chore: bump version (#1701 )

fix: fixed awg 1.5 fields processing for ios (#1700 )
chore: minor fixes (#1616 )
2025-07-08 15:11:45 +08:00 · 2025-07-08 15:06:52 +08:00 · 2025-07-08 14:25:03 +08:00 · 2025-07-07 12:03:25 +08:00 · 2025-07-07 10:44:35 +08:00 · 2025-07-07 10:42:25 +08:00
75 changed files with 3264 additions and 5756 deletions
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@ -255,7 +255,6 @@ jobs:
    env:
      # Keep compat with MacOS 10.15 aka Catalina by Qt 6.4
      QT_VERSION: 6.4.3
      QIF_VERSION: 4.6
      PROD_AGW_PUBLIC_KEY: ${{ secrets.PROD_AGW_PUBLIC_KEY }}
      PROD_S3_ENDPOINT: ${{ secrets.PROD_S3_ENDPOINT }}
      DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }}
@ -283,11 +282,6 @@ jobs:
        set-env: 'true'
        extra: '--external 7z --base ${{ env.QT_MIRROR }}'
    - name: 'Install Qt Installer Framework ${{ env.QIF_VERSION }}'
      run: |
        mkdir -pv ${{ runner.temp }}/Qt/Tools/QtInstallerFramework
        wget https://qt.amzsvc.com/tools/ifw/${{ env.QIF_VERSION }}.zip
        unzip ${{ env.QIF_VERSION }}.zip -d ${{ runner.temp }}/Qt/Tools/QtInstallerFramework/
    - name: 'Get sources'
      uses: actions/checkout@v4
@ -301,14 +295,13 @@ jobs:
    - name: 'Build project'
      run: |
        export QT_BIN_DIR="${{ runner.temp }}/Qt/${{ env.QT_VERSION }}/macos/bin"
        export QIF_BIN_DIR="${{ runner.temp }}/Qt/Tools/QtInstallerFramework/${{ env.QIF_VERSION }}/bin"
        bash deploy/build_macos.sh
    - name: 'Upload installer artifact'
      uses: actions/upload-artifact@v4
      with:
        name: AmneziaVPN_MacOS_old_installer
-        path: AmneziaVPN.dmg
+        path: deploy/build/pkg/AmneziaVPN.pkg
        retention-days: 7
    - name: 'Upload unpacked artifact'
@ -325,7 +318,6 @@ jobs:
    env:
      QT_VERSION: 6.8.0
      QIF_VERSION: 4.8.1
      PROD_AGW_PUBLIC_KEY: ${{ secrets.PROD_AGW_PUBLIC_KEY }}
      PROD_S3_ENDPOINT: ${{ secrets.PROD_S3_ENDPOINT }}
      DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }}
@ -353,11 +345,6 @@ jobs:
        set-env: 'true'
        extra: '--external 7z --base ${{ env.QT_MIRROR }}'
    - name: 'Install Qt Installer Framework ${{ env.QIF_VERSION }}'
      run: |
        mkdir -pv ${{ runner.temp }}/Qt/Tools/QtInstallerFramework
        wget https://qt.amzsvc.com/tools/ifw/${{ env.QIF_VERSION }}.zip
        unzip ${{ env.QIF_VERSION }}.zip -d ${{ runner.temp }}/Qt/Tools/QtInstallerFramework/
    - name: 'Get sources'
      uses: actions/checkout@v4
@ -371,14 +358,13 @@ jobs:
    - name: 'Build project'
      run: |
        export QT_BIN_DIR="${{ runner.temp }}/Qt/${{ env.QT_VERSION }}/macos/bin"
        export QIF_BIN_DIR="${{ runner.temp }}/Qt/Tools/QtInstallerFramework/${{ env.QIF_VERSION }}/bin"
        bash deploy/build_macos.sh
    - name: 'Upload installer artifact'
      uses: actions/upload-artifact@v4
      with:
        name: AmneziaVPN_MacOS_installer
-        path: AmneziaVPN.dmg
+        path: deploy/build/pkg/AmneziaVPN.pkg
        retention-days: 7
    - name: 'Upload unpacked artifact'
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -2,7 +2,7 @@ cmake_minimum_required(VERSION 3.25.0 FATAL_ERROR)
 set(PROJECT AmneziaVPN)
-project(${PROJECT} VERSION 4.8.7.2
+project(${PROJECT} VERSION 4.8.8.1
        DESCRIPTION "AmneziaVPN"
        HOMEPAGE_URL "https://amnezia.org/"
 )
@ -11,7 +11,7 @@ string(TIMESTAMP CURRENT_DATE "%Y-%m-%d")
 set(RELEASE_DATE "${CURRENT_DATE}")
 set(APP_MAJOR_VERSION ${CMAKE_PROJECT_VERSION_MAJOR}.${CMAKE_PROJECT_VERSION_MINOR}.${CMAKE_PROJECT_VERSION_PATCH})
-set(APP_ANDROID_VERSION_CODE 2086)
+set(APP_ANDROID_VERSION_CODE 2087)
 if(${CMAKE_SYSTEM_NAME} STREQUAL "Linux")
    set(MZ_PLATFORM_NAME "linux")
--- a/client/3rd-prebuilt
+++ b/client/3rd-prebuilt
@ -1 +1 @@
-Subproject commit e3b6a332056ff0f9234a02f5ce363cdfa5259db2
+Subproject commit 840b7b070e6ac8b90dda2fac6e98859b23727c0c
--- a/client/3rd/amneziawg-apple
+++ b/client/3rd/amneziawg-apple
@ -1 +1 @@
-Subproject commit 76e7db556a6d7e2582f9481df91db188a46c009c
+Subproject commit 811af0a83b3faeade89a9093a588595666d32066
--- a/client/android/wireguard/src/main/kotlin/org/amnezia/vpn/protocol/wireguard/Wireguard.kt
+++ b/client/android/wireguard/src/main/kotlin/org/amnezia/vpn/protocol/wireguard/Wireguard.kt
@ -120,18 +120,20 @@ open class Wireguard : Protocol() {
        configData.optStringOrNull("Jmax")?.let { setJmax(it.toInt()) }
        configData.optStringOrNull("S1")?.let { setS1(it.toInt()) }
        configData.optStringOrNull("S2")?.let { setS2(it.toInt()) }
        configData.optStringOrNull("S3")?.let { setS3(it.toInt()) }
        configData.optStringOrNull("S4")?.let { setS4(it.toInt()) }
        configData.optStringOrNull("H1")?.let { setH1(it.toLong()) }
        configData.optStringOrNull("H2")?.let { setH2(it.toLong()) }
        configData.optStringOrNull("H3")?.let { setH3(it.toLong()) }
        configData.optStringOrNull("H4")?.let { setH4(it.toLong()) }
-        configData.optStringOrNull("I1")?.let { setI1(it.toString()) }
+        configData.optStringOrNull("I1")?.let { setI1(it) }
-        configData.optStringOrNull("I2")?.let { setI2(it.toString()) }
+        configData.optStringOrNull("I2")?.let { setI2(it) }
-        configData.optStringOrNull("I3")?.let { setI3(it.toString()) }
+        configData.optStringOrNull("I3")?.let { setI3(it) }
-        configData.optStringOrNull("I4")?.let { setI4(it.toString()) }
+        configData.optStringOrNull("I4")?.let { setI4(it) }
-        configData.optStringOrNull("I5")?.let { setI5(it.toString()) }
+        configData.optStringOrNull("I5")?.let { setI5(it) }
-        configData.optStringOrNull("J1")?.let { setJ1(it.toString()) }
+        configData.optStringOrNull("J1")?.let { setJ1(it) }
-        configData.optStringOrNull("J2")?.let { setJ2(it.toString()) }
+        configData.optStringOrNull("J2")?.let { setJ2(it) }
-        configData.optStringOrNull("J3")?.let { setJ3(it.toString()) }
+        configData.optStringOrNull("J3")?.let { setJ3(it) }
        configData.optStringOrNull("Itime")?.let { setItime(it.toInt()) }
    }
--- a/client/android/wireguard/src/main/kotlin/org/amnezia/vpn/protocol/wireguard/WireguardConfig.kt
+++ b/client/android/wireguard/src/main/kotlin/org/amnezia/vpn/protocol/wireguard/WireguardConfig.kt
@ -20,10 +20,21 @@ open class WireguardConfig protected constructor(
    val jmax: Int?,
    val s1: Int?,
    val s2: Int?,
    val s3: Int?,
    val s4: Int?,
    val h1: Long?,
    val h2: Long?,
    val h3: Long?,
-    val h4: Long?
+    val h4: Long?,
    var i1: String?,
    var i2: String?,
    var i3: String?,
    var i4: String?,
    var i5: String?,
    var j1: String?,
    var j2: String?,
    var j3: String?,
    var itime: Int?
 ) : ProtocolConfig(protocolConfigBuilder) {
    protected constructor(builder: Builder) : this(
@ -39,10 +50,21 @@ open class WireguardConfig protected constructor(
        builder.jmax,
        builder.s1,
        builder.s2,
        builder.s3,
        builder.s4,
        builder.h1,
        builder.h2,
        builder.h3,
-        builder.h4
+        builder.h4,
        builder.i1,
        builder.i2,
        builder.i3,
        builder.i4,
        builder.i5,
        builder.j1,
        builder.j2,
        builder.j3,
        builder.itime
    )
    fun toWgUserspaceString(): String = with(StringBuilder()) {
@ -61,10 +83,21 @@ open class WireguardConfig protected constructor(
            appendLine("jmax=$jmax")
            appendLine("s1=$s1")
            appendLine("s2=$s2")
            s3?.let { appendLine("s3=$it") }
            s4?.let { appendLine("s4=$it") }
            appendLine("h1=$h1")
            appendLine("h2=$h2")
            appendLine("h3=$h3")
            appendLine("h4=$h4")
            i1?.let { appendLine("i1=$it") }
            i2?.let { appendLine("i2=$it") }
            i3?.let { appendLine("i3=$it") }
            i4?.let { appendLine("i4=$it") }
            i5?.let { appendLine("i5=$it") }
            j1?.let { appendLine("j1=$it") }
            j2?.let { appendLine("j2=$it") }
            j3?.let { appendLine("j3=$it") }
            itime?.let { appendLine("itime=$it") }
        }
    }
@ -117,6 +150,8 @@ open class WireguardConfig protected constructor(
        internal var jmax: Int? = null
        internal var s1: Int? = null
        internal var s2: Int? = null
        internal var s3: Int? = null
        internal var s4: Int? = null
        internal var h1: Long? = null
        internal var h2: Long? = null
        internal var h3: Long? = null
@ -148,6 +183,8 @@ open class WireguardConfig protected constructor(
        fun setJmax(jmax: Int) = apply { this.jmax = jmax }
        fun setS1(s1: Int) = apply { this.s1 = s1 }
        fun setS2(s2: Int) = apply { this.s2 = s2 }
        fun setS3(s3: Int) = apply { this.s3 = s3 }
        fun setS4(s4: Int) = apply { this.s4 = s4 }
        fun setH1(h1: Long) = apply { this.h1 = h1 }
        fun setH2(h2: Long) = apply { this.h2 = h2 }
        fun setH3(h3: Long) = apply { this.h3 = h3 }
--- a/client/configurators/awg_configurator.cpp
+++ b/client/configurators/awg_configurator.cpp
@ -1,4 +1,5 @@
 #include "awg_configurator.h"
 #include "protocols/protocols_defs.h"
 #include <QJsonDocument>
 #include <QJsonObject>
@ -39,15 +40,20 @@ QString AwgConfigurator::createConfig(const ServerCredentials &credentials, Dock
    jsonConfig[config_key::responsePacketMagicHeader] = configMap.value(config_key::responsePacketMagicHeader);
    jsonConfig[config_key::underloadPacketMagicHeader] = configMap.value(config_key::underloadPacketMagicHeader);
    jsonConfig[config_key::transportPacketMagicHeader] = configMap.value(config_key::transportPacketMagicHeader);
-    jsonConfig[config_key::specialJunk1] = configMap.value(amnezia::config_key::specialJunk1);
+
-    jsonConfig[config_key::specialJunk2] = configMap.value(amnezia::config_key::specialJunk2);
+    // jsonConfig[config_key::cookieReplyPacketJunkSize] = configMap.value(config_key::cookieReplyPacketJunkSize);
-    jsonConfig[config_key::specialJunk3] = configMap.value(amnezia::config_key::specialJunk3);
+    // jsonConfig[config_key::transportPacketJunkSize] = configMap.value(config_key::transportPacketJunkSize);
-    jsonConfig[config_key::specialJunk4] = configMap.value(amnezia::config_key::specialJunk4);
+
-    jsonConfig[config_key::specialJunk5] = configMap.value(amnezia::config_key::specialJunk5);
+    // jsonConfig[config_key::specialJunk1] = configMap.value(amnezia::config_key::specialJunk1);
-    jsonConfig[config_key::controlledJunk1] = configMap.value(amnezia::config_key::controlledJunk1);
+    // jsonConfig[config_key::specialJunk2] = configMap.value(amnezia::config_key::specialJunk2);
-    jsonConfig[config_key::controlledJunk2] = configMap.value(amnezia::config_key::controlledJunk2);
+    // jsonConfig[config_key::specialJunk3] = configMap.value(amnezia::config_key::specialJunk3);
-    jsonConfig[config_key::controlledJunk3] = configMap.value(amnezia::config_key::controlledJunk3);
+    // jsonConfig[config_key::specialJunk4] = configMap.value(amnezia::config_key::specialJunk4);
-    jsonConfig[config_key::specialHandshakeTimeout] = configMap.value(amnezia::config_key::specialHandshakeTimeout);
+    // jsonConfig[config_key::specialJunk5] = configMap.value(amnezia::config_key::specialJunk5);
    // jsonConfig[config_key::controlledJunk1] = configMap.value(amnezia::config_key::controlledJunk1);
    // jsonConfig[config_key::controlledJunk2] = configMap.value(amnezia::config_key::controlledJunk2);
    // jsonConfig[config_key::controlledJunk3] = configMap.value(amnezia::config_key::controlledJunk3);
    // jsonConfig[config_key::specialHandshakeTimeout] = configMap.value(amnezia::config_key::specialHandshakeTimeout);
    jsonConfig[config_key::mtu] =
            containerConfig.value(ProtocolProps::protoToString(Proto::Awg)).toObject().value(config_key::mtu).toString(protocols::awg::defaultMtu);
--- a/client/configurators/openvpn_configurator.cpp
+++ b/client/configurators/openvpn_configurator.cpp
@ -118,6 +118,12 @@ QString OpenVpnConfigurator::processConfigWithLocalSettings(const QPair<QString,
        QRegularExpression regex("redirect-gateway.*");
        config.replace(regex, "");
        // We don't use secondary DNS if primary DNS is AmneziaDNS
        if (dns.first.contains(protocols::dns::amneziaDnsIp)) {
            QRegularExpression dnsRegex("dhcp-option DNS " + dns.second);
            config.replace(dnsRegex, "");
        }
        if (!m_settings->isSitesSplitTunnelingEnabled()) {
            config.append("\nredirect-gateway def1 ipv6 bypass-dhcp\n");
            config.append("block-ipv6\n");
@ -161,6 +167,12 @@ QString OpenVpnConfigurator::processConfigWithExportSettings(const QPair<QString
    QRegularExpression regex("redirect-gateway.*");
    config.replace(regex, "");
    // We don't use secondary DNS if primary DNS is AmneziaDNS
    if (dns.first.contains(protocols::dns::amneziaDnsIp)) {
        QRegularExpression dnsRegex("dhcp-option DNS " + dns.second);
        config.replace(dnsRegex, "");
    }
    config.append("\nredirect-gateway def1 ipv6 bypass-dhcp\n");
    // Prevent ipv6 leak
--- a/client/core/api/apiDefs.h
+++ b/client/core/api/apiDefs.h
@ -32,6 +32,7 @@ namespace apiDefs
        constexpr QLatin1String stackType("stack_type");
        constexpr QLatin1String serviceType("service_type");
        constexpr QLatin1String cliVersion("cli_version");
        constexpr QLatin1String supportedProtocols("supported_protocols");
        constexpr QLatin1String vpnKey("vpn_key");
        constexpr QLatin1String config("config");
--- a/client/core/controllers/serverController.cpp
+++ b/client/core/controllers/serverController.cpp
@ -349,7 +349,7 @@ bool ServerController::isReinstallContainerRequired(DockerContainer container, c
        if ((oldProtoConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress)
             != newProtoConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress))
            || (oldProtoConfig.value(config_key::port).toString(protocols::awg::defaultPort)
-             != newProtoConfig.value(config_key::port).toString(protocols::awg::defaultPort))
+                != newProtoConfig.value(config_key::port).toString(protocols::awg::defaultPort))
            || (oldProtoConfig.value(config_key::junkPacketCount).toString(protocols::awg::defaultJunkPacketCount)
                != newProtoConfig.value(config_key::junkPacketCount).toString(protocols::awg::defaultJunkPacketCount))
            || (oldProtoConfig.value(config_key::junkPacketMinSize).toString(protocols::awg::defaultJunkPacketMinSize)
@ -367,25 +367,11 @@ bool ServerController::isReinstallContainerRequired(DockerContainer container, c
            || (oldProtoConfig.value(config_key::underloadPacketMagicHeader).toString(protocols::awg::defaultUnderloadPacketMagicHeader)
                != newProtoConfig.value(config_key::underloadPacketMagicHeader).toString(protocols::awg::defaultUnderloadPacketMagicHeader))
            || (oldProtoConfig.value(config_key::transportPacketMagicHeader).toString(protocols::awg::defaultTransportPacketMagicHeader))
-                != newProtoConfig.value(config_key::transportPacketMagicHeader).toString(protocols::awg::defaultTransportPacketMagicHeader))
+                    != newProtoConfig.value(config_key::transportPacketMagicHeader).toString(protocols::awg::defaultTransportPacketMagicHeader))
-            // || (oldProtoConfig.value(config_key::specialJunk1).toString(protocols::awg::defaultSpecialJunk1))
+            // || (oldProtoConfig.value(config_key::cookieReplyPacketJunkSize).toString(protocols::awg::defaultCookieReplyPacketJunkSize)
-            //     != newProtoConfig.value(config_key::specialJunk1).toString(protocols::awg::defaultSpecialJunk1)
+            //     != newProtoConfig.value(config_key::cookieReplyPacketJunkSize).toString(protocols::awg::defaultCookieReplyPacketJunkSize))
-            // || (oldProtoConfig.value(config_key::specialJunk2).toString(protocols::awg::defaultSpecialJunk2))
+            // || (oldProtoConfig.value(config_key::transportPacketJunkSize).toString(protocols::awg::defaultTransportPacketJunkSize)
-            //     != newProtoConfig.value(config_key::specialJunk2).toString(protocols::awg::defaultSpecialJunk2)
+            //     != newProtoConfig.value(config_key::transportPacketJunkSize).toString(protocols::awg::defaultTransportPacketJunkSize))
            // || (oldProtoConfig.value(config_key::specialJunk3).toString(protocols::awg::defaultSpecialJunk3))
            //     != newProtoConfig.value(config_key::specialJunk3).toString(protocols::awg::defaultSpecialJunk3)
            // || (oldProtoConfig.value(config_key::specialJunk4).toString(protocols::awg::defaultSpecialJunk4))
            //     != newProtoConfig.value(config_key::specialJunk4).toString(protocols::awg::defaultSpecialJunk4)
            // || (oldProtoConfig.value(config_key::specialJunk5).toString(protocols::awg::defaultSpecialJunk5))
            //     != newProtoConfig.value(config_key::specialJunk5).toString(protocols::awg::defaultSpecialJunk5)
            // || (oldProtoConfig.value(config_key::controlledJunk1).toString(protocols::awg::defaultControlledJunk1))
            //     != newProtoConfig.value(config_key::controlledJunk1).toString(protocols::awg::defaultControlledJunk1)
            // || (oldProtoConfig.value(config_key::controlledJunk2).toString(protocols::awg::defaultControlledJunk2))
            //     != newProtoConfig.value(config_key::controlledJunk2).toString(protocols::awg::defaultControlledJunk2)
            // || (oldProtoConfig.value(config_key::controlledJunk3).toString(protocols::awg::defaultControlledJunk3))
            //     != newProtoConfig.value(config_key::controlledJunk3).toString(protocols::awg::defaultControlledJunk3)
            // || (oldProtoConfig.value(config_key::specialHandshakeTimeout).toString(protocols::awg::defaultSpecialHandshakeTimeout))
            //     != newProtoConfig.value(config_key::specialHandshakeTimeout).toString(protocols::awg::defaultSpecialHandshakeTimeout))
            return true;
    }
@ -394,7 +380,7 @@ bool ServerController::isReinstallContainerRequired(DockerContainer container, c
        if ((oldProtoConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress)
             != newProtoConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress))
            || (oldProtoConfig.value(config_key::port).toString(protocols::wireguard::defaultPort)
-            != newProtoConfig.value(config_key::port).toString(protocols::wireguard::defaultPort)))
+                != newProtoConfig.value(config_key::port).toString(protocols::wireguard::defaultPort)))
            return true;
    }
@ -479,6 +465,8 @@ ErrorCode ServerController::buildContainerWorker(const ServerCredentials &creden
        return ErrorCode::ServerDockerOnCgroupsV2;
    if (stdOut.contains("cgroup mountpoint does not exist"))
        return ErrorCode::ServerCgroupMountpoint;
    if (stdOut.contains("have reached") && stdOut.contains("pull rate limit"))
        return ErrorCode::DockerPullRateLimit;
    return error;
 }
@ -657,15 +645,9 @@ ServerController::Vars ServerController::genVarsForScript(const ServerCredential
    vars.append({ { "$RESPONSE_PACKET_MAGIC_HEADER", amneziaWireguarConfig.value(config_key::responsePacketMagicHeader).toString() } });
    vars.append({ { "$UNDERLOAD_PACKET_MAGIC_HEADER", amneziaWireguarConfig.value(config_key::underloadPacketMagicHeader).toString() } });
    vars.append({ { "$TRANSPORT_PACKET_MAGIC_HEADER", amneziaWireguarConfig.value(config_key::transportPacketMagicHeader).toString() } });
-    // vars.append({ { "$SPECIAL_JUNK_1", amneziaWireguarConfig.value(config_key::specialJunk1).toString() } });
+
-    // vars.append({ { "$SPECIAL_JUNK_2", amneziaWireguarConfig.value(config_key::specialJunk2).toString() } });
+    vars.append({ { "$COOKIE_REPLY_PACKET_JUNK_SIZE", amneziaWireguarConfig.value(config_key::cookieReplyPacketJunkSize).toString() } });
-    // vars.append({ { "$SPECIAL_JUNK_3", amneziaWireguarConfig.value(config_key::specialJunk3).toString() } });
+    vars.append({ { "$TRANSPORT_PACKET_JUNK_SIZE", amneziaWireguarConfig.value(config_key::transportPacketJunkSize).toString() } });
    // vars.append({ { "$SPECIAL_JUNK_4", amneziaWireguarConfig.value(config_key::specialJunk4).toString() } });
    // vars.append({ { "$SPECIAL_JUNK_5", amneziaWireguarConfig.value(config_key::specialJunk5).toString() } });
    // vars.append({ { "$CONTROLLED_JUNK_1", amneziaWireguarConfig.value(config_key::controlledJunk1).toString() } });
    // vars.append({ { "$CONTROLLED_JUNK_2", amneziaWireguarConfig.value(config_key::controlledJunk2).toString() } });
    // vars.append({ { "$CONTROLLED_JUNK_3", amneziaWireguarConfig.value(config_key::controlledJunk3).toString() } });
    // vars.append({ { "$SPECIAL_HANDSHAKE_TIMEOUT", amneziaWireguarConfig.value(config_key::specialHandshakeTimeout).toString() } });
    // Socks5 proxy vars
    vars.append({ { "$SOCKS5_PROXY_PORT", socks5ProxyConfig.value(config_key::port).toString(protocols::socks5Proxy::defaultPort) } });
@ -853,7 +835,7 @@ ErrorCode ServerController::isServerDpkgBusy(const ServerCredentials &credential
            if (stdOut.contains("Packet manager not found"))
                return ErrorCode::ServerPacketManagerError;
-            if (stdOut.contains("fuser not installed"))
+            if (stdOut.contains("fuser not installed") || stdOut.contains("cat not installed"))
                return ErrorCode::NoError;
            if (stdOut.isEmpty()) {
--- a/client/core/defs.h
+++ b/client/core/defs.h
@ -60,6 +60,7 @@ namespace amnezia
        ServerUserPasswordRequired = 210,
        ServerDockerOnCgroupsV2 = 211,
        ServerCgroupMountpoint = 212,
        DockerPullRateLimit = 213,
        // Ssh connection errors
        SshRequestDeniedError = 300,
--- a/client/core/errorstrings.cpp
+++ b/client/core/errorstrings.cpp
@ -28,6 +28,7 @@ QString errorString(ErrorCode code) {
    case(ErrorCode::ServerUserPasswordRequired): errorMessage = QObject::tr("The user's password is required"); break;
    case(ErrorCode::ServerDockerOnCgroupsV2): errorMessage = QObject::tr("Docker error: runc doesn't work on cgroups v2"); break;
    case(ErrorCode::ServerCgroupMountpoint): errorMessage = QObject::tr("Server error: cgroup mountpoint does not exist"); break;
    case(ErrorCode::DockerPullRateLimit): errorMessage = QObject::tr("Docker error: The pull rate limit has been reached"); break;
    // Libssh errors
    case(ErrorCode::SshRequestDeniedError): errorMessage = QObject::tr("SSH request was denied"); break;
--- a/client/daemon/daemon.cpp
+++ b/client/daemon/daemon.cpp
@ -169,11 +169,14 @@ bool Daemon::maybeUpdateResolvers(const InterfaceConfig& config) {
  if ((config.m_hopType == InterfaceConfig::MultiHopExit) ||
      (config.m_hopType == InterfaceConfig::SingleHop)) {
    QList<QHostAddress> resolvers;
-    resolvers.append(QHostAddress(config.m_dnsServer));
+    resolvers.append(QHostAddress(config.m_primaryDnsServer));
    if (!config.m_secondaryDnsServer.isEmpty()) {
        resolvers.append(QHostAddress(config.m_secondaryDnsServer));
    }
    // If the DNS is not the Gateway, it's a user defined DNS
    // thus, not add any other :)
-    if (config.m_dnsServer == config.m_serverIpv4Gateway) {
+    if (config.m_primaryDnsServer == config.m_serverIpv4Gateway) {
      resolvers.append(QHostAddress(config.m_serverIpv6Gateway));
    }
@ -279,15 +282,26 @@ bool Daemon::parseConfig(const QJsonObject& obj, InterfaceConfig& config) {
  config.m_serverIpv4Gateway = obj.value("serverIpv4Gateway").toString();
  config.m_serverIpv6Gateway = obj.value("serverIpv6Gateway").toString();
-  if (!obj.contains("dnsServer")) {
+  if (!obj.contains("primaryDnsServer")) {
-    config.m_dnsServer = QString();
+    config.m_primaryDnsServer = QString();
  } else {
-    QJsonValue value = obj.value("dnsServer");
+    QJsonValue value = obj.value("primaryDnsServer");
    if (!value.isString()) {
      logger.error() << "dnsServer is not a string";
      return false;
    }
-    config.m_dnsServer = value.toString();
+    config.m_primaryDnsServer = value.toString();
  }
  if (!obj.contains("secondaryDnsServer")) {
    config.m_secondaryDnsServer = QString();
  } else {
    QJsonValue value = obj.value("secondaryDnsServer");
    if (!value.isString()) {
      logger.error() << "dnsServer is not a string";
      return false;
    }
    config.m_secondaryDnsServer = value.toString();
  }
  if (!obj.contains("hopType")) {
@ -391,6 +405,13 @@ bool Daemon::parseConfig(const QJsonObject& obj, InterfaceConfig& config) {
  if (!obj.value("S2").isNull()) {
    config.m_responsePacketJunkSize = obj.value("S2").toString();
  }
  if (!obj.value("S3").isNull()) {
    config.m_cookieReplyPacketJunkSize = obj.value("S3").toString();
  }
  if (!obj.value("S4").isNull()) {
    config.m_transportPacketJunkSize = obj.value("S4").toString();
  }
  if (!obj.value("H1").isNull()) {
    config.m_initPacketMagicHeader = obj.value("H1").toString();
  }
--- a/client/daemon/interfaceconfig.cpp
+++ b/client/daemon/interfaceconfig.cpp
@ -28,7 +28,8 @@ QJsonObject InterfaceConfig::toJson() const {
      (m_hopType == InterfaceConfig::SingleHop)) {
    json.insert("serverIpv4Gateway", QJsonValue(m_serverIpv4Gateway));
    json.insert("serverIpv6Gateway", QJsonValue(m_serverIpv6Gateway));
-    json.insert("dnsServer", QJsonValue(m_dnsServer));
+    json.insert("primaryDnsServer", QJsonValue(m_primaryDnsServer));
    json.insert("secondaryDnsServer", QJsonValue(m_secondaryDnsServer));
  }
  QJsonArray allowedIPAddesses;
@ -100,11 +101,15 @@ QString InterfaceConfig::toWgConf(const QMap<QString, QString>& extra) const {
    out << "MTU = " << m_deviceMTU << "\n";
  }
-  if (!m_dnsServer.isNull()) {
+  if (!m_primaryDnsServer.isNull()) {
-    QStringList dnsServers(m_dnsServer);
+    QStringList dnsServers;
    dnsServers.append(m_primaryDnsServer);
    if (!m_secondaryDnsServer.isNull()) {
        dnsServers.append(m_secondaryDnsServer);
    }
    // If the DNS is not the Gateway, it's a user defined DNS
    // thus, not add any other :)
-    if (m_dnsServer == m_serverIpv4Gateway) {
+    if (m_primaryDnsServer == m_serverIpv4Gateway) {
      dnsServers.append(m_serverIpv6Gateway);
    }
    out << "DNS = " << dnsServers.join(", ") << "\n";
@ -125,6 +130,12 @@ QString InterfaceConfig::toWgConf(const QMap<QString, QString>& extra) const {
  if (!m_responsePacketJunkSize.isNull()) {
    out << "S2 = " << m_responsePacketJunkSize << "\n";
  }
  if (!m_cookieReplyPacketJunkSize.isNull()) {
    out << "S3 = " << m_cookieReplyPacketJunkSize << "\n";
  }
  if (!m_transportPacketJunkSize.isNull()) {
    out << "S4 = " << m_transportPacketJunkSize << "\n";
  }
  if (!m_initPacketMagicHeader.isNull()) {
    out << "H1 = " << m_initPacketMagicHeader << "\n";
  }
--- a/client/daemon/interfaceconfig.h
+++ b/client/daemon/interfaceconfig.h
@ -32,7 +32,8 @@ class InterfaceConfig {
  QString m_serverIpv4AddrIn;
  QString m_serverPskKey;
  QString m_serverIpv6AddrIn;
-  QString m_dnsServer;
+  QString m_primaryDnsServer;
  QString m_secondaryDnsServer;
  int m_serverPort = 0;
  int m_deviceMTU = 1420;
  QList<IPAddress> m_allowedIPAddressRanges;
@ -49,6 +50,8 @@ class InterfaceConfig {
  QString m_junkPacketMaxSize;
  QString m_initPacketJunkSize;
  QString m_responsePacketJunkSize;
  QString m_cookieReplyPacketJunkSize;
  QString m_transportPacketJunkSize;
  QString m_initPacketMagicHeader;
  QString m_responsePacketMagicHeader;
  QString m_underloadPacketMagicHeader;
--- a/client/mozilla/localsocketcontroller.cpp
+++ b/client/mozilla/localsocketcontroller.cpp
@ -149,7 +149,14 @@ void LocalSocketController::activate(const QJsonObject &rawConfig) {
  json.insert("serverPort", wgConfig.value(amnezia::config_key::port).toInt());
  json.insert("serverIpv4Gateway", wgConfig.value(amnezia::config_key::hostName));
  //  json.insert("serverIpv6Gateway", QJsonValue(hop.m_server.ipv6Gateway()));
-  json.insert("dnsServer", rawConfig.value(amnezia::config_key::dns1));
+
  json.insert("primaryDnsServer", rawConfig.value(amnezia::config_key::dns1));
  // We don't use secondary DNS if primary DNS is AmneziaDNS
  if (!rawConfig.value(amnezia::config_key::dns1).toString().
    contains(amnezia::protocols::dns::amneziaDnsIp)) {
    json.insert("secondaryDnsServer", rawConfig.value(amnezia::config_key::dns2));
  }
  QJsonArray jsAllowedIPAddesses;
@ -237,6 +244,8 @@ void LocalSocketController::activate(const QJsonObject &rawConfig) {
    json.insert(amnezia::config_key::junkPacketMaxSize, wgConfig.value(amnezia::config_key::junkPacketMaxSize));
    json.insert(amnezia::config_key::initPacketJunkSize, wgConfig.value(amnezia::config_key::initPacketJunkSize));
    json.insert(amnezia::config_key::responsePacketJunkSize, wgConfig.value(amnezia::config_key::responsePacketJunkSize));
    json.insert(amnezia::config_key::cookieReplyPacketJunkSize, wgConfig.value(amnezia::config_key::cookieReplyPacketJunkSize));
    json.insert(amnezia::config_key::transportPacketJunkSize, wgConfig.value(amnezia::config_key::transportPacketJunkSize));
    json.insert(amnezia::config_key::initPacketMagicHeader, wgConfig.value(amnezia::config_key::initPacketMagicHeader));
    json.insert(amnezia::config_key::responsePacketMagicHeader, wgConfig.value(amnezia::config_key::responsePacketMagicHeader));
    json.insert(amnezia::config_key::underloadPacketMagicHeader, wgConfig.value(amnezia::config_key::underloadPacketMagicHeader));
@ -255,6 +264,8 @@ void LocalSocketController::activate(const QJsonObject &rawConfig) {
             && !wgConfig.value(amnezia::config_key::junkPacketMaxSize).isUndefined()
             && !wgConfig.value(amnezia::config_key::initPacketJunkSize).isUndefined()
             && !wgConfig.value(amnezia::config_key::responsePacketJunkSize).isUndefined()
             && !wgConfig.value(amnezia::config_key::cookieReplyPacketJunkSize).isUndefined()
             && !wgConfig.value(amnezia::config_key::transportPacketJunkSize).isUndefined()
             && !wgConfig.value(amnezia::config_key::initPacketMagicHeader).isUndefined()
             && !wgConfig.value(amnezia::config_key::responsePacketMagicHeader).isUndefined()
             && !wgConfig.value(amnezia::config_key::underloadPacketMagicHeader).isUndefined()
@ -273,6 +284,8 @@ void LocalSocketController::activate(const QJsonObject &rawConfig) {
    json.insert(amnezia::config_key::junkPacketMaxSize, wgConfig.value(amnezia::config_key::junkPacketMaxSize));
    json.insert(amnezia::config_key::initPacketJunkSize, wgConfig.value(amnezia::config_key::initPacketJunkSize));
    json.insert(amnezia::config_key::responsePacketJunkSize, wgConfig.value(amnezia::config_key::responsePacketJunkSize));
    json.insert(amnezia::config_key::cookieReplyPacketJunkSize, wgConfig.value(amnezia::config_key::cookieReplyPacketJunkSize));
    json.insert(amnezia::config_key::transportPacketJunkSize, wgConfig.value(amnezia::config_key::transportPacketJunkSize));
    json.insert(amnezia::config_key::initPacketMagicHeader, wgConfig.value(amnezia::config_key::initPacketMagicHeader));
    json.insert(amnezia::config_key::responsePacketMagicHeader, wgConfig.value(amnezia::config_key::responsePacketMagicHeader));
    json.insert(amnezia::config_key::underloadPacketMagicHeader, wgConfig.value(amnezia::config_key::underloadPacketMagicHeader));
--- a/client/platforms/ios/WGConfig.swift
+++ b/client/platforms/ios/WGConfig.swift
@ -4,7 +4,7 @@ struct WGConfig: Decodable {
  let initPacketMagicHeader, responsePacketMagicHeader: String?
  let underloadPacketMagicHeader, transportPacketMagicHeader: String?
  let junkPacketCount, junkPacketMinSize, junkPacketMaxSize: String?
-  let initPacketJunkSize, responsePacketJunkSize: String?
+  let initPacketJunkSize, responsePacketJunkSize, cookieReplyPacketJunkSize, transportPacketJunkSize: String?
  let specialJunk1, specialJunk2, specialJunk3, specialJunk4, specialJunk5: String?
  let controlledJunk1, controlledJunk2, controlledJunk3: String?
  let specialHandshakeTimeout: String?
@ -26,7 +26,7 @@ struct WGConfig: Decodable {
    case initPacketMagicHeader = "H1", responsePacketMagicHeader = "H2"
    case underloadPacketMagicHeader = "H3", transportPacketMagicHeader = "H4"
    case junkPacketCount = "Jc", junkPacketMinSize = "Jmin", junkPacketMaxSize = "Jmax"
-    case initPacketJunkSize = "S1", responsePacketJunkSize = "S2"
+    case initPacketJunkSize = "S1", responsePacketJunkSize = "S2", cookieReplyPacketJunkSize = "S3", transportPacketJunkSize = "S4"
    case specialJunk1 = "I1", specialJunk2 = "I2", specialJunk3 = "I3", specialJunk4 = "I4", specialJunk5 = "I5"
    case controlledJunk1 = "J1", controlledJunk2 = "J2", controlledJunk3 = "J3"
    case specialHandshakeTimeout = "Itime"
@ -46,27 +46,59 @@ struct WGConfig: Decodable {
  }
  var settings: String {
-    junkPacketCount == nil ? "" :
+    guard junkPacketCount != nil else { return "" }
-    """
+    
-    Jc = \(junkPacketCount!)
+    var settingsLines: [String] = []
-    Jmin = \(junkPacketMinSize!)
+    
-    Jmax = \(junkPacketMaxSize!)
+    // Required parameters when junkPacketCount is present
-    S1 = \(initPacketJunkSize!)
+    settingsLines.append("Jc = \(junkPacketCount!)")
-    S2 = \(responsePacketJunkSize!)
+    settingsLines.append("Jmin = \(junkPacketMinSize!)")
-    H1 = \(initPacketMagicHeader!)
+    settingsLines.append("Jmax = \(junkPacketMaxSize!)")
-    H2 = \(responsePacketMagicHeader!)
+    settingsLines.append("S1 = \(initPacketJunkSize!)")
-    H3 = \(underloadPacketMagicHeader!)
+    settingsLines.append("S2 = \(responsePacketJunkSize!)")
-    H4 = \(transportPacketMagicHeader!)
+    
-    I1 = \(specialJunk1!)
+    settingsLines.append("H1 = \(initPacketMagicHeader!)")
-    I2 = \(specialJunk2!)
+    settingsLines.append("H2 = \(responsePacketMagicHeader!)")
-    I3 = \(specialJunk3!)
+    settingsLines.append("H3 = \(underloadPacketMagicHeader!)")
-    I4 = \(specialJunk4!)
+    settingsLines.append("H4 = \(transportPacketMagicHeader!)")
-    I5 = \(specialJunk5!)
+
-    J1 = \(controlledJunk1!)
+    // Optional parameters - only add if not nil and not empty
-    J2 = \(controlledJunk2!)
+    if let s3 = cookieReplyPacketJunkSize, !s3.isEmpty {
-    J3 = \(controlledJunk3!)
+      settingsLines.append("S3 = \(s3)")
-    Itime = \(specialHandshakeTimeout!)
+    }
-    """
+    if let s4 = transportPacketJunkSize, !s4.isEmpty {
      settingsLines.append("S4 = \(s4)")
    }
    if let i1 = specialJunk1, !i1.isEmpty {
      settingsLines.append("I1 = \(i1)")
    }
    if let i2 = specialJunk2, !i2.isEmpty {
      settingsLines.append("I2 = \(i2)")
    }
    if let i3 = specialJunk3, !i3.isEmpty {
      settingsLines.append("I3 = \(i3)")
    }
    if let i4 = specialJunk4, !i4.isEmpty {
      settingsLines.append("I4 = \(i4)")
    }
    if let i5 = specialJunk5, !i5.isEmpty {
      settingsLines.append("I5 = \(i5)")
    }
    if let j1 = controlledJunk1, !j1.isEmpty {
      settingsLines.append("J1 = \(j1)")
    }
    if let j2 = controlledJunk2, !j2.isEmpty {
      settingsLines.append("J2 = \(j2)")
    }
    if let j3 = controlledJunk3, !j3.isEmpty {
      settingsLines.append("J3 = \(j3)")
    }
    if let itime = specialHandshakeTimeout, !itime.isEmpty {
      settingsLines.append("Itime = \(itime)")
    }
    return settingsLines.joined(separator: "\n")
  }
  var str: String {
--- a/client/platforms/ios/ios_controller.mm
+++ b/client/platforms/ios/ios_controller.mm
@ -507,6 +507,8 @@ bool IosController::setupWireGuard()
        wgConfig.insert(config_key::initPacketJunkSize, config[config_key::initPacketJunkSize]);
        wgConfig.insert(config_key::responsePacketJunkSize, config[config_key::responsePacketJunkSize]);
        wgConfig.insert(config_key::cookieReplyPacketJunkSize, config[config_key::cookieReplyPacketJunkSize]);
        wgConfig.insert(config_key::transportPacketJunkSize, config[config_key::transportPacketJunkSize]);
        wgConfig.insert(config_key::junkPacketCount, config[config_key::junkPacketCount]);
        wgConfig.insert(config_key::junkPacketMinSize, config[config_key::junkPacketMinSize]);
@ -605,11 +607,23 @@ bool IosController::setupAwg()
    wgConfig.insert(config_key::initPacketJunkSize, config[config_key::initPacketJunkSize]);
    wgConfig.insert(config_key::responsePacketJunkSize, config[config_key::responsePacketJunkSize]);
    wgConfig.insert(config_key::cookieReplyPacketJunkSize, config[config_key::cookieReplyPacketJunkSize]);
    wgConfig.insert(config_key::transportPacketJunkSize, config[config_key::transportPacketJunkSize]);
    wgConfig.insert(config_key::junkPacketCount, config[config_key::junkPacketCount]);
    wgConfig.insert(config_key::junkPacketMinSize, config[config_key::junkPacketMinSize]);
    wgConfig.insert(config_key::junkPacketMaxSize, config[config_key::junkPacketMaxSize]);
    wgConfig.insert(config_key::specialJunk1, config[config_key::specialJunk1]);
    wgConfig.insert(config_key::specialJunk2, config[config_key::specialJunk2]);
    wgConfig.insert(config_key::specialJunk3, config[config_key::specialJunk3]);
    wgConfig.insert(config_key::specialJunk4, config[config_key::specialJunk4]);
    wgConfig.insert(config_key::specialJunk5, config[config_key::specialJunk5]);
    wgConfig.insert(config_key::controlledJunk1, config[config_key::controlledJunk1]);
    wgConfig.insert(config_key::controlledJunk2, config[config_key::controlledJunk2]);
    wgConfig.insert(config_key::controlledJunk3, config[config_key::controlledJunk3]);
    wgConfig.insert(config_key::specialHandshakeTimeout, config[config_key::specialHandshakeTimeout]);
    QJsonDocument wgConfigDoc(wgConfig);
    QString wgConfigDocStr(wgConfigDoc.toJson(QJsonDocument::Compact));
--- a/client/platforms/linux/daemon/wireguardutilslinux.cpp
+++ b/client/platforms/linux/daemon/wireguardutilslinux.cpp
@ -121,6 +121,12 @@ bool WireguardUtilsLinux::addInterface(const InterfaceConfig& config) {
    if (!config.m_responsePacketJunkSize.isEmpty()) {
        out << "s2=" << config.m_responsePacketJunkSize << "\n";
    }
    if (!config.m_cookieReplyPacketJunkSize.isEmpty()) {
        out << "s3=" << config.m_cookieReplyPacketJunkSize << "\n";
    }
    if (!config.m_transportPacketJunkSize.isEmpty()) {
        out << "s4=" << config.m_transportPacketJunkSize << "\n";
    }
    if (!config.m_initPacketMagicHeader.isEmpty()) {
        out << "h1=" << config.m_initPacketMagicHeader << "\n";
    }
@ -150,7 +156,10 @@ bool WireguardUtilsLinux::addInterface(const InterfaceConfig& config) {
    } else {
        if (config.m_killSwitchEnabled) {
            FirewallParams params { };
-            params.dnsServers.append(config.m_dnsServer);
+            params.dnsServers.append(config.m_primaryDnsServer);
            if (!config.m_secondaryDnsServer.isEmpty()) {
                params.dnsServers.append(config.m_secondaryDnsServer);
            }
            if (config.m_allowedIPAddressRanges.contains(IPAddress("0.0.0.0/0"))) {
                params.blockAll = true;
                if (config.m_excludedAddresses.size()) {
--- a/client/platforms/macos/daemon/macosfirewall.cpp
+++ b/client/platforms/macos/daemon/macosfirewall.cpp
@ -43,8 +43,16 @@ namespace {
 #include "macosfirewall.h"
-#define ResourceDir qApp->applicationDirPath() + "/pf"
+#include <QDir>
-#define DaemonDataDir qApp->applicationDirPath() + "/pf"
+#include <QStandardPaths>
 // Read-only rules bundled with the application.
 #define ResourceDir (qApp->applicationDirPath() + "/pf")
 // Writable location that does NOT live inside the signed bundle.  Using a
 // constant path under /Library/Application Support keeps the signature intact
 // and is accessible to the root helper.
 #define DaemonDataDir QStringLiteral("/Library/Application Support/AmneziaVPN/pf")
 #include <QProcess>
@ -121,6 +129,8 @@ void MacOSFirewall::install()
    logger.info() << "Installing PF root anchor";
    installRootAnchors();
    // Ensure writable directory exists, then store the token there.
    QDir().mkpath(DaemonDataDir);
    execute(QStringLiteral("pfctl -E 2>&1 | grep -F 'Token : ' | cut -c9- > '%1/pf.token'").arg(DaemonDataDir));
 }
--- a/client/platforms/macos/daemon/wireguardutilsmacos.cpp
+++ b/client/platforms/macos/daemon/wireguardutilsmacos.cpp
@ -119,6 +119,12 @@ bool WireguardUtilsMacos::addInterface(const InterfaceConfig& config) {
  if (!config.m_responsePacketJunkSize.isEmpty()) {
    out << "s2=" << config.m_responsePacketJunkSize << "\n";
  }
  if (!config.m_cookieReplyPacketJunkSize.isEmpty()) {
    out << "s3=" << config.m_cookieReplyPacketJunkSize << "\n";
  }
  if (!config.m_transportPacketJunkSize.isEmpty()) {
    out << "s4=" << config.m_transportPacketJunkSize << "\n";
  }
  if (!config.m_initPacketMagicHeader.isEmpty()) {
    out << "h1=" << config.m_initPacketMagicHeader << "\n";
  }
@ -132,30 +138,43 @@ bool WireguardUtilsMacos::addInterface(const InterfaceConfig& config) {
    out << "h4=" << config.m_transportPacketMagicHeader << "\n";
  }
  for (const QString& key : config.m_specialJunk.keys()) {
      out << key.toLower() << "=" << config.m_specialJunk.value(key) << "\n";
  }
  for (const QString& key : config.m_controlledJunk.keys()) {
      out << key.toLower() << "=" << config.m_controlledJunk.value(key) << "\n";
  }
  if (!config.m_specialHandshakeTimeout.isEmpty()) {
      out << "itime=" << config.m_specialHandshakeTimeout << "\n";
  }
  int err = uapiErrno(uapiCommand(message));
  if (err != 0) {
    logger.error() << "Interface configuration failed:" << strerror(err);
  } else {
-      if (config.m_killSwitchEnabled) {
+    if (config.m_killSwitchEnabled) {
-        FirewallParams params { };
+      FirewallParams params { };
-        params.dnsServers.append(config.m_dnsServer);
+      params.dnsServers.append(config.m_primaryDnsServer);
      if (!config.m_secondaryDnsServer.isEmpty()) {
          params.dnsServers.append(config.m_secondaryDnsServer);
      }
-        if (config.m_allowedIPAddressRanges.contains(IPAddress("0.0.0.0/0"))) {
+      if (config.m_allowedIPAddressRanges.contains(IPAddress("0.0.0.0/0"))) {
          params.blockAll = true;
          if (config.m_excludedAddresses.size()) {
-            params.allowNets = true;
+              params.allowNets = true;
-            foreach (auto net, config.m_excludedAddresses) {
+              foreach (auto net, config.m_excludedAddresses) {
-              params.allowAddrs.append(net.toUtf8());
+                  params.allowAddrs.append(net.toUtf8());
-            }
+              }
          }
-        } else {
+      } else {
          params.blockNets = true;
          foreach (auto net, config.m_allowedIPAddressRanges) {
-            params.blockAddrs.append(net.toString());
+              params.blockAddrs.append(net.toString());
          }
        }
        applyFirewallRules(params);
      }
      applyFirewallRules(params);
    }
  }
  return (err == 0);
 }
--- a/client/platforms/windows/daemon/windowsfirewall.cpp
+++ b/client/platforms/windows/daemon/windowsfirewall.cpp
@ -291,15 +291,32 @@ bool WindowsFirewall::enablePeerTraffic(const InterfaceConfig& config) {
                      "Block Internet", config.m_serverPublicKey)) {
    return false;
  }
-  if (!config.m_dnsServer.isEmpty()) {
+  if (!config.m_primaryDnsServer.isEmpty()) {
-    if (!allowTrafficTo(QHostAddress(config.m_dnsServer), 53, HIGH_WEIGHT,
+    if (!allowTrafficTo(QHostAddress(config.m_primaryDnsServer), 53, HIGH_WEIGHT,
                        "Allow DNS-Server", config.m_serverPublicKey)) {
      return false;
    }
    // In some cases, we might configure a 2nd DNS server for IPv6, however
    // this should probably be cleaned up by converting m_dnsServer into
    // a QStringList instead.
-    if (config.m_dnsServer == config.m_serverIpv4Gateway) {
+    if (config.m_primaryDnsServer == config.m_serverIpv4Gateway) {
      if (!allowTrafficTo(QHostAddress(config.m_serverIpv6Gateway), 53,
                          HIGH_WEIGHT, "Allow extra IPv6 DNS-Server",
                          config.m_serverPublicKey)) {
        return false;
      }
    }
  }
  if (!config.m_secondaryDnsServer.isEmpty()) {
    if (!allowTrafficTo(QHostAddress(config.m_secondaryDnsServer), 53, HIGH_WEIGHT,
                        "Allow DNS-Server", config.m_serverPublicKey)) {
      return false;
    }
    // In some cases, we might configure a 2nd DNS server for IPv6, however
    // this should probably be cleaned up by converting m_dnsServer into
    // a QStringList instead.
    if (config.m_secondaryDnsServer == config.m_serverIpv4Gateway) {
      if (!allowTrafficTo(QHostAddress(config.m_serverIpv6Gateway), 53,
                          HIGH_WEIGHT, "Allow extra IPv6 DNS-Server",
                          config.m_serverPublicKey)) {
--- a/client/platforms/windows/daemon/wireguardutilswindows.cpp
+++ b/client/platforms/windows/daemon/wireguardutilswindows.cpp
@ -130,6 +130,7 @@ bool WireguardUtilsWindows::addInterface(const InterfaceConfig& config) {
    // Enable the windows firewall
    NET_IFINDEX ifindex;
    ConvertInterfaceLuidToIndex(&luid, &ifindex);
    m_firewall->allowAllTraffic();
    m_firewall->enableInterface(ifindex);
  }
--- a/client/protocols/openvpnprotocol.cpp
+++ b/client/protocols/openvpnprotocol.cpp
@ -343,7 +343,7 @@ void OpenVpnProtocol::updateVpnGateway(const QString &line)
                        // killSwitch toggle
                        if (m_vpnLocalAddress == netInterfaces.at(i).addressEntries().at(j).ip().toString()) {
                            if (QVariant(m_configData.value(config_key::killSwitchOption).toString()).toBool()) {
-                                IpcClient::Interface()->enableKillSwitch(QJsonObject(), netInterfaces.at(i).index());
+                                IpcClient::Interface()->enableKillSwitch(m_configData, netInterfaces.at(i).index());
                            }
                            m_configData.insert("vpnAdapterIndex", netInterfaces.at(i).index());
                            m_configData.insert("vpnGateway", m_vpnGateway);
--- a/client/protocols/protocols_defs.h
+++ b/client/protocols/protocols_defs.h
@ -72,6 +72,8 @@ namespace amnezia
        constexpr char junkPacketMaxSize[] = "Jmax";
        constexpr char initPacketJunkSize[] = "S1";
        constexpr char responsePacketJunkSize[] = "S2";
        constexpr char cookieReplyPacketJunkSize[] = "S3";
        constexpr char transportPacketJunkSize[] = "S4";
        constexpr char initPacketMagicHeader[] = "H1";
        constexpr char responsePacketMagicHeader[] = "H2";
        constexpr char underloadPacketMagicHeader[] = "H3";
@ -112,6 +114,8 @@ namespace amnezia
        constexpr char clientId[] = "clientId";
        constexpr char nameOverriddenByUser[] = "nameOverriddenByUser";
    }
    namespace protocols
@ -223,6 +227,9 @@ namespace amnezia
            constexpr char defaultJunkPacketMaxSize[] = "30";
            constexpr char defaultInitPacketJunkSize[] = "15";
            constexpr char defaultResponsePacketJunkSize[] = "18";
            constexpr char defaultCookieReplyPacketJunkSize[] = "20";
            constexpr char defaultTransportPacketJunkSize[] = "23";
            constexpr char defaultInitPacketMagicHeader[] = "1020325451";
            constexpr char defaultResponsePacketMagicHeader[] = "3288052141";
            constexpr char defaultTransportPacketMagicHeader[] = "2528465083";
@ -235,7 +242,7 @@ namespace amnezia
            constexpr char defaultControlledJunk1[] = "";
            constexpr char defaultControlledJunk2[] = "";
            constexpr char defaultControlledJunk3[] = "";
-            constexpr char defaultSpecialHandshakeTimeout[] = "0";
+            constexpr char defaultSpecialHandshakeTimeout[] = "";
        }
        namespace socks5Proxy
--- a/client/protocols/xrayprotocol.cpp
+++ b/client/protocols/xrayprotocol.cpp
@ -98,8 +98,13 @@ ErrorCode XrayProtocol::startTun2Sock()
        if (vpnState == Vpn::ConnectionState::Connected) {
            setConnectionState(Vpn::ConnectionState::Connecting);
            QList<QHostAddress> dnsAddr;
            dnsAddr.push_back(QHostAddress(m_configData.value(config_key::dns1).toString()));
-            dnsAddr.push_back(QHostAddress(m_configData.value(config_key::dns2).toString()));
+            // We don't use secondary DNS if primary DNS is AmneziaDNS
            if (!m_configData.value(amnezia::config_key::dns1).toString().
                 contains(amnezia::protocols::dns::amneziaDnsIp)) {
                dnsAddr.push_back(QHostAddress(m_configData.value(config_key::dns2).toString()));
            }
 #ifdef Q_OS_WIN
            QThread::msleep(8000);
 #endif
@ -134,7 +139,7 @@ ErrorCode XrayProtocol::startTun2Sock()
                    // killSwitch toggle
                    if (m_vpnLocalAddress == netInterfaces.at(i).addressEntries().at(j).ip().toString()) {
                        if (QVariant(m_configData.value(config_key::killSwitchOption).toString()).toBool()) {
-                            IpcClient::Interface()->enableKillSwitch(QJsonObject(), netInterfaces.at(i).index());
+                            IpcClient::Interface()->enableKillSwitch(m_configData, netInterfaces.at(i).index());
                        }
                        m_configData.insert("vpnAdapterIndex", netInterfaces.at(i).index());
                        m_configData.insert("vpnGateway", m_vpnGateway);
--- a/client/resources.qrc
+++ b/client/resources.qrc
@ -239,6 +239,7 @@
        <file>ui/qml/Components/ApiPremV1MigrationDrawer.qml</file>
        <file>ui/qml/Components/ApiPremV1SubListDrawer.qml</file>
        <file>ui/qml/Components/OtpCodeDrawer.qml</file>
        <file>ui/qml/Components/AwgTextField.qml</file>
    </qresource>
    <qresource prefix="/countriesFlags">
        <file>images/flagKit/ZW.svg</file>
--- a/client/server_scripts/awg/Dockerfile
+++ b/client/server_scripts/awg/Dockerfile
@ -1,4 +1,4 @@
-FROM marko1777/awg:latest
+FROM amneziavpn/amnezia-wg:latest
 LABEL maintainer="AmneziaVPN"
--- a/client/server_scripts/check_server_is_busy.sh
+++ b/client/server_scripts/check_server_is_busy.sh
@ -1,6 +1,7 @@
-if which apt-get > /dev/null 2>&1; then LOCK_FILE="/var/lib/dpkg/lock-frontend";\
+if which apt-get > /dev/null 2>&1; then LOCK_CMD="fuser"; LOCK_FILE="/var/lib/dpkg/lock-frontend";\
-elif which dnf > /dev/null 2>&1; then LOCK_FILE="/var/run/dnf.pid";\
+elif which dnf > /dev/null 2>&1; then LOCK_CMD="fuser"; LOCK_FILE="/var/cache/dnf/* /var/run/dnf/* /var/lib/dnf/* /var/lib/rpm/*";\
-elif which yum > /dev/null 2>&1; then LOCK_FILE="/var/run/yum.pid";\
+elif which yum > /dev/null 2>&1; then LOCK_CMD="cat"; LOCK_FILE="/var/run/yum.pid";\
-elif which pacman > /dev/null 2>&1; then LOCK_FILE="/var/lib/pacman/db.lck";\
+elif which zypper > /dev/null 2>&1; then LOCK_CMD="cat"; LOCK_FILE="/var/run/zypp.pid";\
 elif which pacman > /dev/null 2>&1; then LOCK_CMD="fuser"; LOCK_FILE="/var/lib/pacman/db.lck";\
 else echo "Packet manager not found"; echo "Internal error"; exit 1; fi;\
-if command -v fuser > /dev/null 2>&1; then sudo fuser $LOCK_FILE 2>/dev/null; else echo "fuser not installed"; fi
+if command -v $LOCK_CMD > /dev/null 2>&1; then sudo $LOCK_CMD $LOCK_FILE 2>/dev/null; else echo "$LOCK_CMD not installed"; fi
--- a/client/server_scripts/check_user_in_sudo.sh
+++ b/client/server_scripts/check_user_in_sudo.sh
@ -1,6 +1,7 @@
 if which apt-get > /dev/null 2>&1; then pm=$(which apt-get); opt="--version";\
 elif which dnf > /dev/null 2>&1; then pm=$(which dnf); opt="--version";\
 elif which yum > /dev/null 2>&1; then pm=$(which yum); opt="--version";\
 elif which zypper > /dev/null 2>&1; then pm=$(which zypper); opt="--version";\
 elif which pacman > /dev/null 2>&1; then pm=$(which pacman); opt="--version";\
 else pm="uname"; opt="-a";\
 fi;\
--- a/client/server_scripts/install_docker.sh
+++ b/client/server_scripts/install_docker.sh
@ -1,6 +1,7 @@
 if which apt-get > /dev/null 2>&1; then pm=$(which apt-get); silent_inst="-yq install"; check_pkgs="-yq update"; docker_pkg="docker.io"; dist="debian";\
 elif which dnf > /dev/null 2>&1; then pm=$(which dnf); silent_inst="-yq install"; check_pkgs="-yq check-update"; docker_pkg="docker"; dist="fedora";\
 elif which yum > /dev/null 2>&1; then pm=$(which yum); silent_inst="-y -q install"; check_pkgs="-y -q check-update"; docker_pkg="docker"; dist="centos";\
 elif which zypper > /dev/null 2>&1; then pm=$(which zypper); silent_inst="-nq install"; check_pkgs="-nq refresh"; docker_pkg="docker"; dist="opensuse";\
 elif which pacman > /dev/null 2>&1; then pm=$(which pacman); silent_inst="-S --noconfirm --noprogressbar --quiet"; check_pkgs="-Sup"; docker_pkg="docker"; dist="archlinux";\
 else echo "Packet manager not found"; exit 1; fi;\
 echo "Dist: $dist, Packet manager: $pm, Install command: $silent_inst, Check pkgs command: $check_pkgs, Docker pkg: $docker_pkg";\
--- a/client/translations/amneziavpn_ar_EG.ts
+++ b/client/translations/amneziavpn_ar_EG.ts
--- a/client/translations/amneziavpn_fa_IR.ts
+++ b/client/translations/amneziavpn_fa_IR.ts
--- a/client/translations/amneziavpn_hi_IN.ts
+++ b/client/translations/amneziavpn_hi_IN.ts
--- a/client/translations/amneziavpn_my_MM.ts
+++ b/client/translations/amneziavpn_my_MM.ts
--- a/client/translations/amneziavpn_ru_RU.ts
+++ b/client/translations/amneziavpn_ru_RU.ts
@ -358,7 +358,7 @@
 <context>
    <name>ContextMenuType</name>
    <message>
-        <location filename="../ui/qml/Controls2/ContextMenuType.qml" line="9"/>
+        <location filename="../ui/qml/Controls2/ContextMenuType.qml" line="10"/>
        <source>C&amp;ut</source>
        <translation>Вырезать</translation>
    </message>
@ -368,12 +368,12 @@
        <translation>Копировать</translation>
    </message>
    <message>
-        <location filename="../ui/qml/Controls2/ContextMenuType.qml" line="21"/>
+        <location filename="../ui/qml/Controls2/ContextMenuType.qml" line="20"/>
        <source>&amp;Paste</source>
        <translation>Вставить</translation>
    </message>
    <message>
-        <location filename="../ui/qml/Controls2/ContextMenuType.qml" line="29"/>
+        <location filename="../ui/qml/Controls2/ContextMenuType.qml" line="27"/>
        <source>&amp;SelectAll</source>
        <translation>Выбрать всё</translation>
    </message>
@ -436,17 +436,17 @@ Can&apos;t be disabled for current server</source>
 <context>
    <name>ImportController</name>
    <message>
-        <location filename="../ui/controllers/importController.cpp" line="677"/>
+        <location filename="../ui/controllers/importController.cpp" line="650"/>
        <source>Scanned %1 of %2.</source>
        <translation>Отсканировано %1 из %2.</translation>
    </message>
    <message>
-        <location filename="../ui/controllers/importController.cpp" line="712"/>
+        <location filename="../ui/controllers/importController.cpp" line="685"/>
        <source>This configuration contains an OpenVPN setup. OpenVPN configurations can include malicious scripts, so only add it if you fully trust the provider of this config. </source>
        <translation>Эта конфигурация содержит настройки OpenVPN. Конфигурации OpenVPN могут содержать вредоносные скрипты, поэтому добавляйте их только в том случае, если полностью доверяете источнику этого файла. </translation>
    </message>
    <message>
-        <location filename="../ui/controllers/importController.cpp" line="716"/>
+        <location filename="../ui/controllers/importController.cpp" line="689"/>
        <source>&lt;br&gt;In the imported configuration, potentially dangerous lines were found:</source>
        <translation>&lt;br&gt;В импортированной конфигурации обнаружены потенциально опасные строки:</translation>
    </message>
@ -454,71 +454,71 @@ Can&apos;t be disabled for current server</source>
 <context>
    <name>InstallController</name>
    <message>
-        <location filename="../ui/controllers/installController.cpp" line="168"/>
+        <location filename="../ui/controllers/installController.cpp" line="156"/>
        <source>%1 installed successfully. </source>
        <translation>%1 успешно установлен. </translation>
    </message>
    <message>
-        <location filename="../ui/controllers/installController.cpp" line="170"/>
+        <location filename="../ui/controllers/installController.cpp" line="158"/>
        <source>%1 is already installed on the server. </source>
        <translation>%1 уже установлен на сервер. </translation>
    </message>
    <message>
-        <location filename="../ui/controllers/installController.cpp" line="190"/>
+        <location filename="../ui/controllers/installController.cpp" line="178"/>
        <source>
 Added containers that were already installed on the server</source>
        <translation>
 Добавлены сервисы и протоколы, которые были ранее установлены на сервер</translation>
    </message>
    <message>
-        <location filename="../ui/controllers/installController.cpp" line="270"/>
+        <location filename="../ui/controllers/installController.cpp" line="258"/>
        <source>
 Already installed containers were found on the server. All installed containers have been added to the application</source>
        <translation>
 На сервере обнаружены установленные протоколы и сервисы. Все они были добавлены в приложение</translation>
    </message>
    <message>
-        <location filename="../ui/controllers/installController.cpp" line="604"/>
+        <location filename="../ui/controllers/installController.cpp" line="582"/>
        <source>Settings updated successfully</source>
        <translation>Настройки успешно обновлены</translation>
    </message>
    <message>
-        <location filename="../ui/controllers/installController.cpp" line="621"/>
+        <location filename="../ui/controllers/installController.cpp" line="599"/>
        <source>Server &apos;%1&apos; was rebooted</source>
        <translation>Сервер &apos;%1&apos; был перезагружен</translation>
    </message>
    <message>
-        <location filename="../ui/controllers/installController.cpp" line="633"/>
+        <location filename="../ui/controllers/installController.cpp" line="611"/>
        <source>Server &apos;%1&apos; was removed</source>
        <translation>Сервер &apos;%1&apos; был удален</translation>
    </message>
    <message>
-        <location filename="../ui/controllers/installController.cpp" line="644"/>
+        <location filename="../ui/controllers/installController.cpp" line="622"/>
        <source>All containers from server &apos;%1&apos; have been removed</source>
        <translation>Все протоколы и сервисы были удалены с сервера &apos;%1&apos;</translation>
    </message>
    <message>
-        <location filename="../ui/controllers/installController.cpp" line="662"/>
+        <location filename="../ui/controllers/installController.cpp" line="640"/>
        <source>%1 has been removed from the server &apos;%2&apos;</source>
        <translation>%1 был удален с сервера &apos;%2&apos;</translation>
    </message>
    <message>
-        <location filename="../ui/controllers/installController.cpp" line="671"/>
+        <location filename="../ui/controllers/installController.cpp" line="649"/>
        <source>Api config removed</source>
        <translation>Конфигурация API удалена</translation>
    </message>
    <message>
-        <location filename="../ui/controllers/installController.cpp" line="693"/>
+        <location filename="../ui/controllers/installController.cpp" line="671"/>
        <source>%1 cached profile cleared</source>
        <translation>%1 закэшированный профиль очищен</translation>
    </message>
    <message>
-        <location filename="../ui/controllers/installController.cpp" line="832"/>
+        <location filename="../ui/controllers/installController.cpp" line="810"/>
        <source>Please login as the user</source>
        <translation>Пожалуйста, войдите в систему от имени пользователя</translation>
    </message>
    <message>
-        <location filename="../ui/controllers/installController.cpp" line="860"/>
+        <location filename="../ui/controllers/installController.cpp" line="838"/>
        <source>Server added successfully</source>
        <translation>Сервер успешно добавлен</translation>
    </message>
@ -690,87 +690,42 @@ Thank you for staying with us!</source>
        <translation>MTU</translation>
    </message>
    <message>
-        <location filename="../ui/qml/Pages2/PageProtocolAwgClientSettings.qml" line="316"/>
+        <location filename="../ui/qml/Pages2/PageProtocolAwgClientSettings.qml" line="181"/>
        <source>Server settings</source>
        <translation>Настройки сервера</translation>
    </message>
    <message>
-        <location filename="../ui/qml/Pages2/PageProtocolAwgClientSettings.qml" line="326"/>
+        <location filename="../ui/qml/Pages2/PageProtocolAwgClientSettings.qml" line="191"/>
        <source>Port</source>
        <translation>Порт</translation>
    </message>
    <message>
-        <location filename="../ui/qml/Pages2/PageProtocolAwgClientSettings.qml" line="181"/>
+        <location filename="../ui/qml/Pages2/PageProtocolAwgClientSettings.qml" line="278"/>
        <source>I1 - First special junk packet</source>
        <translation type="unfinished"></translation>
    </message>
    <message>
        <location filename="../ui/qml/Pages2/PageProtocolAwgClientSettings.qml" line="196"/>
        <source>I2 - Second special junk packet</source>
        <translation type="unfinished"></translation>
    </message>
    <message>
        <location filename="../ui/qml/Pages2/PageProtocolAwgClientSettings.qml" line="211"/>
        <source>I3 - Third special junk packet</source>
        <translation type="unfinished"></translation>
    </message>
    <message>
        <location filename="../ui/qml/Pages2/PageProtocolAwgClientSettings.qml" line="226"/>
        <source>I4 - Fourth special junk packet</source>
        <translation type="unfinished"></translation>
    </message>
    <message>
        <location filename="../ui/qml/Pages2/PageProtocolAwgClientSettings.qml" line="241"/>
        <source>I5 - Fifth special junk packet</source>
        <translation type="unfinished"></translation>
    </message>
    <message>
        <location filename="../ui/qml/Pages2/PageProtocolAwgClientSettings.qml" line="256"/>
        <source>J1 - First controlled junk packet</source>
        <translation type="unfinished"></translation>
    </message>
    <message>
        <location filename="../ui/qml/Pages2/PageProtocolAwgClientSettings.qml" line="271"/>
        <source>J2 - Second controlled junk packet</source>
        <translation type="unfinished"></translation>
    </message>
    <message>
        <location filename="../ui/qml/Pages2/PageProtocolAwgClientSettings.qml" line="286"/>
        <source>J3 - Third controlled junk packet</source>
        <translation type="unfinished"></translation>
    </message>
    <message>
        <location filename="../ui/qml/Pages2/PageProtocolAwgClientSettings.qml" line="301"/>
        <source>Itime - Special handshake timeout</source>
        <translation type="unfinished"></translation>
    </message>
    <message>
        <location filename="../ui/qml/Pages2/PageProtocolAwgClientSettings.qml" line="414"/>
        <source>Save</source>
        <translation>Сохранить</translation>
    </message>
    <message>
-        <location filename="../ui/qml/Pages2/PageProtocolAwgClientSettings.qml" line="424"/>
+        <location filename="../ui/qml/Pages2/PageProtocolAwgClientSettings.qml" line="288"/>
        <source>Save settings?</source>
        <translation>Сохранить настройки?</translation>
    </message>
    <message>
-        <location filename="../ui/qml/Pages2/PageProtocolAwgClientSettings.qml" line="425"/>
+        <location filename="../ui/qml/Pages2/PageProtocolAwgClientSettings.qml" line="289"/>
        <source>Only the settings for this device will be changed</source>
        <translation>Будут изменены настройки только для этого устройства</translation>
    </message>
    <message>
-        <location filename="../ui/qml/Pages2/PageProtocolAwgClientSettings.qml" line="426"/>
+        <location filename="../ui/qml/Pages2/PageProtocolAwgClientSettings.qml" line="290"/>
        <source>Continue</source>
        <translation>Продолжить</translation>
    </message>
    <message>
-        <location filename="../ui/qml/Pages2/PageProtocolAwgClientSettings.qml" line="427"/>
+        <location filename="../ui/qml/Pages2/PageProtocolAwgClientSettings.qml" line="291"/>
        <source>Cancel</source>
        <translation>Отменить</translation>
    </message>
    <message>
-        <location filename="../ui/qml/Pages2/PageProtocolAwgClientSettings.qml" line="431"/>
+        <location filename="../ui/qml/Pages2/PageProtocolAwgClientSettings.qml" line="295"/>
        <source>Unable change settings while there is an active connection</source>
        <translation>Невозможно изменить настройки во время активного соединения</translation>
    </message>
@ -788,12 +743,12 @@ Thank you for staying with us!</source>
        <translation>Порт</translation>
    </message>
    <message>
-        <location filename="../ui/qml/Pages2/PageProtocolAwgSettings.qml" line="376"/>
+        <location filename="../ui/qml/Pages2/PageProtocolAwgSettings.qml" line="366"/>
        <source>All users with whom you shared a connection with will no longer be able to connect to it.</source>
        <translation>Все пользователи, с которыми вы поделились конфигурацией вашего VPN, больше не смогут к нему подключаться.</translation>
    </message>
    <message>
-        <location filename="../ui/qml/Pages2/PageProtocolAwgSettings.qml" line="348"/>
+        <location filename="../ui/qml/Pages2/PageProtocolAwgSettings.qml" line="338"/>
        <source>Save</source>
        <translation>Сохранить</translation>
    </message>
@ -838,42 +793,42 @@ Thank you for staying with us!</source>
        <translation>H2 - Response packet magic header</translation>
    </message>
    <message>
-        <location filename="../ui/qml/Pages2/PageProtocolAwgSettings.qml" line="306"/>
+        <location filename="../ui/qml/Pages2/PageProtocolAwgSettings.qml" line="288"/>
        <source>H4 - Transport packet magic header</source>
        <translation>H4 - Transport packet magic header</translation>
    </message>
    <message>
-        <location filename="../ui/qml/Pages2/PageProtocolAwgSettings.qml" line="288"/>
+        <location filename="../ui/qml/Pages2/PageProtocolAwgSettings.qml" line="306"/>
        <source>H3 - Underload packet magic header</source>
        <translation>H3 - Underload packet magic header</translation>
    </message>
    <message>
-        <location filename="../ui/qml/Pages2/PageProtocolAwgSettings.qml" line="364"/>
+        <location filename="../ui/qml/Pages2/PageProtocolAwgSettings.qml" line="354"/>
        <source>The values of the H1-H4 fields must be unique</source>
        <translation>Значения в полях H1-H4 должны быть уникальными</translation>
    </message>
    <message>
-        <location filename="../ui/qml/Pages2/PageProtocolAwgSettings.qml" line="370"/>
+        <location filename="../ui/qml/Pages2/PageProtocolAwgSettings.qml" line="360"/>
        <source>The value of the field S1 + message initiation size (148) must not equal S2 + message response size (92)</source>
        <translation>Значение в поле S1 + размер инициации сообщения (148) не должно равняться значению в поле S2 + размер ответа на сообщение (92)</translation>
    </message>
    <message>
-        <location filename="../ui/qml/Pages2/PageProtocolAwgSettings.qml" line="375"/>
+        <location filename="../ui/qml/Pages2/PageProtocolAwgSettings.qml" line="365"/>
        <source>Save settings?</source>
        <translation>Сохранить настройки?</translation>
    </message>
    <message>
-        <location filename="../ui/qml/Pages2/PageProtocolAwgSettings.qml" line="377"/>
+        <location filename="../ui/qml/Pages2/PageProtocolAwgSettings.qml" line="367"/>
        <source>Continue</source>
        <translation>Продолжить</translation>
    </message>
    <message>
-        <location filename="../ui/qml/Pages2/PageProtocolAwgSettings.qml" line="378"/>
+        <location filename="../ui/qml/Pages2/PageProtocolAwgSettings.qml" line="368"/>
        <source>Cancel</source>
        <translation>Отменить</translation>
    </message>
    <message>
-        <location filename="../ui/qml/Pages2/PageProtocolAwgSettings.qml" line="382"/>
+        <location filename="../ui/qml/Pages2/PageProtocolAwgSettings.qml" line="372"/>
        <source>Unable change settings while there is an active connection</source>
        <translation>Невозможно изменить настройки во время активного соединения</translation>
    </message>
@ -4811,12 +4766,12 @@ For more detailed information, you can
 <context>
    <name>SettingsController</name>
    <message>
-        <location filename="../ui/controllers/settingsController.cpp" line="199"/>
+        <location filename="../ui/controllers/settingsController.cpp" line="170"/>
        <source>All settings have been reset to default values</source>
        <translation>Все настройки сброшены до значений по умолчанию</translation>
    </message>
    <message>
-        <location filename="../ui/controllers/settingsController.cpp" line="175"/>
+        <location filename="../ui/controllers/settingsController.cpp" line="148"/>
        <source>Backup file is corrupted</source>
        <translation>Файл резервной копии поврежден</translation>
    </message>
--- a/client/translations/amneziavpn_uk_UA.ts
+++ b/client/translations/amneziavpn_uk_UA.ts
--- a/client/translations/amneziavpn_ur_PK.ts
+++ b/client/translations/amneziavpn_ur_PK.ts
--- a/client/translations/amneziavpn_zh_CN.ts
+++ b/client/translations/amneziavpn_zh_CN.ts
--- a/client/ui/controllers/api/apiConfigsController.cpp
+++ b/client/ui/controllers/api/apiConfigsController.cpp
@ -18,6 +18,7 @@ namespace
    {
        constexpr char cloak[] = "cloak";
        constexpr char awg[] = "awg";
        constexpr char vless[] = "vless";
        constexpr char apiEndpoint[] = "api_endpoint";
        constexpr char accessToken[] = "api_key";
@ -35,10 +36,6 @@ namespace
        constexpr char serviceInfo[] = "service_info";
        constexpr char serviceProtocol[] = "service_protocol";
        constexpr char aesKey[] = "aes_key";
        constexpr char aesIv[] = "aes_iv";
        constexpr char aesSalt[] = "aes_salt";
        constexpr char apiPayload[] = "api_payload";
        constexpr char keyPayload[] = "key_payload";
@ -47,6 +44,185 @@ namespace
        constexpr char config[] = "config";
    }
    struct ProtocolData
    {
        OpenVpnConfigurator::ConnectionData certRequest;
        QString wireGuardClientPrivKey;
        QString wireGuardClientPubKey;
        QString xrayUuid;
    };
    struct GatewayRequestData
    {
        QString osVersion;
        QString appVersion;
        QString installationUuid;
        QString userCountryCode;
        QString serverCountryCode;
        QString serviceType;
        QString serviceProtocol;
        QJsonObject authData;
        QJsonObject toJsonObject() const
        {
            QJsonObject obj;
            if (!osVersion.isEmpty()) {
                obj[configKey::osVersion] = osVersion;
            }
            if (!appVersion.isEmpty()) {
                obj[configKey::appVersion] = appVersion;
            }
            if (!installationUuid.isEmpty()) {
                obj[configKey::uuid] = installationUuid;
            }
            if (!userCountryCode.isEmpty()) {
                obj[configKey::userCountryCode] = userCountryCode;
            }
            if (!serverCountryCode.isEmpty()) {
                obj[configKey::serverCountryCode] = serverCountryCode;
            }
            if (!serviceType.isEmpty()) {
                obj[configKey::serviceType] = serviceType;
            }
            if (!serviceProtocol.isEmpty()) {
                obj[configKey::serviceProtocol] = serviceProtocol;
            }
            if (!authData.isEmpty()) {
                obj[configKey::authData] = authData;
            }
            return obj;
        }
    };
    ProtocolData generateProtocolData(const QString &protocol)
    {
        ProtocolData protocolData;
        if (protocol == configKey::cloak) {
            protocolData.certRequest = OpenVpnConfigurator::createCertRequest();
        } else if (protocol == configKey::awg) {
            auto connData = WireguardConfigurator::genClientKeys();
            protocolData.wireGuardClientPubKey = connData.clientPubKey;
            protocolData.wireGuardClientPrivKey = connData.clientPrivKey;
        } else if (protocol == configKey::vless) {
            protocolData.xrayUuid = QUuid::createUuid().toString(QUuid::WithoutBraces);
        }
        return protocolData;
    }
    void appendProtocolDataToApiPayload(const QString &protocol, const ProtocolData &protocolData, QJsonObject &apiPayload)
    {
        if (protocol == configKey::cloak) {
            apiPayload[configKey::certificate] = protocolData.certRequest.request;
        } else if (protocol == configKey::awg) {
            apiPayload[configKey::publicKey] = protocolData.wireGuardClientPubKey;
        } else if (protocol == configKey::vless) {
            apiPayload[configKey::publicKey] = protocolData.xrayUuid;
        }
    }
    ErrorCode fillServerConfig(const QString &protocol, const ProtocolData &apiPayloadData, const QByteArray &apiResponseBody,
                               QJsonObject &serverConfig)
    {
        QString data = QJsonDocument::fromJson(apiResponseBody).object().value(config_key::config).toString();
        data.replace("vpn://", "");
        QByteArray ba = QByteArray::fromBase64(data.toUtf8(), QByteArray::Base64UrlEncoding | QByteArray::OmitTrailingEquals);
        if (ba.isEmpty()) {
            qDebug() << "empty vpn key";
            return ErrorCode::ApiConfigEmptyError;
        }
        QByteArray ba_uncompressed = qUncompress(ba);
        if (!ba_uncompressed.isEmpty()) {
            ba = ba_uncompressed;
        }
        QString configStr = ba;
        if (protocol == configKey::cloak) {
            configStr.replace("<key>", "<key>\n");
            configStr.replace("$OPENVPN_PRIV_KEY", apiPayloadData.certRequest.privKey);
        } else if (protocol == configKey::awg) {
            configStr.replace("$WIREGUARD_CLIENT_PRIVATE_KEY", apiPayloadData.wireGuardClientPrivKey);
            auto newServerConfig = QJsonDocument::fromJson(configStr.toUtf8()).object();
            auto containers = newServerConfig.value(config_key::containers).toArray();
            if (containers.isEmpty()) {
                qDebug() << "missing containers field";
                return ErrorCode::ApiConfigEmptyError;
            }
            auto container = containers.at(0).toObject();
            QString containerName = ContainerProps::containerTypeToString(DockerContainer::Awg);
            auto serverProtocolConfig = container.value(containerName).toObject();
            auto clientProtocolConfig =
                    QJsonDocument::fromJson(serverProtocolConfig.value(config_key::last_config).toString().toUtf8()).object();
            //TODO looks like this block can be removed after v1 configs EOL
            serverProtocolConfig[config_key::junkPacketCount] = clientProtocolConfig.value(config_key::junkPacketCount);
            serverProtocolConfig[config_key::junkPacketMinSize] = clientProtocolConfig.value(config_key::junkPacketMinSize);
            serverProtocolConfig[config_key::junkPacketMaxSize] = clientProtocolConfig.value(config_key::junkPacketMaxSize);
            serverProtocolConfig[config_key::initPacketJunkSize] = clientProtocolConfig.value(config_key::initPacketJunkSize);
            serverProtocolConfig[config_key::responsePacketJunkSize] = clientProtocolConfig.value(config_key::responsePacketJunkSize);
            serverProtocolConfig[config_key::initPacketMagicHeader] = clientProtocolConfig.value(config_key::initPacketMagicHeader);
            serverProtocolConfig[config_key::responsePacketMagicHeader] = clientProtocolConfig.value(config_key::responsePacketMagicHeader);
            serverProtocolConfig[config_key::underloadPacketMagicHeader] = clientProtocolConfig.value(config_key::underloadPacketMagicHeader);
            serverProtocolConfig[config_key::transportPacketMagicHeader] = clientProtocolConfig.value(config_key::transportPacketMagicHeader);
            serverProtocolConfig[config_key::cookieReplyPacketJunkSize] = clientProtocolConfig.value(config_key::cookieReplyPacketJunkSize);
            serverProtocolConfig[config_key::transportPacketJunkSize] = clientProtocolConfig.value(config_key::transportPacketJunkSize);
            serverProtocolConfig[config_key::specialJunk1] = clientProtocolConfig.value(config_key::specialJunk1);
            serverProtocolConfig[config_key::specialJunk2] = clientProtocolConfig.value(config_key::specialJunk2);
            serverProtocolConfig[config_key::specialJunk3] = clientProtocolConfig.value(config_key::specialJunk3);
            serverProtocolConfig[config_key::specialJunk4] = clientProtocolConfig.value(config_key::specialJunk4);
            serverProtocolConfig[config_key::specialJunk5] = clientProtocolConfig.value(config_key::specialJunk5);
            serverProtocolConfig[config_key::controlledJunk1] = clientProtocolConfig.value(config_key::controlledJunk1);
            serverProtocolConfig[config_key::controlledJunk2] = clientProtocolConfig.value(config_key::controlledJunk2);
            serverProtocolConfig[config_key::controlledJunk3] = clientProtocolConfig.value(config_key::controlledJunk3);
            serverProtocolConfig[config_key::specialHandshakeTimeout] = clientProtocolConfig.value(config_key::specialHandshakeTimeout);
            //
            container[containerName] = serverProtocolConfig;
            containers.replace(0, container);
            newServerConfig[config_key::containers] = containers;
            configStr = QString(QJsonDocument(newServerConfig).toJson());
        }
        QJsonObject newServerConfig = QJsonDocument::fromJson(configStr.toUtf8()).object();
        serverConfig[config_key::dns1] = newServerConfig.value(config_key::dns1);
        serverConfig[config_key::dns2] = newServerConfig.value(config_key::dns2);
        serverConfig[config_key::containers] = newServerConfig.value(config_key::containers);
        serverConfig[config_key::hostName] = newServerConfig.value(config_key::hostName);
        if (newServerConfig.value(config_key::configVersion).toInt() == apiDefs::ConfigSource::AmneziaGateway) {
            serverConfig[config_key::configVersion] = newServerConfig.value(config_key::configVersion);
            serverConfig[config_key::description] = newServerConfig.value(config_key::description);
            serverConfig[config_key::name] = newServerConfig.value(config_key::name);
        }
        auto defaultContainer = newServerConfig.value(config_key::defaultContainer).toString();
        serverConfig[config_key::defaultContainer] = defaultContainer;
        QVariantMap map = serverConfig.value(configKey::apiConfig).toObject().toVariantMap();
        map.insert(newServerConfig.value(configKey::apiConfig).toObject().toVariantMap());
        auto apiConfig = QJsonObject::fromVariantMap(map);
        if (newServerConfig.value(config_key::configVersion).toInt() == apiDefs::ConfigSource::AmneziaGateway) {
            apiConfig.insert(apiDefs::key::supportedProtocols,
                             QJsonDocument::fromJson(apiResponseBody).object().value(apiDefs::key::supportedProtocols).toArray());
        }
        serverConfig[configKey::apiConfig] = apiConfig;
        return ErrorCode::NoError;
    }
 }
 ApiConfigsController::ApiConfigsController(const QSharedPointer<ServersModel> &serversModel,
@ -63,24 +239,26 @@ bool ApiConfigsController::exportNativeConfig(const QString &serverCountryCode,
        return false;
    }
    GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs,
                                        m_settings->isStrictKillSwitchEnabled());
    auto serverConfigObject = m_serversModel->getServerConfig(m_serversModel->getProcessedServerIndex());
    auto apiConfigObject = serverConfigObject.value(configKey::apiConfig).toObject();
-    QString protocol = apiConfigObject.value(configKey::serviceProtocol).toString();
+    GatewayRequestData gatewayRequestData { QSysInfo::productType(),
-    ApiPayloadData apiPayloadData = generateApiPayloadData(protocol);
+                                            QString(APP_VERSION),
                                            m_settings->getInstallationUuid(true),
                                            apiConfigObject.value(configKey::userCountryCode).toString(),
                                            serverCountryCode,
                                            apiConfigObject.value(configKey::serviceType).toString(),
                                            m_apiServicesModel->getSelectedServiceProtocol(),
                                            serverConfigObject.value(configKey::authData).toObject() };
-    QJsonObject apiPayload = fillApiPayload(protocol, apiPayloadData);
+    QString protocol = apiConfigObject.value(configKey::serviceProtocol).toString();
-    apiPayload[configKey::userCountryCode] = apiConfigObject.value(configKey::userCountryCode);
+    ProtocolData protocolData = generateProtocolData(protocol);
-    apiPayload[configKey::serverCountryCode] = serverCountryCode;
+
-    apiPayload[configKey::serviceType] = apiConfigObject.value(configKey::serviceType);
+    QJsonObject apiPayload = gatewayRequestData.toJsonObject();
-    apiPayload[configKey::authData] = serverConfigObject.value(configKey::authData);
+    appendProtocolDataToApiPayload(gatewayRequestData.serviceProtocol, protocolData, apiPayload);
    apiPayload[apiDefs::key::cliVersion] = QString(APP_VERSION);
    QByteArray responseBody;
-    ErrorCode errorCode = gatewayController.post(QString("%1v1/native_config"), apiPayload, responseBody);
+    ErrorCode errorCode = executeRequest(QString("%1v1/native_config"), apiPayload, responseBody);
    if (errorCode != ErrorCode::NoError) {
        emit errorOccurred(errorCode);
        return false;
@ -88,7 +266,7 @@ bool ApiConfigsController::exportNativeConfig(const QString &serverCountryCode,
    QJsonObject jsonConfig = QJsonDocument::fromJson(responseBody).object();
    QString nativeConfig = jsonConfig.value(configKey::config).toString();
-    nativeConfig.replace("$WIREGUARD_CLIENT_PRIVATE_KEY", apiPayloadData.wireGuardClientPrivKey);
+    nativeConfig.replace("$WIREGUARD_CLIENT_PRIVATE_KEY", protocolData.wireGuardClientPrivKey);
    SystemController::saveFile(fileName, nativeConfig);
    return true;
@ -96,24 +274,22 @@ bool ApiConfigsController::exportNativeConfig(const QString &serverCountryCode,
 bool ApiConfigsController::revokeNativeConfig(const QString &serverCountryCode)
 {
    GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs,
                                        m_settings->isStrictKillSwitchEnabled());
    auto serverConfigObject = m_serversModel->getServerConfig(m_serversModel->getProcessedServerIndex());
    auto apiConfigObject = serverConfigObject.value(configKey::apiConfig).toObject();
-    QString protocol = apiConfigObject.value(configKey::serviceProtocol).toString();
+    GatewayRequestData gatewayRequestData { QSysInfo::productType(),
-    ApiPayloadData apiPayloadData = generateApiPayloadData(protocol);
+                                            QString(APP_VERSION),
                                            m_settings->getInstallationUuid(true),
                                            apiConfigObject.value(configKey::userCountryCode).toString(),
                                            serverCountryCode,
                                            apiConfigObject.value(configKey::serviceType).toString(),
                                            m_apiServicesModel->getSelectedServiceProtocol(),
                                            serverConfigObject.value(configKey::authData).toObject() };
-    QJsonObject apiPayload = fillApiPayload(protocol, apiPayloadData);
+    QJsonObject apiPayload = gatewayRequestData.toJsonObject();
    apiPayload[configKey::userCountryCode] = apiConfigObject.value(configKey::userCountryCode);
    apiPayload[configKey::serverCountryCode] = serverCountryCode;
    apiPayload[configKey::serviceType] = apiConfigObject.value(configKey::serviceType);
    apiPayload[configKey::authData] = serverConfigObject.value(configKey::authData);
    apiPayload[apiDefs::key::cliVersion] = QString(APP_VERSION);
    QByteArray responseBody;
-    ErrorCode errorCode = gatewayController.post(QString("%1v1/revoke_native_config"), apiPayload, responseBody);
+    ErrorCode errorCode = executeRequest(QString("%1v1/revoke_native_config"), apiPayload, responseBody);
    if (errorCode != ErrorCode::NoError && errorCode != ErrorCode::ApiNotFoundError) {
        emit errorOccurred(errorCode);
        return false;
@ -144,14 +320,11 @@ void ApiConfigsController::copyVpnKeyToClipboard()
 bool ApiConfigsController::fillAvailableServices()
 {
    GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs,
                                        m_settings->isStrictKillSwitchEnabled());
    QJsonObject apiPayload;
    apiPayload[configKey::osVersion] = QSysInfo::productType();
    QByteArray responseBody;
-    ErrorCode errorCode = gatewayController.post(QString("%1v1/services"), apiPayload, responseBody);
+    ErrorCode errorCode = executeRequest(QString("%1v1/services"), apiPayload, responseBody);
    if (errorCode == ErrorCode::NoError) {
        if (!responseBody.contains("services")) {
            errorCode = ErrorCode::ApiServicesMissingError;
@ -170,34 +343,36 @@ bool ApiConfigsController::fillAvailableServices()
 bool ApiConfigsController::importServiceFromGateway()
 {
-    if (m_serversModel->isServerFromApiAlreadyExists(m_apiServicesModel->getCountryCode(), m_apiServicesModel->getSelectedServiceType(),
+    GatewayRequestData gatewayRequestData { QSysInfo::productType(),
-                                                     m_apiServicesModel->getSelectedServiceProtocol())) {
+                                            QString(APP_VERSION),
                                            m_settings->getInstallationUuid(true),
                                            m_apiServicesModel->getCountryCode(),
                                            "",
                                            m_apiServicesModel->getSelectedServiceType(),
                                            m_apiServicesModel->getSelectedServiceProtocol(),
                                            QJsonObject() };
    if (m_serversModel->isServerFromApiAlreadyExists(gatewayRequestData.userCountryCode, gatewayRequestData.serviceType,
                                                     gatewayRequestData.serviceProtocol)) {
        emit errorOccurred(ErrorCode::ApiConfigAlreadyAdded);
        return false;
    }
-    GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs,
+    ProtocolData protocolData = generateProtocolData(gatewayRequestData.serviceProtocol);
                                        m_settings->isStrictKillSwitchEnabled());
-    auto installationUuid = m_settings->getInstallationUuid(true);
+    QJsonObject apiPayload = gatewayRequestData.toJsonObject();
-    auto userCountryCode = m_apiServicesModel->getCountryCode();
+    appendProtocolDataToApiPayload(gatewayRequestData.serviceProtocol, protocolData, apiPayload);
    auto serviceType = m_apiServicesModel->getSelectedServiceType();
    auto serviceProtocol = m_apiServicesModel->getSelectedServiceProtocol();
    ApiPayloadData apiPayloadData = generateApiPayloadData(serviceProtocol);
    QJsonObject apiPayload = fillApiPayload(serviceProtocol, apiPayloadData);
    apiPayload[configKey::userCountryCode] = userCountryCode;
    apiPayload[configKey::serviceType] = serviceType;
    apiPayload[configKey::uuid] = installationUuid;
    apiPayload[apiDefs::key::cliVersion] = QString(APP_VERSION);
    QByteArray responseBody;
-    ErrorCode errorCode = gatewayController.post(QString("%1v1/config"), apiPayload, responseBody);
+    ErrorCode errorCode = executeRequest(QString("%1v1/config"), apiPayload, responseBody);
    QJsonObject serverConfig;
    if (errorCode == ErrorCode::NoError) {
-        fillServerConfig(serviceProtocol, apiPayloadData, responseBody, serverConfig);
+        errorCode = fillServerConfig(gatewayRequestData.serviceProtocol, protocolData, responseBody, serverConfig);
        if (errorCode != ErrorCode::NoError) {
            emit errorOccurred(errorCode);
            return false;
        }
        QJsonObject apiConfig = serverConfig.value(configKey::apiConfig).toObject();
        apiConfig.insert(configKey::userCountryCode, m_apiServicesModel->getCountryCode());
@ -218,39 +393,33 @@ bool ApiConfigsController::importServiceFromGateway()
 bool ApiConfigsController::updateServiceFromGateway(const int serverIndex, const QString &newCountryCode, const QString &newCountryName,
                                                    bool reloadServiceConfig)
 {
    GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs,
                                        m_settings->isStrictKillSwitchEnabled());
    auto serverConfig = m_serversModel->getServerConfig(serverIndex);
    auto apiConfig = serverConfig.value(configKey::apiConfig).toObject();
    auto authData = serverConfig.value(configKey::authData).toObject();
-    auto installationUuid = m_settings->getInstallationUuid(true);
+    GatewayRequestData gatewayRequestData { QSysInfo::productType(),
-    auto userCountryCode = apiConfig.value(configKey::userCountryCode).toString();
+                                            QString(APP_VERSION),
-    auto serviceType = apiConfig.value(configKey::serviceType).toString();
+                                            m_settings->getInstallationUuid(true),
-    auto serviceProtocol = apiConfig.value(configKey::serviceProtocol).toString();
+                                            apiConfig.value(configKey::userCountryCode).toString(),
                                            newCountryCode,
                                            apiConfig.value(configKey::serviceType).toString(),
                                            apiConfig.value(configKey::serviceProtocol).toString(),
                                            serverConfig.value(configKey::authData).toObject() };
-    ApiPayloadData apiPayloadData = generateApiPayloadData(serviceProtocol);
+    ProtocolData protocolData = generateProtocolData(gatewayRequestData.serviceProtocol);
-    QJsonObject apiPayload = fillApiPayload(serviceProtocol, apiPayloadData);
+    QJsonObject apiPayload = gatewayRequestData.toJsonObject();
-    apiPayload[configKey::userCountryCode] = userCountryCode;
+    appendProtocolDataToApiPayload(gatewayRequestData.serviceProtocol, protocolData, apiPayload);
    apiPayload[configKey::serviceType] = serviceType;
    apiPayload[configKey::uuid] = installationUuid;
    apiPayload[apiDefs::key::cliVersion] = QString(APP_VERSION);
    if (!newCountryCode.isEmpty()) {
        apiPayload[configKey::serverCountryCode] = newCountryCode;
    }
    if (!authData.isEmpty()) {
        apiPayload[configKey::authData] = authData;
    }
    QByteArray responseBody;
-    ErrorCode errorCode = gatewayController.post(QString("%1v1/config"), apiPayload, responseBody);
+    ErrorCode errorCode = executeRequest(QString("%1v1/config"), apiPayload, responseBody);
    QJsonObject newServerConfig;
    if (errorCode == ErrorCode::NoError) {
-        fillServerConfig(serviceProtocol, apiPayloadData, responseBody, newServerConfig);
+        errorCode = fillServerConfig(gatewayRequestData.serviceProtocol, protocolData, responseBody, newServerConfig);
        if (errorCode != ErrorCode::NoError) {
            emit errorOccurred(errorCode);
            return false;
        }
        QJsonObject newApiConfig = newServerConfig.value(configKey::apiConfig).toObject();
        newApiConfig.insert(configKey::userCountryCode, apiConfig.value(configKey::userCountryCode));
@ -259,8 +428,12 @@ bool ApiConfigsController::updateServiceFromGateway(const int serverIndex, const
        newApiConfig.insert(apiDefs::key::vpnKey, apiConfig.value(apiDefs::key::vpnKey));
        newServerConfig.insert(configKey::apiConfig, newApiConfig);
-        newServerConfig.insert(configKey::authData, authData);
+        newServerConfig.insert(configKey::authData, gatewayRequestData.authData);
        if (serverConfig.value(config_key::nameOverriddenByUser).toBool()) {
            newServerConfig.insert(config_key::name, serverConfig.value(config_key::name));
            newServerConfig.insert(config_key::nameOverriddenByUser, true);
        }
        m_serversModel->editServer(newServerConfig, serverIndex);
        if (reloadServiceConfig) {
            emit reloadServerFromApiFinished(tr("API config reloaded"));
@ -290,10 +463,13 @@ bool ApiConfigsController::updateServiceFromTelegram(const int serverIndex)
    auto installationUuid = m_settings->getInstallationUuid(true);
    QString serviceProtocol = serverConfig.value(configKey::protocol).toString();
-    ApiPayloadData apiPayloadData = generateApiPayloadData(serviceProtocol);
+    ProtocolData protocolData = generateProtocolData(serviceProtocol);
-    QJsonObject apiPayload = fillApiPayload(serviceProtocol, apiPayloadData);
+    QJsonObject apiPayload;
    appendProtocolDataToApiPayload(serviceProtocol, protocolData, apiPayload);
    apiPayload[configKey::uuid] = installationUuid;
    apiPayload[configKey::osVersion] = QSysInfo::productType();
    apiPayload[configKey::appVersion] = QString(APP_VERSION);
    apiPayload[configKey::accessToken] = serverConfig.value(configKey::accessToken).toString();
    apiPayload[configKey::apiEndpoint] = serverConfig.value(configKey::apiEndpoint).toString();
@ -301,7 +477,11 @@ bool ApiConfigsController::updateServiceFromTelegram(const int serverIndex)
    ErrorCode errorCode = gatewayController.post(QString("%1v1/proxy_config"), apiPayload, responseBody);
    if (errorCode == ErrorCode::NoError) {
-        fillServerConfig(serviceProtocol, apiPayloadData, responseBody, serverConfig);
+        errorCode = fillServerConfig(serviceProtocol, protocolData, responseBody, serverConfig);
        if (errorCode != ErrorCode::NoError) {
            emit errorOccurred(errorCode);
            return false;
        }
        m_serversModel->editServer(serverConfig, serverIndex);
        emit updateServerFromApiFinished();
@ -314,9 +494,6 @@ bool ApiConfigsController::updateServiceFromTelegram(const int serverIndex)
 bool ApiConfigsController::deactivateDevice()
 {
    GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs,
                                        m_settings->isStrictKillSwitchEnabled());
    auto serverIndex = m_serversModel->getProcessedServerIndex();
    auto serverConfigObject = m_serversModel->getServerConfig(serverIndex);
    auto apiConfigObject = serverConfigObject.value(configKey::apiConfig).toObject();
@ -325,19 +502,19 @@ bool ApiConfigsController::deactivateDevice()
        return true;
    }
-    QString protocol = apiConfigObject.value(configKey::serviceProtocol).toString();
+    GatewayRequestData gatewayRequestData { QSysInfo::productType(),
-    ApiPayloadData apiPayloadData = generateApiPayloadData(protocol);
+                                            QString(APP_VERSION),
                                            m_settings->getInstallationUuid(true),
                                            apiConfigObject.value(configKey::userCountryCode).toString(),
                                            apiConfigObject.value(configKey::serverCountryCode).toString(),
                                            apiConfigObject.value(configKey::serviceType).toString(),
                                            "",
                                            serverConfigObject.value(configKey::authData).toObject() };
-    QJsonObject apiPayload = fillApiPayload(protocol, apiPayloadData);
+    QJsonObject apiPayload = gatewayRequestData.toJsonObject();
    apiPayload[configKey::userCountryCode] = apiConfigObject.value(configKey::userCountryCode);
    apiPayload[configKey::serverCountryCode] = apiConfigObject.value(configKey::serverCountryCode);
    apiPayload[configKey::serviceType] = apiConfigObject.value(configKey::serviceType);
    apiPayload[configKey::authData] = serverConfigObject.value(configKey::authData);
    apiPayload[configKey::uuid] = m_settings->getInstallationUuid(true);
    apiPayload[apiDefs::key::cliVersion] = QString(APP_VERSION);
    QByteArray responseBody;
-    ErrorCode errorCode = gatewayController.post(QString("%1v1/revoke_config"), apiPayload, responseBody);
+    ErrorCode errorCode = executeRequest(QString("%1v1/revoke_config"), apiPayload, responseBody);
    if (errorCode != ErrorCode::NoError && errorCode != ErrorCode::ApiNotFoundError) {
        emit errorOccurred(errorCode);
        return false;
@ -351,9 +528,6 @@ bool ApiConfigsController::deactivateDevice()
 bool ApiConfigsController::deactivateExternalDevice(const QString &uuid, const QString &serverCountryCode)
 {
    GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs,
                                        m_settings->isStrictKillSwitchEnabled());
    auto serverIndex = m_serversModel->getProcessedServerIndex();
    auto serverConfigObject = m_serversModel->getServerConfig(serverIndex);
    auto apiConfigObject = serverConfigObject.value(configKey::apiConfig).toObject();
@ -362,19 +536,19 @@ bool ApiConfigsController::deactivateExternalDevice(const QString &uuid, const Q
        return true;
    }
-    QString protocol = apiConfigObject.value(configKey::serviceProtocol).toString();
+    GatewayRequestData gatewayRequestData { QSysInfo::productType(),
-    ApiPayloadData apiPayloadData = generateApiPayloadData(protocol);
+                                            QString(APP_VERSION),
                                            uuid,
                                            apiConfigObject.value(configKey::userCountryCode).toString(),
                                            serverCountryCode,
                                            apiConfigObject.value(configKey::serviceType).toString(),
                                            "",
                                            serverConfigObject.value(configKey::authData).toObject() };
-    QJsonObject apiPayload = fillApiPayload(protocol, apiPayloadData);
+    QJsonObject apiPayload = gatewayRequestData.toJsonObject();
    apiPayload[configKey::userCountryCode] = apiConfigObject.value(configKey::userCountryCode);
    apiPayload[configKey::serverCountryCode] = serverCountryCode;
    apiPayload[configKey::serviceType] = apiConfigObject.value(configKey::serviceType);
    apiPayload[configKey::authData] = serverConfigObject.value(configKey::authData);
    apiPayload[configKey::uuid] = uuid;
    apiPayload[apiDefs::key::cliVersion] = QString(APP_VERSION);
    QByteArray responseBody;
-    ErrorCode errorCode = gatewayController.post(QString("%1v1/revoke_config"), apiPayload, responseBody);
+    ErrorCode errorCode = executeRequest(QString("%1v1/revoke_config"), apiPayload, responseBody);
    if (errorCode != ErrorCode::NoError && errorCode != ErrorCode::ApiNotFoundError) {
        emit errorOccurred(errorCode);
        return false;
@ -413,117 +587,29 @@ bool ApiConfigsController::isConfigValid()
    return true;
 }
-ApiConfigsController::ApiPayloadData ApiConfigsController::generateApiPayloadData(const QString &protocol)
+void ApiConfigsController::setCurrentProtocol(const QString &protocolName)
 {
-    ApiConfigsController::ApiPayloadData apiPayload;
+    auto serverIndex = m_serversModel->getProcessedServerIndex();
-    if (protocol == configKey::cloak) {
+    auto serverConfigObject = m_serversModel->getServerConfig(serverIndex);
-        apiPayload.certRequest = OpenVpnConfigurator::createCertRequest();
+    auto apiConfigObject = serverConfigObject.value(configKey::apiConfig).toObject();
-    } else if (protocol == configKey::awg) {
+
-        auto connData = WireguardConfigurator::genClientKeys();
+    apiConfigObject[configKey::serviceProtocol] = protocolName;
-        apiPayload.wireGuardClientPubKey = connData.clientPubKey;
+
-        apiPayload.wireGuardClientPrivKey = connData.clientPrivKey;
+    serverConfigObject.insert(configKey::apiConfig, apiConfigObject);
-    }
+
-    return apiPayload;
+    m_serversModel->editServer(serverConfigObject, serverIndex);
 }
-QJsonObject ApiConfigsController::fillApiPayload(const QString &protocol, const ApiPayloadData &apiPayloadData)
+bool ApiConfigsController::isVlessProtocol()
 {
-    QJsonObject obj;
+    auto serverIndex = m_serversModel->getProcessedServerIndex();
-    if (protocol == configKey::cloak) {
+    auto serverConfigObject = m_serversModel->getServerConfig(serverIndex);
-        obj[configKey::certificate] = apiPayloadData.certRequest.request;
+    auto apiConfigObject = serverConfigObject.value(configKey::apiConfig).toObject();
-    } else if (protocol == configKey::awg) {
+
-        obj[configKey::publicKey] = apiPayloadData.wireGuardClientPubKey;
+    if (apiConfigObject[configKey::serviceProtocol].toString() == "vless") {
        return true;
    }
-
+    return false;
    obj[configKey::osVersion] = QSysInfo::productType();
    obj[configKey::appVersion] = QString(APP_VERSION);
    return obj;
 }
 void ApiConfigsController::fillServerConfig(const QString &protocol, const ApiPayloadData &apiPayloadData,
                                            const QByteArray &apiResponseBody, QJsonObject &serverConfig)
 {
    QString data = QJsonDocument::fromJson(apiResponseBody).object().value(config_key::config).toString();
    data.replace("vpn://", "");
    QByteArray ba = QByteArray::fromBase64(data.toUtf8(), QByteArray::Base64UrlEncoding | QByteArray::OmitTrailingEquals);
    if (ba.isEmpty()) {
        emit errorOccurred(ErrorCode::ApiConfigEmptyError);
        return;
    }
    QByteArray ba_uncompressed = qUncompress(ba);
    if (!ba_uncompressed.isEmpty()) {
        ba = ba_uncompressed;
    }
    QString configStr = ba;
    if (protocol == configKey::cloak) {
        configStr.replace("<key>", "<key>\n");
        configStr.replace("$OPENVPN_PRIV_KEY", apiPayloadData.certRequest.privKey);
    } else if (protocol == configKey::awg) {
        configStr.replace("$WIREGUARD_CLIENT_PRIVATE_KEY", apiPayloadData.wireGuardClientPrivKey);
        auto newServerConfig = QJsonDocument::fromJson(configStr.toUtf8()).object();
        auto containers = newServerConfig.value(config_key::containers).toArray();
        if (containers.isEmpty()) {
            return; // todo process error
        }
        auto container = containers.at(0).toObject();
        QString containerName = ContainerProps::containerTypeToString(DockerContainer::Awg);
        auto containerConfig = container.value(containerName).toObject();
        auto protocolConfig = QJsonDocument::fromJson(containerConfig.value(config_key::last_config).toString().toUtf8()).object();
        containerConfig[config_key::junkPacketCount] = protocolConfig.value(config_key::junkPacketCount);
        containerConfig[config_key::junkPacketMinSize] = protocolConfig.value(config_key::junkPacketMinSize);
        containerConfig[config_key::junkPacketMaxSize] = protocolConfig.value(config_key::junkPacketMaxSize);
        containerConfig[config_key::initPacketJunkSize] = protocolConfig.value(config_key::initPacketJunkSize);
        containerConfig[config_key::responsePacketJunkSize] = protocolConfig.value(config_key::responsePacketJunkSize);
        containerConfig[config_key::initPacketMagicHeader] = protocolConfig.value(config_key::initPacketMagicHeader);
        containerConfig[config_key::responsePacketMagicHeader] = protocolConfig.value(config_key::responsePacketMagicHeader);
        containerConfig[config_key::underloadPacketMagicHeader] = protocolConfig.value(config_key::underloadPacketMagicHeader);
        containerConfig[config_key::transportPacketMagicHeader] = protocolConfig.value(config_key::transportPacketMagicHeader);
        containerConfig[config_key::specialJunk1] = protocolConfig.value(config_key::specialJunk1);
        containerConfig[config_key::specialJunk2] = protocolConfig.value(config_key::specialJunk2);
        containerConfig[config_key::specialJunk3] = protocolConfig.value(config_key::specialJunk3);
        containerConfig[config_key::specialJunk4] = protocolConfig.value(config_key::specialJunk4);
        containerConfig[config_key::specialJunk5] = protocolConfig.value(config_key::specialJunk5);
        containerConfig[config_key::controlledJunk1] = protocolConfig.value(config_key::controlledJunk1);
        containerConfig[config_key::controlledJunk2] = protocolConfig.value(config_key::controlledJunk2);
        containerConfig[config_key::controlledJunk3] = protocolConfig.value(config_key::controlledJunk3);
        containerConfig[config_key::specialHandshakeTimeout] = protocolConfig.value(config_key::specialHandshakeTimeout);
        container[containerName] = containerConfig;
        containers.replace(0, container);
        newServerConfig[config_key::containers] = containers;
        configStr = QString(QJsonDocument(newServerConfig).toJson());
    }
    QJsonObject newServerConfig = QJsonDocument::fromJson(configStr.toUtf8()).object();
    serverConfig[config_key::dns1] = newServerConfig.value(config_key::dns1);
    serverConfig[config_key::dns2] = newServerConfig.value(config_key::dns2);
    serverConfig[config_key::containers] = newServerConfig.value(config_key::containers);
    serverConfig[config_key::hostName] = newServerConfig.value(config_key::hostName);
    if (newServerConfig.value(config_key::configVersion).toInt() == apiDefs::ConfigSource::AmneziaGateway) {
        serverConfig[config_key::configVersion] = newServerConfig.value(config_key::configVersion);
        serverConfig[config_key::description] = newServerConfig.value(config_key::description);
        serverConfig[config_key::name] = newServerConfig.value(config_key::name);
    }
    auto defaultContainer = newServerConfig.value(config_key::defaultContainer).toString();
    serverConfig[config_key::defaultContainer] = defaultContainer;
    QVariantMap map = serverConfig.value(configKey::apiConfig).toObject().toVariantMap();
    map.insert(newServerConfig.value(configKey::apiConfig).toObject().toVariantMap());
    auto apiConfig = QJsonObject::fromVariantMap(map);
    if (newServerConfig.value(config_key::configVersion).toInt() == apiDefs::ConfigSource::AmneziaGateway) {
        apiConfig.insert(configKey::serviceInfo, QJsonDocument::fromJson(apiResponseBody).object().value(configKey::serviceInfo).toObject());
    }
    serverConfig[configKey::apiConfig] = apiConfig;
    return;
 }
 QList<QString> ApiConfigsController::getQrCodes()
@ -540,3 +626,10 @@ QString ApiConfigsController::getVpnKey()
 {
    return m_vpnKey;
 }
 ErrorCode ApiConfigsController::executeRequest(const QString &endpoint, const QJsonObject &apiPayload, QByteArray &responseBody)
 {
    GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs,
                                        m_settings->isStrictKillSwitchEnabled());
    return gatewayController.post(endpoint, apiPayload, responseBody);
 }
--- a/client/ui/controllers/api/apiConfigsController.h
+++ b/client/ui/controllers/api/apiConfigsController.h
@ -35,6 +35,9 @@ public slots:
    bool isConfigValid();
    void setCurrentProtocol(const QString &protocolName);
    bool isVlessProtocol();
 signals:
    void errorOccurred(ErrorCode errorCode);
@ -46,23 +49,12 @@ signals:
    void vpnKeyExportReady();
 private:
    struct ApiPayloadData
    {
        OpenVpnConfigurator::ConnectionData certRequest;
        QString wireGuardClientPrivKey;
        QString wireGuardClientPubKey;
    };
    ApiPayloadData generateApiPayloadData(const QString &protocol);
    QJsonObject fillApiPayload(const QString &protocol, const ApiPayloadData &apiPayloadData);
    void fillServerConfig(const QString &protocol, const ApiPayloadData &apiPayloadData, const QByteArray &apiResponseBody,
                          QJsonObject &serverConfig);
    QList<QString> getQrCodes();
    int getQrCodesCount();
    QString getVpnKey();
    ErrorCode executeRequest(const QString &endpoint, const QJsonObject &apiPayload, QByteArray &responseBody);
    QList<QString> m_qrCodes;
    QString m_vpnKey;
--- a/client/ui/controllers/importController.cpp
+++ b/client/ui/controllers/importController.cpp
@ -12,6 +12,7 @@
 #include "core/errorstrings.h"
 #include "core/qrCodeUtils.h"
 #include "core/serialization/serialization.h"
 #include "protocols/protocols_defs.h"
 #include "systemController.h"
 #include "utilities.h"
@ -285,15 +286,19 @@ void ImportController::processNativeWireGuardConfig()
        clientProtocolConfig[config_key::responsePacketMagicHeader] = "2";
        clientProtocolConfig[config_key::underloadPacketMagicHeader] = "3";
        clientProtocolConfig[config_key::transportPacketMagicHeader] = "4";
-        clientProtocolConfig[config_key::specialJunk1] = "";
+
-        clientProtocolConfig[config_key::specialJunk2] = "";
+        // clientProtocolConfig[config_key::cookieReplyPacketJunkSize] = "0";
-        clientProtocolConfig[config_key::specialJunk3] = "";
+        // clientProtocolConfig[config_key::transportPacketJunkSize] = "0";
-        clientProtocolConfig[config_key::specialJunk4] = "";
+
-        clientProtocolConfig[config_key::specialJunk5] = "";
+        // clientProtocolConfig[config_key::specialJunk1] = "";
-        clientProtocolConfig[config_key::controlledJunk1] = "";
+        // clientProtocolConfig[config_key::specialJunk2] = "";
-        clientProtocolConfig[config_key::controlledJunk2] = "";
+        // clientProtocolConfig[config_key::specialJunk3] = "";
-        clientProtocolConfig[config_key::controlledJunk3] = "";
+        // clientProtocolConfig[config_key::specialJunk4] = "";
-        clientProtocolConfig[config_key::specialHandshakeTimeout] = "0";
+        // clientProtocolConfig[config_key::specialJunk5] = "";
        // clientProtocolConfig[config_key::controlledJunk1] = "";
        // clientProtocolConfig[config_key::controlledJunk2] = "";
        // clientProtocolConfig[config_key::controlledJunk3] = "";
        // clientProtocolConfig[config_key::specialHandshakeTimeout] = "0";
        clientProtocolConfig[config_key::isObfuscationEnabled] = true;
@ -447,39 +452,33 @@ QJsonObject ImportController::extractWireGuardConfig(const QString &data)
    lastConfig[config_key::allowed_ips] = allowedIpsJsonArray;
    QString protocolName = "wireguard";
-    if (!configMap.value(config_key::junkPacketCount).isEmpty() && !configMap.value(config_key::junkPacketMinSize).isEmpty()
+
-        && !configMap.value(config_key::junkPacketMaxSize).isEmpty() && !configMap.value(config_key::initPacketJunkSize).isEmpty()
+    const QStringList requiredJunkFields = { config_key::junkPacketCount,           config_key::junkPacketMinSize,
-        && !configMap.value(config_key::responsePacketJunkSize).isEmpty() && !configMap.value(config_key::initPacketMagicHeader).isEmpty()
+                                             config_key::junkPacketMaxSize,         config_key::initPacketJunkSize,
-        && !configMap.value(config_key::responsePacketMagicHeader).isEmpty()
+                                             config_key::responsePacketJunkSize,    config_key::initPacketMagicHeader,
-        && !configMap.value(config_key::underloadPacketMagicHeader).isEmpty()
+                                             config_key::responsePacketMagicHeader, config_key::underloadPacketMagicHeader,
-        && !configMap.value(config_key::transportPacketMagicHeader).isEmpty()
+                                             config_key::transportPacketMagicHeader };
-        && !configMap.value(config_key::specialJunk1).isEmpty()
+
-        && !configMap.value(config_key::specialJunk2).isEmpty()
+    const QStringList optionalJunkFields = { // config_key::cookieReplyPacketJunkSize,
-        && !configMap.value(config_key::specialJunk3).isEmpty()
+                                             // config_key::transportPacketJunkSize,
-        && !configMap.value(config_key::specialJunk4).isEmpty()
+                                             config_key::specialJunk1,    config_key::specialJunk2,    config_key::specialJunk3,
-        && !configMap.value(config_key::specialJunk5).isEmpty()
+                                             config_key::specialJunk4,    config_key::specialJunk5,    config_key::controlledJunk1,
-        && !configMap.value(config_key::controlledJunk1).isEmpty()
+                                             config_key::controlledJunk2, config_key::controlledJunk3, config_key::specialHandshakeTimeout
-        && !configMap.value(config_key::controlledJunk2).isEmpty()
+    };
-        && !configMap.value(config_key::controlledJunk3).isEmpty()
+
-        && !configMap.value(config_key::specialHandshakeTimeout).isEmpty()) {
+    bool hasAllRequiredFields = std::all_of(requiredJunkFields.begin(), requiredJunkFields.end(),
-        lastConfig[config_key::junkPacketCount] = configMap.value(config_key::junkPacketCount);
+                                            [&configMap](const QString &field) { return !configMap.value(field).isEmpty(); });
-        lastConfig[config_key::junkPacketMinSize] = configMap.value(config_key::junkPacketMinSize);
+    if (hasAllRequiredFields) {
-        lastConfig[config_key::junkPacketMaxSize] = configMap.value(config_key::junkPacketMaxSize);
+        for (const QString &field : requiredJunkFields) {
-        lastConfig[config_key::initPacketJunkSize] = configMap.value(config_key::initPacketJunkSize);
+            lastConfig[field] = configMap.value(field);
-        lastConfig[config_key::responsePacketJunkSize] = configMap.value(config_key::responsePacketJunkSize);
+        }
-        lastConfig[config_key::initPacketMagicHeader] = configMap.value(config_key::initPacketMagicHeader);
+
-        lastConfig[config_key::responsePacketMagicHeader] = configMap.value(config_key::responsePacketMagicHeader);
+        for (const QString &field : optionalJunkFields) {
-        lastConfig[config_key::underloadPacketMagicHeader] = configMap.value(config_key::underloadPacketMagicHeader);
+            if (!configMap.value(field).isEmpty()) {
-        lastConfig[config_key::transportPacketMagicHeader] = configMap.value(config_key::transportPacketMagicHeader);
+                lastConfig[field] = configMap.value(field);
-        lastConfig[config_key::specialJunk1] = configMap.value(config_key::specialJunk1);
+            }
-        lastConfig[config_key::specialJunk2] = configMap.value(config_key::specialJunk2);
+        }
-        lastConfig[config_key::specialJunk3] = configMap.value(config_key::specialJunk3);
+
        lastConfig[config_key::specialJunk4] = configMap.value(config_key::specialJunk4);
        lastConfig[config_key::specialJunk5] = configMap.value(config_key::specialJunk5);
        lastConfig[config_key::controlledJunk1] = configMap.value(config_key::controlledJunk1);
        lastConfig[config_key::controlledJunk2] = configMap.value(config_key::controlledJunk2);
        lastConfig[config_key::controlledJunk3] = configMap.value(config_key::controlledJunk3);
        lastConfig[config_key::specialHandshakeTimeout] = configMap.value(config_key::specialHandshakeTimeout);
        protocolName = "awg";
        m_configType = ConfigTypes::Awg;
    }
--- a/client/ui/controllers/installController.cpp
+++ b/client/ui/controllers/installController.cpp
@ -8,6 +8,7 @@
 #include <QStandardPaths>
 #include <QtConcurrent>
 #include "core/api/apiUtils.h"
 #include "core/controllers/serverController.h"
 #include "core/controllers/vpnConfigurationController.h"
 #include "core/networkUtilities.h"
@ -15,7 +16,6 @@
 #include "ui/models/protocols/awgConfigModel.h"
 #include "ui/models/protocols/wireguardConfigModel.h"
 #include "utilities.h"
 #include "core/api/apiUtils.h"
 namespace
 {
@ -79,12 +79,36 @@ void InstallController::install(DockerContainer container, int port, TransportPr
                int s1 = QRandomGenerator::global()->bounded(15, 150);
                int s2 = QRandomGenerator::global()->bounded(15, 150);
-                while (s1 + AwgConstant::messageInitiationSize == s2 + AwgConstant::messageResponseSize) {
+                // int s3 = QRandomGenerator::global()->bounded(15, 150);
                // int s4 = QRandomGenerator::global()->bounded(15, 150);
                // Ensure all values are unique and don't create equal packet sizes
                QSet<int> usedValues;
                usedValues.insert(s1);
                while (usedValues.contains(s2) || s1 + AwgConstant::messageInitiationSize == s2 + AwgConstant::messageResponseSize) {
                    s2 = QRandomGenerator::global()->bounded(15, 150);
                }
                usedValues.insert(s2);
                // while (usedValues.contains(s3)
                //        || s1 + AwgConstant::messageInitiationSize == s3 + AwgConstant::messageCookieReplySize
                //        || s2 + AwgConstant::messageResponseSize == s3 + AwgConstant::messageCookieReplySize) {
                //     s3 = QRandomGenerator::global()->bounded(15, 150);
                // }
                // usedValues.insert(s3);
                // while (usedValues.contains(s4)
                //        || s1 + AwgConstant::messageInitiationSize == s4 + AwgConstant::messageTransportSize
                //        || s2 + AwgConstant::messageResponseSize == s4 + AwgConstant::messageTransportSize
                //        || s3 + AwgConstant::messageCookieReplySize == s4 + AwgConstant::messageTransportSize) {
                //     s4 = QRandomGenerator::global()->bounded(15, 150);
                // }
                QString initPacketJunkSize = QString::number(s1);
                QString responsePacketJunkSize = QString::number(s2);
                // QString cookieReplyPacketJunkSize = QString::number(s3);
                // QString transportPacketJunkSize = QString::number(s4);
                QSet<QString> headersValue;
                while (headersValue.size() != 4) {
@ -110,6 +134,9 @@ void InstallController::install(DockerContainer container, int port, TransportPr
                containerConfig[config_key::transportPacketMagicHeader] = transportPacketMagicHeader;
                // TODO:
                // containerConfig[config_key::cookieReplyPacketJunkSize] = cookieReplyPacketJunkSize;
                // containerConfig[config_key::transportPacketJunkSize] = transportPacketJunkSize;
                // containerConfig[config_key::specialJunk1] = specialJunk1;
                // containerConfig[config_key::specialJunk2] = specialJunk2;
                // containerConfig[config_key::specialJunk3] = specialJunk3;
@ -412,16 +439,19 @@ ErrorCode InstallController::getAlreadyInstalledContainers(const ServerCredentia
                                serverConfigMap.value(config_key::underloadPacketMagicHeader);
                        containerConfig[config_key::transportPacketMagicHeader] =
                                serverConfigMap.value(config_key::transportPacketMagicHeader);
                        containerConfig[config_key::specialJunk1] = serverConfigMap.value(config_key::specialJunk1);
                        containerConfig[config_key::specialJunk2] = serverConfigMap.value(config_key::specialJunk2);
                        containerConfig[config_key::specialJunk3] = serverConfigMap.value(config_key::specialJunk3);
                        containerConfig[config_key::specialJunk4] = serverConfigMap.value(config_key::specialJunk4);
                        containerConfig[config_key::specialJunk5] = serverConfigMap.value(config_key::specialJunk5);
                        containerConfig[config_key::controlledJunk1] = serverConfigMap.value(config_key::controlledJunk1);
                        containerConfig[config_key::controlledJunk2] = serverConfigMap.value(config_key::controlledJunk2);
                        containerConfig[config_key::controlledJunk3] = serverConfigMap.value(config_key::controlledJunk3);
                        containerConfig[config_key::specialHandshakeTimeout] = serverConfigMap.value(config_key::specialHandshakeTimeout);
                        // containerConfig[config_key::cookieReplyPacketJunkSize] = serverConfigMap.value(config_key::cookieReplyPacketJunkSize);
                        // containerConfig[config_key::transportPacketJunkSize] = serverConfigMap.value(config_key::transportPacketJunkSize);
                        // containerConfig[config_key::specialJunk1] = serverConfigMap.value(config_key::specialJunk1);
                        // containerConfig[config_key::specialJunk2] = serverConfigMap.value(config_key::specialJunk2);
                        // containerConfig[config_key::specialJunk3] = serverConfigMap.value(config_key::specialJunk3);
                        // containerConfig[config_key::specialJunk4] = serverConfigMap.value(config_key::specialJunk4);
                        // containerConfig[config_key::specialJunk5] = serverConfigMap.value(config_key::specialJunk5);
                        // containerConfig[config_key::controlledJunk1] = serverConfigMap.value(config_key::controlledJunk1);
                        // containerConfig[config_key::controlledJunk2] = serverConfigMap.value(config_key::controlledJunk2);
                        // containerConfig[config_key::controlledJunk3] = serverConfigMap.value(config_key::controlledJunk3);
                        // containerConfig[config_key::specialHandshakeTimeout] = serverConfigMap.value(config_key::specialHandshakeTimeout);
                    } else if (protocol == Proto::WireGuard) {
                        QString serverConfig = serverController->getTextFileFromContainer(container, credentials,
--- a/client/ui/models/api/apiAccountInfoModel.cpp
+++ b/client/ui/models/api/apiAccountInfoModel.cpp
@ -75,6 +75,12 @@ QVariant ApiAccountInfoModel::data(const QModelIndex &index, int role) const
        }
        return false;
    }
    case IsProtocolSelectionSupportedRole: {
        if (m_accountInfoData.supportedProtocols.size() > 1) {
            return true;
        }
        return false;
    }
    }
    return QVariant();
@ -95,6 +101,10 @@ void ApiAccountInfoModel::updateModel(const QJsonObject &accountInfoObject, cons
    accountInfoData.configType = apiUtils::getConfigType(serverConfig);
    for (const auto &protocol : accountInfoObject.value(apiDefs::key::supportedProtocols).toArray()) {
        accountInfoData.supportedProtocols.push_back(protocol.toString());
    }
    m_accountInfoData = accountInfoData;
    m_supportInfo = accountInfoObject.value(apiDefs::key::supportInfo).toObject();
@ -159,6 +169,7 @@ QHash<int, QByteArray> ApiAccountInfoModel::roleNames() const
    roles[ServiceDescriptionRole] = "serviceDescription";
    roles[IsComponentVisibleRole] = "isComponentVisible";
    roles[HasExpiredWorkerRole] = "hasExpiredWorker";
    roles[IsProtocolSelectionSupportedRole] = "isProtocolSelectionSupported";
    return roles;
 }
--- a/client/ui/models/api/apiAccountInfoModel.h
+++ b/client/ui/models/api/apiAccountInfoModel.h
@ -18,7 +18,8 @@ public:
        ServiceDescriptionRole,
        EndDateRole,
        IsComponentVisibleRole,
-        HasExpiredWorkerRole
+        HasExpiredWorkerRole,
        IsProtocolSelectionSupportedRole
    };
    explicit ApiAccountInfoModel(QObject *parent = nullptr);
@ -51,6 +52,8 @@ private:
        int maxDeviceCount;
        apiDefs::ConfigType configType;
        QStringList supportedProtocols;
    };
    AccountInfoData m_accountInfoData;
--- a/client/ui/models/protocols/awgConfigModel.cpp
+++ b/client/ui/models/protocols/awgConfigModel.cpp
@ -25,61 +25,34 @@ bool AwgConfigModel::setData(const QModelIndex &index, const QVariant &value, in
    case Roles::PortRole: m_serverProtocolConfig.insert(config_key::port, value.toString()); break;
    case Roles::ClientMtuRole: m_clientProtocolConfig.insert(config_key::mtu, value.toString()); break;
-    case Roles::ClientJunkPacketCountRole:
+    case Roles::ClientJunkPacketCountRole: m_clientProtocolConfig.insert(config_key::junkPacketCount, value.toString()); break;
-        m_clientProtocolConfig.insert(config_key::junkPacketCount, value.toString());
+    case Roles::ClientJunkPacketMinSizeRole: m_clientProtocolConfig.insert(config_key::junkPacketMinSize, value.toString()); break;
-        break;
+    case Roles::ClientJunkPacketMaxSizeRole: m_clientProtocolConfig.insert(config_key::junkPacketMaxSize, value.toString()); break;
-    case Roles::ClientJunkPacketMinSizeRole:
+    case Roles::ClientSpecialJunk1Role: m_clientProtocolConfig.insert(config_key::specialJunk1, value.toString()); break;
-        m_clientProtocolConfig.insert(config_key::junkPacketMinSize, value.toString());
+    case Roles::ClientSpecialJunk2Role: m_clientProtocolConfig.insert(config_key::specialJunk2, value.toString()); break;
-        break;
+    case Roles::ClientSpecialJunk3Role: m_clientProtocolConfig.insert(config_key::specialJunk3, value.toString()); break;
-    case Roles::ClientJunkPacketMaxSizeRole:
+    case Roles::ClientSpecialJunk4Role: m_clientProtocolConfig.insert(config_key::specialJunk4, value.toString()); break;
-        m_clientProtocolConfig.insert(config_key::junkPacketMaxSize, value.toString());
+    case Roles::ClientSpecialJunk5Role: m_clientProtocolConfig.insert(config_key::specialJunk5, value.toString()); break;
-        break;
+    case Roles::ClientControlledJunk1Role: m_clientProtocolConfig.insert(config_key::controlledJunk1, value.toString()); break;
-    case Roles::ClientSpecialJunk1Role:
+    case Roles::ClientControlledJunk2Role: m_clientProtocolConfig.insert(config_key::controlledJunk2, value.toString()); break;
-        m_clientProtocolConfig.insert(config_key::specialJunk1, value.toString());
+    case Roles::ClientControlledJunk3Role: m_clientProtocolConfig.insert(config_key::controlledJunk3, value.toString()); break;
        break;
    case Roles::ClientSpecialJunk2Role:
        m_clientProtocolConfig.insert(config_key::specialJunk2, value.toString());
        break;
    case Roles::ClientSpecialJunk3Role:
        m_clientProtocolConfig.insert(config_key::specialJunk3, value.toString());
        break;
    case Roles::ClientSpecialJunk4Role:
        m_clientProtocolConfig.insert(config_key::specialJunk4, value.toString());
        break;
    case Roles::ClientSpecialJunk5Role:
        m_clientProtocolConfig.insert(config_key::specialJunk5, value.toString());
        break;
    case Roles::ClientControlledJunk1Role:
        m_clientProtocolConfig.insert(config_key::controlledJunk1, value.toString());
        break;
    case Roles::ClientControlledJunk2Role:
        m_clientProtocolConfig.insert(config_key::controlledJunk2, value.toString());
        break;
    case Roles::ClientControlledJunk3Role:
        m_clientProtocolConfig.insert(config_key::controlledJunk3, value.toString());
        break;
    case Roles::ClientSpecialHandshakeTimeoutRole:
        m_clientProtocolConfig.insert(config_key::specialHandshakeTimeout, value.toString());
        break;
-
+    case Roles::ServerJunkPacketCountRole: m_serverProtocolConfig.insert(config_key::junkPacketCount, value.toString()); break;
-    case Roles::ServerJunkPacketCountRole:
+    case Roles::ServerJunkPacketMinSizeRole: m_serverProtocolConfig.insert(config_key::junkPacketMinSize, value.toString()); break;
-        m_serverProtocolConfig.insert(config_key::junkPacketCount, value.toString());
+    case Roles::ServerJunkPacketMaxSizeRole: m_serverProtocolConfig.insert(config_key::junkPacketMaxSize, value.toString()); break;
-        break;
+    case Roles::ServerInitPacketJunkSizeRole: m_serverProtocolConfig.insert(config_key::initPacketJunkSize, value.toString()); break;
    case Roles::ServerJunkPacketMinSizeRole:
        m_serverProtocolConfig.insert(config_key::junkPacketMinSize, value.toString());
        break;
    case Roles::ServerJunkPacketMaxSizeRole:
        m_serverProtocolConfig.insert(config_key::junkPacketMaxSize, value.toString());
        break;
    case Roles::ServerInitPacketJunkSizeRole:
        m_serverProtocolConfig.insert(config_key::initPacketJunkSize, value.toString());
        break;
    case Roles::ServerResponsePacketJunkSizeRole:
        m_serverProtocolConfig.insert(config_key::responsePacketJunkSize, value.toString());
        break;
-    case Roles::ServerInitPacketMagicHeaderRole:
+    // case Roles::ServerCookieReplyPacketJunkSizeRole:
-        m_serverProtocolConfig.insert(config_key::initPacketMagicHeader, value.toString());
+    //     m_serverProtocolConfig.insert(config_key::cookieReplyPacketJunkSize, value.toString());
-        break;
+    //     break;
    // case Roles::ServerTransportPacketJunkSizeRole:
    //     m_serverProtocolConfig.insert(config_key::transportPacketJunkSize, value.toString());
    //     break;
    case Roles::ServerInitPacketMagicHeaderRole: m_serverProtocolConfig.insert(config_key::initPacketMagicHeader, value.toString()); break;
    case Roles::ServerResponsePacketMagicHeaderRole:
        m_serverProtocolConfig.insert(config_key::responsePacketMagicHeader, value.toString());
        break;
@ -117,22 +90,19 @@ QVariant AwgConfigModel::data(const QModelIndex &index, int role) const
    case Roles::ClientControlledJunk1Role: return m_clientProtocolConfig.value(config_key::controlledJunk1);
    case Roles::ClientControlledJunk2Role: return m_clientProtocolConfig.value(config_key::controlledJunk2);
    case Roles::ClientControlledJunk3Role: return m_clientProtocolConfig.value(config_key::controlledJunk3);
-    case Roles::ClientSpecialHandshakeTimeoutRole:
+    case Roles::ClientSpecialHandshakeTimeoutRole: return m_clientProtocolConfig.value(config_key::specialHandshakeTimeout);
        return m_clientProtocolConfig.value(config_key::specialHandshakeTimeout);
    case Roles::ServerJunkPacketCountRole: return m_serverProtocolConfig.value(config_key::junkPacketCount);
    case Roles::ServerJunkPacketMinSizeRole: return m_serverProtocolConfig.value(config_key::junkPacketMinSize);
    case Roles::ServerJunkPacketMaxSizeRole: return m_serverProtocolConfig.value(config_key::junkPacketMaxSize);
    case Roles::ServerInitPacketJunkSizeRole: return m_serverProtocolConfig.value(config_key::initPacketJunkSize);
-    case Roles::ServerResponsePacketJunkSizeRole:
+    case Roles::ServerResponsePacketJunkSizeRole: return m_serverProtocolConfig.value(config_key::responsePacketJunkSize);
-        return m_serverProtocolConfig.value(config_key::responsePacketJunkSize);
+    // case Roles::ServerCookieReplyPacketJunkSizeRole: return m_serverProtocolConfig.value(config_key::cookieReplyPacketJunkSize);
    // case Roles::ServerTransportPacketJunkSizeRole: return m_serverProtocolConfig.value(config_key::transportPacketJunkSize);
    case Roles::ServerInitPacketMagicHeaderRole: return m_serverProtocolConfig.value(config_key::initPacketMagicHeader);
-    case Roles::ServerResponsePacketMagicHeaderRole:
+    case Roles::ServerResponsePacketMagicHeaderRole: return m_serverProtocolConfig.value(config_key::responsePacketMagicHeader);
-        return m_serverProtocolConfig.value(config_key::responsePacketMagicHeader);
+    case Roles::ServerUnderloadPacketMagicHeaderRole: return m_serverProtocolConfig.value(config_key::underloadPacketMagicHeader);
-    case Roles::ServerUnderloadPacketMagicHeaderRole:
+    case Roles::ServerTransportPacketMagicHeaderRole: return m_serverProtocolConfig.value(config_key::transportPacketMagicHeader);
        return m_serverProtocolConfig.value(config_key::underloadPacketMagicHeader);
    case Roles::ServerTransportPacketMagicHeaderRole:
        return m_serverProtocolConfig.value(config_key::transportPacketMagicHeader);
    }
    return QVariant();
@ -147,15 +117,13 @@ void AwgConfigModel::updateModel(const QJsonObject &config)
    QJsonObject serverProtocolConfig = config.value(config_key::awg).toObject();
-    auto defaultTransportProto =
+    auto defaultTransportProto = ProtocolProps::transportProtoToString(ProtocolProps::defaultTransportProto(Proto::Awg), Proto::Awg);
            ProtocolProps::transportProtoToString(ProtocolProps::defaultTransportProto(Proto::Awg), Proto::Awg);
    m_serverProtocolConfig.insert(config_key::transport_proto,
                                  serverProtocolConfig.value(config_key::transport_proto).toString(defaultTransportProto));
    m_serverProtocolConfig[config_key::last_config] = serverProtocolConfig.value(config_key::last_config);
    m_serverProtocolConfig[config_key::subnet_address] =
            serverProtocolConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress);
-    m_serverProtocolConfig[config_key::port] =
+    m_serverProtocolConfig[config_key::port] = serverProtocolConfig.value(config_key::port).toString(protocols::awg::defaultPort);
            serverProtocolConfig.value(config_key::port).toString(protocols::awg::defaultPort);
    m_serverProtocolConfig[config_key::junkPacketCount] =
            serverProtocolConfig.value(config_key::junkPacketCount).toString(protocols::awg::defaultJunkPacketCount);
    m_serverProtocolConfig[config_key::junkPacketMinSize] =
@ -165,33 +133,29 @@ void AwgConfigModel::updateModel(const QJsonObject &config)
    m_serverProtocolConfig[config_key::initPacketJunkSize] =
            serverProtocolConfig.value(config_key::initPacketJunkSize).toString(protocols::awg::defaultInitPacketJunkSize);
    m_serverProtocolConfig[config_key::responsePacketJunkSize] =
-            serverProtocolConfig.value(config_key::responsePacketJunkSize)
+            serverProtocolConfig.value(config_key::responsePacketJunkSize).toString(protocols::awg::defaultResponsePacketJunkSize);
-                    .toString(protocols::awg::defaultResponsePacketJunkSize);
+    // m_serverProtocolConfig[config_key::cookieReplyPacketJunkSize] =
    //         serverProtocolConfig.value(config_key::cookieReplyPacketJunkSize).toString(protocols::awg::defaultCookieReplyPacketJunkSize);
    // m_serverProtocolConfig[config_key::transportPacketJunkSize] =
    //         serverProtocolConfig.value(config_key::transportPacketJunkSize).toString(protocols::awg::defaultTransportPacketJunkSize);
    m_serverProtocolConfig[config_key::initPacketMagicHeader] =
-            serverProtocolConfig.value(config_key::initPacketMagicHeader)
+            serverProtocolConfig.value(config_key::initPacketMagicHeader).toString(protocols::awg::defaultInitPacketMagicHeader);
                    .toString(protocols::awg::defaultInitPacketMagicHeader);
    m_serverProtocolConfig[config_key::responsePacketMagicHeader] =
-            serverProtocolConfig.value(config_key::responsePacketMagicHeader)
+            serverProtocolConfig.value(config_key::responsePacketMagicHeader).toString(protocols::awg::defaultResponsePacketMagicHeader);
                    .toString(protocols::awg::defaultResponsePacketMagicHeader);
    m_serverProtocolConfig[config_key::underloadPacketMagicHeader] =
-            serverProtocolConfig.value(config_key::underloadPacketMagicHeader)
+            serverProtocolConfig.value(config_key::underloadPacketMagicHeader).toString(protocols::awg::defaultUnderloadPacketMagicHeader);
                    .toString(protocols::awg::defaultUnderloadPacketMagicHeader);
    m_serverProtocolConfig[config_key::transportPacketMagicHeader] =
-            serverProtocolConfig.value(config_key::transportPacketMagicHeader)
+            serverProtocolConfig.value(config_key::transportPacketMagicHeader).toString(protocols::awg::defaultTransportPacketMagicHeader);
                    .toString(protocols::awg::defaultTransportPacketMagicHeader);
    auto lastConfig = m_serverProtocolConfig.value(config_key::last_config).toString();
    QJsonObject clientProtocolConfig = QJsonDocument::fromJson(lastConfig.toUtf8()).object();
    m_clientProtocolConfig[config_key::mtu] = clientProtocolConfig[config_key::mtu].toString(protocols::awg::defaultMtu);
    m_clientProtocolConfig[config_key::junkPacketCount] =
-            clientProtocolConfig.value(config_key::junkPacketCount)
+            clientProtocolConfig.value(config_key::junkPacketCount).toString(m_serverProtocolConfig[config_key::junkPacketCount].toString());
                    .toString(m_serverProtocolConfig[config_key::junkPacketCount].toString());
    m_clientProtocolConfig[config_key::junkPacketMinSize] =
-            clientProtocolConfig.value(config_key::junkPacketMinSize)
+            clientProtocolConfig.value(config_key::junkPacketMinSize).toString(m_serverProtocolConfig[config_key::junkPacketMinSize].toString());
                    .toString(m_serverProtocolConfig[config_key::junkPacketMinSize].toString());
    m_clientProtocolConfig[config_key::junkPacketMaxSize] =
-            clientProtocolConfig.value(config_key::junkPacketMaxSize)
+            clientProtocolConfig.value(config_key::junkPacketMaxSize).toString(m_serverProtocolConfig[config_key::junkPacketMaxSize].toString());
                    .toString(m_serverProtocolConfig[config_key::junkPacketMaxSize].toString());
    m_clientProtocolConfig[config_key::specialJunk1] =
            clientProtocolConfig.value(config_key::specialJunk1).toString(protocols::awg::defaultSpecialJunk1);
    m_clientProtocolConfig[config_key::specialJunk2] =
@ -209,8 +173,7 @@ void AwgConfigModel::updateModel(const QJsonObject &config)
    m_clientProtocolConfig[config_key::controlledJunk3] =
            clientProtocolConfig.value(config_key::controlledJunk3).toString(protocols::awg::defaultControlledJunk3);
    m_clientProtocolConfig[config_key::specialHandshakeTimeout] =
-            clientProtocolConfig.value(config_key::specialHandshakeTimeout)
+            clientProtocolConfig.value(config_key::specialHandshakeTimeout).toString(protocols::awg::defaultSpecialHandshakeTimeout);
                    .toString(protocols::awg::defaultSpecialHandshakeTimeout);
    endResetModel();
 }
@ -255,6 +218,17 @@ bool AwgConfigModel::isPacketSizeEqual(const int s1, const int s2)
    return (AwgConstant::messageInitiationSize + s1 == AwgConstant::messageResponseSize + s2);
 }
 // bool AwgConfigModel::isPacketSizeEqual(const int s1, const int s2, const int s3, const int s4)
 // {
 //     int initSize = AwgConstant::messageInitiationSize + s1;
 //     int responseSize = AwgConstant::messageResponseSize + s2;
 //     int cookieSize = AwgConstant::messageCookieReplySize + s3;
 //     int transportSize = AwgConstant::messageTransportSize + s4;
 //     return (initSize == responseSize || initSize == cookieSize || initSize == transportSize || responseSize == cookieSize
 //             || responseSize == transportSize || cookieSize == transportSize);
 // }
 bool AwgConfigModel::isServerSettingsEqual()
 {
    const AwgConfig oldConfig(m_fullConfig.value(config_key::awg).toObject());
@ -289,6 +263,9 @@ QHash<int, QByteArray> AwgConfigModel::roleNames() const
    roles[ServerJunkPacketMaxSizeRole] = "serverJunkPacketMaxSize";
    roles[ServerInitPacketJunkSizeRole] = "serverInitPacketJunkSize";
    roles[ServerResponsePacketJunkSizeRole] = "serverResponsePacketJunkSize";
    roles[ServerCookieReplyPacketJunkSizeRole] = "serverCookieReplyPacketJunkSize";
    roles[ServerTransportPacketJunkSizeRole] = "serverTransportPacketJunkSize";
    roles[ServerInitPacketMagicHeaderRole] = "serverInitPacketMagicHeader";
    roles[ServerResponsePacketMagicHeaderRole] = "serverResponsePacketMagicHeader";
    roles[ServerUnderloadPacketMagicHeaderRole] = "serverUnderloadPacketMagicHeader";
@ -302,61 +279,49 @@ AwgConfig::AwgConfig(const QJsonObject &serverProtocolConfig)
    auto lastConfig = serverProtocolConfig.value(config_key::last_config).toString();
    QJsonObject clientProtocolConfig = QJsonDocument::fromJson(lastConfig.toUtf8()).object();
    clientMtu = clientProtocolConfig[config_key::mtu].toString(protocols::awg::defaultMtu);
-    clientJunkPacketCount =
+    clientJunkPacketCount = clientProtocolConfig.value(config_key::junkPacketCount).toString(protocols::awg::defaultJunkPacketCount);
-            clientProtocolConfig.value(config_key::junkPacketCount).toString(protocols::awg::defaultJunkPacketCount);
+    clientJunkPacketMinSize = clientProtocolConfig.value(config_key::junkPacketMinSize).toString(protocols::awg::defaultJunkPacketMinSize);
-    clientJunkPacketMinSize =
+    clientJunkPacketMaxSize = clientProtocolConfig.value(config_key::junkPacketMaxSize).toString(protocols::awg::defaultJunkPacketMaxSize);
-            clientProtocolConfig.value(config_key::junkPacketMinSize).toString(protocols::awg::defaultJunkPacketMinSize);
+    clientSpecialJunk1 = clientProtocolConfig.value(config_key::specialJunk1).toString(protocols::awg::defaultSpecialJunk1);
-    clientJunkPacketMaxSize =
+    clientSpecialJunk2 = clientProtocolConfig.value(config_key::specialJunk2).toString(protocols::awg::defaultSpecialJunk2);
-            clientProtocolConfig.value(config_key::junkPacketMaxSize).toString(protocols::awg::defaultJunkPacketMaxSize);
+    clientSpecialJunk3 = clientProtocolConfig.value(config_key::specialJunk3).toString(protocols::awg::defaultSpecialJunk3);
-    clientSpecialJunk1 =
+    clientSpecialJunk4 = clientProtocolConfig.value(config_key::specialJunk4).toString(protocols::awg::defaultSpecialJunk4);
-            clientProtocolConfig.value(config_key::specialJunk1).toString(protocols::awg::defaultSpecialJunk1);
+    clientSpecialJunk5 = clientProtocolConfig.value(config_key::specialJunk5).toString(protocols::awg::defaultSpecialJunk5);
-    clientSpecialJunk2 =
+    clientControlledJunk1 = clientProtocolConfig.value(config_key::controlledJunk1).toString(protocols::awg::defaultControlledJunk1);
-            clientProtocolConfig.value(config_key::specialJunk2).toString(protocols::awg::defaultSpecialJunk2);
+    clientControlledJunk2 = clientProtocolConfig.value(config_key::controlledJunk2).toString(protocols::awg::defaultControlledJunk2);
-    clientSpecialJunk3 =
+    clientControlledJunk3 = clientProtocolConfig.value(config_key::controlledJunk3).toString(protocols::awg::defaultControlledJunk3);
-            clientProtocolConfig.value(config_key::specialJunk3).toString(protocols::awg::defaultSpecialJunk3);
+    clientSpecialHandshakeTimeout =
-    clientSpecialJunk4 =
+            clientProtocolConfig.value(config_key::specialHandshakeTimeout).toString(protocols::awg::defaultSpecialHandshakeTimeout);
            clientProtocolConfig.value(config_key::specialJunk4).toString(protocols::awg::defaultSpecialJunk4);
    clientSpecialJunk5 =
            clientProtocolConfig.value(config_key::specialJunk5).toString(protocols::awg::defaultSpecialJunk5);
    clientControlledJunk1 =
            clientProtocolConfig.value(config_key::controlledJunk1).toString(protocols::awg::defaultControlledJunk1);
    clientControlledJunk2 =
            clientProtocolConfig.value(config_key::controlledJunk2).toString(protocols::awg::defaultControlledJunk2);
    clientControlledJunk3 =
            clientProtocolConfig.value(config_key::controlledJunk3).toString(protocols::awg::defaultControlledJunk3);
    clientSpecialHandshakeTimeout = clientProtocolConfig.value(config_key::specialHandshakeTimeout)
                                            .toString(protocols::awg::defaultSpecialHandshakeTimeout);
-    subnetAddress =
+    subnetAddress = serverProtocolConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress);
            serverProtocolConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress);
    port = serverProtocolConfig.value(config_key::port).toString(protocols::awg::defaultPort);
-    serverJunkPacketCount =
+    serverJunkPacketCount = serverProtocolConfig.value(config_key::junkPacketCount).toString(protocols::awg::defaultJunkPacketCount);
-            serverProtocolConfig.value(config_key::junkPacketCount).toString(protocols::awg::defaultJunkPacketCount);
+    serverJunkPacketMinSize = serverProtocolConfig.value(config_key::junkPacketMinSize).toString(protocols::awg::defaultJunkPacketMinSize);
-    serverJunkPacketMinSize =
+    serverJunkPacketMaxSize = serverProtocolConfig.value(config_key::junkPacketMaxSize).toString(protocols::awg::defaultJunkPacketMaxSize);
-            serverProtocolConfig.value(config_key::junkPacketMinSize).toString(protocols::awg::defaultJunkPacketMinSize);
+    serverInitPacketJunkSize = serverProtocolConfig.value(config_key::initPacketJunkSize).toString(protocols::awg::defaultInitPacketJunkSize);
-    serverJunkPacketMaxSize =
+    serverResponsePacketJunkSize =
-            serverProtocolConfig.value(config_key::junkPacketMaxSize).toString(protocols::awg::defaultJunkPacketMaxSize);
+            serverProtocolConfig.value(config_key::responsePacketJunkSize).toString(protocols::awg::defaultResponsePacketJunkSize);
-    serverInitPacketJunkSize =
+    // serverCookieReplyPacketJunkSize =
-            serverProtocolConfig.value(config_key::initPacketJunkSize).toString(protocols::awg::defaultInitPacketJunkSize);
+    //         serverProtocolConfig.value(config_key::cookieReplyPacketJunkSize).toString(protocols::awg::defaultCookieReplyPacketJunkSize);
-    serverResponsePacketJunkSize = serverProtocolConfig.value(config_key::responsePacketJunkSize)
+    // serverTransportPacketJunkSize =
-                                           .toString(protocols::awg::defaultResponsePacketJunkSize);
+    //         serverProtocolConfig.value(config_key::transportPacketJunkSize).toString(protocols::awg::defaultTransportPacketJunkSize);
-    serverInitPacketMagicHeader = serverProtocolConfig.value(config_key::initPacketMagicHeader)
+    serverInitPacketMagicHeader =
-                                          .toString(protocols::awg::defaultInitPacketMagicHeader);
+            serverProtocolConfig.value(config_key::initPacketMagicHeader).toString(protocols::awg::defaultInitPacketMagicHeader);
-    serverResponsePacketMagicHeader = serverProtocolConfig.value(config_key::responsePacketMagicHeader)
+    serverResponsePacketMagicHeader =
-                                              .toString(protocols::awg::defaultResponsePacketMagicHeader);
+            serverProtocolConfig.value(config_key::responsePacketMagicHeader).toString(protocols::awg::defaultResponsePacketMagicHeader);
-    serverUnderloadPacketMagicHeader = serverProtocolConfig.value(config_key::underloadPacketMagicHeader)
+    serverUnderloadPacketMagicHeader =
-                                               .toString(protocols::awg::defaultUnderloadPacketMagicHeader);
+            serverProtocolConfig.value(config_key::underloadPacketMagicHeader).toString(protocols::awg::defaultUnderloadPacketMagicHeader);
-    serverTransportPacketMagicHeader = serverProtocolConfig.value(config_key::transportPacketMagicHeader)
+    serverTransportPacketMagicHeader =
-                                               .toString(protocols::awg::defaultTransportPacketMagicHeader);
+            serverProtocolConfig.value(config_key::transportPacketMagicHeader).toString(protocols::awg::defaultTransportPacketMagicHeader);
 }
 bool AwgConfig::hasEqualServerSettings(const AwgConfig &other) const
 {
    if (subnetAddress != other.subnetAddress || port != other.port || serverJunkPacketCount != other.serverJunkPacketCount
-        || serverJunkPacketMinSize != other.serverJunkPacketMinSize
+        || serverJunkPacketMinSize != other.serverJunkPacketMinSize || serverJunkPacketMaxSize != other.serverJunkPacketMaxSize
-        || serverJunkPacketMaxSize != other.serverJunkPacketMaxSize
+        || serverInitPacketJunkSize != other.serverInitPacketJunkSize || serverResponsePacketJunkSize != other.serverResponsePacketJunkSize
-        || serverInitPacketJunkSize != other.serverInitPacketJunkSize
+        // || serverCookieReplyPacketJunkSize != other.serverCookieReplyPacketJunkSize
-        || serverResponsePacketJunkSize != other.serverResponsePacketJunkSize
+        // || serverTransportPacketJunkSize != other.serverTransportPacketJunkSize
        || serverInitPacketMagicHeader != other.serverInitPacketMagicHeader
        || serverResponsePacketMagicHeader != other.serverResponsePacketMagicHeader
        || serverUnderloadPacketMagicHeader != other.serverUnderloadPacketMagicHeader
@ -369,12 +334,11 @@ bool AwgConfig::hasEqualServerSettings(const AwgConfig &other) const
 bool AwgConfig::hasEqualClientSettings(const AwgConfig &other) const
 {
    if (clientMtu != other.clientMtu || clientJunkPacketCount != other.clientJunkPacketCount
-        || clientJunkPacketMinSize != other.clientJunkPacketMinSize
+        || clientJunkPacketMinSize != other.clientJunkPacketMinSize || clientJunkPacketMaxSize != other.clientJunkPacketMaxSize
-        || clientJunkPacketMaxSize != other.clientJunkPacketMaxSize || clientSpecialJunk1 != other.clientSpecialJunk1
+        || clientSpecialJunk1 != other.clientSpecialJunk1 || clientSpecialJunk2 != other.clientSpecialJunk2
-        || clientSpecialJunk2 != other.clientSpecialJunk2 || clientSpecialJunk3 != other.clientSpecialJunk3
+        || clientSpecialJunk3 != other.clientSpecialJunk3 || clientSpecialJunk4 != other.clientSpecialJunk4
-        || clientSpecialJunk4 != other.clientSpecialJunk4 || clientSpecialJunk5 != other.clientSpecialJunk5
+        || clientSpecialJunk5 != other.clientSpecialJunk5 || clientControlledJunk1 != other.clientControlledJunk1
-        || clientControlledJunk1 != other.clientControlledJunk1 || clientControlledJunk2 != other.clientControlledJunk2
+        || clientControlledJunk2 != other.clientControlledJunk2 || clientControlledJunk3 != other.clientControlledJunk3
        || clientControlledJunk3 != other.clientControlledJunk3
        || clientSpecialHandshakeTimeout != other.clientSpecialHandshakeTimeout) {
        return false;
    }
--- a/client/ui/models/protocols/awgConfigModel.h
+++ b/client/ui/models/protocols/awgConfigModel.h
@ -6,9 +6,12 @@
 #include "containers/containers_defs.h"
-namespace AwgConstant {
+namespace AwgConstant
 {
    const int messageInitiationSize = 148;
    const int messageResponseSize = 92;
    const int messageCookieReplySize = 64;
    const int messageTransportSize = 32;
 }
 struct AwgConfig
@ -37,6 +40,8 @@ struct AwgConfig
    QString serverJunkPacketMaxSize;
    QString serverInitPacketJunkSize;
    QString serverResponsePacketJunkSize;
    QString serverCookieReplyPacketJunkSize;
    QString serverTransportPacketJunkSize;
    QString serverInitPacketMagicHeader;
    QString serverResponsePacketMagicHeader;
    QString serverUnderloadPacketMagicHeader;
@ -74,6 +79,9 @@ public:
        ServerJunkPacketMaxSizeRole,
        ServerInitPacketJunkSizeRole,
        ServerResponsePacketJunkSizeRole,
        ServerCookieReplyPacketJunkSizeRole,
        ServerTransportPacketJunkSizeRole,
        ServerInitPacketMagicHeaderRole,
        ServerResponsePacketMagicHeaderRole,
        ServerUnderloadPacketMagicHeaderRole,
@ -92,7 +100,7 @@ public slots:
    QJsonObject getConfig();
    bool isHeadersEqual(const QString &h1, const QString &h2, const QString &h3, const QString &h4);
-    bool isPacketSizeEqual(const int s1, const int s2);
+    bool isPacketSizeEqual(const int s1, const int s2/*, const int s3, const int s4*/);
    bool isServerSettingsEqual();
--- a/client/ui/models/servers_model.cpp
+++ b/client/ui/models/servers_model.cpp
@ -8,6 +8,8 @@
    #include <AmneziaVPN-Swift.h>
 #endif
 #include "core/api/apiUtils.h"
 namespace
 {
    namespace configKey
@ -66,6 +68,7 @@ bool ServersModel::setData(const QModelIndex &index, const QVariant &value, int
        } else {
            server.insert(config_key::description, value.toString());
        }
        server.insert(config_key::nameOverriddenByUser, true);
        m_settings->editServer(index.row(), server);
        m_servers.replace(index.row(), server);
        if (index.row() == m_defaultServerIndex) {
@ -426,7 +429,7 @@ void ServersModel::updateDefaultServerContainersModel()
    emit defaultServerContainersUpdated(containers);
 }
-QJsonObject ServersModel::getServerConfig(const int serverIndex)
+QJsonObject ServersModel::getServerConfig(const int serverIndex) const
 {
    return m_servers.at(serverIndex).toObject();
 }
@ -813,3 +816,8 @@ const QString ServersModel::getDefaultServerImagePathCollapsed()
    }
    return QString("qrc:/countriesFlags/images/flagKit/%1.svg").arg(countryCode.toUpper());
 }
 bool ServersModel::processedServerIsPremium() const
 {
    return apiUtils::isPremiumServer(getServerConfig(m_processedServerIndex));
 }
--- a/client/ui/models/servers_model.h
+++ b/client/ui/models/servers_model.h
@ -63,6 +63,9 @@ public:
    Q_PROPERTY(bool isDefaultServerFromApi READ isDefaultServerFromApi NOTIFY defaultServerIndexChanged)
    Q_PROPERTY(int processedIndex READ getProcessedServerIndex WRITE setProcessedServerIndex NOTIFY processedServerIndexChanged)
    Q_PROPERTY(bool processedServerIsPremium READ processedServerIsPremium NOTIFY processedServerChanged)
    bool processedServerIsPremium() const;
 public slots:
    void setDefaultServerIndex(const int index);
@ -92,7 +95,7 @@ public slots:
    void removeServer();
    void removeServer(const int serverIndex);
-    QJsonObject getServerConfig(const int serverIndex);
+    QJsonObject getServerConfig(const int serverIndex) const;
    void reloadDefaultServerContainerConfig();
    void updateContainerConfig(const int containerIndex, const QJsonObject config);
--- a/client/ui/qml/Components/AwgTextField.qml
+++ b/client/ui/qml/Components/AwgTextField.qml
@ -0,0 +1,15 @@
 pragma ComponentBehavior: Bound
 import QtQuick
 import QtQuick.Layouts
 import "../Controls2"
 TextFieldWithHeaderType {
    Layout.fillWidth: true
    Layout.topMargin: 16
    textField.validator: IntValidator { bottom: 0 }
    checkEmptyText: true
 }
--- a/client/ui/qml/Pages2/PageProtocolAwgClientSettings.qml
+++ b/client/ui/qml/Pages2/PageProtocolAwgClientSettings.qml
@ -115,14 +115,10 @@ PageType {
                    KeyNavigation.tab: junkPacketCountTextField.textField
                }
-                TextFieldWithHeaderType {
+                AwgTextField {
                    id: junkPacketCountTextField
                    Layout.fillWidth: true
                    Layout.topMargin: 16
                    headerText: "Jc - Junk packet count"
                    textField.text: clientJunkPacketCount
                    textField.validator: IntValidator { bottom: 0 }
                    textField.onEditingFinished: {
                        if (textField.text !== clientJunkPacketCount) {
@ -130,19 +126,13 @@ PageType {
                        }
                    }
                    checkEmptyText: true
                    KeyNavigation.tab: junkPacketMinSizeTextField.textField
                }
-                TextFieldWithHeaderType {
+                AwgTextField {
                    id: junkPacketMinSizeTextField
                    Layout.fillWidth: true
                    Layout.topMargin: 16
                    headerText: "Jmin - Junk packet minimum size"
                    textField.text: clientJunkPacketMinSize
                    textField.validator: IntValidator { bottom: 0 }
                    textField.onEditingFinished: {
                        if (textField.text !== clientJunkPacketMinSize) {
@ -150,36 +140,27 @@ PageType {
                        }
                    }
                    checkEmptyText: true
                    KeyNavigation.tab: junkPacketMaxSizeTextField.textField
                }
-                TextFieldWithHeaderType {
+                AwgTextField {
                    id: junkPacketMaxSizeTextField
                    Layout.fillWidth: true
                    Layout.topMargin: 16
                    headerText: "Jmax - Junk packet maximum size"
                    textField.text: clientJunkPacketMaxSize
                    textField.validator: IntValidator { bottom: 0 }
                    textField.onEditingFinished: {
                        if (textField.text !== clientJunkPacketMaxSize) {
                            clientJunkPacketMaxSize = textField.text
                        }
                    }
                    checkEmptyText: true
                }
-                TextFieldWithHeaderType {
+                AwgTextField {
                    id: specialJunk1TextField
                    Layout.fillWidth: true
                    Layout.topMargin: 16
                    headerText: qsTr("I1 - First special junk packet")
                    textField.text: clientSpecialJunk1
                    textField.validator: null
                    checkEmptyText: false
                    textField.onEditingFinished: {
                        if (textField.text !== clientSpecialJunk1) {
@ -188,13 +169,12 @@ PageType {
                    }
                }
-                TextFieldWithHeaderType {
+                AwgTextField {
                    id: specialJunk2TextField
                    Layout.fillWidth: true
                    Layout.topMargin: 16
                    headerText: qsTr("I2 - Second special junk packet")
                    textField.text: clientSpecialJunk2
                    textField.validator: null
                    checkEmptyText: false
                    textField.onEditingFinished: {
                        if (textField.text !== clientSpecialJunk2) {
@ -203,13 +183,12 @@ PageType {
                    }
                }
-                TextFieldWithHeaderType {
+                AwgTextField {
                    id: specialJunk3TextField
                    Layout.fillWidth: true
                    Layout.topMargin: 16
                    headerText: qsTr("I3 - Third special junk packet")
                    textField.text: clientSpecialJunk3
                    textField.validator: null
                    checkEmptyText: false
                    textField.onEditingFinished: {
                        if (textField.text !== clientSpecialJunk3) {
@ -218,13 +197,12 @@ PageType {
                    }
                }
-                TextFieldWithHeaderType {
+                AwgTextField {
                    id: specialJunk4TextField
                    Layout.fillWidth: true
                    Layout.topMargin: 16
                    headerText: qsTr("I4 - Fourth special junk packet")
                    textField.text: clientSpecialJunk4
                    textField.validator: null
                    checkEmptyText: false
                    textField.onEditingFinished: {
                        if (textField.text !== clientSpecialJunk4) {
@ -233,13 +211,12 @@ PageType {
                    }
                }
-                TextFieldWithHeaderType {
+                AwgTextField {
                    id: specialJunk5TextField
                    Layout.fillWidth: true
                    Layout.topMargin: 16
                    headerText: qsTr("I5 - Fifth special junk packet")
                    textField.text: clientSpecialJunk5
                    textField.validator: null
                    checkEmptyText: false
                    textField.onEditingFinished: {
                        if (textField.text !== clientSpecialJunk5 ) {
@ -248,13 +225,12 @@ PageType {
                    }
                }
-                TextFieldWithHeaderType {
+                AwgTextField {
                    id: controlledJunk1TextField
                    Layout.fillWidth: true
                    Layout.topMargin: 16
                    headerText: qsTr("J1 - First controlled junk packet")
                    textField.text: clientControlledJunk1
                    textField.validator: null
                    checkEmptyText: false
                    textField.onEditingFinished: {
                        if (textField.text !== clientControlledJunk1) {
@ -263,13 +239,12 @@ PageType {
                    }
                }
-                TextFieldWithHeaderType {
+                AwgTextField {
                    id: controlledJunk2TextField
                    Layout.fillWidth: true
                    Layout.topMargin: 16
                    headerText: qsTr("J2 - Second controlled junk packet")
                    textField.text: clientControlledJunk2
                    textField.validator: null
                    checkEmptyText: false
                    textField.onEditingFinished: {
                        if (textField.text !== clientControlledJunk2) {
@ -278,13 +253,12 @@ PageType {
                    }
                }
-                TextFieldWithHeaderType {
+                AwgTextField {
                    id: controlledJunk3TextField
                    Layout.fillWidth: true
                    Layout.topMargin: 16
                    headerText: qsTr("J3 - Third controlled junk packet")
                    textField.text: clientControlledJunk3
                    textField.validator: null
                    checkEmptyText: false
                    textField.onEditingFinished: {
                        if (textField.text !== clientControlledJunk3) {
@ -293,14 +267,11 @@ PageType {
                    }
                }
-                TextFieldWithHeaderType {
+                AwgTextField {
                    id: iTimeTextField
                    Layout.fillWidth: true
                    Layout.topMargin: 16
                    headerText: qsTr("Itime - Special handshake timeout")
                    textField.text: clientSpecialHandshakeTimeout
-                    textField.validator: IntValidator { bottom: 0 }
+                    checkEmptyText: false
                    textField.onEditingFinished: {
                        if (textField.text !== clientSpecialHandshakeTimeout) {
@ -316,77 +287,72 @@ PageType {
                    text: qsTr("Server settings")
                }
-                TextFieldWithHeaderType {
+                AwgTextField {
                    id: portTextField
                    Layout.fillWidth: true
                    Layout.topMargin: 8
                    enabled: false
                    headerText: qsTr("Port")
                    textField.text: port
                }
-                TextFieldWithHeaderType {
+                AwgTextField {
                    id: initPacketJunkSizeTextField
                    Layout.fillWidth: true
                    Layout.topMargin: 16
                    enabled: false
                    headerText: "S1 - Init packet junk size"
                    textField.text: serverInitPacketJunkSize
                }
-                TextFieldWithHeaderType {
+                AwgTextField {
                    id: responsePacketJunkSizeTextField
                    Layout.fillWidth: true
                    Layout.topMargin: 16
                    enabled: false
                    headerText: "S2 - Response packet junk size"
                    textField.text: serverResponsePacketJunkSize
                }
-                TextFieldWithHeaderType {
+                // AwgTextField {
-                    id: initPacketMagicHeaderTextField
+                //     id: cookieReplyPacketJunkSizeTextField
-                    Layout.fillWidth: true
+                //     enabled: false
                    Layout.topMargin: 16
                //     headerText: "S3 - Cookie Reply packet junk size"
                //     textField.text: serverCookieReplyPacketJunkSize
                // }
                // AwgTextField {
                //     id: transportPacketJunkSizeTextField
                //     enabled: false
                //     headerText: "S4 - Transport packet junk size"
                //     textField.text: serverTransportPacketJunkSize
                // }
                AwgTextField {
                    id: initPacketMagicHeaderTextField
                    enabled: false
                    headerText: "H1 - Init packet magic header"
                    textField.text: serverInitPacketMagicHeader
                }
-                TextFieldWithHeaderType {
+                AwgTextField {
                    id: responsePacketMagicHeaderTextField
                    Layout.fillWidth: true
                    Layout.topMargin: 16
                    enabled: false
                    headerText: "H2 - Response packet magic header"
                    textField.text: serverResponsePacketMagicHeader
                }
-                TextFieldWithHeaderType {
+                AwgTextField {
                    id: underloadPacketMagicHeaderTextField
                    Layout.fillWidth: true
                    Layout.topMargin: 16
                    enabled: false
                    headerText: "H3 - Underload packet magic header"
                    textField.text: serverUnderloadPacketMagicHeader
                }
-                TextFieldWithHeaderType {
+                AwgTextField {
                    id: transportPacketMagicHeaderTextField
                    Layout.fillWidth: true
                    Layout.topMargin: 16
                    enabled: false
                    headerText: "H4 - Transport packet magic header"
--- a/client/ui/qml/Pages2/PageProtocolAwgSettings.qml
+++ b/client/ui/qml/Pages2/PageProtocolAwgSettings.qml
@ -138,182 +138,136 @@ PageType {
                    checkEmptyText: true
                }
-                TextFieldWithHeaderType {
+                AwgTextField {
                    id: junkPacketCountTextField
                    Layout.fillWidth: true
                    Layout.topMargin: 16
                    headerText: qsTr("Jc - Junk packet count")
                    textField.text: serverJunkPacketCount
                    textField.validator: IntValidator { bottom: 0 }
                    textField.onEditingFinished: {
                        if (textField.text === "") {
                            textField.text = "0"
                        }
                        if (textField.text !== serverJunkPacketCount) {
                            serverJunkPacketCount = textField.text
                        }
                    }
                    checkEmptyText: true
                }
-                TextFieldWithHeaderType {
+                AwgTextField {
                    id: junkPacketMinSizeTextField
                    Layout.fillWidth: true
                    Layout.topMargin: 16
                    headerText: qsTr("Jmin - Junk packet minimum size")
                    textField.text: serverJunkPacketMinSize
                    textField.validator: IntValidator { bottom: 0 }
                    textField.onEditingFinished: {
                        if (textField.text !== serverJunkPacketMinSize) {
                            serverJunkPacketMinSize = textField.text
                        }
                    }
                    checkEmptyText: true
                }
-                TextFieldWithHeaderType {
+                AwgTextField {
                    id: junkPacketMaxSizeTextField
                    Layout.fillWidth: true
                    Layout.topMargin: 16
                    headerText: qsTr("Jmax - Junk packet maximum size")
                    textField.text: serverJunkPacketMaxSize
                    textField.validator: IntValidator { bottom: 0 }
                    textField.onEditingFinished: {
                        if (textField.text !== serverJunkPacketMaxSize) {
                            serverJunkPacketMaxSize = textField.text
                        }
                    }
                    checkEmptyText: true
                }
-                TextFieldWithHeaderType {
+                AwgTextField {
                    id: initPacketJunkSizeTextField
                    Layout.fillWidth: true
                    Layout.topMargin: 16
                    headerText: qsTr("S1 - Init packet junk size")
                    textField.text: serverInitPacketJunkSize
                    textField.validator: IntValidator { bottom: 0 }
                    textField.onEditingFinished: {
                        if (textField.text !== serverInitPacketJunkSize) {
                            serverInitPacketJunkSize = textField.text
                        }
                    }
                    checkEmptyText: true
                    onActiveFocusChanged: {
                        if(activeFocus) {
                            listview.positionViewAtEnd()
                        }
                    }
                }
-                TextFieldWithHeaderType {
+                AwgTextField {
                    id: responsePacketJunkSizeTextField
                    Layout.fillWidth: true
                    Layout.topMargin: 16
                    headerText: qsTr("S2 - Response packet junk size")
                    textField.text: serverResponsePacketJunkSize
                    textField.validator: IntValidator { bottom: 0 }
                    textField.onEditingFinished: {
                        if (textField.text !== serverResponsePacketJunkSize) {
                            serverResponsePacketJunkSize = textField.text
                        }
                    }
                    checkEmptyText: true
                    onActiveFocusChanged: {
                        if(activeFocus) {
                            listview.positionViewAtEnd()
                        }
                    }
                }
-                TextFieldWithHeaderType {
+                // AwgTextField {
-                    id: initPacketMagicHeaderTextField
+                //     id: cookieReplyPacketJunkSizeTextField
-                    Layout.fillWidth: true
+                //     headerText: qsTr("S3 - Cookie reply packet junk size")
-                    Layout.topMargin: 16
+                //     textField.text: serverCookieReplyPacketJunkSize
                //     textField.onEditingFinished: {
                //         if (textField.text !== serverCookieReplyPacketJunkSize) {
                //             serverCookieReplyPacketJunkSize = textField.text
                //         }
                //     }
                // }
                // AwgTextField {
                //     id: transportPacketJunkSizeTextField
                //     headerText: qsTr("S4 - Transport packet junk size")
                //     textField.text: serverTransportPacketJunkSize
                //     textField.onEditingFinished: {
                //         if (textField.text !== serverTransportPacketJunkSize) {
                //             serverTransportPacketJunkSize = textField.text
                //         }
                //     }
                // }
                AwgTextField {
                    id: initPacketMagicHeaderTextField
                    headerText: qsTr("H1 - Init packet magic header")
                    textField.text: serverInitPacketMagicHeader
                    textField.validator: IntValidator { bottom: 0 }
                    textField.onEditingFinished: {
                        if (textField.text !== serverInitPacketMagicHeader) {
                            serverInitPacketMagicHeader = textField.text
                        }
                    }
                    checkEmptyText: true
                }
-                TextFieldWithHeaderType {
+                AwgTextField {
                    id: responsePacketMagicHeaderTextField
                    Layout.fillWidth: true
                    Layout.topMargin: 16
                    headerText: qsTr("H2 - Response packet magic header")
                    textField.text: serverResponsePacketMagicHeader
                    textField.validator: IntValidator { bottom: 0 }
                    textField.onEditingFinished: {
                        if (textField.text !== serverResponsePacketMagicHeader) {
                            serverResponsePacketMagicHeader = textField.text
                        }
                    }
                    checkEmptyText: true
                }
-                TextFieldWithHeaderType {
+                AwgTextField {
                    id: underloadPacketMagicHeaderTextField
                    Layout.fillWidth: true
                    Layout.topMargin: 16
                    headerText: qsTr("H3 - Underload packet magic header")
                    textField.text: serverUnderloadPacketMagicHeader
                    textField.validator: IntValidator { bottom: 0 }
                    textField.onEditingFinished: {
                        if (textField.text !== serverUnderloadPacketMagicHeader) {
                            serverUnderloadPacketMagicHeader = textField.text
                        }
                    }
                    checkEmptyText: true
                }
-                TextFieldWithHeaderType {
+                AwgTextField {
                    id: transportPacketMagicHeaderTextField
                    Layout.fillWidth: true
                    Layout.topMargin: 16
                    headerText: qsTr("H4 - Transport packet magic header")
                    textField.text: serverTransportPacketMagicHeader
                    textField.validator: IntValidator { bottom: 0 }
                    textField.onEditingFinished: {
                        if (textField.text !== serverTransportPacketMagicHeader) {
                            serverTransportPacketMagicHeader = textField.text
                        }
                    }
                    checkEmptyText: true
                }
@ -329,19 +283,12 @@ PageType {
                             responsePacketMagicHeaderTextField.errorText === "" &&
                             initPacketMagicHeaderTextField.errorText === "" &&
                             responsePacketJunkSizeTextField.errorText === "" &&
                             // cookieReplyHeaderJunkTextField.errorText === "" &&
                             // transportHeaderJunkTextField.errorText === "" &&
                             initPacketJunkSizeTextField.errorText === "" &&
                             junkPacketMaxSizeTextField.errorText === "" &&
                             junkPacketMinSizeTextField.errorText === "" &&
                             junkPacketCountTextField.errorText === "" &&
                             // specialJunk1TextField.errorText === "" &&
                             // specialJunk2TextField.errorText === "" &&
                             // specialJunk3TextField.errorText === "" &&
                             // specialJunk4TextField.errorText === "" &&
                             // specialJunk5TextField.errorText === "" &&
                             // controlledJunk1TextField.errorText === "" &&
                             // controlledJunk2TextField.errorText === "" &&
                             // controlledJunk3TextField.errorText === "" &&
                             // iTimeTextField.errorText === "" &&
                             portTextField.errorText === "" &&
                             vpnAddressSubnetTextField.errorText === ""
@ -370,6 +317,13 @@ PageType {
                                PageController.showErrorMessage(qsTr("The value of the field S1 + message initiation size (148) must not equal S2 + message response size (92)"))
                                return
                            }
                            // if (AwgConfigModel.isPacketSizeEqual(parseInt(initPacketJunkSizeTextField.textField.text),
                            //                                     parseInt(responsePacketJunkSizeTextField.textField.text),
                            //                                     parseInt(cookieReplyPacketJunkSizeTextField.textField.text),
                            //                                     parseInt(transportPacketJunkSizeTextField.textField.text))) {
                            //     PageController.showErrorMessage(qsTr("The value of the field S1 + message initiation size (148) must not equal S2 + message response size (92) + S3 + cookie reply size (64) + S4 + transport packet size (32)"))
                            //     return
                            // }
                        }
                        var headerText = qsTr("Save settings?")
--- a/client/ui/qml/Pages2/PageProtocolCloakSettings.qml
+++ b/client/ui/qml/Pages2/PageProtocolCloakSettings.qml
@ -59,10 +59,13 @@ PageType {
                model: CloakConfigModel
                delegate: Item {
-                    implicitWidth: listview.width
+                    id: delegateItem
                    implicitHeight: col.implicitHeight
                    property alias trafficFromField: trafficFromField
                    property bool isEnabled: ServersModel.isProcessedServerHasWriteAccess()
                    implicitWidth: listview.width
                    implicitHeight: col.implicitHeight
                    ColumnLayout {
                        id: col
@ -78,7 +81,6 @@ PageType {
                        BaseHeaderType {
                            Layout.fillWidth: true
                            headerText: qsTr("Cloak settings")
                        }
@ -88,6 +90,8 @@ PageType {
                            Layout.fillWidth: true
                            Layout.topMargin: 32
                            enabled: delegateItem.isEnabled
                            headerText: qsTr("Disguised as traffic from")
                            textField.text: site
@ -104,6 +108,8 @@ PageType {
                                    }
                                }
                            }
                            checkEmptyText: true
                        }
                        TextFieldWithHeaderType {
@ -112,6 +118,8 @@ PageType {
                            Layout.fillWidth: true
                            Layout.topMargin: 16
                            enabled: delegateItem.isEnabled
                            headerText: qsTr("Port")
                            textField.text: port
                            textField.maximumLength: 5
@ -122,6 +130,8 @@ PageType {
                                    port = textField.text
                                }
                            }
                            checkEmptyText: true
                        }
                        DropDownType {
@ -129,6 +139,8 @@ PageType {
                            Layout.fillWidth: true
                            Layout.topMargin: 16
                            enabled: delegateItem.isEnabled
                            descriptionText: qsTr("Cipher")
                            headerText: qsTr("Cipher")
@ -166,25 +178,46 @@ PageType {
                        }
                        BasicButtonType {
-                            id: saveRestartButton
+                            id: saveButton
                            Layout.fillWidth: true
                            Layout.topMargin: 24
                            Layout.bottomMargin: 24
                            enabled: trafficFromField.errorText === "" &&
                                     portTextField.errorText === ""
                            text: qsTr("Save")
                            clickedFunc: function() {
                                forceActiveFocus()
-                                if (ConnectionController.isConnected && ServersModel.getDefaultServerData("defaultContainer") === ContainersModel.getProcessedContainerIndex()) {
+                                var headerText = qsTr("Save settings?")
-                                    PageController.showNotificationMessage(qsTr("Unable change settings while there is an active connection"))
+                                var descriptionText = qsTr("All users with whom you shared a connection with will no longer be able to connect to it.")
-                                    return
+                                var yesButtonText = qsTr("Continue")
                                var noButtonText = qsTr("Cancel")
                                var yesButtonFunction = function() {
                                    if (ConnectionController.isConnected && ServersModel.getDefaultServerData("defaultContainer") === ContainersModel.getProcessedContainerIndex()) {
                                        PageController.showNotificationMessage(qsTr("Unable change settings while there is an active connection"))
                                        return
                                    }
                                    PageController.goToPage(PageEnum.PageSetupWizardInstalling)
                                    InstallController.updateContainer(CloakConfigModel.getConfig())
                                }
-                                PageController.goToPage(PageEnum.PageSetupWizardInstalling);
+                                var noButtonFunction = function() {
-                                InstallController.updateContainer(CloakConfigModel.getConfig())
+                                    if (!GC.isMobile()) {
                                        saveButton.forceActiveFocus()
                                    }
                                }
                                showQuestionDrawer(headerText, descriptionText, yesButtonText, noButtonText, yesButtonFunction, noButtonFunction)
                            }
                            Keys.onEnterPressed: saveButton.clicked()
                            Keys.onReturnPressed: saveButton.clicked()
                        }
                    }
                }
--- a/client/ui/qml/Pages2/PageProtocolOpenVpnSettings.qml
+++ b/client/ui/qml/Pages2/PageProtocolOpenVpnSettings.qml
@ -58,10 +58,13 @@ PageType {
                model: OpenVpnConfigModel             
                delegate: Item {
-                    implicitWidth: listview.width
+                    id: delegateItem
                    implicitHeight: col.implicitHeight
                    property alias vpnAddressSubnetTextField: vpnAddressSubnetTextField
                    property bool isEnabled: ServersModel.isProcessedServerHasWriteAccess()
                    implicitWidth: listview.width
                    implicitHeight: col.implicitHeight
                    ColumnLayout {
                        id: col
@ -77,7 +80,6 @@ PageType {
                        BaseHeaderType {
                            Layout.fillWidth: true
                            headerText: qsTr("OpenVPN settings")
                        }
@ -87,6 +89,8 @@ PageType {
                            Layout.fillWidth: true
                            Layout.topMargin: 32
                            enabled: delegateItem.isEnabled
                            headerText: qsTr("VPN address subnet")
                            textField.text: subnetAddress
@ -97,6 +101,8 @@ PageType {
                                    subnetAddress = textField.text
                                }
                            }
                            checkEmptyText: true
                        }
                        ParagraphTextType {
@ -134,7 +140,7 @@ PageType {
                            Layout.topMargin: 40
                            parentFlickable: fl
-                            enabled: isPortEditable
+                            enabled: delegateItem.isEnabled
                            headerText: qsTr("Port")
                            textField.text: port
@ -146,6 +152,8 @@ PageType {
                                    port = textField.text
                                }
                            }
                            checkEmptyText: true
                        }
                        SwitcherType {
@ -388,26 +396,45 @@ PageType {
                        }
                        BasicButtonType {
-                            id: saveRestartButton
+                            id: saveButton
                            Layout.fillWidth: true
                            Layout.topMargin: 24
                            Layout.bottomMargin: 24
                            enabled: vpnAddressSubnetTextField.errorText === "" &&
                                     portTextField.errorText === ""
                            text: qsTr("Save")
                            parentFlickable: fl
-                            clickedFunc: function() {
+                            onClicked: function() {
                                forceActiveFocus()
-                                if (ConnectionController.isConnected && ServersModel.getDefaultServerData("defaultContainer") === ContainersModel.getProcessedContainerIndex()) {
+                                var headerText = qsTr("Save settings?")
-                                    PageController.showNotificationMessage(qsTr("Unable change settings while there is an active connection"))
+                                var descriptionText = qsTr("All users with whom you shared a connection with will no longer be able to connect to it.")
-                                    return
+                                var yesButtonText = qsTr("Continue")
-                                }
+                                var noButtonText = qsTr("Cancel")
-                                PageController.goToPage(PageEnum.PageSetupWizardInstalling);
+                                var yesButtonFunction = function() {
-                                InstallController.updateContainer(OpenVpnConfigModel.getConfig())
+                                    if (ConnectionController.isConnected && ServersModel.getDefaultServerData("defaultContainer") === ContainersModel.getProcessedContainerIndex()) {
                                        PageController.showNotificationMessage(qsTr("Unable change settings while there is an active connection"))
                                        return
                                    }
                                    PageController.goToPage(PageEnum.PageSetupWizardInstalling);
                                    InstallController.updateContainer(OpenVpnConfigModel.getConfig())
                                }
                                var noButtonFunction = function() {
                                    if (!GC.isMobile()) {
                                        saveButton.forceActiveFocus()
                                    }
                                }
                                showQuestionDrawer(headerText, descriptionText, yesButtonText, noButtonText, yesButtonFunction, noButtonFunction)
                            }
                            Keys.onEnterPressed: saveButton.clicked()
                            Keys.onReturnPressed: saveButton.clicked()
                        }
                    }
                }
--- a/client/ui/qml/Pages2/PageProtocolShadowSocksSettings.qml
+++ b/client/ui/qml/Pages2/PageProtocolShadowSocksSettings.qml
@ -57,15 +57,13 @@ PageType {
                model: ShadowSocksConfigModel
                delegate: Item {
                    id: delegateItem
                    property bool isEnabled: ServersModel.isProcessedServerHasWriteAccess()
                    implicitWidth: listview.width
                    implicitHeight: col.implicitHeight
                    property var focusItemId: portTextField.enabled ?
                                                    portTextField :
                                                    cipherDropDown.enabled ?
                                                        cipherDropDown :
                                                        saveRestartButton
                    ColumnLayout {
                        id: col
@ -80,7 +78,6 @@ PageType {
                        BaseHeaderType {
                            Layout.fillWidth: true
                            headerText: qsTr("Shadowsocks settings")
                        }
@ -90,7 +87,7 @@ PageType {
                            Layout.fillWidth: true
                            Layout.topMargin: 40
-                            enabled: isPortEditable
+                            enabled: delegateItem.isEnabled
                            headerText: qsTr("Port")
                            textField.text: port
@ -102,6 +99,8 @@ PageType {
                                    port = textField.text
                                }
                            }
                            checkEmptyText: true
                        }
                        DropDownType {
@ -109,7 +108,7 @@ PageType {
                            Layout.fillWidth: true
                            Layout.topMargin: 20
-                            enabled: isCipherEditable
+                            enabled: delegateItem.isEnabled
                            descriptionText: qsTr("Cipher")
                            headerText: qsTr("Cipher")
@ -149,27 +148,43 @@ PageType {
                        }
                        BasicButtonType {
-                            id: saveRestartButton
+                            id: saveButton
                            Layout.fillWidth: true
                            Layout.topMargin: 24
                            Layout.bottomMargin: 24
-                            enabled: isPortEditable | isCipherEditable
+                            enabled: portTextField.errorText === ""
                            text: qsTr("Save")
                            clickedFunc: function() {
                                forceActiveFocus()
-                                if (ConnectionController.isConnected && ServersModel.getDefaultServerData("defaultContainer") === ContainersModel.getProcessedContainerIndex()) {
+                                var headerText = qsTr("Save settings?")
-                                    PageController.showNotificationMessage(qsTr("Unable change settings while there is an active connection"))
+                                var descriptionText = qsTr("All users with whom you shared a connection with will no longer be able to connect to it.")
-                                    return
+                                var yesButtonText = qsTr("Continue")
-                                }
+                                var noButtonText = qsTr("Cancel")
-                                PageController.goToPage(PageEnum.PageSetupWizardInstalling);
+                                var yesButtonFunction = function() {
-                                InstallController.updateContainer(ShadowSocksConfigModel.getConfig())
+                                    if (ConnectionController.isConnected && ServersModel.getDefaultServerData("defaultContainer") === ContainersModel.getProcessedContainerIndex()) {
                                        PageController.showNotificationMessage(qsTr("Unable change settings while there is an active connection"))
                                        return
                                    }
                                    PageController.goToPage(PageEnum.PageSetupWizardInstalling);
                                    InstallController.updateContainer(ShadowSocksConfigModel.getConfig())
                                }
                                var noButtonFunction = function() {
                                    if (!GC.isMobile()) {
                                        saveButton.forceActiveFocus()
                                    }
                                }
                                showQuestionDrawer(headerText, descriptionText, yesButtonText, noButtonText, yesButtonFunction, noButtonFunction)
                            }
                            Keys.onEnterPressed: saveButton.clicked()
                            Keys.onReturnPressed: saveButton.clicked()
                        }
                    }
                }
--- a/client/ui/qml/Pages2/PageProtocolWireGuardSettings.qml
+++ b/client/ui/qml/Pages2/PageProtocolWireGuardSettings.qml
@ -152,7 +152,7 @@ PageType {
                                }
                                var noButtonFunction = function() {
                                    if (!GC.isMobile()) {
-                                        saveRestartButton.forceActiveFocus()
+                                        saveButton.forceActiveFocus()
                                    }
                                }
                                showQuestionDrawer(headerText, descriptionText, yesButtonText, noButtonText, yesButtonFunction, noButtonFunction)
--- a/client/ui/qml/Pages2/PageProtocolXraySettings.qml
+++ b/client/ui/qml/Pages2/PageProtocolXraySettings.qml
@ -58,7 +58,10 @@ PageType {
                model: XrayConfigModel
                delegate: Item {
                    id: delegateItem
                    property alias focusItemId: textFieldWithHeaderType.textField
                    property bool isEnabled: ServersModel.isProcessedServerHasWriteAccess()
                    implicitWidth: listview.width
                    implicitHeight: col.implicitHeight
@ -85,6 +88,8 @@ PageType {
                            Layout.fillWidth: true
                            Layout.topMargin: 32
                            enabled: delegateItem.isEnabled
                            headerText: qsTr("Disguised as traffic from")
                            textField.text: site
@ -101,6 +106,8 @@ PageType {
                                    }
                                }
                            }
                            checkEmptyText: true
                        }
                        TextFieldWithHeaderType {
@ -130,23 +137,38 @@ PageType {
                            Layout.topMargin: 24
                            Layout.bottomMargin: 24
                            enabled: portTextField.errorText === ""
                            text: qsTr("Save")
-                            onClicked: {
+                            onClicked: function() {
                                forceActiveFocus()
-                                if (ConnectionController.isConnected && ServersModel.getDefaultServerData("defaultContainer") === ContainersModel.getProcessedContainerIndex()) {
+                                var headerText = qsTr("Save settings?")
-                                    PageController.showNotificationMessage(qsTr("Unable change settings while there is an active connection"))
+                                var descriptionText = qsTr("All users with whom you shared a connection with will no longer be able to connect to it.")
-                                    return
+                                var yesButtonText = qsTr("Continue")
-                                }
+                                var noButtonText = qsTr("Cancel")
-                                PageController.goToPage(PageEnum.PageSetupWizardInstalling);
+                                var yesButtonFunction = function() {
-                                InstallController.updateContainer(XrayConfigModel.getConfig())
+                                    if (ConnectionController.isConnected && ServersModel.getDefaultServerData("defaultContainer") === ContainersModel.getProcessedContainerIndex()) {
-                                focusItem.forceActiveFocus()
+                                        PageController.showNotificationMessage(qsTr("Unable change settings while there is an active connection"))
                                        return
                                    }
                                    PageController.goToPage(PageEnum.PageSetupWizardInstalling);
                                    InstallController.updateContainer(XrayConfigModel.getConfig())
                                    //focusItem.forceActiveFocus()
                                }
                                var noButtonFunction = function() {
                                    if (!GC.isMobile()) {
                                        saveButton.forceActiveFocus()
                                    }
                                }
                                showQuestionDrawer(headerText, descriptionText, yesButtonText, noButtonText, yesButtonFunction, noButtonFunction)
                            }
-                            Keys.onEnterPressed: basicButton.clicked()
+                            Keys.onEnterPressed: saveButton.clicked()
-                            Keys.onReturnPressed: basicButton.clicked()
+                            Keys.onReturnPressed: saveButton.clicked()
                        }
                    }
                }
--- a/client/ui/qml/Pages2/PageSettingsApiServerInfo.qml
+++ b/client/ui/qml/Pages2/PageSettingsApiServerInfo.qml
@ -158,6 +158,32 @@ PageType {
            readonly property bool isVisibleForAmneziaFree: ApiAccountInfoModel.data("isComponentVisible")
            SwitcherType {
                id: switcher
                readonly property bool isVlessProtocol: ApiConfigsController.isVlessProtocol()
                Layout.fillWidth: true
                Layout.topMargin: 24
                Layout.rightMargin: 16
                Layout.leftMargin: 16
                visible: ApiAccountInfoModel.data("isProtocolSelectionSupported")
                text: qsTr("Use VLESS protocol")
                checked: switcher.isVlessProtocol
                onToggled: function() {
                    if (ServersModel.isDefaultServerCurrentlyProcessed() && ConnectionController.isConnected) {
                        PageController.showNotificationMessage(qsTr("Cannot change protocol during active connection"))
                    } else {
                        PageController.showBusyIndicator(true)
                        ApiConfigsController.setCurrentProtocol(switcher.isVlessProtocol ? "awg" : "vless")
                        ApiConfigsController.updateServiceFromGateway(ServersModel.processedIndex, "", "", true)
                        PageController.showBusyIndicator(false)
                    }
                }
            }
            WarningType {
                id: warning
--- a/client/ui/qml/Pages2/PageSettingsKillSwitch.qml
+++ b/client/ui/qml/Pages2/PageSettingsKillSwitch.qml
@ -82,7 +82,8 @@ PageType {
                Layout.rightMargin: 16
                visible: false
-                enabled: false //SettingsController.isKillSwitchEnabled && !ConnectionController.isConnected
+                enabled: false
                // enabled: SettingsController.isKillSwitchEnabled && !ConnectionController.isConnected
                checked: SettingsController.strictKillSwitchEnabled
                text: qsTr("Strict KillSwitch")
--- a/client/ui/qml/Pages2/PageSettingsServerData.qml
+++ b/client/ui/qml/Pages2/PageSettingsServerData.qml
@ -260,7 +260,7 @@ PageType {
            LabelWithButtonType {
                id: labelWithButton6
-                visible: ServersModel.getProcessedServerData("isServerFromTelegramApi")
+                visible: ServersModel.getProcessedServerData("isServerFromTelegramApi") && ServersModel.processedServerIsPremium
                Layout.fillWidth: true
                text: qsTr("Switch to the new Amnezia Premium subscription")
@ -273,7 +273,7 @@ PageType {
            }
            DividerType {
-                visible: ServersModel.getProcessedServerData("isServerFromTelegramApi")
+                visible: ServersModel.getProcessedServerData("isServerFromTelegramApi") && ServersModel.processedServerIsPremium
            }
        }
    }
--- a/client/ui/qml/Pages2/PageShare.qml
+++ b/client/ui/qml/Pages2/PageShare.qml
@ -429,6 +429,11 @@ PageType {
                        fillConnectionTypeModel()
                        if (exportTypeSelector.currentIndex >= root.connectionTypesModel.length) {
                            exportTypeSelector.currentIndex = 0
                            exportTypeSelector.text = root.connectionTypesModel[0].name
                        }
                        if (accessTypeSelector.currentIndex === 1) {
                            PageController.showBusyIndicator(true)
                            ExportController.updateClientManagementModel(ContainersModel.getProcessedContainerIndex(),
--- a/deploy/DeveloperIDG2CA.cer
+++ b/deploy/DeveloperIDG2CA.cer
--- a/deploy/build_macos.sh
+++ b/deploy/build_macos.sh
@ -1,4 +1,15 @@
 #!/bin/bash
 # -----------------------------------------------------------------------------
 # Usage:
 #   Export the required signing credentials before running this script, e.g.:
 #     export MAC_APP_CERT_PW='pw-for-DeveloperID-Application'
 #     export MAC_INSTALL_CERT_PW='pw-for-DeveloperID-Installer'
 #     export MAC_SIGNER_ID='Developer ID Application: Some Company Name (XXXXXXXXXX)'
 #     export MAC_INSTALLER_SIGNER_ID='Developer ID Installer: Some Company Name (XXXXXXXXXX)'
 #     export APPLE_DEV_EMAIL='your@email.com'
 #     export APPLE_DEV_PASSWORD='<your-password>'
 #     bash deploy/build_macos.sh [-n]
 # -----------------------------------------------------------------------------
 echo "Build script started ..."
 set -o errexit -o nounset
@ -14,8 +25,8 @@ done
 PROJECT_DIR=$(pwd)
 DEPLOY_DIR=$PROJECT_DIR/deploy
-mkdir -p $DEPLOY_DIR/build
+mkdir -p "$DEPLOY_DIR/build"
-BUILD_DIR=$DEPLOY_DIR/build
+BUILD_DIR="$DEPLOY_DIR/build"
 echo "Project dir: ${PROJECT_DIR}"
 echo "Build dir: ${BUILD_DIR}"
@ -28,39 +39,45 @@ PLIST_NAME=$APP_NAME.plist
 OUT_APP_DIR=$BUILD_DIR/client
 BUNDLE_DIR=$OUT_APP_DIR/$APP_FILENAME
 # Prebuilt deployment assets are available via the symlink under deploy/data
 PREBUILT_DEPLOY_DATA_DIR=$PROJECT_DIR/deploy/data/deploy-prebuilt/macos
 DEPLOY_DATA_DIR=$PROJECT_DIR/deploy/data/macos
 INSTALLER_DATA_DIR=$BUILD_DIR/installer/packages/$APP_DOMAIN/data
 INSTALLER_BUNDLE_DIR=$BUILD_DIR/installer/$APP_FILENAME
 DMG_FILENAME=$PROJECT_DIR/${APP_NAME}.dmg
 # Search Qt
 if [ -z "${QT_VERSION+x}" ]; then
-QT_VERSION=6.4.3;
+QT_VERSION=6.8.3;
 QIF_VERSION=4.6
 QT_BIN_DIR=$HOME/Qt/$QT_VERSION/macos/bin
 QIF_BIN_DIR=$QT_BIN_DIR/../../../Tools/QtInstallerFramework/$QIF_VERSION/bin
 fi
 echo "Using Qt in $QT_BIN_DIR"
 echo "Using QIF in $QIF_BIN_DIR"
 # Checking env
-$QT_BIN_DIR/qt-cmake --version
+"$QT_BIN_DIR/qt-cmake" --version
 cmake --version
 clang -v
 # Build App
 echo "Building App..."
-cd $BUILD_DIR
+cd "$BUILD_DIR"
-$QT_BIN_DIR/qt-cmake -S $PROJECT_DIR -B $BUILD_DIR
+"$QT_BIN_DIR/qt-cmake" -S "$PROJECT_DIR" -B "$BUILD_DIR"
 cmake --build . --config release --target all
 # Build and run tests here
 # Create a temporary keychain and import certificates
 KEYCHAIN_PATH="$PROJECT_DIR/mac_sign.keychain"
 trap 'echo "Cleaning up mac_sign.keychain..."; security delete-keychain "$KEYCHAIN_PATH" 2>/dev/null || true; rm -f "$KEYCHAIN_PATH" 2>/dev/null || true' EXIT
 KEYCHAIN=$(security default-keychain -d user | tr -d '"[:space:]"')
 security list-keychains -d user -s "$KEYCHAIN_PATH" "$KEYCHAIN" "$(security list-keychains -d user | tr '\n' ' ')"
 security create-keychain -p "" "$KEYCHAIN_PATH"
 security import "$DEPLOY_DIR/DeveloperIdApplicationCertificate.p12" -k "$KEYCHAIN_PATH" -P "$MAC_APP_CERT_PW" -T /usr/bin/codesign
 security import "$DEPLOY_DIR/DeveloperIdInstallerCertificate.p12" -k "$KEYCHAIN_PATH" -P "$MAC_INSTALL_CERT_PW" -T /usr/bin/codesign
 security import "$DEPLOY_DIR/DeveloperIDG2CA.cer" -k "$KEYCHAIN_PATH" -T /usr/bin/codesign
 security list-keychains -d user -s "$KEYCHAIN_PATH"
 echo "____________________________________"
 echo "............Deploy.................."
 echo "____________________________________"
@ -69,102 +86,159 @@ echo "____________________________________"
 echo "Packaging ..."
-cp -Rv $PREBUILT_DEPLOY_DATA_DIR/* $BUNDLE_DIR/Contents/macOS
+cp -Rv "$PREBUILT_DEPLOY_DATA_DIR"/* "$BUNDLE_DIR/Contents/macOS"
-$QT_BIN_DIR/macdeployqt $OUT_APP_DIR/$APP_FILENAME -always-overwrite -qmldir=$PROJECT_DIR
+"$QT_BIN_DIR/macdeployqt" "$OUT_APP_DIR/$APP_FILENAME" -always-overwrite -qmldir="$PROJECT_DIR"
-cp -av $BUILD_DIR/service/server/$APP_NAME-service $BUNDLE_DIR/Contents/macOS
+cp -av "$BUILD_DIR/service/server/$APP_NAME-service" "$BUNDLE_DIR/Contents/macOS"
-cp -Rv $PROJECT_DIR/deploy/data/macos/* $BUNDLE_DIR/Contents/macOS
+rsync -av --exclude="$PLIST_NAME" --exclude=post_install.sh --exclude=post_uninstall.sh "$DEPLOY_DATA_DIR/" "$BUNDLE_DIR/Contents/macOS/"
 rm -f $BUNDLE_DIR/Contents/macOS/post_install.sh $BUNDLE_DIR/Contents/macOS/post_uninstall.sh
-if [ "${MAC_CERT_PW+x}" ]; then
+if [ "${MAC_APP_CERT_PW+x}" ]; then
-  CERTIFICATE_P12=$DEPLOY_DIR/PrivacyTechAppleCertDeveloperId.p12
+  # Path to the p12 that contains the Developer ID *Application* certificate
-  WWDRCA=$DEPLOY_DIR/WWDRCA.cer
+  CERTIFICATE_P12=$DEPLOY_DIR/DeveloperIdApplicationCertificate.p12
  KEYCHAIN=amnezia.build.macos.keychain
  TEMP_PASS=tmp_pass
-  security create-keychain -p $TEMP_PASS $KEYCHAIN || true
+  # Ensure launchd plist is bundled, but place it inside Resources so that
-  security default-keychain -s $KEYCHAIN
+  # the bundle keeps a valid structure (nothing but `Contents` at the root).
-  security unlock-keychain -p $TEMP_PASS $KEYCHAIN
+  mkdir -p "$BUNDLE_DIR/Contents/Resources"
  cp "$DEPLOY_DATA_DIR/$PLIST_NAME" "$BUNDLE_DIR/Contents/Resources/$PLIST_NAME"
-  security default-keychain
+  # Show available signing identities (useful for debugging)
-  security list-keychains
+  security find-identity -p codesigning || true
  security import $WWDRCA -k $KEYCHAIN -T /usr/bin/codesign || true
  security import $CERTIFICATE_P12 -k $KEYCHAIN -P $MAC_CERT_PW -T /usr/bin/codesign || true
  security set-key-partition-list -S apple-tool:,apple: -k $TEMP_PASS $KEYCHAIN
  security find-identity -p codesigning
  echo "Signing App bundle..."
-  /usr/bin/codesign --deep --force --verbose --timestamp -o runtime --sign "$MAC_SIGNER_ID" $BUNDLE_DIR
+  /usr/bin/codesign --deep --force --verbose --timestamp -o runtime --keychain "$KEYCHAIN_PATH" --sign "$MAC_SIGNER_ID" "$BUNDLE_DIR"
-  /usr/bin/codesign --verify -vvvv $BUNDLE_DIR || true
+  /usr/bin/codesign --verify -vvvv "$BUNDLE_DIR" || true
-  spctl -a -vvvv $BUNDLE_DIR || true
+  spctl -a -vvvv "$BUNDLE_DIR" || true
  if [ "${NOTARIZE_APP+x}" ]; then
    echo "Notarizing App bundle..."
    /usr/bin/ditto -c -k --keepParent $BUNDLE_DIR $PROJECT_DIR/Bundle_to_notarize.zip
    xcrun notarytool submit $PROJECT_DIR/Bundle_to_notarize.zip --apple-id $APPLE_DEV_EMAIL --team-id $MAC_TEAM_ID --password $APPLE_DEV_PASSWORD
    rm $PROJECT_DIR/Bundle_to_notarize.zip
    sleep 300
    xcrun stapler staple $BUNDLE_DIR
    xcrun stapler validate $BUNDLE_DIR
    spctl -a -vvvv $BUNDLE_DIR || true
  fi
 fi
 echo "Packaging installer..."
-mkdir -p $INSTALLER_DATA_DIR
+PKG_DIR=$BUILD_DIR/pkg
-cp -av $PROJECT_DIR/deploy/installer $BUILD_DIR
+# Remove any stale packaging data from previous runs
-cp -av $DEPLOY_DATA_DIR/post_install.sh $INSTALLER_DATA_DIR/post_install.sh
+rm -rf "$PKG_DIR"
-cp -av $DEPLOY_DATA_DIR/post_uninstall.sh $INSTALLER_DATA_DIR/post_uninstall.sh
+PKG_ROOT=$PKG_DIR/root
-cp -av $DEPLOY_DATA_DIR/$PLIST_NAME $INSTALLER_DATA_DIR/$PLIST_NAME
+SCRIPTS_DIR=$PKG_DIR/scripts
 RESOURCES_DIR=$PKG_DIR/resources
 INSTALL_PKG=$PKG_DIR/${APP_NAME}_install.pkg
 UNINSTALL_PKG=$PKG_DIR/${APP_NAME}_uninstall.pkg
 FINAL_PKG=$PKG_DIR/${APP_NAME}.pkg
 UNINSTALL_SCRIPTS_DIR=$PKG_DIR/uninstall_scripts
-chmod a+x $INSTALLER_DATA_DIR/post_install.sh $INSTALLER_DATA_DIR/post_uninstall.sh
+mkdir -p "$PKG_ROOT/Applications" "$SCRIPTS_DIR" "$RESOURCES_DIR" "$UNINSTALL_SCRIPTS_DIR"
-cd $BUNDLE_DIR 
+cp -R "$BUNDLE_DIR" "$PKG_ROOT/Applications"
-tar czf $INSTALLER_DATA_DIR/$APP_NAME.tar.gz ./
+# launchd plist is already inside the bundle; no need to add it again after signing
 /usr/bin/codesign --deep --force --verbose --timestamp -o runtime --keychain "$KEYCHAIN_PATH" --sign "$MAC_SIGNER_ID" "$PKG_ROOT/Applications/$APP_FILENAME"
 /usr/bin/codesign --verify --deep --strict --verbose=4 "$PKG_ROOT/Applications/$APP_FILENAME" || true
 cp "$DEPLOY_DATA_DIR/post_install.sh" "$SCRIPTS_DIR/post_install.sh"
 cp "$DEPLOY_DATA_DIR/post_uninstall.sh" "$UNINSTALL_SCRIPTS_DIR/postinstall"
 mkdir -p "$RESOURCES_DIR/scripts"
 cp "$DEPLOY_DATA_DIR/check_install.sh" "$RESOURCES_DIR/scripts/check_install.sh"
 cp "$DEPLOY_DATA_DIR/check_uninstall.sh" "$RESOURCES_DIR/scripts/check_uninstall.sh"
-echo "Building installer..."
+cat > "$SCRIPTS_DIR/postinstall" <<'EOS'
-$QIF_BIN_DIR/binarycreator --offline-only -v -c $BUILD_DIR/installer/config/macos.xml -p $BUILD_DIR/installer/packages -f $INSTALLER_BUNDLE_DIR
+#!/bin/bash
 SCRIPT_DIR="$(dirname "$0")"
 bash "$SCRIPT_DIR/post_install.sh"
 exit 0
 EOS
-if [ "${MAC_CERT_PW+x}" ]; then
+chmod +x "$SCRIPTS_DIR"/*
-  echo "Signing installer bundle..."
+chmod +x "$UNINSTALL_SCRIPTS_DIR"/*
-  security unlock-keychain -p $TEMP_PASS $KEYCHAIN
+chmod +x "$RESOURCES_DIR/scripts"/*
-  /usr/bin/codesign --deep --force --verbose --timestamp -o runtime --sign "$MAC_SIGNER_ID" $INSTALLER_BUNDLE_DIR
+cp "$PROJECT_DIR/LICENSE" "$RESOURCES_DIR/LICENSE"
  /usr/bin/codesign --verify -vvvv $INSTALLER_BUNDLE_DIR || true
-  if [ "${NOTARIZE_APP+x}" ]; then
+APP_VERSION=$(grep -m1 -E 'project\(' "$PROJECT_DIR/CMakeLists.txt" | sed -E 's/.*VERSION ([0-9.]+).*/\1/')
-    echo "Notarizing installer bundle..."
+echo "Building component package $INSTALL_PKG ..."
-    /usr/bin/ditto -c -k --keepParent $INSTALLER_BUNDLE_DIR $PROJECT_DIR/Installer_bundle_to_notarize.zip
+
-    xcrun notarytool submit $PROJECT_DIR/Installer_bundle_to_notarize.zip --apple-id $APPLE_DEV_EMAIL --team-id $MAC_TEAM_ID --password $APPLE_DEV_PASSWORD
+# Disable bundle relocation so the app always ends up in /Applications even if
-    rm $PROJECT_DIR/Installer_bundle_to_notarize.zip
+# another copy is lying around somewhere. We do this by letting pkgbuild
-    sleep 300
+# analyse the contents, flipping the BundleIsRelocatable flag to false for every
-    xcrun stapler staple $INSTALLER_BUNDLE_DIR
+# bundle it discovers and then feeding that plist back to pkgbuild.
-    xcrun stapler validate $INSTALLER_BUNDLE_DIR
+
-    spctl -a -vvvv $INSTALLER_BUNDLE_DIR || true
+COMPONENT_PLIST="$PKG_DIR/component.plist"
-  fi
+# Create the component description plist first
 pkgbuild --analyze --root "$PKG_ROOT" "$COMPONENT_PLIST"
 # Turn all `BundleIsRelocatable` keys to false (PlistBuddy is available on all
 # macOS systems). We first convert to xml1 to ensure predictable formatting.
 # Turn relocation off for every bundle entry in the plist. PlistBuddy cannot
 # address keys that contain slashes without quoting, so we iterate through the
 # top-level keys it prints.
 plutil -convert xml1 "$COMPONENT_PLIST"
 for bundle_key in $(/usr/libexec/PlistBuddy -c "Print" "$COMPONENT_PLIST" | awk '/^[ \t]*[A-Za-z0-9].*\.app/ {print $1}'); do
  /usr/libexec/PlistBuddy -c "Set :'${bundle_key}':BundleIsRelocatable false" "$COMPONENT_PLIST" || true
 done
 # Now build the real payload package with the edited plist so that the final
 # PackageInfo contains relocatable="false".
 pkgbuild --root "$PKG_ROOT" \
         --identifier "$APP_DOMAIN" \
         --version "$APP_VERSION" \
         --install-location "/" \
         --scripts "$SCRIPTS_DIR" \
         --component-plist "$COMPONENT_PLIST" \
         --sign "$MAC_INSTALLER_SIGNER_ID" \
         "$INSTALL_PKG"
 # Build uninstaller component package
 UNINSTALL_COMPONENT_PKG=$PKG_DIR/${APP_NAME}_uninstall_component.pkg
 echo "Building uninstaller component package $UNINSTALL_COMPONENT_PKG ..."
 pkgbuild --nopayload \
         --identifier "$APP_DOMAIN.uninstall" \
         --version "$APP_VERSION" \
         --scripts "$UNINSTALL_SCRIPTS_DIR" \
         --sign "$MAC_INSTALLER_SIGNER_ID" \
         "$UNINSTALL_COMPONENT_PKG"
 # Wrap uninstaller component in a distribution package for clearer UI
 echo "Building uninstaller distribution package $UNINSTALL_PKG ..."
 UNINSTALL_RESOURCES=$PKG_DIR/uninstall_resources
 rm -rf "$UNINSTALL_RESOURCES"
 mkdir -p "$UNINSTALL_RESOURCES"
 cp "$DEPLOY_DATA_DIR/uninstall_welcome.html" "$UNINSTALL_RESOURCES"
 cp "$DEPLOY_DATA_DIR/uninstall_conclusion.html" "$UNINSTALL_RESOURCES"
 productbuild \
  --distribution "$DEPLOY_DATA_DIR/distribution_uninstall.xml" \
  --package-path "$PKG_DIR" \
  --resources "$UNINSTALL_RESOURCES" \
  --sign "$MAC_INSTALLER_SIGNER_ID" \
  "$UNINSTALL_PKG"
 cp "$PROJECT_DIR/deploy/data/macos/distribution.xml" "$PKG_DIR/distribution.xml"
 echo "Creating final installer $FINAL_PKG ..."
 productbuild --distribution "$PKG_DIR/distribution.xml" \
             --package-path "$PKG_DIR" \
             --resources "$RESOURCES_DIR" \
             --sign "$MAC_INSTALLER_SIGNER_ID" \
             "$FINAL_PKG"
 if [ "${MAC_INSTALL_CERT_PW+x}" ] && [ "${NOTARIZE_APP+x}" ]; then
  echo "Notarizing installer package..."
  xcrun notarytool submit "$FINAL_PKG" \
    --apple-id "$APPLE_DEV_EMAIL" \
    --team-id "$MAC_TEAM_ID" \
    --password "$APPLE_DEV_PASSWORD" \
    --wait
  echo "Stapling ticket..."
  xcrun stapler staple "$FINAL_PKG"
  xcrun stapler validate "$FINAL_PKG"
 fi
-echo "Building DMG installer..."
+if [ "${MAC_INSTALL_CERT_PW+x}" ]; then
-# Allow Terminal to make changes in Privacy & Security > App Management
+  /usr/bin/codesign --verify -vvvv "$FINAL_PKG" || true
-hdiutil create -size 256mb -volname AmneziaVPN -srcfolder $BUILD_DIR/installer/$APP_NAME.app -ov -format UDZO $DMG_FILENAME
+  spctl -a -vvvv "$FINAL_PKG" || true
 if [ "${MAC_CERT_PW+x}" ]; then
  echo "Signing DMG installer..."
  security unlock-keychain -p $TEMP_PASS $KEYCHAIN
  /usr/bin/codesign --deep --force --verbose --timestamp -o runtime --sign "$MAC_SIGNER_ID" $DMG_FILENAME
  /usr/bin/codesign --verify -vvvv $DMG_FILENAME || true
  if [ "${NOTARIZE_APP+x}" ]; then
    echo "Notarizing DMG installer..."
    xcrun notarytool submit $DMG_FILENAME --apple-id $APPLE_DEV_EMAIL --team-id $MAC_TEAM_ID --password $APPLE_DEV_PASSWORD
    sleep 300
    xcrun stapler staple $DMG_FILENAME
    xcrun stapler validate $DMG_FILENAME
  fi
 fi
-echo "Finished, artifact is $DMG_FILENAME"
+# Sign app bundle
 /usr/bin/codesign --deep --force --verbose --timestamp -o runtime --keychain "$KEYCHAIN_PATH" --sign "$MAC_SIGNER_ID" "$BUNDLE_DIR"
 spctl -a -vvvv "$BUNDLE_DIR" || true
-# restore keychain
+# Restore login keychain as the only user keychain and delete the temporary keychain
-security default-keychain -s login.keychain
+KEYCHAIN="$HOME/Library/Keychains/login.keychain-db"
 security list-keychains -d user -s "$KEYCHAIN"
 security delete-keychain "$KEYCHAIN_PATH"
 echo "Finished, artifact is $FINAL_PKG"
--- a/deploy/data/macos/check_install.sh
+++ b/deploy/data/macos/check_install.sh
@ -0,0 +1,5 @@
 #!/bin/bash
 if [ -d "/Applications/AmneziaVPN.app" ] || pgrep -x "AmneziaVPN-service" >/dev/null; then
  exit 1
 fi
 exit 0
--- a/deploy/data/macos/check_uninstall.sh
+++ b/deploy/data/macos/check_uninstall.sh
@ -0,0 +1,5 @@
 #!/bin/bash
 if [ -d "/Applications/AmneziaVPN.app" ] || pgrep -x "AmneziaVPN-service" >/dev/null; then
  exit 0
 fi
 exit 1
--- a/deploy/data/macos/distribution.xml
+++ b/deploy/data/macos/distribution.xml
@ -0,0 +1,17 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <installer-gui-script minSpecVersion="1">
    <title>AmneziaVPN Installer</title>
    <license file="LICENSE"/>
    <choices-outline>
        <line choice="install"/>
        <line choice="uninstall"/>
    </choices-outline>
    <choice id="install" title="Install AmneziaVPN" start_selected="true">
        <pkg-ref id="org.amneziavpn.package"/>
    </choice>
    <choice id="uninstall" title="Uninstall AmneziaVPN" start_selected="false">
        <pkg-ref id="org.amneziavpn.uninstall"/>
    </choice>
    <pkg-ref id="org.amneziavpn.package" auth="Root" install-check="scripts/check_install.sh">AmneziaVPN_install.pkg</pkg-ref>
    <pkg-ref id="org.amneziavpn.uninstall" auth="Root" install-check="scripts/check_uninstall.sh">AmneziaVPN_uninstall_component.pkg</pkg-ref>
 </installer-gui-script>
--- a/deploy/data/macos/distribution_uninstall.xml
+++ b/deploy/data/macos/distribution_uninstall.xml
@ -0,0 +1,13 @@
 <installer-gui-script minSpecVersion="1">
    <title>Uninstall AmneziaVPN</title>
    <options customize-install-button="always"/>
    <welcome file="uninstall_welcome.html"/>
    <conclusion file="uninstall_conclusion.html"/>
    <choices-outline>
        <line choice="uninstall"/>
    </choices-outline>
    <choice id="uninstall" title="Uninstall AmneziaVPN" start_selected="true">
        <pkg-ref id="org.amneziavpn.uninstall"/>
    </choice>
    <pkg-ref id="org.amneziavpn.uninstall" auth="Root">AmneziaVPN_uninstall_component.pkg</pkg-ref>
 </installer-gui-script>
--- a/deploy/data/macos/post_install.sh
+++ b/deploy/data/macos/post_install.sh
@ -7,29 +7,42 @@ LOG_FOLDER=/var/log/$APP_NAME
 LOG_FILE="$LOG_FOLDER/post-install.log"
 APP_PATH=/Applications/$APP_NAME.app
-if launchctl list "$APP_NAME-service" &> /dev/null; then
+# Handle new installations unpacked into localized folder
-    launchctl unload $LAUNCH_DAEMONS_PLIST_NAME
+if [ -d "/Applications/${APP_NAME}.localized" ]; then
-    rm -f $LAUNCH_DAEMONS_PLIST_NAME
+  echo "`date` Detected ${APP_NAME}.localized, migrating to standard path" >> $LOG_FILE
  sudo rm -rf "$APP_PATH"
  sudo mv "/Applications/${APP_NAME}.localized/${APP_NAME}.app" "$APP_PATH"
  sudo rm -rf "/Applications/${APP_NAME}.localized"
 fi
-tar xzf	$APP_PATH/$APP_NAME.tar.gz -C $APP_PATH
+if launchctl list "$APP_NAME-service" &> /dev/null; then
-rm -f	$APP_PATH/$APP_NAME.tar.gz
+    launchctl unload "$LAUNCH_DAEMONS_PLIST_NAME"
-sudo chmod -R a-w $APP_PATH/
+    rm -f "$LAUNCH_DAEMONS_PLIST_NAME"
-sudo chown -R root $APP_PATH/
+fi
-sudo chgrp -R wheel $APP_PATH/
+
 sudo chmod -R a-w "$APP_PATH/"
 sudo chown -R root "$APP_PATH/"
 sudo chgrp -R wheel "$APP_PATH/"
 rm -rf	$LOG_FOLDER
 mkdir -p $LOG_FOLDER
 echo "`date` Script started" > $LOG_FILE
-killall -9 $APP_NAME-service 2>> $LOG_FILE
+echo "Requesting ${APP_NAME} to quit gracefully" >> "$LOG_FILE"
 osascript -e 'tell application "AmneziaVPN" to quit'
-mv -f $APP_PATH/$PLIST_NAME $LAUNCH_DAEMONS_PLIST_NAME 2>> $LOG_FILE
+PLIST_SOURCE="$APP_PATH/Contents/Resources/$PLIST_NAME"
-chown root:wheel $LAUNCH_DAEMONS_PLIST_NAME
+if [ -f "$PLIST_SOURCE" ]; then
-launchctl load $LAUNCH_DAEMONS_PLIST_NAME
+  mv -f "$PLIST_SOURCE" "$LAUNCH_DAEMONS_PLIST_NAME" 2>> $LOG_FILE
 else
  echo "`date` ERROR: service plist not found at $PLIST_SOURCE" >> $LOG_FILE
 fi
 chown root:wheel "$LAUNCH_DAEMONS_PLIST_NAME"
 launchctl load "$LAUNCH_DAEMONS_PLIST_NAME"
 echo "`date` Launching ${APP_NAME} application" >> $LOG_FILE
 open -a "$APP_PATH" 2>> $LOG_FILE || true
 echo "`date` Service status: $?" >> $LOG_FILE
 echo "`date` Script finished" >> $LOG_FILE
 #rm -- "$0"
--- a/deploy/data/macos/post_uninstall.sh
+++ b/deploy/data/macos/post_uninstall.sh
@ -9,6 +9,19 @@ SYSTEM_APP_SUPPORT="/Library/Application Support/$APP_NAME"
 LOG_FOLDER="/var/log/$APP_NAME"
 CACHES_FOLDER="$HOME/Library/Caches/$APP_NAME"
 # Attempt to quit the GUI application if it's currently running
 if pgrep -x "$APP_NAME" > /dev/null; then
    echo "Quitting $APP_NAME..."
    osascript -e 'tell application "'"$APP_NAME"'" to quit' || true
    # Wait up to 10 seconds for the app to terminate gracefully
    for i in {1..10}; do
        if ! pgrep -x "$APP_NAME" > /dev/null; then
            break
        fi
        sleep 1
    done
 fi
 # Stop the running service if it exists
 if pgrep -x "${APP_NAME}-service" > /dev/null; then
    sudo killall -9 "${APP_NAME}-service"
@ -32,3 +45,40 @@ sudo rm -rf "$LOG_FOLDER"
 # Remove any caches left behind
 rm -rf "$CACHES_FOLDER"
 # Remove PF data directory created by firewall helper, if present
 sudo rm -rf "/Library/Application Support/${APP_NAME}/pf"
 # ---------------- PF firewall cleanup ----------------------
 # Rules are loaded under the anchor "amn" (see macosfirewall.cpp)
 # Flush only that anchor to avoid destroying user/system rules.
 PF_ANCHOR="amn"
 ### Flush all PF rules, NATs, and tables under our anchor and sub-anchors ###
 anchors=$(sudo pfctl -s Anchors 2>/dev/null | awk '/^'"${PF_ANCHOR}"'/ {sub(/\*$/, "", $1); print $1}')
 for anc in $anchors; do
    echo "Flushing PF anchor $anc"
    sudo pfctl -a "$anc" -F all 2>/dev/null || true
    # flush tables under this anchor
    tables=$(sudo pfctl -s Tables 2>/dev/null | awk '/^'"$anc"'/ {print}')
    for tbl in $tables; do
        echo "Killing PF table $tbl"
        sudo pfctl -t "$tbl" -T kill 2>/dev/null || true
    done
 done
 ### Reload default PF config to restore system rules ###
 if [ -f /etc/pf.conf ]; then
    echo "Restoring system PF config"
    sudo pfctl -f /etc/pf.conf 2>/dev/null || true
 fi
 ### Disable PF if no rules remain ###
 if sudo pfctl -s info 2>/dev/null | grep -q '^Status: Enabled' && \
   ! sudo pfctl -sr 2>/dev/null | grep -q .; then
    echo "Disabling PF"
    sudo pfctl -d 2>/dev/null || true
 fi
 # -----------------------------------------------------------
--- a/deploy/data/macos/uninstall_conclusion.html
+++ b/deploy/data/macos/uninstall_conclusion.html
@ -0,0 +1,7 @@
 <html>
 <head><title>Uninstall Complete</title></head>
 <body>
 <h1>AmneziaVPN has been uninstalled</h1>
 <p>Thank you for using AmneziaVPN. The application and its components have been removed.</p>
 </body>
 </html>
--- a/deploy/data/macos/uninstall_welcome.html
+++ b/deploy/data/macos/uninstall_welcome.html
@ -0,0 +1,7 @@
 <html>
 <head><title>Uninstall AmneziaVPN</title></head>
 <body>
 <h1>Uninstall AmneziaVPN</h1>
 <p>This process will remove AmneziaVPN from your system. Click Continue to proceed.</p>
 </body>
 </html>
--- a/deploy/installer/config.cmake
+++ b/deploy/installer/config.cmake
@ -4,11 +4,6 @@ if(WIN32)
        ${CMAKE_CURRENT_LIST_DIR}/config/windows.xml.in
        ${CMAKE_BINARY_DIR}/installer/config/windows.xml
    )
 elseif(APPLE AND NOT IOS)
    configure_file(
        ${CMAKE_CURRENT_LIST_DIR}/config/macos.xml.in
        ${CMAKE_BINARY_DIR}/installer/config/macos.xml
    )
 elseif(LINUX)
    set(ApplicationsDir "@ApplicationsDir@")
    configure_file(
--- a/deploy/installer/config/AmneziaVPN.desktop.in
+++ b/deploy/installer/config/AmneziaVPN.desktop.in
@ -2,7 +2,7 @@
 [Desktop Entry]
 Type=Application
 Name=AmneziaVPN
-Version=@CMAKE_PROJECT_VERSION@
+Version=1.0
 Comment=Client of your self-hosted VPN
 Exec=AmneziaVPN
 Icon=/usr/share/pixmaps/AmneziaVPN.png
--- a/deploy/installer/config/macos.xml.in
+++ b/deploy/installer/config/macos.xml.in
@ -1,27 +0,0 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <Installer>
    <Name>AmneziaVPN</Name>
    <Version>@CMAKE_PROJECT_VERSION@</Version>
    <Title>AmneziaVPN</Title>
    <Publisher>AmneziaVPN</Publisher>
    <StartMenuDir>AmneziaVPN</StartMenuDir>
    <TargetDir>/Applications/AmneziaVPN.app</TargetDir>
    <WizardDefaultWidth>600</WizardDefaultWidth>
    <WizardDefaultHeight>380</WizardDefaultHeight>
    <WizardStyle>Mac</WizardStyle>
    <RemoveTargetDir>true</RemoveTargetDir>
    <AllowSpaceInPath>true</AllowSpaceInPath>
    <AllowNonAsciiCharacters>false</AllowNonAsciiCharacters>
    <ControlScript>controlscript.js</ControlScript>
    <RepositorySettingsPageVisible>false</RepositorySettingsPageVisible>
    <DependsOnLocalInstallerBinary>true</DependsOnLocalInstallerBinary>
    <SupportsModify>false</SupportsModify>
    <DisableAuthorizationFallback>true</DisableAuthorizationFallback>
    <RemoteRepositories>
        <Repository>
            <Url>https://amneziavpn.org/updates/macos</Url>
            <Enabled>true</Enabled>
            <DisplayName>AmneziaVPN - repository for macOS</DisplayName>
        </Repository>
    </RemoteRepositories>
 </Installer>
--- a/service/server/killswitch.cpp
+++ b/service/server/killswitch.cpp
@ -192,7 +192,14 @@ bool KillSwitch::addAllowedRange(const QStringList &ranges) {
 bool KillSwitch::enablePeerTraffic(const QJsonObject &configStr) {
 #ifdef Q_OS_WIN
    InterfaceConfig config;
-    config.m_dnsServer = configStr.value(amnezia::config_key::dns1).toString();
+
    config.m_primaryDnsServer = configStr.value(amnezia::config_key::dns1).toString();
    // We don't use secondary DNS if primary DNS is AmneziaDNS
    if (!config.m_primaryDnsServer.contains(amnezia::protocols::dns::amneziaDnsIp)) {
        config.m_secondaryDnsServer = configStr.value(amnezia::config_key::dns2).toString();
    }
    config.m_serverPublicKey = "openvpn";
    config.m_serverIpv4Gateway = configStr.value("vpnGateway").toString();
    config.m_serverIpv4AddrIn = configStr.value("vpnServer").toString();
@ -255,6 +262,9 @@ bool KillSwitch::enablePeerTraffic(const QJsonObject &configStr) {
 bool KillSwitch::enableKillSwitch(const QJsonObject &configStr, int vpnAdapterIndex) {
 #ifdef Q_OS_WIN
    if (configStr.value("splitTunnelType").toInt() != 0) {
        WindowsFirewall::create(this)->allowAllTraffic();
    }
    return WindowsFirewall::create(this)->enableInterface(vpnAdapterIndex);
 #endif
@ -304,8 +314,14 @@ bool KillSwitch::enableKillSwitch(const QJsonObject &configStr, int vpnAdapterIn
    LinuxFirewall::setAnchorEnabled(LinuxFirewall::Both, QStringLiteral("300.allowLAN"), true);
    LinuxFirewall::setAnchorEnabled(LinuxFirewall::IPv4, QStringLiteral("310.blockDNS"), true);
    QStringList dnsServers;
    dnsServers.append(configStr.value(amnezia::config_key::dns1).toString());
-    dnsServers.append(configStr.value(amnezia::config_key::dns2).toString());
+
    // We don't use secondary DNS if primary DNS is AmneziaDNS
    if (!configStr.value(amnezia::config_key::dns1).toString().contains(amnezia::protocols::dns::amneziaDnsIp)) {
        dnsServers.append(configStr.value(amnezia::config_key::dns2).toString());
    }
    dnsServers.append("127.0.0.1");
    dnsServers.append("127.0.0.53");
@ -342,7 +358,11 @@ bool KillSwitch::enableKillSwitch(const QJsonObject &configStr, int vpnAdapterIn
    QStringList dnsServers;
    dnsServers.append(configStr.value(amnezia::config_key::dns1).toString());
-    dnsServers.append(configStr.value(amnezia::config_key::dns2).toString());
+
    // We don't use secondary DNS if primary DNS is AmneziaDNS
    if (!configStr.value(amnezia::config_key::dns1).toString().contains(amnezia::protocols::dns::amneziaDnsIp)) {
        dnsServers.append(configStr.value(amnezia::config_key::dns2).toString());
    }
    for (auto dns : configStr.value(amnezia::config_key::allowedDnsServers).toArray()) {
        if (!dns.isString()) {
Author	SHA1	Message	Date
Nethius	1909d3c94e	chore: bump version (#1701 )	2025-07-08 15:11:45 +08:00
Nethius	10a107716c	fix: fixed awg 1.5 fields processing for ios (#1700 )	2025-07-08 15:06:52 +08:00
Nethius	5445e6637b	chore: minor fixes (#1616 ) * chore: removed unnecessary qdebug * fix: return soft and hide strict killswitch	2025-07-08 14:25:03 +08:00
Nethius	2380cd5cfb	feat: amneziawg 1.5 support (#1692 ) * Version bump 4.2.1.0 * feat: add special handshake params to ui * feat: finish adding params * feat: android/ios & fix qml * chore: fix android impl & update 3rd-prebuilt branch * chore: trigger build with windows build * fix: special handshake params to client * chore: update submodule * feat: s3, s4 * chore: update submodule * feat: s3 s4 cont * fix: kt set * chore: update submodule * feat: add default values for s3, s4 * fix: make new parameters optional * chore: update submodules * chore: restore translation files * fix: fixed awg native config import with new junk * chore: restore translation files * AWG v1.5 Build * refactoring: removed s3 s4 fileds from ui part * chore: update link to amneziawg-apple --------- Co-authored-by: pokamest <pokamest@gmail.com> Co-authored-by: Mark Puha <p.mark95@gmail.com> Co-authored-by: albexk <albexk@proton.me> Co-authored-by: Mykola Baibuz <mykola.baibuz@gmail.com>	2025-07-07 12:03:25 +08:00
Nethius	42661618dc	chore: bump version (#1696 )	2025-07-07 10:44:35 +08:00
Nethius	8a7e901d7a	Merge pull request #1695 from amnezia-vpn/chore/hide-strict-killswitch chore: temporarily hide the strict killswitch	2025-07-07 10:42:25 +08:00
vladimir.kuznetsov	f8bea71716	chore: temporarily hide the strict killswitch	2025-07-07 10:26:16 +08:00
Nethius	efcc0b7efc	feat: xray api support (#1679 ) * refactoring: moved shared code into reusable functions for ApiConfigsController * feat: add xray support in apiConfigsController * feat: added a temporary switch for the xray protocol on api settings page * feat: added supported protocols field processing * refactoring: moved IsProtocolSelectionSupported to apiAccountInfoModel	2025-07-03 09:58:23 +08:00
Yaroslav	4d17e913b5	feat: native macos installer distribution (#1633 ) * Add uninstall option and output pkg Improve installer mode detection Fix macOS installer packaging Fix default selection for uninstall choice Remove obsolete tar handling and clean script copies * Improve macOS build script * fix: update macos firewall and package scripts for better compatibility and cleanup * Add DeveloperID certificate and improve macOS signing script Use keychain option for codesign and restore login keychain to list after signing * Update build_macos.sh * feat: add script to quit GUI application during uninstall on macos * fix: handle macos post-install when app is unpacked into localized folder * fix: improve post_install script to handle missing service plist and provide error logging	2025-07-03 09:51:11 +08:00
Mykola Baibuz	b341934863	fix: allow secondary DNS usage when AmneziaDNS is disabled (#1583 ) * Allow secondary DNS usage when AmneziaDNS is disabled * Don't setup secondary DNS for OpenVPN with AmneziaDNS --------- Co-authored-by: vladimir.kuznetsov <nethiuswork@gmail.com>	2025-07-02 10:16:58 +08:00
Nethius	127f8ed3bb	fix: fixed desktop entry version for linux (#1665 )	2025-07-02 10:14:56 +08:00
Mitternacht822	9dca80de18	fix: notification not showing when changed some protocols (#1666 ) * added notification about disconnecting users after applying changes for SS and Cloak servers pages * added notification about changing protocol data for server and some minor changes	2025-07-02 10:11:52 +08:00
Mitternacht822	b0a6bcc055	fix: fixed issue when native connection format preserved after switching p… (#1659 ) * fixed issue when native connection format preserved after switching protocol * moved newly added code into handler section	2025-07-02 10:11:22 +08:00
aiamnezia	f0626e2eca	fix: delete premium V2 migration link from Free config Settings (#1671 ) * delete premium V2 update link from Free config Settings * Add debug logs * Add property for checking if server config is premium * remove debug logs	2025-07-02 10:07:56 +08:00
lunardunno	979ab42c5a	feat: OpenSUSE support (#1557 ) * LOCK_FILE for zypper Checking LOCK_FILE for zypper to support OpenSUSE * Installation for OpenSUSE Docker installation support for OpenSUSE * quiet for zypper * LOCK_CMD variable Implementing the LOCK_CMD variable for different OS. * additional exception for "server is busy" * Replacing and with or Replacing && with \|\| * undo changes to serverController * rpm.lock rpm.lock for dnf yum and zypper * LOCK_CMD check for dnf * Added zypper in check_user_in_sudo	2025-06-23 09:34:40 +07:00
lunardunno	e152e84ddc	feat: docker pull rate limit check (#1657 ) * Docker pull rate limit * Error code for DockerPullRateLimit * Extended description Error 213 Extended description for the error 213: Docker Pull Rate Limit * empty line removed	2025-06-23 09:32:56 +07:00
Mykola Baibuz	2605978889	fix: allow internet traffic for strict mode with split tunnel (#1654 )	2025-06-17 19:00:41 +07:00
aiamnezia	a2d30efaab	fix: add saving custom server name if it overridden by user (#1581 ) * Add saving custom server name if it overridden by user * clear duplicated code	2025-06-16 21:01:46 +07:00
		`@ -1 +1 @@`
			`Subproject commit e3b6a332056ff0f9234a02f5ce363cdfa5259db2`				`Subproject commit 840b7b070e6ac8b90dda2fac6e98859b23727c0c`
		`@ -1 +1 @@`
			`Subproject commit 76e7db556a6d7e2582f9481df91db188a46c009c`				`Subproject commit 811af0a83b3faeade89a9093a588595666d32066`
`@ -1,4 +1,4 @@`
	`FROM marko1777/awg:latest`	`FROM amneziavpn/amnezia-wg:latest`

	`LABEL maintainer="AmneziaVPN"`	`LABEL maintainer="AmneziaVPN"`