refactor OpenVpnSettings page for correct focus

refactor OpenVpnConfigModel to use QObject instead of QAbstractListModel
fix PageSetupWizardApiServicesList
2026-06-21 02:01:03 +07:00 · 2025-08-02 15:45:54 +02:00 · 2025-08-02 15:45:49 +02:00 · 2025-08-02 15:11:46 +02:00 · 2025-08-02 15:11:46 +02:00 · 2025-08-02 15:11:46 +02:00
186 changed files with 10775 additions and 8622 deletions
@@ -20,6 +20,8 @@ jobs:
      DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }}
      DEV_AGW_ENDPOINT: ${{ secrets.DEV_AGW_ENDPOINT }}
      DEV_S3_ENDPOINT: ${{ secrets.DEV_S3_ENDPOINT }}
+      FREE_V2_ENDPOINT: ${{ secrets.FREE_V2_ENDPOINT }}
+      PREM_V1_ENDPOINT: ${{ secrets.PREM_V1_ENDPOINT }}

    steps:
    - name: 'Install Qt'
@@ -90,6 +92,8 @@ jobs:
      DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }}
      DEV_AGW_ENDPOINT: ${{ secrets.DEV_AGW_ENDPOINT }}
      DEV_S3_ENDPOINT: ${{ secrets.DEV_S3_ENDPOINT }}
+      FREE_V2_ENDPOINT: ${{ secrets.FREE_V2_ENDPOINT }}
+      PREM_V1_ENDPOINT: ${{ secrets.PREM_V1_ENDPOINT }}

    steps:
    - name: 'Get sources'
@@ -156,6 +160,8 @@ jobs:
      DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }}
      DEV_AGW_ENDPOINT: ${{ secrets.DEV_AGW_ENDPOINT }}
      DEV_S3_ENDPOINT: ${{ secrets.DEV_S3_ENDPOINT }}
+      FREE_V2_ENDPOINT: ${{ secrets.FREE_V2_ENDPOINT }}
+      PREM_V1_ENDPOINT: ${{ secrets.PREM_V1_ENDPOINT }}

    steps:
    - name: 'Setup xcode'
@@ -243,18 +249,33 @@ jobs:

 # ------------------------------------------------------

-  Build-MacOS:
+  Build-MacOS-old:
    runs-on: macos-latest

    env:
      # Keep compat with MacOS 10.15 aka Catalina by Qt 6.4
      QT_VERSION: 6.4.3
-      QIF_VERSION: 4.6
+
+      MAC_TEAM_ID: ${{ secrets.MAC_TEAM_ID }}
+
+      MAC_APP_CERT_CERT: ${{ secrets.MAC_APP_CERT_CERT }}
+      MAC_SIGNER_ID: ${{ secrets.MAC_SIGNER_ID }}
+      MAC_APP_CERT_PW: ${{ secrets.MAC_APP_CERT_PW }}
+
+      MAC_INSTALLER_SIGNER_CERT: ${{ secrets.MAC_INSTALLER_SIGNER_CERT }}
+      MAC_INSTALLER_SIGNER_ID: ${{ secrets.MAC_INSTALLER_SIGNER_ID }}
+      MAC_INSTALL_CERT_PW: ${{ secrets.MAC_INSTALL_CERT_PW }}
+
+      APPLE_DEV_EMAIL: ${{ secrets.APPLE_DEV_EMAIL }}
+      APPLE_DEV_PASSWORD: ${{ secrets.APPLE_DEV_PASSWORD }}
+
      PROD_AGW_PUBLIC_KEY: ${{ secrets.PROD_AGW_PUBLIC_KEY }}
      PROD_S3_ENDPOINT: ${{ secrets.PROD_S3_ENDPOINT }}
      DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }}
      DEV_AGW_ENDPOINT: ${{ secrets.DEV_AGW_ENDPOINT }}
      DEV_S3_ENDPOINT: ${{ secrets.DEV_S3_ENDPOINT }}
+      FREE_V2_ENDPOINT: ${{ secrets.FREE_V2_ENDPOINT }}
+      PREM_V1_ENDPOINT: ${{ secrets.PREM_V1_ENDPOINT }}

    steps:
    - name: 'Setup xcode'
@@ -275,11 +296,6 @@ jobs:
        set-env: 'true'
        extra: '--external 7z --base ${{ env.QT_MIRROR }}'

-    - name: 'Install Qt Installer Framework ${{ env.QIF_VERSION }}'
-      run: |
-        mkdir -pv ${{ runner.temp }}/Qt/Tools/QtInstallerFramework
-        wget https://qt.amzsvc.com/tools/ifw/${{ env.QIF_VERSION }}.zip
-        unzip ${{ env.QIF_VERSION }}.zip -d ${{ runner.temp }}/Qt/Tools/QtInstallerFramework/

    - name: 'Get sources'
      uses: actions/checkout@v4
@@ -293,14 +309,90 @@ jobs:
    - name: 'Build project'
      run: |
        export QT_BIN_DIR="${{ runner.temp }}/Qt/${{ env.QT_VERSION }}/macos/bin"
-        export QIF_BIN_DIR="${{ runner.temp }}/Qt/Tools/QtInstallerFramework/${{ env.QIF_VERSION }}/bin"
-        bash deploy/build_macos.sh
+        bash deploy/build_macos.sh -n
+
+    - name: 'Upload installer artifact'
+      uses: actions/upload-artifact@v4
+      with:
+        name: AmneziaVPN_MacOS_old_installer
+        path: deploy/build/pkg/AmneziaVPN.pkg
+        retention-days: 7
+
+    - name: 'Upload unpacked artifact'
+      uses: actions/upload-artifact@v4
+      with:
+        name: AmneziaVPN_MacOS_old_unpacked
+        path: deploy/build/client/AmneziaVPN.app
+        retention-days: 7
+
+# ------------------------------------------------------
+
+  Build-MacOS:
+    runs-on: macos-latest
+
+    env:
+      QT_VERSION: 6.8.0
+
+      MAC_TEAM_ID: ${{ secrets.MAC_TEAM_ID }}
+
+      MAC_APP_CERT_CERT: ${{ secrets.MAC_APP_CERT_CERT }}
+      MAC_SIGNER_ID: ${{ secrets.MAC_SIGNER_ID }}
+      MAC_APP_CERT_PW: ${{ secrets.MAC_APP_CERT_PW }}
+
+      MAC_INSTALLER_SIGNER_CERT: ${{ secrets.MAC_INSTALLER_SIGNER_CERT }}
+      MAC_INSTALLER_SIGNER_ID: ${{ secrets.MAC_INSTALLER_SIGNER_ID }}
+      MAC_INSTALL_CERT_PW: ${{ secrets.MAC_INSTALL_CERT_PW }}
+
+      APPLE_DEV_EMAIL: ${{ secrets.APPLE_DEV_EMAIL }}
+      APPLE_DEV_PASSWORD: ${{ secrets.APPLE_DEV_PASSWORD }}
+
+      PROD_AGW_PUBLIC_KEY: ${{ secrets.PROD_AGW_PUBLIC_KEY }}
+      PROD_S3_ENDPOINT: ${{ secrets.PROD_S3_ENDPOINT }}
+      DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }}
+      DEV_AGW_ENDPOINT: ${{ secrets.DEV_AGW_ENDPOINT }}
+      DEV_S3_ENDPOINT: ${{ secrets.DEV_S3_ENDPOINT }}
+      FREE_V2_ENDPOINT: ${{ secrets.FREE_V2_ENDPOINT }}
+      PREM_V1_ENDPOINT: ${{ secrets.PREM_V1_ENDPOINT }}
+
+    steps:
+    - name: 'Setup xcode'
+      uses: maxim-lobanov/setup-xcode@v1
+      with:
+        xcode-version: '15.4.0'
+
+    - name: 'Install Qt'
+      uses: jurplel/install-qt-action@v3
+      with:
+        version: ${{ env.QT_VERSION }}
+        host: 'mac'
+        target: 'desktop'
+        arch: 'clang_64'
+        modules: 'qtremoteobjects qt5compat qtshadertools'
+        dir: ${{ runner.temp }}
+        setup-python: 'true'
+        set-env: 'true'
+        extra: '--external 7z --base ${{ env.QT_MIRROR }}'
+
+
+    - name: 'Get sources'
+      uses: actions/checkout@v4
+      with:
+        submodules: 'true'
+        fetch-depth: 10
+
+    - name: 'Setup ccache'
+      uses: hendrikmuhs/ccache-action@v1.2
+
+    - name: 'Build project'
+      run: |
+        export QT_BIN_DIR="${{ runner.temp }}/Qt/${{ env.QT_VERSION }}/macos/bin"
+        bash deploy/build_macos.sh -n

    - name: 'Upload installer artifact'
      uses: actions/upload-artifact@v4
      with:
        name: AmneziaVPN_MacOS_installer
-        path: AmneziaVPN.dmg
+        path: deploy/build/pkg/AmneziaVPN.pkg
        retention-days: 7

    - name: 'Upload unpacked artifact'
@@ -324,6 +416,8 @@ jobs:
      DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }}
      DEV_AGW_ENDPOINT: ${{ secrets.DEV_AGW_ENDPOINT }}
      DEV_S3_ENDPOINT: ${{ secrets.DEV_S3_ENDPOINT }}
+      FREE_V2_ENDPOINT: ${{ secrets.FREE_V2_ENDPOINT }}
+      PREM_V1_ENDPOINT: ${{ secrets.PREM_V1_ENDPOINT }}

    steps:
    - name: 'Install desktop Qt'
@@ -20,6 +20,8 @@ jobs:
      DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }}
      DEV_AGW_ENDPOINT: ${{ secrets.DEV_AGW_ENDPOINT }}
      DEV_S3_ENDPOINT: ${{ secrets.DEV_S3_ENDPOINT }}
+      FREE_V2_ENDPOINT: ${{ secrets.FREE_V2_ENDPOINT }}
+      PREM_V1_ENDPOINT: ${{ secrets.PREM_V1_ENDPOINT }}

    steps:
    - name: 'Install desktop Qt'
@@ -133,4 +133,9 @@ client/3rd/ShadowSocks/ss_ios.xcconfig
 out/

 # CMake files
-CMakeFiles/
+CMakeFiles/
+
+ios-ne-build.sh
+macos-ne-build.sh
+macos-signed-build.sh
+macos-with-sign-build.sh
@@ -7,6 +7,7 @@
 [submodule "client/3rd-prebuilt"]
 	path = client/3rd-prebuilt
 	url = https://github.com/amnezia-vpn/3rd-prebuilt
+	branch = feature/special-handshake
 [submodule "client/3rd/amneziawg-apple"]
 	path = client/3rd/amneziawg-apple
 	url = https://github.com/amnezia-vpn/amneziawg-apple
@@ -1,8 +1,9 @@
 cmake_minimum_required(VERSION 3.25.0 FATAL_ERROR)

 set(PROJECT AmneziaVPN)
+set(AMNEZIAVPN_VERSION 4.8.9.2)

-project(${PROJECT} VERSION 4.8.6.0
+project(${PROJECT} VERSION ${AMNEZIAVPN_VERSION}
        DESCRIPTION "AmneziaVPN"
        HOMEPAGE_URL "https://amnezia.org/"
 )
@@ -11,7 +12,7 @@ string(TIMESTAMP CURRENT_DATE "%Y-%m-%d")
 set(RELEASE_DATE "${CURRENT_DATE}")

 set(APP_MAJOR_VERSION ${CMAKE_PROJECT_VERSION_MAJOR}.${CMAKE_PROJECT_VERSION_MINOR}.${CMAKE_PROJECT_VERSION_PATCH})
-set(APP_ANDROID_VERSION_CODE 2083)
+set(APP_ANDROID_VERSION_CODE 2092)

 if(${CMAKE_SYSTEM_NAME} STREQUAL "Linux")
    set(MZ_PLATFORM_NAME "linux")
@@ -31,6 +31,9 @@ add_definitions(-DDEV_AGW_PUBLIC_KEY="$ENV{DEV_AGW_PUBLIC_KEY}")
 add_definitions(-DDEV_AGW_ENDPOINT="$ENV{DEV_AGW_ENDPOINT}")
 add_definitions(-DDEV_S3_ENDPOINT="$ENV{DEV_S3_ENDPOINT}")

+add_definitions(-DFREE_V2_ENDPOINT="$ENV{FREE_V2_ENDPOINT}")
+add_definitions(-DPREM_V1_ENDPOINT="$ENV{PREM_V1_ENDPOINT}")
+
 if(WIN32 OR (APPLE AND NOT IOS) OR (LINUX AND NOT ANDROID))
    set(PACKAGES ${PACKAGES} Widgets)
 endif()
@@ -10,6 +10,8 @@ import java.nio.channels.FileChannel
 import java.nio.channels.FileLock
 import java.time.LocalDateTime
 import java.time.format.DateTimeFormatter
+import java.time.ZonedDateTime
+import java.time.ZoneOffset
 import java.util.concurrent.locks.ReentrantLock
 import org.amnezia.vpn.util.Log.Priority.D
 import org.amnezia.vpn.util.Log.Priority.E
@@ -135,8 +137,8 @@ object Log {
    }

    private fun formatLogMsg(tag: String, msg: String, priority: Priority): String {
-        val date = LocalDateTime.now().format(dateTimeFormat)
-        return "$date ${Process.myPid()} ${Process.myTid()} $priority [${Thread.currentThread().name}] " +
+        val utcDate = ZonedDateTime.now(ZoneOffset.UTC).format(dateTimeFormat)
+        return "${utcDate}Z ${Process.myPid()} ${Process.myTid()} $priority [${Thread.currentThread().name}] " +
            "$tag: $msg\n"
    }

@@ -120,10 +120,21 @@ open class Wireguard : Protocol() {
        configData.optStringOrNull("Jmax")?.let { setJmax(it.toInt()) }
        configData.optStringOrNull("S1")?.let { setS1(it.toInt()) }
        configData.optStringOrNull("S2")?.let { setS2(it.toInt()) }
+        configData.optStringOrNull("S3")?.let { setS3(it.toInt()) }
+        configData.optStringOrNull("S4")?.let { setS4(it.toInt()) }
        configData.optStringOrNull("H1")?.let { setH1(it.toLong()) }
        configData.optStringOrNull("H2")?.let { setH2(it.toLong()) }
        configData.optStringOrNull("H3")?.let { setH3(it.toLong()) }
        configData.optStringOrNull("H4")?.let { setH4(it.toLong()) }
+        configData.optStringOrNull("I1")?.let { setI1(it) }
+        configData.optStringOrNull("I2")?.let { setI2(it) }
+        configData.optStringOrNull("I3")?.let { setI3(it) }
+        configData.optStringOrNull("I4")?.let { setI4(it) }
+        configData.optStringOrNull("I5")?.let { setI5(it) }
+        configData.optStringOrNull("J1")?.let { setJ1(it) }
+        configData.optStringOrNull("J2")?.let { setJ2(it) }
+        configData.optStringOrNull("J3")?.let { setJ3(it) }
+        configData.optStringOrNull("Itime")?.let { setItime(it.toInt()) }
    }

    private fun start(config: WireguardConfig, vpnBuilder: Builder, protect: (Int) -> Boolean) {
@@ -20,10 +20,21 @@ open class WireguardConfig protected constructor(
    val jmax: Int?,
    val s1: Int?,
    val s2: Int?,
+    val s3: Int?,
+    val s4: Int?,
    val h1: Long?,
    val h2: Long?,
    val h3: Long?,
-    val h4: Long?
+    val h4: Long?,
+    var i1: String?,
+    var i2: String?,
+    var i3: String?,
+    var i4: String?,
+    var i5: String?,
+    var j1: String?,
+    var j2: String?,
+    var j3: String?,
+    var itime: Int?
 ) : ProtocolConfig(protocolConfigBuilder) {

    protected constructor(builder: Builder) : this(
@@ -39,10 +50,21 @@ open class WireguardConfig protected constructor(
        builder.jmax,
        builder.s1,
        builder.s2,
+        builder.s3,
+        builder.s4,
        builder.h1,
        builder.h2,
        builder.h3,
-        builder.h4
+        builder.h4,
+        builder.i1,
+        builder.i2,
+        builder.i3,
+        builder.i4,
+        builder.i5,
+        builder.j1,
+        builder.j2,
+        builder.j3,
+        builder.itime
    )

    fun toWgUserspaceString(): String = with(StringBuilder()) {
@@ -61,10 +83,21 @@ open class WireguardConfig protected constructor(
            appendLine("jmax=$jmax")
            appendLine("s1=$s1")
            appendLine("s2=$s2")
+            s3?.let { appendLine("s3=$it") }
+            s4?.let { appendLine("s4=$it") }
            appendLine("h1=$h1")
            appendLine("h2=$h2")
            appendLine("h3=$h3")
            appendLine("h4=$h4")
+            i1?.let { appendLine("i1=$it") }
+            i2?.let { appendLine("i2=$it") }
+            i3?.let { appendLine("i3=$it") }
+            i4?.let { appendLine("i4=$it") }
+            i5?.let { appendLine("i5=$it") }
+            j1?.let { appendLine("j1=$it") }
+            j2?.let { appendLine("j2=$it") }
+            j3?.let { appendLine("j3=$it") }
+            itime?.let { appendLine("itime=$it") }
        }
    }

@@ -117,10 +150,21 @@ open class WireguardConfig protected constructor(
        internal var jmax: Int? = null
        internal var s1: Int? = null
        internal var s2: Int? = null
+        internal var s3: Int? = null
+        internal var s4: Int? = null
        internal var h1: Long? = null
        internal var h2: Long? = null
        internal var h3: Long? = null
        internal var h4: Long? = null
+        internal var i1: String? = null
+        internal var i2: String? = null
+        internal var i3: String? = null
+        internal var i4: String? = null
+        internal var i5: String? = null
+        internal var j1: String? = null
+        internal var j2: String? = null
+        internal var j3: String? = null
+        internal var itime: Int? = null

        fun setEndpoint(endpoint: InetEndpoint) = apply { this.endpoint = endpoint }

@@ -139,10 +183,21 @@ open class WireguardConfig protected constructor(
        fun setJmax(jmax: Int) = apply { this.jmax = jmax }
        fun setS1(s1: Int) = apply { this.s1 = s1 }
        fun setS2(s2: Int) = apply { this.s2 = s2 }
+        fun setS3(s3: Int) = apply { this.s3 = s3 }
+        fun setS4(s4: Int) = apply { this.s4 = s4 }
        fun setH1(h1: Long) = apply { this.h1 = h1 }
        fun setH2(h2: Long) = apply { this.h2 = h2 }
        fun setH3(h3: Long) = apply { this.h3 = h3 }
        fun setH4(h4: Long) = apply { this.h4 = h4 }
+        fun setI1(i1: String) = apply { this.i1 = i1 }
+        fun setI2(i2: String) = apply { this.i2 = i2 }
+        fun setI3(i3: String) = apply { this.i3 = i3 }
+        fun setI4(i4: String) = apply { this.i4 = i4 }
+        fun setI5(i5: String) = apply { this.i5 = i5 }
+        fun setJ1(j1: String) = apply { this.j1 = j1 }
+        fun setJ2(j2: String) = apply { this.j2 = j2 }
+        fun setJ3(j3: String) = apply { this.j3 = j3 }
+        fun setItime(itime: Int) = apply { this.itime = itime }

        override fun build(): WireguardConfig = configBuild().run { WireguardConfig(this@Builder) }
    }
@@ -76,8 +76,22 @@ set_target_properties(${PROJECT} PROPERTIES
    XCODE_LINK_BUILD_PHASE_MODE KNOWN_LOCATION
    XCODE_ATTRIBUTE_LD_RUNPATH_SEARCH_PATHS "@executable_path/Frameworks"
    XCODE_EMBED_APP_EXTENSIONS networkextension
-    XCODE_ATTRIBUTE_CODE_SIGN_STYLE Automatic
 )
+
+if(DEFINED DEPLOY)
+    set_target_properties(${PROJECT} PROPERTIES
+        XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY "Apple Distribution"
+        XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY[variant=Debug] "Apple Development"
+        XCODE_ATTRIBUTE_CODE_SIGN_STYLE Manual
+        XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER "distr ios.org.amnezia.AmneziaVPN"
+        XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER[variant=Debug] "dev ios.org.amnezia.AmneziaVPN"
+    )
+else()
+    set_target_properties(${PROJECT} PROPERTIES
+        XCODE_ATTRIBUTE_CODE_SIGN_STYLE Automatic
+    )
+endif()
+
 set_target_properties(${PROJECT} PROPERTIES
    XCODE_ATTRIBUTE_SWIFT_VERSION "5.0"
    XCODE_ATTRIBUTE_CLANG_ENABLE_MODULES "YES"
@@ -18,7 +18,11 @@ set(LIBS ${LIBS}
    ${FW_NETWORK_EXTENSION}
 )

-set_target_properties(${PROJECT} PROPERTIES MACOSX_BUNDLE TRUE)
+set_target_properties(${PROJECT} PROPERTIES 
+    MACOSX_BUNDLE TRUE
+    MACOSX_BUNDLE_SHORT_VERSION_STRING "${CMAKE_PROJECT_VERSION_MAJOR}.${CMAKE_PROJECT_VERSION_MINOR}.${CMAKE_PROJECT_VERSION_PATCH}"
+    MACOSX_BUNDLE_BUNDLE_VERSION "${CMAKE_PROJECT_VERSION_TWEAK}"
+)
 set(CMAKE_OSX_ARCHITECTURES "x86_64" CACHE INTERNAL "" FORCE)
 set(CMAKE_OSX_DEPLOYMENT_TARGET 10.15)

@@ -1,4 +1,5 @@
 #include "awg_configurator.h"
+#include "protocols/protocols_defs.h"

 #include <QJsonDocument>
 #include <QJsonObject>
@@ -39,6 +40,20 @@ QString AwgConfigurator::createConfig(const ServerCredentials &credentials, Dock
    jsonConfig[config_key::responsePacketMagicHeader] = configMap.value(config_key::responsePacketMagicHeader);
    jsonConfig[config_key::underloadPacketMagicHeader] = configMap.value(config_key::underloadPacketMagicHeader);
    jsonConfig[config_key::transportPacketMagicHeader] = configMap.value(config_key::transportPacketMagicHeader);
+
+    // jsonConfig[config_key::cookieReplyPacketJunkSize] = configMap.value(config_key::cookieReplyPacketJunkSize);
+    // jsonConfig[config_key::transportPacketJunkSize] = configMap.value(config_key::transportPacketJunkSize);
+
+    // jsonConfig[config_key::specialJunk1] = configMap.value(amnezia::config_key::specialJunk1);
+    // jsonConfig[config_key::specialJunk2] = configMap.value(amnezia::config_key::specialJunk2);
+    // jsonConfig[config_key::specialJunk3] = configMap.value(amnezia::config_key::specialJunk3);
+    // jsonConfig[config_key::specialJunk4] = configMap.value(amnezia::config_key::specialJunk4);
+    // jsonConfig[config_key::specialJunk5] = configMap.value(amnezia::config_key::specialJunk5);
+    // jsonConfig[config_key::controlledJunk1] = configMap.value(amnezia::config_key::controlledJunk1);
+    // jsonConfig[config_key::controlledJunk2] = configMap.value(amnezia::config_key::controlledJunk2);
+    // jsonConfig[config_key::controlledJunk3] = configMap.value(amnezia::config_key::controlledJunk3);
+    // jsonConfig[config_key::specialHandshakeTimeout] = configMap.value(amnezia::config_key::specialHandshakeTimeout);
+
    jsonConfig[config_key::mtu] =
            containerConfig.value(ProtocolProps::protoToString(Proto::Awg)).toObject().value(config_key::mtu).toString(protocols::awg::defaultMtu);

@@ -118,6 +118,12 @@ QString OpenVpnConfigurator::processConfigWithLocalSettings(const QPair<QString,
        QRegularExpression regex("redirect-gateway.*");
        config.replace(regex, "");
        
+        // We don't use secondary DNS if primary DNS is AmneziaDNS
+        if (dns.first.contains(protocols::dns::amneziaDnsIp)) {
+            QRegularExpression dnsRegex("dhcp-option DNS " + dns.second);
+            config.replace(dnsRegex, "");
+        }
+
        if (!m_settings->isSitesSplitTunnelingEnabled()) {
            config.append("\nredirect-gateway def1 ipv6 bypass-dhcp\n");
            config.append("block-ipv6\n");
@@ -161,6 +167,12 @@ QString OpenVpnConfigurator::processConfigWithExportSettings(const QPair<QString
    QRegularExpression regex("redirect-gateway.*");
    config.replace(regex, "");

+    // We don't use secondary DNS if primary DNS is AmneziaDNS
+    if (dns.first.contains(protocols::dns::amneziaDnsIp)) {
+        QRegularExpression dnsRegex("dhcp-option DNS " + dns.second);
+        config.replace(dnsRegex, "");
+    }
+
    config.append("\nredirect-gateway def1 ipv6 bypass-dhcp\n");

    // Prevent ipv6 leak
@@ -140,98 +140,83 @@ QMap<DockerContainer, QString> ContainerProps::containerDetailedDescriptions()
 {
    return {
        { DockerContainer::OpenVpn,
-          QObject::tr(
-                  "OpenVPN stands as one of the most popular and time-tested VPN protocols available.\n"
-                  "It employs its unique security protocol, "
-                  "leveraging the strength of SSL/TLS for encryption and key exchange. "
-                  "Furthermore, OpenVPN's support for a multitude of authentication methods makes it versatile and adaptable, "
-                  "catering to a wide range of devices and operating systems. "
-                  "Due to its open-source nature, OpenVPN benefits from extensive scrutiny by the global community, "
-                  "which continually reinforces its security. "
-                  "With a strong balance of performance, security, and compatibility, "
-                  "OpenVPN remains a top choice for privacy-conscious individuals and businesses alike.\n\n"
-                  "* Available in the AmneziaVPN across all platforms\n"
-                  "* Normal power consumption on mobile devices\n"
-                  "* Flexible customisation to suit user needs to work with different operating systems and devices\n"
-                  "* Recognised by DPI systems and therefore susceptible to blocking\n"
-                  "* Can operate over both TCP and UDP network protocols.") },
+          QObject::tr("OpenVPN is one of the most popular and reliable VPN protocols. "
+                      "It uses SSL/TLS encryption, supports a wide variety of devices and operating systems, "
+                      "and is continuously improved by the community due to its open-source nature. "
+                      "It provides a good balance between speed and security but is easily recognized by DPI systems, "
+                      "making it susceptible to blocking.\n"
+                      "\nFeatures:\n"
+                      "* Available on all AmneziaVPN platforms\n"
+                      "* Normal battery consumption on mobile devices\n"
+                      "* Flexible customization for various devices and OS\n"
+                      "* Operates over both TCP and UDP protocols") },
        { DockerContainer::ShadowSocks,
-          QObject::tr("Shadowsocks, inspired by the SOCKS5 protocol, safeguards the connection using the AEAD cipher. "
-                      "Although Shadowsocks is designed to be discreet and challenging to identify, it isn't identical to a standard HTTPS connection."
-                      "However, certain traffic analysis systems might still detect a Shadowsocks connection. "
-                      "Due to limited support in Amnezia, it's recommended to use AmneziaWG protocol.\n\n"
-                      "* Available in the AmneziaVPN only on desktop platforms\n"
-                      "* Configurable encryption protocol\n"
+          QObject::tr("Shadowsocks is based on the SOCKS5 protocol and encrypts connections using AEAD cipher. "
+                      "Although designed to be discreet, it doesn't mimic a standard HTTPS connection and can be detected by some DPI systems. "
+                      "Due to limited support in Amnezia, we recommend using the AmneziaWG protocol.\n"
+                      "\nFeatures:\n"
+                      "* Available in AmneziaVPN only on desktop platforms\n"
+                      "* Customizable encryption protocol\n"
                      "* Detectable by some DPI systems\n"
-                      "* Works over TCP network protocol.") },
+                      "* Operates over TCP protocol\n") },
        { DockerContainer::Cloak,
-          QObject::tr("This is a combination of the OpenVPN protocol and the Cloak plugin designed specifically for "
-                      "protecting against detection.\n\n"
-                      "OpenVPN provides a secure VPN connection by encrypting all internet traffic between the client "
-                      "and the server.\n\n"
-                      "Cloak protects OpenVPN from detection. \n\n"
-                      "Cloak can modify packet metadata so that it completely masks VPN traffic as normal web traffic, "
-                      "and also protects the VPN from detection by Active Probing. This makes it very resistant to "
-                      "being detected\n\n"
-                      "Immediately after receiving the first data packet, Cloak authenticates the incoming connection. "
-                      "If authentication fails, the plugin masks the server as a fake website and your VPN becomes "
-                      "invisible to analysis systems.\n\n"
-                      "* Available in the AmneziaVPN across all platforms\n"
+          QObject::tr("This combination includes the OpenVPN protocol and the Cloak plugin, specifically designed to protect against blocking.\n"
+                      "\nOpenVPN securely encrypts all internet traffic between your device and the server.\n"
+                      "\nThe Cloak plugin further protects the connection from DPI detection. "
+                      "It modifies traffic metadata to disguise VPN traffic as regular web traffic and prevents detection through active probing. "
+                      "If an incoming connection fails authentication, Cloak serves a fake website, making your VPN invisible to traffic analysis systems.\n"
+                      "\nIn regions with heavy internet censorship, we strongly recommend using OpenVPN with Cloak from your first connection.\n"
+                      "\nFeatures:\n"
+                      "* Available on all AmneziaVPN platforms\n"
                      "* High power consumption on mobile devices\n"
-                      "* Flexible settings\n"
-                      "* Not recognised by detection systems\n"
-                      "* Works over TCP network protocol, 443 port.\n") },
+                      "* Flexible configuration options\n"
+                      "* Undetectable by DPI systems\n"
+                      "* Operates over TCP protocol on port 443") },
        { DockerContainer::WireGuard,
-          QObject::tr("A relatively new popular VPN protocol with a simplified architecture.\n"
-                      "WireGuard provides stable VPN connection and high performance on all devices. It uses hard-coded encryption "
-                      "settings. WireGuard compared to OpenVPN has lower latency and better data transfer throughput.\n"
-                      "WireGuard is very susceptible to detection and blocking due to its distinct packet signatures. "
-                      "Unlike some other VPN protocols that employ obfuscation techniques, "
-                      "the consistent signature patterns of WireGuard packets can be more easily identified and "
-                      "thus blocked by advanced Deep Packet Inspection (DPI) systems and other network monitoring tools.\n\n"
-                      "* Available in the AmneziaVPN across all platforms\n"
-                      "* Low power consumption\n"
-                      "* Minimum number of settings\n"
-                      "* Easily recognised by DPI analysis systems, susceptible to blocking\n"
-                      "* Works over UDP network protocol.") },
+          QObject::tr("WireGuard is a modern, streamlined VPN protocol offering stable connectivity and excellent performance across all devices. "
+                      "It uses fixed encryption settings, delivering lower latency and higher data transfer speeds compared to OpenVPN. "
+                      "However, WireGuard is easily identifiable by DPI systems due to its distinctive packet signatures, making it susceptible to blocking.\n"
+                      "\nFeatures:\n"
+                      "* Available on all AmneziaVPN platforms\n"
+                      "* Low power consumption on mobile devices\n"
+                      "* Minimal configuration required\n"
+                      "* Easily detected by DPI systems (susceptible to blocking)\n"
+                      "* Operates over UDP protocol") },
        { DockerContainer::Awg,
-          QObject::tr("A modern iteration of the popular VPN protocol, "
-                      "AmneziaWG builds upon the foundation set by WireGuard, "
-                      "retaining its simplified architecture and high-performance capabilities across devices.\n"
-                      "While WireGuard is known for its efficiency, "
-                      "it had issues with being easily detected due to its distinct packet signatures. "
-                      "AmneziaWG solves this problem by using better obfuscation methods, "
-                      "making its traffic blend in with regular internet traffic.\n"
-                      "This means that AmneziaWG keeps the fast performance of the original "
-                      "while adding an extra layer of stealth, "
-                      "making it a great choice for those wanting a fast and discreet VPN connection.\n\n"
-                      "* Available in the AmneziaVPN across all platforms\n"
-                      "* Low power consumption\n"
-                      "* Minimum number of settings\n"
-                      "* Not recognised by traffic analysis systems\n"
-                      "* Works over UDP network protocol.") },
+          QObject::tr("AmneziaWG is a modern VPN protocol based on WireGuard, "
+                      "combining simplified architecture with high performance across all devices. "
+                      "It addresses WireGuard's main vulnerability (easy detection by DPI systems) through advanced obfuscation techniques, "
+                      "making VPN traffic indistinguishable from regular internet traffic.\n"
+                      "\nAmneziaWG is an excellent choice for those seeking a fast, stealthy VPN connection.\n"
+                      "\nFeatures:\n"
+                      "* Available on all AmneziaVPN platforms\n"
+                      "* Low battery consumption on mobile devices\n"
+                      "* Minimal settings required\n"
+                      "* Undetectable by traffic analysis systems (DPI)\n"
+                      "* Operates over UDP protocol") },
        { DockerContainer::Xray,
-                QObject::tr("The REALITY protocol, a pioneering development by the creators of XRay, "
-                            "is designed to provide the highest level of protection against detection through its innovative approach to security and privacy.\n"
-                            "It uniquely identifies attackers during the TLS handshake phase, seamlessly operating as a proxy for legitimate clients while diverting attackers to genuine websites, "
-                            "thus presenting an authentic TLS certificate and data. \n"
-                            "This advanced capability differentiates REALITY from similar technologies by its ability to disguise web traffic as coming from random, "
-                            "legitimate sites without the need for specific configurations. \n"
-                            "Unlike older protocols such as VMess, VLESS, and the XTLS-Vision transport, "
-                            "REALITY's innovative \"friend or foe\" recognition at the TLS handshake enhances security. "
-                            "This makes REALITY a robust solution for maintaining internet freedom.")
-        },
+          QObject::tr("REALITY is an innovative protocol developed by the creators of XRay, designed specifically to combat high levels of internet censorship. "
+                      "REALITY identifies censorship systems during the TLS handshake, "
+                      "redirecting suspicious traffic seamlessly to legitimate websites like google.com while providing genuine TLS certificates. "
+                      "This allows VPN traffic to blend indistinguishably with regular web traffic without special configuration."
+                      "\nUnlike older protocols such as VMess, VLESS, and XTLS-Vision, REALITY incorporates an advanced built-in \"friend-or-foe\" detection mechanism, "
+                      "effectively protecting against DPI and other traffic analysis methods.\n"
+                      "\nFeatures:\n"
+                      "* Resistant to active probing and DPI detection\n"
+                      "* No special configuration required to disguise traffic\n"
+                      "* Highly effective in heavily censored regions\n"
+                      "* Minimal battery consumption on devices\n"
+                      "* Operates over TCP protocol") },
        { DockerContainer::Ipsec,
-          QObject::tr("IKEv2, paired with the IPSec encryption layer, stands as a modern and stable VPN protocol.\n"
-                      "One of its distinguishing features is its ability to swiftly switch between networks and devices, "
-                      "making it particularly adaptive in dynamic network environments. \n"
-                      "While it offers a blend of security, stability, and speed, "
-                      "it's essential to note that IKEv2 can be easily detected and is susceptible to blocking.\n\n"
-                      "* Available in the AmneziaVPN only on Windows\n"
-                      "* Low power consumption, on mobile devices\n"
-                      "* Minimal configuration\n"
-                      "* Recognised by DPI analysis systems\n"
-                      "* Works over UDP network protocol, ports 500 and 4500.") },
+          QObject::tr("IKEv2, combined with IPSec encryption, is a modern and reliable VPN protocol. "
+                      "It reconnects quickly when switching networks or devices, making it ideal for dynamic network environments. "
+                      "While it provides good security and speed, it's easily recognized by DPI systems and susceptible to blocking.\n"
+                      "\nFeatures:\n"
+                      "* Available in AmneziaVPN only on Windows\n"
+                      "* Low battery consumption on mobile devices\n"
+                      "* Minimal configuration required\n"
+                      "* Detectable by DPI analysis systems(easily blocked)\n"
+                      "* Operates over UDP protocol(ports 500 and 4500)") },

        { DockerContainer::TorWebSite, QObject::tr("Website in Tor network") },
        { DockerContainer::Dns, QObject::tr("DNS Service") },
@@ -22,12 +22,21 @@ namespace apiDefs
    namespace key
    {
        constexpr QLatin1String configVersion("config_version");
+        constexpr QLatin1String apiEndpoint("api_endpoint");
+        constexpr QLatin1String apiKey("api_key");
+        constexpr QLatin1String description("description");
+        constexpr QLatin1String name("name");
+        constexpr QLatin1String protocol("protocol");

        constexpr QLatin1String apiConfig("api_config");
        constexpr QLatin1String stackType("stack_type");
        constexpr QLatin1String serviceType("service_type");
+        constexpr QLatin1String cliVersion("cli_version");
+        constexpr QLatin1String supportedProtocols("supported_protocols");

        constexpr QLatin1String vpnKey("vpn_key");
+        constexpr QLatin1String config("config");
+        constexpr QLatin1String configs("configs");

        constexpr QLatin1String installationUuid("installation_uuid");
        constexpr QLatin1String workerLastUpdated("worker_last_updated");
@@ -51,6 +60,10 @@ namespace apiDefs
        constexpr QLatin1String website("website");
        constexpr QLatin1String websiteName("website_name");
        constexpr QLatin1String telegram("telegram");
+
+        constexpr QLatin1String id("id");
+        constexpr QLatin1String orderId("order_id");
+        constexpr QLatin1String migrationCode("migration_code");
    }

    const int requestTimeoutMsecs = 12 * 1000; // 12 secs
@@ -3,6 +3,24 @@
 #include <QDateTime>
 #include <QJsonObject>

+namespace
+{
+    const QByteArray AMNEZIA_CONFIG_SIGNATURE = QByteArray::fromHex("000000ff");
+
+    QString escapeUnicode(const QString &input)
+    {
+        QString output;
+        for (QChar c : input) {
+            if (c.unicode() < 0x20 || c.unicode() > 0x7E) {
+                output += QString("\\u%1").arg(QString::number(c.unicode(), 16).rightJustified(4, '0'));
+            } else {
+                output += c;
+            }
+        }
+        return output;
+    }
+}
+
 bool apiUtils::isSubscriptionExpired(const QString &subscriptionEndDate)
 {
    QDateTime now = QDateTime::currentDateTime();
@@ -23,13 +41,21 @@ bool apiUtils::isServerFromApi(const QJsonObject &serverConfigObject)
 apiDefs::ConfigType apiUtils::getConfigType(const QJsonObject &serverConfigObject)
 {
    auto configVersion = serverConfigObject.value(apiDefs::key::configVersion).toInt();
+
    switch (configVersion) {
    case apiDefs::ConfigSource::Telegram: {
+        constexpr QLatin1String freeV2Endpoint(FREE_V2_ENDPOINT);
+        constexpr QLatin1String premiumV1Endpoint(PREM_V1_ENDPOINT);
+
+        auto apiEndpoint = serverConfigObject.value(apiDefs::key::apiEndpoint).toString();
+
+        if (apiEndpoint.contains(premiumV1Endpoint)) {
+            return apiDefs::ConfigType::AmneziaPremiumV1;
+        } else if (apiEndpoint.contains(freeV2Endpoint)) {
+            return apiDefs::ConfigType::AmneziaFreeV2;
+        }
    };
    case apiDefs::ConfigSource::AmneziaGateway: {
-        constexpr QLatin1String stackPremium("prem");
-        constexpr QLatin1String stackFree("free");
-
        constexpr QLatin1String servicePremium("amnezia-premium");
        constexpr QLatin1String serviceFree("amnezia-free");
        constexpr QLatin1String serviceExternalPremium("external-premium");
@@ -70,6 +96,9 @@ amnezia::ErrorCode apiUtils::checkNetworkReplyErrors(const QList<QSslError> &ssl
               || reply->error() == QNetworkReply::NetworkError::TimeoutError) {
        qDebug() << reply->error();
        return amnezia::ErrorCode::ApiConfigTimeoutError;
+    } else if (reply->error() == QNetworkReply::NetworkError::OperationNotImplementedError) {
+        qDebug() << reply->error();
+        return amnezia::ErrorCode::ApiUpdateRequestError;
    } else {
        QString err = reply->errorString();
        int httpStatusCode = reply->attribute(QNetworkRequest::HttpStatusCodeAttribute).toInt();
@@ -95,3 +124,41 @@ bool apiUtils::isPremiumServer(const QJsonObject &serverConfigObject)
                                                            apiDefs::ConfigType::ExternalPremium };
    return premiumTypes.contains(getConfigType(serverConfigObject));
 }
+
+QString apiUtils::getPremiumV1VpnKey(const QJsonObject &serverConfigObject)
+{
+    if (apiUtils::getConfigType(serverConfigObject) != apiDefs::ConfigType::AmneziaPremiumV1) {
+        return {};
+    }
+
+    QList<QPair<QString, QVariant>> orderedFields;
+    orderedFields.append(qMakePair(apiDefs::key::name, serverConfigObject[apiDefs::key::name].toString()));
+    orderedFields.append(qMakePair(apiDefs::key::description, serverConfigObject[apiDefs::key::description].toString()));
+    orderedFields.append(qMakePair(apiDefs::key::configVersion, serverConfigObject[apiDefs::key::configVersion].toDouble()));
+    orderedFields.append(qMakePair(apiDefs::key::protocol, serverConfigObject[apiDefs::key::protocol].toString()));
+    orderedFields.append(qMakePair(apiDefs::key::apiEndpoint, serverConfigObject[apiDefs::key::apiEndpoint].toString()));
+    orderedFields.append(qMakePair(apiDefs::key::apiKey, serverConfigObject[apiDefs::key::apiKey].toString()));
+
+    QString vpnKeyStr = "{";
+    for (int i = 0; i < orderedFields.size(); ++i) {
+        const auto &pair = orderedFields[i];
+        if (pair.second.typeId() == QMetaType::Type::QString) {
+            vpnKeyStr += "\"" + pair.first + "\": \"" + pair.second.toString() + "\"";
+        } else if (pair.second.typeId() == QMetaType::Type::Double || pair.second.typeId() == QMetaType::Type::Int) {
+            vpnKeyStr += "\"" + pair.first + "\": " + QString::number(pair.second.toDouble(), 'f', 1);
+        }
+
+        if (i < orderedFields.size() - 1) {
+            vpnKeyStr += ", ";
+        }
+    }
+    vpnKeyStr += "}";
+
+    QByteArray vpnKeyCompressed = escapeUnicode(vpnKeyStr).toUtf8();
+    vpnKeyCompressed = qCompress(vpnKeyCompressed, 6);
+    vpnKeyCompressed = vpnKeyCompressed.mid(4);
+
+    QByteArray signedData = AMNEZIA_CONFIG_SIGNATURE + vpnKeyCompressed;
+
+    return QString("vpn://%1").arg(QString(signedData.toBase64(QByteArray::Base64UrlEncoding)));
+}
@@ -19,6 +19,8 @@ namespace apiUtils
    apiDefs::ConfigSource getConfigSource(const QJsonObject &serverConfigObject);

    amnezia::ErrorCode checkNetworkReplyErrors(const QList<QSslError> &sslErrors, QNetworkReply *reply);
+
+    QString getPremiumV1VpnKey(const QJsonObject &serverConfigObject);
 }

 #endif // APIUTILS_H
@@ -120,6 +120,9 @@ void CoreController::initControllers()
    connect(m_installController.get(), &InstallController::currentContainerUpdated, m_connectionController.get(),
            &ConnectionController::onCurrentContainerUpdated); // TODO remove this

+    connect(m_installController.get(), &InstallController::profileCleared,
+            m_protocolsModel.get(), &ProtocolsModel::updateModel);
+
    m_importController.reset(new ImportController(m_serversModel, m_containersModel, m_settings));
    m_engine->rootContext()->setContextProperty("ImportController", m_importController.get());

@@ -148,6 +151,9 @@ void CoreController::initControllers()

    m_apiConfigsController.reset(new ApiConfigsController(m_serversModel, m_apiServicesModel, m_settings));
    m_engine->rootContext()->setContextProperty("ApiConfigsController", m_apiConfigsController.get());
+
+    m_apiPremV1MigrationController.reset(new ApiPremV1MigrationController(m_serversModel, m_settings, this));
+    m_engine->rootContext()->setContextProperty("ApiPremV1MigrationController", m_apiPremV1MigrationController.get());
 }

 void CoreController::initAndroidController()
@@ -220,6 +226,8 @@ void CoreController::initSignalHandlers()
    initAutoConnectHandler();
    initAmneziaDnsToggledHandler();
    initPrepareConfigHandler();
+    initImportPremiumV2VpnKeyHandler();
+    initShowMigrationDrawerHandler();
    initStrictKillSwitchHandler();
 }

@@ -238,6 +246,9 @@ void CoreController::initNotificationHandler()
            &ConnectionController::closeConnection);
    connect(this, &CoreController::translationsUpdated, m_notificationHandler.get(), &NotificationHandler::onTranslationsUpdated);
 #endif
+
+    auto* trayHandler = qobject_cast<SystemTrayNotificationHandler*>(m_notificationHandler.get());
+    connect(this, &CoreController::websiteUrlChanged, trayHandler, &SystemTrayNotificationHandler::updateWebsiteUrl);
 }

 void CoreController::updateTranslator(const QLocale &locale)
@@ -274,6 +285,7 @@ void CoreController::updateTranslator(const QLocale &locale)
    m_engine->retranslate();

    emit translationsUpdated();
+    emit websiteUrlChanged(m_languageModel->getCurrentSiteUrl());
 }

 void CoreController::initErrorMessagesHandler()
@@ -294,13 +306,10 @@ void CoreController::setQmlRoot()

 void CoreController::initApiCountryModelUpdateHandler()
 {
-    // TODO
    connect(m_serversModel.get(), &ServersModel::updateApiCountryModel, this, [this]() {
        m_apiCountryModel->updateModel(m_serversModel->getProcessedServerData("apiAvailableCountries").toJsonArray(),
                                       m_serversModel->getProcessedServerData("apiServerCountryCode").toString());
    });
-    connect(m_serversModel.get(), &ServersModel::updateApiServicesModel, this,
-            [this]() { m_apiServicesModel->updateModel(m_serversModel->getProcessedServerData("apiConfig").toJsonObject()); });
 }

 void CoreController::initContainerModelUpdateHandler()
@@ -363,10 +372,29 @@ void CoreController::initPrepareConfigHandler()
    });
 }

+void CoreController::initImportPremiumV2VpnKeyHandler()
+{
+    connect(m_apiPremV1MigrationController.get(), &ApiPremV1MigrationController::importPremiumV2VpnKey, this, [this](const QString &vpnKey) {
+        m_importController->extractConfigFromData(vpnKey);
+        m_importController->importConfig();
+
+        emit m_apiPremV1MigrationController->migrationFinished();
+    });
+}
+
+void CoreController::initShowMigrationDrawerHandler()
+{
+    QTimer::singleShot(1000, this, [this]() {
+        if (m_apiPremV1MigrationController->isPremV1MigrationReminderActive() && m_apiPremV1MigrationController->hasConfigsToMigration()) {
+            m_apiPremV1MigrationController->showMigrationDrawer();
+        }
+    });
+}
+
 void CoreController::initStrictKillSwitchHandler()
 {
-    connect(m_settingsController.get(), &SettingsController::strictKillSwitchEnabledChanged, 
-            m_vpnConnection.get(), &VpnConnection::onKillSwitchModeChanged);
+    connect(m_settingsController.get(), &SettingsController::strictKillSwitchEnabledChanged, m_vpnConnection.get(),
+            &VpnConnection::onKillSwitchModeChanged);
 }

 QSharedPointer<PageController> CoreController::pageController() const
@@ -5,8 +5,11 @@
 #include <QQmlContext>
 #include <QThread>

+#include "ui/systemtray_notificationhandler.h"
+
 #include "ui/controllers/api/apiConfigsController.h"
 #include "ui/controllers/api/apiSettingsController.h"
+#include "ui/controllers/api/apiPremV1MigrationController.h"
 #include "ui/controllers/appSplitTunnelingController.h"
 #include "ui/controllers/allowedDnsController.h"
 #include "ui/controllers/connectionController.h"
@@ -60,6 +63,7 @@ public:

 signals:
    void translationsUpdated();
+    void websiteUrlChanged(const QString &newUrl);

 private:
    void initModels();
@@ -82,6 +86,8 @@ private:
    void initAutoConnectHandler();
    void initAmneziaDnsToggledHandler();
    void initPrepareConfigHandler();
+    void initImportPremiumV2VpnKeyHandler();
+    void initShowMigrationDrawerHandler();
    void initStrictKillSwitchHandler();

    QQmlApplicationEngine *m_engine {}; // TODO use parent child system here?
@@ -109,6 +115,7 @@ private:

    QScopedPointer<ApiSettingsController> m_apiSettingsController;
    QScopedPointer<ApiConfigsController> m_apiConfigsController;
+    QScopedPointer<ApiPremV1MigrationController> m_apiPremV1MigrationController;

    QSharedPointer<ContainersModel> m_containersModel;
    QSharedPointer<ContainersModel> m_defaultServerContainersModel;
@@ -14,8 +14,8 @@

 #include "amnezia_application.h"
 #include "core/api/apiUtils.h"
-#include "utilities.h"
 #include "core/networkUtilities.h"
+#include "utilities.h"

 #ifdef AMNEZIA_DESKTOP
    #include "core/ipcclient.h"
@@ -36,10 +36,17 @@ namespace
    constexpr QLatin1String errorResponsePattern1("No active configuration found for");
    constexpr QLatin1String errorResponsePattern2("No non-revoked public key found for");
    constexpr QLatin1String errorResponsePattern3("Account not found.");
+
+    constexpr QLatin1String updateRequestResponsePattern("client version update is required");
 }

-GatewayController::GatewayController(const QString &gatewayEndpoint, bool isDevEnvironment, int requestTimeoutMsecs, QObject *parent)
-    : QObject(parent), m_gatewayEndpoint(gatewayEndpoint), m_isDevEnvironment(isDevEnvironment), m_requestTimeoutMsecs(requestTimeoutMsecs)
+GatewayController::GatewayController(const QString &gatewayEndpoint, const bool isDevEnvironment, const int requestTimeoutMsecs,
+                                     const bool isStrictKillSwitchEnabled, QObject *parent)
+    : QObject(parent),
+      m_gatewayEndpoint(gatewayEndpoint),
+      m_isDevEnvironment(isDevEnvironment),
+      m_requestTimeoutMsecs(requestTimeoutMsecs),
+      m_isStrictKillSwitchEnabled(isStrictKillSwitchEnabled)
 {
 }

@@ -58,11 +65,11 @@ ErrorCode GatewayController::get(const QString &endpoint, QByteArray &responseBo

    // bypass killSwitch exceptions for API-gateway
 #ifdef AMNEZIA_DESKTOP
-    {
+    if (m_isStrictKillSwitchEnabled) {
        QString host = QUrl(request.url()).host();
        QString ip = NetworkUtilities::getIPAddress(host);
        if (!ip.isEmpty()) {
-            IpcClient::Interface()->addKillSwitchAllowedRange(QStringList{ip});
+            IpcClient::Interface()->addKillSwitchAllowedRange(QStringList { ip });
        }
    }
 #endif
@@ -120,11 +127,11 @@ ErrorCode GatewayController::post(const QString &endpoint, const QJsonObject api

    // bypass killSwitch exceptions for API-gateway
 #ifdef AMNEZIA_DESKTOP
-    {
+    if (m_isStrictKillSwitchEnabled) {
        QString host = QUrl(request.url()).host();
        QString ip = NetworkUtilities::getIPAddress(host);
        if (!ip.isEmpty()) {
-            IpcClient::Interface()->addKillSwitchAllowedRange(QStringList{ip});
+            IpcClient::Interface()->addKillSwitchAllowedRange(QStringList { ip });
        }
    }
 #endif
@@ -306,6 +313,13 @@ bool GatewayController::shouldBypassProxy(QNetworkReply *reply, const QByteArray
            qDebug() << reply->error();
            return true;
        }
+    } else if (reply->error() == QNetworkReply::NetworkError::OperationNotImplementedError) {
+        if (responseBody.contains(updateRequestResponsePattern)) {
+            return false;
+        } else {
+            qDebug() << reply->error();
+            return true;
+        }
    } else if (reply->error() != QNetworkReply::NetworkError::NoError) {
        qDebug() << reply->error();
        return true;
@@ -15,7 +15,8 @@ class GatewayController : public QObject
    Q_OBJECT

 public:
-    explicit GatewayController(const QString &gatewayEndpoint, bool isDevEnvironment, int requestTimeoutMsecs, QObject *parent = nullptr);
+    explicit GatewayController(const QString &gatewayEndpoint, const bool isDevEnvironment, const int requestTimeoutMsecs,
+                               const bool isStrictKillSwitchEnabled, QObject *parent = nullptr);

    amnezia::ErrorCode get(const QString &endpoint, QByteArray &responseBody);
    amnezia::ErrorCode post(const QString &endpoint, const QJsonObject apiPayload, QByteArray &responseBody);
@@ -30,6 +31,7 @@ private:
    int m_requestTimeoutMsecs;
    QString m_gatewayEndpoint;
    bool m_isDevEnvironment = false;
+    bool m_isStrictKillSwitchEnabled = false;
 };

 #endif // GATEWAYCONTROLLER_H
@@ -138,7 +138,7 @@ ErrorCode ServerController::uploadTextFileToContainer(DockerContainer container,

    if (overwriteMode == libssh::ScpOverwriteMode::ScpOverwriteExisting) {
        e = runScript(credentials,
-                      replaceVars(QString("sudo docker cp %1 $CONTAINER_NAME:/%2").arg(tmpFileName).arg(path),
+                      replaceVars(QStringLiteral("sudo docker cp %1 $CONTAINER_NAME:/%2").arg(tmpFileName, path),
                                  genVarsForScript(credentials, container)),
                      cbReadStd, cbReadStd);

@@ -146,7 +146,7 @@ ErrorCode ServerController::uploadTextFileToContainer(DockerContainer container,
            return e;
    } else if (overwriteMode == libssh::ScpOverwriteMode::ScpAppendToExisting) {
        e = runScript(credentials,
-                      replaceVars(QString("sudo docker cp %1 $CONTAINER_NAME:/%2").arg(tmpFileName).arg(tmpFileName),
+                      replaceVars(QStringLiteral("sudo docker cp %1 $CONTAINER_NAME:/%2").arg(tmpFileName, tmpFileName),
                                  genVarsForScript(credentials, container)),
                      cbReadStd, cbReadStd);

@@ -154,7 +154,7 @@ ErrorCode ServerController::uploadTextFileToContainer(DockerContainer container,
            return e;

        e = runScript(credentials,
-                      replaceVars(QString("sudo docker exec -i $CONTAINER_NAME sh -c \"cat %1 >> %2\"").arg(tmpFileName).arg(path),
+                      replaceVars(QStringLiteral("sudo docker exec -i $CONTAINER_NAME sh -c \"cat %1 >> %2\"").arg(tmpFileName, path),
                                  genVarsForScript(credentials, container)),
                      cbReadStd, cbReadStd);

@@ -177,7 +177,7 @@ QByteArray ServerController::getTextFileFromContainer(DockerContainer container,

    errorCode = ErrorCode::NoError;

-    QString script = QString("sudo docker exec -i %1 sh -c \"xxd -p \'%2\'\"").arg(ContainerProps::containerToString(container)).arg(path);
+    QString script = QStringLiteral("sudo docker exec -i %1 sh -c \"xxd -p '%2'\"").arg(ContainerProps::containerToString(container), path);

    QString stdOut;
    auto cbReadStdOut = [&](const QString &data, libssh::Client &) {
@@ -349,7 +349,7 @@ bool ServerController::isReinstallContainerRequired(DockerContainer container, c
        if ((oldProtoConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress)
             != newProtoConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress))
            || (oldProtoConfig.value(config_key::port).toString(protocols::awg::defaultPort)
-             != newProtoConfig.value(config_key::port).toString(protocols::awg::defaultPort))
+                != newProtoConfig.value(config_key::port).toString(protocols::awg::defaultPort))
            || (oldProtoConfig.value(config_key::junkPacketCount).toString(protocols::awg::defaultJunkPacketCount)
                != newProtoConfig.value(config_key::junkPacketCount).toString(protocols::awg::defaultJunkPacketCount))
            || (oldProtoConfig.value(config_key::junkPacketMinSize).toString(protocols::awg::defaultJunkPacketMinSize)
@@ -366,8 +366,13 @@ bool ServerController::isReinstallContainerRequired(DockerContainer container, c
                != newProtoConfig.value(config_key::responsePacketMagicHeader).toString(protocols::awg::defaultResponsePacketMagicHeader))
            || (oldProtoConfig.value(config_key::underloadPacketMagicHeader).toString(protocols::awg::defaultUnderloadPacketMagicHeader)
                != newProtoConfig.value(config_key::underloadPacketMagicHeader).toString(protocols::awg::defaultUnderloadPacketMagicHeader))
-            || (oldProtoConfig.value(config_key::transportPacketMagicHeader).toString(protocols::awg::defaultTransportPacketMagicHeader)
-                != newProtoConfig.value(config_key::transportPacketMagicHeader).toString(protocols::awg::defaultTransportPacketMagicHeader)))
+            || (oldProtoConfig.value(config_key::transportPacketMagicHeader).toString(protocols::awg::defaultTransportPacketMagicHeader))
+                    != newProtoConfig.value(config_key::transportPacketMagicHeader).toString(protocols::awg::defaultTransportPacketMagicHeader))
+            // || (oldProtoConfig.value(config_key::cookieReplyPacketJunkSize).toString(protocols::awg::defaultCookieReplyPacketJunkSize)
+            //     != newProtoConfig.value(config_key::cookieReplyPacketJunkSize).toString(protocols::awg::defaultCookieReplyPacketJunkSize))
+            // || (oldProtoConfig.value(config_key::transportPacketJunkSize).toString(protocols::awg::defaultTransportPacketJunkSize)
+            //     != newProtoConfig.value(config_key::transportPacketJunkSize).toString(protocols::awg::defaultTransportPacketJunkSize))
+
            return true;
    }

@@ -375,7 +380,7 @@ bool ServerController::isReinstallContainerRequired(DockerContainer container, c
        if ((oldProtoConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress)
             != newProtoConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress))
            || (oldProtoConfig.value(config_key::port).toString(protocols::wireguard::defaultPort)
-            != newProtoConfig.value(config_key::port).toString(protocols::wireguard::defaultPort)))
+                != newProtoConfig.value(config_key::port).toString(protocols::wireguard::defaultPort)))
            return true;
    }

@@ -383,6 +388,13 @@ bool ServerController::isReinstallContainerRequired(DockerContainer container, c
        return true;
    }

+    if (container == DockerContainer::Xray) {
+        if (oldProtoConfig.value(config_key::port).toString(protocols::xray::defaultPort)
+            != newProtoConfig.value(config_key::port).toString(protocols::xray::defaultPort)) {
+            return true;
+        }
+    }
+
    return false;
 }

@@ -448,11 +460,13 @@ ErrorCode ServerController::buildContainerWorker(const ServerCredentials &creden
            runScript(credentials,
                      replaceVars(amnezia::scriptData(SharedScriptType::build_container), genVarsForScript(credentials, container, config)),
                      cbReadStdOut, cbReadStdErr);
-    
+
    if (stdOut.contains("doesn't work on cgroups v2"))
        return ErrorCode::ServerDockerOnCgroupsV2;
    if (stdOut.contains("cgroup mountpoint does not exist"))
        return ErrorCode::ServerCgroupMountpoint;
+    if (stdOut.contains("have reached") && stdOut.contains("pull rate limit"))
+        return ErrorCode::DockerPullRateLimit;

    return error;
 }
@@ -632,6 +646,9 @@ ServerController::Vars ServerController::genVarsForScript(const ServerCredential
    vars.append({ { "$UNDERLOAD_PACKET_MAGIC_HEADER", amneziaWireguarConfig.value(config_key::underloadPacketMagicHeader).toString() } });
    vars.append({ { "$TRANSPORT_PACKET_MAGIC_HEADER", amneziaWireguarConfig.value(config_key::transportPacketMagicHeader).toString() } });

+    vars.append({ { "$COOKIE_REPLY_PACKET_JUNK_SIZE", amneziaWireguarConfig.value(config_key::cookieReplyPacketJunkSize).toString() } });
+    vars.append({ { "$TRANSPORT_PACKET_JUNK_SIZE", amneziaWireguarConfig.value(config_key::transportPacketJunkSize).toString() } });
+
    // Socks5 proxy vars
    vars.append({ { "$SOCKS5_PROXY_PORT", socks5ProxyConfig.value(config_key::port).toString(protocols::socks5Proxy::defaultPort) } });
    auto username = socks5ProxyConfig.value(config_key::userName).toString();
@@ -818,7 +835,7 @@ ErrorCode ServerController::isServerDpkgBusy(const ServerCredentials &credential

            if (stdOut.contains("Packet manager not found"))
                return ErrorCode::ServerPacketManagerError;
-            if (stdOut.contains("fuser not installed"))
+            if (stdOut.contains("fuser not installed") || stdOut.contains("cat not installed"))
                return ErrorCode::NoError;

            if (stdOut.isEmpty()) {
@@ -60,6 +60,7 @@ namespace amnezia
        ServerUserPasswordRequired = 210,
        ServerDockerOnCgroupsV2 = 211,
        ServerCgroupMountpoint = 212,
+        DockerPullRateLimit = 213,

        // Ssh connection errors
        SshRequestDeniedError = 300,
@@ -117,6 +118,8 @@ namespace amnezia
        ApiServicesMissingError = 1107,
        ApiConfigLimitError = 1108,
        ApiNotFoundError = 1109,
+        ApiMigrationError = 1110,
+        ApiUpdateRequestError = 1111,

        // QFile errors
        OpenError = 1200,
@@ -28,6 +28,7 @@ QString errorString(ErrorCode code) {
    case(ErrorCode::ServerUserPasswordRequired): errorMessage = QObject::tr("The user's password is required"); break;
    case(ErrorCode::ServerDockerOnCgroupsV2): errorMessage = QObject::tr("Docker error: runc doesn't work on cgroups v2"); break;
    case(ErrorCode::ServerCgroupMountpoint): errorMessage = QObject::tr("Server error: cgroup mountpoint does not exist"); break;
+    case(ErrorCode::DockerPullRateLimit): errorMessage = QObject::tr("Docker error: The pull rate limit has been reached"); break;

    // Libssh errors
    case(ErrorCode::SshRequestDeniedError): errorMessage = QObject::tr("SSH request was denied"); break;
@@ -74,6 +75,8 @@ QString errorString(ErrorCode code) {
    case (ErrorCode::ApiServicesMissingError): errorMessage = QObject::tr("Missing list of available services"); break;
    case (ErrorCode::ApiConfigLimitError): errorMessage = QObject::tr("The limit of allowed configurations per subscription has been exceeded"); break;
    case (ErrorCode::ApiNotFoundError): errorMessage = QObject::tr("Error when retrieving configuration from API"); break;
+    case (ErrorCode::ApiMigrationError): errorMessage = QObject::tr("A migration error has occurred. Please contact our technical support"); break;
+    case (ErrorCode::ApiUpdateRequestError): errorMessage = QObject::tr("Please update the application to use this feature"); break;

    // QFile errors
    case(ErrorCode::OpenError): errorMessage = QObject::tr("QFile error: The file could not be opened"); break;
@@ -149,8 +149,7 @@ bool Daemon::activate(const InterfaceConfig& config) {
  // set routing
  for (const IPAddress& ip : config.m_allowedIPAddressRanges) {
    if (!wgutils()->updateRoutePrefix(ip)) {
-      logger.debug() << "Routing configuration failed for"
-                     << logger.sensitive(ip.toString());
+      logger.debug() << "Routing configuration failed for" << ip.toString();
      return false;
    }
  }
@@ -170,11 +169,14 @@ bool Daemon::maybeUpdateResolvers(const InterfaceConfig& config) {
  if ((config.m_hopType == InterfaceConfig::MultiHopExit) ||
      (config.m_hopType == InterfaceConfig::SingleHop)) {
    QList<QHostAddress> resolvers;
-    resolvers.append(QHostAddress(config.m_dnsServer));
+    resolvers.append(QHostAddress(config.m_primaryDnsServer));
+    if (!config.m_secondaryDnsServer.isEmpty()) {
+        resolvers.append(QHostAddress(config.m_secondaryDnsServer));
+    }

    // If the DNS is not the Gateway, it's a user defined DNS
    // thus, not add any other :)
-    if (config.m_dnsServer == config.m_serverIpv4Gateway) {
+    if (config.m_primaryDnsServer == config.m_serverIpv4Gateway) {
      resolvers.append(QHostAddress(config.m_serverIpv6Gateway));
    }

@@ -280,15 +282,26 @@ bool Daemon::parseConfig(const QJsonObject& obj, InterfaceConfig& config) {
  config.m_serverIpv4Gateway = obj.value("serverIpv4Gateway").toString();
  config.m_serverIpv6Gateway = obj.value("serverIpv6Gateway").toString();

-  if (!obj.contains("dnsServer")) {
-    config.m_dnsServer = QString();
+  if (!obj.contains("primaryDnsServer")) {
+    config.m_primaryDnsServer = QString();
  } else {
-    QJsonValue value = obj.value("dnsServer");
+    QJsonValue value = obj.value("primaryDnsServer");
    if (!value.isString()) {
      logger.error() << "dnsServer is not a string";
      return false;
    }
-    config.m_dnsServer = value.toString();
+    config.m_primaryDnsServer = value.toString();
+  }
+
+  if (!obj.contains("secondaryDnsServer")) {
+    config.m_secondaryDnsServer = QString();
+  } else {
+    QJsonValue value = obj.value("secondaryDnsServer");
+    if (!value.isString()) {
+      logger.error() << "dnsServer is not a string";
+      return false;
+    }
+    config.m_secondaryDnsServer = value.toString();
  }

  if (!obj.contains("hopType")) {
@@ -392,6 +405,13 @@ bool Daemon::parseConfig(const QJsonObject& obj, InterfaceConfig& config) {
  if (!obj.value("S2").isNull()) {
    config.m_responsePacketJunkSize = obj.value("S2").toString();
  }
+  if (!obj.value("S3").isNull()) {
+    config.m_cookieReplyPacketJunkSize = obj.value("S3").toString();
+  }
+  if (!obj.value("S4").isNull()) {
+    config.m_transportPacketJunkSize = obj.value("S4").toString();
+  }
+
  if (!obj.value("H1").isNull()) {
    config.m_initPacketMagicHeader = obj.value("H1").toString();
  }
@@ -405,6 +425,34 @@ bool Daemon::parseConfig(const QJsonObject& obj, InterfaceConfig& config) {
    config.m_transportPacketMagicHeader = obj.value("H4").toString();
  }

+  if (!obj.value("I1").isNull()) {
+    config.m_specialJunk["I1"] = obj.value("I1").toString();
+  }
+  if (!obj.value("I2").isNull()) {
+    config.m_specialJunk["I2"] = obj.value("I2").toString();
+  }
+  if (!obj.value("I3").isNull()) {
+    config.m_specialJunk["I3"] = obj.value("I3").toString();
+  }
+  if (!obj.value("I4").isNull()) {
+    config.m_specialJunk["I4"] = obj.value("I4").toString();
+  }
+  if (!obj.value("I5").isNull()) {
+    config.m_specialJunk["I5"] = obj.value("I5").toString();
+  }
+  if (!obj.value("J1").isNull()) {
+    config.m_controlledJunk["J1"] = obj.value("J1").toString();
+  }
+  if (!obj.value("J2").isNull()) {
+    config.m_controlledJunk["J2"] = obj.value("J2").toString();
+  }
+  if (!obj.value("J3").isNull()) {
+    config.m_controlledJunk["J3"] = obj.value("J3").toString();
+  }
+  if (!obj.value("Itime").isNull()) {
+    config.m_specialHandshakeTimeout = obj.value("Itime").toString();
+  }
+
  return true;
 }

@@ -447,7 +495,7 @@ bool Daemon::deactivate(bool emitSignals) {

  m_connections.clear();
  // Delete the interface
-  return wgutils()->deleteInterface();  
+  return wgutils()->deleteInterface();
 }

 QString Daemon::logs() {
@@ -28,7 +28,8 @@ QJsonObject InterfaceConfig::toJson() const {
      (m_hopType == InterfaceConfig::SingleHop)) {
    json.insert("serverIpv4Gateway", QJsonValue(m_serverIpv4Gateway));
    json.insert("serverIpv6Gateway", QJsonValue(m_serverIpv6Gateway));
-    json.insert("dnsServer", QJsonValue(m_dnsServer));
+    json.insert("primaryDnsServer", QJsonValue(m_primaryDnsServer));
+    json.insert("secondaryDnsServer", QJsonValue(m_secondaryDnsServer));
  }

  QJsonArray allowedIPAddesses;
@@ -100,11 +101,15 @@ QString InterfaceConfig::toWgConf(const QMap<QString, QString>& extra) const {
    out << "MTU = " << m_deviceMTU << "\n";
  }

-  if (!m_dnsServer.isNull()) {
-    QStringList dnsServers(m_dnsServer);
+  if (!m_primaryDnsServer.isNull()) {
+    QStringList dnsServers;
+    dnsServers.append(m_primaryDnsServer);
+    if (!m_secondaryDnsServer.isNull()) {
+        dnsServers.append(m_secondaryDnsServer);
+    }
    // If the DNS is not the Gateway, it's a user defined DNS
    // thus, not add any other :)
-    if (m_dnsServer == m_serverIpv4Gateway) {
+    if (m_primaryDnsServer == m_serverIpv4Gateway) {
      dnsServers.append(m_serverIpv6Gateway);
    }
    out << "DNS = " << dnsServers.join(", ") << "\n";
@@ -125,6 +130,12 @@ QString InterfaceConfig::toWgConf(const QMap<QString, QString>& extra) const {
  if (!m_responsePacketJunkSize.isNull()) {
    out << "S2 = " << m_responsePacketJunkSize << "\n";
  }
+  if (!m_cookieReplyPacketJunkSize.isNull()) {
+    out << "S3 = " << m_cookieReplyPacketJunkSize << "\n";
+  }
+  if (!m_transportPacketJunkSize.isNull()) {
+    out << "S4 = " << m_transportPacketJunkSize << "\n";
+  }
  if (!m_initPacketMagicHeader.isNull()) {
    out << "H1 = " << m_initPacketMagicHeader << "\n";
  }
@@ -138,6 +149,16 @@ QString InterfaceConfig::toWgConf(const QMap<QString, QString>& extra) const {
    out << "H4 = " << m_transportPacketMagicHeader << "\n";
  }

+  for (const QString& key : m_specialJunk.keys()) {
+    out << key << " = " << m_specialJunk[key] << "\n";
+  }
+  for (const QString& key : m_controlledJunk.keys()) {
+    out << key << " = " << m_controlledJunk[key] << "\n";
+  }
+  if (!m_specialHandshakeTimeout.isNull()) {
+    out << "Itime = " << m_specialHandshakeTimeout << "\n";
+  }
+
  // If any extra config was provided, append it now.
  for (const QString& key : extra.keys()) {
    out << key << " = " << extra[key] << "\n";
@@ -32,7 +32,8 @@ class InterfaceConfig {
  QString m_serverIpv4AddrIn;
  QString m_serverPskKey;
  QString m_serverIpv6AddrIn;
-  QString m_dnsServer;
+  QString m_primaryDnsServer;
+  QString m_secondaryDnsServer;
  int m_serverPort = 0;
  int m_deviceMTU = 1420;
  QList<IPAddress> m_allowedIPAddressRanges;
@@ -49,10 +50,15 @@ class InterfaceConfig {
  QString m_junkPacketMaxSize;
  QString m_initPacketJunkSize;
  QString m_responsePacketJunkSize;
+  QString m_cookieReplyPacketJunkSize;
+  QString m_transportPacketJunkSize;
  QString m_initPacketMagicHeader;
  QString m_responsePacketMagicHeader;
  QString m_underloadPacketMagicHeader;
  QString m_transportPacketMagicHeader;
+  QMap<QString, QString> m_specialJunk;
+  QMap<QString, QString> m_controlledJunk;
+  QString m_specialHandshakeTimeout;

  QJsonObject toJson() const;
  QString toWgConf(
@@ -26,10 +26,22 @@ set_target_properties(networkextension PROPERTIES
    XCODE_ATTRIBUTE_TARGETED_DEVICE_FAMILY "1,2"

    XCODE_ATTRIBUTE_LD_RUNPATH_SEARCH_PATHS "@executable_path/../../Frameworks"
-
-    XCODE_ATTRIBUTE_CODE_SIGN_STYLE Automatic
 )

+if(DEPLOY)
+    set_target_properties(networkextension PROPERTIES
+        XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY "Apple Distribution"
+        XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY[variant=Debug] "Apple Development"
+        XCODE_ATTRIBUTE_CODE_SIGN_STYLE Manual
+        XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER "distr ios.org.amnezia.AmneziaVPN"
+        XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER[variant=Debug] "dev ios.org.amnezia.AmneziaVPN"
+    )
+else()
+    set_target_properties(networkextension PROPERTIES
+        XCODE_ATTRIBUTE_CODE_SIGN_STYLE Automatic
+    )
+endif()
+
 set_target_properties(networkextension PROPERTIES
    XCODE_ATTRIBUTE_SWIFT_VERSION "5.0"
    XCODE_ATTRIBUTE_CLANG_ENABLE_MODULES "YES"
@@ -1,50 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-<plist version="1.0">
-<dict>
-	<key>CFBundleDevelopmentRegion</key>
-	<string>$(DEVELOPMENT_LANGUAGE)</string>
-
-	<key>CFBundleAllowMixedLocalizations</key>
-	<true/>
-
-	<key>CFBundleExecutable</key>
-	<string>${EXECUTABLE_NAME}</string>
-
-	<key>CFBundleIdentifier</key>
-	<string>$(PRODUCT_BUNDLE_IDENTIFIER)</string>
-
-	<key>CFBundleInfoDictionaryVersion</key>
-	<string>6.0</string>
-
-	<key>CFBundleName</key>
-	<string>$(PRODUCT_NAME)</string>
-
-	<key>CFBundlePackageType</key>
-	<string>$(PRODUCT_BUNDLE_PACKAGE_TYPE)</string>
-
-	<key>CFBundleShortVersionString</key>
-	<string>$(MARKETING_VERSION)</string>
-
-	<key>CFBundleVersion</key>
-	<string>$(CURRENT_PROJECT_VERSION)</string>
-
-	<key>ITSAppUsesNonExemptEncryption</key>
-	<false/>
-
-	<key>LSApplicationCategoryType</key>
-	<string>public.app-category.utilities</string>
-
-	<key>LSMinimumSystemVersion</key>
-	<string>${MACOSX_DEPLOYMENT_TARGET}</string>
-
-	<key>LSMultipleInstancesProhibited</key>
-	<true/>
-
-	<key>NSPrincipalClass</key>
-	<string>NSApplication</string>
-
-	<key>NSSupportsAutomaticGraphicsSwitching</key>
-	<true/>
-</dict>
-</plist>
@@ -38,7 +38,7 @@ LocalSocketController::LocalSocketController() {
  m_socket = new QLocalSocket(this);
  connect(m_socket, &QLocalSocket::connected, this,
          &LocalSocketController::daemonConnected);
-  connect(m_socket, &QLocalSocket::disconnected, this, 
+  connect(m_socket, &QLocalSocket::disconnected, this,
          [&] { errorOccurred(QLocalSocket::PeerClosedError); });
  connect(m_socket, &QLocalSocket::errorOccurred, this,
          &LocalSocketController::errorOccurred);
@@ -135,7 +135,7 @@ void LocalSocketController::activate(const QJsonObject &rawConfig) {

  // set up IPv6 unique-local-address, ULA, with "fd00::/8" prefix, not globally routable.
  // this will be default IPv6 gateway, OS recognizes that IPv6 link is local and switches to IPv4.
-  // Otherwise some OSes (Linux) try IPv6 forever and hang. 
+  // Otherwise some OSes (Linux) try IPv6 forever and hang.
  // https://en.wikipedia.org/wiki/Unique_local_address (RFC 4193)
  // https://man7.org/linux/man-pages/man5/gai.conf.5.html
  json.insert("deviceIpv6Address", "fd58:baa6:dead::1"); // simply "dead::1" is globally-routable, don't use it
@@ -149,7 +149,14 @@ void LocalSocketController::activate(const QJsonObject &rawConfig) {
  json.insert("serverPort", wgConfig.value(amnezia::config_key::port).toInt());
  json.insert("serverIpv4Gateway", wgConfig.value(amnezia::config_key::hostName));
  //  json.insert("serverIpv6Gateway", QJsonValue(hop.m_server.ipv6Gateway()));
-  json.insert("dnsServer", rawConfig.value(amnezia::config_key::dns1));
+
+  json.insert("primaryDnsServer", rawConfig.value(amnezia::config_key::dns1));
+
+  // We don't use secondary DNS if primary DNS is AmneziaDNS
+  if (!rawConfig.value(amnezia::config_key::dns1).toString().
+    contains(amnezia::protocols::dns::amneziaDnsIp)) {
+    json.insert("secondaryDnsServer", rawConfig.value(amnezia::config_key::dns2));
+  }

  QJsonArray jsAllowedIPAddesses;

@@ -237,28 +244,61 @@ void LocalSocketController::activate(const QJsonObject &rawConfig) {
    json.insert(amnezia::config_key::junkPacketMaxSize, wgConfig.value(amnezia::config_key::junkPacketMaxSize));
    json.insert(amnezia::config_key::initPacketJunkSize, wgConfig.value(amnezia::config_key::initPacketJunkSize));
    json.insert(amnezia::config_key::responsePacketJunkSize, wgConfig.value(amnezia::config_key::responsePacketJunkSize));
+    json.insert(amnezia::config_key::cookieReplyPacketJunkSize, wgConfig.value(amnezia::config_key::cookieReplyPacketJunkSize));
+    json.insert(amnezia::config_key::transportPacketJunkSize, wgConfig.value(amnezia::config_key::transportPacketJunkSize));
    json.insert(amnezia::config_key::initPacketMagicHeader, wgConfig.value(amnezia::config_key::initPacketMagicHeader));
    json.insert(amnezia::config_key::responsePacketMagicHeader, wgConfig.value(amnezia::config_key::responsePacketMagicHeader));
    json.insert(amnezia::config_key::underloadPacketMagicHeader, wgConfig.value(amnezia::config_key::underloadPacketMagicHeader));
    json.insert(amnezia::config_key::transportPacketMagicHeader, wgConfig.value(amnezia::config_key::transportPacketMagicHeader));
+    json.insert(amnezia::config_key::specialJunk1, wgConfig.value(amnezia::config_key::specialJunk1));
+    json.insert(amnezia::config_key::specialJunk2, wgConfig.value(amnezia::config_key::specialJunk2));
+    json.insert(amnezia::config_key::specialJunk3, wgConfig.value(amnezia::config_key::specialJunk3));
+    json.insert(amnezia::config_key::specialJunk4, wgConfig.value(amnezia::config_key::specialJunk4));
+    json.insert(amnezia::config_key::specialJunk5, wgConfig.value(amnezia::config_key::specialJunk5));
+    json.insert(amnezia::config_key::controlledJunk1, wgConfig.value(amnezia::config_key::controlledJunk1));
+    json.insert(amnezia::config_key::controlledJunk2, wgConfig.value(amnezia::config_key::controlledJunk2));
+    json.insert(amnezia::config_key::controlledJunk3, wgConfig.value(amnezia::config_key::controlledJunk3));
+    json.insert(amnezia::config_key::specialHandshakeTimeout, wgConfig.value(amnezia::config_key::specialHandshakeTimeout));
  } else if (!wgConfig.value(amnezia::config_key::junkPacketCount).isUndefined()
             && !wgConfig.value(amnezia::config_key::junkPacketMinSize).isUndefined()
             && !wgConfig.value(amnezia::config_key::junkPacketMaxSize).isUndefined()
             && !wgConfig.value(amnezia::config_key::initPacketJunkSize).isUndefined()
             && !wgConfig.value(amnezia::config_key::responsePacketJunkSize).isUndefined()
+             && !wgConfig.value(amnezia::config_key::cookieReplyPacketJunkSize).isUndefined()
+             && !wgConfig.value(amnezia::config_key::transportPacketJunkSize).isUndefined()
             && !wgConfig.value(amnezia::config_key::initPacketMagicHeader).isUndefined()
             && !wgConfig.value(amnezia::config_key::responsePacketMagicHeader).isUndefined()
             && !wgConfig.value(amnezia::config_key::underloadPacketMagicHeader).isUndefined()
-             && !wgConfig.value(amnezia::config_key::transportPacketMagicHeader).isUndefined()) {
+             && !wgConfig.value(amnezia::config_key::transportPacketMagicHeader).isUndefined()
+             && !wgConfig.value(amnezia::config_key::specialJunk1).isUndefined()
+             && !wgConfig.value(amnezia::config_key::specialJunk2).isUndefined()
+             && !wgConfig.value(amnezia::config_key::specialJunk3).isUndefined()
+             && !wgConfig.value(amnezia::config_key::specialJunk4).isUndefined()
+             && !wgConfig.value(amnezia::config_key::specialJunk5).isUndefined()
+             && !wgConfig.value(amnezia::config_key::controlledJunk1).isUndefined()
+             && !wgConfig.value(amnezia::config_key::controlledJunk2).isUndefined()
+             && !wgConfig.value(amnezia::config_key::controlledJunk3).isUndefined()
+             && !wgConfig.value(amnezia::config_key::specialHandshakeTimeout).isUndefined()) {
    json.insert(amnezia::config_key::junkPacketCount, wgConfig.value(amnezia::config_key::junkPacketCount));
    json.insert(amnezia::config_key::junkPacketMinSize, wgConfig.value(amnezia::config_key::junkPacketMinSize));
    json.insert(amnezia::config_key::junkPacketMaxSize, wgConfig.value(amnezia::config_key::junkPacketMaxSize));
    json.insert(amnezia::config_key::initPacketJunkSize, wgConfig.value(amnezia::config_key::initPacketJunkSize));
    json.insert(amnezia::config_key::responsePacketJunkSize, wgConfig.value(amnezia::config_key::responsePacketJunkSize));
+    json.insert(amnezia::config_key::cookieReplyPacketJunkSize, wgConfig.value(amnezia::config_key::cookieReplyPacketJunkSize));
+    json.insert(amnezia::config_key::transportPacketJunkSize, wgConfig.value(amnezia::config_key::transportPacketJunkSize));
    json.insert(amnezia::config_key::initPacketMagicHeader, wgConfig.value(amnezia::config_key::initPacketMagicHeader));
    json.insert(amnezia::config_key::responsePacketMagicHeader, wgConfig.value(amnezia::config_key::responsePacketMagicHeader));
    json.insert(amnezia::config_key::underloadPacketMagicHeader, wgConfig.value(amnezia::config_key::underloadPacketMagicHeader));
    json.insert(amnezia::config_key::transportPacketMagicHeader, wgConfig.value(amnezia::config_key::transportPacketMagicHeader));
+    json.insert(amnezia::config_key::specialJunk1, wgConfig.value(amnezia::config_key::specialJunk1));
+    json.insert(amnezia::config_key::specialJunk2, wgConfig.value(amnezia::config_key::specialJunk2));
+    json.insert(amnezia::config_key::specialJunk3, wgConfig.value(amnezia::config_key::specialJunk3));
+    json.insert(amnezia::config_key::specialJunk4, wgConfig.value(amnezia::config_key::specialJunk4));
+    json.insert(amnezia::config_key::specialJunk5, wgConfig.value(amnezia::config_key::specialJunk5));
+    json.insert(amnezia::config_key::controlledJunk1, wgConfig.value(amnezia::config_key::controlledJunk1));
+    json.insert(amnezia::config_key::controlledJunk2, wgConfig.value(amnezia::config_key::controlledJunk2));
+    json.insert(amnezia::config_key::controlledJunk3, wgConfig.value(amnezia::config_key::controlledJunk3));
+    json.insert(amnezia::config_key::specialHandshakeTimeout, wgConfig.value(amnezia::config_key::specialHandshakeTimeout));
  }

  write(json);
@@ -4,7 +4,10 @@ struct WGConfig: Decodable {
  let initPacketMagicHeader, responsePacketMagicHeader: String?
  let underloadPacketMagicHeader, transportPacketMagicHeader: String?
  let junkPacketCount, junkPacketMinSize, junkPacketMaxSize: String?
-  let initPacketJunkSize, responsePacketJunkSize: String?
+  let initPacketJunkSize, responsePacketJunkSize, cookieReplyPacketJunkSize, transportPacketJunkSize: String?
+  let specialJunk1, specialJunk2, specialJunk3, specialJunk4, specialJunk5: String?
+  let controlledJunk1, controlledJunk2, controlledJunk3: String?
+  let specialHandshakeTimeout: String?
  let dns1: String
  let dns2: String
  let mtu: String
@@ -23,7 +26,10 @@ struct WGConfig: Decodable {
    case initPacketMagicHeader = "H1", responsePacketMagicHeader = "H2"
    case underloadPacketMagicHeader = "H3", transportPacketMagicHeader = "H4"
    case junkPacketCount = "Jc", junkPacketMinSize = "Jmin", junkPacketMaxSize = "Jmax"
-    case initPacketJunkSize = "S1", responsePacketJunkSize = "S2"
+    case initPacketJunkSize = "S1", responsePacketJunkSize = "S2", cookieReplyPacketJunkSize = "S3", transportPacketJunkSize = "S4"
+    case specialJunk1 = "I1", specialJunk2 = "I2", specialJunk3 = "I3", specialJunk4 = "I4", specialJunk5 = "I5"
+    case controlledJunk1 = "J1", controlledJunk2 = "J2", controlledJunk3 = "J3"
+    case specialHandshakeTimeout = "Itime"
    case dns1
    case dns2
    case mtu
@@ -40,19 +46,59 @@ struct WGConfig: Decodable {
  }

  var settings: String {
-    junkPacketCount == nil ? "" :
-    """
-    Jc = \(junkPacketCount!)
-    Jmin = \(junkPacketMinSize!)
-    Jmax = \(junkPacketMaxSize!)
-    S1 = \(initPacketJunkSize!)
-    S2 = \(responsePacketJunkSize!)
-    H1 = \(initPacketMagicHeader!)
-    H2 = \(responsePacketMagicHeader!)
-    H3 = \(underloadPacketMagicHeader!)
-    H4 = \(transportPacketMagicHeader!)
+    guard junkPacketCount != nil else { return "" }
+    
+    var settingsLines: [String] = []
+    
+    // Required parameters when junkPacketCount is present
+    settingsLines.append("Jc = \(junkPacketCount!)")
+    settingsLines.append("Jmin = \(junkPacketMinSize!)")
+    settingsLines.append("Jmax = \(junkPacketMaxSize!)")
+    settingsLines.append("S1 = \(initPacketJunkSize!)")
+    settingsLines.append("S2 = \(responsePacketJunkSize!)")
+    
+    settingsLines.append("H1 = \(initPacketMagicHeader!)")
+    settingsLines.append("H2 = \(responsePacketMagicHeader!)")
+    settingsLines.append("H3 = \(underloadPacketMagicHeader!)")
+    settingsLines.append("H4 = \(transportPacketMagicHeader!)")

-    """
+    // Optional parameters - only add if not nil and not empty
+    if let s3 = cookieReplyPacketJunkSize, !s3.isEmpty {
+      settingsLines.append("S3 = \(s3)")
+    }
+    if let s4 = transportPacketJunkSize, !s4.isEmpty {
+      settingsLines.append("S4 = \(s4)")
+    }
+    
+    if let i1 = specialJunk1, !i1.isEmpty {
+      settingsLines.append("I1 = \(i1)")
+    }
+    if let i2 = specialJunk2, !i2.isEmpty {
+      settingsLines.append("I2 = \(i2)")
+    }
+    if let i3 = specialJunk3, !i3.isEmpty {
+      settingsLines.append("I3 = \(i3)")
+    }
+    if let i4 = specialJunk4, !i4.isEmpty {
+      settingsLines.append("I4 = \(i4)")
+    }
+    if let i5 = specialJunk5, !i5.isEmpty {
+      settingsLines.append("I5 = \(i5)")
+    }
+    if let j1 = controlledJunk1, !j1.isEmpty {
+      settingsLines.append("J1 = \(j1)")
+    }
+    if let j2 = controlledJunk2, !j2.isEmpty {
+      settingsLines.append("J2 = \(j2)")
+    }
+    if let j3 = controlledJunk3, !j3.isEmpty {
+      settingsLines.append("J3 = \(j3)")
+    }
+    if let itime = specialHandshakeTimeout, !itime.isEmpty {
+      settingsLines.append("Itime = \(itime)")
+    }
+    
+    return settingsLines.joined(separator: "\n")
  }

  var str: String {
@@ -507,6 +507,8 @@ bool IosController::setupWireGuard()

        wgConfig.insert(config_key::initPacketJunkSize, config[config_key::initPacketJunkSize]);
        wgConfig.insert(config_key::responsePacketJunkSize, config[config_key::responsePacketJunkSize]);
+        wgConfig.insert(config_key::cookieReplyPacketJunkSize, config[config_key::cookieReplyPacketJunkSize]);
+        wgConfig.insert(config_key::transportPacketJunkSize, config[config_key::transportPacketJunkSize]);

        wgConfig.insert(config_key::junkPacketCount, config[config_key::junkPacketCount]);
        wgConfig.insert(config_key::junkPacketMinSize, config[config_key::junkPacketMinSize]);
@@ -605,11 +607,23 @@ bool IosController::setupAwg()

    wgConfig.insert(config_key::initPacketJunkSize, config[config_key::initPacketJunkSize]);
    wgConfig.insert(config_key::responsePacketJunkSize, config[config_key::responsePacketJunkSize]);
+    wgConfig.insert(config_key::cookieReplyPacketJunkSize, config[config_key::cookieReplyPacketJunkSize]);
+    wgConfig.insert(config_key::transportPacketJunkSize, config[config_key::transportPacketJunkSize]);

    wgConfig.insert(config_key::junkPacketCount, config[config_key::junkPacketCount]);
    wgConfig.insert(config_key::junkPacketMinSize, config[config_key::junkPacketMinSize]);
    wgConfig.insert(config_key::junkPacketMaxSize, config[config_key::junkPacketMaxSize]);

+    wgConfig.insert(config_key::specialJunk1, config[config_key::specialJunk1]);
+    wgConfig.insert(config_key::specialJunk2, config[config_key::specialJunk2]);
+    wgConfig.insert(config_key::specialJunk3, config[config_key::specialJunk3]);
+    wgConfig.insert(config_key::specialJunk4, config[config_key::specialJunk4]);
+    wgConfig.insert(config_key::specialJunk5, config[config_key::specialJunk5]);
+    wgConfig.insert(config_key::controlledJunk1, config[config_key::controlledJunk1]);
+    wgConfig.insert(config_key::controlledJunk2, config[config_key::controlledJunk2]);
+    wgConfig.insert(config_key::controlledJunk3, config[config_key::controlledJunk3]);
+    wgConfig.insert(config_key::specialHandshakeTimeout, config[config_key::specialHandshakeTimeout]);
+
    QJsonDocument wgConfigDoc(wgConfig);
    QString wgConfigDocStr(wgConfigDoc.toJson(QJsonDocument::Compact));

@@ -794,9 +808,9 @@ bool IosController::shareText(const QStringList& filesToSend) {
    if (!qtController) return;

    UIActivityViewController *activityController = [[UIActivityViewController alloc] initWithActivityItems:sharingItems applicationActivities:nil];
-    
+
    __block bool isAccepted = false;
-    
+
    [activityController setCompletionWithItemsHandler:^(NSString *activityType, BOOL completed, NSArray *returnedItems, NSError *activityError) {
        isAccepted = completed;
        emit finished();
@@ -808,11 +822,11 @@ bool IosController::shareText(const QStringList& filesToSend) {
        popController.sourceView = qtController.view;
        popController.sourceRect = CGRectMake(100, 100, 100, 100);
    }
-    
+
    QEventLoop wait;
    QObject::connect(this, &IosController::finished, &wait, &QEventLoop::quit);
    wait.exec();
-    
+
    return isAccepted;
 }

@@ -826,7 +840,7 @@ QString IosController::openFile() {
    if (!qtController) return;

    [qtController presentViewController:documentPicker animated:YES completion:nil];
-    
+
    __block QString filePath;

    documentPickerDelegate.documentPickerClosedCallback = ^(NSString *path) {
@@ -841,7 +855,7 @@ QString IosController::openFile() {
    QEventLoop wait;
    QObject::connect(this, &IosController::finished, &wait, &QEventLoop::quit);
    wait.exec();
-    
+
    return filePath;
 }

@@ -97,7 +97,7 @@ bool IPUtilsLinux::addIP4AddressToDevice(const InterfaceConfig& config) {
  // Set ifr to interface
  int ret = ioctl(sockfd, SIOCSIFADDR, &ifr);
  if (ret) {
-    logger.error() << "Failed to set IPv4: " << logger.sensitive(deviceAddr)
+    logger.error() << "Failed to set IPv4: " << deviceAddr
                   << "error:" << strerror(errno);
    return false;
  }
@@ -138,7 +138,7 @@ bool IPUtilsLinux::addIP6AddressToDevice(const InterfaceConfig& config) {
  // Set ifr6 to the interface
  ret = ioctl(sockfd, SIOCSIFADDR, &ifr6);
  if (ret && (errno != EEXIST)) {
-    logger.error() << "Failed to set IPv6: " << logger.sensitive(deviceAddr)
+    logger.error() << "Failed to set IPv6: " << deviceAddr
                   << "error:" << strerror(errno);
    return false;
  }
@@ -121,6 +121,12 @@ bool WireguardUtilsLinux::addInterface(const InterfaceConfig& config) {
    if (!config.m_responsePacketJunkSize.isEmpty()) {
        out << "s2=" << config.m_responsePacketJunkSize << "\n";
    }
+    if (!config.m_cookieReplyPacketJunkSize.isEmpty()) {
+        out << "s3=" << config.m_cookieReplyPacketJunkSize << "\n";
+    }
+    if (!config.m_transportPacketJunkSize.isEmpty()) {
+        out << "s4=" << config.m_transportPacketJunkSize << "\n";
+    }
    if (!config.m_initPacketMagicHeader.isEmpty()) {
        out << "h1=" << config.m_initPacketMagicHeader << "\n";
    }
@@ -134,13 +140,26 @@ bool WireguardUtilsLinux::addInterface(const InterfaceConfig& config) {
        out << "h4=" << config.m_transportPacketMagicHeader << "\n";
    }

+    for (const QString& key : config.m_specialJunk.keys()) {
+        out << key.toLower() << "=" << config.m_specialJunk.value(key) << "\n";
+    }
+    for (const QString& key : config.m_controlledJunk.keys()) {
+        out << key.toLower() << "=" << config.m_controlledJunk.value(key) << "\n";
+    }
+    if (!config.m_specialHandshakeTimeout.isEmpty()) {
+        out << "itime=" << config.m_specialHandshakeTimeout << "\n";
+    }
+
    int err = uapiErrno(uapiCommand(message));
    if (err != 0) {
        logger.error() << "Interface configuration failed:" << strerror(err);
    } else {
        if (config.m_killSwitchEnabled) {
            FirewallParams params { };
-            params.dnsServers.append(config.m_dnsServer);
+            params.dnsServers.append(config.m_primaryDnsServer);
+            if (!config.m_secondaryDnsServer.isEmpty()) {
+                params.dnsServers.append(config.m_secondaryDnsServer);
+            }
            if (config.m_allowedIPAddressRanges.contains(IPAddress("0.0.0.0/0"))) {
                params.blockAll = true;
                if (config.m_excludedAddresses.size()) {
@@ -122,7 +122,7 @@ bool IPUtilsMacos::addIP4AddressToDevice(const InterfaceConfig& config) {
  // Set ifr to interface
  int ret = ioctl(sockfd, SIOCAIFADDR, &ifr);
  if (ret) {
-    logger.error() << "Failed to set IPv4: " << logger.sensitive(deviceAddr)
+    logger.error() << "Failed to set IPv4: " << deviceAddr
                   << "error:" << strerror(errno);
    return false;
  }
@@ -162,7 +162,7 @@ bool IPUtilsMacos::addIP6AddressToDevice(const InterfaceConfig& config) {
  // Set ifr to interface
  int ret = ioctl(sockfd, SIOCAIFADDR_IN6, &ifr6);
  if (ret) {
-    logger.error() << "Failed to set IPv6: " << logger.sensitive(deviceAddr)
+    logger.error() << "Failed to set IPv6: " << deviceAddr
                   << "error:" << strerror(errno);
    return false;
  }
@@ -43,8 +43,16 @@ namespace {

 #include "macosfirewall.h"

-#define ResourceDir qApp->applicationDirPath() + "/pf"
-#define DaemonDataDir qApp->applicationDirPath() + "/pf"
+#include <QDir>
+#include <QStandardPaths>
+
+// Read-only rules bundled with the application.
+#define ResourceDir (qApp->applicationDirPath() + "/pf")
+
+// Writable location that does NOT live inside the signed bundle.  Using a
+// constant path under /Library/Application Support keeps the signature intact
+// and is accessible to the root helper.
+#define DaemonDataDir QStringLiteral("/Library/Application Support/AmneziaVPN/pf")

 #include <QProcess>

@@ -121,6 +129,8 @@ void MacOSFirewall::install()
    logger.info() << "Installing PF root anchor";

    installRootAnchors();
+    // Ensure writable directory exists, then store the token there.
+    QDir().mkpath(DaemonDataDir);
    execute(QStringLiteral("pfctl -E 2>&1 | grep -F 'Token : ' | cut -c9- > '%1/pf.token'").arg(DaemonDataDir));
 }

@@ -144,7 +144,7 @@ void MacosRouteMonitor::handleRtmDelete(const struct rt_msghdr* rtm,
  for (const IPAddress& prefix : m_exclusionRoutes) {
    if (prefix.address().protocol() == protocol) {
      logger.debug() << "Removing exclusion route to"
-                     << logger.sensitive(prefix.toString());
+                     << prefix.toString();
      rtmSendRoute(RTM_DELETE, prefix, rtm->rtm_index, nullptr);
    }
  }
@@ -259,7 +259,7 @@ void MacosRouteMonitor::handleRtmUpdate(const struct rt_msghdr* rtm,
  for (const IPAddress& prefix : m_exclusionRoutes) {
    if (prefix.address().protocol() == protocol) {
      logger.debug() << "Updating exclusion route to"
-                     << logger.sensitive(prefix.toString());
+                     << prefix.toString();
      rtmSendRoute(rtm_type, prefix, ifindex, addrlist[1].constData());
    }
  }
@@ -510,8 +510,7 @@ bool MacosRouteMonitor::deleteRoute(const IPAddress& prefix, int flags) {
 }

 bool MacosRouteMonitor::addExclusionRoute(const IPAddress& prefix) {
-  logger.debug() << "Adding exclusion route for"
-                 << logger.sensitive(prefix.toString());
+  logger.debug() << "Adding exclusion route for" << prefix.toString();

  if (m_exclusionRoutes.contains(prefix)) {
    logger.warning() << "Exclusion route already exists";
@@ -536,8 +535,7 @@ bool MacosRouteMonitor::addExclusionRoute(const IPAddress& prefix) {
 }

 bool MacosRouteMonitor::deleteExclusionRoute(const IPAddress& prefix) {
-  logger.debug() << "Deleting exclusion route for"
-                 << logger.sensitive(prefix.toString());
+  logger.debug() << "Deleting exclusion route for" << prefix.toString();

  m_exclusionRoutes.removeAll(prefix);
  if (prefix.address().protocol() == QAbstractSocket::IPv4Protocol) {
@@ -119,6 +119,12 @@ bool WireguardUtilsMacos::addInterface(const InterfaceConfig& config) {
  if (!config.m_responsePacketJunkSize.isEmpty()) {
    out << "s2=" << config.m_responsePacketJunkSize << "\n";
  }
+  if (!config.m_cookieReplyPacketJunkSize.isEmpty()) {
+    out << "s3=" << config.m_cookieReplyPacketJunkSize << "\n";
+  }
+  if (!config.m_transportPacketJunkSize.isEmpty()) {
+    out << "s4=" << config.m_transportPacketJunkSize << "\n";
+  }
  if (!config.m_initPacketMagicHeader.isEmpty()) {
    out << "h1=" << config.m_initPacketMagicHeader << "\n";
  }
@@ -132,30 +138,43 @@ bool WireguardUtilsMacos::addInterface(const InterfaceConfig& config) {
    out << "h4=" << config.m_transportPacketMagicHeader << "\n";
  }

+  for (const QString& key : config.m_specialJunk.keys()) {
+      out << key.toLower() << "=" << config.m_specialJunk.value(key) << "\n";
+  }
+  for (const QString& key : config.m_controlledJunk.keys()) {
+      out << key.toLower() << "=" << config.m_controlledJunk.value(key) << "\n";
+  }
+  if (!config.m_specialHandshakeTimeout.isEmpty()) {
+      out << "itime=" << config.m_specialHandshakeTimeout << "\n";
+  }
+
  int err = uapiErrno(uapiCommand(message));
  if (err != 0) {
    logger.error() << "Interface configuration failed:" << strerror(err);
  } else {
-      if (config.m_killSwitchEnabled) {
-        FirewallParams params { };
-        params.dnsServers.append(config.m_dnsServer);
+    if (config.m_killSwitchEnabled) {
+      FirewallParams params { };
+      params.dnsServers.append(config.m_primaryDnsServer);
+      if (!config.m_secondaryDnsServer.isEmpty()) {
+          params.dnsServers.append(config.m_secondaryDnsServer);
+      }

-        if (config.m_allowedIPAddressRanges.contains(IPAddress("0.0.0.0/0"))) {
+      if (config.m_allowedIPAddressRanges.contains(IPAddress("0.0.0.0/0"))) {
          params.blockAll = true;
          if (config.m_excludedAddresses.size()) {
-            params.allowNets = true;
-            foreach (auto net, config.m_excludedAddresses) {
-              params.allowAddrs.append(net.toUtf8());
-            }
+              params.allowNets = true;
+              foreach (auto net, config.m_excludedAddresses) {
+                  params.allowAddrs.append(net.toUtf8());
+              }
          }
-        } else {
+      } else {
          params.blockNets = true;
          foreach (auto net, config.m_allowedIPAddressRanges) {
-            params.blockAddrs.append(net.toString());
+              params.blockAddrs.append(net.toString());
          }
-        }
-        applyFirewallRules(params);
      }
+      applyFirewallRules(params);
+    }
  }
  return (err == 0);
 }
@@ -256,7 +256,7 @@ bool WindowsFirewall::allowTrafficRange(const QStringList& ranges) {

  for (const QString& addr : ranges) {
    logger.debug() << "Allow killswitch exclude: " << addr;
-    if (!allowTrafficTo(QHostAddress(addr), LOW_WEIGHT + 1, "Allow killswitch bypass traffic")) {
+    if (!allowTrafficTo(QHostAddress(addr), HIGH_WEIGHT, "Allow killswitch bypass traffic")) {
      return false;
    }
  }
@@ -291,15 +291,32 @@ bool WindowsFirewall::enablePeerTraffic(const InterfaceConfig& config) {
                      "Block Internet", config.m_serverPublicKey)) {
    return false;
  }
-  if (!config.m_dnsServer.isEmpty()) {
-    if (!allowTrafficTo(QHostAddress(config.m_dnsServer), 53, HIGH_WEIGHT,
+  if (!config.m_primaryDnsServer.isEmpty()) {
+    if (!allowTrafficTo(QHostAddress(config.m_primaryDnsServer), 53, HIGH_WEIGHT,
                        "Allow DNS-Server", config.m_serverPublicKey)) {
      return false;
    }
    // In some cases, we might configure a 2nd DNS server for IPv6, however
    // this should probably be cleaned up by converting m_dnsServer into
    // a QStringList instead.
-    if (config.m_dnsServer == config.m_serverIpv4Gateway) {
+    if (config.m_primaryDnsServer == config.m_serverIpv4Gateway) {
+      if (!allowTrafficTo(QHostAddress(config.m_serverIpv6Gateway), 53,
+                          HIGH_WEIGHT, "Allow extra IPv6 DNS-Server",
+                          config.m_serverPublicKey)) {
+        return false;
+      }
+    }
+  }
+
+  if (!config.m_secondaryDnsServer.isEmpty()) {
+    if (!allowTrafficTo(QHostAddress(config.m_secondaryDnsServer), 53, HIGH_WEIGHT,
+                        "Allow DNS-Server", config.m_serverPublicKey)) {
+      return false;
+    }
+    // In some cases, we might configure a 2nd DNS server for IPv6, however
+    // this should probably be cleaned up by converting m_dnsServer into
+    // a QStringList instead.
+    if (config.m_secondaryDnsServer == config.m_serverIpv4Gateway) {
      if (!allowTrafficTo(QHostAddress(config.m_serverIpv6Gateway), 53,
                          HIGH_WEIGHT, "Allow extra IPv6 DNS-Server",
                          config.m_serverPublicKey)) {
@@ -303,8 +303,7 @@ void WindowsRouteMonitor::updateCapturedRoutes(int family, void* ptable) {
      data->Age++;
      continue;
    }
-    logger.debug() << "Capturing route to"
-                   << logger.sensitive(prefix.toString());
+    logger.debug() << "Capturing route to" << prefix.toString();

    // Clone the route and direct it into the VPN tunnel.
    data = new MIB_IPFORWARD_ROW2;
@@ -354,8 +353,7 @@ void WindowsRouteMonitor::updateCapturedRoutes(int family, void* ptable) {
      continue;
    }

-    logger.debug() << "Removing route capture for"
-                   << logger.sensitive(i.key().toString());
+    logger.debug() << "Removing route capture for" << i.key().toString();

    // Otherwise, this route is no longer in use.
    DWORD result = DeleteIpForwardEntry2(data);
@@ -368,8 +366,7 @@ void WindowsRouteMonitor::updateCapturedRoutes(int family, void* ptable) {
 }

 bool WindowsRouteMonitor::addExclusionRoute(const IPAddress& prefix) {
-  logger.debug() << "Adding exclusion route for"
-                 << logger.sensitive(prefix.toString());
+  logger.debug() << "Adding exclusion route for" << prefix.toString();

  // Silently ignore non-routeable addresses.
  QHostAddress addr = prefix.address();
@@ -437,7 +434,7 @@ bool WindowsRouteMonitor::addExclusionRoute(const IPAddress& prefix) {

 bool WindowsRouteMonitor::deleteExclusionRoute(const IPAddress& prefix) {
  logger.debug() << "Deleting exclusion route for"
-                 << logger.sensitive(prefix.address().toString());
+                 << prefix.address().toString();

  MIB_IPFORWARD_ROW2* data = m_exclusionRoutes.take(prefix);
  if (data == nullptr) {
@@ -447,7 +444,7 @@ bool WindowsRouteMonitor::deleteExclusionRoute(const IPAddress& prefix) {
  DWORD result = DeleteIpForwardEntry2(data);
  if ((result != ERROR_NOT_FOUND) && (result != NO_ERROR)) {
    logger.error() << "Failed to delete route to"
-                   << logger.sensitive(prefix.toString())
+                   << prefix.toString()
                   << "result:" << result;
  }

@@ -465,7 +462,7 @@ void WindowsRouteMonitor::flushRouteTable(
    DWORD result = DeleteIpForwardEntry2(data);
    if ((result != ERROR_NOT_FOUND) && (result != NO_ERROR)) {
      logger.error() << "Failed to delete route to"
-                     << logger.sensitive(i.key().toString())
+                     << i.key().toString()
                     << "result:" << result;
    }
    delete data;
@@ -130,6 +130,7 @@ bool WireguardUtilsWindows::addInterface(const InterfaceConfig& config) {
    // Enable the windows firewall
    NET_IFINDEX ifindex;
    ConvertInterfaceLuidToIndex(&luid, &ifindex);
+    m_firewall->allowAllTraffic();
    m_firewall->enableInterface(ifindex);
  }

@@ -171,7 +171,7 @@ ErrorCode OpenVpnProtocol::start()
        return lastError();
    }

-#if defined(Q_OS_LINUX) || defined(Q_OS_MACOS)
+#ifdef AMNEZIA_DESKTOP
    IpcClient::Interface()->addKillSwitchAllowedRange(QStringList(NetworkUtilities::getIPAddress(
            m_configData.value(amnezia::config_key::hostName).toString())));
 #endif
@@ -343,7 +343,7 @@ void OpenVpnProtocol::updateVpnGateway(const QString &line)
                        // killSwitch toggle
                        if (m_vpnLocalAddress == netInterfaces.at(i).addressEntries().at(j).ip().toString()) {
                            if (QVariant(m_configData.value(config_key::killSwitchOption).toString()).toBool()) {
-                                IpcClient::Interface()->enableKillSwitch(QJsonObject(), netInterfaces.at(i).index());
+                                IpcClient::Interface()->enableKillSwitch(m_configData, netInterfaces.at(i).index());
                            }
                            m_configData.insert("vpnAdapterIndex", netInterfaces.at(i).index());
                            m_configData.insert("vpnGateway", m_vpnGateway);
@@ -72,10 +72,21 @@ namespace amnezia
        constexpr char junkPacketMaxSize[] = "Jmax";
        constexpr char initPacketJunkSize[] = "S1";
        constexpr char responsePacketJunkSize[] = "S2";
+        constexpr char cookieReplyPacketJunkSize[] = "S3";
+        constexpr char transportPacketJunkSize[] = "S4";
        constexpr char initPacketMagicHeader[] = "H1";
        constexpr char responsePacketMagicHeader[] = "H2";
        constexpr char underloadPacketMagicHeader[] = "H3";
        constexpr char transportPacketMagicHeader[] = "H4";
+        constexpr char specialJunk1[] = "I1";
+        constexpr char specialJunk2[] = "I2";
+        constexpr char specialJunk3[] = "I3";
+        constexpr char specialJunk4[] = "I4";
+        constexpr char specialJunk5[] = "I5";
+        constexpr char controlledJunk1[] = "J1";
+        constexpr char controlledJunk2[] = "J2";
+        constexpr char controlledJunk3[] = "J3";
+        constexpr char specialHandshakeTimeout[] = "Itime";

        constexpr char openvpn[] = "openvpn";
        constexpr char wireguard[] = "wireguard";
@@ -103,6 +114,8 @@ namespace amnezia

        constexpr char clientId[] = "clientId";

+        constexpr char nameOverriddenByUser[] = "nameOverriddenByUser";
+
    }

    namespace protocols
@@ -214,10 +227,22 @@ namespace amnezia
            constexpr char defaultJunkPacketMaxSize[] = "30";
            constexpr char defaultInitPacketJunkSize[] = "15";
            constexpr char defaultResponsePacketJunkSize[] = "18";
+            constexpr char defaultCookieReplyPacketJunkSize[] = "20";
+            constexpr char defaultTransportPacketJunkSize[] = "23";
+
            constexpr char defaultInitPacketMagicHeader[] = "1020325451";
            constexpr char defaultResponsePacketMagicHeader[] = "3288052141";
            constexpr char defaultTransportPacketMagicHeader[] = "2528465083";
            constexpr char defaultUnderloadPacketMagicHeader[] = "1766607858";
+            constexpr char defaultSpecialJunk1[] = "";
+            constexpr char defaultSpecialJunk2[] = "";
+            constexpr char defaultSpecialJunk3[] = "";
+            constexpr char defaultSpecialJunk4[] = "";
+            constexpr char defaultSpecialJunk5[] = "";
+            constexpr char defaultControlledJunk1[] = "";
+            constexpr char defaultControlledJunk2[] = "";
+            constexpr char defaultControlledJunk3[] = "";
+            constexpr char defaultSpecialHandshakeTimeout[] = "";
        }

        namespace socks5Proxy
@@ -98,8 +98,13 @@ ErrorCode XrayProtocol::startTun2Sock()
        if (vpnState == Vpn::ConnectionState::Connected) {
            setConnectionState(Vpn::ConnectionState::Connecting);
            QList<QHostAddress> dnsAddr;
+
            dnsAddr.push_back(QHostAddress(m_configData.value(config_key::dns1).toString()));
-            dnsAddr.push_back(QHostAddress(m_configData.value(config_key::dns2).toString()));
+            // We don't use secondary DNS if primary DNS is AmneziaDNS
+            if (!m_configData.value(amnezia::config_key::dns1).toString().
+                 contains(amnezia::protocols::dns::amneziaDnsIp)) {
+                dnsAddr.push_back(QHostAddress(m_configData.value(config_key::dns2).toString()));
+            }
 #ifdef Q_OS_WIN
            QThread::msleep(8000);
 #endif
@@ -134,7 +139,7 @@ ErrorCode XrayProtocol::startTun2Sock()
                    // killSwitch toggle
                    if (m_vpnLocalAddress == netInterfaces.at(i).addressEntries().at(j).ip().toString()) {
                        if (QVariant(m_configData.value(config_key::killSwitchOption).toString()).toBool()) {
-                            IpcClient::Interface()->enableKillSwitch(QJsonObject(), netInterfaces.at(i).index());
+                            IpcClient::Interface()->enableKillSwitch(m_configData, netInterfaces.at(i).index());
                        }
                        m_configData.insert("vpnAdapterIndex", netInterfaces.at(i).index());
                        m_configData.insert("vpnGateway", m_vpnGateway);
@@ -127,7 +127,7 @@
        <file>ui/qml/Components/SelectLanguageDrawer.qml</file>
        <file>ui/qml/Components/ServersListView.qml</file>
        <file>ui/qml/Components/SettingsContainersListView.qml</file>
-        <file>ui/qml/Components/ShareConnectionDrawer.qml</file>
+
        <file>ui/qml/Components/TransportProtoSelector.qml</file>
        <file>ui/qml/Components/AddSitePanel.qml</file>
        <file>ui/qml/Config/GlobalConfig.qml</file>
@@ -228,6 +228,7 @@
        <file>ui/qml/Pages2/PageSetupWizardViewConfig.qml</file>
        <file>ui/qml/Pages2/PageShare.qml</file>
        <file>ui/qml/Pages2/PageShareFullAccess.qml</file>
+        <file>ui/qml/Pages2/PageShareConnection.qml</file>
        <file>ui/qml/Pages2/PageStart.qml</file>
        <file>ui/qml/Components/RenameServerDrawer.qml</file>
        <file>ui/qml/Controls2/ListViewType.qml</file>
@@ -236,6 +237,11 @@
        <file>ui/qml/Pages2/PageSettingsApiNativeConfigs.qml</file>
        <file>ui/qml/Pages2/PageSettingsApiDevices.qml</file>
        <file>images/controls/monitor.svg</file>
+        <file>ui/qml/Components/ApiPremV1MigrationDrawer.qml</file>
+        <file>ui/qml/Components/ApiPremV1SubListDrawer.qml</file>
+        <file>ui/qml/Components/OtpCodeDrawer.qml</file>
+        <file>ui/qml/Components/AwgTextField.qml</file>
+        <file>ui/qml/Pages2/PageSettingsApiSubscriptionKey.qml</file>
    </qresource>
    <qresource prefix="/countriesFlags">
        <file>images/flagKit/ZW.svg</file>
@@ -10,7 +10,7 @@ RUN mkdir -p /opt/amnezia
 RUN echo -e "#!/bin/bash\ntail -f /dev/null" > /opt/amnezia/start.sh
 RUN chmod a+x /opt/amnezia/start.sh

-# Tune network  
+# Tune network
 RUN echo -e " \n\
  fs.file-max = 51200 \n\
  \n\
@@ -40,7 +40,8 @@ RUN echo -e " \n\
  echo -e " \n\
  * soft nofile 51200 \n\
  * hard nofile 51200 \n\
-  " | sed -e 's/^\s\+//g' | tee -a /etc/security/limits.conf  
+  " | sed -e 's/^\s\+//g' | tee -a /etc/security/limits.conf

 ENTRYPOINT [ "dumb-init", "/opt/amnezia/start.sh" ]
 CMD [ "" ]
+
@@ -23,4 +23,5 @@ H1 = $INIT_PACKET_MAGIC_HEADER
 H2 = $RESPONSE_PACKET_MAGIC_HEADER
 H3 = $UNDERLOAD_PACKET_MAGIC_HEADER
 H4 = $TRANSPORT_PACKET_MAGIC_HEADER
+
 EOF
@@ -1,6 +1,7 @@
-if which apt-get > /dev/null 2>&1; then LOCK_FILE="/var/lib/dpkg/lock-frontend";\
-elif which dnf > /dev/null 2>&1; then LOCK_FILE="/var/run/dnf.pid";\
-elif which yum > /dev/null 2>&1; then LOCK_FILE="/var/run/yum.pid";\
-elif which pacman > /dev/null 2>&1; then LOCK_FILE="/var/lib/pacman/db.lck";\
+if which apt-get > /dev/null 2>&1; then LOCK_CMD="fuser"; LOCK_FILE="/var/lib/dpkg/lock-frontend";\
+elif which dnf > /dev/null 2>&1; then LOCK_CMD="fuser"; LOCK_FILE="/var/cache/dnf/* /var/run/dnf/* /var/lib/dnf/* /var/lib/rpm/*";\
+elif which yum > /dev/null 2>&1; then LOCK_CMD="cat"; LOCK_FILE="/var/run/yum.pid";\
+elif which zypper > /dev/null 2>&1; then LOCK_CMD="cat"; LOCK_FILE="/var/run/zypp.pid";\
+elif which pacman > /dev/null 2>&1; then LOCK_CMD="fuser"; LOCK_FILE="/var/lib/pacman/db.lck";\
 else echo "Packet manager not found"; echo "Internal error"; exit 1; fi;\
-if command -v fuser > /dev/null 2>&1; then sudo fuser $LOCK_FILE 2>/dev/null; else echo "fuser not installed"; fi
+if command -v $LOCK_CMD > /dev/null 2>&1; then sudo $LOCK_CMD $LOCK_FILE 2>/dev/null; else echo "$LOCK_CMD not installed"; fi
@@ -1,6 +1,7 @@
 if which apt-get > /dev/null 2>&1; then pm=$(which apt-get); opt="--version";\
 elif which dnf > /dev/null 2>&1; then pm=$(which dnf); opt="--version";\
 elif which yum > /dev/null 2>&1; then pm=$(which yum); opt="--version";\
+elif which zypper > /dev/null 2>&1; then pm=$(which zypper); opt="--version";\
 elif which pacman > /dev/null 2>&1; then pm=$(which pacman); opt="--version";\
 else pm="uname"; opt="-a";\
 fi;\
@@ -1,6 +1,7 @@
 if which apt-get > /dev/null 2>&1; then pm=$(which apt-get); silent_inst="-yq install"; check_pkgs="-yq update"; docker_pkg="docker.io"; dist="debian";\
 elif which dnf > /dev/null 2>&1; then pm=$(which dnf); silent_inst="-yq install"; check_pkgs="-yq check-update"; docker_pkg="docker"; dist="fedora";\
 elif which yum > /dev/null 2>&1; then pm=$(which yum); silent_inst="-y -q install"; check_pkgs="-y -q check-update"; docker_pkg="docker"; dist="centos";\
+elif which zypper > /dev/null 2>&1; then pm=$(which zypper); silent_inst="-nq install"; check_pkgs="-nq refresh"; docker_pkg="docker"; dist="opensuse";\
 elif which pacman > /dev/null 2>&1; then pm=$(which pacman); silent_inst="-S --noconfirm --noprogressbar --quiet"; check_pkgs="-Sup"; docker_pkg="docker"; dist="archlinux";\
 else echo "Packet manager not found"; exit 1; fi;\
 echo "Dist: $dist, Packet manager: $pm, Install command: $silent_inst, Check pkgs command: $check_pkgs, Docker pkg: $docker_pkg";\
@@ -559,6 +559,16 @@ void Settings::disableHomeAdLabel()
    setValue("Conf/homeAdLabelVisible", false);
 }

+bool Settings::isPremV1MigrationReminderActive()
+{
+    return value("Conf/premV1MigrationReminderActive", true).toBool();
+}
+
+void Settings::disablePremV1MigrationReminder()
+{
+    setValue("Conf/premV1MigrationReminderActive", false);
+}
+
 QStringList Settings::allowedDnsServers() const
 {
    return value("Conf/allowedDnsServers").toStringList();
@@ -174,11 +174,12 @@ public:

    QLocale getAppLanguage()
    {
-        return value("Conf/appLanguage", QLocale()).toLocale();
+        QString localeStr = m_settings.value("Conf/appLanguage").toString();
+        return QLocale(localeStr);
    };
    void setAppLanguage(QLocale locale)
    {
-        setValue("Conf/appLanguage", locale);
+        setValue("Conf/appLanguage", locale.name());
    };

    bool isScreenshotsEnabled() const
@@ -229,6 +230,9 @@ public:
    bool isHomeAdLabelVisible();
    void disableHomeAdLabel();

+    bool isPremV1MigrationReminderActive();
+    void disablePremV1MigrationReminder();
+    
    QStringList allowedDnsServers() const;
    void setAllowedDnsServers(const QStringList &servers);

@@ -1,34 +0,0 @@
-import QtQuick
-import QtQuick.Controls
-import QtQuick.Layouts
-
-TextArea {
-    id: root
-
-    width: parent.width
-
-    topPadding: 16
-    leftPadding: 16
-
-    color: "#D7D8DB"
-    selectionColor:  "#412102"
-    selectedTextColor: "#D7D8DB"
-    placeholderTextColor: "#878B91"
-
-    font.pixelSize: 16
-    font.weight: Font.Medium
-    font.family: "PT Root UI VF"
-
-    wrapMode: Text.Wrap
-
-    MouseArea {
-        anchors.fill: parent
-        acceptedButtons: Qt.RightButton
-        onClicked: contextMenu.open()
-    }
-
-    ContextMenuType {
-        id: contextMenu
-        textObj: textField
-    }
-}
@@ -18,6 +18,7 @@ namespace
    {
        constexpr char cloak[] = "cloak";
        constexpr char awg[] = "awg";
+        constexpr char vless[] = "vless";

        constexpr char apiEndpoint[] = "api_endpoint";
        constexpr char accessToken[] = "api_key";
@@ -35,10 +36,6 @@ namespace
        constexpr char serviceInfo[] = "service_info";
        constexpr char serviceProtocol[] = "service_protocol";

-        constexpr char aesKey[] = "aes_key";
-        constexpr char aesIv[] = "aes_iv";
-        constexpr char aesSalt[] = "aes_salt";
-
        constexpr char apiPayload[] = "api_payload";
        constexpr char keyPayload[] = "key_payload";

@@ -47,6 +44,185 @@ namespace

        constexpr char config[] = "config";
    }
+
+    struct ProtocolData
+    {
+        OpenVpnConfigurator::ConnectionData certRequest;
+
+        QString wireGuardClientPrivKey;
+        QString wireGuardClientPubKey;
+
+        QString xrayUuid;
+    };
+
+    struct GatewayRequestData
+    {
+        QString osVersion;
+        QString appVersion;
+
+        QString installationUuid;
+
+        QString userCountryCode;
+        QString serverCountryCode;
+        QString serviceType;
+        QString serviceProtocol;
+
+        QJsonObject authData;
+
+        QJsonObject toJsonObject() const
+        {
+            QJsonObject obj;
+            if (!osVersion.isEmpty()) {
+                obj[configKey::osVersion] = osVersion;
+            }
+            if (!appVersion.isEmpty()) {
+                obj[configKey::appVersion] = appVersion;
+            }
+            if (!installationUuid.isEmpty()) {
+                obj[configKey::uuid] = installationUuid;
+            }
+            if (!userCountryCode.isEmpty()) {
+                obj[configKey::userCountryCode] = userCountryCode;
+            }
+            if (!serverCountryCode.isEmpty()) {
+                obj[configKey::serverCountryCode] = serverCountryCode;
+            }
+            if (!serviceType.isEmpty()) {
+                obj[configKey::serviceType] = serviceType;
+            }
+            if (!serviceProtocol.isEmpty()) {
+                obj[configKey::serviceProtocol] = serviceProtocol;
+            }
+            if (!authData.isEmpty()) {
+                obj[configKey::authData] = authData;
+            }
+            return obj;
+        }
+    };
+
+    ProtocolData generateProtocolData(const QString &protocol)
+    {
+        ProtocolData protocolData;
+        if (protocol == configKey::cloak) {
+            protocolData.certRequest = OpenVpnConfigurator::createCertRequest();
+        } else if (protocol == configKey::awg) {
+            auto connData = WireguardConfigurator::genClientKeys();
+            protocolData.wireGuardClientPubKey = connData.clientPubKey;
+            protocolData.wireGuardClientPrivKey = connData.clientPrivKey;
+        } else if (protocol == configKey::vless) {
+            protocolData.xrayUuid = QUuid::createUuid().toString(QUuid::WithoutBraces);
+        }
+
+        return protocolData;
+    }
+
+    void appendProtocolDataToApiPayload(const QString &protocol, const ProtocolData &protocolData, QJsonObject &apiPayload)
+    {
+        if (protocol == configKey::cloak) {
+            apiPayload[configKey::certificate] = protocolData.certRequest.request;
+        } else if (protocol == configKey::awg) {
+            apiPayload[configKey::publicKey] = protocolData.wireGuardClientPubKey;
+        } else if (protocol == configKey::vless) {
+            apiPayload[configKey::publicKey] = protocolData.xrayUuid;
+        }
+    }
+
+    ErrorCode fillServerConfig(const QString &protocol, const ProtocolData &apiPayloadData, const QByteArray &apiResponseBody,
+                               QJsonObject &serverConfig)
+    {
+        QString data = QJsonDocument::fromJson(apiResponseBody).object().value(config_key::config).toString();
+
+        data.replace("vpn://", "");
+        QByteArray ba = QByteArray::fromBase64(data.toUtf8(), QByteArray::Base64UrlEncoding | QByteArray::OmitTrailingEquals);
+
+        if (ba.isEmpty()) {
+            qDebug() << "empty vpn key";
+            return ErrorCode::ApiConfigEmptyError;
+        }
+
+        QByteArray ba_uncompressed = qUncompress(ba);
+        if (!ba_uncompressed.isEmpty()) {
+            ba = ba_uncompressed;
+        }
+
+        QString configStr = ba;
+        if (protocol == configKey::cloak) {
+            configStr.replace("<key>", "<key>\n");
+            configStr.replace("$OPENVPN_PRIV_KEY", apiPayloadData.certRequest.privKey);
+        } else if (protocol == configKey::awg) {
+            configStr.replace("$WIREGUARD_CLIENT_PRIVATE_KEY", apiPayloadData.wireGuardClientPrivKey);
+            auto newServerConfig = QJsonDocument::fromJson(configStr.toUtf8()).object();
+            auto containers = newServerConfig.value(config_key::containers).toArray();
+            if (containers.isEmpty()) {
+                qDebug() << "missing containers field";
+                return ErrorCode::ApiConfigEmptyError;
+            }
+            auto container = containers.at(0).toObject();
+            QString containerName = ContainerProps::containerTypeToString(DockerContainer::Awg);
+            auto serverProtocolConfig = container.value(containerName).toObject();
+            auto clientProtocolConfig =
+                    QJsonDocument::fromJson(serverProtocolConfig.value(config_key::last_config).toString().toUtf8()).object();
+
+            //TODO looks like this block can be removed after v1 configs EOL
+
+            serverProtocolConfig[config_key::junkPacketCount] = clientProtocolConfig.value(config_key::junkPacketCount);
+            serverProtocolConfig[config_key::junkPacketMinSize] = clientProtocolConfig.value(config_key::junkPacketMinSize);
+            serverProtocolConfig[config_key::junkPacketMaxSize] = clientProtocolConfig.value(config_key::junkPacketMaxSize);
+            serverProtocolConfig[config_key::initPacketJunkSize] = clientProtocolConfig.value(config_key::initPacketJunkSize);
+            serverProtocolConfig[config_key::responsePacketJunkSize] = clientProtocolConfig.value(config_key::responsePacketJunkSize);
+            serverProtocolConfig[config_key::initPacketMagicHeader] = clientProtocolConfig.value(config_key::initPacketMagicHeader);
+            serverProtocolConfig[config_key::responsePacketMagicHeader] = clientProtocolConfig.value(config_key::responsePacketMagicHeader);
+            serverProtocolConfig[config_key::underloadPacketMagicHeader] = clientProtocolConfig.value(config_key::underloadPacketMagicHeader);
+            serverProtocolConfig[config_key::transportPacketMagicHeader] = clientProtocolConfig.value(config_key::transportPacketMagicHeader);
+
+            serverProtocolConfig[config_key::cookieReplyPacketJunkSize] = clientProtocolConfig.value(config_key::cookieReplyPacketJunkSize);
+            serverProtocolConfig[config_key::transportPacketJunkSize] = clientProtocolConfig.value(config_key::transportPacketJunkSize);
+            serverProtocolConfig[config_key::specialJunk1] = clientProtocolConfig.value(config_key::specialJunk1);
+            serverProtocolConfig[config_key::specialJunk2] = clientProtocolConfig.value(config_key::specialJunk2);
+            serverProtocolConfig[config_key::specialJunk3] = clientProtocolConfig.value(config_key::specialJunk3);
+            serverProtocolConfig[config_key::specialJunk4] = clientProtocolConfig.value(config_key::specialJunk4);
+            serverProtocolConfig[config_key::specialJunk5] = clientProtocolConfig.value(config_key::specialJunk5);
+            serverProtocolConfig[config_key::controlledJunk1] = clientProtocolConfig.value(config_key::controlledJunk1);
+            serverProtocolConfig[config_key::controlledJunk2] = clientProtocolConfig.value(config_key::controlledJunk2);
+            serverProtocolConfig[config_key::controlledJunk3] = clientProtocolConfig.value(config_key::controlledJunk3);
+            serverProtocolConfig[config_key::specialHandshakeTimeout] = clientProtocolConfig.value(config_key::specialHandshakeTimeout);
+
+            //
+
+            container[containerName] = serverProtocolConfig;
+            containers.replace(0, container);
+            newServerConfig[config_key::containers] = containers;
+            configStr = QString(QJsonDocument(newServerConfig).toJson());
+        }
+
+        QJsonObject newServerConfig = QJsonDocument::fromJson(configStr.toUtf8()).object();
+        serverConfig[config_key::dns1] = newServerConfig.value(config_key::dns1);
+        serverConfig[config_key::dns2] = newServerConfig.value(config_key::dns2);
+        serverConfig[config_key::containers] = newServerConfig.value(config_key::containers);
+        serverConfig[config_key::hostName] = newServerConfig.value(config_key::hostName);
+
+        if (newServerConfig.value(config_key::configVersion).toInt() == apiDefs::ConfigSource::AmneziaGateway) {
+            serverConfig[config_key::configVersion] = newServerConfig.value(config_key::configVersion);
+            serverConfig[config_key::description] = newServerConfig.value(config_key::description);
+            serverConfig[config_key::name] = newServerConfig.value(config_key::name);
+        }
+
+        auto defaultContainer = newServerConfig.value(config_key::defaultContainer).toString();
+        serverConfig[config_key::defaultContainer] = defaultContainer;
+
+        QVariantMap map = serverConfig.value(configKey::apiConfig).toObject().toVariantMap();
+        map.insert(newServerConfig.value(configKey::apiConfig).toObject().toVariantMap());
+        auto apiConfig = QJsonObject::fromVariantMap(map);
+
+        if (newServerConfig.value(config_key::configVersion).toInt() == apiDefs::ConfigSource::AmneziaGateway) {
+            apiConfig.insert(apiDefs::key::supportedProtocols,
+                             QJsonDocument::fromJson(apiResponseBody).object().value(apiDefs::key::supportedProtocols).toArray());
+        }
+
+        serverConfig[configKey::apiConfig] = apiConfig;
+
+        return ErrorCode::NoError;
+    }
 }

 ApiConfigsController::ApiConfigsController(const QSharedPointer<ServersModel> &serversModel,
@@ -63,22 +239,26 @@ bool ApiConfigsController::exportNativeConfig(const QString &serverCountryCode,
        return false;
    }

-    GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs);
-
    auto serverConfigObject = m_serversModel->getServerConfig(m_serversModel->getProcessedServerIndex());
    auto apiConfigObject = serverConfigObject.value(configKey::apiConfig).toObject();

-    QString protocol = apiConfigObject.value(configKey::serviceProtocol).toString();
-    ApiPayloadData apiPayloadData = generateApiPayloadData(protocol);
+    GatewayRequestData gatewayRequestData { QSysInfo::productType(),
+                                            QString(APP_VERSION),
+                                            m_settings->getInstallationUuid(true),
+                                            apiConfigObject.value(configKey::userCountryCode).toString(),
+                                            serverCountryCode,
+                                            apiConfigObject.value(configKey::serviceType).toString(),
+                                            configKey::awg, // apiConfigObject.value(configKey::serviceProtocol).toString(),
+                                            serverConfigObject.value(configKey::authData).toObject() };

-    QJsonObject apiPayload = fillApiPayload(protocol, apiPayloadData);
-    apiPayload[configKey::userCountryCode] = apiConfigObject.value(configKey::userCountryCode);
-    apiPayload[configKey::serverCountryCode] = serverCountryCode;
-    apiPayload[configKey::serviceType] = apiConfigObject.value(configKey::serviceType);
-    apiPayload[configKey::authData] = serverConfigObject.value(configKey::authData);
+    QString protocol = gatewayRequestData.serviceProtocol;
+    ProtocolData protocolData = generateProtocolData(protocol);
+
+    QJsonObject apiPayload = gatewayRequestData.toJsonObject();
+    appendProtocolDataToApiPayload(gatewayRequestData.serviceProtocol, protocolData, apiPayload);

    QByteArray responseBody;
-    ErrorCode errorCode = gatewayController.post(QString("%1v1/native_config"), apiPayload, responseBody);
+    ErrorCode errorCode = executeRequest(QString("%1v1/native_config"), apiPayload, responseBody);
    if (errorCode != ErrorCode::NoError) {
        emit errorOccurred(errorCode);
        return false;
@@ -86,7 +266,7 @@ bool ApiConfigsController::exportNativeConfig(const QString &serverCountryCode,

    QJsonObject jsonConfig = QJsonDocument::fromJson(responseBody).object();
    QString nativeConfig = jsonConfig.value(configKey::config).toString();
-    nativeConfig.replace("$WIREGUARD_CLIENT_PRIVATE_KEY", apiPayloadData.wireGuardClientPrivKey);
+    nativeConfig.replace("$WIREGUARD_CLIENT_PRIVATE_KEY", protocolData.wireGuardClientPrivKey);

    SystemController::saveFile(fileName, nativeConfig);
    return true;
@@ -94,22 +274,22 @@ bool ApiConfigsController::exportNativeConfig(const QString &serverCountryCode,

 bool ApiConfigsController::revokeNativeConfig(const QString &serverCountryCode)
 {
-    GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs);
-
    auto serverConfigObject = m_serversModel->getServerConfig(m_serversModel->getProcessedServerIndex());
    auto apiConfigObject = serverConfigObject.value(configKey::apiConfig).toObject();

-    QString protocol = apiConfigObject.value(configKey::serviceProtocol).toString();
-    ApiPayloadData apiPayloadData = generateApiPayloadData(protocol);
+    GatewayRequestData gatewayRequestData { QSysInfo::productType(),
+                                            QString(APP_VERSION),
+                                            m_settings->getInstallationUuid(true),
+                                            apiConfigObject.value(configKey::userCountryCode).toString(),
+                                            serverCountryCode,
+                                            apiConfigObject.value(configKey::serviceType).toString(),
+                                            configKey::awg, // apiConfigObject.value(configKey::serviceProtocol).toString(),
+                                            serverConfigObject.value(configKey::authData).toObject() };

-    QJsonObject apiPayload = fillApiPayload(protocol, apiPayloadData);
-    apiPayload[configKey::userCountryCode] = apiConfigObject.value(configKey::userCountryCode);
-    apiPayload[configKey::serverCountryCode] = serverCountryCode;
-    apiPayload[configKey::serviceType] = apiConfigObject.value(configKey::serviceType);
-    apiPayload[configKey::authData] = serverConfigObject.value(configKey::authData);
+    QJsonObject apiPayload = gatewayRequestData.toJsonObject();

    QByteArray responseBody;
-    ErrorCode errorCode = gatewayController.post(QString("%1v1/revoke_native_config"), apiPayload, responseBody);
+    ErrorCode errorCode = executeRequest(QString("%1v1/revoke_native_config"), apiPayload, responseBody);
    if (errorCode != ErrorCode::NoError && errorCode != ErrorCode::ApiNotFoundError) {
        emit errorOccurred(errorCode);
        return false;
@@ -140,13 +320,11 @@ void ApiConfigsController::copyVpnKeyToClipboard()

 bool ApiConfigsController::fillAvailableServices()
 {
-    GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs);
-
    QJsonObject apiPayload;
    apiPayload[configKey::osVersion] = QSysInfo::productType();

    QByteArray responseBody;
-    ErrorCode errorCode = gatewayController.post(QString("%1v1/services"), apiPayload, responseBody);
+    ErrorCode errorCode = executeRequest(QString("%1v1/services"), apiPayload, responseBody);
    if (errorCode == ErrorCode::NoError) {
        if (!responseBody.contains("services")) {
            errorCode = ErrorCode::ApiServicesMissingError;
@@ -165,32 +343,36 @@ bool ApiConfigsController::fillAvailableServices()

 bool ApiConfigsController::importServiceFromGateway()
 {
-    if (m_serversModel->isServerFromApiAlreadyExists(m_apiServicesModel->getCountryCode(), m_apiServicesModel->getSelectedServiceType(),
-                                                     m_apiServicesModel->getSelectedServiceProtocol())) {
+    GatewayRequestData gatewayRequestData { QSysInfo::productType(),
+                                            QString(APP_VERSION),
+                                            m_settings->getInstallationUuid(true),
+                                            m_apiServicesModel->getCountryCode(),
+                                            "",
+                                            m_apiServicesModel->getSelectedServiceType(),
+                                            m_apiServicesModel->getSelectedServiceProtocol(),
+                                            QJsonObject() };
+
+    if (m_serversModel->isServerFromApiAlreadyExists(gatewayRequestData.userCountryCode, gatewayRequestData.serviceType,
+                                                     gatewayRequestData.serviceProtocol)) {
        emit errorOccurred(ErrorCode::ApiConfigAlreadyAdded);
        return false;
    }

-    GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs);
+    ProtocolData protocolData = generateProtocolData(gatewayRequestData.serviceProtocol);

-    auto installationUuid = m_settings->getInstallationUuid(true);
-    auto userCountryCode = m_apiServicesModel->getCountryCode();
-    auto serviceType = m_apiServicesModel->getSelectedServiceType();
-    auto serviceProtocol = m_apiServicesModel->getSelectedServiceProtocol();
-
-    ApiPayloadData apiPayloadData = generateApiPayloadData(serviceProtocol);
-
-    QJsonObject apiPayload = fillApiPayload(serviceProtocol, apiPayloadData);
-    apiPayload[configKey::userCountryCode] = userCountryCode;
-    apiPayload[configKey::serviceType] = serviceType;
-    apiPayload[configKey::uuid] = installationUuid;
+    QJsonObject apiPayload = gatewayRequestData.toJsonObject();
+    appendProtocolDataToApiPayload(gatewayRequestData.serviceProtocol, protocolData, apiPayload);

    QByteArray responseBody;
-    ErrorCode errorCode = gatewayController.post(QString("%1v1/config"), apiPayload, responseBody);
+    ErrorCode errorCode = executeRequest(QString("%1v1/config"), apiPayload, responseBody);

    QJsonObject serverConfig;
    if (errorCode == ErrorCode::NoError) {
-        fillServerConfig(serviceProtocol, apiPayloadData, responseBody, serverConfig);
+        errorCode = fillServerConfig(gatewayRequestData.serviceProtocol, protocolData, responseBody, serverConfig);
+        if (errorCode != ErrorCode::NoError) {
+            emit errorOccurred(errorCode);
+            return false;
+        }

        QJsonObject apiConfig = serverConfig.value(configKey::apiConfig).toObject();
        apiConfig.insert(configKey::userCountryCode, m_apiServicesModel->getCountryCode());
@@ -211,37 +393,33 @@ bool ApiConfigsController::importServiceFromGateway()
 bool ApiConfigsController::updateServiceFromGateway(const int serverIndex, const QString &newCountryCode, const QString &newCountryName,
                                                    bool reloadServiceConfig)
 {
-    GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs);
-
    auto serverConfig = m_serversModel->getServerConfig(serverIndex);
    auto apiConfig = serverConfig.value(configKey::apiConfig).toObject();
-    auto authData = serverConfig.value(configKey::authData).toObject();

-    auto installationUuid = m_settings->getInstallationUuid(true);
-    auto userCountryCode = apiConfig.value(configKey::userCountryCode).toString();
-    auto serviceType = apiConfig.value(configKey::serviceType).toString();
-    auto serviceProtocol = apiConfig.value(configKey::serviceProtocol).toString();
+    GatewayRequestData gatewayRequestData { QSysInfo::productType(),
+                                            QString(APP_VERSION),
+                                            m_settings->getInstallationUuid(true),
+                                            apiConfig.value(configKey::userCountryCode).toString(),
+                                            newCountryCode,
+                                            apiConfig.value(configKey::serviceType).toString(),
+                                            apiConfig.value(configKey::serviceProtocol).toString(),
+                                            serverConfig.value(configKey::authData).toObject() };

-    ApiPayloadData apiPayloadData = generateApiPayloadData(serviceProtocol);
+    ProtocolData protocolData = generateProtocolData(gatewayRequestData.serviceProtocol);

-    QJsonObject apiPayload = fillApiPayload(serviceProtocol, apiPayloadData);
-    apiPayload[configKey::userCountryCode] = userCountryCode;
-    apiPayload[configKey::serviceType] = serviceType;
-    apiPayload[configKey::uuid] = installationUuid;
-
-    if (!newCountryCode.isEmpty()) {
-        apiPayload[configKey::serverCountryCode] = newCountryCode;
-    }
-    if (!authData.isEmpty()) {
-        apiPayload[configKey::authData] = authData;
-    }
+    QJsonObject apiPayload = gatewayRequestData.toJsonObject();
+    appendProtocolDataToApiPayload(gatewayRequestData.serviceProtocol, protocolData, apiPayload);

    QByteArray responseBody;
-    ErrorCode errorCode = gatewayController.post(QString("%1v1/config"), apiPayload, responseBody);
+    ErrorCode errorCode = executeRequest(QString("%1v1/config"), apiPayload, responseBody);

    QJsonObject newServerConfig;
    if (errorCode == ErrorCode::NoError) {
-        fillServerConfig(serviceProtocol, apiPayloadData, responseBody, newServerConfig);
+        errorCode = fillServerConfig(gatewayRequestData.serviceProtocol, protocolData, responseBody, newServerConfig);
+        if (errorCode != ErrorCode::NoError) {
+            emit errorOccurred(errorCode);
+            return false;
+        }

        QJsonObject newApiConfig = newServerConfig.value(configKey::apiConfig).toObject();
        newApiConfig.insert(configKey::userCountryCode, apiConfig.value(configKey::userCountryCode));
@@ -250,8 +428,12 @@ bool ApiConfigsController::updateServiceFromGateway(const int serverIndex, const
        newApiConfig.insert(apiDefs::key::vpnKey, apiConfig.value(apiDefs::key::vpnKey));

        newServerConfig.insert(configKey::apiConfig, newApiConfig);
-        newServerConfig.insert(configKey::authData, authData);
+        newServerConfig.insert(configKey::authData, gatewayRequestData.authData);

+        if (serverConfig.value(config_key::nameOverriddenByUser).toBool()) {
+            newServerConfig.insert(config_key::name, serverConfig.value(config_key::name));
+            newServerConfig.insert(config_key::nameOverriddenByUser, true);
+        }
        m_serversModel->editServer(newServerConfig, serverIndex);
        if (reloadServiceConfig) {
            emit reloadServerFromApiFinished(tr("API config reloaded"));
@@ -274,16 +456,20 @@ bool ApiConfigsController::updateServiceFromTelegram(const int serverIndex)
    QThread::msleep(10);
 #endif

-    GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs);
+    GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs,
+                                        m_settings->isStrictKillSwitchEnabled());

    auto serverConfig = m_serversModel->getServerConfig(serverIndex);
    auto installationUuid = m_settings->getInstallationUuid(true);

    QString serviceProtocol = serverConfig.value(configKey::protocol).toString();
-    ApiPayloadData apiPayloadData = generateApiPayloadData(serviceProtocol);
+    ProtocolData protocolData = generateProtocolData(serviceProtocol);

-    QJsonObject apiPayload = fillApiPayload(serviceProtocol, apiPayloadData);
+    QJsonObject apiPayload;
+    appendProtocolDataToApiPayload(serviceProtocol, protocolData, apiPayload);
    apiPayload[configKey::uuid] = installationUuid;
+    apiPayload[configKey::osVersion] = QSysInfo::productType();
+    apiPayload[configKey::appVersion] = QString(APP_VERSION);
    apiPayload[configKey::accessToken] = serverConfig.value(configKey::accessToken).toString();
    apiPayload[configKey::apiEndpoint] = serverConfig.value(configKey::apiEndpoint).toString();

@@ -291,7 +477,11 @@ bool ApiConfigsController::updateServiceFromTelegram(const int serverIndex)
    ErrorCode errorCode = gatewayController.post(QString("%1v1/proxy_config"), apiPayload, responseBody);

    if (errorCode == ErrorCode::NoError) {
-        fillServerConfig(serviceProtocol, apiPayloadData, responseBody, serverConfig);
+        errorCode = fillServerConfig(serviceProtocol, protocolData, responseBody, serverConfig);
+        if (errorCode != ErrorCode::NoError) {
+            emit errorOccurred(errorCode);
+            return false;
+        }

        m_serversModel->editServer(serverConfig, serverIndex);
        emit updateServerFromApiFinished();
@@ -304,8 +494,6 @@ bool ApiConfigsController::updateServiceFromTelegram(const int serverIndex)

 bool ApiConfigsController::deactivateDevice()
 {
-    GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs);
-
    auto serverIndex = m_serversModel->getProcessedServerIndex();
    auto serverConfigObject = m_serversModel->getServerConfig(serverIndex);
    auto apiConfigObject = serverConfigObject.value(configKey::apiConfig).toObject();
@@ -314,18 +502,19 @@ bool ApiConfigsController::deactivateDevice()
        return true;
    }

-    QString protocol = apiConfigObject.value(configKey::serviceProtocol).toString();
-    ApiPayloadData apiPayloadData = generateApiPayloadData(protocol);
+    GatewayRequestData gatewayRequestData { QSysInfo::productType(),
+                                            QString(APP_VERSION),
+                                            m_settings->getInstallationUuid(true),
+                                            apiConfigObject.value(configKey::userCountryCode).toString(),
+                                            apiConfigObject.value(configKey::serverCountryCode).toString(),
+                                            apiConfigObject.value(configKey::serviceType).toString(),
+                                            "",
+                                            serverConfigObject.value(configKey::authData).toObject() };

-    QJsonObject apiPayload = fillApiPayload(protocol, apiPayloadData);
-    apiPayload[configKey::userCountryCode] = apiConfigObject.value(configKey::userCountryCode);
-    apiPayload[configKey::serverCountryCode] = apiConfigObject.value(configKey::serverCountryCode);
-    apiPayload[configKey::serviceType] = apiConfigObject.value(configKey::serviceType);
-    apiPayload[configKey::authData] = serverConfigObject.value(configKey::authData);
-    apiPayload[configKey::uuid] = m_settings->getInstallationUuid(true);
+    QJsonObject apiPayload = gatewayRequestData.toJsonObject();

    QByteArray responseBody;
-    ErrorCode errorCode = gatewayController.post(QString("%1v1/revoke_config"), apiPayload, responseBody);
+    ErrorCode errorCode = executeRequest(QString("%1v1/revoke_config"), apiPayload, responseBody);
    if (errorCode != ErrorCode::NoError && errorCode != ErrorCode::ApiNotFoundError) {
        emit errorOccurred(errorCode);
        return false;
@@ -339,8 +528,6 @@ bool ApiConfigsController::deactivateDevice()

 bool ApiConfigsController::deactivateExternalDevice(const QString &uuid, const QString &serverCountryCode)
 {
-    GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs);
-
    auto serverIndex = m_serversModel->getProcessedServerIndex();
    auto serverConfigObject = m_serversModel->getServerConfig(serverIndex);
    auto apiConfigObject = serverConfigObject.value(configKey::apiConfig).toObject();
@@ -349,18 +536,19 @@ bool ApiConfigsController::deactivateExternalDevice(const QString &uuid, const Q
        return true;
    }

-    QString protocol = apiConfigObject.value(configKey::serviceProtocol).toString();
-    ApiPayloadData apiPayloadData = generateApiPayloadData(protocol);
+    GatewayRequestData gatewayRequestData { QSysInfo::productType(),
+                                            QString(APP_VERSION),
+                                            uuid,
+                                            apiConfigObject.value(configKey::userCountryCode).toString(),
+                                            serverCountryCode,
+                                            apiConfigObject.value(configKey::serviceType).toString(),
+                                            "",
+                                            serverConfigObject.value(configKey::authData).toObject() };

-    QJsonObject apiPayload = fillApiPayload(protocol, apiPayloadData);
-    apiPayload[configKey::userCountryCode] = apiConfigObject.value(configKey::userCountryCode);
-    apiPayload[configKey::serverCountryCode] = serverCountryCode;
-    apiPayload[configKey::serviceType] = apiConfigObject.value(configKey::serviceType);
-    apiPayload[configKey::authData] = serverConfigObject.value(configKey::authData);
-    apiPayload[configKey::uuid] = uuid;
+    QJsonObject apiPayload = gatewayRequestData.toJsonObject();

    QByteArray responseBody;
-    ErrorCode errorCode = gatewayController.post(QString("%1v1/revoke_config"), apiPayload, responseBody);
+    ErrorCode errorCode = executeRequest(QString("%1v1/revoke_config"), apiPayload, responseBody);
    if (errorCode != ErrorCode::NoError && errorCode != ErrorCode::ApiNotFoundError) {
        emit errorOccurred(errorCode);
        return false;
@@ -399,108 +587,29 @@ bool ApiConfigsController::isConfigValid()
    return true;
 }

-ApiConfigsController::ApiPayloadData ApiConfigsController::generateApiPayloadData(const QString &protocol)
+void ApiConfigsController::setCurrentProtocol(const QString &protocolName)
 {
-    ApiConfigsController::ApiPayloadData apiPayload;
-    if (protocol == configKey::cloak) {
-        apiPayload.certRequest = OpenVpnConfigurator::createCertRequest();
-    } else if (protocol == configKey::awg) {
-        auto connData = WireguardConfigurator::genClientKeys();
-        apiPayload.wireGuardClientPubKey = connData.clientPubKey;
-        apiPayload.wireGuardClientPrivKey = connData.clientPrivKey;
-    }
-    return apiPayload;
+    auto serverIndex = m_serversModel->getProcessedServerIndex();
+    auto serverConfigObject = m_serversModel->getServerConfig(serverIndex);
+    auto apiConfigObject = serverConfigObject.value(configKey::apiConfig).toObject();
+
+    apiConfigObject[configKey::serviceProtocol] = protocolName;
+
+    serverConfigObject.insert(configKey::apiConfig, apiConfigObject);
+
+    m_serversModel->editServer(serverConfigObject, serverIndex);
 }

-QJsonObject ApiConfigsController::fillApiPayload(const QString &protocol, const ApiPayloadData &apiPayloadData)
+bool ApiConfigsController::isVlessProtocol()
 {
-    QJsonObject obj;
-    if (protocol == configKey::cloak) {
-        obj[configKey::certificate] = apiPayloadData.certRequest.request;
-    } else if (protocol == configKey::awg) {
-        obj[configKey::publicKey] = apiPayloadData.wireGuardClientPubKey;
+    auto serverIndex = m_serversModel->getProcessedServerIndex();
+    auto serverConfigObject = m_serversModel->getServerConfig(serverIndex);
+    auto apiConfigObject = serverConfigObject.value(configKey::apiConfig).toObject();
+
+    if (apiConfigObject[configKey::serviceProtocol].toString() == "vless") {
+        return true;
    }
-
-    obj[configKey::osVersion] = QSysInfo::productType();
-    obj[configKey::appVersion] = QString(APP_VERSION);
-
-    return obj;
-}
-
-void ApiConfigsController::fillServerConfig(const QString &protocol, const ApiPayloadData &apiPayloadData,
-                                            const QByteArray &apiResponseBody, QJsonObject &serverConfig)
-{
-    QString data = QJsonDocument::fromJson(apiResponseBody).object().value(config_key::config).toString();
-
-    data.replace("vpn://", "");
-    QByteArray ba = QByteArray::fromBase64(data.toUtf8(), QByteArray::Base64UrlEncoding | QByteArray::OmitTrailingEquals);
-
-    if (ba.isEmpty()) {
-        emit errorOccurred(ErrorCode::ApiConfigEmptyError);
-        return;
-    }
-
-    QByteArray ba_uncompressed = qUncompress(ba);
-    if (!ba_uncompressed.isEmpty()) {
-        ba = ba_uncompressed;
-    }
-
-    QString configStr = ba;
-    if (protocol == configKey::cloak) {
-        configStr.replace("<key>", "<key>\n");
-        configStr.replace("$OPENVPN_PRIV_KEY", apiPayloadData.certRequest.privKey);
-    } else if (protocol == configKey::awg) {
-        configStr.replace("$WIREGUARD_CLIENT_PRIVATE_KEY", apiPayloadData.wireGuardClientPrivKey);
-        auto newServerConfig = QJsonDocument::fromJson(configStr.toUtf8()).object();
-        auto containers = newServerConfig.value(config_key::containers).toArray();
-        if (containers.isEmpty()) {
-            return; // todo process error
-        }
-        auto container = containers.at(0).toObject();
-        QString containerName = ContainerProps::containerTypeToString(DockerContainer::Awg);
-        auto containerConfig = container.value(containerName).toObject();
-        auto protocolConfig = QJsonDocument::fromJson(containerConfig.value(config_key::last_config).toString().toUtf8()).object();
-        containerConfig[config_key::junkPacketCount] = protocolConfig.value(config_key::junkPacketCount);
-        containerConfig[config_key::junkPacketMinSize] = protocolConfig.value(config_key::junkPacketMinSize);
-        containerConfig[config_key::junkPacketMaxSize] = protocolConfig.value(config_key::junkPacketMaxSize);
-        containerConfig[config_key::initPacketJunkSize] = protocolConfig.value(config_key::initPacketJunkSize);
-        containerConfig[config_key::responsePacketJunkSize] = protocolConfig.value(config_key::responsePacketJunkSize);
-        containerConfig[config_key::initPacketMagicHeader] = protocolConfig.value(config_key::initPacketMagicHeader);
-        containerConfig[config_key::responsePacketMagicHeader] = protocolConfig.value(config_key::responsePacketMagicHeader);
-        containerConfig[config_key::underloadPacketMagicHeader] = protocolConfig.value(config_key::underloadPacketMagicHeader);
-        containerConfig[config_key::transportPacketMagicHeader] = protocolConfig.value(config_key::transportPacketMagicHeader);
-        container[containerName] = containerConfig;
-        containers.replace(0, container);
-        newServerConfig[config_key::containers] = containers;
-        configStr = QString(QJsonDocument(newServerConfig).toJson());
-    }
-
-    QJsonObject newServerConfig = QJsonDocument::fromJson(configStr.toUtf8()).object();
-    serverConfig[config_key::dns1] = newServerConfig.value(config_key::dns1);
-    serverConfig[config_key::dns2] = newServerConfig.value(config_key::dns2);
-    serverConfig[config_key::containers] = newServerConfig.value(config_key::containers);
-    serverConfig[config_key::hostName] = newServerConfig.value(config_key::hostName);
-
-    if (newServerConfig.value(config_key::configVersion).toInt() == apiDefs::ConfigSource::AmneziaGateway) {
-        serverConfig[config_key::configVersion] = newServerConfig.value(config_key::configVersion);
-        serverConfig[config_key::description] = newServerConfig.value(config_key::description);
-        serverConfig[config_key::name] = newServerConfig.value(config_key::name);
-    }
-
-    auto defaultContainer = newServerConfig.value(config_key::defaultContainer).toString();
-    serverConfig[config_key::defaultContainer] = defaultContainer;
-
-    QVariantMap map = serverConfig.value(configKey::apiConfig).toObject().toVariantMap();
-    map.insert(newServerConfig.value(configKey::apiConfig).toObject().toVariantMap());
-    auto apiConfig = QJsonObject::fromVariantMap(map);
-
-    if (newServerConfig.value(config_key::configVersion).toInt() == apiDefs::ConfigSource::AmneziaGateway) {
-        apiConfig.insert(configKey::serviceInfo, QJsonDocument::fromJson(apiResponseBody).object().value(configKey::serviceInfo).toObject());
-    }
-
-    serverConfig[configKey::apiConfig] = apiConfig;
-
-    return;
+    return false;
 }

 QList<QString> ApiConfigsController::getQrCodes()
@@ -517,3 +626,10 @@ QString ApiConfigsController::getVpnKey()
 {
    return m_vpnKey;
 }
+
+ErrorCode ApiConfigsController::executeRequest(const QString &endpoint, const QJsonObject &apiPayload, QByteArray &responseBody)
+{
+    GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs,
+                                        m_settings->isStrictKillSwitchEnabled());
+    return gatewayController.post(endpoint, apiPayload, responseBody);
+}
@@ -35,6 +35,9 @@ public slots:

    bool isConfigValid();

+    void setCurrentProtocol(const QString &protocolName);
+    bool isVlessProtocol();
+
 signals:
    void errorOccurred(ErrorCode errorCode);

@@ -46,23 +49,12 @@ signals:
    void vpnKeyExportReady();

 private:
-    struct ApiPayloadData
-    {
-        OpenVpnConfigurator::ConnectionData certRequest;
-
-        QString wireGuardClientPrivKey;
-        QString wireGuardClientPubKey;
-    };
-
-    ApiPayloadData generateApiPayloadData(const QString &protocol);
-    QJsonObject fillApiPayload(const QString &protocol, const ApiPayloadData &apiPayloadData);
-    void fillServerConfig(const QString &protocol, const ApiPayloadData &apiPayloadData, const QByteArray &apiResponseBody,
-                          QJsonObject &serverConfig);
-
    QList<QString> getQrCodes();
    int getQrCodesCount();
    QString getVpnKey();

+    ErrorCode executeRequest(const QString &endpoint, const QJsonObject &apiPayload, QByteArray &responseBody);
+
    QList<QString> m_qrCodes;
    QString m_vpnKey;

@@ -0,0 +1,133 @@
+#include "apiPremV1MigrationController.h"
+
+#include <QEventLoop>
+#include <QTimer>
+
+#include "core/api/apiDefs.h"
+#include "core/api/apiUtils.h"
+#include "core/controllers/gatewayController.h"
+
+ApiPremV1MigrationController::ApiPremV1MigrationController(const QSharedPointer<ServersModel> &serversModel,
+                                                           const std::shared_ptr<Settings> &settings, QObject *parent)
+    : QObject(parent), m_serversModel(serversModel), m_settings(settings)
+{
+}
+
+bool ApiPremV1MigrationController::hasConfigsToMigration()
+{
+    QJsonArray vpnKeys;
+
+    auto serversCount = m_serversModel->getServersCount();
+    for (size_t i = 0; i < serversCount; i++) {
+        auto serverConfigObject = m_serversModel->getServerConfig(i);
+
+        if (apiUtils::getConfigType(serverConfigObject) != apiDefs::ConfigType::AmneziaPremiumV1) {
+            continue;
+        }
+
+        QString vpnKey = apiUtils::getPremiumV1VpnKey(serverConfigObject);
+        vpnKeys.append(vpnKey);
+    }
+
+    if (!vpnKeys.isEmpty()) {
+        GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs,
+                                            m_settings->isStrictKillSwitchEnabled());
+        QJsonObject apiPayload;
+
+        apiPayload["configs"] = vpnKeys;
+        QByteArray responseBody;
+        ErrorCode errorCode = gatewayController.post(QString("%1v1/prem-v1/is-active-subscription"), apiPayload, responseBody);
+
+        auto migrationsStatus = QJsonDocument::fromJson(responseBody).object();
+        for (const auto &migrationStatus : migrationsStatus) {
+            if (migrationStatus == "not_found") {
+                return true;
+            }
+        }
+    }
+
+    return false;
+}
+
+void ApiPremV1MigrationController::getSubscriptionList(const QString &email)
+{
+    GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs,
+                                        m_settings->isStrictKillSwitchEnabled());
+    QJsonObject apiPayload;
+
+    apiPayload[apiDefs::key::email] = email;
+    QByteArray responseBody;
+    ErrorCode errorCode = gatewayController.post(QString("%1v1/prem-v1/subscription-list"), apiPayload, responseBody);
+
+    if (errorCode == ErrorCode::NoError) {
+        m_email = email;
+        m_subscriptionsModel = QJsonDocument::fromJson(responseBody).array();
+        if (m_subscriptionsModel.isEmpty()) {
+            emit noSubscriptionToMigrate();
+            return;
+        }
+
+        emit subscriptionsModelChanged();
+    } else {
+        emit errorOccurred(ErrorCode::ApiMigrationError);
+    }
+}
+
+QJsonArray ApiPremV1MigrationController::getSubscriptionModel()
+{
+    return m_subscriptionsModel;
+}
+
+void ApiPremV1MigrationController::sendMigrationCode(const int subscriptionIndex)
+{
+    QEventLoop wait;
+    QTimer::singleShot(1000, &wait, &QEventLoop::quit);
+    wait.exec();
+
+    GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs,
+                                        m_settings->isStrictKillSwitchEnabled());
+    QJsonObject apiPayload;
+
+    apiPayload[apiDefs::key::email] = m_email;
+    QByteArray responseBody;
+    ErrorCode errorCode = gatewayController.post(QString("%1v1/prem-v1/migration-code"), apiPayload, responseBody);
+
+    if (errorCode == ErrorCode::NoError) {
+        m_subscriptionIndex = subscriptionIndex;
+        emit otpSuccessfullySent();
+    } else {
+        emit errorOccurred(ErrorCode::ApiMigrationError);
+    }
+}
+
+void ApiPremV1MigrationController::migrate(const QString &migrationCode)
+{
+    GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs,
+                                        m_settings->isStrictKillSwitchEnabled());
+    QJsonObject apiPayload;
+
+    apiPayload[apiDefs::key::email] = m_email;
+    apiPayload[apiDefs::key::orderId] = m_subscriptionsModel.at(m_subscriptionIndex).toObject().value(apiDefs::key::id).toString();
+    apiPayload[apiDefs::key::migrationCode] = migrationCode;
+    QByteArray responseBody;
+    ErrorCode errorCode = gatewayController.post(QString("%1v1/prem-v1/migrate"), apiPayload, responseBody);
+
+    if (errorCode == ErrorCode::NoError) {
+        auto responseObject = QJsonDocument::fromJson(responseBody).object();
+        QString premiumV2VpnKey = responseObject.value(apiDefs::key::config).toString();
+
+        emit importPremiumV2VpnKey(premiumV2VpnKey);
+    } else {
+        emit errorOccurred(ErrorCode::ApiMigrationError);
+    }
+}
+
+bool ApiPremV1MigrationController::isPremV1MigrationReminderActive()
+{
+    return m_settings->isPremV1MigrationReminderActive();
+}
+
+void ApiPremV1MigrationController::disablePremV1MigrationReminder()
+{
+    m_settings->disablePremV1MigrationReminder();
+}
@@ -0,0 +1,50 @@
+#ifndef APIPREMV1MIGRATIONCONTROLLER_H
+#define APIPREMV1MIGRATIONCONTROLLER_H
+
+#include <QObject>
+
+#include "ui/models/servers_model.h"
+
+class ApiPremV1MigrationController : public QObject
+{
+    Q_OBJECT
+public:
+    ApiPremV1MigrationController(const QSharedPointer<ServersModel> &serversModel, const std::shared_ptr<Settings> &settings,
+                                 QObject *parent = nullptr);
+
+    Q_PROPERTY(QJsonArray subscriptionsModel READ getSubscriptionModel NOTIFY subscriptionsModelChanged)
+
+public slots:
+    bool hasConfigsToMigration();
+    void getSubscriptionList(const QString &email);
+    QJsonArray getSubscriptionModel();
+    void sendMigrationCode(const int subscriptionIndex);
+    void migrate(const QString &migrationCode);
+
+    bool isPremV1MigrationReminderActive();
+    void disablePremV1MigrationReminder();
+
+signals:
+    void subscriptionsModelChanged();
+
+    void otpSuccessfullySent();
+
+    void importPremiumV2VpnKey(const QString &vpnKey);
+
+    void errorOccurred(ErrorCode errorCode);
+
+    void showMigrationDrawer();
+    void migrationFinished();
+
+    void noSubscriptionToMigrate();
+
+private:
+    QSharedPointer<ServersModel> m_serversModel;
+    std::shared_ptr<Settings> m_settings;
+
+    QJsonArray m_subscriptionsModel;
+    int m_subscriptionIndex;
+    QString m_email;
+};
+
+#endif // APIPREMV1MIGRATIONCONTROLLER_H
@@ -5,6 +5,7 @@

 #include "core/api/apiUtils.h"
 #include "core/controllers/gatewayController.h"
+#include "version.h"

 namespace
 {
@@ -48,7 +49,8 @@ bool ApiSettingsController::getAccountInfo(bool reload)
        wait.exec();
    }

-    GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), requestTimeoutMsecs);
+    GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), requestTimeoutMsecs,
+                                        m_settings->isStrictKillSwitchEnabled());

    auto processedIndex = m_serversModel->getProcessedServerIndex();
    auto serverConfig = m_serversModel->getServerConfig(processedIndex);
@@ -59,15 +61,14 @@ bool ApiSettingsController::getAccountInfo(bool reload)
    apiPayload[configKey::userCountryCode] = apiConfig.value(configKey::userCountryCode).toString();
    apiPayload[configKey::serviceType] = apiConfig.value(configKey::serviceType).toString();
    apiPayload[configKey::authData] = authData;
+    apiPayload[apiDefs::key::cliVersion] = QString(APP_VERSION);

    QByteArray responseBody;

-    if (apiUtils::isPremiumServer(serverConfig)) {
-        ErrorCode errorCode = gatewayController.post(QString("%1v1/account_info"), apiPayload, responseBody);
-        if (errorCode != ErrorCode::NoError) {
-            emit errorOccurred(errorCode);
-            return false;
-        }
+    ErrorCode errorCode = gatewayController.post(QString("%1v1/account_info"), apiPayload, responseBody);
+    if (errorCode != ErrorCode::NoError) {
+        emit errorOccurred(errorCode);
+        return false;
    }

    QJsonObject accountInfo = QJsonDocument::fromJson(responseBody).object();
@@ -145,7 +145,7 @@ void ExportController::generateOpenVpnConfig(const QString &clientName)
    }

    QStringList lines = nativeConfig.value(config_key::config).toString().replace("\r", "").split("\n");
-    for (const QString &line : lines) {
+    for (const QString &line : std::as_const(lines)) {
        m_config.append(line + "\n");
    }

@@ -163,7 +163,7 @@ void ExportController::generateWireGuardConfig(const QString &clientName)
    }

    QStringList lines = nativeConfig.value(config_key::config).toString().replace("\r", "").split("\n");
-    for (const QString &line : lines) {
+    for (const QString &line : std::as_const(lines)) {
        m_config.append(line + "\n");
    }

@@ -183,7 +183,7 @@ void ExportController::generateAwgConfig(const QString &clientName)
    }

    QStringList lines = nativeConfig.value(config_key::config).toString().replace("\r", "").split("\n");
-    for (const QString &line : lines) {
+    for (const QString &line : std::as_const(lines)) {
        m_config.append(line + "\n");
    }

@@ -211,7 +211,7 @@ void ExportController::generateShadowSocksConfig()
    }

    QStringList lines = QString(QJsonDocument(nativeConfig).toJson()).replace("\r", "").split("\n");
-    for (const QString &line : lines) {
+    for (const QString &line : std::as_const(lines)) {
        m_config.append(line + "\n");
    }

@@ -240,7 +240,7 @@ void ExportController::generateCloakConfig()
    nativeConfig.insert("ProxyMethod", "shadowsocks");

    QStringList lines = QString(QJsonDocument(nativeConfig).toJson()).replace("\r", "").split("\n");
-    for (const QString &line : lines) {
+    for (const QString &line : std::as_const(lines)) {
        m_config.append(line + "\n");
    }

@@ -257,7 +257,7 @@ void ExportController::generateXrayConfig(const QString &clientName)
    }

    QStringList lines = QString(QJsonDocument(nativeConfig).toJson()).replace("\r", "").split("\n");
-    for (const QString &line : lines) {
+    for (const QString &line : std::as_const(lines)) {
        m_config.append(line + "\n");
    }

@@ -4,6 +4,12 @@
 #include <QQmlApplicationEngine>
 #include <QQuickWindow>

+#include "logger.h"
+
+namespace {
+    Logger logger("FocusController");
+}
+
 FocusController::FocusController(QQmlApplicationEngine *engine, QObject *parent)
    : QObject { parent },
      m_engine { engine },
@@ -85,7 +91,7 @@ void FocusController::dropRootObject(QObject *object)
        dropListView();
        setFocusOnDefaultItem();
    } else {
-        qWarning() << "===>> TRY TO DROP WRONG ROOT OBJECT: " << m_rootObjects.top() << " SHOULD BE: " << object;
+        logger.warning() << "TRY TO DROP WRONG ROOT OBJECT: " << m_rootObjects.top() << " SHOULD BE: " << object;
    }
 }

@@ -101,7 +107,7 @@ void FocusController::reload(Direction direction)
    QObject *rootObject = (m_rootObjects.empty() ? m_engine->rootObjects().value(0) : m_rootObjects.top());

    if (!rootObject) {
-        qCritical() << "No ROOT OBJECT found!";
+        logger.error() << "No ROOT OBJECT found!";
        resetRootObject();
        dropListView();
        return;
@@ -113,7 +119,7 @@ void FocusController::reload(Direction direction)
              direction == Direction::Forward ? FocusControl::isLess : FocusControl::isMore);

    if (m_focusChain.empty()) {
-        qWarning() << "Focus chain is empty!";
+        logger.warning() << "Focus chain is empty!";
        resetRootObject();
        dropListView();
        return;
@@ -131,7 +137,7 @@ void FocusController::nextItem(Direction direction)
    }

    if (m_focusChain.empty()) {
-        qWarning() << "There are no items to navigate";
+        logger.warning() << "There are no items to navigate";
        setFocusOnDefaultItem();
        return;
    }
@@ -149,7 +155,7 @@ void FocusController::nextItem(Direction direction)
    const auto focusedItem = qobject_cast<QQuickItem *>(m_focusChain.at(focusedItemIndex));

    if (focusedItem == nullptr) {
-        qWarning() << "Failed to get item to focus on. Setting focus on default";
+        logger.warning() << "Failed to get item to focus on. Setting focus on default";
        setFocusOnDefaultItem();
        return;
    }
@@ -12,6 +12,7 @@
 #include "core/errorstrings.h"
 #include "core/qrCodeUtils.h"
 #include "core/serialization/serialization.h"
+#include "protocols/protocols_defs.h"
 #include "systemController.h"
 #include "utilities.h"

@@ -286,6 +287,19 @@ void ImportController::processNativeWireGuardConfig()
        clientProtocolConfig[config_key::underloadPacketMagicHeader] = "3";
        clientProtocolConfig[config_key::transportPacketMagicHeader] = "4";

+        // clientProtocolConfig[config_key::cookieReplyPacketJunkSize] = "0";
+        // clientProtocolConfig[config_key::transportPacketJunkSize] = "0";
+
+        // clientProtocolConfig[config_key::specialJunk1] = "";
+        // clientProtocolConfig[config_key::specialJunk2] = "";
+        // clientProtocolConfig[config_key::specialJunk3] = "";
+        // clientProtocolConfig[config_key::specialJunk4] = "";
+        // clientProtocolConfig[config_key::specialJunk5] = "";
+        // clientProtocolConfig[config_key::controlledJunk1] = "";
+        // clientProtocolConfig[config_key::controlledJunk2] = "";
+        // clientProtocolConfig[config_key::controlledJunk3] = "";
+        // clientProtocolConfig[config_key::specialHandshakeTimeout] = "0";
+
        clientProtocolConfig[config_key::isObfuscationEnabled] = true;

        serverProtocolConfig[config_key::last_config] = QString(QJsonDocument(clientProtocolConfig).toJson());
@@ -438,21 +452,33 @@ QJsonObject ImportController::extractWireGuardConfig(const QString &data)
    lastConfig[config_key::allowed_ips] = allowedIpsJsonArray;

    QString protocolName = "wireguard";
-    if (!configMap.value(config_key::junkPacketCount).isEmpty() && !configMap.value(config_key::junkPacketMinSize).isEmpty()
-        && !configMap.value(config_key::junkPacketMaxSize).isEmpty() && !configMap.value(config_key::initPacketJunkSize).isEmpty()
-        && !configMap.value(config_key::responsePacketJunkSize).isEmpty() && !configMap.value(config_key::initPacketMagicHeader).isEmpty()
-        && !configMap.value(config_key::responsePacketMagicHeader).isEmpty()
-        && !configMap.value(config_key::underloadPacketMagicHeader).isEmpty()
-        && !configMap.value(config_key::transportPacketMagicHeader).isEmpty()) {
-        lastConfig[config_key::junkPacketCount] = configMap.value(config_key::junkPacketCount);
-        lastConfig[config_key::junkPacketMinSize] = configMap.value(config_key::junkPacketMinSize);
-        lastConfig[config_key::junkPacketMaxSize] = configMap.value(config_key::junkPacketMaxSize);
-        lastConfig[config_key::initPacketJunkSize] = configMap.value(config_key::initPacketJunkSize);
-        lastConfig[config_key::responsePacketJunkSize] = configMap.value(config_key::responsePacketJunkSize);
-        lastConfig[config_key::initPacketMagicHeader] = configMap.value(config_key::initPacketMagicHeader);
-        lastConfig[config_key::responsePacketMagicHeader] = configMap.value(config_key::responsePacketMagicHeader);
-        lastConfig[config_key::underloadPacketMagicHeader] = configMap.value(config_key::underloadPacketMagicHeader);
-        lastConfig[config_key::transportPacketMagicHeader] = configMap.value(config_key::transportPacketMagicHeader);
+
+    const QStringList requiredJunkFields = { config_key::junkPacketCount,           config_key::junkPacketMinSize,
+                                             config_key::junkPacketMaxSize,         config_key::initPacketJunkSize,
+                                             config_key::responsePacketJunkSize,    config_key::initPacketMagicHeader,
+                                             config_key::responsePacketMagicHeader, config_key::underloadPacketMagicHeader,
+                                             config_key::transportPacketMagicHeader };
+
+    const QStringList optionalJunkFields = { // config_key::cookieReplyPacketJunkSize,
+                                             // config_key::transportPacketJunkSize,
+                                             config_key::specialJunk1,    config_key::specialJunk2,    config_key::specialJunk3,
+                                             config_key::specialJunk4,    config_key::specialJunk5,    config_key::controlledJunk1,
+                                             config_key::controlledJunk2, config_key::controlledJunk3, config_key::specialHandshakeTimeout
+    };
+
+    bool hasAllRequiredFields = std::all_of(requiredJunkFields.begin(), requiredJunkFields.end(),
+                                            [&configMap](const QString &field) { return !configMap.value(field).isEmpty(); });
+    if (hasAllRequiredFields) {
+        for (const QString &field : requiredJunkFields) {
+            lastConfig[field] = configMap.value(field);
+        }
+
+        for (const QString &field : optionalJunkFields) {
+            if (!configMap.value(field).isEmpty()) {
+                lastConfig[field] = configMap.value(field);
+            }
+        }
+
        protocolName = "awg";
        m_configType = ConfigTypes::Awg;
    }
@@ -665,27 +691,27 @@ void ImportController::checkForMaliciousStrings(const QJsonObject &serverConfig)
                    containerConfig[ProtocolProps::protoToString(Proto::OpenVpn)].toObject()[config_key::last_config].toString();
            QString protocolConfigJson = QJsonDocument::fromJson(protocolConfig.toUtf8()).object()[config_key::config].toString();

-            const QRegularExpression regExp { "(\\w+-\\w+|\\w+)" };
-            const size_t dangerousTagsMaxCount = 3;
-
            // https://github.com/OpenVPN/openvpn/blob/master/doc/man-sections/script-options.rst
            QStringList dangerousTags {
                "up", "tls-verify", "ipchange", "client-connect", "route-up", "route-pre-down", "client-disconnect", "down", "learn-address", "auth-user-pass-verify"
            };

            QStringList maliciousStrings;
-            QStringList lines = protocolConfigJson.replace("\r", "").split("\n");
-            for (const QString &l : lines) {
-                QRegularExpressionMatch match = regExp.match(l);
-                if (dangerousTags.contains(match.captured(0))) {
-                    maliciousStrings << l;
+            QStringList lines = protocolConfigJson.split('\n', Qt::SkipEmptyParts);
+
+            for (const QString &rawLine : lines) {
+                QString line = rawLine.trimmed();
+
+                QString command = line.section(' ', 0, 0, QString::SectionSkipEmpty);
+                if (dangerousTags.contains(command, Qt::CaseInsensitive)) {
+                    maliciousStrings << rawLine;
                }
            }

            m_maliciousWarningText = tr("This configuration contains an OpenVPN setup. OpenVPN configurations can include malicious "
                                        "scripts, so only add it if you fully trust the provider of this config. ");

-            if (maliciousStrings.size() >= dangerousTagsMaxCount) {
+            if (!maliciousStrings.isEmpty()) {
                m_maliciousWarningText.push_back(tr("<br>In the imported configuration, potentially dangerous lines were found:"));
                for (const auto &string : maliciousStrings) {
                    m_maliciousWarningText.push_back(QString("<br><i>%1</i>").arg(string));
@@ -8,6 +8,7 @@
 #include <QStandardPaths>
 #include <QtConcurrent>

+#include "core/api/apiUtils.h"
 #include "core/controllers/serverController.h"
 #include "core/controllers/vpnConfigurationController.h"
 #include "core/networkUtilities.h"
@@ -15,7 +16,6 @@
 #include "ui/models/protocols/awgConfigModel.h"
 #include "ui/models/protocols/wireguardConfigModel.h"
 #include "utilities.h"
-#include "core/api/apiUtils.h"

 namespace
 {
@@ -79,12 +79,36 @@ void InstallController::install(DockerContainer container, int port, TransportPr

                int s1 = QRandomGenerator::global()->bounded(15, 150);
                int s2 = QRandomGenerator::global()->bounded(15, 150);
-                while (s1 + AwgConstant::messageInitiationSize == s2 + AwgConstant::messageResponseSize) {
+                // int s3 = QRandomGenerator::global()->bounded(15, 150);
+                // int s4 = QRandomGenerator::global()->bounded(15, 150);
+
+                // Ensure all values are unique and don't create equal packet sizes
+                QSet<int> usedValues;
+                usedValues.insert(s1);
+
+                while (usedValues.contains(s2) || s1 + AwgConstant::messageInitiationSize == s2 + AwgConstant::messageResponseSize) {
                    s2 = QRandomGenerator::global()->bounded(15, 150);
                }
+                usedValues.insert(s2);
+
+                // while (usedValues.contains(s3)
+                //        || s1 + AwgConstant::messageInitiationSize == s3 + AwgConstant::messageCookieReplySize
+                //        || s2 + AwgConstant::messageResponseSize == s3 + AwgConstant::messageCookieReplySize) {
+                //     s3 = QRandomGenerator::global()->bounded(15, 150);
+                // }
+                // usedValues.insert(s3);
+
+                // while (usedValues.contains(s4)
+                //        || s1 + AwgConstant::messageInitiationSize == s4 + AwgConstant::messageTransportSize
+                //        || s2 + AwgConstant::messageResponseSize == s4 + AwgConstant::messageTransportSize
+                //        || s3 + AwgConstant::messageCookieReplySize == s4 + AwgConstant::messageTransportSize) {
+                //     s4 = QRandomGenerator::global()->bounded(15, 150);
+                // }

                QString initPacketJunkSize = QString::number(s1);
                QString responsePacketJunkSize = QString::number(s2);
+                // QString cookieReplyPacketJunkSize = QString::number(s3);
+                // QString transportPacketJunkSize = QString::number(s4);

                QSet<QString> headersValue;
                while (headersValue.size() != 4) {
@@ -108,6 +132,21 @@ void InstallController::install(DockerContainer container, int port, TransportPr
                containerConfig[config_key::responsePacketMagicHeader] = responsePacketMagicHeader;
                containerConfig[config_key::underloadPacketMagicHeader] = underloadPacketMagicHeader;
                containerConfig[config_key::transportPacketMagicHeader] = transportPacketMagicHeader;
+
+                // TODO:
+                // containerConfig[config_key::cookieReplyPacketJunkSize] = cookieReplyPacketJunkSize;
+                // containerConfig[config_key::transportPacketJunkSize] = transportPacketJunkSize;
+
+                // containerConfig[config_key::specialJunk1] = specialJunk1;
+                // containerConfig[config_key::specialJunk2] = specialJunk2;
+                // containerConfig[config_key::specialJunk3] = specialJunk3;
+                // containerConfig[config_key::specialJunk4] = specialJunk4;
+                // containerConfig[config_key::specialJunk5] = specialJunk5;
+                // containerConfig[config_key::controlledJunk1] = controlledJunk1;
+                // containerConfig[config_key::controlledJunk2] = controlledJunk2;
+                // containerConfig[config_key::controlledJunk3] = controlledJunk3;
+                // containerConfig[config_key::specialHandshakeTimeout] = specialHandshakeTimeout;
+
            } else if (container == DockerContainer::Sftp) {
                containerConfig.insert(config_key::userName, protocols::sftp::defaultUserName);
                containerConfig.insert(config_key::password, Utils::getRandomString(16));
@@ -363,9 +402,20 @@ ErrorCode InstallController::getAlreadyInstalledContainers(const ServerCredentia

            QJsonObject config;
            Proto mainProto = ContainerProps::defaultProtocol(container);
-            for (auto protocol : ContainerProps::protocolsForContainer(container)) {
+            const auto &protocols = ContainerProps::protocolsForContainer(container);
+            
+            for (const auto &protocol : protocols) {
                QJsonObject containerConfig;
-                if (protocol == mainProto) {
+                
+                // for Multiprotocols (OpenVPN over SS, OpenVPN over Cloak)
+                bool shouldProcessProtocol = false;
+                if (container == DockerContainer::ShadowSocks || container == DockerContainer::Cloak) {
+                    shouldProcessProtocol = true;
+                } else {
+                    shouldProcessProtocol = (protocol == mainProto);
+                }
+                
+                if (shouldProcessProtocol) {
                    containerConfig.insert(config_key::port, port);
                    containerConfig.insert(config_key::transport_proto, transportProto);

@@ -387,6 +437,7 @@ ErrorCode InstallController::getAlreadyInstalledContainers(const ServerCredentia
                            }
                        }

+                        containerConfig[config_key::subnet_address] = serverConfigMap.value("Address").remove("/24");
                        containerConfig[config_key::junkPacketCount] = serverConfigMap.value(config_key::junkPacketCount);
                        containerConfig[config_key::junkPacketMinSize] = serverConfigMap.value(config_key::junkPacketMinSize);
                        containerConfig[config_key::junkPacketMaxSize] = serverConfigMap.value(config_key::junkPacketMaxSize);
@@ -398,6 +449,38 @@ ErrorCode InstallController::getAlreadyInstalledContainers(const ServerCredentia
                                serverConfigMap.value(config_key::underloadPacketMagicHeader);
                        containerConfig[config_key::transportPacketMagicHeader] =
                                serverConfigMap.value(config_key::transportPacketMagicHeader);
+
+                        // containerConfig[config_key::cookieReplyPacketJunkSize] = serverConfigMap.value(config_key::cookieReplyPacketJunkSize);
+                        // containerConfig[config_key::transportPacketJunkSize] = serverConfigMap.value(config_key::transportPacketJunkSize);
+
+                        // containerConfig[config_key::specialJunk1] = serverConfigMap.value(config_key::specialJunk1);
+                        // containerConfig[config_key::specialJunk2] = serverConfigMap.value(config_key::specialJunk2);
+                        // containerConfig[config_key::specialJunk3] = serverConfigMap.value(config_key::specialJunk3);
+                        // containerConfig[config_key::specialJunk4] = serverConfigMap.value(config_key::specialJunk4);
+                        // containerConfig[config_key::specialJunk5] = serverConfigMap.value(config_key::specialJunk5);
+                        // containerConfig[config_key::controlledJunk1] = serverConfigMap.value(config_key::controlledJunk1);
+                        // containerConfig[config_key::controlledJunk2] = serverConfigMap.value(config_key::controlledJunk2);
+                        // containerConfig[config_key::controlledJunk3] = serverConfigMap.value(config_key::controlledJunk3);
+                        // containerConfig[config_key::specialHandshakeTimeout] = serverConfigMap.value(config_key::specialHandshakeTimeout);
+
+                    } else if (protocol == Proto::WireGuard) {
+                        QString serverConfig = serverController->getTextFileFromContainer(container, credentials,
+                                                                                          protocols::wireguard::serverConfigPath, errorCode);
+
+                        QMap<QString, QString> serverConfigMap;
+                        auto serverConfigLines = serverConfig.split("\n");
+                        for (auto &line : serverConfigLines) {
+                            auto trimmedLine = line.trimmed();
+                            if (trimmedLine.startsWith("[") && trimmedLine.endsWith("]")) {
+                                continue;
+                            } else {
+                                QStringList parts = trimmedLine.split(" = ");
+                                if (parts.count() == 2) {
+                                    serverConfigMap.insert(parts[0].trimmed(), parts[1].trimmed());
+                                }
+                            }
+                        }
+                        containerConfig[config_key::subnet_address] = serverConfigMap.value("Address").remove("/24");
                    } else if (protocol == Proto::Sftp) {
                        stdOut.clear();
                        script = QString("sudo docker inspect --format '{{.Config.Cmd}}' %1").arg(name);
@@ -432,14 +515,142 @@ ErrorCode InstallController::getAlreadyInstalledContainers(const ServerCredentia
                            containerConfig.insert(config_key::userName, userName);
                            containerConfig.insert(config_key::password, password);
                        }
+                    } else if (protocol == Proto::Xray) {
+                        QString currentConfig = serverController->getTextFileFromContainer(
+                                container, credentials, amnezia::protocols::xray::serverConfigPath, errorCode);
+
+                        QJsonDocument doc = QJsonDocument::fromJson(currentConfig.toUtf8());
+                        qDebug() << doc;
+                        if (doc.isNull() || !doc.isObject()) {
+                            logger.error() << "Failed to parse server config JSON";
+                            errorCode = ErrorCode::InternalError;
+                            return errorCode;
+                        }
+                        QJsonObject serverConfig = doc.object();
+
+                        if (!serverConfig.contains("inbounds")) {
+                            logger.error() << "Server config missing 'inbounds' field";
+                            errorCode = ErrorCode::InternalError;
+                            return errorCode;
+                        }
+
+                        QJsonArray inbounds = serverConfig["inbounds"].toArray();
+                        if (inbounds.isEmpty()) {
+                            logger.error() << "Server config has empty 'inbounds' array";
+                            errorCode = ErrorCode::InternalError;
+                            return errorCode;
+                        }
+
+                        QJsonObject inbound = inbounds[0].toObject();
+                        if (!inbound.contains("streamSettings")) {
+                            logger.error() << "Inbound missing 'streamSettings' field";
+                            errorCode = ErrorCode::InternalError;
+                            return errorCode;
+                        }
+
+                        QJsonObject streamSettings = inbound["streamSettings"].toObject();
+                        QJsonObject realitySettings = streamSettings["realitySettings"].toObject();
+                        if (!realitySettings.contains("serverNames")) {
+                            logger.error() << "Settings missing 'clients' field";
+                            errorCode = ErrorCode::InternalError;
+                            return errorCode;
+                        }
+
+                        QString siteName = realitySettings["serverNames"][0].toString();
+                        qDebug() << siteName;
+
+                        containerConfig.insert(config_key::site, siteName);
+                    } else if (protocol == Proto::OpenVpn) {
+                        QString serverConfig = serverController->getTextFileFromContainer(container, credentials,
+                                                                                          protocols::openvpn::serverConfigPath, errorCode);
+
+                        QMap<QString, QString> serverConfigMap;
+                        auto serverConfigLines = serverConfig.split("\n");
+                        for (auto &line : serverConfigLines) {
+                            auto trimmedLine = line.trimmed();
+                            if (trimmedLine.startsWith("#") || trimmedLine.isEmpty()) {
+                                continue;
+                            } else {
+                                QStringList parts = trimmedLine.split(" ");
+                                if (parts.count() >= 2) {
+                                    QString key = parts[0];
+                                    QString value = parts.mid(1).join(" ");
+                                    serverConfigMap.insert(key, value);
+                                }
+                            }
+                        }
+
+                        QString serverValue = serverConfigMap.value("server");
+
+                        if (!serverValue.isEmpty()) {
+                            QStringList serverParts = serverValue.split(" ");
+                            if (serverParts.count() >= 1) {
+                                containerConfig[config_key::subnet_address] = serverParts[0];
+                            }
+                        }
+
+                        bool ncpDisable = serverConfig.contains("ncp-disable");
+                        containerConfig[config_key::ncp_disable] = ncpDisable;
+
+                        bool tlsAuth = serverConfig.contains("tls-auth");
+                        containerConfig[config_key::tls_auth] = tlsAuth;
+
+                        bool blockOutsideDns = serverConfig.contains("block-outside-dns");
+                        
+                        containerConfig[config_key::block_outside_dns] = blockOutsideDns;
+
+                        QString cipher = serverConfigMap.value("cipher");
+                        if (!cipher.isEmpty()) {
+                            containerConfig[config_key::cipher] = cipher;
+                        }
+
+                        QString hash = serverConfigMap.value("auth");
+                        if (!hash.isEmpty()) {
+                            containerConfig[config_key::hash] = hash;
+                        }
+                    } else if (protocol == Proto::Cloak) {
+                        QString cloakConfig = serverController->getTextFileFromContainer(container, credentials,
+                                                                                         "/opt/amnezia/cloak/ck-config.json", errorCode);
+
+                        QJsonDocument doc = QJsonDocument::fromJson(cloakConfig.toUtf8());
+                        
+                        if (!doc.isNull() && doc.isObject()) {
+                            QJsonObject cloakConfigObj = doc.object();
+                            
+                            QString site = cloakConfigObj.value("RedirAddr").toString();
+                            if (!site.isEmpty()) {
+                                containerConfig[config_key::site] = site;
+                            }
+                        } else {
+                            qDebug() << "Failed to parse main loop Cloak JSON config";
+                        }
+                        
+                    } else if (protocol == Proto::ShadowSocks) {
+                        QString shadowsocksConfig = serverController->getTextFileFromContainer(container, credentials,
+                                                                                               "/opt/amnezia/shadowsocks/ss-config.json", errorCode);
+
+                        QJsonDocument doc = QJsonDocument::fromJson(shadowsocksConfig.toUtf8());
+                        
+                        if (!doc.isNull() && doc.isObject()) {
+                            QJsonObject ssConfigObj = doc.object();
+                            QString cipher = ssConfigObj.value("method").toString();
+                            if (!cipher.isEmpty()) {
+                                containerConfig[config_key::cipher] = cipher;
+                            }
+                        } else {
+                            qDebug() << "Failed to parse main loop Shadowsocks JSON config";
+                        }
                    }

                    config.insert(config_key::container, ContainerProps::containerToString(container));
                }
-                config.insert(ProtocolProps::protoToString(protocol), containerConfig);
+                if (shouldProcessProtocol) {
+                    config.insert(ProtocolProps::protoToString(protocol), containerConfig);
+                }
            }
            installedContainers.insert(container, config);
        }
+
        const static QRegularExpression torOrDnsRegExp("(amnezia-(?:torwebsite|dns)).*?([0-9]*)/(udp|tcp).*");
        QRegularExpressionMatch torOrDnsRegMatch = torOrDnsRegExp.match(containerInfo);
        if (torOrDnsRegMatch.hasMatch()) {
@@ -603,6 +814,8 @@ void InstallController::clearCachedProfile(QSharedPointer<ServerController> serv
    m_clientManagementModel->revokeClient(containerConfig, container, serverCredentials, serverIndex, serverController);

    emit cachedProfileCleared(tr("%1 cached profile cleared").arg(ContainerProps::containerHumanNames().value(container)));
+    QJsonObject updatedConfig = m_settings->containerConfig(serverIndex, container);
+    emit profileCleared(updatedConfig);
 }

 QRegularExpression InstallController::ipAddressPortRegExp()
@@ -83,6 +83,8 @@ signals:

    void noInstalledContainers();

+    void profileCleared(const QJsonObject &config);
+
 private:
    void installServer(const DockerContainer container, const QMap<DockerContainer, QJsonObject> &installedContainers,
                       const ServerCredentials &serverCredentials, const QSharedPointer<ServerController> &serverController,
@@ -37,7 +37,7 @@ void ListViewFocusController::viewAtCurrentIndex() const
    }
    case Section::Delegate: {
        QMetaObject::invokeMethod(m_listView, "positionViewAtIndex", Q_ARG(int, m_delegateIndex), // Index
-                                  Q_ARG(int, 2)); // PositionMode (0 = Visible)
+                                  Q_ARG(int, 6)); // PositionMode (0 = Beginning; 1 = Center; 2 = End; 3 = Visible; 4 = Contain; 5 = SnapPosition)
        break;
    }
    case Section::Footer: {
@@ -38,6 +38,7 @@ namespace PageLoader
        PageSettingsApiInstructions,
        PageSettingsApiNativeConfigs,
        PageSettingsApiDevices,
+        PageSettingsApiSubscriptionKey,
        PageSettingsKillSwitchExceptions,
        
        PageServiceSftpSettings,
@@ -71,6 +72,7 @@ namespace PageLoader
        PageProtocolAwgClientSettings,

        PageShareFullAccess,
+        PageShareConnection,

        PageDevMenu
    };
@@ -35,6 +35,23 @@ SettingsController::SettingsController(const QSharedPointer<ServersModel> &serve
 #endif
 }

+QString getPlatformName()
+{
+#if defined(Q_OS_WINDOWS)
+    return "Windows";
+#elif defined(Q_OS_ANDROID)
+    return "Android";
+#elif defined(Q_OS_LINUX)
+    return "Linux";
+#elif defined(Q_OS_MACX)
+    return "MacOS";
+#elif defined(Q_OS_IOS)
+    return "iOS";
+#else
+    return "Unknown";
+#endif
+}
+
 void SettingsController::toggleAmneziaDns(bool enable)
 {
    m_settings->setUseAmneziaDns(enable);
@@ -126,7 +143,16 @@ void SettingsController::clearLogs()

 void SettingsController::backupAppConfig(const QString &fileName)
 {
-    SystemController::saveFile(fileName, m_settings->backupAppConfig());
+    QByteArray data = m_settings->backupAppConfig();
+    QJsonDocument doc = QJsonDocument::fromJson(data);
+    QJsonObject config = doc.object();
+
+    config["AppPlatform"] = getPlatformName();
+    config["Conf/autoStart"] = Autostart::isAutostart();
+    config["Conf/killSwitchEnabled"] = isKillSwitchEnabled();
+    config["Conf/strictKillSwitchEnabled"] = isStrictKillSwitchEnabled();
+
+    SystemController::saveFile(fileName, QJsonDocument(config).toJson());
 }

 void SettingsController::restoreAppConfig(const QString &fileName)
@@ -140,9 +166,50 @@ void SettingsController::restoreAppConfigFromData(const QByteArray &data)
 {
    bool ok = m_settings->restoreAppConfig(data);
    if (ok) {
+        QJsonObject newConfigData = QJsonDocument::fromJson(data).object();
+
+#if defined(Q_OS_WINDOWS) || defined(Q_OS_LINUX) || defined(Q_OS_MACX)
+        bool autoStart = false;
+        if (newConfigData.contains("Conf/autoStart")) {
+            autoStart = newConfigData["Conf/autoStart"].toBool();
+        }
+        toggleAutoStart(autoStart);
+#endif
+
        m_serversModel->resetModel();
        m_languageModel->changeLanguage(
                static_cast<LanguageSettings::AvailableLanguageEnum>(m_languageModel->getCurrentLanguageIndex()));
+
+#if defined(Q_OS_WINDOWS) || defined(Q_OS_ANDROID)
+        int appSplitTunnelingRouteMode = newConfigData.value("Conf/appsRouteMode").toInt();
+        bool appSplittunnelingEnabled = newConfigData.value("Conf/appsSplitTunnelingEnabled").toString().toLower() == "true";
+        m_appSplitTunnelingModel->setRouteMode(appSplitTunnelingRouteMode);
+
+        #if defined(Q_OS_WINDOWS)
+            m_appSplitTunnelingModel->setRouteMode(static_cast<int>(Settings::AppsRouteMode::VpnAllExceptApps));
+        #endif
+
+        if (newConfigData.contains("AppPlatform")) { //if backup is from a new version
+                if (newConfigData.value("AppPlatform").toString() != getPlatformName()) {
+                    m_appSplitTunnelingModel->clearAppsList();
+                }
+        }
+
+        m_appSplitTunnelingModel->toggleSplitTunneling(appSplittunnelingEnabled);
+#endif
+
+        int siteSplitTunnelingRouteMode = newConfigData.value("Conf/routeMode").toInt();
+        bool siteSplittunnelingEnabled = newConfigData.value("Conf/sitesSplitTunnelingEnabled").toString().toLower() == "true";
+        m_sitesModel->setRouteMode(siteSplitTunnelingRouteMode);
+        m_sitesModel->toggleSplitTunneling(siteSplittunnelingEnabled);
+
+#if defined(Q_OS_ANDROID) || defined(Q_OS_IOS)
+        m_settings->setAutoConnect(false);
+        m_settings->setStartMinimized(false);
+        m_settings->setKillSwitchEnabled(false);
+        m_settings->setStrictKillSwitchEnabled(false);
+#endif
+
        emit restoreBackupFinished();
    } else {
        emit changeSettingsErrorOccurred(tr("Backup file is corrupted"));
@@ -158,8 +225,7 @@ void SettingsController::clearSettings()
 {
    m_settings->clearSettings();
    m_serversModel->resetModel();
-    m_languageModel->changeLanguage(
-            static_cast<LanguageSettings::AvailableLanguageEnum>(m_languageModel->getCurrentLanguageIndex()));
+    m_languageModel->changeLanguage(m_languageModel->getSystemLanguageEnum());

    m_sitesModel->setRouteMode(Settings::RouteMode::VpnOnlyForwardSites);
    m_sitesModel->toggleSplitTunneling(false);
@@ -167,6 +233,8 @@ void SettingsController::clearSettings()
    m_appSplitTunnelingModel->setRouteMode(Settings::AppsRouteMode::VpnAllExceptApps);
    m_appSplitTunnelingModel->toggleSplitTunneling(false);

+    toggleAutoStart(false);
+
    emit changeSettingsFinished(tr("All settings have been reset to default values"));

 #ifdef Q_OS_IOS
@@ -136,6 +136,8 @@ private:

    QString m_appVersion;

+    QString getPlatform();
+
    QDateTime m_loggingDisableDate;

    bool m_isDevModeEnabled = false;
@@ -78,6 +78,13 @@ void SitesController::removeSite(int index)
    emit finished(tr("Site removed: %1").arg(hostname));
 }

+void SitesController::removeSites()
+{
+    m_sitesModel->removeSites();
+
+    emit finished(tr("Site list cleared!"));
+}
+
 void SitesController::importSites(const QString &fileName, bool replaceExisting)
 {
    QByteArray jsonData;
@@ -19,6 +19,7 @@ public slots:
    void addSite(QString hostname);
    void removeSite(int index);

+    void removeSites();
    void importSites(const QString &fileName, bool replaceExisting);
    void exportSites(const QString &fileName);

@@ -75,6 +75,12 @@ QVariant ApiAccountInfoModel::data(const QModelIndex &index, int role) const
        }
        return false;
    }
+    case IsProtocolSelectionSupportedRole: {
+        if (m_accountInfoData.supportedProtocols.size() > 1) {
+            return true;
+        }
+        return false;
+    }
    }

    return QVariant();
@@ -95,6 +101,10 @@ void ApiAccountInfoModel::updateModel(const QJsonObject &accountInfoObject, cons

    accountInfoData.configType = apiUtils::getConfigType(serverConfig);

+    for (const auto &protocol : accountInfoObject.value(apiDefs::key::supportedProtocols).toArray()) {
+        accountInfoData.supportedProtocols.push_back(protocol.toString());
+    }
+
    m_accountInfoData = accountInfoData;

    m_supportInfo = accountInfoObject.value(apiDefs::key::supportInfo).toObject();
@@ -159,6 +169,7 @@ QHash<int, QByteArray> ApiAccountInfoModel::roleNames() const
    roles[ServiceDescriptionRole] = "serviceDescription";
    roles[IsComponentVisibleRole] = "isComponentVisible";
    roles[HasExpiredWorkerRole] = "hasExpiredWorker";
+    roles[IsProtocolSelectionSupportedRole] = "isProtocolSelectionSupported";

    return roles;
 }
@@ -18,7 +18,8 @@ public:
        ServiceDescriptionRole,
        EndDateRole,
        IsComponentVisibleRole,
-        HasExpiredWorkerRole
+        HasExpiredWorkerRole,
+        IsProtocolSelectionSupportedRole
    };

    explicit ApiAccountInfoModel(QObject *parent = nullptr);
@@ -51,6 +52,8 @@ private:
        int maxDeviceCount;

        apiDefs::ConfigType configType;
+
+        QStringList supportedProtocols;
    };

    AccountInfoData m_accountInfoData;
@@ -69,7 +69,7 @@ QVariant ApiServicesModel::data(const QModelIndex &index, int role) const
                      "Access all websites and online resources. Speeds up to %1 Mbps.")
                    .arg(speed);
        } else if (serviceType == serviceType::amneziaFree) {
-            QString description = tr("AmneziaFree provides free unlimited access to a basic set of web sites, such as Facebook, Instagram, Twitter (X), Discord, Telegram, and others. YouTube is not included in the free plan.");
+            QString description = tr("Amnezia Free provides unlimited, free access to a basic set of websites and apps, including Facebook, Instagram, Twitter (X), Discord, Telegram, and more. YouTube is not included in the free plan.");
            if (!isServiceAvailable) {
                description += tr("<p><a style=\"color: #EB5757;\">Not available in your region. If you have VPN enabled, disable it, "
                                  "return to the previous screen, and try again.</a>");
@@ -82,7 +82,7 @@ QVariant ApiServicesModel::data(const QModelIndex &index, int role) const
            return tr("Amnezia Premium is classic VPN for for seamless work, downloading large files, and watching videos. "
                      "Access all websites and online resources.");
        } else {
-            return tr("AmneziaFree provides free unlimited access to a basic set of web sites, such as Facebook, Instagram, Twitter (X), Discord, Telegram, and others. YouTube is not included in the free plan.");
+            return tr("Amnezia Free provides unlimited, free access to a basic set of websites and apps, including Facebook, Instagram, Twitter (X), Discord, Telegram, and more. YouTube is not included in the free plan.");
        }
    }
    case IsServiceAvailableRole: {
@@ -112,7 +112,7 @@ QVariant ApiServicesModel::data(const QModelIndex &index, int role) const
        } else {
            return tr("VPN will open only popular sites blocked in your region, such as Instagram, Facebook, Twitter and others. "
                      "Other sites will be opened from your real IP address, "
-                      "<a href=\"%1/free\" style=\"color: #FBB26A;\">more details on the website.</a>");
+                      "<a href=\"%1\" style=\"color: #FBB26A;\">more details on the website.</a>");
        }
    }
    case PriceRole: {
@@ -26,12 +26,12 @@ QVariant AppSplitTunnelingModel::data(const QModelIndex &index, int role) const
        return QVariant();

    switch (role) {
-    case AppPathRole: {
-        return m_apps.at(index.row()).appName;
-    }
-    default: {
-        return true;
-    }
+        case AppPathRole: {
+            return m_apps.at(index.row()).appName;
+        }
+        default: {
+            return true;
+        }
    }

    return QVariant();
@@ -59,6 +59,13 @@ void AppSplitTunnelingModel::removeApp(QModelIndex index)
    endRemoveRows();
 }

+void AppSplitTunnelingModel::clearAppsList() {
+    beginResetModel();
+    m_apps.clear();
+    m_settings->setVpnApps(m_currentRouteMode, m_apps);
+    endResetModel();
+}
+
 int AppSplitTunnelingModel::getRouteMode()
 {
    return m_currentRouteMode;
@@ -29,6 +29,7 @@ public:
 public slots:
    bool addApp(const InstalledAppInfo &appInfo);
    void removeApp(QModelIndex index);
+    void clearAppsList();

    int getRouteMode();
    void setRouteMode(int routeMode);
@@ -101,6 +101,23 @@ QString LanguageModel::getCurrentLanguageName()
    return m_availableLanguages[getCurrentLanguageIndex()].name;
 }

+LanguageSettings::AvailableLanguageEnum LanguageModel::getSystemLanguageEnum()
+{
+    QLocale locale = QLocale::system();
+    switch (locale.language()) {
+    case QLocale::Russian: return LanguageSettings::AvailableLanguageEnum::Russian;
+    case QLocale::Chinese: return LanguageSettings::AvailableLanguageEnum::China_cn;
+    case QLocale::Ukrainian: return LanguageSettings::AvailableLanguageEnum::Ukrainian;
+    case QLocale::Persian: return LanguageSettings::AvailableLanguageEnum::Persian;
+    case QLocale::Arabic: return LanguageSettings::AvailableLanguageEnum::Arabic;
+    case QLocale::Burmese: return LanguageSettings::AvailableLanguageEnum::Burmese;
+    case QLocale::Urdu: return LanguageSettings::AvailableLanguageEnum::Urdu;
+    case QLocale::Hindi: return LanguageSettings::AvailableLanguageEnum::Hindi;
+    case QLocale::English: return LanguageSettings::AvailableLanguageEnum::English;
+    default: return LanguageSettings::AvailableLanguageEnum::English;
+    }
+}
+
 QString LanguageModel::getCurrentSiteUrl(const QString &path)
 {
    auto language = static_cast<LanguageSettings::AvailableLanguageEnum>(getCurrentLanguageIndex());
@@ -110,3 +127,13 @@ QString LanguageModel::getCurrentSiteUrl(const QString &path)
    default: return QString("https://amnezia.org") + (path.isEmpty() ? "" : (QString("/%1").arg(path)));
    }
 }
+
+QString LanguageModel::getCurrentDocsUrl(const QString &path)
+{
+    auto language = static_cast<LanguageSettings::AvailableLanguageEnum>(getCurrentLanguageIndex());
+    switch (language) {
+    case LanguageSettings::AvailableLanguageEnum::Russian:
+        return "https://storage.googleapis.com/amnezia/docs" + (path.isEmpty() ? "" : (QString("?m-path=/%1").arg(path)));
+    default: return QString("https://docs.amnezia.org") + (path.isEmpty() ? "" : (QString("/%1").arg(path)));
+    }
+}
@@ -46,6 +46,7 @@ public:
    };

    LanguageModel(std::shared_ptr<Settings> settings, QObject *parent = nullptr);
+    LanguageSettings::AvailableLanguageEnum getSystemLanguageEnum();

    int rowCount(const QModelIndex &parent = QModelIndex()) const override;
    QVariant data(const QModelIndex &index, int role = Qt::DisplayRole) const override;
@@ -60,6 +61,7 @@ public slots:
    int getLineHeightAppend();
    QString getCurrentLanguageName();
    QString getCurrentSiteUrl(const QString &path = "");
+    QString getCurrentDocsUrl(const QString &path = "");

 signals:
    void updateTranslations(const QLocale &locale);
@@ -28,7 +28,17 @@ bool AwgConfigModel::setData(const QModelIndex &index, const QVariant &value, in
    case Roles::ClientJunkPacketCountRole: m_clientProtocolConfig.insert(config_key::junkPacketCount, value.toString()); break;
    case Roles::ClientJunkPacketMinSizeRole: m_clientProtocolConfig.insert(config_key::junkPacketMinSize, value.toString()); break;
    case Roles::ClientJunkPacketMaxSizeRole: m_clientProtocolConfig.insert(config_key::junkPacketMaxSize, value.toString()); break;
-
+    case Roles::ClientSpecialJunk1Role: m_clientProtocolConfig.insert(config_key::specialJunk1, value.toString()); break;
+    case Roles::ClientSpecialJunk2Role: m_clientProtocolConfig.insert(config_key::specialJunk2, value.toString()); break;
+    case Roles::ClientSpecialJunk3Role: m_clientProtocolConfig.insert(config_key::specialJunk3, value.toString()); break;
+    case Roles::ClientSpecialJunk4Role: m_clientProtocolConfig.insert(config_key::specialJunk4, value.toString()); break;
+    case Roles::ClientSpecialJunk5Role: m_clientProtocolConfig.insert(config_key::specialJunk5, value.toString()); break;
+    case Roles::ClientControlledJunk1Role: m_clientProtocolConfig.insert(config_key::controlledJunk1, value.toString()); break;
+    case Roles::ClientControlledJunk2Role: m_clientProtocolConfig.insert(config_key::controlledJunk2, value.toString()); break;
+    case Roles::ClientControlledJunk3Role: m_clientProtocolConfig.insert(config_key::controlledJunk3, value.toString()); break;
+    case Roles::ClientSpecialHandshakeTimeoutRole:
+        m_clientProtocolConfig.insert(config_key::specialHandshakeTimeout, value.toString());
+        break;
    case Roles::ServerJunkPacketCountRole: m_serverProtocolConfig.insert(config_key::junkPacketCount, value.toString()); break;
    case Roles::ServerJunkPacketMinSizeRole: m_serverProtocolConfig.insert(config_key::junkPacketMinSize, value.toString()); break;
    case Roles::ServerJunkPacketMaxSizeRole: m_serverProtocolConfig.insert(config_key::junkPacketMaxSize, value.toString()); break;
@@ -36,6 +46,12 @@ bool AwgConfigModel::setData(const QModelIndex &index, const QVariant &value, in
    case Roles::ServerResponsePacketJunkSizeRole:
        m_serverProtocolConfig.insert(config_key::responsePacketJunkSize, value.toString());
        break;
+    // case Roles::ServerCookieReplyPacketJunkSizeRole:
+    //     m_serverProtocolConfig.insert(config_key::cookieReplyPacketJunkSize, value.toString());
+    //     break;
+    // case Roles::ServerTransportPacketJunkSizeRole:
+    //     m_serverProtocolConfig.insert(config_key::transportPacketJunkSize, value.toString());
+    //     break;
    case Roles::ServerInitPacketMagicHeaderRole: m_serverProtocolConfig.insert(config_key::initPacketMagicHeader, value.toString()); break;
    case Roles::ServerResponsePacketMagicHeaderRole:
        m_serverProtocolConfig.insert(config_key::responsePacketMagicHeader, value.toString());
@@ -66,12 +82,23 @@ QVariant AwgConfigModel::data(const QModelIndex &index, int role) const
    case Roles::ClientJunkPacketCountRole: return m_clientProtocolConfig.value(config_key::junkPacketCount);
    case Roles::ClientJunkPacketMinSizeRole: return m_clientProtocolConfig.value(config_key::junkPacketMinSize);
    case Roles::ClientJunkPacketMaxSizeRole: return m_clientProtocolConfig.value(config_key::junkPacketMaxSize);
+    case Roles::ClientSpecialJunk1Role: return m_clientProtocolConfig.value(config_key::specialJunk1);
+    case Roles::ClientSpecialJunk2Role: return m_clientProtocolConfig.value(config_key::specialJunk2);
+    case Roles::ClientSpecialJunk3Role: return m_clientProtocolConfig.value(config_key::specialJunk3);
+    case Roles::ClientSpecialJunk4Role: return m_clientProtocolConfig.value(config_key::specialJunk4);
+    case Roles::ClientSpecialJunk5Role: return m_clientProtocolConfig.value(config_key::specialJunk5);
+    case Roles::ClientControlledJunk1Role: return m_clientProtocolConfig.value(config_key::controlledJunk1);
+    case Roles::ClientControlledJunk2Role: return m_clientProtocolConfig.value(config_key::controlledJunk2);
+    case Roles::ClientControlledJunk3Role: return m_clientProtocolConfig.value(config_key::controlledJunk3);
+    case Roles::ClientSpecialHandshakeTimeoutRole: return m_clientProtocolConfig.value(config_key::specialHandshakeTimeout);

    case Roles::ServerJunkPacketCountRole: return m_serverProtocolConfig.value(config_key::junkPacketCount);
    case Roles::ServerJunkPacketMinSizeRole: return m_serverProtocolConfig.value(config_key::junkPacketMinSize);
    case Roles::ServerJunkPacketMaxSizeRole: return m_serverProtocolConfig.value(config_key::junkPacketMaxSize);
    case Roles::ServerInitPacketJunkSizeRole: return m_serverProtocolConfig.value(config_key::initPacketJunkSize);
    case Roles::ServerResponsePacketJunkSizeRole: return m_serverProtocolConfig.value(config_key::responsePacketJunkSize);
+    // case Roles::ServerCookieReplyPacketJunkSizeRole: return m_serverProtocolConfig.value(config_key::cookieReplyPacketJunkSize);
+    // case Roles::ServerTransportPacketJunkSizeRole: return m_serverProtocolConfig.value(config_key::transportPacketJunkSize);
    case Roles::ServerInitPacketMagicHeaderRole: return m_serverProtocolConfig.value(config_key::initPacketMagicHeader);
    case Roles::ServerResponsePacketMagicHeaderRole: return m_serverProtocolConfig.value(config_key::responsePacketMagicHeader);
    case Roles::ServerUnderloadPacketMagicHeaderRole: return m_serverProtocolConfig.value(config_key::underloadPacketMagicHeader);
@@ -94,7 +121,8 @@ void AwgConfigModel::updateModel(const QJsonObject &config)
    m_serverProtocolConfig.insert(config_key::transport_proto,
                                  serverProtocolConfig.value(config_key::transport_proto).toString(defaultTransportProto));
    m_serverProtocolConfig[config_key::last_config] = serverProtocolConfig.value(config_key::last_config);
-    m_serverProtocolConfig[config_key::subnet_address] = serverProtocolConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress);
+    m_serverProtocolConfig[config_key::subnet_address] =
+            serverProtocolConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress);
    m_serverProtocolConfig[config_key::port] = serverProtocolConfig.value(config_key::port).toString(protocols::awg::defaultPort);
    m_serverProtocolConfig[config_key::junkPacketCount] =
            serverProtocolConfig.value(config_key::junkPacketCount).toString(protocols::awg::defaultJunkPacketCount);
@@ -106,6 +134,10 @@ void AwgConfigModel::updateModel(const QJsonObject &config)
            serverProtocolConfig.value(config_key::initPacketJunkSize).toString(protocols::awg::defaultInitPacketJunkSize);
    m_serverProtocolConfig[config_key::responsePacketJunkSize] =
            serverProtocolConfig.value(config_key::responsePacketJunkSize).toString(protocols::awg::defaultResponsePacketJunkSize);
+    // m_serverProtocolConfig[config_key::cookieReplyPacketJunkSize] =
+    //         serverProtocolConfig.value(config_key::cookieReplyPacketJunkSize).toString(protocols::awg::defaultCookieReplyPacketJunkSize);
+    // m_serverProtocolConfig[config_key::transportPacketJunkSize] =
+    //         serverProtocolConfig.value(config_key::transportPacketJunkSize).toString(protocols::awg::defaultTransportPacketJunkSize);
    m_serverProtocolConfig[config_key::initPacketMagicHeader] =
            serverProtocolConfig.value(config_key::initPacketMagicHeader).toString(protocols::awg::defaultInitPacketMagicHeader);
    m_serverProtocolConfig[config_key::responsePacketMagicHeader] =
@@ -124,6 +156,24 @@ void AwgConfigModel::updateModel(const QJsonObject &config)
            clientProtocolConfig.value(config_key::junkPacketMinSize).toString(m_serverProtocolConfig[config_key::junkPacketMinSize].toString());
    m_clientProtocolConfig[config_key::junkPacketMaxSize] =
            clientProtocolConfig.value(config_key::junkPacketMaxSize).toString(m_serverProtocolConfig[config_key::junkPacketMaxSize].toString());
+    m_clientProtocolConfig[config_key::specialJunk1] =
+            clientProtocolConfig.value(config_key::specialJunk1).toString(protocols::awg::defaultSpecialJunk1);
+    m_clientProtocolConfig[config_key::specialJunk2] =
+            clientProtocolConfig.value(config_key::specialJunk2).toString(protocols::awg::defaultSpecialJunk2);
+    m_clientProtocolConfig[config_key::specialJunk3] =
+            clientProtocolConfig.value(config_key::specialJunk3).toString(protocols::awg::defaultSpecialJunk3);
+    m_clientProtocolConfig[config_key::specialJunk4] =
+            clientProtocolConfig.value(config_key::specialJunk4).toString(protocols::awg::defaultSpecialJunk4);
+    m_clientProtocolConfig[config_key::specialJunk5] =
+            clientProtocolConfig.value(config_key::specialJunk5).toString(protocols::awg::defaultSpecialJunk5);
+    m_clientProtocolConfig[config_key::controlledJunk1] =
+            clientProtocolConfig.value(config_key::controlledJunk1).toString(protocols::awg::defaultControlledJunk1);
+    m_clientProtocolConfig[config_key::controlledJunk2] =
+            clientProtocolConfig.value(config_key::controlledJunk2).toString(protocols::awg::defaultControlledJunk2);
+    m_clientProtocolConfig[config_key::controlledJunk3] =
+            clientProtocolConfig.value(config_key::controlledJunk3).toString(protocols::awg::defaultControlledJunk3);
+    m_clientProtocolConfig[config_key::specialHandshakeTimeout] =
+            clientProtocolConfig.value(config_key::specialHandshakeTimeout).toString(protocols::awg::defaultSpecialHandshakeTimeout);
    endResetModel();
 }

@@ -141,6 +191,15 @@ QJsonObject AwgConfigModel::getConfig()
        jsonConfig[config_key::junkPacketCount] = m_clientProtocolConfig[config_key::junkPacketCount];
        jsonConfig[config_key::junkPacketMinSize] = m_clientProtocolConfig[config_key::junkPacketMinSize];
        jsonConfig[config_key::junkPacketMaxSize] = m_clientProtocolConfig[config_key::junkPacketMaxSize];
+        jsonConfig[config_key::specialJunk1] = m_clientProtocolConfig[config_key::specialJunk1];
+        jsonConfig[config_key::specialJunk2] = m_clientProtocolConfig[config_key::specialJunk2];
+        jsonConfig[config_key::specialJunk3] = m_clientProtocolConfig[config_key::specialJunk3];
+        jsonConfig[config_key::specialJunk4] = m_clientProtocolConfig[config_key::specialJunk4];
+        jsonConfig[config_key::specialJunk5] = m_clientProtocolConfig[config_key::specialJunk5];
+        jsonConfig[config_key::controlledJunk1] = m_clientProtocolConfig[config_key::controlledJunk1];
+        jsonConfig[config_key::controlledJunk2] = m_clientProtocolConfig[config_key::controlledJunk2];
+        jsonConfig[config_key::controlledJunk3] = m_clientProtocolConfig[config_key::controlledJunk3];
+        jsonConfig[config_key::specialHandshakeTimeout] = m_clientProtocolConfig[config_key::specialHandshakeTimeout];

        m_serverProtocolConfig[config_key::last_config] = QString(QJsonDocument(jsonConfig).toJson());
    }
@@ -159,6 +218,17 @@ bool AwgConfigModel::isPacketSizeEqual(const int s1, const int s2)
    return (AwgConstant::messageInitiationSize + s1 == AwgConstant::messageResponseSize + s2);
 }

+// bool AwgConfigModel::isPacketSizeEqual(const int s1, const int s2, const int s3, const int s4)
+// {
+//     int initSize = AwgConstant::messageInitiationSize + s1;
+//     int responseSize = AwgConstant::messageResponseSize + s2;
+//     int cookieSize = AwgConstant::messageCookieReplySize + s3;
+//     int transportSize = AwgConstant::messageTransportSize + s4;
+
+//     return (initSize == responseSize || initSize == cookieSize || initSize == transportSize || responseSize == cookieSize
+//             || responseSize == transportSize || cookieSize == transportSize);
+// }
+
 bool AwgConfigModel::isServerSettingsEqual()
 {
    const AwgConfig oldConfig(m_fullConfig.value(config_key::awg).toObject());
@@ -178,12 +248,24 @@ QHash<int, QByteArray> AwgConfigModel::roleNames() const
    roles[ClientJunkPacketCountRole] = "clientJunkPacketCount";
    roles[ClientJunkPacketMinSizeRole] = "clientJunkPacketMinSize";
    roles[ClientJunkPacketMaxSizeRole] = "clientJunkPacketMaxSize";
+    roles[ClientSpecialJunk1Role] = "clientSpecialJunk1";
+    roles[ClientSpecialJunk2Role] = "clientSpecialJunk2";
+    roles[ClientSpecialJunk3Role] = "clientSpecialJunk3";
+    roles[ClientSpecialJunk4Role] = "clientSpecialJunk4";
+    roles[ClientSpecialJunk5Role] = "clientSpecialJunk5";
+    roles[ClientControlledJunk1Role] = "clientControlledJunk1";
+    roles[ClientControlledJunk2Role] = "clientControlledJunk2";
+    roles[ClientControlledJunk3Role] = "clientControlledJunk3";
+    roles[ClientSpecialHandshakeTimeoutRole] = "clientSpecialHandshakeTimeout";

    roles[ServerJunkPacketCountRole] = "serverJunkPacketCount";
    roles[ServerJunkPacketMinSizeRole] = "serverJunkPacketMinSize";
    roles[ServerJunkPacketMaxSizeRole] = "serverJunkPacketMaxSize";
    roles[ServerInitPacketJunkSizeRole] = "serverInitPacketJunkSize";
    roles[ServerResponsePacketJunkSizeRole] = "serverResponsePacketJunkSize";
+    roles[ServerCookieReplyPacketJunkSizeRole] = "serverCookieReplyPacketJunkSize";
+    roles[ServerTransportPacketJunkSizeRole] = "serverTransportPacketJunkSize";
+
    roles[ServerInitPacketMagicHeaderRole] = "serverInitPacketMagicHeader";
    roles[ServerResponsePacketMagicHeaderRole] = "serverResponsePacketMagicHeader";
    roles[ServerUnderloadPacketMagicHeaderRole] = "serverUnderloadPacketMagicHeader";
@@ -200,6 +282,16 @@ AwgConfig::AwgConfig(const QJsonObject &serverProtocolConfig)
    clientJunkPacketCount = clientProtocolConfig.value(config_key::junkPacketCount).toString(protocols::awg::defaultJunkPacketCount);
    clientJunkPacketMinSize = clientProtocolConfig.value(config_key::junkPacketMinSize).toString(protocols::awg::defaultJunkPacketMinSize);
    clientJunkPacketMaxSize = clientProtocolConfig.value(config_key::junkPacketMaxSize).toString(protocols::awg::defaultJunkPacketMaxSize);
+    clientSpecialJunk1 = clientProtocolConfig.value(config_key::specialJunk1).toString(protocols::awg::defaultSpecialJunk1);
+    clientSpecialJunk2 = clientProtocolConfig.value(config_key::specialJunk2).toString(protocols::awg::defaultSpecialJunk2);
+    clientSpecialJunk3 = clientProtocolConfig.value(config_key::specialJunk3).toString(protocols::awg::defaultSpecialJunk3);
+    clientSpecialJunk4 = clientProtocolConfig.value(config_key::specialJunk4).toString(protocols::awg::defaultSpecialJunk4);
+    clientSpecialJunk5 = clientProtocolConfig.value(config_key::specialJunk5).toString(protocols::awg::defaultSpecialJunk5);
+    clientControlledJunk1 = clientProtocolConfig.value(config_key::controlledJunk1).toString(protocols::awg::defaultControlledJunk1);
+    clientControlledJunk2 = clientProtocolConfig.value(config_key::controlledJunk2).toString(protocols::awg::defaultControlledJunk2);
+    clientControlledJunk3 = clientProtocolConfig.value(config_key::controlledJunk3).toString(protocols::awg::defaultControlledJunk3);
+    clientSpecialHandshakeTimeout =
+            clientProtocolConfig.value(config_key::specialHandshakeTimeout).toString(protocols::awg::defaultSpecialHandshakeTimeout);

    subnetAddress = serverProtocolConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress);
    port = serverProtocolConfig.value(config_key::port).toString(protocols::awg::defaultPort);
@@ -209,6 +301,10 @@ AwgConfig::AwgConfig(const QJsonObject &serverProtocolConfig)
    serverInitPacketJunkSize = serverProtocolConfig.value(config_key::initPacketJunkSize).toString(protocols::awg::defaultInitPacketJunkSize);
    serverResponsePacketJunkSize =
            serverProtocolConfig.value(config_key::responsePacketJunkSize).toString(protocols::awg::defaultResponsePacketJunkSize);
+    // serverCookieReplyPacketJunkSize =
+    //         serverProtocolConfig.value(config_key::cookieReplyPacketJunkSize).toString(protocols::awg::defaultCookieReplyPacketJunkSize);
+    // serverTransportPacketJunkSize =
+    //         serverProtocolConfig.value(config_key::transportPacketJunkSize).toString(protocols::awg::defaultTransportPacketJunkSize);
    serverInitPacketMagicHeader =
            serverProtocolConfig.value(config_key::initPacketMagicHeader).toString(protocols::awg::defaultInitPacketMagicHeader);
    serverResponsePacketMagicHeader =
@@ -224,6 +320,8 @@ bool AwgConfig::hasEqualServerSettings(const AwgConfig &other) const
    if (subnetAddress != other.subnetAddress || port != other.port || serverJunkPacketCount != other.serverJunkPacketCount
        || serverJunkPacketMinSize != other.serverJunkPacketMinSize || serverJunkPacketMaxSize != other.serverJunkPacketMaxSize
        || serverInitPacketJunkSize != other.serverInitPacketJunkSize || serverResponsePacketJunkSize != other.serverResponsePacketJunkSize
+        // || serverCookieReplyPacketJunkSize != other.serverCookieReplyPacketJunkSize
+        // || serverTransportPacketJunkSize != other.serverTransportPacketJunkSize
        || serverInitPacketMagicHeader != other.serverInitPacketMagicHeader
        || serverResponsePacketMagicHeader != other.serverResponsePacketMagicHeader
        || serverUnderloadPacketMagicHeader != other.serverUnderloadPacketMagicHeader
@@ -236,7 +334,12 @@ bool AwgConfig::hasEqualServerSettings(const AwgConfig &other) const
 bool AwgConfig::hasEqualClientSettings(const AwgConfig &other) const
 {
    if (clientMtu != other.clientMtu || clientJunkPacketCount != other.clientJunkPacketCount
-        || clientJunkPacketMinSize != other.clientJunkPacketMinSize || clientJunkPacketMaxSize != other.clientJunkPacketMaxSize) {
+        || clientJunkPacketMinSize != other.clientJunkPacketMinSize || clientJunkPacketMaxSize != other.clientJunkPacketMaxSize
+        || clientSpecialJunk1 != other.clientSpecialJunk1 || clientSpecialJunk2 != other.clientSpecialJunk2
+        || clientSpecialJunk3 != other.clientSpecialJunk3 || clientSpecialJunk4 != other.clientSpecialJunk4
+        || clientSpecialJunk5 != other.clientSpecialJunk5 || clientControlledJunk1 != other.clientControlledJunk1
+        || clientControlledJunk2 != other.clientControlledJunk2 || clientControlledJunk3 != other.clientControlledJunk3
+        || clientSpecialHandshakeTimeout != other.clientSpecialHandshakeTimeout) {
        return false;
    }
    return true;
@@ -6,9 +6,12 @@

 #include "containers/containers_defs.h"

-namespace AwgConstant {
+namespace AwgConstant
+{
    const int messageInitiationSize = 148;
    const int messageResponseSize = 92;
+    const int messageCookieReplySize = 64;
+    const int messageTransportSize = 32;
 }

 struct AwgConfig
@@ -22,12 +25,23 @@ struct AwgConfig
    QString clientJunkPacketCount;
    QString clientJunkPacketMinSize;
    QString clientJunkPacketMaxSize;
+    QString clientSpecialJunk1;
+    QString clientSpecialJunk2;
+    QString clientSpecialJunk3;
+    QString clientSpecialJunk4;
+    QString clientSpecialJunk5;
+    QString clientControlledJunk1;
+    QString clientControlledJunk2;
+    QString clientControlledJunk3;
+    QString clientSpecialHandshakeTimeout;

    QString serverJunkPacketCount;
    QString serverJunkPacketMinSize;
    QString serverJunkPacketMaxSize;
    QString serverInitPacketJunkSize;
    QString serverResponsePacketJunkSize;
+    QString serverCookieReplyPacketJunkSize;
+    QString serverTransportPacketJunkSize;
    QString serverInitPacketMagicHeader;
    QString serverResponsePacketMagicHeader;
    QString serverUnderloadPacketMagicHeader;
@@ -35,7 +49,6 @@ struct AwgConfig

    bool hasEqualServerSettings(const AwgConfig &other) const;
    bool hasEqualClientSettings(const AwgConfig &other) const;
-
 };

 class AwgConfigModel : public QAbstractListModel
@@ -51,16 +64,28 @@ public:
        ClientJunkPacketCountRole,
        ClientJunkPacketMinSizeRole,
        ClientJunkPacketMaxSizeRole,
+        ClientSpecialJunk1Role,
+        ClientSpecialJunk2Role,
+        ClientSpecialJunk3Role,
+        ClientSpecialJunk4Role,
+        ClientSpecialJunk5Role,
+        ClientControlledJunk1Role,
+        ClientControlledJunk2Role,
+        ClientControlledJunk3Role,
+        ClientSpecialHandshakeTimeoutRole,

        ServerJunkPacketCountRole,
        ServerJunkPacketMinSizeRole,
        ServerJunkPacketMaxSizeRole,
        ServerInitPacketJunkSizeRole,
        ServerResponsePacketJunkSizeRole,
+        ServerCookieReplyPacketJunkSizeRole,
+        ServerTransportPacketJunkSizeRole,
+
        ServerInitPacketMagicHeaderRole,
        ServerResponsePacketMagicHeaderRole,
        ServerUnderloadPacketMagicHeaderRole,
-        ServerTransportPacketMagicHeaderRole
+        ServerTransportPacketMagicHeaderRole,
    };

    explicit AwgConfigModel(QObject *parent = nullptr);
@@ -75,7 +100,7 @@ public slots:
    QJsonObject getConfig();

    bool isHeadersEqual(const QString &h1, const QString &h2, const QString &h3, const QString &h4);
-    bool isPacketSizeEqual(const int s1, const int s2);
+    bool isPacketSizeEqual(const int s1, const int s2/*, const int s3, const int s4*/);

    bool isServerSettingsEqual();

@@ -2,72 +2,128 @@

 #include "protocols/protocols_defs.h"

-OpenVpnConfigModel::OpenVpnConfigModel(QObject *parent) : QAbstractListModel(parent)
+OpenVpnConfigModel::OpenVpnConfigModel(QObject *parent)
+    : QObject(parent)
 {
 }

-int OpenVpnConfigModel::rowCount(const QModelIndex &parent) const
+QString OpenVpnConfigModel::subnetAddress() const
 {
-    Q_UNUSED(parent);
-    return 1;
+    return m_protocolConfig.value(amnezia::config_key::subnet_address).toString(amnezia::protocols::openvpn::defaultSubnetAddress);
 }

-bool OpenVpnConfigModel::setData(const QModelIndex &index, const QVariant &value, int role)
+void OpenVpnConfigModel::setSubnetAddress(const QString &subnetAddress)
 {
-    if (!index.isValid() || index.row() < 0 || index.row() >= ContainerProps::allContainers().size()) {
-        return false;
-    }
-
-    switch (role) {
-    case Roles::SubnetAddressRole: m_protocolConfig.insert(amnezia::config_key::subnet_address, value.toString()); break;
-    case Roles::TransportProtoRole: m_protocolConfig.insert(config_key::transport_proto, value.toString()); break;
-    case Roles::PortRole: m_protocolConfig.insert(config_key::port, value.toString()); break;
-    case Roles::AutoNegotiateEncryprionRole: m_protocolConfig.insert(config_key::ncp_disable, !value.toBool()); break;
-    case Roles::HashRole: m_protocolConfig.insert(config_key::hash, value.toString()); break;
-    case Roles::CipherRole: m_protocolConfig.insert(config_key::cipher, value.toString()); break;
-    case Roles::TlsAuthRole: m_protocolConfig.insert(config_key::tls_auth, value.toBool()); break;
-    case Roles::BlockDnsRole: m_protocolConfig.insert(config_key::block_outside_dns, value.toBool()); break;
-    case Roles::AdditionalClientCommandsRole: m_protocolConfig.insert(config_key::additional_client_config, value.toString()); break;
-    case Roles::AdditionalServerCommandsRole: m_protocolConfig.insert(config_key::additional_server_config, value.toString()); break;
-    }
-
-    emit dataChanged(index, index, QList { role });
-    return true;
+    m_protocolConfig.insert(amnezia::config_key::subnet_address, subnetAddress);
 }

-QVariant OpenVpnConfigModel::data(const QModelIndex &index, int role) const
+QString OpenVpnConfigModel::transportProto() const
 {
-    if (!index.isValid() || index.row() < 0 || index.row() >= rowCount()) {
-        return false;
-    }
+    return m_protocolConfig.value(config_key::transport_proto).toString(protocols::openvpn::defaultTransportProto);
+}

-    switch (role) {
-    case Roles::SubnetAddressRole:
-        return m_protocolConfig.value(amnezia::config_key::subnet_address).toString(amnezia::protocols::openvpn::defaultSubnetAddress);
-    case Roles::TransportProtoRole:
-        return m_protocolConfig.value(config_key::transport_proto).toString(protocols::openvpn::defaultTransportProto);
-    case Roles::PortRole: return m_protocolConfig.value(config_key::port).toString(protocols::openvpn::defaultPort);
-    case Roles::AutoNegotiateEncryprionRole:
-        return !m_protocolConfig.value(config_key::ncp_disable).toBool(protocols::openvpn::defaultNcpDisable);
-    case Roles::HashRole: return m_protocolConfig.value(config_key::hash).toString(protocols::openvpn::defaultHash);
-    case Roles::CipherRole: return m_protocolConfig.value(config_key::cipher).toString(protocols::openvpn::defaultCipher);
-    case Roles::TlsAuthRole: return m_protocolConfig.value(config_key::tls_auth).toBool(protocols::openvpn::defaultTlsAuth);
-    case Roles::BlockDnsRole:
-        return m_protocolConfig.value(config_key::block_outside_dns).toBool(protocols::openvpn::defaultBlockOutsideDns);
-    case Roles::AdditionalClientCommandsRole:
-        return m_protocolConfig.value(config_key::additional_client_config).toString(protocols::openvpn::defaultAdditionalClientConfig);
-    case Roles::AdditionalServerCommandsRole:
-        return m_protocolConfig.value(config_key::additional_server_config).toString(protocols::openvpn::defaultAdditionalServerConfig);
-    case Roles::IsPortEditable: return m_container == DockerContainer::OpenVpn ? true : false;
-    case Roles::IsTransportProtoEditable: return m_container == DockerContainer::OpenVpn ? true : false;
-    case Roles::HasRemoveButton: return m_container == DockerContainer::OpenVpn ? true : false;
-    }
-    return QVariant();
+void OpenVpnConfigModel::setTransportProto(const QString &transportProto)
+{
+    m_protocolConfig.insert(config_key::transport_proto, transportProto);
+}
+
+QString OpenVpnConfigModel::port() const
+{
+    return m_protocolConfig.value(config_key::port).toString(protocols::openvpn::defaultPort);
+}
+
+void OpenVpnConfigModel::setPort(const QString &port)
+{
+    m_protocolConfig.insert(config_key::port, port);
+}
+
+bool OpenVpnConfigModel::autoNegotiateEncryption() const
+{
+    return !m_protocolConfig.value(config_key::ncp_disable).toBool(protocols::openvpn::defaultNcpDisable);
+}
+
+void OpenVpnConfigModel::setAutoNegotiateEncryption(bool enabled)
+{
+    m_protocolConfig.insert(config_key::ncp_disable, !enabled);
+}
+
+QString OpenVpnConfigModel::hash() const
+{
+    return m_protocolConfig.value(config_key::hash).toString(protocols::openvpn::defaultHash);
+}
+
+void OpenVpnConfigModel::setHash(const QString &hash)
+{
+    m_protocolConfig.insert(config_key::hash, hash);
+}
+
+QString OpenVpnConfigModel::cipher() const
+{
+    return m_protocolConfig.value(config_key::cipher).toString(protocols::openvpn::defaultCipher);
+}
+
+void OpenVpnConfigModel::setCipher(const QString &cipher)
+{
+    m_protocolConfig.insert(config_key::cipher, cipher);
+}
+
+bool OpenVpnConfigModel::tlsAuth() const
+{
+    return m_protocolConfig.value(config_key::tls_auth).toBool(protocols::openvpn::defaultTlsAuth);
+}
+
+void OpenVpnConfigModel::setTlsAuth(bool enabled)
+{
+    m_protocolConfig.insert(config_key::tls_auth, enabled);
+}
+
+bool OpenVpnConfigModel::blockDns() const
+{
+    return m_protocolConfig.value(config_key::block_outside_dns).toBool(protocols::openvpn::defaultBlockOutsideDns);
+}
+
+void OpenVpnConfigModel::setBlockDns(bool enabled)
+{
+    m_protocolConfig.insert(config_key::block_outside_dns, enabled);
+}
+
+QString OpenVpnConfigModel::additionalClientCommands() const
+{
+    return m_protocolConfig.value(config_key::additional_client_config).toString(protocols::openvpn::defaultAdditionalClientConfig);
+}
+
+void OpenVpnConfigModel::setAdditionalClientCommands(const QString &commands)
+{
+    m_protocolConfig.insert(config_key::additional_client_config, commands);
+}
+
+QString OpenVpnConfigModel::additionalServerCommands() const
+{
+    return m_protocolConfig.value(config_key::additional_server_config).toString(protocols::openvpn::defaultAdditionalServerConfig);
+}
+
+void OpenVpnConfigModel::setAdditionalServerCommands(const QString &commands)
+{
+    m_protocolConfig.insert(config_key::additional_server_config, commands);
+}
+
+bool OpenVpnConfigModel::isPortEditable() const
+{
+    return m_container == DockerContainer::OpenVpn;
+}
+
+bool OpenVpnConfigModel::isTransportProtoEditable() const
+{
+    return m_container == DockerContainer::OpenVpn;
+}
+
+bool OpenVpnConfigModel::hasRemoveButton() const
+{
+    return m_container == DockerContainer::OpenVpn;
 }

 void OpenVpnConfigModel::updateModel(const QJsonObject &config)
 {
-    beginResetModel();
    m_container = ContainerProps::containerFromString(config.value(config_key::container).toString());

    m_fullConfig = config;
@@ -100,8 +156,6 @@ void OpenVpnConfigModel::updateModel(const QJsonObject &config)
    m_protocolConfig.insert(
            config_key::additional_server_config,
            protocolConfig.value(config_key::additional_server_config).toString(protocols::openvpn::defaultAdditionalServerConfig));
-
-    endResetModel();
 }

 QJsonObject OpenVpnConfigModel::getConfig()
@@ -109,26 +163,3 @@ QJsonObject OpenVpnConfigModel::getConfig()
    m_fullConfig.insert(config_key::openvpn, m_protocolConfig);
    return m_fullConfig;
 }
-
-QHash<int, QByteArray> OpenVpnConfigModel::roleNames() const
-{
-    QHash<int, QByteArray> roles;
-
-    roles[SubnetAddressRole] = "subnetAddress";
-    roles[TransportProtoRole] = "transportProto";
-    roles[PortRole] = "port";
-    roles[AutoNegotiateEncryprionRole] = "autoNegotiateEncryprion";
-    roles[HashRole] = "hash";
-    roles[CipherRole] = "cipher";
-    roles[TlsAuthRole] = "tlsAuth";
-    roles[BlockDnsRole] = "blockDns";
-    roles[AdditionalClientCommandsRole] = "additionalClientCommands";
-    roles[AdditionalServerCommandsRole] = "additionalServerCommands";
-
-    roles[IsPortEditable] = "isPortEditable";
-    roles[IsTransportProtoEditable] = "isTransportProtoEditable";
-
-    roles[HasRemoveButton] = "hasRemoveButton";
-
-    return roles;
-}
@@ -1,47 +1,90 @@
 #ifndef OPENVPNCONFIGMODEL_H
 #define OPENVPNCONFIGMODEL_H

-#include <QAbstractListModel>
+#include <QObject>
 #include <QJsonObject>

 #include "containers/containers_defs.h"

-class OpenVpnConfigModel : public QAbstractListModel
+class OpenVpnConfigModel : public QObject
 {
    Q_OBJECT
+    Q_PROPERTY(QString subnetAddress READ subnetAddress WRITE setSubnetAddress NOTIFY subnetAddressChanged)
+    Q_PROPERTY(QString transportProto READ transportProto WRITE setTransportProto NOTIFY transportProtoChanged)
+    Q_PROPERTY(QString port READ port WRITE setPort NOTIFY portChanged)
+    Q_PROPERTY(bool autoNegotiateEncryption READ autoNegotiateEncryption WRITE setAutoNegotiateEncryption NOTIFY autoNegotiateEncryptionChanged)
+    Q_PROPERTY(QString hash READ hash WRITE setHash NOTIFY hashChanged)
+    Q_PROPERTY(QString cipher READ cipher WRITE setCipher NOTIFY cipherChanged)
+    Q_PROPERTY(bool tlsAuth READ tlsAuth WRITE setTlsAuth NOTIFY tlsAuthChanged)
+    Q_PROPERTY(bool blockDns READ blockDns WRITE setBlockDns NOTIFY blockDnsChanged)
+    Q_PROPERTY(QString additionalClientCommands READ additionalClientCommands WRITE setAdditionalClientCommands NOTIFY additionalClientCommandsChanged)
+    Q_PROPERTY(QString additionalServerCommands READ additionalServerCommands WRITE setAdditionalServerCommands NOTIFY additionalServerCommandsChanged)
+    Q_PROPERTY(bool isPortEditable READ isPortEditable NOTIFY isPortEditableChanged)
+    Q_PROPERTY(bool isTransportProtoEditable READ isTransportProtoEditable NOTIFY isTransportProtoEditableChanged)
+    Q_PROPERTY(bool hasRemoveButton READ hasRemoveButton NOTIFY hasRemoveButtonChanged)

 public:
-    enum Roles {
-        SubnetAddressRole = Qt::UserRole + 1,
-        TransportProtoRole,
-        PortRole,
-        AutoNegotiateEncryprionRole,
-        HashRole,
-        CipherRole,
-        TlsAuthRole,
-        BlockDnsRole,
-        AdditionalClientCommandsRole,
-        AdditionalServerCommandsRole,
-
-        IsPortEditable,
-        IsTransportProtoEditable,
-
-        HasRemoveButton
-    };
-
    explicit OpenVpnConfigModel(QObject *parent = nullptr);
+    ~OpenVpnConfigModel() override = default;

-    int rowCount(const QModelIndex &parent = QModelIndex()) const override;
+    OpenVpnConfigModel(const OpenVpnConfigModel &) = delete;
+    OpenVpnConfigModel &operator=(const OpenVpnConfigModel &) = delete;
+    OpenVpnConfigModel(OpenVpnConfigModel &&) = delete;
+    OpenVpnConfigModel &operator=(OpenVpnConfigModel &&) = delete;

-    bool setData(const QModelIndex &index, const QVariant &value, int role) override;
-    QVariant data(const QModelIndex &index, int role = Qt::DisplayRole) const override;
+    QString subnetAddress() const;
+    void setSubnetAddress(const QString &subnetAddress);
+
+    QString transportProto() const;
+    void setTransportProto(const QString &transportProto);
+
+    QString port() const;
+    void setPort(const QString &port);
+
+    bool autoNegotiateEncryption() const;
+    void setAutoNegotiateEncryption(bool enabled);
+
+    QString hash() const;
+    void setHash(const QString &hash);
+
+    QString cipher() const;
+    void setCipher(const QString &cipher);
+
+    bool tlsAuth() const;
+    void setTlsAuth(bool enabled);
+
+    bool blockDns() const;
+    void setBlockDns(bool enabled);
+
+    QString additionalClientCommands() const;
+    void setAdditionalClientCommands(const QString &commands);
+    
+    QString additionalServerCommands() const;
+    void setAdditionalServerCommands(const QString &commands);
+
+    bool isPortEditable() const;
+    bool isTransportProtoEditable() const;
+    bool hasRemoveButton() const;
+
+    Q_INVOKABLE QJsonObject getConfig();
+
+signals:
+    void subnetAddressChanged(const QString &);
+    void transportProtoChanged(const QString &);
+    void portChanged(const QString &);
+    void autoNegotiateEncryptionChanged(bool);
+    void hashChanged(const QString &);
+    void cipherChanged(const QString &);
+    void tlsAuthChanged(bool);
+    void blockDnsChanged(bool);
+    void additionalClientCommandsChanged(const QString &);
+    void additionalServerCommandsChanged(const QString &);
+    void isPortEditableChanged(bool);
+    void isTransportProtoEditableChanged(bool);
+    void hasRemoveButtonChanged(bool);

 public slots:
    void updateModel(const QJsonObject &config);
-    QJsonObject getConfig();
-
-protected:
-    QHash<int, QByteArray> roleNames() const override;

 private:
    DockerContainer m_container;
@@ -20,6 +20,7 @@ bool XrayConfigModel::setData(const QModelIndex &index, const QVariant &value, i

    switch (role) {
    case Roles::SiteRole: m_protocolConfig.insert(config_key::site, value.toString()); break;
+    case Roles::PortRole: m_protocolConfig.insert(config_key::port, value.toString()); break;
    }

    emit dataChanged(index, index, QList { role });
@@ -34,6 +35,7 @@ QVariant XrayConfigModel::data(const QModelIndex &index, int role) const

    switch (role) {
    case Roles::SiteRole: return m_protocolConfig.value(config_key::site).toString(protocols::xray::defaultSite);
+    case Roles::PortRole: return m_protocolConfig.value(config_key::port).toString(protocols::xray::defaultPort);
    }

    return QVariant();
@@ -67,6 +69,7 @@ QHash<int, QByteArray> XrayConfigModel::roleNames() const
    QHash<int, QByteArray> roles;

    roles[SiteRole] = "site";
+    roles[PortRole] = "port";

    return roles;
 }
@@ -12,7 +12,8 @@ class XrayConfigModel : public QAbstractListModel

 public:
    enum Roles {
-        SiteRole
+        SiteRole,
+        PortRole
    };

    explicit XrayConfigModel(QObject *parent = nullptr);
@@ -8,6 +8,8 @@
    #include <AmneziaVPN-Swift.h>
 #endif

+#include "core/api/apiUtils.h"
+
 namespace
 {
    namespace configKey
@@ -66,6 +68,7 @@ bool ServersModel::setData(const QModelIndex &index, const QVariant &value, int
        } else {
            server.insert(config_key::description, value.toString());
        }
+        server.insert(config_key::nameOverriddenByUser, true);
        m_settings->editServer(index.row(), server);
        m_servers.replace(index.row(), server);
        if (index.row() == m_defaultServerIndex) {
@@ -348,6 +351,25 @@ void ServersModel::removeServer()
    endResetModel();
 }

+void ServersModel::removeServer(const int serverIndex)
+{
+    beginResetModel();
+    m_settings->removeServer(serverIndex);
+    m_servers = m_settings->serversArray();
+
+    if (m_settings->defaultServerIndex() == serverIndex) {
+        setDefaultServerIndex(0);
+    } else if (m_settings->defaultServerIndex() > serverIndex) {
+        setDefaultServerIndex(m_settings->defaultServerIndex() - 1);
+    }
+
+    if (m_settings->serversCount() == 0) {
+        setDefaultServerIndex(-1);
+    }
+    setProcessedServerIndex(m_defaultServerIndex);
+    endResetModel();
+}
+
 QHash<int, QByteArray> ServersModel::roleNames() const
 {
    QHash<int, QByteArray> roles;
@@ -407,7 +429,7 @@ void ServersModel::updateDefaultServerContainersModel()
    emit defaultServerContainersUpdated(containers);
 }

-QJsonObject ServersModel::getServerConfig(const int serverIndex)
+QJsonObject ServersModel::getServerConfig(const int serverIndex) const
 {
    return m_servers.at(serverIndex).toObject();
 }
@@ -794,3 +816,8 @@ const QString ServersModel::getDefaultServerImagePathCollapsed()
    }
    return QString("qrc:/countriesFlags/images/flagKit/%1.svg").arg(countryCode.toUpper());
 }
+
+bool ServersModel::processedServerIsPremium() const
+{
+    return apiUtils::isPremiumServer(getServerConfig(m_processedServerIndex));
+}
@@ -63,6 +63,9 @@ public:
    Q_PROPERTY(bool isDefaultServerFromApi READ isDefaultServerFromApi NOTIFY defaultServerIndexChanged)

    Q_PROPERTY(int processedIndex READ getProcessedServerIndex WRITE setProcessedServerIndex NOTIFY processedServerIndexChanged)
+    Q_PROPERTY(bool processedServerIsPremium READ processedServerIsPremium NOTIFY processedServerChanged)
+
+    bool processedServerIsPremium() const;

 public slots:
    void setDefaultServerIndex(const int index);
@@ -90,8 +93,9 @@ public slots:
    void addServer(const QJsonObject &server);
    void editServer(const QJsonObject &server, const int serverIndex);
    void removeServer();
+    void removeServer(const int serverIndex);

-    QJsonObject getServerConfig(const int serverIndex);
+    QJsonObject getServerConfig(const int serverIndex) const;

    void reloadDefaultServerContainerConfig();
    void updateContainerConfig(const int containerIndex, const QJsonObject config);
@@ -83,6 +83,16 @@ void SitesModel::removeSite(QModelIndex index)
    endRemoveRows();
 }

+void SitesModel::removeSites()
+{
+    beginResetModel();
+
+    m_settings->removeAllVpnSites(m_currentRouteMode);
+    fillSites();
+
+    endResetModel();
+}
+
 int SitesModel::getRouteMode()
 {
    return m_currentRouteMode;
@@ -28,6 +28,7 @@ public slots:
    bool addSite(const QString &hostname, const QString &ip);
    void addSites(const QMap<QString, QString> &sites, bool replaceExisting);
    void removeSite(QModelIndex index);
+    void removeSites();

    int getRouteMode();
    void setRouteMode(int routeMode);
@@ -0,0 +1,194 @@
+pragma ComponentBehavior: Bound
+
+import QtQuick
+import QtQuick.Controls
+import QtQuick.Layouts
+
+import QtCore
+
+import PageEnum 1.0
+import Style 1.0
+
+import "./"
+import "../Controls2"
+import "../Controls2/TextTypes"
+import "../Config"
+import "../Components"
+
+DrawerType2 {
+    id: root
+
+    expandedHeight: parent.height * 0.9
+
+    Connections {
+        target: ApiPremV1MigrationController
+
+        function onErrorOccurred(error, goToPageHome) {
+            PageController.showErrorMessage(error)
+            root.closeTriggered()
+        }
+    }
+
+    expandedStateContent: Item {
+        implicitHeight: root.expandedHeight
+
+        ListViewType {
+            id: listView
+
+            anchors.fill: parent
+
+            model: 1 // fake model to force the ListView to be created without a model
+            snapMode: ListView.NoSnap
+
+            header: ColumnLayout {
+                width: listView.width
+
+                Header2Type {
+                    id: header
+                    Layout.fillWidth: true
+                    Layout.topMargin: 20
+                    Layout.leftMargin: 16
+                    Layout.rightMargin: 16
+
+                    headerText: qsTr("Switch to the new Amnezia Premium subscription")
+                }
+            }
+
+            delegate: ColumnLayout {
+                width: listView.width
+
+                anchors.left: parent.left
+                anchors.right: parent.right
+                anchors.leftMargin: 16
+                anchors.rightMargin: 16
+
+                ParagraphTextType {
+                    Layout.fillWidth: true
+                    Layout.topMargin: 24
+                    Layout.bottomMargin: 24
+
+                    horizontalAlignment: Text.AlignLeft
+                    textFormat: Text.RichText
+                    text: {
+                        var str = qsTr("We'll preserve all remaining days of your current subscription and give you an extra month as a thank you. ")
+                        str += qsTr("This new subscription type will be actively developed with more locations and features added regularly. Currently available:")
+                        str += "<ul style='margin-left: -16px;'>"
+                        str += qsTr("<li>13 locations (with more coming soon)</li>")
+                        str += qsTr("<li>Easier switching between countries in the app</li>")
+                        str += qsTr("<li>Personal dashboard to manage your subscription</li>")
+                        str += "</ul>"
+                        str += qsTr("Old keys will be deactivated after switching.")
+                    }
+                }
+
+                TextFieldWithHeaderType {
+                    id: emailLabel
+                    Layout.fillWidth: true
+
+                    borderColor: AmneziaStyle.color.mutedGray
+                    headerTextColor: AmneziaStyle.color.paleGray
+
+                    headerText: qsTr("Email")
+                    textField.placeholderText: qsTr("mail@example.com")
+
+
+                    textField.onFocusChanged: {
+                        textField.text = textField.text.replace(/^\s+|\s+$/g, '')
+                    }
+
+                    Connections {
+                        target: ApiPremV1MigrationController
+
+                        function onNoSubscriptionToMigrate() {
+                            emailLabel.errorText = qsTr("No old format subscriptions for a given email")
+                        }
+                    }
+                }
+
+                CaptionTextType {
+                    Layout.fillWidth: true
+                    Layout.topMargin: 16
+
+                    color: AmneziaStyle.color.mutedGray
+
+                    text: qsTr("Enter the email you used for your current subscription")
+                }
+
+                ApiPremV1SubListDrawer {
+                    id: apiPremV1SubListDrawer
+                    parent: root
+
+                    anchors.fill: parent
+                }
+
+                OtpCodeDrawer {
+                    id: otpCodeDrawer
+                    parent: root
+
+                    anchors.fill: parent
+                }
+
+                BasicButtonType {
+                    id: yesButton
+                    Layout.fillWidth: true
+                    Layout.topMargin: 32
+
+                    text: qsTr("Continue")
+
+                    clickedFunc: function() {
+                        PageController.showBusyIndicator(true)
+                        ApiPremV1MigrationController.getSubscriptionList(emailLabel.textField.text)
+                        PageController.showBusyIndicator(false)
+                    }
+                }
+
+                BasicButtonType {
+                    id: noButton
+                    Layout.fillWidth: true
+
+                    defaultColor: AmneziaStyle.color.transparent
+                    hoveredColor: AmneziaStyle.color.translucentWhite
+                    pressedColor: AmneziaStyle.color.sheerWhite
+                    disabledColor: AmneziaStyle.color.mutedGray
+                    textColor: AmneziaStyle.color.paleGray
+                    borderWidth: 1
+
+                    text: qsTr("Remind me later")
+
+                    clickedFunc: function() {
+                        root.closeTriggered()
+                    }
+                }
+
+                BasicButtonType {
+                    Layout.alignment: Qt.AlignHCenter
+                    Layout.topMargin: 32
+                    Layout.bottomMargin: 32
+                    implicitHeight: 32
+
+                    defaultColor: "transparent"
+                    hoveredColor: AmneziaStyle.color.translucentWhite
+                    pressedColor: AmneziaStyle.color.sheerWhite
+                    textColor: AmneziaStyle.color.vibrantRed
+
+                    text: qsTr("Don't remind me again")
+
+                    clickedFunc: function() {
+                        var headerText = qsTr("No more reminders? You can always switch to the new format in the server settings")
+                        var yesButtonText = qsTr("Continue")
+                        var noButtonText = qsTr("Cancel")
+
+                        var yesButtonFunction = function() {
+                            ApiPremV1MigrationController.disablePremV1MigrationReminder()
+                            root.closeTriggered()
+                        }
+                        var noButtonFunction = function() {
+                        }
+
+                        showQuestionDrawer(headerText, "", yesButtonText, noButtonText, yesButtonFunction, noButtonFunction)
+                    }
+                }
+            }
+        }
+    }
+}
@@ -0,0 +1,89 @@
+import QtQuick
+import QtQuick.Controls
+import QtQuick.Layouts
+
+import Style 1.0
+
+import "../Controls2"
+import "../Controls2/TextTypes"
+import "../Config"
+
+DrawerType2 {
+    id: root
+
+    Connections {
+        target: ApiPremV1MigrationController
+
+        function onSubscriptionsModelChanged() {
+            if (ApiPremV1MigrationController.subscriptionsModel.length > 1) {
+                root.openTriggered()
+            } else {
+                sendMigrationCode(0)
+            }
+        }
+    }
+
+    function sendMigrationCode(index) {
+        PageController.showBusyIndicator(true)
+        ApiPremV1MigrationController.sendMigrationCode(index)
+        root.closeTriggered()
+        PageController.showBusyIndicator(false)
+    }
+
+    expandedHeight: parent.height * 0.9
+
+    expandedStateContent: Item {
+        implicitHeight: root.expandedHeight
+
+        ListViewType {
+            id: listView
+
+            anchors.fill: parent
+
+            model: ApiPremV1MigrationController.subscriptionsModel
+
+            header: ColumnLayout {
+                width: listView.width
+
+                Header2Type {
+                    id: header
+                    Layout.fillWidth: true
+                    Layout.topMargin: 20
+                    Layout.leftMargin: 16
+                    Layout.rightMargin: 16
+
+                    headerText: qsTr("Choose Subscription")
+                }
+            }
+
+            delegate: Item {
+                implicitWidth: listView.width
+                implicitHeight: delegateContent.implicitHeight
+
+                ColumnLayout {
+                    id: delegateContent
+
+                    anchors.top: parent.top
+                    anchors.left: parent.left
+                    anchors.right: parent.right
+
+                    LabelWithButtonType {
+                        id: server
+                        Layout.fillWidth: true
+
+                        text: qsTr("Order ID: ") + modelData.id
+
+                        descriptionText: qsTr("Purchase Date: ") +  Qt.formatDateTime(new Date(modelData.created_at), "dd.MM.yyyy hh:mm")
+                        rightImageSource: "qrc:/images/controls/chevron-right.svg"
+
+                        clickedFunction: function() {
+                            sendMigrationCode(index)
+                        }
+                    }
+
+                    DividerType {}
+                }
+            }
+        }
+    }
+}
@@ -0,0 +1,15 @@
+pragma ComponentBehavior: Bound
+
+import QtQuick
+import QtQuick.Layouts
+
+import "../Controls2"
+
+TextFieldWithHeaderType {
+    Layout.fillWidth: true
+    Layout.topMargin: 16
+
+    textField.validator: IntValidator { bottom: 0 }
+
+    checkEmptyText: true
+}
@@ -10,8 +10,7 @@ import ProtocolEnum 1.0
 import "../Controls2"
 import "../Controls2/TextTypes"

-
-ListView {
+ListViewType {
    id: menuContent

    property var rootWidth
@@ -21,13 +20,6 @@ ListView {
    anchors.top: parent.top
    anchors.bottom: parent.bottom

-    clip: true
-    snapMode: ListView.SnapToItem
-
-    ScrollBar.vertical: ScrollBarType {}
-
-    property bool isFocusable: true
-
    ButtonGroup {
        id: containersRadioButtonGroup
    }
@@ -1,97 +1,97 @@
-import QtQuick
-import QtQuick.Controls
-import QtQuick.Layouts
-
-import PageEnum 1.0
-
-import "../Controls2"
-import "../Controls2/TextTypes"
-import "../Config"
-
-DrawerType2 {
-    id: root
-
-    property bool isAppSplitTinnelingEnabled: Qt.platform.os === "windows" || Qt.platform.os === "android"
-
-    anchors.fill: parent
-    expandedHeight: parent.height * 0.9
-
-    expandedStateContent: ColumnLayout {
-        id: content
-
-        anchors.top: parent.top
-        anchors.left: parent.left
-        anchors.right: parent.right
-        spacing: 0
-
-        Header2Type {
-            Layout.fillWidth: true
-            Layout.topMargin: 24
-            Layout.rightMargin: 16
-            Layout.leftMargin: 16
-            Layout.bottomMargin: 16
-
-            headerText: qsTr("Split tunneling")
-            descriptionText:  qsTr("Allows you to connect to some sites or applications through a VPN connection and bypass others")
-        }
-
-        LabelWithButtonType {
-            id: splitTunnelingSwitch
-            Layout.fillWidth: true
-            Layout.topMargin: 16
-
-            visible: ServersModel.isDefaultServerDefaultContainerHasSplitTunneling
-
-            text: qsTr("Split tunneling on the server")
-            descriptionText: qsTr("Enabled \nCan't be disabled for current server")
-            rightImageSource: "qrc:/images/controls/chevron-right.svg"
-
-            clickedFunction: function() {
-               PageController.goToPage(PageEnum.PageSettingsSplitTunneling)
-               root.closeTriggered()
-            }
-        }
-
-        DividerType {
-            visible: ServersModel.isDefaultServerDefaultContainerHasSplitTunneling
-        }
-
-        LabelWithButtonType {
-            id: siteBasedSplitTunnelingSwitch
-            Layout.fillWidth: true
-            Layout.topMargin: 16
-
-            text: qsTr("Site-based split tunneling")
-            descriptionText: enabled && SitesModel.isTunnelingEnabled ? qsTr("Enabled") : qsTr("Disabled")
-            rightImageSource: "qrc:/images/controls/chevron-right.svg"
-
-            clickedFunction: function() {
-                PageController.goToPage(PageEnum.PageSettingsSplitTunneling)
-                root.closeTriggered()
-            }
-        }
-
-        DividerType {
-        }
-
-        LabelWithButtonType {
-            id: appSplitTunnelingSwitch
-            visible: isAppSplitTinnelingEnabled
-
-            Layout.fillWidth: true
-
-            text: qsTr("App-based split tunneling")
-            descriptionText: AppSplitTunnelingModel.isTunnelingEnabled ? qsTr("Enabled") : qsTr("Disabled")
-            rightImageSource: "qrc:/images/controls/chevron-right.svg"
-
-            clickedFunction: function() {
-                PageController.goToPage(PageEnum.PageSettingsAppSplitTunneling)
-                root.closeTriggered()
-            }
-        }
-
-        DividerType {
-            visible: isAppSplitTinnelingEnabled
-        }
-    }
-}
+import QtQuick
+import QtQuick.Controls
+import QtQuick.Layouts
+
+import PageEnum 1.0
+
+import "../Controls2"
+import "../Controls2/TextTypes"
+import "../Config"
+
+DrawerType2 {
+    id: root
+
+    property bool isAppSplitTinnelingEnabled: Qt.platform.os === "windows" || Qt.platform.os === "android"
+
+    anchors.fill: parent
+    expandedHeight: parent.height * 0.9
+
+    expandedStateContent: ColumnLayout {
+        id: content
+
+        anchors.top: parent.top
+        anchors.left: parent.left
+        anchors.right: parent.right
+        spacing: 0
+
+        Header2Type {
+            Layout.fillWidth: true
+            Layout.topMargin: 24
+            Layout.rightMargin: 16
+            Layout.leftMargin: 16
+            Layout.bottomMargin: 16
+
+            headerText: qsTr("Split tunneling")
+            descriptionText:  qsTr("Allows you to connect to some sites or applications through a VPN connection and bypass others")
+        }
+
+        LabelWithButtonType {
+            id: splitTunnelingSwitch
+            Layout.fillWidth: true
+            Layout.topMargin: 16
+
+            visible: ServersModel.isDefaultServerDefaultContainerHasSplitTunneling
+
+            text: qsTr("Split tunneling on the server")
+            descriptionText: qsTr("Enabled \nCan't be disabled for current server")
+            rightImageSource: "qrc:/images/controls/chevron-right.svg"
+
+            clickedFunction: function() {
+                PageController.goToPage(PageEnum.PageSettingsSplitTunneling)
+                root.closeTriggered()
+            }
+        }
+
+        DividerType {
+            visible: ServersModel.isDefaultServerDefaultContainerHasSplitTunneling
+        }
+
+        LabelWithButtonType {
+            id: siteBasedSplitTunnelingSwitch
+            Layout.fillWidth: true
+            Layout.topMargin: 16
+
+            text: qsTr("Site-based split tunneling")
+            descriptionText: enabled && SitesModel.isTunnelingEnabled ? qsTr("Enabled") : qsTr("Disabled")
+            rightImageSource: "qrc:/images/controls/chevron-right.svg"
+
+            clickedFunction: function() {
+                PageController.goToPage(PageEnum.PageSettingsSplitTunneling)
+                root.closeTriggered()
+            }
+        }
+
+        DividerType {
+        }
+
+        LabelWithButtonType {
+            id: appSplitTunnelingSwitch
+            visible: isAppSplitTinnelingEnabled
+
+            Layout.fillWidth: true
+
+            text: qsTr("App-based split tunneling")
+            descriptionText: AppSplitTunnelingModel.isTunnelingEnabled ? qsTr("Enabled") : qsTr("Disabled")
+            rightImageSource: "qrc:/images/controls/chevron-right.svg"
+
+            clickedFunction: function() {
+                PageController.goToPage(PageEnum.PageSettingsAppSplitTunneling)
+                root.closeTriggered()
+            }
+        }
+
+        DividerType {
+            visible: isAppSplitTinnelingEnabled
+        }
+    }
+}
@@ -57,7 +57,7 @@ DrawerType2 {
                headerText: qsTr("Choose application")
            }

-            ListView {
+            ListViewType {
                id: listView

                Layout.fillWidth: true
@@ -66,11 +66,6 @@ DrawerType2 {
                Layout.rightMargin: 16
                Layout.leftMargin: 16

-                clip: true
-                interactive: true
-
-                property bool isFocusable: true
-
                model: SortFilterProxyModel {
                    id: proxyInstalledAppsModel
                    sourceModel: installedAppsModel
@@ -81,44 +76,35 @@ DrawerType2 {
                    }
                }

-                ScrollBar.vertical: ScrollBarType {}
-
                ButtonGroup {
                    id: buttonGroup
                }

-                delegate: Item {
-                    implicitWidth: root.width
-                    implicitHeight: delegateContent.implicitHeight
+                delegate: ColumnLayout {
+                    width: listView.width

-                    ColumnLayout {
-                        id: delegateContent
+                    RowLayout {
+                        CheckBoxType {
+                            Layout.fillWidth: true

-                        anchors.fill: parent
-
-                        RowLayout {
-                            CheckBoxType {
-                                Layout.fillWidth: true
-
-                                text: appName
-                                checked: isAppSelected
-                                onCheckedChanged: {
-                                    installedAppsModel.selectedStateChanged(proxyInstalledAppsModel.mapToSource(index), checked)
-                                }
-                            }
-
-                            Image {
-                                source: "image://installedAppImage/" + appIcon
-
-                                sourceSize.width: 24
-                                sourceSize.height: 24
-
-                                Layout.rightMargin: 48
+                            text: appName
+                            checked: isAppSelected
+                            onCheckedChanged: {
+                                installedAppsModel.selectedStateChanged(proxyInstalledAppsModel.mapToSource(index), checked)
                            }
                        }

-                        DividerType {}
+                        Image {
+                            source: "image://installedAppImage/" + appIcon
+
+                            sourceSize.width: 24
+                            sourceSize.height: 24
+
+                            Layout.rightMargin: 48
+                        }
                    }
+
+                    DividerType {}
                }
            }
        }
@@ -0,0 +1,77 @@
+pragma ComponentBehavior: Bound
+
+import QtQuick
+import QtQuick.Controls
+import QtQuick.Layouts
+
+import Style 1.0
+
+import "../Controls2"
+import "../Controls2/TextTypes"
+
+import "../Config"
+
+DrawerType2 {
+    id: root
+
+    Connections {
+        target: ApiPremV1MigrationController
+
+        function onOtpSuccessfullySent() {
+            root.openTriggered()
+        }
+    }
+
+    expandedHeight: parent.height * 0.6
+
+    expandedStateContent: Item {
+        implicitHeight: root.expandedHeight
+
+        ColumnLayout {
+
+            anchors.top: parent.top
+            anchors.left: parent.left
+            anchors.right: parent.right
+            anchors.leftMargin: 16
+            anchors.rightMargin: 16
+            spacing: 0
+
+            Header2Type {
+                id: header
+                Layout.fillWidth: true
+                Layout.topMargin: 20
+
+                headerText: qsTr("OTP code was sent to your email")
+            }
+
+            TextFieldWithHeaderType {
+                id: otpFiled
+
+                borderColor: AmneziaStyle.color.mutedGray
+                headerTextColor: AmneziaStyle.color.paleGray
+
+                Layout.fillWidth: true
+                Layout.topMargin: 16
+                headerText: qsTr("OTP Code")
+                textField.maximumLength: 30
+                checkEmptyText: true
+            }
+
+            BasicButtonType {
+                id: saveButton
+
+                Layout.fillWidth: true
+                Layout.topMargin: 16
+
+                text: qsTr("Continue")
+
+                clickedFunc: function() {
+                    PageController.showBusyIndicator(true)
+                    ApiPremV1MigrationController.migrate(otpFiled.textField.text)
+                    PageController.showBusyIndicator(false)
+                    root.closeTriggered()
+                }
+            }
+        }
+    }
+}
@@ -1,3 +1,5 @@
+pragma ComponentBehavior: Bound
+
 import QtQuick
 import QtQuick.Controls
 import QtQuick.Layouts
@@ -39,7 +41,7 @@ DrawerType2 {
            Layout.rightMargin: 16
            Layout.leftMargin: 16

-            text: headerText
+            text: root.headerText
        }

        ParagraphTextType {
@@ -48,7 +50,7 @@ DrawerType2 {
            Layout.rightMargin: 16
            Layout.leftMargin: 16

-            text: descriptionText
+            text: root.descriptionText
        }

        BasicButtonType {
@@ -58,11 +60,11 @@ DrawerType2 {
            Layout.rightMargin: 16
            Layout.leftMargin: 16

-            text: yesButtonText
+            text: root.yesButtonText

            clickedFunc: function() {
-                if (yesButtonFunction && typeof yesButtonFunction === "function") {
-                    yesButtonFunction()
+                if (root.yesButtonFunction && typeof root.yesButtonFunction === "function") {
+                    root.yesButtonFunction()
                }
            }
        }
@@ -80,11 +82,13 @@ DrawerType2 {
            textColor: AmneziaStyle.color.paleGray
            borderWidth: 1

-            text: noButtonText
+            visible: root.noButtonText !== ""
+
+            text: root.noButtonText

            clickedFunc: function() {
-                if (noButtonFunction && typeof noButtonFunction === "function") {
-                    noButtonFunction()
+                if (root.noButtonFunction && typeof root.noButtonFunction === "function") {
+                    root.noButtonFunction()
                }
            }
        }
@@ -49,7 +49,7 @@ DrawerType2 {
            }
        }

-        ListView {
+        ListViewType {
            id: listView

            anchors.top: backButtonLayout.bottom
@@ -57,14 +57,8 @@ DrawerType2 {
            anchors.right: parent.right
            anchors.bottom: parent.bottom

-            property bool isFocusable: true
            property int selectedIndex: LanguageModel.currentLanguageIndex

-            clip: true
-            reuseItems: true
-
-            ScrollBar.vertical: ScrollBarType {}
-
            model: LanguageModel

            ButtonGroup {
@@ -15,7 +15,7 @@ import "../Controls2"
 import "../Controls2/TextTypes"
 import "../Config"

-ListView {
+ListViewType {
    id: root

    property int selectedIndex: ServersModel.defaultIndex
@@ -28,10 +28,6 @@ ListView {

    model: ServersModel

-    ScrollBar.vertical: ScrollBarType {}
-
-    property bool isFocusable: true
-
    Connections {
        target: ServersModel
        function onDefaultServerIndexChanged(serverIndex) {
@@ -39,9 +35,6 @@ ListView {
        }
    }

-    clip: true
-    reuseItems: true
-
    delegate: Item {
        id: menuContentDelegate
        objectName: "menuContentDelegate"
@@ -13,78 +13,64 @@ import "../Controls2"
 import "../Controls2/TextTypes"


-ListView {
+ListViewType {
    id: root

-    width: parent.width
-    height: root.contentItem.height
+    anchors.fill: parent

-    clip: true
-    reuseItems: true
+    delegate: ColumnLayout {
+        width: root.width

-    property bool isFocusable: false
+        LabelWithButtonType {
+            Layout.fillWidth: true

-    delegate: Item {
-        implicitWidth: root.width
-        implicitHeight: delegateContent.implicitHeight
+            text: name
+            descriptionText: description
+            rightImageSource: isInstalled ? "qrc:/images/controls/chevron-right.svg" : "qrc:/images/controls/download.svg"

-        ColumnLayout {
-            id: delegateContent
+            clickedFunction: function() {
+                if (isInstalled) {
+                    var containerIndex = root.model.mapToSource(index)
+                    ContainersModel.setProcessedContainerIndex(containerIndex)

-            anchors.fill: parent
-
-            LabelWithButtonType {
-                id: containerRadioButton
-                implicitWidth: parent.width
-
-                text: name
-                descriptionText: description
-                rightImageSource: isInstalled ? "qrc:/images/controls/chevron-right.svg" : "qrc:/images/controls/download.svg"
-
-                clickedFunction: function() {
-                    if (isInstalled) {
-                        var containerIndex = root.model.mapToSource(index)
-                        ContainersModel.setProcessedContainerIndex(containerIndex)
-
-                        if (serviceType !== ProtocolEnum.Other) {
-                            if (config[ContainerProps.containerTypeToString(containerIndex)]["isThirdPartyConfig"]) {
-                                ProtocolsModel.updateModel(config)
-                                PageController.goToPage(PageEnum.PageProtocolRaw)
-                                return
-                            }
-                        }
-
-                        switch (containerIndex) {
-                        case ContainerEnum.Ipsec: {
+                    if (serviceType !== ProtocolEnum.Other) {
+                        if (config[ContainerProps.containerTypeToString(containerIndex)]["isThirdPartyConfig"]) {
                            ProtocolsModel.updateModel(config)
                            PageController.goToPage(PageEnum.PageProtocolRaw)
-                            break
+                            return
                        }
-                        case ContainerEnum.Dns: {
-                            PageController.goToPage(PageEnum.PageServiceDnsSettings)
-                            break
-                        }
-                        default: {
-                            ProtocolsModel.updateModel(config)
-                            PageController.goToPage(PageEnum.PageSettingsServerProtocol)
-                        }
-                        }
-
-                    } else {
-                        ContainersModel.setProcessedContainerIndex(root.model.mapToSource(index))
-                        InstallController.setShouldCreateServer(false)
-                        PageController.goToPage(PageEnum.PageSetupWizardProtocolSettings)
                    }
-                }

-                MouseArea {
-                    anchors.fill: parent
-                    cursorShape: Qt.PointingHandCursor
-                    enabled: false
+                    switch (containerIndex) {
+                    case ContainerEnum.Ipsec: {
+                        ProtocolsModel.updateModel(config)
+                        PageController.goToPage(PageEnum.PageProtocolRaw)
+                        break
+                    }
+                    case ContainerEnum.Dns: {
+                        PageController.goToPage(PageEnum.PageServiceDnsSettings)
+                        break
+                    }
+                    default: {
+                        ProtocolsModel.updateModel(config)
+                        PageController.goToPage(PageEnum.PageSettingsServerProtocol)
+                    }
+                    }
+
+                } else {
+                    ContainersModel.setProcessedContainerIndex(root.model.mapToSource(index))
+                    InstallController.setShouldCreateServer(false)
+                    PageController.goToPage(PageEnum.PageSetupWizardProtocolSettings)
                }
            }

-            DividerType {}
+            MouseArea {
+                anchors.fill: parent
+                cursorShape: Qt.PointingHandCursor
+                enabled: false
+            }
        }
+
+        DividerType {}
    }
 }
--- a/Show More
+++ b/Show More