fix: context menu fixes for qt6.9

2026-06-20 02:00:55 +07:00 · 2025-11-20 10:10:49 +08:00
232 changed files with 3497 additions and 7385 deletions
@@ -10,10 +10,10 @@ env:

 jobs:
  Build-Linux-Ubuntu:
-    runs-on: android-runner
+    runs-on: ubuntu-22.04

    env:
-      QT_VERSION: 6.10.1
+      QT_VERSION: 6.6.2
      QIF_VERSION: 4.7
      PROD_AGW_PUBLIC_KEY: ${{ secrets.PROD_AGW_PUBLIC_KEY }}
      PROD_S3_ENDPOINT: ${{ secrets.PROD_S3_ENDPOINT }}
@@ -30,15 +30,13 @@ jobs:
        version: ${{ env.QT_VERSION }}
        host: 'linux'
        target: 'desktop'
-        arch: 'linux_gcc_64'
+        arch: 'gcc_64'
        modules: 'qtremoteobjects qt5compat qtshadertools'
        dir: ${{ runner.temp }}
        setup-python: 'true'
        tools: 'tools_ifw'
        set-env: 'true'
-        aqtversion: '==3.3.0'       
-        py7zrversion: '==0.22.*'  
-        extra: '--base ${{ env.QT_MIRROR }}' 
+        extra: '--external 7z --base ${{ env.QT_MIRROR }}'

    - name: 'Get sources'
      uses: actions/checkout@v4
@@ -46,31 +44,24 @@ jobs:
        submodules: 'true'
        fetch-depth: 10

-    - name: 'Get version from CMakeLists.txt'
-      id: get_version
-      run: |
-        VERSION=$(grep 'set(AMNEZIAVPN_VERSION' CMakeLists.txt | sed -E 's/.*AMNEZIAVPN_VERSION ([0-9]+.[0-9]+.[0-9]+.[0-9]+)\)/\1/')
-        echo "VERSION=$VERSION" >> $GITHUB_ENV
-        echo "Version: $VERSION"
-
-    # - name: 'Setup ccache'
-    #   uses: hendrikmuhs/ccache-action@v1.2
+    - name: 'Setup ccache'
+      uses: hendrikmuhs/ccache-action@v1.2

    - name: 'Build project'
      run: |
-        sudo apt-get install libxkbcommon-x11-0 libsecret-1-dev
+        sudo apt-get install libxkbcommon-x11-0
        export QT_BIN_DIR=${{ runner.temp }}/Qt/${{ env.QT_VERSION }}/gcc_64/bin
        export QIF_BIN_DIR=${{ runner.temp }}/Qt/Tools/QtInstallerFramework/${{ env.QIF_VERSION }}/bin
        bash deploy/build_linux.sh

    - name: 'Pack installer'
-      run: cd deploy && tar -cf AmneziaVPN_Linux_Installer.tar AmneziaVPN_Linux_Installer.bin && zip AmneziaVPN_${VERSION}_linux_x64.tar.zip AmneziaVPN_Linux_Installer.tar
+      run: cd deploy && tar -cf AmneziaVPN_Linux_Installer.tar AmneziaVPN_Linux_Installer.bin

    - name: 'Upload installer artifact'
      uses: actions/upload-artifact@v4
      with:
-        name: AmneziaVPN_${{ env.VERSION }}_linux_x64.tar.zip
-        path: deploy/AmneziaVPN_${{ env.VERSION }}_linux_x64.tar.zip
+        name: AmneziaVPN_Linux_installer.tar
+        path: deploy/AmneziaVPN_Linux_Installer.tar
        retention-days: 7

    - name: 'Upload unpacked artifact'
@@ -93,7 +84,7 @@ jobs:
    runs-on: windows-latest

    env:
-      QT_VERSION: 6.10.1
+      QT_VERSION: 6.6.2
      QIF_VERSION: 4.7
      BUILD_ARCH: 64
      PROD_AGW_PUBLIC_KEY: ${{ secrets.PROD_AGW_PUBLIC_KEY }}
@@ -111,16 +102,8 @@ jobs:
        submodules: 'true'
        fetch-depth: 10

-    - name: 'Get version from CMakeLists.txt'
-      id: get_version
-      shell: bash
-      run: |
-        VERSION=$(grep 'set(AMNEZIAVPN_VERSION' CMakeLists.txt | sed -E 's/.*AMNEZIAVPN_VERSION ([0-9]+.[0-9]+.[0-9]+.[0-9]+)\)/\1/')
-        echo "VERSION=$VERSION" >> $GITHUB_ENV
-        echo "Version: $VERSION"
-
-    # - name: 'Setup ccache'
-    #   uses: hendrikmuhs/ccache-action@v1.2
+    - name: 'Setup ccache'
+      uses: hendrikmuhs/ccache-action@v1.2

    - name: 'Install Qt'
      uses: jurplel/install-qt-action@v3
@@ -128,62 +111,32 @@ jobs:
        version: ${{ env.QT_VERSION }}
        host: 'windows'
        target: 'desktop'
-        arch: 'win64_msvc2022_64'
+        arch: 'win64_msvc2019_64'
        modules: 'qtremoteobjects qt5compat qtshadertools'
        dir: ${{ runner.temp }}
        setup-python: 'true'
        tools: 'tools_ifw'
        set-env: 'true'
-        aqtversion: '==3.3.0'       
-        py7zrversion: '==0.22.*'  
-        extra: '--base ${{ env.QT_MIRROR }}' 
+        extra: '--external 7z --base ${{ env.QT_MIRROR }}'

    - name: 'Setup mvsc'
      uses: ilammy/msvc-dev-cmd@v1
      with:
        arch: 'x64'

-    - name: 'Setup .NET SDK'
-      uses: actions/setup-dotnet@v4
-      with:
-        dotnet-version: '8.0.x'
-
-    - name: 'Install WiX Toolset'
-      shell: powershell
-      run: |
-        dotnet tool install --global wix --version 4.0.6
-        wix extension add -g WixToolset.UI.wixext/4.0.6
-        wix extension add -g WixToolset.Util.wixext/4.0.6
-        wix extension list -g
-        $wixBinDir = Join-Path $env:USERPROFILE ".dotnet\tools"
-        echo "WIX_BIN_DIR=$wixBinDir" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
-
    - name: 'Build project'
      shell: cmd
      run: |
        set BUILD_ARCH=${{ env.BUILD_ARCH }}
-        set QT_BIN_DIR="${{ runner.temp }}\\Qt\\${{ env.QT_VERSION }}\\msvc2022_64\\bin"
+        set QT_BIN_DIR="${{ runner.temp }}\\Qt\\${{ env.QT_VERSION }}\\msvc2019_64\\bin"
        set QIF_BIN_DIR="${{ runner.temp }}\\Qt\\Tools\\QtInstallerFramework\\${{ env.QIF_VERSION }}\\bin"
-        set WIX_BIN_DIR=%USERPROFILE%\.dotnet\tools
        call deploy\\build_windows.bat

-    - name: 'Rename Windows installer'
-      shell: cmd
-      run: |
-        copy AmneziaVPN_x${{ env.BUILD_ARCH }}.exe AmneziaVPN_%VERSION%_x64.exe
-
    - name: 'Upload installer artifact'
      uses: actions/upload-artifact@v4
      with:
-        name: AmneziaVPN_${{ env.VERSION }}_x64.exe
-        path: AmneziaVPN_${{ env.VERSION }}_x64.exe
-        retention-days: 7
-
-    - name: 'Upload MSI installer artifact'
-      uses: actions/upload-artifact@v4
-      with:
-        name: AmneziaVPN_Windows_MSI_installer
-        path: AmneziaVPN_x${{ env.BUILD_ARCH }}.msi
+        name: AmneziaVPN_Windows_installer
+        path: AmneziaVPN_x${{ env.BUILD_ARCH }}.exe
        retention-days: 7

    - name: 'Upload unpacked artifact'
@@ -196,10 +149,10 @@ jobs:
 # ------------------------------------------------------

  Build-iOS:
-    runs-on: macos-latest
+    runs-on: macos-13

    env:
-      QT_VERSION: 6.10.1
+      QT_VERSION: 6.6.2
      CC: cc
      CXX: c++
      PROD_AGW_PUBLIC_KEY: ${{ secrets.PROD_AGW_PUBLIC_KEY }}
@@ -214,7 +167,7 @@ jobs:
    - name: 'Setup xcode'
      uses: maxim-lobanov/setup-xcode@v1
      with:
-        xcode-version: '26.1'
+        xcode-version: '15.2'

    - name: 'Install desktop Qt'
      uses: jurplel/install-qt-action@v3
@@ -258,8 +211,8 @@ jobs:
        submodules: 'true'
        fetch-depth: 10

-    # - name: 'Setup ccache'
-    #   uses: hendrikmuhs/ccache-action@v1.2
+    - name: 'Setup ccache'
+      uses: hendrikmuhs/ccache-action@v1.2

    - name: 'Install dependencies'
      run: pip install jsonschema jinja2
@@ -350,8 +303,8 @@ jobs:
        submodules: 'true'
        fetch-depth: 10

-    # - name: 'Setup ccache'
-    #   uses: hendrikmuhs/ccache-action@v1.2
+    - name: 'Setup ccache'
+      uses: hendrikmuhs/ccache-action@v1.2

    - name: 'Build project'
      run: |
@@ -378,7 +331,7 @@ jobs:
    runs-on: macos-latest

    env:
-      QT_VERSION: 6.10.1
+      QT_VERSION: 6.8.0

      MAC_TEAM_ID: ${{ secrets.MAC_TEAM_ID }}

@@ -408,7 +361,7 @@ jobs:
        xcode-version: '16.2.0'

    - name: 'Install Qt'
-      uses: jurplel/install-qt-action@v4
+      uses: jurplel/install-qt-action@v3
      with:
        version: ${{ env.QT_VERSION }}
        host: 'mac'
@@ -418,9 +371,8 @@ jobs:
        dir: ${{ runner.temp }}
        setup-python: 'true'
        set-env: 'true'
-        aqtversion: '==3.3.0'       
-        py7zrversion: '==0.22.*'  
-        extra: '--base ${{ env.QT_MIRROR }}' 
+        extra: '--external 7z --base ${{ env.QT_MIRROR }}'
+

    - name: 'Get sources'
      uses: actions/checkout@v4
@@ -428,32 +380,19 @@ jobs:
        submodules: 'true'
        fetch-depth: 10

-    - name: 'Get version from CMakeLists.txt'
-      id: get_version
-      run: |
-        VERSION=$(grep 'set(AMNEZIAVPN_VERSION' CMakeLists.txt | sed -E 's/.*AMNEZIAVPN_VERSION ([0-9]+.[0-9]+.[0-9]+.[0-9]+)\)/\1/')
-        echo "VERSION=$VERSION" >> $GITHUB_ENV
-        echo "Version: $VERSION"
-
-    # - name: 'Setup ccache'
-    #   uses: hendrikmuhs/ccache-action@v1.2
+    - name: 'Setup ccache'
+      uses: hendrikmuhs/ccache-action@v1.2

    - name: 'Build project'
      run: |
        export QT_BIN_DIR="${{ runner.temp }}/Qt/${{ env.QT_VERSION }}/macos/bin"
        bash deploy/build_macos.sh -n

-    - name: 'Pack macOS installer'
-      run: |
-        cd deploy/build/pkg
-        zip -r ../../AmneziaVPN_${VERSION}_macos.zip AmneziaVPN.pkg
-        cd ../../..
-
    - name: 'Upload installer artifact'
      uses: actions/upload-artifact@v4
      with:
-        name: AmneziaVPN_${{ env.VERSION }}_macos.zip
-        path: deploy/AmneziaVPN_${{ env.VERSION }}_macos.zip
+        name: AmneziaVPN_MacOS_installer
+        path: deploy/build/pkg/AmneziaVPN.pkg
        retention-days: 7

    - name: 'Upload unpacked artifact'
@@ -467,7 +406,7 @@ jobs:
    runs-on: macos-latest

    env:
-      QT_VERSION: 6.10.1
+      QT_VERSION: 6.8.3

      MAC_TEAM_ID: ${{ secrets.MAC_TEAM_ID }}

@@ -487,31 +426,21 @@ jobs:
    - name: 'Setup xcode'
      uses: maxim-lobanov/setup-xcode@v1
      with:
-        xcode-version: '26.1'
+        xcode-version: '16.2.0'

-    - name: 'Install desktop Qt'
+    - name: 'Install Qt'
      uses: jurplel/install-qt-action@v3
      with:
        version: ${{ env.QT_VERSION }}
        host: 'mac'
        target: 'desktop'
-        modules: 'qtremoteobjects qt5compat qtshadertools qtmultimedia'
        arch: 'clang_64'
+        modules: 'qtremoteobjects qt5compat qtshadertools'
        dir: ${{ runner.temp }}
+        setup-python: 'true'
        set-env: 'true'
-        extra: '--base ${{ env.QT_MIRROR }}'
+        extra: '--external 7z --base ${{ env.QT_MIRROR }}'

-    - name: 'Install go'
-      uses: actions/setup-go@v5
-      with:
-        go-version: '1.24'
-        cache: false
-
-    - name: 'Setup gomobile'
-      run: |
-          export PATH=$PATH:~/go/bin
-          go install golang.org/x/mobile/cmd/gomobile@latest
-          gomobile init

    - name: 'Get sources'
      uses: actions/checkout@v4
@@ -519,8 +448,8 @@ jobs:
        submodules: 'true'
        fetch-depth: 10

-    # - name: 'Setup ccache'
-    #   uses: hendrikmuhs/ccache-action@v1.2
+    - name: 'Setup ccache'
+      uses: hendrikmuhs/ccache-action@v1.2

    - name: 'Build project'
      run: |
@@ -537,11 +466,11 @@ jobs:
 # ------------------------------------------------------

  Build-Android:
-    runs-on: android-runner
+    runs-on: ubuntu-latest

    env:
      ANDROID_BUILD_PLATFORM: android-36
-      QT_VERSION: 6.10.1
+      QT_VERSION: 6.8.3
      QT_MODULES: 'qtremoteobjects qt5compat qtimageformats qtshadertools'
      PROD_AGW_PUBLIC_KEY: ${{ secrets.PROD_AGW_PUBLIC_KEY }}
      PROD_S3_ENDPOINT: ${{ secrets.PROD_S3_ENDPOINT }}
@@ -622,22 +551,15 @@ jobs:
      with:
        submodules: 'true'

-    - name: 'Get version from CMakeLists.txt'
-      id: get_version
-      run: |
-        VERSION=$(grep 'set(AMNEZIAVPN_VERSION' CMakeLists.txt | sed -E 's/.*AMNEZIAVPN_VERSION ([0-9]+.[0-9]+.[0-9]+.[0-9]+)\)/\1/')
-        echo "VERSION=$VERSION" >> $GITHUB_ENV
-        echo "Version: $VERSION"
-
-    # - name: 'Setup ccache'
-    #   uses: hendrikmuhs/ccache-action@v1.2
+    - name: 'Setup ccache'
+      uses: hendrikmuhs/ccache-action@v1.2

    - name: 'Setup Java'
      uses: actions/setup-java@v4
      with:
        distribution: 'temurin'
        java-version: '17'
-        # cache: 'gradle'
+        cache: 'gradle'

    - name: 'Setup Android NDK'
      id: setup-ndk
@@ -662,44 +584,35 @@ jobs:
      shell: bash
      run: ./deploy/build_android.sh --aab --apk all --build-platform ${{ env.ANDROID_BUILD_PLATFORM }}

-    - name: 'Rename Android APKs'
-      run: |
-        cd deploy/build
-        mv AmneziaVPN-x86_64-release.apk AmneziaVPN_${VERSION}_android9+_x86_64.apk
-        mv AmneziaVPN-x86-release.apk AmneziaVPN_${VERSION}_android9+_x86.apk
-        mv AmneziaVPN-arm64-v8a-release.apk AmneziaVPN_${VERSION}_android9+_arm64-v8a.apk
-        mv AmneziaVPN-armeabi-v7a-release.apk AmneziaVPN_${VERSION}_android9+_armeabi-v7a.apk
-        cd ../..
-
    - name: 'Upload x86_64 apk'
      uses: actions/upload-artifact@v4
      with:
-        name: AmneziaVPN_${{ env.VERSION }}_android9+_x86_64.apk
-        path: deploy/build/AmneziaVPN_${{ env.VERSION }}_android9+_x86_64.apk
+        name: AmneziaVPN-android-x86_64
+        path: deploy/build/AmneziaVPN-x86_64-release.apk
        compression-level: 0
        retention-days: 7

    - name: 'Upload x86 apk'
      uses: actions/upload-artifact@v4
      with:
-        name: AmneziaVPN_${{ env.VERSION }}_android9+_x86.apk
-        path: deploy/build/AmneziaVPN_${{ env.VERSION }}_android9+_x86.apk
+        name: AmneziaVPN-android-x86
+        path: deploy/build/AmneziaVPN-x86-release.apk
        compression-level: 0
        retention-days: 7

    - name: 'Upload arm64-v8a apk'
      uses: actions/upload-artifact@v4
      with:
-        name: AmneziaVPN_${{ env.VERSION }}_android9+_arm64-v8a.apk
-        path: deploy/build/AmneziaVPN_${{ env.VERSION }}_android9+_arm64-v8a.apk
+        name: AmneziaVPN-android-arm64-v8a
+        path: deploy/build/AmneziaVPN-arm64-v8a-release.apk
        compression-level: 0
        retention-days: 7

    - name: 'Upload armeabi-v7a apk'
      uses: actions/upload-artifact@v4
      with:
-        name: AmneziaVPN_${{ env.VERSION }}_android9+_armeabi-v7a.apk
-        path: deploy/build/AmneziaVPN_${{ env.VERSION }}_android9+_armeabi-v7a.apk
+        name: AmneziaVPN-android-armeabi-v7a
+        path: deploy/build/AmneziaVPN-armeabi-v7a-release.apk
        compression-level: 0
        retention-days: 7

@@ -24,7 +24,7 @@ jobs:
      - name: Verify git tag
        run: |
          TAG_NAME=${{ inputs.RELEASE_VERSION }}
-          CMAKE_TAG=$(grep 'set(AMNEZIAVPN_VERSION' CMakeLists.txt | sed -E 's/.*AMNEZIAVPN_VERSION ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+).*/\1/')
+          CMAKE_TAG=$(grep 'project.*VERSION' CMakeLists.txt | sed -E 's/.* ([0-9]+.[0-9]+.[0-9]+.[0-9]+)$/\1/')
          if [[ "$TAG_NAME" == "$CMAKE_TAG" ]]; then
            echo "Git tag ($TAG_NAME) matches CMakeLists.txt version ($CMAKE_TAG)."
          else
@@ -140,6 +140,3 @@ ios-ne-build.sh
 macos-ne-build.sh
 macos-signed-build.sh
 macos-with-sign-build.sh
-DeveloperIdApplicationCertificate.p12
-DeveloperIdInstallerCertificate.p12
-
@@ -14,7 +14,3 @@
 [submodule "client/3rd/QSimpleCrypto"]
 	path = client/3rd/QSimpleCrypto
 	url = https://github.com/amnezia-vpn/QSimpleCrypto.git
-[submodule "client/3rd/qtgamepad"]
-	path = client/3rd/qtgamepad
-	url = https://github.com/amnezia-vpn/qtgamepad.git
-	branch = 6.6
@@ -1,7 +1,7 @@
 cmake_minimum_required(VERSION 3.25.0 FATAL_ERROR)

 set(PROJECT AmneziaVPN)
-set(AMNEZIAVPN_VERSION 4.8.14.5)
+set(AMNEZIAVPN_VERSION 4.8.11.4)

 project(${PROJECT} VERSION ${AMNEZIAVPN_VERSION}
        DESCRIPTION "AmneziaVPN"
@@ -12,7 +12,7 @@ string(TIMESTAMP CURRENT_DATE "%Y-%m-%d")
 set(RELEASE_DATE "${CURRENT_DATE}")

 set(APP_MAJOR_VERSION ${CMAKE_PROJECT_VERSION_MAJOR}.${CMAKE_PROJECT_VERSION_MINOR}.${CMAKE_PROJECT_VERSION_PATCH})
-set(APP_ANDROID_VERSION_CODE 2118)
+set(APP_ANDROID_VERSION_CODE 2099)

 if(${CMAKE_SYSTEM_NAME} STREQUAL "Linux")
    set(MZ_PLATFORM_NAME "linux")
@@ -49,39 +49,3 @@ if(NOT IOS AND NOT ANDROID AND NOT MACOS_NE)

    include(${CMAKE_SOURCE_DIR}/deploy/installer/config.cmake)
 endif()
-
-set(AMNEZIA_STAGE_DIR "${CMAKE_BINARY_DIR}/stage")
-
-if(WIN32 AND NOT IOS AND NOT ANDROID AND NOT MACOS_NE)
-    file(TO_CMAKE_PATH "${AMNEZIA_STAGE_DIR}" AMNEZIA_STAGE_DIR_CMAKE)
-
-    set(CPACK_GENERATOR "WIX")
-    set(CPACK_WIX_VERSION 4)
-    set(CPACK_PACKAGE_NAME "AmneziaVPN")
-    set(CPACK_PACKAGE_VENDOR "AmneziaVPN")
-    set(CPACK_PACKAGE_VERSION ${AMNEZIAVPN_VERSION})
-    set(CPACK_PACKAGE_DESCRIPTION_SUMMARY "AmneziaVPN client")
-    set(AMNEZIA_LICENSE_TXT "${CMAKE_BINARY_DIR}/LICENSE.txt")
-    configure_file("${CMAKE_SOURCE_DIR}/LICENSE" "${AMNEZIA_LICENSE_TXT}" COPYONLY)
-    set(CPACK_RESOURCE_FILE_LICENSE "${AMNEZIA_LICENSE_TXT}")
-    set(CPACK_PACKAGE_INSTALL_DIRECTORY "AmneziaVPN")
-    set(CPACK_PACKAGE_DIRECTORY "${CMAKE_BINARY_DIR}")
-    set(CPACK_PACKAGE_EXECUTABLES "AmneziaVPN" "AmneziaVPN")
-    set(CPACK_WIX_UPGRADE_GUID "{2D55AC62-96D6-4692-8C05-0D85BBF95485}")
-    set(CPACK_WIX_PRODUCT_ICON "${CMAKE_SOURCE_DIR}/client/images/app.ico")
-
-    # WiX patches
-    set(_AMNEZIA_WIX_PATCH_SERVICE "${CMAKE_SOURCE_DIR}/deploy/installer/wix/service_install_patch.xml")
-    set(_AMNEZIA_WIX_PATCH_CLOSE_APP "${CMAKE_SOURCE_DIR}/deploy/installer/wix/close_client_patch.xml")
-    file(TO_CMAKE_PATH "${_AMNEZIA_WIX_PATCH_SERVICE}" _AMNEZIA_WIX_PATCH_SERVICE_CMAKE)
-    file(TO_CMAKE_PATH "${_AMNEZIA_WIX_PATCH_CLOSE_APP}" _AMNEZIA_WIX_PATCH_CLOSE_APP_CMAKE)
-    set(CPACK_WIX_PATCH_FILE "${_AMNEZIA_WIX_PATCH_SERVICE_CMAKE};${_AMNEZIA_WIX_PATCH_CLOSE_APP_CMAKE}")
-
-    # WiX v4 Util extension for CloseApplication + namespace for util
-    set(CPACK_WIX_EXTENSIONS "${CPACK_WIX_EXTENSIONS};WixToolset.Util.wixext")
-    set(CPACK_WIX_CUSTOM_XMLNS "util=http://wixtoolset.org/schemas/v4/wxs/util")
-
-    set(CPACK_INSTALLED_DIRECTORIES "${AMNEZIA_STAGE_DIR_CMAKE};/")
-
-    include(CPack)
-endif()
@@ -179,7 +179,7 @@ You may face compiling issues in QT Creator after you've worked in Android Studi

 ## License

-This project is licensed under the GNU General Public License v3.0 (see LICENSE) and also includes third-party components distributed under their own terms (see THIRD_PARTY_LICENSES.md).
+GPL v3.0

 ## Donate

@@ -1,149 +0,0 @@
-# Third-Party Licenses
-
-This project is licensed under the GNU General Public License v3.0.
-This file lists third-party software components used by this repository.
-Each component is distributed under its own license as linked below.
-
---
-
-## QtKeychain
-
- Source: https://github.com/frankosterfeld/qtkeychain
- License: BSD License
- License Text: https://www.gnu.org/licenses/license-list.html#ModifiedBSD
-
---
-
-## QSimpleCrypto
-
- Source: https://github.com/n1flh31mur/QSimpleCrypto
- License: Apache License 2.0
- License Text: https://github.com/n1flh31mur/QSimpleCrypto/blob/master/LICENSE
-
---
-
-## SortFilterProxyModel
-
- Source: https://github.com/oKcerG/SortFilterProxyModel
- License: MIT License
- License Text: https://github.com/oKcerG/SortFilterProxyModel/blob/master/LICENSE
-
---
-
-## QJsonStruct
-
- Source: https://github.com/Qv2ray/QJsonStruct
- License: MIT License
- License Text: https://github.com/Qv2ray/QJsonStruct/blob/master/LICENSE
-
---
-
-## QR Code Generator (qrcodegen)
-
- Source: https://github.com/nayuki/QR-Code-generator
- License: MIT License
- License Text: https://www.nayuki.io/page/qr-code-generator-library
-
---
-
-## Qt Gamepad
-
- Source: https://github.com/qt/qtgamepad
- License: GNU General Public License v3.0 (GPL-3.0)
- License Text: https://www.gnu.org/licenses/gpl-3.0.en.html
-
---
-
-## AmneziaWG Apple (WireGuard)
-
- Source: https://github.com/amnezia-vpn/amneziawg-apple
- License: MIT License
- License Text: https://github.com/amnezia-vpn/amneziawg-apple/blob/master/COPYING
-
---
-
-## AmneziaWG Android
-
- Source: https://github.com/amnezia-vpn/amneziawg-go
- License: MIT License
- License Text: https://github.com/amnezia-vpn/amneziawg-go/blob/master/LICENSE
-
---
-
-## Xray Core
-
- Source: https://github.com/XTLS/Xray-core
- License: Mozilla Public License 2.0 (MPL-2.0)
- License Text: https://github.com/XTLS/Xray-core/blob/main/LICENSE
-
---
-
-## Cloak
-
- Source: https://github.com/cbeuw/Cloak
- License: GNU General Public License v3.0 (GPL-3.0)
- License Text: https://github.com/cbeuw/Cloak/blob/master/LICENSE
-
---
-
-## Shadowsocks
-
- Source: https://github.com/shadowsocks/shadowsocks-libev
- License: GPL-3.0-or-later
- License Text: http://www.gnu.org/licenses/
-
---
-
-## OpenSSL
-
- Source: https://github.com/openssl/openssl
- License: Apache License 2.0
- License Text: https://www.openssl.org/source/license.html
-
---
-
-## libssh
-
- Source: https://www.libssh.org/
- License: GNU Lesser General Public License (LGPL)
- License Text: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
-
---
-
-## OpenVPNAdapter
-
- Source: https://github.com/ss-abramchuk/OpenVPNAdapter
- License: GNU Affero General Public License v3.0 (AGPL-3.0)
- License Text: https://github.com/ss-abramchuk/OpenVPNAdapter/blob/master/LICENSE
-
---
-
-## Wintun
-
- Source: https://www.wintun.net/
- License: Prebuilt Binaries License
- License Text: https://github.com/WireGuard/wintun/blob/master/prebuilt-binaries-license.txt
-
---
-
-## Mullvad Split Tunnel Driver
-
- Source: https://github.com/mullvad/win-split-tunnel
- License: GNU General Public License v3.0 (GPL-3.0) and Mozilla Public License Version 2.0
- License Text: https://github.com/mullvad/win-split-tunnel/blob/master/LICENSE-GPL.md https://github.com/mullvad/win-split-tunnel/blob/master/LICENSE-MPL.txt
-
---
-
-## tun2socks
-
- Source: https://github.com/eycorsican/go-tun2socks
- License: MIT License
- License Text: https://github.com/eycorsican/go-tun2socks/blob/master/LICENSE
-
---
-
-## TAP-Windows Driver
-
- Source: https://github.com/OpenVPN/tap-windows6
- License: tap-windows6 license
- License Text: https://github.com/OpenVPN/tap-windows6/blob/master/COPYING
@@ -56,9 +56,10 @@ target_include_directories(${PROJECT} PUBLIC
    $<BUILD_INTERFACE:${CMAKE_CURRENT_BINARY_DIR}>
 )

-if(WIN32 OR (APPLE AND NOT IOS AND NOT MACOS_NE) OR (LINUX AND NOT ANDROID))
+if(WIN32 OR (APPLE AND NOT IOS) OR (LINUX AND NOT ANDROID))
    qt_add_repc_replicas(${PROJECT} ${CMAKE_CURRENT_LIST_DIR}/../ipc/ipc_interface.rep)
    qt_add_repc_replicas(${PROJECT} ${CMAKE_CURRENT_LIST_DIR}/../ipc/ipc_process_interface.rep)
+    qt_add_repc_replicas(${PROJECT} ${CMAKE_CURRENT_LIST_DIR}/../ipc/ipc_process_tun2socks.rep)
 endif()

 qt6_add_resources(QRC ${QRC} ${CMAKE_CURRENT_LIST_DIR}/resources.qrc)
@@ -78,7 +79,6 @@ set(AMNEZIAVPN_TS_FILES
 )

 file(GLOB_RECURSE AMNEZIAVPN_TS_SOURCES *.qrc *.cpp *.h *.ui)
-list(FILTER AMNEZIAVPN_TS_SOURCES EXCLUDE REGEX "qtgamepad/examples")

 qt_create_translation(AMNEZIAVPN_QM_FILES ${AMNEZIAVPN_TS_SOURCES} ${AMNEZIAVPN_TS_FILES})

@@ -228,13 +228,4 @@ if(NOT IOS AND NOT ANDROID AND NOT MACOS_NE)
 endif()

 target_sources(${PROJECT} PRIVATE ${SOURCES} ${HEADERS} ${RESOURCES} ${QRC} ${I18NQRC})
-
-# Finalize the executable so Qt can gather/deploy QML modules and plugins correctly (Android needs this).
-if(COMMAND qt_import_qml_plugins)
-    qt_import_qml_plugins(${PROJECT})
-endif()
-if(COMMAND qt_finalize_executable)
-    qt_finalize_executable(${PROJECT})
-else()
-    qt_finalize_target(${PROJECT})
-endif()
+qt_finalize_target(${PROJECT})
@@ -13,8 +13,6 @@
 #include <QTimer>
 #include <QTranslator>
 #include <QEvent>
-#include <QDir>
-#include <QSettings>

 #include "logger.h"
 #include "ui/controllers/pageController.h"
@@ -27,15 +25,10 @@
 #include <QtQuick/QQuickWindow>  // for QQuickWindow
 #include <QWindow>              // for qobject_cast<QWindow*>

-bool AmneziaApplication::m_forceQuit = false;
-
 AmneziaApplication::AmneziaApplication(int &argc, char *argv[]) : AMNEZIA_BASE_CLASS(argc, argv),
      m_optAutostart({QStringLiteral("a"), QStringLiteral("autostart")}, QStringLiteral("System autostart")),
-      m_optCleanup  ({QStringLiteral("c"), QStringLiteral("cleanup")}, QStringLiteral("Cleanup logs")),
-      m_optConnect  ({QStringLiteral("connect")}, QStringLiteral("Connect to server by index on startup"), QStringLiteral("index")),
-      m_optImport   ({QStringLiteral("import")}, QStringLiteral("Import configuration from data string"), QStringLiteral("data"))
+      m_optCleanup  ({QStringLiteral("c"), QStringLiteral("cleanup")}, QStringLiteral("Cleanup logs"))
 {
-    setDesktopFileName(QStringLiteral(APPLICATION_NAME));
    setQuitOnLastWindowClosed(false);

    // Fix config file permissions
@@ -60,40 +53,14 @@ AmneziaApplication::AmneziaApplication(int &argc, char *argv[]) : AMNEZIA_BASE_C

 AmneziaApplication::~AmneziaApplication()
 {
-#ifdef AMNEZIA_DESKTOP
-    if (m_vpnConnection && m_vpnConnectionThread.isRunning()) {
-        QMetaObject::invokeMethod(m_vpnConnection.get(), "disconnectSlots", Qt::BlockingQueuedConnection);
-        
-        QMetaObject::invokeMethod(m_vpnConnection.get(), "disconnectFromVpn", Qt::BlockingQueuedConnection);
-    }
-#endif
-
-    m_vpnConnectionThread.requestInterruption();
    m_vpnConnectionThread.quit();

-    if (!m_vpnConnectionThread.wait(3000)) {
-        m_vpnConnectionThread.terminate();
-        m_vpnConnectionThread.wait(500);
-    }
-
    if (m_engine) {
+        QObject::disconnect(m_engine, 0, 0, 0);
        delete m_engine;
    }
 }

-#ifdef Q_OS_ANDROID
-namespace {
-    static void clearQtCaches()
-    {
-        const QString cacheRoot = QStandardPaths::writableLocation(QStandardPaths::CacheLocation);
-        if (!cacheRoot.isEmpty()) {
-            QDir(cacheRoot + "/QtShaderCache").removeRecursively();
-            QDir(cacheRoot + "/qmlcache").removeRecursively();
-        }
-    }
-}
-#endif
-
 void AmneziaApplication::init()
 {
    m_engine = new QQmlApplicationEngine;
@@ -109,16 +76,6 @@ void AmneziaApplication::init()
            // install filter on main window
            if (auto win = qobject_cast<QQuickWindow*>(obj)) {
                win->installEventFilter(this);
-#ifdef Q_OS_ANDROID
-                QObject::connect(win, &QQuickWindow::sceneGraphError,
-                    [](QQuickWindow::SceneGraphError, const QString &msg) {
-                        qWarning() << "Scene graph error (suppressed):" << msg;
-                    });
-                // Keep graphics context alive across hide/show cycles to avoid
-                // eglSwapBuffers/makeCurrent being called on a context Android has reclaimed.
-                win->setPersistentSceneGraph(true);
-                win->setPersistentGraphics(true);
-#endif
                win->show();
            }
        },
@@ -139,16 +96,6 @@ void AmneziaApplication::init()
    m_coreController.reset(new CoreController(m_vpnConnection, m_settings, m_engine));

    m_engine->addImportPath("qrc:/ui/qml/Modules/");
-
-    if (m_parser.isSet(m_optImport)) {
-        const QString data = m_parser.value(m_optImport);
-        if (!data.isEmpty()) {
-            if (m_coreController) {
-                m_coreController->importConfigFromData(data);
-            }
-        }
-    }
-
    m_engine->load(url);

    m_coreController->setQmlRoot();
@@ -188,18 +135,6 @@ void AmneziaApplication::init()
        }
    });
 #endif
-
-    if (m_parser.isSet(m_optConnect)) {
-        bool ok = false;
-        int idx = m_parser.value(m_optConnect).toInt(&ok);
-        if (ok) {
-            QTimer::singleShot(0, this, [this, idx]() {
-                if (m_coreController) {
-                    m_coreController->openConnectionByIndex(idx);
-                }
-            });
-        }
-    }
 }

 void AmneziaApplication::registerTypes()
@@ -246,8 +181,6 @@ bool AmneziaApplication::parseCommands()

    m_parser.addOption(m_optAutostart);
    m_parser.addOption(m_optCleanup);
-    m_parser.addOption(m_optConnect);
-    m_parser.addOption(m_optImport);
    
    m_parser.process(*this);

@@ -284,12 +217,8 @@ bool AmneziaApplication::eventFilter(QObject *watched, QEvent *event)
 #if defined(Q_OS_ANDROID) || defined(Q_OS_IOS)
        quit();
 #else
-        if (m_forceQuit) {
-            quit();
-        } else {
-            if (m_coreController && m_coreController->pageController()) {
-                m_coreController->pageController()->hideMainWindow();
-            }
+        if (m_coreController && m_coreController->pageController()) {
+            m_coreController->pageController()->hideMainWindow();
        }
 #endif
        return true; // eat the close
@@ -298,12 +227,6 @@ bool AmneziaApplication::eventFilter(QObject *watched, QEvent *event)
    return QObject::eventFilter(watched, event);
 }

-void AmneziaApplication::forceQuit()
-{
-    m_forceQuit = true;
-    quit();
-}
-
 QQmlApplicationEngine *AmneziaApplication::qmlEngine() const
 {
    return m_engine;
@@ -45,11 +45,7 @@ public:
    QNetworkAccessManager *networkManager();
    QClipboard *getClipboard();

-public slots:
-    void forceQuit();
-
 private:
-    static bool m_forceQuit;
    QQmlApplicationEngine *m_engine {};
    std::shared_ptr<Settings> m_settings;

@@ -62,8 +58,6 @@ private:

    QCommandLineOption m_optAutostart;
    QCommandLineOption m_optCleanup;
-    QCommandLineOption m_optConnect;
-    QCommandLineOption m_optImport;

    QSharedPointer<VpnConnection> m_vpnConnection;
    QThread m_vpnConnectionThread;
@@ -93,7 +93,7 @@ open class OpenVpn : Protocol() {
        openVpnClient = null
    }

-    override fun reconnectVpn(vpnBuilder: Builder, protect: (Int) -> Boolean) {
+    override fun reconnectVpn(vpnBuilder: Builder) {
        openVpnClient?.let {
            it.establish = makeEstablish(vpnBuilder)
            it.reconnect(0)
@@ -42,7 +42,7 @@ abstract class Protocol {

    abstract fun stopVpn()

-    abstract fun reconnectVpn(vpnBuilder: Builder, protect: (Int) -> Boolean)
+    abstract fun reconnectVpn(vpnBuilder: Builder)

    protected fun ProtocolConfig.Builder.configSplitTunneling(config: JSONObject) {
        if (!allowSplitTunneling) {
@@ -26,8 +26,6 @@ import android.os.ParcelFileDescriptor
 import android.os.SystemClock
 import android.provider.OpenableColumns
 import android.provider.Settings
-import android.view.InputDevice
-import android.view.KeyEvent
 import android.view.MotionEvent
 import android.view.View
 import android.view.ViewGroup
@@ -75,8 +73,6 @@ private const val OPEN_FILE_ACTION_CODE = 3
 private const val CHECK_NOTIFICATION_PERMISSION_ACTION_CODE = 4

 private const val PREFS_NOTIFICATION_PERMISSION_ASKED = "NOTIFICATION_PERMISSION_ASKED"
-private const val OPEN_FILE_AFTER_RESUME_DELAY_MS = 400L
-private const val KEY_PENDING_OPEN_FILE_URI = "pending_open_file_uri"

 class AmneziaActivity : QtActivity() {

@@ -93,12 +89,6 @@ class AmneziaActivity : QtActivity() {
    private val actionResultHandlers = mutableMapOf<Int, ActivityResultHandler>()
    private val permissionRequestHandlers = mutableMapOf<Int, PermissionRequestHandler>()

-    private var isActivityResumed = false
-    private var hasWindowFocus = false
-    private val resumeHandler = Handler(Looper.getMainLooper())
-    private var pendingOpenFileUri: String? = null
-    private var openFileDeliveryScheduled = false
-
    private val vpnServiceEventHandler: Handler by lazy(NONE) {
        object : Handler(Looper.getMainLooper()) {
            override fun handleMessage(msg: Message) {
@@ -200,18 +190,11 @@ class AmneziaActivity : QtActivity() {
                doBindService()
            }
        )
-        pendingOpenFileUri = savedInstanceState?.getString(KEY_PENDING_OPEN_FILE_URI)
-        openFileDeliveryScheduled = false
        registerBroadcastReceivers()
        intent?.let(::processIntent)
        runBlocking { vpnProto = proto.await() }
    }

-    override fun onSaveInstanceState(outState: Bundle) {
-        super.onSaveInstanceState(outState)
-        pendingOpenFileUri?.let { outState.putString(KEY_PENDING_OPEN_FILE_URI, it) }
-    }
-
    private fun loadLibs() {
        listOf(
            "rsapss",
@@ -277,11 +260,6 @@ class AmneziaActivity : QtActivity() {
    }

    override fun onStop() {
-        isActivityResumed = false
-        hasWindowFocus = false
-        // Cancel all pending operations when activity stops
-        resumeHandler.removeCallbacksAndMessages(null)
-        openFileDeliveryScheduled = false
        Log.d(TAG, "Stop Amnezia activity")
        doUnbindService()
        mainScope.launch {
@@ -291,128 +269,23 @@ class AmneziaActivity : QtActivity() {
        super.onStop()
    }

-    override fun onWindowFocusChanged(hasFocus: Boolean) {
-        super.onWindowFocusChanged(hasFocus)
-        hasWindowFocus = hasFocus
-        Log.d(TAG, "Window focus changed: hasFocus=$hasFocus")
-
-        if (!hasFocus) {
-            // Cancel pending operations if window loses focus
-            resumeHandler.removeCallbacksAndMessages(null)
-        } else if (isActivityResumed && Build.VERSION.SDK_INT >= Build.VERSION_CODES.UPSIDE_DOWN_CAKE) {
-            window.decorView.apply {
-                invalidate()
-                resumeHandler.postDelayed({
-                    if (isActivityResumed && hasWindowFocus && !isFinishing && !isDestroyed) {
-                        sendTouch(1f, 1f)
-                    }
-                }, 50)
-                resumeHandler.postDelayed({
-                    if (isActivityResumed && hasWindowFocus && !isFinishing && !isDestroyed) {
-                        sendTouch(2f, 2f)
-                        requestLayout()
-                        invalidate()
-                    }
-                }, 150)
-            }
-        }
-    }
-
-    override fun dispatchKeyEvent(event: KeyEvent): Boolean {
-        val keyCode = event.keyCode
-        val pressed = event.action == KeyEvent.ACTION_DOWN
-
-        when (keyCode) {
-            KeyEvent.KEYCODE_BUTTON_A,
-            KeyEvent.KEYCODE_BUTTON_B,
-            KeyEvent.KEYCODE_BUTTON_X,
-            KeyEvent.KEYCODE_BUTTON_Y,
-            KeyEvent.KEYCODE_BUTTON_START,
-            KeyEvent.KEYCODE_BUTTON_SELECT -> {
-                    nativeGamepadKeyEvent(0, keyCode, pressed)
-                    return true
-            }
-            KeyEvent.KEYCODE_DPAD_CENTER,
-            KeyEvent.KEYCODE_DPAD_UP,
-            KeyEvent.KEYCODE_DPAD_DOWN,
-            KeyEvent.KEYCODE_DPAD_LEFT,
-            KeyEvent.KEYCODE_DPAD_RIGHT -> {
-                    val syntheticKeyCode = if (keyCode == KeyEvent.KEYCODE_DPAD_CENTER) KeyEvent.KEYCODE_ENTER else keyCode
-                    val synthetic = KeyEvent(
-                        event.downTime, event.eventTime, event.action, syntheticKeyCode,
-                        event.repeatCount, event.metaState, -1, event.scanCode,
-                        event.flags, InputDevice.SOURCE_KEYBOARD
-                    )
-                    return super.dispatchKeyEvent(synthetic)
-            }
-        }
-
-        return super.dispatchKeyEvent(event)
-    }
-
-    private external fun nativeGamepadKeyEvent(deviceId: Int, keyCode: Int, pressed: Boolean)
-
-    override fun onPause() {
-        // Notify Qt to stop rendering BEFORE super.onPause() destroys the EGL surface.
-        // Using a coroutine here would be too late — the surface is gone by the time
-        // the coroutine runs. A direct synchronous call gives Qt's render thread the
-        // best chance to process visible=false before surface destruction.
-        if (qtInitialized.isCompleted) {
-            QtAndroidController.onActivityPaused()
-        }
-        super.onPause()
-        isActivityResumed = false
-        // Cancel all pending operations when activity pauses
-        resumeHandler.removeCallbacksAndMessages(null)
-        openFileDeliveryScheduled = false
-        Log.d(TAG, "Pause Amnezia activity")
-    }
-
    override fun onResume() {
        super.onResume()
-        isActivityResumed = true
-        Log.d(TAG, "Resume Amnezia activity")
-        if (qtInitialized.isCompleted) {
-            QtAndroidController.onActivityResumed()
-        }
-
-        if (pendingOpenFileUri != null && !openFileDeliveryScheduled) {
-            val uri = pendingOpenFileUri!!
-            openFileDeliveryScheduled = true
-            resumeHandler.postDelayed({
-                if (!isFinishing && !isDestroyed) {
-                    pendingOpenFileUri = null
-                    openFileDeliveryScheduled = false
-                    mainScope.launch {
-                        qtInitialized.await()
-                        QtAndroidController.onFileOpened(uri)
-                    }
-                }
-            }, OPEN_FILE_AFTER_RESUME_DELAY_MS)
-        }
-
        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.UPSIDE_DOWN_CAKE) {
            window.decorView.apply {
                invalidate()

-                resumeHandler.postDelayed({
-                    // Check if activity is still resumed and has focus before executing
-                    if (isActivityResumed && hasWindowFocus && !isFinishing && !isDestroyed) {
-                        sendTouch(1f, 1f)
-                    }
+                postDelayed({
+                    sendTouch(1f, 1f)
                }, 100)
-
-                resumeHandler.postDelayed({
-                    if (isActivityResumed && hasWindowFocus && !isFinishing && !isDestroyed) {
-                        sendTouch(2f, 2f)
-                    }
+                
+                postDelayed({
+                    sendTouch(2f, 2f)
                }, 200)
-
-                resumeHandler.postDelayed({
-                    if (isActivityResumed && hasWindowFocus && !isFinishing && !isDestroyed) {
-                        requestLayout()
-                        invalidate()
-                    }
+                
+                postDelayed({
+                    requestLayout()
+                    invalidate()
                }, 250)
            }
        }
@@ -441,11 +314,6 @@ class AmneziaActivity : QtActivity() {
                addFlags(LayoutParams.FLAG_DRAWS_SYSTEM_BAR_BACKGROUNDS)
                statusBarColor = getColor(R.color.black)
            }
-
-            WindowInsetsControllerCompat(window, window.decorView).apply {
-                isAppearanceLightStatusBars = false
-                isAppearanceLightNavigationBars = false
-            }
        }
    }

@@ -453,35 +321,31 @@ class AmneziaActivity : QtActivity() {
        ViewCompat.setOnApplyWindowInsetsListener(window.decorView) { view, windowInsets ->
            val imeInsets = windowInsets.getInsets(WindowInsetsCompat.Type.ime())
            val imeVisible = windowInsets.isVisible(WindowInsetsCompat.Type.ime())
-
+            
            val imeHeight = if (imeVisible) imeInsets.bottom else 0

            val density = resources.displayMetrics.density
            val imeHeightDp = (imeHeight / density).toInt()
-
+            
            // Also track system bars (navigation bar, status bar) changes
            val systemBarsInsets = windowInsets.getInsets(WindowInsetsCompat.Type.systemBars())
            val navBarHeight = systemBarsInsets.bottom
            val navBarHeightDp = (navBarHeight / density).toInt()
            val statusBarHeight = systemBarsInsets.top
            val statusBarHeightDp = (statusBarHeight / density).toInt()
-
+            
            mainScope.launch {
                qtInitialized.await()
                QtAndroidController.onImeInsetsChanged(imeHeightDp)
                QtAndroidController.onSystemBarsInsetsChanged(navBarHeightDp, statusBarHeightDp)
            }
-
+            
            // Return windowInsets instead of CONSUMED to allow proper handling
            windowInsets
        }
    }

    override fun onDestroy() {
-        isActivityResumed = false
-        hasWindowFocus = false
-        // Cancel all pending operations when activity is destroyed
-        resumeHandler.removeCallbacksAndMessages(null)
        Log.d(TAG, "Destroy Amnezia activity")
        unregisterBroadcastReceiver(notificationStateReceiver)
        notificationStateReceiver = null
@@ -807,13 +671,9 @@ class AmneziaActivity : QtActivity() {
                            grantUriPermission(packageName, this, Intent.FLAG_GRANT_READ_URI_PERMISSION)
                        }?.toString() ?: ""
                        Log.v(TAG, "Open file: $uri")
-                        if (uri.isNotEmpty()) {
-                            pendingOpenFileUri = uri
-                        } else {
-                            mainScope.launch {
-                                qtInitialized.await()
-                                QtAndroidController.onFileOpened(uri)
-                            }
+                        mainScope.launch {
+                            qtInitialized.await()
+                            QtAndroidController.onFileOpened(uri)
                        }
                    }
                ))
@@ -842,7 +702,7 @@ class AmneziaActivity : QtActivity() {
    @Suppress("unused")
    fun getFd(fileName: String): Int {
        Log.v(TAG, "Get fd for $fileName")
-        return blockingCall(Dispatchers.IO) {
+        return blockingCall {
            try {
                pfd = contentResolver.openFileDescriptor(Uri.parse(fileName), "r")
                pfd?.fd ?: -1
@@ -565,7 +565,7 @@ open class AmneziaVpnService : VpnService() {
        protocolState.value = RECONNECTING

        connectionJob = connectionScope.launch {
-            vpnProto?.protocol?.reconnectVpn(Builder(), ::protect)
+            vpnProto?.protocol?.reconnectVpn(Builder())
        }
    }

@@ -1,10 +1,7 @@
 package org.amnezia.vpn

 import android.content.ActivityNotFoundException
-import android.content.Context
 import android.content.Intent
-import android.content.pm.PackageManager
-import android.os.Build
 import android.os.Bundle
 import androidx.activity.ComponentActivity
 import androidx.activity.result.contract.ActivityResultContracts
@@ -14,29 +11,8 @@ private const val TAG = "TvFilePicker"

 class TvFilePicker : ComponentActivity() {

-    private val fileChooseResultLauncher = registerForActivityResult(object : ActivityResultContracts.OpenDocument() {
-        override fun createIntent(context: Context, input: Array<String>): Intent {
-            val intent = super.createIntent(context, input)
-
-            val activitiesToResolveIntent = if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.TIRAMISU) {
-                context.packageManager.queryIntentActivities(intent, PackageManager.ResolveInfoFlags.of(PackageManager.MATCH_DEFAULT_ONLY.toLong()))
-            } else {
-                @Suppress("DEPRECATION")
-                context.packageManager.queryIntentActivities(intent, PackageManager.MATCH_DEFAULT_ONLY)
-            }
-            if (activitiesToResolveIntent.all {
-                    val name = it.activityInfo.packageName
-                    name.startsWith("com.google.android.tv.frameworkpackagestubs") || name.startsWith("com.android.tv.frameworkpackagestubs")
-                }) {
-                throw ActivityNotFoundException()
-            }
-            return intent
-        }
-    }) {
-        setResult(RESULT_OK, Intent().apply {
-            data = it
-            addFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION)
-        })
+    private val fileChooseResultLauncher = registerForActivityResult(ActivityResultContracts.GetContent()) {
+        setResult(RESULT_OK, Intent().apply { data = it })
        finish()
    }

@@ -55,7 +31,7 @@ class TvFilePicker : ComponentActivity() {
    private fun getFile() {
        try {
            Log.v(TAG, "getFile")
-            fileChooseResultLauncher.launch(arrayOf("*/*"))
+            fileChooseResultLauncher.launch("*/*")
        } catch (_: ActivityNotFoundException) {
            Log.w(TAG, "Activity not found")
            setResult(RESULT_CANCELED, Intent().apply { putExtra("activityNotFound", true) })
@@ -31,7 +31,4 @@ object QtAndroidController {

    external fun onImeInsetsChanged(heightDp: Int)
    external fun onSystemBarsInsetsChanged(navBarHeightDp: Int, statusBarHeightDp: Int)
-
-    external fun onActivityPaused()
-    external fun onActivityResumed()
 }
@@ -12,7 +12,6 @@ import org.amnezia.vpn.protocol.Protocol
 import org.amnezia.vpn.protocol.ProtocolState.CONNECTED
 import org.amnezia.vpn.protocol.ProtocolState.DISCONNECTED
 import org.amnezia.vpn.protocol.Statistics
-import org.amnezia.vpn.protocol.VpnException
 import org.amnezia.vpn.protocol.VpnStartException
 import org.amnezia.vpn.util.LibraryLoader.loadSharedLibrary
 import org.amnezia.vpn.util.Log
@@ -28,7 +27,6 @@ private const val TAG = "Wireguard"
 open class Wireguard : Protocol() {

    private var tunnelHandle: Int = -1
-    private var config: WireguardConfig? = null // save config for reconnect
    protected open val ifName: String = "amn0"
    private lateinit var scope: CoroutineScope
    private var statusJob: Job? = null
@@ -63,7 +61,6 @@ open class Wireguard : Protocol() {
    override suspend fun startVpn(config: JSONObject, vpnBuilder: Builder, protect: (Int) -> Boolean) {
        val wireguardConfig = parseConfig(config)
        start(wireguardConfig, vpnBuilder, protect)
-        this.config = wireguardConfig
    }

    protected open fun parseConfig(config: JSONObject): WireguardConfig {
@@ -125,24 +122,23 @@ open class Wireguard : Protocol() {
        configData.optStringOrNull("S2")?.let { setS2(it.toInt()) }
        configData.optStringOrNull("S3")?.let { setS3(it.toInt()) }
        configData.optStringOrNull("S4")?.let { setS4(it.toInt()) }
-        configData.optStringOrNull("H1")?.trim()?.let { if (it.isNotEmpty()) setH1(it) }
-        configData.optStringOrNull("H2")?.trim()?.let { if (it.isNotEmpty()) setH2(it) }
-        configData.optStringOrNull("H3")?.trim()?.let { if (it.isNotEmpty()) setH3(it) }
-        configData.optStringOrNull("H4")?.trim()?.let { if (it.isNotEmpty()) setH4(it) }
+        configData.optStringOrNull("H1")?.let { setH1(it.toLong()) }
+        configData.optStringOrNull("H2")?.let { setH2(it.toLong()) }
+        configData.optStringOrNull("H3")?.let { setH3(it.toLong()) }
+        configData.optStringOrNull("H4")?.let { setH4(it.toLong()) }
        configData.optStringOrNull("I1")?.let { setI1(it) }
        configData.optStringOrNull("I2")?.let { setI2(it) }
        configData.optStringOrNull("I3")?.let { setI3(it) }
        configData.optStringOrNull("I4")?.let { setI4(it) }
        configData.optStringOrNull("I5")?.let { setI5(it) }
+        configData.optStringOrNull("J1")?.let { setJ1(it) }
+        configData.optStringOrNull("J2")?.let { setJ2(it) }
+        configData.optStringOrNull("J3")?.let { setJ3(it) }
+        configData.optStringOrNull("Itime")?.let { setItime(it.toInt()) }
    }

-    private fun start(
-        config: WireguardConfig,
-        vpnBuilder: Builder,
-        protect: (Int) -> Boolean,
-        stopExistingVpn: Boolean = false
-    ) {
-        if (!stopExistingVpn && tunnelHandle != -1) {
+    private fun start(config: WireguardConfig, vpnBuilder: Builder, protect: (Int) -> Boolean) {
+        if (tunnelHandle != -1) {
            Log.w(TAG, "Tunnel already up")
            return
        }
@@ -150,9 +146,6 @@ open class Wireguard : Protocol() {
        buildVpnInterface(config, vpnBuilder)

        vpnBuilder.establish().use { tunFd ->
-            if (stopExistingVpn && tunnelHandle != -1) {
-                turnOffVpn()
-            }
            if (tunFd == null) {
                throw VpnStartException("Create VPN interface: permission not granted or revoked")
            }
@@ -209,25 +202,20 @@ open class Wireguard : Protocol() {
        return lastHandshake
    }

-    private fun turnOffVpn() {
-        statusJob?.cancel()
-        statusJob = null
-        val handleToClose = tunnelHandle
-        tunnelHandle = -1
-        GoBackend.awgTurnOff(handleToClose)
-    }
-
    override fun stopVpn() {
        if (tunnelHandle == -1) {
            Log.w(TAG, "Tunnel already down")
            return
        }
-        turnOffVpn()
+        statusJob?.cancel()
+        statusJob = null
+        val handleToClose = tunnelHandle
+        tunnelHandle = -1
+        GoBackend.awgTurnOff(handleToClose)
        state.value = DISCONNECTED
    }

-    override fun reconnectVpn(vpnBuilder: Builder, protect: (Int) -> Boolean) {
-        val config = this.config ?: throw VpnException("Reconnect config is empty")
-        start(config, vpnBuilder, protect, true)
+    override fun reconnectVpn(vpnBuilder: Builder) {
+        state.value = CONNECTED
    }
 }
@@ -22,15 +22,19 @@ open class WireguardConfig protected constructor(
    val s2: Int?,
    val s3: Int?,
    val s4: Int?,
-    val h1: String?,
-    val h2: String?,
-    val h3: String?,
-    val h4: String?,
+    val h1: Long?,
+    val h2: Long?,
+    val h3: Long?,
+    val h4: Long?,
    var i1: String?,
    var i2: String?,
    var i3: String?,
    var i4: String?,
    var i5: String?,
+    var j1: String?,
+    var j2: String?,
+    var j3: String?,
+    var itime: Int?
 ) : ProtocolConfig(protocolConfigBuilder) {

    protected constructor(builder: Builder) : this(
@@ -57,6 +61,10 @@ open class WireguardConfig protected constructor(
        builder.i3,
        builder.i4,
        builder.i5,
+        builder.j1,
+        builder.j2,
+        builder.j3,
+        builder.itime
    )

    fun toWgUserspaceString(): String = with(StringBuilder()) {
@@ -86,6 +94,10 @@ open class WireguardConfig protected constructor(
            i3?.let { appendLine("i3=$it") }
            i4?.let { appendLine("i4=$it") }
            i5?.let { appendLine("i5=$it") }
+            j1?.let { appendLine("j1=$it") }
+            j2?.let { appendLine("j2=$it") }
+            j3?.let { appendLine("j3=$it") }
+            itime?.let { appendLine("itime=$it") }
        }
    }

@@ -140,15 +152,19 @@ open class WireguardConfig protected constructor(
        internal var s2: Int? = null
        internal var s3: Int? = null
        internal var s4: Int? = null
-        internal var h1: String? = null
-        internal var h2: String? = null
-        internal var h3: String? = null
-        internal var h4: String? = null
+        internal var h1: Long? = null
+        internal var h2: Long? = null
+        internal var h3: Long? = null
+        internal var h4: Long? = null
        internal var i1: String? = null
        internal var i2: String? = null
        internal var i3: String? = null
        internal var i4: String? = null
        internal var i5: String? = null
+        internal var j1: String? = null
+        internal var j2: String? = null
+        internal var j3: String? = null
+        internal var itime: Int? = null

        fun setEndpoint(endpoint: InetEndpoint) = apply { this.endpoint = endpoint }

@@ -169,15 +185,19 @@ open class WireguardConfig protected constructor(
        fun setS2(s2: Int) = apply { this.s2 = s2 }
        fun setS3(s3: Int) = apply { this.s3 = s3 }
        fun setS4(s4: Int) = apply { this.s4 = s4 }
-        fun setH1(h1: String) = apply { this.h1 = h1 }
-        fun setH2(h2: String) = apply { this.h2 = h2 }
-        fun setH3(h3: String) = apply { this.h3 = h3 }
-        fun setH4(h4: String) = apply { this.h4 = h4 }
+        fun setH1(h1: Long) = apply { this.h1 = h1 }
+        fun setH2(h2: Long) = apply { this.h2 = h2 }
+        fun setH3(h3: Long) = apply { this.h3 = h3 }
+        fun setH4(h4: Long) = apply { this.h4 = h4 }
        fun setI1(i1: String) = apply { this.i1 = i1 }
        fun setI2(i2: String) = apply { this.i2 = i2 }
        fun setI3(i3: String) = apply { this.i3 = i3 }
        fun setI4(i4: String) = apply { this.i4 = i4 }
        fun setI5(i5: String) = apply { this.i5 = i5 }
+        fun setJ1(j1: String) = apply { this.j1 = j1 }
+        fun setJ2(j2: String) = apply { this.j2 = j2 }
+        fun setJ3(j3: String) = apply { this.j3 = j3 }
+        fun setItime(itime: Int) = apply { this.itime = itime }

        override fun build(): WireguardConfig = configBuild().run { WireguardConfig(this@Builder) }
    }
@@ -157,7 +157,7 @@ class Xray : Protocol() {
        state.value = DISCONNECTED
    }

-    override fun reconnectVpn(vpnBuilder: Builder, protect: (Int) -> Boolean) {
+    override fun reconnectVpn(vpnBuilder: Builder) {
        state.value = CONNECTED
    }

@@ -166,7 +166,7 @@ class Xray : Protocol() {
            mtu = config.mtu.toLong()
            proxy = "socks5://127.0.0.1:${config.socksPort}"
            device = "fd://$fd"
-            logLevel = "warn"
+            logLevel = "warning"
        }
        LibXray.startTun2Socks(tun2SocksConfig, fd.toLong()).isNotNullOrBlank { err ->
            throw VpnStartException("Failed to start tun2socks: $err")
@@ -38,7 +38,7 @@ elseif(APPLE AND NOT IOS)
    endif()
    set(OPENSSL_INCLUDE_DIR "${OPENSSL_ROOT_DIR}/macos/include")
    set(OPENSSL_LIB_SSL_PATH "${OPENSSL_ROOT_DIR}/macos/lib/libssl.a")
-    set(OPENSSL_LIB_CRYPTO_PATH "${OPENSSL_ROOT_DIR}/macos/lib/libcrypto.a")    
+    set(OPENSSL_LIB_CRYPTO_PATH "${OPENSSL_ROOT_DIR}/macos/lib/libcrypto.a")
 elseif(IOS)
    set(LIBSSH_INCLUDE_DIR "${LIBSSH_ROOT_DIR}/ios/arm64")
    set(LIBSSH_LIB_PATH "${LIBSSH_ROOT_DIR}/ios/arm64/libssh.a")
@@ -62,7 +62,7 @@ elseif(LINUX)
    set(OPENSSL_LIB_SSL_PATH "${OPENSSL_ROOT_DIR}/linux/x86_64/libssl.a")
    set(OPENSSL_LIB_CRYPTO_PATH "${OPENSSL_ROOT_DIR}/linux/x86_64/libcrypto.a")
 endif()
-
+    
 file(COPY ${OPENSSL_LIB_SSL_PATH} ${OPENSSL_LIB_CRYPTO_PATH}
        DESTINATION ${OPENSSL_LIBRARIES_DIR})

@@ -83,26 +83,6 @@ add_compile_definitions(_WINSOCKAPI_)
 set(BUILD_SHARED_LIBS OFF CACHE BOOL "" FORCE)
 set(BUILD_WITH_QT6 ON)
 add_subdirectory(${CLIENT_ROOT_DIR}/3rd/qtkeychain)
-
-if(ANDROID)
-    # Use qtgamepad from amnezia-vpn/qtgamepad repository
-    # Only if Qt6CorePrivate is available (required by qtgamepad)
-    find_package(Qt6CorePrivate CONFIG QUIET)
-    if(Qt6CorePrivate_FOUND)
-        add_subdirectory(${CLIENT_ROOT_DIR}/3rd/qtgamepad)
-        # Link both the C++ module and QML plugin
-        if(TARGET GamepadLegacy)
-            target_link_libraries(${PROJECT} PRIVATE GamepadLegacy)
-        endif()
-        if(TARGET GamepadLegacyQuickPrivate)
-            target_link_libraries(${PROJECT} PRIVATE GamepadLegacyQuickPrivate)
-        endif()
-        message(STATUS "Gamepad support enabled for Android")
-    else()
-        message(STATUS "Qt6CorePrivate not found. Gamepad support disabled for Android.")
-    endif()
-endif()
-
 set(LIBS ${LIBS} qt6keychain)

 include_directories(
@@ -20,11 +20,7 @@ set(QT_ANDROID_MULTI_ABI_FORWARD_VARS "QT_NO_GLOBAL_APK_TARGET_PART_OF_ALL;CMAKE

 # We need to include qtprivate api's
 # As QAndroidBinder is not yet implemented with a public api
-# Check if Qt6::CorePrivate is available (may not be in all Qt versions/configurations)
-if(TARGET Qt6::CorePrivate)
-    set(LIBS ${LIBS} Qt6::CorePrivate)
-endif()
-set(LIBS ${LIBS} -ljnigraphics)
+set(LIBS ${LIBS} Qt6::CorePrivate -ljnigraphics)

 link_directories(${CMAKE_CURRENT_SOURCE_DIR}/platforms/android)

@@ -34,7 +34,6 @@ set(HEADERS ${HEADERS}
    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/ios_controller_wrapper.h
    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/iosnotificationhandler.h
    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/QtAppDelegate.h
-    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/StoreKitController.h
    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/QtAppDelegate-C-Interface.h
 )
 set_source_files_properties(${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/ios_controller.h PROPERTIES OBJECTIVE_CPP_HEADER TRUE)
@@ -47,7 +46,6 @@ set(SOURCES ${SOURCES}
    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/iosglue.mm
    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/QRCodeReaderBase.mm
    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/QtAppDelegate.mm
-    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/StoreKitController.mm
    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/AmneziaSceneDelegateHooks.mm
 )

@@ -35,7 +35,6 @@ set(HEADERS ${HEADERS}
    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/ios_controller.h
    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/ios_controller_wrapper.h
    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/iosnotificationhandler.h
-    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/StoreKitController.h
    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/QtAppDelegate.h
    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/QtAppDelegate-C-Interface.h
 )
@@ -46,7 +45,6 @@ set(SOURCES ${SOURCES}
    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/ios_controller.mm
    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/ios_controller_wrapper.mm
    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/iosnotificationhandler.mm
-    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/StoreKitController.mm
    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/iosglue.mm
    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/QRCodeReaderBase.mm
    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/QtAppDelegate.mm
@@ -163,7 +161,7 @@ add_custom_command(TARGET ${PROJECT} POST_BUILD
    COMMAND ${CMAKE_COMMAND} -E make_directory
            $<TARGET_BUNDLE_DIR:AmneziaVPN>/Contents/Frameworks
    COMMAND /usr/bin/find "$<TARGET_BUNDLE_DIR:AmneziaVPN>/Contents/Frameworks/OpenVPNAdapter.framework" -name "*.sha256" -delete
-    COMMAND /usr/bin/codesign --force --sign "Apple Distribution: Privacy Technologies OU"
+    COMMAND /usr/bin/codesign --force --sign "Apple Distribution"
            "$<TARGET_BUNDLE_DIR:AmneziaVPN>/Contents/Frameworks/OpenVPNAdapter.framework/Versions/Current/OpenVPNAdapter"
    COMMAND ${QT_BIN_DIR_DETECTED}/macdeployqt $<TARGET_BUNDLE_DIR:AmneziaVPN> -appstore-compliant -qmldir=${CMAKE_CURRENT_SOURCE_DIR}
    COMMENT "Signing OpenVPNAdapter framework"
@@ -28,7 +28,6 @@ set(HEADERS ${HEADERS}
    ${CLIENT_ROOT_DIR}/../common/logger/logger.h
    ${CLIENT_ROOT_DIR}/utils/qmlUtils.h
    ${CLIENT_ROOT_DIR}/core/api/apiUtils.h
-    ${CLIENT_ROOT_DIR}/core/osSignalHandler.h
 )

 # Mozilla headres
@@ -37,6 +36,7 @@ set(HEADERS ${HEADERS}
    ${CLIENT_ROOT_DIR}/mozilla/shared/ipaddress.h
    ${CLIENT_ROOT_DIR}/mozilla/shared/leakdetector.h
    ${CLIENT_ROOT_DIR}/mozilla/controllerimpl.h
+    ${CLIENT_ROOT_DIR}/mozilla/localsocketcontroller.h
 )

 if(NOT IOS AND NOT MACOS_NE)
@@ -79,7 +79,6 @@ set(SOURCES ${SOURCES}
    ${CLIENT_ROOT_DIR}/../common/logger/logger.cpp
    ${CLIENT_ROOT_DIR}/utils/qmlUtils.cpp
    ${CLIENT_ROOT_DIR}/core/api/apiUtils.cpp
-    ${CLIENT_ROOT_DIR}/core/osSignalHandler.cpp
 )

 # Mozilla sources
@@ -87,6 +86,7 @@ set(SOURCES ${SOURCES}
    ${CLIENT_ROOT_DIR}/mozilla/models/server.cpp
    ${CLIENT_ROOT_DIR}/mozilla/shared/ipaddress.cpp
    ${CLIENT_ROOT_DIR}/mozilla/shared/leakdetector.cpp
+    ${CLIENT_ROOT_DIR}/mozilla/localsocketcontroller.cpp
 )

 if(NOT IOS AND NOT MACOS_NE)
@@ -175,12 +175,13 @@ if(WIN32)
    )
 endif()

-if(WIN32 OR (APPLE AND NOT IOS AND NOT MACOS_NE) OR (LINUX AND NOT ANDROID))
+if(WIN32 OR (APPLE AND NOT IOS) OR (LINUX AND NOT ANDROID))
    message("Client desktop build")
    add_compile_definitions(AMNEZIA_DESKTOP)

    set(HEADERS ${HEADERS}
        ${CLIENT_ROOT_DIR}/core/ipcclient.h
+        ${CLIENT_ROOT_DIR}/core/privileged_process.h
        ${CLIENT_ROOT_DIR}/ui/systemtray_notificationhandler.h
        ${CLIENT_ROOT_DIR}/protocols/openvpnprotocol.h
        ${CLIENT_ROOT_DIR}/protocols/openvpnovercloakprotocol.h
@@ -188,12 +189,11 @@ if(WIN32 OR (APPLE AND NOT IOS AND NOT MACOS_NE) OR (LINUX AND NOT ANDROID))
        ${CLIENT_ROOT_DIR}/protocols/wireguardprotocol.h
        ${CLIENT_ROOT_DIR}/protocols/xrayprotocol.h
        ${CLIENT_ROOT_DIR}/protocols/awgprotocol.h
-        ${CLIENT_ROOT_DIR}/mozilla/localsocketcontroller.h
    )

    set(SOURCES ${SOURCES}
        ${CLIENT_ROOT_DIR}/core/ipcclient.cpp
-        ${CLIENT_ROOT_DIR}/mozilla/localsocketcontroller.cpp
+        ${CLIENT_ROOT_DIR}/core/privileged_process.cpp
        ${CLIENT_ROOT_DIR}/ui/systemtray_notificationhandler.cpp
        ${CLIENT_ROOT_DIR}/protocols/openvpnprotocol.cpp
        ${CLIENT_ROOT_DIR}/protocols/openvpnovercloakprotocol.cpp
@@ -203,14 +203,3 @@ if(WIN32 OR (APPLE AND NOT IOS AND NOT MACOS_NE) OR (LINUX AND NOT ANDROID))
        ${CLIENT_ROOT_DIR}/protocols/awgprotocol.cpp
    )
 endif()
-
-if(APPLE AND MACOS_NE)
-    # Include only the tray notification handler in NE builds
-    set(HEADERS ${HEADERS}
-        ${CLIENT_ROOT_DIR}/ui/systemtray_notificationhandler.h
-    )
-
-    set(SOURCES ${SOURCES}
-        ${CLIENT_ROOT_DIR}/ui/systemtray_notificationhandler.cpp
-    )
-endif()
@@ -41,16 +41,18 @@ QString AwgConfigurator::createConfig(const ServerCredentials &credentials, Dock
    jsonConfig[config_key::underloadPacketMagicHeader] = configMap.value(config_key::underloadPacketMagicHeader);
    jsonConfig[config_key::transportPacketMagicHeader] = configMap.value(config_key::transportPacketMagicHeader);

-    if (container == DockerContainer::Awg2) {
-        jsonConfig[config_key::cookieReplyPacketJunkSize] = configMap.value(config_key::cookieReplyPacketJunkSize);
-        jsonConfig[config_key::transportPacketJunkSize] = configMap.value(config_key::transportPacketJunkSize);
-    }
+    // jsonConfig[config_key::cookieReplyPacketJunkSize] = configMap.value(config_key::cookieReplyPacketJunkSize);
+    // jsonConfig[config_key::transportPacketJunkSize] = configMap.value(config_key::transportPacketJunkSize);

-    jsonConfig[config_key::specialJunk1] = configMap.value(amnezia::config_key::specialJunk1);
-    jsonConfig[config_key::specialJunk2] = configMap.value(amnezia::config_key::specialJunk2);
-    jsonConfig[config_key::specialJunk3] = configMap.value(amnezia::config_key::specialJunk3);
-    jsonConfig[config_key::specialJunk4] = configMap.value(amnezia::config_key::specialJunk4);
-    jsonConfig[config_key::specialJunk5] = configMap.value(amnezia::config_key::specialJunk5);
+    // jsonConfig[config_key::specialJunk1] = configMap.value(amnezia::config_key::specialJunk1);
+    // jsonConfig[config_key::specialJunk2] = configMap.value(amnezia::config_key::specialJunk2);
+    // jsonConfig[config_key::specialJunk3] = configMap.value(amnezia::config_key::specialJunk3);
+    // jsonConfig[config_key::specialJunk4] = configMap.value(amnezia::config_key::specialJunk4);
+    // jsonConfig[config_key::specialJunk5] = configMap.value(amnezia::config_key::specialJunk5);
+    // jsonConfig[config_key::controlledJunk1] = configMap.value(amnezia::config_key::controlledJunk1);
+    // jsonConfig[config_key::controlledJunk2] = configMap.value(amnezia::config_key::controlledJunk2);
+    // jsonConfig[config_key::controlledJunk3] = configMap.value(amnezia::config_key::controlledJunk3);
+    // jsonConfig[config_key::specialHandshakeTimeout] = configMap.value(amnezia::config_key::specialHandshakeTimeout);

    jsonConfig[config_key::mtu] =
            containerConfig.value(ProtocolProps::protoToString(Proto::Awg)).toObject().value(config_key::mtu).toString(protocols::awg::defaultMtu);
@@ -103,11 +103,7 @@ WireguardConfigurator::ConnectionData WireguardConfigurator::prepareWireguardCon
        return connData;
    }

-    QString configPath = m_serverConfigPath;
-    if (container == DockerContainer::Awg) {
-        configPath = amnezia::protocols::awg::serverLegacyConfigPath;
-    }
-    QString getIpsScript = QString("cat %1 | grep AllowedIPs").arg(configPath);
+    QString getIpsScript = QString("cat %1 | grep AllowedIPs").arg(m_serverConfigPath);
    QString stdOut;
    auto cbReadStdOut = [&](const QString &data, libssh::Client &) {
        stdOut += data + "\n";
@@ -165,18 +161,15 @@ WireguardConfigurator::ConnectionData WireguardConfigurator::prepareWireguardCon
                                 "AllowedIPs = %3/32\n\n")
                                 .arg(connData.clientPubKey, connData.pskKey, connData.clientIP);

-    errorCode = m_serverController->uploadTextFileToContainer(container, credentials, configPart, configPath,
+    errorCode = m_serverController->uploadTextFileToContainer(container, credentials, configPart, m_serverConfigPath,
                                                              libssh::ScpOverwriteMode::ScpAppendToExisting);

    if (errorCode != ErrorCode::NoError) {
        return connData;
    }

-    bool isAwg = (container == DockerContainer::Awg2);
-    QString bin = isAwg ? QStringLiteral("awg") : QStringLiteral("wg");
-    QString iface = isAwg ? QStringLiteral("awg0") : QStringLiteral("wg0");
-    QString script = QString(
-        "sudo docker exec -i $CONTAINER_NAME bash -c '%1 syncconf %2 <(%1-quick strip %3)'").arg(bin, iface, configPath);
+    QString script = QString("sudo docker exec -i $CONTAINER_NAME bash -c 'wg syncconf wg0 <(wg-quick strip %1)'")
+                             .arg(m_serverConfigPath);

    errorCode = m_serverController->runScript(
            credentials,
@@ -28,10 +28,7 @@ QString ContainerProps::containerToString(amnezia::DockerContainer c)
        return "none";
    if (c == DockerContainer::Cloak)
        return "amnezia-openvpn-cloak";
-    if (c == DockerContainer::Awg)
-        return "amnezia-awg";
-    if (c == DockerContainer::Awg2)
-        return "amnezia-awg2";
+
    QMetaEnum metaEnum = QMetaEnum::fromType<DockerContainer>();
    QString containerKey = metaEnum.valueToKey(static_cast<int>(c));

@@ -44,10 +41,7 @@ QString ContainerProps::containerTypeToString(amnezia::DockerContainer c)
        return "none";
    if (c == DockerContainer::Ipsec)
        return "ikev2";
-    if (c == DockerContainer::Awg)
-        return "awg";
-    if (c == DockerContainer::Awg2)
-        return "awg";
+
    QMetaEnum metaEnum = QMetaEnum::fromType<DockerContainer>();
    QString containerKey = metaEnum.valueToKey(static_cast<int>(c));

@@ -77,8 +71,6 @@ QVector<amnezia::Proto> ContainerProps::protocolsForContainer(amnezia::DockerCon

    case DockerContainer::Socks5Proxy: return { Proto::Socks5Proxy };

-    case DockerContainer::Awg: return { Proto::Awg };
-    case DockerContainer::Awg2: return { Proto::Awg };
    default: return { defaultProtocol(container) };
    }
 }
@@ -102,7 +94,6 @@ QMap<DockerContainer, QString> ContainerProps::containerHumanNames()
             { DockerContainer::Cloak, "OpenVPN over Cloak" },
             { DockerContainer::WireGuard, "WireGuard" },
             { DockerContainer::Awg, "AmneziaWG" },
-             { DockerContainer::Awg2, "AmneziaWG" },
             { DockerContainer::Xray, "XRay" },
             { DockerContainer::Ipsec, QObject::tr("IPsec") },
             { DockerContainer::SSXray, "Shadowsocks"},
@@ -129,9 +120,6 @@ QMap<DockerContainer, QString> ContainerProps::containerDescriptions()
             { DockerContainer::Awg,
               QObject::tr("AmneziaWG is a special protocol from Amnezia based on WireGuard. "
                           "It provides high connection speed and ensures stable operation even in the most challenging network conditions.") },
-             { DockerContainer::Awg2,
-               QObject::tr("AmneziaWG is a special protocol from Amnezia based on WireGuard. "
-                           "It provides high connection speed and ensures stable operation even in the most challenging network conditions.") },
             { DockerContainer::Xray,
               QObject::tr("XRay with REALITY masks VPN traffic as web traffic and protects against active probing. "
                           "It is highly resistant to detection and offers high speed.") },
@@ -194,7 +182,7 @@ QMap<DockerContainer, QString> ContainerProps::containerDetailedDescriptions()
                      "* Minimal configuration required\n"
                      "* Easily detected by DPI systems (susceptible to blocking)\n"
                      "* Operates over UDP protocol") },
-        { DockerContainer::Awg2,
+        { DockerContainer::Awg,
          QObject::tr("AmneziaWG is a modern VPN protocol based on WireGuard, "
                      "combining simplified architecture with high performance across all devices. "
                      "It addresses WireGuard's main vulnerability (easy detection by DPI systems) through advanced obfuscation techniques, "
@@ -254,7 +242,6 @@ Proto ContainerProps::defaultProtocol(DockerContainer c)
    case DockerContainer::Cloak: return Proto::Cloak;
    case DockerContainer::ShadowSocks: return Proto::ShadowSocks;
    case DockerContainer::WireGuard: return Proto::WireGuard;
-    case DockerContainer::Awg2: return Proto::Awg;
    case DockerContainer::Awg: return Proto::Awg;
    case DockerContainer::Xray: return Proto::Xray;
    case DockerContainer::Ipsec: return Proto::Ikev2;
@@ -268,15 +255,6 @@ Proto ContainerProps::defaultProtocol(DockerContainer c)
    }
 }

-QString ContainerProps::containerTypeToProtocolString(DockerContainer c)
-{
-    if (c == DockerContainer::None)
-        return "none";
-
-    Proto p = defaultProtocol(c);
-    return ProtocolProps::protoToString(p);
-}
-
 bool ContainerProps::isSupportedByCurrentPlatform(DockerContainer c)
 {
 #ifdef Q_OS_WINDOWS
@@ -287,7 +265,6 @@ bool ContainerProps::isSupportedByCurrentPlatform(DockerContainer c)
    switch (c) {
    case DockerContainer::WireGuard: return true;
    case DockerContainer::OpenVpn: return true;
-    case DockerContainer::Awg2: return true;
    case DockerContainer::Awg: return true;
    case DockerContainer::Xray: return true;
    case DockerContainer::Cloak: return true;
@@ -301,7 +278,6 @@ bool ContainerProps::isSupportedByCurrentPlatform(DockerContainer c)
    // macOS build using Network Extension – hide OpenVPN-based containers
    switch (c) {
    case DockerContainer::WireGuard: return true;
-    case DockerContainer::Awg2: return true;
    case DockerContainer::Awg: return true;
    case DockerContainer::Xray: return true;
    case DockerContainer::SSXray: return true;
@@ -324,7 +300,6 @@ bool ContainerProps::isSupportedByCurrentPlatform(DockerContainer c)
    case DockerContainer::WireGuard: return true;
    case DockerContainer::OpenVpn: return true;
    case DockerContainer::ShadowSocks: return false;
-    case DockerContainer::Awg2: return true;
    case DockerContainer::Awg: return true;
    case DockerContainer::Cloak: return true;
    case DockerContainer::Xray: return true;
@@ -354,7 +329,7 @@ QStringList ContainerProps::fixedPortsForContainer(DockerContainer c)
 bool ContainerProps::isEasySetupContainer(DockerContainer container)
 {
    switch (container) {
-    case DockerContainer::Awg2: return true;
+    case DockerContainer::Awg: return true;
    default: return false;
    }
 }
@@ -362,7 +337,7 @@ bool ContainerProps::isEasySetupContainer(DockerContainer container)
 QString ContainerProps::easySetupHeader(DockerContainer container)
 {
    switch (container) {
-    case DockerContainer::Awg2: return tr("Automatic");
+    case DockerContainer::Awg: return tr("Automatic");
    default: return "";
    }
 }
@@ -370,7 +345,7 @@ QString ContainerProps::easySetupHeader(DockerContainer container)
 QString ContainerProps::easySetupDescription(DockerContainer container)
 {
    switch (container) {
-    case DockerContainer::Awg2: return tr("AmneziaWG protocol will be installed. "
+    case DockerContainer::Awg: return tr("AmneziaWG protocol will be installed. "
                                         "It provides high connection speed and ensures stable operation even in the most challenging network conditions.");
    default: return "";
    }
@@ -379,7 +354,7 @@ QString ContainerProps::easySetupDescription(DockerContainer container)
 int ContainerProps::easySetupOrder(DockerContainer container)
 {
    switch (container) {
-    case DockerContainer::Awg2: return 1;
+    case DockerContainer::Awg: return 1;
    default: return 0;
    }
 }
@@ -395,12 +370,6 @@ bool ContainerProps::isShareable(DockerContainer container)
    }
 }

-bool ContainerProps::isAwgContainer(DockerContainer container)
-{
-    return container == DockerContainer::Awg || container == DockerContainer::Awg2;
-}
-
-
 QJsonObject ContainerProps::getProtocolConfigFromContainer(const Proto protocol, const QJsonObject &containerConfig)
 {
    QString protocolConfigString = containerConfig.value(ProtocolProps::protoToString(protocol))
@@ -418,7 +387,7 @@ int ContainerProps::installPageOrder(DockerContainer container)
    case DockerContainer::Cloak: return 5;
    case DockerContainer::ShadowSocks: return 6;
    case DockerContainer::WireGuard: return 2;
-    case DockerContainer::Awg2: return 1;
+    case DockerContainer::Awg: return 1;
    case DockerContainer::Xray: return 3;
    case DockerContainer::Ipsec: return 7;
    case DockerContainer::SSXray: return 8;
@@ -17,7 +17,6 @@ namespace amnezia
        enum DockerContainer {
            None = 0,
            Awg,
-            Awg2,
            WireGuard,
            OpenVpn,
            Cloak,
@@ -46,7 +45,6 @@ namespace amnezia
        Q_INVOKABLE static amnezia::DockerContainer containerFromString(const QString &container);
        Q_INVOKABLE static QString containerToString(amnezia::DockerContainer container);
        Q_INVOKABLE static QString containerTypeToString(amnezia::DockerContainer c);
-        Q_INVOKABLE static QString containerTypeToProtocolString(amnezia::DockerContainer c);

        Q_INVOKABLE static QList<amnezia::DockerContainer> allContainers();

@@ -73,9 +71,6 @@ namespace amnezia

        static bool isShareable(amnezia::DockerContainer container);

-        static bool isAwgContainer(amnezia::DockerContainer container);
-
-
        static QJsonObject getProtocolConfigFromContainer(const amnezia::Proto protocol, const QJsonObject &containerConfig);

        static int installPageOrder(amnezia::DockerContainer container);
@@ -10,10 +10,8 @@ namespace apiDefs
        AmneziaFreeV3,
        AmneziaPremiumV1,
        AmneziaPremiumV2,
-        AmneziaTrialV2,
        SelfHosted,
-        ExternalPremium,
-        ExternalTrial
+        ExternalPremium
    };

    enum ConfigSource {
@@ -34,7 +32,6 @@ namespace apiDefs
        constexpr QLatin1String stackType("stack_type");
        constexpr QLatin1String serviceType("service_type");
        constexpr QLatin1String cliVersion("cli_version");
-        constexpr QLatin1String cliName("cli_name");
        constexpr QLatin1String supportedProtocols("supported_protocols");

        constexpr QLatin1String vpnKey("vpn_key");
@@ -71,7 +68,6 @@ namespace apiDefs
        constexpr QLatin1String migrationCode("migration_code");

        constexpr QLatin1String transactionId("transaction_id");
-        constexpr QLatin1String isTestPurchase("is_test_purchase");

        constexpr QLatin1String userCountryCode("user_country_code");

@@ -1,7 +1,6 @@
 #include "apiUtils.h"

 #include <QDateTime>
-#include <QJsonDocument>
 #include <QJsonObject>

 namespace
@@ -58,24 +57,18 @@ apiDefs::ConfigType apiUtils::getConfigType(const QJsonObject &serverConfigObjec
    };
    case apiDefs::ConfigSource::AmneziaGateway: {
        constexpr QLatin1String servicePremium("amnezia-premium");
-        constexpr QLatin1String serviceTrial("amnezia-trial");
        constexpr QLatin1String serviceFree("amnezia-free");
        constexpr QLatin1String serviceExternalPremium("external-premium");
-        constexpr QLatin1String serviceExternalTrial("external-trial");

        auto apiConfigObject = serverConfigObject.value(apiDefs::key::apiConfig).toObject();
        auto serviceType = apiConfigObject.value(apiDefs::key::serviceType).toString();

        if (serviceType == servicePremium) {
            return apiDefs::ConfigType::AmneziaPremiumV2;
-        } else if (serviceType == serviceTrial) {
-            return apiDefs::ConfigType::AmneziaTrialV2;
        } else if (serviceType == serviceFree) {
            return apiDefs::ConfigType::AmneziaFreeV3;
        } else if (serviceType == serviceExternalPremium) {
            return apiDefs::ConfigType::ExternalPremium;
-        } else if (serviceType == serviceExternalTrial) {
-            return apiDefs::ConfigType::ExternalTrial;
        }
    }
    default: {
@@ -95,8 +88,6 @@ amnezia::ErrorCode apiUtils::checkNetworkReplyErrors(const QList<QSslError> &ssl
 {
    const int httpStatusCodeConflict = 409;
    const int httpStatusCodeNotFound = 404;
-    const int httpStatusCodeNotImplemented = 501;
-    const int httpStatusCodeUnprocessableEntity = 422;

    if (!sslErrors.empty()) {
        qDebug().noquote() << sslErrors;
@@ -115,22 +106,10 @@ amnezia::ErrorCode apiUtils::checkNetworkReplyErrors(const QList<QSslError> &ssl
        qDebug() << replyError;
        qDebug() << replyErrorString;
        qDebug() << httpStatusCode;
-
-        int httpStatusFromBody = -1;
-        QJsonDocument jsonDoc = QJsonDocument::fromJson(responseBody);
-        if (jsonDoc.isObject()) {
-            QJsonObject jsonObj = jsonDoc.object();
-            httpStatusFromBody = jsonObj.value("http_status").toInt(-1);
-        }
-
-        if (httpStatusFromBody == httpStatusCodeConflict) {
+        if (httpStatusCode == httpStatusCodeConflict) {
            return amnezia::ErrorCode::ApiConfigLimitError;
-        } else if (httpStatusFromBody == httpStatusCodeNotFound) {
+        } else if (httpStatusCode == httpStatusCodeNotFound) {
            return amnezia::ErrorCode::ApiNotFoundError;
-        } else if (httpStatusFromBody == httpStatusCodeNotImplemented) {
-            return amnezia::ErrorCode::ApiUpdateRequestError;
-        } else if (httpStatusFromBody == httpStatusCodeUnprocessableEntity) {
-            return amnezia::ErrorCode::ApiSubscriptionExpiredError;
        }
        return amnezia::ErrorCode::ApiConfigDownloadError;
    }
@@ -142,8 +121,7 @@ amnezia::ErrorCode apiUtils::checkNetworkReplyErrors(const QList<QSslError> &ssl
 bool apiUtils::isPremiumServer(const QJsonObject &serverConfigObject)
 {
    static const QSet<apiDefs::ConfigType> premiumTypes = { apiDefs::ConfigType::AmneziaPremiumV1, apiDefs::ConfigType::AmneziaPremiumV2,
-                                                            apiDefs::ConfigType::AmneziaTrialV2, apiDefs::ConfigType::ExternalPremium,
-                                                            apiDefs::ConfigType::ExternalTrial };
+                                                            apiDefs::ConfigType::ExternalPremium };
    return premiumTypes.contains(getConfigType(serverConfigObject));
 }

@@ -187,9 +165,7 @@ QString apiUtils::getPremiumV1VpnKey(const QJsonObject &serverConfigObject)

 QString apiUtils::getPremiumV2VpnKey(const QJsonObject &serverConfigObject)
 {
-    auto configType = apiUtils::getConfigType(serverConfigObject);
-    if (configType != apiDefs::ConfigType::AmneziaPremiumV2 && configType != apiDefs::ConfigType::AmneziaTrialV2
-        && configType != apiDefs::ConfigType::ExternalPremium && configType != apiDefs::ConfigType::ExternalTrial) {
+    if (apiUtils::getConfigType(serverConfigObject) != apiDefs::ConfigType::AmneziaPremiumV2) {
        return {};
    }

@@ -135,7 +135,7 @@ void CoreController::initControllers()
            new SettingsController(m_serversModel, m_containersModel, m_languageModel, m_sitesModel, m_appSplitTunnelingModel, m_settings));
    m_engine->rootContext()->setContextProperty("SettingsController", m_settingsController.get());

-    m_sitesController.reset(new SitesController(m_settings, m_sitesModel));
+    m_sitesController.reset(new SitesController(m_settings, m_vpnConnection, m_sitesModel));
    m_engine->rootContext()->setContextProperty("SitesController", m_sitesController.get());

    m_allowedDnsController.reset(new AllowedDnsController(m_settings, m_allowedDnsModel));
@@ -153,8 +153,9 @@ void CoreController::initControllers()

    m_apiConfigsController.reset(new ApiConfigsController(m_serversModel, m_apiServicesModel, m_settings));
    m_engine->rootContext()->setContextProperty("ApiConfigsController", m_apiConfigsController.get());
-    connect(m_apiConfigsController.get(), &ApiConfigsController::subscriptionRefreshNeeded,
-            this, [this]() { m_apiSettingsController->getAccountInfo(false); });
+
+    m_apiPremV1MigrationController.reset(new ApiPremV1MigrationController(m_serversModel, m_settings, this));
+    m_engine->rootContext()->setContextProperty("ApiPremV1MigrationController", m_apiPremV1MigrationController.get());

    m_apiNewsController.reset(new ApiNewsController(m_newsModel, m_settings, m_serversModel, this));
    m_engine->rootContext()->setContextProperty("ApiNewsController", m_apiNewsController.get());
@@ -230,6 +231,8 @@ void CoreController::initSignalHandlers()
    initAutoConnectHandler();
    initAmneziaDnsToggledHandler();
    initPrepareConfigHandler();
+    initImportPremiumV2VpnKeyHandler();
+    initShowMigrationDrawerHandler();
    initStrictKillSwitchHandler();
 }

@@ -370,11 +373,7 @@ void CoreController::initPrepareConfigHandler()
            return;
        }

-        m_installController->validateConfig();
-    });
-
-    connect(m_installController.get(), &InstallController::configValidated, this, [this](bool isValid) {
-        if (!isValid) {
+        if (!m_installController->isConfigValid()) {
            emit m_vpnConnection->connectionStateChanged(Vpn::ConnectionState::Disconnected);
            return;
        }
@@ -383,6 +382,25 @@ void CoreController::initPrepareConfigHandler()
    });
 }

+void CoreController::initImportPremiumV2VpnKeyHandler()
+{
+    connect(m_apiPremV1MigrationController.get(), &ApiPremV1MigrationController::importPremiumV2VpnKey, this, [this](const QString &vpnKey) {
+        m_importController->extractConfigFromData(vpnKey);
+        m_importController->importConfig();
+
+        emit m_apiPremV1MigrationController->migrationFinished();
+    });
+}
+
+void CoreController::initShowMigrationDrawerHandler()
+{
+    QTimer::singleShot(1000, this, [this]() {
+        if (m_apiPremV1MigrationController->isPremV1MigrationReminderActive() && m_apiPremV1MigrationController->hasConfigsToMigration()) {
+            m_apiPremV1MigrationController->showMigrationDrawer();
+        }
+    });
+}
+
 void CoreController::initStrictKillSwitchHandler()
 {
    connect(m_settingsController.get(), &SettingsController::strictKillSwitchEnabledChanged, m_vpnConnection.get(),
@@ -393,22 +411,3 @@ QSharedPointer<PageController> CoreController::pageController() const
 {
    return m_pageController;
 }
-
-void CoreController::openConnectionByIndex(int serverIndex)
-{
-    if (m_serversModel) {
-        m_serversModel->setProcessedServerIndex(serverIndex);
-        m_serversModel->setDefaultServerIndex(serverIndex);
-    }
-    m_connectionController->toggleConnection();
-}
-
-void CoreController::importConfigFromData(const QString &data)
-{
-    if (!m_importController)
-        return;
-
-    if (m_importController->extractConfigFromData(data)) {
-        m_importController->importConfig();
-    }
-}
@@ -11,6 +11,7 @@

 #include "ui/controllers/api/apiConfigsController.h"
 #include "ui/controllers/api/apiSettingsController.h"
+#include "ui/controllers/api/apiPremV1MigrationController.h"
 #include "ui/controllers/api/apiNewsController.h"
 #include "ui/controllers/appSplitTunnelingController.h"
 #include "ui/controllers/allowedDnsController.h"
@@ -64,9 +65,6 @@ public:
    QSharedPointer<PageController> pageController() const;
    void setQmlRoot();

-    void openConnectionByIndex(int serverIndex);
-    void importConfigFromData(const QString &data);
-
 signals:
    void translationsUpdated();
    void websiteUrlChanged(const QString &newUrl);
@@ -92,6 +90,8 @@ private:
    void initAutoConnectHandler();
    void initAmneziaDnsToggledHandler();
    void initPrepareConfigHandler();
+    void initImportPremiumV2VpnKeyHandler();
+    void initShowMigrationDrawerHandler();
    void initStrictKillSwitchHandler();

    QQmlApplicationEngine *m_engine {}; // TODO use parent child system here?
@@ -119,6 +119,7 @@ private:

    QScopedPointer<ApiSettingsController> m_apiSettingsController;
    QScopedPointer<ApiConfigsController> m_apiConfigsController;
+    QScopedPointer<ApiPremV1MigrationController> m_apiPremV1MigrationController;
    QScopedPointer<ApiNewsController> m_apiNewsController;

    QSharedPointer<ContainersModel> m_containersModel;
@@ -41,12 +41,6 @@ namespace
    constexpr QLatin1String errorResponsePattern3("Account not found.");

    constexpr QLatin1String updateRequestResponsePattern("client version update is required");
-
-    constexpr int httpStatusCodeNotFound = 404;
-    constexpr int httpStatusCodeConflict = 409;
-
-    constexpr int httpStatusCodeNotImplemented = 501;
-    constexpr int httpStatusCodeUnprocessableEntity = 422;
 }

 GatewayController::GatewayController(const QString &gatewayEndpoint, const bool isDevEnvironment, const int requestTimeoutMsecs,
@@ -80,11 +74,7 @@ GatewayController::EncryptedRequestData GatewayController::prepareRequest(const
        QString host = QUrl(encRequestData.request.url()).host();
        QString ip = NetworkUtilities::getIPAddress(host);
        if (!ip.isEmpty()) {
-            IpcClient::withInterface([&](QSharedPointer<IpcInterfaceReplica> iface) {
-                QRemoteObjectPendingReply<bool> reply = iface->addKillSwitchAllowedRange(QStringList { ip });
-                if (!reply.waitForFinished(1000) || !reply.returnValue())
-                    qWarning() << "GatewayController::prepareRequest(): Failed to execute remote addKillSwitchAllowedRange call";
-            });
+            IpcClient::Interface()->addKillSwitchAllowedRange(QStringList { ip });
        }
    }
 #endif
@@ -136,26 +126,6 @@ GatewayController::EncryptedRequestData GatewayController::prepareRequest(const
    return encRequestData;
 }

-GatewayController::DecryptionResult GatewayController::tryDecryptResponseBody(const QByteArray &encryptedResponseBody,
-                                                                              QNetworkReply::NetworkError replyError, const QByteArray &key,
-                                                                              const QByteArray &iv, const QByteArray &salt)
-{
-    DecryptionResult result;
-    result.decryptedBody = encryptedResponseBody;
-    result.isDecryptionSuccessful = false;
-
-    try {
-        QSimpleCrypto::QBlockCipher blockCipher;
-        result.decryptedBody = blockCipher.decryptAesBlockCipher(encryptedResponseBody, key, iv, "", salt);
-        result.isDecryptionSuccessful = true;
-    } catch (...) {
-        result.decryptedBody = encryptedResponseBody;
-        result.isDecryptionSuccessful = false;
-    }
-
-    return result;
-}
-
 ErrorCode GatewayController::post(const QString &endpoint, const QJsonObject apiPayload, QByteArray &responseBody)
 {
    EncryptedRequestData encRequestData = prepareRequest(endpoint, apiPayload);
@@ -179,27 +149,21 @@ ErrorCode GatewayController::post(const QString &endpoint, const QJsonObject api

    reply->deleteLater();

-    auto decryptionResult =
-            tryDecryptResponseBody(encryptedResponseBody, replyError, encRequestData.key, encRequestData.iv, encRequestData.salt);
-
-    if (sslErrors.isEmpty() && shouldBypassProxy(replyError, decryptionResult.decryptedBody, decryptionResult.isDecryptionSuccessful)) {
+    if (sslErrors.isEmpty()
+        && shouldBypassProxy(replyError, encryptedResponseBody, true, encRequestData.key, encRequestData.iv, encRequestData.salt)) {
        auto requestFunction = [&encRequestData, &encryptedResponseBody](const QString &url) {
            encRequestData.request.setUrl(url);
            return amnApp->networkManager()->post(encRequestData.request, encRequestData.requestBody);
        };

-        auto replyProcessingFunction = [&encryptedResponseBody, &replyErrorString, &replyError, &httpStatusCode, &sslErrors, &encRequestData,
-                                        &decryptionResult, this](QNetworkReply *reply, const QList<QSslError> &nestedSslErrors) {
+        auto replyProcessingFunction = [&encryptedResponseBody, &replyErrorString, &replyError, &httpStatusCode, &sslErrors,
+                                        &encRequestData, this](QNetworkReply *reply, const QList<QSslError> &nestedSslErrors) {
            encryptedResponseBody = reply->readAll();
            replyErrorString = reply->errorString();
            replyError = reply->error();
            httpStatusCode = reply->attribute(QNetworkRequest::HttpStatusCodeAttribute).toInt();
-
-            decryptionResult =
-                    tryDecryptResponseBody(encryptedResponseBody, replyError, encRequestData.key, encRequestData.iv, encRequestData.salt);
-
            if (!sslErrors.isEmpty()
-                || shouldBypassProxy(replyError, decryptionResult.decryptedBody, decryptionResult.isDecryptionSuccessful)) {
+                || shouldBypassProxy(replyError, encryptedResponseBody, true, encRequestData.key, encRequestData.iv, encRequestData.salt)) {
                sslErrors = nestedSslErrors;
                return false;
            }
@@ -211,19 +175,21 @@ ErrorCode GatewayController::post(const QString &endpoint, const QJsonObject api
        bypassProxy(endpoint, serviceType, userCountryCode, requestFunction, replyProcessingFunction);
    }

-    auto errorCode =
-            apiUtils::checkNetworkReplyErrors(sslErrors, replyErrorString, replyError, httpStatusCode, decryptionResult.decryptedBody);
+    auto errorCode = apiUtils::checkNetworkReplyErrors(sslErrors, replyErrorString, replyError, httpStatusCode, encryptedResponseBody);
    if (errorCode) {
        return errorCode;
    }

-    if (!decryptionResult.isDecryptionSuccessful) {
+    try {
+        QSimpleCrypto::QBlockCipher blockCipher;
+        responseBody =
+                blockCipher.decryptAesBlockCipher(encryptedResponseBody, encRequestData.key, encRequestData.iv, "", encRequestData.salt);
+        return ErrorCode::NoError;
+    } catch (...) { // todo change error handling in QSimpleCrypto?
+        Utils::logException();
        qCritical() << "error when decrypting the request body";
        return ErrorCode::ApiConfigDecryptionError;
    }
-
-    responseBody = decryptionResult.decryptedBody;
-    return ErrorCode::NoError;
 }

 QFuture<QPair<ErrorCode, QByteArray>> GatewayController::postAsync(const QString &endpoint, const QJsonObject apiPayload)
@@ -252,33 +218,32 @@ QFuture<QPair<ErrorCode, QByteArray>> GatewayController::postAsync(const QString

        reply->deleteLater();

-        auto decryptionResult =
-                tryDecryptResponseBody(encryptedResponseBody, replyError, encRequestData.key, encRequestData.iv, encRequestData.salt);
-
-        auto processResponse = [promise, encRequestData](const GatewayController::DecryptionResult &decryptionResult,
-                                                         const QList<QSslError> &sslErrors, QNetworkReply::NetworkError replyError,
-                                                         const QString &replyErrorString, int httpStatusCode) {
-            auto errorCode = apiUtils::checkNetworkReplyErrors(sslErrors, replyErrorString, replyError, httpStatusCode,
-                                                               decryptionResult.decryptedBody);
+        auto processResponse = [promise, encRequestData](const QByteArray &ecryptedResponseBody, const QList<QSslError> &sslErrors,
+                                                         QNetworkReply::NetworkError replyError, const QString &replyErrorString,
+                                                         int httpStatusCode) {
+            auto errorCode = apiUtils::checkNetworkReplyErrors(sslErrors, replyErrorString, replyError, httpStatusCode, ecryptedResponseBody);
            if (errorCode) {
                promise->addResult(qMakePair(errorCode, QByteArray()));
                promise->finish();
                return;
            }

-            if (!decryptionResult.isDecryptionSuccessful) {
+            QSimpleCrypto::QBlockCipher blockCipher;
+            try {
+                QByteArray responseBody = blockCipher.decryptAesBlockCipher(ecryptedResponseBody, encRequestData.key, encRequestData.iv, "",
+                                                                            encRequestData.salt);
+                promise->addResult(qMakePair(ErrorCode::NoError, responseBody));
+                promise->finish();
+            } catch (...) {
                Utils::logException();
                qCritical() << "error when decrypting the request body";
                promise->addResult(qMakePair(ErrorCode::ApiConfigDecryptionError, QByteArray()));
                promise->finish();
-                return;
            }
-
-            promise->addResult(qMakePair(ErrorCode::NoError, decryptionResult.decryptedBody));
-            promise->finish();
        };

-        if (sslErrors->isEmpty() && shouldBypassProxy(replyError, decryptionResult.decryptedBody, decryptionResult.isDecryptionSuccessful)) {
+        if (sslErrors->isEmpty()
+            && shouldBypassProxy(replyError, encryptedResponseBody, true, encRequestData.key, encRequestData.iv, encRequestData.salt)) {
            auto serviceType = apiPayload.value(apiDefs::key::serviceType).toString("");
            auto userCountryCode = apiPayload.value(apiDefs::key::userCountryCode).toString("");

@@ -301,21 +266,13 @@ QFuture<QPair<ErrorCode, QByteArray>> GatewayController::postAsync(const QString
                proxyStorageUrls.push_back(baseUrl + "endpoints.json");

            getProxyUrlsAsync(proxyStorageUrls, 0, [this, encRequestData, endpoint, processResponse](const QStringList &proxyUrls) {
-                getProxyUrlAsync(proxyUrls, 0, [this, encRequestData, endpoint, processResponse](const QString &proxyUrl) {
-                    bypassProxyAsync(endpoint, proxyUrl, encRequestData,
-                                     [processResponse, this](const QByteArray &decryptedBody, bool isDecryptionSuccessful,
-                                                             const QList<QSslError> &sslErrors, QNetworkReply::NetworkError replyError,
-                                                             const QString &replyErrorString, int httpStatusCode) {
-                                         GatewayController::DecryptionResult result;
-                                         result.decryptedBody = decryptedBody;
-                                         result.isDecryptionSuccessful = isDecryptionSuccessful;
-                                         processResponse(result, sslErrors, replyError, replyErrorString, httpStatusCode);
-                                     });
+                getProxyUrlAsync(proxyUrls, 0, [this, encRequestData, endpoint, processResponse](const QString &proxyUrls) {
+                    bypassProxyAsync(endpoint, proxyUrls, encRequestData, processResponse);
                });
            });

        } else {
-            processResponse(decryptionResult, *sslErrors, replyError, replyErrorString, httpStatusCode);
+            processResponse(encryptedResponseBody, *sslErrors, replyError, replyErrorString, httpStatusCode);
        }
    });

@@ -338,9 +295,6 @@ QStringList GatewayController::getProxyUrls(const QString &serviceType, const QS
    } else {
        baseUrls = QString(PROD_S3_ENDPOINT).split(", ");
    }
-    std::random_device randomDevice;
-    std::mt19937 generator(randomDevice());
-    std::shuffle(baseUrls.begin(), baseUrls.end(), generator);

    QByteArray key = m_isDevEnvironment ? DEV_AGW_PUBLIC_KEY : PROD_AGW_PUBLIC_KEY;

@@ -411,23 +365,9 @@ QStringList GatewayController::getProxyUrls(const QString &serviceType, const QS
    return {};
 }

-bool GatewayController::shouldBypassProxy(const QNetworkReply::NetworkError &replyError, const QByteArray &decryptedResponseBody,
-                                          bool isDecryptionSuccessful)
+bool GatewayController::shouldBypassProxy(const QNetworkReply::NetworkError &replyError, const QByteArray &responseBody,
+                                          bool checkEncryption, const QByteArray &key, const QByteArray &iv, const QByteArray &salt)
 {
-    const QByteArray &responseBody = decryptedResponseBody;
-
-    int httpStatus = -1;
-    if (isDecryptionSuccessful) {
-        QJsonDocument jsonDoc = QJsonDocument::fromJson(responseBody);
-        if (jsonDoc.isObject()) {
-            QJsonObject jsonObj = jsonDoc.object();
-            httpStatus = jsonObj.value("http_status").toInt(-1);
-        }
-    } else {
-        qDebug() << "failed to decrypt the data";
-        return true;
-    }
-
    if (replyError == QNetworkReply::NetworkError::OperationCanceledError || replyError == QNetworkReply::NetworkError::TimeoutError) {
        qDebug() << "timeout occurred";
        qDebug() << replyError;
@@ -435,7 +375,7 @@ bool GatewayController::shouldBypassProxy(const QNetworkReply::NetworkError &rep
    } else if (responseBody.contains("html")) {
        qDebug() << "the response contains an html tag";
        return true;
-    } else if (httpStatus == httpStatusCodeNotFound) {
+    } else if (replyError == QNetworkReply::NetworkError::ContentNotFoundError) {
        if (responseBody.contains(errorResponsePattern1) || responseBody.contains(errorResponsePattern2)
            || responseBody.contains(errorResponsePattern3)) {
            return false;
@@ -443,20 +383,24 @@ bool GatewayController::shouldBypassProxy(const QNetworkReply::NetworkError &rep
            qDebug() << replyError;
            return true;
        }
-    } else if (httpStatus == httpStatusCodeNotImplemented) {
+    } else if (replyError == QNetworkReply::NetworkError::OperationNotImplementedError) {
        if (responseBody.contains(updateRequestResponsePattern)) {
            return false;
        } else {
            qDebug() << replyError;
            return true;
        }
-    } else if (httpStatus == httpStatusCodeConflict) {
-        return false;
-    } else if (httpStatus == httpStatusCodeUnprocessableEntity) {
-        return false;
    } else if (replyError != QNetworkReply::NetworkError::NoError) {
        qDebug() << replyError;
        return true;
+    } else if (checkEncryption) {
+        try {
+            QSimpleCrypto::QBlockCipher blockCipher;
+            static_cast<void>(blockCipher.decryptAesBlockCipher(responseBody, key, iv, "", salt));
+        } catch (...) {
+            qDebug() << "failed to decrypt the data";
+            return true;
+        }
    }
    return false;
 }
@@ -604,8 +548,7 @@ void GatewayController::getProxyUrlsAsync(const QStringList proxyStorageUrls, co
    });
 }

-void GatewayController::getProxyUrlAsync(const QStringList proxyUrls, const int currentProxyIndex,
-                                         std::function<void(const QString &)> onComplete)
+void GatewayController::getProxyUrlAsync(const QStringList proxyUrls, const int currentProxyIndex, std::function<void(const QString &)> onComplete)
 {
    if (currentProxyIndex >= proxyUrls.size()) {
        onComplete("");
@@ -639,11 +582,11 @@ void GatewayController::getProxyUrlAsync(const QStringList proxyUrls, const int

 void GatewayController::bypassProxyAsync(
        const QString &endpoint, const QString &proxyUrl, EncryptedRequestData encRequestData,
-        std::function<void(const QByteArray &, bool, const QList<QSslError> &, QNetworkReply::NetworkError, const QString &, int)> onComplete)
+        std::function<void(const QByteArray &, const QList<QSslError> &, QNetworkReply::NetworkError, const QString &, int)> onComplete)
 {
    auto sslErrors = QSharedPointer<QList<QSslError>>::create();
    if (proxyUrl.isEmpty()) {
-        onComplete(QByteArray(), false, *sslErrors, QNetworkReply::InternalServerError, "empty proxy url", 0);
+        onComplete(QByteArray(), *sslErrors, QNetworkReply::InternalServerError, "empty proxy url", 0);
        return;
    }

@@ -654,7 +597,7 @@ void GatewayController::bypassProxyAsync(

    connect(reply, &QNetworkReply::sslErrors, this, [sslErrors](const QList<QSslError> &errors) { *sslErrors = errors; });

-    connect(reply, &QNetworkReply::finished, this, [sslErrors, onComplete, encRequestData, reply, this]() {
+    connect(reply, &QNetworkReply::finished, this, [sslErrors, onComplete, reply]() {
        QByteArray encryptedResponseBody = reply->readAll();
        QString replyErrorString = reply->errorString();
        auto replyError = reply->error();
@@ -662,10 +605,6 @@ void GatewayController::bypassProxyAsync(

        reply->deleteLater();

-        auto decryptionResult =
-                tryDecryptResponseBody(encryptedResponseBody, replyError, encRequestData.key, encRequestData.iv, encRequestData.salt);
-
-        onComplete(decryptionResult.decryptedBody, decryptionResult.isDecryptionSuccessful, *sslErrors, replyError, replyErrorString,
-                   httpStatusCode);
+        onComplete(encryptedResponseBody, *sslErrors, replyError, replyErrorString, httpStatusCode);
    });
 }
@@ -36,18 +36,11 @@ private:
        amnezia::ErrorCode errorCode;
    };

-    struct DecryptionResult
-    {
-        QByteArray decryptedBody;
-        bool isDecryptionSuccessful;
-    };
-
    EncryptedRequestData prepareRequest(const QString &endpoint, const QJsonObject &apiPayload);
-    DecryptionResult tryDecryptResponseBody(const QByteArray &encryptedResponseBody, QNetworkReply::NetworkError replyError,
-                                            const QByteArray &key, const QByteArray &iv, const QByteArray &salt);

    QStringList getProxyUrls(const QString &serviceType, const QString &userCountryCode);
-    bool shouldBypassProxy(const QNetworkReply::NetworkError &replyError, const QByteArray &decryptedResponseBody, bool isDecryptionSuccessful);
+    bool shouldBypassProxy(const QNetworkReply::NetworkError &replyError, const QByteArray &responseBody, bool checkEncryption,
+                           const QByteArray &key = "", const QByteArray &iv = "", const QByteArray &salt = "");
    void bypassProxy(const QString &endpoint, const QString &serviceType, const QString &userCountryCode,
                     std::function<QNetworkReply *(const QString &url)> requestFunction,
                     std::function<bool(QNetworkReply *reply, const QList<QSslError> &sslErrors)> replyProcessingFunction);
@@ -57,7 +50,7 @@ private:
    void getProxyUrlAsync(const QStringList proxyUrls, const int currentProxyIndex, std::function<void(const QString &)> onComplete);
    void bypassProxyAsync(
            const QString &endpoint, const QString &proxyUrl, EncryptedRequestData encRequestData,
-            std::function<void(const QByteArray &, bool, const QList<QSslError> &, QNetworkReply::NetworkError, const QString &, int)> onComplete);
+            std::function<void(const QByteArray &, const QList<QSslError> &, QNetworkReply::NetworkError, const QString &, int)> onComplete);

    int m_requestTimeoutMsecs;
    QString m_gatewayEndpoint;
@@ -345,7 +345,7 @@ bool ServerController::isReinstallContainerRequired(DockerContainer container, c
            return true;
    }

-    if (ContainerProps::isAwgContainer(container)) {
+    if (container == DockerContainer::Awg) {
        if ((oldProtoConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress)
             != newProtoConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress))
            || (oldProtoConfig.value(config_key::port).toString(protocols::awg::defaultPort)
@@ -367,11 +367,11 @@ bool ServerController::isReinstallContainerRequired(DockerContainer container, c
            || (oldProtoConfig.value(config_key::underloadPacketMagicHeader).toString(protocols::awg::defaultUnderloadPacketMagicHeader)
                != newProtoConfig.value(config_key::underloadPacketMagicHeader).toString(protocols::awg::defaultUnderloadPacketMagicHeader))
            || (oldProtoConfig.value(config_key::transportPacketMagicHeader).toString(protocols::awg::defaultTransportPacketMagicHeader))
-                    != newProtoConfig.value(config_key::transportPacketMagicHeader).toString(protocols::awg::defaultTransportPacketMagicHeader)
-            || (oldProtoConfig.value(config_key::cookieReplyPacketJunkSize).toString(protocols::awg::defaultCookieReplyPacketJunkSize)
-                != newProtoConfig.value(config_key::cookieReplyPacketJunkSize).toString(protocols::awg::defaultCookieReplyPacketJunkSize))
-            || (oldProtoConfig.value(config_key::transportPacketJunkSize).toString(protocols::awg::defaultTransportPacketJunkSize)
-                != newProtoConfig.value(config_key::transportPacketJunkSize).toString(protocols::awg::defaultTransportPacketJunkSize)))
+                    != newProtoConfig.value(config_key::transportPacketMagicHeader).toString(protocols::awg::defaultTransportPacketMagicHeader))
+            // || (oldProtoConfig.value(config_key::cookieReplyPacketJunkSize).toString(protocols::awg::defaultCookieReplyPacketJunkSize)
+            //     != newProtoConfig.value(config_key::cookieReplyPacketJunkSize).toString(protocols::awg::defaultCookieReplyPacketJunkSize))
+            // || (oldProtoConfig.value(config_key::transportPacketJunkSize).toString(protocols::awg::defaultTransportPacketJunkSize)
+            //     != newProtoConfig.value(config_key::transportPacketJunkSize).toString(protocols::awg::defaultTransportPacketJunkSize))

            return true;
    }
@@ -419,18 +419,6 @@ ErrorCode ServerController::installDockerWorker(const ServerCredentials &credent
                      cbReadStdOut, cbReadStdErr);

    qDebug().noquote() << "ServerController::installDockerWorker" << stdOut;
-    if (container == DockerContainer::Awg2) {
-        QRegularExpression regex(R"(Linux\s+(\d+)\.(\d+)[^\d]*)");
-        QRegularExpressionMatch match = regex.match(stdOut);
-        if (match.hasMatch()) {
-            int majorVersion = match.captured(1).toInt();
-            int minorVersion = match.captured(2).toInt();
-
-            if (majorVersion < 4 || (majorVersion == 4 && minorVersion < 14)) {
-                return ErrorCode::ServerLinuxKernelTooOld;
-            }
-        }
-    }
    if (stdOut.contains("lock"))
        return ErrorCode::ServerPacketManagerError;
    if (stdOut.contains("command not found"))
@@ -660,11 +648,6 @@ ServerController::Vars ServerController::genVarsForScript(const ServerCredential

    vars.append({ { "$COOKIE_REPLY_PACKET_JUNK_SIZE", amneziaWireguarConfig.value(config_key::cookieReplyPacketJunkSize).toString() } });
    vars.append({ { "$TRANSPORT_PACKET_JUNK_SIZE", amneziaWireguarConfig.value(config_key::transportPacketJunkSize).toString() } });
-    vars.append({ { "$SPECIAL_JUNK_1", amneziaWireguarConfig.value(config_key::specialJunk1).toString() } });
-    vars.append({ { "$SPECIAL_JUNK_2", amneziaWireguarConfig.value(config_key::specialJunk2).toString() } });
-    vars.append({ { "$SPECIAL_JUNK_3", amneziaWireguarConfig.value(config_key::specialJunk3).toString() } });
-    vars.append({ { "$SPECIAL_JUNK_4", amneziaWireguarConfig.value(config_key::specialJunk4).toString() } });
-    vars.append({ { "$SPECIAL_JUNK_5", amneziaWireguarConfig.value(config_key::specialJunk5).toString() } });

    // Socks5 proxy vars
    vars.append({ { "$SOCKS5_PROXY_PORT", socks5ProxyConfig.value(config_key::port).toString(protocols::socks5Proxy::defaultPort) } });
@@ -674,8 +657,7 @@ ServerController::Vars ServerController::genVarsForScript(const ServerCredential
    vars.append({ { "$SOCKS5_USER", socks5user } });
    vars.append({ { "$SOCKS5_AUTH_TYPE", socks5user.isEmpty() ? "none" : "strong" } });

-    QString serverIp = (!ContainerProps::isAwgContainer(container) && 
-        container != DockerContainer::WireGuard && container != DockerContainer::Xray)
+    QString serverIp = (container != DockerContainer::Awg && container != DockerContainer::WireGuard && container != DockerContainer::Xray)
            ? NetworkUtilities::getIPAddress(credentials.hostName)
            : credentials.hostName;
    if (!serverIp.isEmpty()) {
@@ -99,12 +99,11 @@ QJsonObject VpnConfigurationsController::createVpnConfiguration(const QPair<QStr
        protocolConfigString = configurator->processConfigWithLocalSettings(dns, isApiConfig, protocolConfigString);

        QJsonObject vpnConfigData = QJsonDocument::fromJson(protocolConfigString.toUtf8()).object();
-        if (ContainerProps::isAwgContainer(container) || container == DockerContainer::WireGuard) {
+        if (container == DockerContainer::Awg || container == DockerContainer::WireGuard) {
            // add mtu for old configs
            if (vpnConfigData[config_key::mtu].toString().isEmpty()) {
                vpnConfigData[config_key::mtu] =
-                        ContainerProps::isAwgContainer(container) ? protocols::awg::defaultMtu :
-                        protocols::wireguard::defaultMtu;
+                        container == DockerContainer::Awg ? protocols::awg::defaultMtu : protocols::wireguard::defaultMtu;
            }
        }

@@ -61,7 +61,6 @@ namespace amnezia
        ServerDockerOnCgroupsV2 = 211,
        ServerCgroupMountpoint = 212,
        DockerPullRateLimit = 213,
-        ServerLinuxKernelTooOld = 214,

        // Ssh connection errors
        SshRequestDeniedError = 300,
@@ -122,7 +121,6 @@ namespace amnezia
        ApiMigrationError = 1110,
        ApiUpdateRequestError = 1111,
        ApiSubscriptionExpiredError = 1112,
-        ApiPurchaseError = 1113,

        // QFile errors
        OpenError = 1200,
@@ -29,7 +29,6 @@ QString errorString(ErrorCode code) {
    case(ErrorCode::ServerDockerOnCgroupsV2): errorMessage = QObject::tr("Docker error: runc doesn't work on cgroups v2"); break;
    case(ErrorCode::ServerCgroupMountpoint): errorMessage = QObject::tr("Server error: cgroup mountpoint does not exist"); break;
    case(ErrorCode::DockerPullRateLimit): errorMessage = QObject::tr("Docker error: The pull rate limit has been reached"); break;
-    case(ErrorCode::ServerLinuxKernelTooOld): errorMessage = QObject::tr("Server error: Linux kernel is too old"); break;

    // Libssh errors
    case(ErrorCode::SshRequestDeniedError): errorMessage = QObject::tr("SSH request was denied"); break;
@@ -79,7 +78,6 @@ QString errorString(ErrorCode code) {
    case (ErrorCode::ApiMigrationError): errorMessage = QObject::tr("A migration error has occurred. Please contact our technical support"); break;
    case (ErrorCode::ApiUpdateRequestError): errorMessage = QObject::tr("Please update the application to use this feature"); break;
    case (ErrorCode::ApiSubscriptionExpiredError): errorMessage = QObject::tr("Your Amnezia Premium subscription has expired.\n Please check your email for renewal instructions.\n If you haven't received an email, please contact our support."); break;
-    case (ErrorCode::ApiPurchaseError): errorMessage = QObject::tr("Unable to process purchase"); break;

    // QFile errors
    case(ErrorCode::OpenError): errorMessage = QObject::tr("QFile error: The file could not be opened"); break;
@@ -1,74 +1,132 @@
 #include "ipcclient.h"
-#include "ipc.h"
 #include <QRemoteObjectNode>
-#include <QtNetwork/qlocalsocket.h>
+
+IpcClient *IpcClient::m_instance = nullptr;

 IpcClient::IpcClient(QObject *parent) : QObject(parent)
 {
-    m_node.connectToNode(QUrl("local:" + amnezia::getIpcServiceUrl()));
-    m_interface.reset(m_node.acquire<IpcInterfaceReplica>());
 }

-IpcClient& IpcClient::Instance()
+IpcClient::~IpcClient()
 {
-    thread_local IpcClient ipcClient;
-    return ipcClient;
+    if (m_localSocket)
+        m_localSocket->close();
+}
+
+bool IpcClient::isSocketConnected() const
+{
+    return m_isSocketConnected;
+}
+
+IpcClient *IpcClient::Instance()
+{
+    return m_instance;
 }

 QSharedPointer<IpcInterfaceReplica> IpcClient::Interface()
 {
-    QSharedPointer<IpcInterfaceReplica> rep = Instance().m_interface;
-    if (rep.isNull()) {
-        qCritical() << "IpcClient::Interface(): Failed to acquire replica";
+    if (!Instance())
        return nullptr;
-    }
-    if (!rep->waitForSource(1000)) {
-        qCritical() << "IpcClient::Interface(): Failed to initialize replica";
-        return nullptr;
-    }
-    if (!rep->isReplicaValid()) {
-        qWarning() << "IpcClient::Interface(): Replica is invalid";
-    }
-    return rep;
+    return Instance()->m_ipcClient;
 }

-QSharedPointer<IpcProcessInterfaceReplica> IpcClient::CreatePrivilegedProcess()
+QSharedPointer<IpcProcessTun2SocksReplica> IpcClient::InterfaceTun2Socks()
 {
-    return withInterface([](QSharedPointer<IpcInterfaceReplica> &iface) -> QSharedPointer<IpcProcessInterfaceReplica> {
-        auto createPrivilegedProcess = iface->createPrivilegedProcess();
-        if (!createPrivilegedProcess.waitForFinished()) {
-            qCritical() << "Failed to create privileged process";
-            return nullptr;
-        }
-
-        const int pid = createPrivilegedProcess.returnValue();
-
-        auto* node = new QRemoteObjectNode();
-        node->connectToNode(QUrl(QString("local:%1").arg(amnezia::getIpcProcessUrl(pid))));
-
-        QSharedPointer<IpcProcessInterfaceReplica> rep(
-            node->acquire<IpcProcessInterfaceReplica>(),
-            [node] (IpcProcessInterfaceReplica *ptr) {
-                delete ptr;
-                node->deleteLater();
-            }
-        );
-        if (rep.isNull()) {
-            qCritical() << "IpcClient::CreatePrivilegedProcess(): Failed to acquire replica";
-            return nullptr;
-        }
-        if (!rep->waitForSource()) {
-            qCritical() << "IpcClient::CreatePrivilegedProcess(): Failed to initialize replica";
-            return nullptr;
-        }
-        if (!rep->isReplicaValid()) {
-            qCritical() << "IpcClient::CreatePrivilegedProcess(): Replica is invalid";
-            return nullptr;
-        }
-
-        return rep;
-    },
-    []() -> QSharedPointer<IpcProcessInterfaceReplica> {
+    if (!Instance())
        return nullptr;
-    });
+    return Instance()->m_Tun2SocksClient;
+}
+
+bool IpcClient::init(IpcClient *instance)
+{
+    m_instance = instance;
+
+    Instance()->m_localSocket = new QLocalSocket(Instance());
+    connect(Instance()->m_localSocket.data(), &QLocalSocket::connected, &Instance()->m_ClientNode, []() {
+        Instance()->m_ClientNode.addClientSideConnection(Instance()->m_localSocket.data());
+        auto cliNode = Instance()->m_ClientNode.acquire<IpcInterfaceReplica>();
+        cliNode->waitForSource(5000);
+        Instance()->m_ipcClient.reset(cliNode);
+
+        if (!Instance()->m_ipcClient) {
+            qWarning() << "IpcClient is not ready!";
+        }
+
+        Instance()->m_ipcClient->waitForSource(1000);
+
+        if (!Instance()->m_ipcClient->isReplicaValid()) {
+            qWarning() << "IpcClient replica is not connected!";
+        }
+
+        auto t2sNode = Instance()->m_ClientNode.acquire<IpcProcessTun2SocksReplica>();
+        t2sNode->waitForSource(5000);
+        Instance()->m_Tun2SocksClient.reset(t2sNode);
+
+        if (!Instance()->m_Tun2SocksClient) {
+            qWarning() << "IpcClient::m_Tun2SocksClient is not ready!";
+        }
+
+        Instance()->m_Tun2SocksClient->waitForSource(1000);
+
+        if (!Instance()->m_Tun2SocksClient->isReplicaValid()) {
+            qWarning() << "IpcClient::m_Tun2SocksClient replica is not connected!";
+        }
+    });
+
+    connect(Instance()->m_localSocket, &QLocalSocket::disconnected,
+            [instance]() { instance->m_isSocketConnected = false; });
+
+    Instance()->m_localSocket->connectToServer(amnezia::getIpcServiceUrl());
+    Instance()->m_localSocket->waitForConnected();
+
+    if (!Instance()->m_ipcClient) {
+        qDebug() << "IpcClient::init failed";
+        return false;
+    }
+
+    qDebug() << "IpcClient::init succeed";
+
+    return (Instance()->m_ipcClient->isReplicaValid() && Instance()->m_Tun2SocksClient->isReplicaValid());
+}
+
+QSharedPointer<PrivilegedProcess> IpcClient::CreatePrivilegedProcess()
+{
+    if (!Instance()->m_ipcClient || !Instance()->m_ipcClient->isReplicaValid()) {
+        qWarning() << "IpcClient::createPrivilegedProcess : IpcClient IpcClient replica is not valid";
+        return nullptr;
+    }
+
+    QRemoteObjectPendingReply<int> futureResult = Instance()->m_ipcClient->createPrivilegedProcess();
+    futureResult.waitForFinished(5000);
+
+    int pid = futureResult.returnValue();
+
+    auto pd = QSharedPointer<ProcessDescriptor>(new ProcessDescriptor());
+    Instance()->m_processNodes.insert(pid, pd);
+
+    pd->localSocket.reset(new QLocalSocket(pd->replicaNode.data()));
+
+    connect(pd->localSocket.data(), &QLocalSocket::connected, pd->replicaNode.data(), [pd]() {
+        pd->replicaNode->addClientSideConnection(pd->localSocket.data());
+
+        IpcProcessInterfaceReplica *repl = pd->replicaNode->acquire<IpcProcessInterfaceReplica>();
+        PrivilegedProcess *priv = static_cast<PrivilegedProcess *>(repl);
+        pd->ipcProcess.reset(priv);
+        if (!pd->ipcProcess) {
+            qWarning() << "Acquire PrivilegedProcess failed";
+        } else {
+            pd->ipcProcess->waitForSource(1000);
+            if (!pd->ipcProcess->isReplicaValid()) {
+                qWarning() << "PrivilegedProcess replica is not connected!";
+            }
+
+            QObject::connect(pd->ipcProcess.data(), &PrivilegedProcess::destroyed, pd->ipcProcess.data(),
+                             [pd]() { pd->replicaNode->deleteLater(); });
+        }
+    });
+    pd->localSocket->connectToServer(amnezia::getIpcProcessUrl(pid));
+    pd->localSocket->waitForConnected();
+
+    auto processReplica = QSharedPointer<PrivilegedProcess>(pd->ipcProcess);
+    return processReplica;
 }
@@ -4,53 +4,53 @@
 #include <QLocalSocket>
 #include <QObject>

+#include "ipc.h"
 #include "rep_ipc_interface_replica.h"
-#include "rep_ipc_process_interface_replica.h"
+#include "rep_ipc_process_tun2socks_replica.h"
+
+#include "privileged_process.h"

 class IpcClient : public QObject
 {
    Q_OBJECT
 public:
-    explicit IpcClient(QObject *parent = nullptr);
+   explicit IpcClient(QObject *parent = nullptr);

-    static IpcClient& Instance();
+   static IpcClient *Instance();
+   static bool init(IpcClient *instance);
+   static QSharedPointer<IpcInterfaceReplica> Interface();
+   static QSharedPointer<IpcProcessTun2SocksReplica> InterfaceTun2Socks();
+   static QSharedPointer<PrivilegedProcess> CreatePrivilegedProcess();

-    static QSharedPointer<IpcInterfaceReplica> Interface();
-    static QSharedPointer<IpcProcessInterfaceReplica> CreatePrivilegedProcess();
+   bool isSocketConnected() const;

-    template <typename Func>
-    static auto withInterface(Func func)
-    {
-        QSharedPointer<IpcInterfaceReplica> iface = Instance().m_interface;
-        using ReturnType = decltype(func(std::declval<QSharedPointer<IpcInterfaceReplica>>()));
-
-        if (iface.isNull() || !iface->waitForSource(1000) || !iface->isReplicaValid()) {
-            qWarning() << "IpcClient::withInterface(): Service is not running";
-
-            if constexpr (std::is_void_v<ReturnType>)
-                return;
-            else
-                return ReturnType{};
-        }
-
-        return func(iface);
-    }
-
-    template <typename OnSuccess, typename OnFailure>
-    static auto withInterface(OnSuccess onSuccess, OnFailure onFailure)
-    {
-        QSharedPointer<IpcInterfaceReplica> iface = Instance().m_interface;
-        if (iface.isNull() || !iface->waitForSource(1000) || !iface->isReplicaValid()) {
-            return onFailure();
-        }
-
-        return onSuccess(iface);
-    }
 signals:

 private:
-    QRemoteObjectNode m_node;
-    QSharedPointer<IpcInterfaceReplica> m_interface;
+    ~IpcClient() override;
+
+    QRemoteObjectNode m_ClientNode;
+    QRemoteObjectNode m_Tun2SocksNode;
+    QSharedPointer<IpcInterfaceReplica> m_ipcClient;
+    QPointer<QLocalSocket> m_localSocket;
+    QPointer<QLocalSocket> m_tun2socksSocket;
+    QSharedPointer<IpcProcessTun2SocksReplica> m_Tun2SocksClient;
+
+    struct ProcessDescriptor {
+        ProcessDescriptor () {
+            replicaNode = QSharedPointer<QRemoteObjectNode>(new QRemoteObjectNode());
+            ipcProcess = QSharedPointer<PrivilegedProcess>();
+            localSocket = QSharedPointer<QLocalSocket>();
+        }
+        QSharedPointer<PrivilegedProcess> ipcProcess;
+        QSharedPointer<QRemoteObjectNode> replicaNode;
+        QSharedPointer<QLocalSocket> localSocket;
+    };
+
+    QMap<int, QSharedPointer<ProcessDescriptor>> m_processNodes;
+    bool m_isSocketConnected {false};
+
+    static IpcClient *m_instance;
 };

 #endif // IPCCLIENT_H
@@ -1,12 +1,11 @@
 #include "networkUtilities.h"
-#include <QtNetwork/qnetworkinterface.h>
-#include <cstddef>

 #ifdef Q_OS_WIN
    #include <windows.h>
    #include <Ipexport.h>
    #include <Ws2tcpip.h>
    #include <ws2ipdef.h>
+    #include <stdint.h>
    #include <Iphlpapi.h>
    #include <Iptypes.h>
    #include <WinSock2.h>
@@ -31,15 +30,6 @@
    #include <netinet/in.h>
    #include <arpa/inet.h>
    #include <net/route.h>
-    #include <ifaddrs.h>
-    #include <net/if.h>
-    #include <net/if_dl.h>
-    #include <sys/types.h>
-    #include <sys/socket.h>
-    #include <arpa/inet.h>
-    #include <unistd.h>
-    #include <ifaddrs.h>
-    #include <net/if.h>
 #endif

 #include <QHostAddress>
@@ -180,7 +170,7 @@ int NetworkUtilities::AdapterIndexTo(const QHostAddress& dst) {
 #ifdef Q_OS_WIN
    qDebug() << "Getting Current Internet Adapter that routes to"
             << dst.toString();
-    quint32 ipBigEndian;
+    quint32_be ipBigEndian;
    quint32 ip = dst.toIPv4Address();
    qToBigEndian(ip, &ipBigEndian);
    _MIB_IPFORWARDROW routeInfo;
@@ -249,14 +239,12 @@ DWORD GetAdaptersAddressesWrapper(const ULONG Family,
 }
 #endif

-QPair<QString, QNetworkInterface> NetworkUtilities::getGatewayAndIface()
+QString NetworkUtilities::getGatewayAndIface()
 {
 #ifdef Q_OS_WIN
    constexpr int BUFF_LEN = 100;
    char buff[BUFF_LEN] = {'\0'};
-
-    QString resGateway;
-    int resIndex = -1;
+    QString result;

    PIP_ADAPTER_ADDRESSES pAdapterAddresses = nullptr;
    DWORD dwRetVal =
@@ -264,7 +252,7 @@ QPair<QString, QNetworkInterface> NetworkUtilities::getGatewayAndIface()

    if (dwRetVal != NO_ERROR) {
        qDebug() << "ipv4 stack detect GetAdaptersAddresses failed.";
-        return {};
+        return "";
    }

    PIP_ADAPTER_ADDRESSES pCurAddress = pAdapterAddresses;
@@ -279,9 +267,7 @@ QPair<QString, QNetworkInterface> NetworkUtilities::getGatewayAndIface()
                struct sockaddr_in addr;
                if (inet_pton(AF_INET, buff, &addr.sin_addr) == 1) {
                    qDebug() <<  "this is true v4 !";
-                    
-                    resGateway = gw;
-                    resIndex = pCurAddress->IfIndex;
+                    result = gw;
                }
            }
        }
@@ -289,7 +275,7 @@ QPair<QString, QNetworkInterface> NetworkUtilities::getGatewayAndIface()
    }

    free(pAdapterAddresses);
-    return { resGateway, QNetworkInterface::interfaceFromIndex(resIndex) };
+    return result;
 #endif
 #ifdef Q_OS_LINUX
    constexpr int BUFFER_SIZE = 100;
@@ -306,7 +292,7 @@ QPair<QString, QNetworkInterface> NetworkUtilities::getGatewayAndIface()

    if ((sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE)) < 0) {
        perror("socket failed");
-        return {};
+        return "";
    }

    memset(msgbuf, 0, sizeof(msgbuf));
@@ -330,7 +316,7 @@ QPair<QString, QNetworkInterface> NetworkUtilities::getGatewayAndIface()
    /* send msg */
    if (send(sock, nlmsg, nlmsg->nlmsg_len, 0) < 0) {
        perror("send failed");
-        return {};
+        return "";
    }

    /* receive response */
@@ -339,7 +325,7 @@ QPair<QString, QNetworkInterface> NetworkUtilities::getGatewayAndIface()
        received_bytes = recv(sock, ptr, sizeof(buffer) - msg_len, 0);
        if (received_bytes < 0) {
            perror("Error in recv");
-            return {};
+            return "";
        }

        nlh = (struct nlmsghdr *) ptr;
@@ -349,7 +335,7 @@ QPair<QString, QNetworkInterface> NetworkUtilities::getGatewayAndIface()
            (nlmsg->nlmsg_type == NLMSG_ERROR))
        {
            perror("Error in received packet");
-            return {};
+            return "";
        }

        /* If we received all data break */
@@ -402,12 +388,10 @@ QPair<QString, QNetworkInterface> NetworkUtilities::getGatewayAndIface()
        }
    }
    close(sock);
-    return { gateway_address, QNetworkInterface::interfaceFromName(interface) };
+    return gateway_address;
 #endif
 #if defined(Q_OS_MAC) && !defined(Q_OS_IOS) && !defined(MACOS_NE)
    QString gateway;
-    int index = -1;
-
    int mib[] = {CTL_NET, PF_ROUTE, 0, 0, NET_RT_FLAGS, RTF_GATEWAY};
    int afinet_type[] = {AF_INET, AF_INET6};

@@ -417,17 +401,17 @@ QPair<QString, QNetworkInterface> NetworkUtilities::getGatewayAndIface()

        size_t needed = 0;
        if (sysctl(mib, sizeof(mib) / sizeof(int), nullptr, &needed, nullptr, 0) < 0)
-            return {};
+            return "";

        char* buf;
        if ((buf = new char[needed]) == 0)
-            return {};
+            return "";

        if (sysctl(mib, sizeof(mib) / sizeof(int), buf, &needed, nullptr, 0) < 0)
        {
            qDebug() << "sysctl: net.route.0.0.dump";
            delete[] buf;
-            return {};
+            return gateway;
        }

        struct rt_msghdr* rt;
@@ -465,10 +449,7 @@ QPair<QString, QNetworkInterface> NetworkUtilities::getGatewayAndIface()
                               &(reinterpret_cast<struct sockaddr_in*>(sa_tab[RTAX_GATEWAY]))->sin_addr,
                               sizeof(struct in_addr));
                        if (inet_ntop(AF_INET, srcStr4, dstStr4, INET_ADDRSTRLEN) != nullptr)
-                        {
                            gateway = dstStr4;
-                            index = rt->rtm_index;
-                        }
                        break;
                    }
                }
@@ -482,10 +463,7 @@ QPair<QString, QNetworkInterface> NetworkUtilities::getGatewayAndIface()
                               &(reinterpret_cast<struct sockaddr_in6*>(sa_tab[RTAX_GATEWAY]))->sin6_addr,
                               sizeof(struct in6_addr));
                        if (inet_ntop(AF_INET6, srcStr6, dstStr6, INET6_ADDRSTRLEN) != nullptr)
-                        {
                            gateway = dstStr6;
-                            index = rt->rtm_index;
-                        }
                        break;
                    }
                }
@@ -494,6 +472,6 @@ QPair<QString, QNetworkInterface> NetworkUtilities::getGatewayAndIface()
        free(buf);
    }

-    return { gateway, QNetworkInterface::interfaceFromIndex(index) };
+    return gateway;
 #endif
 }
@@ -6,7 +6,7 @@
 #include <QString>
 #include <QHostAddress>
 #include <QNetworkReply>
-#include <QtNetwork/qnetworkinterface.h>
+

 class NetworkUtilities : public QObject
 {
@@ -17,7 +17,7 @@ public:
    static bool checkIPv4Format(const QString &ip);
    static bool checkIpSubnetFormat(const QString &ip);
    static bool checkIpv6Enabled();
-    static QPair<QString, QNetworkInterface> getGatewayAndIface();
+    static QString getGatewayAndIface();
    // Returns the Interface Index that could Route to dst
    static int AdapterIndexTo(const QHostAddress& dst);

@@ -1,194 +0,0 @@
-#include "osSignalHandler.h"
-
-#include <QCoreApplication>
-#include <QMetaObject>
-#include <QSocketNotifier>
-
-#include "../amnezia_application.h"
-
-#if defined(Q_OS_LINUX) && !defined(Q_OS_ANDROID)
-    #include <pthread.h>
-    #include <signal.h>
-    #include <sys/signalfd.h>
-    #include <unistd.h>
-#elif defined(Q_OS_MACOS)
-    #include <fcntl.h>
-    #include <signal.h>
-    #include <unistd.h>
-#endif
-
-#ifdef Q_OS_WIN
-    #include <QAbstractNativeEventFilter>
-
-    #include <windows.h>
-#endif
-
-namespace
-{
-
-    static bool initialized = false;
-
-#ifdef Q_OS_WIN
-    class WindowsCloseFilter : public QAbstractNativeEventFilter
-    {
-    public:
-        bool nativeEventFilter(const QByteArray &eventType, void *message, qintptr *result) override
-        {
-            MSG *msg = static_cast<MSG *>(message);
-
-            switch (msg->message) {
-            case WM_CLOSE: {
-                const HWND active = GetActiveWindow();
-                const HWND self = msg->hwnd;
-                if (active != self) {
-                    AmneziaApplication *app = qobject_cast<AmneziaApplication *>(QCoreApplication::instance());
-                    if (app) {
-                        QMetaObject::invokeMethod(app, "forceQuit", Qt::QueuedConnection);
-                    }
-                }
-            }
-            }
-            return false;
-        };
-    };
-
-    static WindowsCloseFilter *windowsFilter = nullptr;
-#endif
-
-#if defined(Q_OS_LINUX) && !defined(Q_OS_ANDROID)
-    static int signalFd = -1;
-    static QSocketNotifier *socketNotifier = nullptr;
-
-    static void setupUnixSignalHandler()
-    {
-        sigset_t set;
-        sigemptyset(&set);
-        sigaddset(&set, SIGINT);
-        sigaddset(&set, SIGTERM);
-
-        pthread_sigmask(SIG_BLOCK, &set, nullptr);
-
-        signalFd = signalfd(-1, &set, SFD_NONBLOCK | SFD_CLOEXEC);
-        if (signalFd < 0)
-            return;
-
-        socketNotifier = new QSocketNotifier(signalFd, QSocketNotifier::Read, QCoreApplication::instance());
-
-        QObject::connect(socketNotifier, &QSocketNotifier::activated, QCoreApplication::instance(), [](int) {
-            signalfd_siginfo fdsi;
-            ::read(signalFd, &fdsi, sizeof(fdsi));
-
-            if (fdsi.ssi_signo == SIGINT || fdsi.ssi_signo == SIGTERM) {
-                QCoreApplication::quit();
-            }
-        });
-    }
-#elif defined(Q_OS_MACOS)
-    static int signalPipe[2] = { -1, -1 };
-    static QSocketNotifier *socketNotifier = nullptr;
-
-    static void macSignalHandler(int)
-    {
-        if (signalPipe[1] >= 0) {
-            const char ch = 1;
-            ::write(signalPipe[1], &ch, sizeof(ch));
-        }
-    }
-
-    static void setupUnixSignalHandler()
-    {
-        if (::pipe(signalPipe) != 0)
-            return;
-
-        ::fcntl(signalPipe[0], F_SETFL, O_NONBLOCK);
-        ::fcntl(signalPipe[1], F_SETFL, O_NONBLOCK);
-
-        socketNotifier = new QSocketNotifier(signalPipe[0], QSocketNotifier::Read, QCoreApplication::instance());
-
-        QObject::connect(socketNotifier, &QSocketNotifier::activated, QCoreApplication::instance(), [](int) {
-            char buf[16];
-            ::read(signalPipe[0], buf, sizeof(buf));
-            QCoreApplication::quit();
-        });
-
-        struct sigaction sa {};
-        sa.sa_handler = macSignalHandler;
-        sigemptyset(&sa.sa_mask);
-        sa.sa_flags = 0;
-
-        sigaction(SIGINT, &sa, nullptr);
-        sigaction(SIGTERM, &sa, nullptr);
-    }
-#endif
-
-    static void cleanupUnixSignalHandler()
-    {
-#if defined(Q_OS_LINUX) && !defined(Q_OS_ANDROID)
-        if (socketNotifier) {
-            socketNotifier->setEnabled(false);
-            socketNotifier->deleteLater();
-            socketNotifier = nullptr;
-        }
-
-        if (signalFd >= 0) {
-            ::close(signalFd);
-            signalFd = -1;
-        }
-
-#elif defined(Q_OS_MACOS)
-        struct sigaction sa {};
-        sa.sa_handler = SIG_DFL;
-        sigemptyset(&sa.sa_mask);
-        sa.sa_flags = 0;
-        sigaction(SIGINT, &sa, nullptr);
-        sigaction(SIGTERM, &sa, nullptr);
-
-        if (socketNotifier) {
-            socketNotifier->setEnabled(false);
-            socketNotifier->deleteLater();
-            socketNotifier = nullptr;
-        }
-
-        if (signalPipe[0] >= 0) {
-            ::close(signalPipe[0]);
-            signalPipe[0] = -1;
-        }
-
-        if (signalPipe[1] >= 0) {
-            ::close(signalPipe[1]);
-            signalPipe[1] = -1;
-        }
-#endif
-
-#ifdef Q_OS_WIN
-        if (windowsFilter) {
-            QCoreApplication::instance()->removeNativeEventFilter(windowsFilter);
-            delete windowsFilter;
-            windowsFilter = nullptr;
-        }
-#endif
-    }
-}
-
-OsSignalHandler::OsSignalHandler(QObject *parent) : QObject(parent)
-{
-}
-
-void OsSignalHandler::setup()
-{
-    if (initialized)
-        return;
-
-    initialized = true;
-
-#if (defined(Q_OS_LINUX) && !defined(Q_OS_ANDROID)) || defined(Q_OS_MACOS)
-    setupUnixSignalHandler();
-#endif
-
-#ifdef Q_OS_WIN
-    windowsFilter = new WindowsCloseFilter();
-    QCoreApplication::instance()->installNativeEventFilter(windowsFilter);
-#endif
-
-    QObject::connect(QCoreApplication::instance(), &QCoreApplication::aboutToQuit, [] { cleanupUnixSignalHandler(); });
-}
@@ -1,17 +0,0 @@
-#ifndef OSSIGNALHANDLER_H
-#define OSSIGNALHANDLER_H
-
-#include <QObject>
-
-class OsSignalHandler : public QObject
-{
-    Q_OBJECT
-public:
-    static void setup();
-
-private:
-    explicit OsSignalHandler(QObject *parent = nullptr);
-    static void handleSignal(int signal);
-};
-
-#endif // OSSIGNALHANDLER_H
@@ -0,0 +1,27 @@
+#include "privileged_process.h"
+
+PrivilegedProcess::PrivilegedProcess() :
+    IpcProcessInterfaceReplica()
+{
+}
+
+PrivilegedProcess::~PrivilegedProcess()
+{
+    qDebug() << "PrivilegedProcess::~PrivilegedProcess()";
+}
+
+void PrivilegedProcess::waitForFinished(int msecs)
+{
+    QSharedPointer<QEventLoop> loop(new QEventLoop);
+    connect(this, &PrivilegedProcess::finished, this, [this, loop](int exitCode, QProcess::ExitStatus exitStatus) mutable{
+        loop->quit();
+        loop.clear();
+    });
+
+    QTimer::singleShot(msecs, this, [this, loop]() mutable {
+        loop->quit();
+        loop.clear();
+    });
+
+    loop->exec();
+}
@@ -0,0 +1,24 @@
+#ifndef PRIVILEGED_PROCESS_H
+#define PRIVILEGED_PROCESS_H
+
+#include <QObject>
+
+#include "rep_ipc_process_interface_replica.h"
+// This class is dangerous - instance of this class casted from base class,
+// so it support only functions
+// Do not add any members into it
+//
+class PrivilegedProcess : public IpcProcessInterfaceReplica
+{
+    Q_OBJECT
+public:
+    PrivilegedProcess();
+    ~PrivilegedProcess() override;
+
+    void waitForFinished(int msecs);
+
+};
+
+#endif // PRIVILEGED_PROCESS_H
+
+
@@ -11,8 +11,7 @@ QString amnezia::scriptFolder(amnezia::DockerContainer container)
    case DockerContainer::Cloak: return QLatin1String("openvpn_cloak");
    case DockerContainer::ShadowSocks: return QLatin1String("openvpn_shadowsocks");
    case DockerContainer::WireGuard: return QLatin1String("wireguard");
-    case DockerContainer::Awg2: return QLatin1String("awg");
-    case DockerContainer::Awg: return QLatin1String("awg_legacy");
+    case DockerContainer::Awg: return QLatin1String("awg");
    case DockerContainer::Ipsec: return QLatin1String("ipsec");
    case DockerContainer::Xray: return QLatin1String("xray");

@@ -21,7 +21,6 @@ namespace amnezia::serialization
    namespace vless
    {
        QJsonObject Deserialize(const QString &vless, QString *alias, QString *errMessage);
-        const QString Serialize(const VlessServerObject &server, const QString &alias);
    } // namespace vless

    namespace ss
@@ -42,25 +42,6 @@ struct VMessServerObject
 };


-struct VlessServerObject
-{
-    QString address;
-    QString id;  // UUID
-    int port;
-    QString flow = "xtls-rprx-vision";
-    QString encryption = "none";
-    QString network = "tcp";
-    QString security = "reality";
-    QString serverName;  // SNI
-    QString publicKey;
-    QString shortId;
-    QString fingerprint = "chrome";
-    QString spiderX = "";
-    JSONSTRUCT_COMPARE(VlessServerObject, address, id, port, flow, encryption)
-    JSONSTRUCT_REGISTER(VlessServerObject, F(address, id, port, flow, encryption, network, security, serverName, publicKey, shortId, fingerprint, spiderX))
-};
-
-
 namespace transfer
 {

@@ -252,65 +252,5 @@ QJsonObject Deserialize(const QString &str, QString *alias, QString *errMessage)
    root["inbounds"] = QJsonArray { inbound };
    return root;
 }
-
-const QString Serialize(const VlessServerObject &server, const QString &alias)
-{
-    
-    QUrl url;
-    
-    // Set basic URL components
-    url.setScheme("vless");
-    url.setUserInfo(server.id);
-    url.setHost(server.address);
-    url.setPort(server.port);
-
-    QUrlQuery query;
-
-    if (!server.network.isEmpty() && server.network != "tcp") {
-        query.addQueryItem("type", server.network);
-    }
-    
-    if (!server.encryption.isEmpty()) {
-        query.addQueryItem("encryption", server.encryption);
-    }
-    
-    if (!server.security.isEmpty() && server.security != "none") {
-        query.addQueryItem("security", server.security);
-    }
-    
-    if (!server.flow.isEmpty() && (server.security == "xtls" || server.security == "reality")) {
-        query.addQueryItem("flow", server.flow);
-    }
-    
-    if (!server.serverName.isEmpty()) {
-        query.addQueryItem("sni", server.serverName);
-    }
-    
-    if (server.security == "reality") {
-        if (!server.fingerprint.isEmpty()) {
-            query.addQueryItem("fp", server.fingerprint);
-        }
-        
-        if (!server.publicKey.isEmpty()) {
-            query.addQueryItem("pbk", server.publicKey);
-        }
-        
-        if (!server.shortId.isEmpty()) {
-            query.addQueryItem("sid", server.shortId);
-        }
-        
-        if (!server.spiderX.isEmpty()) {
-            query.addQueryItem("spiderX", server.spiderX);
-        }
-    }
-    
-    url.setQuery(query);
-    
-    if (!alias.isEmpty()) {
-        url.setFragment(alias);
-    }
-    
-    return url.toString(QUrl::ComponentFormattingOption::FullyEncoded);
-}
-}
+} // namespace amnezia::serialization::vless

@@ -440,6 +440,18 @@ bool Daemon::parseConfig(const QJsonObject& obj, InterfaceConfig& config) {
  if (!obj.value("I5").isNull()) {
    config.m_specialJunk["I5"] = obj.value("I5").toString();
  }
+  if (!obj.value("J1").isNull()) {
+    config.m_controlledJunk["J1"] = obj.value("J1").toString();
+  }
+  if (!obj.value("J2").isNull()) {
+    config.m_controlledJunk["J2"] = obj.value("J2").toString();
+  }
+  if (!obj.value("J3").isNull()) {
+    config.m_controlledJunk["J3"] = obj.value("J3").toString();
+  }
+  if (!obj.value("Itime").isNull()) {
+    config.m_specialHandshakeTimeout = obj.value("Itime").toString();
+  }

  return true;
 }
@@ -152,6 +152,12 @@ QString InterfaceConfig::toWgConf(const QMap<QString, QString>& extra) const {
  for (const QString& key : m_specialJunk.keys()) {
    out << key << " = " << m_specialJunk[key] << "\n";
  }
+  for (const QString& key : m_controlledJunk.keys()) {
+    out << key << " = " << m_controlledJunk[key] << "\n";
+  }
+  if (!m_specialHandshakeTimeout.isNull()) {
+    out << "Itime = " << m_specialHandshakeTimeout << "\n";
+  }

  // If any extra config was provided, append it now.
  for (const QString& key : extra.keys()) {
@@ -8,7 +8,7 @@
 #include <QList>
 #include <QMap>
 #include <QString>
-#include <QMap>
+
 #include "ipaddress.h"

 class QJsonObject;
@@ -57,6 +57,8 @@ class InterfaceConfig {
  QString m_underloadPacketMagicHeader;
  QString m_transportPacketMagicHeader;
  QMap<QString, QString> m_specialJunk;
+  QMap<QString, QString> m_controlledJunk;
+  QString m_specialHandshakeTimeout;

  QJsonObject toJson() const;
  QString toWgConf(
@@ -2,7 +2,6 @@
 #include <QTimer>

 #include "amnezia_application.h"
-#include "core/osSignalHandler.h"
 #include "migrations.h"
 #include "version.h"

@@ -45,7 +44,6 @@ int main(int argc, char *argv[])
 #endif

    AmneziaApplication app(argc, argv);
-    OsSignalHandler::setup();

 #if !defined(Q_OS_ANDROID) && !defined(Q_OS_IOS) && !defined(MACOS_NE)
    if (isAnotherInstanceRunning()) {
@@ -5,9 +5,6 @@

 #include <stdint.h>

-#include <QCoreApplication>
-#include <QDateTime>
-#include <QDebug>
 #include <QDir>
 #include <QFileInfo>
 #include <QHostAddress>
@@ -15,13 +12,12 @@
 #include <QJsonDocument>
 #include <QJsonObject>
 #include <QJsonValue>
-#include <QLocalSocket>
-#include <QObject>
 #include <QStandardPaths>
-#include <QTimer>

+#include "ipaddress.h"
 #include "leakdetector.h"
 #include "logger.h"
+#include "models/server.h"
 #include "daemon/daemonerrors.h"

 #include "protocols/protocols_defs.h"
@@ -119,6 +115,7 @@ void LocalSocketController::daemonConnected() {
 }

 void LocalSocketController::activate(const QJsonObject &rawConfig) {
+
  QString protocolName = rawConfig.value("protocol").toString();

  int splitTunnelType = rawConfig.value("splitTunnelType").toInt();
@@ -135,16 +132,13 @@ void LocalSocketController::activate(const QJsonObject &rawConfig) {
  //  json.insert("hopindex", QJsonValue((double)hop.m_hopindex));
  json.insert("privateKey", wgConfig.value(amnezia::config_key::client_priv_key));
  json.insert("deviceIpv4Address", wgConfig.value(amnezia::config_key::client_ip));
-  m_deviceIpv4 = wgConfig.value(amnezia::config_key::client_ip).toString();

  // set up IPv6 unique-local-address, ULA, with "fd00::/8" prefix, not globally routable.
  // this will be default IPv6 gateway, OS recognizes that IPv6 link is local and switches to IPv4.
  // Otherwise some OSes (Linux) try IPv6 forever and hang.
  // https://en.wikipedia.org/wiki/Unique_local_address (RFC 4193)
  // https://man7.org/linux/man-pages/man5/gai.conf.5.html
-
-  // simply "dead::1" is globally-routable, don't use it
-  json.insert("deviceIpv6Address", "fd58:baa6:dead::1");
+  json.insert("deviceIpv6Address", "fd58:baa6:dead::1"); // simply "dead::1" is globally-routable, don't use it

  json.insert("serverPublicKey", wgConfig.value(amnezia::config_key::server_pub_key));
  json.insert("serverPskKey", wgConfig.value(amnezia::config_key::psk_key));
@@ -226,6 +220,7 @@ void LocalSocketController::activate(const QJsonObject &rawConfig) {

  json.insert("allowedIPAddressRanges", jsAllowedIPAddesses);

+
  QJsonArray jsExcludedAddresses;
  jsExcludedAddresses.append(wgConfig.value(amnezia::config_key::hostName));
  if (splitTunnelType == 2) {
@@ -260,33 +255,50 @@ void LocalSocketController::activate(const QJsonObject &rawConfig) {
    json.insert(amnezia::config_key::specialJunk3, wgConfig.value(amnezia::config_key::specialJunk3));
    json.insert(amnezia::config_key::specialJunk4, wgConfig.value(amnezia::config_key::specialJunk4));
    json.insert(amnezia::config_key::specialJunk5, wgConfig.value(amnezia::config_key::specialJunk5));
+    json.insert(amnezia::config_key::controlledJunk1, wgConfig.value(amnezia::config_key::controlledJunk1));
+    json.insert(amnezia::config_key::controlledJunk2, wgConfig.value(amnezia::config_key::controlledJunk2));
+    json.insert(amnezia::config_key::controlledJunk3, wgConfig.value(amnezia::config_key::controlledJunk3));
+    json.insert(amnezia::config_key::specialHandshakeTimeout, wgConfig.value(amnezia::config_key::specialHandshakeTimeout));
  } else if (!wgConfig.value(amnezia::config_key::junkPacketCount).isUndefined()
             && !wgConfig.value(amnezia::config_key::junkPacketMinSize).isUndefined()
             && !wgConfig.value(amnezia::config_key::junkPacketMaxSize).isUndefined()
             && !wgConfig.value(amnezia::config_key::initPacketJunkSize).isUndefined()
             && !wgConfig.value(amnezia::config_key::responsePacketJunkSize).isUndefined()
-             && !wgConfig.value(amnezia::config_key::cookieReplyPacketJunkSize).isUndefined()
-             && !wgConfig.value(amnezia::config_key::transportPacketJunkSize).isUndefined()
+             // && !wgConfig.value(amnezia::config_key::cookieReplyPacketJunkSize).isUndefined()
+             // && !wgConfig.value(amnezia::config_key::transportPacketJunkSize).isUndefined()
             && !wgConfig.value(amnezia::config_key::initPacketMagicHeader).isUndefined()
             && !wgConfig.value(amnezia::config_key::responsePacketMagicHeader).isUndefined()
             && !wgConfig.value(amnezia::config_key::underloadPacketMagicHeader).isUndefined()
-             && !wgConfig.value(amnezia::config_key::transportPacketMagicHeader).isUndefined()) {
+             && !wgConfig.value(amnezia::config_key::transportPacketMagicHeader).isUndefined()
+/*             && !wgConfig.value(amnezia::config_key::specialJunk1).isUndefined()
+             && !wgConfig.value(amnezia::config_key::specialJunk2).isUndefined()
+             && !wgConfig.value(amnezia::config_key::specialJunk3).isUndefined()
+             && !wgConfig.value(amnezia::config_key::specialJunk4).isUndefined()
+             && !wgConfig.value(amnezia::config_key::specialJunk5).isUndefined()
+             && !wgConfig.value(amnezia::config_key::controlledJunk1).isUndefined()
+             && !wgConfig.value(amnezia::config_key::controlledJunk2).isUndefined()
+             && !wgConfig.value(amnezia::config_key::controlledJunk3).isUndefined()
+             && !wgConfig.value(amnezia::config_key::specialHandshakeTimeout).isUndefined()*/) {
    json.insert(amnezia::config_key::junkPacketCount, wgConfig.value(amnezia::config_key::junkPacketCount));
    json.insert(amnezia::config_key::junkPacketMinSize, wgConfig.value(amnezia::config_key::junkPacketMinSize));
    json.insert(amnezia::config_key::junkPacketMaxSize, wgConfig.value(amnezia::config_key::junkPacketMaxSize));
    json.insert(amnezia::config_key::initPacketJunkSize, wgConfig.value(amnezia::config_key::initPacketJunkSize));
    json.insert(amnezia::config_key::responsePacketJunkSize, wgConfig.value(amnezia::config_key::responsePacketJunkSize));
-    json.insert(amnezia::config_key::cookieReplyPacketJunkSize, wgConfig.value(amnezia::config_key::cookieReplyPacketJunkSize));
-    json.insert(amnezia::config_key::transportPacketJunkSize, wgConfig.value(amnezia::config_key::transportPacketJunkSize));
+    // json.insert(amnezia::config_key::cookieReplyPacketJunkSize, wgConfig.value(amnezia::config_key::cookieReplyPacketJunkSize));
+    // json.insert(amnezia::config_key::transportPacketJunkSize, wgConfig.value(amnezia::config_key::transportPacketJunkSize));
    json.insert(amnezia::config_key::initPacketMagicHeader, wgConfig.value(amnezia::config_key::initPacketMagicHeader));
    json.insert(amnezia::config_key::responsePacketMagicHeader, wgConfig.value(amnezia::config_key::responsePacketMagicHeader));
    json.insert(amnezia::config_key::underloadPacketMagicHeader, wgConfig.value(amnezia::config_key::underloadPacketMagicHeader));
    json.insert(amnezia::config_key::transportPacketMagicHeader, wgConfig.value(amnezia::config_key::transportPacketMagicHeader));
-    json.insert(amnezia::config_key::specialJunk1, wgConfig.value(amnezia::config_key::specialJunk1));
-    json.insert(amnezia::config_key::specialJunk2, wgConfig.value(amnezia::config_key::specialJunk2));
-    json.insert(amnezia::config_key::specialJunk3, wgConfig.value(amnezia::config_key::specialJunk3));
-    json.insert(amnezia::config_key::specialJunk4, wgConfig.value(amnezia::config_key::specialJunk4));
-    json.insert(amnezia::config_key::specialJunk5, wgConfig.value(amnezia::config_key::specialJunk5));
+    // json.insert(amnezia::config_key::specialJunk1, wgConfig.value(amnezia::config_key::specialJunk1));
+    // json.insert(amnezia::config_key::specialJunk2, wgConfig.value(amnezia::config_key::specialJunk2));
+    // json.insert(amnezia::config_key::specialJunk3, wgConfig.value(amnezia::config_key::specialJunk3));
+    // json.insert(amnezia::config_key::specialJunk4, wgConfig.value(amnezia::config_key::specialJunk4));
+    // json.insert(amnezia::config_key::specialJunk5, wgConfig.value(amnezia::config_key::specialJunk5));
+    // json.insert(amnezia::config_key::controlledJunk1, wgConfig.value(amnezia::config_key::controlledJunk1));
+    // json.insert(amnezia::config_key::controlledJunk2, wgConfig.value(amnezia::config_key::controlledJunk2));
+    // json.insert(amnezia::config_key::controlledJunk3, wgConfig.value(amnezia::config_key::controlledJunk3));
+    // json.insert(amnezia::config_key::specialHandshakeTimeout, wgConfig.value(amnezia::config_key::specialHandshakeTimeout));
  }

  write(json);
@@ -437,7 +449,6 @@ void LocalSocketController::parseCommand(const QByteArray& command) {
  }

  if (type == "status") {
-
    QJsonValue serverIpv4Gateway = obj.value("serverIpv4Gateway");
    if (!serverIpv4Gateway.isString()) {
      logger.error() << "Unexpected serverIpv4Gateway value";
@@ -482,11 +493,6 @@ void LocalSocketController::parseCommand(const QByteArray& command) {

    logger.debug() << "Handshake completed with:"
                   << pubkey.toString();
-
-    checkStatus();
-
-    emit statusUpdated("", m_deviceIpv4, 0, 0);
-
    emit connected(pubkey.toString());
    return;
  }
@@ -12,7 +12,6 @@

 #include "controllerimpl.h"

-
 class QJsonObject;

 class LocalSocketController final : public ControllerImpl {
@@ -59,7 +58,6 @@ class LocalSocketController final : public ControllerImpl {

  QByteArray m_buffer;

-  QString m_deviceIpv4;
  std::function<void(const QString&)> m_logCallback = nullptr;

  QTimer m_initializingTimer;
@@ -11,6 +11,7 @@
 #include "logger.h"
 //#include "mozillavpn.h"
 #include "networkwatcherimpl.h"
+#include "platforms/dummy/dummynetworkwatcher.h"
 //#include "settingsholder.h"

 #ifdef MZ_WINDOWS
@@ -50,7 +51,7 @@ NetworkWatcher::NetworkWatcher() { MZ_COUNT_CTOR(NetworkWatcher); }
 NetworkWatcher::~NetworkWatcher() { MZ_COUNT_DTOR(NetworkWatcher); }

 void NetworkWatcher::initialize() {
-  logger.debug() << "Initialize NetworkWatcher";
+  logger.debug() << "Initialize";

 #if defined(MZ_WINDOWS)
  m_impl = new WindowsNetworkWatcher(this);
@@ -68,39 +69,59 @@ void NetworkWatcher::initialize() {
  m_impl = new DummyNetworkWatcher(this);
 #endif

-
  connect(m_impl, &NetworkWatcherImpl::unsecuredNetwork, this,
          &NetworkWatcher::unsecuredNetwork);
  connect(m_impl, &NetworkWatcherImpl::networkChanged, this,
-          &NetworkWatcher::networkChanged);
-  connect(m_impl, &NetworkWatcherImpl::wakeup, this,
-          &NetworkWatcher::wakeup);
+          &NetworkWatcher::networkChange);
+
  m_impl->initialize();

-  // Enable sleep/wake monitoring for VPN auto-reconnection
-  logger.debug() << "Starting NetworkWatcher for sleep/wake monitoring";
-  logger.debug() << "About to call m_impl->start()";
-  try {
+
+// TODO: IMPL FOR AMNEZIA
+#if 0
+  SettingsHolder* settingsHolder = SettingsHolder::instance();
+  Q_ASSERT(settingsHolder);
+
+  m_active = settingsHolder->unsecuredNetworkAlert() ||
+             settingsHolder->captivePortalAlert();
+  m_reportUnsecuredNetwork = settingsHolder->unsecuredNetworkAlert();
+  if (m_active) {
    m_impl->start();
-    logger.debug() << "m_impl->start() completed successfully";
-  } catch (const std::exception& e) {
-    logger.error() << "Exception in m_impl->start():" << e.what();
-  } catch (...) {
-    logger.error() << "Unknown exception in m_impl->start()";
  }
-  m_active = true;
-  m_reportUnsecuredNetwork = false; // Disable unsecured network alerts for Amnezia
+
+  connect(settingsHolder, &SettingsHolder::unsecuredNetworkAlertChanged, this,
+          &NetworkWatcher::settingsChanged);
+  connect(settingsHolder, &SettingsHolder::captivePortalAlertChanged, this,
+          &NetworkWatcher::settingsChanged);
+
+#endif
 }

 void NetworkWatcher::settingsChanged() {
-  // For Amnezia: Keep NetworkWatcher always active for sleep/wake monitoring
-  logger.debug() << "NetworkWatcher settings changed - keeping sleep monitoring active";
+// TODO: IMPL FOR AMNEZIA
+#if 0
+  SettingsHolder* settingsHolder = SettingsHolder::instance();
+  m_active = settingsHolder->unsecuredNetworkAlert() ||
+             settingsHolder->captivePortalAlert();
+  m_reportUnsecuredNetwork = settingsHolder->unsecuredNetworkAlert();
+
+  if (m_active) {
+    logger.debug()
+        << "Starting Network Watcher; Reporting of Unsecured Networks: "
+        << m_reportUnsecuredNetwork;
+    m_impl->start();
+  } else {
+    logger.debug() << "Stopping Network Watcher";
+    m_impl->stop();
+  }
+#endif
 }

 void NetworkWatcher::unsecuredNetwork(const QString& networkName,
                                      const QString& networkId) {
  logger.debug() << "Unsecured network:" << logger.sensitive(networkName)
                 << "id:" << logger.sensitive(networkId);
+
 #ifndef UNIT_TEST
  if (!m_reportUnsecuredNetwork) {
    logger.debug() << "Disabled. Ignoring unsecured network";
@@ -32,8 +32,7 @@ public:
    QNetworkInformation::Reachability getReachability();

 signals:
-    void networkChanged();
-    void wakeup();
+    void networkChange();

 private:
    void settingsChanged();
@@ -41,8 +41,6 @@ signals:
    // TODO: Only windows-networkwatcher has this, the other plattforms should
    // too.
    void networkChanged(QString newBSSID);
-    void wakeup();
-

 private:
    bool m_active = false;
@@ -41,7 +41,6 @@ void PingHelper::start(const QString& serverIpv4Gateway,

  m_gateway = QHostAddress(serverIpv4Gateway);
  m_source = QHostAddress(deviceIpv4Address.section('/', 0, 0));
-
  m_pingSender = PingSenderFactory::create(m_source, this);

  // Some platforms require root access to send and receive ICMP pings. If
@@ -54,10 +53,8 @@ void PingHelper::start(const QString& serverIpv4Gateway,

  connect(m_pingSender, &PingSender::recvPing, this, &PingHelper::pingReceived,
          Qt::QueuedConnection);
-  connect(m_pingSender, &PingSender::criticalPingError, this, [this]() {
-        logger.info() << "Encountered Unrecoverable ping error";
-      emit connectionLose();
-  });
+  connect(m_pingSender, &PingSender::criticalPingError, this,
+          []() { logger.info() << "Encountered Unrecoverable ping error"; });

  // Reset the ping statistics
  m_sequence = 0;
@@ -33,8 +33,6 @@ class PingHelper final : public QObject {

 signals:
  void pingSentAndReceived(qint64 msec);
-  void connectionLose();
-

 private:
  void nextPing();
@@ -5,26 +5,27 @@
 #include "pingsenderfactory.h"

 #if defined(MZ_LINUX) || defined(MZ_ANDROID)
-    #  include "platforms/linux/linuxpingsender.h"
+//#  include "platforms/linux/linuxpingsender.h"
 #elif defined(MZ_MACOS) || defined(MZ_IOS)
-    #  include "platforms/macos/macospingsender.h"
+#  include "platforms/macos/macospingsender.h"
 #elif defined(MZ_WINDOWS)
-    #  include "platforms/windows/windowspingsender.h"
-#elif defined(MZ_WASM) || defined(UNIT_TEST)
-    #  include "platforms/dummy/dummypingsender.h"
+#  include "platforms/windows/windowspingsender.h"
+#elif defined(MZ_DUMMY) || defined(UNIT_TEST)
+#  include "platforms/dummy/dummypingsender.h"
 #else
-    #  error "Unsupported platform"
+#  error "Unsupported platform"
 #endif

 PingSender* PingSenderFactory::create(const QHostAddress& source,
                                      QObject* parent) {
 #if defined(MZ_LINUX) || defined(MZ_ANDROID)
-    return new LinuxPingSender(source, parent);
+    return nullptr;
+    //  return new LinuxPingSender(source, parent);
 #elif defined(MZ_MACOS) || defined(MZ_IOS)
-    return new MacOSPingSender(source, parent);
+  return new MacOSPingSender(source, parent);
 #elif defined(MZ_WINDOWS)
-    return new WindowsPingSender(source, parent);
+  return new WindowsPingSender(source, parent);
 #else
-    return new DummyPingSender(source, parent);
+  return new DummyPingSender(source, parent);
 #endif
 }
@@ -10,10 +10,9 @@ class QHostAddress;
 class QObject;

 class PingSenderFactory final {
-public:
-    PingSenderFactory() = delete;
-    static PingSender* create(const QHostAddress& source, QObject* parent);
+ public:
+  PingSenderFactory() = delete;
+  static PingSender* create(const QHostAddress& source, QObject* parent);
 };

-
 #endif  // PINGSENDERFACTORY_H
@@ -101,9 +101,7 @@ bool AndroidController::initialize()
        {"onAuthResult", "(Z)V", reinterpret_cast<void *>(onAuthResult)},
        {"decodeQrCode", "(Ljava/lang/String;)Z", reinterpret_cast<bool *>(decodeQrCode)},
        {"onImeInsetsChanged", "(I)V", reinterpret_cast<void *>(onImeInsetsChanged)},
-        {"onSystemBarsInsetsChanged", "(II)V", reinterpret_cast<void *>(onSystemBarsInsetsChanged)},
-        {"onActivityPaused", "()V", reinterpret_cast<void *>(onActivityPaused)},
-        {"onActivityResumed", "()V", reinterpret_cast<void *>(onActivityResumed)}
+        {"onSystemBarsInsetsChanged", "(II)V", reinterpret_cast<void *>(onSystemBarsInsetsChanged)}
    };

    QJniEnvironment env;
@@ -560,22 +558,3 @@ void AndroidController::onSystemBarsInsetsChanged(JNIEnv *env, jobject thiz, jin
    emit AndroidController::instance()->systemBarsInsetsChanged(navBarHeightDp, statusBarHeightDp);
 }

-// static
-void AndroidController::onActivityPaused(JNIEnv *env, jobject thiz)
-{
-    Q_UNUSED(env);
-    Q_UNUSED(thiz);
-
-    emit AndroidController::instance()->activityPaused();
-}
-
-// static
-void AndroidController::onActivityResumed(JNIEnv *env, jobject thiz)
-{
-    Q_UNUSED(env);
-    Q_UNUSED(thiz);
-
-    emit AndroidController::instance()->activityResumed();
-}
-
-
@@ -75,8 +75,6 @@ signals:
    void authenticationResult(bool result);
    void imeInsetsChanged(int heightDp);
    void systemBarsInsetsChanged(int navBarHeightDp, int statusBarHeightDp);
-    void activityPaused();
-    void activityResumed();

 private:
    bool isWaitingStatus = true;
@@ -107,8 +105,6 @@ private:
    static bool decodeQrCode(JNIEnv *env, jobject thiz, jstring data);
    static void onImeInsetsChanged(JNIEnv *env, jobject thiz, jint heightDp);
    static void onSystemBarsInsetsChanged(JNIEnv *env, jobject thiz, jint navBarHeightDp, jint statusBarHeightDp);
-    static void onActivityPaused(JNIEnv *env, jobject thiz);
-    static void onActivityResumed(JNIEnv *env, jobject thiz);

    template <typename Ret, typename ...Args>
    static auto callActivityMethod(const char *methodName, const char *signature, Args &&...args);
@@ -126,11 +126,12 @@ extension PacketTunnelProvider {
        }

        vpnReachability.startTracking { [weak self] status in
-            self?.handleOpenVPNReachabilityChange(status)
+            guard status == .reachableViaWiFi else { return }
+            self?.ovpnAdapter?.reconnect(afterTimeInterval: 5)
        }

        startHandler = completionHandler
-        ovpnAdapter?.connect(using: openVPNPacketFlow())
+        ovpnAdapter?.connect(using: packetFlow)
    }

    func handleOpenVPNStatusMessage(_ messageData: Data, completionHandler: ((Data?) -> Void)? = nil) {
@@ -152,7 +153,7 @@ extension PacketTunnelProvider {
    }

    func stopOpenVPN(with reason: NEProviderStopReason, completionHandler: @escaping () -> Void) {
-        ovpnLog(.info, message: "Stopping tunnel: reason: \(reason.amneziaDescription)")
+        ovpnLog(.info, message: "Stopping tunnel: reason: \(reason.description)")

        stopHandler = completionHandler
        if vpnReachability.isTracking {
@@ -292,3 +293,5 @@ extension PacketTunnelProvider: OpenVPNAdapterDelegate {
        ovpnLog(.info, message: logMessage)
    }
 }
+
+extension NEPacketTunnelFlow: OpenVPNAdapterPacketFlow {}
@@ -94,24 +94,15 @@ extension PacketTunnelProvider {
            }
        } catch {
            wg_log(.error, message: "Can't parse WG config: \(error.localizedDescription)")
-            errorNotifier.notify(PacketTunnelProviderError.savedProtocolConfigurationIsInvalid)
-            completionHandler(PacketTunnelProviderError.savedProtocolConfigurationIsInvalid)
+            completionHandler(nil)
            return
        }
    }

    func handleWireguardStatusMessage(_ messageData: Data, completionHandler: ((Data?) -> Void)? = nil) {
        guard let completionHandler = completionHandler else { return }
-        guard let wgAdapter = wgAdapter else {
-            completionHandler(nil)
-            return
-        }
-        wgAdapter.getRuntimeConfiguration { settings in
-            guard let settings = settings else {
-                completionHandler(nil)
-                return
-            }
-            let components = settings.components(separatedBy: "\n")
+        wgAdapter?.getRuntimeConfiguration { settings in
+            let components = settings!.components(separatedBy: "\n")

            var settingsDictionary: [String: String] = [:]
            for component in components {
@@ -140,7 +131,7 @@ extension PacketTunnelProvider {
        }
    }

-    func handleWireguardAppMessage(_ messageData: Data, completionHandler: ((Data?) -> Void)? = nil) {
+    private func handleWireguardAppMessage(_ messageData: Data, completionHandler: ((Data?) -> Void)? = nil) {
        guard let completionHandler = completionHandler else { return }
        if messageData.count == 1 && messageData[0] == 0 {
            wgAdapter?.getRuntimeConfiguration { settings in
@@ -185,7 +176,7 @@ extension PacketTunnelProvider {
    }

    func stopWireguard(with reason: NEProviderStopReason, completionHandler: @escaping () -> Void) {
-        wg_log(.info, message: "Stopping tunnel: reason: \(reason.amneziaDescription)")
+        wg_log(.info, message: "Stopping tunnel: reason: \(reason.description)")

        wgAdapter?.stop { error in
            ErrorNotifier.removeLastErrorFile()
@@ -1,5 +1,6 @@
 import Foundation
 import NetworkExtension
+import WireGuardKitGo

 enum XrayErrors: Error {
    case noXrayConfig
@@ -21,44 +22,6 @@ extension Constants {
 }

 extension PacketTunnelProvider {
-    private func applyXraySplitTunnel(_ xrayConfig: XrayConfig,
-                                      settings: NEPacketTunnelNetworkSettings) {
-        guard let splitTunnelType = xrayConfig.splitTunnelType else {
-            return
-        }
-
-        guard let splitTunnelSites = xrayConfig.splitTunnelSites else {
-            xrayLog(.error, message: "Split tunnel sites are not set")
-            return
-        }
-
-        if splitTunnelType == 1 {
-            var ipv4IncludedRoutes = [NEIPv4Route]()
-
-            for allowedIPString in splitTunnelSites {
-                if let allowedIP = IPAddressRange(from: allowedIPString) {
-                    ipv4IncludedRoutes.append(NEIPv4Route(
-                        destinationAddress: "\(allowedIP.address)",
-                        subnetMask: "\(allowedIP.subnetMask())"))
-                }
-            }
-
-            settings.ipv4Settings?.includedRoutes = ipv4IncludedRoutes
-        } else if splitTunnelType == 2 {
-            var ipv4ExcludedRoutes = [NEIPv4Route]()
-
-            for excludedIPString in splitTunnelSites {
-                if let excludedIP = IPAddressRange(from: excludedIPString) {
-                    ipv4ExcludedRoutes.append(NEIPv4Route(
-                        destinationAddress: "\(excludedIP.address)",
-                        subnetMask: "\(excludedIP.subnetMask())"))
-                }
-            }
-
-            settings.ipv4Settings?.excludedRoutes = ipv4ExcludedRoutes
-        }
-    }
-
    func startXray(completionHandler: @escaping (Error?) -> Void) {

        // Xray configuration
@@ -110,7 +73,6 @@ extension PacketTunnelProvider {
            settings.dnsSettings = !dnsArray.isEmpty
            ? NEDNSSettings(servers: dnsArray)
            : NEDNSSettings(servers: ["1.1.1.1"])
-            applyXraySplitTunnel(xrayConfig, settings: settings)

            let xrayConfigData = xrayConfig.config.data(using: .utf8)

@@ -146,8 +108,6 @@ extension PacketTunnelProvider {
                    return
                }

-                self?.updateActiveInterfaceIndexForCurrentPath()
-
                // Launch xray
                self?.setupAndStartXray(configData: updatedData) { xrayError in
                    if let xrayError {
@@ -174,15 +134,6 @@ extension PacketTunnelProvider {
        completionHandler()
    }

-    func sockCallback(fd: uintptr_t) {
-        if activeIfaceIdx != 0 {
-            withUnsafePointer(to: activeIfaceIdx) { ptr in
-                setsockopt(Int32(fd), IPPROTO_IP, IP_BOUND_IF, ptr, socklen_t(MemoryLayout<UInt32>.size))
-                setsockopt(Int32(fd), IPPROTO_IPV6, IPV6_BOUND_IF, ptr, socklen_t(MemoryLayout<UInt32>.size))
-            }
-        }
-    }
-
    private func setupAndStartXray(configData: Data,
                                   completionHandler: @escaping (Error?) -> Void) {
        let path = Constants.cachesDirectory.appendingPathComponent("config.json", isDirectory: false).path
@@ -192,17 +143,6 @@ extension PacketTunnelProvider {
            return
        }

-        updateActiveInterfaceIndexForCurrentPath()
-
-        let ctx = Unmanaged.passUnretained(self).toOpaque()
-        let cb: libxray_sockcallback = { (fd, ctx) in
-            guard let ctx = ctx else { return }
-            let instance = Unmanaged<PacketTunnelProvider>.fromOpaque(ctx).takeUnretainedValue()
-
-            instance.sockCallback(fd: fd)
-        }
-        LibXraySetSockCallback(cb, ctx)
-
        LibXrayRunXray(nil,
                       path,
                       Int64.max)
@@ -1,6 +1,5 @@
 import Foundation
 import NetworkExtension
-import Network
 import os
 import Darwin
 import OpenVPNAdapter
@@ -39,17 +38,6 @@ struct Constants {
 class PacketTunnelProvider: NEPacketTunnelProvider {
    var wgAdapter: WireGuardAdapter?
    var ovpnAdapter: OpenVPNAdapter?
-    private lazy var openVPNPacketFlowAdapter = PacketTunnelFlowAdapter(flow: packetFlow)
-    private let pathMonitorQueue = DispatchQueue(label: Constants.processQueueName + ".path-monitor")
-    private let networkChangeQueue = DispatchQueue(label: Constants.processQueueName + ".network-change")
-    private let pathMonitor = NWPathMonitor()
-    private var didReceiveInitialPathUpdate = false
-    private var currentPath: Network.NWPath?
-    private var currentPathSignature: String?
-    private var pendingOpenVPNReconnectWorkItem: DispatchWorkItem?
-    private var pendingNetworkChangeWorkItem: DispatchWorkItem?
-    private var isApplyingNetworkChange = false
-    private var lastOpenVPNReachabilityStatus: OpenVPNReachabilityStatus?

    var splitTunnelType: Int?
    var splitTunnelSites: [String]?
@@ -59,98 +47,8 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
    var startHandler: ((Error?) -> Void)?
    var stopHandler: (() -> Void)?
    var protoType: TunnelProtoType?
-    
-    var activeIfaceIdx: UInt32 = 0
-
-    func openVPNPacketFlow() -> OpenVPNAdapterPacketFlow {
-        openVPNPacketFlowAdapter
-    }
-
-    override init() {
-        super.init()
-        pathMonitor.pathUpdateHandler = { [weak self] path in
-            guard let self else { return }
-            self.currentPath = path
-            let signature = self.pathSignature(for: path)
-            let hasMeaningfulChange = self.currentPathSignature != signature
-            self.currentPathSignature = signature
-            self.updateActiveInterfaceIndex(for: path)
-
-            guard self.didReceiveInitialPathUpdate else {
-                self.didReceiveInitialPathUpdate = true
-                return
-            }
-
-            guard hasMeaningfulChange, let proto = self.protoType else { return }
-
-            // WireGuard/AWG manages network changes internally in its own adapter.
-            if proto == .wireguard {
-                return
-            }
-
-            if proto == .openvpn {
-                self.scheduleOpenVPNReconnect(reason: "NWPath changed")
-                return
-            }
-
-            if self.isApplyingNetworkChange || self.reasserting {
-                xrayLog(.debug, message: "Ignoring path change while xray restart is in progress")
-                return
-            }
-
-            self.scheduleNetworkChangeHandling(for: proto, path: path)
-        }
-        pathMonitor.start(queue: pathMonitorQueue)
-
-        currentPath = pathMonitor.currentPath
-        currentPathSignature = pathSignature(for: pathMonitor.currentPath)
-    }
-
-    func updateActiveInterfaceIndex(for path: Network.NWPath?) {
-        guard let path else {
-            activeIfaceIdx = 0
-            return
-        }
-
-        let preferredTypes: [NWInterface.InterfaceType] = [.wiredEthernet, .wifi, .cellular, .other]
-
-        let nonLoopbackInterfaces = path.availableInterfaces.filter { $0.type != .loopback }
-        let activeInterfaces = nonLoopbackInterfaces.filter { path.usesInterfaceType($0.type) }
-
-        let candidate = preferredTypes.compactMap { type in
-            activeInterfaces.first { $0.type == type }
-        }.first ?? activeInterfaces.first ?? nonLoopbackInterfaces.first
-
-        if let candidate {
-            activeIfaceIdx = UInt32(candidate.index)
-        } else {
-            activeIfaceIdx = 0
-        }
-    }
-
-    func updateActiveInterfaceIndexForCurrentPath() {
-        if let currentPath {
-            currentPathSignature = pathSignature(for: currentPath)
-            updateActiveInterfaceIndex(for: currentPath)
-            return
-        }
-
-        currentPath = pathMonitor.currentPath
-        currentPathSignature = pathSignature(for: pathMonitor.currentPath)
-        updateActiveInterfaceIndex(for: pathMonitor.currentPath)
-    }

  override func handleAppMessage(_ messageData: Data, completionHandler: ((Data?) -> Void)? = nil) {
-      if messageData.count == 1 && messageData[0] == 0 {
-          guard let completionHandler else { return }
-          if protoType == .wireguard {
-              handleWireguardAppMessage(messageData, completionHandler: completionHandler)
-          } else {
-              completionHandler(nil)
-          }
-          return
-      }
-
      guard let message = String(data: messageData, encoding: .utf8) else {
          if let completionHandler {
              completionHandler(nil)
@@ -161,10 +59,6 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
      neLog(.info, title: "App said: ", message: message)

      guard let message = try? JSONSerialization.jsonObject(with: messageData, options: []) as? [String: Any] else {
-          if protoType == .wireguard {
-              handleWireguardAppMessage(messageData, completionHandler: completionHandler)
-              return
-          }
          neLog(.error, message: "Failed to serialize message from app")
          return
      }
@@ -210,11 +104,6 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
            return
        }

-        cancelPendingOpenVPNReconnect()
-        cancelPendingNetworkChangeHandling()
-        didReceiveInitialPathUpdate = false
-        updateActiveInterfaceIndexForCurrentPath()
-
        switch protoType {
        case .wireguard:
            startWireguard(activationAttemptId: activationAttemptId,
@@ -230,9 +119,6 @@ class PacketTunnelProvider: NEPacketTunnelProvider {

  
    override func stopTunnel(with reason: NEProviderStopReason, completionHandler: @escaping () -> Void) {
-        cancelPendingOpenVPNReconnect()
-        cancelPendingNetworkChangeHandling()
-
        guard let protoType else {
            completionHandler()
            return
@@ -271,168 +157,25 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
                               of object: Any?,
                               change: [NSKeyValueChangeKey: Any]?,
                               context: UnsafeMutableRawPointer?) {
-        guard Constants.kDefaultPathKey == keyPath else {
+        guard Constants.kDefaultPathKey != keyPath else { return }
+        // Since iOS 11, we have observed that this KVO event fires repeatedly when connecting over Wifi,
+        // even though the underlying network has not changed (i.e. `isEqualToPath` returns false),
+        // leading to "wakeup crashes" due to excessive network activity. Guard against false positives by
+        // comparing the paths' string description, which includes properties not exposed by the class
+        guard let lastPath: NWPath = change?[.oldKey] as? NWPath,
+              let defPath = defaultPath,
+              lastPath != defPath || lastPath.description != defPath.description else {
            return
        }
+        DispatchQueue.main.async { [weak self] in
+            guard let self, self.defaultPath != nil else { return }
+            self.handle(networkChange: self.defaultPath!) { _ in }
+        }
    }
  
-    private func handle(networkChange changePath: Network.NWPath, completion: @escaping (Error?) -> Void) {
-        guard protoType == .xray else {
-            updateActiveInterfaceIndex(for: changePath)
-            completion(nil)
-            return
-        }
-
-        updateActiveInterfaceIndex(for: changePath)
-        reasserting = true
-        xrayLog(.info, message: "Applying network change to xray tunnel")
-        stopXray { }
-        startXray { [weak self] error in
-            self?.reasserting = false
-            completion(error)
-        }
-    }
-
-    private func scheduleNetworkChangeHandling(for proto: TunnelProtoType, path: Network.NWPath) {
-        guard proto == .xray else { return }
-
-        pendingNetworkChangeWorkItem?.cancel()
-
-        let workItem = DispatchWorkItem { [weak self] in
-            guard let self else { return }
-            self.pendingNetworkChangeWorkItem = nil
-
-            if self.isApplyingNetworkChange || self.reasserting {
-                xrayLog(.debug, message: "Skipping network change while restart is already in progress")
-                return
-            }
-
-            self.isApplyingNetworkChange = true
-            DispatchQueue.main.async {
-                self.handle(networkChange: path) { [weak self] _ in
-                    self?.networkChangeQueue.async {
-                        self?.isApplyingNetworkChange = false
-                    }
-                }
-            }
-        }
-
-        pendingNetworkChangeWorkItem = workItem
-        networkChangeQueue.asyncAfter(deadline: .now() + 1.0, execute: workItem)
-    }
-
-    private func scheduleOpenVPNReconnect(reason: String) {
-        guard protoType == .openvpn else { return }
-
-        pendingOpenVPNReconnectWorkItem?.cancel()
-
-        let workItem = DispatchWorkItem { [weak self] in
-            guard let self else { return }
-            self.pendingOpenVPNReconnectWorkItem = nil
-
-            guard self.protoType == .openvpn else { return }
-
-            if self.reasserting {
-                ovpnLog(.debug, message: "Skipping OpenVPN reconnect while session is already reasserting")
-                return
-            }
-
-            DispatchQueue.main.async { [weak self] in
-                guard let self else { return }
-                guard !self.reasserting else {
-                    ovpnLog(.debug, message: "Skipping OpenVPN reconnect while session is already reasserting")
-                    return
-                }
-
-                ovpnLog(.info, message: "\(reason), reconnecting OpenVPN session")
-                self.ovpnAdapter?.reconnect(afterTimeInterval: 1)
-            }
-        }
-
-        pendingOpenVPNReconnectWorkItem = workItem
-        networkChangeQueue.asyncAfter(deadline: .now() + 1.0, execute: workItem)
-    }
-
-    func handleOpenVPNReachabilityChange(_ status: OpenVPNReachabilityStatus) {
-        defer { lastOpenVPNReachabilityStatus = status }
-
-        guard let previousStatus = lastOpenVPNReachabilityStatus else {
-            return
-        }
-
-        guard previousStatus != status else {
-            return
-        }
-
-        switch status {
-        case .reachableViaWiFi, .reachableViaWWAN:
-            scheduleOpenVPNReconnect(reason: "Reachability changed")
-        default:
-            break
-        }
-    }
-
-    private func cancelPendingOpenVPNReconnect() {
-        pendingOpenVPNReconnectWorkItem?.cancel()
-        pendingOpenVPNReconnectWorkItem = nil
-        lastOpenVPNReachabilityStatus = nil
-    }
-
-    private func cancelPendingNetworkChangeHandling() {
-        pendingNetworkChangeWorkItem?.cancel()
-        pendingNetworkChangeWorkItem = nil
-        isApplyingNetworkChange = false
-    }
-}
-
-private extension PacketTunnelProvider {
-    func pathSignature(for path: Network.NWPath) -> String {
-        var signatureComponents = [String(describing: path.status)]
-        signatureComponents.append(path.isExpensive ? "exp" : "noexp")
-        signatureComponents.append(path.isConstrained ? "con" : "nocon")
-
-        // Ignore loopback and tunnel-style `.other` interfaces so Xray does not
-        // react to its own utun lifecycle as if the physical uplink changed.
-        let preferredTypes: [NWInterface.InterfaceType] = [.wiredEthernet, .wifi, .cellular]
-        let externalInterfaces = path.availableInterfaces.filter { interface in
-            interface.type == .wiredEthernet || interface.type == .wifi || interface.type == .cellular
-        }
-
-        let sortedInterfaces = externalInterfaces.sorted { lhs, rhs in
-            if lhs.type == rhs.type {
-                return lhs.index < rhs.index
-            }
-
-            let lhsOrder = preferredTypes.firstIndex(of: lhs.type) ?? preferredTypes.count
-            let rhsOrder = preferredTypes.firstIndex(of: rhs.type) ?? preferredTypes.count
-
-            if lhsOrder == rhsOrder {
-                return lhs.index < rhs.index
-            }
-
-            return lhsOrder < rhsOrder
-        }
-
-        for interface in sortedInterfaces {
-            let typeName: String
-            switch interface.type {
-            case .wiredEthernet: typeName = "ethernet"
-            case .wifi: typeName = "wifi"
-            case .cellular: typeName = "cellular"
-            case .loopback, .other:
-                continue
-            @unknown default: typeName = "unknown"
-            }
-            signatureComponents.append("\(typeName):\(interface.index)")
-        }
-
-        // Include currently used interface preference ordering
-        for type in preferredTypes {
-            let usesType = path.usesInterfaceType(type)
-            signatureComponents.append("uses-\(type):\(usesType)")
-        }
-
-        return signatureComponents.joined(separator: "|")
+    private func handle(networkChange changePath: NWPath, completion: @escaping (Error?) -> Void) {
+        wg_log(.info, message: "Tunnel restarted.")
+        startTunnel(options: nil, completionHandler: completion)
    }
 }

@@ -447,27 +190,8 @@ extension WireGuardLogLevel {
  }
 }

-final class PacketTunnelFlowAdapter: NSObject, OpenVPNAdapterPacketFlow {
-  private let flow: NEPacketTunnelFlow
-
-  init(flow: NEPacketTunnelFlow) {
-    self.flow = flow
-    super.init()
-  }
-
-  @objc(readPacketsWithCompletionHandler:)
-  func readPackets(completionHandler: @escaping ([Data], [NSNumber]) -> Void) {
-    flow.readPackets(completionHandler: completionHandler)
-  }
-
-  @objc(writePackets:withProtocols:)
-  func writePackets(_ packets: [Data], withProtocols protocols: [NSNumber]) -> Bool {
-    flow.writePackets(packets, withProtocols: protocols)
-  }
-}
-
-extension NEProviderStopReason {
-  var amneziaDescription: String {
+extension NEProviderStopReason: CustomStringConvertible {
+  public var description: String {
    switch self {
    case .none:
      return "No specific reason"
@@ -499,8 +223,6 @@ extension NEProviderStopReason {
      return "The current console user changed"
    case .connectionFailed:
      return "The connection failed"
-    case .internalError:
-      return "The network extension reported an internal error"
    case .sleep:
      return "A stop reason indicating the VPNC enabled disconnect on sleep and the device went to sleep"
    case .appUpdate:
@@ -11,7 +11,13 @@ class ScreenProtection {
 import UIKit

 public func toggleScreenshots(_ isEnabled: Bool) {
-  ScreenProtection.shared.setScreenshotsEnabled(isEnabled)
+  let window = UIApplication.shared.keyWindows.first!
+
+  if isEnabled {
+    ScreenProtection.shared.disable(for: window.rootViewController!.view)
+  } else {
+    ScreenProtection.shared.enable(for: window.rootViewController!.view)
+  }
 }

 extension UIApplication {
@@ -39,45 +45,6 @@ class ScreenProtection {

  private var blurView: UIVisualEffectView?
  private var recordingObservation: NSKeyValueObservation?
-  private var desiredScreenshotsEnabled: Bool?
-  private var retryCount = 0
-  private var retryWorkItem: DispatchWorkItem?
-
-  public func setScreenshotsEnabled(_ isEnabled: Bool) {
-    DispatchQueue.main.async {
-      self.desiredScreenshotsEnabled = isEnabled
-      self.applyScreenshotsSettingOrRetry()
-    }
-  }
-
-  private func applyScreenshotsSettingOrRetry() {
-    assert(Thread.isMainThread)
-
-    guard let desiredScreenshotsEnabled else { return }
-    guard let window = UIApplication.shared.keyWindows.first,
-          let rootView = window.rootViewController?.view else {
-      retryCount += 1
-      guard retryCount <= 50 else { return } // ~5s total
-
-      retryWorkItem?.cancel()
-      let item = DispatchWorkItem { [weak self] in
-        self?.applyScreenshotsSettingOrRetry()
-      }
-      retryWorkItem = item
-      DispatchQueue.main.asyncAfter(deadline: .now() + 0.1, execute: item)
-      return
-    }
-
-    retryWorkItem?.cancel()
-    retryWorkItem = nil
-    retryCount = 0
-
-    if desiredScreenshotsEnabled {
-      disable(for: rootView)
-    } else {
-      enable(for: rootView)
-    }
-  }

  public func enable(for view: UIView) {
    DispatchQueue.main.asyncAfter(deadline: .now() + 1.0) {
@@ -1,39 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef STOREKITCONTROLLER_H
-#define STOREKITCONTROLLER_H
-
-#import <Foundation/Foundation.h>
-#import <StoreKit/StoreKit.h>
-
-@class Product;
-@class Transaction;
-@class VerificationResult;
-
-API_AVAILABLE(ios(15.0), macos(12.0))
-@interface StoreKitController : NSObject
-
-+ (instancetype)sharedInstance;
-
- (void)purchaseProduct:(NSString *)productIdentifier
-             completion:(void (^)(BOOL success,
-                                  NSString *_Nullable transactionId,
-                                  NSString *_Nullable productId,
-                                  NSString *_Nullable originalTransactionId,
-                                  NSError *_Nullable error))completion;
-
- (void)restorePurchasesWithCompletion:(void (^)(BOOL success,
-                                                 NSArray<NSDictionary *> *_Nullable restoredTransactions,
-                                                 NSError *_Nullable error))completion;
-
-// Fetch product information for a set of identifiers without initiating a purchase
- (void)fetchProductsWithIdentifiers:(NSSet<NSString *> *)productIdentifiers
-                          completion:(void (^)(NSArray<NSDictionary *> *products,
-                                               NSArray<NSString *> *invalidIdentifiers,
-                                               NSError *_Nullable error))completion;
-
-@end
-
-#endif // STOREKITCONTROLLER_H
@@ -1,264 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#import "StoreKitController.h"
-#import <StoreKit/StoreKit.h>
-
-#include <QtCore/QDebug>
-#include <QtCore/QString>
-
-API_AVAILABLE(ios(15.0), macos(12.0))
-@interface StoreKitController () <SKProductsRequestDelegate, SKPaymentTransactionObserver>
-@property (nonatomic, copy) void (^purchaseCompletion)(BOOL success,
-                                                       NSString *_Nullable transactionId,
-                                                       NSString *_Nullable productId,
-                                                       NSString *_Nullable originalTransactionId,
-                                                       NSError *_Nullable error);
-@property (nonatomic, copy) void (^restoreCompletion)(BOOL success,
-                                                      NSArray<NSDictionary *> *_Nullable restoredTransactions,
-                                                      NSError *_Nullable error);
-@property (nonatomic, copy) void (^productsFetchCompletion)(NSArray<NSDictionary *> *products,
-                                                            NSArray<NSString *> *invalidIdentifiers,
-                                                            NSError *_Nullable error);
-@property (nonatomic, strong) SKProductsRequest *productsRequest;
-@property (nonatomic, strong) NSMutableArray<NSDictionary *> *restoredTransactions;
-@end
-
-@implementation StoreKitController
-
-+ (instancetype)sharedInstance
-{
-    static dispatch_once_t onceToken;
-    static StoreKitController *instance;
-    dispatch_once(&onceToken, ^{
-        if (@available(iOS 15.0, macOS 12.0, *)) {
-            instance = [[StoreKitController alloc] init];
-        }
-    });
-    return instance;
-}
-
- (instancetype)init API_AVAILABLE(ios(15.0), macos(12.0))
-{
-    self = [super init];
-    if (self) {
-        [[SKPaymentQueue defaultQueue] addTransactionObserver:self];
-    }
-    return self;
-}
-
- (void)dealloc
-{
-    [[SKPaymentQueue defaultQueue] removeTransactionObserver:self];
-}
-
- (void)purchaseProduct:(NSString *)productIdentifier
-             completion:(void (^)(BOOL success,
-                                  NSString *_Nullable transactionId,
-                                  NSString *_Nullable productId,
-                                  NSString *_Nullable originalTransactionId,
-                                  NSError *_Nullable error))completion API_AVAILABLE(ios(15.0), macos(12.0))
-{
-    self.purchaseCompletion = completion;
-    
-    qInfo().noquote() << "[IAP][StoreKit] Starting purchase for" << QString::fromUtf8(productIdentifier.UTF8String);
-    dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^{
-        [self performPurchaseAsync:productIdentifier];
-    });
-}
-
- (void)performPurchaseAsync:(NSString *)productIdentifier API_AVAILABLE(ios(15.0), macos(12.0))
-{
-    dispatch_async(dispatch_get_main_queue(), ^{
-        @try {
-            SKProductsRequest *request = [[SKProductsRequest alloc] initWithProductIdentifiers:[NSSet setWithObject:productIdentifier]];
-            request.delegate = self;
-            [request start];
-            
-        } @catch (NSException *exception) {
-            NSError *error = [NSError errorWithDomain:@"StoreKitController"
-                                                 code:1
-                                             userInfo:@{ NSLocalizedDescriptionKey : exception.reason ?: @"Purchase failed" }];
-            if (self.purchaseCompletion) {
-                self.purchaseCompletion(NO, nil, nil, nil, error);
-                self.purchaseCompletion = nil;
-            }
-        }
-    });
-}
-
- (void)restorePurchasesWithCompletion:(void (^)(BOOL success,
-                                                 NSArray<NSDictionary *> *_Nullable restoredTransactions,
-                                                 NSError *_Nullable error))completion API_AVAILABLE(ios(15.0), macos(12.0))
-{
-    self.restoreCompletion = completion;
-    self.restoredTransactions = [NSMutableArray array];
-    [[SKPaymentQueue defaultQueue] restoreCompletedTransactions];
-}
-
- (void)fetchProductsWithIdentifiers:(NSSet<NSString *> *)productIdentifiers
-                          completion:(void (^)(NSArray<NSDictionary *> *products,
-                                               NSArray<NSString *> *invalidIdentifiers,
-                                               NSError *_Nullable error))completion API_AVAILABLE(ios(15.0), macos(12.0))
-{
-    self.productsFetchCompletion = completion;
-    self.productsRequest = [[SKProductsRequest alloc] initWithProductIdentifiers:productIdentifiers];
-    self.productsRequest.delegate = self;
-    [self.productsRequest start];
-}
-
-#pragma mark - SKProductsRequestDelegate / SKRequestDelegate
-
- (void)productsRequest:(SKProductsRequest *)request didReceiveResponse:(SKProductsResponse *)response
-{
-    if (self.purchaseCompletion) {
-        SKProduct *product = response.products.firstObject;
-        if (!product) {
-            NSError *error = [NSError errorWithDomain:@"StoreKitController"
-                                                 code:0
-                                             userInfo:@{ NSLocalizedDescriptionKey : @"Product not found" }];
-            self.purchaseCompletion(NO, nil, nil, nil, error);
-            self.purchaseCompletion = nil;
-            self.productsRequest = nil;
-            return;
-        }
-        NSString *currencyCode = [product.priceLocale objectForKey:NSLocaleCurrencyCode] ?: @"";
-        NSString *priceString = [product.price stringValue] ?: @"";
-        qInfo().noquote() << "[IAP][StoreKit] Received product" << QString::fromUtf8(product.productIdentifier.UTF8String)
-                          << "price=" << QString::fromUtf8(priceString.UTF8String)
-                          << "currency=" << QString::fromUtf8(currencyCode.UTF8String);
-        SKPayment *payment = [SKPayment paymentWithProduct:product];
-        [[SKPaymentQueue defaultQueue] addPayment:payment];
-        self.productsRequest = nil;
-        return;
-    }
-
-    if (self.productsFetchCompletion) {
-        NSMutableArray<NSDictionary *> *productDicts = [NSMutableArray array];
-        for (SKProduct *p in response.products) {
-            NSDictionary *productDict = @{
-                @"productId": p.productIdentifier,
-                @"title": p.localizedTitle,
-                @"description": p.localizedDescription,
-                @"price": p.price.stringValue,
-                @"currencyCode": [p.priceLocale objectForKey:NSLocaleCurrencyCode] ?: @""
-            };
-            [productDicts addObject:productDict];
-            NSString *productCurrency = [p.priceLocale objectForKey:NSLocaleCurrencyCode] ?: @"";
-            NSString *productPrice = [p.price stringValue] ?: @"";
-            qInfo().noquote() << "[IAP][StoreKit] Fetched product info" << QString::fromUtf8(p.productIdentifier.UTF8String)
-                              << "price=" << QString::fromUtf8(productPrice.UTF8String)
-                              << "currency=" << QString::fromUtf8(productCurrency.UTF8String);
-        }
-        
-        self.productsFetchCompletion(productDicts, response.invalidProductIdentifiers, nil);
-        self.productsFetchCompletion = nil;
-        self.productsRequest = nil;
-        return;
-    }
-}
-
- (void)request:(SKRequest *)request didFailWithError:(NSError *)error
-{
-    if (self.purchaseCompletion) {
-        self.purchaseCompletion(NO, nil, nil, nil, error);
-        self.purchaseCompletion = nil;
-    }
-    if (self.productsFetchCompletion) {
-        self.productsFetchCompletion(@[], @[], error);
-        self.productsFetchCompletion = nil;
-    }
-    self.productsRequest = nil;
-}
-
-#pragma mark - SKPaymentTransactionObserver
-
- (void)paymentQueue:(SKPaymentQueue *)queue updatedTransactions:(NSArray<SKPaymentTransaction *> *)transactions
-{
-    for (SKPaymentTransaction *transaction in transactions) {
-        switch (transaction.transactionState) {
-        case SKPaymentTransactionStatePurchased: {
-            NSString *originalTransactionId = transaction.originalTransaction.transactionIdentifier ?: transaction.transactionIdentifier;
-            qInfo().noquote() << "[IAP][StoreKit] Transaction purchased" << QString::fromUtf8(transaction.transactionIdentifier.UTF8String)
-                              << "original=" << QString::fromUtf8((originalTransactionId ?: @"").UTF8String)
-                              << "product=" << QString::fromUtf8(transaction.payment.productIdentifier.UTF8String);
-            
-            if (self.purchaseCompletion) {
-                self.purchaseCompletion(YES,
-                                       transaction.transactionIdentifier,
-                                       transaction.payment.productIdentifier,
-                                       originalTransactionId,
-                                       nil);
-                self.purchaseCompletion = nil;
-            }
-            [[SKPaymentQueue defaultQueue] finishTransaction:transaction];
-            break;
-        }
-        case SKPaymentTransactionStateFailed:
-            qInfo().noquote() << "[IAP][StoreKit] Transaction failed" << QString::fromUtf8(transaction.transactionIdentifier.UTF8String)
-                              << "product=" << QString::fromUtf8(transaction.payment.productIdentifier.UTF8String)
-                              << "error=" << QString::fromUtf8(transaction.error.localizedDescription.UTF8String);
-            if (self.purchaseCompletion) {
-                self.purchaseCompletion(NO,
-                                       transaction.transactionIdentifier,
-                                       transaction.payment.productIdentifier,
-                                       nil,
-                                       transaction.error);
-                self.purchaseCompletion = nil;
-            }
-            [[SKPaymentQueue defaultQueue] finishTransaction:transaction];
-            break;
-        case SKPaymentTransactionStateRestored: {
-            if (self.restoreCompletion) {
-                NSString *transactionId = transaction.transactionIdentifier ?: @"";
-                NSString *originalTransactionId = transaction.originalTransaction.transactionIdentifier ?: transactionId;
-                NSString *productId = transaction.payment.productIdentifier ?: @"";
-
-                qInfo().noquote() << "[IAP][StoreKit] Transaction restored"
-                                  << QString::fromUtf8(transactionId.UTF8String)
-                                  << "original="
-                                  << QString::fromUtf8((originalTransactionId ?: @"").UTF8String)
-                                  << "product="
-                                  << QString::fromUtf8((productId ?: @"").UTF8String);
-
-                NSDictionary *info = @{
-                    @"transactionId": transactionId,
-                    @"originalTransactionId": originalTransactionId ?: @"",
-                    @"productId": productId ?: @""
-                };
-                if (!self.restoredTransactions) {
-                    self.restoredTransactions = [NSMutableArray array];
-                }
-                [self.restoredTransactions addObject:info];
-            }
-            [[SKPaymentQueue defaultQueue] finishTransaction:transaction];
-            break;
-        }
-        case SKPaymentTransactionStatePurchasing:
-        case SKPaymentTransactionStateDeferred: 
-            break;
-        }
-    }
-}
-
- (void)paymentQueueRestoreCompletedTransactionsFinished:(SKPaymentQueue *)queue
-{
-    if (self.restoreCompletion) {
-        NSArray<NSDictionary *> *transactions = [self.restoredTransactions copy];
-        self.restoreCompletion(YES, transactions, nil);
-        self.restoreCompletion = nil;
-        self.restoredTransactions = nil;
-    }
-}
-
- (void)paymentQueue:(SKPaymentQueue *)queue restoreCompletedTransactionsFailedWithError:(NSError *)error
-{
-    if (self.restoreCompletion) {
-        self.restoreCompletion(NO, nil, error);
-        self.restoreCompletion = nil;
-        self.restoredTransactions = nil;
-    }
-}
-
-@end
@@ -6,6 +6,8 @@ struct WGConfig: Decodable {
  let junkPacketCount, junkPacketMinSize, junkPacketMaxSize: String?
  let initPacketJunkSize, responsePacketJunkSize, cookieReplyPacketJunkSize, transportPacketJunkSize: String?
  let specialJunk1, specialJunk2, specialJunk3, specialJunk4, specialJunk5: String?
+  let controlledJunk1, controlledJunk2, controlledJunk3: String?
+  let specialHandshakeTimeout: String?
  let dns1: String
  let dns2: String
  let mtu: String
@@ -26,6 +28,8 @@ struct WGConfig: Decodable {
    case junkPacketCount = "Jc", junkPacketMinSize = "Jmin", junkPacketMaxSize = "Jmax"
    case initPacketJunkSize = "S1", responsePacketJunkSize = "S2", cookieReplyPacketJunkSize = "S3", transportPacketJunkSize = "S4"
    case specialJunk1 = "I1", specialJunk2 = "I2", specialJunk3 = "I3", specialJunk4 = "I4", specialJunk5 = "I5"
+    case controlledJunk1 = "J1", controlledJunk2 = "J2", controlledJunk3 = "J3"
+    case specialHandshakeTimeout = "Itime"
    case dns1
    case dns2
    case mtu
@@ -42,64 +46,58 @@ struct WGConfig: Decodable {
  }

  var settings: String {
-    func trimmed(_ value: String?) -> String? {
-      guard let value = value?.trimmingCharacters(in: .whitespacesAndNewlines),
-            !value.isEmpty else {
-        return nil
-      }
-      return value
-    }
-
-    guard
-      let junkPacketCount = trimmed(junkPacketCount),
-      let junkPacketMinSize = trimmed(junkPacketMinSize),
-      let junkPacketMaxSize = trimmed(junkPacketMaxSize),
-      let initPacketJunkSize = trimmed(initPacketJunkSize),
-      let responsePacketJunkSize = trimmed(responsePacketJunkSize),
-      let initPacketMagicHeader = trimmed(initPacketMagicHeader),
-      let responsePacketMagicHeader = trimmed(responsePacketMagicHeader),
-      let underloadPacketMagicHeader = trimmed(underloadPacketMagicHeader),
-      let transportPacketMagicHeader = trimmed(transportPacketMagicHeader)
-    else { return "" }
-
+    guard junkPacketCount != nil else { return "" }
+    
    var settingsLines: [String] = []
-
+    
    // Required parameters when junkPacketCount is present
-    settingsLines.append("Jc = \(junkPacketCount)")
-    settingsLines.append("Jmin = \(junkPacketMinSize)")
-    settingsLines.append("Jmax = \(junkPacketMaxSize)")
-    settingsLines.append("S1 = \(initPacketJunkSize)")
-    settingsLines.append("S2 = \(responsePacketJunkSize)")
-
-    settingsLines.append("H1 = \(initPacketMagicHeader)")
-    settingsLines.append("H2 = \(responsePacketMagicHeader)")
-    settingsLines.append("H3 = \(underloadPacketMagicHeader)")
-    settingsLines.append("H4 = \(transportPacketMagicHeader)")
+    settingsLines.append("Jc = \(junkPacketCount!)")
+    settingsLines.append("Jmin = \(junkPacketMinSize!)")
+    settingsLines.append("Jmax = \(junkPacketMaxSize!)")
+    settingsLines.append("S1 = \(initPacketJunkSize!)")
+    settingsLines.append("S2 = \(responsePacketJunkSize!)")
+    
+    settingsLines.append("H1 = \(initPacketMagicHeader!)")
+    settingsLines.append("H2 = \(responsePacketMagicHeader!)")
+    settingsLines.append("H3 = \(underloadPacketMagicHeader!)")
+    settingsLines.append("H4 = \(transportPacketMagicHeader!)")

    // Optional parameters - only add if not nil and not empty
-    if let s3 = trimmed(cookieReplyPacketJunkSize) {
+    if let s3 = cookieReplyPacketJunkSize, !s3.isEmpty {
      settingsLines.append("S3 = \(s3)")
    }
-    if let s4 = trimmed(transportPacketJunkSize) {
+    if let s4 = transportPacketJunkSize, !s4.isEmpty {
      settingsLines.append("S4 = \(s4)")
    }
-
-    if let i1 = trimmed(specialJunk1) {
+    
+    if let i1 = specialJunk1, !i1.isEmpty {
      settingsLines.append("I1 = \(i1)")
    }
-    if let i2 = trimmed(specialJunk2) {
+    if let i2 = specialJunk2, !i2.isEmpty {
      settingsLines.append("I2 = \(i2)")
    }
-    if let i3 = trimmed(specialJunk3) {
+    if let i3 = specialJunk3, !i3.isEmpty {
      settingsLines.append("I3 = \(i3)")
    }
-    if let i4 = trimmed(specialJunk4) {
+    if let i4 = specialJunk4, !i4.isEmpty {
      settingsLines.append("I4 = \(i4)")
    }
-    if let i5 = trimmed(specialJunk5) {
+    if let i5 = specialJunk5, !i5.isEmpty {
      settingsLines.append("I5 = \(i5)")
    }
-
+    if let j1 = controlledJunk1, !j1.isEmpty {
+      settingsLines.append("J1 = \(j1)")
+    }
+    if let j2 = controlledJunk2, !j2.isEmpty {
+      settingsLines.append("J2 = \(j2)")
+    }
+    if let j3 = controlledJunk3, !j3.isEmpty {
+      settingsLines.append("J3 = \(j3)")
+    }
+    if let itime = specialHandshakeTimeout, !itime.isEmpty {
+      settingsLines.append("Itime = \(itime)")
+    }
+    
    return settingsLines.joined(separator: "\n")
  }

@@ -3,7 +3,5 @@ import Foundation
 struct XrayConfig: Decodable {
    let dns1: String?
    let dns2: String?
-    let splitTunnelType: Int?
-    let splitTunnelSites: [String]?
    let config: String
 }
@@ -2,13 +2,6 @@
 #define IOS_CONTROLLER_H

 #include "protocols/vpnprotocol.h"
-#include <functional>
-#include <QVariant>
-#include <QVariantMap>
-#include <QStringList>
-#include <QList>
-#include <QElapsedTimer>
-#include <atomic>

 #ifdef __OBJC__
    #import <Foundation/Foundation.h>
@@ -62,24 +55,7 @@ public:
    bool shareText(const QStringList &filesToSend);
    QString openFile();

-    void purchaseProduct(const QString &productId,
-                         std::function<void(bool success,
-                                            const QString &transactionId,
-                                            const QString &purchasedProductId,
-                                            const QString &originalTransactionId,
-                                            const QString &errorString)> &&callback);
-    void restorePurchases(std::function<void(bool success,
-                                             const QList<QVariantMap> &transactions,
-                                             const QString &errorString)> &&callback);
-
-    // Fetch product info for given product identifiers and return basic fields for logging
-    void fetchProducts(const QStringList &productIds,
-                       std::function<void(const QList<QVariantMap> &products,
-                                          const QStringList &invalidIds,
-                                          const QString &errorString)> &&callback);
-
    void requestInetAccess();
-    bool isTestFlight();
 signals:
    void connectionStateChanged(Vpn::ConnectionState state);
    void bytesChanged(quint64 receivedBytes, quint64 sentBytes);
@@ -105,7 +81,6 @@ private:
    bool startXray(const QString &jsonConfig);

    void startTunnel();
-    void emitConnectionStateIfChanged(Vpn::ConnectionState state);

 private:
    void *m_iosControllerWrapper {};
@@ -119,13 +94,8 @@ private:
    amnezia::Proto m_proto;
    QJsonObject m_rawConfig;
    QString m_tunnelId;
-    uint64_t m_txBytes = 0;
-    uint64_t m_rxBytes = 0;
-    bool m_handshakeAwaiting = false;
-    bool m_handshakeConfirmed = false;
-    QElapsedTimer m_handshakeTimer;
-    Vpn::ConnectionState m_lastEmittedState = Vpn::ConnectionState::Unknown;
-    std::atomic_bool m_statusRequestInFlight { false };
+    uint64_t m_txBytes;
+    uint64_t m_rxBytes;
 };

 #endif // IOS_CONTROLLER_H
@@ -10,7 +10,6 @@

 #include "../protocols/vpnprotocol.h"
 #import "ios_controller_wrapper.h"
-#import "StoreKitController.h"

 const char* Action::start = "start";
 const char* Action::restart = "restart";
@@ -93,48 +92,6 @@ Vpn::ConnectionState iosStatusToState(NEVPNStatus status) {
 }
 }

-namespace {
-constexpr int kHandshakeTimeoutMs = 12000;
-constexpr uint64_t kHandshakeRxThreshold = 4096;
-bool isWireGuardBasedProto(amnezia::Proto proto) {
-    return proto == amnezia::Proto::WireGuard || proto == amnezia::Proto::Awg;
-}
-
-uint64_t uint64FromResponse(NSDictionary *response, NSString *key, uint64_t fallback = 0) {
-    id value = response[key];
-    if (!value || value == [NSNull null]) {
-        return fallback;
-    }
-    if ([value isKindOfClass:[NSNumber class]]) {
-        return [(NSNumber *)value unsignedLongLongValue];
-    }
-    if ([value isKindOfClass:[NSString class]]) {
-        const char *str = [(NSString *)value UTF8String];
-        if (str && *str) {
-            return strtoull(str, nullptr, 10);
-        }
-    }
-    return fallback;
-}
-
-long long int64FromResponse(NSDictionary *response, NSString *key, long long fallback = 0) {
-    id value = response[key];
-    if (!value || value == [NSNull null]) {
-        return fallback;
-    }
-    if ([value isKindOfClass:[NSNumber class]]) {
-        return [(NSNumber *)value longLongValue];
-    }
-    if ([value isKindOfClass:[NSString class]]) {
-        const char *str = [(NSString *)value UTF8String];
-        if (str && *str) {
-            return strtoll(str, nullptr, 10);
-        }
-    }
-    return fallback;
-}
-}
-
 namespace {
 IosController* s_instance = nullptr;
 }
@@ -144,9 +101,6 @@ IosController::IosController() : QObject()
    s_instance = this;
    m_iosControllerWrapper = [[IosControllerWrapper alloc] initWithCppController:this];

-    // Initialize StoreKitController early to start observing the payment queue
-    [StoreKitController sharedInstance];
-
    [[NSNotificationCenter defaultCenter]
        removeObserver: (__bridge NSObject *)m_iosControllerWrapper];
    [[NSNotificationCenter defaultCenter]
@@ -156,15 +110,6 @@ IosController::IosController() : QObject()

 }

-void IosController::emitConnectionStateIfChanged(Vpn::ConnectionState state)
-{
-    if (m_lastEmittedState == state) {
-        return;
-    }
-    m_lastEmittedState = state;
-    emit connectionStateChanged(state);
-}
-
 IosController* IosController::Instance() {
    if (!s_instance) {
        s_instance = new IosController();
@@ -331,65 +276,33 @@ void IosController::disconnectVpn()

 void IosController::checkStatus()
 {
-    if (!m_currentTunnel) {
-        return;
-    }
-
-    if (m_currentTunnel.connection.status != NEVPNStatusConnected) {
-        return;
-    }
-
-    if (m_statusRequestInFlight.exchange(true)) {
-        return;
-    }
-
    NSString *actionKey = [NSString stringWithUTF8String:MessageKey::action];
    NSString *actionValue = [NSString stringWithUTF8String:Action::getStatus];
    NSString *tunnelIdKey = [NSString stringWithUTF8String:MessageKey::tunnelId];
    NSString *tunnelIdValue = !m_tunnelId.isEmpty() ? m_tunnelId.toNSString() : @"";

    NSDictionary* message = @{actionKey: actionValue, tunnelIdKey: tunnelIdValue};
-    dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^{
    sendVpnExtensionMessage(message, [&](NSDictionary* response){
-        if (!response) {
-            QMetaObject::invokeMethod(this, [this]() {
-                m_statusRequestInFlight = false;
-            }, Qt::QueuedConnection);
-            return;
+        uint64_t txBytes = [response[@"tx_bytes"] intValue];
+        uint64_t rxBytes = [response[@"rx_bytes"] intValue];
+        
+        uint64_t last_handshake_time_sec = 0;
+#if !MACOS_NE
+        if (response[@"last_handshake_time_sec"] && ![response[@"last_handshake_time_sec"] isKindOfClass:[NSNull class]]) {
+            last_handshake_time_sec = [response[@"last_handshake_time_sec"] intValue];
+        } else {
+            qDebug() << "Key last_handshake_time_sec is missing or null";
        }

-        const uint64_t txBytes = uint64FromResponse(response, @"tx_bytes");
-        const uint64_t rxBytes = uint64FromResponse(response, @"rx_bytes");
-        const long long last_handshake_time_sec = int64FromResponse(response, @"last_handshake_time_sec");
+        if (last_handshake_time_sec < 0) {
+            disconnectVpn();
+            qDebug() << "Invalid handshake time, disconnecting VPN.";
+        }
+#endif

-        QMetaObject::invokeMethod(this, [this, txBytes, rxBytes, last_handshake_time_sec]() {
-            if (isWireGuardBasedProto(m_proto) && m_handshakeAwaiting) {
-                const bool hasHandshakeData = (last_handshake_time_sec >= 0);
-                const bool hasFreshHandshake = hasHandshakeData &&
-                        ((last_handshake_time_sec > 0) ||
-                         (rxBytes >= kHandshakeRxThreshold) ||
-                         (txBytes >= kHandshakeRxThreshold));
-
-                if (hasFreshHandshake) {
-                    m_handshakeConfirmed = true;
-                    m_handshakeAwaiting = false;
-                    m_handshakeTimer.invalidate();
-                    qDebug() << "IosController::checkStatus : handshake confirmed";
-                    emitConnectionStateIfChanged(Vpn::ConnectionState::Connected);
-                } else if (m_handshakeTimer.isValid() &&
-                           m_handshakeTimer.elapsed() > kHandshakeTimeoutMs) {
-                    m_handshakeTimer.restart();
-                    qDebug() << "IosController::checkStatus : handshake timed out, keeping tunnel alive";
-                    emitConnectionStateIfChanged(Vpn::ConnectionState::Reconnecting);
-                }
-            }
-
-            emit bytesChanged(rxBytes - m_rxBytes, txBytes - m_txBytes);
-            m_rxBytes = rxBytes;
-            m_txBytes = txBytes;
-            m_statusRequestInFlight = false;
-        }, Qt::QueuedConnection);
-    });
+        emit bytesChanged(rxBytes - m_rxBytes, txBytes - m_txBytes);
+        m_rxBytes = rxBytes;
+        m_txBytes = txBytes;
    });
 }

@@ -496,22 +409,7 @@ void IosController::vpnStatusDidChange(void *pNotification)
            }
        }

-        Vpn::ConnectionState nextState = iosStatusToState(session.status);
-        if (session.status == NEVPNStatusConnected && isWireGuardBasedProto(m_proto)) {
-            if (!m_handshakeConfirmed) {
-                nextState = Vpn::ConnectionState::Connecting;
-                if (!m_handshakeAwaiting) {
-                    m_handshakeAwaiting = true;
-                    m_handshakeTimer.restart();
-                }
-            }
-        } else if (session.status != NEVPNStatusConnected) {
-            m_handshakeAwaiting = false;
-            m_handshakeConfirmed = false;
-            m_handshakeTimer.invalidate();
-            m_statusRequestInFlight = false;
-        }
-        emitConnectionStateIfChanged(nextState);
+        emit connectionStateChanged(iosStatusToState(session.status));
    }
 }

@@ -684,15 +582,6 @@ bool IosController::setupXray()
    QJsonObject finalConfig;
    finalConfig.insert(config_key::dns1, m_rawConfig[config_key::dns1].toString());
    finalConfig.insert(config_key::dns2, m_rawConfig[config_key::dns2].toString());
-    finalConfig.insert(config_key::splitTunnelType, m_rawConfig[config_key::splitTunnelType]);
-
-    QJsonArray splitTunnelSites = m_rawConfig[config_key::splitTunnelSites].toArray();
-
-    for(int index = 0; index < splitTunnelSites.count(); index++) {
-        splitTunnelSites[index] = splitTunnelSites[index].toString().remove(" ");
-    }
-
-    finalConfig.insert(config_key::splitTunnelSites, splitTunnelSites);
    finalConfig.insert(config_key::config, xrayConfigStr);

    QJsonDocument finalConfigDoc(finalConfig);
@@ -781,6 +670,10 @@ bool IosController::setupAwg()
    wgConfig.insert(config_key::specialJunk3, config[config_key::specialJunk3]);
    wgConfig.insert(config_key::specialJunk4, config[config_key::specialJunk4]);
    wgConfig.insert(config_key::specialJunk5, config[config_key::specialJunk5]);
+    wgConfig.insert(config_key::controlledJunk1, config[config_key::controlledJunk1]);
+    wgConfig.insert(config_key::controlledJunk2, config[config_key::controlledJunk2]);
+    wgConfig.insert(config_key::controlledJunk3, config[config_key::controlledJunk3]);
+    wgConfig.insert(config_key::specialHandshakeTimeout, config[config_key::specialHandshakeTimeout]);

    QJsonDocument wgConfigDoc(wgConfig);
    QString wgConfigDocStr(wgConfigDoc.toJson(QJsonDocument::Compact));
@@ -906,9 +799,6 @@ void IosController::sendVpnExtensionMessage(NSDictionary* message, std::function
 {
    if (!m_currentTunnel) {
        qDebug() << "Cannot set an extension callback without a tunnel manager";
-        if (callback) {
-            callback(nil);
-        }
        return;
    }

@@ -918,9 +808,6 @@ void IosController::sendVpnExtensionMessage(NSDictionary* message, std::function
    if (!data || error) {
        qDebug() << "Failed to serialize message to VpnExtension as JSON. Error:"
                 << [error.localizedDescription UTF8String];
-        if (callback) {
-            callback(nil);
-        }
        return;
    }

@@ -951,18 +838,11 @@ void IosController::sendVpnExtensionMessage(NSDictionary* message, std::function
        [session sendProviderMessage:data returnError:&sendError responseHandler:completionHandler];
    } else {
        qDebug() << "Method sendProviderMessage:responseHandler:error: does not exist";
-        if (callback) {
-            callback(nil);
-        }
-        return;
    }

    if (sendError) {
        qDebug() << "Failed to send message to VpnExtension. Error:"
                 << [sendError.localizedDescription UTF8String];
-        if (callback) {
-            callback(nil);
-        }
    }

 }
@@ -1033,135 +913,6 @@ QString IosController::openFile() {
    return filePath;
 }

-void IosController::purchaseProduct(const QString &productId,
-                                   std::function<void(bool success,
-                                                      const QString &transactionId,
-                                                      const QString &purchasedProductId,
-                                                      const QString &originalTransactionId,
-                                                      const QString &errorString)> &&callback)
-{
-    qInfo().noquote() << "[IAP][IosController] purchaseProduct called" << productId;
-    if (@available(iOS 15.0, macOS 12.0, *)) {
-        StoreKitController *controller = [StoreKitController sharedInstance];
-        __block auto cb = std::move(callback);
-        [controller purchaseProduct:productId.toNSString() completion:^(BOOL s,
-                                                                        NSString * _Nullable transactionId,
-                                                                        NSString * _Nullable prodId,
-                                                                        NSString * _Nullable originalTxId,
-                                                                        NSError * _Nullable error) {
-            const QString txId = QString::fromUtf8((transactionId ?: @"").UTF8String);
-            const QString pId  = QString::fromUtf8((prodId        ?: @"").UTF8String);
-            const QString origTxId = QString::fromUtf8((originalTxId ?: @"").UTF8String);
-            const QString err  = QString::fromUtf8((error.localizedDescription ?: @"").UTF8String);
-
-            qInfo().noquote() << "[IAP][IosController] purchase completion" << "success=" << s
-                              << "transactionId=" << txId << "originalTransactionId=" << origTxId
-                              << "productId=" << pId << "error=" << err;
-
-            if (cb) {
-                cb(s, txId, pId, origTxId, err);
-            }
-        }];
-    } else {
-        if (callback) {
-            callback(false, QString(), QString(), QString(), "StoreKit 2 requires iOS 15.0 or later");
-        }
-    }
-}
-
-void IosController::restorePurchases(std::function<void(bool success,
-                                                       const QList<QVariantMap> &transactions,
-                                                       const QString &errorString)> &&callback)
-{
-    if (@available(iOS 15.0, macOS 12.0, *)) {
-        StoreKitController *controller = [StoreKitController sharedInstance];
-        __block auto cb = std::move(callback);
-        [controller restorePurchasesWithCompletion:^(BOOL s,
-                                                     NSArray<NSDictionary *> * _Nullable restoredTransactions,
-                                                     NSError * _Nullable error) {
-            QString err;
-            if (error) {
-                err = QString::fromUtf8(error.localizedDescription.UTF8String);
-            }
-            QList<QVariantMap> transactions;
-            for (NSDictionary *dict in restoredTransactions ?: @[]) {
-                QVariantMap transaction;
-                NSString *transactionId = dict[@"transactionId"];
-                NSString *productId = dict[@"productId"];
-                NSString *originalTransactionId = dict[@"originalTransactionId"];
-
-                if (transactionId) {
-                    transaction.insert(QStringLiteral("transactionId"), QString::fromUtf8(transactionId.UTF8String));
-                }
-                if (productId) {
-                    transaction.insert(QStringLiteral("productId"), QString::fromUtf8(productId.UTF8String));
-                }
-                if (originalTransactionId) {
-                    transaction.insert(QStringLiteral("originalTransactionId"),
-                                       QString::fromUtf8(originalTransactionId.UTF8String));
-                }
-                transactions.push_back(transaction);
-            }
-            if (cb) {
-                cb(s, transactions, err);
-            }
-        }];
-    } else {
-        if (callback) {
-            callback(false, QList<QVariantMap>(), "StoreKit 2 requires iOS 15.0 or later");
-        }
-    }
-}
-
-void IosController::fetchProducts(const QStringList &productIds,
-                                  std::function<void(const QList<QVariantMap> &products,
-                                                     const QStringList &invalidIds,
-                                                     const QString &errorString)> &&callback)
-{
-    if (@available(iOS 15.0, macOS 12.0, *)) {
-        StoreKitController *controller = [StoreKitController sharedInstance];
-        NSMutableSet<NSString *> *ids = [NSMutableSet setWithCapacity:productIds.size()];
-        for (const auto &pid : productIds) {
-            [ids addObject:pid.toNSString()];
-        }
-        __block auto cb = std::move(callback);
-
-        [controller fetchProductsWithIdentifiers:ids
-                                      completion:^(NSArray<NSDictionary *> * _Nonnull products,
-                                                   NSArray<NSString *> * _Nonnull invalidIdentifiers,
-                                                   NSError * _Nullable error) {
-            QList<QVariantMap> outProducts;
-            for (NSDictionary *p in products) {
-                QVariantMap m;
-                m["productId"] = QString::fromUtf8([p[@"productId"] UTF8String]);
-                m["title"] = QString::fromUtf8([p[@"title"] UTF8String]);
-                m["description"] = QString::fromUtf8([p[@"description"] UTF8String]);
-                m["price"] = QString::fromUtf8([p[@"price"] UTF8String]);
-                m["currencyCode"] = QString::fromUtf8([p[@"currencyCode"] UTF8String]);
-                outProducts.push_back(m);
-            }
-
-            QStringList invalid;
-            for (NSString *inv in invalidIdentifiers) {
-                invalid.push_back(QString::fromUtf8(inv.UTF8String));
-            }
-
-            QString err;
-            if (error) {
-                err = QString::fromUtf8(error.localizedDescription.UTF8String);
-            }
-
-            if (cb) {
-                cb(outProducts, invalid, err);
-            }
-        }];
-    } else {
-        if (callback) {
-            callback(QList<QVariantMap>(), QStringList(), "StoreKit 2 requires iOS 15.0 or later");
-        }
-    }
-}
-
 void IosController::requestInetAccess() {
    NSURL *url = [NSURL URLWithString:@"http://captive.apple.com/generate_204"];
    if (!url) {
@@ -1180,8 +931,3 @@ void IosController::requestInetAccess() {
    }];
    [task resume];
 }
-
-bool IosController::isTestFlight() {
-    NSURL *receiptURL = [[NSBundle mainBundle] appStoreReceiptURL];
-    return receiptURL && [[receiptURL lastPathComponent] isEqualToString:@"sandboxReceipt"];
-}
@@ -34,9 +34,6 @@ void IOSNetworkWatcher::initialize() {
  });
  nw_path_monitor_start(m_networkMonitor);

-  // Call start() to initialize sleep/wake monitoring (will call MacOSNetworkWatcher::start() if this is macOS)
-  this->start();
-  
  //TODO IMPL FOR AMNEZIA
 }

@@ -108,7 +108,7 @@ int LinuxFirewall::linkChain(LinuxFirewall::IPVersion ip, const QString& chain,
        //    (we can't safely delete all rules at once since rule numbers change)
        // TODO: occasionally this script results in warnings in logs "Bad rule (does a matching rule exist in the chain?)" - this happens when
        // the e.g OUTPUT chain is empty but this script attempts to delete things from it anyway. It doesn't cause any problems, but we should still fix at some point..
-        return execute(QStringLiteral("if ! %1 -L %2 -n --line-numbers -t %4 2> /dev/null | awk 'int($1) == 1 && $2 == \"%3\" { found=1 } END { if(found==1) { exit 0 } else { exit 1 } }' ; then %1 -I %2 -j %3 -t %4 && %1 -L %2 -n --line-numbers -t %4 2> /dev/null | awk 'int($1) > 1 && $2 == \"%3\" { print $1; exit }' | xargs -r %1 -t %4 -D %2 ; fi").arg(cmd, parent, chain, tableName));
+        return execute(QStringLiteral("if ! %1 -L %2 -n --line-numbers -t %4 2> /dev/null | awk 'int($1) == 1 && $2 == \"%3\" { found=1 } END { if(found==1) { exit 0 } else { exit 1 } }' ; then %1 -I %2 -j %3 -t %4 && %1 -L %2 -n --line-numbers -t %4 2> /dev/null | awk 'int($1) > 1 && $2 == \"%3\" { print $1; exit }' | xargs %1 -t %4 -D %2 ; fi").arg(cmd, parent, chain, tableName));
    }
    else
        return execute(QStringLiteral("if ! %1 -C %2 -j %3 -t %4 2> /dev/null ; then %1 -A %2 -j %3 -t %4; fi").arg(cmd, parent, chain, tableName));
@@ -289,7 +289,6 @@ void LinuxFirewall::install()
    installAnchor(Both, QStringLiteral("100.blockAll"), {
                                                            QStringLiteral("-j REJECT"),
                                                        });
-    installAnchor(Both, QStringLiteral("400.allowPIA"), {});
    // NAT rules
    installAnchor(Both, QStringLiteral("100.transIp"), {

@@ -496,23 +495,13 @@ int LinuxFirewall::execute(const QString &command, bool ignoreErrors)
        logger.debug() << "(" << exitCode << ") $ " << command;
    if (!out.isEmpty())
        logger.info() << out;
-    if (!err.isEmpty() && !ignoreErrors)
+    if (!err.isEmpty())
        logger.warning() << err;
    return exitCode;
 }

 void LinuxFirewall::setupTrafficSplitting()
 {
-    // Register the routing table name so the ip tool can resolve it by name
-    execute(QStringLiteral("grep -q '%1' /etc/iproute2/rt_tables || printf '200\\t%1\\n' >> /etc/iproute2/rt_tables").arg(kRtableName));
-
-    // On cgroup v2 (unified hierarchy) systems /sys/fs/cgroup/net_cls/ does not exist.
-    // Try to mount the legacy net_cls cgroup v1 controller so traffic splitting works.
-    execute(QStringLiteral(
-        "if [ ! -d /sys/fs/cgroup/net_cls ] ; then "
-        "mkdir -p /sys/fs/cgroup/net_cls && "
-        "mount -t cgroup -o net_cls cgroup /sys/fs/cgroup/net_cls ; fi"));
-
    auto cGroupDir = "/sys/fs/cgroup/net_cls/" BRAND_CODE "vpnexclusions/";
    logger.info() << "Should be setting up cgroup in" << cGroupDir << "for traffic splitting";
    execute(QStringLiteral("if [ ! -d %1 ] ; then mkdir %1 ; sleep 0.1 ; echo %2 > %1/net_cls.classid ; fi").arg(cGroupDir).arg(kCGroupId));
@@ -524,9 +513,6 @@ void LinuxFirewall::teardownTrafficSplitting()
 {
    logger.info() << "Tearing down cgroup and routing rules";
    execute(QStringLiteral("if ip rule list | grep -q %1; then ip rule del from all fwmark %1 lookup %2 2> /dev/null ; fi").arg(kPacketTag, kRtableName));
-    // Ignore errors here: on first teardown the table name may not be registered yet
-    execute(QStringLiteral("ip route flush table %1").arg(kRtableName), true);
+    execute(QStringLiteral("ip route flush table %1").arg(kRtableName));
    execute(QStringLiteral("ip route flush cache"));
-    // Remove the rt_tables entry we added
-    execute(QStringLiteral("sed -i '/%1/d' /etc/iproute2/rt_tables").arg(kRtableName));
 }
@@ -165,7 +165,7 @@ bool LinuxRouteMonitor::rtmSendRoute(int action, int flags, int type,

    if (rtm->rtm_type == RTN_THROW) {
    struct in_addr ip4;
-    inet_pton(AF_INET, NetworkUtilities::getGatewayAndIface().first.toUtf8(), &ip4);
+    inet_pton(AF_INET, NetworkUtilities::getGatewayAndIface().toUtf8(), &ip4);
    nlmsg_append_attr(nlmsg, sizeof(buf), RTA_GATEWAY, &ip4, sizeof(ip4));
    nlmsg_append_attr32(nlmsg, sizeof(buf), RTA_PRIORITY, 0);
    rtm->rtm_type = RTN_UNICAST;
@@ -143,6 +143,12 @@ bool WireguardUtilsLinux::addInterface(const InterfaceConfig& config) {
    for (const QString& key : config.m_specialJunk.keys()) {
        out << key.toLower() << "=" << config.m_specialJunk.value(key) << "\n";
    }
+    for (const QString& key : config.m_controlledJunk.keys()) {
+        out << key.toLower() << "=" << config.m_controlledJunk.value(key) << "\n";
+    }
+    if (!config.m_specialHandshakeTimeout.isEmpty()) {
+        out << "itime=" << config.m_specialHandshakeTimeout << "\n";
+    }

    int err = uapiErrno(uapiCommand(message));
    if (err != 0) {
@@ -41,9 +41,6 @@ void LinuxNetworkWatcher::initialize() {
  connect(m_worker, &LinuxNetworkWatcherWorker::unsecuredNetwork, this,
          &LinuxNetworkWatcher::unsecuredNetwork);

-  connect(m_worker, &LinuxNetworkWatcherWorker::wakeup, this,
-          &NetworkWatcherImpl::wakeup);
-
  // Let's wait a few seconds to allow the UI to be fully loaded and shown.
  // This is not strictly needed, but it's better for user experience because
  // it makes the UI faster to appear, plus it gives a bit of delay between the
@@ -33,21 +33,7 @@
 #define NM_802_11_AP_SEC_WEAK_CRYPTO \
  (NM_802_11_AP_SEC_PAIR_WEP40 | NM_802_11_AP_SEC_PAIR_WEP104)

-
-enum NMState {
-    NM_STATE_UNKNOWN = 0,
-    NM_STATE_ASLEEP = 10,
-    NM_STATE_DISCONNECTED = 20,
-    NM_STATE_DISCONNECTING = 30,
-    NM_STATE_CONNECTING = 40,
-    NM_STATE_CONNECTED_LOCAL = 50,
-    NM_STATE_CONNECTED_SITE = 60,
-    NM_STATE_CONNECTED_GLOBAL = 70
-};
-
-
 constexpr const char* DBUS_NETWORKMANAGER = "org.freedesktop.NetworkManager";
-constexpr const char* DBUS_NETWORKMANAGER_PATH = "/org/freedesktop/NetworkManager";

 namespace {
 Logger logger("LinuxNetworkWatcherWorker");
@@ -87,7 +73,7 @@ void LinuxNetworkWatcherWorker::initialize() {
  // documentation:
  // https://developer.gnome.org/NetworkManager/stable/gdbus-org.freedesktop.NetworkManager.html

-  QDBusInterface nm(DBUS_NETWORKMANAGER, DBUS_NETWORKMANAGER_PATH,
+  QDBusInterface nm(DBUS_NETWORKMANAGER, "/org/freedesktop/NetworkManager",
                    DBUS_NETWORKMANAGER, QDBusConnection::systemBus());
  if (!nm.isValid()) {
    logger.error()
@@ -122,12 +108,6 @@ void LinuxNetworkWatcherWorker::initialize() {
        SLOT(propertyChanged(QString, QVariantMap, QStringList)));
  }

-  QDBusConnection::systemBus().connect(DBUS_NETWORKMANAGER,
-                                       DBUS_NETWORKMANAGER_PATH,
-                                       DBUS_NETWORKMANAGER,
-                                       "StateChanged",
-                                       this, SLOT(NMStateChanged(quint32)));
-
  if (m_devicePaths.isEmpty()) {
    logger.warning() << "No wifi devices found";
    return;
@@ -193,16 +173,5 @@ void LinuxNetworkWatcherWorker::checkDevices() {
      emit unsecuredNetwork(ssid, bssid);
      break;
    }
-
  }
 }
-
-void LinuxNetworkWatcherWorker::NMStateChanged(quint32 state)
-{
-  if (state == NM_STATE_ASLEEP) {
-    emit wakeup();
-  }
-
-  logger.debug() << "NMStateChanged " << state;
-}
-
@@ -23,7 +23,6 @@ class LinuxNetworkWatcherWorker final : public QObject {

 signals:
  void unsecuredNetwork(const QString& networkName, const QString& networkId);
-  void wakeup();

 public slots:
  void initialize();
@@ -31,7 +30,6 @@ class LinuxNetworkWatcherWorker final : public QObject {
 private slots:
  void propertyChanged(QString interface, QVariantMap properties,
                       QStringList list);
-  void NMStateChanged(quint32 state);

 private:
  // We collect the list of DBus wifi network device paths during the
@@ -1,185 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "linuxpingsender.h"
-
-#include <arpa/inet.h>
-#include <errno.h>
-#include <linux/filter.h>
-#include <netinet/in.h>
-#include <netinet/ip.h>
-#include <netinet/ip_icmp.h>
-#include <sys/socket.h>
-#include <unistd.h>
-
-#include <QSocketNotifier>
-#include <QtEndian>
-
-#include "leakdetector.h"
-#include "logger.h"
-#include "qhostaddress.h"
-
-namespace {
-Logger logger("LinuxPingSender");
-}
-
-int LinuxPingSender::createSocket() {
-  // Try creating an ICMP socket. This would be the ideal choice, but it can
-  // fail depending on the kernel config (see: sys.net.ipv4.ping_group_range)
-  m_socket = socket(AF_INET, SOCK_DGRAM, IPPROTO_ICMP);
-  if (m_socket >= 0) {
-    m_ident = 0;
-    return m_socket;
-  }
-  if ((errno != EPERM) && (errno != EACCES)) {
-    return -1;
-  }
-
-  // As a fallback, create a raw socket, which requires root permissions
-  // or CAP_NET_RAW to be granted to the VPN client.
-  m_socket = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
-  if (m_socket < 0) {
-    return -1;
-  }
-  m_ident = getpid() & 0xffff;
-
-  // Attach a BPF filter to discard everything but replies to our echo.
-  struct sock_filter bpf_prog[] = {
-      BPF_STMT(BPF_LDX | BPF_B | BPF_MSH, 0), /* Skip IP header. */
-      BPF_STMT(BPF_LD | BPF_H | BPF_IND, 4),  /* Load icmp echo ident */
-      BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, m_ident, 1, 0), /* Ours? */
-      BPF_STMT(BPF_RET | BPF_K, 0), /* Unexpected identifier. Reject. */
-      BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), /* Load icmp type */
-      BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, ICMP_ECHOREPLY, 1, 0), /* Echo? */
-      BPF_STMT(BPF_RET | BPF_K, 0),   /* Unexpected type. Reject. */
-      BPF_STMT(BPF_RET | BPF_K, ~0U), /* Packet passes the filter. */
-  };
-  struct sock_fprog filter = {
-      .len = sizeof(bpf_prog) / sizeof(struct sock_filter),
-      .filter = bpf_prog,
-  };
-  setsockopt(m_socket, SOL_SOCKET, SO_ATTACH_FILTER, &filter, sizeof(filter));
-
-  return m_socket;
-}
-
-LinuxPingSender::LinuxPingSender(const QHostAddress& source, QObject* parent)
-    : PingSender(parent) {
-  MZ_COUNT_CTOR(LinuxPingSender);
-
-  logger.debug() << "LinuxPingSender(" + logger.sensitive(source.toString()) +
-                        ") created";
-
-  m_socket = createSocket();
-  if (m_socket < 0) {
-    logger.error() << "Socket creation error: " << strerror(errno);
-    return;
-  }
-
-  quint32 ipv4addr = INADDR_ANY;
-  if (!source.isNull()) {
-    ipv4addr = source.toIPv4Address();
-  }
-  struct sockaddr_in addr;
-  memset(&addr, 0, sizeof addr);
-  addr.sin_family = AF_INET;
-  addr.sin_addr.s_addr = qToBigEndian<quint32>(ipv4addr);
-
-  if (bind(m_socket, (struct sockaddr*)&addr, sizeof(addr)) != 0) {
-    close(m_socket);
-    m_socket = -1;
-    logger.error() << "bind error:" << strerror(errno);
-    return;
-  }
-
-  m_notifier = new QSocketNotifier(m_socket, QSocketNotifier::Read, this);
-  if (m_ident) {
-    connect(m_notifier, &QSocketNotifier::activated, this,
-            &LinuxPingSender::rawSocketReady);
-  } else {
-    connect(m_notifier, &QSocketNotifier::activated, this,
-            &LinuxPingSender::icmpSocketReady);
-  }
-}
-
-LinuxPingSender::~LinuxPingSender() {
-  MZ_COUNT_DTOR(LinuxPingSender);
-  if (m_socket >= 0) {
-    close(m_socket);
-  }
-}
-
-void LinuxPingSender::sendPing(const QHostAddress& dest, quint16 sequence) {
-  quint32 ipv4dest = dest.toIPv4Address();
-  struct sockaddr_in addr;
-  memset(&addr, 0, sizeof(addr));
-  addr.sin_family = AF_INET;
-  addr.sin_addr.s_addr = qToBigEndian<quint32>(ipv4dest);
-
-  struct icmphdr packet;
-  memset(&packet, 0, sizeof(packet));
-  packet.type = ICMP_ECHO;
-  packet.un.echo.id = htons(m_ident);
-  packet.un.echo.sequence = htons(sequence);
-  packet.checksum = inetChecksum(&packet, sizeof(packet));
-
-  int rc = sendto(m_socket, &packet, sizeof(packet), 0, (struct sockaddr*)&addr,
-                  sizeof(addr));
-  if (rc < 0) {
-    logger.error() << "failed to send:" << strerror(errno);
-    if (errno == ENETUNREACH) {
-        emit criticalPingError();
-    }
-  }
-}
-
-void LinuxPingSender::icmpSocketReady() {
-  socklen_t slen = 0;
-  unsigned char data[2048];
-  int rc = recvfrom(m_socket, data, sizeof(data), MSG_DONTWAIT, NULL, &slen);
-  if (rc <= 0) {
-    logger.error() << "recvfrom failed:" << strerror(errno);
-    return;
-  }
-
-  struct icmphdr packet;
-  if (rc >= (int)sizeof(packet)) {
-    memcpy(&packet, data, sizeof(packet));
-    if (packet.type == ICMP_ECHOREPLY) {
-      emit recvPing(htons(packet.un.echo.sequence));
-    }
-  }
-}
-
-void LinuxPingSender::rawSocketReady() {
-  socklen_t slen = 0;
-  unsigned char data[2048];
-  int rc = recvfrom(m_socket, data, sizeof(data), MSG_DONTWAIT, NULL, &slen);
-  if (rc <= 0) {
-    logger.error() << "recvfrom failed:" << strerror(errno);
-    return;
-  }
-
-  // Check the IP header
-  const struct iphdr* ip = (struct iphdr*)data;
-  int iphdrlen = ip->ihl * 4;
-  if (rc < iphdrlen || iphdrlen < (int)sizeof(struct iphdr)) {
-    logger.error() << "malformed IP packet:" << strerror(errno);
-    return;
-  }
-
-  // Check the ICMP packet
-  struct icmphdr packet;
-  if (inetChecksum(data + iphdrlen, rc - iphdrlen) != 0) {
-    logger.warning() << "invalid checksum";
-    return;
-  }
-  if (rc >= (iphdrlen + (int)sizeof(packet))) {
-    memcpy(&packet, data + iphdrlen, sizeof(packet));
-    quint16 id = htons(m_ident);
-    if ((packet.type == ICMP_ECHOREPLY) && (packet.un.echo.id == id)) {
-      emit recvPing(htons(packet.un.echo.sequence));
-    }
-  }
-}
@@ -1,39 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef LINUXPINGSENDER_H
-#define LINUXPINGSENDER_H
-
-#include <QObject>
-
-#include "../../mozilla/pingsender.h"
-
-class QSocketNotifier;
-
-class LinuxPingSender final : public PingSender {
-  Q_OBJECT
-  Q_DISABLE_COPY_MOVE(LinuxPingSender)
-
- public:
-  LinuxPingSender(const QHostAddress& source, QObject* parent = nullptr);
-  ~LinuxPingSender();
-
-  bool isValid() override { return (m_socket >= 0); };
-
-  void sendPing(const QHostAddress& dest, quint16 sequence) override;
-
- private:
-  int createSocket();
-
- private slots:
-  void rawSocketReady();
-  void icmpSocketReady();
-
- private:
-  QSocketNotifier* m_notifier = nullptr;
-  int m_socket = -1;
-  quint16 m_ident = 0;
-};
-
-#endif  // LINUXPINGSENDER_H
@@ -141,6 +141,12 @@ bool WireguardUtilsMacos::addInterface(const InterfaceConfig& config) {
  for (const QString& key : config.m_specialJunk.keys()) {
      out << key.toLower() << "=" << config.m_specialJunk.value(key) << "\n";
  }
+  for (const QString& key : config.m_controlledJunk.keys()) {
+      out << key.toLower() << "=" << config.m_controlledJunk.value(key) << "\n";
+  }
+  if (!config.m_specialHandshakeTimeout.isEmpty()) {
+      out << "itime=" << config.m_specialHandshakeTimeout << "\n";
+  }

  int err = uapiErrno(uapiCommand(message));
  if (err != 0) {
@@ -10,31 +10,8 @@
 #include "../ios/iosnetworkwatcher.h"
 #include "networkwatcherimpl.h"

-#include <IOKit/pwr_mgt/IOPMLib.h>
-#include <IOKit/IOMessage.h>
-
-
 class QString;

-// Inspired by https://ladydebug.com/blog/2020/05/21/programmatically-capture-energy-saver-event-on-mac/
-class PowerNotificationsListener
-{
-public:
-    PowerNotificationsListener(class MacOSNetworkWatcher* watcher) : m_watcher(watcher) {}
-    void registerForNotifications();
-    void cleanup();
-
-private:
-    static void sleepWakeupCallBack(void *refParam, io_service_t service, natural_t messageType, void *messageArgument);
-
-private:
-    class MacOSNetworkWatcher* m_watcher = nullptr;
-    IONotificationPortRef notifyPortRef = nullptr; // notification port allocated by IORegisterForSystemPower
-    io_object_t notifierObj = IO_OBJECT_NULL; // notifier object, used to deregister later
-    io_connect_t rootPowerDomain = IO_OBJECT_NULL; // a reference to the Root Power Domain IOService
-};
-
-
 class MacOSNetworkWatcher final : public IOSNetworkWatcher {
 public:
  MacOSNetworkWatcher(QObject* parent);
@@ -48,7 +25,6 @@ class MacOSNetworkWatcher final : public IOSNetworkWatcher {

 private:
  void* m_delegate = nullptr;
-  PowerNotificationsListener m_powerlistener;
 };

 #endif  // MACOSNETWORKWATCHER_H
@@ -6,11 +6,6 @@
 #include "leakdetector.h"
 #include "logger.h"

-#include <QProcess>
-#include <QMetaObject>
-#include <pthread.h>
-#include <iostream>
-
 #import <CoreWLAN/CoreWLAN.h>
 #import <Network/Network.h>

@@ -18,37 +13,6 @@ namespace {
 Logger logger("MacOSNetworkWatcher");
 }

-// Global variables for CFRunLoop thread
-static pthread_t g_powerThread;
-static CFRunLoopRef g_powerRunLoop = nullptr;
-static bool g_shouldStopPowerThread = false;
-static PowerNotificationsListener* g_powerListener = nullptr;
-
-// Thread function for dedicated CFRunLoop
-void* powerMonitoringThread(void* arg) {
-    logger.debug() << "Power monitoring thread started";
-    
-    PowerNotificationsListener* listener = static_cast<PowerNotificationsListener*>(arg);
-    
-    // Get the runloop for this thread
-    g_powerRunLoop = CFRunLoopGetCurrent();
-    
-    // Register for power notifications in this thread
-    listener->registerForNotifications();
-    
-    // Run the CFRunLoop - this will block until CFRunLoopStop is called
-    while (!g_shouldStopPowerThread) {
-        CFRunLoopRunInMode(kCFRunLoopDefaultMode, 1.0, true);
-    }
-    
-    // Cleanup
-    listener->cleanup();
-    g_powerRunLoop = nullptr;
-    
-    logger.debug() << "Power monitoring thread finished";
-    return nullptr;
-}
-
@interface MacOSNetworkWatcherDelegate : NSObject <CWEventDelegate> {
  MacOSNetworkWatcher* m_watcher;
 }
@@ -69,145 +33,17 @@ void* powerMonitoringThread(void* arg) {

  if (m_watcher) {
    m_watcher->checkInterface();
-    // Emit networkChanged signal when BSSID changes
-    emit m_watcher->networkChanged(QString::fromNSString(interfaceName));
  }
 }

@end

-void PowerNotificationsListener::registerForNotifications()
-{
-    logger.debug() << "Registering for system power notifications in dedicated thread";
-    
-    rootPowerDomain = IORegisterForSystemPower(this, &notifyPortRef, sleepWakeupCallBack, &notifierObj);
-    if (rootPowerDomain == IO_OBJECT_NULL) {
-        logger.error() << "Failed to register for system power notifications!";
-        return;
-    }
-
-    // Add the notification port to the current runloop (dedicated thread)
-    CFRunLoopAddSource(CFRunLoopGetCurrent(), IONotificationPortGetRunLoopSource(notifyPortRef), kCFRunLoopCommonModes);
-    logger.debug() << "Power notifications registered successfully";
-}
-
-void PowerNotificationsListener::cleanup()
-{
-    if (notifyPortRef != nullptr) {
-        CFRunLoopRemoveSource(CFRunLoopGetCurrent(), IONotificationPortGetRunLoopSource(notifyPortRef), kCFRunLoopCommonModes);
-        IONotificationPortDestroy(notifyPortRef);
-        notifyPortRef = nullptr;
-    }
-    
-    if (notifierObj != IO_OBJECT_NULL) {
-        IODeregisterForSystemPower(&notifierObj);
-        notifierObj = IO_OBJECT_NULL;
-    }
-    
-    if (rootPowerDomain != IO_OBJECT_NULL) {
-        IOServiceClose(rootPowerDomain);
-        rootPowerDomain = IO_OBJECT_NULL;
-    }
-}
-
-void PowerNotificationsListener::sleepWakeupCallBack(void *refParam, io_service_t service, natural_t messageType, void *messageArgument)
-{
-	Q_UNUSED(service)
-
-    auto listener = static_cast<PowerNotificationsListener *>(refParam);
-
-    logger.debug() << "Power callback received, messageType:" << messageType;
-    switch (messageType) {
-    case kIOMessageCanSystemSleep:
-        /* Idle sleep is about to kick in. This message will not be sent for forced sleep.
-         * Applications have a chance to prevent sleep by calling IOCancelPowerChange.
-         * Most applications should not prevent idle sleep. Power Management waits up to
-         * 30 seconds for you to either allow or deny idle sleep. If you don’t acknowledge
-         * this power change by calling either IOAllowPowerChange or IOCancelPowerChange,
-         * the system will wait 30 seconds then go to sleep.
-         */
-
-        logger.debug() << "System power message: can system sleep?";
-
-        // Uncomment to cancel idle sleep
-        // IOCancelPowerChange(thiz->rootPowerDomain, reinterpret_cast<long>(messageArgument));
-
-        // Allow idle sleep
-        IOAllowPowerChange(listener->rootPowerDomain, reinterpret_cast<long>(messageArgument));
-        break;
-
-    case kIOMessageSystemWillNotSleep:
-        /* Announces that the system has retracted a previous attempt to sleep; it
-         * follows `kIOMessageCanSystemSleep`.
-         */
-        logger.debug() << "System power message: system will NOT sleep.";
-        break;
-
-    case kIOMessageSystemWillSleep:
-        /* The system WILL go to sleep. If you do not call IOAllowPowerChange or
-         * IOCancelPowerChange to acknowledge this message, sleep will be delayed by
-         * 30 seconds.
-         *
-         * NOTE: If you call IOCancelPowerChange to deny sleep it returns kIOReturnSuccess,
-         * however the system WILL still go to sleep.
-         */
-
-        logger.debug() << "System power message: system WILL sleep";
-        IOAllowPowerChange(listener->rootPowerDomain, reinterpret_cast<long>(messageArgument));
-        break;
-
-    case kIOMessageSystemWillPowerOn:
-        /* Announces that the system is beginning to power the device tree; most devices
-         * are still unavailable at this point.
-         */
-        /* From the documentation:
-         *
-         * - kIOMessageSystemWillPowerOn is delivered at early wakeup time, before most hardware
-         * has been powered on. Be aware that any attempts to access disk, network, the display,
-         * etc. may result in errors or blocking your process until those resources become
-         * available.
-         *
-         * So we do NOT log this event.
-         */
-        break;
-
-    case kIOMessageSystemHasPoweredOn:
-        /* Announces that the system and its devices have woken up. */
-        logger.debug() << "System has powered on - emitting wakeup signal from dedicated CFRunLoop thread";
-        if (listener->m_watcher) {
-            // Use QMetaObject::invokeMethod for thread-safe signal emission
-            QMetaObject::invokeMethod(listener->m_watcher, "wakeup", Qt::QueuedConnection);
-        }
-        break;
-
-    default:
-        logger.debug() << "System power message: other event: " << messageType;
-        /* Not a system sleep and wake notification. */
-        break;
-    }
-}
-
-MacOSNetworkWatcher::MacOSNetworkWatcher(QObject* parent) : IOSNetworkWatcher(parent), m_powerlistener(this) {
+MacOSNetworkWatcher::MacOSNetworkWatcher(QObject* parent) : IOSNetworkWatcher(parent) {
  MZ_COUNT_CTOR(MacOSNetworkWatcher);
 }

 MacOSNetworkWatcher::~MacOSNetworkWatcher() {
  MZ_COUNT_DTOR(MacOSNetworkWatcher);
-  
-  // Stop the dedicated power monitoring thread
-  if (g_powerListener) {
-    logger.debug() << "Stopping dedicated power monitoring thread";
-    g_shouldStopPowerThread = true;
-    
-    if (g_powerRunLoop) {
-      CFRunLoopStop(g_powerRunLoop);
-    }
-    
-    // Wait for thread to finish
-    pthread_join(g_powerThread, nullptr);
-    g_powerListener = nullptr;
-  }
-  
  if (m_delegate) {
    CWWiFiClient* client = CWWiFiClient.sharedWiFiClient;
    if (!client) {
@@ -230,20 +66,6 @@ void MacOSNetworkWatcher::start() {
    logger.debug() << "Delegate already registered";
    return;
  }
-  
-  // Start dedicated power monitoring thread with CFRunLoop
-  if (!g_powerListener) {
-    g_powerListener = &m_powerlistener;
-    g_shouldStopPowerThread = false;
-    
-    int result = pthread_create(&g_powerThread, nullptr, powerMonitoringThread, &m_powerlistener);
-    if (result != 0) {
-      logger.error() << "Failed to create power monitoring thread:" << result;
-      g_powerListener = nullptr;
-    } else {
-      logger.debug() << "Power monitoring enabled";
-    }
-  } 

  CWWiFiClient* client = CWWiFiClient.sharedWiFiClient;
  if (!client) {
@@ -255,8 +77,6 @@ void MacOSNetworkWatcher::start() {
  m_delegate = [[MacOSNetworkWatcherDelegate alloc] initWithObject:this];
  [client setDelegate:static_cast<MacOSNetworkWatcherDelegate*>(m_delegate)];
  [client startMonitoringEventWithType:CWEventTypeBSSIDDidChange error:nullptr];
-  
-  logger.debug() << "MacOSNetworkWatcher started successfully";
 }

 void MacOSNetworkWatcher::checkInterface() {
@@ -267,70 +87,42 @@ void MacOSNetworkWatcher::checkInterface() {
    return;
  }

-  // Use wdutil to get reliable WiFi information
-  QProcess process;
-  process.start("wdutil", QStringList() << "info");
-  process.waitForFinished(5000);
-  
-  QString output = process.readAllStandardOutput();
-  QString errorOutput = process.readAllStandardError();
-  
-  logger.debug() << "wdutil exit code:" << process.exitCode();
-  
-  if (process.exitCode() != 0) {
-    logger.debug() << "wdutil failed with exit code:" << process.exitCode();
+  CWWiFiClient* client = CWWiFiClient.sharedWiFiClient;
+  if (!client) {
+    logger.debug() << "Unable to retrieve the CWWiFiClient shared instance";
    return;
  }
-  
-  // Parse wdutil output to find WiFi connection info
-  QStringList lines = output.split('\n');
-  QString ssid, interfaceName, security;
-  bool wifiSectionFound = false;
-  
-  for (int i = 0; i < lines.size(); i++) {
-    QString trimmedLine = lines[i].trimmed();
-    
-    if (trimmedLine == "WIFI") {
-      wifiSectionFound = true;
-      continue;
-    }
-    
-    if (wifiSectionFound) {
-      // Stop parsing when we reach next section header (all caps after separator line)
-      if (trimmedLine.startsWith("————————")) {
-        if (i + 1 < lines.size()) {
-          QString nextLine = lines[i + 1].trimmed();
-          if (!nextLine.isEmpty() && nextLine.length() > 2 && nextLine.toUpper() == nextLine && nextLine != "WIFI") {
-            break;
-          }
-        }
-        continue; // Skip separator lines
-      }
-      
-      if (trimmedLine.startsWith("Interface Name")) {
-        QStringList parts = trimmedLine.split(":");
-        if (parts.size() >= 2) {
-          interfaceName = parts[1].trimmed();
-        }
-      } else if (trimmedLine.startsWith("SSID")) {
-        QStringList parts = trimmedLine.split(":");
-        if (parts.size() >= 2) {
-          ssid = parts[1].trimmed();
-        }
-      } else if (trimmedLine.startsWith("Security")) {
-        QStringList parts = trimmedLine.split(":");
-        if (parts.size() >= 2) {
-          security = parts[1].trimmed();
-        }
-      }
-    }
+
+  CWInterface* interface = [client interface];
+  if (!interface) {
+    logger.debug() << "No default wifi interface";
+    return;
  }
-  
-  if (!ssid.isEmpty() && !interfaceName.isEmpty()) {
-    logger.debug() << "Found active WiFi connection on" << interfaceName 
-                   << "SSID:" << ssid << "Security:" << security;
-  } else {
-    logger.debug() << "No active WiFi connection found";
+
+  if (![interface powerOn]) {
+    logger.debug() << "The interface is off";
+    return;
  }
+
+  NSString* ssidNS = [interface ssid];
+  if (!ssidNS) {
+    logger.debug() << "WiFi is not in used";
+    return;
+  }
+
+  QString ssid = QString::fromNSString(ssidNS);
+  if (ssid.isEmpty()) {
+    logger.debug() << "WiFi doesn't have a valid SSID";
+    return;
+  }
+
+  CWSecurity security = [interface security];
+  if (security == kCWSecurityNone || security == kCWSecurityWEP) {
+    logger.debug() << "Unsecured network found!";
+    emit unsecuredNetwork(ssid, ssid);
+    return;
+  }
+
+  logger.debug() << "Secure WiFi interface";
 }

@@ -22,6 +22,7 @@
 #include "logger.h"
 #include "platforms/windows/daemon/windowsfirewall.h"
 #include "platforms/windows/daemon/windowssplittunnel.h"
+#include "platforms/windows/windowscommons.h"
 #include "windowsfirewall.h"

 #include "core/networkUtilities.h"
@@ -62,9 +63,6 @@ void WindowsDaemon::prepareActivation(const InterfaceConfig& config, int inetAda
 }

 void WindowsDaemon::activateSplitTunnel(const InterfaceConfig& config, int vpnAdapterIndex) {
-    if (m_splitTunnelManager == nullptr)
-        return;
-
  if (config.m_vpnDisabledApps.length() > 0) {
      m_splitTunnelManager->start(m_inetAdapterIndex, vpnAdapterIndex);
      m_splitTunnelManager->excludeApps(config.m_vpnDisabledApps);
@@ -32,28 +32,9 @@ WindowsNetworkWatcher::~WindowsNetworkWatcher() {
  }
 }

-LRESULT WindowsNetworkWatcher::PowerWndProcCallback(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam) {
-  auto obj = reinterpret_cast<WindowsNetworkWatcher*>(GetWindowLongPtr(hwnd, GWLP_USERDATA));
-  if (!obj){
-    logger.debug() << "obj not casted";
-    return DefWindowProc(hwnd, uMsg, wParam, lParam);
-  }
-  switch (uMsg) {
-  case WM_POWERBROADCAST:
-    if (wParam == PBT_APMRESUMESUSPEND) {
-        emit obj->wakeup();
-    }
-    break;
-  default:
-    return DefWindowProc(hwnd, uMsg, wParam, lParam);
-  }
-  return 0;
-}
-
 void WindowsNetworkWatcher::initialize() {
  logger.debug() << "initialize";

-
  DWORD negotiatedVersion;
  if (WlanOpenHandle(2, nullptr, &negotiatedVersion, &m_wlanHandle) !=
      ERROR_SUCCESS) {
@@ -70,25 +51,6 @@ void WindowsNetworkWatcher::initialize() {
    return;
  }

-  const wchar_t* className = L"PowerMonitorClass";
-  WNDCLASS wc = { 0 };
-  wc.lpfnWndProc = &WindowsNetworkWatcher::PowerWndProcCallback;
-  wc.hInstance = GetModuleHandle(NULL);
-  wc.lpszClassName = className;
-  wc.cbWndExtra = sizeof(WindowsNetworkWatcher*);
-
-  if (!RegisterClass(&wc)) {
-    logger.debug() << "Failed to register window class in createPowerMonitorWindow.";
-    return;
-  }
-
-  HWND hwnd = CreateWindowEx(0, className, L"Power Monitor", 0, 0, 0, 0, 0, NULL, NULL, GetModuleHandle(NULL), static_cast<LPVOID>(this));
-  if (!hwnd) {
-    logger.debug() << "Failed to create window in createPowerMonitorWindow.";
-    return;
-  }
-  SetWindowLongPtr(hwnd, GWLP_USERDATA, reinterpret_cast<LONG_PTR>(this));
-
  logger.debug() << "callback registered";
 }

@@ -175,4 +137,4 @@ void WindowsNetworkWatcher::processWlan(PWLAN_NOTIFICATION_DATA data) {
  logger.debug() << "Unsecure network:" << logger.sensitive(ssid)
                 << "id:" << logger.sensitive(bssid);
  emit unsecuredNetwork(ssid, bssid);
-}
+}
@@ -19,7 +19,6 @@ class WindowsNetworkWatcher final : public NetworkWatcherImpl {

 private:
  static void wlanCallback(PWLAN_NOTIFICATION_DATA data, PVOID context);
-  static LRESULT PowerWndProcCallback(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam);

  void processWlan(PWLAN_NOTIFICATION_DATA data);

@@ -179,7 +179,6 @@ void WindowsPingSender::pingEventReady() {
      return;
    }
    QString errmsg = WindowsUtils::getErrorMessage();
-    emit criticalPingError();
    logger.error() << "No ping reply. Code: " << error
                   << " Message: " << errmsg;
    return;
@@ -6,7 +6,6 @@

 #include <chrono>

-#include "ipc.h"
 #include "logger.h"
 #include "ikev2_vpn_protocol_windows.h"
 #include "utilities.h"
@@ -7,7 +7,7 @@
 #include <QNetworkInterface>

 #include "core/networkUtilities.h"
-#include "ipc.h"
+#include "logger.h"
 #include "openvpnprotocol.h"
 #include "utilities.h"
 #include "version.h"
@@ -56,12 +56,7 @@ void OpenVpnProtocol::stop()
    }

 #if defined(Q_OS_WIN) || defined(Q_OS_LINUX) || defined(Q_OS_MACOS)
-    IpcClient::withInterface([](QSharedPointer<IpcInterfaceReplica> iface) {
-        QRemoteObjectPendingReply<bool> reply = iface->disableKillSwitch();
-        if (!reply.waitForFinished(1000) && !reply.returnValue()) {
-            qWarning() << "OpenVpnProtocol::stop(): Failed to disable killswitch";
-        }
-    });
+    IpcClient::Interface()->disableKillSwitch();
 #endif

    setConnectionState(Vpn::ConnectionState::Disconnected);
@@ -69,24 +64,21 @@ void OpenVpnProtocol::stop()

 ErrorCode OpenVpnProtocol::prepare()
 {
-    return IpcClient::withInterface([](QSharedPointer<IpcInterfaceReplica> iface) {
-        QRemoteObjectPendingReply<QStringList> listReply = iface->getTapList();
-        if (!listReply.waitForFinished(1000)) {
-            return ErrorCode::InternalError;
-        }
-
-        QStringList list = listReply.returnValue();
-        if (list.empty()) {
-            QRemoteObjectPendingReply<bool> installReply = iface->checkAndInstallDriver();
-            if (!installReply.waitForFinished() || !installReply.returnValue()) {
-                return ErrorCode::OpenVpnTapAdapterError;
-            }
-        }
-
-        return ErrorCode::NoError;
-    }, [] () {
+    if (!IpcClient::Interface()) {
        return ErrorCode::AmneziaServiceConnectionFailed;
-    });
+    }
+
+    QRemoteObjectPendingReply<QStringList> resultCheck = IpcClient::Interface()->getTapList();
+    resultCheck.waitForFinished();
+
+    if (resultCheck.returnValue().isEmpty()) {
+        QRemoteObjectPendingReply<bool> resultInstall = IpcClient::Interface()->checkAndInstallDriver();
+        resultInstall.waitForFinished();
+
+        if (!resultInstall.returnValue())
+            return ErrorCode::OpenVpnTapAdapterError;
+    }
+    return ErrorCode::NoError;
 }

 void OpenVpnProtocol::killOpenVpnProcess()
@@ -180,17 +172,8 @@ ErrorCode OpenVpnProtocol::start()
    }

 #ifdef AMNEZIA_DESKTOP
-    const ErrorCode res = IpcClient::withInterface([&](QSharedPointer<IpcInterfaceReplica> iface) {
-        QString ip = NetworkUtilities::getIPAddress(m_configData.value(amnezia::config_key::hostName).toString());
-        QRemoteObjectPendingReply<bool> reply = iface->addKillSwitchAllowedRange(QStringList(ip));
-        if (!reply.waitForFinished(1000) || !reply.returnValue()) {
-            return ErrorCode::AmneziaServiceConnectionFailed;
-        }
-        return ErrorCode::NoError;
-    });
-    if (res != ErrorCode::NoError) {
-        return res;
-    }
+    IpcClient::Interface()->addKillSwitchAllowedRange(QStringList(NetworkUtilities::getIPAddress(
+            m_configData.value(amnezia::config_key::hostName).toString())));
 #endif

    // Detect default gateway
@@ -232,6 +215,12 @@ ErrorCode OpenVpnProtocol::start()
        return ErrorCode::AmneziaServiceConnectionFailed;
    }

+    m_openVpnProcess->waitForSource(5000);
+    if (!m_openVpnProcess->isInitialized()) {
+        qWarning() << "IpcProcess replica is not connected!";
+        setLastError(ErrorCode::AmneziaServiceConnectionFailed);
+        return ErrorCode::AmneziaServiceConnectionFailed;
+    }
    m_openVpnProcess->setProgram(PermittedProcess::OpenVPN);
    QStringList arguments({
            "--config", configPath(), "--management", m_managementHost, QString::number(mgmtPort),
@@ -240,13 +229,13 @@ ErrorCode OpenVpnProtocol::start()
    m_openVpnProcess->setArguments(arguments);

    qDebug() << arguments.join(" ");
-    connect(m_openVpnProcess.data(), &IpcProcessInterfaceReplica::errorOccurred,
+    connect(m_openVpnProcess.data(), &PrivilegedProcess::errorOccurred,
            [&](QProcess::ProcessError error) { qDebug() << "PrivilegedProcess errorOccurred" << error; });

-    connect(m_openVpnProcess.data(), &IpcProcessInterfaceReplica::stateChanged,
+    connect(m_openVpnProcess.data(), &PrivilegedProcess::stateChanged,
            [&](QProcess::ProcessState newState) { qDebug() << "PrivilegedProcess stateChanged" << newState; });

-    connect(m_openVpnProcess.data(), &IpcProcessInterfaceReplica::finished, this,
+    connect(m_openVpnProcess.data(), &PrivilegedProcess::finished, this,
            [&]() { setConnectionState(Vpn::ConnectionState::Disconnected); });

    m_openVpnProcess->start();
@@ -347,37 +336,30 @@ void OpenVpnProtocol::updateVpnGateway(const QString &line)
                m_vpnGateway = l.split(" ").at(2);
 #ifdef Q_OS_WIN
                QThread::msleep(300);
-                IpcClient::withInterface([&](QSharedPointer<IpcInterfaceReplica> iface) {
-                    QList<QNetworkInterface> netInterfaces = QNetworkInterface::allInterfaces();
-                    for (int i = 0; i < netInterfaces.size(); i++) {
-                        for (int j=0; j < netInterfaces.at(i).addressEntries().size(); j++)
-                        {
-                            // killSwitch toggle
-                            if (m_vpnLocalAddress == netInterfaces.at(i).addressEntries().at(j).ip().toString()) {
-                                if (QVariant(m_configData.value(config_key::killSwitchOption).toString()).toBool()) {
-                                    iface->enableKillSwitch(m_configData, netInterfaces.at(i).index());
-                                }
-                                m_configData.insert("vpnAdapterIndex", netInterfaces.at(i).index());
-                                m_configData.insert("vpnGateway", m_vpnGateway);
-                                m_configData.insert("vpnServer",
-                                                    NetworkUtilities::getIPAddress(m_configData.value(amnezia::config_key::hostName).toString()));
-                                iface->enablePeerTraffic(m_configData);
+                QList<QNetworkInterface> netInterfaces = QNetworkInterface::allInterfaces();
+                for (int i = 0; i < netInterfaces.size(); i++) {
+                    for (int j=0; j < netInterfaces.at(i).addressEntries().size(); j++)
+                    {
+                        // killSwitch toggle
+                        if (m_vpnLocalAddress == netInterfaces.at(i).addressEntries().at(j).ip().toString()) {
+                            if (QVariant(m_configData.value(config_key::killSwitchOption).toString()).toBool()) {
+                                IpcClient::Interface()->enableKillSwitch(m_configData, netInterfaces.at(i).index());
                            }
+                            m_configData.insert("vpnAdapterIndex", netInterfaces.at(i).index());
+                            m_configData.insert("vpnGateway", m_vpnGateway);
+                            m_configData.insert("vpnServer",
+                                                NetworkUtilities::getIPAddress(m_configData.value(amnezia::config_key::hostName).toString()));
+                            IpcClient::Interface()->enablePeerTraffic(m_configData);
                        }
                    }
-                });
+                }
 #endif
 #if defined(Q_OS_LINUX) || defined(Q_OS_MACOS)
                // killSwitch toggle
                if (QVariant(m_configData.value(config_key::killSwitchOption).toString()).toBool()) {
                    m_configData.insert("vpnServer",
                                        NetworkUtilities::getIPAddress(m_configData.value(amnezia::config_key::hostName).toString()));
-                    IpcClient::withInterface([&](QSharedPointer<IpcInterfaceReplica> iface) {
-                        QRemoteObjectPendingReply<bool> reply = iface->enableKillSwitch(m_configData, 0);
-                        if (!reply.waitForFinished(1000) || !reply.returnValue()) {
-                            qWarning() << "OpenVpnProtocol::updateVpnGateway(): Failed to enable killswitch";
-                        }
-                    });
+                    IpcClient::Interface()->enableKillSwitch(m_configData, 0);
                }
 #endif
                qDebug() << QString("Set vpn local address %1, gw %2").arg(m_vpnLocalAddress).arg(vpnGateway());
@@ -53,7 +53,7 @@ private:
    void updateRouteGateway(QString line);
    void updateVpnGateway(const QString &line);

-    QSharedPointer<IpcProcessInterfaceReplica> m_openVpnProcess;
+    QSharedPointer<PrivilegedProcess> m_openVpnProcess;
 };

 #endif // OPENVPNPROTOCOL_H
@@ -1,7 +1,6 @@
 #include "protocols_defs.h"

 #include <QRandomGenerator>
-#include <QJsonObject>

 using namespace amnezia;

@@ -218,17 +217,3 @@ QString ProtocolProps::key_proto_config_path(Proto p)
 {
    return protoToString(p) + "_config_path";
 }
-
-QString ProtocolProps::getProtocolVersion(const QJsonObject &protocolConfig)
-{
-    return protocolConfig.value(config_key::protocolVersion).toString();
-}
-
-QString ProtocolProps::getProtocolVersionString(const QJsonObject &protocolConfig)
-{
-    auto version = getProtocolVersion(protocolConfig);
-
-    if (version == protocols::awg::awgV2) return QObject::tr(" (version 2)");
-    if (version == protocols::awg::awgV1_5) return QObject::tr(" (version 1.5)");
-    return "";
-}
@@ -83,8 +83,10 @@ namespace amnezia
        constexpr char specialJunk3[] = "I3";
        constexpr char specialJunk4[] = "I4";
        constexpr char specialJunk5[] = "I5";
-
-        constexpr char protocolVersion[] = "protocol_version";
+        constexpr char controlledJunk1[] = "J1";
+        constexpr char controlledJunk2[] = "J2";
+        constexpr char controlledJunk3[] = "J3";
+        constexpr char specialHandshakeTimeout[] = "Itime";

        constexpr char openvpn[] = "openvpn";
        constexpr char wireguard[] = "wireguard";
@@ -216,8 +218,7 @@ namespace amnezia
            constexpr char defaultMtu[] = "1376";
 #endif

-            constexpr char serverConfigPath[] = "/opt/amnezia/awg/awg0.conf";
-            constexpr char serverLegacyConfigPath[] = "/opt/amnezia/awg/wg0.conf";
+            constexpr char serverConfigPath[] = "/opt/amnezia/awg/wg0.conf";
            constexpr char serverPublicKeyPath[] = "/opt/amnezia/awg/wireguard_server_public_key.key";
            constexpr char serverPskKeyPath[] = "/opt/amnezia/awg/wireguard_psk.key";

@@ -233,14 +234,15 @@ namespace amnezia
            constexpr char defaultResponsePacketMagicHeader[] = "3288052141";
            constexpr char defaultTransportPacketMagicHeader[] = "2528465083";
            constexpr char defaultUnderloadPacketMagicHeader[] = "1766607858";
-            constexpr char defaultSpecialJunk1[] = "<r 2><b 0x858000010001000000000669636c6f756403636f6d0000010001c00c000100010000105a00044d583737>";
+            constexpr char defaultSpecialJunk1[] = "";
            constexpr char defaultSpecialJunk2[] = "";
            constexpr char defaultSpecialJunk3[] = "";
            constexpr char defaultSpecialJunk4[] = "";
            constexpr char defaultSpecialJunk5[] = "";
-
-            constexpr char awgV1_5[] = "1.5";
-            constexpr char awgV2[] = "2";
+            constexpr char defaultControlledJunk1[] = "";
+            constexpr char defaultControlledJunk2[] = "";
+            constexpr char defaultControlledJunk3[] = "";
+            constexpr char defaultSpecialHandshakeTimeout[] = "";
        }

        namespace socks5Proxy
@@ -323,9 +325,6 @@ namespace amnezia

        Q_INVOKABLE static QString key_proto_config_data(Proto p);
        Q_INVOKABLE static QString key_proto_config_path(Proto p);
-
-        static QString getProtocolVersion(const QJsonObject &protocolConfig);
-        static QString getProtocolVersionString(const QJsonObject &protocolConfig);
    };
 } // namespace amnezia

--- a/Show More
+++ b/Show More