Merge branch 'support-podman' into support_podman

Checking presence Sudo and Docker on the server.
Checking the status of the Docker service.

CMakeLists.txt

@@ -2,7 +2,7 @@ cmake_minimum_required(VERSION 3.25.0 FATAL_ERROR)
 
 set(PROJECT AmneziaVPN)
 
-project(${PROJECT} VERSION 4.8.5.0
+project(${PROJECT} VERSION 4.8.4.3
         DESCRIPTION "AmneziaVPN"
         HOMEPAGE_URL "https://amnezia.org/"
 )
@@ -11,7 +11,7 @@ string(TIMESTAMP CURRENT_DATE "%Y-%m-%d")
 set(RELEASE_DATE "${CURRENT_DATE}")
 
 set(APP_MAJOR_VERSION ${CMAKE_PROJECT_VERSION_MAJOR}.${CMAKE_PROJECT_VERSION_MINOR}.${CMAKE_PROJECT_VERSION_PATCH})
-set(APP_ANDROID_VERSION_CODE 2082)
+set(APP_ANDROID_VERSION_CODE 2080)
 
 if(${CMAKE_SYSTEM_NAME} STREQUAL "Linux")
     set(MZ_PLATFORM_NAME "linux")

client/configurators/wireguard_configurator.cpp

@@ -35,10 +35,6 @@ WireguardConfigurator::WireguardConfigurator(std::shared_ptr<Settings> settings,
 
     m_protocolName = m_isAwg ? config_key::awg : config_key::wireguard;
     m_defaultPort = m_isAwg ? protocols::wireguard::defaultPort : protocols::awg::defaultPort;
-
-    m_interfaceName = m_isAwg ? protocols::awg::interfaceName : protocols::wireguard::interfaceName;
-    m_wgBinaryName = m_isAwg ? protocols::awg::wgBinaryName : protocols::wireguard::wgBinaryName;
-    m_wgQuickBinaryName = m_isAwg ? protocols::awg::wgQuickBinaryName : protocols::wireguard::wgQuickBinaryName;
 }
 
 WireguardConfigurator::ConnectionData WireguardConfigurator::genClientKeys()
@@ -107,20 +103,6 @@ WireguardConfigurator::ConnectionData WireguardConfigurator::prepareWireguardCon
         return connData;
     }
 
-    if (container == DockerContainer::Awg) {
-        if (m_serverController->isNewAwgContainer(credentials)) {
-            m_serverConfigPath = amnezia::protocols::awg::serverConfigPath;
-            m_interfaceName = protocols::awg::interfaceName;
-            m_wgBinaryName = protocols::awg::wgBinaryName;
-            m_wgQuickBinaryName = protocols::awg::wgQuickBinaryName;
-        } else {
-            m_serverConfigPath = "/opt/amnezia/awg/wg0.conf";
-            m_interfaceName = protocols::wireguard::interfaceName;
-            m_wgBinaryName = protocols::wireguard::wgBinaryName;
-            m_wgQuickBinaryName = protocols::wireguard::wgQuickBinaryName;
-        }
-    }
-
     QString getIpsScript = QString("cat %1 | grep AllowedIPs").arg(m_serverConfigPath);
     QString stdOut;
     auto cbReadStdOut = [&](const QString &data, libssh::Client &) {
@@ -186,8 +168,8 @@ WireguardConfigurator::ConnectionData WireguardConfigurator::prepareWireguardCon
         return connData;
     }
 
-    QString script = QString("sudo docker exec -i $CONTAINER_NAME bash -c '%4 syncconf %2 <(%3 strip %1)'")
-                             .arg(m_serverConfigPath, m_interfaceName, m_wgQuickBinaryName, m_wgBinaryName);
+    QString script = QString("sudo docker exec -i $CONTAINER_NAME bash -c 'wg syncconf wg0 <(wg-quick strip %1)'")
+                             .arg(m_serverConfigPath);
 
     errorCode = m_serverController->runScript(
             credentials,

client/configurators/wireguard_configurator.h

@@ -49,9 +49,6 @@ private:
     amnezia::ProtocolScriptType m_configTemplate;
     QString m_protocolName;
     QString m_defaultPort;
-    QString m_interfaceName;
-    QString m_wgBinaryName;
-    QString m_wgQuickBinaryName;
 };
 
 #endif // WIREGUARD_CONFIGURATOR_H

client/core/controllers/coreController.cpp

@@ -1,6 +1,5 @@
 #include "coreController.h"
 
-#include <QDirIterator>
 #include <QTranslator>
 
 #if defined(Q_OS_ANDROID)
@@ -239,23 +238,7 @@ void CoreController::updateTranslator(const QLocale &locale)
         QCoreApplication::removeTranslator(m_translator.get());
     }
 
-    QStringList availableTranslations;
-    QDirIterator it(":/translations", QStringList("amneziavpn_*.qm"), QDir::Files);
-    while (it.hasNext()) {
-        availableTranslations << it.next();
-    }
-
-    // This code allow to load translation for the language only, without country code
-    const QString lang = locale.name().split("_").first();
-    const QString translationFilePrefix = QString(":/translations/amneziavpn_") + lang;
-    QString strFileName = QString(":/translations/amneziavpn_%1.qm").arg(locale.name());
-    for (const QString &translation : availableTranslations) {
-        if (translation.contains(translationFilePrefix)) {
-            strFileName = translation;
-            break;
-        }
-    }
-
+    QString strFileName = QString(":/translations/amneziavpn") + QLatin1String("_") + locale.name() + ".qm";
     if (m_translator->load(strFileName)) {
         if (QCoreApplication::installTranslator(m_translator.get())) {
             m_settings->setAppLanguage(locale);

client/core/controllers/serverController.cpp

@@ -407,22 +407,12 @@ ErrorCode ServerController::installDockerWorker(const ServerCredentials &credent
                       cbReadStdOut, cbReadStdErr);
 
     qDebug().noquote() << "ServerController::installDockerWorker" << stdOut;
-    if (container == DockerContainer::Awg) {
-        QRegularExpression regex(R"(Linux\s+(\d+)\.(\d+)[^\d]*)");
-        QRegularExpressionMatch match = regex.match(stdOut);
-        if (match.hasMatch()) {
-            int majorVersion = match.captured(1).toInt();
-            int minorVersion = match.captured(2).toInt();
-
-            if (majorVersion < 4 || (majorVersion == 4 && minorVersion < 14)) {
-                return ErrorCode::ServerLinuxKernelTooOld;
-            }
-        }
-    }
     if (stdOut.contains("lock"))
         return ErrorCode::ServerPacketManagerError;
-    if (stdOut.contains("command not found"))
+    if (stdOut.contains("sudo:") && stdOut.contains("not found"))
         return ErrorCode::ServerDockerFailedError;
+    if (stdOut.contains("Failed docker status"))
+        return ErrorCode::ServerDockerStatusNotActive;
 
     return error;
 }
@@ -721,7 +711,7 @@ ErrorCode ServerController::isServerPortBusy(const ServerCredentials &credential
     QString transportProto = containerConfig.value(config_key::transport_proto).toString(defaultTransportProto);
 
     // TODO reimplement with netstat
-    QString script = QString("which lsof > /dev/null 2>&1 || true && sudo lsof -i -P -n 2>/dev/null | grep -E ':%1 ").arg(port);
+    QString script = QString("which lsof &>/dev/null || true && sudo lsof -i -P -n 2>/dev/null | grep -E ':%1 ").arg(port);
     for (auto &port : fixedPorts) {
         script = script.append("|:%1").arg(port);
     }
@@ -783,7 +773,7 @@ ErrorCode ServerController::isUserInSudo(const ServerCredentials &credentials, D
     ErrorCode error = runScript(credentials, replaceVars(scriptData, genVarsForScript(credentials)), cbReadStdOut, cbReadStdErr);
 
     if (credentials.userName != "root" && stdOut.contains("sudo:") && !stdOut.contains("uname:") && stdOut.contains("not found"))
-        return ErrorCode::ServerSudoPackageIsNotPreinstalled;
+        return ErrorCode::SudoPackageIsNotPreinstalled;
     if (credentials.userName != "root" && !stdOut.contains("sudo") && !stdOut.contains("wheel"))
         return ErrorCode::ServerUserNotInSudo;
     if (stdOut.contains("can't cd to") || stdOut.contains("Permission denied") || stdOut.contains("No such file or directory"))
@@ -855,24 +845,3 @@ ErrorCode ServerController::getDecryptedPrivateKey(const ServerCredentials &cred
     auto error = m_sshClient.getDecryptedPrivateKey(credentials, decryptedPrivateKey, callback);
     return error;
 }
-
-bool ServerController::isNewAwgContainer(const ServerCredentials &credentials)
-{
-    QString stdOut;
-    auto cbReadStdOut = [&](const QString &data, libssh::Client &) {
-        stdOut += data + "\n";
-        return ErrorCode::NoError;
-    };
-
-    auto cbReadStdErr = [&](const QString &data, libssh::Client &) {
-        stdOut += data + "\n";
-        return ErrorCode::NoError;
-    };
-
-    QString script = QString("sudo docker exec -i $CONTAINER_NAME bash -c 'type awg'");
-
-    runScript(credentials, replaceVars(script, genVarsForScript(credentials, DockerContainer::Awg)), cbReadStdOut, cbReadStdErr);
-
-    return stdOut.contains("/usr/bin/awg");
-
-}

client/core/controllers/serverController.h

@@ -57,8 +57,6 @@ public:
     ErrorCode getDecryptedPrivateKey(const ServerCredentials &credentials, QString &decryptedPrivateKey,
                                      const std::function<QString()> &callback);
 
-    bool isNewAwgContainer(const ServerCredentials &credentials);
-
 private:
     ErrorCode installDockerWorker(const ServerCredentials &credentials, DockerContainer container);
     ErrorCode prepareHostWorker(const ServerCredentials &credentials, DockerContainer container, const QJsonObject &config = QJsonObject());

client/core/defs.h

@@ -54,11 +54,11 @@ namespace amnezia
         ServerCancelInstallation = 204,
         ServerUserNotInSudo = 205,
         ServerPacketManagerError = 206,
-        ServerSudoPackageIsNotPreinstalled = 207,
+        SudoPackageIsNotPreinstalled = 207,
         ServerUserDirectoryNotAccessible = 208,
         ServerUserNotAllowedInSudoers = 209,
         ServerUserPasswordRequired = 210,
-        ServerLinuxKernelTooOld = 211,
+        ServerDockerStatusNotActive = 211,
 
         // Ssh connection errors
         SshRequestDeniedError = 300,

client/core/errorstrings.cpp

@@ -22,11 +22,11 @@ QString errorString(ErrorCode code) {
     case(ErrorCode::ServerCancelInstallation): errorMessage = QObject::tr("Installation canceled by user"); break;
     case(ErrorCode::ServerUserNotInSudo): errorMessage = QObject::tr("The user is not a member of the sudo group"); break;
     case(ErrorCode::ServerPacketManagerError): errorMessage = QObject::tr("Server error: Package manager error"); break;
-    case(ErrorCode::ServerSudoPackageIsNotPreinstalled): errorMessage = QObject::tr("The sudo package is not pre-installed on the server"); break;
+    case(ErrorCode::SudoPackageIsNotPreinstalled): errorMessage = QObject::tr("The sudo package is not pre-installed"); break;
     case(ErrorCode::ServerUserDirectoryNotAccessible): errorMessage = QObject::tr("The server user's home directory is not accessible"); break;
     case(ErrorCode::ServerUserNotAllowedInSudoers): errorMessage = QObject::tr("Action not allowed in sudoers"); break;
     case(ErrorCode::ServerUserPasswordRequired): errorMessage = QObject::tr("The user's password is required"); break;
-    case(ErrorCode::ServerLinuxKernelTooOld): errorMessage = QObject::tr("Server error: Linux kernel is too old"); break;
+    case(ErrorCode::ServerDockerStatusNotActive): errorMessage = QObject::tr("Docker service status is not active"); break;
 
     // Libssh errors
     case(ErrorCode::SshRequestDeniedError): errorMessage = QObject::tr("SSH request was denied"); break;

client/protocols/protocols_defs.h

@@ -186,9 +186,6 @@ namespace amnezia
             constexpr char serverPublicKeyPath[] = "/opt/amnezia/wireguard/wireguard_server_public_key.key";
             constexpr char serverPskKeyPath[] = "/opt/amnezia/wireguard/wireguard_psk.key";
 
-            constexpr char interfaceName[] = "wg0";
-            constexpr char wgBinaryName[] = "wg";
-            constexpr char wgQuickBinaryName[] = "wg-quick";
         }
 
         namespace sftp
@@ -206,7 +203,7 @@ namespace amnezia
             constexpr char defaultMtu[] = "1376";
 #endif
 
-            constexpr char serverConfigPath[] = "/opt/amnezia/awg/awg0.conf";
+            constexpr char serverConfigPath[] = "/opt/amnezia/awg/wg0.conf";
             constexpr char serverPublicKeyPath[] = "/opt/amnezia/awg/wireguard_server_public_key.key";
             constexpr char serverPskKeyPath[] = "/opt/amnezia/awg/wireguard_psk.key";
 
@@ -219,10 +216,6 @@ namespace amnezia
             constexpr char defaultResponsePacketMagicHeader[] = "3288052141";
             constexpr char defaultTransportPacketMagicHeader[] = "2528465083";
             constexpr char defaultUnderloadPacketMagicHeader[] = "1766607858";
-
-            constexpr char interfaceName[] = "awg0";
-            constexpr char wgBinaryName[] = "awg";
-            constexpr char wgQuickBinaryName[] = "awg-quick";
         }
 
         namespace socks5Proxy

client/server_scripts/awg/Dockerfile

@@ -1,4 +1,4 @@
-FROM amneziavpn/amneziawg-go:latest
+FROM amneziavpn/amnezia-wg:latest
 
 LABEL maintainer="AmneziaVPN"
 

client/server_scripts/awg/configure_container.sh

@@ -1,15 +1,15 @@
 mkdir -p /opt/amnezia/awg
 cd /opt/amnezia/awg
-WIREGUARD_SERVER_PRIVATE_KEY=$(awg genkey)
+WIREGUARD_SERVER_PRIVATE_KEY=$(wg genkey)
 echo $WIREGUARD_SERVER_PRIVATE_KEY > /opt/amnezia/awg/wireguard_server_private_key.key
 
-WIREGUARD_SERVER_PUBLIC_KEY=$(echo $WIREGUARD_SERVER_PRIVATE_KEY | awg pubkey)
+WIREGUARD_SERVER_PUBLIC_KEY=$(echo $WIREGUARD_SERVER_PRIVATE_KEY | wg pubkey)
 echo $WIREGUARD_SERVER_PUBLIC_KEY > /opt/amnezia/awg/wireguard_server_public_key.key
 
-WIREGUARD_PSK=$(awg genpsk)
+WIREGUARD_PSK=$(wg genpsk)
 echo $WIREGUARD_PSK > /opt/amnezia/awg/wireguard_psk.key
 
-cat > /opt/amnezia/awg/awg0.conf <<EOF
+cat > /opt/amnezia/awg/wg0.conf <<EOF
 [Interface]
 PrivateKey = $WIREGUARD_SERVER_PRIVATE_KEY
 Address = $AWG_SUBNET_IP/$WIREGUARD_SUBNET_CIDR

client/server_scripts/awg/run_container.sh

@@ -11,8 +11,13 @@ sudo docker run -d \
 --name $CONTAINER_NAME \
 $CONTAINER_NAME
 
+# Create service for podman
+if [ -n "$(sudo docker --version 2>/dev/null | grep podman)" ]; then \
+  sudo sh -c "podman generate systemd --restart-policy=always -t 1 --name $CONTAINER_NAME 2>/dev/null > $DOCKERFILE_FOLDER/container-$CONTAINER_NAME.service";\
+  sudo sh -c "systemctl enable --now $DOCKERFILE_FOLDER/container-$CONTAINER_NAME.service && docker update --restart no $CONTAINER_NAME > /dev/null";\
+fi
+
 sudo docker network connect amnezia-dns-net $CONTAINER_NAME
 
 # Prevent to route packets outside of the container in case if server behind of the NAT
 #sudo docker exec -i $CONTAINER_NAME sh -c "ifconfig eth0:0 $SERVER_IP_ADDRESS netmask 255.255.255.255 up"
-

client/server_scripts/awg/start.sh

@@ -6,19 +6,19 @@ echo "Container startup"
 #ifconfig eth0:0 $SERVER_IP_ADDRESS netmask 255.255.255.255 up
 
 # kill daemons in case of restart
-awg-quick down /opt/amnezia/awg/awg0.conf
+wg-quick down /opt/amnezia/awg/wg0.conf
 
 # start daemons if configured
-if [ -f /opt/amnezia/awg/awg0.conf ]; then (awg-quick up /opt/amnezia/awg/awg0.conf); fi
+if [ -f /opt/amnezia/awg/wg0.conf ]; then (wg-quick up /opt/amnezia/awg/wg0.conf); fi
 
 # Allow traffic on the TUN interface.
-iptables -A INPUT -i awg0 -j ACCEPT
-iptables -A FORWARD -i awg0 -j ACCEPT
-iptables -A OUTPUT -o awg0 -j ACCEPT
+iptables -A INPUT -i wg0 -j ACCEPT
+iptables -A FORWARD -i wg0 -j ACCEPT
+iptables -A OUTPUT -o wg0 -j ACCEPT
 
 # Allow forwarding traffic only from the VPN.
-iptables -A FORWARD -i awg0 -o eth0 -s $AWG_SUBNET_IP/$WIREGUARD_SUBNET_CIDR -j ACCEPT
-iptables -A FORWARD -i awg0 -o eth1 -s $AWG_SUBNET_IP/$WIREGUARD_SUBNET_CIDR -j ACCEPT
+iptables -A FORWARD -i wg0 -o eth0 -s $AWG_SUBNET_IP/$WIREGUARD_SUBNET_CIDR -j ACCEPT
+iptables -A FORWARD -i wg0 -o eth1 -s $AWG_SUBNET_IP/$WIREGUARD_SUBNET_CIDR -j ACCEPT
 
 iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
 

client/server_scripts/build_container.sh

@@ -1 +1,18 @@
+if [ -n "$(sudo docker --version 2>/dev/null | grep podman)" ]; then sudo sh -c "\
+  test -d /var/cache/containers || mkdir -m 700 -p /var/cache/containers;\
+  test -f /var/cache/containers/short-name-aliases.conf || chmod 600 /var/cache/containers/short-name-aliases.conf>>/var/cache/containers/short-name-aliases.conf;\
+  grep -q '\[aliases\]' /var/cache/containers/short-name-aliases.conf || echo '[aliases]' >> /var/cache/containers/short-name-aliases.conf;\
+  grep -q '  # Amnezia start' /var/cache/containers/short-name-aliases.conf || printf '%s\n' \
+    '  # Amnezia start' \
+    '  \"3proxy/3proxy\" = \"docker.io/3proxy/3proxy\"' \
+    '  \"amneziavpn/amnezia-wg\" = \"docker.io/amneziavpn/amnezia-wg\"' \
+    '  \"amneziavpn/amneziawg-go\" = \"docker.io/amneziavpn/amneziawg-go\"' \
+    '  \"amneziavpn/ipsec-server\" = \"docker.io/amneziavpn/ipsec-server\"' \
+    '  \"amneziavpn/torpress\" = \"docker.io/amneziavpn/torpress\"' \
+    '  \"atmoz/sftp\" = \"docker.io/atmoz/sftp\"' \
+    '  \"mvance/unbound\" = \"docker.io/mvance/unbound\"' \
+    '  \"alpine\" = \"docker.io/library/alpine\"' \
+    '  # Amnezia finish' \
+    >> /var/cache/containers/short-name-aliases.conf";\
+fi;\
 sudo docker build --no-cache --pull -t $CONTAINER_NAME $DOCKERFILE_FOLDER

client/server_scripts/check_user_in_sudo.sh

@@ -4,7 +4,7 @@ elif which yum > /dev/null 2>&1; then pm=$(which yum); opt="--version";\
 elif which pacman > /dev/null 2>&1; then pm=$(which pacman); opt="--version";\
 else pm="uname"; opt="-a";\
 fi;\
-CUR_USER=$(whoami 2>/dev/null || echo $HOME | sed 's/.*\///');\
+CUR_USER=$(whoami 2>/dev/null || echo ~ | sed 's/.*\///');\
 echo $LANG | grep -qE '^(en_US.UTF-8|C.UTF-8|C)$' || export LC_ALL=C;\
 sudo -K;\
 cd ~;\

client/server_scripts/install_docker.sh

@@ -1,24 +1,37 @@
-if which apt-get > /dev/null 2>&1; then pm=$(which apt-get); silent_inst="-yq install"; check_pkgs="-yq update"; docker_pkg="docker.io"; dist="debian";\
-elif which dnf > /dev/null 2>&1; then pm=$(which dnf); silent_inst="-yq install"; check_pkgs="-yq check-update"; docker_pkg="docker"; dist="fedora";\
-elif which yum > /dev/null 2>&1; then pm=$(which yum); silent_inst="-y -q install"; check_pkgs="-y -q check-update"; docker_pkg="docker"; dist="centos";\
-elif which pacman > /dev/null 2>&1; then pm=$(which pacman); silent_inst="-S --noconfirm --noprogressbar --quiet"; check_pkgs="-Sup"; docker_pkg="docker"; dist="archlinux";\
+if which apt-get > /dev/null 2>&1; then pm=$(which apt-get); silent_inst="-yq install"; check_pkgs="-yq update"; wh_pkg="-s install"; docker_pkg="docker.io"; check_srv="docker"; dist="debian";\
+elif which dnf > /dev/null 2>&1; then pm=$(which dnf); silent_inst="-yq install"; check_pkgs="-yq check-update"; wh_pkg="--assumeno install --setopt=tsflags=test"; docker_pkg="docker"; check_srv="docker"; dist="fedora";\
+elif which yum > /dev/null 2>&1; then pm=$(which yum); silent_inst="-y -q install"; check_pkgs="-y -q check-update"; wh_pkg="--assumeno install --setopt=tsflags=test"; docker_pkg="docker"; check_srv="docker"; dist="centos";\
+elif which pacman > /dev/null 2>&1; then pm=$(which pacman); silent_inst="-S --noconfirm --noprogressbar --quiet"; check_pkgs="-Sup"; wh_pkg="-Sp"; docker_pkg="docker"; check_srv="docker"; dist="archlinux";\
 else echo "Packet manager not found"; exit 1; fi;\
-echo "Dist: $dist, Packet manager: $pm, Install command: $silent_inst, Check pkgs command: $check_pkgs, Docker pkg: $docker_pkg";\
+echo "Dist: $dist, Packet manager: $pm, Install command: $silent_inst, Check pkgs command: $check_pkgs, What pkg command: $wh_pkg, Docker pkg: $docker_pkg, Check service: $check_srv";\
 if [ "$dist" = "debian" ]; then export DEBIAN_FRONTEND=noninteractive; fi;\
+echo $LANG | grep -qE '^(en_US.UTF-8|C.UTF-8|C)$' || export LC_ALL=C;\
 if ! command -v sudo > /dev/null 2>&1; then $pm $check_pkgs; $pm $silent_inst sudo; fi;\
 if ! command -v fuser > /dev/null 2>&1; then sudo $pm $check_pkgs; sudo $pm $silent_inst psmisc; fi;\
 if ! command -v lsof > /dev/null 2>&1; then sudo $pm $check_pkgs; sudo $pm $silent_inst lsof; fi;\
 if ! command -v docker > /dev/null 2>&1; then \
-  sudo $pm $check_pkgs; sudo $pm $silent_inst $docker_pkg;\
-  sleep 5; sudo systemctl enable --now docker; sleep 5;\
+  sudo $pm $check_pkgs;\
+  if [ -n "$(sudo $pm $wh_pkg $docker_pkg 2>/dev/null | grep moby-engine)" ]; \
+  then echo "Docker is not supported"; exit 1;\
+  else sudo $pm $silent_inst $docker_pkg;\
+  fi;\
+  if [ -n "$(sudo docker --version 2>/dev/null | grep podman)" ]; then docker_pkg="podman-docker"; check_srv="podman.socket podman";\
+    if [ -n "$(sudo docker --version 2>&1 | grep /etc/containers/nodocker)" ]; then sudo touch /etc/containers/nodocker; fi;\
+  fi;\
+  sleep 5; sudo systemctl enable --now $check_srv 2>/dev/null; sleep 5;\
+fi;\
+if [ -n "$(sudo docker --version 2>&1 | grep moby-engine)" ]; then echo "Docker is not supported"; exit 1;\
+elif [ -n "$(sudo docker --version 2>&1 | grep podman)" ]; then check_srv="podman.socket podman"; docker_pkg="podman-docker";\
+  if [ -n "$(sudo docker --version 2>&1 | grep /etc/containers/nodocker)" ]; then sudo touch /etc/containers/nodocker; fi;\
 fi;\
 if [ "$(cat /sys/module/apparmor/parameters/enabled 2>/dev/null)" = "Y" ]; then \
   if ! command -v apparmor_parser > /dev/null 2>&1; then sudo $pm $check_pkgs; sudo $pm $silent_inst apparmor; fi;\
 fi;\
-if [ "$(systemctl is-active docker)" != "active" ]; then \
+if [ "$(systemctl is-active $check_srv | head -n1)" != "active" ]; then \
   sudo $pm $check_pkgs; sudo $pm $silent_inst $docker_pkg;\
-  sleep 5; sudo systemctl start docker; sleep 5;\
+  sleep 5; sudo systemctl start $check_srv; sleep 5;\
+  if [ "$(systemctl is-active $check_srv | head -n1)" != "active" ]; then echo "Failed docker status"; fi;\
 fi;\
-if ! command -v sudo > /dev/null 2>&1; then echo "Failed to install sudo, command not found"; exit 1; fi;\
-docker --version;\
-uname -sr
+sudo docker --version
+
+# To allow autoinstallation of podman-docker, remove ' || [ -n "$(sudo $pm $wh_pkg $docker_pkg 2>/dev/null | grep podman-docker)" ]' and ' || [ -n "$(sudo docker --version 2>&1 | grep podman)" ]'

client/server_scripts/prepare_host.sh

@@ -1,4 +1,4 @@
-CUR_USER=$(whoami 2>/dev/null || echo $HOME | sed 's/.*\///');\
+CUR_USER=$(whoami 2>/dev/null || echo ~ | sed 's/.*\///');\
 sudo mkdir -p $DOCKERFILE_FOLDER;\
 sudo chown $CUR_USER $DOCKERFILE_FOLDER;\
 if ! sudo docker network ls | grep -q amnezia-dns-net; then sudo docker network create \

client/server_scripts/remove_all_containers.sh

@@ -1,4 +1,8 @@
 sudo docker ps -a | grep amnezia | awk '{print $1}' | xargs sudo docker stop;\
+sudo docker --version 2>/dev/null | grep -q podman && \
+  sudo systemctl list-units | grep amnezia | awk '{print $1}' | xargs sudo systemctl disable --now && \
+  sudo systemctl daemon-reload && sudo systemctl reset-failed && \
+  sudo sed -i '/^  # Amnezia start/,/^  # Amnezia finish$/d' /var/cache/containers/short-name-aliases.conf;\
 sudo docker ps -a | grep amnezia | awk '{print $1}' | xargs sudo docker rm -fv;\
 sudo docker images -a | grep amnezia | awk '{print $3}' | xargs sudo docker rmi;\
 sudo docker network ls | grep amnezia-dns-net | awk '{print $1}' | xargs sudo docker network rm;\

client/server_scripts/remove_container.sh

@@ -1,3 +1,7 @@
 sudo docker stop $CONTAINER_NAME;\
+sudo docker --version 2>/dev/null | grep -q podman && \
+  sudo systemctl disable --now container-$CONTAINER_NAME.service && \
+  sudo systemctl daemon-reload && sudo systemctl reset-failed && \
+  sudo rm -f $DOCKERFILE_FOLDER/container-$CONTAINER_NAME.service;\
 sudo docker rm -fv $CONTAINER_NAME;\
 sudo docker rmi $CONTAINER_NAME

client/server_scripts/xray/run_container.sh

@@ -12,6 +12,12 @@ sudo docker network connect amnezia-dns-net $CONTAINER_NAME
 # Create tun device if not exist
 sudo docker exec -i $CONTAINER_NAME bash -c 'mkdir -p /dev/net; if [ ! -c /dev/net/tun ]; then mknod /dev/net/tun c 10 200; fi'
 
+# Create service for podman
+if [ -n "$(sudo docker --version 2>/dev/null | grep podman)" ]; then \
+  sudo sh -c "podman generate systemd --new --name $CONTAINER_NAME 2>/dev/null > $DOCKERFILE_FOLDER/container-$CONTAINER_NAME.service";\
+  sudo mv $DOCKERFILE_FOLDER/container-$CONTAINER_NAME.service /etc/systemd/system/
+  sudo systemctl daemon-reload && sudo systemctl enable --now container-$CONTAINER_NAME.service;\
+fi
+
 # Prevent to route packets outside of the container in case if server behind of the NAT
 #sudo docker exec -i $CONTAINER_NAME sh -c "ifconfig eth0:0 $SERVER_IP_ADDRESS netmask 255.255.255.255 up"
-

client/ui/controllers/api/apiConfigsController.cpp

@@ -19,7 +19,7 @@ namespace
         constexpr char cloak[] = "cloak";
         constexpr char awg[] = "awg";
 
-        constexpr char apiEndpoint[] = "api_endpoint";
+        constexpr char apiEdnpoint[] = "api_endpoint";
         constexpr char accessToken[] = "api_key";
         constexpr char certificate[] = "certificate";
         constexpr char publicKey[] = "public_key";
@@ -251,6 +251,7 @@ bool ApiConfigsController::updateServiceFromGateway(const int serverIndex, const
 
         newServerConfig.insert(configKey::apiConfig, newApiConfig);
         newServerConfig.insert(configKey::authData, authData);
+        // newServerConfig.insert(
 
         m_serversModel->editServer(newServerConfig, serverIndex);
         if (reloadServiceConfig) {
@@ -269,37 +270,54 @@ bool ApiConfigsController::updateServiceFromGateway(const int serverIndex, const
 
 bool ApiConfigsController::updateServiceFromTelegram(const int serverIndex)
 {
+    auto serverConfig = m_serversModel->getServerConfig(serverIndex);
+    auto installationUuid = m_settings->getInstallationUuid(true);
+
 #ifdef Q_OS_IOS
     IosController::Instance()->requestInetAccess();
     QThread::msleep(10);
 #endif
 
-    GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs);
+    if (serverConfig.value(config_key::configVersion).toInt()) {
+        QNetworkRequest request;
+        request.setTransferTimeout(apiDefs::requestTimeoutMsecs);
+        request.setHeader(QNetworkRequest::ContentTypeHeader, "application/json");
+        request.setRawHeader("Authorization", "Api-Key " + serverConfig.value(configKey::accessToken).toString().toUtf8());
+        QString endpoint = serverConfig.value(configKey::apiEdnpoint).toString();
+        request.setUrl(endpoint);
 
-    auto serverConfig = m_serversModel->getServerConfig(serverIndex);
-    auto installationUuid = m_settings->getInstallationUuid(true);
+        QString protocol = serverConfig.value(configKey::protocol).toString();
 
-    QString serviceProtocol = serverConfig.value(configKey::protocol).toString();
-    ApiPayloadData apiPayloadData = generateApiPayloadData(serviceProtocol);
+        ApiPayloadData apiPayloadData = generateApiPayloadData(protocol);
 
-    QJsonObject apiPayload = fillApiPayload(serviceProtocol, apiPayloadData);
-    apiPayload[configKey::uuid] = installationUuid;
-    apiPayload[configKey::accessToken] = serverConfig.value(configKey::accessToken).toString();
-    apiPayload[configKey::apiEndpoint] = serverConfig.value(configKey::apiEndpoint).toString();
+        QJsonObject apiPayload = fillApiPayload(protocol, apiPayloadData);
+        apiPayload[configKey::uuid] = installationUuid;
 
-    QByteArray responseBody;
-    ErrorCode errorCode = gatewayController.post(QString("%1v1/proxy_config"), apiPayload, responseBody);
+        QByteArray requestBody = QJsonDocument(apiPayload).toJson();
 
-    if (errorCode == ErrorCode::NoError) {
-        fillServerConfig(serviceProtocol, apiPayloadData, responseBody, serverConfig);
+        QNetworkReply *reply = amnApp->networkManager()->post(request, requestBody);
 
+        QEventLoop wait;
+        connect(reply, &QNetworkReply::finished, &wait, &QEventLoop::quit);
+
+        QList<QSslError> sslErrors;
+        connect(reply, &QNetworkReply::sslErrors, [this, &sslErrors](const QList<QSslError> &errors) { sslErrors = errors; });
+        wait.exec();
+
+        auto errorCode = apiUtils::checkNetworkReplyErrors(sslErrors, reply);
+        if (errorCode != ErrorCode::NoError) {
+            reply->deleteLater();
+            emit errorOccurred(errorCode);
+            return false;
+        }
+
+        auto apiResponseBody = reply->readAll();
+        reply->deleteLater();
+        fillServerConfig(protocol, apiPayloadData, apiResponseBody, serverConfig);
         m_serversModel->editServer(serverConfig, serverIndex);
         emit updateServerFromApiFinished();
-        return true;
-    } else {
-        emit errorOccurred(errorCode);
-        return false;
     }
+    return true;
 }
 
 bool ApiConfigsController::deactivateDevice()

client/ui/controllers/installController.cpp

@@ -370,17 +370,8 @@ ErrorCode InstallController::getAlreadyInstalledContainers(const ServerCredentia
                     containerConfig.insert(config_key::transport_proto, transportProto);
 
                     if (protocol == Proto::Awg) {
-                        QString serverConfigPath;
-                        if (container == DockerContainer::Awg) {
-                            if (serverController->isNewAwgContainer(credentials)) {
-                                serverConfigPath = amnezia::protocols::awg::serverConfigPath;
-                            } else {
-                                serverConfigPath = "/opt/amnezia/awg/wg0.conf";
-                            }
-                        }
-
                         QString serverConfig = serverController->getTextFileFromContainer(container, credentials,
-                                                                                          serverConfigPath, errorCode);
+                                                                                          protocols::awg::serverConfigPath, errorCode);
 
                         QMap<QString, QString> serverConfigMap;
                         auto serverConfigLines = serverConfig.split("\n");

client/ui/models/clientManagementModel.cpp

@@ -209,8 +209,7 @@ ErrorCode ClientManagementModel::getWireGuardClients(const DockerContainer conta
 {
     ErrorCode error = ErrorCode::NoError;
 
-    const QString wireGuardConfigFile =
-            DockerContainer::WireGuard ? amnezia::protocols::wireguard::serverConfigPath : amnezia::protocols::awg::serverConfigPath;
+    const QString wireGuardConfigFile = QString("opt/amnezia/%1/wg0.conf").arg(container == DockerContainer::WireGuard ? "wireguard" : "awg");
     const QString wireguardConfigString = serverController->getTextFileFromContainer(container, credentials, wireGuardConfigFile, error);
     if (error != ErrorCode::NoError) {
         logger.error() << "Failed to get the wg conf file from the server";
@@ -737,17 +736,8 @@ ErrorCode ClientManagementModel::revokeWireGuard(const int row, const DockerCont
 {
     ErrorCode error = ErrorCode::NoError;
 
-    QString wireGuardConfigFile;
-    if (container == DockerContainer::Awg) {
-        if (serverController->isNewAwgContainer(credentials)) {
-            wireGuardConfigFile = amnezia::protocols::awg::serverConfigPath;
-        } else {
-            wireGuardConfigFile = "/opt/amnezia/awg/wg0.conf";
-        }
-    } else {
-        wireGuardConfigFile = amnezia::protocols::wireguard::serverConfigPath;
-    }
-
+    const QString wireGuardConfigFile =
+            QString("/opt/amnezia/%1/wg0.conf").arg(container == DockerContainer::WireGuard ? "wireguard" : "awg");
     const QString wireguardConfigString = serverController->getTextFileFromContainer(container, credentials, wireGuardConfigFile, error);
     if (error != ErrorCode::NoError) {
         logger.error() << "Failed to get the wg conf file from the server";
@@ -790,11 +780,7 @@ ErrorCode ClientManagementModel::revokeWireGuard(const int row, const DockerCont
         return error;
     }
 
-    QString interfaceName = DockerContainer::WireGuard ? protocols::wireguard::interfaceName : protocols::awg::interfaceName;
-    QString wgBinaryName = DockerContainer::WireGuard ? protocols::wireguard::wgBinaryName : protocols::awg::wgBinaryName;
-    QString wgQuickBinaryName = DockerContainer::WireGuard ? protocols::wireguard::wgQuickBinaryName : protocols::awg::wgQuickBinaryName;
-    QString script = QString("sudo docker exec -i $CONTAINER_NAME bash -c '%4 syncconf %2 <(%3 strip %1)'")
-                             .arg(wireGuardConfigFile, interfaceName, wgQuickBinaryName, wgBinaryName);
+    const QString script = "sudo docker exec -i $CONTAINER_NAME bash -c 'wg syncconf wg0 <(wg-quick strip %1)'";
     error = serverController->runScript(
             credentials,
             serverController->replaceVars(script.arg(wireGuardConfigFile), serverController->genVarsForScript(credentials, container)));