Bump version to 4.8.1.0

Merge pull request #1076 from amnezia-vpn/fix/android-protocol-libs
Exclude protocol libraries from loading at application startup
2026-06-21 02:01:03 +07:00 · 2024-09-20 13:08:28 +01:00 · 2024-09-20 05:06:41 -07:00 · 2024-09-20 04:38:24 -07:00 · 2024-09-20 15:36:20 +04:00 · 2024-09-20 12:12:22 +01:00
133 changed files with 11130 additions and 6325 deletions
@@ -16,6 +16,7 @@ jobs:
      QT_VERSION: 6.6.2
      QIF_VERSION: 4.7
      PROD_AGW_PUBLIC_KEY: ${{ secrets.PROD_AGW_PUBLIC_KEY }}
+      DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }}

    steps:
    - name: 'Install Qt'
@@ -82,6 +83,7 @@ jobs:
      QIF_VERSION: 4.7
      BUILD_ARCH: 64
      PROD_AGW_PUBLIC_KEY: ${{ secrets.PROD_AGW_PUBLIC_KEY }}
+      DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }}

    steps:
    - name: 'Get sources'
@@ -144,6 +146,7 @@ jobs:
      CC: cc
      CXX: c++
      PROD_AGW_PUBLIC_KEY: ${{ secrets.PROD_AGW_PUBLIC_KEY }}
+      DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }}

    steps:
    - name: 'Setup xcode'
@@ -178,7 +181,7 @@ jobs:
    - name: 'Install go'
      uses: actions/setup-go@v5
      with:
-        go-version: '1.20'
+        go-version: '1.22.1'
        cache: false

    - name: 'Setup gomobile'
@@ -235,6 +238,7 @@ jobs:
      QT_VERSION: 6.4.3
      QIF_VERSION: 4.6
      PROD_AGW_PUBLIC_KEY: ${{ secrets.PROD_AGW_PUBLIC_KEY }}
+      DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }}

    steps:
    - name: 'Setup xcode'
@@ -297,24 +301,25 @@ jobs:

    env:
      ANDROID_BUILD_PLATFORM: android-34
-      QT_VERSION: 6.6.2
+      QT_VERSION: 6.7.2
      QT_MODULES: 'qtremoteobjects qt5compat qtimageformats qtshadertools'
      PROD_AGW_PUBLIC_KEY: ${{ secrets.PROD_AGW_PUBLIC_KEY }}
+      DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }}

    steps:
    - name: 'Install desktop Qt'
-      uses: jurplel/install-qt-action@v3
+      uses: jurplel/install-qt-action@v4
      with:
        version: ${{ env.QT_VERSION }}
        host: 'linux'
        target: 'desktop'
-        arch: 'gcc_64'
+        arch: 'linux_gcc_64'
        modules: ${{ env.QT_MODULES }}
        dir: ${{ runner.temp }}
        extra: '--external 7z --base ${{ env.QT_MIRROR }}'

    - name: 'Install android_x86_64 Qt'
-      uses: jurplel/install-qt-action@v3
+      uses: jurplel/install-qt-action@v4
      with:
        version: ${{ env.QT_VERSION }}
        host: 'linux'
@@ -325,7 +330,7 @@ jobs:
        extra: '--external 7z --base ${{ env.QT_MIRROR }}'

    - name: 'Install android_x86 Qt'
-      uses: jurplel/install-qt-action@v3
+      uses: jurplel/install-qt-action@v4
      with:
        version: ${{ env.QT_VERSION }}
        host: 'linux'
@@ -336,7 +341,7 @@ jobs:
        extra: '--external 7z --base ${{ env.QT_MIRROR }}'

    - name: 'Install android_armv7 Qt'
-      uses: jurplel/install-qt-action@v3
+      uses: jurplel/install-qt-action@v4
      with:
        version: ${{ env.QT_VERSION }}
        host: 'linux'
@@ -347,7 +352,7 @@ jobs:
        extra: '--external 7z --base ${{ env.QT_MIRROR }}'

    - name: 'Install android_arm64_v8a Qt'
-      uses: jurplel/install-qt-action@v3
+      uses: jurplel/install-qt-action@v4
      with:
        version: ${{ env.QT_VERSION }}
        host: 'linux'
@@ -16,6 +16,7 @@ jobs:
      QT_VERSION: 6.4.1
      QIF_VERSION: 4.5
      PROD_AGW_PUBLIC_KEY: ${{ secrets.PROD_AGW_PUBLIC_KEY }}
+      DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }}

    steps:
    - name: 'Install desktop Qt'
@@ -2,7 +2,7 @@ cmake_minimum_required(VERSION 3.25.0 FATAL_ERROR)

 set(PROJECT AmneziaVPN)

-project(${PROJECT} VERSION 4.7.0.0
+project(${PROJECT} VERSION 4.8.1.0
        DESCRIPTION "AmneziaVPN"
        HOMEPAGE_URL "https://amnezia.org/"
 )
@@ -11,7 +11,7 @@ string(TIMESTAMP CURRENT_DATE "%Y-%m-%d")
 set(RELEASE_DATE "${CURRENT_DATE}")

 set(APP_MAJOR_VERSION ${CMAKE_PROJECT_VERSION_MAJOR}.${CMAKE_PROJECT_VERSION_MINOR}.${CMAKE_PROJECT_VERSION_PATCH})
-set(APP_ANDROID_VERSION_CODE 57)
+set(APP_ANDROID_VERSION_CODE 62)

 if(${CMAKE_SYSTEM_NAME} STREQUAL "Linux")
    set(MZ_PLATFORM_NAME "linux")
@@ -10,10 +10,10 @@ Amnezia is an open-source VPN client, with a key feature that enables you to dep

 <br>

-<a href="https://github.com/amnezia-vpn/amnezia-client/releases/download/4.6.0.3/AmneziaVPN_4.6.0.3_x64.exe"><img src="https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/win.png" width="150" style="max-width: 100%;"></a> 
-<a href="https://github.com/amnezia-vpn/amnezia-client/releases/download/4.6.0.3/AmneziaVPN_4.6.0.3.dmg"><img src="https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/mac.png" width="150" style="max-width: 100%;"></a> 
-<a href="https://github.com/amnezia-vpn/amnezia-client/releases/download/4.6.0.3/AmneziaVPN_Linux_4.6.0.3.tar.zip"><img src="https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/lin.png" width="150" style="max-width: 100%;"></a>
-<a href="https://github.com/amnezia-vpn/amnezia-client/releases/tag/4.6.0.3"><img src="https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/andr.png" width="150" style="max-width: 100%;"></a>
+<a href="https://github.com/amnezia-vpn/amnezia-client/releases/download/4.7.0.0/AmneziaVPN_4.7.0.0_x64.exe"><img src="https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/win.png" width="150" style="max-width: 100%;"></a> 
+<a href="https://github.com/amnezia-vpn/amnezia-client/releases/download/4.7.0.0/AmneziaVPN_4.7.0.0.dmg"><img src="https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/mac.png" width="150" style="max-width: 100%;"></a> 
+<a href="https://github.com/amnezia-vpn/amnezia-client/releases/download/4.7.0.0/AmneziaVPN_Linux_4.7.0.0.tar.zip"><img src="https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/lin.png" width="150" style="max-width: 100%;"></a>
+<a href="https://github.com/amnezia-vpn/amnezia-client/releases/tag/4.7.0.0"><img src="https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/andr.png" width="150" style="max-width: 100%;"></a>

 <br>

@@ -28,11 +28,12 @@ Amnezia is an open-source VPN client, with a key feature that enables you to dep

 ## Features

- Very easy to use - enter your IP address, SSH login, and password, and Amnezia will automatically install VPN docker containers to your server and connect to the VPN.
- OpenVPN, Shadowsocks, WireGuard, and IKEv2 protocols support.
- Masking VPN with OpenVPN over Cloak plugin
- Split tunneling support - add any sites to the client to enable VPN only for them (only for desktops)
+- Very easy to use - enter your IP address, SSH login, password and Amnezia will automatically install VPN docker containers to your server and connect to the VPN.
+- Classic VPN-protocols: OpenVPN, WireGuard and IKEv2 protocols.
+- Protocols with traffic Masking (Obfuscation): OpenVPN over [Cloak](https://github.com/cbeuw/Cloak) plugin, Shadowsocks (OpenVPN over Shadowsocks), [AmneziaWG](https://docs.amnezia.org/documentation/amnezia-wg/) and XRay.
+- Split tunneling support - add any sites to the client to enable VPN only for them or add Apps (only for Android and Desktop).
 - Windows, MacOS, Linux, Android, iOS releases.
+- Support for AmneziaWG protocol configuration on [Keenetic beta firmware](https://docs.keenetic.com/ua/air/kn-1611/en/6319-latest-development-release.html#UUID-186c4108-5afd-c10b-f38a-cdff6c17fab3_section-idm33192196168192-improved).

 ## Links

@@ -41,7 +42,8 @@ Amnezia is an open-source VPN client, with a key feature that enables you to dep
 - [https://t.me/amnezia_vpn_en](https://t.me/amnezia_vpn_en) - Telegram support channel (English) 
 - [https://t.me/amnezia_vpn_ir](https://t.me/amnezia_vpn_ir) - Telegram support channel (Farsi) 
 - [https://t.me/amnezia_vpn_mm](https://t.me/amnezia_vpn_mm) - Telegram support channel (Myanmar)  
- [https://t.me/amnezia_vpn](https://t.me/amnezia_vpn) - Telegram support channel (Russian)  
+- [https://t.me/amnezia_vpn](https://t.me/amnezia_vpn) - Telegram support channel (Russian)
+- [https://vpnpay.io/en/amnezia-premium/](https://vpnpay.io/en/amnezia-premium/) - Amnezia Premium

 ## Tech

@@ -27,6 +27,9 @@ add_definitions(-DGIT_COMMIT_HASH="${GIT_COMMIT_HASH}")
 add_definitions(-DPROD_AGW_PUBLIC_KEY="$ENV{PROD_AGW_PUBLIC_KEY}")
 add_definitions(-DPROD_PROXY_STORAGE_KEY="$ENV{PROD_PROXY_STORAGE_KEY}")

+add_definitions(-DDEV_AGW_PUBLIC_KEY="$ENV{DEV_AGW_PUBLIC_KEY}")
+add_definitions(-DDEV_AGW_ENDPOINT="$ENV{DEV_AGW_ENDPOINT}")
+
 if(IOS)
    set(PACKAGES ${PACKAGES} Multimedia)
 endif()
@@ -58,6 +61,7 @@ qt_add_executable(${PROJECT} MANUAL_FINALIZATION)
 if(WIN32 OR (APPLE AND NOT IOS) OR (LINUX AND NOT ANDROID))
    qt_add_repc_replicas(${PROJECT} ${CMAKE_CURRENT_LIST_DIR}/../ipc/ipc_interface.rep)
    qt_add_repc_replicas(${PROJECT} ${CMAKE_CURRENT_LIST_DIR}/../ipc/ipc_process_interface.rep)
+    qt_add_repc_replicas(${PROJECT} ${CMAKE_CURRENT_LIST_DIR}/../ipc/ipc_process_tun2socks.rep)
 endif()

 qt6_add_resources(QRC ${QRC} ${CMAKE_CURRENT_LIST_DIR}/resources.qrc)
@@ -110,6 +114,7 @@ include(${CMAKE_CURRENT_LIST_DIR}/cmake/3rdparty.cmake)

 include_directories(
    ${CMAKE_CURRENT_LIST_DIR}/../ipc
+    ${CMAKE_CURRENT_LIST_DIR}/../common/logger
    ${CMAKE_CURRENT_LIST_DIR}
    ${CMAKE_CURRENT_BINARY_DIR}
 )
@@ -131,7 +136,6 @@ set(HEADERS ${HEADERS}
    ${CMAKE_CURRENT_LIST_DIR}/protocols/protocols_defs.h
    ${CMAKE_CURRENT_LIST_DIR}/protocols/qml_register_protocols.h
    ${CMAKE_CURRENT_LIST_DIR}/ui/pages.h
-    ${CMAKE_CURRENT_LIST_DIR}/ui/property_helper.h
    ${CMAKE_CURRENT_LIST_DIR}/ui/qautostart.h
    ${CMAKE_CURRENT_LIST_DIR}/protocols/vpnprotocol.h
    ${CMAKE_CURRENT_BINARY_DIR}/version.h
@@ -140,6 +144,7 @@ set(HEADERS ${HEADERS}
    ${CMAKE_CURRENT_LIST_DIR}/core/serialization/serialization.h
    ${CMAKE_CURRENT_LIST_DIR}/core/serialization/transfer.h
    ${CMAKE_CURRENT_LIST_DIR}/core/enums/apiEnums.h
+    ${CMAKE_CURRENT_LIST_DIR}/../common/logger/logger.h
 )

 # Mozilla headres
@@ -190,6 +195,7 @@ set(SOURCES ${SOURCES}
    ${CMAKE_CURRENT_LIST_DIR}/core/serialization/trojan.cpp
    ${CMAKE_CURRENT_LIST_DIR}/core/serialization/vmess.cpp
    ${CMAKE_CURRENT_LIST_DIR}/core/serialization/vmess_new.cpp
+    ${CMAKE_CURRENT_LIST_DIR}/../common/logger/logger.cpp
 )

 # Mozilla sources
@@ -164,7 +164,7 @@ void AmneziaApplication::init()
    bool enabled = m_settings->isSaveLogs();
 #ifndef Q_OS_ANDROID
    if (enabled) {
-        if (!Logger::init()) {
+        if (!Logger::init(false)) {
            qWarning() << "Initialization of debug subsystem failed";
        }
    }
@@ -3,7 +3,6 @@
 <manifest
    xmlns:android="http://schemas.android.com/apk/res/android"
    xmlns:tools="http://schemas.android.com/tools"
-    package="org.amnezia.vpn"
    android:versionName="-- %%INSERT_VERSION_NAME%% --"
    android:versionCode="-- %%INSERT_VERSION_CODE%% --"
    android:installLocation="auto">
@@ -46,7 +45,7 @@
            android:configChanges="uiMode|screenSize|smallestScreenSize|screenLayout|orientation|density
                |fontScale|layoutDirection|locale|keyboard|keyboardHidden|navigation|mcc|mnc"
            android:launchMode="singleInstance"
-            android:windowSoftInputMode="adjustResize"
+            android:windowSoftInputMode="stateUnchanged|adjustResize"
            android:exported="true">

            <intent-filter>
@@ -68,9 +67,6 @@
                android:name="android.app.lib_name"
                android:value="-- %%INSERT_APP_LIB_NAME%% --" />

-            <meta-data
-                android:name="android.app.extract_android_style"
-                android:value="minimal" />
        </activity>

        <activity
@@ -88,6 +84,13 @@
            android:exported="false"
            android:theme="@style/Translucent" />

+        <activity android:name=".AuthActivity"
+            android:excludeFromRecents="true"
+            android:launchMode="singleTask"
+            android:taskAffinity=""
+            android:exported="false"
+            android:theme="@style/Translucent" />
+
        <activity
            android:name=".ImportConfigActivity"
            android:excludeFromRecents="true"
@@ -1,81 +1,28 @@
 package org.amnezia.vpn.protocol.awg

 import org.amnezia.vpn.protocol.wireguard.Wireguard
+import org.amnezia.vpn.util.optStringOrNull
 import org.json.JSONObject

-/**
- *    Config example:
- *    {
- *        "protocol": "awg",
- *        "description": "Server 1",
- *        "dns1": "1.1.1.1",
- *        "dns2": "1.0.0.1",
- *        "hostName": "100.100.100.0",
- *        "splitTunnelSites": [
- *        ],
- *        "splitTunnelType": 0,
- *        "awg_config_data": {
- *            "H1": "969537490",
- *            "H2": "481688153",
- *            "H3": "2049399200",
- *            "H4": "52029755",
- *            "Jc": "3",
- *            "Jmax": "1000",
- *            "Jmin": "50",
- *            "S1": "49",
- *            "S2": "60",
- *            "client_ip": "10.8.1.1",
- *            "hostName": "100.100.100.0",
- *            "port": 12345,
- *            "client_pub_key": "clientPublicKeyBase64",
- *            "client_priv_key": "privateKeyBase64",
- *            "psk_key": "presharedKeyBase64",
- *            "server_pub_key": "publicKeyBase64",
- *            "config": "[Interface]
- *                       Address = 10.8.1.1/32
- *                       DNS = 1.1.1.1, 1.0.0.1
- *                       PrivateKey = privateKeyBase64
- *                       Jc = 3
- *                       Jmin = 50
- *                       Jmax = 1000
- *                       S1 = 49
- *                       S2 = 60
- *                       H1 = 969537490
- *                       H2 = 481688153
- *                       H3 = 2049399200
- *                       H4 = 52029755
- *
- *                       [Peer]
- *                       PublicKey = publicKeyBase64
- *                       PresharedKey = presharedKeyBase64
- *                       AllowedIPs = 0.0.0.0/0, ::/0
- *                       Endpoint = 100.100.100.0:12345
- *                       PersistentKeepalive = 25
- *                       "
- *        }
- *    }
- */
-
 class Awg : Wireguard() {

    override val ifName: String = "awg0"

    override fun parseConfig(config: JSONObject): AwgConfig {
-        val configDataJson = config.getJSONObject("awg_config_data")
-        val configData = parseConfigData(configDataJson.getString("config"))
+        val configData = config.getJSONObject("awg_config_data")
        return AwgConfig.build {
-            configWireguard(configData, configDataJson)
+            configWireguard(config, configData)
            configSplitTunneling(config)
            configAppSplitTunneling(config)
-            configData["Jc"]?.let { setJc(it.toInt()) }
-            configData["Jmin"]?.let { setJmin(it.toInt()) }
-            configData["Jmax"]?.let { setJmax(it.toInt()) }
-            configData["S1"]?.let { setS1(it.toInt()) }
-            configData["S2"]?.let { setS2(it.toInt()) }
-            configData["H1"]?.let { setH1(it.toLong()) }
-            configData["H2"]?.let { setH2(it.toLong()) }
-            configData["H3"]?.let { setH3(it.toLong()) }
-            configData["H4"]?.let { setH4(it.toLong()) }
+            configData.optStringOrNull("Jc")?.let { setJc(it.toInt()) }
+            configData.optStringOrNull("Jmin")?.let { setJmin(it.toInt()) }
+            configData.optStringOrNull("Jmax")?.let { setJmax(it.toInt()) }
+            configData.optStringOrNull("S1")?.let { setS1(it.toInt()) }
+            configData.optStringOrNull("S2")?.let { setS2(it.toInt()) }
+            configData.optStringOrNull("H1")?.let { setH1(it.toLong()) }
+            configData.optStringOrNull("H2")?.let { setH2(it.toLong()) }
+            configData.optStringOrNull("H3")?.let { setH3(it.toLong()) }
+            configData.optStringOrNull("H4")?.let { setH4(it.toLong()) }
        }
    }
 }
@@ -3,3 +3,6 @@
 // android.bundle.enableUncompressedNativeLibs is deprecated
 // disable adding gradle property android.bundle.enableUncompressedNativeLibs by androiddeployqt
 useLegacyPackaging
+
+// package name for androiddeployqt
+namespace = "org.amnezia.vpn"
@@ -115,9 +115,11 @@ dependencies {
    implementation(project(":xray"))
    implementation(libs.androidx.core)
    implementation(libs.androidx.activity)
+    implementation(libs.androidx.fragment)
    implementation(libs.kotlinx.coroutines)
    implementation(libs.kotlinx.serialization.protobuf)
    implementation(libs.bundles.androidx.camera)
    implementation(libs.google.mlkit)
    implementation(libs.androidx.datastore)
+    implementation(libs.androidx.biometric)
 }
@@ -3,40 +3,16 @@ package org.amnezia.vpn.protocol.cloak
 import android.util.Base64
 import net.openvpn.ovpn3.ClientAPI_Config
 import org.amnezia.vpn.protocol.openvpn.OpenVpn
+import org.amnezia.vpn.util.LibraryLoader.loadSharedLibrary
 import org.json.JSONObject

-/**
- *    Config Example:
- *    {
- *     "protocol": "cloak",
- *     "description": "Server 1",
- *     "dns1": "1.1.1.1",
- *     "dns2": "1.0.0.1",
- *     "hostName": "100.100.100.0",
- *     "splitTunnelSites": [
- *     ],
- *     "splitTunnelType": 0,
- *     "openvpn_config_data": {
- *           "config": "openVpnConfig"
- *     }
- *     "cloak_config_data": {
- *          "BrowserSig": "chrome",
- *          "EncryptionMethod": "aes-gcm",
- *          "NumConn": 1,
- *          "ProxyMethod": "openvpn",
- *          "PublicKey": "PublicKey=",
- *          "RemoteHost": "100.100.100.0",
- *          "RemotePort": "443",
- *          "ServerName": "servername",
- *          "StreamTimeout": 300,
- *          "Transport": "direct",
- *          "UID": "UID="
- *     }
- * }
- */
-
 class Cloak : OpenVpn() {

+    override fun internalInit() {
+        super.internalInit()
+        if (!isInitialized) loadSharedLibrary(context, "ck-ovpn-plugin")
+    }
+
    override fun parseConfig(config: JSONObject): ClientAPI_Config {
        val openVpnConfig = ClientAPI_Config()

@@ -1,24 +1,28 @@
 [versions]
-agp = "8.2.0"
-kotlin = "1.9.20"
-androidx-core = "1.12.0"
-androidx-activity = "1.8.1"
-androidx-annotation = "1.7.0"
-androidx-camera = "1.3.0"
+agp = "8.5.2"
+kotlin = "1.9.24"
+androidx-core = "1.13.1"
+androidx-activity = "1.9.1"
+androidx-annotation = "1.8.2"
+androidx-biometric = "1.2.0-alpha05"
+androidx-camera = "1.3.4"
+androidx-fragment = "1.8.2"
 androidx-security-crypto = "1.1.0-alpha06"
-androidx-datastore = "1.1.0-beta01"
-kotlinx-coroutines = "1.7.3"
+androidx-datastore = "1.1.1"
+kotlinx-coroutines = "1.8.1"
 kotlinx-serialization = "1.6.3"
-google-mlkit = "17.2.0"
+google-mlkit = "17.3.0"

 [libraries]
 androidx-core = { module = "androidx.core:core-ktx", version.ref = "androidx-core" }
 androidx-activity = { module = "androidx.activity:activity-ktx", version.ref = "androidx-activity" }
 androidx-annotation = { module = "androidx.annotation:annotation", version.ref = "androidx-annotation" }
+androidx-biometric = { module = "androidx.biometric:biometric-ktx", version.ref = "androidx-biometric" }
 androidx-camera-core = { module = "androidx.camera:camera-core", version.ref = "androidx-camera" }
 androidx-camera-camera2 = { module = "androidx.camera:camera-camera2", version.ref = "androidx-camera" }
 androidx-camera-lifecycle = { module = "androidx.camera:camera-lifecycle", version.ref = "androidx-camera" }
 androidx-camera-view = { module = "androidx.camera:camera-view", version.ref = "androidx-camera" }
+androidx-fragment = { module = "androidx.fragment:fragment-ktx", version.ref = "androidx-fragment" }
 androidx-security-crypto = { module = "androidx.security:security-crypto-ktx", version.ref = "androidx-security-crypto" }
 androidx-datastore = { module = "androidx.datastore:datastore-preferences", version.ref = "androidx-datastore" }
 kotlinx-coroutines = { module = "org.jetbrains.kotlinx:kotlinx-coroutines-android", version.ref = "kotlinx-coroutines" }
@@ -1,7 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.5-bin.zip
-networkTimeout=10000
-validateDistributionUrl=true
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.10-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
@@ -15,6 +15,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
+# SPDX-License-Identifier: Apache-2.0
+#

 ##############################################################################
 #
@@ -55,7 +57,7 @@
 #       Darwin, MinGW, and NonStop.
 #
 #   (3) This script is generated from the Groovy template
-#       https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
+#       https://github.com/gradle/gradle/blob/HEAD/platforms/jvm/plugins-application/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
 #       within the Gradle project.
 #
 #       You can find Gradle at https://github.com/gradle/gradle/.
@@ -84,7 +86,8 @@ done
 # shellcheck disable=SC2034
 APP_BASE_NAME=${0##*/}
 # Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
-APP_HOME=$( cd "${APP_HOME:-./}" > /dev/null && pwd -P ) || exit
+APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s
+' "$PWD" ) || exit

 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD=maximum
@@ -13,6 +13,8 @@
@rem See the License for the specific language governing permissions and
@rem limitations under the License.
@rem
+@rem SPDX-License-Identifier: Apache-2.0
+@rem

@if "%DEBUG%"=="" @echo off
@rem ##########################################################################
@@ -43,11 +45,11 @@ set JAVA_EXE=java.exe
 %JAVA_EXE% -version >NUL 2>&1
 if %ERRORLEVEL% equ 0 goto execute

-echo.
-echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2

 goto fail

@@ -57,11 +59,11 @@ set JAVA_EXE=%JAVA_HOME%/bin/java.exe

 if exist "%JAVA_EXE%" goto execute

-echo.
-echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2

 goto fail

@@ -11,28 +11,12 @@ import org.amnezia.vpn.protocol.Protocol
 import org.amnezia.vpn.protocol.ProtocolState.DISCONNECTED
 import org.amnezia.vpn.protocol.Statistics
 import org.amnezia.vpn.protocol.VpnStartException
+import org.amnezia.vpn.util.LibraryLoader.loadSharedLibrary
 import org.amnezia.vpn.util.net.InetNetwork
 import org.amnezia.vpn.util.net.getLocalNetworks
 import org.amnezia.vpn.util.net.parseInetAddress
 import org.json.JSONObject

-/**
- *    Config Example:
- *    {
- *     "protocol": "openvpn",
- *     "description": "Server 1",
- *     "dns1": "1.1.1.1",
- *     "dns2": "1.0.0.1",
- *     "hostName": "100.100.100.0",
- *     "splitTunnelSites": [
- *     ],
- *     "splitTunnelType": 0,
- *     "openvpn_config_data": {
- *           "config": "openVpnConfig"
- *     }
- * }
- */
-
 open class OpenVpn : Protocol() {

    private var openVpnClient: OpenVpnClient? = null
@@ -51,14 +35,17 @@ open class OpenVpn : Protocol() {
        }

    override fun internalInit() {
-        if (!isInitialized) loadSharedLibrary(context, "ovpn3")
+        if (!isInitialized) {
+            loadSharedLibrary(context, "ovpn3")
+            loadSharedLibrary(context, "ovpnutil")
+        }
        if (this::scope.isInitialized) {
            scope.cancel()
        }
        scope = CoroutineScope(Dispatchers.IO)
    }

-    override fun startVpn(config: JSONObject, vpnBuilder: Builder, protect: (Int) -> Boolean) {
+    override suspend fun startVpn(config: JSONObject, vpnBuilder: Builder, protect: (Int) -> Boolean) {
        val configBuilder = OpenVpnConfig.Builder()

        openVpnClient = OpenVpnClient(
@@ -2,7 +2,6 @@ package org.amnezia.vpn.protocol

 sealed class ProtocolException(message: String? = null, cause: Throwable? = null) : Exception(message, cause)

-class LoadLibraryException(message: String? = null, cause: Throwable? = null) : ProtocolException(message, cause)
 class BadConfigException(message: String? = null, cause: Throwable? = null) : ProtocolException(message, cause)

 class VpnStartException(message: String? = null, cause: Throwable? = null) : ProtocolException(message, cause)
@@ -42,7 +42,7 @@ abstract class Protocol {

    protected abstract fun internalInit()

-    abstract fun startVpn(config: JSONObject, vpnBuilder: Builder, protect: (Int) -> Boolean)
+    abstract suspend fun startVpn(config: JSONObject, vpnBuilder: Builder, protect: (Int) -> Boolean)

    abstract fun stopVpn()

@@ -158,60 +158,6 @@ abstract class Protocol {
        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q)
            vpnBuilder.setMetered(false)
    }
-
-    companion object {
-        private fun extractLibrary(context: Context, libraryName: String, destination: File): Boolean {
-            Log.d(TAG, "Extracting library: $libraryName")
-            val apks = hashSetOf<String>()
-            context.applicationInfo.run {
-                sourceDir?.let { apks += it }
-                splitSourceDirs?.let { apks += it }
-            }
-            for (abi in Build.SUPPORTED_ABIS) {
-                for (apk in apks) {
-                    ZipFile(File(apk), ZipFile.OPEN_READ).use { zipFile ->
-                        val mappedName = System.mapLibraryName(libraryName)
-                        val libraryZipPath = listOf("lib", abi, mappedName).joinToString(File.separator)
-                        val zipEntry = zipFile.getEntry(libraryZipPath)
-                        zipEntry?.let {
-                            Log.d(TAG, "Extracting apk:/$libraryZipPath to ${destination.absolutePath}")
-                            FileOutputStream(destination).use { outStream ->
-                                zipFile.getInputStream(zipEntry).use { inStream ->
-                                    inStream.copyTo(outStream, 32 * 1024)
-                                    outStream.fd.sync()
-                                }
-                            }
-                        }
-                        return true
-                    }
-                }
-            }
-            return false
-        }
-
-        @SuppressLint("UnsafeDynamicallyLoadedCode")
-        fun loadSharedLibrary(context: Context, libraryName: String) {
-            Log.d(TAG, "Loading library: $libraryName")
-            try {
-                System.loadLibrary(libraryName)
-                return
-            } catch (_: UnsatisfiedLinkError) {
-                Log.d(TAG, "Failed to load library, try to extract it from apk")
-            }
-            var tempFile: File? = null
-            try {
-                tempFile = File.createTempFile("lib", ".so", context.codeCacheDir)
-                if (extractLibrary(context, libraryName, tempFile)) {
-                    System.load(tempFile.absolutePath)
-                    return
-                }
-            } catch (e: Exception) {
-                throw LoadLibraryException("Failed to load library apk: $libraryName", e)
-            } finally {
-                tempFile?.delete()
-            }
-        }
-    }
 }

 private fun VpnService.Builder.addAddress(addr: InetNetwork) = addAddress(addr.address, addr.mask)
@@ -21,5 +21,5 @@ android {
 }

 dependencies {
-    implementation(fileTree(mapOf("dir" to "../libs", "include" to listOf("*.jar"))))
+    api(fileTree(mapOf("dir" to "../libs", "include" to listOf("*.jar"))))
 }
@@ -3,7 +3,6 @@
    <!-- DO NOT EDIT THIS: This file is populated automatically by the deployment tool. -->

    <array name="bundled_libs">
-        <!-- %%INSERT_EXTRA_LIBS%% -->
    </array>

    <array name="qt_libs">
@@ -1,6 +1,9 @@
 <?xml version="1.0" encoding="utf-8"?>
 <resources>
+    <color name="black">#FF0E0E11</color>
    <style name="NoActionBar">
+        <item name="android:windowBackground">@color/black</item>
+        <item name="android:colorBackground">@color/black</item>
        <item name="android:windowActionBar">false</item>
        <item name="android:windowNoTitle">true</item>
    </style>
@@ -22,7 +22,7 @@ dependencyResolutionManagement {
 includeBuild("./gradle/plugins")

 plugins {
-    id("com.android.settings") version "8.2.0"
+    id("com.android.settings") version "8.5.2"
    id("settings-property-delegate")
 }

@@ -43,6 +43,7 @@ import kotlinx.coroutines.withContext
 import org.amnezia.vpn.protocol.getStatistics
 import org.amnezia.vpn.protocol.getStatus
 import org.amnezia.vpn.qt.QtAndroidController
+import org.amnezia.vpn.util.LibraryLoader.loadSharedLibrary
 import org.amnezia.vpn.util.Log
 import org.amnezia.vpn.util.Prefs
 import org.json.JSONException
@@ -158,6 +159,11 @@ class AmneziaActivity : QtActivity() {
    override fun onCreate(savedInstanceState: Bundle?) {
        super.onCreate(savedInstanceState)
        Log.d(TAG, "Create Amnezia activity: $intent")
+        loadLibs()
+        window.apply {
+            addFlags(LayoutParams.FLAG_DRAWS_SYSTEM_BAR_BACKGROUNDS)
+            statusBarColor = getColor(R.color.black)
+        }
        mainScope = CoroutineScope(SupervisorJob() + Dispatchers.Main.immediate)
        val proto = mainScope.async(Dispatchers.IO) {
            VpnStateStore.getVpnState().vpnProto
@@ -175,6 +181,17 @@ class AmneziaActivity : QtActivity() {
        runBlocking { vpnProto = proto.await() }
    }

+    private fun loadLibs() {
+        listOf(
+            "rsapss",
+            "crypto_3",
+            "ssl_3",
+            "ssh"
+        ).forEach {
+            loadSharedLibrary(this.applicationContext, it)
+        }
+    }
+
    private fun registerBroadcastReceivers() {
        notificationStateReceiver = if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
            registerBroadcastReceiver(
@@ -610,6 +627,14 @@ class AmneziaActivity : QtActivity() {
        }
    }

+    @Suppress("unused")
+    fun setNavigationBarColor(color: Int) {
+        Log.v(TAG, "Change navigation bar color: ${"#%08X".format(color)}")
+        mainScope.launch {
+            window.navigationBarColor = color
+        }
+    }
+
    @Suppress("unused")
    fun minimizeApp() {
        Log.v(TAG, "Minimize application")
@@ -684,6 +709,17 @@ class AmneziaActivity : QtActivity() {
            .show()
    }

+    @Suppress("unused")
+    fun requestAuthentication() {
+        Log.v(TAG, "Request authentication")
+        mainScope.launch {
+            qtInitialized.await()
+            Intent(this@AmneziaActivity, AuthActivity::class.java).also {
+                startActivity(it)
+            }
+        }
+    }
+
    /**
     * Utils methods
     */
@@ -31,6 +31,7 @@ import kotlinx.coroutines.Job
 import kotlinx.coroutines.SupervisorJob
 import kotlinx.coroutines.TimeoutCancellationException
 import kotlinx.coroutines.cancel
+import kotlinx.coroutines.cancelAndJoin
 import kotlinx.coroutines.delay
 import kotlinx.coroutines.flow.MutableStateFlow
 import kotlinx.coroutines.flow.drop
@@ -39,7 +40,6 @@ import kotlinx.coroutines.launch
 import kotlinx.coroutines.runBlocking
 import kotlinx.coroutines.withTimeout
 import org.amnezia.vpn.protocol.BadConfigException
-import org.amnezia.vpn.protocol.LoadLibraryException
 import org.amnezia.vpn.protocol.ProtocolState.CONNECTED
 import org.amnezia.vpn.protocol.ProtocolState.CONNECTING
 import org.amnezia.vpn.protocol.ProtocolState.DISCONNECTED
@@ -49,6 +49,7 @@ import org.amnezia.vpn.protocol.ProtocolState.UNKNOWN
 import org.amnezia.vpn.protocol.VpnException
 import org.amnezia.vpn.protocol.VpnStartException
 import org.amnezia.vpn.protocol.putStatus
+import org.amnezia.vpn.util.LoadLibraryException
 import org.amnezia.vpn.util.Log
 import org.amnezia.vpn.util.Prefs
 import org.amnezia.vpn.util.net.NetworkState
@@ -111,6 +112,10 @@ open class AmneziaVpnService : VpnService() {
        get() = clientMessengers.any { it.value.name == ACTIVITY_MESSENGER_NAME }

    private val connectionExceptionHandler = CoroutineExceptionHandler { _, e ->
+        connectionJob?.cancel()
+        connectionJob = null
+        disconnectionJob?.cancel()
+        disconnectionJob = null
        protocolState.value = DISCONNECTED
        when (e) {
            is IllegalArgumentException,
@@ -531,7 +536,7 @@ open class AmneziaVpnService : VpnService() {
        protocolState.value = DISCONNECTING

        disconnectionJob = connectionScope.launch {
-            connectionJob?.join()
+            connectionJob?.cancelAndJoin()
            connectionJob = null

            vpnProto?.protocol?.stopVpn()
@@ -0,0 +1,97 @@
+package org.amnezia.vpn
+
+import android.os.Build
+import android.os.Bundle
+import androidx.biometric.BiometricManager
+import androidx.biometric.BiometricManager.Authenticators.BIOMETRIC_STRONG
+import androidx.biometric.BiometricManager.Authenticators.DEVICE_CREDENTIAL
+import androidx.biometric.BiometricPrompt
+import androidx.biometric.BiometricPrompt.AuthenticationResult
+import androidx.core.content.ContextCompat
+import androidx.fragment.app.FragmentActivity
+import org.amnezia.vpn.qt.QtAndroidController
+import org.amnezia.vpn.util.Log
+
+private const val TAG = "AuthActivity"
+
+private const val AUTHENTICATORS = BIOMETRIC_STRONG or DEVICE_CREDENTIAL
+
+class AuthActivity : FragmentActivity() {
+
+    override fun onCreate(savedInstanceState: Bundle?) {
+        super.onCreate(savedInstanceState)
+
+        val biometricManager = BiometricManager.from(applicationContext)
+        when (biometricManager.canAuthenticate(AUTHENTICATORS)) {
+            BiometricManager.BIOMETRIC_SUCCESS -> {
+                showBiometricPrompt(biometricManager)
+                return
+            }
+
+            BiometricManager.BIOMETRIC_STATUS_UNKNOWN -> {
+                Log.w(TAG, "Unknown biometric status")
+                showBiometricPrompt(biometricManager)
+                return
+            }
+
+            BiometricManager.BIOMETRIC_ERROR_UNSUPPORTED -> {
+                Log.e(TAG, "The specified options are incompatible with the current Android " +
+                    "version ${Build.VERSION.SDK_INT}")
+            }
+
+            BiometricManager.BIOMETRIC_ERROR_HW_UNAVAILABLE -> {
+                Log.w(TAG, "The hardware is unavailable")
+            }
+
+            BiometricManager.BIOMETRIC_ERROR_NONE_ENROLLED -> {
+                Log.w(TAG, "No biometric or device credential is enrolled")
+            }
+
+            BiometricManager.BIOMETRIC_ERROR_NO_HARDWARE -> {
+                Log.w(TAG, "There is no suitable hardware")
+            }
+
+            BiometricManager.BIOMETRIC_ERROR_SECURITY_UPDATE_REQUIRED -> {
+                Log.w(TAG, "A security vulnerability has been discovered with one or " +
+                    "more hardware sensors")
+            }
+        }
+        QtAndroidController.onAuthResult(true)
+        finish()
+    }
+
+    private fun showBiometricPrompt(biometricManager: BiometricManager) {
+        val executor = ContextCompat.getMainExecutor(applicationContext)
+        val biometricPrompt = BiometricPrompt(this, executor,
+            object : BiometricPrompt.AuthenticationCallback() {
+                override fun onAuthenticationSucceeded(result: AuthenticationResult) {
+                    super.onAuthenticationSucceeded(result)
+                    Log.d(TAG, "Authentication succeeded")
+                    QtAndroidController.onAuthResult(true)
+                    finish()
+                }
+
+                override fun onAuthenticationFailed() {
+                    super.onAuthenticationFailed()
+                    Log.w(TAG, "Authentication failed")
+                }
+
+                override fun onAuthenticationError(errorCode: Int, errString: CharSequence) {
+                    super.onAuthenticationError(errorCode, errString)
+                    Log.e(TAG, "Authentication error $errorCode: $errString")
+                    QtAndroidController.onAuthResult(false)
+                    finish()
+                }
+            })
+
+
+
+        val promptInfo = BiometricPrompt.PromptInfo.Builder()
+            .setAllowedAuthenticators(AUTHENTICATORS)
+            .setTitle("AmneziaVPN")
+            .setSubtitle(biometricManager.getStrings(AUTHENTICATORS)?.promptMessage)
+            .build()
+
+        biometricPrompt.authenticate(promptInfo)
+    }
+}
@@ -1,24 +0,0 @@
-package org.amnezia.vpn;
-
-import android.content.Context;
-import android.app.KeyguardManager;
-import android.content.Intent;
-import org.qtproject.qt.android.bindings.QtActivity;
-
-
-import static android.content.Context.KEYGUARD_SERVICE;
-
-public class AuthHelper extends QtActivity {
-
-   static final String TAG = "AuthHelper";
-  
-   public static Intent getAuthIntent(Context context) {
-   	KeyguardManager mKeyguardManager = (KeyguardManager)context.getSystemService(KEYGUARD_SERVICE);
-   	if (mKeyguardManager.isDeviceSecure()) {
-                return mKeyguardManager.createConfirmDeviceCredentialIntent(null, null);
-        } else {
-        	return null;
-        }     
-   }
-   
-}
@@ -33,10 +33,10 @@ class ImportConfigActivity : ComponentActivity() {
        intent?.let(::readConfig)
    }

-    override fun onNewIntent(intent: Intent?) {
+    override fun onNewIntent(intent: Intent) {
        super.onNewIntent(intent)
        Log.d(TAG, "onNewIntent: $intent")
-        intent?.let(::readConfig)
+        intent.let(::readConfig)
    }

    private fun readConfig(intent: Intent) {
@@ -25,5 +25,7 @@ object QtAndroidController {

    external fun onConfigImported(data: String)

+    external fun onAuthResult(result: Boolean)
+
    external fun decodeQrCode(data: String): Boolean
 }
@@ -0,0 +1,9 @@
+package org.amnezia.vpn.util
+
+import org.json.JSONArray
+import org.json.JSONObject
+
+inline fun <reified T> JSONArray.asSequence(): Sequence<T> =
+    (0..<length()).asSequence().map { get(it) as T }
+
+fun JSONObject.optStringOrNull(name: String) = optString(name).ifEmpty { null }
@@ -0,0 +1,66 @@
+package org.amnezia.vpn.util
+
+import android.annotation.SuppressLint
+import android.content.Context
+import android.os.Build
+import java.io.File
+import java.io.FileOutputStream
+import java.util.zip.ZipFile
+
+private const val TAG = "LibraryLoader"
+
+object LibraryLoader {
+    private fun extractLibrary(context: Context, libraryName: String, destination: File): Boolean {
+        Log.d(TAG, "Extracting library: $libraryName")
+        val apks = hashSetOf<String>()
+        context.applicationInfo.run {
+            sourceDir?.let { apks += it }
+            splitSourceDirs?.let { apks += it }
+        }
+        for (abi in Build.SUPPORTED_ABIS) {
+            for (apk in apks) {
+                ZipFile(File(apk), ZipFile.OPEN_READ).use { zipFile ->
+                    val mappedName = System.mapLibraryName(libraryName)
+                    val libraryZipPath = listOf("lib", abi, mappedName).joinToString(File.separator)
+                    val zipEntry = zipFile.getEntry(libraryZipPath)
+                    zipEntry?.let {
+                        Log.d(TAG, "Extracting apk:/$libraryZipPath to ${destination.absolutePath}")
+                        FileOutputStream(destination).use { outStream ->
+                            zipFile.getInputStream(zipEntry).use { inStream ->
+                                inStream.copyTo(outStream, 32 * 1024)
+                                outStream.fd.sync()
+                            }
+                        }
+                    }
+                    return true
+                }
+            }
+        }
+        return false
+    }
+
+    @SuppressLint("UnsafeDynamicallyLoadedCode")
+    fun loadSharedLibrary(context: Context, libraryName: String) {
+        Log.d(TAG, "Loading library: $libraryName")
+        try {
+            System.loadLibrary(libraryName)
+            return
+        } catch (_: UnsatisfiedLinkError) {
+            Log.d(TAG, "Failed to load library, try to extract it from apk")
+        }
+        var tempFile: File? = null
+        try {
+            tempFile = File.createTempFile("lib", ".so", context.codeCacheDir)
+            if (extractLibrary(context, libraryName, tempFile)) {
+                System.load(tempFile.absolutePath)
+                return
+            }
+        } catch (e: Exception) {
+            throw LoadLibraryException("Failed to load library apk: $libraryName", e)
+        } finally {
+            tempFile?.delete()
+        }
+    }
+}
+
+class LoadLibraryException(message: String? = null, cause: Throwable? = null) : Exception(message, cause)
@@ -88,7 +88,7 @@ class NetworkState(
        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.S) {
            connectivityManager.registerBestMatchingNetworkCallback(networkRequest, networkCallback, handler)
        } else if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) {
-            val numberAttempts = 3
+            val numberAttempts = 300
            var attemptCount = 0
            while(true) {
                try {
@@ -35,7 +35,7 @@ fun getLocalNetworks(context: Context, ipv6: Boolean): List<InetNetwork> {
    return emptyList()
 }

-fun parseInetAddress(address: String): InetAddress = parseNumericAddressCompat(address)
+fun parseInetAddress(address: String): InetAddress = InetAddress.getByName(address)

 private val parseNumericAddressCompat: (String) -> InetAddress =
    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q) {
@@ -60,7 +60,7 @@ private val parseNumericAddressCompat: (String) -> InetAddress =
 internal fun convertIpv6ToCanonicalForm(ipv6: String): String = ipv6
    .replace("((?:(?:^|:)0+\\b){2,}):?(?!\\S*\\b\\1:0+\\b)(\\S*)".toRegex(), "::$2")

-internal val InetAddress.ip: String
+val InetAddress.ip: String
    get() = if (this is Inet4Address) {
        hostAddress!!
    } else {
@@ -1,54 +1,26 @@
 package org.amnezia.vpn.protocol.wireguard

 import android.net.VpnService.Builder
-import java.util.TreeMap
+import java.io.IOException
+import java.util.Locale
+import kotlinx.coroutines.Dispatchers
+import kotlinx.coroutines.delay
+import kotlinx.coroutines.withContext
 import org.amnezia.awg.GoBackend
 import org.amnezia.vpn.protocol.Protocol
 import org.amnezia.vpn.protocol.ProtocolState.CONNECTED
 import org.amnezia.vpn.protocol.ProtocolState.DISCONNECTED
 import org.amnezia.vpn.protocol.Statistics
 import org.amnezia.vpn.protocol.VpnStartException
+import org.amnezia.vpn.util.LibraryLoader.loadSharedLibrary
 import org.amnezia.vpn.util.Log
+import org.amnezia.vpn.util.asSequence
 import org.amnezia.vpn.util.net.InetEndpoint
 import org.amnezia.vpn.util.net.InetNetwork
 import org.amnezia.vpn.util.net.parseInetAddress
+import org.amnezia.vpn.util.optStringOrNull
 import org.json.JSONObject

-/**
- *    Config example:
- *    {
- *        "protocol": "wireguard",
- *        "description": "Server 1",
- *        "dns1": "1.1.1.1",
- *        "dns2": "1.0.0.1",
- *        "hostName": "100.100.100.0",
- *        "splitTunnelSites": [
- *        ],
- *        "splitTunnelType": 0,
- *        "wireguard_config_data": {
- *            "client_ip": "10.8.1.1",
- *            "hostName": "100.100.100.0",
- *            "port": 12345,
- *            "client_pub_key": "clientPublicKeyBase64",
- *            "client_priv_key": "privateKeyBase64",
- *            "psk_key": "presharedKeyBase64",
- *            "server_pub_key": "publicKeyBase64",
- *            "config": "[Interface]
- *                       Address = 10.8.1.1/32
- *                       DNS = 1.1.1.1, 1.0.0.1
- *                       PrivateKey = privateKeyBase64
- *
- *                       [Peer]
- *                       PublicKey = publicKeyBase64
- *                       PresharedKey = presharedKeyBase64
- *                       AllowedIPs = 0.0.0.0/0, ::/0
- *                       Endpoint = 100.100.100.0:12345
- *                       PersistentKeepalive = 25
- *                       "
- *        }
- *    }
- */
-
 private const val TAG = "Wireguard"

 open class Wireguard : Protocol() {
@@ -79,67 +51,88 @@ open class Wireguard : Protocol() {
        if (!isInitialized) loadSharedLibrary(context, "wg-go")
    }

-    override fun startVpn(config: JSONObject, vpnBuilder: Builder, protect: (Int) -> Boolean) {
+    override suspend fun startVpn(config: JSONObject, vpnBuilder: Builder, protect: (Int) -> Boolean) {
        val wireguardConfig = parseConfig(config)
+        val startTime = System.currentTimeMillis()
        start(wireguardConfig, vpnBuilder, protect)
+        waitForConnection(startTime)
        state.value = CONNECTED
    }

+    private suspend fun waitForConnection(startTime: Long) {
+        Log.d(TAG, "Waiting for connection")
+        withContext(Dispatchers.IO) {
+            val time = String.format(Locale.ROOT,"%.3f", startTime / 1000.0)
+            try {
+                delay(1000)
+                var log = getLogcat(time)
+                Log.d(TAG, "First waiting log: $log")
+                // check that there is a connection log,
+                // to avoid infinite connection
+                if (!log.contains("Attaching to interface")) {
+                    Log.w(TAG, "Logs do not contain a connection log")
+                    return@withContext
+                }
+                while (!log.contains("Received handshake response")) {
+                    delay(1000)
+                    log = getLogcat(time)
+                }
+            } catch (e: IOException) {
+                Log.e(TAG, "Failed to get logcat: $e")
+            }
+        }
+    }
+
+    private fun getLogcat(time: String): String =
+        ProcessBuilder("logcat", "--buffer=main", "--format=raw", "*:S AmneziaWG/awg0", "-t", time)
+            .redirectErrorStream(true)
+            .start()
+            .inputStream.reader().readText()
+
    protected open fun parseConfig(config: JSONObject): WireguardConfig {
-        val configDataJson = config.getJSONObject("wireguard_config_data")
-        val configData = parseConfigData(configDataJson.getString("config"))
+        val configData = config.getJSONObject("wireguard_config_data")
        return WireguardConfig.build {
-            configWireguard(configData, configDataJson)
+            configWireguard(config, configData)
            configSplitTunneling(config)
            configAppSplitTunneling(config)
        }
    }

-    protected fun WireguardConfig.Builder.configWireguard(configData: Map<String, String>, configDataJson: JSONObject) {
-        configData["Address"]?.split(",")?.map { address ->
+    protected fun WireguardConfig.Builder.configWireguard(config: JSONObject, configData: JSONObject) {
+        configData.getString("client_ip").split(",").map { address ->
            InetNetwork.parse(address.trim())
-        }?.forEach(::addAddress)
+        }.forEach(::addAddress)

-        configData["DNS"]?.split(",")?.map { dns ->
-            parseInetAddress(dns.trim())
-        }?.forEach(::addDnsServer)
+        config.optStringOrNull("dns1")?.let { dns ->
+            addDnsServer(parseInetAddress(dns.trim()))
+        }
+
+        config.optStringOrNull("dns2")?.let { dns ->
+            addDnsServer(parseInetAddress(dns.trim()))
+        }

        val defRoutes = hashSetOf(
            InetNetwork("0.0.0.0", 0),
            InetNetwork("::", 0)
        )
        val routes = hashSetOf<InetNetwork>()
-        configData["AllowedIPs"]?.split(",")?.map { route ->
+        configData.getJSONArray("allowed_ips").asSequence<String>().map { route ->
            InetNetwork.parse(route.trim())
-        }?.forEach(routes::add)
+        }.forEach(routes::add)
        // if the allowed IPs list contains at least one non-default route, disable global split tunneling
        if (routes.any { it !in defRoutes }) disableSplitTunneling()
        addRoutes(routes)

-        configDataJson.optString("mtu").let { mtu ->
-            if (mtu.isNotEmpty()) {
-                setMtu(mtu.toInt())
-            } else {
-                configData["MTU"]?.let { setMtu(it.toInt()) }
-            }
-        }
+        configData.optStringOrNull("mtu")?.let { setMtu(it.toInt()) }

-        configData["Endpoint"]?.let { setEndpoint(InetEndpoint.parse(it)) }
-        configData["PersistentKeepalive"]?.let { setPersistentKeepalive(it.toInt()) }
-        configData["PrivateKey"]?.let { setPrivateKeyHex(it.base64ToHex()) }
-        configData["PublicKey"]?.let { setPublicKeyHex(it.base64ToHex()) }
-        configData["PresharedKey"]?.let { setPreSharedKeyHex(it.base64ToHex()) }
-    }
+        val host = configData.getString("hostName").let { parseInetAddress(it.trim()) }
+        val port = configData.getInt("port")
+        setEndpoint(InetEndpoint(host, port))

-    protected fun parseConfigData(data: String): Map<String, String> {
-        val parsedData = TreeMap<String, String>(String.CASE_INSENSITIVE_ORDER)
-        data.lineSequence()
-            .filter { it.isNotEmpty() && !it.startsWith('[') }
-            .forEach { line ->
-                val attr = line.split("=", limit = 2)
-                parsedData[attr.first().trim()] = attr.last().trim()
-            }
-        return parsedData
+        configData.optStringOrNull("persistent_keep_alive")?.let { setPersistentKeepalive(it.toInt()) }
+        configData.getString("client_priv_key").let { setPrivateKeyHex(it.base64ToHex()) }
+        configData.getString("server_pub_key").let { setPublicKeyHex(it.base64ToHex()) }
+        configData.optStringOrNull("psk_key")?.let { setPreSharedKeyHex(it.base64ToHex()) }
    }

    private fun start(config: WireguardConfig, vpnBuilder: Builder, protect: (Int) -> Boolean) {
@@ -17,72 +17,10 @@ import org.amnezia.vpn.protocol.xray.libXray.Logger
 import org.amnezia.vpn.protocol.xray.libXray.Tun2SocksConfig
 import org.amnezia.vpn.util.Log
 import org.amnezia.vpn.util.net.InetNetwork
+import org.amnezia.vpn.util.net.ip
 import org.amnezia.vpn.util.net.parseInetAddress
 import org.json.JSONObject

-/**
- *    Config example:
- * {
- *     "appSplitTunnelType": 0,
- *     "config_version": 0,
- *     "description": "Server 1",
- *     "dns1": "1.1.1.1",
- *     "dns2": "1.0.0.1",
- *     "hostName": "100.100.100.0",
- *     "protocol": "xray",
- *     "splitTunnelApps": [],
- *     "splitTunnelSites": [],
- *     "splitTunnelType": 0,
- *     "xray_config_data": {
- *         "inbounds": [
- *             {
- *                 "listen": "127.0.0.1",
- *                 "port": 8080,
- *                 "protocol": "socks",
- *                 "settings": {
- *                     "udp": true
- *                 }
- *             }
- *         ],
- *         "log": {
- *             "loglevel": "error"
- *         },
- *         "outbounds": [
- *             {
- *                 "protocol": "vless",
- *                 "settings": {
- *                     "vnext": [
- *                         {
- *                             "address": "100.100.100.0",
- *                             "port": 443,
- *                             "users": [
- *                                 {
- *                                     "encryption": "none",
- *                                     "flow": "xtls-rprx-vision",
- *                                     "id": "id"
- *                                 }
- *                             ]
- *                         }
- *                     ]
- *                 },
- *                 "streamSettings": {
- *                     "network": "tcp",
- *                     "realitySettings": {
- *                         "fingerprint": "chrome",
- *                         "publicKey": "publicKey",
- *                         "serverName": "google.com",
- *                         "shortId": "id",
- *                         "spiderX": ""
- *                     },
- *                     "security": "reality"
- *                 }
- *             }
- *         ]
- *     }
- * }
- *
- */
-
 private const val TAG = "Xray"
 private const val LIBXRAY_TAG = "libXray"

@@ -109,7 +47,7 @@ class Xray : Protocol() {
        }
    }

-    override fun startVpn(config: JSONObject, vpnBuilder: Builder, protect: (Int) -> Boolean) {
+    override suspend fun startVpn(config: JSONObject, vpnBuilder: Builder, protect: (Int) -> Boolean) {
        if (isRunning) {
            Log.w(TAG, "XRay already running")
            return
@@ -124,7 +62,15 @@ class Xray : Protocol() {
            .put("loglevel", "warning")
            .put("access", "none") // disable access log

-        start(xrayConfig, xrayJsonConfig.toString(), vpnBuilder, protect)
+        var xrayJsonConfigString = xrayJsonConfig.toString()
+        config.getString("hostName").let { hostName ->
+            val ipAddress = parseInetAddress(hostName).ip
+            if (hostName != ipAddress) {
+                xrayJsonConfigString = xrayJsonConfigString.replace(hostName, ipAddress)
+            }
+        }
+
+        start(xrayConfig, xrayJsonConfigString, vpnBuilder, protect)
        state.value = CONNECTED
        isRunning = true
    }
@@ -27,7 +27,6 @@ link_directories(${CMAKE_CURRENT_SOURCE_DIR}/platforms/android)
 set(HEADERS ${HEADERS}
    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/android/android_controller.h
    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/android/android_utils.h
-    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/android/authResultReceiver.h
    ${CMAKE_CURRENT_SOURCE_DIR}/protocols/android_vpnprotocol.h
    ${CMAKE_CURRENT_SOURCE_DIR}/core/installedAppsImageProvider.h
 )
@@ -35,7 +34,6 @@ set(HEADERS ${HEADERS}
 set(SOURCES ${SOURCES}
    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/android/android_controller.cpp
    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/android/android_utils.cpp
-    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/android/authResultReceiver.cpp
    ${CMAKE_CURRENT_SOURCE_DIR}/protocols/android_vpnprotocol.cpp
    ${CMAKE_CURRENT_SOURCE_DIR}/core/installedAppsImageProvider.cpp
 )
@@ -95,6 +95,18 @@ WireguardConfigurator::ConnectionData WireguardConfigurator::prepareWireguardCon
        stdOut.replace("/32", "");
        QStringList ips = stdOut.split("\n", Qt::SkipEmptyParts);

+        // remove extra IPs from each line for case when user manually edited the wg0.conf
+        // and added there more IPs for route his itnernal networks, like:
+        //     ...
+        //     AllowedIPs = 10.8.1.6/32, 192.168.1.0/24, 192.168.2.0/24, ...
+        //     ...
+        // without this code - next IP would be 1 if last item in 'ips' has format above
+        QStringList vpnIps;
+        for (const auto &ip : ips) {
+          vpnIps.append(ip.split(",", Qt::SkipEmptyParts).first().trimmed());
+        }
+        ips = vpnIps;
+
        // Calc next IP address
        if (ips.isEmpty()) {
            nextIpNumber = "2";
@@ -187,6 +199,10 @@ QString WireguardConfigurator::createConfig(const ServerCredentials &credentials
    jConfig[config_key::server_pub_key] = connData.serverPubKey;
    jConfig[config_key::mtu] = wireguarConfig.value(config_key::mtu).toString(protocols::wireguard::defaultMtu);

+    jConfig[config_key::persistent_keep_alive] = "25";
+    QJsonArray allowedIps { "0.0.0.0/0", "::/0" };
+    jConfig[config_key::allowed_ips] = allowedIps;
+
    jConfig[config_key::clientId] = connData.clientPubKey;

    return QJsonDocument(jConfig).toJson();
@@ -9,8 +9,8 @@
 #include "QRsa.h"

 #include "amnezia_application.h"
-#include "core/enums/apiEnums.h"
 #include "configurators/wireguard_configurator.h"
+#include "core/enums/apiEnums.h"
 #include "version.h"

 namespace
@@ -42,7 +42,7 @@ namespace
        constexpr char keyPayload[] = "key_payload";
    }

-    const QStringList proxyStorageUrl = {""};
+    const QStringList proxyStorageUrl = { "" };

    ErrorCode checkErrors(const QList<QSslError> &sslErrors, QNetworkReply *reply)
    {
@@ -65,7 +65,8 @@ namespace
    }
 }

-ApiController::ApiController(const QString &gatewayEndpoint, QObject *parent) : QObject(parent), m_gatewayEndpoint(gatewayEndpoint)
+ApiController::ApiController(const QString &gatewayEndpoint, bool isDevEnvironment, QObject *parent)
+    : QObject(parent), m_gatewayEndpoint(gatewayEndpoint), m_isDevEnvironment(isDevEnvironment)
 {
 }

@@ -143,7 +144,7 @@ QStringList ApiController::getProxyUrls()

    QEventLoop wait;
    QList<QSslError> sslErrors;
-    QNetworkReply* reply;
+    QNetworkReply *reply;

    for (const auto &proxyStorageUrl : proxyStorageUrl) {
        request.setUrl(proxyStorageUrl);
@@ -281,7 +282,7 @@ ErrorCode ApiController::getServicesList(QByteArray &responseBody)

    request.setUrl(QString("%1v1/services").arg(m_gatewayEndpoint));

-    QNetworkReply* reply;
+    QNetworkReply *reply;
    reply = amnApp->manager()->get(request);

    QEventLoop wait;
@@ -300,7 +301,8 @@ ErrorCode ApiController::getServicesList(QByteArray &responseBody)
            QObject::connect(reply, &QNetworkReply::finished, &wait, &QEventLoop::quit);
            connect(reply, &QNetworkReply::sslErrors, [this, &sslErrors](const QList<QSslError> &errors) { sslErrors = errors; });
            wait.exec();
-            if (reply->error() != QNetworkReply::NetworkError::TimeoutError && reply->error() != QNetworkReply::NetworkError::OperationCanceledError) {
+            if (reply->error() != QNetworkReply::NetworkError::TimeoutError
+                && reply->error() != QNetworkReply::NetworkError::OperationCanceledError) {
                break;
            }
            reply->deleteLater();
@@ -355,7 +357,7 @@ ErrorCode ApiController::getConfigForService(const QString &installationUuid, co

        EVP_PKEY *publicKey = nullptr;
        try {
-            QByteArray key = PROD_AGW_PUBLIC_KEY;
+            QByteArray key = m_isDevEnvironment ? DEV_AGW_PUBLIC_KEY : PROD_AGW_PUBLIC_KEY;
            QSimpleCrypto::QRsa rsa;
            publicKey = rsa.getPublicKeyFromByteArray(key);
        } catch (...) {
@@ -375,7 +377,7 @@ ErrorCode ApiController::getConfigForService(const QString &installationUuid, co
    requestBody[configKey::keyPayload] = QString(encryptedKeyPayload.toBase64());
    requestBody[configKey::apiPayload] = QString(encryptedApiPayload.toBase64());

-    QNetworkReply* reply = manager.post(request, QJsonDocument(requestBody).toJson());
+    QNetworkReply *reply = manager.post(request, QJsonDocument(requestBody).toJson());

    QEventLoop wait;
    connect(reply, &QNetworkReply::finished, &wait, &QEventLoop::quit);
@@ -395,7 +397,8 @@ ErrorCode ApiController::getConfigForService(const QString &installationUuid, co
            QObject::connect(reply, &QNetworkReply::finished, &wait, &QEventLoop::quit);
            connect(reply, &QNetworkReply::sslErrors, [this, &sslErrors](const QList<QSslError> &errors) { sslErrors = errors; });
            wait.exec();
-            if (reply->error() != QNetworkReply::NetworkError::TimeoutError && reply->error() != QNetworkReply::NetworkError::OperationCanceledError) {
+            if (reply->error() != QNetworkReply::NetworkError::TimeoutError
+                && reply->error() != QNetworkReply::NetworkError::OperationCanceledError) {
                break;
            }
            reply->deleteLater();
@@ -14,7 +14,7 @@ class ApiController : public QObject
    Q_OBJECT

 public:
-    explicit ApiController(const QString &gatewayEndpoint, QObject *parent = nullptr);
+    explicit ApiController(const QString &gatewayEndpoint, bool isDevEnvironment, QObject *parent = nullptr);

 public slots:
    void updateServerConfigFromApi(const QString &installationUuid, const int serverIndex, QJsonObject serverConfig);
@@ -44,6 +44,7 @@ private:

    QString m_gatewayEndpoint;
    QStringList m_proxyUrls;
+    bool m_isDevEnvironment = false;
 };

 #endif // APICONTROLLER_H
@@ -83,7 +83,6 @@ ErrorCode ServerController::runScript(const ServerCredentials &credentials, QStr
        }

        qDebug().noquote() << lineToExec;
-        Logger::appendSshLog("Run command:" + lineToExec);

        error = m_sshClient.executeCommand(lineToExec, cbReadStdOut, cbReadStdErr);
        if (error != ErrorCode::NoError) {
@@ -100,13 +99,13 @@ ErrorCode ServerController::runContainerScript(const ServerCredentials &credenti
                                               const std::function<ErrorCode(const QString &, libssh::Client &)> &cbReadStdErr)
 {
    QString fileName = "/opt/amnezia/" + Utils::getRandomString(16) + ".sh";
-    Logger::appendSshLog("Run container script for " + ContainerProps::containerToString(container) + ":\n" + script);

    ErrorCode e = uploadTextFileToContainer(container, credentials, script, fileName);
    if (e)
        return e;

-    QString runner = QString("sudo docker exec -i $CONTAINER_NAME %2 %1 ").arg(fileName, (container == DockerContainer::Socks5Proxy ? "sh" : "bash"));
+    QString runner =
+            QString("sudo docker exec -i $CONTAINER_NAME %2 %1 ").arg(fileName, (container == DockerContainer::Socks5Proxy ? "sh" : "bash"));
    e = runScript(credentials, replaceVars(runner, genVarsForScript(credentials, container)), cbReadStdOut, cbReadStdErr);

    QString remover = QString("sudo docker exec -i $CONTAINER_NAME rm %1 ").arg(fileName);
@@ -426,7 +425,7 @@ ErrorCode ServerController::buildContainerWorker(const ServerCredentials &creden
    if (errorCode)
        return errorCode;

-    errorCode = uploadFileToHost(credentials, amnezia::scriptData(ProtocolScriptType::dockerfile, container).toUtf8(),dockerFilePath);
+    errorCode = uploadFileToHost(credentials, amnezia::scriptData(ProtocolScriptType::dockerfile, container).toUtf8(), dockerFilePath);

    if (errorCode)
        return errorCode;
@@ -437,9 +436,10 @@ ErrorCode ServerController::buildContainerWorker(const ServerCredentials &creden
        return ErrorCode::NoError;
    };

-    errorCode = runScript(credentials,
-                  replaceVars(amnezia::scriptData(SharedScriptType::build_container), genVarsForScript(credentials, container, config)),
-                  cbReadStdOut);
+    errorCode =
+            runScript(credentials,
+                      replaceVars(amnezia::scriptData(SharedScriptType::build_container), genVarsForScript(credentials, container, config)),
+                      cbReadStdOut);
    if (errorCode)
        return errorCode;

@@ -621,13 +621,15 @@ ServerController::Vars ServerController::genVarsForScript(const ServerCredential

    // Socks5 proxy vars
    vars.append({ { "$SOCKS5_PROXY_PORT", socks5ProxyConfig.value(config_key::port).toString(protocols::socks5Proxy::defaultPort) } });
-    auto username =  socks5ProxyConfig.value(config_key:: userName).toString();
+    auto username = socks5ProxyConfig.value(config_key::userName).toString();
    auto password = socks5ProxyConfig.value(config_key::password).toString();
    QString socks5user = (!username.isEmpty() && !password.isEmpty()) ? QString("users %1:CL:%2").arg(username, password) : "";
-    vars.append({ { "$SOCKS5_USER",  socks5user } });
-    vars.append({ { "$SOCKS5_AUTH_TYPE",  socks5user.isEmpty() ? "none" : "strong" } });
+    vars.append({ { "$SOCKS5_USER", socks5user } });
+    vars.append({ { "$SOCKS5_AUTH_TYPE", socks5user.isEmpty() ? "none" : "strong" } });

-    QString serverIp = NetworkUtilities::getIPAddress(credentials.hostName);
+    QString serverIp = (container != DockerContainer::Awg && container != DockerContainer::WireGuard && container != DockerContainer::Xray)
+            ? NetworkUtilities::getIPAddress(credentials.hostName)
+            : credentials.hostName;
    if (!serverIp.isEmpty()) {
        vars.append({ { "$SERVER_IP_ADDRESS", serverIp } });
    } else {
@@ -713,7 +715,8 @@ ErrorCode ServerController::isServerPortBusy(const ServerCredentials &credential
        udpProtoScript.append("' | grep -i udp");
        tcpProtoScript.append(" | grep LISTEN");

-        ErrorCode errorCode = runScript(credentials, replaceVars(tcpProtoScript, genVarsForScript(credentials, container)), cbReadStdOut, cbReadStdErr);
+        ErrorCode errorCode =
+                runScript(credentials, replaceVars(tcpProtoScript, genVarsForScript(credentials, container)), cbReadStdOut, cbReadStdErr);
        if (errorCode != ErrorCode::NoError) {
            return errorCode;
        }
@@ -100,7 +100,13 @@ QJsonObject VpnConfigurationsController::createVpnConfiguration(const QPair<QStr
        protocolConfigString = configurator->processConfigWithLocalSettings(dns, isApiConfig, protocolConfigString);

        QJsonObject vpnConfigData = QJsonDocument::fromJson(protocolConfigString.toUtf8()).object();
-        vpnConfigData = QJsonDocument::fromJson(protocolConfigString.toUtf8()).object();
+        if (container == DockerContainer::Awg || container == DockerContainer::WireGuard) {
+            // add mtu for old configs
+            if (vpnConfigData[config_key::mtu].toString().isEmpty()) {
+                vpnConfigData[config_key::mtu] = container == DockerContainer::Awg ? protocols::awg::defaultMtu : protocols::wireguard::defaultMtu;
+            }
+        }
+
        vpnConfiguration.insert(ProtocolProps::key_proto_config_data(proto), vpnConfigData);
    }

@@ -29,6 +29,12 @@ QSharedPointer<IpcInterfaceReplica> IpcClient::Interface()
    return Instance()->m_ipcClient;
 }

+QSharedPointer<IpcProcessTun2SocksReplica> IpcClient::InterfaceTun2Socks()
+{
+    if (!Instance()) return nullptr;
+    return Instance()->m_Tun2SocksClient;
+}
+
 bool IpcClient::init(IpcClient *instance)
 {
    m_instance = instance;
@@ -44,6 +50,12 @@ bool IpcClient::init(IpcClient *instance)
            qWarning() << "IpcClient replica is not connected!";
        }

+        Instance()->m_Tun2SocksClient.reset(Instance()->m_ClientNode.acquire<IpcProcessTun2SocksReplica>());
+        Instance()->m_Tun2SocksClient->waitForSource(1000);
+
+        if (!Instance()->m_Tun2SocksClient->isReplicaValid()) {
+            qWarning() << "IpcClient::m_Tun2SocksClient replica is not connected!";
+        }
    });

    connect(Instance()->m_localSocket, &QLocalSocket::disconnected, [instance](){
@@ -51,16 +63,16 @@ bool IpcClient::init(IpcClient *instance)
    });

    Instance()->m_localSocket->connectToServer(amnezia::getIpcServiceUrl());
-
    Instance()->m_localSocket->waitForConnected();

    if (!Instance()->m_ipcClient) {
        qDebug() << "IpcClient::init failed";
        return false;
    }
+
    qDebug() << "IpcClient::init succeed";

-    return Instance()->m_ipcClient->isReplicaValid();
+    return (Instance()->m_ipcClient->isReplicaValid() && Instance()->m_Tun2SocksClient->isReplicaValid());
 }

 QSharedPointer<PrivilegedProcess> IpcClient::CreatePrivilegedProcess()
@@ -6,6 +6,7 @@

 #include "ipc.h"
 #include "rep_ipc_interface_replica.h"
+#include "rep_ipc_process_tun2socks_replica.h"

 #include "privileged_process.h"

@@ -18,6 +19,7 @@ public:
   static IpcClient *Instance();
   static bool init(IpcClient *instance);
   static QSharedPointer<IpcInterfaceReplica> Interface();
+   static QSharedPointer<IpcProcessTun2SocksReplica> InterfaceTun2Socks();
   static QSharedPointer<PrivilegedProcess> CreatePrivilegedProcess();

   bool isSocketConnected() const;
@@ -28,8 +30,11 @@ private:
    ~IpcClient() override;

    QRemoteObjectNode m_ClientNode;
+    QRemoteObjectNode m_Tun2SocksNode;
    QSharedPointer<IpcInterfaceReplica> m_ipcClient;
    QPointer<QLocalSocket> m_localSocket;
+    QPointer<QLocalSocket> m_tun2socksSocket;
+    QSharedPointer<IpcProcessTun2SocksReplica> m_Tun2SocksClient;

    struct ProcessDescriptor {
        ProcessDescriptor () {
@@ -109,7 +109,10 @@ QStringList NetworkUtilities::summarizeRoutes(const QStringList &ips, const QStr

 QString NetworkUtilities::getIPAddress(const QString &host)
 {
-    if (ipAddressRegExp().match(host).hasMatch()) {
+    QHostAddress address(host);
+    if (QAbstractSocket::IPv4Protocol == address.protocol()) {
+        return host;
+    } else if (QAbstractSocket::IPv6Protocol == address.protocol()) {
        return host;
    }

@@ -1,107 +0,0 @@
-#ifndef LOGGER_H
-#define LOGGER_H
-
-#include <QDebug>
-#include <QDir>
-#include <QFile>
-#include <QString>
-#include <QTextStream>
-
-#include "ui/property_helper.h"
-
-#include "mozilla/shared/loglevel.h"
-
-class Logger : public QObject
-{
-    Q_OBJECT
-    AUTO_PROPERTY(QString, sshLog)
-    AUTO_PROPERTY(QString, allLog)
-
-public:
-    static Logger& Instance();
-
-    static void appendSshLog(const QString &log);
-    static void appendAllLog(const QString &log);
-
-
-    static bool init();
-    static void deInit();
-    static bool setServiceLogsEnabled(bool enabled);
-    static bool openLogsFolder();
-    static bool openServiceLogsFolder();
-    static QString appLogFileNamePath();
-    static void clearLogs();
-    static void clearServiceLogs();
-    static void cleanUp();
-
-    static QString userLogsFilePath();
-    static QString getLogFile();
-
-    // compat with Mozilla logger
-    Logger(const QString &className) { m_className = className; }
-    const QString& className() const { return m_className; }
-
-    class Log {
-    public:
-        Log(Logger* logger, LogLevel level);
-        ~Log();
-
-        Log& operator<<(uint64_t t);
-        Log& operator<<(const char* t);
-        Log& operator<<(const QString& t);
-        Log& operator<<(const QStringList& t);
-        Log& operator<<(const QByteArray& t);
-        Log& operator<<(const QJsonObject& t);
-        Log& operator<<(QTextStreamFunction t);
-        Log& operator<<(const void* t);
-
-        // Q_ENUM
-        template <typename T>
-        typename std::enable_if<QtPrivate::IsQEnumHelper<T>::Value, Log&>::type
-        operator<<(T t) {
-            const QMetaObject* meta = qt_getEnumMetaObject(t);
-            const char* name = qt_getEnumName(t);
-            addMetaEnum(typename QFlags<T>::Int(t), meta, name);
-            return *this;
-        }
-
-    private:
-        void addMetaEnum(quint64 value, const QMetaObject* meta, const char* name);
-
-        Logger* m_logger;
-        LogLevel m_logLevel;
-
-        struct Data {
-            Data() : m_ts(&m_buffer, QIODevice::WriteOnly) {}
-
-            QString m_buffer;
-            QTextStream m_ts;
-        };
-
-        Data* m_data;
-    };
-
-    Log error();
-    Log warning();
-    Log info();
-    Log debug();
-    QString sensitive(const QString& input);
-
-private:
-    Logger() {}
-    Logger(Logger const &) = delete;
-    Logger& operator= (Logger const&) = delete;
-
-    static QString userLogsDir();
-
-    static QFile m_file;
-    static QTextStream m_textStream;
-    static QString m_logFileName;
-
-    friend void debugMessageHandler(QtMsgType type, const QMessageLogContext& context, const QString& msg);
-
-    // compat with Mozilla logger
-    QString m_className;
-};
-
-#endif // LOGGER_H
@@ -149,7 +149,7 @@ void LocalSocketController::activate(const QJsonObject &rawConfig) {
  QJsonArray jsAllowedIPAddesses;

  QJsonArray plainAllowedIP = wgConfig.value(amnezia::config_key::allowed_ips).toArray();
-  QJsonArray defaultAllowedIP = QJsonArray::fromStringList(QString("0.0.0.0/0, ::/0").split(","));
+  QJsonArray defaultAllowedIP = { "0.0.0.0/0", "::/0" };

  if (plainAllowedIP != defaultAllowedIP && !plainAllowedIP.isEmpty()) {
    // Use AllowedIP list from WG config because of higher priority
@@ -98,6 +98,7 @@ bool AndroidController::initialize()
        {"onStatisticsUpdate", "(JJ)V", reinterpret_cast<void *>(onStatisticsUpdate)},
        {"onFileOpened", "(Ljava/lang/String;)V", reinterpret_cast<void *>(onFileOpened)},
        {"onConfigImported", "(Ljava/lang/String;)V", reinterpret_cast<void *>(onConfigImported)},
+        {"onAuthResult", "(Z)V", reinterpret_cast<void *>(onAuthResult)},
        {"decodeQrCode", "(Ljava/lang/String;)Z", reinterpret_cast<bool *>(decodeQrCode)}
    };

@@ -210,6 +211,11 @@ void AndroidController::setScreenshotsEnabled(bool enabled)
    callActivityMethod("setScreenshotsEnabled", "(Z)V", enabled);
 }

+void AndroidController::setNavigationBarColor(unsigned int color)
+{
+    callActivityMethod("setNavigationBarColor", "(I)V", color);
+}
+
 void AndroidController::minimizeApp()
 {
    callActivityMethod("minimizeApp", "()V");
@@ -265,6 +271,22 @@ void AndroidController::requestNotificationPermission()
    callActivityMethod("requestNotificationPermission", "()V");
 }

+bool AndroidController::requestAuthentication()
+{
+    QEventLoop wait;
+    bool result;
+    connect(this, &AndroidController::authenticationResult, this,
+            [&result, &wait](const bool &authResult){
+                qDebug() << "Android authentication result:" << authResult;
+                result = authResult;
+                wait.quit();
+            },
+            static_cast<Qt::ConnectionType>(Qt::QueuedConnection | Qt::SingleShotConnection));
+    callActivityMethod("requestAuthentication", "()V");
+    wait.exec();
+    return result;
+}
+
 // Moving log processing to the Android side
 jclass AndroidController::log;
 jmethodID AndroidController::logDebug;
@@ -462,6 +484,14 @@ void AndroidController::onConfigImported(JNIEnv *env, jobject thiz, jstring data
    emit AndroidController::instance()->configImported(AndroidUtils::convertJString(env, data));
 }

+// static
+void AndroidController::onAuthResult(JNIEnv *env, jobject thiz, jboolean result)
+{
+    Q_UNUSED(thiz);
+
+    emit AndroidController::instance()->authenticationResult(result);
+}
+
 // static
 bool AndroidController::decodeQrCode(JNIEnv *env, jobject thiz, jstring data)
 {
@@ -41,11 +41,13 @@ public:
    void exportLogsFile(const QString &fileName);
    void clearLogs();
    void setScreenshotsEnabled(bool enabled);
+    void setNavigationBarColor(unsigned int color);
    void minimizeApp();
    QJsonArray getAppList();
    QPixmap getAppIcon(const QString &package, QSize *size, const QSize &requestedSize);
    bool isNotificationPermissionGranted();
    void requestNotificationPermission();
+    bool requestAuthentication();

    static bool initLogging();
    static void messageHandler(QtMsgType type, const QMessageLogContext &context, const QString &message);
@@ -63,6 +65,7 @@ signals:
    void configImported(QString config);
    void importConfigFromOutside(QString config);
    void initConnectionState(Vpn::ConnectionState state);
+    void authenticationResult(bool result);

 private:
    bool isWaitingStatus = true;
@@ -89,6 +92,7 @@ private:
    static void onStatisticsUpdate(JNIEnv *env, jobject thiz, jlong rxBytes, jlong txBytes);
    static void onConfigImported(JNIEnv *env, jobject thiz, jstring data);
    static void onFileOpened(JNIEnv *env, jobject thiz, jstring uri);
+    static void onAuthResult(JNIEnv *env, jobject thiz, jboolean result);
    static bool decodeQrCode(JNIEnv *env, jobject thiz, jstring data);

    template <typename Ret, typename ...Args>
@@ -1,16 +0,0 @@
-#include "authResultReceiver.h"
-
-AuthResultReceiver::AuthResultReceiver(QSharedPointer<AuthResultNotifier> &notifier) : m_notifier(notifier)
-{
-}
-
-void AuthResultReceiver::handleActivityResult(int receiverRequestCode, int resultCode, const QJniObject &data)
-{
-    qDebug() << "receiverRequestCode" << receiverRequestCode << "resultCode" << resultCode;
-
-    if (resultCode == -1) { // ResultOK
-        emit m_notifier->authSuccessful();
-    } else {
-        emit m_notifier->authFailed();
-    }
-}
@@ -1,32 +0,0 @@
-#ifndef AUTHRESULTRECEIVER_H
-#define AUTHRESULTRECEIVER_H
-
-#include <QJniObject>
-
-#include <private/qandroidextras_p.h>
-
-class AuthResultNotifier : public QObject
-{
-    Q_OBJECT
-
-public:
-    AuthResultNotifier(QObject *parent = nullptr) : QObject(parent) {};
-
-signals:
-    void authFailed();
-    void authSuccessful();
-};
-
-/* Auth result handler for Android */
-class AuthResultReceiver final : public QAndroidActivityResultReceiver
-{
-public:
-    AuthResultReceiver(QSharedPointer<AuthResultNotifier> &notifier);
-
-    void handleActivityResult(int receiverRequestCode, int resultCode, const QJniObject &data) override;
-
-private:
-    QSharedPointer<AuthResultNotifier> m_notifier;
-};
-
-#endif // AUTHRESULTRECEIVER_H
@@ -351,8 +351,6 @@ void IosController::vpnStatusDidChange(void *pNotification)
                                }
                            }
                        }
-                    } else {
-                        qDebug() << "Disconnect error is absent";
                    }
                }];
            } else {
@@ -835,7 +833,7 @@ QString IosController::openFile() {

 void IosController::requestInetAccess() {
    NSURL *url = [NSURL URLWithString:@"http://captive.apple.com/generate_204"];
-    if (url) {
+    if (!url) {
        qDebug() << "IosController::requestInetAccess URL error";
        return;
    }
@@ -847,7 +845,6 @@ void IosController::requestInetAccess() {
        } else {
            NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *)response;
            QString responseBody = QString::fromUtf8((const char*)data.bytes, data.length);
-            qDebug() << "IosController::requestInetAccess server response:" << httpResponse.statusCode << "\n\n" <<responseBody;
        }
    }];
    [task resume];
@@ -12,7 +12,7 @@
 #include "Winsvc.h"

 /**
- * @brief The WindowsServiceManager provides controll over the MozillaVPNBroker
+ * @brief The WindowsServiceManager provides control over the MozillaVPNBroker
 * service via SCM
 */
 class WindowsServiceManager : public QObject {
@@ -10,6 +10,7 @@
 #include "ikev2_vpn_protocol_windows.h"
 #include "utilities.h"

+
 static Ikev2Protocol* self = nullptr;
 static std::mutex rasDialFuncMutex;

@@ -80,10 +81,10 @@ void Ikev2Protocol::newConnectionStateEventReceived(UINT unMsg, tagRASCONNSTATE
    case RASCS_AuthNotify:
        //qDebug()<<__FUNCTION__ << __LINE__;
        if (dwError != 0) {
-            //qDebug() << "have error" << dwError;
+            qDebug() << "have error" << dwError;
            setConnectionState(Vpn::ConnectionState::Disconnected);
        } else {
-            //qDebug() << "RASCS_AuthNotify but no error" << dwError;
+            qDebug() << "RASCS_AuthNotify but no error" << dwError;
        }
        break;
    case RASCS_AuthRetry:
@@ -179,11 +180,13 @@ ErrorCode Ikev2Protocol::start()
    QByteArray cert = QByteArray::fromBase64(m_config[config_key::cert].toString().toUtf8());
    setConnectionState(Vpn::ConnectionState::Connecting);

-    QTemporaryFile certFile;
-    certFile.setAutoRemove(false);
-    certFile.open();
-    certFile.write(cert);
-    certFile.close();
+    QTemporaryFile * certFile = new QTemporaryFile;
+    certFile->setAutoRemove(false);
+    certFile->open();
+    QString m_filename = certFile->fileName();
+    certFile->write(cert);
+    certFile->close();
+    delete certFile;

    {
        auto certInstallProcess = IpcClient::CreatePrivilegedProcess();
@@ -193,19 +196,19 @@ ErrorCode Ikev2Protocol::start()
            return ErrorCode::AmneziaServiceConnectionFailed;
        }

-        certInstallProcess->waitForSource(1000);
+        certInstallProcess->waitForSource();
        if (!certInstallProcess->isInitialized()) {
            qWarning() << "IpcProcess replica is not connected!";
            setLastError(ErrorCode::AmneziaServiceConnectionFailed);
            return ErrorCode::AmneziaServiceConnectionFailed;
        }
        certInstallProcess->setProgram(PermittedProcess::CertUtil);
-        QStringList arguments({"-f" , "-importpfx",
-                               "-p", m_config[config_key::password].toString(),
-                               certFile.fileName(), "NoExport"
-                              });
-        certInstallProcess->setArguments(arguments);

+        QStringList arguments({"-f", "-importpfx", "-p", m_config[config_key::password].toString(),
+            QDir::toNativeSeparators(m_filename), "NoExport"
+        });
+
+        certInstallProcess->setArguments(arguments);
        certInstallProcess->start();
    }
    // /*
@@ -219,40 +222,40 @@ ErrorCode Ikev2Protocol::start()
    }

    {
-        {
-            if ( !create_new_vpn(tunnelName(), m_config[config_key::hostName].toString())){
-                qDebug() <<"Can't create the VPN connect";
-            }
-        }
-    }
+     {
+      if ( !create_new_vpn(tunnelName(), m_config[config_key::hostName].toString())){
+                                                                                    qDebug() <<"Can't create the VPN connect";
+}
+}
+}

-    {
-        auto adapterConfigProcess = new QProcess;
+{
+    QProcess adapterConfigProcess;
+    adapterConfigProcess.setProgram("powershell");
+    QString arguments = QString("-command \"Set-VpnConnectionIPsecConfiguration\" "
+                                "-ConnectionName '%1' "
+                                "-AuthenticationTransformConstants GCMAES128 "
+                                "-CipherTransformConstants GCMAES128 "
+                                "-EncryptionMethod AES256 "
+                                "-IntegrityCheckMethod SHA256 "
+                                "-PfsGroup None "
+                                "-DHGroup Group14 "
+                                "-PassThru -Force\"")
+                            .arg(tunnelName());

-        adapterConfigProcess->setProgram("powershell");
-        QString arguments = QString("-command \"Set-VpnConnectionIPsecConfiguration\" "
-                                    "-ConnectionName '%1' "
-                                    "-AuthenticationTransformConstants GCMAES128 "
-                                    "-CipherTransformConstants GCMAES128 "
-                                    "-EncryptionMethod AES256 "
-                                    "-IntegrityCheckMethod SHA256 "
-                                    "-PfsGroup None "
-                                    "-DHGroup Group14 "
-                                    "-PassThru -Force\"")
-                .arg(tunnelName());
-        adapterConfigProcess->setNativeArguments(arguments);
+    adapterConfigProcess.setNativeArguments(arguments);

-        adapterConfigProcess->start();
-        adapterConfigProcess->waitForFinished(5000);
+    adapterConfigProcess.start();
+    adapterConfigProcess.waitForFinished(5000);
+}
+//*/
+{
+    if (!connect_to_vpn(tunnelName())) {
+        qDebug()<<"We can't connect to VPN";
    }
-    //*/
-    {
-        if (!connect_to_vpn(tunnelName())) {
-            qDebug()<<"We can't connect to VPN";
-        }
-    }
-    //setConnectionState(Connecting);
-    return ErrorCode::NoError;
+}
+//setConnectionState(Connecting);
+return ErrorCode::NoError;
 }
 //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 bool Ikev2Protocol::create_new_vpn(const QString & vpn_name,
@@ -299,6 +302,7 @@ bool Ikev2Protocol::connect_to_vpn(const QString & vpn_name){
    auto ret = RasDial(NULL, NULL, &RasDialParams, 0,
                       &RasDialFuncCallback,
                       &hRasConn);
+
    if (ret == ERROR_SUCCESS){
        return true;
    }
@@ -6,6 +6,7 @@
 #include <QTcpSocket>
 #include <QNetworkInterface>

+#include "core/networkUtilities.h"
 #include "logger.h"
 #include "openvpnprotocol.h"
 #include "utilities.h"
@@ -127,7 +128,6 @@ void OpenVpnProtocol::sendManagementCommand(const QString &command)

 uint OpenVpnProtocol::selectMgmtPort()
 {
-
    for (int i = 0; i < 100; ++i) {
        quint32 port = QRandomGenerator::global()->generate();
        port = (double)(65000 - 15001) * port / UINT32_MAX + 15001;
@@ -137,7 +137,6 @@ uint OpenVpnProtocol::selectMgmtPort()
        if (ok)
            return port;
    }
-
    return m_managementPort;
 }

@@ -343,7 +342,8 @@ void OpenVpnProtocol::updateVpnGateway(const QString &line)
                            }
                            m_configData.insert("vpnAdapterIndex", netInterfaces.at(i).index());
                            m_configData.insert("vpnGateway", m_vpnGateway);
-                            m_configData.insert("vpnServer", m_configData.value(amnezia::config_key::hostName).toString());
+                            m_configData.insert("vpnServer",
+                                                NetworkUtilities::getIPAddress(m_configData.value(amnezia::config_key::hostName).toString()));
                            IpcClient::Interface()->enablePeerTraffic(m_configData);
                        }
                    }
@@ -352,6 +352,8 @@ void OpenVpnProtocol::updateVpnGateway(const QString &line)
 #if defined(Q_OS_LINUX) || defined(Q_OS_MACOS)
                // killSwitch toggle
                if (QVariant(m_configData.value(config_key::killSwitchOption).toString()).toBool()) {
+                    m_configData.insert("vpnServer",
+                                        NetworkUtilities::getIPAddress(m_configData.value(amnezia::config_key::hostName).toString()));
                    IpcClient::Interface()->enableKillSwitch(m_configData, 0);
                }
 #endif
@@ -4,9 +4,8 @@
 #include <QTcpSocket>
 #include <QThread>

-#include "logger.h"
-#include "utilities.h"
 #include "wireguardprotocol.h"
+#include "core/networkUtilities.h"

 #include "mozilla/localsocketcontroller.h"

@@ -37,6 +36,12 @@ void WireguardProtocol::stop()

 ErrorCode WireguardProtocol::startMzImpl()
 {
+    QString protocolName = m_rawConfig.value("protocol").toString();
+    QJsonObject vpnConfigData = m_rawConfig.value(protocolName + "_config_data").toObject();
+    vpnConfigData[config_key::hostName] = NetworkUtilities::getIPAddress(vpnConfigData.value(config_key::hostName).toString());
+    m_rawConfig.insert(protocolName + "_config_data", vpnConfigData);
+    m_rawConfig[config_key::hostName] = NetworkUtilities::getIPAddress(m_rawConfig[config_key::hostName].toString());
+
    m_impl->activate(m_rawConfig);
    return ErrorCode::NoError;
 }
@@ -17,6 +17,7 @@ XrayProtocol::XrayProtocol(const QJsonObject &configuration, QObject *parent):
    m_routeGateway = NetworkUtilities::getGatewayAndIface();
    m_vpnGateway = amnezia::protocols::xray::defaultLocalAddr;
    m_vpnLocalAddress = amnezia::protocols::xray::defaultLocalAddr;
+    m_t2sProcess = IpcClient::InterfaceTun2Socks();
 }

 XrayProtocol::~XrayProtocol()
@@ -43,7 +44,9 @@ ErrorCode XrayProtocol::start()
    m_xrayCfgFile.setAutoRemove(false);
 #endif
    m_xrayCfgFile.open();
-    m_xrayCfgFile.write(QJsonDocument(m_xrayConfig).toJson());
+    QString config = QJsonDocument(m_xrayConfig).toJson();
+    config.replace(m_remoteHost, m_remoteAddress);
+    m_xrayCfgFile.write(config.toUtf8());
    m_xrayCfgFile.close();

    QStringList args = QStringList() << "-c" << m_xrayCfgFile.fileName() << "-format=json";
@@ -63,7 +66,7 @@ ErrorCode XrayProtocol::start()
    });

    connect(&m_xrayProcess, QOverload<int, QProcess::ExitStatus>::of(&QProcess::finished), this, [this](int exitCode, QProcess::ExitStatus exitStatus) {
-        qDebug().noquote() << "XrayProtocol finished, exitCode, exiStatus" << exitCode << exitStatus;
+        qDebug().noquote() << "XrayProtocol finished, exitCode, exitStatus" << exitCode << exitStatus;
        setConnectionState(Vpn::ConnectionState::Disconnected);
        if (exitStatus != QProcess::NormalExit) {
            emit protocolError(amnezia::ErrorCode::XrayExecutableCrashed);
@@ -89,116 +92,80 @@ ErrorCode XrayProtocol::start()

 ErrorCode XrayProtocol::startTun2Sock()
 {
-    if (!QFileInfo::exists(Utils::tun2socksPath())) {
-        setLastError(ErrorCode::Tun2SockExecutableMissing);
-        return lastError();
-    }
-
-    m_t2sProcess = IpcClient::CreatePrivilegedProcess();
-
-    if (!m_t2sProcess) {
-        setLastError(ErrorCode::AmneziaServiceConnectionFailed);
-        return ErrorCode::AmneziaServiceConnectionFailed;
-    }
-
-    m_t2sProcess->waitForSource(1000);
-    if (!m_t2sProcess->isInitialized()) {
-        qWarning() << "IpcProcess replica is not connected!";
-        setLastError(ErrorCode::AmneziaServiceConnectionFailed);
-        return ErrorCode::AmneziaServiceConnectionFailed;
-    }
-
-    QString XrayConStr = "socks5://127.0.0.1:" + QString::number(m_localPort);
-
-    m_t2sProcess->setProgram(PermittedProcess::Tun2Socks);
-#ifdef Q_OS_WIN
-    m_configData.insert("inetAdapterIndex", NetworkUtilities::AdapterIndexTo(QHostAddress(m_remoteAddress)));
-    QStringList arguments({"-device", "tun://tun2", "-proxy", XrayConStr, "-tun-post-up",
-                           QString("cmd /c netsh interface ip set address name=\"tun2\" static %1 255.255.255.255").arg(amnezia::protocols::xray::defaultLocalAddr)});
-#endif
-#ifdef Q_OS_LINUX
-    QStringList arguments({"-device", "tun://tun2", "-proxy", XrayConStr});
-#endif
-#ifdef Q_OS_MAC
-    QStringList arguments({"-device", "utun22", "-proxy", XrayConStr});
-#endif
-    m_t2sProcess->setArguments(arguments);
-
-    qDebug() << arguments.join(" ");
-    connect(m_t2sProcess.data(), &PrivilegedProcess::errorOccurred,
-            [&](QProcess::ProcessError error) { qDebug() << "PrivilegedProcess errorOccurred" << error; });
-
-    connect(m_t2sProcess.data(), &PrivilegedProcess::stateChanged,
-            [&](QProcess::ProcessState newState) {
-                qDebug() << "PrivilegedProcess stateChanged" << newState;
-        if (newState == QProcess::Running)
-        {
-            setConnectionState(Vpn::ConnectionState::Connecting);
-            QList<QHostAddress> dnsAddr;
-            dnsAddr.push_back(QHostAddress(m_configData.value(config_key::dns1).toString()));
-            dnsAddr.push_back(QHostAddress(m_configData.value(config_key::dns2).toString()));
-
-#ifdef Q_OS_MACOS
-            QThread::msleep(5000);
-            IpcClient::Interface()->createTun("utun22", amnezia::protocols::xray::defaultLocalAddr);
-            IpcClient::Interface()->updateResolvers("utun22", dnsAddr);
-#endif
-#ifdef Q_OS_WINDOWS
-            QThread::msleep(15000);
-#endif
-#ifdef Q_OS_LINUX
-            QThread::msleep(1000);
-            IpcClient::Interface()->createTun("tun2", amnezia::protocols::xray::defaultLocalAddr);
-            IpcClient::Interface()->updateResolvers("tun2", dnsAddr);
-#endif
-#if defined(Q_OS_LINUX) || defined(Q_OS_MACOS)
-            // killSwitch toggle
-            if (QVariant(m_configData.value(config_key::killSwitchOption).toString()).toBool()) {
-                IpcClient::Interface()->enableKillSwitch(m_configData, 0);
-            }
-#endif
-            if (m_routeMode == 0) {
-                IpcClient::Interface()->routeAddList(m_vpnGateway, QStringList() << "0.0.0.0/1");
-                IpcClient::Interface()->routeAddList(m_vpnGateway, QStringList() << "128.0.0.0/1");
-                IpcClient::Interface()->routeAddList(m_routeGateway, QStringList() << m_remoteAddress);
-            }
-            IpcClient::Interface()->StopRoutingIpv6();
-#ifdef Q_OS_WIN
-            IpcClient::Interface()->updateResolvers("tun2", dnsAddr);
-            QList<QNetworkInterface> netInterfaces = QNetworkInterface::allInterfaces();
-            for (int i = 0; i < netInterfaces.size(); i++) {
-                for (int j=0; j < netInterfaces.at(i).addressEntries().size(); j++)
-                {
-                    // killSwitch toggle
-                    if (m_vpnLocalAddress == netInterfaces.at(i).addressEntries().at(j).ip().toString()) {
-                        if (QVariant(m_configData.value(config_key::killSwitchOption).toString()).toBool()) {
-                            IpcClient::Interface()->enableKillSwitch(QJsonObject(), netInterfaces.at(i).index());
-                        }
-                        m_configData.insert("vpnAdapterIndex", netInterfaces.at(i).index());
-                        m_configData.insert("vpnGateway", m_vpnGateway);
-                        m_configData.insert("vpnServer", m_remoteAddress);
-                        IpcClient::Interface()->enablePeerTraffic(m_configData);
-                    }
-                }
-            }
-#endif
-            setConnectionState(Vpn::ConnectionState::Connected);
-        }
-    });
-
-
-#if !defined(Q_OS_MACOS)
-    connect(m_t2sProcess.data(), &PrivilegedProcess::finished, this,
-            [&]() {
-                setConnectionState(Vpn::ConnectionState::Disconnected);
-                IpcClient::Interface()->deleteTun("tun2");
-                IpcClient::Interface()->StartRoutingIpv6();
-                IpcClient::Interface()->clearSavedRoutes();
-    });
-#endif
-
    m_t2sProcess->start();

+#ifdef Q_OS_WIN
+    m_configData.insert("inetAdapterIndex", NetworkUtilities::AdapterIndexTo(QHostAddress(m_remoteAddress)));
+#endif
+
+    connect(m_t2sProcess.data(), &IpcProcessTun2SocksReplica::stateChanged, this,
+            [&](QProcess::ProcessState newState) { qDebug() << "PrivilegedProcess stateChanged" << newState; });
+
+    connect(m_t2sProcess.data(), &IpcProcessTun2SocksReplica::setConnectionState, this,
+            [&](int vpnState) {
+                qDebug() << "PrivilegedProcess setConnectionState " << vpnState;
+                if (vpnState == Vpn::ConnectionState::Connected)
+                {
+                    setConnectionState(Vpn::ConnectionState::Connecting);
+                    QList<QHostAddress> dnsAddr;
+                    dnsAddr.push_back(QHostAddress(m_configData.value(config_key::dns1).toString()));
+                    dnsAddr.push_back(QHostAddress(m_configData.value(config_key::dns2).toString()));
+#ifdef Q_OS_WIN
+                    QThread::msleep(8000);
+#endif
+#ifdef Q_OS_MACOS
+                    QThread::msleep(5000);
+                    IpcClient::Interface()->createTun("utun22", amnezia::protocols::xray::defaultLocalAddr);
+                    IpcClient::Interface()->updateResolvers("utun22", dnsAddr);
+#endif
+#ifdef Q_OS_LINUX
+                    QThread::msleep(1000);
+                    IpcClient::Interface()->createTun("tun2", amnezia::protocols::xray::defaultLocalAddr);
+                    IpcClient::Interface()->updateResolvers("tun2", dnsAddr);
+#endif
+#if defined(Q_OS_LINUX) || defined(Q_OS_MACOS)
+                    // killSwitch toggle
+                    if (QVariant(m_configData.value(config_key::killSwitchOption).toString()).toBool()) {
+                        m_configData.insert("vpnServer", m_remoteAddress);
+                        IpcClient::Interface()->enableKillSwitch(m_configData, 0);
+                    }
+#endif
+                    if (m_routeMode == 0) {
+                        IpcClient::Interface()->routeAddList(m_vpnGateway, QStringList() << "0.0.0.0/1");
+                        IpcClient::Interface()->routeAddList(m_vpnGateway, QStringList() << "128.0.0.0/1");
+                        IpcClient::Interface()->routeAddList(m_routeGateway, QStringList() << m_remoteAddress);
+                    }
+                    IpcClient::Interface()->StopRoutingIpv6();
+#ifdef Q_OS_WIN
+                    IpcClient::Interface()->updateResolvers("tun2", dnsAddr);
+                    QList<QNetworkInterface> netInterfaces = QNetworkInterface::allInterfaces();
+                    for (int i = 0; i < netInterfaces.size(); i++) {
+                        for (int j = 0; j < netInterfaces.at(i).addressEntries().size(); j++)
+                        {
+                            // killSwitch toggle
+                            if (m_vpnLocalAddress == netInterfaces.at(i).addressEntries().at(j).ip().toString()) {
+                                if (QVariant(m_configData.value(config_key::killSwitchOption).toString()).toBool()) {
+                                    IpcClient::Interface()->enableKillSwitch(QJsonObject(), netInterfaces.at(i).index());
+                                }
+                                m_configData.insert("vpnAdapterIndex", netInterfaces.at(i).index());
+                                m_configData.insert("vpnGateway", m_vpnGateway);
+                                m_configData.insert("vpnServer", m_remoteAddress);
+                                IpcClient::Interface()->enablePeerTraffic(m_configData);
+                            }
+                        }
+                    }
+#endif
+                    setConnectionState(Vpn::ConnectionState::Connected);
+                }
+#if !defined(Q_OS_MACOS)
+                if (vpnState == Vpn::ConnectionState::Disconnected) {
+                    setConnectionState(Vpn::ConnectionState::Disconnected);
+                    IpcClient::Interface()->deleteTun("tun2");
+                    IpcClient::Interface()->StartRoutingIpv6();
+                    IpcClient::Interface()->clearSavedRoutes();
+                }
+#endif
+            });

    return ErrorCode::NoError;
 }
@@ -212,7 +179,7 @@ void XrayProtocol::stop()
    qDebug() << "XrayProtocol::stop()";
    m_xrayProcess.terminate();
    if (m_t2sProcess) {
-        m_t2sProcess->close();
+        m_t2sProcess->stop();
    }

 #ifdef Q_OS_WIN
@@ -238,7 +205,8 @@ void XrayProtocol::readXrayConfiguration(const QJsonObject &configuration)
    }
    m_xrayConfig = xrayConfiguration;
    m_localPort = QString(amnezia::protocols::xray::defaultLocalProxyPort).toInt();
-    m_remoteAddress = configuration.value(amnezia::config_key::hostName).toString();
+    m_remoteHost = configuration.value(amnezia::config_key::hostName).toString();
+    m_remoteAddress = NetworkUtilities::getIPAddress(m_remoteHost);
    m_routeMode = configuration.value(amnezia::config_key::splitTunnelType).toInt();
    m_primaryDNS = configuration.value(amnezia::config_key::dns1).toString();
    m_secondaryDNS = configuration.value(amnezia::config_key::dns2).toString();
@@ -26,6 +26,7 @@ private:
    static QString tun2SocksExecPath();
 private:
    int m_localPort;
+    QString m_remoteHost;
    QString m_remoteAddress;
    int m_routeMode;
    QJsonObject m_configData;
@@ -33,9 +34,10 @@ private:
    QString m_secondaryDNS;
 #ifndef Q_OS_IOS
    QProcess m_xrayProcess;
-    QSharedPointer<PrivilegedProcess> m_t2sProcess;
+    QSharedPointer<IpcProcessTun2SocksReplica> m_t2sProcess;
 #endif
    QTemporaryFile m_xrayCfgFile;
+
 };

 #endif // XRAYPROTOCOL_H
@@ -199,6 +199,8 @@
        <file>server_scripts/socks5_proxy/Dockerfile</file>
        <file>server_scripts/socks5_proxy/configure_container.sh</file>
        <file>server_scripts/socks5_proxy/start.sh</file>
+        <file>ui/qml/Pages2/PageProtocolAwgClientSettings.qml</file>
+        <file>ui/qml/Pages2/PageProtocolWireGuardClientSettings.qml</file>
        <file>ui/qml/Pages2/PageSetupWizardApiServicesList.qml</file>
        <file>ui/qml/Pages2/PageSetupWizardApiServiceInfo.qml</file>
        <file>ui/qml/Controls2/CardWithIconsType.qml</file>
@@ -174,13 +174,25 @@ bool SecureQSettings::restoreAppConfig(const QByteArray &json)
 QByteArray SecureQSettings::encryptText(const QByteArray &value) const
 {
    QSimpleCrypto::QBlockCipher cipher;
-    return cipher.encryptAesBlockCipher(value, getEncKey(), getEncIv());
+    QByteArray result;
+    try {
+        result = cipher.encryptAesBlockCipher(value, getEncKey(), getEncIv());
+    } catch (...) { // todo change error handling in QSimpleCrypto?
+        qCritical() << "error when encrypting the settings value";
+    }
+    return result;
 }

 QByteArray SecureQSettings::decryptText(const QByteArray &ba) const
 {
    QSimpleCrypto::QBlockCipher cipher;
-    return cipher.decryptAesBlockCipher(ba, getEncKey(), getEncIv());
+    QByteArray result;
+    try {
+        result = cipher.decryptAesBlockCipher(ba, getEncKey(), getEncIv());
+    } catch (...) { // todo change error handling in QSimpleCrypto?
+        qCritical() << "error when decrypting the settings value";
+    }
+    return result;
 }

 bool SecureQSettings::encryptionRequired() const
@@ -13,5 +13,5 @@ sudo docker network connect amnezia-dns-net $CONTAINER_NAME
 sudo docker exec -i $CONTAINER_NAME bash -c 'mkdir -p /dev/net; if [ ! -c /dev/net/tun ]; then mknod /dev/net/tun c 10 200; fi'

 # Prevent to route packets outside of the container in case if server behind of the NAT
-sudo docker exec -i $CONTAINER_NAME sh -c "ifconfig eth0:0 $SERVER_IP_ADDRESS netmask 255.255.255.255 up"
+#sudo docker exec -i $CONTAINER_NAME sh -c "ifconfig eth0:0 $SERVER_IP_ADDRESS netmask 255.255.255.255 up"

@@ -3,7 +3,7 @@
 # This scripts copied from Amnezia client to Docker container to /opt/amnezia and launched every time container starts

 echo "Container startup"
-ifconfig eth0:0 $SERVER_IP_ADDRESS netmask 255.255.255.255 up
+#ifconfig eth0:0 $SERVER_IP_ADDRESS netmask 255.255.255.255 up

 iptables -A INPUT -i lo -j ACCEPT
 iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
@@ -227,7 +227,7 @@ void Settings::setSaveLogs(bool enabled)
    if (!isSaveLogs()) {
        Logger::deInit();
    } else {
-        if (!Logger::init()) {
+        if (!Logger::init(false)) {
            qWarning() << "Initialization of debug subsystem failed";
        }
    }
@@ -519,7 +519,22 @@ void Settings::setGatewayEndpoint(const QString &endpoint)
    m_gatewayEndpoint = endpoint;
 }

+void Settings::setDevGatewayEndpoint()
+{
+    m_gatewayEndpoint = DEV_AGW_ENDPOINT;
+}
+
 QString Settings::getGatewayEndpoint()
 {
    return m_gatewayEndpoint;
 }
+
+bool Settings::isDevGatewayEnv()
+{
+    return m_isDevGatewayEnv;
+}
+
+void Settings::toggleDevGatewayEnv(bool enabled)
+{
+    m_isDevGatewayEnv = enabled;
+}
@@ -183,7 +183,7 @@ public:

    bool isScreenshotsEnabled() const
    {
-        return value("Conf/screenshotsEnabled", false).toBool();
+        return value("Conf/screenshotsEnabled", true).toBool();
    }
    void setScreenshotsEnabled(bool enabled)
    {
@@ -217,7 +217,10 @@ public:

    void resetGatewayEndpoint();
    void setGatewayEndpoint(const QString &endpoint);
+    void setDevGatewayEndpoint();
    QString getGatewayEndpoint();
+    bool isDevGatewayEnv();
+    void toggleDevGatewayEnv(bool enabled);

 signals:
    void saveLogsChanged(bool enabled);
@@ -234,6 +237,7 @@ private:
    mutable SecureQSettings m_settings;

    QString m_gatewayEndpoint;
+    bool m_isDevGatewayEnv;
 };

 #endif // SETTINGS_H
@@ -10,9 +10,6 @@

 #include "core/controllers/vpnConfigurationController.h"
 #include "systemController.h"
-#ifdef Q_OS_ANDROID
-    #include "platforms/android/android_utils.h"
-#endif
 #include "qrcodegen.hpp"

 ExportController::ExportController(const QSharedPointer<ServersModel> &serversModel, const QSharedPointer<ContainersModel> &containersModel,
@@ -24,12 +21,6 @@ ExportController::ExportController(const QSharedPointer<ServersModel> &serversMo
      m_clientManagementModel(clientManagementModel),
      m_settings(settings)
 {
-#ifdef Q_OS_ANDROID
-    m_authResultNotifier.reset(new AuthResultNotifier);
-    m_authResultReceiver.reset(new AuthResultReceiver(m_authResultNotifier));
-    connect(m_authResultNotifier.get(), &AuthResultNotifier::authFailed, this, [this]() { emit exportErrorOccurred(tr("Access error!")); });
-    connect(m_authResultNotifier.get(), &AuthResultNotifier::authSuccessful, this, &ExportController::generateFullAccessConfig);
-#endif
 }

 void ExportController::generateFullAccessConfig()
@@ -63,26 +54,6 @@ void ExportController::generateFullAccessConfig()
    emit exportConfigChanged();
 }

-#if defined(Q_OS_ANDROID)
-void ExportController::generateFullAccessConfigAndroid()
-{
-    /* We use builtin keyguard for ssh key export protection on Android */
-    QJniObject activity = AndroidUtils::getActivity();
-    auto appContext = activity.callObjectMethod("getApplicationContext", "()Landroid/content/Context;");
-    if (appContext.isValid()) {
-        auto intent = QJniObject::callStaticObjectMethod("org/amnezia/vpn/AuthHelper", "getAuthIntent",
-                                                         "(Landroid/content/Context;)Landroid/content/Intent;", appContext.object());
-        if (intent.isValid()) {
-            if (intent.object<jobject>() != nullptr) {
-                QtAndroidPrivate::startActivity(intent.object<jobject>(), 1, m_authResultReceiver.get());
-            }
-        } else {
-            generateFullAccessConfig();
-        }
-    }
-}
-#endif
-
 void ExportController::generateConnectionConfig(const QString &clientName)
 {
    clearPreviousConfig();
@@ -6,9 +6,6 @@
 #include "ui/models/clientManagementModel.h"
 #include "ui/models/containers_model.h"
 #include "ui/models/servers_model.h"
-#ifdef Q_OS_ANDROID
-    #include "platforms/android/authResultReceiver.h"
-#endif

 class ExportController : public QObject
 {
@@ -25,9 +22,6 @@ public:

 public slots:
    void generateFullAccessConfig();
-#if defined(Q_OS_ANDROID)
-    void generateFullAccessConfigAndroid();
-#endif
    void generateConnectionConfig(const QString &clientName);
    void generateOpenVpnConfig(const QString &clientName);
    void generateWireGuardConfig(const QString &clientName);
@@ -74,11 +68,6 @@ private:
    QString m_config;
    QString m_nativeConfigString;
    QList<QString> m_qrCodes;
-
-#ifdef Q_OS_ANDROID
-    QSharedPointer<AuthResultNotifier> m_authResultNotifier;
-    QSharedPointer<QAndroidActivityResultReceiver> m_authResultReceiver;
-#endif
 };

 #endif // EXPORTCONTROLLER_H
@@ -4,12 +4,12 @@
 #include <QFileInfo>
 #include <QQuickItem>
 #include <QRandomGenerator>
-#include <QUrlQuery>
 #include <QStandardPaths>
+#include <QUrlQuery>

-#include "utilities.h"
-#include "core/serialization/serialization.h"
 #include "core/errorstrings.h"
+#include "core/serialization/serialization.h"
+#include "utilities.h"

 #ifdef Q_OS_ANDROID
    #include "platforms/android/android_controller.h"
@@ -96,36 +96,40 @@ bool ImportController::extractConfigFromData(QString data)

    if (config.startsWith("vless://")) {
        m_configType = ConfigTypes::Xray;
-        m_config = extractXrayConfig(Utils::JsonToString(serialization::vless::Deserialize(config, &prefix, &errormsg),
-                                                         QJsonDocument::JsonFormat::Compact), prefix);
+        m_config = extractXrayConfig(
+                Utils::JsonToString(serialization::vless::Deserialize(config, &prefix, &errormsg), QJsonDocument::JsonFormat::Compact),
+                prefix);
        return m_config.empty() ? false : true;
    }

    if (config.startsWith("vmess://") && config.contains("@")) {
        m_configType = ConfigTypes::Xray;
-        m_config = extractXrayConfig(Utils::JsonToString(serialization::vmess_new::Deserialize(config, &prefix, &errormsg),
-                                                         QJsonDocument::JsonFormat::Compact), prefix);
+        m_config = extractXrayConfig(
+                Utils::JsonToString(serialization::vmess_new::Deserialize(config, &prefix, &errormsg), QJsonDocument::JsonFormat::Compact),
+                prefix);
        return m_config.empty() ? false : true;
    }

    if (config.startsWith("vmess://")) {
        m_configType = ConfigTypes::Xray;
-        m_config = extractXrayConfig(Utils::JsonToString(serialization::vmess::Deserialize(config, &prefix, &errormsg),
-                                                         QJsonDocument::JsonFormat::Compact), prefix);
+        m_config = extractXrayConfig(
+                Utils::JsonToString(serialization::vmess::Deserialize(config, &prefix, &errormsg), QJsonDocument::JsonFormat::Compact),
+                prefix);
        return m_config.empty() ? false : true;
    }

    if (config.startsWith("trojan://")) {
        m_configType = ConfigTypes::Xray;
-        m_config = extractXrayConfig(Utils::JsonToString(serialization::trojan::Deserialize(config, &prefix, &errormsg),
-                                                         QJsonDocument::JsonFormat::Compact), prefix);
+        m_config = extractXrayConfig(
+                Utils::JsonToString(serialization::trojan::Deserialize(config, &prefix, &errormsg), QJsonDocument::JsonFormat::Compact),
+                prefix);
        return m_config.empty() ? false : true;
    }

    if (config.startsWith("ss://") && !config.contains("plugin=")) {
        m_configType = ConfigTypes::ShadowSocks;
-        m_config = extractXrayConfig(Utils::JsonToString(serialization::ss::Deserialize(config, &prefix, &errormsg),
-                                                         QJsonDocument::JsonFormat::Compact), prefix);
+        m_config = extractXrayConfig(
+                Utils::JsonToString(serialization::ss::Deserialize(config, &prefix, &errormsg), QJsonDocument::JsonFormat::Compact), prefix);
        return m_config.empty() ? false : true;
    }

@@ -173,6 +177,7 @@ bool ImportController::extractConfigFromData(QString data)
    }
    case ConfigTypes::Amnezia: {
        m_config = QJsonDocument::fromJson(config.toUtf8()).object();
+        processAmneziaConfig(m_config);
        if (!m_config.empty()) {
            checkForMaliciousStrings(m_config);
            return true;
@@ -353,20 +358,19 @@ QJsonObject ImportController::extractWireGuardConfig(const QString &data)
    QJsonObject lastConfig;
    lastConfig[config_key::config] = data;

-    const static QRegularExpression hostNameAndPortRegExp("Endpoint = (.*):([0-9]*)");
-    QRegularExpressionMatch hostNameAndPortMatch = hostNameAndPortRegExp.match(data);
+    auto url { QUrl::fromUserInput(configMap.value("Endpoint")) };
    QString hostName;
    QString port;
-    if (hostNameAndPortMatch.hasCaptured(1)) {
-        hostName = hostNameAndPortMatch.captured(1);
+    if (!url.host().isEmpty()) {
+        hostName = url.host();
    } else {
-        qDebug() << "Key parameter 'Endpoint' is missing";
+        qDebug() << "Key parameter 'Endpoint' is missing or has an invalid format";
        emit importErrorOccurred(ErrorCode::ImportInvalidConfigError, false);
        return QJsonObject();
    }

-    if (hostNameAndPortMatch.hasCaptured(2)) {
-        port = hostNameAndPortMatch.captured(2);
+    if (url.port() != -1) {
+        port = QString::number(url.port());
    } else {
        port = protocols::wireguard::defaultPort;
    }
@@ -395,7 +399,11 @@ QJsonObject ImportController::extractWireGuardConfig(const QString &data)
        lastConfig[config_key::mtu] = configMap.value("MTU");
    }

-    QJsonArray allowedIpsJsonArray = QJsonArray::fromStringList(configMap.value("AllowedIPs").split(","));
+    if (!configMap.value("PersistentKeepalive").isEmpty()) {
+        lastConfig[config_key::persistent_keep_alive] = configMap.value("PersistentKeepalive");
+    }
+
+    QJsonArray allowedIpsJsonArray = QJsonArray::fromStringList(configMap.value("AllowedIPs").split(", "));

    lastConfig[config_key::allowed_ips] = allowedIpsJsonArray;

@@ -419,6 +427,12 @@ QJsonObject ImportController::extractWireGuardConfig(const QString &data)
        m_configType = ConfigTypes::Awg;
    }

+    if (!configMap.value("MTU").isEmpty()) {
+        lastConfig[config_key::mtu] = configMap.value("MTU");
+    } else {
+        lastConfig[config_key::mtu] = protocolName == "awg" ? protocols::awg::defaultMtu : protocols::wireguard::defaultMtu;
+    }
+
    QJsonObject wireguardConfig;
    wireguardConfig[config_key::last_config] = QString(QJsonDocument(lastConfig).toJson());
    wireguardConfig[config_key::isThirdPartyConfig] = true;
@@ -488,7 +502,7 @@ QJsonObject ImportController::extractXrayConfig(const QString &data, const QStri
    if (m_configType == ConfigTypes::ShadowSocks) {
        config[config_key::defaultContainer] = "amnezia-ssxray";
    } else {
-       config[config_key::defaultContainer] = "amnezia-xray";
+        config[config_key::defaultContainer] = "amnezia-xray";
    }
    if (description.isEmpty()) {
        config[config_key::description] = m_settings->nextAvailableServerName();
@@ -646,3 +660,28 @@ void ImportController::checkForMaliciousStrings(const QJsonObject &serverConfig)
        }
    }
 }
+
+void ImportController::processAmneziaConfig(QJsonObject &config)
+{
+    auto containers = config.value(config_key::containers).toArray();
+    for (auto i = 0; i < containers.size(); i++) {
+        auto container = containers.at(i).toObject();
+        auto dockerContainer = ContainerProps::containerFromString(container.value(config_key::container).toString());
+        if (dockerContainer == DockerContainer::Awg || dockerContainer == DockerContainer::WireGuard) {
+            auto containerConfig = container.value(ContainerProps::containerTypeToString(dockerContainer)).toObject();
+            auto protocolConfig = containerConfig.value(config_key::last_config).toString();
+            if (protocolConfig.isEmpty()) {
+                return;
+            }
+
+            QJsonObject jsonConfig = QJsonDocument::fromJson(protocolConfig.toUtf8()).object();
+            jsonConfig[config_key::mtu] = dockerContainer == DockerContainer::Awg ? protocols::awg::defaultMtu : protocols::wireguard::defaultMtu;
+
+            containerConfig[config_key::last_config] = QString(QJsonDocument(jsonConfig).toJson());
+
+            container[ContainerProps::containerTypeToString(dockerContainer)] = containerConfig;
+            containers.replace(i, container);
+            config.insert(config_key::containers, containers);
+        }
+    }
+}
@@ -68,6 +68,8 @@ private:

    void checkForMaliciousStrings(const QJsonObject &protocolConfig);

+    void processAmneziaConfig(QJsonObject &config);
+
 #if defined Q_OS_ANDROID || defined Q_OS_IOS
    void stopDecodingQr();
 #endif
@@ -799,7 +799,7 @@ void InstallController::addEmptyServer()

 bool InstallController::fillAvailableServices()
 {
-    ApiController apiController(m_settings->getGatewayEndpoint());
+    ApiController apiController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv());

    QByteArray responseBody;
    ErrorCode errorCode = apiController.getServicesList(responseBody);
@@ -821,7 +821,7 @@ bool InstallController::installServiceFromApi()
        return false;
    }

-    ApiController apiController(m_settings->getGatewayEndpoint());
+    ApiController apiController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv());
    QJsonObject serverConfig;

    ErrorCode errorCode = apiController.getConfigForService(m_settings->getInstallationUuid(true), m_apiServicesModel->getCountryCode(),
@@ -849,7 +849,7 @@ bool InstallController::installServiceFromApi()
 bool InstallController::updateServiceFromApi(const int serverIndex, const QString &newCountryCode, const QString &newCountryName,
                                             bool reloadServiceConfig)
 {
-    ApiController apiController(m_settings->getGatewayEndpoint());
+    ApiController apiController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv());

    auto serverConfig = m_serversModel->getServerConfig(serverIndex);
    auto apiConfig = serverConfig.value(configKey::apiConfig).toObject();
@@ -885,7 +885,7 @@ bool InstallController::updateServiceFromApi(const int serverIndex, const QStrin

 void InstallController::updateServiceFromTelegram(const int serverIndex)
 {
-    ApiController *apiController = new ApiController(m_settings->getGatewayEndpoint());
+    ApiController *apiController = new ApiController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv());

    auto serverConfig = m_serversModel->getServerConfig(serverIndex);

@@ -10,8 +10,6 @@

 #ifdef Q_OS_ANDROID
    #include "platforms/android/android_controller.h"
-    #include "platforms/android/android_utils.h"
-    #include <QJniObject>
 #endif
 #if defined Q_OS_MAC
    #include "ui/macos_util.h"
@@ -22,18 +20,8 @@ PageController::PageController(const QSharedPointer<ServersModel> &serversModel,
    : QObject(parent), m_serversModel(serversModel), m_settings(settings)
 {
 #ifdef Q_OS_ANDROID
-    // Change color of navigation and status bar's
    auto initialPageNavigationBarColor = getInitialPageNavigationBarColor();
-    AndroidUtils::runOnAndroidThreadSync([&initialPageNavigationBarColor]() {
-        QJniObject activity = AndroidUtils::getActivity();
-        QJniObject window = activity.callObjectMethod("getWindow", "()Landroid/view/Window;");
-        if (window.isValid()) {
-            window.callMethod<void>("addFlags", "(I)V", 0x80000000);
-            window.callMethod<void>("clearFlags", "(I)V", 0x04000000);
-            window.callMethod<void>("setStatusBarColor", "(I)V", 0xFF0E0E11);
-            window.callMethod<void>("setNavigationBarColor", "(I)V", initialPageNavigationBarColor);
-        }
-    });
+    AndroidController::instance()->setNavigationBarColor(initialPageNavigationBarColor);
 #endif

 #if defined Q_OS_MACX
@@ -115,14 +103,7 @@ unsigned int PageController::getInitialPageNavigationBarColor()
 void PageController::updateNavigationBarColor(const int color)
 {
 #ifdef Q_OS_ANDROID
-    // Change color of navigation bar
-    AndroidUtils::runOnAndroidThreadSync([&color]() {
-        QJniObject activity = AndroidUtils::getActivity();
-        QJniObject window = activity.callObjectMethod("getWindow", "()Landroid/view/Window;");
-        if (window.isValid()) {
-            window.callMethod<void>("setNavigationBarColor", "(I)V", color);
-        }
-    });
+    AndroidController::instance()->setNavigationBarColor(color);
 #endif
 }

@@ -131,7 +112,7 @@ void PageController::showOnStartup()
    if (!m_settings->isStartMinimized()) {
        emit raiseMainWindow();
    } else {
-#ifdef Q_OS_WIN
+#if defined(Q_OS_WIN) || (defined(Q_OS_LINUX) && !defined(Q_OS_ANDROID))
        emit hideMainWindow();
 #elif defined Q_OS_MACX
        setDockIconVisible(false);
@@ -59,6 +59,9 @@ namespace PageLoader
        PageProtocolIKev2Settings,
        PageProtocolRaw,

+        PageProtocolWireGuardClientSettings,
+        PageProtocolAwgClientSettings,
+
        PageShareFullAccess,

        PageDevMenu
@@ -88,7 +88,12 @@ void SettingsController::toggleLogging(bool enable)

 void SettingsController::openLogsFolder()
 {
-    Logger::openLogsFolder();
+    Logger::openLogsFolder(false);
+}
+
+void SettingsController::openServiceLogsFolder()
+{
+    Logger::openLogsFolder(true);
 }

 void SettingsController::exportLogsFile(const QString &fileName)
@@ -100,12 +105,21 @@ void SettingsController::exportLogsFile(const QString &fileName)
 #endif
 }

+void SettingsController::exportServiceLogsFile(const QString &fileName)
+{
+#ifdef Q_OS_ANDROID
+    AndroidController::instance()->exportLogsFile(fileName);
+#else
+    SystemController::saveFile(fileName, Logger::getServiceLogFile());
+#endif
+}
+
 void SettingsController::clearLogs()
 {
 #ifdef Q_OS_ANDROID
    AndroidController::instance()->clearLogs();
 #else
-    Logger::clearLogs();
+    Logger::clearLogs(false);
    Logger::clearServiceLogs();
 #endif
 }
@@ -283,5 +297,31 @@ void SettingsController::setGatewayEndpoint(const QString &endpoint)

 QString SettingsController::getGatewayEndpoint()
 {
-    return m_settings->getGatewayEndpoint();
+    return m_settings->isDevGatewayEnv() ? "Dev endpoint" : m_settings->getGatewayEndpoint();
 }
+
+bool SettingsController::isDevGatewayEnv()
+{
+    return m_settings->isDevGatewayEnv();
+}
+
+void SettingsController::toggleDevGatewayEnv(bool enabled)
+{
+    m_settings->toggleDevGatewayEnv(enabled);
+    if (enabled) {
+        m_settings->setDevGatewayEndpoint();
+    } else {
+        m_settings->resetGatewayEndpoint();
+    }
+    emit gatewayEndpointChanged(m_settings->getGatewayEndpoint());
+    emit devGatewayEnvChanged(enabled);
+}
+
+bool SettingsController::isOnTv()
+{
+#ifdef Q_OS_ANDROID
+    return AndroidController::instance()->isOnTv();
+#else
+    return false;
+#endif
+}
@@ -27,6 +27,7 @@ public:

    Q_PROPERTY(bool isDevModeEnabled READ isDevModeEnabled NOTIFY devModeEnabled)
    Q_PROPERTY(QString gatewayEndpoint READ getGatewayEndpoint WRITE setGatewayEndpoint NOTIFY gatewayEndpointChanged)
+    Q_PROPERTY(bool isDevGatewayEnv READ isDevGatewayEnv WRITE toggleDevGatewayEnv NOTIFY devGatewayEnvChanged)

 public slots:
    void toggleAmneziaDns(bool enable);
@@ -42,7 +43,9 @@ public slots:
    void toggleLogging(bool enable);

    void openLogsFolder();
+    void openServiceLogsFolder();
    void exportLogsFile(const QString &fileName);
+    void exportServiceLogsFile(const QString &fileName);
    void clearLogs();

    void backupAppConfig(const QString &fileName);
@@ -81,6 +84,10 @@ public slots:
    void resetGatewayEndpoint();
    void setGatewayEndpoint(const QString &endpoint);
    QString getGatewayEndpoint();
+    bool isDevGatewayEnv();
+    void toggleDevGatewayEnv(bool enabled);
+
+    bool isOnTv();

 signals:
    void primaryDnsChanged();
@@ -103,6 +110,7 @@ signals:

    void devModeEnabled();
    void gatewayEndpointChanged(const QString &endpoint);
+    void devGatewayEnvChanged(bool enabled);

 private:
    QSharedPointer<ServersModel> m_serversModel;
@@ -125,3 +125,12 @@ void SystemController::setQmlRoot(QObject *qmlRoot)
 {
    m_qmlRoot = qmlRoot;
 }
+
+bool SystemController::isAuthenticated()
+{
+#ifdef Q_OS_ANDROID
+    return AndroidController::instance()->requestAuthentication();
+#else
+    return true;
+#endif
+}
@@ -19,6 +19,7 @@ public slots:

    void setQmlRoot(QObject *qmlRoot);

+    bool isAuthenticated();
 signals:
    void fileDialogClosed(const bool isAccepted);

@@ -25,6 +25,8 @@ namespace
        constexpr char availableCountries[] = "available_countries";

        constexpr char storeEndpoint[] = "store_endpoint";
+
+        constexpr char isAvailable[] = "is_available";
    }

    namespace serviceType
@@ -63,8 +65,12 @@ QVariant ApiServicesModel::data(const QModelIndex &index, int role) const
            return tr("Classic VPN for comfortable work, downloading large files and watching videos. "
                      "Works for any sites. Speed up to %1 MBit/s")
                    .arg(speed);
-        } else {
-            return tr("VPN to access blocked sites in regions with high levels of Internet censorship. ");
+        } else if (serviceType == serviceType::amneziaFree){
+            QString description = tr("VPN to access blocked sites in regions with high levels of Internet censorship. ");
+            if (service.value(configKey::isAvailable).isBool() && !service.value(configKey::isAvailable).toBool()) {
+                description += tr("<p><a style=\"color: #EB5757;\">Not available in your region. If you have VPN enabled, disable it, return to the previous screen, and try again.</a>");
+            }
+            return description;
        }
    }
    case ServiceDescriptionRole: {
@@ -75,6 +81,14 @@ QVariant ApiServicesModel::data(const QModelIndex &index, int role) const
            return tr("Amnezia Free is a free VPN to bypass blocking in countries with high levels of internet censorship");
        }
    }
+    case IsServiceAvailableRole: {
+        if (serviceType == serviceType::amneziaFree) {
+            if (service.value(configKey::isAvailable).isBool() && !service.value(configKey::isAvailable).toBool()) {
+                return false;
+            }
+        }
+        return true;
+    }
    case SpeedRole: {
        auto speed = serviceInfo.value(configKey::speed).toString();
        return tr("%1 MBit/s").arg(speed);
@@ -193,6 +207,7 @@ QHash<int, QByteArray> ApiServicesModel::roleNames() const
    roles[NameRole] = "name";
    roles[CardDescriptionRole] = "cardDescription";
    roles[ServiceDescriptionRole] = "serviceDescription";
+    roles[IsServiceAvailableRole] = "isServiceAvailable";
    roles[SpeedRole] = "speed";
    roles[WorkPeriodRole] = "workPeriod";
    roles[RegionRole] = "region";
@@ -13,6 +13,7 @@ public:
        NameRole = Qt::UserRole + 1,
        CardDescriptionRole,
        ServiceDescriptionRole,
+        IsServiceAvailableRole,
        SpeedRole,
        WorkPeriodRole,
        RegionRole,
@@ -20,6 +20,7 @@ namespace
        constexpr char latestHandshake[] = "latestHandshake";
        constexpr char dataReceived[] = "dataReceived";
        constexpr char dataSent[] = "dataSent";
+        constexpr char allowedIps[] = "allowedIps";
    }
 }

@@ -49,6 +50,7 @@ QVariant ClientManagementModel::data(const QModelIndex &index, int role) const
    case LatestHandshakeRole: return userData.value(configKey::latestHandshake).toString();
    case DataReceivedRole: return userData.value(configKey::dataReceived).toString();
    case DataSentRole: return userData.value(configKey::dataSent).toString();
+    case AllowedIpsRole: return userData.value(configKey::allowedIps).toString();
    }

    return QVariant();
@@ -141,6 +143,10 @@ ErrorCode ClientManagementModel::updateModel(const DockerContainer container, co
                        userData[configKey::dataSent] = client.dataSent;
                    }

+                    if (!client.allowedIps.isEmpty()) {
+                        userData[configKey::allowedIps] = client.allowedIps;
+                    }
+
                    obj[configKey::userData] = userData;
                    m_clientsTable.replace(i, obj);
                    break;
@@ -266,8 +272,9 @@ ErrorCode ClientManagementModel::wgShow(const DockerContainer container, const S
    const auto peerList = parts.filter("peer:");
    const auto latestHandshakeList = parts.filter("latest handshake:");
    const auto transferredDataList = parts.filter("transfer:");
+    const auto allowedIpsList = parts.filter("allowed ips:");

-    if (latestHandshakeList.isEmpty() || transferredDataList.isEmpty() || peerList.isEmpty()) {
+    if (allowedIpsList.isEmpty() || latestHandshakeList.isEmpty() || transferredDataList.isEmpty() || peerList.isEmpty()) {
        return error;
    }

@@ -281,19 +288,20 @@ ErrorCode ClientManagementModel::wgShow(const DockerContainer container, const S
        }
    };

-    for (int i = 0; i < peerList.size() && i < transferredDataList.size() && i < latestHandshakeList.size(); ++i) {
+    for (int i = 0; i < peerList.size() && i < transferredDataList.size() && i < latestHandshakeList.size() && i < allowedIpsList.size(); ++i) {

        const auto transferredData = getStrValue(transferredDataList[i]).split(",");
        auto latestHandshake = getStrValue(latestHandshakeList[i]);
        auto serverBytesReceived = transferredData.front().trimmed();
        auto serverBytesSent = transferredData.back().trimmed();
+        auto allowedIps = getStrValue(allowedIpsList[i]);

        changeHandshakeFormat(latestHandshake);

        serverBytesReceived.chop(QStringLiteral(" received").length());
        serverBytesSent.chop(QStringLiteral(" sent").length());

-        data.push_back({ getStrValue(peerList[i]), latestHandshake, serverBytesSent, serverBytesReceived });
+        data.push_back({ getStrValue(peerList[i]), latestHandshake, serverBytesSent, serverBytesReceived, allowedIps });
    }

    return error;
@@ -17,7 +17,8 @@ public:
        CreationDateRole,
        LatestHandshakeRole,
        DataReceivedRole,
-        DataSentRole
+        DataSentRole,
+        AllowedIpsRole
    };

    struct WgShowData
@@ -26,6 +27,7 @@ public:
        QString latestHandshake;
        QString dataReceived;
        QString dataSent;
+        QString allowedIps;
    };

    ClientManagementModel(std::shared_ptr<Settings> settings, QObject *parent = nullptr);
@@ -21,17 +21,30 @@ bool AwgConfigModel::setData(const QModelIndex &index, const QVariant &value, in
    }

    switch (role) {
-    case Roles::PortRole: m_protocolConfig.insert(config_key::port, value.toString()); break;
-    case Roles::MtuRole: m_protocolConfig.insert(config_key::mtu, value.toString()); break;
-    case Roles::JunkPacketCountRole: m_protocolConfig.insert(config_key::junkPacketCount, value.toString()); break;
-    case Roles::JunkPacketMinSizeRole: m_protocolConfig.insert(config_key::junkPacketMinSize, value.toString()); break;
-    case Roles::JunkPacketMaxSizeRole: m_protocolConfig.insert(config_key::junkPacketMaxSize, value.toString()); break;
-    case Roles::InitPacketJunkSizeRole: m_protocolConfig.insert(config_key::initPacketJunkSize, value.toString()); break;
-    case Roles::ResponsePacketJunkSizeRole: m_protocolConfig.insert(config_key::responsePacketJunkSize, value.toString()); break;
-    case Roles::InitPacketMagicHeaderRole: m_protocolConfig.insert(config_key::initPacketMagicHeader, value.toString()); break;
-    case Roles::ResponsePacketMagicHeaderRole: m_protocolConfig.insert(config_key::responsePacketMagicHeader, value.toString()); break;
-    case Roles::UnderloadPacketMagicHeaderRole: m_protocolConfig.insert(config_key::underloadPacketMagicHeader, value.toString()); break;
-    case Roles::TransportPacketMagicHeaderRole: m_protocolConfig.insert(config_key::transportPacketMagicHeader, value.toString()); break;
+    case Roles::PortRole: m_serverProtocolConfig.insert(config_key::port, value.toString()); break;
+
+    case Roles::ClientMtuRole: m_clientProtocolConfig.insert(config_key::mtu, value.toString()); break;
+    case Roles::ClientJunkPacketCountRole: m_clientProtocolConfig.insert(config_key::junkPacketCount, value.toString()); break;
+    case Roles::ClientJunkPacketMinSizeRole: m_clientProtocolConfig.insert(config_key::junkPacketMinSize, value.toString()); break;
+    case Roles::ClientJunkPacketMaxSizeRole: m_clientProtocolConfig.insert(config_key::junkPacketMaxSize, value.toString()); break;
+
+    case Roles::ServerJunkPacketCountRole: m_serverProtocolConfig.insert(config_key::junkPacketCount, value.toString()); break;
+    case Roles::ServerJunkPacketMinSizeRole: m_serverProtocolConfig.insert(config_key::junkPacketMinSize, value.toString()); break;
+    case Roles::ServerJunkPacketMaxSizeRole: m_serverProtocolConfig.insert(config_key::junkPacketMaxSize, value.toString()); break;
+    case Roles::ServerInitPacketJunkSizeRole: m_serverProtocolConfig.insert(config_key::initPacketJunkSize, value.toString()); break;
+    case Roles::ServerResponsePacketJunkSizeRole:
+        m_serverProtocolConfig.insert(config_key::responsePacketJunkSize, value.toString());
+        break;
+    case Roles::ServerInitPacketMagicHeaderRole: m_serverProtocolConfig.insert(config_key::initPacketMagicHeader, value.toString()); break;
+    case Roles::ServerResponsePacketMagicHeaderRole:
+        m_serverProtocolConfig.insert(config_key::responsePacketMagicHeader, value.toString());
+        break;
+    case Roles::ServerUnderloadPacketMagicHeaderRole:
+        m_serverProtocolConfig.insert(config_key::underloadPacketMagicHeader, value.toString());
+        break;
+    case Roles::ServerTransportPacketMagicHeaderRole:
+        m_serverProtocolConfig.insert(config_key::transportPacketMagicHeader, value.toString());
+        break;
    }

    emit dataChanged(index, index, QList { role });
@@ -45,17 +58,22 @@ QVariant AwgConfigModel::data(const QModelIndex &index, int role) const
    }

    switch (role) {
-    case Roles::PortRole: return m_protocolConfig.value(config_key::port).toString();
-    case Roles::MtuRole: return m_protocolConfig.value(config_key::mtu).toString();
-    case Roles::JunkPacketCountRole: return m_protocolConfig.value(config_key::junkPacketCount);
-    case Roles::JunkPacketMinSizeRole: return m_protocolConfig.value(config_key::junkPacketMinSize);
-    case Roles::JunkPacketMaxSizeRole: return m_protocolConfig.value(config_key::junkPacketMaxSize);
-    case Roles::InitPacketJunkSizeRole: return m_protocolConfig.value(config_key::initPacketJunkSize);
-    case Roles::ResponsePacketJunkSizeRole: return m_protocolConfig.value(config_key::responsePacketJunkSize);
-    case Roles::InitPacketMagicHeaderRole: return m_protocolConfig.value(config_key::initPacketMagicHeader);
-    case Roles::ResponsePacketMagicHeaderRole: return m_protocolConfig.value(config_key::responsePacketMagicHeader);
-    case Roles::UnderloadPacketMagicHeaderRole: return m_protocolConfig.value(config_key::underloadPacketMagicHeader);
-    case Roles::TransportPacketMagicHeaderRole: return m_protocolConfig.value(config_key::transportPacketMagicHeader);
+    case Roles::PortRole: return m_serverProtocolConfig.value(config_key::port).toString();
+
+    case Roles::ClientMtuRole: return m_clientProtocolConfig.value(config_key::mtu);
+    case Roles::ClientJunkPacketCountRole: return m_clientProtocolConfig.value(config_key::junkPacketCount);
+    case Roles::ClientJunkPacketMinSizeRole: return m_clientProtocolConfig.value(config_key::junkPacketMinSize);
+    case Roles::ClientJunkPacketMaxSizeRole: return m_clientProtocolConfig.value(config_key::junkPacketMaxSize);
+
+    case Roles::ServerJunkPacketCountRole: return m_serverProtocolConfig.value(config_key::junkPacketCount);
+    case Roles::ServerJunkPacketMinSizeRole: return m_serverProtocolConfig.value(config_key::junkPacketMinSize);
+    case Roles::ServerJunkPacketMaxSizeRole: return m_serverProtocolConfig.value(config_key::junkPacketMaxSize);
+    case Roles::ServerInitPacketJunkSizeRole: return m_serverProtocolConfig.value(config_key::initPacketJunkSize);
+    case Roles::ServerResponsePacketJunkSizeRole: return m_serverProtocolConfig.value(config_key::responsePacketJunkSize);
+    case Roles::ServerInitPacketMagicHeaderRole: return m_serverProtocolConfig.value(config_key::initPacketMagicHeader);
+    case Roles::ServerResponsePacketMagicHeaderRole: return m_serverProtocolConfig.value(config_key::responsePacketMagicHeader);
+    case Roles::ServerUnderloadPacketMagicHeaderRole: return m_serverProtocolConfig.value(config_key::underloadPacketMagicHeader);
+    case Roles::ServerTransportPacketMagicHeaderRole: return m_serverProtocolConfig.value(config_key::transportPacketMagicHeader);
    }

    return QVariant();
@@ -68,51 +86,63 @@ void AwgConfigModel::updateModel(const QJsonObject &config)

    m_fullConfig = config;

-    QJsonObject protocolConfig = config.value(config_key::awg).toObject();
+    QJsonObject serverProtocolConfig = config.value(config_key::awg).toObject();

    auto defaultTransportProto = ProtocolProps::transportProtoToString(ProtocolProps::defaultTransportProto(Proto::Awg), Proto::Awg);
-    m_protocolConfig.insert(config_key::transport_proto, protocolConfig.value(config_key::transport_proto).toString(defaultTransportProto));
-    m_protocolConfig[config_key::last_config] = protocolConfig.value(config_key::last_config);
-    m_protocolConfig[config_key::port] = protocolConfig.value(config_key::port).toString(protocols::awg::defaultPort);
-    m_protocolConfig[config_key::mtu] = protocolConfig.value(config_key::mtu).toString(protocols::awg::defaultMtu);
-    m_protocolConfig[config_key::junkPacketCount] =
-            protocolConfig.value(config_key::junkPacketCount).toString(protocols::awg::defaultJunkPacketCount);
-    m_protocolConfig[config_key::junkPacketMinSize] =
-            protocolConfig.value(config_key::junkPacketMinSize).toString(protocols::awg::defaultJunkPacketMinSize);
-    m_protocolConfig[config_key::junkPacketMaxSize] =
-            protocolConfig.value(config_key::junkPacketMaxSize).toString(protocols::awg::defaultJunkPacketMaxSize);
-    m_protocolConfig[config_key::initPacketJunkSize] =
-            protocolConfig.value(config_key::initPacketJunkSize).toString(protocols::awg::defaultInitPacketJunkSize);
-    m_protocolConfig[config_key::responsePacketJunkSize] =
-            protocolConfig.value(config_key::responsePacketJunkSize).toString(protocols::awg::defaultResponsePacketJunkSize);
-    m_protocolConfig[config_key::initPacketMagicHeader] =
-            protocolConfig.value(config_key::initPacketMagicHeader).toString(protocols::awg::defaultInitPacketMagicHeader);
-    m_protocolConfig[config_key::responsePacketMagicHeader] =
-            protocolConfig.value(config_key::responsePacketMagicHeader).toString(protocols::awg::defaultResponsePacketMagicHeader);
-    m_protocolConfig[config_key::underloadPacketMagicHeader] =
-            protocolConfig.value(config_key::underloadPacketMagicHeader).toString(protocols::awg::defaultUnderloadPacketMagicHeader);
-    m_protocolConfig[config_key::transportPacketMagicHeader] =
-            protocolConfig.value(config_key::transportPacketMagicHeader).toString(protocols::awg::defaultTransportPacketMagicHeader);
+    m_serverProtocolConfig.insert(config_key::transport_proto,
+                                  serverProtocolConfig.value(config_key::transport_proto).toString(defaultTransportProto));
+    m_serverProtocolConfig[config_key::last_config] = serverProtocolConfig.value(config_key::last_config);
+    m_serverProtocolConfig[config_key::port] = serverProtocolConfig.value(config_key::port).toString(protocols::awg::defaultPort);
+    m_serverProtocolConfig[config_key::junkPacketCount] =
+            serverProtocolConfig.value(config_key::junkPacketCount).toString(protocols::awg::defaultJunkPacketCount);
+    m_serverProtocolConfig[config_key::junkPacketMinSize] =
+            serverProtocolConfig.value(config_key::junkPacketMinSize).toString(protocols::awg::defaultJunkPacketMinSize);
+    m_serverProtocolConfig[config_key::junkPacketMaxSize] =
+            serverProtocolConfig.value(config_key::junkPacketMaxSize).toString(protocols::awg::defaultJunkPacketMaxSize);
+    m_serverProtocolConfig[config_key::initPacketJunkSize] =
+            serverProtocolConfig.value(config_key::initPacketJunkSize).toString(protocols::awg::defaultInitPacketJunkSize);
+    m_serverProtocolConfig[config_key::responsePacketJunkSize] =
+            serverProtocolConfig.value(config_key::responsePacketJunkSize).toString(protocols::awg::defaultResponsePacketJunkSize);
+    m_serverProtocolConfig[config_key::initPacketMagicHeader] =
+            serverProtocolConfig.value(config_key::initPacketMagicHeader).toString(protocols::awg::defaultInitPacketMagicHeader);
+    m_serverProtocolConfig[config_key::responsePacketMagicHeader] =
+            serverProtocolConfig.value(config_key::responsePacketMagicHeader).toString(protocols::awg::defaultResponsePacketMagicHeader);
+    m_serverProtocolConfig[config_key::underloadPacketMagicHeader] =
+            serverProtocolConfig.value(config_key::underloadPacketMagicHeader).toString(protocols::awg::defaultUnderloadPacketMagicHeader);
+    m_serverProtocolConfig[config_key::transportPacketMagicHeader] =
+            serverProtocolConfig.value(config_key::transportPacketMagicHeader).toString(protocols::awg::defaultTransportPacketMagicHeader);

+    auto lastConfig = m_serverProtocolConfig.value(config_key::last_config).toString();
+    QJsonObject clientProtocolConfig = QJsonDocument::fromJson(lastConfig.toUtf8()).object();
+    m_clientProtocolConfig[config_key::mtu] = clientProtocolConfig[config_key::mtu].toString(protocols::awg::defaultMtu);
+    m_clientProtocolConfig[config_key::junkPacketCount] =
+            clientProtocolConfig.value(config_key::junkPacketCount).toString(m_serverProtocolConfig[config_key::junkPacketCount].toString());
+    m_clientProtocolConfig[config_key::junkPacketMinSize] =
+            clientProtocolConfig.value(config_key::junkPacketMinSize).toString(m_serverProtocolConfig[config_key::junkPacketMinSize].toString());
+    m_clientProtocolConfig[config_key::junkPacketMaxSize] =
+            clientProtocolConfig.value(config_key::junkPacketMaxSize).toString(m_serverProtocolConfig[config_key::junkPacketMaxSize].toString());
    endResetModel();
 }

 QJsonObject AwgConfigModel::getConfig()
 {
    const AwgConfig oldConfig(m_fullConfig.value(config_key::awg).toObject());
-    const AwgConfig newConfig(m_protocolConfig);
+    const AwgConfig newConfig(m_serverProtocolConfig);

    if (!oldConfig.hasEqualServerSettings(newConfig)) {
-        m_protocolConfig.remove(config_key::last_config);
+        m_serverProtocolConfig.remove(config_key::last_config);
    } else {
-        auto lastConfig = m_protocolConfig.value(config_key::last_config).toString();
+        auto lastConfig = m_serverProtocolConfig.value(config_key::last_config).toString();
        QJsonObject jsonConfig = QJsonDocument::fromJson(lastConfig.toUtf8()).object();
-        jsonConfig[config_key::mtu] = newConfig.mtu;
+        jsonConfig[config_key::mtu] = m_clientProtocolConfig[config_key::mtu];
+        jsonConfig[config_key::junkPacketCount] = m_clientProtocolConfig[config_key::junkPacketCount];
+        jsonConfig[config_key::junkPacketMinSize] = m_clientProtocolConfig[config_key::junkPacketMinSize];
+        jsonConfig[config_key::junkPacketMaxSize] = m_clientProtocolConfig[config_key::junkPacketMaxSize];

-        m_protocolConfig[config_key::last_config] = QString(QJsonDocument(jsonConfig).toJson());
+        m_serverProtocolConfig[config_key::last_config] = QString(QJsonDocument(jsonConfig).toJson());
    }

-    m_fullConfig.insert(config_key::awg, m_protocolConfig);
+    m_fullConfig.insert(config_key::awg, m_serverProtocolConfig);
    return m_fullConfig;
 }

@@ -126,50 +156,73 @@ bool AwgConfigModel::isPacketSizeEqual(const int s1, const int s2)
    return (AwgConstant::messageInitiationSize + s1 == AwgConstant::messageResponseSize + s2);
 }

+bool AwgConfigModel::isServerSettingsEqual()
+{
+    const AwgConfig oldConfig(m_fullConfig.value(config_key::awg).toObject());
+    const AwgConfig newConfig(m_serverProtocolConfig);
+
+    return oldConfig.hasEqualServerSettings(newConfig);
+}
+
 QHash<int, QByteArray> AwgConfigModel::roleNames() const
 {
    QHash<int, QByteArray> roles;

    roles[PortRole] = "port";
-    roles[MtuRole] = "mtu";
-    roles[JunkPacketCountRole] = "junkPacketCount";
-    roles[JunkPacketMinSizeRole] = "junkPacketMinSize";
-    roles[JunkPacketMaxSizeRole] = "junkPacketMaxSize";
-    roles[InitPacketJunkSizeRole] = "initPacketJunkSize";
-    roles[ResponsePacketJunkSizeRole] = "responsePacketJunkSize";
-    roles[InitPacketMagicHeaderRole] = "initPacketMagicHeader";
-    roles[ResponsePacketMagicHeaderRole] = "responsePacketMagicHeader";
-    roles[UnderloadPacketMagicHeaderRole] = "underloadPacketMagicHeader";
-    roles[TransportPacketMagicHeaderRole] = "transportPacketMagicHeader";
+
+    roles[ClientMtuRole] = "clientMtu";
+    roles[ClientJunkPacketCountRole] = "clientJunkPacketCount";
+    roles[ClientJunkPacketMinSizeRole] = "clientJunkPacketMinSize";
+    roles[ClientJunkPacketMaxSizeRole] = "clientJunkPacketMaxSize";
+
+    roles[ServerJunkPacketCountRole] = "serverJunkPacketCount";
+    roles[ServerJunkPacketMinSizeRole] = "serverJunkPacketMinSize";
+    roles[ServerJunkPacketMaxSizeRole] = "serverJunkPacketMaxSize";
+    roles[ServerInitPacketJunkSizeRole] = "serverInitPacketJunkSize";
+    roles[ServerResponsePacketJunkSizeRole] = "serverResponsePacketJunkSize";
+    roles[ServerInitPacketMagicHeaderRole] = "serverInitPacketMagicHeader";
+    roles[ServerResponsePacketMagicHeaderRole] = "serverResponsePacketMagicHeader";
+    roles[ServerUnderloadPacketMagicHeaderRole] = "serverUnderloadPacketMagicHeader";
+    roles[ServerTransportPacketMagicHeaderRole] = "serverTransportPacketMagicHeader";

    return roles;
 }

-AwgConfig::AwgConfig(const QJsonObject &jsonConfig)
+AwgConfig::AwgConfig(const QJsonObject &serverProtocolConfig)
 {
-    port = jsonConfig.value(config_key::port).toString(protocols::awg::defaultPort);
-    mtu = jsonConfig.value(config_key::mtu).toString(protocols::awg::defaultMtu);
-    junkPacketCount = jsonConfig.value(config_key::junkPacketCount).toString(protocols::awg::defaultJunkPacketCount);
-    junkPacketMinSize = jsonConfig.value(config_key::junkPacketMinSize).toString(protocols::awg::defaultJunkPacketMinSize);
-    junkPacketMaxSize = jsonConfig.value(config_key::junkPacketMaxSize).toString(protocols::awg::defaultJunkPacketMaxSize);
-    initPacketJunkSize = jsonConfig.value(config_key::initPacketJunkSize).toString(protocols::awg::defaultInitPacketJunkSize);
-    responsePacketJunkSize = jsonConfig.value(config_key::responsePacketJunkSize).toString(protocols::awg::defaultResponsePacketJunkSize);
-    initPacketMagicHeader = jsonConfig.value(config_key::initPacketMagicHeader).toString(protocols::awg::defaultInitPacketMagicHeader);
-    responsePacketMagicHeader =
-            jsonConfig.value(config_key::responsePacketMagicHeader).toString(protocols::awg::defaultResponsePacketMagicHeader);
-    underloadPacketMagicHeader =
-            jsonConfig.value(config_key::underloadPacketMagicHeader).toString(protocols::awg::defaultUnderloadPacketMagicHeader);
-    transportPacketMagicHeader =
-            jsonConfig.value(config_key::transportPacketMagicHeader).toString(protocols::awg::defaultTransportPacketMagicHeader);
+    auto lastConfig = serverProtocolConfig.value(config_key::last_config).toString();
+    QJsonObject clientProtocolConfig = QJsonDocument::fromJson(lastConfig.toUtf8()).object();
+    clientMtu = clientProtocolConfig[config_key::mtu].toString(protocols::awg::defaultMtu);
+    clientJunkPacketCount = clientProtocolConfig.value(config_key::junkPacketCount).toString(protocols::awg::defaultJunkPacketCount);
+    clientJunkPacketMinSize = clientProtocolConfig.value(config_key::junkPacketMinSize).toString(protocols::awg::defaultJunkPacketMinSize);
+    clientJunkPacketMaxSize = clientProtocolConfig.value(config_key::junkPacketMaxSize).toString(protocols::awg::defaultJunkPacketMaxSize);
+
+    port = serverProtocolConfig.value(config_key::port).toString(protocols::awg::defaultPort);
+    serverJunkPacketCount = serverProtocolConfig.value(config_key::junkPacketCount).toString(protocols::awg::defaultJunkPacketCount);
+    serverJunkPacketMinSize = serverProtocolConfig.value(config_key::junkPacketMinSize).toString(protocols::awg::defaultJunkPacketMinSize);
+    serverJunkPacketMaxSize = serverProtocolConfig.value(config_key::junkPacketMaxSize).toString(protocols::awg::defaultJunkPacketMaxSize);
+    serverInitPacketJunkSize = serverProtocolConfig.value(config_key::initPacketJunkSize).toString(protocols::awg::defaultInitPacketJunkSize);
+    serverResponsePacketJunkSize =
+            serverProtocolConfig.value(config_key::responsePacketJunkSize).toString(protocols::awg::defaultResponsePacketJunkSize);
+    serverInitPacketMagicHeader =
+            serverProtocolConfig.value(config_key::initPacketMagicHeader).toString(protocols::awg::defaultInitPacketMagicHeader);
+    serverResponsePacketMagicHeader =
+            serverProtocolConfig.value(config_key::responsePacketMagicHeader).toString(protocols::awg::defaultResponsePacketMagicHeader);
+    serverUnderloadPacketMagicHeader =
+            serverProtocolConfig.value(config_key::underloadPacketMagicHeader).toString(protocols::awg::defaultUnderloadPacketMagicHeader);
+    serverTransportPacketMagicHeader =
+            serverProtocolConfig.value(config_key::transportPacketMagicHeader).toString(protocols::awg::defaultTransportPacketMagicHeader);
 }

 bool AwgConfig::hasEqualServerSettings(const AwgConfig &other) const
 {
-    if (port != other.port || junkPacketCount != other.junkPacketCount || junkPacketMinSize != other.junkPacketMinSize
-        || junkPacketMaxSize != other.junkPacketMaxSize || initPacketJunkSize != other.initPacketJunkSize
-        || responsePacketJunkSize != other.responsePacketJunkSize || initPacketMagicHeader != other.initPacketMagicHeader
-        || responsePacketMagicHeader != other.responsePacketMagicHeader || underloadPacketMagicHeader != other.underloadPacketMagicHeader
-        || transportPacketMagicHeader != other.transportPacketMagicHeader) {
+    if (port != other.port || serverJunkPacketCount != other.serverJunkPacketCount
+        || serverJunkPacketMinSize != other.serverJunkPacketMinSize || serverJunkPacketMaxSize != other.serverJunkPacketMaxSize
+        || serverInitPacketJunkSize != other.serverInitPacketJunkSize || serverResponsePacketJunkSize != other.serverResponsePacketJunkSize
+        || serverInitPacketMagicHeader != other.serverInitPacketMagicHeader
+        || serverResponsePacketMagicHeader != other.serverResponsePacketMagicHeader
+        || serverUnderloadPacketMagicHeader != other.serverUnderloadPacketMagicHeader
+        || serverTransportPacketMagicHeader != other.serverTransportPacketMagicHeader) {
        return false;
    }
    return true;
@@ -177,7 +230,8 @@ bool AwgConfig::hasEqualServerSettings(const AwgConfig &other) const

 bool AwgConfig::hasEqualClientSettings(const AwgConfig &other) const
 {
-    if (mtu != other.mtu) {
+    if (clientMtu != other.clientMtu || clientJunkPacketCount != other.clientJunkPacketCount
+        || clientJunkPacketMinSize != other.clientJunkPacketMinSize || clientJunkPacketMaxSize != other.clientJunkPacketMaxSize) {
        return false;
    }
    return true;
@@ -16,16 +16,21 @@ struct AwgConfig
    AwgConfig(const QJsonObject &jsonConfig);

    QString port;
-    QString mtu;
-    QString junkPacketCount;
-    QString junkPacketMinSize;
-    QString junkPacketMaxSize;
-    QString initPacketJunkSize;
-    QString responsePacketJunkSize;
-    QString initPacketMagicHeader;
-    QString responsePacketMagicHeader;
-    QString underloadPacketMagicHeader;
-    QString transportPacketMagicHeader;
+
+    QString clientMtu;
+    QString clientJunkPacketCount;
+    QString clientJunkPacketMinSize;
+    QString clientJunkPacketMaxSize;
+
+    QString serverJunkPacketCount;
+    QString serverJunkPacketMinSize;
+    QString serverJunkPacketMaxSize;
+    QString serverInitPacketJunkSize;
+    QString serverResponsePacketJunkSize;
+    QString serverInitPacketMagicHeader;
+    QString serverResponsePacketMagicHeader;
+    QString serverUnderloadPacketMagicHeader;
+    QString serverTransportPacketMagicHeader;

    bool hasEqualServerSettings(const AwgConfig &other) const;
    bool hasEqualClientSettings(const AwgConfig &other) const;
@@ -39,16 +44,21 @@ class AwgConfigModel : public QAbstractListModel
 public:
    enum Roles {
        PortRole = Qt::UserRole + 1,
-        MtuRole,
-        JunkPacketCountRole,
-        JunkPacketMinSizeRole,
-        JunkPacketMaxSizeRole,
-        InitPacketJunkSizeRole,
-        ResponsePacketJunkSizeRole,
-        InitPacketMagicHeaderRole,
-        ResponsePacketMagicHeaderRole,
-        UnderloadPacketMagicHeaderRole,
-        TransportPacketMagicHeaderRole
+
+        ClientMtuRole,
+        ClientJunkPacketCountRole,
+        ClientJunkPacketMinSizeRole,
+        ClientJunkPacketMaxSizeRole,
+
+        ServerJunkPacketCountRole,
+        ServerJunkPacketMinSizeRole,
+        ServerJunkPacketMaxSizeRole,
+        ServerInitPacketJunkSizeRole,
+        ServerResponsePacketJunkSizeRole,
+        ServerInitPacketMagicHeaderRole,
+        ServerResponsePacketMagicHeaderRole,
+        ServerUnderloadPacketMagicHeaderRole,
+        ServerTransportPacketMagicHeaderRole
    };

    explicit AwgConfigModel(QObject *parent = nullptr);
@@ -65,12 +75,15 @@ public slots:
    bool isHeadersEqual(const QString &h1, const QString &h2, const QString &h3, const QString &h4);
    bool isPacketSizeEqual(const int s1, const int s2);

+    bool isServerSettingsEqual();
+
 protected:
    QHash<int, QByteArray> roleNames() const override;

 private:
    DockerContainer m_container;
-    QJsonObject m_protocolConfig;
+    QJsonObject m_serverProtocolConfig;
+    QJsonObject m_clientProtocolConfig;
    QJsonObject m_fullConfig;
 };

@@ -21,8 +21,8 @@ bool WireGuardConfigModel::setData(const QModelIndex &index, const QVariant &val
    }

    switch (role) {
-        case Roles::PortRole: m_protocolConfig.insert(config_key::port, value.toString()); break;
-        case Roles::MtuRole: m_protocolConfig.insert(config_key::mtu, value.toString()); break;
+    case Roles::PortRole: m_serverProtocolConfig.insert(config_key::port, value.toString()); break;
+    case Roles::ClientMtuRole: m_clientProtocolConfig.insert(config_key::mtu, value.toString()); break;
    }

    emit dataChanged(index, index, QList { role });
@@ -36,8 +36,8 @@ QVariant WireGuardConfigModel::data(const QModelIndex &index, int role) const
    }

    switch (role) {
-        case Roles::PortRole: return m_protocolConfig.value(config_key::port).toString();
-        case Roles::MtuRole: return m_protocolConfig.value(config_key::mtu).toString();
+    case Roles::PortRole: return m_serverProtocolConfig.value(config_key::port).toString();
+    case Roles::ClientMtuRole: return m_clientProtocolConfig.value(config_key::mtu);
    }

    return QVariant();
@@ -49,17 +49,18 @@ void WireGuardConfigModel::updateModel(const QJsonObject &config)
    m_container = ContainerProps::containerFromString(config.value(config_key::container).toString());

    m_fullConfig = config;
-    QJsonObject protocolConfig = config.value(config_key::wireguard).toObject();
+    QJsonObject serverProtocolConfig = config.value(config_key::wireguard).toObject();

-    auto defaultTransportProto = ProtocolProps::transportProtoToString(ProtocolProps::defaultTransportProto(Proto::WireGuard), Proto::WireGuard);
-    m_protocolConfig.insert(config_key::transport_proto,
-                            protocolConfig.value(config_key::transport_proto).toString(defaultTransportProto));
-    m_protocolConfig[config_key::last_config] = protocolConfig.value(config_key::last_config);
-    m_protocolConfig[config_key::port] =
-        protocolConfig.value(config_key::port).toString(protocols::wireguard::defaultPort);
+    auto defaultTransportProto =
+            ProtocolProps::transportProtoToString(ProtocolProps::defaultTransportProto(Proto::WireGuard), Proto::WireGuard);
+    m_serverProtocolConfig.insert(config_key::transport_proto,
+                                  serverProtocolConfig.value(config_key::transport_proto).toString(defaultTransportProto));
+    m_serverProtocolConfig[config_key::last_config] = serverProtocolConfig.value(config_key::last_config);
+    m_serverProtocolConfig[config_key::port] = serverProtocolConfig.value(config_key::port).toString(protocols::wireguard::defaultPort);

-    m_protocolConfig[config_key::mtu] =
-        protocolConfig.value(config_key::mtu).toString(protocols::wireguard::defaultMtu);
+    auto lastConfig = m_serverProtocolConfig.value(config_key::last_config).toString();
+    QJsonObject clientProtocolConfig = QJsonDocument::fromJson(lastConfig.toUtf8()).object();
+    m_clientProtocolConfig[config_key::mtu] = clientProtocolConfig[config_key::mtu].toString(protocols::wireguard::defaultMtu);

    endResetModel();
 }
@@ -67,36 +68,47 @@ void WireGuardConfigModel::updateModel(const QJsonObject &config)
 QJsonObject WireGuardConfigModel::getConfig()
 {
    const WgConfig oldConfig(m_fullConfig.value(config_key::wireguard).toObject());
-    const WgConfig newConfig(m_protocolConfig);
+    const WgConfig newConfig(m_serverProtocolConfig);

    if (!oldConfig.hasEqualServerSettings(newConfig)) {
-        m_protocolConfig.remove(config_key::last_config);
+        m_serverProtocolConfig.remove(config_key::last_config);
    } else {
-        auto lastConfig = m_protocolConfig.value(config_key::last_config).toString();
+        auto lastConfig = m_serverProtocolConfig.value(config_key::last_config).toString();
        QJsonObject jsonConfig = QJsonDocument::fromJson(lastConfig.toUtf8()).object();
-        jsonConfig[config_key::mtu] = newConfig.mtu;
+        jsonConfig[config_key::mtu] = m_clientProtocolConfig[config_key::mtu];

-        m_protocolConfig[config_key::last_config] = QString(QJsonDocument(jsonConfig).toJson());
+        m_serverProtocolConfig[config_key::last_config] = QString(QJsonDocument(jsonConfig).toJson());
    }

-    m_fullConfig.insert(config_key::wireguard, m_protocolConfig);
+    m_fullConfig.insert(config_key::wireguard, m_serverProtocolConfig);
    return m_fullConfig;
 }

+bool WireGuardConfigModel::isServerSettingsEqual()
+{
+    const WgConfig oldConfig(m_fullConfig.value(config_key::wireguard).toObject());
+    const WgConfig newConfig(m_serverProtocolConfig);
+
+    return oldConfig.hasEqualServerSettings(newConfig);
+}
+
 QHash<int, QByteArray> WireGuardConfigModel::roleNames() const
 {
    QHash<int, QByteArray> roles;

    roles[PortRole] = "port";
-    roles[MtuRole] = "mtu";
+    roles[ClientMtuRole] = "clientMtu";

    return roles;
 }

-WgConfig::WgConfig(const QJsonObject &jsonConfig)
+WgConfig::WgConfig(const QJsonObject &serverProtocolConfig)
 {
-    port = jsonConfig.value(config_key::port).toString(protocols::wireguard::defaultPort);
-    mtu = jsonConfig.value(config_key::mtu).toString(protocols::wireguard::defaultMtu);
+    auto lastConfig = serverProtocolConfig.value(config_key::last_config).toString();
+    QJsonObject clientProtocolConfig = QJsonDocument::fromJson(lastConfig.toUtf8()).object();
+    clientMtu = clientProtocolConfig[config_key::mtu].toString(protocols::wireguard::defaultMtu);
+
+    port = serverProtocolConfig.value(config_key::port).toString(protocols::wireguard::defaultPort);
 }

 bool WgConfig::hasEqualServerSettings(const WgConfig &other) const
@@ -109,7 +121,7 @@ bool WgConfig::hasEqualServerSettings(const WgConfig &other) const

 bool WgConfig::hasEqualClientSettings(const WgConfig &other) const
 {
-    if (mtu != other.mtu) {
+    if (clientMtu != other.clientMtu) {
        return false;
    }
    return true;
@@ -11,7 +11,7 @@ struct WgConfig
    WgConfig(const QJsonObject &jsonConfig);

    QString port;
-    QString mtu;
+    QString clientMtu;

    bool hasEqualServerSettings(const WgConfig &other) const;
    bool hasEqualClientSettings(const WgConfig &other) const;
@@ -25,7 +25,7 @@ class WireGuardConfigModel : public QAbstractListModel
 public:
    enum Roles {
        PortRole = Qt::UserRole + 1,
-        MtuRole
+        ClientMtuRole
    };

    explicit WireGuardConfigModel(QObject *parent = nullptr);
@@ -39,12 +39,15 @@ public slots:
    void updateModel(const QJsonObject &config);
    QJsonObject getConfig();

+    bool isServerSettingsEqual();
+
 protected:
    QHash<int, QByteArray> roleNames() const override;

 private:
    DockerContainer m_container;
-    QJsonObject m_protocolConfig;
+    QJsonObject m_serverProtocolConfig;
+    QJsonObject m_clientProtocolConfig;
    QJsonObject m_fullConfig;
 };

@@ -16,9 +16,11 @@ QHash<int, QByteArray> ProtocolsModel::roleNames() const
    QHash<int, QByteArray> roles;

    roles[ProtocolNameRole] = "protocolName";
-    roles[ProtocolPageRole] = "protocolPage";
+    roles[ServerProtocolPageRole] = "serverProtocolPage";
+    roles[ClientProtocolPageRole] = "clientProtocolPage";
    roles[ProtocolIndexRole] = "protocolIndex";
    roles[RawConfigRole] = "rawConfig";
+    roles[IsClientProtocolExistsRole] = "isClientProtocolExists";

    return roles;
 }
@@ -34,8 +36,10 @@ QVariant ProtocolsModel::data(const QModelIndex &index, int role) const
        amnezia::Proto proto = ProtocolProps::protoFromString(m_content.keys().at(index.row()));
        return ProtocolProps::protocolHumanNames().value(proto);
    }
-    case ProtocolPageRole:
-        return static_cast<int>(protocolPage(ProtocolProps::protoFromString(m_content.keys().at(index.row()))));
+    case ServerProtocolPageRole:
+        return static_cast<int>(serverProtocolPage(ProtocolProps::protoFromString(m_content.keys().at(index.row()))));
+    case ClientProtocolPageRole:
+        return static_cast<int>(clientProtocolPage(ProtocolProps::protoFromString(m_content.keys().at(index.row()))));
    case ProtocolIndexRole: return ProtocolProps::protoFromString(m_content.keys().at(index.row()));
    case RawConfigRole: {
        auto protocolConfig = m_content.value(ContainerProps::containerTypeToString(m_container)).toObject();
@@ -50,6 +54,15 @@ QVariant ProtocolsModel::data(const QModelIndex &index, int role) const
        }
        return rawConfig;
    }
+    case IsClientProtocolExistsRole: {
+        auto protocolConfig = m_content.value(ContainerProps::containerTypeToString(m_container)).toObject();
+        auto lastConfigJsonDoc =
+                QJsonDocument::fromJson(protocolConfig.value(config_key::last_config).toString().toUtf8());
+        auto lastConfigJson = lastConfigJsonDoc.object();
+
+        auto configString = lastConfigJson.value(config_key::config).toString();
+        return !configString.isEmpty();
+    }
    }

    return QVariant();
@@ -70,7 +83,7 @@ QJsonObject ProtocolsModel::getConfig()
    return config;
 }

-PageLoader::PageEnum ProtocolsModel::protocolPage(Proto protocol) const
+PageLoader::PageEnum ProtocolsModel::serverProtocolPage(Proto protocol) const
 {
    switch (protocol) {
    case Proto::OpenVpn: return PageLoader::PageEnum::PageProtocolOpenVpnSettings;
@@ -90,3 +103,12 @@ PageLoader::PageEnum ProtocolsModel::protocolPage(Proto protocol) const
    default: return PageLoader::PageEnum::PageProtocolOpenVpnSettings;
    }
 }
+
+PageLoader::PageEnum ProtocolsModel::clientProtocolPage(Proto protocol) const
+{
+    switch (protocol) {
+    case Proto::WireGuard: return PageLoader::PageEnum::PageProtocolWireGuardClientSettings;
+    case Proto::Awg: return PageLoader::PageEnum::PageProtocolAwgClientSettings;
+    default: return PageLoader::PageEnum::PageProtocolOpenVpnSettings;
+    }
+}
@@ -13,9 +13,11 @@ class ProtocolsModel : public QAbstractListModel
 public:
    enum Roles {
        ProtocolNameRole = Qt::UserRole + 1,
-        ProtocolPageRole,
+        ServerProtocolPageRole,
+        ClientProtocolPageRole,
        ProtocolIndexRole,
-        RawConfigRole
+        RawConfigRole,
+        IsClientProtocolExistsRole
    };

    ProtocolsModel(std::shared_ptr<Settings> settings, QObject *parent = nullptr);
@@ -33,7 +35,8 @@ protected:
    QHash<int, QByteArray> roleNames() const override;

 private:
-    PageLoader::PageEnum protocolPage(Proto protocol) const;
+    PageLoader::PageEnum serverProtocolPage(Proto protocol) const;
+    PageLoader::PageEnum clientProtocolPage(Proto protocol) const;

    std::shared_ptr<Settings> m_settings;

@@ -1,27 +0,0 @@
-#ifndef PROPERTY_HELPER_H
-#define PROPERTY_HELPER_H
-
-#include <QObject>
-
-#define AUTO_PROPERTY(TYPE, NAME) \
-    Q_PROPERTY(TYPE NAME READ NAME WRITE set_ ## NAME NOTIFY NAME ## Changed ) \
-    public: \
-       TYPE NAME() const { return m_ ## NAME ; } \
-       void set_ ## NAME(TYPE value) { \
-          if (m_ ## NAME == value)  return; \
-          m_ ## NAME = value; \
-          emit NAME ## Changed(value); \
-        } \
-       Q_SIGNAL void NAME ## Changed(TYPE value);\
-    private: \
-       TYPE m_ ## NAME{};
-
-#define READONLY_PROPERTY(TYPE, NAME) \
-    Q_PROPERTY(TYPE NAME READ NAME CONSTANT ) \
-    public: \
-       TYPE NAME() const { return m_ ## NAME ; } \
-    private: \
-       void NAME(TYPE value) {m_ ## NAME = value; } \
-       TYPE m_ ## NAME{};
-
-#endif // PROPERTY_HELPER_H
@@ -14,6 +14,7 @@ Button {
    property string defaultButtonColor: AmneziaStyle.color.paleGray
    property string progressButtonColor: AmneziaStyle.color.paleGray
    property string connectedButtonColor: AmneziaStyle.color.goldenApricot
+    property bool buttonActiveFocus: activeFocus && (Qt.platform.os !== "android" || SettingsController.isOnTv())

    implicitWidth: 190
    implicitHeight: 190
@@ -50,14 +51,14 @@ Button {
                verticalOffset: 0
                radius: 10
                samples: 25
-                color: root.activeFocus ? AmneziaStyle.color.paleGray : AmneziaStyle.color.goldenApricot
+                color: root.buttonActiveFocus ? AmneziaStyle.color.paleGray : AmneziaStyle.color.goldenApricot
                source: backgroundCircle
            }

            ShapePath {
                fillColor: AmneziaStyle.color.transparent
                strokeColor: AmneziaStyle.color.paleGray
-                strokeWidth: root.activeFocus ? 1 : 0
+                strokeWidth: root.buttonActiveFocus ? 1 : 0
                capStyle: ShapePath.RoundCap

                PathAngleArc {
@@ -81,14 +82,14 @@ Button {
                        return defaultButtonColor
                    }
                }
-                strokeWidth: root.activeFocus ? 2 : 3
+                strokeWidth: root.buttonActiveFocus ? 2 : 3
                capStyle: ShapePath.RoundCap

                PathAngleArc {
                    centerX: backgroundCircle.width / 2
                    centerY: backgroundCircle.height / 2
-                    radiusX: 93 - (root.activeFocus ? 2 : 0)
-                    radiusY: 93 - (root.activeFocus ? 2 : 0)
+                    radiusX: 93 - (root.buttonActiveFocus ? 2 : 0)
+                    radiusY: 93 - (root.buttonActiveFocus ? 2 : 0)
                    startAngle: 0
                    sweepAngle: 360
                }
@@ -79,6 +79,7 @@ Button {
                    visible: text !== ""

                    color: AmneziaStyle.color.mutedGray
+                    textFormat: Text.RichText

                    Layout.fillWidth: true
                    Layout.rightMargin: 16
@@ -20,7 +20,8 @@ Item {
    property string buttonImageSource
    property string rightImageSource
    property string leftImageSource
-    property bool isLeftImageHoverEnabled: true //todo separete this qml file to 3
+    property bool isLeftImageHoverEnabled: true
+    property bool isSmallLeftImage: false

    property alias rightButton: rightImage
    property alias eyeButton: eyeImage
@@ -114,9 +115,9 @@ Item {

            visible: leftImageSource ? true : false

-            Layout.preferredHeight: rightImageSource || !isLeftImageHoverEnabled ? leftImage.implicitHeight : 56
-            Layout.preferredWidth: rightImageSource || !isLeftImageHoverEnabled ? leftImage.implicitWidth : 56
-            Layout.rightMargin: rightImageSource || !isLeftImageHoverEnabled ? 16 : 0
+            Layout.preferredHeight: (rightImageSource || !isLeftImageHoverEnabled || isSmallLeftImage) ? 40 : 56
+            Layout.preferredWidth: (rightImageSource || !isLeftImageHoverEnabled || isSmallLeftImage)? 40 : 56
+            Layout.rightMargin: isSmallLeftImage ? 8 : (rightImageSource || !isLeftImageHoverEnabled) ? 16 : 0

            radius: 12
            color: AmneziaStyle.color.transparent
@@ -102,8 +102,7 @@ Switch {
    contentItem: ColumnLayout {
        id: content

-        anchors.top: parent.top
-        anchors.bottom: parent.bottom
+        anchors.verticalCenter: parent.verticalCenter
        anchors.left: parent.left

        ListItemTitleType {
@@ -89,6 +89,21 @@ PageType {

                // KeyNavigation.tab: saveButton
            }
+
+            SwitcherType {
+                id: switcher
+
+                Layout.fillWidth: true
+                Layout.rightMargin: 16
+                Layout.leftMargin: 16
+                Layout.topMargin: 16
+
+                text: qsTr("Dev gateway environment")
+                checked: SettingsController.isDevGatewayEnv
+                onToggled: function() {
+                    SettingsController.isDevGatewayEnv = checked
+                }
+            }
        }
    }
 }
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
pokamest	c681611102	Bump version to 4.8.1.0	2024-09-20 13:08:28 +01:00
pokamest	4fc2a23f49	Merge pull request #1076 from amnezia-vpn/fix/android-protocol-libs Exclude protocol libraries from loading at application startup	2024-09-20 05:06:41 -07:00
pokamest	23f4a6ec8e	Merge pull request #1077 from amnezia-vpn/bugfix/linux-page-home-drawer-size bugfix: fixed drawer size to pageHome on first startup	2024-09-20 04:38:24 -07:00
vladimir.kuznetsov	504862c2b8	bugfix: fixed drawer size to pageHome on first startup	2024-09-20 15:36:20 +04:00
Mykola Baibuz	a22a9448ca	Some XRay improvements (#1075 )	2024-09-20 12:12:22 +01:00
pokamest	862e83ddf5	Merge pull request #1073 from amnezia-vpn/bugfix/awg-wg-persistent-keep-alive-variable-type returned awg/wg persistentKeepAlive variable type to string	2024-09-20 03:08:27 -07:00
albexk	8735eee662	Exclude protocol libraries from loading at application startup	2024-09-19 23:41:37 +03:00
pokamest	ff82cf5dc4	Merge pull request #1074 from amnezia-vpn/fix/gh-ios-build Fix iOS build on GHA	2024-09-19 09:24:32 -07:00
Iurii Egorov	8648790583	Fix iOS build on GHA	2024-09-19 18:47:20 +03:00
vladimir.kuznetsov	b881d92a80	bugfix: returned awg/wg persistentKeepAlive variable type to string	2024-09-19 16:04:36 +04:00
pokamest	7ad7f31e4d	Merge pull request #1072 from amnezia-vpn/fix/android-xray-domain-name Fix domain name resolution for XRay	2024-09-19 13:59:06 +03:00
albexk	138e6f70a4	Fix domain name resolution for XRay	2024-09-19 13:31:59 +03:00
Pokamest Nikak	6f94f4646a	Fix Xray connection timeout for Windows	2024-09-19 11:18:40 +01:00
pokamest	4a01d2cf20	Merge pull request #1070 from amnezia-vpn/bugfix/awg-wg-persistent-keep-alive-variable-type bugfix: fixed awg/wg persistentKeepAlive variable type	2024-09-18 17:13:53 +03:00
vladimir.kuznetsov	8948601caa	bugfix: fixed awg/wg persistentKeepAlive variable type	2024-09-17 15:11:14 +04:00
Vitaly	aa92ccd06d	Small improve on next IP generation / WireGuard, AWG (#1054 ) Small improve on next IP generation	2024-09-17 13:29:01 +07:00
Vitaly	253ae75795	Added list of AllowedIPs for WireGuard/AWG connections on Share -> Users ->ExpandedContent page (#1055 ) Added list of AllowedIPs for WireGuard/AWG connections on Share -> Users ->ExpandedContent page	2024-09-17 13:28:44 +07:00
pokamest	87cb5f620a	Bump version to 4.8.0.4	2024-09-16 22:18:45 +01:00
Nethius	46cd740a84	added domain name resolving before connection for wg/awg and xray protocols (#814 ) added domain name resolving before connection	2024-09-16 22:14:13 +01:00
Pokamest Nikak	76e5039578	Update translations	2024-09-15 11:09:59 +01:00
Pokamest Nikak	c6b131aa4c	Bump version to 4.8.0.1	2024-09-13 18:25:04 +01:00
pokamest	5e72bf945c	Merge pull request #1064 from amnezia-vpn/fix/android-window-hiding Fix window hiding on startup on Android	2024-09-13 18:21:49 +03:00
albexk	eebf7eccec	Fix window hiding on startup on Android	2024-09-13 18:14:25 +03:00
pokamest	168c293bfe	Merge pull request #979 from amnezia-vpn/feature/update-tap Update TAP-Windows driver	2024-09-13 15:00:31 +03:00
Nethius	aae3cdcac1	added saving allowed_ips to the array of strings for old configs (#926 ) * added saving allowed_ips to the array of strings for old configs * Remove config string processing, add getting all AWG, WG parameters from JSON * fixed checking of default routes when adding split tunneling from the application * added check when processing siteBasedSplitTunneling	2024-09-13 10:53:21 +01:00
Nethius	96566f04ee	feature/mtu connection config (#833 ) * added the ability to change mtu for connection-only configs * added replacing MTU with default when importing awg/wg configs in amnezia	2024-09-13 09:38:48 +01:00
pokamest	fff15fffe2	Bug fix for iOS	2024-09-11 09:51:07 -07:00
pokamest	4e5a03e7f1	Merge pull request #1059 from amnezia-vpn/chore/dev-key	2024-09-10 21:38:45 +03:00
vladimir.kuznetsov	7571bbc36e	chore: added dev key to deploy workflow - added m_isDevEnvironment initialization	2024-09-10 22:03:10 +04:00
pokamest	db4a1a62e5	Merge pull request #1058 from amnezia-vpn/version-bump	2024-09-09 22:17:47 +03:00
albexk	581773ce03	Bump version to 4.8.0.0	2024-09-09 22:11:18 +03:00
albexk	46058f614e	Add connection checking for WG/AWG via logs (#1056 )	2024-09-09 22:08:06 +03:00
Nethius	9cab51fb00	added open service logs to logs page (#951 ) * added open service logs to logs page * redesign of log saving buttons * hide service logs buttons for mobile platforms * refactoring: moved logger to common folder * feature: added the ability to enable logs to the start screen	2024-09-09 17:53:44 +01:00
Nethius	918be16372	feature: added isAvailable flag support (#1032 ) * feature: added isAvailable flag support * added the option to switch to dev env	2024-09-09 13:27:29 +01:00
albexk	175477d31f	Android qt 6.7 (#1024 ) * Up Gradle to 8.10 * Update Android dependencies * Up Qt to 6.7.2 * Up qtkeychain to 0.14.3 * Move function of changing the color of the navigation bar to the android side * Fix splashscreen and recent apps thumbnail backgrounds * Android authentication refactoring * Fix GitHub action * Fix the extra circle around the connect button on Android * Fix keyboard popup * Increase the amount of requestNetwork attempts on Android 11	2024-09-09 12:36:33 +01:00
KsZnak	cd70b7e619	Translation updated (ukrainian) (#1048 ) * Update amneziavpn_uk_UA.ts	2024-09-06 15:54:47 +03:00
pokamest	22011e263e	Merge pull request #1051 from amnezia-vpn/bugfix/startup-crush fixed a possible unhandled exception	2024-09-06 15:53:59 +03:00
Shehab Ahmed	88a2b9a07a	Update Arabic, Burmese translation (#1022 ) Update Arabic and Burmese translation	2024-09-03 10:06:13 +01:00
KsZnak	248f487d4e	Update amneziavpn_fa_IR.ts (#1005 ) Persian language updated	2024-09-03 10:03:42 +01:00
pokamest	572ef09296	Merge pull request #1030 from amnezia-vpn/chore/screenshots-enabled-true chore/screenshots enabled true	2024-08-30 15:56:10 +03:00
pokamest	03078236ab	Merge pull request #1028 from amnezia-vpn/feature/copy-mail-button feature: added 'copy mail' button on about page	2024-08-30 15:54:26 +03:00
Shehab Ahmed	b39a0a1d94	fix start Minimized feature issue on linux, Closes #1016 (#1021 ) fix start Minized feature issue on linux	2024-08-30 15:53:48 +03:00
vladimir.kuznetsov	e94fc688ba	chore: set screenshotsEnabled to true by default	2024-08-30 16:32:40 +04:00
vladimir.kuznetsov	558f613acc	feature: added 'copy mail' button on about page	2024-08-30 16:19:11 +04:00
pokamest	d800a95a1d	Merge pull request #1003 from eltociear/patch-1 chore: update windowsservicemanager.h	2024-08-28 17:26:21 +03:00
pokamest	b8f100d4fa	Merge pull request #1015 from amnezia-vpn/Links-updated-4.7.0.0-in-readme Update README.md	2024-08-28 17:08:56 +03:00
vladimir.kuznetsov	51618fb882	fixed a possible unhandled exception	2024-08-27 13:14:15 +03:00
KsZnak	14f537ba76	Update README.md links updated 4.7.0.0	2024-08-26 16:41:25 +03:00
pokamest	3458ed78d7	Merge pull request #1004 from amnezia-vpn/Update-amneziavpn_ru_RU.ts Update amneziavpn_ru_RU.ts	2024-08-23 14:17:56 -07:00
KsZnak	4bc571f609	Update amneziavpn_ru_RU.ts Russian language updated	2024-08-23 22:07:40 +03:00
Ikko Eltociear Ashimine	ee61f842e5	chore: update windowsservicemanager.h controll -> control	2024-08-24 00:32:58 +09:00
Mykola Baibuz	758b25947c	Fix Windows IPsec (#909 ) * Fix Windows IPsec * Fix work wth PKCS12 TempFile	2024-08-23 14:23:19 +01:00
Pokamest Nikak	b036c38981	Update translations	2024-08-22 21:09:01 +01:00
pokamest	eab2b8e45a	Merge pull request #990 from NetworkWorm123/readme-update Update README.md	2024-08-21 09:09:58 -07:00
Timon	dfdec2bf4b	Update README.md	2024-08-21 15:25:47 +00:00
Mykola Baibuz	b83e74427e	Update TAP-Windows driver	2024-08-15 19:51:49 +03:00