fix macOS command

Merge branch 'dev' into feature/add-uninstaller-checkbox
moved protocol config generation to VpnConfigirationsController (#665 )
2026-06-22 02:01:08 +07:00 · 2024-04-01 18:23:35 +02:00 · 2024-04-01 18:10:11 +02:00 · 2024-04-01 14:20:02 +01:00 · 2024-04-01 13:33:10 +01:00 · 2024-04-01 17:07:33 +05:00
175 changed files with 6523 additions and 3702 deletions
@@ -2,7 +2,7 @@ cmake_minimum_required(VERSION 3.25.0 FATAL_ERROR)

 set(PROJECT AmneziaVPN)

-project(${PROJECT} VERSION 4.4.2.1
+project(${PROJECT} VERSION 4.5.0.0
        DESCRIPTION "AmneziaVPN"
        HOMEPAGE_URL "https://amnezia.org/"
 )
@@ -11,7 +11,7 @@ string(TIMESTAMP CURRENT_DATE "%Y-%m-%d")
 set(RELEASE_DATE "${CURRENT_DATE}")

 set(APP_MAJOR_VERSION ${CMAKE_PROJECT_VERSION_MAJOR}.${CMAKE_PROJECT_VERSION_MINOR}.${CMAKE_PROJECT_VERSION_PATCH})
-set(APP_ANDROID_VERSION_CODE 49)
+set(APP_ANDROID_VERSION_CODE 50)

 if(${CMAKE_SYSTEM_NAME} STREQUAL "Linux")
    set(MZ_PLATFORM_NAME "linux")
@@ -63,10 +63,10 @@ qt6_add_resources(QRC ${QRC} ${CMAKE_CURRENT_LIST_DIR}/resources.qrc)
 set(CMAKE_AUTORCC ON)

 set(AMNEZIAVPN_TS_FILES
-    ${CMAKE_CURRENT_LIST_DIR}/translations/amneziavpn_ru.ts
+    ${CMAKE_CURRENT_LIST_DIR}/translations/amneziavpn_ru_RU.ts
    ${CMAKE_CURRENT_LIST_DIR}/translations/amneziavpn_zh_CN.ts
    ${CMAKE_CURRENT_LIST_DIR}/translations/amneziavpn_fa_IR.ts
-    ${CMAKE_CURRENT_LIST_DIR}/translations/amneziavpn_ar.ts
+    ${CMAKE_CURRENT_LIST_DIR}/translations/amneziavpn_ar_EG.ts
    ${CMAKE_CURRENT_LIST_DIR}/translations/amneziavpn_my_MM.ts
 )

@@ -119,7 +119,9 @@ set(HEADERS ${HEADERS}
    ${CMAKE_CURRENT_LIST_DIR}/core/errorstrings.h
    ${CMAKE_CURRENT_LIST_DIR}/core/scripts_registry.h
    ${CMAKE_CURRENT_LIST_DIR}/core/server_defs.h
+    ${CMAKE_CURRENT_LIST_DIR}/core/controllers/apiController.h
    ${CMAKE_CURRENT_LIST_DIR}/core/controllers/serverController.h
+    ${CMAKE_CURRENT_LIST_DIR}/core/controllers/vpnConfigurationController.h
    ${CMAKE_CURRENT_LIST_DIR}/protocols/protocols_defs.h
    ${CMAKE_CURRENT_LIST_DIR}/protocols/qml_register_protocols.h
    ${CMAKE_CURRENT_LIST_DIR}/ui/notificationhandler.h
@@ -129,6 +131,7 @@ set(HEADERS ${HEADERS}
    ${CMAKE_CURRENT_LIST_DIR}/protocols/vpnprotocol.h
    ${CMAKE_CURRENT_BINARY_DIR}/version.h
    ${CMAKE_CURRENT_LIST_DIR}/core/sshclient.h
+    ${CMAKE_CURRENT_LIST_DIR}/core/networkUtilities.h
 )

 # Mozilla headres
@@ -158,12 +161,15 @@ set(SOURCES ${SOURCES}
    ${CMAKE_CURRENT_LIST_DIR}/core/errorstrings.cpp
    ${CMAKE_CURRENT_LIST_DIR}/core/scripts_registry.cpp
    ${CMAKE_CURRENT_LIST_DIR}/core/server_defs.cpp
+    ${CMAKE_CURRENT_LIST_DIR}/core/controllers/apiController.cpp
    ${CMAKE_CURRENT_LIST_DIR}/core/controllers/serverController.cpp
+    ${CMAKE_CURRENT_LIST_DIR}/core/controllers/vpnConfigurationController.cpp
    ${CMAKE_CURRENT_LIST_DIR}/protocols/protocols_defs.cpp
    ${CMAKE_CURRENT_LIST_DIR}/ui/notificationhandler.cpp
    ${CMAKE_CURRENT_LIST_DIR}/ui/qautostart.cpp
    ${CMAKE_CURRENT_LIST_DIR}/protocols/vpnprotocol.cpp
    ${CMAKE_CURRENT_LIST_DIR}/core/sshclient.cpp
+    ${CMAKE_CURRENT_LIST_DIR}/core/networkUtilities.cpp
 )

 # Mozilla sources
@@ -293,6 +299,7 @@ if(WIN32 OR (APPLE AND NOT IOS) OR (LINUX AND NOT ANDROID))
        ${CMAKE_CURRENT_LIST_DIR}/protocols/openvpnovercloakprotocol.h
        ${CMAKE_CURRENT_LIST_DIR}/protocols/shadowsocksvpnprotocol.h
        ${CMAKE_CURRENT_LIST_DIR}/protocols/wireguardprotocol.h
+        ${CMAKE_CURRENT_LIST_DIR}/protocols/xrayprotocol.h
        ${CMAKE_CURRENT_LIST_DIR}/protocols/awgprotocol.h
    )

@@ -304,6 +311,7 @@ if(WIN32 OR (APPLE AND NOT IOS) OR (LINUX AND NOT ANDROID))
        ${CMAKE_CURRENT_LIST_DIR}/protocols/openvpnovercloakprotocol.cpp
        ${CMAKE_CURRENT_LIST_DIR}/protocols/shadowsocksvpnprotocol.cpp
        ${CMAKE_CURRENT_LIST_DIR}/protocols/wireguardprotocol.cpp
+        ${CMAKE_CURRENT_LIST_DIR}/protocols/xrayprotocol.cpp
        ${CMAKE_CURRENT_LIST_DIR}/protocols/awgprotocol.cpp
    )
 endif()
@@ -14,10 +14,12 @@

 #include "logger.h"
 #include "version.h"
+#include "ui/models/installedAppsModel.h"

 #include "platforms/ios/QRCodeReaderBase.h"
 #if defined(Q_OS_ANDROID)
    #include "platforms/android/android_controller.h"
+    #include "core/installedAppsImageProvider.h"
 #endif

 #include "protocols/qml_register_protocols.h"
@@ -82,8 +84,7 @@ void AmneziaApplication::init()

    m_engine->rootContext()->setContextProperty("Debug", &Logger::Instance());

-    m_configurator = std::shared_ptr<VpnConfigurator>(new VpnConfigurator(m_settings, this));
-    m_vpnConnection.reset(new VpnConnection(m_settings, m_configurator));
+    m_vpnConnection.reset(new VpnConnection(m_settings));
    m_vpnConnection->moveToThread(&m_vpnConnectionThread);
    m_vpnConnectionThread.start();

@@ -96,18 +97,16 @@ void AmneziaApplication::init()
        qFatal("Android logging initialization failed");
    }
    AndroidController::instance()->setSaveLogs(m_settings->isSaveLogs());
-    connect(m_settings.get(), &Settings::saveLogsChanged,
-            AndroidController::instance(), &AndroidController::setSaveLogs);
+    connect(m_settings.get(), &Settings::saveLogsChanged, AndroidController::instance(), &AndroidController::setSaveLogs);

    AndroidController::instance()->setScreenshotsEnabled(m_settings->isScreenshotsEnabled());
-    connect(m_settings.get(), &Settings::screenshotsEnabledChanged,
-            AndroidController::instance(), &AndroidController::setScreenshotsEnabled);
+    connect(m_settings.get(), &Settings::screenshotsEnabledChanged, AndroidController::instance(),
+            &AndroidController::setScreenshotsEnabled);

-    connect(m_settings.get(), &Settings::serverRemoved,
-            AndroidController::instance(), &AndroidController::resetLastServer);
+    connect(m_settings.get(), &Settings::serverRemoved, AndroidController::instance(),
+            &AndroidController::resetLastServer);

-    connect(m_settings.get(), &Settings::settingsCleared,
-            [](){ AndroidController::instance()->resetLastServer(-1); });
+    connect(m_settings.get(), &Settings::settingsCleared, []() { AndroidController::instance()->resetLastServer(-1); });

    connect(AndroidController::instance(), &AndroidController::initConnectionState, this,
            [this](Vpn::ConnectionState state) {
@@ -124,8 +123,12 @@ void AmneziaApplication::init()
        m_importController->extractConfigFromData(data);
        m_pageController->goToPageViewConfig();
    });
+
+    m_engine->addImageProvider(QLatin1String("installedAppImage"), new InstalledAppsImageProvider);
 #endif

+
+
 #ifdef Q_OS_IOS
    IosController::Instance()->initialize();
    connect(IosController::Instance(), &IosController::importConfigFromOutside, [this](QString data) {
@@ -140,13 +143,10 @@ void AmneziaApplication::init()
        m_settingsController->importBackupFromOutside(filePath);
    });

-    QTimer::singleShot(0, this, [this](){
-        AmneziaVPN::toggleScreenshots(m_settings->isScreenshotsEnabled());
-    });
+    QTimer::singleShot(0, this, [this]() { AmneziaVPN::toggleScreenshots(m_settings->isScreenshotsEnabled()); });

-    connect(m_settings.get(), &Settings::screenshotsEnabledChanged, [](bool enabled) {
-        AmneziaVPN::toggleScreenshots(enabled);
-    });
+    connect(m_settings.get(), &Settings::screenshotsEnabledChanged,
+            [](bool enabled) { AmneziaVPN::toggleScreenshots(enabled); });
 #endif

    m_notificationHandler.reset(NotificationHandler::create(nullptr));
@@ -234,7 +234,8 @@ void AmneziaApplication::registerTypes()
    qmlRegisterSingletonType(QUrl("qrc:/ui/qml/Filters/ContainersModelFilters.qml"), "ContainersModelFilters", 1, 0,
                             "ContainersModelFilters");

-    //
+    qmlRegisterType<InstalledAppsModel>("InstalledAppsModel", 1, 0, "InstalledAppsModel");
+
    Vpn::declareQmlVpnConnectionStateEnum();
    PageLoader::declareQmlPageEnum();
 }
@@ -325,6 +326,9 @@ void AmneziaApplication::initModels()
    m_sitesModel.reset(new SitesModel(m_settings, this));
    m_engine->rootContext()->setContextProperty("SitesModel", m_sitesModel.get());

+    m_appSplitTunnelingModel.reset(new AppSplitTunnelingModel(m_settings, this));
+    m_engine->rootContext()->setContextProperty("AppSplitTunnelingModel", m_appSplitTunnelingModel.get());
+
    m_protocolsModel.reset(new ProtocolsModel(m_settings, this));
    m_engine->rootContext()->setContextProperty("ProtocolsModel", m_protocolsModel.get());

@@ -343,6 +347,9 @@ void AmneziaApplication::initModels()
    m_awgConfigModel.reset(new AwgConfigModel(this));
    m_engine->rootContext()->setContextProperty("AwgConfigModel", m_awgConfigModel.get());

+    m_xrayConfigModel.reset(new XrayConfigModel(this));
+    m_engine->rootContext()->setContextProperty("XrayConfigModel", m_xrayConfigModel.get());
+
 #ifdef Q_OS_WINDOWS
    m_ikev2ConfigModel.reset(new Ikev2ConfigModel(this));
    m_engine->rootContext()->setContextProperty("Ikev2ConfigModel", m_ikev2ConfigModel.get());
@@ -355,28 +362,30 @@ void AmneziaApplication::initModels()
    m_engine->rootContext()->setContextProperty("ClientManagementModel", m_clientManagementModel.get());
    connect(m_clientManagementModel.get(), &ClientManagementModel::adminConfigRevoked, m_serversModel.get(),
            &ServersModel::clearCachedProfile);
-
-    connect(m_configurator.get(), &VpnConfigurator::newVpnConfigCreated, this,
-            [this](const QString &clientId, const QString &clientName, const DockerContainer container,
-                   ServerCredentials credentials) {
-                m_serversModel->reloadDefaultServerContainerConfig();
-                m_clientManagementModel->appendClient(clientId, clientName, container, credentials);
-                emit m_configurator->clientModelUpdated();
-            });
 }

 void AmneziaApplication::initControllers()
 {
-    m_connectionController.reset(new ConnectionController(m_serversModel, m_containersModel, m_vpnConnection));
+    m_connectionController.reset(new ConnectionController(m_serversModel, m_containersModel, m_clientManagementModel,
+                                                          m_vpnConnection, m_settings));
    m_engine->rootContext()->setContextProperty("ConnectionController", m_connectionController.get());

+    connect(m_connectionController.get(), &ConnectionController::connectionErrorOccurred, this,
+            [this](const QString &errorMessage) {
+                emit m_pageController->showErrorMessage(errorMessage);
+                emit m_vpnConnection->connectionStateChanged(Vpn::ConnectionState::Disconnected);
+            });
+    connect(m_connectionController.get(), &ConnectionController::connectButtonClicked, m_connectionController.get(),
+            &ConnectionController::toggleConnection, Qt::QueuedConnection);
+
    connect(this, &AmneziaApplication::translationsUpdated, m_connectionController.get(),
            &ConnectionController::onTranslationsUpdated);

    m_pageController.reset(new PageController(m_serversModel, m_settings));
    m_engine->rootContext()->setContextProperty("PageController", m_pageController.get());

-    m_installController.reset(new InstallController(m_serversModel, m_containersModel, m_protocolsModel, m_settings));
+    m_installController.reset(new InstallController(m_serversModel, m_containersModel, m_protocolsModel,
+                                                    m_clientManagementModel, m_settings));
    m_engine->rootContext()->setContextProperty("InstallController", m_installController.get());
    connect(m_installController.get(), &InstallController::passphraseRequestStarted, m_pageController.get(),
            &PageController::showPassphraseRequestDrawer);
@@ -388,8 +397,7 @@ void AmneziaApplication::initControllers()
    m_importController.reset(new ImportController(m_serversModel, m_containersModel, m_settings));
    m_engine->rootContext()->setContextProperty("ImportController", m_importController.get());

-    m_exportController.reset(new ExportController(m_serversModel, m_containersModel, m_clientManagementModel,
-                                                  m_settings, m_configurator));
+    m_exportController.reset(new ExportController(m_serversModel, m_containersModel, m_clientManagementModel, m_settings));
    m_engine->rootContext()->setContextProperty("ExportController", m_exportController.get());

    m_settingsController.reset(
@@ -404,20 +412,9 @@ void AmneziaApplication::initControllers()
    m_sitesController.reset(new SitesController(m_settings, m_vpnConnection, m_sitesModel));
    m_engine->rootContext()->setContextProperty("SitesController", m_sitesController.get());

+    m_appSplitTunnelingController.reset(new AppSplitTunnelingController(m_settings, m_appSplitTunnelingModel));
+    m_engine->rootContext()->setContextProperty("AppSplitTunnelingController", m_appSplitTunnelingController.get());
+
    m_systemController.reset(new SystemController(m_settings));
    m_engine->rootContext()->setContextProperty("SystemController", m_systemController.get());
-
-    m_apiController.reset(new ApiController(m_serversModel, m_containersModel));
-    m_engine->rootContext()->setContextProperty("ApiController", m_apiController.get());
-    connect(m_apiController.get(), &ApiController::updateStarted, this,
-            [this]() { emit m_vpnConnection->connectionStateChanged(Vpn::ConnectionState::Connecting); });
-    connect(m_apiController.get(), &ApiController::errorOccurred, this, [this](const QString &errorMessage) {
-        if (m_connectionController->isConnectionInProgress()) {
-            emit m_pageController->showErrorMessage(errorMessage);
-        }
-
-        emit m_vpnConnection->connectionStateChanged(Vpn::ConnectionState::Disconnected);
-    });
-    connect(m_apiController.get(), &ApiController::updateFinished, m_connectionController.get(),
-            &ConnectionController::toggleConnection);
 }
@@ -14,7 +14,7 @@
 #include "settings.h"
 #include "vpnconnection.h"

-#include "configurators/vpn_configurator.h"
+#include "core/controllers/apiController.h"

 #include "ui/controllers/connectionController.h"
 #include "ui/controllers/exportController.h"
@@ -24,7 +24,7 @@
 #include "ui/controllers/settingsController.h"
 #include "ui/controllers/sitesController.h"
 #include "ui/controllers/systemController.h"
-#include "ui/controllers/apiController.h"
+#include "ui/controllers/appSplitTunnelingController.h"
 #include "ui/models/containers_model.h"
 #include "ui/models/languageModel.h"
 #include "ui/models/protocols/cloakConfigModel.h"
@@ -36,11 +36,13 @@
 #include "ui/models/protocols/openvpnConfigModel.h"
 #include "ui/models/protocols/shadowsocksConfigModel.h"
 #include "ui/models/protocols/wireguardConfigModel.h"
+#include "ui/models/protocols/xrayConfigModel.h"
 #include "ui/models/protocols_model.h"
 #include "ui/models/servers_model.h"
 #include "ui/models/services/sftpConfigModel.h"
 #include "ui/models/sites_model.h"
 #include "ui/models/clientManagementModel.h"
+#include "ui/models/appSplitTunnelingModel.h"

 #define amnApp (static_cast<AmneziaApplication *>(QCoreApplication::instance()))

@@ -83,7 +85,6 @@ private:

    QQmlApplicationEngine *m_engine {};
    std::shared_ptr<Settings> m_settings;
-    std::shared_ptr<VpnConfigurator> m_configurator;

    QSharedPointer<ContainerProps> m_containerProps;
    QSharedPointer<ProtocolProps> m_protocolProps;
@@ -97,11 +98,13 @@ private:
    QSharedPointer<LanguageModel> m_languageModel;
    QSharedPointer<ProtocolsModel> m_protocolsModel;
    QSharedPointer<SitesModel> m_sitesModel;
+    QSharedPointer<AppSplitTunnelingModel> m_appSplitTunnelingModel;
    QSharedPointer<ClientManagementModel> m_clientManagementModel;

    QScopedPointer<OpenVpnConfigModel> m_openVpnConfigModel;
    QScopedPointer<ShadowSocksConfigModel> m_shadowSocksConfigModel;
    QScopedPointer<CloakConfigModel> m_cloakConfigModel;
+    QScopedPointer<XrayConfigModel> m_xrayConfigModel;    
    QScopedPointer<WireGuardConfigModel> m_wireGuardConfigModel;
    QScopedPointer<AwgConfigModel> m_awgConfigModel;
 #ifdef Q_OS_WINDOWS
@@ -123,6 +126,7 @@ private:
    QScopedPointer<SitesController> m_sitesController;
    QScopedPointer<SystemController> m_systemController;
    QScopedPointer<ApiController> m_apiController;
+    QScopedPointer<AppSplitTunnelingController> m_appSplitTunnelingController;
 };

 #endif // AMNEZIA_APPLICATION_H
@@ -24,9 +24,7 @@
    <uses-permission android:name="android.permission.FOREGROUND_SERVICE" />
    <uses-permission android:name="android.permission.FOREGROUND_SERVICE_SYSTEM_EXEMPTED" />
    <uses-permission android:name="android.permission.POST_NOTIFICATIONS" />
-
-    <!-- Enable when VPN-per-app mode will be implemented -->
-    <!-- <uses-permission android:name="android.permission.QUERY_ALL_PACKAGES"/> -->
+    <uses-permission android:name="android.permission.QUERY_ALL_PACKAGES" tools:ignore="QueryAllPackagesPermission" />

    <application
        android:name=".AmneziaApplication"
@@ -66,6 +66,7 @@ class Awg : Wireguard() {
        return AwgConfig.build {
            configWireguard(configData, configDataJson)
            configSplitTunneling(config)
+            configAppSplitTunneling(config)
            configData["Jc"]?.let { setJc(it.toInt()) }
            configData["Jmin"]?.let { setJmin(it.toInt()) }
            configData["Jmax"]?.let { setJmax(it.toInt()) }
@@ -79,6 +79,7 @@ open class OpenVpn : Protocol() {
                }
                configPluggableTransport(configBuilder, config)
                configBuilder.configSplitTunneling(config)
+                configBuilder.configAppSplitTunneling(config)

                scope.launch {
                    val status = client.connect()
@@ -64,6 +64,22 @@ abstract class Protocol {
        }
    }

+    protected fun ProtocolConfig.Builder.configAppSplitTunneling(config: JSONObject) {
+        val splitTunnelType = config.optInt("appSplitTunnelType")
+        if (splitTunnelType == SPLIT_TUNNEL_DISABLE) return
+        val splitTunnelApps = config.getJSONArray("splitTunnelApps")
+        val appHandlerFunc = when (splitTunnelType) {
+            SPLIT_TUNNEL_INCLUDE -> ::includeApplication
+            SPLIT_TUNNEL_EXCLUDE -> ::excludeApplication
+
+            else -> throw BadConfigException("Unexpected value of the 'appSplitTunnelType' parameter: $splitTunnelType")
+        }
+
+        for (i in 0 until splitTunnelApps.length()) {
+            appHandlerFunc(splitTunnelApps.getString(i))
+        }
+    }
+
    protected open fun buildVpnInterface(config: ProtocolConfig, vpnBuilder: Builder) {
        vpnBuilder.setSession(VPN_SESSION_NAME)

@@ -101,6 +117,11 @@ abstract class Protocol {
            }
        }

+        for (app in config.includedApplications) {
+            Log.d(TAG, "addAllowedApplication: $app")
+            vpnBuilder.addAllowedApplication(app)
+        }
+
        for (app in config.excludedApplications) {
            Log.d(TAG, "addDisallowedApplication: $app")
            vpnBuilder.addDisallowedApplication(app)
@@ -16,6 +16,7 @@ open class ProtocolConfig protected constructor(
    val excludedRoutes: Set<InetNetwork>,
    val includedAddresses: Set<InetNetwork>,
    val excludedAddresses: Set<InetNetwork>,
+    val includedApplications: Set<String>,
    val excludedApplications: Set<String>,
    val httpProxy: ProxyInfo?,
    val allowAllAF: Boolean,
@@ -31,6 +32,7 @@ open class ProtocolConfig protected constructor(
        builder.excludedRoutes,
        builder.includedAddresses,
        builder.excludedAddresses,
+        builder.includedApplications,
        builder.excludedApplications,
        builder.httpProxy,
        builder.allowAllAF,
@@ -45,6 +47,7 @@ open class ProtocolConfig protected constructor(
        internal val excludedRoutes: MutableSet<InetNetwork> = hashSetOf()
        internal val includedAddresses: MutableSet<InetNetwork> = hashSetOf()
        internal val excludedAddresses: MutableSet<InetNetwork> = hashSetOf()
+        internal val includedApplications: MutableSet<String> = hashSetOf()
        internal val excludedApplications: MutableSet<String> = hashSetOf()

        internal var searchDomain: String? = null
@@ -88,6 +91,9 @@ open class ProtocolConfig protected constructor(
        fun excludeAddress(addr: InetNetwork) = apply { this.excludedAddresses += addr }
        fun excludeAddresses(addresses: Collection<InetNetwork>) = apply { this.excludedAddresses += addresses }

+        fun includeApplication(application: String) = apply { this.includedApplications += application }
+        fun includeApplications(applications: Collection<String>) = apply { this.includedApplications += applications }
+
        fun excludeApplication(application: String) = apply { this.excludedApplications += application }
        fun excludeApplications(applications: Collection<String>) = apply { this.excludedApplications += applications }

@@ -2,4 +2,11 @@
 <resources>
    <string name="connecting">Подключение</string>
    <string name="disconnecting">Отключение</string>
+    <string name="cancel">Отмена</string>
+    <string name="ok">ОК</string>
+    <string name="vpnGranted">VPN-подключение разрешено</string>
+    <string name="vpnDenied">VPN-подключение запрещено</string>
+    <string name="vpnSetupFailed">Ошибка настройки VPN</string>
+    <string name="vpnSetupFailedMessage">Чтобы подключиться к AmneziaVPN необходимо:\n\n- Разрешить приложению подключаться к сети VPN\n- Отключить функцию \"Постоянная VPN\" для всех остальных VPN-приложений в системных настройках VPN</string>
+    <string name="openVpnSettings">Открыть настройки VPN</string>
 </resources>
@@ -2,4 +2,11 @@
 <resources>
    <string name="connecting">Connecting</string>
    <string name="disconnecting">Disconnecting</string>
+    <string name="cancel">Cancel</string>
+    <string name="ok">OK</string>
+    <string name="vpnGranted">VPN permission granted</string>
+    <string name="vpnDenied">VPN permission denied</string>
+    <string name="vpnSetupFailed">VPN setup error</string>
+    <string name="vpnSetupFailedMessage">To connect to AmneziaVPN, please do the following:\n\n- Allow the app to set up a VPN connection\n- Disable Always-on VPN for any other VPN app in the VPN system settings</string>
+    <string name="openVpnSettings">Open VPN settings</string>
 </resources>
@@ -1,11 +1,13 @@
 package org.amnezia.vpn

+import android.app.AlertDialog
 import android.content.ComponentName
 import android.content.Intent
 import android.content.Intent.EXTRA_MIME_TYPES
 import android.content.Intent.FLAG_ACTIVITY_LAUNCHED_FROM_HISTORY
 import android.content.ServiceConnection
 import android.content.pm.PackageManager
+import android.graphics.Bitmap
 import android.net.Uri
 import android.net.VpnService
 import android.os.Bundle
@@ -14,6 +16,7 @@ import android.os.IBinder
 import android.os.Looper
 import android.os.Message
 import android.os.Messenger
+import android.provider.Settings
 import android.view.WindowManager.LayoutParams
 import android.webkit.MimeTypeMap
 import android.widget.Toast
@@ -22,12 +25,15 @@ import androidx.core.content.ContextCompat
 import java.io.IOException
 import kotlin.LazyThreadSafetyMode.NONE
 import kotlin.text.RegexOption.IGNORE_CASE
+import AppListProvider
 import kotlinx.coroutines.CompletableDeferred
 import kotlinx.coroutines.CoroutineScope
 import kotlinx.coroutines.Dispatchers
 import kotlinx.coroutines.SupervisorJob
 import kotlinx.coroutines.cancel
 import kotlinx.coroutines.launch
+import kotlinx.coroutines.runBlocking
+import kotlinx.coroutines.withContext
 import org.amnezia.vpn.protocol.getStatistics
 import org.amnezia.vpn.protocol.getStatus
 import org.amnezia.vpn.qt.QtAndroidController
@@ -216,13 +222,13 @@ class AmneziaActivity : QtActivity() {
                when (resultCode) {
                    RESULT_OK -> {
                        Log.d(TAG, "Vpn permission granted")
-                        Toast.makeText(this, "Vpn permission granted", Toast.LENGTH_LONG).show()
+                        Toast.makeText(this, resources.getText(R.string.vpnGranted), Toast.LENGTH_LONG).show()
                        checkVpnPermissionCallbacks?.run { onSuccess() }
                    }

                    else -> {
                        Log.w(TAG, "Vpn permission denied, resultCode: $resultCode")
-                        Toast.makeText(this, "Vpn permission denied", Toast.LENGTH_LONG).show()
+                        showOnVpnPermissionRejectDialog()
                        checkVpnPermissionCallbacks?.run { onFail() }
                    }
                }
@@ -280,6 +286,17 @@ class AmneziaActivity : QtActivity() {
        onSuccess()
    }

+    private fun showOnVpnPermissionRejectDialog() {
+        AlertDialog.Builder(this)
+            .setTitle(R.string.vpnSetupFailed)
+            .setMessage(R.string.vpnSetupFailedMessage)
+            .setNegativeButton(R.string.ok) { _, _ -> }
+            .setPositiveButton(R.string.openVpnSettings) { _, _ ->
+                startActivity(Intent(Settings.ACTION_VPN_SETTINGS))
+            }
+            .show()
+    }
+
    @MainThread
    private fun startVpn(vpnConfig: String) {
        if (isServiceConnected) {
@@ -463,4 +480,32 @@ class AmneziaActivity : QtActivity() {
            window.setFlags(flag, LayoutParams.FLAG_SECURE)
        }
    }
+
+    @Suppress("unused")
+    fun minimizeApp() {
+        Log.v(TAG, "Minimize application")
+        mainScope.launch {
+            moveTaskToBack(false)
+        }
+    }
+
+    @Suppress("unused")
+    fun getAppList(): String {
+        Log.v(TAG, "Get app list")
+        var appList = ""
+        runBlocking {
+            mainScope.launch {
+                withContext(Dispatchers.IO) {
+                    appList = AppListProvider.getAppList(packageManager, packageName)
+                }
+            }.join()
+        }
+        return appList
+    }
+
+    @Suppress("unused")
+    fun getAppIcon(packageName: String, width: Int, height: Int): Bitmap {
+        Log.v(TAG, "Get app icon: $packageName")
+        return AppListProvider.getAppIcon(packageManager, packageName, width, height)
+    }
 }
@@ -215,11 +215,9 @@ class AmneziaVpnService : VpnService() {
    }

    override fun onStartCommand(intent: Intent?, flags: Int, startId: Int): Int {
-        val isAlwaysOnCompat =
-            if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q) isAlwaysOn
-            else intent?.component?.packageName != packageName
+        val isAlwaysOn = intent != null && intent.action == SERVICE_INTERFACE

-        if (isAlwaysOnCompat) {
+        if (isAlwaysOn) {
            Log.d(TAG, "Start service via Always-on")
            connect()
        } else if (intent?.getBooleanExtra(AFTER_PERMISSION_CHECK, false) == true) {
@@ -0,0 +1,73 @@
+import android.Manifest.permission.INTERNET
+import android.content.pm.ApplicationInfo
+import android.content.pm.PackageInfo
+import android.content.pm.PackageManager
+import android.content.pm.PackageManager.NameNotFoundException
+import android.graphics.Bitmap
+import android.graphics.Bitmap.Config.ARGB_8888
+import androidx.core.graphics.drawable.toBitmapOrNull
+import org.amnezia.vpn.util.Log
+import org.json.JSONArray
+import org.json.JSONObject
+
+private const val TAG = "AppListProvider"
+
+object AppListProvider {
+    fun getAppList(pm: PackageManager, selfPackageName: String): String {
+        val jsonArray = JSONArray()
+        pm.getPackagesHoldingPermissions(arrayOf(INTERNET), 0)
+            .filter { it.packageName != selfPackageName }
+            .map { App(it, pm) }
+            .sortedWith(App::compareTo)
+            .map(App::toJson)
+            .forEach(jsonArray::put)
+        return jsonArray.toString()
+    }
+
+    fun getAppIcon(pm: PackageManager, packageName: String, width: Int, height: Int): Bitmap {
+        val icon = try {
+            pm.getApplicationIcon(packageName)
+        } catch (e: NameNotFoundException) {
+            Log.e(TAG, "Package $packageName was not found: $e")
+            pm.defaultActivityIcon
+        }
+        val w: Int = if (width > 0) width else icon.intrinsicWidth
+        val h: Int = if (height > 0) height else icon.intrinsicHeight
+        return icon.toBitmapOrNull(w, h, ARGB_8888)
+            ?: Bitmap.createBitmap(w, h, ARGB_8888)
+    }
+}
+
+private class App(pi: PackageInfo, pm: PackageManager, ai: ApplicationInfo = pi.applicationInfo) : Comparable<App> {
+    val name: String?
+    val packageName: String = pi.packageName
+    val icon: Boolean = ai.icon != 0
+    val isLaunchable: Boolean = pm.getLaunchIntentForPackage(packageName) != null
+
+    init {
+        val name = ai.loadLabel(pm).toString()
+        this.name = if (name != packageName) name else null
+    }
+
+    override fun compareTo(other: App): Int {
+        val r = other.isLaunchable.compareTo(isLaunchable)
+        if (r != 0) return r
+        if (name != other.name) {
+            return when {
+                name == null -> 1
+                other.name == null -> -1
+                else -> String.CASE_INSENSITIVE_ORDER.compare(name, other.name)
+            }
+        }
+        return String.CASE_INSENSITIVE_ORDER.compare(packageName, other.packageName)
+    }
+
+    fun toJson(): JSONObject {
+        val jsonObject = JSONObject()
+        jsonObject.put("package", packageName)
+        jsonObject.put("name", name)
+        jsonObject.put("icon", icon)
+        jsonObject.put("launchable", isLaunchable)
+        return jsonObject
+    }
+}
@@ -1,12 +1,16 @@
 package org.amnezia.vpn

+import android.app.AlertDialog
 import android.app.KeyguardManager
 import android.content.BroadcastReceiver
 import android.content.Context
 import android.content.Intent
 import android.content.IntentFilter
+import android.content.res.Configuration.UI_MODE_NIGHT_MASK
+import android.content.res.Configuration.UI_MODE_NIGHT_YES
 import android.net.VpnService
 import android.os.Bundle
+import android.provider.Settings
 import android.widget.Toast
 import androidx.activity.ComponentActivity
 import androidx.activity.result.ActivityResult
@@ -52,19 +56,43 @@ class VpnRequestActivity : ComponentActivity() {
    }

    private fun checkRequestResult(result: ActivityResult) {
-        when (result.resultCode) {
-            RESULT_OK -> onPermissionGranted()
-            else -> Toast.makeText(this, "Vpn permission denied", Toast.LENGTH_LONG).show()
+        when (val resultCode = result.resultCode) {
+            RESULT_OK -> {
+                onPermissionGranted()
+                finish()
+            }
+
+            else -> {
+                Log.w(TAG, "Vpn permission denied, resultCode: $resultCode")
+                showOnVpnPermissionRejectDialog()
+            }
        }
-        finish()
    }

    private fun onPermissionGranted() {
-        Toast.makeText(this, "Vpn permission granted", Toast.LENGTH_LONG).show()
+        Toast.makeText(this, resources.getString(R.string.vpnGranted), Toast.LENGTH_LONG).show()
        Intent(applicationContext, AmneziaVpnService::class.java).apply {
            putExtra(AFTER_PERMISSION_CHECK, true)
        }.also {
            ContextCompat.startForegroundService(this, it)
        }
    }
+
+    private fun showOnVpnPermissionRejectDialog() {
+        AlertDialog.Builder(this, getDialogTheme())
+            .setTitle(R.string.vpnSetupFailed)
+            .setMessage(R.string.vpnSetupFailedMessage)
+            .setNegativeButton(R.string.ok) { _, _ -> }
+            .setPositiveButton(R.string.openVpnSettings) { _, _ ->
+                startActivity(Intent(Settings.ACTION_VPN_SETTINGS))
+            }
+            .setOnDismissListener { finish() }
+            .show()
+    }
+
+    private fun getDialogTheme(): Int =
+        if (resources.configuration.uiMode and UI_MODE_NIGHT_MASK == UI_MODE_NIGHT_YES)
+            android.R.style.Theme_DeviceDefault_Dialog_Alert
+        else
+            android.R.style.Theme_DeviceDefault_Light_Dialog_Alert
 }
@@ -95,6 +95,7 @@ open class Wireguard : Protocol() {
        return WireguardConfig.build {
            configWireguard(configData, configDataJson)
            configSplitTunneling(config)
+            configAppSplitTunneling(config)
        }
    }

@@ -157,7 +158,7 @@ open class Wireguard : Protocol() {
            if (tunFd == null) {
                throw VpnStartException("Create VPN interface: permission not granted or revoked")
            }
-            Log.v(TAG, "Wg-go backend ${GoBackend.awgVersion()}")
+            Log.i(TAG, "awg-go backend ${GoBackend.awgVersion()}")
            tunnelHandle = GoBackend.awgTurnOn(ifName, tunFd.detachFd(), config.toWgUserspaceString())
        }

@@ -20,7 +20,7 @@ set(QT_ANDROID_MULTI_ABI_FORWARD_VARS "QT_NO_GLOBAL_APK_TARGET_PART_OF_ALL;CMAKE

 # We need to include qtprivate api's
 # As QAndroidBinder is not yet implemented with a public api
-set(LIBS ${LIBS} Qt6::CorePrivate)
+set(LIBS ${LIBS} Qt6::CorePrivate -ljnigraphics)

 link_directories(${CMAKE_CURRENT_SOURCE_DIR}/platforms/android)

@@ -30,6 +30,7 @@ set(HEADERS ${HEADERS}
    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/android/android_utils.h
    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/android/authResultReceiver.h
    ${CMAKE_CURRENT_SOURCE_DIR}/protocols/android_vpnprotocol.h
+    ${CMAKE_CURRENT_SOURCE_DIR}/core/installedAppsImageProvider.h
 )

 set(SOURCES ${SOURCES}
@@ -38,13 +39,12 @@ set(SOURCES ${SOURCES}
    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/android/android_utils.cpp
    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/android/authResultReceiver.cpp
    ${CMAKE_CURRENT_SOURCE_DIR}/protocols/android_vpnprotocol.cpp
+    ${CMAKE_CURRENT_SOURCE_DIR}/core/installedAppsImageProvider.cpp
 )

 foreach(abi IN ITEMS ${QT_ANDROID_ABIS})
    set_property(TARGET ${PROJECT} PROPERTY QT_ANDROID_EXTRA_LIBS
-        ${CMAKE_CURRENT_SOURCE_DIR}/3rd-prebuilt/3rd-prebuilt/amneziawg/android/${abi}/libwg.so
        ${CMAKE_CURRENT_SOURCE_DIR}/3rd-prebuilt/3rd-prebuilt/amneziawg/android/${abi}/libwg-go.so
-        ${CMAKE_CURRENT_SOURCE_DIR}/3rd-prebuilt/3rd-prebuilt/amneziawg/android/${abi}/libwg-quick.so
        ${CMAKE_CURRENT_SOURCE_DIR}/3rd-prebuilt/3rd-prebuilt/openvpn/android/${abi}/libck-ovpn-plugin.so
        ${CMAKE_CURRENT_SOURCE_DIR}/3rd-prebuilt/3rd-prebuilt/openvpn/android/${abi}/libovpn3.so
        ${CMAKE_CURRENT_SOURCE_DIR}/3rd-prebuilt/3rd-prebuilt/openvpn/android/${abi}/libovpnutil.so
@@ -10,10 +10,10 @@ AwgConfigurator::AwgConfigurator(std::shared_ptr<Settings> settings, QObject *pa
 {
 }

-QString AwgConfigurator::genAwgConfig(const ServerCredentials &credentials, DockerContainer container,
-                                      const QJsonObject &containerConfig, QString &clientId, ErrorCode *errorCode)
+QString AwgConfigurator::createConfig(const ServerCredentials &credentials, DockerContainer container,
+                                      const QJsonObject &containerConfig, ErrorCode errorCode)
 {
-    QString config = WireguardConfigurator::genWireguardConfig(credentials, container, containerConfig, clientId, errorCode);
+    QString config = WireguardConfigurator::createConfig(credentials, container, containerConfig, errorCode);

    QJsonObject jsonConfig = QJsonDocument::fromJson(config.toUtf8()).object();
    QString awgConfig = jsonConfig.value(config_key::config).toString();
@@ -11,8 +11,8 @@ class AwgConfigurator : public WireguardConfigurator
 public:
    AwgConfigurator(std::shared_ptr<Settings> settings, QObject *parent = nullptr);

-    QString genAwgConfig(const ServerCredentials &credentials, DockerContainer container,
-                         const QJsonObject &containerConfig, QString &clientId, ErrorCode *errorCode = nullptr);
+    QString createConfig(const ServerCredentials &credentials, DockerContainer container,
+                         const QJsonObject &containerConfig, ErrorCode errorCode);
 };

 #endif // AWGCONFIGURATOR_H
@@ -13,22 +13,24 @@ CloakConfigurator::CloakConfigurator(std::shared_ptr<Settings> settings, QObject

 }

-QString CloakConfigurator::genCloakConfig(const ServerCredentials &credentials,
-    DockerContainer container, const QJsonObject &containerConfig, ErrorCode *errorCode)
+QString CloakConfigurator::createConfig(const ServerCredentials &credentials, DockerContainer container,
+                                        const QJsonObject &containerConfig, ErrorCode errorCode)
 {
-    ErrorCode e = ErrorCode::NoError;
    ServerController serverController(m_settings);

    QString cloakPublicKey = serverController.getTextFileFromContainer(container, credentials,
-        amnezia::protocols::cloak::ckPublicKeyPath, &e);
+        amnezia::protocols::cloak::ckPublicKeyPath, errorCode);
    cloakPublicKey.replace("\n", "");

+    if (errorCode != ErrorCode::NoError) {
+        return "";
+    }
+
    QString cloakBypassUid = serverController.getTextFileFromContainer(container, credentials,
-        amnezia::protocols::cloak::ckBypassUidKeyPath, &e);
+        amnezia::protocols::cloak::ckBypassUidKeyPath, errorCode);
    cloakBypassUid.replace("\n", "");

-    if (e) {
-        if (errorCode) *errorCode = e;
+    if (errorCode != ErrorCode::NoError) {
        return "";
    }

@@ -48,6 +50,5 @@ QString CloakConfigurator::genCloakConfig(const ServerCredentials &credentials,
    QString textCfg = serverController.replaceVars(QJsonDocument(config).toJson(),
                                                   serverController.genVarsForScript(credentials, container, containerConfig));

-    // qDebug().noquote() << textCfg;
    return textCfg;
 }
@@ -7,14 +7,14 @@

 using namespace amnezia;

-class CloakConfigurator : ConfiguratorBase
+class CloakConfigurator : public ConfiguratorBase
 {
    Q_OBJECT
 public:
    CloakConfigurator(std::shared_ptr<Settings> settings, QObject *parent = nullptr);

-    QString genCloakConfig(const ServerCredentials &credentials, DockerContainer container,
-        const QJsonObject &containerConfig, ErrorCode *errorCode = nullptr);
+    QString createConfig(const ServerCredentials &credentials, DockerContainer container,
+                         const QJsonObject &containerConfig, ErrorCode errorCode);
 };

 #endif // CLOAK_CONFIGURATOR_H
@@ -1,8 +1,26 @@
 #include "configurator_base.h"

 ConfiguratorBase::ConfiguratorBase(std::shared_ptr<Settings> settings, QObject *parent)
-    : QObject{parent},
-      m_settings(settings)
+    : QObject { parent }, m_settings(settings)
 {
-
+}
+
+QString ConfiguratorBase::processConfigWithLocalSettings(const QPair<QString, QString> &dns, const bool isApiConfig,
+                                                         QString &protocolConfigString)
+{
+    processConfigWithDnsSettings(dns, protocolConfigString);
+    return protocolConfigString;
+}
+
+QString ConfiguratorBase::processConfigWithExportSettings(const QPair<QString, QString> &dns, const bool isApiConfig,
+                                                          QString &protocolConfigString)
+{
+    processConfigWithDnsSettings(dns, protocolConfigString);
+    return protocolConfigString;
+}
+
+void ConfiguratorBase::processConfigWithDnsSettings(const QPair<QString, QString> &dns, QString &protocolConfigString)
+{
+    protocolConfigString.replace("$PRIMARY_DNS", dns.first);
+    protocolConfigString.replace("$SECONDARY_DNS", dns.second);
 }
@@ -3,10 +3,9 @@

 #include <QObject>

-class Settings;
-
 #include "containers/containers_defs.h"
 #include "core/defs.h"
+#include "settings.h"

 class ConfiguratorBase : public QObject
 {
@@ -14,7 +13,17 @@ class ConfiguratorBase : public QObject
 public:
    explicit ConfiguratorBase(std::shared_ptr<Settings> settings, QObject *parent = nullptr);

+    virtual QString createConfig(const ServerCredentials &credentials, DockerContainer container,
+                                 const QJsonObject &containerConfig, ErrorCode errorCode) = 0;
+
+    virtual QString processConfigWithLocalSettings(const QPair<QString, QString> &dns, const bool isApiConfig,
+                                                   QString &protocolConfigString);
+    virtual QString processConfigWithExportSettings(const QPair<QString, QString> &dns, const bool isApiConfig,
+                                                    QString &protocolConfigString);
+
 protected:
+    void processConfigWithDnsSettings(const QPair<QString, QString> &dns, QString &protocolConfigString);
+
    std::shared_ptr<Settings> m_settings;
 };

@@ -20,7 +20,7 @@ Ikev2Configurator::Ikev2Configurator(std::shared_ptr<Settings> settings, QObject
 }

 Ikev2Configurator::ConnectionData Ikev2Configurator::prepareIkev2Config(const ServerCredentials &credentials,
-                                                                        DockerContainer container, ErrorCode *errorCode)
+                                                                        DockerContainer container, ErrorCode errorCode)
 {
    Ikev2Configurator::ConnectionData connData;
    connData.host = credentials.hostName;
@@ -40,17 +40,17 @@ Ikev2Configurator::ConnectionData Ikev2Configurator::prepareIkev2Config(const Se
                                       .arg(connData.clientId);

    ServerController serverController(m_settings);
-    ErrorCode e = serverController.runContainerScript(credentials, container, scriptCreateCert);
+    errorCode = serverController.runContainerScript(credentials, container, scriptCreateCert);

    QString scriptExportCert = QString("pk12util -W \"%1\" -d sql:/etc/ipsec.d -n \"%2\" -o \"%3\"")
                                       .arg(connData.password)
                                       .arg(connData.clientId)
                                       .arg(certFileName);
-    e = serverController.runContainerScript(credentials, container, scriptExportCert);
+    errorCode = serverController.runContainerScript(credentials, container, scriptExportCert);

-    connData.clientCert = serverController.getTextFileFromContainer(container, credentials, certFileName, &e);
+    connData.clientCert = serverController.getTextFileFromContainer(container, credentials, certFileName, errorCode);
    connData.caCert =
-            serverController.getTextFileFromContainer(container, credentials, "/etc/ipsec.d/ca_cert_base64.p12", &e);
+            serverController.getTextFileFromContainer(container, credentials, "/etc/ipsec.d/ca_cert_base64.p12", errorCode);

    qDebug() << "Ikev2Configurator::ConnectionData client cert size:" << connData.clientCert.size();
    qDebug() << "Ikev2Configurator::ConnectionData ca cert size:" << connData.caCert.size();
@@ -58,13 +58,13 @@ Ikev2Configurator::ConnectionData Ikev2Configurator::prepareIkev2Config(const Se
    return connData;
 }

-QString Ikev2Configurator::genIkev2Config(const ServerCredentials &credentials, DockerContainer container,
-                                          const QJsonObject &containerConfig, ErrorCode *errorCode)
+QString Ikev2Configurator::createConfig(const ServerCredentials &credentials, DockerContainer container,
+                                        const QJsonObject &containerConfig, ErrorCode errorCode)
 {
    Q_UNUSED(containerConfig)

    ConnectionData connData = prepareIkev2Config(credentials, container, errorCode);
-    if (errorCode && *errorCode) {
+    if (errorCode != ErrorCode::NoError) {
        return "";
    }

@@ -7,7 +7,7 @@
 #include "configurator_base.h"
 #include "core/defs.h"

-class Ikev2Configurator : ConfiguratorBase
+class Ikev2Configurator : public ConfiguratorBase
 {
    Q_OBJECT
 public:
@@ -21,15 +21,15 @@ public:
        QString host; // host ip
    };

-    QString genIkev2Config(const ServerCredentials &credentials, DockerContainer container,
-        const QJsonObject &containerConfig, ErrorCode *errorCode = nullptr);
+    QString createConfig(const ServerCredentials &credentials, DockerContainer container,
+                         const QJsonObject &containerConfig, ErrorCode errorCode);

    QString genIkev2Config(const ConnectionData &connData);
    QString genMobileConfig(const ConnectionData &connData);
    QString genStrongSwanConfig(const ConnectionData &connData);

    ConnectionData prepareIkev2Config(const ServerCredentials &credentials,
-        DockerContainer container, ErrorCode *errorCode = nullptr);
+        DockerContainer container, ErrorCode errorCode);
 };

 #endif // IKEV2_CONFIGURATOR_H
@@ -14,9 +14,9 @@
 #endif

 #include "containers/containers_defs.h"
+#include "core/controllers/serverController.h"
 #include "core/scripts_registry.h"
 #include "core/server_defs.h"
-#include "core/controllers/serverController.h"
 #include "settings.h"
 #include "utilities.h"

@@ -31,59 +31,51 @@ OpenVpnConfigurator::OpenVpnConfigurator(std::shared_ptr<Settings> settings, QOb

 OpenVpnConfigurator::ConnectionData OpenVpnConfigurator::prepareOpenVpnConfig(const ServerCredentials &credentials,
                                                                              DockerContainer container,
-                                                                              ErrorCode *errorCode)
+                                                                              ErrorCode errorCode)
 {
    OpenVpnConfigurator::ConnectionData connData = OpenVpnConfigurator::createCertRequest();
    connData.host = credentials.hostName;

    if (connData.privKey.isEmpty() || connData.request.isEmpty()) {
-        if (errorCode)
-            *errorCode = ErrorCode::OpenSslFailed;
+        errorCode = ErrorCode::OpenSslFailed;
        return connData;
    }

    QString reqFileName = QString("%1/%2.req").arg(amnezia::protocols::openvpn::clientsDirPath).arg(connData.clientId);

    ServerController serverController(m_settings);
-    ErrorCode e = serverController.uploadTextFileToContainer(container, credentials, connData.request, reqFileName);
-    if (e) {
-        if (errorCode)
-            *errorCode = e;
+    errorCode = serverController.uploadTextFileToContainer(container, credentials, connData.request, reqFileName);
+    if (errorCode != ErrorCode::NoError) {
        return connData;
    }

-    e = signCert(container, credentials, connData.clientId);
-    if (e) {
-        if (errorCode)
-            *errorCode = e;
+    errorCode = signCert(container, credentials, connData.clientId);
+    if (errorCode != ErrorCode::NoError) {
        return connData;
    }

    connData.caCert = serverController.getTextFileFromContainer(container, credentials,
-                                                                amnezia::protocols::openvpn::caCertPath, &e);
+                                                                amnezia::protocols::openvpn::caCertPath, errorCode);
    connData.clientCert = serverController.getTextFileFromContainer(
            container, credentials,
-            QString("%1/%2.crt").arg(amnezia::protocols::openvpn::clientCertPath).arg(connData.clientId), &e);
+            QString("%1/%2.crt").arg(amnezia::protocols::openvpn::clientCertPath).arg(connData.clientId), errorCode);

-    if (e) {
-        if (errorCode)
-            *errorCode = e;
+    if (errorCode != ErrorCode::NoError) {
        return connData;
    }

    connData.taKey = serverController.getTextFileFromContainer(container, credentials,
-                                                               amnezia::protocols::openvpn::taKeyPath, &e);
+                                                               amnezia::protocols::openvpn::taKeyPath, errorCode);

    if (connData.caCert.isEmpty() || connData.clientCert.isEmpty() || connData.taKey.isEmpty()) {
-        if (errorCode)
-            *errorCode = ErrorCode::SshScpFailureError;
+        errorCode = ErrorCode::SshScpFailureError;
    }

    return connData;
 }

-QString OpenVpnConfigurator::genOpenVpnConfig(const ServerCredentials &credentials, DockerContainer container,
-                                              const QJsonObject &containerConfig, QString &clientId, ErrorCode *errorCode)
+QString OpenVpnConfigurator::createConfig(const ServerCredentials &credentials, DockerContainer container,
+                                          const QJsonObject &containerConfig, ErrorCode errorCode)
 {
    ServerController serverController(m_settings);
    QString config =
@@ -91,7 +83,7 @@ QString OpenVpnConfigurator::genOpenVpnConfig(const ServerCredentials &credentia
                                         serverController.genVarsForScript(credentials, container, containerConfig));

    ConnectionData connData = prepareOpenVpnConfig(credentials, container, errorCode);
-    if (errorCode && *errorCode) {
+    if (errorCode != ErrorCode::NoError) {
        return "";
    }

@@ -113,17 +105,20 @@ QString OpenVpnConfigurator::genOpenVpnConfig(const ServerCredentials &credentia
    QJsonObject jConfig;
    jConfig[config_key::config] = config;

-    clientId = connData.clientId;
+    jConfig[config_key::clientId] = connData.clientId;

    return QJsonDocument(jConfig).toJson();
 }

-QString OpenVpnConfigurator::processConfigWithLocalSettings(QString jsonConfig, const int serverIndex)
+QString OpenVpnConfigurator::processConfigWithLocalSettings(const QPair<QString, QString> &dns, const bool isApiConfig,
+                                                            QString &protocolConfigString)
 {
-    QJsonObject json = QJsonDocument::fromJson(jsonConfig.toUtf8()).object();
+    processConfigWithDnsSettings(dns, protocolConfigString);
+
+    QJsonObject json = QJsonDocument::fromJson(protocolConfigString.toUtf8()).object();
    QString config = json[config_key::config].toString();

-    if (!m_settings->server(serverIndex).value(config_key::configVersion).toInt()) {
+    if (!isApiConfig) {
        QRegularExpression regex("redirect-gateway.*");
        config.replace(regex, "");

@@ -138,9 +133,9 @@ QString OpenVpnConfigurator::processConfigWithLocalSettings(QString jsonConfig,
            // no redirect-gateway
        }
        if (m_settings->routeMode() == Settings::VpnAllExceptSites) {
-    #ifndef Q_OS_ANDROID
+#ifndef Q_OS_ANDROID
            config.append("\nredirect-gateway ipv6 !ipv4 bypass-dhcp\n");
-    #endif
+#endif
            // Prevent ipv6 leak
            config.append("ifconfig-ipv6 fd15:53b6:dead::2/64  fd15:53b6:dead::1\n");
            config.append("block-ipv6\n");
@@ -164,9 +159,12 @@ QString OpenVpnConfigurator::processConfigWithLocalSettings(QString jsonConfig,
    return QJsonDocument(json).toJson();
 }

-QString OpenVpnConfigurator::processConfigWithExportSettings(QString jsonConfig)
+QString OpenVpnConfigurator::processConfigWithExportSettings(const QPair<QString, QString> &dns, const bool isApiConfig,
+                                                             QString &protocolConfigString)
 {
-    QJsonObject json = QJsonDocument::fromJson(jsonConfig.toUtf8()).object();
+    processConfigWithDnsSettings(dns, protocolConfigString);
+
+    QJsonObject json = QJsonDocument::fromJson(protocolConfigString.toUtf8()).object();
    QString config = json[config_key::config].toString();

    QRegularExpression regex("redirect-gateway.*");
@@ -7,37 +7,37 @@
 #include "configurator_base.h"
 #include "core/defs.h"

-class OpenVpnConfigurator : ConfiguratorBase
+class OpenVpnConfigurator : public ConfiguratorBase
 {
    Q_OBJECT
 public:
    OpenVpnConfigurator(std::shared_ptr<Settings> settings, QObject *parent = nullptr);

-    struct ConnectionData {
+    struct ConnectionData
+    {
        QString clientId;
-        QString request; // certificate request
-        QString privKey; // client private key
+        QString request;    // certificate request
+        QString privKey;    // client private key
        QString clientCert; // client signed certificate
-        QString caCert; // server certificate
-        QString taKey; // tls-auth key
-        QString host; // host ip
+        QString caCert;     // server certificate
+        QString taKey;      // tls-auth key
+        QString host;       // host ip
    };

-    QString genOpenVpnConfig(const ServerCredentials &credentials, DockerContainer container,
-        const QJsonObject &containerConfig, QString &clientId, ErrorCode *errorCode = nullptr);
+    QString createConfig(const ServerCredentials &credentials, DockerContainer container,
+                         const QJsonObject &containerConfig, ErrorCode errorCode);

-    QString processConfigWithLocalSettings(QString jsonConfig, const int serverIndex);
-    QString processConfigWithExportSettings(QString jsonConfig);
-
-    ErrorCode signCert(DockerContainer container,
-        const ServerCredentials &credentials, QString clientId);
+    QString processConfigWithLocalSettings(const QPair<QString, QString> &dns, const bool isApiConfig,
+                                           QString &protocolConfigString);
+    QString processConfigWithExportSettings(const QPair<QString, QString> &dns, const bool isApiConfig,
+                                            QString &protocolConfigString);

    static ConnectionData createCertRequest();

 private:
-    ConnectionData prepareOpenVpnConfig(const ServerCredentials &credentials,
-        DockerContainer container, ErrorCode *errorCode = nullptr);
-
+    ConnectionData prepareOpenVpnConfig(const ServerCredentials &credentials, DockerContainer container,
+                                        ErrorCode errorCode);
+    ErrorCode signCert(DockerContainer container, const ServerCredentials &credentials, QString clientId);
 };

 #endif // OPENVPN_CONFIGURATOR_H
@@ -13,18 +13,16 @@ ShadowSocksConfigurator::ShadowSocksConfigurator(std::shared_ptr<Settings> setti

 }

-QString ShadowSocksConfigurator::genShadowSocksConfig(const ServerCredentials &credentials,
-    DockerContainer container, const QJsonObject &containerConfig, ErrorCode *errorCode)
+QString ShadowSocksConfigurator::createConfig(const ServerCredentials &credentials, DockerContainer container,
+                                              const QJsonObject &containerConfig, ErrorCode errorCode)
 {
-    ErrorCode e = ErrorCode::NoError;
    ServerController serverController(m_settings);

    QString ssKey = serverController.getTextFileFromContainer(container, credentials,
-                                                              amnezia::protocols::shadowsocks::ssKeyPath, &e);
+                                                              amnezia::protocols::shadowsocks::ssKeyPath, errorCode);
    ssKey.replace("\n", "");

-    if (e) {
-        if (errorCode) *errorCode = e;
+    if (errorCode != ErrorCode::NoError) {
        return "";
    }

@@ -6,14 +6,14 @@
 #include "configurator_base.h"
 #include "core/defs.h"

-class ShadowSocksConfigurator : ConfiguratorBase
+class ShadowSocksConfigurator : public ConfiguratorBase
 {
    Q_OBJECT
 public:
    ShadowSocksConfigurator(std::shared_ptr<Settings> settings, QObject *parent = nullptr);

-    QString genShadowSocksConfig(const ServerCredentials &credentials, DockerContainer container,
-        const QJsonObject &containerConfig, ErrorCode *errorCode = nullptr);
+    QString createConfig(const ServerCredentials &credentials, DockerContainer container,
+                         const QJsonObject &containerConfig, ErrorCode errorCode);
 };

 #endif // SHADOWSOCKS_CONFIGURATOR_H
@@ -1,127 +0,0 @@
-#include "vpn_configurator.h"
-#include "cloak_configurator.h"
-#include "ikev2_configurator.h"
-#include "openvpn_configurator.h"
-#include "shadowsocks_configurator.h"
-#include "ssh_configurator.h"
-#include "wireguard_configurator.h"
-#include "awg_configurator.h"
-
-#include <QFile>
-#include <QJsonDocument>
-#include <QJsonObject>
-
-#include "containers/containers_defs.h"
-#include "settings.h"
-#include "utilities.h"
-
-VpnConfigurator::VpnConfigurator(std::shared_ptr<Settings> settings, QObject *parent)
-    : ConfiguratorBase(settings, parent)
-{
-    openVpnConfigurator = std::shared_ptr<OpenVpnConfigurator>(new OpenVpnConfigurator(settings, this));
-    shadowSocksConfigurator = std::shared_ptr<ShadowSocksConfigurator>(new ShadowSocksConfigurator(settings, this));
-    cloakConfigurator = std::shared_ptr<CloakConfigurator>(new CloakConfigurator(settings, this));
-    wireguardConfigurator = std::shared_ptr<WireguardConfigurator>(new WireguardConfigurator(settings, false, this));
-    ikev2Configurator = std::shared_ptr<Ikev2Configurator>(new Ikev2Configurator(settings, this));
-    sshConfigurator = std::shared_ptr<SshConfigurator>(new SshConfigurator(settings, this));
-    awgConfigurator = std::shared_ptr<AwgConfigurator>(new AwgConfigurator(settings, this));
-}
-
-QString VpnConfigurator::genVpnProtocolConfig(const ServerCredentials &credentials, DockerContainer container,
-                                              const QJsonObject &containerConfig, Proto proto, QString &clientId, ErrorCode *errorCode)
-{
-    switch (proto) {
-    case Proto::OpenVpn:
-        return openVpnConfigurator->genOpenVpnConfig(credentials, container, containerConfig, clientId, errorCode);
-
-    case Proto::ShadowSocks:
-        return shadowSocksConfigurator->genShadowSocksConfig(credentials, container, containerConfig, errorCode);
-
-    case Proto::Cloak: return cloakConfigurator->genCloakConfig(credentials, container, containerConfig, errorCode);
-
-    case Proto::WireGuard:
-        return wireguardConfigurator->genWireguardConfig(credentials, container, containerConfig, clientId, errorCode);
-
-    case Proto::Awg:
-        return awgConfigurator->genAwgConfig(credentials, container, containerConfig, clientId, errorCode);
-
-    case Proto::Ikev2: return ikev2Configurator->genIkev2Config(credentials, container, containerConfig, errorCode);
-
-    default: return "";
-    }
-}
-
-QPair<QString, QString> VpnConfigurator::getDnsForConfig(int serverIndex)
-{
-    QPair<QString, QString> dns;
-
-    bool useAmneziaDns = m_settings->useAmneziaDns();
-    const QJsonObject &server = m_settings->server(serverIndex);
-
-    dns.first = server.value(config_key::dns1).toString();
-    dns.second = server.value(config_key::dns2).toString();
-
-    if (dns.first.isEmpty() || !Utils::checkIPv4Format(dns.first)) {
-        if (useAmneziaDns && m_settings->containers(serverIndex).contains(DockerContainer::Dns)) {
-            dns.first = protocols::dns::amneziaDnsIp;
-        } else
-            dns.first = m_settings->primaryDns();
-    }
-    if (dns.second.isEmpty() || !Utils::checkIPv4Format(dns.second)) {
-        dns.second = m_settings->secondaryDns();
-    }
-
-    qDebug() << "VpnConfigurator::getDnsForConfig" << dns.first << dns.second;
-    return dns;
-}
-
-QString &VpnConfigurator::processConfigWithDnsSettings(int serverIndex, DockerContainer container, Proto proto,
-                                                       QString &config)
-{
-    auto dns = getDnsForConfig(serverIndex);
-
-    config.replace("$PRIMARY_DNS", dns.first);
-    config.replace("$SECONDARY_DNS", dns.second);
-
-    return config;
-}
-
-QString &VpnConfigurator::processConfigWithLocalSettings(int serverIndex, DockerContainer container, Proto proto,
-                                                         QString &config)
-{
-    processConfigWithDnsSettings(serverIndex, container, proto, config);
-
-    if (proto == Proto::OpenVpn) {
-        config = openVpnConfigurator->processConfigWithLocalSettings(config, serverIndex);
-    }
-    return config;
-}
-
-QString &VpnConfigurator::processConfigWithExportSettings(int serverIndex, DockerContainer container, Proto proto,
-                                                          QString &config)
-{
-    processConfigWithDnsSettings(serverIndex, container, proto, config);
-
-    if (proto == Proto::OpenVpn) {
-        config = openVpnConfigurator->processConfigWithExportSettings(config);
-    }
-    return config;
-}
-
-void VpnConfigurator::updateContainerConfigAfterInstallation(DockerContainer container, QJsonObject &containerConfig,
-                                                             const QString &stdOut)
-{
-    Proto mainProto = ContainerProps::defaultProtocol(container);
-
-    if (container == DockerContainer::TorWebSite) {
-        QJsonObject protocol = containerConfig.value(ProtocolProps::protoToString(mainProto)).toObject();
-
-        qDebug() << "amnezia-tor onions" << stdOut;
-
-        QString onion = stdOut;
-        onion.replace("\n", "");
-        protocol.insert(config_key::site, onion);
-
-        containerConfig.insert(ProtocolProps::protoToString(mainProto), protocol);
-    }
-}
@@ -1,52 +0,0 @@
-#ifndef VPN_CONFIGURATOR_H
-#define VPN_CONFIGURATOR_H
-
-#include <QObject>
-
-#include "configurator_base.h"
-#include "core/defs.h"
-
-class OpenVpnConfigurator;
-class ShadowSocksConfigurator;
-class CloakConfigurator;
-class WireguardConfigurator;
-class Ikev2Configurator;
-class SshConfigurator;
-class AwgConfigurator;
-
-// Retrieve connection settings from server
-class VpnConfigurator : public ConfiguratorBase
-{
-    Q_OBJECT
-public:
-    explicit VpnConfigurator(std::shared_ptr<Settings> settings, QObject *parent = nullptr);
-
-    QString genVpnProtocolConfig(const ServerCredentials &credentials, DockerContainer container,
-                                 const QJsonObject &containerConfig, Proto proto, QString &clientId,
-                                 ErrorCode *errorCode = nullptr);
-
-    QPair<QString, QString> getDnsForConfig(int serverIndex);
-    QString &processConfigWithDnsSettings(int serverIndex, DockerContainer container, Proto proto, QString &config);
-
-    QString &processConfigWithLocalSettings(int serverIndex, DockerContainer container, Proto proto, QString &config);
-    QString &processConfigWithExportSettings(int serverIndex, DockerContainer container, Proto proto, QString &config);
-
-    // workaround for containers which is not support normal configuration
-    void updateContainerConfigAfterInstallation(DockerContainer container, QJsonObject &containerConfig,
-                                                const QString &stdOut);
-
-    std::shared_ptr<OpenVpnConfigurator> openVpnConfigurator;
-    std::shared_ptr<ShadowSocksConfigurator> shadowSocksConfigurator;
-    std::shared_ptr<CloakConfigurator> cloakConfigurator;
-    std::shared_ptr<WireguardConfigurator> wireguardConfigurator;
-    std::shared_ptr<Ikev2Configurator> ikev2Configurator;
-    std::shared_ptr<SshConfigurator> sshConfigurator;
-    std::shared_ptr<AwgConfigurator> awgConfigurator;
-
-signals:
-    void newVpnConfigCreated(const QString &clientId, const QString &clientName, const DockerContainer container,
-                             ServerCredentials credentials);
-    void clientModelUpdated();
-};
-
-#endif // VPN_CONFIGURATOR_H
@@ -13,23 +13,22 @@
 #include <openssl/x509.h>

 #include "containers/containers_defs.h"
+#include "core/controllers/serverController.h"
 #include "core/scripts_registry.h"
 #include "core/server_defs.h"
-#include "core/controllers/serverController.h"
 #include "settings.h"
 #include "utilities.h"

 WireguardConfigurator::WireguardConfigurator(std::shared_ptr<Settings> settings, bool isAwg, QObject *parent)
    : ConfiguratorBase(settings, parent), m_isAwg(isAwg)
 {
-    m_serverConfigPath = m_isAwg ? amnezia::protocols::awg::serverConfigPath
-                                              : amnezia::protocols::wireguard::serverConfigPath;
-    m_serverPublicKeyPath = m_isAwg ? amnezia::protocols::awg::serverPublicKeyPath
-                                                 : amnezia::protocols::wireguard::serverPublicKeyPath;
-    m_serverPskKeyPath = m_isAwg ? amnezia::protocols::awg::serverPskKeyPath
-                                              : amnezia::protocols::wireguard::serverPskKeyPath;
-    m_configTemplate = m_isAwg ? ProtocolScriptType::awg_template
-                                            : ProtocolScriptType::wireguard_template;
+    m_serverConfigPath =
+            m_isAwg ? amnezia::protocols::awg::serverConfigPath : amnezia::protocols::wireguard::serverConfigPath;
+    m_serverPublicKeyPath =
+            m_isAwg ? amnezia::protocols::awg::serverPublicKeyPath : amnezia::protocols::wireguard::serverPublicKeyPath;
+    m_serverPskKeyPath =
+            m_isAwg ? amnezia::protocols::awg::serverPskKeyPath : amnezia::protocols::wireguard::serverPskKeyPath;
+    m_configTemplate = m_isAwg ? ProtocolScriptType::awg_template : ProtocolScriptType::wireguard_template;

    m_protocolName = m_isAwg ? config_key::awg : config_key::wireguard;
    m_defaultPort = m_isAwg ? protocols::wireguard::defaultPort : protocols::awg::defaultPort;
@@ -69,19 +68,17 @@ WireguardConfigurator::ConnectionData WireguardConfigurator::genClientKeys()
 WireguardConfigurator::ConnectionData WireguardConfigurator::prepareWireguardConfig(const ServerCredentials &credentials,
                                                                                    DockerContainer container,
                                                                                    const QJsonObject &containerConfig,
-                                                                                    ErrorCode *errorCode)
+                                                                                    ErrorCode errorCode)
 {
    WireguardConfigurator::ConnectionData connData = WireguardConfigurator::genClientKeys();
    connData.host = credentials.hostName;
    connData.port = containerConfig.value(m_protocolName).toObject().value(config_key::port).toString(m_defaultPort);

    if (connData.clientPrivKey.isEmpty() || connData.clientPubKey.isEmpty()) {
-        if (errorCode)
-            *errorCode = ErrorCode::InternalError;
+        errorCode = ErrorCode::InternalError;
        return connData;
    }

-    ErrorCode e = ErrorCode::NoError;
    ServerController serverController(m_settings);

    // Get list of already created clients (only IP addresses)
@@ -94,9 +91,8 @@ WireguardConfigurator::ConnectionData WireguardConfigurator::prepareWireguardCon
            return ErrorCode::NoError;
        };

-        e = serverController.runContainerScript(credentials, container, script, cbReadStdOut);
-        if (errorCode && e) {
-            *errorCode = e;
+        errorCode = serverController.runContainerScript(credentials, container, script, cbReadStdOut);
+        if (errorCode != ErrorCode::NoError) {
            return connData;
        }

@@ -110,8 +106,7 @@ WireguardConfigurator::ConnectionData WireguardConfigurator::prepareWireguardCon
        } else {
            int next = ips.last().split(".").last().toInt() + 1;
            if (next > 254) {
-                if (errorCode)
-                    *errorCode = ErrorCode::AddressPoolError;
+                errorCode = ErrorCode::AddressPoolError;
                return connData;
            }
            nextIpNumber = QString::number(next);
@@ -123,8 +118,7 @@ WireguardConfigurator::ConnectionData WireguardConfigurator::prepareWireguardCon
    {
        QStringList l = subnetIp.split(".", Qt::SkipEmptyParts);
        if (l.isEmpty()) {
-            if (errorCode)
-                *errorCode = ErrorCode::AddressPoolError;
+            errorCode = ErrorCode::AddressPoolError;
            return connData;
        }
        l.removeLast();
@@ -134,20 +128,17 @@ WireguardConfigurator::ConnectionData WireguardConfigurator::prepareWireguardCon
    }

    // Get keys
-    connData.serverPubKey = serverController.getTextFileFromContainer(container, credentials, m_serverPublicKeyPath, &e);
+    connData.serverPubKey =
+            serverController.getTextFileFromContainer(container, credentials, m_serverPublicKeyPath, errorCode);
    connData.serverPubKey.replace("\n", "");
-    if (e) {
-        if (errorCode)
-            *errorCode = e;
+    if (errorCode != ErrorCode::NoError) {
        return connData;
    }

-    connData.pskKey = serverController.getTextFileFromContainer(container, credentials, m_serverPskKeyPath, &e);
+    connData.pskKey = serverController.getTextFileFromContainer(container, credentials, m_serverPskKeyPath, errorCode);
    connData.pskKey.replace("\n", "");

-    if (e) {
-        if (errorCode)
-            *errorCode = e;
+    if (errorCode != ErrorCode::NoError) {
        return connData;
    }

@@ -158,26 +149,24 @@ WireguardConfigurator::ConnectionData WireguardConfigurator::prepareWireguardCon
                                 "AllowedIPs = %3/32\n\n")
                                 .arg(connData.clientPubKey, connData.pskKey, connData.clientIP);

-    e = serverController.uploadTextFileToContainer(container, credentials, configPart, m_serverConfigPath,
-                                                   libssh::ScpOverwriteMode::ScpAppendToExisting);
+    errorCode = serverController.uploadTextFileToContainer(container, credentials, configPart, m_serverConfigPath,
+                                                           libssh::ScpOverwriteMode::ScpAppendToExisting);

-    if (e) {
-        if (errorCode)
-            *errorCode = e;
+    if (errorCode != ErrorCode::NoError) {
        return connData;
    }

    QString script = QString("sudo docker exec -i $CONTAINER_NAME bash -c 'wg syncconf wg0 <(wg-quick strip %1)'")
                             .arg(m_serverConfigPath);

-    e = serverController.runScript(
+    errorCode = serverController.runScript(
            credentials, serverController.replaceVars(script, serverController.genVarsForScript(credentials, container)));

    return connData;
 }

-QString WireguardConfigurator::genWireguardConfig(const ServerCredentials &credentials, DockerContainer container,
-                                                  const QJsonObject &containerConfig, QString &clientId, ErrorCode *errorCode)
+QString WireguardConfigurator::createConfig(const ServerCredentials &credentials, DockerContainer container,
+                                            const QJsonObject &containerConfig, ErrorCode errorCode)
 {
    ServerController serverController(m_settings);
    QString scriptData = amnezia::scriptData(m_configTemplate, container);
@@ -185,7 +174,7 @@ QString WireguardConfigurator::genWireguardConfig(const ServerCredentials &crede
            scriptData, serverController.genVarsForScript(credentials, container, containerConfig));

    ConnectionData connData = prepareWireguardConfig(credentials, container, containerConfig, errorCode);
-    if (errorCode && *errorCode) {
+    if (errorCode != ErrorCode::NoError) {
        return "";
    }

@@ -205,30 +194,25 @@ QString WireguardConfigurator::genWireguardConfig(const ServerCredentials &crede
    jConfig[config_key::client_pub_key] = connData.clientPubKey;
    jConfig[config_key::psk_key] = connData.pskKey;
    jConfig[config_key::server_pub_key] = connData.serverPubKey;
-
    jConfig[config_key::mtu] = wireguarConfig.value(config_key::mtu).toString(protocols::wireguard::defaultMtu);

-    clientId = connData.clientPubKey;
+    jConfig[config_key::clientId] = connData.clientPubKey;

    return QJsonDocument(jConfig).toJson();
 }

-QString WireguardConfigurator::processConfigWithLocalSettings(QString config)
+QString WireguardConfigurator::processConfigWithLocalSettings(const QPair<QString, QString> &dns,
+                                                              const bool isApiConfig, QString &protocolConfigString)
 {
-    // TODO replace DNS if it already set
-    config.replace("$PRIMARY_DNS", m_settings->primaryDns());
-    config.replace("$SECONDARY_DNS", m_settings->secondaryDns());
+    processConfigWithDnsSettings(dns, protocolConfigString);

-    QJsonObject jConfig;
-    jConfig[config_key::config] = config;
-
-    return QJsonDocument(jConfig).toJson();
+    return protocolConfigString;
 }

-QString WireguardConfigurator::processConfigWithExportSettings(QString config)
+QString WireguardConfigurator::processConfigWithExportSettings(const QPair<QString, QString> &dns,
+                                                               const bool isApiConfig, QString &protocolConfigString)
 {
-    config.replace("$PRIMARY_DNS", m_settings->primaryDns());
-    config.replace("$SECONDARY_DNS", m_settings->secondaryDns());
+    processConfigWithDnsSettings(dns, protocolConfigString);

-    return config;
+    return protocolConfigString;
 }
@@ -25,18 +25,20 @@ public:
        QString port;
    };

-    QString genWireguardConfig(const ServerCredentials &credentials, DockerContainer container,
-                               const QJsonObject &containerConfig, QString &clientId, ErrorCode *errorCode = nullptr);
+    QString createConfig(const ServerCredentials &credentials, DockerContainer container,
+                         const QJsonObject &containerConfig, ErrorCode errorCode);

-    QString processConfigWithLocalSettings(QString config);
-    QString processConfigWithExportSettings(QString config);
+    QString processConfigWithLocalSettings(const QPair<QString, QString> &dns, const bool isApiConfig,
+                                           QString &protocolConfigString);
+    QString processConfigWithExportSettings(const QPair<QString, QString> &dns, const bool isApiConfig,
+                                            QString &protocolConfigString);

    static ConnectionData genClientKeys();

 private:
    ConnectionData prepareWireguardConfig(const ServerCredentials &credentials, DockerContainer container,
-                                          const QJsonObject &containerConfig, ErrorCode *errorCode = nullptr);
-    
+                                          const QJsonObject &containerConfig, ErrorCode errorCode);
+
    bool m_isAwg;
    QString m_serverConfigPath;
    QString m_serverPublicKeyPath;
@@ -0,0 +1,42 @@
+#include "xray_configurator.h"
+
+#include <QFile>
+#include <QJsonDocument>
+#include <QJsonObject>
+
+#include "containers/containers_defs.h"
+#include "core/controllers/serverController.h"
+#include "core/scripts_registry.h"
+
+XrayConfigurator::XrayConfigurator(std::shared_ptr<Settings> settings, QObject *parent) : ConfiguratorBase(settings, parent)
+{
+}
+
+QString XrayConfigurator::createConfig(const ServerCredentials &credentials, DockerContainer container, const QJsonObject &containerConfig,
+                                       ErrorCode errorCode)
+{
+    ServerController serverController(m_settings);
+
+    QString config = serverController.replaceVars(amnezia::scriptData(ProtocolScriptType::xray_template, container),
+                                                  serverController.genVarsForScript(credentials, container, containerConfig));
+
+    QString xrayPublicKey =
+            serverController.getTextFileFromContainer(container, credentials, amnezia::protocols::xray::PublicKeyPath, errorCode);
+    xrayPublicKey.replace("\n", "");
+
+    QString xrayUuid = serverController.getTextFileFromContainer(container, credentials, amnezia::protocols::xray::uuidPath, errorCode);
+    xrayUuid.replace("\n", "");
+
+    QString xrayShortId = serverController.getTextFileFromContainer(container, credentials, amnezia::protocols::xray::shortidPath, errorCode);
+    xrayShortId.replace("\n", "");
+
+    if (errorCode != ErrorCode::NoError) {
+        return "";
+    }
+
+    config.replace("$XRAY_CLIENT_ID", xrayUuid);
+    config.replace("$XRAY_PUBLIC_KEY", xrayPublicKey);
+    config.replace("$XRAY_SHORT_ID", xrayShortId);
+
+    return config;
+}
@@ -0,0 +1,19 @@
+#ifndef XRAY_CONFIGURATOR_H
+#define XRAY_CONFIGURATOR_H
+
+#include <QObject>
+
+#include "configurator_base.h"
+#include "core/defs.h"
+
+class XrayConfigurator : public ConfiguratorBase
+{
+    Q_OBJECT
+public:
+    XrayConfigurator(std::shared_ptr<Settings> settings, QObject *parent = nullptr);
+
+    QString createConfig(const ServerCredentials &credentials, DockerContainer container, const QJsonObject &containerConfig,
+                         ErrorCode errorCode);
+};
+
+#endif // XRAY_CONFIGURATOR_H
@@ -1,5 +1,8 @@
 #include "containers_defs.h"

+#include "QJsonObject"
+#include "QJsonDocument"
+
 QDebug operator<<(QDebug debug, const amnezia::DockerContainer &c)
 {
    QDebugStateSaver saver(debug);
@@ -58,6 +61,8 @@ QVector<amnezia::Proto> ContainerProps::protocolsForContainer(amnezia::DockerCon

    case DockerContainer::Ipsec: return { Proto::Ikev2 /*, Protocol::L2tp */ };

+    case DockerContainer::Xray: return { Proto::Xray };
+
    case DockerContainer::Dns: return { Proto::Dns };

    case DockerContainer::Sftp: return { Proto::Sftp };
@@ -85,6 +90,7 @@ QMap<DockerContainer, QString> ContainerProps::containerHumanNames()
             { DockerContainer::Cloak, "OpenVPN over Cloak" },
             { DockerContainer::WireGuard, "WireGuard" },
             { DockerContainer::Awg, "AmneziaWG" },
+             { DockerContainer::Xray, "XRay" },
             { DockerContainer::Ipsec, QObject::tr("IPsec") },

             { DockerContainer::TorWebSite, QObject::tr("Website in Tor network") },
@@ -111,6 +117,9 @@ QMap<DockerContainer, QString> ContainerProps::containerDescriptions()
               QObject::tr("AmneziaWG - Special protocol from Amnezia, based on WireGuard. It's fast like WireGuard, "
                           "but very resistant to blockages. "
                           "Recommended for regions with high levels of censorship.") },
+             { DockerContainer::Xray,
+               QObject::tr("XRay with REALITY - Suitable for countries with the highest level of internet censorship. "
+                           "Traffic masking as web traffic at the TLS level, and protection against detection by active probing methods.") },
             { DockerContainer::Ipsec,
               QObject::tr("IKEv2 -  Modern stable protocol, a bit faster than others, restores connection after "
                           "signal loss. It has native support on the latest versions of Android and iOS.") },
@@ -199,6 +208,17 @@ QMap<DockerContainer, QString> ContainerProps::containerDetailedDescriptions()
                      "* Minimum number of settings\n"
                      "* Not recognised by DPI analysis systems, resistant to blocking\n"
                      "* Works over UDP network protocol.") },
+        { DockerContainer::Xray,
+          QObject::tr("The REALITY protocol, a pioneering development by the creators of XRay, "
+                      "is specifically designed to counteract the highest levels of internet censorship through its novel approach to evasion.\n"
+                      "It uniquely identifies censors during the TLS handshake phase, seamlessly operating as a proxy for legitimate clients while diverting censors to genuine websites like google.com, "
+                      "thus presenting an authentic TLS certificate and data. \n"
+                      "This advanced capability differentiates REALITY from similar technologies by its ability to disguise web traffic as coming from random, "
+                      "legitimate sites without the need for specific configurations. \n"
+                      "Unlike older protocols such as VMess, VLESS, and the XTLS-Vision transport, "
+                      "REALITY's innovative \"friend or foe\" recognition at the TLS handshake enhances security and circumvents detection by sophisticated DPI systems employing active probing techniques. "
+                      "This makes REALITY a robust solution for maintaining internet freedom in environments with stringent censorship.")
+        },
        { DockerContainer::Ipsec,
          QObject::tr("IKEv2, paired with the IPSec encryption layer, stands as a modern and stable VPN protocol.\n"
                      "One of its distinguishing features is its ability to swiftly switch between networks and devices, "
@@ -213,7 +233,11 @@ QMap<DockerContainer, QString> ContainerProps::containerDetailedDescriptions()

        { DockerContainer::TorWebSite, QObject::tr("Website in Tor network") },
        { DockerContainer::Dns, QObject::tr("DNS Service") },
-        { DockerContainer::Sftp, QObject::tr("Sftp file sharing service - is secure FTP service") }
+        { DockerContainer::Sftp,
+          QObject::tr("After installation, Amnezia will create a\n\n file storage on your server. "
+                      "You will be able to access it using\n FileZilla or other SFTP clients, "
+                      "as well as mount the disk on your device to access\n it directly from your device.\n\n"
+                      "For more detailed information, you can\n find it in the support section under \"Create SFTP file storage.\" ") }
    };
 }

@@ -231,6 +255,7 @@ Proto ContainerProps::defaultProtocol(DockerContainer c)
    case DockerContainer::ShadowSocks: return Proto::ShadowSocks;
    case DockerContainer::WireGuard: return Proto::WireGuard;
    case DockerContainer::Awg: return Proto::Awg;
+    case DockerContainer::Xray: return Proto::Xray;
    case DockerContainer::Ipsec: return Proto::Ikev2;

    case DockerContainer::TorWebSite: return Proto::TorWebSite;
@@ -274,7 +299,6 @@ bool ContainerProps::isSupportedByCurrentPlatform(DockerContainer c)

 #elif defined(Q_OS_LINUX)
    switch (c) {
-    case DockerContainer::WireGuard: return true;
    case DockerContainer::Ipsec: return false;
    default: return true;
    }
@@ -342,3 +366,13 @@ bool ContainerProps::isShareable(DockerContainer container)
    default: return true;
    }
 }
+
+QJsonObject ContainerProps::getProtocolConfigFromContainer(const Proto protocol, const QJsonObject &containerConfig)
+{
+    QString protocolConfigString = containerConfig.value(ProtocolProps::protoToString(protocol))
+                                           .toObject()
+                                           .value(config_key::last_config)
+                                           .toString();
+
+    return QJsonDocument::fromJson(protocolConfigString.toUtf8()).object();
+}
@@ -22,6 +22,7 @@ namespace amnezia
            Cloak,
            ShadowSocks,
            Ipsec,
+            Xray,

            // non-vpn
            TorWebSite,
@@ -67,6 +68,8 @@ namespace amnezia
        static int easySetupOrder(amnezia::DockerContainer container);

        static bool isShareable(amnezia::DockerContainer container);
+
+        static QJsonObject getProtocolConfigFromContainer(const amnezia::Proto protocol, const QJsonObject &containerConfig);
    };

    static void declareQmlContainerEnum()
@@ -5,9 +5,8 @@
 #include <QNetworkReply>
 #include <QtConcurrent>

-#include "configurators/openvpn_configurator.h"
-#include "configurators/wireguard_configurator.h"
 #include "core/errorstrings.h"
+#include "configurators/wireguard_configurator.h"

 namespace
 {
@@ -24,9 +23,7 @@ namespace
    }
 }

-ApiController::ApiController(const QSharedPointer<ServersModel> &serversModel,
-                             const QSharedPointer<ContainersModel> &containersModel, QObject *parent)
-    : QObject(parent), m_serversModel(serversModel), m_containersModel(containersModel)
+ApiController::ApiController(QObject *parent) : QObject(parent)
 {
 }

@@ -67,21 +64,14 @@ QJsonObject ApiController::fillApiPayload(const QString &protocol, const ApiCont
    return obj;
 }

-void ApiController::updateServerConfigFromApi()
+ErrorCode ApiController::updateServerConfigFromApi(QJsonObject &serverConfig)
 {
-    QtConcurrent::run([this]() {
-        if (m_isConfigUpdateStarted) {
-            emit updateFinished(false);
-            return;
-        }
+    QFutureWatcher<ErrorCode> watcher;

-        auto serverConfig = m_serversModel->getDefaultServerConfig();
+    QFuture<ErrorCode> future = QtConcurrent::run([this, &serverConfig]() {
        auto containerConfig = serverConfig.value(config_key::containers).toArray();

-        if (serverConfig.value(config_key::configVersion).toInt() && containerConfig.isEmpty()) {
-            emit updateStarted();
-            m_isConfigUpdateStarted = true;
-
+        if (serverConfig.value(config_key::configVersion).toInt()) {
            QNetworkAccessManager manager;

            QNetworkRequest request;
@@ -114,9 +104,7 @@ void ApiController::updateServerConfigFromApi()
                                                       QByteArray::Base64UrlEncoding | QByteArray::OmitTrailingEquals);

                if (ba.isEmpty()) {
-                    emit errorOccurred(errorString(ApiConfigDownloadError));
-                    m_isConfigUpdateStarted = false;
-                    return;
+                    return ErrorCode::ApiConfigDownloadError;
                }

                QByteArray ba_uncompressed = qUncompress(ba);
@@ -136,35 +124,22 @@ void ApiController::updateServerConfigFromApi()

                auto defaultContainer = apiConfig.value(config_key::defaultContainer).toString();
                serverConfig.insert(config_key::defaultContainer, defaultContainer);
-                m_serversModel->editServer(serverConfig, m_serversModel->getDefaultServerIndex());
            } else {
                QString err = reply->errorString();
                qDebug() << QString::fromUtf8(reply->readAll());
                qDebug() << reply->error();
                qDebug() << err;
                qDebug() << reply->attribute(QNetworkRequest::HttpStatusCodeAttribute);
-                emit errorOccurred(errorString(ApiConfigDownloadError));
-                m_isConfigUpdateStarted = false;
-                return;
+                return ErrorCode::ApiConfigDownloadError;
            }
        }
-
-        emit updateFinished(m_isConfigUpdateStarted);
-        m_isConfigUpdateStarted = false;
-        return;
+        return ErrorCode::NoError;
    });
-}
-
-void ApiController::clearApiConfig()
-{
-    auto serverConfig = m_serversModel->getDefaultServerConfig();
-
-    serverConfig.remove(config_key::dns1);
-    serverConfig.remove(config_key::dns2);
-    serverConfig.remove(config_key::containers);
-    serverConfig.remove(config_key::hostName);
-
-    serverConfig.insert(config_key::defaultContainer, ContainerProps::containerToString(DockerContainer::None));
-
-    m_serversModel->editServer(serverConfig, m_serversModel->getDefaultServerIndex());
+
+    QEventLoop wait;
+    connect(&watcher, &QFutureWatcher<ErrorCode>::finished, &wait, &QEventLoop::quit);
+    watcher.setFuture(future);
+    wait.exec();
+
+    return watcher.result();
 }
@@ -4,26 +4,16 @@
 #include <QObject>

 #include "configurators/openvpn_configurator.h"
-#include "ui/models/containers_model.h"
-#include "ui/models/servers_model.h"

 class ApiController : public QObject
 {
    Q_OBJECT

 public:
-    explicit ApiController(const QSharedPointer<ServersModel> &serversModel,
-                           const QSharedPointer<ContainersModel> &containersModel, QObject *parent = nullptr);
+    explicit ApiController(QObject *parent = nullptr);

 public slots:
-    void updateServerConfigFromApi();
-
-    void clearApiConfig();
-
-signals:
-    void updateStarted();
-    void updateFinished(bool isConfigUpdateStarted);
-    void errorOccurred(const QString &errorMessage);
+    ErrorCode updateServerConfigFromApi(QJsonObject &serverConfig);

 private:
    struct ApiPayloadData {
@@ -36,11 +26,6 @@ private:
    ApiPayloadData generateApiPayloadData(const QString &protocol);
    QJsonObject fillApiPayload(const QString &protocol, const ApiController::ApiPayloadData &apiPayloadData);
    void processApiConfig(const QString &protocol, const ApiController::ApiPayloadData &apiPayloadData, QString &config);
-
-    QSharedPointer<ServersModel> m_serversModel;
-    QSharedPointer<ContainersModel> m_containersModel;
-
-    bool m_isConfigUpdateStarted = false;
 };

 #endif // APICONTROLLER_H
@@ -26,10 +26,10 @@
 #include "logger.h"
 #include "core/scripts_registry.h"
 #include "core/server_defs.h"
+#include "core/networkUtilities.h"
 #include "settings.h"
 #include "utilities.h"
-
-#include <configurators/vpn_configurator.h>
+#include "vpnConfigurationController.h"

 namespace
 {
@@ -178,11 +178,10 @@ ErrorCode ServerController::uploadTextFileToContainer(DockerContainer container,
 }

 QByteArray ServerController::getTextFileFromContainer(DockerContainer container, const ServerCredentials &credentials,
-                                                      const QString &path, ErrorCode *errorCode)
+                                                      const QString &path, ErrorCode errorCode)
 {

-    if (errorCode)
-        *errorCode = ErrorCode::NoError;
+    errorCode = ErrorCode::NoError;

    QString script = QString("sudo docker exec -i %1 sh -c \"xxd -p \'%2\'\"")
                             .arg(ContainerProps::containerToString(container))
@@ -194,7 +193,7 @@ QByteArray ServerController::getTextFileFromContainer(DockerContainer container,
        return ErrorCode::NoError;
    };

-    *errorCode = runScript(credentials, script, cbReadStdOut);
+    errorCode = runScript(credentials, script, cbReadStdOut);
    return QByteArray::fromHex(stdOut.toUtf8());
 }

@@ -444,9 +443,6 @@ ErrorCode ServerController::buildContainerWorker(const ServerCredentials &creden
        stdOut += data + "\n";
        return ErrorCode::NoError;
    };
-    //    auto cbReadStdErr = [&](const QString &data, QSharedPointer<QSsh::SshRemoteProcess> proc) {
-    //        stdOut += data + "\n";
-    //    };

    e = runScript(credentials,
                  replaceVars(amnezia::scriptData(SharedScriptType::build_container),
@@ -466,9 +462,6 @@ ErrorCode ServerController::runContainerWorker(const ServerCredentials &credenti
        stdOut += data + "\n";
        return ErrorCode::NoError;
    };
-    // auto cbReadStdErr = [&](const QString &data, QSharedPointer<QSsh::SshRemoteProcess> proc) {
-    //     stdOut += data + "\n";
-    // };

    ErrorCode e = runScript(credentials,
                            replaceVars(amnezia::scriptData(ProtocolScriptType::run_container, container),
@@ -503,7 +496,7 @@ ErrorCode ServerController::configureContainerWorker(const ServerCredentials &cr
                                                 genVarsForScript(credentials, container, config)),
                                     cbReadStdOut, cbReadStdErr);

-    m_configurator->updateContainerConfigAfterInstallation(container, config, stdOut);
+    VpnConfigurationsController::updateContainerConfigAfterInstallation(container, config, stdOut);

    return e;
 }
@@ -537,6 +530,7 @@ ServerController::Vars ServerController::genVarsForScript(const ServerCredential
    const QJsonObject &ssConfig = config.value(ProtocolProps::protoToString(Proto::ShadowSocks)).toObject();
    const QJsonObject &wireguarConfig = config.value(ProtocolProps::protoToString(Proto::WireGuard)).toObject();
    const QJsonObject &amneziaWireguarConfig = config.value(ProtocolProps::protoToString(Proto::Awg)).toObject();
+    const QJsonObject &xrayConfig = config.value(ProtocolProps::protoToString(Proto::Xray)).toObject();
    const QJsonObject &sftpConfig = config.value(ProtocolProps::protoToString(Proto::Sftp)).toObject();

    Vars vars;
@@ -594,6 +588,10 @@ ServerController::Vars ServerController::genVarsForScript(const ServerCredential
    vars.append({ { "$FAKE_WEB_SITE_ADDRESS",
                    cloakConfig.value(config_key::site).toString(protocols::cloak::defaultRedirSite) } });

+    // Xray vars
+    vars.append({ { "$XRAY_SITE_NAME",
+                  xrayConfig.value(config_key::site).toString(protocols::xray::defaultSite) } });
+
    // Wireguard vars
    vars.append(
            { { "$WIREGUARD_SUBNET_IP",
@@ -652,7 +650,7 @@ ServerController::Vars ServerController::genVarsForScript(const ServerCredential
    vars.append({ { "$TRANSPORT_PACKET_MAGIC_HEADER",
                    amneziaWireguarConfig.value(config_key::transportPacketMagicHeader).toString() } });

-    QString serverIp = Utils::getIPAddress(credentials.hostName);
+    QString serverIp = NetworkUtilities::getIPAddress(credentials.hostName);
    if (!serverIp.isEmpty()) {
        vars.append({ { "$SERVER_IP_ADDRESS", serverIp } });
    } else {
@@ -662,7 +660,7 @@ ServerController::Vars ServerController::genVarsForScript(const ServerCredential
    return vars;
 }

-QString ServerController::checkSshConnection(const ServerCredentials &credentials, ErrorCode *errorCode)
+QString ServerController::checkSshConnection(const ServerCredentials &credentials, ErrorCode errorCode)
 {
    QString stdOut;
    auto cbReadStdOut = [&](const QString &data, libssh::Client &) {
@@ -674,11 +672,7 @@ QString ServerController::checkSshConnection(const ServerCredentials &credential
        return ErrorCode::NoError;
    };

-    ErrorCode e =
-            runScript(credentials, amnezia::scriptData(SharedScriptType::check_connection), cbReadStdOut, cbReadStdErr);
-
-    if (errorCode)
-        *errorCode = e;
+    errorCode = runScript(credentials, amnezia::scriptData(SharedScriptType::check_connection), cbReadStdOut, cbReadStdErr);

    return stdOut;
 }
@@ -839,147 +833,6 @@ ErrorCode ServerController::isServerDpkgBusy(const ServerCredentials &credential
    return future.result();
 }

-ErrorCode ServerController::getAlreadyInstalledContainers(const ServerCredentials &credentials,
-                                                          QMap<DockerContainer, QJsonObject> &installedContainers)
-{
-    QString stdOut;
-    auto cbReadStdOut = [&](const QString &data, libssh::Client &) {
-        stdOut += data + "\n";
-        return ErrorCode::NoError;
-    };
-    auto cbReadStdErr = [&](const QString &data, libssh::Client &) {
-        stdOut += data + "\n";
-        return ErrorCode::NoError;
-    };
-
-    QString script = QString("sudo docker ps --format '{{.Names}} {{.Ports}}'");
-
-    ErrorCode errorCode = runScript(credentials, script, cbReadStdOut, cbReadStdErr);
-    if (errorCode != ErrorCode::NoError) {
-        return errorCode;
-    }
-
-    auto containersInfo = stdOut.split("\n");
-    for (auto &containerInfo : containersInfo) {
-        if (containerInfo.isEmpty()) {
-            continue;
-        }
-        const static QRegularExpression containerAndPortRegExp("(amnezia[-a-z]*).*?:([0-9]*)->[0-9]*/(udp|tcp).*");
-        QRegularExpressionMatch containerAndPortMatch = containerAndPortRegExp.match(containerInfo);
-        if (containerAndPortMatch.hasMatch()) {
-            QString name = containerAndPortMatch.captured(1);
-            QString port = containerAndPortMatch.captured(2);
-            QString transportProto = containerAndPortMatch.captured(3);
-            DockerContainer container = ContainerProps::containerFromString(name);
-
-            QJsonObject config;
-            Proto mainProto = ContainerProps::defaultProtocol(container);
-            for (auto protocol : ContainerProps::protocolsForContainer(container)) {
-                QJsonObject containerConfig;
-                if (protocol == mainProto) {
-                    containerConfig.insert(config_key::port, port);
-                    containerConfig.insert(config_key::transport_proto, transportProto);
-
-                    if (protocol == Proto::Awg) {
-                        QString serverConfig = getTextFileFromContainer(container, credentials, protocols::awg::serverConfigPath, &errorCode);
-
-                        QMap<QString, QString> serverConfigMap;
-                        auto serverConfigLines = serverConfig.split("\n");
-                        for (auto &line : serverConfigLines) {
-                            auto trimmedLine = line.trimmed();
-                            if (trimmedLine.startsWith("[") && trimmedLine.endsWith("]")) {
-                                continue;
-                            } else {
-                                QStringList parts = trimmedLine.split(" = ");
-                                if (parts.count() == 2) {
-                                    serverConfigMap.insert(parts[0].trimmed(), parts[1].trimmed());
-                                }
-                            }
-                        }
-
-                        containerConfig[config_key::junkPacketCount] = serverConfigMap.value(config_key::junkPacketCount);
-                        containerConfig[config_key::junkPacketMinSize] = serverConfigMap.value(config_key::junkPacketMinSize);
-                        containerConfig[config_key::junkPacketMaxSize] = serverConfigMap.value(config_key::junkPacketMaxSize);
-                        containerConfig[config_key::initPacketJunkSize] = serverConfigMap.value(config_key::initPacketJunkSize);
-                        containerConfig[config_key::responsePacketJunkSize] = serverConfigMap.value(config_key::responsePacketJunkSize);
-                        containerConfig[config_key::initPacketMagicHeader] = serverConfigMap.value(config_key::initPacketMagicHeader);
-                        containerConfig[config_key::responsePacketMagicHeader] = serverConfigMap.value(config_key::responsePacketMagicHeader);
-                        containerConfig[config_key::underloadPacketMagicHeader] = serverConfigMap.value(config_key::underloadPacketMagicHeader);
-                        containerConfig[config_key::transportPacketMagicHeader] = serverConfigMap.value(config_key::transportPacketMagicHeader);
-                    } else if (protocol == Proto::Sftp) {
-                        stdOut.clear();
-                        script = QString("sudo docker inspect --format '{{.Config.Cmd}}' %1").arg(name);
-
-                        ErrorCode errorCode = runScript(credentials, script, cbReadStdOut, cbReadStdErr);
-                        if (errorCode != ErrorCode::NoError) {
-                            return errorCode;
-                        }
-
-                        auto sftpInfo = stdOut.split(":");
-                        if (sftpInfo.size() < 2) {
-                            logger.error() << "Key parameters for the sftp container are missing";
-                            continue;
-                        }
-                        auto userName = sftpInfo.at(0);
-                        userName = userName.remove(0, 1);
-                        auto password = sftpInfo.at(1);
-
-                        containerConfig.insert(config_key::userName, userName);
-                        containerConfig.insert(config_key::password, password);
-                    }
-
-                    config.insert(config_key::container, ContainerProps::containerToString(container));
-                }
-                config.insert(ProtocolProps::protoToString(protocol), containerConfig);
-            }
-            installedContainers.insert(container, config);
-        }
-        const static QRegularExpression torOrDnsRegExp("(amnezia-(?:torwebsite|dns)).*?([0-9]*)/(udp|tcp).*");
-        QRegularExpressionMatch torOrDnsRegMatch = torOrDnsRegExp.match(containerInfo);
-        if (torOrDnsRegMatch.hasMatch()) {
-            QString name = torOrDnsRegMatch.captured(1);
-            QString port = torOrDnsRegMatch.captured(2);
-            QString transportProto = torOrDnsRegMatch.captured(3);
-            DockerContainer container = ContainerProps::containerFromString(name);
-
-            QJsonObject config;
-            Proto mainProto = ContainerProps::defaultProtocol(container);
-            for (auto protocol : ContainerProps::protocolsForContainer(container)) {
-                QJsonObject containerConfig;
-                if (protocol == mainProto) {
-                    containerConfig.insert(config_key::port, port);
-                    containerConfig.insert(config_key::transport_proto, transportProto);
-
-                    if (protocol == Proto::TorWebSite) {
-                        stdOut.clear();
-                        script = QString("sudo docker exec -i %1 sh -c 'cat /var/lib/tor/hidden_service/hostname'").arg(name);
-
-                        ErrorCode errorCode = runScript(credentials, script, cbReadStdOut, cbReadStdErr);
-                        if (errorCode != ErrorCode::NoError) {
-                            return errorCode;
-                        }
-
-                        if (stdOut.isEmpty()) {
-                            logger.error() << "Key parameters for the tor container are missing";
-                            continue;
-                        }
-
-                        QString onion = stdOut;
-                        onion.replace("\n", "");
-                        containerConfig.insert(config_key::site, onion);
-                    }
-
-                    config.insert(config_key::container, ContainerProps::containerToString(container));
-                }
-                config.insert(ProtocolProps::protoToString(protocol), containerConfig);
-            }
-            installedContainers.insert(container, config);
-        }
-    }
-
-    return ErrorCode::NoError;
-}
-
 ErrorCode ServerController::getDecryptedPrivateKey(const ServerCredentials &credentials, QString &decryptedPrivateKey,
                                                   const std::function<QString()> &callback)
 {
@@ -30,9 +30,6 @@ public:
    ErrorCode updateContainer(const ServerCredentials &credentials, DockerContainer container,
                              const QJsonObject &oldConfig, QJsonObject &newConfig);

-    ErrorCode getAlreadyInstalledContainers(const ServerCredentials &credentials,
-                                            QMap<DockerContainer, QJsonObject> &installedContainers);
-
    ErrorCode startupContainerWorker(const ServerCredentials &credentials, DockerContainer container,
                                     const QJsonObject &config = QJsonObject());

@@ -40,7 +37,7 @@ public:
            DockerContainer container, const ServerCredentials &credentials, const QString &file, const QString &path,
            libssh::ScpOverwriteMode overwriteMode = libssh::ScpOverwriteMode::ScpOverwriteExisting);
    QByteArray getTextFileFromContainer(DockerContainer container, const ServerCredentials &credentials,
-                                        const QString &path, ErrorCode *errorCode = nullptr);
+                                        const QString &path, ErrorCode errorCode);

    QString replaceVars(const QString &script, const Vars &vars);
    Vars genVarsForScript(const ServerCredentials &credentials, DockerContainer container = DockerContainer::None,
@@ -55,7 +52,7 @@ public:
                       const std::function<ErrorCode(const QString &, libssh::Client &)> &cbReadStdOut = nullptr,
                       const std::function<ErrorCode(const QString &, libssh::Client &)> &cbReadStdErr = nullptr);

-    QString checkSshConnection(const ServerCredentials &credentials, ErrorCode *errorCode = nullptr);
+    QString checkSshConnection(const ServerCredentials &credentials, ErrorCode errorCode);

    void cancelInstallation();

@@ -0,0 +1,137 @@
+#include "vpnConfigurationController.h"
+
+#include "configurators/awg_configurator.h"
+#include "configurators/cloak_configurator.h"
+#include "configurators/ikev2_configurator.h"
+#include "configurators/openvpn_configurator.h"
+#include "configurators/shadowsocks_configurator.h"
+#include "configurators/wireguard_configurator.h"
+#include "configurators/xray_configurator.h"
+
+VpnConfigurationsController::VpnConfigurationsController(const std::shared_ptr<Settings> &settings, QObject *parent)
+    : QObject { parent }, m_settings(settings)
+{
+}
+
+QScopedPointer<ConfiguratorBase> VpnConfigurationsController::createConfigurator(const Proto protocol)
+{
+    switch (protocol) {
+    case Proto::OpenVpn: return QScopedPointer<ConfiguratorBase>(new OpenVpnConfigurator(m_settings));
+    case Proto::ShadowSocks: return QScopedPointer<ConfiguratorBase>(new ShadowSocksConfigurator(m_settings));
+    case Proto::Cloak: return QScopedPointer<ConfiguratorBase>(new CloakConfigurator(m_settings));
+    case Proto::WireGuard: return QScopedPointer<ConfiguratorBase>(new WireguardConfigurator(m_settings, false));
+    case Proto::Awg: return QScopedPointer<ConfiguratorBase>(new AwgConfigurator(m_settings));
+    case Proto::Ikev2: return QScopedPointer<ConfiguratorBase>(new Ikev2Configurator(m_settings));
+    case Proto::Xray: return QScopedPointer<ConfiguratorBase>(new XrayConfigurator(m_settings));
+    default: return QScopedPointer<ConfiguratorBase>();
+    }
+}
+
+ErrorCode VpnConfigurationsController::createProtocolConfigForContainer(const ServerCredentials &credentials,
+                                                                        const DockerContainer container, QJsonObject &containerConfig)
+{
+    ErrorCode errorCode = ErrorCode::NoError;
+
+    if (ContainerProps::containerService(container) == ServiceType::Other) {
+        return errorCode;
+    }
+
+    for (Proto protocol : ContainerProps::protocolsForContainer(container)) {
+        QJsonObject protocolConfig = containerConfig.value(ProtocolProps::protoToString(protocol)).toObject();
+
+        auto configurator = createConfigurator(protocol);
+        QString protocolConfigString = configurator->createConfig(credentials, container, containerConfig, errorCode);
+        if (errorCode != ErrorCode::NoError) {
+            return errorCode;
+        }
+
+        protocolConfig.insert(config_key::last_config, protocolConfigString);
+        containerConfig.insert(ProtocolProps::protoToString(protocol), protocolConfig);
+    }
+
+    return errorCode;
+}
+
+ErrorCode VpnConfigurationsController::createProtocolConfigString(const bool isApiConfig, const QPair<QString, QString> &dns,
+                                                                  const ServerCredentials &credentials, const DockerContainer container,
+                                                                  const QJsonObject &containerConfig, const Proto protocol,
+                                                                  QString &protocolConfigString)
+{
+    ErrorCode errorCode = ErrorCode::NoError;
+
+    if (ContainerProps::containerService(container) == ServiceType::Other) {
+        return errorCode;
+    }
+
+    auto configurator = createConfigurator(protocol);
+
+    protocolConfigString = configurator->createConfig(credentials, container, containerConfig, errorCode);
+    if (errorCode != ErrorCode::NoError) {
+        return errorCode;
+    }
+    protocolConfigString = configurator->processConfigWithExportSettings(dns, isApiConfig, protocolConfigString);
+
+    return errorCode;
+}
+
+QJsonObject VpnConfigurationsController::createVpnConfiguration(const QPair<QString, QString> &dns, const QJsonObject &serverConfig,
+                                                                const QJsonObject &containerConfig, const DockerContainer container,
+                                                                ErrorCode errorCode)
+{
+    QJsonObject vpnConfiguration {};
+
+    if (ContainerProps::containerService(container) == ServiceType::Other) {
+        return vpnConfiguration;
+    }
+
+    bool isApiConfig = serverConfig.value(config_key::configVersion).toInt();
+
+    for (ProtocolEnumNS::Proto proto : ContainerProps::protocolsForContainer(container)) {
+        if (isApiConfig && container == DockerContainer::Cloak && proto == ProtocolEnumNS::Proto::ShadowSocks) {
+            continue;
+        }
+
+        QString protocolConfigString =
+                containerConfig.value(ProtocolProps::protoToString(proto)).toObject().value(config_key::last_config).toString();
+
+        auto configurator = createConfigurator(proto);
+        protocolConfigString = configurator->processConfigWithLocalSettings(dns, isApiConfig, protocolConfigString);
+
+        QJsonObject vpnConfigData = QJsonDocument::fromJson(protocolConfigString.toUtf8()).object();
+        vpnConfigData = QJsonDocument::fromJson(protocolConfigString.toUtf8()).object();
+        vpnConfiguration.insert(ProtocolProps::key_proto_config_data(proto), vpnConfigData);
+    }
+
+    Proto proto = ContainerProps::defaultProtocol(container);
+    vpnConfiguration[config_key::vpnproto] = ProtocolProps::protoToString(proto);
+
+    vpnConfiguration[config_key::dns1] = dns.first;
+    vpnConfiguration[config_key::dns2] = dns.second;
+
+    vpnConfiguration[config_key::hostName] = serverConfig.value(config_key::hostName).toString();
+    vpnConfiguration[config_key::description] = serverConfig.value(config_key::description).toString();
+
+    vpnConfiguration[config_key::configVersion] = serverConfig.value(config_key::configVersion).toInt();
+    // TODO: try to get hostName, port, description for 3rd party configs
+    // vpnConfiguration[config_key::port] = ...;
+
+    return vpnConfiguration;
+}
+
+void VpnConfigurationsController::updateContainerConfigAfterInstallation(const DockerContainer container, QJsonObject &containerConfig,
+                                                                         const QString &stdOut)
+{
+    Proto mainProto = ContainerProps::defaultProtocol(container);
+
+    if (container == DockerContainer::TorWebSite) {
+        QJsonObject protocol = containerConfig.value(ProtocolProps::protoToString(mainProto)).toObject();
+
+        qDebug() << "amnezia-tor onions" << stdOut;
+
+        QString onion = stdOut;
+        onion.replace("\n", "");
+        protocol.insert(config_key::site, onion);
+
+        containerConfig.insert(ProtocolProps::protoToString(mainProto), protocol);
+    }
+}
@@ -0,0 +1,35 @@
+#ifndef VPNCONFIGIRATIONSCONTROLLER_H
+#define VPNCONFIGIRATIONSCONTROLLER_H
+
+#include <QObject>
+
+#include "configurators/configurator_base.h"
+#include "containers/containers_defs.h"
+#include "core/defs.h"
+#include "settings.h"
+
+class VpnConfigurationsController : public QObject
+{
+    Q_OBJECT
+public:
+    explicit VpnConfigurationsController(const std::shared_ptr<Settings> &settings, QObject *parent = nullptr);
+
+public slots:
+    ErrorCode createProtocolConfigForContainer(const ServerCredentials &credentials, const DockerContainer container,
+                                               QJsonObject &containerConfig);
+    ErrorCode createProtocolConfigString(const bool isApiConfig, const QPair<QString, QString> &dns, const ServerCredentials &credentials,
+                                         const DockerContainer container, const QJsonObject &containerConfig, const Proto protocol,
+                                         QString &protocolConfigString);
+    QJsonObject createVpnConfiguration(const QPair<QString, QString> &dns, const QJsonObject &serverConfig,
+                                       const QJsonObject &containerConfig, const DockerContainer container, ErrorCode errorCode);
+
+    static void updateContainerConfigAfterInstallation(const DockerContainer container, QJsonObject &containerConfig, const QString &stdOut);
+signals:
+
+private:
+    QScopedPointer<ConfiguratorBase> createConfigurator(const Proto protocol);
+
+    std::shared_ptr<Settings> m_settings;
+};
+
+#endif // VPNCONFIGIRATIONSCONTROLLER_H
@@ -22,6 +22,20 @@ namespace amnezia
        }
    };

+    struct InstalledAppInfo {
+        QString appName;
+        QString packageName;
+        QString appPath;
+
+        bool operator==(const InstalledAppInfo& other) const {
+            if (!packageName.isEmpty()) {
+                return packageName == other.packageName;
+            } else {
+                return appPath == other.appPath;
+            }
+        }
+    };
+
    enum ErrorCode {
        // General error codes
        NoError = 0,
@@ -59,6 +73,8 @@ namespace amnezia
        CloakExecutableMissing = 602,
        AmneziaServiceConnectionFailed = 603,
        ExecutableMissing = 604,
+        XrayExecutableMissing = 605,
+        Tun2SockExecutableMissing = 606,        

        // VPN errors
        OpenVpnAdaptersInUseError = 700,
@@ -70,6 +86,8 @@ namespace amnezia
        OpenSslFailed = 800,
        ShadowSocksExecutableCrashed = 801,
        CloakExecutableCrashed = 802,
+        XrayExecutableCrashed = 803,
+        Tun2SockExecutableCrashed = 804,

        // import and install errors
        ImportInvalidConfigError = 900,
@@ -19,6 +19,7 @@ QString errorString(ErrorCode code) {
    case(ServerDockerFailedError): errorMessage = QObject::tr("Server error: Docker failed"); break;
    case(ServerCancelInstallation): errorMessage = QObject::tr("Installation canceled by user"); break;
    case(ServerUserNotInSudo): errorMessage = QObject::tr("The user does not have permission to use sudo"); break;
+    case(ServerPacketManagerError): errorMessage = QObject::tr("Server error: Packet manager error"); break;

    // Libssh errors
    case(SshRequestDeniedError): errorMessage = QObject::tr("Ssh request was denied"); break;
@@ -0,0 +1,12 @@
+#include "installedAppsImageProvider.h"
+
+#include "platforms/android/android_controller.h"
+
+InstalledAppsImageProvider::InstalledAppsImageProvider() : QQuickImageProvider(QQuickImageProvider::Pixmap)
+{
+}
+
+QPixmap InstalledAppsImageProvider::requestPixmap(const QString &id, QSize *size, const QSize &requestedSize)
+{
+    return AndroidController::instance()->getAppIcon(id, size, requestedSize);
+}
@@ -0,0 +1,15 @@
+#ifndef INSTALLEDAPPSIMAGEPROVIDER_H
+#define INSTALLEDAPPSIMAGEPROVIDER_H
+
+#include <QObject>
+#include <QQuickImageProvider>
+
+class InstalledAppsImageProvider : public QQuickImageProvider
+{
+public:
+    InstalledAppsImageProvider();
+
+    QPixmap requestPixmap(const QString &id, QSize *size, const QSize &requestedSize) override;
+};
+
+#endif // INSTALLEDAPPSIMAGEPROVIDER_H
@@ -0,0 +1,462 @@
+#include "networkUtilities.h"
+
+#ifdef Q_OS_WIN
+    #include <windows.h>
+    #include <Ipexport.h>
+    #include <Ws2tcpip.h>
+    #include <ws2ipdef.h>
+    #include <stdint.h>
+    #include <Iphlpapi.h>
+    #include <Iptypes.h>
+    #include <WinSock2.h>
+    #include <winsock.h>
+    #include <QNetworkInterface>
+    #include "qendian.h"
+#endif
+#ifdef Q_OS_LINUX
+    #include <arpa/inet.h>
+    #include <linux/netlink.h>
+    #include <linux/rtnetlink.h>
+    #include <net/if.h>
+    #include <sys/ioctl.h>
+    #include <sys/socket.h>
+    #include <unistd.h>
+#endif
+#if defined(Q_OS_MAC) && !defined(Q_OS_IOS)
+    #include <sys/param.h>
+    #include <sys/sysctl.h>
+    #include <sys/socket.h>
+    #include <netinet/in.h>
+    #include <arpa/inet.h>
+    #include <net/route.h>
+#endif
+
+#include <QHostAddress>
+#include <QHostInfo>
+
+QRegularExpression NetworkUtilities::ipAddressRegExp()
+{
+    return QRegularExpression("^((25[0-5]|(2[0-4]|1[0-9]|[1-9]|)[0-9])(\\.(?!$)|$)){4}$");
+}
+
+QRegularExpression NetworkUtilities::ipAddressPortRegExp()
+{
+    return QRegularExpression("^(?:(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])\\.){3}"
+                              "(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])(\\:[0-9]{1,5}){0,1}$");
+}
+
+QRegExp NetworkUtilities::ipAddressWithSubnetRegExp()
+{
+    return QRegExp("(?:(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])\\.){3}"
+                   "(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])(\\/[0-9]{1,2}){0,1}");
+}
+
+QRegExp NetworkUtilities::ipNetwork24RegExp()
+{
+    return QRegExp("^(?:(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])\\.){3}"
+                   "0$");
+}
+
+QRegExp NetworkUtilities::ipPortRegExp()
+{
+    return QRegExp("^()([1-9]|[1-5]?[0-9]{2,4}|6[1-4][0-9]{3}|65[1-4][0-9]{2}|655[1-2][0-9]|6553[1-5])$");
+}
+
+QRegExp NetworkUtilities::domainRegExp()
+{
+    return QRegExp("(((?!\\-))(xn\\-\\-)?[a-z0-9\\-_]{0,61}[a-z0-9]{1,1}\\.)*(xn\\-\\-)?([a-z0-9\\-]{1,61}|[a-z0-"
+                   "9\\-]{1,30})\\.[a-z]{2,}");
+}
+
+QString NetworkUtilities::netMaskFromIpWithSubnet(const QString ip)
+{
+    if (!ip.contains("/"))
+        return "255.255.255.255";
+
+    bool ok;
+    int prefix = ip.split("/").at(1).toInt(&ok);
+    if (!ok)
+        return "255.255.255.255";
+
+    unsigned long mask = (0xFFFFFFFF << (32 - prefix)) & 0xFFFFFFFF;
+
+    return QString("%1.%2.%3.%4").arg(mask >> 24).arg((mask >> 16) & 0xFF).arg((mask >> 8) & 0xFF).arg(mask & 0xFF);
+}
+
+QString NetworkUtilities::ipAddressFromIpWithSubnet(const QString ip)
+{
+    if (ip.count(".") != 3)
+        return "";
+    return ip.split("/").first();
+}
+
+QStringList NetworkUtilities::summarizeRoutes(const QStringList &ips, const QString cidr)
+{
+    //    QMap<int, int>
+    //    QHostAddress
+
+           //    QMap<QString, QStringList> subnets; // <"a.b", <list subnets>>
+
+           //    for (const QString &ip : ips) {
+           //        if (ip.count(".") != 3) continue;
+
+           //        const QStringList &parts = ip.split(".");
+           //        subnets[parts.at(0) + "." + parts.at(1)].append(ip);
+           //    }
+
+    return QStringList();
+}
+
+QString NetworkUtilities::getIPAddress(const QString &host)
+{
+    if (ipAddressRegExp().match(host).hasMatch()) {
+        return host;
+    }
+
+    QList<QHostAddress> addresses = QHostInfo::fromName(host).addresses();
+    if (!addresses.isEmpty()) {
+        return addresses.first().toString();
+    }
+    qDebug() << "Unable to resolve address for " << host;
+    return "";
+}
+
+QString NetworkUtilities::getStringBetween(const QString &s, const QString &a, const QString &b)
+{
+    int ap = s.indexOf(a), bp = s.indexOf(b, ap + a.length());
+    if (ap < 0 || bp < 0)
+        return QString();
+    ap += a.length();
+    if (bp - ap <= 0)
+        return QString();
+    return s.mid(ap, bp - ap).trimmed();
+}
+
+bool NetworkUtilities::checkIPv4Format(const QString &ip)
+{
+    if (ip.isEmpty())
+        return false;
+    int count = ip.count(".");
+    if (count != 3)
+        return false;
+
+    QHostAddress addr(ip);
+    return (addr.protocol() == QAbstractSocket::NetworkLayerProtocol::IPv4Protocol);
+}
+
+bool NetworkUtilities::checkIpSubnetFormat(const QString &ip)
+{
+    if (!ip.contains("/"))
+        return checkIPv4Format(ip);
+
+    QStringList parts = ip.split("/");
+    if (parts.size() != 2)
+        return false;
+
+    bool ok;
+    int subnet = parts.at(1).toInt(&ok);
+    if (subnet >= 0 && subnet <= 32 && ok)
+        return checkIPv4Format(parts.at(0));
+    else
+        return false;
+}
+
+// static
+int NetworkUtilities::AdapterIndexTo(const QHostAddress& dst) {
+#ifdef Q_OS_WIN
+    qDebug() << "Getting Current Internet Adapter that routes to"
+             << dst.toString();
+    quint32_be ipBigEndian;
+    quint32 ip = dst.toIPv4Address();
+    qToBigEndian(ip, &ipBigEndian);
+    _MIB_IPFORWARDROW routeInfo;
+    auto result = GetBestRoute(ipBigEndian, 0, &routeInfo);
+    if (result != NO_ERROR) {
+        return -1;
+    }
+    auto adapter =
+        QNetworkInterface::interfaceFromIndex(routeInfo.dwForwardIfIndex);
+    qDebug() << "Internet Adapter:" << adapter.name();
+    return routeInfo.dwForwardIfIndex;
+#endif
+    return 0;
+}
+
+#ifdef Q_OS_WIN
+DWORD GetAdaptersAddressesWrapper(const ULONG Family,
+                                  const ULONG Flags,
+                                  const PVOID Reserved,
+                                  _Out_ PIP_ADAPTER_ADDRESSES& pAdapterAddresses) {
+    DWORD dwRetVal = 0;
+    int iter = 0;
+    constexpr int max_iter = 3;
+    ULONG AdapterAddressesLen = 15000;
+    do {
+        // xassert2(pAdapterAddresses == nullptr);
+        pAdapterAddresses = (IP_ADAPTER_ADDRESSES*)malloc(AdapterAddressesLen);
+        if (pAdapterAddresses == nullptr) {
+            qDebug() << "can not malloc" << AdapterAddressesLen << "bytes";
+            return ERROR_OUTOFMEMORY;
+        }
+
+        dwRetVal = GetAdaptersAddresses(Family, Flags, NULL, pAdapterAddresses, &AdapterAddressesLen);
+
+        if (dwRetVal == ERROR_BUFFER_OVERFLOW) {
+            free(pAdapterAddresses);
+            pAdapterAddresses = nullptr;
+        } else {
+            break;
+        }
+
+        iter++;
+    } while ((dwRetVal == ERROR_BUFFER_OVERFLOW) && (iter < max_iter));
+
+    if (dwRetVal != NO_ERROR) {
+        qDebug() << "Family: " << Family << ", Flags: " << Flags << " AdapterAddressesLen: " << AdapterAddressesLen <<
+                ", dwRetVal:" << dwRetVal << ", iter: " << iter;
+        if (pAdapterAddresses) {
+            free(pAdapterAddresses);
+            pAdapterAddresses = nullptr;
+        }
+    }
+
+    return dwRetVal;
+}
+#endif
+
+QString NetworkUtilities::getGatewayAndIface()
+{
+#ifdef Q_OS_WIN
+    constexpr int BUFF_LEN = 100;
+    char buff[BUFF_LEN] = {'\0'};
+    QString result;
+
+    PIP_ADAPTER_ADDRESSES pAdapterAddresses = nullptr;
+    DWORD dwRetVal =
+            GetAdaptersAddressesWrapper(AF_INET, GAA_FLAG_INCLUDE_GATEWAYS, NULL, pAdapterAddresses);
+
+    if (dwRetVal != NO_ERROR) {
+        qDebug() << "ipv4 stack detect GetAdaptersAddresses failed.";
+        return "";
+    }
+
+    PIP_ADAPTER_ADDRESSES pCurAddress = pAdapterAddresses;
+    while (pCurAddress) {
+        PIP_ADAPTER_GATEWAY_ADDRESS_LH gateway = pCurAddress->FirstGatewayAddress;
+        if (gateway) {
+            SOCKET_ADDRESS gateway_address = gateway->Address;
+            if (gateway->Address.lpSockaddr->sa_family == AF_INET) {
+                sockaddr_in* sa_in = (sockaddr_in*)gateway->Address.lpSockaddr;
+                QString gw = inet_ntop(AF_INET, &(sa_in->sin_addr), buff, BUFF_LEN);
+                qDebug() <<  "gateway IPV4:" << gw;
+                struct sockaddr_in addr;
+                if (inet_pton(AF_INET, buff, &addr.sin_addr) == 1) {
+                    qDebug() <<  "this is true v4 !";
+                    result = gw;
+                }
+            }
+        }
+        pCurAddress = pCurAddress->Next;
+    }
+
+    free(pAdapterAddresses);
+    return result;
+#endif
+#ifdef Q_OS_LINUX
+    constexpr int BUFFER_SIZE = 100;
+    int     received_bytes = 0, msg_len = 0, route_attribute_len = 0;
+    int     sock = -1, msgseq = 0;
+    struct  nlmsghdr *nlh, *nlmsg;
+    struct  rtmsg *route_entry;
+    // This struct contain route attributes (route type)
+    struct  rtattr *route_attribute;
+    char    gateway_address[INET_ADDRSTRLEN], interface[IF_NAMESIZE];
+    char    msgbuf[BUFFER_SIZE], buffer[BUFFER_SIZE];
+    char    *ptr = buffer;
+    struct timeval tv;
+
+    if ((sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE)) < 0) {
+        perror("socket failed");
+        return "";
+    }
+
+    memset(msgbuf, 0, sizeof(msgbuf));
+    memset(gateway_address, 0, sizeof(gateway_address));
+    memset(interface, 0, sizeof(interface));
+    memset(buffer, 0, sizeof(buffer));
+
+    /* point the header and the msg structure pointers into the buffer */
+    nlmsg = (struct nlmsghdr *)msgbuf;
+
+    /* Fill in the nlmsg header*/
+    nlmsg->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg));
+    nlmsg->nlmsg_type = RTM_GETROUTE; // Get the routes from kernel routing table .
+    nlmsg->nlmsg_flags = NLM_F_DUMP | NLM_F_REQUEST; // The message is a request for dump.
+    nlmsg->nlmsg_seq = msgseq++; // Sequence of the message packet.
+    nlmsg->nlmsg_pid = getpid(); // PID of process sending the request.
+
+    /* 1 Sec Timeout to avoid stall */
+    tv.tv_sec = 1;
+    setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, (struct timeval *)&tv, sizeof(struct timeval));
+    /* send msg */
+    if (send(sock, nlmsg, nlmsg->nlmsg_len, 0) < 0) {
+        perror("send failed");
+        return "";
+    }
+
+    /* receive response */
+    do
+    {
+        received_bytes = recv(sock, ptr, sizeof(buffer) - msg_len, 0);
+        if (received_bytes < 0) {
+            perror("Error in recv");
+            return "";
+        }
+
+        nlh = (struct nlmsghdr *) ptr;
+
+        /* Check if the header is valid */
+        if((NLMSG_OK(nlmsg, received_bytes) == 0) ||
+            (nlmsg->nlmsg_type == NLMSG_ERROR))
+        {
+            perror("Error in received packet");
+            return "";
+        }
+
+        /* If we received all data break */
+        if (nlh->nlmsg_type == NLMSG_DONE)
+            break;
+        else {
+            ptr += received_bytes;
+            msg_len += received_bytes;
+        }
+
+        /* Break if its not a multi part message */
+        if ((nlmsg->nlmsg_flags & NLM_F_MULTI) == 0)
+            break;
+    }
+    while ((nlmsg->nlmsg_seq != msgseq) || (nlmsg->nlmsg_pid != getpid()));
+
+    /* parse response */
+    for ( ; NLMSG_OK(nlh, received_bytes); nlh = NLMSG_NEXT(nlh, received_bytes))
+    {
+        /* Get the route data */
+        route_entry = (struct rtmsg *) NLMSG_DATA(nlh);
+
+        /* We are just interested in main routing table */
+        if (route_entry->rtm_table != RT_TABLE_MAIN)
+            continue;
+
+        route_attribute = (struct rtattr *) RTM_RTA(route_entry);
+        route_attribute_len = RTM_PAYLOAD(nlh);
+
+        /* Loop through all attributes */
+        for ( ; RTA_OK(route_attribute, route_attribute_len);
+             route_attribute = RTA_NEXT(route_attribute, route_attribute_len))
+        {
+            switch(route_attribute->rta_type) {
+            case RTA_OIF:
+                if_indextoname(*(int *)RTA_DATA(route_attribute), interface);
+                break;
+            case RTA_GATEWAY:
+                inet_ntop(AF_INET, RTA_DATA(route_attribute),
+                          gateway_address, sizeof(gateway_address));
+                break;
+            default:
+                break;
+            }
+        }
+
+        if ((*gateway_address) && (*interface)) {
+            qDebug() << "Gateway " << gateway_address << " for interface " << interface;
+            break;
+        }
+    }
+    close(sock);
+    return gateway_address;
+#endif
+#if defined(Q_OS_MAC) && !defined(Q_OS_IOS)
+    QString gateway;
+    int mib[] = {CTL_NET, PF_ROUTE, 0, 0, NET_RT_FLAGS, RTF_GATEWAY};
+    int afinet_type[] = {AF_INET, AF_INET6};
+
+    for (int ip_type = 0; ip_type <= 1; ip_type++)
+    {
+        mib[3] = afinet_type[ip_type];
+
+        size_t needed = 0;
+        if (sysctl(mib, sizeof(mib) / sizeof(int), nullptr, &needed, nullptr, 0) < 0)
+            return "";
+
+        char* buf;
+        if ((buf = new char[needed]) == 0)
+            return "";
+
+        if (sysctl(mib, sizeof(mib) / sizeof(int), buf, &needed, nullptr, 0) < 0)
+        {
+            qDebug() << "sysctl: net.route.0.0.dump";
+            delete[] buf;
+            return gateway;
+        }
+
+        struct rt_msghdr* rt;
+        for (char* p = buf; p < buf + needed; p += rt->rtm_msglen)
+        {
+            rt = reinterpret_cast<struct rt_msghdr*>(p);
+            struct sockaddr* sa = reinterpret_cast<struct sockaddr*>(rt + 1);
+            struct sockaddr* sa_tab[RTAX_MAX];
+            for (int i = 0; i < RTAX_MAX; i++)
+            {
+                if (rt->rtm_addrs & (1 << i))
+                {
+                    sa_tab[i] = sa;
+                    sa = reinterpret_cast<struct sockaddr*>(
+                            reinterpret_cast<char*>(sa) +
+                            ((sa->sa_len) > 0 ? (1 + (((sa->sa_len) - 1) | (sizeof(long) - 1))) : sizeof(long)));
+                }
+                else
+                {
+                    sa_tab[i] = nullptr;
+                }
+            }
+
+            if (((rt->rtm_addrs & (RTA_DST | RTA_GATEWAY)) == (RTA_DST | RTA_GATEWAY)) &&
+                sa_tab[RTAX_DST]->sa_family == afinet_type[ip_type] &&
+                sa_tab[RTAX_GATEWAY]->sa_family == afinet_type[ip_type])
+            {
+                if (afinet_type[ip_type] == AF_INET)
+                {
+                    if ((reinterpret_cast<struct sockaddr_in*>(sa_tab[RTAX_DST]))->sin_addr.s_addr == 0)
+                    {
+                        char dstStr4[INET_ADDRSTRLEN];
+                        char srcStr4[INET_ADDRSTRLEN];
+                        memcpy(srcStr4,
+                               &(reinterpret_cast<struct sockaddr_in*>(sa_tab[RTAX_GATEWAY]))->sin_addr,
+                               sizeof(struct in_addr));
+                        if (inet_ntop(AF_INET, srcStr4, dstStr4, INET_ADDRSTRLEN) != nullptr)
+                            gateway = dstStr4;
+                        break;
+                    }
+                }
+                else if (afinet_type[ip_type] == AF_INET6)
+                {
+                    if ((reinterpret_cast<struct sockaddr_in*>(sa_tab[RTAX_DST]))->sin_addr.s_addr == 0)
+                    {
+                        char dstStr6[INET6_ADDRSTRLEN];
+                        char srcStr6[INET6_ADDRSTRLEN];
+                        memcpy(srcStr6,
+                               &(reinterpret_cast<struct sockaddr_in6*>(sa_tab[RTAX_GATEWAY]))->sin6_addr,
+                               sizeof(struct in6_addr));
+                        if (inet_ntop(AF_INET6, srcStr6, dstStr6, INET6_ADDRSTRLEN) != nullptr)
+                            gateway = dstStr6;
+                        break;
+                    }
+                }
+            }
+        }
+        free(buf);
+    }
+
+    return gateway;
+#endif
+}
@@ -0,0 +1,36 @@
+#ifndef NETWORKUTILITIES_H
+#define NETWORKUTILITIES_H
+
+#include <QRegularExpression>
+#include <QRegExp>
+#include <QString>
+#include <QHostAddress>
+
+
+class NetworkUtilities : public QObject
+{
+    Q_OBJECT
+public:
+    static QString getIPAddress(const QString &host);
+    static QString getStringBetween(const QString &s, const QString &a, const QString &b);
+    static bool checkIPv4Format(const QString &ip);
+    static bool checkIpSubnetFormat(const QString &ip);
+    static QString getGatewayAndIface();
+    // Returns the Interface Index that could Route to dst
+    static int AdapterIndexTo(const QHostAddress& dst);
+
+    static QRegularExpression ipAddressRegExp();
+    static QRegularExpression ipAddressPortRegExp();
+    static QRegExp ipAddressWithSubnetRegExp();
+    static QRegExp ipNetwork24RegExp();
+    static QRegExp ipPortRegExp();
+    static QRegExp domainRegExp();
+
+    static QString netMaskFromIpWithSubnet(const QString ip);
+    static QString ipAddressFromIpWithSubnet(const QString ip);
+
+    static QStringList summarizeRoutes(const QStringList &ips, const QString cidr);
+
+};
+
+#endif // NETWORKUTILITIES_H
@@ -13,11 +13,12 @@ QString amnezia::scriptFolder(amnezia::DockerContainer container)
    case DockerContainer::WireGuard: return QLatin1String("wireguard");
    case DockerContainer::Awg: return QLatin1String("awg");
    case DockerContainer::Ipsec: return QLatin1String("ipsec");
+    case DockerContainer::Xray: return QLatin1String("xray");

    case DockerContainer::TorWebSite: return QLatin1String("website_tor");
    case DockerContainer::Dns: return QLatin1String("dns");
    case DockerContainer::Sftp: return QLatin1String("sftp");
-    default: return "";
+    default: return QString();
    }
 }

@@ -47,6 +48,7 @@ QString amnezia::scriptName(ProtocolScriptType type)
    case ProtocolScriptType::openvpn_template: return QLatin1String("template.ovpn");
    case ProtocolScriptType::wireguard_template: return QLatin1String("template.conf");
    case ProtocolScriptType::awg_template: return QLatin1String("template.conf");
+    case ProtocolScriptType::xray_template: return QLatin1String("template.json");
    default: return QString();
    }
 }
@@ -27,7 +27,8 @@ enum ProtocolScriptType {
    container_startup,
    openvpn_template,
    wireguard_template,
-    awg_template
+    awg_template,
+    xray_template
 };


@@ -35,8 +35,10 @@ class Daemon : public QObject {
  virtual QJsonObject getStatus();

  // Callback before any Activating measure is done
-  virtual void prepareActivation(const InterfaceConfig& config){
-      Q_UNUSED(config)};
+  virtual void prepareActivation(const InterfaceConfig& config, int inetAdapterIndex = 0) {
+      Q_UNUSED(config)  };
+  virtual void activateSplitTunnel(const InterfaceConfig& config, int vpnAdapterIndex = 0) {
+      Q_UNUSED(config)  };

  QString logs();
  void cleanLogs();
@@ -0,0 +1,5 @@
+<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M12 22C17.5228 22 22 17.5228 22 12C22 6.47715 17.5228 2 12 2C6.47715 2 2 6.47715 2 12C2 17.5228 6.47715 22 12 22Z" stroke="#D7D8DB" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M12 8V12" stroke="#D7D8DB" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M12 16H12.01" stroke="#D7D8DB" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+</svg>
@@ -0,0 +1,5 @@
+<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M4 22H18C18.5304 22 19.0391 21.7893 19.4142 21.4142C19.7893 21.0391 20 20.5304 20 20V7.5L14.5 2H6C5.46957 2 4.96086 2.21071 4.58579 2.58579C4.21071 2.96086 4 3.46957 4 4V8" stroke="#D7D8DB" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M14 2V8H20" stroke="#D7D8DB" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M3 15L5 17L9 13" stroke="#D7D8DB" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+</svg>
@@ -117,6 +117,9 @@ void LocalSocketController::activate(const QJsonObject &rawConfig) {
  int splitTunnelType = rawConfig.value("splitTunnelType").toInt();
  QJsonArray splitTunnelSites = rawConfig.value("splitTunnelSites").toArray();

+  int appSplitTunnelType = rawConfig.value(amnezia::config_key::appSplitTunnelType).toInt();
+  QJsonArray splitTunnelApps = rawConfig.value(amnezia::config_key::splitTunnelApps).toArray();
+
  QJsonObject wgConfig = rawConfig.value(protocolName + "_config_data").toObject();

  QJsonObject json;
@@ -217,12 +220,7 @@ void LocalSocketController::activate(const QJsonObject &rawConfig) {

  json.insert("excludedAddresses", jsExcludedAddresses);

-
-  //  QJsonArray splitTunnelApps;
-  //  for (const auto& uri : hop.m_vpnDisabledApps) {
-  //    splitTunnelApps.append(QJsonValue(uri));
-  //  }
-  //  json.insert("vpnDisabledApps", splitTunnelApps);
+  json.insert("vpnDisabledApps", splitTunnelApps);
  
  if (protocolName == amnezia::config_key::awg) {
    json.insert(amnezia::config_key::junkPacketCount, wgConfig.value(amnezia::config_key::junkPacketCount));
@@ -2,6 +2,9 @@
 #include <QJsonDocument>
 #include <QQmlFile>
 #include <QEventLoop>
+#include <QImage>
+
+#include <android/bitmap.h>

 #include "android_controller.h"
 #include "android_utils.h"
@@ -209,6 +212,51 @@ void AndroidController::setScreenshotsEnabled(bool enabled)
    callActivityMethod("setScreenshotsEnabled", "(Z)V", enabled);
 }

+void AndroidController::minimizeApp()
+{
+    callActivityMethod("minimizeApp", "()V");
+}
+
+QJsonArray AndroidController::getAppList()
+{
+    QJniObject appList = callActivityMethod<jstring>("getAppList", "()Ljava/lang/String;");
+    QJsonArray jsonAppList = QJsonDocument::fromJson(appList.toString().toUtf8()).array();
+    return jsonAppList;
+}
+
+QPixmap AndroidController::getAppIcon(const QString &package, QSize *size, const QSize &requestedSize)
+{
+    QJniObject bitmap = callActivityMethod<jobject>("getAppIcon", "(Ljava/lang/String;II)Landroid/graphics/Bitmap;",
+                                                    QJniObject::fromString(package).object<jstring>(),
+                                                    requestedSize.width(), requestedSize.height());
+
+    QJniEnvironment env;
+    AndroidBitmapInfo info;
+    if (AndroidBitmap_getInfo(env.jniEnv(), bitmap.object(), &info) != ANDROID_BITMAP_RESULT_SUCCESS) return {};
+
+    void *pixels;
+    if (AndroidBitmap_lockPixels(env.jniEnv(), bitmap.object(), &pixels) != ANDROID_BITMAP_RESULT_SUCCESS) return {};
+
+    int width = info.width;
+    int height = info.height;
+
+    size->setWidth(width);
+    size->setHeight(height);
+
+    QImage image(width, height, QImage::Format_RGBA8888);
+    if (info.stride == uint32_t(image.bytesPerLine())) {
+        memcpy((void *) image.constBits(), pixels, info.stride * height);
+    } else {
+        auto *bmpPtr = static_cast<uchar *>(pixels);
+        for (int i = 0; i < height; i++, bmpPtr += info.stride)
+            memcpy((void *) image.constScanLine(i), bmpPtr, width);
+    }
+
+    if (AndroidBitmap_unlockPixels(env.jniEnv(), bitmap.object()) != ANDROID_BITMAP_RESULT_SUCCESS) return {};
+
+    return QPixmap::fromImage(image);
+}
+
 // Moving log processing to the Android side
 jclass AndroidController::log;
 jmethodID AndroidController::logDebug;
@@ -2,6 +2,7 @@
 #define ANDROID_CONTROLLER_H

 #include <QJniObject>
+#include <QPixmap>

 #include "protocols/vpnprotocol.h"

@@ -40,6 +41,9 @@ public:
    void exportLogsFile(const QString &fileName);
    void clearLogs();
    void setScreenshotsEnabled(bool enabled);
+    void minimizeApp();
+    QJsonArray getAppList();
+    QPixmap getAppIcon(const QString &package, QSize *size, const QSize &requestedSize);

    static bool initLogging();
    static void messageHandler(QtMsgType type, const QMessageLogContext &context, const QString &message);
@@ -19,8 +19,10 @@
 #include <sys/ioctl.h>
 #include <sys/socket.h>

+#include "../utilities.h"
 #include "leakdetector.h"
 #include "logger.h"
+#include "core/networkUtilities.h"

 namespace {
 Logger logger("LinuxRouteMonitor");
@@ -163,7 +165,7 @@ bool LinuxRouteMonitor::rtmSendRoute(int action, int flags, int type,

    if (rtm->rtm_type == RTN_THROW) {
    struct in_addr ip4;
-    inet_pton(AF_INET, getgatewayandiface().toUtf8(), &ip4);
+    inet_pton(AF_INET, NetworkUtilities::getGatewayAndIface().toUtf8(), &ip4);
    nlmsg_append_attr(nlmsg, sizeof(buf), RTA_GATEWAY, &ip4, sizeof(ip4));
    nlmsg_append_attr32(nlmsg, sizeof(buf), RTA_PRIORITY, 0);
    rtm->rtm_type = RTN_UNICAST;
@@ -221,122 +223,6 @@ void LinuxRouteMonitor::nlsockReady() {
    }
 }

-#define BUFFER_SIZE 4096
-
-QString LinuxRouteMonitor::getgatewayandiface()
-{
-    int     received_bytes = 0, msg_len = 0, route_attribute_len = 0;
-    int     sock = -1, msgseq = 0;
-    struct  nlmsghdr *nlh, *nlmsg;
-    struct  rtmsg *route_entry;
-    // This struct contain route attributes (route type)
-    struct  rtattr *route_attribute;
-    char    gateway_address[INET_ADDRSTRLEN], interface[IF_NAMESIZE];
-    char    msgbuf[BUFFER_SIZE], buffer[BUFFER_SIZE];
-    char    *ptr = buffer;
-    struct timeval tv;
-
-    if ((sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE)) < 0) {
-    perror("socket failed");
-    return "";
-    }
-
-    memset(msgbuf, 0, sizeof(msgbuf));
-    memset(gateway_address, 0, sizeof(gateway_address));
-    memset(interface, 0, sizeof(interface));
-    memset(buffer, 0, sizeof(buffer));
-
-    /* point the header and the msg structure pointers into the buffer */
-    nlmsg = (struct nlmsghdr *)msgbuf;
-
-    /* Fill in the nlmsg header*/
-    nlmsg->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg));
-    nlmsg->nlmsg_type = RTM_GETROUTE; // Get the routes from kernel routing table .
-    nlmsg->nlmsg_flags = NLM_F_DUMP | NLM_F_REQUEST; // The message is a request for dump.
-    nlmsg->nlmsg_seq = msgseq++; // Sequence of the message packet.
-    nlmsg->nlmsg_pid = getpid(); // PID of process sending the request.
-
-    /* 1 Sec Timeout to avoid stall */
-    tv.tv_sec = 1;
-    setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, (struct timeval *)&tv, sizeof(struct timeval));
-    /* send msg */
-    if (send(sock, nlmsg, nlmsg->nlmsg_len, 0) < 0) {
-    perror("send failed");
-    return "";
-    }
-
-    /* receive response */
-    do
-    {
-    received_bytes = recv(sock, ptr, sizeof(buffer) - msg_len, 0);
-    if (received_bytes < 0) {
-        perror("Error in recv");
-        return "";
-    }
-
-    nlh = (struct nlmsghdr *) ptr;
-
-    /* Check if the header is valid */
-    if((NLMSG_OK(nlmsg, received_bytes) == 0) ||
-        (nlmsg->nlmsg_type == NLMSG_ERROR))
-    {
-        perror("Error in received packet");
-        return "";
-    }
-
-    /* If we received all data break */
-    if (nlh->nlmsg_type == NLMSG_DONE)
-        break;
-    else {
-        ptr += received_bytes;
-        msg_len += received_bytes;
-    }
-
-    /* Break if its not a multi part message */
-    if ((nlmsg->nlmsg_flags & NLM_F_MULTI) == 0)
-        break;
-    }
-    while ((nlmsg->nlmsg_seq != msgseq) || (nlmsg->nlmsg_pid != getpid()));
-
-    /* parse response */
-    for ( ; NLMSG_OK(nlh, received_bytes); nlh = NLMSG_NEXT(nlh, received_bytes))
-    {
-    /* Get the route data */
-    route_entry = (struct rtmsg *) NLMSG_DATA(nlh);
-
-    /* We are just interested in main routing table */
-    if (route_entry->rtm_table != RT_TABLE_MAIN)
-        continue;
-
-    route_attribute = (struct rtattr *) RTM_RTA(route_entry);
-    route_attribute_len = RTM_PAYLOAD(nlh);
-
-    /* Loop through all attributes */
-    for ( ; RTA_OK(route_attribute, route_attribute_len);
-         route_attribute = RTA_NEXT(route_attribute, route_attribute_len))
-    {
-        switch(route_attribute->rta_type) {
-        case RTA_OIF:
-            if_indextoname(*(int *)RTA_DATA(route_attribute), interface);
-            break;
-        case RTA_GATEWAY:
-            inet_ntop(AF_INET, RTA_DATA(route_attribute),
-                      gateway_address, sizeof(gateway_address));
-            break;
-        default:
-            break;
-        }
-    }
-
-    if ((*gateway_address) && (*interface)) {
-        logger.debug() << "Gateway " << gateway_address << " for interface " << interface;
-        break;
-    }
-    }
-    close(sock);
-    return gateway_address;
-}
-
 static bool buildAllowedIp(wg_allowedip* ip,
                                         const IPAddress& prefix) {
    const char* addrString = qPrintable(prefix.address().toString());
@@ -31,7 +31,6 @@ class LinuxRouteMonitor final : public QObject {
  static QString addrToString(const QByteArray& data);
  bool rtmSendRoute(int action, int flags, int type,
                    const IPAddress& prefix);
-  QString getgatewayandiface();
  QString m_ifname;
  unsigned int m_ifindex = 0;
  int m_nlsock = -1;
@@ -18,6 +18,7 @@
 #include "dnsutilswindows.h"
 #include "leakdetector.h"
 #include "logger.h"
+#include "core/networkUtilities.h"
 #include "platforms/windows/windowscommons.h"
 #include "platforms/windows/windowsservicemanager.h"
 #include "windowsfirewall.h"
@@ -43,11 +44,24 @@ WindowsDaemon::~WindowsDaemon() {
  logger.debug() << "Daemon released";
 }

-void WindowsDaemon::prepareActivation(const InterfaceConfig& config) {
+void WindowsDaemon::prepareActivation(const InterfaceConfig& config, int inetAdapterIndex) {
  // Before creating the interface we need to check which adapter
  // routes to the server endpoint
-  auto serveraddr = QHostAddress(config.m_serverIpv4AddrIn);
-  m_inetAdapterIndex = WindowsCommons::AdapterIndexTo(serveraddr);
+  if (inetAdapterIndex == 0) {
+      auto serveraddr = QHostAddress(config.m_serverIpv4AddrIn);
+      m_inetAdapterIndex = NetworkUtilities::AdapterIndexTo(serveraddr);
+  } else {
+      m_inetAdapterIndex = inetAdapterIndex;
+  }
+}
+
+void WindowsDaemon::activateSplitTunnel(const InterfaceConfig& config, int vpnAdapterIndex) {
+  if (config.m_vpnDisabledApps.length() > 0) {
+      m_splitTunnelManager.start(m_inetAdapterIndex, vpnAdapterIndex);
+      m_splitTunnelManager.setRules(config.m_vpnDisabledApps);
+  } else {
+      m_splitTunnelManager.stop();
+  }
 }

 bool WindowsDaemon::run(Op op, const InterfaceConfig& config) {
@@ -64,12 +78,8 @@ bool WindowsDaemon::run(Op op, const InterfaceConfig& config) {
    }
  }

-  if (config.m_vpnDisabledApps.length() > 0) {
-    m_splitTunnelManager.start(m_inetAdapterIndex);
-    m_splitTunnelManager.setRules(config.m_vpnDisabledApps);
-  } else {
-    m_splitTunnelManager.stop();
-  }
+  activateSplitTunnel(config);
+
  return true;
 }

@@ -20,7 +20,8 @@ class WindowsDaemon final : public Daemon {
  WindowsDaemon();
  ~WindowsDaemon();

-  void prepareActivation(const InterfaceConfig& config) override;
+  void prepareActivation(const InterfaceConfig& config, int inetAdapterIndex = 0) override;
+  void activateSplitTunnel(const InterfaceConfig& config, int vpnAdapterIndex = 0) override;

 protected:
  bool run(Op op, const InterfaceConfig& config) override;
@@ -134,7 +134,7 @@ void WindowsSplitTunnel::setRules(const QStringList& appPaths) {
  logger.debug() << "New Configuration applied: " << getState();
 }

-void WindowsSplitTunnel::start(int inetAdapterIndex) {
+void WindowsSplitTunnel::start(int inetAdapterIndex, int vpnAdapterIndex) {
  // To Start we need to send 2 things:
  // Network info (what is vpn what is network)
  logger.debug() << "Starting SplitTunnel";
@@ -171,7 +171,7 @@ void WindowsSplitTunnel::start(int inetAdapterIndex) {
  }
  logger.debug() << "Driver is  ready || new State:" << getState();

-  auto config = generateIPConfiguration(inetAdapterIndex);
+  auto config = generateIPConfiguration(inetAdapterIndex, vpnAdapterIndex);
  auto ok = DeviceIoControl(m_driver, IOCTL_REGISTER_IP_ADDRESSES, &config[0],
                            (DWORD)config.size(), nullptr, 0, &bytesReturned,
                            nullptr);
@@ -270,14 +270,19 @@ std::vector<uint8_t> WindowsSplitTunnel::generateAppConfiguration(
 }

 std::vector<uint8_t> WindowsSplitTunnel::generateIPConfiguration(
-    int inetAdapterIndex) {
+    int inetAdapterIndex, int vpnAdapterIndex) {
  std::vector<uint8_t> out(sizeof(IP_ADDRESSES_CONFIG));

  auto config = reinterpret_cast<IP_ADDRESSES_CONFIG*>(&out[0]);

  auto ifaces = QNetworkInterface::allInterfaces();
+
+  if (vpnAdapterIndex == 0) {
+    vpnAdapterIndex = WindowsCommons::VPNAdapterIndex();
+  }
+
  // Always the VPN
-  getAddress(WindowsCommons::VPNAdapterIndex(), &config->TunnelIpv4,
+  getAddress(vpnAdapterIndex, &config->TunnelIpv4,
             &config->TunnelIpv6);
  // 2nd best route
  getAddress(inetAdapterIndex, &config->InternetIpv4, &config->InternetIpv6);
@@ -132,7 +132,7 @@ class WindowsSplitTunnel final : public QObject {
  void setRules(const QStringList& appPaths);

  // Fetches and Pushed needed info to move to engaged mode
-  void start(int inetAdapterIndex);
+  void start(int inetAdapterIndex, int vpnAdapterIndex = 0);
  // Deletes Rules and puts the driver into passive mode
  void stop();
  // Resets the Whole Driver
@@ -164,7 +164,7 @@ class WindowsSplitTunnel final : public QObject {
  // Generates a Configuration for Each APP
  std::vector<uint8_t> generateAppConfiguration(const QStringList& appPaths);
  // Generates a Configuration which IP's are VPN and which network
-  std::vector<uint8_t> generateIPConfiguration(int inetAdapterIndex);
+  std::vector<uint8_t> generateIPConfiguration(int inetAdapterIndex, int vpnAdapterIndex = 0);
  std::vector<uint8_t> generateProcessBlob();

  void getAddress(int adapterIndex, IN_ADDR* out_ipv4, IN6_ADDR* out_ipv6);
@@ -88,24 +88,6 @@ QString WindowsCommons::tunnelLogFile() {
  return QString();
 }

-// static
-int WindowsCommons::AdapterIndexTo(const QHostAddress& dst) {
-  logger.debug() << "Getting Current Internet Adapter that routes to"
-                 << logger.sensitive(dst.toString());
-  quint32_be ipBigEndian;
-  quint32 ip = dst.toIPv4Address();
-  qToBigEndian(ip, &ipBigEndian);
-  _MIB_IPFORWARDROW routeInfo;
-  auto result = GetBestRoute(ipBigEndian, 0, &routeInfo);
-  if (result != NO_ERROR) {
-    return -1;
-  }
-  auto adapter =
-      QNetworkInterface::interfaceFromIndex(routeInfo.dwForwardIfIndex);
-  logger.debug() << "Internet Adapter:" << adapter.name();
-  return routeInfo.dwForwardIfIndex;
-}
-
 // static
 int WindowsCommons::VPNAdapterIndex() {
  // For someReason QNetworkInterface::fromName(MozillaVPN) does not work >:(
@@ -19,8 +19,7 @@ class WindowsCommons final {

  // Returns the Interface Index of the VPN Adapter
  static int VPNAdapterIndex();
-  // Returns the Interface Index that could Route to dst
-  static int AdapterIndexTo(const QHostAddress& dst);
+
  // Returns the Path of the Current process
  static QString getCurrentPath();
 };
@@ -26,7 +26,6 @@ OpenVpnProtocol::~OpenVpnProtocol()

 QString OpenVpnProtocol::defaultConfigFileName()
 {
-    // qDebug() << "OpenVpnProtocol::defaultConfigFileName" << defaultConfigPath() + QString("/%1.ovpn").arg(APPLICATION_NAME);
    return defaultConfigPath() + QString("/%1.ovpn").arg(APPLICATION_NAME);
 }

@@ -161,7 +160,6 @@ void OpenVpnProtocol::updateRouteGateway(QString line)

 ErrorCode OpenVpnProtocol::start()
 {
-    // qDebug() << "Start OpenVPN connection";
    OpenVpnProtocol::stop();

    if (!QFileInfo::exists(Utils::openVpnExecPath())) {
@@ -196,9 +194,6 @@ ErrorCode OpenVpnProtocol::start()
    }
 #endif

-    //    QString vpnLogFileNamePath = Utils::systemLogPath() + "/openvpn.log";
-    //    Utils::createEmptyFile(vpnLogFileNamePath);
-
    uint mgmtPort = selectMgmtPort();
    qDebug() << "OpenVpnProtocol::start mgmt port selected:" << mgmtPort;

@@ -212,7 +207,6 @@ ErrorCode OpenVpnProtocol::start()
    m_openVpnProcess = IpcClient::CreatePrivilegedProcess();

    if (!m_openVpnProcess) {
-        // qWarning() << "IpcProcess replica is not created!";
        setLastError(ErrorCode::AmneziaServiceConnectionFailed);
        return ErrorCode::AmneziaServiceConnectionFailed;
    }
@@ -242,8 +236,6 @@ ErrorCode OpenVpnProtocol::start()

    m_openVpnProcess->start();

-    // startTimeoutTimer();
-
    return ErrorCode::NoError;
 }

@@ -339,13 +331,16 @@ void OpenVpnProtocol::updateVpnGateway(const QString &line)
                m_vpnLocalAddress = l.split(" ").at(1);
                m_vpnGateway = l.split(" ").at(2);
 #ifdef Q_OS_WIN
+                QThread::msleep(300);
                QList<QNetworkInterface> netInterfaces = QNetworkInterface::allInterfaces();
                for (int i = 0; i < netInterfaces.size(); i++) {
                    for (int j=0; j < netInterfaces.at(i).addressEntries().size(); j++)
                    {
                        if (m_vpnLocalAddress == netInterfaces.at(i).addressEntries().at(j).ip().toString()) {
                            IpcClient::Interface()->enableKillSwitch(QJsonObject(), netInterfaces.at(i).index());
+                            m_configData.insert("vpnAdapterIndex", netInterfaces.at(i).index());
                            m_configData.insert("vpnGateway", m_vpnGateway);
+                            m_configData.insert("vpnServer", m_configData.value(amnezia::config_key::hostName).toString());
                            IpcClient::Interface()->enablePeerTraffic(m_configData);
                        }
                    }
@@ -71,6 +71,7 @@ QMap<amnezia::Proto, QString> ProtocolProps::protocolHumanNames()
             { Proto::Awg, "AmneziaWG" },
             { Proto::Ikev2, "IKEv2" },
             { Proto::L2tp, "L2TP" },
+             { Proto::Xray, "XRay" },

             { Proto::TorWebSite, "Website in Tor network" },
             { Proto::Dns, "DNS Service" },
@@ -92,6 +93,7 @@ amnezia::ServiceType ProtocolProps::protocolService(Proto p)
    case Proto::WireGuard: return ServiceType::Vpn;
    case Proto::Awg: return ServiceType::Vpn;
    case Proto::Ikev2: return ServiceType::Vpn;
+    case Proto::Xray: return ServiceType::Vpn;

    case Proto::TorWebSite: return ServiceType::Other;
    case Proto::Dns: return ServiceType::Other;
@@ -122,6 +124,7 @@ int ProtocolProps::defaultPort(Proto p)
    case Proto::ShadowSocks: return QString(protocols::shadowsocks::defaultPort).toInt();
    case Proto::WireGuard: return QString(protocols::wireguard::defaultPort).toInt();
    case Proto::Awg: return QString(protocols::awg::defaultPort).toInt();
+    case Proto::Xray: return QString(protocols::xray::defaultPort).toInt();
    case Proto::Ikev2: return -1;
    case Proto::L2tp: return -1;

@@ -162,6 +165,8 @@ TransportProto ProtocolProps::defaultTransportProto(Proto p)
    case Proto::Awg: return TransportProto::Udp;
    case Proto::Ikev2: return TransportProto::Udp;
    case Proto::L2tp: return TransportProto::Udp;
+    case Proto::Xray: return TransportProto::Tcp;
+
    // non-vpn
    case Proto::TorWebSite: return TransportProto::Tcp;
    case Proto::Dns: return TransportProto::Udp;
@@ -180,12 +185,15 @@ bool ProtocolProps::defaultTransportProtoChangeable(Proto p)
    case Proto::Awg: return false;
    case Proto::Ikev2: return false;
    case Proto::L2tp: return false;
+    case Proto::Xray: return false;
+
    // non-vpn
    case Proto::TorWebSite: return false;
    case Proto::Dns: return false;
    case Proto::Sftp: return false;
    default: return false;
    }
+    return false;
 }

 QString ProtocolProps::key_proto_config_data(Proto p)
@@ -82,14 +82,20 @@ namespace amnezia
        constexpr char cloak[] = "cloak";
        constexpr char sftp[] = "sftp";
        constexpr char awg[] = "awg";
+        constexpr char xray[] = "xray";

        constexpr char configVersion[] = "config_version";

        constexpr char splitTunnelSites[] = "splitTunnelSites";
        constexpr char splitTunnelType[] = "splitTunnelType";

+        constexpr char splitTunnelApps[] = "splitTunnelApps";
+        constexpr char appSplitTunnelType[] = "appSplitTunnelType";
+
        constexpr char crc[] = "crc";

+        constexpr char clientId[] = "clientId";
+
    }

    namespace protocols
@@ -134,6 +140,20 @@ namespace amnezia
            constexpr char defaultCipher[] = "chacha20-ietf-poly1305";
        }

+        namespace xray
+        {
+            constexpr char serverConfigPath[] = "/opt/amnezia/xray/server.json";
+            constexpr char uuidPath[] = "/opt/amnezia/xray/xray_uuid.key";
+            constexpr char PublicKeyPath[] = "/opt/amnezia/xray/xray_public.key";
+            constexpr char PrivateKeyPath[] = "/opt/amnezia/xray/xray_private.key";
+            constexpr char shortidPath[] = "/opt/amnezia/xray/xray_short_id.key";
+            constexpr char defaultSite[] = "www.googletagmanager.com";
+
+            constexpr char defaultPort[] = "443";
+            constexpr char defaultLocalProxyPort[] = "10808";
+            constexpr char defaultLocalAddr[] = "10.33.0.2";
+        }
+
        namespace cloak
        {
            constexpr char ckPublicKeyPath[] = "/opt/amnezia/cloak/cloak_public.key";
@@ -142,7 +162,6 @@ namespace amnezia
            constexpr char defaultPort[] = "443";
            constexpr char defaultRedirSite[] = "tile.openstreetmap.org";
            constexpr char defaultCipher[] = "chacha20-poly1305";
-
        }

        namespace wireguard
@@ -206,6 +225,7 @@ namespace amnezia
            Awg,
            Ikev2,
            L2tp,
+            Xray,

            // non-vpn
            TorWebSite,
@@ -9,6 +9,7 @@
    #include "openvpnprotocol.h"
    #include "shadowsocksvpnprotocol.h"
    #include "wireguardprotocol.h"
+    #include "xrayprotocol.h"
 #endif

 #ifdef Q_OS_WINDOWS
@@ -114,6 +115,7 @@ VpnProtocol *VpnProtocol::factory(DockerContainer container, const QJsonObject &
    case DockerContainer::ShadowSocks: return new ShadowSocksVpnProtocol(configuration);
    case DockerContainer::WireGuard: return new WireguardProtocol(configuration);
    case DockerContainer::Awg: return new WireguardProtocol(configuration);
+    case DockerContainer::Xray: return new XrayProtocol(configuration);
 #endif
    default: return nullptr;
    }
@@ -0,0 +1,234 @@
+#include "xrayprotocol.h"
+
+#include "utilities.h"
+#include "containers/containers_defs.h"
+#include "core/networkUtilities.h"
+
+#include <QCryptographicHash>
+#include <QJsonDocument>
+#include <QJsonObject>
+#include <QNetworkInterface>
+
+
+XrayProtocol::XrayProtocol(const QJsonObject &configuration, QObject *parent):
+    VpnProtocol(configuration, parent)
+{
+    readXrayConfiguration(configuration);
+    m_routeGateway = NetworkUtilities::getGatewayAndIface();
+    m_vpnGateway = amnezia::protocols::xray::defaultLocalAddr;
+    m_vpnLocalAddress = amnezia::protocols::xray::defaultLocalAddr;
+}
+
+XrayProtocol::~XrayProtocol()
+{
+    XrayProtocol::stop();
+    QThread::msleep(200);
+    m_xrayProcess.close();
+}
+
+ErrorCode XrayProtocol::start()
+{
+    qDebug().noquote() << "XrayProtocol xrayExecPath():" << xrayExecPath();
+
+    if (!QFileInfo::exists(xrayExecPath())) {
+        setLastError(ErrorCode::XrayExecutableMissing);
+        return lastError();
+    }
+
+    if (Utils::processIsRunning(Utils::executable(xrayExecPath(), true))) {
+        Utils::killProcessByName(Utils::executable(xrayExecPath(), true));
+    }
+
+#ifdef QT_DEBUG
+    m_xrayCfgFile.setAutoRemove(false);
+#endif
+    m_xrayCfgFile.open();
+    m_xrayCfgFile.write(QJsonDocument(m_xrayConfig).toJson());
+    m_xrayCfgFile.close();
+
+    QStringList args = QStringList() << "-c" << m_xrayCfgFile.fileName() << "-format=json";
+
+    qDebug().noquote() << "XrayProtocol::start()"
+                       << xrayExecPath() << args.join(" ");
+
+    m_xrayProcess.setProcessChannelMode(QProcess::MergedChannels);
+
+    m_xrayProcess.setProgram(xrayExecPath());
+    m_xrayProcess.setArguments(args);
+
+    connect(&m_xrayProcess, &QProcess::readyReadStandardOutput, this, [this]() {
+#ifdef QT_DEBUG
+        qDebug().noquote() << "xray:" << m_xrayProcess.readAllStandardOutput();
+#endif
+    });
+
+    connect(&m_xrayProcess, QOverload<int, QProcess::ExitStatus>::of(&QProcess::finished), this, [this](int exitCode, QProcess::ExitStatus exitStatus) {
+        qDebug().noquote() << "XrayProtocol finished, exitCode, exiStatus" << exitCode << exitStatus;
+        setConnectionState(Vpn::ConnectionState::Disconnected);
+        if (exitStatus != QProcess::NormalExit) {
+            emit protocolError(amnezia::ErrorCode::XrayExecutableCrashed);
+            stop();
+        }
+        if (exitCode != 0) {
+            emit protocolError(amnezia::ErrorCode::InternalError);
+            stop();
+        }
+    });
+
+    m_xrayProcess.start();
+    m_xrayProcess.waitForStarted();
+
+    if (m_xrayProcess.state() == QProcess::ProcessState::Running) {
+        setConnectionState(Vpn::ConnectionState::Connecting);
+        QThread::msleep(1000);
+        return startTun2Sock();
+    }
+    else return ErrorCode::XrayExecutableMissing;
+}
+
+
+ErrorCode XrayProtocol::startTun2Sock()
+{
+    if (!QFileInfo::exists(Utils::tun2socksPath())) {
+        setLastError(ErrorCode::Tun2SockExecutableMissing);
+        return lastError();
+    }
+
+    m_t2sProcess = IpcClient::CreatePrivilegedProcess();
+
+    if (!m_t2sProcess) {
+        setLastError(ErrorCode::AmneziaServiceConnectionFailed);
+        return ErrorCode::AmneziaServiceConnectionFailed;
+    }
+
+    m_t2sProcess->waitForSource(1000);
+    if (!m_t2sProcess->isInitialized()) {
+        qWarning() << "IpcProcess replica is not connected!";
+        setLastError(ErrorCode::AmneziaServiceConnectionFailed);
+        return ErrorCode::AmneziaServiceConnectionFailed;
+    }
+
+    QString XrayConStr = "socks5://127.0.0.1:" + QString::number(m_localPort);
+
+    m_t2sProcess->setProgram(PermittedProcess::Tun2Socks);
+#ifdef Q_OS_WIN
+    m_configData.insert("inetAdapterIndex", NetworkUtilities::AdapterIndexTo(QHostAddress(m_remoteAddress)));
+    QStringList arguments({"-device", "tun://tun2", "-proxy", XrayConStr, "-tun-post-up",
+                           QString("cmd /c netsh interface ip set address name=\"tun2\" static %1 255.255.255.255").arg(amnezia::protocols::xray::defaultLocalAddr)});
+#endif
+#ifdef Q_OS_LINUX
+    QStringList arguments({"-device", "tun://tun2", "-proxy", XrayConStr});
+#endif
+#ifdef Q_OS_MAC
+    QStringList arguments({"-device", "utun22", "-proxy", XrayConStr});
+#endif
+    m_t2sProcess->setArguments(arguments);
+
+    qDebug() << arguments.join(" ");
+    connect(m_t2sProcess.data(), &PrivilegedProcess::errorOccurred,
+            [&](QProcess::ProcessError error) { qDebug() << "PrivilegedProcess errorOccurred" << error; });
+
+    connect(m_t2sProcess.data(), &PrivilegedProcess::stateChanged,
+            [&](QProcess::ProcessState newState) {
+                qDebug() << "PrivilegedProcess stateChanged" << newState;
+        if (newState == QProcess::Running)
+        {
+            setConnectionState(Vpn::ConnectionState::Connecting);
+            QList<QHostAddress> dnsAddr;
+            dnsAddr.push_back(QHostAddress(m_configData.value(config_key::dns1).toString()));
+            dnsAddr.push_back(QHostAddress(m_configData.value(config_key::dns2).toString()));
+
+#ifdef Q_OS_MACOS
+            QThread::msleep(5000);
+            IpcClient::Interface()->createTun("utun22", amnezia::protocols::xray::defaultLocalAddr);
+            IpcClient::Interface()->updateResolvers("utun22", dnsAddr);
+            IpcClient::Interface()->enableKillSwitch(m_configData, 0);
+#endif
+#ifdef Q_OS_WINDOWS
+            QThread::msleep(15000);
+#endif
+#ifdef Q_OS_LINUX
+            QThread::msleep(1000);
+            IpcClient::Interface()->createTun("tun2", amnezia::protocols::xray::defaultLocalAddr);
+            IpcClient::Interface()->updateResolvers("tun2", dnsAddr);
+            IpcClient::Interface()->enableKillSwitch(m_configData, 0);
+#endif
+            if (m_routeMode == 0) {
+                IpcClient::Interface()->routeAddList(m_vpnGateway, QStringList() << "0.0.0.0/1");
+                IpcClient::Interface()->routeAddList(m_vpnGateway, QStringList() << "128.0.0.0/1");
+                IpcClient::Interface()->routeAddList(m_routeGateway, QStringList() << m_remoteAddress);
+            }
+            IpcClient::Interface()->StopRoutingIpv6();
+#ifdef Q_OS_WIN
+            IpcClient::Interface()->updateResolvers("tun2", dnsAddr);
+            QList<QNetworkInterface> netInterfaces = QNetworkInterface::allInterfaces();
+            for (int i = 0; i < netInterfaces.size(); i++) {
+                for (int j=0; j < netInterfaces.at(i).addressEntries().size(); j++)
+                {
+                    if (m_vpnLocalAddress == netInterfaces.at(i).addressEntries().at(j).ip().toString()) {
+                        IpcClient::Interface()->enableKillSwitch(QJsonObject(), netInterfaces.at(i).index());
+                        m_configData.insert("vpnAdapterIndex", netInterfaces.at(i).index());
+                        m_configData.insert("vpnGateway", m_vpnGateway);
+                        m_configData.insert("vpnServer", m_remoteAddress);
+                        IpcClient::Interface()->enablePeerTraffic(m_configData);
+                    }
+                }
+            }
+#endif
+            setConnectionState(Vpn::ConnectionState::Connected);
+        }
+    });
+
+
+#if !defined(Q_OS_MACOS)
+    connect(m_t2sProcess.data(), &PrivilegedProcess::finished, this,
+            [&]() {
+                setConnectionState(Vpn::ConnectionState::Disconnected);
+                IpcClient::Interface()->deleteTun("tun2");
+                IpcClient::Interface()->StartRoutingIpv6();
+                IpcClient::Interface()->clearSavedRoutes();
+    });
+#endif
+
+    m_t2sProcess->start();
+
+
+    return ErrorCode::NoError;
+}
+
+void XrayProtocol::stop()
+{
+#if defined(Q_OS_WIN) || defined(Q_OS_LINUX) || defined(Q_OS_MACOS)
+    IpcClient::Interface()->disableKillSwitch();
+#endif
+    qDebug() << "XrayProtocol::stop()";
+    m_xrayProcess.terminate();
+    if (m_t2sProcess) {
+        m_t2sProcess->close();
+    }
+
+#ifdef Q_OS_WIN
+    Utils::signalCtrl(m_xrayProcess.processId(), CTRL_C_EVENT);
+#endif
+}
+
+QString XrayProtocol::xrayExecPath()
+{
+#ifdef Q_OS_WIN
+    return Utils::executable(QString("xray/xray"), true);
+#else
+    return Utils::executable(QString("xray"), true);
+#endif
+}
+
+void XrayProtocol::readXrayConfiguration(const QJsonObject &configuration)
+{
+    m_configData = configuration;
+    QJsonObject xrayConfiguration = configuration.value(ProtocolProps::key_proto_config_data(Proto::Xray)).toObject();
+    m_xrayConfig = xrayConfiguration;
+    m_localPort = QString(amnezia::protocols::xray::defaultLocalProxyPort).toInt();
+    m_remoteAddress = configuration.value(amnezia::config_key::hostName).toString();
+    m_routeMode = configuration.value(amnezia::config_key::splitTunnelType).toInt();
+    m_primaryDNS = configuration.value(amnezia::config_key::dns1).toString();
+    m_secondaryDNS = configuration.value(amnezia::config_key::dns2).toString();
+}
@@ -0,0 +1,41 @@
+#ifndef XRAYPROTOCOL_H
+#define XRAYPROTOCOL_H
+
+#include "openvpnprotocol.h"
+#include "QProcess"
+#include "containers/containers_defs.h"
+
+class XrayProtocol : public VpnProtocol
+{
+public:
+    XrayProtocol(const QJsonObject& configuration, QObject* parent = nullptr);
+    virtual ~XrayProtocol() override;
+
+    ErrorCode start() override;
+    ErrorCode startTun2Sock();
+    void stop() override;
+
+protected:
+    void readXrayConfiguration(const QJsonObject &configuration);
+
+protected:
+    QJsonObject m_xrayConfig;
+
+private:
+    static QString xrayExecPath();
+    static QString tun2SocksExecPath();
+private:
+    int m_localPort;
+    QString m_remoteAddress;
+    int m_routeMode;
+    QJsonObject m_configData;
+    QString m_primaryDNS;
+    QString m_secondaryDNS;
+#ifndef Q_OS_IOS
+    QProcess m_xrayProcess;
+    QSharedPointer<PrivilegedProcess> m_t2sProcess;
+#endif
+    QTemporaryFile m_xrayCfgFile;
+};
+
+#endif // XRAYPROTOCOL_H
@@ -198,6 +198,7 @@
        <file>ui/qml/Pages2/PageProtocolOpenVpnSettings.qml</file>
        <file>ui/qml/Pages2/PageProtocolShadowSocksSettings.qml</file>
        <file>ui/qml/Pages2/PageProtocolCloakSettings.qml</file>
+        <file>ui/qml/Pages2/PageProtocolXraySettings.qml</file>        
        <file>ui/qml/Pages2/PageProtocolRaw.qml</file>
        <file>ui/qml/Pages2/PageSettingsLogging.qml</file>
        <file>ui/qml/Pages2/PageServiceSftpSettings.qml</file>
@@ -224,9 +225,19 @@
        <file>ui/qml/Pages2/PageShareFullAccess.qml</file>
        <file>images/controls/close.svg</file>
        <file>images/controls/search.svg</file>
+        <file>server_scripts/xray/configure_container.sh</file>
+        <file>server_scripts/xray/Dockerfile</file>
+        <file>server_scripts/xray/run_container.sh</file>
+        <file>server_scripts/xray/start.sh</file>
+        <file>server_scripts/xray/template.json</file>
        <file>ui/qml/Pages2/PageProtocolWireGuardSettings.qml</file>
        <file>ui/qml/Components/HomeSplitTunnelingDrawer.qml</file>
        <file>images/controls/split-tunneling.svg</file>
        <file>ui/qml/Controls2/DrawerType2.qml</file>
+        <file>ui/qml/Pages2/PageSettingsAppSplitTunneling.qml</file>
+        <file>ui/qml/Components/InstalledAppsDrawer.qml</file>
+        <file>images/controls/alert-circle.svg</file>
+        <file>images/controls/file-check-2.svg</file>
+        <file>ui/qml/Controls2/WarningType.qml</file>
    </qresource>
 </RCC>
@@ -16,6 +16,12 @@

 using namespace QKeychain;

+namespace {
+constexpr auto settingsKeyTag{"settingsKeyTag"};
+constexpr auto settingsIvTag{"settingsIvTag"};
+constexpr auto keyChainName{"AmneziaVPN-Keychain"};
+}
+
 SecureQSettings::SecureQSettings(const QString &organization, const QString &application, QObject *parent)
    : QObject { parent }, m_settings(organization, application, parent), encryptedKeys({ "Servers/serversList" })
 {
@@ -50,7 +56,7 @@ QVariant SecureQSettings::value(const QString &key, const QVariant &defaultValue
    // check if value is not encrypted, v. < 2.0.x
    retVal = m_settings.value(key);
    if (retVal.isValid()) {
-        if (retVal.userType() == QVariant::ByteArray && retVal.toByteArray().mid(0, magicString.size()) == magicString) {
+        if (retVal.userType() == QMetaType::QByteArray && retVal.toByteArray().mid(0, magicString.size()) == magicString) {

            if (getEncKey().isEmpty() || getEncIv().isEmpty()) {
                qCritical() << "SecureQSettings::setValue Decryption requested, but key is empty";
@@ -8,10 +8,6 @@

 #include "keychain.h"

-constexpr const char *settingsKeyTag = "settingsKeyTag";
-constexpr const char *settingsIvTag = "settingsIvTag";
-constexpr const char *keyChainName = "AmneziaVPN-Keychain";
-
 class SecureQSettings : public QObject
 {
    Q_OBJECT
@@ -44,7 +40,7 @@ public:
 private:
    QSettings m_settings;

-    mutable QMap<QString, QVariant> m_cache;
+    mutable QHash<QString, QVariant> m_cache;

    QStringList encryptedKeys; // encode only key listed here

@@ -0,0 +1,53 @@
+FROM alpine:3.15
+LABEL maintainer="AmneziaVPN"
+
+ARG XRAY_RELEASE="v1.8.6"
+
+RUN apk add --no-cache curl unzip bash openssl netcat-openbsd dumb-init rng-tools xz
+RUN apk --update upgrade --no-cache
+
+RUN mkdir -p /opt/amnezia
+RUN echo -e "#!/bin/bash\ntail -f /dev/null" > /opt/amnezia/start.sh
+RUN chmod a+x /opt/amnezia/start.sh
+
+RUN mkdir -p /opt/amnezia/xray
+
+RUN curl -L https://github.com/XTLS/Xray-core/releases/download/${XRAY_RELEASE}/Xray-linux-64.zip > /root/xray.zip;\
+  unzip /root/xray.zip -d /usr/bin/;\
+  chmod a+x /usr/bin/xray;
+
+# Tune network  
+RUN echo -e " \n\
+  fs.file-max = 51200 \n\
+  \n\
+  net.core.rmem_max = 67108864 \n\
+  net.core.wmem_max = 67108864 \n\
+  net.core.netdev_max_backlog = 250000 \n\
+  net.core.somaxconn = 4096 \n\
+  net.core.default_qdisc=fq \n\
+  \n\
+  net.ipv4.tcp_syncookies = 1 \n\
+  net.ipv4.tcp_tw_reuse = 1 \n\
+  net.ipv4.tcp_tw_recycle = 0 \n\
+  net.ipv4.tcp_fin_timeout = 30 \n\
+  net.ipv4.tcp_keepalive_time = 1200 \n\
+  net.ipv4.ip_local_port_range = 10000 65000 \n\
+  net.ipv4.tcp_max_syn_backlog = 8192 \n\
+  net.ipv4.tcp_max_tw_buckets = 5000 \n\
+  net.ipv4.tcp_fastopen = 3 \n\
+  net.ipv4.tcp_mem = 25600 51200 102400 \n\
+  net.ipv4.tcp_rmem = 4096 87380 67108864 \n\
+  net.ipv4.tcp_wmem = 4096 65536 67108864 \n\
+  net.ipv4.tcp_mtu_probing = 1 \n\
+  net.ipv4.tcp_congestion_control = bbr \n\
+  " | sed -e 's/^\s\+//g' | tee -a /etc/sysctl.conf && \
+  mkdir -p /etc/security && \
+  echo -e " \n\
+  * soft nofile 51200 \n\
+  * hard nofile 51200 \n\
+  " | sed -e 's/^\s\+//g' | tee -a /etc/security/limits.conf  
+
+ENV TZ=Asia/Shanghai
+
+ENTRYPOINT [ "dumb-init", "/opt/amnezia/start.sh" ]
+
@@ -0,0 +1,67 @@
+cd /opt/amnezia/xray
+XRAY_CLIENT_ID=$(xray uuid) && echo $XRAY_CLIENT_ID > /opt/amnezia/xray/xray_uuid.key
+XRAY_SHORT_ID=$(openssl rand -hex 8) && echo $XRAY_SHORT_ID > /opt/amnezia/xray/xray_short_id.key
+
+KEYPAIR=$(xray x25519)
+LINE_NUM=1
+while IFS= read -r line; do
+   if [[ $LINE_NUM -gt 1 ]]
+      then
+           IFS=":" read FIST XRAY_PUBLIC_KEY <<< "$line"
+      else
+      	   LINE_NUM=$((LINE_NUM + 1))
+           IFS=":" read FIST XRAY_PRIVATE_KEY <<< "$line"
+      fi
+done <<< "$KEYPAIR"
+
+XRAY_PRIVATE_KEY=$(echo $XRAY_PRIVATE_KEY | tr -d ' ')
+XRAY_PUBLIC_KEY=$(echo $XRAY_PUBLIC_KEY | tr -d ' ')
+
+
+echo $XRAY_PUBLIC_KEY > /opt/amnezia/xray/xray_public.key
+echo $XRAY_PRIVATE_KEY > /opt/amnezia/xray/xray_private.key
+
+
+cat > /opt/amnezia/xray/server.json <<EOF
+{
+    "log": {
+        "loglevel": "error"
+    },
+    "inbounds": [
+        {
+            "port": 443,
+            "protocol": "vless",
+            "settings": {
+                "clients": [
+                    {
+                        "id": "$XRAY_CLIENT_ID",
+                        "flow": "xtls-rprx-vision"
+                    }
+                ],
+                "decryption": "none"
+            },
+            "streamSettings": {
+                "network": "tcp",
+                "security": "reality",
+                "realitySettings": {
+                    "dest": "$XRAY_SITE_NAME:443",
+                    "serverNames": [
+                        "$XRAY_SITE_NAME"
+                    ],
+                    "privateKey": "$XRAY_PRIVATE_KEY",
+                    "shortIds": [
+                        "$XRAY_SHORT_ID"
+                    ]
+                }
+            }
+        }
+    ],
+    "outbounds": [
+        {
+            "protocol": "freedom"
+        }
+    ]
+}
+EOF
+
+
@@ -0,0 +1,17 @@
+# Run container
+sudo docker run -d \
+--privileged \
+--log-driver none \
+--restart always \
+--cap-add=NET_ADMIN \
+-p 443:443/tcp \
+--name $CONTAINER_NAME $CONTAINER_NAME
+
+sudo docker network connect amnezia-dns-net $CONTAINER_NAME
+
+# Create tun device if not exist
+sudo docker exec -i $CONTAINER_NAME bash -c 'mkdir -p /dev/net; if [ ! -c /dev/net/tun ]; then mknod /dev/net/tun c 10 200; fi'
+
+# Prevent to route packets outside of the container in case if server behind of the NAT
+sudo docker exec -i $CONTAINER_NAME sh -c "ifconfig eth0:0 $SERVER_IP_ADDRESS netmask 255.255.255.255 up"
+
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+# This scripts copied from Amnezia client to Docker container to /opt/amnezia and launched every time container starts
+
+echo "Container startup"
+ifconfig eth0:0 $SERVER_IP_ADDRESS netmask 255.255.255.255 up
+
+iptables -A INPUT -i lo -j ACCEPT
+iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+iptables -A INPUT -p icmp -j ACCEPT
+iptables -A INPUT -p tcp --dport 80 -j ACCEPT
+iptables -A INPUT -p tcp --dport 443 -j ACCEPT
+iptables -P INPUT DROP
+
+ip6tables -A INPUT -i lo -j ACCEPT
+ip6tables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+ip6tables -A INPUT -p ipv6-icmp -j ACCEPT
+ip6tables -P INPUT DROP
+
+# kill daemons in case of restart
+killall -KILL xray
+
+# start daemons if configured
+if [ -f /opt/amnezia/xray/server.json ]; then (xray -config /opt/amnezia/xray/server.json); fi
+
+tail -f /dev/null
@@ -0,0 +1,46 @@
+{
+    "log": {
+        "loglevel": "error"
+    },
+    "inbounds": [
+        {
+            "listen": "127.0.0.1",
+            "port": 10808,
+            "protocol": "socks",
+            "settings": {
+                "udp": true
+            }
+        }
+    ],
+    "outbounds": [
+        {
+            "protocol": "vless",
+            "settings": {
+                "vnext": [
+                    {
+                        "address": "$SERVER_IP_ADDRESS",
+                        "port": 443,
+                        "users": [
+                            {
+                                "id": "$XRAY_CLIENT_ID",
+                                "flow": "xtls-rprx-vision",
+                                "encryption": "none"
+                            }
+                        ]
+                    }
+                ]
+            },
+            "streamSettings": {
+                "network": "tcp",
+                "security": "reality",
+                "realitySettings": {
+                    "fingerprint": "chrome",
+                    "serverName": "$XRAY_SITE_NAME",
+                    "publicKey": "$XRAY_PUBLIC_KEY",
+                    "shortId": "$XRAY_SHORT_ID",
+                    "spiderX": ""
+                }
+            }
+        }
+    ]
+}
@@ -3,7 +3,7 @@
 #include "QThread"
 #include "QCoreApplication"

-#include "utilities.h"
+#include "core/networkUtilities.h"
 #include "version.h"

 #include "containers/containers_defs.h"
@@ -288,9 +288,9 @@ QStringList Settings::getVpnIps(RouteMode mode) const
    QStringList ips;
    const QVariantMap &m = vpnSites(mode);
    for (auto i = m.constBegin(); i != m.constEnd(); ++i) {
-        if (Utils::checkIpSubnetFormat(i.key())) {
+        if (NetworkUtilities::checkIpSubnetFormat(i.key())) {
            ips.append(i.key());
-        } else if (Utils::checkIpSubnetFormat(i.value().toString())) {
+        } else if (NetworkUtilities::checkIpSubnetFormat(i.value().toString())) {
            ips.append(i.value().toString());
        }
    }
@@ -355,6 +355,54 @@ void Settings::clearSettings()
    emit settingsCleared();
 }

+QString Settings::appsRouteModeString(AppsRouteMode mode) const
+{
+    switch (mode) {
+    case VpnAllApps: return "AllApps";
+    case VpnOnlyForwardApps: return "ForwardApps";
+    case VpnAllExceptApps: return "ExceptApps";
+    }
+}
+
+Settings::AppsRouteMode Settings::getAppsRouteMode() const
+{
+    return static_cast<AppsRouteMode>(value("Conf/appsRouteMode", 0).toInt());
+}
+
+void Settings::setAppsRouteMode(AppsRouteMode mode)
+{
+    setValue("Conf/appsRouteMode", mode);
+}
+
+QVector<InstalledAppInfo> Settings::getVpnApps(AppsRouteMode mode) const
+{
+    QVector<InstalledAppInfo> apps;
+    auto appsArray = value("Conf/" + appsRouteModeString(mode)).toJsonArray();
+    for (const auto &app : appsArray) {
+        InstalledAppInfo appInfo;
+        appInfo.appName = app.toObject().value("appName").toString();
+        appInfo.packageName = app.toObject().value("packageName").toString();
+        appInfo.appPath = app.toObject().value("appPath").toString();
+
+        apps.push_back(appInfo);
+    }
+    return apps;
+}
+
+void Settings::setVpnApps(AppsRouteMode mode, const QVector<InstalledAppInfo> &apps)
+{
+    QJsonArray appsArray;
+    for (const auto &app : apps) {
+        QJsonObject appInfo;
+        appInfo.insert("appName", app.appName);
+        appInfo.insert("packageName", app.packageName);
+        appInfo.insert("appPath", app.appPath);
+        appsArray.push_back(appInfo);
+    }
+    setValue("Conf/" + appsRouteModeString(mode), appsArray);
+    m_settings.sync();
+}
+
 ServerCredentials Settings::defaultServerCredentials() const
 {
    return serverCredentials(defaultServerIndex());
@@ -193,6 +193,21 @@ public:

    void clearSettings();

+    enum AppsRouteMode {
+        VpnAllApps,
+        VpnOnlyForwardApps,
+        VpnAllExceptApps
+    };
+    Q_ENUM(AppsRouteMode)
+
+    QString appsRouteModeString(AppsRouteMode mode) const;
+
+    AppsRouteMode getAppsRouteMode() const;
+    void setAppsRouteMode(AppsRouteMode mode);
+
+    QVector<InstalledAppInfo> getVpnApps(AppsRouteMode mode) const;
+    void setVpnApps(AppsRouteMode mode, const QVector<InstalledAppInfo> &apps);
+
 signals:
    void saveLogsChanged(bool enabled);
    void screenshotsEnabledChanged(bool enabled);
@@ -0,0 +1,50 @@
+#include "appSplitTunnelingController.h"
+
+#include <QFileInfo>
+
+#include "core/defs.h"
+
+AppSplitTunnelingController::AppSplitTunnelingController(const std::shared_ptr<Settings> &settings,
+                                                         const QSharedPointer<AppSplitTunnelingModel> &appSplitTunnelingModel, QObject *parent)
+    : QObject(parent), m_settings(settings), m_appSplitTunnelingModel(appSplitTunnelingModel)
+{
+}
+
+void AppSplitTunnelingController::addApp(const QString &appPath)
+{
+
+    InstalledAppInfo appInfo { "", "", appPath };
+    if (!appPath.isEmpty()) {
+        QFileInfo fileInfo(appPath);
+        appInfo.appName = fileInfo.fileName();
+    }
+
+    if (m_appSplitTunnelingModel->addApp(appInfo)) {
+        emit finished(tr("Application added: %1").arg(appInfo.appName));
+
+    } else {
+        emit errorOccurred(tr("The application has already been added"));
+    }
+}
+
+void AppSplitTunnelingController::addApps(QVector<QPair<QString, QString>> apps)
+{
+    qDebug() << apps;
+    for (const auto &app : apps) {
+        InstalledAppInfo appInfo { app.first, app.second, "" };
+
+        m_appSplitTunnelingModel->addApp(appInfo);
+    }
+    emit finished(tr("The selected applications have been added"));
+}
+
+void AppSplitTunnelingController::removeApp(const int index)
+{
+    auto modelIndex = m_appSplitTunnelingModel->index(index);
+    auto appPath = m_appSplitTunnelingModel->data(modelIndex, AppSplitTunnelingModel::Roles::AppPathRole).toString();
+    m_appSplitTunnelingModel->removeApp(modelIndex);
+
+    QFileInfo fileInfo(appPath);
+
+    emit finished(tr("Application removed: %1").arg(fileInfo.fileName()));
+}
@@ -0,0 +1,31 @@
+#ifndef APPSPLITTUNNELINGCONTROLLER_H
+#define APPSPLITTUNNELINGCONTROLLER_H
+
+#include <QObject>
+
+#include "settings.h"
+#include "ui/models/appSplitTunnelingModel.h"
+
+class AppSplitTunnelingController : public QObject
+{
+    Q_OBJECT
+public:
+    explicit AppSplitTunnelingController(const std::shared_ptr<Settings> &settings,
+                                         const QSharedPointer<AppSplitTunnelingModel> &sitesModel, QObject *parent = nullptr);
+
+public slots:
+    void addApp(const QString &appPath);
+    void addApps(QVector<QPair<QString, QString>> apps);
+    void removeApp(const int index);
+
+signals:
+    void errorOccurred(const QString &errorMessage);
+    void finished(const QString &message);
+
+private:
+    std::shared_ptr<Settings> m_settings;
+
+    QSharedPointer<AppSplitTunnelingModel> m_appSplitTunnelingModel;
+};
+
+#endif // APPSPLITTUNNELINGCONTROLLER_H
@@ -5,13 +5,23 @@
 #else
    #include <QApplication>
 #endif
+#include <QtConcurrent>

+#include "core/controllers/apiController.h"
+#include "core/controllers/vpnConfigurationController.h"
 #include "core/errorstrings.h"

 ConnectionController::ConnectionController(const QSharedPointer<ServersModel> &serversModel,
                                           const QSharedPointer<ContainersModel> &containersModel,
-                                           const QSharedPointer<VpnConnection> &vpnConnection, QObject *parent)
-    : QObject(parent), m_serversModel(serversModel), m_containersModel(containersModel), m_vpnConnection(vpnConnection)
+                                           const QSharedPointer<ClientManagementModel> &clientManagementModel,
+                                           const QSharedPointer<VpnConnection> &vpnConnection,
+                                           const std::shared_ptr<Settings> &settings, QObject *parent)
+    : QObject(parent),
+      m_serversModel(serversModel),
+      m_containersModel(containersModel),
+      m_clientManagementModel(clientManagementModel),
+      m_vpnConnection(vpnConnection),
+      m_settings(settings)
 {
    connect(m_vpnConnection.get(), &VpnConnection::connectionStateChanged, this,
            &ConnectionController::onConnectionStateChanged);
@@ -26,16 +36,31 @@ ConnectionController::ConnectionController(const QSharedPointer<ServersModel> &s
 void ConnectionController::openConnection()
 {
    int serverIndex = m_serversModel->getDefaultServerIndex();
+    auto serverConfig = m_serversModel->getServerConfig(serverIndex);
+
+    ErrorCode errorCode = ErrorCode::NoError;
+
+    emit m_vpnConnection->connectionStateChanged(Vpn::ConnectionState::Preparing);
+
+    if (serverConfig.value(config_key::configVersion).toInt()
+        && !m_serversModel->data(serverIndex, ServersModel::Roles::HasInstalledContainers).toBool()) {
+        ApiController apiController;
+        errorCode = apiController.updateServerConfigFromApi(serverConfig);
+        if (errorCode != ErrorCode::NoError) {
+            emit connectionErrorOccurred(errorString(errorCode));
+            return;
+        }
+        m_serversModel->editServer(serverConfig, serverIndex);
+    }

    if (!m_serversModel->data(serverIndex, ServersModel::Roles::HasInstalledContainers).toBool()) {
        emit noInstalledContainers();
+        emit m_vpnConnection->connectionStateChanged(Vpn::ConnectionState::Disconnected);
        return;
    }

-    ServerCredentials credentials = m_serversModel->getServerCredentials(serverIndex);
-
-    DockerContainer container = qvariant_cast<DockerContainer>(m_serversModel->data(serverIndex, ServersModel::Roles::DefaultContainerRole));
-    const QJsonObject &containerConfig = m_containersModel->getContainerConfig(container);
+    DockerContainer container =
+            qvariant_cast<DockerContainer>(m_serversModel->data(serverIndex, ServersModel::Roles::DefaultContainerRole));

    if (container == DockerContainer::None) {
        emit connectionErrorOccurred(tr("VPN Protocols is not installed.\n Please install VPN container at first"));
@@ -44,7 +69,27 @@ void ConnectionController::openConnection()

    qApp->processEvents();

-    emit connectToVpn(serverIndex, credentials, container, containerConfig);
+    VpnConfigurationsController vpnConfigurationController(m_settings);
+
+    QJsonObject containerConfig = m_containersModel->getContainerConfig(container);
+    ServerCredentials credentials = m_serversModel->getServerCredentials(serverIndex);
+    errorCode = updateProtocolConfig(container, credentials, containerConfig);
+    if (errorCode != ErrorCode::NoError) {
+        emit connectionErrorOccurred(errorString(errorCode));
+        return;
+    }
+
+    auto dns = m_serversModel->getDnsPair(serverIndex);
+    serverConfig = m_serversModel->getServerConfig(serverIndex);
+
+    auto vpnConfiguration =
+            vpnConfigurationController.createVpnConfiguration(dns, serverConfig, containerConfig, container, errorCode);
+    if (errorCode != ErrorCode::NoError) {
+        emit connectionErrorOccurred(tr("unable to create configuration"));
+        return;
+    }
+
+    emit connectToVpn(serverIndex, credentials, container, vpnConfiguration);
 }

 void ConnectionController::closeConnection()
@@ -91,6 +136,7 @@ void ConnectionController::onConnectionStateChanged(Vpn::ConnectionState state)
    }
    case Vpn::ConnectionState::Preparing: {
        m_isConnectionInProgress = true;
+        m_connectionStateText = tr("Preparing...");
        break;
    }
    case Vpn::ConnectionState::Error: {
@@ -135,9 +181,14 @@ QString ConnectionController::connectionStateText() const
    return m_connectionStateText;
 }

-void ConnectionController::toggleConnection(bool skipConnectionInProgressCheck)
+void ConnectionController::toggleConnection()
 {
-    if (!skipConnectionInProgressCheck && isConnectionInProgress()) {
+    if (m_state == Vpn::ConnectionState::Preparing) {
+        emit preparingConfig();
+        return;
+    }
+
+    if (isConnectionInProgress()) {
        closeConnection();
    } else if (isConnected()) {
        closeConnection();
@@ -155,3 +206,51 @@ bool ConnectionController::isConnected() const
 {
    return m_isConnected;
 }
+
+bool ConnectionController::isProtocolConfigExists(const QJsonObject &containerConfig, const DockerContainer container)
+{
+    for (Proto protocol : ContainerProps::protocolsForContainer(container)) {
+        QString protocolConfig = containerConfig.value(ProtocolProps::protoToString(protocol))
+                                         .toObject()
+                                         .value(config_key::last_config)
+                                         .toString();
+
+        if (protocolConfig.isEmpty()) {
+            return false;
+        }
+    }
+    return true;
+}
+
+ErrorCode ConnectionController::updateProtocolConfig(const DockerContainer container,
+                                                     const ServerCredentials &credentials, QJsonObject &containerConfig)
+{
+    QFutureWatcher<ErrorCode> watcher;
+
+    QFuture<ErrorCode> future = QtConcurrent::run([this, container, &credentials, &containerConfig]() {
+        ErrorCode errorCode = ErrorCode::NoError;
+        if (!isProtocolConfigExists(containerConfig, container)) {
+            VpnConfigurationsController vpnConfigurationController(m_settings);
+            errorCode =
+                    vpnConfigurationController.createProtocolConfigForContainer(credentials, container, containerConfig);
+            if (errorCode != ErrorCode::NoError) {
+                return errorCode;
+            }
+            m_serversModel->updateContainerConfig(container, containerConfig);
+
+            errorCode = m_clientManagementModel->appendClient(container, credentials, containerConfig,
+                                                              QString("Admin [%1]").arg(QSysInfo::prettyProductName()));
+            if (errorCode != ErrorCode::NoError) {
+                return errorCode;
+            }
+        }
+        return errorCode;
+    });
+
+    QEventLoop wait;
+    connect(&watcher, &QFutureWatcher<ErrorCode>::finished, &wait, &QEventLoop::quit);
+    watcher.setFuture(future);
+    wait.exec();
+
+    return watcher.result();
+}
@@ -2,6 +2,7 @@
 #define CONNECTIONCONTROLLER_H

 #include "protocols/vpnprotocol.h"
+#include "ui/models/clientManagementModel.h"
 #include "ui/models/containers_model.h"
 #include "ui/models/servers_model.h"
 #include "vpnconnection.h"
@@ -17,7 +18,9 @@ public:

    explicit ConnectionController(const QSharedPointer<ServersModel> &serversModel,
                                  const QSharedPointer<ContainersModel> &containersModel,
-                                  const QSharedPointer<VpnConnection> &vpnConnection, QObject *parent = nullptr);
+                                  const QSharedPointer<ClientManagementModel> &clientManagementModel,
+                                  const QSharedPointer<VpnConnection> &vpnConnection,
+                                  const std::shared_ptr<Settings> &settings, QObject *parent = nullptr);

    ~ConnectionController() = default;

@@ -26,7 +29,7 @@ public:
    QString connectionStateText() const;

 public slots:
-    void toggleConnection(bool skipConnectionInProgressCheck);
+    void toggleConnection();

    void openConnection();
    void closeConnection();
@@ -38,9 +41,12 @@ public slots:

    void onTranslationsUpdated();

+    ErrorCode updateProtocolConfig(const DockerContainer container, const ServerCredentials &credentials,
+                                   QJsonObject &containerConfig);
+
 signals:
    void connectToVpn(int serverIndex, const ServerCredentials &credentials, DockerContainer container,
-                      const QJsonObject &containerConfig);
+                      const QJsonObject &vpnConfiguration);
    void disconnectFromVpn();
    void connectionStateChanged();

@@ -49,14 +55,21 @@ signals:

    void noInstalledContainers();

+    void connectButtonClicked();
+    void preparingConfig();
+
 private:
    Vpn::ConnectionState getCurrentConnectionState();
+    bool isProtocolConfigExists(const QJsonObject &containerConfig, const DockerContainer container);

    QSharedPointer<ServersModel> m_serversModel;
    QSharedPointer<ContainersModel> m_containersModel;
+    QSharedPointer<ClientManagementModel> m_clientManagementModel;

    QSharedPointer<VpnConnection> m_vpnConnection;

+    std::shared_ptr<Settings> m_settings;
+
    bool m_isConnected = false;
    bool m_isConnectionInProgress = false;
    QString m_connectionStateText = tr("Connect");
@@ -8,11 +8,7 @@
 #include <QImage>
 #include <QStandardPaths>

-#include "configurators/awg_configurator.h"
-#include "configurators/cloak_configurator.h"
-#include "configurators/openvpn_configurator.h"
-#include "configurators/shadowsocks_configurator.h"
-#include "configurators/wireguard_configurator.h"
+#include "core/controllers/vpnConfigurationController.h"
 #include "core/errorstrings.h"
 #include "systemController.h"
 #ifdef Q_OS_ANDROID
@@ -20,25 +16,20 @@
 #endif
 #include "qrcodegen.hpp"

-ExportController::ExportController(const QSharedPointer<ServersModel> &serversModel,
-                                   const QSharedPointer<ContainersModel> &containersModel,
+ExportController::ExportController(const QSharedPointer<ServersModel> &serversModel, const QSharedPointer<ContainersModel> &containersModel,
                                   const QSharedPointer<ClientManagementModel> &clientManagementModel,
-                                   const std::shared_ptr<Settings> &settings,
-                                   const std::shared_ptr<VpnConfigurator> &configurator, QObject *parent)
+                                   const std::shared_ptr<Settings> &settings, QObject *parent)
    : QObject(parent),
      m_serversModel(serversModel),
      m_containersModel(containersModel),
      m_clientManagementModel(clientManagementModel),
-      m_settings(settings),
-      m_configurator(configurator)
+      m_settings(settings)
 {
 #ifdef Q_OS_ANDROID
    m_authResultNotifier.reset(new AuthResultNotifier);
    m_authResultReceiver.reset(new AuthResultReceiver(m_authResultNotifier));
-    connect(m_authResultNotifier.get(), &AuthResultNotifier::authFailed, this,
-            [this]() { emit exportErrorOccurred(tr("Access error!")); });
-    connect(m_authResultNotifier.get(), &AuthResultNotifier::authSuccessful, this,
-            &ExportController::generateFullAccessConfig);
+    connect(m_authResultNotifier.get(), &AuthResultNotifier::authFailed, this, [this]() { emit exportErrorOccurred(tr("Access error!")); });
+    connect(m_authResultNotifier.get(), &AuthResultNotifier::authSuccessful, this, &ExportController::generateFullAccessConfig);
 #endif
 }

@@ -47,9 +38,9 @@ void ExportController::generateFullAccessConfig()
    clearPreviousConfig();

    int serverIndex = m_serversModel->getProcessedServerIndex();
-    QJsonObject config = m_settings->server(serverIndex);
+    QJsonObject serverConfig = m_serversModel->getServerConfig(serverIndex);

-    QJsonArray containers = config.value(config_key::containers).toArray();
+    QJsonArray containers = serverConfig.value(config_key::containers).toArray();
    for (auto i = 0; i < containers.size(); i++) {
        auto containerConfig = containers.at(i).toObject();
        auto containerType = ContainerProps::containerFromString(containerConfig.value(config_key::container).toString());
@@ -63,13 +54,11 @@ void ExportController::generateFullAccessConfig()

        containers.replace(i, containerConfig);
    }
-    config[config_key::containers] = containers;
+    serverConfig[config_key::containers] = containers;

-    QByteArray compressedConfig = QJsonDocument(config).toJson();
+    QByteArray compressedConfig = QJsonDocument(serverConfig).toJson();
    compressedConfig = qCompress(compressedConfig, 8);
-    m_config = QString("vpn://%1")
-                       .arg(QString(compressedConfig.toBase64(QByteArray::Base64UrlEncoding
-                                                              | QByteArray::OmitTrailingEquals)));
+    m_config = QString("vpn://%1").arg(QString(compressedConfig.toBase64(QByteArray::Base64UrlEncoding | QByteArray::OmitTrailingEquals)));

    m_qrCodes = generateQrCodeImageSeries(compressedConfig);
    emit exportConfigChanged();
@@ -83,8 +72,7 @@ void ExportController::generateFullAccessConfigAndroid()
    auto appContext = activity.callObjectMethod("getApplicationContext", "()Landroid/content/Context;");
    if (appContext.isValid()) {
        auto intent = QJniObject::callStaticObjectMethod("org/amnezia/vpn/AuthHelper", "getAuthIntent",
-                                                         "(Landroid/content/Context;)Landroid/content/Intent;",
-                                                         appContext.object());
+                                                         "(Landroid/content/Context;)Landroid/content/Intent;", appContext.object());
        if (intent.isValid()) {
            if (intent.object<jobject>() != nullptr) {
                QtAndroidPrivate::startActivity(intent.object<jobject>(), 1, m_authResultReceiver.get());
@@ -103,116 +91,108 @@ void ExportController::generateConnectionConfig(const QString &clientName)
    int serverIndex = m_serversModel->getProcessedServerIndex();
    ServerCredentials credentials = m_serversModel->getServerCredentials(serverIndex);

-    DockerContainer container = static_cast<DockerContainer>(m_containersModel->getCurrentlyProcessedContainerIndex());
+    DockerContainer container = static_cast<DockerContainer>(m_containersModel->getProcessedContainerIndex());
    QJsonObject containerConfig = m_containersModel->getContainerConfig(container);
    containerConfig.insert(config_key::container, ContainerProps::containerToString(container));

-    ErrorCode errorCode = ErrorCode::NoError;
-    for (Proto protocol : ContainerProps::protocolsForContainer(container)) {
-        QJsonObject protocolConfig = m_settings->protocolConfig(serverIndex, container, protocol);
+    VpnConfigurationsController vpnConfigurationController(m_settings);
+    ErrorCode errorCode = vpnConfigurationController.createProtocolConfigForContainer(credentials, container, containerConfig);

-        QString clientId;
-        QString vpnConfig = m_configurator->genVpnProtocolConfig(credentials, container, containerConfig, protocol,
-                                                                 clientId, &errorCode);
-        if (errorCode) {
-            emit exportErrorOccurred(errorString(errorCode));
-            return;
-        }
-        protocolConfig.insert(config_key::last_config, vpnConfig);
-        containerConfig.insert(ProtocolProps::protoToString(protocol), protocolConfig);
-        if (protocol == Proto::OpenVpn || protocol == Proto::Awg || protocol == Proto::WireGuard) {
-            errorCode = m_clientManagementModel->appendClient(clientId, clientName, container, credentials);
-            if (errorCode) {
-                emit exportErrorOccurred(errorString(errorCode));
-                return;
-            }
-        }
+    errorCode = m_clientManagementModel->appendClient(container, credentials, containerConfig, clientName);
+    if (errorCode != ErrorCode::NoError) {
+        emit exportErrorOccurred(errorString(errorCode));
+        return;
    }

-    QJsonObject config = m_settings->server(serverIndex); // todo change to servers_model
+    QJsonObject serverConfig = m_serversModel->getServerConfig(serverIndex);
    if (!errorCode) {
-        config.remove(config_key::userName);
-        config.remove(config_key::password);
-        config.remove(config_key::port);
-        config.insert(config_key::containers, QJsonArray { containerConfig });
-        config.insert(config_key::defaultContainer, ContainerProps::containerToString(container));
+        serverConfig.remove(config_key::userName);
+        serverConfig.remove(config_key::password);
+        serverConfig.remove(config_key::port);
+        serverConfig.insert(config_key::containers, QJsonArray { containerConfig });
+        serverConfig.insert(config_key::defaultContainer, ContainerProps::containerToString(container));

-        auto dns = m_configurator->getDnsForConfig(serverIndex);
-        config.insert(config_key::dns1, dns.first);
-        config.insert(config_key::dns2, dns.second);
+        auto dns = m_serversModel->getDnsPair(serverIndex);
+        serverConfig.insert(config_key::dns1, dns.first);
+        serverConfig.insert(config_key::dns2, dns.second);
    }

-    QByteArray compressedConfig = QJsonDocument(config).toJson();
+    QByteArray compressedConfig = QJsonDocument(serverConfig).toJson();
    compressedConfig = qCompress(compressedConfig, 8);
-    m_config = QString("vpn://%1")
-                       .arg(QString(compressedConfig.toBase64(QByteArray::Base64UrlEncoding
-                                                              | QByteArray::OmitTrailingEquals)));
+    m_config = QString("vpn://%1").arg(QString(compressedConfig.toBase64(QByteArray::Base64UrlEncoding | QByteArray::OmitTrailingEquals)));

    m_qrCodes = generateQrCodeImageSeries(compressedConfig);
    emit exportConfigChanged();
 }

-void ExportController::generateOpenVpnConfig(const QString &clientName)
+ErrorCode ExportController::generateNativeConfig(const DockerContainer container, const QString &clientName, const Proto &protocol,
+                                                 QJsonObject &jsonNativeConfig)
 {
    clearPreviousConfig();

    int serverIndex = m_serversModel->getProcessedServerIndex();
    ServerCredentials credentials = m_serversModel->getServerCredentials(serverIndex);
+    auto dns = m_serversModel->getDnsPair(serverIndex);
+    bool isApiConfig = qvariant_cast<bool>(m_serversModel->data(serverIndex, ServersModel::IsServerFromApiRole));

-    DockerContainer container = static_cast<DockerContainer>(m_containersModel->getCurrentlyProcessedContainerIndex());
    QJsonObject containerConfig = m_containersModel->getContainerConfig(container);
    containerConfig.insert(config_key::container, ContainerProps::containerToString(container));

+    VpnConfigurationsController vpnConfigurationController(m_settings);
+
+    QString protocolConfigString;
+
+    ErrorCode errorCode = vpnConfigurationController.createProtocolConfigString(isApiConfig, dns, credentials, container, containerConfig,
+                                                                                protocol, protocolConfigString);
+    if (errorCode != ErrorCode::NoError) {
+        return errorCode;
+    }
+
+    jsonNativeConfig = QJsonDocument::fromJson(protocolConfigString.toUtf8()).object();
+
+    if (protocol == Proto::OpenVpn || protocol == Proto::WireGuard || protocol == Proto::Awg) {
+        auto clientId = jsonNativeConfig.value(config_key::clientId).toString();
+        errorCode = m_clientManagementModel->appendClient(clientId, clientName, container, credentials);
+    }
+    return errorCode;
+}
+
+void ExportController::generateOpenVpnConfig(const QString &clientName)
+{
+    QJsonObject nativeConfig;
+    DockerContainer container = static_cast<DockerContainer>(m_containersModel->getProcessedContainerIndex());
    ErrorCode errorCode = ErrorCode::NoError;
-    QString clientId;
-    QString config = m_configurator->openVpnConfigurator->genOpenVpnConfig(credentials, container, containerConfig,
-                                                                           clientId, &errorCode);
+
+    if (container == DockerContainer::Cloak || container == DockerContainer::ShadowSocks) {
+        errorCode = generateNativeConfig(container, clientName, Proto::OpenVpn, nativeConfig);
+    } else {
+        errorCode = generateNativeConfig(container, clientName, ContainerProps::defaultProtocol(container), nativeConfig);
+    }
+
    if (errorCode) {
        emit exportErrorOccurred(errorString(errorCode));
        return;
    }
-    config = m_configurator->processConfigWithExportSettings(serverIndex, container, Proto::OpenVpn, config);

-    auto configJson = QJsonDocument::fromJson(config.toUtf8()).object();
-    QStringList lines = configJson.value(config_key::config).toString().replace("\r", "").split("\n");
+    QStringList lines = nativeConfig.value(config_key::config).toString().replace("\r", "").split("\n");
    for (const QString &line : lines) {
        m_config.append(line + "\n");
    }

    m_qrCodes = generateQrCodeImageSeries(m_config.toUtf8());
-
-    errorCode = m_clientManagementModel->appendClient(clientId, clientName, container, credentials);
-    if (errorCode) {
-        emit exportErrorOccurred(errorString(errorCode));
-        return;
-    }
-
    emit exportConfigChanged();
 }

 void ExportController::generateWireGuardConfig(const QString &clientName)
 {
-    clearPreviousConfig();
-
-    int serverIndex = m_serversModel->getProcessedServerIndex();
-    ServerCredentials credentials = m_serversModel->getServerCredentials(serverIndex);
-
-    DockerContainer container = static_cast<DockerContainer>(m_containersModel->getCurrentlyProcessedContainerIndex());
-    QJsonObject containerConfig = m_containersModel->getContainerConfig(container);
-    containerConfig.insert(config_key::container, ContainerProps::containerToString(container));
-
-    QString clientId;
-    ErrorCode errorCode = ErrorCode::NoError;
-    QString config = m_configurator->wireguardConfigurator->genWireguardConfig(credentials, container, containerConfig,
-                                                                               clientId, &errorCode);
+    QJsonObject nativeConfig;
+    ErrorCode errorCode = generateNativeConfig(DockerContainer::WireGuard, clientName, Proto::WireGuard, nativeConfig);
    if (errorCode) {
        emit exportErrorOccurred(errorString(errorCode));
        return;
    }
-    config = m_configurator->processConfigWithExportSettings(serverIndex, container, Proto::WireGuard, config);

-    auto configJson = QJsonDocument::fromJson(config.toUtf8()).object();
-    QStringList lines = configJson.value(config_key::config).toString().replace("\r", "").split("\n");
+    QStringList lines = nativeConfig.value(config_key::config).toString().replace("\r", "").split("\n");
    for (const QString &line : lines) {
        m_config.append(line + "\n");
    }
@@ -220,38 +200,19 @@ void ExportController::generateWireGuardConfig(const QString &clientName)
    qrcodegen::QrCode qr = qrcodegen::QrCode::encodeText(m_config.toUtf8(), qrcodegen::QrCode::Ecc::LOW);
    m_qrCodes << svgToBase64(QString::fromStdString(toSvgString(qr, 1)));

-    errorCode = m_clientManagementModel->appendClient(clientId, clientName, container, credentials);
-    if (errorCode) {
-        emit exportErrorOccurred(errorString(errorCode));
-        return;
-    }
-
    emit exportConfigChanged();
 }

 void ExportController::generateAwgConfig(const QString &clientName)
 {
-    clearPreviousConfig();
-
-    int serverIndex = m_serversModel->getProcessedServerIndex();
-    ServerCredentials credentials = m_serversModel->getServerCredentials(serverIndex);
-
-    DockerContainer container = static_cast<DockerContainer>(m_containersModel->getCurrentlyProcessedContainerIndex());
-    QJsonObject containerConfig = m_containersModel->getContainerConfig(container);
-    containerConfig.insert(config_key::container, ContainerProps::containerToString(container));
-
-    QString clientId;
-    ErrorCode errorCode = ErrorCode::NoError;
-    QString config = m_configurator->awgConfigurator->genAwgConfig(credentials, container, containerConfig,
-                                                                               clientId, &errorCode);
+    QJsonObject nativeConfig;
+    ErrorCode errorCode = generateNativeConfig(DockerContainer::Awg, clientName, Proto::Awg, nativeConfig);
    if (errorCode) {
        emit exportErrorOccurred(errorString(errorCode));
        return;
    }
-    config = m_configurator->processConfigWithExportSettings(serverIndex, container, Proto::Awg, config);

-    auto configJson = QJsonDocument::fromJson(config.toUtf8()).object();
-    QStringList lines = configJson.value(config_key::config).toString().replace("\r", "").split("\n");
+    QStringList lines = nativeConfig.value(config_key::config).toString().replace("\r", "").split("\n");
    for (const QString &line : lines) {
        m_config.append(line + "\n");
    }
@@ -259,42 +220,34 @@ void ExportController::generateAwgConfig(const QString &clientName)
    qrcodegen::QrCode qr = qrcodegen::QrCode::encodeText(m_config.toUtf8(), qrcodegen::QrCode::Ecc::LOW);
    m_qrCodes << svgToBase64(QString::fromStdString(toSvgString(qr, 1)));

-    errorCode = m_clientManagementModel->appendClient(clientId, clientName, container, credentials);
-    if (errorCode) {
-        emit exportErrorOccurred(errorString(errorCode));
-        return;
-    }
-
    emit exportConfigChanged();
 }

 void ExportController::generateShadowSocksConfig()
 {
-    clearPreviousConfig();
-
-    int serverIndex = m_serversModel->getProcessedServerIndex();
-    ServerCredentials credentials = m_serversModel->getServerCredentials(serverIndex);
-
-    DockerContainer container = static_cast<DockerContainer>(m_containersModel->getCurrentlyProcessedContainerIndex());
-    QJsonObject containerConfig = m_containersModel->getContainerConfig(container);
-    containerConfig.insert(config_key::container, ContainerProps::containerToString(container));
-
+    QJsonObject nativeConfig;
+    DockerContainer container = static_cast<DockerContainer>(m_containersModel->getProcessedContainerIndex());
    ErrorCode errorCode = ErrorCode::NoError;
-    QString config = m_configurator->shadowSocksConfigurator->genShadowSocksConfig(credentials, container,
-                                                                                   containerConfig, &errorCode);

-    config = m_configurator->processConfigWithExportSettings(serverIndex, container, Proto::ShadowSocks, config);
-    QJsonObject configJson = QJsonDocument::fromJson(config.toUtf8()).object();
+    if (container == DockerContainer::Cloak) {
+        errorCode = generateNativeConfig(container, "", Proto::ShadowSocks, nativeConfig);
+    } else {
+        errorCode = generateNativeConfig(container, "", ContainerProps::defaultProtocol(container), nativeConfig);
+    }

-    QStringList lines = QString(QJsonDocument(configJson).toJson()).replace("\r", "").split("\n");
+    if (errorCode) {
+        emit exportErrorOccurred(errorString(errorCode));
+        return;
+    }
+
+    QStringList lines = QString(QJsonDocument(nativeConfig).toJson()).replace("\r", "").split("\n");
    for (const QString &line : lines) {
        m_config.append(line + "\n");
    }

-    m_nativeConfigString =
-            QString("%1:%2@%3:%4")
-                    .arg(configJson.value("method").toString(), configJson.value("password").toString(),
-                         configJson.value("server").toString(), configJson.value("server_port").toString());
+    m_nativeConfigString = QString("%1:%2@%3:%4")
+                                   .arg(nativeConfig.value("method").toString(), nativeConfig.value("password").toString(),
+                                        nativeConfig.value("server").toString(), nativeConfig.value("server_port").toString());

    m_nativeConfigString = "ss://" + m_nativeConfigString.toUtf8().toBase64();

@@ -306,30 +259,34 @@ void ExportController::generateShadowSocksConfig()

 void ExportController::generateCloakConfig()
 {
-    clearPreviousConfig();
-
-    int serverIndex = m_serversModel->getProcessedServerIndex();
-    ServerCredentials credentials = m_serversModel->getServerCredentials(serverIndex);
-
-    DockerContainer container = static_cast<DockerContainer>(m_containersModel->getCurrentlyProcessedContainerIndex());
-    QJsonObject containerConfig = m_containersModel->getContainerConfig(container);
-    containerConfig.insert(config_key::container, ContainerProps::containerToString(container));
-
-    ErrorCode errorCode = ErrorCode::NoError;
-    QString config =
-            m_configurator->cloakConfigurator->genCloakConfig(credentials, container, containerConfig, &errorCode);
-
+    QJsonObject nativeConfig;
+    ErrorCode errorCode = generateNativeConfig(DockerContainer::Cloak, "", Proto::Cloak, nativeConfig);
    if (errorCode) {
        emit exportErrorOccurred(errorString(errorCode));
        return;
    }
-    config = m_configurator->processConfigWithExportSettings(serverIndex, container, Proto::Cloak, config);
-    QJsonObject configJson = QJsonDocument::fromJson(config.toUtf8()).object();

-    configJson.remove(config_key::transport_proto);
-    configJson.insert("ProxyMethod", "shadowsocks");
+    nativeConfig.remove(config_key::transport_proto);
+    nativeConfig.insert("ProxyMethod", "shadowsocks");

-    QStringList lines = QString(QJsonDocument(configJson).toJson()).replace("\r", "").split("\n");
+    QStringList lines = QString(QJsonDocument(nativeConfig).toJson()).replace("\r", "").split("\n");
+    for (const QString &line : lines) {
+        m_config.append(line + "\n");
+    }
+
+    emit exportConfigChanged();
+}
+
+void ExportController::generateXrayConfig()
+{
+    QJsonObject nativeConfig;
+    ErrorCode errorCode = generateNativeConfig(DockerContainer::Xray, "", Proto::Xray, nativeConfig);
+    if (errorCode) {
+        emit exportErrorOccurred(errorString(errorCode));
+        return;
+    }
+
+    QStringList lines = QString(QJsonDocument(nativeConfig).toJson()).replace("\r", "").split("\n");
    for (const QString &line : lines) {
        m_config.append(line + "\n");
    }
@@ -367,8 +324,7 @@ void ExportController::updateClientManagementModel(const DockerContainer contain

 void ExportController::revokeConfig(const int row, const DockerContainer container, ServerCredentials credentials)
 {
-    ErrorCode errorCode = m_clientManagementModel->revokeClient(row, container, credentials,
-                                                                m_serversModel->getProcessedServerIndex());
+    ErrorCode errorCode = m_clientManagementModel->revokeClient(row, container, credentials, m_serversModel->getProcessedServerIndex());
    if (errorCode != ErrorCode::NoError) {
        emit exportErrorOccurred(errorString(errorCode));
    }
@@ -3,10 +3,9 @@

 #include <QObject>

-#include "configurators/vpn_configurator.h"
+#include "ui/models/clientManagementModel.h"
 #include "ui/models/containers_model.h"
 #include "ui/models/servers_model.h"
-#include "ui/models/clientManagementModel.h"
 #ifdef Q_OS_ANDROID
    #include "platforms/android/authResultReceiver.h"
 #endif
@@ -15,11 +14,9 @@ class ExportController : public QObject
 {
    Q_OBJECT
 public:
-    explicit ExportController(const QSharedPointer<ServersModel> &serversModel,
-                              const QSharedPointer<ContainersModel> &containersModel,
-                              const QSharedPointer<ClientManagementModel> &clientManagementModel,
-                              const std::shared_ptr<Settings> &settings,
-                              const std::shared_ptr<VpnConfigurator> &configurator, QObject *parent = nullptr);
+    explicit ExportController(const QSharedPointer<ServersModel> &serversModel, const QSharedPointer<ContainersModel> &containersModel,
+                              const QSharedPointer<ClientManagementModel> &clientManagementModel, const std::shared_ptr<Settings> &settings,
+                              QObject *parent = nullptr);

    Q_PROPERTY(QList<QString> qrCodes READ getQrCodes NOTIFY exportConfigChanged)
    Q_PROPERTY(int qrCodesCount READ getQrCodesCount NOTIFY exportConfigChanged)
@@ -37,6 +34,7 @@ public slots:
    void generateAwgConfig(const QString &clientName);
    void generateShadowSocksConfig();
    void generateCloakConfig();
+    void generateXrayConfig();

    QString getConfig();
    QString getNativeConfigString();
@@ -64,11 +62,13 @@ private:

    void clearPreviousConfig();

+    ErrorCode generateNativeConfig(const DockerContainer container, const QString &clientName, const Proto &protocol,
+                                   QJsonObject &jsonNativeConfig);
+
    QSharedPointer<ServersModel> m_serversModel;
    QSharedPointer<ContainersModel> m_containersModel;
    QSharedPointer<ClientManagementModel> m_clientManagementModel;
    std::shared_ptr<Settings> m_settings;
-    std::shared_ptr<VpnConfigurator> m_configurator;

    QString m_config;
    QString m_nativeConfigString;
@@ -19,6 +19,7 @@ namespace
        Amnezia,
        OpenVpn,
        WireGuard,
+        Xray,
        Backup,
        Invalid
    };
@@ -34,6 +35,9 @@ namespace
        const QString wireguardConfigPatternSectionInterface = "[Interface]";
        const QString wireguardConfigPatternSectionPeer = "[Peer]";

+        const QString xrayConfigPatternInbound = "inbounds";
+        const QString xrayConfigPatternOutbound = "outbounds";
+
        const QString amneziaConfigPattern = "containers";
        const QString amneziaFreeConfigPattern = "api_key";
        const QString backupPattern = "Servers/serversList";
@@ -49,6 +53,8 @@ namespace
        } else if (config.contains(wireguardConfigPatternSectionInterface)
                   && config.contains(wireguardConfigPatternSectionPeer)) {
            return ConfigTypes::WireGuard;
+        } else if ((config.contains(xrayConfigPatternInbound)) && (config.contains(xrayConfigPatternOutbound))) {
+            return ConfigTypes::Xray;
        }
        return ConfigTypes::Invalid;
    }
@@ -109,6 +115,10 @@ bool ImportController::extractConfigFromData(QString data)
        m_config = extractWireGuardConfig(config);
        return m_config.empty() ? false : true;
    }
+    case ConfigTypes::Xray: {
+        m_config = extractXrayConfig(config);
+        return m_config.empty() ? false : true;
+    }
    case ConfigTypes::Amnezia: {
        m_config = QJsonDocument::fromJson(config.toUtf8()).object();
        return m_config.empty() ? false : true;
@@ -349,6 +359,42 @@ QJsonObject ImportController::extractWireGuardConfig(const QString &data)
    return config;
 }

+QJsonObject ImportController::extractXrayConfig(const QString &data)
+{
+    QJsonParseError parserErr;
+    QJsonDocument jsonConf = QJsonDocument::fromJson(data.toLocal8Bit(), &parserErr);
+
+    QJsonObject xrayVpnConfig;
+    xrayVpnConfig[config_key::config] = jsonConf.toJson().constData();
+    QJsonObject lastConfig;
+    lastConfig[config_key::last_config] = jsonConf.toJson().constData();
+    lastConfig[config_key::isThirdPartyConfig] = true;
+
+    QJsonObject containers;
+    containers.insert(config_key::container, QJsonValue("amnezia-xray"));
+    containers.insert(config_key::xray, QJsonValue(lastConfig));
+
+    QJsonArray arr;
+    arr.push_back(containers);
+
+    QString hostName;
+
+    const static QRegularExpression hostNameRegExp("\"address\":\\s*\"([^\"]+)");
+    QRegularExpressionMatch hostNameMatch = hostNameRegExp.match(data);
+    if (hostNameMatch.hasMatch()) {
+        hostName = hostNameMatch.captured(1);
+    }
+
+    QJsonObject config;
+    config[config_key::containers] = arr;
+    config[config_key::defaultContainer] = "amnezia-xray";
+    config[config_key::description] = m_settings->nextAvailableServerName();
+
+    config[config_key::hostName] = hostName;
+
+    return config;
+}
+
 #ifdef Q_OS_ANDROID
 static QMutex qrDecodeMutex;

@@ -47,6 +47,7 @@ signals:
 private:
    QJsonObject extractOpenVpnConfig(const QString &data);
    QJsonObject extractWireGuardConfig(const QString &data);
+    QJsonObject extractXrayConfig(const QString &data);

 #if defined Q_OS_ANDROID || defined Q_OS_IOS
    void stopDecodingQr();
@@ -4,17 +4,22 @@
 #include <QDir>
 #include <QEventLoop>
 #include <QJsonObject>
-#include <QStandardPaths>
 #include <QRandomGenerator>
+#include <QStandardPaths>

-#include "core/errorstrings.h"
 #include "core/controllers/serverController.h"
+#include "core/controllers/vpnConfigurationController.h"
+#include "core/errorstrings.h"
+#include "logger.h"
+#include "core/networkUtilities.h"
 #include "utilities.h"
 #include "ui/models/protocols/awgConfigModel.h"
 #include "ui/models/protocols/wireguardConfigModel.h"

 namespace
 {
+    Logger logger("ServerController");
+
 #ifdef Q_OS_WINDOWS
    QString getNextDriverLetter()
    {
@@ -41,14 +46,15 @@ namespace
 #endif
 }

-InstallController::InstallController(const QSharedPointer<ServersModel> &serversModel,
-                                     const QSharedPointer<ContainersModel> &containersModel,
+InstallController::InstallController(const QSharedPointer<ServersModel> &serversModel, const QSharedPointer<ContainersModel> &containersModel,
                                     const QSharedPointer<ProtocolsModel> &protocolsModel,
+                                     const QSharedPointer<ClientManagementModel> &clientManagementModel,
                                     const std::shared_ptr<Settings> &settings, QObject *parent)
    : QObject(parent),
      m_serversModel(serversModel),
      m_containersModel(containersModel),
      m_protocolModel(protocolsModel),
+      m_clientManagementModel(clientManagementModel),
      m_settings(settings)
 {
 }
@@ -73,8 +79,7 @@ void InstallController::install(DockerContainer container, int port, TransportPr

        if (protocol == mainProto) {
            containerConfig.insert(config_key::port, QString::number(port));
-            containerConfig.insert(config_key::transport_proto,
-                                   ProtocolProps::transportProtoToString(transportProto, protocol));
+            containerConfig.insert(config_key::transport_proto, ProtocolProps::transportProtoToString(transportProto, protocol));

            if (container == DockerContainer::Awg) {
                QString junkPacketCount = QString::number(QRandomGenerator::global()->bounded(3, 10));
@@ -106,9 +111,7 @@ void InstallController::install(DockerContainer container, int port, TransportPr
                containerConfig[config_key::responsePacketMagicHeader] = responsePacketMagicHeader;
                containerConfig[config_key::underloadPacketMagicHeader] = underloadPacketMagicHeader;
                containerConfig[config_key::transportPacketMagicHeader] = transportPacketMagicHeader;
-            }
-
-            if (container == DockerContainer::Sftp) {
+            } else if (container == DockerContainer::Sftp) {
                containerConfig.insert(config_key::userName, protocols::sftp::defaultUserName);
                containerConfig.insert(config_key::password, Utils::getRandomString(10));
            }
@@ -118,109 +121,132 @@ void InstallController::install(DockerContainer container, int port, TransportPr
        config.insert(ProtocolProps::protoToString(protocol), containerConfig);
    }

+    ServerCredentials serverCredentials;
    if (m_shouldCreateServer) {
        if (isServerAlreadyExists()) {
            return;
        }
-        installServer(container, config);
+        serverCredentials = m_processedServerCredentials;
    } else {
-        installContainer(container, config);
+        int serverIndex = m_serversModel->getProcessedServerIndex();
+        serverCredentials = qvariant_cast<ServerCredentials>(m_serversModel->data(serverIndex, ServersModel::Roles::CredentialsRole));
    }
-}

-void InstallController::installServer(DockerContainer container, QJsonObject &config)
-{
    ServerController serverController(m_settings);
    connect(&serverController, &ServerController::serverIsBusy, this, &InstallController::serverIsBusy);
    connect(this, &InstallController::cancelInstallation, &serverController, &ServerController::cancelInstallation);

    QMap<DockerContainer, QJsonObject> installedContainers;
-    ErrorCode errorCode =
-            serverController.getAlreadyInstalledContainers(m_currentlyInstalledServerCredentials, installedContainers);
-
-    QString finishMessage = "";
-
-    if (!installedContainers.contains(container)) {
-        errorCode = serverController.setupContainer(m_currentlyInstalledServerCredentials, container, config);
-        installedContainers.insert(container, config);
-        finishMessage = tr("%1 installed successfully. ").arg(ContainerProps::containerHumanNames().value(container));
-    } else {
-        finishMessage = tr("%1 is already installed on the server. ").arg(ContainerProps::containerHumanNames().value(container));
-    }
-    if (installedContainers.size() > 1) {
-        finishMessage += tr("\nAdded containers that were already installed on the server");
-    }
-
-    if (errorCode == ErrorCode::NoError) {
-        QJsonObject server;
-        server.insert(config_key::hostName, m_currentlyInstalledServerCredentials.hostName);
-        server.insert(config_key::userName, m_currentlyInstalledServerCredentials.userName);
-        server.insert(config_key::password, m_currentlyInstalledServerCredentials.secretData);
-        server.insert(config_key::port, m_currentlyInstalledServerCredentials.port);
-        server.insert(config_key::description, m_settings->nextAvailableServerName());
-
-        QJsonArray containerConfigs;
-        for (const QJsonObject &containerConfig : qAsConst(installedContainers)) {
-            containerConfigs.append(containerConfig);
-        }
-
-        server.insert(config_key::containers, containerConfigs);
-        server.insert(config_key::defaultContainer, ContainerProps::containerToString(container));
-
-        m_serversModel->addServer(server);
-
-        emit installServerFinished(finishMessage);
+    ErrorCode errorCode = getAlreadyInstalledContainers(serverCredentials, installedContainers);
+    if (errorCode) {
+        emit installationErrorOccurred(errorString(errorCode));
        return;
    }

-    emit installationErrorOccurred(errorString(errorCode));
-}
-
-void InstallController::installContainer(DockerContainer container, QJsonObject &config)
-{
-    int serverIndex = m_serversModel->getProcessedServerIndex();
-    ServerCredentials serverCredentials =
-            qvariant_cast<ServerCredentials>(m_serversModel->data(serverIndex, ServersModel::Roles::CredentialsRole));
-
-    ServerController serverController(m_settings);
-    connect(&serverController, &ServerController::serverIsBusy, this, &InstallController::serverIsBusy);
-    connect(this, &InstallController::cancelInstallation, &serverController, &ServerController::cancelInstallation);
-
-    QMap<DockerContainer, QJsonObject> installedContainers;
-    ErrorCode errorCode = serverController.getAlreadyInstalledContainers(serverCredentials, installedContainers);
-
    QString finishMessage = "";

    if (!installedContainers.contains(container)) {
        errorCode = serverController.setupContainer(serverCredentials, container, config);
+        if (errorCode) {
+            emit installationErrorOccurred(errorString(errorCode));
+            return;
+        }
+
        installedContainers.insert(container, config);
        finishMessage = tr("%1 installed successfully. ").arg(ContainerProps::containerHumanNames().value(container));
    } else {
        finishMessage = tr("%1 is already installed on the server. ").arg(ContainerProps::containerHumanNames().value(container));
    }

-    bool isInstalledContainerAddedToGui = false;
-
-    if (errorCode == ErrorCode::NoError) {
-        for (auto iterator = installedContainers.begin(); iterator != installedContainers.end(); iterator++) {
-            QJsonObject containerConfig = m_containersModel->getContainerConfig(iterator.key());
-            if (containerConfig.isEmpty()) {
-                m_serversModel->addContainerConfig(iterator.key(), iterator.value());
-                if (container != iterator.key()) { // skip the newly installed container
-                    isInstalledContainerAddedToGui = true;
-                }
-            }
-        }
-        if (isInstalledContainerAddedToGui) {
-            finishMessage += tr("\nAlready installed containers were found on the server. "
-                                "All installed containers have been added to the application");
-        }
-
-        emit installContainerFinished(finishMessage, ContainerProps::containerService(container) == ServiceType::Other);
+    if (errorCode) {
+        emit installationErrorOccurred(errorString(errorCode));
        return;
    }

-    emit installationErrorOccurred(errorString(errorCode));
+    if (m_shouldCreateServer) {
+        installServer(container, installedContainers, serverCredentials, finishMessage);
+    } else {
+        installContainer(container, installedContainers, serverCredentials, finishMessage);
+    }
+}
+
+void InstallController::installServer(const DockerContainer container, const QMap<DockerContainer, QJsonObject> &installedContainers,
+                                      const ServerCredentials &serverCredentials, QString &finishMessage)
+{
+    if (installedContainers.size() > 1) {
+        finishMessage += tr("\nAdded containers that were already installed on the server");
+    }
+
+    QJsonObject server;
+    server.insert(config_key::hostName, m_processedServerCredentials.hostName);
+    server.insert(config_key::userName, m_processedServerCredentials.userName);
+    server.insert(config_key::password, m_processedServerCredentials.secretData);
+    server.insert(config_key::port, m_processedServerCredentials.port);
+    server.insert(config_key::description, m_settings->nextAvailableServerName());
+
+    QJsonArray containerConfigs;
+    VpnConfigurationsController vpnConfigurationController(m_settings);
+    for (auto iterator = installedContainers.begin(); iterator != installedContainers.end(); iterator++) {
+        auto containerConfig = iterator.value();
+        auto errorCode =
+                vpnConfigurationController.createProtocolConfigForContainer(m_processedServerCredentials, iterator.key(), containerConfig);
+        if (errorCode) {
+            emit installationErrorOccurred(errorString(errorCode));
+            return;
+        }
+        containerConfigs.append(containerConfig);
+
+        errorCode = m_clientManagementModel->appendClient(iterator.key(), serverCredentials, containerConfig,
+                                                          QString("Admin [%1]").arg(QSysInfo::prettyProductName()));
+        if (errorCode) {
+            emit installationErrorOccurred(errorString(errorCode));
+            return;
+        }
+    }
+
+    server.insert(config_key::containers, containerConfigs);
+    server.insert(config_key::defaultContainer, ContainerProps::containerToString(container));
+
+    m_serversModel->addServer(server);
+
+    emit installServerFinished(finishMessage);
+}
+
+void InstallController::installContainer(const DockerContainer container, const QMap<DockerContainer, QJsonObject> &installedContainers,
+                                         const ServerCredentials &serverCredentials, QString &finishMessage)
+{
+    bool isInstalledContainerAddedToGui = false;
+
+    VpnConfigurationsController vpnConfigurationController(m_settings);
+    for (auto iterator = installedContainers.begin(); iterator != installedContainers.end(); iterator++) {
+        QJsonObject containerConfig = m_containersModel->getContainerConfig(iterator.key());
+        if (containerConfig.isEmpty()) {
+            containerConfig = iterator.value();
+            auto errorCode = vpnConfigurationController.createProtocolConfigForContainer(serverCredentials, iterator.key(), containerConfig);
+            if (errorCode) {
+                emit installationErrorOccurred(errorString(errorCode));
+                return;
+            }
+            m_serversModel->addContainerConfig(iterator.key(), containerConfig);
+
+            errorCode = m_clientManagementModel->appendClient(iterator.key(), serverCredentials, containerConfig,
+                                                              QString("Admin [%1]").arg(QSysInfo::prettyProductName()));
+            if (errorCode) {
+                emit installationErrorOccurred(errorString(errorCode));
+                return;
+            }
+
+            if (container != iterator.key()) { // skip the newly installed container
+                isInstalledContainerAddedToGui = true;
+            }
+        }
+    }
+    if (isInstalledContainerAddedToGui) {
+        finishMessage += tr("\nAlready installed containers were found on the server. "
+                            "All installed containers have been added to the application");
+    }
+
+    emit installContainerFinished(finishMessage, ContainerProps::containerService(container) == ServiceType::Other);
 }

 bool InstallController::isServerAlreadyExists()
@@ -229,8 +255,7 @@ bool InstallController::isServerAlreadyExists()
        auto modelIndex = m_serversModel->index(i);
        const ServerCredentials credentials =
                qvariant_cast<ServerCredentials>(m_serversModel->data(modelIndex, ServersModel::Roles::CredentialsRole));
-        if (m_currentlyInstalledServerCredentials.hostName == credentials.hostName
-            && m_currentlyInstalledServerCredentials.port == credentials.port) {
+        if (m_processedServerCredentials.hostName == credentials.hostName && m_processedServerCredentials.port == credentials.port) {
            emit serverAlreadyExists(i);
            return true;
        }
@@ -247,15 +272,31 @@ void InstallController::scanServerForInstalledContainers()
    ServerController serverController(m_settings);

    QMap<DockerContainer, QJsonObject> installedContainers;
-    ErrorCode errorCode = serverController.getAlreadyInstalledContainers(serverCredentials, installedContainers);
+    ErrorCode errorCode = getAlreadyInstalledContainers(serverCredentials, installedContainers);

    if (errorCode == ErrorCode::NoError) {
        bool isInstalledContainerAddedToGui = false;
+        VpnConfigurationsController vpnConfigurationController(m_settings);

        for (auto iterator = installedContainers.begin(); iterator != installedContainers.end(); iterator++) {
            QJsonObject containerConfig = m_containersModel->getContainerConfig(iterator.key());
            if (containerConfig.isEmpty()) {
-                m_serversModel->addContainerConfig(iterator.key(), iterator.value());
+                containerConfig = iterator.value();
+                auto errorCode =
+                        vpnConfigurationController.createProtocolConfigForContainer(serverCredentials, iterator.key(), containerConfig);
+                if (errorCode) {
+                    emit installationErrorOccurred(errorString(errorCode));
+                    return;
+                }
+                m_serversModel->addContainerConfig(iterator.key(), containerConfig);
+
+                errorCode = m_clientManagementModel->appendClient(iterator.key(), serverCredentials, containerConfig,
+                                                                  QString("Admin [%1]").arg(QSysInfo::prettyProductName()));
+                if (errorCode) {
+                    emit installationErrorOccurred(errorString(errorCode));
+                    return;
+                }
+
                isInstalledContainerAddedToGui = true;
            }
        }
@@ -267,6 +308,151 @@ void InstallController::scanServerForInstalledContainers()
    emit installationErrorOccurred(errorString(errorCode));
 }

+ErrorCode InstallController::getAlreadyInstalledContainers(const ServerCredentials &credentials,
+                                                           QMap<DockerContainer, QJsonObject> &installedContainers)
+{
+    QString stdOut;
+    auto cbReadStdOut = [&](const QString &data, libssh::Client &) {
+        stdOut += data + "\n";
+        return ErrorCode::NoError;
+    };
+    auto cbReadStdErr = [&](const QString &data, libssh::Client &) {
+        stdOut += data + "\n";
+        return ErrorCode::NoError;
+    };
+
+    ServerController serverController(m_settings);
+    QString script = QString("sudo docker ps --format '{{.Names}} {{.Ports}}'");
+
+    ErrorCode errorCode = serverController.runScript(credentials, script, cbReadStdOut, cbReadStdErr);
+    if (errorCode != ErrorCode::NoError) {
+        return errorCode;
+    }
+
+    auto containersInfo = stdOut.split("\n");
+    for (auto &containerInfo : containersInfo) {
+        if (containerInfo.isEmpty()) {
+            continue;
+        }
+        const static QRegularExpression containerAndPortRegExp("(amnezia[-a-z]*).*?:([0-9]*)->[0-9]*/(udp|tcp).*");
+        QRegularExpressionMatch containerAndPortMatch = containerAndPortRegExp.match(containerInfo);
+        if (containerAndPortMatch.hasMatch()) {
+            QString name = containerAndPortMatch.captured(1);
+            QString port = containerAndPortMatch.captured(2);
+            QString transportProto = containerAndPortMatch.captured(3);
+            DockerContainer container = ContainerProps::containerFromString(name);
+
+            QJsonObject config;
+            Proto mainProto = ContainerProps::defaultProtocol(container);
+            for (auto protocol : ContainerProps::protocolsForContainer(container)) {
+                QJsonObject containerConfig;
+                if (protocol == mainProto) {
+                    containerConfig.insert(config_key::port, port);
+                    containerConfig.insert(config_key::transport_proto, transportProto);
+
+                    if (protocol == Proto::Awg) {
+                        QString serverConfig = serverController.getTextFileFromContainer(container, credentials,
+                                                                                         protocols::awg::serverConfigPath, errorCode);
+
+                        QMap<QString, QString> serverConfigMap;
+                        auto serverConfigLines = serverConfig.split("\n");
+                        for (auto &line : serverConfigLines) {
+                            auto trimmedLine = line.trimmed();
+                            if (trimmedLine.startsWith("[") && trimmedLine.endsWith("]")) {
+                                continue;
+                            } else {
+                                QStringList parts = trimmedLine.split(" = ");
+                                if (parts.count() == 2) {
+                                    serverConfigMap.insert(parts[0].trimmed(), parts[1].trimmed());
+                                }
+                            }
+                        }
+
+                        containerConfig[config_key::junkPacketCount] = serverConfigMap.value(config_key::junkPacketCount);
+                        containerConfig[config_key::junkPacketMinSize] = serverConfigMap.value(config_key::junkPacketMinSize);
+                        containerConfig[config_key::junkPacketMaxSize] = serverConfigMap.value(config_key::junkPacketMaxSize);
+                        containerConfig[config_key::initPacketJunkSize] = serverConfigMap.value(config_key::initPacketJunkSize);
+                        containerConfig[config_key::responsePacketJunkSize] = serverConfigMap.value(config_key::responsePacketJunkSize);
+                        containerConfig[config_key::initPacketMagicHeader] = serverConfigMap.value(config_key::initPacketMagicHeader);
+                        containerConfig[config_key::responsePacketMagicHeader] = serverConfigMap.value(config_key::responsePacketMagicHeader);
+                        containerConfig[config_key::underloadPacketMagicHeader] =
+                                serverConfigMap.value(config_key::underloadPacketMagicHeader);
+                        containerConfig[config_key::transportPacketMagicHeader] =
+                                serverConfigMap.value(config_key::transportPacketMagicHeader);
+                    } else if (protocol == Proto::Sftp) {
+                        stdOut.clear();
+                        script = QString("sudo docker inspect --format '{{.Config.Cmd}}' %1").arg(name);
+
+                        ErrorCode errorCode = serverController.runScript(credentials, script, cbReadStdOut, cbReadStdErr);
+                        if (errorCode != ErrorCode::NoError) {
+                            return errorCode;
+                        }
+
+                        auto sftpInfo = stdOut.split(":");
+                        if (sftpInfo.size() < 2) {
+                            logger.error() << "Key parameters for the sftp container are missing";
+                            continue;
+                        }
+                        auto userName = sftpInfo.at(0);
+                        userName = userName.remove(0, 1);
+                        auto password = sftpInfo.at(1);
+
+                        containerConfig.insert(config_key::userName, userName);
+                        containerConfig.insert(config_key::password, password);
+                    }
+
+                    config.insert(config_key::container, ContainerProps::containerToString(container));
+                }
+                config.insert(ProtocolProps::protoToString(protocol), containerConfig);
+            }
+            installedContainers.insert(container, config);
+        }
+        const static QRegularExpression torOrDnsRegExp("(amnezia-(?:torwebsite|dns)).*?([0-9]*)/(udp|tcp).*");
+        QRegularExpressionMatch torOrDnsRegMatch = torOrDnsRegExp.match(containerInfo);
+        if (torOrDnsRegMatch.hasMatch()) {
+            QString name = torOrDnsRegMatch.captured(1);
+            QString port = torOrDnsRegMatch.captured(2);
+            QString transportProto = torOrDnsRegMatch.captured(3);
+            DockerContainer container = ContainerProps::containerFromString(name);
+
+            QJsonObject config;
+            Proto mainProto = ContainerProps::defaultProtocol(container);
+            for (auto protocol : ContainerProps::protocolsForContainer(container)) {
+                QJsonObject containerConfig;
+                if (protocol == mainProto) {
+                    containerConfig.insert(config_key::port, port);
+                    containerConfig.insert(config_key::transport_proto, transportProto);
+
+                    if (protocol == Proto::TorWebSite) {
+                        stdOut.clear();
+                        script = QString("sudo docker exec -i %1 sh -c 'cat /var/lib/tor/hidden_service/hostname'").arg(name);
+
+                        ErrorCode errorCode = serverController.runScript(credentials, script, cbReadStdOut, cbReadStdErr);
+                        if (errorCode != ErrorCode::NoError) {
+                            return errorCode;
+                        }
+
+                        if (stdOut.isEmpty()) {
+                            logger.error() << "Key parameters for the tor container are missing";
+                            continue;
+                        }
+
+                        QString onion = stdOut;
+                        onion.replace("\n", "");
+                        containerConfig.insert(config_key::site, onion);
+                    }
+
+                    config.insert(config_key::container, ContainerProps::containerToString(container));
+                }
+                config.insert(ProtocolProps::protoToString(protocol), containerConfig);
+            }
+            installedContainers.insert(container, config);
+        }
+    }
+
+    return ErrorCode::NoError;
+}
+
 void InstallController::updateContainer(QJsonObject config)
 {
    int serverIndex = m_serversModel->getProcessedServerIndex();
@@ -283,6 +469,7 @@ void InstallController::updateContainer(QJsonObject config)
        connect(this, &InstallController::cancelInstallation, &serverController, &ServerController::cancelInstallation);

        errorCode = serverController.updateContainer(serverCredentials, container, oldContainerConfig, config);
+        clearCachedProfile();
    }

    if (errorCode == ErrorCode::NoError) {
@@ -333,44 +520,70 @@ void InstallController::removeAllContainers()
    emit installationErrorOccurred(errorString(errorCode));
 }

-void InstallController::removeCurrentlyProcessedContainer()
+void InstallController::removeProcessedContainer()
 {
    int serverIndex = m_serversModel->getProcessedServerIndex();
    QString serverName = m_serversModel->data(serverIndex, ServersModel::Roles::NameRole).toString();

-    int container = m_containersModel->getCurrentlyProcessedContainerIndex();
-    QString containerName = m_containersModel->getCurrentlyProcessedContainerName();
+    int container = m_containersModel->getProcessedContainerIndex();
+    QString containerName = m_containersModel->getProcessedContainerName();

    ErrorCode errorCode = m_serversModel->removeContainer(container);
    if (errorCode == ErrorCode::NoError) {

-        emit removeCurrentlyProcessedContainerFinished(tr("%1 has been removed from the server '%2'").arg(containerName, serverName));
+        emit removeProcessedContainerFinished(tr("%1 has been removed from the server '%2'").arg(containerName, serverName));
        return;
    }
    emit installationErrorOccurred(errorString(errorCode));
 }

+void InstallController::removeApiConfig()
+{
+    auto serverConfig = m_serversModel->getServerConfig(m_serversModel->getDefaultServerIndex());
+
+    serverConfig.remove(config_key::dns1);
+    serverConfig.remove(config_key::dns2);
+    serverConfig.remove(config_key::containers);
+    serverConfig.remove(config_key::hostName);
+
+    serverConfig.insert(config_key::defaultContainer, ContainerProps::containerToString(DockerContainer::None));
+
+    m_serversModel->editServer(serverConfig, m_serversModel->getDefaultServerIndex());
+}
+
+void InstallController::clearCachedProfile()
+{
+    int serverIndex = m_serversModel->getProcessedServerIndex();
+    DockerContainer container = static_cast<DockerContainer>(m_containersModel->getProcessedContainerIndex());
+    QJsonObject containerConfig = m_containersModel->getContainerConfig(container);
+    ServerCredentials serverCredentials =
+            qvariant_cast<ServerCredentials>(m_serversModel->data(serverIndex, ServersModel::Roles::CredentialsRole));
+
+    m_serversModel->clearCachedProfile(container);
+    m_clientManagementModel->revokeClient(containerConfig, container, serverCredentials, serverIndex);
+
+    emit cachedProfileCleared(tr("%1 cached profile cleared").arg(ContainerProps::containerHumanNames().value(container)));
+}
+
 QRegularExpression InstallController::ipAddressPortRegExp()
 {
-    return Utils::ipAddressPortRegExp();
+    return NetworkUtilities::ipAddressPortRegExp();
 }

 QRegularExpression InstallController::ipAddressRegExp()
 {
-    return Utils::ipAddressRegExp();
+    return NetworkUtilities::ipAddressRegExp();
 }

-void InstallController::setCurrentlyInstalledServerCredentials(const QString &hostName, const QString &userName,
-                                                               const QString &secretData)
+void InstallController::setProcessedServerCredentials(const QString &hostName, const QString &userName, const QString &secretData)
 {
-    m_currentlyInstalledServerCredentials.hostName = hostName;
-    if (m_currentlyInstalledServerCredentials.hostName.contains(":")) {
-        m_currentlyInstalledServerCredentials.port =
-                m_currentlyInstalledServerCredentials.hostName.split(":").at(1).toInt();
-        m_currentlyInstalledServerCredentials.hostName = m_currentlyInstalledServerCredentials.hostName.split(":").at(0);
+    m_processedServerCredentials.hostName = hostName;
+    if (m_processedServerCredentials.hostName.contains(":")) {
+        m_processedServerCredentials.port = m_processedServerCredentials.hostName.split(":").at(1).toInt();
+        m_processedServerCredentials.hostName = m_processedServerCredentials.hostName.split(":").at(0);
    }
-    m_currentlyInstalledServerCredentials.userName = userName;
-    m_currentlyInstalledServerCredentials.secretData = secretData;
+    m_processedServerCredentials.userName = userName;
+    m_processedServerCredentials.secretData = secretData;
 }

 void InstallController::setShouldCreateServer(bool shouldCreateServer)
@@ -397,8 +610,7 @@ void InstallController::mountSftpDrive(const QString &port, const QString &passw

    cmd = "C:\\Program Files\\SSHFS-Win\\bin\\sshfs.exe";
 #elif defined AMNEZIA_DESKTOP
-    mountPath =
-            QString("%1/sftp:%2:%3").arg(QStandardPaths::writableLocation(QStandardPaths::HomeLocation), hostname, port);
+    mountPath = QString("%1/sftp:%2:%3").arg(QStandardPaths::writableLocation(QStandardPaths::HomeLocation), hostname, port);
    QDir dir(mountPath);
    if (!dir.exists()) {
        dir.mkpath(mountPath);
@@ -450,7 +662,6 @@ void InstallController::mountSftpDrive(const QString &port, const QString &passw
        process->write((password + "\n").toUtf8());
    }

-    // qDebug().noquote() << "onPushButtonSftpMountDriveClicked" << args;

 #endif
 }
@@ -461,8 +672,7 @@ bool InstallController::checkSshConnection()
    ErrorCode errorCode = ErrorCode::NoError;
    m_privateKeyPassphrase = "";

-    if (m_currentlyInstalledServerCredentials.secretData.contains("BEGIN")
-        && m_currentlyInstalledServerCredentials.secretData.contains("PRIVATE KEY")) {
+    if (m_processedServerCredentials.secretData.contains("BEGIN") && m_processedServerCredentials.secretData.contains("PRIVATE KEY")) {
        auto passphraseCallback = [this]() {
            emit passphraseRequestStarted();
            QEventLoop loop;
@@ -473,10 +683,9 @@ bool InstallController::checkSshConnection()
        };

        QString decryptedPrivateKey;
-        errorCode = serverController.getDecryptedPrivateKey(m_currentlyInstalledServerCredentials, decryptedPrivateKey,
-                                                            passphraseCallback);
+        errorCode = serverController.getDecryptedPrivateKey(m_processedServerCredentials, decryptedPrivateKey, passphraseCallback);
        if (errorCode == ErrorCode::NoError) {
-            m_currentlyInstalledServerCredentials.secretData = decryptedPrivateKey;
+            m_processedServerCredentials.secretData = decryptedPrivateKey;
        } else {
            emit installationErrorOccurred(errorString(errorCode));
            return false;
@@ -484,7 +693,7 @@ bool InstallController::checkSshConnection()
    }

    QString output;
-    output = serverController.checkSshConnection(m_currentlyInstalledServerCredentials, &errorCode);
+    output = serverController.checkSshConnection(m_processedServerCredentials, errorCode);

    if (errorCode != ErrorCode::NoError) {
        emit installationErrorOccurred(errorString(errorCode));
@@ -508,10 +717,10 @@ void InstallController::setEncryptedPassphrase(QString passphrase)
 void InstallController::addEmptyServer()
 {
    QJsonObject server;
-    server.insert(config_key::hostName, m_currentlyInstalledServerCredentials.hostName);
-    server.insert(config_key::userName, m_currentlyInstalledServerCredentials.userName);
-    server.insert(config_key::password, m_currentlyInstalledServerCredentials.secretData);
-    server.insert(config_key::port, m_currentlyInstalledServerCredentials.port);
+    server.insert(config_key::hostName, m_processedServerCredentials.hostName);
+    server.insert(config_key::userName, m_processedServerCredentials.userName);
+    server.insert(config_key::password, m_processedServerCredentials.secretData);
+    server.insert(config_key::port, m_processedServerCredentials.port);
    server.insert(config_key::description, m_settings->nextAvailableServerName());

    server.insert(config_key::defaultContainer, ContainerProps::containerToString(DockerContainer::None));
@@ -532,17 +741,17 @@ bool InstallController::isUpdateDockerContainerRequired(const DockerContainer co
        const AwgConfig oldConfig(oldProtoConfig);
        const AwgConfig newConfig(newProtoConfig);

-        if (!oldConfig.hasEqualServerSettings(newConfig)) {
-            return true;
+        if (oldConfig.hasEqualServerSettings(newConfig)) {
+            return false;
        }
    } else if (container == DockerContainer::WireGuard) {
        const WgConfig oldConfig(oldProtoConfig);
        const WgConfig newConfig(newProtoConfig);

-        if (!oldConfig.hasEqualServerSettings(newConfig)) {
-            return true;
+        if (oldConfig.hasEqualServerSettings(newConfig)) {
+            return false;
        }
    }

-    return false;
+    return true;
 }
@@ -6,24 +6,24 @@

 #include "containers/containers_defs.h"
 #include "core/defs.h"
+#include "ui/models/clientManagementModel.h"
 #include "ui/models/containers_model.h"
-#include "ui/models/servers_model.h"
 #include "ui/models/protocols_model.h"
+#include "ui/models/servers_model.h"

 class InstallController : public QObject
 {
    Q_OBJECT
 public:
-    explicit InstallController(const QSharedPointer<ServersModel> &serversModel,
-                               const QSharedPointer<ContainersModel> &containersModel,
+    explicit InstallController(const QSharedPointer<ServersModel> &serversModel, const QSharedPointer<ContainersModel> &containersModel,
                               const QSharedPointer<ProtocolsModel> &protocolsModel,
+                               const QSharedPointer<ClientManagementModel> &clientManagementModel,
                               const std::shared_ptr<Settings> &settings, QObject *parent = nullptr);
    ~InstallController();

 public slots:
    void install(DockerContainer container, int port, TransportProto transportProto);
-    void setCurrentlyInstalledServerCredentials(const QString &hostName, const QString &userName,
-                                                const QString &secretData);
+    void setProcessedServerCredentials(const QString &hostName, const QString &userName, const QString &secretData);
    void setShouldCreateServer(bool shouldCreateServer);

    void scanServerForInstalledContainers();
@@ -33,7 +33,11 @@ public slots:
    void removeProcessedServer();
    void rebootProcessedServer();
    void removeAllContainers();
-    void removeCurrentlyProcessedContainer();
+    void removeProcessedContainer();
+
+    void removeApiConfig();
+
+    void clearCachedProfile();

    QRegularExpression ipAddressPortRegExp();
    QRegularExpression ipAddressRegExp();
@@ -50,14 +54,14 @@ signals:
    void installContainerFinished(const QString &finishMessage, bool isServiceInstall);
    void installServerFinished(const QString &finishMessage);

-    void updateContainerFinished(const QString& message);
+    void updateContainerFinished(const QString &message);

    void scanServerFinished(bool isInstalledContainerFound);

    void rebootProcessedServerFinished(const QString &finishedMessage);
    void removeProcessedServerFinished(const QString &finishedMessage);
    void removeAllContainersFinished(const QString &finishedMessage);
-    void removeCurrentlyProcessedContainerFinished(const QString &finishedMessage);
+    void removeProcessedContainerFinished(const QString &finishedMessage);

    void installationErrorOccurred(const QString &errorMessage);

@@ -71,19 +75,25 @@ signals:

    void currentContainerUpdated();

+    void cachedProfileCleared(const QString &message);
+
 private:
-    void installServer(DockerContainer container, QJsonObject &config);
-    void installContainer(DockerContainer container, QJsonObject &config);
+    void installServer(const DockerContainer container, const QMap<DockerContainer, QJsonObject> &installedContainers,
+                       const ServerCredentials &serverCredentials, QString &finishMessage);
+    void installContainer(const DockerContainer container, const QMap<DockerContainer, QJsonObject> &installedContainers,
+                          const ServerCredentials &serverCredentials, QString &finishMessage);
    bool isServerAlreadyExists();

+    ErrorCode getAlreadyInstalledContainers(const ServerCredentials &credentials, QMap<DockerContainer, QJsonObject> &installedContainers);
    bool isUpdateDockerContainerRequired(const DockerContainer container, const QJsonObject &oldConfig, const QJsonObject &newConfig);

    QSharedPointer<ServersModel> m_serversModel;
    QSharedPointer<ContainersModel> m_containersModel;
    QSharedPointer<ProtocolsModel> m_protocolModel;
+    QSharedPointer<ClientManagementModel> m_clientManagementModel;
    std::shared_ptr<Settings> m_settings;

-    ServerCredentials m_currentlyInstalledServerCredentials;
+    ServerCredentials m_processedServerCredentials;

    bool m_shouldCreateServer;

@@ -7,6 +7,7 @@
 #endif

 #ifdef Q_OS_ANDROID
+    #include "platforms/android/android_controller.h"
    #include "platforms/android/android_utils.h"
    #include <QJniObject>
 #endif
@@ -74,6 +75,13 @@ void PageController::closeWindow()
 #endif
 }

+void PageController::hideWindow()
+{
+#ifdef Q_OS_ANDROID
+    AndroidController::instance()->minimizeApp();
+#endif
+}
+
 void PageController::keyPressEvent(Qt::Key key)
 {
    switch (key) {
@@ -29,6 +29,7 @@ namespace PageLoader
        PageSettingsAbout,
        PageSettingsLogging,
        PageSettingsSplitTunneling,
+        PageSettingsAppSplitTunneling,

        PageServiceSftpSettings,
        PageServiceTorWebsiteSettings,
@@ -48,6 +49,7 @@ namespace PageLoader
        PageProtocolOpenVpnSettings,
        PageProtocolShadowSocksSettings,
        PageProtocolCloakSettings,
+        PageProtocolXraySettings,        
        PageProtocolWireGuardSettings,
        PageProtocolAwgSettings,
        PageProtocolIKev2Settings,
@@ -75,6 +77,7 @@ public slots:
    QString getPagePath(PageLoader::PageEnum page);

    void closeWindow();
+    void hideWindow();
    void keyPressEvent(Qt::Key key);

    unsigned int getInitialPageNavigationBarColor();
@@ -109,6 +112,7 @@ signals:

    void showBusyIndicator(bool visible);
    void disableControls(bool disabled);
+    void disableTabBar(bool disabled);

    void hideMainWindow();
    void raiseMainWindow();
@@ -153,12 +153,6 @@ void SettingsController::clearSettings()
 #endif
 }

-void SettingsController::clearCachedProfiles()
-{
-    m_serversModel->clearCachedProfiles();
-    emit changeSettingsFinished(tr("Cached profiles cleared"));
-}
-
 bool SettingsController::isAutoConnectEnabled()
 {
    return m_settings->isAutoConnect();
@@ -46,7 +46,6 @@ public slots:
    QString getAppVersion();

    void clearSettings();
-    void clearCachedProfiles();

    bool isAutoConnectEnabled();
    void toggleAutoConnect(bool enable);
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Aleksandar Dimov	477a2f3591	fix macOS command	2024-04-01 18:23:35 +02:00
Aleksandar Dimov	3c3870f270	Merge branch 'dev' into feature/add-uninstaller-checkbox	2024-04-01 18:10:11 +02:00
Nethius	a6ca1b12da	moved protocol config generation to VpnConfigirationsController (#665 ) Moved protocol config generation to VpnConfigurationsController	2024-04-01 14:20:02 +01:00
pokamest	82a9e7e27d	Merge pull request #720 from amnezia-vpn/feature/app-split-tunneling-page-home Added app split tunneling on home page	2024-04-01 13:33:10 +01:00
vladimir.kuznetsov	f5301e1315	added app split tunneling on home page	2024-04-01 17:07:33 +05:00
Nethius	adab30fc81	feature/app-split-tunneling (#702 ) App Split Tunneling for Windows and Android	2024-04-01 12:45:00 +01:00
pokamest	e7bd24f065	Merge pull request #718 from amnezia-vpn/bugfix/cancel-button-on-install-page fixed display of cancel button on install/uninstall pages	2024-03-31 16:03:32 +01:00
pokamest	2ec448ba13	Merge pull request #717 from amnezia-vpn/feature/page-home-drawer changed the way the drawer is displayed on the pageHome	2024-03-31 12:15:21 +01:00
albexk	c6e6f2ae84	Add a function that minimizes the Android app (#692 ) Add a function that minimizes the Android app	2024-03-31 12:14:12 +01:00
vladimir.kuznetsov	e9468a4c2f	fixed display of cancel button on install/uninstall pages	2024-03-31 12:40:42 +05:00
vladimir.kuznetsov	45de951897	changed the way the drawer is displayed on the pageHome	2024-03-30 16:10:37 +05:00
pokamest	db8d966fac	Merge pull request #714 from amnezia-vpn/bugfix/wg-and-xray-remove-button	2024-03-29 09:40:13 +00:00
pokamest	6b69bc9618	Tiny fixes	2024-03-28 17:13:48 +00:00
pokamest	0089b0b799	Error code 206 description	2024-03-28 15:01:17 +00:00
vladimir.kuznetsov	e4841e809b	fixed remove button for wireguard and xray settings page	2024-03-28 15:33:23 +05:00
Aleksandar Dimov	ee7ac389a4	add minor improvements	2024-03-27 23:41:28 +01:00
Aleksandar Dimov	bd414191e9	remove onNextButtonClicked	2024-03-27 23:38:39 +01:00
Aleksandar Dimov	4eebb6673a	Merge branch 'dev' into feature/add-uninstaller-checkbox	2024-03-27 22:38:16 +01:00
Mykola Baibuz	ba4237f1dd	Xray with Reality protocol (#494 ) * Xray with Reality for desktops	2024-03-27 11:02:34 +00:00
pokamest	f6acec53c0	Merge pull request #712 from amnezia-vpn/bugfix/page-home-recursive-rearrange fixed recursive rearrange on PageHome	2024-03-27 10:59:01 +00:00
Shehab Ahmed	5f631eaa76	Refactoring/change application text (#687 ) Changing some texts	2024-03-26 18:05:04 +00:00
albexk	7730dd510c	Add error handling of enabled "always-on" during VPN connection (#698 ) * Always add awg-go version to the log * Display an error message always when no vpn permission is granted	2024-03-25 23:09:50 +00:00
pokamest	30bd264f17	Merge pull request #711 from amnezia-vpn/bugfix/anchors-page-home-warning fixed anchors warning on PageHome	2024-03-25 18:38:20 +00:00
vladimir.kuznetsov	5206665fa0	fixed recursive rearrange on PageHome	2024-03-25 22:30:44 +05:00
Aleksandar Dimov	a36585d035	update linux command	2024-03-22 19:51:45 +01:00
Aleksandar Dimov	c4de28bb3b	refactor	2024-03-22 00:19:53 +01:00
Aleksandar Dimov	dcf1989414	fix linux command	2024-03-21 22:55:32 +01:00
Aleksandar Dimov	bd2288c239	Merge branch 'dev' into feature/add-uninstaller-checkbox	2024-03-21 22:16:49 +01:00
Aleksandar Dimov	781dba61f1	Merge branch 'dev' into feature/add-uninstaller-checkbox	2024-03-20 20:10:35 +01:00
Aleksandar Dimov	926d3643a4	add checkbox on uninstaller	2024-03-19 22:54:51 +01:00