bugfix: fixed path to log folder for wireguard on windows

2026-06-23 02:00:20 +07:00 · 2024-10-09 13:13:08 +08:00
225 changed files with 9960 additions and 13006 deletions
@@ -1,39 +0,0 @@
 BasedOnStyle: WebKit
 AccessModifierOffset: '-4'
 AlignAfterOpenBracket: Align
 AlignConsecutiveMacros: 'true'
 AlignTrailingComments: 'true'
 AllowAllArgumentsOnNextLine: 'true'
 AllowAllParametersOfDeclarationOnNextLine: 'true'
 AllowShortBlocksOnASingleLine: 'false'
 AllowShortCaseLabelsOnASingleLine: 'true'
 AllowShortEnumsOnASingleLine: 'false'
 AllowShortFunctionsOnASingleLine: None
 AlwaysBreakTemplateDeclarations: 'No'
 BreakBeforeBinaryOperators: NonAssignment
 BreakBeforeBraces: Custom
 BraceWrapping:
    AfterClass: true
    AfterControlStatement: false
    AfterEnum: false
    AfterFunction: true
    AfterNamespace: true
    AfterObjCDeclaration: false
    AfterStruct: true
    AfterUnion: false
    BeforeCatch: false
    BeforeElse: false
    IndentBraces: false
 BreakConstructorInitializers: BeforeColon
 ColumnLimit: '120'
 CommentPragmas: '"^!|^:"'
 ConstructorInitializerAllOnOneLineOrOnePerLine: 'true'
 ConstructorInitializerIndentWidth: '4'
 ContinuationIndentWidth: '8'
 IndentPPDirectives: BeforeHash
 NamespaceIndentation: All
 PenaltyExcessCharacter: '10'
 PointerAlignment: Right
 SortIncludes: 'true'
 SpaceAfterTemplateKeyword: 'false'
 Standard: Auto
@@ -1,20 +0,0 @@
 /client/3rd
 /client/3rd-prebuild
 /client/android
 /client/cmake
 /client/core/serialization
 /client/daemon
 /client/fonts
 /client/images
 /client/ios
 /client/mozilla
 /client/platforms/dummy
 /client/platforms/linux
 /client/platforms/macos
 /client/platforms/windows
 /client/server_scripts
 /client/translations
 /deploy
 /docs
 /metadata
 /service/src
@@ -16,10 +16,7 @@ jobs:
      QT_VERSION: 6.6.2
      QIF_VERSION: 4.7
      PROD_AGW_PUBLIC_KEY: ${{ secrets.PROD_AGW_PUBLIC_KEY }}
      PROD_S3_ENDPOINT: ${{ secrets.PROD_S3_ENDPOINT }}
      DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }}
      DEV_AGW_ENDPOINT: ${{ secrets.DEV_AGW_ENDPOINT }}
      DEV_S3_ENDPOINT: ${{ secrets.DEV_S3_ENDPOINT }}
    steps:
    - name: 'Install Qt'
@@ -86,10 +83,7 @@ jobs:
      QIF_VERSION: 4.7
      BUILD_ARCH: 64
      PROD_AGW_PUBLIC_KEY: ${{ secrets.PROD_AGW_PUBLIC_KEY }}
      PROD_S3_ENDPOINT: ${{ secrets.PROD_S3_ENDPOINT }}
      DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }}
      DEV_AGW_ENDPOINT: ${{ secrets.DEV_AGW_ENDPOINT }}
      DEV_S3_ENDPOINT: ${{ secrets.DEV_S3_ENDPOINT }}
    steps:
    - name: 'Get sources'
@@ -152,10 +146,7 @@ jobs:
      CC: cc
      CXX: c++
      PROD_AGW_PUBLIC_KEY: ${{ secrets.PROD_AGW_PUBLIC_KEY }}
      PROD_S3_ENDPOINT: ${{ secrets.PROD_S3_ENDPOINT }}
      DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }}
      DEV_AGW_ENDPOINT: ${{ secrets.DEV_AGW_ENDPOINT }}
      DEV_S3_ENDPOINT: ${{ secrets.DEV_S3_ENDPOINT }}
    steps:
    - name: 'Setup xcode'
@@ -217,11 +208,7 @@ jobs:
        export QT_BIN_DIR="${{ runner.temp }}/Qt/${{ env.QT_VERSION }}/ios/bin"
        export QT_MACOS_ROOT_DIR="${{ runner.temp }}/Qt/${{ env.QT_VERSION }}/macos"
        export PATH=$PATH:~/go/bin
-        sh deploy/build_ios.sh | \
+        sh deploy/build_ios.sh
          sed -e '/-Xcc -DPROD_AGW_PUBLIC_KEY/,/-Xcc/ { /-Xcc/!d; }' -e '/-Xcc -DPROD_AGW_PUBLIC_KEY/d' | \
          sed -e '/-Xcc -DDEV_AGW_PUBLIC_KEY/,/-Xcc/ { /-Xcc/!d; }' -e '/-Xcc -DDEV_AGW_PUBLIC_KEY/d' | \
          sed -e '/-DPROD_AGW_PUBLIC_KEY/,/-D/ { /-D/!d; }' -e '/-DPROD_AGW_PUBLIC_KEY/d' | \
          sed -e '/-DDEV_AGW_PUBLIC_KEY/,/-D/ { /-D/!d; }' -e '/-DDEV_AGW_PUBLIC_KEY/d'
      env:
        IOS_TRUST_CERT_BASE64: ${{ secrets.IOS_TRUST_CERT_BASE64 }}
        IOS_SIGNING_CERT_BASE64: ${{ secrets.IOS_SIGNING_CERT_BASE64 }}
@@ -251,16 +238,13 @@ jobs:
      QT_VERSION: 6.4.3
      QIF_VERSION: 4.6
      PROD_AGW_PUBLIC_KEY: ${{ secrets.PROD_AGW_PUBLIC_KEY }}
      PROD_S3_ENDPOINT: ${{ secrets.PROD_S3_ENDPOINT }}
      DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }}
      DEV_AGW_ENDPOINT: ${{ secrets.DEV_AGW_ENDPOINT }}
      DEV_S3_ENDPOINT: ${{ secrets.DEV_S3_ENDPOINT }}
    steps:
    - name: 'Setup xcode'
      uses: maxim-lobanov/setup-xcode@v1
      with:
-        xcode-version: '15.4.0'
+        xcode-version: '14.3.1'
    - name: 'Install Qt'
      uses: jurplel/install-qt-action@v3
@@ -317,13 +301,10 @@ jobs:
    env:
      ANDROID_BUILD_PLATFORM: android-34
-      QT_VERSION: 6.7.3
+      QT_VERSION: 6.7.2
      QT_MODULES: 'qtremoteobjects qt5compat qtimageformats qtshadertools'
      PROD_AGW_PUBLIC_KEY: ${{ secrets.PROD_AGW_PUBLIC_KEY }}
      PROD_S3_ENDPOINT: ${{ secrets.PROD_S3_ENDPOINT }}
      DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }}
      DEV_AGW_ENDPOINT: ${{ secrets.DEV_AGW_ENDPOINT }}
      DEV_S3_ENDPOINT: ${{ secrets.DEV_S3_ENDPOINT }}
    steps:
    - name: 'Install desktop Qt'
@@ -335,8 +316,7 @@ jobs:
        arch: 'linux_gcc_64'
        modules: ${{ env.QT_MODULES }}
        dir: ${{ runner.temp }}
-        py7zrversion: '==0.22.*'
+        extra: '--external 7z --base ${{ env.QT_MIRROR }}'
        extra: '--base ${{ env.QT_MIRROR }}'
    - name: 'Install android_x86_64 Qt'
      uses: jurplel/install-qt-action@v4
@@ -347,8 +327,7 @@ jobs:
        arch: 'android_x86_64'
        modules: ${{ env.QT_MODULES }}
        dir: ${{ runner.temp }}
-        py7zrversion: '==0.22.*'
+        extra: '--external 7z --base ${{ env.QT_MIRROR }}'
        extra: '--base ${{ env.QT_MIRROR }}'
    - name: 'Install android_x86 Qt'
      uses: jurplel/install-qt-action@v4
@@ -359,8 +338,7 @@ jobs:
        arch: 'android_x86'
        modules: ${{ env.QT_MODULES }}
        dir: ${{ runner.temp }}
-        py7zrversion: '==0.22.*'
+        extra: '--external 7z --base ${{ env.QT_MIRROR }}'
        extra: '--base ${{ env.QT_MIRROR }}'
    - name: 'Install android_armv7 Qt'
      uses: jurplel/install-qt-action@v4
@@ -371,8 +349,7 @@ jobs:
        arch: 'android_armv7'
        modules: ${{ env.QT_MODULES }}
        dir: ${{ runner.temp }}
-        py7zrversion: '==0.22.*'
+        extra: '--external 7z --base ${{ env.QT_MIRROR }}'
        extra: '--base ${{ env.QT_MIRROR }}'
    - name: 'Install android_arm64_v8a Qt'
      uses: jurplel/install-qt-action@v4
@@ -383,8 +360,7 @@ jobs:
        arch: 'android_arm64_v8a'
        modules: ${{ env.QT_MODULES }}
        dir: ${{ runner.temp }}
-        py7zrversion: '==0.22.*'
+        extra: '--external 7z --base ${{ env.QT_MIRROR }}'
        extra: '--base ${{ env.QT_MIRROR }}'
    - name: 'Grant execute permission for qt-cmake'
      shell: bash
@@ -16,10 +16,7 @@ jobs:
      QT_VERSION: 6.4.1
      QIF_VERSION: 4.5
      PROD_AGW_PUBLIC_KEY: ${{ secrets.PROD_AGW_PUBLIC_KEY }}
      PROD_S3_ENDPOINT: ${{ secrets.PROD_S3_ENDPOINT }}
      DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }}
      DEV_AGW_ENDPOINT: ${{ secrets.DEV_AGW_ENDPOINT }}
      DEV_S3_ENDPOINT: ${{ secrets.DEV_S3_ENDPOINT }}
    steps:
    - name: 'Install desktop Qt'
@@ -2,7 +2,7 @@ cmake_minimum_required(VERSION 3.25.0 FATAL_ERROR)
 set(PROJECT AmneziaVPN)
-project(${PROJECT} VERSION 4.8.3.2
+project(${PROJECT} VERSION 4.8.1.9
        DESCRIPTION "AmneziaVPN"
        HOMEPAGE_URL "https://amnezia.org/"
 )
@@ -11,7 +11,7 @@ string(TIMESTAMP CURRENT_DATE "%Y-%m-%d")
 set(RELEASE_DATE "${CURRENT_DATE}")
 set(APP_MAJOR_VERSION ${CMAKE_PROJECT_VERSION_MAJOR}.${CMAKE_PROJECT_VERSION_MINOR}.${CMAKE_PROJECT_VERSION_PATCH})
-set(APP_ANDROID_VERSION_CODE 2075)
+set(APP_ANDROID_VERSION_CODE 65)
 if(${CMAKE_SYSTEM_NAME} STREQUAL "Linux")
    set(MZ_PLATFORM_NAME "linux")
@@ -1,31 +1,30 @@
 # Amnezia VPN
-
+## _The best client for self-hosted VPN_
 ### _The best client for self-hosted VPN_
 [![Build Status](https://github.com/amnezia-vpn/amnezia-client/actions/workflows/deploy.yml/badge.svg?branch=dev)](https://github.com/amnezia-vpn/amnezia-client/actions/workflows/deploy.yml?query=branch:dev)
 [![Gitpod ready-to-code](https://img.shields.io/badge/Gitpod-ready--to--code-blue?logo=gitpod)](https://gitpod.io/#https://github.com/amnezia-vpn/amnezia-client)
-### [English]([https://github.com/amnezia-vpn/amnezia-client/blob/dev/README_RU.md](https://github.com/amnezia-vpn/amnezia-client/tree/dev?tab=readme-ov-file#)) | [Русский](https://github.com/amnezia-vpn/amnezia-client/blob/dev/README_RU.md)
+Amnezia is an open-source VPN client, with a key feature that enables you to deploy your own VPN server on your server.
 ![Image](https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/uipic4.png)
-[Amnezia](https://amnezia.org) is an open-source VPN client, with a key feature that enables you to deploy your own VPN server on your server.
+<br>
-[![Image](https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/uipic4.png)](https://amnezia.org)
+<a href="https://github.com/amnezia-vpn/amnezia-client/releases/download/4.7.0.0/AmneziaVPN_4.7.0.0_x64.exe"><img src="https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/win.png" width="150" style="max-width: 100%;"></a> 
 <a href="https://github.com/amnezia-vpn/amnezia-client/releases/download/4.7.0.0/AmneziaVPN_4.7.0.0.dmg"><img src="https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/mac.png" width="150" style="max-width: 100%;"></a> 
 <a href="https://github.com/amnezia-vpn/amnezia-client/releases/download/4.7.0.0/AmneziaVPN_Linux_4.7.0.0.tar.zip"><img src="https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/lin.png" width="150" style="max-width: 100%;"></a>
 <a href="https://github.com/amnezia-vpn/amnezia-client/releases/tag/4.7.0.0"><img src="https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/andr.png" width="150" style="max-width: 100%;"></a>
-### [Website](https://amnezia.org) | [Alt website link](https://storage.googleapis.com/kldscp/amnezia.org) | [Documentation](https://docs.amnezia.org) | [Troubleshooting](https://docs.amnezia.org/troubleshooting)
+<br>
-> [!TIP]
+<a href="https://play.google.com/store/search?q=amnezia+vpn&c=apps"><img src="https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/play.png" width="150" style="max-width: 100%;"></a>
-> If the [Amnezia website](https://amnezia.org) is blocked in your region, you can use an [Alternative website link](https://storage.googleapis.com/kldscp/amnezia.org).
+<a href="https://apps.apple.com/us/app/amneziavpn/id1600529900"><img src="https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/apl.png" width="150" style="max-width: 100%;"></a>
 <a href="https://amnezia.org/downloads"><img src="https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/download-website.svg" width="150" style="max-width: 100%; margin-right: 10px"></a>
 <a href="https://storage.googleapis.com/kldscp/amnezia.org/downloads"><img src="https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/download-alt.svg" width="150" style="max-width: 100%;"></a>
 [All releases](https://github.com/amnezia-vpn/amnezia-client/releases)
-<br/>
+<br>
 <a href="https://www.testiny.io"><img src="https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/testiny.png" height="28px"></a>
 ## Features
@@ -38,8 +37,7 @@
 ## Links
- [https://amnezia.org](https://amnezia.org) - Project website | [Alternative link (mirror)](https://storage.googleapis.com/kldscp/amnezia.org)
+- [https://amnezia.org](https://amnezia.org) - project website  
 - [https://docs.amnezia.org](https://docs.amnezia.org) - Documentation
 - [https://www.reddit.com/r/AmneziaVPN](https://www.reddit.com/r/AmneziaVPN) - Reddit  
 - [https://t.me/amnezia_vpn_en](https://t.me/amnezia_vpn_en) - Telegram support channel (English) 
 - [https://t.me/amnezia_vpn_ir](https://t.me/amnezia_vpn_ir) - Telegram support channel (Farsi) 
@@ -185,11 +183,11 @@ GPL v3.0
 Patreon: [https://www.patreon.com/amneziavpn](https://www.patreon.com/amneziavpn)
-Bitcoin: bc1qmhtgcf9637rl3kqyy22r2a8wa8laka4t9rx2mf <br>
+Bitcoin: bc1q26eevjcg9j0wuyywd2e3uc9cs2w58lpkpjxq6p <br>
 USDT BEP20: 0x6abD576765a826f87D1D95183438f9408C901bE4 <br>
 USDT TRC20: TELAitazF1MZGmiNjTcnxDjEiH5oe7LC9d <br>
-XMR: 48spms39jt1L2L5vyw2RQW6CXD6odUd4jFu19GZcDyKKQV9U88wsJVjSbL4CfRys37jVMdoaWVPSvezCQPhHXUW5UKLqUp3 <br> 
+XMR: 48spms39jt1L2L5vyw2RQW6CXD6odUd4jFu19GZcDyKKQV9U88wsJVjSbL4CfRys37jVMdoaWVPSvezCQPhHXUW5UKLqUp3  
-TON: UQDpU1CyKRmg7L8mNScKk9FRc2SlESuI7N-Hby4nX-CcVmns
+
 ## Acknowledgments
 This project is tested with BrowserStack.
@@ -1,181 +0,0 @@
 # Amnezia VPN
 ### _Лучший клиент для создания VPN на собственном сервере_
 [![Build Status](https://github.com/amnezia-vpn/amnezia-client/actions/workflows/deploy.yml/badge.svg?branch=dev)](https://github.com/amnezia-vpn/amnezia-client/actions/workflows/deploy.yml?query=branch:dev)
 [![Gitpod ready-to-code](https://img.shields.io/badge/Gitpod-ready--to--code-blue?logo=gitpod)](https://gitpod.io/#https://github.com/amnezia-vpn/amnezia-client)
 ### [English](https://github.com/amnezia-vpn/amnezia-client/blob/dev/README.md) | Русский
 [AmneziaVPN](https://amnezia.org) — это open sourse VPN-клиент, ключевая особенность которого заключается в возможности развернуть собственный VPN на вашем сервере.
 [![Image](https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/uipic4.png)](https://amnezia.org)
 ### [Сайт](https://amnezia.org) | [Зеркало на сайт](https://storage.googleapis.com/kldscp/amnezia.org) | [Документация](https://docs.amnezia.org) | [Решение проблем](https://docs.amnezia.org/troubleshooting)
 > [!TIP]
 > Если [сайт Amnezia](https://amnezia.org) заблокирован в вашем регионе, вы можете воспользоваться [ссылкой на зеркало](https://storage.googleapis.com/kldscp/amnezia.org).
 <a href="https://storage.googleapis.com/kldscp/amnezia.org/downloads"><img src="https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/download-website-ru.svg" width="150" style="max-width: 100%; margin-right: 10px"></a>
 [Все релизы](https://github.com/amnezia-vpn/amnezia-client/releases)
 <br/>
 <a href="https://www.testiny.io"><img src="https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/testiny.png" height="28px"></a>
 ## Особенности
 - Простой в использовании — введите IP-адрес, SSH-логин и пароль, и Amnezia автоматически установит VPN-контейнеры Docker на ваш сервер и подключится к VPN.
 - Классические VPN-протоколы: OpenVPN, WireGuard и IKEv2.
 - Протоколы с маскировкой трафика (обфускацией): OpenVPN с плагином [Cloak](https://github.com/cbeuw/Cloak), Shadowsocks (OpenVPN over Shadowsocks), [AmneziaWG](https://docs.amnezia.org/documentation/amnezia-wg/) and XRay.
 - Поддержка Split Tunneling — добавляйте любые сайты или приложения в список, чтобы включить VPN только для них.
 - Поддерживает платформы: Windows, MacOS, Linux, Android, iOS.
 - Поддержка конфигурации протокола AmneziaWG на [бета-прошивке Keenetic](https://docs.keenetic.com/ua/air/kn-1611/en/6319-latest-development-release.html#UUID-186c4108-5afd-c10b-f38a-cdff6c17fab3_section-idm33192196168192-improved).
 ## Ссылки
 - [https://amnezia.org](https://amnezia.org) - Веб-сайт проекта | [Альтернативная ссылка (зеркало)](https://storage.googleapis.com/kldscp/amnezia.org)
 - [https://docs.amnezia.org](https://docs.amnezia.org) - Документация
 - [https://www.reddit.com/r/AmneziaVPN](https://www.reddit.com/r/AmneziaVPN) - Reddit  
 - [https://t.me/amnezia_vpn_en](https://t.me/amnezia_vpn_en) - Канал поддржки в Telegram (Английский)
 - [https://t.me/amnezia_vpn_ir](https://t.me/amnezia_vpn_ir) - Канал поддржки в Telegram (Фарси)
 - [https://t.me/amnezia_vpn_mm](https://t.me/amnezia_vpn_mm) - Канал поддржки в Telegram (Мьянма) 
 - [https://t.me/amnezia_vpn](https://t.me/amnezia_vpn) - Канал поддржки в Telegram  (Русский)
 - [https://vpnpay.io/en/amnezia-premium/](https://vpnpay.io/en/amnezia-premium/) - Amnezia Premium | [Зеркало](https://storage.googleapis.com/kldscp/vpnpay.io/ru/amnezia-premium\)
 ## Технологии
 AmneziaVPN использует несколько проектов с открытым исходным кодом:
 - [OpenSSL](https://www.openssl.org/)
 - [OpenVPN](https://openvpn.net/)
 - [Shadowsocks](https://shadowsocks.org/)
 - [Qt](https://www.qt.io/)
 - [LibSsh](https://libssh.org)
 - и другие...
 ## Проверка исходного кода
 После клонирования репозитория обязательно загрузите все подмодули.
 ```bash
 git submodule update --init --recursive
 ```
 ## Разработка
 Хотите внести свой вклад? Добро пожаловать!
 ### Помощь с переводами
 Загрузите самые актуальные файлы перевода.
 Перейдите на [вкладку "Actions"](https://github.com/amnezia-vpn/amnezia-client/actions?query=is%3Asuccess+branch%3Adev), нажмите на первую строку. Затем прокрутите вниз до раздела "Artifacts" и скачайте "AmneziaVPN_translations".
 Распакуйте этот файл. Каждый файл с расширением *.ts содержит строки для соответствующего языка.
 Переведите или исправьте строки в одном или нескольких файлах *.ts и загрузите их обратно в этот репозиторий в папку ``client/translations``. Это можно сделать через веб-интерфейс или любым другим знакомым вам способом.
 ### Сборка исходного кода и деплой
 Проверьте папку deploy для скриптов сборки.
 ### Как собрать iOS-приложение из исходного кода на MacOS
 1. Убедитесь, что у вас установлен XCode версии 14 или выше.
 2. Для генерации проекта XCode используется QT. Требуется версия QT 6.6.2. Установите QT для MacOS здесь или через QT Online Installer. Необходимые модули:
 - MacOS
 - iOS
 - Модуль совместимости с Qt 5
 - Qt Shader Tools
 - Дополнительные библиотеки:
 - Qt Image Formats
 - Qt Multimedia
 - Qt Remote Objects
 3. Установите CMake, если это необходимо. Рекомендуемая версия — 3.25. Скачать CMake можно здесь.
 4. Установите Go версии >= v1.16. Если Go ещё не установлен, скачайте его с  [официального сайта](https://golang.org/dl/) или используйте Homebrew. Установите gomobile:
 ```bash
 export PATH=$PATH:~/go/bin
 go install golang.org/x/mobile/cmd/gomobile@latest
 gomobile init
 ```
 5. Соберите проект:
 ```bash
 export QT_BIN_DIR="<PATH-TO-QT-FOLDER>/Qt/<QT-VERSION>/ios/bin"
 export QT_MACOS_ROOT_DIR="<PATH-TO-QT-FOLDER>/Qt/<QT-VERSION>/macos"
 export QT_IOS_BIN=$QT_BIN_DIR
 export PATH=$PATH:~/go/bin
 mkdir build-ios
 $QT_IOS_BIN/qt-cmake . -B build-ios -GXcode -DQT_HOST_PATH=$QT_MACOS_ROOT_DIR
 ```
 Замените <PATH-TO-QT-FOLDER> и <QT-VERSION> на ваши значения.
 Если появляется ошибка gomobile: command not found, убедитесь, что PATH настроен на папку bin, где установлен gomobile:
 ```bash
 export PATH=$(PATH):/path/to/GOPATH/bin
 ```
 6. Откройте проект в XCode. Теперь вы можете тестировать, архивировать или публиковать приложение.
 Если сборка завершится с ошибкой:
 ```
 make: *** 
 [$(PROJECTDIR)/client/build/AmneziaVPN.build/Debug-iphoneos/wireguard-go-bridge/goroot/.prepared] 
 Error 1
 ```
 Добавьте пользовательскую переменную PATH в настройки сборки для целей AmneziaVPN и WireGuardNetworkExtension с ключом `PATH` и значением `${PATH}/path/to/bin/folder/with/go/executable`, e.g. `${PATH}:/usr/local/go/bin`.
 Если ошибка повторяется на Mac с M1, установите версию CMake для архитектуры ARM:
 ```
 arch -arm64 brew install cmake
 ```
 При первой попытке сборка может завершиться с ошибкой source files not found. Это происходит из-за параллельной компиляции зависимостей в XCode. Просто перезапустите сборку.
 ## Как собрать Android-приложение
 Сборка тестировалась на MacOS. Требования:
 - JDK 11
 - Android SDK 33
 - CMake 3.25.0
 Установите QT, QT Creator и Android Studio.
 Настройте QT Creator:
 - В меню QT Creator перейдите в  `QT Creator` -> `Preferences` -> `Devices` ->`Android`.
 - Укажите путь к JDK 11.
 - Укажите путь к Android SDK (`$ANDROID_HOME`)
 Если вы сталкиваетесь с ошибками, связанными с отсутствием SDK или сообщением «SDK manager not running», их нельзя исправить просто корректировкой путей. Если у вас есть несколько свободных гигабайт на диске, вы можете позволить Qt Creator установить все необходимые компоненты, выбрав пустую папку для расположения Android SDK и нажав кнопку **Set Up SDK**. Учтите: это установит второй Android SDK и NDK на вашем компьютере!
 Убедитесь, что настроена правильная версия CMake: перейдите в **Qt Creator -> Preferences** и в боковом меню выберите пункт **Kits**. В центральной части окна, на вкладке **Kits**, найдите запись для инструмента **CMake Tool**. Если выбранная по умолчанию версия CMake ниже 3.25.0, установите на свою систему CMake версии 3.25.0 или выше, а затем выберите опцию **System CMake at <путь>** из выпадающего списка. Если этот пункт отсутствует, это может означать, что вы еще не установили CMake, или Qt Creator не смог найти путь к нему. В таком случае в окне **Preferences** перейдите в боковое меню **CMake**, затем во вкладку **Tools** в центральной части окна и нажмите кнопку **Add**, чтобы указать путь к установленному CMake.
 Убедитесь, что для вашего проекта выбрана Android Platform SDK 33: в главном окне на боковой панели выберите пункт **Projects**, и слева вы увидите раздел **Build & Run**, показывающий различные целевые Android-платформы. Вы можете выбрать любую из них, так как настройка проекта Amnezia VPN разработана таким образом, чтобы все Android-цели могли быть собраны. Перейдите в подраздел **Build** и прокрутите центральную часть окна до раздела **Build Steps**. Нажмите **Details** в заголовке **Build Android APK** (кнопка **Details** может быть скрыта, если окно Qt Creator не запущено в полноэкранном режиме!). Вот здесь выберите **android-33** в качестве Android Build Platform SDK.
 ### Разработка Android-компонентов
 После сборки QT Creator копирует проект в отдельную папку, например, `build-amnezia-client-Android_Qt_<version>_Clang_<architecture>-<BuildType>`. Для разработки Android-компонентов откройте сгенерированный проект в Android Studio, указав папку `build-amnezia-client-Android_Qt_<version>_Clang_<architecture>-<BuildType>/client/android-build` в качестве корневой.
 Изменения в сгенерированном проекте нужно вручную перенести в репозиторий. После этого можно коммитить изменения.
 Если возникают проблемы со сборкой в QT Creator после работы в Android Studio, выполните команду `./gradlew clean` в корневой папке сгенерированного проекта (`<path>/client/android-build/.`).
 ## Лицензия
 GPL v3.0
 ## Донаты
 Patreon: [https://www.patreon.com/amneziavpn](https://www.patreon.com/amneziavpn)
 Bitcoin: bc1qmhtgcf9637rl3kqyy22r2a8wa8laka4t9rx2mf <br>
 USDT BEP20: 0x6abD576765a826f87D1D95183438f9408C901bE4 <br>
 USDT TRC20: TELAitazF1MZGmiNjTcnxDjEiH5oe7LC9d <br>
 XMR: 48spms39jt1L2L5vyw2RQW6CXD6odUd4jFu19GZcDyKKQV9U88wsJVjSbL4CfRys37jVMdoaWVPSvezCQPhHXUW5UKLqUp3 <br> 
 TON: UQDpU1CyKRmg7L8mNScKk9FRc2SlESuI7N-Hby4nX-CcVmns
 ## Благодарности
 Этот проект тестируется с помощью BrowserStack.
 Мы выражаем благодарность [BrowserStack](https://www.browserstack.com) за поддержку нашего проекта.
@@ -25,11 +25,10 @@ execute_process(
 add_definitions(-DGIT_COMMIT_HASH="${GIT_COMMIT_HASH}")
 add_definitions(-DPROD_AGW_PUBLIC_KEY="$ENV{PROD_AGW_PUBLIC_KEY}")
-add_definitions(-DPROD_S3_ENDPOINT="$ENV{PROD_S3_ENDPOINT}")
+add_definitions(-DPROD_PROXY_STORAGE_KEY="$ENV{PROD_PROXY_STORAGE_KEY}")
 add_definitions(-DDEV_AGW_PUBLIC_KEY="$ENV{DEV_AGW_PUBLIC_KEY}")
 add_definitions(-DDEV_AGW_ENDPOINT="$ENV{DEV_AGW_ENDPOINT}")
 add_definitions(-DDEV_S3_ENDPOINT="$ENV{DEV_S3_ENDPOINT}")
 if(IOS)
    set(PACKAGES ${PACKAGES} Multimedia)
@@ -146,7 +145,6 @@ set(HEADERS ${HEADERS}
    ${CMAKE_CURRENT_LIST_DIR}/core/serialization/transfer.h
    ${CMAKE_CURRENT_LIST_DIR}/core/enums/apiEnums.h
    ${CMAKE_CURRENT_LIST_DIR}/../common/logger/logger.h
    ${CMAKE_CURRENT_LIST_DIR}/utils/qmlUtils.h
 )
 # Mozilla headres
@@ -198,7 +196,6 @@ set(SOURCES ${SOURCES}
    ${CMAKE_CURRENT_LIST_DIR}/core/serialization/vmess.cpp
    ${CMAKE_CURRENT_LIST_DIR}/core/serialization/vmess_new.cpp
    ${CMAKE_CURRENT_LIST_DIR}/../common/logger/logger.cpp
    ${CMAKE_CURRENT_LIST_DIR}/utils/qmlUtils.cpp
 )
 # Mozilla sources
@@ -111,11 +111,10 @@ void AmneziaApplication::init()
        qFatal("Android controller initialization failed");
    }
-    connect(AndroidController::instance(), &AndroidController::importConfigFromOutside, this, [this](QString data) {
+    connect(AndroidController::instance(), &AndroidController::importConfigFromOutside, [this](QString data) {
-        emit m_pageController->goToPageHome();
+        m_pageController->goToPageHome();
        m_importController->extractConfigFromData(data);
-        data.clear();
+        m_pageController->goToPageViewConfig();
        emit m_pageController->goToPageViewConfig();
    });
    m_engine->addImageProvider(QLatin1String("installedAppImage"), new InstalledAppsImageProvider);
@@ -123,16 +122,16 @@ void AmneziaApplication::init()
 #ifdef Q_OS_IOS
    IosController::Instance()->initialize();
-    connect(IosController::Instance(), &IosController::importConfigFromOutside, this, [this](QString data) {
+    connect(IosController::Instance(), &IosController::importConfigFromOutside, [this](QString data) {
-        emit m_pageController->goToPageHome();
+        m_pageController->goToPageHome();
        m_importController->extractConfigFromData(data);
-        emit m_pageController->goToPageViewConfig();
+        m_pageController->goToPageViewConfig();
    });
-    connect(IosController::Instance(), &IosController::importBackupFromOutside, this, [this](QString filePath) {
+    connect(IosController::Instance(), &IosController::importBackupFromOutside, [this](QString filePath) {
-        emit m_pageController->goToPageHome();
+        m_pageController->goToPageHome();
        m_pageController->goToPageSettingsBackup();
-        emit m_settingsController->importBackupFromOutside(filePath);
+        m_settingsController->importBackupFromOutside(filePath);
    });
    QTimer::singleShot(0, this, [this]() { AmneziaVPN::toggleScreenshots(m_settings->isScreenshotsEnabled()); });
@@ -404,9 +403,6 @@ void AmneziaApplication::initControllers()
    m_pageController.reset(new PageController(m_serversModel, m_settings));
    m_engine->rootContext()->setContextProperty("PageController", m_pageController.get());
    m_focusController.reset(new FocusController(m_engine, this));
    m_engine->rootContext()->setContextProperty("FocusController", m_focusController.get());
    m_installController.reset(new InstallController(m_serversModel, m_containersModel, m_protocolsModel, m_clientManagementModel,
                                                    m_apiServicesModel, m_settings));
    m_engine->rootContext()->setContextProperty("InstallController", m_installController.get());
@@ -19,7 +19,6 @@
 #include "ui/controllers/exportController.h"
 #include "ui/controllers/importController.h"
 #include "ui/controllers/installController.h"
 #include "ui/controllers/focusController.h"
 #include "ui/controllers/pageController.h"
 #include "ui/controllers/settingsController.h"
 #include "ui/controllers/sitesController.h"
@@ -125,7 +124,6 @@ private:
 #endif
    QScopedPointer<ConnectionController> m_connectionController;
    QScopedPointer<FocusController> m_focusController;
    QScopedPointer<PageController> m_pageController;
    QScopedPointer<InstallController> m_installController;
    QScopedPointer<ImportController> m_importController;
@@ -20,7 +20,7 @@
    <uses-permission android:name="android.permission.INTERNET" />
    <!-- To request network state -->
-    <uses-permission android:name="android.permission.CHANGE_NETWORK_STATE" />
+    <uses-permission android:name="android.permission.CHANGE_NETWORK_STATE" android:maxSdkVersion="30" />
    <uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" android:maxSdkVersion="28" />
    <uses-permission android:name="android.permission.CAMERA" />
    <uses-permission android:name="android.permission.FOREGROUND_SERVICE" />
@@ -91,13 +91,6 @@
            android:exported="false"
            android:theme="@style/Translucent" />
        <activity android:name=".TvFilePicker"
            android:excludeFromRecents="true"
            android:launchMode="singleTask"
            android:taskAffinity=""
            android:exported="false"
            android:theme="@style/Translucent" />
        <activity
            android:name=".ImportConfigActivity"
            android:excludeFromRecents="true"
@@ -33,7 +33,7 @@ android.library.defaults.buildfeatures.androidresources=false
 # For development copy and set local values for these parameters in local.properties
 #androidCompileSdkVersion=android-34
 #androidBuildToolsVersion=34.0.0
-#qtMinSdkVersion=26
+#qtMinSdkVersion=24
 #qtTargetSdkVersion=34
 #androidNdkVersion=26.1.10909125
 #qtTargetAbiList=x86_64
@@ -1,5 +1,6 @@
 package org.amnezia.vpn.protocol
 import android.annotation.SuppressLint
 import android.content.Context
 import android.net.IpPrefix
 import android.net.VpnService
@@ -7,6 +8,9 @@ import android.net.VpnService.Builder
 import android.os.Build
 import android.system.OsConstants
 import androidx.annotation.RequiresApi
 import java.io.File
 import java.io.FileOutputStream
 import java.util.zip.ZipFile
 import kotlinx.coroutines.flow.MutableStateFlow
 import org.amnezia.vpn.util.Log
 import org.amnezia.vpn.util.net.InetNetwork
@@ -0,0 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
 <adaptive-icon xmlns:android="http://schemas.android.com/apk/res/android">
    <background android:drawable="@color/ic_banner_background"/>
    <foreground android:drawable="@mipmap/ic_banner_foreground"/>
 </adaptive-icon>
@@ -23,6 +23,4 @@
    <string name="notificationSettingsDialogTitle">Настройки уведомлений</string>
    <string name="notificationSettingsDialogMessage">Для показа уведомлений необходимо включить уведомления в системных настройках</string>
    <string name="openNotificationSettings">Открыть настройки уведомлений</string>
    <string name="tvNoFileBrowser">Пожалуйста, установите приложение для просмотра файлов</string>
 </resources>
@@ -0,0 +1,4 @@
 <?xml version="1.0" encoding="utf-8"?>
 <resources>
    <color name="ic_banner_background">#1E1E1F</color>
 </resources>
@@ -23,6 +23,4 @@
    <string name="notificationSettingsDialogTitle">Notification settings</string>
    <string name="notificationSettingsDialogMessage">To show notifications, you must enable notifications in the system settings</string>
    <string name="openNotificationSettings">Open notification settings</string>
    <string name="tvNoFileBrowser">Please install a file management utility to browse files</string>
 </resources>
@@ -4,7 +4,6 @@ import android.Manifest
 import android.annotation.SuppressLint
 import android.app.AlertDialog
 import android.app.NotificationManager
 import android.content.ActivityNotFoundException
 import android.content.BroadcastReceiver
 import android.content.ComponentName
 import android.content.Intent
@@ -13,7 +12,6 @@ import android.content.Intent.FLAG_ACTIVITY_LAUNCHED_FROM_HISTORY
 import android.content.ServiceConnection
 import android.content.pm.PackageManager
 import android.graphics.Bitmap
 import android.net.Uri
 import android.net.VpnService
 import android.os.Build
 import android.os.Bundle
@@ -22,13 +20,7 @@ import android.os.IBinder
 import android.os.Looper
 import android.os.Message
 import android.os.Messenger
 import android.os.ParcelFileDescriptor
 import android.os.SystemClock
 import android.provider.OpenableColumns
 import android.provider.Settings
 import android.view.MotionEvent
 import android.view.View
 import android.view.ViewGroup
 import android.view.WindowManager.LayoutParams
 import android.webkit.MimeTypeMap
 import android.widget.Toast
@@ -37,7 +29,6 @@ import androidx.annotation.RequiresApi
 import androidx.core.content.ContextCompat
 import java.io.IOException
 import kotlin.LazyThreadSafetyMode.NONE
 import kotlin.coroutines.CoroutineContext
 import kotlin.text.RegexOption.IGNORE_CASE
 import AppListProvider
 import kotlinx.coroutines.CompletableDeferred
@@ -79,7 +70,6 @@ class AmneziaActivity : QtActivity() {
    private var isInBoundState = false
    private var notificationStateReceiver: BroadcastReceiver? = null
    private lateinit var vpnServiceMessenger: IpcMessenger
    private var pfd: ParcelFileDescriptor? = null
    private val actionResultHandlers = mutableMapOf<Int, ActivityResultHandler>()
    private val permissionRequestHandlers = mutableMapOf<Int, PermissionRequestHandler>()
@@ -168,7 +158,7 @@ class AmneziaActivity : QtActivity() {
     */
    override fun onCreate(savedInstanceState: Bundle?) {
        super.onCreate(savedInstanceState)
-        Log.d(TAG, "Create Amnezia activity")
+        Log.d(TAG, "Create Amnezia activity: $intent")
        loadLibs()
        window.apply {
            addFlags(LayoutParams.FLAG_DRAWS_SYSTEM_BAR_BACKGROUNDS)
@@ -210,7 +200,7 @@ class AmneziaActivity : QtActivity() {
                    NotificationManager.ACTION_APP_BLOCK_STATE_CHANGED
                )
            ) {
-                Log.v(
+                Log.d(
                    TAG, "Notification state changed: ${it?.action}, blocked = " +
                        "${it?.getBooleanExtra(NotificationManager.EXTRA_BLOCKED_STATE, false)}"
                )
@@ -224,7 +214,7 @@ class AmneziaActivity : QtActivity() {
    override fun onNewIntent(intent: Intent?) {
        super.onNewIntent(intent)
-        Log.v(TAG, "onNewIntent: $intent")
+        Log.d(TAG, "onNewIntent: $intent")
        intent?.let(::processIntent)
    }
@@ -413,7 +403,7 @@ class AmneziaActivity : QtActivity() {
    @MainThread
    private fun startVpn(vpnConfig: String) {
        getVpnProto(vpnConfig)?.let { proto ->
-            Log.v(TAG, "Proto from config: $proto, current proto: $vpnProto")
+            Log.d(TAG, "Proto from config: $proto, current proto: $vpnProto")
            if (isServiceConnected) {
                if (proto.serviceClass == vpnProto?.serviceClass) {
                    vpnProto = proto
@@ -523,25 +513,21 @@ class AmneziaActivity : QtActivity() {
                type = "text/*"
                putExtra(Intent.EXTRA_TITLE, fileName)
            }.also {
-                try {
+                startActivityForResult(it, CREATE_FILE_ACTION_CODE, ActivityResultHandler(
-                    startActivityForResult(it, CREATE_FILE_ACTION_CODE, ActivityResultHandler(
+                    onSuccess = {
-                        onSuccess = {
+                        it?.data?.let { uri ->
-                            it?.data?.let { uri ->
+                            Log.d(TAG, "Save file to $uri")
-                                Log.v(TAG, "Save file to $uri")
+                            try {
-                                try {
+                                contentResolver.openOutputStream(uri)?.use { os ->
-                                    contentResolver.openOutputStream(uri)?.use { os ->
+                                    os.bufferedWriter().use { it.write(data) }
                                        os.bufferedWriter().use { it.write(data) }
                                    }
                                } catch (e: IOException) {
                                    Log.e(TAG, "Failed to save file $uri: $e")
                                    // todo: send error to Qt
                                }
                            } catch (e: IOException) {
                                Log.e(TAG, "Failed to save file $uri: $e")
                                // todo: send error to Qt
                            }
                        }
-                    ))
+                    }
-                } catch (_: ActivityNotFoundException) {
+                ))
                    Toast.makeText(this@AmneziaActivity, "Unsupported", Toast.LENGTH_LONG).show()
                }
            }
        }
    }
@@ -550,115 +536,46 @@ class AmneziaActivity : QtActivity() {
    fun openFile(filter: String?) {
        Log.v(TAG, "Open file with filter: $filter")
        mainScope.launch {
-            val intent = if (!isOnTv()) {
+            val mimeTypes = if (!filter.isNullOrEmpty()) {
-                val mimeTypes = if (!filter.isNullOrEmpty()) {
+                val extensionRegex = "\\*\\.([a-z0-9]+)".toRegex(IGNORE_CASE)
-                    val extensionRegex = "\\*\\.([a-z0-9]+)".toRegex(IGNORE_CASE)
+                val mime = MimeTypeMap.getSingleton()
-                    val mime = MimeTypeMap.getSingleton()
+                extensionRegex.findAll(filter).map {
-                    extensionRegex.findAll(filter).map {
+                    it.groups[1]?.value?.let { mime.getMimeTypeFromExtension(it) } ?: "*/*"
-                        it.groups[1]?.value?.let { mime.getMimeTypeFromExtension(it) } ?: "*/*"
+                }.toSet()
-                    }.toSet()
+            } else emptySet()
                } else emptySet()
-                Intent(Intent.ACTION_OPEN_DOCUMENT).apply {
+            Intent(Intent.ACTION_OPEN_DOCUMENT).apply {
-                    addCategory(Intent.CATEGORY_OPENABLE)
+                addCategory(Intent.CATEGORY_OPENABLE)
-                    Log.v(TAG, "File mimyType filter: $mimeTypes")
+                Log.v(TAG, "File mimyType filter: $mimeTypes")
-                    if ("*/*" in mimeTypes) {
+                if ("*/*" in mimeTypes) {
-                        type = "*/*"
+                    type = "*/*"
-                    } else {
+                } else {
-                        when (mimeTypes.size) {
+                    when (mimeTypes.size) {
-                            1 -> type = mimeTypes.first()
+                        1 -> type = mimeTypes.first()
-                            in 2..Int.MAX_VALUE -> {
+                        in 2..Int.MAX_VALUE -> {
-                                type = "*/*"
+                            type = "*/*"
-                                putExtra(EXTRA_MIME_TYPES, mimeTypes.toTypedArray())
+                            putExtra(EXTRA_MIME_TYPES, mimeTypes.toTypedArray())
                            }
                            else -> type = "*/*"
                        }
                        else -> type = "*/*"
                    }
                }
-            } else {
+            }.also {
-                Intent(this@AmneziaActivity, TvFilePicker::class.java)
+                startActivityForResult(it, OPEN_FILE_ACTION_CODE, ActivityResultHandler(
            }
            try {
                startActivityForResult(intent, OPEN_FILE_ACTION_CODE, ActivityResultHandler(
                    onAny = {
-                        if (isOnTv() && it?.hasExtra("activityNotFound") == true) {
+                        val uri = it?.data?.toString() ?: ""
-                            showNoFileBrowserAlertDialog()
+                        Log.d(TAG, "Open file: $uri")
                        }
                        val uri = it?.data?.apply {
                            grantUriPermission(packageName, this, Intent.FLAG_GRANT_READ_URI_PERMISSION)
                        }?.toString() ?: ""
                        Log.v(TAG, "Open file: $uri")
                        mainScope.launch {
                            qtInitialized.await()
                            QtAndroidController.onFileOpened(uri)
                        }
                    }
                ))
            } catch (_: ActivityNotFoundException) {
                showNoFileBrowserAlertDialog()
                mainScope.launch {
                    qtInitialized.await()
                    QtAndroidController.onFileOpened("")
                }
            }
        }
    }
    private fun showNoFileBrowserAlertDialog() {
        AlertDialog.Builder(this)
            .setMessage(R.string.tvNoFileBrowser)
            .setCancelable(false)
            .setPositiveButton(android.R.string.ok) { _, _ ->
                try {
                    startActivity(Intent(Intent.ACTION_VIEW, Uri.parse("market://webstoreredirect")))
                } catch (_: Throwable) {}
            }
            .show()
    }
    @Suppress("unused")
    fun getFd(fileName: String): Int {
        Log.v(TAG, "Get fd for $fileName")
        return blockingCall {
            try {
                pfd = contentResolver.openFileDescriptor(Uri.parse(fileName), "r")
                pfd?.fd ?: -1
            } catch (e: Exception) {
                Log.e(TAG, "Failed to get fd: $e")
                -1
            }
        }
    }
    @Suppress("unused")
    fun closeFd() {
        Log.v(TAG, "Close fd")
        mainScope.launch {
            pfd?.close()
            pfd = null
        }
    }
    @Suppress("unused")
    fun getFileName(uri: String): String {
        Log.v(TAG, "Get file name for uri: $uri")
        return blockingCall {
            try {
                contentResolver.query(Uri.parse(uri), arrayOf(OpenableColumns.DISPLAY_NAME), null, null, null)?.use { cursor ->
                    if (cursor.moveToFirst() && !cursor.isNull(0)) {
                        return@blockingCall cursor.getString(0) ?: ""
                    }
                }
            } catch (e: Exception) {
                Log.e(TAG, "Failed to get file name: $e")
            }
            ""
        }
    }
    @Suppress("unused")
    @SuppressLint("UnsupportedChromeOsCameraSystemFeature")
    fun isCameraPresent(): Boolean = applicationContext.packageManager.hasSystemFeature(PackageManager.FEATURE_CAMERA)
@@ -803,121 +720,9 @@ class AmneziaActivity : QtActivity() {
        }
    }
    // method to workaround Qt's problem with calling the keyboard on TVs
    @Suppress("unused")
    fun sendTouch(x: Float, y: Float) {
        Log.v(TAG, "Send touch: $x, $y")
        blockingCall {
            findQtWindow(window.decorView)?.let {
                Log.v(TAG, "Send touch to $it")
                it.dispatchTouchEvent(createEvent(x, y, SystemClock.uptimeMillis(), MotionEvent.ACTION_DOWN))
                it.dispatchTouchEvent(createEvent(x, y, SystemClock.uptimeMillis(), MotionEvent.ACTION_UP))
            }
        }
    }
    private fun findQtWindow(view: View): View? {
        Log.v(TAG, "findQtWindow: process $view")
        if (view::class.simpleName == "QtWindow") return view
        else if (view is ViewGroup) {
            for (i in 0 until view.childCount) {
                val result = findQtWindow(view.getChildAt(i))
                if (result != null) return result
            }
            return null
        } else return null
    }
    private fun createEvent(x: Float, y: Float, eventTime: Long, action: Int): MotionEvent =
        MotionEvent.obtain(
            eventTime,
            eventTime,
            action,
            1,
            arrayOf(MotionEvent.PointerProperties().apply {
                id = 0
                toolType = MotionEvent.TOOL_TYPE_FINGER
            }),
            arrayOf(MotionEvent.PointerCoords().apply {
                this.x = x
                this.y = y
                pressure = 1f
                size = 1f
            }),
            0, 0, 1.0f, 1.0f, 0, 0, 0,0
        )
    // workaround for a bug in Qt that causes the mouse click event not to be handled
    // also disable right-click, as it causes the application to crash
    private var lastButtonState = 0
    private fun MotionEvent.fixCopy(): MotionEvent = MotionEvent.obtain(
        downTime,
        eventTime,
        action,
        pointerCount,
        (0 until pointerCount).map { i ->
            MotionEvent.PointerProperties().apply {
                getPointerProperties(i, this)
            }
        }.toTypedArray(),
        (0 until pointerCount).map { i ->
            MotionEvent.PointerCoords().apply {
                getPointerCoords(i, this)
            }
        }.toTypedArray(),
        metaState,
        MotionEvent.BUTTON_PRIMARY,
        xPrecision,
        yPrecision,
        deviceId,
        edgeFlags,
        source,
        flags
    )
    private fun handleMouseEvent(ev: MotionEvent, superDispatch: (MotionEvent?) -> Boolean): Boolean {
        when (ev.action) {
            MotionEvent.ACTION_DOWN -> {
                lastButtonState = ev.buttonState
                if (ev.buttonState == MotionEvent.BUTTON_SECONDARY) return true
            }
            MotionEvent.ACTION_UP -> {
                when (lastButtonState) {
                    MotionEvent.BUTTON_SECONDARY -> return true
                    MotionEvent.BUTTON_PRIMARY -> {
                        val modEvent = ev.fixCopy()
                        return superDispatch(modEvent).apply { modEvent.recycle() }
                    }
                }
            }
        }
        return superDispatch(ev)
    }
    override fun dispatchTouchEvent(ev: MotionEvent?): Boolean {
        Log.v(TAG, "dispatchTouch: $ev")
        if (ev != null && ev.getToolType(0) == MotionEvent.TOOL_TYPE_MOUSE) {
            return handleMouseEvent(ev) { super.dispatchTouchEvent(it) }
        }
        return super.dispatchTouchEvent(ev)
    }
    override fun dispatchTrackballEvent(ev: MotionEvent?): Boolean {
        ev?.let { return handleMouseEvent(ev) { super.dispatchTrackballEvent(it) }}
        return super.dispatchTrackballEvent(ev)
    }
    /**
     * Utils methods
     */
    private fun <T> blockingCall(
        context: CoroutineContext = Dispatchers.Main.immediate,
        block: suspend () -> T
    ) = runBlocking {
        mainScope.async(context) { block() }.await()
    }
    companion object {
        private fun actionCodeToString(actionCode: Int): String =
            when (actionCode) {
@@ -300,7 +300,7 @@ open class AmneziaVpnService : VpnService() {
            arrayOf(ACTION_CONNECT, ACTION_DISCONNECT), ContextCompat.RECEIVER_NOT_EXPORTED
        ) {
            it?.action?.let { action ->
-                Log.v(TAG, "Broadcast request received: $action")
+                Log.d(TAG, "Broadcast request received: $action")
                when (action) {
                    ACTION_CONNECT -> connect()
                    ACTION_DISCONNECT -> disconnect()
@@ -317,7 +317,7 @@ open class AmneziaVpnService : VpnService() {
                )
            ) {
                val state = it?.getBooleanExtra(NotificationManager.EXTRA_BLOCKED_STATE, false)
-                Log.v(TAG, "Notification state changed: ${it?.action}, blocked = $state")
+                Log.d(TAG, "Notification state changed: ${it?.action}, blocked = $state")
                if (state == false) {
                    enableNotification()
                } else {
@@ -450,7 +450,7 @@ open class AmneziaVpnService : VpnService() {
            serviceNotification.isNotificationEnabled() &&
            getSystemService<PowerManager>()?.isInteractive != false
        ) {
-            Log.v(TAG, "Launch traffic stats update")
+            Log.d(TAG, "Launch traffic stats update")
            trafficStats.reset()
            startTrafficStatsUpdateJob()
        }
@@ -66,7 +66,7 @@ class AuthActivity : FragmentActivity() {
            object : BiometricPrompt.AuthenticationCallback() {
                override fun onAuthenticationSucceeded(result: AuthenticationResult) {
                    super.onAuthenticationSucceeded(result)
-                    Log.v(TAG, "Authentication succeeded")
+                    Log.d(TAG, "Authentication succeeded")
                    QtAndroidController.onAuthResult(true)
                    finish()
                }
@@ -29,20 +29,20 @@ class ImportConfigActivity : ComponentActivity() {
    override fun onCreate(savedInstanceState: Bundle?) {
        super.onCreate(savedInstanceState)
-        Log.v(TAG, "Create Import Config Activity: $intent")
+        Log.d(TAG, "Create Import Config Activity: $intent")
        intent?.let(::readConfig)
    }
    override fun onNewIntent(intent: Intent) {
        super.onNewIntent(intent)
-        Log.v(TAG, "onNewIntent: $intent")
+        Log.d(TAG, "onNewIntent: $intent")
        intent.let(::readConfig)
    }
    private fun readConfig(intent: Intent) {
        when (intent.action) {
            ACTION_SEND -> {
-                Log.v(TAG, "Process SEND action, type: ${intent.type}")
+                Log.d(TAG, "Process SEND action, type: ${intent.type}")
                when (intent.type) {
                    "application/octet-stream" -> {
                        intent.getUriCompat()?.let { uri ->
@@ -60,7 +60,7 @@ class ImportConfigActivity : ComponentActivity() {
            }
            ACTION_VIEW -> {
-                Log.v(TAG, "Process VIEW action, scheme: ${intent.scheme}")
+                Log.d(TAG, "Process VIEW action, scheme: ${intent.scheme}")
                when (intent.scheme) {
                    "file", "content" -> {
                        intent.data?.let { uri ->
@@ -62,7 +62,7 @@ class ServiceNotification(private val context: Context) {
    fun buildNotification(serverName: String?, protocol: String?, state: ProtocolState): Notification {
        val speedString = if (state == CONNECTED) zeroSpeed else null
-        Log.v(TAG, "Build notification: $serverName, $state")
+        Log.d(TAG, "Build notification: $serverName, $state")
        return notificationBuilder
            .setSmallIcon(R.drawable.ic_amnezia_round)
@@ -88,15 +88,17 @@ class ServiceNotification(private val context: Context) {
    fun isNotificationEnabled(): Boolean {
        if (!context.isNotificationPermissionGranted()) return false
        if (!notificationManager.areNotificationsEnabled()) return false
-        return notificationManager.getNotificationChannel(NOTIFICATION_CHANNEL_ID)?.let {
+        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) {
-            it.importance != NotificationManager.IMPORTANCE_NONE
+            return notificationManager.getNotificationChannel(NOTIFICATION_CHANNEL_ID)
-        } ?: true
+                ?.let { it.importance != NotificationManager.IMPORTANCE_NONE } ?: true
        }
        return true
    }
    @SuppressLint("MissingPermission")
    fun updateNotification(serverName: String?, protocol: String?, state: ProtocolState) {
        if (context.isNotificationPermissionGranted()) {
-            Log.v(TAG, "Update notification: $serverName, $state")
+            Log.d(TAG, "Update notification: $serverName, $state")
            notificationManager.notify(NOTIFICATION_ID, buildNotification(serverName, protocol, state))
        }
    }
@@ -1,45 +0,0 @@
 package org.amnezia.vpn
 import android.content.ActivityNotFoundException
 import android.content.Intent
 import android.os.Bundle
 import androidx.activity.ComponentActivity
 import androidx.activity.result.contract.ActivityResultContracts
 import org.amnezia.vpn.util.Log
 private const val TAG = "TvFilePicker"
 class TvFilePicker : ComponentActivity() {
    private val fileChooseResultLauncher = registerForActivityResult(ActivityResultContracts.GetContent()) {
        setResult(RESULT_OK, Intent().apply { data = it })
        finish()
    }
    override fun onCreate(savedInstanceState: Bundle?) {
        super.onCreate(savedInstanceState)
        Log.v(TAG, "onCreate")
        getFile()
    }
    override fun onNewIntent(intent: Intent) {
        super.onNewIntent(intent)
        Log.v(TAG, "onNewIntent")
        getFile()
    }
    private fun getFile() {
        try {
            Log.v(TAG, "getFile")
            fileChooseResultLauncher.launch("*/*")
        } catch (_: ActivityNotFoundException) {
            Log.w(TAG, "Activity not found")
            setResult(RESULT_CANCELED, Intent().apply { putExtra("activityNotFound", true) })
            finish()
        } catch (e: Exception) {
            Log.e(TAG, "Failed to get file: $e")
            setResult(RESULT_CANCELED)
            finish()
        }
    }
 }
@@ -46,7 +46,7 @@ object LibraryLoader {
            System.loadLibrary(libraryName)
            return
        } catch (_: UnsatisfiedLinkError) {
-            Log.w(TAG, "Failed to load library, try to extract it from apk")
+            Log.d(TAG, "Failed to load library, try to extract it from apk")
        }
        var tempFile: File? = null
        try {
@@ -1,6 +1,8 @@
 package org.amnezia.vpn.util
 import android.content.Context
 import android.icu.text.DateFormat
 import android.icu.text.SimpleDateFormat
 import android.os.Build
 import android.os.Process
 import java.io.File
@@ -10,6 +12,8 @@ import java.nio.channels.FileChannel
 import java.nio.channels.FileLock
 import java.time.LocalDateTime
 import java.time.format.DateTimeFormatter
 import java.util.Date
 import java.util.Locale
 import java.util.concurrent.locks.ReentrantLock
 import org.amnezia.vpn.util.Log.Priority.D
 import org.amnezia.vpn.util.Log.Priority.E
@@ -37,7 +41,11 @@ private const val LOG_MAX_FILE_SIZE = 1024 * 1024
 * |                   |              | create a report and/or terminate the process |
 */
 object Log {
-    private val dateTimeFormat: DateTimeFormatter = DateTimeFormatter.ofPattern(DATE_TIME_PATTERN)
+    private val dateTimeFormat: Any =
        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) DateTimeFormatter.ofPattern(DATE_TIME_PATTERN)
        else object : ThreadLocal<DateFormat>() {
            override fun initialValue(): DateFormat = SimpleDateFormat(DATE_TIME_PATTERN, Locale.US)
        }
    private lateinit var logDir: File
    private val logFile: File by lazy { File(logDir, LOG_FILE_NAME) }
@@ -135,7 +143,12 @@ object Log {
    }
    private fun formatLogMsg(tag: String, msg: String, priority: Priority): String {
-        val date = LocalDateTime.now().format(dateTimeFormat)
+        val date = if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) {
            LocalDateTime.now().format(dateTimeFormat as DateTimeFormatter)
        } else {
            @Suppress("UNCHECKED_CAST")
            (dateTimeFormat as ThreadLocal<DateFormat>).get()?.format(Date())
        }
        return "$date ${Process.myPid()} ${Process.myTid()} $priority [${Thread.currentThread().name}] " +
            "$tag: $msg\n"
    }
@@ -42,12 +42,18 @@ class NetworkState(
    private val networkCallback: NetworkCallback by lazy(NONE) {
        object : NetworkCallback() {
            override fun onAvailable(network: Network) {
-                Log.v(TAG, "onAvailable: $network")
+                Log.d(TAG, "onAvailable: $network")
            }
            override fun onCapabilitiesChanged(network: Network, networkCapabilities: NetworkCapabilities) {
-                Log.v(TAG, "onCapabilitiesChanged: $network, $networkCapabilities")
+                Log.d(TAG, "onCapabilitiesChanged: $network, $networkCapabilities")
-                checkNetworkState(network, networkCapabilities)
+                if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) {
                    checkNetworkState(network, networkCapabilities)
                } else {
                    handler.post {
                        checkNetworkState(network, networkCapabilities)
                    }
                }
            }
            private fun checkNetworkState(network: Network, networkCapabilities: NetworkCapabilities) {
@@ -67,11 +73,11 @@ class NetworkState(
            }
            override fun onBlockedStatusChanged(network: Network, blocked: Boolean) {
-                Log.v(TAG, "onBlockedStatusChanged: $network, $blocked")
+                Log.d(TAG, "onBlockedStatusChanged: $network, $blocked")
            }
            override fun onLost(network: Network) {
-                Log.v(TAG, "onLost: $network")
+                Log.d(TAG, "onLost: $network")
            }
        }
    }
@@ -81,7 +87,7 @@ class NetworkState(
        Log.d(TAG, "Bind network listener")
        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.S) {
            connectivityManager.registerBestMatchingNetworkCallback(networkRequest, networkCallback, handler)
-        } else {
+        } else if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) {
            val numberAttempts = 300
            var attemptCount = 0
            while(true) {
@@ -102,6 +108,8 @@ class NetworkState(
                    }
                }
            }
        } else {
            connectivityManager.requestNetwork(networkRequest, networkCallback)
        }
        isListenerBound = true
    }
@@ -1,12 +1,11 @@
 package org.amnezia.vpn.protocol.wireguard
 import android.net.VpnService.Builder
-import kotlinx.coroutines.CoroutineScope
+import java.io.IOException
 import java.util.Locale
 import kotlinx.coroutines.Dispatchers
 import kotlinx.coroutines.Job
 import kotlinx.coroutines.cancel
 import kotlinx.coroutines.delay
-import kotlinx.coroutines.launch
+import kotlinx.coroutines.withContext
 import org.amnezia.awg.GoBackend
 import org.amnezia.vpn.protocol.Protocol
 import org.amnezia.vpn.protocol.ProtocolState.CONNECTED
@@ -28,8 +27,6 @@ open class Wireguard : Protocol() {
    private var tunnelHandle: Int = -1
    protected open val ifName: String = "amn0"
    private lateinit var scope: CoroutineScope
    private var statusJob: Job? = null
    override val statistics: Statistics
        get() {
@@ -52,17 +49,46 @@ open class Wireguard : Protocol() {
    override fun internalInit() {
        if (!isInitialized) loadSharedLibrary(context, "wg-go")
        if (this::scope.isInitialized) {
            scope.cancel()
        }
        scope = CoroutineScope(Dispatchers.IO)
    }
    override suspend fun startVpn(config: JSONObject, vpnBuilder: Builder, protect: (Int) -> Boolean) {
        val wireguardConfig = parseConfig(config)
        val startTime = System.currentTimeMillis()
        start(wireguardConfig, vpnBuilder, protect)
        waitForConnection(startTime)
        state.value = CONNECTED
    }
    private suspend fun waitForConnection(startTime: Long) {
        Log.d(TAG, "Waiting for connection")
        withContext(Dispatchers.IO) {
            val time = String.format(Locale.ROOT,"%.3f", startTime / 1000.0)
            try {
                delay(1000)
                var log = getLogcat(time)
                Log.d(TAG, "First waiting log: $log")
                // check that there is a connection log,
                // to avoid infinite connection
                if (!log.contains("Attaching to interface")) {
                    Log.w(TAG, "Logs do not contain a connection log")
                    return@withContext
                }
                while (!log.contains("Received handshake response")) {
                    delay(1000)
                    log = getLogcat(time)
                }
            } catch (e: IOException) {
                Log.e(TAG, "Failed to get logcat: $e")
            }
        }
    }
    private fun getLogcat(time: String): String =
        ProcessBuilder("logcat", "--buffer=main", "--format=raw", "*:S AmneziaWG/awg0", "-t", time)
            .redirectErrorStream(true)
            .start()
            .inputStream.reader().readText()
    protected open fun parseConfig(config: JSONObject): WireguardConfig {
        val configData = config.getJSONObject("wireguard_config_data")
        return WireguardConfig.build {
@@ -152,43 +178,6 @@ open class Wireguard : Protocol() {
            tunnelHandle = -1
            throw VpnStartException("Protect VPN interface: permission not granted or revoked")
        }
        launchStatusJob()
    }
    private fun launchStatusJob() {
        Log.d(TAG, "Launch status job")
        statusJob = scope.launch {
            while (true) {
                val lastHandshake = getLastHandshake()
                Log.v(TAG, "lastHandshake=$lastHandshake")
                if (lastHandshake == 0L) {
                    delay(1000)
                    continue
                }
                if (lastHandshake == -2L || lastHandshake > 0L) state.value = CONNECTED
                else if (lastHandshake == -1L) state.value = DISCONNECTED
                statusJob = null
                break
            }
        }
    }
    private fun getLastHandshake(): Long {
        if (tunnelHandle == -1) {
            Log.e(TAG, "Trying to get config of a non-existent tunnel")
            return -1
        }
        val config = GoBackend.awgGetConfig(tunnelHandle)
        if (config == null) {
            Log.e(TAG, "Failed to get tunnel config")
            return -2
        }
        val lastHandshake = config.lines().find { it.startsWith("last_handshake_time_sec=") }?.substring(24)?.toLong()
        if (lastHandshake == null) {
            Log.e(TAG, "Failed to get last_handshake_time_sec")
            return -2
        }
        return lastHandshake
    }
    override fun stopVpn() {
@@ -196,8 +185,6 @@ open class Wireguard : Protocol() {
            Log.w(TAG, "Tunnel already down")
            return
        }
        statusJob?.cancel()
        statusJob = null
        val handleToClose = tunnelHandle
        tunnelHandle = -1
        GoBackend.awgTurnOff(handleToClose)
@@ -130,8 +130,8 @@ class Xray : Protocol() {
            LibXray.initXray(assetsPath)
            val geoDir = File(assetsPath, "geo").absolutePath
            val configPath = File(context.cacheDir, "config.json")
-            Log.v(TAG, "xray.location.asset: $geoDir")
+            Log.d(TAG, "xray.location.asset: $geoDir")
-            Log.v(TAG, "config: $configPath")
+            Log.d(TAG, "config: $configPath")
            try {
                configPath.writeText(configJson)
            } catch (e: IOException) {
@@ -1,6 +1,6 @@
 message("Client android ${CMAKE_ANDROID_ARCH_ABI} build")
-set(APP_ANDROID_MIN_SDK 26)
+set(APP_ANDROID_MIN_SDK 24)
 set(ANDROID_PLATFORM "android-${APP_ANDROID_MIN_SDK}" CACHE STRING
    "The minimum API level supported by the application or library" FORCE)
@@ -120,7 +120,7 @@ WireguardConfigurator::ConnectionData WireguardConfigurator::prepareWireguardCon
        }
    }
-    QString subnetIp = containerConfig.value(m_protocolName).toObject().value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress);
+    QString subnetIp = containerConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress);
    {
        QStringList l = subnetIp.split(".", Qt::SkipEmptyParts);
        if (l.isEmpty()) {
@@ -3,169 +3,38 @@
 #include <QFile>
 #include <QJsonDocument>
 #include <QJsonObject>
 #include <QUuid>
 #include "logger.h"
 #include "containers/containers_defs.h"
 #include "core/controllers/serverController.h"
 #include "core/scripts_registry.h"
 namespace {
 Logger logger("XrayConfigurator");
 }
 XrayConfigurator::XrayConfigurator(std::shared_ptr<Settings> settings, const QSharedPointer<ServerController> &serverController, QObject *parent)
    : ConfiguratorBase(settings, serverController, parent)
 {
 }
-QString XrayConfigurator::prepareServerConfig(const ServerCredentials &credentials, DockerContainer container,
+QString XrayConfigurator::createConfig(const ServerCredentials &credentials, DockerContainer container, const QJsonObject &containerConfig,
-                                               const QJsonObject &containerConfig, ErrorCode &errorCode)
+                                       ErrorCode &errorCode)
 {
    // Generate new UUID for client
    QString clientId = QUuid::createUuid().toString(QUuid::WithoutBraces);
    // Get current server config
    QString currentConfig = m_serverController->getTextFileFromContainer(
        container, credentials, amnezia::protocols::xray::serverConfigPath, errorCode);
    if (errorCode != ErrorCode::NoError) {
        logger.error() << "Failed to get server config file";
        return "";
    }
    // Parse current config as JSON
    QJsonDocument doc = QJsonDocument::fromJson(currentConfig.toUtf8());
    if (doc.isNull() || !doc.isObject()) {
        logger.error() << "Failed to parse server config JSON";
        errorCode = ErrorCode::InternalError;
        return "";
    }
    QJsonObject serverConfig = doc.object();
    // Validate server config structure
    if (!serverConfig.contains("inbounds")) {
        logger.error() << "Server config missing 'inbounds' field";
        errorCode = ErrorCode::InternalError;
        return "";
    }
    QJsonArray inbounds = serverConfig["inbounds"].toArray();
    if (inbounds.isEmpty()) {
        logger.error() << "Server config has empty 'inbounds' array";
        errorCode = ErrorCode::InternalError;
        return "";
    }
    QJsonObject inbound = inbounds[0].toObject();
    if (!inbound.contains("settings")) {
        logger.error() << "Inbound missing 'settings' field";
        errorCode = ErrorCode::InternalError;
        return "";
    }
    QJsonObject settings = inbound["settings"].toObject();
    if (!settings.contains("clients")) {
        logger.error() << "Settings missing 'clients' field";
        errorCode = ErrorCode::InternalError;
        return "";
    }
    QJsonArray clients = settings["clients"].toArray();
    // Create configuration for new client
    QJsonObject clientConfig {
        {"id", clientId},
        {"flow", "xtls-rprx-vision"}
    };
    clients.append(clientConfig);
    // Update config
    settings["clients"] = clients;
    inbound["settings"] = settings;
    inbounds[0] = inbound;
    serverConfig["inbounds"] = inbounds;
    // Save updated config to server
    QString updatedConfig = QJsonDocument(serverConfig).toJson();
    errorCode = m_serverController->uploadTextFileToContainer(
        container, 
        credentials, 
        updatedConfig,
        amnezia::protocols::xray::serverConfigPath,
        libssh::ScpOverwriteMode::ScpOverwriteExisting
    );
    if (errorCode != ErrorCode::NoError) {
        logger.error() << "Failed to upload updated config";
        return "";
    }
    // Restart container
    QString restartScript = QString("sudo docker restart $CONTAINER_NAME");
    errorCode = m_serverController->runScript(
        credentials, 
        m_serverController->replaceVars(restartScript, m_serverController->genVarsForScript(credentials, container))
    );
    if (errorCode != ErrorCode::NoError) {
        logger.error() << "Failed to restart container";
        return "";
    }
    return clientId;
 }
 QString XrayConfigurator::createConfig(const ServerCredentials &credentials, DockerContainer container,
                                       const QJsonObject &containerConfig, ErrorCode &errorCode)
 {
    // Get client ID from prepareServerConfig
    QString xrayClientId = prepareServerConfig(credentials, container, containerConfig, errorCode);
    if (errorCode != ErrorCode::NoError || xrayClientId.isEmpty()) {
        logger.error() << "Failed to prepare server config";
        errorCode = ErrorCode::InternalError;
        return "";
    }
    QString config = m_serverController->replaceVars(amnezia::scriptData(ProtocolScriptType::xray_template, container),
                                                     m_serverController->genVarsForScript(credentials, container, containerConfig));
    if (config.isEmpty()) {
        logger.error() << "Failed to get config template";
        errorCode = ErrorCode::InternalError;
        return "";
    }
    QString xrayPublicKey =
            m_serverController->getTextFileFromContainer(container, credentials, amnezia::protocols::xray::PublicKeyPath, errorCode);
    if (errorCode != ErrorCode::NoError || xrayPublicKey.isEmpty()) {
        logger.error() << "Failed to get public key";
        errorCode = ErrorCode::InternalError;
        return "";
    }
    xrayPublicKey.replace("\n", "");
    QString xrayUuid = m_serverController->getTextFileFromContainer(container, credentials, amnezia::protocols::xray::uuidPath, errorCode);
    xrayUuid.replace("\n", "");
    QString xrayShortId =
            m_serverController->getTextFileFromContainer(container, credentials, amnezia::protocols::xray::shortidPath, errorCode);
    if (errorCode != ErrorCode::NoError || xrayShortId.isEmpty()) {
        logger.error() << "Failed to get short ID";
        errorCode = ErrorCode::InternalError;
        return "";
    }
    xrayShortId.replace("\n", "");
-    // Validate all required variables are present
+    if (errorCode != ErrorCode::NoError) {
    if (!config.contains("$XRAY_CLIENT_ID") || !config.contains("$XRAY_PUBLIC_KEY") || !config.contains("$XRAY_SHORT_ID")) {
        logger.error() << "Config template missing required variables:"
                      << "XRAY_CLIENT_ID:" << !config.contains("$XRAY_CLIENT_ID")
                      << "XRAY_PUBLIC_KEY:" << !config.contains("$XRAY_PUBLIC_KEY")
                      << "XRAY_SHORT_ID:" << !config.contains("$XRAY_SHORT_ID");
        errorCode = ErrorCode::InternalError;
        return "";
    }
-    config.replace("$XRAY_CLIENT_ID", xrayClientId);
+    config.replace("$XRAY_CLIENT_ID", xrayUuid);
    config.replace("$XRAY_PUBLIC_KEY", xrayPublicKey);
    config.replace("$XRAY_SHORT_ID", xrayShortId);
@@ -14,10 +14,6 @@ public:
    QString createConfig(const ServerCredentials &credentials, DockerContainer container, const QJsonObject &containerConfig,
                         ErrorCode &errorCode);
 private:
    QString prepareServerConfig(const ServerCredentials &credentials, DockerContainer container, const QJsonObject &containerConfig,
                                ErrorCode &errorCode);
 };
 #endif // XRAY_CONFIGURATOR_H
@@ -1,8 +1,5 @@
 #include "apiController.h"
 #include <algorithm>
 #include <random>
 #include <QEventLoop>
 #include <QNetworkAccessManager>
 #include <QNetworkReply>
@@ -14,7 +11,6 @@
 #include "amnezia_application.h"
 #include "configurators/wireguard_configurator.h"
 #include "core/enums/apiEnums.h"
 #include "utilities.h"
 #include "version.h"
 namespace
@@ -37,7 +33,6 @@ namespace
        constexpr char userCountryCode[] = "user_country_code";
        constexpr char serverCountryCode[] = "server_country_code";
        constexpr char serviceType[] = "service_type";
        constexpr char serviceInfo[] = "service_info";
        constexpr char aesKey[] = "aes_key";
        constexpr char aesIv[] = "aes_iv";
@@ -45,12 +40,9 @@ namespace
        constexpr char apiPayload[] = "api_payload";
        constexpr char keyPayload[] = "key_payload";
        constexpr char apiConfig[] = "api_config";
        constexpr char authData[] = "auth_data";
    }
-    const int requestTimeoutMsecs = 12 * 1000; // 12 secs
+    const QStringList proxyStorageUrl = { "" };
    ErrorCode checkErrors(const QList<QSslError> &sslErrors, QNetworkReply *reply)
    {
@@ -71,28 +63,6 @@ namespace
            return ErrorCode::ApiConfigDownloadError;
        }
    }
    bool shouldBypassProxy(QNetworkReply *reply, const QByteArray &responseBody, bool checkEncryption, const QByteArray &key = "",
                           const QByteArray &iv = "", const QByteArray &salt = "")
    {
        if (reply->error() == QNetworkReply::NetworkError::OperationCanceledError
            || reply->error() == QNetworkReply::NetworkError::TimeoutError) {
            qDebug() << "Timeout occurred";
            return true;
        } else if (responseBody.contains("html")) {
            qDebug() << "The response contains an html tag";
            return true;
        } else if (checkEncryption) {
            try {
                QSimpleCrypto::QBlockCipher blockCipher;
                static_cast<void>(blockCipher.decryptAesBlockCipher(responseBody, key, iv, "", salt));
            } catch (...) {
                qDebug() << "Failed to decrypt the data";
                return true;
            }
        }
        return false;
    }
 }
 ApiController::ApiController(const QString &gatewayEndpoint, bool isDevEnvironment, QObject *parent)
@@ -124,8 +94,8 @@ void ApiController::fillServerConfig(const QString &protocol, const ApiControlle
        configStr.replace("$OPENVPN_PRIV_KEY", apiPayloadData.certRequest.privKey);
    } else if (protocol == configKey::awg) {
        configStr.replace("$WIREGUARD_CLIENT_PRIVATE_KEY", apiPayloadData.wireGuardClientPrivKey);
-        auto newServerConfig = QJsonDocument::fromJson(configStr.toUtf8()).object();
+        auto serverConfig = QJsonDocument::fromJson(configStr.toUtf8()).object();
-        auto containers = newServerConfig.value(config_key::containers).toArray();
+        auto containers = serverConfig.value(config_key::containers).toArray();
        if (containers.isEmpty()) {
            return; // todo process error
        }
@@ -144,57 +114,38 @@ void ApiController::fillServerConfig(const QString &protocol, const ApiControlle
        containerConfig[config_key::transportPacketMagicHeader] = protocolConfig.value(config_key::transportPacketMagicHeader);
        container[containerName] = containerConfig;
        containers.replace(0, container);
-        newServerConfig[config_key::containers] = containers;
+        serverConfig[config_key::containers] = containers;
-        configStr = QString(QJsonDocument(newServerConfig).toJson());
+        configStr = QString(QJsonDocument(serverConfig).toJson());
    }
-    QJsonObject newServerConfig = QJsonDocument::fromJson(configStr.toUtf8()).object();
+    QJsonObject apiConfig = QJsonDocument::fromJson(configStr.toUtf8()).object();
-    serverConfig[config_key::dns1] = newServerConfig.value(config_key::dns1);
+    serverConfig[config_key::dns1] = apiConfig.value(config_key::dns1);
-    serverConfig[config_key::dns2] = newServerConfig.value(config_key::dns2);
+    serverConfig[config_key::dns2] = apiConfig.value(config_key::dns2);
-    serverConfig[config_key::containers] = newServerConfig.value(config_key::containers);
+    serverConfig[config_key::containers] = apiConfig.value(config_key::containers);
-    serverConfig[config_key::hostName] = newServerConfig.value(config_key::hostName);
+    serverConfig[config_key::hostName] = apiConfig.value(config_key::hostName);
-    if (newServerConfig.value(config_key::configVersion).toInt() == ApiConfigSources::AmneziaGateway) {
+    if (apiConfig.value(config_key::configVersion).toInt() == ApiConfigSources::AmneziaGateway) {
-        serverConfig[config_key::configVersion] = newServerConfig.value(config_key::configVersion);
+        serverConfig[config_key::configVersion] = apiConfig.value(config_key::configVersion);
-        serverConfig[config_key::description] = newServerConfig.value(config_key::description);
+        serverConfig[config_key::description] = apiConfig.value(config_key::description);
-        serverConfig[config_key::name] = newServerConfig.value(config_key::name);
+        serverConfig[config_key::name] = apiConfig.value(config_key::name);
    }
-    auto defaultContainer = newServerConfig.value(config_key::defaultContainer).toString();
+    auto defaultContainer = apiConfig.value(config_key::defaultContainer).toString();
    serverConfig[config_key::defaultContainer] = defaultContainer;
    QVariantMap map = serverConfig.value(configKey::apiConfig).toObject().toVariantMap();
    map.insert(newServerConfig.value(configKey::apiConfig).toObject().toVariantMap());
    auto apiConfig = QJsonObject::fromVariantMap(map);
    if (newServerConfig.value(config_key::configVersion).toInt() == ApiConfigSources::AmneziaGateway) {
        apiConfig.insert(configKey::serviceInfo, QJsonDocument::fromJson(apiResponseBody).object().value(configKey::serviceInfo).toObject());
    }
    serverConfig[configKey::apiConfig] = apiConfig;
    return;
 }
 QStringList ApiController::getProxyUrls()
 {
    QNetworkRequest request;
-    request.setTransferTimeout(requestTimeoutMsecs);
+    request.setTransferTimeout(7000);
    request.setHeader(QNetworkRequest::ContentTypeHeader, "application/json");
    QEventLoop wait;
    QList<QSslError> sslErrors;
    QNetworkReply *reply;
    QStringList proxyStorageUrl;
    if (m_isDevEnvironment) {
        proxyStorageUrl = QStringList { DEV_S3_ENDPOINT };
    } else {
        proxyStorageUrl = QStringList { PROD_S3_ENDPOINT };
    }
    QByteArray key = m_isDevEnvironment ? DEV_AGW_PUBLIC_KEY : PROD_AGW_PUBLIC_KEY;
    for (const auto &proxyStorageUrl : proxyStorageUrl) {
        request.setUrl(proxyStorageUrl);
        reply = amnApp->manager()->get(request);
@@ -215,23 +166,11 @@ QStringList ApiController::getProxyUrls()
    EVP_PKEY *privateKey = nullptr;
    QByteArray responseBody;
    try {
-        if (!m_isDevEnvironment) {
+        QByteArray key = PROD_PROXY_STORAGE_KEY;
-            QCryptographicHash hash(QCryptographicHash::Sha512);
+        QSimpleCrypto::QRsa rsa;
-            hash.addData(key);
+        privateKey = rsa.getPrivateKeyFromByteArray(key, "");
-            QByteArray hashResult = hash.result().toHex();
+        responseBody = rsa.decrypt(encryptedResponseBody, privateKey, RSA_PKCS1_PADDING);
            QByteArray key = QByteArray::fromHex(hashResult.left(64));
            QByteArray iv = QByteArray::fromHex(hashResult.mid(64, 32));
            QByteArray ba = QByteArray::fromBase64(encryptedResponseBody);
            QSimpleCrypto::QBlockCipher blockCipher;
            responseBody = blockCipher.decryptAesBlockCipher(ba, key, iv);
        } else {
            responseBody = encryptedResponseBody;
        }
    } catch (...) {
        Utils::logException();
        qCritical() << "error loading private key from environment variables or decrypting payload";
        return {};
    }
@@ -282,7 +221,7 @@ void ApiController::updateServerConfigFromApi(const QString &installationUuid, c
    if (serverConfig.value(config_key::configVersion).toInt()) {
        QNetworkRequest request;
-        request.setTransferTimeout(requestTimeoutMsecs);
+        request.setTransferTimeout(7000);
        request.setHeader(QNetworkRequest::ContentTypeHeader, "application/json");
        request.setRawHeader("Authorization", "Api-Key " + serverConfig.value(configKey::accessToken).toString().toUtf8());
        QString endpoint = serverConfig.value(configKey::apiEdnpoint).toString();
@@ -338,7 +277,7 @@ ErrorCode ApiController::getServicesList(QByteArray &responseBody)
 #endif
    QNetworkRequest request;
-    request.setTransferTimeout(requestTimeoutMsecs);
+    request.setTransferTimeout(7000);
    request.setHeader(QNetworkRequest::ContentTypeHeader, "application/json");
    request.setUrl(QString("%1v1/services").arg(m_gatewayEndpoint));
@@ -353,53 +292,40 @@ ErrorCode ApiController::getServicesList(QByteArray &responseBody)
    connect(reply, &QNetworkReply::sslErrors, [this, &sslErrors](const QList<QSslError> &errors) { sslErrors = errors; });
    wait.exec();
-    responseBody = reply->readAll();
+    if (reply->error() == QNetworkReply::NetworkError::TimeoutError || reply->error() == QNetworkReply::NetworkError::OperationCanceledError) {
    if (sslErrors.isEmpty() && shouldBypassProxy(reply, responseBody, false)) {
        m_proxyUrls = getProxyUrls();
        std::random_device randomDevice;
        std::mt19937 generator(randomDevice());
        std::shuffle(m_proxyUrls.begin(), m_proxyUrls.end(), generator);
        for (const QString &proxyUrl : m_proxyUrls) {
            qDebug() << "Go to the next endpoint";
            request.setUrl(QString("%1v1/services").arg(proxyUrl));
            reply->deleteLater(); // delete the previous reply
            reply = amnApp->manager()->get(request);
            QObject::connect(reply, &QNetworkReply::finished, &wait, &QEventLoop::quit);
            connect(reply, &QNetworkReply::sslErrors, [this, &sslErrors](const QList<QSslError> &errors) { sslErrors = errors; });
            wait.exec();
-
+            if (reply->error() != QNetworkReply::NetworkError::TimeoutError
-            responseBody = reply->readAll();
+                && reply->error() != QNetworkReply::NetworkError::OperationCanceledError) {
            if (!sslErrors.isEmpty() || !shouldBypassProxy(reply, responseBody, false)) {
                break;
            }
            reply->deleteLater();
        }
    }
    responseBody = reply->readAll();
    auto errorCode = checkErrors(sslErrors, reply);
    reply->deleteLater();
    if (errorCode == ErrorCode::NoError) {
        if (!responseBody.contains("services")) {
            return ErrorCode::ApiServicesMissingError;
        }
    }
    return errorCode;
 }
 ErrorCode ApiController::getConfigForService(const QString &installationUuid, const QString &userCountryCode, const QString &serviceType,
-                                             const QString &protocol, const QString &serverCountryCode, const QJsonObject &authData,
+                                             const QString &protocol, const QString &serverCountryCode, QJsonObject &serverConfig)
                                             QJsonObject &serverConfig)
 {
 #ifdef Q_OS_IOS
    IosController::Instance()->requestInetAccess();
    QThread::msleep(10);
 #endif
    QNetworkAccessManager manager;
    QNetworkRequest request;
-    request.setTransferTimeout(requestTimeoutMsecs);
+    request.setTransferTimeout(7000);
    request.setHeader(QNetworkRequest::ContentTypeHeader, "application/json");
    request.setUrl(QString("%1v1/config").arg(m_gatewayEndpoint));
@@ -413,9 +339,6 @@ ErrorCode ApiController::getConfigForService(const QString &installationUuid, co
    }
    apiPayload[configKey::serviceType] = serviceType;
    apiPayload[configKey::uuid] = installationUuid;
    if (!authData.isEmpty()) {
        apiPayload[configKey::authData] = authData;
    }
    QSimpleCrypto::QBlockCipher blockCipher;
    QByteArray key = blockCipher.generatePrivateSalt(32);
@@ -438,7 +361,6 @@ ErrorCode ApiController::getConfigForService(const QString &installationUuid, co
            QSimpleCrypto::QRsa rsa;
            publicKey = rsa.getPublicKeyFromByteArray(rsaKey);
        } catch (...) {
            Utils::logException();
            qCritical() << "error loading public key from environment variables";
            return ErrorCode::ApiMissingAgwPublicKey;
        }
@@ -448,16 +370,14 @@ ErrorCode ApiController::getConfigForService(const QString &installationUuid, co
        encryptedApiPayload = blockCipher.encryptAesBlockCipher(QJsonDocument(apiPayload).toJson(), key, iv, "", salt);
    } catch (...) { // todo change error handling in QSimpleCrypto?
        Utils::logException();
        qCritical() << "error when encrypting the request body";
        return ErrorCode::ApiConfigDecryptionError;
    }
    QJsonObject requestBody;
    requestBody[configKey::keyPayload] = QString(encryptedKeyPayload.toBase64());
    requestBody[configKey::apiPayload] = QString(encryptedApiPayload.toBase64());
-    QNetworkReply *reply = amnApp->manager()->post(request, QJsonDocument(requestBody).toJson());
+    QNetworkReply *reply = manager.post(request, QJsonDocument(requestBody).toJson());
    QEventLoop wait;
    connect(reply, &QNetworkReply::finished, &wait, &QEventLoop::quit);
@@ -466,43 +386,37 @@ ErrorCode ApiController::getConfigForService(const QString &installationUuid, co
    connect(reply, &QNetworkReply::sslErrors, [this, &sslErrors](const QList<QSslError> &errors) { sslErrors = errors; });
    wait.exec();
-    auto encryptedResponseBody = reply->readAll();
+    if (reply->error() == QNetworkReply::NetworkError::TimeoutError || reply->error() == QNetworkReply::NetworkError::OperationCanceledError) {
-
+        if (m_proxyUrls.isEmpty()) {
-    if (sslErrors.isEmpty() && shouldBypassProxy(reply, encryptedResponseBody, true, key, iv, salt)) {
+            m_proxyUrls = getProxyUrls();
-        m_proxyUrls = getProxyUrls();
+        }
        std::random_device randomDevice;
        std::mt19937 generator(randomDevice());
        std::shuffle(m_proxyUrls.begin(), m_proxyUrls.end(), generator);
        for (const QString &proxyUrl : m_proxyUrls) {
            qDebug() << "Go to the next endpoint";
            request.setUrl(QString("%1v1/config").arg(proxyUrl));
-            reply->deleteLater(); // delete the previous reply
+            reply = manager.post(request, QJsonDocument(requestBody).toJson());
            reply = amnApp->manager()->post(request, QJsonDocument(requestBody).toJson());
            QObject::connect(reply, &QNetworkReply::finished, &wait, &QEventLoop::quit);
            connect(reply, &QNetworkReply::sslErrors, [this, &sslErrors](const QList<QSslError> &errors) { sslErrors = errors; });
            wait.exec();
-
+            if (reply->error() != QNetworkReply::NetworkError::TimeoutError
-            encryptedResponseBody = reply->readAll();
+                && reply->error() != QNetworkReply::NetworkError::OperationCanceledError) {
            if (!sslErrors.isEmpty() || !shouldBypassProxy(reply, encryptedResponseBody, true, key, iv, salt)) {
                break;
            }
            reply->deleteLater();
        }
    }
    auto errorCode = checkErrors(sslErrors, reply);
    reply->deleteLater();
    if (errorCode) {
        return errorCode;
    }
    auto encryptedResponseBody = reply->readAll();
    reply->deleteLater();
    try {
        auto responseBody = blockCipher.decryptAesBlockCipher(encryptedResponseBody, key, iv, "", salt);
        fillServerConfig(protocol, apiPayloadData, responseBody, serverConfig);
    } catch (...) { // todo change error handling in QSimpleCrypto?
        Utils::logException();
        qCritical() << "error when decrypting the request body";
        return ErrorCode::ApiConfigDecryptionError;
    }
    return errorCode;
@@ -21,7 +21,7 @@ public slots:
    ErrorCode getServicesList(QByteArray &responseBody);
    ErrorCode getConfigForService(const QString &installationUuid, const QString &userCountryCode, const QString &serviceType,
-                                  const QString &protocol, const QString &serverCountryCode, const QJsonObject &authData, QJsonObject &serverConfig);
+                                  const QString &protocol, const QString &serverCountryCode, QJsonObject &serverConfig);
 signals:
    void errorOccurred(ErrorCode errorCode);
@@ -346,9 +346,7 @@ bool ServerController::isReinstallContainerRequired(DockerContainer container, c
    }
    if (container == DockerContainer::Awg) {
-        if ((oldProtoConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress)
+        if ((oldProtoConfig.value(config_key::port).toString(protocols::awg::defaultPort)
             != newProtoConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress))
            || (oldProtoConfig.value(config_key::port).toString(protocols::awg::defaultPort)
             != newProtoConfig.value(config_key::port).toString(protocols::awg::defaultPort))
            || (oldProtoConfig.value(config_key::junkPacketCount).toString(protocols::awg::defaultJunkPacketCount)
                != newProtoConfig.value(config_key::junkPacketCount).toString(protocols::awg::defaultJunkPacketCount))
@@ -372,10 +370,8 @@ bool ServerController::isReinstallContainerRequired(DockerContainer container, c
    }
    if (container == DockerContainer::WireGuard) {
-        if ((oldProtoConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress)
+        if (oldProtoConfig.value(config_key::port).toString(protocols::wireguard::defaultPort)
-             != newProtoConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress))
+            != newProtoConfig.value(config_key::port).toString(protocols::wireguard::defaultPort))
            || (oldProtoConfig.value(config_key::port).toString(protocols::wireguard::defaultPort)
            != newProtoConfig.value(config_key::port).toString(protocols::wireguard::defaultPort)))
            return true;
    }
@@ -611,8 +607,6 @@ ServerController::Vars ServerController::genVarsForScript(const ServerCredential
    vars.append({ { "$SFTP_PASSWORD", sftpConfig.value(config_key::password).toString() } });
    // Amnezia wireguard vars
    vars.append({ { "$AWG_SUBNET_IP",
                    amneziaWireguarConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress) } });
    vars.append({ { "$AWG_SERVER_PORT", amneziaWireguarConfig.value(config_key::port).toString(protocols::awg::defaultPort) } });
    vars.append({ { "$JUNK_PACKET_COUNT", amneziaWireguarConfig.value(config_key::junkPacketCount).toString() } });
@@ -96,7 +96,6 @@ namespace amnezia
        // import and install errors
        ImportInvalidConfigError = 900,
        ImportOpenConfigError = 901,
        // Android errors
        AndroidError = 1000,
@@ -108,8 +107,6 @@ namespace amnezia
        ApiConfigTimeoutError = 1103,
        ApiConfigSslError = 1104,
        ApiMissingAgwPublicKey = 1105,
        ApiConfigDecryptionError = 1106,
        ApiServicesMissingError = 1107,
        // QFile errors
        OpenError = 1200,
@@ -50,7 +50,6 @@ QString errorString(ErrorCode code) {
    case (ErrorCode::AddressPoolError): errorMessage = QObject::tr("VPN pool error: no available addresses"); break;
    case (ErrorCode::ImportInvalidConfigError): errorMessage = QObject::tr("The config does not contain any containers and credentials for connecting to the server"); break;
    case (ErrorCode::ImportOpenConfigError): errorMessage = QObject::tr("Unable to open config file"); break;
    // Android errors
    case (ErrorCode::AndroidError): errorMessage = QObject::tr("VPN connection error"); break;
@@ -62,8 +61,6 @@ QString errorString(ErrorCode code) {
    case (ErrorCode::ApiConfigSslError): errorMessage = QObject::tr("SSL error occurred"); break;
    case (ErrorCode::ApiConfigTimeoutError): errorMessage = QObject::tr("Server response timeout on api request"); break;
    case (ErrorCode::ApiMissingAgwPublicKey): errorMessage = QObject::tr("Missing AGW public key"); break;
    case (ErrorCode::ApiConfigDecryptionError): errorMessage = QObject::tr("Failed to decrypt response payload"); break;
    case (ErrorCode::ApiServicesMissingError): errorMessage = QObject::tr("Missing list of available services"); break;
    // QFile errors
    case(ErrorCode::OpenError): errorMessage = QObject::tr("QFile error: The file could not be opened"); break;
@@ -104,7 +104,7 @@ QJsonObject Deserialize(const QString &vmessStr, QString *alias, QString *errMes
        server.users.first().security = "auto";
    }
-    const auto getQueryValue = [&query](const QString &key, const QString &defaultValue) {
+    const static auto getQueryValue = [&query](const QString &key, const QString &defaultValue) {
        if (query.hasQueryItem(key))
            return query.queryItemValue(key, QUrl::FullyDecoded);
        else
@@ -78,7 +78,7 @@ bool Daemon::activate(const InterfaceConfig& config) {
        return false;
      }
-      if (!dnsutils()->restoreResolvers()) {
+      if (supportDnsUtils() && !dnsutils()->restoreResolvers()) {
        return false;
      }
@@ -114,23 +114,12 @@ bool Daemon::activate(const InterfaceConfig& config) {
  // Bring up the wireguard interface if not already done.
  if (!wgutils()->interfaceExists()) {
    // Create the interface.
    if (!wgutils()->addInterface(config)) {
      logger.error() << "Interface creation failed.";
      return false;
    }
  }
  // Bring the interface up.
  if (supportIPUtils()) {
    if (!iputils()->addInterfaceIPs(config)) {
      return false;
    }
    if (!iputils()->setMTUAndUp(config)) {
      return false;
    }
  }
  // Configure routing for excluded addresses.
  for (const QString& i : config.m_excludedAddresses) {
    addExclusionRoute(IPAddress(i));
@@ -146,6 +135,15 @@ bool Daemon::activate(const InterfaceConfig& config) {
    return false;
  }
  if (supportIPUtils()) {
    if (!iputils()->addInterfaceIPs(config)) {
      return false;
    }
    if (!iputils()->setMTUAndUp(config)) {
      return false;
    }
  }
  // set routing
  for (const IPAddress& ip : config.m_allowedIPAddressRanges) {
    if (!wgutils()->updateRoutePrefix(ip)) {
@@ -167,6 +165,10 @@ bool Daemon::activate(const InterfaceConfig& config) {
 }
 bool Daemon::maybeUpdateResolvers(const InterfaceConfig& config) {
  if (!supportDnsUtils()) {
    return true;
  }
  if ((config.m_hopType == InterfaceConfig::MultiHopExit) ||
      (config.m_hopType == InterfaceConfig::SingleHop)) {
    QList<QHostAddress> resolvers;
@@ -421,8 +423,13 @@ bool Daemon::deactivate(bool emitSignals) {
  }
  // Cleanup DNS
-  if (!dnsutils()->restoreResolvers()) {
+  if (supportDnsUtils() && !dnsutils()->restoreResolvers()) {
-    logger.warning() << "Failed to restore DNS resolvers.";
+    return false;
  }
  if (!wgutils()->interfaceExists()) {
    logger.warning() << "Wireguard interface does not exist.";
    return false;
  }
  // Cleanup peers and routing
@@ -442,9 +449,13 @@ bool Daemon::deactivate(bool emitSignals) {
  }
  m_excludedAddrSet.clear();
  m_connections.clear();
  // Delete the interface
-  return wgutils()->deleteInterface();  
+  if (!wgutils()->deleteInterface()) {
    return false;
  }
  m_connections.clear();
  return true;
 }
 QString Daemon::logs() {
@@ -8,8 +8,6 @@
 #include <QDateTime>
 #include <QTimer>
 #include "daemon/daemonerrors.h"
 #include "daemonerrors.h"
 #include "dnsutils.h"
 #include "interfaceconfig.h"
 #include "iputils.h"
@@ -53,7 +51,7 @@ class Daemon : public QObject {
   */
  void activationFailure();
  void disconnected();
-  void backendFailure(DaemonError reason = DaemonError::ERROR_FATAL);
+  void backendFailure();
 private:
  bool maybeUpdateResolvers(const InterfaceConfig& config);
@@ -71,6 +69,7 @@ class Daemon : public QObject {
  virtual WireguardUtils* wgutils() const = 0;
  virtual bool supportIPUtils() const { return false; }
  virtual IPUtils* iputils() { return nullptr; }
  virtual bool supportDnsUtils() const { return false; }
  virtual DnsUtils* dnsutils() { return nullptr; }
  static bool parseStringList(const QJsonObject& obj, const QString& name,
@@ -1,17 +0,0 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 #pragma once
 #include <cstdint>
 enum class DaemonError : uint8_t {
  ERROR_NONE = 0u,
  ERROR_FATAL = 1u,
  ERROR_SPLIT_TUNNEL_INIT_FAILURE = 2u,
  ERROR_SPLIT_TUNNEL_START_FAILURE = 3u,
  ERROR_SPLIT_TUNNEL_EXCLUDE_FAILURE = 4u,
  DAEMON_ERROR_MAX = 5u,
 };
@@ -92,17 +92,6 @@ void DaemonLocalServerConnection::parseCommand(const QByteArray& data) {
  logger.debug() << "Command received:" << type;
  // It is expected that sometimes the client will request backend logs
  // before the first authentication. In these cases we just return empty
  // logs.
  if (type == "logs") {
    QJsonObject obj;
    obj.insert("type", "logs");
    obj.insert("logs", "");
    write(obj);
    return;
  }
  if (type == "activate") {
    InterfaceConfig config;
    if (!Daemon::parseConfig(obj, config)) {
@@ -126,7 +115,8 @@ void DaemonLocalServerConnection::parseCommand(const QByteArray& data) {
  if (type == "status") {
    QJsonObject obj = Daemon::instance()->getStatus();
    obj.insert("type", "status");
-    write(obj);
+    m_socket->write(QJsonDocument(obj).toJson(QJsonDocument::Compact));
    m_socket->write("\n");
    return;
  }
@@ -134,7 +124,8 @@ void DaemonLocalServerConnection::parseCommand(const QByteArray& data) {
    QJsonObject obj;
    obj.insert("type", "logs");
    obj.insert("logs", Daemon::instance()->logs().replace("\n", "|"));
-    write(obj);
+    m_socket->write(QJsonDocument(obj).toJson(QJsonDocument::Compact));
    m_socket->write("\n");
    return;
  }
@@ -159,10 +150,9 @@ void DaemonLocalServerConnection::disconnected() {
  write(obj);
 }
-void DaemonLocalServerConnection::backendFailure(DaemonError err) {
+void DaemonLocalServerConnection::backendFailure() {
  QJsonObject obj;
  obj.insert("type", "backendFailure");
  obj.insert("errorCode", static_cast<int>(err));
  write(obj);
 }
@@ -7,8 +7,6 @@
 #include <QObject>
 #include "daemonerrors.h"
 class QLocalSocket;
 class DaemonLocalServerConnection final : public QObject {
@@ -25,7 +23,7 @@ class DaemonLocalServerConnection final : public QObject {
  void connected(const QString& pubkey);
  void disconnected();
-  void backendFailure(DaemonError err);
+  void backendFailure();
  void write(const QJsonObject& obj);
@@ -48,8 +48,6 @@ class WireguardUtils : public QObject {
  virtual bool addExclusionRoute(const IPAddress& prefix) = 0;
  virtual bool deleteExclusionRoute(const IPAddress& prefix) = 0;
  virtual bool excludeLocalNetworks(const QList<IPAddress>& addresses) = 0;
 };
 #endif  // WIREGUARDUTILS_H
@@ -1,5 +0,0 @@
 <svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
 <path d="M18 13V19C18 19.5304 17.7893 20.0391 17.4142 20.4142C17.0391 20.7893 16.5304 21 16 21H5C4.46957 21 3.96086 20.7893 3.58579 20.4142C3.21071 20.0391 3 19.5304 3 19V8C3 7.46957 3.21071 6.96086 3.58579 6.58579C3.96086 6.21071 4.46957 6 5 6H11" stroke="#D7D8DB" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
 <path d="M15 3H21V9" stroke="#D7D8DB" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
 <path d="M10 14L21 3" stroke="#D7D8DB" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
 </svg>
@@ -1,10 +1,9 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 #include "protocols/protocols_defs.h"
 #include "localsocketcontroller.h"
 #include <stdint.h>
 #include <QDir>
 #include <QFileInfo>
 #include <QHostAddress>
@@ -18,9 +17,6 @@
 #include "leakdetector.h"
 #include "logger.h"
 #include "models/server.h"
 #include "daemon/daemonerrors.h"
 #include "protocols/protocols_defs.h"
 // How many times do we try to reconnect.
 constexpr int MAX_CONNECTION_RETRY = 10;
@@ -39,7 +35,7 @@ LocalSocketController::LocalSocketController() {
  connect(m_socket, &QLocalSocket::connected, this,
          &LocalSocketController::daemonConnected);
  connect(m_socket, &QLocalSocket::disconnected, this,
-          [&] { errorOccurred(QLocalSocket::PeerClosedError); });
+          &LocalSocketController::disconnected);
  connect(m_socket, &QLocalSocket::errorOccurred, this,
          &LocalSocketController::errorOccurred);
  connect(m_socket, &QLocalSocket::readyRead, this,
@@ -455,39 +451,8 @@ void LocalSocketController::parseCommand(const QByteArray& command) {
  }
  if (type == "backendFailure") {
-    if (!obj.contains("errorCode")) {
+    qCritical() << "backendFailure";
-      // report a generic error if we dont know what it is.
+    return;
      logger.error() << "generic backend failure error";
      // REPORTERROR(ErrorHandler::ControllerError, "controller");
      return;
    }
    auto errorCode = static_cast<uint8_t>(obj["errorCode"].toInt());
    if (errorCode >= (uint8_t)DaemonError::DAEMON_ERROR_MAX) {
      // Also report a generic error if the code is invalid.
      logger.error() << "invalid backend failure error code";
      // REPORTERROR(ErrorHandler::ControllerError, "controller");
      return;
    }
    switch (static_cast<DaemonError>(errorCode)) {
      case DaemonError::ERROR_NONE:
        [[fallthrough]];
      case DaemonError::ERROR_FATAL:
        logger.error() << "generic backend failure error (fatal or error none)";
        // REPORTERROR(ErrorHandler::ControllerError, "controller");
        break;
      case DaemonError::ERROR_SPLIT_TUNNEL_INIT_FAILURE:
        [[fallthrough]];
      case DaemonError::ERROR_SPLIT_TUNNEL_START_FAILURE:
        [[fallthrough]];
      case DaemonError::ERROR_SPLIT_TUNNEL_EXCLUDE_FAILURE:
        logger.error() << "split tunnel backend failure error";
        //REPORTERROR(ErrorHandler::SplitTunnelError, "controller");
        break;
      case DaemonError::DAEMON_ERROR_MAX:
        // We should not get here.
        Q_ASSERT(false);
        break;
    }
  }
  if (type == "logs") {
@@ -163,7 +163,9 @@ QString AndroidController::openFile(const QString &filter)
    QString fileName;
    connect(this, &AndroidController::fileOpened, this,
            [&fileName, &wait](const QString &uri) {
-                fileName = uri;
+                qDebug() << "Android event: file opened; uri:" << uri;
                fileName = QQmlFile::urlToLocalFileOrQrc(uri);
                qDebug() << "Android opened filename:" << fileName;
                wait.quit();
            },
            static_cast<Qt::ConnectionType>(Qt::QueuedConnection | Qt::SingleShotConnection));
@@ -173,25 +175,6 @@ QString AndroidController::openFile(const QString &filter)
    return fileName;
 }
 int AndroidController::getFd(const QString &fileName)
 {
    return callActivityMethod<jint>("getFd", "(Ljava/lang/String;)I",
                                    QJniObject::fromString(fileName).object<jstring>());
 }
 void AndroidController::closeFd()
 {
    callActivityMethod("closeFd", "()V");
 }
 QString AndroidController::getFileName(const QString &uri)
 {
    auto fileName = callActivityMethod<jstring, jstring>("getFileName", "(Ljava/lang/String;)Ljava/lang/String;",
                                                         QJniObject::fromString(uri).object<jstring>());
    QJniEnvironment env;
    return AndroidUtils::convertJString(env.jniEnv(), fileName.object<jstring>());
 }
 bool AndroidController::isCameraPresent()
 {
    return callActivityMethod<jboolean>("isCameraPresent", "()Z");
@@ -304,11 +287,6 @@ bool AndroidController::requestAuthentication()
    return result;
 }
 void AndroidController::sendTouch(float x, float y)
 {
    callActivityMethod("sendTouch", "(FF)V", x, y);
 }
 // Moving log processing to the Android side
 jclass AndroidController::log;
 jmethodID AndroidController::logDebug;
@@ -34,9 +34,6 @@ public:
    void resetLastServer(int serverIndex);
    void saveFile(const QString &fileName, const QString &data);
    QString openFile(const QString &filter);
    int getFd(const QString &fileName);
    void closeFd();
    QString getFileName(const QString &uri);
    bool isCameraPresent();
    bool isOnTv();
    void startQrReaderActivity();
@@ -51,7 +48,6 @@ public:
    bool isNotificationPermissionGranted();
    void requestNotificationPermission();
    bool requestAuthentication();
    void sendTouch(float x, float y);
    static bool initLogging();
    static void messageHandler(QtMsgType type, const QMessageLogContext &context, const QString &message);
@@ -22,6 +22,7 @@ class LinuxDaemon final : public Daemon {
 protected:
  WireguardUtils* wgutils() const override { return m_wgutils; }
  bool supportDnsUtils() const override { return true; }
  DnsUtils* dnsutils() override { return m_dnsutils; }
  bool supportIPUtils() const override { return true; }
  IPUtils* iputils() override { return m_iputils; }
@@ -196,8 +196,6 @@ QStringList LinuxFirewall::getDNSRules(const QStringList& servers)
        result << QStringLiteral("-o amn0+ -d %1 -p tcp --dport 53 -j ACCEPT").arg(server);
        result << QStringLiteral("-o tun0+ -d %1 -p udp --dport 53 -j ACCEPT").arg(server);
        result << QStringLiteral("-o tun0+ -d %1 -p tcp --dport 53 -j ACCEPT").arg(server);
        result << QStringLiteral("-o tun2+ -d %1 -p udp --dport 53 -j ACCEPT").arg(server);
        result << QStringLiteral("-o tun2+ -d %1 -p tcp --dport 53 -j ACCEPT").arg(server);
    }
    return result;
 }
@@ -279,7 +277,6 @@ void LinuxFirewall::install()
    installAnchor(Both, QStringLiteral("200.allowVPN"), {
                                                            QStringLiteral("-o amn0+ -j ACCEPT"),
                                                            QStringLiteral("-o tun0+ -j ACCEPT"),
                                                            QStringLiteral("-o tun2+ -j ACCEPT"),
                                                        });
    installAnchor(IPv4, QStringLiteral("120.blockNets"), {});
@@ -297,6 +297,31 @@ QList<WireguardUtils::PeerStatus> WireguardUtilsLinux::getPeerStatus() {
    return peerList;
 }
 void WireguardUtilsLinux::applyFirewallRules(FirewallParams& params)
 {
    // double-check + ensure our firewall is installed and enabled
    if (!LinuxFirewall::isInstalled()) LinuxFirewall::install();
    // Note: rule precedence is handled inside IpTablesFirewall
    LinuxFirewall::ensureRootAnchorPriority();
    LinuxFirewall::setAnchorEnabled(LinuxFirewall::Both, QStringLiteral("000.allowLoopback"), true);
    LinuxFirewall::setAnchorEnabled(LinuxFirewall::Both, QStringLiteral("100.blockAll"), params.blockAll);
    LinuxFirewall::setAnchorEnabled(LinuxFirewall::IPv4, QStringLiteral("110.allowNets"), params.allowNets);
    LinuxFirewall::updateAllowNets(params.allowAddrs);
    LinuxFirewall::setAnchorEnabled(LinuxFirewall::IPv4, QStringLiteral("120.blockNets"), params.blockNets);
    LinuxFirewall::updateBlockNets(params.blockAddrs);
    LinuxFirewall::setAnchorEnabled(LinuxFirewall::IPv4, QStringLiteral("200.allowVPN"), true);
    LinuxFirewall::setAnchorEnabled(LinuxFirewall::IPv6, QStringLiteral("250.blockIPv6"), true);
    LinuxFirewall::setAnchorEnabled(LinuxFirewall::Both, QStringLiteral("290.allowDHCP"), true);
    LinuxFirewall::setAnchorEnabled(LinuxFirewall::Both, QStringLiteral("300.allowLAN"), true);
    LinuxFirewall::setAnchorEnabled(LinuxFirewall::IPv4, QStringLiteral("310.blockDNS"), true);
    LinuxFirewall::updateDNSServers(params.dnsServers);
    LinuxFirewall::setAnchorEnabled(LinuxFirewall::IPv4, QStringLiteral("320.allowDNS"), true);
    LinuxFirewall::setAnchorEnabled(LinuxFirewall::Both, QStringLiteral("400.allowPIA"), true);
 }
 bool WireguardUtilsLinux::updateRoutePrefix(const IPAddress& prefix) {
    if (!m_rtmonitor) {
        return false;
@@ -352,26 +377,6 @@ bool WireguardUtilsLinux::deleteExclusionRoute(const IPAddress& prefix) {
    return m_rtmonitor->deleteExclusionRoute(prefix);
 }
 bool WireguardUtilsLinux::excludeLocalNetworks(const QList<IPAddress>& routes) {
  if (!m_rtmonitor) {
    return false;
  }
  // Explicitly discard LAN traffic that makes its way into the tunnel. This
  // doesn't really exclude the LAN traffic, we just don't take any action to
  // overrule the routes of other interfaces.
  bool result = true;
  for (const auto& prefix : routes) {
    logger.error() << "Attempting to exclude:" << prefix.toString();
    if (!m_rtmonitor->insertRoute(prefix)) {
      result = false;
    }
  }
  // TODO: A kill switch would be nice though :)
  return result;
 }
 QString WireguardUtilsLinux::uapiCommand(const QString& command) {
    QLocalSocket socket;
    QTimer uapiTimeout;
@@ -445,27 +450,3 @@ QString WireguardUtilsLinux::waitForTunnelName(const QString& filename) {
    return QString();
 }
 void WireguardUtilsLinux::applyFirewallRules(FirewallParams& params)
 {
    // double-check + ensure our firewall is installed and enabled
    if (!LinuxFirewall::isInstalled()) LinuxFirewall::install();
    // Note: rule precedence is handled inside IpTablesFirewall
    LinuxFirewall::ensureRootAnchorPriority();
    LinuxFirewall::setAnchorEnabled(LinuxFirewall::Both, QStringLiteral("000.allowLoopback"), true);
    LinuxFirewall::setAnchorEnabled(LinuxFirewall::Both, QStringLiteral("100.blockAll"), params.blockAll);
    LinuxFirewall::setAnchorEnabled(LinuxFirewall::IPv4, QStringLiteral("110.allowNets"), params.allowNets);
    LinuxFirewall::updateAllowNets(params.allowAddrs);
    LinuxFirewall::setAnchorEnabled(LinuxFirewall::IPv4, QStringLiteral("120.blockNets"), params.blockNets);
    LinuxFirewall::updateBlockNets(params.blockAddrs);
    LinuxFirewall::setAnchorEnabled(LinuxFirewall::IPv4, QStringLiteral("200.allowVPN"), true);
    LinuxFirewall::setAnchorEnabled(LinuxFirewall::IPv6, QStringLiteral("250.blockIPv6"), true);
    LinuxFirewall::setAnchorEnabled(LinuxFirewall::Both, QStringLiteral("290.allowDHCP"), true);
    LinuxFirewall::setAnchorEnabled(LinuxFirewall::Both, QStringLiteral("300.allowLAN"), true);
    LinuxFirewall::setAnchorEnabled(LinuxFirewall::IPv4, QStringLiteral("310.blockDNS"), true);
    LinuxFirewall::updateDNSServers(params.dnsServers);
    LinuxFirewall::setAnchorEnabled(LinuxFirewall::IPv4, QStringLiteral("320.allowDNS"), true);
    LinuxFirewall::setAnchorEnabled(LinuxFirewall::Both, QStringLiteral("400.allowPIA"), true);
 }
@@ -37,9 +37,6 @@ public:
    bool addExclusionRoute(const IPAddress& prefix) override;
    bool deleteExclusionRoute(const IPAddress& prefix) override;
    bool excludeLocalNetworks(const QList<IPAddress>& lanAddressRanges) override;
    void applyFirewallRules(FirewallParams& params);
 signals:
    void backendFailure();
@@ -21,6 +21,7 @@ class MacOSDaemon final : public Daemon {
 protected:
  WireguardUtils* wgutils() const override { return m_wgutils; }
  bool supportDnsUtils() const override { return true; }
  DnsUtils* dnsutils() override { return m_dnsutils; }
  bool supportIPUtils() const override { return true; }
  IPUtils* iputils() override { return m_iputils; }
@@ -358,8 +358,8 @@ void MacosRouteMonitor::rtmAppendAddr(struct rt_msghdr* rtm, size_t maxlen,
 }
 bool MacosRouteMonitor::rtmSendRoute(int action, const IPAddress& prefix,
-                                     unsigned int ifindex, const void* gateway,
+                                     unsigned int ifindex,
-                                     int flags) {
+                                     const void* gateway) {
  constexpr size_t rtm_max_size = sizeof(struct rt_msghdr) +
                                  sizeof(struct sockaddr_in6) * 2 +
                                  sizeof(struct sockaddr_storage);
@@ -370,7 +370,7 @@ bool MacosRouteMonitor::rtmSendRoute(int action, const IPAddress& prefix,
  rtm->rtm_version = RTM_VERSION;
  rtm->rtm_type = action;
  rtm->rtm_index = ifindex;
-  rtm->rtm_flags = flags | RTF_STATIC | RTF_UP;
+  rtm->rtm_flags = RTF_STATIC | RTF_UP;
  rtm->rtm_addrs = 0;
  rtm->rtm_pid = 0;
  rtm->rtm_seq = m_rtseq++;
@@ -490,7 +490,7 @@ bool MacosRouteMonitor::rtmFetchRoutes(int family) {
  return false;
 }
-bool MacosRouteMonitor::insertRoute(const IPAddress& prefix, int flags) {
+bool MacosRouteMonitor::insertRoute(const IPAddress& prefix) {
  struct sockaddr_dl datalink;
  memset(&datalink, 0, sizeof(datalink));
  datalink.sdl_family = AF_LINK;
@@ -502,11 +502,11 @@ bool MacosRouteMonitor::insertRoute(const IPAddress& prefix, int flags) {
  datalink.sdl_slen = 0;
  memcpy(&datalink.sdl_data, qPrintable(m_ifname), datalink.sdl_nlen);
-  return rtmSendRoute(RTM_ADD, prefix, m_ifindex, &datalink, flags);
+  return rtmSendRoute(RTM_ADD, prefix, m_ifindex, &datalink);
 }
-bool MacosRouteMonitor::deleteRoute(const IPAddress& prefix, int flags) {
+bool MacosRouteMonitor::deleteRoute(const IPAddress& prefix) {
-  return rtmSendRoute(RTM_DELETE, prefix, m_ifindex, nullptr, flags);
+  return rtmSendRoute(RTM_DELETE, prefix, m_ifindex, nullptr);
 }
 bool MacosRouteMonitor::addExclusionRoute(const IPAddress& prefix) {
@@ -24,8 +24,8 @@ class MacosRouteMonitor final : public QObject {
  MacosRouteMonitor(const QString& ifname, QObject* parent = nullptr);
  ~MacosRouteMonitor();
-  bool insertRoute(const IPAddress& prefix, int flags = 0);
+  bool insertRoute(const IPAddress& prefix);
-  bool deleteRoute(const IPAddress& prefix, int flags = 0);
+  bool deleteRoute(const IPAddress& prefix);
  int interfaceFlags() { return m_ifflags; }
  bool addExclusionRoute(const IPAddress& prefix);
@@ -37,7 +37,7 @@ class MacosRouteMonitor final : public QObject {
  void handleRtmUpdate(const struct rt_msghdr* msg, const QByteArray& payload);
  void handleIfaceInfo(const struct if_msghdr* msg, const QByteArray& payload);
  bool rtmSendRoute(int action, const IPAddress& prefix, unsigned int ifindex,
-                    const void* gateway, int flags = 0);
+                    const void* gateway);
  bool rtmFetchRoutes(int family);
  static void rtmAppendAddr(struct rt_msghdr* rtm, size_t maxlen, int rtaddr,
                            const void* sa);
@@ -5,7 +5,6 @@
 #include "wireguardutilsmacos.h"
 #include <errno.h>
 #include <net/route.h>
 #include <QByteArray>
 #include <QDir>
@@ -131,6 +130,7 @@ bool WireguardUtilsMacos::addInterface(const InterfaceConfig& config) {
  }
  int err = uapiErrno(uapiCommand(message));
  if (err != 0) {
    logger.error() << "Interface configuration failed:" << strerror(err);
  } else {
@@ -211,6 +211,7 @@ bool WireguardUtilsMacos::updatePeer(const InterfaceConfig& config) {
    logger.warning() << "Failed to create peer with no endpoints";
    return false;
  }
  out << config.m_serverPort << "\n";
  out << "replace_allowed_ips=true\n";
@@ -322,10 +323,10 @@ bool WireguardUtilsMacos::deleteRoutePrefix(const IPAddress& prefix) {
  if (!m_rtmonitor) {
    return false;
  }
  if (prefix.prefixLength() > 0) {
-    return m_rtmonitor->deleteRoute(prefix);
+    return m_rtmonitor->insertRoute(prefix);
  }
  // Ensure that we do not replace the default route.
  if (prefix.type() == QAbstractSocket::IPv4Protocol) {
    return m_rtmonitor->deleteRoute(IPAddress("0.0.0.0/1")) &&
@@ -345,6 +346,31 @@ bool WireguardUtilsMacos::addExclusionRoute(const IPAddress& prefix) {
  return m_rtmonitor->addExclusionRoute(prefix);
 }
 void WireguardUtilsMacos::applyFirewallRules(FirewallParams& params)
 {
  // double-check + ensure our firewall is installed and enabled. This is necessary as
  // other software may disable pfctl before re-enabling with their own rules (e.g other VPNs)
  if (!MacOSFirewall::isInstalled()) MacOSFirewall::install();
  MacOSFirewall::ensureRootAnchorPriority();
  MacOSFirewall::setAnchorEnabled(QStringLiteral("000.allowLoopback"), true);
  MacOSFirewall::setAnchorEnabled(QStringLiteral("100.blockAll"), params.blockAll);
  MacOSFirewall::setAnchorEnabled(QStringLiteral("110.allowNets"), params.allowNets);
  MacOSFirewall::setAnchorTable(QStringLiteral("110.allowNets"), params.allowNets,
                                QStringLiteral("allownets"), params.allowAddrs);
  MacOSFirewall::setAnchorEnabled(QStringLiteral("120.blockNets"), params.blockNets);
  MacOSFirewall::setAnchorTable(QStringLiteral("120.blockNets"), params.blockNets,
                                QStringLiteral("blocknets"), params.blockAddrs);
  MacOSFirewall::setAnchorEnabled(QStringLiteral("200.allowVPN"), true);
  MacOSFirewall::setAnchorEnabled(QStringLiteral("250.blockIPv6"), true);
  MacOSFirewall::setAnchorEnabled(QStringLiteral("290.allowDHCP"), true);
  MacOSFirewall::setAnchorEnabled(QStringLiteral("300.allowLAN"), true);
  MacOSFirewall::setAnchorEnabled(QStringLiteral("310.blockDNS"), true);
  MacOSFirewall::setAnchorTable(QStringLiteral("310.blockDNS"), true, QStringLiteral("dnsaddr"), params.dnsServers);
 }
 bool WireguardUtilsMacos::deleteExclusionRoute(const IPAddress& prefix) {
  if (!m_rtmonitor) {
    return false;
@@ -352,26 +378,6 @@ bool WireguardUtilsMacos::deleteExclusionRoute(const IPAddress& prefix) {
  return m_rtmonitor->deleteExclusionRoute(prefix);
 }
 bool WireguardUtilsMacos::excludeLocalNetworks(const QList<IPAddress>& routes) {
  if (!m_rtmonitor) {
    return false;
  }
  // Explicitly discard LAN traffic that makes its way into the tunnel. This
  // doesn't really exclude the LAN traffic, we just don't take any action to
  // overrule the routes of other interfaces.
  bool result = true;
  for (const auto& prefix : routes) {
    logger.error() << "Attempting to exclude:" << prefix.toString();
    if (!m_rtmonitor->insertRoute(prefix, RTF_IFSCOPE | RTF_REJECT)) {
      result = false;
    }
  }
  // TODO: A kill switch would be nice though :)
  return result;
 }
 QString WireguardUtilsMacos::uapiCommand(const QString& command) {
  QLocalSocket socket;
  QTimer uapiTimeout;
@@ -448,28 +454,3 @@ QString WireguardUtilsMacos::waitForTunnelName(const QString& filename) {
  return QString();
 }
 void WireguardUtilsMacos::applyFirewallRules(FirewallParams& params)
 {
  // double-check + ensure our firewall is installed and enabled. This is necessary as
  // other software may disable pfctl before re-enabling with their own rules (e.g other VPNs)
  if (!MacOSFirewall::isInstalled()) MacOSFirewall::install();
  MacOSFirewall::ensureRootAnchorPriority();
  MacOSFirewall::setAnchorEnabled(QStringLiteral("000.allowLoopback"), true);
  MacOSFirewall::setAnchorEnabled(QStringLiteral("100.blockAll"), params.blockAll);
  MacOSFirewall::setAnchorEnabled(QStringLiteral("110.allowNets"), params.allowNets);
  MacOSFirewall::setAnchorTable(QStringLiteral("110.allowNets"), params.allowNets,
                                QStringLiteral("allownets"), params.allowAddrs);
  MacOSFirewall::setAnchorEnabled(QStringLiteral("120.blockNets"), params.blockNets);
  MacOSFirewall::setAnchorTable(QStringLiteral("120.blockNets"), params.blockNets,
                                QStringLiteral("blocknets"), params.blockAddrs);
  MacOSFirewall::setAnchorEnabled(QStringLiteral("200.allowVPN"), true);
  MacOSFirewall::setAnchorEnabled(QStringLiteral("250.blockIPv6"), true);
  MacOSFirewall::setAnchorEnabled(QStringLiteral("290.allowDHCP"), true);
  MacOSFirewall::setAnchorEnabled(QStringLiteral("300.allowLAN"), true);
  MacOSFirewall::setAnchorEnabled(QStringLiteral("310.blockDNS"), true);
  MacOSFirewall::setAnchorTable(QStringLiteral("310.blockDNS"), true, QStringLiteral("dnsaddr"), params.dnsServers);
 }
@@ -35,9 +35,6 @@ class WireguardUtilsMacos final : public WireguardUtils {
  bool addExclusionRoute(const IPAddress& prefix) override;
  bool deleteExclusionRoute(const IPAddress& prefix) override;
  bool excludeLocalNetworks(const QList<IPAddress>& lanAddressRanges) override;
  void applyFirewallRules(FirewallParams& params);
 signals:
@@ -5,7 +5,6 @@
 #include "windowsdaemon.h"
 #include <Windows.h>
 #include <qassert.h>
 #include <QCoreApplication>
 #include <QJsonDocument>
@@ -16,34 +15,28 @@
 #include <QTextStream>
 #include <QtGlobal>
 #include "daemon/daemonerrors.h"
 #include "dnsutilswindows.h"
 #include "leakdetector.h"
 #include "logger.h"
 #include "platforms/windows/daemon/windowsfirewall.h"
 #include "platforms/windows/daemon/windowssplittunnel.h"
 #include "platforms/windows/windowscommons.h"
 #include "windowsfirewall.h"
 #include "core/networkUtilities.h"
 #include "platforms/windows/windowscommons.h"
 #include "platforms/windows/windowsservicemanager.h"
 #include "windowsfirewall.h"
 namespace {
 Logger logger("WindowsDaemon");
 }
-WindowsDaemon::WindowsDaemon() : Daemon(nullptr) {
+WindowsDaemon::WindowsDaemon() : Daemon(nullptr), m_splitTunnelManager(this) {
  MZ_COUNT_CTOR(WindowsDaemon);
  m_firewallManager = WindowsFirewall::create(this);
  Q_ASSERT(m_firewallManager != nullptr);
-  m_wgutils = WireguardUtilsWindows::create(m_firewallManager, this);
+  m_wgutils = new WireguardUtilsWindows(this);
  m_dnsutils = new DnsUtilsWindows(this);
  m_splitTunnelManager = WindowsSplitTunnel::create(m_firewallManager);
-  connect(m_wgutils.get(), &WireguardUtilsWindows::backendFailure, this,
+  connect(m_wgutils, &WireguardUtilsWindows::backendFailure, this,
          &WindowsDaemon::monitorBackendFailure);
  connect(this, &WindowsDaemon::activationFailure,
-          [this]() { m_firewallManager->disableKillSwitch(); });
+          []() { WindowsFirewall::instance()->disableKillSwitch(); });
 }
 WindowsDaemon::~WindowsDaemon() {
@@ -64,42 +57,28 @@ void WindowsDaemon::prepareActivation(const InterfaceConfig& config, int inetAda
 void WindowsDaemon::activateSplitTunnel(const InterfaceConfig& config, int vpnAdapterIndex) {
  if (config.m_vpnDisabledApps.length() > 0) {
-      m_splitTunnelManager->start(m_inetAdapterIndex, vpnAdapterIndex);
+      m_splitTunnelManager.start(m_inetAdapterIndex, vpnAdapterIndex);
-      m_splitTunnelManager->excludeApps(config.m_vpnDisabledApps);
+      m_splitTunnelManager.setRules(config.m_vpnDisabledApps);
  } else {
-      m_splitTunnelManager->stop();
+      m_splitTunnelManager.stop();
  }
 }
 bool WindowsDaemon::run(Op op, const InterfaceConfig& config) {
-  if (!m_splitTunnelManager) {
+  if (op == Down) {
-    if (config.m_vpnDisabledApps.length() > 0) {
+    m_splitTunnelManager.stop();
      // The Client has sent us a list of disabled apps, but we failed
      // to init the the split tunnel driver.
      // So let the client know this was not possible
      emit backendFailure(DaemonError::ERROR_SPLIT_TUNNEL_INIT_FAILURE);
    }
    return true;
  }
-  if (op == Down) {
+  if (op == Up) {
-    m_splitTunnelManager->stop();
+    logger.debug() << "Tunnel UP, Starting SplitTunneling";
-    return true;
+    if (!WindowsSplitTunnel::isInstalled()) {
-  }
+      logger.warning() << "Split Tunnel Driver not Installed yet, fixing this.";
-  if (config.m_vpnDisabledApps.length() > 0) {
+      WindowsSplitTunnel::installDriver();
    if (!m_splitTunnelManager->start(m_inetAdapterIndex)) {
      emit backendFailure(DaemonError::ERROR_SPLIT_TUNNEL_START_FAILURE);
    };
    if (!m_splitTunnelManager->excludeApps(config.m_vpnDisabledApps)) {
      emit backendFailure(DaemonError::ERROR_SPLIT_TUNNEL_EXCLUDE_FAILURE);
    };
    // Now the driver should be running (State == 4)
    if (!m_splitTunnelManager->isRunning()) {
      emit backendFailure(DaemonError::ERROR_SPLIT_TUNNEL_START_FAILURE);
    }
    return true;
  }
-  m_splitTunnelManager->stop();
+
  activateSplitTunnel(config);
  return true;
 }
@@ -5,11 +5,8 @@
 #ifndef WINDOWSDAEMON_H
 #define WINDOWSDAEMON_H
 #include <qpointer.h>
 #include "daemon/daemon.h"
 #include "dnsutilswindows.h"
 #include "windowsfirewall.h"
 #include "windowssplittunnel.h"
 #include "windowstunnelservice.h"
 #include "wireguardutilswindows.h"
@@ -28,7 +25,8 @@ class WindowsDaemon final : public Daemon {
 protected:
  bool run(Op op, const InterfaceConfig& config) override;
-  WireguardUtils* wgutils() const override { return m_wgutils.get(); }
+  WireguardUtils* wgutils() const override { return m_wgutils; }
  bool supportDnsUtils() const override { return true; }
  DnsUtils* dnsutils() override { return m_dnsutils; }
 private:
@@ -42,10 +40,9 @@ class WindowsDaemon final : public Daemon {
  int m_inetAdapterIndex = -1;
-  std::unique_ptr<WireguardUtilsWindows> m_wgutils;
+  WireguardUtilsWindows* m_wgutils = nullptr;
  DnsUtilsWindows* m_dnsutils = nullptr;
-  std::unique_ptr<WindowsSplitTunnel> m_splitTunnelManager;
+  WindowsSplitTunnel m_splitTunnelManager;
  QPointer<WindowsFirewall> m_firewallManager;
 };
 #endif  // WINDOWSDAEMON_H
@@ -9,12 +9,11 @@
 #include <guiddef.h>
 #include <initguid.h>
 #include <netfw.h>
-#include <qaccessible.h>
+//#include <qaccessible.h>
-#include <qassert.h>
+#include <Ws2tcpip.h>
 #include <stdio.h>
 #include <windows.h>
 #include <Ws2tcpip.h>
 #include "winsock.h"
 #include <QApplication>
 #include <QFileInfo>
@@ -28,6 +27,7 @@
 #include "leakdetector.h"
 #include "logger.h"
 #include "platforms/windows/windowsutils.h"
 #include "winsock.h"
 #define IPV6_ADDRESS_SIZE 16
@@ -49,13 +49,18 @@ constexpr uint8_t HIGH_WEIGHT = 13;
 constexpr uint8_t MAX_WEIGHT = 15;
 }  // namespace
-WindowsFirewall* WindowsFirewall::create(QObject* parent) {
+WindowsFirewall* WindowsFirewall::instance() {
-  if (s_instance != nullptr) {
+  if (s_instance == nullptr) {
-    // Only one instance of the firewall is allowed
+    s_instance = new WindowsFirewall(qApp);
 //    Q_ASSERT(false);
    return s_instance;
  }
-  HANDLE engineHandle = nullptr;
+  return s_instance;
 }
 WindowsFirewall::WindowsFirewall(QObject* parent) : QObject(parent) {
  MZ_COUNT_CTOR(WindowsFirewall);
  Q_ASSERT(s_instance == nullptr);
  HANDLE engineHandle = NULL;
  DWORD result = ERROR_SUCCESS;
  // Use dynamic sessions for efficiency and safety:
  //  -> Filtering policy objects are deleted even when the application crashes/
@@ -66,24 +71,15 @@ WindowsFirewall* WindowsFirewall::create(QObject* parent) {
  logger.debug() << "Opening the filter engine.";
-  result = FwpmEngineOpen0(nullptr, RPC_C_AUTHN_WINNT, nullptr, &session,
+  result =
-                           &engineHandle);
+      FwpmEngineOpen0(NULL, RPC_C_AUTHN_WINNT, NULL, &session, &engineHandle);
  if (result != ERROR_SUCCESS) {
    WindowsUtils::windowsLog("FwpmEngineOpen0 failed");
-    return nullptr;
+    return;
  }
  logger.debug() << "Filter engine opened successfully.";
-  if (!initSublayer()) {
+  m_sessionHandle = engineHandle;
    return nullptr;
  }
  s_instance = new WindowsFirewall(engineHandle, parent);
  return s_instance;
 }
 WindowsFirewall::WindowsFirewall(HANDLE session, QObject* parent)
    : QObject(parent), m_sessionHandle(session) {
  MZ_COUNT_CTOR(WindowsFirewall);
 }
 WindowsFirewall::~WindowsFirewall() {
@@ -93,8 +89,15 @@ WindowsFirewall::~WindowsFirewall() {
  }
 }
-// static
+bool WindowsFirewall::init() {
-bool WindowsFirewall::initSublayer() {
+  if (m_init) {
    logger.warning() << "Alread initialised FW_WFP layer";
    return true;
  }
  if (m_sessionHandle == INVALID_HANDLE_VALUE) {
    logger.error() << "Cant Init Sublayer with invalid wfp handle";
    return false;
  }
  // If we were not able to aquire a handle, this will fail anyway.
  // We need to open up another handle because of wfp rules:
  // If a wfp resource was created with SESSION_DYNAMIC,
@@ -154,10 +157,11 @@ bool WindowsFirewall::initSublayer() {
    return false;
  }
  logger.debug() << "Initialised Sublayer";
  m_init = true;
  return true;
 }
-bool WindowsFirewall::enableInterface(int vpnAdapterIndex) {
+bool WindowsFirewall::enableKillSwitch(int vpnAdapterIndex) {
 // Checks if the FW_Rule was enabled succesfully,
 // disables the whole killswitch and returns false if not.
 #define FW_OK(rule)                                                       \
@@ -180,7 +184,7 @@ bool WindowsFirewall::enableInterface(int vpnAdapterIndex) {
    }                                                                     \
  }
-  logger.info() << "Enabling firewall Using Adapter:" << vpnAdapterIndex;
+  logger.info() << "Enabling Killswitch Using Adapter:" << vpnAdapterIndex;
  FW_OK(allowTrafficOfAdapter(vpnAdapterIndex, MED_WEIGHT,
                              "Allow usage of VPN Adapter"));
  FW_OK(allowDHCPTraffic(MED_WEIGHT, "Allow DHCP Traffic"));
@@ -196,36 +200,6 @@ bool WindowsFirewall::enableInterface(int vpnAdapterIndex) {
 #undef FW_OK
 }
 // Allow unprotected traffic sent to the following local address ranges.
 bool WindowsFirewall::enableLanBypass(const QList<IPAddress>& ranges) {
  // Start the firewall transaction
  auto result = FwpmTransactionBegin(m_sessionHandle, NULL);
  if (result != ERROR_SUCCESS) {
    disableKillSwitch();
    return false;
  }
  auto cleanup = qScopeGuard([&] {
    FwpmTransactionAbort0(m_sessionHandle);
    disableKillSwitch();
  });
  // Blocking unprotected traffic
  for (const IPAddress& prefix : ranges) {
    if (!allowTrafficTo(prefix, LOW_WEIGHT + 1, "Allow LAN bypass traffic")) {
      return false;
    }
  }
  result = FwpmTransactionCommit0(m_sessionHandle);
  if (result != ERROR_SUCCESS) {
    logger.error() << "FwpmTransactionCommit0 failed with error:" << result;
    return false;
  }
  cleanup.dismiss();
  return true;
 }
 bool WindowsFirewall::enablePeerTraffic(const InterfaceConfig& config) {
  // Start the firewall transaction
  auto result = FwpmTransactionBegin(m_sessionHandle, NULL);
@@ -264,10 +238,10 @@ bool WindowsFirewall::enablePeerTraffic(const InterfaceConfig& config) {
  if (!config.m_excludedAddresses.empty()) {
    for (const QString& i : config.m_excludedAddresses) {
-      logger.debug() << "excludedAddresses range: " << i;
+      logger.debug() << "range: " << i;
-      if (!allowTrafficTo(i, HIGH_WEIGHT,
+      if (!allowTrafficToRange(i, HIGH_WEIGHT,
-                               "Allow Ecxlude route", config.m_serverPublicKey)) {
+                          "Allow Ecxlude route", config.m_serverPublicKey)) {
        return false;
      }
    }
@@ -447,59 +421,9 @@ bool WindowsFirewall::allowTrafficOfAdapter(int networkAdapter, uint8_t weight,
  return true;
 }
 bool WindowsFirewall::allowTrafficTo(const IPAddress& addr, int weight,
                                     const QString& title,
                                     const QString& peer) {
  GUID layerKeyOut;
  GUID layerKeyIn;
  if (addr.type() == QAbstractSocket::IPv4Protocol) {
    layerKeyOut = FWPM_LAYER_ALE_AUTH_CONNECT_V4;
    layerKeyIn = FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4;
  } else {
    layerKeyOut = FWPM_LAYER_ALE_AUTH_CONNECT_V6;
    layerKeyIn = FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V6;
  }
  // Match the IP address range.
  FWPM_FILTER_CONDITION0 cond[1] = {};
  FWP_RANGE0 ipRange;
  QByteArray lowIpV6Buffer;
  QByteArray highIpV6Buffer;
  importAddress(addr.address(), ipRange.valueLow, &lowIpV6Buffer);
  importAddress(addr.broadcastAddress(), ipRange.valueHigh, &highIpV6Buffer);
  cond[0].fieldKey = FWPM_CONDITION_IP_REMOTE_ADDRESS;
  cond[0].matchType = FWP_MATCH_RANGE;
  cond[0].conditionValue.type = FWP_RANGE_TYPE;
  cond[0].conditionValue.rangeValue = &ipRange;
  // Assemble the Filter base
  FWPM_FILTER0 filter;
  memset(&filter, 0, sizeof(filter));
  filter.action.type = FWP_ACTION_PERMIT;
  filter.weight.type = FWP_UINT8;
  filter.weight.uint8 = weight;
  filter.subLayerKey = ST_FW_WINFW_BASELINE_SUBLAYER_KEY;
  filter.numFilterConditions = 1;
  filter.filterCondition = cond;
  // Send the filters down to the firewall.
  QString description = "Permit traffic %1 " + addr.toString();
  filter.layerKey = layerKeyOut;
  if (!enableFilter(&filter, title, description.arg("to"), peer)) {
    return false;
  }
  filter.layerKey = layerKeyIn;
  if (!enableFilter(&filter, title, description.arg("from"), peer)) {
    return false;
  }
  return true;
 }
 bool WindowsFirewall::allowTrafficTo(const QHostAddress& targetIP, uint port,
-                                     int weight, const QString& title,
+                                          int weight, const QString& title,
-                                     const QString& peer) {
+                                          const QString& peer) {
  bool isIPv4 = targetIP.protocol() == QAbstractSocket::IPv4Protocol;
  GUID layerOut =
      isIPv4 ? FWPM_LAYER_ALE_AUTH_CONNECT_V4 : FWPM_LAYER_ALE_AUTH_CONNECT_V6;
@@ -560,6 +484,57 @@ bool WindowsFirewall::allowTrafficTo(const QHostAddress& targetIP, uint port,
  return true;
 }
 bool WindowsFirewall::allowTrafficToRange(const IPAddress& addr, uint8_t weight,
                                     const QString& title,
                                     const QString& peer) {
  QString description("Allow traffic %1 %2 ");
  auto lower = addr.address();
  auto upper = addr.broadcastAddress();
  const bool isV4 = addr.type() == QAbstractSocket::IPv4Protocol;
  const GUID layerKeyOut =
      isV4 ? FWPM_LAYER_ALE_AUTH_CONNECT_V4 : FWPM_LAYER_ALE_AUTH_CONNECT_V6;
  const GUID layerKeyIn = isV4 ? FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4
                               : FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V6;
  // Assemble the Filter base
  FWPM_FILTER0 filter;
  memset(&filter, 0, sizeof(filter));
  filter.action.type = FWP_ACTION_PERMIT;
  filter.weight.type = FWP_UINT8;
  filter.weight.uint8 = weight;
  filter.subLayerKey = ST_FW_WINFW_BASELINE_SUBLAYER_KEY;
  FWPM_FILTER_CONDITION0 cond[1] = {0};
  FWP_RANGE0 ipRange;
  QByteArray lowIpV6Buffer;
  QByteArray highIpV6Buffer;
  importAddress(lower, ipRange.valueLow, &lowIpV6Buffer);
  importAddress(upper, ipRange.valueHigh, &highIpV6Buffer);
  cond[0].fieldKey = FWPM_CONDITION_IP_REMOTE_ADDRESS;
  cond[0].matchType = FWP_MATCH_RANGE;
  cond[0].conditionValue.type = FWP_RANGE_TYPE;
  cond[0].conditionValue.rangeValue = &ipRange;
  filter.numFilterConditions = 1;
  filter.filterCondition = cond;
  filter.layerKey = layerKeyOut;
  if (!enableFilter(&filter, title, description.arg("to").arg(addr.toString()),
                    peer)) {
    return false;
  }
  filter.layerKey = layerKeyIn;
  if (!enableFilter(&filter, title,
                    description.arg("from").arg(addr.toString()), peer)) {
    return false;
  }
  return true;
 }
 bool WindowsFirewall::allowDHCPTraffic(uint8_t weight, const QString& title) {
  // Allow outbound DHCPv4
  {
@@ -759,7 +734,7 @@ bool WindowsFirewall::blockTrafficTo(const IPAddress& addr, uint8_t weight,
  filter.weight.uint8 = weight;
  filter.subLayerKey = ST_FW_WINFW_BASELINE_SUBLAYER_KEY;
-  FWPM_FILTER_CONDITION0 cond[1] = {};
+  FWPM_FILTER_CONDITION0 cond[1] = {0};
  FWP_RANGE0 ipRange;
  QByteArray lowIpV6Buffer;
  QByteArray highIpV6Buffer;
@@ -26,27 +26,18 @@ struct FWP_CONDITION_VALUE0_;
 class WindowsFirewall final : public QObject {
 public:
-  /**
+  ~WindowsFirewall();
   * @brief Opens the Windows Filtering Platform, initializes the session,
   * sublayer. Returns a WindowsFirewall object if successful, otherwise
   * nullptr. If there is already a WindowsFirewall object, it will be returned.
   *
   * @param parent - parent QObject
   * @return WindowsFirewall* - nullptr if failed to open the Windows Filtering
   * Platform.
   */
  static WindowsFirewall* create(QObject* parent);
  ~WindowsFirewall() override;
-  bool enableInterface(int vpnAdapterIndex);
+  static WindowsFirewall* instance();
-  bool enableLanBypass(const QList<IPAddress>& ranges);
+  bool init();
  bool enableKillSwitch(int vpnAdapterIndex);
  bool enablePeerTraffic(const InterfaceConfig& config);
  bool disablePeerTraffic(const QString& pubkey);
  bool disableKillSwitch();
 private:
-  static bool initSublayer();
+  WindowsFirewall(QObject* parent);
  WindowsFirewall(HANDLE session, QObject* parent);
  HANDLE m_sessionHandle;
  bool m_init = false;
  QList<uint64_t> m_activeRules;
@@ -59,10 +50,11 @@ class WindowsFirewall final : public QObject {
  bool blockTrafficTo(const IPAddress& addr, uint8_t weight,
                      const QString& title, const QString& peer = QString());
  bool blockTrafficOnPort(uint port, uint8_t weight, const QString& title);
  bool allowTrafficTo(const IPAddress& addr, int weight, const QString& title,
                      const QString& peer = QString());
  bool allowTrafficTo(const QHostAddress& targetIP, uint port, int weight,
                      const QString& title, const QString& peer = QString());
  bool allowTrafficToRange(const IPAddress& addr, uint8_t weight,
                           const QString& title,
                           const QString& peer);
  bool allowTrafficOfAdapter(int networkAdapter, uint8_t weight,
                             const QString& title);
  bool allowDHCPTraffic(uint8_t weight, const QString& title);
@@ -13,12 +13,6 @@ namespace {
 Logger logger("WindowsRouteMonitor");
 };  // namespace
 // Attempt to mark routing entries that we create with a relatively
 // high metric. This ensures that we can skip over routes of our own
 // creation when processing route changes, and ensures that we give
 // way to other routing entries.
 constexpr const ULONG EXCLUSION_ROUTE_METRIC = 0x5e72;
 // Called by the kernel on route changes - perform some basic filtering and
 // invoke the routeChanged slot to do the real work.
 static void routeChangeCallback(PVOID context, PMIB_IPFORWARD_ROW2 row,
@@ -26,17 +20,22 @@ static void routeChangeCallback(PVOID context, PMIB_IPFORWARD_ROW2 row,
  WindowsRouteMonitor* monitor = (WindowsRouteMonitor*)context;
  Q_UNUSED(type);
-  // Ignore route changes that we created.
+  // Ignore host route changes, and unsupported protocols.
-  if ((row->Protocol == MIB_IPPROTO_NETMGMT) &&
+  if (row->DestinationPrefix.Prefix.si_family == AF_INET6) {
-      (row->Metric == EXCLUSION_ROUTE_METRIC)) {
+    if (row->DestinationPrefix.PrefixLength >= 128) {
-    return;
+      return;
-  }
+    }
-  if (monitor->getLuid() == row->InterfaceLuid.Value) {
+  } else if (row->DestinationPrefix.Prefix.si_family == AF_INET) {
    if (row->DestinationPrefix.PrefixLength >= 32) {
      return;
    }
  } else {
    return;
  }
-  // Invoke the route changed signal to do the real work in Qt.
+  if (monitor->getLuid() != row->InterfaceLuid.Value) {
-  QMetaObject::invokeMethod(monitor, "routeChanged", Qt::QueuedConnection);
+    QMetaObject::invokeMethod(monitor, "routeChanged", Qt::QueuedConnection);
  }
 }
 // Perform prefix matching comparison on IP addresses in host order.
@@ -58,8 +57,7 @@ static int prefixcmp(const void* a, const void* b, size_t bits) {
  return 0;
 }
-WindowsRouteMonitor::WindowsRouteMonitor(quint64 luid, QObject* parent)
+WindowsRouteMonitor::WindowsRouteMonitor(QObject* parent) : QObject(parent) {
    : QObject(parent), m_luid(luid) {
  MZ_COUNT_CTOR(WindowsRouteMonitor);
  logger.debug() << "WindowsRouteMonitor created.";
@@ -69,13 +67,11 @@ WindowsRouteMonitor::WindowsRouteMonitor(quint64 luid, QObject* parent)
 WindowsRouteMonitor::~WindowsRouteMonitor() {
  MZ_COUNT_DTOR(WindowsRouteMonitor);
  CancelMibChangeNotify2(m_routeHandle);
-
+  flushExclusionRoutes();
  flushRouteTable(m_exclusionRoutes);
  flushRouteTable(m_clonedRoutes);
  logger.debug() << "WindowsRouteMonitor destroyed.";
 }
-void WindowsRouteMonitor::updateInterfaceMetrics(int family) {
+void WindowsRouteMonitor::updateValidInterfaces(int family) {
  PMIB_IPINTERFACE_TABLE table;
  DWORD result = GetIpInterfaceTable(family, &table);
  if (result != NO_ERROR) {
@@ -86,10 +82,10 @@ void WindowsRouteMonitor::updateInterfaceMetrics(int family) {
  // Flush the list of interfaces that are valid for routing.
  if ((family == AF_INET) || (family == AF_UNSPEC)) {
-    m_interfaceMetricsIpv4.clear();
+    m_validInterfacesIpv4.clear();
  }
  if ((family == AF_INET6) || (family == AF_UNSPEC)) {
-    m_interfaceMetricsIpv6.clear();
+    m_validInterfacesIpv6.clear();
  }
  // Rebuild the list of interfaces that are valid for routing.
@@ -105,12 +101,12 @@ void WindowsRouteMonitor::updateInterfaceMetrics(int family) {
    if (row->Family == AF_INET) {
      logger.debug() << "Interface" << row->InterfaceIndex
                     << "is valid for IPv4 routing";
-      m_interfaceMetricsIpv4[row->InterfaceLuid.Value] = row->Metric;
+      m_validInterfacesIpv4.append(row->InterfaceLuid.Value);
    }
    if (row->Family == AF_INET6) {
      logger.debug() << "Interface" << row->InterfaceIndex
                     << "is valid for IPv6 routing";
-      m_interfaceMetricsIpv6[row->InterfaceLuid.Value] = row->Metric;
+      m_validInterfacesIpv6.append(row->InterfaceLuid.Value);
    }
  }
 }
@@ -130,72 +126,72 @@ void WindowsRouteMonitor::updateExclusionRoute(MIB_IPFORWARD_ROW2* data,
    if (row->InterfaceLuid.Value == m_luid) {
      continue;
    }
-    if (row->DestinationPrefix.PrefixLength < bestMatch) {
+    // Ignore host routes, and shorter potential matches.
    if (row->DestinationPrefix.PrefixLength >=
        data->DestinationPrefix.PrefixLength) {
      continue;
    }
-    // Ignore routes of our own creation.
+    if (row->DestinationPrefix.PrefixLength < bestMatch) {
    if ((row->Protocol == data->Protocol) && (row->Metric == data->Metric)) {
      continue;
    }
    // Check if the routing table entry matches the destination.
    if (!routeContainsDest(&row->DestinationPrefix, &data->DestinationPrefix)) {
      continue;
    }
    // Compute the combined interface and routing metric.
    ULONG routeMetric = row->Metric;
    if (data->DestinationPrefix.Prefix.si_family == AF_INET6) {
-      if (!m_interfaceMetricsIpv6.contains(row->InterfaceLuid.Value)) {
+      if (row->DestinationPrefix.Prefix.Ipv6.sin6_family != AF_INET6) {
        continue;
      }
      if (!m_validInterfacesIpv6.contains(row->InterfaceLuid.Value)) {
        continue;
      }
      if (prefixcmp(&data->DestinationPrefix.Prefix.Ipv6.sin6_addr,
                    &row->DestinationPrefix.Prefix.Ipv6.sin6_addr,
                    row->DestinationPrefix.PrefixLength) != 0) {
        continue;
      }
      routeMetric += m_interfaceMetricsIpv6[row->InterfaceLuid.Value];
    } else if (data->DestinationPrefix.Prefix.si_family == AF_INET) {
-      if (!m_interfaceMetricsIpv4.contains(row->InterfaceLuid.Value)) {
+      if (row->DestinationPrefix.Prefix.Ipv4.sin_family != AF_INET) {
        continue;
      }
      if (!m_validInterfacesIpv4.contains(row->InterfaceLuid.Value)) {
        continue;
      }
      if (prefixcmp(&data->DestinationPrefix.Prefix.Ipv4.sin_addr,
                    &row->DestinationPrefix.Prefix.Ipv4.sin_addr,
                    row->DestinationPrefix.PrefixLength) != 0) {
        continue;
      }
      routeMetric += m_interfaceMetricsIpv4[row->InterfaceLuid.Value];
    } else {
      // Unsupported destination address family.
      continue;
    }
    if (routeMetric < row->Metric) {
      routeMetric = ULONG_MAX;
    }
    // Prefer routes with lower metric if we find multiple matches
    // with the same prefix length.
    if ((row->DestinationPrefix.PrefixLength == bestMatch) &&
-        (routeMetric >= bestMetric)) {
+        (row->Metric >= bestMetric)) {
      continue;
    }
    // If we got here, then this is the longest prefix match so far.
    memcpy(&nexthop, &row->NextHop, sizeof(SOCKADDR_INET));
    bestLuid = row->InterfaceLuid.Value;
    bestMatch = row->DestinationPrefix.PrefixLength;
-    bestMetric = routeMetric;
+    bestMetric = row->Metric;
    if (bestMatch == data->DestinationPrefix.PrefixLength) {
      bestLuid = 0;  // Don't write to the table if we find an exact match.
    } else {
      bestLuid = row->InterfaceLuid.Value;
    }
  }
  // If neither the interface nor next-hop have changed, then do nothing.
-  if (data->InterfaceLuid.Value == bestLuid &&
+  if ((data->InterfaceLuid.Value) == bestLuid &&
      memcmp(&nexthop, &data->NextHop, sizeof(SOCKADDR_INET)) == 0) {
    return;
  }
-  // Delete the previous routing table entry, if any.
+  // Update the routing table entry.
  if (data->InterfaceLuid.Value != 0) {
    DWORD result = DeleteIpForwardEntry2(data);
    if ((result != NO_ERROR) && (result != ERROR_NOT_FOUND)) {
      logger.error() << "Failed to delete route:" << result;
    }
  }
  // Update the routing table entry.
  data->InterfaceLuid.Value = bestLuid;
  memcpy(&data->NextHop, &nexthop, sizeof(SOCKADDR_INET));
  if (data->InterfaceLuid.Value != 0) {
@@ -206,178 +202,10 @@ void WindowsRouteMonitor::updateExclusionRoute(MIB_IPFORWARD_ROW2* data,
  }
 }
 // static
 bool WindowsRouteMonitor::routeContainsDest(const IP_ADDRESS_PREFIX* route,
                                            const IP_ADDRESS_PREFIX* dest) {
  if (route->Prefix.si_family != dest->Prefix.si_family) {
    return false;
  }
  if (route->PrefixLength > dest->PrefixLength) {
    return false;
  }
  if (route->Prefix.si_family == AF_INET) {
    return prefixcmp(&route->Prefix.Ipv4.sin_addr, &dest->Prefix.Ipv4.sin_addr,
                     route->PrefixLength) == 0;
  } else if (route->Prefix.si_family == AF_INET6) {
    return prefixcmp(&route->Prefix.Ipv6.sin6_addr,
                     &dest->Prefix.Ipv6.sin6_addr, route->PrefixLength) == 0;
  } else {
    return false;
  }
 }
 // static
 QHostAddress WindowsRouteMonitor::prefixToAddress(
    const IP_ADDRESS_PREFIX* dest) {
  if (dest->Prefix.si_family == AF_INET6) {
    return QHostAddress(dest->Prefix.Ipv6.sin6_addr.s6_addr);
  } else if (dest->Prefix.si_family == AF_INET) {
    quint32 addr = htonl(dest->Prefix.Ipv4.sin_addr.s_addr);
    return QHostAddress(addr);
  } else {
    return QHostAddress();
  }
 }
 bool WindowsRouteMonitor::isRouteExcluded(const IP_ADDRESS_PREFIX* dest) const {
  auto i = m_exclusionRoutes.constBegin();
  while (i != m_exclusionRoutes.constEnd()) {
    const MIB_IPFORWARD_ROW2* row = i.value();
    if (routeContainsDest(&row->DestinationPrefix, dest)) {
      return true;
    }
    i++;
  }
  return false;
 }
 void WindowsRouteMonitor::updateCapturedRoutes(int family) {
  if (!m_defaultRouteCapture) {
    return;
  }
  PMIB_IPFORWARD_TABLE2 table;
  DWORD error = GetIpForwardTable2(family, &table);
  if (error != NO_ERROR) {
    updateCapturedRoutes(family, table);
    FreeMibTable(table);
  }
 }
 void WindowsRouteMonitor::updateCapturedRoutes(int family, void* ptable) {
  PMIB_IPFORWARD_TABLE2 table = reinterpret_cast<PMIB_IPFORWARD_TABLE2>(ptable);
  if (!m_defaultRouteCapture) {
    return;
  }
  for (ULONG i = 0; i < table->NumEntries; i++) {
    MIB_IPFORWARD_ROW2* row = &table->Table[i];
    // Ignore routes into the VPN interface.
    if (row->InterfaceLuid.Value == m_luid) {
      continue;
    }
    // Ignore the default route
    if (row->DestinationPrefix.PrefixLength == 0) {
      continue;
    }
    // Ignore routes of our own creation.
    if ((row->Protocol == MIB_IPPROTO_NETMGMT) &&
        (row->Metric == EXCLUSION_ROUTE_METRIC)) {
      continue;
    }
    // Ignore routes which should be excluded.
    if (isRouteExcluded(&row->DestinationPrefix)) {
      continue;
    }
    QHostAddress destination = prefixToAddress(&row->DestinationPrefix);
    if (destination.isLoopback() || destination.isBroadcast() ||
        destination.isLinkLocal() || destination.isMulticast()) {
      continue;
    }
    // If we get here, this route should be cloned.
    IPAddress prefix(destination, row->DestinationPrefix.PrefixLength);
    MIB_IPFORWARD_ROW2* data = m_clonedRoutes.value(prefix, nullptr);
    if (data != nullptr) {
      // Count the number of matching entries in the main table.
      data->Age++;
      continue;
    }
    logger.debug() << "Capturing route to"
                   << logger.sensitive(prefix.toString());
    // Clone the route and direct it into the VPN tunnel.
    data = new MIB_IPFORWARD_ROW2;
    InitializeIpForwardEntry(data);
    data->InterfaceLuid.Value = m_luid;
    data->DestinationPrefix = row->DestinationPrefix;
    data->NextHop.si_family = data->DestinationPrefix.Prefix.si_family;
    // Set the rest of the flags for a static route.
    data->ValidLifetime = 0xffffffff;
    data->PreferredLifetime = 0xffffffff;
    data->Metric = 0;
    data->Protocol = MIB_IPPROTO_NETMGMT;
    data->Loopback = false;
    data->AutoconfigureAddress = false;
    data->Publish = false;
    data->Immortal = false;
    data->Age = 0;
    // Route this traffic into the VPN tunnel.
    DWORD result = CreateIpForwardEntry2(data);
    if (result != NO_ERROR) {
      logger.error() << "Failed to update route:" << result;
      delete data;
    } else {
      m_clonedRoutes.insert(prefix, data);
      data->Age++;
    }
  }
  // Finally scan for any routes which were removed from the table. We do this
  // by reusing the age field to count the number of matching entries in the
  // main table.
  auto i = m_clonedRoutes.begin();
  while (i != m_clonedRoutes.end()) {
    MIB_IPFORWARD_ROW2* data = i.value();
    if (data->Age > 0) {
      // Entry is in use, don't delete it.
      data->Age = 0;
      i++;
      continue;
    }
    if ((family != AF_UNSPEC) &&
        (data->DestinationPrefix.Prefix.si_family != family)) {
      // We are not processing updates to this address family.
      i++;
      continue;
    }
    logger.debug() << "Removing route capture for"
                   << logger.sensitive(i.key().toString());
    // Otherwise, this route is no longer in use.
    DWORD result = DeleteIpForwardEntry2(data);
    if ((result != NO_ERROR) && (result != ERROR_NOT_FOUND)) {
      logger.error() << "Failed to delete route:" << result;
    }
    delete data;
    i = m_clonedRoutes.erase(i);
  }
 }
 bool WindowsRouteMonitor::addExclusionRoute(const IPAddress& prefix) {
  logger.debug() << "Adding exclusion route for"
                 << logger.sensitive(prefix.toString());
  // Silently ignore non-routeable addresses.
  QHostAddress addr = prefix.address();
  if (addr.isLoopback() || addr.isBroadcast() || addr.isLinkLocal() ||
      addr.isMulticast()) {
    return true;
  }
  if (m_exclusionRoutes.contains(prefix)) {
    logger.warning() << "Exclusion route already exists";
    return false;
@@ -404,7 +232,7 @@ bool WindowsRouteMonitor::addExclusionRoute(const IPAddress& prefix) {
  // Set the rest of the flags for a static route.
  data->ValidLifetime = 0xffffffff;
  data->PreferredLifetime = 0xffffffff;
-  data->Metric = EXCLUSION_ROUTE_METRIC;
+  data->Metric = 0;
  data->Protocol = MIB_IPPROTO_NETMGMT;
  data->Loopback = false;
  data->AutoconfigureAddress = false;
@@ -426,8 +254,7 @@ bool WindowsRouteMonitor::addExclusionRoute(const IPAddress& prefix) {
    delete data;
    return false;
  }
-  updateInterfaceMetrics(family);
+  updateValidInterfaces(family);
  updateCapturedRoutes(family, table);
  updateExclusionRoute(data, table);
  FreeMibTable(table);
@@ -439,28 +266,26 @@ bool WindowsRouteMonitor::deleteExclusionRoute(const IPAddress& prefix) {
  logger.debug() << "Deleting exclusion route for"
                 << logger.sensitive(prefix.address().toString());
-  MIB_IPFORWARD_ROW2* data = m_exclusionRoutes.take(prefix);
+  for (;;) {
-  if (data == nullptr) {
+    MIB_IPFORWARD_ROW2* data = m_exclusionRoutes.take(prefix);
-    return true;
+    if (data == nullptr) {
      break;
    }
    DWORD result = DeleteIpForwardEntry2(data);
    if ((result != ERROR_NOT_FOUND) && (result != NO_ERROR)) {
      logger.error() << "Failed to delete route to"
                     << logger.sensitive(prefix.toString())
                     << "result:" << result;
    }
    delete data;
  }
  DWORD result = DeleteIpForwardEntry2(data);
  if ((result != ERROR_NOT_FOUND) && (result != NO_ERROR)) {
    logger.error() << "Failed to delete route to"
                   << logger.sensitive(prefix.toString())
                   << "result:" << result;
  }
  // Captured routes might have changed.
  updateCapturedRoutes(data->DestinationPrefix.Prefix.si_family);
  delete data;
  return true;
 }
-void WindowsRouteMonitor::flushRouteTable(
+void WindowsRouteMonitor::flushExclusionRoutes() {
-    QHash<IPAddress, MIB_IPFORWARD_ROW2*>& table) {
+  for (auto i = m_exclusionRoutes.begin(); i != m_exclusionRoutes.end(); i++) {
  for (auto i = table.begin(); i != table.end(); i++) {
    MIB_IPFORWARD_ROW2* data = i.value();
    DWORD result = DeleteIpForwardEntry2(data);
    if ((result != ERROR_NOT_FOUND) && (result != NO_ERROR)) {
@@ -470,17 +295,7 @@ void WindowsRouteMonitor::flushRouteTable(
    }
    delete data;
  }
-  table.clear();
+  m_exclusionRoutes.clear();
 }
 void WindowsRouteMonitor::setDetaultRouteCapture(bool enable) {
  m_defaultRouteCapture = enable;
  // Flush any captured routes when disabling the feature.
  if (!m_defaultRouteCapture) {
    flushRouteTable(m_clonedRoutes);
    return;
  }
 }
 void WindowsRouteMonitor::routeChanged() {
@@ -493,8 +308,7 @@ void WindowsRouteMonitor::routeChanged() {
    return;
  }
-  updateInterfaceMetrics(AF_UNSPEC);
+  updateValidInterfaces(AF_UNSPEC);
  updateCapturedRoutes(AF_UNSPEC, table);
  for (MIB_IPFORWARD_ROW2* data : m_exclusionRoutes) {
    updateExclusionRoute(data, table);
  }
@@ -11,8 +11,6 @@
 #include <winsock2.h>
 #include <ws2ipdef.h>
 #include <QHash>
 #include <QMap>
 #include <QObject>
 #include "ipaddress.h"
@@ -21,41 +19,28 @@ class WindowsRouteMonitor final : public QObject {
  Q_OBJECT
 public:
-  WindowsRouteMonitor(quint64 luid, QObject* parent);
+  WindowsRouteMonitor(QObject* parent);
  ~WindowsRouteMonitor();
  void setDetaultRouteCapture(bool enable);
  bool addExclusionRoute(const IPAddress& prefix);
  bool deleteExclusionRoute(const IPAddress& prefix);
-  void flushExclusionRoutes() { return flushRouteTable(m_exclusionRoutes); };
+  void flushExclusionRoutes();
-  quint64 getLuid() const { return m_luid; }
+  void setLuid(quint64 luid) { m_luid = luid; }
  quint64 getLuid() { return m_luid; }
 public slots:
  void routeChanged();
 private:
  bool isRouteExcluded(const IP_ADDRESS_PREFIX* dest) const;
  static bool routeContainsDest(const IP_ADDRESS_PREFIX* route,
                                const IP_ADDRESS_PREFIX* dest);
  static QHostAddress prefixToAddress(const IP_ADDRESS_PREFIX* dest);
  void flushRouteTable(QHash<IPAddress, MIB_IPFORWARD_ROW2*>& table);
  void updateExclusionRoute(MIB_IPFORWARD_ROW2* data, void* table);
-  void updateInterfaceMetrics(int family);
+  void updateValidInterfaces(int family);
  void updateCapturedRoutes(int family);
  void updateCapturedRoutes(int family, void* table);
  QHash<IPAddress, MIB_IPFORWARD_ROW2*> m_exclusionRoutes;
-  QMap<quint64, ULONG> m_interfaceMetricsIpv4;
+  QList<quint64> m_validInterfacesIpv4;
-  QMap<quint64, ULONG> m_interfaceMetricsIpv6;
+  QList<quint64> m_validInterfacesIpv6;
-  // Default route cloning
+  quint64 m_luid = 0;
  bool m_defaultRouteCapture = false;
  QHash<IPAddress, MIB_IPFORWARD_ROW2*> m_clonedRoutes;
  const quint64 m_luid = 0;
  HANDLE m_routeHandle = INVALID_HANDLE_VALUE;
 };
@@ -4,15 +4,9 @@
 #include "windowssplittunnel.h"
 #include <qassert.h>
 #include <memory>
 #include "../windowscommons.h"
 #include "../windowsservicemanager.h"
 #include "logger.h"
 #include "platforms/windows/daemon/windowsfirewall.h"
 #include "platforms/windows/daemon/windowssplittunnel.h"
 #include "platforms/windows/windowsutils.h"
 #include "windowsfirewall.h"
@@ -24,252 +18,34 @@
 #include <QFileInfo>
 #include <QNetworkInterface>
 #include <QScopeGuard>
-
+#include <QThread>
 #pragma region
 // Driver Configuration structures
 using CONFIGURATION_ENTRY = struct {
  // Offset into buffer region that follows all entries.
  // The image name uses the device path.
  SIZE_T ImageNameOffset;
  // Length of the String
  USHORT ImageNameLength;
 };
 using CONFIGURATION_HEADER = struct {
  // Number of entries immediately following the header.
  SIZE_T NumEntries;
  // Total byte length: header + entries + string buffer.
  SIZE_T TotalLength;
 };
 // Used to Configure Which IP is network/vpn
 using IP_ADDRESSES_CONFIG = struct {
  IN_ADDR TunnelIpv4;
  IN_ADDR InternetIpv4;
  IN6_ADDR TunnelIpv6;
  IN6_ADDR InternetIpv6;
 };
 // Used to Define Which Processes are alive on activation
 using PROCESS_DISCOVERY_HEADER = struct {
  SIZE_T NumEntries;
  SIZE_T TotalLength;
 };
 using PROCESS_DISCOVERY_ENTRY = struct {
  HANDLE ProcessId;
  HANDLE ParentProcessId;
  SIZE_T ImageNameOffset;
  USHORT ImageNameLength;
 };
 using ProcessInfo = struct {
  DWORD ProcessId;
  DWORD ParentProcessId;
  FILETIME CreationTime;
  std::wstring DevicePath;
 };
 #ifndef CTL_CODE
 #  define FILE_ANY_ACCESS 0x0000
 #  define METHOD_BUFFERED 0
 #  define METHOD_IN_DIRECT 1
 #  define METHOD_NEITHER 3
 #  define CTL_CODE(DeviceType, Function, Method, Access) \
    (((DeviceType) << 16) | ((Access) << 14) | ((Function) << 2) | (Method))
 #endif
 // Known ControlCodes
 #define IOCTL_INITIALIZE CTL_CODE(0x8000, 1, METHOD_NEITHER, FILE_ANY_ACCESS)
 #define IOCTL_DEQUEUE_EVENT \
  CTL_CODE(0x8000, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
 #define IOCTL_REGISTER_PROCESSES \
  CTL_CODE(0x8000, 3, METHOD_BUFFERED, FILE_ANY_ACCESS)
 #define IOCTL_REGISTER_IP_ADDRESSES \
  CTL_CODE(0x8000, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
 #define IOCTL_GET_IP_ADDRESSES \
  CTL_CODE(0x8000, 5, METHOD_BUFFERED, FILE_ANY_ACCESS)
 #define IOCTL_SET_CONFIGURATION \
  CTL_CODE(0x8000, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
 #define IOCTL_GET_CONFIGURATION \
  CTL_CODE(0x8000, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
 #define IOCTL_CLEAR_CONFIGURATION \
  CTL_CODE(0x8000, 8, METHOD_NEITHER, FILE_ANY_ACCESS)
 #define IOCTL_GET_STATE CTL_CODE(0x8000, 9, METHOD_BUFFERED, FILE_ANY_ACCESS)
 #define IOCTL_QUERY_PROCESS \
  CTL_CODE(0x8000, 10, METHOD_BUFFERED, FILE_ANY_ACCESS)
 #define IOCTL_ST_RESET CTL_CODE(0x8000, 11, METHOD_NEITHER, FILE_ANY_ACCESS)
 constexpr static const auto DRIVER_SYMLINK = L"\\\\.\\MULLVADSPLITTUNNEL";
 constexpr static const auto DRIVER_FILENAME = "mullvad-split-tunnel.sys";
 constexpr static const auto DRIVER_SERVICE_NAME = L"AmneziaVPNSplitTunnel";
 constexpr static const auto MV_SERVICE_NAME = L"MullvadVPN";
 #pragma endregion
 namespace {
 Logger logger("WindowsSplitTunnel");
 ProcessInfo getProcessInfo(HANDLE process, const PROCESSENTRY32W& processMeta) {
  ProcessInfo pi;
  pi.ParentProcessId = processMeta.th32ParentProcessID;
  pi.ProcessId = processMeta.th32ProcessID;
  pi.CreationTime = {0, 0};
  pi.DevicePath = L"";
  FILETIME creationTime, null_time;
  auto ok = GetProcessTimes(process, &creationTime, &null_time, &null_time,
                            &null_time);
  if (ok) {
    pi.CreationTime = creationTime;
  }
  wchar_t imagepath[MAX_PATH + 1];
  if (K32GetProcessImageFileNameW(
          process, imagepath, sizeof(imagepath) / sizeof(*imagepath)) != 0) {
    pi.DevicePath = imagepath;
  }
  return pi;
 }
-}  // namespace
+WindowsSplitTunnel::WindowsSplitTunnel(QObject* parent) : QObject(parent) {
 std::unique_ptr<WindowsSplitTunnel> WindowsSplitTunnel::create(
    WindowsFirewall* fw) {
  if (fw == nullptr) {
    // Pre-Condition:
    // Make sure the Windows Firewall has created the sublayer
    // otherwise the driver will fail to initialize
    logger.error() << "Failed to did not pass a WindowsFirewall obj"
                   << "The Driver cannot work with the sublayer not created";
    return nullptr;
  }
  // 00: Check if we conflict with mullvad, if so.
  if (detectConflict()) {
    logger.error() << "Conflict detected, abort Split-Tunnel init.";
-    return nullptr;
+    uninstallDriver();
    return;
  }
-  // 01: Check if the driver is installed, if not do so.
+
  m_tries = 0;
  if (!isInstalled()) {
    logger.debug() << "Driver is not Installed, doing so";
    auto handle = installDriver();
    if (handle == INVALID_HANDLE_VALUE) {
      WindowsUtils::windowsLog("Failed to install Driver");
-      return nullptr;
+      return;
    }
    logger.debug() << "Driver installed";
    CloseServiceHandle(handle);
  } else {
-    logger.debug() << "Driver was installed";
+    logger.debug() << "Driver is installed";
  }
-  // 02: Now check if the service is running
+  initDriver();
  auto driver_manager =
      WindowsServiceManager::open(QString::fromWCharArray(DRIVER_SERVICE_NAME));
  if (Q_UNLIKELY(driver_manager == nullptr)) {
    // Let's be fair if we end up here,
    // after checking it exists and installing it,
    // this is super unlikeley
    Q_ASSERT(false);
    logger.error()
        << "WindowsServiceManager was unable fo find Split Tunnel service?";
    return nullptr;
  }
  if (!driver_manager->isRunning()) {
    logger.debug() << "Driver is not running, starting it";
    // Start the service
    if (!driver_manager->startService()) {
      logger.error() << "Failed to start Split Tunnel Service";
      return nullptr;
    };
  }
  // 03: Open the Driver Symlink
  auto driverFile = CreateFileW(DRIVER_SYMLINK, GENERIC_READ | GENERIC_WRITE, 0,
                                nullptr, OPEN_EXISTING, 0, nullptr);
  ;
  if (driverFile == INVALID_HANDLE_VALUE) {
    WindowsUtils::windowsLog("Failed to open Driver: ");
    // Only once, if the opening did not work. Try to reboot it. #
    logger.info()
        << "Failed to open driver, attempting only once to reboot driver";
    if (!driver_manager->stopService()) {
      logger.error() << "Unable stop driver";
      return nullptr;
    };
    logger.info() << "Stopped driver, starting it again.";
    if (!driver_manager->startService()) {
      logger.error() << "Unable start driver";
      return nullptr;
    };
    logger.info() << "Opening again.";
    driverFile = CreateFileW(DRIVER_SYMLINK, GENERIC_READ | GENERIC_WRITE, 0,
                             nullptr, OPEN_EXISTING, 0, nullptr);
    if (driverFile == INVALID_HANDLE_VALUE) {
      logger.error() << "Opening Failed again, sorry!";
      return nullptr;
    }
  }
  if (!initDriver(driverFile)) {
    logger.error() << "Failed to init driver";
    return nullptr;
  }
  // We're ready to talk to the driver, it's alive and setup.
  return std::make_unique<WindowsSplitTunnel>(driverFile);
 }
 bool WindowsSplitTunnel::initDriver(HANDLE driverIO) {
  // We need to now check the state and init it, if required
  auto state = getState(driverIO);
  if (state == STATE_UNKNOWN) {
    logger.debug() << "Cannot check if driver is initialized";
    return false;
  }
  if (state >= STATE_INITIALIZED) {
    logger.debug() << "Driver already initialized: " << state;
    // Reset Driver as it has wfp handles probably >:(
    resetDriver(driverIO);
    auto newState = getState(driverIO);
    logger.debug() << "New state after reset:" << newState;
    if (newState >= STATE_INITIALIZED) {
      logger.debug() << "Reset unsuccesfull";
      return false;
    }
  }
  DWORD bytesReturned;
  auto ok = DeviceIoControl(driverIO, IOCTL_INITIALIZE, nullptr, 0, nullptr, 0,
                            &bytesReturned, nullptr);
  if (!ok) {
    auto err = GetLastError();
    logger.error() << "Driver init failed err -" << err;
    logger.error() << "State:" << getState(driverIO);
    return false;
  }
  logger.debug() << "Driver initialized" << getState(driverIO);
  return true;
 }
 WindowsSplitTunnel::WindowsSplitTunnel(HANDLE driverIO) : m_driver(driverIO) {
  logger.debug() << "Connected to the Driver";
  Q_ASSERT(getState() == STATE_INITIALIZED);
 }
 WindowsSplitTunnel::~WindowsSplitTunnel() {
@@ -277,12 +53,73 @@ WindowsSplitTunnel::~WindowsSplitTunnel() {
  uninstallDriver();
 }
-bool WindowsSplitTunnel::excludeApps(const QStringList& appPaths) {
+void WindowsSplitTunnel::initDriver() {
  if (detectConflict()) {
    logger.error() << "Conflict detected, abort Split-Tunnel init.";
    return;
  }
  logger.debug() << "Try to open Split Tunnel Driver";
  // Open the Driver Symlink
  m_driver = CreateFileW(DRIVER_SYMLINK, GENERIC_READ | GENERIC_WRITE, 0,
                         nullptr, OPEN_EXISTING, 0, nullptr);
  ;
  if (m_driver == INVALID_HANDLE_VALUE && m_tries < 500) {
    WindowsUtils::windowsLog("Failed to open Driver: ");
    m_tries++;
    Sleep(100);
    // If the handle is not present, try again after the serivce has started;
    auto driver_manager = WindowsServiceManager(DRIVER_SERVICE_NAME);
    QObject::connect(&driver_manager, &WindowsServiceManager::serviceStarted,
                     this, &WindowsSplitTunnel::initDriver);
    driver_manager.startService();
    return;
  }
  logger.debug() << "Connected to the Driver";
  // Reset Driver as it has wfp handles probably >:(
  if (!WindowsFirewall::instance()->init()) {
    logger.error() << "Init WFP-Sublayer failed, driver won't be functional";
    return;
  }
  // We need to now check the state and init it, if required
  auto state = getState();
  if (state == STATE_UNKNOWN) {
    logger.debug() << "Cannot check if driver is initialized";
  }
  if (state >= STATE_INITIALIZED) {
    logger.debug() << "Driver already initialized: " << state;
    reset();
    auto newState = getState();
    logger.debug() << "New state after reset:" << newState;
    if (newState >= STATE_INITIALIZED) {
      logger.debug() << "Reset unsuccesfull";
      return;
    }
  }
  DWORD bytesReturned;
  auto ok = DeviceIoControl(m_driver, IOCTL_INITIALIZE, nullptr, 0, nullptr, 0,
                            &bytesReturned, nullptr);
  if (!ok) {
    auto err = GetLastError();
    logger.error() << "Driver init failed err -" << err;
    logger.error() << "State:" << getState();
    return;
  }
  logger.debug() << "Driver initialized" << getState();
 }
 void WindowsSplitTunnel::setRules(const QStringList& appPaths) {
  auto state = getState();
  if (state != STATE_READY && state != STATE_RUNNING) {
    logger.warning() << "Driver is not in the right State to set Rules"
                     << state;
-    return false;
+    return;
  }
  logger.debug() << "Pushing new Ruleset for Split-Tunnel " << state;
@@ -296,13 +133,12 @@ bool WindowsSplitTunnel::excludeApps(const QStringList& appPaths) {
    auto err = GetLastError();
    WindowsUtils::windowsLog("Set Config Failed:");
    logger.error() << "Failed to set Config err code " << err;
-    return false;
+    return;
  }
-  logger.debug() << "New Configuration applied: " << stateString();
+  logger.debug() << "New Configuration applied: " << getState();
  return true;
 }
-bool WindowsSplitTunnel::start(int inetAdapterIndex, int vpnAdapterIndex) {
+void WindowsSplitTunnel::start(int inetAdapterIndex, int vpnAdapterIndex) {
  // To Start we need to send 2 things:
  // Network info (what is vpn what is network)
  logger.debug() << "Starting SplitTunnel";
@@ -315,7 +151,7 @@ bool WindowsSplitTunnel::start(int inetAdapterIndex, int vpnAdapterIndex) {
                              0, &bytesReturned, nullptr);
    if (!ok) {
      logger.error() << "Driver init failed";
-      return false;
+      return;
    }
  }
@@ -328,16 +164,16 @@ bool WindowsSplitTunnel::start(int inetAdapterIndex, int vpnAdapterIndex) {
                              nullptr);
    if (!ok) {
      logger.error() << "Failed to set Process Config";
-      return false;
+      return;
    }
-    logger.debug() << "Set Process Config ok || new State:" << stateString();
+    logger.debug() << "Set Process Config ok || new State:" << getState();
  }
  if (getState() == STATE_INITIALIZED) {
    logger.warning() << "Driver is still not ready after process list send";
-    return false;
+    return;
  }
-  logger.debug() << "Driver is  ready || new State:" << stateString();
+  logger.debug() << "Driver is  ready || new State:" << getState();
  auto config = generateIPConfiguration(inetAdapterIndex, vpnAdapterIndex);
  auto ok = DeviceIoControl(m_driver, IOCTL_REGISTER_IP_ADDRESSES, &config[0],
@@ -345,10 +181,9 @@ bool WindowsSplitTunnel::start(int inetAdapterIndex, int vpnAdapterIndex) {
                            nullptr);
  if (!ok) {
    logger.error() << "Failed to set Network Config";
-    return false;
+    return;
  }
-  logger.debug() << "New Network Config Applied || new State:" << stateString();
+  logger.debug() << "New Network Config Applied || new State:" << getState();
  return true;
 }
 void WindowsSplitTunnel::stop() {
@@ -362,27 +197,25 @@ void WindowsSplitTunnel::stop() {
  logger.debug() << "Stopping Split tunnel successfull";
 }
-bool WindowsSplitTunnel::resetDriver(HANDLE driverIO) {
+void WindowsSplitTunnel::reset() {
  DWORD bytesReturned;
-  auto ok = DeviceIoControl(driverIO, IOCTL_ST_RESET, nullptr, 0, nullptr, 0,
+  auto ok = DeviceIoControl(m_driver, IOCTL_ST_RESET, nullptr, 0, nullptr, 0,
                            &bytesReturned, nullptr);
  if (!ok) {
    logger.error() << "Reset Split tunnel not successfull";
-    return false;
+    return;
  }
  logger.debug() << "Reset Split tunnel successfull";
  return true;
 }
-// static
+DRIVER_STATE WindowsSplitTunnel::getState() {
-WindowsSplitTunnel::DRIVER_STATE WindowsSplitTunnel::getState(HANDLE driverIO) {
+  if (m_driver == INVALID_HANDLE_VALUE) {
  if (driverIO == INVALID_HANDLE_VALUE) {
    logger.debug() << "Can't query State from non Opened Driver";
    return STATE_UNKNOWN;
  }
  DWORD bytesReturned;
  SIZE_T outBuffer;
-  bool ok = DeviceIoControl(driverIO, IOCTL_GET_STATE, nullptr, 0, &outBuffer,
+  bool ok = DeviceIoControl(m_driver, IOCTL_GET_STATE, nullptr, 0, &outBuffer,
                            sizeof(outBuffer), &bytesReturned, nullptr);
  if (!ok) {
    WindowsUtils::windowsLog("getState response failure");
@@ -392,10 +225,7 @@ WindowsSplitTunnel::DRIVER_STATE WindowsSplitTunnel::getState(HANDLE driverIO) {
    WindowsUtils::windowsLog("getState response is empty");
    return STATE_UNKNOWN;
  }
-  return static_cast<WindowsSplitTunnel::DRIVER_STATE>(outBuffer);
+  return static_cast<DRIVER_STATE>(outBuffer);
 }
 WindowsSplitTunnel::DRIVER_STATE WindowsSplitTunnel::getState() {
  return getState(m_driver);
 }
 std::vector<uint8_t> WindowsSplitTunnel::generateAppConfiguration(
@@ -443,59 +273,58 @@ std::vector<uint8_t> WindowsSplitTunnel::generateAppConfiguration(
  return outBuffer;
 }
-std::vector<std::byte> WindowsSplitTunnel::generateIPConfiguration(
+std::vector<uint8_t> WindowsSplitTunnel::generateIPConfiguration(
    int inetAdapterIndex, int vpnAdapterIndex) {
-  std::vector<std::byte> out(sizeof(IP_ADDRESSES_CONFIG));
+  std::vector<uint8_t> out(sizeof(IP_ADDRESSES_CONFIG));
  auto config = reinterpret_cast<IP_ADDRESSES_CONFIG*>(&out[0]);
  auto ifaces = QNetworkInterface::allInterfaces();
-    if (vpnAdapterIndex == 0) {
+  if (vpnAdapterIndex == 0) {
    vpnAdapterIndex = WindowsCommons::VPNAdapterIndex();
  }
  // Always the VPN
-  if (!getAddress(vpnAdapterIndex, &config->TunnelIpv4,
+  getAddress(vpnAdapterIndex, &config->TunnelIpv4,
-                  &config->TunnelIpv6)) {
+             &config->TunnelIpv6);
-    return {};
+  // 2nd best route
-  }
+  getAddress(inetAdapterIndex, &config->InternetIpv4, &config->InternetIpv6);
  // 2nd best route is usually the internet adapter
  if (!getAddress(inetAdapterIndex, &config->InternetIpv4,
                  &config->InternetIpv6)) {
    return {};
  };
  return out;
 }
-bool WindowsSplitTunnel::getAddress(int adapterIndex, IN_ADDR* out_ipv4,
+void WindowsSplitTunnel::getAddress(int adapterIndex, IN_ADDR* out_ipv4,
                                    IN6_ADDR* out_ipv6) {
  QNetworkInterface target =
      QNetworkInterface::interfaceFromIndex(adapterIndex);
  logger.debug() << "Getting adapter info for:" << target.humanReadableName();
-  auto get = [&target](QAbstractSocket::NetworkLayerProtocol protocol) {
+  // take the first v4/v6 Adress and convert to in_addr
-    for (auto address : target.addressEntries()) {
+  for (auto address : target.addressEntries()) {
-      if (address.ip().protocol() != protocol) {
+    if (address.ip().protocol() == QAbstractSocket::IPv4Protocol) {
-        continue;
+      auto adrr = address.ip().toString();
      std::wstring wstr = adrr.toStdWString();
      logger.debug() << "IpV4" << logger.sensitive(adrr);
      PCWSTR w_str_ip = wstr.c_str();
      auto ok = InetPtonW(AF_INET, w_str_ip, out_ipv4);
      if (ok != 1) {
        logger.debug() << "Ipv4 Conversation error" << WSAGetLastError();
      }
-      return address.ip().toString().toStdWString();
+      break;
    }
    return std::wstring{};
  };
  auto ipv4 = get(QAbstractSocket::IPv4Protocol);
  auto ipv6 = get(QAbstractSocket::IPv6Protocol);
  if (InetPtonW(AF_INET, ipv4.c_str(), out_ipv4) != 1) {
    logger.debug() << "Ipv4 Conversation error" << WSAGetLastError();
    return false;
  }
-  if (ipv6.empty()) {
+  for (auto address : target.addressEntries()) {
-    std::memset(out_ipv6, 0x00, sizeof(IN6_ADDR));
+    if (address.ip().protocol() == QAbstractSocket::IPv6Protocol) {
-    return true;
+      auto adrr = address.ip().toString();
      std::wstring wstr = adrr.toStdWString();
      logger.debug() << "IpV6" << logger.sensitive(adrr);
      PCWSTR w_str_ip = wstr.c_str();
      auto ok = InetPtonW(AF_INET6, w_str_ip, out_ipv6);
      if (ok != 1) {
        logger.error() << "Ipv6 Conversation error" << WSAGetLastError();
      }
      break;
    }
  }
  if (InetPtonW(AF_INET6, ipv6.c_str(), out_ipv6) != 1) {
    logger.debug() << "Ipv6 Conversation error" << WSAGetLastError();
  }
  return true;
 }
 std::vector<uint8_t> WindowsSplitTunnel::generateProcessBlob() {
@@ -582,6 +411,33 @@ std::vector<uint8_t> WindowsSplitTunnel::generateProcessBlob() {
  return out;
 }
 void WindowsSplitTunnel::close() {
  CloseHandle(m_driver);
  m_driver = INVALID_HANDLE_VALUE;
 }
 ProcessInfo WindowsSplitTunnel::getProcessInfo(
    HANDLE process, const PROCESSENTRY32W& processMeta) {
  ProcessInfo pi;
  pi.ParentProcessId = processMeta.th32ParentProcessID;
  pi.ProcessId = processMeta.th32ProcessID;
  pi.CreationTime = {0, 0};
  pi.DevicePath = L"";
  FILETIME creationTime, null_time;
  auto ok = GetProcessTimes(process, &creationTime, &null_time, &null_time,
                            &null_time);
  if (ok) {
    pi.CreationTime = creationTime;
  }
  wchar_t imagepath[MAX_PATH + 1];
  if (K32GetProcessImageFileNameW(
          process, imagepath, sizeof(imagepath) / sizeof(*imagepath)) != 0) {
    pi.DevicePath = imagepath;
  }
  return pi;
 }
 // static
 SC_HANDLE WindowsSplitTunnel::installDriver() {
  LPCWSTR displayName = L"Amnezia Split Tunnel Service";
@@ -592,15 +448,15 @@ SC_HANDLE WindowsSplitTunnel::installDriver() {
    return (SC_HANDLE)INVALID_HANDLE_VALUE;
  }
  auto path = driver.absolutePath() + "/" + DRIVER_FILENAME;
-  auto binPath = (const wchar_t*)path.utf16();
+  LPCWSTR binPath = (const wchar_t*)path.utf16();
  auto scm_rights = SC_MANAGER_ALL_ACCESS;
-  auto serviceManager = OpenSCManager(nullptr,  // local computer
+  auto serviceManager = OpenSCManager(NULL,  // local computer
-                                      nullptr,  // servicesActive database
+                                      NULL,  // servicesActive database
                                      scm_rights);
-  auto service = CreateService(
+  auto service = CreateService(serviceManager, DRIVER_SERVICE_NAME, displayName,
-      serviceManager, DRIVER_SERVICE_NAME, displayName, SERVICE_ALL_ACCESS,
+                               SERVICE_ALL_ACCESS, SERVICE_KERNEL_DRIVER,
-      SERVICE_KERNEL_DRIVER, SERVICE_AUTO_START, SERVICE_ERROR_NORMAL, binPath,
+                               SERVICE_DEMAND_START, SERVICE_ERROR_NORMAL,
-      nullptr, nullptr, nullptr, nullptr, nullptr);
+                               binPath, nullptr, 0, nullptr, nullptr, nullptr);
  CloseServiceHandle(serviceManager);
  return service;
 }
@@ -646,7 +502,7 @@ QString WindowsSplitTunnel::convertPath(const QString& path) {
    // device should contain : for e.g C:
    return "";
  }
-  QByteArray buffer(2048, 0xFFu);
+  QByteArray buffer(2048, 0xFF);
  auto ok = QueryDosDeviceW(qUtf16Printable(driveLetter),
                            (wchar_t*)buffer.data(), buffer.size() / 2);
@@ -698,25 +554,3 @@ bool WindowsSplitTunnel::detectConflict() {
  CloseServiceHandle(servicehandle);
  return err == ERROR_SERVICE_DOES_NOT_EXIST;
 }
 bool WindowsSplitTunnel::isRunning() { return getState() == STATE_RUNNING; }
 QString WindowsSplitTunnel::stateString() {
  switch (getState()) {
    case STATE_UNKNOWN:
      return "STATE_UNKNOWN";
    case STATE_NONE:
      return "STATE_NONE";
    case STATE_STARTED:
      return "STATE_STARTED";
    case STATE_INITIALIZED:
      return "STATE_INITIALIZED";
    case STATE_READY:
      return "STATE_READY";
    case STATE_RUNNING:
      return "STATE_RUNNING";
    case STATE_ZOMBIE:
      return "STATE_ZOMBIE";
      break;
  }
  return {};
 }
@@ -8,7 +8,6 @@
 #include <QObject>
 #include <QString>
 #include <QStringList>
 #include <memory>
 // Note: the ws2tcpip.h import must come before the others.
 // clang-format off
@@ -19,78 +18,160 @@
 #include <tlhelp32.h>
 #include <windows.h>
-class WindowsFirewall;
+// States for GetState
 enum DRIVER_STATE {
  STATE_UNKNOWN = -1,
  STATE_NONE = 0,
  STATE_STARTED = 1,
  STATE_INITIALIZED = 2,
  STATE_READY = 3,
  STATE_RUNNING = 4,
  STATE_ZOMBIE = 5,
 };
-class WindowsSplitTunnel final {
+#ifndef CTL_CODE
 #  define FILE_ANY_ACCESS 0x0000
 #  define METHOD_BUFFERED 0
 #  define METHOD_IN_DIRECT 1
 #  define METHOD_NEITHER 3
 #  define CTL_CODE(DeviceType, Function, Method, Access) \
    (((DeviceType) << 16) | ((Access) << 14) | ((Function) << 2) | (Method))
 #endif
 // Known ControlCodes
 #define IOCTL_INITIALIZE CTL_CODE(0x8000, 1, METHOD_NEITHER, FILE_ANY_ACCESS)
 #define IOCTL_DEQUEUE_EVENT \
  CTL_CODE(0x8000, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
 #define IOCTL_REGISTER_PROCESSES \
  CTL_CODE(0x8000, 3, METHOD_BUFFERED, FILE_ANY_ACCESS)
 #define IOCTL_REGISTER_IP_ADDRESSES \
  CTL_CODE(0x8000, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
 #define IOCTL_GET_IP_ADDRESSES \
  CTL_CODE(0x8000, 5, METHOD_BUFFERED, FILE_ANY_ACCESS)
 #define IOCTL_SET_CONFIGURATION \
  CTL_CODE(0x8000, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
 #define IOCTL_GET_CONFIGURATION \
  CTL_CODE(0x8000, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
 #define IOCTL_CLEAR_CONFIGURATION \
  CTL_CODE(0x8000, 8, METHOD_NEITHER, FILE_ANY_ACCESS)
 #define IOCTL_GET_STATE CTL_CODE(0x8000, 9, METHOD_BUFFERED, FILE_ANY_ACCESS)
 #define IOCTL_QUERY_PROCESS \
  CTL_CODE(0x8000, 10, METHOD_BUFFERED, FILE_ANY_ACCESS)
 #define IOCTL_ST_RESET CTL_CODE(0x8000, 11, METHOD_NEITHER, FILE_ANY_ACCESS)
 // Driver Configuration structures
 typedef struct {
  // Offset into buffer region that follows all entries.
  // The image name uses the device path.
  SIZE_T ImageNameOffset;
  // Length of the String
  USHORT ImageNameLength;
 } CONFIGURATION_ENTRY;
 typedef struct {
  // Number of entries immediately following the header.
  SIZE_T NumEntries;
  // Total byte length: header + entries + string buffer.
  SIZE_T TotalLength;
 } CONFIGURATION_HEADER;
 // Used to Configure Which IP is network/vpn
 typedef struct {
  IN_ADDR TunnelIpv4;
  IN_ADDR InternetIpv4;
  IN6_ADDR TunnelIpv6;
  IN6_ADDR InternetIpv6;
 } IP_ADDRESSES_CONFIG;
 // Used to Define Which Processes are alive on activation
 typedef struct {
  SIZE_T NumEntries;
  SIZE_T TotalLength;
 } PROCESS_DISCOVERY_HEADER;
 typedef struct {
  HANDLE ProcessId;
  HANDLE ParentProcessId;
  SIZE_T ImageNameOffset;
  USHORT ImageNameLength;
 } PROCESS_DISCOVERY_ENTRY;
 typedef struct {
  DWORD ProcessId;
  DWORD ParentProcessId;
  FILETIME CreationTime;
  std::wstring DevicePath;
 } ProcessInfo;
 class WindowsSplitTunnel final : public QObject {
  Q_OBJECT
  Q_DISABLE_COPY_MOVE(WindowsSplitTunnel)
 public:
-  /**
+  explicit WindowsSplitTunnel(QObject* parent);
   * @brief Installs and Initializes the Split Tunnel Driver.
   *
   * @param fw -
   * @return std::unique_ptr<WindowsSplitTunnel> - Is null on failure.
   */
  static std::unique_ptr<WindowsSplitTunnel> create(WindowsFirewall* fw);
  /**
   * @brief Construct a new Windows Split Tunnel object
   *
   * @param driverIO - The Handle to the Driver's IO file, it assumes the driver
   * is in STATE_INITIALIZED and the Firewall has been setup.
   * Prefer using create() to get to this state.
   */
  WindowsSplitTunnel(HANDLE driverIO);
  /**
   * @brief Destroy the Windows Split Tunnel object and uninstalls the Driver.
   */
  ~WindowsSplitTunnel();
  // void excludeApps(const QStringList& paths);
  // Excludes an Application from the VPN
-  bool excludeApps(const QStringList& appPaths);
+  void setRules(const QStringList& appPaths);
  // Fetches and Pushed needed info to move to engaged mode
-  bool start(int inetAdapterIndex, int vpnAdapterIndex = 0);
+  void start(int inetAdapterIndex, int vpnAdapterIndex = 0);
  // Deletes Rules and puts the driver into passive mode
  void stop();
  // Resets the Whole Driver
  void reset();
-  // Returns true if the split-tunnel driver is now up and running.
+  // Just close connection, leave state as is
-  bool isRunning();
+  void close();
  static bool detectConflict();
  // States for GetState
  enum DRIVER_STATE {
    STATE_UNKNOWN = -1,
    STATE_NONE = 0,
    STATE_STARTED = 1,
    STATE_INITIALIZED = 2,
    STATE_READY = 3,
    STATE_RUNNING = 4,
    STATE_ZOMBIE = 5,
  };
 private:
  // Installes the Kernel Driver as Driver Service
  static SC_HANDLE installDriver();
  static bool uninstallDriver();
  static bool isInstalled();
-  static bool initDriver(HANDLE driverIO);
+  static bool detectConflict();
  static DRIVER_STATE getState(HANDLE driverIO);
  static bool resetDriver(HANDLE driverIO);
 private slots:
  void initDriver();
 private:
  HANDLE m_driver = INVALID_HANDLE_VALUE;
  constexpr static const auto DRIVER_SYMLINK = L"\\\\.\\MULLVADSPLITTUNNEL";
  constexpr static const auto DRIVER_FILENAME = "mullvad-split-tunnel.sys";
  constexpr static const auto DRIVER_SERVICE_NAME = L"AmneziaVPNSplitTunnel";
  constexpr static const auto MV_SERVICE_NAME = L"MullvadVPN";
  DRIVER_STATE getState();
-  QString stateString();
+
  int m_tries;
  // Initializes the WFP Sublayer
  bool initSublayer();
  // Generates a Configuration for Each APP
  std::vector<uint8_t> generateAppConfiguration(const QStringList& appPaths);
  // Generates a Configuration which IP's are VPN and which network
-  std::vector<std::byte> generateIPConfiguration(int inetAdapterIndex, int vpnAdapterIndex = 0);
+  std::vector<uint8_t> generateIPConfiguration(int inetAdapterIndex, int vpnAdapterIndex = 0);
  std::vector<uint8_t> generateProcessBlob();
-  [[nodiscard]] bool getAddress(int adapterIndex, IN_ADDR* out_ipv4,
+  void getAddress(int adapterIndex, IN_ADDR* out_ipv4, IN6_ADDR* out_ipv6);
                                IN6_ADDR* out_ipv6);
  // Collects info about an Opened Process
  ProcessInfo getProcessInfo(HANDLE process,
                             const PROCESSENTRY32W& processMeta);
  // Converts a path to a Dos Path:
  // e.g C:/a.exe -> /harddisk0/a.exe
@@ -24,20 +24,8 @@ namespace {
 Logger logger("WireguardUtilsWindows");
 };  // namespace
-std::unique_ptr<WireguardUtilsWindows> WireguardUtilsWindows::create(
+WireguardUtilsWindows::WireguardUtilsWindows(QObject* parent)
-    WindowsFirewall* fw, QObject* parent) {
+    : WireguardUtils(parent), m_tunnel(this), m_routeMonitor(this) {
  if (!fw) {
    logger.error() << "WireguardUtilsWindows::create: no wfp handle";
    return {};
  }
  // Can't use make_unique here as the Constructor is private :(
  auto utils = new WireguardUtilsWindows(parent, fw);
  return std::unique_ptr<WireguardUtilsWindows>(utils);
 }
 WireguardUtilsWindows::WireguardUtilsWindows(QObject* parent, WindowsFirewall* fw)
    : WireguardUtils(parent), m_tunnel(this), m_firewall(fw) {
  MZ_COUNT_CTOR(WireguardUtilsWindows);
  logger.debug() << "WireguardUtilsWindows created.";
@@ -126,13 +114,13 @@ bool WireguardUtilsWindows::addInterface(const InterfaceConfig& config) {
    return false;
  }
  m_luid = luid.Value;
-  m_routeMonitor = new WindowsRouteMonitor(luid.Value, this);
+  m_routeMonitor.setLuid(luid.Value);
  if (config.m_killSwitchEnabled) {
    // Enable the windows firewall
    NET_IFINDEX ifindex;
    ConvertInterfaceLuidToIndex(&luid, &ifindex);
-    m_firewall->enableInterface(ifindex);
+    WindowsFirewall::instance()->enableKillSwitch(ifindex);
  }
  logger.debug() << "Registration completed";
@@ -140,11 +128,7 @@ bool WireguardUtilsWindows::addInterface(const InterfaceConfig& config) {
 }
 bool WireguardUtilsWindows::deleteInterface() {
-  if (m_routeMonitor) {
+  WindowsFirewall::instance()->disableKillSwitch();
    m_routeMonitor->deleteLater();
  }
  m_firewall->disableKillSwitch();
  m_tunnel.stop();
  return true;
 }
@@ -157,7 +141,7 @@ bool WireguardUtilsWindows::updatePeer(const InterfaceConfig& config) {
  if (config.m_killSwitchEnabled) {
    // Enable the windows firewall for this peer.
-    m_firewall->enablePeerTraffic(config);
+    WindowsFirewall::instance()->enablePeerTraffic(config);
  }
  logger.debug() << "Configuring peer" << publicKey.toHex()
                 << "via" << config.m_serverIpv4AddrIn;
@@ -187,9 +171,9 @@ bool WireguardUtilsWindows::updatePeer(const InterfaceConfig& config) {
  }
  // Exclude the server address, except for multihop exit servers.
-  if (m_routeMonitor && config.m_hopType != InterfaceConfig::MultiHopExit) {
+  if (config.m_hopType != InterfaceConfig::MultiHopExit) {
-    m_routeMonitor->addExclusionRoute(IPAddress(config.m_serverIpv4AddrIn));
+    m_routeMonitor.addExclusionRoute(IPAddress(config.m_serverIpv4AddrIn));
-    m_routeMonitor->addExclusionRoute(IPAddress(config.m_serverIpv6AddrIn));
+    m_routeMonitor.addExclusionRoute(IPAddress(config.m_serverIpv6AddrIn));
  }
  QString reply = m_tunnel.uapiCommand(message);
@@ -202,13 +186,13 @@ bool WireguardUtilsWindows::deletePeer(const InterfaceConfig& config) {
      QByteArray::fromBase64(qPrintable(config.m_serverPublicKey));
  // Clear exclustion routes for this peer.
-  if (m_routeMonitor && config.m_hopType != InterfaceConfig::MultiHopExit) {
+  if (config.m_hopType != InterfaceConfig::MultiHopExit) {
-    m_routeMonitor->deleteExclusionRoute(IPAddress(config.m_serverIpv4AddrIn));
+    m_routeMonitor.deleteExclusionRoute(IPAddress(config.m_serverIpv4AddrIn));
-    m_routeMonitor->deleteExclusionRoute(IPAddress(config.m_serverIpv6AddrIn));
+    m_routeMonitor.deleteExclusionRoute(IPAddress(config.m_serverIpv6AddrIn));
  }
  // Disable the windows firewall for this peer.
-  m_firewall->disablePeerTraffic(config.m_serverPublicKey);
+  WindowsFirewall::instance()->disablePeerTraffic(config.m_serverPublicKey);
  QString message;
  QTextStream out(&message);
@@ -254,13 +238,6 @@ void WireguardUtilsWindows::buildMibForwardRow(const IPAddress& prefix,
 }
 bool WireguardUtilsWindows::updateRoutePrefix(const IPAddress& prefix) {
  if (m_routeMonitor && (prefix.prefixLength() == 0)) {
    // If we are setting up a default route, instruct the route monitor to
    // capture traffic to all non-excluded destinations
    m_routeMonitor->setDetaultRouteCapture(true);
  }
  // Build the route
  MIB_IPFORWARD_ROW2 entry;
  buildMibForwardRow(prefix, &entry);
@@ -271,19 +248,13 @@ bool WireguardUtilsWindows::updateRoutePrefix(const IPAddress& prefix) {
  }
  if (result != NO_ERROR) {
    logger.error() << "Failed to create route to"
-                   << prefix.toString()
+                   << logger.sensitive(prefix.toString())
                   << "result:" << result;
  }
  return result == NO_ERROR;
 }
 bool WireguardUtilsWindows::deleteRoutePrefix(const IPAddress& prefix) {
  if (m_routeMonitor && (prefix.prefixLength() == 0)) {
    // Deactivate the route capture feature.
    m_routeMonitor->setDetaultRouteCapture(false);
  }
  // Build the route
  MIB_IPFORWARD_ROW2 entry;
  buildMibForwardRow(prefix, &entry);
@@ -294,35 +265,16 @@ bool WireguardUtilsWindows::deleteRoutePrefix(const IPAddress& prefix) {
  }
  if (result != NO_ERROR) {
    logger.error() << "Failed to delete route to"
-                   << prefix.toString()
+                   << logger.sensitive(prefix.toString())
                   << "result:" << result;
  }
  return result == NO_ERROR;
 }
 bool WireguardUtilsWindows::addExclusionRoute(const IPAddress& prefix) {
-  return m_routeMonitor->addExclusionRoute(prefix);
+  return m_routeMonitor.addExclusionRoute(prefix);
 }
 bool WireguardUtilsWindows::deleteExclusionRoute(const IPAddress& prefix) {
-  return m_routeMonitor->deleteExclusionRoute(prefix);
+  return m_routeMonitor.deleteExclusionRoute(prefix);
 }
 bool WireguardUtilsWindows::excludeLocalNetworks(
    const QList<IPAddress>& addresses) {
  // If the interface isn't up then something went horribly wrong.
  Q_ASSERT(m_routeMonitor);
  // For each destination - attempt to exclude it from the VPN tunnel.
  bool result = true;
  for (const IPAddress& prefix : addresses) {
    if (!m_routeMonitor->addExclusionRoute(prefix)) {
      result = false;
    }
  }
  // Permit LAN traffic through the firewall.
  if (!m_firewall->enableLanBypass(addresses)) {
    result = false;
  }
  return result;
 }
@@ -9,21 +9,16 @@
 #include <QHostAddress>
 #include <QObject>
 #include <QPointer>
 #include "daemon/wireguardutils.h"
 #include "windowsroutemonitor.h"
 #include "windowstunnelservice.h"
 class WindowsFirewall;
 class WindowsRouteMonitor;
 class WireguardUtilsWindows final : public WireguardUtils {
  Q_OBJECT
 public:
-  static std::unique_ptr<WireguardUtilsWindows> create(WindowsFirewall* fw,
+  WireguardUtilsWindows(QObject* parent);
                                                       QObject* parent);
  ~WireguardUtilsWindows();
  bool interfaceExists() override { return m_tunnel.isRunning(); }
@@ -44,19 +39,15 @@ class WireguardUtilsWindows final : public WireguardUtils {
  bool addExclusionRoute(const IPAddress& prefix) override;
  bool deleteExclusionRoute(const IPAddress& prefix) override;
  bool WireguardUtilsWindows::excludeLocalNetworks(const QList<IPAddress>& addresses) override;
 signals:
  void backendFailure();
 private:
  WireguardUtilsWindows(QObject* parent, WindowsFirewall* fw);
  void buildMibForwardRow(const IPAddress& prefix, void* row);
  quint64 m_luid = 0;
  WindowsTunnelService m_tunnel;
-  QPointer<WindowsRouteMonitor> m_routeMonitor;
+  WindowsRouteMonitor m_routeMonitor;
  QPointer<WindowsFirewall> m_firewall;
 };
 #endif  // WIREGUARDUTILSWINDOWS_H
@@ -4,7 +4,6 @@
 #include "windowsservicemanager.h"
 #include <QApplication>
 #include <QTimer>
 #include "Windows.h"
@@ -17,44 +16,35 @@ namespace {
 Logger logger("WindowsServiceManager");
 }
-WindowsServiceManager::WindowsServiceManager(SC_HANDLE serviceManager,
+WindowsServiceManager::WindowsServiceManager(LPCWSTR serviceName) {
                                             SC_HANDLE service)
    : QObject(qApp), m_serviceManager(serviceManager), m_service(service) {
  m_timer.setSingleShot(false);
 }
 std::unique_ptr<WindowsServiceManager> WindowsServiceManager::open(
    const QString serviceName) {
  LPCWSTR service = (const wchar_t*)serviceName.utf16();
  DWORD err = NULL;
  auto scm_rights = SC_MANAGER_CONNECT | SC_MANAGER_ENUMERATE_SERVICE |
                    SC_MANAGER_QUERY_LOCK_STATUS | STANDARD_RIGHTS_READ;
-  auto manager = OpenSCManager(NULL,  // local computer
+  m_serviceManager = OpenSCManager(NULL,  // local computer
-                               NULL,  // servicesActive database
+                                   NULL,  // servicesActive database
-                               scm_rights);
+                                   scm_rights);
  err = GetLastError();
  if (err != NULL) {
    logger.error() << " OpenSCManager failed code: " << err;
-    return {};
+    return;
  }
  logger.debug() << "OpenSCManager access given - " << err;
-  logger.debug() << "Opening Service - " << serviceName;
+  logger.debug() << "Opening Service - "
                 << QString::fromWCharArray(serviceName);
  // Try to get an elevated handle
-  auto serviceHandle =
+  m_service = OpenService(m_serviceManager,  // SCM database
-      OpenService(manager,  // SCM database
+                          serviceName,       // name of service
-                  service,  // name of service
+                          (GENERIC_READ | SERVICE_START | SERVICE_STOP));
                  (GENERIC_READ | SERVICE_START | SERVICE_STOP));
  err = GetLastError();
  if (err != NULL) {
    CloseServiceHandle(manager);
    WindowsUtils::windowsLog("OpenService failed");
-    return {};
+    return;
  }
  m_has_access = true;
  m_timer.setSingleShot(false);
  logger.debug() << "Service manager execute access granted";
  return std::make_unique<WindowsServiceManager>(manager, serviceHandle);
 }
 WindowsServiceManager::~WindowsServiceManager() {
@@ -95,6 +85,10 @@ bool WindowsServiceManager::startPolling(DWORD goal_state, int max_wait_sec) {
 SERVICE_STATUS_PROCESS WindowsServiceManager::getStatus() {
  SERVICE_STATUS_PROCESS serviceStatus;
  if (!m_has_access) {
    logger.debug() << "Need read access to get service state";
    return serviceStatus;
  }
  DWORD dwBytesNeeded;  // Contains missing bytes if struct is too small?
  QueryServiceStatusEx(m_service,                       // handle to service
                       SC_STATUS_PROCESS_INFO,          // information level
@@ -125,6 +119,10 @@ bool WindowsServiceManager::startService() {
 }
 bool WindowsServiceManager::stopService() {
  if (!m_has_access) {
    logger.error() << "Need execute access to stop services";
    return false;
  }
  auto state = getStatus().dwCurrentState;
  if (state != SERVICE_RUNNING && state != SERVICE_START_PENDING) {
    logger.warning() << ("Service stop not possible, as its not running");
@@ -12,7 +12,7 @@
 #include "Winsvc.h"
 /**
- * @brief The WindowsServiceManager provides control over the a
+ * @brief The WindowsServiceManager provides control over the MozillaVPNBroker
 * service via SCM
 */
 class WindowsServiceManager : public QObject {
@@ -20,10 +20,7 @@ class WindowsServiceManager : public QObject {
  Q_DISABLE_COPY_MOVE(WindowsServiceManager)
 public:
-  // Creates a WindowsServiceManager for the Named service.
+  WindowsServiceManager(LPCWSTR serviceName);
  // returns nullptr if
  static std::unique_ptr<WindowsServiceManager> open(const QString serviceName);
  WindowsServiceManager(SC_HANDLE serviceManager, SC_HANDLE service);
  ~WindowsServiceManager();
  // true if the Service is running
@@ -48,6 +45,8 @@ class WindowsServiceManager : public QObject {
  // See
  // SERVICE_STOPPED,SERVICE_STOP_PENDING,SERVICE_START_PENDING,SERVICE_RUNNING
  SERVICE_STATUS_PROCESS getStatus();
  bool m_has_access = false;
  LPWSTR m_serviceName;
  SC_HANDLE m_serviceManager;
  SC_HANDLE m_service;  // Service handle with r/w priv.
  DWORD m_state_target;
@@ -1,14 +1,17 @@
 #include "xrayprotocol.h"
 #include "utilities.h"
 #include "containers/containers_defs.h"
 #include "core/networkUtilities.h"
 #include <QCryptographicHash>
 #include <QJsonDocument>
 #include <QJsonObject>
 #include <QNetworkInterface>
 #include "core/networkUtilities.h"
 #include "utilities.h"
-XrayProtocol::XrayProtocol(const QJsonObject &configuration, QObject *parent) : VpnProtocol(configuration, parent)
+XrayProtocol::XrayProtocol(const QJsonObject &configuration, QObject *parent):
    VpnProtocol(configuration, parent)
 {
    readXrayConfiguration(configuration);
    m_routeGateway = NetworkUtilities::getGatewayAndIface();
@@ -19,8 +22,9 @@ XrayProtocol::XrayProtocol(const QJsonObject &configuration, QObject *parent) :
 XrayProtocol::~XrayProtocol()
 {
    qDebug() << "XrayProtocol::~XrayProtocol()";
    XrayProtocol::stop();
    QThread::msleep(200);
    m_xrayProcess.close();
 }
 ErrorCode XrayProtocol::start()
@@ -32,6 +36,10 @@ ErrorCode XrayProtocol::start()
        return lastError();
    }
    if (Utils::processIsRunning(Utils::executable(xrayExecPath(), true))) {
        Utils::killProcessByName(Utils::executable(xrayExecPath(), true));
    }
 #ifdef QT_DEBUG
    m_xrayCfgFile.setAutoRemove(false);
 #endif
@@ -43,16 +51,12 @@ ErrorCode XrayProtocol::start()
    QStringList args = QStringList() << "-c" << m_xrayCfgFile.fileName() << "-format=json";
-    qDebug().noquote() << "XrayProtocol::start()" << xrayExecPath() << args.join(" ");
+    qDebug().noquote() << "XrayProtocol::start()"
                       << xrayExecPath() << args.join(" ");
    m_xrayProcess.setProcessChannelMode(QProcess::MergedChannels);
    m_xrayProcess.setProgram(xrayExecPath());
    if (Utils::processIsRunning(Utils::executable("xray", false))) {
        qDebug().noquote() << "kill previos xray";
        Utils::killProcessByName(Utils::executable("xray", false));
    }
    m_xrayProcess.setArguments(args);
    connect(&m_xrayProcess, &QProcess::readyReadStandardOutput, this, [this]() {
@@ -61,15 +65,18 @@ ErrorCode XrayProtocol::start()
 #endif
    });
-    connect(&m_xrayProcess, QOverload<int, QProcess::ExitStatus>::of(&QProcess::finished), this,
+    connect(&m_xrayProcess, QOverload<int, QProcess::ExitStatus>::of(&QProcess::finished), this, [this](int exitCode, QProcess::ExitStatus exitStatus) {
-            [this](int exitCode, QProcess::ExitStatus exitStatus) {
+        qDebug().noquote() << "XrayProtocol finished, exitCode, exitStatus" << exitCode << exitStatus;
-                qDebug().noquote() << "XrayProtocol finished, exitCode, exitStatus" << exitCode << exitStatus;
+        setConnectionState(Vpn::ConnectionState::Disconnected);
-                setConnectionState(Vpn::ConnectionState::Disconnected);
+        if (exitStatus != QProcess::NormalExit) {
-                if ((exitStatus != QProcess::NormalExit) || (exitCode != 0)) {
+            emit protocolError(amnezia::ErrorCode::XrayExecutableCrashed);
-                    emit protocolError(amnezia::ErrorCode::XrayExecutableCrashed);
+            stop();
-                    emit setConnectionState(Vpn::ConnectionState::Error);
+        }
-                }
+        if (exitCode != 0) {
-            });
+            emit protocolError(amnezia::ErrorCode::InternalError);
            stop();
        }
    });
    m_xrayProcess.start();
    m_xrayProcess.waitForStarted();
@@ -78,10 +85,11 @@ ErrorCode XrayProtocol::start()
        setConnectionState(Vpn::ConnectionState::Connecting);
        QThread::msleep(1000);
        return startTun2Sock();
-    } else
+    }
-        return ErrorCode::XrayExecutableMissing;
+    else return ErrorCode::XrayExecutableMissing;
 }
 ErrorCode XrayProtocol::startTun2Sock()
 {
    m_t2sProcess->start();
@@ -93,68 +101,71 @@ ErrorCode XrayProtocol::startTun2Sock()
    connect(m_t2sProcess.data(), &IpcProcessTun2SocksReplica::stateChanged, this,
            [&](QProcess::ProcessState newState) { qDebug() << "PrivilegedProcess stateChanged" << newState; });
-    connect(m_t2sProcess.data(), &IpcProcessTun2SocksReplica::setConnectionState, this, [&](int vpnState) {
+    connect(m_t2sProcess.data(), &IpcProcessTun2SocksReplica::setConnectionState, this,
-        qDebug() << "PrivilegedProcess setConnectionState " << vpnState;
+            [&](int vpnState) {
-        if (vpnState == Vpn::ConnectionState::Connected) {
+                qDebug() << "PrivilegedProcess setConnectionState " << vpnState;
-            setConnectionState(Vpn::ConnectionState::Connecting);
+                if (vpnState == Vpn::ConnectionState::Connected)
-            QList<QHostAddress> dnsAddr;
+                {
-            dnsAddr.push_back(QHostAddress(m_configData.value(config_key::dns1).toString()));
+                    setConnectionState(Vpn::ConnectionState::Connecting);
-            dnsAddr.push_back(QHostAddress(m_configData.value(config_key::dns2).toString()));
+                    QList<QHostAddress> dnsAddr;
                    dnsAddr.push_back(QHostAddress(m_configData.value(config_key::dns1).toString()));
                    dnsAddr.push_back(QHostAddress(m_configData.value(config_key::dns2).toString()));
 #ifdef Q_OS_WIN
-            QThread::msleep(8000);
+                    QThread::msleep(8000);
 #endif
 #ifdef Q_OS_MACOS
-            QThread::msleep(5000);
+                    QThread::msleep(5000);
-            IpcClient::Interface()->createTun("utun22", amnezia::protocols::xray::defaultLocalAddr);
+                    IpcClient::Interface()->createTun("utun22", amnezia::protocols::xray::defaultLocalAddr);
-            IpcClient::Interface()->updateResolvers("utun22", dnsAddr);
+                    IpcClient::Interface()->updateResolvers("utun22", dnsAddr);
 #endif
 #ifdef Q_OS_LINUX
-            QThread::msleep(1000);
+                    QThread::msleep(1000);
-            IpcClient::Interface()->createTun("tun2", amnezia::protocols::xray::defaultLocalAddr);
+                    IpcClient::Interface()->createTun("tun2", amnezia::protocols::xray::defaultLocalAddr);
-            IpcClient::Interface()->updateResolvers("tun2", dnsAddr);
+                    IpcClient::Interface()->updateResolvers("tun2", dnsAddr);
 #endif
 #if defined(Q_OS_LINUX) || defined(Q_OS_MACOS)
            // killSwitch toggle
            if (QVariant(m_configData.value(config_key::killSwitchOption).toString()).toBool()) {
                m_configData.insert("vpnServer", m_remoteAddress);
                IpcClient::Interface()->enableKillSwitch(m_configData, 0);
            }
 #endif
            if (m_routeMode == Settings::RouteMode::VpnAllSites) {
                IpcClient::Interface()->routeAddList(m_vpnGateway, QStringList() << "0.0.0.0/1");
                IpcClient::Interface()->routeAddList(m_vpnGateway, QStringList() << "128.0.0.0/1");
                IpcClient::Interface()->routeAddList(m_routeGateway, QStringList() << m_remoteAddress);
            }
            IpcClient::Interface()->StopRoutingIpv6();
 #ifdef Q_OS_WIN
            IpcClient::Interface()->updateResolvers("tun2", dnsAddr);
            QList<QNetworkInterface> netInterfaces = QNetworkInterface::allInterfaces();
            for (int i = 0; i < netInterfaces.size(); i++) {
                for (int j = 0; j < netInterfaces.at(i).addressEntries().size(); j++) {
                    // killSwitch toggle
-                    if (m_vpnLocalAddress == netInterfaces.at(i).addressEntries().at(j).ip().toString()) {
+                    if (QVariant(m_configData.value(config_key::killSwitchOption).toString()).toBool()) {
                        if (QVariant(m_configData.value(config_key::killSwitchOption).toString()).toBool()) {
                            IpcClient::Interface()->enableKillSwitch(QJsonObject(), netInterfaces.at(i).index());
                        }
                        m_configData.insert("vpnAdapterIndex", netInterfaces.at(i).index());
                        m_configData.insert("vpnGateway", m_vpnGateway);
                        m_configData.insert("vpnServer", m_remoteAddress);
-                        IpcClient::Interface()->enablePeerTraffic(m_configData);
+                        IpcClient::Interface()->enableKillSwitch(m_configData, 0);
                    }
 #endif
                    if (m_routeMode == 0) {
                        IpcClient::Interface()->routeAddList(m_vpnGateway, QStringList() << "0.0.0.0/1");
                        IpcClient::Interface()->routeAddList(m_vpnGateway, QStringList() << "128.0.0.0/1");
                        IpcClient::Interface()->routeAddList(m_routeGateway, QStringList() << m_remoteAddress);
                    }
                    IpcClient::Interface()->StopRoutingIpv6();
 #ifdef Q_OS_WIN
                    IpcClient::Interface()->updateResolvers("tun2", dnsAddr);
                    QList<QNetworkInterface> netInterfaces = QNetworkInterface::allInterfaces();
                    for (int i = 0; i < netInterfaces.size(); i++) {
                        for (int j = 0; j < netInterfaces.at(i).addressEntries().size(); j++)
                        {
                            // killSwitch toggle
                            if (m_vpnLocalAddress == netInterfaces.at(i).addressEntries().at(j).ip().toString()) {
                                if (QVariant(m_configData.value(config_key::killSwitchOption).toString()).toBool()) {
                                    IpcClient::Interface()->enableKillSwitch(QJsonObject(), netInterfaces.at(i).index());
                                }
                                m_configData.insert("vpnAdapterIndex", netInterfaces.at(i).index());
                                m_configData.insert("vpnGateway", m_vpnGateway);
                                m_configData.insert("vpnServer", m_remoteAddress);
                                IpcClient::Interface()->enablePeerTraffic(m_configData);
                            }
                        }
                    }
 #endif
                    setConnectionState(Vpn::ConnectionState::Connected);
                }
            }
 #endif
            setConnectionState(Vpn::ConnectionState::Connected);
        }
 #if !defined(Q_OS_MACOS)
-        if (vpnState == Vpn::ConnectionState::Disconnected) {
+                if (vpnState == Vpn::ConnectionState::Disconnected) {
-            setConnectionState(Vpn::ConnectionState::Disconnected);
+                    setConnectionState(Vpn::ConnectionState::Disconnected);
-            IpcClient::Interface()->deleteTun("tun2");
+                    IpcClient::Interface()->deleteTun("tun2");
-            IpcClient::Interface()->StartRoutingIpv6();
+                    IpcClient::Interface()->StartRoutingIpv6();
-            IpcClient::Interface()->clearSavedRoutes();
+                    IpcClient::Interface()->clearSavedRoutes();
-        }
+                }
 #endif
-    });
+            });
    return ErrorCode::NoError;
 }
@@ -166,14 +177,14 @@ void XrayProtocol::stop()
    IpcClient::Interface()->StartRoutingIpv6();
 #endif
    qDebug() << "XrayProtocol::stop()";
-    m_xrayProcess.disconnect();
+    m_xrayProcess.terminate();
    m_xrayProcess.kill();
    m_xrayProcess.waitForFinished(3000);
    if (m_t2sProcess) {
        m_t2sProcess->stop();
    }
-    setConnectionState(Vpn::ConnectionState::Disconnected);
+#ifdef Q_OS_WIN
    Utils::signalCtrl(m_xrayProcess.processId(), CTRL_C_EVENT);
 #endif
 }
 QString XrayProtocol::xrayExecPath()
@@ -196,7 +207,7 @@ void XrayProtocol::readXrayConfiguration(const QJsonObject &configuration)
    m_localPort = QString(amnezia::protocols::xray::defaultLocalProxyPort).toInt();
    m_remoteHost = configuration.value(amnezia::config_key::hostName).toString();
    m_remoteAddress = NetworkUtilities::getIPAddress(m_remoteHost);
-    m_routeMode = static_cast<Settings::RouteMode>(configuration.value(amnezia::config_key::splitTunnelType).toInt());
+    m_routeMode = configuration.value(amnezia::config_key::splitTunnelType).toInt();
    m_primaryDNS = configuration.value(amnezia::config_key::dns1).toString();
    m_secondaryDNS = configuration.value(amnezia::config_key::dns2).toString();
 }
@@ -1,16 +1,14 @@
 #ifndef XRAYPROTOCOL_H
 #define XRAYPROTOCOL_H
 #include "QProcess"
 #include "containers/containers_defs.h"
 #include "openvpnprotocol.h"
-#include "settings.h"
+#include "QProcess"
 #include "containers/containers_defs.h"
 class XrayProtocol : public VpnProtocol
 {
 public:
-    XrayProtocol(const QJsonObject &configuration, QObject *parent = nullptr);
+    XrayProtocol(const QJsonObject& configuration, QObject* parent = nullptr);
    virtual ~XrayProtocol() override;
    ErrorCode start() override;
@@ -26,12 +24,11 @@ protected:
 private:
    static QString xrayExecPath();
    static QString tun2SocksExecPath();
 private:
    int m_localPort;
    QString m_remoteHost;
    QString m_remoteAddress;
-    Settings::RouteMode m_routeMode;
+    int m_routeMode;
    QJsonObject m_configData;
    QString m_primaryDNS;
    QString m_secondaryDNS;
@@ -40,6 +37,7 @@ private:
    QSharedPointer<IpcProcessTun2SocksReplica> m_t2sProcess;
 #endif
    QTemporaryFile m_xrayCfgFile;
 };
 #endif // XRAYPROTOCOL_H
@@ -1,229 +1,225 @@
 <RCC>
    <qresource prefix="/">
        <file>fonts/pt-root-ui_vf.ttf</file>
        <file>images/amneziaBigLogo.png</file>
        <file>images/AmneziaVPN.png</file>
        <file>images/controls/alert-circle.svg</file>
        <file>images/controls/amnezia.svg</file>
        <file>images/controls/app.svg</file>
        <file>images/controls/archive-restore.svg</file>
        <file>images/controls/arrow-left.svg</file>
        <file>images/controls/arrow-right.svg</file>
        <file>images/controls/bug.svg</file>
        <file>images/controls/check.svg</file>
        <file>images/controls/chevron-down.svg</file>
        <file>images/controls/chevron-right.svg</file>
        <file>images/controls/chevron-up.svg</file>
        <file>images/controls/close.svg</file>
        <file>images/controls/copy.svg</file>
        <file>images/controls/delete.svg</file>
        <file>images/controls/download.svg</file>
        <file>images/controls/edit-3.svg</file>
        <file>images/controls/eye-off.svg</file>
        <file>images/controls/eye.svg</file>
        <file>images/controls/external-link.svg</file>
        <file>images/controls/file-check-2.svg</file>
        <file>images/controls/file-cog-2.svg</file>
        <file>images/controls/folder-open.svg</file>
        <file>images/controls/folder-search-2.svg</file>
        <file>images/controls/gauge.svg</file>
        <file>images/controls/github.svg</file>
        <file>images/controls/help-circle.svg</file>
        <file>images/controls/history.svg</file>
        <file>images/controls/home.svg</file>
        <file>images/controls/info.svg</file>
        <file>images/controls/mail.svg</file>
        <file>images/controls/map-pin.svg</file>
        <file>images/controls/more-vertical.svg</file>
        <file>images/controls/plus.svg</file>
        <file>images/controls/qr-code.svg</file>
        <file>images/controls/radio-button-inner-circle-pressed.png</file>
        <file>images/controls/radio-button-inner-circle.png</file>
        <file>images/controls/radio-button-pressed.svg</file>
        <file>images/controls/radio-button.svg</file>
        <file>images/controls/radio.svg</file>
        <file>images/controls/refresh-cw.svg</file>
        <file>images/controls/save.svg</file>
        <file>images/controls/scan-line.svg</file>
        <file>images/controls/search.svg</file>
        <file>images/controls/server.svg</file>
        <file>images/controls/settings-2.svg</file>
        <file>images/controls/settings.svg</file>
        <file>images/controls/share-2.svg</file>
        <file>images/controls/split-tunneling.svg</file>
        <file>images/controls/tag.svg</file>
        <file>images/controls/telegram.svg</file>
        <file>images/controls/text-cursor.svg</file>
        <file>images/controls/trash.svg</file>
        <file>images/controls/x-circle.svg</file>
        <file>images/tray/active.png</file>
        <file>images/tray/default.png</file>
        <file>images/tray/error.png</file>
-        <file>server_scripts/awg/configure_container.sh</file>
+        <file>images/AmneziaVPN.png</file>
-        <file>server_scripts/awg/Dockerfile</file>
+        <file>server_scripts/remove_container.sh</file>
-        <file>server_scripts/awg/run_container.sh</file>
+        <file>server_scripts/setup_host_firewall.sh</file>
        <file>server_scripts/awg/start.sh</file>
        <file>server_scripts/awg/template.conf</file>
        <file>server_scripts/build_container.sh</file>
        <file>server_scripts/check_connection.sh</file>
        <file>server_scripts/check_server_is_busy.sh</file>
        <file>server_scripts/check_user_in_sudo.sh</file>
        <file>server_scripts/dns/configure_container.sh</file>
        <file>server_scripts/dns/Dockerfile</file>
        <file>server_scripts/dns/run_container.sh</file>
        <file>server_scripts/install_docker.sh</file>
        <file>server_scripts/ipsec/configure_container.sh</file>
        <file>server_scripts/ipsec/Dockerfile</file>
        <file>server_scripts/ipsec/mobileconfig.plist</file>
        <file>server_scripts/ipsec/run_container.sh</file>
        <file>server_scripts/ipsec/start.sh</file>
        <file>server_scripts/ipsec/strongswan.profile</file>
        <file>server_scripts/openvpn_cloak/configure_container.sh</file>
        <file>server_scripts/openvpn_cloak/Dockerfile</file>
-        <file>server_scripts/openvpn_cloak/run_container.sh</file>
+        <file>server_scripts/openvpn_cloak/configure_container.sh</file>
        <file>server_scripts/openvpn_cloak/start.sh</file>
        <file>server_scripts/openvpn_cloak/template.ovpn</file>
        <file>server_scripts/install_docker.sh</file>
        <file>server_scripts/build_container.sh</file>
        <file>server_scripts/prepare_host.sh</file>
        <file>server_scripts/check_connection.sh</file>
        <file>server_scripts/remove_all_containers.sh</file>
        <file>server_scripts/openvpn_cloak/run_container.sh</file>
        <file>server_scripts/openvpn/configure_container.sh</file>
        <file>server_scripts/openvpn/run_container.sh</file>
        <file>server_scripts/openvpn/template.ovpn</file>
        <file>server_scripts/openvpn/Dockerfile</file>
        <file>server_scripts/openvpn/start.sh</file>
        <file>server_scripts/openvpn_shadowsocks/configure_container.sh</file>
        <file>server_scripts/openvpn_shadowsocks/Dockerfile</file>
        <file>server_scripts/openvpn_shadowsocks/run_container.sh</file>
        <file>server_scripts/openvpn_shadowsocks/start.sh</file>
        <file>server_scripts/openvpn_shadowsocks/template.ovpn</file>
        <file>server_scripts/openvpn/configure_container.sh</file>
        <file>server_scripts/openvpn/Dockerfile</file>
        <file>server_scripts/openvpn/run_container.sh</file>
        <file>server_scripts/openvpn/start.sh</file>
        <file>server_scripts/openvpn/template.ovpn</file>
        <file>server_scripts/prepare_host.sh</file>
        <file>server_scripts/remove_all_containers.sh</file>
        <file>server_scripts/remove_container.sh</file>
        <file>server_scripts/setup_host_firewall.sh</file>
        <file>server_scripts/sftp/configure_container.sh</file>
        <file>server_scripts/sftp/Dockerfile</file>
        <file>server_scripts/sftp/run_container.sh</file>
        <file>server_scripts/socks5_proxy/configure_container.sh</file>
        <file>server_scripts/socks5_proxy/Dockerfile</file>
        <file>server_scripts/socks5_proxy/run_container.sh</file>
        <file>server_scripts/socks5_proxy/start.sh</file>
        <file>server_scripts/website_tor/configure_container.sh</file>
        <file>server_scripts/website_tor/Dockerfile</file>
        <file>server_scripts/website_tor/run_container.sh</file>
        <file>server_scripts/wireguard/configure_container.sh</file>
        <file>server_scripts/wireguard/Dockerfile</file>
        <file>server_scripts/wireguard/run_container.sh</file>
        <file>server_scripts/wireguard/start.sh</file>
        <file>server_scripts/wireguard/template.conf</file>
        <file>server_scripts/website_tor/configure_container.sh</file>
        <file>server_scripts/website_tor/run_container.sh</file>
        <file>ui/qml/Config/GlobalConfig.qml</file>
        <file>ui/qml/Config/qmldir</file>
        <file>server_scripts/check_server_is_busy.sh</file>
        <file>server_scripts/dns/configure_container.sh</file>
        <file>server_scripts/dns/Dockerfile</file>
        <file>server_scripts/dns/run_container.sh</file>
        <file>server_scripts/sftp/configure_container.sh</file>
        <file>server_scripts/sftp/Dockerfile</file>
        <file>server_scripts/sftp/run_container.sh</file>
        <file>server_scripts/ipsec/configure_container.sh</file>
        <file>server_scripts/ipsec/Dockerfile</file>
        <file>server_scripts/ipsec/run_container.sh</file>
        <file>server_scripts/ipsec/start.sh</file>
        <file>server_scripts/ipsec/mobileconfig.plist</file>
        <file>server_scripts/ipsec/strongswan.profile</file>
        <file>server_scripts/website_tor/Dockerfile</file>
        <file>server_scripts/check_user_in_sudo.sh</file>
        <file>ui/qml/Controls2/BasicButtonType.qml</file>
        <file>ui/qml/Controls2/TextFieldWithHeaderType.qml</file>
        <file>ui/qml/Controls2/LabelWithButtonType.qml</file>
        <file>images/controls/arrow-right.svg</file>
        <file>images/controls/chevron-right.svg</file>
        <file>ui/qml/Controls2/ImageButtonType.qml</file>
        <file>ui/qml/Controls2/CardType.qml</file>
        <file>ui/qml/Controls2/CheckBoxType.qml</file>
        <file>images/controls/check.svg</file>
        <file>ui/qml/Controls2/DropDownType.qml</file>
        <file>ui/qml/Pages2/PageSetupWizardStart.qml</file>
        <file>ui/qml/main2.qml</file>
        <file>images/amneziaBigLogo.png</file>
        <file>ui/qml/Controls2/FlickableType.qml</file>
        <file>ui/qml/Pages2/PageSetupWizardCredentials.qml</file>
        <file>ui/qml/Controls2/HeaderType.qml</file>
        <file>images/controls/arrow-left.svg</file>
        <file>ui/qml/Pages2/PageSetupWizardProtocols.qml</file>
        <file>ui/qml/Pages2/PageSetupWizardEasy.qml</file>
        <file>images/controls/chevron-down.svg</file>
        <file>images/controls/chevron-up.svg</file>
        <file>ui/qml/Controls2/TextTypes/ParagraphTextType.qml</file>
        <file>ui/qml/Controls2/TextTypes/Header2TextType.qml</file>
        <file>ui/qml/Controls2/HorizontalRadioButton.qml</file>
        <file>ui/qml/Controls2/VerticalRadioButton.qml</file>
        <file>ui/qml/Controls2/SwitcherType.qml</file>
        <file>ui/qml/Controls2/TabButtonType.qml</file>
        <file>ui/qml/Pages2/PageSetupWizardProtocolSettings.qml</file>
        <file>ui/qml/Pages2/PageSetupWizardInstalling.qml</file>
        <file>ui/qml/Pages2/PageSetupWizardConfigSource.qml</file>
        <file>images/controls/folder-open.svg</file>
        <file>images/controls/qr-code.svg</file>
        <file>images/controls/text-cursor.svg</file>
        <file>ui/qml/Pages2/PageSetupWizardTextKey.qml</file>
        <file>ui/qml/Pages2/PageStart.qml</file>
        <file>ui/qml/Controls2/TabImageButtonType.qml</file>
        <file>images/controls/home.svg</file>
        <file>images/controls/settings-2.svg</file>
        <file>images/controls/share-2.svg</file>
        <file>ui/qml/Pages2/PageHome.qml</file>
        <file>ui/qml/Pages2/PageSettingsServersList.qml</file>
        <file>ui/qml/Pages2/PageShare.qml</file>
        <file>ui/qml/Controls2/TextTypes/Header1TextType.qml</file>
        <file>ui/qml/Controls2/TextTypes/LabelTextType.qml</file>
        <file>ui/qml/Controls2/TextTypes/ButtonTextType.qml</file>
        <file>ui/qml/Controls2/Header2Type.qml</file>
        <file>images/controls/plus.svg</file>
        <file>ui/qml/Components/ConnectButton.qml</file>
        <file>images/controls/download.svg</file>
        <file>ui/qml/Controls2/ProgressBarType.qml</file>
        <file>ui/qml/Components/ConnectionTypeSelectionDrawer.qml</file>
        <file>ui/qml/Components/HomeContainersListView.qml</file>
        <file>ui/qml/Controls2/TextTypes/CaptionTextType.qml</file>
        <file>images/controls/settings.svg</file>
        <file>ui/qml/Pages2/PageSettingsServerInfo.qml</file>
        <file>ui/qml/Controls2/PageType.qml</file>
        <file>ui/qml/Controls2/PopupType.qml</file>
        <file>images/controls/edit-3.svg</file>
        <file>ui/qml/Pages2/PageSettingsServerData.qml</file>
        <file>ui/qml/Components/SettingsContainersListView.qml</file>
        <file>ui/qml/Controls2/TextTypes/ListItemTitleType.qml</file>
        <file>ui/qml/Controls2/DividerType.qml</file>
        <file>ui/qml/Controls2/StackViewType.qml</file>
        <file>ui/qml/Pages2/PageSettings.qml</file>
        <file>images/controls/amnezia.svg</file>
        <file>images/controls/app.svg</file>
        <file>images/controls/radio.svg</file>
        <file>images/controls/save.svg</file>
        <file>images/controls/server.svg</file>
        <file>ui/qml/Pages2/PageSettingsServerProtocols.qml</file>
        <file>ui/qml/Pages2/PageSettingsServerServices.qml</file>
        <file>ui/qml/Pages2/PageSetupWizardViewConfig.qml</file>
        <file>images/controls/file-cog-2.svg</file>
        <file>ui/qml/Components/QuestionDrawer.qml</file>
        <file>ui/qml/Pages2/PageDeinstalling.qml</file>
        <file>ui/qml/Controls2/BackButtonType.qml</file>
        <file>ui/qml/Pages2/PageSettingsServerProtocol.qml</file>
        <file>ui/qml/Components/TransportProtoSelector.qml</file>
        <file>ui/qml/Controls2/ListViewWithRadioButtonType.qml</file>
        <file>images/controls/radio-button.svg</file>
        <file>images/controls/radio-button-inner-circle.png</file>
        <file>images/controls/radio-button-pressed.svg</file>
        <file>images/controls/radio-button-inner-circle-pressed.png</file>
        <file>ui/qml/Components/ShareConnectionDrawer.qml</file>
        <file>ui/qml/Pages2/PageSettingsConnection.qml</file>
        <file>ui/qml/Pages2/PageSettingsDns.qml</file>
        <file>ui/qml/Pages2/PageSettingsApplication.qml</file>
        <file>ui/qml/Pages2/PageSettingsBackup.qml</file>
        <file>images/controls/delete.svg</file>
        <file>ui/qml/Pages2/PageSettingsAbout.qml</file>
        <file>images/controls/github.svg</file>
        <file>images/controls/mail.svg</file>
        <file>images/controls/telegram.svg</file>
        <file>ui/qml/Controls2/TextTypes/SmallTextType.qml</file>
        <file>ui/qml/Filters/ContainersModelFilters.qml</file>
        <file>ui/qml/Components/SelectLanguageDrawer.qml</file>
        <file>ui/qml/Controls2/BusyIndicatorType.qml</file>
        <file>ui/qml/Pages2/PageProtocolOpenVpnSettings.qml</file>
        <file>ui/qml/Pages2/PageProtocolShadowSocksSettings.qml</file>
        <file>ui/qml/Pages2/PageProtocolCloakSettings.qml</file>
        <file>ui/qml/Pages2/PageProtocolXraySettings.qml</file>
        <file>ui/qml/Pages2/PageProtocolRaw.qml</file>
        <file>ui/qml/Pages2/PageSettingsLogging.qml</file>
        <file>ui/qml/Pages2/PageServiceSftpSettings.qml</file>
        <file>images/controls/copy.svg</file>
        <file>ui/qml/Pages2/PageServiceTorWebsiteSettings.qml</file>
        <file>ui/qml/Pages2/PageSetupWizardQrReader.qml</file>
        <file>images/controls/eye.svg</file>
        <file>images/controls/eye-off.svg</file>
        <file>ui/qml/Pages2/PageSettingsSplitTunneling.qml</file>
        <file>ui/qml/Controls2/ContextMenuType.qml</file>
        <file>ui/qml/Controls2/TextAreaType.qml</file>
        <file>images/controls/trash.svg</file>
        <file>images/controls/more-vertical.svg</file>
        <file>ui/qml/Controls2/ListViewWithLabelsType.qml</file>
        <file>ui/qml/Pages2/PageServiceDnsSettings.qml</file>
        <file>ui/qml/Controls2/TopCloseButtonType.qml</file>
        <file>images/controls/x-circle.svg</file>
        <file>ui/qml/Pages2/PageProtocolAwgSettings.qml</file>
        <file>server_scripts/awg/template.conf</file>
        <file>server_scripts/awg/start.sh</file>
        <file>server_scripts/awg/configure_container.sh</file>
        <file>server_scripts/awg/run_container.sh</file>
        <file>server_scripts/awg/Dockerfile</file>
        <file>ui/qml/Pages2/PageShareFullAccess.qml</file>
        <file>images/controls/close.svg</file>
        <file>images/controls/search.svg</file>
        <file>server_scripts/xray/configure_container.sh</file>
        <file>server_scripts/xray/Dockerfile</file>
        <file>server_scripts/xray/run_container.sh</file>
        <file>server_scripts/xray/start.sh</file>
        <file>server_scripts/xray/template.json</file>
        <file>ui/qml/Components/AdLabel.qml</file>
        <file>ui/qml/Components/ConnectButton.qml</file>
        <file>ui/qml/Components/ConnectionTypeSelectionDrawer.qml</file>
        <file>ui/qml/Components/HomeContainersListView.qml</file>
        <file>ui/qml/Components/HomeSplitTunnelingDrawer.qml</file>
        <file>ui/qml/Components/InstalledAppsDrawer.qml</file>
        <file>ui/qml/Components/QuestionDrawer.qml</file>
        <file>ui/qml/Components/SelectLanguageDrawer.qml</file>
        <file>ui/qml/Components/ServersListView.qml</file>
        <file>ui/qml/Components/SettingsContainersListView.qml</file>
        <file>ui/qml/Components/ShareConnectionDrawer.qml</file>
        <file>ui/qml/Components/TransportProtoSelector.qml</file>
        <file>ui/qml/Config/GlobalConfig.qml</file>
        <file>ui/qml/Config/qmldir</file>
        <file>ui/qml/Controls2/BackButtonType.qml</file>
        <file>ui/qml/Controls2/BasicButtonType.qml</file>
        <file>ui/qml/Controls2/BusyIndicatorType.qml</file>
        <file>ui/qml/Controls2/CardType.qml</file>
        <file>ui/qml/Controls2/CardWithIconsType.qml</file>
        <file>ui/qml/Controls2/CheckBoxType.qml</file>
        <file>ui/qml/Controls2/ContextMenuType.qml</file>
        <file>ui/qml/Controls2/DividerType.qml</file>
        <file>ui/qml/Controls2/DrawerType2.qml</file>
        <file>ui/qml/Controls2/DropDownType.qml</file>
        <file>ui/qml/Controls2/FlickableType.qml</file>
        <file>ui/qml/Controls2/Header2Type.qml</file>
        <file>ui/qml/Controls2/HeaderType.qml</file>
        <file>ui/qml/Controls2/HorizontalRadioButton.qml</file>
        <file>ui/qml/Controls2/ImageButtonType.qml</file>
        <file>ui/qml/Controls2/LabelWithButtonType.qml</file>
        <file>ui/qml/Controls2/LabelWithImageType.qml</file>
        <file>ui/qml/Controls2/ListViewWithLabelsType.qml</file>
        <file>ui/qml/Controls2/ListViewWithRadioButtonType.qml</file>
        <file>ui/qml/Controls2/PageType.qml</file>
        <file>ui/qml/Controls2/PopupType.qml</file>
        <file>ui/qml/Controls2/ProgressBarType.qml</file>
        <file>ui/qml/Controls2/ScrollBarType.qml</file>
        <file>ui/qml/Controls2/StackViewType.qml</file>
        <file>ui/qml/Controls2/SwitcherType.qml</file>
        <file>ui/qml/Controls2/TabButtonType.qml</file>
        <file>ui/qml/Controls2/TabImageButtonType.qml</file>
        <file>ui/qml/Controls2/TextAreaType.qml</file>
        <file>ui/qml/Controls2/TextAreaWithFooterType.qml</file>
        <file>ui/qml/Controls2/TextFieldWithHeaderType.qml</file>
        <file>ui/qml/Controls2/TextTypes/ButtonTextType.qml</file>
        <file>ui/qml/Controls2/TextTypes/CaptionTextType.qml</file>
        <file>ui/qml/Controls2/TextTypes/Header1TextType.qml</file>
        <file>ui/qml/Controls2/TextTypes/Header2TextType.qml</file>
        <file>ui/qml/Controls2/TextTypes/LabelTextType.qml</file>
        <file>ui/qml/Controls2/TextTypes/ListItemTitleType.qml</file>
        <file>ui/qml/Controls2/TextTypes/ParagraphTextType.qml</file>
        <file>ui/qml/Controls2/TextTypes/SmallTextType.qml</file>
        <file>ui/qml/Controls2/TopCloseButtonType.qml</file>
        <file>ui/qml/Controls2/VerticalRadioButton.qml</file>
        <file>ui/qml/Controls2/WarningType.qml</file>
        <file>ui/qml/Filters/ContainersModelFilters.qml</file>
        <file>ui/qml/main2.qml</file>
        <file>ui/qml/Modules/Style/AmneziaStyle.qml</file>
        <file>ui/qml/Modules/Style/qmldir</file>
        <file>ui/qml/Pages2/PageDeinstalling.qml</file>
        <file>ui/qml/Pages2/PageDevMenu.qml</file>
        <file>ui/qml/Pages2/PageHome.qml</file>
        <file>ui/qml/Pages2/PageProtocolAwgSettings.qml</file>
        <file>ui/qml/Pages2/PageProtocolCloakSettings.qml</file>
        <file>ui/qml/Pages2/PageProtocolOpenVpnSettings.qml</file>
        <file>ui/qml/Pages2/PageProtocolRaw.qml</file>
        <file>ui/qml/Pages2/PageProtocolShadowSocksSettings.qml</file>
        <file>ui/qml/Pages2/PageProtocolWireGuardSettings.qml</file>
-        <file>ui/qml/Pages2/PageProtocolXraySettings.qml</file>
+        <file>ui/qml/Components/HomeSplitTunnelingDrawer.qml</file>
-        <file>ui/qml/Pages2/PageServiceDnsSettings.qml</file>
+        <file>images/controls/split-tunneling.svg</file>
-        <file>ui/qml/Pages2/PageServiceSftpSettings.qml</file>
+        <file>ui/qml/Controls2/DrawerType2.qml</file>
        <file>ui/qml/Pages2/PageServiceSocksProxySettings.qml</file>
        <file>ui/qml/Pages2/PageServiceTorWebsiteSettings.qml</file>
        <file>ui/qml/Pages2/PageSettings.qml</file>
        <file>ui/qml/Pages2/PageSettingsAbout.qml</file>
        <file>ui/qml/Pages2/PageSettingsApiLanguageList.qml</file>
        <file>ui/qml/Pages2/PageSettingsApiServerInfo.qml</file>
        <file>ui/qml/Pages2/PageSettingsApplication.qml</file>
        <file>ui/qml/Pages2/PageSettingsAppSplitTunneling.qml</file>
-        <file>ui/qml/Pages2/PageSettingsBackup.qml</file>
+        <file>ui/qml/Components/InstalledAppsDrawer.qml</file>
-        <file>ui/qml/Pages2/PageSettingsConnection.qml</file>
+        <file>images/controls/alert-circle.svg</file>
-        <file>ui/qml/Pages2/PageSettingsDns.qml</file>
+        <file>images/controls/file-check-2.svg</file>
-        <file>ui/qml/Pages2/PageSettingsLogging.qml</file>
+        <file>ui/qml/Controls2/WarningType.qml</file>
-        <file>ui/qml/Pages2/PageSettingsServerData.qml</file>
+        <file>fonts/pt-root-ui_vf.ttf</file>
-        <file>ui/qml/Pages2/PageSettingsServerInfo.qml</file>
+        <file>ui/qml/Modules/Style/qmldir</file>
-        <file>ui/qml/Pages2/PageSettingsServerProtocol.qml</file>
+        <file>ui/qml/Modules/Style/AmneziaStyle.qml</file>
-        <file>ui/qml/Pages2/PageSettingsServerProtocols.qml</file>
+        <file>ui/qml/Pages2/PageServiceSocksProxySettings.qml</file>
-        <file>ui/qml/Pages2/PageSettingsServerServices.qml</file>
+        <file>server_scripts/socks5_proxy/run_container.sh</file>
-        <file>ui/qml/Pages2/PageSettingsServersList.qml</file>
+        <file>server_scripts/socks5_proxy/Dockerfile</file>
-        <file>ui/qml/Pages2/PageSettingsSplitTunneling.qml</file>
+        <file>server_scripts/socks5_proxy/configure_container.sh</file>
        <file>server_scripts/socks5_proxy/start.sh</file>
        <file>ui/qml/Pages2/PageProtocolAwgClientSettings.qml</file>
        <file>ui/qml/Pages2/PageProtocolWireGuardClientSettings.qml</file>
        <file>ui/qml/Pages2/PageSetupWizardApiServiceInfo.qml</file>
        <file>ui/qml/Pages2/PageSetupWizardApiServicesList.qml</file>
-        <file>ui/qml/Pages2/PageSetupWizardConfigSource.qml</file>
+        <file>ui/qml/Pages2/PageSetupWizardApiServiceInfo.qml</file>
-        <file>ui/qml/Pages2/PageSetupWizardCredentials.qml</file>
+        <file>ui/qml/Controls2/CardWithIconsType.qml</file>
-        <file>ui/qml/Pages2/PageSetupWizardEasy.qml</file>
+        <file>images/controls/tag.svg</file>
-        <file>ui/qml/Pages2/PageSetupWizardInstalling.qml</file>
+        <file>images/controls/history.svg</file>
-        <file>ui/qml/Pages2/PageSetupWizardProtocols.qml</file>
+        <file>images/controls/gauge.svg</file>
-        <file>ui/qml/Pages2/PageSetupWizardProtocolSettings.qml</file>
+        <file>images/controls/map-pin.svg</file>
-        <file>ui/qml/Pages2/PageSetupWizardQrReader.qml</file>
+        <file>ui/qml/Controls2/LabelWithImageType.qml</file>
-        <file>ui/qml/Pages2/PageSetupWizardStart.qml</file>
+        <file>images/controls/info.svg</file>
-        <file>ui/qml/Pages2/PageSetupWizardTextKey.qml</file>
+        <file>ui/qml/Controls2/TextAreaWithFooterType.qml</file>
-        <file>ui/qml/Pages2/PageSetupWizardViewConfig.qml</file>
+        <file>images/controls/scan-line.svg</file>
-        <file>ui/qml/Pages2/PageShare.qml</file>
+        <file>images/controls/folder-search-2.svg</file>
-        <file>ui/qml/Pages2/PageShareFullAccess.qml</file>
+        <file>ui/qml/Pages2/PageSettingsApiServerInfo.qml</file>
-        <file>ui/qml/Pages2/PageStart.qml</file>
+        <file>images/controls/bug.svg</file>
        <file>ui/qml/Pages2/PageDevMenu.qml</file>
        <file>images/controls/refresh-cw.svg</file>
        <file>ui/qml/Pages2/PageSettingsApiLanguageList.qml</file>
        <file>images/controls/archive-restore.svg</file>
        <file>images/controls/help-circle.svg</file>
    </qresource>
    <qresource prefix="/countriesFlags">
        <file>images/flagKit/ZW.svg</file>
@@ -15,12 +15,6 @@
 using namespace QKeychain;
 namespace {
    constexpr const char *settingsKeyTag = "settingsKeyTag";
    constexpr const char *settingsIvTag = "settingsIvTag";
    constexpr const char *keyChainName = "AmneziaVPN-Keychain";
 }
 SecureQSettings::SecureQSettings(const QString &organization, const QString &application, QObject *parent)
    : QObject { parent }, m_settings(organization, application, parent), encryptedKeys({ "Servers/serversList" })
 {
@@ -55,7 +49,7 @@ QVariant SecureQSettings::value(const QString &key, const QVariant &defaultValue
    // check if value is not encrypted, v. < 2.0.x
    retVal = m_settings.value(key);
    if (retVal.isValid()) {
-        if (retVal.userType() == QMetaType::QByteArray && retVal.toByteArray().mid(0, magicString.size()) == magicString) {
+        if (retVal.userType() == QVariant::ByteArray && retVal.toByteArray().mid(0, magicString.size()) == magicString) {
            if (getEncKey().isEmpty() || getEncIv().isEmpty()) {
                qCritical() << "SecureQSettings::setValue Decryption requested, but key is empty";
@@ -8,6 +8,10 @@
 #include "keychain.h"
 constexpr const char *settingsKeyTag = "settingsKeyTag";
 constexpr const char *settingsIvTag = "settingsIvTag";
 constexpr const char *keyChainName = "AmneziaVPN-Keychain";
 class SecureQSettings : public QObject
 {
    Q_OBJECT
@@ -40,7 +44,7 @@ public:
 private:
    QSettings m_settings;
-    mutable QHash<QString, QVariant> m_cache;
+    mutable QMap<QString, QVariant> m_cache;
    QStringList encryptedKeys; // encode only key listed here
    // only this fields need for backup
@@ -12,7 +12,7 @@ echo $WIREGUARD_PSK > /opt/amnezia/awg/wireguard_psk.key
 cat > /opt/amnezia/awg/wg0.conf <<EOF
 [Interface]
 PrivateKey = $WIREGUARD_SERVER_PRIVATE_KEY
-Address = $AWG_SUBNET_IP/$WIREGUARD_SUBNET_CIDR
+Address = $WIREGUARD_SUBNET_IP/$WIREGUARD_SUBNET_CIDR
 ListenPort = $AWG_SERVER_PORT
 Jc = $JUNK_PACKET_COUNT
 Jmin = $JUNK_PACKET_MIN_SIZE
@@ -17,12 +17,12 @@ iptables -A FORWARD -i wg0 -j ACCEPT
 iptables -A OUTPUT -o wg0 -j ACCEPT
 # Allow forwarding traffic only from the VPN.
-iptables -A FORWARD -i wg0 -o eth0 -s $AWG_SUBNET_IP/$WIREGUARD_SUBNET_CIDR -j ACCEPT
+iptables -A FORWARD -i wg0 -o eth0 -s $WIREGUARD_SUBNET_IP/$WIREGUARD_SUBNET_CIDR -j ACCEPT
-iptables -A FORWARD -i wg0 -o eth1 -s $AWG_SUBNET_IP/$WIREGUARD_SUBNET_CIDR -j ACCEPT
+iptables -A FORWARD -i wg0 -o eth1 -s $WIREGUARD_SUBNET_IP/$WIREGUARD_SUBNET_CIDR -j ACCEPT
 iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-iptables -t nat -A POSTROUTING -s $AWG_SUBNET_IP/$WIREGUARD_SUBNET_CIDR -o eth0 -j MASQUERADE
+iptables -t nat -A POSTROUTING -s $WIREGUARD_SUBNET_IP/$WIREGUARD_SUBNET_CIDR -o eth0 -j MASQUERADE
-iptables -t nat -A POSTROUTING -s $AWG_SUBNET_IP/$WIREGUARD_SUBNET_CIDR -o eth1 -j MASQUERADE
+iptables -t nat -A POSTROUTING -s $WIREGUARD_SUBNET_IP/$WIREGUARD_SUBNET_CIDR -o eth1 -j MASQUERADE
 tail -f /dev/null
@@ -1,7 +1,7 @@
 if which apt-get > /dev/null 2>&1; then pm=$(which apt-get); silent_inst="-yq install"; check_pkgs="-yq update"; docker_pkg="docker.io"; dist="debian";\
 elif which dnf > /dev/null 2>&1; then pm=$(which dnf); silent_inst="-yq install"; check_pkgs="-yq check-update"; docker_pkg="docker"; dist="fedora";\
 elif which yum > /dev/null 2>&1; then pm=$(which yum); silent_inst="-y -q install"; check_pkgs="-y -q check-update"; docker_pkg="docker"; dist="centos";\
-elif which pacman > /dev/null 2>&1; then pm=$(which pacman); silent_inst="-S --noconfirm --noprogressbar --quiet"; check_pkgs="-Sup"; docker_pkg="docker"; dist="archlinux";\
+elif which pacman > /dev/null 2>&1; then pm=$(which pacman); silent_inst="-S --noconfirm --noprogressbar --quiet"; check_pkgs="> /dev/null 2>&1"; docker_pkg="docker"; dist="archlinux";\
 else echo "Packet manager not found"; exit 1; fi;\
 echo "Dist: $dist, Packet manager: $pm, Install command: $silent_inst, Check pkgs command: $check_pkgs, Docker pkg: $docker_pkg";\
 if [ "$dist" = "debian" ]; then export DEBIAN_FRONTEND=noninteractive; fi;\
@@ -12,9 +12,6 @@ if ! command -v docker > /dev/null 2>&1; then \
  sudo $pm $check_pkgs; sudo $pm $silent_inst $docker_pkg;\
  sleep 5; sudo systemctl enable --now docker; sleep 5;\
 fi;\
 if [ "$(cat /sys/module/apparmor/parameters/enabled 2>/dev/null)" = "Y" ]; then \
  if ! command -v apparmor_parser > /dev/null 2>&1; then sudo $pm $check_pkgs; sudo $pm $silent_inst apparmor; fi;\
 fi;\
 if [ "$(systemctl is-active docker)" != "active" ]; then \
  sudo $pm $check_pkgs; sudo $pm $silent_inst $docker_pkg;\
  sleep 5; sudo systemctl start docker; sleep 5;\
@@ -538,13 +538,3 @@ void Settings::toggleDevGatewayEnv(bool enabled)
 {
    m_isDevGatewayEnv = enabled;
 }
 bool Settings::isHomeAdLabelVisible()
 {
    return value("Conf/homeAdLabelVisible", true).toBool();
 }
 void Settings::disableHomeAdLabel()
 {
    setValue("Conf/homeAdLabelVisible", false);
 }
@@ -222,9 +222,6 @@ public:
    bool isDevGatewayEnv();
    void toggleDevGatewayEnv(bool enabled);
    bool isHomeAdLabelVisible();
    void disableHomeAdLabel();
 signals:
    void saveLogsChanged(bool enabled);
    void screenshotsEnabledChanged(bool enabled);
@@ -34,13 +34,13 @@ ConnectionController::ConnectionController(const QSharedPointer<ServersModel> &s
 void ConnectionController::openConnection()
 {
-#if !defined(Q_OS_ANDROID) && !defined(Q_OS_IOS)
+// #if !defined(Q_OS_ANDROID) && !defined(Q_OS_IOS)
-    if (!Utils::processIsRunning(Utils::executable(SERVICE_NAME, false), true))
+//     if (!Utils::processIsRunning(Utils::executable(SERVICE_NAME, false), true))
-    {
+//     {
-        emit connectionErrorOccurred(ErrorCode::AmneziaServiceNotRunning);
+//         emit connectionErrorOccurred(ErrorCode::AmneziaServiceNotRunning);
-        return;
+//         return;
-    }
+//     }
-#endif
+// #endif
    int serverIndex = m_serversModel->getDefaultServerIndex();
    QJsonObject serverConfig = m_serversModel->getServerConfig(serverIndex);
@@ -51,11 +51,8 @@ void ConnectionController::openConnection()
    if (configVersion == ApiConfigSources::Telegram
        && !m_serversModel->data(serverIndex, ServersModel::Roles::HasInstalledContainers).toBool()) {
        emit updateApiConfigFromTelegram();
        } else if (configVersion == ApiConfigSources::AmneziaGateway
        && !m_serversModel->data(serverIndex, ServersModel::Roles::HasInstalledContainers).toBool()) {
        emit updateApiConfigFromGateway();
    } else if (configVersion && m_serversModel->isApiKeyExpired(serverIndex)) {
-        qDebug() << "attempt to update api config by expires_at event";
+        qDebug() << "attempt to update api config by end_date event";
        if (configVersion == ApiConfigSources::Telegram) {
            emit updateApiConfigFromTelegram();
        } else {
@@ -121,8 +121,9 @@ ErrorCode ExportController::generateNativeConfig(const DockerContainer container
    jsonNativeConfig = QJsonDocument::fromJson(protocolConfigString.toUtf8()).object();
-    if (protocol == Proto::OpenVpn || protocol == Proto::WireGuard || protocol == Proto::Awg || protocol == Proto::Xray) {
+    if (protocol == Proto::OpenVpn || protocol == Proto::WireGuard || protocol == Proto::Awg) {
-        errorCode = m_clientManagementModel->appendClient(jsonNativeConfig, clientName, container, credentials, serverController);
+        auto clientId = jsonNativeConfig.value(config_key::clientId).toString();
        errorCode = m_clientManagementModel->appendClient(clientId, clientName, container, credentials, serverController);
    }
    return errorCode;
 }
@@ -247,10 +248,10 @@ void ExportController::generateCloakConfig()
    emit exportConfigChanged();
 }
-void ExportController::generateXrayConfig(const QString &clientName)
+void ExportController::generateXrayConfig()
 {
    QJsonObject nativeConfig;
-    ErrorCode errorCode = generateNativeConfig(DockerContainer::Xray, clientName, Proto::Xray, nativeConfig);
+    ErrorCode errorCode = generateNativeConfig(DockerContainer::Xray, "", Proto::Xray, nativeConfig);
    if (errorCode) {
        emit exportErrorOccurred(errorCode);
        return;
@@ -28,7 +28,7 @@ public slots:
    void generateAwgConfig(const QString &clientName);
    void generateShadowSocksConfig();
    void generateCloakConfig();
-    void generateXrayConfig(const QString &clientName);
+    void generateXrayConfig();
    QString getConfig();
    QString getNativeConfigString();
@@ -1,209 +0,0 @@
 #include "focusController.h"
 #include "utils/qmlUtils.h"
 #include <QQmlApplicationEngine>
 #include <QQuickWindow>
 FocusController::FocusController(QQmlApplicationEngine *engine, QObject *parent)
    : QObject { parent },
      m_engine { engine },
      m_focusChain {},
      m_focusedItem { nullptr },
      m_rootObjects {},
      m_defaultFocusItem { nullptr },
      m_lvfc { nullptr }
 {
    QObject::connect(m_engine, &QQmlApplicationEngine::objectCreated, this, [this](QObject *object, const QUrl &url) {
        QQuickItem *newDefaultFocusItem = object->findChild<QQuickItem *>("defaultFocusItem");
        if (newDefaultFocusItem && m_defaultFocusItem != newDefaultFocusItem) {
            m_defaultFocusItem = newDefaultFocusItem;
        }
    });
    QObject::connect(this, &FocusController::focusedItemChanged, this,
                     [this]() { m_focusedItem->forceActiveFocus(Qt::TabFocusReason); });
 }
 void FocusController::nextKeyTabItem()
 {
    nextItem(Direction::Forward);
 }
 void FocusController::previousKeyTabItem()
 {
    nextItem(Direction::Backward);
 }
 void FocusController::nextKeyUpItem()
 {
    nextItem(Direction::Backward);
 }
 void FocusController::nextKeyDownItem()
 {
    nextItem(Direction::Forward);
 }
 void FocusController::nextKeyLeftItem()
 {
    nextItem(Direction::Backward);
 }
 void FocusController::nextKeyRightItem()
 {
    nextItem(Direction::Forward);
 }
 void FocusController::setFocusItem(QQuickItem *item)
 {
    if (m_focusedItem != item) {
        m_focusedItem = item;
    }
    emit focusedItemChanged();
 }
 void FocusController::setFocusOnDefaultItem()
 {
    setFocusItem(m_defaultFocusItem);
 }
 void FocusController::pushRootObject(QObject *object)
 {
    m_rootObjects.push(object);
    dropListView();
    // setFocusOnDefaultItem();
 }
 void FocusController::dropRootObject(QObject *object)
 {
    if (m_rootObjects.empty()) {
        return;
    }
    if (m_rootObjects.top() == object) {
        m_rootObjects.pop();
        dropListView();
        setFocusOnDefaultItem();
    } else {
        qWarning() << "===>> TRY TO DROP WRONG ROOT OBJECT: " << m_rootObjects.top() << " SHOULD BE: " << object;
    }
 }
 void FocusController::resetRootObject()
 {
    m_rootObjects.clear();
 }
 void FocusController::reload(Direction direction)
 {
    m_focusChain.clear();
    QObject *rootObject = (m_rootObjects.empty() ? m_engine->rootObjects().value(0) : m_rootObjects.top());
    if (!rootObject) {
        qCritical() << "No ROOT OBJECT found!";
        resetRootObject();
        dropListView();
        return;
    }
    m_focusChain.append(FocusControl::getSubChain(rootObject));
    std::sort(m_focusChain.begin(), m_focusChain.end(),
              direction == Direction::Forward ? FocusControl::isLess : FocusControl::isMore);
    if (m_focusChain.empty()) {
        qWarning() << "Focus chain is empty!";
        resetRootObject();
        dropListView();
        return;
    }
 }
 void FocusController::nextItem(Direction direction)
 {
    reload(direction);
    if (m_lvfc && FocusControl::isListView(m_focusedItem)) {
        direction == Direction::Forward ? focusNextListViewItem() : focusPreviousListViewItem();
        return;
    }
    if (m_focusChain.empty()) {
        qWarning() << "There are no items to navigate";
        setFocusOnDefaultItem();
        return;
    }
    auto focusedItemIndex = m_focusChain.indexOf(m_focusedItem);
    if (focusedItemIndex == -1) {
        focusedItemIndex = 0;
    } else if (focusedItemIndex == (m_focusChain.size() - 1)) {
        focusedItemIndex = 0;
    } else {
        focusedItemIndex++;
    }
    const auto focusedItem = qobject_cast<QQuickItem *>(m_focusChain.at(focusedItemIndex));
    if (focusedItem == nullptr) {
        qWarning() << "Failed to get item to focus on. Setting focus on default";
        setFocusOnDefaultItem();
        return;
    }
    if (FocusControl::isListView(focusedItem)) {
        m_lvfc = new ListViewFocusController(focusedItem, this);
        m_focusedItem = focusedItem;
        if (direction == Direction::Forward) {
            m_lvfc->nextDelegate();
            focusNextListViewItem();
        } else {
            m_lvfc->previousDelegate();
            focusPreviousListViewItem();
        }
        return;
    }
    setFocusItem(focusedItem);
 }
 void FocusController::focusNextListViewItem()
 {
    m_lvfc->reloadFocusChain();
    if (m_lvfc->isLastFocusItemInListView() || m_lvfc->isReturnNeeded()) {
        dropListView();
        nextItem(Direction::Forward);
        return;
    } else if (m_lvfc->isLastFocusItemInDelegate()) {
        m_lvfc->resetFocusChain();
        m_lvfc->nextDelegate();
    }
    m_lvfc->focusNextItem();
 }
 void FocusController::focusPreviousListViewItem()
 {
    m_lvfc->reloadFocusChain();
    if (m_lvfc->isFirstFocusItemInListView() || m_lvfc->isReturnNeeded()) {
        dropListView();
        nextItem(Direction::Backward);
        return;
    } else if (m_lvfc->isFirstFocusItemInDelegate()) {
        m_lvfc->resetFocusChain();
        m_lvfc->previousDelegate();
    }
    m_lvfc->focusPreviousItem();
 }
 void FocusController::dropListView()
 {
    if (m_lvfc) {
        delete m_lvfc;
        m_lvfc = nullptr;
    }
 }
@@ -1,57 +0,0 @@
 #ifndef FOCUSCONTROLLER_H
 #define FOCUSCONTROLLER_H
 #include "ui/controllers/listViewFocusController.h"
 #include <QQmlApplicationEngine>
 /*!
 * \brief The FocusController class makes focus control more straightforward
 * \details Focus is handled only for visible and enabled items which have
 *          `isFocused` property from top left to bottom right.
 * \note There are items handled differently (e.g. ListView)
 */
 class FocusController : public QObject
 {
    Q_OBJECT
 public:
    explicit FocusController(QQmlApplicationEngine *engine, QObject *parent = nullptr);
    ~FocusController() override = default;
    Q_INVOKABLE void nextKeyTabItem();
    Q_INVOKABLE void previousKeyTabItem();
    Q_INVOKABLE void nextKeyUpItem();
    Q_INVOKABLE void nextKeyDownItem();
    Q_INVOKABLE void nextKeyLeftItem();
    Q_INVOKABLE void nextKeyRightItem();
    Q_INVOKABLE void setFocusItem(QQuickItem *item);
    Q_INVOKABLE void setFocusOnDefaultItem();
    Q_INVOKABLE void pushRootObject(QObject *object);
    Q_INVOKABLE void dropRootObject(QObject *object);
    Q_INVOKABLE void resetRootObject();
 private:
    enum class Direction {
        Forward,
        Backward,
    };
    void reload(Direction direction);
    void nextItem(Direction direction);
    void focusNextListViewItem();
    void focusPreviousListViewItem();
    void dropListView();
    QQmlApplicationEngine *m_engine; // Pointer to engine to get root object
    QList<QObject *> m_focusChain;   // List of current objects to be focused
    QQuickItem *m_focusedItem;       // Pointer to the active focus item
    QStack<QObject *> m_rootObjects; // Pointer to stack of roots for focus chain
    QQuickItem *m_defaultFocusItem;
    ListViewFocusController *m_lvfc; // ListView focus manager
 signals:
    void focusedItemChanged();
 };
 #endif // FOCUSCONTROLLER_H
@@ -9,7 +9,6 @@
 #include "core/errorstrings.h"
 #include "core/serialization/serialization.h"
 #include "systemController.h"
 #include "utilities.h"
 #ifdef Q_OS_ANDROID
@@ -40,12 +39,11 @@ namespace
        const QString amneziaConfigPatternUserName = "userName";
        const QString amneziaConfigPatternPassword = "password";
        const QString amneziaFreeConfigPattern = "api_key";
        const QString amneziaPremiumConfigPattern = "auth_data";
        const QString backupPattern = "Servers/serversList";
        if (config.contains(backupPattern)) {
            return ConfigTypes::Backup;
-        } else if (config.contains(amneziaConfigPattern) || config.contains(amneziaFreeConfigPattern) || config.contains(amneziaPremiumConfigPattern)
+        } else if (config.contains(amneziaConfigPattern) || config.contains(amneziaFreeConfigPattern)
                   || (config.contains(amneziaConfigPatternHostName) && config.contains(amneziaConfigPatternUserName)
                       && config.contains(amneziaConfigPatternPassword))) {
            return ConfigTypes::Amnezia;
@@ -77,18 +75,17 @@ ImportController::ImportController(const QSharedPointer<ServersModel> &serversMo
 bool ImportController::extractConfigFromFile(const QString &fileName)
 {
-    QString data;
+    QFile file(fileName);
-    if (!SystemController::readFile(fileName, data)) {
+
-        emit importErrorOccurred(ErrorCode::ImportOpenConfigError, false);
+    if (file.open(QIODevice::ReadOnly)) {
-        return false;
+        QString data = file.readAll();
        m_configFileName = QFileInfo(file.fileName()).fileName();
        return extractConfigFromData(data);
    }
-    m_configFileName = QFileInfo(QFile(fileName).fileName()).fileName();
+
-#ifdef Q_OS_ANDROID
+    emit importErrorOccurred(tr("Unable to open file"), false);
-    if (m_configFileName.isEmpty()) {
+    return false;
        m_configFileName = AndroidController::instance()->getFileName(fileName);
    }
 #endif
    return extractConfigFromData(data);
 }
 bool ImportController::extractConfigFromData(QString data)
@@ -191,12 +188,12 @@ bool ImportController::extractConfigFromData(QString data)
        if (!m_serversModel->getServersCount()) {
            emit restoreAppConfig(config.toUtf8());
        } else {
-            emit importErrorOccurred(ErrorCode::ImportInvalidConfigError, false);
+            emit importErrorOccurred(tr("Invalid configuration file"), false);
        }
        break;
    }
    case ConfigTypes::Invalid: {
-        emit importErrorOccurred(ErrorCode::ImportInvalidConfigError, false);
+        emit importErrorOccurred(tr("Invalid configuration file"), false);
        break;
    }
    }
@@ -54,6 +54,7 @@ public slots:
 signals:
    void importFinished();
    void importErrorOccurred(const QString &errorMessage, bool goToPageHome);
    void importErrorOccurred(ErrorCode errorCode, bool goToPageHome);
    void qrDecodingFinished();
@@ -32,8 +32,32 @@ namespace
        constexpr char availableCountries[] = "available_countries";
        constexpr char apiConfig[] = "api_config";
        constexpr char authData[] = "auth_data";
    }
 #ifdef Q_OS_WINDOWS
    QString getNextDriverLetter()
    {
        QProcess drivesProc;
        drivesProc.start("wmic logicaldisk get caption");
        drivesProc.waitForFinished();
        QString drives = drivesProc.readAll();
        qDebug() << drives;
        QString letters = "CFGHIJKLMNOPQRSTUVWXYZ";
        QString letter;
        for (int i = letters.size() - 1; i > 0; i--) {
            letter = letters.at(i);
            if (!drives.contains(letter + ":"))
                break;
        }
        if (letter == "C:") {
            // set err info
            qDebug() << "Can't find free drive letter";
            return "";
        }
        return letter;
    }
 #endif
 }
 InstallController::InstallController(const QSharedPointer<ServersModel> &serversModel, const QSharedPointer<ContainersModel> &containersModel,
@@ -111,10 +135,10 @@ void InstallController::install(DockerContainer container, int port, TransportPr
                containerConfig[config_key::transportPacketMagicHeader] = transportPacketMagicHeader;
            } else if (container == DockerContainer::Sftp) {
                containerConfig.insert(config_key::userName, protocols::sftp::defaultUserName);
-                containerConfig.insert(config_key::password, Utils::getRandomString(16));
+                containerConfig.insert(config_key::password, Utils::getRandomString(10));
            } else if (container == DockerContainer::Socks5Proxy) {
                containerConfig.insert(config_key::userName, protocols::socks5Proxy::defaultUserName);
-                containerConfig.insert(config_key::password, Utils::getRandomString(16));
+                containerConfig.insert(config_key::password, Utils::getRandomString(10));
            }
            config.insert(config_key::container, ContainerProps::containerToString(container));
@@ -643,7 +667,7 @@ void InstallController::mountSftpDrive(const QString &port, const QString &passw
    QString hostname = serverCredentials.hostName;
 #ifdef Q_OS_WINDOWS
-    mountPath = Utils::getNextDriverLetter() + ":";
+    mountPath = getNextDriverLetter() + ":";
    //    QString cmd = QString("net use \\\\sshfs\\%1@x.x.x.x!%2 /USER:%1 %3")
    //            .arg(labelTftpUserNameText())
    //            .arg(labelTftpPortText())
@@ -744,7 +768,7 @@ bool InstallController::checkSshConnection(QSharedPointer<ServerController> serv
    } else {
        if (output.contains(tr("Please login as the user"))) {
            output.replace("\n", "");
-            emit wrongInstallationUser(output);
+            emit installationErrorOccurred(output);
            return false;
        }
    }
@@ -802,7 +826,7 @@ bool InstallController::installServiceFromApi()
    ErrorCode errorCode = apiController.getConfigForService(m_settings->getInstallationUuid(true), m_apiServicesModel->getCountryCode(),
                                                            m_apiServicesModel->getSelectedServiceType(),
-                                                            m_apiServicesModel->getSelectedServiceProtocol(), "", QJsonObject(), serverConfig);
+                                                            m_apiServicesModel->getSelectedServiceProtocol(), "", serverConfig);
    if (errorCode != ErrorCode::NoError) {
        emit installationErrorOccurred(errorCode);
        return false;
@@ -829,25 +853,24 @@ bool InstallController::updateServiceFromApi(const int serverIndex, const QStrin
    auto serverConfig = m_serversModel->getServerConfig(serverIndex);
    auto apiConfig = serverConfig.value(configKey::apiConfig).toObject();
    auto authData = serverConfig.value(configKey::authData).toObject();
    QJsonObject newServerConfig;
-    ErrorCode errorCode = apiController.getConfigForService(
+    ErrorCode errorCode =
-            m_settings->getInstallationUuid(true), apiConfig.value(configKey::userCountryCode).toString(),
+            apiController.getConfigForService(m_settings->getInstallationUuid(true), apiConfig.value(configKey::userCountryCode).toString(),
-            apiConfig.value(configKey::serviceType).toString(), apiConfig.value(configKey::serviceProtocol).toString(), newCountryCode,
+                                              apiConfig.value(configKey::serviceType).toString(),
-            authData, newServerConfig);
+                                              apiConfig.value(configKey::serviceProtocol).toString(), newCountryCode, newServerConfig);
    if (errorCode != ErrorCode::NoError) {
        emit installationErrorOccurred(errorCode);
        return false;
    }
    QJsonObject newApiConfig = newServerConfig.value(configKey::apiConfig).toObject();
    newApiConfig.insert(configKey::serviceInfo, apiConfig.value(configKey::serviceInfo));
    newApiConfig.insert(configKey::userCountryCode, apiConfig.value(configKey::userCountryCode));
    newApiConfig.insert(configKey::serviceType, apiConfig.value(configKey::serviceType));
    newApiConfig.insert(configKey::serviceProtocol, apiConfig.value(configKey::serviceProtocol));
    newServerConfig.insert(configKey::apiConfig, newApiConfig);
    newServerConfig.insert(configKey::authData, authData);
    m_serversModel->editServer(newServerConfig, serverIndex);
    if (reloadServiceConfig) {
@@ -75,8 +75,8 @@ signals:
    void removeAllContainersFinished(const QString &finishedMessage);
    void removeProcessedContainerFinished(const QString &finishedMessage);
    void installationErrorOccurred(const QString &errorMessage);
    void installationErrorOccurred(ErrorCode errorCode);
    void wrongInstallationUser(const QString &message);
    void serverAlreadyExists(int serverIndex);
@@ -1,309 +0,0 @@
 #include "listViewFocusController.h"
 #include "utils/qmlUtils.h"
 #include <QQuickWindow>
 ListViewFocusController::ListViewFocusController(QQuickItem *listView, QObject *parent)
    : QObject { parent },
      m_listView { listView },
      m_focusChain {},
      m_currentSection { Section::Default },
      m_header { nullptr },
      m_footer { nullptr },
      m_focusedItem { nullptr },
      m_focusedItemIndex { -1 },
      m_delegateIndex { 0 },
      m_isReturnNeeded { false },
      m_currentSectionString { "Default", "Header", "Delegate", "Footer" }
 {
    QVariant headerItemProperty = m_listView->property("headerItem");
    m_header = headerItemProperty.canConvert<QQuickItem *>() ? headerItemProperty.value<QQuickItem *>() : nullptr;
    QVariant footerItemProperty = m_listView->property("footerItem");
    m_footer = footerItemProperty.canConvert<QQuickItem *>() ? footerItemProperty.value<QQuickItem *>() : nullptr;
 }
 ListViewFocusController::~ListViewFocusController()
 {
 }
 void ListViewFocusController::viewAtCurrentIndex() const
 {
    switch (m_currentSection) {
    case Section::Default: [[fallthrough]];
    case Section::Header: {
        QMetaObject::invokeMethod(m_listView, "positionViewAtBeginning");
        break;
    }
    case Section::Delegate: {
        QMetaObject::invokeMethod(m_listView, "positionViewAtIndex", Q_ARG(int, m_delegateIndex), // Index
                                  Q_ARG(int, 2)); // PositionMode (0 = Visible)
        break;
    }
    case Section::Footer: {
        QMetaObject::invokeMethod(m_listView, "positionViewAtEnd");
        break;
    }
    }
 }
 int ListViewFocusController::size() const
 {
    return m_listView->property("count").toInt();
 }
 int ListViewFocusController::currentIndex() const
 {
    return m_delegateIndex;
 }
 void ListViewFocusController::setDelegateIndex(int index)
 {
    m_delegateIndex = index;
    m_listView->setProperty("currentIndex", index);
 }
 void ListViewFocusController::nextDelegate()
 {
    switch (m_currentSection) {
    case Section::Default: {
        if (hasHeader()) {
            m_currentSection = Section::Header;
            viewAtCurrentIndex();
            break;
        }
        [[fallthrough]];
    }
    case Section::Header: {
        if (size() > 0) {
            m_currentSection = Section::Delegate;
            viewAtCurrentIndex();
            break;
        }
        [[fallthrough]];
    }
    case Section::Delegate:
        if (m_delegateIndex < (size() - 1)) {
            setDelegateIndex(m_delegateIndex + 1);
            viewAtCurrentIndex();
            break;
        } else if (hasFooter()) {
            m_currentSection = Section::Footer;
            viewAtCurrentIndex();
            break;
        }
        [[fallthrough]];
    case Section::Footer: {
        m_isReturnNeeded = true;
        m_currentSection = Section::Default;
        viewAtCurrentIndex();
        break;
    }
    default: {
        qCritical() << "Current section is invalid!";
        break;
    }
    }
 }
 void ListViewFocusController::previousDelegate()
 {
    switch (m_currentSection) {
    case Section::Default: {
        if (hasFooter()) {
            m_currentSection = Section::Footer;
            break;
        }
        [[fallthrough]];
    }
    case Section::Footer: {
        if (size() > 0) {
            m_currentSection = Section::Delegate;
            setDelegateIndex(size() - 1);
            break;
        }
        [[fallthrough]];
    }
    case Section::Delegate: {
        if (m_delegateIndex > 0) {
            setDelegateIndex(m_delegateIndex - 1);
            break;
        } else if (hasHeader()) {
            m_currentSection = Section::Header;
            break;
        }
        [[fallthrough]];
    }
    case Section::Header: {
        m_isReturnNeeded = true;
        m_currentSection = Section::Default;
        break;
    }
    default: {
        qCritical() << "Current section is invalid!";
        break;
    }
    }
 }
 void ListViewFocusController::decrementIndex()
 {
    m_delegateIndex--;
 }
 QQuickItem *ListViewFocusController::itemAtIndex(const int index) const
 {
    QQuickItem *item { nullptr };
    QMetaObject::invokeMethod(m_listView, "itemAtIndex", Q_RETURN_ARG(QQuickItem *, item), Q_ARG(int, index));
    return item;
 }
 QQuickItem *ListViewFocusController::currentDelegate() const
 {
    QQuickItem *result { nullptr };
    switch (m_currentSection) {
    case Section::Default: {
        qWarning() << "No elements...";
        break;
    }
    case Section::Header: {
        result = m_header;
        break;
    }
    case Section::Delegate: {
        result = itemAtIndex(m_delegateIndex);
        break;
    }
    case Section::Footer: {
        result = m_footer;
        break;
    }
    }
    return result;
 }
 QQuickItem *ListViewFocusController::focusedItem() const
 {
    return m_focusedItem;
 }
 void ListViewFocusController::focusNextItem()
 {
    if (m_isReturnNeeded) {
        return;
    }
    reloadFocusChain();
    if (m_focusChain.empty()) {
        qWarning() << "No elements found in the delegate. Going to next delegate...";
        nextDelegate();
        focusNextItem();
        return;
    }
    m_focusedItemIndex++;
    m_focusedItem = qobject_cast<QQuickItem *>(m_focusChain.at(m_focusedItemIndex));
    m_focusedItem->forceActiveFocus(Qt::TabFocusReason);
 }
 void ListViewFocusController::focusPreviousItem()
 {
    if (m_isReturnNeeded) {
        return;
    }
    if (m_focusChain.empty()) {
        qInfo() << "Empty focusChain with current delegate: " << currentDelegate() << "Scanning for elements...";
        reloadFocusChain();
    }
    if (m_focusChain.empty()) {
        qWarning() << "No elements found in the delegate. Going to next delegate...";
        previousDelegate();
        focusPreviousItem();
        return;
    }
    if (m_focusedItemIndex == -1) {
        m_focusedItemIndex = m_focusChain.size();
    }
    m_focusedItemIndex--;
    m_focusedItem = qobject_cast<QQuickItem *>(m_focusChain.at(m_focusedItemIndex));
    m_focusedItem->forceActiveFocus(Qt::TabFocusReason);
 }
 void ListViewFocusController::resetFocusChain()
 {
    m_focusChain.clear();
    m_focusedItem = nullptr;
    m_focusedItemIndex = -1;
 }
 void ListViewFocusController::reloadFocusChain()
 {
    m_focusChain = FocusControl::getItemsChain(currentDelegate());
 }
 bool ListViewFocusController::isFirstFocusItemInDelegate() const
 {
    return m_focusedItem && (m_focusedItem == m_focusChain.first());
 }
 bool ListViewFocusController::isLastFocusItemInDelegate() const
 {
    return m_focusedItem && (m_focusedItem == m_focusChain.last());
 }
 bool ListViewFocusController::hasHeader() const
 {
    return m_header && !FocusControl::getItemsChain(m_header).isEmpty();
 }
 bool ListViewFocusController::hasFooter() const
 {
    return m_footer && !FocusControl::getItemsChain(m_footer).isEmpty();
 }
 bool ListViewFocusController::isFirstFocusItemInListView() const
 {
    switch (m_currentSection) {
    case Section::Footer: {
        return isFirstFocusItemInDelegate() && !hasHeader() && (size() == 0);
    }
    case Section::Delegate: {
        return isFirstFocusItemInDelegate() && (m_delegateIndex == 0) && !hasHeader();
    }
    case Section::Header: {
        isFirstFocusItemInDelegate();
    }
    case Section::Default: {
        return true;
    }
    default: qWarning() << "Wrong section"; return true;
    }
 }
 bool ListViewFocusController::isLastFocusItemInListView() const
 {
    switch (m_currentSection) {
    case Section::Default: {
        return !hasHeader() && (size() == 0) && !hasFooter();
    }
    case Section::Header: {
        return isLastFocusItemInDelegate() && (size() == 0) && !hasFooter();
    }
    case Section::Delegate: {
        return isLastFocusItemInDelegate() && (m_delegateIndex == size() - 1) && !hasFooter();
    }
    case Section::Footer: {
        return isLastFocusItemInDelegate();
    }
    default: qWarning() << "Wrong section"; return true;
    }
 }
 bool ListViewFocusController::isReturnNeeded() const
 {
    return m_isReturnNeeded;
 }
--- a/Show More
+++ b/Show More