checking docker status

adding docker readiness status check to
servercontroller.cpp

.github/workflows/deploy.yml

@@ -1,7 +1,12 @@
 name: 'Deploy workflow'
 
+on:
+  push:
+    branches:
+      - '**'
 
-on: [push]
+env:
+  QT_MIRROR: https://mirrors.ocf.berkeley.edu/qt/ # https://download.qt.io/static/mirrorlist/
 
 jobs:
   Build-Linux-Ubuntu:
@@ -25,7 +30,7 @@ jobs:
         setup-python: 'true'
         tools: 'tools_ifw'
         set-env: 'true'
-        extra: '--external 7z'
+        extra: '--external 7z --base ${{ env.QT_MIRROR }}'
 
     - name: 'Get sources'
       uses: actions/checkout@v3
@@ -89,7 +94,7 @@ jobs:
         setup-python: 'true'
         tools: 'tools_ifw'
         set-env: 'true'
-        extra: '--external 7z'
+        extra: '--external 7z --base ${{ env.QT_MIRROR }}'
 
     - name: 'Setup mvsc'
       uses: ilammy/msvc-dev-cmd@v1
@@ -119,15 +124,14 @@ jobs:
 
 # ------------------------------------------------------
 
-  Build-IOS:
-    name: 'Build-IOS'
+  Build-iOS:
+    name: 'Build-iOS'
     runs-on: macos-12
 
     env:
       QT_VERSION: 6.5.2
 
     steps:
-    # Just select XCode
     - name: 'Setup xcode'
       uses: maxim-lobanov/setup-xcode@v1
       with:
@@ -143,6 +147,7 @@ jobs:
         arch: 'clang_64'
         dir: ${{ runner.temp }}
         set-env: 'true'
+        extra: '--base ${{ env.QT_MIRROR }}'
 
     - name: 'Install iOS Qt'
       uses: jurplel/install-qt-action@v3
@@ -154,7 +159,7 @@ jobs:
         dir: ${{ runner.temp }}
         setup-python: 'true'
         set-env: 'true'
-        extra: '--external 7z'
+        extra: '--external 7z --base ${{ env.QT_MIRROR }}'
 
     - name: 'Install go'
       uses: actions/setup-go@v3
@@ -174,7 +179,7 @@ jobs:
     - name: 'Setup ccache'
       uses: hendrikmuhs/ccache-action@v1.2
 
-    - name: Install dependencies
+    - name: 'Install dependencies'
       run: pip install jsonschema jinja2
 
     - name: 'Build project'
@@ -232,7 +237,7 @@ jobs:
         setup-python: 'true'
         tools: 'tools_ifw'
         set-env: 'true'
-        extra: '--external 7z'
+        extra: '--external 7z --base ${{ env.QT_MIRROR }}'
 
     - name: 'Get sources'
       uses: actions/checkout@v3
@@ -296,7 +301,7 @@ jobs:
         dir: ${{ runner.temp }}
         setup-python: 'true'
         set-env: 'true'
-        extra: '--external 7z'
+        extra: '--external 7z --base ${{ env.QT_MIRROR }}'
 
     - name: 'Install android Qt'
       uses: jurplel/install-qt-action@v3
@@ -309,7 +314,7 @@ jobs:
         dir: ${{ runner.temp }}
         setup-python: 'true'
         set-env: 'true'
-        extra: '--external 7z'
+        extra: '--external 7z --base ${{ env.QT_MIRROR }}'
 
     - name: 'Grant execute permission for qt-cmake'
       shell: bash

.github/workflows/tag-upload.yml

@@ -0,0 +1,64 @@
+name: 'Upload a new version'
+
+on:
+  push:
+    tags:
+    - '[0-9]+.[0-9]+.[0-9]+.[0-9]+'
+
+jobs:
+  upload:
+    runs-on: ubuntu-latest
+    name: upload
+    steps:
+      - name: Checkout CMakeLists.txt
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.ref_name }}
+          sparse-checkout: |
+            CMakeLists.txt
+          sparse-checkout-cone-mode: false
+
+      - name: Verify git tag
+        run: |
+          GIT_TAG=${{ github.ref_name }}
+          CMAKE_TAG=$(grep 'project.*VERSION' CMakeLists.txt | sed -E 's/.* ([0-9]+.[0-9]+.[0-9]+.[0-9]+)$/\1/')
+
+          if [[ "$GIT_TAG" == "$CMAKE_TAG" ]]; then
+            echo "Git tag ($GIT_TAG) and version in CMakeLists.txt ($CMAKE_TAG) are the same. Continuing..."
+          else
+            echo "Git tag ($GIT_TAG) and version in CMakeLists.txt ($CMAKE_TAG) are not the same! Cancelling..."
+            exit 1
+          fi
+
+      - name: Download artifacts from the "${{ github.ref_name }}" tag
+        uses: robinraju/release-downloader@v1.8
+        with:
+          tag: ${{ github.ref_name }}
+          fileName: "AmneziaVPN_(Linux_|)${{ github.ref_name }}*"
+          out-file-path: ${{ github.ref_name }}
+
+      - name: Upload beta version
+        uses: jakejarvis/s3-sync-action@master
+        if: contains(github.event.base_ref, 'dev')
+        with:
+          args: --include "AmneziaVPN*" --delete
+        env:
+          AWS_S3_BUCKET: updates
+          AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_SECRET_ACCESS_KEY }}
+          AWS_S3_ENDPOINT: https://${{ vars.CF_ACCOUNT_ID }}.r2.cloudflarestorage.com
+          SOURCE_DIR: ${{ github.ref_name }}
+          DEST_DIR: beta/${{ github.ref_name }}
+
+      - name: Upload stable version
+        uses: jakejarvis/s3-sync-action@master
+        if: contains(github.event.base_ref, 'master')
+        with:
+          args: --include "AmneziaVPN*" --delete
+        env:
+          AWS_S3_BUCKET: updates
+          AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_SECRET_ACCESS_KEY }}
+          AWS_S3_ENDPOINT: https://${{ vars.CF_ACCOUNT_ID }}.r2.cloudflarestorage.com
+          SOURCE_DIR: ${{ github.ref_name }}
+          DEST_DIR: stable/${{ github.ref_name }}

CMakeLists.txt

@@ -2,7 +2,7 @@ cmake_minimum_required(VERSION 3.25.0 FATAL_ERROR)
 
 set(PROJECT AmneziaVPN)
 
-project(${PROJECT} VERSION 4.0.8.2
+project(${PROJECT} VERSION 4.1.0.1
         DESCRIPTION "AmneziaVPN"
         HOMEPAGE_URL "https://amnezia.org/"
 )

client/amnezia_application.cpp

@@ -139,7 +139,8 @@ void AmneziaApplication::init()
             &ConnectionController::openConnection);
     connect(m_notificationHandler.get(), &NotificationHandler::disconnectRequested, m_connectionController.get(),
             &ConnectionController::closeConnection);
-    connect(this, &AmneziaApplication::translationsUpdated, m_notificationHandler.get(),  &NotificationHandler::onTranslationsUpdated);
+    connect(this, &AmneziaApplication::translationsUpdated, m_notificationHandler.get(),
+            &NotificationHandler::onTranslationsUpdated);
 
     m_engine->load(url);
     m_systemController->setQmlRoot(m_engine->rootObjects().value(0));
@@ -226,14 +227,13 @@ void AmneziaApplication::loadTranslator()
     updateTranslator(locale);
 }
 
-
 void AmneziaApplication::updateTranslator(const QLocale &locale)
 {
     if (!m_translator->isEmpty()) {
         QCoreApplication::removeTranslator(m_translator.get());
     }
 
-    QString strFileName = QString(":/translations/amneziavpn")+QLatin1String("_")+locale.name()+".qm";
+    QString strFileName = QString(":/translations/amneziavpn") + QLatin1String("_") + locale.name() + ".qm";
     if (m_translator->load(strFileName)) {
         if (QCoreApplication::installTranslator(m_translator.get())) {
             m_settings->setAppLanguage(locale);
@@ -286,6 +286,10 @@ void AmneziaApplication::initModels()
     m_engine->rootContext()->setContextProperty("ServersModel", m_serversModel.get());
     connect(m_serversModel.get(), &ServersModel::currentlyProcessedServerIndexChanged, m_containersModel.get(),
             &ContainersModel::setCurrentlyProcessedServerIndex);
+    connect(m_serversModel.get(), &ServersModel::defaultServerIndexChanged, m_containersModel.get(),
+            &ContainersModel::setCurrentlyProcessedServerIndex);
+    connect(m_containersModel.get(), &ContainersModel::containersModelUpdated, m_serversModel.get(),
+            &ServersModel::updateContainersConfig);
 
     m_languageModel.reset(new LanguageModel(m_settings, this));
     m_engine->rootContext()->setContextProperty("LanguageModel", m_languageModel.get());
@@ -294,15 +298,7 @@ void AmneziaApplication::initModels()
 
     m_sitesModel.reset(new SitesModel(m_settings, this));
     m_engine->rootContext()->setContextProperty("SitesModel", m_sitesModel.get());
-    connect(m_containersModel.get(), &ContainersModel::defaultContainerChanged, this, [this]() {
-        if (m_containersModel->getDefaultContainer() == DockerContainer::WireGuard
-            && m_sitesModel->getRouteMode() != Settings::RouteMode::VpnAllSites) {
-            m_sitesModel->setRouteMode(Settings::RouteMode::VpnAllSites);
-            emit m_pageController->showNotificationMessage(
-                    tr("Split tunneling for WireGuard is not implemented, the option was disabled"));
-        }
-    });
-
+    
     m_protocolsModel.reset(new ProtocolsModel(m_settings, this));
     m_engine->rootContext()->setContextProperty("ProtocolsModel", m_protocolsModel.get());
 
@@ -335,7 +331,8 @@ void AmneziaApplication::initControllers()
     m_connectionController.reset(new ConnectionController(m_serversModel, m_containersModel, m_vpnConnection));
     m_engine->rootContext()->setContextProperty("ConnectionController", m_connectionController.get());
 
-    connect(this, &AmneziaApplication::translationsUpdated, m_connectionController.get(), &ConnectionController::onTranslationsUpdated);
+    connect(this, &AmneziaApplication::translationsUpdated, m_connectionController.get(),
+            &ConnectionController::onTranslationsUpdated);
 
     m_pageController.reset(new PageController(m_serversModel, m_settings));
     m_engine->rootContext()->setContextProperty("PageController", m_pageController.get());

client/android/AndroidManifest.xml

@@ -45,6 +45,7 @@
             android:label="-- %%INSERT_APP_NAME%% --"
             android:screenOrientation="unspecified"
             android:launchMode="singleInstance"
+            android:windowSoftInputMode="adjustResize"
             android:exported="true">
     
 <!--            android:theme="@style/splashScreenTheme"-->

client/android/build.gradle

@@ -138,8 +138,8 @@ android {
         resConfig "en"
         minSdkVersion = 24
         targetSdkVersion = 34
-        versionCode 36 // Change to a higher number
-        versionName "4.0.8" // Change to a higher number
+        versionCode 39 // Change to a higher number
+        versionName "4.1.0" // Change to a higher number
 
         javaCompileOptions.annotationProcessorOptions.arguments = [
             "room.schemaLocation": "${qtAndroidDir}/schemas".toString()

client/android/src/com/wireguard/config/IPRange.java

@@ -0,0 +1,509 @@
+/*
+ * Copyright (C) 2012-2017 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+package com.wireguard.config;
+
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+
+import androidx.annotation.NonNull;
+
+/**
+ * Class that represents a range of IP addresses. This range could be a proper subnet, but that's
+ * not necessarily the case (see {@code getPrefix} and {@code toSubnets}).
+ */
+public class IPRange implements Comparable<IPRange>
+{
+	private final byte[] mBitmask = { (byte)0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
+	private byte[] mFrom;
+	private byte[] mTo;
+	private Integer mPrefix;
+
+	/**
+	 * Determine if the range is a proper subnet and, if so, what the network prefix is.
+	 */
+	private void determinePrefix()
+	{
+		boolean matching = true;
+
+		mPrefix = mFrom.length * 8;
+		for (int i = 0; i < mFrom.length; i++)
+		{
+			for (int bit = 0; bit < 8; bit++)
+			{
+				if (matching)
+				{
+					if ((mFrom[i] & mBitmask[bit]) != (mTo[i] & mBitmask[bit]))
+					{
+						mPrefix = (i * 8) + bit;
+						matching = false;
+					}
+				}
+				else
+				{
+					if ((mFrom[i] & mBitmask[bit]) != 0 || (mTo[i] & mBitmask[bit]) == 0)
+					{
+						mPrefix = null;
+						return;
+					}
+				}
+			}
+		}
+	}
+
+	private IPRange(byte[] from, byte[] to)
+	{
+		mFrom = from;
+		mTo = to;
+		determinePrefix();
+	}
+
+	public IPRange(String from, String to) throws UnknownHostException
+	{
+		this(Utils.parseInetAddress(from), Utils.parseInetAddress(to));
+	}
+
+	public IPRange(InetAddress from, InetAddress to)
+	{
+		initializeFromRange(from, to);
+	}
+
+	private void initializeFromRange(InetAddress from, InetAddress to)
+	{
+		byte[] fa = from.getAddress(), ta = to.getAddress();
+		if (fa.length != ta.length)
+		{
+			throw new IllegalArgumentException("Invalid range");
+		}
+		if (compareAddr(fa, ta) < 0)
+		{
+			mFrom = fa;
+			mTo = ta;
+		}
+		else
+		{
+			mTo = fa;
+			mFrom = ta;
+		}
+		determinePrefix();
+	}
+
+	public IPRange(String base, int prefix) throws UnknownHostException
+	{
+		this(Utils.parseInetAddress(base), prefix);
+	}
+
+	public IPRange(InetAddress base, int prefix)
+	{
+		this(base.getAddress(), prefix);
+	}
+
+	private IPRange(byte[] from, int prefix)
+	{
+		initializeFromCIDR(from, prefix);
+	}
+
+	private void initializeFromCIDR(byte[] from, int prefix)
+	{
+		if (from.length != 4 && from.length != 16)
+		{
+			throw new IllegalArgumentException("Invalid address");
+		}
+		if (prefix < 0 || prefix > from.length * 8)
+		{
+			throw new IllegalArgumentException("Invalid prefix");
+		}
+		byte[] to = from.clone();
+		byte mask = (byte)(0xff << (8 - prefix % 8));
+		int i = prefix / 8;
+
+		if (i < from.length)
+		{
+			from[i] = (byte)(from[i] & mask);
+			to[i] = (byte)(to[i] | ~mask);
+			Arrays.fill(from, i+1, from.length, (byte)0);
+			Arrays.fill(to, i+1, to.length, (byte)0xff);
+		}
+		mFrom = from;
+		mTo = to;
+		mPrefix = prefix;
+	}
+
+	public IPRange(String cidr) throws UnknownHostException
+	{
+		/* only verify the basic structure */
+		if (!cidr.matches("(?i)^(([0-9.]+)|([0-9a-f:]+))(-(([0-9.]+)|([0-9a-f:]+))|(/\\d+))?$"))
+		{
+			throw new IllegalArgumentException("Invalid CIDR or range notation");
+		}
+		if (cidr.contains("-"))
+		{
+			String[] parts = cidr.split("-");
+			InetAddress from = InetAddress.getByName(parts[0]);
+			InetAddress to = InetAddress.getByName(parts[1]);
+			initializeFromRange(from, to);
+		}
+		else
+		{
+			String[] parts = cidr.split("/");
+			InetAddress addr = InetAddress.getByName(parts[0]);
+			byte[] base = addr.getAddress();
+			int prefix = base.length * 8;
+			if (parts.length > 1)
+			{
+				prefix = Integer.parseInt(parts[1]);
+			}
+			initializeFromCIDR(base, prefix);
+		}
+	}
+
+	/**
+	 * Returns the first address of the range. The network ID in case this is a proper subnet.
+	 */
+	public InetAddress getFrom()
+	{
+		try
+		{
+			return InetAddress.getByAddress(mFrom);
+		}
+		catch (UnknownHostException ignored)
+		{
+			return null;
+		}
+	}
+
+	/**
+	 * Returns the last address of the range.
+	 */
+	public InetAddress getTo()
+	{
+		try
+		{
+			return InetAddress.getByAddress(mTo);
+		}
+		catch (UnknownHostException ignored)
+		{
+			return null;
+		}
+	}
+
+	/**
+	 * If this range is a proper subnet returns its prefix, otherwise returns null.
+	 */
+	public Integer getPrefix()
+	{
+		return mPrefix;
+	}
+
+	@Override
+	public int compareTo(@NonNull IPRange other)
+	{
+		int cmp = compareAddr(mFrom, other.mFrom);
+		if (cmp == 0)
+		{	/* smaller ranges first */
+			cmp = compareAddr(mTo, other.mTo);
+		}
+		return cmp;
+	}
+
+	@Override
+	public boolean equals(Object o)
+	{
+		if (o == null || !(o instanceof IPRange))
+		{
+			return false;
+		}
+		return this == o || compareTo((IPRange)o) == 0;
+	}
+
+	@Override
+	public String toString()
+	{
+		try
+		{
+			if (mPrefix != null)
+			{
+				return InetAddress.getByAddress(mFrom).getHostAddress() + "/" + mPrefix;
+			}
+			return InetAddress.getByAddress(mFrom).getHostAddress() + "-" +
+				   InetAddress.getByAddress(mTo).getHostAddress();
+		}
+		catch (UnknownHostException ignored)
+		{
+			return super.toString();
+		}
+	}
+
+	private int compareAddr(byte a[], byte b[])
+	{
+		if (a.length != b.length)
+		{
+			return (a.length < b.length) ? -1 : 1;
+		}
+		for (int i = 0; i < a.length; i++)
+		{
+			if (a[i] != b[i])
+			{
+				if (((int)a[i] & 0xff) < ((int)b[i] & 0xff))
+				{
+					return -1;
+				}
+				else
+				{
+					return 1;
+				}
+			}
+		}
+		return 0;
+	}
+
+	/**
+	 * Check if this range fully contains the given range.
+	 */
+	public boolean contains(IPRange range)
+	{
+		return compareAddr(mFrom, range.mFrom) <= 0 && compareAddr(range.mTo, mTo) <= 0;
+	}
+
+	/**
+	 * Check if this and the given range overlap.
+	 */
+	public boolean overlaps(IPRange range)
+	{
+		return !(compareAddr(mTo, range.mFrom) < 0 || compareAddr(range.mTo, mFrom) < 0);
+	}
+
+	private byte[] dec(byte[] addr)
+	{
+		for (int i = addr.length - 1; i >= 0; i--)
+		{
+			if (--addr[i] != (byte)0xff)
+			{
+				break;
+			}
+		}
+		return addr;
+	}
+
+	private byte[] inc(byte[] addr)
+	{
+		for (int i = addr.length - 1; i >= 0; i--)
+		{
+			if (++addr[i] != 0)
+			{
+				break;
+			}
+		}
+		return addr;
+	}
+
+	/**
+	 * Remove the given range from the current range.  Returns a list of resulting ranges (these are
+	 * not proper subnets). At most two ranges are returned, in case the given range is contained in
+	 * this but does not equal it, which would result in an empty list (which is also the case if
+	 * this range is fully contained in the given range).
+	 */
+	public List<IPRange> remove(IPRange range)
+	{
+		ArrayList<IPRange> list = new ArrayList<>();
+		if (!overlaps(range))
+		{	/*           | this | or | this |
+		     * | range |                     | range | */
+			list.add(this);
+		}
+		else if (!range.contains(this))
+		{	/* we are not completely removed, so none of these cases applies:
+			 * | this  | or  | this  |   or   | this  |
+		     * | range |     | range   |    |   range | */
+			if (compareAddr(mFrom, range.mFrom) < 0 && compareAddr(range.mTo, mTo) < 0)
+			{	/* the removed range is completely within our boundaries:
+				 * |    this    |
+				 *   | range |   */
+				list.add(new IPRange(mFrom, dec(range.mFrom.clone())));
+				list.add(new IPRange(inc(range.mTo.clone()), mTo));
+			}
+			else
+			{	/* one end is within our boundaries the other at or outside it:
+			     * | this     | or    | this     | or | this    |  or  | this    |
+			     * | range |       | range |            | range |           | range | */
+				byte[] from = compareAddr(mFrom, range.mFrom) < 0 ? mFrom : inc(range.mTo.clone());
+				byte[] to = compareAddr(mTo, range.mTo) > 0 ? mTo : dec(range.mFrom.clone());
+				list.add(new IPRange(from, to));
+			}
+		}
+		return list;
+	}
+
+	private boolean adjacent(IPRange range)
+	{
+		if (compareAddr(mTo, range.mFrom) < 0)
+		{
+			byte[] to = inc(mTo.clone());
+			return compareAddr(to, range.mFrom) == 0;
+		}
+		byte[] from = dec(mFrom.clone());
+		return compareAddr(from, range.mTo) == 0;
+	}
+
+	/**
+	 * Merge two adjacent or overlapping ranges, returns null if it's not possible to merge them.
+	 */
+	public IPRange merge(IPRange range)
+	{
+		if (overlaps(range))
+		{
+			if (contains(range))
+			{
+				return this;
+			}
+			else if (range.contains(this))
+			{
+				return range;
+			}
+		}
+		else if (!adjacent(range))
+		{
+			return null;
+		}
+		byte[] from = compareAddr(mFrom, range.mFrom) < 0 ? mFrom : range.mFrom;
+		byte[] to = compareAddr(mTo, range.mTo) > 0 ? mTo : range.mTo;
+		return new IPRange(from, to);
+	}
+
+	/**
+	 * Split the given range into a sorted list of proper subnets.
+	 */
+	public List<IPRange> toSubnets()
+	{
+		ArrayList<IPRange> list = new ArrayList<>();
+		if (mPrefix != null)
+		{
+			list.add(this);
+		}
+		else
+		{
+			int i = 0, bit = 0, prefix, netmask, common_byte, common_bit;
+			int from_cur, from_prev = 0, to_cur, to_prev = 1;
+			boolean from_full = true, to_full = true;
+
+			byte[] from = mFrom.clone();
+			byte[] to = mTo.clone();
+
+			/* find a common prefix */
+			while (i < from.length && (from[i] & mBitmask[bit]) == (to[i] & mBitmask[bit]))
+			{
+				if (++bit == 8)
+				{
+					bit = 0;
+					i++;
+				}
+			}
+			prefix = i * 8 + bit;
+
+			/* at this point we know that the addresses are either equal, or that the
+			 * current bits in the 'from' and 'to' addresses are 0 and 1, respectively.
+			 * we now look at the rest of the bits as two binary trees (0=left, 1=right)
+			 * where 'from' and 'to' are both leaf nodes.  all leaf nodes between these
+			 * nodes are addresses contained in the range.  to collect them as subnets
+			 * we follow the trees from both leaf nodes to their root node and record
+			 * all complete subtrees (right for from, left for to) we come across as
+			 * subnets.  in that process host bits are zeroed out.  if both addresses
+			 * are equal we won't enter the loop below.
+			 *      0_____|_____1       for the 'from' address we assume we start on a
+			 *   0__|__ 1    0__|__1    left subtree (0) and follow the left edges until
+			 *  _|_   _|_   _|_   _|_   we reach the root of this subtree, which is
+			 * |   | |   | |   | |   |  either the root of this whole 'from'-subtree
+			 * 0   1 0   1 0   1 0   1  (causing us to leave the loop) or the root node
+			 * of the right subtree (1) of another node (which actually could be the
+			 * leaf node we start from).  that whole subtree gets recorded as subnet.
+			 * next we follow the right edges to the root of that subtree which again is
+			 * either the 'from'-root or the root node in the left subtree (0) of
+			 * another node.  the complete right subtree of that node is the next subnet
+			 * we record.  from there we assume that we are in that right subtree and
+			 * recursively follow right edges to its root.  for the 'to' address the
+			 * procedure is exactly the same but with left and right reversed.
+			 */
+			if (++bit == 8)
+			{
+				bit = 0;
+				i++;
+			}
+			common_byte = i;
+			common_bit = bit;
+			netmask = from.length * 8;
+			for (i = from.length - 1; i >= common_byte; i--)
+			{
+				int bit_min = (i == common_byte) ? common_bit : 0;
+				for (bit = 7; bit >= bit_min; bit--)
+				{
+					byte mask = mBitmask[bit];
+
+					from_cur = from[i] & mask;
+					if (from_prev == 0 && from_cur != 0)
+					{	/* 0 -> 1: subnet is the whole current (right) subtree */
+						list.add(new IPRange(from.clone(), netmask));
+						from_full = false;
+					}
+					else if (from_prev != 0 && from_cur == 0)
+					{	/* 1 -> 0: invert bit to switch to right subtree and add it */
+						from[i] ^= mask;
+						list.add(new IPRange(from.clone(), netmask));
+						from_cur = 1;
+					}
+					/* clear the current bit */
+					from[i] &= ~mask;
+					from_prev = from_cur;
+
+					to_cur = to[i] & mask;
+					if (to_prev != 0 && to_cur == 0)
+					{	/* 1 -> 0: subnet is the whole current (left) subtree */
+						list.add(new IPRange(to.clone(), netmask));
+						to_full = false;
+					}
+					else if (to_prev == 0 && to_cur != 0)
+					{	/* 0 -> 1: invert bit to switch to left subtree and add it */
+						to[i] ^= mask;
+						list.add(new IPRange(to.clone(), netmask));
+						to_cur = 0;
+					}
+					/* clear the current bit */
+					to[i] &= ~mask;
+					to_prev = to_cur;
+					netmask--;
+				}
+			}
+
+			if (from_full && to_full)
+			{	/* full subnet (from=to or from=0.. and to=1.. after common prefix) - not reachable
+				 * due to the shortcut at the top */
+				list.add(new IPRange(from.clone(), prefix));
+			}
+			else if (from_full)
+			{	/* full from subnet (from=0.. after prefix) */
+				list.add(new IPRange(from.clone(), prefix + 1));
+			}
+			else if (to_full)
+			{	/* full to subnet (to=1.. after prefix) */
+				list.add(new IPRange(to.clone(), prefix + 1));
+			}
+		}
+		Collections.sort(list);
+		return list;
+	}
+}

client/android/src/com/wireguard/config/IPRangeSet.java

@@ -0,0 +1,223 @@
+/*
+ * Copyright (C) 2012-2017 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+package com.wireguard.config;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Iterator;
+import java.util.List;
+import java.util.TreeSet;
+
+/**
+ * Class that represents a set of IP address ranges (not necessarily proper subnets) and allows
+ * modifying the set and enumerating the resulting subnets.
+ */
+public class IPRangeSet implements Iterable<IPRange>
+{
+	private TreeSet<IPRange> mRanges = new TreeSet<>();
+
+	/**
+	 * Parse the given string (space separated ranges in CIDR or range notation) and return the
+	 * resulting set or {@code null} if the string was invalid. An empty set is returned if the given string
+	 * is {@code null}.
+	 */
+	public static IPRangeSet fromString(String ranges)
+	{
+		IPRangeSet set = new IPRangeSet();
+		if (ranges != null)
+		{
+			for (String range : ranges.split("\\s+"))
+			{
+				try
+				{
+					set.add(new IPRange(range));
+				}
+				catch (Exception unused)
+				{	/* besides due to invalid strings exceptions might get thrown if the string
+					 * contains a hostname (NetworkOnMainThreadException) */
+					return null;
+				}
+			}
+		}
+		return set;
+	}
+
+	/**
+	 * Add a range to this set. Automatically gets merged with existing ranges.
+	 */
+	public void add(IPRange range)
+	{
+		if (mRanges.contains(range))
+		{
+			return;
+		}
+		reinsert:
+		while (true)
+		{
+			Iterator<IPRange> iterator = mRanges.iterator();
+			while (iterator.hasNext())
+			{
+				IPRange existing = iterator.next();
+				IPRange replacement = existing.merge(range);
+				if (replacement != null)
+				{
+					iterator.remove();
+					range = replacement;
+					continue reinsert;
+				}
+			}
+			mRanges.add(range);
+			break;
+		}
+	}
+
+	/**
+	 * Add all ranges from the given set.
+	 */
+	public void add(IPRangeSet ranges)
+	{
+		if (ranges == this)
+		{
+			return;
+		}
+		for (IPRange range : ranges.mRanges)
+		{
+			add(range);
+		}
+	}
+
+	/**
+	 * Add all ranges from the given collection to this set.
+	 */
+	public void addAll(Collection<? extends IPRange> coll)
+	{
+		for (IPRange range : coll)
+		{
+			add(range);
+		}
+	}
+
+	/**
+	 * Remove the given range from this set. Existing ranges are automatically adjusted.
+	 */
+	public void remove(IPRange range)
+	{
+		ArrayList <IPRange> additions = new ArrayList<>();
+		Iterator<IPRange> iterator = mRanges.iterator();
+		while (iterator.hasNext())
+		{
+			IPRange existing = iterator.next();
+			List<IPRange> result = existing.remove(range);
+			if (result.size() == 0)
+			{
+				iterator.remove();
+			}
+			else if (!result.get(0).equals(existing))
+			{
+				iterator.remove();
+				additions.addAll(result);
+			}
+		}
+		mRanges.addAll(additions);
+	}
+
+	/**
+	 * Remove the given ranges from ranges in this set.
+	 */
+	public void remove(IPRangeSet ranges)
+	{
+		if (ranges == this)
+		{
+			mRanges.clear();
+			return;
+		}
+		for (IPRange range : ranges.mRanges)
+		{
+			remove(range);
+		}
+	}
+
+	/**
+	 * Get all the subnets derived from all the ranges in this set.
+	 */
+	public Iterable<IPRange> subnets()
+	{
+		return new Iterable<IPRange>()
+		{
+			@Override
+			public Iterator<IPRange> iterator()
+			{
+				return new Iterator<IPRange>()
+				{
+					private Iterator<IPRange> mIterator = mRanges.iterator();
+					private List<IPRange> mSubnets;
+
+					@Override
+					public boolean hasNext()
+					{
+						return (mSubnets != null && mSubnets.size() > 0) || mIterator.hasNext();
+					}
+
+					@Override
+					public IPRange next()
+					{
+						if (mSubnets == null || mSubnets.size() == 0)
+						{
+							IPRange range = mIterator.next();
+							mSubnets = range.toSubnets();
+						}
+						return mSubnets.remove(0);
+					}
+
+					@Override
+					public void remove()
+					{
+						throw new UnsupportedOperationException();
+					}
+				};
+			}
+		};
+	}
+
+	@Override
+	public Iterator<IPRange> iterator()
+	{
+		return mRanges.iterator();
+	}
+
+	/**
+	 * Returns the number of ranges, not subnets.
+	 */
+	public int size()
+	{
+		return mRanges.size();
+	}
+
+	@Override
+	public String toString()
+	{	/* we could use TextUtils, but that causes the unit tests to fail */
+		StringBuilder sb = new StringBuilder();
+		for (IPRange range : mRanges)
+		{
+			if (sb.length() > 0)
+			{
+				sb.append(" ");
+			}
+			sb.append(range.toString());
+		}
+		return sb.toString();
+	}
+}

client/android/src/com/wireguard/config/Utils.java

@@ -0,0 +1,77 @@
+/*
+ * Copyright (C) 2014-2019 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+package com.wireguard.config;
+
+
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+
+public class Utils
+{
+	static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();
+
+	/**
+	 * Converts the given byte array to a hexadecimal string encoding.
+	 *
+	 * @param bytes byte array to convert
+	 * @return hex string
+	 */
+	public static String bytesToHex(byte[] bytes)
+	{
+		char[] hex = new char[bytes.length * 2];
+		for (int i = 0; i < bytes.length; i++)
+		{
+			int value = bytes[i];
+			hex[i*2]   = HEXDIGITS[(value & 0xf0) >> 4];
+			hex[i*2+1] = HEXDIGITS[ value & 0x0f];
+		}
+		return new String(hex);
+	}
+
+	/**
+	 * Validate the given proposal string
+	 *
+	 * @param ike true for IKE, false for ESP
+	 * @param proposal proposal string
+	 * @return true if valid
+	 */
+	public native static boolean isProposalValid(boolean ike, String proposal);
+
+	/**
+	 * Parse an IP address without doing a name lookup
+	 *
+	 * @param address IP address string
+	 * @return address bytes if valid
+	 */
+	private native static byte[] parseInetAddressBytes(String address);
+
+	/**
+	 * Parse an IP address without doing a name lookup (as compared to InetAddress.fromName())
+	 *
+	 * @param address IP address string
+	 * @return address if valid
+	 * @throws UnknownHostException if address is invalid
+	 */
+	public static InetAddress parseInetAddress(String address) throws UnknownHostException
+	{
+		byte[] bytes = parseInetAddressBytes(address);
+		if (bytes == null)
+		{
+			throw new UnknownHostException();
+		}
+		return InetAddress.getByAddress(bytes);
+	}
+}

client/android/src/org/amnezia/vpn/OpenVPNThreadv3.kt

@@ -16,6 +16,8 @@ import com.wireguard.crypto.Key
 import org.json.JSONObject
 import java.util.Base64
 
+import com.wireguard.config.*
+
 import net.openvpn.ovpn3.ClientAPI_Config
 import net.openvpn.ovpn3.ClientAPI_EvalConfig
 import net.openvpn.ovpn3.ClientAPI_Event
@@ -72,6 +74,8 @@ class OpenVPNThreadv3(var service: VPNService): ClientAPI_OpenVPNClient(), Runna
 
         val jsonVpnConfig = mService.getVpnConfig()
         val ovpnConfig = jsonVpnConfig.getJSONObject("openvpn_config_data").getString("config")
+        val splitTunnelType = jsonVpnConfig.getInt("splitTunnelType")
+        val splitTunnelSites = jsonVpnConfig.getJSONArray("splitTunnelSites")
 
         val resultingConfig = StringBuilder()
         resultingConfig.append(ovpnConfig)
@@ -115,6 +119,7 @@ class OpenVPNThreadv3(var service: VPNService): ClientAPI_OpenVPNClient(), Runna
         eval_config(config)
 
         val status = connect()
+        
         if (status.getError()) {
             Log.i(tag, "connect() error: " + status.getError() + ": " + status.getMessage())
         }
@@ -139,6 +144,31 @@ class OpenVPNThreadv3(var service: VPNService): ClientAPI_OpenVPNClient(), Runna
 
     override fun tun_builder_establish(): Int {
         Log.v(tag, "tun_builder_establish")
+        val jsonVpnConfig = mService.getVpnConfig()
+
+        val splitTunnelType = jsonVpnConfig.getInt("splitTunnelType")
+        val splitTunnelSites = jsonVpnConfig.getJSONArray("splitTunnelSites")
+        if (splitTunnelType == 1) {
+            for (i in 0 until splitTunnelSites.length()) {
+                val site = splitTunnelSites.getString(i)
+                val ipRange = IPRange(site)
+                mService.addRoute(ipRange.getFrom().getHostAddress(), ipRange.getPrefix())
+            }
+        }
+        if (splitTunnelType == 2) {
+            val ipRangeSet = IPRangeSet.fromString("0.0.0.0/0")
+            ipRangeSet.remove(IPRange("127.0.0.0/8"))
+            for (i in 0 until splitTunnelSites.length()) {
+                val site = splitTunnelSites.getString(i)
+                ipRangeSet.remove(IPRange(site))
+            }
+            ipRangeSet.subnets().forEach {
+                mService.addRoute(it.getFrom().getHostAddress(), it.getPrefix())
+                Thread.sleep(10)
+            }
+            mService.addRoute("2000::", 3)
+        }
+
         return mService.establish()!!.detachFd()
     }
 

client/android/src/org/amnezia/vpn/VPNService.kt

@@ -564,6 +564,7 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
         return parseData
     }
     
+    
     /**
      * Create a Wireguard [Config]  from a [json] string -
      * The [json] will be created in AndroidVpnProtocol.cpp
@@ -571,29 +572,67 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
     private fun buildWireguardConfig(obj: JSONObject, type: String): Config {
         val confBuilder = Config.Builder()
         val wireguardConfigData = obj.getJSONObject(type)
+        val splitTunnelType = obj.getInt("splitTunnelType")
+        val splitTunnelSites = obj.getJSONArray("splitTunnelSites")
+
         val config = parseConfigData(wireguardConfigData.getString("config"))
         val peerBuilder = Peer.Builder()
         val peerConfig = config["Peer"]!!
         peerBuilder.setPublicKey(Key.fromBase64(peerConfig["PublicKey"]))
-        peerConfig["PresharedKey"]?.let {
-            peerBuilder.setPreSharedKey(Key.fromBase64(it))
+        peerConfig["PresharedKey"]?.let { peerBuilder.setPreSharedKey(Key.fromBase64(it)) }
+
+        val allIpString = peerConfig["AllowedIPs"]
+
+        var allowedIPList = peerConfig["AllowedIPs"]?.split(",") ?: emptyList()
+
+        /* default value in template */
+        if (allIpString == "0.0.0.0/0, ::/0") {
+            allowedIPList = emptyList()
         }
-        val allowedIPList = peerConfig["AllowedIPs"]?.split(",") ?: emptyList()
-        if (allowedIPList.isEmpty()) {
-            val internet = InetNetwork.parse("0.0.0.0/0") // aka The whole internet.
-            peerBuilder.addAllowedIp(internet)
+
+        if (allowedIPList.isEmpty() && (splitTunnelType == 0)) {
+            /* AllowedIP is empty and splitTunnel is turnoff */
+            /* use VPN for whole Internet */
+            val internetV4 = InetNetwork.parse("0.0.0.0/0") // aka The whole internet.
+            peerBuilder.addAllowedIp(internetV4)
+            val internetV6 = InetNetwork.parse("::/0") // aka The whole internet.
+            peerBuilder.addAllowedIp(internetV6)
         } else {
-            allowedIPList.forEach {
-                val network = InetNetwork.parse(it.trim())
-                peerBuilder.addAllowedIp(network)
+            if (!allowedIPList.isEmpty()) {
+                /* We have predefined AllowedIP in WG config */
+                /* It's have higher priority than system SplitTunnel */
+                allowedIPList.forEach {
+                    val network = InetNetwork.parse(it.trim())
+                    peerBuilder.addAllowedIp(network)
+                }
+            } else {
+                if (splitTunnelType == 1) {
+                    /* Use system SplitTunnel */
+                    /* VPN connection used only for defined IPs */
+                    for (i in 0 until splitTunnelSites.length()) {
+                        val site = splitTunnelSites.getString(i)
+                        val internet = InetNetwork.parse(site)
+                        peerBuilder.addAllowedIp(internet)
+                    }
+                }
+                if (splitTunnelType == 2) {
+                    /* Use system SplitTunnel */
+                    /* VPN connection used for all Internet exclude defined IPs */
+                    val ipRangeSet = IPRangeSet.fromString("0.0.0.0/0")
+                    ipRangeSet.remove(IPRange("127.0.0.0/8"))
+                    for (i in 0 until splitTunnelSites.length()) {
+                        val site = splitTunnelSites.getString(i)
+                        ipRangeSet.remove(IPRange(site))
+                    }
+                    val allowedIps = ipRangeSet.subnets().joinToString(", ") + ", 2000::/3"
+                    peerBuilder.parseAllowedIPs(allowedIps)
+                }
             }
         }
         val endpointConfig = peerConfig["Endpoint"]
         val endpoint = InetEndpoint.parse(endpointConfig)
         peerBuilder.setEndpoint(endpoint)
-        peerConfig["PersistentKeepalive"]?.let {
-            peerBuilder.setPersistentKeepalive(it.toInt())
-        }
+        peerConfig["PersistentKeepalive"]?.let { peerBuilder.setPersistentKeepalive(it.toInt()) }
         confBuilder.addPeer(peerBuilder.build())
 
         val ifaceBuilder = Interface.Builder()
@@ -603,7 +642,7 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
         ifaceConfig["DNS"]!!.split(",").forEach {
             ifaceBuilder.addDnsServer(InetNetwork.parse(it.trim()).address)
         }
-        
+
         ifaceBuilder.parsePrivateKey(ifaceConfig["PrivateKey"])
         if (type == "awg_config_data") {
             ifaceBuilder.parseJc(ifaceConfig["Jc"])
@@ -624,14 +663,13 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
             ifaceBuilder.parseH1("0")
             ifaceBuilder.parseH2("0")
             ifaceBuilder.parseH3("0")
-            ifaceBuilder.parseH4("0")           
-        
+            ifaceBuilder.parseH4("0")
         }
         /*val jExcludedApplication = obj.getJSONArray("excludedApps")
-    (0 until jExcludedApplication.length()).toList().forEach {
+        (0 until jExcludedApplication.length()).toList().forEach {
         val appName = jExcludedApplication.get(it).toString()
         ifaceBuilder.excludeApplication(appName)
-    }*/
+        }*/
         confBuilder.setInterface(ifaceBuilder.build())
 
         return confBuilder.build()
@@ -746,13 +784,13 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
 
     private fun startWireGuard(type: String) {
         val wireguard_conf = buildWireguardConfig(mConfig!!, type + "_config_data")
-        Log.i(tag, "startWireGuard: wireguard_conf : $wireguard_conf")
         if (currentTunnelHandle != -1) {
             Log.e(tag, "Tunnel already up")
             // Turn the tunnel down because this might be a switch
             GoBackend.wgTurnOff(currentTunnelHandle)
         }
         val wgConfig: String = wireguard_conf.toWgUserspaceString()
+        
         val builder = Builder()
         setupBuilder(wireguard_conf, builder)
         builder.setSession("Amnezia")

client/configurators/awg_configurator.cpp

@@ -17,43 +17,31 @@ QString AwgConfigurator::genAwgConfig(const ServerCredentials &credentials,
     QString config = WireguardConfigurator::genWireguardConfig(credentials, container, containerConfig, errorCode);
 
     QJsonObject jsonConfig = QJsonDocument::fromJson(config.toUtf8()).object();
+    QString awgConfig = jsonConfig.value(config_key::config).toString();
 
-    ServerController serverController(m_settings);
-    QString serverConfig = serverController.getTextFileFromContainer(container, credentials, protocols::awg::serverConfigPath, errorCode);
-
-    QMap<QString, QString> serverConfigMap;
-    auto serverConfigLines = serverConfig.split("\n");
-    for (auto &line : serverConfigLines) {
+    QMap<QString, QString> configMap;
+    auto configLines = awgConfig.split("\n");
+    for (auto &line : configLines) {
         auto trimmedLine = line.trimmed();
         if (trimmedLine.startsWith("[") && trimmedLine.endsWith("]")) {
             continue;
         } else {
             QStringList parts = trimmedLine.split(" = ");
             if (parts.count() == 2) {
-                serverConfigMap.insert(parts[0].trimmed(), parts[1].trimmed());
+                configMap.insert(parts[0].trimmed(), parts[1].trimmed());
             }
         }
     }
 
-    config.replace("$JUNK_PACKET_COUNT", serverConfigMap.value(config_key::junkPacketCount));
-    config.replace("$JUNK_PACKET_MIN_SIZE", serverConfigMap.value(config_key::junkPacketMinSize));
-    config.replace("$JUNK_PACKET_MAX_SIZE", serverConfigMap.value(config_key::junkPacketMaxSize));
-    config.replace("$INIT_PACKET_JUNK_SIZE", serverConfigMap.value(config_key::initPacketJunkSize));
-    config.replace("$RESPONSE_PACKET_JUNK_SIZE", serverConfigMap.value(config_key::responsePacketJunkSize));
-    config.replace("$INIT_PACKET_MAGIC_HEADER", serverConfigMap.value(config_key::initPacketMagicHeader));
-    config.replace("$RESPONSE_PACKET_MAGIC_HEADER", serverConfigMap.value(config_key::responsePacketMagicHeader));
-    config.replace("$UNDERLOAD_PACKET_MAGIC_HEADER", serverConfigMap.value(config_key::underloadPacketMagicHeader));
-    config.replace("$TRANSPORT_PACKET_MAGIC_HEADER", serverConfigMap.value(config_key::transportPacketMagicHeader));
-
-    jsonConfig[config_key::junkPacketCount] = serverConfigMap.value(config_key::junkPacketCount);
-    jsonConfig[config_key::junkPacketMinSize] = serverConfigMap.value(config_key::junkPacketMinSize);
-    jsonConfig[config_key::junkPacketMaxSize] = serverConfigMap.value(config_key::junkPacketMaxSize);
-    jsonConfig[config_key::initPacketJunkSize] = serverConfigMap.value(config_key::initPacketJunkSize);
-    jsonConfig[config_key::responsePacketJunkSize] = serverConfigMap.value(config_key::responsePacketJunkSize);
-    jsonConfig[config_key::initPacketMagicHeader] = serverConfigMap.value(config_key::initPacketMagicHeader);
-    jsonConfig[config_key::responsePacketMagicHeader] = serverConfigMap.value(config_key::responsePacketMagicHeader);
-    jsonConfig[config_key::underloadPacketMagicHeader] = serverConfigMap.value(config_key::underloadPacketMagicHeader);
-    jsonConfig[config_key::transportPacketMagicHeader] = serverConfigMap.value(config_key::transportPacketMagicHeader);
+    jsonConfig[config_key::junkPacketCount] = configMap.value(config_key::junkPacketCount);
+    jsonConfig[config_key::junkPacketMinSize] = configMap.value(config_key::junkPacketMinSize);
+    jsonConfig[config_key::junkPacketMaxSize] = configMap.value(config_key::junkPacketMaxSize);
+    jsonConfig[config_key::initPacketJunkSize] = configMap.value(config_key::initPacketJunkSize);
+    jsonConfig[config_key::responsePacketJunkSize] = configMap.value(config_key::responsePacketJunkSize);
+    jsonConfig[config_key::initPacketMagicHeader] = configMap.value(config_key::initPacketMagicHeader);
+    jsonConfig[config_key::responsePacketMagicHeader] = configMap.value(config_key::responsePacketMagicHeader);
+    jsonConfig[config_key::underloadPacketMagicHeader] = configMap.value(config_key::underloadPacketMagicHeader);
+    jsonConfig[config_key::transportPacketMagicHeader] = configMap.value(config_key::transportPacketMagicHeader);
 
     return QJsonDocument(jsonConfig).toJson();
 }

client/configurators/openvpn_configurator.cpp

@@ -131,10 +131,13 @@ QString OpenVpnConfigurator::processConfigWithLocalSettings(QString jsonConfig)
         config.append("block-ipv6\n");
     }
     if (m_settings->routeMode() == Settings::VpnOnlyForwardSites) {
+        
         // no redirect-gateway
     }
     if (m_settings->routeMode() == Settings::VpnAllExceptSites) {
+#ifndef Q_OS_ANDROID    
         config.append("\nredirect-gateway ipv6 !ipv4 bypass-dhcp\n");
+#endif       
         // Prevent ipv6 leak
         config.append("ifconfig-ipv6 fd15:53b6:dead::2/64  fd15:53b6:dead::1\n");
         config.append("block-ipv6\n");

client/containers/containers_defs.h

@@ -16,11 +16,11 @@ namespace amnezia
         Q_NAMESPACE
         enum DockerContainer {
             None = 0,
-            OpenVpn,
-            ShadowSocks,
-            Cloak,
-            WireGuard,
             Awg,
+            WireGuard,
+            OpenVpn,
+            Cloak,
+            ShadowSocks,
             Ipsec,
 
             // non-vpn

client/core/servercontroller.cpp

@@ -167,11 +167,8 @@ ErrorCode ServerController::uploadTextFileToContainer(DockerContainer container,
         return ErrorCode::ServerContainerMissingError;
     }
 
-    runScript(credentials,
-              replaceVars(QString("sudo shred %1").arg(tmpFileName), genVarsForScript(credentials, container)));
-
-    runScript(credentials, replaceVars(QString("sudo rm %1").arg(tmpFileName), genVarsForScript(credentials, container)));
-
+    runScript(credentials, 
+              replaceVars(QString("sudo shred -u %1").arg(tmpFileName), genVarsForScript(credentials, container)));
     return e;
 }
 
@@ -337,7 +334,7 @@ bool ServerController::isReinstallContainerRequired(DockerContainer container, c
             != newProtoConfig.value(config_key::port).toString(protocols::shadowsocks::defaultPort))
             return true;
     }
-    
+
     if (container == DockerContainer::Awg) {
         return true;
     }
@@ -371,6 +368,8 @@ ErrorCode ServerController::installDockerWorker(const ServerCredentials &credent
         return ErrorCode::ServerPacketManagerError;
     if (stdOut.contains("command not found"))
         return ErrorCode::ServerDockerFailedError;
+    if (stdOut.contains("Docker status is not active"))
+        return ErrorCode::ServerDockerFailedError;
 
     return error;
 }
@@ -490,8 +489,7 @@ ServerController::Vars ServerController::genVarsForScript(const ServerCredential
     const QJsonObject &cloakConfig = config.value(ProtocolProps::protoToString(Proto::Cloak)).toObject();
     const QJsonObject &ssConfig = config.value(ProtocolProps::protoToString(Proto::ShadowSocks)).toObject();
     const QJsonObject &wireguarConfig = config.value(ProtocolProps::protoToString(Proto::WireGuard)).toObject();
-    const QJsonObject &amneziaWireguarConfig =
-        config.value(ProtocolProps::protoToString(Proto::Awg)).toObject();
+    const QJsonObject &amneziaWireguarConfig = config.value(ProtocolProps::protoToString(Proto::Awg)).toObject();
     const QJsonObject &sftpConfig = config.value(ProtocolProps::protoToString(Proto::Sftp)).toObject();
 
     Vars vars;
@@ -591,33 +589,21 @@ ServerController::Vars ServerController::genVarsForScript(const ServerCredential
     // Amnezia wireguard vars
     vars.append({ { "$AWG_SERVER_PORT",
                     amneziaWireguarConfig.value(config_key::port).toString(protocols::awg::defaultPort) } });
-    vars.append({ { "$JUNK_PACKET_COUNT",
-                    amneziaWireguarConfig.value(config_key::junkPacketCount)
-                            .toString(protocols::awg::defaultJunkPacketCount) } });
-    vars.append({ { "$JUNK_PACKET_MIN_SIZE",
-                    amneziaWireguarConfig.value(config_key::junkPacketMinSize)
-                            .toString(protocols::awg::defaultJunkPacketMinSize) } });
-    vars.append({ { "$JUNK_PACKET_MAX_SIZE",
-                    amneziaWireguarConfig.value(config_key::junkPacketMaxSize)
-                            .toString(protocols::awg::defaultJunkPacketMaxSize) } });
-    vars.append({ { "$INIT_PACKET_JUNK_SIZE",
-                    amneziaWireguarConfig.value(config_key::initPacketJunkSize)
-                            .toString(protocols::awg::defaultInitPacketJunkSize) } });
+
+    vars.append({ { "$JUNK_PACKET_COUNT", amneziaWireguarConfig.value(config_key::junkPacketCount).toString() } });
+    vars.append({ { "$JUNK_PACKET_MIN_SIZE", amneziaWireguarConfig.value(config_key::junkPacketMinSize).toString() } });
+    vars.append({ { "$JUNK_PACKET_MAX_SIZE", amneziaWireguarConfig.value(config_key::junkPacketMaxSize).toString() } });
+    vars.append({ { "$INIT_PACKET_JUNK_SIZE", amneziaWireguarConfig.value(config_key::initPacketJunkSize).toString() } });
     vars.append({ { "$RESPONSE_PACKET_JUNK_SIZE",
-                    amneziaWireguarConfig.value(config_key::responsePacketJunkSize)
-                            .toString(protocols::awg::defaultResponsePacketJunkSize) } });
+                    amneziaWireguarConfig.value(config_key::responsePacketJunkSize).toString() } });
     vars.append({ { "$INIT_PACKET_MAGIC_HEADER",
-                    amneziaWireguarConfig.value(config_key::initPacketMagicHeader)
-                            .toString(protocols::awg::defaultInitPacketMagicHeader) } });
+                    amneziaWireguarConfig.value(config_key::initPacketMagicHeader).toString() } });
     vars.append({ { "$RESPONSE_PACKET_MAGIC_HEADER",
-                    amneziaWireguarConfig.value(config_key::responsePacketMagicHeader)
-                            .toString(protocols::awg::defaultResponsePacketMagicHeader) } });
+                    amneziaWireguarConfig.value(config_key::responsePacketMagicHeader).toString() } });
     vars.append({ { "$UNDERLOAD_PACKET_MAGIC_HEADER",
-                    amneziaWireguarConfig.value(config_key::underloadPacketMagicHeader)
-                            .toString(protocols::awg::defaultUnderloadPacketMagicHeader) } });
+                    amneziaWireguarConfig.value(config_key::underloadPacketMagicHeader).toString() } });
     vars.append({ { "$TRANSPORT_PACKET_MAGIC_HEADER",
-                    amneziaWireguarConfig.value(config_key::transportPacketMagicHeader)
-                            .toString(protocols::awg::defaultTransportPacketMagicHeader) } });
+                    amneziaWireguarConfig.value(config_key::transportPacketMagicHeader).toString() } });
 
     QString serverIp = Utils::getIPAddress(credentials.hostName);
     if (!serverIp.isEmpty()) {
@@ -847,6 +833,34 @@ ErrorCode ServerController::getAlreadyInstalledContainers(const ServerCredential
                     containerConfig.insert(config_key::port, port);
                     containerConfig.insert(config_key::transport_proto, transportProto);
 
+                    if (protocol == Proto::Awg) {
+                        QString serverConfig = getTextFileFromContainer(container, credentials, protocols::awg::serverConfigPath, &errorCode);
+
+                        QMap<QString, QString> serverConfigMap;
+                        auto serverConfigLines = serverConfig.split("\n");
+                        for (auto &line : serverConfigLines) {
+                            auto trimmedLine = line.trimmed();
+                            if (trimmedLine.startsWith("[") && trimmedLine.endsWith("]")) {
+                                continue;
+                            } else {
+                                QStringList parts = trimmedLine.split(" = ");
+                                if (parts.count() == 2) {
+                                    serverConfigMap.insert(parts[0].trimmed(), parts[1].trimmed());
+                                }
+                            }
+                        }
+
+                        containerConfig[config_key::junkPacketCount] = serverConfigMap.value(config_key::junkPacketCount);
+                        containerConfig[config_key::junkPacketMinSize] = serverConfigMap.value(config_key::junkPacketMinSize);
+                        containerConfig[config_key::junkPacketMaxSize] = serverConfigMap.value(config_key::junkPacketMaxSize);
+                        containerConfig[config_key::initPacketJunkSize] = serverConfigMap.value(config_key::initPacketJunkSize);
+                        containerConfig[config_key::responsePacketJunkSize] = serverConfigMap.value(config_key::responsePacketJunkSize);
+                        containerConfig[config_key::initPacketMagicHeader] = serverConfigMap.value(config_key::initPacketMagicHeader);
+                        containerConfig[config_key::responsePacketMagicHeader] = serverConfigMap.value(config_key::responsePacketMagicHeader);
+                        containerConfig[config_key::underloadPacketMagicHeader] = serverConfigMap.value(config_key::underloadPacketMagicHeader);
+                        containerConfig[config_key::transportPacketMagicHeader] = serverConfigMap.value(config_key::transportPacketMagicHeader);
+                    }
+
                     config.insert(config_key::container, ContainerProps::containerToString(container));
                 }
                 config.insert(ProtocolProps::protoToString(protocol), containerConfig);

client/mozilla/localsocketcontroller.cpp

@@ -115,8 +115,12 @@ void LocalSocketController::daemonConnected() {
 }
 
 void LocalSocketController::activate(const QJsonObject &rawConfig) {
+
   QString protocolName = rawConfig.value("protocol").toString();
 
+  int splitTunnelType = rawConfig.value("splitTunnelType").toInt();
+  QJsonArray splitTunnelSites = rawConfig.value("splitTunnelSites").toArray();
+
   QJsonObject wgConfig = rawConfig.value(protocolName + "_config_data").toObject();
 
   QJsonObject json;
@@ -137,23 +141,79 @@ void LocalSocketController::activate(const QJsonObject &rawConfig) {
 
   QJsonArray jsAllowedIPAddesses;
 
-  QJsonObject range_ipv4;
-  range_ipv4.insert("address", "0.0.0.0");
-  range_ipv4.insert("range", 0);
-  range_ipv4.insert("isIpv6", false);
-  jsAllowedIPAddesses.append(range_ipv4);
+  QJsonArray plainAllowedIP = wgConfig.value(amnezia::config_key::allowed_ips).toArray();
+  QJsonArray defaultAllowedIP = QJsonArray::fromStringList(QString("0.0.0.0/0, ::/0").split(","));
 
-  QJsonObject range_ipv6;
-  range_ipv6.insert("address", "::");
-  range_ipv6.insert("range", 0);
-  range_ipv6.insert("isIpv6", true);
-  jsAllowedIPAddesses.append(range_ipv6);
+  if (plainAllowedIP != defaultAllowedIP && !plainAllowedIP.isEmpty()) {
+    // Use AllowedIP list from WG config bacouse of higer priority
+
+    for (auto v : plainAllowedIP) {
+      QString ipRange = v.toString();
+      qDebug() << "ipRange " << ipRange;
+      if (ipRange.split('/').size() > 1){
+          QJsonObject range;
+          range.insert("address", ipRange.split('/')[0]);
+          range.insert("range", atoi(ipRange.split('/')[1].toLocal8Bit()));
+          range.insert("isIpv6", false);
+          jsAllowedIPAddesses.append(range);
+      } else {
+          QJsonObject range;
+          range.insert("address",ipRange);
+          range.insert("range", 32);
+          range.insert("isIpv6", false);
+          jsAllowedIPAddesses.append(range);
+      }
+    }
+  } else {
+
+    // Use APP split tunnel
+      if (splitTunnelType == 0 || splitTunnelType == 2) {
+          QJsonObject range_ipv4;
+          range_ipv4.insert("address", "0.0.0.0");
+          range_ipv4.insert("range", 0);
+          range_ipv4.insert("isIpv6", false);
+          jsAllowedIPAddesses.append(range_ipv4);
+
+          QJsonObject range_ipv6;
+          range_ipv6.insert("address", "::");
+          range_ipv6.insert("range", 0);
+          range_ipv6.insert("isIpv6", true);
+          jsAllowedIPAddesses.append(range_ipv6);
+      }
+
+      if (splitTunnelType == 1) {
+          for (auto v : splitTunnelSites) {
+              QString ipRange = v.toString();
+              qDebug() << "ipRange " << ipRange;
+              if (ipRange.split('/').size() > 1){
+                  QJsonObject range;
+                  range.insert("address", ipRange.split('/')[0]);
+                  range.insert("range", atoi(ipRange.split('/')[1].toLocal8Bit()));
+                  range.insert("isIpv6", false);
+                  jsAllowedIPAddesses.append(range);
+              } else {
+                  QJsonObject range;
+                  range.insert("address",ipRange);
+                  range.insert("range", 32);
+                  range.insert("isIpv6", false);
+                  jsAllowedIPAddesses.append(range);
+              }
+          }
+      }
+  }
 
   json.insert("allowedIPAddressRanges", jsAllowedIPAddesses);
 
 
   QJsonArray jsExcludedAddresses;
   jsExcludedAddresses.append(wgConfig.value(amnezia::config_key::hostName));
+  if (splitTunnelType == 2) {
+    for (auto v : splitTunnelSites) {
+          QString ipRange = v.toString();
+          jsExcludedAddresses.append(ipRange);
+      }
+  }
+
   json.insert("excludedAddresses", jsExcludedAddresses);
 
 

client/platforms/ios/ios_controller.h

@@ -28,6 +28,8 @@ struct MessageKey
     static const char *host;
     static const char *port;
     static const char *isOnDemand;
+    static const char *SplitTunnelType;
+    static const char *SplitTunnelSites;
 };
 
 class IosController : public QObject

client/platforms/ios/ios_controller.mm

@@ -29,6 +29,9 @@ const char* MessageKey::errorCode = "errorCode";
 const char* MessageKey::host = "host";
 const char* MessageKey::port = "port";
 const char* MessageKey::isOnDemand = "is-on-demand";
+const char* MessageKey::SplitTunnelType = "SplitTunnelType";
+const char* MessageKey::SplitTunnelSites = "SplitTunnelSites";
+
 
 Vpn::ConnectionState iosStatusToState(NEVPNStatus status) {
   switch (status) {
@@ -351,6 +354,13 @@ void IosController::startTunnel()
 {
     m_rxBytes = 0;
     m_txBytes = 0;
+    
+    int STT = m_rawConfig["splitTunnelType"].toInt();
+    QJsonArray splitTunnelSites = m_rawConfig["splitTunnelSites"].toArray();
+    QJsonDocument doc;
+    doc.setArray(splitTunnelSites);
+    QString STS(doc.toJson());
+    
     [m_currentTunnel setEnabled:YES];
 
     [m_currentTunnel saveToPreferencesWithCompletionHandler:^(NSError *saveError) {
@@ -376,8 +386,15 @@ void IosController::startTunnel()
                     NSString *actionValue = [NSString stringWithUTF8String:Action::start];
                     NSString *tunnelIdKey = [NSString stringWithUTF8String:MessageKey::tunnelId];
                     NSString *tunnelIdValue = !m_tunnelId.isEmpty() ? m_tunnelId.toNSString() : @"";
+                    NSString *SplitTunnelTypeKey = [NSString stringWithUTF8String:MessageKey::SplitTunnelType];
+                    NSString *SplitTunnelTypeValue = [NSString stringWithFormat:@"%d",STT];
+                    NSString *SplitTunnelSitesKey = [NSString stringWithUTF8String:MessageKey::SplitTunnelSites];
+                    NSString *SplitTunnelSitesValue = STS.toNSString();
+                
 
-                    NSDictionary* message = @{actionKey: actionValue, tunnelIdKey: tunnelIdValue};
+                    NSDictionary* message = @{actionKey: actionValue, tunnelIdKey: tunnelIdValue,
+                    SplitTunnelTypeKey: SplitTunnelTypeValue, SplitTunnelSitesKey: SplitTunnelSitesValue};
+                
                     sendVpnExtensionMessage(message);
 
 

client/platforms/ios/iostunnel.swift

@@ -15,7 +15,7 @@ struct Constants {
     static let ovpnConfigKey = "ovpn"
     static let wireGuardConfigKey = "wireguard"
     static let loggerTag = "NET"
-
+    
     static let kActionStart = "start"
     static let kActionRestart = "restart"
     static let kActionStop = "stop"
@@ -29,6 +29,8 @@ struct Constants {
     static let kMessageKeyHost = "host"
     static let kMessageKeyPort = "port"
     static let kMessageKeyOnDemand = "is-on-demand"
+    static let kMessageKeySplitTunnelType = "SplitTunnelType"
+    static let kMessageKeySplitTunnelSites = "SplitTunnelSites"
 }
 
 class PacketTunnelProvider: NEPacketTunnelProvider {
@@ -38,7 +40,7 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
             wg_log(logLevel.osLogLevel, message: message)
         }
     }()
-
+    
     private lazy var ovpnAdapter: OpenVPNAdapter = {
         let adapter = OpenVPNAdapter()
         adapter.delegate = self
@@ -49,9 +51,11 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
     private let dispatchQueue = DispatchQueue(label: "PacketTunnel", qos: .utility)
     
     private var openVPNConfig: Data? = nil
-      
+    private var SplitTunnelType: String? = nil
+    private var SplitTunnelSites: String? = nil
+    
     let vpnReachability = OpenVPNReachability()
-
+    
     var startHandler: ((Error?) -> Void)?
     var stopHandler: (() -> Void)?
     var protoType: TunnelProtoType = .none
@@ -63,26 +67,34 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
     }
     
     override func handleAppMessage(_ messageData: Data, completionHandler: ((Data?) -> Void)? = nil) {
+        
+        let tmpStr = String(data: messageData, encoding: .utf8)!
+        wg_log(.error, message: tmpStr)
         guard let message = try? JSONSerialization.jsonObject(with: messageData, options: []) as? [String: Any] else {
             Logger.global?.log(message: "Failed to serialize message from app")
             return
         }
-
+        
         guard let completionHandler = completionHandler else {
             Logger.global?.log(message: "Missing message completion handler")
             return
         }
-
+        
         guard let action = message[Constants.kMessageKeyAction] as? String else {
             Logger.global?.log(message: "Missing action key in app message")
             completionHandler(nil)
             return
         }
-
+        
         if action == Constants.kActionStatus {
             handleStatusAppMessage(messageData, completionHandler: completionHandler)
         }
         
+        if action == Constants.kActionStart {
+            SplitTunnelType = message[Constants.kMessageKeySplitTunnelType] as? String
+            SplitTunnelSites = message[Constants.kMessageKeySplitTunnelSites] as? String
+        }
+        
         let callbackWrapper: (NSNumber?) -> Void = { errorCode in
             //let tunnelId = self.tunnelConfig?.id ?? ""
             let response: [String: Any] = [
@@ -90,11 +102,11 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
                 Constants.kMessageKeyErrorCode: errorCode ?? NSNull(),
                 Constants.kMessageKeyTunnelId: 0
             ]
-
+            
             completionHandler(try? JSONSerialization.data(withJSONObject: response, options: []))
         }
     }
-
+    
     override func startTunnel(options: [String: NSObject]?, completionHandler: @escaping (Error?) -> Void) {
         dispatchQueue.async {
             let activationAttemptId = options?[Constants.kActivationAttemptId] as? String
@@ -118,8 +130,8 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
             switch self.protoType {
             case .wireguard:
                 self.startWireguard(activationAttemptId: activationAttemptId,
-                               errorNotifier: errorNotifier,
-                               completionHandler: completionHandler)
+                                    errorNotifier: errorNotifier,
+                                    completionHandler: completionHandler)
             case .openvpn:
                 self.startOpenVPN(completionHandler: completionHandler)
             case .shadowsocks:
@@ -156,7 +168,7 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
             handleOpenVPNStatusMessage(messageData, completionHandler: completionHandler)
         case .shadowsocks:
             break
-//            handleShadowSocksAppMessage(messageData, completionHandler: completionHandler)
+            //            handleShadowSocksAppMessage(messageData, completionHandler: completionHandler)
         case .none:
             break
             
@@ -168,12 +180,13 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
                                 errorNotifier: ErrorNotifier,
                                 completionHandler: @escaping (Error?) -> Void) {
         guard let protocolConfiguration = self.protocolConfiguration as? NETunnelProviderProtocol,
-           let providerConfiguration = protocolConfiguration.providerConfiguration,
-           let wgConfig: Data = providerConfiguration[Constants.wireGuardConfigKey] as? Data else {
-               wg_log(.error, message: "Can't start WireGuard config missing")
-               completionHandler(nil)
-               return
-            }
+              let providerConfiguration = protocolConfiguration.providerConfiguration,
+              let wgConfig: Data = providerConfiguration[Constants.wireGuardConfigKey] as? Data else {
+            wg_log(.error, message: "Can't start WireGuard config missing")
+            completionHandler(nil)
+            return
+        }
+        
         
         let wgConfigStr = String(data: wgConfig, encoding: .utf8)!
         
@@ -182,7 +195,49 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
             completionHandler(nil)
             return
         }
-                
+        
+        
+        if (tunnelConfiguration.peers.first!.allowedIPs.map { $0.stringRepresentation }.joined(separator: ", ") == "0.0.0.0/0, ::/0") {
+            if (SplitTunnelType == "1") {
+                for index in tunnelConfiguration.peers.indices {
+                    tunnelConfiguration.peers[index].allowedIPs.removeAll()
+                    var allowedIPs = [IPAddressRange]()
+                    let STSdata = Data(SplitTunnelSites!.utf8)
+                    do {
+                        let STSArray = try JSONSerialization.jsonObject(with: STSdata) as! [String]
+                        for allowedIPString in STSArray {
+                            if let allowedIP = IPAddressRange(from: allowedIPString) {
+                                allowedIPs.append(allowedIP)
+                            }
+                        }
+                        
+                    } catch {
+                        wg_log(.error,message: "Parse JSONSerialization Error")
+                    }
+                    tunnelConfiguration.peers[index].allowedIPs = allowedIPs
+                }
+            } else {
+                if (SplitTunnelType == "2")
+                {
+                    for index in tunnelConfiguration.peers.indices {
+                        var excludeIPs = [IPAddressRange]()
+                        let STSdata = Data(SplitTunnelSites!.utf8)
+                        do {
+                            let STSarray = try JSONSerialization.jsonObject(with: STSdata) as! [String]
+                            for excludeIPString in STSarray {
+                                if let excludeIP = IPAddressRange(from: excludeIPString) {
+                                    excludeIPs.append(excludeIP)
+                                }
+                            }
+                        } catch {
+                            wg_log(.error,message: "Parse JSONSerialization Error")
+                        }
+                        tunnelConfiguration.peers[index].excludeIPs = excludeIPs
+                    }
+                }
+            }
+        }
+        
         wg_log(.info, message: "Starting wireguard tunnel from the " + (activationAttemptId == nil ? "OS directly, rather than the app" : "app"))
         
         // Start the tunnel
@@ -193,30 +248,30 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
                 completionHandler(nil)
                 return
             }
-
+            
             switch adapterError {
             case .cannotLocateTunnelFileDescriptor:
                 wg_log(.error, staticMessage: "Starting tunnel failed: could not determine file descriptor")
                 errorNotifier.notify(PacketTunnelProviderError.couldNotDetermineFileDescriptor)
                 completionHandler(PacketTunnelProviderError.couldNotDetermineFileDescriptor)
-
+                
             case .dnsResolution(let dnsErrors):
                 let hostnamesWithDnsResolutionFailure = dnsErrors.map { $0.address }
                     .joined(separator: ", ")
                 wg_log(.error, message: "DNS resolution failed for the following hostnames: \(hostnamesWithDnsResolutionFailure)")
                 errorNotifier.notify(PacketTunnelProviderError.dnsResolutionFailure)
                 completionHandler(PacketTunnelProviderError.dnsResolutionFailure)
-
+                
             case .setNetworkSettings(let error):
                 wg_log(.error, message: "Starting tunnel failed with setTunnelNetworkSettings returning \(error.localizedDescription)")
                 errorNotifier.notify(PacketTunnelProviderError.couldNotSetNetworkSettings)
                 completionHandler(PacketTunnelProviderError.couldNotSetNetworkSettings)
-
+                
             case .startWireGuardBackend(let errorCode):
                 wg_log(.error, message: "Starting tunnel failed with wgTurnOn returning \(errorCode)")
                 errorNotifier.notify(PacketTunnelProviderError.couldNotStartBackend)
                 completionHandler(PacketTunnelProviderError.couldNotStartBackend)
-
+                
             case .invalidState:
                 // Must never happen
                 fatalError()
@@ -226,27 +281,27 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
     
     private func startOpenVPN(completionHandler: @escaping (Error?) -> Void) {
         guard let protocolConfiguration = self.protocolConfiguration as? NETunnelProviderProtocol,
-           let providerConfiguration = protocolConfiguration.providerConfiguration,
+              let providerConfiguration = protocolConfiguration.providerConfiguration,
               let ovpnConfiguration: Data = providerConfiguration[Constants.ovpnConfigKey] as? Data else {
             // TODO: handle errors properly
-               wg_log(.error, message: "Can't start startOpenVPN()")
+            wg_log(.error, message: "Can't start startOpenVPN()")
             return
         }
         
         setupAndlaunchOpenVPN(withConfig: ovpnConfiguration, completionHandler: completionHandler)
     }
-
+    
     private func stopWireguard(with reason: NEProviderStopReason, completionHandler: @escaping () -> Void) {
         wg_log(.info, staticMessage: "Stopping tunnel")
         
         wgAdapter.stop { error in
             ErrorNotifier.removeLastErrorFile()
-
+            
             if let error = error {
                 wg_log(.error, message: "Failed to stop WireGuard adapter: \(error.localizedDescription)")
             }
             completionHandler()
-
+            
 #if os(macOS)
             // HACK: This is a filthy hack to work around Apple bug 32073323 (dup'd by us as 47526107).
             // Remove it when they finally fix this upstream and the fix has been rolled out to
@@ -263,7 +318,7 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
         }
         ovpnAdapter.disconnect()
     }
-
+    
     func handleWireguardStatusMessage(_ messageData: Data, completionHandler: ((Data?) -> Void)? = nil) {
         guard let completionHandler = completionHandler else { return }
         wgAdapter.getRuntimeConfiguration { settings in
@@ -278,8 +333,8 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
             for component in components{
                 let pair = component.components(separatedBy: "=")
                 if pair.count == 2 {
-                   settingsDictionary[pair[0]] = pair[1]
-                 }
+                    settingsDictionary[pair[0]] = pair[1]
+                }
             }
             
             let response: [String: Any] = [
@@ -309,7 +364,7 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
                 completionHandler(nil)
                 return
             }
-
+            
             do {
                 let tunnelConfiguration = try TunnelConfiguration(fromWgQuickConfig: configString)
                 wgAdapter.update(tunnelConfiguration: tunnelConfiguration) { error in
@@ -318,7 +373,7 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
                         completionHandler(nil)
                         return
                     }
-
+                    
                     self.wgAdapter.getRuntimeConfiguration { settings in
                         var data: Data?
                         if let settings = settings {
@@ -334,76 +389,76 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
             completionHandler(nil)
         }
     }
-
+    
     private func handleOpenVPNStatusMessage(_ messageData: Data, completionHandler: ((Data?) -> Void)? = nil) {
         guard let completionHandler = completionHandler else { return }
-            let bytesin = ovpnAdapter.transportStatistics.bytesIn
-            let bytesout = ovpnAdapter.transportStatistics.bytesOut
-
-            let response: [String: Any] = [
-                "rx_bytes" : bytesin,
-                "tx_bytes" : bytesout
-            ]
-            
-            completionHandler(try? JSONSerialization.data(withJSONObject: response, options: []))
+        let bytesin = ovpnAdapter.transportStatistics.bytesIn
+        let bytesout = ovpnAdapter.transportStatistics.bytesOut
+        
+        let response: [String: Any] = [
+            "rx_bytes" : bytesin,
+            "tx_bytes" : bytesout
+        ]
+        
+        completionHandler(try? JSONSerialization.data(withJSONObject: response, options: []))
     }
-
-
+    
+    
     // TODO review
     private func setupAndlaunchOpenVPN(withConfig ovpnConfiguration: Data, withShadowSocks viaSS: Bool = false, completionHandler: @escaping (Error?) -> Void) {
         wg_log(.info, message: "setupAndlaunchOpenVPN")
-
+        
         let str = String(decoding: ovpnConfiguration, as: UTF8.self)
-
+        
         let configuration = OpenVPNConfiguration()
         configuration.fileContent = ovpnConfiguration
         if(str.contains("cloak")){
             configuration.setPTCloak();
         }
-
+        
         let evaluation: OpenVPNConfigurationEvaluation
         do {
             evaluation = try ovpnAdapter.apply(configuration: configuration)
-
+            
         } catch {
             completionHandler(error)
             return
         }
-
+        
         if !evaluation.autologin {
             wg_log(.info, message: "Implement login with user credentials")
         }
-
+        
         vpnReachability.startTracking { [weak self] status in
             guard status == .reachableViaWiFi else { return }
             self?.ovpnAdapter.reconnect(afterTimeInterval: 5)
         }
-
+        
         startHandler = completionHandler
         ovpnAdapter.connect(using: packetFlow)
-
-//        let ifaces = Interface.allInterfaces()
-//            .filter { $0.family == .ipv4 }
-//            .map { iface in iface.name }
-
-//        wg_log(.error, message: "Available TUN Interfaces: \(ifaces)")
+        
+        //        let ifaces = Interface.allInterfaces()
+        //            .filter { $0.family == .ipv4 }
+        //            .map { iface in iface.name }
+        
+        //        wg_log(.error, message: "Available TUN Interfaces: \(ifaces)")
     }
-
+    
     // MARK: -- Network observing methods
-
+    
     private func startListeningForNetworkChanges() {
         stopListeningForNetworkChanges()
         addObserver(self, forKeyPath: Constants.kDefaultPathKey, options: .old, context: nil)
     }
-
+    
     private func stopListeningForNetworkChanges() {
         removeObserver(self, forKeyPath: Constants.kDefaultPathKey)
     }
-
+    
     override func observeValue(forKeyPath keyPath: String?,
-                                     of object: Any?,
-                                     change: [NSKeyValueChangeKey : Any]?,
-                                     context: UnsafeMutableRawPointer?) {
+                               of object: Any?,
+                               change: [NSKeyValueChangeKey : Any]?,
+                               context: UnsafeMutableRawPointer?) {
         guard Constants.kDefaultPathKey != keyPath else { return }
         // Since iOS 11, we have observed that this KVO event fires repeatedly when connecting over Wifi,
         // even though the underlying network has not changed (i.e. `isEqualToPath` returns false),
@@ -412,28 +467,28 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
         guard let lastPath: NWPath = change?[.oldKey] as? NWPath,
               let defPath = defaultPath,
               lastPath != defPath || lastPath.description != defPath.description else {
-                  return
-              }
+            return
+        }
         DispatchQueue.main.async { [weak self] in
             guard let `self` = self, self.defaultPath != nil else { return }
             self.handle(networkChange: self.defaultPath!) { _ in }
         }
     }
-
+    
     private func handle(networkChange changePath: NWPath, completion: @escaping (Error?) -> Void) {
         wg_log(.info, message: "Tunnel restarted.")
         startTunnel(options: nil, completionHandler: completion)
     }
-
+    
     private func startEmptyTunnel(completionHandler: @escaping (Error?) -> Void) {
         dispatchPrecondition(condition: .onQueue(dispatchQueue))
-
+        
         let emptyTunnelConfiguration = TunnelConfiguration(
             name: nil,
             interface: InterfaceConfiguration(privateKey: PrivateKey()),
             peers: []
         )
-
+        
         wgAdapter.start(tunnelConfiguration: emptyTunnelConfiguration) { error in
             self.dispatchQueue.async {
                 if let error {
@@ -445,9 +500,9 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
                 }
             }
         }
-
+        
         let settings = NETunnelNetworkSettings(tunnelRemoteAddress: "1.1.1.1")
-
+        
         self.setTunnelNetworkSettings(settings) { error in
             completionHandler(error)
         }
@@ -478,6 +533,50 @@ extension PacketTunnelProvider: OpenVPNAdapterDelegate {
         // send empty string to NEDNSSettings.matchDomains
         networkSettings?.dnsSettings?.matchDomains = [""]
         
+        if (SplitTunnelType == "1") {
+            var ipv4IncludedRoutes = [NEIPv4Route]()
+            let STSdata = Data(SplitTunnelSites!.utf8)
+            do {
+                let STSarray = try JSONSerialization.jsonObject(with: STSdata) as! [String]
+                for allowedIPString in STSarray {
+                    if let allowedIP = IPAddressRange(from: allowedIPString){
+                        ipv4IncludedRoutes.append(NEIPv4Route(destinationAddress: "\(allowedIP.address)", subnetMask: "\(allowedIP.subnetMask())"))
+                    }
+                }
+            } catch {
+                wg_log(.error,message: "Parse JSONSerialization Error")
+            }
+            networkSettings?.ipv4Settings?.includedRoutes = ipv4IncludedRoutes
+        } else {
+            if (SplitTunnelType == "2")
+            {
+                var ipv4ExcludedRoutes = [NEIPv4Route]()
+                var ipv4IncludedRoutes = [NEIPv4Route]()
+                var ipv6IncludedRoutes = [NEIPv6Route]()
+                let STSdata = Data(SplitTunnelSites!.utf8)
+                do {
+                    let STSarray = try JSONSerialization.jsonObject(with: STSdata) as! [String]
+                    for excludeIPString in STSarray {
+                        if let excludeIP = IPAddressRange(from: excludeIPString) {
+                            ipv4ExcludedRoutes.append(NEIPv4Route(destinationAddress: "\(excludeIP.address)", subnetMask: "\(excludeIP.subnetMask())"))
+                        }
+                    }
+                } catch {
+                    wg_log(.error,message: "Parse JSONSerialization Error")
+                }
+                if let allIPv4 = IPAddressRange(from: "0.0.0.0/0"){
+                    ipv4IncludedRoutes.append(NEIPv4Route(destinationAddress: "\(allIPv4.address)", subnetMask: "\(allIPv4.subnetMask())"))
+                }
+                if let allIPv6 = IPAddressRange(from: "::/0") {
+                    ipv6IncludedRoutes.append(NEIPv6Route(destinationAddress: "\(allIPv6.address)", networkPrefixLength: NSNumber(value: allIPv6.networkPrefixLength)))
+                }
+                networkSettings?.ipv4Settings?.includedRoutes = ipv4IncludedRoutes
+                networkSettings?.ipv6Settings?.includedRoutes = ipv6IncludedRoutes
+                networkSettings?.ipv4Settings?.excludedRoutes = ipv4ExcludedRoutes
+            }
+            
+        }
+        
         // Set the network settings for the current tunneling session.
         setTunnelNetworkSettings(networkSettings, completionHandler: completionHandler)
     }
@@ -538,7 +637,7 @@ extension PacketTunnelProvider: OpenVPNAdapterDelegate {
         wg_log(.info, message: logMessage)
     }
 }
-    
+
 extension WireGuardLogLevel {
     var osLogLevel: OSLogType {
         switch self {

client/platforms/linux/daemon/linuxroutemonitor.cpp

@@ -158,15 +158,15 @@ bool LinuxRouteMonitor::rtmSendRoute(int action, int flags, int type,
         return false;
     }
     nlmsg_append_attr32(nlmsg, sizeof(buf), RTA_OIF, index);
+    nlmsg_append_attr32(nlmsg, sizeof(buf), RTA_PRIORITY, 1);
     }
 
     if (rtm->rtm_type == RTN_THROW) {
-    int index = if_nametoindex(getgatewayandiface().toUtf8());
-    if (index <= 0) {
-        logger.error() << "if_nametoindex() failed:" << strerror(errno);
-        return false;
-    }
-    nlmsg_append_attr32(nlmsg, sizeof(buf), RTA_OIF, index);
+    struct in_addr ip4;
+    inet_pton(AF_INET, getgatewayandiface().toUtf8(), &ip4);
+    nlmsg_append_attr(nlmsg, sizeof(buf), RTA_GATEWAY, &ip4, sizeof(ip4));
+    nlmsg_append_attr32(nlmsg, sizeof(buf), RTA_PRIORITY, 0);
+    rtm->rtm_type = RTN_UNICAST;
     }
 
     struct sockaddr_nl nladdr;
@@ -334,7 +334,7 @@ QString LinuxRouteMonitor::getgatewayandiface()
     }
     }
     close(sock);
-    return interface;
+    return gateway_address;
 }
 
 static bool buildAllowedIp(wg_allowedip* ip,

client/platforms/windows/daemon/windowsfirewall.cpp

@@ -236,6 +236,17 @@ bool WindowsFirewall::enablePeerTraffic(const InterfaceConfig& config) {
     }
   }
 
+  if (!config.m_excludedAddresses.empty()) {
+    for (const QString& i : config.m_excludedAddresses) {
+      logger.debug() << "range: " << i;
+
+      if (!allowTrafficToRange(i, HIGH_WEIGHT,
+                          "Allow Ecxlude route", config.m_serverPublicKey)) {
+        return false;
+      }
+    }
+  }
+
   result = FwpmTransactionCommit0(m_sessionHandle);
   if (result != ERROR_SUCCESS) {
     logger.error() << "FwpmTransactionCommit0 failed with error:" << result;
@@ -411,8 +422,8 @@ bool WindowsFirewall::allowTrafficOfAdapter(int networkAdapter, uint8_t weight,
 }
 
 bool WindowsFirewall::allowTrafficTo(const QHostAddress& targetIP, uint port,
-                                     int weight, const QString& title,
-                                     const QString& peer) {
+                                          int weight, const QString& title,
+                                          const QString& peer) {
   bool isIPv4 = targetIP.protocol() == QAbstractSocket::IPv4Protocol;
   GUID layerOut =
       isIPv4 ? FWPM_LAYER_ALE_AUTH_CONNECT_V4 : FWPM_LAYER_ALE_AUTH_CONNECT_V6;
@@ -473,6 +484,57 @@ bool WindowsFirewall::allowTrafficTo(const QHostAddress& targetIP, uint port,
   return true;
 }
 
+bool WindowsFirewall::allowTrafficToRange(const IPAddress& addr, uint8_t weight,
+                                     const QString& title,
+                                     const QString& peer) {
+  QString description("Allow traffic %1 %2 ");
+
+  auto lower = addr.address();
+  auto upper = addr.broadcastAddress();
+
+  const bool isV4 = addr.type() == QAbstractSocket::IPv4Protocol;
+  const GUID layerKeyOut =
+      isV4 ? FWPM_LAYER_ALE_AUTH_CONNECT_V4 : FWPM_LAYER_ALE_AUTH_CONNECT_V6;
+  const GUID layerKeyIn = isV4 ? FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4
+                               : FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V6;
+
+  // Assemble the Filter base
+  FWPM_FILTER0 filter;
+  memset(&filter, 0, sizeof(filter));
+  filter.action.type = FWP_ACTION_PERMIT;
+  filter.weight.type = FWP_UINT8;
+  filter.weight.uint8 = weight;
+  filter.subLayerKey = ST_FW_WINFW_BASELINE_SUBLAYER_KEY;
+
+  FWPM_FILTER_CONDITION0 cond[1] = {0};
+  FWP_RANGE0 ipRange;
+  QByteArray lowIpV6Buffer;
+  QByteArray highIpV6Buffer;
+
+  importAddress(lower, ipRange.valueLow, &lowIpV6Buffer);
+  importAddress(upper, ipRange.valueHigh, &highIpV6Buffer);
+
+  cond[0].fieldKey = FWPM_CONDITION_IP_REMOTE_ADDRESS;
+  cond[0].matchType = FWP_MATCH_RANGE;
+  cond[0].conditionValue.type = FWP_RANGE_TYPE;
+  cond[0].conditionValue.rangeValue = &ipRange;
+
+  filter.numFilterConditions = 1;
+  filter.filterCondition = cond;
+
+  filter.layerKey = layerKeyOut;
+  if (!enableFilter(&filter, title, description.arg("to").arg(addr.toString()),
+                    peer)) {
+    return false;
+  }
+  filter.layerKey = layerKeyIn;
+  if (!enableFilter(&filter, title,
+                    description.arg("from").arg(addr.toString()), peer)) {
+    return false;
+  }
+  return true;
+}
+
 bool WindowsFirewall::allowDHCPTraffic(uint8_t weight, const QString& title) {
   // Allow outbound DHCPv4
   {

client/platforms/windows/daemon/windowsfirewall.h

@@ -52,6 +52,9 @@ class WindowsFirewall final : public QObject {
   bool blockTrafficOnPort(uint port, uint8_t weight, const QString& title);
   bool allowTrafficTo(const QHostAddress& targetIP, uint port, int weight,
                       const QString& title, const QString& peer = QString());
+  bool allowTrafficToRange(const IPAddress& addr, uint8_t weight,
+                           const QString& title,
+                           const QString& peer);
   bool allowTrafficOfAdapter(int networkAdapter, uint8_t weight,
                              const QString& title);
   bool allowDHCPTraffic(uint8_t weight, const QString& title);

client/protocols/protocols_defs.cpp

@@ -1,5 +1,7 @@
 #include "protocols_defs.h"
 
+#include <QRandomGenerator>
+
 using namespace amnezia;
 
 QDebug operator<<(QDebug debug, const amnezia::ProtocolEnumNS::Proto &p)
@@ -98,15 +100,28 @@ amnezia::ServiceType ProtocolProps::protocolService(Proto p)
     }
 }
 
+int ProtocolProps::getPortForInstall(Proto p)
+{
+    switch (p) {
+    case Awg:
+    case WireGuard:
+    case ShadowSocks:
+    case OpenVpn:
+        return QRandomGenerator::global()->bounded(30000, 50000);
+    default:
+        return defaultPort(p);
+    }
+}
+
 int ProtocolProps::defaultPort(Proto p)
 {
     switch (p) {
     case Proto::Any: return -1;
-    case Proto::OpenVpn: return 1194;
-    case Proto::Cloak: return 443;
-    case Proto::ShadowSocks: return 6789;
-    case Proto::WireGuard: return 51820;
-    case Proto::Awg: return 55424;
+    case Proto::OpenVpn: return QString(protocols::openvpn::defaultPort).toInt();
+    case Proto::Cloak: return QString(protocols::cloak::defaultPort).toInt();
+    case Proto::ShadowSocks: return QString(protocols::shadowsocks::defaultPort).toInt();
+    case Proto::WireGuard: return QString(protocols::wireguard::defaultPort).toInt();
+    case Proto::Awg: return QString(protocols::awg::defaultPort).toInt();
     case Proto::Ikev2: return -1;
     case Proto::L2tp: return -1;
 

client/protocols/protocols_defs.h

@@ -43,6 +43,7 @@ namespace amnezia
         constexpr char server_priv_key[] = "server_priv_key";
         constexpr char server_pub_key[] = "server_pub_key";
         constexpr char psk_key[] = "psk_key";
+        constexpr char allowed_ips[] = "allowed_ips";
 
         constexpr char client_ip[] = "client_ip"; // internal ip address
 
@@ -78,6 +79,9 @@ namespace amnezia
         constexpr char sftp[] = "sftp";
         constexpr char awg[] = "awg";
 
+        constexpr char splitTunnelSites[] = "splitTunnelSites";
+        constexpr char splitTunnelType[] = "splitTunnelType";
+
     }
 
     namespace protocols
@@ -228,6 +232,8 @@ namespace amnezia
 
         Q_INVOKABLE static ServiceType protocolService(Proto p);
 
+        Q_INVOKABLE static int getPortForInstall(Proto p);
+
         Q_INVOKABLE static int defaultPort(Proto p);
         Q_INVOKABLE static bool defaultPortChangeable(Proto p);
 

client/protocols/wireguardprotocol.cpp

@@ -16,8 +16,6 @@ WireguardProtocol::WireguardProtocol(const QJsonObject &configuration, QObject *
     m_configFile.setFileName(QDir::tempPath() + QDir::separator() + serviceName() + ".conf");
     writeWireguardConfiguration(configuration);
 
-    // MZ
-#if defined(Q_OS_MAC) || defined(Q_OS_WIN) || defined(Q_OS_LINUX)
     m_impl.reset(new LocalSocketController());
     connect(m_impl.get(), &ControllerImpl::connected, this,
             [this](const QString &pubkey, const QDateTime &connectionTimestamp) {
@@ -26,7 +24,6 @@ WireguardProtocol::WireguardProtocol(const QJsonObject &configuration, QObject *
     connect(m_impl.get(), &ControllerImpl::disconnected, this,
             [this]() { emit connectionStateChanged(Vpn::ConnectionState::Disconnected); });
     m_impl->initialize(nullptr, nullptr);
-#endif
 }
 
 WireguardProtocol::~WireguardProtocol()
@@ -37,68 +34,10 @@ WireguardProtocol::~WireguardProtocol()
 
 void WireguardProtocol::stop()
 {
-#if defined(Q_OS_MAC) || defined(Q_OS_WIN) || defined(Q_OS_LINUX)
     stopMzImpl();
     return;
-#endif
-
-    if (!QFileInfo::exists(Utils::wireguardExecPath())) {
-        qCritical() << "Wireguard executable missing!";
-        setLastError(ErrorCode::ExecutableMissing);
-        return;
-    }
-
-    m_wireguardStopProcess = IpcClient::CreatePrivilegedProcess();
-
-    if (!m_wireguardStopProcess) {
-        qCritical() << "IpcProcess replica is not created!";
-        setLastError(ErrorCode::AmneziaServiceConnectionFailed);
-        return;
-    }
-
-    m_wireguardStopProcess->waitForSource(1000);
-    if (!m_wireguardStopProcess->isInitialized()) {
-        qWarning() << "IpcProcess replica is not connected!";
-        setLastError(ErrorCode::AmneziaServiceConnectionFailed);
-        return;
-    }
-
-    m_wireguardStopProcess->setProgram(PermittedProcess::Wireguard);
-
-    m_wireguardStopProcess->setArguments(stopArgs());
-    qDebug() << stopArgs().join(" ");
-
-    connect(m_wireguardStopProcess.data(), &PrivilegedProcess::errorOccurred, this, [this](QProcess::ProcessError error) {
-        qDebug() << "WireguardProtocol::WireguardProtocol Stop errorOccurred" << error;
-        setConnectionState(Vpn::ConnectionState::Disconnected);
-    });
-
-    connect(m_wireguardStopProcess.data(), &PrivilegedProcess::stateChanged, this,
-            [this](QProcess::ProcessState newState) {
-                qDebug() << "WireguardProtocol::WireguardProtocol Stop stateChanged" << newState;
-            });
-
-#ifdef Q_OS_LINUX
-    if (IpcClient::Interface()) {
-        QRemoteObjectPendingReply<bool> result = IpcClient::Interface()->isWireguardRunning();
-        if (result.returnValue()) {
-            setConnectionState(Vpn::ConnectionState::Disconnected);
-            return;
-        }
-    } else {
-        qCritical() << "IPC client not initialized";
-        setConnectionState(Vpn::ConnectionState::Disconnected);
-        return;
-    }
-#endif
-
-    m_wireguardStopProcess->start();
-    m_wireguardStopProcess->waitForFinished(10000);
-
-    setConnectionState(Vpn::ConnectionState::Disconnected);
 }
 
-#if defined(Q_OS_MAC) || defined(Q_OS_WIN) || defined(Q_OS_LINUX)
 ErrorCode WireguardProtocol::startMzImpl()
 {
     m_impl->activate(m_rawConfig);
@@ -110,7 +49,6 @@ ErrorCode WireguardProtocol::stopMzImpl()
     m_impl->deactivate();
     return ErrorCode::NoError;
 }
-#endif
 
 void WireguardProtocol::writeWireguardConfiguration(const QJsonObject &configuration)
 {
@@ -124,21 +62,8 @@ void WireguardProtocol::writeWireguardConfiguration(const QJsonObject &configura
     m_configFile.write(jConfig.value(config_key::config).toString().toUtf8());
     m_configFile.close();
 
-#if 0
-    if (IpcClient::Interface()) {
-        QRemoteObjectPendingReply<bool> result = IpcClient::Interface()->copyWireguardConfig(m_configFile.fileName());
-        if (result.returnValue()) {
-            qCritical() << "Failed to copy wireguard config";
-            return;
-        }
-    } else {
-        qCritical() << "IPC client not initialized";
-        return;
-    }
-    m_configFileName = "/etc/wireguard/wg99.conf";
-#else
+
     m_configFileName = m_configFile.fileName();
-#endif
 
     m_isConfigLoaded = true;
 
@@ -152,15 +77,9 @@ QString WireguardProtocol::configPath() const
     return m_configFileName;
 }
 
-void WireguardProtocol::updateRouteGateway(QString line)
+QString WireguardProtocol::serviceName() const
 {
-    // TODO: fix for macos
-    line = line.split("ROUTE_GATEWAY", Qt::SkipEmptyParts).at(1);
-    if (!line.contains("/"))
-        return;
-    m_routeGateway = line.split("/", Qt::SkipEmptyParts).first();
-    m_routeGateway.replace(" ", "");
-    qDebug() << "Set VPN route gateway" << m_routeGateway;
+    return "AmneziaVPN.WireGuard0";
 }
 
 ErrorCode WireguardProtocol::start()
@@ -170,112 +89,6 @@ ErrorCode WireguardProtocol::start()
         return lastError();
     }
 
-#if defined(Q_OS_MAC) || defined(Q_OS_WIN) || defined(Q_OS_LINUX)
     return startMzImpl();
-#endif
-
-    if (!QFileInfo::exists(Utils::wireguardExecPath())) {
-        setLastError(ErrorCode::ExecutableMissing);
-        return lastError();
-    }
-
-    if (IpcClient::Interface()) {
-        QRemoteObjectPendingReply<bool> result = IpcClient::Interface()->isWireguardConfigExists(configPath());
-        if (result.returnValue()) {
-            setLastError(ErrorCode::ConfigMissing);
-            return lastError();
-        }
-    } else {
-        qCritical() << "IPC client not initialized";
-        setLastError(ErrorCode::InternalError);
-        return lastError();
-    }
-
-    setConnectionState(Vpn::ConnectionState::Connecting);
-
-    m_wireguardStartProcess = IpcClient::CreatePrivilegedProcess();
-
-    if (!m_wireguardStartProcess) {
-        setLastError(ErrorCode::AmneziaServiceConnectionFailed);
-        return ErrorCode::AmneziaServiceConnectionFailed;
-    }
-
-    m_wireguardStartProcess->waitForSource(1000);
-    if (!m_wireguardStartProcess->isInitialized()) {
-        qWarning() << "IpcProcess replica is not connected!";
-        setLastError(ErrorCode::AmneziaServiceConnectionFailed);
-        return ErrorCode::AmneziaServiceConnectionFailed;
-    }
-
-    m_wireguardStartProcess->setProgram(PermittedProcess::Wireguard);
-
-    m_wireguardStartProcess->setArguments(startArgs());
-    qDebug() << startArgs().join(" ");
-
-    connect(m_wireguardStartProcess.data(), &PrivilegedProcess::errorOccurred, this, [this](QProcess::ProcessError error) {
-        qDebug() << "WireguardProtocol::WireguardProtocol errorOccurred" << error;
-        setConnectionState(Vpn::ConnectionState::Disconnected);
-    });
-
-    connect(m_wireguardStartProcess.data(), &PrivilegedProcess::stateChanged, this,
-            [this](QProcess::ProcessState newState) {
-                qDebug() << "WireguardProtocol::WireguardProtocol stateChanged" << newState;
-            });
-
-    connect(m_wireguardStartProcess.data(), &PrivilegedProcess::finished, this,
-            [this]() { setConnectionState(Vpn::ConnectionState::Connected); });
-
-    connect(m_wireguardStartProcess.data(), &PrivilegedProcess::readyRead, this, [this]() {
-        QRemoteObjectPendingReply<QByteArray> reply = m_wireguardStartProcess->readAll();
-        reply.waitForFinished(1000);
-        qDebug() << "WireguardProtocol::WireguardProtocol readyRead" << reply.returnValue();
-    });
-
-    connect(m_wireguardStartProcess.data(), &PrivilegedProcess::readyReadStandardOutput, this, [this]() {
-        QRemoteObjectPendingReply<QByteArray> reply = m_wireguardStartProcess->readAllStandardOutput();
-        reply.waitForFinished(1000);
-        qDebug() << "WireguardProtocol::WireguardProtocol readAllStandardOutput" << reply.returnValue();
-    });
-
-    connect(m_wireguardStartProcess.data(), &PrivilegedProcess::readyReadStandardError, this, [this]() {
-        QRemoteObjectPendingReply<QByteArray> reply = m_wireguardStartProcess->readAllStandardError();
-        reply.waitForFinished(10);
-        qDebug() << "WireguardProtocol::WireguardProtocol readAllStandardError" << reply.returnValue();
-    });
-
-    m_wireguardStartProcess->start();
-    m_wireguardStartProcess->waitForFinished(10000);
-
-    return ErrorCode::NoError;
 }
 
-void WireguardProtocol::updateVpnGateway(const QString &line)
-{
-}
-
-QString WireguardProtocol::serviceName() const
-{
-    return "AmneziaVPN.WireGuard0";
-}
-
-QStringList WireguardProtocol::stopArgs()
-{
-#ifdef Q_OS_WIN
-    return { "--remove", configPath() };
-#elif defined Q_OS_LINUX
-    return { "down", "wg99" };
-#else
-    return {};
-#endif
-}
-
-QStringList WireguardProtocol::startArgs()
-{
-#ifdef Q_OS_WIN
-    return { "--add", configPath() };
-#elif defined Q_OS_LINUX
-    return { "up", "wg99" };
-#else
-    return {};
-#endif
-}

client/protocols/wireguardprotocol.h

@@ -8,7 +8,6 @@
 #include <QTimer>
 
 #include "vpnprotocol.h"
-#include "core/ipcclient.h"
 
 #include "mozilla/controllerimpl.h"
 
@@ -23,33 +22,21 @@ public:
     ErrorCode start() override;
     void stop() override;
 
-#if defined(Q_OS_MAC) || defined(Q_OS_WIN) || defined(Q_OS_LINUX)
     ErrorCode startMzImpl();
     ErrorCode stopMzImpl();
-#endif
 
 private:
     QString configPath() const;
     void writeWireguardConfiguration(const QJsonObject &configuration);
-
-    void updateRouteGateway(QString line);
-    void updateVpnGateway(const QString &line);
     QString serviceName() const;
-    QStringList stopArgs();
-    QStringList startArgs();
 
 private:
     QString m_configFileName;
     QFile m_configFile;
 
-    QSharedPointer<PrivilegedProcess> m_wireguardStartProcess;
-    QSharedPointer<PrivilegedProcess> m_wireguardStopProcess;
-
     bool m_isConfigLoaded = false;
 
-#if defined(Q_OS_MAC) || defined(Q_OS_WIN) || defined(Q_OS_LINUX)
     QScopedPointer<ControllerImpl> m_impl;
-#endif
 };
 
 #endif // WIREGUARDPROTOCOL_H

client/server_scripts/install_docker.sh

@@ -8,12 +8,12 @@ if ! command -v sudo > /dev/null 2>&1; then $pm update -yq; $pm install -yq sudo
 if ! command -v fuser > /dev/null 2>&1; then sudo $pm install -yq psmisc; fi;\
 if ! command -v lsof > /dev/null 2>&1; then sudo $pm install -yq lsof; fi;\
 if ! command -v docker > /dev/null 2>&1; then sudo $pm update -yq; sudo $pm install -yq $docker_pkg;\
-  if [ "$dist" = "fedora" ] || [ "$dist" = "debian" ]; then sudo systemctl enable docker && sudo systemctl start docker; fi;\
+  if [ "$dist" = "fedora" ] || [ "$dist" = "centos" ] || [ "$dist" = "debian" ]; then sudo systemctl enable docker && sudo systemctl start docker; fi;\
 fi;\
 if [ "$dist" = "debian" ]; then \
   docker_service=$(systemctl list-units --full --all | grep docker.service | grep -v inactive | grep -v dead | grep -v failed);\
   if [ -z "$docker_service" ]; then sudo $pm update -yq; sudo $pm install -yq curl $docker_pkg; fi;\
   sleep 3 && sudo systemctl start docker && sleep 3;\
 fi;\
-if ! command -v sudo > /dev/null 2>&1; then echo "Failed to install Docker";exit 1;fi;\
+if [ "$(systemctl is-active docker)" != "active" ]; then echo "Docker status is not active"; fi;\
 docker --version

client/settings.cpp

@@ -233,10 +233,6 @@ QString Settings::routeModeString(RouteMode mode) const
 
 Settings::RouteMode Settings::routeMode() const
 {
-// TODO implement for mobiles
-#if defined(Q_OS_ANDROID) || defined(Q_OS_IOS)
-    return RouteMode::VpnAllSites;
-#endif
     return static_cast<RouteMode>(m_settings.value("Conf/routeMode", 0).toInt());
 }
 

client/translations/amneziavpn_ru.ts

@@ -4,9 +4,13 @@
 <context>
     <name>AmneziaApplication</name>
     <message>
-        <location filename="../amnezia_application.cpp" line="302"/>
         <source>Split tunneling for WireGuard is not implemented, the option was disabled</source>
-        <translation>Раздельное туннелирование для &quot;Wireguard&quot; не реализовано,опция отключена</translation>
+        <translation type="vanished">Раздельное туннелирование для &quot;Wireguard&quot; не реализовано,опция отключена</translation>
+    </message>
+    <message>
+        <location filename="../amnezia_application.cpp" line="305"/>
+        <source>Split tunneling for %1 is not implemented, the option was disabled</source>
+        <translation>Раздельное туннелирование для %1 не реализовано, опция отключена</translation>
     </message>
 </context>
 <context>
@@ -119,19 +123,23 @@
     <name>HomeContainersListView</name>
     <message>
         <location filename="../ui/qml/Components/HomeContainersListView.qml" line="58"/>
+        <source>Unable change protocol while there is an active connection</source>
+        <translation>Невозможно изменить протокол при активном соединении</translation>
+    </message>
+    <message>
+        <location filename="../ui/qml/Components/HomeContainersListView.qml" line="69"/>
         <source>The selected protocol is not supported on the current platform</source>
         <translation>Выбранный протокол не поддерживается на данном устройстве</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Components/HomeContainersListView.qml" line="76"/>
         <source>Reconnect via VPN Procotol: </source>
-        <translation>Переподключение через VPN протокол: </translation>
+        <translation type="vanished">Переподключение через VPN протокол: </translation>
     </message>
 </context>
 <context>
     <name>ImportController</name>
     <message>
-        <location filename="../ui/controllers/importController.cpp" line="429"/>
+        <location filename="../ui/controllers/importController.cpp" line="427"/>
         <source>Scanned %1 of %2.</source>
         <translation>Отсканировано %1 из%2.</translation>
     </message>
@@ -139,58 +147,58 @@
 <context>
     <name>InstallController</name>
     <message>
-        <location filename="../ui/controllers/installController.cpp" line="110"/>
-        <location filename="../ui/controllers/installController.cpp" line="161"/>
+        <location filename="../ui/controllers/installController.cpp" line="143"/>
+        <location filename="../ui/controllers/installController.cpp" line="193"/>
         <source>%1 installed successfully. </source>
         <translation>%1 успешно установлен. </translation>
     </message>
     <message>
-        <location filename="../ui/controllers/installController.cpp" line="112"/>
-        <location filename="../ui/controllers/installController.cpp" line="163"/>
+        <location filename="../ui/controllers/installController.cpp" line="145"/>
+        <location filename="../ui/controllers/installController.cpp" line="195"/>
         <source>%1 is already installed on the server. </source>
         <translation>%1 уже установлен на сервер. </translation>
     </message>
     <message>
-        <location filename="../ui/controllers/installController.cpp" line="115"/>
+        <location filename="../ui/controllers/installController.cpp" line="148"/>
         <source>
 Added containers that were already installed on the server</source>
         <translation>
 В приложение добавлены обнаруженные на сервере протоклы и сервисы</translation>
     </message>
     <message>
-        <location filename="../ui/controllers/installController.cpp" line="182"/>
+        <location filename="../ui/controllers/installController.cpp" line="214"/>
         <source>
 Already installed containers were found on the server. All installed containers have been added to the application</source>
         <translation>
 На сервере обнаружены установленные протоколы и сервисы, все они добавлены в приложение</translation>
     </message>
     <message>
-        <location filename="../ui/controllers/installController.cpp" line="266"/>
+        <location filename="../ui/controllers/installController.cpp" line="295"/>
         <source>Settings updated successfully</source>
         <translation>Настройки успешно обновлены</translation>
     </message>
     <message>
-        <location filename="../ui/controllers/installController.cpp" line="281"/>
+        <location filename="../ui/controllers/installController.cpp" line="310"/>
         <source>Server &apos;%1&apos; was removed</source>
         <translation>Сервер &apos;%1&apos; был удален</translation>
     </message>
     <message>
-        <location filename="../ui/controllers/installController.cpp" line="291"/>
+        <location filename="../ui/controllers/installController.cpp" line="320"/>
         <source>All containers from server &apos;%1&apos; have been removed</source>
         <translation>Все протоклы и сервисы были удалены с сервера &apos;%1&apos;</translation>
     </message>
     <message>
-        <location filename="../ui/controllers/installController.cpp" line="308"/>
+        <location filename="../ui/controllers/installController.cpp" line="337"/>
         <source>%1 has been removed from the server &apos;%2&apos;</source>
         <translation>%1 был удален с сервера &apos;%2&apos;</translation>
     </message>
     <message>
-        <location filename="../ui/controllers/installController.cpp" line="454"/>
+        <location filename="../ui/controllers/installController.cpp" line="483"/>
         <source>Please login as the user</source>
         <translation>Пожалуйста, войдите в систему от имени пользователя</translation>
     </message>
     <message>
-        <location filename="../ui/controllers/installController.cpp" line="481"/>
+        <location filename="../ui/controllers/installController.cpp" line="511"/>
         <source>Server added successfully</source>
         <translation>Сервер успешно добавлен</translation>
     </message>
@@ -258,15 +266,20 @@ Already installed containers were found on the server. All installed containers
 <context>
     <name>PageHome</name>
     <message>
-        <location filename="../ui/qml/Pages2/PageHome.qml" line="344"/>
+        <location filename="../ui/qml/Pages2/PageHome.qml" line="354"/>
         <source>VPN protocol</source>
         <translation>VPN протокол</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageHome.qml" line="388"/>
+        <location filename="../ui/qml/Pages2/PageHome.qml" line="398"/>
         <source>Servers</source>
         <translation>Серверы</translation>
     </message>
+    <message>
+        <location filename="../ui/qml/Pages2/PageHome.qml" line="490"/>
+        <source>Unable change server while there is an active connection</source>
+        <translation>Невозможно изменить сервер при активном соединении</translation>
+    </message>
 </context>
 <context>
     <name>PageProtocolAwgSettings</name>
@@ -337,9 +350,13 @@ Already installed containers were found on the server. All installed containers
     </message>
     <message>
         <location filename="../ui/qml/Pages2/PageProtocolAwgSettings.qml" line="279"/>
-        <source>All users who you shared a connection with will no longer be able to connect to it.</source>
+        <source>All users with whom you shared a connection will no longer be able to connect to it.</source>
         <translation>Все пользователи, с которыми вы поделились этим VPN-протоколом, больше не смогут к нему подключаться.</translation>
     </message>
+    <message>
+        <source>All users who you shared a connection with will no longer be able to connect to it.</source>
+        <translation type="vanished">Все пользователи, с которыми вы поделились этим VPN-протоколом, больше не смогут к нему подключаться.</translation>
+    </message>
     <message>
         <location filename="../ui/qml/Pages2/PageProtocolAwgSettings.qml" line="280"/>
         <source>Continue</source>
@@ -388,195 +405,199 @@ Already installed containers were found on the server. All installed containers
 <context>
     <name>PageProtocolOpenVpnSettings</name>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="76"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="77"/>
         <source>OpenVPN settings</source>
         <translation>Настройки OpenVPN</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="83"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="84"/>
         <source>VPN Addresses Subnet</source>
-        <translation>VPN Адреса Подсеть</translation>
+        <translation>Подсеть для VPN</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="97"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="98"/>
         <source>Network protocol</source>
         <translation>Сетевой протокол</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="126"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="127"/>
         <source>Port</source>
         <translation>Порт</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="144"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="145"/>
         <source>Auto-negotiate encryption</source>
         <translation>Шифрование с автоматическим согласованием</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="161"/>
         <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="162"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="163"/>
         <source>Hash</source>
         <translation>Хэш</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="170"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="171"/>
         <source>SHA512</source>
         <translation>SHA512</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="171"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="172"/>
         <source>SHA384</source>
         <translation>SHA384</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="172"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="173"/>
         <source>SHA256</source>
         <translation>SHA256</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="173"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="174"/>
         <source>SHA3-512</source>
         <translation>SHA3-512</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="174"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="175"/>
         <source>SHA3-384</source>
         <translation>SHA3-384</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="175"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="176"/>
         <source>SHA3-256</source>
         <translation>SHA3-256</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="176"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="177"/>
         <source>whirlpool</source>
         <translation>whirlpool</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="177"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="178"/>
         <source>BLAKE2b512</source>
         <translation>BLAKE2b512</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="178"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="179"/>
         <source>BLAKE2s256</source>
         <translation>BLAKE2s256</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="179"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="180"/>
         <source>SHA1</source>
         <translation>SHA1</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="207"/>
         <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="208"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="209"/>
         <source>Cipher</source>
         <translation>Шифрование</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="216"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="217"/>
         <source>AES-256-GCM</source>
         <translation>AES-256-GCM</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="217"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="218"/>
         <source>AES-192-GCM</source>
         <translation>AES-192-GCM</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="218"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="219"/>
         <source>AES-128-GCM</source>
         <translation>AES-128-GCM</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="219"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="220"/>
         <source>AES-256-CBC</source>
         <translation>AES-256-CBC</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="220"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="221"/>
         <source>AES-192-CBC</source>
         <translation>AES-192-CBC</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="221"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="222"/>
         <source>AES-128-CBC</source>
         <translation>AES-128-CBC</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="222"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="223"/>
         <source>ChaCha20-Poly1305</source>
         <translation>ChaCha20-Poly1305</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="223"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="224"/>
         <source>ARIA-256-CBC</source>
         <translation>ARIA-256-CBC</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="224"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="225"/>
         <source>CAMELLIA-256-CBC</source>
         <translation>CAMELLIA-256-CBC</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="225"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="226"/>
         <source>none</source>
         <translation>none</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="258"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="261"/>
         <source>TLS auth</source>
         <translation>TLS авторизация</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="273"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="276"/>
         <source>Block DNS requests outside of VPN</source>
         <translation>Блокировать DNS запросы за пределами VPN</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="292"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="295"/>
         <source>Additional client configuration commands</source>
         <translation>Дополнительные команды конфигурации клиента</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="308"/>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="340"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="311"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="343"/>
         <source>Commands:</source>
         <translation>Commands:</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="324"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="327"/>
         <source>Additional server configuration commands</source>
         <translation>Дополнительные команды конфигурации сервера</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="359"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="364"/>
         <source>Remove OpenVPN</source>
         <translation>Удалить OpenVPN</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="362"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="367"/>
         <source>Remove OpenVpn from server?</source>
         <translation>Удалить OpenVpn с сервера?</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="363"/>
-        <source>All users who you shared a connection with will no longer be able to connect to it.</source>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="368"/>
+        <source>All users with whom you shared a connection will no longer be able to connect to it.</source>
         <translation>Все пользователи, с которыми вы поделились этим VPN-протоколом, больше не смогут к нему подключаться.</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="364"/>
+        <source>All users who you shared a connection with will no longer be able to connect to it.</source>
+        <translation type="vanished">Все пользователи, с которыми вы поделились этим VPN-протоколом, больше не смогут к нему подключаться.</translation>
+    </message>
+    <message>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="369"/>
         <source>Continue</source>
         <translation>Продолжить</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="365"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="370"/>
         <source>Cancel</source>
         <translation>Отменить</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="384"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="389"/>
         <source>Save and Restart Amnezia</source>
         <translation>Сохранить и перезагрузить</translation>
     </message>
@@ -599,27 +620,31 @@ Already installed containers were found on the server. All installed containers
         <translation>Параметры подключения %1</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolRaw.qml" line="172"/>
+        <location filename="../ui/qml/Pages2/PageProtocolRaw.qml" line="174"/>
         <source>Remove </source>
         <translation>Удалить </translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolRaw.qml" line="176"/>
+        <location filename="../ui/qml/Pages2/PageProtocolRaw.qml" line="178"/>
         <source>Remove %1 from server?</source>
         <translation>Удалить %1 с сервера?</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolRaw.qml" line="177"/>
-        <source>All users who you shared a connection with will no longer be able to connect to it.</source>
+        <location filename="../ui/qml/Pages2/PageProtocolRaw.qml" line="179"/>
+        <source>All users with whom you shared a connection will no longer be able to connect to it.</source>
         <translation>Все пользователи, с которыми вы поделились этим VPN-протоколом, больше не смогут к нему подключаться.</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolRaw.qml" line="178"/>
+        <source>All users who you shared a connection with will no longer be able to connect to it.</source>
+        <translation type="obsolete">Все пользователи, с которыми вы поделились этим VPN-протоколом, больше не смогут к нему подключаться.</translation>
+    </message>
+    <message>
+        <location filename="../ui/qml/Pages2/PageProtocolRaw.qml" line="180"/>
         <source>Continue</source>
         <translation>Продолжить</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolRaw.qml" line="179"/>
+        <location filename="../ui/qml/Pages2/PageProtocolRaw.qml" line="181"/>
         <source>Cancel</source>
         <translation>Отменить</translation>
     </message>
@@ -661,7 +686,7 @@ Already installed containers were found on the server. All installed containers
         <location filename="../ui/qml/Pages2/PageServiceDnsSettings.qml" line="52"/>
         <source>A DNS service is installed on your server, and it is only accessible via VPN.
 </source>
-        <translation>На вашем сервере устанавливается DNS-сервис, доступ к нему возможен только через VPN.
+        <translation>На вашем сервере установлен DNS-сервис, доступ к нему возможен только через VPN.
 </translation>
     </message>
     <message>
@@ -765,7 +790,7 @@ Already installed containers were found on the server. All installed containers
     <message>
         <location filename="../ui/qml/Pages2/PageServiceSftpSettings.qml" line="251"/>
         <source>Remove SFTP and all data stored there?</source>
-        <translation>Удалить SFTP-хранилище и все хранящиеся на нем  данные?</translation>
+        <translation>Удалить SFTP-хранилище и все хранящиеся на нем данные?</translation>
     </message>
     <message>
         <location filename="../ui/qml/Pages2/PageServiceSftpSettings.qml" line="252"/>
@@ -985,8 +1010,8 @@ Already installed containers were found on the server. All installed containers
     </message>
     <message>
         <location filename="../ui/qml/Pages2/PageSettingsApplication.qml" line="73"/>
-        <source>Launch the application every time %1 starts</source>
-        <translation>Запускать приложение при каждом включении %1</translation>
+        <source>Launch the application every time the device is starts</source>
+        <translation>Запускать приложение при каждом включении</translation>
     </message>
     <message>
         <location filename="../ui/qml/Pages2/PageSettingsApplication.qml" line="93"/>
@@ -1085,7 +1110,7 @@ Already installed containers were found on the server. All installed containers
     <message>
         <location filename="../ui/qml/Pages2/PageSettingsBackup.qml" line="106"/>
         <source>Backup file saved</source>
-        <translation type="unfinished"></translation>
+        <translation>Бэкап файл сохранен</translation>
     </message>
     <message>
         <location filename="../ui/qml/Pages2/PageSettingsBackup.qml" line="122"/>
@@ -1123,7 +1148,7 @@ Already installed containers were found on the server. All installed containers
     <message>
         <location filename="../ui/qml/Pages2/PageSettingsConnection.qml" line="41"/>
         <source>Connection</source>
-        <translation>Подключение</translation>
+        <translation>Соединение</translation>
     </message>
     <message>
         <location filename="../ui/qml/Pages2/PageSettingsConnection.qml" line="50"/>
@@ -1184,52 +1209,52 @@ Already installed containers were found on the server. All installed containers
         <translation>DNS сервер</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsDns.qml" line="49"/>
+        <location filename="../ui/qml/Pages2/PageSettingsDns.qml" line="50"/>
         <source>If AmneziaDNS is not used or installed</source>
         <translation>Эти адреса будут использоваться, если не включен или не установлен AmneziaDNS</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsDns.qml" line="56"/>
+        <location filename="../ui/qml/Pages2/PageSettingsDns.qml" line="57"/>
         <source>Primary DNS</source>
         <translation>Первичный DNS</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsDns.qml" line="68"/>
+        <location filename="../ui/qml/Pages2/PageSettingsDns.qml" line="69"/>
         <source>Secondary DNS</source>
         <translation>Вторичный DNS</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsDns.qml" line="86"/>
+        <location filename="../ui/qml/Pages2/PageSettingsDns.qml" line="87"/>
         <source>Restore default</source>
         <translation>Восстановить по умолчанию</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsDns.qml" line="89"/>
+        <location filename="../ui/qml/Pages2/PageSettingsDns.qml" line="90"/>
         <source>Restore default DNS settings?</source>
         <translation>Восстановить настройки DNS по умолчанию?</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsDns.qml" line="90"/>
+        <location filename="../ui/qml/Pages2/PageSettingsDns.qml" line="91"/>
         <source>Continue</source>
         <translation>Продолжить</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsDns.qml" line="91"/>
+        <location filename="../ui/qml/Pages2/PageSettingsDns.qml" line="92"/>
         <source>Cancel</source>
         <translation>Отменить</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsDns.qml" line="99"/>
+        <location filename="../ui/qml/Pages2/PageSettingsDns.qml" line="100"/>
         <source>Settings have been reset</source>
         <translation>Настройки сброшены</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsDns.qml" line="111"/>
+        <location filename="../ui/qml/Pages2/PageSettingsDns.qml" line="112"/>
         <source>Save</source>
         <translation>Сохранить</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsDns.qml" line="120"/>
+        <location filename="../ui/qml/Pages2/PageSettingsDns.qml" line="121"/>
         <source>Settings saved</source>
         <translation>Сохранить настройки</translation>
     </message>
@@ -1244,7 +1269,7 @@ Already installed containers were found on the server. All installed containers
     <message>
         <location filename="../ui/qml/Pages2/PageSettingsLogging.qml" line="54"/>
         <source>Save logs</source>
-        <translation>Сохранить логи</translation>
+        <translation>Сохранять логи</translation>
     </message>
     <message>
         <location filename="../ui/qml/Pages2/PageSettingsLogging.qml" line="86"/>
@@ -1264,12 +1289,12 @@ Already installed containers were found on the server. All installed containers
     <message>
         <location filename="../ui/qml/Pages2/PageSettingsLogging.qml" line="118"/>
         <source>Logs file saved</source>
-        <translation type="unfinished"></translation>
+        <translation>Файл с логами сохранен</translation>
     </message>
     <message>
         <location filename="../ui/qml/Pages2/PageSettingsLogging.qml" line="127"/>
         <source>Save logs to file</source>
-        <translation>Сохранять логи в файл</translation>
+        <translation>Сохранить логи в файл</translation>
     </message>
     <message>
         <location filename="../ui/qml/Pages2/PageSettingsLogging.qml" line="145"/>
@@ -1307,7 +1332,7 @@ Already installed containers were found on the server. All installed containers
     <message>
         <location filename="../ui/qml/Pages2/PageSettingsServerData.qml" line="87"/>
         <source>Clear Amnezia cache</source>
-        <translation>Очистить кэш Amnezia на сервере</translation>
+        <translation>Очистить кэш Amnezia</translation>
     </message>
     <message>
         <location filename="../ui/qml/Pages2/PageSettingsServerData.qml" line="88"/>
@@ -1431,8 +1456,12 @@ Already installed containers were found on the server. All installed containers
     </message>
     <message>
         <location filename="../ui/qml/Pages2/PageSettingsServerProtocol.qml" line="117"/>
+        <source>All users with whom you shared a connection will no longer be able to connect to it.</source>
+        <translation>Все пользователи, с которыми вы поделились этим VPN-протоколом, больше не смогут к нему подключаться.</translation>
+    </message>
+    <message>
         <source>All users who you shared a connection with will no longer be able to connect to it.</source>
-        <translation>Все пользователи, которым вы поделились VPN, больше не смогут к нему подключаться.</translation>
+        <translation type="vanished">Все пользователи, которым вы поделились VPN, больше не смогут к нему подключаться.</translation>
     </message>
     <message>
         <location filename="../ui/qml/Pages2/PageSettingsServerProtocol.qml" line="118"/>
@@ -1471,75 +1500,75 @@ Already installed containers were found on the server. All installed containers
         <translation>Раздельное VPN-туннелирование</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="128"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="121"/>
         <source>Mode</source>
         <translation>Режим</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="206"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="199"/>
         <source>Remove </source>
         <translation>Удалить </translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="207"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="200"/>
         <source>Continue</source>
         <translation>Продолжить</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="208"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="201"/>
         <source>Cancel</source>
         <translation>Отменить</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="255"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="248"/>
         <source>Site or IP</source>
         <translation>Сайт или IP</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="299"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="292"/>
         <source>Import/Export Sites</source>
         <translation>Импорт/экспорт Сайтов</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="305"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="298"/>
         <source>Import</source>
         <translation>Импорт</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="317"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="310"/>
         <source>Save site list</source>
         <translation>Сохранить список сайтов</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="324"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="317"/>
         <source>Save sites</source>
         <translation>Сохранить</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="325"/>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="392"/>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="407"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="318"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="385"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="400"/>
         <source>Sites files (*.json)</source>
         <translation>Sites files (*.json)</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="382"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="375"/>
         <source>Import a list of sites</source>
         <translation>Импортировать список с сайтами</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="388"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="381"/>
         <source>Replace site list</source>
         <translation>Заменить список сайтов</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="391"/>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="406"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="384"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="399"/>
         <source>Open sites file</source>
         <translation>Открыть список с сайтами</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="403"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="396"/>
         <source>Add imported sites to existing ones</source>
         <translation>Добавить импортированные сайты к существующим</translation>
     </message>
@@ -1685,7 +1714,7 @@ and will not be shared or disclosed to the Amnezia or any third parties</source>
 <context>
     <name>PageSetupWizardInstalling</name>
     <message>
-        <location filename="../ui/qml/Pages2/PageSetupWizardInstalling.qml" line="57"/>
+        <location filename="../ui/qml/Pages2/PageSetupWizardInstalling.qml" line="65"/>
         <source>The server has already been added to the application</source>
         <translation>Сервер уже был добавлен в приложение</translation>
     </message>
@@ -1698,28 +1727,28 @@ and will not be shared or disclosed to the Amnezia or any third parties</source>
         <translation type="vanished">занят установкой других протоколов или сервисов. Установка Amnesia </translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSetupWizardInstalling.qml" line="62"/>
+        <location filename="../ui/qml/Pages2/PageSetupWizardInstalling.qml" line="70"/>
         <source>Amnezia has detected that your server is currently </source>
-        <translation type="unfinished"></translation>
+        <translation>Amnezia обнаружила, что ваш сервер в настоящее время </translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSetupWizardInstalling.qml" line="63"/>
+        <location filename="../ui/qml/Pages2/PageSetupWizardInstalling.qml" line="71"/>
         <source>busy installing other software. Amnezia installation </source>
-        <translation type="unfinished"></translation>
+        <translation>занят установкой другого программного обеспечения. Установка Amnezia </translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSetupWizardInstalling.qml" line="64"/>
+        <location filename="../ui/qml/Pages2/PageSetupWizardInstalling.qml" line="72"/>
         <source>will pause until the server finishes installing other software</source>
         <translation>будет приостановлена до тех пор, пока сервер не завершит установку</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSetupWizardInstalling.qml" line="121"/>
+        <location filename="../ui/qml/Pages2/PageSetupWizardInstalling.qml" line="129"/>
         <source>Installing</source>
         <translation>Установка</translation>
     </message>
     <message>
         <location filename="../ui/qml/Pages2/PageSetupWizardInstalling.qml" line="21"/>
-        <location filename="../ui/qml/Pages2/PageSetupWizardInstalling.qml" line="67"/>
+        <location filename="../ui/qml/Pages2/PageSetupWizardInstalling.qml" line="75"/>
         <source>Usually it takes no more than 5 minutes</source>
         <translation>Обычно это занимает не более 5 минут</translation>
     </message>
@@ -1837,27 +1866,27 @@ and will not be shared or disclosed to the Amnezia or any third parties</source>
 <context>
     <name>PageSetupWizardViewConfig</name>
     <message>
-        <location filename="../ui/qml/Pages2/PageSetupWizardViewConfig.qml" line="59"/>
+        <location filename="../ui/qml/Pages2/PageSetupWizardViewConfig.qml" line="63"/>
         <source>New connection</source>
         <translation>Новое соединение</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSetupWizardViewConfig.qml" line="86"/>
+        <location filename="../ui/qml/Pages2/PageSetupWizardViewConfig.qml" line="90"/>
         <source>Do not use connection code from public sources. It could be created to intercept your data.</source>
         <translation>Не используйте код подключения из публичных источников. Его могли создать, чтобы перехватывать ваши данные.</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSetupWizardViewConfig.qml" line="101"/>
+        <location filename="../ui/qml/Pages2/PageSetupWizardViewConfig.qml" line="105"/>
         <source>Collapse content</source>
         <translation>Свернуть</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSetupWizardViewConfig.qml" line="101"/>
+        <location filename="../ui/qml/Pages2/PageSetupWizardViewConfig.qml" line="105"/>
         <source>Show content</source>
         <translation>Показать содержимое ключа</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSetupWizardViewConfig.qml" line="144"/>
+        <location filename="../ui/qml/Pages2/PageSetupWizardViewConfig.qml" line="148"/>
         <source>Connect</source>
         <translation>Подключиться</translation>
     </message>
@@ -1875,9 +1904,8 @@ and will not be shared or disclosed to the Amnezia or any third parties</source>
         <translation>WireGuard нативный формат</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageShare.qml" line="121"/>
         <source>VPN Access</source>
-        <translation>VPN-Доступ</translation>
+        <translation type="vanished">VPN-Доступ</translation>
     </message>
     <message>
         <location filename="../ui/qml/Pages2/PageShare.qml" line="146"/>
@@ -1885,14 +1913,12 @@ and will not be shared or disclosed to the Amnezia or any third parties</source>
         <translation>Соединение</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageShare.qml" line="174"/>
         <source>VPN access without the ability to manage the server</source>
-        <translation>Доступ к VPN, без возможности управления сервером</translation>
+        <translation type="vanished">Доступ к VPN, без возможности управления сервером</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageShare.qml" line="175"/>
         <source>Access to server management. The user with whom you share full access to the connection will be able to add and remove your protocols and services to the server, as well as change settings.</source>
-        <translation>Доступ к управлению сервером. Пользователь, с которым вы делитесь полным доступом к соединению, сможет добавлять и удалять ваши протоколы и службы на сервере, а также изменять настройки.</translation>
+        <translation type="vanished">Доступ к управлению сервером. Пользователь, с которым вы делитесь полным доступом к соединению, сможет добавлять и удалять ваши протоколы и службы на сервере, а также изменять настройки.</translation>
     </message>
     <message>
         <location filename="../ui/qml/Pages2/PageShare.qml" line="190"/>
@@ -1935,11 +1961,26 @@ and will not be shared or disclosed to the Amnezia or any third parties</source>
         <source>For the AmneziaVPN app</source>
         <translation>Для AmneziaVPN</translation>
     </message>
+    <message>
+        <location filename="../ui/qml/Pages2/PageShare.qml" line="121"/>
+        <source>Share VPN Access</source>
+        <translation>Поделиться VPN</translation>
+    </message>
     <message>
         <location filename="../ui/qml/Pages2/PageShare.qml" line="158"/>
         <source>Full access</source>
         <translation>Полный доступ</translation>
     </message>
+    <message>
+        <location filename="../ui/qml/Pages2/PageShare.qml" line="174"/>
+        <source>Share VPN access without the ability to manage the server</source>
+        <translation>Поделиться доступом к VPN, без возможности управления сервером</translation>
+    </message>
+    <message>
+        <location filename="../ui/qml/Pages2/PageShare.qml" line="175"/>
+        <source>Share access to server management. The user with whom you share full access to the server will be able to add and remove any protocols and services to the server, as well as change settings.</source>
+        <translation>Поделиться доступом к управлению сервером. Пользователь, с которым вы делитесь полным доступом к серверу, сможет добавлять и удалять любые протоколы и службы на сервере, а также изменять настройки.</translation>
+    </message>
     <message>
         <location filename="../ui/qml/Pages2/PageShare.qml" line="251"/>
         <location filename="../ui/qml/Pages2/PageShare.qml" line="252"/>
@@ -2424,7 +2465,15 @@ While it offers a blend of security, stability, and speed, it&apos;s essential t
 * Minimal configuration
 * Recognised by DPI analysis systems
 * Works over UDP network protocol, ports 500 and 4500.</source>
-        <translation type="unfinished"></translation>
+        <translation>IKEv2 в сочетании с уровнем шифрования IPSec это современный и стабильный протокол VPN.
+Он может быстро переключаться между сетями и устройствами, что делает его особенно адаптивным в динамичных сетевых средах. 
+Несмотря на сочетание безопасности, стабильности и скорости, необходимо отметить, что IKEv2 легко обнаруживается и подвержен блокировке.
+
+* Доступно в AmneziaVPN только для Windows.
+* Низкое энергопотребление, на мобильных устройствах
+* Минимальная конфигурация
+* Распознается системами DPI-анализа
+* Работает по сетевому протоколу UDP, порты 500 и 4500.</translation>
     </message>
     <message>
         <location filename="../containers/containers_defs.cpp" line="215"/>
@@ -2470,7 +2519,7 @@ While it offers a blend of security, stability, and speed, it&apos;s essential t
     <message>
         <location filename="../containers/containers_defs.cpp" line="111"/>
         <source>AmneziaWG - Special protocol from Amnezia, based on WireGuard. It&apos;s fast like WireGuard, but very resistant to blockages. Recommended for regions with high levels of censorship.</source>
-        <translation type="unfinished"></translation>
+        <translation>AmneziaWG - Специальный протокол от Amnezia, основанный на протоколе WireGuard. Он такой же быстрый, как WireGuard, но очень устойчив к блокировкам. Рекомендуется для регионов с высоким уровнем цензуры.</translation>
     </message>
     <message>
         <location filename="../containers/containers_defs.cpp" line="115"/>
@@ -2502,7 +2551,14 @@ It employs its unique security protocol, leveraging the strength of SSL/TLS for
 * Flexible customisation to suit user needs to work with different operating systems and devices
 * Recognised by DPI analysis systems and therefore susceptible to blocking
 * Can operate over both TCP and UDP network protocols.</source>
-        <translation type="unfinished"></translation>
+        <translation>OpenVPN однин из самых популярных и проверенных временем VPN-протоколов.
+В нем используется уникальный протокол безопасности, опирающийся на протокол SSL/TLS для шифрования и обмена ключами. Кроме того, поддержка OpenVPN множества методов аутентификации делает его универсальным и адаптируемым к широкому спектру устройств и операционных систем. Благодаря открытому исходному коду OpenVPN подвергается тщательному анализу со стороны мирового сообщества, что постоянно повышает его безопасность. Благодаря оптимальному соотношению производительности, безопасности и совместимости OpenVPN остается лучшим выбором как для частных лиц, так и для компаний, заботящихся о конфиденциальности.
+
+* Доступность AmneziaVPN для всех платформ
+* Нормальное энергопотребление на мобильных устройствах
+* Гибкая настройка под нужды пользователя для работы с различными операционными системами и устройствами
+* Распознается системами DPI-анализа и поэтому подвержен блокировке
+* Может работать по сетевым протоколам TCP и UDP.</translation>
     </message>
     <message>
         <location filename="../containers/containers_defs.cpp" line="145"/>
@@ -2514,7 +2570,12 @@ It employs its unique security protocol, leveraging the strength of SSL/TLS for
 * Configurable encryption protocol
 * Detectable by some DPI systems
 * Works over TCP network protocol.</source>
-        <translation type="unfinished"></translation>
+        <translation>Shadowsocks, создан на основе протокола SOCKS5, защищает соединение с помощью шифра AEAD. Несмотря на то, что протокол Shadowsocks разработан таким образом, чтобы быть незаметным и сложным для идентификации, он не идентичен стандартному HTTPS-соединению. Однако некоторые системы анализа трафика все же могут обнаружить соединение Shadowsocks. В связи с ограниченной поддержкой в Amnezia рекомендуется использовать протокол AmneziaWG, или OpenVPN over Cloak.
+
+* Доступен в AmneziaVPN только на ПК ноутбуках.
+* Настраиваемый протокол шифрования
+* Обнаруживается некоторыми DPI-системами
+* Работает по сетевому протоколу TCP.</translation>
     </message>
     <message>
         <location filename="../containers/containers_defs.cpp" line="155"/>
@@ -2536,7 +2597,24 @@ If there is a extreme level of Internet censorship in your region, we advise you
 * Not recognised by DPI analysis systems
 * Works over TCP network protocol, 443 port.
 </source>
-        <translation type="unfinished"></translation>
+        <translation>OpenVPN over Cloak - это комбинация протокола OpenVPN и плагина Cloak, разработанного специально для защиты от блокировок.
+
+OpenVPN обеспечивает безопасное VPN-соединение за счет шифрования всего интернет-трафика между клиентом и сервером.
+
+Cloak защищает OpenVPN от обнаружения и блокировок. 
+
+Cloak может изменять метаданные пакетов. Он полностью маскирует VPN-трафик под обычный веб-трафик, а также защищает VPN от обнаружения с помощью Active Probing. Это делает его очень устойчивым к обнаружению
+
+Сразу же после получения первого пакета данных Cloak проверяет подлинность входящего соединения. Если аутентификация не проходит, плагин маскирует сервер под поддельный сайт, и ваш VPN становится невидимым для аналитических систем.
+
+Если в вашем регионе существует экстремальный уровень цензуры в Интернете, мы советуем вам при первом подключении использовать только OpenVPN через Cloak
+
+* Доступность AmneziaVPN на всех платформах
+* Высокое энергопотребление на мобильных устройствах
+* Гибкие настройки
+* Не распознается системами DPI-анализа
+* Работает по сетевому протоколу TCP, 443 порт.
+</translation>
     </message>
     <message>
         <location filename="../containers/containers_defs.cpp" line="174"/>
@@ -2549,7 +2627,15 @@ WireGuard is very susceptible to blocking due to its distinct packet signatures.
 * Minimum number of settings
 * Easily recognised by DPI analysis systems, susceptible to blocking
 * Works over UDP network protocol.</source>
-        <translation type="unfinished"></translation>
+        <translation>WireGuard - относительно новый популярный VPN-протокол с упрощенной архитектурой.
+Обеспечивает стабильное VPN-соединение, высокую производительность на всех устройствах. Использует жестко заданные настройки шифрования. WireGuard по сравнению с OpenVPN имеет меньшую задержку и лучшую пропускную способность при передаче данных.
+WireGuard очень восприимчив к блокированию из-за особенностей сигнатур пакетов. В отличие от некоторых других VPN-протоколов, использующих методы обфускации, последовательные сигнатуры пакетов WireGuard легче выявляются и, соответственно, блокируются современными системами глубокой проверки пакетов (DPI) и другими средствами сетевого мониторинга.
+
+* Доступность AmneziaVPN для всех платформ
+* Низкое энергопотребление
+* Минимальное количество настроек
+* Легко распознается системами DPI-анализа, подвержен блокировке
+* Работает по сетевому протоколу UDP.</translation>
     </message>
     <message>
         <location filename="../containers/containers_defs.cpp" line="187"/>
@@ -2562,7 +2648,15 @@ This means that AmneziaWG keeps the fast performance of the original while addin
 * Minimum number of settings
 * Not recognised by DPI analysis systems, resistant to blocking
 * Works over UDP network protocol.</source>
-        <translation type="unfinished"></translation>
+        <translation>AmneziaWG - усовершенствованная версия популярного VPN-протокола Wireguard. AmneziaWG опирается на фундамент, заложенный WireGuard, сохраняя упрощенную архитектуру и высокопроизводительные возможности работы на разных устройствах.
+Хотя WireGuard известен своей эффективностью, у него были проблемы с обнаружением из-за характерных сигнатур пакетов. AmneziaWG решает эту проблему за счет использования более совершенных методов обфускации, благодаря чему его трафик сливается с обычным интернет-трафиком.
+Таким образом, AmneziaWG сохраняет высокую производительность оригинала, добавляя при этом дополнительный уровень скрытности, что делает его отличным выбором для тех, кому нужно быстрое и незаметное VPN-соединение.
+
+* Доступность AmneziaVPN на всех платформах
+* Низкое энергопотребление
+* Минимальное количество настроек
+* Не распознается системами DPI-анализа, устойчив к блокировке
+* Работает по сетевому протоколу UDP.</translation>
     </message>
     <message>
         <source>AmneziaWG container</source>
@@ -2574,7 +2668,7 @@ This means that AmneziaWG keeps the fast performance of the original while addin
         <translation>Сервис обмена файлами Sftp - безопасный FTP-сервис</translation>
     </message>
     <message>
-        <location filename="../protocols/protocols_defs.cpp" line="75"/>
+        <location filename="../protocols/protocols_defs.cpp" line="77"/>
         <source>Sftp service</source>
         <translation>Сервис SFTP</translation>
     </message>
@@ -2638,6 +2732,16 @@ This means that AmneziaWG keeps the fast performance of the original while addin
         <source>error 0x%1: %2</source>
         <translation>error 0x%1: %2</translation>
     </message>
+    <message>
+        <location filename="../3rd/wireguard-tools/contrib/highlighter/gui/highlight.cpp" line="39"/>
+        <source>WireGuard Configuration Highlighter</source>
+        <translation type="unfinished"></translation>
+    </message>
+    <message>
+        <location filename="../3rd/wireguard-tools/contrib/highlighter/gui/highlight.cpp" line="82"/>
+        <source>&amp;Randomize colors</source>
+        <translation type="unfinished"></translation>
+    </message>
 </context>
 <context>
     <name>SelectLanguageDrawer</name>
@@ -2863,7 +2967,7 @@ This means that AmneziaWG keeps the fast performance of the original while addin
     <message>
         <location filename="../containers/containers_defs.cpp" line="309"/>
         <source>Medium or High</source>
-        <translation>Спедний или Высокий</translation>
+        <translation>Средний или Высокий</translation>
     </message>
     <message>
         <location filename="../containers/containers_defs.cpp" line="310"/>
@@ -2911,7 +3015,7 @@ This means that AmneziaWG keeps the fast performance of the original while addin
     <message>
         <location filename="../ui/qml/main2.qml" line="172"/>
         <source>Private key passphrase</source>
-        <translation>Кодовая фраза  для закрытого ключа</translation>
+        <translation>Кодовая фраза для закрытого ключа</translation>
     </message>
     <message>
         <location filename="../ui/qml/main2.qml" line="191"/>

client/translations/amneziavpn_zh_CN.ts

@@ -4,9 +4,13 @@
 <context>
     <name>AmneziaApplication</name>
     <message>
-        <location filename="../amnezia_application.cpp" line="302"/>
         <source>Split tunneling for WireGuard is not implemented, the option was disabled</source>
-        <translation>未启用选项，还未实现基于WireGuard协议的VPN分离</translation>
+        <translation type="vanished">未启用选项，还未实现基于WireGuard协议的VPN分离</translation>
+    </message>
+    <message>
+        <location filename="../amnezia_application.cpp" line="305"/>
+        <source>Split tunneling for %1 is not implemented, the option was disabled</source>
+        <translation type="unfinished"></translation>
     </message>
 </context>
 <context>
@@ -74,17 +78,17 @@
     <message>
         <location filename="../ui/qml/Components/ConnectionTypeSelectionDrawer.qml" line="30"/>
         <source>Add new connection</source>
-        <translation type="unfinished"></translation>
+        <translation>添加新连接</translation>
     </message>
     <message>
         <location filename="../ui/qml/Components/ConnectionTypeSelectionDrawer.qml" line="38"/>
         <source>Configure your server</source>
-        <translation type="unfinished"></translation>
+        <translation>配置您的服务器</translation>
     </message>
     <message>
         <location filename="../ui/qml/Components/ConnectionTypeSelectionDrawer.qml" line="52"/>
         <source>Open config file, key or QR code</source>
-        <translation type="unfinished"></translation>
+        <translation>配置文件，授权码或二维码</translation>
     </message>
     <message>
         <source>Server IP, login and password</source>
@@ -130,19 +134,23 @@
     <name>HomeContainersListView</name>
     <message>
         <location filename="../ui/qml/Components/HomeContainersListView.qml" line="58"/>
+        <source>Unable change protocol while there is an active connection</source>
+        <translation>已建立连接时无法更改服务器配置</translation>
+    </message>
+    <message>
+        <location filename="../ui/qml/Components/HomeContainersListView.qml" line="69"/>
         <source>The selected protocol is not supported on the current platform</source>
         <translation>当前平台不支持所选协议</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Components/HomeContainersListView.qml" line="76"/>
         <source>Reconnect via VPN Procotol: </source>
-        <translation>重连VPN基于协议: </translation>
+        <translation type="vanished">重连VPN基于协议: </translation>
     </message>
 </context>
 <context>
     <name>ImportController</name>
     <message>
-        <location filename="../ui/controllers/importController.cpp" line="429"/>
+        <location filename="../ui/controllers/importController.cpp" line="427"/>
         <source>Scanned %1 of %2.</source>
         <translation>扫描 %1 of %2.</translation>
     </message>
@@ -158,47 +166,47 @@
         <translation type="obsolete"> 已安装在服务器上</translation>
     </message>
     <message>
-        <location filename="../ui/controllers/installController.cpp" line="110"/>
-        <location filename="../ui/controllers/installController.cpp" line="161"/>
+        <location filename="../ui/controllers/installController.cpp" line="143"/>
+        <location filename="../ui/controllers/installController.cpp" line="193"/>
         <source>%1 installed successfully. </source>
         <translation>%1 安装成功。</translation>
     </message>
     <message>
-        <location filename="../ui/controllers/installController.cpp" line="112"/>
-        <location filename="../ui/controllers/installController.cpp" line="163"/>
+        <location filename="../ui/controllers/installController.cpp" line="145"/>
+        <location filename="../ui/controllers/installController.cpp" line="195"/>
         <source>%1 is already installed on the server. </source>
         <translation>服务器上已经安装 %1。</translation>
     </message>
     <message>
-        <location filename="../ui/controllers/installController.cpp" line="115"/>
+        <location filename="../ui/controllers/installController.cpp" line="148"/>
         <source>
 Added containers that were already installed on the server</source>
         <translation>添加已安装在服务器上的容器</translation>
     </message>
     <message>
-        <location filename="../ui/controllers/installController.cpp" line="182"/>
+        <location filename="../ui/controllers/installController.cpp" line="214"/>
         <source>
 Already installed containers were found on the server. All installed containers have been added to the application</source>
         <translation>
 在服务上发现已经安装协议并添加至应用</translation>
     </message>
     <message>
-        <location filename="../ui/controllers/installController.cpp" line="266"/>
+        <location filename="../ui/controllers/installController.cpp" line="295"/>
         <source>Settings updated successfully</source>
         <translation>配置更新成功</translation>
     </message>
     <message>
-        <location filename="../ui/controllers/installController.cpp" line="281"/>
+        <location filename="../ui/controllers/installController.cpp" line="310"/>
         <source>Server &apos;%1&apos; was removed</source>
         <translation>已移除服务器 &apos;%1&apos;</translation>
     </message>
     <message>
-        <location filename="../ui/controllers/installController.cpp" line="291"/>
+        <location filename="../ui/controllers/installController.cpp" line="320"/>
         <source>All containers from server &apos;%1&apos; have been removed</source>
         <translation>服务器 &apos;%1&apos; 的所有容器已移除</translation>
     </message>
     <message>
-        <location filename="../ui/controllers/installController.cpp" line="308"/>
+        <location filename="../ui/controllers/installController.cpp" line="337"/>
         <source>%1 has been removed from the server &apos;%2&apos;</source>
         <translation>%1 已从服务器 &apos;%2&apos; 上移除</translation>
     </message>
@@ -219,12 +227,12 @@ Already installed containers were found on the server. All installed containers
         <translation type="obsolete"> 协议已从</translation>
     </message>
     <message>
-        <location filename="../ui/controllers/installController.cpp" line="454"/>
+        <location filename="../ui/controllers/installController.cpp" line="483"/>
         <source>Please login as the user</source>
         <translation>请以用户身份登录</translation>
     </message>
     <message>
-        <location filename="../ui/controllers/installController.cpp" line="481"/>
+        <location filename="../ui/controllers/installController.cpp" line="511"/>
         <source>Server added successfully</source>
         <translation>增加服务器成功</translation>
     </message>
@@ -292,15 +300,20 @@ Already installed containers were found on the server. All installed containers
 <context>
     <name>PageHome</name>
     <message>
-        <location filename="../ui/qml/Pages2/PageHome.qml" line="344"/>
+        <location filename="../ui/qml/Pages2/PageHome.qml" line="354"/>
         <source>VPN protocol</source>
         <translation>VPN协议</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageHome.qml" line="388"/>
+        <location filename="../ui/qml/Pages2/PageHome.qml" line="398"/>
         <source>Servers</source>
         <translation>服务器</translation>
     </message>
+    <message>
+        <location filename="../ui/qml/Pages2/PageHome.qml" line="490"/>
+        <source>Unable change server while there is an active connection</source>
+        <translation>已建立连接时无法更改服务器配置</translation>
+    </message>
 </context>
 <context>
     <name>PageProtocolAwgSettings</name>
@@ -371,8 +384,12 @@ Already installed containers were found on the server. All installed containers
     </message>
     <message>
         <location filename="../ui/qml/Pages2/PageProtocolAwgSettings.qml" line="279"/>
+        <source>All users with whom you shared a connection will no longer be able to connect to it.</source>
+        <translation>与您共享连接的所有用户将无法再连接到该连接。</translation>
+    </message>
+    <message>
         <source>All users who you shared a connection with will no longer be able to connect to it.</source>
-        <translation>使用此共享连接的所有用户，将无法再连接它。</translation>
+        <translation type="vanished">使用此共享连接的所有用户，将无法再连接它。</translation>
     </message>
     <message>
         <location filename="../ui/qml/Pages2/PageProtocolAwgSettings.qml" line="280"/>
@@ -422,199 +439,203 @@ Already installed containers were found on the server. All installed containers
 <context>
     <name>PageProtocolOpenVpnSettings</name>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="76"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="77"/>
         <source>OpenVPN settings</source>
         <translation>OpenVPN 配置</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="83"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="84"/>
         <source>VPN Addresses Subnet</source>
         <translation>VPN子网掩码</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="97"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="98"/>
         <source>Network protocol</source>
         <translation>网络协议</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="126"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="127"/>
         <source>Port</source>
         <translation>端口</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="144"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="145"/>
         <source>Auto-negotiate encryption</source>
         <translation>自定义加密方式</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="161"/>
         <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="162"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="163"/>
         <source>Hash</source>
         <translation></translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="170"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="171"/>
         <source>SHA512</source>
         <translation></translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="171"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="172"/>
         <source>SHA384</source>
         <translation></translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="172"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="173"/>
         <source>SHA256</source>
         <translation></translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="173"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="174"/>
         <source>SHA3-512</source>
         <translation></translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="174"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="175"/>
         <source>SHA3-384</source>
         <translation></translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="175"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="176"/>
         <source>SHA3-256</source>
         <translation></translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="176"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="177"/>
         <source>whirlpool</source>
         <translation></translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="177"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="178"/>
         <source>BLAKE2b512</source>
         <translation></translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="178"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="179"/>
         <source>BLAKE2s256</source>
         <translation></translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="179"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="180"/>
         <source>SHA1</source>
         <translation></translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="207"/>
         <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="208"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="209"/>
         <source>Cipher</source>
         <translation></translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="216"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="217"/>
         <source>AES-256-GCM</source>
         <translation></translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="217"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="218"/>
         <source>AES-192-GCM</source>
         <translation></translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="218"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="219"/>
         <source>AES-128-GCM</source>
         <translation></translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="219"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="220"/>
         <source>AES-256-CBC</source>
         <translation></translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="220"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="221"/>
         <source>AES-192-CBC</source>
         <translation></translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="221"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="222"/>
         <source>AES-128-CBC</source>
         <translation></translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="222"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="223"/>
         <source>ChaCha20-Poly1305</source>
         <translation></translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="223"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="224"/>
         <source>ARIA-256-CBC</source>
         <translation></translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="224"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="225"/>
         <source>CAMELLIA-256-CBC</source>
         <translation></translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="225"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="226"/>
         <source>none</source>
         <translation>无</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="258"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="261"/>
         <source>TLS auth</source>
         <translation>TLS认证</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="273"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="276"/>
         <source>Block DNS requests outside of VPN</source>
         <translation>阻止VPN外的DNS请求</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="292"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="295"/>
         <source>Additional client configuration commands</source>
         <translation>附加客户端配置命令</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="308"/>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="340"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="311"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="343"/>
         <source>Commands:</source>
         <translation>命令:</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="324"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="327"/>
         <source>Additional server configuration commands</source>
         <translation>附加服务器端配置命令</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="359"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="364"/>
         <source>Remove OpenVPN</source>
         <translation>移除OpenVPN</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="362"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="367"/>
         <source>Remove OpenVpn from server?</source>
         <translation>从服务器移除OpenVPN吗?</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="363"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="368"/>
+        <source>All users with whom you shared a connection will no longer be able to connect to it.</source>
+        <translation>与您共享连接的所有用户将无法再连接到该连接。</translation>
+    </message>
+    <message>
         <source>All users who you shared a connection with will no longer be able to connect to it.</source>
-        <translation>使用此共享连接的所有用户，将无法再连接它。</translation>
+        <translation type="vanished">使用此共享连接的所有用户，将无法再连接它。</translation>
     </message>
     <message>
         <source>All users with whom you shared a connection will no longer be able to connect to it</source>
         <translation type="obsolete">与您共享连接的所有用户将无法再连接到此链接</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="364"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="369"/>
         <source>Continue</source>
         <translation>继续</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="365"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="370"/>
         <source>Cancel</source>
         <translation>取消</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="384"/>
+        <location filename="../ui/qml/Pages2/PageProtocolOpenVpnSettings.qml" line="389"/>
         <source>Save and Restart Amnezia</source>
         <translation>保存并重启Amnezia</translation>
     </message>
@@ -641,19 +662,23 @@ Already installed containers were found on the server. All installed containers
         <translation>%1 连接选项</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolRaw.qml" line="172"/>
+        <location filename="../ui/qml/Pages2/PageProtocolRaw.qml" line="174"/>
         <source>Remove </source>
         <translation>移除 </translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolRaw.qml" line="176"/>
+        <location filename="../ui/qml/Pages2/PageProtocolRaw.qml" line="178"/>
         <source>Remove %1 from server?</source>
         <translation>从服务器移除 %1 ?</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolRaw.qml" line="177"/>
+        <location filename="../ui/qml/Pages2/PageProtocolRaw.qml" line="179"/>
+        <source>All users with whom you shared a connection will no longer be able to connect to it.</source>
+        <translation>与您共享连接的所有用户将无法再连接到该连接。</translation>
+    </message>
+    <message>
         <source>All users who you shared a connection with will no longer be able to connect to it.</source>
-        <translation>使用此共享连接的所有用户，将无法再连接它。</translation>
+        <translation type="vanished">使用此共享连接的所有用户，将无法再连接它。</translation>
     </message>
     <message>
         <source> from server?</source>
@@ -664,12 +689,12 @@ Already installed containers were found on the server. All installed containers
         <translation type="obsolete">与您共享连接的所有用户将无法再连接到此链接</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolRaw.qml" line="178"/>
+        <location filename="../ui/qml/Pages2/PageProtocolRaw.qml" line="180"/>
         <source>Continue</source>
         <translation>继续</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageProtocolRaw.qml" line="179"/>
+        <location filename="../ui/qml/Pages2/PageProtocolRaw.qml" line="181"/>
         <source>Cancel</source>
         <translation>取消</translation>
     </message>
@@ -860,7 +885,7 @@ Already installed containers were found on the server. All installed containers
     <message>
         <location filename="../ui/qml/Pages2/PageServiceTorWebsiteSettings.qml" line="112"/>
         <source>When configuring WordPress set the this onion address as domain.</source>
-        <translation type="unfinished"></translation>
+        <translation>配置 WordPress 时，将此洋葱地址设置为域。</translation>
     </message>
     <message>
         <source>When configuring WordPress set the domain as this onion address.</source>
@@ -1046,9 +1071,13 @@ And if you don&apos;t like the app, all the more support it - the donation will
         <translation type="obsolete"> 启动时自动运行运用程序</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsApplication.qml" line="73"/>
         <source>Launch the application every time %1 starts</source>
-        <translation>运行应用软件在%1系统启动时</translation>
+        <translation type="vanished">运行应用软件在%1系统启动时</translation>
+    </message>
+    <message>
+        <location filename="../ui/qml/Pages2/PageSettingsApplication.qml" line="73"/>
+        <source>Launch the application every time the device is starts</source>
+        <translation>每次设备启动时启动应用程序</translation>
     </message>
     <message>
         <location filename="../ui/qml/Pages2/PageSettingsApplication.qml" line="93"/>
@@ -1151,7 +1180,7 @@ And if you don&apos;t like the app, all the more support it - the donation will
     <message>
         <location filename="../ui/qml/Pages2/PageSettingsBackup.qml" line="106"/>
         <source>Backup file saved</source>
-        <translation type="unfinished"></translation>
+        <translation>备份文件已保存</translation>
     </message>
     <message>
         <location filename="../ui/qml/Pages2/PageSettingsBackup.qml" line="122"/>
@@ -1266,52 +1295,52 @@ And if you don&apos;t like the app, all the more support it - the donation will
         <translation>DNS服务器</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsDns.qml" line="49"/>
+        <location filename="../ui/qml/Pages2/PageSettingsDns.qml" line="50"/>
         <source>If AmneziaDNS is not used or installed</source>
         <translation>如果未使用或未安装AmneziaDNS</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsDns.qml" line="56"/>
+        <location filename="../ui/qml/Pages2/PageSettingsDns.qml" line="57"/>
         <source>Primary DNS</source>
         <translation>首选 DNS</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsDns.qml" line="68"/>
+        <location filename="../ui/qml/Pages2/PageSettingsDns.qml" line="69"/>
         <source>Secondary DNS</source>
         <translation>备用 DNS</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsDns.qml" line="86"/>
+        <location filename="../ui/qml/Pages2/PageSettingsDns.qml" line="87"/>
         <source>Restore default</source>
         <translation>恢复默认配置</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsDns.qml" line="89"/>
+        <location filename="../ui/qml/Pages2/PageSettingsDns.qml" line="90"/>
         <source>Restore default DNS settings?</source>
         <translation>是否恢复默认DNS配置？</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsDns.qml" line="90"/>
+        <location filename="../ui/qml/Pages2/PageSettingsDns.qml" line="91"/>
         <source>Continue</source>
         <translation>继续</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsDns.qml" line="91"/>
+        <location filename="../ui/qml/Pages2/PageSettingsDns.qml" line="92"/>
         <source>Cancel</source>
         <translation>取消</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsDns.qml" line="99"/>
+        <location filename="../ui/qml/Pages2/PageSettingsDns.qml" line="100"/>
         <source>Settings have been reset</source>
         <translation>已重置</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsDns.qml" line="111"/>
+        <location filename="../ui/qml/Pages2/PageSettingsDns.qml" line="112"/>
         <source>Save</source>
         <translation>保存</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsDns.qml" line="120"/>
+        <location filename="../ui/qml/Pages2/PageSettingsDns.qml" line="121"/>
         <source>Settings saved</source>
         <translation>配置已保存</translation>
     </message>
@@ -1346,7 +1375,7 @@ And if you don&apos;t like the app, all the more support it - the donation will
     <message>
         <location filename="../ui/qml/Pages2/PageSettingsLogging.qml" line="118"/>
         <source>Logs file saved</source>
-        <translation type="unfinished"></translation>
+        <translation>日志文件已保存</translation>
     </message>
     <message>
         <location filename="../ui/qml/Pages2/PageSettingsLogging.qml" line="127"/>
@@ -1508,8 +1537,12 @@ And if you don&apos;t like the app, all the more support it - the donation will
     </message>
     <message>
         <location filename="../ui/qml/Pages2/PageSettingsServerProtocol.qml" line="117"/>
+        <source>All users with whom you shared a connection will no longer be able to connect to it.</source>
+        <translation>与您共享连接的所有用户将无法再连接到该连接。</translation>
+    </message>
+    <message>
         <source>All users who you shared a connection with will no longer be able to connect to it.</source>
-        <translation>使用此共享连接的所有用户，将无法再连接它。</translation>
+        <translation type="vanished">使用此共享连接的所有用户，将无法再连接它。</translation>
     </message>
     <message>
         <source> from server?</source>
@@ -1573,75 +1606,75 @@ And if you don&apos;t like the app, all the more support it - the donation will
         <translation>隧道分离</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="128"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="121"/>
         <source>Mode</source>
         <translation>规则</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="206"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="199"/>
         <source>Remove </source>
         <translation>移除 </translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="207"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="200"/>
         <source>Continue</source>
         <translation>继续</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="208"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="201"/>
         <source>Cancel</source>
         <translation>取消</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="255"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="248"/>
         <source>Site or IP</source>
         <translation>网站或IP地址</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="299"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="292"/>
         <source>Import/Export Sites</source>
         <translation>导入/导出网站</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="305"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="298"/>
         <source>Import</source>
         <translation>导入</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="317"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="310"/>
         <source>Save site list</source>
         <translation>保存网址</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="324"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="317"/>
         <source>Save sites</source>
         <translation>保存网址</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="325"/>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="392"/>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="407"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="318"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="385"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="400"/>
         <source>Sites files (*.json)</source>
         <translation></translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="382"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="375"/>
         <source>Import a list of sites</source>
         <translation>导入网址列表</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="388"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="381"/>
         <source>Replace site list</source>
         <translation>替换网址列表</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="391"/>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="406"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="384"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="399"/>
         <source>Open sites file</source>
         <translation>打开网址文件</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="403"/>
+        <location filename="../ui/qml/Pages2/PageSettingsSplitTunneling.qml" line="396"/>
         <source>Add imported sites to existing ones</source>
         <translation>将导入的网址添加到现有网址中</translation>
     </message>
@@ -1701,7 +1734,7 @@ It&apos;s okay as long as it&apos;s from someone you trust.</source>
     <message>
         <location filename="../ui/qml/Pages2/PageSetupWizardCredentials.qml" line="44"/>
         <source>Configure your server</source>
-        <translation type="unfinished"></translation>
+        <translation>配置服务器</translation>
     </message>
     <message>
         <location filename="../ui/qml/Pages2/PageSetupWizardCredentials.qml" line="51"/>
@@ -1716,7 +1749,7 @@ It&apos;s okay as long as it&apos;s from someone you trust.</source>
     <message>
         <location filename="../ui/qml/Pages2/PageSetupWizardCredentials.qml" line="66"/>
         <source>Login to connect via SSH</source>
-        <translation>ssh账号</translation>
+        <translation>用户</translation>
     </message>
     <message>
         <location filename="../ui/qml/Pages2/PageSetupWizardCredentials.qml" line="76"/>
@@ -1732,7 +1765,8 @@ It&apos;s okay as long as it&apos;s from someone you trust.</source>
         <location filename="../ui/qml/Pages2/PageSetupWizardCredentials.qml" line="115"/>
         <source>All data you enter will remain strictly confidential
 and will not be shared or disclosed to the Amnezia or any third parties</source>
-        <translation type="unfinished"></translation>
+        <translation>您输入的所有数据将严格保密
+不会向 Amnezia 或任何第三方分享或披露</translation>
     </message>
     <message>
         <location filename="../ui/qml/Pages2/PageSetupWizardCredentials.qml" line="125"/>
@@ -1787,24 +1821,24 @@ and will not be shared or disclosed to the Amnezia or any third parties</source>
     <name>PageSetupWizardInstalling</name>
     <message>
         <location filename="../ui/qml/Pages2/PageSetupWizardInstalling.qml" line="21"/>
-        <location filename="../ui/qml/Pages2/PageSetupWizardInstalling.qml" line="67"/>
+        <location filename="../ui/qml/Pages2/PageSetupWizardInstalling.qml" line="75"/>
         <source>Usually it takes no more than 5 minutes</source>
         <translation>通常不超过5分钟</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSetupWizardInstalling.qml" line="57"/>
+        <location filename="../ui/qml/Pages2/PageSetupWizardInstalling.qml" line="65"/>
         <source>The server has already been added to the application</source>
         <translation>服务器已添加到应用软件中</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSetupWizardInstalling.qml" line="62"/>
+        <location filename="../ui/qml/Pages2/PageSetupWizardInstalling.qml" line="70"/>
         <source>Amnezia has detected that your server is currently </source>
-        <translation type="unfinished"></translation>
+        <translation>Amnezia 检测到您的服务器当前</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSetupWizardInstalling.qml" line="63"/>
+        <location filename="../ui/qml/Pages2/PageSetupWizardInstalling.qml" line="71"/>
         <source>busy installing other software. Amnezia installation </source>
-        <translation type="unfinished"></translation>
+        <translation>正安装其他软件。Amnezia安装</translation>
     </message>
     <message>
         <source>Amnesia has detected that your server is currently </source>
@@ -1815,12 +1849,12 @@ and will not be shared or disclosed to the Amnezia or any third parties</source>
         <translation type="vanished">正安装其他软件。Amnezia安装</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSetupWizardInstalling.qml" line="64"/>
+        <location filename="../ui/qml/Pages2/PageSetupWizardInstalling.qml" line="72"/>
         <source>will pause until the server finishes installing other software</source>
         <translation>将暂停，直到其他软件安装完成。</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSetupWizardInstalling.qml" line="121"/>
+        <location filename="../ui/qml/Pages2/PageSetupWizardInstalling.qml" line="129"/>
         <source>Installing</source>
         <translation>安装中</translation>
     </message>
@@ -1938,27 +1972,27 @@ and will not be shared or disclosed to the Amnezia or any third parties</source>
 <context>
     <name>PageSetupWizardViewConfig</name>
     <message>
-        <location filename="../ui/qml/Pages2/PageSetupWizardViewConfig.qml" line="59"/>
+        <location filename="../ui/qml/Pages2/PageSetupWizardViewConfig.qml" line="63"/>
         <source>New connection</source>
         <translation>新连接</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSetupWizardViewConfig.qml" line="86"/>
+        <location filename="../ui/qml/Pages2/PageSetupWizardViewConfig.qml" line="90"/>
         <source>Do not use connection code from public sources. It could be created to intercept your data.</source>
         <translation>请勿使用公共来源的连接码。它可以被创建来拦截您的数据。</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSetupWizardViewConfig.qml" line="101"/>
+        <location filename="../ui/qml/Pages2/PageSetupWizardViewConfig.qml" line="105"/>
         <source>Collapse content</source>
         <translation>折叠内容</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSetupWizardViewConfig.qml" line="101"/>
+        <location filename="../ui/qml/Pages2/PageSetupWizardViewConfig.qml" line="105"/>
         <source>Show content</source>
         <translation>显示内容</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageSetupWizardViewConfig.qml" line="144"/>
+        <location filename="../ui/qml/Pages2/PageSetupWizardViewConfig.qml" line="148"/>
         <source>Connect</source>
         <translation>连接</translation>
     </message>
@@ -1992,8 +2026,22 @@ and will not be shared or disclosed to the Amnezia or any third parties</source>
     </message>
     <message>
         <location filename="../ui/qml/Pages2/PageShare.qml" line="121"/>
+        <source>Share VPN Access</source>
+        <translation>共享 VPN 访问</translation>
+    </message>
+    <message>
+        <location filename="../ui/qml/Pages2/PageShare.qml" line="174"/>
+        <source>Share VPN access without the ability to manage the server</source>
+        <translation>共享 VPN 访问，无需管理服务器</translation>
+    </message>
+    <message>
+        <location filename="../ui/qml/Pages2/PageShare.qml" line="175"/>
+        <source>Share access to server management. The user with whom you share full access to the server will be able to add and remove any protocols and services to the server, as well as change settings.</source>
+        <translation>共享服务器管理访问权限。与您共享服务器全部访问权限的用户将可以添加和删除服务器上的任何协议和服务，以及更改设置。</translation>
+    </message>
+    <message>
         <source>VPN Access</source>
-        <translation>访问VPN</translation>
+        <translation type="vanished">访问VPN</translation>
     </message>
     <message>
         <location filename="../ui/qml/Pages2/PageShare.qml" line="146"/>
@@ -2006,14 +2054,12 @@ and will not be shared or disclosed to the Amnezia or any third parties</source>
         <translation>完全访问</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageShare.qml" line="174"/>
         <source>VPN access without the ability to manage the server</source>
-        <translation>访问VPN，但没有权限管理服务。</translation>
+        <translation type="vanished">访问VPN，但没有权限管理服务。</translation>
     </message>
     <message>
-        <location filename="../ui/qml/Pages2/PageShare.qml" line="175"/>
         <source>Access to server management. The user with whom you share full access to the connection will be able to add and remove your protocols and services to the server, as well as change settings.</source>
-        <translation type="unfinished"></translation>
+        <translation type="vanished">除访问VPN外，用户还能添加和删除协议、服务以及更改配置信息</translation>
     </message>
     <message>
         <source>Access to server management. The user with whom you share full access to the connection will be able to add and remove your protocols and services to the servers, as well as change settings.</source>
@@ -2321,7 +2367,7 @@ and will not be shared or disclosed to the Amnezia or any third parties</source>
 <context>
     <name>QObject</name>
     <message>
-        <location filename="../protocols/protocols_defs.cpp" line="75"/>
+        <location filename="../protocols/protocols_defs.cpp" line="77"/>
         <source>Sftp service</source>
         <translation>Sftp 服务</translation>
     </message>
@@ -2574,7 +2620,7 @@ and will not be shared or disclosed to the Amnezia or any third parties</source>
     <message>
         <location filename="../containers/containers_defs.cpp" line="111"/>
         <source>AmneziaWG - Special protocol from Amnezia, based on WireGuard. It&apos;s fast like WireGuard, but very resistant to blockages. Recommended for regions with high levels of censorship.</source>
-        <translation type="unfinished"></translation>
+        <translation>AmneziaWG - Amnezia 的特殊协议，基于 WireGuard。它的速度像 WireGuard 一样快，但非常抗堵塞。推荐用于审查较严的地区。</translation>
     </message>
     <message>
         <location filename="../containers/containers_defs.cpp" line="115"/>
@@ -2606,7 +2652,14 @@ It employs its unique security protocol, leveraging the strength of SSL/TLS for
 * Flexible customisation to suit user needs to work with different operating systems and devices
 * Recognised by DPI analysis systems and therefore susceptible to blocking
 * Can operate over both TCP and UDP network protocols.</source>
-        <translation type="unfinished"></translation>
+        <translation>OpenVPN 是最流行且经过时间考验的 VPN 协议之一。
+它采用其独特的安全协议，利用 SSL/TLS 的优势进行加密和密钥交换。此外，OpenVPN 支持多种身份验证方法，使其具有多功能性和适应性，可适应各种设备和操作系统。由于其开源性质，OpenVPN 受益于全球社区的广泛审查，这不断增强了其安全性。凭借性能、安全性和兼容性的强大平衡，OpenVPN 仍然是注重隐私的个人和企业的首选。
+
+* 可在所有平台的 AmneziaVPN 中使用
+* 移动设备的正常功耗
+* 灵活定制，满足用户使用不同操作系统和设备的需求
+* 被DPI分析系统识别，因此容易被阻塞
+* 可以通过 TCP 和 UDP 网络协议运行</translation>
     </message>
     <message>
         <location filename="../containers/containers_defs.cpp" line="145"/>
@@ -2618,7 +2671,14 @@ It employs its unique security protocol, leveraging the strength of SSL/TLS for
 * Configurable encryption protocol
 * Detectable by some DPI systems
 * Works over TCP network protocol.</source>
-        <translation type="unfinished"></translation>
+        <translation>Shadowsocks 受到 SOCKS5 协议的启发，使用 AEAD 密码保护连接。尽管 Shadowsocks 设计得谨慎且难以识别，但它与标准 HTTPS 连接并不相同。但是，某些流量分析系统可能仍会检测到 Shadowsocks 连接。由于Amnezia支持有限，建议使用AmneziaWG协议。
+
+* 仅在桌面平台上的 AmneziaVPN 中可用
+* 移动设备的正常功耗
+
+* 可配置的加密协议
+* 可以被某些 DPI 系统检测到
+* 通过 TCP 网络协议工作。</translation>
     </message>
     <message>
         <location filename="../containers/containers_defs.cpp" line="155"/>
@@ -2640,7 +2700,23 @@ If there is a extreme level of Internet censorship in your region, we advise you
 * Not recognised by DPI analysis systems
 * Works over TCP network protocol, 443 port.
 </source>
-        <translation type="unfinished"></translation>
+        <translation>这是 OpenVPN 协议和专门用于阻止保护的 Cloak 插件的组合。
+
+OpenVPN 通过加密客户端和服务器之间的所有 Internet 流量来提供安全的 VPN 连接。
+
+Cloak 可保护 OpenVPN 免遭检测和阻止。
+
+Cloak 可以修改数据包元数据，以便将 VPN 流量完全屏蔽为正常 Web 流量，并且还可以保护 VPN 免受主动探测的检测。这使得它非常难以被发现
+
+收到第一个数据包后，Cloak 立即对传入连接进行身份验证。如果身份验证失败，该插件会将服务器伪装成虚假网站，并且您的 VPN 对分析系统来说将变得不可见。
+
+如果您所在地区的互联网审查非常严格，我们建议您在第一次连接时仅使用 OpenVPN over Cloak
+
+* 可在所有平台的 AmneziaVPN 中使用
+* 移动设备功耗高
+* 配置灵活
+* 不被 DPI 分析系统识别
+* 通过 TCP 网络协议、443 端口工作。</translation>
     </message>
     <message>
         <location filename="../containers/containers_defs.cpp" line="174"/>
@@ -2653,7 +2729,15 @@ WireGuard is very susceptible to blocking due to its distinct packet signatures.
 * Minimum number of settings
 * Easily recognised by DPI analysis systems, susceptible to blocking
 * Works over UDP network protocol.</source>
-        <translation type="unfinished"></translation>
+        <translation>一种相对较新的流行 VPN 协议，具有简化的架构。
+在所有设备上提供稳定的 VPN 连接和高性能。使用硬编码的加密设置。 WireGuard 与 OpenVPN 相比具有更低的延迟和更好的数据传输吞吐量。
+由于其独特的数据包签名，WireGuard 非常容易受到阻塞。与其他一些采用混淆技术的 VPN 协议不同，WireGuard 数据包的一致签名模式可以更容易地被高级深度数据包检测 (DPI) 系统和其他网络监控工具识别并阻止。
+
+* 可在所有平台的 AmneziaVPN 中使用
+* 低功耗
+* 配置简单
+* 容易被DPI分析系统识别，容易被阻塞
+* 通过 UDP 网络协议工作。</translation>
     </message>
     <message>
         <location filename="../containers/containers_defs.cpp" line="187"/>
@@ -2666,7 +2750,15 @@ This means that AmneziaWG keeps the fast performance of the original while addin
 * Minimum number of settings
 * Not recognised by DPI analysis systems, resistant to blocking
 * Works over UDP network protocol.</source>
-        <translation type="unfinished"></translation>
+        <translation>AmneziaWG 是流行 VPN 协议的现代迭代，它建立在 WireGuard 的基础上，保留了其简化的架构和跨设备的高性能功能。
+虽然 WireGuard 以其高效而闻名，但由于其独特的数据包签名，它存在容易被检测到的问题。 AmneziaWG 通过使用更好的混淆方法解决了这个问题，使其流量与常规互联网流量融合在一起。
+这意味着 AmneziaWG 保留了原始版本的快速性能，同时添加了额外的隐秘层，使其成为那些想要快速且谨慎的 VPN 连接的人的绝佳选择。
+
+* 可在所有平台的 AmneziaVPN 中使用
+* 低功耗
+* 配置简单
+* 不被DPI分析系统识别，抗阻塞
+* 通过 UDP 网络协议工作。</translation>
     </message>
     <message>
         <location filename="../containers/containers_defs.cpp" line="203"/>
@@ -2679,7 +2771,15 @@ While it offers a blend of security, stability, and speed, it&apos;s essential t
 * Minimal configuration
 * Recognised by DPI analysis systems
 * Works over UDP network protocol, ports 500 and 4500.</source>
-        <translation type="unfinished"></translation>
+        <translation>IKEv2 与 IPSec 加密层配合使用，是一种现代且稳定的 VPN 协议。
+其显着特征之一是能够在网络和设备之间快速切换，使其特别适应动态网络环境。
+虽然 IKEv2 兼具安全性、稳定性和速度，但必须注意的是，IKEv2 很容易被检测到，并且容易受到阻止。
+
+* 仅在 Windows 上的 AmneziaVPN 中可用
+* 低功耗，在移动设备上
+* 最低配置
+* 获得DPI分析系统认可
+* 通过 UDP 网络协议、端口 500 和 4500 工作。</translation>
     </message>
     <message>
         <source>OpenVPN container</source>
@@ -2771,6 +2871,16 @@ While it offers a blend of security, stability, and speed, it&apos;s essential t
         <source>error 0x%1: %2</source>
         <translation>错误 0x%1: %2</translation>
     </message>
+    <message>
+        <location filename="../3rd/wireguard-tools/contrib/highlighter/gui/highlight.cpp" line="39"/>
+        <source>WireGuard Configuration Highlighter</source>
+        <translation type="unfinished"></translation>
+    </message>
+    <message>
+        <location filename="../3rd/wireguard-tools/contrib/highlighter/gui/highlight.cpp" line="82"/>
+        <source>&amp;Randomize colors</source>
+        <translation type="unfinished"></translation>
+    </message>
 </context>
 <context>
     <name>SelectLanguageDrawer</name>
@@ -3000,27 +3110,27 @@ While it offers a blend of security, stability, and speed, it&apos;s essential t
     <message>
         <location filename="../containers/containers_defs.cpp" line="309"/>
         <source>Medium or High</source>
-        <translation type="unfinished"></translation>
+        <translation>中或高</translation>
     </message>
     <message>
         <location filename="../containers/containers_defs.cpp" line="310"/>
         <source>Extreme</source>
-        <translation type="unfinished"></translation>
+        <translation>极度</translation>
     </message>
     <message>
         <location filename="../containers/containers_defs.cpp" line="318"/>
         <source>I just want to increase the level of my privacy.</source>
-        <translation type="unfinished"></translation>
+        <translation>只是想提高隐私保护级别。</translation>
     </message>
     <message>
         <location filename="../containers/containers_defs.cpp" line="319"/>
         <source>I want to bypass censorship. This option recommended in most cases.</source>
-        <translation type="unfinished"></translation>
+        <translation>想要绕过审查制度。大多数情况下推荐使用此选项。</translation>
     </message>
     <message>
         <location filename="../containers/containers_defs.cpp" line="321"/>
         <source>Most VPN protocols are blocked. Recommended if other options are not working.</source>
-        <translation type="unfinished"></translation>
+        <translation>大多数 VPN 协议都被阻止。如果其他选项不起作用，推荐此选项。</translation>
     </message>
     <message>
         <source>High</source>

client/ui/controllers/importController.cpp

@@ -144,8 +144,6 @@ void ImportController::importConfig()
     if (credentials.isValid() || m_config.contains(config_key::containers)) {
         m_serversModel->addServer(m_config);
 
-        m_serversModel->setDefaultServerIndex(m_serversModel->getServersCount() - 1);
-
         emit importFinished();
     } else {
         qDebug() << "Failed to import profile";
@@ -263,6 +261,10 @@ QJsonObject ImportController::extractWireGuardConfig(const QString &data)
 //        return QJsonObject();
 //    }
 
+    QJsonArray allowedIpsJsonArray = QJsonArray::fromStringList(configMap.value("AllowedIPs").split(","));
+
+    lastConfig[config_key::allowed_ips] = allowedIpsJsonArray;
+
     QString protocolName = "wireguard";
     if (!configMap.value(config_key::junkPacketCount).isEmpty()
         && !configMap.value(config_key::junkPacketMinSize).isEmpty()

client/ui/controllers/installController.cpp

@@ -5,6 +5,7 @@
 #include <QEventLoop>
 #include <QJsonObject>
 #include <QStandardPaths>
+#include <QRandomGenerator>
 
 #include "core/errorstrings.h"
 #include "core/servercontroller.h"
@@ -73,6 +74,38 @@ void InstallController::install(DockerContainer container, int port, TransportPr
             containerConfig.insert(config_key::transport_proto,
                                    ProtocolProps::transportProtoToString(transportProto, protocol));
 
+            if (container == DockerContainer::Awg) {
+                QString junkPacketCount = QString::number(QRandomGenerator::global()->bounded(3, 10));
+                QString junkPacketMinSize = QString::number(50);
+                QString junkPacketMaxSize = QString::number(1000);
+                QString initPacketJunkSize = QString::number(QRandomGenerator::global()->bounded(15, 150));
+                QString responsePacketJunkSize = QString::number(QRandomGenerator::global()->bounded(15, 150));
+
+                QSet<QString> headersValue;
+                while (headersValue.size() != 4) {
+
+                    auto max = (std::numeric_limits<qint32>::max)();
+                    headersValue.insert(QString::number(QRandomGenerator::global()->bounded(1, max)));
+                }
+
+                auto headersValueList = headersValue.values();
+
+                QString initPacketMagicHeader = headersValueList.at(0);
+                QString responsePacketMagicHeader = headersValueList.at(1);
+                QString underloadPacketMagicHeader = headersValueList.at(2);
+                QString transportPacketMagicHeader = headersValueList.at(3);
+
+                containerConfig[config_key::junkPacketCount] = junkPacketCount;
+                containerConfig[config_key::junkPacketMinSize] = junkPacketMinSize;
+                containerConfig[config_key::junkPacketMaxSize] = junkPacketMaxSize;
+                containerConfig[config_key::initPacketJunkSize] = initPacketJunkSize;
+                containerConfig[config_key::responsePacketJunkSize] = responsePacketJunkSize;
+                containerConfig[config_key::initPacketMagicHeader] = initPacketMagicHeader;
+                containerConfig[config_key::responsePacketMagicHeader] = responsePacketMagicHeader;
+                containerConfig[config_key::underloadPacketMagicHeader] = underloadPacketMagicHeader;
+                containerConfig[config_key::transportPacketMagicHeader] = transportPacketMagicHeader;
+            }
+
             if (container == DockerContainer::Sftp) {
                 containerConfig.insert(config_key::userName, protocols::sftp::defaultUserName);
                 containerConfig.insert(config_key::password, Utils::getRandomString(10));
@@ -132,7 +165,6 @@ void InstallController::installServer(DockerContainer container, QJsonObject &co
         server.insert(config_key::defaultContainer, ContainerProps::containerToString(container));
 
         m_serversModel->addServer(server);
-        m_serversModel->setDefaultServerIndex(m_serversModel->getServersCount() - 1);
 
         emit installServerFinished(finishMessage);
         return;
@@ -183,9 +215,6 @@ void InstallController::installContainer(DockerContainer container, QJsonObject
                                 "All installed containers have been added to the application");
         }
 
-        if (ContainerProps::containerService(container) == ServiceType::Vpn) {
-            m_containersModel->setData(m_containersModel->index(0, 0), container, ContainersModel::Roles::IsDefaultRole);
-        }
         emit installContainerFinished(finishMessage, ContainerProps::containerService(container) == ServiceType::Other);
         return;
     }
@@ -475,8 +504,9 @@ void InstallController::addEmptyServer()
     server.insert(config_key::port, m_currentlyInstalledServerCredentials.port);
     server.insert(config_key::description, m_settings->nextAvailableServerName());
 
+    server.insert(config_key::defaultContainer, ContainerProps::containerToString(DockerContainer::None));
+
     m_serversModel->addServer(server);
-    m_serversModel->setDefaultServerIndex(m_serversModel->getServersCount() - 1);
 
     emit installServerFinished(tr("Server added successfully"));
 }

client/ui/models/containers_model.cpp

@@ -22,10 +22,6 @@ bool ContainersModel::setData(const QModelIndex &index, const QVariant &value, i
     DockerContainer container = ContainerProps::allContainers().at(index.row());
 
     switch (role) {
-    case NameRole:
-        //        return ContainerProps::containerHumanNames().value(container);
-    case DescriptionRole:
-        //        return ContainerProps::containerDescriptions().value(container);
     case ConfigRole: {
         m_settings->setContainerConfig(m_currentlyProcessedServerIndex, container, value.toJsonObject());
         m_containers = m_settings->containers(m_currentlyProcessedServerIndex);
@@ -35,19 +31,15 @@ bool ContainersModel::setData(const QModelIndex &index, const QVariant &value, i
             break;
         }
     }
-    case ServiceTypeRole:
-    //        return ContainerProps::containerService(container);
-    case DockerContainerRole:
-        //        return container;
-    case IsInstalledRole:
-    //        return m_settings->containers(m_currentlyProcessedServerIndex).contains(container);
-    case IsDefaultRole: {
+    case IsDefaultRole: { //todo remove
         m_settings->setDefaultContainer(m_currentlyProcessedServerIndex, container);
         m_defaultContainerIndex = container;
         emit defaultContainerChanged();
     }
+    default: break;
     }
 
+    emit containersModelUpdated();
     emit dataChanged(index, index);
     return true;
 }
@@ -117,6 +109,14 @@ QString ContainersModel::getDefaultContainerName()
     return ContainerProps::containerHumanNames().value(m_defaultContainerIndex);
 }
 
+void ContainersModel::setDefaultContainer(int index)
+{
+    auto container = static_cast<DockerContainer>(index);
+    m_settings->setDefaultContainer(m_currentlyProcessedServerIndex, container);
+    m_defaultContainerIndex = container;
+    emit defaultContainerChanged();
+}
+
 int ContainersModel::getCurrentlyProcessedContainerIndex()
 {
     return m_currentlyProcessedContainerIndex;

client/ui/models/containers_model.h

@@ -46,6 +46,7 @@ public:
 public slots:
     DockerContainer getDefaultContainer();
     QString getDefaultContainerName();
+    void setDefaultContainer(int index);
 
     void setCurrentlyProcessedServerIndex(const int index);
 
@@ -72,6 +73,7 @@ protected:
 
 signals:
     void defaultContainerChanged();
+    void containersModelUpdated();
 
 private:
     QMap<DockerContainer, QJsonObject> m_containers;

client/ui/models/servers_model.cpp

@@ -96,7 +96,7 @@ void ServersModel::setDefaultServerIndex(const int index)
 {
     m_settings->setDefaultServer(index);
     m_defaultServerIndex = m_settings->defaultServerIndex();
-    emit defaultServerIndexChanged();
+    emit defaultServerIndexChanged(m_defaultServerIndex);
 }
 
 const int ServersModel::getDefaultServerIndex()
@@ -193,6 +193,12 @@ bool ServersModel::isDefaultServerConfigContainsAmneziaDns()
     return primaryDns == protocols::dns::amneziaDnsIp;
 }
 
+void ServersModel::updateContainersConfig()
+{
+    auto server = m_settings->server(m_currentlyProcessedServerIndex);
+    m_servers.replace(m_currentlyProcessedServerIndex, server);
+}
+
 QHash<int, QByteArray> ServersModel::roleNames() const
 {
     QHash<int, QByteArray> roles;

client/ui/models/servers_model.h

@@ -59,12 +59,14 @@ public slots:
 
     bool isDefaultServerConfigContainsAmneziaDns();
 
+    void updateContainersConfig();
+
 protected:
     QHash<int, QByteArray> roleNames() const override;
 
 signals:
     void currentlyProcessedServerIndexChanged(const int index);
-    void defaultServerIndexChanged();
+    void defaultServerIndexChanged(const int index);
     void defaultServerNameChanged();
 
 private:

client/ui/models/sites_model.cpp

@@ -3,7 +3,14 @@
 SitesModel::SitesModel(std::shared_ptr<Settings> settings, QObject *parent)
     : QAbstractListModel(parent), m_settings(settings)
 {
-    m_currentRouteMode = m_settings->routeMode();
+    auto routeMode = m_settings->routeMode();
+    if (routeMode == Settings::RouteMode::VpnAllSites) {
+        m_isSplitTunnelingEnabled = false;
+        m_currentRouteMode = Settings::RouteMode::VpnOnlyForwardSites;
+    } else {
+        m_isSplitTunnelingEnabled = true;
+        m_currentRouteMode = routeMode;
+    }
     fillSites();
 }
 
@@ -93,6 +100,21 @@ void SitesModel::setRouteMode(int routeMode)
     emit routeModeChanged();
 }
 
+bool SitesModel::isSplitTunnelingEnabled()
+{
+    return m_isSplitTunnelingEnabled;
+}
+
+void SitesModel::toggleSplitTunneling(bool enabled)
+{
+    if (enabled) {
+        setRouteMode(m_currentRouteMode);
+    } else {
+        m_settings->setRouteMode(Settings::RouteMode::VpnAllSites);
+    }
+    m_isSplitTunnelingEnabled = enabled;
+}
+
 QVector<QPair<QString, QString> > SitesModel::getCurrentSites()
 {
     return m_sites;

client/ui/models/sites_model.h

@@ -31,6 +31,9 @@ public slots:
     int getRouteMode();
     void setRouteMode(int routeMode);
 
+    bool isSplitTunnelingEnabled();
+    void toggleSplitTunneling(bool enabled);
+
     QVector<QPair<QString, QString>> getCurrentSites();
 
 signals:
@@ -44,6 +47,7 @@ private:
 
     std::shared_ptr<Settings> m_settings;
 
+    bool m_isSplitTunnelingEnabled;
     Settings::RouteMode m_currentRouteMode;
 
     QVector<QPair<QString, QString>> m_sites;

client/ui/qml/Components/ConnectButton.qml

@@ -142,6 +142,7 @@ Button {
             PageController.setTriggeredBtConnectButton(true)
 
             ServersModel.currentlyProcessedIndex = ServersModel.getDefaultServerIndex()
+            InstallController.setShouldCreateServer(false)
             PageController.goToPage(PageEnum.PageSetupWizardEasy)
 
             return

client/ui/qml/Components/HomeContainersListView.qml

@@ -50,34 +50,26 @@ ListView {
                 imageSource: "qrc:/images/controls/download.svg"
                 showImage: !isInstalled
 
-                checkable: isInstalled
+                checkable: isInstalled && !ConnectionController.isConnected && isSupported
                 checked: isDefault
 
-                onPressed: function(mouse) {
-                    if (!isSupported) {
-                        PageController.showErrorMessage(qsTr("The selected protocol is not supported on the current platform"))
-                    }
-                }
-
                 onClicked: {
-                    if (checked) {
-                        var needReconnected = false
-                        if (!isDefault) {
-                            needReconnected = true
-                        }
+                    if (ConnectionController.isConnected && isInstalled) {
+                        PageController.showNotificationMessage(qsTr("Unable change protocol while there is an active connection"))
+                        return
+                    }
 
+                    if (checked) {
                         isDefault = true
 
                         menuContent.currentIndex = index
                         containersDropDown.menuVisible = false
-
-
-                        if (needReconnected && (ConnectionController.isConnected || ConnectionController.isConnectionInProgress)) {
-                            PageController.showNotificationMessage(qsTr("Reconnect via VPN Procotol: ") + name)
-                            PageController.goToPageHome()
-                            ConnectionController.openConnection()
-                        }
                     } else {
+                        if (!isSupported && isInstalled) {
+                            PageController.showErrorMessage(qsTr("The selected protocol is not supported on the current platform"))
+                            return
+                        }
+
                         ContainersModel.setCurrentlyProcessedContainerIndex(proxyContainersModel.mapToSource(index))
                         InstallController.setShouldCreateServer(false)
                         PageController.goToPage(PageEnum.PageSetupWizardProtocolSettings)

client/ui/qml/Components/QuestionDrawer.qml

@@ -17,9 +17,11 @@ DrawerType {
     property var noButtonFunction
 
     width: parent.width
-    height: parent.height * 0.5
+    height: content.implicitHeight + 32
 
     ColumnLayout {
+        id: content
+
         anchors.top: parent.top
         anchors.left: parent.left
         anchors.right: parent.right

client/ui/qml/Controls2/CardType.qml

@@ -81,6 +81,7 @@ RadioButton {
 
         Text {
             text: root.headerText
+            wrapMode: Text.WordWrap
             color: "#D7D8DB"
             font.pixelSize: 25
             font.weight: 700
@@ -110,6 +111,7 @@ RadioButton {
 
         Text {
             text: root.footerText
+            wrapMode: Text.WordWrap
             visible: root.footerText !== ""
             color: "#878B91"
             font.pixelSize: 13

client/ui/qml/Controls2/DrawerType.qml

@@ -1,6 +1,8 @@
 import QtQuick
 import QtQuick.Controls
 
+import "../Config"
+
 Drawer {
     id: drawer
     property bool needCloseButton: true
@@ -39,6 +41,18 @@ Drawer {
 
         border.color: "#2C2D30"
         border.width: 1
+
+        Rectangle {
+            visible: GC.isMobile()
+
+            anchors.top: parent.top
+            anchors.horizontalCenter: parent.horizontalCenter
+            anchors.topMargin: 10
+
+            width: 20
+            height: 2
+            color: "#2C2D30"
+        }
     }
 
     Overlay.modal: Rectangle {

client/ui/qml/Controls2/SwitcherType.qml

@@ -30,17 +30,13 @@ Switch {
     property string hoveredIndicatorBackgroundColor: Qt.rgba(1, 1, 1, 0.08)
     property string defaultIndicatorBackgroundColor: "transparent"
 
-    implicitWidth: content.implicitWidth + switcher.implicitWidth
-    implicitHeight: content.implicitHeight
-
     hoverEnabled: enabled ? true : false
 
     indicator: Rectangle {
         id: switcher
 
-        anchors.left: content.right
+        anchors.right: parent.right
         anchors.verticalCenter: parent.verticalCenter
-        anchors.leftMargin: 4
 
         implicitWidth: 52
         implicitHeight: 32
@@ -90,11 +86,11 @@ Switch {
     contentItem: ColumnLayout {
         id: content
 
-        anchors.fill: parent
-        anchors.rightMargin: switcher.implicitWidth
+        anchors.verticalCenter: parent.verticalCenter
 
         ListItemTitleType {
             Layout.fillWidth: true
+            rightPadding: indicator.width
 
             text: root.text
             color: root.enabled ? root.textColor : root.textDisabledColor
@@ -104,6 +100,7 @@ Switch {
             id: description
 
             Layout.fillWidth: true
+            rightPadding: indicator.width
 
             color: root.enabled ? root.descriptionTextColor : root.descriptionTextDisabledColor
 

client/ui/qml/Pages2/PageHome.qml

@@ -32,7 +32,7 @@ PageType {
         function onRestorePageHomeState(isContainerInstalled) {
             buttonContent.state = "expanded"
             if (isContainerInstalled) {
-                containersDropDown.menuVisible = true
+                containersDropDown.rootButtonClickedFunction()
             }
         }
         function onForceCloseDrawer() {
@@ -241,8 +241,18 @@ PageType {
             }
         ]
 
+        DividerType {
+            Layout.topMargin: 10
+            Layout.fillWidth: false
+            Layout.preferredWidth: 20
+            Layout.preferredHeight: 2
+            Layout.alignment: Qt.AlignHCenter | Qt.AlignVCenter
+
+            visible: (buttonContent.collapsedVisibility || buttonContent.expandedVisibility)
+        }
+
         RowLayout {
-            Layout.topMargin: 24
+            Layout.topMargin: 14
             Layout.leftMargin: 24
             Layout.rightMargin: 24
             Layout.alignment: Qt.AlignHCenter | Qt.AlignVCenter
@@ -305,7 +315,7 @@ PageType {
 
             Header1TextType {
                 Layout.fillWidth: true
-                Layout.topMargin: 24
+                Layout.topMargin: 14
                 Layout.leftMargin: 16
                 Layout.rightMargin: 16
 
@@ -471,10 +481,16 @@ PageType {
                                     }
 
                                     checked: index === serversMenuContent.currentIndex
+                                    checkable: !ConnectionController.isConnected
 
                                     ButtonGroup.group: serversRadioButtonGroup
 
                                     onClicked: {
+                                        if (ConnectionController.isConnected) {
+                                            PageController.showNotificationMessage(qsTr("Unable change server while there is an active connection"))
+                                            return
+                                        }
+
                                         serversMenuContent.currentIndex = index
 
                                         ServersModel.currentlyProcessedIndex = index

client/ui/qml/Pages2/PageProtocolAwgSettings.qml

@@ -276,7 +276,7 @@ PageType {
 
                             onClicked: {
                                 questionDrawer.headerText = qsTr("Remove AmneziaWG from server?")
-                                questionDrawer.descriptionText = qsTr("All users who you shared a connection with will no longer be able to connect to it.")
+                                questionDrawer.descriptionText = qsTr("All users with whom you shared a connection will no longer be able to connect to it.")
                                 questionDrawer.yesButtonText = qsTr("Continue")
                                 questionDrawer.noButtonText = qsTr("Cancel")
 

client/ui/qml/Pages2/PageProtocolOpenVpnSettings.qml

@@ -5,6 +5,7 @@ import QtQuick.Layouts
 import SortFilterProxyModel 0.2
 
 import PageEnum 1.0
+import ContainerEnum 1.0
 
 import "./"
 import "../Controls2"
@@ -252,6 +253,8 @@ PageType {
 
                             ColumnLayout {
                                 id: checkboxLayout
+
+                                anchors.fill: parent
                                 CheckBoxType {
                                     Layout.fillWidth: true
 
@@ -351,6 +354,8 @@ PageType {
                             Layout.leftMargin: -8
                             implicitHeight: 32
 
+                            visible: ContainersModel.getCurrentlyProcessedContainerIndex() === ContainerEnum.OpenVpn
+
                             defaultColor: "transparent"
                             hoveredColor: Qt.rgba(1, 1, 1, 0.08)
                             pressedColor: Qt.rgba(1, 1, 1, 0.12)
@@ -360,7 +365,7 @@ PageType {
 
                             onClicked: {
                                 questionDrawer.headerText = qsTr("Remove OpenVpn from server?")
-                                questionDrawer.descriptionText = qsTr("All users who you shared a connection with will no longer be able to connect to it.")
+                                questionDrawer.descriptionText = qsTr("All users with whom you shared a connection will no longer be able to connect to it.")
                                 questionDrawer.yesButtonText = qsTr("Continue")
                                 questionDrawer.noButtonText = qsTr("Cancel")
 

client/ui/qml/Pages2/PageProtocolRaw.qml

@@ -169,12 +169,14 @@ PageType {
 
                 width: parent.width
 
+                visible: ServersModel.isCurrentlyProcessedServerHasWriteAccess()
+
                 text: qsTr("Remove ") + ContainersModel.getCurrentlyProcessedContainerName()
                 textColor: "#EB5757"
 
                 clickedFunction: function() {
                     questionDrawer.headerText = qsTr("Remove %1 from server?").arg(ContainersModel.getCurrentlyProcessedContainerName())
-                    questionDrawer.descriptionText = qsTr("All users who you shared a connection with will no longer be able to connect to it.")
+                    questionDrawer.descriptionText = qsTr("All users with whom you shared a connection will no longer be able to connect to it.")
                     questionDrawer.yesButtonText = qsTr("Continue")
                     questionDrawer.noButtonText = qsTr("Cancel")
 

client/ui/qml/Pages2/PageSettingsApplication.qml

@@ -70,7 +70,7 @@ PageType {
                 Layout.margins: 16
 
                 text: qsTr("Auto start")
-                descriptionText: qsTr("Launch the application every time %1 starts").arg(Qt.platform.os)
+                descriptionText: qsTr("Launch the application every time the device is starts")
 
                 checked: SettingsController.isAutoStartEnabled()
                 onCheckedChanged: {

client/ui/qml/Pages2/PageSettingsConnection.qml

@@ -94,7 +94,7 @@ PageType {
             DividerType {}
 
             LabelWithButtonType {
-                visible: !GC.isMobile()
+                visible: true
 
                 Layout.fillWidth: true
 
@@ -108,11 +108,11 @@ PageType {
             }
 
             DividerType {
-                visible: !GC.isMobile()
+                visible: GC.isDesktop()
             }
 
             LabelWithButtonType {
-                visible: !GC.isMobile()
+                visible: false
 
                 Layout.fillWidth: true
 
@@ -125,7 +125,7 @@ PageType {
             }
 
             DividerType {
-                visible: !GC.isMobile()
+                visible: false
             }
         }
     }

client/ui/qml/Pages2/PageSettingsDns.qml

@@ -46,6 +46,7 @@ PageType {
             }
 
             ParagraphTextType {
+                Layout.fillWidth: true
                 text: qsTr("If AmneziaDNS is not used or installed")
             }
 

client/ui/qml/Pages2/PageSettingsServerProtocol.qml

@@ -114,7 +114,7 @@ PageType {
 
                 clickedFunction: function() {
                     questionDrawer.headerText = qsTr("Remove %1 from server?").arg(ContainersModel.getCurrentlyProcessedContainerName())
-                    questionDrawer.descriptionText = qsTr("All users who you shared a connection with will no longer be able to connect to it.")
+                    questionDrawer.descriptionText = qsTr("All users with whom you shared a connection will no longer be able to connect to it.")
                     questionDrawer.yesButtonText = qsTr("Continue")
                     questionDrawer.noButtonText = qsTr("Cancel")
 

client/ui/qml/Pages2/PageSettingsSplitTunneling.qml

@@ -93,22 +93,15 @@ PageType {
             SwitcherType {
                 id: switcher
 
-                property int lastActiveRouteMode: routeMode.onlyForwardSites
-
                 enabled: root.pageEnabled
 
                 Layout.fillWidth: true
                 Layout.rightMargin: 16
 
-                checked: SitesModel.routeMode !== routeMode.allSites
-                onToggled: {
-                    if (checked) {
-                        SitesModel.routeMode = lastActiveRouteMode
-                    } else {
-                        lastActiveRouteMode = SitesModel.routeMode
-                        selector.text = root.routeModesModel[getRouteModesModelIndex()].name
-                        SitesModel.routeMode = routeMode.allSites
-                    }
+                checked: SitesModel.isSplitTunnelingEnabled()
+                onToggled: {                    
+                    SitesModel.toggleSplitTunneling(checked)
+                    selector.text = root.routeModesModel[getRouteModesModelIndex()].name
                 }
             }
         }
@@ -123,7 +116,7 @@ PageType {
 
             drawerHeight: 0.4375
 
-            enabled: switcher.checked && root.pageEnabled
+            enabled: root.pageEnabled
 
             headerText: qsTr("Mode")
 
@@ -165,7 +158,7 @@ PageType {
         anchors.topMargin: 16
         contentHeight: col.implicitHeight + addSiteButton.implicitHeight + addSiteButton.anchors.bottomMargin + addSiteButton.anchors.topMargin
 
-        enabled: switcher.checked && root.pageEnabled
+        enabled: root.pageEnabled
 
         Column {
             id: col

client/ui/qml/Pages2/PageSetupWizardInstalling.qml

@@ -24,23 +24,25 @@ PageType {
         target: InstallController
 
         function onInstallContainerFinished(finishedMessage, isServiceInstall) {
-            PageController.goToStartPage()
+            if (!ConnectionController.isConnected && !isServiceInstall) {
+                ContainersModel.setDefaultContainer(ContainersModel.getCurrentlyProcessedContainerIndex())
+            }
+
+            PageController.closePage() // close installing page
+            PageController.closePage() // close protocol settings page
+
             if (stackView.currentItem.objectName === PageController.getPagePath(PageEnum.PageHome)) {
                 PageController.restorePageHomeState(true)
-            } else if (stackView.currentItem.objectName === PageController.getPagePath(PageEnum.PageSettings)) {
-                PageController.goToPage(PageEnum.PageSettingsServersList, false)
-                PageController.goToPage(PageEnum.PageSettingsServerInfo, false)
-                if (isServiceInstall) {
-                    PageController.goToPageSettingsServerServices()
-                }
-            } else {
-                PageController.goToPage(PageEnum.PageHome)
             }
 
             PageController.showNotificationMessage(finishedMessage)
         }
 
         function onInstallServerFinished(finishedMessage) {
+            if (!ConnectionController.isConnected) {
+                ServersModel.setDefaultServerIndex(ServersModel.getServersCount() - 1);
+            }
+
             PageController.goToStartPage()
             if (stackView.currentItem.objectName === PageController.getPagePath(PageEnum.PageSetupWizardStart)) {
                 PageController.replaceStartPage()

client/ui/qml/Pages2/PageSetupWizardProtocolSettings.qml

@@ -224,7 +224,7 @@ PageType {
                             if (ProtocolProps.defaultPort(defaultContainerProto) < 0) {
                                 port.visible = false
                             } else {
-                                port.textFieldText = ProtocolProps.defaultPort(defaultContainerProto)
+                                port.textFieldText = ProtocolProps.getPortForInstall(defaultContainerProto)
                             }
                             transportProtoSelector.currentIndex = ProtocolProps.defaultTransportProto(defaultContainerProto)
 

client/ui/qml/Pages2/PageSetupWizardStart.qml

@@ -134,7 +134,7 @@ PageType {
 
                 text: qsTr("I have nothing")
 
-                onClicked: Qt.openUrlExternally("https://ru-docs.amnezia.org/guides/hosting-instructions")
+                onClicked: Qt.openUrlExternally("https://amnezia.org/instructions/0_starter-guide")
             }
         }
 

client/ui/qml/Pages2/PageSetupWizardViewConfig.qml

@@ -24,6 +24,10 @@ PageType {
         }
 
         function onImportFinished() {
+            if (ConnectionController.isConnected) {
+                ServersModel.setDefaultServerIndex(ServersModel.getServersCount() - 1);
+            }
+
             PageController.goToStartPage()
             if (stackView.currentItem.objectName === PageController.getPagePath(PageEnum.PageSetupWizardStart)) {
                 PageController.replaceStartPage()

client/ui/qml/Pages2/PageShare.qml

@@ -118,7 +118,7 @@ PageType {
                 Layout.fillWidth: true
                 Layout.topMargin: 24
 
-                headerText: qsTr("VPN Access")
+                headerText: qsTr("Share VPN Access")
             }
 
             Rectangle {
@@ -171,8 +171,8 @@ PageType {
                 Layout.topMargin: 24
                 Layout.bottomMargin: 24
 
-                text: accessTypeSelector.currentIndex === 0 ? qsTr("VPN access without the ability to manage the server") :
-                                                              qsTr("Access to server management. The user with whom you share full access to the connection will be able to add and remove your protocols and services to the server, as well as change settings.")
+                text: accessTypeSelector.currentIndex === 0 ? qsTr("Share VPN access without the ability to manage the server") :
+                                                              qsTr("Share access to server management. The user with whom you share full access to the server will be able to add and remove any protocols and services to the server, as well as change settings.")
                 color: "#878B91"
             }
 
@@ -320,7 +320,7 @@ PageType {
 
                         if (index === ContainerProps.containerFromString("amnezia-openvpn")) {
                             root.connectionTypesModel.push(openVpnConnectionFormat)
-                        } else if (index === ContainerProps.containerFromString("amnezia-awg")) {
+                        } else if (index === ContainerProps.containerFromString("amnezia-wireguard")) {
                             root.connectionTypesModel.push(wireGuardConnectionFormat)
                         }
                     }

client/vpnconnection.cpp

@@ -68,7 +68,7 @@ void VpnConnection::onConnectionStateChanged(Vpn::ConnectionState state)
                 // qDebug() << "VpnConnection::onConnectionStateChanged :: adding custom routes, count:" << forwardIps.size();
             }
             QString dns1 = m_vpnConfiguration.value(config_key::dns1).toString();
-            QString dns2 = m_vpnConfiguration.value(config_key::dns1).toString();
+            QString dns2 = m_vpnConfiguration.value(config_key::dns2).toString();
 
             IpcClient::Interface()->routeAddList(m_vpnProtocol->vpnGateway(), QStringList() << dns1 << dns2);
 
@@ -329,6 +329,8 @@ void VpnConnection::connectToVpn(int serverIndex, const ServerCredentials &crede
         return;
     }
 
+    appendSplitTunnelingConfig();
+
 #if !defined(Q_OS_ANDROID) && !defined(Q_OS_IOS)
     m_vpnProtocol.reset(VpnProtocol::factory(container, m_vpnConfiguration));
     if (!m_vpnProtocol) {
@@ -363,6 +365,26 @@ void VpnConnection::createProtocolConnections()
     connect(m_vpnProtocol.data(), SIGNAL(bytesChanged(quint64, quint64)), this, SLOT(onBytesChanged(quint64, quint64)));
 }
 
+void VpnConnection::appendSplitTunnelingConfig()
+{
+    auto routeMode = m_settings->routeMode();
+    auto sites = m_settings->getVpnIps(routeMode);
+
+    QJsonArray sitesJsonArray;
+    for (const auto &site : sites) {
+        sitesJsonArray.append(site);
+    }
+
+    // Allow traffic to Amezia DNS
+    if (routeMode == Settings::VpnOnlyForwardSites){
+        sitesJsonArray.append(m_vpnConfiguration.value(config_key::dns1).toString());
+        sitesJsonArray.append(m_vpnConfiguration.value(config_key::dns2).toString());
+    }
+
+    m_vpnConfiguration.insert(config_key::splitTunnelType, routeMode);
+    m_vpnConfiguration.insert(config_key::splitTunnelSites, sitesJsonArray);
+}
+
 #ifdef Q_OS_ANDROID
 void VpnConnection::restoreConnection()
 {

client/vpnconnection.h

@@ -112,6 +112,8 @@ private:
 #endif
 
    void createProtocolConnections();
+
+   void appendSplitTunnelingConfig();
 };
 
 #endif // VPNCONNECTION_H

deploy/build_macos.sh

@@ -96,16 +96,16 @@ if [ "${MAC_CERT_PW+x}" ]; then
   security find-identity -p codesigning
 
   echo "Signing App bundle..."
-  /usr/bin/codesign --deep --force --verbose --timestamp -o runtime --sign "Developer ID Application: Privacy Technologies OU (X7UJ388FXK)" $BUNDLE_DIR
+  /usr/bin/codesign --deep --force --verbose --timestamp -o runtime --sign "$MAC_SIGNER_ID" $BUNDLE_DIR
   /usr/bin/codesign --verify -vvvv $BUNDLE_DIR || true
   spctl -a -vvvv $BUNDLE_DIR || true
 
   if [ "${NOTARIZE_APP+x}" ]; then
     echo "Notarizing App bundle..."
     /usr/bin/ditto -c -k --keepParent $BUNDLE_DIR $PROJECT_DIR/Bundle_to_notarize.zip
-    xcrun altool --notarize-app -f $PROJECT_DIR/Bundle_to_notarize.zip -t osx --primary-bundle-id "$APP_DOMAIN" -u "$APPLE_DEV_EMAIL" -p $APPLE_DEV_PASSWORD
+    xcrun notarytool submit $PROJECT_DIR/Bundle_to_notarize.zip --apple-id $APPLE_DEV_EMAIL --team-id $MAC_TEAM_ID --password $APPLE_DEV_PASSWORD
     rm $PROJECT_DIR/Bundle_to_notarize.zip
-    sleep 600
+    sleep 300
     xcrun stapler staple $BUNDLE_DIR
     xcrun stapler validate $BUNDLE_DIR
     spctl -a -vvvv $BUNDLE_DIR || true
@@ -130,15 +130,15 @@ $QIF_BIN_DIR/binarycreator --offline-only -v -c $BUILD_DIR/installer/config/maco
 if [ "${MAC_CERT_PW+x}" ]; then
   echo "Signing installer bundle..."
   security unlock-keychain -p $TEMP_PASS $KEYCHAIN
-  /usr/bin/codesign --deep --force --verbose --timestamp -o runtime --sign "Developer ID Application: Privacy Technologies OU (X7UJ388FXK)" $INSTALLER_BUNDLE_DIR
+  /usr/bin/codesign --deep --force --verbose --timestamp -o runtime --sign "$MAC_SIGNER_ID" $INSTALLER_BUNDLE_DIR
   /usr/bin/codesign --verify -vvvv $INSTALLER_BUNDLE_DIR || true
 
   if [ "${NOTARIZE_APP+x}" ]; then
     echo "Notarizing installer bundle..."
     /usr/bin/ditto -c -k --keepParent $INSTALLER_BUNDLE_DIR $PROJECT_DIR/Installer_bundle_to_notarize.zip
-    xcrun altool --notarize-app -f $PROJECT_DIR/Installer_bundle_to_notarize.zip -t osx --primary-bundle-id "$APP_DOMAIN" -u "$APPLE_DEV_EMAIL" -p $APPLE_DEV_PASSWORD
+    xcrun notarytool submit $PROJECT_DIR/Installer_bundle_to_notarize.zip --apple-id $APPLE_DEV_EMAIL --team-id $MAC_TEAM_ID --password $APPLE_DEV_PASSWORD
     rm $PROJECT_DIR/Installer_bundle_to_notarize.zip
-    sleep 600
+    sleep 300
     xcrun stapler staple $INSTALLER_BUNDLE_DIR
     xcrun stapler validate $INSTALLER_BUNDLE_DIR
     spctl -a -vvvv $INSTALLER_BUNDLE_DIR || true
@@ -151,13 +151,13 @@ hdiutil create -volname AmneziaVPN -srcfolder $BUILD_DIR/installer/$APP_NAME.app
 if [ "${MAC_CERT_PW+x}" ]; then
   echo "Signing DMG installer..."
   security unlock-keychain -p $TEMP_PASS $KEYCHAIN
-  /usr/bin/codesign --deep --force --verbose --timestamp -o runtime --sign "Developer ID Application: Privacy Technologies OU (X7UJ388FXK)" $DMG_FILENAME
+  /usr/bin/codesign --deep --force --verbose --timestamp -o runtime --sign "$MAC_SIGNER_ID" $DMG_FILENAME
   /usr/bin/codesign --verify -vvvv $DMG_FILENAME || true
 
   if [ "${NOTARIZE_APP+x}" ]; then
     echo "Notarizing DMG installer..."
-    xcrun altool --notarize-app -f $DMG_FILENAME -t osx --primary-bundle-id $APP_DOMAIN -u $APPLE_DEV_EMAIL -p $APPLE_DEV_PASSWORD
-    sleep 600
+    xcrun notarytool submit $DMG_FILENAME --apple-id $APPLE_DEV_EMAIL --team-id $MAC_TEAM_ID --password $APPLE_DEV_PASSWORD
+    sleep 300
     xcrun stapler staple $DMG_FILENAME
     xcrun stapler validate $DMG_FILENAME
   fi