fix(linux): force Qt6 modules to link from bundled lib via rpath

.github/workflows/deploy.yml

@@ -660,57 +660,15 @@ jobs:
         ANDROID_KEYSTORE_KEY_ALIAS: ${{ secrets.ANDROID_RELEASE_KEYSTORE_KEY_ALIAS }}
         ANDROID_KEYSTORE_KEY_PASS: ${{ secrets.ANDROID_RELEASE_KEYSTORE_KEY_PASS }}
       shell: bash
-      run: ./deploy/build_android.sh --aab --play --apk all --build-platform ${{ env.ANDROID_BUILD_PLATFORM }}
-
-    - name: 'Build OSS AAB (in-app purchase)'
-      env:
-        ANDROID_NDK_ROOT: ${{ steps.setup-ndk.outputs.ndk-path }}
-        QT_HOST_PATH: ${{ runner.temp }}/Qt/${{ env.QT_VERSION }}/gcc_64
-        ANDROID_KEYSTORE_PATH: ${{ github.workspace }}/android.keystore
-        ANDROID_KEYSTORE_KEY_ALIAS: ${{ secrets.ANDROID_RELEASE_KEYSTORE_KEY_ALIAS }}
-        ANDROID_KEYSTORE_KEY_PASS: ${{ secrets.ANDROID_RELEASE_KEYSTORE_KEY_PASS }}
-      shell: bash
-      run: ./deploy/build_android.sh --aab --build-platform ${{ env.ANDROID_BUILD_PLATFORM }}
-
-    - name: 'Upload OSS x86_64 apk'
-      uses: actions/upload-artifact@v4
-      with:
-        name: AmneziaVPN-android-x86_64
-        path: deploy/build/AmneziaVPN-oss-x86_64-release.apk
-        compression-level: 0
-        retention-days: 7
-
-    - name: 'Upload OSS x86 apk'
-      uses: actions/upload-artifact@v4
-      with:
-        name: AmneziaVPN-android-x86
-        path: deploy/build/AmneziaVPN-oss-x86-release.apk
-        compression-level: 0
-        retention-days: 7
-
-    - name: 'Upload OSS arm64-v8a apk'
-      uses: actions/upload-artifact@v4
-      with:
-        name: AmneziaVPN-android-arm64-v8a
-        path: deploy/build/AmneziaVPN-oss-arm64-v8a-release.apk
-        compression-level: 0
-        retention-days: 7
-
-    - name: 'Upload OSS armeabi-v7a apk'
-      uses: actions/upload-artifact@v4
-      with:
-        name: AmneziaVPN-android-armeabi-v7a
-        path: deploy/build/AmneziaVPN-oss-armeabi-v7a-release.apk
-        compression-level: 0
-        retention-days: 7
+      run: ./deploy/build_android.sh --aab --apk all --build-platform ${{ env.ANDROID_BUILD_PLATFORM }}
 
     - name: 'Rename Android APKs'
       run: |
         cd deploy/build
-        mv AmneziaVPN-oss-x86_64-release.apk AmneziaVPN_${VERSION}_android9+_x86_64.apk
-        mv AmneziaVPN-oss-x86-release.apk AmneziaVPN_${VERSION}_android9+_x86.apk
-        mv AmneziaVPN-oss-arm64-v8a-release.apk AmneziaVPN_${VERSION}_android9+_arm64-v8a.apk
-        mv AmneziaVPN-oss-armeabi-v7a-release.apk AmneziaVPN_${VERSION}_android9+_armeabi-v7a.apk
+        mv AmneziaVPN-x86_64-release.apk AmneziaVPN_${VERSION}_android9+_x86_64.apk
+        mv AmneziaVPN-x86-release.apk AmneziaVPN_${VERSION}_android9+_x86.apk
+        mv AmneziaVPN-arm64-v8a-release.apk AmneziaVPN_${VERSION}_android9+_arm64-v8a.apk
+        mv AmneziaVPN-armeabi-v7a-release.apk AmneziaVPN_${VERSION}_android9+_armeabi-v7a.apk
         cd ../..
 
     - name: 'Upload x86_64 apk'
@@ -745,19 +703,11 @@ jobs:
         compression-level: 0
         retention-days: 7
 
-    - name: 'Upload Play AAB'
+    - name: 'Upload aab'
       uses: actions/upload-artifact@v4
       with:
         name: AmneziaVPN-android
-        path: deploy/build/AmneziaVPN-play-release.aab
-        compression-level: 0
-        retention-days: 7
-
-    - name: 'Upload OSS AAB (in-app purchase)'
-      uses: actions/upload-artifact@v4
-      with:
-        name: AmneziaVPN-android-oss-aab
-        path: deploy/build/AmneziaVPN-oss-release.aab
+        path: deploy/build/AmneziaVPN-release.aab
         compression-level: 0
         retention-days: 7
 

CMakeLists.txt

@@ -1,7 +1,7 @@
 cmake_minimum_required(VERSION 3.25.0 FATAL_ERROR)
 
 set(PROJECT AmneziaVPN)
-set(AMNEZIAVPN_VERSION 4.8.13.1)
+set(AMNEZIAVPN_VERSION 4.8.13.0)
 
 project(${PROJECT} VERSION ${AMNEZIAVPN_VERSION}
         DESCRIPTION "AmneziaVPN"
@@ -12,9 +12,7 @@ string(TIMESTAMP CURRENT_DATE "%Y-%m-%d")
 set(RELEASE_DATE "${CURRENT_DATE}")
 
 set(APP_MAJOR_VERSION ${CMAKE_PROJECT_VERSION_MAJOR}.${CMAKE_PROJECT_VERSION_MINOR}.${CMAKE_PROJECT_VERSION_PATCH})
-
-set(APP_ANDROID_VERSION_CODE 2107)
-
+set(APP_ANDROID_VERSION_CODE 2106)
 
 if(${CMAKE_SYSTEM_NAME} STREQUAL "Linux")
     set(MZ_PLATFORM_NAME "linux")
@@ -63,7 +61,6 @@ if(WIN32 AND NOT IOS AND NOT ANDROID AND NOT MACOS_NE)
     set(CPACK_PACKAGE_VENDOR "AmneziaVPN")
     set(CPACK_PACKAGE_VERSION ${AMNEZIAVPN_VERSION})
     set(CPACK_PACKAGE_DESCRIPTION_SUMMARY "AmneziaVPN client")
-    set(CPACK_RESOURCE_FILE_LICENSE "${CMAKE_SOURCE_DIR}/LICENSE")
     set(CPACK_PACKAGE_INSTALL_DIRECTORY "AmneziaVPN")
     set(CPACK_PACKAGE_DIRECTORY "${CMAKE_BINARY_DIR}")
     set(CPACK_PACKAGE_EXECUTABLES "AmneziaVPN" "AmneziaVPN")

client/CMakeLists.txt

@@ -37,6 +37,10 @@ if(WIN32 OR (APPLE AND NOT IOS) OR (LINUX AND NOT ANDROID))
     set(PACKAGES ${PACKAGES} Widgets)
 endif()
 
+if(LINUX AND NOT ANDROID)
+    list(APPEND PACKAGES QuickTemplates2 QmlModels OpenGL)
+endif()
+
 find_package(Qt6 REQUIRED COMPONENTS ${PACKAGES})
 
 set(LIBS ${LIBS}
@@ -52,6 +56,23 @@ endif()
 
 qt_standard_project_setup()
 qt_add_executable(${PROJECT} MANUAL_FINALIZATION)
+
+if(LINUX AND NOT ANDROID)
+    target_link_options(${PROJECT} PRIVATE "-Wl,--no-as-needed")
+    target_link_options(${PROJECT} PRIVATE "LINKER:--disable-new-dtags")
+    set_target_properties(${PROJECT} PROPERTIES
+        BUILD_RPATH "\$ORIGIN/../lib"
+        INSTALL_RPATH "\$ORIGIN/../lib"
+        INSTALL_RPATH_USE_LINK_PATH FALSE
+    )
+    set_property(TARGET ${PROJECT} PROPERTY BUILD_WITH_INSTALL_RPATH TRUE)
+
+    target_link_libraries(${PROJECT} PRIVATE
+        Qt6::QuickTemplates2
+        Qt6::QmlModels
+        Qt6::OpenGL
+    )
+endif()
 target_include_directories(${PROJECT} PUBLIC
     $<BUILD_INTERFACE:${CMAKE_CURRENT_BINARY_DIR}>
 )
@@ -59,6 +80,7 @@ target_include_directories(${PROJECT} PUBLIC
 if(WIN32 OR (APPLE AND NOT IOS AND NOT MACOS_NE) OR (LINUX AND NOT ANDROID))
     qt_add_repc_replicas(${PROJECT} ${CMAKE_CURRENT_LIST_DIR}/../ipc/ipc_interface.rep)
     qt_add_repc_replicas(${PROJECT} ${CMAKE_CURRENT_LIST_DIR}/../ipc/ipc_process_interface.rep)
+    qt_add_repc_replicas(${PROJECT} ${CMAKE_CURRENT_LIST_DIR}/../ipc/ipc_process_tun2socks.rep)
 endif()
 
 qt6_add_resources(QRC ${QRC} ${CMAKE_CURRENT_LIST_DIR}/resources.qrc)
@@ -194,6 +216,17 @@ elseif(APPLE)
 endif()
 
 target_link_libraries(${PROJECT} PRIVATE ${LIBS})
+
+if(LINUX AND NOT ANDROID)
+    target_link_libraries(${PROJECT} PRIVATE
+        "-Wl,--push-state,--no-as-needed"
+        Qt6::QuickTemplates2
+        Qt6::QmlModels
+        Qt6::OpenGL
+        "-Wl,--pop-state"
+    )
+endif()
+
 target_compile_definitions(${PROJECT} PRIVATE "MZ_$<UPPER_CASE:${MZ_PLATFORM_NAME}>")
 
 # deploy artifacts required to run the application to the debug build folder

client/android/billing/build.gradle.kts

@@ -1,19 +0,0 @@
-plugins {
-    id(libs.plugins.android.library.get().pluginId)
-    id(libs.plugins.kotlin.android.get().pluginId)
-}
-
-kotlin {
-    jvmToolchain(17)
-}
-
-android {
-    namespace = "org.amnezia.vpn.billing"
-}
-
-dependencies {
-    compileOnly(project(":utils"))
-    implementation(libs.androidx.core)
-    implementation(libs.kotlinx.coroutines)
-    implementation(libs.android.billing)
-}

client/android/billing/src/main/kotlin/BillingException.kt

@@ -1,65 +0,0 @@
-import com.android.billingclient.api.BillingClient.BillingResponseCode.BILLING_UNAVAILABLE
-import com.android.billingclient.api.BillingClient.BillingResponseCode.DEVELOPER_ERROR
-import com.android.billingclient.api.BillingClient.BillingResponseCode.ERROR
-import com.android.billingclient.api.BillingClient.BillingResponseCode.FEATURE_NOT_SUPPORTED
-import com.android.billingclient.api.BillingClient.BillingResponseCode.ITEM_ALREADY_OWNED
-import com.android.billingclient.api.BillingClient.BillingResponseCode.ITEM_NOT_OWNED
-import com.android.billingclient.api.BillingClient.BillingResponseCode.ITEM_UNAVAILABLE
-import com.android.billingclient.api.BillingClient.BillingResponseCode.NETWORK_ERROR
-import com.android.billingclient.api.BillingClient.BillingResponseCode.SERVICE_DISCONNECTED
-import com.android.billingclient.api.BillingClient.BillingResponseCode.SERVICE_UNAVAILABLE
-import com.android.billingclient.api.BillingClient.BillingResponseCode.USER_CANCELED
-import com.android.billingclient.api.BillingResult
-import org.amnezia.vpn.util.ErrorCode
-
-internal class BillingException(
-    billingResult: BillingResult,
-    retryable: Boolean = false
-) : Exception(billingResult.toString()) {
-
-    constructor(msg: String) : this(BillingResult.newBuilder()
-        .setResponseCode(DEVELOPER_ERROR)
-        .setDebugMessage(msg)
-        .build())
-
-    val errorCode: Int
-    val isCanceled = billingResult.responseCode == USER_CANCELED
-    val isRetryable = retryable || billingResult.responseCode in setOf(
-        NETWORK_ERROR,
-        SERVICE_DISCONNECTED,
-        SERVICE_UNAVAILABLE,
-        ERROR
-    )
-
-    init {
-        when (billingResult.responseCode) {
-            ERROR -> {
-                errorCode = ErrorCode.BillingGooglePlayError
-            }
-
-            BILLING_UNAVAILABLE, SERVICE_DISCONNECTED, SERVICE_UNAVAILABLE -> {
-                errorCode = ErrorCode.BillingUnavailable
-            }
-
-            DEVELOPER_ERROR, FEATURE_NOT_SUPPORTED, ITEM_NOT_OWNED -> {
-                errorCode = ErrorCode.BillingError
-            }
-
-            ITEM_ALREADY_OWNED -> {
-                errorCode = ErrorCode.SubscriptionAlreadyOwned
-            }
-
-            ITEM_UNAVAILABLE -> {
-                errorCode = ErrorCode.SubscriptionUnavailable
-            }
-
-            NETWORK_ERROR -> {
-                errorCode = ErrorCode.BillingNetworkError
-            }
-
-            else -> {
-                errorCode = ErrorCode.BillingError
-            }
-        }
-    }
-}

client/android/billing/src/main/kotlin/BillingProvider.kt

@@ -1,320 +0,0 @@
-import android.app.Activity
-import android.content.Context
-import com.android.billingclient.api.AcknowledgePurchaseParams
-import com.android.billingclient.api.BillingClient
-import com.android.billingclient.api.BillingClient.BillingResponseCode
-import com.android.billingclient.api.BillingClient.ProductType
-import com.android.billingclient.api.BillingClientStateListener
-import com.android.billingclient.api.BillingFlowParams
-import com.android.billingclient.api.BillingFlowParams.SubscriptionUpdateParams.ReplacementMode
-import com.android.billingclient.api.BillingResult
-import com.android.billingclient.api.GetBillingConfigParams
-import com.android.billingclient.api.PendingPurchasesParams
-import com.android.billingclient.api.ProductDetails
-import com.android.billingclient.api.Purchase
-import com.android.billingclient.api.PurchasesUpdatedListener
-import com.android.billingclient.api.QueryProductDetailsParams
-import com.android.billingclient.api.QueryProductDetailsParams.Product
-import com.android.billingclient.api.QueryPurchasesParams
-import com.android.billingclient.api.acknowledgePurchase
-import com.android.billingclient.api.queryProductDetails
-import com.android.billingclient.api.queryPurchasesAsync
-import kotlinx.coroutines.CancellationException
-import kotlinx.coroutines.CompletableDeferred
-import kotlinx.coroutines.Dispatchers
-import kotlinx.coroutines.delay
-import kotlinx.coroutines.flow.MutableStateFlow
-import kotlinx.coroutines.flow.firstOrNull
-import kotlinx.coroutines.withContext
-import org.amnezia.vpn.util.ErrorCode
-import org.amnezia.vpn.util.Log
-import org.json.JSONArray
-import org.json.JSONObject
-
-private const val TAG = "BillingProvider"
-private const val PRODUCT_ID = "premium"
-
-class BillingProvider(context: Context) : AutoCloseable {
-
-    private var billingClient: BillingClient
-    private var subscriptionPurchases = MutableStateFlow<Pair<BillingResult, List<Purchase>?>?>(null)
-
-    private val purchasesUpdatedListeners = PurchasesUpdatedListener { billingResult, purchases ->
-        Log.v(TAG, "Purchases updated: $billingResult")
-        subscriptionPurchases.value = billingResult to purchases
-    }
-
-    init {
-        billingClient = BillingClient.newBuilder(context)
-            .setListener(purchasesUpdatedListeners)
-            .enablePendingPurchases(PendingPurchasesParams.newBuilder().enableOneTimeProducts().build())
-            .build()
-    }
-
-    private suspend fun connect() {
-        if (billingClient.isReady) return
-
-        Log.v(TAG, "Billing client connection")
-        val connection = CompletableDeferred<Unit>()
-        withContext(Dispatchers.IO) {
-            billingClient.startConnection(object : BillingClientStateListener {
-                override fun onBillingSetupFinished(billingResult: BillingResult) {
-                    Log.v(TAG, "Billing setup finished: $billingResult")
-                    if (billingResult.isOk) {
-                        connection.complete(Unit)
-                    } else {
-                        Log.e(TAG, "Billing setup failed: $billingResult")
-                        connection.completeExceptionally(BillingException(billingResult))
-                    }
-                }
-
-                override fun onBillingServiceDisconnected() {
-                    Log.w(TAG, "Billing service disconnected")
-                }
-            })
-        }
-        connection.await()
-    }
-
-    private suspend fun handleBillingApiCall(block: suspend () -> JSONObject): JSONObject {
-        val numberAttempts = 3
-        var attemptCount = 0
-        while (true) {
-            try {
-                return block()
-            } catch (e: BillingException) {
-                if (e.isCanceled) {
-                    Log.w(TAG, "Billing canceled")
-                    return JSONObject().put("responseCode", ErrorCode.BillingCanceled)
-                } else if (e.isRetryable && attemptCount < numberAttempts) {
-                    Log.d(TAG, "Retryable error: $e")
-                    ++attemptCount
-                    delay(1000)
-                } else {
-                    Log.e(TAG, "Billing error: $e")
-                    return JSONObject().put("responseCode", e.errorCode)
-                }
-            } catch (_: CancellationException) {
-                Log.w(TAG, "Billing coroutine canceled")
-                return JSONObject().put("responseCode", ErrorCode.BillingCanceled)
-            }
-        }
-    }
-
-    suspend fun getSubscriptionPlans(): JSONObject {
-        Log.v(TAG, "Get subscription plans")
-
-        val productDetailsList = getProductDetails()
-        val resultJson = JSONObject().put("responseCode", ErrorCode.NoError)
-        val productArray = JSONArray().also { resultJson.put("products", it) }
-        productDetailsList?.forEach { productDetails ->
-            val product = JSONObject().also { productArray.put(it) }
-                .put("productId", productDetails.productId)
-                .put("name", productDetails.name)
-            val offers = JSONArray().also { product.put("offers", it) }
-            productDetails.subscriptionOfferDetails?.forEach { offerDetails ->
-                val offer = JSONObject().also { offers.put(it) }
-                    .put("basePlanId", offerDetails.basePlanId)
-                    .put("offerId", offerDetails.offerId)
-                    .put("offerToken", offerDetails.offerToken)
-                val pricingPhases = JSONArray().also { offer.put("pricingPhases", it) }
-                offerDetails.pricingPhases.pricingPhaseList.forEach { phase ->
-                    JSONObject().also { pricingPhases.put(it) }
-                        .put("billingCycleCount", phase.billingCycleCount)
-                        .put("billingPeriod", phase.billingPeriod)
-                        .put("formatedPrice", phase.formattedPrice)
-                        .put("recurrenceMode", phase.recurrenceMode)
-                }
-            }
-        }
-        return resultJson
-    }
-
-    private suspend fun getProductDetails(): List<ProductDetails>? {
-        Log.v(TAG, "Get product details")
-
-        val productDetailsParams = Product.newBuilder()
-            .setProductId(PRODUCT_ID)
-            .setProductType(ProductType.SUBS)
-            .build()
-
-        val queryProductDetailsParams = QueryProductDetailsParams.newBuilder()
-            .setProductList(listOf(productDetailsParams))
-            .build()
-
-        val result = withContext(Dispatchers.IO) {
-            billingClient.queryProductDetails(queryProductDetailsParams)
-        }
-
-        Log.v(TAG, "Query product details result: ${result.billingResult}")
-
-        if (!result.billingResult.isOk) {
-            Log.e(TAG, "Failed to get product details: ${result.billingResult}")
-            throw BillingException(result.billingResult)
-        }
-
-        return result.productDetailsList
-    }
-
-    suspend fun getCustomerCountryCode(): JSONObject {
-        Log.v(TAG, "Get customer country code")
-
-        val deferred = CompletableDeferred<String>()
-        withContext(Dispatchers.IO) {
-            billingClient.getBillingConfigAsync(GetBillingConfigParams.newBuilder().build(),
-                { billingResult, billingConfig ->
-                    Log.v(TAG, "Billing config: $billingResult, ${billingConfig?.countryCode}")
-                    if (billingResult.isOk) {
-                        deferred.complete(billingConfig?.countryCode ?: "")
-                    } else {
-                        deferred.completeExceptionally(BillingException(billingResult))
-                    }
-                })
-        }
-        val countryCode = deferred.await()
-
-        return JSONObject()
-            .put("responseCode", ErrorCode.NoError)
-            .put("countryCode", countryCode)
-    }
-
-    suspend fun purchaseSubscription(
-        activity: Activity,
-        offerToken: String,
-        oldPurchaseToken: String? = null
-    ): JSONObject {
-        Log.v(TAG, "Purchase subscription")
-        Log.v(TAG, "Offer token: $offerToken")
-        oldPurchaseToken?.let { Log.v(TAG, "Old purchase token: $it") }
-
-        if (offerToken.isBlank()) throw BillingException("offerToken can not be empty")
-
-        val productDetails = getProductDetails()?.let {
-            it.filter { it.productId == PRODUCT_ID }
-        }?.firstOrNull() ?: throw BillingException("Product details not found")
-
-        Log.v(TAG, "Filtered product details:\n$productDetails")
-
-        val productDetail = BillingFlowParams.ProductDetailsParams.newBuilder()
-            .setProductDetails(productDetails)
-            .setOfferToken(offerToken)
-            .build()
-
-        val subscriptionUpdateParams = oldPurchaseToken?.let {
-            BillingFlowParams.SubscriptionUpdateParams.newBuilder()
-                .setOldPurchaseToken(oldPurchaseToken)
-                .setSubscriptionReplacementMode(ReplacementMode.WITHOUT_PRORATION)
-                .build()
-        }
-
-        val billingResult = billingClient.launchBillingFlow(activity, BillingFlowParams.newBuilder()
-            .setProductDetailsParamsList(listOf(productDetail))
-            .apply { subscriptionUpdateParams?.let { setSubscriptionUpdateParams(it) } }
-            .build())
-
-        Log.v(TAG, "Start billing flow result: $billingResult")
-
-        if (billingResult.responseCode == BillingResponseCode.ITEM_ALREADY_OWNED) {
-            Log.w(TAG, "Attempting to purchase already owned product")
-            val purchases = queryPurchases()
-            if (purchases.any { PRODUCT_ID in it.products }) throw BillingException(billingResult)
-            else throw BillingException(billingResult, retryable = true)
-        } else if (billingResult.responseCode == BillingResponseCode.ITEM_NOT_OWNED) {
-            Log.w(TAG, "Attempting to replace not owned product")
-            val purchases = queryPurchases()
-            if (purchases.all { PRODUCT_ID !in it.products }) throw BillingException(billingResult)
-            else throw BillingException(billingResult, retryable = true)
-        } else if (!billingResult.isOk) throw BillingException(billingResult)
-
-        subscriptionPurchases.firstOrNull { it != null }?.let { (billingResult, purchases) ->
-            if (!billingResult.isOk) throw BillingException(billingResult)
-            return JSONObject()
-                .put("responseCode", ErrorCode.NoError)
-                .put("purchases", processPurchases(purchases))
-        } ?: throw BillingException("Purchase failed")
-    }
-
-    private fun processPurchases(purchases: List<Purchase>?): JSONArray {
-        val purchaseArray = JSONArray()
-        purchases?.forEach { purchase ->
-            /* val purchaseJson = */ JSONObject().also { purchaseArray.put(it) }
-                .put("purchaseToken", purchase.purchaseToken)
-                .put("purchaseTime", purchase.purchaseTime)
-                .put("purchaseState", purchase.purchaseState)
-                .put("isAcknowledged", purchase.isAcknowledged)
-                .put("isAutoRenewing", purchase.isAutoRenewing)
-                .put("orderId", purchase.orderId)
-                // .put("productIds", JSONArray(purchase.products))
-
-            /* purchase.pendingPurchaseUpdate?.let { purchaseUpdate ->
-                JSONObject()
-                    .put("purchaseToken", purchaseUpdate.purchaseToken)
-                    // .put("productIds", JSONArray(purchaseUpdate.products))
-            }.also { purchaseJson.put("pendingPurchaseUpdate", it) } */
-        }
-        return purchaseArray
-    }
-
-    suspend fun acknowledge(purchaseToken: String): JSONObject {
-        Log.v(TAG, "Acknowledge purchase: $purchaseToken")
-
-        val result = withContext(Dispatchers.IO) {
-            billingClient.acknowledgePurchase(
-                AcknowledgePurchaseParams.newBuilder()
-                    .setPurchaseToken(purchaseToken)
-                    .build()
-            )
-        }
-
-        Log.v(TAG, "Acknowledge purchase result: $result")
-
-        if (result.responseCode == BillingResponseCode.ITEM_NOT_OWNED) {
-            Log.w(TAG, "Attempting to acknowledge not owned product")
-            val purchases = queryPurchases()
-            if (purchases.all { PRODUCT_ID !in it.products }) throw BillingException(result)
-            else throw BillingException(result, retryable = true)
-        } else if (!result.isOk && result.responseCode != BillingResponseCode.ITEM_ALREADY_OWNED) {
-            throw BillingException(result)
-        }
-
-        return JSONObject().put("responseCode", ErrorCode.NoError)
-    }
-
-    suspend fun getPurchases(): JSONObject {
-        Log.v(TAG, "Get purchases")
-        val purchases = queryPurchases()
-        return JSONObject()
-            .put("responseCode", ErrorCode.NoError)
-            .put("purchases", processPurchases(purchases))
-    }
-
-    private suspend fun queryPurchases(): List<Purchase> {
-        Log.v(TAG, "Query purchases")
-        val result = withContext(Dispatchers.IO) {
-            billingClient.queryPurchasesAsync(
-                QueryPurchasesParams.newBuilder().setProductType(ProductType.SUBS).build()
-            )
-        }
-        Log.v(TAG, "Query purchases result: ${result.billingResult}")
-        if (!result.billingResult.isOk) throw BillingException(result.billingResult)
-        return result.purchasesList
-    }
-
-    override fun close() {
-        Log.v(TAG, "Close billing client connection")
-        billingClient.endConnection()
-    }
-
-    companion object {
-        suspend fun withBillingProvider(context: Context, block: suspend BillingProvider.() -> JSONObject): String =
-            BillingProvider(context).use { bp ->
-                bp.handleBillingApiCall {
-                    bp.connect()
-                    bp.block()
-                }.toString()
-            }
-    }
-}
-
-internal val BillingResult.isOk: Boolean
-    get() = responseCode == BillingResponseCode.OK

client/android/build.gradle.kts

@@ -20,7 +20,6 @@ android {
     namespace = "org.amnezia.vpn"
 
     buildFeatures {
-        buildConfig = true
         viewBinding = true
     }
 
@@ -42,6 +41,17 @@ android {
         resourceConfigurations += listOf("en", "ru", "b+zh+Hans")
     }
 
+    sourceSets {
+        getByName("main") {
+            manifest.srcFile("AndroidManifest.xml")
+            java.setSrcDirs(listOf("src"))
+            res.setSrcDirs(listOf("res"))
+            // androyddeployqt creates the folders below
+            assets.setSrcDirs(listOf("assets"))
+            jniLibs.setSrcDirs(listOf("libs"))
+        }
+    }
+
     signingConfigs {
         register("release") {
             storeFile = providers.environmentVariable("ANDROID_KEYSTORE_PATH").orNull?.let { file(it) }
@@ -67,36 +77,6 @@ android {
         }
     }
 
-    flavorDimensions += "billing"
-
-    productFlavors {
-        create("oss") {
-            dimension = "billing"
-        }
-        create("play") {
-            dimension = "billing"
-        }
-    }
-
-    sourceSets {
-        getByName("main") {
-            manifest.srcFile("AndroidManifest.xml")
-            java.setSrcDirs(listOf("src"))
-            res.setSrcDirs(listOf("res"))
-            // androyddeployqt creates the folders below
-            assets.setSrcDirs(listOf("assets"))
-            jniLibs.setSrcDirs(listOf("libs"))
-        }
-
-        getByName("oss") {
-            java.setSrcDirs(listOf("oss"))
-        }
-
-        getByName("play") {
-            java.setSrcDirs(listOf("play"))
-        }
-    }
-
     splits {
         abi {
             isEnable = true
@@ -142,9 +122,4 @@ dependencies {
     implementation(libs.google.mlkit)
     implementation(libs.androidx.datastore)
     implementation(libs.androidx.biometric)
-
-    playImplementation(project(":billing"))
 }
-
-fun DependencyHandler.playImplementation(dependency: Any): Dependency? =
-    add("playImplementation", dependency)

client/android/gradle/libs.versions.toml

@@ -1,7 +1,6 @@
 [versions]
 agp = "8.5.2"
 kotlin = "1.9.24"
-android-billing = "7.0.0"
 androidx-core = "1.13.1"
 androidx-activity = "1.9.1"
 androidx-annotation = "1.8.2"
@@ -15,7 +14,6 @@ kotlinx-serialization = "1.6.3"
 google-mlkit = "17.3.0"
 
 [libraries]
-android-billing = { module = "com.android.billingclient:billing-ktx", version.ref = "android-billing" }
 androidx-core = { module = "androidx.core:core-ktx", version.ref = "androidx-core" }
 androidx-activity = { module = "androidx.activity:activity-ktx", version.ref = "androidx-activity" }
 androidx-annotation = { module = "androidx.annotation:annotation", version.ref = "androidx-annotation" }

client/android/oss/org/amnezia/vpn/BillingPaymentRepository.kt

@@ -1,13 +0,0 @@
-package org.amnezia.vpn
-
-import android.app.Activity
-import android.content.Context
-
-class BillingPaymentRepository(@Suppress("UNUSED_PARAMETER") context: Context) : BillingRepository {
-    override suspend fun getCountryCode(): String = ""
-    override suspend fun getSubscriptionPlans(): String = ""
-    override suspend fun purchaseSubscription(activity: Activity, offerToken: String): String = ""
-    override suspend fun upgradeSubscription(activity: Activity, offerToken: String, oldPurchaseToken: String): String = ""
-    override suspend fun acknowledge(purchaseToken: String): String = ""
-    override suspend fun queryPurchases(): String = ""
-}

client/android/play/org/amnezia/vpn/BillingPaymentRepository.kt

@@ -1,34 +0,0 @@
-package org.amnezia.vpn
-
-import android.app.Activity
-import android.content.Context
-import BillingProvider.Companion.withBillingProvider
-
-class BillingPaymentRepository(private val context: Context) : BillingRepository {
-
-    override suspend fun getCountryCode(): String = withBillingProvider(context) {
-        getCustomerCountryCode()
-    }
-
-    override suspend fun getSubscriptionPlans(): String = withBillingProvider(context) {
-        getSubscriptionPlans()
-    }
-
-    override suspend fun purchaseSubscription(activity: Activity, offerToken: String): String =
-        withBillingProvider(context) {
-            purchaseSubscription(activity, offerToken)
-    }
-
-    override suspend fun upgradeSubscription(activity: Activity, offerToken: String, oldPurchaseToken: String): String =
-        withBillingProvider(context) {
-            purchaseSubscription(activity, offerToken, oldPurchaseToken)
-        }
-
-    override suspend fun acknowledge(purchaseToken: String): String = withBillingProvider(context) {
-        acknowledge(purchaseToken)
-    }
-
-    override suspend fun queryPurchases(): String = withBillingProvider(context) {
-        getPurchases()
-    }
-}

client/android/settings.gradle.kts

@@ -31,7 +31,6 @@ rootProject.buildFileName = "build.gradle.kts"
 
 include(":qt")
 include(":utils")
-include(":billing")
 include(":protocolApi")
 include(":wireguard")
 include(":awg")

client/android/src/org/amnezia/vpn/AmneziaActivity.kt

@@ -55,6 +55,7 @@ import kotlinx.coroutines.async
 import kotlinx.coroutines.cancel
 import kotlinx.coroutines.launch
 import kotlinx.coroutines.runBlocking
+import kotlinx.coroutines.withContext
 import org.amnezia.vpn.protocol.getStatistics
 import org.amnezia.vpn.protocol.getStatus
 import org.amnezia.vpn.qt.QtAndroidController
@@ -86,14 +87,9 @@ class AmneziaActivity : QtActivity() {
     private var notificationStateReceiver: BroadcastReceiver? = null
     private lateinit var vpnServiceMessenger: IpcMessenger
     private var pfd: ParcelFileDescriptor? = null
-    private lateinit var billingRepository: BillingRepository
 
     private val actionResultHandlers = mutableMapOf<Int, ActivityResultHandler>()
     private val permissionRequestHandlers = mutableMapOf<Int, PermissionRequestHandler>()
-    
-    private var isActivityResumed = false
-    private var hasWindowFocus = false
-    private val resumeHandler = Handler(Looper.getMainLooper())
 
     private val vpnServiceEventHandler: Handler by lazy(NONE) {
         object : Handler(Looper.getMainLooper()) {
@@ -199,7 +195,6 @@ class AmneziaActivity : QtActivity() {
         registerBroadcastReceivers()
         intent?.let(::processIntent)
         runBlocking { vpnProto = proto.await() }
-        billingRepository = BillingPaymentRepository(applicationContext)
     }
 
     private fun loadLibs() {
@@ -267,10 +262,6 @@ class AmneziaActivity : QtActivity() {
     }
 
     override fun onStop() {
-        isActivityResumed = false
-        hasWindowFocus = false
-        // Cancel all pending operations when activity stops
-        resumeHandler.removeCallbacksAndMessages(null)
         Log.d(TAG, "Stop Amnezia activity")
         doUnbindService()
         mainScope.launch {
@@ -282,13 +273,7 @@ class AmneziaActivity : QtActivity() {
 
     override fun onWindowFocusChanged(hasFocus: Boolean) {
         super.onWindowFocusChanged(hasFocus)
-        hasWindowFocus = hasFocus
         Log.d(TAG, "Window focus changed: hasFocus=$hasFocus")
-        
-        // Cancel pending operations if window loses focus
-        if (!hasFocus) {
-            resumeHandler.removeCallbacksAndMessages(null)
-        }
     }
 
     override fun dispatchKeyEvent(event: KeyEvent): Boolean {
@@ -331,42 +316,30 @@ class AmneziaActivity : QtActivity() {
 
     override fun onPause() {
         super.onPause()
-        isActivityResumed = false
-        // Cancel all pending operations when activity pauses
-        resumeHandler.removeCallbacksAndMessages(null)
         Log.d(TAG, "Pause Amnezia activity")
     }
 
     override fun onResume() {
         super.onResume()
-        isActivityResumed = true
-        Log.d(TAG, "Resume Amnezia activity")
-
-        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.UPSIDE_DOWN_CAKE) {
+       /* if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.UPSIDE_DOWN_CAKE) {
             window.decorView.apply {
                 invalidate()
 
-                resumeHandler.postDelayed({
-                    // Check if activity is still resumed and has focus before executing
-                    if (isActivityResumed && hasWindowFocus && !isFinishing && !isDestroyed) {
-                        sendTouch(1f, 1f)
-                    }
+                postDelayed({
+                    sendTouch(1f, 1f)
                 }, 100)
                 
-                resumeHandler.postDelayed({
-                    if (isActivityResumed && hasWindowFocus && !isFinishing && !isDestroyed) {
-                        sendTouch(2f, 2f)
-                    }
+                postDelayed({
+                    sendTouch(2f, 2f)
                 }, 200)
                 
-                resumeHandler.postDelayed({
-                    if (isActivityResumed && hasWindowFocus && !isFinishing && !isDestroyed) {
-                        requestLayout()
-                        invalidate()
-                    }
+                postDelayed({
+                    requestLayout()
+                    invalidate()
                 }, 250)
             }
-        }
+        }  */      
+        Log.d(TAG, "Resume Amnezia activity")
     }
 
     private fun configureWindowForEdgeToEdge() {
@@ -429,10 +402,6 @@ class AmneziaActivity : QtActivity() {
     }
 
     override fun onDestroy() {
-        isActivityResumed = false
-        hasWindowFocus = false
-        // Cancel all pending operations when activity is destroyed
-        resumeHandler.removeCallbacksAndMessages(null)
         Log.d(TAG, "Destroy Amnezia activity")
         unregisterBroadcastReceiver(notificationStateReceiver)
         notificationStateReceiver = null
@@ -933,9 +902,15 @@ class AmneziaActivity : QtActivity() {
     @Suppress("unused")
     fun getAppList(): String {
         Log.v(TAG, "Get app list")
-        return blockingCall(Dispatchers.IO) {
-            AppListProvider.getAppList(packageManager, packageName)
+        var appList = ""
+        runBlocking {
+            mainScope.launch {
+                withContext(Dispatchers.IO) {
+                    appList = AppListProvider.getAppList(packageManager, packageName)
+                }
+            }.join()
         }
+        return appList
     }
 
     @Suppress("unused")
@@ -1106,59 +1081,11 @@ class AmneziaActivity : QtActivity() {
         return super.dispatchTrackballEvent(ev)
     }
 
-    @Suppress("unused")
-    fun isPlay(): Boolean = BuildConfig.FLAVOR == "play"
-
-    @Suppress("unused")
-    fun isTestPurchaseEnvironment(): Boolean {
-        if (BuildConfig.DEBUG) return true
-        val appInfo = packageManager.getApplicationInfo(packageName, 0)
-        return (appInfo.flags and android.content.pm.ApplicationInfo.FLAG_DEBUGGABLE) != 0
-    }
-
-    @Suppress("unused")
-    fun getCountryCode(): String {
-        Log.v(TAG, "Get country code")
-        return blockingCall { billingRepository.getCountryCode() }
-    }
-
-    @Suppress("unused")
-    fun getSubscriptionPlans(): String {
-        Log.v(TAG, "Get subscription plans")
-        return blockingCall { billingRepository.getSubscriptionPlans() }
-    }
-
-    @Suppress("unused")
-    fun purchaseSubscription(offerToken: String): String {
-        Log.v(TAG, "Purchase subscription")
-        return blockingCall { billingRepository.purchaseSubscription(this@AmneziaActivity, offerToken) }
-    }
-
-    @Suppress("unused")
-    fun upgradeSubscription(offerToken: String, oldPurchaseToken: String): String {
-        Log.v(TAG, "Upgrade subscription")
-        return blockingCall {
-            billingRepository.upgradeSubscription(this@AmneziaActivity, offerToken, oldPurchaseToken)
-        }
-    }
-
-    @Suppress("unused")
-    fun acknowledgePurchase(purchaseToken: String): String {
-        Log.v(TAG, "Acknowledge purchase")
-        return blockingCall { billingRepository.acknowledge(purchaseToken) }
-    }
-
-    @Suppress("unused")
-    fun queryPurchases(): String {
-        Log.v(TAG, "Query purchases")
-        return blockingCall { billingRepository.queryPurchases() }
-    }
-
     /**
      * Utils methods
      */
     private fun <T> blockingCall(
-        context: CoroutineContext = Dispatchers.Default,
+        context: CoroutineContext = Dispatchers.Main.immediate,
         block: suspend () -> T
     ) = runBlocking {
         mainScope.async(context) { block() }.await()

client/android/src/org/amnezia/vpn/AmneziaApplication.kt

@@ -1,6 +1,5 @@
 package org.amnezia.vpn
 
-import android.system.Os
 import androidx.camera.camera2.Camera2Config
 import androidx.camera.core.CameraSelector
 import androidx.camera.core.CameraXConfig
@@ -13,9 +12,6 @@ private const val TAG = "AmneziaApplication"
 class AmneziaApplication : QtApplication(), CameraXConfig.Provider {
 
     override fun onCreate() {
-        if (BuildConfig.DEBUG) {
-            Os.setenv("QT_ANDROID_DEBUGGER_MAIN_THREAD_SLEEP_MS", "0", true)
-        }
         super.onCreate()
         Prefs.init(this)
         Log.init(this)

client/android/src/org/amnezia/vpn/BillingRepository.kt

@@ -1,12 +0,0 @@
-package org.amnezia.vpn
-
-import android.app.Activity
-
-interface BillingRepository {
-    suspend fun getCountryCode(): String
-    suspend fun getSubscriptionPlans(): String
-    suspend fun purchaseSubscription(activity: Activity, offerToken: String): String
-    suspend fun upgradeSubscription(activity: Activity, offerToken: String, oldPurchaseToken: String): String
-    suspend fun acknowledge(purchaseToken: String): String
-    suspend fun queryPurchases(): String
-}

client/android/utils/src/main/kotlin/ErrorCode.kt

@@ -1,14 +0,0 @@
-package org.amnezia.vpn.util
-
-// keep synchronized with client/core/defs.h error_code_ns::ErrorCode
-object ErrorCode {
-    const val NoError = 0
-
-    const val BillingCanceled = 1300
-    const val BillingError = 1301
-    const val BillingGooglePlayError = 1302
-    const val BillingUnavailable = 1303
-    const val SubscriptionAlreadyOwned = 1304
-    const val SubscriptionUnavailable = 1305
-    const val BillingNetworkError = 1306
-}

client/cmake/android.cmake

@@ -1,9 +1,5 @@
 message("Client android ${CMAKE_ANDROID_ARCH_ABI} build")
 
-# Option to build Play variant (with Google Play Billing) instead of OSS
-# When ON, adds target android_play_apk: cmake --build . --target android_play_apk
-option(ANDROID_BUILD_PLAY "Add android_play_apk target for Google Play Billing build" OFF)
-
 set(APP_ANDROID_MIN_SDK 28)
 set(ANDROID_PLATFORM "android-${APP_ANDROID_MIN_SDK}" CACHE STRING
     "The minimum API level supported by the application or library" FORCE)
@@ -61,22 +57,3 @@ endforeach()
 
 file(COPY ${CMAKE_CURRENT_SOURCE_DIR}/3rd-prebuilt/3rd-prebuilt/xray/android/libxray.aar
         DESTINATION ${CMAKE_CURRENT_SOURCE_DIR}/android/xray/libXray)
-
-# Custom target to build Play variant (with Google Play Billing)
-# Enable with: cmake -DANDROID_BUILD_PLAY=ON ...
-# Then run: cmake --build <build_dir> --target android_play_apk
-# Note: Do a normal build first so androiddeployqt creates the android-build folder
-if(ANDROID_BUILD_PLAY)
-    if(CMAKE_BUILD_TYPE STREQUAL "Debug")
-        set(_gradle_suffix "Debug")
-    else()
-        set(_gradle_suffix "Release")
-    endif()
-    set(_android_build_dir "${CMAKE_CURRENT_BINARY_DIR}/android-build-${PROJECT}")
-    add_custom_target(android_play_apk
-        COMMAND ./gradlew assemblePlay${_gradle_suffix} -DexplicitRun=1
-        WORKING_DIRECTORY "${_android_build_dir}"
-        COMMENT "Building Android Play variant (assemblePlay${_gradle_suffix})"
-        DEPENDS ${PROJECT}
-    )
-endif()

client/cmake/sources.cmake

@@ -181,6 +181,7 @@ if(WIN32 OR (APPLE AND NOT IOS AND NOT MACOS_NE) OR (LINUX AND NOT ANDROID))
 
     set(HEADERS ${HEADERS}
         ${CLIENT_ROOT_DIR}/core/ipcclient.h
+        ${CLIENT_ROOT_DIR}/core/privileged_process.h
         ${CLIENT_ROOT_DIR}/ui/systemtray_notificationhandler.h
         ${CLIENT_ROOT_DIR}/protocols/openvpnprotocol.h
         ${CLIENT_ROOT_DIR}/protocols/openvpnovercloakprotocol.h
@@ -193,6 +194,7 @@ if(WIN32 OR (APPLE AND NOT IOS AND NOT MACOS_NE) OR (LINUX AND NOT ANDROID))
 
     set(SOURCES ${SOURCES}
         ${CLIENT_ROOT_DIR}/core/ipcclient.cpp
+        ${CLIENT_ROOT_DIR}/core/privileged_process.cpp
         ${CLIENT_ROOT_DIR}/mozilla/localsocketcontroller.cpp
         ${CLIENT_ROOT_DIR}/ui/systemtray_notificationhandler.cpp
         ${CLIENT_ROOT_DIR}/protocols/openvpnprotocol.cpp

client/core/defs.h

@@ -123,7 +123,6 @@ namespace amnezia
         ApiUpdateRequestError = 1111,
         ApiSubscriptionExpiredError = 1112,
         ApiPurchaseError = 1113,
-        ApiNoPurchasesToRestore = 1114,
 
         // QFile errors
         OpenError = 1200,
@@ -131,16 +130,7 @@ namespace amnezia
         PermissionsError = 1202,
         UnspecifiedError = 1203,
         FatalError = 1204,
-        AbortError = 1205,
-
-        // Billing errors
-        BillingCanceled = 1300,
-        BillingError = 1301,
-        BillingGooglePlayError = 1302,
-        BillingUnavailable = 1303,
-        SubscriptionAlreadyOwned = 1304,
-        SubscriptionUnavailable = 1305,
-        BillingNetworkError = 1306,
+        AbortError = 1205
       };
       Q_ENUM_NS(ErrorCode)
     }

client/core/errorstrings.cpp

@@ -80,15 +80,6 @@ QString errorString(ErrorCode code) {
     case (ErrorCode::ApiUpdateRequestError): errorMessage = QObject::tr("Please update the application to use this feature"); break;
     case (ErrorCode::ApiSubscriptionExpiredError): errorMessage = QObject::tr("Your Amnezia Premium subscription has expired.\n Please check your email for renewal instructions.\n If you haven't received an email, please contact our support."); break;
     case (ErrorCode::ApiPurchaseError): errorMessage = QObject::tr("Unable to process purchase"); break;
-    case (ErrorCode::ApiNoPurchasesToRestore):
-#if defined(Q_OS_ANDROID)
-        errorMessage = QObject::tr("No purchases to restore. If you have an active subscription, make sure you're signed in with the same Google account used for the purchase.");
-#elif defined(Q_OS_IOS) || defined(MACOS_NE)
-        errorMessage = QObject::tr("No purchases to restore. If you have an active subscription, make sure you're signed in with the same Apple ID used for the purchase.");
-#else
-        errorMessage = QObject::tr("No purchases to restore. If you have an active subscription, make sure you're signed in with the same account used for the purchase.");
-#endif
-        break;
 
     // QFile errors
     case(ErrorCode::OpenError): errorMessage = QObject::tr("QFile error: The file could not be opened"); break;
@@ -98,15 +89,6 @@ QString errorString(ErrorCode code) {
     case(ErrorCode::FatalError): errorMessage =  QObject::tr("QFile error: A fatal error occurred"); break;
     case(ErrorCode::AbortError): errorMessage =  QObject::tr("QFile error: The operation was aborted"); break;
 
-    // Billing errors
-    case(ErrorCode::BillingCanceled): errorMessage = QObject::tr("Transaction was canceled by the user"); break;
-    case(ErrorCode::BillingError): errorMessage = QObject::tr("Billing error"); break;
-    case(ErrorCode::BillingGooglePlayError): errorMessage = QObject::tr("Internal Google Play error, please try again later"); break;
-    case(ErrorCode::BillingUnavailable): errorMessage = QObject::tr("Billing is unavailable, please try again later"); break;
-    case(ErrorCode::SubscriptionAlreadyOwned): errorMessage = QObject::tr("You already own this subscription"); break;
-    case(ErrorCode::SubscriptionUnavailable): errorMessage = QObject::tr("The requested subscription is not available for purchase"); break;
-    case(ErrorCode::BillingNetworkError): errorMessage = QObject::tr("A network error occurred during the operation, please check the Internet connection"); break;
-
     case(ErrorCode::InternalError):
     default:
         errorMessage = QObject::tr("Internal error"); break;

client/core/ipcclient.cpp

@@ -7,6 +7,7 @@ IpcClient::IpcClient(QObject *parent) : QObject(parent)
 {
     m_node.connectToNode(QUrl("local:" + amnezia::getIpcServiceUrl()));
     m_interface.reset(m_node.acquire<IpcInterfaceReplica>());
+    m_tun2socks.reset(m_node.acquire<IpcProcessTun2SocksReplica>());
 }
 
 IpcClient& IpcClient::Instance()
@@ -32,43 +33,68 @@ QSharedPointer<IpcInterfaceReplica> IpcClient::Interface()
     return rep;
 }
 
-QSharedPointer<IpcProcessInterfaceReplica> IpcClient::CreatePrivilegedProcess()
+QSharedPointer<IpcProcessTun2SocksReplica> IpcClient::InterfaceTun2Socks()
 {
-    return withInterface([](QSharedPointer<IpcInterfaceReplica> &iface) -> QSharedPointer<IpcProcessInterfaceReplica> {
-        auto createPrivilegedProcess = iface->createPrivilegedProcess();
-        if (!createPrivilegedProcess.waitForFinished()) {
-            qCritical() << "Failed to create privileged process";
-            return nullptr;
-        }
-
-        const int pid = createPrivilegedProcess.returnValue();
-
-        auto* node = new QRemoteObjectNode();
-        node->connectToNode(QUrl(QString("local:%1").arg(amnezia::getIpcProcessUrl(pid))));
-
-        QSharedPointer<IpcProcessInterfaceReplica> rep(
-            node->acquire<IpcProcessInterfaceReplica>(),
-            [node] (IpcProcessInterfaceReplica *ptr) {
-                delete ptr;
-                node->deleteLater();
-            }
-        );
-        if (rep.isNull()) {
-            qCritical() << "IpcClient::CreatePrivilegedProcess(): Failed to acquire replica";
-            return nullptr;
-        }
-        if (!rep->waitForSource()) {
-            qCritical() << "IpcClient::CreatePrivilegedProcess(): Failed to initialize replica";
-            return nullptr;
-        }
-        if (!rep->isReplicaValid()) {
-            qCritical() << "IpcClient::CreatePrivilegedProcess(): Replica is invalid";
-            return nullptr;
-        }
-
-        return rep;
-    },
-    []() -> QSharedPointer<IpcProcessInterfaceReplica> {
+    QSharedPointer<IpcProcessTun2SocksReplica> rep = Instance().m_tun2socks;
+    if (rep.isNull()) {
+        qCritical() << "IpcClient::InterfaceTun2Socks: Replica is undefined";
         return nullptr;
-    });
+    }
+    if (!rep->waitForSource(1000)) {
+        qCritical() << "IpcClient::InterfaceTun2Socks: Failed to initialize replica";
+        return nullptr;
+    }
+    if (!rep->isReplicaValid()) {
+        qWarning() << "IpcClient::InterfaceTun2Socks(): Replica is invalid";
+    }
+    return rep;
+}
+
+QSharedPointer<PrivilegedProcess> IpcClient::CreatePrivilegedProcess()
+{
+    QSharedPointer<IpcInterfaceReplica> rep = Interface();
+    if (!rep) {
+        qCritical() << "IpcClient::createPrivilegedProcess: Replica is invalid";
+        return nullptr;
+    }
+
+    QRemoteObjectPendingReply<int> pidReply = rep->createPrivilegedProcess();
+    if (!pidReply.waitForFinished(5000)){
+        qCritical() << "IpcClient::createPrivilegedProcess: Failed to execute RO createPrivilegedProcess call";
+        return nullptr;
+    }
+
+    int pid = pidReply.returnValue();
+    QSharedPointer<ProcessDescriptor> pd(new ProcessDescriptor());
+
+    pd->localSocket.reset(new QLocalSocket(pd->replicaNode.data()));
+
+    connect(pd->localSocket.data(), &QLocalSocket::connected, pd->replicaNode.data(), [pd]() {
+        pd->replicaNode->addClientSideConnection(pd->localSocket.data());
+
+        IpcProcessInterfaceReplica *repl = pd->replicaNode->acquire<IpcProcessInterfaceReplica>();
+        // TODO: rework the unsafe cast below
+        PrivilegedProcess *priv = static_cast<PrivilegedProcess *>(repl);
+        pd->ipcProcess.reset(priv);
+        if (!pd->ipcProcess) {
+            qWarning() << "Acquire PrivilegedProcess failed";
+        } else {
+            pd->ipcProcess->waitForSource(1000);
+            if (!pd->ipcProcess->isReplicaValid()) {
+                qWarning() << "PrivilegedProcess replica is not connected!";
+            }
+
+            QObject::connect(pd->ipcProcess.data(), &PrivilegedProcess::destroyed, pd->ipcProcess.data(),
+                             [pd]() { pd->replicaNode->deleteLater(); });
+        }
+    });
+
+    pd->localSocket->connectToServer(amnezia::getIpcProcessUrl(pid));
+    if (!pd->localSocket->waitForConnected()) {
+        qCritical() << "IpcClient::createPrivilegedProcess: Failed to connect to process' socket";
+        return nullptr;
+    }
+
+    auto processReplica = QSharedPointer<PrivilegedProcess>(pd->ipcProcess);
+    return processReplica;
 }

client/core/ipcclient.h

@@ -5,7 +5,9 @@
 #include <QObject>
 
 #include "rep_ipc_interface_replica.h"
-#include "rep_ipc_process_interface_replica.h"
+#include "rep_ipc_process_tun2socks_replica.h"
+
+#include "privileged_process.h"
 
 class IpcClient : public QObject
 {
@@ -16,7 +18,8 @@ public:
     static IpcClient& Instance();
 
     static QSharedPointer<IpcInterfaceReplica> Interface();
-    static QSharedPointer<IpcProcessInterfaceReplica> CreatePrivilegedProcess();
+    static QSharedPointer<IpcProcessTun2SocksReplica> InterfaceTun2Socks();
+    static QSharedPointer<PrivilegedProcess> CreatePrivilegedProcess();
 
     template <typename Func>
     static auto withInterface(Func func)
@@ -51,6 +54,18 @@ signals:
 private:
     QRemoteObjectNode m_node;
     QSharedPointer<IpcInterfaceReplica> m_interface;
+    QSharedPointer<IpcProcessTun2SocksReplica> m_tun2socks;
+
+    struct ProcessDescriptor {
+        ProcessDescriptor () {
+            replicaNode = QSharedPointer<QRemoteObjectNode>(new QRemoteObjectNode());
+            ipcProcess = QSharedPointer<PrivilegedProcess>();
+            localSocket = QSharedPointer<QLocalSocket>();
+        }
+        QSharedPointer<PrivilegedProcess> ipcProcess;
+        QSharedPointer<QRemoteObjectNode> replicaNode;
+        QSharedPointer<QLocalSocket> localSocket;
+    };
 };
 
 #endif // IPCCLIENT_H

client/core/privileged_process.cpp

@@ -0,0 +1,27 @@
+#include "privileged_process.h"
+
+PrivilegedProcess::PrivilegedProcess() :
+    IpcProcessInterfaceReplica()
+{
+}
+
+PrivilegedProcess::~PrivilegedProcess()
+{
+    qDebug() << "PrivilegedProcess::~PrivilegedProcess()";
+}
+
+void PrivilegedProcess::waitForFinished(int msecs)
+{
+    QSharedPointer<QEventLoop> loop(new QEventLoop);
+    connect(this, &PrivilegedProcess::finished, this, [this, loop](int exitCode, QProcess::ExitStatus exitStatus) mutable{
+        loop->quit();
+        loop.clear();
+    });
+
+    QTimer::singleShot(msecs, this, [this, loop]() mutable {
+        loop->quit();
+        loop.clear();
+    });
+
+    loop->exec();
+}

client/core/privileged_process.h

@@ -0,0 +1,24 @@
+#ifndef PRIVILEGED_PROCESS_H
+#define PRIVILEGED_PROCESS_H
+
+#include <QObject>
+
+#include "rep_ipc_process_interface_replica.h"
+// This class is dangerous - instance of this class casted from base class,
+// so it support only functions
+// Do not add any members into it
+//
+class PrivilegedProcess : public IpcProcessInterfaceReplica
+{
+    Q_OBJECT
+public:
+    PrivilegedProcess();
+    ~PrivilegedProcess() override;
+
+    void waitForFinished(int msecs);
+
+};
+
+#endif // PRIVILEGED_PROCESS_H
+
+

client/core/serialization/vmess.cpp

@@ -170,7 +170,7 @@ QJsonObject Deserialize(const QString &vmessStr, QString *alias, QString *errMes
     //   - It can be empty, if so,           if the key is not in the JSON, or the value is empty,  report an error.
     //   - Else if it contains one thing.    if the key is not in the JSON, or the value is empty,  use that one.
     //   - Else if it contains many things,  when the key IS in the JSON but not within the THINGS, use the first in the THINGS
-    //   - Else -------------------------------------------- use the JSON value
+    //   - Else -------------------------------------------->>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>  use the JSON value
     //
 #define __vmess_checker__func(key, values)                                                                                                               \
     {                                                                                                                                                    \

client/mozilla/networkwatcher.cpp

@@ -72,9 +72,9 @@ void NetworkWatcher::initialize() {
   connect(m_impl, &NetworkWatcherImpl::unsecuredNetwork, this,
           &NetworkWatcher::unsecuredNetwork);
   connect(m_impl, &NetworkWatcherImpl::networkChanged, this,
-          &NetworkWatcher::networkChanged);
-  connect(m_impl, &NetworkWatcherImpl::wakeup, this,
-          &NetworkWatcher::wakeup);
+          &NetworkWatcher::networkChange);
+  connect(m_impl, &NetworkWatcherImpl::sleepMode, this,
+          &NetworkWatcher::onSleepMode);
   m_impl->initialize();
 
   // Enable sleep/wake monitoring for VPN auto-reconnection
@@ -97,6 +97,12 @@ void NetworkWatcher::settingsChanged() {
   logger.debug() << "NetworkWatcher settings changed - keeping sleep monitoring active";
 }
 
+void NetworkWatcher::onSleepMode()
+{
+  logger.debug() << "Resumed from sleep mode";
+  emit sleepMode();
+}
+
 void NetworkWatcher::unsecuredNetwork(const QString& networkName,
                                       const QString& networkId) {
   logger.debug() << "Unsecured network:" << logger.sensitive(networkName)

client/mozilla/networkwatcher.h

@@ -29,11 +29,13 @@ public:
     // false to restore.
     void simulateDisconnection(bool simulatedDisconnection);
 
+    void onSleepMode();
+
     QNetworkInformation::Reachability getReachability();
 
 signals:
-    void networkChanged();
-    void wakeup();
+    void networkChange();
+    void sleepMode();
 
 private:
     void settingsChanged();

client/mozilla/networkwatcherimpl.h

@@ -41,7 +41,7 @@ signals:
     // TODO: Only windows-networkwatcher has this, the other plattforms should
     // too.
     void networkChanged(QString newBSSID);
-    void wakeup();
+    void sleepMode();
 
 
 private:

client/platforms/android/android_controller.cpp

@@ -326,57 +326,6 @@ void AndroidController::sendTouch(float x, float y)
     callActivityMethod("sendTouch", "(FF)V", x, y);
 }
 
-
-bool AndroidController::isPlay()
-{
-    return callActivityMethod<jboolean>("isPlay", "()Z");
-}
-
-bool AndroidController::isTestPurchaseEnvironment()
-{
-    return callActivityMethod<jboolean>("isTestPurchaseEnvironment", "()Z");
-}
-
-QJsonObject AndroidController::getSubscriptionPlans()
-{
-    QJniObject subscriptionPlans = callActivityMethod<jstring>("getSubscriptionPlans", "()Ljava/lang/String;");
-    QJsonObject json = QJsonDocument::fromJson(subscriptionPlans.toString().toUtf8()).object();
-    return json;
-}
-
-QJsonObject AndroidController::purchaseSubscription(const QString &offerToken)
-{
-    QJniObject result = callActivityMethod<jstring, jstring>("purchaseSubscription", "(Ljava/lang/String;)Ljava/lang/String;",
-                                                    QJniObject::fromString(offerToken).object<jstring>());
-    QJsonObject json = QJsonDocument::fromJson(result.toString().toUtf8()).object();
-    return json;
-}
-
-QJsonObject AndroidController::upgradeSubscription(const QString &offerToken, const QString &oldPurchaseToken)
-{
-    QJniObject result = callActivityMethod<jstring, jstring, jstring>("upgradeSubscription",
-                                                                      "(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;",
-                                                                      QJniObject::fromString(offerToken).object<jstring>(),
-                                                                      QJniObject::fromString(oldPurchaseToken).object<jstring>());
-    QJsonObject json = QJsonDocument::fromJson(result.toString().toUtf8()).object();
-    return json;
-}
-
-QJsonObject AndroidController::acknowledgePurchase(const QString &purchaseToken)
-{
-    QJniObject result = callActivityMethod<jstring, jstring>("acknowledgePurchase", "(Ljava/lang/String;)Ljava/lang/String;",
-                                                             QJniObject::fromString(purchaseToken).object<jstring>());
-    QJsonObject json = QJsonDocument::fromJson(result.toString().toUtf8()).object();
-    return json;
-}
-
-QJsonObject AndroidController::queryPurchases()
-{
-    QJniObject result = callActivityMethod<jstring>("queryPurchases", "()Ljava/lang/String;");
-    QJsonObject json = QJsonDocument::fromJson(result.toString().toUtf8()).object();
-    return json;
-}
-
 // Moving log processing to the Android side
 jclass AndroidController::log;
 jmethodID AndroidController::logDebug;

client/platforms/android/android_controller.h

@@ -55,13 +55,6 @@ public:
     void requestNotificationPermission();
     bool requestAuthentication();
     void sendTouch(float x, float y);
-    bool isPlay();
-    bool isTestPurchaseEnvironment();
-    QJsonObject getSubscriptionPlans();
-    QJsonObject purchaseSubscription(const QString &offerToken);
-    QJsonObject upgradeSubscription(const QString &offerToken, const QString &oldPurchaseToken);
-    QJsonObject acknowledgePurchase(const QString &purchaseToken);
-    QJsonObject queryPurchases();
 
     static bool initLogging();
     static void messageHandler(QtMsgType type, const QMessageLogContext &context, const QString &message);

client/platforms/linux/linuxnetworkwatcher.cpp

@@ -41,8 +41,8 @@ void LinuxNetworkWatcher::initialize() {
   connect(m_worker, &LinuxNetworkWatcherWorker::unsecuredNetwork, this,
           &LinuxNetworkWatcher::unsecuredNetwork);
 
-  connect(m_worker, &LinuxNetworkWatcherWorker::wakeup, this,
-          &NetworkWatcherImpl::wakeup);
+  connect(m_worker, &LinuxNetworkWatcherWorker::sleepMode, this,
+          &NetworkWatcherImpl::sleepMode);
 
   // Let's wait a few seconds to allow the UI to be fully loaded and shown.
   // This is not strictly needed, but it's better for user experience because

client/platforms/linux/linuxnetworkwatcherworker.cpp

@@ -200,7 +200,7 @@ void LinuxNetworkWatcherWorker::checkDevices() {
 void LinuxNetworkWatcherWorker::NMStateChanged(quint32 state)
 {
   if (state == NM_STATE_ASLEEP) {
-    emit wakeup();
+    emit sleepMode();
   }
 
   logger.debug() << "NMStateChanged " << state;

client/platforms/linux/linuxnetworkwatcherworker.h

@@ -23,7 +23,7 @@ class LinuxNetworkWatcherWorker final : public QObject {
 
  signals:
   void unsecuredNetwork(const QString& networkName, const QString& networkId);
-  void wakeup();
+  void sleepMode();
 
  public slots:
   void initialize();

client/platforms/macos/macosnetworkwatcher.mm

@@ -173,10 +173,10 @@ void PowerNotificationsListener::sleepWakeupCallBack(void *refParam, io_service_
 
     case kIOMessageSystemHasPoweredOn:
         /* Announces that the system and its devices have woken up. */
-        logger.debug() << "System has powered on - emitting wakeup signal from dedicated CFRunLoop thread";
+        logger.debug() << "System has powered on - emitting sleepMode signal from dedicated CFRunLoop thread";
         if (listener->m_watcher) {
             // Use QMetaObject::invokeMethod for thread-safe signal emission
-            QMetaObject::invokeMethod(listener->m_watcher, "wakeup", Qt::QueuedConnection);
+            QMetaObject::invokeMethod(listener->m_watcher, "sleepMode", Qt::QueuedConnection);
         }
         break;
 

client/platforms/windows/daemon/windowsdaemon.cpp

@@ -62,9 +62,6 @@ void WindowsDaemon::prepareActivation(const InterfaceConfig& config, int inetAda
 }
 
 void WindowsDaemon::activateSplitTunnel(const InterfaceConfig& config, int vpnAdapterIndex) {
-    if (m_splitTunnelManager == nullptr)
-        return;
-
   if (config.m_vpnDisabledApps.length() > 0) {
       m_splitTunnelManager->start(m_inetAdapterIndex, vpnAdapterIndex);
       m_splitTunnelManager->excludeApps(config.m_vpnDisabledApps);

client/platforms/windows/windowsnetworkwatcher.cpp

@@ -41,7 +41,7 @@ LRESULT WindowsNetworkWatcher::PowerWndProcCallback(HWND hwnd, UINT uMsg, WPARAM
   switch (uMsg) {
   case WM_POWERBROADCAST:
     if (wParam == PBT_APMRESUMESUSPEND) {
-        emit obj->wakeup();
+        emit obj->sleepMode();
     }
     break;
   default:

client/protocols/openvpnprotocol.cpp

@@ -232,6 +232,12 @@ ErrorCode OpenVpnProtocol::start()
         return ErrorCode::AmneziaServiceConnectionFailed;
     }
 
+    m_openVpnProcess->waitForSource(5000);
+    if (!m_openVpnProcess->isInitialized()) {
+        qWarning() << "IpcProcess replica is not connected!";
+        setLastError(ErrorCode::AmneziaServiceConnectionFailed);
+        return ErrorCode::AmneziaServiceConnectionFailed;
+    }
     m_openVpnProcess->setProgram(PermittedProcess::OpenVPN);
     QStringList arguments({
             "--config", configPath(), "--management", m_managementHost, QString::number(mgmtPort),
@@ -240,13 +246,13 @@ ErrorCode OpenVpnProtocol::start()
     m_openVpnProcess->setArguments(arguments);
 
     qDebug() << arguments.join(" ");
-    connect(m_openVpnProcess.data(), &IpcProcessInterfaceReplica::errorOccurred,
+    connect(m_openVpnProcess.data(), &PrivilegedProcess::errorOccurred,
             [&](QProcess::ProcessError error) { qDebug() << "PrivilegedProcess errorOccurred" << error; });
 
-    connect(m_openVpnProcess.data(), &IpcProcessInterfaceReplica::stateChanged,
+    connect(m_openVpnProcess.data(), &PrivilegedProcess::stateChanged,
             [&](QProcess::ProcessState newState) { qDebug() << "PrivilegedProcess stateChanged" << newState; });
 
-    connect(m_openVpnProcess.data(), &IpcProcessInterfaceReplica::finished, this,
+    connect(m_openVpnProcess.data(), &PrivilegedProcess::finished, this,
             [&]() { setConnectionState(Vpn::ConnectionState::Disconnected); });
 
     m_openVpnProcess->start();

client/protocols/openvpnprotocol.h

@@ -53,7 +53,7 @@ private:
     void updateRouteGateway(QString line);
     void updateVpnGateway(const QString &line);
 
-    QSharedPointer<IpcProcessInterfaceReplica> m_openVpnProcess;
+    QSharedPointer<PrivilegedProcess> m_openVpnProcess;
 };
 
 #endif // OPENVPNPROTOCOL_H

client/protocols/protocols_defs.h

@@ -233,7 +233,7 @@ namespace amnezia
             constexpr char defaultResponsePacketMagicHeader[] = "3288052141";
             constexpr char defaultTransportPacketMagicHeader[] = "2528465083";
             constexpr char defaultUnderloadPacketMagicHeader[] = "1766607858";
-            constexpr char defaultSpecialJunk1[] = "<r 2><b 0x858000010001000000000669636c6f756403636f6d0000010001c00c000100010000105a00044d583737>";
+            constexpr char defaultSpecialJunk1[] = "<b 0x084481800001000300000000077469636b65747306776964676574096b696e6f706f69736b0272750000010001c00c0005000100000039001806776964676574077469636b6574730679616e646578c025c0390005000100000039002b1765787465726e616c2d7469636b6574732d776964676574066166697368610679616e646578036e657400c05d000100010000001c000457fafe25>";
             constexpr char defaultSpecialJunk2[] = "";
             constexpr char defaultSpecialJunk3[] = "";
             constexpr char defaultSpecialJunk4[] = "";

client/protocols/wireguardprotocol.cpp

@@ -15,7 +15,7 @@ WireguardProtocol::WireguardProtocol(const QJsonObject &configuration, QObject *
     m_impl.reset(new LocalSocketController());
     connect(m_impl.get(), &ControllerImpl::connected, this,
             [this](const QString &pubkey, const QDateTime &connectionTimestamp) {
-                setConnectionState(Vpn::ConnectionState::Connected);
+                emit connectionStateChanged(Vpn::ConnectionState::Connected);
             });
     connect(m_impl.get(), &ControllerImpl::statusUpdated, this,
             [this](const QString& serverIpv4Gateway,
@@ -38,7 +38,7 @@ WireguardProtocol::WireguardProtocol(const QJsonObject &configuration, QObject *
             });
 
     connect(m_impl.get(), &ControllerImpl::disconnected, this,
-            [this]() { setConnectionState(Vpn::ConnectionState::Disconnected); });
+            [this]() { emit connectionStateChanged(Vpn::ConnectionState::Disconnected); });
     m_impl->initialize(nullptr, nullptr);
 }
 

client/protocols/xrayprotocol.cpp

@@ -1,7 +1,6 @@
 #include "xrayprotocol.h"
 
 #include "core/ipcclient.h"
-#include "ipc.h"
 #include "utilities.h"
 #include "core/networkUtilities.h"
 
@@ -10,37 +9,14 @@
 #include <QJsonObject>
 #include <QNetworkInterface>
 #include <QJsonDocument>
-#include <QtCore/qlogging.h>
-#include <QtCore/qobjectdefs.h>
-#include <QtCore/qprocess.h>
-
-#ifdef Q_OS_MACOS
-static const QString tunName = "utun22";
-#else
-static const QString tunName = "tun2";
-#endif
 
 XrayProtocol::XrayProtocol(const QJsonObject &configuration, QObject *parent) : VpnProtocol(configuration, parent)
 {
+    readXrayConfiguration(configuration);
+    m_routeGateway = NetworkUtilities::getGatewayAndIface().first;
     m_vpnGateway = amnezia::protocols::xray::defaultLocalAddr;
     m_vpnLocalAddress = amnezia::protocols::xray::defaultLocalAddr;
-    m_routeGateway = NetworkUtilities::getGatewayAndIface().first;
-
-    m_routeMode = static_cast<Settings::RouteMode>(configuration.value(amnezia::config_key::splitTunnelType).toInt());
-    m_remoteAddress = NetworkUtilities::getIPAddress(m_rawConfig.value(amnezia::config_key::hostName).toString());
-
-    const QString primaryDns = configuration.value(amnezia::config_key::dns1).toString();
-    m_dnsServers.push_back(QHostAddress(primaryDns));
-    if (primaryDns != amnezia::protocols::dns::amneziaDnsIp) {
-        const QString secondaryDns = configuration.value(amnezia::config_key::dns2).toString();
-        m_dnsServers.push_back(QHostAddress(secondaryDns));
-    }
-
-    QJsonObject xrayConfiguration = configuration.value(ProtocolProps::key_proto_config_data(Proto::Xray)).toObject();
-    if (xrayConfiguration.isEmpty()) {
-        xrayConfiguration = configuration.value(ProtocolProps::key_proto_config_data(Proto::SSXray)).toObject();
-    }
-    m_xrayConfig = xrayConfiguration;
+    m_t2sProcess = IpcClient::InterfaceTun2Socks();
 }
 
 XrayProtocol::~XrayProtocol()
@@ -53,190 +29,70 @@ ErrorCode XrayProtocol::start()
 {
     qDebug() << "XrayProtocol::start()";
 
-    return IpcClient::withInterface([&](QSharedPointer<IpcInterfaceReplica> iface) {
-        auto xrayStart = iface->xrayStart(QJsonDocument(m_xrayConfig).toJson());
-        if (!xrayStart.waitForFinished() || !xrayStart.returnValue()) {
-            qCritical() << "Failed to start xray";
-            return ErrorCode::XrayExecutableCrashed;
-        }
-        return startTun2Socks();
+    const ErrorCode err = IpcClient::withInterface([&](QSharedPointer<IpcInterfaceReplica> iface) {
+        iface->xrayStart(QJsonDocument(m_xrayConfig).toJson());
+        return ErrorCode::NoError;
     }, [] () {
         return ErrorCode::AmneziaServiceConnectionFailed;
     });
-}
+    if (err != ErrorCode::NoError)
+        return err;
 
-void XrayProtocol::stop()
-{
-    qDebug() << "XrayProtocol::stop()";
-
-    IpcClient::withInterface([](QSharedPointer<IpcInterfaceReplica> iface) {
-        auto disableKillSwitch = iface->disableKillSwitch();
-        if (!disableKillSwitch.waitForFinished() || !disableKillSwitch.returnValue())
-            qWarning() << "Failed to disable killswitch";
-
-        auto StartRoutingIpv6 = iface->StartRoutingIpv6();
-        if (!StartRoutingIpv6.waitForFinished() || !StartRoutingIpv6.returnValue())
-            qWarning() << "Failed to start routing ipv6";
-
-        auto restoreResolvers = iface->restoreResolvers();
-        if (!restoreResolvers.waitForFinished() || !restoreResolvers.returnValue())
-            qWarning() << "Failed to restore resolvers";
-
-        auto deleteTun = iface->deleteTun(tunName);
-        if (!deleteTun.waitForFinished() || !deleteTun.returnValue())
-            qWarning() << "Failed to delete tun";
-
-        auto xrayStop = iface->xrayStop();
-        if (!xrayStop.waitForFinished() || !xrayStop.returnValue())
-            qWarning() << "Failed to stop xray";
-    });
-
-    if (m_tun2socksProcess) {
-        m_tun2socksProcess->blockSignals(true);
-
-#ifndef Q_OS_WIN
-        m_tun2socksProcess->terminate();
-        auto waitForFinished = m_tun2socksProcess->waitForFinished(1000);
-        if (!waitForFinished.waitForFinished() || !waitForFinished.returnValue()) {
-            qWarning() << "Failed to terminate tun2socks. Killing the process...";
-            m_tun2socksProcess->kill();
-        }
-#else
-        // terminate does not do anything useful on Windows
-        // so just kill the process
-        m_tun2socksProcess->kill();
-#endif
-
-        m_tun2socksProcess->close();
-        m_tun2socksProcess.reset();
-    }
-
-    setConnectionState(Vpn::ConnectionState::Disconnected);
-}
-
-ErrorCode XrayProtocol::startTun2Socks()
-{
-    m_tun2socksProcess = IpcClient::CreatePrivilegedProcess();
-    if (!m_tun2socksProcess->waitForSource()) {
-        return ErrorCode::AmneziaServiceConnectionFailed;
-    }
-
-    m_tun2socksProcess->setProgram(PermittedProcess::Tun2Socks);
-    m_tun2socksProcess->setArguments({"-device", QString("tun://%1").arg(tunName), "-proxy", "socks5://127.0.0.1:10808" });
-
-    connect(m_tun2socksProcess.data(), &IpcProcessInterfaceReplica::readyReadStandardOutput, this, [this]() {
-        auto readAllStandardOutput = m_tun2socksProcess->readAllStandardOutput();
-        if (!readAllStandardOutput.waitForFinished()) {
-            qWarning() << "Failed to read output from tun2socks";
-            return;
-        }
-
-        const QString line = readAllStandardOutput.returnValue();
-
-        if (!line.contains("[TCP]") && !line.contains("[UDP]"))
-            qDebug() << "[tun2socks]:" << line;
-        
-        if (line.contains("[STACK] tun://") && line.contains("<-> socks5://127.0.0.1")) {
-            disconnect(m_tun2socksProcess.data(), &IpcProcessInterfaceReplica::readyReadStandardOutput, this, nullptr);
-
-            if (ErrorCode res = setupRouting(); res != ErrorCode::NoError) {
-                stop();
-                setLastError(res);
-            } else {
-                setConnectionState(Vpn::ConnectionState::Connected);
-            }
-        }
-    }, Qt::QueuedConnection);
-
-    connect(m_tun2socksProcess.data(), &IpcProcessInterfaceReplica::finished, this, [this](int exitCode, QProcess::ExitStatus exitStatus) {
-        if (exitStatus == QProcess::ExitStatus::CrashExit) {
-            qCritical() << "Tun2socks process crashed!";
-        } else {
-            qCritical() << QString("Tun2socks process was closed with %1 exit code").arg(exitCode);
-        }
-        stop();
-        setLastError(ErrorCode::Tun2SockExecutableCrashed);
-    }, Qt::QueuedConnection);
-
-    m_tun2socksProcess->start();
-    return ErrorCode::NoError;
+    setConnectionState(Vpn::ConnectionState::Connecting);
+    return startTun2Sock();
 }
 
 ErrorCode XrayProtocol::setupRouting() {
     return IpcClient::withInterface([this](QSharedPointer<IpcInterfaceReplica> iface) -> ErrorCode {
-#ifdef Q_OS_WIN
-        const int inetAdapterIndex = NetworkUtilities::AdapterIndexTo(QHostAddress(m_remoteAddress));
-#endif
+        QList<QHostAddress> dnsAddr;
+
+        dnsAddr.push_back(QHostAddress(m_primaryDNS));
+        // We don't use secondary DNS if primary DNS is AmneziaDNS
+        if (!m_primaryDNS.contains(amnezia::protocols::dns::amneziaDnsIp)) {
+            dnsAddr.push_back(QHostAddress(m_secondaryDNS));
+        }
+
+#ifdef AMNEZIA_DESKTOP
+    #ifdef Q_OS_MACOS
+        const QString tunName = "utun22";
+    #else
+        const QString tunName = "tun2";
+    #endif
         auto createTun = iface->createTun(tunName, amnezia::protocols::xray::defaultLocalAddr);
-        if (!createTun.waitForFinished() || !createTun.returnValue()) {
-            qCritical() << "Failed to assign IP address for TUN";
+        if (!createTun.waitForFinished(1000) || !createTun.returnValue()) {
+            qWarning() << "Failed to assign IP address for TUN";
             return ErrorCode::InternalError;
         }
 
-        auto updateResolvers = iface->updateResolvers(tunName, m_dnsServers);
-        if (!updateResolvers.waitForFinished() || !updateResolvers.returnValue()) {
-            qCritical() << "Failed to set DNS resolvers for TUN";
+        auto updateResolvers = iface->updateResolvers(tunName, dnsAddr);
+        if (!updateResolvers.waitForFinished(1000) || !updateResolvers.returnValue()) {
+            qWarning() << "Failed to set DNS resolvers for TUN";
             return ErrorCode::InternalError;
         }
-
-#ifdef Q_OS_WIN
-        int vpnAdapterIndex = -1;
-        QList<QNetworkInterface> netInterfaces = QNetworkInterface::allInterfaces();
-        for (auto& netInterface : netInterfaces) {
-            for (auto& address : netInterface.addressEntries()) {
-                if (m_vpnLocalAddress == address.ip().toString())
-                    vpnAdapterIndex = netInterface.index();
-            }
-        }
-#else
-        static const int vpnAdapterIndex = 0;
 #endif
-        const bool killSwitchEnabled = QVariant(m_rawConfig.value(config_key::killSwitchOption).toString()).toBool();
-        if (killSwitchEnabled) {
-            if (vpnAdapterIndex != -1) {
-                QJsonObject config = m_rawConfig;
-                config.insert("vpnServer", m_remoteAddress);
-
-                auto enableKillSwitch = IpcClient::Interface()->enableKillSwitch(config, vpnAdapterIndex);
-                if (!enableKillSwitch.waitForFinished() || !enableKillSwitch.returnValue()) {
-                    qCritical() << "Failed to enable killswitch";
-                    return ErrorCode::InternalError;
-                }
-            } else
-                qWarning() << "Failed to get vpnAdapterIndex. Killswitch disabled";
-        }
 
         if (m_routeMode == Settings::RouteMode::VpnAllSites) {
             static const QStringList subnets = { "1.0.0.0/8", "2.0.0.0/7", "4.0.0.0/6", "8.0.0.0/5", "16.0.0.0/4", "32.0.0.0/3", "64.0.0.0/2", "128.0.0.0/1" };
 
             auto routeAddList =  iface->routeAddList(m_vpnGateway, subnets);
-            if (!routeAddList.waitForFinished() || routeAddList.returnValue() != subnets.count()) {
-                qCritical() << "Failed to set routes for TUN";
+            if (!routeAddList.waitForFinished(1000) || routeAddList.returnValue() != subnets.count()) {
+                qWarning() << "Failed to set routes for TUN";
                 return ErrorCode::InternalError;
             }
         }
 
         auto StopRoutingIpv6 = iface->StopRoutingIpv6();
-        if (!StopRoutingIpv6.waitForFinished() || !StopRoutingIpv6.returnValue()) {
-            qCritical() << "Failed to disable IPv6 routing";
+        if (!StopRoutingIpv6.waitForFinished(1000) || !StopRoutingIpv6.returnValue()) {
+            qWarning() << "Failed to disable IPv6 routing";
             return ErrorCode::InternalError;
         }
 
 #ifdef Q_OS_WIN
-        if (inetAdapterIndex != -1 && vpnAdapterIndex != -1) {
-            QJsonObject config = m_rawConfig;
-            config.insert("inetAdapterIndex", inetAdapterIndex);
-            config.insert("vpnAdapterIndex", vpnAdapterIndex);
-            config.insert("vpnGateway", m_vpnGateway);
-            config.insert("vpnServer", m_remoteAddress);
-
-            auto enablePeerTraffic = iface->enablePeerTraffic(config);
-            if (!enablePeerTraffic.waitForFinished() || !enablePeerTraffic.returnValue()) {
-                qCritical() << "Failed to enable peer traffic";
-                return ErrorCode::InternalError;
-            }
-        } else
-            qWarning() << "Failed to get adapter indexes. Split-tunneling disabled";
+        auto enablePeerTraffic = iface->enablePeerTraffic(m_xrayConfig);
+        if (!enablePeerTraffic.waitForFinished(5000) || !enablePeerTraffic.returnValue()) {
+            qWarning() << "Failed to enable peer traffic";
+            return ErrorCode::InternalError;
+        }
 #endif
         return ErrorCode::NoError;
     },
@@ -244,3 +100,79 @@ ErrorCode XrayProtocol::setupRouting() {
         return ErrorCode::AmneziaServiceConnectionFailed;
     });
 }
+
+ErrorCode XrayProtocol::startTun2Sock()
+{
+    m_t2sProcess->start();
+
+    connect(m_t2sProcess.data(), &IpcProcessTun2SocksReplica::stateChanged, this,
+            [&](QProcess::ProcessState newState) { qDebug() << "PrivilegedProcess stateChanged" << newState; });
+
+    connect(m_t2sProcess.data(), &IpcProcessTun2SocksReplica::setConnectionState, this, [&](int vpnState) {
+        QMetaObject::invokeMethod(this, [this, vpnState]() {
+            qDebug() << "PrivilegedProcess setConnectionState " << vpnState;
+
+            if (vpnState == Vpn::ConnectionState::Connected) {
+                setConnectionState(Vpn::ConnectionState::Connecting);
+
+                if (ErrorCode res = setupRouting(); res != ErrorCode::NoError) {
+                    stop();
+                    setLastError(res);
+                } else
+                    setConnectionState(Vpn::ConnectionState::Connected);
+            }
+
+            if (vpnState == Vpn::ConnectionState::Disconnected)
+                stop();
+
+        }, Qt::QueuedConnection);
+    });
+
+    return ErrorCode::NoError;
+}
+
+void XrayProtocol::stop()
+{
+    qDebug() << "XrayProtocol::stop()";
+
+    IpcClient::withInterface([](QSharedPointer<IpcInterfaceReplica> iface) {
+#ifdef AMNEZIA_DESKTOP
+        auto StartRoutingIpv6 = iface->StartRoutingIpv6();
+        if (!StartRoutingIpv6.waitForFinished(1000) || !StartRoutingIpv6.returnValue()) {
+            qWarning() << "XrayProtocol::stop(): Failed to start routing ipv6";
+        }
+
+        auto restoreResolvers = iface->restoreResolvers();
+        if (!restoreResolvers.waitForFinished(1000) || !restoreResolvers.returnValue()) {
+            qWarning() << "XrayProtocol::stop(): Failed to restore resolvers";
+        }
+
+    #if !defined(Q_OS_MACOS)
+        auto deleteTun = iface->deleteTun("tun2");
+        if (!deleteTun.waitForFinished(1000) || !deleteTun.returnValue()) {
+            qWarning() << "XrayProtocol::stop(): Failed to delete tun";
+        }
+    #endif
+#endif
+        iface->xrayStop();
+    });
+
+    if (m_t2sProcess) {
+        m_t2sProcess->stop();
+        QThread::msleep(200);
+    }
+
+    setConnectionState(Vpn::ConnectionState::Disconnected);
+}
+
+void XrayProtocol::readXrayConfiguration(const QJsonObject &configuration)
+{
+    QJsonObject xrayConfiguration = configuration.value(ProtocolProps::key_proto_config_data(Proto::Xray)).toObject();
+    if (xrayConfiguration.isEmpty()) {
+        xrayConfiguration = configuration.value(ProtocolProps::key_proto_config_data(Proto::SSXray)).toObject();
+    }
+    m_xrayConfig = xrayConfiguration;
+    m_routeMode = static_cast<Settings::RouteMode>(configuration.value(amnezia::config_key::splitTunnelType).toInt());
+    m_primaryDNS = configuration.value(amnezia::config_key::dns1).toString();
+    m_secondaryDNS = configuration.value(amnezia::config_key::dns2).toString();
+}

client/protocols/xrayprotocol.h

@@ -6,7 +6,6 @@
 #include "core/ipcclient.h"
 #include "vpnprotocol.h"
 #include "settings.h"
-#include <QtCore/qsharedpointer.h>
 
 class XrayProtocol : public VpnProtocol
 {
@@ -19,14 +18,16 @@ public:
 
 private:
     ErrorCode setupRouting();
-    ErrorCode startTun2Socks();
-
+    ErrorCode startTun2Sock();
+    void readXrayConfiguration(const QJsonObject &configuration);
+    
     QJsonObject m_xrayConfig;
     Settings::RouteMode m_routeMode;
-    QList<QHostAddress> m_dnsServers;
-    QString m_remoteAddress;
-
-    QSharedPointer<IpcProcessInterfaceReplica> m_tun2socksProcess;
+    QString m_primaryDNS;
+    QString m_secondaryDNS;
+#ifndef Q_OS_IOS
+    QSharedPointer<IpcProcessTun2SocksReplica> m_t2sProcess;
+#endif
 };
 
 #endif // XRAYPROTOCOL_H

client/ui/controllers/api/apiConfigsController.cpp

@@ -11,14 +11,9 @@
 #include <QClipboard>
 #include <QDebug>
 #include <QEventLoop>
-#include <QFutureWatcher>
 #include <QSet>
-#include <QtConcurrent>
 
 #include "platforms/ios/ios_controller.h"
-#ifdef Q_OS_ANDROID
-#include "platforms/android/android_controller.h"
-#endif
 
 namespace
 {
@@ -375,7 +370,6 @@ bool ApiConfigsController::fillAvailableServices()
 
     QByteArray responseBody;
     ErrorCode errorCode = executeRequest(QString("%1v1/services"), apiPayload, responseBody);
-    qDebug().noquote() << "[Billing] gateway response v1/services responseBody:" << responseBody;
     if (errorCode == ErrorCode::NoError) {
         if (!responseBody.contains("services")) {
             errorCode = ErrorCode::ApiServicesMissingError;
@@ -431,97 +425,6 @@ bool ApiConfigsController::fillAvailableServices()
             }
         }
     }
-#elif defined(Q_OS_ANDROID)
-    // Get price from Google Play Billing
-    auto androidController = AndroidController::instance();
-    QJsonObject plansResult = androidController->getSubscriptionPlans();
-    int responseCode = plansResult.value("responseCode").toInt(-1);
-    qDebug().noquote() << "[Billing] getSubscriptionPlans plansResult:" << QJsonDocument(plansResult).toJson(QJsonDocument::Compact);
-    qDebug() << "[Billing] getSubscriptionPlans responseCode:" << responseCode;
-
-    if (responseCode == 0) {
-        QJsonArray products = plansResult.value("products").toArray();
-        QString formattedPrice;
-        int billingPeriodDays = 180;
-        for (const QJsonValue &productValue : products) {
-            QJsonObject product = productValue.toObject();
-            const QString productId = product.value("productId").toString();
-            const bool isPremium = (productId == "premium") || productId.contains("premium");
-            if (isPremium) {
-                QJsonArray offers = product.value("offers").toArray();
-                if (!offers.isEmpty()) {
-                    QJsonObject firstOffer = offers.at(0).toObject();
-                    QJsonArray pricingPhases = firstOffer.value("pricingPhases").toArray();
-                    if (!pricingPhases.isEmpty()) {
-                        QJsonObject pricingPhase = pricingPhases.at(0).toObject();
-                        formattedPrice = pricingPhase.value("formatedPrice").toString();
-                        if (formattedPrice.isEmpty()) {
-                            formattedPrice = pricingPhase.value("formattedPrice").toString();
-                        }
-                        QString billingPeriod = pricingPhase.value("billingPeriod").toString();
-                        if (billingPeriod.contains("Y")) {
-                            int idx = billingPeriod.indexOf("Y");
-                            int years = billingPeriod.mid(1, idx - 1).toInt();
-                            if (years > 0) billingPeriodDays = years * 365;
-                        } else if (billingPeriod.contains("M")) {
-                            int idx = billingPeriod.indexOf("M");
-                            int months = billingPeriod.mid(1, idx - 1).toInt();
-                            if (months > 0) billingPeriodDays = months * 30;
-                        } else if (billingPeriod.contains("D")) {
-                            int idx = billingPeriod.indexOf("D");
-                            billingPeriodDays = billingPeriod.mid(1, idx - 1).toInt();
-                        }
-                    }
-                }
-                break;
-            }
-        }
-        if (!formattedPrice.isEmpty()) {
-            QJsonArray services = data.value("services").toArray();
-            bool premiumFound = false;
-            for (int i = 0; i < services.size(); ++i) {
-                QJsonObject service = services[i].toObject();
-                if (service.value(configKey::serviceType).toString() == serviceType::amneziaPremium) {
-                    QJsonObject serviceInfo = service.value(configKey::serviceInfo).toObject();
-                    serviceInfo["price"] = formattedPrice;
-                    service[configKey::serviceInfo] = serviceInfo;
-                    services[i] = service;
-                    data["services"] = services;
-                    premiumFound = true;
-                    qInfo() << "[Billing] Updated premium service price in data:" << formattedPrice;
-                    break;
-                }
-            }
-         /*   if (!premiumFound) {
-                // Gateway did not return premium; add it from billing data
-                QString region = data.value(configKey::userCountryCode).toString();
-                QJsonObject serviceInfo;
-                serviceInfo["name"] = tr("Amnezia Premium");
-                serviceInfo["price"] = formattedPrice;
-                serviceInfo["region"] = region;
-                serviceInfo["speed"] = "200";
-                serviceInfo["timelimit"] = QString::number(billingPeriodDays);
-                QJsonObject serviceDescription;
-                serviceDescription["card_description"] = tr("Amnezia Premium is classic VPN for seamless work, downloading large files, and watching videos.");
-                serviceDescription["description"] = serviceDescription["card_description"];
-                serviceDescription["features"] = "";
-                QJsonObject premiumService;
-                premiumService[configKey::serviceType] = serviceType::amneziaPremium;
-                premiumService[configKey::serviceProtocol] = "amnezia-premium";
-                premiumService[configKey::serviceInfo] = serviceInfo;
-                premiumService["service_description"] = serviceDescription;
-                premiumService["available_countries"] = QJsonArray();
-                premiumService["is_available"] = true;
-                premiumService["store_endpoint"] = "";
-                premiumService["subscription"] = QJsonObject();
-                services.prepend(premiumService);
-                data["services"] = services;
-                qInfo() << "[Billing] Added premium service from billing (gateway did not return it)";
-            }*/
-        }
-    } else {
-        qWarning() << "[Billing] Failed to fetch product price, responseCode:" << responseCode;
-    }
 #endif
     
     m_apiServicesModel->updateModel(data);
@@ -533,19 +436,25 @@ bool ApiConfigsController::fillAvailableServices()
 
 bool ApiConfigsController::importService()
 {
-    if (m_apiServicesModel->getSelectedServiceType() == serviceType::amneziaPremium) {
-#if defined(Q_OS_IOS) || defined(MACOS_NE) || defined(Q_OS_ANDROID)
-        importServiceFromPaymentMarket();
-        return true;
+#if defined(Q_OS_IOS) || defined(MACOS_NE)
+    bool isIosOrMacOsNe = true;
 #else
-        return false; // premium only via App Store / Play
+    bool isIosOrMacOsNe = false;
 #endif
+
+    if (m_apiServicesModel->getSelectedServiceType() == serviceType::amneziaPremium) {
+        if (isIosOrMacOsNe) {
+            importSerivceFromAppStore();
+            return true;
+        }
+    } else {
+        importServiceFromGateway();
+        return true;
     }
-    importServiceFromGateway();
-    return true;
+    return false;
 }
 
-bool ApiConfigsController::importServiceFromPaymentMarket()
+bool ApiConfigsController::importSerivceFromAppStore()
 {
 #if defined(Q_OS_IOS) || defined(MACOS_NE)
     bool purchaseOk = false;
@@ -602,116 +511,12 @@ bool ApiConfigsController::importServiceFromPaymentMarket()
         return false;
     }
 
-    emit installServerFromApiFinished(tr("%1 installed successfully.").arg(m_apiServicesModel->getSelectedServiceName()));
-#elif defined(Q_OS_ANDROID)
-    auto androidController = AndroidController::instance();
-    QString purchaseToken;
-    bool purchaseOk = false;
-
-    QFutureWatcher<QPair<bool, QString>> watcher;
-    QEventLoop waitLoop;
-    connect(&watcher, &QFutureWatcher<QPair<bool, QString>>::finished, &waitLoop, &QEventLoop::quit);
-
-    QFuture<QPair<bool, QString>> future = QtConcurrent::run([androidController]() {
-        QJsonObject plansResult = androidController->getSubscriptionPlans();
-        int responseCode = plansResult.value("responseCode").toInt(-1);
-        qDebug().noquote() << "[Billing] importService getSubscriptionPlans plansResult:" << QJsonDocument(plansResult).toJson(QJsonDocument::Compact);
-        qDebug() << "[Billing] importService getSubscriptionPlans responseCode:" << responseCode;
-        if (responseCode != 0) {
-            qWarning() << "[Billing] Failed to get subscription plans, responseCode:" << responseCode;
-            return qMakePair(false, QString());
-        }
-        QJsonArray products = plansResult.value("products").toArray();
-        QString offerToken;
-        for (const QJsonValue &productValue : products) {
-            QJsonObject product = productValue.toObject();
-            const QString productId = product.value("productId").toString();
-            const bool isPremium = (productId == "premium") || productId.contains("premium");
-            if (isPremium) {
-                QJsonArray offers = product.value("offers").toArray();
-                if (!offers.isEmpty()) {
-                    QJsonObject firstOffer = offers.at(0).toObject();
-                    offerToken = firstOffer.value("offerToken").toString();
-                    qInfo() << "[Billing] Found offer token:" << offerToken;
-                    break;
-                }
-            }
-        }
-        if (offerToken.isEmpty()) {
-            qWarning() << "[Billing] No offer token found for premium subscription";
-            return qMakePair(false, QString());
-        }
-        QJsonObject purchaseResult = androidController->purchaseSubscription(offerToken);
-        responseCode = purchaseResult.value("responseCode").toInt(-1);
-        if (responseCode != 0) {
-            qWarning() << "[Billing] Purchase failed, responseCode:" << responseCode;
-            return qMakePair(false, QString());
-        }
-        QJsonArray purchases = purchaseResult.value("purchases").toArray();
-        if (purchases.isEmpty()) {
-            qWarning() << "[Billing] Purchase succeeded but no purchases returned";
-            return qMakePair(false, QString());
-        }
-        QJsonObject purchase = purchases.at(0).toObject();
-        QString token = purchase.value("purchaseToken").toString();
-        bool isAcknowledged = purchase.value("isAcknowledged").toBool();
-        qInfo() << "[Billing] Purchase success. purchaseToken:" << token << "isAcknowledged:" << isAcknowledged;
-        if (!isAcknowledged) {
-            QJsonObject ackResult = androidController->acknowledgePurchase(token);
-            if (ackResult.value("responseCode").toInt(-1) != 0) {
-                qWarning() << "[Billing] Acknowledge failed";
-            } else {
-                qInfo() << "[Billing] Purchase acknowledged successfully";
-            }
-        }
-        return qMakePair(true, token);
-    });
-
-    watcher.setFuture(future);
-    waitLoop.exec();
-
-    purchaseOk = watcher.result().first;
-    purchaseToken = watcher.result().second;
-
-    if (!purchaseOk || purchaseToken.isEmpty()) {
-        emit errorOccurred(ErrorCode::ApiPurchaseError);
-        return false;
-    }
-    
-    GatewayRequestData gatewayRequestData { QSysInfo::productType(),
-                                            QString(APP_VERSION),
-                                            m_settings->getAppLanguage().name().split("_").first(),
-                                            m_settings->getInstallationUuid(true),
-                                            m_apiServicesModel->getCountryCode(),
-                                            "",
-                                            m_apiServicesModel->getSelectedServiceType(),
-                                            m_apiServicesModel->getSelectedServiceProtocol(),
-                                            QJsonObject() };
-
-    QJsonObject apiPayload = gatewayRequestData.toJsonObject();
-    apiPayload[apiDefs::key::transactionId] = purchaseToken;
-    bool isTestPurchase = m_settings->isDevGatewayEnv(false) || androidController->isTestPurchaseEnvironment();
-
-    ErrorCode errorCode;
-    QByteArray responseBody;
-    errorCode = executeRequest(QString("%1v1/subscriptions"), apiPayload, responseBody, isTestPurchase);
-    if (errorCode != ErrorCode::NoError) {
-        emit errorOccurred(errorCode);
-        return false;
-    }
-
-    errorCode = importServiceFromBilling(responseBody, isTestPurchase);
-    if (errorCode != ErrorCode::NoError) {
-        emit errorOccurred(errorCode);
-        return false;
-    }
-
     emit installServerFromApiFinished(tr("%1 installed successfully.").arg(m_apiServicesModel->getSelectedServiceName()));
 #endif
     return true;
 }
 
-bool ApiConfigsController::restoreServiceFromPaymentMarket()
+bool ApiConfigsController::restoreSerivceFromAppStore()
 {
 #if defined(Q_OS_IOS) || defined(MACOS_NE)
     const QString premiumServiceType = QStringLiteral("amnezia-premium");
@@ -834,131 +639,6 @@ bool ApiConfigsController::restoreServiceFromPaymentMarket()
         qInfo().noquote() << "[IAP] Skipped" << duplicateCount
                           << "duplicate restored transactions for original transaction IDs already processed";
     }
-#elif defined(Q_OS_ANDROID)
-    // Android Google Play Billing restore implementation
-    const QString premiumServiceType = QStringLiteral("amnezia-premium");
-
-    if (!fillAvailableServices()) {
-        qWarning() << "[Billing] Unable to fetch services list before restore";
-        emit errorOccurred(ErrorCode::ApiServicesMissingError);
-        return false;
-    }
-
-    if (m_apiServicesModel->rowCount() <= 0) {
-        emit errorOccurred(ErrorCode::ApiServicesMissingError);
-        return false;
-    }
-
-    // Ensure we have a valid premium selection for gateway requests
-    bool premiumSelected = false;
-    for (int i = 0; i < m_apiServicesModel->rowCount(); ++i) {
-        m_apiServicesModel->setServiceIndex(i);
-        if (m_apiServicesModel->getSelectedServiceType() == premiumServiceType) {
-            premiumSelected = true;
-            break;
-        }
-    }
-
-    if (!premiumSelected) {
-        emit errorOccurred(ErrorCode::ApiServicesMissingError);
-        return false;
-    }
-
-    auto androidController = AndroidController::instance();
-    
-    // Query existing purchases
-    QJsonObject purchasesResult = androidController->queryPurchases();
-    int responseCode = purchasesResult.value("responseCode").toInt(-1);
-    
-    if (responseCode != 0) {
-        qWarning() << "[Billing] Failed to query purchases, responseCode:" << responseCode;
-        emit errorOccurred(ErrorCode::ApiPurchaseError);
-        return false;
-    }
-    
-    QJsonArray purchases = purchasesResult.value("purchases").toArray();
-    
-    if (purchases.isEmpty()) {
-        qInfo() << "[Billing] No purchases found to restore";
-        emit errorOccurred(ErrorCode::ApiNoPurchasesToRestore);
-        return false;
-    }
-    
-    bool hasInstalledConfig = false;
-    bool duplicateConfigAlreadyPresent = false;
-    QSet<QString> processedTokens;
-    
-    for (const QJsonValue &purchaseValue : purchases) {
-        QJsonObject purchase = purchaseValue.toObject();
-        QString purchaseToken = purchase.value("purchaseToken").toString();
-        bool isAcknowledged = purchase.value("isAcknowledged").toBool();
-        
-        if (purchaseToken.isEmpty()) {
-            qWarning() << "[Billing] Skipping purchase without token";
-            continue;
-        }
-        
-        if (processedTokens.contains(purchaseToken)) {
-            continue;
-        }
-        processedTokens.insert(purchaseToken);
-        
-        qInfo() << "[Billing] Restoring purchase. purchaseToken:" << purchaseToken
-                << "isAcknowledged:" << isAcknowledged;
-        
-        // Acknowledge purchase if needed
-        if (!isAcknowledged) {
-            QJsonObject ackResult = androidController->acknowledgePurchase(purchaseToken);
-            int ackResponseCode = ackResult.value("responseCode").toInt(-1);
-            if (ackResponseCode != 0) {
-                qWarning() << "[Billing] Acknowledge failed, responseCode:" << ackResponseCode;
-            } else {
-                qInfo() << "[Billing] Purchase acknowledged successfully";
-            }
-        }
-        
-        // Send purchase token to gateway
-        GatewayRequestData gatewayRequestData { QSysInfo::productType(),
-                                                QString(APP_VERSION),
-                                                m_settings->getAppLanguage().name().split("_").first(),
-                                                m_settings->getInstallationUuid(true),
-                                                m_apiServicesModel->getCountryCode(),
-                                                "",
-                                                m_apiServicesModel->getSelectedServiceType(),
-                                                m_apiServicesModel->getSelectedServiceProtocol(),
-                                                QJsonObject() };
-
-        QJsonObject apiPayload = gatewayRequestData.toJsonObject();
-        apiPayload[apiDefs::key::transactionId] = purchaseToken;
-        bool isTestPurchase = m_settings->isDevGatewayEnv(false) || androidController->isTestPurchaseEnvironment();
-
-        QByteArray responseBody;
-        ErrorCode errorCode = executeRequest(QString("%1v1/subscriptions"), apiPayload, responseBody, isTestPurchase);
-        if (errorCode != ErrorCode::NoError) {
-            qWarning() << "[Billing] Failed to restore purchase" << purchaseToken
-                      << "errorCode =" << static_cast<int>(errorCode);
-            continue;
-        }
-
-        ErrorCode installError = importServiceFromBilling(responseBody, isTestPurchase);
-        if (installError == ErrorCode::ApiConfigAlreadyAdded) {
-            duplicateConfigAlreadyPresent = true;
-            qInfo() << "[Billing] Skipping restored purchase" << purchaseToken
-                   << "because subscription config with the same vpn_key already exists";
-        } else if (installError != ErrorCode::NoError) {
-            qWarning() << "[Billing] Failed to process restored subscription response for purchase" << purchaseToken;
-        } else {
-            hasInstalledConfig = true;
-        }
-    }
-    
-    if (!hasInstalledConfig) {
-        const ErrorCode restoreError = duplicateConfigAlreadyPresent ? ErrorCode::ApiConfigAlreadyAdded : ErrorCode::ApiPurchaseError;
-        emit errorOccurred(restoreError);
-        return false;
-    }
-
-    emit installServerFromApiFinished(tr("Subscription restored successfully."));
 #endif
     return true;
 }
@@ -1264,16 +944,16 @@ QString ApiConfigsController::getVpnKey()
 
 ErrorCode ApiConfigsController::importServiceFromBilling(const QByteArray &responseBody, const bool isTestPurchase)
 {
-#if defined(Q_OS_IOS) || defined(Q_OS_ANDROID)
+#ifdef Q_OS_IOS
     QJsonObject responseObject = QJsonDocument::fromJson(responseBody).object();
     QString key = responseObject.value(QStringLiteral("key")).toString();
     if (key.isEmpty()) {
-        qWarning().noquote() << "[IAP/Billing] Subscription response does not contain a key field";
+        qWarning().noquote() << "[IAP] Subscription response does not contain a key field";
         return ErrorCode::ApiPurchaseError;
     }
 
     if (m_serversModel->hasServerWithVpnKey(key)) {
-        qInfo().noquote() << "[IAP/Billing] Subscription config with the same vpn_key already exists";
+        qInfo().noquote() << "[IAP] Subscription config with the same vpn_key already exists";
         return ErrorCode::ApiConfigAlreadyAdded;
     }
 
@@ -1287,7 +967,7 @@ ErrorCode ApiConfigsController::importServiceFromBilling(const QByteArray &respo
     }
 
     if (configString.isEmpty()) {
-        qWarning().noquote() << "[IAP/Billing] Subscription response config payload is empty";
+        qWarning().noquote() << "[IAP] Subscription response config payload is empty";
         return ErrorCode::ApiPurchaseError;
     }
 

client/ui/controllers/api/apiConfigsController.h

@@ -27,8 +27,8 @@ public slots:
 
     bool fillAvailableServices();
     bool importService();
-    bool importServiceFromPaymentMarket();
-    bool restoreServiceFromPaymentMarket();
+    bool importSerivceFromAppStore();
+    bool restoreSerivceFromAppStore();
     bool importServiceFromGateway();
     bool updateServiceFromGateway(const int serverIndex, const QString &newCountryCode, const QString &newCountryName,
                                   bool reloadServiceConfig = false);

client/ui/controllers/importController.cpp

@@ -291,8 +291,6 @@ void ImportController::processNativeWireGuardConfig()
         clientProtocolConfig[config_key::cookieReplyPacketJunkSize] = "0";
         clientProtocolConfig[config_key::transportPacketJunkSize] = "0";
 
-        clientProtocolConfig[config_key::specialJunk1] = protocols::awg::defaultSpecialJunk1;
-
         clientProtocolConfig[config_key::isObfuscationEnabled] = true;
 
         serverProtocolConfig[config_key::last_config] = QString(QJsonDocument(clientProtocolConfig).toJson());

client/ui/models/api/apiServicesModel.cpp

@@ -114,8 +114,6 @@ QVariant ApiServicesModel::data(const QModelIndex &index, int role) const
         }
 #if defined(Q_OS_IOS) || defined(MACOS_NE)
         return tr("%1 $").arg(price);
-#elif defined(Q_OS_ANDROID)
-        return price;
 #else
         return tr("%1 $/month").arg(price);
 #endif

client/ui/qml/Pages2/PageSettingsApiServerInfo.qml

@@ -396,7 +396,9 @@ PageType {
                             PageController.showNotificationMessage(qsTr("Cannot remove server during active connection"))
                         } else {
                             PageController.showBusyIndicator(true)
-                            InstallController.removeProcessedServer()
+                            if (ApiConfigsController.deactivateDevice(true)) {
+                                InstallController.removeProcessedServer()
+                            }
                             PageController.showBusyIndicator(false)
                         }
                     }

client/ui/qml/Pages2/PageSetupWizardApiServiceInfo.qml

@@ -1,237 +1,226 @@
-import QtQuick
-import QtQuick.Controls
-import QtQuick.Layouts
-import QtQuick.Dialogs
-
-import PageEnum 1.0
-import Style 1.0
-
-import "./"
-import "../Controls2"
-import "../Controls2/TextTypes"
-import "../Config"
-import "../Components"
-
-PageType {
-    id: root
-
-    BackButtonType {
-        id: backButton
-
-        anchors.top: parent.top
-        anchors.left: parent.left
-        anchors.right: parent.right
-        anchors.topMargin: 20 + SettingsController.safeAreaTopMargin
-
-        onFocusChanged: {
-            if (this.activeFocus) {
-                listView.positionViewAtBeginning()
-            }
-        }
-    }
-
-    ListViewType {
-        id: listView
-
-        anchors.top: backButton.bottom
-        anchors.bottom: parent.bottom
-        anchors.right: parent.right
-        anchors.left: parent.left
-
-        header: ColumnLayout {
-            width: listView.width
-
-            BaseHeaderType {
-                Layout.fillWidth: true
-                Layout.topMargin: 8
-                Layout.rightMargin: 16
-                Layout.leftMargin: 16
-                Layout.bottomMargin: 32
-
-                headerText: ApiServicesModel.getSelectedServiceData("name")
-                descriptionText: ApiServicesModel.getSelectedServiceData("serviceDescription")
-            }
-        }
-
-        model: inputFields
-        spacing: 0
-
-        delegate: ColumnLayout {
-            width: listView.width
-
-            LabelWithImageType {
-                Layout.fillWidth: true
-                Layout.margins: 16
-
-                imageSource: imagePath
-                leftText: lText
-                rightText: rText
-
-                visible: isVisible
-            }
-        }
-
-        footer: ColumnLayout {
-            width: listView.width
-
-            spacing: 0
-
-            ParagraphTextType {
-                Layout.fillWidth: true
-                Layout.rightMargin: 16
-                Layout.leftMargin: 16
-
-                onLinkActivated: function(link) {
-                    Qt.openUrlExternally(link)
-                }
-                textFormat: Text.RichText
-                text: {
-                    var text = ApiServicesModel.getSelectedServiceData("features")
-                    return text.replace("%1", LanguageModel.getCurrentSiteUrl("free")).replace("/free", "") // todo link should come from gateway
-                }
-
-                MouseArea {
-                    anchors.fill: parent
-                    acceptedButtons: Qt.NoButton
-                    cursorShape: parent.hoveredLink ? Qt.PointingHandCursor : Qt.ArrowCursor
-                }
-            }
-
-            ParagraphTextType {
-                Layout.fillWidth: true
-                Layout.topMargin: 16
-                Layout.leftMargin: 16
-                Layout.rightMargin: 16
-
-                visible: ((Qt.platform.os === "ios" || IsMacOsNeBuild) && ApiServicesModel.getSelectedServiceType() === "amnezia-premium") ||
-                         (Qt.platform.os === "android" && ApiServicesModel.getSelectedServiceType() === "amnezia-premium")
-
-                horizontalAlignment: Text.AlignHCenter
-                textFormat: Text.PlainText
-                color: AmneziaStyle.color.mutedGray
-                font.pixelSize: 12
-
-                text: {
-                    if (Qt.platform.os === "ios" || IsMacOsNeBuild) {
-                        return qsTr("Charged to your Apple ID at confirmation. Renews automatically unless auto-renew is turned off at least 24 hours before period end. Manage in Apple ID settings.")
-                    } else if (Qt.platform.os === "android") {
-                        return qsTr("Charged to your Google Play account at confirmation. Renews automatically unless auto-renew is turned off at least 24 hours before period end. Manage in Google Play settings.")
-                    }
-                    return ""
-                }
-            }
-
-            BasicButtonType {
-                id: continueButton
-
-                Layout.fillWidth: true
-                Layout.topMargin: 32
-                Layout.bottomMargin: 16
-                Layout.leftMargin: 16
-                Layout.rightMargin: 16
-
-                text: ApiServicesModel.getSelectedServiceType() === "amnezia-premium" ? qsTr("Subscribe Now") : qsTr("Connect")
-
-                clickedFunc: function() {
-                    PageController.showBusyIndicator(true)
-                    var result = ApiConfigsController.importService()
-                    PageController.showBusyIndicator(false)
-
-                    if (!result) {
-                        var endpoint = ApiServicesModel.getStoreEndpoint()
-                        Qt.openUrlExternally(endpoint)
-                        PageController.closePage()
-                        PageController.closePage()
-                    }
-                }
-            }
-
-            ParagraphTextType {
-                Layout.fillWidth: true
-                Layout.topMargin: 16
-                Layout.leftMargin: 16
-                Layout.rightMargin: 16
-                Layout.bottomMargin: 32
-
-                visible: ((Qt.platform.os === "ios" || IsMacOsNeBuild) && ApiServicesModel.getSelectedServiceType() === "amnezia-premium") ||
-                         (Qt.platform.os === "android" && ApiServicesModel.getSelectedServiceType() === "amnezia-premium")
-
-                horizontalAlignment: Text.AlignHCenter
-                textFormat: Text.RichText
-                color: AmneziaStyle.color.mutedGray
-                font.pixelSize: 12
-
-                text: {
-                    var termsUrl = Qt.platform.os === "ios" || IsMacOsNeBuild ? 
-                                   "https://www.apple.com/legal/internet-services/itunes/dev/stdeula/" :
-                                   "https://play.google.com/intl/en_us/about/play-terms/"
-                    var privacyUrl = LanguageModel.getCurrentSiteUrl("policy")
-                    return qsTr("By continuing, you agree to the <a href=\"%1\" style=\"color: #FBB26A;\">Terms of Use</a> and <a href=\"%2\" style=\"color: #FBB26A;\">Privacy Policy</a>").arg(termsUrl).arg(privacyUrl)
-                }
-
-                onLinkActivated: function(link) {
-                    Qt.openUrlExternally(link)
-                }
-
-                MouseArea {
-                    anchors.fill: parent
-                    acceptedButtons: Qt.NoButton
-                    cursorShape: parent.hoveredLink ? Qt.PointingHandCursor : Qt.ArrowCursor
-                }
-            }
-        }
-    }
-
-    property list<QtObject> inputFields: [
-        region,
-        price,
-        timeLimit,
-        speed,
-        features
-    ]
-
-    QtObject {
-        id: region
-
-        readonly property string imagePath: "qrc:/images/controls/map-pin.svg"
-        readonly property string lText: qsTr("For the region")
-        readonly property string rText: ApiServicesModel.getSelectedServiceData("region")
-        property bool isVisible: true
-    }
-
-    QtObject {
-        id: price
-
-        readonly property string imagePath: "qrc:/images/controls/tag.svg"
-        readonly property string lText: qsTr("Price")
-        readonly property string rText: ApiServicesModel.getSelectedServiceData("price")
-        property bool isVisible: true
-    }
-
-    QtObject {
-        id: timeLimit
-
-        readonly property string imagePath: "qrc:/images/controls/history.svg"
-        readonly property string lText: qsTr("Work period")
-        readonly property string rText: ApiServicesModel.getSelectedServiceData("timeLimit")
-        property bool isVisible: rText !== ""
-    }
-
-    QtObject {
-        id: speed
-
-        readonly property string imagePath: "qrc:/images/controls/gauge.svg"
-        readonly property string lText: qsTr("Speed")
-        readonly property string rText: ApiServicesModel.getSelectedServiceData("speed")
-        property bool isVisible: true
-    }
-
-    QtObject {
-        id: features
-
-        readonly property string imagePath: "qrc:/images/controls/info.svg"
-        readonly property string lText: qsTr("Features")
-        readonly property string rText: ""
-        property bool isVisible: true
-    }
-}
+import QtQuick
+import QtQuick.Controls
+import QtQuick.Layouts
+import QtQuick.Dialogs
+
+import PageEnum 1.0
+import Style 1.0
+
+import "./"
+import "../Controls2"
+import "../Controls2/TextTypes"
+import "../Config"
+import "../Components"
+
+PageType {
+    id: root
+
+    BackButtonType {
+        id: backButton
+
+        anchors.top: parent.top
+        anchors.left: parent.left
+        anchors.right: parent.right
+        anchors.topMargin: 20 + SettingsController.safeAreaTopMargin
+
+        onFocusChanged: {
+            if (this.activeFocus) {
+                listView.positionViewAtBeginning()
+            }
+        }
+    }
+
+    ListViewType {
+        id: listView
+
+        anchors.top: backButton.bottom
+        anchors.bottom: parent.bottom
+        anchors.right: parent.right
+        anchors.left: parent.left
+
+        header: ColumnLayout {
+            width: listView.width
+
+            BaseHeaderType {
+                Layout.fillWidth: true
+                Layout.topMargin: 8
+                Layout.rightMargin: 16
+                Layout.leftMargin: 16
+                Layout.bottomMargin: 32
+
+                headerText: ApiServicesModel.getSelectedServiceData("name")
+                descriptionText: ApiServicesModel.getSelectedServiceData("serviceDescription")
+            }
+        }
+
+        model: inputFields
+        spacing: 0
+
+        delegate: ColumnLayout {
+            width: listView.width
+
+            LabelWithImageType {
+                Layout.fillWidth: true
+                Layout.margins: 16
+
+                imageSource: imagePath
+                leftText: lText
+                rightText: rText
+
+                visible: isVisible
+            }
+        }
+
+        footer: ColumnLayout {
+            width: listView.width
+
+            spacing: 0
+
+            ParagraphTextType {
+                Layout.fillWidth: true
+                Layout.rightMargin: 16
+                Layout.leftMargin: 16
+
+                onLinkActivated: function(link) {
+                    Qt.openUrlExternally(link)
+                }
+                textFormat: Text.RichText
+                text: {
+                    var text = ApiServicesModel.getSelectedServiceData("features")
+                    return text.replace("%1", LanguageModel.getCurrentSiteUrl("free")).replace("/free", "") // todo link should come from gateway
+                }
+
+                MouseArea {
+                    anchors.fill: parent
+                    acceptedButtons: Qt.NoButton
+                    cursorShape: parent.hoveredLink ? Qt.PointingHandCursor : Qt.ArrowCursor
+                }
+            }
+
+            ParagraphTextType {
+                Layout.fillWidth: true
+                Layout.topMargin: 16
+                Layout.leftMargin: 16
+                Layout.rightMargin: 16
+
+                visible: (Qt.platform.os === "ios" || IsMacOsNeBuild) && ApiServicesModel.getSelectedServiceType() === "amnezia-premium"
+
+                horizontalAlignment: Text.AlignHCenter
+                textFormat: Text.PlainText
+                color: AmneziaStyle.color.mutedGray
+                font.pixelSize: 12
+
+                text: qsTr("Charged to your Apple ID at confirmation. Renews automatically unless auto-renew is turned off at least 24 hours before period end. Manage in Apple ID settings.")
+            }
+
+            BasicButtonType {
+                id: continueButton
+
+                Layout.fillWidth: true
+                Layout.topMargin: 32
+                Layout.bottomMargin: 16
+                Layout.leftMargin: 16
+                Layout.rightMargin: 16
+
+                text: ApiServicesModel.getSelectedServiceType() === "amnezia-premium" ? qsTr("Subscribe Now") : qsTr("Connect")
+
+                clickedFunc: function() {
+                    PageController.showBusyIndicator(true)
+                    var result = ApiConfigsController.importService()
+                    PageController.showBusyIndicator(false)
+
+                    if (!result) {
+                        var endpoint = ApiServicesModel.getStoreEndpoint()
+                        Qt.openUrlExternally(endpoint)
+                        PageController.closePage()
+                        PageController.closePage()
+                    }
+                }
+            }
+
+            ParagraphTextType {
+                Layout.fillWidth: true
+                Layout.topMargin: 16
+                Layout.leftMargin: 16
+                Layout.rightMargin: 16
+                Layout.bottomMargin: 32
+
+                visible: (Qt.platform.os === "ios" || IsMacOsNeBuild) && ApiServicesModel.getSelectedServiceType() === "amnezia-premium"
+
+                horizontalAlignment: Text.AlignHCenter
+                textFormat: Text.RichText
+                color: AmneziaStyle.color.mutedGray
+                font.pixelSize: 12
+
+                text: {
+                    var termsUrl = "https://www.apple.com/legal/internet-services/itunes/dev/stdeula/"
+                    var privacyUrl = LanguageModel.getCurrentSiteUrl("policy")
+                    return qsTr("By continuing, you agree to the <a href=\"%1\" style=\"color: #FBB26A;\">Terms of Use</a> and <a href=\"%2\" style=\"color: #FBB26A;\">Privacy Policy</a>").arg(termsUrl).arg(privacyUrl)
+                }
+
+                onLinkActivated: function(link) {
+                    Qt.openUrlExternally(link)
+                }
+
+                MouseArea {
+                    anchors.fill: parent
+                    acceptedButtons: Qt.NoButton
+                    cursorShape: parent.hoveredLink ? Qt.PointingHandCursor : Qt.ArrowCursor
+                }
+            }
+        }
+    }
+
+    property list<QtObject> inputFields: [
+        region,
+        price,
+        timeLimit,
+        speed,
+        features
+    ]
+
+    QtObject {
+        id: region
+
+        readonly property string imagePath: "qrc:/images/controls/map-pin.svg"
+        readonly property string lText: qsTr("For the region")
+        readonly property string rText: ApiServicesModel.getSelectedServiceData("region")
+        property bool isVisible: true
+    }
+
+    QtObject {
+        id: price
+
+        readonly property string imagePath: "qrc:/images/controls/tag.svg"
+        readonly property string lText: qsTr("Price")
+        readonly property string rText: ApiServicesModel.getSelectedServiceData("price")
+        property bool isVisible: true
+    }
+
+    QtObject {
+        id: timeLimit
+
+        readonly property string imagePath: "qrc:/images/controls/history.svg"
+        readonly property string lText: qsTr("Work period")
+        readonly property string rText: ApiServicesModel.getSelectedServiceData("timeLimit")
+        property bool isVisible: rText !== ""
+    }
+
+    QtObject {
+        id: speed
+
+        readonly property string imagePath: "qrc:/images/controls/gauge.svg"
+        readonly property string lText: qsTr("Speed")
+        readonly property string rText: ApiServicesModel.getSelectedServiceData("speed")
+        property bool isVisible: true
+    }
+
+    QtObject {
+        id: features
+
+        readonly property string imagePath: "qrc:/images/controls/info.svg"
+        readonly property string lText: qsTr("Features")
+        readonly property string rText: ""
+        property bool isVisible: true
+    }
+}

client/ui/qml/Pages2/PageSetupWizardConfigSource.qml

@@ -358,10 +358,10 @@ PageType {
         property string title: qsTr("Restore purchases")
         property string description: qsTr("")
         property string imageSource: "qrc:/images/controls/refresh-cw.svg"
-        property bool isVisible: Qt.platform.os === "ios" || IsMacOsNeBuild || Qt.platform.os === "android"
+        property bool isVisible: Qt.platform.os === "ios" || IsMacOsNeBuild
         property var handler: function() {
             PageController.showBusyIndicator(true)
-            ApiConfigsController.restoreServiceFromPaymentMarket()
+            ApiConfigsController.restoreSerivceFromAppStore()
             PageController.showBusyIndicator(false)
         }
     }

client/vpnconnection.cpp

@@ -41,6 +41,7 @@ VpnConnection::VpnConnection(std::shared_ptr<Settings> settings, QObject *parent
     m_checkTimer.setInterval(1000);
     connect(IosController::Instance(), &IosController::connectionStateChanged, this, &VpnConnection::onConnectionStateChanged);
     connect(IosController::Instance(), &IosController::bytesChanged, this, &VpnConnection::onBytesChanged);
+
 #endif
 }
 
@@ -58,7 +59,7 @@ void VpnConnection::onKillSwitchModeChanged(bool enabled)
 #ifdef AMNEZIA_DESKTOP
     IpcClient::withInterface([enabled](QSharedPointer<IpcInterfaceReplica> iface){
         QRemoteObjectPendingReply<bool> reply = iface->refreshKillSwitch(enabled);
-        if (reply.waitForFinished() && reply.returnValue())
+        if (reply.waitForFinished(1000) && reply.returnValue())
             qDebug() << "VpnConnection::onKillSwitchModeChanged: Killswitch refreshed";
         else
             qWarning() << "VpnConnection::onKillSwitchModeChanged: Failed to execute remote refreshKillSwitch call";
@@ -72,57 +73,60 @@ void VpnConnection::onConnectionStateChanged(Vpn::ConnectionState state)
     auto container = m_settings->defaultContainer(m_settings->defaultServerIndex());
 
     IpcClient::withInterface([&](QSharedPointer<IpcInterfaceReplica> iface) {
-        switch (state) {
-            case Vpn::ConnectionState::Connected: {
-                iface->resetIpStack();
+        if (state == Vpn::ConnectionState::Connected) {
+            iface->resetIpStack();
+            iface->flushDns();
 
-                auto flushDns = iface->flushDns();
-                if (flushDns.waitForFinished() && flushDns.returnValue())
-                    qDebug() << "VpnConnection::onConnectionStateChanged: Successfully flushed DNS";
-                else
-                    qWarning() << "VpnConnection::onConnectionStateChanged: Failed to clear saved routes";
+            if (!ContainerProps::isAwgContainer(container) && 
+                container != DockerContainer::WireGuard) {
+                QString dns1 = m_vpnConfiguration.value(config_key::dns1).toString();
+                QString dns2 = m_vpnConfiguration.value(config_key::dns2).toString();
 
+                iface->routeAddList(m_vpnProtocol->vpnGateway(), QStringList() << dns1 << dns2);
 
-                if (!ContainerProps::isAwgContainer(container) &&
-                    container != DockerContainer::WireGuard) {
-                    QString dns1 = m_vpnConfiguration.value(config_key::dns1).toString();
-                    QString dns2 = m_vpnConfiguration.value(config_key::dns2).toString();
+                if (m_settings->isSitesSplitTunnelingEnabled()) {
+                    iface->routeDeleteList(m_vpnProtocol->vpnGateway(), QStringList() << "0.0.0.0");
+                    // qDebug() << "VpnConnection::onConnectionStateChanged :: adding custom routes, count:" << forwardIps.size();
+                    if (m_settings->routeMode() == Settings::VpnOnlyForwardSites) {
+                        QTimer::singleShot(1000, m_vpnProtocol.data(),
+                                           [this]() { addSitesRoutes(m_vpnProtocol->vpnGateway(), m_settings->routeMode()); });
+                    } else if (m_settings->routeMode() == Settings::VpnAllExceptSites) {
+                        iface->routeAddList(m_vpnProtocol->vpnGateway(), QStringList() << "0.0.0.0/1");
+                        iface->routeAddList(m_vpnProtocol->vpnGateway(), QStringList() << "128.0.0.0/1");
 
-                    // TODO: add error code handling for all routeAddList (or rework the code below)
-                    iface->routeAddList(m_vpnProtocol->vpnGateway(), QStringList() << dns1 << dns2);
-
-                    if (m_settings->isSitesSplitTunnelingEnabled()) {
-                        iface->routeDeleteList(m_vpnProtocol->vpnGateway(), QStringList() << "0.0.0.0");
-                        // qDebug() << "VpnConnection::onConnectionStateChanged :: adding custom routes, count:" << forwardIps.size();
-                        if (m_settings->routeMode() == Settings::VpnOnlyForwardSites) {
-                            QTimer::singleShot(1000, m_vpnProtocol.data(),
-                                               [this]() { addSitesRoutes(m_vpnProtocol->vpnGateway(), m_settings->routeMode()); });
-                        } else if (m_settings->routeMode() == Settings::VpnAllExceptSites) {
-                            iface->routeAddList(m_vpnProtocol->vpnGateway(), QStringList() << "0.0.0.0/1");
-                            iface->routeAddList(m_vpnProtocol->vpnGateway(), QStringList() << "128.0.0.0/1");
-
-                            iface->routeAddList(m_vpnProtocol->routeGateway(), QStringList() << remoteAddress());
-                            addSitesRoutes(m_vpnProtocol->routeGateway(), m_settings->routeMode());
-                        }
+                        iface->routeAddList(m_vpnProtocol->routeGateway(), QStringList() << remoteAddress());
+                        addSitesRoutes(m_vpnProtocol->routeGateway(), m_settings->routeMode());
                     }
                 }
-            } break;
-            case Vpn::ConnectionState::Disconnected:
-            case Vpn::ConnectionState::Error: {
-                auto flushDns = iface->flushDns();
-                if (flushDns.waitForFinished() && flushDns.returnValue())
-                    qDebug() << "VpnConnection::onConnectionStateChanged: Successfully flushed DNS";
-                else
-                    qWarning() << "VpnConnection::onConnectionStateChanged: Failed to flush DNS";
+            }
 
-                auto clearSavedRoutes = iface->clearSavedRoutes();
-                if (clearSavedRoutes.waitForFinished() && clearSavedRoutes.returnValue())
-                    qDebug() << "VpnConnection::onConnectionStateChanged: Successfully cleared saved routes";
-                else
-                    qWarning() << "VpnConnection::onConnectionStateChanged: Failed to clear saved routes";
-            } break;
-            default:
-                break;
+            if (container != DockerContainer::Ipsec) {
+                if (startNetworkCheckIfReady()) {
+                    m_pendingNetworkCheck = false;
+                } else {
+                    m_pendingNetworkCheck = true;
+                    qWarning() << "Deferring startNetworkCheck; missing gateway/local address"
+                               << m_vpnProtocol->vpnGateway() << m_vpnProtocol->vpnLocalAddress();
+                }
+            } else {
+                m_pendingNetworkCheck = false;
+            }
+
+        } else if (state == Vpn::ConnectionState::Error) {
+            m_pendingNetworkCheck = false;
+            iface->flushDns();
+
+            if (m_settings->isSitesSplitTunnelingEnabled()) {
+                if (m_settings->routeMode() == Settings::VpnOnlyForwardSites) {
+                    iface->clearSavedRoutes();
+                }
+            }
+        } else if (state == Vpn::ConnectionState::Connecting) {
+
+        } else if (state == Vpn::ConnectionState::Disconnected) {
+            m_pendingNetworkCheck = false;
+            auto result = iface->stopNetworkCheck();
+            result.waitForFinished(3000);
         }
     });
 #endif
@@ -136,6 +140,7 @@ void VpnConnection::onConnectionStateChanged(Vpn::ConnectionState state)
         m_checkTimer.stop();
     }
 #endif
+    emit connectionStateChanged(state);
 }
 
 const QString &VpnConnection::remoteAddress() const
@@ -180,11 +185,7 @@ void VpnConnection::addSitesRoutes(const QString &gw, Settings::RouteMode mode)
                         });
                         m_settings->addVpnSite(mode, site, ip);
                     }
-                    IpcClient::withInterface([](QSharedPointer<IpcInterfaceReplica> iface) {
-                        auto reply = iface->flushDns();
-                        if (reply.waitForFinished() || !reply.returnValue())
-                            qWarning() << "VpnConnection::addSitesRoutes: Failed to flush DNS";
-                    });
+                    flushDns();
                     break;
                 }
             }
@@ -199,6 +200,48 @@ QSharedPointer<VpnProtocol> VpnConnection::vpnProtocol() const
     return m_vpnProtocol;
 }
 
+void VpnConnection::addRoutes(const QStringList &ips)
+{
+#ifdef AMNEZIA_DESKTOP
+    IpcClient::withInterface([&](QSharedPointer<IpcInterfaceReplica> iface) {
+        if (connectionState() == Vpn::ConnectionState::Connected) {
+            if (m_settings->routeMode() == Settings::VpnOnlyForwardSites) {
+                iface->routeAddList(m_vpnProtocol->vpnGateway(), ips);
+            } else if (m_settings->routeMode() == Settings::VpnAllExceptSites) {
+                iface->routeAddList(m_vpnProtocol->routeGateway(), ips);
+            }
+        }
+    });
+#endif
+}
+
+void VpnConnection::deleteRoutes(const QStringList &ips)
+{
+#ifdef AMNEZIA_DESKTOP
+    IpcClient::withInterface([&](QSharedPointer<IpcInterfaceReplica> iface) {
+        if (connectionState() == Vpn::ConnectionState::Connected) {
+            if (m_settings->routeMode() == Settings::VpnOnlyForwardSites) {
+                iface->routeDeleteList(vpnProtocol()->vpnGateway(), ips);
+            } else if (m_settings->routeMode() == Settings::VpnAllExceptSites) {
+                iface->routeDeleteList(m_vpnProtocol->routeGateway(), ips);
+            }
+        }
+    });
+#endif
+}
+
+void VpnConnection::flushDns()
+{
+#ifdef AMNEZIA_DESKTOP
+    IpcClient::withInterface([](QSharedPointer<IpcInterfaceReplica> iface) {
+        auto reply = iface->flushDns();
+        if (reply.waitForFinished(1000) || !reply.returnValue()) {
+            qWarning() << "VpnConnection::flushDns(): Failed to flush DNS";
+        }
+    });
+#endif
+}
+
 void VpnConnection::disconnectSlots()
 {
     if (m_vpnProtocol) {
@@ -222,15 +265,19 @@ ErrorCode VpnConnection::lastError() const
 void VpnConnection::connectToVpn(int serverIndex, const ServerCredentials &credentials, DockerContainer container,
                                  const QJsonObject &vpnConfiguration)
 {
-    qDebug() << QString("Trying to connect to VPN, server index is %1, container is %2, route mode is")
+    qDebug() << QString("ConnectToVpn, Server index is %1, container is %2, route mode is")
                         .arg(serverIndex)
                         .arg(ContainerProps::containerToString(container))
              << m_settings->routeMode();
 
     m_remoteAddress = NetworkUtilities::getIPAddress(credentials.hostName);
-    setConnectionState(Vpn::ConnectionState::Connecting);
+    emit connectionStateChanged(Vpn::ConnectionState::Connecting);
 
+    m_pendingNetworkCheck = false;
     m_vpnConfiguration = vpnConfiguration;
+    m_serverIndex = serverIndex;
+    m_serverCredentials = credentials;
+    m_dockerContainer = container;
 
 #ifdef AMNEZIA_DESKTOP
     if (m_vpnProtocol) {
@@ -246,7 +293,7 @@ void VpnConnection::connectToVpn(int serverIndex, const ServerCredentials &crede
 #if !defined(Q_OS_ANDROID) && !defined(Q_OS_IOS) && !defined(MACOS_NE)
     m_vpnProtocol.reset(VpnProtocol::factory(container, m_vpnConfiguration));
     if (!m_vpnProtocol) {
-        setConnectionState(Vpn::ConnectionState::Error);
+        emit connectionStateChanged(Vpn::ConnectionState::Error);
         return;
     }
     m_vpnProtocol->prepare();
@@ -264,23 +311,75 @@ void VpnConnection::connectToVpn(int serverIndex, const ServerCredentials &crede
 
     createProtocolConnections();
 
-    if (ErrorCode err = m_vpnProtocol->start(); err != ErrorCode::NoError) {
-        setConnectionState(Vpn::ConnectionState::Error);
-        emit vpnProtocolError(err);
+    ErrorCode errorCode = m_vpnProtocol->start();
+    if (errorCode != ErrorCode::NoError)
+        emit connectionStateChanged(Vpn::ConnectionState::Error);
+}
+
+void VpnConnection::restartConnection()
+{
+    // Only reconnect if VPN was connected before sleep/network change
+    if (!m_wasConnectedBeforeSleep) {
+        qDebug() << "VPN was not connected before sleep/network change, skipping reconnection";
+        return;
     }
+    
+    qDebug() << "VPN was connected before sleep/network change, attempting reconnection";
+    this->disconnectFromVpn();
+#ifdef Q_OS_LINUX
+    QThread::msleep(5000);
+#endif
+    this->connectToVpn(m_serverIndex, m_serverCredentials, m_dockerContainer, m_vpnConfiguration);
+    
+    // Reset the flag after reconnection attempt
+    m_wasConnectedBeforeSleep = false;
 }
 
 void VpnConnection::createProtocolConnections()
 {
     connect(m_vpnProtocol.data(), &VpnProtocol::protocolError, this, &VpnConnection::vpnProtocolError);
-    connect(m_vpnProtocol.data(), &VpnProtocol::connectionStateChanged, this, &VpnConnection::setConnectionState);
+    connect(m_vpnProtocol.data(), SIGNAL(connectionStateChanged(Vpn::ConnectionState)), this,
+            SLOT(onConnectionStateChanged(Vpn::ConnectionState)));
     connect(m_vpnProtocol.data(), SIGNAL(bytesChanged(quint64, quint64)), this, SLOT(onBytesChanged(quint64, quint64)));
 
 #ifdef AMNEZIA_DESKTOP
-    IpcClient::withInterface([this](QSharedPointer<IpcInterfaceReplica> rep) {
-        connect(rep.data(), &IpcInterfaceReplica::networkChanged, this, &VpnConnection::reconnectToVpn, Qt::QueuedConnection);
-        connect(rep.data(), &IpcInterfaceReplica::wakeup, this, &VpnConnection::reconnectToVpn, Qt::QueuedConnection);
-    });
+    if (m_connectionLoseHandle)
+        disconnect(m_connectionLoseHandle);
+    if (m_networkChangeHandle)
+        disconnect(m_networkChangeHandle);
+    m_connectionLoseHandle = QMetaObject::Connection();
+    m_networkChangeHandle = QMetaObject::Connection();
+
+    // TODO: replace unsafe IpcClient::Interface() calls
+    m_connectionLoseHandle = connect(IpcClient::Interface().data(), &IpcInterfaceReplica::connectionLose,
+            this, [this]() {
+                qDebug() << "Connection Lose";
+                auto result = IpcClient::Interface()->stopNetworkCheck();
+                result.waitForFinished(3000);
+                // Track VPN state before connection loss
+                m_wasConnectedBeforeSleep = isConnected();
+                qDebug() << "VPN was connected before connection loss:" << m_wasConnectedBeforeSleep;
+                this->restartConnection();
+            });
+    m_networkChangeHandle = connect(IpcClient::Interface().data(), &IpcInterfaceReplica::networkChange,
+            this, [this]() {
+                qDebug() << "Network change";
+                // Track VPN state before network change (including sleep/wake)
+                m_wasConnectedBeforeSleep = isConnected();
+                qDebug() << "VPN was connected before network change:" << m_wasConnectedBeforeSleep;
+                this->restartConnection();
+            });
+    connect(m_vpnProtocol.data(), &VpnProtocol::tunnelAddressesUpdated,
+            this, [this](const QString& gateway, const QString& localAddress) {
+                Q_UNUSED(gateway)
+                Q_UNUSED(localAddress)
+                if (connectionState() != Vpn::ConnectionState::Connected) {
+                    return;
+                }
+                if (startNetworkCheckIfReady()) {
+                    m_pendingNetworkCheck = false;
+                }
+            });
 #endif
 }
 
@@ -383,13 +482,28 @@ void VpnConnection::appendSplitTunnelingConfig()
 
     m_vpnConfiguration.insert(config_key::appSplitTunnelType, appsRouteMode);
     m_vpnConfiguration.insert(config_key::splitTunnelApps, appsJsonArray);
+}
 
-    qDebug() << QString("Site split tunneling is %1, route mode is %2")
-                        .arg(m_settings->isSitesSplitTunnelingEnabled() ? "enabled" : "disabled")
-                        .arg(routeMode);
-    qDebug() << QString("App split tunneling is %1, route mode is %2")
-                        .arg(m_settings->isAppsSplitTunnelingEnabled() ? "enabled" : "disabled")
-                        .arg(appsRouteMode);
+bool VpnConnection::startNetworkCheckIfReady()
+{
+#ifdef AMNEZIA_DESKTOP
+    if (!m_vpnProtocol || m_dockerContainer == DockerContainer::Ipsec) {
+        return false;
+    }
+
+    const QString gateway = m_vpnProtocol->vpnGateway();
+    const QString localAddress = m_vpnProtocol->vpnLocalAddress();
+    if (gateway.isEmpty() || localAddress.isEmpty()) {
+        return false;
+    }
+
+    return IpcClient::withInterface([&](QSharedPointer<IpcInterfaceReplica> iface) {
+        QRemoteObjectPendingReply<bool> reply = iface->startNetworkCheck(gateway, localAddress);
+        return reply.waitForFinished(1000) && reply.returnValue();
+    });
+#else
+    return false;
+#endif
 }
 
 #ifdef Q_OS_ANDROID
@@ -423,27 +537,6 @@ QString VpnConnection::bytesPerSecToText(quint64 bytes)
     return QString("%1 %2").arg(QString::number(mbps, 'f', 2)).arg(tr("Mbps")); // Mbit/s
 }
 
-void VpnConnection::reconnectToVpn() {
-    if (m_vpnProtocol.isNull())
-        return;
-
-    if (m_connectionState != Vpn::ConnectionState::Connected) {
-        qWarning() << QString("Reconnect triggered on %1 during inappropriate state: %2; ignoring slot")
-                              .arg(QMetaEnum::fromType<Vpn::ConnectionState>().valueToKey(m_connectionState));
-        return;
-    }
-
-    qDebug() << "Reconnect triggered. Reconnecting to the server";
-
-    setConnectionState(Vpn::ConnectionState::Reconnecting);
-
-    m_vpnProtocol->stop();
-    if (ErrorCode err = m_vpnProtocol->start(); err != ErrorCode::NoError) {
-        setConnectionState(Vpn::ConnectionState::Error);
-        emit vpnProtocolError(err);
-    }
-}
-
 void VpnConnection::disconnectFromVpn()
 {
 #if defined(Q_OS_IOS) || defined(MACOS_NE)
@@ -453,11 +546,27 @@ void VpnConnection::disconnectFromVpn()
 #endif
 
     if (m_vpnProtocol.isNull()) {
-        setConnectionState(Vpn::ConnectionState::Disconnected);
+        emit connectionStateChanged(Vpn::ConnectionState::Disconnected);
         return;
     }
 
-    setConnectionState(Vpn::ConnectionState::Disconnecting);
+    m_vpnProtocol->stop();
+
+#ifdef AMNEZIA_DESKTOP
+    IpcClient::withInterface([](QSharedPointer<IpcInterfaceReplica> iface) {
+        QRemoteObjectPendingReply<bool> flushReply = iface->flushDns();
+        if (flushReply.waitForFinished(5000) && flushReply.returnValue())
+            qDebug() << "VpnConnection::disconnectFromVpn(): Successfully flushed DNS";
+        else
+            qWarning() << "VpnConnection::disconnectFromVpn(): Failed to flush DNS";
+
+        QRemoteObjectPendingReply<bool> clearSavedRoutesReply = iface->clearSavedRoutes();
+        if (clearSavedRoutesReply.waitForFinished(5000) && clearSavedRoutesReply.returnValue())
+            qDebug() << "VpnConnection::disconnectFromVpn(): Successfully cleared saved routes";
+        else
+            qWarning() << "VpnConnection::disconnectFromVpn(): Failed to clear saved routes";
+    });
+#endif
 
 #ifdef Q_OS_ANDROID
     auto *const connection = new QMetaObject::Connection;
@@ -469,9 +578,8 @@ void VpnConnection::disconnectFromVpn()
                                   delete connection;
                               }
                           });
-#endif
-
     m_vpnProtocol->stop();
+#endif
 
 #if !defined(Q_OS_ANDROID) && !defined(AMNEZIA_DESKTOP)
     m_vpnProtocol->deleteLater();
@@ -480,12 +588,27 @@ void VpnConnection::disconnectFromVpn()
     m_vpnProtocol = nullptr;
 }
 
-void VpnConnection::setConnectionState(Vpn::ConnectionState state) {
-    onConnectionStateChanged(state);
-
-    if (state == Vpn::Disconnected && m_connectionState == Vpn::Reconnecting)
-        return;
-
-    m_connectionState = state;
-    emit connectionStateChanged(state);
+Vpn::ConnectionState VpnConnection::connectionState()
+{
+    if (!m_vpnProtocol)
+        return Vpn::ConnectionState::Disconnected;
+    return m_vpnProtocol->connectionState();
+}
+
+bool VpnConnection::isConnected() const
+{
+    if (m_vpnProtocol.isNull()) {
+        return false;
+    }
+
+    return m_vpnProtocol->isConnected();
+}
+
+bool VpnConnection::isDisconnected() const
+{
+    if (m_vpnProtocol.isNull()) {
+        return true;
+    }
+
+    return m_vpnProtocol->isDisconnected();
 }

client/vpnconnection.h

@@ -34,6 +34,10 @@ public:
 
     ErrorCode lastError() const;
 
+    bool isConnected() const;
+    bool isDisconnected() const;
+
+    Vpn::ConnectionState connectionState();
     QSharedPointer<VpnProtocol> vpnProtocol() const;
 
     const QString &remoteAddress() const;
@@ -44,10 +48,15 @@ public:
 #endif
 
 public slots:
-    void connectToVpn(int serverIndex, const ServerCredentials &credentials, DockerContainer container, const QJsonObject &vpnConfiguration);
-    void reconnectToVpn();
-    void disconnectFromVpn();
+    void connectToVpn(int serverIndex,
+    const ServerCredentials &credentials, DockerContainer container, const QJsonObject &vpnConfiguration);
 
+    void disconnectFromVpn();
+    void restartConnection();
+
+    void addRoutes(const QStringList &ips);
+    void deleteRoutes(const QStringList &ips);
+    void flushDns();
     void onKillSwitchModeChanged(bool enabled);
     void disconnectSlots();
 
@@ -62,10 +71,10 @@ protected slots:
     void onBytesChanged(quint64 receivedBytes, quint64 sentBytes);
     void onConnectionStateChanged(Vpn::ConnectionState state);
 
-    void setConnectionState(Vpn::ConnectionState state);
-
 protected:
     QSharedPointer<VpnProtocol> m_vpnProtocol;
+    QMetaObject::Connection m_connectionLoseHandle;
+    QMetaObject::Connection m_networkChangeHandle;
 
 private:
     std::shared_ptr<Settings> m_settings;
@@ -73,6 +82,14 @@ private:
     QJsonObject m_routeMode;
     QString m_remoteAddress;
 
+    ServerCredentials m_serverCredentials;
+    int m_serverIndex;
+    DockerContainer m_dockerContainer;
+    
+    // Track VPN state before sleep for smart reconnection
+    bool m_wasConnectedBeforeSleep = false;
+    bool m_pendingNetworkCheck = false;
+
     // Only for iOS for now, check counters
     QTimer m_checkTimer;
 
@@ -83,12 +100,11 @@ private:
    void createAndroidConnections();
 #endif
 
-   Vpn::ConnectionState m_connectionState;
-
    void createProtocolConnections();
 
    void appendSplitTunnelingConfig();
    void appendKillSwitchConfig();
+   bool startNetworkCheckIfReady();
 };
 
 #endif // VPNCONNECTION_H

deploy/build_android.sh

@@ -23,7 +23,6 @@ Options:
                                   By default, the latest available platform is used
  -m, --move                       Move the build result to the root of the build directory
  -f, --fdroid                     Build for F-Droid
- -p, --play                       Build AAB for Google Play
  -h, --help                       Display this help
 
 EOT
@@ -31,7 +30,7 @@ EOT
 
 BUILD_TYPE="release"
 
-opts=$(getopt -l debug,aab,apk:,build-platform:,move,fdroid,play,help -o "dua:b:mfph" -- "$@")
+opts=$(getopt -l debug,aab,apk:,build-platform:,move,fdroid,help -o "dua:b:mfh" -- "$@")
 eval set -- "$opts"
 while true; do
   case "$1" in
@@ -41,7 +40,6 @@ while true; do
     -b | --build-platform) ANDROID_BUILD_PLATFORM=$2; shift 2;;
     -m | --move) MOVE_RESULT=1; shift;;
     -f | --fdroid) FDROID=1; shift;;
-    -p | --play) PLAY=1; shift;;
     -h | --help) usage; exit 0;;
     --) shift; break;;
   esac
@@ -151,17 +149,11 @@ if [ -v FDROID ]; then
   BUILD_TYPE="fdroid"
 fi
 
-if [ -v PLAY ]; then
-  AAB_FLAVOR="play"
-else
-  AAB_FLAVOR="oss"
-fi
-
 if [ -v AAB ]; then
-  gradle_opts+=(bundle"${AAB_FLAVOR^}${BUILD_TYPE^}")
+  gradle_opts+=(bundle"${BUILD_TYPE^}")
 fi
 if [ -v ABIS ]; then
-  gradle_opts+=(assembleOss"${BUILD_TYPE^}")
+  gradle_opts+=(assemble"${BUILD_TYPE^}")
 fi
 
 $OUT_APP_DIR/android-build/gradlew \
@@ -172,7 +164,7 @@ $OUT_APP_DIR/android-build/gradlew \
 if [[ -v CI || -v MOVE_RESULT ]]; then
   echo "Moving APK/AAB..."
   if [ -v AAB ]; then
-    mv -u $OUT_APP_DIR/android-build/build/outputs/bundle/$AAB_FLAVOR"${BUILD_TYPE^}"/AmneziaVPN-$AAB_FLAVOR-$BUILD_TYPE.aab \
+    mv -u $OUT_APP_DIR/android-build/build/outputs/bundle/$BUILD_TYPE/AmneziaVPN-$BUILD_TYPE.aab \
        $PROJECT_DIR/deploy/build/
   fi
 
@@ -189,8 +181,8 @@ if [[ -v CI || -v MOVE_RESULT ]]; then
     IFS=';' read -r -a abi_array <<< "$ABIS"
     for ABI in "${abi_array[@]}"
     do
-      mv -u $OUT_APP_DIR/android-build/build/outputs/apk/oss/$BUILD_TYPE/AmneziaVPN-oss-$ABI-$suffix.apk \
+      mv -u $OUT_APP_DIR/android-build/build/outputs/apk/$BUILD_TYPE/AmneziaVPN-$ABI-$suffix.apk \
        $PROJECT_DIR/deploy/build/
     done
   fi
-fi
+fi

deploy/data/windows/x32/post_uninstall.cmd

@@ -14,8 +14,6 @@ sc stop AmneziaVPN-service
 sc delete AmneziaVPN-service
 sc stop AmneziaWGTunnel$AmneziaVPN
 sc delete AmneziaWGTunnel$AmneziaVPN
-sc stop AmneziaVPNSplitTunnel
-sc delete AmneziaVPNSplitTunnel
 taskkill /IM "AmneziaVPN-service.exe" /F
 taskkill /IM "AmneziaVPN.exe" /F
 

deploy/data/windows/x64/post_uninstall.cmd

@@ -14,8 +14,6 @@ sc stop AmneziaVPN-service
 sc delete AmneziaVPN-service
 sc stop AmneziaWGTunnel$AmneziaVPN
 sc delete AmneziaWGTunnel$AmneziaVPN
-sc stop AmneziaVPNSplitTunnel
-sc delete AmneziaVPNSplitTunnel
 taskkill /IM "AmneziaVPN-service.exe" /F
 taskkill /IM "AmneziaVPN.exe" /F
 

ipc/ipc.h

@@ -11,7 +11,6 @@
 namespace amnezia {
 
 enum PermittedProcess {
-    Invalid,
     OpenVPN,
     Wireguard,
     Tun2Socks,
@@ -20,18 +19,16 @@ enum PermittedProcess {
 
 inline QString permittedProcessPath(PermittedProcess pid)
 {
-    switch (pid) {
-        case PermittedProcess::OpenVPN:
-            return Utils::openVpnExecPath();
-        case PermittedProcess::Wireguard:
-            return Utils::wireguardExecPath();
-        case PermittedProcess::CertUtil:
-            return Utils::certUtilPath();
-        case PermittedProcess::Tun2Socks:
-            return Utils::tun2socksPath();
-        default:
-            return "";
+    if (pid == PermittedProcess::OpenVPN) {
+        return Utils::openVpnExecPath();
+    } else if (pid == PermittedProcess::Wireguard) {
+        return Utils::wireguardExecPath();
+    } else if (pid == PermittedProcess::CertUtil) {
+        return Utils::certUtilPath();
+    } else if (pid == PermittedProcess::Tun2Socks) {
+        return Utils::tun2socksPath();
     }
+    return "";
 }
 
 
@@ -51,51 +48,6 @@ inline QString getIpcProcessUrl(int pid) {
 #endif
 }
 
-inline QStringList sanitizeArguments(PermittedProcess proc, const QStringList &args) {
-    using Validator = std::function<bool(const QString&)>;
-    QMap<QString, Validator> namedArgs;
-    QList<Validator> positionalArgs;
-
-    switch (proc) {
-    case Tun2Socks:
-        namedArgs["-device"] = [](const QString& v) { return v.startsWith("tun://"); };
-        namedArgs["-proxy"] = [](const QString& v) { return v.startsWith("socks5://"); };
-        break;
-    default:
-        //FIXME
-        return args;
-    }
-
-
-    QStringList sanitized;
-
-    for (int i = 0, pos = 0; i < args.size(); i++) {
-        const auto& key = args[i];
-
-        if (const auto found = namedArgs.find(key); found != namedArgs.end()) {
-            const auto validator = found.value();
-
-            if (validator) {
-                if (i + 1 < args.size()) {
-                    const auto& value = args[i+1];
-                    if (validator(value)) {
-                        sanitized << key << value;
-                        i++;
-                    }
-                }
-            } else {
-                sanitized << key;
-            }
-        } else if (pos < positionalArgs.size()) {
-            if (const auto validator = positionalArgs[pos]; validator && validator(key)) {
-                sanitized << key;
-                pos++;
-            }
-        }
-    }
-
-    return sanitized;
-}
 
 } // namespace amnezia
 

ipc/ipc_interface.rep

@@ -38,13 +38,12 @@ class IpcInterface
     SLOT( bool updateResolvers(const QString& ifname, const QList<QHostAddress>& resolvers) );
     SLOT( bool restoreResolvers() );
 
-    SLOT(bool xrayStart(const QString &config));
-    SLOT(bool xrayStop());
+    SLOT(void xrayStart(const QString &config));
+    SLOT(void xrayStop());
 
     SLOT( bool startNetworkCheck(const QString& serverIpv4Gateway, const QString& deviceIpv4Address) );
     SLOT( bool stopNetworkCheck() );
 
     SIGNAL( connectionLose() );
-    SIGNAL( wakeup() );
-    SIGNAL( networkChanged() );
+    SIGNAL( networkChange() );
 };

ipc/ipc_process_interface.rep

@@ -4,8 +4,6 @@
 class IpcProcessInterface
 {
     SLOT( start() );
-    SLOT( terminate() );
-    SLOT( kill() );
     SLOT( close() );
 
     SLOT( setArguments(const QStringList &arguments) );
@@ -19,11 +17,6 @@ class IpcProcessInterface
     SLOT( QByteArray readAllStandardError() );
     SLOT( QByteArray readAllStandardOutput() );
 
-    SLOT( bool waitForFinished() );
-    SLOT( bool waitForFinished(int msecs) );
-    SLOT( bool waitForStarted() );
-    SLOT( bool waitForStarted(int msecs) );
-
 
     SIGNAL( errorOccurred(QProcess::ProcessError error) );
     SIGNAL( finished(int exitCode, QProcess::ExitStatus exitStatus) );

ipc/ipc_process_tun2socks.rep

@@ -0,0 +1,11 @@
+#include <QtCore>
+#include <QString>
+
+class IpcProcessTun2Socks
+{
+    SLOT( start() );
+    SLOT( stop() );
+
+    SIGNAL( setConnectionState(int state) );
+    SIGNAL( stateChanged(QProcess::ProcessState newState) );
+};

ipc/ipcserver.cpp

@@ -304,7 +304,7 @@ bool IpcServer::refreshKillSwitch(bool enabled)
     return KillSwitch::instance()->refresh(enabled);
 }
 
-bool IpcServer::xrayStart(const QString& cfg)
+void IpcServer::xrayStart(const QString& cfg)
 {
 #ifdef MZ_DEBUG
     qDebug() << "IpcServer::xrayStart";
@@ -313,7 +313,7 @@ bool IpcServer::xrayStart(const QString& cfg)
     return Xray::getInstance().startXray(cfg);
 }
 
-bool IpcServer::xrayStop()
+void IpcServer::xrayStop()
 {
 #ifdef MZ_DEBUG
     qDebug() << "IpcServer::xrayStop";

ipc/ipcserver.h

@@ -10,8 +10,10 @@
 
 #include "ipc.h"
 #include "ipcserverprocess.h"
+#include "ipctun2socksprocess.h"
 
 #include "rep_ipc_interface_source.h"
+#include "rep_ipc_process_tun2socks_source.h"
 
 class IpcServer : public IpcInterfaceSource
 {
@@ -42,8 +44,8 @@ public:
     virtual bool refreshKillSwitch( bool enabled ) override;
     virtual bool updateResolvers(const QString& ifname, const QList<QHostAddress>& resolvers) override;
     virtual bool restoreResolvers() override;
-    virtual bool xrayStart(const QString& cfg) override;
-    virtual bool xrayStop() override;
+    virtual void xrayStart(const QString& cfg) override;
+    virtual void xrayStop() override;
     virtual bool startNetworkCheck(const QString& serverIpv4Gateway, const QString& deviceIpv4Address) override;
     virtual bool stopNetworkCheck() override;
 
@@ -54,10 +56,12 @@ private:
         ProcessDescriptor (QObject *parent = nullptr) {
             serverNode = QSharedPointer<QRemoteObjectHost>(new QRemoteObjectHost(parent));
             ipcProcess = QSharedPointer<IpcServerProcess>(new IpcServerProcess(parent));
+            tun2socksProcess = QSharedPointer<IpcProcessTun2Socks>(new IpcProcessTun2Socks(parent));
             localServer = QSharedPointer<QLocalServer>(new QLocalServer(parent));
         }
 
         QSharedPointer<IpcServerProcess> ipcProcess;
+        QSharedPointer<IpcProcessTun2Socks> tun2socksProcess;
         QSharedPointer<QRemoteObjectHost> serverNode;
         QSharedPointer<QLocalServer> localServer;
     };

ipc/ipcserverprocess.cpp

@@ -40,14 +40,6 @@ void IpcServerProcess::start()
     m_process->waitForStarted();
 }
 
-void IpcServerProcess::terminate() {
-    m_process->terminate();
-}
-
-void IpcServerProcess::kill() {
-    m_process->kill();
-}
-
 void IpcServerProcess::close()
 {
     m_process->close();
@@ -55,7 +47,7 @@ void IpcServerProcess::close()
 
 void IpcServerProcess::setArguments(const QStringList &arguments)
 {
-    m_process->setArguments(amnezia::sanitizeArguments(m_program, arguments));
+    m_process->setArguments(arguments);
 }
 
 void IpcServerProcess::setInputChannelMode(QProcess::InputChannelMode mode)
@@ -77,9 +69,7 @@ void IpcServerProcess::setProcessChannelMode(QProcess::ProcessChannelMode mode)
 
 void IpcServerProcess::setProgram(int programId)
 {
-    m_program = static_cast<amnezia::PermittedProcess>(programId);
-    m_process->setProgram(amnezia::permittedProcessPath(m_program));
-    m_process->setArguments({});
+    m_process->setProgram(amnezia::permittedProcessPath(static_cast<amnezia::PermittedProcess>(programId)));
 }
 
 void IpcServerProcess::setWorkingDirectory(const QString &dir)
@@ -102,20 +92,4 @@ QByteArray IpcServerProcess::readAllStandardOutput()
     return m_process->readAllStandardOutput();
 }
 
-bool IpcServerProcess::waitForStarted() {
-    return m_process->waitForStarted();
-}
-
-bool IpcServerProcess::waitForStarted(int msecs) {
-    return m_process->waitForStarted(msecs);
-}
-
-bool IpcServerProcess::waitForFinished() {
-    return m_process->waitForFinished();
-}
-
-bool IpcServerProcess::waitForFinished(int msecs) {
-    return m_process->waitForFinished(msecs);
-}
-
 #endif

ipc/ipcserverprocess.h

@@ -1,7 +1,6 @@
 #ifndef IPCSERVERPROCESS_H
 #define IPCSERVERPROCESS_H
 
-#include "ipc.h"
 #include <QObject>
 
 #ifndef Q_OS_IOS
@@ -15,8 +14,6 @@ public:
     virtual ~IpcServerProcess();
 
     void start() override;
-    void terminate() override;
-    void kill() override;
     void close() override;
 
     void setArguments(const QStringList &arguments) override;
@@ -30,15 +27,9 @@ public:
     QByteArray readAllStandardError() override;
     QByteArray readAllStandardOutput() override;
 
-    bool waitForStarted() override;
-    bool waitForStarted(int msecs) override;
-    bool waitForFinished() override;
-    bool waitForFinished(int msecs) override;
-
 signals:
 
 private:
-    amnezia::PermittedProcess m_program = amnezia::PermittedProcess::Invalid;
     QSharedPointer<QProcess> m_process;
 };
 

ipc/ipctun2socksprocess.cpp

@@ -0,0 +1,75 @@
+#include "ipctun2socksprocess.h"
+#include "ipc.h"
+#include <QProcess>
+#include <QString>
+
+#include "../protocols/protocols_defs.h"
+
+#ifndef Q_OS_IOS
+
+IpcProcessTun2Socks::IpcProcessTun2Socks(QObject *parent) :
+    IpcProcessTun2SocksSource(parent),
+    m_t2sProcess(QSharedPointer<QProcess>(new QProcess()))
+{
+    qDebug() << "IpcProcessTun2Socks::IpcProcessTun2Socks()";
+
+}
+
+IpcProcessTun2Socks::~IpcProcessTun2Socks()
+{
+    qDebug() << "IpcProcessTun2Socks::~IpcProcessTun2Socks()";
+}
+
+void IpcProcessTun2Socks::start()
+{
+    connect(m_t2sProcess.data(), &QProcess::stateChanged, this, &IpcProcessTun2Socks::stateChanged);
+    qDebug() << "IpcProcessTun2Socks::start()";
+    m_t2sProcess->setProgram(amnezia::permittedProcessPath(static_cast<amnezia::PermittedProcess>(amnezia::PermittedProcess::Tun2Socks)));
+
+    QString XrayConStr = "socks5://127.0.0.1:10808";
+
+#ifdef Q_OS_WIN
+    QStringList arguments({"-device", "tun://tun2?guid={081A8A84-8D12-4DF5-B8C4-396D5B0053E4}", "-proxy", XrayConStr });
+#endif
+#ifdef Q_OS_LINUX
+    QStringList arguments({"-device", "tun://tun2", "-proxy", XrayConStr});
+#endif
+#ifdef Q_OS_MAC
+    QStringList arguments({"-device", "utun22", "-proxy", XrayConStr});
+#endif
+
+    m_t2sProcess->setArguments(arguments);
+
+    if (Utils::processIsRunning(Utils::executable("tun2socks", false))) {
+        qDebug().noquote() << "kill previos tun2socks";
+        Utils::killProcessByName(Utils::executable("tun2socks", false));
+    }
+
+    connect(m_t2sProcess.data(), &QProcess::readyReadStandardOutput, this, [this]() {
+        QString line = m_t2sProcess.data()->readAllStandardOutput();
+        if (line.contains("[STACK] tun://") && line.contains("<-> socks5://127.0.0.1")) {
+            emit setConnectionState(Vpn::ConnectionState::Connected);
+        }
+    });
+
+    connect(m_t2sProcess.data(), QOverload<int, QProcess::ExitStatus>::of(&QProcess::finished), this, [this](int exitCode, QProcess::ExitStatus exitStatus) {
+        qDebug().noquote() << "tun2socks finished, exitCode, exiStatus" << exitCode << exitStatus;
+        emit setConnectionState(Vpn::ConnectionState::Disconnected);
+        if ((exitStatus != QProcess::NormalExit) || (exitCode != 0)) {
+            emit setConnectionState(Vpn::ConnectionState::Error);
+        }
+
+    });
+
+    m_t2sProcess->start();
+    m_t2sProcess->waitForStarted();
+}
+
+void IpcProcessTun2Socks::stop()
+{
+    qDebug() << "IpcProcessTun2Socks::stop()";
+    m_t2sProcess->disconnect();
+    m_t2sProcess->kill();
+    m_t2sProcess->waitForFinished(3000);
+}
+#endif

ipc/ipctun2socksprocess.h

@@ -0,0 +1,52 @@
+#ifndef IPCTUN2SOCKSPROCESS_H
+#define IPCTUN2SOCKSPROCESS_H
+
+#include <QObject>
+
+#ifndef Q_OS_IOS
+#include "rep_ipc_process_tun2socks_source.h"
+
+namespace Vpn
+{
+Q_NAMESPACE
+    enum ConnectionState {
+        Unknown,
+        Disconnected,
+        Preparing,
+        Connecting,
+        Connected,
+        Disconnecting,
+        Reconnecting,
+        Error
+    };
+Q_ENUM_NS(ConnectionState)
+}
+
+
+class IpcProcessTun2Socks : public IpcProcessTun2SocksSource
+{
+    Q_OBJECT
+public:
+    explicit IpcProcessTun2Socks(QObject *parent = nullptr);
+    virtual ~IpcProcessTun2Socks();
+
+    void start() override;
+    void stop() override;
+
+signals:
+
+private:
+    QSharedPointer<QProcess> m_t2sProcess;
+};
+
+#else
+class IpcProcessTun2Socks : public QObject
+{
+    Q_OBJECT
+
+public:
+    explicit IpcProcessTun2Socks(QObject *parent = nullptr);
+};
+#endif
+
+#endif // IPCTUN2SOCKSPROCESS_H

service/CMakeLists.txt

@@ -6,6 +6,13 @@ project(${PROJECT} VERSION ${AMNEZIAVPN_VERSION})
 set(CMAKE_CXX_STANDARD 20)
 set(CMAKE_CXX_STANDARD_REQUIRED ON)
 
+if(LINUX)
+    set(CMAKE_BUILD_RPATH "\$ORIGIN/../lib")
+    set(CMAKE_INSTALL_RPATH "\$ORIGIN/../lib")
+    set(CMAKE_INSTALL_RPATH_USE_LINK_PATH FALSE)
+    set(CMAKE_BUILD_WITH_INSTALL_RPATH TRUE)
+endif()
+
 if(NOT IOS AND NOT ANDROID AND NOT MACOS_NE)
     add_subdirectory(server)
 endif()

service/server/CMakeLists.txt

@@ -75,6 +75,7 @@ set(HEADERS
     ${CMAKE_CURRENT_LIST_DIR}/../../ipc/ipc.h
     ${CMAKE_CURRENT_LIST_DIR}/../../ipc/ipcserver.h
     ${CMAKE_CURRENT_LIST_DIR}/../../ipc/ipcserverprocess.h
+    ${CMAKE_CURRENT_LIST_DIR}/../../ipc/ipctun2socksprocess.h
     ${CMAKE_CURRENT_LIST_DIR}/localserver.h
     ${CMAKE_CURRENT_LIST_DIR}/../../common/logger/logger.h
     ${CMAKE_CURRENT_LIST_DIR}/router.h
@@ -96,6 +97,7 @@ set(SOURCES
     ${CMAKE_CURRENT_LIST_DIR}/../../client/core/networkUtilities.cpp
     ${CMAKE_CURRENT_LIST_DIR}/../../ipc/ipcserver.cpp
     ${CMAKE_CURRENT_LIST_DIR}/../../ipc/ipcserverprocess.cpp
+    ${CMAKE_CURRENT_LIST_DIR}/../../ipc/ipctun2socksprocess.cpp
     ${CMAKE_CURRENT_LIST_DIR}/localserver.cpp
     ${CMAKE_CURRENT_LIST_DIR}/../../common/logger/logger.cpp
     ${CMAKE_CURRENT_LIST_DIR}/main.cpp
@@ -351,6 +353,16 @@ include_directories(
 
 
 add_executable(${PROJECT} ${SOURCES} ${HEADERS} ${RESOURCES})
+
+if(LINUX)
+    target_link_options(${PROJECT} PRIVATE "LINKER:--disable-new-dtags")
+    set_target_properties(${PROJECT} PROPERTIES
+        BUILD_RPATH "\$ORIGIN/../lib"
+        INSTALL_RPATH "\$ORIGIN/../lib"
+        INSTALL_RPATH_USE_LINK_PATH FALSE
+    )
+    set_property(TARGET ${PROJECT} PROPERTY BUILD_WITH_INSTALL_RPATH TRUE)
+endif()
 target_link_libraries(${PROJECT} PRIVATE Qt6::Core Qt6::Widgets Qt6::Network Qt6::RemoteObjects Qt6::Core5Compat Qt6::DBus Qt6::Concurrent ${LIBS})
 target_compile_definitions(${PROJECT} PRIVATE "MZ_$<UPPER_CASE:${MZ_PLATFORM_NAME}>")
 
@@ -387,6 +399,7 @@ endif()
 
 qt_add_repc_sources(${PROJECT} ${CMAKE_CURRENT_LIST_DIR}/../../ipc/ipc_interface.rep)
 qt_add_repc_sources(${PROJECT} ${CMAKE_CURRENT_LIST_DIR}/../../ipc/ipc_process_interface.rep)
+qt_add_repc_sources(${PROJECT} ${CMAKE_CURRENT_LIST_DIR}/../../ipc/ipc_process_tun2socks.rep)
 
 # copy deploy artifacts required to run the application to the debug build folder
 if(WIN32)

service/server/killswitch.cpp

@@ -33,10 +33,18 @@ KillSwitch* KillSwitch::instance()
 
 bool KillSwitch::init()
 {
-#if defined(Q_OS_LINUX) || defined(Q_OS_MACOS)
+#ifdef Q_OS_LINUX
+    if (!LinuxFirewall::isInstalled()) {
+        LinuxFirewall::install();
+    }
+    m_appSettigns = QSharedPointer<SecureQSettings>(new SecureQSettings(ORGANIZATION_NAME, APPLICATION_NAME, nullptr));
+#endif
+#ifdef Q_OS_MACOS
+    if (!MacOSFirewall::isInstalled()) {
+        MacOSFirewall::install();
+    }
     m_appSettigns = QSharedPointer<SecureQSettings>(new SecureQSettings(ORGANIZATION_NAME, APPLICATION_NAME, nullptr));
 #endif
-
     if (isStrictKillSwitchEnabled()) {
         return disableAllTraffic();
     }

service/server/localserver.cpp

@@ -40,6 +40,7 @@ LocalServer::LocalServer(QObject *parent) : QObject(parent),
         if (!m_isRemotingEnabled) {
             m_isRemotingEnabled = true;
             m_serverNode.enableRemoting(&m_ipcServer);
+            m_serverNode.enableRemoting(&m_tun2socks);
         }
     });
 
@@ -50,8 +51,8 @@ LocalServer::LocalServer(QObject *parent) : QObject(parent),
     }
 
     m_networkWatcher.initialize();
-    connect(&m_networkWatcher, &NetworkWatcher::networkChanged, &m_ipcServer, &IpcServer::networkChanged);
-    connect(&m_networkWatcher, &NetworkWatcher::wakeup, &m_ipcServer, &IpcServer::wakeup);
+    connect(&m_networkWatcher, &NetworkWatcher::sleepMode, &m_ipcServer, &IpcServer::networkChange);
+    connect(&m_networkWatcher, &NetworkWatcher::networkChange, &m_ipcServer, &IpcServer::networkChange);
     KillSwitch::instance()->init();
 
 #ifdef Q_OS_LINUX

service/server/localserver.h

@@ -38,6 +38,7 @@ public:
     ~LocalServer();
     QSharedPointer<QLocalServer> m_server;
     IpcServer m_ipcServer;
+    IpcProcessTun2Socks m_tun2socks;
     QRemoteObjectHost m_serverNode;
     bool m_isRemotingEnabled = false;
 

service/server/router_win.cpp

@@ -318,40 +318,6 @@ bool RouterWin::createTun(const QString &dev, const QString &subnet)
         return false;
     }
 
-    HANDLE hEvent = CreateEvent(nullptr, true, false, nullptr);
-    if (!hEvent) {
-        qCritical() << "Failed to allocate event object";
-        return false;
-    }
-    auto _guardEvent = qScopeGuard([hEvent](){ CloseHandle(hEvent); });
-
-    struct {
-        HANDLE hEvent;
-        NET_LUID luid;
-        const QString &subnet;
-        bool found;
-    } ctx = { .hEvent = hEvent, .luid = luid, .subnet = subnet, .found = false };
-
-    auto cb = [](void *priv, MIB_UNICASTIPADDRESS_ROW *row, MIB_NOTIFICATION_TYPE NotificationType) {
-        auto* c = reinterpret_cast<decltype(ctx)*>(priv);
-        if (row != nullptr && row->InterfaceLuid.Value == c->luid.Value && row->Address.si_family == AF_INET) {
-            char ip[INET_ADDRSTRLEN];
-            inet_ntop(row->Address.Ipv4.sin_family, &row->Address.Ipv4.sin_addr, ip, INET_ADDRSTRLEN);
-            if (c->subnet == ip) {
-                c->found = true;
-                SetEvent(c->hEvent);
-            }
-        }
-    };
-
-    HANDLE hNotif;
-    res = NotifyUnicastIpAddressChange(AF_INET, cb, &ctx, false, &hNotif);
-    if (res != NO_ERROR) {
-        qCritical() << "Failed to subscribe to interface change";
-        return false;
-    }
-    auto _guardNotif = qScopeGuard([hNotif](){ CancelMibChangeNotify2(hNotif); });
-
     MIB_UNICASTIPADDRESS_ROW row;
     InitializeUnicastIpAddressEntry(&row);
 
@@ -371,13 +337,7 @@ bool RouterWin::createTun(const QString &dev, const QString &subnet)
         return false;
     }
 
-    res = WaitForSingleObject(hEvent, 10000);
-    if (res == WAIT_TIMEOUT) {
-        qCritical() << "Timeout of waiting for IP assignment for " << dev << " device";
-        return false;
-    }
-
-    return ctx.found;
+    return true;
 }
 
 void RouterWin::suspendWcmSvc(bool suspend)

service/server/xray.cpp

@@ -27,7 +27,7 @@
     #include <sys/socket.h>
 #endif
 
-bool Xray::startXray(const QString &cfg)
+void Xray::startXray(const QString &cfg)
 {
     qDebug() << "Xray::startXray()";
 
@@ -40,38 +40,34 @@ bool Xray::startXray(const QString &cfg)
 
     if (auto err = amnezia_xray_setsockcallback(ctxSockCallback, this); err != nullptr) {
         qDebug() << "[xray] sockopt failed: " << err;
-        amnezia_xray_free(err);
-        return false;
+        free(err);
+        return;
     }
 
-    amnezia_xray_setloghandler(ctxLogHandler, this);
-
     QByteArray bytes = cfg.toUtf8();
     if (auto err = amnezia_xray_configure(bytes.data()); err != nullptr) {
         qDebug() << "[xray] configuration failed: " << err;
-        amnezia_xray_free(err);
-        return false;
+        free(err);
+        return;
     }
 
+    amnezia_xray_setloghandler(ctxLogHandler, this);
+
     if (auto err = amnezia_xray_start(); err != nullptr) {
         qDebug() << "[xray] failed to start: " << err;
-        amnezia_xray_free(err);
-        return false;
+        free(err);
+        return;
     }
-
-    return true;
 }
 
-bool Xray::stopXray()
+void Xray::stopXray()
 {
     qDebug() << "Xray::stopXray()";
     if (auto err = amnezia_xray_stop(); err != nullptr) {
         qDebug() << "[xray] failed to stop: " << err;
-        amnezia_xray_free(err);
-        return false;
+        free(err);
+        return;
     }
-
-    return true;
 }
 
 void Xray::logHandler(char* str)

service/server/xray.h

@@ -12,8 +12,8 @@ public:
         return instance;
     }
 
-    bool startXray(const QString& cfg);
-    bool stopXray();
+    void startXray(const QString& cfg);
+    void stopXray();
 
 private:
     static void ctxSockCallback(uintptr_t fd, void* ctx) {