The 'Kill Switch' option (used Mozilla VPN sources) is activated by default

Qr rework

.gitignore

@@ -24,6 +24,31 @@ ui_*.h
 Makefile*
 *build-*
 
+# Qt-es
+client/Debug-iphoneos/
+client/.xcode/
+client/.qmake.cache
+client/.qmake.stash
+client/*.pro.user
+client/*.pro.user.*
+client/*.qbs.user
+client/*.qbs.user.*
+client/*.moc
+client/moc_*.cpp
+client/qrc_*.cpp
+client/ui_*.h
+client/ui_*.cpp
+client/Makefile*
+client/*build-*
+client/AmneziaVPN.xcodeproj
+client/Debug-iphonesimulator/
+client/amneziavpn_plugin_import.cpp
+client/amneziavpn_qml_plugin_import.cpp
+client/qmlcache_loader.cpp
+client/rep_ipc_interface_replica.h
+client/resources_qmlcache.qrc
+client/3rd/OpenVPNAdpter/build/
+
 # QtCreator
 
 *.autosave
@@ -37,6 +62,7 @@ CMakeLists.txt.user*
 
 # MACOS files
 .DS_Store
+client/.DS_Store
 ._.DS_Store
 ._*
 *.dmg

.gitmodules

@@ -4,3 +4,12 @@
 [submodule "client/3rd/wireguard-tools"]
 	path = client/3rd/wireguard-tools
 	url = https://github.com/WireGuard/wireguard-tools/
+[submodule "client/3rd/wireguard-apple"]
+	path = client/3rd/wireguard-apple
+	url = https://github.com/WireGuard/wireguard-apple
+[submodule "client/3rd/OpenVPNAdapter"]
+	path = client/3rd/OpenVPNAdapter
+	url = https://github.com/ss-abramchuk/OpenVPNAdapter.git
+[submodule "client/3rd/qzxing"]
+	path = client/3rd/qzxing
+	url = https://github.com/ftylitak/qzxing.git

client/3rd/OpenSSL/include/openssl/applink.c

@@ -1,4 +1,4 @@
-/*
+  /*
  * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use

client/3rd/QRCodeGenerator/QRCodeGenerator.h

@@ -1,129 +0,0 @@
-
-#if !defined(AFX_QR_ENCODE_H__AC886DF7_C0AE_4C9F_AC7A_FCDA8CB1DD37__INCLUDED_)
-#define AFX_QR_ENCODE_H__AC886DF7_C0AE_4C9F_AC7A_FCDA8CB1DD37__INCLUDED_
-
-#if _MSC_VER > 1000
-#pragma once
-#endif // _MSC_VER > 1000
-
-/////////////////////////////////////////////////////////////////////////////
-
-//
-#define QR_LEVEL_L	0
-#define QR_LEVEL_M	1
-#define QR_LEVEL_Q	2
-#define QR_LEVEL_H	3
-
-//
-#define QR_MODE_NUMERAL		0
-#define QR_MODE_ALPHABET	1
-#define QR_MODE_8BIT		2
-#define QR_MODE_KANJI		3
-
-// 
-#define QR_VRESION_S	0 
-#define QR_VRESION_M	1 
-#define QR_VRESION_L	2 
-
-#define MAX_ALLCODEWORD	 3706 
-#define MAX_DATACODEWORD 2956 
-#define MAX_CODEBLOCK	  153 
-#define MAX_MODULESIZE	  177 
-
-#define QR_MARGIN	0
-
-
-/////////////////////////////////////////////////////////////////////////////
-typedef struct tagRS_BLOCKINFO
-{
-	int ncRSBlock;		
-	int ncAllCodeWord;	
-	int ncDataCodeWord;	
-
-} RS_BLOCKINFO, *LPRS_BLOCKINFO;
-
-
-/////////////////////////////////////////////////////////////////////////////
-
-typedef struct tagQR_VERSIONINFO
-{
-	int nVersionNo;	   
-	int ncAllCodeWord; 
-
-	int ncDataCodeWord[4];	
-
-	int ncAlignPoint;	
-	int nAlignPoint[6];	
-
-	RS_BLOCKINFO RS_BlockInfo1[4]; 
-	RS_BLOCKINFO RS_BlockInfo2[4]; 
-
-} QR_VERSIONINFO, *LPQR_VERSIONINFO;
-
-
-/////////////////////////////////////////////////////////////////////////////
-
-class CQR_Encode
-{
-public:
-	CQR_Encode();
-	~CQR_Encode();
-
-public:
-	int m_nLevel;		
-	int m_nVersion;		
-	bool m_bAutoExtent;	
-	int m_nMaskingNo;	
-
-public:
-	int m_nSymbleSize;
-	unsigned char m_byModuleData[MAX_MODULESIZE][MAX_MODULESIZE]; // [x][y]
-
-private:
-	int m_ncDataCodeWordBit; 
-	unsigned char m_byDataCodeWord[MAX_DATACODEWORD]; 
-
-	int m_ncDataBlock;
-	unsigned char m_byBlockMode[MAX_DATACODEWORD];
-	int m_nBlockLength[MAX_DATACODEWORD];
-
-	int m_ncAllCodeWord; 
-	unsigned char m_byAllCodeWord[MAX_ALLCODEWORD]; 
-	unsigned char m_byRSWork[MAX_CODEBLOCK]; 
-
-public:
-    bool EncodeData(int nLevel, int nVersion, bool bAutoExtent, int nMaskingNo, const char* lpsSource, int ncSource = 0);
-
-private:
-    int GetEncodeVersion(int nVersion, const char* lpsSource, int ncLength);
-    bool EncodeSourceData(const char* lpsSource, int ncLength, int nVerGroup);
-
-	int GetBitLength(unsigned char nMode, int ncData, int nVerGroup);
-
-	int SetBitStream(int nIndex, unsigned short wData, int ncData);
-
-	bool IsNumeralData(unsigned char c);
-	bool IsAlphabetData(unsigned char c);
-	bool IsKanjiData(unsigned char c1, unsigned char c2);
-
-	unsigned char AlphabetToBinaly(unsigned char c);
-	unsigned short KanjiToBinaly(unsigned short wc);
-
-	void GetRSCodeWord(unsigned char * lpbyRSWork, int ncDataCodeWord, int ncRSCodeWord);
-
-private:
-	void FormatModule();
-
-	void SetFunctionModule();
-	void SetFinderPattern(int x, int y);
-	void SetAlignmentPattern(int x, int y);
-	void SetVersionPattern();
-	void SetCodeWordPattern();
-	void SetMaskingPattern(int nPatternNo);
-	void SetFormatInfoPattern(int nPatternNo);
-	int CountPenalty();
-};
-
-/////////////////////////////////////////////////////////////////////////////
-
-#endif // !defined(AFX_QR_ENCODE_H__AC886DF7_C0AE_4C9F_AC7A_FCDA8CB1DD37__INCLUDED_)

client/3rd/QRCodeGenerator/QRCodeGenerator.pri

@@ -1,5 +0,0 @@
-HEADERS  += \
-   3rd/QRCodeGenerator/QRCodeGenerator.h \
-
-SOURCES  += \
-   3rd/QRCodeGenerator/QRCodeGenerator.cpp \

client/3rd/QtSsh/src/botan/botan.pri

@@ -11,7 +11,7 @@ win32 {
        -lcrypt32 \
 
    !contains(QMAKE_TARGET.arch, x86_64) {
-      INCLUDEPATH += $$PWD/windows/x86_64
+      INCLUDEPATH += $$PWD/windows/x86
       HEADERS += $$PWD/windows/x86/botan_all.h
       SOURCES += $$PWD/windows/x86/botan_all.cpp
    }
@@ -57,10 +57,16 @@ ios: {
             ARCH_TAG = "ios_armv7"
         }
     }
+  
+  CONFIG(iphonesimulator, iphoneos|iphonesimulator) {
+      INCLUDEPATH += $$PWD/ios/iphone
+      HEADERS += $$PWD/ios/iphone/botan_all.h
+      SOURCES += $$PWD/ios/iphone/botan_all.cpp
+  }
 
-    CONFIG(iphonesimulator, iphoneos|iphonesimulator) {
-        INCLUDEPATH += $$PWD/ios/simulator
-        HEADERS += $$PWD/ios/simulator/botan_all.h
-        SOURCES += $$PWD/ios/simulator/botan_all.cpp
-    }
+#    CONFIG(iphonesimulator, iphoneos|iphonesimulator) {
+#        INCLUDEPATH += $$PWD/ios/simulator
+#        HEADERS += $$PWD/ios/simulator/botan_all.h
+#        SOURCES += $$PWD/ios/simulator/botan_all.cpp
+#    }
 }

client/3rd/QtSsh/src/ssh/sshconnection.cpp

@@ -940,8 +940,8 @@ void SshConnectionPrivate::connectToHost()
             this, &SshConnectionPrivate::handleSocketConnected);
     connect(m_socket, &QIODevice::readyRead,
             this, &SshConnectionPrivate::handleIncomingData);
-    connect(m_socket, SIGNAL(error(QAbstractSocket::SocketError)), this,
-        SLOT(handleSocketError()));
+    connect(m_socket, &QAbstractSocket::errorOccurred,
+            this, &SshConnectionPrivate::handleSocketError);
     connect(m_socket, &QAbstractSocket::disconnected,
             this, &SshConnectionPrivate::handleSocketDisconnected);
     connect(&m_timeoutTimer, &QTimer::timeout, this, &SshConnectionPrivate::handleTimeout);

client/AmneziaVPN-Swift.h

@@ -0,0 +1,247 @@
+#ifndef AmneziaVPN_Swift_h
+#define AmneziaVPN_Swift_h
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wgcc-compat"
+
+#if !defined(__has_include)
+# define __has_include(x) 0
+#endif
+#if !defined(__has_attribute)
+# define __has_attribute(x) 0
+#endif
+#if !defined(__has_feature)
+# define __has_feature(x) 0
+#endif
+#if !defined(__has_warning)
+# define __has_warning(x) 0
+#endif
+
+#if __has_include(<swift/objc-prologue.h>)
+# include <swift/objc-prologue.h>
+#endif
+
+#pragma clang diagnostic ignored "-Wauto-import"
+#include <Foundation/Foundation.h>
+#include <stdint.h>
+#include <stddef.h>
+#include <stdbool.h>
+
+#if !defined(SWIFT_TYPEDEFS)
+# define SWIFT_TYPEDEFS 1
+# if __has_include(<uchar.h>)
+#  include <uchar.h>
+# elif !defined(__cplusplus)
+typedef uint_least16_t char16_t;
+typedef uint_least32_t char32_t;
+# endif
+typedef float swift_float2  __attribute__((__ext_vector_type__(2)));
+typedef float swift_float3  __attribute__((__ext_vector_type__(3)));
+typedef float swift_float4  __attribute__((__ext_vector_type__(4)));
+typedef double swift_double2  __attribute__((__ext_vector_type__(2)));
+typedef double swift_double3  __attribute__((__ext_vector_type__(3)));
+typedef double swift_double4  __attribute__((__ext_vector_type__(4)));
+typedef int swift_int2  __attribute__((__ext_vector_type__(2)));
+typedef int swift_int3  __attribute__((__ext_vector_type__(3)));
+typedef int swift_int4  __attribute__((__ext_vector_type__(4)));
+typedef unsigned int swift_uint2  __attribute__((__ext_vector_type__(2)));
+typedef unsigned int swift_uint3  __attribute__((__ext_vector_type__(3)));
+typedef unsigned int swift_uint4  __attribute__((__ext_vector_type__(4)));
+#endif
+
+#if !defined(SWIFT_PASTE)
+# define SWIFT_PASTE_HELPER(x, y) x##y
+# define SWIFT_PASTE(x, y) SWIFT_PASTE_HELPER(x, y)
+#endif
+#if !defined(SWIFT_METATYPE)
+# define SWIFT_METATYPE(X) Class
+#endif
+#if !defined(SWIFT_CLASS_PROPERTY)
+# if __has_feature(objc_class_property)
+#  define SWIFT_CLASS_PROPERTY(...) __VA_ARGS__
+# else
+#  define SWIFT_CLASS_PROPERTY(...)
+# endif
+#endif
+
+#if __has_attribute(objc_runtime_name)
+# define SWIFT_RUNTIME_NAME(X) __attribute__((objc_runtime_name(X)))
+#else
+# define SWIFT_RUNTIME_NAME(X)
+#endif
+#if __has_attribute(swift_name)
+# define SWIFT_COMPILE_NAME(X) __attribute__((swift_name(X)))
+#else
+# define SWIFT_COMPILE_NAME(X)
+#endif
+#if __has_attribute(objc_method_family)
+# define SWIFT_METHOD_FAMILY(X) __attribute__((objc_method_family(X)))
+#else
+# define SWIFT_METHOD_FAMILY(X)
+#endif
+#if __has_attribute(noescape)
+# define SWIFT_NOESCAPE __attribute__((noescape))
+#else
+# define SWIFT_NOESCAPE
+#endif
+#if __has_attribute(ns_consumed)
+# define SWIFT_RELEASES_ARGUMENT __attribute__((ns_consumed))
+#else
+# define SWIFT_RELEASES_ARGUMENT
+#endif
+#if __has_attribute(warn_unused_result)
+# define SWIFT_WARN_UNUSED_RESULT __attribute__((warn_unused_result))
+#else
+# define SWIFT_WARN_UNUSED_RESULT
+#endif
+#if __has_attribute(noreturn)
+# define SWIFT_NORETURN __attribute__((noreturn))
+#else
+# define SWIFT_NORETURN
+#endif
+#if !defined(SWIFT_CLASS_EXTRA)
+# define SWIFT_CLASS_EXTRA
+#endif
+#if !defined(SWIFT_PROTOCOL_EXTRA)
+# define SWIFT_PROTOCOL_EXTRA
+#endif
+#if !defined(SWIFT_ENUM_EXTRA)
+# define SWIFT_ENUM_EXTRA
+#endif
+#if !defined(SWIFT_CLASS)
+# if __has_attribute(objc_subclassing_restricted)
+#  define SWIFT_CLASS(SWIFT_NAME) SWIFT_RUNTIME_NAME(SWIFT_NAME) __attribute__((objc_subclassing_restricted)) SWIFT_CLASS_EXTRA
+#  define SWIFT_CLASS_NAMED(SWIFT_NAME) __attribute__((objc_subclassing_restricted)) SWIFT_COMPILE_NAME(SWIFT_NAME) SWIFT_CLASS_EXTRA
+# else
+#  define SWIFT_CLASS(SWIFT_NAME) SWIFT_RUNTIME_NAME(SWIFT_NAME) SWIFT_CLASS_EXTRA
+#  define SWIFT_CLASS_NAMED(SWIFT_NAME) SWIFT_COMPILE_NAME(SWIFT_NAME) SWIFT_CLASS_EXTRA
+# endif
+#endif
+#if !defined(SWIFT_RESILIENT_CLASS)
+# if __has_attribute(objc_class_stub)
+#  define SWIFT_RESILIENT_CLASS(SWIFT_NAME) SWIFT_CLASS(SWIFT_NAME) __attribute__((objc_class_stub))
+#  define SWIFT_RESILIENT_CLASS_NAMED(SWIFT_NAME) __attribute__((objc_class_stub)) SWIFT_CLASS_NAMED(SWIFT_NAME)
+# else
+#  define SWIFT_RESILIENT_CLASS(SWIFT_NAME) SWIFT_CLASS(SWIFT_NAME)
+#  define SWIFT_RESILIENT_CLASS_NAMED(SWIFT_NAME) SWIFT_CLASS_NAMED(SWIFT_NAME)
+# endif
+#endif
+
+#if !defined(SWIFT_PROTOCOL)
+# define SWIFT_PROTOCOL(SWIFT_NAME) SWIFT_RUNTIME_NAME(SWIFT_NAME) SWIFT_PROTOCOL_EXTRA
+# define SWIFT_PROTOCOL_NAMED(SWIFT_NAME) SWIFT_COMPILE_NAME(SWIFT_NAME) SWIFT_PROTOCOL_EXTRA
+#endif
+
+#if !defined(SWIFT_EXTENSION)
+# define SWIFT_EXTENSION(M) SWIFT_PASTE(M##_Swift_, __LINE__)
+#endif
+
+#if !defined(OBJC_DESIGNATED_INITIALIZER)
+# if __has_attribute(objc_designated_initializer)
+#  define OBJC_DESIGNATED_INITIALIZER __attribute__((objc_designated_initializer))
+# else
+#  define OBJC_DESIGNATED_INITIALIZER
+# endif
+#endif
+#if !defined(SWIFT_ENUM_ATTR)
+# if defined(__has_attribute) && __has_attribute(enum_extensibility)
+#  define SWIFT_ENUM_ATTR(_extensibility) __attribute__((enum_extensibility(_extensibility)))
+# else
+#  define SWIFT_ENUM_ATTR(_extensibility)
+# endif
+#endif
+#if !defined(SWIFT_ENUM)
+# define SWIFT_ENUM(_type, _name, _extensibility) enum _name : _type _name; enum SWIFT_ENUM_ATTR(_extensibility) SWIFT_ENUM_EXTRA _name : _type
+# if __has_feature(generalized_swift_name)
+#  define SWIFT_ENUM_NAMED(_type, _name, SWIFT_NAME, _extensibility) enum _name : _type _name SWIFT_COMPILE_NAME(SWIFT_NAME); enum SWIFT_COMPILE_NAME(SWIFT_NAME) SWIFT_ENUM_ATTR(_extensibility) SWIFT_ENUM_EXTRA _name : _type
+# else
+#  define SWIFT_ENUM_NAMED(_type, _name, SWIFT_NAME, _extensibility) SWIFT_ENUM(_type, _name, _extensibility)
+# endif
+#endif
+#if !defined(SWIFT_UNAVAILABLE)
+# define SWIFT_UNAVAILABLE __attribute__((unavailable))
+#endif
+#if !defined(SWIFT_UNAVAILABLE_MSG)
+# define SWIFT_UNAVAILABLE_MSG(msg) __attribute__((unavailable(msg)))
+#endif
+#if !defined(SWIFT_AVAILABILITY)
+# define SWIFT_AVAILABILITY(plat, ...) __attribute__((availability(plat, __VA_ARGS__)))
+#endif
+#if !defined(SWIFT_WEAK_IMPORT)
+# define SWIFT_WEAK_IMPORT __attribute__((weak_import))
+#endif
+#if !defined(SWIFT_DEPRECATED)
+# define SWIFT_DEPRECATED __attribute__((deprecated))
+#endif
+#if !defined(SWIFT_DEPRECATED_MSG)
+# define SWIFT_DEPRECATED_MSG(...) __attribute__((deprecated(__VA_ARGS__)))
+#endif
+#if __has_feature(attribute_diagnose_if_objc)
+# define SWIFT_DEPRECATED_OBJC(Msg) __attribute__((diagnose_if(1, Msg, "warning")))
+#else
+# define SWIFT_DEPRECATED_OBJC(Msg) SWIFT_DEPRECATED_MSG(Msg)
+#endif
+#if !defined(IBSegueAction)
+# define IBSegueAction
+#endif
+#if __has_feature(modules)
+#if __has_warning("-Watimport-in-framework-header")
+#pragma clang diagnostic ignored "-Watimport-in-framework-header"
+#endif
+@import Foundation;
+@import ObjectiveC;
+#endif
+
+#pragma clang diagnostic ignored "-Wproperty-attribute-mismatch"
+#pragma clang diagnostic ignored "-Wduplicate-method-arg"
+#if __has_warning("-Wpragma-clang-attribute")
+# pragma clang diagnostic ignored "-Wpragma-clang-attribute"
+#endif
+#pragma clang diagnostic ignored "-Wunknown-pragmas"
+#pragma clang diagnostic ignored "-Wnullability"
+
+#if __has_attribute(external_source_symbol)
+# pragma push_macro("any")
+# undef any
+# pragma clang attribute push(__attribute__((external_source_symbol(language="Swift", defined_in="AmneziaVPN",generated_declaration))), apply_to=any(function,enum,objc_interface,objc_category,objc_protocol))
+# pragma pop_macro("any")
+#endif
+
+
+@class NSString;
+@class NSData;
+enum ConnectionState : NSInteger;
+@class NSDate;
+@class NSNumber;
+@class VPNIPAddressRange;
+
+SWIFT_CLASS("_TtC10AmneziaVPN18IOSVpnProtocolImpl")
+@interface IOSVpnProtocolImpl : NSObject
+- (nonnull instancetype)initWithBundleID:(NSString * _Nonnull)bundleID privateKey:(NSData * _Nonnull)privateKey deviceIpv4Address:(NSString * _Nonnull)deviceIpv4Address deviceIpv6Address:(NSString * _Nonnull)deviceIpv6Address closure:(void (^ _Nonnull)(enum ConnectionState, NSDate * _Nullable))closure callback:(void (^ _Nonnull)(BOOL))callback OBJC_DESIGNATED_INITIALIZER;
+- (nonnull instancetype)initWithBundleID:(NSString * _Nonnull)bundleID config:(NSString * _Nonnull)config closure:(void (^ _Nonnull)(enum ConnectionState, NSDate * _Nullable))closure callback:(void (^ _Nonnull)(BOOL))callback;
+- (void)connectWithDnsServer:(NSString * _Nonnull)dnsServer serverIpv6Gateway:(NSString * _Nonnull)serverIpv6Gateway serverPublicKey:(NSString * _Nonnull)serverPublicKey presharedKey:(NSString * _Nonnull)presharedKey serverIpv4AddrIn:(NSString * _Nonnull)serverIpv4AddrIn serverPort:(NSInteger)serverPort allowedIPAddressRanges:(NSArray<VPNIPAddressRange *> * _Nonnull)allowedIPAddressRanges ipv6Enabled:(Boolean)enabled reason:(NSInteger)reason failureCallback:(void (^ _Nonnull)(void))failureCallback;
+- (void)connectWithOvpnConfig:(NSString * _Nonnull)ovpnConfig failureCallback:(void (^ _Nonnull)(void))failureCallback;
+- (void)disconnect;
+- (void)checkStatusWithCallback:(void (^ _Nonnull)(NSString * _Nonnull, NSString * _Nonnull, NSString * _Nonnull))callback;
+- (nonnull instancetype)init SWIFT_UNAVAILABLE;
++ (nonnull instancetype)new SWIFT_UNAVAILABLE_MSG("-init is unavailable");
+@end
+
+typedef SWIFT_ENUM(NSInteger, ConnectionState, closed) {
+  ConnectionStateError = 0,
+  ConnectionStateConnected = 1,
+  ConnectionStateDisconnected = 2,
+};
+
+SWIFT_CLASS("_TtC10AmneziaVPN17VPNIPAddressRange")
+@interface VPNIPAddressRange : NSObject
+- (nonnull instancetype)initWithAddress:(NSString * _Nonnull)address networkPrefixLength:(uint8_t)networkPrefixLength isIpv6:(BOOL)isIpv6 OBJC_DESIGNATED_INITIALIZER;
+- (nonnull instancetype)init SWIFT_UNAVAILABLE;
++ (nonnull instancetype)new SWIFT_UNAVAILABLE_MSG("-init is unavailable");
+@end
+
+#if __has_attribute(external_source_symbol)
+# pragma clang attribute pop
+#endif
+#pragma clang diagnostic pop
+#endif /* AmneziaVPN_Swift_h */
+

client/Info.plist

@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>CFBundleDisplayName</key>
+	<string>${PRODUCT_NAME}</string>
+	<key>CFBundleExecutable</key>
+	<string>${EXECUTABLE_NAME}</string>
+	<key>CFBundleIconFile</key>
+	<string>${ASSETCATALOG_COMPILER_APPICON_NAME}</string>
+	<key>CFBundleIdentifier</key>
+	<string>${PRODUCT_BUNDLE_IDENTIFIER}</string>
+	<key>CFBundleName</key>
+	<string>${PRODUCT_NAME}</string>
+	<key>CFBundlePackageType</key>
+	<string>APPL</string>
+	<key>CFBundleShortVersionString</key>
+	<string>${QMAKE_SHORT_VERSION}</string>
+	<key>CFBundleSignature</key>
+	<string>${QMAKE_PKGINFO_TYPEINFO}</string>
+	<key>CFBundleVersion</key>
+	<string>${QMAKE_FULL_VERSION}</string>
+	<key>LSRequiresIPhoneOS</key>
+	<true/>
+	<key>MinimumOSVersion</key>
+	<string>${IPHONEOS_DEPLOYMENT_TARGET}</string>
+	<key>NOTE</key>
+	<string>This file was generated by Qt/QMake.</string>
+	<key>UILaunchStoryboardName</key>
+	<string>LaunchScreen</string>
+	<key>UISupportedInterfaceOrientations</key>
+	<array>
+		<string>UIInterfaceOrientationPortrait</string>
+		<string>UIInterfaceOrientationPortraitUpsideDown</string>
+		<string>UIInterfaceOrientationLandscapeLeft</string>
+		<string>UIInterfaceOrientationLandscapeRight</string>
+	</array>
+</dict>
+</plist>

client/WireGuard-Bridging-Header.h

@@ -0,0 +1,29 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "wireguard-go-version.h"
+#include "3rd/wireguard-apple/Sources/WireGuardKitC/WireGuardKitC.h"
+
+#include <stdbool.h>
+#include <stdint.h>
+
+#define WG_KEY_LEN (32)
+#define WG_KEY_LEN_BASE64 (45)
+#define WG_KEY_LEN_HEX (65)
+
+void key_to_base64(char base64[WG_KEY_LEN_BASE64],
+                   const uint8_t key[WG_KEY_LEN]);
+bool key_from_base64(uint8_t key[WG_KEY_LEN], const char* base64);
+
+void key_to_hex(char hex[WG_KEY_LEN_HEX], const uint8_t key[WG_KEY_LEN]);
+bool key_from_hex(uint8_t key[WG_KEY_LEN], const char* hex);
+
+bool key_eq(const uint8_t key1[WG_KEY_LEN], const uint8_t key2[WG_KEY_LEN]);
+
+void write_msg_to_log(const char* tag, const char* msg);
+
+#import "TargetConditionals.h"
+#if TARGET_OS_OSX
+#  include <libproc.h>
+#endif

client/android/AndroidManifest.xml

@@ -2,12 +2,13 @@
 <manifest package="org.amnezia.vpn" xmlns:android="http://schemas.android.com/apk/res/android" android:versionName="-- %%INSERT_VERSION_NAME%% --" android:versionCode="-- %%INSERT_VERSION_CODE%% --" android:installLocation="auto">
 
    <uses-permission android:name="android.permission.INTERNET" />
+   <uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />
    <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
    <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
    <uses-permission android:name="android.permission.FOREGROUND_SERVICE" />
    <uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" />
    <uses-permission android:name="android.permission.QUERY_ALL_PACKAGES"/>
-
+   <uses-permission android:name="android.permission.CAMERA"/>
 
     <!-- The following comment will be replaced upon deployment with default features based on the dependencies of the application.
          Remove the comment if you do not require these default features. -->

client/android/build.gradle

@@ -38,13 +38,9 @@ apply plugin: 'kotlinx-serialization'
 dependencies {
     implementation fileTree(dir: 'libs', include: ['*.jar', '*.aar'])
     implementation 'androidx.core:core-ktx:1.1.0'
-    implementation 'com.android.installreferrer:installreferrer:2.2'
-    implementation 'com.android.billingclient:billing-ktx:4.0.0'
     implementation "androidx.lifecycle:lifecycle-livedata-ktx:2.4.0-alpha02"
     implementation "androidx.security:security-crypto:1.1.0-alpha03"
     implementation "androidx.security:security-identity-credential:1.0.0-alpha02"
-    implementation 'com.adjust.sdk:adjust-android:4.28.2'
-    implementation 'com.google.android.gms:play-services-ads-identifier:17.0.1'
     implementation "org.jetbrains.kotlinx:kotlinx-serialization-json:1.2.2"
     coreLibraryDesugaring "com.android.tools:desugar_jdk_libs:1.0.10"
 }
@@ -106,8 +102,8 @@ android {
         resConfig "en"
         minSdkVersion = 24
         targetSdkVersion = 30
-        versionCode 2 // Change to a higher number
-        versionName "2.0.1" // Change to a higher number
+        versionCode 7 // Change to a higher number
+        versionName "2.0.7" // Change to a higher number
     }
 
    buildTypes {

client/android/src/debug/res/mipmap-anydpi-v26/vpnicon.xml

@@ -1,5 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<adaptive-icon xmlns:android="http://schemas.android.com/apk/res/android">
-    <background android:drawable="@color/vpnicon_background"/>
-    <foreground android:drawable="@mipmap/vpnicon_foreground"/>
-</adaptive-icon>

client/android/src/debug/res/mipmap-anydpi-v26/vpnicon_round.xml

@@ -1,5 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<adaptive-icon xmlns:android="http://schemas.android.com/apk/res/android">
-    <background android:drawable="@color/vpnicon_background"/>
-    <foreground android:drawable="@mipmap/vpnicon_round"/>
-</adaptive-icon>

client/android/src/debug/res/values/vpnicon_background.xml

@@ -1,4 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<resources>
-    <color name="vpnicon_background">#000000</color>
-</resources>

client/android/src/org/amnezia/vpn/VPNService.kt

@@ -377,11 +377,11 @@ class VPNService : android.net.VpnService() {
                     val wgConfig: String = wireguard_conf!!.toWgUserspaceString()
                     val builder = Builder()
                     setupBuilder(wireguard_conf, builder)
-                    builder.setSession("mvpn0")
+                    builder.setSession("avpn0")
                     builder.establish().use { tun ->
                         if (tun == null)return
                         Log.i(tag, "Go backend " + wgVersion())
-                        currentTunnelHandle = wgTurnOn("mvpn0", tun.detachFd(), wgConfig)
+                        currentTunnelHandle = wgTurnOn("avpn0", tun.detachFd(), wgConfig)
                     }
                     if (currentTunnelHandle < 0) {
                         Log.e(tag, "Activation Error Code -> $currentTunnelHandle")

client/android/src/org/ftylitak/qzxing/NativeFunctions.java

@@ -0,0 +1,6 @@
+package org.ftylitak.qzxing;
+
+public class NativeFunctions {
+    public static native void onPermissionsGranted();
+    public static native void onPermissionsDenied();
+}

client/android/src/org/ftylitak/qzxing/QZXingLiveActivity.java

@@ -0,0 +1,25 @@
+package org.ftylitak.qzxing;
+
+import android.Manifest;
+import android.content.pm.PackageManager;
+import org.qtproject.qt5.android.bindings.QtActivity;
+import static org.ftylitak.qzxing.Utilities.REQUEST_CAMERA;
+
+public class QZXingLiveActivity extends QtActivity {
+    @Override
+    public void onRequestPermissionsResult(int requestCode,
+                                           String permissions[], int[] grantResults) {
+        switch (requestCode) {
+            case REQUEST_CAMERA: {
+                // If request is cancelled, the result arrays are empty.
+                if (grantResults.length > 0
+                        && grantResults[0] == PackageManager.PERMISSION_GRANTED) {
+                    NativeFunctions.onPermissionsGranted();
+                } else {
+                    NativeFunctions.onPermissionsDenied();
+                }
+                return;
+            }
+        }
+    }
+}

client/android/src/org/ftylitak/qzxing/Utilities.java

@@ -0,0 +1,42 @@
+package org.ftylitak.qzxing;
+
+import android.Manifest;
+import android.app.Activity;
+import android.content.pm.PackageManager;
+import androidx.core.app.ActivityCompat;
+import androidx.core.content.ContextCompat;
+
+import java.util.ArrayList;
+
+public class Utilities {
+
+    public static final int REQUEST_CAMERA = 0;
+
+    public static final String[] requiredPermissionsModifyPhoneState = {
+            Manifest.permission.CAMERA,
+            Manifest.permission.READ_EXTERNAL_STORAGE,
+            Manifest.permission.WRITE_EXTERNAL_STORAGE
+    };
+
+    public static void checkAndRequestPermissionList(Activity activity, String[] permissions) {
+        ArrayList<String> permissionsToRequest = new ArrayList<>();
+        for (int i = 0; i < permissions.length; i++) {
+            if (ContextCompat.checkSelfPermission(activity, permissions[i])
+                    != PackageManager.PERMISSION_GRANTED)
+                permissionsToRequest.add(permissions[i]);
+        }
+
+        if (permissionsToRequest.size() != 0)
+            ActivityCompat.requestPermissions(activity,
+                    permissionsToRequest.toArray(new String[0]),
+                    REQUEST_CAMERA);
+        else
+            NativeFunctions.onPermissionsGranted();
+    }
+
+    public static void requestQZXingPermissions(Activity activity) {
+        checkAndRequestPermissionList(activity, requiredPermissionsModifyPhoneState);
+    }
+
+
+}

client/client.pro

@@ -5,14 +5,17 @@ TEMPLATE = app
 #CONFIG += console
 
 CONFIG += qtquickcompiler
+CONFIG += qzxing_multimedia \
+          enable_decoder_qr_code \
+          enable_encoder_qr_code
 
 DEFINES += QT_DEPRECATED_WARNINGS
 
 include("3rd/QtSsh/src/ssh/qssh.pri")
 include("3rd/QtSsh/src/botan/botan.pri")
 !android:!ios:include("3rd/SingleApplication/singleapplication.pri")
-include("3rd/QRCodeGenerator/QRCodeGenerator.pri")
 include ("3rd/SortFilterProxyModel/SortFilterProxyModel.pri")
+include("3rd/QZXing/src/QZXing-components.pri")
 
 INCLUDEPATH += $$PWD/3rd/OpenSSL/include
 DEPENDPATH += $$PWD/3rd/OpenSSL/include
@@ -39,6 +42,7 @@ HEADERS  += \
     managementserver.h \
    protocols/protocols_defs.h \
     settings.h \
+    ui/notificationhandler.h \
     ui/models/containers_model.h \
     ui/models/protocols_model.h \
     ui/pages.h \
@@ -47,6 +51,7 @@ HEADERS  += \
     ui/pages_logic/NetworkSettingsLogic.h \
    ui/pages_logic/NewServerProtocolsLogic.h \
     ui/pages_logic/PageLogicBase.h \
+   ui/pages_logic/QrDecoderLogic.h \
    ui/pages_logic/ServerConfiguringProgressLogic.h \
     ui/pages_logic/ServerContainersLogic.h \
     ui/pages_logic/ServerListLogic.h \
@@ -69,6 +74,10 @@ HEADERS  += \
     utils.h \
     vpnconnection.h \
     protocols/vpnprotocol.h \
+    logger.h \
+    loghandler.h \
+    loglevel.h \
+    constants.h
 
 SOURCES  += \
    configurators/cloak_configurator.cpp \
@@ -90,6 +99,7 @@ SOURCES  += \
     managementserver.cpp \
    protocols/protocols_defs.cpp \
     settings.cpp \
+    ui/notificationhandler.cpp \
     ui/models/containers_model.cpp \
     ui/models/protocols_model.cpp \
     ui/pages_logic/AppSettingsLogic.cpp \
@@ -97,6 +107,7 @@ SOURCES  += \
     ui/pages_logic/NetworkSettingsLogic.cpp \
    ui/pages_logic/NewServerProtocolsLogic.cpp \
     ui/pages_logic/PageLogicBase.cpp \
+   ui/pages_logic/QrDecoderLogic.cpp \
    ui/pages_logic/ServerConfiguringProgressLogic.cpp \
     ui/pages_logic/ServerContainersLogic.cpp \
     ui/pages_logic/ServerListLogic.cpp \
@@ -118,6 +129,9 @@ SOURCES  += \
     utils.cpp \
     vpnconnection.cpp \
     protocols/vpnprotocol.cpp \
+    logger.cpp \
+    loghandler.cpp
+
 
 RESOURCES += \
     resources.qrc
@@ -126,16 +140,20 @@ TRANSLATIONS = \
     translations/amneziavpn_ru.ts
 
 win32 {
+    DEFINES += MVPN_WINDOWS
+
     OTHER_FILES += platform_win/vpnclient.rc
     RC_FILE = platform_win/vpnclient.rc
 
     HEADERS += \
-       ui/framelesswindow.h \
+       protocols/ikev2_vpn_protocol_windows.h \
+       ui/framelesswindow.h
 
     SOURCES += \
+       protocols/ikev2_vpn_protocol_windows.cpp \
        ui/framelesswindow.cpp
 
-    VERSION = 1.0.0.0
+    VERSION = 2.0.0.0
     QMAKE_TARGET_COMPANY = "AmneziaVPN"
     QMAKE_TARGET_PRODUCT = "AmneziaVPN"
 
@@ -161,6 +179,8 @@ win32 {
 }
 
 macx {
+    DEFINES += MVPN_MACOS
+
     ICON   = $$PWD/images/app.icns
 
     HEADERS  += ui/macos_util.h
@@ -173,6 +193,8 @@ macx {
 }
 
 linux:!android {
+    DEFINES += MVPN_LINUX
+
     LIBS += /usr/lib/x86_64-linux-gnu/libcrypto.a
     LIBS += /usr/lib/x86_64-linux-gnu/libssl.a
 }
@@ -180,15 +202,15 @@ linux:!android {
 win32|macx|linux:!android {
 
    HEADERS  += \
+      ui/systemtray_notificationhandler.h \
       protocols/openvpnprotocol.h \
-      protocols/ikev2_vpn_protocol.h \
       protocols/openvpnovercloakprotocol.h \
       protocols/shadowsocksvpnprotocol.h \
       protocols/wireguardprotocol.h \
 
    SOURCES  += \
+      ui/systemtray_notificationhandler.cpp \
       protocols/openvpnprotocol.cpp \
-      protocols/ikev2_vpn_protocol.cpp \
       protocols/openvpnovercloakprotocol.cpp \
       protocols/shadowsocksvpnprotocol.cpp \
       protocols/wireguardprotocol.cpp \
@@ -196,12 +218,22 @@ win32|macx|linux:!android {
 
 android {
    QT += androidextras
+   DEFINES += MVPN_ANDROID
 
    INCLUDEPATH += platforms/android
 
-   HEADERS +=    protocols/android_vpnprotocol.h \
+   HEADERS += \
+      platforms/android/native.h \
+      platforms/android/android_controller.h \
+      platforms/android/android_notificationhandler.h \
+      protocols/android_vpnprotocol.h
+
+   SOURCES += \
+      platforms/android/native.cpp \
+      platforms/android/android_controller.cpp \
+      platforms/android/android_notificationhandler.cpp \
+      protocols/android_vpnprotocol.cpp
 
-   SOURCES +=    protocols/android_vpnprotocol.cpp \
 
    DISTFILES += \
        android/AndroidManifest.xml \
@@ -240,46 +272,95 @@ android {
 ios {
     message("Client ios build")
     CONFIG += static
+    CONFIG += file_copies
+
+    # For the authentication
+    LIBS += -framework AuthenticationServices
+
+    # For notifications
+    LIBS += -framework UIKit
+    LIBS += -framework Foundation
+    LIBS += -framework StoreKit
+    LIBS += -framework UserNotifications
+
+#    LIBS += $$PWD/3rd/OpenVPNAdapter/build/Debug-iphoneos/LZ4.framework
+#    LIBS += $$PWD/3rd/OpenVPNAdapter/build/Debug-iphoneos/mbedTLS.framework
+#    LIBS += $$PWD/3rd/OpenVPNAdapter/build/Debug-iphoneos/OpenVPNClient.framework
+#    LIBS += $$PWD/3rd/OpenVPNAdapter/build/Debug-iphoneos/OpenVPNAdapter.framework
+
+    DEFINES += MVPN_IOS
+
+    HEADERS += \
+      protocols/ios_vpnprotocol.h \
+      platforms/ios/iosnotificationhandler.h \
+      platforms/ios/json.h \
+      platforms/ios/bigint.h \
+      platforms/ios/bigintipv6addr.h \
+      platforms/ios/ipaddress.h \
+      platforms/ios/ipaddressrange.h
+  
+    SOURCES  += \
+      protocols/ios_vpnprotocol.mm \
+      platforms/ios/iosnotificationhandler.mm \
+      platforms/ios/json.cpp \
+      platforms/ios/iosglue.mm \
+      platforms/ios/ipaddress.cpp \
+      platforms/ios/ipaddressrange.cpp
 
     Q_ENABLE_BITCODE.value = NO
     Q_ENABLE_BITCODE.name = ENABLE_BITCODE
     QMAKE_MAC_XCODE_SETTINGS += Q_ENABLE_BITCODE
 
-    CONFIG(iphoneos, iphoneos|iphonesimulator) {
-        message("Building for iPhone OS")
-        QMAKE_TARGET_BUNDLE_PREFIX = org.amnezia
-        QMAKE_BUNDLE = AmneziaVPN
-        QMAKE_IOS_DEPLOYMENT_TARGET = 12.0
-        QMAKE_APPLE_TARGETED_DEVICE_FAMILY = 1
-        QMAKE_DEVELOPMENT_TEAM = X7UJ388FXK
-        QMAKE_PROVISIONING_PROFILE = f2fefb59-14aa-4aa9-ac14-1d5531b06dcc
-        QMAKE_XCODE_CODE_SIGN_IDENTITY = "Apple Distribution"
-
-        XCODEBUILD_FLAGS += -allowProvisioningUpdates
-
-        DEFINES += iphoneos
-
-        contains(QT_ARCH, arm64) {
-            message("Building for iOS/ARM v8 64-bit architecture")
-            ARCH_TAG = "ios_armv8_64"
-
-            LIBS += $$PWD/3rd/OpenSSL/lib/ios/iphone/libcrypto.a
-            LIBS += $$PWD/3rd/OpenSSL/lib/ios/iphone/libssl.a
-        } else {
-            message("Building for iOS/ARM v7 (32-bit) architecture")
-            ARCH_TAG = "ios_armv7"
-        }
+#    CONFIG(iphoneos, iphoneos|iphonesimulator) {
+  iphoneos {
+    message("Building for iPhone OS")
+    QMAKE_TARGET_BUNDLE_PREFIX = org.amnezia
+    QMAKE_BUNDLE = AmneziaVPN
+    QMAKE_IOS_DEPLOYMENT_TARGET = 12.0
+    QMAKE_APPLE_TARGETED_DEVICE_FAMILY = 1
+    QMAKE_DEVELOPMENT_TEAM = X7UJ388FXK
+    QMAKE_PROVISIONING_PROFILE = f2fefb59-14aa-4aa9-ac14-1d5531b06dcc
+    QMAKE_XCODE_CODE_SIGN_IDENTITY = "Apple Distribution"
+    QMAKE_INFO_PLIST = $$PWD/ios/app/Info.plist
+    
+    XCODEBUILD_FLAGS += -allowProvisioningUpdates
+    
+    DEFINES += iphoneos
+    
+    contains(QT_ARCH, arm64) {
+      message("Building for iOS/ARM v8 64-bit architecture")
+      ARCH_TAG = "ios_armv8_64"
+      
+      LIBS += $$PWD/3rd/OpenSSL/lib/ios/iphone/libcrypto.a
+      LIBS += $$PWD/3rd/OpenSSL/lib/ios/iphone/libssl.a
+    } else {
+      message("Building for iOS/ARM v7 (32-bit) architecture")
+      ARCH_TAG = "ios_armv7"
     }
+  }
+#    }
+  
 
-    CONFIG(iphonesimulator, iphoneos|iphonesimulator) {
-        message("Building for iPhone Simulator")
-        ARCH_TAG = "ios_x86_64"
+#    CONFIG(iphonesimulator, iphoneos|iphonesimulator) {
+#  iphonesimulator {
+#    message("Building for iPhone Simulator")
+#    ARCH_TAG = "ios_x86_64"
+#    
+#    DEFINES += iphonesimulator
+#    
+#    LIBS += $$PWD/3rd/OpenSSL/lib/ios/simulator/libcrypto.a
+#    LIBS += $$PWD/3rd/OpenSSL/lib/ios/simulator/libssl.a
+#  }
+#    }
 
-        DEFINES += iphonesimulator
+    NETWORKEXTENSION=1
+#    ! build_pass: system(ruby $$PWD/scripts/xcode_patcher.rb "$$PWD" "$$OUT_PWD/AmneziaVPN.xcodeproj" "2.0" "2.0.0" "ios" "$$NETWORKEXTENSION"|| echo "Failed to merge xcode with wireguard")
 
-        LIBS += $$PWD/3rd/OpenSSL/lib/ios/simulator/libcrypto.a
-        LIBS += $$PWD/3rd/OpenSSL/lib/ios/simulator/libssl.a
-    }
+
+
+#ruby %{sourceDir}/client/ios/xcode_patcher.rb "%{buildDir}/AmneziaVPN.xcodeproj" "2.0" "2.0.0" "ios" "1"
+    #cd client/ && /Users/md/Qt/5.15.2/ios/bin/qmake -o Makefile /Users/md/amnezia/desktop-client/client/client.pro -spec macx-ios-clang CONFIG+=iphonesimulator CONFIG+=simulator CONFIG+=qml_debug -after
+# %{sourceDir}/client/ios/xcode_patcher.rb %{buildDir}/client/AmneziaVPN.xcodeproj 2.0 2.0.0 ios 1
 }
 
 

client/configurators/vpn_configurator.cpp

@@ -18,22 +18,22 @@ Settings &VpnConfigurator::m_settings()
 }
 
 QString VpnConfigurator::genVpnProtocolConfig(const ServerCredentials &credentials,
-    DockerContainer container, const QJsonObject &containerConfig, Protocol proto, ErrorCode *errorCode)
+    DockerContainer container, const QJsonObject &containerConfig, Proto proto, ErrorCode *errorCode)
 {
     switch (proto) {
-    case Protocol::OpenVpn:
+    case Proto::OpenVpn:
         return OpenVpnConfigurator::genOpenVpnConfig(credentials, container, containerConfig, errorCode);
 
-    case Protocol::ShadowSocks:
+    case Proto::ShadowSocks:
         return ShadowSocksConfigurator::genShadowSocksConfig(credentials, container, containerConfig, errorCode);
 
-    case Protocol::Cloak:
+    case Proto::Cloak:
         return CloakConfigurator::genCloakConfig(credentials, container, containerConfig, errorCode);
 
-    case Protocol::WireGuard:
+    case Proto::WireGuard:
         return WireguardConfigurator::genWireguardConfig(credentials, container, containerConfig, errorCode);
 
-    case Protocol::Ikev2:
+    case Proto::Ikev2:
         return Ikev2Configurator::genIkev2Config(credentials, container, containerConfig, errorCode);
 
     default:
@@ -41,23 +41,23 @@ QString VpnConfigurator::genVpnProtocolConfig(const ServerCredentials &credentia
     }
 }
 
-QString VpnConfigurator::processConfigWithLocalSettings(DockerContainer container, Protocol proto, QString config)
+QString VpnConfigurator::processConfigWithLocalSettings(DockerContainer container, Proto proto, QString config)
 {
     config.replace("$PRIMARY_DNS", m_settings().primaryDns());
     config.replace("$SECONDARY_DNS", m_settings().secondaryDns());
 
-    if (proto == Protocol::OpenVpn) {
+    if (proto == Proto::OpenVpn) {
         return OpenVpnConfigurator::processConfigWithLocalSettings(config);
     }
     return config;
 }
 
-QString VpnConfigurator::processConfigWithExportSettings(DockerContainer container, Protocol proto, QString config)
+QString VpnConfigurator::processConfigWithExportSettings(DockerContainer container, Proto proto, QString config)
 {
     config.replace("$PRIMARY_DNS", m_settings().primaryDns());
     config.replace("$SECONDARY_DNS", m_settings().secondaryDns());
 
-    if (proto == Protocol::OpenVpn) {
+    if (proto == Proto::OpenVpn) {
         return OpenVpnConfigurator::processConfigWithExportSettings(config);
     }
     return config;
@@ -66,7 +66,7 @@ QString VpnConfigurator::processConfigWithExportSettings(DockerContainer contain
 void VpnConfigurator::updateContainerConfigAfterInstallation(DockerContainer container, QJsonObject &containerConfig,
     const QString &stdOut)
 {
-    Protocol mainProto = ContainerProps::defaultProtocol(container);
+    Proto mainProto = ContainerProps::defaultProtocol(container);
 
     if (container == DockerContainer::TorWebSite) {
         QJsonObject protocol = containerConfig.value(ProtocolProps::protoToString(mainProto)).toObject();

client/configurators/vpn_configurator.h

@@ -13,10 +13,10 @@ class VpnConfigurator
 public:
 
     static QString genVpnProtocolConfig(const ServerCredentials &credentials, DockerContainer container,
-        const QJsonObject &containerConfig, Protocol proto, ErrorCode *errorCode = nullptr);
+        const QJsonObject &containerConfig, Proto proto, ErrorCode *errorCode = nullptr);
 
-    static QString processConfigWithLocalSettings(DockerContainer container, Protocol proto, QString config);
-    static QString processConfigWithExportSettings(DockerContainer container, Protocol proto, QString config);
+    static QString processConfigWithLocalSettings(DockerContainer container, Proto proto, QString config);
+    static QString processConfigWithExportSettings(DockerContainer container, Proto proto, QString config);
 
     // workaround for containers which is not support normal configaration
     static void updateContainerConfigAfterInstallation(DockerContainer container,

client/configurators/wireguard_configurator.cpp

@@ -50,7 +50,7 @@ WireguardConfigurator::ConnectionData WireguardConfigurator::genClientKeys()
 }
 
 WireguardConfigurator::ConnectionData WireguardConfigurator::prepareWireguardConfig(const ServerCredentials &credentials,
-    DockerContainer container, ErrorCode *errorCode)
+    DockerContainer container, const QJsonObject &containerConfig, ErrorCode *errorCode)
 {
     WireguardConfigurator::ConnectionData connData = WireguardConfigurator::genClientKeys();
     connData.host = credentials.hostName;
@@ -61,6 +61,49 @@ WireguardConfigurator::ConnectionData WireguardConfigurator::prepareWireguardCon
     }
 
     ErrorCode e = ErrorCode::NoError;
+
+    // Get list of already created clients (only IP addreses)
+    QString nextIpNumber;
+    {
+        QString script = QString("cat %1 | grep AllowedIPs").arg(amnezia::protocols::wireguard::serverConfigPath);
+        QString stdOut;
+        auto cbReadStdOut = [&](const QString &data, QSharedPointer<QSsh::SshRemoteProcess> proc) {
+            stdOut += data + "\n";
+        };
+
+        ServerController::runContainerScript(credentials, container, script, cbReadStdOut);
+        stdOut.replace("AllowedIPs = ", "");
+        stdOut.replace("/32", "");
+        QStringList ips = stdOut.split("\n", Qt::SkipEmptyParts);
+
+        // Calc next IP address
+        if (ips.isEmpty()) {
+            nextIpNumber = "2";
+        }
+        else {
+            int next = ips.last().split(".").last().toInt() + 1;
+            if (next > 254) {
+                if (errorCode) *errorCode = ErrorCode::AddressPoolError;
+                return connData;
+            }
+            nextIpNumber = QString::number(next);
+        }
+    }
+
+    QString subnetIp = containerConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress);
+    {
+        QStringList l = subnetIp.split(".", Qt::SkipEmptyParts);
+        if (l.isEmpty()) {
+            if (errorCode) *errorCode = ErrorCode::AddressPoolError;
+            return connData;
+        }
+        l.removeLast();
+        l.append(nextIpNumber);
+
+        connData.clientIP = l.join(".");
+    }
+
+    // Get keys
     connData.serverPubKey = ServerController::getTextFileFromContainer(container, credentials, amnezia::protocols::wireguard::serverPublicKeyPath, &e);
     connData.serverPubKey.replace("\n", "");
     if (e) {
@@ -76,18 +119,15 @@ WireguardConfigurator::ConnectionData WireguardConfigurator::prepareWireguardCon
         return connData;
     }
 
-
+    // Add client to config
     QString configPart = QString(
         "[Peer]\n"
         "PublicKey = %1\n"
         "PresharedKey = %2\n"
-        "AllowedIPs = $WIREGUARD_SUBNET_IP/$WIREGUARD_SUBNET_CIDR\n\n").
+        "AllowedIPs = %3/32\n\n").
             arg(connData.clientPubKey).
-            arg(connData.pskKey);
-
-    configPart = ServerController::replaceVars(configPart, ServerController::genVarsForScript(credentials, container));
-
-    qDebug().noquote() << "Adding wg conf part to server" << configPart;
+            arg(connData.pskKey).
+            arg(connData.clientIP);
 
     e = ServerController::uploadTextFileToContainer(container, credentials, configPart,
         protocols::wireguard::serverConfigPath, QSsh::SftpOverwriteMode::SftpAppendToExisting);
@@ -116,12 +156,13 @@ QString WireguardConfigurator::genWireguardConfig(const ServerCredentials &crede
     QString config = ServerController::replaceVars(amnezia::scriptData(ProtocolScriptType::wireguard_template, container),
             ServerController::genVarsForScript(credentials, container, containerConfig));
 
-    ConnectionData connData = prepareWireguardConfig(credentials, container, errorCode);
+    ConnectionData connData = prepareWireguardConfig(credentials, container, containerConfig, errorCode);
     if (errorCode && *errorCode) {
         return "";
     }
 
     config.replace("$WIREGUARD_CLIENT_PRIVATE_KEY", connData.clientPrivKey);
+    config.replace("$WIREGUARD_CLIENT_IP", connData.clientIP);
     config.replace("$WIREGUARD_SERVER_PUBLIC_KEY", connData.serverPubKey);
     config.replace("$WIREGUARD_PSK", connData.pskKey);
 
@@ -130,6 +171,7 @@ QString WireguardConfigurator::genWireguardConfig(const ServerCredentials &crede
 
     jConfig[config_key::hostName] = connData.host;
     jConfig[config_key::client_priv_key] = connData.clientPrivKey;
+    jConfig[config_key::client_ip] = connData.clientIP;
     jConfig[config_key::client_pub_key] = connData.clientPubKey;
     jConfig[config_key::psk_key] = connData.pskKey;
     jConfig[config_key::server_pub_key] = connData.serverPubKey;

client/configurators/wireguard_configurator.h

@@ -15,6 +15,7 @@ public:
     struct ConnectionData {
         QString clientPrivKey; // client private key
         QString clientPubKey; // client public key
+        QString clientIP; // internal client IP address
         QString serverPubKey; // tls-auth key
         QString pskKey; // preshared key
         QString host; // host ip
@@ -29,7 +30,7 @@ public:
 
 private:
     static ConnectionData prepareWireguardConfig(const ServerCredentials &credentials,
-        DockerContainer container, ErrorCode *errorCode = nullptr);
+        DockerContainer container, const QJsonObject &containerConfig, ErrorCode *errorCode = nullptr);
 
     static ConnectionData genClientKeys();
 

client/constants.h

@@ -0,0 +1,127 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef CONSTANTS_H
+#define CONSTANTS_H
+
+#include <stdint.h>
+
+namespace Constants {
+
+// Returns true if we are in a production environment.
+bool inProduction();
+void setStaging();
+
+// Number of msecs for the captive-portal block alert.
+constexpr uint32_t CAPTIVE_PORTAL_ALERT_MSEC = 4000;
+
+// Number of msecs for the unsecured network alert.
+constexpr uint32_t UNSECURED_NETWORK_ALERT_MSEC = 4000;
+
+// Number of recent connections to retain.
+constexpr int RECENT_CONNECTIONS_MAX_COUNT = 5;
+
+#if defined(UNIT_TEST)
+#  define CONSTEXPR(type, functionName, releaseValue, debugValue, \
+                    testingValue)                                 \
+    inline type functionName() { return testingValue; }
+#else
+#  define CONSTEXPR(type, functionName, releaseValue, debugValue, \
+                    testingValue)                                 \
+    inline type functionName() {                                  \
+      return inProduction() ? releaseValue : debugValue;          \
+    }
+#endif
+
+// Let's refresh the IP address any 10 minutes (in milliseconds).
+CONSTEXPR(uint32_t, ipAddressTimerMsec, 600000, 10000, 0)
+
+// Let's check the connection status any second.
+CONSTEXPR(uint32_t, checkStatusTimerMsec, 1000, 1000, 0)
+
+// Number of points for the charts.
+CONSTEXPR(int, chartsMaxPoints, 30, 30, 30);
+
+// Any 6 hours, a new check
+CONSTEXPR(uint32_t, releaseMonitorMsec, 21600000, 4000, 0)
+
+// in milliseconds, how often we should fetch the server list and the account.
+CONSTEXPR(uint32_t, scheduleAccountAndServersTimerMsec, 3600000, 4000, 0)
+
+// how often we check the captive portal when the VPN is on.
+CONSTEXPR(uint32_t, captivePortalRequestTimeoutMsec, 10000, 4000, 0)
+
+// How fast the animated icon should move
+CONSTEXPR(uint32_t, statusIconAnimationMsec, 200, 200, 0)
+
+// How often glean pings are sent
+CONSTEXPR(uint32_t, gleanTimeoutMsec, 1200000, 1000, 0)
+
+// How often we check the surveys to be executed (no network requests are done
+// for this check)
+CONSTEXPR(uint32_t, surveyTimerMsec, 300000, 4000, 0)
+
+#undef CONSTEXPR
+
+#define PRODBETAEXPR(type, functionName, prod, beta) \
+  inline type functionName() { return inProduction() ? prod : beta; }
+
+constexpr const char* API_PRODUCTION_URL = "https://vpn.mozilla.org";
+constexpr const char* API_STAGING_URL =
+    "https://stage-vpn.guardian.nonprod.cloudops.mozgcp.net";
+
+constexpr const char* LOGO_URL = ":/ui/resources/logo-dock.png";
+
+PRODBETAEXPR(const char*, fxaUrl, "https://api.accounts.firefox.com",
+             "https://api-accounts.stage.mozaws.net")
+PRODBETAEXPR(
+    const char*, balrogUrl,
+    "https://aus5.mozilla.org/json/1/FirefoxVPN/%1/%2/release/update.json",
+    "https://stage.balrog.nonprod.cloudops.mozgcp.net/json/1/FirefoxVPN/%1/%2/"
+    "release-cdntest/update.json");
+PRODBETAEXPR(
+    const char*, balrogRootCertFingerprint,
+    "97e8ba9cf12fb3de53cc42a4e6577ed64df493c247b414fea036818d3823560e",
+    "3c01446abe9036cea9a09acaa3a520ac628f20a7ae32ce861cb2efb70fa0c745");
+
+#undef PRODBETAEXPR
+
+constexpr const char* PLATFORM_NAME =
+#if defined(MVPN_IOS)
+    "ios"
+#elif defined(MVPN_MACOS)
+    "macos"
+#elif defined(MVPN_LINUX)
+    "linux"
+#elif defined(MVPN_ANDROID)
+    "android"
+#elif defined(MVPN_WINDOWS)
+    "windows"
+#elif defined(UNIT_TEST) || defined(MVPN_DUMMY)
+    "dummy"
+#else
+#  error "Unsupported platform"
+#endif
+    ;
+
+constexpr const char* PLACEHOLDER_USER_DNS = "127.0.0.1";
+
+#if defined(MVPN_ADJUST)
+// These are the two auto-generated token from the Adjust dashboard for the
+// "Subscription Completed" event. We have two since in the Adjust dashboard we
+// have defined two apps for iOS and Android with a event token each.
+constexpr const char* ADJUST_SUBSCRIPTION_COMPLETED =
+#  if defined(MVPN_IOS)
+    "jl72xm"
+#  elif defined(MVPN_ANDROID)
+    "o1mn9m"
+#  else
+    ""
+#  endif
+    ;
+#endif
+
+};  // namespace Constants
+
+#endif  // CONSTANTS_H

client/containers/containers_defs.cpp

@@ -27,29 +27,29 @@ QString ContainerProps::containerToString(amnezia::DockerContainer c){
     return "amnezia-" + containerKey.toLower();
 }
 
-QVector<amnezia::Protocol> ContainerProps::protocolsForContainer(amnezia::DockerContainer container)
+QVector<amnezia::Proto> ContainerProps::protocolsForContainer(amnezia::DockerContainer container)
 {
     switch (container) {
     case DockerContainer::None:
         return { };
 
     case DockerContainer::OpenVpn:
-        return { Protocol::OpenVpn };
+        return { Proto::OpenVpn };
 
     case DockerContainer::ShadowSocks:
-        return { Protocol::OpenVpn, Protocol::ShadowSocks };
+        return { Proto::OpenVpn, Proto::ShadowSocks };
 
     case DockerContainer::Cloak:
-        return { Protocol::OpenVpn, Protocol::ShadowSocks, Protocol::Cloak };
+        return { Proto::OpenVpn, Proto::ShadowSocks, Proto::Cloak };
 
     case DockerContainer::Ipsec:
-        return { Protocol::Ikev2 /*, Protocol::L2tp */};
+        return { Proto::Ikev2 /*, Protocol::L2tp */};
 
     case DockerContainer::Dns:
         return { };
 
     case DockerContainer::Sftp:
-        return { Protocol::Sftp};
+        return { Proto::Sftp};
 
     default:
         return { defaultProtocol(container) };
@@ -118,21 +118,50 @@ amnezia::ServiceType ContainerProps::containerService(DockerContainer c)
     }
 }
 
-Protocol ContainerProps::defaultProtocol(DockerContainer c)
+Proto ContainerProps::defaultProtocol(DockerContainer c)
 {
     switch (c) {
-    case DockerContainer::None :         return Protocol::Any;
-    case DockerContainer::OpenVpn :      return Protocol::OpenVpn;
-    case DockerContainer::Cloak :        return Protocol::Cloak;
-    case DockerContainer::ShadowSocks :  return Protocol::ShadowSocks;
-    case DockerContainer::WireGuard :    return Protocol::WireGuard;
-    case DockerContainer::Ipsec :        return Protocol::Ikev2;
+    case DockerContainer::None :         return Proto::Any;
+    case DockerContainer::OpenVpn :      return Proto::OpenVpn;
+    case DockerContainer::Cloak :        return Proto::Cloak;
+    case DockerContainer::ShadowSocks :  return Proto::ShadowSocks;
+    case DockerContainer::WireGuard :    return Proto::WireGuard;
+    case DockerContainer::Ipsec :        return Proto::Ikev2;
 
-    case DockerContainer::TorWebSite :   return Protocol::TorWebSite;
-    case DockerContainer::Dns :          return Protocol::Dns;
+    case DockerContainer::TorWebSite :   return Proto::TorWebSite;
+    case DockerContainer::Dns :          return Proto::Dns;
     //case DockerContainer::FileShare :    return Protocol::FileShare;
-    case DockerContainer::Sftp :         return Protocol::Sftp;
-    default:                             return Protocol::Any;
+    case DockerContainer::Sftp :         return Proto::Sftp;
+    default:                             return Proto::Any;
     }
 }
 
+bool ContainerProps::isWorkingOnPlatform(DockerContainer c)
+{
+#ifdef Q_OS_WINDOWS
+    return true;
+
+#elif defined (Q_OS_IOS)
+    switch (c) {
+    case DockerContainer::WireGuard: return true;
+    case DockerContainer::OpenVpn: return true;
+    default: return false;
+    }
+#elif defined (Q_OS_MAC)
+    return false;
+
+#elif defined (Q_OS_ANDROID)
+    switch (c) {
+    case DockerContainer::WireGuard: return true;
+    case DockerContainer::OpenVpn: return true;
+    default: return false;
+    }
+
+#elif defined (Q_OS_LINUX)
+    return false;
+
+#else
+return false;
+#endif
+}
+

client/containers/containers_defs.h

@@ -46,13 +46,15 @@ public:
     Q_INVOKABLE static QMap<DockerContainer, QString> containerDescriptions();
 
     // these protocols will be displayed in container settings
-    Q_INVOKABLE static QVector<Protocol> protocolsForContainer(DockerContainer container);
+    Q_INVOKABLE static QVector<Proto> protocolsForContainer(DockerContainer container);
 
     Q_INVOKABLE static ServiceType containerService(DockerContainer c);
 
     // binding between Docker container and main protocol of given container
     // it may be changed fot future containers :)
-    Q_INVOKABLE static Protocol defaultProtocol(DockerContainer c);
+    Q_INVOKABLE static Proto defaultProtocol(DockerContainer c);
+
+    Q_INVOKABLE static bool isWorkingOnPlatform(DockerContainer c);
 };
 
 

client/core/defs.h

@@ -6,6 +6,8 @@
 
 namespace amnezia {
 
+constexpr const qint16 qrMagicCode = 1984;
+
 struct ServerCredentials
 {
     QString hostName;
@@ -58,6 +60,7 @@ enum ErrorCode
     OpenVpnAdaptersInUseError,
     OpenVpnUnknownError,
     OpenVpnTapAdapterError,
+    AddressPoolError,
 
     // 3rd party utils errors
     OpenSslFailed,

client/core/errorstrings.cpp

@@ -45,6 +45,7 @@ QString errorString(ErrorCode code){
     // VPN errors
     case (OpenVpnAdaptersInUseError): return QObject::tr("Can't connect: another VPN connection is active");
     case (OpenVpnTapAdapterError): return QObject::tr("Can't setup OpenVPN TAP network adapter");
+    case (AddressPoolError): return QObject::tr("VPN pool error: no available addresses");
 
     case(InternalError):
     default:

client/core/privileged_process.cpp

@@ -1,5 +1,6 @@
 #include "privileged_process.h"
 
+#ifndef Q_OS_IOS
 PrivilegedProcess::PrivilegedProcess() :
     IpcProcessInterfaceReplica()
 {
@@ -25,3 +26,4 @@ void PrivilegedProcess::waitForFinished(int msecs)
 
     loop->exec();
 }
+#endif // Q_OS_IOS

client/core/privileged_process.h

@@ -20,11 +20,11 @@ public:
 
 };
 
-#endif // PRIVILEGED_PROCESS_H
-
 #else // defined Q_OS_IOS
 class IpcProcessInterfaceReplica {};
 class PrivilegedProcess {};
-#endif
+#endif // Q_OS_IOS
+
+#endif // PRIVILEGED_PROCESS_H
 
 

client/core/servercontroller.cpp

@@ -1,6 +1,7 @@
 #include "servercontroller.h"
 
 #include <QCryptographicHash>
+#include <QDir>
 #include <QFile>
 #include <QEventLoop>
 #include <QLoggingCategory>
@@ -10,6 +11,7 @@
 #include <QJsonDocument>
 #include <QApplication>
 #include <QTemporaryFile>
+#include <QFileInfo>
 
 #include "sftpchannel.h"
 #include "sshconnectionmanager.h"
@@ -134,12 +136,7 @@ ErrorCode ServerController::runContainerScript(const ServerCredentials &credenti
 {
     QString fileName = "/opt/amnezia/" + Utils::getRandomString(16) + ".sh";
 
-    QString mkdir = "sudo docker exec -i $CONTAINER_NAME mkdir -p  /opt/amnezia/";
-    ErrorCode e = runScript(credentials,
-        replaceVars(mkdir, genVarsForScript(credentials, container)), cbReadStdOut, cbReadStdErr);
-    if (e) return e;
-
-    e = uploadTextFileToContainer(container, credentials, script, fileName);
+    ErrorCode e = uploadTextFileToContainer(container, credentials, script, fileName);
     if (e) return e;
 
     QString runner = QString("sudo docker exec -i $CONTAINER_NAME bash %1 ").arg(fileName);
@@ -167,6 +164,15 @@ ErrorCode ServerController::uploadTextFileToContainer(DockerContainer container,
         stdOut += data + "\n";
     };
 
+    // mkdir
+    QString mkdir = QString("sudo docker exec -i $CONTAINER_NAME mkdir -p  \"$(dirname %1)\"")
+            .arg(path);
+
+    e = runScript(credentials,
+        replaceVars(mkdir, genVarsForScript(credentials, container)));
+    if (e) return e;
+
+
     if (overwriteMode == QSsh::SftpOverwriteMode::SftpOverwriteExisting) {
         e = runScript(credentials,
             replaceVars(QString("sudo docker cp %1 $CONTAINER_NAME:/%2").arg(tmpFileName).arg(path),
@@ -449,7 +455,7 @@ ErrorCode ServerController::updateContainer(const ServerCredentials &credentials
 
 QJsonObject ServerController::createContainerInitialConfig(DockerContainer container, int port, TransportProto tp)
 {
-    Protocol mainProto = ContainerProps::defaultProtocol(container);
+    Proto mainProto = ContainerProps::defaultProtocol(container);
 
     QJsonObject config {
         { config_key::container, ContainerProps::containerToString(container) }
@@ -472,8 +478,10 @@ QJsonObject ServerController::createContainerInitialConfig(DockerContainer conta
 
 bool ServerController::isReinstallContainerRequred(DockerContainer container, const QJsonObject &oldConfig, const QJsonObject &newConfig)
 {
-    const QJsonObject &oldProtoConfig = oldConfig[ContainerProps::containerToString(container)].toObject();
-    const QJsonObject &newProtoConfig = newConfig[ContainerProps::containerToString(container)].toObject();
+    Proto mainProto = ContainerProps::defaultProtocol(container);
+
+    const QJsonObject &oldProtoConfig = oldConfig.value(ProtocolProps::protoToString(mainProto)).toObject();
+    const QJsonObject &newProtoConfig = newConfig.value(ProtocolProps::protoToString(mainProto)).toObject();
 
     if (container == DockerContainer::OpenVpn) {
         if (oldProtoConfig.value(config_key::transport_proto).toString(protocols::openvpn::defaultTransportProto) !=
@@ -616,11 +624,11 @@ ErrorCode ServerController::startupContainerWorker(const ServerCredentials &cred
 
 ServerController::Vars ServerController::genVarsForScript(const ServerCredentials &credentials, DockerContainer container, const QJsonObject &config)
 {
-    const QJsonObject &openvpnConfig = config.value(ProtocolProps::protoToString(Protocol::OpenVpn)).toObject();
-    const QJsonObject &cloakConfig = config.value(ProtocolProps::protoToString(Protocol::Cloak)).toObject();
-    const QJsonObject &ssConfig = config.value(ProtocolProps::protoToString(Protocol::ShadowSocks)).toObject();
-    const QJsonObject &wireguarConfig = config.value(ProtocolProps::protoToString(Protocol::WireGuard)).toObject();
-    const QJsonObject &sftpConfig = config.value(ProtocolProps::protoToString(Protocol::Sftp)).toObject();
+    const QJsonObject &openvpnConfig = config.value(ProtocolProps::protoToString(Proto::OpenVpn)).toObject();
+    const QJsonObject &cloakConfig = config.value(ProtocolProps::protoToString(Proto::Cloak)).toObject();
+    const QJsonObject &ssConfig = config.value(ProtocolProps::protoToString(Proto::ShadowSocks)).toObject();
+    const QJsonObject &wireguarConfig = config.value(ProtocolProps::protoToString(Proto::WireGuard)).toObject();
+    const QJsonObject &sftpConfig = config.value(ProtocolProps::protoToString(Proto::Sftp)).toObject();
     //
 
     Vars vars;
@@ -661,9 +669,9 @@ ServerController::Vars ServerController::genVarsForScript(const ServerCredential
     vars.append({{"$FAKE_WEB_SITE_ADDRESS", cloakConfig.value(config_key::site).toString(protocols::cloak::defaultRedirSite) }});
 
     // Wireguard vars
-    vars.append({{"$WIREGUARD_SUBNET_IP", openvpnConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress) }});
-    vars.append({{"$WIREGUARD_SUBNET_CIDR", openvpnConfig.value(config_key::subnet_cidr).toString(protocols::wireguard::defaultSubnetCidr) }});
-    vars.append({{"$WIREGUARD_SUBNET_MASK", openvpnConfig.value(config_key::subnet_mask).toString(protocols::wireguard::defaultSubnetMask) }});
+    vars.append({{"$WIREGUARD_SUBNET_IP", wireguarConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress) }});
+    vars.append({{"$WIREGUARD_SUBNET_CIDR", wireguarConfig.value(config_key::subnet_cidr).toString(protocols::wireguard::defaultSubnetCidr) }});
+    vars.append({{"$WIREGUARD_SUBNET_MASK", wireguarConfig.value(config_key::subnet_mask).toString(protocols::wireguard::defaultSubnetMask) }});
 
     vars.append({{"$WIREGUARD_SERVER_PORT", wireguarConfig.value(config_key::port).toString(protocols::wireguard::defaultPort) }});
 
@@ -689,7 +697,7 @@ ServerController::Vars ServerController::genVarsForScript(const ServerCredential
 
 
     // Sftp vars
-    vars.append({{"$SFTP_PORT", sftpConfig.value(config_key::port).toString(QString::number(ProtocolProps::defaultPort(Protocol::Sftp))) }});
+    vars.append({{"$SFTP_PORT", sftpConfig.value(config_key::port).toString(QString::number(ProtocolProps::defaultPort(Proto::Sftp))) }});
     vars.append({{"$SFTP_USER", sftpConfig.value(config_key::userName).toString() }});
     vars.append({{"$SFTP_PASSWORD", sftpConfig.value(config_key::password).toString() }});
 

client/defines.h

@@ -4,7 +4,7 @@
 #define APPLICATION_NAME    "AmneziaVPN"
 #define SERVICE_NAME        "AmneziaVPN-service"
 #define ORGANIZATION_NAME   "AmneziaVPN.ORG"
-#define APP_MAJOR_VERSION   "2.0.1"
-#define APP_VERSION         "2.0.1.0"
+#define APP_MAJOR_VERSION   "2.0.7"
+#define APP_VERSION         "2.0.7.0"
 
 #endif // DEFINES_H

client/images/icon_src.svg

@@ -0,0 +1,67 @@
+<?xml version="1.0" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 20010904//EN"
+ "http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd">
+<svg version="1.0" xmlns="http://www.w3.org/2000/svg"
+ width="256.000000pt" height="256.000000pt" viewBox="0 0 256.000000 256.000000"
+ preserveAspectRatio="xMidYMid meet">
+
+<g transform="translate(0.000000,256.000000) scale(0.100000,-0.100000)"
+fill="#000000" stroke="none">
+<path d="M1216 2523 c-3 -21 -8 -91 -12 -156 -3 -64 -10 -120 -15 -123 -5 -3
+-9 -13 -9 -23 0 -26 -48 -71 -76 -71 -13 0 -24 -4 -24 -9 0 -5 -10 -11 -22
+-13 -16 -2 -24 -11 -26 -30 -3 -22 -9 -27 -43 -33 -21 -4 -39 -10 -39 -15 0
+-4 -29 -13 -65 -20 -36 -7 -65 -16 -65 -21 0 -4 -20 -11 -45 -15 -40 -6 -47
+-11 -65 -48 -36 -72 -51 -96 -60 -96 -5 0 -17 -14 -25 -31 -14 -25 -21 -30
+-47 -27 -27 3 -32 -1 -46 -36 -9 -22 -31 -53 -49 -69 -18 -16 -33 -34 -33 -40
+0 -5 -13 -37 -29 -71 -15 -34 -31 -71 -35 -83 -4 -13 -11 -23 -15 -23 -4 0
+-15 -24 -26 -52 -10 -29 -21 -57 -25 -63 -4 -5 -13 -34 -21 -62 -7 -29 -16
+-53 -20 -53 -11 0 -31 -154 -35 -274 l-4 -110 -43 -45 c-24 -26 -65 -63 -92
+-84 -119 -89 -132 -113 -57 -102 26 4 52 11 57 15 16 14 144 32 169 24 22 -7
+66 -49 66 -64 0 -5 52 -63 116 -130 l117 -121 -6 -96 c-4 -52 -11 -101 -17
+-108 -12 -14 -27 -145 -16 -145 3 0 19 11 35 25 18 17 34 47 46 88 9 34 21 71
+26 82 5 11 13 32 19 48 5 15 16 27 25 27 8 0 15 5 15 10 0 16 43 12 86 -9 126
+-60 153 -71 177 -71 15 0 27 -4 27 -8 0 -4 62 -16 138 -27 75 -10 141 -22 147
+-27 12 -11 121 -10 143 1 9 5 44 15 77 21 33 7 78 20 100 30 23 10 54 22 70
+26 17 4 35 10 41 15 15 12 133 39 170 39 23 0 33 -5 37 -19 2 -10 17 -25 32
+-32 18 -10 34 -31 49 -67 23 -57 87 -132 112 -132 15 0 16 10 9 82 -4 46 -10
+85 -14 88 -8 5 -26 95 -37 188 -7 60 11 151 32 159 8 3 14 11 14 18 0 6 21 37
+48 68 103 123 96 106 102 258 3 75 11 143 17 150 6 8 14 32 18 54 6 34 42 103
+74 141 5 6 12 25 16 42 l7 32 -68 0 -67 0 6 47 c3 26 10 49 16 51 6 2 11 9 11
+15 0 14 104 117 118 117 5 0 16 8 26 19 9 10 34 26 56 36 22 10 40 22 40 27 0
+4 7 8 15 8 9 0 15 9 15 21 0 20 -3 21 -57 14 -32 -4 -62 -10 -68 -15 -18 -13
+-145 -33 -177 -26 -17 3 -41 16 -52 29 -39 40 -104 94 -122 101 -13 5 -15 14
+-10 45 6 41 -3 51 -44 51 -11 0 -39 19 -64 43 -45 43 -80 72 -151 126 -22 17
+-47 36 -55 43 -8 7 -22 18 -30 23 -9 6 -32 20 -51 32 -28 19 -48 23 -111 23
+-42 0 -80 5 -83 10 -3 6 -16 10 -28 10 -12 0 -29 6 -38 13 -27 20 -68 109 -80
+172 -7 33 -16 65 -20 70 -4 6 -13 33 -19 60 -15 70 -29 95 -56 95 -18 0 -23
+-7 -28 -37z m409 -738 c32 -16 75 -39 95 -52 19 -13 43 -29 54 -36 49 -32 113
+-88 134 -116 35 -47 34 -81 -3 -100 -16 -9 -35 -21 -41 -27 -7 -6 -33 -17 -58
+-24 -26 -7 -49 -17 -52 -21 -3 -5 -29 -9 -59 -9 -49 0 -56 3 -79 33 -14 18
+-33 53 -41 78 -9 24 -22 58 -29 74 -8 17 -19 57 -26 90 -7 33 -16 62 -20 65
+-4 3 -10 22 -14 44 l-7 39 43 -5 c24 -3 70 -18 103 -33z m-595 -1 c0 -9 -6
+-30 -14 -47 -12 -27 -65 -193 -83 -262 -3 -11 -9 -24 -13 -30 -4 -5 -15 -41
+-25 -80 -10 -38 -21 -74 -25 -80 -4 -5 -13 -35 -20 -65 -7 -30 -16 -57 -19
+-60 -3 -3 -11 -14 -17 -24 -6 -11 -19 -24 -30 -30 -10 -6 -21 -14 -24 -17 -3
+-3 -22 -12 -42 -20 -21 -7 -38 -16 -38 -20 0 -4 -31 -15 -70 -25 -38 -10 -70
+-22 -70 -26 0 -4 -19 -8 -42 -8 l-41 0 6 98 c9 130 24 183 84 297 42 79 94
+144 184 229 112 105 114 106 128 106 6 0 14 6 17 13 2 7 25 22 49 32 25 11 45
+23 45 28 0 4 14 7 30 7 21 0 30 -5 30 -16z m239 -6 c7 -13 23 -41 36 -63 14
+-22 35 -60 46 -85 12 -25 25 -47 29 -50 4 -3 13 -23 20 -45 7 -22 17 -45 22
+-52 6 -7 12 -39 15 -73 5 -54 3 -62 -18 -84 -36 -35 -98 -63 -170 -76 -35 -6
+-83 -15 -107 -21 -23 -5 -54 -9 -67 -9 -28 0 -43 23 -28 43 6 6 16 35 23 62 7
+28 16 55 20 60 4 6 15 45 25 88 10 42 21 77 25 77 4 0 10 19 14 42 4 23 13 56
+21 72 7 17 19 49 25 71 21 68 47 84 69 43z m807 -449 c8 -13 7 -261 -2 -329
+-3 -25 -9 -54 -14 -65 -5 -11 -13 -48 -19 -82 -7 -34 -18 -76 -27 -95 -55
+-123 -71 -133 -102 -66 -51 108 -71 158 -77 192 -4 20 -10 36 -14 36 -4 0 -13
+21 -21 47 -7 26 -19 58 -26 72 -16 31 -39 155 -31 174 8 21 142 83 212 98 33
+7 64 16 70 21 13 12 43 10 51 -3z m-514 -219 c37 -29 55 -74 67 -170 8 -64 19
+-101 45 -150 78 -148 98 -196 103 -247 7 -66 -7 -95 -53 -113 -19 -8 -34 -17
+-34 -21 0 -4 -21 -15 -47 -25 -27 -10 -50 -21 -53 -25 -16 -22 -77 -29 -259
+-29 -197 0 -289 9 -346 34 -16 8 -45 17 -63 21 -18 4 -52 25 -75 47 l-42 40 1
+89 c1 49 6 95 12 102 5 6 13 30 16 51 11 61 64 145 136 216 80 78 88 85 137
+107 21 10 40 20 43 23 3 3 25 12 50 19 25 7 54 17 65 22 26 12 133 26 211 28
+47 1 67 -4 86 -19z m-882 -286 c0 -30 -32 -154 -41 -159 -5 -4 -9 -16 -9 -29
+0 -12 -6 -31 -14 -41 -14 -19 -15 -19 -49 -1 -34 19 -87 103 -87 138 0 33 68
+88 109 88 12 0 21 5 21 10 0 6 16 10 35 10 25 0 35 -4 35 -16z"/>
+</g>
+</svg>

client/ios/Media.xcassets/AppIcon.appiconset/Contents.json

@@ -0,0 +1,62 @@
+{
+  "images" : [
+    {
+      "filename" : "icon_40x40.png",
+      "idiom" : "iphone",
+      "scale" : "2x",
+      "size" : "20x20"
+    },
+    {
+      "filename" : "icon_60x60.png",
+      "idiom" : "iphone",
+      "scale" : "3x",
+      "size" : "20x20"
+    },
+    {
+      "filename" : "icon_58x58.png",
+      "idiom" : "iphone",
+      "scale" : "2x",
+      "size" : "29x29"
+    },
+    {
+      "filename" : "icon_87x87.png",
+      "idiom" : "iphone",
+      "scale" : "3x",
+      "size" : "29x29"
+    },
+    {
+      "filename" : "icon_80x80.png",
+      "idiom" : "iphone",
+      "scale" : "2x",
+      "size" : "40x40"
+    },
+    {
+      "filename" : "icon_120x120.png",
+      "idiom" : "iphone",
+      "scale" : "3x",
+      "size" : "40x40"
+    },
+    {
+      "filename" : "icon_120x120-1.png",
+      "idiom" : "iphone",
+      "scale" : "2x",
+      "size" : "60x60"
+    },
+    {
+      "filename" : "icon_180x180.png",
+      "idiom" : "iphone",
+      "scale" : "3x",
+      "size" : "60x60"
+    },
+    {
+      "filename" : "icon_1024x1024.png",
+      "idiom" : "ios-marketing",
+      "scale" : "1x",
+      "size" : "1024x1024"
+    }
+  ],
+  "info" : {
+    "author" : "xcode",
+    "version" : 1
+  }
+}

client/ios/Media.xcassets/Contents.json

@@ -0,0 +1,6 @@
+{
+  "info" : {
+    "author" : "xcode",
+    "version" : 1
+  }
+}

client/ios/app/AmneziaVPNLaunchScreen.storyboard

@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<document type="com.apple.InterfaceBuilder3.CocoaTouch.Storyboard.XIB" version="3.0" toolsVersion="17506" targetRuntime="iOS.CocoaTouch" propertyAccessControl="none" useAutolayout="YES" launchScreen="YES" useTraitCollections="YES" useSafeAreas="YES" colorMatched="YES" initialViewController="01J-lp-oVM">
+    <device id="ipad12_9rounded" orientation="portrait" layout="fullscreen" appearance="light"/>
+    <dependencies>
+        <deployment identifier="iOS"/>
+        <plugIn identifier="com.apple.InterfaceBuilder.IBCocoaTouchPlugin" version="17505"/>
+        <capability name="Safe area layout guides" minToolsVersion="9.0"/>
+        <capability name="documents saved in the Xcode 8 format" minToolsVersion="8.0"/>
+    </dependencies>
+    <scenes>
+        <!--View Controller-->
+        <scene sceneID="EHf-IW-A2E">
+            <objects>
+                <viewController id="01J-lp-oVM" sceneMemberID="viewController">
+                    <view key="view" contentMode="scaleToFill" id="gZ9-gc-3t5">
+                        <rect key="frame" x="0.0" y="0.0" width="1024" height="1366"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMaxY="YES"/>
+                        <subviews>
+                            <imageView clipsSubviews="YES" userInteractionEnabled="NO" contentMode="scaleAspectFit" horizontalHuggingPriority="251" verticalHuggingPriority="251" image="launch.png" translatesAutoresizingMaskIntoConstraints="NO" id="q5g-aV-39U">
+                                <rect key="frame" x="467" y="638" width="90" height="90"/>
+                                <constraints>
+                                    <constraint firstAttribute="width" constant="90" id="VFp-nz-h8O"/>
+                                    <constraint firstAttribute="height" constant="90" id="ZUg-Ud-mgE"/>
+                                </constraints>
+                            </imageView>
+                        </subviews>
+                        <viewLayoutGuide key="safeArea" id="Whf-X3-AA4"/>
+                        <color key="backgroundColor" white="0.0" alpha="1" colorSpace="custom" customColorSpace="genericGamma22GrayColorSpace"/>
+                        <constraints>
+                            <constraint firstItem="q5g-aV-39U" firstAttribute="centerX" secondItem="gZ9-gc-3t5" secondAttribute="centerX" id="Ayw-bo-LVF"/>
+                            <constraint firstItem="q5g-aV-39U" firstAttribute="centerY" secondItem="gZ9-gc-3t5" secondAttribute="centerY" id="YHd-Kc-J0u"/>
+                        </constraints>
+                    </view>
+                </viewController>
+                <placeholder placeholderIdentifier="IBFirstResponder" id="iYj-Kq-Ea1" userLabel="First Responder" sceneMemberID="firstResponder"/>
+            </objects>
+            <point key="canvasLocation" x="53" y="375"/>
+        </scene>
+    </scenes>
+    <resources>
+        <image name="launch.png" width="1024" height="1024"/>
+    </resources>
+</document>

client/ios/app/Images.xcassets/AppIcon.appiconset/Contents.json

@@ -0,0 +1,116 @@
+{
+  "images" : [
+    {
+      "filename" : "icon-ios-20@2x.png",
+      "idiom" : "iphone",
+      "scale" : "2x",
+      "size" : "20x20"
+    },
+    {
+      "filename" : "icon-ios-20@3x.png",
+      "idiom" : "iphone",
+      "scale" : "3x",
+      "size" : "20x20"
+    },
+    {
+      "filename" : "icon-ios-29@2x-1.png",
+      "idiom" : "iphone",
+      "scale" : "2x",
+      "size" : "29x29"
+    },
+    {
+      "filename" : "icon-ios-29@3x.png",
+      "idiom" : "iphone",
+      "scale" : "3x",
+      "size" : "29x29"
+    },
+    {
+      "filename" : "icon-ios-40@2x-1.png",
+      "idiom" : "iphone",
+      "scale" : "2x",
+      "size" : "40x40"
+    },
+    {
+      "filename" : "icon-ios-40@3x.png",
+      "idiom" : "iphone",
+      "scale" : "3x",
+      "size" : "40x40"
+    },
+    {
+      "filename" : "icon-ios-60@2x.png",
+      "idiom" : "iphone",
+      "scale" : "2x",
+      "size" : "60x60"
+    },
+    {
+      "filename" : "icon-ios-60@3x.png",
+      "idiom" : "iphone",
+      "scale" : "3x",
+      "size" : "60x60"
+    },
+    {
+      "filename" : "icon-ios-20@1x.png",
+      "idiom" : "ipad",
+      "scale" : "1x",
+      "size" : "20x20"
+    },
+    {
+      "filename" : "icon-ios-20@2x-1.png",
+      "idiom" : "ipad",
+      "scale" : "2x",
+      "size" : "20x20"
+    },
+    {
+      "filename" : "icon-ios-29@1x.png",
+      "idiom" : "ipad",
+      "scale" : "1x",
+      "size" : "29x29"
+    },
+    {
+      "filename" : "icon-ios-29@2x.png",
+      "idiom" : "ipad",
+      "scale" : "2x",
+      "size" : "29x29"
+    },
+    {
+      "filename" : "icon-ios-40@1x.png",
+      "idiom" : "ipad",
+      "scale" : "1x",
+      "size" : "40x40"
+    },
+    {
+      "filename" : "icon-ios-40@2x.png",
+      "idiom" : "ipad",
+      "scale" : "2x",
+      "size" : "40x40"
+    },
+    {
+      "filename" : "icon-ios-76@1x.png",
+      "idiom" : "ipad",
+      "scale" : "1x",
+      "size" : "76x76"
+    },
+    {
+      "filename" : "icon-ios-76@2x.png",
+      "idiom" : "ipad",
+      "scale" : "2x",
+      "size" : "76x76"
+    },
+    {
+      "filename" : "icon-ios-83.5@2x.png",
+      "idiom" : "ipad",
+      "scale" : "2x",
+      "size" : "83.5x83.5"
+    },
+    {
+      "filename" : "icon-ios-1024@1x.png",
+      "idiom" : "ios-marketing",
+      "scale" : "1x",
+      "size" : "1024x1024"
+    }
+  ],
+  "info" : {
+    "author" : "xcode",
+    "version" : 1
+  }
+}

client/ios/app/Images.xcassets/Contents.json

@@ -0,0 +1,6 @@
+{
+  "info" : {
+    "author" : "xcode",
+    "version" : 1
+  }
+}

client/ios/app/Info.plist

@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>CFBundleAllowMixedLocalizations</key>
+	<true/>
+	<key>CFBundleDevelopmentRegion</key>
+	<string>$(DEVELOPMENT_LANGUAGE)</string>
+	<key>CFBundleDisplayName</key>
+	<string>AmneziaVPN</string>
+	<key>CFBundleExecutable</key>
+	<string>$(EXECUTABLE_NAME)</string>
+	<key>CFBundleIcons</key>
+	<dict/>
+	<key>CFBundleIcons~ipad</key>
+	<dict/>
+	<key>CFBundleIdentifier</key>
+	<string>$(PRODUCT_BUNDLE_IDENTIFIER)</string>
+	<key>CFBundleInfoDictionaryVersion</key>
+	<string>6.0</string>
+	<key>CFBundleName</key>
+	<string>${APP_DISPLAY_NAME}</string>
+	<key>CFBundlePackageType</key>
+	<string>APPL</string>
+	<key>CFBundleShortVersionString</key>
+	<string>$(MARKETING_VERSION)</string>
+	<key>CFBundleVersion</key>
+	<string>$(CURRENT_PROJECT_VERSION)</string>
+	<key>ITSAppUsesNonExemptEncryption</key>
+	<false/>
+	<key>LSRequiresIPhoneOS</key>
+	<true/>
+	<key>LSSupportsOpeningDocumentsInPlace</key>
+	<false/>
+	<key>UILaunchStoryboardName</key>
+	<string>AmneziaVPNLaunchScreen</string>
+	<key>UIRequiresFullScreen</key>
+	<true/>
+	<key>UISupportedInterfaceOrientations</key>
+	<array>
+		<string>UIInterfaceOrientationPortraitUpsideDown</string>
+		<string>UIInterfaceOrientationPortrait</string>
+	</array>
+	<key>UISupportedInterfaceOrientations~ipad</key>
+	<array/>
+	<key>UIUserInterfaceStyle</key>
+	<string>Light</string>
+</dict>
+</plist>

client/ios/app/main.entitlements

@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>com.apple.developer.networking.networkextension</key>
+	<array>
+		<string>packet-tunnel-provider</string>
+	</array>
+	<key>com.apple.security.application-groups</key>
+	<array>
+		<string>group.ru.kotit.AmneziaVPN.udev</string>
+	</array>
+	<key>com.apple.security.files.user-selected.read-write</key>
+	<true/>
+    <key>keychain-access-groups</key>
+    <array>
+        <string>$(AppIdentifierPrefix)group.ru.kotit.AmneziaVPN.udev</string>
+    </array>
+</dict>
+</plist>

client/ios/networkextension/AmneziaVPNNetworkExtension.entitlements

@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>com.apple.developer.networking.networkextension</key>
+	<array>
+		<string>packet-tunnel-provider</string>
+	</array>
+	<key>com.apple.security.application-groups</key>
+	<array>
+		<string>group.ru.kotit.AmneziaVPN.udev</string>
+	</array>
+    <key>keychain-access-groups</key>
+    <array>
+        <string>$(AppIdentifierPrefix)group.ru.kotit.AmneziaVPN.udev</string>
+    </array>
+</dict>
+</plist>

client/ios/xcode.xconfig

@@ -0,0 +1,13 @@
+DEVELOPMENT_TEAM = <X7UJ388FXK>
+
+# MacOS configuration
+GROUP_ID_MACOS = <>
+APP_ID_MACOS = <>
+NETEXT_ID_MACOS = <>
+LOGIN_ID_MACOS = <>
+NATIVEMESSAGING_ID_MACOS = <>
+
+# IOS configuration
+GROUP_ID_IOS = group.org.mozilla.ios.Guardian
+APP_ID_IOS = org.mozilla.ios.FirefoxVPN
+NETEXT_ID_IOS = org.mozilla.ios.FirefoxVPN.network-extension