Fix build error

Fix errors
Refactoring build
2026-06-21 02:01:03 +07:00 · 2023-11-15 15:48:40 +03:00 · 2023-11-14 23:19:46 +03:00 · 2023-11-14 23:18:59 +03:00 · 2023-11-14 23:13:14 +03:00 · 2023-11-14 09:54:54 -08:00
67 changed files with 2192 additions and 1155 deletions
@@ -3,3 +3,4 @@ deploy/data/windows/x64/tap/windows_10/OemVista.inf eol=crlf
 deploy/data/windows/x32/tap/windows_7/OemVista.inf eol=crlf
 deploy/data/windows/x32/tap/windows_10/OemVista.inf eol=crlf
 client/3rd/* linguist-vendored
+client/android/gradlew.bat eol=crlf
@@ -1,6 +1,12 @@
 name: 'Deploy workflow'

-on: [push]
+on:
+  push:
+    branches:
+      - '**'
+
+env:
+  QT_MIRROR: https://mirrors.ocf.berkeley.edu/qt/ # https://download.qt.io/static/mirrorlist/

 jobs:
  Build-Linux-Ubuntu:
@@ -24,7 +30,7 @@ jobs:
        setup-python: 'true'
        tools: 'tools_ifw'
        set-env: 'true'
-        extra: '--external 7z'
+        extra: '--external 7z --base ${{ env.QT_MIRROR }}'

    - name: 'Get sources'
      uses: actions/checkout@v3
@@ -88,7 +94,7 @@ jobs:
        setup-python: 'true'
        tools: 'tools_ifw'
        set-env: 'true'
-        extra: '--external 7z'
+        extra: '--external 7z --base ${{ env.QT_MIRROR }}'

    - name: 'Setup mvsc'
      uses: ilammy/msvc-dev-cmd@v1
@@ -118,15 +124,14 @@ jobs:

 # ------------------------------------------------------

-  Build-IOS:
-    name: 'Build-IOS'
+  Build-iOS:
+    name: 'Build-iOS'
    runs-on: macos-12

    env:
      QT_VERSION: 6.5.2

    steps:
-    # Just select XCode
    - name: 'Setup xcode'
      uses: maxim-lobanov/setup-xcode@v1
      with:
@@ -142,6 +147,7 @@ jobs:
        arch: 'clang_64'
        dir: ${{ runner.temp }}
        set-env: 'true'
+        extra: '--base ${{ env.QT_MIRROR }}'

    - name: 'Install iOS Qt'
      uses: jurplel/install-qt-action@v3
@@ -153,7 +159,7 @@ jobs:
        dir: ${{ runner.temp }}
        setup-python: 'true'
        set-env: 'true'
-        extra: '--external 7z'
+        extra: '--external 7z --base ${{ env.QT_MIRROR }}'

    - name: 'Install go'
      uses: actions/setup-go@v3
@@ -173,7 +179,7 @@ jobs:
    - name: 'Setup ccache'
      uses: hendrikmuhs/ccache-action@v1.2

-    - name: Install dependencies
+    - name: 'Install dependencies'
      run: pip install jsonschema jinja2

    - name: 'Build project'
@@ -231,7 +237,7 @@ jobs:
        setup-python: 'true'
        tools: 'tools_ifw'
        set-env: 'true'
-        extra: '--external 7z'
+        extra: '--external 7z --base ${{ env.QT_MIRROR }}'

    - name: 'Get sources'
      uses: actions/checkout@v3
@@ -248,21 +254,12 @@ jobs:
        export QIF_BIN_DIR="${{ runner.temp }}/Qt/Tools/QtInstallerFramework/${{ env.QIF_VERSION }}/bin"
        bash deploy/build_macos.sh

-    - name: 'Upload upacked build to update server'
-#      if: github.ref_name == 'dev'
-      env:
-        MACOS_UNPACKED_BUILD_PATH: deploy/build/installer/amneziavpn-macos-repository
-        AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
-        AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_SECRET_ACCESS_KEY }}
-      run: aws s3 sync --endpoint-url https://${{ vars.CF_ACCOUNT_ID }}.r2.cloudflarestorage.com ${{ env.MACOS_UNPACKED_BUILD_PATH }} s3://updates/beta/macos --delete
-
    - name: 'Upload installer artifact'
      uses: actions/upload-artifact@v3
      with:
        name: AmneziaVPN_MacOS_installer
        path: AmneziaVPN.dmg
        retention-days: 7
-
    - name: 'Upload unpacked artifact'
      uses: actions/upload-artifact@v3
      with:
@@ -276,21 +273,10 @@ jobs:
    name: 'Build-Android'
    runs-on: ubuntu-latest

-    strategy:
-      matrix:
-        include:
-        - abi: 'x86_64'
-          qt_arch: 'android_x86_64'
-        - abi: 'x86'
-          qt_arch: 'android_x86'
-        - abi: 'armeabi-v7a'
-          qt_arch: 'android_armv7'
-        - abi: 'arm64-v8a'
-          qt_arch: 'android_arm64_v8a'
-
    env:
-      QT_VERSION: 6.5.2
-      ANDROID_BUILD_PLATFORM: android-33
+      ANDROID_BUILD_PLATFORM: android-34
+      QT_VERSION: 6.5.3
+      QT_MODULES: 'qtremoteobjects qt5compat qtimageformats qtshadertools'

    steps:
    - name: 'Install desktop Qt'
@@ -300,29 +286,58 @@ jobs:
        host: 'linux'
        target: 'desktop'
        arch: 'gcc_64'
-        modules: 'qtremoteobjects qt5compat qtimageformats qtshadertools'
+        modules: ${{ env.QT_MODULES }}
        dir: ${{ runner.temp }}
-        setup-python: 'true'
-        set-env: 'true'
-        extra: '--external 7z'
+        extra: '--external 7z --base ${{ env.QT_MIRROR }}'

-    - name: 'Install android Qt'
+    - name: 'Install android_x86_64 Qt'
      uses: jurplel/install-qt-action@v3
      with:
        version: ${{ env.QT_VERSION }}
        host: 'linux'
        target: 'android'
-        arch: ${{ matrix.qt_arch }}
-        modules: 'qtremoteobjects qt5compat qtimageformats qtshadertools'
+        arch: 'android_x86_64'
+        modules: ${{ env.QT_MODULES }}
        dir: ${{ runner.temp }}
-        setup-python: 'true'
-        set-env: 'true'
-        extra: '--external 7z'
+        extra: '--external 7z --base ${{ env.QT_MIRROR }}'
+
+    - name: 'Install android_x86 Qt'
+      uses: jurplel/install-qt-action@v3
+      with:
+        version: ${{ env.QT_VERSION }}
+        host: 'linux'
+        target: 'android'
+        arch: 'android_x86'
+        modules: ${{ env.QT_MODULES }}
+        dir: ${{ runner.temp }}
+        extra: '--external 7z --base ${{ env.QT_MIRROR }}'
+
+    - name: 'Install android_armv7 Qt'
+      uses: jurplel/install-qt-action@v3
+      with:
+        version: ${{ env.QT_VERSION }}
+        host: 'linux'
+        target: 'android'
+        arch: 'android_armv7'
+        modules: ${{ env.QT_MODULES }}
+        dir: ${{ runner.temp }}
+        extra: '--external 7z --base ${{ env.QT_MIRROR }}'
+
+    - name: 'Install android_arm64_v8a Qt'
+      uses: jurplel/install-qt-action@v3
+      with:
+        version: ${{ env.QT_VERSION }}
+        host: 'linux'
+        target: 'android'
+        arch: 'android_arm64_v8a'
+        modules: ${{ env.QT_MODULES }}
+        dir: ${{ runner.temp }}
+        extra: '--external 7z --base ${{ env.QT_MIRROR }}'

    - name: 'Grant execute permission for qt-cmake'
      shell: bash
      run: |
-        chmod +x ${{ runner.temp }}/Qt/${{ env.QT_VERSION }}/${{ matrix.qt_arch }}/bin/qt-cmake
+        chmod +x ${{ runner.temp }}/Qt/${{ env.QT_VERSION }}/android_x86_64/bin/qt-cmake

    - name: 'Get sources'
      uses: actions/checkout@v3
@@ -336,15 +351,14 @@ jobs:
      uses: actions/setup-java@v3
      with:
        distribution: 'temurin'
-        java-version: '11'
+        java-version: '17'
        cache: 'gradle'

    - name: 'Setup Android NDK'
      id: setup-ndk
      uses: nttld/setup-ndk@v1
      with:
-        ndk-version: 'r25c'
-        local-cache: 'true'
+        ndk-version: 'r26b'

    - name: 'Decode keystore secret to file'
      env:
@@ -357,16 +371,36 @@ jobs:
      env:
        ANDROID_NDK_ROOT: ${{ steps.setup-ndk.outputs.ndk-path }}
        QT_HOST_PATH: ${{ runner.temp }}/Qt/${{ env.QT_VERSION }}/gcc_64
-        QT_ANDROID_KEYSTORE_PATH: ${{ github.workspace }}/android.keystore
-        QT_ANDROID_KEYSTORE_ALIAS: ${{ secrets.ANDROID_RELEASE_KEYSTORE_KEY_ALIAS }}
-        QT_ANDROID_KEYSTORE_STORE_PASS: ${{ secrets.ANDROID_RELEASE_KEYSTORE_KEY_PASS }}
-        QT_ANDROID_KEYSTORE_KEY_PASS: ${{ secrets.ANDROID_RELEASE_KEYSTORE_KEY_PASS }}
+        ANDROID_KEYSTORE_PATH: ${{ github.workspace }}/android.keystore
+        ANDROID_KEYSTORE_KEY_ALIAS: ${{ secrets.ANDROID_RELEASE_KEYSTORE_KEY_ALIAS }}
+        ANDROID_KEYSTORE_KEY_PASS: ${{ secrets.ANDROID_RELEASE_KEYSTORE_KEY_PASS }}
      shell: bash
-      run: ./deploy/build_android.sh --apk ${{ matrix.abi }} --platform ${{ env.ANDROID_BUILD_PLATFORM }}
+      run: ./deploy/build_android.sh --apk all --build-platform ${{ env.ANDROID_BUILD_PLATFORM }}

-    - name: 'Upload apk'
+    - name: 'Upload x86_64 apk'
      uses: actions/upload-artifact@v3
      with:
-        name: AmneziaVPN-android-${{ matrix.abi }}
-        path: deploy/build/AmneziaVPN-${{ matrix.abi }}-release-signed.apk
+        name: AmneziaVPN-android-x86_64
+        path: deploy/build/AmneziaVPN-x86_64-release.apk
+        retention-days: 7
+
+    - name: 'Upload x86 apk'
+      uses: actions/upload-artifact@v3
+      with:
+        name: AmneziaVPN-android-x86
+        path: deploy/build/AmneziaVPN-x86-release.apk
+        retention-days: 7
+
+    - name: 'Upload arm64-v8a apk'
+      uses: actions/upload-artifact@v3
+      with:
+        name: AmneziaVPN-android-arm64-v8a
+        path: deploy/build/AmneziaVPN-arm64-v8a-release.apk
+        retention-days: 7
+
+    - name: 'Upload armeabi-v7a apk'
+      uses: actions/upload-artifact@v3
+      with:
+        name: AmneziaVPN-android-armeabi-v7a
+        path: deploy/build/AmneziaVPN-armeabi-v7a-release.apk
        retention-days: 7
@@ -0,0 +1,64 @@
+name: 'Upload a new version'
+
+on:
+  push:
+    tags:
+    - '[0-9]+.[0-9]+.[0-9]+.[0-9]+'
+
+jobs:
+  upload:
+    runs-on: ubuntu-latest
+    name: upload
+    steps:
+      - name: Checkout CMakeLists.txt
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.ref_name }}
+          sparse-checkout: |
+            CMakeLists.txt
+          sparse-checkout-cone-mode: false
+
+      - name: Verify git tag
+        run: |
+          GIT_TAG=${{ github.ref_name }}
+          CMAKE_TAG=$(grep 'project.*VERSION' CMakeLists.txt | sed -E 's/.* ([0-9]+.[0-9]+.[0-9]+.[0-9]+)$/\1/')
+
+          if [[ "$GIT_TAG" == "$CMAKE_TAG" ]]; then
+            echo "Git tag ($GIT_TAG) and version in CMakeLists.txt ($CMAKE_TAG) are the same. Continuing..."
+          else
+            echo "Git tag ($GIT_TAG) and version in CMakeLists.txt ($CMAKE_TAG) are not the same! Cancelling..."
+            exit 1
+          fi
+
+      - name: Download artifacts from the "${{ github.ref_name }}" tag
+        uses: robinraju/release-downloader@v1.8
+        with:
+          tag: ${{ github.ref_name }}
+          fileName: "AmneziaVPN_(Linux_|)${{ github.ref_name }}*"
+          out-file-path: ${{ github.ref_name }}
+
+      - name: Upload beta version
+        uses: jakejarvis/s3-sync-action@master
+        if: contains(github.event.base_ref, 'dev')
+        with:
+          args: --include "AmneziaVPN*" --delete
+        env:
+          AWS_S3_BUCKET: updates
+          AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_SECRET_ACCESS_KEY }}
+          AWS_S3_ENDPOINT: https://${{ vars.CF_ACCOUNT_ID }}.r2.cloudflarestorage.com
+          SOURCE_DIR: ${{ github.ref_name }}
+          DEST_DIR: beta/${{ github.ref_name }}
+
+      - name: Upload stable version
+        uses: jakejarvis/s3-sync-action@master
+        if: contains(github.event.base_ref, 'master')
+        with:
+          args: --include "AmneziaVPN*" --delete
+        env:
+          AWS_S3_BUCKET: updates
+          AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_SECRET_ACCESS_KEY }}
+          AWS_S3_ENDPOINT: https://${{ vars.CF_ACCOUNT_ID }}.r2.cloudflarestorage.com
+          SOURCE_DIR: ${{ github.ref_name }}
+          DEST_DIR: stable/${{ github.ref_name }}
@@ -9,7 +9,7 @@ deploy/build_32/*
 deploy/build_64/*
 winbuild*.bat
 .cache/
-.vscode/
+

 # Qt-es
 /.qmake.cache
@@ -2,7 +2,7 @@ cmake_minimum_required(VERSION 3.25.0 FATAL_ERROR)

 set(PROJECT AmneziaVPN)

-project(${PROJECT} VERSION 4.0.8.6
+project(${PROJECT} VERSION 4.1.0.1
        DESCRIPTION "AmneziaVPN"
        HOMEPAGE_URL "https://amnezia.org/"
 )
@@ -11,6 +11,7 @@ string(TIMESTAMP CURRENT_DATE "%Y-%m-%d")
 set(RELEASE_DATE "${CURRENT_DATE}")

 set(APP_MAJOR_VERSION ${CMAKE_PROJECT_VERSION_MAJOR}.${CMAKE_PROJECT_VERSION_MINOR}.${CMAKE_PROJECT_VERSION_PATCH})
+set(APP_ANDROID_VERSION_CODE 39)

 if(${CMAKE_SYSTEM_NAME} STREQUAL "Linux")
    set(MZ_PLATFORM_NAME "linux")
@@ -288,6 +288,8 @@ void AmneziaApplication::initModels()
            &ContainersModel::setCurrentlyProcessedServerIndex);
    connect(m_serversModel.get(), &ServersModel::defaultServerIndexChanged, m_containersModel.get(),
            &ContainersModel::setCurrentlyProcessedServerIndex);
+    connect(m_containersModel.get(), &ContainersModel::containersModelUpdated, m_serversModel.get(),
+            &ServersModel::updateContainersConfig);

    m_languageModel.reset(new LanguageModel(m_settings, this));
    m_engine->rootContext()->setContextProperty("LanguageModel", m_languageModel.get());
@@ -296,17 +298,7 @@ void AmneziaApplication::initModels()

    m_sitesModel.reset(new SitesModel(m_settings, this));
    m_engine->rootContext()->setContextProperty("SitesModel", m_sitesModel.get());
-    connect(m_containersModel.get(), &ContainersModel::defaultContainerChanged, this, [this]() {
-        if ((m_containersModel->getDefaultContainer() == DockerContainer::WireGuard
-             || m_containersModel->getDefaultContainer() == DockerContainer::Awg)
-            && m_sitesModel->isSplitTunnelingEnabled()) {
-            m_sitesModel->toggleSplitTunneling(false);
-            emit m_pageController->showNotificationMessage(
-                    tr("Split tunneling for %1 is not implemented, the option was disabled")
-                            .arg(ContainerProps::containerHumanNames().value(m_containersModel->getDefaultContainer())));
-        }
-    });
-
+    
    m_protocolsModel.reset(new ProtocolsModel(m_settings, this));
    m_engine->rootContext()->setContextProperty("ProtocolsModel", m_protocolsModel.get());

@@ -1,60 +1,52 @@
 <?xml version="1.0"?>
-<manifest
+<!-- Leave package attribute for androiddeployqt -->
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
    package="org.amnezia.vpn"
-    xmlns:android="http://schemas.android.com/apk/res/android"
    android:versionName="-- %%INSERT_VERSION_NAME%% --"
    android:versionCode="-- %%INSERT_VERSION_CODE%% --"
    android:installLocation="auto">

-   <uses-permission android:name="android.permission.INTERNET"/>
-   <uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE"/>
-   <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>
-   <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE"/>
-   <uses-permission android:name="android.permission.FOREGROUND_SERVICE"/>
-   <uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED"/>
-   <uses-permission android:name="android.permission.FOREGROUND_SERVICE_CONNECTED_DEVICE" /> 
+    <uses-feature android:name="android.hardware.camera" android:required="false" />
+    <uses-feature android:name="android.hardware.camera.any" android:required="false" />
+    <uses-feature android:name="android.hardware.camera.autofocus" android:required="false" />

-   <!-- Enable when VPN-per-app mode will be implemented -->
-   <!-- <uses-permission android:name="android.permission.QUERY_ALL_PACKAGES"/> -->
-   <uses-permission android:name="android.permission.CAMERA"/>
-
-    <!-- The following comment will be replaced upon deployment with default features based on the dependencies of the application.
-         Remove the comment if you do not require these default features. -->
+    <!-- The following comment will be replaced upon deployment with default features based on the dependencies
+    of the application. Remove the comment if you do not require these default features. -->
    <!-- %%INSERT_FEATURES -->

-    <supports-screens
-        android:largeScreens="true"
-        android:normalScreens="true"
-        android:anyDensity="true"
-        android:smallScreens="true"/>
+    <uses-permission android:name="android.permission.INTERNET" />
+    <uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />
+    <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
+    <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
+    <uses-permission android:name="android.permission.CAMERA" />
+    <uses-permission android:name="android.permission.FOREGROUND_SERVICE" />
+    <uses-permission android:name="android.permission.FOREGROUND_SERVICE_SPECIAL_USE" />
+    <uses-permission android:name="android.permission.POST_NOTIFICATIONS" />
+    <uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" />
+
+    <!-- Enable when VPN-per-app mode will be implemented -->
+    <!-- <uses-permission android:name="android.permission.QUERY_ALL_PACKAGES"/> -->

    <application
        android:name=".qt.AmneziaApp"
-        android:hardwareAccelerated="true"
        android:label="-- %%INSERT_APP_NAME%% --"
-        android:extractNativeLibs="true"
-        android:requestLegacyExternalStorage="true"
        android:allowNativeHeapPointerTagging="false"
-        android:theme="@style/Theme.AppCompat.NoActionBar"
        android:icon="@drawable/icon"
-        android:roundIcon="@drawable/icon_round">
-        
+        android:roundIcon="@drawable/icon_round"
+        android:theme="@style/Theme.AppCompat.NoActionBar">
+
        <activity
-            android:configChanges="orientation|uiMode|screenLayout|screenSize|smallestScreenSize|layoutDirection|locale|fontScale|keyboard|keyboardHidden|navigation|mcc|mnc|density"
            android:name=".qt.VPNActivity"
-            android:label="-- %%INSERT_APP_NAME%% --"
-            android:screenOrientation="unspecified"
+            android:configChanges="uiMode|screenSize|smallestScreenSize|screenLayout|orientation|density
+                |fontScale|layoutDirection|locale|keyboard|keyboardHidden|navigation|mcc|mnc"
            android:launchMode="singleInstance"
-            android:windowSoftInputMode="adjustResize"
            android:exported="true">
-    
-<!--            android:theme="@style/splashScreenTheme"-->
-            
+
            <intent-filter>
-                <action android:name="android.intent.action.MAIN"/>
-                <category android:name="android.intent.category.LAUNCHER"/>
+                <action android:name="android.intent.action.MAIN" />
+                <category android:name="android.intent.category.LAUNCHER" />
            </intent-filter>
-    
+
            <intent-filter>
                <action android:name="org.amnezia.vpn.qt.IMPORT_CONFIG" />
                <category android:name="android.intent.category.DEFAULT" />
@@ -62,73 +54,70 @@

            <meta-data
                android:name="android.app.lib_name"
-                android:value="-- %%INSERT_APP_LIB_NAME%% --"/>
-            
+                android:value="-- %%INSERT_APP_LIB_NAME%% --" />
+
            <meta-data
                android:name="android.app.extract_android_style"
                android:value="minimal" />
-            
-            <meta-data
-                android:name="android.app.background_running"
-                android:value="false"/>
-            
-            <meta-data
-                android:name="android.app.arguments"
-                android:value="-- %%INSERT_APP_ARGUMENTS%% --" />
-
        </activity>
-    
+
        <activity
            android:name=".qt.CameraActivity"
            android:exported="false" />
-    
+
        <activity
            android:name=".qt.ImportConfigActivity"
-            android:exported="true" >
-    
+            android:exported="true">
+
            <intent-filter android:label="AmneziaVPN">
-                <action android:name="android.intent.action.SEND"/>
-                <action android:name="android.intent.action.VIEW"/>
-                <category android:name="android.intent.category.DEFAULT"/>
-                <data android:scheme="file"/>
-                <data android:scheme="content"/>
-                <data android:mimeType="*/*"/>
-                <data android:host="*"/>
-                <data android:pathPattern=".*\\.vpn"/>
-                <data android:pathPattern=".*\\..*\\.vpn"/>
-                <data android:pathPattern=".*\\..*\\..*\\.vpn"/>
-                <data android:pathPattern=".*\\..*\\..*\\..*\\.vpn"/>
-                <data android:pathPattern=".*\\..*\\..*\\..*\\..*\\.vpn"/>
+                <action android:name="android.intent.action.SEND" />
+                <action android:name="android.intent.action.VIEW" />
+
+                <category android:name="android.intent.category.DEFAULT" />
+
+                <data android:scheme="file" />
+                <data android:scheme="content" />
+                <data android:mimeType="*/*" />
+                <data android:host="*" />
+                <data android:pathPattern=".*\\.vpn" />
+                <data android:pathPattern=".*\\..*\\.vpn" />
+                <data android:pathPattern=".*\\..*\\..*\\.vpn" />
+                <data android:pathPattern=".*\\..*\\..*\\..*\\.vpn" />
+                <data android:pathPattern=".*\\..*\\..*\\..*\\..*\\.vpn" />
            </intent-filter>
-        
+
            <intent-filter android:label="AmneziaVPN">
-                <action android:name="android.intent.action.SEND"/>
-                <action android:name="android.intent.action.VIEW"/>
-                <category android:name="android.intent.category.DEFAULT"/>
-                <data android:scheme="file"/>
-                <data android:scheme="content"/>
-                <data android:mimeType="*/*"/>
-                <data android:host="*"/>
-                <data android:pathPattern=".*\\.cfg"/>
-                <data android:pathPattern=".*\\..*\\.cfg"/>
-                <data android:pathPattern=".*\\..*\\..*\\.cfg"/>
-                <data android:pathPattern=".*\\..*\\..*\\..*\\.cfg"/>
-                <data android:pathPattern=".*\\..*\\..*\\..*\\..*\\.cfg"/>
+                <action android:name="android.intent.action.SEND" />
+                <action android:name="android.intent.action.VIEW" />
+
+                <category android:name="android.intent.category.DEFAULT" />
+
+                <data android:scheme="file" />
+                <data android:scheme="content" />
+                <data android:mimeType="*/*" />
+                <data android:host="*" />
+                <data android:pathPattern=".*\\.cfg" />
+                <data android:pathPattern=".*\\..*\\.cfg" />
+                <data android:pathPattern=".*\\..*\\..*\\.cfg" />
+                <data android:pathPattern=".*\\..*\\..*\\..*\\.cfg" />
+                <data android:pathPattern=".*\\..*\\..*\\..*\\..*\\.cfg" />
            </intent-filter>
-        
+
            <intent-filter android:label="AmneziaVPN">
-                <action android:name="android.intent.action.SEND"/>
-                <action android:name="android.intent.action.VIEW"/>
-                <category android:name="android.intent.category.DEFAULT"/>
-                <data android:scheme="file"/>
-                <data android:scheme="content"/>
-                <data android:mimeType="*/*"/>
-                <data android:host="*"/>
-                <data android:pathPattern=".*\\.conf"/>
-                <data android:pathPattern=".*\\..*\\.conf"/>
-                <data android:pathPattern=".*\\..*\\..*\\.conf"/>
-                <data android:pathPattern=".*\\..*\\..*\\..*\\.conf"/>
-                <data android:pathPattern=".*\\..*\\..*\\..*\\..*\\.conf"/>
+                <action android:name="android.intent.action.SEND" />
+                <action android:name="android.intent.action.VIEW" />
+
+                <category android:name="android.intent.category.DEFAULT" />
+
+                <data android:scheme="file" />
+                <data android:scheme="content" />
+                <data android:mimeType="*/*" />
+                <data android:host="*" />
+                <data android:pathPattern=".*\\.conf" />
+                <data android:pathPattern=".*\\..*\\.conf" />
+                <data android:pathPattern=".*\\..*\\..*\\.conf" />
+                <data android:pathPattern=".*\\..*\\..*\\..*\\.conf" />
+                <data android:pathPattern=".*\\..*\\..*\\..*\\..*\\.conf" />
            </intent-filter>
        </activity>

@@ -136,30 +125,32 @@
            android:name=".VPNService"
            android:process=":QtOnlyProcess"
            android:permission="android.permission.BIND_VPN_SERVICE"
-            android:foregroundServiceType="connectedDevice"
+            android:foregroundServiceType="specialUse"
            android:exported="true">
-                <meta-data android:name="android.app.lib_name" android:value="-- %%INSERT_APP_LIB_NAME%% --"/>
-    
-                <intent-filter>
-                    <action android:name="android.net.VpnService"/>
-                </intent-filter>
+
+            <intent-filter>
+                <action android:name="android.net.VpnService" />
+            </intent-filter>
+
+            <property android:name="android.app.PROPERTY_SPECIAL_USE_FGS_SUBTYPE" android:value="vpn" />
        </service>
-        
+
        <service
            android:name=".qt.VPNPermissionHelper"
            android:permission="android.permission.BIND_VPN_SERVICE"
-            android:foregroundServiceType="connectedDevice"
+            android:foregroundServiceType="specialUse"
            android:exported="true">
-                <meta-data android:name="android.app.lib_name" android:value="-- %%INSERT_APP_LIB_NAME%% --"/>
+
+            <property android:name="android.app.PROPERTY_SPECIAL_USE_FGS_SUBTYPE" android:value="vpn" />
        </service>
-        
+
        <!-- For adding service(s) please check: https://wiki.qt.io/AndroidServices -->
        <provider
            android:name="androidx.core.content.FileProvider"
            android:authorities="org.amnezia.vpn.fileprovider"
            android:exported="false"
            android:grantUriPermissions="true">
-                <meta-data android:name="android.support.FILE_PROVIDER_PATHS" android:resource="@xml/fileprovider"/>
+            <meta-data android:name="android.support.FILE_PROVIDER_PATHS" android:resource="@xml/fileprovider" />
        </provider>
    </application>

@@ -1,153 +1,5 @@
-apply plugin: 'com.github.ben-manes.versions'
-
-buildscript {
-   ext{
-       kotlin_version = "1.7.22"
-       //  for libwg
-       appcompatVersion = '1.1.0'
-       annotationsVersion = '1.0.1'
-       databindingVersion = '3.3.1'
-       jsr305Version = '3.0.2'
-       streamsupportVersion = '1.7.0'
-       threetenabpVersion = '1.1.1'
-       groupName = 'org.amnezia.vpn'
-       minSdkVer = '24'
-       cmakeMinVersion = "3.25.0+"
-   }
-
-    repositories {
-        google()
-        jcenter()
-        mavenCentral()
-        maven { url = uri("https://jitpack.io") }
-    }
-
-    dependencies {
-        classpath 'com.android.tools.build:gradle:7.2.1'
-        classpath 'com.github.ben-manes:gradle-versions-plugin:0.21.0'
-        classpath 'com.vanniktech:gradle-maven-publish-plugin:0.8.0'
-        classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:$kotlin_version"
-        classpath "org.jetbrains.kotlin:kotlin-serialization:$kotlin_version"
-    }
-}
-
-apply plugin: 'com.android.application'
-apply plugin: 'kotlin-android'
-apply plugin: 'kotlin-android-extensions'
-apply plugin: 'kotlinx-serialization'
-apply plugin: 'kotlin-kapt'
-
-dependencies {
-    implementation fileTree(dir: 'libs', include: ['*.jar', '*.aar'])
-    implementation group: 'org.json', name: 'json', version: '20220924'
-    implementation 'androidx.core:core-ktx:1.7.0'
-    implementation 'androidx.appcompat:appcompat:1.4.1'
-
-    implementation "androidx.security:security-crypto:1.1.0-alpha03"
-    implementation "androidx.security:security-identity-credential:1.0.0-alpha02"
-
-    implementation "org.jetbrains.kotlinx:kotlinx-serialization-json:1.2.2"
-    implementation "org.jetbrains.kotlinx:kotlinx-coroutines-android:1.3.0"
-    implementation "org.jetbrains.kotlinx:kotlinx-coroutines-core:1.3.0"
-
-    coreLibraryDesugaring "com.android.tools:desugar_jdk_libs:1.1.5"
-
-    implementation project(path: ':shadowsocks')
-
-    // CameraX core library using the camera2 implementation
-    def camerax_version = "1.2.1"
-    implementation("androidx.camera:camera-core:${camerax_version}")
-    implementation("androidx.camera:camera-camera2:${camerax_version}")
-    implementation("androidx.camera:camera-lifecycle:${camerax_version}")
-    implementation("androidx.camera:camera-view:${camerax_version}")
-    implementation("androidx.camera:camera-extensions:${camerax_version}")
-
-    def camerax_ml_version = "1.2.0-beta02"
-    def ml_kit_version = "17.0.3"
-    implementation("androidx.camera:camera-mlkit-vision:${camerax_ml_version}")
-    implementation("com.google.mlkit:barcode-scanning:${ml_kit_version}")
-}
-
-androidExtensions {
-    experimental = true
-}
-
-android {
-    /*******************************************************
-     * The following variables:
-     * - androidBuildToolsVersion,
-     * - androidCompileSdkVersion
-     * - qtAndroidDir - holds the path to qt android files
-     *                   needed to build any Qt application
-     *                   on Android.
-     *
-     * are defined in gradle.properties file. This file is
-     * updated by QtCreator and androiddeployqt tools.
-     * Changing them manually might break the compilation!
-     *******************************************************/
-
-    compileSdkVersion androidCompileSdkVersion.toInteger()
-
-    buildToolsVersion androidBuildToolsVersion
-    ndkVersion androidNdkVersion
-
-    // Extract native libraries from the APK
-    packagingOptions.jniLibs.useLegacyPackaging true
-
-    dexOptions {
-       javaMaxHeapSize "3g"
-    }
-
-    sourceSets {
-        main {
-            manifest.srcFile 'AndroidManifest.xml'
-            java.srcDirs = [qtAndroidDir + '/src', 'src', 'java']
-            aidl.srcDirs = [qtAndroidDir + '/src', 'src', 'aidl']
-            res.srcDirs = [qtAndroidDir + '/res', 'res']
-            resources.srcDirs = ['resources']
-            renderscript.srcDirs = ['src']
-            assets.srcDirs = ['assets']
-            jniLibs.srcDirs = ['libs']
-            androidTest.assets.srcDirs += files("${qtAndroidDir}/schemas".toString())
-       }
-    }
-
-    tasks.withType(JavaCompile) {
-        options.incremental = true
-    }
-
-    compileOptions {
-        // Flag to enable support for the new language APIs
-        coreLibraryDesugaringEnabled true
-
-        sourceCompatibility JavaVersion.VERSION_1_8
-        targetCompatibility JavaVersion.VERSION_1_8
-    }
-    kotlinOptions.jvmTarget = JavaVersion.VERSION_1_8
-
-    lintOptions {
-        abortOnError false
-    }
-
-    // Do not compress Qt binary resources file
-    aaptOptions {
-        noCompress 'rcc'
-    }
-
-    defaultConfig {
-        resConfig "en"
-        minSdkVersion = 24
-        targetSdkVersion = 34
-        versionCode 37 // Change to a higher number
-        versionName "4.0.8" // Change to a higher number
-
-        javaCompileOptions.annotationProcessorOptions.arguments = [
-            "room.schemaLocation": "${qtAndroidDir}/schemas".toString()
-        ]
-    }
-
-
-}
-
-
+// dummy file for androiddeployqt

+// android.bundle.enableUncompressedNativeLibs is deprecated
+// disable adding gradle property android.bundle.enableUncompressedNativeLibs by androiddeployqt
+useLegacyPackaging
@@ -0,0 +1,92 @@
+plugins {
+    alias(libs.plugins.android.application)
+    alias(libs.plugins.kotlin.android)
+    id("property-delegate")
+}
+
+kotlin {
+    jvmToolchain(17)
+}
+
+// get values from gradle or local properties
+val qtTargetSdkVersion: String by gradleProperties
+val qtTargetAbiList: String by gradleProperties
+val qtAndroidDir: String by gradleProperties
+
+android {
+    namespace = "org.amnezia.vpn"
+
+    buildFeatures {
+        buildConfig = true
+        viewBinding = true
+    }
+
+    androidResources {
+        // don't compress Qt binary resources file
+        noCompress += "rcc"
+    }
+
+    packaging {
+        // compress .so binary libraries
+        jniLibs.useLegacyPackaging = true
+    }
+
+    defaultConfig {
+        applicationId = "org.amnezia.vpn"
+        targetSdk = qtTargetSdkVersion.toInt()
+
+        // keeps language resources for only the locales specified below
+        resourceConfigurations += listOf("en", "ru", "b+zh+Hans")
+    }
+
+    sourceSets {
+        getByName("main") {
+            manifest.srcFile("AndroidManifest.xml")
+            java.setSrcDirs(listOf("$qtAndroidDir/src", "src"))
+            res.setSrcDirs(listOf("$qtAndroidDir/res", "res"))
+            assets.setSrcDirs(listOf("assets"))
+            jniLibs.setSrcDirs(listOf("libs"))
+        }
+    }
+
+    signingConfigs {
+        register("release") {
+            storeFile = providers.environmentVariable("ANDROID_KEYSTORE_PATH").orNull?.let { file(it) }
+            storePassword = providers.environmentVariable("ANDROID_KEYSTORE_KEY_PASS").orNull
+            keyAlias = providers.environmentVariable("ANDROID_KEYSTORE_KEY_ALIAS").orNull
+            keyPassword = providers.environmentVariable("ANDROID_KEYSTORE_KEY_PASS").orNull
+        }
+    }
+
+    buildTypes {
+        release {
+            // exclude coroutine debug resource from release build
+            packaging {
+                resources.excludes += "DebugProbesKt.bin"
+            }
+            signingConfig = signingConfigs["release"]
+        }
+    }
+
+    splits {
+        abi {
+            isEnable = true
+            reset()
+            include(*qtTargetAbiList.split(',').toTypedArray())
+            isUniversalApk = false
+        }
+    }
+}
+
+dependencies {
+    implementation(fileTree(mapOf("dir" to "libs", "include" to listOf("*.jar", "*.aar"))))
+    implementation(libs.androidx.core)
+    implementation(libs.androidx.appcompat)
+    implementation(libs.androidx.security.crypto)
+    implementation(libs.kotlinx.coroutines)
+    implementation(libs.bundles.androidx.camera)
+    implementation(libs.google.mlkit)
+    implementation(project(":shadowsocks"))
+    // todo: remove after finish refactoring
+    implementation(libs.androidx.constraintlayout)
+}
@@ -1,27 +1,46 @@
-# Project-wide Gradle settings.
-# For more details on how to configure your build environment visit
-# http://www.gradle.org/docs/current/userguide/build_environment.html
-# Specifies the JVM arguments used for the daemon process.
-# The setting is particularly useful for tweaking memory settings.
-org.gradle.jvmargs=-Xmx1536m
-
-# Gradle caching allows reusing the build artifacts from a previous
-# build with the same inputs. However, over time, the cache size will
-# grow. Uncomment the following line to enable it.
-#org.gradle.caching=true
+# Specifies the JVM arguments used for the daemon process
+org.gradle.jvmargs=-Xms512m -Xmx4g -XX:+UseParallelGC -XX:MaxMetaspaceSize=768m -XX:+HeapDumpOnOutOfMemoryError \
+  -Dfile.encoding=UTF-8
+org.gradle.caching=true
+org.gradle.parallel=true
+org.gradle.configureondemand=true

+# Use AndroidX library instead of a Support Library
 android.useAndroidX=true
-# Automatically convert third-party libraries to use AndroidX
-android.enableJetifier=true
+# Disable adding android:testOnly attribute to the manifest
+android.injected.testOnly=false
 # Kotlin code style for this project: "official" or "obsolete":
 kotlin.code.style=official

-android.bundle.enableUncompressedNativeLibs=false
-androidBuildToolsVersion=30.0.2
-androidCompileSdkVersion=30
-org.gradle.caching=true
-org.gradle.parallel=true
-android.enableJetifier=true
-android.injected.testOnly=false
-kapt.use.worker.api=false
-kapt.incremental.apt=false
+# Disable providing custom values to resources from buildscript by default
+android.defaults.buildfeatures.resvalues=false
+# Disable compileShaders tasks by default
+android.defaults.buildfeatures.shaders=false
+# Disable Android resource processing for libraries by default
+android.library.defaults.buildfeatures.androidresources=false
+
+# Qt variables
+# At build time androiddeployqt replaces these values with:
+# androidCompileSdkVersion - androiddeployqt --android-platform parameter
+# androidBuildToolsVersion - QT_ANDROID_SDK_BUILD_TOOLS_REVISION cmake target parameter
+# qtMinSdkVersion - QT_ANDROID_MIN_SDK_VERSION cmake target parameter
+# qtTargetSdkVersion - QT_ANDROID_TARGET_SDK_VERSION cmake target parameter
+# androidNdkVersion - version from ANDROID_NDK_ROOT environment variable
+# qtTargetAbiList - qt-cmake QT_ANDROID_ABIS parameter
+# qtAndroidDir - path to qt binding java source code
+# buildDir - hardcoded "build" value in androiddeployqt
+
+# For development copy and set local values for these parameters in local.properties
+#androidCompileSdkVersion=android-34
+#androidBuildToolsVersion=34.0.0
+#qtMinSdkVersion=24
+#qtTargetSdkVersion=34
+#androidNdkVersion=26.1.10909125
+#qtTargetAbiList=x86_64
+#qtAndroidDir=/QT_BASE/android_ABI/src/android/java
+#buildDir=build
+
+# Note about qtAndroidDir:
+# Some IDEs (for example, IntelliJ IDEA) may index all data from a common root of the project and qtAndroidDir.
+# Therefore, it's recommended to copy qt android files to a directory inside the project
+# and specify the path to that directory in qtAndroidDir.
@@ -0,0 +1,35 @@
+[versions]
+agp = "8.1.3"
+kotlin = "1.9.20"
+androidx-core = "1.12.0"
+androidx-appcompat = "1.6.1"
+androidx-camera = "1.2.3"
+androidx-security-crypto = "1.1.0-alpha06"
+kotlinx-coroutines = "1.7.3"
+google-mlkit = "17.2.0"
+
+[libraries]
+androidx-core = { module = "androidx.core:core-ktx", version.ref = "androidx-core" }
+androidx-appcompat = { module = "androidx.appcompat:appcompat", version.ref = "androidx-appcompat" }
+androidx-camera-core = { module = "androidx.camera:camera-core", version.ref = "androidx-camera" }
+androidx-camera-camera2 = { module = "androidx.camera:camera-camera2", version.ref = "androidx-camera" }
+androidx-camera-lifecycle = { module = "androidx.camera:camera-lifecycle", version.ref = "androidx-camera" }
+androidx-camera-view = { module = "androidx.camera:camera-view", version.ref = "androidx-camera" }
+androidx-security-crypto = { module = "androidx.security:security-crypto-ktx", version.ref = "androidx-security-crypto" }
+kotlinx-coroutines = { module = "org.jetbrains.kotlinx:kotlinx-coroutines-android", version.ref = "kotlinx-coroutines" }
+google-mlkit = { module = "com.google.mlkit:barcode-scanning", version.ref = "google-mlkit" }
+# todo: remove after finish refactoring
+androidx-constraintlayout = { group = "androidx.constraintlayout", name = "constraintlayout", version = "2.1.4" }
+
+[bundles]
+androidx-camera = [
+    "androidx-camera-core",
+    "androidx-camera-lifecycle",
+    "androidx-camera-view",
+    "androidx-camera-camera2"
+]
+
+[plugins]
+android-application = { id = "com.android.application", version.ref = "agp" }
+android-library = { id = "com.android.library", version.ref = "agp" }
+kotlin-android = { id = "org.jetbrains.kotlin.android", version.ref = "kotlin" }
@@ -0,0 +1,25 @@
+plugins {
+    `kotlin-dsl`
+}
+
+repositories {
+    gradlePluginPortal()
+}
+
+kotlin {
+    jvmToolchain(17)
+}
+
+gradlePlugin {
+    plugins {
+        register("settingsGradlePropertyDelegate") {
+            id = "settings-property-delegate"
+            implementationClass = "SettingsPropertyDelegate"
+        }
+
+        register("projectGradlePropertyDelegate") {
+            id = "property-delegate"
+            implementationClass = "ProjectPropertyDelegate"
+        }
+    }
+}
@@ -0,0 +1,49 @@
+import java.io.File
+import java.io.FileInputStream
+import java.io.InputStreamReader
+import java.util.Properties
+import kotlin.properties.ReadOnlyProperty
+import kotlin.reflect.KProperty
+import org.gradle.api.Plugin
+import org.gradle.api.Project
+import org.gradle.api.initialization.Settings
+import org.gradle.api.provider.ProviderFactory
+
+private fun localProperties(rootDir: File) = Properties().apply {
+    val localProperties = File(rootDir, "local.properties")
+    if (localProperties.isFile) {
+        InputStreamReader(FileInputStream(localProperties), Charsets.UTF_8).use {
+            load(it)
+        }
+    }
+}
+
+private class PropertyDelegate(
+    rootDir: File,
+    private val providers: ProviderFactory,
+    private val localProperties: Properties = localProperties(rootDir)
+) : ReadOnlyProperty<Any?, String> {
+    override fun getValue(thisRef: Any?, property: KProperty<*>): String =
+        providers.gradleProperty(property.name).orNull ?: localProperties.getProperty(property.name)
+}
+
+private lateinit var settingsPropertyDelegate: ReadOnlyProperty<Any?, String>
+private lateinit var projectPropertyDelegate: ReadOnlyProperty<Any?, String>
+
+class SettingsPropertyDelegate : Plugin<Settings> {
+    override fun apply(settings: Settings) {
+        settingsPropertyDelegate = PropertyDelegate(settings.rootDir, settings.providers)
+    }
+}
+
+class ProjectPropertyDelegate : Plugin<Project> {
+    override fun apply(project: Project) {
+        projectPropertyDelegate = PropertyDelegate(project.rootDir, project.providers)
+    }
+}
+
+val Settings.gradleProperties: ReadOnlyProperty<Any?, String>
+    get() = settingsPropertyDelegate
+
+val Project.gradleProperties: ReadOnlyProperty<Any?, String>
+    get() = projectPropertyDelegate
@@ -1,5 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-7.3.3-all.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.4-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
@@ -1,78 +1,127 @@
-#!/usr/bin/env sh
+#!/bin/sh
+
+#
+# Copyright © 2015-2021 the original authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#

 ##############################################################################
-##
-##  Gradle start up script for UN*X
-##
+#
+#   Gradle start up script for POSIX generated by Gradle.
+#
+#   Important for running:
+#
+#   (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is
+#       noncompliant, but you have some other compliant shell such as ksh or
+#       bash, then to run this script, type that shell name before the whole
+#       command line, like:
+#
+#           ksh Gradle
+#
+#       Busybox and similar reduced shells will NOT work, because this script
+#       requires all of these POSIX shell features:
+#         * functions;
+#         * expansions «$var», «${var}», «${var:-default}», «${var+SET}»,
+#           «${var#prefix}», «${var%suffix}», and «$( cmd )»;
+#         * compound commands having a testable exit status, especially «case»;
+#         * various built-in commands including «command», «set», and «ulimit».
+#
+#   Important for patching:
+#
+#   (2) This script targets any POSIX shell, so it avoids extensions provided
+#       by Bash, Ksh, etc; in particular arrays are avoided.
+#
+#       The "traditional" practice of packing multiple parameters into a
+#       space-separated string is a well documented source of bugs and security
+#       problems, so this is (mostly) avoided, by progressively accumulating
+#       options in "$@", and eventually passing that to Java.
+#
+#       Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS,
+#       and GRADLE_OPTS) rely on word-splitting, this is performed explicitly;
+#       see the in-line comments for details.
+#
+#       There are tweaks for specific operating systems such as AIX, CygWin,
+#       Darwin, MinGW, and NonStop.
+#
+#   (3) This script is generated from the Groovy template
+#       https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
+#       within the Gradle project.
+#
+#       You can find Gradle at https://github.com/gradle/gradle/.
+#
 ##############################################################################

 # Attempt to set APP_HOME
+
 # Resolve links: $0 may be a link
-PRG="$0"
-# Need this for relative symlinks.
-while [ -h "$PRG" ] ; do
-    ls=`ls -ld "$PRG"`
-    link=`expr "$ls" : '.*-> \(.*\)$'`
-    if expr "$link" : '/.*' > /dev/null; then
-        PRG="$link"
-    else
-        PRG=`dirname "$PRG"`"/$link"
-    fi
+app_path=$0
+
+# Need this for daisy-chained symlinks.
+while
+    APP_HOME=${app_path%"${app_path##*/}"}  # leaves a trailing /; empty if no leading path
+    [ -h "$app_path" ]
+do
+    ls=$( ls -ld "$app_path" )
+    link=${ls#*' -> '}
+    case $link in             #(
+      /*)   app_path=$link ;; #(
+      *)    app_path=$APP_HOME$link ;;
+    esac
 done
-SAVED="`pwd`"
-cd "`dirname \"$PRG\"`/" >/dev/null
-APP_HOME="`pwd -P`"
-cd "$SAVED" >/dev/null

-APP_NAME="Gradle"
-APP_BASE_NAME=`basename "$0"`
-
-# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
-DEFAULT_JVM_OPTS=""
+# This is normally unused
+# shellcheck disable=SC2034
+APP_BASE_NAME=${0##*/}
+# Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
+APP_HOME=$( cd "${APP_HOME:-./}" > /dev/null && pwd -P ) || exit

 # Use the maximum available, or set MAX_FD != -1 to use that value.
-MAX_FD="maximum"
+MAX_FD=maximum

 warn () {
    echo "$*"
-}
+} >&2

 die () {
    echo
    echo "$*"
    echo
    exit 1
-}
+} >&2

 # OS specific support (must be 'true' or 'false').
 cygwin=false
 msys=false
 darwin=false
 nonstop=false
-case "`uname`" in
-  CYGWIN* )
-    cygwin=true
-    ;;
-  Darwin* )
-    darwin=true
-    ;;
-  MINGW* )
-    msys=true
-    ;;
-  NONSTOP* )
-    nonstop=true
-    ;;
+case "$( uname )" in                #(
+  CYGWIN* )         cygwin=true  ;; #(
+  Darwin* )         darwin=true  ;; #(
+  MSYS* | MINGW* )  msys=true    ;; #(
+  NONSTOP* )        nonstop=true ;;
 esac

 CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar

+
 # Determine the Java command to use to start the JVM.
 if [ -n "$JAVA_HOME" ] ; then
    if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
        # IBM's JDK on AIX uses strange locations for the executables
-        JAVACMD="$JAVA_HOME/jre/sh/java"
+        JAVACMD=$JAVA_HOME/jre/sh/java
    else
-        JAVACMD="$JAVA_HOME/bin/java"
+        JAVACMD=$JAVA_HOME/bin/java
    fi
    if [ ! -x "$JAVACMD" ] ; then
        die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
@@ -81,92 +130,120 @@ Please set the JAVA_HOME variable in your environment to match the
 location of your Java installation."
    fi
 else
-    JAVACMD="java"
-    which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+    JAVACMD=java
+    if ! command -v java >/dev/null 2>&1
+    then
+        die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.

 Please set the JAVA_HOME variable in your environment to match the
 location of your Java installation."
+    fi
 fi

 # Increase the maximum file descriptors if we can.
-if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then
-    MAX_FD_LIMIT=`ulimit -H -n`
-    if [ $? -eq 0 ] ; then
-        if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
-            MAX_FD="$MAX_FD_LIMIT"
-        fi
-        ulimit -n $MAX_FD
-        if [ $? -ne 0 ] ; then
-            warn "Could not set maximum file descriptor limit: $MAX_FD"
-        fi
-    else
-        warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
-    fi
-fi
-
-# For Darwin, add options to specify how the application appears in the dock
-if $darwin; then
-    GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
-fi
-
-# For Cygwin, switch paths to Windows format before running java
-if $cygwin ; then
-    APP_HOME=`cygpath --path --mixed "$APP_HOME"`
-    CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
-    JAVACMD=`cygpath --unix "$JAVACMD"`
-
-    # We build the pattern for arguments to be converted via cygpath
-    ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
-    SEP=""
-    for dir in $ROOTDIRSRAW ; do
-        ROOTDIRS="$ROOTDIRS$SEP$dir"
-        SEP="|"
-    done
-    OURCYGPATTERN="(^($ROOTDIRS))"
-    # Add a user-defined pattern to the cygpath arguments
-    if [ "$GRADLE_CYGPATTERN" != "" ] ; then
-        OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
-    fi
-    # Now convert the arguments - kludge to limit ourselves to /bin/sh
-    i=0
-    for arg in "$@" ; do
-        CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
-        CHECK2=`echo "$arg"|egrep -c "^-"`                                 ### Determine if an option
-
-        if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then                    ### Added a condition
-            eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
-        else
-            eval `echo args$i`="\"$arg\""
-        fi
-        i=$((i+1))
-    done
-    case $i in
-        (0) set -- ;;
-        (1) set -- "$args0" ;;
-        (2) set -- "$args0" "$args1" ;;
-        (3) set -- "$args0" "$args1" "$args2" ;;
-        (4) set -- "$args0" "$args1" "$args2" "$args3" ;;
-        (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
-        (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
-        (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
-        (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
-        (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
+if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
+    case $MAX_FD in #(
+      max*)
+        # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
+        # shellcheck disable=SC2039,SC3045
+        MAX_FD=$( ulimit -H -n ) ||
+            warn "Could not query maximum file descriptor limit"
+    esac
+    case $MAX_FD in  #(
+      '' | soft) :;; #(
+      *)
+        # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
+        # shellcheck disable=SC2039,SC3045
+        ulimit -n "$MAX_FD" ||
+            warn "Could not set maximum file descriptor limit to $MAX_FD"
    esac
 fi

-# Escape application args
-save () {
-    for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done
-    echo " "
-}
-APP_ARGS=$(save "$@")
+# Collect all arguments for the java command, stacking in reverse order:
+#   * args from the command line
+#   * the main class name
+#   * -classpath
+#   * -D...appname settings
+#   * --module-path (only if needed)
+#   * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables.

-# Collect all arguments for the java command, following the shell quoting and substitution rules
-eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS"
+# For Cygwin or MSYS, switch paths to Windows format before running java
+if "$cygwin" || "$msys" ; then
+    APP_HOME=$( cygpath --path --mixed "$APP_HOME" )
+    CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" )

-# by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong
-if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then
-  cd "$(dirname "$0")"
+    JAVACMD=$( cygpath --unix "$JAVACMD" )
+
+    # Now convert the arguments - kludge to limit ourselves to /bin/sh
+    for arg do
+        if
+            case $arg in                                #(
+              -*)   false ;;                            # don't mess with options #(
+              /?*)  t=${arg#/} t=/${t%%/*}              # looks like a POSIX filepath
+                    [ -e "$t" ] ;;                      #(
+              *)    false ;;
+            esac
+        then
+            arg=$( cygpath --path --ignore --mixed "$arg" )
+        fi
+        # Roll the args list around exactly as many times as the number of
+        # args, so each arg winds up back in the position where it started, but
+        # possibly modified.
+        #
+        # NB: a `for` loop captures its iteration list before it begins, so
+        # changing the positional parameters here affects neither the number of
+        # iterations, nor the values presented in `arg`.
+        shift                   # remove old arg
+        set -- "$@" "$arg"      # push replacement arg
+    done
 fi

+
+# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
+
+# Collect all arguments for the java command:
+#   * DEFAULT_JVM_OPTS, JAVA_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
+#     and any embedded shellness will be escaped.
+#   * For example: A user cannot expect ${Hostname} to be expanded, as it is an environment variable and will be
+#     treated as '${Hostname}' itself on the command line.
+
+set -- \
+        "-Dorg.gradle.appname=$APP_BASE_NAME" \
+        -classpath "$CLASSPATH" \
+        org.gradle.wrapper.GradleWrapperMain \
+        "$@"
+
+# Stop when "xargs" is not available.
+if ! command -v xargs >/dev/null 2>&1
+then
+    die "xargs is not available"
+fi
+
+# Use "xargs" to parse quoted args.
+#
+# With -n1 it outputs one arg per line, with the quotes and backslashes removed.
+#
+# In Bash we could simply go:
+#
+#   readarray ARGS < <( xargs -n1 <<<"$var" ) &&
+#   set -- "${ARGS[@]}" "$@"
+#
+# but POSIX shell has neither arrays nor command substitution, so instead we
+# post-process each arg (as a line of input to sed) to backslash-escape any
+# character that might be a shell metacharacter, then use eval to reverse
+# that process (while maintaining the separation between arguments), and wrap
+# the whole thing up as a single "set" statement.
+#
+# This will of course break if any of these variables contains a newline or
+# an unmatched quote.
+#
+
+eval "set -- $(
+        printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" |
+        xargs -n1 |
+        sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' |
+        tr '\n' ' '
+    )" '"$@"'
+
 exec "$JAVACMD" "$@"
@@ -1,4 +1,20 @@
-@if "%DEBUG%" == "" @echo off
+@rem
+@rem Copyright 2015 the original author or authors.
+@rem
+@rem Licensed under the Apache License, Version 2.0 (the "License");
+@rem you may not use this file except in compliance with the License.
+@rem You may obtain a copy of the License at
+@rem
+@rem      https://www.apache.org/licenses/LICENSE-2.0
+@rem
+@rem Unless required by applicable law or agreed to in writing, software
+@rem distributed under the License is distributed on an "AS IS" BASIS,
+@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+@rem See the License for the specific language governing permissions and
+@rem limitations under the License.
+@rem
+
+@if "%DEBUG%"=="" @echo off
@rem ##########################################################################
@rem
@rem  Gradle startup script for Windows
@@ -9,19 +25,23 @@
 if "%OS%"=="Windows_NT" setlocal

 set DIRNAME=%~dp0
-if "%DIRNAME%" == "" set DIRNAME=.
+if "%DIRNAME%"=="" set DIRNAME=.
+@rem This is normally unused
 set APP_BASE_NAME=%~n0
 set APP_HOME=%DIRNAME%

+@rem Resolve any "." and ".." in APP_HOME to make it shorter.
+for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
+
@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
-set DEFAULT_JVM_OPTS=
+set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"

@rem Find java.exe
 if defined JAVA_HOME goto findJavaFromJavaHome

 set JAVA_EXE=java.exe
 %JAVA_EXE% -version >NUL 2>&1
-if "%ERRORLEVEL%" == "0" goto init
+if %ERRORLEVEL% equ 0 goto execute

 echo.
 echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
@@ -35,7 +55,7 @@ goto fail
 set JAVA_HOME=%JAVA_HOME:"=%
 set JAVA_EXE=%JAVA_HOME%/bin/java.exe

-if exist "%JAVA_EXE%" goto init
+if exist "%JAVA_EXE%" goto execute

 echo.
 echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
@@ -45,38 +65,26 @@ echo location of your Java installation.

 goto fail

-:init
-@rem Get command-line arguments, handling Windows variants
-
-if not "%OS%" == "Windows_NT" goto win9xME_args
-
-:win9xME_args
-@rem Slurp the command line arguments.
-set CMD_LINE_ARGS=
-set _SKIP=2
-
-:win9xME_args_slurp
-if "x%~1" == "x" goto execute
-
-set CMD_LINE_ARGS=%*
-
 :execute
@rem Setup the command line

 set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar

+
@rem Execute Gradle
-"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS%
+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*

 :end
@rem End local scope for the variables with windows NT shell
-if "%ERRORLEVEL%"=="0" goto mainEnd
+if %ERRORLEVEL% equ 0 goto mainEnd

 :fail
 rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
 rem the _cmd.exe /c_ return code!
-if  not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
-exit /b 1
+set EXIT_CODE=%ERRORLEVEL%
+if %EXIT_CODE% equ 0 set EXIT_CODE=1
+if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE%
+exit /b %EXIT_CODE%

 :mainEnd
 if "%OS%"=="Windows_NT" endlocal
@@ -1,21 +0,0 @@
-pluginManagement {
-    repositories {
-        google()
-        mavenCentral()
-        jcenter()
-        gradlePluginPortal()
-        maven { url 'https://jitpack.io' }
-    }
-}
-
-dependencyResolutionManagement {
-    repositoriesMode.set(RepositoriesMode.FAIL_ON_PROJECT_REPOS)
-    repositories {
-        google()
-        mavenCentral()
-        jcenter()
-        maven { url 'https://jitpack.io' }
-    }
-}
-
-include ':shadowsocks'
@@ -0,0 +1,58 @@
+import com.android.build.api.dsl.SettingsExtension
+
+pluginManagement {
+    repositories {
+        google()
+        mavenCentral()
+        gradlePluginPortal()
+        // for jsocks todo: remove after finish refactoring
+        maven("https://jitpack.io")
+    }
+
+    includeBuild("./gradle/plugins")
+}
+
+@Suppress("UnstableApiUsage")
+dependencyResolutionManagement {
+    repositoriesMode.set(RepositoriesMode.FAIL_ON_PROJECT_REPOS)
+    repositories {
+        google()
+        mavenCentral()
+        // for jsocks todo: remove after finish refactoring
+        maven("https://jitpack.io")
+    }
+}
+
+includeBuild("./gradle/plugins")
+
+plugins {
+    id("com.android.settings") version "8.1.3"
+    id("settings-property-delegate")
+}
+
+rootProject.name = "AmneziaVPN"
+rootProject.buildFileName = "build.gradle.kts"
+
+include(":shadowsocks")
+
+// get values from gradle or local properties
+val androidBuildToolsVersion: String by gradleProperties
+val androidCompileSdkVersion: String by gradleProperties
+val androidNdkVersion: String by gradleProperties
+val qtMinSdkVersion: String by gradleProperties
+
+// set default values for all modules
+configure<SettingsExtension> {
+    buildToolsVersion = androidBuildToolsVersion
+    compileSdk = androidCompileSdkVersion.substringAfter('-').toInt()
+    minSdk = qtMinSdkVersion.toInt()
+    ndkVersion = androidNdkVersion
+}
+
+// stop Gradle running by androiddeployqt
+gradle.taskGraph.whenReady {
+    if (providers.environmentVariable("ANDROIDDEPLOYQT_RUN").isPresent
+        && !providers.systemProperty("explicitRun").isPresent) {
+        allTasks.forEach { it.enabled = false }
+    }
+}
@@ -1,14 +1,17 @@
 apply plugin: 'com.android.library'
 apply plugin: 'kotlin-android'
-apply plugin: 'kotlin-android-extensions'
 apply plugin: 'kotlin-kapt'
+apply plugin: 'kotlin-parcelize'
 //apply plugin: 'com.novoda.bintray-release'

 android {
-    compileSdkVersion 30
+    buildFeatures {
+        aidl true
+        androidResources true
+    }
+
    defaultConfig {
-        minSdkVersion 24
-        targetSdkVersion 30
+        namespace "org.amnezia.vpn.shadowsocks.core"
        versionCode 1
        versionName "1.0.0"

@@ -30,10 +33,6 @@ android {
    }
 }

-androidExtensions {
-    experimental = true
-}
-
 //def lifecycleVersion = '2.0.0'
 def roomVersion = "2.4.3"
 //def preferencexVersion = '1.0.0'
@@ -46,10 +45,9 @@ dependencies {
    implementation "org.jetbrains.kotlinx:kotlinx-coroutines-core:1.3.0"

    implementation "androidx.core:core-ktx:1.2.0"
-    implementation "androidx.lifecycle:lifecycle-extensions:2.2.0"
-    implementation "androidx.lifecycle:lifecycle-runtime-ktx:2.4.0"
-    implementation "androidx.lifecycle:lifecycle-livedata-core-ktx:2.4.0"
-    implementation "androidx.lifecycle:lifecycle-viewmodel-ktx:2.2.0"
+    implementation "androidx.lifecycle:lifecycle-runtime-ktx:2.5.1"
+    implementation "androidx.lifecycle:lifecycle-livedata-core-ktx:2.5.1"
+    implementation "androidx.lifecycle:lifecycle-viewmodel-ktx:2.5.1"
    implementation "androidx.room:room-runtime:$roomVersion" // runtime
    implementation "androidx.preference:preference:1.1.0"
    implementation "androidx.work:work-runtime-ktx:2.7.1"
@@ -1,6 +1,5 @@
 <manifest xmlns:android="http://schemas.android.com/apk/res/android"
    xmlns:tools="http://schemas.android.com/tools"
-    package="org.amnezia.vpn.shadowsocks.core"
    tools:ignore="MissingLeanbackLauncher">

    <uses-feature
@@ -65,6 +65,7 @@ class VpnRequestActivity : AppCompatActivity() {
            Toast.makeText(this, R.string.vpn_permission_denied, Toast.LENGTH_LONG).show()
        }
        finish()
+        super.onActivityResult(requestCode, resultCode, data)
    }

    override fun onDestroy() {
@@ -28,6 +28,7 @@ import kotlinx.coroutines.channels.sendBlocking
 import java.io.IOException
 import java.nio.ByteBuffer
 import java.nio.channels.*
+import kotlinx.coroutines.channels.trySendBlocking

 class ChannelMonitor : Thread("ChannelMonitor") {
    private data class Registration(val channel: SelectableChannel,
@@ -52,7 +53,7 @@ class ChannelMonitor : Thread("ChannelMonitor") {
            registerInternal(this, SelectionKey.OP_READ) {
                val junk = ByteBuffer.allocateDirect(1)
                while (read(junk) > 0) {
-                    pendingRegistrations.poll()!!.apply {
+                    pendingRegistrations.tryReceive().getOrNull()!!.apply {
                        try {
                            result.complete(registerInternal(channel, ops, listener))
                        } catch (e: Exception) {
@@ -112,7 +113,7 @@ class ChannelMonitor : Thread("ChannelMonitor") {
                (key.attachment() as (SelectionKey) -> Unit)(key)
            }
        }
-        closeChannel.sendBlocking(Unit)
+        closeChannel.trySendBlocking(Unit)
    }

    fun close(scope: CoroutineScope) {
@@ -33,6 +33,7 @@ import kotlinx.coroutines.channels.sendBlocking
 import kotlinx.coroutines.launch
 import java.io.File
 import java.io.IOException
+import kotlinx.coroutines.channels.trySendBlocking

 abstract class LocalSocketListener(name: String, socketFile: File) : Thread(name) {
    private val localSocket = LocalSocket().apply {
@@ -60,7 +61,7 @@ abstract class LocalSocketListener(name: String, socketFile: File) : Thread(name
                }
            }
        }
-        closeChannel.sendBlocking(Unit)
+        closeChannel.trySendBlocking(Unit)
    }

    open fun shutdown(scope: CoroutineScope) {
@@ -0,0 +1,509 @@
+/*
+ * Copyright (C) 2012-2017 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+package com.wireguard.config;
+
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+
+import androidx.annotation.NonNull;
+
+/**
+ * Class that represents a range of IP addresses. This range could be a proper subnet, but that's
+ * not necessarily the case (see {@code getPrefix} and {@code toSubnets}).
+ */
+public class IPRange implements Comparable<IPRange>
+{
+	private final byte[] mBitmask = { (byte)0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
+	private byte[] mFrom;
+	private byte[] mTo;
+	private Integer mPrefix;
+
+	/**
+	 * Determine if the range is a proper subnet and, if so, what the network prefix is.
+	 */
+	private void determinePrefix()
+	{
+		boolean matching = true;
+
+		mPrefix = mFrom.length * 8;
+		for (int i = 0; i < mFrom.length; i++)
+		{
+			for (int bit = 0; bit < 8; bit++)
+			{
+				if (matching)
+				{
+					if ((mFrom[i] & mBitmask[bit]) != (mTo[i] & mBitmask[bit]))
+					{
+						mPrefix = (i * 8) + bit;
+						matching = false;
+					}
+				}
+				else
+				{
+					if ((mFrom[i] & mBitmask[bit]) != 0 || (mTo[i] & mBitmask[bit]) == 0)
+					{
+						mPrefix = null;
+						return;
+					}
+				}
+			}
+		}
+	}
+
+	private IPRange(byte[] from, byte[] to)
+	{
+		mFrom = from;
+		mTo = to;
+		determinePrefix();
+	}
+
+	public IPRange(String from, String to) throws UnknownHostException
+	{
+		this(Utils.parseInetAddress(from), Utils.parseInetAddress(to));
+	}
+
+	public IPRange(InetAddress from, InetAddress to)
+	{
+		initializeFromRange(from, to);
+	}
+
+	private void initializeFromRange(InetAddress from, InetAddress to)
+	{
+		byte[] fa = from.getAddress(), ta = to.getAddress();
+		if (fa.length != ta.length)
+		{
+			throw new IllegalArgumentException("Invalid range");
+		}
+		if (compareAddr(fa, ta) < 0)
+		{
+			mFrom = fa;
+			mTo = ta;
+		}
+		else
+		{
+			mTo = fa;
+			mFrom = ta;
+		}
+		determinePrefix();
+	}
+
+	public IPRange(String base, int prefix) throws UnknownHostException
+	{
+		this(Utils.parseInetAddress(base), prefix);
+	}
+
+	public IPRange(InetAddress base, int prefix)
+	{
+		this(base.getAddress(), prefix);
+	}
+
+	private IPRange(byte[] from, int prefix)
+	{
+		initializeFromCIDR(from, prefix);
+	}
+
+	private void initializeFromCIDR(byte[] from, int prefix)
+	{
+		if (from.length != 4 && from.length != 16)
+		{
+			throw new IllegalArgumentException("Invalid address");
+		}
+		if (prefix < 0 || prefix > from.length * 8)
+		{
+			throw new IllegalArgumentException("Invalid prefix");
+		}
+		byte[] to = from.clone();
+		byte mask = (byte)(0xff << (8 - prefix % 8));
+		int i = prefix / 8;
+
+		if (i < from.length)
+		{
+			from[i] = (byte)(from[i] & mask);
+			to[i] = (byte)(to[i] | ~mask);
+			Arrays.fill(from, i+1, from.length, (byte)0);
+			Arrays.fill(to, i+1, to.length, (byte)0xff);
+		}
+		mFrom = from;
+		mTo = to;
+		mPrefix = prefix;
+	}
+
+	public IPRange(String cidr) throws UnknownHostException
+	{
+		/* only verify the basic structure */
+		if (!cidr.matches("(?i)^(([0-9.]+)|([0-9a-f:]+))(-(([0-9.]+)|([0-9a-f:]+))|(/\\d+))?$"))
+		{
+			throw new IllegalArgumentException("Invalid CIDR or range notation");
+		}
+		if (cidr.contains("-"))
+		{
+			String[] parts = cidr.split("-");
+			InetAddress from = InetAddress.getByName(parts[0]);
+			InetAddress to = InetAddress.getByName(parts[1]);
+			initializeFromRange(from, to);
+		}
+		else
+		{
+			String[] parts = cidr.split("/");
+			InetAddress addr = InetAddress.getByName(parts[0]);
+			byte[] base = addr.getAddress();
+			int prefix = base.length * 8;
+			if (parts.length > 1)
+			{
+				prefix = Integer.parseInt(parts[1]);
+			}
+			initializeFromCIDR(base, prefix);
+		}
+	}
+
+	/**
+	 * Returns the first address of the range. The network ID in case this is a proper subnet.
+	 */
+	public InetAddress getFrom()
+	{
+		try
+		{
+			return InetAddress.getByAddress(mFrom);
+		}
+		catch (UnknownHostException ignored)
+		{
+			return null;
+		}
+	}
+
+	/**
+	 * Returns the last address of the range.
+	 */
+	public InetAddress getTo()
+	{
+		try
+		{
+			return InetAddress.getByAddress(mTo);
+		}
+		catch (UnknownHostException ignored)
+		{
+			return null;
+		}
+	}
+
+	/**
+	 * If this range is a proper subnet returns its prefix, otherwise returns null.
+	 */
+	public Integer getPrefix()
+	{
+		return mPrefix;
+	}
+
+	@Override
+	public int compareTo(@NonNull IPRange other)
+	{
+		int cmp = compareAddr(mFrom, other.mFrom);
+		if (cmp == 0)
+		{	/* smaller ranges first */
+			cmp = compareAddr(mTo, other.mTo);
+		}
+		return cmp;
+	}
+
+	@Override
+	public boolean equals(Object o)
+	{
+		if (o == null || !(o instanceof IPRange))
+		{
+			return false;
+		}
+		return this == o || compareTo((IPRange)o) == 0;
+	}
+
+	@Override
+	public String toString()
+	{
+		try
+		{
+			if (mPrefix != null)
+			{
+				return InetAddress.getByAddress(mFrom).getHostAddress() + "/" + mPrefix;
+			}
+			return InetAddress.getByAddress(mFrom).getHostAddress() + "-" +
+				   InetAddress.getByAddress(mTo).getHostAddress();
+		}
+		catch (UnknownHostException ignored)
+		{
+			return super.toString();
+		}
+	}
+
+	private int compareAddr(byte a[], byte b[])
+	{
+		if (a.length != b.length)
+		{
+			return (a.length < b.length) ? -1 : 1;
+		}
+		for (int i = 0; i < a.length; i++)
+		{
+			if (a[i] != b[i])
+			{
+				if (((int)a[i] & 0xff) < ((int)b[i] & 0xff))
+				{
+					return -1;
+				}
+				else
+				{
+					return 1;
+				}
+			}
+		}
+		return 0;
+	}
+
+	/**
+	 * Check if this range fully contains the given range.
+	 */
+	public boolean contains(IPRange range)
+	{
+		return compareAddr(mFrom, range.mFrom) <= 0 && compareAddr(range.mTo, mTo) <= 0;
+	}
+
+	/**
+	 * Check if this and the given range overlap.
+	 */
+	public boolean overlaps(IPRange range)
+	{
+		return !(compareAddr(mTo, range.mFrom) < 0 || compareAddr(range.mTo, mFrom) < 0);
+	}
+
+	private byte[] dec(byte[] addr)
+	{
+		for (int i = addr.length - 1; i >= 0; i--)
+		{
+			if (--addr[i] != (byte)0xff)
+			{
+				break;
+			}
+		}
+		return addr;
+	}
+
+	private byte[] inc(byte[] addr)
+	{
+		for (int i = addr.length - 1; i >= 0; i--)
+		{
+			if (++addr[i] != 0)
+			{
+				break;
+			}
+		}
+		return addr;
+	}
+
+	/**
+	 * Remove the given range from the current range.  Returns a list of resulting ranges (these are
+	 * not proper subnets). At most two ranges are returned, in case the given range is contained in
+	 * this but does not equal it, which would result in an empty list (which is also the case if
+	 * this range is fully contained in the given range).
+	 */
+	public List<IPRange> remove(IPRange range)
+	{
+		ArrayList<IPRange> list = new ArrayList<>();
+		if (!overlaps(range))
+		{	/*           | this | or | this |
+		     * | range |                     | range | */
+			list.add(this);
+		}
+		else if (!range.contains(this))
+		{	/* we are not completely removed, so none of these cases applies:
+			 * | this  | or  | this  |   or   | this  |
+		     * | range |     | range   |    |   range | */
+			if (compareAddr(mFrom, range.mFrom) < 0 && compareAddr(range.mTo, mTo) < 0)
+			{	/* the removed range is completely within our boundaries:
+				 * |    this    |
+				 *   | range |   */
+				list.add(new IPRange(mFrom, dec(range.mFrom.clone())));
+				list.add(new IPRange(inc(range.mTo.clone()), mTo));
+			}
+			else
+			{	/* one end is within our boundaries the other at or outside it:
+			     * | this     | or    | this     | or | this    |  or  | this    |
+			     * | range |       | range |            | range |           | range | */
+				byte[] from = compareAddr(mFrom, range.mFrom) < 0 ? mFrom : inc(range.mTo.clone());
+				byte[] to = compareAddr(mTo, range.mTo) > 0 ? mTo : dec(range.mFrom.clone());
+				list.add(new IPRange(from, to));
+			}
+		}
+		return list;
+	}
+
+	private boolean adjacent(IPRange range)
+	{
+		if (compareAddr(mTo, range.mFrom) < 0)
+		{
+			byte[] to = inc(mTo.clone());
+			return compareAddr(to, range.mFrom) == 0;
+		}
+		byte[] from = dec(mFrom.clone());
+		return compareAddr(from, range.mTo) == 0;
+	}
+
+	/**
+	 * Merge two adjacent or overlapping ranges, returns null if it's not possible to merge them.
+	 */
+	public IPRange merge(IPRange range)
+	{
+		if (overlaps(range))
+		{
+			if (contains(range))
+			{
+				return this;
+			}
+			else if (range.contains(this))
+			{
+				return range;
+			}
+		}
+		else if (!adjacent(range))
+		{
+			return null;
+		}
+		byte[] from = compareAddr(mFrom, range.mFrom) < 0 ? mFrom : range.mFrom;
+		byte[] to = compareAddr(mTo, range.mTo) > 0 ? mTo : range.mTo;
+		return new IPRange(from, to);
+	}
+
+	/**
+	 * Split the given range into a sorted list of proper subnets.
+	 */
+	public List<IPRange> toSubnets()
+	{
+		ArrayList<IPRange> list = new ArrayList<>();
+		if (mPrefix != null)
+		{
+			list.add(this);
+		}
+		else
+		{
+			int i = 0, bit = 0, prefix, netmask, common_byte, common_bit;
+			int from_cur, from_prev = 0, to_cur, to_prev = 1;
+			boolean from_full = true, to_full = true;
+
+			byte[] from = mFrom.clone();
+			byte[] to = mTo.clone();
+
+			/* find a common prefix */
+			while (i < from.length && (from[i] & mBitmask[bit]) == (to[i] & mBitmask[bit]))
+			{
+				if (++bit == 8)
+				{
+					bit = 0;
+					i++;
+				}
+			}
+			prefix = i * 8 + bit;
+
+			/* at this point we know that the addresses are either equal, or that the
+			 * current bits in the 'from' and 'to' addresses are 0 and 1, respectively.
+			 * we now look at the rest of the bits as two binary trees (0=left, 1=right)
+			 * where 'from' and 'to' are both leaf nodes.  all leaf nodes between these
+			 * nodes are addresses contained in the range.  to collect them as subnets
+			 * we follow the trees from both leaf nodes to their root node and record
+			 * all complete subtrees (right for from, left for to) we come across as
+			 * subnets.  in that process host bits are zeroed out.  if both addresses
+			 * are equal we won't enter the loop below.
+			 *      0_____|_____1       for the 'from' address we assume we start on a
+			 *   0__|__ 1    0__|__1    left subtree (0) and follow the left edges until
+			 *  _|_   _|_   _|_   _|_   we reach the root of this subtree, which is
+			 * |   | |   | |   | |   |  either the root of this whole 'from'-subtree
+			 * 0   1 0   1 0   1 0   1  (causing us to leave the loop) or the root node
+			 * of the right subtree (1) of another node (which actually could be the
+			 * leaf node we start from).  that whole subtree gets recorded as subnet.
+			 * next we follow the right edges to the root of that subtree which again is
+			 * either the 'from'-root or the root node in the left subtree (0) of
+			 * another node.  the complete right subtree of that node is the next subnet
+			 * we record.  from there we assume that we are in that right subtree and
+			 * recursively follow right edges to its root.  for the 'to' address the
+			 * procedure is exactly the same but with left and right reversed.
+			 */
+			if (++bit == 8)
+			{
+				bit = 0;
+				i++;
+			}
+			common_byte = i;
+			common_bit = bit;
+			netmask = from.length * 8;
+			for (i = from.length - 1; i >= common_byte; i--)
+			{
+				int bit_min = (i == common_byte) ? common_bit : 0;
+				for (bit = 7; bit >= bit_min; bit--)
+				{
+					byte mask = mBitmask[bit];
+
+					from_cur = from[i] & mask;
+					if (from_prev == 0 && from_cur != 0)
+					{	/* 0 -> 1: subnet is the whole current (right) subtree */
+						list.add(new IPRange(from.clone(), netmask));
+						from_full = false;
+					}
+					else if (from_prev != 0 && from_cur == 0)
+					{	/* 1 -> 0: invert bit to switch to right subtree and add it */
+						from[i] ^= mask;
+						list.add(new IPRange(from.clone(), netmask));
+						from_cur = 1;
+					}
+					/* clear the current bit */
+					from[i] &= ~mask;
+					from_prev = from_cur;
+
+					to_cur = to[i] & mask;
+					if (to_prev != 0 && to_cur == 0)
+					{	/* 1 -> 0: subnet is the whole current (left) subtree */
+						list.add(new IPRange(to.clone(), netmask));
+						to_full = false;
+					}
+					else if (to_prev == 0 && to_cur != 0)
+					{	/* 0 -> 1: invert bit to switch to left subtree and add it */
+						to[i] ^= mask;
+						list.add(new IPRange(to.clone(), netmask));
+						to_cur = 0;
+					}
+					/* clear the current bit */
+					to[i] &= ~mask;
+					to_prev = to_cur;
+					netmask--;
+				}
+			}
+
+			if (from_full && to_full)
+			{	/* full subnet (from=to or from=0.. and to=1.. after common prefix) - not reachable
+				 * due to the shortcut at the top */
+				list.add(new IPRange(from.clone(), prefix));
+			}
+			else if (from_full)
+			{	/* full from subnet (from=0.. after prefix) */
+				list.add(new IPRange(from.clone(), prefix + 1));
+			}
+			else if (to_full)
+			{	/* full to subnet (to=1.. after prefix) */
+				list.add(new IPRange(to.clone(), prefix + 1));
+			}
+		}
+		Collections.sort(list);
+		return list;
+	}
+}
@@ -0,0 +1,223 @@
+/*
+ * Copyright (C) 2012-2017 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+package com.wireguard.config;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Iterator;
+import java.util.List;
+import java.util.TreeSet;
+
+/**
+ * Class that represents a set of IP address ranges (not necessarily proper subnets) and allows
+ * modifying the set and enumerating the resulting subnets.
+ */
+public class IPRangeSet implements Iterable<IPRange>
+{
+	private TreeSet<IPRange> mRanges = new TreeSet<>();
+
+	/**
+	 * Parse the given string (space separated ranges in CIDR or range notation) and return the
+	 * resulting set or {@code null} if the string was invalid. An empty set is returned if the given string
+	 * is {@code null}.
+	 */
+	public static IPRangeSet fromString(String ranges)
+	{
+		IPRangeSet set = new IPRangeSet();
+		if (ranges != null)
+		{
+			for (String range : ranges.split("\\s+"))
+			{
+				try
+				{
+					set.add(new IPRange(range));
+				}
+				catch (Exception unused)
+				{	/* besides due to invalid strings exceptions might get thrown if the string
+					 * contains a hostname (NetworkOnMainThreadException) */
+					return null;
+				}
+			}
+		}
+		return set;
+	}
+
+	/**
+	 * Add a range to this set. Automatically gets merged with existing ranges.
+	 */
+	public void add(IPRange range)
+	{
+		if (mRanges.contains(range))
+		{
+			return;
+		}
+		reinsert:
+		while (true)
+		{
+			Iterator<IPRange> iterator = mRanges.iterator();
+			while (iterator.hasNext())
+			{
+				IPRange existing = iterator.next();
+				IPRange replacement = existing.merge(range);
+				if (replacement != null)
+				{
+					iterator.remove();
+					range = replacement;
+					continue reinsert;
+				}
+			}
+			mRanges.add(range);
+			break;
+		}
+	}
+
+	/**
+	 * Add all ranges from the given set.
+	 */
+	public void add(IPRangeSet ranges)
+	{
+		if (ranges == this)
+		{
+			return;
+		}
+		for (IPRange range : ranges.mRanges)
+		{
+			add(range);
+		}
+	}
+
+	/**
+	 * Add all ranges from the given collection to this set.
+	 */
+	public void addAll(Collection<? extends IPRange> coll)
+	{
+		for (IPRange range : coll)
+		{
+			add(range);
+		}
+	}
+
+	/**
+	 * Remove the given range from this set. Existing ranges are automatically adjusted.
+	 */
+	public void remove(IPRange range)
+	{
+		ArrayList <IPRange> additions = new ArrayList<>();
+		Iterator<IPRange> iterator = mRanges.iterator();
+		while (iterator.hasNext())
+		{
+			IPRange existing = iterator.next();
+			List<IPRange> result = existing.remove(range);
+			if (result.size() == 0)
+			{
+				iterator.remove();
+			}
+			else if (!result.get(0).equals(existing))
+			{
+				iterator.remove();
+				additions.addAll(result);
+			}
+		}
+		mRanges.addAll(additions);
+	}
+
+	/**
+	 * Remove the given ranges from ranges in this set.
+	 */
+	public void remove(IPRangeSet ranges)
+	{
+		if (ranges == this)
+		{
+			mRanges.clear();
+			return;
+		}
+		for (IPRange range : ranges.mRanges)
+		{
+			remove(range);
+		}
+	}
+
+	/**
+	 * Get all the subnets derived from all the ranges in this set.
+	 */
+	public Iterable<IPRange> subnets()
+	{
+		return new Iterable<IPRange>()
+		{
+			@Override
+			public Iterator<IPRange> iterator()
+			{
+				return new Iterator<IPRange>()
+				{
+					private Iterator<IPRange> mIterator = mRanges.iterator();
+					private List<IPRange> mSubnets;
+
+					@Override
+					public boolean hasNext()
+					{
+						return (mSubnets != null && mSubnets.size() > 0) || mIterator.hasNext();
+					}
+
+					@Override
+					public IPRange next()
+					{
+						if (mSubnets == null || mSubnets.size() == 0)
+						{
+							IPRange range = mIterator.next();
+							mSubnets = range.toSubnets();
+						}
+						return mSubnets.remove(0);
+					}
+
+					@Override
+					public void remove()
+					{
+						throw new UnsupportedOperationException();
+					}
+				};
+			}
+		};
+	}
+
+	@Override
+	public Iterator<IPRange> iterator()
+	{
+		return mRanges.iterator();
+	}
+
+	/**
+	 * Returns the number of ranges, not subnets.
+	 */
+	public int size()
+	{
+		return mRanges.size();
+	}
+
+	@Override
+	public String toString()
+	{	/* we could use TextUtils, but that causes the unit tests to fail */
+		StringBuilder sb = new StringBuilder();
+		for (IPRange range : mRanges)
+		{
+			if (sb.length() > 0)
+			{
+				sb.append(" ");
+			}
+			sb.append(range.toString());
+		}
+		return sb.toString();
+	}
+}
@@ -31,7 +31,7 @@ public final class InetEndpoint {
  private final boolean isResolved;
  private final Object lock = new Object();
  private final int port;
-  private Instant lastResolution = Instant.EPOCH;
+  private long lastResolution;
  @Nullable private InetEndpoint resolved;

  private InetEndpoint(final String host, final boolean isResolved, final int port) {
@@ -89,7 +89,7 @@ public final class InetEndpoint {
      return Optional.of(this);
    synchronized (lock) {
      // TODO(zx2c4): Implement a real timeout mechanism using DNS TTL
-      if (Duration.between(lastResolution, Instant.now()).toMinutes() > 1) {
+      if (System.currentTimeMillis() - lastResolution > 60000L) {
        try {
          // Prefer v4 endpoints over v6 to work around DNS64 and IPv6 NAT issues.
          final InetAddress[] candidates = InetAddress.getAllByName(host);
@@ -101,7 +101,7 @@ public final class InetEndpoint {
            }
          }
          resolved = new InetEndpoint(address.getHostAddress(), true, port);
-          lastResolution = Instant.now();
+          lastResolution = System.currentTimeMillis();
        } catch (final UnknownHostException e) {
          resolved = null;
        }
@@ -0,0 +1,77 @@
+/*
+ * Copyright (C) 2014-2019 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+package com.wireguard.config;
+
+
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+
+public class Utils
+{
+	static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();
+
+	/**
+	 * Converts the given byte array to a hexadecimal string encoding.
+	 *
+	 * @param bytes byte array to convert
+	 * @return hex string
+	 */
+	public static String bytesToHex(byte[] bytes)
+	{
+		char[] hex = new char[bytes.length * 2];
+		for (int i = 0; i < bytes.length; i++)
+		{
+			int value = bytes[i];
+			hex[i*2]   = HEXDIGITS[(value & 0xf0) >> 4];
+			hex[i*2+1] = HEXDIGITS[ value & 0x0f];
+		}
+		return new String(hex);
+	}
+
+	/**
+	 * Validate the given proposal string
+	 *
+	 * @param ike true for IKE, false for ESP
+	 * @param proposal proposal string
+	 * @return true if valid
+	 */
+	public native static boolean isProposalValid(boolean ike, String proposal);
+
+	/**
+	 * Parse an IP address without doing a name lookup
+	 *
+	 * @param address IP address string
+	 * @return address bytes if valid
+	 */
+	private native static byte[] parseInetAddressBytes(String address);
+
+	/**
+	 * Parse an IP address without doing a name lookup (as compared to InetAddress.fromName())
+	 *
+	 * @param address IP address string
+	 * @return address if valid
+	 * @throws UnknownHostException if address is invalid
+	 */
+	public static InetAddress parseInetAddress(String address) throws UnknownHostException
+	{
+		byte[] bytes = parseInetAddressBytes(address);
+		if (bytes == null)
+		{
+			throw new UnknownHostException();
+		}
+		return InetAddress.getByAddress(bytes);
+	}
+}
@@ -12,6 +12,7 @@ import android.content.Intent
 import android.os.Build
 import android.os.Parcel
 import androidx.core.app.NotificationCompat
+import org.amnezia.vpn.shadowsocks.core.R
 import org.json.JSONObject

 object NotificationUtil {
@@ -102,7 +103,7 @@ object NotificationUtil {
        val pendingIntent = PendingIntent.getActivity(service, 0, intent, PendingIntent.FLAG_IMMUTABLE or PendingIntent.FLAG_UPDATE_CURRENT)
        // Build our notification
        sNotificationBuilder?.let {
-            it.setSmallIcon(org.amnezia.vpn.R.drawable.ic_amnezia_round)
+            it.setSmallIcon(R.drawable.ic_amnezia_round)
                .setContentTitle(header)
                .setContentText(message)
                .setOnlyAlertOnce(true)
@@ -16,6 +16,8 @@ import com.wireguard.crypto.Key
 import org.json.JSONObject
 import java.util.Base64

+import com.wireguard.config.*
+
 import net.openvpn.ovpn3.ClientAPI_Config
 import net.openvpn.ovpn3.ClientAPI_EvalConfig
 import net.openvpn.ovpn3.ClientAPI_Event
@@ -72,6 +74,8 @@ class OpenVPNThreadv3(var service: VPNService): ClientAPI_OpenVPNClient(), Runna

        val jsonVpnConfig = mService.getVpnConfig()
        val ovpnConfig = jsonVpnConfig.getJSONObject("openvpn_config_data").getString("config")
+        val splitTunnelType = jsonVpnConfig.getInt("splitTunnelType")
+        val splitTunnelSites = jsonVpnConfig.getJSONArray("splitTunnelSites")

        val resultingConfig = StringBuilder()
        resultingConfig.append(ovpnConfig)
@@ -79,29 +83,32 @@ class OpenVPNThreadv3(var service: VPNService): ClientAPI_OpenVPNClient(), Runna
        if (jsonVpnConfig.getString("protocol") == "cloak") {
            val cloakConfigJson: JSONObject = jsonVpnConfig.getJSONObject("cloak_config_data")

-            if (cloakConfigJson.keySet().contains("NumConn")) {
+            if (cloakConfigJson.has("NumConn")) {
                cloakConfigJson.put("NumConn", 1)
            }

-            if (cloakConfigJson.keySet().contains("ProxyMethod")) {
+            if (cloakConfigJson.has("ProxyMethod")) {
                cloakConfigJson.put("ProxyMethod", "openvpn")
            }

-            if (cloakConfigJson.keySet().contains("port")) {
+            if (cloakConfigJson.has("port")) {
                val portValue = cloakConfigJson.get("port")
                cloakConfigJson.remove("port")
                cloakConfigJson.put("RemotePort", portValue)
            }

-            if (cloakConfigJson.keySet().contains("remote")) {
+            if (cloakConfigJson.has("remote")) {
                val hostValue = cloakConfigJson.get("remote")
                cloakConfigJson.remove("remote")
                cloakConfigJson.put("RemoteHost", hostValue)
            }

-            val cloakConfig = Base64.getEncoder().encodeToString(
-                jsonVpnConfig.getJSONObject("cloak_config_data").toString().toByteArray()
-            )
+            val cloakConfigData = jsonVpnConfig.getJSONObject("cloak_config_data").toString().toByteArray()
+            val cloakConfig = if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) {
+                Base64.getEncoder().encodeToString(cloakConfigData)
+            } else {
+                android.util.Base64.encodeToString(cloakConfigData, android.util.Base64.DEFAULT)
+            }

            resultingConfig.append("\n<cloak>\n")
            resultingConfig.append(cloakConfig)
@@ -115,6 +122,7 @@ class OpenVPNThreadv3(var service: VPNService): ClientAPI_OpenVPNClient(), Runna
        eval_config(config)

        val status = connect()
+        
        if (status.getError()) {
            Log.i(tag, "connect() error: " + status.getError() + ": " + status.getMessage())
        }
@@ -139,6 +147,31 @@ class OpenVPNThreadv3(var service: VPNService): ClientAPI_OpenVPNClient(), Runna

    override fun tun_builder_establish(): Int {
        Log.v(tag, "tun_builder_establish")
+        val jsonVpnConfig = mService.getVpnConfig()
+
+        val splitTunnelType = jsonVpnConfig.getInt("splitTunnelType")
+        val splitTunnelSites = jsonVpnConfig.getJSONArray("splitTunnelSites")
+        if (splitTunnelType == 1) {
+            for (i in 0 until splitTunnelSites.length()) {
+                val site = splitTunnelSites.getString(i)
+                val ipRange = IPRange(site)
+                mService.addRoute(ipRange.getFrom().getHostAddress(), ipRange.getPrefix())
+            }
+        }
+        if (splitTunnelType == 2) {
+            val ipRangeSet = IPRangeSet.fromString("0.0.0.0/0")
+            ipRangeSet.remove(IPRange("127.0.0.0/8"))
+            for (i in 0 until splitTunnelSites.length()) {
+                val site = splitTunnelSites.getString(i)
+                ipRangeSet.remove(IPRange(site))
+            }
+            ipRangeSet.subnets().forEach {
+                mService.addRoute(it.getFrom().getHostAddress(), it.getPrefix())
+                Thread.sleep(10)
+            }
+            mService.addRoute("2000::", 3)
+        }
+
        return mService.establish()!!.detachFd()
    }

@@ -564,6 +564,7 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
        return parseData
    }
    
+    
    /**
     * Create a Wireguard [Config]  from a [json] string -
     * The [json] will be created in AndroidVpnProtocol.cpp
@@ -571,29 +572,67 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
    private fun buildWireguardConfig(obj: JSONObject, type: String): Config {
        val confBuilder = Config.Builder()
        val wireguardConfigData = obj.getJSONObject(type)
+        val splitTunnelType = obj.getInt("splitTunnelType")
+        val splitTunnelSites = obj.getJSONArray("splitTunnelSites")
+
        val config = parseConfigData(wireguardConfigData.getString("config"))
        val peerBuilder = Peer.Builder()
        val peerConfig = config["Peer"]!!
        peerBuilder.setPublicKey(Key.fromBase64(peerConfig["PublicKey"]))
-        peerConfig["PresharedKey"]?.let {
-            peerBuilder.setPreSharedKey(Key.fromBase64(it))
+        peerConfig["PresharedKey"]?.let { peerBuilder.setPreSharedKey(Key.fromBase64(it)) }
+
+        val allIpString = peerConfig["AllowedIPs"]
+
+        var allowedIPList = peerConfig["AllowedIPs"]?.split(",") ?: emptyList()
+
+        /* default value in template */
+        if (allIpString == "0.0.0.0/0, ::/0") {
+            allowedIPList = emptyList()
        }
-        val allowedIPList = peerConfig["AllowedIPs"]?.split(",") ?: emptyList()
-        if (allowedIPList.isEmpty()) {
-            val internet = InetNetwork.parse("0.0.0.0/0") // aka The whole internet.
-            peerBuilder.addAllowedIp(internet)
+
+        if (allowedIPList.isEmpty() && (splitTunnelType == 0)) {
+            /* AllowedIP is empty and splitTunnel is turnoff */
+            /* use VPN for whole Internet */
+            val internetV4 = InetNetwork.parse("0.0.0.0/0") // aka The whole internet.
+            peerBuilder.addAllowedIp(internetV4)
+            val internetV6 = InetNetwork.parse("::/0") // aka The whole internet.
+            peerBuilder.addAllowedIp(internetV6)
        } else {
-            allowedIPList.forEach {
-                val network = InetNetwork.parse(it.trim())
-                peerBuilder.addAllowedIp(network)
+            if (!allowedIPList.isEmpty()) {
+                /* We have predefined AllowedIP in WG config */
+                /* It's have higher priority than system SplitTunnel */
+                allowedIPList.forEach {
+                    val network = InetNetwork.parse(it.trim())
+                    peerBuilder.addAllowedIp(network)
+                }
+            } else {
+                if (splitTunnelType == 1) {
+                    /* Use system SplitTunnel */
+                    /* VPN connection used only for defined IPs */
+                    for (i in 0 until splitTunnelSites.length()) {
+                        val site = splitTunnelSites.getString(i)
+                        val internet = InetNetwork.parse(site)
+                        peerBuilder.addAllowedIp(internet)
+                    }
+                }
+                if (splitTunnelType == 2) {
+                    /* Use system SplitTunnel */
+                    /* VPN connection used for all Internet exclude defined IPs */
+                    val ipRangeSet = IPRangeSet.fromString("0.0.0.0/0")
+                    ipRangeSet.remove(IPRange("127.0.0.0/8"))
+                    for (i in 0 until splitTunnelSites.length()) {
+                        val site = splitTunnelSites.getString(i)
+                        ipRangeSet.remove(IPRange(site))
+                    }
+                    val allowedIps = ipRangeSet.subnets().joinToString(", ") + ", 2000::/3"
+                    peerBuilder.parseAllowedIPs(allowedIps)
+                }
            }
        }
        val endpointConfig = peerConfig["Endpoint"]
        val endpoint = InetEndpoint.parse(endpointConfig)
        peerBuilder.setEndpoint(endpoint)
-        peerConfig["PersistentKeepalive"]?.let {
-            peerBuilder.setPersistentKeepalive(it.toInt())
-        }
+        peerConfig["PersistentKeepalive"]?.let { peerBuilder.setPersistentKeepalive(it.toInt()) }
        confBuilder.addPeer(peerBuilder.build())

        val ifaceBuilder = Interface.Builder()
@@ -603,7 +642,7 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
        ifaceConfig["DNS"]!!.split(",").forEach {
            ifaceBuilder.addDnsServer(InetNetwork.parse(it.trim()).address)
        }
-        
+
        ifaceBuilder.parsePrivateKey(ifaceConfig["PrivateKey"])
        if (type == "awg_config_data") {
            ifaceBuilder.parseJc(ifaceConfig["Jc"])
@@ -624,14 +663,13 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
            ifaceBuilder.parseH1("0")
            ifaceBuilder.parseH2("0")
            ifaceBuilder.parseH3("0")
-            ifaceBuilder.parseH4("0")           
-        
+            ifaceBuilder.parseH4("0")
        }
        /*val jExcludedApplication = obj.getJSONArray("excludedApps")
-    (0 until jExcludedApplication.length()).toList().forEach {
+        (0 until jExcludedApplication.length()).toList().forEach {
        val appName = jExcludedApplication.get(it).toString()
        ifaceBuilder.excludeApplication(appName)
-    }*/
+        }*/
        confBuilder.setInterface(ifaceBuilder.build())

        return confBuilder.build()
@@ -746,13 +784,13 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {

    private fun startWireGuard(type: String) {
        val wireguard_conf = buildWireguardConfig(mConfig!!, type + "_config_data")
-        Log.i(tag, "startWireGuard: wireguard_conf : $wireguard_conf")
        if (currentTunnelHandle != -1) {
            Log.e(tag, "Tunnel already up")
            // Turn the tunnel down because this might be a switch
            GoBackend.wgTurnOff(currentTunnelHandle)
        }
        val wgConfig: String = wireguard_conf.toWgUserspaceString()
+        
        val builder = Builder()
        setupBuilder(wireguard_conf, builder)
        builder.setSession("Amnezia")
@@ -1,4 +1,20 @@
 message("Client android ${CMAKE_ANDROID_ARCH_ABI} build")
+
+set(APP_ANDROID_MIN_SDK 24)
+set(ANDROID_PLATFORM "android-${APP_ANDROID_MIN_SDK}" CACHE STRING
+    "The minimum API level supported by the application or library" FORCE)
+
+set_target_properties(${PROJECT} PROPERTIES
+    QT_ANDROID_VERSION_NAME ${CMAKE_PROJECT_VERSION}
+    QT_ANDROID_VERSION_CODE ${APP_ANDROID_VERSION_CODE}
+    QT_ANDROID_MIN_SDK_VERSION ${APP_ANDROID_MIN_SDK}
+    QT_ANDROID_TARGET_SDK_VERSION 34
+    QT_ANDROID_SDK_BUILD_TOOLS_REVISION 34.0.0
+    QT_ANDROID_PACKAGE_SOURCE_DIR ${CMAKE_CURRENT_SOURCE_DIR}/android
+)
+
+set(QT_ANDROID_MULTI_ABI_FORWARD_VARS "QT_NO_GLOBAL_APK_TARGET_PART_OF_ALL;CMAKE_BUILD_TYPE")
+
 # We need to include qtprivate api's
 # As QAndroidBinder is not yet implemented with a public api
 set(LIBS ${LIBS} Qt6::CorePrivate)
@@ -23,39 +39,6 @@ set(SOURCES ${SOURCES}
    ${CMAKE_CURRENT_SOURCE_DIR}/protocols/android_vpnprotocol.cpp
 )

-add_custom_command(
-    TARGET ${PROJECT} POST_BUILD
-    COMMAND ${CMAKE_COMMAND} -E copy
-    ${CMAKE_CURRENT_SOURCE_DIR}/android/AndroidManifest.xml
-    ${CMAKE_CURRENT_SOURCE_DIR}/android/build.gradle
-    ${CMAKE_CURRENT_SOURCE_DIR}/android/gradle/wrapper/gradle-wrapper.jar
-    ${CMAKE_CURRENT_SOURCE_DIR}/android/gradle/wrapper/gradle-wrapper.properties
-    ${CMAKE_CURRENT_SOURCE_DIR}/android/gradlew
-    ${CMAKE_CURRENT_SOURCE_DIR}/android/gradlew.bat
-    ${CMAKE_CURRENT_SOURCE_DIR}/android/gradle.properties
-    ${CMAKE_CURRENT_SOURCE_DIR}/android/res/values/libs.xml
-    ${CMAKE_CURRENT_SOURCE_DIR}/android/res/xml/fileprovider.xml
-    ${CMAKE_CURRENT_SOURCE_DIR}/android/src/org/amnezia/vpn/AuthHelper.java
-    ${CMAKE_CURRENT_SOURCE_DIR}/android/src/org/amnezia/vpn/IPCContract.kt
-    ${CMAKE_CURRENT_SOURCE_DIR}/android/src/org/amnezia/vpn/NotificationUtil.kt
-    ${CMAKE_CURRENT_SOURCE_DIR}/android/src/org/amnezia/vpn/OpenVPNThreadv3.kt
-    ${CMAKE_CURRENT_SOURCE_DIR}/android/src/org/amnezia/vpn/Prefs.kt
-    ${CMAKE_CURRENT_SOURCE_DIR}/android/src/org/amnezia/vpn/VPNLogger.kt
-    ${CMAKE_CURRENT_SOURCE_DIR}/android/src/org/amnezia/vpn/VPNService.kt
-    ${CMAKE_CURRENT_SOURCE_DIR}/android/src/org/amnezia/vpn/VPNServiceBinder.kt
-    ${CMAKE_CURRENT_SOURCE_DIR}/android/src/org/amnezia/vpn/qt/AmneziaApp.kt
-    ${CMAKE_CURRENT_SOURCE_DIR}/android/src/org/amnezia/vpn/qt/PackageManagerHelper.java
-    ${CMAKE_CURRENT_SOURCE_DIR}/android/src/org/amnezia/vpn/qt/VPNActivity.kt
-    ${CMAKE_CURRENT_SOURCE_DIR}/android/src/org/amnezia/vpn/qt/VPNClientBinder.kt
-    ${CMAKE_CURRENT_SOURCE_DIR}/android/src/org/amnezia/vpn/qt/VPNPermissionHelper.kt
-    ${CMAKE_CURRENT_BINARY_DIR}
-)
-
-set_property(TARGET ${PROJECT} PROPERTY
-    QT_ANDROID_PACKAGE_SOURCE_DIR
-    ${CMAKE_CURRENT_SOURCE_DIR}/android
-)
-
 foreach(abi IN ITEMS ${QT_ANDROID_ABIS})
    set_property(TARGET ${PROJECT} PROPERTY QT_ANDROID_EXTRA_LIBS
        ${CMAKE_CURRENT_SOURCE_DIR}/3rd-prebuilt/3rd-prebuilt/wireguard/android/${abi}/libwg.so
@@ -131,10 +131,13 @@ QString OpenVpnConfigurator::processConfigWithLocalSettings(QString jsonConfig)
        config.append("block-ipv6\n");
    }
    if (m_settings->routeMode() == Settings::VpnOnlyForwardSites) {
+        
        // no redirect-gateway
    }
    if (m_settings->routeMode() == Settings::VpnAllExceptSites) {
+#ifndef Q_OS_ANDROID    
        config.append("\nredirect-gateway ipv6 !ipv4 bypass-dhcp\n");
+#endif       
        // Prevent ipv6 leak
        config.append("ifconfig-ipv6 fd15:53b6:dead::2/64  fd15:53b6:dead::1\n");
        config.append("block-ipv6\n");
@@ -167,11 +167,8 @@ ErrorCode ServerController::uploadTextFileToContainer(DockerContainer container,
        return ErrorCode::ServerContainerMissingError;
    }

-    runScript(credentials,
-              replaceVars(QString("sudo shred %1").arg(tmpFileName), genVarsForScript(credentials, container)));
-
-    runScript(credentials, replaceVars(QString("sudo rm %1").arg(tmpFileName), genVarsForScript(credentials, container)));
-
+    runScript(credentials, 
+              replaceVars(QString("sudo shred -u %1").arg(tmpFileName), genVarsForScript(credentials, container)));
    return e;
 }

@@ -115,8 +115,12 @@ void LocalSocketController::daemonConnected() {
 }

 void LocalSocketController::activate(const QJsonObject &rawConfig) {
+
  QString protocolName = rawConfig.value("protocol").toString();

+  int splitTunnelType = rawConfig.value("splitTunnelType").toInt();
+  QJsonArray splitTunnelSites = rawConfig.value("splitTunnelSites").toArray();
+
  QJsonObject wgConfig = rawConfig.value(protocolName + "_config_data").toObject();

  QJsonObject json;
@@ -137,23 +141,79 @@ void LocalSocketController::activate(const QJsonObject &rawConfig) {

  QJsonArray jsAllowedIPAddesses;

-  QJsonObject range_ipv4;
-  range_ipv4.insert("address", "0.0.0.0");
-  range_ipv4.insert("range", 0);
-  range_ipv4.insert("isIpv6", false);
-  jsAllowedIPAddesses.append(range_ipv4);
+  QJsonArray plainAllowedIP = wgConfig.value(amnezia::config_key::allowed_ips).toArray();
+  QJsonArray defaultAllowedIP = QJsonArray::fromStringList(QString("0.0.0.0/0, ::/0").split(","));

-  QJsonObject range_ipv6;
-  range_ipv6.insert("address", "::");
-  range_ipv6.insert("range", 0);
-  range_ipv6.insert("isIpv6", true);
-  jsAllowedIPAddesses.append(range_ipv6);
+  if (plainAllowedIP != defaultAllowedIP && !plainAllowedIP.isEmpty()) {
+    // Use AllowedIP list from WG config bacouse of higer priority
+
+    for (auto v : plainAllowedIP) {
+      QString ipRange = v.toString();
+      qDebug() << "ipRange " << ipRange;
+      if (ipRange.split('/').size() > 1){
+          QJsonObject range;
+          range.insert("address", ipRange.split('/')[0]);
+          range.insert("range", atoi(ipRange.split('/')[1].toLocal8Bit()));
+          range.insert("isIpv6", false);
+          jsAllowedIPAddesses.append(range);
+      } else {
+          QJsonObject range;
+          range.insert("address",ipRange);
+          range.insert("range", 32);
+          range.insert("isIpv6", false);
+          jsAllowedIPAddesses.append(range);
+      }
+    }
+  } else {
+
+    // Use APP split tunnel
+      if (splitTunnelType == 0 || splitTunnelType == 2) {
+          QJsonObject range_ipv4;
+          range_ipv4.insert("address", "0.0.0.0");
+          range_ipv4.insert("range", 0);
+          range_ipv4.insert("isIpv6", false);
+          jsAllowedIPAddesses.append(range_ipv4);
+
+          QJsonObject range_ipv6;
+          range_ipv6.insert("address", "::");
+          range_ipv6.insert("range", 0);
+          range_ipv6.insert("isIpv6", true);
+          jsAllowedIPAddesses.append(range_ipv6);
+      }
+
+      if (splitTunnelType == 1) {
+          for (auto v : splitTunnelSites) {
+              QString ipRange = v.toString();
+              qDebug() << "ipRange " << ipRange;
+              if (ipRange.split('/').size() > 1){
+                  QJsonObject range;
+                  range.insert("address", ipRange.split('/')[0]);
+                  range.insert("range", atoi(ipRange.split('/')[1].toLocal8Bit()));
+                  range.insert("isIpv6", false);
+                  jsAllowedIPAddesses.append(range);
+              } else {
+                  QJsonObject range;
+                  range.insert("address",ipRange);
+                  range.insert("range", 32);
+                  range.insert("isIpv6", false);
+                  jsAllowedIPAddesses.append(range);
+              }
+          }
+      }
+  }

  json.insert("allowedIPAddressRanges", jsAllowedIPAddesses);


  QJsonArray jsExcludedAddresses;
  jsExcludedAddresses.append(wgConfig.value(amnezia::config_key::hostName));
+  if (splitTunnelType == 2) {
+    for (auto v : splitTunnelSites) {
+          QString ipRange = v.toString();
+          jsExcludedAddresses.append(ipRange);
+      }
+  }
+
  json.insert("excludedAddresses", jsExcludedAddresses);


@@ -28,6 +28,8 @@ struct MessageKey
    static const char *host;
    static const char *port;
    static const char *isOnDemand;
+    static const char *SplitTunnelType;
+    static const char *SplitTunnelSites;
 };

 class IosController : public QObject
@@ -29,6 +29,9 @@ const char* MessageKey::errorCode = "errorCode";
 const char* MessageKey::host = "host";
 const char* MessageKey::port = "port";
 const char* MessageKey::isOnDemand = "is-on-demand";
+const char* MessageKey::SplitTunnelType = "SplitTunnelType";
+const char* MessageKey::SplitTunnelSites = "SplitTunnelSites";
+

 Vpn::ConnectionState iosStatusToState(NEVPNStatus status) {
  switch (status) {
@@ -351,6 +354,13 @@ void IosController::startTunnel()
 {
    m_rxBytes = 0;
    m_txBytes = 0;
+    
+    int STT = m_rawConfig["splitTunnelType"].toInt();
+    QJsonArray splitTunnelSites = m_rawConfig["splitTunnelSites"].toArray();
+    QJsonDocument doc;
+    doc.setArray(splitTunnelSites);
+    QString STS(doc.toJson());
+    
    [m_currentTunnel setEnabled:YES];

    [m_currentTunnel saveToPreferencesWithCompletionHandler:^(NSError *saveError) {
@@ -376,8 +386,15 @@ void IosController::startTunnel()
                    NSString *actionValue = [NSString stringWithUTF8String:Action::start];
                    NSString *tunnelIdKey = [NSString stringWithUTF8String:MessageKey::tunnelId];
                    NSString *tunnelIdValue = !m_tunnelId.isEmpty() ? m_tunnelId.toNSString() : @"";
+                    NSString *SplitTunnelTypeKey = [NSString stringWithUTF8String:MessageKey::SplitTunnelType];
+                    NSString *SplitTunnelTypeValue = [NSString stringWithFormat:@"%d",STT];
+                    NSString *SplitTunnelSitesKey = [NSString stringWithUTF8String:MessageKey::SplitTunnelSites];
+                    NSString *SplitTunnelSitesValue = STS.toNSString();
+                

-                    NSDictionary* message = @{actionKey: actionValue, tunnelIdKey: tunnelIdValue};
+                    NSDictionary* message = @{actionKey: actionValue, tunnelIdKey: tunnelIdValue,
+                    SplitTunnelTypeKey: SplitTunnelTypeValue, SplitTunnelSitesKey: SplitTunnelSitesValue};
+                
                    sendVpnExtensionMessage(message);


@@ -15,7 +15,7 @@ struct Constants {
    static let ovpnConfigKey = "ovpn"
    static let wireGuardConfigKey = "wireguard"
    static let loggerTag = "NET"
-
+    
    static let kActionStart = "start"
    static let kActionRestart = "restart"
    static let kActionStop = "stop"
@@ -29,6 +29,8 @@ struct Constants {
    static let kMessageKeyHost = "host"
    static let kMessageKeyPort = "port"
    static let kMessageKeyOnDemand = "is-on-demand"
+    static let kMessageKeySplitTunnelType = "SplitTunnelType"
+    static let kMessageKeySplitTunnelSites = "SplitTunnelSites"
 }

 class PacketTunnelProvider: NEPacketTunnelProvider {
@@ -38,7 +40,7 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
            wg_log(logLevel.osLogLevel, message: message)
        }
    }()
-
+    
    private lazy var ovpnAdapter: OpenVPNAdapter = {
        let adapter = OpenVPNAdapter()
        adapter.delegate = self
@@ -49,9 +51,11 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
    private let dispatchQueue = DispatchQueue(label: "PacketTunnel", qos: .utility)
    
    private var openVPNConfig: Data? = nil
-      
+    private var SplitTunnelType: String? = nil
+    private var SplitTunnelSites: String? = nil
+    
    let vpnReachability = OpenVPNReachability()
-
+    
    var startHandler: ((Error?) -> Void)?
    var stopHandler: (() -> Void)?
    var protoType: TunnelProtoType = .none
@@ -63,26 +67,34 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
    }
    
    override func handleAppMessage(_ messageData: Data, completionHandler: ((Data?) -> Void)? = nil) {
+        
+        let tmpStr = String(data: messageData, encoding: .utf8)!
+        wg_log(.error, message: tmpStr)
        guard let message = try? JSONSerialization.jsonObject(with: messageData, options: []) as? [String: Any] else {
            Logger.global?.log(message: "Failed to serialize message from app")
            return
        }
-
+        
        guard let completionHandler = completionHandler else {
            Logger.global?.log(message: "Missing message completion handler")
            return
        }
-
+        
        guard let action = message[Constants.kMessageKeyAction] as? String else {
            Logger.global?.log(message: "Missing action key in app message")
            completionHandler(nil)
            return
        }
-
+        
        if action == Constants.kActionStatus {
            handleStatusAppMessage(messageData, completionHandler: completionHandler)
        }
        
+        if action == Constants.kActionStart {
+            SplitTunnelType = message[Constants.kMessageKeySplitTunnelType] as? String
+            SplitTunnelSites = message[Constants.kMessageKeySplitTunnelSites] as? String
+        }
+        
        let callbackWrapper: (NSNumber?) -> Void = { errorCode in
            //let tunnelId = self.tunnelConfig?.id ?? ""
            let response: [String: Any] = [
@@ -90,11 +102,11 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
                Constants.kMessageKeyErrorCode: errorCode ?? NSNull(),
                Constants.kMessageKeyTunnelId: 0
            ]
-
+            
            completionHandler(try? JSONSerialization.data(withJSONObject: response, options: []))
        }
    }
-
+    
    override func startTunnel(options: [String: NSObject]?, completionHandler: @escaping (Error?) -> Void) {
        dispatchQueue.async {
            let activationAttemptId = options?[Constants.kActivationAttemptId] as? String
@@ -118,8 +130,8 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
            switch self.protoType {
            case .wireguard:
                self.startWireguard(activationAttemptId: activationAttemptId,
-                               errorNotifier: errorNotifier,
-                               completionHandler: completionHandler)
+                                    errorNotifier: errorNotifier,
+                                    completionHandler: completionHandler)
            case .openvpn:
                self.startOpenVPN(completionHandler: completionHandler)
            case .shadowsocks:
@@ -156,7 +168,7 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
            handleOpenVPNStatusMessage(messageData, completionHandler: completionHandler)
        case .shadowsocks:
            break
-//            handleShadowSocksAppMessage(messageData, completionHandler: completionHandler)
+            //            handleShadowSocksAppMessage(messageData, completionHandler: completionHandler)
        case .none:
            break
            
@@ -168,12 +180,13 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
                                errorNotifier: ErrorNotifier,
                                completionHandler: @escaping (Error?) -> Void) {
        guard let protocolConfiguration = self.protocolConfiguration as? NETunnelProviderProtocol,
-           let providerConfiguration = protocolConfiguration.providerConfiguration,
-           let wgConfig: Data = providerConfiguration[Constants.wireGuardConfigKey] as? Data else {
-               wg_log(.error, message: "Can't start WireGuard config missing")
-               completionHandler(nil)
-               return
-            }
+              let providerConfiguration = protocolConfiguration.providerConfiguration,
+              let wgConfig: Data = providerConfiguration[Constants.wireGuardConfigKey] as? Data else {
+            wg_log(.error, message: "Can't start WireGuard config missing")
+            completionHandler(nil)
+            return
+        }
+        
        
        let wgConfigStr = String(data: wgConfig, encoding: .utf8)!
        
@@ -182,7 +195,49 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
            completionHandler(nil)
            return
        }
-                
+        
+        
+        if (tunnelConfiguration.peers.first!.allowedIPs.map { $0.stringRepresentation }.joined(separator: ", ") == "0.0.0.0/0, ::/0") {
+            if (SplitTunnelType == "1") {
+                for index in tunnelConfiguration.peers.indices {
+                    tunnelConfiguration.peers[index].allowedIPs.removeAll()
+                    var allowedIPs = [IPAddressRange]()
+                    let STSdata = Data(SplitTunnelSites!.utf8)
+                    do {
+                        let STSArray = try JSONSerialization.jsonObject(with: STSdata) as! [String]
+                        for allowedIPString in STSArray {
+                            if let allowedIP = IPAddressRange(from: allowedIPString) {
+                                allowedIPs.append(allowedIP)
+                            }
+                        }
+                        
+                    } catch {
+                        wg_log(.error,message: "Parse JSONSerialization Error")
+                    }
+                    tunnelConfiguration.peers[index].allowedIPs = allowedIPs
+                }
+            } else {
+                if (SplitTunnelType == "2")
+                {
+                    for index in tunnelConfiguration.peers.indices {
+                        var excludeIPs = [IPAddressRange]()
+                        let STSdata = Data(SplitTunnelSites!.utf8)
+                        do {
+                            let STSarray = try JSONSerialization.jsonObject(with: STSdata) as! [String]
+                            for excludeIPString in STSarray {
+                                if let excludeIP = IPAddressRange(from: excludeIPString) {
+                                    excludeIPs.append(excludeIP)
+                                }
+                            }
+                        } catch {
+                            wg_log(.error,message: "Parse JSONSerialization Error")
+                        }
+                        tunnelConfiguration.peers[index].excludeIPs = excludeIPs
+                    }
+                }
+            }
+        }
+        
        wg_log(.info, message: "Starting wireguard tunnel from the " + (activationAttemptId == nil ? "OS directly, rather than the app" : "app"))
        
        // Start the tunnel
@@ -193,30 +248,30 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
                completionHandler(nil)
                return
            }
-
+            
            switch adapterError {
            case .cannotLocateTunnelFileDescriptor:
                wg_log(.error, staticMessage: "Starting tunnel failed: could not determine file descriptor")
                errorNotifier.notify(PacketTunnelProviderError.couldNotDetermineFileDescriptor)
                completionHandler(PacketTunnelProviderError.couldNotDetermineFileDescriptor)
-
+                
            case .dnsResolution(let dnsErrors):
                let hostnamesWithDnsResolutionFailure = dnsErrors.map { $0.address }
                    .joined(separator: ", ")
                wg_log(.error, message: "DNS resolution failed for the following hostnames: \(hostnamesWithDnsResolutionFailure)")
                errorNotifier.notify(PacketTunnelProviderError.dnsResolutionFailure)
                completionHandler(PacketTunnelProviderError.dnsResolutionFailure)
-
+                
            case .setNetworkSettings(let error):
                wg_log(.error, message: "Starting tunnel failed with setTunnelNetworkSettings returning \(error.localizedDescription)")
                errorNotifier.notify(PacketTunnelProviderError.couldNotSetNetworkSettings)
                completionHandler(PacketTunnelProviderError.couldNotSetNetworkSettings)
-
+                
            case .startWireGuardBackend(let errorCode):
                wg_log(.error, message: "Starting tunnel failed with wgTurnOn returning \(errorCode)")
                errorNotifier.notify(PacketTunnelProviderError.couldNotStartBackend)
                completionHandler(PacketTunnelProviderError.couldNotStartBackend)
-
+                
            case .invalidState:
                // Must never happen
                fatalError()
@@ -226,27 +281,27 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
    
    private func startOpenVPN(completionHandler: @escaping (Error?) -> Void) {
        guard let protocolConfiguration = self.protocolConfiguration as? NETunnelProviderProtocol,
-           let providerConfiguration = protocolConfiguration.providerConfiguration,
+              let providerConfiguration = protocolConfiguration.providerConfiguration,
              let ovpnConfiguration: Data = providerConfiguration[Constants.ovpnConfigKey] as? Data else {
            // TODO: handle errors properly
-               wg_log(.error, message: "Can't start startOpenVPN()")
+            wg_log(.error, message: "Can't start startOpenVPN()")
            return
        }
        
        setupAndlaunchOpenVPN(withConfig: ovpnConfiguration, completionHandler: completionHandler)
    }
-
+    
    private func stopWireguard(with reason: NEProviderStopReason, completionHandler: @escaping () -> Void) {
        wg_log(.info, staticMessage: "Stopping tunnel")
        
        wgAdapter.stop { error in
            ErrorNotifier.removeLastErrorFile()
-
+            
            if let error = error {
                wg_log(.error, message: "Failed to stop WireGuard adapter: \(error.localizedDescription)")
            }
            completionHandler()
-
+            
 #if os(macOS)
            // HACK: This is a filthy hack to work around Apple bug 32073323 (dup'd by us as 47526107).
            // Remove it when they finally fix this upstream and the fix has been rolled out to
@@ -263,7 +318,7 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
        }
        ovpnAdapter.disconnect()
    }
-
+    
    func handleWireguardStatusMessage(_ messageData: Data, completionHandler: ((Data?) -> Void)? = nil) {
        guard let completionHandler = completionHandler else { return }
        wgAdapter.getRuntimeConfiguration { settings in
@@ -278,8 +333,8 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
            for component in components{
                let pair = component.components(separatedBy: "=")
                if pair.count == 2 {
-                   settingsDictionary[pair[0]] = pair[1]
-                 }
+                    settingsDictionary[pair[0]] = pair[1]
+                }
            }
            
            let response: [String: Any] = [
@@ -309,7 +364,7 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
                completionHandler(nil)
                return
            }
-
+            
            do {
                let tunnelConfiguration = try TunnelConfiguration(fromWgQuickConfig: configString)
                wgAdapter.update(tunnelConfiguration: tunnelConfiguration) { error in
@@ -318,7 +373,7 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
                        completionHandler(nil)
                        return
                    }
-
+                    
                    self.wgAdapter.getRuntimeConfiguration { settings in
                        var data: Data?
                        if let settings = settings {
@@ -334,76 +389,76 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
            completionHandler(nil)
        }
    }
-
+    
    private func handleOpenVPNStatusMessage(_ messageData: Data, completionHandler: ((Data?) -> Void)? = nil) {
        guard let completionHandler = completionHandler else { return }
-            let bytesin = ovpnAdapter.transportStatistics.bytesIn
-            let bytesout = ovpnAdapter.transportStatistics.bytesOut
-
-            let response: [String: Any] = [
-                "rx_bytes" : bytesin,
-                "tx_bytes" : bytesout
-            ]
-            
-            completionHandler(try? JSONSerialization.data(withJSONObject: response, options: []))
+        let bytesin = ovpnAdapter.transportStatistics.bytesIn
+        let bytesout = ovpnAdapter.transportStatistics.bytesOut
+        
+        let response: [String: Any] = [
+            "rx_bytes" : bytesin,
+            "tx_bytes" : bytesout
+        ]
+        
+        completionHandler(try? JSONSerialization.data(withJSONObject: response, options: []))
    }
-
-
+    
+    
    // TODO review
    private func setupAndlaunchOpenVPN(withConfig ovpnConfiguration: Data, withShadowSocks viaSS: Bool = false, completionHandler: @escaping (Error?) -> Void) {
        wg_log(.info, message: "setupAndlaunchOpenVPN")
-
+        
        let str = String(decoding: ovpnConfiguration, as: UTF8.self)
-
+        
        let configuration = OpenVPNConfiguration()
        configuration.fileContent = ovpnConfiguration
        if(str.contains("cloak")){
            configuration.setPTCloak();
        }
-
+        
        let evaluation: OpenVPNConfigurationEvaluation
        do {
            evaluation = try ovpnAdapter.apply(configuration: configuration)
-
+            
        } catch {
            completionHandler(error)
            return
        }
-
+        
        if !evaluation.autologin {
            wg_log(.info, message: "Implement login with user credentials")
        }
-
+        
        vpnReachability.startTracking { [weak self] status in
            guard status == .reachableViaWiFi else { return }
            self?.ovpnAdapter.reconnect(afterTimeInterval: 5)
        }
-
+        
        startHandler = completionHandler
        ovpnAdapter.connect(using: packetFlow)
-
-//        let ifaces = Interface.allInterfaces()
-//            .filter { $0.family == .ipv4 }
-//            .map { iface in iface.name }
-
-//        wg_log(.error, message: "Available TUN Interfaces: \(ifaces)")
+        
+        //        let ifaces = Interface.allInterfaces()
+        //            .filter { $0.family == .ipv4 }
+        //            .map { iface in iface.name }
+        
+        //        wg_log(.error, message: "Available TUN Interfaces: \(ifaces)")
    }
-
+    
    // MARK: -- Network observing methods
-
+    
    private func startListeningForNetworkChanges() {
        stopListeningForNetworkChanges()
        addObserver(self, forKeyPath: Constants.kDefaultPathKey, options: .old, context: nil)
    }
-
+    
    private func stopListeningForNetworkChanges() {
        removeObserver(self, forKeyPath: Constants.kDefaultPathKey)
    }
-
+    
    override func observeValue(forKeyPath keyPath: String?,
-                                     of object: Any?,
-                                     change: [NSKeyValueChangeKey : Any]?,
-                                     context: UnsafeMutableRawPointer?) {
+                               of object: Any?,
+                               change: [NSKeyValueChangeKey : Any]?,
+                               context: UnsafeMutableRawPointer?) {
        guard Constants.kDefaultPathKey != keyPath else { return }
        // Since iOS 11, we have observed that this KVO event fires repeatedly when connecting over Wifi,
        // even though the underlying network has not changed (i.e. `isEqualToPath` returns false),
@@ -412,28 +467,28 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
        guard let lastPath: NWPath = change?[.oldKey] as? NWPath,
              let defPath = defaultPath,
              lastPath != defPath || lastPath.description != defPath.description else {
-                  return
-              }
+            return
+        }
        DispatchQueue.main.async { [weak self] in
            guard let `self` = self, self.defaultPath != nil else { return }
            self.handle(networkChange: self.defaultPath!) { _ in }
        }
    }
-
+    
    private func handle(networkChange changePath: NWPath, completion: @escaping (Error?) -> Void) {
        wg_log(.info, message: "Tunnel restarted.")
        startTunnel(options: nil, completionHandler: completion)
    }
-
+    
    private func startEmptyTunnel(completionHandler: @escaping (Error?) -> Void) {
        dispatchPrecondition(condition: .onQueue(dispatchQueue))
-
+        
        let emptyTunnelConfiguration = TunnelConfiguration(
            name: nil,
            interface: InterfaceConfiguration(privateKey: PrivateKey()),
            peers: []
        )
-
+        
        wgAdapter.start(tunnelConfiguration: emptyTunnelConfiguration) { error in
            self.dispatchQueue.async {
                if let error {
@@ -445,9 +500,9 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
                }
            }
        }
-
+        
        let settings = NETunnelNetworkSettings(tunnelRemoteAddress: "1.1.1.1")
-
+        
        self.setTunnelNetworkSettings(settings) { error in
            completionHandler(error)
        }
@@ -478,6 +533,50 @@ extension PacketTunnelProvider: OpenVPNAdapterDelegate {
        // send empty string to NEDNSSettings.matchDomains
        networkSettings?.dnsSettings?.matchDomains = [""]
        
+        if (SplitTunnelType == "1") {
+            var ipv4IncludedRoutes = [NEIPv4Route]()
+            let STSdata = Data(SplitTunnelSites!.utf8)
+            do {
+                let STSarray = try JSONSerialization.jsonObject(with: STSdata) as! [String]
+                for allowedIPString in STSarray {
+                    if let allowedIP = IPAddressRange(from: allowedIPString){
+                        ipv4IncludedRoutes.append(NEIPv4Route(destinationAddress: "\(allowedIP.address)", subnetMask: "\(allowedIP.subnetMask())"))
+                    }
+                }
+            } catch {
+                wg_log(.error,message: "Parse JSONSerialization Error")
+            }
+            networkSettings?.ipv4Settings?.includedRoutes = ipv4IncludedRoutes
+        } else {
+            if (SplitTunnelType == "2")
+            {
+                var ipv4ExcludedRoutes = [NEIPv4Route]()
+                var ipv4IncludedRoutes = [NEIPv4Route]()
+                var ipv6IncludedRoutes = [NEIPv6Route]()
+                let STSdata = Data(SplitTunnelSites!.utf8)
+                do {
+                    let STSarray = try JSONSerialization.jsonObject(with: STSdata) as! [String]
+                    for excludeIPString in STSarray {
+                        if let excludeIP = IPAddressRange(from: excludeIPString) {
+                            ipv4ExcludedRoutes.append(NEIPv4Route(destinationAddress: "\(excludeIP.address)", subnetMask: "\(excludeIP.subnetMask())"))
+                        }
+                    }
+                } catch {
+                    wg_log(.error,message: "Parse JSONSerialization Error")
+                }
+                if let allIPv4 = IPAddressRange(from: "0.0.0.0/0"){
+                    ipv4IncludedRoutes.append(NEIPv4Route(destinationAddress: "\(allIPv4.address)", subnetMask: "\(allIPv4.subnetMask())"))
+                }
+                if let allIPv6 = IPAddressRange(from: "::/0") {
+                    ipv6IncludedRoutes.append(NEIPv6Route(destinationAddress: "\(allIPv6.address)", networkPrefixLength: NSNumber(value: allIPv6.networkPrefixLength)))
+                }
+                networkSettings?.ipv4Settings?.includedRoutes = ipv4IncludedRoutes
+                networkSettings?.ipv6Settings?.includedRoutes = ipv6IncludedRoutes
+                networkSettings?.ipv4Settings?.excludedRoutes = ipv4ExcludedRoutes
+            }
+            
+        }
+        
        // Set the network settings for the current tunneling session.
        setTunnelNetworkSettings(networkSettings, completionHandler: completionHandler)
    }
@@ -538,7 +637,7 @@ extension PacketTunnelProvider: OpenVPNAdapterDelegate {
        wg_log(.info, message: logMessage)
    }
 }
-    
+
 extension WireGuardLogLevel {
    var osLogLevel: OSLogType {
        switch self {
@@ -158,15 +158,15 @@ bool LinuxRouteMonitor::rtmSendRoute(int action, int flags, int type,
        return false;
    }
    nlmsg_append_attr32(nlmsg, sizeof(buf), RTA_OIF, index);
+    nlmsg_append_attr32(nlmsg, sizeof(buf), RTA_PRIORITY, 1);
    }

    if (rtm->rtm_type == RTN_THROW) {
-    int index = if_nametoindex(getgatewayandiface().toUtf8());
-    if (index <= 0) {
-        logger.error() << "if_nametoindex() failed:" << strerror(errno);
-        return false;
-    }
-    nlmsg_append_attr32(nlmsg, sizeof(buf), RTA_OIF, index);
+    struct in_addr ip4;
+    inet_pton(AF_INET, getgatewayandiface().toUtf8(), &ip4);
+    nlmsg_append_attr(nlmsg, sizeof(buf), RTA_GATEWAY, &ip4, sizeof(ip4));
+    nlmsg_append_attr32(nlmsg, sizeof(buf), RTA_PRIORITY, 0);
+    rtm->rtm_type = RTN_UNICAST;
    }

    struct sockaddr_nl nladdr;
@@ -334,7 +334,7 @@ QString LinuxRouteMonitor::getgatewayandiface()
    }
    }
    close(sock);
-    return interface;
+    return gateway_address;
 }

 static bool buildAllowedIp(wg_allowedip* ip,
@@ -236,6 +236,17 @@ bool WindowsFirewall::enablePeerTraffic(const InterfaceConfig& config) {
    }
  }

+  if (!config.m_excludedAddresses.empty()) {
+    for (const QString& i : config.m_excludedAddresses) {
+      logger.debug() << "range: " << i;
+
+      if (!allowTrafficToRange(i, HIGH_WEIGHT,
+                          "Allow Ecxlude route", config.m_serverPublicKey)) {
+        return false;
+      }
+    }
+  }
+
  result = FwpmTransactionCommit0(m_sessionHandle);
  if (result != ERROR_SUCCESS) {
    logger.error() << "FwpmTransactionCommit0 failed with error:" << result;
@@ -411,8 +422,8 @@ bool WindowsFirewall::allowTrafficOfAdapter(int networkAdapter, uint8_t weight,
 }

 bool WindowsFirewall::allowTrafficTo(const QHostAddress& targetIP, uint port,
-                                     int weight, const QString& title,
-                                     const QString& peer) {
+                                          int weight, const QString& title,
+                                          const QString& peer) {
  bool isIPv4 = targetIP.protocol() == QAbstractSocket::IPv4Protocol;
  GUID layerOut =
      isIPv4 ? FWPM_LAYER_ALE_AUTH_CONNECT_V4 : FWPM_LAYER_ALE_AUTH_CONNECT_V6;
@@ -473,6 +484,57 @@ bool WindowsFirewall::allowTrafficTo(const QHostAddress& targetIP, uint port,
  return true;
 }

+bool WindowsFirewall::allowTrafficToRange(const IPAddress& addr, uint8_t weight,
+                                     const QString& title,
+                                     const QString& peer) {
+  QString description("Allow traffic %1 %2 ");
+
+  auto lower = addr.address();
+  auto upper = addr.broadcastAddress();
+
+  const bool isV4 = addr.type() == QAbstractSocket::IPv4Protocol;
+  const GUID layerKeyOut =
+      isV4 ? FWPM_LAYER_ALE_AUTH_CONNECT_V4 : FWPM_LAYER_ALE_AUTH_CONNECT_V6;
+  const GUID layerKeyIn = isV4 ? FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4
+                               : FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V6;
+
+  // Assemble the Filter base
+  FWPM_FILTER0 filter;
+  memset(&filter, 0, sizeof(filter));
+  filter.action.type = FWP_ACTION_PERMIT;
+  filter.weight.type = FWP_UINT8;
+  filter.weight.uint8 = weight;
+  filter.subLayerKey = ST_FW_WINFW_BASELINE_SUBLAYER_KEY;
+
+  FWPM_FILTER_CONDITION0 cond[1] = {0};
+  FWP_RANGE0 ipRange;
+  QByteArray lowIpV6Buffer;
+  QByteArray highIpV6Buffer;
+
+  importAddress(lower, ipRange.valueLow, &lowIpV6Buffer);
+  importAddress(upper, ipRange.valueHigh, &highIpV6Buffer);
+
+  cond[0].fieldKey = FWPM_CONDITION_IP_REMOTE_ADDRESS;
+  cond[0].matchType = FWP_MATCH_RANGE;
+  cond[0].conditionValue.type = FWP_RANGE_TYPE;
+  cond[0].conditionValue.rangeValue = &ipRange;
+
+  filter.numFilterConditions = 1;
+  filter.filterCondition = cond;
+
+  filter.layerKey = layerKeyOut;
+  if (!enableFilter(&filter, title, description.arg("to").arg(addr.toString()),
+                    peer)) {
+    return false;
+  }
+  filter.layerKey = layerKeyIn;
+  if (!enableFilter(&filter, title,
+                    description.arg("from").arg(addr.toString()), peer)) {
+    return false;
+  }
+  return true;
+}
+
 bool WindowsFirewall::allowDHCPTraffic(uint8_t weight, const QString& title) {
  // Allow outbound DHCPv4
  {
@@ -52,6 +52,9 @@ class WindowsFirewall final : public QObject {
  bool blockTrafficOnPort(uint port, uint8_t weight, const QString& title);
  bool allowTrafficTo(const QHostAddress& targetIP, uint port, int weight,
                      const QString& title, const QString& peer = QString());
+  bool allowTrafficToRange(const IPAddress& addr, uint8_t weight,
+                           const QString& title,
+                           const QString& peer);
  bool allowTrafficOfAdapter(int networkAdapter, uint8_t weight,
                             const QString& title);
  bool allowDHCPTraffic(uint8_t weight, const QString& title);
@@ -43,6 +43,7 @@ namespace amnezia
        constexpr char server_priv_key[] = "server_priv_key";
        constexpr char server_pub_key[] = "server_pub_key";
        constexpr char psk_key[] = "psk_key";
+        constexpr char allowed_ips[] = "allowed_ips";

        constexpr char client_ip[] = "client_ip"; // internal ip address

@@ -78,6 +79,9 @@ namespace amnezia
        constexpr char sftp[] = "sftp";
        constexpr char awg[] = "awg";

+        constexpr char splitTunnelSites[] = "splitTunnelSites";
+        constexpr char splitTunnelType[] = "splitTunnelType";
+
    }

    namespace protocols
@@ -16,8 +16,6 @@ WireguardProtocol::WireguardProtocol(const QJsonObject &configuration, QObject *
    m_configFile.setFileName(QDir::tempPath() + QDir::separator() + serviceName() + ".conf");
    writeWireguardConfiguration(configuration);

-    // MZ
-#if defined(Q_OS_MAC) || defined(Q_OS_WIN) || defined(Q_OS_LINUX)
    m_impl.reset(new LocalSocketController());
    connect(m_impl.get(), &ControllerImpl::connected, this,
            [this](const QString &pubkey, const QDateTime &connectionTimestamp) {
@@ -26,7 +24,6 @@ WireguardProtocol::WireguardProtocol(const QJsonObject &configuration, QObject *
    connect(m_impl.get(), &ControllerImpl::disconnected, this,
            [this]() { emit connectionStateChanged(Vpn::ConnectionState::Disconnected); });
    m_impl->initialize(nullptr, nullptr);
-#endif
 }

 WireguardProtocol::~WireguardProtocol()
@@ -37,68 +34,10 @@ WireguardProtocol::~WireguardProtocol()

 void WireguardProtocol::stop()
 {
-#if defined(Q_OS_MAC) || defined(Q_OS_WIN) || defined(Q_OS_LINUX)
    stopMzImpl();
    return;
-#endif
-
-    if (!QFileInfo::exists(Utils::wireguardExecPath())) {
-        qCritical() << "Wireguard executable missing!";
-        setLastError(ErrorCode::ExecutableMissing);
-        return;
-    }
-
-    m_wireguardStopProcess = IpcClient::CreatePrivilegedProcess();
-
-    if (!m_wireguardStopProcess) {
-        qCritical() << "IpcProcess replica is not created!";
-        setLastError(ErrorCode::AmneziaServiceConnectionFailed);
-        return;
-    }
-
-    m_wireguardStopProcess->waitForSource(1000);
-    if (!m_wireguardStopProcess->isInitialized()) {
-        qWarning() << "IpcProcess replica is not connected!";
-        setLastError(ErrorCode::AmneziaServiceConnectionFailed);
-        return;
-    }
-
-    m_wireguardStopProcess->setProgram(PermittedProcess::Wireguard);
-
-    m_wireguardStopProcess->setArguments(stopArgs());
-    qDebug() << stopArgs().join(" ");
-
-    connect(m_wireguardStopProcess.data(), &PrivilegedProcess::errorOccurred, this, [this](QProcess::ProcessError error) {
-        qDebug() << "WireguardProtocol::WireguardProtocol Stop errorOccurred" << error;
-        setConnectionState(Vpn::ConnectionState::Disconnected);
-    });
-
-    connect(m_wireguardStopProcess.data(), &PrivilegedProcess::stateChanged, this,
-            [this](QProcess::ProcessState newState) {
-                qDebug() << "WireguardProtocol::WireguardProtocol Stop stateChanged" << newState;
-            });
-
-#ifdef Q_OS_LINUX
-    if (IpcClient::Interface()) {
-        QRemoteObjectPendingReply<bool> result = IpcClient::Interface()->isWireguardRunning();
-        if (result.returnValue()) {
-            setConnectionState(Vpn::ConnectionState::Disconnected);
-            return;
-        }
-    } else {
-        qCritical() << "IPC client not initialized";
-        setConnectionState(Vpn::ConnectionState::Disconnected);
-        return;
-    }
-#endif
-
-    m_wireguardStopProcess->start();
-    m_wireguardStopProcess->waitForFinished(10000);
-
-    setConnectionState(Vpn::ConnectionState::Disconnected);
 }

-#if defined(Q_OS_MAC) || defined(Q_OS_WIN) || defined(Q_OS_LINUX)
 ErrorCode WireguardProtocol::startMzImpl()
 {
    m_impl->activate(m_rawConfig);
@@ -110,7 +49,6 @@ ErrorCode WireguardProtocol::stopMzImpl()
    m_impl->deactivate();
    return ErrorCode::NoError;
 }
-#endif

 void WireguardProtocol::writeWireguardConfiguration(const QJsonObject &configuration)
 {
@@ -124,21 +62,8 @@ void WireguardProtocol::writeWireguardConfiguration(const QJsonObject &configura
    m_configFile.write(jConfig.value(config_key::config).toString().toUtf8());
    m_configFile.close();

-#if 0
-    if (IpcClient::Interface()) {
-        QRemoteObjectPendingReply<bool> result = IpcClient::Interface()->copyWireguardConfig(m_configFile.fileName());
-        if (result.returnValue()) {
-            qCritical() << "Failed to copy wireguard config";
-            return;
-        }
-    } else {
-        qCritical() << "IPC client not initialized";
-        return;
-    }
-    m_configFileName = "/etc/wireguard/wg99.conf";
-#else
+
    m_configFileName = m_configFile.fileName();
-#endif

    m_isConfigLoaded = true;

@@ -152,15 +77,9 @@ QString WireguardProtocol::configPath() const
    return m_configFileName;
 }

-void WireguardProtocol::updateRouteGateway(QString line)
+QString WireguardProtocol::serviceName() const
 {
-    // TODO: fix for macos
-    line = line.split("ROUTE_GATEWAY", Qt::SkipEmptyParts).at(1);
-    if (!line.contains("/"))
-        return;
-    m_routeGateway = line.split("/", Qt::SkipEmptyParts).first();
-    m_routeGateway.replace(" ", "");
-    qDebug() << "Set VPN route gateway" << m_routeGateway;
+    return "AmneziaVPN.WireGuard0";
 }

 ErrorCode WireguardProtocol::start()
@@ -170,112 +89,6 @@ ErrorCode WireguardProtocol::start()
        return lastError();
    }

-#if defined(Q_OS_MAC) || defined(Q_OS_WIN) || defined(Q_OS_LINUX)
    return startMzImpl();
-#endif
-
-    if (!QFileInfo::exists(Utils::wireguardExecPath())) {
-        setLastError(ErrorCode::ExecutableMissing);
-        return lastError();
-    }
-
-    if (IpcClient::Interface()) {
-        QRemoteObjectPendingReply<bool> result = IpcClient::Interface()->isWireguardConfigExists(configPath());
-        if (result.returnValue()) {
-            setLastError(ErrorCode::ConfigMissing);
-            return lastError();
-        }
-    } else {
-        qCritical() << "IPC client not initialized";
-        setLastError(ErrorCode::InternalError);
-        return lastError();
-    }
-
-    setConnectionState(Vpn::ConnectionState::Connecting);
-
-    m_wireguardStartProcess = IpcClient::CreatePrivilegedProcess();
-
-    if (!m_wireguardStartProcess) {
-        setLastError(ErrorCode::AmneziaServiceConnectionFailed);
-        return ErrorCode::AmneziaServiceConnectionFailed;
-    }
-
-    m_wireguardStartProcess->waitForSource(1000);
-    if (!m_wireguardStartProcess->isInitialized()) {
-        qWarning() << "IpcProcess replica is not connected!";
-        setLastError(ErrorCode::AmneziaServiceConnectionFailed);
-        return ErrorCode::AmneziaServiceConnectionFailed;
-    }
-
-    m_wireguardStartProcess->setProgram(PermittedProcess::Wireguard);
-
-    m_wireguardStartProcess->setArguments(startArgs());
-    qDebug() << startArgs().join(" ");
-
-    connect(m_wireguardStartProcess.data(), &PrivilegedProcess::errorOccurred, this, [this](QProcess::ProcessError error) {
-        qDebug() << "WireguardProtocol::WireguardProtocol errorOccurred" << error;
-        setConnectionState(Vpn::ConnectionState::Disconnected);
-    });
-
-    connect(m_wireguardStartProcess.data(), &PrivilegedProcess::stateChanged, this,
-            [this](QProcess::ProcessState newState) {
-                qDebug() << "WireguardProtocol::WireguardProtocol stateChanged" << newState;
-            });
-
-    connect(m_wireguardStartProcess.data(), &PrivilegedProcess::finished, this,
-            [this]() { setConnectionState(Vpn::ConnectionState::Connected); });
-
-    connect(m_wireguardStartProcess.data(), &PrivilegedProcess::readyRead, this, [this]() {
-        QRemoteObjectPendingReply<QByteArray> reply = m_wireguardStartProcess->readAll();
-        reply.waitForFinished(1000);
-        qDebug() << "WireguardProtocol::WireguardProtocol readyRead" << reply.returnValue();
-    });
-
-    connect(m_wireguardStartProcess.data(), &PrivilegedProcess::readyReadStandardOutput, this, [this]() {
-        QRemoteObjectPendingReply<QByteArray> reply = m_wireguardStartProcess->readAllStandardOutput();
-        reply.waitForFinished(1000);
-        qDebug() << "WireguardProtocol::WireguardProtocol readAllStandardOutput" << reply.returnValue();
-    });
-
-    connect(m_wireguardStartProcess.data(), &PrivilegedProcess::readyReadStandardError, this, [this]() {
-        QRemoteObjectPendingReply<QByteArray> reply = m_wireguardStartProcess->readAllStandardError();
-        reply.waitForFinished(10);
-        qDebug() << "WireguardProtocol::WireguardProtocol readAllStandardError" << reply.returnValue();
-    });
-
-    m_wireguardStartProcess->start();
-    m_wireguardStartProcess->waitForFinished(10000);
-
-    return ErrorCode::NoError;
 }

-void WireguardProtocol::updateVpnGateway(const QString &line)
-{
-}
-
-QString WireguardProtocol::serviceName() const
-{
-    return "AmneziaVPN.WireGuard0";
-}
-
-QStringList WireguardProtocol::stopArgs()
-{
-#ifdef Q_OS_WIN
-    return { "--remove", configPath() };
-#elif defined Q_OS_LINUX
-    return { "down", "wg99" };
-#else
-    return {};
-#endif
-}
-
-QStringList WireguardProtocol::startArgs()
-{
-#ifdef Q_OS_WIN
-    return { "--add", configPath() };
-#elif defined Q_OS_LINUX
-    return { "up", "wg99" };
-#else
-    return {};
-#endif
-}
@@ -8,7 +8,6 @@
 #include <QTimer>

 #include "vpnprotocol.h"
-#include "core/ipcclient.h"

 #include "mozilla/controllerimpl.h"

@@ -23,33 +22,21 @@ public:
    ErrorCode start() override;
    void stop() override;

-#if defined(Q_OS_MAC) || defined(Q_OS_WIN) || defined(Q_OS_LINUX)
    ErrorCode startMzImpl();
    ErrorCode stopMzImpl();
-#endif

 private:
    QString configPath() const;
    void writeWireguardConfiguration(const QJsonObject &configuration);
-
-    void updateRouteGateway(QString line);
-    void updateVpnGateway(const QString &line);
    QString serviceName() const;
-    QStringList stopArgs();
-    QStringList startArgs();

 private:
    QString m_configFileName;
    QFile m_configFile;

-    QSharedPointer<PrivilegedProcess> m_wireguardStartProcess;
-    QSharedPointer<PrivilegedProcess> m_wireguardStopProcess;
-
    bool m_isConfigLoaded = false;

-#if defined(Q_OS_MAC) || defined(Q_OS_WIN) || defined(Q_OS_LINUX)
    QScopedPointer<ControllerImpl> m_impl;
-#endif
 };

 #endif // WIREGUARDPROTOCOL_H
@@ -233,10 +233,6 @@ QString Settings::routeModeString(RouteMode mode) const

 Settings::RouteMode Settings::routeMode() const
 {
-// TODO implement for mobiles
-#if defined(Q_OS_ANDROID) || defined(Q_OS_IOS)
-    return RouteMode::VpnAllSites;
-#endif
    return static_cast<RouteMode>(m_settings.value("Conf/routeMode", 0).toInt());
 }

@@ -686,7 +686,7 @@ Already installed containers were found on the server. All installed containers
        <location filename="../ui/qml/Pages2/PageServiceDnsSettings.qml" line="52"/>
        <source>A DNS service is installed on your server, and it is only accessible via VPN.
 </source>
-        <translation>На вашем сервере устанавливается DNS-сервис, доступ к нему возможен только через VPN.
+        <translation>На вашем сервере установлен DNS-сервис, доступ к нему возможен только через VPN.
 </translation>
    </message>
    <message>
@@ -261,6 +261,10 @@ QJsonObject ImportController::extractWireGuardConfig(const QString &data)
 //        return QJsonObject();
 //    }

+    QJsonArray allowedIpsJsonArray = QJsonArray::fromStringList(configMap.value("AllowedIPs").split(","));
+
+    lastConfig[config_key::allowed_ips] = allowedIpsJsonArray;
+
    QString protocolName = "wireguard";
    if (!configMap.value(config_key::junkPacketCount).isEmpty()
        && !configMap.value(config_key::junkPacketMinSize).isEmpty()
@@ -1,7 +1,5 @@
 #include "pageController.h"

-#include <QProcess>
-
 #if defined(Q_OS_ANDROID) || defined(Q_OS_IOS)
    #include <QGuiApplication>
 #else
@@ -164,74 +162,3 @@ void PageController::closeApplication()
 {
    qApp->quit();
 }
-
-bool PageController::checkForUpdates()
-{
-#if defined(Q_OS_ANDROID) || defined(Q_OS_IOS)
-    return false;
-#else
-    QString path = qApp->applicationDirPath();
-
-    bool checked = false;
-
-#ifdef Q_OS_MACOS
-    if(path.contains(qApp->applicationName()+".app/Contents/MacOS")) {
-        path = path.remove("Contents/MacOS");
-    }
-    path = path + "maintenancetool.app";
-
-    checked = true;
-#endif
-
-#ifdef Q_OS_LINUX
-    if(path.contains("/client/bin")) {
-        path = path.remove("/client/bin");
-    }
-    path = path + "/maintenancetool";
-
-    checked = true;
-#endif
-
-    if (!checked) {
-        return false;
-    }
-
-    QStringList argsCheckUpdates;
-    argsCheckUpdates << "--checkupdates";
-
-    QProcess process;
-    process.start(path, argsCheckUpdates);
-
-    // Wait until the update tool is finished
-    process.waitForFinished();
-
-    if (process.error() != QProcess::UnknownError) {
-        emit showNotificationMessage(tr("Checking for updates: %1").arg(process.errorString()));
-        return true;
-    }
-
-    // Read the output
-    QByteArray data = process.readAllStandardOutput();
-
-    // No output means no updates available
-    // Note that the exit code will also be 1, but we don't use that
-    // Also note that we should parse the output instead of just checking if it is empty if we want specific update info
-    if (data.isEmpty()) {
-        emit showNotificationMessage(tr("Checking for updates: %1").arg("it's the latest version"));
-        return true;
-    }
-
-    // Note: we start it detached because this application need to close for the update
-    QStringList argsUpdater("--updater");
-    bool bresult = QProcess::startDetached(path, argsUpdater);
-    if (!bresult) {
-        emit showNotificationMessage(tr("Checking for updates: %1").arg("test"));
-        return true;
-    }
-
-
-    // Close the application
-    qApp->quit();
-    return true;
-#endif
-}
@@ -90,8 +90,6 @@ public slots:

    void closeApplication();

-    bool checkForUpdates();
-
 signals:
    void goToPage(PageLoader::PageEnum page, bool slide = true);
    void goToStartPage();
@@ -22,10 +22,6 @@ bool ContainersModel::setData(const QModelIndex &index, const QVariant &value, i
    DockerContainer container = ContainerProps::allContainers().at(index.row());

    switch (role) {
-    case NameRole:
-        //        return ContainerProps::containerHumanNames().value(container);
-    case DescriptionRole:
-        //        return ContainerProps::containerDescriptions().value(container);
    case ConfigRole: {
        m_settings->setContainerConfig(m_currentlyProcessedServerIndex, container, value.toJsonObject());
        m_containers = m_settings->containers(m_currentlyProcessedServerIndex);
@@ -35,19 +31,15 @@ bool ContainersModel::setData(const QModelIndex &index, const QVariant &value, i
            break;
        }
    }
-    case ServiceTypeRole:
-    //        return ContainerProps::containerService(container);
-    case DockerContainerRole:
-        //        return container;
-    case IsInstalledRole:
-    //        return m_settings->containers(m_currentlyProcessedServerIndex).contains(container);
    case IsDefaultRole: { //todo remove
        m_settings->setDefaultContainer(m_currentlyProcessedServerIndex, container);
        m_defaultContainerIndex = container;
        emit defaultContainerChanged();
    }
+    default: break;
    }

+    emit containersModelUpdated();
    emit dataChanged(index, index);
    return true;
 }
@@ -73,6 +73,7 @@ protected:

 signals:
    void defaultContainerChanged();
+    void containersModelUpdated();

 private:
    QMap<DockerContainer, QJsonObject> m_containers;
@@ -193,6 +193,12 @@ bool ServersModel::isDefaultServerConfigContainsAmneziaDns()
    return primaryDns == protocols::dns::amneziaDnsIp;
 }

+void ServersModel::updateContainersConfig()
+{
+    auto server = m_settings->server(m_currentlyProcessedServerIndex);
+    m_servers.replace(m_currentlyProcessedServerIndex, server);
+}
+
 QHash<int, QByteArray> ServersModel::roleNames() const
 {
    QHash<int, QByteArray> roles;
@@ -59,6 +59,8 @@ public slots:

    bool isDefaultServerConfigContainsAmneziaDns();

+    void updateContainersConfig();
+
 protected:
    QHash<int, QByteArray> roleNames() const override;

@@ -32,7 +32,7 @@ PageType {
        function onRestorePageHomeState(isContainerInstalled) {
            buttonContent.state = "expanded"
            if (isContainerInstalled) {
-                containersDropDown.menuVisible = true
+                containersDropDown.rootButtonClickedFunction()
            }
        }
        function onForceCloseDrawer() {
@@ -192,13 +192,7 @@ PageType {
                text: qsTr("Check for updates")

                onClicked: {
-                    PageController.showBusyIndicator(true)
-
-                    if (!PageController.checkForUpdates()) {
-                        Qt.openUrlExternally("https://github.com/amnezia-vpn/desktop-client/releases/latest")
-                    }
-
-                   PageController.showBusyIndicator(false)
+                    Qt.openUrlExternally("https://github.com/amnezia-vpn/desktop-client/releases/latest")
                }
            }
        }
@@ -94,7 +94,7 @@ PageType {
            DividerType {}

            LabelWithButtonType {
-                visible: GC.isDesktop()
+                visible: true

                Layout.fillWidth: true

@@ -28,17 +28,11 @@ PageType {
                ContainersModel.setDefaultContainer(ContainersModel.getCurrentlyProcessedContainerIndex())
            }

-            PageController.goToStartPage()
+            PageController.closePage() // close installing page
+            PageController.closePage() // close protocol settings page
+
            if (stackView.currentItem.objectName === PageController.getPagePath(PageEnum.PageHome)) {
                PageController.restorePageHomeState(true)
-            } else if (stackView.currentItem.objectName === PageController.getPagePath(PageEnum.PageSettings)) {
-                PageController.goToPage(PageEnum.PageSettingsServersList, false)
-                PageController.goToPage(PageEnum.PageSettingsServerInfo, false)
-                if (isServiceInstall) {
-                    PageController.goToPageSettingsServerServices()
-                }
-            } else {
-                PageController.goToPage(PageEnum.PageHome)
            }

            PageController.showNotificationMessage(finishedMessage)
@@ -68,7 +68,7 @@ void VpnConnection::onConnectionStateChanged(Vpn::ConnectionState state)
                // qDebug() << "VpnConnection::onConnectionStateChanged :: adding custom routes, count:" << forwardIps.size();
            }
            QString dns1 = m_vpnConfiguration.value(config_key::dns1).toString();
-            QString dns2 = m_vpnConfiguration.value(config_key::dns1).toString();
+            QString dns2 = m_vpnConfiguration.value(config_key::dns2).toString();

            IpcClient::Interface()->routeAddList(m_vpnProtocol->vpnGateway(), QStringList() << dns1 << dns2);

@@ -329,6 +329,8 @@ void VpnConnection::connectToVpn(int serverIndex, const ServerCredentials &crede
        return;
    }

+    appendSplitTunnelingConfig();
+
 #if !defined(Q_OS_ANDROID) && !defined(Q_OS_IOS)
    m_vpnProtocol.reset(VpnProtocol::factory(container, m_vpnConfiguration));
    if (!m_vpnProtocol) {
@@ -363,6 +365,26 @@ void VpnConnection::createProtocolConnections()
    connect(m_vpnProtocol.data(), SIGNAL(bytesChanged(quint64, quint64)), this, SLOT(onBytesChanged(quint64, quint64)));
 }

+void VpnConnection::appendSplitTunnelingConfig()
+{
+    auto routeMode = m_settings->routeMode();
+    auto sites = m_settings->getVpnIps(routeMode);
+
+    QJsonArray sitesJsonArray;
+    for (const auto &site : sites) {
+        sitesJsonArray.append(site);
+    }
+
+    // Allow traffic to Amezia DNS
+    if (routeMode == Settings::VpnOnlyForwardSites){
+        sitesJsonArray.append(m_vpnConfiguration.value(config_key::dns1).toString());
+        sitesJsonArray.append(m_vpnConfiguration.value(config_key::dns2).toString());
+    }
+
+    m_vpnConfiguration.insert(config_key::splitTunnelType, routeMode);
+    m_vpnConfiguration.insert(config_key::splitTunnelSites, sitesJsonArray);
+}
+
 #ifdef Q_OS_ANDROID
 void VpnConnection::restoreConnection()
 {
@@ -112,6 +112,8 @@ private:
 #endif

   void createProtocolConnections();
+
+   void appendSplitTunnelingConfig();
 };

 #endif // VPNCONNECTION_H
@@ -12,13 +12,14 @@ Usage:
 Build AmneziaVPN android client. By default, a signed Android App Bundle (AAB) is built.

 Options:
- -d, --debug                Build debug version
- -a, --apk <abi>            Build APK for the specified ABI
-                            Available ABIs: 'x86', 'x86_64', 'armeabi-v7a', 'arm64-v8a'
- -p, --platform <platform>  The SDK platform used for building the Java code of the application
-                            By default, the latest available platform is used
- -m, --move                 Move the build result to the root of the build directory
- -h, --help                 Display this help
+ -d, --debug                      Build debug version
+ -a, --apk (<abi_list> | all)     Build APKs for the specified ABIs or for all available ABIs
+                                  Available ABIs: 'x86', 'x86_64', 'armeabi-v7a', 'arm64-v8a'
+                                  <abi_list> - list of ABIs delimited by ';'
+ -b, --build-platform <platform>  The SDK platform used for building the Java code of the application
+                                  By default, the latest available platform is used
+ -m, --move                       Move the build result to the root of the build directory
+ -h, --help                       Display this help

 EOT
 }
@@ -26,21 +27,25 @@ EOT
 BUILD_TYPE="release"
 AAB=1

-opts=$(getopt -l debug,apk:,platform:,move,help -o "da:p:mh" -- "$@")
+opts=$(getopt -l debug,apk:,build-platform:,move,help -o "da:b:mh" -- "$@")
 eval set -- "$opts"
 while true; do
  case "$1" in
    -d | --debug) BUILD_TYPE="debug"; shift;;
-    -a | --apk) ABI=$2; unset AAB; shift 2;;
-    -p | --platform) ANDROID_PLATFORM=$2; shift 2;;
+    -a | --apk) ABIS=$2; unset AAB; shift 2;;
+    -b | --build-platform) ANDROID_BUILD_PLATFORM=$2; shift 2;;
    -m | --move) MOVE_RESULT=1; shift;;
    -h | --help) usage; exit 0;;
    --) shift; break;;
  esac
 done

-if [[ -v ABI && ! "$ABI" =~ ^(x86|x86_64|armeabi-v7a|arm64-v8a)$ ]]; then
-  echo "The 'abi' option must be one of ['x86', 'x86_64', 'armeabi-v7a', 'arm64-v8a'], but is '$ABI'"
+# Validate ABIS parameter
+if [[ -v ABIS && \
+    ! "$ABIS" = "all" && \
+    ! "$ABIS" =~ ^((x86|x86_64|armeabi-v7a|arm64-v8a);)*(x86|x86_64|armeabi-v7a|arm64-v8a)$ ]]; then
+  echo "The 'apk' option must be a list of ['x86', 'x86_64', 'armeabi-v7a', 'arm64-v8a']" \
+       "delimited by ';' or 'all', but is '$ABIS'"
  exit 1
 fi

@@ -56,13 +61,19 @@ OUT_APP_DIR=$BUILD_DIR/client
 echo "Project dir: $PROJECT_DIR"
 echo "Build dir: $BUILD_DIR"

-if [ -v AAB ]; then
+# Determine path to qt bin folder with qt-cmake
+if [[ -v AAB || "$ABIS" = "all" ]]; then
  qt_bin_dir_suffix="x86_64"
 else
-  case $ABI in
+  if [[ $ABIS = *";"* ]]; then
+    oneOf=$(echo $ABIS | cut -d';' -f 1)
+  else
+    oneOf=$ABIS
+  fi
+  case $oneOf in
    "armeabi-v7a") qt_bin_dir_suffix="armv7";;
    "arm64-v8a") qt_bin_dir_suffix="arm64_v8a";;
-    *) qt_bin_dir_suffix=$ABI;;
+    *) qt_bin_dir_suffix=$oneOf;;
  esac
 fi
 # get real path
@@ -79,10 +90,10 @@ echo "Using Android NDK in $ANDROID_NDK_ROOT"
 # Run qt-cmake to configure build
 qt_cmake_opts=()

-if [ -v AAB ]; then
+if [[ -v AAB || "$ABIS" = "all" ]]; then
  qt_cmake_opts+=(-DQT_ANDROID_BUILD_ALL_ABIS=ON)
 else
-  qt_cmake_opts+=(-DQT_ANDROID_ABIS="$ABI")
+  qt_cmake_opts+=(-DQT_ANDROID_ABIS="$ABIS")
 fi

 # QT_NO_GLOBAL_APK_TARGET_PART_OF_ALL=ON - Skip building apks as part of the default 'ALL' target
@@ -95,7 +106,7 @@ $QT_BIN_DIR/qt-cmake -S $PROJECT_DIR -B $BUILD_DIR \
 # Build app
 cmake --build $BUILD_DIR --config $BUILD_TYPE

-# Build and package APK or AAB. If this is a release, then additionally sign the result.
+# Build and package APK or AAB
 echo "Building APK/AAB..."

 deployqt_opts=()
@@ -104,32 +115,52 @@ if [ -v AAB ]; then
  deployqt_opts+=(--aab)
 fi

-if [ -v ANDROID_PLATFORM ]; then
-  deployqt_opts+=(--android-platform "$ANDROID_PLATFORM")
+if [ -v ANDROID_BUILD_PLATFORM ]; then
+  deployqt_opts+=(--android-platform "$ANDROID_BUILD_PLATFORM")
 fi

 if [ "$BUILD_TYPE" = "release" ]; then
-  deployqt_opts+=(--release --sign)
+  deployqt_opts+=(--release)
 fi

+# for gradle to skip all tasks when it is executed by androiddeployqt
+# gradle is started later explicitly
+export ANDROIDDEPLOYQT_RUN=1
+
 $QT_HOST_PATH/bin/androiddeployqt \
  --input $OUT_APP_DIR/android-AmneziaVPN-deployment-settings.json \
  --output $OUT_APP_DIR/android-build \
-  --gradle \
  "${deployqt_opts[@]}"

+# run gradle
+gradle_opts=()
+
+if [ -v AAB ]; then
+  gradle_opts+=(bundle"${BUILD_TYPE^}")
+else
+  gradle_opts+=(assemble"${BUILD_TYPE^}")
+fi
+
+$OUT_APP_DIR/android-build/gradlew \
+  --project-dir $OUT_APP_DIR/android-build \
+  -DexplicitRun=1 \
+  "${gradle_opts[@]}"
+
 if [[ -v CI || -v MOVE_RESULT ]]; then
  echo "Moving APK/AAB..."
  if [ -v AAB ]; then
-    mv -u $OUT_APP_DIR/android-build/build/outputs/bundle/$BUILD_TYPE/android-build-$BUILD_TYPE.aab \
-       $PROJECT_DIR/deploy/build/AmneziaVPN-$BUILD_TYPE.aab
+    mv -u $OUT_APP_DIR/android-build/build/outputs/bundle/$BUILD_TYPE/AmneziaVPN-$BUILD_TYPE.aab \
+       $PROJECT_DIR/deploy/build/
  else
-    if [ "$BUILD_TYPE" = "release" ]; then
-      build_suffix="release-signed"
-    else
-      build_suffix=$BUILD_TYPE
+    if [ "$ABIS" = "all" ]; then
+      ABIS="x86;x86_64;armeabi-v7a;arm64-v8a"
    fi
-    mv -u $OUT_APP_DIR/android-build/build/outputs/apk/$BUILD_TYPE/android-build-$build_suffix.apk \
-       $PROJECT_DIR/deploy/build/AmneziaVPN-$ABI-$build_suffix.apk
+
+    IFS=';' read -r -a abi_array <<< "$ABIS"
+    for ABI in "${abi_array[@]}"
+    do
+      mv -u $OUT_APP_DIR/android-build/build/outputs/apk/$BUILD_TYPE/AmneziaVPN-$ABI-$BUILD_TYPE.apk \
+       $PROJECT_DIR/deploy/build/
+    done
  fi
 fi
@@ -42,9 +42,6 @@ if [ -z "${QT_VERSION+x}" ]; then
  elif [ -f $HOME/Qt/$QT_VERSION/gcc_64/bin/qmake ]; then
    QT_BIN_DIR=$HOME/Qt/$QT_VERSION/gcc_64/bin
  fi
-  
-  QIF_VERSION=4.6
-  QIF_BIN_DIR=$QT_BIN_DIR/../../../Tools/QtInstallerFramework/$QIF_VERSION/bin
 fi

 echo "Using Qt in $QT_BIN_DIR"
@@ -88,10 +85,4 @@ cp -r $PROJECT_DIR/deploy/installer $BUILD_DIR

 $CQTDEPLOYER_DIR/binarycreator.sh --offline-only -v -c $BUILD_DIR/installer/config/linux.xml -p $BUILD_DIR/installer/packages -f $PROJECT_DIR/deploy/AmneziaVPN_Linux_Installer

-# echo "Generating repository..."
-$QIF_BIN_DIR/repogen -p $BUILD_DIR/installer/packages $BUILD_DIR/installer/amneziavpn-linux-repository
-
-# echo "Building online installer..."
-$CQTDEPLOYER_DIR/binarycreator.sh --online-only -c $BUILD_DIR/installer/config/linux.xml -p $BUILD_DIR/installer/packages $PROJECT_DIR/deploy/AmneziaVPN_Linux_Online_Installer
-

@@ -163,18 +163,7 @@ if [ "${MAC_CERT_PW+x}" ]; then
  fi
 fi

-echo "Finished to generate local installer, artifact is $DMG_FILENAME"
+echo "Finished, artifact is $DMG_FILENAME"
+
 # restore keychain
 security default-keychain -s login.keychain
-
-echo "Generate online installer and repository..."
-
-cd $PROJECT_DIR
-DIRNAME=$0
-if [ "${DIRNAME:0:1}" = "/" ];then
-    CURDIR=`dirname $DIRNAME`
-else
-    CURDIR="`pwd`"/"`dirname $DIRNAME`"
-fi
-
-source $CURDIR/build_macos_online_installer.sh
@@ -1,100 +0,0 @@
-#!/bin/bash
-echo "___________________________________________________________________"
-echo "..................repository and online installer.................."
-echo "___________________________________________________________________"
-
-set -o errexit -o nounset
-
-while getopts n flag
-do
-    case "${flag}" in
-        n) NOTARIZE_APP=1;;
-    esac
-done
-
-# Hold on to current directory
-PROJECT_DIR=$(pwd)
-DEPLOY_DIR=$PROJECT_DIR/deploy
-
-mkdir -p $DEPLOY_DIR/build
-BUILD_DIR=$DEPLOY_DIR/build
-
-echo "Project dir: ${PROJECT_DIR}" 
-echo "Build dir: ${BUILD_DIR}"
-
-APP_NAME=amneziavpn-online-installer
-APP_FILENAME=$APP_NAME.app
-APP_DOMAIN=org.amneziavpn.package
-PLIST_NAME=$APP_NAME.plist
-
-REPO_NAME=amneziavpn-macos-repository
-
-OUT_APP_DIR=$BUILD_DIR/client
-BUNDLE_DIR=$OUT_APP_DIR/$APP_FILENAME
-
-PREBUILT_DEPLOY_DATA_DIR=$PROJECT_DIR/deploy/data/deploy-prebuilt/macos
-DEPLOY_DATA_DIR=$PROJECT_DIR/deploy/data/macos
-
-INSTALLER_DATA_DIR=$BUILD_DIR/installer/packages/$APP_DOMAIN/data
-INSTALLER_BUNDLE_DIR=$BUILD_DIR/installer/$APP_FILENAME
-DMG_FILENAME=$PROJECT_DIR/${APP_NAME}.dmg
-
-# Search Qt
-if [ -z "${QT_VERSION+x}" ]; then
-QT_VERSION=6.5.1;
-QIF_VERSION=4.6
-QT_BIN_DIR=$HOME/Qt/$QT_VERSION/macos/bin
-QIF_BIN_DIR=$QT_BIN_DIR/../../../Tools/QtInstallerFramework/$QIF_VERSION/bin
-fi
-
-echo "Using Qt in $QT_BIN_DIR"
-echo "Using QIF in $QIF_BIN_DIR"
-
-
-echo "Generating repository..."
-$QIF_BIN_DIR/repogen -p $BUILD_DIR/installer/packages $BUILD_DIR/installer/$REPO_NAME
-
-echo "Building online installer..."
-$QIF_BIN_DIR/binarycreator --online-only -c $BUILD_DIR/installer/config/macos.xml -p $BUILD_DIR/installer/packages $INSTALLER_BUNDLE_DIR
-
-
-if [ "${MAC_CERT_PW+x}" ]; then
-  echo "Signing installer bundle..."
-  security unlock-keychain -p $TEMP_PASS $KEYCHAIN
-  /usr/bin/codesign --deep --force --verbose --timestamp -o runtime --sign "$MAC_SIGNER_ID" $INSTALLER_BUNDLE_DIR
-  /usr/bin/codesign --verify -vvvv $INSTALLER_BUNDLE_DIR || true
-
-  if [ "${NOTARIZE_APP+x}" ]; then
-    echo "Notarizing installer bundle..."
-    /usr/bin/ditto -c -k --keepParent $INSTALLER_BUNDLE_DIR $PROJECT_DIR/Installer_bundle_to_notarize.zip
-    xcrun notarytool submit $PROJECT_DIR/Installer_bundle_to_notarize.zip --apple-id $APPLE_DEV_EMAIL --team-id $MAC_TEAM_ID --password $APPLE_DEV_PASSWORD
-    rm $PROJECT_DIR/Installer_bundle_to_notarize.zip
-    sleep 300
-    xcrun stapler staple $INSTALLER_BUNDLE_DIR
-    xcrun stapler validate $INSTALLER_BUNDLE_DIR
-    spctl -a -vvvv $INSTALLER_BUNDLE_DIR || true
-  fi
-fi
-
-echo "Building DMG installer..."
-hdiutil create -volname AmneziaVPN -srcfolder $BUILD_DIR/installer/$APP_NAME.app -ov -format UDZO $DMG_FILENAME
-
-if [ "${MAC_CERT_PW+x}" ]; then
-  echo "Signing DMG installer..."
-  security unlock-keychain -p $TEMP_PASS $KEYCHAIN
-  /usr/bin/codesign --deep --force --verbose --timestamp -o runtime --sign "$MAC_SIGNER_ID" $DMG_FILENAME
-  /usr/bin/codesign --verify -vvvv $DMG_FILENAME || true
-
-  if [ "${NOTARIZE_APP+x}" ]; then
-    echo "Notarizing DMG installer..."
-    xcrun notarytool submit $DMG_FILENAME --apple-id $APPLE_DEV_EMAIL --team-id $MAC_TEAM_ID --password $APPLE_DEV_PASSWORD
-    sleep 300
-    xcrun stapler staple $DMG_FILENAME
-    xcrun stapler validate $DMG_FILENAME
-  fi
-fi
-
-echo "Finished to generate online instaler and repository, artifact is $DMG_FILENAME"
-
-# restore keychain
-security default-keychain -s login.keychain
@@ -13,14 +13,14 @@
    <AllowSpaceInPath>true</AllowSpaceInPath>
    <AllowNonAsciiCharacters>false</AllowNonAsciiCharacters>
    <ControlScript>controlscript.js</ControlScript>
-    <RepositorySettingsPageVisible>true</RepositorySettingsPageVisible>
+    <RepositorySettingsPageVisible>false</RepositorySettingsPageVisible>
    <DependsOnLocalInstallerBinary>true</DependsOnLocalInstallerBinary>
-    <SupportsModify>true</SupportsModify>
+    <SupportsModify>false</SupportsModify>
    <DisableAuthorizationFallback>true</DisableAuthorizationFallback>
    <RemoteRepositories>
        <Repository>
-            <Url>https://updates.amzsvc.com/beta/linux</Url>
-            <Enabled>1</Enabled>
+            <Url>https://amneziavpn.org/updates/linux</Url>
+            <Enabled>true</Enabled>
            <DisplayName>AmneziaVPN - repository for Linux</DisplayName>
        </Repository>
    </RemoteRepositories>
@@ -13,14 +13,14 @@
    <AllowSpaceInPath>true</AllowSpaceInPath>
    <AllowNonAsciiCharacters>false</AllowNonAsciiCharacters>
    <ControlScript>controlscript.js</ControlScript>
-    <RepositorySettingsPageVisible>true</RepositorySettingsPageVisible>
+    <RepositorySettingsPageVisible>false</RepositorySettingsPageVisible>
    <DependsOnLocalInstallerBinary>true</DependsOnLocalInstallerBinary>
-    <SupportsModify>true</SupportsModify>
+    <SupportsModify>false</SupportsModify>
    <DisableAuthorizationFallback>true</DisableAuthorizationFallback>
    <RemoteRepositories>
        <Repository>
-            <Url>https://updates.amzsvc.com/beta/macos</Url>
-            <Enabled>1</Enabled>
+            <Url>https://amneziavpn.org/updates/macos</Url>
+            <Enabled>true</Enabled>
            <DisplayName>AmneziaVPN - repository for macOS</DisplayName>
        </Repository>
    </RemoteRepositories>
Author	SHA1	Message	Date
albexk	d77f3ecee8	Fix build error	2023-11-15 15:48:40 +03:00
albexk	06776ebe8f	Fix errors	2023-11-14 23:19:46 +03:00
albexk	e1eec55f62	Refactoring build Move to gradle kotlin DSL Use gradle version catalog All android build parameters are set via cmake files Use gradle abi split to build APKs Improve local development in the android project folder	2023-11-14 23:18:59 +03:00
albexk	fcabf08e74	Update gradle, fix gradlew.bat crlf	2023-11-14 23:13:14 +03:00
pokamest	b4694313a0	Merge pull request #426 from amnezia-vpn/ios-build Change Qt mirror for builds	2023-11-14 09:54:54 -08:00
tiaga	abb2cae1f8	Change Qt mirror for builds Use UC Berkeley mirror for installing Qt during a build. In addition, don't trigger builds on a tag push.	2023-11-14 23:39:15 +07:00
pokamest	b0004fd9dc	Version bump	2023-11-14 12:50:52 +00:00
pokamest	19fe61ed29	Merge pull request #423 from amnezia-vpn/r2 Upload new versions to R2	2023-11-13 09:34:30 -08:00
tiaga	72de38b4fb	Upload new versions to R2 A new GitHub Actions workflow for a tagged commit which uploads installers for a desktop version to Cloudflare R2.	2023-11-10 23:19:00 +07:00
pokamest	02c0f96e5e	Merge pull request #418 from amnezia-vpn/feature/split-tunnel-dns-forwad Use DNS over VPN for ForwardSites mode split tunnel	2023-11-07 06:35:43 -08:00
Mykola Baibuz	5e9f688000	Use DNS over VPN for ForwardSites mode split tunnel This feature was in previous version of Split Tunnel	2023-11-04 15:28:59 -04:00
pokamest	6a7e346695	Merge pull request #416 from amnezia-vpn/bugfix/openvpn-exclude-route Fix Split tunnel exclude sites mode for OpenVPN and Cloak. Windows.	2023-11-04 06:09:01 -07:00
Mykola Baibuz	071738116e	Update Windows OpenVPN binary This binary builded with ENABLE_DEBUG flag. This flag needed for ROUTE_GATEWAY varible output in log.	2023-11-03 17:29:40 -04:00
pokamest	ae4ee6431d	Merge pull request #409 from useribs/patch-2 Update servercontroller.cpp, replace 2 calls (shred ; rm) with one	2023-11-01 12:23:14 -07:00
pokamest	d1ccde2a4b	Merge pull request #396 from amnezia-vpn/bugfix/server-config-sync bugfix/server config sync	2023-11-01 07:15:10 -07:00
useribs	4848091203	Update servercontroller.cpp, replace 2 calls (shred ; rm) with one (shred -u)	2023-10-30 20:09:13 +03:00
pokamest	282f159311	Merge pull request #402 from amnezia-vpn/bugfix/description_dns Update DNS description	2023-10-29 09:07:42 -07:00
lunardunno	4ef8c77a2d	Update DNS description	2023-10-29 17:56:10 +04:00
pokamest	08c1cf2439	Merge pull request #382 from amnezia-vpn/feature/split-tunnel-mobile Split tunnel for missed Protocol/OS	2023-10-29 06:26:07 -07:00
Mykola Baibuz	2fc33875bb	Bump version	2023-10-27 15:38:24 -04:00
Mykola Baibuz	9e92e4b5ff	Merge branch 'dev' into feature/split-tunnel-mobile	2023-10-27 15:37:28 -04:00
pokamest	7f2cf70bf5	Merge pull request #393 from amnezia-vpn/bugfix/return-after-installation fixed page return after installation	2023-10-26 12:40:39 -07:00
vladimir.kuznetsov	8164026891	fixed server config update, after container config change	2023-10-26 23:37:51 +05:00
Mykola Baibuz	0e23b3a1ac	Allow traffic to Amezia DNS for all OS	2023-10-25 22:19:07 +03:00
Mykola Baibuz	1739d4861e	Allow acces to Amnezia DNS when used only for selected sites	2023-10-25 21:50:35 +03:00
Mykola Baibuz	a6b6e7850d	Allow traffic for excluded route on Windows kill switch	2023-10-24 23:07:07 +03:00
Mykola Baibuz	3e9dea6f07	Remove some not implemented notification	2023-10-24 13:37:40 +03:00
Mykola Baibuz	1b37ca805f	Cleanup debug stuff	2023-10-24 11:10:16 +03:00
Mykola Baibuz	c772f56da7	Fixes after merge	2023-10-24 11:00:40 +03:00
Mykola Baibuz	bc183e39bb	Merge branch 'feature/split-tunnel-mobile' of github.com:amnezia-vpn/amnezia-client into feature/split-tunnel-mobile	2023-10-24 00:35:58 +03:00
Mykola Baibuz	306d4f70a8	Update NE Sources	2023-10-24 00:33:35 +03:00
Mykola Baibuz	a386d39495	iOS Cloak/OVPN SplitTunnel	2023-10-24 00:28:41 +03:00
Mykola Baibuz	22b14dff5f	iOS AWG/WG split tunnel	2023-10-23 22:42:02 +03:00
vladimir.kuznetsov	6a12cad1c9	fixed page return after installation	2023-10-23 21:33:07 +05:00
Mykola Baibuz	c15665803d	Merge branch 'dev' into feature/split-tunnel-mobile	2023-10-22 15:26:20 -04:00
Mykola Baibuz	f0b872e86b	Merge remote-tracking branch 'origin/bugfix/pull-awg-config' into feature/split-tunnel-mobile	2023-10-21 23:24:54 +03:00
Mykola Baibuz	0c33432436	Fix pulling exiting AWG config from server	2023-10-21 14:55:15 -04:00
Mykola Baibuz	78c83b2e21	Some logic fix	2023-10-19 17:03:24 -04:00
Mykola Baibuz	414a47e2f2	WG/AWG Desktop AllowedIP from plain WG config	2023-10-19 14:50:51 -04:00
Mykola Baibuz	32c304dc1b	WG/AWG SplitTunnel for desktop	2023-10-18 17:44:28 -04:00
Mykola Baibuz	4ea1a19572	Cleanup WG implementation	2023-10-18 13:41:58 -04:00
Mykola Baibuz	c14f1b5000	Android OpenVPN/Cloak Split tunnel	2023-10-17 16:39:56 -04:00
Mykola Baibuz	546d4c1d3d	WG/AWG Android splitTunnel	2023-10-17 14:54:46 -04:00
Mykola Baibuz	2a0166bb26	Merge branch 'bugfix/split-tunneling' of https://github.com/amnezia-vpn/amnezia-client into bugfix/split-tunneling	2023-10-16 12:05:50 -04:00
Mykola Baibuz	2df612ec1f	Android SplitTunnel	2023-10-16 12:05:35 -04:00
Mykola Baibuz	501670bdd2	Merge branch 'feature/split-tunneling-config' into bugfix/split-tunneling	2023-10-15 15:10:05 -04:00
vladimir.kuznetsov	b78bf39767	added split tunneling to the config	2023-10-13 15:45:06 +05:00