feat: update support arm 64 server

* fix: app freeze on quit

* fix: typo in VpnConnection destructor

* add trace info

* add more trace info

* set timelimit for flushDns

* Refactor IpcClient::Interface access logic

* cleanup unused variable

* cleanup trace info

* fix: remove second disconnect from VPN on app close

* this object will be deleted at app close

* Don't terminate VPN thread on Linux

* Revert "Don't terminate VPN thread on Linux"

This reverts commit 20e4ea2d4a.

* disconnect all signals from vpnconnection on exit

* add interruption request on vpnConnectionThread

* use checktimer only for iOS

* disconnect all signals from vpnconnection on exit

* disconnect signals on exit before VPN disconnect

* add disconnectSlots method

* fix: add allow traffic rules on killswitch disable

* wait for response from service before object destroy

* change disconnect from vpn order

* add delay for connection close

* change disconnect method order

* use stop method for protocol disconnecect

* change disconnect method order

* allow dns traffic after app close

* delete tun on disconnect

---------

Co-authored-by: vkamn <vk@amnezia.org>

.github/workflows/deploy.yml

@@ -44,6 +44,13 @@ jobs:
         submodules: 'true'
         fetch-depth: 10
 
+    - name: 'Get version from CMakeLists.txt'
+      id: get_version
+      run: |
+        VERSION=$(grep 'set(AMNEZIAVPN_VERSION' CMakeLists.txt | sed -E 's/.*AMNEZIAVPN_VERSION ([0-9]+.[0-9]+.[0-9]+.[0-9]+)\)/\1/')
+        echo "VERSION=$VERSION" >> $GITHUB_ENV
+        echo "Version: $VERSION"
+
     - name: 'Setup ccache'
       uses: hendrikmuhs/ccache-action@v1.2
 
@@ -55,13 +62,13 @@ jobs:
         bash deploy/build_linux.sh
 
     - name: 'Pack installer'
-      run: cd deploy && tar -cf AmneziaVPN_Linux_Installer.tar AmneziaVPN_Linux_Installer.bin
+      run: cd deploy && tar -cf AmneziaVPN_Linux_Installer.tar AmneziaVPN_Linux_Installer.bin && zip AmneziaVPN_${VERSION}_linux_x64.tar.zip AmneziaVPN_Linux_Installer.tar
 
     - name: 'Upload installer artifact'
       uses: actions/upload-artifact@v4
       with:
-        name: AmneziaVPN_Linux_installer.tar
+        name: AmneziaVPN_${{ env.VERSION }}_linux_x64.tar.zip
-        path: deploy/AmneziaVPN_Linux_Installer.tar
+        path: deploy/AmneziaVPN_${{ env.VERSION }}_linux_x64.tar.zip
         retention-days: 7
 
     - name: 'Upload unpacked artifact'
@@ -102,6 +109,14 @@ jobs:
         submodules: 'true'
         fetch-depth: 10
 
+    - name: 'Get version from CMakeLists.txt'
+      id: get_version
+      shell: bash
+      run: |
+        VERSION=$(grep 'set(AMNEZIAVPN_VERSION' CMakeLists.txt | sed -E 's/.*AMNEZIAVPN_VERSION ([0-9]+.[0-9]+.[0-9]+.[0-9]+)\)/\1/')
+        echo "VERSION=$VERSION" >> $GITHUB_ENV
+        echo "Version: $VERSION"
+
     - name: 'Setup ccache'
       uses: hendrikmuhs/ccache-action@v1.2
 
@@ -117,6 +132,8 @@ jobs:
         setup-python: 'true'
         tools: 'tools_ifw'
         set-env: 'true'
+        aqtversion: '==3.1.21'
+        py7zrversion: '==0.22.*'
         extra: '--external 7z --base ${{ env.QT_MIRROR }}'
 
     - name: 'Setup mvsc'
@@ -128,15 +145,20 @@ jobs:
       shell: cmd
       run: |
         set BUILD_ARCH=${{ env.BUILD_ARCH }}
-        set QT_BIN_DIR="${{ runner.temp }}\\Qt\\${{ env.QT_VERSION }}\\msvc2019_64\\bin"
+        set "QT_BIN_DIR=${{ runner.temp }}\Qt\${{ env.QT_VERSION }}\msvc2019_64\bin"
-        set QIF_BIN_DIR="${{ runner.temp }}\\Qt\\Tools\\QtInstallerFramework\\${{ env.QIF_VERSION }}\\bin"
+        set "QIF_BIN_DIR=${{ runner.temp }}\Qt\Tools\QtInstallerFramework\${{ env.QIF_VERSION }}\bin"
-        call deploy\\build_windows.bat
+        call deploy\build_windows.bat
+
+    - name: 'Rename Windows installer'
+      shell: cmd
+      run: |
+        copy AmneziaVPN_x${{ env.BUILD_ARCH }}.exe AmneziaVPN_%VERSION%_x${{ env.BUILD_ARCH }}.exe
 
     - name: 'Upload installer artifact'
       uses: actions/upload-artifact@v4
       with:
-        name: AmneziaVPN_Windows_installer
+        name: AmneziaVPN_${{ env.VERSION }}_x${{ env.BUILD_ARCH }}.exe
-        path: AmneziaVPN_x${{ env.BUILD_ARCH }}.exe
+        path: AmneziaVPN_${{ env.VERSION }}_x${{ env.BUILD_ARCH }}.exe
         retention-days: 7
 
     - name: 'Upload unpacked artifact'
@@ -146,6 +168,136 @@ jobs:
         path: deploy\\build_${{ env.BUILD_ARCH }}\\client\\Release
         retention-days: 7
 
+# ------------------------------------------------------
+
+  Build-Windows-ARM64:
+    runs-on: windows-latest
+
+    env:
+      QT_VERSION: 6.8.3
+      QIF_VERSION: 4.7
+      BUILD_ARCH: arm64
+      PROD_AGW_PUBLIC_KEY: ${{ secrets.PROD_AGW_PUBLIC_KEY }}
+      PROD_S3_ENDPOINT: ${{ secrets.PROD_S3_ENDPOINT }}
+      DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }}
+      DEV_AGW_ENDPOINT: ${{ secrets.DEV_AGW_ENDPOINT }}
+      DEV_S3_ENDPOINT: ${{ secrets.DEV_S3_ENDPOINT }}
+      FREE_V2_ENDPOINT: ${{ secrets.FREE_V2_ENDPOINT }}
+      PREM_V1_ENDPOINT: ${{ secrets.PREM_V1_ENDPOINT }}
+
+    steps:
+    - name: 'Get sources'
+      uses: actions/checkout@v4
+      with:
+        submodules: 'true'
+        fetch-depth: 10
+
+    - name: 'Get 3rd-prebuilt'
+      shell: bash
+      run: |
+        rm -rf client/3rd-prebuilt
+
+    - name: 'Checkout 3rd-prebuilt'
+      uses: actions/checkout@v4
+      with:
+        repository: amnezia-vpn/3rd-prebuilt
+        ref: feature/add-support-arm64
+        path: client/3rd-prebuilt
+
+    - name: 'Get version from CMakeLists.txt'
+      id: get_version
+      shell: bash
+      run: |
+        VERSION=$(grep 'set(AMNEZIAVPN_VERSION' CMakeLists.txt | sed -E 's/.*AMNEZIAVPN_VERSION ([0-9]+.[0-9]+.[0-9]+.[0-9]+)\)/\1/')
+        echo "VERSION=$VERSION" >> $GITHUB_ENV
+        echo "Version: $VERSION"
+
+    - name: 'Setup ccache'
+      uses: hendrikmuhs/ccache-action@v1.2
+
+    - name: 'Cleanup Qt directory'
+      shell: pwsh
+      run: |
+        $baseDir = "${{ runner.temp }}"
+        $qtVersion = "${{ env.QT_VERSION }}"
+        # Handle both path formats (with \ and /)
+        $paths = @(
+          "$baseDir\Qt\$qtVersion\msvc2022_64",
+          "$baseDir/Qt/$qtVersion/msvc2022_64",
+          "$baseDir\Qt\$qtVersion\msvc2022_arm64",
+          "$baseDir/Qt/$qtVersion/msvc2022_arm64"
+        )
+        foreach ($path in $paths) {
+          if (Test-Path $path) {
+            Write-Host "Removing $path..."
+            Remove-Item -Path $path -Recurse -Force -ErrorAction SilentlyContinue
+          }
+        }
+
+    - name: 'Install Qt Desktop (host for cross-compilation)'
+      uses: jurplel/install-qt-action@v3
+      with:
+        version: ${{ env.QT_VERSION }}
+        host: 'windows'
+        target: 'desktop'
+        arch: 'win64_msvc2022_64'
+        modules: 'qtremoteobjects qt5compat qtshadertools'
+        dir: ${{ runner.temp }}
+        setup-python: 'true'
+        set-env: 'false'
+        aqtversion: '==3.3.0'
+        py7zrversion: '==0.22.*'
+        extra: '--base ${{ env.QT_MIRROR }}'
+
+    - name: 'Install Qt ARM64'
+      uses: jurplel/install-qt-action@v3
+      with:
+        version: ${{ env.QT_VERSION }}
+        host: 'windows'
+        target: 'desktop'
+        arch: 'win64_msvc2022_arm64_cross_compiled'
+        modules: 'qtremoteobjects qt5compat qtshadertools'
+        dir: ${{ runner.temp }}
+        setup-python: 'true'
+        tools: 'tools_ifw'
+        set-env: 'false'
+        aqtversion: '==3.3.0'
+        py7zrversion: '==0.22.*'
+        extra: '--external 7z --base ${{ env.QT_MIRROR }}'
+
+    - name: 'Setup mvsc'
+      uses: ilammy/msvc-dev-cmd@v1
+      with:
+        arch: 'x64_arm64'
+
+    - name: 'Build project'
+      shell: cmd
+      run: |
+        set BUILD_ARCH=${{ env.BUILD_ARCH }}
+        set "QT_BIN_DIR=${{ runner.temp }}\Qt\${{ env.QT_VERSION }}\msvc2022_arm64\bin"
+        set "QT_HOST_PATH=${{ runner.temp }}\Qt\${{ env.QT_VERSION }}\msvc2022_64"
+        set "QT_HOST_BIN_DIR=${{ runner.temp }}\Qt\${{ env.QT_VERSION }}\msvc2022_64\bin"
+        set "QIF_BIN_DIR=${{ runner.temp }}\Qt\Tools\QtInstallerFramework\${{ env.QIF_VERSION }}\bin"
+        call deploy\build_windows.bat
+
+    - name: 'Rename Windows installer'
+      shell: cmd
+      run: |
+        copy AmneziaVPN_x${{ env.BUILD_ARCH }}.exe AmneziaVPN_%VERSION%_x${{ env.BUILD_ARCH }}.exe
+
+    - name: 'Upload installer artifact'
+      uses: actions/upload-artifact@v4
+      with:
+        name: AmneziaVPN_${{ env.VERSION }}_x${{ env.BUILD_ARCH }}.exe
+        path: AmneziaVPN_${{ env.VERSION }}_x${{ env.BUILD_ARCH }}.exe
+        retention-days: 7
+
+    - name: 'Upload unpacked artifact'
+      uses: actions/upload-artifact@v4
+      with:
+        name: AmneziaVPN_Windows_ARM64_unpacked
+        path: deploy\\build_${{ env.BUILD_ARCH }}\\client\\Release
+        retention-days: 7
 # ------------------------------------------------------
 
   Build-iOS:
@@ -380,6 +532,13 @@ jobs:
         submodules: 'true'
         fetch-depth: 10
 
+    - name: 'Get version from CMakeLists.txt'
+      id: get_version
+      run: |
+        VERSION=$(grep 'set(AMNEZIAVPN_VERSION' CMakeLists.txt | sed -E 's/.*AMNEZIAVPN_VERSION ([0-9]+.[0-9]+.[0-9]+.[0-9]+)\)/\1/')
+        echo "VERSION=$VERSION" >> $GITHUB_ENV
+        echo "Version: $VERSION"
+
     - name: 'Setup ccache'
       uses: hendrikmuhs/ccache-action@v1.2
 
@@ -388,11 +547,17 @@ jobs:
         export QT_BIN_DIR="${{ runner.temp }}/Qt/${{ env.QT_VERSION }}/macos/bin"
         bash deploy/build_macos.sh -n
 
+    - name: 'Pack macOS installer'
+      run: |
+        cd deploy/build/pkg
+        zip -r ../../AmneziaVPN_${VERSION}_macos.zip AmneziaVPN.pkg
+        cd ../../..
+
     - name: 'Upload installer artifact'
       uses: actions/upload-artifact@v4
       with:
-        name: AmneziaVPN_MacOS_installer
+        name: AmneziaVPN_${{ env.VERSION }}_macos.zip
-        path: deploy/build/pkg/AmneziaVPN.pkg
+        path: deploy/AmneziaVPN_${{ env.VERSION }}_macos.zip
         retention-days: 7
 
     - name: 'Upload unpacked artifact'
@@ -469,8 +634,8 @@ jobs:
     runs-on: ubuntu-latest
 
     env:
-      ANDROID_BUILD_PLATFORM: android-34
+      ANDROID_BUILD_PLATFORM: android-36
-      QT_VERSION: 6.7.3
+      QT_VERSION: 6.8.3
       QT_MODULES: 'qtremoteobjects qt5compat qtimageformats qtshadertools'
       PROD_AGW_PUBLIC_KEY: ${{ secrets.PROD_AGW_PUBLIC_KEY }}
       PROD_S3_ENDPOINT: ${{ secrets.PROD_S3_ENDPOINT }}
@@ -551,6 +716,13 @@ jobs:
       with:
         submodules: 'true'
 
+    - name: 'Get version from CMakeLists.txt'
+      id: get_version
+      run: |
+        VERSION=$(grep 'set(AMNEZIAVPN_VERSION' CMakeLists.txt | sed -E 's/.*AMNEZIAVPN_VERSION ([0-9]+.[0-9]+.[0-9]+.[0-9]+)\)/\1/')
+        echo "VERSION=$VERSION" >> $GITHUB_ENV
+        echo "Version: $VERSION"
+
     - name: 'Setup ccache'
       uses: hendrikmuhs/ccache-action@v1.2
 
@@ -584,35 +756,44 @@ jobs:
       shell: bash
       run: ./deploy/build_android.sh --aab --apk all --build-platform ${{ env.ANDROID_BUILD_PLATFORM }}
 
+    - name: 'Rename Android APKs'
+      run: |
+        cd deploy/build
+        mv AmneziaVPN-x86_64-release.apk AmneziaVPN_${VERSION}_android9+_x86_64.apk
+        mv AmneziaVPN-x86-release.apk AmneziaVPN_${VERSION}_android9+_x86.apk
+        mv AmneziaVPN-arm64-v8a-release.apk AmneziaVPN_${VERSION}_android9+_arm64-v8a.apk
+        mv AmneziaVPN-armeabi-v7a-release.apk AmneziaVPN_${VERSION}_android9+_armeabi-v7a.apk
+        cd ../..
+
     - name: 'Upload x86_64 apk'
       uses: actions/upload-artifact@v4
       with:
-        name: AmneziaVPN-android-x86_64
+        name: AmneziaVPN_${{ env.VERSION }}_android9+_x86_64.apk
-        path: deploy/build/AmneziaVPN-x86_64-release.apk
+        path: deploy/build/AmneziaVPN_${{ env.VERSION }}_android9+_x86_64.apk
         compression-level: 0
         retention-days: 7
 
     - name: 'Upload x86 apk'
       uses: actions/upload-artifact@v4
       with:
-        name: AmneziaVPN-android-x86
+        name: AmneziaVPN_${{ env.VERSION }}_android9+_x86.apk
-        path: deploy/build/AmneziaVPN-x86-release.apk
+        path: deploy/build/AmneziaVPN_${{ env.VERSION }}_android9+_x86.apk
         compression-level: 0
         retention-days: 7
 
     - name: 'Upload arm64-v8a apk'
       uses: actions/upload-artifact@v4
       with:
-        name: AmneziaVPN-android-arm64-v8a
+        name: AmneziaVPN_${{ env.VERSION }}_android9+_arm64-v8a.apk
-        path: deploy/build/AmneziaVPN-arm64-v8a-release.apk
+        path: deploy/build/AmneziaVPN_${{ env.VERSION }}_android9+_arm64-v8a.apk
         compression-level: 0
         retention-days: 7
 
     - name: 'Upload armeabi-v7a apk'
       uses: actions/upload-artifact@v4
       with:
-        name: AmneziaVPN-android-armeabi-v7a
+        name: AmneziaVPN_${{ env.VERSION }}_android9+_armeabi-v7a.apk
-        path: deploy/build/AmneziaVPN-armeabi-v7a-release.apk
+        path: deploy/build/AmneziaVPN_${{ env.VERSION }}_android9+_armeabi-v7a.apk
         compression-level: 0
         retention-days: 7
 

.gitignore

@@ -9,6 +9,7 @@ deploy/build_32/*
 deploy/build_64/*
 winbuild*.bat
 .cache/
+.vscode/
 
 
 # Qt-es

CMakeLists.txt

@@ -1,7 +1,7 @@
 cmake_minimum_required(VERSION 3.25.0 FATAL_ERROR)
 
 set(PROJECT AmneziaVPN)
-set(AMNEZIAVPN_VERSION 4.8.11.0)
+set(AMNEZIAVPN_VERSION 4.8.11.5)
 
 project(${PROJECT} VERSION ${AMNEZIAVPN_VERSION}
         DESCRIPTION "AmneziaVPN"
@@ -12,7 +12,7 @@ string(TIMESTAMP CURRENT_DATE "%Y-%m-%d")
 set(RELEASE_DATE "${CURRENT_DATE}")
 
 set(APP_MAJOR_VERSION ${CMAKE_PROJECT_VERSION_MAJOR}.${CMAKE_PROJECT_VERSION_MINOR}.${CMAKE_PROJECT_VERSION_PATCH})
-set(APP_ANDROID_VERSION_CODE 2095)
+set(APP_ANDROID_VERSION_CODE 2100)
 
 if(${CMAKE_SYSTEM_NAME} STREQUAL "Linux")
     set(MZ_PLATFORM_NAME "linux")

client/CMakeLists.txt

@@ -39,6 +39,20 @@ endif()
 
 find_package(Qt6 REQUIRED COMPONENTS ${PACKAGES})
 
+# Diagnostic: Print Qt configuration
+message(STATUS "=== Qt Configuration Diagnostics ===")
+message(STATUS "Qt6_DIR: ${Qt6_DIR}")
+message(STATUS "CMAKE_PREFIX_PATH: ${CMAKE_PREFIX_PATH}")
+message(STATUS "CMAKE_GENERATOR_PLATFORM: ${CMAKE_GENERATOR_PLATFORM}")
+message(STATUS "CMAKE_SYSTEM_PROCESSOR: ${CMAKE_SYSTEM_PROCESSOR}")
+if(TARGET Qt6::Core)
+    get_target_property(Qt6Core_LOCATION Qt6::Core LOCATION)
+    message(STATUS "Qt6::Core location: ${Qt6Core_LOCATION}")
+    get_target_property(Qt6Core_IMPLIB Qt6::Core IMPORTED_IMPLIB_RELEASE)
+    message(STATUS "Qt6::Core import library: ${Qt6Core_IMPLIB}")
+endif()
+message(STATUS "====================================")
+
 set(LIBS ${LIBS}
     Qt6::Core Qt6::Gui
     Qt6::Network Qt6::Xml Qt6::RemoteObjects
@@ -56,7 +70,7 @@ target_include_directories(${PROJECT} PUBLIC
     $<BUILD_INTERFACE:${CMAKE_CURRENT_BINARY_DIR}>
 )
 
-if(WIN32 OR (APPLE AND NOT IOS) OR (LINUX AND NOT ANDROID))
+if(WIN32 OR (APPLE AND NOT IOS AND NOT MACOS_NE) OR (LINUX AND NOT ANDROID))
     qt_add_repc_replicas(${PROJECT} ${CMAKE_CURRENT_LIST_DIR}/../ipc/ipc_interface.rep)
     qt_add_repc_replicas(${PROJECT} ${CMAKE_CURRENT_LIST_DIR}/../ipc/ipc_process_interface.rep)
     qt_add_repc_replicas(${PROJECT} ${CMAKE_CURRENT_LIST_DIR}/../ipc/ipc_process_tun2socks.rep)
@@ -199,7 +213,9 @@ target_compile_definitions(${PROJECT} PRIVATE "MZ_$<UPPER_CASE:${MZ_PLATFORM_NAM
 
 # deploy artifacts required to run the application to the debug build folder
 if(WIN32)
-    if("${CMAKE_SIZEOF_VOID_P}" STREQUAL "8")
+    if("${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "ARM64")
+        set(DEPLOY_PLATFORM_PATH "windows/arm64")
+    elseif("${CMAKE_SIZEOF_VOID_P}" STREQUAL "8")
         set(DEPLOY_PLATFORM_PATH "windows/x64")
     else()
         set(DEPLOY_PLATFORM_PATH "windows/x32")

client/amnezia_application.cpp

@@ -13,6 +13,8 @@
 #include <QTimer>
 #include <QTranslator>
 #include <QEvent>
+#include <QDir>
+#include <QSettings>
 
 #include "logger.h"
 #include "ui/controllers/pageController.h"
@@ -53,16 +55,44 @@ AmneziaApplication::AmneziaApplication(int &argc, char *argv[]) : AMNEZIA_BASE_C
 
 AmneziaApplication::~AmneziaApplication()
 {
+    if (m_vpnConnection) {
+        QMetaObject::invokeMethod(m_vpnConnection.get(), "disconnectSlots", Qt::QueuedConnection);
+        QMetaObject::invokeMethod(m_vpnConnection.get(), "disconnectFromVpn", Qt::QueuedConnection);
+        QThread::msleep(2000);
+    }
+
+    m_vpnConnectionThread.requestInterruption();
     m_vpnConnectionThread.quit();
 
+    if (!m_vpnConnectionThread.wait(3000)) {
+        m_vpnConnectionThread.terminate();
+        m_vpnConnectionThread.wait(500);
+    }
+
     if (m_engine) {
         QObject::disconnect(m_engine, 0, 0, 0);
         delete m_engine;
     }
 }
 
+#ifdef Q_OS_ANDROID
+namespace {
+    static void clearQtCaches()
+    {
+        const QString cacheRoot = QStandardPaths::writableLocation(QStandardPaths::CacheLocation);
+        if (!cacheRoot.isEmpty()) {
+            QDir(cacheRoot + "/QtShaderCache").removeRecursively();
+            QDir(cacheRoot + "/qmlcache").removeRecursively();
+        }
+    }
+}
+#endif
+
 void AmneziaApplication::init()
 {
+#ifdef Q_OS_ANDROID
+    clearQtCaches();
+#endif
     m_engine = new QQmlApplicationEngine;
 
     const QUrl url(QStringLiteral("qrc:/ui/qml/main2.qml"));

client/android/AndroidManifest.xml

@@ -45,7 +45,8 @@
             android:configChanges="uiMode|screenSize|smallestScreenSize|screenLayout|orientation|density
                 |fontScale|layoutDirection|locale|keyboard|keyboardHidden|navigation|mcc|mnc"
             android:launchMode="singleInstance"
-            android:windowSoftInputMode="stateUnchanged|adjustResize"
+            android:windowSoftInputMode="adjustResize|stateUnchanged"
+            android:enableOnBackInvokedCallback="false"
             android:exported="true">
 
             <intent-filter>

client/android/res/values/styles.xml

@@ -6,6 +6,9 @@
         <item name="android:colorBackground">@color/black</item>
         <item name="android:windowActionBar">false</item>
         <item name="android:windowNoTitle">true</item>
+        <item name="android:windowLayoutInDisplayCutoutMode">shortEdges</item>
+        <item name="android:enforceNavigationBarContrast">false</item>
+        <item name="android:enforceStatusBarContrast">false</item>
     </style>
     <style name="Translucent" parent="NoActionBar">
         <item name="android:windowBackground">@android:color/transparent</item>

client/android/src/org/amnezia/vpn/AmneziaActivity.kt

@@ -35,6 +35,11 @@ import android.widget.Toast
 import androidx.annotation.MainThread
 import androidx.annotation.RequiresApi
 import androidx.core.content.ContextCompat
+import androidx.core.graphics.Insets
+import androidx.core.view.OnApplyWindowInsetsListener
+import androidx.core.view.ViewCompat
+import androidx.core.view.WindowInsetsCompat
+import androidx.core.view.WindowInsetsControllerCompat
 import java.io.IOException
 import kotlin.LazyThreadSafetyMode.NONE
 import kotlin.coroutines.CoroutineContext
@@ -170,10 +175,9 @@ class AmneziaActivity : QtActivity() {
         super.onCreate(savedInstanceState)
         Log.d(TAG, "Create Amnezia activity")
         loadLibs()
-        window.apply {
+
-            addFlags(LayoutParams.FLAG_DRAWS_SYSTEM_BAR_BACKGROUNDS)
+        // Configure window for edge-to-edge display
-            statusBarColor = getColor(R.color.black)
+        configureWindowForEdgeToEdge()
-        }
         mainScope = CoroutineScope(SupervisorJob() + Dispatchers.Main.immediate)
         val proto = mainScope.async(Dispatchers.IO) {
             VpnStateStore.getVpnState().vpnProto
@@ -265,6 +269,82 @@ class AmneziaActivity : QtActivity() {
         super.onStop()
     }
 
+    override fun onResume() {
+        super.onResume()
+        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.UPSIDE_DOWN_CAKE) {
+            window.decorView.apply {
+                invalidate()
+
+                postDelayed({
+                    sendTouch(1f, 1f)
+                }, 100)
+                
+                postDelayed({
+                    sendTouch(2f, 2f)
+                }, 200)
+                
+                postDelayed({
+                    requestLayout()
+                    invalidate()
+                }, 250)
+            }
+        }
+    }
+
+    private fun configureWindowForEdgeToEdge() {
+        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.UPSIDE_DOWN_CAKE) {
+            window.apply {
+                addFlags(LayoutParams.FLAG_DRAWS_SYSTEM_BAR_BACKGROUNDS)
+                addFlags(LayoutParams.FLAG_LAYOUT_NO_LIMITS)
+                statusBarColor = android.graphics.Color.TRANSPARENT
+                navigationBarColor = android.graphics.Color.TRANSPARENT
+            }
+
+            WindowInsetsControllerCompat(window, window.decorView).apply {
+                isAppearanceLightStatusBars = false
+                isAppearanceLightNavigationBars = false
+            }
+
+            // Workaround for Android 14 (API 34+) IME adjustResize bug
+            if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.UPSIDE_DOWN_CAKE) {
+                setupImeInsetsListener()
+            }
+        } else {
+            window.apply {
+                addFlags(LayoutParams.FLAG_DRAWS_SYSTEM_BAR_BACKGROUNDS)
+                statusBarColor = getColor(R.color.black)
+            }
+        }
+    }
+
+    private fun setupImeInsetsListener() {
+        ViewCompat.setOnApplyWindowInsetsListener(window.decorView) { view, windowInsets ->
+            val imeInsets = windowInsets.getInsets(WindowInsetsCompat.Type.ime())
+            val imeVisible = windowInsets.isVisible(WindowInsetsCompat.Type.ime())
+            
+            val imeHeight = if (imeVisible) imeInsets.bottom else 0
+
+            val density = resources.displayMetrics.density
+            val imeHeightDp = (imeHeight / density).toInt()
+            
+            // Also track system bars (navigation bar, status bar) changes
+            val systemBarsInsets = windowInsets.getInsets(WindowInsetsCompat.Type.systemBars())
+            val navBarHeight = systemBarsInsets.bottom
+            val navBarHeightDp = (navBarHeight / density).toInt()
+            val statusBarHeight = systemBarsInsets.top
+            val statusBarHeightDp = (statusBarHeight / density).toInt()
+            
+            mainScope.launch {
+                qtInitialized.await()
+                QtAndroidController.onImeInsetsChanged(imeHeightDp)
+                QtAndroidController.onSystemBarsInsetsChanged(navBarHeightDp, statusBarHeightDp)
+            }
+            
+            // Return windowInsets instead of CONSUMED to allow proper handling
+            windowInsets
+        }
+    }
+
     override fun onDestroy() {
         Log.d(TAG, "Destroy Amnezia activity")
         unregisterBroadcastReceiver(notificationStateReceiver)
@@ -666,6 +746,43 @@ class AmneziaActivity : QtActivity() {
     @Suppress("unused")
     fun isOnTv(): Boolean = applicationContext.packageManager.hasSystemFeature(PackageManager.FEATURE_LEANBACK)
 
+    @Suppress("unused")
+    fun isEdgeToEdgeEnabled(): Boolean = Build.VERSION.SDK_INT >= Build.VERSION_CODES.UPSIDE_DOWN_CAKE
+
+    @Suppress("unused")
+    fun getStatusBarHeight(): Int {
+        if (Build.VERSION.SDK_INT < Build.VERSION_CODES.UPSIDE_DOWN_CAKE) return 0
+
+        val resourceId = resources.getIdentifier("status_bar_height", "dimen", "android")
+        val heightPx = if (resourceId > 0) {
+            resources.getDimensionPixelSize(resourceId)
+        } else {
+            0
+        }
+
+        // Convert physical pixels to device-independent pixels for QML
+        val density = resources.displayMetrics.density
+        val heightDp = (heightPx / density).toInt()
+        return heightDp
+    }
+
+    @Suppress("unused")
+    fun getNavigationBarHeight(): Int {
+        if (Build.VERSION.SDK_INT < Build.VERSION_CODES.UPSIDE_DOWN_CAKE) return 0
+
+        val resourceId = resources.getIdentifier("navigation_bar_height", "dimen", "android")
+        val heightPx = if (resourceId > 0) {
+            resources.getDimensionPixelSize(resourceId)
+        } else {
+            0
+        }
+
+        // Convert physical pixels to device-independent pixels for QML
+        val density = resources.displayMetrics.density
+        val heightDp = (heightPx / density).toInt()
+        return heightDp
+    }
+
     @Suppress("unused")
     fun startQrCodeReader() {
         Log.v(TAG, "Start camera")

client/android/src/org/amnezia/vpn/AppListProvider.kt

@@ -38,15 +38,15 @@ object AppListProvider {
     }
 }
 
-private class App(pi: PackageInfo, pm: PackageManager, ai: ApplicationInfo = pi.applicationInfo) : Comparable<App> {
+private class App(pi: PackageInfo, pm: PackageManager, ai: ApplicationInfo? = pi.applicationInfo) : Comparable<App> {
     val name: String?
     val packageName: String = pi.packageName
-    val icon: Boolean = ai.icon != 0
+    val icon: Boolean = (ai?.icon ?: 0) != 0
     val isLaunchable: Boolean = pm.getLaunchIntentForPackage(packageName) != null
 
     init {
-        val name = ai.loadLabel(pm).toString()
+        val name = ai?.loadLabel(pm)?.toString()
-        this.name = if (name != packageName) name else null
+        this.name = name?.takeIf { it != packageName }
     }
 
     override fun compareTo(other: App): Int {

client/android/src/org/amnezia/vpn/qt/QtAndroidController.kt

@@ -28,4 +28,7 @@ object QtAndroidController {
     external fun onAuthResult(result: Boolean)
 
     external fun decodeQrCode(data: String): Boolean
+
+    external fun onImeInsetsChanged(heightDp: Int)
+    external fun onSystemBarsInsetsChanged(navBarHeightDp: Int, statusBarHeightDp: Int)
 }

client/cmake/3rdparty.cmake

@@ -15,17 +15,35 @@ set(OPENSSL_LIBRARIES_DIR "${OPENSSL_ROOT_DIR}/lib")
 
 if(WIN32)
     set(OPENSSL_INCLUDE_DIR "${OPENSSL_ROOT_DIR}/windows/include")
-    if("${CMAKE_SIZEOF_VOID_P}" STREQUAL "8")
+    # Check for ARM64 architecture first (CMAKE_GENERATOR_PLATFORM is set to ARM64 for cross-compilation)
+    message(STATUS "=== 3rd Party Libraries Configuration ===")
+    message(STATUS "CMAKE_GENERATOR_PLATFORM: ${CMAKE_GENERATOR_PLATFORM}")
+    message(STATUS "CMAKE_SYSTEM_PROCESSOR: ${CMAKE_SYSTEM_PROCESSOR}")
+    message(STATUS "CMAKE_SIZEOF_VOID_P: ${CMAKE_SIZEOF_VOID_P}")
+    if("${CMAKE_GENERATOR_PLATFORM}" STREQUAL "ARM64" OR "${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "ARM64")
+        # ARM64: use ARM64 versions for both OpenSSL and libssh
+        message(STATUS "Building for Windows ARM64")
+        set(LIBSSH_LIB_PATH "${LIBSSH_ROOT_DIR}/windows/arm64/ssh.lib")
+        set(LIBSSH_INCLUDE_DIR "${LIBSSH_ROOT_DIR}/windows/arm64")
+        set(OPENSSL_LIB_SSL_PATH "${OPENSSL_ROOT_DIR}/windows/winarm64/libssl.lib")
+        set(OPENSSL_LIB_CRYPTO_PATH "${OPENSSL_ROOT_DIR}/windows/winarm64/libcrypto.lib")
+        message(STATUS "libssh: ${LIBSSH_LIB_PATH}")
+        message(STATUS "OpenSSL SSL: ${OPENSSL_LIB_SSL_PATH}")
+        message(STATUS "OpenSSL Crypto: ${OPENSSL_LIB_CRYPTO_PATH}")
+    elseif("${CMAKE_SIZEOF_VOID_P}" STREQUAL "8")
+        message(STATUS "Building for Windows x64")
         set(LIBSSH_LIB_PATH "${LIBSSH_ROOT_DIR}/windows/x86_64/ssh.lib")
         set(LIBSSH_INCLUDE_DIR "${LIBSSH_ROOT_DIR}/windows/x86_64")
         set(OPENSSL_LIB_SSL_PATH "${OPENSSL_ROOT_DIR}/windows/win64/libssl.lib")
         set(OPENSSL_LIB_CRYPTO_PATH "${OPENSSL_ROOT_DIR}/windows/win64/libcrypto.lib")
     else()
+        message(STATUS "Building for Windows x86")
         set(LIBSSH_LIB_PATH "${LIBSSH_ROOT_DIR}/windows/x86/ssh.lib")
         set(LIBSSH_INCLUDE_DIR "${LIBSSH_ROOT_DIR}/windows/x86")
         set(OPENSSL_LIB_SSL_PATH "${OPENSSL_ROOT_DIR}/windows/win32/libssl.lib")
         set(OPENSSL_LIB_CRYPTO_PATH "${OPENSSL_ROOT_DIR}/windows/win32/libcrypto.lib")
     endif()
+    message(STATUS "==========================================")
 elseif(APPLE AND NOT IOS)
     if(MACOS_NE)
         set(LIBSSH_LIB_PATH "${LIBSSH_ROOT_DIR}/macos/universal2/libssh.a")

client/cmake/android.cmake

@@ -1,6 +1,6 @@
 message("Client android ${CMAKE_ANDROID_ARCH_ABI} build")
 
-set(APP_ANDROID_MIN_SDK 26)
+set(APP_ANDROID_MIN_SDK 28)
 set(ANDROID_PLATFORM "android-${APP_ANDROID_MIN_SDK}" CACHE STRING
     "The minimum API level supported by the application or library" FORCE)
 
@@ -11,8 +11,8 @@ set_target_properties(${PROJECT} PROPERTIES
     QT_ANDROID_VERSION_NAME ${CMAKE_PROJECT_VERSION}
     QT_ANDROID_VERSION_CODE ${APP_ANDROID_VERSION_CODE}
     QT_ANDROID_MIN_SDK_VERSION ${APP_ANDROID_MIN_SDK}
-    QT_ANDROID_TARGET_SDK_VERSION 34
+    QT_ANDROID_TARGET_SDK_VERSION 36
-    QT_ANDROID_SDK_BUILD_TOOLS_REVISION 34.0.0
+    QT_ANDROID_SDK_BUILD_TOOLS_REVISION 36.0.0
     QT_ANDROID_PACKAGE_SOURCE_DIR ${CMAKE_CURRENT_SOURCE_DIR}/android
 )
 

client/cmake/sources.cmake

@@ -28,6 +28,7 @@ set(HEADERS ${HEADERS}
     ${CLIENT_ROOT_DIR}/../common/logger/logger.h
     ${CLIENT_ROOT_DIR}/utils/qmlUtils.h
     ${CLIENT_ROOT_DIR}/core/api/apiUtils.h
+    ${CLIENT_ROOT_DIR}/core/osSignalHandler.h
 )
 
 # Mozilla headres
@@ -36,6 +37,7 @@ set(HEADERS ${HEADERS}
     ${CLIENT_ROOT_DIR}/mozilla/shared/ipaddress.h
     ${CLIENT_ROOT_DIR}/mozilla/shared/leakdetector.h
     ${CLIENT_ROOT_DIR}/mozilla/controllerimpl.h
+    ${CLIENT_ROOT_DIR}/mozilla/localsocketcontroller.h
 )
 
 if(NOT IOS AND NOT MACOS_NE)
@@ -78,6 +80,7 @@ set(SOURCES ${SOURCES}
     ${CLIENT_ROOT_DIR}/../common/logger/logger.cpp
     ${CLIENT_ROOT_DIR}/utils/qmlUtils.cpp
     ${CLIENT_ROOT_DIR}/core/api/apiUtils.cpp
+    ${CLIENT_ROOT_DIR}/core/osSignalHandler.cpp
 )
 
 # Mozilla sources
@@ -85,6 +88,7 @@ set(SOURCES ${SOURCES}
     ${CLIENT_ROOT_DIR}/mozilla/models/server.cpp
     ${CLIENT_ROOT_DIR}/mozilla/shared/ipaddress.cpp
     ${CLIENT_ROOT_DIR}/mozilla/shared/leakdetector.cpp
+    ${CLIENT_ROOT_DIR}/mozilla/localsocketcontroller.cpp
 )
 
 if(NOT IOS AND NOT MACOS_NE)
@@ -173,7 +177,7 @@ if(WIN32)
     )
 endif()
 
-if(WIN32 OR (APPLE AND NOT IOS) OR (LINUX AND NOT ANDROID))
+if(WIN32 OR (APPLE AND NOT IOS AND NOT MACOS_NE) OR (LINUX AND NOT ANDROID))
     message("Client desktop build")
     add_compile_definitions(AMNEZIA_DESKTOP)
 
@@ -187,13 +191,11 @@ if(WIN32 OR (APPLE AND NOT IOS) OR (LINUX AND NOT ANDROID))
         ${CLIENT_ROOT_DIR}/protocols/wireguardprotocol.h
         ${CLIENT_ROOT_DIR}/protocols/xrayprotocol.h
         ${CLIENT_ROOT_DIR}/protocols/awgprotocol.h
-        ${CLIENT_ROOT_DIR}/mozilla/localsocketcontroller.h
     )
 
     set(SOURCES ${SOURCES}
         ${CLIENT_ROOT_DIR}/core/ipcclient.cpp
         ${CLIENT_ROOT_DIR}/core/privileged_process.cpp
-        ${CLIENT_ROOT_DIR}/mozilla/localsocketcontroller.cpp
         ${CLIENT_ROOT_DIR}/ui/systemtray_notificationhandler.cpp
         ${CLIENT_ROOT_DIR}/protocols/openvpnprotocol.cpp
         ${CLIENT_ROOT_DIR}/protocols/openvpnovercloakprotocol.cpp
@@ -203,3 +205,14 @@ if(WIN32 OR (APPLE AND NOT IOS) OR (LINUX AND NOT ANDROID))
         ${CLIENT_ROOT_DIR}/protocols/awgprotocol.cpp
     )
 endif()
+
+if(APPLE AND MACOS_NE)
+    # Include only the tray notification handler in NE builds
+    set(HEADERS ${HEADERS}
+        ${CLIENT_ROOT_DIR}/ui/systemtray_notificationhandler.h
+    )
+
+    set(SOURCES ${SOURCES}
+        ${CLIENT_ROOT_DIR}/ui/systemtray_notificationhandler.cpp
+    )
+endif()

client/configurators/openvpn_configurator.cpp

@@ -83,12 +83,30 @@ QString OpenVpnConfigurator::createConfig(const ServerCredentials &credentials,
         return "";
     }
 
+    auto sanitizeStaticKey = [](const QString &key) {
+        QStringList lines = key.split('\n');
+        QStringList filtered;
+        filtered.reserve(lines.size());
+        for (const QString &line : lines) {
+            const QString trimmed = line.trimmed();
+            if (trimmed.startsWith('#')) {
+                continue;
+            }
+            filtered.append(line);
+        }
+        QString result = filtered.join('\n');
+        if (!result.endsWith('\n')) {
+            result.append('\n');
+        }
+        return result;
+    };
+
     config.replace("$OPENVPN_CA_CERT", connData.caCert);
     config.replace("$OPENVPN_CLIENT_CERT", connData.clientCert);
     config.replace("$OPENVPN_PRIV_KEY", connData.privKey);
 
     if (config.contains("$OPENVPN_TA_KEY")) {
-        config.replace("$OPENVPN_TA_KEY", connData.taKey);
+        config.replace("$OPENVPN_TA_KEY", sanitizeStaticKey(connData.taKey));
     } else {
         config.replace("<tls-auth>", "");
         config.replace("</tls-auth>", "");

client/core/api/apiDefs.h

@@ -47,12 +47,14 @@ namespace apiDefs
         constexpr QLatin1String serverCountryName("server_country_name");
 
         constexpr QLatin1String osVersion("os_version");
+        constexpr QLatin1String appLanguage("app_language");
 
         constexpr QLatin1String availableCountries("available_countries");
         constexpr QLatin1String activeDeviceCount("active_device_count");
         constexpr QLatin1String maxDeviceCount("max_device_count");
         constexpr QLatin1String subscriptionEndDate("subscription_end_date");
         constexpr QLatin1String issuedConfigs("issued_configs");
+        constexpr QLatin1String subscriptionDescription("subscription_description");
 
         constexpr QLatin1String supportInfo("support_info");
         constexpr QLatin1String email("email");
@@ -64,6 +66,16 @@ namespace apiDefs
         constexpr QLatin1String id("id");
         constexpr QLatin1String orderId("order_id");
         constexpr QLatin1String migrationCode("migration_code");
+
+        constexpr QLatin1String transactionId("transaction_id");
+
+        constexpr QLatin1String userCountryCode("user_country_code");
+
+        constexpr QLatin1String serviceInfo("service_info");
+        constexpr QLatin1String isAdVisible("is_ad_visible");
+        constexpr QLatin1String adHeader("ad_header");
+        constexpr QLatin1String adDescription("ad_description");
+        constexpr QLatin1String adEndpoint("ad_endpoint");
     }
 
     const int requestTimeoutMsecs = 12 * 1000; // 12 secs

client/core/api/apiUtils.cpp

@@ -82,7 +82,9 @@ apiDefs::ConfigSource apiUtils::getConfigSource(const QJsonObject &serverConfigO
     return static_cast<apiDefs::ConfigSource>(serverConfigObject.value(apiDefs::key::configVersion).toInt());
 }
 
-amnezia::ErrorCode apiUtils::checkNetworkReplyErrors(const QList<QSslError> &sslErrors, QNetworkReply *reply)
+amnezia::ErrorCode apiUtils::checkNetworkReplyErrors(const QList<QSslError> &sslErrors, const QString &replyErrorString,
+                                                     const QNetworkReply::NetworkError &replyError, const int httpStatusCode,
+                                                     const QByteArray &responseBody)
 {
     const int httpStatusCodeConflict = 409;
     const int httpStatusCodeNotFound = 404;
@@ -90,21 +92,19 @@ amnezia::ErrorCode apiUtils::checkNetworkReplyErrors(const QList<QSslError> &ssl
     if (!sslErrors.empty()) {
         qDebug().noquote() << sslErrors;
         return amnezia::ErrorCode::ApiConfigSslError;
-    } else if (reply->error() == QNetworkReply::NoError) {
+    } else if (replyError == QNetworkReply::NoError) {
         return amnezia::ErrorCode::NoError;
-    } else if (reply->error() == QNetworkReply::NetworkError::OperationCanceledError
+    } else if (replyError == QNetworkReply::NetworkError::OperationCanceledError
-               || reply->error() == QNetworkReply::NetworkError::TimeoutError) {
+               || replyError == QNetworkReply::NetworkError::TimeoutError) {
-        qDebug() << reply->error();
+        qDebug() << replyError;
         return amnezia::ErrorCode::ApiConfigTimeoutError;
-    } else if (reply->error() == QNetworkReply::NetworkError::OperationNotImplementedError) {
+    } else if (replyError == QNetworkReply::NetworkError::OperationNotImplementedError) {
-        qDebug() << reply->error();
+        qDebug() << replyError;
         return amnezia::ErrorCode::ApiUpdateRequestError;
     } else {
-        QString err = reply->errorString();
+        qDebug() << QString::fromUtf8(responseBody);
-        int httpStatusCode = reply->attribute(QNetworkRequest::HttpStatusCodeAttribute).toInt();
+        qDebug() << replyError;
-        qDebug() << QString::fromUtf8(reply->readAll());
+        qDebug() << replyErrorString;
-        qDebug() << reply->error();
-        qDebug() << err;
         qDebug() << httpStatusCode;
         if (httpStatusCode == httpStatusCodeConflict) {
             return amnezia::ErrorCode::ApiConfigLimitError;
@@ -162,3 +162,51 @@ QString apiUtils::getPremiumV1VpnKey(const QJsonObject &serverConfigObject)
 
     return QString("vpn://%1").arg(QString(signedData.toBase64(QByteArray::Base64UrlEncoding)));
 }
+
+QString apiUtils::getPremiumV2VpnKey(const QJsonObject &serverConfigObject)
+{
+    if (apiUtils::getConfigType(serverConfigObject) != apiDefs::ConfigType::AmneziaPremiumV2) {
+        return {};
+    }
+
+    QString vpnKeyText = "";
+
+    auto apiConfig = serverConfigObject.value(apiDefs::key::apiConfig).toObject();
+    auto authData = serverConfigObject.value(QLatin1String("auth_data")).toObject();
+
+    const QString name = serverConfigObject.value(apiDefs::key::name).toString();
+    const QString description = serverConfigObject.value(apiDefs::key::description).toString();
+    const double configVersion = serverConfigObject.value(apiDefs::key::configVersion).toDouble();
+
+    const QString serviceType = apiConfig.value(apiDefs::key::serviceType).toString();
+    const QString serviceProtocol = apiConfig.value(QLatin1String("service_protocol")).toString();
+    const QString userCountryCode = apiConfig.value(QLatin1String("user_country_code")).toString();
+
+    const QString apiKey = authData.value(apiDefs::key::apiKey).toString();
+
+    QString vpnKeyStr = "{";
+    vpnKeyStr += "\"" + QString(apiDefs::key::name) + "\": \"" + name + "\", ";
+    vpnKeyStr += "\"" + QString(apiDefs::key::description) + "\": \"" + description + "\", ";
+    vpnKeyStr += "\"" + QString(apiDefs::key::configVersion) + "\": " + QString::number(static_cast<int>(configVersion)) + ", ";
+
+    vpnKeyStr += "\"" + QString(apiDefs::key::apiConfig) + "\": {";
+    vpnKeyStr += "\"" + QString(apiDefs::key::serviceType) + "\": \"" + serviceType + "\", ";
+    vpnKeyStr += "\"service_protocol\": \"" + serviceProtocol + "\", ";
+    vpnKeyStr += "\"user_country_code\": \"" + userCountryCode + "\"";
+    vpnKeyStr += "}, ";
+
+    vpnKeyStr += "\"auth_data\": {";
+    vpnKeyStr += "\"" + QString(apiDefs::key::apiKey) + "\": \"" + apiKey + "\"";
+    vpnKeyStr += "}";
+
+    vpnKeyStr += "}";
+
+    QByteArray vpnKeyCompressed = escapeUnicode(vpnKeyStr).toUtf8();
+    vpnKeyCompressed = qCompress(vpnKeyCompressed, 6);
+    vpnKeyCompressed = vpnKeyCompressed.mid(4);
+
+    QByteArray signedData = AMNEZIA_CONFIG_SIGNATURE + vpnKeyCompressed;
+    vpnKeyText = QString("vpn://%1").arg(QString(signedData.toBase64(QByteArray::Base64UrlEncoding)));
+
+    return vpnKeyText;
+}

client/core/api/apiUtils.h

@@ -18,9 +18,12 @@ namespace apiUtils
     apiDefs::ConfigType getConfigType(const QJsonObject &serverConfigObject);
     apiDefs::ConfigSource getConfigSource(const QJsonObject &serverConfigObject);
 
-    amnezia::ErrorCode checkNetworkReplyErrors(const QList<QSslError> &sslErrors, QNetworkReply *reply);
+    amnezia::ErrorCode checkNetworkReplyErrors(const QList<QSslError> &sslErrors, const QString &replyErrorString,
+                                               const QNetworkReply::NetworkError &replyError, const int httpStatusCode,
+                                               const QByteArray &responseBody);
 
     QString getPremiumV1VpnKey(const QJsonObject &serverConfigObject);
+    QString getPremiumV2VpnKey(const QJsonObject &serverConfigObject);
 }
 
 #endif // APIUTILS_H

client/core/controllers/coreController.cpp

@@ -99,6 +99,9 @@ void CoreController::initModels()
 
     m_apiDevicesModel.reset(new ApiDevicesModel(m_settings, this));
     m_engine->rootContext()->setContextProperty("ApiDevicesModel", m_apiDevicesModel.get());
+
+    m_newsModel.reset(new NewsModel(m_settings, this));
+    m_engine->rootContext()->setContextProperty("NewsModel", m_newsModel.get());
 }
 
 void CoreController::initControllers()
@@ -153,6 +156,9 @@ void CoreController::initControllers()
 
     m_apiPremV1MigrationController.reset(new ApiPremV1MigrationController(m_serversModel, m_settings, this));
     m_engine->rootContext()->setContextProperty("ApiPremV1MigrationController", m_apiPremV1MigrationController.get());
+
+    m_apiNewsController.reset(new ApiNewsController(m_newsModel, m_settings, m_serversModel, this));
+    m_engine->rootContext()->setContextProperty("ApiNewsController", m_apiNewsController.get());
 }
 
 void CoreController::initAndroidController()
@@ -316,6 +322,11 @@ void CoreController::initContainerModelUpdateHandler()
     connect(m_serversModel.get(), &ServersModel::containersUpdated, m_containersModel.get(), &ContainersModel::updateModel);
     connect(m_serversModel.get(), &ServersModel::defaultServerContainersUpdated, m_defaultServerContainersModel.get(),
             &ContainersModel::updateModel);
+    connect(m_serversModel.get(), &ServersModel::gatewayStacksExpanded, this, [this]() {
+        if (m_serversModel->hasServersFromGatewayApi()) {
+            m_apiNewsController->fetchNews(false);
+        }
+    });
     m_serversModel->resetModel();
 }
 

client/core/controllers/coreController.h

@@ -12,6 +12,7 @@
 #include "ui/controllers/api/apiConfigsController.h"
 #include "ui/controllers/api/apiSettingsController.h"
 #include "ui/controllers/api/apiPremV1MigrationController.h"
+#include "ui/controllers/api/apiNewsController.h"
 #include "ui/controllers/appSplitTunnelingController.h"
 #include "ui/controllers/allowedDnsController.h"
 #include "ui/controllers/connectionController.h"
@@ -47,6 +48,7 @@
 #include "ui/models/services/sftpConfigModel.h"
 #include "ui/models/services/socks5ProxyConfigModel.h"
 #include "ui/models/sites_model.h"
+#include "ui/models/newsModel.h"
 
 #if !defined(Q_OS_ANDROID) && !defined(Q_OS_IOS)
     #include "ui/notificationhandler.h"
@@ -118,6 +120,7 @@ private:
     QScopedPointer<ApiSettingsController> m_apiSettingsController;
     QScopedPointer<ApiConfigsController> m_apiConfigsController;
     QScopedPointer<ApiPremV1MigrationController> m_apiPremV1MigrationController;
+    QScopedPointer<ApiNewsController> m_apiNewsController;
 
     QSharedPointer<ContainersModel> m_containersModel;
     QSharedPointer<ContainersModel> m_defaultServerContainersModel;
@@ -125,6 +128,7 @@ private:
     QSharedPointer<LanguageModel> m_languageModel;
     QSharedPointer<ProtocolsModel> m_protocolsModel;
     QSharedPointer<SitesModel> m_sitesModel;
+    QSharedPointer<NewsModel> m_newsModel;
     QSharedPointer<AllowedDnsModel> m_allowedDnsModel;
     QSharedPointer<AppSplitTunnelingModel> m_appSplitTunnelingModel;
     QSharedPointer<ClientManagementModel> m_clientManagementModel;

client/core/controllers/gatewayController.cpp

@@ -1,12 +1,15 @@
 #include "gatewayController.h"
 
 #include <algorithm>
+#include <functional>
 #include <random>
 
+#include <QCryptographicHash>
 #include <QJsonArray>
 #include <QJsonDocument>
 #include <QJsonObject>
 #include <QNetworkReply>
+#include <QPromise>
 #include <QUrl>
 
 #include "QBlockCipher.h"
@@ -50,87 +53,25 @@ GatewayController::GatewayController(const QString &gatewayEndpoint, const bool
 {
 }
 
-ErrorCode GatewayController::get(const QString &endpoint, QByteArray &responseBody)
+GatewayController::EncryptedRequestData GatewayController::prepareRequest(const QString &endpoint, const QJsonObject &apiPayload)
 {
+    EncryptedRequestData encRequestData;
+    encRequestData.errorCode = ErrorCode::NoError;
+
 #ifdef Q_OS_IOS
     IosController::Instance()->requestInetAccess();
     QThread::msleep(10);
 #endif
 
-    QNetworkRequest request;
+    encRequestData.request.setTransferTimeout(m_requestTimeoutMsecs);
-    request.setTransferTimeout(m_requestTimeoutMsecs);
+    encRequestData.request.setHeader(QNetworkRequest::ContentTypeHeader, "application/json");
-    request.setHeader(QNetworkRequest::ContentTypeHeader, "application/json");
+    encRequestData.request.setRawHeader(QString("X-Client-Request-ID").toUtf8(), QUuid::createUuid().toString(QUuid::WithoutBraces).toUtf8());
-    request.setRawHeader(QString("X-Client-Request-ID").toUtf8(), QUuid::createUuid().toString(QUuid::WithoutBraces).toUtf8());
+    encRequestData.request.setUrl(endpoint.arg(m_proxyUrl.isEmpty() ? m_gatewayEndpoint : m_proxyUrl));
-
-    request.setUrl(QString(endpoint).arg(m_proxyUrl.isEmpty() ? m_gatewayEndpoint : m_proxyUrl));
 
     // bypass killSwitch exceptions for API-gateway
 #ifdef AMNEZIA_DESKTOP
     if (m_isStrictKillSwitchEnabled) {
-        QString host = QUrl(request.url()).host();
+        QString host = QUrl(encRequestData.request.url()).host();
-        QString ip = NetworkUtilities::getIPAddress(host);
-        if (!ip.isEmpty()) {
-            IpcClient::Interface()->addKillSwitchAllowedRange(QStringList { ip });
-        }
-    }
-#endif
-
-    QNetworkReply *reply;
-    reply = amnApp->networkManager()->get(request);
-
-    QEventLoop wait;
-    QObject::connect(reply, &QNetworkReply::finished, &wait, &QEventLoop::quit);
-
-    QList<QSslError> sslErrors;
-    connect(reply, &QNetworkReply::sslErrors, [this, &sslErrors](const QList<QSslError> &errors) { sslErrors = errors; });
-    wait.exec();
-
-    responseBody = reply->readAll();
-
-    if (sslErrors.isEmpty() && shouldBypassProxy(reply, responseBody, false)) {
-        auto requestFunction = [&request, &responseBody](const QString &url) {
-            request.setUrl(url);
-            return amnApp->networkManager()->get(request);
-        };
-
-        auto replyProcessingFunction = [&responseBody, &reply, &sslErrors, this](QNetworkReply *nestedReply,
-                                                                                 const QList<QSslError> &nestedSslErrors) {
-            responseBody = nestedReply->readAll();
-            if (!sslErrors.isEmpty() || !shouldBypassProxy(nestedReply, responseBody, false)) {
-                sslErrors = nestedSslErrors;
-                reply = nestedReply;
-                return true;
-            }
-            return false;
-        };
-
-        bypassProxy(endpoint, reply, requestFunction, replyProcessingFunction);
-    }
-
-    auto errorCode = apiUtils::checkNetworkReplyErrors(sslErrors, reply);
-    reply->deleteLater();
-
-    return errorCode;
-}
-
-ErrorCode GatewayController::post(const QString &endpoint, const QJsonObject apiPayload, QByteArray &responseBody)
-{
-#ifdef Q_OS_IOS
-    IosController::Instance()->requestInetAccess();
-    QThread::msleep(10);
-#endif
-
-    QNetworkRequest request;
-    request.setTransferTimeout(m_requestTimeoutMsecs);
-    request.setHeader(QNetworkRequest::ContentTypeHeader, "application/json");
-    request.setRawHeader(QString("X-Client-Request-ID").toUtf8(), QUuid::createUuid().toString(QUuid::WithoutBraces).toUtf8());
-
-    request.setUrl(endpoint.arg(m_proxyUrl.isEmpty() ? m_gatewayEndpoint : m_proxyUrl));
-
-    // bypass killSwitch exceptions for API-gateway
-#ifdef AMNEZIA_DESKTOP
-    if (m_isStrictKillSwitchEnabled) {
-        QString host = QUrl(request.url()).host();
         QString ip = NetworkUtilities::getIPAddress(host);
         if (!ip.isEmpty()) {
             IpcClient::Interface()->addKillSwitchAllowedRange(QStringList { ip });
@@ -139,14 +80,14 @@ ErrorCode GatewayController::post(const QString &endpoint, const QJsonObject api
 #endif
 
     QSimpleCrypto::QBlockCipher blockCipher;
-    QByteArray key = blockCipher.generatePrivateSalt(32);
+    encRequestData.key = blockCipher.generatePrivateSalt(32);
-    QByteArray iv = blockCipher.generatePrivateSalt(32);
+    encRequestData.iv = blockCipher.generatePrivateSalt(32);
-    QByteArray salt = blockCipher.generatePrivateSalt(8);
+    encRequestData.salt = blockCipher.generatePrivateSalt(8);
 
     QJsonObject keyPayload;
-    keyPayload[configKey::aesKey] = QString(key.toBase64());
+    keyPayload[configKey::aesKey] = QString(encRequestData.key.toBase64());
-    keyPayload[configKey::aesIv] = QString(iv.toBase64());
+    keyPayload[configKey::aesIv] = QString(encRequestData.iv.toBase64());
-    keyPayload[configKey::aesSalt] = QString(salt.toBase64());
+    keyPayload[configKey::aesSalt] = QString(encRequestData.salt.toBase64());
 
     QByteArray encryptedKeyPayload;
     QByteArray encryptedApiPayload;
@@ -161,62 +102,88 @@ ErrorCode GatewayController::post(const QString &endpoint, const QJsonObject api
         } catch (...) {
             Utils::logException();
             qCritical() << "error loading public key from environment variables";
-            return ErrorCode::ApiMissingAgwPublicKey;
+            encRequestData.errorCode = ErrorCode::ApiMissingAgwPublicKey;
+            return encRequestData;
         }
 
         encryptedKeyPayload = rsa.encrypt(QJsonDocument(keyPayload).toJson(), publicKey, RSA_PKCS1_PADDING);
         EVP_PKEY_free(publicKey);
 
-        encryptedApiPayload = blockCipher.encryptAesBlockCipher(QJsonDocument(apiPayload).toJson(), key, iv, "", salt);
+        encryptedApiPayload = blockCipher.encryptAesBlockCipher(QJsonDocument(apiPayload).toJson(), encRequestData.key, encRequestData.iv,
-    } catch (...) { // todo change error handling in QSimpleCrypto?
+                                                                "", encRequestData.salt);
+    } catch (...) {
         Utils::logException();
         qCritical() << "error when encrypting the request body";
-        return ErrorCode::ApiConfigDecryptionError;
+        encRequestData.errorCode = ErrorCode::ApiConfigDecryptionError;
+        return encRequestData;
     }
 
     QJsonObject requestBody;
     requestBody[configKey::keyPayload] = QString(encryptedKeyPayload.toBase64());
     requestBody[configKey::apiPayload] = QString(encryptedApiPayload.toBase64());
 
-    QNetworkReply *reply = amnApp->networkManager()->post(request, QJsonDocument(requestBody).toJson());
+    encRequestData.requestBody = QJsonDocument(requestBody).toJson();
+    return encRequestData;
+}
+
+ErrorCode GatewayController::post(const QString &endpoint, const QJsonObject apiPayload, QByteArray &responseBody)
+{
+    EncryptedRequestData encRequestData = prepareRequest(endpoint, apiPayload);
+    if (encRequestData.errorCode != ErrorCode::NoError) {
+        return encRequestData.errorCode;
+    }
+
+    QNetworkReply *reply = amnApp->networkManager()->post(encRequestData.request, encRequestData.requestBody);
 
     QEventLoop wait;
     connect(reply, &QNetworkReply::finished, &wait, &QEventLoop::quit);
 
     QList<QSslError> sslErrors;
     connect(reply, &QNetworkReply::sslErrors, [this, &sslErrors](const QList<QSslError> &errors) { sslErrors = errors; });
-    wait.exec();
+    wait.exec(QEventLoop::ExcludeUserInputEvents);
 
     QByteArray encryptedResponseBody = reply->readAll();
+    QString replyErrorString = reply->errorString();
+    auto replyError = reply->error();
+    int httpStatusCode = reply->attribute(QNetworkRequest::HttpStatusCodeAttribute).toInt();
 
-    if (sslErrors.isEmpty() && shouldBypassProxy(reply, encryptedResponseBody, true, key, iv, salt)) {
+    reply->deleteLater();
-        auto requestFunction = [&request, &encryptedResponseBody, &requestBody](const QString &url) {
+
-            request.setUrl(url);
+    if (sslErrors.isEmpty()
-            return amnApp->networkManager()->post(request, QJsonDocument(requestBody).toJson());
+        && shouldBypassProxy(replyError, encryptedResponseBody, true, encRequestData.key, encRequestData.iv, encRequestData.salt)) {
+        auto requestFunction = [&encRequestData, &encryptedResponseBody](const QString &url) {
+            encRequestData.request.setUrl(url);
+            return amnApp->networkManager()->post(encRequestData.request, encRequestData.requestBody);
         };
 
-        auto replyProcessingFunction = [&encryptedResponseBody, &reply, &sslErrors, &key, &iv, &salt,
+        auto replyProcessingFunction = [&encryptedResponseBody, &replyErrorString, &replyError, &httpStatusCode, &sslErrors,
-                                        this](QNetworkReply *nestedReply, const QList<QSslError> &nestedSslErrors) {
+                                        &encRequestData, this](QNetworkReply *reply, const QList<QSslError> &nestedSslErrors) {
-            encryptedResponseBody = nestedReply->readAll();
+            encryptedResponseBody = reply->readAll();
-            reply = nestedReply;
+            replyErrorString = reply->errorString();
-            if (!sslErrors.isEmpty() || shouldBypassProxy(nestedReply, encryptedResponseBody, true, key, iv, salt)) {
+            replyError = reply->error();
+            httpStatusCode = reply->attribute(QNetworkRequest::HttpStatusCodeAttribute).toInt();
+            if (!sslErrors.isEmpty()
+                || shouldBypassProxy(replyError, encryptedResponseBody, true, encRequestData.key, encRequestData.iv, encRequestData.salt)) {
                 sslErrors = nestedSslErrors;
                 return false;
             }
             return true;
         };
 
-        bypassProxy(endpoint, reply, requestFunction, replyProcessingFunction);
+        auto serviceType = apiPayload.value(apiDefs::key::serviceType).toString("");
+        auto userCountryCode = apiPayload.value(apiDefs::key::userCountryCode).toString("");
+        bypassProxy(endpoint, serviceType, userCountryCode, requestFunction, replyProcessingFunction);
     }
 
-    auto errorCode = apiUtils::checkNetworkReplyErrors(sslErrors, reply);
+    auto errorCode = apiUtils::checkNetworkReplyErrors(sslErrors, replyErrorString, replyError, httpStatusCode, encryptedResponseBody);
-    reply->deleteLater();
     if (errorCode) {
         return errorCode;
     }
 
     try {
-        responseBody = blockCipher.decryptAesBlockCipher(encryptedResponseBody, key, iv, "", salt);
+        QSimpleCrypto::QBlockCipher blockCipher;
+        responseBody =
+                blockCipher.decryptAesBlockCipher(encryptedResponseBody, encRequestData.key, encRequestData.iv, "", encRequestData.salt);
         return ErrorCode::NoError;
     } catch (...) { // todo change error handling in QSimpleCrypto?
         Utils::logException();
@@ -225,7 +192,94 @@ ErrorCode GatewayController::post(const QString &endpoint, const QJsonObject api
     }
 }
 
-QStringList GatewayController::getProxyUrls()
+QFuture<QPair<ErrorCode, QByteArray>> GatewayController::postAsync(const QString &endpoint, const QJsonObject apiPayload)
+{
+    auto promise = QSharedPointer<QPromise<QPair<ErrorCode, QByteArray>>>::create();
+    promise->start();
+
+    EncryptedRequestData encRequestData = prepareRequest(endpoint, apiPayload);
+    if (encRequestData.errorCode != ErrorCode::NoError) {
+        promise->addResult(qMakePair(encRequestData.errorCode, QByteArray()));
+        promise->finish();
+        return promise->future();
+    }
+
+    QNetworkReply *reply = amnApp->networkManager()->post(encRequestData.request, encRequestData.requestBody);
+
+    auto sslErrors = QSharedPointer<QList<QSslError>>::create();
+
+    connect(reply, &QNetworkReply::sslErrors, [sslErrors](const QList<QSslError> &errors) { *sslErrors = errors; });
+
+    connect(reply, &QNetworkReply::finished, reply, [promise, sslErrors, encRequestData, endpoint, apiPayload, reply, this]() mutable {
+        QByteArray encryptedResponseBody = reply->readAll();
+        QString replyErrorString = reply->errorString();
+        auto replyError = reply->error();
+        int httpStatusCode = reply->attribute(QNetworkRequest::HttpStatusCodeAttribute).toInt();
+
+        reply->deleteLater();
+
+        auto processResponse = [promise, encRequestData](const QByteArray &ecryptedResponseBody, const QList<QSslError> &sslErrors,
+                                                         QNetworkReply::NetworkError replyError, const QString &replyErrorString,
+                                                         int httpStatusCode) {
+            auto errorCode = apiUtils::checkNetworkReplyErrors(sslErrors, replyErrorString, replyError, httpStatusCode, ecryptedResponseBody);
+            if (errorCode) {
+                promise->addResult(qMakePair(errorCode, QByteArray()));
+                promise->finish();
+                return;
+            }
+
+            QSimpleCrypto::QBlockCipher blockCipher;
+            try {
+                QByteArray responseBody = blockCipher.decryptAesBlockCipher(ecryptedResponseBody, encRequestData.key, encRequestData.iv, "",
+                                                                            encRequestData.salt);
+                promise->addResult(qMakePair(ErrorCode::NoError, responseBody));
+                promise->finish();
+            } catch (...) {
+                Utils::logException();
+                qCritical() << "error when decrypting the request body";
+                promise->addResult(qMakePair(ErrorCode::ApiConfigDecryptionError, QByteArray()));
+                promise->finish();
+            }
+        };
+
+        if (sslErrors->isEmpty()
+            && shouldBypassProxy(replyError, encryptedResponseBody, true, encRequestData.key, encRequestData.iv, encRequestData.salt)) {
+            auto serviceType = apiPayload.value(apiDefs::key::serviceType).toString("");
+            auto userCountryCode = apiPayload.value(apiDefs::key::userCountryCode).toString("");
+
+            QStringList baseUrls;
+            if (m_isDevEnvironment) {
+                baseUrls = QString(DEV_S3_ENDPOINT).split(", ");
+            } else {
+                baseUrls = QString(PROD_S3_ENDPOINT).split(", ");
+            }
+
+            QStringList proxyStorageUrls;
+            if (!serviceType.isEmpty()) {
+                for (const auto &baseUrl : baseUrls) {
+                    QByteArray path = ("endpoints-" + serviceType + "-" + userCountryCode).toUtf8();
+                    proxyStorageUrls.push_back(baseUrl + path.toBase64(QByteArray::Base64UrlEncoding | QByteArray::OmitTrailingEquals)
+                                               + ".json");
+                }
+            }
+            for (const auto &baseUrl : baseUrls)
+                proxyStorageUrls.push_back(baseUrl + "endpoints.json");
+
+            getProxyUrlsAsync(proxyStorageUrls, 0, [this, encRequestData, endpoint, processResponse](const QStringList &proxyUrls) {
+                getProxyUrlAsync(proxyUrls, 0, [this, encRequestData, endpoint, processResponse](const QString &proxyUrls) {
+                    bypassProxyAsync(endpoint, proxyUrls, encRequestData, processResponse);
+                });
+            });
+
+        } else {
+            processResponse(encryptedResponseBody, *sslErrors, replyError, replyErrorString, httpStatusCode);
+        }
+    });
+
+    return promise->future();
+}
+
+QStringList GatewayController::getProxyUrls(const QString &serviceType, const QString &userCountryCode)
 {
     QNetworkRequest request;
     request.setTransferTimeout(m_requestTimeoutMsecs);
@@ -235,22 +289,33 @@ QStringList GatewayController::getProxyUrls()
     QList<QSslError> sslErrors;
     QNetworkReply *reply;
 
-    QStringList proxyStorageUrls;
+    QStringList baseUrls;
     if (m_isDevEnvironment) {
-        proxyStorageUrls = QString(DEV_S3_ENDPOINT).split(", ");
+        baseUrls = QString(DEV_S3_ENDPOINT).split(", ");
     } else {
-        proxyStorageUrls = QString(PROD_S3_ENDPOINT).split(", ");
+        baseUrls = QString(PROD_S3_ENDPOINT).split(", ");
     }
 
     QByteArray key = m_isDevEnvironment ? DEV_AGW_PUBLIC_KEY : PROD_AGW_PUBLIC_KEY;
 
+    QStringList proxyStorageUrls;
+    if (!serviceType.isEmpty()) {
+        for (const auto &baseUrl : baseUrls) {
+            QByteArray path = ("endpoints-" + serviceType + "-" + userCountryCode).toUtf8();
+            proxyStorageUrls.push_back(baseUrl + path.toBase64(QByteArray::Base64UrlEncoding | QByteArray::OmitTrailingEquals) + ".json");
+        }
+    }
+    for (const auto &baseUrl : baseUrls) {
+        proxyStorageUrls.push_back(baseUrl + "endpoints.json");
+    }
+
     for (const auto &proxyStorageUrl : proxyStorageUrls) {
         request.setUrl(proxyStorageUrl);
         reply = amnApp->networkManager()->get(request);
 
         connect(reply, &QNetworkReply::finished, &wait, &QEventLoop::quit);
         connect(reply, &QNetworkReply::sslErrors, [this, &sslErrors](const QList<QSslError> &errors) { sslErrors = errors; });
-        wait.exec();
+        wait.exec(QEventLoop::ExcludeUserInputEvents);
 
         if (reply->error() == QNetworkReply::NetworkError::NoError) {
             auto encryptedResponseBody = reply->readAll();
@@ -288,7 +353,10 @@ QStringList GatewayController::getProxyUrls()
             }
             return endpoints;
         } else {
-            apiUtils::checkNetworkReplyErrors(sslErrors, reply);
+            auto replyError = reply->error();
+            int httpStatusCode = reply->attribute(QNetworkRequest::HttpStatusCodeAttribute).toInt();
+            qDebug() << replyError;
+            qDebug() << httpStatusCode;
             qDebug() << "go to the next storage endpoint";
 
             reply->deleteLater();
@@ -297,33 +365,33 @@ QStringList GatewayController::getProxyUrls()
     return {};
 }
 
-bool GatewayController::shouldBypassProxy(QNetworkReply *reply, const QByteArray &responseBody, bool checkEncryption, const QByteArray &key,
+bool GatewayController::shouldBypassProxy(const QNetworkReply::NetworkError &replyError, const QByteArray &responseBody,
-                                          const QByteArray &iv, const QByteArray &salt)
+                                          bool checkEncryption, const QByteArray &key, const QByteArray &iv, const QByteArray &salt)
 {
-    if (reply->error() == QNetworkReply::NetworkError::OperationCanceledError || reply->error() == QNetworkReply::NetworkError::TimeoutError) {
+    if (replyError == QNetworkReply::NetworkError::OperationCanceledError || replyError == QNetworkReply::NetworkError::TimeoutError) {
         qDebug() << "timeout occurred";
-        qDebug() << reply->error();
+        qDebug() << replyError;
         return true;
     } else if (responseBody.contains("html")) {
         qDebug() << "the response contains an html tag";
         return true;
-    } else if (reply->error() == QNetworkReply::NetworkError::ContentNotFoundError) {
+    } else if (replyError == QNetworkReply::NetworkError::ContentNotFoundError) {
         if (responseBody.contains(errorResponsePattern1) || responseBody.contains(errorResponsePattern2)
             || responseBody.contains(errorResponsePattern3)) {
             return false;
         } else {
-            qDebug() << reply->error();
+            qDebug() << replyError;
             return true;
         }
-    } else if (reply->error() == QNetworkReply::NetworkError::OperationNotImplementedError) {
+    } else if (replyError == QNetworkReply::NetworkError::OperationNotImplementedError) {
         if (responseBody.contains(updateRequestResponsePattern)) {
             return false;
         } else {
-            qDebug() << reply->error();
+            qDebug() << replyError;
             return true;
         }
-    } else if (reply->error() != QNetworkReply::NetworkError::NoError) {
+    } else if (replyError != QNetworkReply::NetworkError::NoError) {
-        qDebug() << reply->error();
+        qDebug() << replyError;
         return true;
     } else if (checkEncryption) {
         try {
@@ -337,35 +405,33 @@ bool GatewayController::shouldBypassProxy(QNetworkReply *reply, const QByteArray
     return false;
 }
 
-void GatewayController::bypassProxy(const QString &endpoint, QNetworkReply *reply,
+void GatewayController::bypassProxy(const QString &endpoint, const QString &serviceType, const QString &userCountryCode,
                                     std::function<QNetworkReply *(const QString &url)> requestFunction,
                                     std::function<bool(QNetworkReply *reply, const QList<QSslError> &sslErrors)> replyProcessingFunction)
 {
-    QStringList proxyUrls = getProxyUrls();
+    QStringList proxyUrls = getProxyUrls(serviceType, userCountryCode);
     std::random_device randomDevice;
     std::mt19937 generator(randomDevice());
     std::shuffle(proxyUrls.begin(), proxyUrls.end(), generator);
 
     QByteArray responseBody;
 
-    auto bypassFunction = [this](const QString &endpoint, const QString &proxyUrl, QNetworkReply *reply,
+    auto bypassFunction = [this](const QString &endpoint, const QString &proxyUrl,
                                  std::function<QNetworkReply *(const QString &url)> requestFunction,
                                  std::function<bool(QNetworkReply * reply, const QList<QSslError> &sslErrors)> replyProcessingFunction) {
         QEventLoop wait;
         QList<QSslError> sslErrors;
 
         qDebug() << "go to the next proxy endpoint";
-        reply->deleteLater(); // delete the previous reply
+        QNetworkReply *reply = requestFunction(endpoint.arg(proxyUrl));
-        reply = requestFunction(endpoint.arg(proxyUrl));
 
         QObject::connect(reply, &QNetworkReply::finished, &wait, &QEventLoop::quit);
         connect(reply, &QNetworkReply::sslErrors, [this, &sslErrors](const QList<QSslError> &errors) { sslErrors = errors; });
-        wait.exec();
+        wait.exec(QEventLoop::ExcludeUserInputEvents);
 
-        if (replyProcessingFunction(reply, sslErrors)) {
+        auto result = replyProcessingFunction(reply, sslErrors);
-            return true;
+        reply->deleteLater();
-        }
+        return result;
-        return false;
     };
 
     if (m_proxyUrl.isEmpty()) {
@@ -383,7 +449,7 @@ void GatewayController::bypassProxy(const QString &endpoint, QNetworkReply *repl
 
             connect(reply, &QNetworkReply::finished, &wait, &QEventLoop::quit);
             connect(reply, &QNetworkReply::sslErrors, [this, &sslErrors](const QList<QSslError> &errors) { sslErrors = errors; });
-            wait.exec();
+            wait.exec(QEventLoop::ExcludeUserInputEvents);
 
             if (reply->error() == QNetworkReply::NetworkError::NoError) {
                 reply->deleteLater();
@@ -399,15 +465,146 @@ void GatewayController::bypassProxy(const QString &endpoint, QNetworkReply *repl
     }
 
     if (!m_proxyUrl.isEmpty()) {
-        if (bypassFunction(endpoint, m_proxyUrl, reply, requestFunction, replyProcessingFunction)) {
+        if (bypassFunction(endpoint, m_proxyUrl, requestFunction, replyProcessingFunction)) {
             return;
         }
     }
 
     for (const QString &proxyUrl : proxyUrls) {
-        if (bypassFunction(endpoint, proxyUrl, reply, requestFunction, replyProcessingFunction)) {
+        if (bypassFunction(endpoint, proxyUrl, requestFunction, replyProcessingFunction)) {
             m_proxyUrl = proxyUrl;
             break;
         }
     }
 }
+
+void GatewayController::getProxyUrlsAsync(const QStringList proxyStorageUrls, const int currentProxyStorageIndex,
+                                          std::function<void(const QStringList &)> onComplete)
+{
+    if (currentProxyStorageIndex >= proxyStorageUrls.size()) {
+        onComplete({});
+        return;
+    }
+
+    QNetworkRequest request;
+    request.setTransferTimeout(m_requestTimeoutMsecs);
+    request.setHeader(QNetworkRequest::ContentTypeHeader, "application/json");
+    request.setUrl(proxyStorageUrls[currentProxyStorageIndex]);
+
+    QNetworkReply *reply = amnApp->networkManager()->get(request);
+
+    // connect(reply, &QNetworkReply::sslErrors, this, [state](const QList<QSslError> &e) { *(state->sslErrors) = e; });
+
+    connect(reply, &QNetworkReply::finished, this, [this, proxyStorageUrls, currentProxyStorageIndex, onComplete, reply]() {
+        if (reply->error() == QNetworkReply::NoError) {
+            QByteArray encrypted = reply->readAll();
+            reply->deleteLater();
+
+            QByteArray responseBody;
+            try {
+                QByteArray key = m_isDevEnvironment ? DEV_AGW_PUBLIC_KEY : PROD_AGW_PUBLIC_KEY;
+                if (!m_isDevEnvironment) {
+                    QCryptographicHash hash(QCryptographicHash::Sha512);
+                    hash.addData(key);
+                    QByteArray h = hash.result().toHex();
+
+                    QByteArray decKey = QByteArray::fromHex(h.left(64));
+                    QByteArray iv = QByteArray::fromHex(h.mid(64, 32));
+                    QByteArray ba = QByteArray::fromBase64(encrypted);
+
+                    QSimpleCrypto::QBlockCipher cipher;
+                    responseBody = cipher.decryptAesBlockCipher(ba, decKey, iv);
+                } else {
+                    responseBody = encrypted;
+                }
+            } catch (...) {
+                Utils::logException();
+                qCritical() << "error decrypting payload";
+                QMetaObject::invokeMethod(
+                        this, [=]() { getProxyUrlsAsync(proxyStorageUrls, currentProxyStorageIndex + 1, onComplete); }, Qt::QueuedConnection);
+                return;
+            }
+
+            QJsonArray endpointsArray = QJsonDocument::fromJson(responseBody).array();
+            QStringList endpoints;
+            for (const QJsonValue &endpoint : endpointsArray)
+                endpoints.push_back(endpoint.toString());
+
+            QStringList shuffled = endpoints;
+            std::random_device randomDevice;
+            std::mt19937 generator(randomDevice());
+            std::shuffle(shuffled.begin(), shuffled.end(), generator);
+
+            onComplete(shuffled);
+            return;
+        }
+
+        int httpStatusCode = reply->attribute(QNetworkRequest::HttpStatusCodeAttribute).toInt();
+        qDebug() << httpStatusCode;
+        qDebug() << "go to the next storage endpoint";
+        reply->deleteLater();
+        QMetaObject::invokeMethod(
+                this, [=]() { getProxyUrlsAsync(proxyStorageUrls, currentProxyStorageIndex + 1, onComplete); }, Qt::QueuedConnection);
+    });
+}
+
+void GatewayController::getProxyUrlAsync(const QStringList proxyUrls, const int currentProxyIndex, std::function<void(const QString &)> onComplete)
+{
+    if (currentProxyIndex >= proxyUrls.size()) {
+        onComplete("");
+        return;
+    }
+
+    QNetworkRequest request;
+    request.setTransferTimeout(1000);
+    request.setHeader(QNetworkRequest::ContentTypeHeader, "application/json");
+    request.setUrl(proxyUrls[currentProxyIndex] + "lmbd-health");
+
+    QNetworkReply *reply = amnApp->networkManager()->get(request);
+
+    // connect(reply, &QNetworkReply::sslErrors, this, [state](const QList<QSslError> &e) {
+    //     *(state->sslErrors) = e;
+    // });
+
+    connect(reply, &QNetworkReply::finished, this, [this, proxyUrls, currentProxyIndex, onComplete, reply]() {
+        reply->deleteLater();
+
+        if (reply->error() == QNetworkReply::NoError) {
+            m_proxyUrl = proxyUrls[currentProxyIndex];
+            onComplete(m_proxyUrl);
+            return;
+        }
+
+        qDebug() << "go to the next proxy endpoint";
+        QMetaObject::invokeMethod(this, [=]() { getProxyUrlAsync(proxyUrls, currentProxyIndex + 1, onComplete); }, Qt::QueuedConnection);
+    });
+}
+
+void GatewayController::bypassProxyAsync(
+        const QString &endpoint, const QString &proxyUrl, EncryptedRequestData encRequestData,
+        std::function<void(const QByteArray &, const QList<QSslError> &, QNetworkReply::NetworkError, const QString &, int)> onComplete)
+{
+    auto sslErrors = QSharedPointer<QList<QSslError>>::create();
+    if (proxyUrl.isEmpty()) {
+        onComplete(QByteArray(), *sslErrors, QNetworkReply::InternalServerError, "empty proxy url", 0);
+        return;
+    }
+
+    QNetworkRequest request = encRequestData.request;
+    request.setUrl(endpoint.arg(proxyUrl));
+
+    QNetworkReply *reply = amnApp->networkManager()->post(request, encRequestData.requestBody);
+
+    connect(reply, &QNetworkReply::sslErrors, this, [sslErrors](const QList<QSslError> &errors) { *sslErrors = errors; });
+
+    connect(reply, &QNetworkReply::finished, this, [sslErrors, onComplete, reply]() {
+        QByteArray encryptedResponseBody = reply->readAll();
+        QString replyErrorString = reply->errorString();
+        auto replyError = reply->error();
+        int httpStatusCode = reply->attribute(QNetworkRequest::HttpStatusCodeAttribute).toInt();
+
+        reply->deleteLater();
+
+        onComplete(encryptedResponseBody, *sslErrors, replyError, replyErrorString, httpStatusCode);
+    });
+}

client/core/controllers/gatewayController.h

@@ -1,8 +1,12 @@
 #ifndef GATEWAYCONTROLLER_H
 #define GATEWAYCONTROLLER_H
 
+#include <QFuture>
 #include <QNetworkReply>
 #include <QObject>
+#include <QPair>
+#include <QPromise>
+#include <QSharedPointer>
 
 #include "core/defs.h"
 
@@ -18,16 +22,36 @@ public:
     explicit GatewayController(const QString &gatewayEndpoint, const bool isDevEnvironment, const int requestTimeoutMsecs,
                                const bool isStrictKillSwitchEnabled, QObject *parent = nullptr);
 
-    amnezia::ErrorCode get(const QString &endpoint, QByteArray &responseBody);
     amnezia::ErrorCode post(const QString &endpoint, const QJsonObject apiPayload, QByteArray &responseBody);
+    QFuture<QPair<amnezia::ErrorCode, QByteArray>> postAsync(const QString &endpoint, const QJsonObject apiPayload);
 
 private:
-    QStringList getProxyUrls();
+    struct EncryptedRequestData
-    bool shouldBypassProxy(QNetworkReply *reply, const QByteArray &responseBody, bool checkEncryption, const QByteArray &key = "",
+    {
-                           const QByteArray &iv = "", const QByteArray &salt = "");
+        QNetworkRequest request;
-    void bypassProxy(const QString &endpoint, QNetworkReply *reply, std::function<QNetworkReply *(const QString &url)> requestFunction,
+        QByteArray requestBody;
+        QByteArray key;
+        QByteArray iv;
+        QByteArray salt;
+        amnezia::ErrorCode errorCode;
+    };
+
+    EncryptedRequestData prepareRequest(const QString &endpoint, const QJsonObject &apiPayload);
+
+    QStringList getProxyUrls(const QString &serviceType, const QString &userCountryCode);
+    bool shouldBypassProxy(const QNetworkReply::NetworkError &replyError, const QByteArray &responseBody, bool checkEncryption,
+                           const QByteArray &key = "", const QByteArray &iv = "", const QByteArray &salt = "");
+    void bypassProxy(const QString &endpoint, const QString &serviceType, const QString &userCountryCode,
+                     std::function<QNetworkReply *(const QString &url)> requestFunction,
                      std::function<bool(QNetworkReply *reply, const QList<QSslError> &sslErrors)> replyProcessingFunction);
 
+    void getProxyUrlsAsync(const QStringList proxyStorageUrls, const int currentProxyStorageIndex,
+                           std::function<void(const QStringList &)> onComplete);
+    void getProxyUrlAsync(const QStringList proxyUrls, const int currentProxyIndex, std::function<void(const QString &)> onComplete);
+    void bypassProxyAsync(
+            const QString &endpoint, const QString &proxyUrl, EncryptedRequestData encRequestData,
+            std::function<void(const QByteArray &, const QList<QSslError> &, QNetworkReply::NetworkError, const QString &, int)> onComplete);
+
     int m_requestTimeoutMsecs;
     QString m_gatewayEndpoint;
     bool m_isDevEnvironment = false;

client/core/controllers/serverController.cpp

@@ -197,8 +197,12 @@ ErrorCode ServerController::uploadFileToHost(const ServerCredentials &credential
         return error;
     }
 
-    // Write directly via SCP without creating a temporary local file.
+    QTemporaryFile localFile;
-    error = m_sshClient.scpWriteBuffer(overwriteMode, data, remotePath, "non_desc");
+    localFile.open();
+    localFile.write(data);
+    localFile.close();
+
+    error = m_sshClient.scpFileCopy(overwriteMode, localFile.fileName(), remotePath, "non_desc");
 
     if (error != ErrorCode::NoError) {
         return error;

client/core/ipcclient.cpp

@@ -18,12 +18,6 @@ bool IpcClient::isSocketConnected() const
     return m_isSocketConnected;
 }
 
-void IpcClient::close()
-{
-    if (m_localSocket)
-        m_localSocket->close();
-}
-
 IpcClient *IpcClient::Instance()
 {
     return m_instance;
@@ -91,8 +85,9 @@ bool IpcClient::init(IpcClient *instance)
     }
 
     qDebug() << "IpcClient::init succeed";
+    instance->m_isSocketConnected = (Instance()->m_ipcClient->isReplicaValid() && Instance()->m_Tun2SocksClient->isReplicaValid());
 
-    return (Instance()->m_ipcClient->isReplicaValid() && Instance()->m_Tun2SocksClient->isReplicaValid());
+    return Instance()->isSocketConnected();
 }
 
 QSharedPointer<PrivilegedProcess> IpcClient::CreatePrivilegedProcess()

client/core/ipcclient.h

@@ -23,7 +23,6 @@ public:
    static QSharedPointer<PrivilegedProcess> CreatePrivilegedProcess();
 
    bool isSocketConnected() const;
-   void close();
 
 signals:
 

client/core/networkUtilities.cpp

@@ -170,7 +170,7 @@ int NetworkUtilities::AdapterIndexTo(const QHostAddress& dst) {
 #ifdef Q_OS_WIN
     qDebug() << "Getting Current Internet Adapter that routes to"
              << dst.toString();
-    quint32_be ipBigEndian;
+    quint32 ipBigEndian;
     quint32 ip = dst.toIPv4Address();
     qToBigEndian(ip, &ipBigEndian);
     _MIB_IPFORWARDROW routeInfo;

client/core/osSignalHandler.cpp

@@ -0,0 +1,159 @@
+#include "osSignalHandler.h"
+
+#include <QCoreApplication>
+#include <QSocketNotifier>
+
+#if defined(Q_OS_LINUX) && !defined(Q_OS_ANDROID)
+    #include <pthread.h>
+    #include <signal.h>
+    #include <sys/signalfd.h>
+    #include <unistd.h>
+#elif defined(Q_OS_MACOS)
+    #include <fcntl.h>
+    #include <signal.h>
+    #include <unistd.h>
+#endif
+
+#ifdef Q_OS_WIN
+    #include <QMetaObject>
+    #include <windows.h>
+#endif
+
+namespace
+{
+
+    static bool initialized = false;
+
+#ifdef Q_OS_WIN
+    static BOOL WINAPI consoleHandler(DWORD signal)
+    {
+        switch (signal) {
+        case CTRL_CLOSE_EVENT:
+        case CTRL_C_EVENT:
+        case CTRL_BREAK_EVENT:
+        case CTRL_LOGOFF_EVENT:
+        case CTRL_SHUTDOWN_EVENT:
+            if (QCoreApplication::instance()) {
+                QMetaObject::invokeMethod(QCoreApplication::instance(), "quit", Qt::QueuedConnection);
+            }
+            return TRUE;
+        default: return FALSE;
+        }
+    }
+#endif
+
+#if defined(Q_OS_LINUX) && !defined(Q_OS_ANDROID)
+    static int signalFd = -1;
+    static QSocketNotifier *socketNotifier = nullptr;
+
+    static void setupUnixSignalHandler()
+    {
+        sigset_t set;
+        sigemptyset(&set);
+        sigaddset(&set, SIGINT);
+        sigaddset(&set, SIGTERM);
+
+        pthread_sigmask(SIBLOCK, &set, nullptr);
+
+        signalFd = signalfd(-1, &set, SFD_NONBLOCK | SFD_CLOEXEC);
+        if (signalFd < 0)
+            return;
+
+        socketNotifier = new QSocketNotifier(signalFd, QSocketNotifier::Read, QCoreApplication::instance());
+
+        QObject::connect(socketNotifier, &QSocketNotifier::activated, QCoreApplication::instance(), [](int) {
+            signalfd_siginfo fdsi;
+            ::read(signalFd, &fdsi, sizeof(fdsi));
+
+            if (fdsi.ssi_signo == SIGINT || fdsi.ssi_signo == SIGTERM) {
+                QCoreApplication::quit();
+            }
+        });
+    }
+#elif defined(Q_OS_MACX)
+    static int signalPipe[2] = { -1, -1 };
+    static QSocketNotifier *socketNotifier = nullptr;
+
+    static void macSignalHandler(int)
+    {
+        const char ch = 1;
+        ::write(signalPipe[1], &ch, sizeof(ch));
+    }
+
+    static void setupUnixSignalHandler()
+    {
+        if (::pipe(signalPipe) != 0)
+            return;
+
+        ::fcntl(signalPipe[0], F_SETFL, O_NONBLOCK);
+        ::fcntl(signalPipe[1], F_SETFL, O_NONBLOCK);
+
+        struct sigaction sa {};
+        sa.sa_handler = macSignalHandler;
+        sigemptyset(&sa.sa_mask);
+        sa.sa_flags = 0;
+
+        sigaction(SIGINT, &sa, nullptr);
+        sigaction(SIGTERM, &sa, nullptr);
+
+        socketNotifier = new QSocketNotifier(signalPipe[0], QSocketNotifier::Read, QCoreApplication::instance());
+
+        QObject::connect(socketNotifier, &QSocketNotifier::activated, QCoreApplication::instance(), [](int) {
+            char buf[16];
+            ::read(signalPipe[0], buf, sizeof(buf));
+            QCoreApplication::quit();
+        });
+    }
+#endif
+
+    static void cleanupUnixSignalHandler()
+    {
+#if defined(Q_OS_LINUX) && !defined(Q_OS_ANDROID)
+        if (socketNotifier) {
+            socketNotifier->setEnabled(false);
+        }
+
+        if (signalFd >= 0) {
+            ::close(signalFd);
+            signalFd = -1;
+        }
+
+#elif defined(Q_OS_MACOS)
+        if (socketNotifier) {
+            socketNotifier->setEnabled(false);
+        }
+
+        if (signalPipe[0] >= 0) {
+            ::close(signalPipe[0]);
+            signalPipe[0] = -1;
+        }
+
+        if (signalPipe[1] >= 0) {
+            ::close(signalPipe[1]);
+            signalPipe[1] = -1;
+        }
+#endif
+    }
+}
+
+OsSignalHandler::OsSignalHandler(QObject *parent) : QObject(parent)
+{
+}
+
+void OsSignalHandler::setup()
+{
+    if (initialized)
+        return;
+
+    initialized = true;
+
+#if (defined(Q_OS_LINUX) && !defined(Q_OS_ANDROID)) || defined(Q_OS_MACX)
+    setupUnixSignalHandler();
+#endif
+
+#ifdef Q_OS_WIN
+    SetConsoleCtrlHandler(consoleHandler, TRUE);
+#endif
+
+    QObject::connect(QCoreApplication::instance(), &QCoreApplication::aboutToQuit, [] { cleanupUnixSignalHandler(); });
+}

client/core/osSignalHandler.h

@@ -0,0 +1,17 @@
+#ifndef OSSIGNALHANDLER_H
+#define OSSIGNALHANDLER_H
+
+#include <QObject>
+
+class OsSignalHandler : public QObject
+{
+    Q_OBJECT
+public:
+    static void setup();
+
+private:
+    explicit OsSignalHandler(QObject *parent = nullptr);
+    static void handleSignal(int signal);
+};
+
+#endif // OSSIGNALHANDLER_H

client/core/sshclient.cpp

@@ -4,7 +4,6 @@
 #include <QtConcurrent>
 
 #include <fstream>
-#include <algorithm>
 
 #ifdef Q_OS_WINDOWS
 const uint32_t S_IRWXU = 0644;
@@ -291,54 +290,6 @@ namespace libssh {
         return watcher.result();
     }
 
-    ErrorCode Client::scpWriteBuffer(const ScpOverwriteMode overwriteMode, const QByteArray &data, const QString &remotePath, const QString &fileDesc)
-    {
-        m_scpSession = ssh_scp_new(m_session, SSH_SCP_WRITE, remotePath.toStdString().c_str());
-
-        if (m_scpSession == nullptr) {
-            return fromLibsshErrorCode();
-        }
-
-        if (ssh_scp_init(m_scpSession) != SSH_OK) {
-            auto errorCode = fromLibsshErrorCode();
-            closeScpSession();
-            return errorCode;
-        }
-
-        QFutureWatcher<ErrorCode> watcher;
-        connect(&watcher, &QFutureWatcher<ErrorCode>::finished, this, &Client::scpWriteBufferFinished);
-        QFuture<ErrorCode> future = QtConcurrent::run([this, overwriteMode, &data, &remotePath, &fileDesc]() {
-            const int accessType = O_WRONLY | O_CREAT | overwriteMode;
-            const int totalSize = data.size();
-
-            int result = ssh_scp_push_file(m_scpSession, remotePath.toStdString().c_str(), totalSize, accessType);
-            if (result != SSH_OK) {
-                return fromLibsshErrorCode();
-            }
-
-            constexpr int bufferSize = 16384;
-            int transferred = 0;
-            while (transferred < totalSize) {
-                const int chunkSize = std::min(bufferSize, totalSize - transferred);
-                result = ssh_scp_write(m_scpSession, data.constData() + transferred, chunkSize);
-                if (result != SSH_OK) {
-                    return fromLibsshErrorCode();
-                }
-                transferred += chunkSize;
-            }
-
-            return ErrorCode::NoError;
-        });
-        watcher.setFuture(future);
-
-        QEventLoop wait;
-        QObject::connect(this, &Client::scpWriteBufferFinished, &wait, &QEventLoop::quit);
-        wait.exec();
-
-        closeScpSession();
-        return watcher.result();
-    }
-
     void Client::closeScpSession()
     {
         if (m_scpSession != nullptr) {

client/core/sshclient.h

@@ -36,11 +36,6 @@ namespace libssh {
                                const QString &localPath,
                                const QString &remotePath,
                                const QString &fileDesc);
-        // Copy data directly without a temporary local file
-        ErrorCode scpWriteBuffer(const ScpOverwriteMode overwriteMode,
-                                 const QByteArray &data,
-                                 const QString &remotePath,
-                                 const QString &fileDesc);
         ErrorCode getDecryptedPrivateKey(const ServerCredentials &credentials, QString &decryptedPrivateKey, const std::function<QString()> &passphraseCallback);
     private:
         ErrorCode closeChannel();
@@ -57,7 +52,6 @@ namespace libssh {
     signals:
         void writeToChannelFinished();
         void scpFileCopyFinished();
-        void scpWriteBufferFinished();
     };
 }
 

client/daemon/interfaceconfig.h

@@ -8,7 +8,7 @@
 #include <QList>
 #include <QMap>
 #include <QString>
-#include <QMap>
+
 #include "ipaddress.h"
 
 class QJsonObject;

client/images/controls/news-unread.svg

@@ -0,0 +1,14 @@
+<svg width="24" height="24" viewBox="0 0 74 74" fill="none" xmlns="http://www.w3.org/2000/svg">
+<g clip-path="url(#clip0_4_34)">
+<path d="M55.5 12.3333H18.5C15.0942 12.3333 12.3333 15.0943 12.3333 18.5V55.5C12.3333 58.9058 15.0942 61.6667 18.5 61.6667H55.5C58.9057 61.6667 61.6666 58.9058 61.6666 55.5V18.5C61.6666 15.0943 58.9057 12.3333 55.5 12.3333Z" stroke="#CBCAC8" stroke-width="5" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M21.5833 24.6667H52.4167" stroke="#CBCAC8" stroke-width="5" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M21.5833 37H52.4167" stroke="#CBCAC8" stroke-width="5" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M21.5833 49.3333H40.0833" stroke="#CBCAC8" stroke-width="5" stroke-linecap="round" stroke-linejoin="round"/>
+<circle cx="61.5" cy="12.5" r="15" fill="#FBB36B" stroke="#1C1D21" stroke-width="5"/>
+</g>
+<defs>
+<clipPath id="clip0_4_34">
+<rect width="74" height="74" fill="white"/>
+</clipPath>
+</defs>
+</svg>

client/images/controls/news.svg

@@ -0,0 +1,8 @@
+<svg width="24" height="24" xmlns="http://www.w3.org/2000/svg" fill="none" stroke="#CBCAC8" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round">
+  <!-- Основа газеты -->
+  <rect x="4" y="4" width="16" height="16" rx="2"/>
+  <!-- Линии текста -->
+  <line x1="7" y1="8" x2="17" y2="8"/>
+  <line x1="7" y1="12" x2="17" y2="12"/>
+  <line x1="7" y1="16" x2="13" y2="16"/>
+</svg>

client/images/controls/unread-dot.svg

@@ -0,0 +1,3 @@
+<svg width="16" height="16" viewBox="0 0 35 35" fill="none" xmlns="http://www.w3.org/2000/svg">
+<circle cx="17.5" cy="17.5" r="15" fill="#FBB36B" stroke="#1C1D21" stroke-width="5"/>
+</svg>

client/main.cpp

@@ -2,6 +2,7 @@
 #include <QTimer>
 
 #include "amnezia_application.h"
+#include "core/osSignalHandler.h"
 #include "migrations.h"
 #include "version.h"
 
@@ -44,6 +45,7 @@ int main(int argc, char *argv[])
 #endif
 
     AmneziaApplication app(argc, argv);
+    OsSignalHandler::setup();
 
 #if !defined(Q_OS_ANDROID) && !defined(Q_OS_IOS) && !defined(MACOS_NE)
     if (isAnotherInstanceRunning()) {

client/mozilla/localsocketcontroller.cpp

@@ -5,9 +5,6 @@
 
 #include <stdint.h>
 
-#include <QCoreApplication>
-#include <QDateTime>
-#include <QDebug>
 #include <QDir>
 #include <QFileInfo>
 #include <QHostAddress>
@@ -15,13 +12,12 @@
 #include <QJsonDocument>
 #include <QJsonObject>
 #include <QJsonValue>
-#include <QLocalSocket>
-#include <QObject>
 #include <QStandardPaths>
-#include <QTimer>
 
+#include "ipaddress.h"
 #include "leakdetector.h"
 #include "logger.h"
+#include "models/server.h"
 #include "daemon/daemonerrors.h"
 
 #include "protocols/protocols_defs.h"
@@ -119,6 +115,7 @@ void LocalSocketController::daemonConnected() {
 }
 
 void LocalSocketController::activate(const QJsonObject &rawConfig) {
+
   QString protocolName = rawConfig.value("protocol").toString();
 
   int splitTunnelType = rawConfig.value("splitTunnelType").toInt();
@@ -135,16 +132,13 @@ void LocalSocketController::activate(const QJsonObject &rawConfig) {
   //  json.insert("hopindex", QJsonValue((double)hop.m_hopindex));
   json.insert("privateKey", wgConfig.value(amnezia::config_key::client_priv_key));
   json.insert("deviceIpv4Address", wgConfig.value(amnezia::config_key::client_ip));
-  m_deviceIpv4 = wgConfig.value(amnezia::config_key::client_ip).toString();
 
   // set up IPv6 unique-local-address, ULA, with "fd00::/8" prefix, not globally routable.
   // this will be default IPv6 gateway, OS recognizes that IPv6 link is local and switches to IPv4.
   // Otherwise some OSes (Linux) try IPv6 forever and hang.
   // https://en.wikipedia.org/wiki/Unique_local_address (RFC 4193)
   // https://man7.org/linux/man-pages/man5/gai.conf.5.html
-
+  json.insert("deviceIpv6Address", "fd58:baa6:dead::1"); // simply "dead::1" is globally-routable, don't use it
-  // simply "dead::1" is globally-routable, don't use it
-  json.insert("deviceIpv6Address", "fd58:baa6:dead::1");
 
   json.insert("serverPublicKey", wgConfig.value(amnezia::config_key::server_pub_key));
   json.insert("serverPskKey", wgConfig.value(amnezia::config_key::psk_key));
@@ -226,6 +220,7 @@ void LocalSocketController::activate(const QJsonObject &rawConfig) {
 
   json.insert("allowedIPAddressRanges", jsAllowedIPAddesses);
 
+
   QJsonArray jsExcludedAddresses;
   jsExcludedAddresses.append(wgConfig.value(amnezia::config_key::hostName));
   if (splitTunnelType == 2) {
@@ -454,7 +449,6 @@ void LocalSocketController::parseCommand(const QByteArray& command) {
   }
 
   if (type == "status") {
-
     QJsonValue serverIpv4Gateway = obj.value("serverIpv4Gateway");
     if (!serverIpv4Gateway.isString()) {
       logger.error() << "Unexpected serverIpv4Gateway value";
@@ -499,11 +493,6 @@ void LocalSocketController::parseCommand(const QByteArray& command) {
 
     logger.debug() << "Handshake completed with:"
                    << pubkey.toString();
-
-    checkStatus();
-
-    emit statusUpdated("", m_deviceIpv4, 0, 0);
-
     emit connected(pubkey.toString());
     return;
   }

client/mozilla/localsocketcontroller.h

@@ -12,7 +12,6 @@
 
 #include "controllerimpl.h"
 
-
 class QJsonObject;
 
 class LocalSocketController final : public ControllerImpl {
@@ -59,7 +58,6 @@ class LocalSocketController final : public ControllerImpl {
 
   QByteArray m_buffer;
 
-  QString m_deviceIpv4;
   std::function<void(const QString&)> m_logCallback = nullptr;
 
   QTimer m_initializingTimer;

client/mozilla/networkwatcher.cpp

@@ -11,6 +11,7 @@
 #include "logger.h"
 //#include "mozillavpn.h"
 #include "networkwatcherimpl.h"
+#include "platforms/dummy/dummynetworkwatcher.h"
 //#include "settingsholder.h"
 
 #ifdef MZ_WINDOWS
@@ -50,7 +51,7 @@ NetworkWatcher::NetworkWatcher() { MZ_COUNT_CTOR(NetworkWatcher); }
 NetworkWatcher::~NetworkWatcher() { MZ_COUNT_DTOR(NetworkWatcher); }
 
 void NetworkWatcher::initialize() {
-  logger.debug() << "Initialize NetworkWatcher";
+  logger.debug() << "Initialize";
 
 #if defined(MZ_WINDOWS)
   m_impl = new WindowsNetworkWatcher(this);
@@ -68,45 +69,59 @@ void NetworkWatcher::initialize() {
   m_impl = new DummyNetworkWatcher(this);
 #endif
 
-
   connect(m_impl, &NetworkWatcherImpl::unsecuredNetwork, this,
           &NetworkWatcher::unsecuredNetwork);
   connect(m_impl, &NetworkWatcherImpl::networkChanged, this,
           &NetworkWatcher::networkChange);
-  connect(m_impl, &NetworkWatcherImpl::sleepMode, this,
+
-          &NetworkWatcher::onSleepMode);
   m_impl->initialize();
 
-  // Enable sleep/wake monitoring for VPN auto-reconnection
+
-  logger.debug() << "Starting NetworkWatcher for sleep/wake monitoring";
+// TODO: IMPL FOR AMNEZIA
-  logger.debug() << "About to call m_impl->start()";
+#if 0
-  try {
+  SettingsHolder* settingsHolder = SettingsHolder::instance();
+  Q_ASSERT(settingsHolder);
+
+  m_active = settingsHolder->unsecuredNetworkAlert() ||
+             settingsHolder->captivePortalAlert();
+  m_reportUnsecuredNetwork = settingsHolder->unsecuredNetworkAlert();
+  if (m_active) {
     m_impl->start();
-    logger.debug() << "m_impl->start() completed successfully";
-  } catch (const std::exception& e) {
-    logger.error() << "Exception in m_impl->start():" << e.what();
-  } catch (...) {
-    logger.error() << "Unknown exception in m_impl->start()";
   }
-  m_active = true;
+
-  m_reportUnsecuredNetwork = false; // Disable unsecured network alerts for Amnezia
+  connect(settingsHolder, &SettingsHolder::unsecuredNetworkAlertChanged, this,
+          &NetworkWatcher::settingsChanged);
+  connect(settingsHolder, &SettingsHolder::captivePortalAlertChanged, this,
+          &NetworkWatcher::settingsChanged);
+
+#endif
 }
 
 void NetworkWatcher::settingsChanged() {
-  // For Amnezia: Keep NetworkWatcher always active for sleep/wake monitoring
+// TODO: IMPL FOR AMNEZIA
-  logger.debug() << "NetworkWatcher settings changed - keeping sleep monitoring active";
+#if 0
-}
+  SettingsHolder* settingsHolder = SettingsHolder::instance();
+  m_active = settingsHolder->unsecuredNetworkAlert() ||
+             settingsHolder->captivePortalAlert();
+  m_reportUnsecuredNetwork = settingsHolder->unsecuredNetworkAlert();
 
-void NetworkWatcher::onSleepMode()
+  if (m_active) {
-{
+    logger.debug()
-  logger.debug() << "Resumed from sleep mode";
+        << "Starting Network Watcher; Reporting of Unsecured Networks: "
-  emit sleepMode();
+        << m_reportUnsecuredNetwork;
+    m_impl->start();
+  } else {
+    logger.debug() << "Stopping Network Watcher";
+    m_impl->stop();
+  }
+#endif
 }
 
 void NetworkWatcher::unsecuredNetwork(const QString& networkName,
                                       const QString& networkId) {
   logger.debug() << "Unsecured network:" << logger.sensitive(networkName)
                  << "id:" << logger.sensitive(networkId);
+
 #ifndef UNIT_TEST
   if (!m_reportUnsecuredNetwork) {
     logger.debug() << "Disabled. Ignoring unsecured network";

client/mozilla/networkwatcher.h

@@ -29,13 +29,10 @@ public:
     // false to restore.
     void simulateDisconnection(bool simulatedDisconnection);
 
-    void onSleepMode();
-
     QNetworkInformation::Reachability getReachability();
 
 signals:
     void networkChange();
-    void sleepMode();
 
 private:
     void settingsChanged();

client/mozilla/networkwatcherimpl.h

@@ -41,8 +41,6 @@ signals:
     // TODO: Only windows-networkwatcher has this, the other plattforms should
     // too.
     void networkChanged(QString newBSSID);
-    void sleepMode();
-
 
 private:
     bool m_active = false;

client/mozilla/pinghelper.cpp

@@ -41,7 +41,6 @@ void PingHelper::start(const QString& serverIpv4Gateway,
 
   m_gateway = QHostAddress(serverIpv4Gateway);
   m_source = QHostAddress(deviceIpv4Address.section('/', 0, 0));
-
   m_pingSender = PingSenderFactory::create(m_source, this);
 
   // Some platforms require root access to send and receive ICMP pings. If
@@ -54,10 +53,8 @@ void PingHelper::start(const QString& serverIpv4Gateway,
 
   connect(m_pingSender, &PingSender::recvPing, this, &PingHelper::pingReceived,
           Qt::QueuedConnection);
-  connect(m_pingSender, &PingSender::criticalPingError, this, [this]() {
+  connect(m_pingSender, &PingSender::criticalPingError, this,
-        logger.info() << "Encountered Unrecoverable ping error";
+          []() { logger.info() << "Encountered Unrecoverable ping error"; });
-      emit connectionLose();
-  });
 
   // Reset the ping statistics
   m_sequence = 0;

client/mozilla/pinghelper.h

@@ -33,8 +33,6 @@ class PingHelper final : public QObject {
 
  signals:
   void pingSentAndReceived(qint64 msec);
-  void connectionLose();
-
 
  private:
   void nextPing();

client/mozilla/pingsenderfactory.cpp

@@ -5,12 +5,12 @@
 #include "pingsenderfactory.h"
 
 #if defined(MZ_LINUX) || defined(MZ_ANDROID)
-    #  include "platforms/linux/linuxpingsender.h"
+//#  include "platforms/linux/linuxpingsender.h"
 #elif defined(MZ_MACOS) || defined(MZ_IOS)
 #  include "platforms/macos/macospingsender.h"
 #elif defined(MZ_WINDOWS)
 #  include "platforms/windows/windowspingsender.h"
-#elif defined(MZ_WASM) || defined(UNIT_TEST)
+#elif defined(MZ_DUMMY) || defined(UNIT_TEST)
 #  include "platforms/dummy/dummypingsender.h"
 #else
 #  error "Unsupported platform"
@@ -19,7 +19,8 @@
 PingSender* PingSenderFactory::create(const QHostAddress& source,
                                       QObject* parent) {
 #if defined(MZ_LINUX) || defined(MZ_ANDROID)
-    return new LinuxPingSender(source, parent);
+    return nullptr;
+    //  return new LinuxPingSender(source, parent);
 #elif defined(MZ_MACOS) || defined(MZ_IOS)
   return new MacOSPingSender(source, parent);
 #elif defined(MZ_WINDOWS)

client/mozilla/pingsenderfactory.h

@@ -15,5 +15,4 @@ public:
   static PingSender* create(const QHostAddress& source, QObject* parent);
 };
 
-
 #endif  // PINGSENDERFACTORY_H

client/platforms/android/android_controller.cpp

@@ -99,7 +99,9 @@ bool AndroidController::initialize()
         {"onFileOpened", "(Ljava/lang/String;)V", reinterpret_cast<void *>(onFileOpened)},
         {"onConfigImported", "(Ljava/lang/String;)V", reinterpret_cast<void *>(onConfigImported)},
         {"onAuthResult", "(Z)V", reinterpret_cast<void *>(onAuthResult)},
-        {"decodeQrCode", "(Ljava/lang/String;)Z", reinterpret_cast<bool *>(decodeQrCode)}
+        {"decodeQrCode", "(Ljava/lang/String;)Z", reinterpret_cast<bool *>(decodeQrCode)},
+        {"onImeInsetsChanged", "(I)V", reinterpret_cast<void *>(onImeInsetsChanged)},
+        {"onSystemBarsInsetsChanged", "(II)V", reinterpret_cast<void *>(onSystemBarsInsetsChanged)}
     };
 
     QJniEnvironment env;
@@ -202,6 +204,21 @@ bool AndroidController::isOnTv()
     return callActivityMethod<jboolean>("isOnTv", "()Z");
 }
 
+bool AndroidController::isEdgeToEdgeEnabled()
+{
+    return callActivityMethod<jboolean>("isEdgeToEdgeEnabled", "()Z");
+}
+
+int AndroidController::getStatusBarHeight()
+{
+    return callActivityMethod<jint>("getStatusBarHeight", "()I");
+}
+
+int AndroidController::getNavigationBarHeight()
+{
+    return callActivityMethod<jint>("getNavigationBarHeight", "()I");
+}
+
 void AndroidController::startQrReaderActivity()
 {
     callActivityMethod("startQrCodeReader", "()V");
@@ -521,3 +538,23 @@ bool AndroidController::decodeQrCode(JNIEnv *env, jobject thiz, jstring data)
 
     return ImportController::decodeQrCode(AndroidUtils::convertJString(env, data));
 }
+// static
+void AndroidController::onImeInsetsChanged(JNIEnv *env, jobject thiz, jint heightDp)
+{
+    Q_UNUSED(env);
+    Q_UNUSED(thiz);
+
+    qDebug() << "Android IME insets changed: height =" << heightDp << "dp";
+    emit AndroidController::instance()->imeInsetsChanged(heightDp);
+}
+
+// static
+void AndroidController::onSystemBarsInsetsChanged(JNIEnv *env, jobject thiz, jint navBarHeightDp, jint statusBarHeightDp)
+{
+    Q_UNUSED(env);
+    Q_UNUSED(thiz);
+
+    qDebug() << "Android system bars insets changed: nav bar =" << navBarHeightDp << "dp, status bar =" << statusBarHeightDp << "dp";
+    emit AndroidController::instance()->systemBarsInsetsChanged(navBarHeightDp, statusBarHeightDp);
+}
+

client/platforms/android/android_controller.h

@@ -39,6 +39,9 @@ public:
     QString getFileName(const QString &uri);
     bool isCameraPresent();
     bool isOnTv();
+    bool isEdgeToEdgeEnabled();
+    int getStatusBarHeight();
+    int getNavigationBarHeight();
     void startQrReaderActivity();
     void setSaveLogs(bool enabled);
     void exportLogsFile(const QString &fileName);
@@ -70,6 +73,8 @@ signals:
     void importConfigFromOutside(QString config);
     void initConnectionState(Vpn::ConnectionState state);
     void authenticationResult(bool result);
+    void imeInsetsChanged(int heightDp);
+    void systemBarsInsetsChanged(int navBarHeightDp, int statusBarHeightDp);
 
 private:
     bool isWaitingStatus = true;
@@ -98,6 +103,8 @@ private:
     static void onFileOpened(JNIEnv *env, jobject thiz, jstring uri);
     static void onAuthResult(JNIEnv *env, jobject thiz, jboolean result);
     static bool decodeQrCode(JNIEnv *env, jobject thiz, jstring data);
+    static void onImeInsetsChanged(JNIEnv *env, jobject thiz, jint heightDp);
+    static void onSystemBarsInsetsChanged(JNIEnv *env, jobject thiz, jint navBarHeightDp, jint statusBarHeightDp);
 
     template <typename Ret, typename ...Args>
     static auto callActivityMethod(const char *methodName, const char *signature, Args &&...args);

client/platforms/ios/Log.swift

@@ -2,7 +2,8 @@ import Foundation
 import os.log
 
 struct Log {
-  static let osLog = Logger()
+  private static let subsystemIdentifier = Bundle.main.bundleIdentifier ?? "org.amnezia.AmneziaVPN"
+  static let osLog = Logger(subsystem: subsystemIdentifier, category: "App")
 
   private static let IsLoggingEnabledKey = "IsLoggingEnabled"
   static var isLoggingEnabled: Bool {
@@ -77,9 +78,40 @@ struct Log {
   static func log(_ type: OSLogType, title: String = "", message: String, url: URL = neLogURL) {
     NSLog("\(title) \(message)")
 
-    guard isLoggingEnabled else { return }
+    switch type {
+    case .debug:
+      if title.isEmpty {
+        osLog.debug("\(message, privacy: .public)")
+      } else {
+        osLog.debug("\(title, privacy: .public) \(message, privacy: .public)")
+      }
+    case .info:
+      if title.isEmpty {
+        osLog.info("\(message, privacy: .public)")
+      } else {
+        osLog.info("\(title, privacy: .public) \(message, privacy: .public)")
+      }
+    case .error:
+      if title.isEmpty {
+        osLog.error("\(message, privacy: .public)")
+      } else {
+        osLog.error("\(title, privacy: .public) \(message, privacy: .public)")
+      }
+    case .fault:
+      if title.isEmpty {
+        osLog.fault("\(message, privacy: .public)")
+      } else {
+        osLog.fault("\(title, privacy: .public) \(message, privacy: .public)")
+      }
+    default:
+      if title.isEmpty {
+        osLog.log("\(message, privacy: .public)")
+      } else {
+        osLog.log("\(title, privacy: .public) \(message, privacy: .public)")
+      }
+    }
 
-    osLog.log(level: type, "\(title) \(message)")
+    guard isLoggingEnabled else { return }
 
     let date = Date()
     let level = Record.Level(from: type)

client/platforms/ios/NELogController.swift

@@ -1,22 +1,76 @@
 import Foundation
 import os.log
 
+private let subsystemIdentifier = Bundle.main.bundleIdentifier ?? "org.amnezia.AmneziaVPN"
+private let wireGuardSystemLogger = Logger(subsystem: subsystemIdentifier, category: "WireGuard")
+private let openVPNSystemLogger = Logger(subsystem: subsystemIdentifier, category: "OpenVPN")
+private let xraySystemLogger = Logger(subsystem: subsystemIdentifier, category: "Xray")
+private let networkExtensionLogger = Logger(subsystem: subsystemIdentifier, category: "NetworkExtension")
+
+private func logToSystem(_ logger: Logger, type: OSLogType, prefix: String, title: String, message: String) {
+    let combinedTitle: String
+    if title.isEmpty {
+        combinedTitle = prefix
+    } else {
+        combinedTitle = "\(prefix): \(title)"
+    }
+
+    switch type {
+    case .debug:
+        if combinedTitle.isEmpty {
+            logger.debug("\(message, privacy: .public)")
+        } else {
+            logger.debug("\(combinedTitle, privacy: .public) \(message, privacy: .public)")
+        }
+    case .info:
+        if combinedTitle.isEmpty {
+            logger.info("\(message, privacy: .public)")
+        } else {
+            logger.info("\(combinedTitle, privacy: .public) \(message, privacy: .public)")
+        }
+    case .error:
+        if combinedTitle.isEmpty {
+            logger.error("\(message, privacy: .public)")
+        } else {
+            logger.error("\(combinedTitle, privacy: .public) \(message, privacy: .public)")
+        }
+    case .fault:
+        if combinedTitle.isEmpty {
+            logger.fault("\(message, privacy: .public)")
+        } else {
+            logger.fault("\(combinedTitle, privacy: .public) \(message, privacy: .public)")
+        }
+    default:
+        if combinedTitle.isEmpty {
+            logger.log("\(message, privacy: .public)")
+        } else {
+            logger.log("\(combinedTitle, privacy: .public) \(message, privacy: .public)")
+        }
+    }
+}
+
 public func wg_log(_ type: OSLogType, title: String = "", staticMessage: StaticString) {
-    neLog(type, title: "WG: \(title)", message: "\(staticMessage)")
+    let stringMessage = String(describing: staticMessage)
+    logToSystem(wireGuardSystemLogger, type: type, prefix: "WG", title: title, message: stringMessage)
+    neLog(type, title: "WG: \(title)", message: stringMessage)
 }
 
 public func wg_log(_ type: OSLogType, title: String = "", message: String) {
+    logToSystem(wireGuardSystemLogger, type: type, prefix: "WG", title: title, message: message)
     neLog(type, title: "WG: \(title)", message: message)
 }
 
 public func ovpnLog(_ type: OSLogType, title: String = "", message: String) {
+    logToSystem(openVPNSystemLogger, type: type, prefix: "OVPN", title: title, message: message)
     neLog(type, title: "OVPN: \(title)", message: message)
 }
 
 public func xrayLog(_ type: OSLogType, title: String = "", message: String) {
+    logToSystem(xraySystemLogger, type: type, prefix: "XRAY", title: title, message: message)
     neLog(type, title: "XRAY: \(title)", message: message)
 }
 
 public func neLog(_ type: OSLogType, title: String = "", message: String) {
+    logToSystem(networkExtensionLogger, type: type, prefix: "NE", title: title, message: message)
     Log.log(type, title: "NE: \(title)", message: message)
 }

client/platforms/ios/PacketTunnelProvider+OpenVPN.swift

@@ -1,6 +1,7 @@
 import Foundation
 import NetworkExtension
 import OpenVPNAdapter
+import CryptoKit
 
 struct OpenVPNConfig: Decodable {
     let config: String
@@ -27,26 +28,83 @@ extension PacketTunnelProvider {
             let ovpnConfiguration = Data(openVPNConfig.config.utf8)
             setupAndlaunchOpenVPN(withConfig: ovpnConfiguration, completionHandler: completionHandler)
         } catch {
-            ovpnLog(.error, message: "Can't parse config: \(error.localizedDescription)")
+            ovpnLog(.error, message: "Can't parse OpenVPN config: \(error.localizedDescription)")
-
-            if let underlyingError = (error as NSError).userInfo[NSUnderlyingErrorKey] as? NSError {
-                ovpnLog(.error, message: "Can't parse config: \(underlyingError.localizedDescription)")
-            }
-
             return
         }
     }
 
+    private func logOpenVPNError(_ error: NSError) {
+        let fatalFlag = (error.userInfo[OpenVPNAdapterErrorFatalKey] as? Bool) ?? false
+        var lines: [String] = []
+        lines.append("domain=\(error.domain) code=\(error.code) fatal=\(fatalFlag)")
+
+        if let adapterMessage = error.userInfo[OpenVPNAdapterErrorMessageKey] as? String, !adapterMessage.isEmpty {
+            lines.append("message=\(adapterMessage)")
+        }
+
+        let userInfoKeys = error.userInfo.keys.map { String(describing: $0) }.sorted()
+        if !userInfoKeys.isEmpty {
+            lines.append("userInfoKeys=[\(userInfoKeys.joined(separator: ","))]")
+        }
+
+        if let underlying = error.userInfo[NSUnderlyingErrorKey] as? NSError {
+            lines.append("underlying=\(underlying.domain)#\(underlying.code) fatal=\((underlying.userInfo[OpenVPNAdapterErrorFatalKey] as? Bool) ?? false)")
+            if let underlyingMessage = underlying.userInfo[OpenVPNAdapterErrorMessageKey] as? String, !underlyingMessage.isEmpty {
+                lines.append("underlyingMessage=\(underlyingMessage)")
+            } else if !underlying.localizedDescription.isEmpty {
+                lines.append("underlyingLocalized=\(underlying.localizedDescription)")
+            }
+        } else if let underlying = error.userInfo[NSUnderlyingErrorKey] {
+            lines.append("underlyingRaw=\(underlying)")
+        }
+
+        let formatted = lines.joined(separator: "\n  ")
+        ovpnLog(.error, title: "Error", message: formatted)
+    }
+
     private func setupAndlaunchOpenVPN(withConfig ovpnConfiguration: Data,
                                        withShadowSocks viaSS: Bool = false,
                                        completionHandler: @escaping (Error?) -> Void) {
         ovpnLog(.info, message: "Setup and launch")
 
-        let str = String(decoding: ovpnConfiguration, as: UTF8.self)
+        var configString = String(decoding: ovpnConfiguration, as: UTF8.self)
+
+        let digest = SHA256.hash(data: ovpnConfiguration)
+        let digestString = digest.map { String(format: "%02x", $0) }.joined()
+        ovpnLog(.info, title: "ConfigDigest", message: digestString)
+
+        let hasTlsAuthOpen = configString.contains("<tls-auth>")
+        let hasTlsAuthClose = configString.contains("</tls-auth>")
+        ovpnLog(.info, title: "ConfigFlags", message: "tls-auth open=\(hasTlsAuthOpen) close=\(hasTlsAuthClose)")
+
+        let lines = configString.split(separator: "\n")
+        let head = lines.prefix(10).joined(separator: "\n")
+        let tail = lines.suffix(10).joined(separator: "\n")
+        ovpnLog(.debug, title: "ConfigHead", message: head)
+        ovpnLog(.debug, title: "ConfigTail", message: tail)
+
+        if let start = configString.range(of: "<tls-auth>"),
+           let end = configString.range(of: "</tls-auth>", range: start.upperBound..<configString.endIndex) {
+            let keyBody = String(configString[start.upperBound..<end.lowerBound])
+            ovpnLog(.debug, title: "TLSAuthInline", message: keyBody)
+            let sanitizedLines = keyBody
+                .split(whereSeparator: { $0.isNewline })
+                .map { $0.trimmingCharacters(in: .whitespacesAndNewlines) }
+                .filter { !$0.isEmpty }
+                .filter { !$0.hasPrefix("#") }
+
+            let sanitizedKey = sanitizedLines.joined(separator: "\n")
+            ovpnLog(.debug, title: "TLSAuthSanitized", message: sanitizedKey)
+            let sanitizedBlock = "<tls-auth>\n\(sanitizedKey)\n</tls-auth>"
+            configString.replaceSubrange(start.lowerBound..<end.upperBound, with: sanitizedBlock)
+        }
+
+        let normalizedConfig = configString.replacingOccurrences(of: "\r\n", with: "\n")
+        let sanitizedData = Data(normalizedConfig.utf8)
 
         let configuration = OpenVPNConfiguration()
-        configuration.fileContent = ovpnConfiguration
+        configuration.fileContent = sanitizedData
-        if str.contains("cloak") {
+        if configString.contains("cloak") {
             configuration.setPTCloak()
         }
 
@@ -57,6 +115,8 @@ extension PacketTunnelProvider {
             evaluation = try ovpnAdapter?.apply(configuration: configuration)
 
         } catch {
+            let nsError = error as NSError
+            ovpnLog(.error, title: "ApplyConfig", message: "domain=\(nsError.domain) code=\(nsError.code) info=\(nsError.userInfo)")
             completionHandler(error)
             return
         }
@@ -208,8 +268,11 @@ extension PacketTunnelProvider: OpenVPNAdapterDelegate {
 
     // Handle errors thrown by the OpenVPN library
     func openVPNAdapter(_ openVPNAdapter: OpenVPNAdapter, handleError error: Error) {
+        let nsError = error as NSError
+        logOpenVPNError(nsError)
+
         // Handle only fatal errors
-        guard let fatal = (error as NSError).userInfo[OpenVPNAdapterErrorFatalKey] as? Bool,
+        guard let fatal = nsError.userInfo[OpenVPNAdapterErrorFatalKey] as? Bool,
               fatal == true else { return }
 
         if vpnReachability.isTracking {

client/platforms/ios/PacketTunnelProvider+Xray.swift

@@ -1,6 +1,5 @@
 import Foundation
 import NetworkExtension
-import WireGuardKitGo
 
 enum XrayErrors: Error {
     case noXrayConfig

client/platforms/ios/iosnetworkwatcher.mm

@@ -34,9 +34,6 @@ void IOSNetworkWatcher::initialize() {
   });
   nw_path_monitor_start(m_networkMonitor);
 
-  // Call start() to initialize sleep/wake monitoring (will call MacOSNetworkWatcher::start() if this is macOS)
-  this->start();
-  
   //TODO IMPL FOR AMNEZIA
 }
 

client/platforms/linux/linuxnetworkwatcher.cpp

@@ -41,9 +41,6 @@ void LinuxNetworkWatcher::initialize() {
   connect(m_worker, &LinuxNetworkWatcherWorker::unsecuredNetwork, this,
           &LinuxNetworkWatcher::unsecuredNetwork);
 
-  connect(m_worker, &LinuxNetworkWatcherWorker::sleepMode, this,
-          &NetworkWatcherImpl::sleepMode);
-
   // Let's wait a few seconds to allow the UI to be fully loaded and shown.
   // This is not strictly needed, but it's better for user experience because
   // it makes the UI faster to appear, plus it gives a bit of delay between the

client/platforms/linux/linuxnetworkwatcherworker.cpp

@@ -33,21 +33,7 @@
 #define NM_802_11_AP_SEC_WEAK_CRYPTO \
   (NM_802_11_AP_SEC_PAIR_WEP40 | NM_802_11_AP_SEC_PAIR_WEP104)
 
-
-enum NMState {
-    NM_STATE_UNKNOWN = 0,
-    NM_STATE_ASLEEP = 10,
-    NM_STATE_DISCONNECTED = 20,
-    NM_STATE_DISCONNECTING = 30,
-    NM_STATE_CONNECTING = 40,
-    NM_STATE_CONNECTED_LOCAL = 50,
-    NM_STATE_CONNECTED_SITE = 60,
-    NM_STATE_CONNECTED_GLOBAL = 70
-};
-
-
 constexpr const char* DBUS_NETWORKMANAGER = "org.freedesktop.NetworkManager";
-constexpr const char* DBUS_NETWORKMANAGER_PATH = "/org/freedesktop/NetworkManager";
 
 namespace {
 Logger logger("LinuxNetworkWatcherWorker");
@@ -87,7 +73,7 @@ void LinuxNetworkWatcherWorker::initialize() {
   // documentation:
   // https://developer.gnome.org/NetworkManager/stable/gdbus-org.freedesktop.NetworkManager.html
 
-  QDBusInterface nm(DBUS_NETWORKMANAGER, DBUS_NETWORKMANAGER_PATH,
+  QDBusInterface nm(DBUS_NETWORKMANAGER, "/org/freedesktop/NetworkManager",
                     DBUS_NETWORKMANAGER, QDBusConnection::systemBus());
   if (!nm.isValid()) {
     logger.error()
@@ -122,12 +108,6 @@ void LinuxNetworkWatcherWorker::initialize() {
         SLOT(propertyChanged(QString, QVariantMap, QStringList)));
   }
 
-  QDBusConnection::systemBus().connect(DBUS_NETWORKMANAGER,
-                                       DBUS_NETWORKMANAGER_PATH,
-                                       DBUS_NETWORKMANAGER,
-                                       "StateChanged",
-                                       this, SLOT(NMStateChanged(quint32)));
-
   if (m_devicePaths.isEmpty()) {
     logger.warning() << "No wifi devices found";
     return;
@@ -193,16 +173,5 @@ void LinuxNetworkWatcherWorker::checkDevices() {
       emit unsecuredNetwork(ssid, bssid);
       break;
     }
-
   }
 }
-
-void LinuxNetworkWatcherWorker::NMStateChanged(quint32 state)
-{
-  if (state == NM_STATE_ASLEEP) {
-    emit sleepMode();
-  }
-
-  logger.debug() << "NMStateChanged " << state;
-}
-

client/platforms/linux/linuxnetworkwatcherworker.h

@@ -23,7 +23,6 @@ class LinuxNetworkWatcherWorker final : public QObject {
 
  signals:
   void unsecuredNetwork(const QString& networkName, const QString& networkId);
-  void sleepMode();
 
  public slots:
   void initialize();
@@ -31,7 +30,6 @@ class LinuxNetworkWatcherWorker final : public QObject {
  private slots:
   void propertyChanged(QString interface, QVariantMap properties,
                        QStringList list);
-  void NMStateChanged(quint32 state);
 
  private:
   // We collect the list of DBus wifi network device paths during the

client/platforms/linux/linuxpingsender.cpp

@@ -1,185 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "linuxpingsender.h"
-
-#include <arpa/inet.h>
-#include <errno.h>
-#include <linux/filter.h>
-#include <netinet/in.h>
-#include <netinet/ip.h>
-#include <netinet/ip_icmp.h>
-#include <sys/socket.h>
-#include <unistd.h>
-
-#include <QSocketNotifier>
-#include <QtEndian>
-
-#include "leakdetector.h"
-#include "logger.h"
-#include "qhostaddress.h"
-
-namespace {
-Logger logger("LinuxPingSender");
-}
-
-int LinuxPingSender::createSocket() {
-  // Try creating an ICMP socket. This would be the ideal choice, but it can
-  // fail depending on the kernel config (see: sys.net.ipv4.ping_group_range)
-  m_socket = socket(AF_INET, SOCK_DGRAM, IPPROTO_ICMP);
-  if (m_socket >= 0) {
-    m_ident = 0;
-    return m_socket;
-  }
-  if ((errno != EPERM) && (errno != EACCES)) {
-    return -1;
-  }
-
-  // As a fallback, create a raw socket, which requires root permissions
-  // or CAP_NET_RAW to be granted to the VPN client.
-  m_socket = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
-  if (m_socket < 0) {
-    return -1;
-  }
-  m_ident = getpid() & 0xffff;
-
-  // Attach a BPF filter to discard everything but replies to our echo.
-  struct sock_filter bpf_prog[] = {
-      BPF_STMT(BPF_LDX | BPF_B | BPF_MSH, 0), /* Skip IP header. */
-      BPF_STMT(BPF_LD | BPF_H | BPF_IND, 4),  /* Load icmp echo ident */
-      BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, m_ident, 1, 0), /* Ours? */
-      BPF_STMT(BPF_RET | BPF_K, 0), /* Unexpected identifier. Reject. */
-      BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), /* Load icmp type */
-      BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, ICMP_ECHOREPLY, 1, 0), /* Echo? */
-      BPF_STMT(BPF_RET | BPF_K, 0),   /* Unexpected type. Reject. */
-      BPF_STMT(BPF_RET | BPF_K, ~0U), /* Packet passes the filter. */
-  };
-  struct sock_fprog filter = {
-      .len = sizeof(bpf_prog) / sizeof(struct sock_filter),
-      .filter = bpf_prog,
-  };
-  setsockopt(m_socket, SOL_SOCKET, SO_ATTACH_FILTER, &filter, sizeof(filter));
-
-  return m_socket;
-}
-
-LinuxPingSender::LinuxPingSender(const QHostAddress& source, QObject* parent)
-    : PingSender(parent) {
-  MZ_COUNT_CTOR(LinuxPingSender);
-
-  logger.debug() << "LinuxPingSender(" + logger.sensitive(source.toString()) +
-                        ") created";
-
-  m_socket = createSocket();
-  if (m_socket < 0) {
-    logger.error() << "Socket creation error: " << strerror(errno);
-    return;
-  }
-
-  quint32 ipv4addr = INADDR_ANY;
-  if (!source.isNull()) {
-    ipv4addr = source.toIPv4Address();
-  }
-  struct sockaddr_in addr;
-  memset(&addr, 0, sizeof addr);
-  addr.sin_family = AF_INET;
-  addr.sin_addr.s_addr = qToBigEndian<quint32>(ipv4addr);
-
-  if (bind(m_socket, (struct sockaddr*)&addr, sizeof(addr)) != 0) {
-    close(m_socket);
-    m_socket = -1;
-    logger.error() << "bind error:" << strerror(errno);
-    return;
-  }
-
-  m_notifier = new QSocketNotifier(m_socket, QSocketNotifier::Read, this);
-  if (m_ident) {
-    connect(m_notifier, &QSocketNotifier::activated, this,
-            &LinuxPingSender::rawSocketReady);
-  } else {
-    connect(m_notifier, &QSocketNotifier::activated, this,
-            &LinuxPingSender::icmpSocketReady);
-  }
-}
-
-LinuxPingSender::~LinuxPingSender() {
-  MZ_COUNT_DTOR(LinuxPingSender);
-  if (m_socket >= 0) {
-    close(m_socket);
-  }
-}
-
-void LinuxPingSender::sendPing(const QHostAddress& dest, quint16 sequence) {
-  quint32 ipv4dest = dest.toIPv4Address();
-  struct sockaddr_in addr;
-  memset(&addr, 0, sizeof(addr));
-  addr.sin_family = AF_INET;
-  addr.sin_addr.s_addr = qToBigEndian<quint32>(ipv4dest);
-
-  struct icmphdr packet;
-  memset(&packet, 0, sizeof(packet));
-  packet.type = ICMP_ECHO;
-  packet.un.echo.id = htons(m_ident);
-  packet.un.echo.sequence = htons(sequence);
-  packet.checksum = inetChecksum(&packet, sizeof(packet));
-
-  int rc = sendto(m_socket, &packet, sizeof(packet), 0, (struct sockaddr*)&addr,
-                  sizeof(addr));
-  if (rc < 0) {
-    logger.error() << "failed to send:" << strerror(errno);
-    if (errno == ENETUNREACH) {
-        emit criticalPingError();
-    }
-  }
-}
-
-void LinuxPingSender::icmpSocketReady() {
-  socklen_t slen = 0;
-  unsigned char data[2048];
-  int rc = recvfrom(m_socket, data, sizeof(data), MSG_DONTWAIT, NULL, &slen);
-  if (rc <= 0) {
-    logger.error() << "recvfrom failed:" << strerror(errno);
-    return;
-  }
-
-  struct icmphdr packet;
-  if (rc >= (int)sizeof(packet)) {
-    memcpy(&packet, data, sizeof(packet));
-    if (packet.type == ICMP_ECHOREPLY) {
-      emit recvPing(htons(packet.un.echo.sequence));
-    }
-  }
-}
-
-void LinuxPingSender::rawSocketReady() {
-  socklen_t slen = 0;
-  unsigned char data[2048];
-  int rc = recvfrom(m_socket, data, sizeof(data), MSG_DONTWAIT, NULL, &slen);
-  if (rc <= 0) {
-    logger.error() << "recvfrom failed:" << strerror(errno);
-    return;
-  }
-
-  // Check the IP header
-  const struct iphdr* ip = (struct iphdr*)data;
-  int iphdrlen = ip->ihl * 4;
-  if (rc < iphdrlen || iphdrlen < (int)sizeof(struct iphdr)) {
-    logger.error() << "malformed IP packet:" << strerror(errno);
-    return;
-  }
-
-  // Check the ICMP packet
-  struct icmphdr packet;
-  if (inetChecksum(data + iphdrlen, rc - iphdrlen) != 0) {
-    logger.warning() << "invalid checksum";
-    return;
-  }
-  if (rc >= (iphdrlen + (int)sizeof(packet))) {
-    memcpy(&packet, data + iphdrlen, sizeof(packet));
-    quint16 id = htons(m_ident);
-    if ((packet.type == ICMP_ECHOREPLY) && (packet.un.echo.id == id)) {
-      emit recvPing(htons(packet.un.echo.sequence));
-    }
-  }
-}

client/platforms/linux/linuxpingsender.h

@@ -1,39 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef LINUXPINGSENDER_H
-#define LINUXPINGSENDER_H
-
-#include <QObject>
-
-#include "../client/mozilla/pingsender.h"
-
-class QSocketNotifier;
-
-class LinuxPingSender final : public PingSender {
-  Q_OBJECT
-  Q_DISABLE_COPY_MOVE(LinuxPingSender)
-
- public:
-  LinuxPingSender(const QHostAddress& source, QObject* parent = nullptr);
-  ~LinuxPingSender();
-
-  bool isValid() override { return (m_socket >= 0); };
-
-  void sendPing(const QHostAddress& dest, quint16 sequence) override;
-
- private:
-  int createSocket();
-
- private slots:
-  void rawSocketReady();
-  void icmpSocketReady();
-
- private:
-  QSocketNotifier* m_notifier = nullptr;
-  int m_socket = -1;
-  quint16 m_ident = 0;
-};
-
-#endif  // LINUXPINGSENDER_H

client/platforms/macos/macosnetworkwatcher.h

@@ -10,31 +10,8 @@
 #include "../ios/iosnetworkwatcher.h"
 #include "networkwatcherimpl.h"
 
-#include <IOKit/pwr_mgt/IOPMLib.h>
-#include <IOKit/IOMessage.h>
-
-
 class QString;
 
-// Inspired by https://ladydebug.com/blog/2020/05/21/programmatically-capture-energy-saver-event-on-mac/
-class PowerNotificationsListener
-{
-public:
-    PowerNotificationsListener(class MacOSNetworkWatcher* watcher) : m_watcher(watcher) {}
-    void registerForNotifications();
-    void cleanup();
-
-private:
-    static void sleepWakeupCallBack(void *refParam, io_service_t service, natural_t messageType, void *messageArgument);
-
-private:
-    class MacOSNetworkWatcher* m_watcher = nullptr;
-    IONotificationPortRef notifyPortRef = nullptr; // notification port allocated by IORegisterForSystemPower
-    io_object_t notifierObj = IO_OBJECT_NULL; // notifier object, used to deregister later
-    io_connect_t rootPowerDomain = IO_OBJECT_NULL; // a reference to the Root Power Domain IOService
-};
-
-
 class MacOSNetworkWatcher final : public IOSNetworkWatcher {
  public:
   MacOSNetworkWatcher(QObject* parent);
@@ -48,7 +25,6 @@ class MacOSNetworkWatcher final : public IOSNetworkWatcher {
 
  private:
   void* m_delegate = nullptr;
-  PowerNotificationsListener m_powerlistener;
 };
 
 #endif  // MACOSNETWORKWATCHER_H

client/platforms/macos/macosnetworkwatcher.mm

@@ -6,11 +6,6 @@
 #include "leakdetector.h"
 #include "logger.h"
 
-#include <QProcess>
-#include <QMetaObject>
-#include <pthread.h>
-#include <iostream>
-
 #import <CoreWLAN/CoreWLAN.h>
 #import <Network/Network.h>
 
@@ -18,37 +13,6 @@ namespace {
 Logger logger("MacOSNetworkWatcher");
 }
 
-// Global variables for CFRunLoop thread
-static pthread_t g_powerThread;
-static CFRunLoopRef g_powerRunLoop = nullptr;
-static bool g_shouldStopPowerThread = false;
-static PowerNotificationsListener* g_powerListener = nullptr;
-
-// Thread function for dedicated CFRunLoop
-void* powerMonitoringThread(void* arg) {
-    logger.debug() << "Power monitoring thread started";
-    
-    PowerNotificationsListener* listener = static_cast<PowerNotificationsListener*>(arg);
-    
-    // Get the runloop for this thread
-    g_powerRunLoop = CFRunLoopGetCurrent();
-    
-    // Register for power notifications in this thread
-    listener->registerForNotifications();
-    
-    // Run the CFRunLoop - this will block until CFRunLoopStop is called
-    while (!g_shouldStopPowerThread) {
-        CFRunLoopRunInMode(kCFRunLoopDefaultMode, 1.0, true);
-    }
-    
-    // Cleanup
-    listener->cleanup();
-    g_powerRunLoop = nullptr;
-    
-    logger.debug() << "Power monitoring thread finished";
-    return nullptr;
-}
-
 @interface MacOSNetworkWatcherDelegate : NSObject <CWEventDelegate> {
   MacOSNetworkWatcher* m_watcher;
 }
@@ -74,138 +38,12 @@ void* powerMonitoringThread(void* arg) {
 
 @end
 
-void PowerNotificationsListener::registerForNotifications()
+MacOSNetworkWatcher::MacOSNetworkWatcher(QObject* parent) : IOSNetworkWatcher(parent) {
-{
-    logger.debug() << "Registering for system power notifications in dedicated thread";
-    
-    rootPowerDomain = IORegisterForSystemPower(this, &notifyPortRef, sleepWakeupCallBack, &notifierObj);
-    if (rootPowerDomain == IO_OBJECT_NULL) {
-        logger.error() << "Failed to register for system power notifications!";
-        return;
-    }
-
-    // Add the notification port to the current runloop (dedicated thread)
-    CFRunLoopAddSource(CFRunLoopGetCurrent(), IONotificationPortGetRunLoopSource(notifyPortRef), kCFRunLoopCommonModes);
-    logger.debug() << "Power notifications registered successfully";
-}
-
-void PowerNotificationsListener::cleanup()
-{
-    if (notifyPortRef != nullptr) {
-        CFRunLoopRemoveSource(CFRunLoopGetCurrent(), IONotificationPortGetRunLoopSource(notifyPortRef), kCFRunLoopCommonModes);
-        IONotificationPortDestroy(notifyPortRef);
-        notifyPortRef = nullptr;
-    }
-    
-    if (notifierObj != IO_OBJECT_NULL) {
-        IODeregisterForSystemPower(&notifierObj);
-        notifierObj = IO_OBJECT_NULL;
-    }
-    
-    if (rootPowerDomain != IO_OBJECT_NULL) {
-        IOServiceClose(rootPowerDomain);
-        rootPowerDomain = IO_OBJECT_NULL;
-    }
-}
-
-void PowerNotificationsListener::sleepWakeupCallBack(void *refParam, io_service_t service, natural_t messageType, void *messageArgument)
-{
-	Q_UNUSED(service)
-
-    auto listener = static_cast<PowerNotificationsListener *>(refParam);
-
-    logger.debug() << "Power callback received, messageType:" << messageType;
-    switch (messageType) {
-    case kIOMessageCanSystemSleep:
-        /* Idle sleep is about to kick in. This message will not be sent for forced sleep.
-         * Applications have a chance to prevent sleep by calling IOCancelPowerChange.
-         * Most applications should not prevent idle sleep. Power Management waits up to
-         * 30 seconds for you to either allow or deny idle sleep. If you don’t acknowledge
-         * this power change by calling either IOAllowPowerChange or IOCancelPowerChange,
-         * the system will wait 30 seconds then go to sleep.
-         */
-
-        logger.debug() << "System power message: can system sleep?";
-
-        // Uncomment to cancel idle sleep
-        // IOCancelPowerChange(thiz->rootPowerDomain, reinterpret_cast<long>(messageArgument));
-
-        // Allow idle sleep
-        IOAllowPowerChange(listener->rootPowerDomain, reinterpret_cast<long>(messageArgument));
-        break;
-
-    case kIOMessageSystemWillNotSleep:
-        /* Announces that the system has retracted a previous attempt to sleep; it
-         * follows `kIOMessageCanSystemSleep`.
-         */
-        logger.debug() << "System power message: system will NOT sleep.";
-        break;
-
-    case kIOMessageSystemWillSleep:
-        /* The system WILL go to sleep. If you do not call IOAllowPowerChange or
-         * IOCancelPowerChange to acknowledge this message, sleep will be delayed by
-         * 30 seconds.
-         *
-         * NOTE: If you call IOCancelPowerChange to deny sleep it returns kIOReturnSuccess,
-         * however the system WILL still go to sleep.
-         */
-
-        logger.debug() << "System power message: system WILL sleep";
-        IOAllowPowerChange(listener->rootPowerDomain, reinterpret_cast<long>(messageArgument));
-        break;
-
-    case kIOMessageSystemWillPowerOn:
-        /* Announces that the system is beginning to power the device tree; most devices
-         * are still unavailable at this point.
-         */
-        /* From the documentation:
-         *
-         * - kIOMessageSystemWillPowerOn is delivered at early wakeup time, before most hardware
-         * has been powered on. Be aware that any attempts to access disk, network, the display,
-         * etc. may result in errors or blocking your process until those resources become
-         * available.
-         *
-         * So we do NOT log this event.
-         */
-        break;
-
-    case kIOMessageSystemHasPoweredOn:
-        /* Announces that the system and its devices have woken up. */
-        logger.debug() << "System has powered on - emitting sleepMode signal from dedicated CFRunLoop thread";
-        if (listener->m_watcher) {
-            // Use QMetaObject::invokeMethod for thread-safe signal emission
-            QMetaObject::invokeMethod(listener->m_watcher, "sleepMode", Qt::QueuedConnection);
-        }
-        break;
-
-    default:
-        logger.debug() << "System power message: other event: " << messageType;
-        /* Not a system sleep and wake notification. */
-        break;
-    }
-}
-
-MacOSNetworkWatcher::MacOSNetworkWatcher(QObject* parent) : IOSNetworkWatcher(parent), m_powerlistener(this) {
   MZ_COUNT_CTOR(MacOSNetworkWatcher);
 }
 
 MacOSNetworkWatcher::~MacOSNetworkWatcher() {
   MZ_COUNT_DTOR(MacOSNetworkWatcher);
-  
-  // Stop the dedicated power monitoring thread
-  if (g_powerListener) {
-    logger.debug() << "Stopping dedicated power monitoring thread";
-    g_shouldStopPowerThread = true;
-    
-    if (g_powerRunLoop) {
-      CFRunLoopStop(g_powerRunLoop);
-    }
-    
-    // Wait for thread to finish
-    pthread_join(g_powerThread, nullptr);
-    g_powerListener = nullptr;
-  }
-  
   if (m_delegate) {
     CWWiFiClient* client = CWWiFiClient.sharedWiFiClient;
     if (!client) {
@@ -229,20 +67,6 @@ void MacOSNetworkWatcher::start() {
     return;
   }
 
-  // Start dedicated power monitoring thread with CFRunLoop
-  if (!g_powerListener) {
-    g_powerListener = &m_powerlistener;
-    g_shouldStopPowerThread = false;
-    
-    int result = pthread_create(&g_powerThread, nullptr, powerMonitoringThread, &m_powerlistener);
-    if (result != 0) {
-      logger.error() << "Failed to create power monitoring thread:" << result;
-      g_powerListener = nullptr;
-    } else {
-      logger.debug() << "Power monitoring enabled";
-    }
-  } 
-
   CWWiFiClient* client = CWWiFiClient.sharedWiFiClient;
   if (!client) {
     logger.error() << "Unable to retrieve the CWWiFiClient shared instance";
@@ -253,8 +77,6 @@ void MacOSNetworkWatcher::start() {
   m_delegate = [[MacOSNetworkWatcherDelegate alloc] initWithObject:this];
   [client setDelegate:static_cast<MacOSNetworkWatcherDelegate*>(m_delegate)];
   [client startMonitoringEventWithType:CWEventTypeBSSIDDidChange error:nullptr];
-  
-  logger.debug() << "MacOSNetworkWatcher started successfully";
 }
 
 void MacOSNetworkWatcher::checkInterface() {
@@ -265,70 +87,42 @@ void MacOSNetworkWatcher::checkInterface() {
     return;
   }
 
-  // Use wdutil to get reliable WiFi information
+  CWWiFiClient* client = CWWiFiClient.sharedWiFiClient;
-  QProcess process;
+  if (!client) {
-  process.start("wdutil", QStringList() << "info");
+    logger.debug() << "Unable to retrieve the CWWiFiClient shared instance";
-  process.waitForFinished(5000);
-  
-  QString output = process.readAllStandardOutput();
-  QString errorOutput = process.readAllStandardError();
-  
-  logger.debug() << "wdutil exit code:" << process.exitCode();
-  
-  if (process.exitCode() != 0) {
-    logger.debug() << "wdutil failed with exit code:" << process.exitCode();
     return;
   }
 
-  // Parse wdutil output to find WiFi connection info
+  CWInterface* interface = [client interface];
-  QStringList lines = output.split('\n');
+  if (!interface) {
-  QString ssid, interfaceName, security;
+    logger.debug() << "No default wifi interface";
-  bool wifiSectionFound = false;
+    return;
-  
-  for (int i = 0; i < lines.size(); i++) {
-    QString trimmedLine = lines[i].trimmed();
-    
-    if (trimmedLine == "WIFI") {
-      wifiSectionFound = true;
-      continue;
   }
 
-    if (wifiSectionFound) {
+  if (![interface powerOn]) {
-      // Stop parsing when we reach next section header (all caps after separator line)
+    logger.debug() << "The interface is off";
-      if (trimmedLine.startsWith("————————")) {
+    return;
-        if (i + 1 < lines.size()) {
-          QString nextLine = lines[i + 1].trimmed();
-          if (!nextLine.isEmpty() && nextLine.length() > 2 && nextLine.toUpper() == nextLine && nextLine != "WIFI") {
-            break;
-          }
-        }
-        continue; // Skip separator lines
   }
 
-      if (trimmedLine.startsWith("Interface Name")) {
+  NSString* ssidNS = [interface ssid];
-        QStringList parts = trimmedLine.split(":");
+  if (!ssidNS) {
-        if (parts.size() >= 2) {
+    logger.debug() << "WiFi is not in used";
-          interfaceName = parts[1].trimmed();
+    return;
-        }
-      } else if (trimmedLine.startsWith("SSID")) {
-        QStringList parts = trimmedLine.split(":");
-        if (parts.size() >= 2) {
-          ssid = parts[1].trimmed();
-        }
-      } else if (trimmedLine.startsWith("Security")) {
-        QStringList parts = trimmedLine.split(":");
-        if (parts.size() >= 2) {
-          security = parts[1].trimmed();
-        }
-      }
-    }
   }
 
-  if (!ssid.isEmpty() && !interfaceName.isEmpty()) {
+  QString ssid = QString::fromNSString(ssidNS);
-    logger.debug() << "Found active WiFi connection on" << interfaceName 
+  if (ssid.isEmpty()) {
-                   << "SSID:" << ssid << "Security:" << security;
+    logger.debug() << "WiFi doesn't have a valid SSID";
-  } else {
+    return;
-    logger.debug() << "No active WiFi connection found";
+  }
-  }
+
+  CWSecurity security = [interface security];
+  if (security == kCWSecurityNone || security == kCWSecurityWEP) {
+    logger.debug() << "Unsecured network found!";
+    emit unsecuredNetwork(ssid, ssid);
+    return;
+  }
+
+  logger.debug() << "Secure WiFi interface";
 }
 

client/platforms/windows/daemon/windowsdaemon.cpp

@@ -22,6 +22,7 @@
 #include "logger.h"
 #include "platforms/windows/daemon/windowsfirewall.h"
 #include "platforms/windows/daemon/windowssplittunnel.h"
+#include "platforms/windows/windowscommons.h"
 #include "windowsfirewall.h"
 
 #include "core/networkUtilities.h"

client/platforms/windows/windowsnetworkwatcher.cpp

@@ -32,28 +32,9 @@ WindowsNetworkWatcher::~WindowsNetworkWatcher() {
   }
 }
 
-LRESULT WindowsNetworkWatcher::PowerWndProcCallback(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam) {
-  auto obj = reinterpret_cast<WindowsNetworkWatcher*>(GetWindowLongPtr(hwnd, GWLP_USERDATA));
-  if (!obj){
-    logger.debug() << "obj not casted";
-    return DefWindowProc(hwnd, uMsg, wParam, lParam);
-  }
-  switch (uMsg) {
-  case WM_POWERBROADCAST:
-    if (wParam == PBT_APMRESUMESUSPEND) {
-        emit obj->sleepMode();
-    }
-    break;
-  default:
-    return DefWindowProc(hwnd, uMsg, wParam, lParam);
-  }
-  return 0;
-}
-
 void WindowsNetworkWatcher::initialize() {
   logger.debug() << "initialize";
 
-
   DWORD negotiatedVersion;
   if (WlanOpenHandle(2, nullptr, &negotiatedVersion, &m_wlanHandle) !=
       ERROR_SUCCESS) {
@@ -70,25 +51,6 @@ void WindowsNetworkWatcher::initialize() {
     return;
   }
 
-  const wchar_t* className = L"PowerMonitorClass";
-  WNDCLASS wc = { 0 };
-  wc.lpfnWndProc = &WindowsNetworkWatcher::PowerWndProcCallback;
-  wc.hInstance = GetModuleHandle(NULL);
-  wc.lpszClassName = className;
-  wc.cbWndExtra = sizeof(WindowsNetworkWatcher*);
-
-  if (!RegisterClass(&wc)) {
-    logger.debug() << "Failed to register window class in createPowerMonitorWindow.";
-    return;
-  }
-
-  HWND hwnd = CreateWindowEx(0, className, L"Power Monitor", 0, 0, 0, 0, 0, NULL, NULL, GetModuleHandle(NULL), static_cast<LPVOID>(this));
-  if (!hwnd) {
-    logger.debug() << "Failed to create window in createPowerMonitorWindow.";
-    return;
-  }
-  SetWindowLongPtr(hwnd, GWLP_USERDATA, reinterpret_cast<LONG_PTR>(this));
-
   logger.debug() << "callback registered";
 }
 

client/platforms/windows/windowsnetworkwatcher.h

@@ -19,7 +19,6 @@ class WindowsNetworkWatcher final : public NetworkWatcherImpl {
 
  private:
   static void wlanCallback(PWLAN_NOTIFICATION_DATA data, PVOID context);
-  static LRESULT PowerWndProcCallback(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam);
 
   void processWlan(PWLAN_NOTIFICATION_DATA data);
 

client/platforms/windows/windowspingsender.cpp

@@ -179,7 +179,6 @@ void WindowsPingSender::pingEventReady() {
       return;
     }
     QString errmsg = WindowsUtils::getErrorMessage();
-    emit criticalPingError();
     logger.error() << "No ping reply. Code: " << error
                    << " Message: " << errmsg;
     return;

client/protocols/openvpnprotocol.cpp

@@ -56,7 +56,8 @@ void OpenVpnProtocol::stop()
     }
 
 #if defined(Q_OS_WIN) || defined(Q_OS_LINUX) || defined(Q_OS_MACOS)
-    IpcClient::Interface()->disableKillSwitch();
+    QRemoteObjectPendingReply<bool> disableKillSwitchResp = IpcClient::Interface()->disableKillSwitch();
+    disableKillSwitchResp.waitForFinished(1000);
 #endif
 
     setConnectionState(Vpn::ConnectionState::Disconnected);

client/protocols/vpnprotocol.cpp

@@ -103,11 +103,6 @@ QString VpnProtocol::vpnGateway() const
     return m_vpnGateway;
 }
 
-QString VpnProtocol::vpnLocalAddress() const
-{
-    return m_vpnLocalAddress;
-}
-
 VpnProtocol *VpnProtocol::factory(DockerContainer container, const QJsonObject &configuration)
 {
     switch (container) {

client/protocols/vpnprotocol.h

@@ -63,7 +63,6 @@ public:
 
     QString routeGateway() const;
     QString vpnGateway() const;
-    QString vpnLocalAddress() const;
 
     static VpnProtocol* factory(amnezia::DockerContainer container, const QJsonObject &configuration);
 

client/protocols/wireguardprotocol.cpp

@@ -17,13 +17,6 @@ WireguardProtocol::WireguardProtocol(const QJsonObject &configuration, QObject *
             [this](const QString &pubkey, const QDateTime &connectionTimestamp) {
                 emit connectionStateChanged(Vpn::ConnectionState::Connected);
             });
-    connect(m_impl.get(), &ControllerImpl::statusUpdated, this,
-            [this](const QString& serverIpv4Gateway,
-                   const QString& deviceIpv4Address, uint64_t txBytes,
-                   uint64_t rxBytes) {
-                m_vpnLocalAddress = deviceIpv4Address;
-            });
-
     connect(m_impl.get(), &ControllerImpl::disconnected, this,
             [this]() { emit connectionStateChanged(Vpn::ConnectionState::Disconnected); });
     m_impl->initialize(nullptr, nullptr);

client/protocols/xrayprotocol.cpp

@@ -166,9 +166,17 @@ ErrorCode XrayProtocol::startTun2Sock()
 
 void XrayProtocol::stop()
 {
-#if defined(Q_OS_WIN) || defined(Q_OS_LINUX) || defined(Q_OS_MACOS)
+#ifdef AMNEZIA_DESKTOP
-    IpcClient::Interface()->disableKillSwitch();
+    QRemoteObjectPendingReply<bool> disableKillSwitchResp = IpcClient::Interface()->disableKillSwitch();
-    IpcClient::Interface()->StartRoutingIpv6();
+    disableKillSwitchResp.waitForFinished(1000);
+    QRemoteObjectPendingReply<bool> StartRoutingIpv6Resp = IpcClient::Interface()->StartRoutingIpv6();
+    StartRoutingIpv6Resp.waitForFinished(1000);
+    QRemoteObjectPendingReply<bool> restoreResolvers = IpcClient::Interface()->restoreResolvers();
+    restoreResolvers.waitForFinished(1000);
+#if !defined(Q_OS_MACOS)
+    QRemoteObjectPendingReply<bool> deleteTunResp = IpcClient::Interface()->deleteTun("tun2");
+    deleteTunResp.waitForFinished(1000);
+#endif
 #endif
     qDebug() << "XrayProtocol::stop()";
     m_xrayProcess.disconnect();
@@ -176,6 +184,7 @@ void XrayProtocol::stop()
     m_xrayProcess.waitForFinished(3000);
     if (m_t2sProcess) {
         m_t2sProcess->stop();
+        QThread::msleep(200);
     }
 
     setConnectionState(Vpn::ConnectionState::Disconnected);

client/resources.qrc

@@ -35,6 +35,9 @@
         <file>images/controls/mail.svg</file>
         <file>images/controls/map-pin.svg</file>
         <file>images/controls/more-vertical.svg</file>
+        <file>images/controls/news.svg</file>
+        <file>images/controls/news-unread.svg</file>
+        <file>images/controls/unread-dot.svg</file>
         <file>images/controls/plus.svg</file>
         <file>images/controls/qr-code.svg</file>
         <file>images/controls/radio-button-inner-circle-pressed.png</file>
@@ -49,6 +52,7 @@
         <file>images/controls/server.svg</file>
         <file>images/controls/settings-2.svg</file>
         <file>images/controls/settings.svg</file>
+        <file>images/controls/settings-news.svg</file>
         <file>images/controls/share-2.svg</file>
         <file>images/controls/split-tunneling.svg</file>
         <file>images/controls/tag.svg</file>
@@ -127,7 +131,6 @@
         <file>ui/qml/Components/SelectLanguageDrawer.qml</file>
         <file>ui/qml/Components/ServersListView.qml</file>
         <file>ui/qml/Components/SettingsContainersListView.qml</file>
-
         <file>ui/qml/Components/TransportProtoSelector.qml</file>
         <file>ui/qml/Components/AddSitePanel.qml</file>
         <file>ui/qml/Config/GlobalConfig.qml</file>
@@ -212,6 +215,8 @@
         <file>ui/qml/Pages2/PageSettingsServerServices.qml</file>
         <file>ui/qml/Pages2/PageSettingsServersList.qml</file>
         <file>ui/qml/Pages2/PageSettingsSplitTunneling.qml</file>
+        <file>ui/qml/Pages2/PageSettingsNewsNotifications.qml</file>
+        <file>ui/qml/Pages2/PageSettingsNewsDetail.qml</file>
         <file>ui/qml/Pages2/PageProtocolAwgClientSettings.qml</file>
         <file>ui/qml/Pages2/PageProtocolWireGuardClientSettings.qml</file>
         <file>ui/qml/Pages2/PageSetupWizardApiServiceInfo.qml</file>
@@ -242,6 +247,7 @@
         <file>ui/qml/Components/OtpCodeDrawer.qml</file>
         <file>ui/qml/Components/AwgTextField.qml</file>
         <file>ui/qml/Pages2/PageSettingsApiSubscriptionKey.qml</file>
+        <file>ui/qml/Components/SmartScroll.qml</file>
     </qresource>
     <qresource prefix="/countriesFlags">
         <file>images/flagKit/ZW.svg</file>

client/settings.cpp

@@ -541,12 +541,12 @@ QString Settings::getGatewayEndpoint()
 
 bool Settings::isDevGatewayEnv()
 {
-    return m_isDevGatewayEnv;
+    return value("Conf/devGatewayEnv", false).toBool();
 }
 
 void Settings::toggleDevGatewayEnv(bool enabled)
 {
-    m_isDevGatewayEnv = enabled;
+    setValue("Conf/devGatewayEnv", enabled);
 }
 
 bool Settings::isHomeAdLabelVisible()
@@ -578,3 +578,13 @@ void Settings::setAllowedDnsServers(const QStringList &servers)
 {
     setValue("Conf/allowedDnsServers", servers);
 }
+
+QStringList Settings::readNewsIds() const
+{
+    return value("News/readIds").toStringList();
+}
+
+void Settings::setReadNewsIds(const QStringList &ids)
+{
+    setValue("News/readIds", ids);
+}

client/settings.h

@@ -236,6 +236,9 @@ public:
     QStringList allowedDnsServers() const;
     void setAllowedDnsServers(const QStringList &servers);
 
+    QStringList readNewsIds() const;
+    void setReadNewsIds(const QStringList &ids);
+
 signals:
     void saveLogsChanged(bool enabled);
     void screenshotsEnabledChanged(bool enabled);
@@ -251,7 +254,6 @@ private:
     mutable SecureQSettings m_settings;
 
     QString m_gatewayEndpoint;
-    bool m_isDevGatewayEnv = false;
 };
 
 #endif // SETTINGS_H

client/translations/amneziavpn_ru_RU.ts

@@ -4,9 +4,8 @@
 <context>
     <name>AdLabel</name>
     <message>
-        <location filename="../ui/qml/Components/AdLabel.qml" line="57"/>
         <source>Amnezia Premium - for access to all websites and online resources</source>
-        <translation>Amnezia Premium - доступ ко всем сайтам и онлайн ресурсам</translation>
+        <translation type="vanished">Amnezia Premium - доступ ко всем сайтам и онлайн ресурсам</translation>
     </message>
 </context>
 <context>
@@ -61,7 +60,7 @@
     <name>ApiAccountInfoModel</name>
     <message>
         <location filename="../ui/models/api/apiAccountInfoModel.cpp" line="31"/>
-        <location filename="../ui/models/api/apiAccountInfoModel.cpp" line="34"/>
+        <location filename="../ui/models/api/apiAccountInfoModel.cpp" line="35"/>
         <source>Active</source>
         <translation>Активна</translation>
     </message>
@@ -71,35 +70,33 @@
         <translation>Не активна</translation>
     </message>
     <message>
-        <location filename="../ui/models/api/apiAccountInfoModel.cpp" line="47"/>
+        <location filename="../ui/models/api/apiAccountInfoModel.cpp" line="48"/>
         <source>%1 out of %2</source>
         <translation>%1 из %2</translation>
     </message>
     <message>
-        <location filename="../ui/models/api/apiAccountInfoModel.cpp" line="51"/>
         <source>Classic VPN for seamless work, downloading large files, and watching videos. Access all websites and online resources. Speeds up to 200 Mbps</source>
-        <translation>Классический VPN для комфортной работы, загрузки больших файлов и просмотра видео. Доступ ко всем сайтам и онлайн-ресурсам. Скорость — до 200 Мбит/с</translation>
+        <translation type="vanished">Классический VPN для комфортной работы, загрузки больших файлов и просмотра видео. Доступ ко всем сайтам и онлайн-ресурсам. Скорость — до 200 Мбит/с</translation>
     </message>
     <message>
-        <location filename="../ui/models/api/apiAccountInfoModel.cpp" line="55"/>
         <source>Free unlimited access to a basic set of websites such as Facebook, Instagram, Twitter (X), Discord, Telegram and more. YouTube is not included in the free plan.</source>
-        <translation>Бесплатный неограниченный доступ к базовому набору сайтов и приложений, таким как Facebook, Instagram, Twitter (X), Discord, Telegram и другим. YouTube не включён в бесплатный тариф.</translation>
+        <translation type="vanished">Бесплатный неограниченный доступ к базовому набору сайтов и приложений, таким как Facebook, Instagram, Twitter (X), Discord, Telegram и другим. YouTube не включён в бесплатный тариф.</translation>
     </message>
 </context>
 <context>
     <name>ApiConfigsController</name>
     <message>
-        <location filename="../ui/controllers/api/apiConfigsController.cpp" line="413"/>
+        <location filename="../ui/controllers/api/apiConfigsController.cpp" line="448"/>
         <source>%1 installed successfully.</source>
         <translation>%1 успешно установлен.</translation>
     </message>
     <message>
-        <location filename="../ui/controllers/api/apiConfigsController.cpp" line="473"/>
+        <location filename="../ui/controllers/api/apiConfigsController.cpp" line="513"/>
         <source>API config reloaded</source>
         <translation>Конфигурация API перезагружена</translation>
     </message>
     <message>
-        <location filename="../ui/controllers/api/apiConfigsController.cpp" line="477"/>
+        <location filename="../ui/controllers/api/apiConfigsController.cpp" line="517"/>
         <source>Successfully changed the country of connection to %1</source>
         <translation>Страна подключения изменена на %1</translation>
     </message>
@@ -627,27 +624,32 @@ Thank you for staying with us!</source>
         <translation>Продолжить</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageHome.qml" line="102"/>
+        <location filename="../ui/qml/Pages2/PageHome.qml" line="92"/>
         <source>Logging enabled</source>
         <translation>Логирование включено</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageHome.qml" line="144"/>
+        <location filename="../ui/qml/Pages2/PageHome.qml" line="120"/>
+        <source>Dev gateway enabled</source>
+        <translation type="unfinished"></translation>
+    </message>
+    <message>
+        <location filename="../ui/qml/Pages2/PageHome.qml" line="162"/>
         <source>Split tunneling enabled</source>
         <translation>Раздельное туннелирование включено</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageHome.qml" line="144"/>
+        <location filename="../ui/qml/Pages2/PageHome.qml" line="162"/>
         <source>Split tunneling disabled</source>
         <translation>Раздельное туннелирование выключено</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageHome.qml" line="381"/>
+        <location filename="../ui/qml/Pages2/PageHome.qml" line="409"/>
         <source>VPN protocol</source>
         <translation>VPN-протокол</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageHome.qml" line="434"/>
+        <location filename="../ui/qml/Pages2/PageHome.qml" line="462"/>
         <source>Servers</source>
         <translation>Серверы</translation>
     </message>
@@ -1579,32 +1581,37 @@ Thank you for staying with us!</source>
         <translation>Настройки</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettings.qml" line="101"/>
+        <location filename="../ui/qml/Pages2/PageSettings.qml" line="102"/>
         <source>Servers</source>
         <translation>Серверы</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettings.qml" line="112"/>
+        <location filename="../ui/qml/Pages2/PageSettings.qml" line="113"/>
         <source>Connection</source>
         <translation>Соединение</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettings.qml" line="123"/>
+        <location filename="../ui/qml/Pages2/PageSettings.qml" line="124"/>
         <source>Application</source>
         <translation>Приложение</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettings.qml" line="134"/>
+        <location filename="../ui/qml/Pages2/PageSettings.qml" line="135"/>
+        <source>News &amp; Notifications</source>
+        <translation>Новости и Уведомления</translation>
+    </message>
+    <message>
+        <location filename="../ui/qml/Pages2/PageSettings.qml" line="152"/>
         <source>Backup</source>
         <translation>Резервное копирование</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettings.qml" line="145"/>
+        <location filename="../ui/qml/Pages2/PageSettings.qml" line="163"/>
         <source>About AmneziaVPN</source>
         <translation>Об AmneziaVPN</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettings.qml" line="156"/>
+        <location filename="../ui/qml/Pages2/PageSettings.qml" line="174"/>
         <source>Dev console</source>
         <translation>Dev console</translation>
     </message>
@@ -2079,52 +2086,40 @@ Thank you for staying with us!</source>
 <context>
     <name>PageSettingsApiSubscriptionKey</name>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsApiSubscriptionKey.qml" line="43"/>
+        <location filename="../ui/qml/Pages2/PageSettingsApiSubscriptionKey.qml" line="85"/>
-        <source>Amnezia Premium
-subscription key</source>
-        <translation>Amnezia Premium
-ключ подключения</translation>
-    </message>
-    <message>
-        <location filename="../ui/qml/Pages2/PageSettingsApiSubscriptionKey.qml" line="56"/>
         <source>Copy key</source>
         <translation>Скопировать ключ</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsApiSubscriptionKey.qml" line="61"/>
+        <location filename="../ui/qml/Pages2/PageSettingsApiSubscriptionKey.qml" line="90"/>
         <source>Copied</source>
         <translation>Скопировано</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsApiSubscriptionKey.qml" line="77"/>
+        <location filename="../ui/qml/Pages2/PageSettingsApiSubscriptionKey.qml" line="106"/>
         <source>Save key as a file</source>
         <translation>Сохранить ключ как файл</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsApiSubscriptionKey.qml" line="84"/>
+        <location filename="../ui/qml/Pages2/PageSettingsApiSubscriptionKey.qml" line="113"/>
         <source>Save AmneziaVPN config</source>
         <translation>Сохранить конфигурацию AmneziaVPN</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsApiSubscriptionKey.qml" line="85"/>
+        <location filename="../ui/qml/Pages2/PageSettingsApiSubscriptionKey.qml" line="114"/>
         <source>Config files (*.vpn)</source>
         <translation>Файлы конфигов (*.vpn)</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsApiSubscriptionKey.qml" line="110"/>
+        <location filename="../ui/qml/Pages2/PageSettingsApiSubscriptionKey.qml" line="139"/>
         <source>Show key text</source>
         <translation>Показать ключ</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsApiSubscriptionKey.qml" line="151"/>
+        <location filename="../ui/qml/Pages2/PageSettingsApiSubscriptionKey.qml" line="180"/>
         <source>To read the QR code in the Amnezia app, tap + in the main menu → &apos;QR code&apos;</source>
         <translation>Для считывания QR-кода в приложении Amnezia выберите + в главном меню → &apos;QR-код&apos;</translation>
     </message>
-    <message>
-        <location filename="../ui/qml/Pages2/PageSettingsApiSubscriptionKey.qml" line="180"/>
-        <source>Amnezia Premium Subscription key</source>
-        <translation>Ключ подключения Amnezia Premium</translation>
-    </message>
 </context>
 <context>
     <name>PageSettingsApiSupport</name>
@@ -2197,32 +2192,37 @@ subscription key</source>
         <translation>Режим</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsAppSplitTunneling.qml" line="185"/>
+        <location filename="../ui/qml/Pages2/PageSettingsAppSplitTunneling.qml" line="155"/>
+        <source>Only &quot;Apps from the list should not have access via VPN&quot; mode is available on Windows</source>
+        <translation>На Windows доступен только режим &quot;Приложения из списка не должны работать через VPN&quot;</translation>
+    </message>
+    <message>
+        <location filename="../ui/qml/Pages2/PageSettingsAppSplitTunneling.qml" line="199"/>
         <source>Remove </source>
         <translation>Удалить </translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsAppSplitTunneling.qml" line="186"/>
+        <location filename="../ui/qml/Pages2/PageSettingsAppSplitTunneling.qml" line="200"/>
         <source>Continue</source>
         <translation>Продолжить</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsAppSplitTunneling.qml" line="187"/>
+        <location filename="../ui/qml/Pages2/PageSettingsAppSplitTunneling.qml" line="201"/>
         <source>Cancel</source>
         <translation>Отменить</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsAppSplitTunneling.qml" line="228"/>
+        <location filename="../ui/qml/Pages2/PageSettingsAppSplitTunneling.qml" line="242"/>
         <source>application name</source>
         <translation>название приложения</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsAppSplitTunneling.qml" line="238"/>
+        <location filename="../ui/qml/Pages2/PageSettingsAppSplitTunneling.qml" line="252"/>
         <source>Open executable file</source>
         <translation>Открыть исполняемый файл</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsAppSplitTunneling.qml" line="239"/>
+        <location filename="../ui/qml/Pages2/PageSettingsAppSplitTunneling.qml" line="253"/>
         <source>Executable files (*.*)</source>
         <translation>Исполняемые файлы (*.*)</translation>
     </message>
@@ -2770,6 +2770,14 @@ subscription key</source>
         <translation>Очистить логи</translation>
     </message>
 </context>
+<context>
+    <name>PageSettingsNewsNotifications</name>
+    <message>
+        <location filename="../ui/qml/Pages2/PageSettingsNewsNotifications.qml" line="33"/>
+        <source>News &amp; Notifications</source>
+        <translation>Новости и Уведомления</translation>
+    </message>
+</context>
 <context>
     <name>PageSettingsServerData</name>
     <message>
@@ -3013,19 +3021,19 @@ subscription key</source>
         <translation>Режим</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="207"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="209"/>
         <source>Remove </source>
         <translation>Удалить </translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="208"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="210"/>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="356"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="357"/>
         <source>Continue</source>
         <translation>Продолжить</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="209"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="211"/>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="357"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="358"/>
         <source>Cancel</source>
         <translation>Отменить</translation>
     </message>
@@ -3040,70 +3048,70 @@ subscription key</source>
         <translation>Невозможно изменить настройки раздельного туннелирования во время активного соединения</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="257"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="259"/>
         <source>website or IP</source>
         <translation>веб-сайт или IP</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="302"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="304"/>
         <source>Additional options</source>
         <translation>Дополнительные настройки</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="309"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="311"/>
         <source>Import</source>
         <translation>Импорт</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="322"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="324"/>
         <source>Save site list</source>
         <translation>Сохранить список сайтов</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="329"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="331"/>
         <source>Save sites</source>
         <translation>Сохранить сайты</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="330"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="332"/>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="457"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="458"/>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="470"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="471"/>
         <source>Sites files (*.json)</source>
         <translation>Файлы сайтов (*.json)</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="350"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="352"/>
         <source>Clear site list</source>
         <translation>Очистить список сайтов</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="354"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="355"/>
         <source>Clear site list?</source>
         <translation>Очистить список сайтов?</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="355"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="356"/>
         <source>All sites will be removed from list.</source>
         <translation>Все сайты будут удалены из списка.</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="419"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="420"/>
         <source>Import a list of sites</source>
         <translation>Импортировать список с сайтами</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="454"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="455"/>
         <source>Replace site list</source>
         <translation>Заменить список с сайтами</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="456"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="457"/>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="469"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="470"/>
         <source>Open sites file</source>
         <translation>Открыть список с сайтами</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="467"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="468"/>
         <source>Add imported sites to existing ones</source>
         <translation>Добавить импортированные сайты к существующим</translation>
     </message>
@@ -3528,32 +3536,32 @@ subscription key</source>
 <context>
     <name>PageSetupWizardViewConfig</name>
     <message>
-        <location filename="../ui/qml/Pages2/PageSetupWizardViewConfig.qml" line="70"/>
+        <location filename="../ui/qml/Pages2/PageSetupWizardViewConfig.qml" line="72"/>
         <source>New connection</source>
         <translation>Новое соединение</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSetupWizardViewConfig.qml" line="110"/>
+        <location filename="../ui/qml/Pages2/PageSetupWizardViewConfig.qml" line="112"/>
         <source>Collapse content</source>
         <translation>Свернуть</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSetupWizardViewConfig.qml" line="110"/>
+        <location filename="../ui/qml/Pages2/PageSetupWizardViewConfig.qml" line="112"/>
         <source>Show content</source>
         <translation>Показать</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSetupWizardViewConfig.qml" line="127"/>
+        <location filename="../ui/qml/Pages2/PageSetupWizardViewConfig.qml" line="129"/>
         <source>Enable WireGuard obfuscation. It may be useful if WireGuard is blocked on your provider.</source>
         <translation>Включить обфускацию WireGuard. Это может быть полезно, если WireGuard блокируется вашим провайдером.</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSetupWizardViewConfig.qml" line="158"/>
+        <location filename="../ui/qml/Pages2/PageSetupWizardViewConfig.qml" line="160"/>
         <source>Use connection codes only from sources you trust. Codes from public sources may have been created to intercept your data.</source>
         <translation>Используйте файлы конфигурации только из тех источников, которым вы доверяете. Файлы из общедоступных источников могли быть созданы с целью перехвата ваших личных данных.</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSetupWizardViewConfig.qml" line="202"/>
+        <location filename="../ui/qml/Pages2/PageSetupWizardViewConfig.qml" line="204"/>
         <source>Connect</source>
         <translation>Подключиться</translation>
     </message>
@@ -3688,67 +3696,67 @@ subscription key</source>
         <translation>Поиск</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageShare.qml" line="689"/>
+        <location filename="../ui/qml/Pages2/PageShare.qml" line="691"/>
         <source>Creation date: %1</source>
         <translation>Дата создания: %1</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageShare.qml" line="701"/>
+        <location filename="../ui/qml/Pages2/PageShare.qml" line="703"/>
         <source>Latest handshake: %1</source>
         <translation>Последнее рукопожатие: %1</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageShare.qml" line="713"/>
+        <location filename="../ui/qml/Pages2/PageShare.qml" line="715"/>
         <source>Data received: %1</source>
         <translation>Получено данных: %1</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageShare.qml" line="725"/>
+        <location filename="../ui/qml/Pages2/PageShare.qml" line="727"/>
         <source>Data sent: %1</source>
         <translation>Отправлено данных: %1</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageShare.qml" line="735"/>
+        <location filename="../ui/qml/Pages2/PageShare.qml" line="737"/>
         <source>Allowed IPs: %1</source>
         <translation>Разрешенные подсети: %1</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageShare.qml" line="750"/>
+        <location filename="../ui/qml/Pages2/PageShare.qml" line="752"/>
         <source>Rename</source>
         <translation>Переименовать</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageShare.qml" line="775"/>
+        <location filename="../ui/qml/Pages2/PageShare.qml" line="777"/>
         <source>Client name</source>
         <translation>Имя клиента</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageShare.qml" line="786"/>
+        <location filename="../ui/qml/Pages2/PageShare.qml" line="788"/>
         <source>Save</source>
         <translation>Сохранить</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageShare.qml" line="820"/>
+        <location filename="../ui/qml/Pages2/PageShare.qml" line="824"/>
         <source>Revoke</source>
         <translation>Отозвать</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageShare.qml" line="823"/>
+        <location filename="../ui/qml/Pages2/PageShare.qml" line="827"/>
         <source>Revoke the config for a user - %1?</source>
         <translation>Отозвать конфигурацию для пользователя - %1?</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageShare.qml" line="824"/>
+        <location filename="../ui/qml/Pages2/PageShare.qml" line="828"/>
         <source>The user will no longer be able to connect to your server.</source>
         <translation>Пользователь больше не сможет подключаться к вашему серверу.</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageShare.qml" line="825"/>
+        <location filename="../ui/qml/Pages2/PageShare.qml" line="829"/>
         <source>Continue</source>
         <translation>Продолжить</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageShare.qml" line="826"/>
+        <location filename="../ui/qml/Pages2/PageShare.qml" line="830"/>
         <source>Cancel</source>
         <translation>Отменить</translation>
     </message>
@@ -4957,12 +4965,12 @@ FileZilla или другие SFTP-клиенты, а также смонтир
 <context>
     <name>SettingsController</name>
     <message>
-        <location filename="../ui/controllers/settingsController.cpp" line="242"/>
+        <location filename="../ui/controllers/settingsController.cpp" line="258"/>
         <source>All settings have been reset to default values</source>
         <translation>Все настройки сброшены до значений по умолчанию</translation>
     </message>
     <message>
-        <location filename="../ui/controllers/settingsController.cpp" line="219"/>
+        <location filename="../ui/controllers/settingsController.cpp" line="235"/>
         <source>Backup file is corrupted</source>
         <translation>Файл резервной копии поврежден</translation>
     </message>
@@ -5051,7 +5059,7 @@ FileZilla или другие SFTP-клиенты, а также смонтир
 <context>
     <name>TextFieldWithHeaderType</name>
     <message>
-        <location filename="../ui/qml/Controls2/TextFieldWithHeaderType.qml" line="117"/>
+        <location filename="../ui/qml/Controls2/TextFieldWithHeaderType.qml" line="133"/>
         <source>The field can&apos;t be empty</source>
         <translation>Поле не может быть пустым</translation>
     </message>
@@ -5059,7 +5067,7 @@ FileZilla или другие SFTP-клиенты, а также смонтир
 <context>
     <name>VpnConnection</name>
     <message>
-        <location filename="../vpnconnection.cpp" line="492"/>
+        <location filename="../vpnconnection.cpp" line="437"/>
         <source>Mbps</source>
         <translation>Мбит/с</translation>
     </message>
@@ -5067,42 +5075,42 @@ FileZilla или другие SFTP-клиенты, а также смонтир
 <context>
     <name>VpnProtocol</name>
     <message>
-        <location filename="../protocols/vpnprotocol.cpp" line="138"/>
+        <location filename="../protocols/vpnprotocol.cpp" line="133"/>
         <source>Unknown</source>
         <translation>Неизвестный</translation>
     </message>
     <message>
-        <location filename="../protocols/vpnprotocol.cpp" line="139"/>
+        <location filename="../protocols/vpnprotocol.cpp" line="134"/>
         <source>Disconnected</source>
         <translation>Отключено</translation>
     </message>
     <message>
-        <location filename="../protocols/vpnprotocol.cpp" line="140"/>
+        <location filename="../protocols/vpnprotocol.cpp" line="135"/>
         <source>Preparing</source>
         <translation>Подготовка</translation>
     </message>
     <message>
-        <location filename="../protocols/vpnprotocol.cpp" line="141"/>
+        <location filename="../protocols/vpnprotocol.cpp" line="136"/>
         <source>Connecting...</source>
         <translation>Подключение...</translation>
     </message>
     <message>
-        <location filename="../protocols/vpnprotocol.cpp" line="142"/>
+        <location filename="../protocols/vpnprotocol.cpp" line="137"/>
         <source>Connected</source>
         <translation>Подключено</translation>
     </message>
     <message>
-        <location filename="../protocols/vpnprotocol.cpp" line="143"/>
+        <location filename="../protocols/vpnprotocol.cpp" line="138"/>
         <source>Disconnecting...</source>
         <translation>Отключение...</translation>
     </message>
     <message>
-        <location filename="../protocols/vpnprotocol.cpp" line="144"/>
+        <location filename="../protocols/vpnprotocol.cpp" line="139"/>
         <source>Reconnecting...</source>
         <translation>Переподключение...</translation>
     </message>
     <message>
-        <location filename="../protocols/vpnprotocol.cpp" line="145"/>
+        <location filename="../protocols/vpnprotocol.cpp" line="140"/>
         <source>Error</source>
         <translation>Ошибка</translation>
     </message>

client/ui/controllers/api/apiConfigsController.cpp

@@ -29,7 +29,6 @@ namespace
         constexpr char uuid[] = "installation_uuid";
         constexpr char osVersion[] = "os_version";
         constexpr char appVersion[] = "app_version";
-        constexpr char appLanguage[] = "app_language";
 
         constexpr char userCountryCode[] = "user_country_code";
         constexpr char serverCountryCode[] = "server_country_code";
@@ -47,6 +46,8 @@ namespace
 
         constexpr char subscription[] = "subscription";
         constexpr char endDate[] = "end_date";
+
+        constexpr char isConnectEvent[] = "is_connect_event";
     }
 
     struct ProtocolData
@@ -63,6 +64,7 @@ namespace
     {
         QString osVersion;
         QString appVersion;
+        QString appLanguage;
 
         QString installationUuid;
 
@@ -82,6 +84,9 @@ namespace
             if (!appVersion.isEmpty()) {
                 obj[configKey::appVersion] = appVersion;
             }
+            if (!appLanguage.isEmpty()) {
+                obj[apiDefs::key::appLanguage] = appLanguage;
+            }
             if (!installationUuid.isEmpty()) {
                 obj[configKey::uuid] = installationUuid;
             }
@@ -221,6 +226,9 @@ namespace
         if (newServerConfig.value(config_key::configVersion).toInt() == apiDefs::ConfigSource::AmneziaGateway) {
             apiConfig.insert(apiDefs::key::supportedProtocols,
                              QJsonDocument::fromJson(apiResponseBody).object().value(apiDefs::key::supportedProtocols).toArray());
+
+            apiConfig.insert(apiDefs::key::serviceInfo,
+                             QJsonDocument::fromJson(apiResponseBody).object().value(apiDefs::key::serviceInfo).toObject());
         }
 
         serverConfig[configKey::apiConfig] = apiConfig;
@@ -249,6 +257,23 @@ ApiConfigsController::ApiConfigsController(const QSharedPointer<ServersModel> &s
 {
 }
 
+bool ApiConfigsController::exportVpnKey(const QString &fileName)
+{
+    if (fileName.isEmpty()) {
+        emit errorOccurred(ErrorCode::PermissionsError);
+        return false;
+    }
+
+    prepareVpnKeyExport();
+    if (m_vpnKey.isEmpty()) {
+        emit errorOccurred(ErrorCode::ApiConfigEmptyError);
+        return false;
+    }
+
+    SystemController::saveFile(fileName, m_vpnKey);
+    return true;
+}
+
 bool ApiConfigsController::exportNativeConfig(const QString &serverCountryCode, const QString &fileName)
 {
     if (fileName.isEmpty()) {
@@ -266,6 +291,7 @@ bool ApiConfigsController::exportNativeConfig(const QString &serverCountryCode,
 
     GatewayRequestData gatewayRequestData { QSysInfo::productType(),
                                             QString(APP_VERSION),
+                                            m_settings->getAppLanguage().name().split("_").first(),
                                             m_settings->getInstallationUuid(true),
                                             apiConfigObject.value(configKey::userCountryCode).toString(),
                                             serverCountryCode,
@@ -306,6 +332,7 @@ bool ApiConfigsController::revokeNativeConfig(const QString &serverCountryCode)
 
     GatewayRequestData gatewayRequestData { QSysInfo::productType(),
                                             QString(APP_VERSION),
+                                            m_settings->getAppLanguage().name().split("_").first(),
                                             m_settings->getInstallationUuid(true),
                                             apiConfigObject.value(configKey::userCountryCode).toString(),
                                             serverCountryCode,
@@ -330,6 +357,13 @@ void ApiConfigsController::prepareVpnKeyExport()
     auto apiConfigObject = serverConfigObject.value(configKey::apiConfig).toObject();
 
     auto vpnKey = apiConfigObject.value(apiDefs::key::vpnKey).toString();
+    if (vpnKey.isEmpty()) {
+        vpnKey = apiUtils::getPremiumV2VpnKey(serverConfigObject);
+        apiConfigObject.insert(apiDefs::key::vpnKey, vpnKey);
+        serverConfigObject.insert(configKey::apiConfig, apiConfigObject);
+        m_serversModel->editServer(serverConfigObject, m_serversModel->getProcessedServerIndex());
+    }
+
     m_vpnKey = vpnKey;
 
     vpnKey.replace("vpn://", "");
@@ -349,7 +383,7 @@ bool ApiConfigsController::fillAvailableServices()
 {
     QJsonObject apiPayload;
     apiPayload[configKey::osVersion] = QSysInfo::productType();
-    apiPayload[configKey::appLanguage] = m_settings->getAppLanguage().name().split("_").first();
+    apiPayload[apiDefs::key::appLanguage] = m_settings->getAppLanguage().name().split("_").first();
 
     QByteArray responseBody;
     ErrorCode errorCode = executeRequest(QString("%1v1/services"), apiPayload, responseBody);
@@ -373,6 +407,7 @@ bool ApiConfigsController::importServiceFromGateway()
 {
     GatewayRequestData gatewayRequestData { QSysInfo::productType(),
                                             QString(APP_VERSION),
+                                            m_settings->getAppLanguage().name().split("_").first(),
                                             m_settings->getInstallationUuid(true),
                                             m_apiServicesModel->getCountryCode(),
                                             "",
@@ -431,6 +466,7 @@ bool ApiConfigsController::updateServiceFromGateway(const int serverIndex, const
 
     GatewayRequestData gatewayRequestData { QSysInfo::productType(),
                                             QString(APP_VERSION),
+                                            m_settings->getAppLanguage().name().split("_").first(),
                                             m_settings->getInstallationUuid(true),
                                             apiConfig.value(configKey::userCountryCode).toString(),
                                             newCountryCode,
@@ -443,6 +479,10 @@ bool ApiConfigsController::updateServiceFromGateway(const int serverIndex, const
     QJsonObject apiPayload = gatewayRequestData.toJsonObject();
     appendProtocolDataToApiPayload(gatewayRequestData.serviceProtocol, protocolData, apiPayload);
 
+    if (newCountryCode.isEmpty() && newCountryName.isEmpty() && !reloadServiceConfig) {
+        apiPayload.insert(configKey::isConnectEvent, true);
+    }
+
     QByteArray responseBody;
     ErrorCode errorCode = executeRequest(QString("%1v1/config"), apiPayload, responseBody);
 
@@ -526,7 +566,7 @@ bool ApiConfigsController::updateServiceFromTelegram(const int serverIndex)
     }
 }
 
-bool ApiConfigsController::deactivateDevice()
+bool ApiConfigsController::deactivateDevice(const bool isRemoveEvent)
 {
     auto serverIndex = m_serversModel->getProcessedServerIndex();
     auto serverConfigObject = m_serversModel->getServerConfig(serverIndex);
@@ -537,12 +577,17 @@ bool ApiConfigsController::deactivateDevice()
     }
 
     if (isSubscriptionExpired(apiConfigObject)) {
+        if (isRemoveEvent) {
+            return true;
+        } else {
             emit errorOccurred(ErrorCode::ApiSubscriptionExpiredError);
             return false;
         }
+    }
 
     GatewayRequestData gatewayRequestData { QSysInfo::productType(),
                                             QString(APP_VERSION),
+                                            m_settings->getAppLanguage().name().split("_").first(),
                                             m_settings->getInstallationUuid(true),
                                             apiConfigObject.value(configKey::userCountryCode).toString(),
                                             apiConfigObject.value(configKey::serverCountryCode).toString(),
@@ -582,6 +627,7 @@ bool ApiConfigsController::deactivateExternalDevice(const QString &uuid, const Q
 
     GatewayRequestData gatewayRequestData { QSysInfo::productType(),
                                             QString(APP_VERSION),
+                                            m_settings->getAppLanguage().name().split("_").first(),
                                             uuid,
                                             apiConfigObject.value(configKey::userCountryCode).toString(),
                                             serverCountryCode,

client/ui/controllers/api/apiConfigsController.h

@@ -21,7 +21,7 @@ public:
 public slots:
     bool exportNativeConfig(const QString &serverCountryCode, const QString &fileName);
     bool revokeNativeConfig(const QString &serverCountryCode);
-    // bool exportVpnKey(const QString &fileName);
+    bool exportVpnKey(const QString &fileName);
     void prepareVpnKeyExport();
     void copyVpnKeyToClipboard();
 
@@ -30,7 +30,7 @@ public slots:
     bool updateServiceFromGateway(const int serverIndex, const QString &newCountryCode, const QString &newCountryName,
                                   bool reloadServiceConfig = false);
     bool updateServiceFromTelegram(const int serverIndex);
-    bool deactivateDevice();
+    bool deactivateDevice(const bool isRemoveEvent);
     bool deactivateExternalDevice(const QString &uuid, const QString &serverCountryCode);
 
     bool isConfigValid();

client/ui/controllers/api/apiNewsController.cpp

@@ -0,0 +1,69 @@
+#include "apiNewsController.h"
+
+#include "core/api/apiUtils.h"
+#include <QJsonDocument>
+#include <QJsonObject>
+
+namespace
+{
+    namespace configKey
+    {
+        constexpr char userCountryCode[] = "user_country_code";
+        constexpr char serviceType[] = "service_type";
+    }
+}
+
+ApiNewsController::ApiNewsController(const QSharedPointer<NewsModel> &newsModel, const std::shared_ptr<Settings> &settings,
+                                     const QSharedPointer<ServersModel> &serversModel, QObject *parent)
+    : QObject(parent), m_newsModel(newsModel), m_settings(settings), m_serversModel(serversModel)
+{
+}
+
+void ApiNewsController::fetchNews(bool showError)
+{
+    if (m_serversModel.isNull()) {
+        qWarning() << "ServersModel is null, skip fetchNews";
+        return;
+    }
+    const auto stacks = m_serversModel->gatewayStacks();
+    if (stacks.isEmpty()) {
+        qDebug() << "No Gateway stacks, skip fetchNews";
+        return;
+    }
+
+    auto gatewayController = QSharedPointer<GatewayController>::create(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(),
+                                                                       apiDefs::requestTimeoutMsecs, m_settings->isStrictKillSwitchEnabled());
+    QJsonObject payload;
+    payload.insert("locale", m_settings->getAppLanguage().name().split("_").first());
+
+    const QJsonObject stacksJson = stacks.toJson();
+    if (stacksJson.contains(configKey::userCountryCode)) {
+        payload.insert(configKey::userCountryCode, stacksJson.value(configKey::userCountryCode));
+    }
+    if (stacksJson.contains(configKey::serviceType)) {
+        payload.insert(configKey::serviceType, stacksJson.value(configKey::serviceType));
+    }
+
+    auto future = gatewayController->postAsync(QString("%1v1/news"), payload);
+    future.then(this, [this, showError, gatewayController](QPair<ErrorCode, QByteArray> result) {
+        auto [errorCode, responseBody] = result;
+        if (errorCode != ErrorCode::NoError) {
+            emit errorOccurred(errorCode, showError);
+            return;
+        }
+
+        QJsonDocument doc = QJsonDocument::fromJson(responseBody);
+        QJsonArray newsArray;
+        if (doc.isArray()) {
+            newsArray = doc.array();
+        } else if (doc.isObject()) {
+            QJsonObject obj = doc.object();
+            if (obj.value("news").isArray()) {
+                newsArray = obj.value("news").toArray();
+            }
+        }
+
+        m_newsModel->updateModel(newsArray);
+        emit fetchNewsFinished();
+    });
+}

client/ui/controllers/api/apiNewsController.h

@@ -0,0 +1,34 @@
+#ifndef APINEWSCONTROLLER_H
+#define APINEWSCONTROLLER_H
+
+#include <QJsonArray>
+#include <QObject>
+#include <QSharedPointer>
+#include <memory>
+
+#include "core/api/apiDefs.h"
+#include "core/controllers/gatewayController.h"
+#include "settings.h"
+#include "ui/models/newsModel.h"
+#include "ui/models/servers_model.h"
+
+class ApiNewsController : public QObject
+{
+    Q_OBJECT
+public:
+    explicit ApiNewsController(const QSharedPointer<NewsModel> &newsModel, const std::shared_ptr<Settings> &settings,
+                               const QSharedPointer<ServersModel> &serversModel, QObject *parent = nullptr);
+
+    Q_INVOKABLE void fetchNews(bool showError);
+
+signals:
+    void errorOccurred(ErrorCode errorCode, bool showError);
+    void fetchNewsFinished();
+
+private:
+    QSharedPointer<NewsModel> m_newsModel;
+    std::shared_ptr<Settings> m_settings;
+    QSharedPointer<ServersModel> m_serversModel;
+};
+
+#endif // APINEWSCONTROLLER_H

client/ui/controllers/api/apiPremV1MigrationController.cpp

@@ -82,7 +82,7 @@ void ApiPremV1MigrationController::sendMigrationCode(const int subscriptionIndex
 {
     QEventLoop wait;
     QTimer::singleShot(1000, &wait, &QEventLoop::quit);
-    wait.exec();
+    wait.exec(QEventLoop::ExcludeUserInputEvents);
 
     GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs,
                                         m_settings->isStrictKillSwitchEnabled());

client/ui/controllers/api/apiSettingsController.cpp

@@ -46,7 +46,7 @@ bool ApiSettingsController::getAccountInfo(bool reload)
     if (reload) {
         QEventLoop wait;
         QTimer::singleShot(1000, &wait, &QEventLoop::quit);
-        wait.exec();
+        wait.exec(QEventLoop::ExcludeUserInputEvents);
     }
 
     GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), requestTimeoutMsecs,
@@ -62,6 +62,7 @@ bool ApiSettingsController::getAccountInfo(bool reload)
     apiPayload[configKey::serviceType] = apiConfig.value(configKey::serviceType).toString();
     apiPayload[configKey::authData] = authData;
     apiPayload[apiDefs::key::cliVersion] = QString(APP_VERSION);
+    apiPayload[apiDefs::key::appLanguage] = m_settings->getAppLanguage().name().split("_").first();
 
     QByteArray responseBody;
 

client/ui/controllers/pageController.h

@@ -26,6 +26,8 @@ namespace PageLoader
         PageSettingsConnection,
         PageSettingsDns,
         PageSettingsApplication,
+        PageSettingsNewsNotifications,
+        PageSettingsNewsDetail,
         PageSettingsBackup,
         PageSettingsAbout,
         PageSettingsLogging,

client/ui/controllers/settingsController.cpp

@@ -1,10 +1,12 @@
 #include "settingsController.h"
 
 #include <QStandardPaths>
+#include <QOperatingSystemVersion>
 
 #include "logger.h"
 #include "systemController.h"
 #include "ui/qautostart.h"
+#include "amnezia_application.h"
 #include "version.h"
 #ifdef Q_OS_ANDROID
     #include "platforms/android/android_controller.h"
@@ -32,7 +34,21 @@ SettingsController::SettingsController(const QSharedPointer<ServersModel> &serve
     checkIfNeedDisableLogs();
 #ifdef Q_OS_ANDROID
     connect(AndroidController::instance(), &AndroidController::notificationStateChanged, this, &SettingsController::onNotificationStateChanged);
+    connect(AndroidController::instance(), &AndroidController::imeInsetsChanged, this, [this](int heightDp) {
+        m_imeHeight = heightDp;
+        emit imeHeightChanged(heightDp);
+        emit safeAreaBottomMarginChanged();
+    });
+    connect(AndroidController::instance(), &AndroidController::systemBarsInsetsChanged, this, [this](int navBarHeightDp, int statusBarHeightDp) {
+        m_cachedNavigationBarHeight = navBarHeightDp;
+        m_cachedStatusBarHeight = statusBarHeightDp;
+        emit safeAreaBottomMarginChanged();
+        emit safeAreaTopMarginChanged();
+    });
 #endif
+
+    m_isDevModeEnabled = m_settings->isDevGatewayEnv();
+    toggleDevGatewayEnv(m_isDevModeEnabled);
 }
 
 QString getPlatformName()
@@ -139,6 +155,10 @@ void SettingsController::clearLogs()
     Logger::clearLogs(false);
     Logger::clearServiceLogs();
 #endif
+
+    qInfo().noquote() << QString("Started %1 version %2 %3").arg(APPLICATION_NAME, APP_VERSION, GIT_COMMIT_HASH);
+    qInfo().noquote() << QString("%1 (%2)").arg(QSysInfo::prettyProductName(), QSysInfo::currentCpuArchitecture());
+    qInfo().noquote() << QString("SSL backend: %1").arg(QSslSocket::sslLibraryVersionString());
 }
 
 void SettingsController::backupAppConfig(const QString &fileName)
@@ -423,6 +443,76 @@ bool SettingsController::isOnTv()
 #endif
 }
 
+bool SettingsController::isEdgeToEdgeEnabled()
+{
+#ifdef Q_OS_ANDROID
+    if (!m_edgeToEdgeCached) {
+        m_cachedEdgeToEdgeEnabled = AndroidController::instance()->isEdgeToEdgeEnabled();
+        m_edgeToEdgeCached = true;
+    }
+    return m_cachedEdgeToEdgeEnabled;
+#else
+    return false;
+#endif
+}
+
+int SettingsController::getStatusBarHeight()
+{
+#ifdef Q_OS_ANDROID
+    if (m_cachedStatusBarHeight < 0) {
+        m_cachedStatusBarHeight = AndroidController::instance()->getStatusBarHeight();
+    }
+    return m_cachedStatusBarHeight;
+#else
+    return 0;
+#endif
+}
+
+int SettingsController::getNavigationBarHeight()
+{
+#ifdef Q_OS_ANDROID
+    if (m_cachedNavigationBarHeight < 0) {
+        m_cachedNavigationBarHeight = AndroidController::instance()->getNavigationBarHeight();
+    }
+    return m_cachedNavigationBarHeight;
+#else
+    return 0;
+#endif
+}
+
+int SettingsController::getSafeAreaTopMargin()
+{
+#ifdef Q_OS_ANDROID
+    if (isEdgeToEdgeEnabled()) {
+        int height = getStatusBarHeight();
+        int result = height > 0 ? height : 40; // fallback to 40 if system returns 0
+        return result;
+    }
+#endif
+    return 0;
+}
+
+int SettingsController::getSafeAreaBottomMargin()
+{
+#ifdef Q_OS_ANDROID
+    if (isEdgeToEdgeEnabled()) {
+        if (m_imeHeight > 0) {
+            return 0;
+        }
+        
+        int height = getNavigationBarHeight();
+        int result = height > 0 ? height : 56; // fallback to 56 if system returns 0
+        return result;
+    }
+#endif
+    return 0;
+}
+
+int SettingsController::getImeHeight()
+{
+    return m_imeHeight;
+}
+
 bool SettingsController::isHomeAdLabelVisible()
 {
     return m_settings->isHomeAdLabelVisible();

client/ui/controllers/settingsController.h

@@ -33,6 +33,9 @@ public:
 
     Q_PROPERTY(bool isHomeAdLabelVisible READ isHomeAdLabelVisible NOTIFY isHomeAdLabelVisibleChanged)
     Q_PROPERTY(bool startMinimized READ isStartMinimizedEnabled NOTIFY startMinimizedChanged)
+    Q_PROPERTY(int safeAreaTopMargin READ getSafeAreaTopMargin NOTIFY safeAreaTopMarginChanged)
+    Q_PROPERTY(int safeAreaBottomMargin READ getSafeAreaBottomMargin NOTIFY safeAreaBottomMarginChanged)
+    Q_PROPERTY(int imeHeight READ getImeHeight NOTIFY imeHeightChanged)
 
 public slots:
     void toggleAmneziaDns(bool enable);
@@ -96,6 +99,12 @@ public slots:
     void toggleDevGatewayEnv(bool enabled);
 
     bool isOnTv();
+    bool isEdgeToEdgeEnabled();
+    int getStatusBarHeight();
+    int getNavigationBarHeight();
+    int getSafeAreaTopMargin();
+    int getSafeAreaBottomMargin();
+    int getImeHeight();
 
     bool isHomeAdLabelVisible();
     void disableHomeAdLabel();
@@ -125,6 +134,10 @@ signals:
     void gatewayEndpointChanged(const QString &endpoint);
     void devGatewayEnvChanged(bool enabled);
     
+    void imeHeightChanged(int height);
+    void safeAreaTopMarginChanged();
+    void safeAreaBottomMarginChanged();
+
     void isHomeAdLabelVisibleChanged(bool visible);
     void startMinimizedChanged();
 
@@ -134,6 +147,12 @@ private:
     QSharedPointer<LanguageModel> m_languageModel;
     QSharedPointer<SitesModel> m_sitesModel;
     QSharedPointer<AppSplitTunnelingModel> m_appSplitTunnelingModel;
+    
+    mutable int m_cachedStatusBarHeight = -1;
+    mutable int m_cachedNavigationBarHeight = -1;
+    mutable bool m_cachedEdgeToEdgeEnabled = false;
+    mutable bool m_edgeToEdgeCached = false;
+    int m_imeHeight = 0;
     std::shared_ptr<Settings> m_settings;
 
     QString m_appVersion;

client/ui/models/api/apiAccountInfoModel.cpp

@@ -31,7 +31,8 @@ QVariant ApiAccountInfoModel::data(const QModelIndex &index, int role) const
             return tr("Active");
         }
 
-        return apiUtils::isSubscriptionExpired(m_accountInfoData.subscriptionEndDate) ? tr("<p><a style=\"color: #EB5757;\">Inactive</a>") : tr("Active");
+        return apiUtils::isSubscriptionExpired(m_accountInfoData.subscriptionEndDate) ? tr("<p><a style=\"color: #EB5757;\">Inactive</a>")
+                                                                                      : tr("Active");
     }
     case EndDateRole: {
         if (m_accountInfoData.configType == apiDefs::ConfigType::AmneziaFreeV3) {
@@ -47,16 +48,7 @@ QVariant ApiAccountInfoModel::data(const QModelIndex &index, int role) const
         return tr("%1 out of %2").arg(m_accountInfoData.activeDeviceCount).arg(m_accountInfoData.maxDeviceCount);
     }
     case ServiceDescriptionRole: {
-        if (m_accountInfoData.configType == apiDefs::ConfigType::AmneziaPremiumV2) {
+        return m_accountInfoData.subscriptionDescription;
-            return tr("Classic VPN for seamless work, downloading large files, and watching videos. Access all websites and online "
-                      "resources. "
-                      "Speeds up to 200 Mbps");
-        } else if (m_accountInfoData.configType == apiDefs::ConfigType::AmneziaFreeV3) {
-            return tr("Free unlimited access to a basic set of websites such as Facebook, Instagram, Twitter (X), Discord, Telegram and "
-                      "more. YouTube is not included in the free plan.");
-        } else {
-            return "";
-        }
     }
     case IsComponentVisibleRole: {
         return m_accountInfoData.configType == apiDefs::ConfigType::AmneziaPremiumV2
@@ -101,6 +93,8 @@ void ApiAccountInfoModel::updateModel(const QJsonObject &accountInfoObject, cons
 
     accountInfoData.configType = apiUtils::getConfigType(serverConfig);
 
+    accountInfoData.subscriptionDescription = accountInfoObject.value(apiDefs::key::subscriptionDescription).toString();
+
     for (const auto &protocol : accountInfoObject.value(apiDefs::key::supportedProtocols).toArray()) {
         accountInfoData.supportedProtocols.push_back(protocol.toString());
     }

client/ui/models/api/apiAccountInfoModel.h

@@ -54,6 +54,8 @@ private:
         apiDefs::ConfigType configType;
 
         QStringList supportedProtocols;
+
+        QString subscriptionDescription;
     };
 
     AccountInfoData m_accountInfoData;

client/ui/models/newsModel.cpp

@@ -0,0 +1,130 @@
+#include "ui/models/newsModel.h"
+#include <QDir>
+#include <QFile>
+#include <QJsonArray>
+#include <QJsonDocument>
+#include <QJsonObject>
+#include <QJsonValue>
+#include <QQmlEngine>
+#include <QStandardPaths>
+#include <algorithm>
+
+NewsModel::NewsModel(const std::shared_ptr<Settings> &settings, QObject *parent) : QAbstractListModel(parent), m_settings(settings)
+{
+    loadReadIds();
+}
+
+int NewsModel::rowCount(const QModelIndex &parent) const
+{
+    Q_UNUSED(parent);
+    return m_items.size();
+}
+
+QVariant NewsModel::data(const QModelIndex &index, int role) const
+{
+    if (!index.isValid() || index.row() < 0 || index.row() >= m_items.size())
+        return QVariant();
+
+    const NewsItem &item = m_items.at(index.row());
+    switch (role) {
+    case IdRole: return item.id;
+    case TitleRole: return item.title;
+    case ContentRole: return item.content;
+    case TimestampRole: return item.timestamp.toString(Qt::ISODate);
+    case IsReadRole: return item.read;
+    case IsProcessedRole: return index.row() == m_processedIndex;
+    default: return QVariant();
+    }
+}
+
+QHash<int, QByteArray> NewsModel::roleNames() const
+{
+    QHash<int, QByteArray> roles;
+    roles[IdRole] = "id";
+    roles[TitleRole] = "title";
+    roles[ContentRole] = "content";
+    roles[TimestampRole] = "timestamp";
+    roles[IsReadRole] = "read";
+    roles[IsProcessedRole] = "isProcessed";
+    return roles;
+}
+
+void NewsModel::markAsRead(int index)
+{
+    if (index < 0 || index >= m_items.size())
+        return;
+    if (!m_items[index].read) {
+        m_items[index].read = true;
+        m_readIds.insert(m_items[index].id);
+        saveReadIds();
+        QModelIndex idx = createIndex(index, 0);
+        emit dataChanged(idx, idx, { IsReadRole });
+        emit hasUnreadChanged();
+    }
+}
+
+int NewsModel::processedIndex() const
+{
+    return m_processedIndex;
+}
+
+void NewsModel::setProcessedIndex(int index)
+{
+    if (index < 0 || index >= m_items.size() || m_processedIndex == index)
+        return;
+    m_processedIndex = index;
+    emit processedIndexChanged(index);
+}
+
+void NewsModel::updateModel(const QJsonArray &serverItems)
+{
+    QSet<QString> existingIds;
+    for (const NewsItem &item : m_items) {
+        existingIds.insert(item.id);
+    }
+
+    QList<NewsItem> newItems;
+    for (const QJsonValue &value : serverItems) {
+        if (!value.isObject())
+            continue;
+        const QJsonObject obj = value.toObject();
+        QString id = obj.value("id").toString();
+
+        if (!existingIds.contains(id)) {
+            NewsItem item;
+            item.id = id;
+            item.title = obj.value("title").toString();
+            item.content = obj.value("content").toString();
+            item.timestamp = QDateTime::fromString(obj.value("timestamp").toString(), Qt::ISODate);
+            item.read = m_readIds.contains(id);
+            newItems.append(item);
+            existingIds.insert(id);
+        }
+    }
+
+    beginResetModel();
+    m_items.append(newItems);
+    std::sort(m_items.begin(), m_items.end(), [](const NewsItem &a, const NewsItem &b) { return a.timestamp > b.timestamp; });
+    endResetModel();
+    emit hasUnreadChanged();
+}
+
+bool NewsModel::hasUnread() const
+{
+    for (const NewsItem &item : m_items) {
+        if (!item.read)
+            return true;
+    }
+    return false;
+}
+
+void NewsModel::loadReadIds()
+{
+    QStringList ids = m_settings->readNewsIds();
+    m_readIds = QSet<QString>(ids.begin(), ids.end());
+}
+
+void NewsModel::saveReadIds() const
+{
+    m_settings->setReadNewsIds(QStringList(m_readIds.begin(), m_readIds.end()));
+}

client/ui/models/newsModel.h

@@ -0,0 +1,62 @@
+#ifndef NEWSMODEL_H
+#define NEWSMODEL_H
+
+#include "settings.h"
+#include <QAbstractListModel>
+#include <QDateTime>
+#include <QJsonArray>
+#include <QSet>
+#include <QString>
+#include <QVector>
+#include <memory>
+
+struct NewsItem
+{
+    QString id;
+    QString title;
+    QString content;
+    QDateTime timestamp;
+    bool read;
+};
+
+class NewsModel : public QAbstractListModel
+{
+    Q_OBJECT
+public:
+    enum Roles {
+        IdRole = Qt::UserRole + 1,
+        TitleRole,
+        ContentRole,
+        TimestampRole,
+        IsReadRole,
+        IsProcessedRole
+    };
+    explicit NewsModel(const std::shared_ptr<Settings> &settings, QObject *parent = nullptr);
+    Q_INVOKABLE void markAsRead(int index);
+
+    Q_PROPERTY(int processedIndex READ processedIndex WRITE setProcessedIndex NOTIFY processedIndexChanged)
+    Q_PROPERTY(bool hasUnread READ hasUnread NOTIFY hasUnreadChanged)
+    int processedIndex() const;
+    void setProcessedIndex(int index);
+
+    void updateModel(const QJsonArray &items);
+    bool hasUnread() const;
+
+    int rowCount(const QModelIndex &parent = QModelIndex()) const override;
+    QVariant data(const QModelIndex &index, int role = Qt::DisplayRole) const override;
+    QHash<int, QByteArray> roleNames() const override;
+
+signals:
+    void processedIndexChanged(int index);
+    void hasUnreadChanged();
+
+private:
+    QVector<NewsItem> m_items;
+    int m_processedIndex = -1;
+    std::shared_ptr<Settings> m_settings;
+    QSet<QString> m_readIds;
+    void loadReadIds();
+    void saveReadIds() const;
+};
+
+#endif // NEWSMODEL_H

client/ui/models/servers_model.cpp

@@ -44,6 +44,8 @@ ServersModel::ServersModel(std::shared_ptr<Settings> settings, QObject *parent)
 
     connect(this, &ServersModel::processedServerIndexChanged, this, &ServersModel::processedServerChanged);
     connect(this, &ServersModel::dataChanged, this, &ServersModel::processedServerChanged);
+
+    connect(this, &QAbstractItemModel::modelReset, this, &ServersModel::recomputeGatewayStacks);
 }
 
 int ServersModel::rowCount(const QModelIndex &parent) const
@@ -156,6 +158,18 @@ QVariant ServersModel::data(const QModelIndex &index, int role) const
         QString primaryDns = server.value(config_key::dns1).toString();
         return primaryDns == protocols::dns::amneziaDnsIp;
     }
+    case IsAdVisibleRole:{
+        return apiConfig.value(apiDefs::key::serviceInfo).toObject().value(apiDefs::key::isAdVisible).toBool(false);
+    }
+    case AdHeaderRole: {
+        return apiConfig.value(apiDefs::key::serviceInfo).toObject().value(apiDefs::key::adHeader).toString();
+    }
+    case AdDescriptionRole: {
+        return apiConfig.value(apiDefs::key::serviceInfo).toObject().value(apiDefs::key::adDescription).toString();
+    }
+    case AdEndpointRole: {
+        return apiConfig.value(apiDefs::key::serviceInfo).toObject().value(apiDefs::key::adEndpoint).toString();
+    }
     }
 
     return QVariant();
@@ -375,7 +389,6 @@ QHash<int, QByteArray> ServersModel::roleNames() const
 {
     QHash<int, QByteArray> roles;
 
-    roles[NameRole] = "serverName";
     roles[NameRole] = "name";
     roles[ServerDescriptionRole] = "serverDescription";
     roles[CollapsedServerDescriptionRole] = "collapsedServerDescription";
@@ -402,6 +415,12 @@ QHash<int, QByteArray> ServersModel::roleNames() const
     roles[IsCountrySelectionAvailableRole] = "isCountrySelectionAvailable";
     roles[ApiAvailableCountriesRole] = "apiAvailableCountries";
     roles[ApiServerCountryCodeRole] = "apiServerCountryCode";
+
+    roles[IsAdVisibleRole] = "isAdVisible";
+    roles[AdHeaderRole] = "adHeader";
+    roles[AdDescriptionRole] = "adDescription";
+    roles[AdEndpointRole] = "adEndpoint";
+
     return roles;
 }
 
@@ -756,6 +775,68 @@ bool ServersModel::isServerFromApi(const int serverIndex)
     return data(serverIndex, IsServerFromTelegramApiRole).toBool() || data(serverIndex, IsServerFromGatewayApiRole).toBool();
 }
 
+bool ServersModel::hasServersFromGatewayApi()
+{
+    return !m_gatewayStacks.isEmpty();
+}
+
+bool ServersModel::GatewayStacks::operator==(const GatewayStacks &other) const
+{
+    return userCountryCodes == other.userCountryCodes && serviceTypes == other.serviceTypes;
+}
+
+QJsonObject ServersModel::GatewayStacks::toJson() const
+{
+    QJsonObject obj;
+    if (!userCountryCodes.isEmpty()) {
+        obj.insert(configKey::userCountryCode, QJsonArray::fromStringList(userCountryCodes.values()));
+    }
+    if (!serviceTypes.isEmpty()) {
+        obj.insert(configKey::serviceType, QJsonArray::fromStringList(serviceTypes.values()));
+    }
+    return obj;
+}
+
+void ServersModel::recomputeGatewayStacks()
+{
+    const bool wasEmpty = m_gatewayStacks.isEmpty();
+    GatewayStacks computed;
+    bool hasNewTags = false;
+
+    for (int i = 0; i < m_servers.count(); ++i) {
+        if (data(i, IsServerFromGatewayApiRole).toBool()) {
+            const QJsonObject server = m_servers.at(i).toObject();
+            const QJsonObject apiConfig = server.value(configKey::apiConfig).toObject();
+
+            const QString userCountryCode = apiConfig.value(configKey::userCountryCode).toString();
+            const QString serviceType = apiConfig.value(configKey::serviceType).toString();
+
+            if (!userCountryCode.isEmpty()) {
+                if (!m_gatewayStacks.userCountryCodes.contains(userCountryCode)) {
+                    hasNewTags = true;
+                }
+                computed.userCountryCodes.insert(userCountryCode);
+            }
+
+            if (!serviceType.isEmpty()) {
+                if (!m_gatewayStacks.serviceTypes.contains(serviceType)) {
+                    hasNewTags = true;
+                }
+                computed.serviceTypes.insert(serviceType);
+            }
+        }
+    }
+
+    m_gatewayStacks = std::move(computed);
+    if (hasNewTags) {
+        emit gatewayStacksExpanded();
+    }
+
+    if (wasEmpty != m_gatewayStacks.isEmpty()) {
+        emit hasServersFromGatewayApiChanged();
+    }
+}
+
 bool ServersModel::isApiKeyExpired(const int serverIndex)
 {
     auto serverConfig = m_servers.at(serverIndex).toObject();
@@ -822,3 +903,18 @@ bool ServersModel::processedServerIsPremium() const
 {
     return apiUtils::isPremiumServer(getServerConfig(m_processedServerIndex));
 }
+
+bool ServersModel::isAdVisible()
+{
+    return data(m_defaultServerIndex, IsAdVisibleRole).toBool();
+}
+
+QString ServersModel::adHeader()
+{
+    return data(m_defaultServerIndex, AdHeaderRole).toString();
+}
+
+QString ServersModel::adDescription()
+{
+    return data(m_defaultServerIndex, AdDescriptionRole).toString();
+}

client/ui/models/servers_model.h

@@ -10,6 +10,16 @@ class ServersModel : public QAbstractListModel
 {
     Q_OBJECT
 public:
+    struct GatewayStacks
+    {
+        QSet<QString> userCountryCodes;
+        QSet<QString> serviceTypes;
+
+        bool isEmpty() const { return userCountryCodes.isEmpty() && serviceTypes.isEmpty(); }
+        bool operator==(const GatewayStacks &other) const;
+        QJsonObject toJson() const;
+    };
+
     enum Roles {
         NameRole = Qt::UserRole + 1,
         ServerDescriptionRole,
@@ -37,6 +47,10 @@ public:
         IsCountrySelectionAvailableRole,
         ApiAvailableCountriesRole,
         ApiServerCountryCodeRole,
+        IsAdVisibleRole,
+        AdHeaderRole,
+        AdDescriptionRole,
+        AdEndpointRole,
 
         HasAmneziaDns
     };
@@ -52,6 +66,8 @@ public:
 
     void resetModel();
 
+    GatewayStacks gatewayStacks() const { return m_gatewayStacks; }
+
     Q_PROPERTY(int defaultIndex READ getDefaultServerIndex WRITE setDefaultServerIndex NOTIFY defaultServerIndexChanged)
     Q_PROPERTY(QString defaultServerName READ getDefaultServerName NOTIFY defaultServerNameChanged)
     Q_PROPERTY(QString defaultServerDefaultContainerName READ getDefaultServerDefaultContainerName NOTIFY defaultServerDefaultContainerChanged)
@@ -62,9 +78,15 @@ public:
                        defaultServerDefaultContainerChanged)
     Q_PROPERTY(bool isDefaultServerFromApi READ isDefaultServerFromApi NOTIFY defaultServerIndexChanged)
 
+    Q_PROPERTY(bool hasServersFromGatewayApi READ hasServersFromGatewayApi NOTIFY hasServersFromGatewayApiChanged)
+
     Q_PROPERTY(int processedIndex READ getProcessedServerIndex WRITE setProcessedServerIndex NOTIFY processedServerIndexChanged)
     Q_PROPERTY(bool processedServerIsPremium READ processedServerIsPremium NOTIFY processedServerChanged)
 
+    Q_PROPERTY(bool isAdVisible READ isAdVisible NOTIFY defaultServerIndexChanged)
+    Q_PROPERTY(QString adHeader READ adHeader NOTIFY defaultServerIndexChanged)
+    Q_PROPERTY(QString adDescription READ adDescription NOTIFY defaultServerIndexChanged)
+
     bool processedServerIsPremium() const;
 
 public slots:
@@ -82,6 +104,8 @@ public slots:
     bool isDefaultServerHasWriteAccess();
     bool hasServerWithWriteAccess();
 
+    bool hasServersFromGatewayApi();
+
     const int getServersCount();
 
     void setProcessedServerIndex(const int index);
@@ -128,6 +152,10 @@ public slots:
     bool isApiKeyExpired(const int serverIndex);
     void removeApiConfig(const int serverIndex);
 
+    bool isAdVisible();
+    QString adHeader();
+    QString adDescription();
+    
 protected:
     QHash<int, QByteArray> roleNames() const override;
 
@@ -147,6 +175,9 @@ signals:
     void updateApiCountryModel();
     void updateApiServicesModel();
 
+    void hasServersFromGatewayApiChanged();
+    void gatewayStacksExpanded();
+
 private:
     ServerCredentials serverCredentials(int index) const;
 
@@ -167,6 +198,9 @@ private:
     int m_processedServerIndex;
 
     bool m_isAmneziaDnsEnabled = m_settings->useAmneziaDns();
+
+    GatewayStacks m_gatewayStacks;
+    void recomputeGatewayStacks();
 };
 
 #endif // SERVERSMODEL_H

client/ui/qml/Components/AdLabel.qml

@@ -2,7 +2,6 @@ import QtQuick
 import QtQuick.Controls
 import QtQuick.Layouts
 import QtQuick.Shapes
-import Qt5Compat.GraphicalEffects
 
 import Style 1.0
 
@@ -13,61 +12,139 @@ import "../Controls2/TextTypes"
 Rectangle {
     id: root
 
-    property real contentHeight: ad.implicitHeight + ad.anchors.topMargin + ad.anchors.bottomMargin
+    property real contentHeight: content.implicitHeight + content.anchors.topMargin + content.anchors.bottomMargin
+    property bool isFocusable: true
 
+    gradient: Gradient {
+        orientation: Gradient.Horizontal
+        GradientStop { position: 0.0; color: AmneziaStyle.color.translucentSlateGray }
+        GradientStop { position: 1.0; color: AmneziaStyle.color.translucentOnyxBlack }
+    }
     border.width: 1
-    border.color: AmneziaStyle.color.goldenApricot
+    border.color: AmneziaStyle.color.onyxBlack
-    color: AmneziaStyle.color.transparent
     radius: 13
 
-    visible: false
+    visible: ServersModel.isAdVisible
-    // visible: GC.isDesktop() && ServersModel.isDefaultServerFromApi
-    //          && ServersModel.isDefaultServerDefaultContainerHasSplitTunneling && SettingsController.isHomeAdLabelVisible
 
-    MouseArea {
+    Keys.onTabPressed: {
-        anchors.fill: parent
+        FocusController.nextKeyTabItem()
-        cursorShape: Qt.PointingHandCursor
-
-        onClicked: function() {
-            Qt.openUrlExternally(LanguageModel.getCurrentSiteUrl("premium"))
     }
+
+    Keys.onBacktabPressed: {
+        FocusController.previousKeyTabItem()
+    }
+
+    Keys.onUpPressed: {
+        FocusController.nextKeyUpItem()
+    }
+
+    Keys.onDownPressed: {
+        FocusController.nextKeyDownItem()
+    }
+
+    Keys.onLeftPressed: {
+        FocusController.nextKeyLeftItem()
+    }
+
+    Keys.onRightPressed: {
+        FocusController.nextKeyRightItem()
+    }
+
+    Keys.onEnterPressed: {
+        Qt.openUrlExternally(ServersModel.getDefaultServerData("adEndpoint"))
+    }
+
+    Keys.onReturnPressed: {
+        Qt.openUrlExternally(ServersModel.getDefaultServerData("adEndpoint"))
     }
 
     RowLayout {
-        id: ad
+        id: content
         anchors.fill: parent
-        anchors.margins: 16
+        anchors.leftMargin: 16
+        anchors.rightMargin: 12
+        anchors.topMargin: 12
+        anchors.bottomMargin: 12
+        spacing: 20
 
-        Image {
+        ColumnLayout {
-            source: "qrc:/images/controls/amnezia.svg"
+            Layout.fillWidth: true
-            sourceSize: Qt.size(36, 36)
+            spacing: 4
 
-            layer {
+            CaptionTextType {
-                effect: ColorOverlay {
+                Layout.fillWidth: true
+                text: ServersModel.adHeader
                 color: AmneziaStyle.color.paleGray
-                }
+                font.pixelSize: 14
-            }
+                font.weight: 700
+
+                textFormat: Text.RichText
             }
 
             CaptionTextType {
                 Layout.fillWidth: true
-            Layout.rightMargin: 10
+                text: ServersModel.adDescription
-            Layout.leftMargin: 10
+                color: AmneziaStyle.color.mutedGray
-
+                wrapMode: Text.WordWrap
-            text: qsTr("Amnezia Premium - for access to all websites and online resources")
-            color: AmneziaStyle.color.pearlGray
-
                 lineHeight: 18
-            font.pixelSize: 15
+                lineHeightMode: Text.FixedHeight
+                font.pixelSize: 14
+
+                visible: text !== ""
+            }
         }
 
-        ImageButtonType {
+        Item {
-            image: "qrc:/images/controls/close.svg"
+            implicitWidth: 40
-            imageColor: AmneziaStyle.color.paleGray
+            implicitHeight: 40
+            Layout.alignment: Qt.AlignVCenter
+
+            Rectangle {
+                id: chevronBackground
+                anchors.fill: parent
+                radius: 12
+                color: AmneziaStyle.color.transparent
+                border.width: root.activeFocus ? 1 : 0
+                border.color: AmneziaStyle.color.paleGray
+
+                Behavior on color {
+                    PropertyAnimation { duration: 200 }
+                }
+
+                Behavior on border.width {
+                    PropertyAnimation { duration: 200 }
+                }
+            }
+
+            Image {
+                anchors.centerIn: parent
+                source: "qrc:/images/controls/chevron-right.svg"
+                sourceSize: Qt.size(24, 24)
+            }
+        }
+    }
+
+    MouseArea {
+        id: mouseArea
+        anchors.fill: parent
+        cursorShape: Qt.PointingHandCursor
+        hoverEnabled: true
+
+        onEntered: {
+            chevronBackground.color = AmneziaStyle.color.slateGray
+        }
+
+        onExited: {
+            chevronBackground.color = AmneziaStyle.color.transparent
+        }
+
+        onPressedChanged: {
+            chevronBackground.color = pressed ? AmneziaStyle.color.charcoalGray : containsMouse ? AmneziaStyle.color.slateGray : AmneziaStyle.color.transparent
+        }
 
         onClicked: function() {
-                SettingsController.disableHomeAdLabel()
+            root.forceActiveFocus()
-            }
+            Qt.openUrlExternally(ServersModel.getDefaultServerData("adEndpoint"))
         }
     }
 }

client/ui/qml/Components/QuestionDrawer.qml

@@ -32,7 +32,7 @@ DrawerType2 {
         spacing: 8
 
         onImplicitHeightChanged: {
-            root.expandedHeight = content.implicitHeight + 32
+            root.expandedHeight = content.implicitHeight + 32 + SettingsController.safeAreaBottomMargin
         }
 
         Header2TextType {

client/ui/qml/Components/SmartScroll.qml

@@ -0,0 +1,55 @@
+import QtQuick
+import QtQuick.Controls
+
+QtObject {
+    id: root
+    
+    property var listView: null
+    property var scrollToItemTarget: null
+    
+    property Connections imeConnection: Connections {
+        target: SettingsController
+        function onImeHeightChanged() {
+            if (root.scrollToItemTarget && SettingsController.imeHeight > 0) {
+                scrollTimer.restart()
+            }
+        }
+    }
+    
+    property Timer scrollTimer: Timer {
+        interval: 100
+        repeat: false
+        onTriggered: {
+            if (root.scrollToItemTarget && root.listView) {
+                if (SettingsController.imeHeight > 0) {
+                    var item = root.scrollToItemTarget
+                    var itemY = item.mapToItem(root.listView.contentItem, 0, 0).y
+                    var itemHeight = item.height
+                    var keyboardHeight = SettingsController.imeHeight + SettingsController.safeAreaBottomMargin
+                    var visibleHeight = root.listView.height - keyboardHeight
+                    
+                    var desiredTopOffset = visibleHeight * 0.25
+                    var targetContentY = itemY - desiredTopOffset
+                    
+                    if (targetContentY < 0) {
+                        targetContentY = 0
+                    }
+                    
+                    var maxContentY = root.listView.contentHeight - root.listView.height
+                    if (targetContentY > maxContentY) {
+                        targetContentY = maxContentY
+                    }
+                    
+                    root.listView.contentY = targetContentY
+                    root.scrollToItemTarget = null
+                }
+            }
+        }
+    }
+    
+    function scrollToItem(item) {
+        scrollToItemTarget = item
+        scrollTimer.restart()
+    }
+}
+

client/ui/qml/Controls2/DrawerType2.qml

@@ -49,6 +49,22 @@ Item {
         return drawerContent.state === stateName
     }
 
+    Connections {
+        target: Qt.application
+
+        function onStateChanged() {
+            if (Qt.application.state !== Qt.ApplicationActive) {
+                if (dragArea.drag.active) {
+                    dragArea.drag.target = null
+                    dragArea.drag.target = drawerContent
+                }
+                if (isOpened && !isCollapsedStateActive()) {
+                    root.closeTriggered()
+                }
+            }
+        }
+    }
+
     Connections {
         target: PageController
 

client/ui/qml/Controls2/DropDownType.qml

@@ -74,6 +74,18 @@ Item {
         FocusController.nextKeyRightItem()
     }
 
+    Connections {
+        target: Qt.application
+
+        function onStateChanged() {
+            if (Qt.application.state !== Qt.ApplicationActive) {
+                if (!menu.isClosed) {
+                    menu.closeTriggered()
+                }
+            }
+        }
+    }
+
     implicitWidth: rootButtonContent.implicitWidth
     implicitHeight: rootButtonContent.implicitHeight