use stop method for protocol disconnecect

This reverts commit 20e4ea2d4a.

client/amnezia_application.cpp

@@ -53,14 +53,16 @@ AmneziaApplication::~AmneziaApplication()
 {
     if (m_vpnConnection) {
         QMetaObject::invokeMethod(m_vpnConnection.get(), "disconnectFromVpn", Qt::QueuedConnection);
-        QMetaObject::invokeMethod(m_vpnConnection.get(), "deleteLater", Qt::QueuedConnection);
+        QThread::msleep(2000);
+        QMetaObject::invokeMethod(m_vpnConnection.get(), "disconnectSlots", Qt::QueuedConnection);
     }
 
+    m_vpnConnectionThread.requestInterruption();
     m_vpnConnectionThread.quit();
 
-    if (!m_vpnConnectionThread.wait(5000)) {
+    if (!m_vpnConnectionThread.wait(3000)) {
         m_vpnConnectionThread.terminate();
-        m_vpnConnectionThread.wait();
+        m_vpnConnectionThread.wait(500);
     }
 
     if (m_engine) {

client/core/controllers/gatewayController.cpp

@@ -3,22 +3,11 @@
 #include <algorithm>
 #include <random>
 
-#include <QEventLoop>
 #include <QJsonArray>
 #include <QJsonDocument>
 #include <QJsonObject>
-#include <QMetaObject>
 #include <QNetworkReply>
-#include <QNetworkRequest>
-#include <QRandomGenerator>
-#include <QDataStream>
-#include <QSslConfiguration>
-#include <QSslSocket>
-#include <QRemoteObjectPendingReply>
-#include <QThread>
 #include <QUrl>
-#include <QtEndian>
-#include <QDebug>
 
 #include "QBlockCipher.h"
 #include "QRsa.h"
@@ -77,15 +66,10 @@ ErrorCode GatewayController::get(const QString &endpoint, QByteArray &responseBo
     // bypass killSwitch exceptions for API-gateway
 #ifdef AMNEZIA_DESKTOP
     if (m_isStrictKillSwitchEnabled) {
-        const QUrl originalUrl = request.url();
-        const QString originalHost = originalUrl.host();
-        const QString resolvedIp = addKillSwitchExceptionForUrl(originalUrl);
-        if (!resolvedIp.isEmpty() && resolvedIp != originalHost) {
-            QUrl ipUrl = originalUrl;
-            ipUrl.setHost(resolvedIp);
-            request.setUrl(ipUrl);
-            request.setPeerVerifyName(originalHost);
-            request.setRawHeader("Host", originalHost.toUtf8());
+        QString host = QUrl(request.url()).host();
+        QString ip = NetworkUtilities::getIPAddress(host);
+        if (!ip.isEmpty()) {
+            IpcClient::Interface()->addKillSwitchAllowedRange(QStringList { ip });
         }
     }
 #endif
@@ -144,15 +128,10 @@ ErrorCode GatewayController::post(const QString &endpoint, const QJsonObject api
     // bypass killSwitch exceptions for API-gateway
 #ifdef AMNEZIA_DESKTOP
     if (m_isStrictKillSwitchEnabled) {
-        const QUrl originalUrl = request.url();
-        const QString originalHost = originalUrl.host();
-        const QString resolvedIp = addKillSwitchExceptionForUrl(originalUrl);
-        if (!resolvedIp.isEmpty() && resolvedIp != originalHost) {
-            QUrl ipUrl = originalUrl;
-            ipUrl.setHost(resolvedIp);
-            request.setUrl(ipUrl);
-            request.setPeerVerifyName(originalHost);
-            request.setRawHeader("Host", originalHost.toUtf8());
+        QString host = QUrl(request.url()).host();
+        QString ip = NetworkUtilities::getIPAddress(host);
+        if (!ip.isEmpty()) {
+            IpcClient::Interface()->addKillSwitchAllowedRange(QStringList { ip });
         }
     }
 #endif
@@ -383,344 +362,3 @@ void GatewayController::bypassProxy(const QString &endpoint, QNetworkReply *repl
         }
     }
 }
-
-QString GatewayController::addKillSwitchExceptionForUrl(const QUrl &url)
-{
-#ifdef AMNEZIA_DESKTOP
-    const QString host = url.host();
-    if (host.isEmpty()) {
-        return {};
-    }
-
-    const QString resolvedIp = resolveHost(host);
-    if (resolvedIp.isEmpty()) {
-        qWarning() << "Failed to resolve host for KillSwitch exception" << host;
-        return {};
-    }
-
-    if (!addKillSwitchException(QStringList { resolvedIp })) {
-        qWarning() << "Failed to add KillSwitch exception" << resolvedIp;
-        return {};
-    }
-    return resolvedIp;
-#else
-    Q_UNUSED(url);
-    return {};
-#endif
-}
-
-QString GatewayController::resolveHost(const QString &host)
-{
-#ifdef AMNEZIA_DESKTOP
-    if (!m_isStrictKillSwitchEnabled) {
-        return NetworkUtilities::getIPAddress(host);
-    }
-
-    QString resolvedIp = NetworkUtilities::getIPAddress(host);
-    if (!resolvedIp.isEmpty()) {
-        return resolvedIp;
-    }
-
-    qDebug() << "resolveHost: falling back to resolveHostViaOpenDns" << host;
-    resolvedIp = resolveHostViaOpenDns(host);
-    if (!resolvedIp.isEmpty()) {
-        return resolvedIp;
-    }
-    qWarning() << "OpenDNS fallback failed" << host;
-    qDebug() << "resolveHost: falling back to resolveHostViaQuad9" << host;
-    resolvedIp = resolveHostViaQuad9(host);
-    if (resolvedIp.isEmpty()) {
-        qWarning() << "Quad9 fallback failed" << host;
-    }
-    return resolvedIp;
-#else
-    return NetworkUtilities::getIPAddress(host);
-#endif
-}
-
-#ifdef AMNEZIA_DESKTOP
-bool GatewayController::addKillSwitchException(const QStringList &ranges)
-{
-    auto ipcInterface = IpcClient::Interface();
-    if (!ipcInterface) {
-        qWarning() << "IPC interface is null, cannot add KillSwitch exception";
-        return false;
-    }
-
-    const auto waitForReply = [](QRemoteObjectPendingReply<bool> reply) -> bool {
-        if (!reply.waitForFinished()) {
-            qWarning() << "Timed out waiting for KillSwitch exception reply";
-            return false;
-        }
-        return reply.returnValue();
-    };
-
-    QRemoteObjectPendingReply<bool> reply;
-    if (ipcInterface->thread() == QThread::currentThread()) {
-        reply = ipcInterface->addKillSwitchAllowedRange(ranges);
-    } else {
-        const bool invoked = QMetaObject::invokeMethod(ipcInterface.data(),
-                                                       [&reply, ipcInterface, ranges]() {
-                                                           reply = ipcInterface->addKillSwitchAllowedRange(ranges);
-                                                       },
-                                                       Qt::BlockingQueuedConnection);
-
-        if (!invoked) {
-            qWarning() << "Failed to invoke KillSwitch exception update via queued connection";
-            return false;
-        }
-    }
-
-    const bool result = waitForReply(reply);
-    return result;
-}
-
-bool GatewayController::removeKillSwitchException(const QStringList &ranges)
-{
-    auto ipcInterface = IpcClient::Interface();
-    if (!ipcInterface) {
-        qWarning() << "IPC interface is null, cannot remove KillSwitch exception";
-        return false;
-    }
-
-    const auto waitForReply = [](QRemoteObjectPendingReply<bool> reply) -> bool {
-        if (!reply.waitForFinished()) {
-            qWarning() << "Timed out waiting for KillSwitch removal reply";
-            return false;
-        }
-        return reply.returnValue();
-    };
-
-    QRemoteObjectPendingReply<bool> reply;
-    if (ipcInterface->thread() == QThread::currentThread()) {
-        reply = ipcInterface->removeKillSwitchAllowedRange(ranges);
-    } else {
-        const bool invoked = QMetaObject::invokeMethod(ipcInterface.data(),
-                                                       [&reply, ipcInterface, ranges]() {
-                                                           reply = ipcInterface->removeKillSwitchAllowedRange(ranges);
-                                                       },
-                                                       Qt::BlockingQueuedConnection);
-        if (!invoked) {
-            qWarning() << "Failed to invoke KillSwitch removal via queued connection";
-            return false;
-        }
-    }
-
-    const bool result = waitForReply(reply);
-    return result;
-}
-
-QString GatewayController::resolveHostViaOpenDns(const QString &host)
-{
-    const QString fallbackIp = QStringLiteral("146.112.41.2");
-    const QString dohHostname = QStringLiteral("doh.opendns.com");
-    const QUrl dohEndpoint(QStringLiteral("https://%1/dns-query").arg(fallbackIp));
-
-    if (!addKillSwitchException(QStringList { fallbackIp })) {
-        qWarning() << "Failed to add fallback KillSwitch exception" << fallbackIp;
-    }
-
-    QNetworkRequest request(dohEndpoint);
-    request.setHeader(QNetworkRequest::ContentTypeHeader, QStringLiteral("application/dns-message"));
-    request.setRawHeader("Accept", "application/dns-message");
-    request.setRawHeader("Host", dohHostname.toUtf8());
-    request.setAttribute(QNetworkRequest::RedirectPolicyAttribute, QNetworkRequest::NoLessSafeRedirectPolicy);
-
-    request.setPeerVerifyName(dohHostname);
-
-    QByteArray payload = buildDnsQuery(host);
-
-    QNetworkReply *reply = amnApp->networkManager()->post(request, payload);
-    if (!reply) {
-        qWarning() << "Failed to create DoH request" << host;
-        return {};
-    }
-
-    QEventLoop loop;
-    QObject::connect(reply, &QNetworkReply::finished, &loop, &QEventLoop::quit);
-    loop.exec();
-
-    QByteArray dnsResponse;
-    if (reply->error() == QNetworkReply::NoError) {
-        dnsResponse = reply->readAll();
-    } else {
-        qWarning() << "DoH request failed" << host << reply->errorString();
-    }
-
-    reply->deleteLater();
-
-    if (dnsResponse.isEmpty()) {
-        return {};
-    }
-
-    const QString resolvedIp = parseDnsResponse(dnsResponse);
-    return resolvedIp;
-}
-
-QString GatewayController::resolveHostViaQuad9(const QString &host)
-{
-    const QString dohHostname = QStringLiteral("dns.quad9.net");
-    const QString fallbackIp = QStringLiteral("149.112.112.112");
-
-    QByteArray payload = buildDnsQuery(host);
-
-    const QUrl dohEndpoint(QStringLiteral("https://%1/dns-query").arg(fallbackIp));
-
-    if (!addKillSwitchException(QStringList { fallbackIp })) {
-        qWarning() << "resolveHostViaQuad9: failed to add KillSwitch exception" << fallbackIp;
-    }
-
-    QNetworkRequest request(dohEndpoint);
-    request.setHeader(QNetworkRequest::ContentTypeHeader, QStringLiteral("application/dns-message"));
-    request.setRawHeader("Accept", "application/dns-message");
-    request.setRawHeader("Host", dohHostname.toUtf8());
-    request.setAttribute(QNetworkRequest::RedirectPolicyAttribute, QNetworkRequest::NoLessSafeRedirectPolicy);
-    request.setPeerVerifyName(dohHostname);
-
-    QNetworkReply *reply = amnApp->networkManager()->post(request, payload);
-    if (!reply) {
-        qWarning() << "resolveHostViaQuad9: failed to create DoH request" << host << fallbackIp;
-        return {};
-    }
-
-    QEventLoop loop;
-    QObject::connect(reply, &QNetworkReply::finished, &loop, &QEventLoop::quit);
-    loop.exec();
-
-    QByteArray dnsResponse;
-    if (reply->error() == QNetworkReply::NoError) {
-        dnsResponse = reply->readAll();
-    } else {
-        qWarning() << "resolveHostViaQuad9: DoH request failed" << host << fallbackIp << reply->errorString();
-    }
-
-    reply->deleteLater();
-
-    if (dnsResponse.isEmpty()) {
-        return {};
-    }
-
-    const QString resolvedIp = parseDnsResponse(dnsResponse);
-    return resolvedIp;
-}
-
-QByteArray GatewayController::buildDnsQuery(const QString &host) const
-{
-    QByteArray query;
-    QDataStream stream(&query, QIODevice::WriteOnly);
-    stream.setByteOrder(QDataStream::BigEndian);
-
-    quint16 transactionId = QRandomGenerator::system()->generate();
-    stream << transactionId;
-    stream << static_cast<quint16>(0x0100); // standard query with recursion desired
-    stream << static_cast<quint16>(1);      // QDCOUNT
-    stream << static_cast<quint16>(0);      // ANCOUNT
-    stream << static_cast<quint16>(0);      // NSCOUNT
-    stream << static_cast<quint16>(0);      // ARCOUNT
-
-    const QByteArray hostUtf8 = host.toUtf8();
-    const QList<QByteArray> labels = hostUtf8.split('.');
-    for (const QByteArray &label : labels) {
-        stream << static_cast<quint8>(label.size());
-        stream.writeRawData(label.constData(), label.size());
-    }
-    stream << static_cast<quint8>(0); // end of QNAME
-
-    stream << static_cast<quint16>(1); // QTYPE A
-    stream << static_cast<quint16>(1); // QCLASS IN
-
-    return query;
-}
-
-QString GatewayController::parseDnsResponse(const QByteArray &response) const
-{
-    if (response.size() < 12) {
-        qWarning() << "DNS response too short" << response.size();
-        return {};
-    }
-
-    QDataStream stream(response);
-    stream.setByteOrder(QDataStream::BigEndian);
-
-    quint16 transactionId;
-    quint16 flags;
-    quint16 qdCount;
-    quint16 anCount;
-    quint16 nsCount;
-    quint16 arCount;
-
-    stream >> transactionId >> flags >> qdCount >> anCount >> nsCount >> arCount;
-
-    if ((flags & 0x000F) != 0) {
-        qWarning() << "DNS response contains error" << flags;
-        return {};
-    }
-
-    int offset = 12;
-
-    for (int i = 0; i < qdCount; ++i) {
-        offset = skipDnsName(response, offset);
-        if (offset < 0 || offset + 4 > response.size()) {
-            qWarning() << "Invalid DNS question section";
-            return {};
-        }
-        offset += 4;
-    }
-
-    const uchar *data = reinterpret_cast<const uchar *>(response.constData());
-    for (int i = 0; i < anCount; ++i) {
-        int nameOffset = skipDnsName(response, offset);
-        if (nameOffset < 0 || nameOffset + 10 > response.size()) {
-            qWarning() << "Invalid DNS answer section";
-            return {};
-        }
-        offset = nameOffset;
-
-        quint16 type = qFromBigEndian<quint16>(data + offset);
-        quint16 dnsClass = qFromBigEndian<quint16>(data + offset + 2);
-        quint32 ttl = qFromBigEndian<quint32>(data + offset + 4);
-        Q_UNUSED(ttl);
-    quint16 rdLength = qFromBigEndian<quint16>(data + offset + 8);
-        offset += 10;
-
-        if (offset + rdLength > response.size()) {
-            qWarning() << "Invalid RDATA length" << rdLength;
-            return {};
-        }
-
-        if (type == 1 && dnsClass == 1 && rdLength == 4) {
-            const quint8 b1 = data[offset];
-            const quint8 b2 = data[offset + 1];
-            const quint8 b3 = data[offset + 2];
-            const quint8 b4 = data[offset + 3];
-            return QStringLiteral("%1.%2.%3.%4").arg(b1).arg(b2).arg(b3).arg(b4);
-        }
-
-        offset += rdLength;
-    }
-
-    return {};
-}
-
-int GatewayController::skipDnsName(const QByteArray &message, int offset) const
-{
-    while (offset < message.size()) {
-        quint8 length = static_cast<quint8>(message.at(offset));
-        if (length == 0) {
-            return offset + 1;
-        }
-        if ((length & 0xC0) == 0xC0) {
-            if (offset + 2 > message.size()) {
-                return -1;
-            }
-            return offset + 2;
-        }
-        ++offset;
-        offset += length;
-        if (offset > message.size()) {
-            return -1;
-        }
-    }
-    return -1;
-}
-#endif

client/core/controllers/gatewayController.h

@@ -27,17 +27,6 @@ private:
                            const QByteArray &iv = "", const QByteArray &salt = "");
     void bypassProxy(const QString &endpoint, QNetworkReply *reply, std::function<QNetworkReply *(const QString &url)> requestFunction,
                      std::function<bool(QNetworkReply *reply, const QList<QSslError> &sslErrors)> replyProcessingFunction);
-    QString addKillSwitchExceptionForUrl(const QUrl &url);
-    QString resolveHost(const QString &host);
-#ifdef AMNEZIA_DESKTOP
-    bool addKillSwitchException(const QStringList &ranges);
-    bool removeKillSwitchException(const QStringList &ranges);
-    QString resolveHostViaOpenDns(const QString &host);
-    QString resolveHostViaQuad9(const QString &host);
-    QByteArray buildDnsQuery(const QString &host) const;
-    QString parseDnsResponse(const QByteArray &response) const;
-    int skipDnsName(const QByteArray &message, int offset) const;
-#endif
 
     int m_requestTimeoutMsecs;
     QString m_gatewayEndpoint;

client/core/ipcclient.cpp

@@ -85,8 +85,9 @@ bool IpcClient::init(IpcClient *instance)
     }
 
     qDebug() << "IpcClient::init succeed";
+    instance->m_isSocketConnected = (Instance()->m_ipcClient->isReplicaValid() && Instance()->m_Tun2SocksClient->isReplicaValid());
 
-    return (Instance()->m_ipcClient->isReplicaValid() && Instance()->m_Tun2SocksClient->isReplicaValid());
+    return Instance()->isSocketConnected();
 }
 
 QSharedPointer<PrivilegedProcess> IpcClient::CreatePrivilegedProcess()

client/protocols/openvpnprotocol.cpp

@@ -56,7 +56,8 @@ void OpenVpnProtocol::stop()
     }
 
 #if defined(Q_OS_WIN) || defined(Q_OS_LINUX) || defined(Q_OS_MACOS)
-    IpcClient::Interface()->disableKillSwitch();
+    QRemoteObjectPendingReply<bool> disableKillSwitchResp = IpcClient::Interface()->disableKillSwitch();
+    disableKillSwitchResp.waitForFinished(1000);
 #endif
 
     setConnectionState(Vpn::ConnectionState::Disconnected);

client/protocols/xrayprotocol.cpp

@@ -167,8 +167,10 @@ ErrorCode XrayProtocol::startTun2Sock()
 void XrayProtocol::stop()
 {
 #if defined(Q_OS_WIN) || defined(Q_OS_LINUX) || defined(Q_OS_MACOS)
-    IpcClient::Interface()->disableKillSwitch();
-    IpcClient::Interface()->StartRoutingIpv6();
+    QRemoteObjectPendingReply<bool> disableKillSwitchResp = IpcClient::Interface()->disableKillSwitch();
+    disableKillSwitchResp.waitForFinished(1000);
+    QRemoteObjectPendingReply<bool> StartRoutingIpv6Resp = IpcClient::Interface()->StartRoutingIpv6();
+    StartRoutingIpv6Resp.waitForFinished(1000);
 #endif
     qDebug() << "XrayProtocol::stop()";
     m_xrayProcess.disconnect();
@@ -176,6 +178,7 @@ void XrayProtocol::stop()
     m_xrayProcess.waitForFinished(3000);
     if (m_t2sProcess) {
         m_t2sProcess->stop();
+        QThread::msleep(200);
     }
 
     setConnectionState(Vpn::ConnectionState::Disconnected);

client/ui/qml/Pages2/PageSettingsKillSwitch.qml

@@ -64,15 +64,12 @@ PageType {
 
                 enabled: SettingsController.isKillSwitchEnabled && !ConnectionController.isConnected
                 checked: !SettingsController.strictKillSwitchEnabled
-                checkable: false
 
                 text: qsTr("Soft KillSwitch")
                 descriptionText: qsTr("Internet access is blocked if the VPN disconnects unexpectedly")
 
                 onClicked: function() {
-                    if (SettingsController.strictKillSwitchEnabled) {
-                        SettingsController.strictKillSwitchEnabled = false
-                    }
+                    SettingsController.strictKillSwitchEnabled = false
                 }
 
                 Keys.onEnterPressed: this.clicked()
@@ -87,18 +84,15 @@ PageType {
                 Layout.leftMargin: 16
                 Layout.rightMargin: 16
 
-                enabled: SettingsController.isKillSwitchEnabled && !ConnectionController.isConnected
+                visible: false
+                enabled: false
+                // enabled: SettingsController.isKillSwitchEnabled && !ConnectionController.isConnected
                 checked: SettingsController.strictKillSwitchEnabled
-                checkable: false
 
                 text: qsTr("Strict KillSwitch")
                 descriptionText: qsTr("Internet connection is blocked even when VPN is turned off manually or hasn't started")
 
                 onClicked: function() {
-                    if (SettingsController.strictKillSwitchEnabled) {
-                        return
-                    }
-
                     var headerText = qsTr("Just a little heads-up")
                     var descriptionText = qsTr("If the VPN disconnects or drops while Strict KillSwitch is enabled, internet access will be blocked. To restore access, reconnect VPN or disable/change the KillSwitch.")
                     var yesButtonText = qsTr("Continue")

client/vpnconnection.cpp

@@ -32,8 +32,8 @@
 VpnConnection::VpnConnection(std::shared_ptr<Settings> settings, QObject *parent)
     : QObject(parent), m_settings(settings), m_checkTimer(new QTimer(this))
 {
-    m_checkTimer.setInterval(1000);
 #if defined(Q_OS_IOS) || defined(MACOS_NE)
+    m_checkTimer.setInterval(1000);
     connect(IosController::Instance(), &IosController::connectionStateChanged, this, &VpnConnection::onConnectionStateChanged);
     connect(IosController::Instance(), &IosController::bytesChanged, this, &VpnConnection::onBytesChanged);
 
@@ -42,9 +42,6 @@ VpnConnection::VpnConnection(std::shared_ptr<Settings> settings, QObject *parent
 
 VpnConnection::~VpnConnection()
 {
-#if defined AMNEZIA_DESKTOP
-    disconnectFromVpn();
-#endif
 }
 
 void VpnConnection::onBytesChanged(quint64 receivedBytes, quint64 sentBytes)
@@ -55,19 +52,7 @@ void VpnConnection::onBytesChanged(quint64 receivedBytes, quint64 sentBytes)
 void VpnConnection::onKillSwitchModeChanged(bool enabled)
 {
 #ifdef AMNEZIA_DESKTOP
-    if (!m_IpcClient) {
-        m_IpcClient = new IpcClient(this);
-    }
-
-    if (!m_IpcClient->isSocketConnected()) {
-        if (!IpcClient::init(m_IpcClient)) {
-            qWarning() << "Error occurred when init IPC client";
-            emit serviceIsNotReady();
-            return;
-        }
-    }
-
-    if (IpcClient::Interface()) {
+    if (InterfaceReady()) {
         qDebug() << "Set KillSwitch Strict mode enabled " << enabled;
         IpcClient::Interface()->refreshKillSwitch(enabled);
     }
@@ -80,7 +65,7 @@ void VpnConnection::onConnectionStateChanged(Vpn::ConnectionState state)
 #ifdef AMNEZIA_DESKTOP
     auto container = m_settings->defaultContainer(m_settings->defaultServerIndex());
 
-    if (IpcClient::Interface()) {
+    if (InterfaceReady()) {
         if (state == Vpn::ConnectionState::Connected) {
             IpcClient::Interface()->resetIpStack();
             IpcClient::Interface()->flushDns();
@@ -212,14 +197,41 @@ void VpnConnection::deleteRoutes(const QStringList &ips)
 #endif
 }
 
+bool VpnConnection::InterfaceReady()
+{
+#ifdef AMNEZIA_DESKTOP
+    if (!m_IpcClient) {
+        m_IpcClient = new IpcClient(this);
+    }
+
+    if (!m_IpcClient->isSocketConnected()) {
+        if (!IpcClient::init(m_IpcClient)) {
+            qWarning() << "Error occurred when init IPC client";
+            emit serviceIsNotReady();
+            return false;
+        }
+    }
+
+    return IpcClient::Interface() != nullptr;
+#endif
+    return true;
+}
+
 void VpnConnection::flushDns()
 {
 #ifdef AMNEZIA_DESKTOP
-    if (IpcClient::Interface())
+    if (InterfaceReady())
         IpcClient::Interface()->flushDns();
 #endif
 }
 
+void VpnConnection::disconnectSlots()
+{
+    if (m_vpnProtocol) {
+        m_vpnProtocol->disconnect();
+    }
+}
+
 ErrorCode VpnConnection::lastError() const
 {
 #ifdef Q_OS_ANDROID
@@ -240,20 +252,11 @@ void VpnConnection::connectToVpn(int serverIndex, const ServerCredentials &crede
                         .arg(serverIndex)
                         .arg(ContainerProps::containerToString(container))
              << m_settings->routeMode();
-#if !defined(Q_OS_ANDROID) && !defined(Q_OS_IOS) && !defined(MACOS_NE)
-    if (!m_IpcClient) {
-        m_IpcClient = new IpcClient(this);
-    }
 
-    if (!m_IpcClient->isSocketConnected()) {
-        if (!IpcClient::init(m_IpcClient)) {
-            qWarning() << "Error occurred when init IPC client";
-            emit serviceIsNotReady();
-            emit connectionStateChanged(Vpn::ConnectionState::Error);
-            return;
-        }
+    if (!InterfaceReady()) {
+        emit connectionStateChanged(Vpn::ConnectionState::Error);
+        return;
     }
-#endif
 
     m_remoteAddress = NetworkUtilities::getIPAddress(credentials.hostName);
     emit connectionStateChanged(Vpn::ConnectionState::Connecting);
@@ -440,13 +443,18 @@ QString VpnConnection::bytesPerSecToText(quint64 bytes)
 void VpnConnection::disconnectFromVpn()
 {
 #ifdef AMNEZIA_DESKTOP
-    QString proto = m_settings->defaultContainerName(m_settings->defaultServerIndex());
-    if (IpcClient::Interface()) {
-        IpcClient::Interface()->flushDns();
+    if (InterfaceReady()) {
 
+        m_vpnProtocol.data()->stop();
+        qDebug() << "Interface is ready!";
+
+        QRemoteObjectPendingReply<bool> flushDnsResp = IpcClient::Interface()->flushDns();
+        flushDnsResp.waitForFinished(1000);
+
+        qDebug() << "Flushed DNS";
         // delete cached routes
-        QRemoteObjectPendingReply<bool> response = IpcClient::Interface()->clearSavedRoutes();
-        response.waitForFinished(1000);
+        QRemoteObjectPendingReply<bool> clearSavedRoutesResp = IpcClient::Interface()->clearSavedRoutes();
+        clearSavedRoutesResp.waitForFinished(1000);
     }
 #endif
 
@@ -475,12 +483,13 @@ void VpnConnection::disconnectFromVpn()
         return;
     }
 
-#ifndef Q_OS_ANDROID
+#if !defined(Q_OS_ANDROID) && !defined(AMNEZIA_DESKTOP)
     if (m_vpnProtocol) {
         m_vpnProtocol->deleteLater();
     }
-    m_vpnProtocol = nullptr;
 #endif
+
+    m_vpnProtocol = nullptr;
 }
 
 Vpn::ConnectionState VpnConnection::connectionState()

client/vpnconnection.h

@@ -56,6 +56,7 @@ public slots:
     void deleteRoutes(const QStringList &ips);
     void flushDns();
     void onKillSwitchModeChanged(bool enabled);
+    void disconnectSlots();
 
 signals:
     void bytesChanged(quint64 receivedBytes, quint64 sentBytes);
@@ -95,6 +96,7 @@ private:
 
    void appendSplitTunnelingConfig();
    void appendKillSwitchConfig();
+   bool InterfaceReady();
 };
 
 #endif // VPNCONNECTION_H

ipc/ipc_interface.rep

@@ -12,7 +12,7 @@ class IpcInterface
     SLOT( int routeAddList(const QString &gw, const QStringList &ips) );
     SLOT( bool clearSavedRoutes() );
     SLOT( bool routeDeleteList(const QString &gw, const QStringList &ip) );
-    SLOT( void flushDns() );
+    SLOT( bool flushDns() );
     SLOT( void resetIpStack() );
 
     SLOT( bool checkAndInstallDriver() );
@@ -25,14 +25,13 @@ class IpcInterface
     SLOT( bool createTun(const QString &dev, const QString &subnet) );
     SLOT( bool deleteTun(const QString &dev) );
 
-    SLOT( void StartRoutingIpv6() );
-    SLOT( void StopRoutingIpv6() );
+    SLOT( bool StartRoutingIpv6() );
+    SLOT( bool StopRoutingIpv6() );
 
     SLOT( bool disableKillSwitch() );
     SLOT( bool disableAllTraffic() );
     SLOT( bool refreshKillSwitch( bool enabled ) );
     SLOT( bool addKillSwitchAllowedRange( const QStringList ranges ) );
-    SLOT( bool removeKillSwitchAllowedRange( const QStringList ranges ) );
     SLOT( bool resetKillSwitchAllowedRange( const QStringList ranges ) );
     SLOT( bool enablePeerTraffic( const QJsonObject &configStr) );
     SLOT( bool enableKillSwitch( const QJsonObject &excludeAddr, int vpnAdapterIndex) );

ipc/ipcserver.cpp

@@ -83,7 +83,7 @@ bool IpcServer::routeDeleteList(const QString &gw, const QStringList &ips)
     return Router::routeDeleteList(gw, ips);
 }
 
-void IpcServer::flushDns()
+bool IpcServer::flushDns()
 {
 #ifdef MZ_DEBUG
     qDebug() << "IpcServer::flushDns";
@@ -157,13 +157,13 @@ bool IpcServer::updateResolvers(const QString &ifname, const QList<QHostAddress>
     return Router::updateResolvers(ifname, resolvers);
 }
 
-void IpcServer::StartRoutingIpv6()
+bool IpcServer::StartRoutingIpv6()
 {
-    Router::StartRoutingIpv6();
+    return Router::StartRoutingIpv6();
 }
-void IpcServer::StopRoutingIpv6()
+bool IpcServer::StopRoutingIpv6()
 {
-    Router::StopRoutingIpv6();
+    return Router::StopRoutingIpv6();
 }
 
 void IpcServer::setLogsEnabled(bool enabled)
@@ -189,11 +189,6 @@ bool IpcServer::addKillSwitchAllowedRange(QStringList ranges)
     return KillSwitch::instance()->addAllowedRange(ranges);
 }
 
-bool IpcServer::removeKillSwitchAllowedRange(QStringList ranges)
-{
-    return KillSwitch::instance()->removeAllowedRange(ranges);
-}
-
 bool IpcServer::disableAllTraffic()
 {
     return KillSwitch::instance()->disableAllTraffic();

ipc/ipcserver.h

@@ -23,7 +23,7 @@ public:
     virtual int routeAddList(const QString &gw, const QStringList &ips) override;
     virtual bool clearSavedRoutes() override;
     virtual bool routeDeleteList(const QString &gw, const QStringList &ips) override;
-    virtual void flushDns() override;
+    virtual bool flushDns() override;
     virtual void resetIpStack() override;
     virtual bool checkAndInstallDriver() override;
     virtual QStringList getTapList() override;
@@ -32,11 +32,10 @@ public:
     virtual void setLogsEnabled(bool enabled) override;
     virtual bool createTun(const QString &dev, const QString &subnet) override;
     virtual bool deleteTun(const QString &dev) override;
-    virtual void StartRoutingIpv6() override;
-    virtual void StopRoutingIpv6() override;
+    virtual bool StartRoutingIpv6() override;
+    virtual bool StopRoutingIpv6() override;
     virtual bool disableAllTraffic() override;
     virtual bool addKillSwitchAllowedRange(QStringList ranges) override;
-    virtual bool removeKillSwitchAllowedRange(QStringList ranges) override;
     virtual bool resetKillSwitchAllowedRange(QStringList ranges) override;
     virtual bool enablePeerTraffic(const QJsonObject &configStr) override;
     virtual bool enableKillSwitch(const QJsonObject &excludeAddr, int vpnAdapterIndex) override;

service/server/killswitch.cpp

@@ -98,6 +98,17 @@ bool KillSwitch::disableKillSwitch() {
         LinuxFirewall::setAnchorEnabled(LinuxFirewall::IPv4, QStringLiteral("320.allowDNS"), false);
         LinuxFirewall::setAnchorEnabled(LinuxFirewall::Both, QStringLiteral("400.allowPIA"), false);
     } else {
+        LinuxFirewall::setAnchorEnabled(LinuxFirewall::Both, QStringLiteral("000.allowLoopback"), true);
+        LinuxFirewall::setAnchorEnabled(LinuxFirewall::Both, QStringLiteral("100.blockAll"), false);
+        LinuxFirewall::setAnchorEnabled(LinuxFirewall::IPv4, QStringLiteral("110.allowNets"), false);
+        LinuxFirewall::setAnchorEnabled(LinuxFirewall::IPv4, QStringLiteral("120.blockNets"), false);
+        LinuxFirewall::setAnchorEnabled(LinuxFirewall::IPv4, QStringLiteral("200.allowVPN"), false);
+        LinuxFirewall::setAnchorEnabled(LinuxFirewall::IPv6, QStringLiteral("250.blockIPv6"), false);
+        LinuxFirewall::setAnchorEnabled(LinuxFirewall::Both, QStringLiteral("290.allowDHCP"), true);
+        LinuxFirewall::setAnchorEnabled(LinuxFirewall::Both, QStringLiteral("300.allowLAN"), true);
+        LinuxFirewall::setAnchorEnabled(LinuxFirewall::IPv4, QStringLiteral("310.blockDNS"), false);
+        LinuxFirewall::setAnchorEnabled(LinuxFirewall::IPv4, QStringLiteral("320.allowDNS"), false);
+        LinuxFirewall::setAnchorEnabled(LinuxFirewall::Both, QStringLiteral("400.allowPIA"), false);
         LinuxFirewall::uninstall();
     }
 #endif
@@ -189,21 +200,6 @@ bool KillSwitch::addAllowedRange(const QStringList &ranges) {
     return resetAllowedRange(m_allowedRanges);
 }
 
-bool KillSwitch::removeAllowedRange(const QStringList &ranges) {
-    bool modified = false;
-    for (const QString &range : ranges) {
-        if (!range.isEmpty()) {
-            modified = modified || m_allowedRanges.removeAll(range) > 0;
-        }
-    }
-
-    if (!modified) {
-        return true;
-    }
-
-    return resetAllowedRange(m_allowedRanges);
-}
-
 bool KillSwitch::enablePeerTraffic(const QJsonObject &configStr) {
 #ifdef Q_OS_WIN
     InterfaceConfig config;

service/server/killswitch.h

@@ -19,7 +19,6 @@ public:
     bool enableKillSwitch(const QJsonObject &configStr, int vpnAdapterIndex);
     bool resetAllowedRange(const QStringList &ranges);
     bool addAllowedRange(const QStringList &ranges);
-    bool removeAllowedRange(const QStringList &ranges);
     bool isStrictKillSwitchEnabled();
 
 private:

service/server/router.cpp

@@ -42,14 +42,14 @@ int Router::routeDeleteList(const QString &gw, const QStringList &ips)
 #endif
 }
 
-void Router::flushDns()
+bool Router::flushDns()
 {
 #ifdef Q_OS_WIN
-    RouterWin::Instance().flushDns();
+    return RouterWin::Instance().flushDns();
 #elif defined (Q_OS_MAC)
-    RouterMac::Instance().flushDns();
+    return RouterMac::Instance().flushDns();
 #elif defined Q_OS_LINUX
-    RouterLinux::Instance().flushDns();
+    return RouterLinux::Instance().flushDns();
 #endif
 }
 
@@ -100,25 +100,25 @@ bool Router::updateResolvers(const QString& ifname, const QList<QHostAddress>& r
 }
 
 
-void Router::StopRoutingIpv6()
+bool Router::StopRoutingIpv6()
 {
 #ifdef Q_OS_WIN
-    RouterWin::Instance().StopRoutingIpv6();
+    return RouterWin::Instance().StopRoutingIpv6();
 #elif defined (Q_OS_MAC)
-    // todo fixme
+    return true;// todo fixme
 #elif defined Q_OS_LINUX
-    RouterLinux::Instance().StopRoutingIpv6();
+    return RouterLinux::Instance().StopRoutingIpv6();
 #endif
 }
 
-void Router::StartRoutingIpv6()
+bool Router::StartRoutingIpv6()
 {
 #ifdef Q_OS_WIN
-    RouterWin::Instance().StartRoutingIpv6();
+    return RouterWin::Instance().StartRoutingIpv6();
 #elif defined (Q_OS_MAC)
-    // todo fixme
+    return true;// todo fixme
 #elif defined Q_OS_LINUX
-    RouterLinux::Instance().StartRoutingIpv6();
+    return RouterLinux::Instance().StartRoutingIpv6();
 #endif
 }
 

service/server/router.h

@@ -19,12 +19,12 @@ public:
     static int routeAddList(const QString &gw, const QStringList &ips);
     static bool clearSavedRoutes();
     static int routeDeleteList(const QString &gw, const QStringList &ips);
-    static void flushDns();
+    static bool flushDns();
     static void resetIpStack();
     static bool createTun(const QString &dev, const QString &subnet);
     static bool deleteTun(const QString &dev);
-    static void StartRoutingIpv6();
-    static void StopRoutingIpv6();
+    static bool StartRoutingIpv6();
+    static bool StopRoutingIpv6();
     static bool updateResolvers(const QString& ifname, const QList<QHostAddress>& resolvers);
 };
 

service/server/router_linux.cpp

@@ -160,7 +160,7 @@ bool RouterLinux::isServiceActive(const QString &serviceName) {
     return process.exitCode() == 0;
 }
 
-void RouterLinux::flushDns()
+bool RouterLinux::flushDns()
 {
     QProcess p;
     p.setProcessChannelMode(QProcess::MergedChannels);
@@ -174,7 +174,7 @@ void RouterLinux::flushDns()
         p.start("systemctl", { "restart", "systemd-resolved" });
     } else {
         qDebug() << "No suitable DNS manager found.";
-        return;
+        return false;
     }
 
     p.waitForFinished();
@@ -183,6 +183,8 @@ void RouterLinux::flushDns()
         qDebug().noquote() << "Flush dns completed";
     else
         qDebug().noquote() << "OUTPUT systemctl restart nscd/systemd-resolved: " + output;
+
+    return true;
 }
 
 bool RouterLinux::createTun(const QString &dev, const QString &subnet) {
@@ -279,7 +281,7 @@ bool RouterLinux::updateResolvers(const QString& ifname, const QList<QHostAddres
     return m_dnsUtil->updateResolvers(ifname, resolvers);
 }
 
-void RouterLinux::StartRoutingIpv6()
+bool RouterLinux::StartRoutingIpv6()
 {
     QProcess process;
     QStringList commands;
@@ -289,12 +291,12 @@ void RouterLinux::StartRoutingIpv6()
     if (!process.waitForStarted(1000))
     {
         qDebug().noquote() << "Could not start activate ipv6\n";
-        return;
+        return false;
     }
     else if (!process.waitForFinished(2000))
     {
         qDebug().noquote() << "Could not activate ipv6\n";
-        return;
+        return false;
     }
     commands.clear();
 
@@ -303,19 +305,20 @@ void RouterLinux::StartRoutingIpv6()
     if (!process.waitForStarted(1000))
     {
         qDebug().noquote() << "Could not start activate ipv6\n";
-        return;
+        return false;
     }
     else if (!process.waitForFinished(2000))
     {
         qDebug().noquote() << "Could not activate ipv6\n";
-        return;
+        return false;
     }
     commands.clear();
 
     qDebug().noquote() << "StartRoutingIpv6 OK";
+    return true;
 }
 
-void RouterLinux::StopRoutingIpv6()
+bool RouterLinux::StopRoutingIpv6()
 {
     QProcess process;
     QStringList commands;
@@ -325,12 +328,12 @@ void RouterLinux::StopRoutingIpv6()
     if (!process.waitForStarted(1000))
     {
         qDebug().noquote() << "Could not start disable ipv6\n";
-        return;
+        return false;
     }
     else if (!process.waitForFinished(2000))
     {
         qDebug().noquote() << "Could not disable ipv6\n";
-        return;
+        return false;
     }
     commands.clear();
 
@@ -339,14 +342,15 @@ void RouterLinux::StopRoutingIpv6()
     if (!process.waitForStarted(1000))
     {
         qDebug().noquote() << "Could not start disable ipv6\n";
-        return;
+        return false;
     }
     else if (!process.waitForFinished(2000))
     {
         qDebug().noquote() << "Could not disable ipv6\n";
-        return;
+        return false;
     }
     commands.clear();
 
     qDebug().noquote() << "StopRoutingIpv6 OK";
+    return true;
 }

service/server/router_linux.h

@@ -30,11 +30,11 @@ public:
     bool routeDelete(const QString &ip, const QString &gw, const int &sock);
     bool routeDeleteList(const QString &gw, const QStringList &ips);
     QString getgatewayandiface();
-    void flushDns();
+    bool flushDns();
     bool createTun(const QString &dev, const QString &subnet);
     bool deleteTun(const QString &dev);
-    void StartRoutingIpv6();
-    void StopRoutingIpv6();
+    bool StartRoutingIpv6();
+    bool StopRoutingIpv6();
     bool updateResolvers(const QString& ifname, const QList<QHostAddress>& resolvers);
 public slots:
 

service/server/router_mac.cpp

@@ -166,7 +166,7 @@ bool RouterMac::deleteTun(const QString &dev)
     return true;
 }
 
-void RouterMac::flushDns()
+bool RouterMac::flushDns()
 {
     // sudo killall -HUP mDNSResponder
     QProcess p;
@@ -174,5 +174,7 @@ void RouterMac::flushDns()
 
     p.start("killall", QStringList() << "-HUP" << "mDNSResponder");
     p.waitForFinished();
+    
     qDebug().noquote() << "OUTPUT killall -HUP mDNSResponder: " + p.readAll();
+    return true;
 }

service/server/router_mac.h

@@ -29,7 +29,7 @@ public:
     bool clearSavedRoutes();
     bool routeDelete(const QString &ip, const QString &gw);
     bool routeDeleteList(const QString &gw, const QStringList &ips);
-    void flushDns();
+    bool flushDns();
     bool createTun(const QString &dev, const QString &subnet);
     bool deleteTun(const QString &dev);
     bool updateResolvers(const QString& ifname, const QList<QHostAddress>& resolvers);

service/server/router_win.cpp

@@ -273,7 +273,7 @@ int RouterWin::routeDeleteList(const QString &gw, const QStringList &ips)
     return success_count;
 }
 
-void RouterWin::flushDns()
+bool RouterWin::flushDns()
 {
     QProcess p;
     p.setProcessChannelMode(QProcess::MergedChannels);
@@ -281,6 +281,7 @@ void RouterWin::flushDns()
 
     p.start(command);
     p.waitForFinished();
+    return true;
     //qDebug().noquote() << "OUTPUT ipconfig /flushdns: " + p.readAll();
 }
 
@@ -444,7 +445,7 @@ bool RouterWin::updateResolvers(const QString& ifname, const QList<QHostAddress>
 }
 
 
-void RouterWin::StopRoutingIpv6()
+bool RouterWin::StopRoutingIpv6()
 {
     {
         QProcess p;
@@ -464,9 +465,10 @@ void RouterWin::StopRoutingIpv6()
         p.start(command);
         p.waitForFinished();
     }
+    return true;
 }
 
-void RouterWin::StartRoutingIpv6()
+bool RouterWin::StartRoutingIpv6()
 {
     {
         QProcess p;
@@ -486,5 +488,6 @@ void RouterWin::StartRoutingIpv6()
         p.start(command);
         p.waitForFinished();
     }
+    return true;
 }
 

service/server/router_win.h

@@ -39,11 +39,11 @@ public:
     int routeAddList(const QString &gw, const QStringList &ips);
     bool clearSavedRoutes();
     int routeDeleteList(const QString &gw, const QStringList &ips);
-    void flushDns();
+    bool flushDns();
     void resetIpStack();
 
-    void StartRoutingIpv6();
-    void StopRoutingIpv6();
+    bool StartRoutingIpv6();
+    bool StopRoutingIpv6();
 
     void suspendWcmSvc(bool suspend);
     bool updateResolvers(const QString& ifname, const QList<QHostAddress>& resolvers);