added proxy endpoint and proxy storage endpoint into dev menu

CMakeLists.txt

@@ -1,7 +1,7 @@
 cmake_minimum_required(VERSION 3.25.0 FATAL_ERROR)
 
 set(PROJECT AmneziaVPN)
-set(AMNEZIAVPN_VERSION 4.8.14.5)
+set(AMNEZIAVPN_VERSION 4.8.13.0)
 
 project(${PROJECT} VERSION ${AMNEZIAVPN_VERSION}
         DESCRIPTION "AmneziaVPN"
@@ -12,7 +12,7 @@ string(TIMESTAMP CURRENT_DATE "%Y-%m-%d")
 set(RELEASE_DATE "${CURRENT_DATE}")
 
 set(APP_MAJOR_VERSION ${CMAKE_PROJECT_VERSION_MAJOR}.${CMAKE_PROJECT_VERSION_MINOR}.${CMAKE_PROJECT_VERSION_PATCH})
-set(APP_ANDROID_VERSION_CODE 2118)
+set(APP_ANDROID_VERSION_CODE 2106)
 
 if(${CMAKE_SYSTEM_NAME} STREQUAL "Linux")
     set(MZ_PLATFORM_NAME "linux")
@@ -61,9 +61,6 @@ if(WIN32 AND NOT IOS AND NOT ANDROID AND NOT MACOS_NE)
     set(CPACK_PACKAGE_VENDOR "AmneziaVPN")
     set(CPACK_PACKAGE_VERSION ${AMNEZIAVPN_VERSION})
     set(CPACK_PACKAGE_DESCRIPTION_SUMMARY "AmneziaVPN client")
-    set(AMNEZIA_LICENSE_TXT "${CMAKE_BINARY_DIR}/LICENSE.txt")
-    configure_file("${CMAKE_SOURCE_DIR}/LICENSE" "${AMNEZIA_LICENSE_TXT}" COPYONLY)
-    set(CPACK_RESOURCE_FILE_LICENSE "${AMNEZIA_LICENSE_TXT}")
     set(CPACK_PACKAGE_INSTALL_DIRECTORY "AmneziaVPN")
     set(CPACK_PACKAGE_DIRECTORY "${CMAKE_BINARY_DIR}")
     set(CPACK_PACKAGE_EXECUTABLES "AmneziaVPN" "AmneziaVPN")

client/CMakeLists.txt

@@ -78,7 +78,6 @@ set(AMNEZIAVPN_TS_FILES
 )
 
 file(GLOB_RECURSE AMNEZIAVPN_TS_SOURCES *.qrc *.cpp *.h *.ui)
-list(FILTER AMNEZIAVPN_TS_SOURCES EXCLUDE REGEX "qtgamepad/examples")
 
 qt_create_translation(AMNEZIAVPN_QM_FILES ${AMNEZIAVPN_TS_SOURCES} ${AMNEZIAVPN_TS_FILES})
 

client/amnezia_application.cpp

@@ -109,16 +109,6 @@ void AmneziaApplication::init()
             // install filter on main window
             if (auto win = qobject_cast<QQuickWindow*>(obj)) {
                 win->installEventFilter(this);
-#ifdef Q_OS_ANDROID
-                QObject::connect(win, &QQuickWindow::sceneGraphError,
-                    [](QQuickWindow::SceneGraphError, const QString &msg) {
-                        qWarning() << "Scene graph error (suppressed):" << msg;
-                    });
-                // Keep graphics context alive across hide/show cycles to avoid
-                // eglSwapBuffers/makeCurrent being called on a context Android has reclaimed.
-                win->setPersistentSceneGraph(true);
-                win->setPersistentGraphics(true);
-#endif
                 win->show();
             }
         },

client/android/src/org/amnezia/vpn/AmneziaActivity.kt

@@ -75,8 +75,6 @@ private const val OPEN_FILE_ACTION_CODE = 3
 private const val CHECK_NOTIFICATION_PERMISSION_ACTION_CODE = 4
 
 private const val PREFS_NOTIFICATION_PERMISSION_ASKED = "NOTIFICATION_PERMISSION_ASKED"
-private const val OPEN_FILE_AFTER_RESUME_DELAY_MS = 400L
-private const val KEY_PENDING_OPEN_FILE_URI = "pending_open_file_uri"
 
 class AmneziaActivity : QtActivity() {
 
@@ -92,12 +90,10 @@ class AmneziaActivity : QtActivity() {
 
     private val actionResultHandlers = mutableMapOf<Int, ActivityResultHandler>()
     private val permissionRequestHandlers = mutableMapOf<Int, PermissionRequestHandler>()
-
+    
     private var isActivityResumed = false
     private var hasWindowFocus = false
     private val resumeHandler = Handler(Looper.getMainLooper())
-    private var pendingOpenFileUri: String? = null
-    private var openFileDeliveryScheduled = false
 
     private val vpnServiceEventHandler: Handler by lazy(NONE) {
         object : Handler(Looper.getMainLooper()) {
@@ -200,18 +196,11 @@ class AmneziaActivity : QtActivity() {
                 doBindService()
             }
         )
-        pendingOpenFileUri = savedInstanceState?.getString(KEY_PENDING_OPEN_FILE_URI)
-        openFileDeliveryScheduled = false
         registerBroadcastReceivers()
         intent?.let(::processIntent)
         runBlocking { vpnProto = proto.await() }
     }
 
-    override fun onSaveInstanceState(outState: Bundle) {
-        super.onSaveInstanceState(outState)
-        pendingOpenFileUri?.let { outState.putString(KEY_PENDING_OPEN_FILE_URI, it) }
-    }
-
     private fun loadLibs() {
         listOf(
             "rsapss",
@@ -281,7 +270,6 @@ class AmneziaActivity : QtActivity() {
         hasWindowFocus = false
         // Cancel all pending operations when activity stops
         resumeHandler.removeCallbacksAndMessages(null)
-        openFileDeliveryScheduled = false
         Log.d(TAG, "Stop Amnezia activity")
         doUnbindService()
         mainScope.launch {
@@ -295,7 +283,7 @@ class AmneziaActivity : QtActivity() {
         super.onWindowFocusChanged(hasFocus)
         hasWindowFocus = hasFocus
         Log.d(TAG, "Window focus changed: hasFocus=$hasFocus")
-
+        
         // Cancel pending operations if window loses focus
         if (!hasFocus) {
             resumeHandler.removeCallbacksAndMessages(null)
@@ -303,31 +291,35 @@ class AmneziaActivity : QtActivity() {
     }
 
     override fun dispatchKeyEvent(event: KeyEvent): Boolean {
+        val deviceId = event.deviceId
         val keyCode = event.keyCode
         val pressed = event.action == KeyEvent.ACTION_DOWN
+        val source = event.source
 
-        when (keyCode) {
-            KeyEvent.KEYCODE_BUTTON_A,
-            KeyEvent.KEYCODE_BUTTON_B,
-            KeyEvent.KEYCODE_BUTTON_X,
-            KeyEvent.KEYCODE_BUTTON_Y,
-            KeyEvent.KEYCODE_BUTTON_START,
-            KeyEvent.KEYCODE_BUTTON_SELECT -> {
-                    nativeGamepadKeyEvent(0, keyCode, pressed)
+        if (deviceId < 0 && pressed) {
+            when (keyCode) {
+                KeyEvent.KEYCODE_BUTTON_A,
+                KeyEvent.KEYCODE_BUTTON_B,
+                KeyEvent.KEYCODE_BUTTON_X,
+                KeyEvent.KEYCODE_BUTTON_Y,
+                KeyEvent.KEYCODE_BUTTON_START,
+                KeyEvent.KEYCODE_BUTTON_SELECT,
+                KeyEvent.KEYCODE_DPAD_CENTER -> {
+                    nativeGamepadKeyEvent(0, keyCode, true)
+                    nativeGamepadKeyEvent(0, keyCode, false)
                     return true
+                }
             }
-            KeyEvent.KEYCODE_DPAD_CENTER,
-            KeyEvent.KEYCODE_DPAD_UP,
-            KeyEvent.KEYCODE_DPAD_DOWN,
-            KeyEvent.KEYCODE_DPAD_LEFT,
-            KeyEvent.KEYCODE_DPAD_RIGHT -> {
-                    val syntheticKeyCode = if (keyCode == KeyEvent.KEYCODE_DPAD_CENTER) KeyEvent.KEYCODE_ENTER else keyCode
-                    val synthetic = KeyEvent(
-                        event.downTime, event.eventTime, event.action, syntheticKeyCode,
-                        event.repeatCount, event.metaState, -1, event.scanCode,
-                        event.flags, InputDevice.SOURCE_KEYBOARD
-                    )
-                    return super.dispatchKeyEvent(synthetic)
+        }
+
+        // Real gamepad events (deviceId >= 0)
+        if (deviceId >= 0) {
+            val isGamepad = (source and InputDevice.SOURCE_GAMEPAD) == InputDevice.SOURCE_GAMEPAD
+            val isJoystick = (source and InputDevice.SOURCE_JOYSTICK) == InputDevice.SOURCE_JOYSTICK
+            val isDpad = (source and InputDevice.SOURCE_DPAD) == InputDevice.SOURCE_DPAD
+            if (isGamepad || isJoystick || isDpad) {
+                nativeGamepadKeyEvent(deviceId, keyCode, pressed)
+                return true
             }
         }
 
@@ -341,7 +333,6 @@ class AmneziaActivity : QtActivity() {
         isActivityResumed = false
         // Cancel all pending operations when activity pauses
         resumeHandler.removeCallbacksAndMessages(null)
-        openFileDeliveryScheduled = false
         Log.d(TAG, "Pause Amnezia activity")
     }
 
@@ -350,21 +341,6 @@ class AmneziaActivity : QtActivity() {
         isActivityResumed = true
         Log.d(TAG, "Resume Amnezia activity")
 
-        if (pendingOpenFileUri != null && !openFileDeliveryScheduled) {
-            val uri = pendingOpenFileUri!!
-            openFileDeliveryScheduled = true
-            resumeHandler.postDelayed({
-                if (!isFinishing && !isDestroyed) {
-                    pendingOpenFileUri = null
-                    openFileDeliveryScheduled = false
-                    mainScope.launch {
-                        qtInitialized.await()
-                        QtAndroidController.onFileOpened(uri)
-                    }
-                }
-            }, OPEN_FILE_AFTER_RESUME_DELAY_MS)
-        }
-
         if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.UPSIDE_DOWN_CAKE) {
             window.decorView.apply {
                 invalidate()
@@ -375,13 +351,13 @@ class AmneziaActivity : QtActivity() {
                         sendTouch(1f, 1f)
                     }
                 }, 100)
-
+                
                 resumeHandler.postDelayed({
                     if (isActivityResumed && hasWindowFocus && !isFinishing && !isDestroyed) {
                         sendTouch(2f, 2f)
                     }
                 }, 200)
-
+                
                 resumeHandler.postDelayed({
                     if (isActivityResumed && hasWindowFocus && !isFinishing && !isDestroyed) {
                         requestLayout()
@@ -427,25 +403,25 @@ class AmneziaActivity : QtActivity() {
         ViewCompat.setOnApplyWindowInsetsListener(window.decorView) { view, windowInsets ->
             val imeInsets = windowInsets.getInsets(WindowInsetsCompat.Type.ime())
             val imeVisible = windowInsets.isVisible(WindowInsetsCompat.Type.ime())
-
+            
             val imeHeight = if (imeVisible) imeInsets.bottom else 0
 
             val density = resources.displayMetrics.density
             val imeHeightDp = (imeHeight / density).toInt()
-
+            
             // Also track system bars (navigation bar, status bar) changes
             val systemBarsInsets = windowInsets.getInsets(WindowInsetsCompat.Type.systemBars())
             val navBarHeight = systemBarsInsets.bottom
             val navBarHeightDp = (navBarHeight / density).toInt()
             val statusBarHeight = systemBarsInsets.top
             val statusBarHeightDp = (statusBarHeight / density).toInt()
-
+            
             mainScope.launch {
                 qtInitialized.await()
                 QtAndroidController.onImeInsetsChanged(imeHeightDp)
                 QtAndroidController.onSystemBarsInsetsChanged(navBarHeightDp, statusBarHeightDp)
             }
-
+            
             // Return windowInsets instead of CONSUMED to allow proper handling
             windowInsets
         }
@@ -781,13 +757,9 @@ class AmneziaActivity : QtActivity() {
                             grantUriPermission(packageName, this, Intent.FLAG_GRANT_READ_URI_PERMISSION)
                         }?.toString() ?: ""
                         Log.v(TAG, "Open file: $uri")
-                        if (uri.isNotEmpty()) {
-                            pendingOpenFileUri = uri
-                        } else {
-                            mainScope.launch {
-                                qtInitialized.await()
-                                QtAndroidController.onFileOpened(uri)
-                            }
+                        mainScope.launch {
+                            qtInitialized.await()
+                            QtAndroidController.onFileOpened(uri)
                         }
                     }
                 ))

client/android/src/org/amnezia/vpn/TvFilePicker.kt

@@ -33,10 +33,7 @@ class TvFilePicker : ComponentActivity() {
             return intent
         }
     }) {
-        setResult(RESULT_OK, Intent().apply {
-            data = it
-            addFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION)
-        })
+        setResult(RESULT_OK, Intent().apply { data = it })
         finish()
     }
 

client/cmake/ios.cmake

@@ -121,7 +121,6 @@ target_sources(${PROJECT} PRIVATE
     ${CLIENT_ROOT_DIR}/platforms/ios/LogRecord.swift
     ${CLIENT_ROOT_DIR}/platforms/ios/ScreenProtection.swift
     ${CLIENT_ROOT_DIR}/platforms/ios/VPNCController.swift
-    ${CLIENT_ROOT_DIR}/platforms/ios/StoreKit2Helper.swift
 )
 
 target_sources(${PROJECT} PRIVATE

client/cmake/macos_ne.cmake

@@ -131,7 +131,6 @@ target_sources(${PROJECT} PRIVATE
     ${CLIENT_ROOT_DIR}/platforms/ios/LogRecord.swift
     ${CLIENT_ROOT_DIR}/platforms/ios/ScreenProtection.swift
     ${CLIENT_ROOT_DIR}/platforms/ios/VPNCController.swift
-    ${CLIENT_ROOT_DIR}/platforms/ios/StoreKit2Helper.swift
 )
 
 target_sources(${PROJECT} PRIVATE
@@ -164,7 +163,7 @@ add_custom_command(TARGET ${PROJECT} POST_BUILD
     COMMAND ${CMAKE_COMMAND} -E make_directory
             $<TARGET_BUNDLE_DIR:AmneziaVPN>/Contents/Frameworks
     COMMAND /usr/bin/find "$<TARGET_BUNDLE_DIR:AmneziaVPN>/Contents/Frameworks/OpenVPNAdapter.framework" -name "*.sha256" -delete
-    COMMAND /usr/bin/codesign --force --sign "Apple Distribution: Privacy Technologies OU"
+    COMMAND /usr/bin/codesign --force --sign "Apple Distribution"
             "$<TARGET_BUNDLE_DIR:AmneziaVPN>/Contents/Frameworks/OpenVPNAdapter.framework/Versions/Current/OpenVPNAdapter"
     COMMAND ${QT_BIN_DIR_DETECTED}/macdeployqt $<TARGET_BUNDLE_DIR:AmneziaVPN> -appstore-compliant -qmldir=${CMAKE_CURRENT_SOURCE_DIR}
     COMMENT "Signing OpenVPNAdapter framework"

client/core/api/apiUtils.cpp

@@ -90,46 +90,39 @@ amnezia::ErrorCode apiUtils::checkNetworkReplyErrors(const QList<QSslError> &ssl
     const int httpStatusCodeConflict = 409;
     const int httpStatusCodeNotFound = 404;
     const int httpStatusCodeNotImplemented = 501;
-    const int httpStatusCodePaymentRequired = 402;
 
     if (!sslErrors.empty()) {
         qDebug().noquote() << sslErrors;
         return amnezia::ErrorCode::ApiConfigSslError;
-    }
-    if (replyError == QNetworkReply::NoError) {
+    } else if (replyError == QNetworkReply::NoError) {
         return amnezia::ErrorCode::NoError;
-    }
-    if (replyError == QNetworkReply::NetworkError::OperationCanceledError
-        || replyError == QNetworkReply::NetworkError::TimeoutError) {
+    } else if (replyError == QNetworkReply::NetworkError::OperationCanceledError
+               || replyError == QNetworkReply::NetworkError::TimeoutError) {
         qDebug() << replyError;
         return amnezia::ErrorCode::ApiConfigTimeoutError;
-    }
-    if (replyError == QNetworkReply::NetworkError::OperationNotImplementedError) {
+    } else if (replyError == QNetworkReply::NetworkError::OperationNotImplementedError) {
         qDebug() << replyError;
         return amnezia::ErrorCode::ApiUpdateRequestError;
-    }
+    } else {
+        qDebug() << QString::fromUtf8(responseBody);
+        qDebug() << replyError;
+        qDebug() << replyErrorString;
+        qDebug() << httpStatusCode;
 
-    qDebug() << QString::fromUtf8(responseBody);
-    qDebug() << replyError;
-    qDebug() << replyErrorString;
-    qDebug() << httpStatusCode;
+        int httpStatusFromBody = -1;
+        QJsonDocument jsonDoc = QJsonDocument::fromJson(responseBody);
+        if (jsonDoc.isObject()) {
+            QJsonObject jsonObj = jsonDoc.object();
+            httpStatusFromBody = jsonObj.value("http_status").toInt(-1);
+        }
 
-    QJsonDocument jsonDoc = QJsonDocument::fromJson(responseBody);
-    if (jsonDoc.isObject()) {
-        QJsonObject jsonObj = jsonDoc.object();
-        const int httpStatusFromBody = jsonObj.value(QStringLiteral("http_status")).toInt(-1);
         if (httpStatusFromBody == httpStatusCodeConflict) {
             return amnezia::ErrorCode::ApiConfigLimitError;
-        }
-        if (httpStatusFromBody == httpStatusCodeNotFound) {
+        } else if (httpStatusFromBody == httpStatusCodeNotFound) {
             return amnezia::ErrorCode::ApiNotFoundError;
-        }
-        if (httpStatusFromBody == httpStatusCodeNotImplemented) {
+        } else if (httpStatusFromBody == httpStatusCodeNotImplemented) {
             return amnezia::ErrorCode::ApiUpdateRequestError;
         }
-        if (httpStatusFromBody == httpStatusCodePaymentRequired) {
-            return amnezia::ErrorCode::ApiSubscriptionNotActiveError;
-        }
         return amnezia::ErrorCode::ApiConfigDownloadError;
     }
 

client/core/controllers/coreController.cpp

@@ -135,7 +135,7 @@ void CoreController::initControllers()
             new SettingsController(m_serversModel, m_containersModel, m_languageModel, m_sitesModel, m_appSplitTunnelingModel, m_settings));
     m_engine->rootContext()->setContextProperty("SettingsController", m_settingsController.get());
 
-    m_sitesController.reset(new SitesController(m_settings, m_sitesModel));
+    m_sitesController.reset(new SitesController(m_settings, m_vpnConnection, m_sitesModel));
     m_engine->rootContext()->setContextProperty("SitesController", m_sitesController.get());
 
     m_allowedDnsController.reset(new AllowedDnsController(m_settings, m_allowedDnsModel));
@@ -368,11 +368,7 @@ void CoreController::initPrepareConfigHandler()
             return;
         }
 
-        m_installController->validateConfig();
-    });
-
-    connect(m_installController.get(), &InstallController::configValidated, this, [this](bool isValid) {
-        if (!isValid) {
+        if (!m_installController->isConfigValid()) {
             emit m_vpnConnection->connectionStateChanged(Vpn::ConnectionState::Disconnected);
             return;
         }

client/core/controllers/gatewayController.cpp

@@ -44,14 +44,27 @@ namespace
 
     constexpr int httpStatusCodeNotFound = 404;
     constexpr int httpStatusCodeConflict = 409;
+
     constexpr int httpStatusCodeNotImplemented = 501;
-    constexpr int httpStatusCodePaymentRequired = 402;
+
+    QStringList splitUrls(const QString &urls)
+    {
+        QStringList parsedUrls = urls.split(",", Qt::SkipEmptyParts);
+        for (QString &url : parsedUrls) {
+            url = url.trimmed();
+        }
+        parsedUrls.removeAll("");
+        return parsedUrls;
+    }
 }
 
 GatewayController::GatewayController(const QString &gatewayEndpoint, const bool isDevEnvironment, const int requestTimeoutMsecs,
-                                     const bool isStrictKillSwitchEnabled, QObject *parent)
+                                     const bool isStrictKillSwitchEnabled, const QString &proxyStorageOverride,
+                                     const QString &proxyUrlOverride, QObject *parent)
     : QObject(parent),
       m_gatewayEndpoint(gatewayEndpoint),
+      m_proxyStorageOverride(proxyStorageOverride),
+      m_proxyUrlOverride(proxyUrlOverride),
       m_isDevEnvironment(isDevEnvironment),
       m_requestTimeoutMsecs(requestTimeoutMsecs),
       m_isStrictKillSwitchEnabled(isStrictKillSwitchEnabled)
@@ -71,7 +84,8 @@ GatewayController::EncryptedRequestData GatewayController::prepareRequest(const
     encRequestData.request.setTransferTimeout(m_requestTimeoutMsecs);
     encRequestData.request.setHeader(QNetworkRequest::ContentTypeHeader, "application/json");
     encRequestData.request.setRawHeader(QString("X-Client-Request-ID").toUtf8(), QUuid::createUuid().toString(QUuid::WithoutBraces).toUtf8());
-    encRequestData.request.setUrl(endpoint.arg(m_proxyUrl.isEmpty() ? m_gatewayEndpoint : m_proxyUrl));
+    QString selectedProxyUrl = m_proxyUrlOverride.isEmpty() ? m_proxyUrl : m_proxyUrlOverride;
+    encRequestData.request.setUrl(endpoint.arg(selectedProxyUrl.isEmpty() ? m_gatewayEndpoint : selectedProxyUrl));
 
     // bypass killSwitch exceptions for API-gateway
 #ifdef AMNEZIA_DESKTOP
@@ -283,9 +297,9 @@ QFuture<QPair<ErrorCode, QByteArray>> GatewayController::postAsync(const QString
 
             QStringList baseUrls;
             if (m_isDevEnvironment) {
-                baseUrls = QString(DEV_S3_ENDPOINT).split(", ");
+                baseUrls = m_proxyStorageOverride.isEmpty() ? splitUrls(DEV_S3_ENDPOINT) : splitUrls(m_proxyStorageOverride);
             } else {
-                baseUrls = QString(PROD_S3_ENDPOINT).split(", ");
+                baseUrls = splitUrls(PROD_S3_ENDPOINT);
             }
 
             QStringList proxyStorageUrls;
@@ -333,13 +347,10 @@ QStringList GatewayController::getProxyUrls(const QString &serviceType, const QS
 
     QStringList baseUrls;
     if (m_isDevEnvironment) {
-        baseUrls = QString(DEV_S3_ENDPOINT).split(", ");
+        baseUrls = m_proxyStorageOverride.isEmpty() ? splitUrls(DEV_S3_ENDPOINT) : splitUrls(m_proxyStorageOverride);
     } else {
-        baseUrls = QString(PROD_S3_ENDPOINT).split(", ");
+        baseUrls = splitUrls(PROD_S3_ENDPOINT);
     }
-    std::random_device randomDevice;
-    std::mt19937 generator(randomDevice());
-    std::shuffle(baseUrls.begin(), baseUrls.end(), generator);
 
     QByteArray key = m_isDevEnvironment ? DEV_AGW_PUBLIC_KEY : PROD_AGW_PUBLIC_KEY;
 
@@ -451,8 +462,6 @@ bool GatewayController::shouldBypassProxy(const QNetworkReply::NetworkError &rep
         }
     } else if (httpStatus == httpStatusCodeConflict) {
         return false;
-    } else if (httpStatus == httpStatusCodePaymentRequired) {
-        return false;
     } else if (replyError != QNetworkReply::NetworkError::NoError) {
         qDebug() << replyError;
         return true;
@@ -489,7 +498,9 @@ void GatewayController::bypassProxy(const QString &endpoint, const QString &serv
         return result;
     };
 
-    if (m_proxyUrl.isEmpty()) {
+    QString selectedProxyUrl = m_proxyUrlOverride.isEmpty() ? m_proxyUrl : m_proxyUrlOverride;
+
+    if (selectedProxyUrl.isEmpty()) {
         QNetworkRequest request;
         request.setTransferTimeout(1000);
         request.setHeader(QNetworkRequest::ContentTypeHeader, "application/json");
@@ -511,6 +522,7 @@ void GatewayController::bypassProxy(const QString &endpoint, const QString &serv
 
                 m_proxyUrl = proxyUrl;
                 if (!m_proxyUrl.isEmpty()) {
+                    selectedProxyUrl = m_proxyUrl;
                     break;
                 }
             } else {
@@ -519,8 +531,8 @@ void GatewayController::bypassProxy(const QString &endpoint, const QString &serv
         }
     }
 
-    if (!m_proxyUrl.isEmpty()) {
-        if (bypassFunction(endpoint, m_proxyUrl, requestFunction, replyProcessingFunction)) {
+    if (!selectedProxyUrl.isEmpty()) {
+        if (bypassFunction(endpoint, selectedProxyUrl, requestFunction, replyProcessingFunction)) {
             return;
         }
     }
@@ -606,6 +618,11 @@ void GatewayController::getProxyUrlsAsync(const QStringList proxyStorageUrls, co
 void GatewayController::getProxyUrlAsync(const QStringList proxyUrls, const int currentProxyIndex,
                                          std::function<void(const QString &)> onComplete)
 {
+    if (!m_proxyUrlOverride.isEmpty()) {
+        onComplete(m_proxyUrlOverride);
+        return;
+    }
+
     if (currentProxyIndex >= proxyUrls.size()) {
         onComplete("");
         return;

client/core/controllers/gatewayController.h

@@ -20,7 +20,8 @@ class GatewayController : public QObject
 
 public:
     explicit GatewayController(const QString &gatewayEndpoint, const bool isDevEnvironment, const int requestTimeoutMsecs,
-                               const bool isStrictKillSwitchEnabled, QObject *parent = nullptr);
+                               const bool isStrictKillSwitchEnabled, const QString &proxyStorageOverride = "",
+                               const QString &proxyUrlOverride = "", QObject *parent = nullptr);
 
     amnezia::ErrorCode post(const QString &endpoint, const QJsonObject apiPayload, QByteArray &responseBody);
     QFuture<QPair<amnezia::ErrorCode, QByteArray>> postAsync(const QString &endpoint, const QJsonObject apiPayload);
@@ -61,6 +62,8 @@ private:
 
     int m_requestTimeoutMsecs;
     QString m_gatewayEndpoint;
+    QString m_proxyStorageOverride;
+    QString m_proxyUrlOverride;
     bool m_isDevEnvironment = false;
     bool m_isStrictKillSwitchEnabled = false;
 

client/core/defs.h

@@ -123,8 +123,6 @@ namespace amnezia
         ApiUpdateRequestError = 1111,
         ApiSubscriptionExpiredError = 1112,
         ApiPurchaseError = 1113,
-        ApiSubscriptionNotActiveError = 1114,
-        ApiNoPurchasedSubscriptionsError = 1115,
 
         // QFile errors
         OpenError = 1200,

client/core/errorstrings.cpp

@@ -80,8 +80,6 @@ QString errorString(ErrorCode code) {
     case (ErrorCode::ApiUpdateRequestError): errorMessage = QObject::tr("Please update the application to use this feature"); break;
     case (ErrorCode::ApiSubscriptionExpiredError): errorMessage = QObject::tr("Your Amnezia Premium subscription has expired.\n Please check your email for renewal instructions.\n If you haven't received an email, please contact our support."); break;
     case (ErrorCode::ApiPurchaseError): errorMessage = QObject::tr("Unable to process purchase"); break;
-    case (ErrorCode::ApiSubscriptionNotActiveError): errorMessage = QObject::tr("No active subscription found"); break;
-    case (ErrorCode::ApiNoPurchasedSubscriptionsError): errorMessage = QObject::tr("No purchased subscriptions found. Please purchase a subscription first"); break;
 
     // QFile errors
     case(ErrorCode::OpenError): errorMessage = QObject::tr("QFile error: The file could not be opened"); break;

client/mozilla/networkwatcher.cpp

@@ -72,9 +72,9 @@ void NetworkWatcher::initialize() {
   connect(m_impl, &NetworkWatcherImpl::unsecuredNetwork, this,
           &NetworkWatcher::unsecuredNetwork);
   connect(m_impl, &NetworkWatcherImpl::networkChanged, this,
-          &NetworkWatcher::networkChanged);
-  connect(m_impl, &NetworkWatcherImpl::wakeup, this,
-          &NetworkWatcher::wakeup);
+          &NetworkWatcher::networkChange);
+  connect(m_impl, &NetworkWatcherImpl::sleepMode, this,
+          &NetworkWatcher::onSleepMode);
   m_impl->initialize();
 
   // Enable sleep/wake monitoring for VPN auto-reconnection
@@ -97,6 +97,12 @@ void NetworkWatcher::settingsChanged() {
   logger.debug() << "NetworkWatcher settings changed - keeping sleep monitoring active";
 }
 
+void NetworkWatcher::onSleepMode()
+{
+  logger.debug() << "Resumed from sleep mode";
+  emit sleepMode();
+}
+
 void NetworkWatcher::unsecuredNetwork(const QString& networkName,
                                       const QString& networkId) {
   logger.debug() << "Unsecured network:" << logger.sensitive(networkName)

client/mozilla/networkwatcher.h

@@ -29,11 +29,13 @@ public:
     // false to restore.
     void simulateDisconnection(bool simulatedDisconnection);
 
+    void onSleepMode();
+
     QNetworkInformation::Reachability getReachability();
 
 signals:
-    void networkChanged();
-    void wakeup();
+    void networkChange();
+    void sleepMode();
 
 private:
     void settingsChanged();

client/mozilla/networkwatcherimpl.h

@@ -41,7 +41,7 @@ signals:
     // TODO: Only windows-networkwatcher has this, the other plattforms should
     // too.
     void networkChanged(QString newBSSID);
-    void wakeup();
+    void sleepMode();
 
 
 private:

client/platforms/ios/StoreKit2Helper.swift

@@ -1,119 +0,0 @@
-import Foundation
-import StoreKit
-
-@available(iOS 15.0, macOS 12.0, *)
-@objcMembers
-public class StoreKit2Helper: NSObject {
-
-    public static let shared = StoreKit2Helper()
-
-    private struct EntitlementInfo {
-        let transactionId: UInt64
-        let originalTransactionId: UInt64
-        let productId: String
-        let purchaseDate: Date
-
-        var dictionary: NSDictionary {
-            [
-                "transactionId": String(transactionId),
-                "originalTransactionId": String(originalTransactionId),
-                "productId": productId
-            ]
-        }
-    }
-
-    public func fetchCurrentEntitlements(completion: @escaping (Bool, [NSDictionary]?, NSError?) -> Void) {
-        Task { @MainActor in
-            do {
-                try await AppStore.sync()
-
-                var entitlements: [EntitlementInfo] = []
-                for await result in Transaction.currentEntitlements {
-                    switch result {
-                    case .verified(let transaction):
-                        entitlements.append(EntitlementInfo(transactionId: transaction.id,
-                                                            originalTransactionId: transaction.originalID,
-                                                            productId: transaction.productID,
-                                                            purchaseDate: transaction.purchaseDate))
-                    case .unverified(_, let error):
-                        print("[IAP][StoreKit2] Unverified transaction skipped: \(error.localizedDescription)")
-                    }
-                }
-                let sortedEntitlements = entitlements.sorted { lhs, rhs in
-                    if lhs.purchaseDate != rhs.purchaseDate {
-                        return lhs.purchaseDate > rhs.purchaseDate
-                    }
-                    return lhs.transactionId > rhs.transactionId
-                }.map { $0.dictionary }
-                completion(true, sortedEntitlements, nil)
-            } catch {
-                completion(false, nil, error as NSError)
-            }
-        }
-    }
-
-    public func purchaseProduct(productIdentifier: String, completion: @escaping (Bool, String?, String?, String?, NSError?) -> Void) {
-        Task {
-            do {
-                let products = try await Product.products(for: [productIdentifier])
-                guard let product = products.first else {
-                    let error = NSError(domain: "StoreKit2Helper", code: 0, userInfo: [NSLocalizedDescriptionKey: "Product not found"])
-                    DispatchQueue.main.async { completion(false, nil, nil, nil, error) }
-                    return
-                }
-                let result = try await product.purchase()
-                switch result {
-                case .success(let verification):
-                    switch verification {
-                    case .verified(let transaction):
-                        await transaction.finish()
-                        let txId = String(transaction.id)
-                        let origTxId = String(transaction.originalID)
-                        let pId = transaction.productID
-                        DispatchQueue.main.async { completion(true, txId, pId, origTxId, nil) }
-                    case .unverified(_, let error):
-                        DispatchQueue.main.async { completion(false, nil, nil, nil, error as NSError) }
-                    }
-                case .userCancelled:
-                    let error = NSError(domain: "StoreKit2Helper", code: 1, userInfo: [NSLocalizedDescriptionKey: "Purchase cancelled"])
-                    DispatchQueue.main.async { completion(false, nil, nil, nil, error) }
-                case .pending:
-                    let error = NSError(domain: "StoreKit2Helper", code: 2, userInfo: [NSLocalizedDescriptionKey: "Purchase pending"])
-                    DispatchQueue.main.async { completion(false, nil, nil, nil, error) }
-                @unknown default:
-                    let error = NSError(domain: "StoreKit2Helper", code: 3, userInfo: [NSLocalizedDescriptionKey: "Unknown purchase result"])
-                    DispatchQueue.main.async { completion(false, nil, nil, nil, error) }
-                }
-            } catch {
-                DispatchQueue.main.async { completion(false, nil, nil, nil, error as NSError) }
-            }
-        }
-    }
-
-    private func storefrontCurrencyCode(for product: Product) -> String {
-        product.priceFormatStyle.locale.currencyCode ?? ""
-    }
-
-    public func fetchProducts(identifiers: Set<String>, completion: @escaping ([NSDictionary], [String], NSError?) -> Void) {
-        Task {
-            do {
-                let products = try await Product.products(for: identifiers)
-                let productDicts = products.map { product -> NSDictionary in
-                    let currencyCode = storefrontCurrencyCode(for: product)
-                    return [
-                        "productId": product.id,
-                        "title": product.displayName,
-                        "description": product.description,
-                        "price": "\(product.price)",
-                        "currencyCode": currencyCode
-                    ]
-                }
-                let fetchedIds = Set(products.map { $0.id })
-                let invalidIdentifiers = identifiers.filter { !fetchedIds.contains($0) }
-                DispatchQueue.main.async { completion(productDicts, Array(invalidIdentifiers), nil) }
-            } catch {
-                DispatchQueue.main.async { completion([], Array(identifiers), error as NSError) }
-            }
-        }
-    }
-}

client/platforms/ios/StoreKitController.mm

@@ -4,12 +4,27 @@
 
 #import "StoreKitController.h"
 #import <StoreKit/StoreKit.h>
-#import <AmneziaVPN-Swift.h>
 
 #include <QtCore/QDebug>
 #include <QtCore/QString>
 
 API_AVAILABLE(ios(15.0), macos(12.0))
+@interface StoreKitController () <SKProductsRequestDelegate, SKPaymentTransactionObserver>
+@property (nonatomic, copy) void (^purchaseCompletion)(BOOL success,
+                                                       NSString *_Nullable transactionId,
+                                                       NSString *_Nullable productId,
+                                                       NSString *_Nullable originalTransactionId,
+                                                       NSError *_Nullable error);
+@property (nonatomic, copy) void (^restoreCompletion)(BOOL success,
+                                                      NSArray<NSDictionary *> *_Nullable restoredTransactions,
+                                                      NSError *_Nullable error);
+@property (nonatomic, copy) void (^productsFetchCompletion)(NSArray<NSDictionary *> *products,
+                                                            NSArray<NSString *> *invalidIdentifiers,
+                                                            NSError *_Nullable error);
+@property (nonatomic, strong) SKProductsRequest *productsRequest;
+@property (nonatomic, strong) NSMutableArray<NSDictionary *> *restoredTransactions;
+@end
+
 @implementation StoreKitController
 
 + (instancetype)sharedInstance
@@ -27,9 +42,17 @@ API_AVAILABLE(ios(15.0), macos(12.0))
 - (instancetype)init API_AVAILABLE(ios(15.0), macos(12.0))
 {
     self = [super init];
+    if (self) {
+        [[SKPaymentQueue defaultQueue] addTransactionObserver:self];
+    }
     return self;
 }
 
+- (void)dealloc
+{
+    [[SKPaymentQueue defaultQueue] removeTransactionObserver:self];
+}
+
 - (void)purchaseProduct:(NSString *)productIdentifier
              completion:(void (^)(BOOL success,
                                   NSString *_Nullable transactionId,
@@ -37,50 +60,41 @@ API_AVAILABLE(ios(15.0), macos(12.0))
                                   NSString *_Nullable originalTransactionId,
                                   NSError *_Nullable error))completion API_AVAILABLE(ios(15.0), macos(12.0))
 {
-    qInfo().noquote() << "[IAP][StoreKit2] Starting purchase for" << QString::fromUtf8(productIdentifier.UTF8String);
-    [[StoreKit2Helper shared] purchaseProductWithProductIdentifier:productIdentifier
-                                                      completion:^(BOOL success,
-                                                                   NSString *transactionId,
-                                                                   NSString *productId,
-                                                                   NSString *originalTransactionId,
-                                                                   NSError *error) {
-        if (success) {
-            qInfo().noquote() << "[IAP][StoreKit2] Purchase success. transactionId =" << QString::fromUtf8(transactionId.UTF8String)
-                              << "originalTransactionId =" << QString::fromUtf8(originalTransactionId.UTF8String)
-                              << "productId =" << QString::fromUtf8(productId.UTF8String);
-        } else if (error) {
-            qWarning().noquote() << "[IAP][StoreKit2] Purchase failed:" << QString::fromUtf8(error.localizedDescription.UTF8String);
+    self.purchaseCompletion = completion;
+    
+    qInfo().noquote() << "[IAP][StoreKit] Starting purchase for" << QString::fromUtf8(productIdentifier.UTF8String);
+    dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^{
+        [self performPurchaseAsync:productIdentifier];
+    });
+}
+
+- (void)performPurchaseAsync:(NSString *)productIdentifier API_AVAILABLE(ios(15.0), macos(12.0))
+{
+    dispatch_async(dispatch_get_main_queue(), ^{
+        @try {
+            SKProductsRequest *request = [[SKProductsRequest alloc] initWithProductIdentifiers:[NSSet setWithObject:productIdentifier]];
+            request.delegate = self;
+            [request start];
+            
+        } @catch (NSException *exception) {
+            NSError *error = [NSError errorWithDomain:@"StoreKitController"
+                                                 code:1
+                                             userInfo:@{ NSLocalizedDescriptionKey : exception.reason ?: @"Purchase failed" }];
+            if (self.purchaseCompletion) {
+                self.purchaseCompletion(NO, nil, nil, nil, error);
+                self.purchaseCompletion = nil;
+            }
         }
-        if (completion) {
-            completion(success, transactionId, productId, originalTransactionId, error);
-        }
-    }];
+    });
 }
 
 - (void)restorePurchasesWithCompletion:(void (^)(BOOL success,
                                                  NSArray<NSDictionary *> *_Nullable restoredTransactions,
                                                  NSError *_Nullable error))completion API_AVAILABLE(ios(15.0), macos(12.0))
 {
-    [[StoreKit2Helper shared] fetchCurrentEntitlementsWithCompletion:^(BOOL success,
-                                                                      NSArray<NSDictionary *> *entitlements,
-                                                                      NSError *error) {
-        if (success) {
-            qInfo().noquote() << "[IAP][StoreKit2] currentEntitlements returned"
-                              << (int)(entitlements ? entitlements.count : 0) << "active entitlements";
-            for (NSDictionary *info in entitlements) {
-                qInfo().noquote() << "[IAP][StoreKit2] Active entitlement:"
-                                  << "transactionId=" << QString::fromUtf8([info[@"transactionId"] UTF8String])
-                                  << "originalTransactionId=" << QString::fromUtf8([info[@"originalTransactionId"] UTF8String])
-                                  << "productId=" << QString::fromUtf8([info[@"productId"] UTF8String]);
-            }
-        } else {
-            qWarning().noquote() << "[IAP][StoreKit2] fetchCurrentEntitlements failed:"
-                                 << QString::fromUtf8(error.localizedDescription.UTF8String);
-        }
-        if (completion) {
-            completion(success, entitlements, error);
-        }
-    }];
+    self.restoreCompletion = completion;
+    self.restoredTransactions = [NSMutableArray array];
+    [[SKPaymentQueue defaultQueue] restoreCompletedTransactions];
 }
 
 - (void)fetchProductsWithIdentifiers:(NSSet<NSString *> *)productIdentifiers
@@ -88,21 +102,163 @@ API_AVAILABLE(ios(15.0), macos(12.0))
                                                NSArray<NSString *> *invalidIdentifiers,
                                                NSError *_Nullable error))completion API_AVAILABLE(ios(15.0), macos(12.0))
 {
-    [[StoreKit2Helper shared] fetchProductsWithIdentifiers:productIdentifiers
-                                               completion:^(NSArray<NSDictionary *> *products,
-                                                            NSArray<NSString *> *invalidIdentifiers,
-                                                            NSError *error) {
-        if (!error) {
-            for (NSDictionary *p in products) {
-                qInfo().noquote() << "[IAP][StoreKit2] Fetched product info" << QString::fromUtf8([p[@"productId"] UTF8String])
-                                  << "price=" << QString::fromUtf8([p[@"price"] UTF8String])
-                                  << "currency=" << QString::fromUtf8([p[@"currencyCode"] UTF8String]);
+    self.productsFetchCompletion = completion;
+    self.productsRequest = [[SKProductsRequest alloc] initWithProductIdentifiers:productIdentifiers];
+    self.productsRequest.delegate = self;
+    [self.productsRequest start];
+}
+
+#pragma mark - SKProductsRequestDelegate / SKRequestDelegate
+
+- (void)productsRequest:(SKProductsRequest *)request didReceiveResponse:(SKProductsResponse *)response
+{
+    if (self.purchaseCompletion) {
+        SKProduct *product = response.products.firstObject;
+        if (!product) {
+            NSError *error = [NSError errorWithDomain:@"StoreKitController"
+                                                 code:0
+                                             userInfo:@{ NSLocalizedDescriptionKey : @"Product not found" }];
+            self.purchaseCompletion(NO, nil, nil, nil, error);
+            self.purchaseCompletion = nil;
+            self.productsRequest = nil;
+            return;
+        }
+        NSString *currencyCode = [product.priceLocale objectForKey:NSLocaleCurrencyCode] ?: @"";
+        NSString *priceString = [product.price stringValue] ?: @"";
+        qInfo().noquote() << "[IAP][StoreKit] Received product" << QString::fromUtf8(product.productIdentifier.UTF8String)
+                          << "price=" << QString::fromUtf8(priceString.UTF8String)
+                          << "currency=" << QString::fromUtf8(currencyCode.UTF8String);
+        SKPayment *payment = [SKPayment paymentWithProduct:product];
+        [[SKPaymentQueue defaultQueue] addPayment:payment];
+        self.productsRequest = nil;
+        return;
+    }
+
+    if (self.productsFetchCompletion) {
+        NSMutableArray<NSDictionary *> *productDicts = [NSMutableArray array];
+        for (SKProduct *p in response.products) {
+            NSDictionary *productDict = @{
+                @"productId": p.productIdentifier,
+                @"title": p.localizedTitle,
+                @"description": p.localizedDescription,
+                @"price": p.price.stringValue,
+                @"currencyCode": [p.priceLocale objectForKey:NSLocaleCurrencyCode] ?: @""
+            };
+            [productDicts addObject:productDict];
+            NSString *productCurrency = [p.priceLocale objectForKey:NSLocaleCurrencyCode] ?: @"";
+            NSString *productPrice = [p.price stringValue] ?: @"";
+            qInfo().noquote() << "[IAP][StoreKit] Fetched product info" << QString::fromUtf8(p.productIdentifier.UTF8String)
+                              << "price=" << QString::fromUtf8(productPrice.UTF8String)
+                              << "currency=" << QString::fromUtf8(productCurrency.UTF8String);
+        }
+        
+        self.productsFetchCompletion(productDicts, response.invalidProductIdentifiers, nil);
+        self.productsFetchCompletion = nil;
+        self.productsRequest = nil;
+        return;
+    }
+}
+
+- (void)request:(SKRequest *)request didFailWithError:(NSError *)error
+{
+    if (self.purchaseCompletion) {
+        self.purchaseCompletion(NO, nil, nil, nil, error);
+        self.purchaseCompletion = nil;
+    }
+    if (self.productsFetchCompletion) {
+        self.productsFetchCompletion(@[], @[], error);
+        self.productsFetchCompletion = nil;
+    }
+    self.productsRequest = nil;
+}
+
+#pragma mark - SKPaymentTransactionObserver
+
+- (void)paymentQueue:(SKPaymentQueue *)queue updatedTransactions:(NSArray<SKPaymentTransaction *> *)transactions
+{
+    for (SKPaymentTransaction *transaction in transactions) {
+        switch (transaction.transactionState) {
+        case SKPaymentTransactionStatePurchased: {
+            NSString *originalTransactionId = transaction.originalTransaction.transactionIdentifier ?: transaction.transactionIdentifier;
+            qInfo().noquote() << "[IAP][StoreKit] Transaction purchased" << QString::fromUtf8(transaction.transactionIdentifier.UTF8String)
+                              << "original=" << QString::fromUtf8((originalTransactionId ?: @"").UTF8String)
+                              << "product=" << QString::fromUtf8(transaction.payment.productIdentifier.UTF8String);
+            
+            if (self.purchaseCompletion) {
+                self.purchaseCompletion(YES,
+                                       transaction.transactionIdentifier,
+                                       transaction.payment.productIdentifier,
+                                       originalTransactionId,
+                                       nil);
+                self.purchaseCompletion = nil;
             }
+            [[SKPaymentQueue defaultQueue] finishTransaction:transaction];
+            break;
         }
-        if (completion) {
-            completion(products ?: @[], invalidIdentifiers ?: @[], error);
+        case SKPaymentTransactionStateFailed:
+            qInfo().noquote() << "[IAP][StoreKit] Transaction failed" << QString::fromUtf8(transaction.transactionIdentifier.UTF8String)
+                              << "product=" << QString::fromUtf8(transaction.payment.productIdentifier.UTF8String)
+                              << "error=" << QString::fromUtf8(transaction.error.localizedDescription.UTF8String);
+            if (self.purchaseCompletion) {
+                self.purchaseCompletion(NO,
+                                       transaction.transactionIdentifier,
+                                       transaction.payment.productIdentifier,
+                                       nil,
+                                       transaction.error);
+                self.purchaseCompletion = nil;
+            }
+            [[SKPaymentQueue defaultQueue] finishTransaction:transaction];
+            break;
+        case SKPaymentTransactionStateRestored: {
+            if (self.restoreCompletion) {
+                NSString *transactionId = transaction.transactionIdentifier ?: @"";
+                NSString *originalTransactionId = transaction.originalTransaction.transactionIdentifier ?: transactionId;
+                NSString *productId = transaction.payment.productIdentifier ?: @"";
+
+                qInfo().noquote() << "[IAP][StoreKit] Transaction restored"
+                                  << QString::fromUtf8(transactionId.UTF8String)
+                                  << "original="
+                                  << QString::fromUtf8((originalTransactionId ?: @"").UTF8String)
+                                  << "product="
+                                  << QString::fromUtf8((productId ?: @"").UTF8String);
+
+                NSDictionary *info = @{
+                    @"transactionId": transactionId,
+                    @"originalTransactionId": originalTransactionId ?: @"",
+                    @"productId": productId ?: @""
+                };
+                if (!self.restoredTransactions) {
+                    self.restoredTransactions = [NSMutableArray array];
+                }
+                [self.restoredTransactions addObject:info];
+            }
+            [[SKPaymentQueue defaultQueue] finishTransaction:transaction];
+            break;
         }
-    }];
+        case SKPaymentTransactionStatePurchasing:
+        case SKPaymentTransactionStateDeferred: 
+            break;
+        }
+    }
+}
+
+- (void)paymentQueueRestoreCompletedTransactionsFinished:(SKPaymentQueue *)queue
+{
+    if (self.restoreCompletion) {
+        NSArray<NSDictionary *> *transactions = [self.restoredTransactions copy];
+        self.restoreCompletion(YES, transactions, nil);
+        self.restoreCompletion = nil;
+        self.restoredTransactions = nil;
+    }
+}
+
+- (void)paymentQueue:(SKPaymentQueue *)queue restoreCompletedTransactionsFailedWithError:(NSError *)error
+{
+    if (self.restoreCompletion) {
+        self.restoreCompletion(NO, nil, error);
+        self.restoreCompletion = nil;
+        self.restoredTransactions = nil;
+    }
 }
 
 @end

client/platforms/ios/ios_controller.mm

@@ -179,9 +179,8 @@ bool IosController::initialize()
     [NETunnelProviderManager loadAllFromPreferencesWithCompletionHandler:^(NSArray<NETunnelProviderManager *> * _Nullable managers, NSError * _Nullable error) {
         @try {
             if (error) {
-                qWarning() << "IosController::initialize : loadAllFromPreferences failed:"
-                           << [error.localizedDescription UTF8String]
-                           << "domain:" << [error.domain UTF8String] << "code:" << error.code;
+                qDebug() << "IosController::initialize : Error:" << [error.localizedDescription UTF8String];
+                emit connectionStateChanged(Vpn::ConnectionState::Error);
                 ok = false;
                 return;
             }
@@ -398,14 +397,8 @@ void IosController::vpnStatusDidChange(void *pNotification)
 {
     NETunnelProviderSession *session = (NETunnelProviderSession *)pNotification;
 
-    if (!session) {
-        return;
-    }
-    if (!m_currentTunnel || (NETunnelProviderSession *)m_currentTunnel.connection != session) {
-        return;
-    }
-
-    qDebug() << "IosController::vpnStatusDidChange" << iosStatusToState(session.status) << session;
+    if (session /* && session == TunnelManager.session */ ) {
+        qDebug() << "IosController::vpnStatusDidChange" << iosStatusToState(session.status) << session;
 
         if (session.status == NEVPNStatusDisconnected) {
             if (@available(iOS 16.0, *)) {
@@ -519,6 +512,7 @@ void IosController::vpnStatusDidChange(void *pNotification)
             m_statusRequestInFlight = false;
         }
         emitConnectionStateIfChanged(nextState);
+    }
 }
 
 void IosController::vpnConfigurationDidChange(void *pNotification)
@@ -841,49 +835,39 @@ void IosController::startTunnel()
     m_rxBytes = 0;
     m_txBytes = 0;
 
-    NETunnelProviderManager *tunnel = m_currentTunnel;
-    [tunnel setEnabled:YES];
+    [m_currentTunnel setEnabled:YES];
 
-    dispatch_async(dispatch_get_main_queue(), ^{
-        [tunnel saveToPreferencesWithCompletionHandler:^(NSError *saveError) {
-            dispatch_async(dispatch_get_main_queue(), ^{
-                if (saveError) {
-                    qDebug().nospace() << "IosController::startTunnel" << protocolName << ": Connect " << protocolName
-                                       << " Tunnel Save Error" << saveError.localizedDescription.UTF8String << " domain:"
-                                       << saveError.domain.UTF8String << " code:" << saveError.code;
-                    emit connectionStateChanged(Vpn::ConnectionState::Error);
-                    return;
-                }
+    [m_currentTunnel saveToPreferencesWithCompletionHandler:^(NSError *saveError) {
+        dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^{
 
-                [tunnel loadFromPreferencesWithCompletionHandler:^(NSError *loadError) {
-                    dispatch_async(dispatch_get_main_queue(), ^{
-                        if (loadError) {
-                            qDebug().nospace() << "IosController::startTunnel :" << tunnel.localizedDescription << protocolName
-                                               << ": Connect " << protocolName << " Tunnel Load Error"
-                                               << loadError.localizedDescription.UTF8String;
-                            emit connectionStateChanged(Vpn::ConnectionState::Error);
-                            return;
-                        }
+            if (saveError) {
+                qDebug().nospace() << "IosController::startTunnel" << protocolName << ": Connect " << protocolName << " Tunnel Save Error" << saveError.localizedDescription.UTF8String;
+                emit connectionStateChanged(Vpn::ConnectionState::Error);
+                return;
+            }
 
-                        NSError *startError = nil;
-                        qDebug() << iosStatusToState(tunnel.connection.status);
+            [m_currentTunnel loadFromPreferencesWithCompletionHandler:^(NSError *loadError) {
+                    if (loadError) {
+                        qDebug().nospace() << "IosController::startTunnel :" << m_currentTunnel.localizedDescription << protocolName << ": Connect " << protocolName << " Tunnel Load Error" << loadError.localizedDescription.UTF8String;
+                        emit connectionStateChanged(Vpn::ConnectionState::Error);
+                        return;
+                    }
 
-                        BOOL started = [tunnel.connection startVPNTunnelWithOptions:nil andReturnError:&startError];
+                    NSError *startError = nil;
+                    qDebug() << iosStatusToState(m_currentTunnel.connection.status);
 
-                        if (!started || startError) {
-                            qDebug().nospace() << "IosController::startTunnel :" << tunnel.localizedDescription << protocolName
-                                               << " : Connect " << protocolName << " Tunnel Start Error"
-                                               << (startError ? startError.localizedDescription.UTF8String : "");
-                            emit connectionStateChanged(Vpn::ConnectionState::Error);
-                        } else {
-                            qDebug().nospace() << "IosController::startTunnel :" << tunnel.localizedDescription << protocolName
-                                               << " : Starting the tunnel succeeded";
-                        }
-                    });
-                }];
-            });
-        }];
-    });
+                    BOOL started = [m_currentTunnel.connection startVPNTunnelWithOptions:nil andReturnError:&startError];
+
+                    if (!started || startError) {
+                        qDebug().nospace() << "IosController::startTunnel :" << m_currentTunnel.localizedDescription << protocolName << " : Connect " << protocolName << " Tunnel Start Error"
+                            << (startError ? startError.localizedDescription.UTF8String : "");
+                        emit connectionStateChanged(Vpn::ConnectionState::Error);
+                    } else {
+                        qDebug().nospace() << "IosController::startTunnel :" << m_currentTunnel.localizedDescription << protocolName << " : Starting the tunnel succeeded";
+                    }
+            }];
+        });
+    }];
 }
 
 bool IosController::isOurManager(NETunnelProviderManager* manager) {

client/platforms/linux/linuxnetworkwatcher.cpp

@@ -41,8 +41,8 @@ void LinuxNetworkWatcher::initialize() {
   connect(m_worker, &LinuxNetworkWatcherWorker::unsecuredNetwork, this,
           &LinuxNetworkWatcher::unsecuredNetwork);
 
-  connect(m_worker, &LinuxNetworkWatcherWorker::wakeup, this,
-          &NetworkWatcherImpl::wakeup);
+  connect(m_worker, &LinuxNetworkWatcherWorker::sleepMode, this,
+          &NetworkWatcherImpl::sleepMode);
 
   // Let's wait a few seconds to allow the UI to be fully loaded and shown.
   // This is not strictly needed, but it's better for user experience because

client/platforms/linux/linuxnetworkwatcherworker.cpp

@@ -200,7 +200,7 @@ void LinuxNetworkWatcherWorker::checkDevices() {
 void LinuxNetworkWatcherWorker::NMStateChanged(quint32 state)
 {
   if (state == NM_STATE_ASLEEP) {
-    emit wakeup();
+    emit sleepMode();
   }
 
   logger.debug() << "NMStateChanged " << state;

client/platforms/linux/linuxnetworkwatcherworker.h

@@ -23,7 +23,7 @@ class LinuxNetworkWatcherWorker final : public QObject {
 
  signals:
   void unsecuredNetwork(const QString& networkName, const QString& networkId);
-  void wakeup();
+  void sleepMode();
 
  public slots:
   void initialize();

client/platforms/macos/macosnetworkwatcher.mm

@@ -173,10 +173,10 @@ void PowerNotificationsListener::sleepWakeupCallBack(void *refParam, io_service_
 
     case kIOMessageSystemHasPoweredOn:
         /* Announces that the system and its devices have woken up. */
-        logger.debug() << "System has powered on - emitting wakeup signal from dedicated CFRunLoop thread";
+        logger.debug() << "System has powered on - emitting sleepMode signal from dedicated CFRunLoop thread";
         if (listener->m_watcher) {
             // Use QMetaObject::invokeMethod for thread-safe signal emission
-            QMetaObject::invokeMethod(listener->m_watcher, "wakeup", Qt::QueuedConnection);
+            QMetaObject::invokeMethod(listener->m_watcher, "sleepMode", Qt::QueuedConnection);
         }
         break;
 

client/platforms/windows/windowsnetworkwatcher.cpp

@@ -41,7 +41,7 @@ LRESULT WindowsNetworkWatcher::PowerWndProcCallback(HWND hwnd, UINT uMsg, WPARAM
   switch (uMsg) {
   case WM_POWERBROADCAST:
     if (wParam == PBT_APMRESUMESUSPEND) {
-        emit obj->wakeup();
+        emit obj->sleepMode();
     }
     break;
   default:

client/protocols/wireguardprotocol.cpp

@@ -15,7 +15,7 @@ WireguardProtocol::WireguardProtocol(const QJsonObject &configuration, QObject *
     m_impl.reset(new LocalSocketController());
     connect(m_impl.get(), &ControllerImpl::connected, this,
             [this](const QString &pubkey, const QDateTime &connectionTimestamp) {
-                setConnectionState(Vpn::ConnectionState::Connected);
+                emit connectionStateChanged(Vpn::ConnectionState::Connected);
             });
     connect(m_impl.get(), &ControllerImpl::statusUpdated, this,
             [this](const QString& serverIpv4Gateway,
@@ -38,7 +38,7 @@ WireguardProtocol::WireguardProtocol(const QJsonObject &configuration, QObject *
             });
 
     connect(m_impl.get(), &ControllerImpl::disconnected, this,
-            [this]() { setConnectionState(Vpn::ConnectionState::Disconnected); });
+            [this]() { emit connectionStateChanged(Vpn::ConnectionState::Disconnected); });
     m_impl->initialize(nullptr, nullptr);
 }
 

client/protocols/xrayprotocol.cpp

@@ -52,6 +52,7 @@ XrayProtocol::~XrayProtocol()
 ErrorCode XrayProtocol::start()
 {
     qDebug() << "XrayProtocol::start()";
+    setConnectionState(Vpn::ConnectionState::Connecting);
 
     return IpcClient::withInterface([&](QSharedPointer<IpcInterfaceReplica> iface) {
         auto xrayStart = iface->xrayStart(QJsonDocument(m_xrayConfig).toJson());
@@ -68,6 +69,7 @@ ErrorCode XrayProtocol::start()
 void XrayProtocol::stop()
 {
     qDebug() << "XrayProtocol::stop()";
+    setConnectionState(Vpn::ConnectionState::Disconnecting);
 
     IpcClient::withInterface([](QSharedPointer<IpcInterfaceReplica> iface) {
         auto disableKillSwitch = iface->disableKillSwitch();

client/secure_qsettings.cpp

@@ -35,12 +35,13 @@ SecureQSettings::SecureQSettings(const QString &organization, const QString &app
             }
         }
         m_settings.setValue("Conf/encrypted", true);
+        m_settings.sync();
     }
 }
 
 QVariant SecureQSettings::value(const QString &key, const QVariant &defaultValue) const
 {
-    QMutexLocker locker(&m_mutex);
+    QMutexLocker locker(&mutex);
 
     if (m_cache.contains(key)) {
         return m_cache.value(key);
@@ -84,7 +85,7 @@ QVariant SecureQSettings::value(const QString &key, const QVariant &defaultValue
 
 void SecureQSettings::setValue(const QString &key, const QVariant &value)
 {
-    QMutexLocker locker(&m_mutex);
+    QMutexLocker locker(&mutex);
 
     if (encryptionRequired() && encryptedKeys.contains(key)) {
         if (!getEncKey().isEmpty() && !getEncIv().isEmpty()) {
@@ -106,20 +107,26 @@ void SecureQSettings::setValue(const QString &key, const QVariant &value)
     }
 
     m_cache.insert(key, value);
+    sync();
 }
 
 void SecureQSettings::remove(const QString &key)
 {
-    QMutexLocker locker(&m_mutex);
+    QMutexLocker locker(&mutex);
 
     m_settings.remove(key);
     m_cache.remove(key);
+
+    sync();
+}
+
+void SecureQSettings::sync()
+{
+    m_settings.sync();
 }
 
 QByteArray SecureQSettings::backupAppConfig() const
 {
-    QMutexLocker locker(&m_mutex);
-
     QJsonObject cfg;
 
     const auto needToBackup = [this](const auto &key) {
@@ -154,8 +161,6 @@ QByteArray SecureQSettings::backupAppConfig() const
 
 bool SecureQSettings::restoreAppConfig(const QByteArray &json)
 {
-    QMutexLocker locker(&m_mutex);
-
     QJsonObject cfg = QJsonDocument::fromJson(json).object();
     if (cfg.isEmpty())
         return false;
@@ -168,16 +173,10 @@ bool SecureQSettings::restoreAppConfig(const QByteArray &json)
         setValue(key, cfg.value(key).toVariant());
     }
 
+    sync();
     return true;
 }
 
-void SecureQSettings::clearSettings()
-{
-    QMutexLocker locker(&m_mutex);
-    m_settings.clear();
-    m_cache.clear();
-}
-
 QByteArray SecureQSettings::encryptText(const QByteArray &value) const
 {
     QSimpleCrypto::QBlockCipher cipher;
@@ -295,3 +294,11 @@ void SecureQSettings::setSecTag(const QString &tag, const QByteArray &data)
         qCritical() << "SecureQSettings::setSecTag Error:" << job->errorString();
     }
 }
+
+void SecureQSettings::clearSettings()
+{
+    QMutexLocker locker(&mutex);
+    m_settings.clear();
+    m_cache.clear();
+    sync();
+}

client/secure_qsettings.h

@@ -16,16 +16,14 @@ public:
     explicit SecureQSettings(const QString &organization, const QString &application = QString(),
                              QObject *parent = nullptr);
 
-    QVariant value(const QString &key, const QVariant &defaultValue = QVariant()) const;
-    void setValue(const QString &key, const QVariant &value);
+    Q_INVOKABLE QVariant value(const QString &key, const QVariant &defaultValue = QVariant()) const;
+    Q_INVOKABLE void setValue(const QString &key, const QVariant &value);
     void remove(const QString &key);
+    void sync();
 
     QByteArray backupAppConfig() const;
     bool restoreAppConfig(const QByteArray &json);
 
-    void clearSettings();
-
-private:
     QByteArray encryptText(const QByteArray &value) const;
     QByteArray decryptText(const QByteArray &ba) const;
 
@@ -37,6 +35,9 @@ private:
     static QByteArray getSecTag(const QString &tag);
     static void setSecTag(const QString &tag, const QByteArray &data);
 
+    void clearSettings();
+
+private:
     QSettings m_settings;
 
     mutable QHash<QString, QVariant> m_cache;
@@ -52,7 +53,7 @@ private:
 
     const QByteArray magicString { "EncData" }; // Magic keyword used for mark encrypted QByteArray
 
-    mutable QRecursiveMutex m_mutex;
+    mutable QMutex mutex;
 };
 
 #endif // SECUREQSETTINGS_H

client/settings.cpp

@@ -21,10 +21,10 @@ Settings::Settings(QObject *parent) : QObject(parent), m_settings(ORGANIZATION_N
 {
     // Import old settings
     if (serversCount() == 0) {
-        QString user = m_settings.value("Server/userName").toString();
-        QString password = m_settings.value("Server/password").toString();
-        QString serverName = m_settings.value("Server/serverName").toString();
-        int port = m_settings.value("Server/serverPort").toInt();
+        QString user = value("Server/userName").toString();
+        QString password = value("Server/password").toString();
+        QString serverName = value("Server/serverName").toString();
+        int port = value("Server/serverPort").toInt();
 
         if (!user.isEmpty() && !password.isEmpty() && !serverName.isEmpty()) {
             QJsonObject server;
@@ -222,7 +222,7 @@ QString Settings::nextAvailableServerName() const
 
 void Settings::setSaveLogs(bool enabled)
 {
-    m_settings.setValue("Conf/saveLogs", enabled);
+    setValue("Conf/saveLogs", enabled);
 #ifndef Q_OS_ANDROID
     if (!isSaveLogs()) {
         Logger::deInit();
@@ -242,12 +242,12 @@ void Settings::setSaveLogs(bool enabled)
 
 QDateTime Settings::getLogEnableDate()
 {
-    return m_settings.value("Conf/logEnableDate").toDateTime();
+    return value("Conf/logEnableDate").toDateTime();
 }
 
 void Settings::setLogEnableDate(QDateTime date)
 {
-    m_settings.setValue("Conf/logEnableDate", date);
+    setValue("Conf/logEnableDate", date);
 }
 
 QString Settings::routeModeString(RouteMode mode) const
@@ -261,17 +261,17 @@ QString Settings::routeModeString(RouteMode mode) const
 
 Settings::RouteMode Settings::routeMode() const
 {
-    return static_cast<RouteMode>(m_settings.value("Conf/routeMode", 0).toInt());
+    return static_cast<RouteMode>(value("Conf/routeMode", 0).toInt());
 }
 
 bool Settings::isSitesSplitTunnelingEnabled() const
 {
-    return m_settings.value("Conf/sitesSplitTunnelingEnabled", false).toBool();
+    return value("Conf/sitesSplitTunnelingEnabled", false).toBool();
 }
 
 void Settings::setSitesSplitTunnelingEnabled(bool enabled)
 {
-    m_settings.setValue("Conf/sitesSplitTunnelingEnabled", enabled);
+    setValue("Conf/sitesSplitTunnelingEnabled", enabled);
 }
 
 bool Settings::addVpnSite(RouteMode mode, const QString &site, const QString &ip)
@@ -359,12 +359,12 @@ void Settings::removeAllVpnSites(RouteMode mode)
 
 QString Settings::primaryDns() const
 {
-    return m_settings.value("Conf/primaryDns", cloudFlareNs1).toString();
+    return value("Conf/primaryDns", cloudFlareNs1).toString();
 }
 
 QString Settings::secondaryDns() const
 {
-    return m_settings.value("Conf/secondaryDns", cloudFlareNs2).toString();
+    return value("Conf/secondaryDns", cloudFlareNs2).toString();
 }
 
 void Settings::clearSettings()
@@ -386,18 +386,18 @@ QString Settings::appsRouteModeString(AppsRouteMode mode) const
 
 Settings::AppsRouteMode Settings::getAppsRouteMode() const
 {
-    return static_cast<AppsRouteMode>(m_settings.value("Conf/appsRouteMode", 0).toInt());
+    return static_cast<AppsRouteMode>(value("Conf/appsRouteMode", 0).toInt());
 }
 
 void Settings::setAppsRouteMode(AppsRouteMode mode)
 {
-    m_settings.setValue("Conf/appsRouteMode", mode);
+    setValue("Conf/appsRouteMode", mode);
 }
 
 QVector<InstalledAppInfo> Settings::getVpnApps(AppsRouteMode mode) const
 {
     QVector<InstalledAppInfo> apps;
-    auto appsArray = m_settings.value("Conf/" + appsRouteModeString(mode)).toJsonArray();
+    auto appsArray = value("Conf/" + appsRouteModeString(mode)).toJsonArray();
     for (const auto &app : appsArray) {
         InstalledAppInfo appInfo;
         appInfo.appName = app.toObject().value("appName").toString();
@@ -419,42 +419,43 @@ void Settings::setVpnApps(AppsRouteMode mode, const QVector<InstalledAppInfo> &a
         appInfo.insert("appPath", app.appPath);
         appsArray.push_back(appInfo);
     }
-    m_settings.setValue("Conf/" + appsRouteModeString(mode), appsArray);
+    setValue("Conf/" + appsRouteModeString(mode), appsArray);
+    m_settings.sync();
 }
 
 bool Settings::isAppsSplitTunnelingEnabled() const
 {
-    return m_settings.value("Conf/appsSplitTunnelingEnabled", false).toBool();
+    return value("Conf/appsSplitTunnelingEnabled", false).toBool();
 }
 
 void Settings::setAppsSplitTunnelingEnabled(bool enabled)
 {
-    m_settings.setValue("Conf/appsSplitTunnelingEnabled", enabled);
+    setValue("Conf/appsSplitTunnelingEnabled", enabled);
 }
 
 bool Settings::isKillSwitchEnabled() const
 {
-    return m_settings.value("Conf/killSwitchEnabled", true).toBool();
+    return value("Conf/killSwitchEnabled", true).toBool();
 }
 
 void Settings::setKillSwitchEnabled(bool enabled)
 {
-    m_settings.setValue("Conf/killSwitchEnabled", enabled);
+    setValue("Conf/killSwitchEnabled", enabled);
 }
 
 bool Settings::isStrictKillSwitchEnabled() const
 {
-    return m_settings.value("Conf/strictKillSwitchEnabled", false).toBool();
+    return value("Conf/strictKillSwitchEnabled", false).toBool();
 }
 
 void Settings::setStrictKillSwitchEnabled(bool enabled)
 {
-    m_settings.setValue("Conf/strictKillSwitchEnabled", enabled);
+    setValue("Conf/strictKillSwitchEnabled", enabled);
 }
 
 QString Settings::getInstallationUuid(const bool needCreate)
 {
-    auto uuid = m_settings.value("Conf/installationUuid", "").toString();
+    auto uuid = value("Conf/installationUuid", "").toString();
     if (needCreate && uuid.isEmpty()) {
         uuid = QUuid::createUuid().toString();
 
@@ -475,7 +476,7 @@ QString Settings::getInstallationUuid(const bool needCreate)
 
 void Settings::setInstallationUuid(const QString &uuid)
 {
-    m_settings.setValue("Conf/installationUuid", uuid);
+    setValue("Conf/installationUuid", uuid);
 }
 
 ServerCredentials Settings::defaultServerCredentials() const
@@ -496,6 +497,28 @@ ServerCredentials Settings::serverCredentials(int index) const
     return credentials;
 }
 
+QVariant Settings::value(const QString &key, const QVariant &defaultValue) const
+{
+    QVariant returnValue;
+    if (QThread::currentThread() == QCoreApplication::instance()->thread()) {
+        returnValue = m_settings.value(key, defaultValue);
+    } else {
+        QMetaObject::invokeMethod(&m_settings, "value", Qt::BlockingQueuedConnection, Q_RETURN_ARG(QVariant, returnValue),
+                                  Q_ARG(const QString &, key), Q_ARG(const QVariant &, defaultValue));
+    }
+    return returnValue;
+}
+
+void Settings::setValue(const QString &key, const QVariant &value)
+{
+    if (QThread::currentThread() == QCoreApplication::instance()->thread()) {
+        m_settings.setValue(key, value);
+    } else {
+        QMetaObject::invokeMethod(&m_settings, "setValue", Qt::BlockingQueuedConnection, Q_ARG(const QString &, key),
+                                  Q_ARG(const QVariant &, value));
+    }
+}
+
 void Settings::resetGatewayEndpoint()
 {
     m_gatewayEndpoint = gatewayEndpoint;
@@ -516,52 +539,72 @@ QString Settings::getGatewayEndpoint(bool isTestPurchase)
     return isTestPurchase ? DEV_AGW_ENDPOINT : m_gatewayEndpoint;
 }
 
+QString Settings::getDevProxyStorageEndpoint() const
+{
+    return value("Conf/devProxyStorageEndpoint", "").toString();
+}
+
+void Settings::setDevProxyStorageEndpoint(const QString &endpoint)
+{
+    setValue("Conf/devProxyStorageEndpoint", endpoint);
+}
+
+QString Settings::getDevProxyUrl() const
+{
+    return value("Conf/devProxyUrl", "").toString();
+}
+
+void Settings::setDevProxyUrl(const QString &url)
+{
+    setValue("Conf/devProxyUrl", url);
+}
+
 bool Settings::isDevGatewayEnv(bool isTestPurchase)
 {
-    return isTestPurchase ? true : m_settings.value("Conf/devGatewayEnv", false).toBool();
+    return isTestPurchase ? true : value("Conf/devGatewayEnv", false).toBool();
 }
 
 void Settings::toggleDevGatewayEnv(bool enabled)
 {
-    m_settings.setValue("Conf/devGatewayEnv", enabled);
+    setValue("Conf/devGatewayEnv", enabled);
 }
 
 bool Settings::isHomeAdLabelVisible()
 {
-    return m_settings.value("Conf/homeAdLabelVisible", true).toBool();
+    return value("Conf/homeAdLabelVisible", true).toBool();
 }
 
 void Settings::disableHomeAdLabel()
 {
-    m_settings.setValue("Conf/homeAdLabelVisible", false);
+    setValue("Conf/homeAdLabelVisible", false);
 }
 
 bool Settings::isPremV1MigrationReminderActive()
 {
-    return m_settings.value("Conf/premV1MigrationReminderActive", true).toBool();
+    return value("Conf/premV1MigrationReminderActive", true).toBool();
 }
 
 void Settings::disablePremV1MigrationReminder()
 {
-    m_settings.setValue("Conf/premV1MigrationReminderActive", false);
+    setValue("Conf/premV1MigrationReminderActive", false);
 }
 
 QStringList Settings::allowedDnsServers() const
 {
-    return m_settings.value("Conf/allowedDnsServers").toStringList();
+    return value("Conf/allowedDnsServers").toStringList();
 }
 
 void Settings::setAllowedDnsServers(const QStringList &servers)
 {
-    m_settings.setValue("Conf/allowedDnsServers", servers);
+    setValue("Conf/allowedDnsServers", servers);
 }
 
 QStringList Settings::readNewsIds() const
 {
-    return m_settings.value("News/readIds").toStringList();
+    return value("News/readIds").toStringList();
 }
 
 void Settings::setReadNewsIds(const QStringList &ids)
 {
-    m_settings.setValue("News/readIds", ids);
+    setValue("News/readIds", ids);
 }

client/settings.h

@@ -29,11 +29,11 @@ public:
 
     QJsonArray serversArray() const
     {
-        return QJsonDocument::fromJson(m_settings.value("Servers/serversList").toByteArray()).array();
+        return QJsonDocument::fromJson(value("Servers/serversList").toByteArray()).array();
     }
     void setServersArray(const QJsonArray &servers)
     {
-        m_settings.setValue("Servers/serversList", QJsonDocument(servers).toJson());
+        setValue("Servers/serversList", QJsonDocument(servers).toJson());
     }
 
     // Servers section
@@ -45,11 +45,11 @@ public:
 
     int defaultServerIndex() const
     {
-        return m_settings.value("Servers/defaultServerIndex", 0).toInt();
+        return value("Servers/defaultServerIndex", 0).toInt();
     }
     void setDefaultServer(int index)
     {
-        m_settings.setValue("Servers/defaultServerIndex", index);
+        setValue("Servers/defaultServerIndex", index);
     }
     QJsonObject defaultServer() const
     {
@@ -78,34 +78,34 @@ public:
     // App settings section
     bool isAutoConnect() const
     {
-        return m_settings.value("Conf/autoConnect", false).toBool();
+        return value("Conf/autoConnect", false).toBool();
     }
     void setAutoConnect(bool enabled)
     {
-        m_settings.setValue("Conf/autoConnect", enabled);
+        setValue("Conf/autoConnect", enabled);
     }
 
     bool isStartMinimized() const
     {
-        return m_settings.value("Conf/startMinimized", false).toBool();
+        return value("Conf/startMinimized", false).toBool();
     }
     void setStartMinimized(bool enabled)
     {
-        m_settings.setValue("Conf/startMinimized", enabled);
+        setValue("Conf/startMinimized", enabled);
     }
 
     bool isNewsNotifications() const
     {
-        return m_settings.value("Conf/newsNotifications", true).toBool();
+        return value("Conf/newsNotifications", true).toBool();
     }
     void setNewsNotifications(bool enabled)
     {
-        m_settings.setValue("Conf/newsNotifications", enabled);
+        setValue("Conf/newsNotifications", enabled);
     }
 
     bool isSaveLogs() const
     {
-        return m_settings.value("Conf/saveLogs", false).toBool();
+        return value("Conf/saveLogs", false).toBool();
     }
     void setSaveLogs(bool enabled);
 
@@ -122,18 +122,19 @@ public:
     QString routeModeString(RouteMode mode) const;
 
     RouteMode routeMode() const;
-    void setRouteMode(RouteMode mode) { m_settings.setValue("Conf/routeMode", mode); }
+    void setRouteMode(RouteMode mode) { setValue("Conf/routeMode", mode); }
 
     bool isSitesSplitTunnelingEnabled() const;
     void setSitesSplitTunnelingEnabled(bool enabled);
 
     QVariantMap vpnSites(RouteMode mode) const
     {
-        return m_settings.value("Conf/" + routeModeString(mode)).toMap();
+        return value("Conf/" + routeModeString(mode)).toMap();
     }
     void setVpnSites(RouteMode mode, const QVariantMap &sites)
     {
-        m_settings.setValue("Conf/" + routeModeString(mode), sites);
+        setValue("Conf/" + routeModeString(mode), sites);
+        m_settings.sync();
     }
     bool addVpnSite(RouteMode mode, const QString &site, const QString &ip = "");
     void addVpnSites(RouteMode mode, const QMap<QString, QString> &sites); // map <site, ip>
@@ -146,11 +147,11 @@ public:
 
     bool useAmneziaDns() const
     {
-        return m_settings.value("Conf/useAmneziaDns", true).toBool();
+        return value("Conf/useAmneziaDns", true).toBool();
     }
     void setUseAmneziaDns(bool enabled)
     {
-        m_settings.setValue("Conf/useAmneziaDns", enabled);
+        setValue("Conf/useAmneziaDns", enabled);
     }
 
     QString primaryDns() const;
@@ -159,13 +160,13 @@ public:
     // QString primaryDns() const { return m_primaryDns; }
     void setPrimaryDns(const QString &primaryDns)
     {
-        m_settings.setValue("Conf/primaryDns", primaryDns);
+        setValue("Conf/primaryDns", primaryDns);
     }
 
     // QString secondaryDns() const { return m_secondaryDns; }
     void setSecondaryDns(const QString &secondaryDns)
     {
-        m_settings.setValue("Conf/secondaryDns", secondaryDns);
+        setValue("Conf/secondaryDns", secondaryDns);
     }
 
     //    static constexpr char openNicNs5[] = "94.103.153.176";
@@ -187,16 +188,16 @@ public:
     };
     void setAppLanguage(QLocale locale)
     {
-        m_settings.setValue("Conf/appLanguage", locale.name());
+        setValue("Conf/appLanguage", locale.name());
     };
 
     bool isScreenshotsEnabled() const
     {
-        return m_settings.value("Conf/screenshotsEnabled", true).toBool();
+        return value("Conf/screenshotsEnabled", true).toBool();
     }
     void setScreenshotsEnabled(bool enabled)
     {
-        m_settings.setValue("Conf/screenshotsEnabled", enabled);
+        setValue("Conf/screenshotsEnabled", enabled);
         emit screenshotsEnabledChanged(enabled);
     }
 
@@ -232,6 +233,10 @@ public:
     void setGatewayEndpoint(const QString &endpoint);
     void setDevGatewayEndpoint();
     QString getGatewayEndpoint(bool isTestPurchase = false);
+    QString getDevProxyStorageEndpoint() const;
+    void setDevProxyStorageEndpoint(const QString &endpoint);
+    QString getDevProxyUrl() const;
+    void setDevProxyUrl(const QString &url);
     bool isDevGatewayEnv(bool isTestPurchase = false);
     void toggleDevGatewayEnv(bool enabled);
 
@@ -254,6 +259,9 @@ signals:
     void settingsCleared();
 
 private:
+    QVariant value(const QString &key, const QVariant &defaultValue = QVariant()) const;
+    void setValue(const QString &key, const QVariant &value);
+
     void setInstallationUuid(const QString &uuid);
 
     mutable SecureQSettings m_settings;

client/ui/controllers/api/apiConfigsController.cpp

@@ -444,7 +444,8 @@ bool ApiConfigsController::importService()
 
     if (m_apiServicesModel->getSelectedServiceType() == serviceType::amneziaPremium) {
         if (isIosOrMacOsNe) {
-            return importSerivceFromAppStore();
+            importSerivceFromAppStore();
+            return true;
         }
     } else {
         importServiceFromGateway();
@@ -504,18 +505,13 @@ bool ApiConfigsController::importSerivceFromAppStore()
         return false;
     }
 
-    int duplicateServerIndex = -1;
-    errorCode = importServiceFromBilling(responseBody, isTestPurchase, duplicateServerIndex);
-    if (errorCode == ErrorCode::ApiConfigAlreadyAdded) {
-        emit installServerFromApiFinished(tr("This subscription is already in the app."), duplicateServerIndex);
-        return true;
-    }
+    errorCode = importServiceFromBilling(responseBody, isTestPurchase);
     if (errorCode != ErrorCode::NoError) {
         emit errorOccurred(errorCode);
         return false;
     }
-    emit installServerFromApiFinished(
-            tr("%1 was added to the app.").arg(m_apiServicesModel->getSelectedServiceName()));
+
+    emit installServerFromApiFinished(tr("%1 installed successfully.").arg(m_apiServicesModel->getSelectedServiceName()));
 #endif
     return true;
 }
@@ -571,23 +567,15 @@ bool ApiConfigsController::restoreSerivceFromAppStore()
     }
 
     if (restoredTransactions.isEmpty()) {
-        qInfo().noquote() << "[IAP] Restore completed, but no active entitlements found";
-        emit errorOccurred(ErrorCode::ApiNoPurchasedSubscriptionsError);
+        qInfo().noquote() << "[IAP] Restore completed, but no transactions were returned";
+        emit errorOccurred(ErrorCode::ApiPurchaseError);
         return false;
     }
 
-    const bool isTestPurchase = IosController::Instance()->isTestFlight();
-    const QString serviceType = m_apiServicesModel->getSelectedServiceType();
-    const QString serviceProtocol = m_apiServicesModel->getSelectedServiceProtocol();
-    const QString countryCode = m_apiServicesModel->getCountryCode();
-    const QString appLanguage = m_settings->getAppLanguage().name().split("_").first();
-    const QString installationUuid = m_settings->getInstallationUuid(true);
-
     bool hasInstalledConfig = false;
     bool duplicateConfigAlreadyPresent = false;
-    int duplicateServerIndex = -1;
-    QSet<QString> processedOriginalTransactionIds;
-
+    int duplicateCount = 0;
+    QSet<QString> processedTransactions;
     for (const QVariantMap &transaction : restoredTransactions) {
         const QString originalTransactionId = transaction.value(QStringLiteral("originalTransactionId")).toString();
         const QString transactionId = transaction.value(QStringLiteral("transactionId")).toString();
@@ -598,28 +586,28 @@ bool ApiConfigsController::restoreSerivceFromAppStore()
             continue;
         }
 
-        if (processedOriginalTransactionIds.contains(originalTransactionId)) {
-            qInfo().noquote() << "[IAP] Skipping duplicate restored transaction" << originalTransactionId;
+        if (processedTransactions.contains(originalTransactionId)) {
+            duplicateCount++;
             continue;
         }
-        processedOriginalTransactionIds.insert(originalTransactionId);
+        processedTransactions.insert(originalTransactionId);
 
         qInfo().noquote() << "[IAP] Restoring subscription. transactionId =" << transactionId
                           << "originalTransactionId =" << originalTransactionId << "productId =" << productId;
 
         GatewayRequestData gatewayRequestData { QSysInfo::productType(),
                                                 QString(APP_VERSION),
-                                                appLanguage,
-                                                installationUuid,
-                                                countryCode,
+                                                m_settings->getAppLanguage().name().split("_").first(),
+                                                m_settings->getInstallationUuid(true),
+                                                m_apiServicesModel->getCountryCode(),
                                                 "",
-                                                serviceType,
-                                                serviceProtocol,
+                                                m_apiServicesModel->getSelectedServiceType(),
+                                                m_apiServicesModel->getSelectedServiceProtocol(),
                                                 QJsonObject() };
 
         QJsonObject apiPayload = gatewayRequestData.toJsonObject();
         apiPayload[apiDefs::key::transactionId] = originalTransactionId;
-
+        auto isTestPurchase = IosController::Instance()->isTestFlight();
         QByteArray responseBody;
         ErrorCode errorCode = executeRequest(QString("%1v1/subscriptions"), apiPayload, responseBody, isTestPurchase);
         if (errorCode != ErrorCode::NoError) {
@@ -628,37 +616,29 @@ bool ApiConfigsController::restoreSerivceFromAppStore()
             continue;
         }
 
-        int currentDuplicateServerIndex = -1;
-        errorCode = importServiceFromBilling(responseBody, isTestPurchase, currentDuplicateServerIndex);
+        ErrorCode installError = importServiceFromBilling(responseBody, isTestPurchase);
         if (errorCode == ErrorCode::ApiConfigAlreadyAdded) {
             duplicateConfigAlreadyPresent = true;
-            if (duplicateServerIndex < 0) {
-                duplicateServerIndex = currentDuplicateServerIndex;
-            }
-            qInfo().noquote() << "[IAP] Subscription config with the same vpn_key already exists" << originalTransactionId;
-            continue;
+            qInfo().noquote() << "[IAP] Skipping restored transaction" << originalTransactionId
+                              << "because subscription config with the same vpn_key already exists";
+        } else if (errorCode != ErrorCode::NoError) {
+            qWarning().noquote() << "[IAP] Failed to process restored subscription response for transaction" << originalTransactionId;
+        } else {
+            hasInstalledConfig = true;
         }
-
-        if (errorCode != ErrorCode::NoError) {
-            qWarning().noquote() << "[IAP] Failed to process restored subscription response for transaction" << originalTransactionId
-                                 << "errorCode =" << static_cast<int>(errorCode);
-            continue;
-        }
-
-        hasInstalledConfig = true;
     }
 
     if (!hasInstalledConfig) {
-        if (duplicateConfigAlreadyPresent) {
-            emit installServerFromApiFinished(tr("This subscription is already in the app."), duplicateServerIndex);
-            return true;
-        }
-
-        emit errorOccurred(ErrorCode::ApiPurchaseError);
+        const ErrorCode restoreError = duplicateConfigAlreadyPresent ? ErrorCode::ApiConfigAlreadyAdded : ErrorCode::ApiPurchaseError;
+        emit errorOccurred(restoreError);
         return false;
     }
 
     emit installServerFromApiFinished(tr("Subscription restored successfully."));
+    if (duplicateCount > 0) {
+        qInfo().noquote() << "[IAP] Skipped" << duplicateCount
+                          << "duplicate restored transactions for original transaction IDs already processed";
+    }
 #endif
     return true;
 }
@@ -789,7 +769,8 @@ bool ApiConfigsController::updateServiceFromTelegram(const int serverIndex)
 #endif
 
     GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs,
-                                        m_settings->isStrictKillSwitchEnabled());
+                                        m_settings->isStrictKillSwitchEnabled(), m_settings->getDevProxyStorageEndpoint(),
+                                        m_settings->getDevProxyUrl());
 
     auto serverConfig = m_serversModel->getServerConfig(serverIndex);
     auto installationUuid = m_settings->getInstallationUuid(true);
@@ -962,11 +943,9 @@ QString ApiConfigsController::getVpnKey()
     return m_vpnKey;
 }
 
-ErrorCode ApiConfigsController::importServiceFromBilling(const QByteArray &responseBody, const bool isTestPurchase,
-                                                         int &duplicateServerIndex)
+ErrorCode ApiConfigsController::importServiceFromBilling(const QByteArray &responseBody, const bool isTestPurchase)
 {
-#if defined(Q_OS_IOS) || defined(MACOS_NE)
-    duplicateServerIndex = -1;
+#ifdef Q_OS_IOS
     QJsonObject responseObject = QJsonDocument::fromJson(responseBody).object();
     QString key = responseObject.value(QStringLiteral("key")).toString();
     if (key.isEmpty()) {
@@ -974,8 +953,7 @@ ErrorCode ApiConfigsController::importServiceFromBilling(const QByteArray &respo
         return ErrorCode::ApiPurchaseError;
     }
 
-    duplicateServerIndex = m_serversModel->indexOfServerWithVpnKey(key);
-    if (duplicateServerIndex >= 0) {
+    if (m_serversModel->hasServerWithVpnKey(key)) {
         qInfo().noquote() << "[IAP] Subscription config with the same vpn_key already exists";
         return ErrorCode::ApiConfigAlreadyAdded;
     }
@@ -1009,7 +987,6 @@ ErrorCode ApiConfigsController::importServiceFromBilling(const QByteArray &respo
 #else
     Q_UNUSED(responseBody)
     Q_UNUSED(isTestPurchase)
-    duplicateServerIndex = -1;
     return ErrorCode::NoError;
 #endif
 }
@@ -1018,6 +995,7 @@ ErrorCode ApiConfigsController::executeRequest(const QString &endpoint, const QJ
                                                bool isTestPurchase)
 {
     GatewayController gatewayController(m_settings->getGatewayEndpoint(isTestPurchase), m_settings->isDevGatewayEnv(isTestPurchase),
-                                        apiDefs::requestTimeoutMsecs, m_settings->isStrictKillSwitchEnabled());
+                                        apiDefs::requestTimeoutMsecs, m_settings->isStrictKillSwitchEnabled(),
+                                        m_settings->getDevProxyStorageEndpoint(), m_settings->getDevProxyUrl());
     return gatewayController.post(endpoint, apiPayload, responseBody);
 }

client/ui/controllers/api/apiConfigsController.h

@@ -44,7 +44,7 @@ public slots:
 signals:
     void errorOccurred(ErrorCode errorCode);
 
-    void installServerFromApiFinished(const QString &message, int preferredDefaultServerIndex = -1);
+    void installServerFromApiFinished(const QString &message);
     void changeApiCountryFinished(const QString &message);
     void reloadServerFromApiFinished(const QString &message);
     void updateServerFromApiFinished();
@@ -57,7 +57,7 @@ private:
     QString getVpnKey();
 
     ErrorCode executeRequest(const QString &endpoint, const QJsonObject &apiPayload, QByteArray &responseBody, bool isTestPurchase = false);
-    ErrorCode importServiceFromBilling(const QByteArray &responseBody, const bool isTestPurchase, int &duplicateServerIndex);
+    ErrorCode importServiceFromBilling(const QByteArray &responseBody, const bool isTestPurchase);
 
     QList<QString> m_qrCodes;
     QString m_vpnKey;

client/ui/controllers/api/apiNewsController.cpp

@@ -32,7 +32,10 @@ void ApiNewsController::fetchNews(bool showError)
     }
 
     auto gatewayController = QSharedPointer<GatewayController>::create(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(),
-                                                                       apiDefs::requestTimeoutMsecs, m_settings->isStrictKillSwitchEnabled());
+                                                                       apiDefs::requestTimeoutMsecs,
+                                                                       m_settings->isStrictKillSwitchEnabled(),
+                                                                       m_settings->getDevProxyStorageEndpoint(),
+                                                                       m_settings->getDevProxyUrl());
     QJsonObject payload;
     payload.insert("locale", m_settings->getAppLanguage().name().split("_").first());
 

client/ui/controllers/api/apiSettingsController.cpp

@@ -57,7 +57,8 @@ bool ApiSettingsController::getAccountInfo(bool reload)
 
     bool isTestPurchase = apiConfig.value(apiDefs::key::isTestPurchase).toBool(false);
     GatewayController gatewayController(m_settings->getGatewayEndpoint(isTestPurchase), m_settings->isDevGatewayEnv(isTestPurchase),
-                                        requestTimeoutMsecs, m_settings->isStrictKillSwitchEnabled());
+                                        requestTimeoutMsecs, m_settings->isStrictKillSwitchEnabled(),
+                                        m_settings->getDevProxyStorageEndpoint(), m_settings->getDevProxyUrl());
 
     QJsonObject apiPayload;
     apiPayload[configKey::userCountryCode] = apiConfig.value(configKey::userCountryCode).toString();

client/ui/controllers/connectionController.cpp

@@ -6,7 +6,6 @@
     #include <QApplication>
 #endif
 
-#include "amnezia_application.h"
 #include "utilities.h"
 #include "core/controllers/vpnConfigurationController.h"
 #include "version.h"
@@ -82,8 +81,6 @@ void ConnectionController::onConnectionStateChanged(Vpn::ConnectionState state)
     m_connectionStateText = tr("Connecting...");
     switch (state) {
     case Vpn::ConnectionState::Connected: {
-        amnApp->networkManager()->clearConnectionCache();
-
         m_isConnectionInProgress = false;
         m_isConnected = true;
         m_connectionStateText = tr("Connected");

client/ui/controllers/exportController.cpp

@@ -7,6 +7,7 @@
 #include <QFileInfo>
 #include <QImage>
 #include <QStandardPaths>
+
 #include "core/controllers/vpnConfigurationController.h"
 #include "core/qrCodeUtils.h"
 #include "core/serialization/serialization.h"
@@ -169,7 +170,8 @@ void ExportController::generateWireGuardConfig(const QString &clientName)
         m_config.append(line + "\n");
     }
 
-    m_qrCodes = qrCodeUtils::generateQrCodeImageSeries(m_config.toUtf8());
+    auto qr = qrCodeUtils::generateQrCode(m_config.toUtf8());
+    m_qrCodes << qrCodeUtils::svgToBase64(QString::fromStdString(toSvgString(qr, 1)));
 
     emit exportConfigChanged();
 }
@@ -189,7 +191,8 @@ void ExportController::generateAwgConfig(const QString &clientName)
         m_config.append(line + "\n");
     }
 
-    m_qrCodes = qrCodeUtils::generateQrCodeImageSeries(m_config.toUtf8());
+    auto qr = qrCodeUtils::generateQrCode(m_config.toUtf8());
+    m_qrCodes << qrCodeUtils::svgToBase64(QString::fromStdString(toSvgString(qr, 1)));
 
     emit exportConfigChanged();
 }

client/ui/controllers/installController.cpp

@@ -83,8 +83,8 @@ void InstallController::install(DockerContainer container, int port, TransportPr
 
                 int s1 = QRandomGenerator::global()->bounded(15, 150);
                 int s2 = QRandomGenerator::global()->bounded(15, 150);
-                int s3 = QRandomGenerator::global()->bounded(1, 64);
-                int s4 = QRandomGenerator::global()->bounded(1, 20);
+                int s3 = QRandomGenerator::global()->bounded(0, 64);
+                int s4 = QRandomGenerator::global()->bounded(0, 20);
 
                 // Ensure all values are unique and don't create equal packet sizes
                 QSet<int> usedValues;
@@ -97,12 +97,12 @@ void InstallController::install(DockerContainer container, int port, TransportPr
 
                 while (usedValues.contains(s3) || s1 + AwgConstant::messageInitiationSize == s3 + AwgConstant::messageCookieReplySize
                        || s2 + AwgConstant::messageResponseSize == s3 + AwgConstant::messageCookieReplySize) {
-                    s3 = QRandomGenerator::global()->bounded(1, 64);
+                    s3 = QRandomGenerator::global()->bounded(0, 64);
                 }
                 usedValues.insert(s3);
 
                 while (usedValues.contains(s4)) {
-                    s4 = QRandomGenerator::global()->bounded(1, 20);
+                    s4 = QRandomGenerator::global()->bounded(0, 20);
                 }
 
                 QString initPacketJunkSize = QString::number(s1);
@@ -987,94 +987,79 @@ void InstallController::addEmptyServer()
     emit installServerFinished(tr("Server added successfully"));
 }
 
-void InstallController::validateConfig()
+bool InstallController::isConfigValid()
 {
     int serverIndex = m_serversModel->getDefaultServerIndex();
     QJsonObject serverConfigObject = m_serversModel->getServerConfig(serverIndex);
 
     if (apiUtils::isServerFromApi(serverConfigObject)) {
-        emit configValidated(true);
-        return;
+        return true;
     }
 
     if (!m_serversModel->data(serverIndex, ServersModel::Roles::HasInstalledContainers).toBool()) {
         emit noInstalledContainers();
-        emit configValidated(false);
-        return;
+        return false;
     }
 
     DockerContainer container = qvariant_cast<DockerContainer>(m_serversModel->data(serverIndex, ServersModel::Roles::DefaultContainerRole));
 
     if (container == DockerContainer::None) {
         emit installationErrorOccurred(ErrorCode::NoInstalledContainersError);
-        emit configValidated(false);
-        return;
+        return false;
     }
 
+    QSharedPointer<ServerController> serverController(new ServerController(m_settings));
+    VpnConfigurationsController vpnConfigurationController(m_settings, serverController);
+
     QJsonObject containerConfig = m_containersModel->getContainerConfig(container);
     ServerCredentials credentials = m_serversModel->getServerCredentials(serverIndex);
-    QSharedPointer<ServerController> serverController(new ServerController(m_settings));
 
-    auto isProtocolConfigExists = [](const QJsonObject &containerConfig, const DockerContainer container) {
-        for (Proto protocol : ContainerProps::protocolsForContainer(container)) {
-            QString protocolConfig =
-                    containerConfig.value(ProtocolProps::protoToString(protocol)).toObject().value(config_key::last_config).toString();
+    QFutureWatcher<ErrorCode> watcher;
 
-            if (protocolConfig.isEmpty()) {
-                return false;
+    QFuture<ErrorCode> future = QtConcurrent::run([this, container, &credentials, &containerConfig, &serverController]() {
+        ErrorCode errorCode = ErrorCode::NoError;
+
+        auto isProtocolConfigExists = [](const QJsonObject &containerConfig, const DockerContainer container) {
+            for (Proto protocol : ContainerProps::protocolsForContainer(container)) {
+                QString protocolConfig =
+                        containerConfig.value(ProtocolProps::protoToString(protocol)).toObject().value(config_key::last_config).toString();
+
+                if (protocolConfig.isEmpty()) {
+                    return false;
+                }
+            }
+            return true;
+        };
+
+        if (!isProtocolConfigExists(containerConfig, container)) {
+            VpnConfigurationsController vpnConfigurationController(m_settings, serverController);
+            errorCode = vpnConfigurationController.createProtocolConfigForContainer(credentials, container, containerConfig);
+            if (errorCode != ErrorCode::NoError) {
+                return errorCode;
+            }
+            m_serversModel->updateContainerConfig(container, containerConfig);
+
+            errorCode = m_clientManagementModel->appendClient(container, credentials, containerConfig,
+                                                              QString("Admin [%1]").arg(QSysInfo::prettyProductName()), serverController);
+            if (errorCode != ErrorCode::NoError) {
+                return errorCode;
             }
         }
-        return true;
-    };
+        return errorCode;
+    });
 
-    if (isProtocolConfigExists(containerConfig, container)) {
-        emit configValidated(true);
-        return;
+    QEventLoop wait;
+    connect(&watcher, &QFutureWatcher<ErrorCode>::finished, &wait, &QEventLoop::quit);
+    watcher.setFuture(future);
+    wait.exec();
+
+    ErrorCode errorCode = watcher.result();
+
+    if (errorCode != ErrorCode::NoError) {
+        emit installationErrorOccurred(errorCode);
+        return false;
     }
-
-    struct ValidationResult {
-        ErrorCode errorCode = ErrorCode::NoError;
-        QJsonObject containerConfig;
-    };
-
-    QFuture<ValidationResult> future =
-            QtConcurrent::run([settings = m_settings, serverController, credentials, containerConfig, container]() mutable {
-                ValidationResult result;
-                result.containerConfig = containerConfig;
-
-                VpnConfigurationsController vpnConfigurationController(settings, serverController);
-                result.errorCode = vpnConfigurationController.createProtocolConfigForContainer(credentials, container,
-                                                                                               result.containerConfig);
-                return result;
-            });
-
-    auto *watcher = new QFutureWatcher<ValidationResult>(this);
-    connect(watcher, &QFutureWatcher<ValidationResult>::finished, this,
-            [this, watcher, container, credentials, serverController]() {
-                auto result = watcher->result();
-                watcher->deleteLater();
-
-                if (result.errorCode != ErrorCode::NoError) {
-                    emit installationErrorOccurred(result.errorCode);
-                    emit configValidated(false);
-                    return;
-                }
-
-                m_serversModel->updateContainerConfig(container, result.containerConfig);
-
-                ErrorCode appendError = m_clientManagementModel->appendClient(
-                        container, credentials, result.containerConfig,
-                        QString("Admin [%1]").arg(QSysInfo::prettyProductName()), serverController);
-
-                if (appendError != ErrorCode::NoError) {
-                    emit installationErrorOccurred(appendError);
-                    emit configValidated(false);
-                    return;
-                }
-
-                emit configValidated(true);
-            });
-    watcher->setFuture(future);
+    return true;
 }
 
 bool InstallController::isUpdateDockerContainerRequired(const DockerContainer container, const QJsonObject &oldConfig,
@@ -1085,7 +1070,7 @@ bool InstallController::isUpdateDockerContainerRequired(const DockerContainer co
     const QJsonObject &oldProtoConfig = oldConfig.value(ProtocolProps::protoToString(mainProto)).toObject();
     const QJsonObject &newProtoConfig = newConfig.value(ProtocolProps::protoToString(mainProto)).toObject();
 
-    if (ContainerProps::isAwgContainer(container)) {
+    if (container == DockerContainer::Awg2) {
         const AwgConfig oldConfig(oldProtoConfig);
         const AwgConfig newConfig(newProtoConfig);
 

client/ui/controllers/installController.h

@@ -50,10 +50,9 @@ public slots:
 
     void addEmptyServer();
 
-    void validateConfig();
+    bool isConfigValid();
 
 signals:
-    void configValidated(bool isValid);
     void installContainerFinished(const QString &finishMessage, bool isServiceInstall);
     void installServerFinished(const QString &finishMessage);
 

client/ui/controllers/settingsController.cpp

@@ -178,11 +178,12 @@ void SettingsController::backupAppConfig(const QString &fileName)
 
 void SettingsController::restoreAppConfig(const QString &fileName)
 {
-    QByteArray data;
-    if (!SystemController::readFile(fileName, data)) {
-        emit changeSettingsErrorOccurred(tr("Can't open file: %1").arg(fileName));
-        return;
-    }
+    QFile file(fileName);
+
+    file.open(QIODevice::ReadOnly);
+
+    QByteArray data = file.readAll();
+
     restoreAppConfigFromData(data);
 }
 
@@ -425,6 +426,28 @@ QString SettingsController::getGatewayEndpoint()
     return m_settings->isDevGatewayEnv() ? "Dev endpoint" : m_settings->getGatewayEndpoint();
 }
 
+void SettingsController::setDevProxyStorageEndpoint(const QString &endpoint)
+{
+    m_settings->setDevProxyStorageEndpoint(endpoint);
+    emit devProxyStorageEndpointChanged(endpoint);
+}
+
+QString SettingsController::getDevProxyStorageEndpoint()
+{
+    return m_settings->getDevProxyStorageEndpoint();
+}
+
+void SettingsController::setDevProxyUrl(const QString &url)
+{
+    m_settings->setDevProxyUrl(url);
+    emit devProxyUrlChanged(url);
+}
+
+QString SettingsController::getDevProxyUrl()
+{
+    return m_settings->getDevProxyUrl();
+}
+
 bool SettingsController::isDevGatewayEnv()
 {
     return m_settings->isDevGatewayEnv();

client/ui/controllers/settingsController.h

@@ -30,6 +30,9 @@ public:
     Q_PROPERTY(bool isDevModeEnabled READ isDevModeEnabled NOTIFY devModeEnabled)
     Q_PROPERTY(QString gatewayEndpoint READ getGatewayEndpoint WRITE setGatewayEndpoint NOTIFY gatewayEndpointChanged)
     Q_PROPERTY(bool isDevGatewayEnv READ isDevGatewayEnv WRITE toggleDevGatewayEnv NOTIFY devGatewayEnvChanged)
+    Q_PROPERTY(QString devProxyStorageEndpoint READ getDevProxyStorageEndpoint WRITE setDevProxyStorageEndpoint NOTIFY
+                       devProxyStorageEndpointChanged)
+    Q_PROPERTY(QString devProxyUrl READ getDevProxyUrl WRITE setDevProxyUrl NOTIFY devProxyUrlChanged)
 
     Q_PROPERTY(bool isHomeAdLabelVisible READ isHomeAdLabelVisible NOTIFY isHomeAdLabelVisibleChanged)
     Q_PROPERTY(bool startMinimized READ isStartMinimizedEnabled NOTIFY startMinimizedChanged)
@@ -98,6 +101,10 @@ public slots:
     void resetGatewayEndpoint();
     void setGatewayEndpoint(const QString &endpoint);
     QString getGatewayEndpoint();
+    void setDevProxyStorageEndpoint(const QString &endpoint);
+    QString getDevProxyStorageEndpoint();
+    void setDevProxyUrl(const QString &url);
+    QString getDevProxyUrl();
     bool isDevGatewayEnv();
     void toggleDevGatewayEnv(bool enabled);
 
@@ -136,6 +143,8 @@ signals:
     void devModeEnabled();
     void gatewayEndpointChanged(const QString &endpoint);
     void devGatewayEnvChanged(bool enabled);
+    void devProxyStorageEndpointChanged(const QString &endpoint);
+    void devProxyUrlChanged(const QString &url);
     
     void imeHeightChanged(int height);
     void safeAreaTopMarginChanged();

client/ui/controllers/sitesController.cpp

@@ -7,8 +7,10 @@
 #include "systemController.h"
 #include "core/networkUtilities.h"
 
-SitesController::SitesController(const std::shared_ptr<Settings> &settings, const QSharedPointer<SitesModel> &sitesModel, QObject *parent)
-    : QObject(parent), m_settings(settings), m_sitesModel(sitesModel)
+SitesController::SitesController(const std::shared_ptr<Settings> &settings,
+                                 const QSharedPointer<VpnConnection> &vpnConnection,
+                                 const QSharedPointer<SitesModel> &sitesModel, QObject *parent)
+    : QObject(parent), m_settings(settings), m_vpnConnection(vpnConnection), m_sitesModel(sitesModel)
 {
 }
 
@@ -32,20 +34,32 @@ void SitesController::addSite(QString hostname)
         hostname = hostname.split("/", Qt::SkipEmptyParts).first();
     }
 
-    const auto &resolveCallback = [this](const QHostInfo &hostInfo) {
+    const auto &processSite = [this](const QString &hostname, const QString &ip) {
+        m_sitesModel->addSite(hostname, ip);
+
+        if (!ip.isEmpty()) {
+            QMetaObject::invokeMethod(m_vpnConnection.get(), "addRoutes", Qt::QueuedConnection,
+                                      Q_ARG(QStringList, QStringList() << ip));
+        } else if (NetworkUtilities::ipAddressWithSubnetRegExp().exactMatch(hostname)) {
+            QMetaObject::invokeMethod(m_vpnConnection.get(), "addRoutes", Qt::QueuedConnection,
+                                      Q_ARG(QStringList, QStringList() << hostname));
+        }
+    };
+
+    const auto &resolveCallback = [this, processSite](const QHostInfo &hostInfo) {
         const QList<QHostAddress> &addresses = hostInfo.addresses();
         for (const QHostAddress &addr : hostInfo.addresses()) {
             if (addr.protocol() == QAbstractSocket::NetworkLayerProtocol::IPv4Protocol) {
-                m_sitesModel->addSite(hostInfo.hostName(), addr.toString());
+                processSite(hostInfo.hostName(), addr.toString());
                 break;
             }
         }
     };
 
     if (NetworkUtilities::ipAddressWithSubnetRegExp().exactMatch(hostname)) {
-        m_sitesModel->addSite(hostname, "");
+        processSite(hostname, "");
     } else {
-        m_sitesModel->addSite(hostname, "");
+        processSite(hostname, "");
         QHostInfo::lookupHost(hostname, this, resolveCallback);
     }
 
@@ -58,6 +72,9 @@ void SitesController::removeSite(int index)
     auto hostname = m_sitesModel->data(modelIndex, SitesModel::Roles::UrlRole).toString();
     m_sitesModel->removeSite(modelIndex);
 
+    QMetaObject::invokeMethod(m_vpnConnection.get(), "deleteRoutes", Qt::QueuedConnection,
+                              Q_ARG(QStringList, QStringList() << hostname));
+
     emit finished(tr("Site removed: %1").arg(hostname));
 }
 
@@ -111,6 +128,8 @@ void SitesController::importSites(const QString &fileName, bool replaceExisting)
 
     m_sitesModel->addSites(sites, replaceExisting);
 
+    QMetaObject::invokeMethod(m_vpnConnection.get(), "addRoutes", Qt::QueuedConnection, Q_ARG(QStringList, ips));
+
     emit finished(tr("Import completed"));
 }
 

client/ui/controllers/sitesController.h

@@ -11,8 +11,9 @@ class SitesController : public QObject
 {
     Q_OBJECT
 public:
-    explicit SitesController(const std::shared_ptr<Settings> &settings, const QSharedPointer<SitesModel> &sitesModel,
-                             QObject *parent = nullptr);
+    explicit SitesController(const std::shared_ptr<Settings> &settings,
+                             const QSharedPointer<VpnConnection> &vpnConnection,
+                             const QSharedPointer<SitesModel> &sitesModel, QObject *parent = nullptr);
 
 public slots:
     void addSite(QString hostname);
@@ -30,6 +31,8 @@ signals:
 
 private:
     std::shared_ptr<Settings> m_settings;
+
+    QSharedPointer<VpnConnection> m_vpnConnection;
     QSharedPointer<SitesModel> m_sitesModel;
 };
 

client/ui/models/protocols/awgConfigModel.cpp

@@ -141,12 +141,10 @@ void AwgConfigModel::updateModel(const QJsonObject &config)
             serverProtocolConfig.value(config_key::initPacketJunkSize).toString(protocols::awg::defaultInitPacketJunkSize);
     m_serverProtocolConfig[config_key::responsePacketJunkSize] =
             serverProtocolConfig.value(config_key::responsePacketJunkSize).toString(protocols::awg::defaultResponsePacketJunkSize);
-    if (protocolVersion == protocols::awg::awgV2) {
-        m_serverProtocolConfig[config_key::cookieReplyPacketJunkSize] =
-                serverProtocolConfig.value(config_key::cookieReplyPacketJunkSize).toString(protocols::awg::defaultCookieReplyPacketJunkSize);
-        m_serverProtocolConfig[config_key::transportPacketJunkSize] =
-                serverProtocolConfig.value(config_key::transportPacketJunkSize).toString(protocols::awg::defaultTransportPacketJunkSize);
-    }
+    m_serverProtocolConfig[config_key::cookieReplyPacketJunkSize] =
+            serverProtocolConfig.value(config_key::cookieReplyPacketJunkSize).toString(protocols::awg::defaultCookieReplyPacketJunkSize);
+    m_serverProtocolConfig[config_key::transportPacketJunkSize] =
+            serverProtocolConfig.value(config_key::transportPacketJunkSize).toString(protocols::awg::defaultTransportPacketJunkSize);
     m_serverProtocolConfig[config_key::initPacketMagicHeader] =
             serverProtocolConfig.value(config_key::initPacketMagicHeader).toString(protocols::awg::defaultInitPacketMagicHeader);
     m_serverProtocolConfig[config_key::responsePacketMagicHeader] =

client/ui/models/servers_model.cpp

@@ -727,21 +727,21 @@ bool ServersModel::isServerFromApiAlreadyExists(const QString &userCountryCode,
     return false;
 }
 
-int ServersModel::indexOfServerWithVpnKey(const QString &vpnKey) const
+bool ServersModel::hasServerWithVpnKey(const QString &vpnKey) const
 {
     const QString normalizedInput = normalizeVpnKey(vpnKey);
     if (normalizedInput.isEmpty()) {
-        return -1;
+        return false;
     }
 
-    for (int i = 0; i < m_servers.size(); ++i) {
-        const auto apiConfig = m_servers.at(i).toObject().value(configKey::apiConfig).toObject();
+    for (const auto &server : std::as_const(m_servers)) {
+        const auto apiConfig = server.toObject().value(configKey::apiConfig).toObject();
         const QString existingKey = normalizeVpnKey(apiConfig.value(apiDefs::key::vpnKey).toString());
         if (!existingKey.isEmpty() && existingKey == normalizedInput) {
-            return i;
+            return true;
         }
     }
-    return -1;
+    return false;
 }
 
 bool ServersModel::serverHasInstalledContainers(const int serverIndex) const

client/ui/models/servers_model.h

@@ -140,7 +140,7 @@ public slots:
 
     bool isServerFromApiAlreadyExists(const quint16 crc);
     bool isServerFromApiAlreadyExists(const QString &userCountryCode, const QString &serviceType, const QString &serviceProtocol);
-    int indexOfServerWithVpnKey(const QString &vpnKey) const;
+    bool hasServerWithVpnKey(const QString &vpnKey) const;
 
     QVariant getDefaultServerData(const QString roleString);
 

client/ui/qml/Controls2/PageType.qml

@@ -8,10 +8,9 @@ Item {
     id: root
 
     property StackView stackView: StackView.view
-    property bool enableTimer: true
 
     onVisibleChanged: {
-        if (visible && enableTimer) {
+        if (visible) {
             timer.start()
         }
     }
@@ -25,6 +24,6 @@ Item {
             FocusController.setFocusOnDefaultItem()
         }
         repeat: false // Stop the timer after one trigger
-        running: enableTimer // Start the timer
+        running: true // Start the timer
     }
 }

client/ui/qml/Pages2/PageDevMenu.qml

@@ -73,6 +73,50 @@ PageType {
                     }
                 }
             }
+
+            TextFieldWithHeaderType {
+                Layout.fillWidth: true
+                Layout.rightMargin: 16
+                Layout.leftMargin: 16
+
+                headerText: qsTr("Proxy storage endpoint")
+                textField.text: SettingsController.devProxyStorageEndpoint
+
+                buttonImageSource: textField.text !== "" ? "qrc:/images/controls/refresh-cw.svg" : ""
+
+                clickedFunc: function() {
+                    SettingsController.devProxyStorageEndpoint = ""
+                }
+
+                textField.onEditingFinished: {
+                    textField.text = textField.text.replace(/^\s+|\s+$/g, '')
+                    if (textField.text !== SettingsController.devProxyStorageEndpoint) {
+                        SettingsController.devProxyStorageEndpoint = textField.text
+                    }
+                }
+            }
+
+            TextFieldWithHeaderType {
+                Layout.fillWidth: true
+                Layout.rightMargin: 16
+                Layout.leftMargin: 16
+
+                headerText: qsTr("Proxy endpoint")
+                textField.text: SettingsController.devProxyUrl
+
+                buttonImageSource: textField.text !== "" ? "qrc:/images/controls/refresh-cw.svg" : ""
+
+                clickedFunc: function() {
+                    SettingsController.devProxyUrl = ""
+                }
+
+                textField.onEditingFinished: {
+                    textField.text = textField.text.replace(/^\s+|\s+$/g, '')
+                    if (textField.text !== SettingsController.devProxyUrl) {
+                        SettingsController.devProxyUrl = textField.text
+                    }
+                }
+            }
         }
 
         footer: ColumnLayout {

client/ui/qml/Pages2/PageProtocolAwgClientSettings.qml

@@ -330,8 +330,6 @@ PageType {
             AwgTextField {
                 id: cookieReplyPacketJunkSizeTextField
 
-                visible: isAwg2
-
                 Layout.leftMargin: 16
                 Layout.rightMargin: 16
 
@@ -344,8 +342,6 @@ PageType {
             AwgTextField {
                 id: transportPacketJunkSizeTextField
 
-                visible: isAwg2
-
                 Layout.leftMargin: 16
                 Layout.rightMargin: 16
 

client/ui/qml/Pages2/PageSettingsApiServerInfo.qml

@@ -396,7 +396,9 @@ PageType {
                             PageController.showNotificationMessage(qsTr("Cannot remove server during active connection"))
                         } else {
                             PageController.showBusyIndicator(true)
-                            InstallController.removeProcessedServer()
+                            if (ApiConfigsController.deactivateDevice(true)) {
+                                InstallController.removeProcessedServer()
+                            }
                             PageController.showBusyIndicator(false)
                         }
                     }

client/ui/qml/Pages2/PageSettingsApplication.qml

@@ -178,7 +178,7 @@ PageType {
                 Layout.margins: 16
 
                 text: qsTr("News Notification")
-                descriptionText: qsTr("Show a notification icon for unread news")
+                descriptionText: qsTr("Show notification icon when has unread news")
 
                 checked: SettingsController.isNewsNotificationsEnabled()
                 onToggled: function() {

client/ui/qml/Pages2/PageSetupWizardStart.qml

@@ -13,7 +13,6 @@ import "../Components"
 
 PageType {
     id: root
-    enableTimer: (SettingsController.isOnTv()) ? false : true
 
     ColumnLayout {
         id: content
@@ -46,22 +45,4 @@ PageType {
             }
         }
     }
-
-    Timer {
-        interval: 250
-        running: SettingsController.isOnTv()
-        repeat: true
-        onTriggered: {
-            startButton.forceActiveFocus()
-            if (startButton.activeFocus) {
-                running = false
-            }
-        }
-    }
-
-    onVisibleChanged: {
-        if (visible && SettingsController.isOnTv()) {
-            startButton.forceActiveFocus()
-        }
-    }
 }

client/ui/qml/Pages2/PageShare.qml

@@ -505,13 +505,7 @@ PageType {
                             exportTypeSelector.currentIndex = 0
                         }
                         selectedIndex = exportTypeSelector.currentIndex
-                        if (model.length > 0 && model[selectedIndex] && model[selectedIndex].name !== undefined) {
-                            exportTypeSelectorListView.selectedText = model[selectedIndex].name
-                            exportTypeSelector.text = model[selectedIndex].name
-                        } else {
-                            exportTypeSelectorListView.selectedText = ""
-                            exportTypeSelector.text = ""
-                        }
+                        exportTypeSelector.text = selectedText
                     }
 
                     rootWidth: root.width

client/ui/qml/Pages2/PageStart.qml

@@ -225,13 +225,9 @@ PageType {
     Connections {
         target: ApiConfigsController
 
-        function onInstallServerFromApiFinished(message, preferredDefaultIndex) {
+        function onInstallServerFromApiFinished(message) {
             if (!ConnectionController.isConnected) {
-                if (preferredDefaultIndex !== undefined && preferredDefaultIndex >= 0) {
-                    ServersModel.setDefaultServerIndex(preferredDefaultIndex)
-                } else {
-                    ServersModel.setDefaultServerIndex(ServersModel.getServersCount() - 1)
-                }
+                ServersModel.setDefaultServerIndex(ServersModel.getServersCount() - 1);
                 ServersModel.processedIndex = ServersModel.defaultIndex
             }
 
@@ -282,6 +278,7 @@ PageType {
         }
 
         Keys.onPressed: function(event) {
+            console.debug(">>>> ", event.key, " Event is caught by StartPage")
             switch (event.key) {
             case Qt.Key_Tab:
             case Qt.Key_Down:
@@ -307,7 +304,7 @@ PageType {
         anchors.right: parent.right
         anchors.left: parent.left
         anchors.bottom: parent.bottom
-
+        
         // Also adjust TabBar position when keyboard appears (Android 14+ workaround)
         anchors.bottomMargin: SettingsController.imeHeight
 

client/ui/qml/main2.qml

@@ -21,14 +21,10 @@ Window  {
         function onStateChanged() {
             if (Qt.platform.os === "android") {
                 if (Qt.application.state === Qt.ApplicationActive) {
-                    root.visible = true
                     refreshTimer.restart()
-                } else if (Qt.application.state === Qt.ApplicationSuspended) {
-                    // Hide window to stop the Qt render loop and prevent
-                    // eglSwapBuffers from being called on a lost EGL context.
-                    // NOTE: Do NOT hide on ApplicationInactive — that fires on any
-                    // focus change (IME, notifications) and would blank the screen.
-                    root.visible = false
+                } else if (Qt.application.state === Qt.ApplicationSuspended || 
+                          Qt.application.state === Qt.ApplicationInactive) {
+                    console.log("QML: Application going to background, state:", Qt.application.state)
                 }
             }
         }
@@ -60,11 +56,6 @@ Window  {
         PageController.closeWindow()
     }
 
-    onSceneGraphError: function(error, message) {
-        // Prevent qFatal crash on Android when EGL context is lost
-        console.warn("Scene graph error:", error, message)
-    }
-
     title: "AmneziaVPN"
 
     Item { // This item is needed for focus handling

client/vpnconnection.cpp

@@ -39,8 +39,9 @@ VpnConnection::VpnConnection(std::shared_ptr<Settings> settings, QObject *parent
 {
 #if defined(Q_OS_IOS) || defined(MACOS_NE)
     m_checkTimer.setInterval(1000);
-    connect(IosController::Instance(), &IosController::connectionStateChanged, this, &VpnConnection::setConnectionState);
+    connect(IosController::Instance(), &IosController::connectionStateChanged, this, &VpnConnection::onConnectionStateChanged);
     connect(IosController::Instance(), &IosController::bytesChanged, this, &VpnConnection::onBytesChanged);
+
 #endif
 }
 
@@ -58,7 +59,7 @@ void VpnConnection::onKillSwitchModeChanged(bool enabled)
 #ifdef AMNEZIA_DESKTOP
     IpcClient::withInterface([enabled](QSharedPointer<IpcInterfaceReplica> iface){
         QRemoteObjectPendingReply<bool> reply = iface->refreshKillSwitch(enabled);
-        if (reply.waitForFinished() && reply.returnValue())
+        if (reply.waitForFinished(1000) && reply.returnValue())
             qDebug() << "VpnConnection::onKillSwitchModeChanged: Killswitch refreshed";
         else
             qWarning() << "VpnConnection::onKillSwitchModeChanged: Failed to execute remote refreshKillSwitch call";
@@ -72,57 +73,40 @@ void VpnConnection::onConnectionStateChanged(Vpn::ConnectionState state)
     auto container = m_settings->defaultContainer(m_settings->defaultServerIndex());
 
     IpcClient::withInterface([&](QSharedPointer<IpcInterfaceReplica> iface) {
-        switch (state) {
-            case Vpn::ConnectionState::Connected: {
-                iface->resetIpStack();
+        if (state == Vpn::ConnectionState::Connected) {
+            iface->resetIpStack();
+            iface->flushDns();
 
-                auto flushDns = iface->flushDns();
-                if (flushDns.waitForFinished() && flushDns.returnValue())
-                    qDebug() << "VpnConnection::onConnectionStateChanged: Successfully flushed DNS";
-                else
-                    qWarning() << "VpnConnection::onConnectionStateChanged: Failed to clear saved routes";
+            if (!ContainerProps::isAwgContainer(container) && 
+                container != DockerContainer::WireGuard) {
+                QString dns1 = m_vpnConfiguration.value(config_key::dns1).toString();
+                QString dns2 = m_vpnConfiguration.value(config_key::dns2).toString();
 
+                iface->routeAddList(m_vpnProtocol->vpnGateway(), QStringList() << dns1 << dns2);
 
-                if (!ContainerProps::isAwgContainer(container) &&
-                    container != DockerContainer::WireGuard) {
-                    QString dns1 = m_vpnConfiguration.value(config_key::dns1).toString();
-                    QString dns2 = m_vpnConfiguration.value(config_key::dns2).toString();
+                if (m_settings->isSitesSplitTunnelingEnabled()) {
+                    iface->routeDeleteList(m_vpnProtocol->vpnGateway(), QStringList() << "0.0.0.0");
+                    // qDebug() << "VpnConnection::onConnectionStateChanged :: adding custom routes, count:" << forwardIps.size();
+                    if (m_settings->routeMode() == Settings::VpnOnlyForwardSites) {
+                        QTimer::singleShot(1000, m_vpnProtocol.data(),
+                                           [this]() { addSitesRoutes(m_vpnProtocol->vpnGateway(), m_settings->routeMode()); });
+                    } else if (m_settings->routeMode() == Settings::VpnAllExceptSites) {
+                        iface->routeAddList(m_vpnProtocol->vpnGateway(), QStringList() << "0.0.0.0/1");
+                        iface->routeAddList(m_vpnProtocol->vpnGateway(), QStringList() << "128.0.0.0/1");
 
-                    // TODO: add error code handling for all routeAddList (or rework the code below)
-                    iface->routeAddList(m_vpnProtocol->vpnGateway(), QStringList() << dns1 << dns2);
-
-                    if (m_settings->isSitesSplitTunnelingEnabled()) {
-                        iface->routeDeleteList(m_vpnProtocol->vpnGateway(), QStringList() << "0.0.0.0");
-                        // qDebug() << "VpnConnection::onConnectionStateChanged :: adding custom routes, count:" << forwardIps.size();
-                        if (m_settings->routeMode() == Settings::VpnOnlyForwardSites) {
-                            QTimer::singleShot(1000, m_vpnProtocol.data(),
-                                               [this]() { addSitesRoutes(m_vpnProtocol->vpnGateway(), m_settings->routeMode()); });
-                        } else if (m_settings->routeMode() == Settings::VpnAllExceptSites) {
-                            iface->routeAddList(m_vpnProtocol->vpnGateway(), QStringList() << "0.0.0.0/1");
-                            iface->routeAddList(m_vpnProtocol->vpnGateway(), QStringList() << "128.0.0.0/1");
-
-                            iface->routeAddList(m_vpnProtocol->routeGateway(), QStringList() << remoteAddress());
-                            addSitesRoutes(m_vpnProtocol->routeGateway(), m_settings->routeMode());
-                        }
+                        iface->routeAddList(m_vpnProtocol->routeGateway(), QStringList() << remoteAddress());
+                        addSitesRoutes(m_vpnProtocol->routeGateway(), m_settings->routeMode());
                     }
                 }
-            } break;
-            case Vpn::ConnectionState::Disconnected:
-            case Vpn::ConnectionState::Error: {
-                auto flushDns = iface->flushDns();
-                if (flushDns.waitForFinished() && flushDns.returnValue())
-                    qDebug() << "VpnConnection::onConnectionStateChanged: Successfully flushed DNS";
-                else
-                    qWarning() << "VpnConnection::onConnectionStateChanged: Failed to flush DNS";
+            }
+        } else if (state == Vpn::ConnectionState::Error) {
+            iface->flushDns();
 
-                auto clearSavedRoutes = iface->clearSavedRoutes();
-                if (clearSavedRoutes.waitForFinished() && clearSavedRoutes.returnValue())
-                    qDebug() << "VpnConnection::onConnectionStateChanged: Successfully cleared saved routes";
-                else
-                    qWarning() << "VpnConnection::onConnectionStateChanged: Failed to clear saved routes";
-            } break;
-            default:
-                break;
+            if (m_settings->isSitesSplitTunnelingEnabled()) {
+                if (m_settings->routeMode() == Settings::VpnOnlyForwardSites) {
+                    iface->clearSavedRoutes();
+                }
+            }
         }
     });
 #endif
@@ -136,6 +120,7 @@ void VpnConnection::onConnectionStateChanged(Vpn::ConnectionState state)
         m_checkTimer.stop();
     }
 #endif
+    emit connectionStateChanged(state);
 }
 
 const QString &VpnConnection::remoteAddress() const
@@ -180,11 +165,7 @@ void VpnConnection::addSitesRoutes(const QString &gw, Settings::RouteMode mode)
                         });
                         m_settings->addVpnSite(mode, site, ip);
                     }
-                    IpcClient::withInterface([](QSharedPointer<IpcInterfaceReplica> iface) {
-                        auto reply = iface->flushDns();
-                        if (reply.waitForFinished() || !reply.returnValue())
-                            qWarning() << "VpnConnection::addSitesRoutes: Failed to flush DNS";
-                    });
+                    flushDns();
                     break;
                 }
             }
@@ -199,6 +180,48 @@ QSharedPointer<VpnProtocol> VpnConnection::vpnProtocol() const
     return m_vpnProtocol;
 }
 
+void VpnConnection::addRoutes(const QStringList &ips)
+{
+#ifdef AMNEZIA_DESKTOP
+    IpcClient::withInterface([&](QSharedPointer<IpcInterfaceReplica> iface) {
+        if (connectionState() == Vpn::ConnectionState::Connected) {
+            if (m_settings->routeMode() == Settings::VpnOnlyForwardSites) {
+                iface->routeAddList(m_vpnProtocol->vpnGateway(), ips);
+            } else if (m_settings->routeMode() == Settings::VpnAllExceptSites) {
+                iface->routeAddList(m_vpnProtocol->routeGateway(), ips);
+            }
+        }
+    });
+#endif
+}
+
+void VpnConnection::deleteRoutes(const QStringList &ips)
+{
+#ifdef AMNEZIA_DESKTOP
+    IpcClient::withInterface([&](QSharedPointer<IpcInterfaceReplica> iface) {
+        if (connectionState() == Vpn::ConnectionState::Connected) {
+            if (m_settings->routeMode() == Settings::VpnOnlyForwardSites) {
+                iface->routeDeleteList(vpnProtocol()->vpnGateway(), ips);
+            } else if (m_settings->routeMode() == Settings::VpnAllExceptSites) {
+                iface->routeDeleteList(m_vpnProtocol->routeGateway(), ips);
+            }
+        }
+    });
+#endif
+}
+
+void VpnConnection::flushDns()
+{
+#ifdef AMNEZIA_DESKTOP
+    IpcClient::withInterface([](QSharedPointer<IpcInterfaceReplica> iface) {
+        auto reply = iface->flushDns();
+        if (reply.waitForFinished(1000) || !reply.returnValue()) {
+            qWarning() << "VpnConnection::flushDns(): Failed to flush DNS";
+        }
+    });
+#endif
+}
+
 void VpnConnection::disconnectSlots()
 {
     if (m_vpnProtocol) {
@@ -228,7 +251,7 @@ void VpnConnection::connectToVpn(int serverIndex, const ServerCredentials &crede
              << m_settings->routeMode();
 
     m_remoteAddress = NetworkUtilities::getIPAddress(credentials.hostName);
-    setConnectionState(Vpn::ConnectionState::Connecting);
+    emit connectionStateChanged(Vpn::ConnectionState::Connecting);
 
     m_vpnConfiguration = vpnConfiguration;
 
@@ -246,7 +269,7 @@ void VpnConnection::connectToVpn(int serverIndex, const ServerCredentials &crede
 #if !defined(Q_OS_ANDROID) && !defined(Q_OS_IOS) && !defined(MACOS_NE)
     m_vpnProtocol.reset(VpnProtocol::factory(container, m_vpnConfiguration));
     if (!m_vpnProtocol) {
-        setConnectionState(Vpn::ConnectionState::Error);
+        emit connectionStateChanged(Vpn::ConnectionState::Error);
         return;
     }
     m_vpnProtocol->prepare();
@@ -264,24 +287,17 @@ void VpnConnection::connectToVpn(int serverIndex, const ServerCredentials &crede
 
     createProtocolConnections();
 
-    if (ErrorCode err = m_vpnProtocol->start(); err != ErrorCode::NoError) {
-        setConnectionState(Vpn::ConnectionState::Error);
-        emit vpnProtocolError(err);
-    }
+    ErrorCode errorCode = m_vpnProtocol->start();
+    if (errorCode != ErrorCode::NoError)
+        emit connectionStateChanged(Vpn::ConnectionState::Error);
 }
 
 void VpnConnection::createProtocolConnections()
 {
     connect(m_vpnProtocol.data(), &VpnProtocol::protocolError, this, &VpnConnection::vpnProtocolError);
-    connect(m_vpnProtocol.data(), &VpnProtocol::connectionStateChanged, this, &VpnConnection::setConnectionState);
+    connect(m_vpnProtocol.data(), SIGNAL(connectionStateChanged(Vpn::ConnectionState)), this,
+            SLOT(onConnectionStateChanged(Vpn::ConnectionState)));
     connect(m_vpnProtocol.data(), SIGNAL(bytesChanged(quint64, quint64)), this, SLOT(onBytesChanged(quint64, quint64)));
-
-#ifdef AMNEZIA_DESKTOP
-    IpcClient::withInterface([this](QSharedPointer<IpcInterfaceReplica> rep) {
-        connect(rep.data(), &IpcInterfaceReplica::networkChanged, this, &VpnConnection::reconnectToVpn, Qt::QueuedConnection);
-        connect(rep.data(), &IpcInterfaceReplica::wakeup, this, &VpnConnection::reconnectToVpn, Qt::QueuedConnection);
-    });
-#endif
 }
 
 void VpnConnection::appendKillSwitchConfig()
@@ -423,27 +439,6 @@ QString VpnConnection::bytesPerSecToText(quint64 bytes)
     return QString("%1 %2").arg(QString::number(mbps, 'f', 2)).arg(tr("Mbps")); // Mbit/s
 }
 
-void VpnConnection::reconnectToVpn() {
-    if (m_vpnProtocol.isNull())
-        return;
-
-    if (m_connectionState != Vpn::ConnectionState::Connected) {
-        qWarning() << QString("Reconnect triggered on %1 during inappropriate state: %2; ignoring slot")
-                              .arg(QMetaEnum::fromType<Vpn::ConnectionState>().valueToKey(m_connectionState));
-        return;
-    }
-
-    qDebug() << "Reconnect triggered. Reconnecting to the server";
-
-    setConnectionState(Vpn::ConnectionState::Reconnecting);
-
-    m_vpnProtocol->stop();
-    if (ErrorCode err = m_vpnProtocol->start(); err != ErrorCode::NoError) {
-        setConnectionState(Vpn::ConnectionState::Error);
-        emit vpnProtocolError(err);
-    }
-}
-
 void VpnConnection::disconnectFromVpn()
 {
 #if defined(Q_OS_IOS) || defined(MACOS_NE)
@@ -453,25 +448,40 @@ void VpnConnection::disconnectFromVpn()
 #endif
 
     if (m_vpnProtocol.isNull()) {
-        setConnectionState(Vpn::ConnectionState::Disconnected);
+        emit connectionStateChanged(Vpn::ConnectionState::Disconnected);
         return;
     }
 
-    setConnectionState(Vpn::ConnectionState::Disconnecting);
+    m_vpnProtocol->stop();
+
+#ifdef AMNEZIA_DESKTOP
+    IpcClient::withInterface([](QSharedPointer<IpcInterfaceReplica> iface) {
+        QRemoteObjectPendingReply<bool> flushReply = iface->flushDns();
+        if (flushReply.waitForFinished(5000) && flushReply.returnValue())
+            qDebug() << "VpnConnection::disconnectFromVpn(): Successfully flushed DNS";
+        else
+            qWarning() << "VpnConnection::disconnectFromVpn(): Failed to flush DNS";
+
+        QRemoteObjectPendingReply<bool> clearSavedRoutesReply = iface->clearSavedRoutes();
+        if (clearSavedRoutesReply.waitForFinished(5000) && clearSavedRoutesReply.returnValue())
+            qDebug() << "VpnConnection::disconnectFromVpn(): Successfully cleared saved routes";
+        else
+            qWarning() << "VpnConnection::disconnectFromVpn(): Failed to clear saved routes";
+    });
+#endif
 
 #ifdef Q_OS_ANDROID
     auto *const connection = new QMetaObject::Connection;
     *connection = connect(AndroidController::instance(), &AndroidController::vpnStateChanged, this,
                           [this, connection](AndroidController::ConnectionState state) {
                               if (state == AndroidController::ConnectionState::DISCONNECTED) {
-                                  setConnectionState(Vpn::ConnectionState::Disconnected);
+                                  onConnectionStateChanged(Vpn::ConnectionState::Disconnected);
                                   disconnect(*connection);
                                   delete connection;
                               }
                           });
-#endif
-
     m_vpnProtocol->stop();
+#endif
 
 #if !defined(Q_OS_ANDROID) && !defined(AMNEZIA_DESKTOP)
     m_vpnProtocol->deleteLater();
@@ -480,12 +490,27 @@ void VpnConnection::disconnectFromVpn()
     m_vpnProtocol = nullptr;
 }
 
-void VpnConnection::setConnectionState(Vpn::ConnectionState state) {
-    onConnectionStateChanged(state);
-
-    if (state == Vpn::Disconnected && m_connectionState == Vpn::Reconnecting)
-        return;
-
-    m_connectionState = state;
-    emit connectionStateChanged(state);
+Vpn::ConnectionState VpnConnection::connectionState()
+{
+    if (!m_vpnProtocol)
+        return Vpn::ConnectionState::Disconnected;
+    return m_vpnProtocol->connectionState();
+}
+
+bool VpnConnection::isConnected() const
+{
+    if (m_vpnProtocol.isNull()) {
+        return false;
+    }
+
+    return m_vpnProtocol->isConnected();
+}
+
+bool VpnConnection::isDisconnected() const
+{
+    if (m_vpnProtocol.isNull()) {
+        return true;
+    }
+
+    return m_vpnProtocol->isDisconnected();
 }

client/vpnconnection.h

@@ -34,6 +34,10 @@ public:
 
     ErrorCode lastError() const;
 
+    bool isConnected() const;
+    bool isDisconnected() const;
+
+    Vpn::ConnectionState connectionState();
     QSharedPointer<VpnProtocol> vpnProtocol() const;
 
     const QString &remoteAddress() const;
@@ -44,10 +48,14 @@ public:
 #endif
 
 public slots:
-    void connectToVpn(int serverIndex, const ServerCredentials &credentials, DockerContainer container, const QJsonObject &vpnConfiguration);
-    void reconnectToVpn();
+    void connectToVpn(int serverIndex,
+    const ServerCredentials &credentials, DockerContainer container, const QJsonObject &vpnConfiguration);
+
     void disconnectFromVpn();
 
+    void addRoutes(const QStringList &ips);
+    void deleteRoutes(const QStringList &ips);
+    void flushDns();
     void onKillSwitchModeChanged(bool enabled);
     void disconnectSlots();
 
@@ -62,8 +70,6 @@ protected slots:
     void onBytesChanged(quint64 receivedBytes, quint64 sentBytes);
     void onConnectionStateChanged(Vpn::ConnectionState state);
 
-    void setConnectionState(Vpn::ConnectionState state);
-
 protected:
     QSharedPointer<VpnProtocol> m_vpnProtocol;
 
@@ -83,8 +89,6 @@ private:
    void createAndroidConnections();
 #endif
 
-   Vpn::ConnectionState m_connectionState;
-
    void createProtocolConnections();
 
    void appendSplitTunnelingConfig();

ipc/ipc_interface.rep

@@ -45,6 +45,5 @@ class IpcInterface
     SLOT( bool stopNetworkCheck() );
 
     SIGNAL( connectionLose() );
-    SIGNAL( wakeup() );
-    SIGNAL( networkChanged() );
+    SIGNAL( networkChange() );
 };

service/server/killswitch.cpp

@@ -33,10 +33,18 @@ KillSwitch* KillSwitch::instance()
 
 bool KillSwitch::init()
 {
-#if defined(Q_OS_LINUX) || defined(Q_OS_MACOS)
+#ifdef Q_OS_LINUX
+    if (!LinuxFirewall::isInstalled()) {
+        LinuxFirewall::install();
+    }
+    m_appSettigns = QSharedPointer<SecureQSettings>(new SecureQSettings(ORGANIZATION_NAME, APPLICATION_NAME, nullptr));
+#endif
+#ifdef Q_OS_MACOS
+    if (!MacOSFirewall::isInstalled()) {
+        MacOSFirewall::install();
+    }
     m_appSettigns = QSharedPointer<SecureQSettings>(new SecureQSettings(ORGANIZATION_NAME, APPLICATION_NAME, nullptr));
 #endif
-
     if (isStrictKillSwitchEnabled()) {
         return disableAllTraffic();
     }
@@ -71,6 +79,7 @@ bool KillSwitch::isStrictKillSwitchEnabled()
                              + "\\" + QString(APPLICATION_NAME), QSettings::NativeFormat);
     return RegHLM.value("strictKillSwitchEnabled", false).toBool();
 #endif
+    m_appSettigns->sync();
     return m_appSettigns->value("Conf/strictKillSwitchEnabled", false).toBool();
 }
 

service/server/localserver.cpp

@@ -50,8 +50,8 @@ LocalServer::LocalServer(QObject *parent) : QObject(parent),
     }
 
     m_networkWatcher.initialize();
-    connect(&m_networkWatcher, &NetworkWatcher::networkChanged, &m_ipcServer, &IpcServer::networkChanged);
-    connect(&m_networkWatcher, &NetworkWatcher::wakeup, &m_ipcServer, &IpcServer::wakeup);
+    connect(&m_networkWatcher, &NetworkWatcher::sleepMode, &m_ipcServer, &IpcServer::networkChange);
+    connect(&m_networkWatcher, &NetworkWatcher::networkChange, &m_ipcServer, &IpcServer::networkChange);
     KillSwitch::instance()->init();
 
 #ifdef Q_OS_LINUX