sudo pfctl -d 2>/dev/null || true
-fi
-
-# -----------------------------------------------------------

deploy/data/macos/uninstall_conclusion.html

@@ -1,7 +0,0 @@
-<html>
-<head><title>Uninstall Complete</title></head>
-<body>
-<h1>AmneziaVPN has been uninstalled</h1>
-<p>Thank you for using AmneziaVPN. The application and its components have been removed.</p>
-</body>
-</html>

deploy/data/macos/uninstall_welcome.html

@@ -1,7 +0,0 @@
-<html>
-<head><title>Uninstall AmneziaVPN</title></head>
-<body>
-<h1>Uninstall AmneziaVPN</h1>
-<p>This process will remove AmneziaVPN from your system. Click Continue to proceed.</p>
-</body>
-</html>

deploy/installer/config.cmake

@@ -4,6 +4,11 @@ if(WIN32)
         ${CMAKE_CURRENT_LIST_DIR}/config/windows.xml.in
         ${CMAKE_BINARY_DIR}/installer/config/windows.xml
     )
+elseif(APPLE AND NOT IOS)
+    configure_file(
+        ${CMAKE_CURRENT_LIST_DIR}/config/macos.xml.in
+        ${CMAKE_BINARY_DIR}/installer/config/macos.xml
+    )
 elseif(LINUX)
     set(ApplicationsDir "@ApplicationsDir@")
     configure_file(

deploy/installer/config/AmneziaVPN.desktop.in

@@ -2,7 +2,7 @@
 [Desktop Entry]
 Type=Application
 Name=AmneziaVPN
-Version=1.0
+Version=@CMAKE_PROJECT_VERSION@
 Comment=Client of your self-hosted VPN
 Exec=AmneziaVPN
 Icon=/usr/share/pixmaps/AmneziaVPN.png

deploy/installer/config/macos.xml.in

@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Installer>
+    <Name>AmneziaVPN</Name>
+    <Version>@CMAKE_PROJECT_VERSION@</Version>
+    <Title>AmneziaVPN</Title>
+    <Publisher>AmneziaVPN</Publisher>
+    <StartMenuDir>AmneziaVPN</StartMenuDir>
+    <TargetDir>/Applications/AmneziaVPN.app</TargetDir>
+    <WizardDefaultWidth>600</WizardDefaultWidth>
+    <WizardDefaultHeight>380</WizardDefaultHeight>
+    <WizardStyle>Mac</WizardStyle>
+    <RemoveTargetDir>true</RemoveTargetDir>
+    <AllowSpaceInPath>true</AllowSpaceInPath>
+    <AllowNonAsciiCharacters>false</AllowNonAsciiCharacters>
+    <ControlScript>controlscript.js</ControlScript>
+    <RepositorySettingsPageVisible>false</RepositorySettingsPageVisible>
+    <DependsOnLocalInstallerBinary>true</DependsOnLocalInstallerBinary>
+    <SupportsModify>false</SupportsModify>
+    <DisableAuthorizationFallback>true</DisableAuthorizationFallback>
+    <RemoteRepositories>
+        <Repository>
+            <Url>https://amneziavpn.org/updates/macos</Url>
+            <Enabled>true</Enabled>
+            <DisplayName>AmneziaVPN - repository for macOS</DisplayName>
+        </Repository>
+    </RemoteRepositories>
+</Installer>

service/server/killswitch.cpp

@@ -192,14 +192,7 @@ bool KillSwitch::addAllowedRange(const QStringList &ranges) {
 bool KillSwitch::enablePeerTraffic(const QJsonObject &configStr) {
 #ifdef Q_OS_WIN
     InterfaceConfig config;
-
-    config.m_primaryDnsServer = configStr.value(amnezia::config_key::dns1).toString();
-
-    // We don't use secondary DNS if primary DNS is AmneziaDNS
-    if (!config.m_primaryDnsServer.contains(amnezia::protocols::dns::amneziaDnsIp)) {
-        config.m_secondaryDnsServer = configStr.value(amnezia::config_key::dns2).toString();
-    }
-
+    config.m_dnsServer = configStr.value(amnezia::config_key::dns1).toString();
     config.m_serverPublicKey = "openvpn";
     config.m_serverIpv4Gateway = configStr.value("vpnGateway").toString();
     config.m_serverIpv4AddrIn = configStr.value("vpnServer").toString();
@@ -262,9 +255,6 @@ bool KillSwitch::enablePeerTraffic(const QJsonObject &configStr) {
 
 bool KillSwitch::enableKillSwitch(const QJsonObject &configStr, int vpnAdapterIndex) {
 #ifdef Q_OS_WIN
-    if (configStr.value("splitTunnelType").toInt() != 0) {
-        WindowsFirewall::create(this)->allowAllTraffic();
-    }
     return WindowsFirewall::create(this)->enableInterface(vpnAdapterIndex);
 #endif
 
@@ -314,14 +304,8 @@ bool KillSwitch::enableKillSwitch(const QJsonObject &configStr, int vpnAdapterIn
     LinuxFirewall::setAnchorEnabled(LinuxFirewall::Both, QStringLiteral("300.allowLAN"), true);
     LinuxFirewall::setAnchorEnabled(LinuxFirewall::IPv4, QStringLiteral("310.blockDNS"), true);
     QStringList dnsServers;
-
     dnsServers.append(configStr.value(amnezia::config_key::dns1).toString());
-
-    // We don't use secondary DNS if primary DNS is AmneziaDNS
-    if (!configStr.value(amnezia::config_key::dns1).toString().contains(amnezia::protocols::dns::amneziaDnsIp)) {
-        dnsServers.append(configStr.value(amnezia::config_key::dns2).toString());
-    }
-
+    dnsServers.append(configStr.value(amnezia::config_key::dns2).toString());
     dnsServers.append("127.0.0.1");
     dnsServers.append("127.0.0.53");
     
@@ -358,11 +342,7 @@ bool KillSwitch::enableKillSwitch(const QJsonObject &configStr, int vpnAdapterIn
 
     QStringList dnsServers;
     dnsServers.append(configStr.value(amnezia::config_key::dns1).toString());
-
-    // We don't use secondary DNS if primary DNS is AmneziaDNS
-    if (!configStr.value(amnezia::config_key::dns1).toString().contains(amnezia::protocols::dns::amneziaDnsIp)) {
-        dnsServers.append(configStr.value(amnezia::config_key::dns2).toString());
-    }
+    dnsServers.append(configStr.value(amnezia::config_key::dns2).toString());
     
     for (auto dns : configStr.value(amnezia::config_key::allowedDnsServers).toArray()) {
         if (!dns.isString()) {