Merge branch 'dev' of github.com:amnezia-vpn/amnezia-client into feature/download-native-wireguard-config-on-connect

connect

.github/workflows/deploy.yml

@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
 
     env:
-      QT_VERSION: 6.5.0
+      QT_VERSION: 6.4.1
       QIF_VERSION: 4.5
 
     steps:
@@ -63,20 +63,11 @@ jobs:
     runs-on: windows-latest
 
     env:
-      QT_VERSION: 6.5.0
+      QT_VERSION: 6.4.1
       QIF_VERSION: 4.5
       BUILD_ARCH: 64
 
     steps:
-    - name: 'Get sources'
-      uses: actions/checkout@v3
-      with:
-        submodules: 'true'
-        fetch-depth: 10
-
-    - name: 'Setup ccache'
-      uses: hendrikmuhs/ccache-action@v1.2
-
     - name: 'Install Qt'
       uses: jurplel/install-qt-action@v3
       with:
@@ -96,6 +87,15 @@ jobs:
       with:
         arch: 'x64'
 
+    - name: 'Get sources'
+      uses: actions/checkout@v3
+      with:
+        submodules: 'true'
+        fetch-depth: 10
+
+    - name: 'Setup ccache'
+      uses: hendrikmuhs/ccache-action@v1.2
+
     - name: 'Build project'
       shell: cmd
       run: |
@@ -124,7 +124,8 @@ jobs:
     runs-on: macos-latest
 
     env:
-      QT_VERSION: 6.5.0
+      QT_VERSION: 6.4.1
+      QIF_VERSION: 4.4
 
     steps:
     - name: 'Setup xcode'
@@ -138,18 +139,18 @@ jobs:
         version: ${{ env.QT_VERSION }}
         host: 'mac'
         target: 'desktop'
-        modules: 'qtremoteobjects qt5compat qtshadertools qtmultimedia'
         arch: 'clang_64'
+        modules: 'qtremoteobjects qt5compat qtshadertools'
         dir: ${{ runner.temp }}
         set-env: 'true'
 
-    - name: 'Install iOS Qt'
+    - name: 'Install ios Qt'
       uses: jurplel/install-qt-action@v3
       with:
         version: ${{ env.QT_VERSION }}
         host: 'mac'
         target: 'ios'
-        modules: 'qtremoteobjects qt5compat qtshadertools qtmultimedia'
+        modules: 'qtremoteobjects qt5compat qtshadertools'
         dir: ${{ runner.temp }}
         setup-python: 'true'
         set-env: 'true'
@@ -199,7 +200,7 @@ jobs:
     runs-on: macos-latest
 
     env:
-      QT_VERSION: 6.5.0
+      QT_VERSION: 6.4.1
       QIF_VERSION: 4.5
 
     steps:
@@ -262,7 +263,8 @@ jobs:
         arch: ['android_x86_64', 'android_x86'] #, 'android_armv7', 'android_arm64_v8a']
 
     env:
-      QT_VERSION: 6.5.0
+      QT_VERSION: 6.4.1
+      QIF_VERSION: 4.5
 
     steps:
     - name: 'Install desktop Qt'

.gitmodules

@@ -1,3 +1,6 @@
+[submodule "3rd/QtSsh"]
+	path = 3rd/QtSsh
+	url = https://github.com/amnezia-vpn/QtSsh.git
 [submodule "client/3rd/wireguard-tools"]
 	path = client/3rd/wireguard-tools
 	url = https://github.com/WireGuard/wireguard-tools/

AmneziaVPN.pro

@@ -0,0 +1,6 @@
+TEMPLATE = subdirs
+SUBDIRS = client
+
+!ios:!android {
+   SUBDIRS += service
+}

CMakeLists.txt

@@ -1,31 +1,18 @@
 cmake_minimum_required(VERSION 3.25.0 FATAL_ERROR)
 
 set(PROJECT AmneziaVPN)
-
-project(${PROJECT} VERSION 3.0.7.1
-        DESCRIPTION "AmneziaVPN"
-        HOMEPAGE_URL "https://amnezia.org/"
-)
-set(RELEASE_DATE "2023-05-15")
-set(APP_MAJOR_VERSION ${CMAKE_PROJECT_VERSION_MAJOR}.${CMAKE_PROJECT_VERSION_MINOR}.${CMAKE_PROJECT_VERSION_PATCH})
+project(${PROJECT})
 
 if(ANDROID)
     set(QT_ANDROID_BUILD_ALL_ABIS ON)
 endif()
 
-# TODO: determine build step for arm64 build, from x86_64 host
 if(APPLE AND NOT IOS)
-    if(CMAKE_HOST_SYSTEM_PROCESSOR STREQUAL "arm64")
-        set(CMAKE_OSX_ARCHITECTURES "arm64")
-    elseif(CMAKE_HOST_SYSTEM_PROCESSOR STREQUAL "x86_64")
     set(CMAKE_OSX_ARCHITECTURES "x86_64")
 endif()
-endif()
 
 add_subdirectory(client)
 
 if(NOT IOS AND NOT ANDROID)
     add_subdirectory(service)
-
-    include(${CMAKE_SOURCE_DIR}/deploy/installer/config.cmake)
 endif()

README.md

@@ -7,9 +7,10 @@ Amnezia is a VPN client with the key feature of deploying your own VPN server on
 
 ## Features
 - Very easy to use - enter your ip address, ssh login and password, and Amnezia client will automatically install VPN docker containers to your server and connect to VPN.
-- OpenVPN, ShadowSocks, WireGuard, IKEv2 protocols support.
-- Split tunneling support - add any sites to client to enable VPN only for them (only for desktops)
-- Windows, MacOS, Linux, Android, iOS releases.
+- OpenVPN and OpenVPN over ShadowSocks protocols support. 
+- Custom VPN routing mode support - add any sites to client to enable VPN only for them.
+- Windows and MacOS support.
+- Unsecure sharing connection profile for family use.
 
 ## Tech
 
@@ -19,7 +20,7 @@ AmneziaVPN uses a number of open source projects to work:
 - [OpenVPN](https://openvpn.net/)
 - [ShadowSocks](https://shadowsocks.org/)
 - [Qt](https://www.qt.io/)
-- [LibSsh](https://libssh.org) - forked form Qt Creator
+- [QtSsh](https://github.com/jaredtao/QtSsh) - forked form Qt Creator
 - and more...
 
 ## Checking out the source code
@@ -35,35 +36,39 @@ git submodule update --init
 Want to contribute? Welcome!
 
 ### Building sources and deployment
-Look deploy folder for build scripts. 
+Easiest way to build your own executables - is to fork project and configure [Travis CI](https://travis-ci.com/)  
+Or you can build sources manually using Qt Creator. Qt >= 14.2 supported.  
+Look to the `build_macos.sh` and `build_windows.bat` scripts in `deploy` folder for details.
 
 ### How to build iOS app from source code on MacOS
 
-1. First, make sure you have [XCode](https://developer.apple.com/xcode/) installed, at least version 14 or higher.
+1. First, make sure you have [XCode](https://developer.apple.com/xcode/) installed, 
+at least version 12 or higher.
 
-2. We use QT to generate the XCode project. we need QT version 6.4. Install QT for macos in [here](https://doc.qt.io/qt-6/macos.html)
-
-3. Install cmake is require. We recommend cmake version 3.25. You can install cmake in [here](https://cmake.org/download/)
-
-4. You also need to install go >= v1.16. If you don't have it done already,
+2. We use `qmake` to generate the XCode project and then we "patch" it to add
+extra components such as the wireguard, the browser bridge and so on. We patch
+the XCode project using [xcodeproj](https://github.com/CocoaPods/Xcodeproj). To
+install it:
+```bash
+gem install xcodeproj # probably you want to run this command with `sudo`
+```
+3. You also need to install go >= v1.16. If you don't have it done already,
 download go from the [official website](https://golang.org/dl/) or use Homebrew. 
-Latest version is recommended. Install gomobile
+Latest version is recommended.
+
+4. Navigate inside client folder and generate the XCode project using our script:
 ```bash
-export PATH=$PATH:~/go/bin
-go install golang.org/x/mobile/cmd/gomobile@latest
-gomobile init
+cd client
+./scripts/apple_compile.sh ios
 ```
 
-5. Build project
+If you have more than one version of Qt installed, you'll most likely get
+a "`qmake` cannot be found in your `$PATH`" error. In this case run this script 
+using QT\IOS\_BIN env to set the path for the Qt5 macos build bin folder.
+For example, the path could look like this:
 ```bash
-export QT_BIN_DIR="<PATH-TO-QT-FOLDER>/Qt/<QT-VERSION>/ios/bin"
-export QT_IOS_BIN=$QT_BIN_DIR
-export PATH=$PATH:~/go/bin
-mkdir build-ios
-$QT_IOS_BIN/qt-cmake . -B build-ios -GXcode -DQT_HOST_PATH=$QT_BIN_DIR
+QT_IOS_BIN="/Users/username/Qt/6.4.1/ios/bin" ./scripts/apple_compile.sh ios
 ```
-Replace PATH-TO-QT-FOLDER and QT-VERSION to your environment
-
 
 If you get `gomobile: command not found` make sure to set PATH to the location 
 of the bin folder where gomobile was installed. Usually, it's in `GOPATH`.
@@ -71,7 +76,7 @@ of the bin folder where gomobile was installed. Usually, it's in `GOPATH`.
 export PATH=$(PATH):/path/to/GOPATH/bin
 ```
 
-5. Open XCode project. You can then run/test/archive/ship the app.
+5. Xcode should automatically open. You can then run/test/archive/ship the app.
 
 If build fails with the following error
 ```
@@ -82,7 +87,7 @@ Error 1
 Add a user defined variable to both AmneziaVPN and WireGuardNetworkExtension targets' build settings with
 key `PATH` and value `${PATH}/path/to/bin/folder/with/go/executable`, e.g. `${PATH}:/usr/local/go/bin`.
 
-if above error still persists on you M1 Mac, then most probably you need to install arch based cmake 
+if above error still persists on you M1 Mac, then most proably you need to install arch based cmake 
 ```
 arch -arm64 brew install cmake
 ```
@@ -107,15 +112,15 @@ In case you get errors regarding missing SDK or 'sdkmanager not running', you ca
 
 Double check that the right cmake version is configured:  Click on `QT Creator` -> `Preferences` and click on the side menu on `Kits`. Under the center content view's `Kits` tab you'll find an entry `CMake Tool`. If the default selected CMake version is lower than 3.25.0, install on your system CMake >= 3.25.0 and choose `System CMake at <path>` from the drop down list. If this entry is missing, you either have not installed CMake yet or QT Creator hasn't found the path to it. In that case click in the preferences window on the side menu item `CMake`, then on the tab `Tools`in the center content view and finally on the Button `Add` to set the path to your installed CMake. 
 
-Please make sure that you have selected Android Platform SDK 33 for your project: click in the main view's side menu on on `Projects`, on the left you'll see a section `Build & Run` showing different Android build targets. You can select any of them, Amnezia VPN's project setup is designed in a way that always all Android targets will be build. Click on the targets submenu item `Build` and scroll in the center content view to `Build Steps`. Click on `Details` at the end of the headline `Build Android APK` (The `Details` button might be hidden in case QT Creator Window is not running in full screen!). Here we are: choose `android-33` as `Android Build platform SDK`.
+Please make sure that you have selected Android Platform SDK 33 for your project: click in the main view's side menu on on `Projects`, on the left you'll see a section `Build & Run` showing different Android build targets. You can select any of them, Amnezia VPN's project setup is designed in a way that always all Android targets will be build. Click on the targets submenu item `Build` and scroll in the center content view to `Build Steps`. Click on `Details` at the end of the headline `Build Android APK` (The `Details` button might be hidden in case QT Creator Window is not running in full screen!). Here we are: choose `android-33` as `Android Build platfrom SDK`.
 
 That's it you should be ready to compile the project from QT Creator!
 
 ### Development flow
 After you've hit the build button, QT-Creator copies the whole project to a folder in the repositories parent directory. The folder should look something like `build-amnezia-client-Android_Qt_<version>_Clang_<architecture>-<BuildType>`.
-If you want to develop Amnezia VPNs Android components written in Kotlin, such as components using system APIs, you need to import the generated project in Android Studio with `build-amnezia-client-Android_Qt_<version>_Clang_<architecture>-<BuildType>/client/android-build` as the projects root directory. While you should be able to compile the generated project from Android Studio, you cannot work directly in the repository's Android project. So whenever you are confident with your work in the generated project, you'll need to copy and paste the affected files to the corresponding path in the repositories Android project so that you can add and commit your changes!
+If you want to develop Amnezia VPNs Android components written in Kotlin, such as components using system APIs, you need to import the generated project in Android Studio with `build-amnezia-client-Android_Qt_<version>_Clang_<architecture>-<BuildType>/client/android-build` as the projects root directory. While you should be able to compile the generated project from Android Studio, you cannot work directly in the repository's Android project. So whenever you are confident with your work in the generated proejct, you'll need to copy and paste the affected files to the corresponding path in the repositories Android project so that you can add and commit your changes!
 
-You may face compiling issues in QT Creator after you've worked in Android Studio on the generated project. Just do a `./gradlew clean` in the generated project's root directory (`<path>/client/android-build/.`) and you should be good to continue.
+You may face compiling issues in QT Creator after you've worked in Android Studio on the generated project. Just do a `./gradlew clean` in the geneated project's root directory (`<path>/client/android-build/.`) and you should be good to continue.
 
 ## License
 GPL v.3

client/AmneziaVPN-Swift.h

@@ -0,0 +1,249 @@
+#ifndef AmneziaVPN_Swift_h
+#define AmneziaVPN_Swift_h
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wgcc-compat"
+
+#if !defined(__has_include)
+# define __has_include(x) 0
+#endif
+#if !defined(__has_attribute)
+# define __has_attribute(x) 0
+#endif
+#if !defined(__has_feature)
+# define __has_feature(x) 0
+#endif
+#if !defined(__has_warning)
+# define __has_warning(x) 0
+#endif
+
+#if __has_include(<swift/objc-prologue.h>)
+# include <swift/objc-prologue.h>
+#endif
+
+#pragma clang diagnostic ignored "-Wauto-import"
+#include <Foundation/Foundation.h>
+#include <stdint.h>
+#include <stddef.h>
+#include <stdbool.h>
+
+#if !defined(SWIFT_TYPEDEFS)
+# define SWIFT_TYPEDEFS 1
+# if __has_include(<uchar.h>)
+#  include <uchar.h>
+# elif !defined(__cplusplus)
+typedef uint_least16_t char16_t;
+typedef uint_least32_t char32_t;
+# endif
+typedef float swift_float2  __attribute__((__ext_vector_type__(2)));
+typedef float swift_float3  __attribute__((__ext_vector_type__(3)));
+typedef float swift_float4  __attribute__((__ext_vector_type__(4)));
+typedef double swift_double2  __attribute__((__ext_vector_type__(2)));
+typedef double swift_double3  __attribute__((__ext_vector_type__(3)));
+typedef double swift_double4  __attribute__((__ext_vector_type__(4)));
+typedef int swift_int2  __attribute__((__ext_vector_type__(2)));
+typedef int swift_int3  __attribute__((__ext_vector_type__(3)));
+typedef int swift_int4  __attribute__((__ext_vector_type__(4)));
+typedef unsigned int swift_uint2  __attribute__((__ext_vector_type__(2)));
+typedef unsigned int swift_uint3  __attribute__((__ext_vector_type__(3)));
+typedef unsigned int swift_uint4  __attribute__((__ext_vector_type__(4)));
+#endif
+
+#if !defined(SWIFT_PASTE)
+# define SWIFT_PASTE_HELPER(x, y) x##y
+# define SWIFT_PASTE(x, y) SWIFT_PASTE_HELPER(x, y)
+#endif
+#if !defined(SWIFT_METATYPE)
+# define SWIFT_METATYPE(X) Class
+#endif
+#if !defined(SWIFT_CLASS_PROPERTY)
+# if __has_feature(objc_class_property)
+#  define SWIFT_CLASS_PROPERTY(...) __VA_ARGS__
+# else
+#  define SWIFT_CLASS_PROPERTY(...)
+# endif
+#endif
+
+#if __has_attribute(objc_runtime_name)
+# define SWIFT_RUNTIME_NAME(X) __attribute__((objc_runtime_name(X)))
+#else
+# define SWIFT_RUNTIME_NAME(X)
+#endif
+#if __has_attribute(swift_name)
+# define SWIFT_COMPILE_NAME(X) __attribute__((swift_name(X)))
+#else
+# define SWIFT_COMPILE_NAME(X)
+#endif
+#if __has_attribute(objc_method_family)
+# define SWIFT_METHOD_FAMILY(X) __attribute__((objc_method_family(X)))
+#else
+# define SWIFT_METHOD_FAMILY(X)
+#endif
+#if __has_attribute(noescape)
+# define SWIFT_NOESCAPE __attribute__((noescape))
+#else
+# define SWIFT_NOESCAPE
+#endif
+#if __has_attribute(ns_consumed)
+# define SWIFT_RELEASES_ARGUMENT __attribute__((ns_consumed))
+#else
+# define SWIFT_RELEASES_ARGUMENT
+#endif
+#if __has_attribute(warn_unused_result)
+# define SWIFT_WARN_UNUSED_RESULT __attribute__((warn_unused_result))
+#else
+# define SWIFT_WARN_UNUSED_RESULT
+#endif
+#if __has_attribute(noreturn)
+# define SWIFT_NORETURN __attribute__((noreturn))
+#else
+# define SWIFT_NORETURN
+#endif
+#if !defined(SWIFT_CLASS_EXTRA)
+# define SWIFT_CLASS_EXTRA
+#endif
+#if !defined(SWIFT_PROTOCOL_EXTRA)
+# define SWIFT_PROTOCOL_EXTRA
+#endif
+#if !defined(SWIFT_ENUM_EXTRA)
+# define SWIFT_ENUM_EXTRA
+#endif
+#if !defined(SWIFT_CLASS)
+# if __has_attribute(objc_subclassing_restricted)
+#  define SWIFT_CLASS(SWIFT_NAME) SWIFT_RUNTIME_NAME(SWIFT_NAME) __attribute__((objc_subclassing_restricted)) SWIFT_CLASS_EXTRA
+#  define SWIFT_CLASS_NAMED(SWIFT_NAME) __attribute__((objc_subclassing_restricted)) SWIFT_COMPILE_NAME(SWIFT_NAME) SWIFT_CLASS_EXTRA
+# else
+#  define SWIFT_CLASS(SWIFT_NAME) SWIFT_RUNTIME_NAME(SWIFT_NAME) SWIFT_CLASS_EXTRA
+#  define SWIFT_CLASS_NAMED(SWIFT_NAME) SWIFT_COMPILE_NAME(SWIFT_NAME) SWIFT_CLASS_EXTRA
+# endif
+#endif
+#if !defined(SWIFT_RESILIENT_CLASS)
+# if __has_attribute(objc_class_stub)
+#  define SWIFT_RESILIENT_CLASS(SWIFT_NAME) SWIFT_CLASS(SWIFT_NAME) __attribute__((objc_class_stub))
+#  define SWIFT_RESILIENT_CLASS_NAMED(SWIFT_NAME) __attribute__((objc_class_stub)) SWIFT_CLASS_NAMED(SWIFT_NAME)
+# else
+#  define SWIFT_RESILIENT_CLASS(SWIFT_NAME) SWIFT_CLASS(SWIFT_NAME)
+#  define SWIFT_RESILIENT_CLASS_NAMED(SWIFT_NAME) SWIFT_CLASS_NAMED(SWIFT_NAME)
+# endif
+#endif
+
+#if !defined(SWIFT_PROTOCOL)
+# define SWIFT_PROTOCOL(SWIFT_NAME) SWIFT_RUNTIME_NAME(SWIFT_NAME) SWIFT_PROTOCOL_EXTRA
+# define SWIFT_PROTOCOL_NAMED(SWIFT_NAME) SWIFT_COMPILE_NAME(SWIFT_NAME) SWIFT_PROTOCOL_EXTRA
+#endif
+
+#if !defined(SWIFT_EXTENSION)
+# define SWIFT_EXTENSION(M) SWIFT_PASTE(M##_Swift_, __LINE__)
+#endif
+
+#if !defined(OBJC_DESIGNATED_INITIALIZER)
+# if __has_attribute(objc_designated_initializer)
+#  define OBJC_DESIGNATED_INITIALIZER __attribute__((objc_designated_initializer))
+# else
+#  define OBJC_DESIGNATED_INITIALIZER
+# endif
+#endif
+#if !defined(SWIFT_ENUM_ATTR)
+# if defined(__has_attribute) && __has_attribute(enum_extensibility)
+#  define SWIFT_ENUM_ATTR(_extensibility) __attribute__((enum_extensibility(_extensibility)))
+# else
+#  define SWIFT_ENUM_ATTR(_extensibility)
+# endif
+#endif
+#if !defined(SWIFT_ENUM)
+# define SWIFT_ENUM(_type, _name, _extensibility) enum _name : _type _name; enum SWIFT_ENUM_ATTR(_extensibility) SWIFT_ENUM_EXTRA _name : _type
+# if __has_feature(generalized_swift_name)
+#  define SWIFT_ENUM_NAMED(_type, _name, SWIFT_NAME, _extensibility) enum _name : _type _name SWIFT_COMPILE_NAME(SWIFT_NAME); enum SWIFT_COMPILE_NAME(SWIFT_NAME) SWIFT_ENUM_ATTR(_extensibility) SWIFT_ENUM_EXTRA _name : _type
+# else
+#  define SWIFT_ENUM_NAMED(_type, _name, SWIFT_NAME, _extensibility) SWIFT_ENUM(_type, _name, _extensibility)
+# endif
+#endif
+#if !defined(SWIFT_UNAVAILABLE)
+# define SWIFT_UNAVAILABLE __attribute__((unavailable))
+#endif
+#if !defined(SWIFT_UNAVAILABLE_MSG)
+# define SWIFT_UNAVAILABLE_MSG(msg) __attribute__((unavailable(msg)))
+#endif
+#if !defined(SWIFT_AVAILABILITY)
+# define SWIFT_AVAILABILITY(plat, ...) __attribute__((availability(plat, __VA_ARGS__)))
+#endif
+#if !defined(SWIFT_WEAK_IMPORT)
+# define SWIFT_WEAK_IMPORT __attribute__((weak_import))
+#endif
+#if !defined(SWIFT_DEPRECATED)
+# define SWIFT_DEPRECATED __attribute__((deprecated))
+#endif
+#if !defined(SWIFT_DEPRECATED_MSG)
+# define SWIFT_DEPRECATED_MSG(...) __attribute__((deprecated(__VA_ARGS__)))
+#endif
+#if __has_feature(attribute_diagnose_if_objc)
+# define SWIFT_DEPRECATED_OBJC(Msg) __attribute__((diagnose_if(1, Msg, "warning")))
+#else
+# define SWIFT_DEPRECATED_OBJC(Msg) SWIFT_DEPRECATED_MSG(Msg)
+#endif
+#if !defined(IBSegueAction)
+# define IBSegueAction
+#endif
+#if __has_feature(modules)
+#if __has_warning("-Watimport-in-framework-header")
+#pragma clang diagnostic ignored "-Watimport-in-framework-header"
+#endif
+@import Foundation;
+@import ObjectiveC;
+#endif
+
+#pragma clang diagnostic ignored "-Wproperty-attribute-mismatch"
+#pragma clang diagnostic ignored "-Wduplicate-method-arg"
+#if __has_warning("-Wpragma-clang-attribute")
+# pragma clang diagnostic ignored "-Wpragma-clang-attribute"
+#endif
+#pragma clang diagnostic ignored "-Wunknown-pragmas"
+#pragma clang diagnostic ignored "-Wnullability"
+
+#if __has_attribute(external_source_symbol)
+# pragma push_macro("any")
+# undef any
+# pragma clang attribute push(__attribute__((external_source_symbol(language="Swift", defined_in="AmneziaVPN",generated_declaration))), apply_to=any(function,enum,objc_interface,objc_category,objc_protocol))
+# pragma pop_macro("any")
+#endif
+
+
+@class NSString;
+@class NSData;
+enum ConnectionState : NSInteger;
+@class NSDate;
+@class NSNumber;
+@class VPNIPAddressRange;
+
+SWIFT_CLASS("_TtC10AmneziaVPN18IOSVpnProtocolImpl")
+@interface IOSVpnProtocolImpl : NSObject
+- (nonnull instancetype)initWithBundleID:(NSString * _Nonnull)bundleID privateKey:(NSData * _Nonnull)privateKey deviceIpv4Address:(NSString * _Nonnull)deviceIpv4Address deviceIpv6Address:(NSString * _Nonnull)deviceIpv6Address closure:(void (^ _Nonnull)(enum ConnectionState, NSDate * _Nullable))closure callback:(void (^ _Nonnull)(BOOL))callback OBJC_DESIGNATED_INITIALIZER;
+- (nonnull instancetype)initWithBundleID:(NSString * _Nonnull)bundleID config:(NSString * _Nonnull)config closure:(void (^ _Nonnull)(enum ConnectionState, NSDate * _Nullable))closure callback:(void (^ _Nonnull)(BOOL))callback;
+- (nonnull instancetype)initWithBundleID:(NSString * _Nonnull)bundleID tunnelConfig:(NSString * _Nonnull)tunnelConfig ssConfig:(NSString * _Nonnull)ssConfig closure:(void (^ _Nonnull)(enum ConnectionState, NSDate * _Nullable))closure callback:(void (^ _Nonnull)(BOOL))callback;
+- (void)connectWithDnsServer:(NSString * _Nonnull)dnsServer serverIpv6Gateway:(NSString * _Nonnull)serverIpv6Gateway serverPublicKey:(NSString * _Nonnull)serverPublicKey presharedKey:(NSString * _Nonnull)presharedKey serverIpv4AddrIn:(NSString * _Nonnull)serverIpv4AddrIn serverPort:(NSInteger)serverPort allowedIPAddressRanges:(NSArray<VPNIPAddressRange *> * _Nonnull)allowedIPAddressRanges ipv6Enabled:(Boolean)enabled reason:(NSInteger)reason failureCallback:(void (^ _Nonnull)(void))failureCallback;
+- (void)connectWithOvpnConfig:(NSString * _Nonnull)ovpnConfig failureCallback:(void (^ _Nonnull)(void))failureCallback;
+- (void)connectWithSsConfig:(NSString * _Nonnull)ssConfig ovpnConfig:(NSString * _Nonnull)ovpnConfig failureCallback:(void (^ _Nonnull)(void))failureCallback;
+- (void)disconnect;
+- (void)checkStatusWithCallback:(void (^ _Nonnull)(NSString * _Nonnull, NSString * _Nonnull, NSString * _Nonnull))callback;
+- (nonnull instancetype)init SWIFT_UNAVAILABLE;
++ (nonnull instancetype)new SWIFT_UNAVAILABLE_MSG("-init is unavailable");
+@end
+
+typedef SWIFT_ENUM(NSInteger, ConnectionState, closed) {
+  ConnectionStateError = 0,
+  ConnectionStateConnected = 1,
+  ConnectionStateDisconnected = 2,
+};
+
+SWIFT_CLASS("_TtC10AmneziaVPN17VPNIPAddressRange")
+@interface VPNIPAddressRange : NSObject
+- (nonnull instancetype)initWithAddress:(NSString * _Nonnull)address networkPrefixLength:(uint8_t)networkPrefixLength isIpv6:(BOOL)isIpv6 OBJC_DESIGNATED_INITIALIZER;
+- (nonnull instancetype)init SWIFT_UNAVAILABLE;
++ (nonnull instancetype)new SWIFT_UNAVAILABLE_MSG("-init is unavailable");
+@end
+
+#if __has_attribute(external_source_symbol)
+# pragma clang attribute pop
+#endif
+#pragma clang diagnostic pop
+#endif /* AmneziaVPN_Swift_h */
+

client/AmneziaVPN.entitlements

@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>com.apple.security.application-groups</key>
+	<array>
+		<string>group.org.amnezia.AmneziaVPN</string>
+	</array>
+	<key>keychain-access-groups</key>
+	<array>
+		<string>$(AppIdentifierPrefix)group.org.amnezia.AmneziaVPN</string>
+	</array>
+</dict>
+</plist>

client/CMakeLists.txt

@@ -1,11 +1,14 @@
 cmake_minimum_required(VERSION 3.25.0 FATAL_ERROR)
 
 set(PROJECT AmneziaVPN)
-project(${PROJECT})
-
-set(QT_BUILD_TOOLS_WHEN_CROSS_COMPILING ON)
+project(${PROJECT} VERSION 2.1.2)
+set(BUILD_ID 1)
+SET(QT_BUILD_TOOLS_WHEN_CROSS_COMPILING ON)
 set(CMAKE_CXX_STANDARD 17)
 set(CMAKE_CXX_STANDARD_REQUIRED ON)
+if(${CMAKE_VERSION} VERSION_GREATER_EQUAL 3.17)
+    cmake_policy(SET CMP0099 OLD)
+endif()
 
 if(ANDROID)
     # For a some reason cmake do not applying GNU_SOURCE/BSD_SOURCE flags on Android platform.
@@ -13,37 +16,29 @@ if(ANDROID)
     add_definitions(-D_BSD_SOURCE)
 endif()
 
+if(CMAKE_XCODE_BUILD_SYSTEM VERSION_GREATER_EQUAL 12)
+  cmake_policy(SET CMP0114 NEW)
+endif()
+
+set(CMAKE_AUTOMOC ON)
+set(CMAKE_AUTORCC ON)
+set(CMAKE_AUTOUIC ON)
 set_property(GLOBAL PROPERTY USE_FOLDERS ON)
 set_property(GLOBAL PROPERTY AUTOGEN_TARGETS_FOLDER "Autogen")
 set_property(GLOBAL PROPERTY AUTOMOC_TARGETS_FOLDER "Autogen")
 set_property(GLOBAL PROPERTY PREDEFINED_TARGETS_FOLDER "Autogen")
 
-set(PACKAGES
+find_package(Qt6 REQUIRED COMPONENTS 
     Widgets Core Gui Network Xml 
     RemoteObjects Quick Svg QuickControls2 
-	Core5Compat Concurrent
+    Core5Compat Concurrent LinguistTools
 )
-if(IOS)
-	set(PACKAGES
-		${PACKAGES}
-		Multimedia
-	)
-endif()
-
-find_package(Qt6 REQUIRED COMPONENTS ${PACKAGES})
-
 set(LIBS ${LIBS} 
     Qt6::Widgets Qt6::Core Qt6::Gui
     Qt6::Network Qt6::Xml Qt6::RemoteObjects
     Qt6::Quick Qt6::Svg Qt6::QuickControls2
     Qt6::Core5Compat Qt6::Concurrent
 )
-if(IOS)
-	set(LIBS
-		${LIBS}
-		Qt6::Multimedia
-	)
-endif()
 
 qt_standard_project_setup()
 
@@ -52,13 +47,11 @@ if(IOS)
         WORKING_DIRECTORY ${CMAKE_CURRENT_LIST_DIR})
 endif()
 
-set(IS_CI ${CI})
-if(IS_CI)
-    message("Detected CI env")
-    find_program(CCACHE "ccache")
-    if(CCACHE)
-        set_property(GLOBAL PROPERTY RULE_LAUNCH_COMPILE "${CCACHE}")
-    endif()
+find_program(CCACHE_FOUND ccache)
+if(CCACHE_FOUND)
+    message("found ccache")
+    set_property(GLOBAL PROPERTY RULE_LAUNCH_COMPILE ccache)
+    set_property(GLOBAL PROPERTY RULE_LAUNCH_LINK ccache)
 endif()
 
 include(${CMAKE_CURRENT_LIST_DIR}/cmake/3rdparty.cmake)
@@ -69,8 +62,6 @@ include_directories(
     ${CMAKE_CURRENT_BINARY_DIR}
 )
 
-configure_file(${CMAKE_CURRENT_LIST_DIR}/../version.h.in ${CMAKE_CURRENT_BINARY_DIR}/version.h)
-
 set(HEADERS ${HEADERS}
     ${CMAKE_CURRENT_LIST_DIR}/migrations.h
     ${CMAKE_CURRENT_LIST_DIR}/../ipc/ipc.h
@@ -89,7 +80,6 @@ set(HEADERS ${HEADERS}
     ${CMAKE_CURRENT_LIST_DIR}/ui/uilogic.h
     ${CMAKE_CURRENT_LIST_DIR}/ui/qautostart.h
     ${CMAKE_CURRENT_LIST_DIR}/protocols/vpnprotocol.h
-    ${CMAKE_CURRENT_BINARY_DIR}/version.h
     ${CMAKE_CURRENT_LIST_DIR}/core/sshclient.h
 )
 
@@ -154,11 +144,6 @@ qt6_add_resources(QRC ${QRC} ${CMAKE_CURRENT_LIST_DIR}/resources.qrc)
 if(WIN32)
     add_compile_definitions(MVPN_WINDOWS)
 
-    configure_file(
-        ${CMAKE_CURRENT_LIST_DIR}/platforms/windows/amneziavpn.rc.in 
-        ${CMAKE_CURRENT_BINARY_DIR}/amneziavpn.rc
-    )
-
     set(HEADERS ${HEADERS}
         ${CMAKE_CURRENT_LIST_DIR}/protocols/ikev2_vpn_protocol_windows.h
     )
@@ -168,7 +153,7 @@ if(WIN32)
     )
 
     set(RESOURCES ${RESOURCES}
-        ${CMAKE_CURRENT_BINARY_DIR}/amneziavpn.rc
+        ${CMAKE_CURRENT_LIST_DIR}/platforms/windows/amneziavpn.rc
     )
 
     set(LIBS ${LIBS}
@@ -184,9 +169,6 @@ if(WIN32)
 endif()
 
 if(APPLE)
-    cmake_policy(SET CMP0099 OLD)
-    cmake_policy(SET CMP0114 NEW)
-
     if(NOT BUILD_OSX_APP_IDENTIFIER)
         set(BUILD_OSX_APP_IDENTIFIER org.amnezia.AmneziaVPN CACHE STRING "OSX Application identifier")
     endif()
@@ -204,6 +186,7 @@ if(APPLE)
     set(CMAKE_XCODE_ATTRIBUTE_DEVELOPMENT_TEAM ${BUILD_VPN_DEVELOPMENT_TEAM})
     set(CMAKE_XCODE_ATTRIBUTE_GROUP_ID_IOS ${BUILD_IOS_GROUP_IDENTIFIER})
 
+   #set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/../../build)
     if(NOT IOS)
         set(CMAKE_OSX_ARCHITECTURES "x86_64" CACHE INTERNAL "" FORCE)
 
@@ -211,7 +194,7 @@ if(APPLE)
         set(HEADERS ${HEADERS} ${CMAKE_CURRENT_LIST_DIR}/ui/macos_util.h)
         set(SOURCES ${SOURCES} ${CMAKE_CURRENT_LIST_DIR}/ui/macos_util.mm)
 
-        set(CMAKE_OSX_DEPLOYMENT_TARGET 10.15)
+        set(CMAKE_OSX_DEPLOYMENT_TARGET 13.0)
         add_compile_definitions(MVPN_MACOS)
         # ICON   = $$PWD/images/app.icns
 
@@ -231,6 +214,7 @@ if(APPLE)
     endif()
 endif()
 
+
 if(LINUX AND NOT ANDROID)
     add_compile_definitions(MVPN_LINUX)
 
@@ -345,7 +329,9 @@ qt_add_translations(${PROJECT} TS_FILES
     ${CMAKE_CURRENT_LIST_DIR}/translations/amneziavpn_ru.ts)
 
 if(APPLE AND NOT IOS)
-    set_target_properties(${PROJECT} PROPERTIES MACOSX_BUNDLE TRUE)
+    set_target_properties(AmneziaVPN PROPERTIES
+        MACOSX_BUNDLE TRUE
+    )
 endif()
 
 if(IOS)
@@ -353,7 +339,32 @@ if(IOS)
     enable_language(OBJCXX)
     enable_language(Swift)
 
+    #disbale in cicd
     include(cmake/osxtools.cmake)
+    # set(CMAKE_XCODE_GENERATE_TOP_LEVEL_PROJECT_ONLY TRUE)
+
+    set_target_properties(${PROJECT} PROPERTIES XCODE_ATTRIBUTE_ENABLE_BITCODE "NO")
+    set_target_properties(${PROJECT} PROPERTIES XCODE_ATTRIBUTE_ASSETCATALOG_COMPILER_APPICON_NAME "AppIcon")
+
+    set_target_properties(${PROJECT} PROPERTIES XCODE_LINK_BUILD_PHASE_MODE KNOWN_LOCATION)
+    set(CMAKE_XCODE_ATTRIBUTE_LD_RUNPATH_SEARCH_PATHS "@executable_path/../../Frameworks")
+    set(CMAKE_XCODE_ATTRIBUTE_FRAMEWORK_SEARCH_PATHS ${CMAKE_CURRENT_LIST_DIR}/3rd/OpenVPNAdapter/build/Release-iphoneos)
+
+
+    #need to change for debug and relase
+    set_target_properties(${PROJECT} 
+        PROPERTIES XCODE_ATTRIBUTE_PRODUCT_BUNDLE_IDENTIFIER "org.amnezia.${PROJECT}"
+        XCODE_ATTRIBUTE_TARGETED_DEVICE_FAMILY "1"
+        XCODE_ATTRIBUTE_DEVELOPMENT_TEAM "X7UJ388FXK"
+        XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY "Apple Distribution"
+        )
+
+    set_target_properties(${PROJECT}
+        PROPERTIES XCODE_ATTRIBUTE_PRODUCT_BUNDLE_IDENTIFIER "org.amnezia.${PROJECT}"
+        XCODE_ATTRIBUTE_TARGETED_DEVICE_FAMILY "1"
+        XCODE_ATTRIBUTE_DEVELOPMENT_TEAM "X7UJ388FXK"
+        XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY[variant=Debug] "Apple Development"
+        )
 
     set(LIBS ${LIBS}
         ${CMAKE_CURRENT_LIST_DIR}/3rd/OpenSSL/lib/ios/iphone/libcrypto.a
@@ -362,57 +373,32 @@ if(IOS)
 
     target_include_directories(${PROJECT} PRIVATE ${Qt6Gui_PRIVATE_INCLUDE_DIRS})
 
-    set(BUILD_ID ${A_PROJECT_BUILD})
-
-    set_target_properties(${PROJECT} PROPERTIES
-        XCODE_LINK_BUILD_PHASE_MODE KNOWN_LOCATION
-
-        MACOSX_BUNDLE_INFO_PLIST ${CMAKE_CURRENT_LIST_DIR}/ios/app/Info.plist.in
-        MACOSX_BUNDLE_ICON_FILE "AppIcon"
-        MACOSX_BUNDLE_INFO_STRING "AmneziaVPN"
-        MACOSX_BUNDLE_BUNDLE_NAME "AmneziaVPN"
-        MACOSX_BUNDLE_GUI_IDENTIFIER "${BUILD_IOS_APP_IDENTIFIER}"
-        MACOSX_BUNDLE_BUNDLE_VERSION "${CMAKE_PROJECT_VERSION_TWEAK}"
-        MACOSX_BUNDLE_LONG_VERSION_STRING "${CMAKE_PROJECT_VERSION}-${BUILD_ID}"
-        MACOSX_BUNDLE_SHORT_VERSION_STRING "${CMAKE_PROJECT_VERSION}"
-
-        XCODE_ATTRIBUTE_PRODUCT_BUNDLE_IDENTIFIER "${BUILD_IOS_APP_IDENTIFIER}"
-        XCODE_ATTRIBUTE_CODE_SIGN_ENTITLEMENTS "${CMAKE_CURRENT_LIST_DIR}/ios/app/main.entitlements"
-        XCODE_ATTRIBUTE_MARKETING_VERSION "${APP_MAJOR_VERSION}"
-        XCODE_ATTRIBUTE_CURRENT_PROJECT_VERSION "${CMAKE_PROJECT_VERSION_TWEAK}"
-        XCODE_ATTRIBUTE_PRODUCT_NAME "AmneziaVPN"
-        XCODE_ATTRIBUTE_BUNDLE_INFO_STRING "AmneziaVPN"
-
-        XCODE_GENERATE_SCHEME TRUE
-        XCODE_ATTRIBUTE_ENABLE_BITCODE "NO"
-        XCODE_ATTRIBUTE_ASSETCATALOG_COMPILER_APPICON_NAME "AppIcon"
-        XCODE_ATTRIBUTE_TARGETED_DEVICE_FAMILY "1,2"
-
-        XCODE_EMBED_FRAMEWORKS_CODE_SIGN_ON_COPY ON
-        XCODE_LINK_BUILD_PHASE_MODE KNOWN_LOCATION
-
-        XCODE_ATTRIBUTE_LD_RUNPATH_SEARCH_PATHS "@executable_path/Frameworks"
-
-        XCODE_EMBED_APP_EXTENSIONS networkextension
-
-        XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY "Apple Distribution"
-        XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY[variant=Debug] "Apple Development"
-
-        XCODE_ATTRIBUTE_CODE_SIGN_STYLE Manual
-        XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER "match AppStore org.amnezia.AmneziaVPN"
-        XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER[variant=Debug] "match Development org.amnezia.AmneziaVPN"
-    )
-
     set_target_properties(${PROJECT} PROPERTIES
         XCODE_ATTRIBUTE_SWIFT_VERSION "5.0"
         XCODE_ATTRIBUTE_CLANG_ENABLE_MODULES "YES"
         XCODE_ATTRIBUTE_SWIFT_OBJC_BRIDGING_HEADER "${CMAKE_CURRENT_LIST_DIR}/platforms/ios/WireGuard-Bridging-Header.h"
         XCODE_ATTRIBUTE_SWIFT_PRECOMPILE_BRIDGING_HEADER "NO"
+        XCODE_ATTRIBUTE_SWIFT_OPTIMIZATION_LEVEL "-Onone"
         XCODE_ATTRIBUTE_SWIFT_OBJC_INTERFACE_HEADER_NAME "AmneziaVPN-Swift.h"
     )
 
     set_target_properties(${PROJECT} PROPERTIES
-        XCODE_ATTRIBUTE_DEVELOPMENT_TEAM "X7UJ388FXK"
+        OUTPUT_NAME "AmneziaVPN"
+        MACOSX_BUNDLE ON
+        MACOSX_BUNDLE_INFO_PLIST ${CMAKE_CURRENT_LIST_DIR}/ios/app/Info.plist.in
+        MACOSX_BUNDLE_BUNDLE_NAME "AmneziaVPN"
+        MACOSX_BUNDLE_BUNDLE_VERSION "${BUILD_ID}"
+        MACOSX_BUNDLE_COPYRIGHT "MPL-2.0"
+        MACOSX_BUNDLE_GUI_IDENTIFIER "${BUILD_IOS_APP_IDENTIFIER}"
+        MACOSX_BUNDLE_INFO_STRING "AmneziaVPN"
+        MACOSX_BUNDLE_LONG_VERSION_STRING "${CMAKE_PROJECT_VERSION}-${BUILD_ID}"
+        MACOSX_BUNDLE_SHORT_VERSION_STRING "${CMAKE_PROJECT_VERSION}"
+        XCODE_ATTRIBUTE_PRODUCT_BUNDLE_IDENTIFIER "${BUILD_IOS_APP_IDENTIFIER}"
+        XCODE_ATTRIBUTE_CODE_SIGN_ENTITLEMENTS "${CMAKE_CURRENT_LIST_DIR}/ios/app/main.entitlements"
+        XCODE_ATTRIBUTE_MARKETING_VERSION "${CMAKE_PROJECT_VERSION}"
+        XCODE_GENERATE_SCHEME TRUE
+        MACOSX_BUNDLE_ICON_FILE "AppIcon"
+
     )
 
     target_include_directories(${PROJECT} PRIVATE ${CMAKE_CURRENT_LIST_DIR})
@@ -422,10 +408,8 @@ if(IOS)
         -DVPN_NE_BUNDLEID=\"${BUILD_IOS_APP_IDENTIFIER}.network-extension\"
     )
 
-    target_sources(${PROJECT} PRIVATE
-        ${CMAKE_CURRENT_LIST_DIR}/platforms/ios/iosvpnprotocol.swift
-        ${CMAKE_CURRENT_LIST_DIR}/platforms/ios/ioslogger.swift
 
+   target_sources(${PROJECT} PRIVATE
         ${CMAKE_CURRENT_LIST_DIR}/3rd/wireguard-apple/Sources/Shared/Keychain.swift
         ${CMAKE_CURRENT_LIST_DIR}/3rd/wireguard-apple/Sources/WireGuardKit/IPAddressRange.swift
         ${CMAKE_CURRENT_LIST_DIR}/3rd/wireguard-apple/Sources/WireGuardKit/InterfaceConfiguration.swift
@@ -442,29 +426,61 @@ if(IOS)
         ${CMAKE_CURRENT_LIST_DIR}/3rd/wireguard-apple/Sources/WireGuardKit/PrivateKey.swift
     )
 
+    target_sources(${PROJECT} PRIVATE
+        platforms/ios/iosvpnprotocol.swift
+        platforms/ios/ioslogger.swift
+    )
+
     target_sources(${PROJECT} PRIVATE
         ${CMAKE_CURRENT_LIST_DIR}/ios/app/launch.png
         ${CMAKE_CURRENT_LIST_DIR}/ios/app/AmneziaVPNLaunchScreen.storyboard
-        ${CMAKE_CURRENT_LIST_DIR}/ios/Media.xcassets
     )
     set_source_files_properties(
         ${CMAKE_CURRENT_LIST_DIR}/ios/app/launch.png
         ${CMAKE_CURRENT_LIST_DIR}/ios/app/AmneziaVPNLaunchScreen.storyboard
+        PROPERTIES MACOSX_PACKAGE_LOCATION "Resources"
+    )
+
+    target_sources(${PROJECT} PRIVATE
+        ${CMAKE_CURRENT_LIST_DIR}/ios/Media.xcassets
+    )
+    set_source_files_properties(
         ${CMAKE_CURRENT_LIST_DIR}/ios/Media.xcassets
         PROPERTIES MACOSX_PACKAGE_LOCATION "Resources"
     )
 
-
     add_subdirectory(ios/networkextension)
     add_dependencies(${PROJECT} networkextension)
+    set_target_properties(${PROJECT} PROPERTIES XCODE_EMBED_APP_EXTENSIONS networkextension)
 
     set_property(TARGET ${PROJECT} PROPERTY XCODE_EMBED_FRAMEWORKS
         "${CMAKE_CURRENT_LIST_DIR}/3rd/OpenVPNAdapter/build/Release-iphoneos/OpenVPNAdapter.framework"
     )
+    set_target_properties(${PROJECT} PROPERTIES XCODE_EMBED_FRAMEWORKS_CODE_SIGN_ON_COPY ON)
+    set_target_properties(${PROJECT} PROPERTIES XCODE_LINK_BUILD_PHASE_MODE KNOWN_LOCATION)
 
-    set(CMAKE_XCODE_ATTRIBUTE_FRAMEWORK_SEARCH_PATHS ${CMAKE_CURRENT_LIST_DIR}/3rd/OpenVPNAdapter/build/Release-iphoneos)
-    target_link_libraries("networkextension" PRIVATE "${CMAKE_CURRENT_LIST_DIR}/3rd/OpenVPNAdapter/build/Release-iphoneos/OpenVPNAdapter.framework")
 
+    set_target_properties("networkextension"
+        PROPERTIES XCODE_ATTRIBUTE_PRODUCT_BUNDLE_IDENTIFIER "org.amnezia.${PROJECT}.network-extension"
+        XCODE_ATTRIBUTE_TARGETED_DEVICE_FAMILY "1"
+        XCODE_ATTRIBUTE_DEVELOPMENT_TEAM "X7UJ388FXK"
+        XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY "Apple Distribution"
+        )
+
+    set_target_properties("networkextension"
+        PROPERTIES XCODE_ATTRIBUTE_PRODUCT_BUNDLE_IDENTIFIER "org.amnezia.${PROJECT}.network-extension"
+        XCODE_ATTRIBUTE_TARGETED_DEVICE_FAMILY "1"
+        XCODE_ATTRIBUTE_DEVELOPMENT_TEAM "X7UJ388FXK"
+        XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY[variant=Debug] "Apple Development"
+        )
+
+    set_target_properties (${PROJECT} PROPERTIES XCODE_ATTRIBUTE_CODE_SIGN_STYLE Manual)
+    set_target_properties(${PROJECT} PROPERTIES XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER "match AppStore org.amnezia.AmneziaVPN")
+    set_target_properties(${PROJECT} PROPERTIES XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER[variant=Debug] "match Development org.amnezia.AmneziaVPN")
+
+    set_target_properties("networkextension" PROPERTIES XCODE_ATTRIBUTE_CODE_SIGN_STYLE Manual)
+    set_target_properties("networkextension" PROPERTIES XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER "match AppStore org.amnezia.AmneziaVPN.network-extension")
+    set_target_properties("networkextension" PROPERTIES XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER[variant=Debug] "match Development org.amnezia.AmneziaVPN.network-extension")
 endif()
 
 if(ANDROID)
@@ -565,5 +581,5 @@ if(WIN32)
     )
 endif()
 if(IOS)
-    include(cmake/ios-arch-fixup.cmake)
+ #include(cmake/ios-arch-fixup.cmake)
 endif()

client/Info.plist

@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>CFBundleExecutable</key>
+	<string>${EXECUTABLE_NAME}</string>
+	<key>CFBundleIconFile</key>
+	<string>${ASSETCATALOG_COMPILER_APPICON_NAME}</string>
+	<key>CFBundleIdentifier</key>
+	<string>${PRODUCT_BUNDLE_IDENTIFIER}</string>
+	<key>CFBundlePackageType</key>
+	<string>APPL</string>
+	<key>CFBundleSignature</key>
+	<string>${QMAKE_PKGINFO_TYPEINFO}</string>
+	<key>LSMinimumSystemVersion</key>
+	<string>${MACOSX_DEPLOYMENT_TARGET}</string>
+	<key>NOTE</key>
+	<string>This file was generated by Qt/QMake.</string>
+	<key>NSPrincipalClass</key>
+	<string>NSApplication</string>
+	<key>NSSupportsAutomaticGraphicsSwitching</key>
+	<true/>
+</dict>
+</plist>

client/WireGuard-Bridging-Header.h

@@ -0,0 +1,29 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "wireguard-go-version.h"
+#include "3rd/wireguard-apple/Sources/WireGuardKitC/WireGuardKitC.h"
+
+#include <stdbool.h>
+#include <stdint.h>
+
+#define WG_KEY_LEN (32)
+#define WG_KEY_LEN_BASE64 (45)
+#define WG_KEY_LEN_HEX (65)
+
+void key_to_base64(char base64[WG_KEY_LEN_BASE64],
+                   const uint8_t key[WG_KEY_LEN]);
+bool key_from_base64(uint8_t key[WG_KEY_LEN], const char* base64);
+
+void key_to_hex(char hex[WG_KEY_LEN_HEX], const uint8_t key[WG_KEY_LEN]);
+bool key_from_hex(uint8_t key[WG_KEY_LEN], const char* hex);
+
+bool key_eq(const uint8_t key1[WG_KEY_LEN], const uint8_t key2[WG_KEY_LEN]);
+
+void write_msg_to_log(const char* tag, const char* msg);
+
+#import "TargetConditionals.h"
+#if TARGET_OS_OSX
+#  include <libproc.h>
+#endif

client/amnezia_application.cpp

@@ -8,7 +8,7 @@
 
 #include "core/servercontroller.h"
 #include "logger.h"
-#include "version.h"
+#include "defines.h"
 #include <QQuickStyle>
 
 #include "platforms/ios/QRCodeReaderBase.h"

client/android/shadowsocks/src/main/java/org/amnezia/vpn/shadowsocks/core/bg/BaseService.kt

@@ -261,7 +261,7 @@ object BaseService {
 
         fun stopRunner(restart: Boolean = false, msg: String? = null) {
             if (data.state == State.Stopping) return
-            // change the state
+            // channge the state
             data.changeState(State.Stopping)
             GlobalScope.launch(Dispatchers.Main.immediate) {
                 data.connectingJob?.cancelAndJoin() // ensure stop connecting first

client/android/shadowsocks/src/main/java/org/amnezia/vpn/shadowsocks/core/utils/Constants.kt

@@ -30,7 +30,7 @@ object Key {
     const val id = "profileId"
     const val name = "profileName"
 
-    const val individual = "Proxied"
+    const val individual = "Proxyed"
 
     const val serviceMode = "serviceMode"
     const val modeProxy = "proxy"

client/android/src/com/wireguard/crypto/Ed25519.java

@@ -835,7 +835,7 @@ public final class Ed25519 {
     }
 
     /**
-     * Decodes {@code s} into an extended projective point.
+     * Decodes {@code s} into an extented projective point.
      * See Section 5.1.3 Decoding in https://tools.ietf.org/html/rfc8032#section-5.1.3
      */
     private static XYZT fromBytesNegateVarTime(byte[] s) throws GeneralSecurityException {
@@ -973,7 +973,7 @@ public final class Ed25519 {
      *
      * <p>NOTE that this function requires that {@code icopy} be 1 or 0; other values give wrong
      * results. Also, the two limb arrays must be in reduced-coefficient, reduced-degree form: the
-     * values in a[10..19] or b[10..19] aren't swapped, and all values in a[0..9],b[0..9] must
+     * values in a[10..19] or b[10..19] aren't swapped, and all all values in a[0..9],b[0..9] must
      * have magnitude less than Integer.MAX_VALUE.
      */
     static void copyConditional(long[] a, long[] b, int icopy) {

client/android/src/org/amnezia/vpn/NotificationUtil.kt

@@ -27,7 +27,7 @@ object NotificationUtil {
      * Parcel - Gets called from AndroidController.cpp
      */
     fun update(data: Parcel) {
-        // [data] is here a json containing the notification content
+        // [data] is here a json containing the noification content
         val buffer = data.createByteArray()
         val json = buffer?.let { String(it) }
         val content = JSONObject(json)

client/android/src/org/amnezia/vpn/OpenVPNThreadv3.kt

@@ -35,10 +35,10 @@ class OpenVPNThreadv3(var service: VPNService): ClientAPI_OpenVPNClient(), Runna
     private var bytesOutIndex = -1
 
     init {
-        findConfigIndices()
+        findConfigIndicies()
     }
 
-    private fun findConfigIndices() {
+    private fun findConfigIndicies() {
         val n: Int = stats_n()
 
         for (i in 0 until n) {

client/android/src/org/amnezia/vpn/Prefs.kt

@@ -29,7 +29,7 @@ object Prefs {
             return sharedPreferences
         } catch (e: Exception) {
             Log.e("Android-Prefs", "Getting Encryption Storage failed, plaintext fallback")
-            return context.getSharedPreferences("com.amnezia.vpn.preferences", Context.MODE_PRIVATE)
+            return context.getSharedPreferences("com.amnezia.vpn.prefrences", Context.MODE_PRIVATE)
         }
     }
 }

client/android/src/org/amnezia/vpn/VPNLogger.kt

@@ -11,14 +11,14 @@ import android.util.Log as nativeLog
 
 /*
  * Drop in replacement for android.util.Log 
- * Also stores a copy of all logs in tmp/mozilla_daemon_logs.txt
+ * Also stores a copy of all logs in tmp/mozilla_deamon_logs.txt
 */
 class Log {
     val LOG_MAX_FILE_SIZE = 204800
     private var file: File
     private constructor(context: Context) {
         val tempDIR = context.cacheDir
-        file = File(tempDIR, "mozilla_daemon_logs.txt")
+        file = File(tempDIR, "mozilla_deamon_logs.txt")
         if (file.length() > LOG_MAX_FILE_SIZE) {
             file.writeText("")
         }
@@ -46,7 +46,7 @@ class Log {
             if (!BuildConfig.DEBUG) { return; }
             nativeLog.e(tag, message)
         }
-        // Only Prints && Logs when in debug, noop in release.
+        // Only Prints && Loggs when in debug, noop in release.
         fun sensitive(tag: String, message: String?) {
             if (!BuildConfig.DEBUG) { return; }
             if (message == null) { return; }

client/android/src/org/amnezia/vpn/VPNService.kt

@@ -396,6 +396,7 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
     fun establish(): ParcelFileDescriptor? {
         Log.v(tag, "Aman: establish....................")
         mbuilder.allowFamily(OsConstants.AF_INET)
+        mbuilder.allowFamily(OsConstants.AF_INET6)
 
         if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q) mbuilder.setMetered(false)
         if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) setUnderlyingNetworks(null)
@@ -547,7 +548,7 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
      * Create a Wireguard [Config]  from a [json] string -
      * The [json] will be created in AndroidVpnProtocol.cpp
      */
-    private fun buildWireguardConfig(obj: JSONObject): Config {
+    private fun buildWireugardConfig(obj: JSONObject): Config {
         val confBuilder = Config.Builder()
         val wireguardConfigData = obj.getJSONObject("wireguard_config_data")
         val config = parseConfigData(wireguardConfigData.getString("config"))
@@ -696,7 +697,7 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
     }
 
     private fun startWireGuard() {
-        val wireguard_conf = buildWireguardConfig(mConfig!!)
+        val wireguard_conf = buildWireugardConfig(mConfig!!)
         Log.i(tag, "startWireGuard: wireguard_conf : $wireguard_conf")
         if (currentTunnelHandle != -1) {
             Log.e(tag, "Tunnel already up")

client/android/src/org/amnezia/vpn/VPNServiceBinder.kt

@@ -50,7 +50,7 @@ class VPNServiceBinder(service: VPNService) : Binder() {
         when (code) {
             ACTIONS.activate -> {
                 try {
-                    Log.i(tag, "Activation Requested, parsing Config")
+                    Log.i(tag, "Activiation Requested, parsing Config")
                     // [data] is here a json containing the wireguard/openvpn conf
                     val buffer = data.createByteArray()
                     val json = buffer?.let { String(it) }

client/android/src/org/amnezia/vpn/qt/VPNActivity.kt

@@ -114,7 +114,7 @@ class VPNActivity : org.qtproject.qt.android.bindings.QtActivity() {
             // QT will always attempt to read the clipboard if content is there.
             // since we have no use of the clipboard in android 10+
             // we _can_  return null
-            // And we definitely should since android 12 displays clipboard access.
+            // And we defnitly should since android 12 displays clipboard access.
             null
         } else {
             super.getSystemService(name)
@@ -259,13 +259,13 @@ class VPNActivity : org.qtproject.qt.android.bindings.QtActivity() {
     private val ACTION_REGISTER_LISTENER = 3
     private val ACTION_RESUME_ACTIVATE = 7
     private val ACTION_IMPORT_CONFIG = 11
-    private val EVENT_PERMISSION_REQUIRED = 6
+    private val EVENT_PERMISSION_REQURED = 6
     private val EVENT_DISCONNECTED = 2
 
     private val UI_EVENT_QR_CODE_RECEIVED = 0
 
     fun onPermissionRequest(code: Int, data: Parcel?) {
-        if (code != EVENT_PERMISSION_REQUIRED) {
+        if (code != EVENT_PERMISSION_REQURED) {
             return
         }
 

client/client.pro

@@ -0,0 +1,415 @@
+QT += widgets core gui network xml remoteobjects quick svg quickcontrols2
+equals(QT_MAJOR_VERSION, 6): QT += core5compat
+
+TARGET = AmneziaVPN
+TEMPLATE = app
+
+# silent builds on CI env
+IS_CI=$$(CI)
+!isEmpty(IS_CI){
+  message("Detected CI env")
+  CONFIG += silent #ccache
+}
+
+CONFIG += qtquickcompiler
+
+include("3rd/QtSsh/src/ssh/qssh.pri")
+include("3rd/QtSsh/src/botan/botan.pri")
+!android:!ios:include("3rd/SingleApplication/singleapplication.pri")
+include ("3rd/SortFilterProxyModel/SortFilterProxyModel.pri")
+
+include("3rd/qrcodegen/qrcodegen.pri")
+include("3rd/QSimpleCrypto/QSimpleCrypto.pri")
+include("3rd/qtkeychain/qtkeychain.pri")
+
+INCLUDEPATH += $$PWD/3rd/QSimpleCrypto/include
+INCLUDEPATH += $$PWD/3rd/OpenSSL/include
+INCLUDEPATH += $$PWD/3rd/qtkeychain/include
+INCLUDEPATH += $$PWD/3rd/libssh/include
+DEPENDPATH += $$PWD/3rd/OpenSSL/include
+
+HEADERS  += \
+    ../ipc/ipc.h \
+    amnezia_application.h \
+    configurators/cloak_configurator.h \
+    configurators/configurator_base.h \
+    configurators/ikev2_configurator.h \
+    configurators/shadowsocks_configurator.h \
+    configurators/ssh_configurator.h \
+    configurators/vpn_configurator.h \
+    configurators/wireguard_configurator.h \
+    containers/containers_defs.h \
+    core/defs.h \
+    core/errorstrings.h \
+    configurators/openvpn_configurator.h \
+    core/scripts_registry.h \
+    core/server_defs.h \
+    core/servercontroller.h \
+    defines.h \
+    logger.h \
+    managementserver.h \
+    platforms/ios/MobileUtils.h \
+    platforms/linux/leakdetector.h \
+    protocols/protocols_defs.h \
+    secure_qsettings.h \
+    settings.h \
+    ui/notificationhandler.h \
+    ui/models/containers_model.h \
+    ui/models/protocols_model.h \
+    ui/pages.h \
+    ui/pages_logic/AppSettingsLogic.h \
+    ui/pages_logic/GeneralSettingsLogic.h \
+    ui/pages_logic/NetworkSettingsLogic.h \
+    ui/pages_logic/NewServerProtocolsLogic.h \
+    ui/pages_logic/PageLogicBase.h \
+    ui/pages_logic/QrDecoderLogic.h \
+    ui/pages_logic/ServerConfiguringProgressLogic.h \
+    ui/pages_logic/ServerContainersLogic.h \
+    ui/pages_logic/ServerListLogic.h \
+    ui/pages_logic/ServerSettingsLogic.h \
+    ui/pages_logic/ShareConnectionLogic.h \
+    ui/pages_logic/SitesLogic.h \
+    ui/pages_logic/StartPageLogic.h \
+    ui/pages_logic/ViewConfigLogic.h \
+    ui/pages_logic/VpnLogic.h \
+    ui/pages_logic/WizardLogic.h \
+    ui/pages_logic/protocols/CloakLogic.h \
+    ui/pages_logic/protocols/OpenVpnLogic.h \
+    ui/pages_logic/protocols/OtherProtocolsLogic.h \
+    ui/pages_logic/protocols/PageProtocolLogicBase.h \
+    ui/pages_logic/protocols/ShadowSocksLogic.h \
+    ui/pages_logic/protocols/WireGuardLogic.h \
+    ui/property_helper.h \
+    ui/models/servers_model.h \
+    ui/uilogic.h \
+    ui/qautostart.h \
+    ui/models/sites_model.h \
+    utilities.h \
+    vpnconnection.h \
+    protocols/vpnprotocol.h \
+    constants.h \
+    platforms/ios/QRCodeReaderBase.h
+
+SOURCES  += \
+    amnezia_application.cpp \
+    configurators/cloak_configurator.cpp \
+    configurators/configurator_base.cpp \
+    configurators/ikev2_configurator.cpp \
+    configurators/shadowsocks_configurator.cpp \
+    configurators/ssh_configurator.cpp \
+    configurators/vpn_configurator.cpp \
+    configurators/wireguard_configurator.cpp \
+    containers/containers_defs.cpp \
+    core/errorstrings.cpp \
+    configurators/openvpn_configurator.cpp \
+    core/scripts_registry.cpp \
+    core/server_defs.cpp \
+    core/servercontroller.cpp \
+    logger.cpp \
+    main.cpp \
+    managementserver.cpp \
+    platforms/ios/MobileUtils.cpp \
+    platforms/linux/leakdetector.cpp \
+    protocols/protocols_defs.cpp \
+    secure_qsettings.cpp \
+    settings.cpp \
+    ui/notificationhandler.cpp \
+    ui/models/containers_model.cpp \
+    ui/models/protocols_model.cpp \
+    ui/pages_logic/AppSettingsLogic.cpp \
+    ui/pages_logic/GeneralSettingsLogic.cpp \
+    ui/pages_logic/NetworkSettingsLogic.cpp \
+    ui/pages_logic/NewServerProtocolsLogic.cpp \
+    ui/pages_logic/PageLogicBase.cpp \
+    ui/pages_logic/QrDecoderLogic.cpp \
+    ui/pages_logic/ServerConfiguringProgressLogic.cpp \
+    ui/pages_logic/ServerContainersLogic.cpp \
+    ui/pages_logic/ServerListLogic.cpp \
+    ui/pages_logic/ServerSettingsLogic.cpp \
+    ui/pages_logic/ShareConnectionLogic.cpp \
+    ui/pages_logic/SitesLogic.cpp \
+    ui/pages_logic/StartPageLogic.cpp \
+    ui/pages_logic/ViewConfigLogic.cpp \
+    ui/pages_logic/VpnLogic.cpp \
+    ui/pages_logic/WizardLogic.cpp \
+    ui/pages_logic/protocols/CloakLogic.cpp \
+    ui/pages_logic/protocols/OpenVpnLogic.cpp \
+    ui/pages_logic/protocols/OtherProtocolsLogic.cpp \
+    ui/pages_logic/protocols/PageProtocolLogicBase.cpp \
+    ui/pages_logic/protocols/ShadowSocksLogic.cpp \
+    ui/models/servers_model.cpp \
+    ui/pages_logic/protocols/WireGuardLogic.cpp \
+    ui/uilogic.cpp \
+    ui/qautostart.cpp \
+    ui/models/sites_model.cpp \
+    utilities.cpp \
+    vpnconnection.cpp \
+    protocols/vpnprotocol.cpp \
+    platforms/ios/QRCodeReaderBase.cpp
+
+RESOURCES += \
+    resources.qrc
+
+TRANSLATIONS = \
+    translations/amneziavpn_ru.ts
+
+win32 {
+    DEFINES += MVPN_WINDOWS
+
+    OTHER_FILES += platforms/windows/amneziavpn.rc
+    RC_FILE = platforms/windows/amneziavpn.rc
+
+    HEADERS += \
+       protocols/ikev2_vpn_protocol_windows.h \
+
+    SOURCES += \
+       protocols/ikev2_vpn_protocol_windows.cpp \
+
+    VERSION = 2.0.0.0
+    QMAKE_TARGET_COMPANY = "AmneziaVPN"
+    QMAKE_TARGET_PRODUCT = "AmneziaVPN"
+
+
+    LIBS += \
+        -luser32 \
+        -lrasapi32 \
+        -lshlwapi \
+        -liphlpapi \
+        -lws2_32 \
+        -lgdi32
+
+    QMAKE_LFLAGS_WINDOWS += /entry:mainCRTStartup
+
+   !contains(QMAKE_TARGET.arch, x86_64) {
+      message("Windows x86 build")
+      LIBS += -L$$PWD/3rd/OpenSSL/lib/windows/x86/ -llibssl -llibcrypto
+   }
+   else {
+      message("Windows x86_64 build")
+      LIBS += -L$$PWD/3rd/OpenSSL/lib/windows/x86_64/ -llibssl -llibcrypto
+   }
+}
+
+macx {
+    DEFINES += MVPN_MACOS
+
+    ICON   = $$PWD/images/app.icns
+
+    HEADERS  += ui/macos_util.h
+    SOURCES  += ui/macos_util.mm
+
+    LIBS += -framework Cocoa -framework ApplicationServices -framework CoreServices -framework Foundation -framework AppKit -framework Security
+
+    LIBS += $$PWD/3rd/OpenSSL/lib/macos/x86_64/libcrypto.a
+    LIBS += $$PWD/3rd/OpenSSL/lib/macos/x86_64/libssl.a
+}
+
+linux:!android {
+    DEFINES += MVPN_LINUX
+    LIBS += /usr/lib/x86_64-linux-gnu/libcrypto.a
+    LIBS += /usr/lib/x86_64-linux-gnu/libssl.a
+    LIBS += $$PWD/3rd/libssh/build/src/libssh.a
+    LIBS += -lz
+
+    INCLUDEPATH += $$PWD/platforms/linux
+}
+
+win32|macx|linux:!android {
+   DEFINES += AMNEZIA_DESKTOP
+
+   HEADERS  += \
+      core/ipcclient.h \
+      core/privileged_process.h \
+      ui/systemtray_notificationhandler.h \
+      protocols/openvpnprotocol.h \
+      protocols/openvpnovercloakprotocol.h \
+      protocols/shadowsocksvpnprotocol.h \
+      protocols/wireguardprotocol.h \
+
+   SOURCES  += \
+      core/ipcclient.cpp \
+      core/privileged_process.cpp \
+      ui/systemtray_notificationhandler.cpp \
+      protocols/openvpnprotocol.cpp \
+      protocols/openvpnovercloakprotocol.cpp \
+      protocols/shadowsocksvpnprotocol.cpp \
+      protocols/wireguardprotocol.cpp \
+
+   REPC_REPLICA += ../ipc/ipc_interface.rep
+   REPC_REPLICA += ../ipc/ipc_process_interface.rep
+}
+
+android {
+    message(Platform: android)
+    message("$$ANDROID_TARGET_ARCH")
+    versionAtLeast(QT_VERSION, 6.0.0) {
+        # We need to include qtprivate api's
+        # As QAndroidBinder is not yet implemented with a public api
+        QT += core-private
+        ANDROID_ABIS = $$ANDROID_TARGET_ARCH
+    }
+
+   DEFINES += MVPN_ANDROID
+
+   INCLUDEPATH += platforms/android
+
+   HEADERS += \
+      platforms/android/android_controller.h \
+      platforms/android/android_notificationhandler.h \
+      protocols/android_vpnprotocol.h \
+      platforms/android/androidutils.h \
+      platforms/android/androidvpnactivity.h
+
+   SOURCES += \
+      platforms/android/android_controller.cpp \
+      platforms/android/android_notificationhandler.cpp \
+      protocols/android_vpnprotocol.cpp \
+      platforms/android/androidutils.cpp \
+      platforms/android/androidvpnactivity.cpp
+
+   DISTFILES += \
+      android/AndroidManifest.xml \
+      android/build.gradle \
+      android/gradle/wrapper/gradle-wrapper.jar \
+      android/gradle/wrapper/gradle-wrapper.properties \
+      android/gradlew \
+      android/gradlew.bat \
+      android/gradle.properties \
+      android/res/values/libs.xml \
+      android/res/xml/fileprovider.xml \
+      android/src/org/amnezia/vpn/AuthHelper.java \
+      android/src/org/amnezia/vpn/IPCContract.kt \
+      android/src/org/amnezia/vpn/NotificationUtil.kt \
+      android/src/org/amnezia/vpn/OpenVPNThreadv3.kt \
+      android/src/org/amnezia/vpn/Prefs.kt \
+      android/src/org/amnezia/vpn/VpnLogger.kt \
+      android/src/org/amnezia/vpn/VpnService.kt \
+      android/src/org/amnezia/vpn/VpnServiceBinder.kt \
+      android/src/org/amnezia/vpn/qt/AmneziaApp.kt \
+      android/src/org/amnezia/vpn/qt/PackageManagerHelper.java \
+      android/src/org/amnezia/vpn/qt/VPNActivity.kt \
+      android/src/org/amnezia/vpn/qt/VPNApplication.java \
+      android/src/org/amnezia/vpn/qt/VPNPermissionHelper.kt
+
+      ANDROID_PACKAGE_SOURCE_DIR = $$PWD/android
+
+   for (abi, ANDROID_ABIS): {
+
+      equals(ANDROID_TARGET_ARCH,$$abi) {
+         LIBS += $$PWD/3rd/OpenSSL/lib/android/$${abi}/libcrypto.a
+         LIBS += $$PWD/3rd/OpenSSL/lib/android/$${abi}/libssl.a
+      }
+
+      ANDROID_EXTRA_LIBS += $$PWD/android/lib/wireguard/$${abi}/libwg.so
+      ANDROID_EXTRA_LIBS += $$PWD/android/lib/wireguard/$${abi}/libwg-go.so
+      ANDROID_EXTRA_LIBS += $$PWD/android/lib/wireguard/$${abi}/libwg-quick.so
+
+      ANDROID_EXTRA_LIBS += $$PWD/android/lib/openvpn/$${abi}/libjbcrypto.so
+      ANDROID_EXTRA_LIBS += $$PWD/android/lib/openvpn/$${abi}/libopenvpn.so
+      ANDROID_EXTRA_LIBS += $$PWD/android/lib/openvpn/$${abi}/libopvpnutil.so
+      ANDROID_EXTRA_LIBS += $$PWD/android/lib/openvpn/$${abi}/libovpn3.so
+      ANDROID_EXTRA_LIBS += $$PWD/android/lib/openvpn/$${abi}/libovpnexec.so
+   }
+}
+
+ios {
+    message("Client iOS build")
+    CONFIG += static
+    CONFIG += file_copies
+
+    # For the authentication
+    LIBS += -framework AuthenticationServices
+
+    # For notifications
+    LIBS += -framework UIKit
+    LIBS += -framework Foundation
+    LIBS += -framework StoreKit
+    LIBS += -framework UserNotifications
+    LIBS += -framework AVFoundation
+
+    DEFINES += MVPN_IOS
+
+    HEADERS += \
+      protocols/ios_vpnprotocol.h \
+      platforms/ios/iosnotificationhandler.h \
+      platforms/ios/json.h \
+      platforms/ios/bigint.h \
+      platforms/ios/bigintipv6addr.h \
+      platforms/ios/ipaddress.h \
+      platforms/ios/ipaddressrange.h \
+      platforms/ios/QtAppDelegate.h \
+      platforms/ios/QtAppDelegate-C-Interface.h
+
+    SOURCES -= \
+      platforms/ios/QRCodeReaderBase.cpp \
+      platforms/ios/MobileUtils.cpp
+
+    SOURCES += \
+      protocols/ios_vpnprotocol.mm \
+      platforms/ios/iosnotificationhandler.mm \
+      platforms/ios/json.cpp \
+      platforms/ios/iosglue.mm \
+      platforms/ios/ipaddress.cpp \
+      platforms/ios/ipaddressrange.cpp \
+      platforms/ios/QRCodeReaderBase.mm \
+      platforms/ios/QtAppDelegate.mm \
+      platforms/ios/MobileUtils.mm
+
+    Q_ENABLE_BITCODE.value = NO
+    Q_ENABLE_BITCODE.name = ENABLE_BITCODE
+    QMAKE_MAC_XCODE_SETTINGS += Q_ENABLE_BITCODE
+
+#    CONFIG(iphoneos, iphoneos|iphonesimulator) {
+  iphoneos {
+    message("Building for iPhone OS")
+    QMAKE_TARGET_BUNDLE_PREFIX = org.amnezia
+    QMAKE_BUNDLE = AmneziaVPN
+    QMAKE_IOS_DEPLOYMENT_TARGET = 13.0
+    QMAKE_APPLE_TARGETED_DEVICE_FAMILY = 1
+    QMAKE_DEVELOPMENT_TEAM = X7UJ388FXK
+    QMAKE_PROVISIONING_PROFILE = f2fefb59-14aa-4aa9-ac14-1d5531b06dcc
+    QMAKE_XCODE_CODE_SIGN_IDENTITY = "Apple Distribution"
+    QMAKE_INFO_PLIST = $$PWD/ios/app/Info.plist
+
+    XCODEBUILD_FLAGS += -allowProvisioningUpdates
+
+    DEFINES += iphoneos
+
+    contains(QT_ARCH, arm64) {
+      message("Building for iOS/ARM v8 64-bit architecture")
+      ARCH_TAG = "ios_armv8_64"
+
+      LIBS += $$PWD/3rd/OpenSSL/lib/ios/iphone/libcrypto.a
+      LIBS += $$PWD/3rd/OpenSSL/lib/ios/iphone/libssl.a
+    } else {
+      message("Building for iOS/ARM v7 (32-bit) architecture")
+      ARCH_TAG = "ios_armv7"
+    }
+  }
+#    }
+
+
+#    CONFIG(iphonesimulator, iphoneos|iphonesimulator) {
+#  iphonesimulator {
+#    message("Building for iPhone Simulator")
+#    ARCH_TAG = "ios_x86_64"
+#
+#    DEFINES += iphonesimulator
+#
+#    LIBS += $$PWD/3rd/OpenSSL/lib/ios/simulator/libcrypto.a
+#    LIBS += $$PWD/3rd/OpenSSL/lib/ios/simulator/libssl.a
+#  }
+#    }
+
+    NETWORKEXTENSION=1
+#    ! build_pass: system(ruby $$PWD/scripts/xcode_patcher.rb "$$PWD" "$$OUT_PWD/AmneziaVPN.xcodeproj" "2.0" "2.0.0" "ios" "$$NETWORKEXTENSION"|| echo "Failed to merge xcode with wireguard")
+
+
+
+#ruby %{sourceDir}/client/ios/xcode_patcher.rb "%{buildDir}/AmneziaVPN.xcodeproj" "2.0" "2.0.0" "ios" "1"
+    #cd client/ && /Users/md/Qt/5.15.2/ios/bin/qmake -o Makefile /Users/md/amnezia/desktop-client/client/client.pro -spec macx-ios-clang CONFIG+=iphonesimulator CONFIG+=simulator CONFIG+=qml_debug -after
+# %{sourceDir}/client/ios/xcode_patcher.rb %{buildDir}/client/AmneziaVPN.xcodeproj 2.0 2.0.0 ios 1
+}
+
+
+

client/cmake/3rdparty.cmake

@@ -100,6 +100,7 @@ add_subdirectory(${CLIENT_ROOT_DIR}/3rd/libssh)
 add_compile_definitions(_WINSOCKAPI_)
 set(LIBS ${LIBS} ssh)
 
+set(BUILD_TRANSLATIONS OFF CACHE BOOL "" FORCE)
 set(BUILD_SHARED_LIBS OFF CACHE BOOL "" FORCE)
 set(BUILD_WITH_QT6 ON)
 add_subdirectory(${CLIENT_ROOT_DIR}/3rd/qtkeychain)

client/cmake/osxtools.cmake

@@ -13,7 +13,7 @@ endif()
 if(CODE_SIGN_IDENTITY)
     find_program(CODESIGN_BIN NAMES codesign)
     if(NOT CODESIGN_BIN)
-        message(FATAL_ERROR "Cannot sign code, could not find 'codesign' executable")
+        messsage(FATAL_ERROR "Cannot sign code, could not find 'codesign' executable")
     endif()
     set(CMAKE_XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY ${CODE_SIGN_IDENTITY})
 endif()

client/configurators/cloak_configurator.cpp

@@ -13,22 +13,20 @@ CloakConfigurator::CloakConfigurator(std::shared_ptr<Settings> settings, QObject
 
 }
 
-QString CloakConfigurator::genCloakConfig(const ServerCredentials &credentials,
-    DockerContainer container, const QJsonObject &containerConfig, ErrorCode *errorCode)
+QString CloakConfigurator::genCloakConfig(const ServerCredentials &credentials, DockerContainer container,
+                                          const QJsonObject &containerConfig, ErrorCode &errorCode)
 {
-    ErrorCode e = ErrorCode::NoError;
     ServerController serverController(m_settings);
 
     QString cloakPublicKey = serverController.getTextFileFromContainer(container, credentials,
-        amnezia::protocols::cloak::ckPublicKeyPath, &e);
+        amnezia::protocols::cloak::ckPublicKeyPath, errorCode);
     cloakPublicKey.replace("\n", "");
 
     QString cloakBypassUid = serverController.getTextFileFromContainer(container, credentials,
-        amnezia::protocols::cloak::ckBypassUidKeyPath, &e);
+        amnezia::protocols::cloak::ckBypassUidKeyPath, errorCode);
     cloakBypassUid.replace("\n", "");
 
-    if (e) {
-        if (errorCode) *errorCode = e;
+    if (errorCode) {
         return "";
     }
 

client/configurators/cloak_configurator.h

@@ -14,7 +14,7 @@ public:
     CloakConfigurator(std::shared_ptr<Settings> settings, QObject *parent = nullptr);
 
     QString genCloakConfig(const ServerCredentials &credentials, DockerContainer container,
-        const QJsonObject &containerConfig, ErrorCode *errorCode = nullptr);
+                           const QJsonObject &containerConfig, ErrorCode &errorCode);
 };
 
 #endif // CLOAK_CONFIGURATOR_H

client/configurators/ikev2_configurator.cpp

@@ -22,7 +22,7 @@ Ikev2Configurator::Ikev2Configurator(std::shared_ptr<Settings> settings, QObject
 }
 
 Ikev2Configurator::ConnectionData Ikev2Configurator::prepareIkev2Config(const ServerCredentials &credentials,
-    DockerContainer container, ErrorCode *errorCode)
+                                                                        DockerContainer container, ErrorCode &errorCode)
 {
     Ikev2Configurator::ConnectionData connData;
     connData.host = credentials.hostName;
@@ -42,16 +42,16 @@ Ikev2Configurator::ConnectionData Ikev2Configurator::prepareIkev2Config(const Se
             .arg(connData.clientId);
 
     ServerController serverController(m_settings);
-    ErrorCode e = serverController.runContainerScript(credentials, container, scriptCreateCert);
+    errorCode = serverController.runContainerScript(credentials, container, scriptCreateCert);
 
     QString scriptExportCert = QString("pk12util -W \"%1\" -d sql:/etc/ipsec.d -n \"%2\" -o \"%3\"")
             .arg(connData.password)
             .arg(connData.clientId)
             .arg(certFileName);
-    e = serverController.runContainerScript(credentials, container, scriptExportCert);
+    errorCode = serverController.runContainerScript(credentials, container, scriptExportCert);
 
-    connData.clientCert = serverController.getTextFileFromContainer(container, credentials, certFileName, &e);
-    connData.caCert = serverController.getTextFileFromContainer(container, credentials, "/etc/ipsec.d/ca_cert_base64.p12", &e);
+    connData.clientCert = serverController.getTextFileFromContainer(container, credentials, certFileName, errorCode);
+    connData.caCert = serverController.getTextFileFromContainer(container, credentials, "/etc/ipsec.d/ca_cert_base64.p12", errorCode);
 
     qDebug() << "Ikev2Configurator::ConnectionData client cert size:" << connData.clientCert.size();
     qDebug() << "Ikev2Configurator::ConnectionData ca cert size:" << connData.caCert.size();
@@ -60,12 +60,12 @@ Ikev2Configurator::ConnectionData Ikev2Configurator::prepareIkev2Config(const Se
 }
 
 QString Ikev2Configurator::genIkev2Config(const ServerCredentials &credentials,
-    DockerContainer container, const QJsonObject &containerConfig, ErrorCode *errorCode)
+    DockerContainer container, const QJsonObject &containerConfig, ErrorCode &errorCode)
 {
     Q_UNUSED(containerConfig)
 
     ConnectionData connData = prepareIkev2Config(credentials, container, errorCode);
-    if (errorCode && *errorCode) {
+    if (errorCode) {
         return "";
     }
 

client/configurators/ikev2_configurator.h

@@ -22,14 +22,13 @@ public:
     };
 
     QString genIkev2Config(const ServerCredentials &credentials, DockerContainer container,
-        const QJsonObject &containerConfig, ErrorCode *errorCode = nullptr);
+                           const QJsonObject &containerConfig, ErrorCode &errorCode);
 
     QString genIkev2Config(const ConnectionData &connData);
     QString genMobileConfig(const ConnectionData &connData);
     QString genStrongSwanConfig(const ConnectionData &connData);
 
-    ConnectionData prepareIkev2Config(const ServerCredentials &credentials,
-        DockerContainer container, ErrorCode *errorCode = nullptr);
+    ConnectionData prepareIkev2Config(const ServerCredentials &credentials, DockerContainer container, ErrorCode &errorCode);
 };
 
 #endif // IKEV2_CONFIGURATOR_H

client/configurators/openvpn_configurator.cpp

@@ -26,13 +26,13 @@ OpenVpnConfigurator::OpenVpnConfigurator(std::shared_ptr<Settings> settings, QOb
 }
 
 OpenVpnConfigurator::ConnectionData OpenVpnConfigurator::prepareOpenVpnConfig(const ServerCredentials &credentials,
-    DockerContainer container, ErrorCode *errorCode)
+                                                                              DockerContainer container, ErrorCode &errorCode)
 {
     OpenVpnConfigurator::ConnectionData connData = OpenVpnConfigurator::createCertRequest();
     connData.host = credentials.hostName;
 
     if (connData.privKey.isEmpty() || connData.request.isEmpty()) {
-        if (errorCode) *errorCode = ErrorCode::OpenSslFailed;
+        errorCode = ErrorCode::OpenSslFailed;
         return connData;
     }
 
@@ -41,45 +41,44 @@ OpenVpnConfigurator::ConnectionData OpenVpnConfigurator::prepareOpenVpnConfig(co
             arg(connData.clientId);
 
     ServerController serverController(m_settings);
-    ErrorCode e = serverController.uploadTextFileToContainer(container, credentials, connData.request, reqFileName);
-    if (e) {
-        if (errorCode) *errorCode = e;
+    errorCode = serverController.uploadTextFileToContainer(container, credentials, connData.request, reqFileName);
+    if (errorCode) {
         return connData;
     }
 
-    e = signCert(container, credentials, connData.clientId);
-    if (e) {
-        if (errorCode) *errorCode = e;
+    errorCode = signCert(container, credentials, connData.clientId);
+    if (errorCode) {
         return connData;
     }
 
-    connData.caCert = serverController.getTextFileFromContainer(container, credentials, amnezia::protocols::openvpn::caCertPath, &e);
+    connData.caCert = serverController.getTextFileFromContainer(container, credentials,
+    															amnezia::protocols::openvpn::caCertPath, errorCode);
     connData.clientCert = serverController.getTextFileFromContainer(container, credentials,
-        QString("%1/%2.crt").arg(amnezia::protocols::openvpn::clientCertPath).arg(connData.clientId), &e);
+        QString("%1/%2.crt").arg(amnezia::protocols::openvpn::clientCertPath).arg(connData.clientId), errorCode);
 
-    if (e) {
-        if (errorCode) *errorCode = e;
+
+    if (errorCode) {
         return connData;
     }
 
-    connData.taKey = serverController.getTextFileFromContainer(container, credentials, amnezia::protocols::openvpn::taKeyPath, &e);
+    connData.taKey = serverController.getTextFileFromContainer(container, credentials, amnezia::protocols::openvpn::taKeyPath, errorCode);
 
     if (connData.caCert.isEmpty() || connData.clientCert.isEmpty() || connData.taKey.isEmpty()) {
-        if (errorCode) *errorCode = ErrorCode::SshSftpFailureError;
+        errorCode = ErrorCode::SshSftpFailureError;
     }
 
     return connData;
 }
 
 QString OpenVpnConfigurator::genOpenVpnConfig(const ServerCredentials &credentials,
-    DockerContainer container, const QJsonObject &containerConfig, ErrorCode *errorCode)
+    DockerContainer container, const QJsonObject &containerConfig, ErrorCode &errorCode)
 {
     ServerController serverController(m_settings);
     QString config = serverController.replaceVars(amnezia::scriptData(ProtocolScriptType::openvpn_template, container),
             serverController.genVarsForScript(credentials, container, containerConfig));
 
     ConnectionData connData = prepareOpenVpnConfig(credentials, container, errorCode);
-    if (errorCode && *errorCode) {
+    if (errorCode) {
         return "";
     }
 
@@ -119,10 +118,6 @@ QString OpenVpnConfigurator::processConfigWithLocalSettings(QString jsonConfig)
         }
     }
 
-    // Prevent ipv6 leak
-    config.append("ifconfig-ipv6 fd15:53b6:dead::2/64  fd15:53b6:dead::1\n");
-    config.append("redirect-gateway ipv6\n");
-
 #if (defined Q_OS_MAC || defined(Q_OS_LINUX)) && !defined(Q_OS_ANDROID)
     config.replace("block-outside-dns", "");
     QString dnsConf = QString(

client/configurators/openvpn_configurator.h

@@ -24,7 +24,7 @@ public:
     };
 
     QString genOpenVpnConfig(const ServerCredentials &credentials, DockerContainer container,
-        const QJsonObject &containerConfig, ErrorCode *errorCode = nullptr);
+        const QJsonObject &containerConfig, ErrorCode &errorCode);
 
     QString processConfigWithLocalSettings(QString jsonConfig);
     QString processConfigWithExportSettings(QString jsonConfig);
@@ -36,7 +36,7 @@ private:
     ConnectionData createCertRequest();
 
     ConnectionData prepareOpenVpnConfig(const ServerCredentials &credentials,
-        DockerContainer container, ErrorCode *errorCode = nullptr);
+        DockerContainer container, ErrorCode &errorCode);
 
 };
 

client/configurators/shadowsocks_configurator.cpp

@@ -13,18 +13,16 @@ ShadowSocksConfigurator::ShadowSocksConfigurator(std::shared_ptr<Settings> setti
 
 }
 
-QString ShadowSocksConfigurator::genShadowSocksConfig(const ServerCredentials &credentials,
-    DockerContainer container, const QJsonObject &containerConfig, ErrorCode *errorCode)
+QString ShadowSocksConfigurator::genShadowSocksConfig(const ServerCredentials &credentials, DockerContainer container,
+                                                      const QJsonObject &containerConfig, ErrorCode &errorCode)
 {
-    ErrorCode e = ErrorCode::NoError;
     ServerController serverController(m_settings);
 
     QString ssKey = serverController.getTextFileFromContainer(container, credentials,
-                                                              amnezia::protocols::shadowsocks::ssKeyPath, &e);
+                                                              amnezia::protocols::shadowsocks::ssKeyPath, errorCode);
     ssKey.replace("\n", "");
 
-    if (e) {
-        if (errorCode) *errorCode = e;
+    if (errorCode) {
         return "";
     }
 

client/configurators/shadowsocks_configurator.h

@@ -13,7 +13,7 @@ public:
     ShadowSocksConfigurator(std::shared_ptr<Settings> settings, QObject *parent = nullptr);
 
     QString genShadowSocksConfig(const ServerCredentials &credentials, DockerContainer container,
-        const QJsonObject &containerConfig, ErrorCode *errorCode = nullptr);
+                                 const QJsonObject &containerConfig, ErrorCode &errorCode);
 };
 
 #endif // SHADOWSOCKS_CONFIGURATOR_H

client/configurators/vpn_configurator.cpp

@@ -25,8 +25,8 @@ VpnConfigurator::VpnConfigurator(std::shared_ptr<Settings> settings, QObject *pa
     sshConfigurator = std::shared_ptr<SshConfigurator>(new SshConfigurator(settings, this));
 }
 
-QString VpnConfigurator::genVpnProtocolConfig(const ServerCredentials &credentials,
-    DockerContainer container, const QJsonObject &containerConfig, Proto proto, ErrorCode *errorCode)
+QString VpnConfigurator::genVpnProtocolConfig(const ServerCredentials &credentials, DockerContainer container,
+                                              const QJsonObject &containerConfig, Proto proto, ErrorCode &errorCode)
 {
     switch (proto) {
     case Proto::OpenVpn:
@@ -49,6 +49,25 @@ QString VpnConfigurator::genVpnProtocolConfig(const ServerCredentials &credentia
     }
 }
 
+ErrorCode VpnConfigurator::processLastConfigWithRemoteSettings(QMap<Proto, QString> &lastVpnConfigs,
+                                                               const int serverIndex, const Proto proto)
+{
+    switch (proto) {
+    case Proto::OpenVpn:
+        return ErrorCode::NotImplementedError;
+    case Proto::ShadowSocks:
+        return ErrorCode::NotImplementedError;
+    case Proto::Cloak:
+        return ErrorCode::NotImplementedError;
+    case Proto::WireGuard:
+        return wireguardConfigurator->processLastConfigWithRemoteSettings(lastVpnConfigs, serverIndex);
+    case Proto::Ikev2:
+        return ErrorCode::NotImplementedError;
+    default:
+        return ErrorCode::ConfigMissing;
+    }
+}
+
 QPair<QString, QString> VpnConfigurator::getDnsForConfig(int serverIndex)
 {
     QPair<QString, QString> dns;

client/configurators/vpn_configurator.h

@@ -22,17 +22,17 @@ public:
     VpnConfigurator(std::shared_ptr<Settings> settings, QObject *parent = nullptr);
 
     QString genVpnProtocolConfig(const ServerCredentials &credentials, DockerContainer container,
-        const QJsonObject &containerConfig, Proto proto, ErrorCode *errorCode = nullptr);
+                                 const QJsonObject &containerConfig, Proto proto, ErrorCode &errorCode);
 
     QPair<QString, QString> getDnsForConfig(int serverIndex);
     QString &processConfigWithDnsSettings(int serverIndex, DockerContainer container, Proto proto, QString &config);
 
     QString &processConfigWithLocalSettings(int serverIndex, DockerContainer container, Proto proto, QString &config);
     QString &processConfigWithExportSettings(int serverIndex, DockerContainer container, Proto proto, QString &config);
+    ErrorCode processLastConfigWithRemoteSettings(QMap<Proto, QString> &lastVpnConfigs, const int serverIndex, const Proto proto);
 
-    // workaround for containers which is not support normal configuration
-    void updateContainerConfigAfterInstallation(DockerContainer container,
-        QJsonObject &containerConfig, const QString &stdOut);
+    // workaround for containers which is not support normal configaration
+    void updateContainerConfigAfterInstallation(DockerContainer container, QJsonObject &containerConfig, const QString &stdOut);
 
     std::shared_ptr<OpenVpnConfigurator> openVpnConfigurator;
     std::shared_ptr<ShadowSocksConfigurator> shadowSocksConfigurator;

client/configurators/wireguard_configurator.cpp

@@ -6,7 +6,8 @@
 #include <QDebug>
 #include <QTemporaryFile>
 #include <QJsonDocument>
-
+#include <QNetworkAccessManager>
+#include <QNetworkReply>
 
 #include <openssl/rand.h>
 #include <openssl/rsa.h>
@@ -59,20 +60,19 @@ WireguardConfigurator::ConnectionData WireguardConfigurator::genClientKeys()
 }
 
 WireguardConfigurator::ConnectionData WireguardConfigurator::prepareWireguardConfig(const ServerCredentials &credentials,
-    DockerContainer container, const QJsonObject &containerConfig, ErrorCode *errorCode)
+    DockerContainer container, const QJsonObject &containerConfig, ErrorCode &errorCode)
 {
     WireguardConfigurator::ConnectionData connData = WireguardConfigurator::genClientKeys();
     connData.host = credentials.hostName;
 
     if (connData.clientPrivKey.isEmpty() || connData.clientPubKey.isEmpty()) {
-        if (errorCode) *errorCode = ErrorCode::InternalError;
+        errorCode = ErrorCode::InternalError;
         return connData;
     }
 
-    ErrorCode e = ErrorCode::NoError;
     ServerController serverController(m_settings);
 
-    // Get list of already created clients (only IP addresses)
+    // Get list of already created clients (only IP addreses)
     QString nextIpNumber;
     {
         QString script = QString("cat %1 | grep AllowedIPs").arg(amnezia::protocols::wireguard::serverConfigPath);
@@ -82,9 +82,8 @@ WireguardConfigurator::ConnectionData WireguardConfigurator::prepareWireguardCon
             return ErrorCode::NoError;
         };
 
-        e = serverController.runContainerScript(credentials, container, script, cbReadStdOut);
-        if (errorCode && e) {
-            *errorCode = e;
+        errorCode = serverController.runContainerScript(credentials, container, script, cbReadStdOut);
+        if (errorCode) {
             return connData;
         }
 
@@ -99,7 +98,7 @@ WireguardConfigurator::ConnectionData WireguardConfigurator::prepareWireguardCon
         else {
             int next = ips.last().split(".").last().toInt() + 1;
             if (next > 254) {
-                if (errorCode) *errorCode = ErrorCode::AddressPoolError;
+                errorCode = ErrorCode::AddressPoolError;
                 return connData;
             }
             nextIpNumber = QString::number(next);
@@ -110,7 +109,7 @@ WireguardConfigurator::ConnectionData WireguardConfigurator::prepareWireguardCon
     {
         QStringList l = subnetIp.split(".", Qt::SkipEmptyParts);
         if (l.isEmpty()) {
-            if (errorCode) *errorCode = ErrorCode::AddressPoolError;
+            errorCode = ErrorCode::AddressPoolError;
             return connData;
         }
         l.removeLast();
@@ -120,18 +119,16 @@ WireguardConfigurator::ConnectionData WireguardConfigurator::prepareWireguardCon
     }
 
     // Get keys
-    connData.serverPubKey = serverController.getTextFileFromContainer(container, credentials, amnezia::protocols::wireguard::serverPublicKeyPath, &e);
+    connData.serverPubKey = serverController.getTextFileFromContainer(container, credentials, amnezia::protocols::wireguard::serverPublicKeyPath, errorCode);
     connData.serverPubKey.replace("\n", "");
-    if (e) {
-        if (errorCode) *errorCode = e;
+    if (errorCode) {
         return connData;
     }
 
-    connData.pskKey = serverController.getTextFileFromContainer(container, credentials, amnezia::protocols::wireguard::serverPskKeyPath, &e);
+    connData.pskKey = serverController.getTextFileFromContainer(container, credentials, amnezia::protocols::wireguard::serverPskKeyPath, errorCode);
     connData.pskKey.replace("\n", "");
 
-    if (e) {
-        if (errorCode) *errorCode = e;
+    if (errorCode) {
         return connData;
     }
 
@@ -145,15 +142,15 @@ WireguardConfigurator::ConnectionData WireguardConfigurator::prepareWireguardCon
             arg(connData.pskKey).
             arg(connData.clientIP);
 
-    e = serverController.uploadTextFileToContainer(container, credentials, configPart,
+    errorCode = serverController.uploadTextFileToContainer(container, credentials, configPart,
         protocols::wireguard::serverConfigPath, libssh::SftpOverwriteMode::SftpAppendToExisting);
 
-    if (e) {
-        if (errorCode) *errorCode = e;
+
+    if (errorCode) {
         return connData;
     }
 
-    e = serverController.runScript(credentials,
+    errorCode = serverController.runScript(credentials,
         serverController.replaceVars("sudo docker exec -i $CONTAINER_NAME bash -c 'wg syncconf wg0 <(wg-quick strip /opt/amnezia/wireguard/wg0.conf)'",
             serverController.genVarsForScript(credentials, container)));
 
@@ -161,14 +158,14 @@ WireguardConfigurator::ConnectionData WireguardConfigurator::prepareWireguardCon
 }
 
 QString WireguardConfigurator::genWireguardConfig(const ServerCredentials &credentials,
-    DockerContainer container, const QJsonObject &containerConfig, ErrorCode *errorCode)
+    DockerContainer container, const QJsonObject &containerConfig, ErrorCode &errorCode)
 {
     ServerController serverController(m_settings);
     QString config = serverController.replaceVars(amnezia::scriptData(ProtocolScriptType::wireguard_template, container),
                                                   serverController.genVarsForScript(credentials, container, containerConfig));
 
     ConnectionData connData = prepareWireguardConfig(credentials, container, containerConfig, errorCode);
-    if (errorCode && *errorCode) {
+    if (errorCode) {
         return "";
     }
 
@@ -209,3 +206,49 @@ QString WireguardConfigurator::processConfigWithExportSettings(QString config)
 
     return config;
 }
+
+ErrorCode WireguardConfigurator::processLastConfigWithRemoteSettings(QMap<Proto, QString> &lastVpnConfigs, const int serverIndex)
+{
+    QString allowedIps;
+    ErrorCode errorCode = ErrorCode::NoError;
+    QNetworkAccessManager manager;
+    QObject::connect(&manager, &QNetworkAccessManager::finished, this, [this, &allowedIps, &errorCode](QNetworkReply *reply) {
+        if (reply->error()) {
+            qDebug() << reply->errorString();
+            errorCode = ErrorCode::InternalError;
+            emit remoteProcessingFinished();
+            return;
+        }
+
+        allowedIps = reply->readAll();
+        emit remoteProcessingFinished();
+    });
+    QNetworkRequest request;
+    const QJsonObject serverSettings = m_settings->server(serverIndex);
+    request.setUrl(serverSettings.value(config_key::nativeConfigParametrsStorage).toString());
+    manager.get(request);
+
+    QEventLoop wait;
+    QObject::connect(this, &WireguardConfigurator::remoteProcessingFinished, &wait, &QEventLoop::quit);
+    wait.exec();
+
+    if (errorCode == ErrorCode::NoError) {
+        allowedIps = allowedIps.trimmed();
+        QString config = lastVpnConfigs.value(Proto::WireGuard);
+        QJsonObject lastConfigJson = QJsonDocument::fromJson(config.toUtf8()).object();
+        QStringList configLines = lastConfigJson.value(config_key::config).toString().split("\n");
+
+        for (auto &line : configLines) {
+            if (line.contains("AllowedIPs")) {
+                line = allowedIps;
+            }
+        }
+
+        QJsonObject newConfigJson;
+        newConfigJson[config_key::config] = configLines.join("\n");
+        lastVpnConfigs[Proto::WireGuard] = QString(QJsonDocument(newConfigJson).toJson());;
+
+        return ErrorCode::NoError;
+    }
+    return errorCode;
+}

client/configurators/wireguard_configurator.h

@@ -7,7 +7,7 @@
 #include "configurator_base.h"
 #include "core/defs.h"
 
-class WireguardConfigurator : ConfiguratorBase
+class WireguardConfigurator : public ConfiguratorBase
 {
     Q_OBJECT
 public:
@@ -23,17 +23,22 @@ public:
     };
 
     QString genWireguardConfig(const ServerCredentials &credentials, DockerContainer container,
-        const QJsonObject &containerConfig, ErrorCode *errorCode = nullptr);
+                               const QJsonObject &containerConfig, ErrorCode &errorCode);
 
     QString processConfigWithLocalSettings(QString config);
     QString processConfigWithExportSettings(QString config);
+    ErrorCode processLastConfigWithRemoteSettings(QMap<Proto, QString> &lastVpnConfigs, const int serverIndex);
 
 
 private:
     ConnectionData prepareWireguardConfig(const ServerCredentials &credentials,
-        DockerContainer container, const QJsonObject &containerConfig, ErrorCode *errorCode = nullptr);
+                                          DockerContainer container, const QJsonObject &containerConfig,
+                                          ErrorCode &errorCode);
 
     ConnectionData genClientKeys();
+
+signals:
+    void remoteProcessingFinished();
 };
 
 #endif // WIREGUARD_CONFIGURATOR_H

client/containers/containers_defs.h

@@ -1,5 +1,5 @@
-#ifndef CONTAINERS_DEFS_H
-#define CONTAINERS_DEFS_H
+#ifndef CONTAIERNS_DEFS_H
+#define CONTAIERNS_DEFS_H
 
 #include <QObject>
 #include <QQmlEngine>
@@ -75,4 +75,4 @@ static void declareQmlContainerEnum() {
 
 QDebug operator<<(QDebug debug, const amnezia::DockerContainer &c);
 
-#endif // CONTAINERS_DEFS_H
+#endif // CONTAIERNS_DEFS_H

client/core/ipcclient.cpp

@@ -104,8 +104,8 @@ QSharedPointer<PrivilegedProcess> IpcClient::CreatePrivilegedProcess()
     pd->localSocket->connectToServer(amnezia::getIpcProcessUrl(pid));
     pd->localSocket->waitForConnected();
 
-    auto processReplica = QSharedPointer<PrivilegedProcess>(pd->ipcProcess);
-    return processReplica;
+    auto proccessReplica = QSharedPointer<PrivilegedProcess>(pd->ipcProcess);
+    return proccessReplica;
 }
 
 

client/core/servercontroller.cpp

@@ -178,10 +178,9 @@ ErrorCode ServerController::uploadTextFileToContainer(DockerContainer container,
 }
 
 QByteArray ServerController::getTextFileFromContainer(DockerContainer container,
-    const ServerCredentials &credentials, const QString &path, ErrorCode *errorCode)
+    const ServerCredentials &credentials, const QString &path, ErrorCode &errorCode)
 {
-
-    if (errorCode) *errorCode = ErrorCode::NoError;
+    errorCode = ErrorCode::NoError;
 
     QString script = QString("sudo docker exec -i %1 sh -c \"xxd -p \'%2\'\"").
             arg(ContainerProps::containerToString(container)).arg(path);
@@ -193,7 +192,7 @@ QByteArray ServerController::getTextFileFromContainer(DockerContainer container,
         return ErrorCode::NoError;
     };
 
-    *errorCode = runScript(credentials, script, cbReadStdOut);
+    errorCode = runScript(credentials, script, cbReadStdOut);
 
     qDebug().noquote() << "Copy file from container stdout : \n" << stdOut;
 
@@ -289,10 +288,10 @@ ErrorCode ServerController::setupContainer(const ServerCredentials &credentials,
 ErrorCode ServerController::updateContainer(const ServerCredentials &credentials, DockerContainer container,
     const QJsonObject &oldConfig, QJsonObject &newConfig)
 {
-    bool reinstallRequired = isReinstallContainerRequired(container, oldConfig, newConfig);
-    qDebug() << "ServerController::updateContainer for container" << container << "reinstall required is" << reinstallRequired;
+    bool reinstallRequred = isReinstallContainerRequred(container, oldConfig, newConfig);
+    qDebug() << "ServerController::updateContainer for container" << container << "reinstall required is" << reinstallRequred;
 
-    if (reinstallRequired) {
+    if (reinstallRequred) {
         return setupContainer(credentials, container, newConfig, true);
     }
     else {
@@ -326,7 +325,7 @@ QJsonObject ServerController::createContainerInitialConfig(DockerContainer conta
     return config;
 }
 
-bool ServerController::isReinstallContainerRequired(DockerContainer container, const QJsonObject &oldConfig, const QJsonObject &newConfig)
+bool ServerController::isReinstallContainerRequred(DockerContainer container, const QJsonObject &oldConfig, const QJsonObject &newConfig)
 {
     Proto mainProto = ContainerProps::defaultProtocol(container);
 
@@ -580,7 +579,7 @@ ServerController::Vars ServerController::genVarsForScript(const ServerCredential
     return vars;
 }
 
-QString ServerController::checkSshConnection(const ServerCredentials &credentials, ErrorCode *errorCode)
+QString ServerController::checkSshConnection(const ServerCredentials &credentials, ErrorCode &errorCode)
 {
     QString stdOut;
     auto cbReadStdOut = [&](const QString &data, libssh::Client &) {
@@ -592,10 +591,7 @@ QString ServerController::checkSshConnection(const ServerCredentials &credential
         return ErrorCode::NoError;
     };
 
-    ErrorCode e = runScript(credentials,
-        amnezia::scriptData(SharedScriptType::check_connection), cbReadStdOut, cbReadStdErr);
-
-    if (errorCode) *errorCode = e;
+    errorCode = runScript(credentials, amnezia::scriptData(SharedScriptType::check_connection), cbReadStdOut, cbReadStdErr);
 
     return stdOut;
 }
@@ -655,11 +651,6 @@ ErrorCode ServerController::isServerPortBusy(const ServerCredentials &credential
         script = script.append("|:%1").arg(port);
     }
     script = script.append("' | grep -i %1").arg(transportProto);
-
-    if (transportProto == "tcp") {
-        script = script.append(" | grep LISTEN");
-    }
-
     ErrorCode errorCode = runScript(credentials,
               replaceVars(script, genVarsForScript(credentials, container)), cbReadStdOut, cbReadStdErr);
     if (errorCode != ErrorCode::NoError) {
@@ -674,10 +665,6 @@ ErrorCode ServerController::isServerPortBusy(const ServerCredentials &credential
 
 ErrorCode ServerController::isUserInSudo(const ServerCredentials &credentials, DockerContainer container)
 {
-    if (credentials.userName == "root") {
-        return ErrorCode::NoError;
-    }
-
     QString stdOut;
     auto cbReadStdOut = [&](const QString &data, libssh::Client &) {
         stdOut += data + "\n";

client/core/servercontroller.h

@@ -32,13 +32,13 @@ public:
 
     // create initial config - generate passwords, etc
     QJsonObject createContainerInitialConfig(DockerContainer container, int port, TransportProto tp);
-    ErrorCode startupContainerWorker(const ServerCredentials &credentials, DockerContainer container, const QJsonObject &config = QJsonObject());
 
     ErrorCode uploadTextFileToContainer(DockerContainer container, const ServerCredentials &credentials,
                                         const QString &file, const QString &path,
                                         libssh::SftpOverwriteMode overwriteMode = libssh::SftpOverwriteMode::SftpOverwriteExisting);
+
     QByteArray getTextFileFromContainer(DockerContainer container, const ServerCredentials &credentials,
-                                        const QString &path, ErrorCode *errorCode = nullptr);
+                                        const QString &path, ErrorCode &errorCode);
 
     QString replaceVars(const QString &script, const Vars &vars);
     Vars genVarsForScript(const ServerCredentials &credentials, DockerContainer container = DockerContainer::None, const QJsonObject &config = QJsonObject());
@@ -51,7 +51,7 @@ public:
         const std::function<ErrorCode (const QString &, libssh::Client &)> &cbReadStdOut = nullptr,
         const std::function<ErrorCode (const QString &, libssh::Client &)> &cbReadStdErr = nullptr);
 
-    QString checkSshConnection(const ServerCredentials &credentials, ErrorCode *errorCode = nullptr);
+    QString checkSshConnection(const ServerCredentials &credentials, ErrorCode &errorCode);
 
     void setCancelInstallation(const bool cancel);
 
@@ -62,9 +62,10 @@ private:
     ErrorCode buildContainerWorker(const ServerCredentials &credentials, DockerContainer container, const QJsonObject &config = QJsonObject());
     ErrorCode runContainerWorker(const ServerCredentials &credentials, DockerContainer container, QJsonObject &config);
     ErrorCode configureContainerWorker(const ServerCredentials &credentials, DockerContainer container, QJsonObject &config);
+    ErrorCode startupContainerWorker(const ServerCredentials &credentials, DockerContainer container, const QJsonObject &config = QJsonObject());
 
     ErrorCode isServerPortBusy(const ServerCredentials &credentials, DockerContainer container, const QJsonObject &config);
-    bool isReinstallContainerRequired(DockerContainer container, const QJsonObject &oldConfig, const QJsonObject &newConfig);
+    bool isReinstallContainerRequred(DockerContainer container, const QJsonObject &oldConfig, const QJsonObject &newConfig);
     ErrorCode isUserInSudo(const ServerCredentials &credentials, DockerContainer container);
     ErrorCode isServerDpkgBusy(const ServerCredentials &credentials, DockerContainer container);
     

client/core/sshclient.cpp

@@ -6,7 +6,7 @@
 #include <fstream>
 
 #ifdef Q_OS_WINDOWS
-const uint32_t S_IRWXU = 0644;
+#define S_IRWXU 0
 #endif
 
 namespace libssh {

client/defines.h

@@ -0,0 +1,10 @@
+#ifndef DEFINES_H
+#define DEFINES_H
+
+#define APPLICATION_NAME    "AmneziaVPN"
+#define SERVICE_NAME        "AmneziaVPN-service"
+#define ORGANIZATION_NAME   "AmneziaVPN.ORG"
+#define APP_MAJOR_VERSION   "2.1.2"
+#define APP_VERSION         "2.1.2.0"
+
+#endif // DEFINES_H

client/ios/app/Info.plist

@@ -0,0 +1,92 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>CFBundleAllowMixedLocalizations</key>
+	<true/>
+	<key>CFBundleDevelopmentRegion</key>
+	<string>$(DEVELOPMENT_LANGUAGE)</string>
+	<key>CFBundleDisplayName</key>
+	<string>AmneziaVPN</string>
+	<key>CFBundleDocumentTypes</key>
+	<array>
+		<dict>
+			<key>CFBundleTypeName</key>
+			<string>Amnezia VPN config</string>
+			<key>LSHandlerRank</key>
+			<string>Alternate</string>
+			<key>LSItemContentTypes</key>
+			<array>
+				<string>org.amnezia.AmneziaVPN.amnezia-config</string>
+			</array>
+		</dict>
+	</array>
+	<key>CFBundleExecutable</key>
+	<string>$(EXECUTABLE_NAME)</string>
+	<key>CFBundleIcons</key>
+	<dict/>
+	<key>CFBundleIcons~ipad</key>
+	<dict/>
+	<key>CFBundleIdentifier</key>
+	<string>$(PRODUCT_BUNDLE_IDENTIFIER)</string>
+	<key>CFBundleInfoDictionaryVersion</key>
+	<string>6.0</string>
+	<key>CFBundleName</key>
+	<string>${APP_DISPLAY_NAME}</string>
+	<key>CFBundlePackageType</key>
+	<string>APPL</string>
+	<key>CFBundleShortVersionString</key>
+	<string>$(MARKETING_VERSION)</string>
+	<key>CFBundleVersion</key>
+	<string>7</string>
+	<key>ITSAppUsesNonExemptEncryption</key>
+	<false/>
+	<key>LSRequiresIPhoneOS</key>
+	<true/>
+	<key>UIFileSharingEnabled</key>
+	<true/>
+	<key>LSSupportsOpeningDocumentsInPlace</key>
+	<true/>
+	<key>NSCameraUsageDescription</key>
+	<string>Amnezia VPN needs access to the camera for reading QR-codes.</string>
+	<key>UILaunchStoryboardName</key>
+	<string>AmneziaVPNLaunchScreen</string>
+	<key>UIRequiresFullScreen</key>
+	<true/>
+	<key>UISupportedInterfaceOrientations</key>
+	<array>
+		<string>UIInterfaceOrientationPortraitUpsideDown</string>
+		<string>UIInterfaceOrientationPortrait</string>
+	</array>
+	<key>UISupportedInterfaceOrientations~ipad</key>
+	<array/>
+	<key>UIUserInterfaceStyle</key>
+	<string>Light</string>
+	<key>UTImportedTypeDeclarations</key>
+	<array>
+		<dict>
+			<key>UTTypeConformsTo</key>
+			<array>
+				<string>public.data</string>
+			</array>
+			<key>UTTypeDescription</key>
+			<string>Amnezia VPN config</string>
+			<key>UTTypeIconFiles</key>
+			<array/>
+			<key>UTTypeIdentifier</key>
+			<string>org.amnezia.AmneziaVPN.amnezia-config</string>
+			<key>UTTypeTagSpecification</key>
+			<dict>
+				<key>public.filename-extension</key>
+				<array>
+					<string>vpn</string>
+				</array>
+				<key>public.mime-type</key>
+				<array>
+					<string>text/plain</string>
+				</array>
+			</dict>
+		</dict>
+	</array>
+</dict>
+</plist>

client/ios/networkextension/CMakeLists.txt

@@ -4,45 +4,26 @@ set(CLIENT_ROOT_DIR ${CMAKE_CURRENT_LIST_DIR}/../..)
 
 add_executable(networkextension)
 set_target_properties(networkextension PROPERTIES
+    OUTPUT_NAME "AmneziaVPNNetworkExtension"
     XCODE_PRODUCT_TYPE com.apple.product-type.app-extension
     BUNDLE_EXTENSION appex
-
+    MACOSX_BUNDLE ON
     MACOSX_BUNDLE_INFO_PLIST ${CMAKE_CURRENT_SOURCE_DIR}/Info.plist.in
-    MACOSX_BUNDLE_INFO_STRING "AmneziaVPNNetworkExtension"
     MACOSX_BUNDLE_BUNDLE_NAME "AmneziaVPNNetworkExtension"
+    MACOSX_BUNDLE_BUNDLE_VERSION "${BUILD_ID}"
+    MACOSX_BUNDLE_COPYRIGHT "MPL-2.0"
     MACOSX_BUNDLE_GUI_IDENTIFIER "${BUILD_IOS_APP_IDENTIFIER}.network-extension"
-    MACOSX_BUNDLE_BUNDLE_VERSION "${CMAKE_PROJECT_VERSION_TWEAK}"
-
+    MACOSX_BUNDLE_INFO_STRING "AmneziaVPNNetworkExtension"
+    MACOSX_BUNDLE_LONG_VERSION_STRING "${CMAKE_PROJECT_VERSION}-${BUILD_ID}"
+    MACOSX_BUNDLE_SHORT_VERSION_STRING "${CMAKE_PROJECT_VERSION}"
     XCODE_ATTRIBUTE_PRODUCT_BUNDLE_IDENTIFIER "${BUILD_IOS_APP_IDENTIFIER}.network-extension"
-    XCODE_ATTRIBUTE_CODE_SIGN_ENTITLEMENTS ${CMAKE_CURRENT_SOURCE_DIR}/AmneziaVPNNetworkExtension.entitlements
-    XCODE_ATTRIBUTE_MARKETING_VERSION "${APP_MAJOR_VERSION}"
-    XCODE_ATTRIBUTE_CURRENT_PROJECT_VERSION "${BUILD_ID}"
-    XCODE_ATTRIBUTE_PRODUCT_NAME "AmneziaVPNNetworkExtension"
-
-    XCODE_ATTRIBUTE_APPLICATION_EXTENSION_API_ONLY "YES"
-    XCODE_ATTRIBUTE_ENABLE_BITCODE "NO"
-    XCODE_ATTRIBUTE_TARGETED_DEVICE_FAMILY "1,2"
-
-    XCODE_ATTRIBUTE_LD_RUNPATH_SEARCH_PATHS "@executable_path/../../Frameworks"
-
-    XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY "Apple Distribution"
-    XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY[variant=Debug] "Apple Development"
-
-    XCODE_ATTRIBUTE_CODE_SIGN_STYLE Manual
-    XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER "match AppStore org.amnezia.AmneziaVPN.network-extension"
-    XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER[variant=Debug] "match Development org.amnezia.AmneziaVPN.network-extension"
-)
-
-set_target_properties(networkextension PROPERTIES
     XCODE_ATTRIBUTE_SWIFT_VERSION "5.0"
     XCODE_ATTRIBUTE_CLANG_ENABLE_MODULES "YES"
     XCODE_ATTRIBUTE_SWIFT_OBJC_BRIDGING_HEADER "${CMAKE_CURRENT_SOURCE_DIR}/WireGuardNetworkExtension-Bridging-Header.h"
-    XCODE_ATTRIBUTE_SWIFT_OPTIMIZATION_LEVEL "-Onone"
     XCODE_ATTRIBUTE_SWIFT_PRECOMPILE_BRIDGING_HEADER "NO"
-)
-
-set_target_properties("networkextension" PROPERTIES
-    XCODE_ATTRIBUTE_DEVELOPMENT_TEAM "X7UJ388FXK"
+    XCODE_ATTRIBUTE_APPLICATION_EXTENSION_API_ONLY "YES"
+    XCODE_ATTRIBUTE_ENABLE_BITCODE "NO"
+    XCODE_ATTRIBUTE_CODE_SIGN_ENTITLEMENTS ${CMAKE_CURRENT_SOURCE_DIR}/AmneziaVPNNetworkExtension.entitlements
 )
 
 find_library(FW_ASSETS_LIBRARY AssetsLibrary)
@@ -102,7 +83,7 @@ include(${CLIENT_ROOT_DIR}/cmake/golang.cmake)
 ## Build the wireguard go library for iOS simulation.
 ## TODO: Some special handling around GOARCH for
 execute_process(OUTPUT_VARIABLE SIM_SDKROOT OUTPUT_STRIP_TRAILING_WHITESPACE COMMAND xcrun --sdk iphonesimulator --show-sdk-path)
-build_go_archive(${CMAKE_CURRENT_BINARY_DIR}/libwg-sim.a ${CLIENT_ROOT_DIR}/3rd/wireguard-apple/Sources/WireGuardKitGo/go.mod
+build_go_archive(${CMAKE_CURRENT_BINARY_DIR}/libwg-sim.a ${CMAKE_SOURCE_DIR}/3rd/wireguard-apple/Sources/WireGuardKitGo/go.mod
     GOOS ios
     GOARCH amd64
     CGO_CFLAGS -arch x86_64 -isysroot ${SIM_SDKROOT}
@@ -111,7 +92,7 @@ build_go_archive(${CMAKE_CURRENT_BINARY_DIR}/libwg-sim.a ${CLIENT_ROOT_DIR}/3rd/
 
 ## Build the wireguard go library for iOS devices.
 execute_process(OUTPUT_VARIABLE IOS_SDKROOT OUTPUT_STRIP_TRAILING_WHITESPACE COMMAND xcrun --sdk ${CMAKE_OSX_SYSROOT} --show-sdk-path)
-build_go_archive(${CMAKE_CURRENT_BINARY_DIR}/libwg-dev.a ${CLIENT_ROOT_DIR}/3rd/wireguard-apple/Sources/WireGuardKitGo/go.mod
+build_go_archive(${CMAKE_CURRENT_BINARY_DIR}/libwg-dev.a ${CMAKE_SOURCE_DIR}/3rd/wireguard-apple/Sources/WireGuardKitGo/go.mod
     GOOS ios
     GOARCH arm64
     CGO_CFLAGS -arch arm64 -isysroot ${IOS_SDKROOT}

client/ios/networkextension/Info.plist

@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>CFBundleExecutable</key>
+	<string>$(EXECUTABLE_NAME)</string>
+
+	<key>CFBundleIdentifier</key>
+	<string>$(PRODUCT_BUNDLE_IDENTIFIER)</string>
+
+	<key>CFBundleInfoDictionaryVersion</key>
+	<string>6.0</string>
+
+	<key>CFBundleName</key>
+	<string>$(PRODUCT_NAME)</string>
+
+	<key>CFBundlePackageType</key>
+	<string>$(PRODUCT_BUNDLE_PACKAGE_TYPE)</string>
+
+	<key>CFBundleShortVersionString</key>
+	<string>$(MARKETING_VERSION)</string>
+
+	<key>CFBundleVersion</key>
+	<string>$(CURRENT_PROJECT_VERSION)</string>
+
+	<key>ITSAppUsesNonExemptEncryption</key>
+	<false/>
+
+	<key>LSMinimumSystemVersion</key>
+	<string>$(MACOSX_DEPLOYMENT_TARGET)</string>
+
+	<key>CFBundleDevelopmentRegion</key>
+	<string>$(DEVELOPMENT_LANGUAGE)</string>
+
+	<key>CFBundleDisplayName</key>
+	<string>MozillaVPNNetworkExtension</string>
+
+	<key>NSExtension</key>
+	<dict>
+		<key>NSExtensionPointIdentifier</key>
+		<string>com.apple.networkextension.packet-tunnel</string>
+		<key>NSExtensionPrincipalClass</key>
+		<string>$(PRODUCT_MODULE_NAME).PacketTunnelProvider</string>
+	</dict>
+
+	<key>com.wireguard.ios.app_group_id</key>
+	<string>group.$(APP_ID_IOS)</string>
+
+	<key>com.wireguard.macos.app_group_id</key>
+	<string>$(DEVELOPMENT_TEAM).group.$(APP_ID_MACOS)</string>
+</dict>
+</plist>

client/ios/xcode.xconfig

@@ -0,0 +1,13 @@
+DEVELOPMENT_TEAM = <X7UJ388FXK>
+
+# MacOS configuration
+GROUP_ID_MACOS = <>
+APP_ID_MACOS = <>
+NETEXT_ID_MACOS = <>
+LOGIN_ID_MACOS = <>
+NATIVEMESSAGING_ID_MACOS = <>
+
+# IOS configuration
+GROUP_ID_IOS = group.org.mozilla.ios.Guardian
+APP_ID_IOS = org.mozilla.ios.FirefoxVPN
+NETEXT_ID_IOS = org.mozilla.ios.FirefoxVPN.network-extension

client/logger.cpp

@@ -9,7 +9,7 @@
 
 #include <iostream>
 
-#include "version.h"
+#include "defines.h"
 #include "utilities.h"
 
 #ifdef AMNEZIA_DESKTOP
@@ -157,7 +157,7 @@ void Logger::clearServiceLogs()
 
     if (!m_IpcClient->isSocketConnected()) {
         if (!IpcClient::init(m_IpcClient)) {
-            qWarning() << "Error occurred when init IPC client";
+            qWarning() << "Error occured when init IPC client";
             return;
         }
     }
@@ -167,7 +167,7 @@ void Logger::clearServiceLogs()
         m_IpcClient->Interface()->cleanUp();
     }
     else {
-        qWarning() << "Error occurred cleaning up service logs";
+        qWarning() << "Error occured cleaning up service logs";
     }
 #endif
 }

client/main.cpp

@@ -3,7 +3,7 @@
 #include <QTimer>
 
 #include "amnezia_application.h"
-#include "version.h"
+#include "defines.h"
 #include "migrations.h"
 
 #ifdef Q_OS_WIN

client/managementserver.cpp

@@ -57,7 +57,7 @@ void ManagementServer::onNewConnection()
 void ManagementServer::onSocketError(QAbstractSocket::SocketError socketError)
 {
     Q_UNUSED(socketError)
-    qDebug().noquote() << QString("Management server error: %1").arg(m_socket->errorString());
+    qDebug().noquote() << QString("Mananement server error: %1").arg(m_socket->errorString());
 }
 
 void ManagementServer::onSocketDisconnected()

client/migrations.cpp

@@ -5,7 +5,7 @@
 #include <QFile>
 #include <QStandardPaths>
 
-#include "version.h"
+#include "defines.h"
 
 Migrations::Migrations(QObject *parent)
     : QObject{parent}

client/platforms/android/android_controller.cpp

@@ -297,7 +297,7 @@ void AndroidController::startActivityForResult(JNIEnv *env, jobject, jobject int
          [](int receiverRequestCode, int resultCode,
             const QJniObject& data) {
            // Currently this function just used in
-           // VPNService.kt::checkPermissions. So the result
+           // VPNService.kt::checkPersmissions. So the result
            // we're getting is if the User gave us the
            // Vpn.bind permission. In case of NO we should
            // abort.

client/platforms/android/androidvpnactivity.h

@@ -17,7 +17,7 @@ enum ServiceAction {
     ACTION_ACTIVATE = 1,
     // Deactivate the vpn. Body is empty
     ACTION_DEACTIVATE = 2,
-    // Register an IBinder to receive events body is an Ibinder
+    // Register an IBinder to recieve events body is an Ibinder
     ACTION_REGISTERLISTENER = 3,
     // Requests an EVENT_STATISTIC_UPDATE to be send
     ACTION_REQUEST_STATISTIC = 4,
@@ -40,14 +40,14 @@ typedef enum ServiceAction ServiceAction;
 
 // Event Types that will be Dispatched after registration
 enum ServiceEvents {
-    // The Service has Accepted our Binder
+    // The Service has Accecpted our Binder
     // Responds with the current status of the vpn.
     EVENT_INIT = 0,
     // WG-Go has enabled the adapter (empty response)
     EVENT_CONNECTED = 1,
     // WG-Go has disabled the adapter (empty response)
     EVENT_DISCONNECTED = 2,
-    // Contains the Current transferred bytes to endpoint x.
+    // Contains the Current transfered bytes to endpoint x.
     EVENT_STATISTIC_UPDATE = 3,
     EVENT_BACKEND_LOGS = 4,
     // An Error happened during activation

client/platforms/ios/QtAppDelegate.mm

@@ -30,9 +30,9 @@
     // Use this method to pause ongoing tasks, disable timers, and throttle down OpenGL ES frame rates. Games should use this method to pause the game.
     _screen = [UIScreen.mainScreen snapshotViewAfterScreenUpdates: false];
     UIBlurEffect *blurEffect = [UIBlurEffect effectWithStyle: UIBlurEffectStyleDark];
-    UIVisualEffectView *blurBackground = [[UIVisualEffectView alloc] initWithEffect: blurEffect];
-    [_screen addSubview: blurBackground];
-    blurBackground.frame = _screen.frame;
+    UIVisualEffectView *blurBackround = [[UIVisualEffectView alloc] initWithEffect: blurEffect];
+    [_screen addSubview: blurBackround];
+    blurBackround.frame = _screen.frame;
     UIWindow *_window = UIApplication.sharedApplication.keyWindow;
     [_window addSubview: _screen];
 }

client/platforms/ios/iosiaphandler.mm

@@ -130,7 +130,7 @@ Logger logger(LOG_IAP, "IOSIAPHandler");
         logger.debug() << "transaction deferred";
         break;
       default:
-        logger.warning() << "transaction unknown state";
+        logger.warning() << "transaction unknwon state";
         break;
     }
   }

client/platforms/ios/iostunnel.swift

@@ -428,7 +428,7 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
               let password = ssConfig[Constants.ssPasswordKey] as? String else {
                   self.ssCompletion?(0, NSError(domain: Bundle.main.bundleIdentifier ?? "unknown",
                                            code: 100,
-                                           userInfo: [NSLocalizedDescriptionKey: "Cannot assign profile params for ss in tunnel"]))
+                                           userInfo: [NSLocalizedDescriptionKey: "Cannot asign profile params for ss in tunnel"]))
                   return nil
               }
         var insettings:  [String: Any] = .init()
@@ -639,7 +639,7 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
         wg_log(.error, message: "Start reading packets to connection")
         wg_log(.error, message: "Connection is \(session != nil ? "not null" : "null")")
         packetFlow.readPackets { [weak self] packets, protocols in
-            wg_log(.error, message: "\(packets.count) outcoming packets processed of \(protocols.first?.stringValue ?? "unknown") type")
+            wg_log(.error, message: "\(packets.count) outcoming packets proccessed of \(protocols.first?.stringValue ?? "unknown") type")
             guard let `self` = self else { return }
             self.session?.writeMultipleDatagrams(packets, completionHandler: { _ in
                 self.processQueue.async {
@@ -662,7 +662,7 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
         session?.setReadHandler({ ssdata, error in
             wg_log(.error, message: "Packets are \(ssdata != nil ? "not null" : "null"), error: \(error?.localizedDescription ?? "none")")
             guard error == nil, let packets = ssdata else { return }
-            wg_log(.error, message: "\(packets.count) incoming packets processed")
+            wg_log(.error, message: "\(packets.count) incoming packets proccessed")
             self.packetFlow.writePackets(packets, withProtocols: [NSNumber(value: AF_INET)])
         }, maxDatagrams: Int.max)
         

client/platforms/ios/tun2ssprovider.swift

@@ -166,7 +166,7 @@ class TunProvider: NSObject {
         dispatchQueue.async {
             let success = leaf_shutdown(self.tunId)
             if !success {
-                let errMsg = "Tunnel cannot be stopped for some odd reason."
+                let errMsg = "Tunnel canot be stopped for some odd reason."
                 self.stopCompletion?(.undefinedError(errMsg))
             }
             pthread_kill(self.tunThreadId!, SIGUSR1)

client/platforms/macos/daemon/macosroutemonitor.cpp

@@ -120,7 +120,7 @@ void MacosRouteMonitor::handleRtmChange(const struct rt_msghdr* rtm,
   for (auto addr : addrlist) {
     list.append(addrToString(addr));
   }
-  logger.debug() << "Route changed by" << rtm->rtm_pid
+  logger.debug() << "Route chagned by" << rtm->rtm_pid
                  << QString("addrs(%1):").arg(rtm->rtm_addrs) << list.join(" ");
 }
 
@@ -138,7 +138,7 @@ void MacosRouteMonitor::handleIfaceInfo(const struct if_msghdr* ifm,
     list.append(addrToString(addr));
   }
   logger.debug() << "Interface " << ifm->ifm_index
-                 << "changed flags:" << ifm->ifm_flags
+                 << "chagned flags:" << ifm->ifm_flags
                  << QString("addrs(%1):").arg(ifm->ifm_addrs) << list.join(" ");
 }
 

client/platforms/windows/amneziavpn.rc

@@ -3,33 +3,41 @@ LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
 
 IDI_ICON1               ICON                    "../../images/app.ico"
 
+#define VER_FILEVERSION             2,0,0,0
+#define VER_FILEVERSION_STR         "2.0.0.0\0"
+
+#define VER_PRODUCTVERSION          2,0,0,0
+#define VER_PRODUCTVERSION_STR      "2.0.0.0\0"
+
 #define VER_COMPANYNAME_STR         "AmneziaVPN"
-#define VER_FILEDESCRIPTION_STR     VER_COMPANYNAME_STR
-#define VER_INTERNALNAME_STR        VER_COMPANYNAME_STR
+#define VER_FILEDESCRIPTION_STR     "AmneziaVPN"
+#define VER_INTERNALNAME_STR        "AmneziaVPN"
 #define VER_LEGALCOPYRIGHT_STR      "AmneziaVPN."
 #define VER_LEGALTRADEMARKS1_STR    "All Rights Reserved"
 #define VER_LEGALTRADEMARKS2_STR    VER_LEGALTRADEMARKS1_STR
 #define VER_ORIGINALFILENAME_STR    "amneziavpn.exe"
-#define VER_PRODUCTNAME_STR         VER_COMPANYNAME_STR
+#define VER_PRODUCTNAME_STR         "AmneziaVPN"
+
+#define VER_COMPANYDOMAIN_STR       "https://amnezia.org/"
 
 VS_VERSION_INFO VERSIONINFO
-FILEVERSION     @CMAKE_PROJECT_VERSION_MAJOR@,@CMAKE_PROJECT_VERSION_MINOR@,@CMAKE_PROJECT_VERSION_PATCH@,@CMAKE_PROJECT_VERSION_TWEAK@
-PRODUCTVERSION  @CMAKE_PROJECT_VERSION_MAJOR@,@CMAKE_PROJECT_VERSION_MINOR@,@CMAKE_PROJECT_VERSION_PATCH@
+FILEVERSION VER_FILEVERSION
+PRODUCTVERSION VER_PRODUCTVERSION
 BEGIN
     BLOCK "StringFileInfo"
     BEGIN
         BLOCK "040904E4"
         BEGIN
             VALUE "CompanyName",        VER_COMPANYNAME_STR
-            VALUE "FileDescription",    "@CMAKE_PROJECT_DESCRIPTION@"
-            VALUE "FileVersion",        "@CMAKE_PROJECT_VERSION@"
+            VALUE "FileDescription",    VER_FILEDESCRIPTION_STR
+            VALUE "FileVersion",        VER_FILEVERSION_STR
             VALUE "InternalName",       VER_INTERNALNAME_STR
             VALUE "LegalCopyright",     VER_LEGALCOPYRIGHT_STR
             VALUE "LegalTrademarks1",   VER_LEGALTRADEMARKS1_STR
             VALUE "LegalTrademarks2",   VER_LEGALTRADEMARKS2_STR
             VALUE "OriginalFilename",   VER_ORIGINALFILENAME_STR
             VALUE "ProductName",        VER_PRODUCTNAME_STR
-            VALUE "ProductVersion",     "@CMAKE_PROJECT_VERSION@"
+            VALUE "ProductVersion",     VER_PRODUCTVERSION_STR
         END
     END
 

client/protocols/ikev2_vpn_protocol_windows.cpp

@@ -50,7 +50,7 @@ void Ikev2Protocol::stop()
 void Ikev2Protocol::newConnectionStateEventReceived(UINT unMsg, tagRASCONNSTATE rasconnstate, DWORD dwError)
 {
     Q_UNUSED(unMsg);
-    qDebug()<<"Receive the new event "<<static_cast<int>(rasconnstate);
+    qDebug()<<"Recive the new event "<<static_cast<int>(rasconnstate);
     switch (rasconnstate)
     {
     case RASCS_OpenPort:

client/protocols/ikev2_vpn_protocol_windows.h

@@ -54,7 +54,7 @@ private:
 private:
     QJsonObject m_config;
 
-    //RAS functions and parameters
+    //RAS functions and parametrs
     HRASCONN        hRasConn{nullptr};
     bool create_new_vpn(const QString & vpn_name,
                         const QString & serv_addr);

client/protocols/ios_vpnprotocol.h

@@ -36,7 +36,7 @@ public:
     void cleanupBackendLogs();
 
 signals:
-    void newTransmittedDataCount(quint64 rxBytes, quint64 txBytes);
+    void newTransmitedDataCount(quint64 rxBytes, quint64 txBytes);
 
 protected slots:
 

client/protocols/ios_vpnprotocol.mm

@@ -27,7 +27,7 @@ Proto currentProto = amnezia::Proto::Any;
 IOSVpnProtocol::IOSVpnProtocol(Proto proto, const QJsonObject &configuration, QObject* parent)
 : VpnProtocol(configuration, parent), m_protocol(proto)
 {
-    connect(this, &IOSVpnProtocol::newTransmittedDataCount, this, &IOSVpnProtocol::setBytesChanged);
+    connect(this, &IOSVpnProtocol::newTransmitedDataCount, this, &IOSVpnProtocol::setBytesChanged);
 }
 
 IOSVpnProtocol* IOSVpnProtocol::instance() {
@@ -209,7 +209,7 @@ void IOSVpnProtocol::checkStatus()
         qDebug() << "ServerIpv4Gateway:" << QString::fromNSString(serverIpv4Gateway)
                     << "DeviceIpv4Address:" << QString::fromNSString(deviceIpv4Address)
                     << "RxBytes:" << rxBytes << "TxBytes:" << txBytes;
-        emit newTransmittedDataCount(rxBytes, txBytes);
+        emit newTransmitedDataCount(rxBytes, txBytes);
     }];
 }
 

client/protocols/openvpnprotocol.cpp

@@ -6,7 +6,7 @@
 #include <QRandomGenerator>
 
 #include "logger.h"
-#include "version.h"
+#include "defines.h"
 #include "utilities.h"
 #include "openvpnprotocol.h"
 

client/protocols/protocols_defs.h

@@ -64,6 +64,8 @@ constexpr char isThirdPartyConfig[] = "isThirdPartyConfig";
 constexpr char openvpn[] = "openvpn";
 constexpr char wireguard[] = "wireguard";
 
+constexpr char nativeConfigParametrsStorage[] = "nativeConfigParametrsStorage";
+
 }
 
 namespace protocols {
@@ -77,7 +79,6 @@ constexpr char defaultSubnetAddress[] = "10.8.0.0";
 constexpr char defaultSubnetMask[] = "255.255.255.0";
 constexpr char defaultSubnetCidr[] = "24";
 
-constexpr char serverConfigPath[] = "/opt/amnezia/openvpn/server.conf";
 constexpr char caCertPath[] = "/opt/amnezia/openvpn/pki/ca.crt";
 constexpr char clientCertPath[] = "/opt/amnezia/openvpn/pki/issued";
 constexpr char taKeyPath[] = "/opt/amnezia/openvpn/ta.key";

client/resources.qrc

@@ -84,10 +84,6 @@
         <file>ui/qml/Pages/PageAbout.qml</file>
         <file>ui/qml/Pages/PageQrDecoderIos.qml</file>
         <file>ui/qml/Pages/PageViewConfig.qml</file>
-        <file>ui/qml/Pages/PageClientManagement.qml</file>
-        <file>ui/qml/Pages/ClientInfo/PageClientInfoBase.qml</file>
-        <file>ui/qml/Pages/ClientInfo/PageClientInfoOpenVPN.qml</file>
-        <file>ui/qml/Pages/ClientInfo/PageClientInfoWireGuard.qml</file>
         <file>ui/qml/Pages/Protocols/PageProtoCloak.qml</file>
         <file>ui/qml/Pages/Protocols/PageProtoOpenVPN.qml</file>
         <file>ui/qml/Pages/Protocols/PageProtoShadowSocks.qml</file>

client/scripts/apple_compile.sh

@@ -0,0 +1,254 @@
+#!/bin/bash
+
+
+. $(dirname $0)/commons.sh
+
+if [ -f .env ]; then
+  . .env
+fi
+
+RELEASE=1
+OS=
+NETWORKEXTENSION=
+WORKINGDIR=`pwd`
+
+helpFunction() {
+  print G "Usage:"
+  print N "\t$0 <macos|ios|> [-d|--debug] [-n|--networkextension]"
+  print N ""
+  print N "By default, the project is compiled in release mode. Use -d or --debug for a debug build."
+  print N "Use -n or --networkextension to force the network-extension component for MacOS too."
+  print N ""
+  print N "If MVPN_IOS_ADJUST_TOKEN env is found, this will be used at compilation time."
+  print N ""
+  print G "Config variables:"
+  print N "\tQT_MACOS_BIN=</path/of/the/qt/bin/folder/for/macos>"
+  print N "\tQT_IOS_BIN=</path/of/the/qt/bin/folder/for/ios>"
+  print N ""
+  exit 0
+}
+
+print N "This script compiles AmneziaVPN for MacOS/iOS"
+print N ""
+
+while [[ $# -gt 0 ]]; do
+  key="$1"
+
+  case $key in
+  -d | --debug)
+    RELEASE=
+    shift
+    ;;
+  -n | --networkextension)
+    NETWORKEXTENSION=1
+    shift
+    ;;
+  -h | --help)
+    helpFunction
+    ;;
+  *)
+    if [[ "$OS" ]]; then
+      helpFunction
+    fi
+
+    OS=$1
+    shift
+    ;;
+  esac
+done
+
+fetch() {
+  if command -v "wget" &>/dev/null; then
+    wget -nc -O "$2" "$1"
+    return
+  fi
+
+  if command -v "curl" &>/dev/null; then
+    curl "$1" -o "$2" -s -L
+    return
+  fi
+
+  killProcess "You must have 'wget' or 'curl' installed."
+}
+
+sha256() {
+  if command -v "sha256sum" &>/dev/null; then
+    sha256sum "$1"
+    return 0
+  fi
+
+  if command -v "openssl" &>/dev/null; then
+    openssl dgst -sha256 "$1"
+    return 0
+  fi
+
+  killProcess "You must have 'sha256sum' or 'openssl' installed."
+}
+
+if [[ "$OS" != "macos" ]] && [[ "$OS" != "ios" ]] && [[ "$OS" != "macostest" ]]; then
+  helpFunction
+fi
+
+if [[ "$OS" == "ios" ]]; then
+  # Network-extension is the default for IOS
+  NETWORKEXTENSION=1
+fi
+
+if ! [ -d "ios" ] || ! [ -d "macos" ]; then
+  killProcess "This script must be executed at the root of the repository."
+fi
+
+QMAKE=qmake
+if [ "$OS" = "macos" ] && ! [ "$QT_MACOS_BIN" = "" ]; then
+  QMAKE=$QT_MACOS_BIN/qmake
+elif [ "$OS" = "macostest" ] && ! [ "$QT_MACOS_BIN" = "" ]; then
+  QMAKE=$QT_MACOS_BIN/qmake
+elif [ "$OS" = "ios" ] && ! [ "$QT_IOS_BIN" = "" ]; then
+  QMAKE=$QT_IOS_BIN/qmake
+fi
+
+$QMAKE -v &>/dev/null || killProcess "qmake doesn't exist or it fails"
+
+print Y "Retrieve the wireguard-go version... "
+if [ "$OS" = "macos" ]; then
+  (cd macos/gobridge && go list -m golang.zx2c4.com/wireguard | sed -n 's/.*v\([0-9.]*\).*/#define WIREGUARD_GO_VERSION "\1"/p') > macos/gobridge/wireguard-go-version.h
+elif [ "$OS" = "ios" ]; then
+  if [ ! -f 3rd/wireguard-apple/Sources/WireGuardKitGo/wireguard-go-version.h ]; then
+    print Y "Creating wireguard-go-version.h file"
+    touch 3rd/wireguard-apple/Sources/WireGuardKitGo/wireguard-go-version.h
+    cat <<EOF >> $WORKINGDIR/3rd/wireguard-apple/Sources/WireGuardKitGo/wireguard-go-version.h 
+#define WIREGUARD_GO_VERSION "0.0.0"
+EOF
+  fi
+  (cd 3rd/wireguard-apple/Sources/WireGuardKitGo && go list -m golang.zx2c4.com/wireguard | sed -n 's/.*v\([0-9.]*\).*/#define WIREGUARD_GO_VERSION "\1"/p') > 3rd/wireguard-apple/Sources/WireGuardKitGo/wireguard-go-version.h
+fi
+print G "done."
+
+printn Y "Cleaning the existing project... "
+rm -rf AmneziaVPN.xcodeproj/ || killProcess "Failed to remove things"
+print G "done."
+
+printn Y "Extract the project version... "
+SHORTVERSION=$(cat version.pri | grep VERSION | grep defined | cut -d= -f2 | tr -d \ )
+FULLVERSION=$(cat versionfull.pri | grep BUILDVERSION | grep defined | cut -d= -f2 | tr -d \ )
+print G "$SHORTVERSION - $FULLVERSION"
+
+MACOS_FLAGS="
+  QTPLUGIN+=qsvg
+  CONFIG-=static
+  CONFIG+=balrog
+"
+
+MACOSTEST_FLAGS="
+  QTPLUGIN+=qsvg
+  CONFIG-=static
+  CONFIG+=DUMMY
+"
+
+IOS_FLAGS="
+  Q_OS_IOS=1
+"
+
+printn Y "Mode: "
+if [[ "$RELEASE" ]]; then
+  print G "release"
+  MODE="CONFIG-=debug CONFIG+=release CONFIG-=debug_and_release"
+else
+  print G "debug"
+  MODE="CONFIG+=debug CONFIG-=release CONFIG-=debug_and_release"
+fi
+
+OSRUBY=$OS
+printn Y "OS: "
+print G "$OS"
+if [ "$OS" = "macos" ]; then
+  PLATFORM=$MACOS_FLAGS
+elif [ "$OS" = "macostest" ]; then
+  OSRUBY=macos
+  PLATFORM=$MACOSTEST_FLAGS
+elif [ "$OS" = "ios" ]; then
+  PLATFORM=$IOS_FLAGS
+else
+  killProcess "Why are we here?"
+fi
+
+VPNMODE=
+printn Y "VPN mode: "
+if [[ "$NETWORKEXTENSION" ]]; then
+  print G network-extension
+  VPNMODE="CONFIG+=networkextension"
+else
+  print G daemon
+fi
+
+printn Y "Web-Extension: "
+WEMODE=
+if [ "$OS" = "macos" ]; then
+  print G web-extension
+  WEMODE="CONFIG+=webextension"
+else
+  print G none
+fi
+
+if [ "$OS" = "ios" ]; then
+  print Y "Prepare to build OpenVPNAdapter..."
+  prepare_to_build_vpn
+  print Y "Building OpenVPNAdapter..."
+  compile_openvpn_adapter
+else
+  print Y "No OpenVPNAdapter will be built"
+fi
+
+if [ "$OS" = "ios" ]; then
+  print Y "Prepare to build ShadowSocks..."
+  prepare_to_build_ss
+  print Y "Patching the ShadowSocks project..."
+  patch_ss
+  ruby ../../scripts/ss_project_patcher.rb "ShadowSocks.xcodeproj"
+  print G "done."
+  print Y "Building ShadowSocks Framework..."
+  compile_ss_frameworks
+else
+  print Y "No ShadowSocket Library will be built"
+fi
+
+if [ "$OS" = "ios" ]; then
+  print Y "Prepare to build CocoaAsyncSocket..."
+  prepare_to_build_cas
+  print Y "Building CocoaAsyncSocket Framework..."
+  compile_cocoa_async_socket
+else
+  print Y "No CocoaAsyncSocket will be built"
+fi
+
+if [ "$OS" = "ios" ]; then
+  print Y "Prepare to build Tun2Socks..."
+  print Y "Building Tun2Socks Framework..."
+  compile_tun2socks
+else
+  print Y "No Tun2Socks will be built"
+fi
+
+print Y "Creating the Xcode project via qmake..."
+$QMAKE \
+  VERSION=$SHORTVERSION \
+  BUILD_ID=$FULLVERSION \
+  -spec macx-xcode \
+  $MODE \
+  $VPNMODE \
+  $WEMODE \
+  $PLATFORM \
+  ./client.pro || killProcess "Compilation failed"
+
+print Y "Patching the xcode project..."
+ruby scripts/xcode_patcher.rb "AmneziaVPN.xcodeproj" "$SHORTVERSION" "$FULLVERSION" "$OSRUBY" "$NETWORKEXTENSION" || killProcess "Failed to merge xcode with wireguard"
+print G "done."
+
+  if command -v "sed" &>/dev/null; then
+    sed -i '' '/<key>BuildSystemType<\/key>/d' AmneziaVPN.xcodeproj/project.xcworkspace/xcshareddata/WorkspaceSettings.xcsettings
+    sed -i '' '/<string>Original<\/string>/d' AmneziaVPN.xcodeproj/project.xcworkspace/xcshareddata/WorkspaceSettings.xcsettings
+  fi
+
+print G "All done!"
+print Y "Opening project in Xcode..."
+open AmneziaVPN.xcodeproj

client/scripts/build_phase_run_script.sh

@@ -0,0 +1,9 @@
+#!/bin/sh
+
+# add `@executable_path/../../Frameworks` to Runpath Search Paths in Build Settings of extension
+# put to run script phase in build phases for extension
+# Type a script or drag a script file from your workspace to insert its path.
+cd "${CONFIGURATION_BUILD_DIR}/${UNLOCALIZED_RESOURCES_FOLDER_PATH}/"
+if [[ -d "Frameworks" ]]; then 
+	rm -fr Frameworks
+fi

client/scripts/cas_ios.xcconfig

@@ -0,0 +1,18 @@
+SUPPORTED_PLATFORMS = iphoneos
+TARGETED_DEVICE_FAMILY = 1,2
+
+HEADER_SEARCH_PATHS = $(inherited) $(SRCROOT)/Source
+//CLANG_CXX_LANGUAGE_STANDARD = gnu++14
+//CLANG_CXX_LIBRARY = libc++
+
+////////////////////////////////////////////////////////////////////////////////
+//
+// iOS-specific settings
+//
+IPHONEOS_DEPLOYMENT_TARGET = 9.3
+
+SDKROOT[arch=arm64] = iphoneos
+SDKROOT[arch=armv7] = iphoneos
+SDKROOT[arch=armv7s] = iphoneos
+
+VALID_ARCHS[sdk=iphoneos*] = arm64

client/scripts/cl_ios.xcconfig

@@ -0,0 +1,18 @@
+SUPPORTED_PLATFORMS = iphoneos
+TARGETED_DEVICE_FAMILY = 1,2
+
+HEADER_SEARCH_PATHS = $(inherited) $(SRCROOT)/Sources
+//CLANG_CXX_LANGUAGE_STANDARD = gnu++14
+//CLANG_CXX_LIBRARY = libc++
+
+////////////////////////////////////////////////////////////////////////////////
+//
+// iOS-specific settings
+//
+IPHONEOS_DEPLOYMENT_TARGET = 9.3
+
+SDKROOT[arch=arm64] = iphoneos
+SDKROOT[arch=armv7] = iphoneos
+SDKROOT[arch=armv7s] = iphoneos
+
+VALID_ARCHS[sdk=iphoneos*] = arm64

client/scripts/codesign_framework.sh

@@ -0,0 +1,94 @@
+#!/bin/sh
+
+# WARNING: You may have to run Clean in Xcode after changing CODE_SIGN_IDENTITY! 
+
+# Verify that $CODE_SIGN_IDENTITY is set
+if [ -z "${CODE_SIGN_IDENTITY}" ] ; then
+    echo "CODE_SIGN_IDENTITY needs to be set for framework code-signing!"
+    
+    if [ "${CONFIGURATION}" = "Release" ] ; then
+        exit 1
+    else
+        # Code-signing is optional for non-release builds.
+        exit 0
+    fi
+fi
+
+if [ -z "${CODE_SIGN_ENTITLEMENTS}" ] ; then
+    echo "CODE_SIGN_ENTITLEMENTS needs to be set for framework code-signing!"
+    
+    if [ "${CONFIGURATION}" = "Release" ] ; then
+        exit 1
+    else
+        # Code-signing is optional for non-release builds.
+        exit 0
+    fi
+fi
+
+ITEMS=""
+
+FRAMEWORKS_DIR="${TARGET_BUILD_DIR}/${FRAMEWORKS_FOLDER_PATH}"
+if [ -d "$FRAMEWORKS_DIR" ] ; then
+    FRAMEWORKS=$(find "${FRAMEWORKS_DIR}" -depth -type d -name "*.framework" -or -name "*.dylib" -or -name "*.bundle" | sed -e "s/\(.*framework\)/\1\/Versions\/A\//")
+    RESULT=$?
+    if [[ $RESULT != 0 ]] ; then
+        exit 1
+    fi
+    
+    ITEMS="${FRAMEWORKS}"
+fi
+
+LOGINITEMS_DIR="${TARGET_BUILD_DIR}/${CONTENTS_FOLDER_PATH}/Library/LoginItems/"
+if [ -d "$LOGINITEMS_DIR" ] ; then
+    LOGINITEMS=$(find "${LOGINITEMS_DIR}" -depth -type d -name "*.app")
+    RESULT=$?
+    if [[ $RESULT != 0 ]] ; then
+        exit 1
+    fi
+    
+    ITEMS="${ITEMS}"$'\n'"${LOGINITEMS}"
+fi
+
+# Prefer the expanded name, if available.
+CODE_SIGN_IDENTITY_FOR_ITEMS="${EXPANDED_CODE_SIGN_IDENTITY_NAME}"
+if [ "${CODE_SIGN_IDENTITY_FOR_ITEMS}" = "" ] ; then
+    # Fall back to old behavior.
+    CODE_SIGN_IDENTITY_FOR_ITEMS="${CODE_SIGN_IDENTITY}"
+fi
+
+echo "Identity:"
+echo "${CODE_SIGN_IDENTITY_FOR_ITEMS}"
+
+echo "Entitlements:"
+echo "${CODE_SIGN_ENTITLEMENTS}"
+
+echo "Found:"
+echo "${ITEMS}"
+
+# Change the Internal Field Separator (IFS) so that spaces in paths will not cause problems below.
+SAVED_IFS=$IFS
+IFS=$(echo -en "\n\b")
+
+# Loop through all items.
+for ITEM in $ITEMS;
+do
+    echo "Signing '${ITEM}'"
+    codesign --force --verbose --sign "${CODE_SIGN_IDENTITY_FOR_ITEMS}" --entitlements "${CODE_SIGN_ENTITLEMENTS}" "${ITEM}"
+    RESULT=$?
+    if [[ $RESULT != 0 ]] ; then
+        echo "Failed to sign '${ITEM}'."
+        IFS=$SAVED_IFS
+        exit 1
+    fi
+done
+
+# Restore $IFS.
+IFS=$SAVED_IFS
+
+# Save it to a file in your project.
+# Mine is called codesign-frameworks.sh.
+# Add a “Run Script” build phase right after your “Copy Embedded Frameworks” build phase.
+# You can call it “Codesign Embedded Frameworks”.
+# Paste ./codesign-frameworks.sh (or whatever you called your script above) into the script editor text field.
+# Build your app. All bundled frameworks will be codesigned.
+# from http://stackoverflow.com/questions/7697508/how-do-you-codesign-framework-bundles-for-the-mac-app-store

client/scripts/commons.sh

@@ -0,0 +1,148 @@
+#!/bin/bash
+
+printv() {
+  if [ -t 1 ]; then
+    NCOLORS=$(tput colors)
+
+    if test -n "$NCOLORS" && test "$NCOLORS" -ge 8; then
+      NORMAL="$(tput sgr0)"
+      RED="$(tput setaf 1)"
+      GREEN="$(tput setaf 2)"
+      YELLOW="$(tput setaf 3)"
+    fi
+  fi
+
+  if [[ $2 = 'G' ]]; then
+    # shellcheck disable=SC2086
+    echo $1 -e "${GREEN}$3${NORMAL}"
+  elif [[ $2 = 'Y' ]]; then
+    # shellcheck disable=SC2086
+    echo $1 -e "${YELLOW}$3${NORMAL}"
+  elif [[ $2 = 'N' ]]; then
+    # shellcheck disable=SC2086
+    echo $1 -e "$3"
+  else
+    # shellcheck disable=SC2086
+    echo $1 -e "${RED}$3${NORMAL}"
+  fi
+}
+
+print() {
+  printv '' "$1" "$2"
+}
+
+printn() {
+  printv "-n" "$1" "$2"
+}
+
+error() {
+  printv '' R "$1"
+}
+
+XCODEBUILD="/usr/bin/xcodebuild"
+WORKINGDIR=`pwd`
+PATCH="/usr/bin/patch"
+export PATH=$GOPATH:$PATH
+
+prepare_to_build_vpn() {
+  cat $WORKINGDIR/3rd/OpenVPNAdapter/Configuration/Project.xcconfig > $WORKINGDIR/3rd/OpenVPNAdapter/Configuration/amnezia.xcconfig 
+  cat << EOF >> $WORKINGDIR/3rd/OpenVPNAdapter/Configuration/amnezia.xcconfig 
+  PROJECT_TEMP_DIR = $WORKINGDIR/3rd/OpenVPNAdapter/build/OpenVPNAdapter.build
+  CONFIGURATION_BUILD_DIR = $WORKINGDIR/3rd/OpenVPNAdapter/build/Release-iphoneos
+  BUILT_PRODUCTS_DIR = $WORKINGDIR/3rd/OpenVPNAdapter/build/Release-iphoneos  
+EOF
+}
+
+compile_openvpn_adapter() {
+  cd 3rd/OpenVPNAdapter
+  if $XCODEBUILD -scheme OpenVPNAdapter -configuration Release -xcconfig Configuration/amnezia.xcconfig -sdk iphoneos -destination 'generic/platform=iOS' -project OpenVPNAdapter.xcodeproj ; then
+    print Y "OpenVPNAdapter built successfully"
+  else
+    killProcess "OpenVPNAdapter build failed"
+  fi
+  cd ../../
+}
+
+prepare_to_build_ss() {
+  cat $WORKINGDIR/scripts/ss_ios.xcconfig > $WORKINGDIR/3rd/ShadowSocks/ss_ios.xcconfig
+  cat << EOF >> $WORKINGDIR/3rd/ShadowSocks/ss_ios.xcconfig 
+PROJECT_TEMP_DIR = $WORKINGDIR/3rd/ShadowSocks/build/ShadowSocks.build
+CONFIGURATION_BUILD_DIR = $WORKINGDIR/3rd/ShadowSocks/build/Release-iphoneos
+BUILT_PRODUCTS_DIR = $WORKINGDIR/3rd/ShadowSocks/build/Release-iphoneos  
+EOF
+}
+
+patch_ss() {
+  cd 3rd/ShadowSocks
+}
+
+compile_ss_frameworks() {
+  if $XCODEBUILD -scheme ShadowSocks -configuration Release -xcconfig ss_ios.xcconfig -sdk iphoneos -destination 'generic/platform=iOS' -project ShadowSocks.xcodeproj ; then
+    print Y "ShadowSocks built successfully"
+  else
+    killProcess "ShadowSocks build failed"
+  fi
+  cd ../../
+}
+
+prepare_to_build_cas() {
+  cat $WORKINGDIR/scripts/cas_ios.xcconfig > $WORKINGDIR/3rd/CocoaAsyncSocket/cas_ios.xcconfig
+  cat << EOF >> $WORKINGDIR/3rd/CocoaAsyncSocket/cas_ios.xcconfig
+PROJECT_TEMP_DIR = $WORKINGDIR/3rd/CocoaAsyncSocket/build/CocoaAsyncSocket.build
+CONFIGURATION_BUILD_DIR = $WORKINGDIR/3rd/CocoaAsyncSocket/build/Release-iphoneos
+BUILT_PRODUCTS_DIR = $WORKINGDIR/3rd/CocoaAsyncSocket/build/Release-iphoneos  
+EOF
+}
+
+compile_cocoa_async_socket() {
+  cd 3rd/CocoaAsyncSocket
+  if $XCODEBUILD -scheme 'iOS Framework' -configuration Release -xcconfig cas_ios.xcconfig -sdk iphoneos -destination 'generic/platform=iOS' -project CocoaAsyncSocket.xcodeproj ; then
+    print Y "CocoaAsyncSocket built successfully"
+  else
+    killProcess "CocoaAsyncSocket build failed"
+  fi
+  cd ../../
+}
+
+compile_tun2socks() {
+  cd 3rd/outline-go-tun2socks
+  go get -d ./...
+  go get -u golang.org/x/sys
+  if GOOS=ios GOARCH=arm64 GOFLAGS="-tags=ios" CC=iphoneos-clang CXX=iphoneos-clang++ CGO_CFLAGS="-isysroot iphoneos -miphoneos-version-min=12.0 -fembed-bitcode -arch arm64" CGO_CXXFLAGS="-isysroot iphoneos -miphoneos-version-min=12.0 -fembed-bitcode -arch arm64" CGO_LDFLAGS="-isysroot iphoneos -miphoneos-version-min=12.0 -fembed-bitcode -arch arm64" CGO_ENABLED=1 DARWIN_SDK=iphoneos gomobile bind -a -ldflags="-w -s" -bundleid org.amnezia.tun2socks -target=ios/arm64 -tags ios -o ./build/ios/Tun2Socks.xcframework github.com/Jigsaw-Code/outline-go-tun2socks/outline/apple github.com/Jigsaw-Code/outline-go-tun2socks/outline/shadowsocks ; then
+    print Y "Tun2Socks built successfully"
+  else
+    print "Please check that path to bin folder with gomobile is in your PATH"
+    print "Usually it's in GOPATH/bin, e.g. /usr/local/go/bin"
+    killProcess "Tun2Socks build failed"
+  fi
+  cd ../../
+}
+
+prepare_to_build_cl() {
+  cat $WORKINGDIR/scripts/cl_ios.xcconfig > $WORKINGDIR/3rd/CocoaLumberjack/cl_ios.xcconfig
+  cat << EOF >> $WORKINGDIR/3rd/CocoaLumberjack/cl_ios.xcconfig
+PROJECT_TEMP_DIR = $WORKINGDIR/3rd/CocoaLumberjack/build/CocoaLumberjack.build
+CONFIGURATION_BUILD_DIR = $WORKINGDIR/3rd/CocoaLumberjack/build/Release-iphoneos
+BUILT_PRODUCTS_DIR = $WORKINGDIR/3rd/CocoaLumberjack/build/Release-iphoneos  
+EOF
+}
+
+compile_cocoalamberjack() {
+  cd 3rd/CocoaLumberjack
+  if $XCODEBUILD -scheme 'CocoaLumberjack' -configuration Release -xcconfig cl_ios.xcconfig -sdk iphoneos -destination 'generic/platform=iOS' -project Lumberjack.xcodeproj ; then
+    print Y "CocoaLumberjack built successfully"
+  else
+    killProcess "CocoaLumberjack build failed"
+  fi
+  cd ../../
+}
+
+killProcess() {
+  if [[ "$1" ]]; then
+    error "$1"
+  else
+    error Failed
+  fi
+
+  exit 1
+}

client/scripts/pp_ios.xcconfig

@@ -0,0 +1,18 @@
+SUPPORTED_PLATFORMS = iphoneos
+TARGETED_DEVICE_FAMILY = 1,2
+
+HEADER_SEARCH_PATHS = $(inherited) $(SRCROOT)/PacketProcessor
+//CLANG_CXX_LANGUAGE_STANDARD = gnu++14
+//CLANG_CXX_LIBRARY = libc++
+
+////////////////////////////////////////////////////////////////////////////////
+//
+// iOS-specific settings
+//
+IPHONEOS_DEPLOYMENT_TARGET = 9.3
+
+SDKROOT[arch=arm64] = iphoneos
+SDKROOT[arch=armv7] = iphoneos
+SDKROOT[arch=armv7s] = iphoneos
+
+VALID_ARCHS[sdk=iphoneos*] = arm64

client/scripts/ss_ios.xcconfig

@@ -0,0 +1,20 @@
+SUPPORTED_PLATFORMS = iphoneos
+TARGETED_DEVICE_FAMILY = 1,2
+
+HEADER_SEARCH_PATHS = $(inherited) $(SRCROOT)/ShadowSocks
+//HEADER_SEARCH_PATHS = $(inherited) $(SRCROOT)/ShadowSocks $(SRCROOT)/ShadowSocks/libcares/include $(SRCROOT)/ShadowSocks/libev/arm64/include $(SRCROOT)/ShadowSocks/libsodium/include $(SRCROOT)/ShadowSocks/mbedtls/include $(SRCROOT)/ShadowSocks/pcre/arm64/include $(SRCROOT)/ShadowSocks/shadowsocks-libev/include
+
+//CLANG_CXX_LANGUAGE_STANDARD = gnu++14
+//CLANG_CXX_LIBRARY = libc++
+
+////////////////////////////////////////////////////////////////////////////////
+//
+// iOS-specific settings
+//
+IPHONEOS_DEPLOYMENT_TARGET = 9.3
+
+SDKROOT[arch=arm64] = iphoneos
+SDKROOT[arch=armv7] = iphoneos
+SDKROOT[arch=armv7s] = iphoneos
+
+VALID_ARCHS[sdk=iphoneos*] = arm64

client/scripts/ss_patch.diff

@@ -0,0 +1,87 @@
+diff --git a/ShadowPath/Privoxy/pcre/pcreposix.c b/ShadowPath/Privoxy/pcre/pcreposix.c
+--- a/ShadowPath/Privoxy/pcre/pcreposix.c
++++ b/ShadowPath/Privoxy/pcre/pcreposix.c
+@@ -146,13 +146,13 @@ message = (errcode >= (int)(sizeof(pstring)/sizeof(char *)))?
+ length = strlen(message) + 1;
+ 
+ addmessage = " at offset ";
+-addlength = (preg != NULL && (int)preg->re_erroffset != -1)?
++addlength = (preg != NULL && (int)preg->re_nsub != -1)?
+   strlen(addmessage) + 6 : 0;
+ 
+ if (errbuf_size > 0)
+   {
+   if (addlength > 0 && errbuf_size >= length + addlength)
+-    sprintf(errbuf, "%s%s%-6d", message, addmessage, (int)preg->re_erroffset);
++    sprintf(errbuf, "%s%s%-6d", message, addmessage, (int)preg->re_nsub);
+   else
+     {
+     strncpy(errbuf, message, errbuf_size - 1);
+@@ -173,7 +173,7 @@ return length + addlength;
+ void
+ pcre_regfree(regex_t *preg)
+ {
+-(pcre_free)(preg->re_pcre);
++(pcre_free)(preg->re_g);
+ }
+ 
+ 
+@@ -203,12 +203,12 @@ int options = 0;
+ if ((cflags & REG_ICASE) != 0) options |= PCRE_CASELESS;
+ if ((cflags & REG_NEWLINE) != 0) options |= PCRE_MULTILINE;
+ 
+-preg->re_pcre = pcre_compile(pattern, options, &errorptr, &erroffset, NULL);
+-preg->re_erroffset = erroffset;
++preg->re_g = pcre_compile(pattern, options, &errorptr, &erroffset, NULL);
++preg->re_nsub = erroffset;
+ 
+-if (preg->re_pcre == NULL) return pcre_posix_error_code(errorptr);
++if (preg->re_g == NULL) return pcre_posix_error_code(errorptr);
+ 
+-preg->re_nsub = pcre_info(preg->re_pcre, NULL, NULL);
++preg->re_nsub = pcre_info(preg->re_g, NULL, NULL);
+ return 0;
+ }
+ 
+@@ -235,7 +235,7 @@ int *ovector = NULL;
+ if ((eflags & REG_NOTBOL) != 0) options |= PCRE_NOTBOL;
+ if ((eflags & REG_NOTEOL) != 0) options |= PCRE_NOTEOL;
+ 
+-preg->re_erroffset = (size_t)(-1);   /* Only has meaning after compile */
++preg->re_nsub = (size_t)(-1);   /* Only has meaning after compile */
+ 
+ if (nmatch > 0)
+   {
+@@ -243,7 +243,7 @@ if (nmatch > 0)
+   if (ovector == NULL) return REG_ESPACE;
+   }
+ 
+-rc = pcre_exec(preg->re_pcre, NULL, string, (int)strlen(string), 0, options,
++rc = pcre_exec(preg->re_g, NULL, string, (int)strlen(string), 0, options,
+   ovector, nmatch * 3);
+ 
+ if (rc == 0) rc = nmatch;    /* All captured slots were filled in */
+diff --git a/ShadowPath/shadowsocks-libev/src/http.h b/ShadowPath/shadowsocks-libev/src/http.h
+index 914815a..e312dd3 100644
+--- a/ShadowPath/shadowsocks-libev/src/http.h
++++ b/ShadowPath/shadowsocks-libev/src/http.h
+@@ -29,6 +29,6 @@
+ #include <stdio.h>
+ #include "protocol.h"
+ 
+-const protocol_t *const http_protocol;
++extern const protocol_t *const http_protocol;
+ 
+ #endif
+diff --git a/ShadowPath/shadowsocks-libev/src/tls.h b/ShadowPath/shadowsocks-libev/src/tls.h
+index 3998913..ddbee11 100644
+--- a/ShadowPath/shadowsocks-libev/src/tls.h
++++ b/ShadowPath/shadowsocks-libev/src/tls.h
+@@ -28,6 +28,6 @@
+ 
+ #include "protocol.h"
+ 
+-const protocol_t *const tls_protocol;
++extern const protocol_t *const tls_protocol;
+ 
+ #endif

client/scripts/ss_project_patcher.rb

@@ -0,0 +1,55 @@
+#!/usr/bin/ruby
+
+require 'xcodeproj'
+
+class SSPatcher
+	attr :project
+	attr :target_main
+	
+	def run(file)
+		open_project file
+		open_target_main
+		
+		patch_main_target
+		
+		@project.save
+	end
+	
+	def open_project(file)
+		@project = Xcodeproj::Project.open(file)
+		die 'Failed to open the project file: ' + file if @project.nil?
+	end
+	
+	def open_target_main
+		@target_main = @project.native_targets
+						.select { |target| target.name == 'ShadowSocks' }
+						.first
+		return @target_main if not @target_main.nil?
+		
+		die 'Unable to open ShadowSocks target'
+	end
+	
+	def patch_main_target
+	    @target_main.resources_build_phase.files.each do |f| 
+			puts f.display_name
+			if f.display_name === "LICENSE"
+				f.remove_from_project
+			end
+		end
+	end
+	
+	def die(msg)
+		print $msg
+		exit 1
+	end
+end
+
+if ARGV.length < 1
+	puts "Usage: <script> project_file"
+	exit 1
+end
+
+
+r = SSPatcher.new
+r.run ARGV[0]
+exit 0

client/scripts/xcode_patcher.rb

@@ -0,0 +1,624 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+require 'xcodeproj'
+
+class XCodeprojPatcher
+  attr :project
+  attr :target_main
+  attr :target_extension
+
+  def run(file, shortVersion, fullVersion, platform, networkExtension, configHash)
+    open_project file
+    setup_project
+    open_target_main
+    
+    die 'IOS requires networkExtension mode' if not networkExtension and platform == 'ios'
+
+    group = @project.main_group.new_group('Configuration')
+    @configFile = group.new_file('xcode.xconfig')
+
+    setup_target_main shortVersion, fullVersion, platform, networkExtension, configHash
+
+    if networkExtension
+      setup_target_extension shortVersion, fullVersion, platform, configHash
+      setup_target_gobridge platform
+    else
+      setup_target_wireguardgo
+      setup_target_wireguardtools
+    end
+
+    setup_target_balrog if platform == 'macos'
+
+    @project.save
+  end
+
+  def open_project(file)
+    @project = Xcodeproj::Project.open(file)
+    die 'Failed to open the project file: ' + file if @project.nil?
+  end
+  
+  def setup_project
+    @project.build_configurations.each do |config|
+      config.build_settings['SYMROOT'] = 'build'
+    end
+  end
+
+  def open_target_main
+    @target_main = @project.targets.find { |target| target.to_s == 'AmneziaVPN' }
+    return @target_main if not @target_main.nil?
+
+    die 'Unable to open AmneziaVPN target'
+  end
+  
+
+  def setup_target_main(shortVersion, fullVersion, platform, networkExtension, configHash)
+    @target_main.build_configurations.each do |config|
+      config.base_configuration_reference = @configFile
+
+      config.build_settings['LD_RUNPATH_SEARCH_PATHS'] ||= '"$(inherited) @executable_path/../Frameworks"'
+      config.build_settings['SWIFT_VERSION'] ||= '5.0'
+      config.build_settings['CLANG_ENABLE_MODULES'] ||= 'YES'
+      config.build_settings['SWIFT_OBJC_BRIDGING_HEADER'] ||= 'macos/app/WireGuard-Bridging-Header.h'
+      config.build_settings['FRAMEWORK_SEARCH_PATHS'] ||= [
+        "$(inherited)",
+        "$(PROJECT_DIR)/3rd",
+        "$(PROJECT_DIR)/3rd/OpenVPNAdapter/build/Release-iphoneos",
+        "$(PROJECT_DIR)/3rd/ShadowSocks/build/Release-iphoneos",
+        "$(PROJECT_DIR)/3rd/outline-go-tun2socks/build/ios",
+        "${PROJECT_DIR}/3rd/CocoaAsyncSocket/build/Release-iphoneos",
+      ]
+
+      # Versions and names
+      config.build_settings['MARKETING_VERSION'] ||= shortVersion
+      config.build_settings['CURRENT_PROJECT_VERSION'] ||= fullVersion
+      config.build_settings['PRODUCT_BUNDLE_IDENTIFIER'] = configHash['APP_ID_MACOS'] if platform == 'macos'
+      config.build_settings['PRODUCT_BUNDLE_IDENTIFIER'] = configHash['APP_ID_IOS'] if platform == 'ios'
+      config.build_settings['PRODUCT_NAME'] = 'AmneziaVPN'
+      config.build_settings['SYMROOT'] = 'build'
+      config.build_settings['ASSETCATALOG_COMPILER_APPICON_NAME'] = 'AppIcon'
+
+      # other config
+      config.build_settings['INFOPLIST_FILE'] ||= platform + '/app/Info.plist'
+      if platform == 'ios'
+        config.build_settings['CODE_SIGN_ENTITLEMENTS'] ||= 'ios/app/main.entitlements'
+      elsif networkExtension
+        config.build_settings['CODE_SIGN_ENTITLEMENTS'] ||= 'macos/app/app.entitlements'
+      else
+        config.build_settings['CODE_SIGN_ENTITLEMENTS'] ||= 'macos/app/daemon.entitlements'
+      end
+
+      config.build_settings['CODE_SIGN_IDENTITY'] ||= 'Apple Development'
+      config.build_settings['ENABLE_BITCODE'] ||= 'NO' if platform == 'ios'
+      config.build_settings['SDKROOT'] = 'iphoneos' if platform == 'ios'
+      config.build_settings['SWIFT_PRECOMPILE_BRIDGING_HEADER'] = 'NO' if platform == 'ios'
+      config.build_settings['PATH'] = '${PATH}:/opt/local/bin:/usr/local/go/bin:/usr/local/bin:/opt/homebrew/bin'
+
+      groupId = "";
+      if (platform == 'macos')
+        groupId = configHash['DEVELOPMENT_TEAM'] + "." + configHash['GROUP_ID_MACOS']
+        config.build_settings['APP_ID_MACOS'] ||= configHash['APP_ID_MACOS']
+      else
+        groupId = configHash['GROUP_ID_IOS']
+        config.build_settings['GROUP_ID_IOS'] ||= configHash['GROUP_ID_IOS']
+        # Force xcode to not set QT_LIBRARY_SUFFIX to "_debug", which causes crash
+        config.build_settings['QT_LIBRARY_SUFFIX'] = ""
+      end
+
+      config.build_settings['GCC_PREPROCESSOR_DEFINITIONS'] ||= [
+        'GROUP_ID=\"' + groupId + '\"',
+        "VPN_NE_BUNDLEID=\\\"" + (platform == 'macos' ? configHash['NETEXT_ID_MACOS'] : configHash['NETEXT_ID_IOS']) + "\\\"",
+      ]
+
+      if config.name == 'Release'
+        config.build_settings['SWIFT_OPTIMIZATION_LEVEL'] ||= '-Onone'
+      end
+    end
+    
+    # add assets to main target
+    assets_group = @project.main_group.new_group('Assets')
+    
+    assets_path = 'ios/Media.xcassets'
+    assets_ref = assets_group.new_reference(assets_path, :group)
+    @target_main.add_resources([assets_ref])
+
+    if networkExtension
+      # WireGuard group
+      group = @project.main_group.new_group('WireGuard')
+
+      version_file_path = platform == 'ios' ? '3rd/wireguard-apple/Sources/WireGuardKitGo/wireguard-go-version.h' : 'macos/gobridge/wireguard-go-version.h'
+
+      [
+        version_file_path,
+        '3rd/wireguard-apple/Sources/Shared/Keychain.swift',
+        '3rd/wireguard-apple/Sources/WireGuardKit/IPAddressRange.swift',
+        '3rd/wireguard-apple/Sources/WireGuardKit/InterfaceConfiguration.swift',
+        '3rd/wireguard-apple/Sources/Shared/Model/NETunnelProviderProtocol+Extension.swift',
+        '3rd/wireguard-apple/Sources/WireGuardKit/TunnelConfiguration.swift',
+        '3rd/wireguard-apple/Sources/Shared/Model/TunnelConfiguration+WgQuickConfig.swift',
+        '3rd/wireguard-apple/Sources/WireGuardKit/Endpoint.swift',
+        '3rd/wireguard-apple/Sources/Shared/Model/String+ArrayConversion.swift',
+        '3rd/wireguard-apple/Sources/WireGuardKit/PeerConfiguration.swift',
+        '3rd/wireguard-apple/Sources/WireGuardKit/DNSServer.swift',
+        '3rd/wireguard-apple/Sources/WireGuardApp/LocalizationHelper.swift',
+        '3rd/wireguard-apple/Sources/Shared/FileManager+Extension.swift',
+        '3rd/wireguard-apple/Sources/WireGuardKitC/x25519.c',
+        '3rd/wireguard-apple/Sources/WireGuardKit/PrivateKey.swift',
+      ].each { |filename|
+        file = group.new_file(filename)
+        @target_main.add_file_references([file])
+      }
+
+      # @target_main + swift integration
+      group = @project.main_group.new_group('SwiftMainIntegration')
+
+      [
+        'platforms/ios/iosvpnprotocol.swift',
+        'platforms/ios/ioslogger.swift',
+      ].each { |filename|
+        file = group.new_file(filename)
+        @target_main.add_file_references([file])
+      }
+    end
+
+    if(platform == 'ios')
+
+      frameworks_group = @project.groups.find { |group| group.display_name == 'Frameworks' }
+      frameworks_build_phase = @target_main.build_phases.find { |build_phase| build_phase.to_s == 'FrameworksBuildPhase' }
+
+      embed_frameworks_build_phase = project.new(Xcodeproj::Project::Object::PBXCopyFilesBuildPhase)
+      embed_frameworks_build_phase.name = 'Embed Frameworks'
+      embed_frameworks_build_phase.symbol_dst_subfolder_spec = :frameworks
+      @target_main.build_phases << embed_frameworks_build_phase
+
+      framework_ref = frameworks_group.new_file('3rd/OpenVPNAdapter/build/Release-iphoneos/OpenVPNAdapter.framework')
+      build_file = embed_frameworks_build_phase.add_file_reference(framework_ref)
+
+      frameworks_build_phase.add_file_reference(framework_ref)   
+      build_file.settings = { 'ATTRIBUTES' => ['CodeSignOnCopy', 'RemoveHeadersOnCopy'] }
+    end
+
+  end
+
+  def setup_target_extension(shortVersion, fullVersion, platform, configHash)
+    @target_extension = @project.new_target(:app_extension, 'WireGuardNetworkExtension', platform == 'macos' ? :osx : :ios)
+
+    @target_extension.build_configurations.each do |config|
+      config.base_configuration_reference = @configFile
+
+      config.build_settings['LD_RUNPATH_SEARCH_PATHS'] ||= [
+        '$(inherited)',
+        '@executable_path/../Frameworks',
+        '@executable_path/../../Frameworks'
+      ]
+      config.build_settings['SWIFT_VERSION'] ||= '5.0'
+      config.build_settings['CLANG_ENABLE_MODULES'] ||= 'YES'
+      config.build_settings['SWIFT_OBJC_BRIDGING_HEADER'] ||= 'macos/networkextension/WireGuardNetworkExtension-Bridging-Header.h'
+      config.build_settings['SWIFT_PRECOMPILE_BRIDGING_HEADER'] = 'NO'
+      config.build_settings['APPLICATION_EXTENSION_API_ONLY'] = 'YES'
+      config.build_settings['STRIP_BITCODE_FROM_COPIED_FILES'] = 'NO'
+      config.build_settings['FRAMEWORK_SEARCH_PATHS'] ||= [
+        "$(inherited)",
+        "$(PROJECT_DIR)/3rd",
+        "$(PROJECT_DIR)/3rd/OpenVPNAdapter/build/Release-iphoneos",
+        "$(PROJECT_DIR)/3rd/libleaf/lib",
+        "$(PROJECT_DIR)/3rd/ShadowSocks/build/Release-iphoneos",
+        "$(PROJECT_DIR)/3rd/outline-go-tun2socks/build/ios",
+        "${PROJECT_DIR}/3rd/CocoaAsyncSocket/build/Release-iphoneos",
+      ]
+
+      # Versions and names
+      config.build_settings['MARKETING_VERSION'] ||= shortVersion
+      config.build_settings['CURRENT_PROJECT_VERSION'] ||= fullVersion
+      config.build_settings['PRODUCT_BUNDLE_IDENTIFIER'] ||= configHash['NETEXT_ID_MACOS'] if platform == 'macos'
+      config.build_settings['PRODUCT_BUNDLE_IDENTIFIER'] ||= configHash['NETEXT_ID_IOS'] if platform == 'ios'
+      config.build_settings['PRODUCT_NAME'] = 'WireGuardNetworkExtension'
+
+      # other configs
+      config.build_settings['INFOPLIST_FILE'] ||= 'macos/networkextension/Info.plist'
+      config.build_settings['CODE_SIGN_ENTITLEMENTS'] ||= platform + '/networkextension/AmneziaVPNNetworkExtension.entitlements'
+      config.build_settings['CODE_SIGN_IDENTITY'] = 'Apple Development'
+
+      if platform == 'ios'
+        config.build_settings['ENABLE_BITCODE'] ||= 'NO'
+        config.build_settings['SDKROOT'] = 'iphoneos'
+
+        config.build_settings['OTHER_LDFLAGS'] ||= [
+          "-stdlib=libc++",
+          "-Wl,-rpath,@executable_path/Frameworks",
+          "-framework",
+          "AssetsLibrary",
+          "-framework",
+          "MobileCoreServices",
+          "-lm",
+          "-framework",
+          "UIKit",
+          "-lz",
+          "-framework",
+          "OpenGLES",
+        ]
+        config.build_settings['PATH'] = '${PATH}:/opt/local/bin:/usr/local/go/bin'
+      end
+
+      groupId = "";
+      if (platform == 'macos')
+        groupId = configHash['DEVELOPMENT_TEAM'] + "." + configHash['GROUP_ID_MACOS']
+      else
+        groupId = configHash['GROUP_ID_IOS']
+      end
+
+      config.build_settings['GCC_PREPROCESSOR_DEFINITIONS'] ||= [
+        # This is needed to compile the iosglue without Qt.
+        'NETWORK_EXTENSION=1',
+        'GROUP_ID=\"' + groupId + '\"',
+      ]
+
+      if config.name == 'Release'
+        config.build_settings['SWIFT_OPTIMIZATION_LEVEL'] ||= '-Onone'
+      end
+
+    end
+
+    group = @project.main_group.new_group('WireGuardExtension')
+    [
+      '3rd/wireguard-apple/Sources/WireGuardKit/WireGuardAdapter.swift',
+      '3rd/wireguard-apple/Sources/WireGuardKit/PacketTunnelSettingsGenerator.swift',
+      '3rd/wireguard-apple/Sources/WireGuardKit/DNSResolver.swift',
+      '3rd/wireguard-apple/Sources/WireGuardNetworkExtension/ErrorNotifier.swift',
+      '3rd/wireguard-apple/Sources/Shared/Keychain.swift',
+      '3rd/wireguard-apple/Sources/Shared/Model/TunnelConfiguration+WgQuickConfig.swift',
+      '3rd/wireguard-apple/Sources/Shared/Model/NETunnelProviderProtocol+Extension.swift',
+      '3rd/wireguard-apple/Sources/Shared/Model/String+ArrayConversion.swift',
+      '3rd/wireguard-apple/Sources/WireGuardKit/TunnelConfiguration.swift',
+      '3rd/wireguard-apple/Sources/WireGuardKit/IPAddressRange.swift',
+      '3rd/wireguard-apple/Sources/WireGuardKit/Endpoint.swift',
+      '3rd/wireguard-apple/Sources/WireGuardKit/DNSServer.swift',
+      '3rd/wireguard-apple/Sources/WireGuardKit/InterfaceConfiguration.swift',
+      '3rd/wireguard-apple/Sources/WireGuardKit/PeerConfiguration.swift',
+      '3rd/wireguard-apple/Sources/Shared/FileManager+Extension.swift',
+      '3rd/wireguard-apple/Sources/WireGuardKitC/x25519.c',
+      '3rd/wireguard-apple/Sources/WireGuardKit/Array+ConcurrentMap.swift',
+      '3rd/wireguard-apple/Sources/WireGuardKit/IPAddress+AddrInfo.swift',
+      '3rd/wireguard-apple/Sources/WireGuardKit/PrivateKey.swift',
+    ].each { |filename|
+      file = group.new_file(filename)
+      @target_extension.add_file_references([file])
+    }
+    # @target_extension + swift integration
+    group = @project.main_group.new_group('SwiftExtensionIntegration')
+
+    [
+      'platforms/ios/iostunnel.swift',
+      'platforms/ios/ioslogger.swift',
+      'platforms/ios/iosinterface.swift',
+      'platforms/ios/iosglue.mm',
+    ].each { |filename|
+      file = group.new_file(filename)
+      @target_extension.add_file_references([file])
+    }
+
+    frameworks_group = @project.groups.find { |group| group.display_name == 'Frameworks' }
+    frameworks_build_phase = @target_extension.build_phases.find { |build_phase| build_phase.to_s == 'FrameworksBuildPhase' }
+
+    frameworks_build_phase.clear
+
+    framework_ref = frameworks_group.new_file('libwg-go.a')
+    frameworks_build_phase.add_file_reference(framework_ref)
+
+    framework_ref = frameworks_group.new_file('NetworkExtension.framework')
+    frameworks_build_phase.add_file_reference(framework_ref)
+    
+    # This fails: @target_main.add_dependency @target_extension
+    container_proxy = @project.new(Xcodeproj::Project::PBXContainerItemProxy)
+    container_proxy.container_portal = @project.root_object.uuid
+    container_proxy.proxy_type = Xcodeproj::Constants::PROXY_TYPES[:native_target]
+    container_proxy.remote_global_id_string = @target_extension.uuid
+    container_proxy.remote_info = @target_extension.name
+
+    dependency = @project.new(Xcodeproj::Project::PBXTargetDependency)
+    dependency.name = @target_extension.name
+    dependency.target = @target_main
+    dependency.target_proxy = container_proxy
+
+    @target_main.dependencies << dependency
+
+    copy_appex = @target_main.new_copy_files_build_phase
+    copy_appex.name = 'Copy Network-Extension plugin'
+    copy_appex.symbol_dst_subfolder_spec = :plug_ins
+
+    appex_file = copy_appex.add_file_reference @target_extension.product_reference
+    appex_file.settings = { "ATTRIBUTES" => ['RemoveHeadersOnCopy'] }
+  end
+
+  def setup_target_gobridge(platform)
+    target_gobridge = legacy_target = @project.new(Xcodeproj::Project::PBXLegacyTarget)
+
+    bridge_platofrm = platform == 'ios' ? 'iOS' : 'macOS'
+
+    target_gobridge.build_working_directory = platform == 'ios' ? '3rd/wireguard-apple/Sources/WireGuardKitGo' : 'macos/gobridge'
+    target_gobridge.build_tool_path = 'make'
+    target_gobridge.pass_build_settings_in_environment = '1'
+    target_gobridge.build_arguments_string = '$(ACTION)'
+    target_gobridge.name = "WireGuardGoBridge<#{bridge_platofrm}>"
+    target_gobridge.product_name = "WireGuardGoBridge<#{bridge_platofrm}>"
+
+    @project.targets << target_gobridge
+    @target_extension.add_dependency target_gobridge
+  end
+
+  def setup_target_balrog
+    target_balrog = legacy_target = @project.new(Xcodeproj::Project::PBXLegacyTarget)
+
+    target_balrog.build_working_directory = 'balrog'
+    target_balrog.build_tool_path = 'make'
+    target_balrog.pass_build_settings_in_environment = '1'
+    target_balrog.build_arguments_string = '$(ACTION)'
+    target_balrog.name = 'WireGuardBalrog'
+    target_balrog.product_name = 'WireGuardBalrog'
+
+    @project.targets << target_balrog
+
+    frameworks_group = @project.groups.find { |group| group.display_name == 'Frameworks' }
+    frameworks_build_phase = @target_main.build_phases.find { |build_phase| build_phase.to_s == 'FrameworksBuildPhase' }
+
+    framework_ref = frameworks_group.new_file('balrog/balrog.a')
+    frameworks_build_phase.add_file_reference(framework_ref)
+
+
+    # This fails: @target_main.add_dependency target_balrog
+    container_proxy = @project.new(Xcodeproj::Project::PBXContainerItemProxy)
+    container_proxy.container_portal = @project.root_object.uuid
+    container_proxy.proxy_type = Xcodeproj::Constants::PROXY_TYPES[:native_target]
+    container_proxy.remote_global_id_string = target_balrog.uuid
+    container_proxy.remote_info = target_balrog.name
+
+    dependency = @project.new(Xcodeproj::Project::PBXTargetDependency)
+    dependency.name = target_balrog.name
+    dependency.target = @target_main
+    dependency.target_proxy = container_proxy
+
+    @target_main.dependencies << dependency
+  end
+
+  def setup_target_wireguardtools
+    target_wireguardtools = legacy_target = @project.new(Xcodeproj::Project::PBXLegacyTarget)
+
+    target_wireguardtools.build_working_directory = '3rd/wireguard-tools/src'
+    target_wireguardtools.build_tool_path = 'make'
+    target_wireguardtools.pass_build_settings_in_environment = '1'
+    target_wireguardtools.build_arguments_string = '$(ACTION)'
+    target_wireguardtools.name = 'WireGuardTools'
+    target_wireguardtools.product_name = 'WireGuardTools'
+
+    @project.targets << target_wireguardtools
+
+    # This fails: @target_main.add_dependency target_wireguardtools
+    container_proxy = @project.new(Xcodeproj::Project::PBXContainerItemProxy)
+    container_proxy.container_portal = @project.root_object.uuid
+    container_proxy.proxy_type = Xcodeproj::Constants::PROXY_TYPES[:native_target]
+    container_proxy.remote_global_id_string = target_wireguardtools.uuid
+    container_proxy.remote_info = target_wireguardtools.name
+
+    dependency = @project.new(Xcodeproj::Project::PBXTargetDependency)
+    dependency.name = target_wireguardtools.name
+    dependency.target = @target_main
+    dependency.target_proxy = container_proxy
+
+    @target_main.dependencies << dependency
+
+    copy_wireguardTools = @target_main.new_copy_files_build_phase
+    copy_wireguardTools.name = 'Copy wireguard-tools'
+    copy_wireguardTools.symbol_dst_subfolder_spec = :wrapper
+    copy_wireguardTools.dst_path = 'Contents/Resources/utils'
+
+    group = @project.main_group.new_group('WireGuardTools')
+    file = group.new_file '3rd/wireguard-tools/src/wg'
+
+    wireguardTools_file = copy_wireguardTools.add_file_reference file
+    wireguardTools_file.settings = { "ATTRIBUTES" => ['RemoveHeadersOnCopy'] }
+  end
+
+  def setup_target_wireguardgo
+    target_wireguardgo = legacy_target = @project.new(Xcodeproj::Project::PBXLegacyTarget)
+
+    target_wireguardgo.build_working_directory = '3rd/wireguard-go'
+    target_wireguardgo.build_tool_path = 'make'
+    target_wireguardgo.pass_build_settings_in_environment = '1'
+    target_wireguardgo.build_arguments_string = '$(ACTION)'
+    target_wireguardgo.name = 'WireGuardGo'
+    target_wireguardgo.product_name = 'WireGuardGo'
+
+    @project.targets << target_wireguardgo
+
+    # This fails: @target_main.add_dependency target_wireguardgo
+    container_proxy = @project.new(Xcodeproj::Project::PBXContainerItemProxy)
+    container_proxy.container_portal = @project.root_object.uuid
+    container_proxy.proxy_type = Xcodeproj::Constants::PROXY_TYPES[:native_target]
+    container_proxy.remote_global_id_string = target_wireguardgo.uuid
+    container_proxy.remote_info = target_wireguardgo.name
+
+    dependency = @project.new(Xcodeproj::Project::PBXTargetDependency)
+    dependency.name = target_wireguardgo.name
+    dependency.target = @target_main
+    dependency.target_proxy = container_proxy
+
+    @target_main.dependencies << dependency
+
+    copy_wireguardGo = @target_main.new_copy_files_build_phase
+    copy_wireguardGo.name = 'Copy wireguard-go'
+    copy_wireguardGo.symbol_dst_subfolder_spec = :wrapper
+    copy_wireguardGo.dst_path = 'Contents/Resources/utils'
+
+    group = @project.main_group.new_group('WireGuardGo')
+    file = group.new_file '3rd/wireguard-go/wireguard-go'
+
+    wireguardGo_file = copy_wireguardGo.add_file_reference file
+    wireguardGo_file.settings = { "ATTRIBUTES" => ['RemoveHeadersOnCopy'] }
+  end
+
+  def setup_target_loginitem(shortVersion, fullVersion, configHash)
+    @target_loginitem = @project.new_target(:application, 'AmneziaVPNLoginItem', :osx)
+
+    @target_loginitem.build_configurations.each do |config|
+      config.base_configuration_reference = @configFile
+
+      config.build_settings['LD_RUNPATH_SEARCH_PATHS'] ||= '"$(inherited) @executable_path/../Frameworks"'
+
+      # Versions and names
+      config.build_settings['MARKETING_VERSION'] ||= shortVersion
+      config.build_settings['CURRENT_PROJECT_VERSION'] ||= fullVersion
+      config.build_settings['PRODUCT_BUNDLE_IDENTIFIER'] ||= configHash['LOGIN_ID_MACOS']
+      config.build_settings['PRODUCT_NAME'] = 'AmneziaVPNLoginItem'
+
+      # other configs
+      config.build_settings['INFOPLIST_FILE'] ||= 'macos/loginitem/Info.plist'
+      config.build_settings['CODE_SIGN_ENTITLEMENTS'] ||= 'macos/loginitem/MozillaVPNLoginItem.entitlements'  #TODO need to check this
+      config.build_settings['CODE_SIGN_IDENTITY'] = 'Apple Development'
+      config.build_settings['SKIP_INSTALL'] = 'YES'
+
+      config.build_settings['GCC_PREPROCESSOR_DEFINITIONS'] ||= [
+        'APP_ID=\"' + configHash['APP_ID_MACOS'] + '\"',
+      ]
+
+      if config.name == 'Release'
+        config.build_settings['SWIFT_OPTIMIZATION_LEVEL'] ||= '-Onone'
+      end
+    end
+
+    group = @project.main_group.new_group('LoginItem')
+    [
+      'macos/loginitem/main.m',
+    ].each { |filename|
+      file = group.new_file(filename)
+      @target_loginitem.add_file_references([file])
+    }
+
+    # This fails: @target_main.add_dependency @target_loginitem
+    container_proxy = @project.new(Xcodeproj::Project::PBXContainerItemProxy)
+    container_proxy.container_portal = @project.root_object.uuid
+    container_proxy.proxy_type = Xcodeproj::Constants::PROXY_TYPES[:native_target]
+    container_proxy.remote_global_id_string = @target_loginitem.uuid
+    container_proxy.remote_info = @target_loginitem.name
+
+    dependency = @project.new(Xcodeproj::Project::PBXTargetDependency)
+    dependency.name = @target_loginitem.name
+    dependency.target = @target_main
+    dependency.target_proxy = container_proxy
+
+    @target_main.dependencies << dependency
+
+    copy_app = @target_main.new_copy_files_build_phase
+    copy_app.name = 'Copy LoginItem'
+    copy_app.symbol_dst_subfolder_spec = :wrapper
+    copy_app.dst_path = 'Contents/Library/LoginItems'
+
+    app_file = copy_app.add_file_reference @target_loginitem.product_reference
+    app_file.settings = { "ATTRIBUTES" => ['RemoveHeadersOnCopy'] }
+  end
+
+  def setup_target_nativemessaging(shortVersion, fullVersion, configHash)
+    @target_nativemessaging = @project.new_target(:application, 'AmneziaVPNNativeMessaging', :osx)
+
+    @target_nativemessaging.build_configurations.each do |config|
+      config.base_configuration_reference = @configFile
+
+      config.build_settings['LD_RUNPATH_SEARCH_PATHS'] ||= '"$(inherited) @executable_path/../Frameworks"'
+
+      # Versions and names
+      config.build_settings['MARKETING_VERSION'] ||= shortVersion
+      config.build_settings['CURRENT_PROJECT_VERSION'] ||= fullVersion
+      config.build_settings['PRODUCT_BUNDLE_IDENTIFIER'] ||= configHash['NATIVEMESSAGING_ID_MACOS']
+      config.build_settings['PRODUCT_NAME'] = 'AmneziaVPNNativeMessaging'
+
+      # other configs
+      config.build_settings['INFOPLIST_FILE'] ||= 'macos/nativeMessaging/Info.plist'
+      config.build_settings['CODE_SIGN_ENTITLEMENTS'] ||= 'macos/nativeMessaging/MozillaVPNNativeMessaging.entitlements'
+      config.build_settings['CODE_SIGN_IDENTITY'] = 'Apple Development'
+      config.build_settings['SKIP_INSTALL'] = 'YES'
+    end
+
+    group = @project.main_group.new_group('NativeMessaging')
+    [
+      'extension/app/constants.h',
+      'extension/app/handler.cpp',
+      'extension/app/handler.h',
+      'extension/app/json.hpp',
+      'extension/app/logger.cpp',
+      'extension/app/logger.h',
+      'extension/app/main.cpp',
+      'extension/app/vpnconnection.cpp',
+      'extension/app/vpnconnection.h',
+    ].each { |filename|
+      file = group.new_file(filename)
+      @target_nativemessaging.add_file_references([file])
+    }
+
+    # This fails: @target_main.add_dependency @target_nativemessaging
+    container_proxy = @project.new(Xcodeproj::Project::PBXContainerItemProxy)
+    container_proxy.container_portal = @project.root_object.uuid
+    container_proxy.proxy_type = Xcodeproj::Constants::PROXY_TYPES[:native_target]
+    container_proxy.remote_global_id_string = @target_nativemessaging.uuid
+    container_proxy.remote_info = @target_nativemessaging.name
+
+    dependency = @project.new(Xcodeproj::Project::PBXTargetDependency)
+    dependency.name = @target_nativemessaging.name
+    dependency.target = @target_main
+    dependency.target_proxy = container_proxy
+
+    @target_main.dependencies << dependency
+
+    copy_app = @target_main.new_copy_files_build_phase
+    copy_app.name = 'Copy LoginItem'
+    copy_app.symbol_dst_subfolder_spec = :wrapper
+    copy_app.dst_path = 'Contents/Library/NativeMessaging'
+
+    app_file = copy_app.add_file_reference @target_nativemessaging.product_reference
+    app_file.settings = { "ATTRIBUTES" => ['RemoveHeadersOnCopy'] }
+
+    copy_nativeMessagingManifest = @target_main.new_copy_files_build_phase
+    copy_nativeMessagingManifest.name = 'Copy native messaging manifest'
+    copy_nativeMessagingManifest.symbol_dst_subfolder_spec = :wrapper
+    copy_nativeMessagingManifest.dst_path = 'Contents/Resources/utils'
+
+    group = @project.main_group.new_group('WireGuardHelper')
+    file = group.new_file 'extension/app/manifests/macos/mozillavpn.json' #TODO Need to check this
+
+    nativeMessagingManifest_file = copy_nativeMessagingManifest.add_file_reference file
+    nativeMessagingManifest_file.settings = { "ATTRIBUTES" => ['RemoveHeadersOnCopy'] }
+  end
+
+  def die(msg)
+   print $msg
+   exit 1
+  end
+end
+
+if ARGV.length < 4 || (ARGV[3] != "ios" && ARGV[3] != "macos")
+  puts "Usage: <script> project_file shortVersion fullVersion ios/macos"
+  exit 1
+end
+
+if !File.exist?("xcode.xconfig")
+  puts "xcode.xconfig file is required! See the template file."
+  exit 1
+end
+
+config = Hash.new
+configFile = File.read("xcode.xconfig").split("\n")
+configFile.each { |line|
+  next if line[0] == "#"
+
+  if line.include? "="
+    keys = line.split("=")
+    config[keys[0].strip] = keys[1].strip
+  end
+}
+
+platform = "macos"
+platform = "ios" if ARGV[3] == "ios"
+networkExtension = true if ARGV[4] == "1"
+
+r = XCodeprojPatcher.new
+r.run ARGV[0], ARGV[1], ARGV[2], platform, networkExtension, config
+exit 0

client/server_scripts/openvpn/configure_container.sh

@@ -18,7 +18,6 @@ user nobody
 group nobody
 persist-key
 persist-tun
-crl-verify /opt/amnezia/openvpn/crl.pem
 status openvpn-status.log
 verb 1
 tls-server

client/server_scripts/openvpn/run_container.sh

@@ -21,6 +21,5 @@ cd /opt/amnezia/openvpn && easyrsa gen-dh; \
 cd /opt/amnezia/openvpn && cp pki/dh.pem /opt/amnezia/openvpn && easyrsa build-ca nopass << EOF yes EOF && easyrsa gen-req AmneziaReq nopass << EOF2 yes EOF2;\
 cd /opt/amnezia/openvpn && easyrsa sign-req server AmneziaReq << EOF3 yes EOF3;\
 cd /opt/amnezia/openvpn && openvpn --genkey --secret ta.key << EOF4;\
-cd /opt/amnezia/openvpn && cp pki/ca.crt pki/issued/AmneziaReq.crt pki/private/AmneziaReq.key /opt/amnezia/openvpn;\
-cd /opt/amnezia/openvpn && easyrsa gen-crl;\
-cd /opt/amnezia/openvpn && cp pki/crl.pem /opt/amnezia/openvpn/crl.pem'
+cd /opt/amnezia/openvpn && cp pki/ca.crt pki/issued/AmneziaReq.crt pki/private/AmneziaReq.key /opt/amnezia/openvpn'
+

client/server_scripts/openvpn_cloak/configure_container.sh

@@ -18,7 +18,6 @@ user nobody
 group nobody
 persist-key
 persist-tun
-crl-verify /opt/amnezia/openvpn/crl.pem
 status openvpn-status.log
 verb 1
 tls-server

client/server_scripts/openvpn_cloak/run_container.sh

@@ -21,6 +21,4 @@ cd /opt/amnezia/openvpn && easyrsa gen-dh; \
 cd /opt/amnezia/openvpn && cp pki/dh.pem /opt/amnezia/openvpn && easyrsa build-ca nopass << EOF yes EOF && easyrsa gen-req AmneziaReq nopass << EOF2 yes EOF2;\
 cd /opt/amnezia/openvpn && easyrsa sign-req server AmneziaReq << EOF3 yes EOF3;\
 cd /opt/amnezia/openvpn && openvpn --genkey --secret ta.key << EOF4;\
-cd /opt/amnezia/openvpn && cp pki/ca.crt pki/issued/AmneziaReq.crt pki/private/AmneziaReq.key /opt/amnezia/openvpn;\
-cd /opt/amnezia/openvpn && easyrsa gen-crl;\
-cd /opt/amnezia/openvpn && cp pki/crl.pem /opt/amnezia/openvpn/crl.pem'
+cd /opt/amnezia/openvpn && cp pki/ca.crt pki/issued/AmneziaReq.crt pki/private/AmneziaReq.key /opt/amnezia/openvpn'

client/server_scripts/openvpn_shadowsocks/configure_container.sh

@@ -18,7 +18,6 @@ user nobody
 group nobody
 persist-key
 persist-tun
-crl-verify /opt/amnezia/openvpn/crl.pem
 status openvpn-status.log
 verb 1
 tls-server

client/server_scripts/openvpn_shadowsocks/run_container.sh

@@ -21,6 +21,4 @@ cd /opt/amnezia/openvpn && easyrsa gen-dh; \
 cd /opt/amnezia/openvpn && cp pki/dh.pem /opt/amnezia/openvpn && easyrsa build-ca nopass << EOF yes EOF && easyrsa gen-req AmneziaReq nopass << EOF2 yes EOF2;\
 cd /opt/amnezia/openvpn && easyrsa sign-req server AmneziaReq << EOF3 yes EOF3;\
 cd /opt/amnezia/openvpn && openvpn --genkey --secret ta.key << EOF4;\
-cd /opt/amnezia/openvpn && cp pki/ca.crt pki/issued/AmneziaReq.crt pki/private/AmneziaReq.key /opt/amnezia/openvpn;\
-cd /opt/amnezia/openvpn && easyrsa gen-crl;\
-cd /opt/amnezia/openvpn && cp pki/crl.pem /opt/amnezia/openvpn/crl.pem'
+cd /opt/amnezia/openvpn && cp pki/ca.crt pki/issued/AmneziaReq.crt pki/private/AmneziaReq.key /opt/amnezia/openvpn'

client/settings.cpp

@@ -1,4 +1,4 @@
-#include "version.h"
+#include "defines.h"
 #include "settings.h"
 #include "utilities.h"
 

client/translations/amneziavpn_ru.ts

@@ -403,7 +403,7 @@ Please note, this protocol still does not support export connection profile to m
         <location filename="../ui/mainwindow.ui" line="1388"/>
         <source>Optional.
 
-We recommend to enable VPN mode &quot;For selected sites&quot; and add blocked sites you need to visit manually. If you will choose this option, you will need add every blocked site you want to visit to the access list. You may switch between modes later.
+We recommend to enable VPN mode &quot;For selected sites&quot; and add blocked sites you need to visit manually. If you will choose this option, you will need add every bloked site you want to visit to the access list. You may switch between modes later.
 
 Please note, you should add addresses to the list after VPN connection established. You may add any domain, URL or IP address, it will be resolved to IP address.</source>
         <translation>Опционально.
@@ -582,7 +582,7 @@ OpenVPN over ShadowSocks</translation>
     </message>
     <message>
         <location filename="../ui/mainwindow.ui" line="4302"/>
-        <source>Secondary DNS server</source>
+        <source>Secondray DNS server</source>
         <translation>Вторичный DNS сервер</translation>
     </message>
     <message>
@@ -1111,7 +1111,7 @@ This code does not include server credentials.</source>
     </message>
     <message>
         <location filename="../ui/mainwindow.cpp" line="1756"/>
-        <source>VPN Protocol not chosen</source>
+        <source>VPN Protocol not choosen</source>
         <translation>VPN протокол не выбран</translation>
     </message>
     <message>

client/ui/models/clientManagementModel.cpp

@@ -1,104 +0,0 @@
-#include "clientManagementModel.h"
-
-#include <QJsonObject>
-
-ClientManagementModel::ClientManagementModel(QObject *parent) : QAbstractListModel(parent)
-{
-
-}
-
-void ClientManagementModel::clearData()
-{
-    beginResetModel();
-    m_content.clear();
-    endResetModel();
-}
-
-void ClientManagementModel::setContent(const QVector<QVariant> &data)
-{
-    beginResetModel();
-    m_content = data;
-    endResetModel();
-}
-
-QJsonObject ClientManagementModel::getContent(amnezia::Proto protocol)
-{
-    QJsonObject clientsTable;
-    for (const auto &item : m_content) {
-        if (protocol == amnezia::Proto::OpenVpn) {
-            clientsTable[item.toJsonObject()["openvpnCertId"].toString()] = item.toJsonObject();
-        } else if (protocol == amnezia::Proto::WireGuard) {
-            clientsTable[item.toJsonObject()["wireguardPublicKey"].toString()] = item.toJsonObject();
-        }
-    }
-    return clientsTable;
-}
-
-int ClientManagementModel::rowCount(const QModelIndex &parent) const
-{
-    Q_UNUSED(parent);
-    return static_cast<int>(m_content.size());
-}
-
-QVariant ClientManagementModel::data(const QModelIndex &index, int role) const
-{
-    if (!index.isValid() || index.row() < 0
-            || index.row() >= static_cast<int>(m_content.size())) {
-        return QVariant();
-    }
-
-    if (role == NameRole) {
-        return m_content[index.row()].toJsonObject()["clientName"].toString();
-    } else if (role == OpenVpnCertIdRole) {
-        return m_content[index.row()].toJsonObject()["openvpnCertId"].toString();
-    } else if (role == OpenVpnCertDataRole) {
-        return m_content[index.row()].toJsonObject()["openvpnCertData"].toString();
-    } else if (role == WireGuardPublicKey) {
-        return m_content[index.row()].toJsonObject()["wireguardPublicKey"].toString();
-    }
-
-    return QVariant();
-}
-
-void ClientManagementModel::setData(const QModelIndex &index, QVariant data, int role)
-{
-    if (!index.isValid() || index.row() < 0
-            || index.row() >= static_cast<int>(m_content.size())) {
-        return;
-    }
-
-    auto client = m_content[index.row()].toJsonObject();
-    if (role == NameRole) {
-        client["clientName"] = data.toString();
-    } else if (role == OpenVpnCertIdRole) {
-        client["openvpnCertId"] = data.toString();
-    } else if (role == OpenVpnCertDataRole) {
-        client["openvpnCertData"] = data.toString();
-    } else if (role == WireGuardPublicKey) {
-        client["wireguardPublicKey"] = data.toString();
-    } else {
-        return;
-    }
-    if (m_content[index.row()] != client) {
-        m_content[index.row()] = client;
-        emit dataChanged(index, index);
-    }
-}
-
-bool ClientManagementModel::removeRows(int row)
-{
-    beginRemoveRows(QModelIndex(), row, row);
-    m_content.removeAt(row);
-    endRemoveRows();
-    return true;
-}
-
-QHash<int, QByteArray> ClientManagementModel::roleNames() const
-{
-    QHash<int, QByteArray> roles;
-    roles[NameRole] = "clientName";
-    roles[OpenVpnCertIdRole] = "openvpnCertId";
-    roles[OpenVpnCertDataRole] = "openvpnCertData";
-    roles[WireGuardPublicKey] = "wireguardPublicKey";
-    return roles;
-}

client/ui/models/clientManagementModel.h

@@ -1,37 +0,0 @@
-#ifndef CLIENTMANAGEMENTMODEL_H
-#define CLIENTMANAGEMENTMODEL_H
-
-#include <QAbstractListModel>
-
-#include "protocols/protocols_defs.h"
-
-class ClientManagementModel : public QAbstractListModel
-{
-    Q_OBJECT
-
-public:
-    enum ClientRoles {
-        NameRole = Qt::UserRole + 1,
-        OpenVpnCertIdRole,
-        OpenVpnCertDataRole,
-        WireGuardPublicKey,
-    };
-
-    ClientManagementModel(QObject *parent = nullptr);
-
-    void clearData();
-    void setContent(const QVector<QVariant> &data);
-    QJsonObject getContent(amnezia::Proto protocol);
-    int rowCount(const QModelIndex &parent = QModelIndex()) const override;
-    QVariant data(const QModelIndex &index, int role = Qt::DisplayRole) const override;
-    void setData(const QModelIndex &index, QVariant data, int role = Qt::DisplayRole);
-    bool removeRows(int row);
-
-protected:
-    QHash<int, QByteArray> roleNames() const override;
-
-private:
-    QVector<QVariant> m_content;
-};
-
-#endif // CLIENTMANAGEMENTMODEL_H

client/ui/notificationhandler.cpp

@@ -93,7 +93,7 @@ void NotificationHandler::unsecuredNetworkNotification(const QString& networkNam
 
 
     QString title = tr("AmneziaVPN notification");
-    QString message = tr("Unsecured network detected: ") + networkName;
+    QString message = tr("Unsucured network detected: ") + networkName;
 
     notifyInternal(UnsecuredNetwork, title, message, 2000);
 }

client/ui/pages.h

@@ -12,8 +12,7 @@ public:
     enum Type {
         Basic,
         Proto,
-        ShareProto,
-        ClientInfo
+        ShareProto
     };
     Q_ENUM(Type)
 };
@@ -25,8 +24,7 @@ enum class Page {Start = 0, NewServer, NewServerProtocols, Vpn,
            Wizard, WizardLow, WizardMedium, WizardHigh, WizardVpnMode, ServerConfiguringProgress,
            GeneralSettings, AppSettings, NetworkSettings, ServerSettings,
            ServerContainers, ServersList, ShareConnection,  Sites,
-           ProtocolSettings, ProtocolShare, QrDecoder, QrDecoderIos, About, ViewConfig,
-           AdvancedServerSettings, ClientManagement, ClientInfo};
+           ProtocolSettings, ProtocolShare, QrDecoder, QrDecoderIos, About, ViewConfig, AdvancedServerSettings};
 Q_ENUM_NS(Page)
 
 static void declareQmlPageEnum() {

client/ui/pages_logic/AppSettingsLogic.cpp

@@ -1,7 +1,7 @@
 #include "AppSettingsLogic.h"
 
 #include "logger.h"
-#include "version.h"
+#include "defines.h"
 #include "ui/qautostart.h"
 #include "ui/uilogic.h"
 

client/ui/pages_logic/ClientInfoLogic.cpp

@@ -1,213 +0,0 @@
-#include "ClientInfoLogic.h"
-
-#include <QMessageBox>
-
-#include "version.h"
-#include "core/errorstrings.h"
-#include "core/servercontroller.h"
-#include "ui/models/clientManagementModel.h"
-#include "ui/uilogic.h"
-
-namespace {
-    bool isErrorOccured(ErrorCode error) {
-        if (error != ErrorCode::NoError) {
-            QMessageBox::warning(nullptr, APPLICATION_NAME,
-                                 QObject::tr("An error occurred while saving the list of clients.") + "\n" + errorString(error));
-            return true;
-        }
-        return false;
-    }
-}
-
-ClientInfoLogic::ClientInfoLogic(UiLogic *logic, QObject *parent):
-    PageLogicBase(logic, parent)
-{
-
-}
-
-void ClientInfoLogic::setCurrentClientId(int index)
-{
-    m_currentClientIndex = index;
-}
-
-void ClientInfoLogic::onUpdatePage()
-{
-    set_pageContentVisible(false);
-    set_busyIndicatorIsRunning(true);
-
-    const ServerCredentials credentials = m_settings->serverCredentials(uiLogic()->m_selectedServerIndex);
-    const DockerContainer container = m_settings->defaultContainer(uiLogic()->m_selectedServerIndex);
-    const QString containerNameString = ContainerProps::containerHumanNames().value(container);
-    set_labelCurrentVpnProtocolText(tr("Service: ") + containerNameString);
-
-    const QVector<amnezia::Proto> protocols = ContainerProps::protocolsForContainer(container);
-    if (!protocols.empty()) {
-        const Proto currentMainProtocol = protocols.front();
-
-        auto model = qobject_cast<ClientManagementModel*>(uiLogic()->clientManagementModel());
-        const QModelIndex modelIndex = model->index(m_currentClientIndex);
-
-        set_lineEditNameAliasText(model->data(modelIndex, ClientManagementModel::ClientRoles::NameRole).toString());
-        if (currentMainProtocol == Proto::OpenVpn) {
-            const QString certId = model->data(modelIndex, ClientManagementModel::ClientRoles::OpenVpnCertIdRole).toString();
-            QString certData = model->data(modelIndex, ClientManagementModel::ClientRoles::OpenVpnCertDataRole).toString();
-
-            if (certData.isEmpty() && !certId.isEmpty()) {
-                QString stdOut;
-                auto cbReadStdOut = [&](const QString &data, libssh::Client &) {
-                    stdOut += data + "\n";
-                    return ErrorCode::NoError;
-                };
-
-                const QString getOpenVpnCertData = QString("sudo docker exec -i $CONTAINER_NAME bash -c 'cat /opt/amnezia/openvpn/pki/issued/%1.crt'")
-                                                           .arg(certId);
-                ServerController serverController(m_settings);
-                const QString script = serverController.replaceVars(getOpenVpnCertData, serverController.genVarsForScript(credentials, container));
-                ErrorCode error = serverController.runScript(credentials, script, cbReadStdOut);
-                certData = stdOut;
-                if (isErrorOccured(error)) {
-                    set_busyIndicatorIsRunning(false);
-                    emit uiLogic()->closePage();
-                    return;
-                }
-            }
-            set_labelOpenVpnCertId(certId);
-            set_textAreaOpenVpnCertData(certData);
-        } else if (currentMainProtocol == Proto::WireGuard) {
-            set_textAreaWireGuardKeyData(model->data(modelIndex, ClientManagementModel::ClientRoles::WireGuardPublicKey).toString());
-        }
-    }
-    set_pageContentVisible(true);
-    set_busyIndicatorIsRunning(false);
-}
-
-void ClientInfoLogic::onLineEditNameAliasEditingFinished()
-{
-    set_busyIndicatorIsRunning(true);
-
-    auto model = qobject_cast<ClientManagementModel*>(uiLogic()->clientManagementModel());
-    const QModelIndex modelIndex = model->index(m_currentClientIndex);
-    model->setData(modelIndex, m_lineEditNameAliasText, ClientManagementModel::ClientRoles::NameRole);
-
-    const DockerContainer selectedContainer = m_settings->defaultContainer(uiLogic()->m_selectedServerIndex);
-    const ServerCredentials credentials = m_settings->serverCredentials(uiLogic()->m_selectedServerIndex);
-    const QVector<amnezia::Proto> protocols = ContainerProps::protocolsForContainer(selectedContainer);
-    if (!protocols.empty()) {
-        const Proto currentMainProtocol = protocols.front();
-        const QJsonObject clientsTable = model->getContent(currentMainProtocol);
-        ErrorCode error = setClientsList(credentials,
-                                         selectedContainer,
-                                         currentMainProtocol,
-                                         clientsTable);
-        isErrorOccured(error);
-    }
-
-    set_busyIndicatorIsRunning(false);
-}
-
-void ClientInfoLogic::onRevokeOpenVpnCertificateClicked()
-{
-    set_busyIndicatorIsRunning(true);
-    const DockerContainer container = m_settings->defaultContainer(uiLogic()->m_selectedServerIndex);
-    const ServerCredentials credentials = m_settings->serverCredentials(uiLogic()->m_selectedServerIndex);
-
-    auto model = qobject_cast<ClientManagementModel*>(uiLogic()->clientManagementModel());
-    const QModelIndex modelIndex = model->index(m_currentClientIndex);
-    const QString certId = model->data(modelIndex, ClientManagementModel::ClientRoles::OpenVpnCertIdRole).toString();
-
-    const QString getOpenVpnCertData = QString("sudo docker exec -i $CONTAINER_NAME bash -c '"
-                                               "cd /opt/amnezia/openvpn ;\\"
-                                               "easyrsa revoke %1 ;\\"
-                                               "easyrsa gen-crl ;\\"
-                                               "cp pki/crl.pem .'").arg(certId);
-    ServerController serverController(m_settings);
-    const QString script = serverController.replaceVars(getOpenVpnCertData,
-                                                        serverController.genVarsForScript(credentials, container));
-    auto error = serverController.runScript(credentials, script);
-    if (isErrorOccured(error)) {
-        set_busyIndicatorIsRunning(false);
-        emit uiLogic()->goToPage(Page::ServerSettings);
-        return;
-    }
-
-    model->removeRows(m_currentClientIndex);
-    const QJsonObject clientsTable = model->getContent(Proto::OpenVpn);
-    error = setClientsList(credentials, container, Proto::OpenVpn, clientsTable);
-    if (isErrorOccured(error)) {
-        set_busyIndicatorIsRunning(false);
-        return;
-    }
-
-    const QJsonObject &containerConfig = m_settings->containerConfig(uiLogic()->m_selectedServerIndex, container);
-    error = serverController.startupContainerWorker(credentials, container, containerConfig);
-    if (isErrorOccured(error)) {
-        set_busyIndicatorIsRunning(false);
-        return;
-    }
-
-    set_busyIndicatorIsRunning(false);
-}
-
-void ClientInfoLogic::onRevokeWireGuardKeyClicked()
-{
-    set_busyIndicatorIsRunning(true);
-    ErrorCode error;
-    const DockerContainer container = m_settings->defaultContainer(uiLogic()->m_selectedServerIndex);
-    const ServerCredentials credentials = m_settings->serverCredentials(uiLogic()->m_selectedServerIndex);
-
-    ServerController serverController(m_settings);
-
-    const QString wireGuardConfigFile = "opt/amnezia/wireguard/wg0.conf";
-    const QString wireguardConfigString = serverController.getTextFileFromContainer(container, credentials, wireGuardConfigFile, &error);
-    if (isErrorOccured(error)) {
-        set_busyIndicatorIsRunning(false);
-        return;
-    }
-
-    auto model = qobject_cast<ClientManagementModel*>(uiLogic()->clientManagementModel());
-    const QModelIndex modelIndex = model->index(m_currentClientIndex);
-    const QString key = model->data(modelIndex, ClientManagementModel::ClientRoles::WireGuardPublicKey).toString();
-
-    auto configSections = wireguardConfigString.split("[", Qt::SkipEmptyParts);
-    for (auto &section : configSections) {
-        if (section.contains(key)) {
-            configSections.removeOne(section);
-        }
-    }
-    QString newWireGuardConfig = configSections.join("[");
-    newWireGuardConfig.insert(0, "[");
-    error = serverController.uploadTextFileToContainer(container, credentials, newWireGuardConfig,
-                                                       protocols::wireguard::serverConfigPath,
-                                                       libssh::SftpOverwriteMode::SftpOverwriteExisting);
-    if (isErrorOccured(error)) {
-        set_busyIndicatorIsRunning(false);
-        return;
-    }
-
-    model->removeRows(m_currentClientIndex);
-    const QJsonObject clientsTable = model->getContent(Proto::WireGuard);
-    error = setClientsList(credentials, container, Proto::WireGuard, clientsTable);
-    if (isErrorOccured(error)) {
-        set_busyIndicatorIsRunning(false);
-        return;
-    }
-
-    const QString script = "sudo docker exec -i $CONTAINER_NAME bash -c 'wg syncconf wg0 <(wg-quick strip /opt/amnezia/wireguard/wg0.conf)'";
-    error = serverController.runScript(credentials,
-                                       serverController.replaceVars(script, serverController.genVarsForScript(credentials, container)));
-    if (isErrorOccured(error)) {
-        set_busyIndicatorIsRunning(false);
-        return;
-    }
-
-    set_busyIndicatorIsRunning(false);
-}
-
-ErrorCode ClientInfoLogic::setClientsList(const ServerCredentials &credentials, DockerContainer container, Proto mainProtocol, const QJsonObject &clietns)
-{
-    const QString mainProtocolString = ProtocolProps::protoToString(mainProtocol);
-    const QString clientsTableFile = QString("opt/amnezia/%1/clientsTable").arg(mainProtocolString);
-    ServerController serverController(m_settings);
-    ErrorCode error = serverController.uploadTextFileToContainer(container, credentials, QJsonDocument(clietns).toJson(), clientsTableFile);
-    return error;
-}

client/ui/pages_logic/ClientInfoLogic.h

@@ -1,42 +0,0 @@
-#ifndef CLIENTINFOLOGIC_H
-#define CLIENTINFOLOGIC_H
-
-#include "PageLogicBase.h"
-
-#include "core/defs.h"
-#include "containers/containers_defs.h"
-#include "protocols/protocols_defs.h"
-
-class UiLogic;
-
-class ClientInfoLogic : public PageLogicBase
-{
-    Q_OBJECT
-
-    AUTO_PROPERTY(QString, lineEditNameAliasText)
-    AUTO_PROPERTY(QString, labelOpenVpnCertId)
-    AUTO_PROPERTY(QString, textAreaOpenVpnCertData)
-    AUTO_PROPERTY(QString, labelCurrentVpnProtocolText)
-    AUTO_PROPERTY(QString, textAreaWireGuardKeyData)
-    AUTO_PROPERTY(bool, busyIndicatorIsRunning);
-    AUTO_PROPERTY(bool, pageContentVisible);
-
-public:
-    ClientInfoLogic(UiLogic *uiLogic, QObject *parent = nullptr);
-    ~ClientInfoLogic() = default;
-
-    void setCurrentClientId(int index);
-
-public slots:
-    void onUpdatePage() override;
-    void onLineEditNameAliasEditingFinished();
-    void onRevokeOpenVpnCertificateClicked();
-    void onRevokeWireGuardKeyClicked();
-
-private:
-    ErrorCode setClientsList(const ServerCredentials &credentials, DockerContainer container, Proto mainProtocol, const QJsonObject &clietns);
-
-    int m_currentClientIndex;
-};
-
-#endif // CLIENTINFOLOGIC_H

client/ui/pages_logic/ClientManagementLogic.cpp

@@ -1,143 +0,0 @@
-#include "ClientManagementLogic.h"
-
-#include <QMessageBox>
-
-#include "version.h"
-#include "core/errorstrings.h"
-#include "core/servercontroller.h"
-#include "ui/pages_logic/ClientInfoLogic.h"
-#include "ui/models/clientManagementModel.h"
-#include "ui/uilogic.h"
-
-ClientManagementLogic::ClientManagementLogic(UiLogic *logic, QObject *parent):
-    PageLogicBase(logic, parent)
-{
-
-}
-
-void ClientManagementLogic::onUpdatePage()
-{
-    set_busyIndicatorIsRunning(true);
-
-    qobject_cast<ClientManagementModel*>(uiLogic()->clientManagementModel())->clearData();
-    DockerContainer selectedContainer = m_settings->defaultContainer(uiLogic()->m_selectedServerIndex);
-    QString selectedContainerName = ContainerProps::containerHumanNames().value(selectedContainer);
-    set_labelCurrentVpnProtocolText(tr("Service: ") + selectedContainerName);
-
-    QJsonObject clients;
-
-    auto protocols = ContainerProps::protocolsForContainer(selectedContainer);
-    if (!protocols.empty()) {
-        m_currentMainProtocol = protocols.front();
-
-        const ServerCredentials credentials = m_settings->serverCredentials(uiLogic()->m_selectedServerIndex);
-
-        ErrorCode error = getClientsList(credentials, selectedContainer, m_currentMainProtocol, clients);
-        if (error != ErrorCode::NoError) {
-            QMessageBox::warning(nullptr, APPLICATION_NAME,
-                                 tr("An error occurred while getting the list of clients.") + "\n" + errorString(error));
-            set_busyIndicatorIsRunning(false);
-            return;
-        }
-    }
-    QVector<QVariant> clientsArray;
-    for (auto &clientId : clients.keys()) {
-        clientsArray.push_back(clients[clientId].toObject());
-    }
-    qobject_cast<ClientManagementModel*>(uiLogic()->clientManagementModel())->setContent(clientsArray);
-
-    set_busyIndicatorIsRunning(false);
-}
-
-void ClientManagementLogic::onClientItemClicked(int index)
-{
-    uiLogic()->pageLogic<ClientInfoLogic>()->setCurrentClientId(index);
-    emit uiLogic()->goToClientInfoPage(m_currentMainProtocol);
-}
-
-ErrorCode ClientManagementLogic::getClientsList(const ServerCredentials &credentials, DockerContainer container, Proto mainProtocol, QJsonObject &clietns)
-{
-    ErrorCode error = ErrorCode::NoError;
-    QString stdOut;
-    auto cbReadStdOut = [&](const QString &data, libssh::Client &) {
-        stdOut += data + "\n";
-        return ErrorCode::NoError;
-    };
-
-    const QString mainProtocolString = ProtocolProps::protoToString(mainProtocol);
-
-    ServerController serverController(m_settings);
-
-    const QString clientsTableFile = QString("/opt/amnezia/%1/clientsTable").arg(mainProtocolString);
-    const QByteArray clientsTableString = serverController.getTextFileFromContainer(container, credentials, clientsTableFile, &error);
-    if (error != ErrorCode::NoError) {
-        return error;
-    }
-    QJsonObject clientsTable = QJsonDocument::fromJson(clientsTableString).object();
-    int count = 0;
-
-    if (mainProtocol == Proto::OpenVpn) {
-        const QString getOpenVpnClientsList = "sudo docker exec -i $CONTAINER_NAME bash -c 'ls /opt/amnezia/openvpn/pki/issued'";
-        QString script = serverController.replaceVars(getOpenVpnClientsList, serverController.genVarsForScript(credentials, container));
-        error = serverController.runScript(credentials, script, cbReadStdOut);
-        if (error != ErrorCode::NoError) {
-            return error;
-        }
-
-        if (!stdOut.isEmpty()) {
-            QStringList certsIds = stdOut.split("\n", Qt::SkipEmptyParts);
-            certsIds.removeAll("AmneziaReq.crt");
-
-            for (auto &openvpnCertId : certsIds) {
-                openvpnCertId.replace(".crt", "");
-                if (!clientsTable.contains(openvpnCertId)) {
-
-                    QJsonObject client;
-                    client["openvpnCertId"] = openvpnCertId;
-                    client["clientName"] = QString("Client %1").arg(count);
-                    client["openvpnCertData"] = "";
-                    clientsTable[openvpnCertId] = client;
-                    count++;
-                }
-            }
-        }
-    } else if (mainProtocol == Proto::WireGuard) {
-        const QString wireGuardConfigFile = "opt/amnezia/wireguard/wg0.conf";
-        const QString wireguardConfigString = serverController.getTextFileFromContainer(container, credentials, wireGuardConfigFile, &error);
-        if (error != ErrorCode::NoError) {
-            return error;
-        }
-
-        auto configLines = wireguardConfigString.split("\n", Qt::SkipEmptyParts);
-        QStringList wireguardKeys;
-        for (const auto &line : configLines) {
-            auto configPair = line.split(" = ", Qt::SkipEmptyParts);
-            if (configPair.front() == "PublicKey") {
-                wireguardKeys.push_back(configPair.back());
-            }
-        }
-
-        for (auto &wireguardKey : wireguardKeys) {
-            if (!clientsTable.contains(wireguardKey)) {
-                QJsonObject client;
-                client["clientName"] = QString("Client %1").arg(count);
-                client["wireguardPublicKey"] = wireguardKey;
-                clientsTable[wireguardKey] = client;
-                count++;
-            }
-        }
-    }
-
-    const QByteArray newClientsTableString = QJsonDocument(clientsTable).toJson();
-    if (clientsTableString != newClientsTableString) {
-        error = serverController.uploadTextFileToContainer(container, credentials, newClientsTableString, clientsTableFile);
-    }
-
-    if (error != ErrorCode::NoError) {
-        return error;
-    }
-
-    clietns = clientsTable;
-
-    return error;
-}

client/ui/pages_logic/ClientManagementLogic.h

@@ -1,33 +0,0 @@
-#ifndef CLIENTMANAGMENTLOGIC_H
-#define CLIENTMANAGMENTLOGIC_H
-
-#include "PageLogicBase.h"
-
-#include "core/defs.h"
-#include "containers/containers_defs.h"
-#include "protocols/protocols_defs.h"
-
-class UiLogic;
-
-class ClientManagementLogic : public PageLogicBase
-{
-    Q_OBJECT
-
-    AUTO_PROPERTY(QString, labelCurrentVpnProtocolText)
-    AUTO_PROPERTY(bool, busyIndicatorIsRunning);
-
-public:
-    ClientManagementLogic(UiLogic *uiLogic, QObject *parent = nullptr);
-    ~ClientManagementLogic() = default;
-
-public slots:
-    void onUpdatePage() override;
-    void onClientItemClicked(int index);
-
-private:
-    ErrorCode getClientsList(const ServerCredentials &credentials, DockerContainer container, Proto mainProtocol, QJsonObject &clietns);
-
-    amnezia::Proto m_currentMainProtocol;
-};
-
-#endif // CLIENTMANAGMENTLOGIC_H

client/ui/pages_logic/NetworkSettingsLogic.cpp

@@ -1,6 +1,6 @@
 #include "NetworkSettingsLogic.h"
 
-#include "version.h"
+#include "defines.h"
 #include "utilities.h"
 #include "settings.h"
 

client/ui/pages_logic/ServerConfiguringProgressLogic.cpp

@@ -1,5 +1,5 @@
 #include "ServerConfiguringProgressLogic.h"
-#include "version.h"
+#include "defines.h"
 #include "core/errorstrings.h"
 #include <QTimer>
 #include <QEventLoop>
@@ -12,7 +12,7 @@ ServerConfiguringProgressLogic::ServerConfiguringProgressLogic(UiLogic *logic, Q
     m_labelWaitInfoVisible{true},
     m_labelWaitInfoText{tr("Please wait, configuring process may take up to 5 minutes")},
     m_progressBarVisible{true},
-    m_progressBarMaximum{100},
+    m_progressBarMaximium{100},
     m_progressBarTextVisible{true},
     m_progressBarText{tr("Configuring...")},
     m_labelServerBusyVisible{false},
@@ -46,8 +46,8 @@ ErrorCode ServerConfiguringProgressLogic::doInstallAction(const std::function<Er
     progress.getValueFunc = [this] (void) -> int {
         return progressBarValue();
     };
-    progress.getMaximumFunc = [this] (void) -> int {
-        return progressBarMaximum();
+    progress.getMaximiumFunc = [this] (void) -> int {
+        return progressBarMaximium();
     };
 
     LabelFunc busyInfo;
@@ -150,7 +150,7 @@ ErrorCode ServerConfiguringProgressLogic::doInstallAction(const std::function<Er
     // just ui progressbar tweak
     timer.stop();
 
-    int remainingVal = progress.getMaximumFunc() - progress.getValueFunc();
+    int remainingVal = progress.getMaximiumFunc() - progress.getValueFunc();
 
     if (remainingVal > 0) {
         QTimer timer1;
@@ -158,7 +158,7 @@ ErrorCode ServerConfiguringProgressLogic::doInstallAction(const std::function<Er
 
         connect(&timer1, &QTimer::timeout, [&](){
             progress.setValueFunc(progress.getValueFunc() + 1);
-            if (progress.getValueFunc() >= progress.getMaximumFunc()) {
+            if (progress.getValueFunc() >= progress.getMaximiumFunc()) {
                 loop1.quit();
             }
         });

client/ui/pages_logic/ServerConfiguringProgressLogic.h

@@ -17,7 +17,7 @@ class ServerConfiguringProgressLogic : public PageLogicBase
     AUTO_PROPERTY(bool, labelWaitInfoVisible)
     AUTO_PROPERTY(QString, labelWaitInfoText)
     AUTO_PROPERTY(bool, progressBarVisible)
-    AUTO_PROPERTY(int, progressBarMaximum)
+    AUTO_PROPERTY(int, progressBarMaximium)
     AUTO_PROPERTY(bool, progressBarTextVisible)
     AUTO_PROPERTY(QString, progressBarText)
     AUTO_PROPERTY(bool, labelServerBusyVisible)
@@ -32,7 +32,7 @@ private:
         std::function<void(bool)> setVisibleFunc;
         std::function<void(int)> setValueFunc;
         std::function<int(void)> getValueFunc;
-        std::function<int(void)> getMaximumFunc;
+        std::function<int(void)> getMaximiumFunc;
         std::function<void(bool)> setTextVisibleFunc;
         std::function<void(const QString&)> setTextFunc;
     };

client/ui/pages_logic/ShareConnectionLogic.cpp

@@ -14,7 +14,7 @@
 #include "configurators/ikev2_configurator.h"
 #include "configurators/ssh_configurator.h"
 
-#include "version.h"
+#include "defines.h"
 #include "core/defs.h"
 #include "core/errorstrings.h"
 #include "core/servercontroller.h"
@@ -80,12 +80,12 @@ void ShareConnectionLogic::onPushButtonShareAmneziaGenerateClicked()
         QJsonObject containerConfig = m_settings->containerConfig(serverIndex, container);
         containerConfig.insert(config_key::container, ContainerProps::containerToString(container));
 
-        ErrorCode e = ErrorCode::NoError;
+        ErrorCode errorCode = ErrorCode::NoError;
         for (Proto p: ContainerProps::protocolsForContainer(container)) {
             QJsonObject protoConfig = m_settings->protocolConfig(serverIndex, container, p);
 
-            QString cfg = m_configurator->genVpnProtocolConfig(credentials, container, containerConfig, p, &e);
-            if (e) {
+            QString cfg = m_configurator->genVpnProtocolConfig(credentials, container, containerConfig, p, errorCode);
+            if (errorCode) {
                 cfg = "Error generating config";
                 break;
             }
@@ -94,7 +94,7 @@ void ShareConnectionLogic::onPushButtonShareAmneziaGenerateClicked()
         }
 
         QByteArray ba;
-        if (!e) {
+        if (!errorCode) {
             serverConfig = m_settings->server(serverIndex);
             serverConfig.remove(config_key::userName);
             serverConfig.remove(config_key::password);
@@ -132,8 +132,8 @@ void ShareConnectionLogic::onPushButtonShareOpenVpnGenerateClicked()
 
     const QJsonObject &containerConfig = m_settings->containerConfig(serverIndex, container);
 
-    ErrorCode e = ErrorCode::NoError;
-    QString cfg = m_configurator->openVpnConfigurator->genOpenVpnConfig(credentials, container, containerConfig, &e);
+    ErrorCode errorCode = ErrorCode::NoError;
+    QString cfg = m_configurator->openVpnConfigurator->genOpenVpnConfig(credentials, container, containerConfig, errorCode);
     cfg = m_configurator->processConfigWithExportSettings(serverIndex, container, Proto::OpenVpn, cfg);
 
     set_textEditShareOpenVpnCodeText(QJsonDocument::fromJson(cfg.toUtf8()).object()[config_key::config].toString());
@@ -151,8 +151,8 @@ void ShareConnectionLogic::onPushButtonShareShadowSocksGenerateClicked()
     if (cfg.isEmpty()) {
         const QJsonObject &containerConfig = m_settings->containerConfig(serverIndex, container);
 
-        ErrorCode e = ErrorCode::NoError;
-        cfg = m_configurator->shadowSocksConfigurator->genShadowSocksConfig(credentials, container, containerConfig, &e);
+        ErrorCode errorCode = ErrorCode::NoError;
+        cfg = m_configurator->shadowSocksConfigurator->genShadowSocksConfig(credentials, container, containerConfig, errorCode);
     }
 
     QJsonObject ssConfig = QJsonDocument::fromJson(cfg.toUtf8()).object();
@@ -195,8 +195,8 @@ void ShareConnectionLogic::onPushButtonShareCloakGenerateClicked()
     if (cfg.isEmpty()) {
         const QJsonObject &containerConfig = m_settings->containerConfig(serverIndex, container);
 
-        ErrorCode e = ErrorCode::NoError;
-        cfg = m_configurator->cloakConfigurator->genCloakConfig(credentials, container, containerConfig, &e);
+        ErrorCode errorCode = ErrorCode::NoError;
+        cfg = m_configurator->cloakConfigurator->genCloakConfig(credentials, container, containerConfig, errorCode);
     }
 
     QJsonObject cloakConfig = QJsonDocument::fromJson(cfg.toUtf8()).object();
@@ -215,7 +215,7 @@ void ShareConnectionLogic::onPushButtonShareWireGuardGenerateClicked()
     const QJsonObject &containerConfig = m_settings->containerConfig(serverIndex, container);
 
     ErrorCode e = ErrorCode::NoError;
-    QString cfg = m_configurator->wireguardConfigurator->genWireguardConfig(credentials, container, containerConfig, &e);
+    QString cfg = m_configurator->wireguardConfigurator->genWireguardConfig(credentials, container, containerConfig, e);
     if (e) {
         emit uiLogic()->showWarningMessage(tr("Error occurred while generating the config.") + "\n" +
                                            tr("Error message: ") + errorString(e) + "\n" +
@@ -239,7 +239,8 @@ void ShareConnectionLogic::onPushButtonShareIkev2GenerateClicked()
     DockerContainer container = uiLogic()->m_selectedDockerContainer;
     ServerCredentials credentials = m_settings->serverCredentials(serverIndex);
 
-    Ikev2Configurator::ConnectionData connData = m_configurator->ikev2Configurator->prepareIkev2Config(credentials, container);
+    ErrorCode errorCode = ErrorCode::NoError;
+    Ikev2Configurator::ConnectionData connData = m_configurator->ikev2Configurator->prepareIkev2Config(credentials, container, errorCode);
 
     QString cfg = m_configurator->ikev2Configurator->genIkev2Config(connData);
     cfg = m_configurator->processConfigWithExportSettings(serverIndex, container, Proto::Ikev2, cfg);

client/ui/pages_logic/StartPageLogic.cpp

@@ -153,7 +153,7 @@ void StartPageLogic::onPushButtonConnect()
 
     QString output;
     if (errorCode == ErrorCode::NoError) {
-        output = serverController.checkSshConnection(serverCredentials, &errorCode);
+        output = serverController.checkSshConnection(serverCredentials, errorCode);
     }
 
     bool ok = true;