Fix work wth PKCS12 TempFile

Fix Windows IPsec
iOS build fix
2026-05-26 21:06:44 +03:00 · 2024-08-20 22:46:51 +03:00 · 2024-07-26 00:55:13 +03:00 · 2024-07-22 15:29:48 +03:00 · 2024-07-22 14:40:24 +03:00 · 2024-07-22 14:39:44 +03:00
188 changed files with 10235 additions and 5046 deletions
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -65,6 +65,13 @@ jobs:
        path: deploy/AppDir
        retention-days: 7

+    - name: 'Upload translations artifact'
+      uses: actions/upload-artifact@v4
+      with:
+        name: AmneziaVPN_translations
+        path: client/translations
+        retention-days: 7
+
 # ------------------------------------------------------

  Build-Windows:
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -2,7 +2,7 @@ cmake_minimum_required(VERSION 3.25.0 FATAL_ERROR)

 set(PROJECT AmneziaVPN)

-project(${PROJECT} VERSION 4.5.3.0
+project(${PROJECT} VERSION 4.6.0.4
        DESCRIPTION "AmneziaVPN"
        HOMEPAGE_URL "https://amnezia.org/"
 )
@@ -11,7 +11,7 @@ string(TIMESTAMP CURRENT_DATE "%Y-%m-%d")
 set(RELEASE_DATE "${CURRENT_DATE}")

 set(APP_MAJOR_VERSION ${CMAKE_PROJECT_VERSION_MAJOR}.${CMAKE_PROJECT_VERSION_MINOR}.${CMAKE_PROJECT_VERSION_PATCH})
-set(APP_ANDROID_VERSION_CODE 52)
+set(APP_ANDROID_VERSION_CODE 55)

 if(${CMAKE_SYSTEM_NAME} STREQUAL "Linux")
    set(MZ_PLATFORM_NAME "linux")
--- a/README.md
+++ b/README.md
@@ -6,20 +6,42 @@

 Amnezia is an open-source VPN client, with a key feature that enables you to deploy your own VPN server on your server.

+![Image](https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/uipic4.png)
+
+<br>
+
+<a href="https://github.com/amnezia-vpn/amnezia-client/releases/download/4.6.0.3/AmneziaVPN_4.6.0.3_x64.exe"><img src="https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/win.png" width="150" style="max-width: 100%;"></a> 
+<a href="https://github.com/amnezia-vpn/amnezia-client/releases/download/4.6.0.3/AmneziaVPN_4.6.0.3.dmg"><img src="https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/mac.png" width="150" style="max-width: 100%;"></a> 
+<a href="https://github.com/amnezia-vpn/amnezia-client/releases/download/4.6.0.3/AmneziaVPN_Linux_4.6.0.3.tar.zip"><img src="https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/lin.png" width="150" style="max-width: 100%;"></a>
+<a href="https://github.com/amnezia-vpn/amnezia-client/releases/tag/4.6.0.3"><img src="https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/andr.png" width="150" style="max-width: 100%;"></a>
+
+<br>
+
+<a href="https://play.google.com/store/search?q=amnezia+vpn&c=apps"><img src="https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/play.png" width="150" style="max-width: 100%;"></a>
+<a href="https://apps.apple.com/us/app/amneziavpn/id1600529900"><img src="https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/apl.png" width="150" style="max-width: 100%;"></a>
+
+
+[All releases](https://github.com/amnezia-vpn/amnezia-client/releases)
+
+<br>
+
+
 ## Features

 - Very easy to use - enter your IP address, SSH login, and password, and Amnezia will automatically install VPN docker containers to your server and connect to the VPN.
- OpenVPN, ShadowSocks, WireGuard, and IKEv2 protocols support.
+- OpenVPN, Shadowsocks, WireGuard, and IKEv2 protocols support.
 - Masking VPN with OpenVPN over Cloak plugin
 - Split tunneling support - add any sites to the client to enable VPN only for them (only for desktops)
 - Windows, MacOS, Linux, Android, iOS releases.

 ## Links

-[https://amnezia.org](https://amnezia.org) - project website  
-[https://www.reddit.com/r/AmneziaVPN](https://www.reddit.com/r/AmneziaVPN) - Reddit  
-[https://t.me/amnezia_vpn_en](https://t.me/amnezia_vpn_en) - Telegram support channel (English)  
-[https://t.me/amnezia_vpn](https://t.me/amnezia_vpn) - Telegram support channel (Russian)  
+- [https://amnezia.org](https://amnezia.org) - project website  
+- [https://www.reddit.com/r/AmneziaVPN](https://www.reddit.com/r/AmneziaVPN) - Reddit  
+- [https://t.me/amnezia_vpn_en](https://t.me/amnezia_vpn_en) - Telegram support channel (English) 
+- [https://t.me/amnezia_vpn_ir](https://t.me/amnezia_vpn_ir) - Telegram support channel (Farsi) 
+- [https://t.me/amnezia_vpn_mm](https://t.me/amnezia_vpn_mm) - Telegram support channel (Myanmar)  
+- [https://t.me/amnezia_vpn](https://t.me/amnezia_vpn) - Telegram support channel (Russian)  

 ## Tech

@@ -27,7 +49,7 @@ AmneziaVPN uses several open-source projects to work:

 - [OpenSSL](https://www.openssl.org/)
 - [OpenVPN](https://openvpn.net/)
- [ShadowSocks](https://shadowsocks.org/)
+- [Shadowsocks](https://shadowsocks.org/)
 - [Qt](https://www.qt.io/)
 - [LibSsh](https://libssh.org) - forked from Qt Creator
 - and more...
@@ -44,6 +66,19 @@ git submodule update --init --recursive

 Want to contribute? Welcome!

+### Help with translations
+
+Download the most actual translation files.
+
+Go to ["Actions" tab](https://github.com/amnezia-vpn/amnezia-client/actions?query=is%3Asuccess+branch%3Adev), click on the first line.
+Then scroll down to the "Artifacts" section and download "AmneziaVPN_translations".
+
+Unzip this file.
+Each *.ts file contains strings for one corresponding language.
+
+Translate or correct some strings in one or multiple *.ts files and commit them back to this repository into the ``client/translations`` folder.
+You can do it via a web-interface or any other method you're familiar with.
+
 ### Building sources and deployment

 Check deploy folder for build scripts. 
@@ -52,7 +87,7 @@ Check deploy folder for build scripts.

 1. First, make sure you have [XCode](https://developer.apple.com/xcode/) installed, at least version 14 or higher.

-2. We use QT to generate the XCode project. We need QT version 6.6.1. Install QT for MacOS [here](https://doc.qt.io/qt-6/macos.html) or [QT Online Installer](https://www.qt.io/download-open-source). Required modules:
+2. We use QT to generate the XCode project. We need QT version 6.6.2. Install QT for MacOS [here](https://doc.qt.io/qt-6/macos.html) or [QT Online Installer](https://www.qt.io/download-open-source). Required modules:
   - MacOS
   - iOS
   - Qt 5 Compatibility Module
@@ -142,10 +177,11 @@ GPL v3.0

 ## Donate

-Bitcoin: bc1qn9rhsffuxwnhcuuu4qzrwp4upkrq94xnh8r26u  
+Patreon: [https://www.patreon.com/amneziavpn](https://www.patreon.com/amneziavpn)
+
+USDT BEP20: 0x6abD576765a826f87D1D95183438f9408C901bE4 <br>
+USDT TRC20: TELAitazF1MZGmiNjTcnxDjEiH5oe7LC9d <br>
 XMR: 48spms39jt1L2L5vyw2RQW6CXD6odUd4jFu19GZcDyKKQV9U88wsJVjSbL4CfRys37jVMdoaWVPSvezCQPhHXUW5UKLqUp3  
-payeer.com: P2561305  
-ko-fi.com: [https://ko-fi.com/amnezia_vpn](https://ko-fi.com/amnezia_vpn)  

 ## Acknowledgments

--- a/client/3rd-prebuilt
+++ b/client/3rd-prebuilt
--- a/client/3rd/amneziawg-apple
+++ b/client/3rd/amneziawg-apple
--- a/client/amnezia_application.cpp
+++ b/client/amnezia_application.cpp
@@ -157,6 +157,7 @@ void AmneziaApplication::init()
    connect(this, &AmneziaApplication::translationsUpdated, m_notificationHandler.get(), &NotificationHandler::onTranslationsUpdated);
 #endif

+    m_engine->addImportPath("qrc:/ui/qml/Modules/");
    m_engine->load(url);
    m_systemController->setQmlRoot(m_engine->rootObjects().value(0));

@@ -351,6 +352,9 @@ void AmneziaApplication::initModels()
    m_sftpConfigModel.reset(new SftpConfigModel(this));
    m_engine->rootContext()->setContextProperty("SftpConfigModel", m_sftpConfigModel.get());

+    m_socks5ConfigModel.reset(new Socks5ProxyConfigModel(this));
+    m_engine->rootContext()->setContextProperty("Socks5ProxyConfigModel", m_socks5ConfigModel.get());
+
    m_clientManagementModel.reset(new ClientManagementModel(m_settings, this));
    m_engine->rootContext()->setContextProperty("ClientManagementModel", m_clientManagementModel.get());
    connect(m_clientManagementModel.get(), &ClientManagementModel::adminConfigRevoked, m_serversModel.get(),
--- a/client/amnezia_application.h
+++ b/client/amnezia_application.h
@@ -41,6 +41,7 @@
 #include "ui/models/protocols_model.h"
 #include "ui/models/servers_model.h"
 #include "ui/models/services/sftpConfigModel.h"
+#include "ui/models/services/socks5ProxyConfigModel.h"
 #include "ui/models/sites_model.h"
 #include "ui/models/clientManagementModel.h"
 #include "ui/models/appSplitTunnelingModel.h"
@@ -114,6 +115,7 @@ private:
 #endif

    QScopedPointer<SftpConfigModel> m_sftpConfigModel;
+    QScopedPointer<Socks5ProxyConfigModel> m_socks5ConfigModel;

    QSharedPointer<VpnConnection> m_vpnConnection;
    QThread m_vpnConnectionThread;
--- a/client/android/AndroidManifest.xml
+++ b/client/android/AndroidManifest.xml
@@ -136,8 +136,34 @@
        </activity>

        <service
-            android:name=".AmneziaVpnService"
-            android:process=":amneziaVpnService"
+            android:name=".AwgService"
+            android:process=":amneziaAwgService"
+            android:permission="android.permission.BIND_VPN_SERVICE"
+            android:foregroundServiceType="systemExempted"
+            android:exported="false"
+            tools:ignore="ForegroundServicePermission">
+
+            <intent-filter>
+                <action android:name="android.net.VpnService" />
+            </intent-filter>
+        </service>
+
+        <service
+            android:name=".OpenVpnService"
+            android:process=":amneziaOpenVpnService"
+            android:permission="android.permission.BIND_VPN_SERVICE"
+            android:foregroundServiceType="systemExempted"
+            android:exported="false"
+            tools:ignore="ForegroundServicePermission">
+
+            <intent-filter>
+                <action android:name="android.net.VpnService" />
+            </intent-filter>
+        </service>
+
+        <service
+            android:name=".XrayService"
+            android:process=":amneziaXrayService"
            android:permission="android.permission.BIND_VPN_SERVICE"
            android:foregroundServiceType="systemExempted"
            android:exported="false"
--- a/client/android/build.gradle.kts
+++ b/client/android/build.gradle.kts
@@ -3,6 +3,7 @@ import com.android.build.gradle.internal.api.BaseVariantOutputImpl
 plugins {
    alias(libs.plugins.android.application)
    alias(libs.plugins.kotlin.android)
+    alias(libs.plugins.kotlin.serialization)
    id("property-delegate")
 }

@@ -68,6 +69,12 @@ android {
            }
            signingConfig = signingConfigs["release"]
        }
+
+        create("fdroid") {
+            initWith(getByName("release"))
+            signingConfig = null
+            matchingFallbacks += "release"
+        }
    }

    splits {
@@ -98,7 +105,6 @@ android {
 }

 dependencies {
-    implementation(fileTree(mapOf("dir" to "libs", "include" to listOf("*.jar", "*.aar"))))
    implementation(project(":qt"))
    implementation(project(":utils"))
    implementation(project(":protocolApi"))
@@ -106,9 +112,11 @@ dependencies {
    implementation(project(":awg"))
    implementation(project(":openvpn"))
    implementation(project(":cloak"))
+    implementation(project(":xray"))
    implementation(libs.androidx.core)
    implementation(libs.androidx.activity)
    implementation(libs.kotlinx.coroutines)
+    implementation(libs.kotlinx.serialization.protobuf)
    implementation(libs.bundles.androidx.camera)
    implementation(libs.google.mlkit)
    implementation(libs.androidx.datastore)
--- a/client/android/gradle/libs.versions.toml
+++ b/client/android/gradle/libs.versions.toml
@@ -8,6 +8,7 @@ androidx-camera = "1.3.0"
 androidx-security-crypto = "1.1.0-alpha06"
 androidx-datastore = "1.1.0-beta01"
 kotlinx-coroutines = "1.7.3"
+kotlinx-serialization = "1.6.3"
 google-mlkit = "17.2.0"

 [libraries]
@@ -21,6 +22,7 @@ androidx-camera-view = { module = "androidx.camera:camera-view", version.ref = "
 androidx-security-crypto = { module = "androidx.security:security-crypto-ktx", version.ref = "androidx-security-crypto" }
 androidx-datastore = { module = "androidx.datastore:datastore-preferences", version.ref = "androidx-datastore" }
 kotlinx-coroutines = { module = "org.jetbrains.kotlinx:kotlinx-coroutines-android", version.ref = "kotlinx-coroutines" }
+kotlinx-serialization-protobuf = { module = "org.jetbrains.kotlinx:kotlinx-serialization-protobuf", version.ref = "kotlinx-serialization" }
 google-mlkit = { module = "com.google.mlkit:barcode-scanning", version.ref = "google-mlkit" }

 [bundles]
@@ -35,3 +37,4 @@ androidx-camera = [
 android-application = { id = "com.android.application", version.ref = "agp" }
 android-library = { id = "com.android.library", version.ref = "agp" }
 kotlin-android = { id = "org.jetbrains.kotlin.android", version.ref = "kotlin" }
+kotlin-serialization = { id = "org.jetbrains.kotlin.plugin.serialization", version.ref = "kotlin"}
--- a/client/android/openvpn/src/main/kotlin/org/amnezia/vpn/protocol/openvpn/OpenVpn.kt
+++ b/client/android/openvpn/src/main/kotlin/org/amnezia/vpn/protocol/openvpn/OpenVpn.kt
@@ -1,15 +1,13 @@
 package org.amnezia.vpn.protocol.openvpn

-import android.content.Context
 import android.net.VpnService.Builder
 import kotlinx.coroutines.CoroutineScope
 import kotlinx.coroutines.Dispatchers
-import kotlinx.coroutines.flow.MutableStateFlow
+import kotlinx.coroutines.cancel
 import kotlinx.coroutines.launch
 import net.openvpn.ovpn3.ClientAPI_Config
 import org.amnezia.vpn.protocol.BadConfigException
 import org.amnezia.vpn.protocol.Protocol
-import org.amnezia.vpn.protocol.ProtocolState
 import org.amnezia.vpn.protocol.ProtocolState.DISCONNECTED
 import org.amnezia.vpn.protocol.Statistics
 import org.amnezia.vpn.protocol.VpnStartException
@@ -37,7 +35,6 @@ import org.json.JSONObject

 open class OpenVpn : Protocol() {

-    private lateinit var context: Context
    private var openVpnClient: OpenVpnClient? = null
    private lateinit var scope: CoroutineScope

@@ -53,10 +50,11 @@ open class OpenVpn : Protocol() {
            return Statistics.EMPTY_STATISTICS
        }

-    override fun initialize(context: Context, state: MutableStateFlow<ProtocolState>, onError: (String) -> Unit) {
-        super.initialize(context, state, onError)
-        loadSharedLibrary(context, "ovpn3")
-        this.context = context
+    override fun internalInit() {
+        if (!isInitialized) loadSharedLibrary(context, "ovpn3")
+        if (this::scope.isInitialized) {
+            scope.cancel()
+        }
        scope = CoroutineScope(Dispatchers.IO)
    }

--- a/client/android/protocolApi/src/main/kotlin/Protocol.kt
+++ b/client/android/protocolApi/src/main/kotlin/Protocol.kt
@@ -27,14 +27,21 @@ private const val SPLIT_TUNNEL_EXCLUDE = 2
 abstract class Protocol {

    abstract val statistics: Statistics
+    protected lateinit var context: Context
    protected lateinit var state: MutableStateFlow<ProtocolState>
    protected lateinit var onError: (String) -> Unit
+    protected var isInitialized: Boolean = false

-    open fun initialize(context: Context, state: MutableStateFlow<ProtocolState>, onError: (String) -> Unit) {
+    fun initialize(context: Context, state: MutableStateFlow<ProtocolState>, onError: (String) -> Unit) {
+        this.context = context
        this.state = state
        this.onError = onError
+        internalInit()
+        isInitialized = true
    }

+    protected abstract fun internalInit()
+
    abstract fun startVpn(config: JSONObject, vpnBuilder: Builder, protect: (Int) -> Boolean)

    abstract fun stopVpn()
--- a/client/android/qt/build.gradle.kts
+++ b/client/android/qt/build.gradle.kts
@@ -21,5 +21,5 @@ android {
 }

 dependencies {
-    implementation(fileTree(mapOf("dir" to "../libs", "include" to listOf("*.jar", "*.aar"))))
+    implementation(fileTree(mapOf("dir" to "../libs", "include" to listOf("*.jar"))))
 }
--- a/client/android/res/mipmap-hdpi/icon.png
+++ b/client/android/res/mipmap-hdpi/icon.png
--- a/client/android/res/mipmap-hdpi/icon_round.png
+++ b/client/android/res/mipmap-hdpi/icon_round.png
--- a/client/android/res/mipmap-ldpi/icon.png
+++ b/client/android/res/mipmap-ldpi/icon.png
--- a/client/android/res/mipmap-ldpi/icon_round.png
+++ b/client/android/res/mipmap-ldpi/icon_round.png
--- a/client/android/res/mipmap-mdpi/icon.png
+++ b/client/android/res/mipmap-mdpi/icon.png
--- a/client/android/res/mipmap-mdpi/icon_round.png
+++ b/client/android/res/mipmap-mdpi/icon_round.png
--- a/client/android/res/mipmap-xhdpi/icon.png
+++ b/client/android/res/mipmap-xhdpi/icon.png
--- a/client/android/res/mipmap-xhdpi/icon_round.png
+++ b/client/android/res/mipmap-xhdpi/icon_round.png
--- a/client/android/res/mipmap-xxhdpi/icon.png
+++ b/client/android/res/mipmap-xxhdpi/icon.png
--- a/client/android/res/mipmap-xxhdpi/icon_round.png
+++ b/client/android/res/mipmap-xxhdpi/icon_round.png
--- a/client/android/res/mipmap-xxxhdpi/icon.png
+++ b/client/android/res/mipmap-xxxhdpi/icon.png
--- a/client/android/res/mipmap-xxxhdpi/icon_round.png
+++ b/client/android/res/mipmap-xxxhdpi/icon_round.png
--- a/client/android/settings.gradle.kts
+++ b/client/android/settings.gradle.kts
@@ -36,6 +36,8 @@ include(":wireguard")
 include(":awg")
 include(":openvpn")
 include(":cloak")
+include(":xray")
+include(":xray:libXray")

 // get values from gradle or local properties
 val androidBuildToolsVersion: String by gradleProperties
--- a/client/android/src/org/amnezia/vpn/AmneziaActivity.kt
+++ b/client/android/src/org/amnezia/vpn/AmneziaActivity.kt
@@ -34,6 +34,7 @@ import kotlinx.coroutines.CompletableDeferred
 import kotlinx.coroutines.CoroutineScope
 import kotlinx.coroutines.Dispatchers
 import kotlinx.coroutines.SupervisorJob
+import kotlinx.coroutines.async
 import kotlinx.coroutines.cancel
 import kotlinx.coroutines.launch
 import kotlinx.coroutines.runBlocking
@@ -43,6 +44,8 @@ import org.amnezia.vpn.protocol.getStatus
 import org.amnezia.vpn.qt.QtAndroidController
 import org.amnezia.vpn.util.Log
 import org.amnezia.vpn.util.Prefs
+import org.json.JSONException
+import org.json.JSONObject
 import org.qtproject.qt.android.bindings.QtActivity

 private const val TAG = "AmneziaActivity"
@@ -59,6 +62,7 @@ class AmneziaActivity : QtActivity() {

    private lateinit var mainScope: CoroutineScope
    private val qtInitialized = CompletableDeferred<Unit>()
+    private var vpnProto: VpnProto? = null
    private var isWaitingStatus = true
    private var isServiceConnected = false
    private var isInBoundState = false
@@ -141,6 +145,7 @@ class AmneziaActivity : QtActivity() {
            override fun onBindingDied(name: ComponentName?) {
                Log.w(TAG, "Binding to the ${name?.flattenToString()} unexpectedly died")
                doUnbindService()
+                QtAndroidController.onServiceDisconnected()
                doBindService()
            }
        }
@@ -153,15 +158,20 @@ class AmneziaActivity : QtActivity() {
        super.onCreate(savedInstanceState)
        Log.d(TAG, "Create Amnezia activity: $intent")
        mainScope = CoroutineScope(SupervisorJob() + Dispatchers.Main.immediate)
+        val proto = mainScope.async(Dispatchers.IO) {
+            VpnStateStore.getVpnState().vpnProto
+        }
        vpnServiceMessenger = IpcMessenger(
            "VpnService",
            onDeadObjectException = {
                doUnbindService()
+                QtAndroidController.onServiceDisconnected()
                doBindService()
            }
        )
        registerBroadcastReceivers()
        intent?.let(::processIntent)
+        runBlocking { vpnProto = proto.await() }
    }

    private fun registerBroadcastReceivers() {
@@ -209,13 +219,18 @@ class AmneziaActivity : QtActivity() {
        Log.d(TAG, "Start Amnezia activity")
        mainScope.launch {
            qtInitialized.await()
-            doBindService()
+            vpnProto?.let { proto ->
+                if (AmneziaVpnService.isRunning(applicationContext, proto.processName)) {
+                    doBindService()
+                }
+            }
        }
    }

    override fun onStop() {
        Log.d(TAG, "Stop Amnezia activity")
        doUnbindService()
+        QtAndroidController.onServiceDisconnected()
        super.onStop()
    }

@@ -269,10 +284,12 @@ class AmneziaActivity : QtActivity() {
    @MainThread
    private fun doBindService() {
        Log.d(TAG, "Bind service")
-        Intent(this, AmneziaVpnService::class.java).also {
-            bindService(it, serviceConnection, BIND_ABOVE_CLIENT and BIND_AUTO_CREATE)
+        vpnProto?.let { proto ->
+            Intent(this, proto.serviceClass).also {
+                bindService(it, serviceConnection, BIND_ABOVE_CLIENT and BIND_AUTO_CREATE)
+            }
+            isInBoundState = true
        }
-        isInBoundState = true
    }

    @MainThread
@@ -280,7 +297,6 @@ class AmneziaActivity : QtActivity() {
        if (isInBoundState) {
            Log.d(TAG, "Unbind service")
            isWaitingStatus = true
-            QtAndroidController.onServiceDisconnected()
            isServiceConnected = false
            vpnServiceMessenger.send(Action.UNREGISTER_CLIENT, activityMessenger)
            vpnServiceMessenger.reset()
@@ -365,13 +381,32 @@ class AmneziaActivity : QtActivity() {

    @MainThread
    private fun startVpn(vpnConfig: String) {
-        if (isServiceConnected) {
-            connectToVpn(vpnConfig)
-        } else {
+        getVpnProto(vpnConfig)?.let { proto ->
+            Log.d(TAG, "Proto from config: $proto, current proto: $vpnProto")
+            if (isServiceConnected) {
+                if (proto.serviceClass == vpnProto?.serviceClass) {
+                    vpnProto = proto
+                    connectToVpn(vpnConfig)
+                    return
+                }
+                doUnbindService()
+            }
+            vpnProto = proto
            isWaitingStatus = false
-            startVpnService(vpnConfig)
+            startVpnService(vpnConfig, proto)
            doBindService()
-        }
+        } ?: QtAndroidController.onServiceError()
+    }
+
+    private fun getVpnProto(vpnConfig: String): VpnProto? = try {
+        require(vpnConfig.isNotBlank()) { "Blank VPN config" }
+        VpnProto.get(JSONObject(vpnConfig).getString("protocol"))
+    } catch (e: JSONException) {
+        Log.e(TAG, "Invalid VPN config json format: ${e.message}")
+        null
+    } catch (e: IllegalArgumentException) {
+        Log.e(TAG, "Protocol not found: ${e.message}")
+        null
    }

    private fun connectToVpn(vpnConfig: String) {
@@ -383,15 +418,15 @@ class AmneziaActivity : QtActivity() {
        }
    }

-    private fun startVpnService(vpnConfig: String) {
-        Log.d(TAG, "Start VPN service")
-        Intent(this, AmneziaVpnService::class.java).apply {
+    private fun startVpnService(vpnConfig: String, proto: VpnProto) {
+        Log.d(TAG, "Start VPN service: $proto")
+        Intent(this, proto.serviceClass).apply {
            putExtra(MSG_VPN_CONFIG, vpnConfig)
        }.also {
            try {
                ContextCompat.startForegroundService(this, it)
            } catch (e: SecurityException) {
-                Log.e(TAG, "Failed to start AmneziaVpnService: $e")
+                Log.e(TAG, "Failed to start ${proto.serviceClass.simpleName}: $e")
                QtAndroidController.onServiceError()
            }
        }
--- a/client/android/src/org/amnezia/vpn/AmneziaTileService.kt
+++ b/client/android/src/org/amnezia/vpn/AmneziaTileService.kt
@@ -39,6 +39,9 @@ class AmneziaTileService : TileService() {

    @Volatile
    private var isServiceConnected = false
+
+    @Volatile
+    private var vpnProto: VpnProto? = null
    private var isInBoundState = false
    @Volatile
    private var isVpnConfigExists = false
@@ -94,16 +97,21 @@ class AmneziaTileService : TileService() {

    override fun onStartListening() {
        super.onStartListening()
-        Log.d(TAG, "Start listening")
-        if (AmneziaVpnService.isRunning(applicationContext)) {
-            Log.d(TAG, "Vpn service is running")
-            doBindService()
-        } else {
-            Log.d(TAG, "Vpn service is not running")
-            isServiceConnected = false
-            updateVpnState(DISCONNECTED)
+        scope.launch {
+            Log.d(TAG, "Start listening")
+            vpnProto = VpnStateStore.getVpnState().vpnProto
+            vpnProto.also { proto ->
+                if (proto != null && AmneziaVpnService.isRunning(applicationContext, proto.processName)) {
+                    Log.d(TAG, "Vpn service is running")
+                    doBindService()
+                } else {
+                    Log.d(TAG, "Vpn service is not running")
+                    isServiceConnected = false
+                    updateVpnState(DISCONNECTED)
+                }
+            }
+            vpnStateListeningJob = launchVpnStateListening()
        }
-        vpnStateListeningJob = launchVpnStateListening()
    }

    override fun onStopListening() {
@@ -124,7 +132,7 @@ class AmneziaTileService : TileService() {
    }

    private fun onClickInternal() {
-        if (isVpnConfigExists) {
+        if (isVpnConfigExists && vpnProto != null) {
            Log.d(TAG, "Change VPN state")
            if (qsTile.state == Tile.STATE_INACTIVE) {
                Log.d(TAG, "Start VPN")
@@ -147,10 +155,12 @@ class AmneziaTileService : TileService() {

    private fun doBindService() {
        Log.d(TAG, "Bind service")
-        Intent(this, AmneziaVpnService::class.java).also {
-            bindService(it, serviceConnection, BIND_ABOVE_CLIENT)
+        vpnProto?.let { proto ->
+            Intent(this, proto.serviceClass).also {
+                bindService(it, serviceConnection, BIND_ABOVE_CLIENT)
+            }
+            isInBoundState = true
        }
-        isInBoundState = true
    }

    private fun doUnbindService() {
@@ -180,6 +190,7 @@ class AmneziaTileService : TileService() {
        if (VpnService.prepare(applicationContext) != null) {
            Intent(this, VpnRequestActivity::class.java).apply {
                addFlags(Intent.FLAG_ACTIVITY_NEW_TASK)
+                putExtra(EXTRA_PROTOCOL, vpnProto)
            }.also {
                startActivityAndCollapseCompat(it)
            }
@@ -189,14 +200,16 @@ class AmneziaTileService : TileService() {
        }

    private fun startVpnService() {
-        try {
-            ContextCompat.startForegroundService(
-                applicationContext,
-                Intent(this, AmneziaVpnService::class.java)
-            )
-        } catch (e: SecurityException) {
-            Log.e(TAG, "Failed to start AmneziaVpnService: $e")
-        }
+        vpnProto?.let { proto ->
+            try {
+                ContextCompat.startForegroundService(
+                    applicationContext,
+                    Intent(this, proto.serviceClass)
+                )
+            } catch (e: SecurityException) {
+                Log.e(TAG, "Failed to start ${proto.serviceClass.simpleName}: $e")
+            }
+        } ?: Log.e(TAG, "Failed to start vpn service: vpnProto is null")
    }

    private fun connectToVpn() = vpnServiceMessenger.send(Action.CONNECT)
@@ -220,11 +233,8 @@ class AmneziaTileService : TileService() {
        }
    }

-    private fun updateVpnState(state: ProtocolState) {
-        scope.launch {
-            VpnStateStore.store { it.copy(protocolState = state) }
-        }
-    }
+    private fun updateVpnState(state: ProtocolState) =
+        scope.launch { VpnStateStore.store { it.copy(protocolState = state) } }

    private fun launchVpnStateListening() =
        scope.launch { VpnStateStore.dataFlow().collectLatest(::updateTile) }
@@ -232,9 +242,10 @@ class AmneziaTileService : TileService() {
    private fun updateTile(vpnState: VpnState) {
        Log.d(TAG, "Update tile: $vpnState")
        isVpnConfigExists = vpnState.serverName != null
+        vpnProto = vpnState.vpnProto
        val tile = qsTile ?: return
        tile.apply {
-            label = vpnState.serverName ?: DEFAULT_TILE_LABEL
+            label = (vpnState.serverName ?: DEFAULT_TILE_LABEL) + (vpnProto?.let { " ${it.label}" } ?: "")
            when (val protocolState = vpnState.protocolState) {
                CONNECTED -> {
                    state = Tile.STATE_ACTIVE
--- a/client/android/src/org/amnezia/vpn/AmneziaVpnService.kt
+++ b/client/android/src/org/amnezia/vpn/AmneziaVpnService.kt
@@ -1,5 +1,6 @@
 package org.amnezia.vpn

+import android.annotation.SuppressLint
 import android.app.ActivityManager
 import android.app.ActivityManager.RunningAppProcessInfo.IMPORTANCE_FOREGROUND_SERVICE
 import android.app.NotificationManager
@@ -39,7 +40,6 @@ import kotlinx.coroutines.runBlocking
 import kotlinx.coroutines.withTimeout
 import org.amnezia.vpn.protocol.BadConfigException
 import org.amnezia.vpn.protocol.LoadLibraryException
-import org.amnezia.vpn.protocol.Protocol
 import org.amnezia.vpn.protocol.ProtocolState.CONNECTED
 import org.amnezia.vpn.protocol.ProtocolState.CONNECTING
 import org.amnezia.vpn.protocol.ProtocolState.DISCONNECTED
@@ -48,11 +48,7 @@ import org.amnezia.vpn.protocol.ProtocolState.RECONNECTING
 import org.amnezia.vpn.protocol.ProtocolState.UNKNOWN
 import org.amnezia.vpn.protocol.VpnException
 import org.amnezia.vpn.protocol.VpnStartException
-import org.amnezia.vpn.protocol.awg.Awg
-import org.amnezia.vpn.protocol.cloak.Cloak
-import org.amnezia.vpn.protocol.openvpn.OpenVpn
 import org.amnezia.vpn.protocol.putStatus
-import org.amnezia.vpn.protocol.wireguard.Wireguard
 import org.amnezia.vpn.util.Log
 import org.amnezia.vpn.util.Prefs
 import org.amnezia.vpn.util.net.NetworkState
@@ -63,6 +59,7 @@ import org.json.JSONObject
 private const val TAG = "AmneziaVpnService"

 const val ACTION_DISCONNECT = "org.amnezia.vpn.action.disconnect"
+const val ACTION_CONNECT = "org.amnezia.vpn.action.connect"

 const val MSG_VPN_CONFIG = "VPN_CONFIG"
 const val MSG_ERROR = "ERROR"
@@ -73,19 +70,18 @@ const val AFTER_PERMISSION_CHECK = "AFTER_PERMISSION_CHECK"
 private const val PREFS_CONFIG_KEY = "LAST_CONF"
 private const val PREFS_SERVER_NAME = "LAST_SERVER_NAME"
 private const val PREFS_SERVER_INDEX = "LAST_SERVER_INDEX"
-private const val PROCESS_NAME = "org.amnezia.vpn:amneziaVpnService"
 // private const val STATISTICS_SENDING_TIMEOUT = 1000L
 private const val TRAFFIC_STATS_UPDATE_TIMEOUT = 1000L
 private const val DISCONNECT_TIMEOUT = 5000L
 private const val STOP_SERVICE_TIMEOUT = 5000L

-class AmneziaVpnService : VpnService() {
+@SuppressLint("Registered")
+open class AmneziaVpnService : VpnService() {

    private lateinit var mainScope: CoroutineScope
    private lateinit var connectionScope: CoroutineScope
    private var isServiceBound = false
-    private var protocol: Protocol? = null
-    private val protocolCache = mutableMapOf<String, Protocol>()
+    private var vpnProto: VpnProto? = null
    private var protocolState = MutableStateFlow(UNKNOWN)
    private var serverName: String? = null
    private var serverIndex: Int = -1
@@ -105,7 +101,7 @@ class AmneziaVpnService : VpnService() {
    // private var statisticsSendingJob: Job? = null
    private lateinit var networkState: NetworkState
    private lateinit var trafficStats: TrafficStats
-    private var disconnectReceiver: BroadcastReceiver? = null
+    private var controlReceiver: BroadcastReceiver? = null
    private var notificationStateReceiver: BroadcastReceiver? = null
    private var screenOnReceiver: BroadcastReceiver? = null
    private var screenOffReceiver: BroadcastReceiver? = null
@@ -116,7 +112,6 @@ class AmneziaVpnService : VpnService() {

    private val connectionExceptionHandler = CoroutineExceptionHandler { _, e ->
        protocolState.value = DISCONNECTED
-        protocol = null
        when (e) {
            is IllegalArgumentException,
            is VpnStartException,
@@ -227,7 +222,8 @@ class AmneziaVpnService : VpnService() {
            connect(intent?.getStringExtra(MSG_VPN_CONFIG))
        }
        ServiceCompat.startForeground(
-            this, NOTIFICATION_ID, serviceNotification.buildNotification(serverName, protocolState.value),
+            this, NOTIFICATION_ID,
+            serviceNotification.buildNotification(serverName, vpnProto?.label, protocolState.value),
            foregroundServiceTypeCompat
        )
        return START_REDELIVER_INTENT
@@ -292,9 +288,17 @@ class AmneziaVpnService : VpnService() {

    private fun registerBroadcastReceivers() {
        Log.d(TAG, "Register broadcast receivers")
-        disconnectReceiver = registerBroadcastReceiver(ACTION_DISCONNECT, ContextCompat.RECEIVER_NOT_EXPORTED) {
-            Log.d(TAG, "Broadcast request received: $ACTION_DISCONNECT")
-            disconnect()
+        controlReceiver = registerBroadcastReceiver(
+            arrayOf(ACTION_CONNECT, ACTION_DISCONNECT), ContextCompat.RECEIVER_NOT_EXPORTED
+        ) {
+            it?.action?.let { action ->
+                Log.d(TAG, "Broadcast request received: $action")
+                when (action) {
+                    ACTION_CONNECT -> connect()
+                    ACTION_DISCONNECT -> disconnect()
+                    else -> Log.w(TAG, "Unknown action received: $action")
+                }
+            }
        }

        notificationStateReceiver = if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
@@ -340,10 +344,10 @@ class AmneziaVpnService : VpnService() {

    private fun unregisterBroadcastReceivers() {
        Log.d(TAG, "Unregister broadcast receivers")
-        unregisterBroadcastReceiver(disconnectReceiver)
+        unregisterBroadcastReceiver(controlReceiver)
        unregisterBroadcastReceiver(notificationStateReceiver)
        unregisterScreenStateBroadcastReceivers()
-        disconnectReceiver = null
+        controlReceiver = null
        notificationStateReceiver = null
    }

@@ -356,7 +360,7 @@ class AmneziaVpnService : VpnService() {
            protocolState.drop(1).collect { protocolState ->
                Log.d(TAG, "Protocol state changed: $protocolState")

-                serviceNotification.updateNotification(serverName, protocolState)
+                serviceNotification.updateNotification(serverName, vpnProto?.label, protocolState)

                clientMessengers.send {
                    ServiceEvent.STATUS_CHANGED.packToMessage {
@@ -364,7 +368,7 @@ class AmneziaVpnService : VpnService() {
                    }
                }

-                VpnStateStore.store { VpnState(protocolState, serverName, serverIndex) }
+                VpnStateStore.store { VpnState(protocolState, serverName, serverIndex, vpnProto) }

                when (protocolState) {
                    CONNECTED -> {
@@ -421,7 +425,7 @@ class AmneziaVpnService : VpnService() {
    @MainThread
    private fun enableNotification() {
        registerScreenStateBroadcastReceivers()
-        serviceNotification.updateNotification(serverName, protocolState.value)
+        serviceNotification.updateNotification(serverName, vpnProto?.label, protocolState.value)
        launchTrafficStatsUpdate()
    }

@@ -484,8 +488,6 @@ class AmneziaVpnService : VpnService() {

        Log.d(TAG, "Start VPN connection")

-        protocolState.value = CONNECTING
-
        val config = parseConfigToJson(vpnConfig)
        saveServerData(config)
        if (config == null) {
@@ -494,6 +496,16 @@ class AmneziaVpnService : VpnService() {
            return
        }

+        try {
+            vpnProto = VpnProto.get(config.getString("protocol"))
+        } catch (e: Exception) {
+            onError("Invalid VPN config: ${e.message}")
+            protocolState.value = DISCONNECTED
+            return
+        }
+
+        protocolState.value = CONNECTING
+
        if (!checkPermission()) {
            protocolState.value = DISCONNECTED
            return
@@ -503,8 +515,10 @@ class AmneziaVpnService : VpnService() {
            disconnectionJob?.join()
            disconnectionJob = null

-            protocol = getProtocol(config.getString("protocol"))
-            protocol?.startVpn(config, Builder(), ::protect)
+            vpnProto?.protocol?.let { protocol ->
+                protocol.initialize(applicationContext, protocolState, ::onError)
+                protocol.startVpn(config, Builder(), ::protect)
+            }
        }
    }

@@ -520,8 +534,8 @@ class AmneziaVpnService : VpnService() {
            connectionJob?.join()
            connectionJob = null

-            protocol?.stopVpn()
-            protocol = null
+            vpnProto?.protocol?.stopVpn()
+
            try {
                withTimeout(DISCONNECT_TIMEOUT) {
                    // waiting for disconnect state
@@ -543,22 +557,10 @@ class AmneziaVpnService : VpnService() {
        protocolState.value = RECONNECTING

        connectionJob = connectionScope.launch {
-            protocol?.reconnectVpn(Builder())
+            vpnProto?.protocol?.reconnectVpn(Builder())
        }
    }

-    @MainThread
-    private fun getProtocol(protocolName: String): Protocol =
-        protocolCache[protocolName]
-            ?: when (protocolName) {
-                "wireguard" -> Wireguard()
-                "awg" -> Awg()
-                "openvpn" -> OpenVpn()
-                "cloak" -> Cloak()
-                else -> throw IllegalArgumentException("Protocol '$protocolName' not found")
-            }.apply { initialize(applicationContext, protocolState, ::onError) }
-                .also { protocolCache[protocolName] = it }
-
    /**
     * Utils methods
     */
@@ -603,6 +605,7 @@ class AmneziaVpnService : VpnService() {
        if (prepare(applicationContext) != null) {
            Intent(this, VpnRequestActivity::class.java).apply {
                addFlags(Intent.FLAG_ACTIVITY_NEW_TASK)
+                putExtra(EXTRA_PROTOCOL, vpnProto)
            }.also {
                startActivity(it)
            }
@@ -612,9 +615,9 @@ class AmneziaVpnService : VpnService() {
        }

    companion object {
-        fun isRunning(context: Context): Boolean =
+        fun isRunning(context: Context, processName: String): Boolean =
            context.getSystemService<ActivityManager>()!!.runningAppProcesses.any {
-                it.processName == PROCESS_NAME && it.importance <= IMPORTANCE_FOREGROUND_SERVICE
+                it.processName == processName && it.importance <= IMPORTANCE_FOREGROUND_SERVICE
            }
    }
 }
--- a/client/android/src/org/amnezia/vpn/AwgService.kt
+++ b/client/android/src/org/amnezia/vpn/AwgService.kt
@@ -0,0 +1,3 @@
+package org.amnezia.vpn
+
+class AwgService : AmneziaVpnService()
--- a/client/android/src/org/amnezia/vpn/CameraActivity.kt
+++ b/client/android/src/org/amnezia/vpn/CameraActivity.kt
@@ -140,7 +140,7 @@ class CameraActivity : ComponentActivity() {
                            }
                        }
                    }.addOnFailureListener {
-                        Log.e(TAG, "Processing QR-code image failed: ${it.message}")
+                        Log.e(TAG, "Processing QR code image failed: ${it.message}")
                    }.addOnCompleteListener {
                        imageProxy.close()
                    }
--- a/client/android/src/org/amnezia/vpn/OpenVpnService.kt
+++ b/client/android/src/org/amnezia/vpn/OpenVpnService.kt
@@ -0,0 +1,3 @@
+package org.amnezia.vpn
+
+class OpenVpnService : AmneziaVpnService()
--- a/client/android/src/org/amnezia/vpn/ServiceNotification.kt
+++ b/client/android/src/org/amnezia/vpn/ServiceNotification.kt
@@ -59,14 +59,14 @@ class ServiceNotification(private val context: Context) {
        formatSpeedString(rxString, txString)
    }

-    fun buildNotification(serverName: String?, state: ProtocolState): Notification {
+    fun buildNotification(serverName: String?, protocol: String?, state: ProtocolState): Notification {
        val speedString = if (state == CONNECTED) zeroSpeed else null

        Log.d(TAG, "Build notification: $serverName, $state")

        return notificationBuilder
            .setSmallIcon(R.drawable.ic_amnezia_round)
-            .setContentTitle(serverName ?: "AmneziaVPN")
+            .setContentTitle((serverName ?: "AmneziaVPN") + (protocol?.let { " $it" } ?: ""))
            .setContentText(context.getString(state))
            .setSubText(speedString)
            .setWhen(System.currentTimeMillis())
@@ -96,10 +96,10 @@ class ServiceNotification(private val context: Context) {
    }

    @SuppressLint("MissingPermission")
-    fun updateNotification(serverName: String?, state: ProtocolState) {
+    fun updateNotification(serverName: String?, protocol: String?, state: ProtocolState) {
        if (context.isNotificationPermissionGranted()) {
            Log.d(TAG, "Update notification: $serverName, $state")
-            notificationManager.notify(NOTIFICATION_ID, buildNotification(serverName, state))
+            notificationManager.notify(NOTIFICATION_ID, buildNotification(serverName, protocol, state))
        }
    }

@@ -125,7 +125,7 @@ class ServiceNotification(private val context: Context) {
                        context,
                        DISCONNECT_REQUEST_CODE,
                        Intent(ACTION_DISCONNECT).apply {
-                            setPackage("org.amnezia.vpn")
+                            setPackage(context.packageName)
                        },
                        PendingIntent.FLAG_IMMUTABLE or PendingIntent.FLAG_UPDATE_CURRENT
                    )
@@ -135,10 +135,12 @@ class ServiceNotification(private val context: Context) {
            DISCONNECTED -> {
                Action(
                    0, context.getString(R.string.connect),
-                    createServicePendingIntent(
+                    PendingIntent.getBroadcast(
                        context,
                        CONNECT_REQUEST_CODE,
-                        Intent(context, AmneziaVpnService::class.java),
+                        Intent(ACTION_CONNECT).apply {
+                            setPackage(context.packageName)
+                        },
                        PendingIntent.FLAG_IMMUTABLE or PendingIntent.FLAG_UPDATE_CURRENT
                    )
                )
@@ -148,13 +150,6 @@ class ServiceNotification(private val context: Context) {
        }
    }

-    private val createServicePendingIntent: (Context, Int, Intent, Int) -> PendingIntent =
-        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) {
-            PendingIntent::getForegroundService
-        } else {
-            PendingIntent::getService
-        }
-
    companion object {
        fun createNotificationChannel(context: Context) {
            with(NotificationManagerCompat.from(context)) {
--- a/client/android/src/org/amnezia/vpn/VpnProto.kt
+++ b/client/android/src/org/amnezia/vpn/VpnProto.kt
@@ -0,0 +1,75 @@
+package org.amnezia.vpn
+
+import org.amnezia.vpn.protocol.Protocol
+import org.amnezia.vpn.protocol.awg.Awg
+import org.amnezia.vpn.protocol.cloak.Cloak
+import org.amnezia.vpn.protocol.openvpn.OpenVpn
+import org.amnezia.vpn.protocol.wireguard.Wireguard
+import org.amnezia.vpn.protocol.xray.Xray
+
+enum class VpnProto(
+    val label: String,
+    val processName: String,
+    val serviceClass: Class<out AmneziaVpnService>
+) {
+    WIREGUARD(
+        "WireGuard",
+        "org.amnezia.vpn:amneziaAwgService",
+        AwgService::class.java
+    ) {
+        override fun createProtocol(): Protocol = Wireguard()
+    },
+
+    AWG(
+        "AmneziaWG",
+        "org.amnezia.vpn:amneziaAwgService",
+        AwgService::class.java
+    ) {
+        override fun createProtocol(): Protocol = Awg()
+    },
+
+    OPENVPN(
+        "OpenVPN",
+        "org.amnezia.vpn:amneziaOpenVpnService",
+        OpenVpnService::class.java
+    ) {
+        override fun createProtocol(): Protocol = OpenVpn()
+    },
+
+    CLOAK(
+        "Cloak",
+        "org.amnezia.vpn:amneziaOpenVpnService",
+        OpenVpnService::class.java
+    ) {
+        override fun createProtocol(): Protocol = Cloak()
+    },
+
+    XRAY(
+        "XRay",
+        "org.amnezia.vpn:amneziaXrayService",
+        XrayService::class.java
+    ) {
+        override fun createProtocol(): Protocol = Xray.instance
+    },
+
+    SSXRAY(
+        "SSXRay",
+        "org.amnezia.vpn:amneziaXrayService",
+        XrayService::class.java
+    ) {
+        override fun createProtocol(): Protocol = Xray.instance
+    };
+
+    private var _protocol: Protocol? = null
+    val protocol: Protocol
+        get() {
+            if (_protocol == null) _protocol = createProtocol()
+            return _protocol ?: throw AssertionError("Set to null by another thread")
+        }
+
+    protected abstract fun createProtocol(): Protocol
+
+    companion object {
+        fun get(protocolName: String): VpnProto = VpnProto.valueOf(protocolName.uppercase())
+    }
+}
--- a/client/android/src/org/amnezia/vpn/VpnRequestActivity.kt
+++ b/client/android/src/org/amnezia/vpn/VpnRequestActivity.kt
@@ -7,6 +7,7 @@ import android.content.Intent
 import android.content.res.Configuration.UI_MODE_NIGHT_MASK
 import android.content.res.Configuration.UI_MODE_NIGHT_YES
 import android.net.VpnService
+import android.os.Build
 import android.os.Bundle
 import android.provider.Settings
 import android.widget.Toast
@@ -18,9 +19,11 @@ import androidx.core.content.getSystemService
 import org.amnezia.vpn.util.Log

 private const val TAG = "VpnRequestActivity"
+const val EXTRA_PROTOCOL = "PROTOCOL"

 class VpnRequestActivity : ComponentActivity() {

+    private var vpnProto: VpnProto? = null
    private var userPresentReceiver: BroadcastReceiver? = null
    private val requestLauncher =
        registerForActivityResult(StartActivityForResult(), ::checkRequestResult)
@@ -28,6 +31,12 @@ class VpnRequestActivity : ComponentActivity() {
    override fun onCreate(savedInstanceState: Bundle?) {
        super.onCreate(savedInstanceState)
        Log.d(TAG, "Start request activity")
+        vpnProto = if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.TIRAMISU) {
+            intent.extras?.getSerializable(EXTRA_PROTOCOL, VpnProto::class.java)
+        } else {
+            @Suppress("DEPRECATION")
+            intent.extras?.getSerializable(EXTRA_PROTOCOL) as VpnProto
+        }
        val requestIntent = VpnService.prepare(applicationContext)
        if (requestIntent != null) {
            if (getSystemService<KeyguardManager>()!!.isKeyguardLocked) {
@@ -66,10 +75,18 @@ class VpnRequestActivity : ComponentActivity() {

    private fun onPermissionGranted() {
        Toast.makeText(this, resources.getString(R.string.vpnGranted), Toast.LENGTH_LONG).show()
-        Intent(applicationContext, AmneziaVpnService::class.java).apply {
-            putExtra(AFTER_PERMISSION_CHECK, true)
-        }.also {
-            ContextCompat.startForegroundService(this, it)
+        vpnProto?.let { proto ->
+            Intent(applicationContext, proto.serviceClass).apply {
+                putExtra(AFTER_PERMISSION_CHECK, true)
+            }.also {
+                ContextCompat.startForegroundService(this, it)
+            }
+        } ?: run {
+            Intent(this, AmneziaActivity::class.java).apply {
+                addFlags(Intent.FLAG_ACTIVITY_NEW_TASK)
+            }.also {
+                startActivity(it)
+            }
        }
    }

--- a/client/android/src/org/amnezia/vpn/VpnState.kt
+++ b/client/android/src/org/amnezia/vpn/VpnState.kt
@@ -1,19 +1,22 @@
 package org.amnezia.vpn

 import android.app.Application
+import androidx.datastore.core.CorruptionException
 import androidx.datastore.core.MultiProcessDataStoreFactory
 import androidx.datastore.core.Serializer
+import androidx.datastore.core.handlers.ReplaceFileCorruptionHandler
 import androidx.datastore.dataStoreFile
-import java.io.ByteArrayInputStream
-import java.io.ByteArrayOutputStream
 import java.io.InputStream
-import java.io.ObjectInputStream
-import java.io.ObjectOutputStream
 import java.io.OutputStream
-import java.io.Serializable
-import kotlinx.coroutines.Dispatchers
 import kotlinx.coroutines.flow.Flow
-import kotlinx.coroutines.withContext
+import kotlinx.coroutines.flow.catch
+import kotlinx.coroutines.flow.firstOrNull
+import kotlinx.serialization.ExperimentalSerializationApi
+import kotlinx.serialization.Serializable
+import kotlinx.serialization.SerializationException
+import kotlinx.serialization.decodeFromByteArray
+import kotlinx.serialization.encodeToByteArray
+import kotlinx.serialization.protobuf.ProtoBuf
 import org.amnezia.vpn.protocol.ProtocolState
 import org.amnezia.vpn.protocol.ProtocolState.DISCONNECTED
 import org.amnezia.vpn.util.Log
@@ -21,13 +24,14 @@ import org.amnezia.vpn.util.Log
 private const val TAG = "VpnState"
 private const val STORE_FILE_NAME = "vpnState"

+@Serializable
 data class VpnState(
    val protocolState: ProtocolState,
    val serverName: String? = null,
-    val serverIndex: Int = -1
-) : Serializable {
+    val serverIndex: Int = -1,
+    val vpnProto: VpnProto? = null
+) {
    companion object {
-        private const val serialVersionUID: Long = -1760654961004181606
        val defaultState: VpnState = VpnState(DISCONNECTED)
    }
 }
@@ -37,7 +41,11 @@ object VpnStateStore {

    private val dataStore = MultiProcessDataStoreFactory.create(
        serializer = VpnStateSerializer(),
-        produceFile = { app.dataStoreFile(STORE_FILE_NAME) }
+        produceFile = { app.dataStoreFile(STORE_FILE_NAME) },
+        corruptionHandler = ReplaceFileCorruptionHandler { e ->
+            Log.e(TAG, "VpnState DataStore corrupted: $e")
+            VpnState.defaultState
+        }
    )

    fun init(app: Application) {
@@ -45,36 +53,36 @@ object VpnStateStore {
        this.app = app
    }

-    fun dataFlow(): Flow<VpnState> = dataStore.data
+    fun dataFlow(): Flow<VpnState> = dataStore.data.catch { e ->
+        Log.e(TAG, "Failed to read VpnState from store: ${e.message}")
+        emit(VpnState.defaultState)
+    }
+
+    suspend fun getVpnState(): VpnState = dataFlow().firstOrNull() ?: VpnState.defaultState

    suspend fun store(f: (vpnState: VpnState) -> VpnState) {
        try {
            dataStore.updateData(f)
-        } catch (e : Exception) {
+        } catch (e: Exception) {
            Log.e(TAG, "Failed to store VpnState: $e")
+            Log.w(TAG, "Remove DataStore file")
+            app.dataStoreFile(STORE_FILE_NAME).delete()
        }
    }
 }

+@OptIn(ExperimentalSerializationApi::class)
 private class VpnStateSerializer : Serializer<VpnState> {
    override val defaultValue: VpnState = VpnState.defaultState

-    override suspend fun readFrom(input: InputStream): VpnState {
-        return withContext(Dispatchers.IO) {
-            val bios = ByteArrayInputStream(input.readBytes())
-            ObjectInputStream(bios).use {
-                it.readObject() as VpnState
-            }
-        }
+    override suspend fun readFrom(input: InputStream): VpnState = try {
+        ProtoBuf.decodeFromByteArray<VpnState>(input.readBytes())
+    } catch (e: SerializationException) {
+        Log.e(TAG, "Failed to deserialize data: $e")
+        throw CorruptionException("Failed to deserialize data", e)
    }

-    override suspend fun writeTo(t: VpnState, output: OutputStream) {
-        withContext(Dispatchers.IO) {
-            val baos = ByteArrayOutputStream()
-            ObjectOutputStream(baos).use {
-                it.writeObject(t)
-            }
-            output.write(baos.toByteArray())
-        }
-    }
+    @Suppress("BlockingMethodInNonBlockingContext")
+    override suspend fun writeTo(t: VpnState, output: OutputStream) =
+        output.write(ProtoBuf.encodeToByteArray(t))
 }
--- a/client/android/src/org/amnezia/vpn/XrayService.kt
+++ b/client/android/src/org/amnezia/vpn/XrayService.kt
@@ -0,0 +1,3 @@
+package org.amnezia.vpn
+
+class XrayService : AmneziaVpnService()
--- a/client/android/wireguard/src/main/kotlin/org/amnezia/vpn/protocol/wireguard/Wireguard.kt
+++ b/client/android/wireguard/src/main/kotlin/org/amnezia/vpn/protocol/wireguard/Wireguard.kt
@@ -1,12 +1,9 @@
 package org.amnezia.vpn.protocol.wireguard

-import android.content.Context
 import android.net.VpnService.Builder
 import java.util.TreeMap
-import kotlinx.coroutines.flow.MutableStateFlow
 import org.amnezia.awg.GoBackend
 import org.amnezia.vpn.protocol.Protocol
-import org.amnezia.vpn.protocol.ProtocolState
 import org.amnezia.vpn.protocol.ProtocolState.CONNECTED
 import org.amnezia.vpn.protocol.ProtocolState.DISCONNECTED
 import org.amnezia.vpn.protocol.Statistics
@@ -78,9 +75,8 @@ open class Wireguard : Protocol() {
            }
        }

-    override fun initialize(context: Context, state: MutableStateFlow<ProtocolState>, onError: (String) -> Unit) {
-        super.initialize(context, state, onError)
-        loadSharedLibrary(context, "wg-go")
+    override fun internalInit() {
+        if (!isInitialized) loadSharedLibrary(context, "wg-go")
    }

    override fun startVpn(config: JSONObject, vpnBuilder: Builder, protect: (Int) -> Boolean) {
--- a/client/android/xray/build.gradle.kts
+++ b/client/android/xray/build.gradle.kts
@@ -0,0 +1,19 @@
+plugins {
+    id(libs.plugins.android.library.get().pluginId)
+    id(libs.plugins.kotlin.android.get().pluginId)
+}
+
+kotlin {
+    jvmToolchain(17)
+}
+
+android {
+    namespace = "org.amnezia.vpn.protocol.xray"
+}
+
+dependencies {
+    compileOnly(project(":utils"))
+    compileOnly(project(":protocolApi"))
+    implementation(project(":xray:libXray"))
+    implementation(libs.kotlinx.coroutines)
+}
--- a/client/android/xray/libXray/build.gradle.kts
+++ b/client/android/xray/libXray/build.gradle.kts
@@ -0,0 +1,6 @@
+@file:Suppress("UnstableApiUsage")
+
+configurations {
+    maybeCreate("default")
+}
+artifacts.add("default", file("libxray.aar"))
--- a/client/android/xray/src/main/kotlin/Xray.kt
+++ b/client/android/xray/src/main/kotlin/Xray.kt
@@ -0,0 +1,239 @@
+package org.amnezia.vpn.protocol.xray
+
+import android.content.Context
+import android.net.VpnService.Builder
+import java.io.File
+import java.io.IOException
+import go.Seq
+import org.amnezia.vpn.protocol.BadConfigException
+import org.amnezia.vpn.protocol.Protocol
+import org.amnezia.vpn.protocol.ProtocolState.CONNECTED
+import org.amnezia.vpn.protocol.ProtocolState.DISCONNECTED
+import org.amnezia.vpn.protocol.Statistics
+import org.amnezia.vpn.protocol.VpnStartException
+import org.amnezia.vpn.protocol.xray.libXray.DialerController
+import org.amnezia.vpn.protocol.xray.libXray.LibXray
+import org.amnezia.vpn.protocol.xray.libXray.Logger
+import org.amnezia.vpn.protocol.xray.libXray.Tun2SocksConfig
+import org.amnezia.vpn.util.Log
+import org.amnezia.vpn.util.net.InetNetwork
+import org.amnezia.vpn.util.net.parseInetAddress
+import org.json.JSONObject
+
+/**
+ *    Config example:
+ * {
+ *     "appSplitTunnelType": 0,
+ *     "config_version": 0,
+ *     "description": "Server 1",
+ *     "dns1": "1.1.1.1",
+ *     "dns2": "1.0.0.1",
+ *     "hostName": "100.100.100.0",
+ *     "protocol": "xray",
+ *     "splitTunnelApps": [],
+ *     "splitTunnelSites": [],
+ *     "splitTunnelType": 0,
+ *     "xray_config_data": {
+ *         "inbounds": [
+ *             {
+ *                 "listen": "127.0.0.1",
+ *                 "port": 8080,
+ *                 "protocol": "socks",
+ *                 "settings": {
+ *                     "udp": true
+ *                 }
+ *             }
+ *         ],
+ *         "log": {
+ *             "loglevel": "error"
+ *         },
+ *         "outbounds": [
+ *             {
+ *                 "protocol": "vless",
+ *                 "settings": {
+ *                     "vnext": [
+ *                         {
+ *                             "address": "100.100.100.0",
+ *                             "port": 443,
+ *                             "users": [
+ *                                 {
+ *                                     "encryption": "none",
+ *                                     "flow": "xtls-rprx-vision",
+ *                                     "id": "id"
+ *                                 }
+ *                             ]
+ *                         }
+ *                     ]
+ *                 },
+ *                 "streamSettings": {
+ *                     "network": "tcp",
+ *                     "realitySettings": {
+ *                         "fingerprint": "chrome",
+ *                         "publicKey": "publicKey",
+ *                         "serverName": "google.com",
+ *                         "shortId": "id",
+ *                         "spiderX": ""
+ *                     },
+ *                     "security": "reality"
+ *                 }
+ *             }
+ *         ]
+ *     }
+ * }
+ *
+ */
+
+private const val TAG = "Xray"
+private const val LIBXRAY_TAG = "libXray"
+
+class Xray : Protocol() {
+
+    private var isRunning: Boolean = false
+    override val statistics: Statistics = Statistics.EMPTY_STATISTICS
+
+    override fun internalInit() {
+        Seq.setContext(context)
+        if (!isInitialized) {
+            LibXray.initLogger(object : Logger {
+                override fun warning(s: String) = Log.w(LIBXRAY_TAG, s)
+
+                override fun error(s: String) = Log.e(LIBXRAY_TAG, s)
+
+                override fun write(msg: ByteArray): Long {
+                    Log.w(LIBXRAY_TAG, String(msg))
+                    return msg.size.toLong()
+                }
+            }).isNotNullOrBlank { err ->
+                Log.w(TAG, "Failed to initialize logger: $err")
+            }
+        }
+    }
+
+    override fun startVpn(config: JSONObject, vpnBuilder: Builder, protect: (Int) -> Boolean) {
+        if (isRunning) {
+            Log.w(TAG, "XRay already running")
+            return
+        }
+
+        val xrayJsonConfig = config.optJSONObject("xray_config_data")
+            ?: config.optJSONObject("ssxray_config_data")
+            ?: throw BadConfigException("config_data not found")
+        val xrayConfig = parseConfig(config, xrayJsonConfig)
+
+        (xrayJsonConfig.optJSONObject("log") ?: JSONObject().also { xrayJsonConfig.put("log", it) })
+            .put("loglevel", "warning")
+            .put("access", "none") // disable access log
+
+        start(xrayConfig, xrayJsonConfig.toString(), vpnBuilder, protect)
+        state.value = CONNECTED
+        isRunning = true
+    }
+
+    private fun parseConfig(config: JSONObject, xrayJsonConfig: JSONObject): XrayConfig {
+        return XrayConfig.build {
+            addAddress(XrayConfig.DEFAULT_IPV4_ADDRESS)
+
+            config.optString("dns1").let {
+                if (it.isNotBlank()) addDnsServer(parseInetAddress(it))
+            }
+
+            config.optString("dns2").let {
+                if (it.isNotBlank()) addDnsServer(parseInetAddress(it))
+            }
+
+            addRoute(InetNetwork("0.0.0.0", 0))
+            addRoute(InetNetwork("2000::0", 3))
+            config.getString("hostName").let {
+                excludeRoute(InetNetwork(it, 32))
+            }
+
+            config.optString("mtu").let {
+                if (it.isNotBlank()) setMtu(it.toInt())
+            }
+
+            val socksConfig = xrayJsonConfig.getJSONArray("inbounds")[0] as JSONObject
+            socksConfig.getInt("port").let { setSocksPort(it) }
+
+            configSplitTunneling(config)
+            configAppSplitTunneling(config)
+        }
+    }
+
+    private fun start(config: XrayConfig, configJson: String, vpnBuilder: Builder, protect: (Int) -> Boolean) {
+        buildVpnInterface(config, vpnBuilder)
+
+        DialerController { protect(it.toInt()) }.also {
+            LibXray.registerDialerController(it).isNotNullOrBlank { err ->
+                throw VpnStartException("Failed to register dialer controller: $err")
+            }
+            LibXray.registerListenerController(it).isNotNullOrBlank { err ->
+                throw VpnStartException("Failed to register listener controller: $err")
+            }
+        }
+
+        vpnBuilder.establish().use { tunFd ->
+            if (tunFd == null) {
+                throw VpnStartException("Create VPN interface: permission not granted or revoked")
+            }
+            Log.d(TAG, "Run tun2Socks")
+            runTun2Socks(config, tunFd.detachFd())
+
+            Log.d(TAG, "Run XRay")
+            Log.i(TAG, "xray ${LibXray.xrayVersion()}")
+            val assetsPath = context.getDir("assets", Context.MODE_PRIVATE).absolutePath
+            LibXray.initXray(assetsPath)
+            val geoDir = File(assetsPath, "geo").absolutePath
+            val configPath = File(context.cacheDir, "config.json")
+            Log.d(TAG, "xray.location.asset: $geoDir")
+            Log.d(TAG, "config: $configPath")
+            try {
+                configPath.writeText(configJson)
+            } catch (e: IOException) {
+                LibXray.stopTun2Socks()
+                throw VpnStartException("Failed to write xray config: ${e.message}")
+            }
+            LibXray.runXray(geoDir, configPath.absolutePath, config.maxMemory).isNotNullOrBlank { err ->
+                LibXray.stopTun2Socks()
+                throw VpnStartException("Failed to start xray: $err")
+            }
+        }
+    }
+
+    override fun stopVpn() {
+        LibXray.stopXray().isNotNullOrBlank { err ->
+            Log.e(TAG, "Failed to stop XRay: $err")
+        }
+        LibXray.stopTun2Socks().isNotNullOrBlank { err ->
+            Log.e(TAG, "Failed to stop tun2Socks: $err")
+        }
+
+        isRunning = false
+        state.value = DISCONNECTED
+    }
+
+    override fun reconnectVpn(vpnBuilder: Builder) {
+        state.value = CONNECTED
+    }
+
+    private fun runTun2Socks(config: XrayConfig, fd: Int) {
+        val tun2SocksConfig = Tun2SocksConfig().apply {
+            mtu = config.mtu.toLong()
+            proxy = "socks5://127.0.0.1:${config.socksPort}"
+            device = "fd://$fd"
+            logLevel = "warning"
+        }
+        LibXray.startTun2Socks(tun2SocksConfig, fd.toLong()).isNotNullOrBlank { err ->
+            throw VpnStartException("Failed to start tun2socks: $err")
+        }
+    }
+
+    companion object {
+        val instance: Xray by lazy { Xray() }
+    }
+}
+
+private fun String?.isNotNullOrBlank(block: (String) -> Unit) {
+    if (!this.isNullOrBlank()) {
+        block(this)
+    }
+}
--- a/client/android/xray/src/main/kotlin/XrayConfig.kt
+++ b/client/android/xray/src/main/kotlin/XrayConfig.kt
@@ -0,0 +1,42 @@
+package org.amnezia.vpn.protocol.xray
+
+import org.amnezia.vpn.protocol.ProtocolConfig
+import org.amnezia.vpn.util.net.InetNetwork
+
+private const val XRAY_DEFAULT_MTU = 1500
+private const val XRAY_DEFAULT_MAX_MEMORY: Long = 50 shl 20 // 50 MB
+
+class XrayConfig protected constructor(
+    protocolConfigBuilder: ProtocolConfig.Builder,
+    val socksPort: Int,
+    val maxMemory: Long,
+) : ProtocolConfig(protocolConfigBuilder) {
+
+    protected constructor(builder: Builder) : this(
+        builder,
+        builder.socksPort,
+        builder.maxMemory
+    )
+
+    class Builder : ProtocolConfig.Builder(false) {
+        internal var socksPort: Int = 0
+            private set
+
+        internal var maxMemory: Long = XRAY_DEFAULT_MAX_MEMORY
+            private set
+
+        override var mtu: Int = XRAY_DEFAULT_MTU
+
+        fun setSocksPort(port: Int) = apply { socksPort = port }
+
+        fun setMaxMemory(maxMemory: Long) = apply { this.maxMemory = maxMemory }
+
+        override fun build(): XrayConfig = configBuild().run { XrayConfig(this@Builder) }
+    }
+
+    companion object {
+        internal val DEFAULT_IPV4_ADDRESS: InetNetwork = InetNetwork("10.0.42.2", 30)
+
+        inline fun build(block: Builder.() -> Unit): XrayConfig = Builder().apply(block).build()
+    }
+}
--- a/client/cmake/android.cmake
+++ b/client/cmake/android.cmake
@@ -52,3 +52,6 @@ foreach(abi IN ITEMS ${QT_ANDROID_ABIS})
        ${CMAKE_CURRENT_SOURCE_DIR}/3rd-prebuilt/3rd-prebuilt/libssh/android/${abi}/libssh.so
    )
 endforeach()
+
+file(COPY ${CMAKE_CURRENT_SOURCE_DIR}/3rd-prebuilt/3rd-prebuilt/xray/android/libxray.aar
+        DESTINATION ${CMAKE_CURRENT_SOURCE_DIR}/android/xray/libXray)
--- a/client/containers/containers_defs.cpp
+++ b/client/containers/containers_defs.cpp
@@ -69,6 +69,8 @@ QVector<amnezia::Proto> ContainerProps::protocolsForContainer(amnezia::DockerCon

    case DockerContainer::Sftp: return { Proto::Sftp };

+    case DockerContainer::Socks5Proxy: return { Proto::Socks5Proxy };
+
    default: return { defaultProtocol(container) };
    }
 }
@@ -88,7 +90,7 @@ QMap<DockerContainer, QString> ContainerProps::containerHumanNames()
 {
    return { { DockerContainer::None, "Not installed" },
             { DockerContainer::OpenVpn, "OpenVPN" },
-             { DockerContainer::ShadowSocks, "ShadowSocks" },
+             { DockerContainer::ShadowSocks, "OpenVPN over SS" },
             { DockerContainer::Cloak, "OpenVPN over Cloak" },
             { DockerContainer::WireGuard, "WireGuard" },
             { DockerContainer::Awg, "AmneziaWG" },
@@ -97,8 +99,9 @@ QMap<DockerContainer, QString> ContainerProps::containerHumanNames()
             { DockerContainer::SSXray, "ShadowSocks"},

             { DockerContainer::TorWebSite, QObject::tr("Website in Tor network") },
-             { DockerContainer::Dns, QObject::tr("Amnezia DNS") },
-             { DockerContainer::Sftp, QObject::tr("Sftp file sharing service") } };
+             { DockerContainer::Dns, QObject::tr("AmneziaDNS") },
+             { DockerContainer::Sftp, QObject::tr("SFTP file sharing service") },
+             { DockerContainer::Socks5Proxy, QObject::tr("SOCKS5 proxy server") } };
 }

 QMap<DockerContainer, QString> ContainerProps::containerDescriptions()
@@ -107,7 +110,7 @@ QMap<DockerContainer, QString> ContainerProps::containerDescriptions()
               QObject::tr("OpenVPN is the most popular VPN protocol, with flexible configuration options. It uses its "
                           "own security protocol with SSL/TLS for key exchange.") },
             { DockerContainer::ShadowSocks,
-               QObject::tr("ShadowSocks - masks VPN traffic, making it similar to normal web traffic, but it "
+               QObject::tr("Shadowsocks - masks VPN traffic, making it similar to normal web traffic, but it "
                           "may be recognized by analysis systems in some highly censored regions.") },
             { DockerContainer::Cloak,
               QObject::tr("OpenVPN over Cloak - OpenVPN with VPN masquerading as web traffic and protection against "
@@ -124,14 +127,16 @@ QMap<DockerContainer, QString> ContainerProps::containerDescriptions()
               QObject::tr("XRay with REALITY - Suitable for countries with the highest level of internet censorship. "
                           "Traffic masking as web traffic at the TLS level, and protection against detection by active probing methods.") },
             { DockerContainer::Ipsec,
-               QObject::tr("IKEv2 -  Modern stable protocol, a bit faster than others, restores connection after "
+               QObject::tr("IKEv2/IPsec -  Modern stable protocol, a bit faster than others, restores connection after "
                           "signal loss. It has native support on the latest versions of Android and iOS.") },

             { DockerContainer::TorWebSite, QObject::tr("Deploy a WordPress site on the Tor network in two clicks.") },
             { DockerContainer::Dns,
               QObject::tr("Replace the current DNS server with your own. This will increase your privacy level.") },
             { DockerContainer::Sftp,
-               QObject::tr("Create a file vault on your server to securely store and transfer files.") } };
+               QObject::tr("Create a file vault on your server to securely store and transfer files.") },
+             { DockerContainer::Socks5Proxy,
+               QObject::tr("") } };
 }

 QMap<DockerContainer, QString> ContainerProps::containerDetailedDescriptions()
@@ -159,7 +164,6 @@ QMap<DockerContainer, QString> ContainerProps::containerDetailedDescriptions()
                      "However, certain traffic analysis systems might still detect a Shadowsocks connection. "
                      "Due to limited support in Amnezia, it's recommended to use AmneziaWG protocol.\n\n"
                      "* Available in the AmneziaVPN only on desktop platforms\n"
-                      "* Normal power consumption on mobile devices\n\n"
                      "* Configurable encryption protocol\n"
                      "* Detectable by some DPI systems\n"
                      "* Works over TCP network protocol.") },
@@ -240,7 +244,8 @@ QMap<DockerContainer, QString> ContainerProps::containerDetailedDescriptions()
          QObject::tr("After installation, Amnezia will create a\n\n file storage on your server. "
                      "You will be able to access it using\n FileZilla or other SFTP clients, "
                      "as well as mount the disk on your device to access\n it directly from your device.\n\n"
-                      "For more detailed information, you can\n find it in the support section under \"Create SFTP file storage.\" ") }
+                      "For more detailed information, you can\n find it in the support section under \"Create SFTP file storage.\" ") },
+        { DockerContainer::Socks5Proxy, QObject::tr("SOCKS5 proxy server") }
    };
 }

@@ -265,6 +270,7 @@ Proto ContainerProps::defaultProtocol(DockerContainer c)
    case DockerContainer::TorWebSite: return Proto::TorWebSite;
    case DockerContainer::Dns: return Proto::Dns;
    case DockerContainer::Sftp: return Proto::Sftp;
+    case DockerContainer::Socks5Proxy: return Proto::Socks5Proxy;
    default: return Proto::Any;
    }
 }
@@ -279,8 +285,9 @@ bool ContainerProps::isSupportedByCurrentPlatform(DockerContainer c)
    case DockerContainer::WireGuard: return true;
    case DockerContainer::OpenVpn: return true;
    case DockerContainer::Awg: return true;
-    case DockerContainer::Cloak:
-        return true;
+    case DockerContainer::Xray: return true;
+    case DockerContainer::Cloak: return true;
+    case DockerContainer::SSXray: return true;
        //    case DockerContainer::ShadowSocks: return true;
    default: return false;
    }
@@ -298,6 +305,8 @@ bool ContainerProps::isSupportedByCurrentPlatform(DockerContainer c)
    case DockerContainer::ShadowSocks: return false;
    case DockerContainer::Awg: return true;
    case DockerContainer::Cloak: return true;
+    case DockerContainer::Xray: return true;
+    case DockerContainer::SSXray: return true;
    default: return false;
    }

@@ -367,6 +376,7 @@ bool ContainerProps::isShareable(DockerContainer container)
    case DockerContainer::TorWebSite: return false;
    case DockerContainer::Dns: return false;
    case DockerContainer::Sftp: return false;
+    case DockerContainer::Socks5Proxy: return false;
    default: return true;
    }
 }
@@ -380,3 +390,18 @@ QJsonObject ContainerProps::getProtocolConfigFromContainer(const Proto protocol,

    return QJsonDocument::fromJson(protocolConfigString.toUtf8()).object();
 }
+
+int ContainerProps::installPageOrder(DockerContainer container)
+{
+    switch (container) {
+    case DockerContainer::OpenVpn: return 4;
+    case DockerContainer::Cloak: return 5;
+    case DockerContainer::ShadowSocks: return 6;
+    case DockerContainer::WireGuard: return 2;
+    case DockerContainer::Awg: return 1;
+    case DockerContainer::Xray: return 3;
+    case DockerContainer::Ipsec: return 7;
+    case DockerContainer::SSXray: return 8;
+    default: return 0;
+    }
+}
--- a/client/containers/containers_defs.h
+++ b/client/containers/containers_defs.h
@@ -28,7 +28,8 @@ namespace amnezia
            // non-vpn
            TorWebSite,
            Dns,
-            Sftp
+            Sftp,
+            Socks5Proxy
        };
        Q_ENUM_NS(DockerContainer)
    } // namespace ContainerEnumNS
@@ -71,6 +72,8 @@ namespace amnezia
        static bool isShareable(amnezia::DockerContainer container);

        static QJsonObject getProtocolConfigFromContainer(const amnezia::Proto protocol, const QJsonObject &containerConfig);
+
+        static int installPageOrder(amnezia::DockerContainer container);
    };

    static void declareQmlContainerEnum()
--- a/client/core/controllers/apiController.cpp
+++ b/client/core/controllers/apiController.cpp
@@ -40,6 +40,28 @@ void ApiController::processApiConfig(const QString &protocol, const ApiControlle
        return;
    } else if (protocol == configKey::awg) {
        config.replace("$WIREGUARD_CLIENT_PRIVATE_KEY", apiPayloadData.wireGuardClientPrivKey);
+        auto serverConfig = QJsonDocument::fromJson(config.toUtf8()).object();
+        auto containers = serverConfig.value(config_key::containers).toArray();
+        if (containers.isEmpty()) {
+            return;
+        }
+        auto container = containers.at(0).toObject();
+        QString containerName = ContainerProps::containerTypeToString(DockerContainer::Awg);
+        auto containerConfig = container.value(containerName).toObject();
+        auto protocolConfig = QJsonDocument::fromJson(containerConfig.value(config_key::last_config).toString().toUtf8()).object();
+        containerConfig[config_key::junkPacketCount] = protocolConfig.value(config_key::junkPacketCount);
+        containerConfig[config_key::junkPacketMinSize] = protocolConfig.value(config_key::junkPacketMinSize);
+        containerConfig[config_key::junkPacketMaxSize] = protocolConfig.value(config_key::junkPacketMaxSize);
+        containerConfig[config_key::initPacketJunkSize] = protocolConfig.value(config_key::initPacketJunkSize);
+        containerConfig[config_key::responsePacketJunkSize] = protocolConfig.value(config_key::responsePacketJunkSize);
+        containerConfig[config_key::initPacketMagicHeader] = protocolConfig.value(config_key::initPacketMagicHeader);
+        containerConfig[config_key::responsePacketMagicHeader] = protocolConfig.value(config_key::responsePacketMagicHeader);
+        containerConfig[config_key::underloadPacketMagicHeader] = protocolConfig.value(config_key::underloadPacketMagicHeader);
+        containerConfig[config_key::transportPacketMagicHeader] = protocolConfig.value(config_key::transportPacketMagicHeader);
+        container[containerName] = containerConfig;
+        containers.replace(0, container);
+        serverConfig[config_key::containers] = containers;
+        config = QString(QJsonDocument(serverConfig).toJson());
    }
    return;
 }
--- a/client/core/controllers/serverController.cpp
+++ b/client/core/controllers/serverController.cpp
@@ -106,7 +106,7 @@ ErrorCode ServerController::runContainerScript(const ServerCredentials &credenti
    if (e)
        return e;

-    QString runner = QString("sudo docker exec -i $CONTAINER_NAME bash %1 ").arg(fileName);
+    QString runner = QString("sudo docker exec -i $CONTAINER_NAME %2 %1 ").arg(fileName, (container == DockerContainer::Socks5Proxy ? "sh" : "bash"));
    e = runScript(credentials, replaceVars(runner, genVarsForScript(credentials, container)), cbReadStdOut, cbReadStdErr);

    QString remover = QString("sudo docker exec -i $CONTAINER_NAME rm %1 ").arg(fileName);
@@ -376,6 +376,10 @@ bool ServerController::isReinstallContainerRequired(DockerContainer container, c
            return true;
    }

+    if (container == DockerContainer::Socks5Proxy) {
+        return true;
+    }
+
    return false;
 }

@@ -516,6 +520,7 @@ ServerController::Vars ServerController::genVarsForScript(const ServerCredential
    const QJsonObject &amneziaWireguarConfig = config.value(ProtocolProps::protoToString(Proto::Awg)).toObject();
    const QJsonObject &xrayConfig = config.value(ProtocolProps::protoToString(Proto::Xray)).toObject();
    const QJsonObject &sftpConfig = config.value(ProtocolProps::protoToString(Proto::Sftp)).toObject();
+    const QJsonObject &socks5ProxyConfig = config.value(ProtocolProps::protoToString(Proto::Socks5Proxy)).toObject();

    Vars vars;

@@ -613,6 +618,14 @@ ServerController::Vars ServerController::genVarsForScript(const ServerCredential
    vars.append({ { "$UNDERLOAD_PACKET_MAGIC_HEADER", amneziaWireguarConfig.value(config_key::underloadPacketMagicHeader).toString() } });
    vars.append({ { "$TRANSPORT_PACKET_MAGIC_HEADER", amneziaWireguarConfig.value(config_key::transportPacketMagicHeader).toString() } });

+    // Socks5 proxy vars
+    vars.append({ { "$SOCKS5_PROXY_PORT", socks5ProxyConfig.value(config_key::port).toString(protocols::socks5Proxy::defaultPort) } });
+    auto username =  socks5ProxyConfig.value(config_key:: userName).toString();
+    auto password = socks5ProxyConfig.value(config_key::password).toString();
+    QString socks5user = (!username.isEmpty() && !password.isEmpty()) ? QString("users %1:CL:%2").arg(username, password) : "";
+    vars.append({ { "$SOCKS5_USER",  socks5user } });
+    vars.append({ { "$SOCKS5_AUTH_TYPE",  socks5user.isEmpty() ? "none" : "strong" } });
+
    QString serverIp = NetworkUtilities::getIPAddress(credentials.hostName);
    if (!serverIp.isEmpty()) {
        vars.append({ { "$SERVER_IP_ADDRESS", serverIp } });
--- a/client/core/errorstrings.cpp
+++ b/client/core/errorstrings.cpp
@@ -9,7 +9,7 @@ QString errorString(ErrorCode code) {

    // General error codes
    case(ErrorCode::NoError): errorMessage = QObject::tr("No error"); break;
-    case(ErrorCode::UnknownError): errorMessage = QObject::tr("Unknown Error"); break;
+    case(ErrorCode::UnknownError): errorMessage = QObject::tr("Unknown error"); break;
    case(ErrorCode::NotImplementedError): errorMessage = QObject::tr("Function not implemented"); break;
    case(ErrorCode::AmneziaServiceNotRunning): errorMessage = QObject::tr("Background service is not running"); break;

@@ -23,15 +23,15 @@ QString errorString(ErrorCode code) {
    case(ErrorCode::ServerPacketManagerError): errorMessage = QObject::tr("Server error: Packet manager error"); break;

    // Libssh errors
-    case(ErrorCode::SshRequestDeniedError): errorMessage = QObject::tr("Ssh request was denied"); break;
-    case(ErrorCode::SshInterruptedError): errorMessage = QObject::tr("Ssh request was interrupted"); break;
-    case(ErrorCode::SshInternalError): errorMessage = QObject::tr("Ssh internal error"); break;
+    case(ErrorCode::SshRequestDeniedError): errorMessage = QObject::tr("SSH request was denied"); break;
+    case(ErrorCode::SshInterruptedError): errorMessage = QObject::tr("SSH request was interrupted"); break;
+    case(ErrorCode::SshInternalError): errorMessage = QObject::tr("SSH internal error"); break;
    case(ErrorCode::SshPrivateKeyError): errorMessage = QObject::tr("Invalid private key or invalid passphrase entered"); break;
    case(ErrorCode::SshPrivateKeyFormatError): errorMessage = QObject::tr("The selected private key format is not supported, use openssh ED25519 key types or PEM key types"); break;
    case(ErrorCode::SshTimeoutError): errorMessage = QObject::tr("Timeout connecting to server"); break;

    // Ssh scp errors
-    case(ErrorCode::SshScpFailureError): errorMessage = QObject::tr("Scp error: Generic failure"); break;
+    case(ErrorCode::SshScpFailureError): errorMessage = QObject::tr("SCP error: Generic failure"); break;

    // Local errors
    case (ErrorCode::OpenVpnConfigMissing): errorMessage = QObject::tr("OpenVPN config missing"); break;
@@ -39,7 +39,7 @@ QString errorString(ErrorCode code) {

    // Distro errors
    case (ErrorCode::OpenVpnExecutableMissing): errorMessage = QObject::tr("OpenVPN executable missing"); break;
-    case (ErrorCode::ShadowSocksExecutableMissing): errorMessage = QObject::tr("ShadowSocks (ss-local) executable missing"); break;
+    case (ErrorCode::ShadowSocksExecutableMissing): errorMessage = QObject::tr("Shadowsocks (ss-local) executable missing"); break;
    case (ErrorCode::CloakExecutableMissing): errorMessage = QObject::tr("Cloak (ck-client) executable missing"); break;
    case (ErrorCode::AmneziaServiceConnectionFailed): errorMessage = QObject::tr("Amnezia helper service error"); break;
    case (ErrorCode::OpenSslFailed): errorMessage = QObject::tr("OpenSSL failed"); break;
--- a/client/core/scripts_registry.cpp
+++ b/client/core/scripts_registry.cpp
@@ -18,6 +18,7 @@ QString amnezia::scriptFolder(amnezia::DockerContainer container)
    case DockerContainer::TorWebSite: return QLatin1String("website_tor");
    case DockerContainer::Dns: return QLatin1String("dns");
    case DockerContainer::Sftp: return QLatin1String("sftp");
+    case DockerContainer::Socks5Proxy: return QLatin1String("socks5_proxy");
    default: return QString();
    }
 }
--- a/client/fonts/Lato-Black.ttf
+++ b/client/fonts/Lato-Black.ttf
--- a/client/fonts/Lato-BlackItalic.ttf
+++ b/client/fonts/Lato-BlackItalic.ttf
--- a/client/fonts/Lato-Bold.ttf
+++ b/client/fonts/Lato-Bold.ttf
--- a/client/fonts/Lato-BoldItalic.ttf
+++ b/client/fonts/Lato-BoldItalic.ttf
--- a/client/fonts/Lato-Hairline.ttf
+++ b/client/fonts/Lato-Hairline.ttf
--- a/client/fonts/Lato-HairlineItalic.ttf
+++ b/client/fonts/Lato-HairlineItalic.ttf
--- a/client/fonts/Lato-Heavy.ttf
+++ b/client/fonts/Lato-Heavy.ttf
--- a/client/fonts/Lato-HeavyItalic.ttf
+++ b/client/fonts/Lato-HeavyItalic.ttf
--- a/client/fonts/Lato-Italic.ttf
+++ b/client/fonts/Lato-Italic.ttf
--- a/client/fonts/Lato-Light.ttf
+++ b/client/fonts/Lato-Light.ttf
--- a/client/fonts/Lato-LightItalic.ttf
+++ b/client/fonts/Lato-LightItalic.ttf
--- a/client/fonts/Lato-Medium.ttf
+++ b/client/fonts/Lato-Medium.ttf
--- a/client/fonts/Lato-MediumItalic.ttf
+++ b/client/fonts/Lato-MediumItalic.ttf
--- a/client/fonts/Lato-Regular.ttf
+++ b/client/fonts/Lato-Regular.ttf
--- a/client/fonts/Lato-Semibold.ttf
+++ b/client/fonts/Lato-Semibold.ttf
--- a/client/fonts/Lato-SemiboldItalic.ttf
+++ b/client/fonts/Lato-SemiboldItalic.ttf
--- a/client/fonts/Lato-Thin.ttf
+++ b/client/fonts/Lato-Thin.ttf
--- a/client/fonts/Lato-ThinItalic.ttf
+++ b/client/fonts/Lato-ThinItalic.ttf
--- a/client/ios/networkextension/CMakeLists.txt
+++ b/client/ios/networkextension/CMakeLists.txt
@@ -50,10 +50,12 @@ set_target_properties("networkextension" PROPERTIES
 find_library(FW_ASSETS_LIBRARY AssetsLibrary)
 find_library(FW_MOBILE_CORE MobileCoreServices)
 find_library(FW_UI_KIT UIKit)
+find_library(FW_LIBRESOLV libresolv.9.tbd)

 target_link_libraries(networkextension PRIVATE ${FW_ASSETS_LIBRARY})
 target_link_libraries(networkextension PRIVATE ${FW_MOBILE_CORE})
 target_link_libraries(networkextension PRIVATE ${FW_UI_KIT})
+target_link_libraries(networkextension PRIVATE ${FW_LIBRESOLV})

 target_compile_options(networkextension PRIVATE -DGROUP_ID=\"${BUILD_IOS_GROUP_IDENTIFIER}\")
 target_compile_options(networkextension PRIVATE -DNETWORK_EXTENSION=1)
@@ -80,13 +82,16 @@ target_sources(networkextension PRIVATE
    ${WG_APPLE_SOURCE_DIR}/WireGuardKit/Array+ConcurrentMap.swift
    ${WG_APPLE_SOURCE_DIR}/WireGuardKit/IPAddress+AddrInfo.swift
    ${WG_APPLE_SOURCE_DIR}/WireGuardKit/PrivateKey.swift
+    ${CLIENT_ROOT_DIR}/platforms/ios/HevSocksTunnel.swift
    ${CLIENT_ROOT_DIR}/platforms/ios/NELogController.swift
    ${CLIENT_ROOT_DIR}/platforms/ios/Log.swift
    ${CLIENT_ROOT_DIR}/platforms/ios/LogRecord.swift
    ${CLIENT_ROOT_DIR}/platforms/ios/PacketTunnelProvider.swift
    ${CLIENT_ROOT_DIR}/platforms/ios/PacketTunnelProvider+WireGuard.swift
    ${CLIENT_ROOT_DIR}/platforms/ios/PacketTunnelProvider+OpenVPN.swift
+    ${CLIENT_ROOT_DIR}/platforms/ios/PacketTunnelProvider+Xray.swift
    ${CLIENT_ROOT_DIR}/platforms/ios/WGConfig.swift
+    ${CLIENT_ROOT_DIR}/platforms/ios/XrayConfig.swift
    ${CLIENT_ROOT_DIR}/platforms/ios/iosglue.mm
 )

@@ -114,3 +119,5 @@ target_include_directories(networkextension PRIVATE ${CLIENT_ROOT_DIR})
 target_include_directories(networkextension PRIVATE ${CMAKE_CURRENT_BINARY_DIR})

 target_link_libraries(networkextension PRIVATE ${CLIENT_ROOT_DIR}/3rd-prebuilt/3rd-prebuilt/wireguard/ios/arm64/libwg-go.a)
+
+target_link_libraries(networkextension PRIVATE ${CLIENT_ROOT_DIR}/3rd-prebuilt/3rd-prebuilt/xray/HevSocks5Tunnel.xcframework)
--- a/client/logger.cpp
+++ b/client/logger.cpp
@@ -33,6 +33,10 @@ void debugMessageHandler(QtMsgType type, const QMessageLogContext& context, cons
    }

    // Skip annoying messages from Qt
+    if (msg.contains("OpenType support missing for")) {
+        return;
+    }
+
    if (msg.startsWith("Unknown property") || msg.startsWith("Could not create pixmap") || msg.startsWith("Populating font") || msg.startsWith("stale focus object")) {
        return;
    }
--- a/client/platforms/ios/HevSocksTunnel.swift
+++ b/client/platforms/ios/HevSocksTunnel.swift
@@ -0,0 +1,73 @@
+import HevSocks5Tunnel
+
+public enum Socks5Tunnel {
+
+    private static var tunnelFileDescriptor: Int32? {
+        var ctlInfo = ctl_info()
+        withUnsafeMutablePointer(to: &ctlInfo.ctl_name) {
+            $0.withMemoryRebound(to: CChar.self, capacity: MemoryLayout.size(ofValue: $0.pointee)) {
+                _ = strcpy($0, "com.apple.net.utun_control")
+            }
+        }
+        for fd: Int32 in 0...1024 {
+            var addr = sockaddr_ctl()
+            var ret: Int32 = -1
+            var len = socklen_t(MemoryLayout.size(ofValue: addr))
+            withUnsafeMutablePointer(to: &addr) {
+                $0.withMemoryRebound(to: sockaddr.self, capacity: 1) {
+                    ret = getpeername(fd, $0, &len)
+                }
+            }
+            if ret != 0 || addr.sc_family != AF_SYSTEM {
+                continue
+            }
+            if ctlInfo.ctl_id == 0 {
+                ret = ioctl(fd, CTLIOCGINFO, &ctlInfo)
+                if ret != 0 {
+                    continue
+                }
+            }
+            if addr.sc_id == ctlInfo.ctl_id {
+                return fd
+            }
+        }
+        return nil
+    }
+
+    private static var interfaceName: String? {
+        guard let tunnelFileDescriptor = self.tunnelFileDescriptor else {
+            return nil
+        }
+        var buffer = [UInt8](repeating: 0, count: Int(IFNAMSIZ))
+        return buffer.withUnsafeMutableBufferPointer { mutableBufferPointer in
+            guard let baseAddress = mutableBufferPointer.baseAddress else {
+                return nil
+            }
+            var ifnameSize = socklen_t(IFNAMSIZ)
+            let result = getsockopt(
+                tunnelFileDescriptor,
+                2 /* SYSPROTO_CONTROL */,
+                2 /* UTUN_OPT_IFNAME */,
+                baseAddress,
+                &ifnameSize
+            )
+            if result == 0 {
+                return String(cString: baseAddress)
+            } else {
+                return nil
+            }
+        }
+    }
+
+    @discardableResult
+    public static func run(withConfig filePath: String) -> Int32 {
+        guard let fileDescriptor = self.tunnelFileDescriptor else {
+            fatalError("Get tunnel file descriptor failed.")
+        }
+        return hev_socks5_tunnel_main(filePath.cString(using: .utf8), fileDescriptor)
+    }
+
+    public static func quit() {
+        hev_socks5_tunnel_quit()
+    }
+}
--- a/client/platforms/ios/NELogController.swift
+++ b/client/platforms/ios/NELogController.swift
@@ -13,6 +13,10 @@ public func ovpnLog(_ type: OSLogType, title: String = "", message: String) {
    neLog(type, title: "OVPN: \(title)", message: message)
 }

+public func xrayLog(_ type: OSLogType, title: String = "", message: String) {
+    neLog(type, title: "XRAY: \(title)", message: message)
+}
+
 public func neLog(_ type: OSLogType, title: String = "", message: String) {
    Log.log(type, title: "NE: \(title)", message: message)
 }
--- a/client/platforms/ios/PacketTunnelProvider+Xray.swift
+++ b/client/platforms/ios/PacketTunnelProvider+Xray.swift
@@ -0,0 +1,187 @@
+import Foundation
+import NetworkExtension
+import WireGuardKitGo
+
+enum XrayErrors: Error {
+    case noXrayConfig
+    case xrayConfigIsWrong
+    case cantSaveXrayConfig
+    case cantParseListenAndPort
+    case cantSaveHevSocksConfig
+}
+
+extension Constants {
+    static let cachesDirectory: URL = {
+        if let cachesDirectoryURL = FileManager.default.urls(for: .cachesDirectory,
+                                                             in: .userDomainMask).first {
+            return cachesDirectoryURL
+        } else {
+            fatalError("Unable to retrieve caches directory.")
+        }
+    }()
+}
+
+extension PacketTunnelProvider {
+    func startXray(completionHandler: @escaping (Error?) -> Void) {
+
+        // Xray configuration
+        guard let protocolConfiguration = self.protocolConfiguration as? NETunnelProviderProtocol,
+              let providerConfiguration = protocolConfiguration.providerConfiguration,
+              let configData = providerConfiguration[Constants.xrayConfigKey] as? Data else {
+            xrayLog(.error, message: "Can't get xray configuration")
+            completionHandler(XrayErrors.noXrayConfig)
+            return
+        }
+
+        // Tunnel settings
+        let ipv6Enabled = false
+        let hideVPNIcon = false
+
+        let settings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: "254.1.1.1")
+        settings.mtu = 9000
+
+        settings.ipv4Settings = {
+            let settings = NEIPv4Settings(addresses: ["198.18.0.1"], subnetMasks: ["255.255.0.0"])
+            settings.includedRoutes = [NEIPv4Route.default()]
+            return settings
+        }()
+
+        settings.ipv6Settings = {
+            guard ipv6Enabled else {
+                return nil
+            }
+            let settings = NEIPv6Settings(addresses: ["fd6e:a81b:704f:1211::1"], networkPrefixLengths: [64])
+            settings.includedRoutes = [NEIPv6Route.default()]
+            if hideVPNIcon {
+                settings.excludedRoutes = [NEIPv6Route(destinationAddress: "::", networkPrefixLength: 128)]
+            }
+            return settings
+        }()
+
+        do {
+            let xrayConfig = try JSONDecoder().decode(XrayConfig.self,
+                                                      from: configData)
+
+            var dnsArray = [String]()
+            if let dns1 = xrayConfig.dns1 {
+                dnsArray.append(dns1)
+            }
+            if let dns2 = xrayConfig.dns2 {
+                dnsArray.append(dns2)
+            }
+
+            settings.dnsSettings = !dnsArray.isEmpty
+            ? NEDNSSettings(servers: dnsArray)
+            : NEDNSSettings(servers: ["1.1.1.1"])
+
+            let xrayConfigData = xrayConfig.config.data(using: .utf8)
+
+            guard let xrayConfigData else {
+                xrayLog(.error, message: "Can't encode config to data")
+                completionHandler(XrayErrors.xrayConfigIsWrong)
+                return
+            }
+
+            let jsonDict = try JSONSerialization.jsonObject(with: xrayConfigData,
+                                                            options: []) as? [String: Any]
+
+            guard var jsonDict else {
+                xrayLog(.error, message: "Can't parse address and port for hevSocks")
+                completionHandler(XrayErrors.cantParseListenAndPort)
+                return
+            }
+
+            let port = 10808
+            let address = "::1"
+
+            if var inboundsArray = jsonDict["inbounds"] as? [[String: Any]], !inboundsArray.isEmpty {
+                inboundsArray[0]["port"] = port
+                inboundsArray[0]["listen"] = address
+                jsonDict["inbounds"] = inboundsArray
+            }
+
+            let updatedData = try JSONSerialization.data(withJSONObject: jsonDict, options: [])
+
+            setTunnelNetworkSettings(settings) { [weak self] error in
+                if let error {
+                    completionHandler(error)
+                    return
+                }
+
+                // Launch xray
+                self?.setupAndStartXray(configData: updatedData) { xrayError in
+                    if let xrayError {
+                        completionHandler(xrayError)
+                        return
+                    }
+
+                    // Launch hevSocks
+                    self?.setupAndRunTun2socks(configData: updatedData,
+                                               address: address,
+                                               port: port,
+                                               completionHandler: completionHandler)
+                }
+            }
+        } catch {
+            completionHandler(error)
+            return
+        }
+    }
+
+    func stopXray(completionHandler: () -> Void) {
+        Socks5Tunnel.quit()
+        LibXrayStopXray()
+        completionHandler()
+    }
+
+    private func setupAndStartXray(configData: Data,
+                                   completionHandler: @escaping (Error?) -> Void) {
+        let path = Constants.cachesDirectory.appendingPathComponent("config.json", isDirectory: false).path
+        guard FileManager.default.createFile(atPath: path, contents: configData) else {
+            xrayLog(.error, message: "Can't save xray configuration")
+            completionHandler(XrayErrors.cantSaveXrayConfig)
+            return
+        }
+
+        LibXrayRunXray(nil,
+                       path,
+                       Int64.max)
+
+        completionHandler(nil)
+        xrayLog(.info, message: "Xray started")
+    }
+
+    private func setupAndRunTun2socks(configData: Data,
+                                      address: String,
+                                      port: Int,
+                                      completionHandler: @escaping (Error?) -> Void) {
+        let config = """
+        tunnel:
+          mtu: 9000
+        socks5:
+          port: \(port)
+          address: \(address)
+          udp: 'udp'
+        misc:
+          task-stack-size: 20480
+          connect-timeout: 5000
+          read-write-timeout: 60000
+          log-file: stderr
+          log-level: error
+          limit-nofile: 65535
+        """
+
+        let configurationFilePath = Constants.cachesDirectory.appendingPathComponent("config.yml", isDirectory: false).path
+        guard FileManager.default.createFile(atPath: configurationFilePath, contents: config.data(using: .utf8)!) else {
+            xrayLog(.info, message: "Cant save hevSocks configuration")
+            completionHandler(XrayErrors.cantSaveHevSocksConfig)
+            return
+        }
+
+        DispatchQueue.global().async {
+            xrayLog(.info, message: "Hev socks started")
+            completionHandler(nil)
+            Socks5Tunnel.run(withConfig: configurationFilePath)
+        }
+    }
+}
--- a/client/platforms/ios/PacketTunnelProvider.swift
+++ b/client/platforms/ios/PacketTunnelProvider.swift
@@ -5,7 +5,8 @@ import Darwin
 import OpenVPNAdapter

 enum TunnelProtoType: String {
-  case wireguard, openvpn
+  case wireguard, openvpn, xray
+
 }

 struct Constants {
@@ -13,6 +14,7 @@ struct Constants {
  static let processQueueName = "org.amnezia.process-packets"
  static let kActivationAttemptId = "activationAttemptId"
  static let ovpnConfigKey = "ovpn"
+  static let xrayConfigKey = "xray"
  static let wireGuardConfigKey = "wireguard"
  static let loggerTag = "NET"
  
@@ -91,6 +93,8 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
                protoType = .openvpn
            } else if (providerConfiguration?[Constants.wireGuardConfigKey] as? Data) != nil {
                protoType = .wireguard
+            } else if (providerConfiguration?[Constants.xrayConfigKey] as? Data) != nil {
+                protoType = .xray
            }
        }

@@ -107,6 +111,9 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
                           completionHandler: completionHandler)
        case .openvpn:
            startOpenVPN(completionHandler: completionHandler)
+        case .xray:
+            startXray(completionHandler: completionHandler)
+
        }
    }

@@ -124,6 +131,8 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
        case .openvpn:
            stopOpenVPN(with: reason,
                        completionHandler: completionHandler)
+        case .xray:
+            stopXray(completionHandler: completionHandler)
        }
    }
  
@@ -138,6 +147,8 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
            handleWireguardStatusMessage(messageData, completionHandler: completionHandler)
        case .openvpn:
            handleOpenVPNStatusMessage(messageData, completionHandler: completionHandler)
+        case .xray:
+            break;
        }
    }
  
--- a/client/platforms/ios/WGConfig.swift
+++ b/client/platforms/ios/WGConfig.swift
@@ -13,7 +13,7 @@ struct WGConfig: Decodable {
  let clientIP: String
  let clientPrivateKey: String
  let serverPublicKey: String
-  let presharedKey: String
+  let presharedKey: String?
  var allowedIPs: [String]
  var persistentKeepAlive: String
  let splitTunnelType: Int
@@ -65,7 +65,7 @@ struct WGConfig: Decodable {
    \(settings)
    [Peer]
    PublicKey = \(serverPublicKey)
-    PresharedKey = \(presharedKey)
+    \(presharedKey == nil ? "" : "PresharedKey = \(presharedKey!)")
    AllowedIPs = \(allowedIPs.joined(separator: ", "))
    Endpoint = \(hostName):\(port)
    PersistentKeepalive = \(persistentKeepAlive)
--- a/client/platforms/ios/XrayConfig.swift
+++ b/client/platforms/ios/XrayConfig.swift
@@ -0,0 +1,7 @@
+import Foundation
+
+struct XrayConfig: Decodable {
+    let dns1: String?
+    let dns2: String?
+    let config: String
+}
--- a/client/platforms/ios/ios_controller.h
+++ b/client/platforms/ios/ios_controller.h
@@ -72,9 +72,12 @@ private:
    bool setupCloak();
    bool setupWireGuard();
    bool setupAwg();
+    bool setupXray();
+    bool setupSSXray();

    bool startOpenVPN(const QString &config);
    bool startWireGuard(const QString &jsonConfig);
+    bool startXray(const QString &jsonConfig);

    void startTunnel();

--- a/client/platforms/ios/ios_controller.mm
+++ b/client/platforms/ios/ios_controller.mm
@@ -216,6 +216,12 @@ bool IosController::connectVpn(amnezia::Proto proto, const QJsonObject& configur
    if (proto == amnezia::Proto::Awg) {
        return setupAwg();
    }
+    if (proto == amnezia::Proto::Xray) {
+        return setupXray();
+    }
+    if (proto == amnezia::Proto::SSXray) {
+        return setupSSXray();
+    }

    return false;
 }
@@ -501,6 +507,42 @@ bool IosController::setupWireGuard()
    return startWireGuard(wgConfigDocStr);
 }

+bool IosController::setupXray()
+{
+    QJsonObject config = m_rawConfig[ProtocolProps::key_proto_config_data(amnezia::Proto::Xray)].toObject();
+    QJsonDocument xrayConfigDoc(config);
+
+    QString xrayConfigStr(xrayConfigDoc.toJson(QJsonDocument::Compact));
+
+    QJsonObject finalConfig;
+    finalConfig.insert(config_key::dns1, m_rawConfig[config_key::dns1].toString());
+    finalConfig.insert(config_key::dns2, m_rawConfig[config_key::dns2].toString());
+    finalConfig.insert(config_key::config, xrayConfigStr);
+
+    QJsonDocument finalConfigDoc(finalConfig);
+    QString finalConfigStr(finalConfigDoc.toJson(QJsonDocument::Compact));
+
+    return startXray(finalConfigStr);
+}
+
+bool IosController::setupSSXray()
+{
+    QJsonObject config = m_rawConfig[ProtocolProps::key_proto_config_data(amnezia::Proto::SSXray)].toObject();
+    QJsonDocument ssXrayConfigDoc(config);
+
+    QString ssXrayConfigStr(ssXrayConfigDoc.toJson(QJsonDocument::Compact));
+
+    QJsonObject finalConfig;
+    finalConfig.insert(config_key::dns1, m_rawConfig[config_key::dns1]);
+    finalConfig.insert(config_key::dns2, m_rawConfig[config_key::dns2]);
+    finalConfig.insert(config_key::config, ssXrayConfigStr);
+
+    QJsonDocument finalConfigDoc(finalConfig);
+    QString finalConfigStr(finalConfigDoc.toJson(QJsonDocument::Compact));
+
+    return startXray(finalConfigStr);
+}
+
 bool IosController::setupAwg()
 {
    QJsonObject config = m_rawConfig[ProtocolProps::key_proto_config_data(amnezia::Proto::Awg)].toObject();
@@ -590,6 +632,20 @@ bool IosController::startWireGuard(const QString &config)
    startTunnel();
 }

+bool IosController::startXray(const QString &config)
+{
+    qDebug() << "IosController::startXray";
+
+    NETunnelProviderProtocol *tunnelProtocol = [[NETunnelProviderProtocol alloc] init];
+    tunnelProtocol.providerBundleIdentifier = [NSString stringWithUTF8String:VPN_NE_BUNDLEID];
+    tunnelProtocol.providerConfiguration = @{@"xray": [[NSString stringWithUTF8String:config.toStdString().c_str()] dataUsingEncoding:NSUTF8StringEncoding]};
+    tunnelProtocol.serverAddress = m_serverAddress;
+
+    m_currentTunnel.protocolConfiguration = tunnelProtocol;
+
+    startTunnel();
+}
+
 void IosController::startTunnel()
 {
    NSString *protocolName = @"Unknown";
--- a/client/platforms/linux/daemon/wireguardutilslinux.cpp
+++ b/client/platforms/linux/daemon/wireguardutilslinux.cpp
@@ -139,7 +139,7 @@ bool WireguardUtilsLinux::addInterface(const InterfaceConfig& config) {
        if (config.m_killSwitchEnabled) {
            FirewallParams params { };
            params.dnsServers.append(config.m_dnsServer);
-            if (config.m_allowedIPAddressRanges.at(0).toString() == "0.0.0.0/0"){
+            if (config.m_allowedIPAddressRanges.contains(IPAddress("0.0.0.0/0"))) {
                params.blockAll = true;
                if (config.m_excludedAddresses.size()) {
                    params.allowNets = true;
--- a/client/platforms/macos/daemon/wireguardutilsmacos.cpp
+++ b/client/platforms/macos/daemon/wireguardutilsmacos.cpp
@@ -137,7 +137,8 @@ bool WireguardUtilsMacos::addInterface(const InterfaceConfig& config) {
      if (config.m_killSwitchEnabled) {
        FirewallParams params { };
        params.dnsServers.append(config.m_dnsServer);
-        if (config.m_allowedIPAddressRanges.at(0).toString() == "0.0.0.0/0"){
+
+        if (config.m_allowedIPAddressRanges.contains(IPAddress("0.0.0.0/0"))) {
          params.blockAll = true;
          if (config.m_excludedAddresses.size()) {
            params.allowNets = true;
--- a/client/protocols/ikev2_vpn_protocol_windows.cpp
+++ b/client/protocols/ikev2_vpn_protocol_windows.cpp
@@ -10,6 +10,7 @@
 #include "ikev2_vpn_protocol_windows.h"
 #include "utilities.h"

+
 static Ikev2Protocol* self = nullptr;
 static std::mutex rasDialFuncMutex;

@@ -80,10 +81,10 @@ void Ikev2Protocol::newConnectionStateEventReceived(UINT unMsg, tagRASCONNSTATE
    case RASCS_AuthNotify:
        //qDebug()<<__FUNCTION__ << __LINE__;
        if (dwError != 0) {
-            //qDebug() << "have error" << dwError;
+            qDebug() << "have error" << dwError;
            setConnectionState(Vpn::ConnectionState::Disconnected);
        } else {
-            //qDebug() << "RASCS_AuthNotify but no error" << dwError;
+            qDebug() << "RASCS_AuthNotify but no error" << dwError;
        }
        break;
    case RASCS_AuthRetry:
@@ -179,11 +180,13 @@ ErrorCode Ikev2Protocol::start()
    QByteArray cert = QByteArray::fromBase64(m_config[config_key::cert].toString().toUtf8());
    setConnectionState(Vpn::ConnectionState::Connecting);

-    QTemporaryFile certFile;
-    certFile.setAutoRemove(false);
-    certFile.open();
-    certFile.write(cert);
-    certFile.close();
+    QTemporaryFile * certFile = new QTemporaryFile;
+    certFile->setAutoRemove(false);
+    certFile->open();
+    QString m_filename = certFile->fileName();
+    certFile->write(cert);
+    certFile->close();
+    delete certFile;

    {
        auto certInstallProcess = IpcClient::CreatePrivilegedProcess();
@@ -193,19 +196,19 @@ ErrorCode Ikev2Protocol::start()
            return ErrorCode::AmneziaServiceConnectionFailed;
        }

-        certInstallProcess->waitForSource(1000);
+        certInstallProcess->waitForSource();
        if (!certInstallProcess->isInitialized()) {
            qWarning() << "IpcProcess replica is not connected!";
            setLastError(ErrorCode::AmneziaServiceConnectionFailed);
            return ErrorCode::AmneziaServiceConnectionFailed;
        }
        certInstallProcess->setProgram(PermittedProcess::CertUtil);
-        QStringList arguments({"-f" , "-importpfx",
-                               "-p", m_config[config_key::password].toString(),
-                               certFile.fileName(), "NoExport"
-                              });
-        certInstallProcess->setArguments(arguments);

+        QStringList arguments({"-f", "-importpfx", "-p", m_config[config_key::password].toString(),
+            QDir::toNativeSeparators(m_filename), "NoExport"
+        });
+
+        certInstallProcess->setArguments(arguments);
        certInstallProcess->start();
    }
    // /*
@@ -219,40 +222,40 @@ ErrorCode Ikev2Protocol::start()
    }

    {
-        {
-            if ( !create_new_vpn(tunnelName(), m_config[config_key::hostName].toString())){
-                qDebug() <<"Can't create the VPN connect";
-            }
-        }
-    }
+     {
+      if ( !create_new_vpn(tunnelName(), m_config[config_key::hostName].toString())){
+                                                                                    qDebug() <<"Can't create the VPN connect";
+}
+}
+}

-    {
-        auto adapterConfigProcess = new QProcess;
+{
+    QProcess adapterConfigProcess;
+    adapterConfigProcess.setProgram("powershell");
+    QString arguments = QString("-command \"Set-VpnConnectionIPsecConfiguration\" "
+                                "-ConnectionName '%1' "
+                                "-AuthenticationTransformConstants GCMAES128 "
+                                "-CipherTransformConstants GCMAES128 "
+                                "-EncryptionMethod AES256 "
+                                "-IntegrityCheckMethod SHA256 "
+                                "-PfsGroup None "
+                                "-DHGroup Group14 "
+                                "-PassThru -Force\"")
+                            .arg(tunnelName());

-        adapterConfigProcess->setProgram("powershell");
-        QString arguments = QString("-command \"Set-VpnConnectionIPsecConfiguration\" "
-                                    "-ConnectionName '%1' "
-                                    "-AuthenticationTransformConstants GCMAES128 "
-                                    "-CipherTransformConstants GCMAES128 "
-                                    "-EncryptionMethod AES256 "
-                                    "-IntegrityCheckMethod SHA256 "
-                                    "-PfsGroup None "
-                                    "-DHGroup Group14 "
-                                    "-PassThru -Force\"")
-                .arg(tunnelName());
-        adapterConfigProcess->setNativeArguments(arguments);
+    adapterConfigProcess.setNativeArguments(arguments);

-        adapterConfigProcess->start();
-        adapterConfigProcess->waitForFinished(5000);
+    adapterConfigProcess.start();
+    adapterConfigProcess.waitForFinished(5000);
+}
+//*/
+{
+    if (!connect_to_vpn(tunnelName())) {
+        qDebug()<<"We can't connect to VPN";
    }
-    //*/
-    {
-        if (!connect_to_vpn(tunnelName())) {
-            qDebug()<<"We can't connect to VPN";
-        }
-    }
-    //setConnectionState(Connecting);
-    return ErrorCode::NoError;
+}
+//setConnectionState(Connecting);
+return ErrorCode::NoError;
 }
 //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 bool Ikev2Protocol::create_new_vpn(const QString & vpn_name,
@@ -299,6 +302,7 @@ bool Ikev2Protocol::connect_to_vpn(const QString & vpn_name){
    auto ret = RasDial(NULL, NULL, &RasDialParams, 0,
                       &RasDialFuncCallback,
                       &hRasConn);
+
    if (ret == ERROR_SUCCESS){
        return true;
    }
--- a/client/protocols/protocols_defs.cpp
+++ b/client/protocols/protocols_defs.cpp
@@ -77,7 +77,8 @@ QMap<amnezia::Proto, QString> ProtocolProps::protocolHumanNames()

             { Proto::TorWebSite, "Website in Tor network" },
             { Proto::Dns, "DNS Service" },
-             { Proto::Sftp, QObject::tr("Sftp service") } };
+             { Proto::Sftp, QObject::tr("SFTP service") },
+             { Proto::Socks5Proxy, QObject::tr("SOCKS5 proxy server") } };
 }

 QMap<amnezia::Proto, QString> ProtocolProps::protocolDescriptions()
@@ -102,6 +103,7 @@ amnezia::ServiceType ProtocolProps::protocolService(Proto p)
    case Proto::TorWebSite: return ServiceType::Other;
    case Proto::Dns: return ServiceType::Other;
    case Proto::Sftp: return ServiceType::Other;
+    case Proto::Socks5Proxy: return ServiceType::Other;
    default: return ServiceType::Other;
    }
 }
@@ -113,6 +115,7 @@ int ProtocolProps::getPortForInstall(Proto p)
    case WireGuard:
    case ShadowSocks:
    case OpenVpn:
+    case Socks5Proxy:
        return QRandomGenerator::global()->bounded(30000, 50000);
    default:
        return defaultPort(p);
@@ -135,6 +138,7 @@ int ProtocolProps::defaultPort(Proto p)
    case Proto::TorWebSite: return -1;
    case Proto::Dns: return 53;
    case Proto::Sftp: return 222;
+    case Proto::Socks5Proxy: return 38080;
    default: return -1;
    }
 }
@@ -154,6 +158,7 @@ bool ProtocolProps::defaultPortChangeable(Proto p)
    case Proto::TorWebSite: return false;
    case Proto::Dns: return false;
    case Proto::Sftp: return true;
+    case Proto::Socks5Proxy: return true;
    default: return false;
    }
 }
@@ -175,6 +180,7 @@ TransportProto ProtocolProps::defaultTransportProto(Proto p)
    case Proto::TorWebSite: return TransportProto::Tcp;
    case Proto::Dns: return TransportProto::Udp;
    case Proto::Sftp: return TransportProto::Tcp;
+    case Proto::Socks5Proxy: return TransportProto::Tcp;
    }
 }

@@ -195,6 +201,7 @@ bool ProtocolProps::defaultTransportProtoChangeable(Proto p)
    case Proto::TorWebSite: return false;
    case Proto::Dns: return false;
    case Proto::Sftp: return false;
+    case Proto::Socks5Proxy: return false;
    default: return false;
    }
    return false;
--- a/client/protocols/protocols_defs.h
+++ b/client/protocols/protocols_defs.h
@@ -84,6 +84,7 @@ namespace amnezia
        constexpr char awg[] = "awg";
        constexpr char xray[] = "xray";
        constexpr char ssxray[] = "ssxray";
+        constexpr char socks5proxy[] = "socks5proxy";

        constexpr char configVersion[] = "config_version";

@@ -216,6 +217,14 @@ namespace amnezia
            constexpr char defaultUnderloadPacketMagicHeader[] = "1766607858";
        }

+        namespace socks5Proxy
+        {
+            constexpr char defaultUserName[] = "proxy_user";
+            constexpr char defaultPort[] = "38080";
+
+            constexpr char proxyConfigPath[] = "/usr/local/3proxy/conf/3proxy.cfg";
+        }
+
    } // namespace protocols

    namespace ProtocolEnumNS
@@ -244,7 +253,8 @@ namespace amnezia
            // non-vpn
            TorWebSite,
            Dns,
-            Sftp
+            Sftp,
+            Socks5Proxy
        };
        Q_ENUM_NS(Proto)

--- a/client/resources.qrc
+++ b/client/resources.qrc
@@ -11,16 +11,6 @@
        <file>images/tray/default.png</file>
        <file>images/tray/error.png</file>
        <file>images/arrow_left.png</file>
-        <file>fonts/Lato-Black.ttf</file>
-        <file>fonts/Lato-BlackItalic.ttf</file>
-        <file>fonts/Lato-Bold.ttf</file>
-        <file>fonts/Lato-BoldItalic.ttf</file>
-        <file>fonts/Lato-Italic.ttf</file>
-        <file>fonts/Lato-Light.ttf</file>
-        <file>fonts/Lato-LightItalic.ttf</file>
-        <file>fonts/Lato-Regular.ttf</file>
-        <file>fonts/Lato-Thin.ttf</file>
-        <file>fonts/Lato-ThinItalic.ttf</file>
        <file>images/AmneziaVPN.png</file>
        <file>images/share.png</file>
        <file>server_scripts/remove_container.sh</file>
@@ -95,7 +85,6 @@
        <file>server_scripts/check_user_in_sudo.sh</file>
        <file>ui/qml/Controls2/BasicButtonType.qml</file>
        <file>ui/qml/Controls2/TextFieldWithHeaderType.qml</file>
-        <file>fonts/pt-root-ui_vf.ttf</file>
        <file>ui/qml/Controls2/LabelWithButtonType.qml</file>
        <file>images/controls/arrow-right.svg</file>
        <file>images/controls/chevron-right.svg</file>
@@ -198,7 +187,7 @@
        <file>ui/qml/Pages2/PageProtocolOpenVpnSettings.qml</file>
        <file>ui/qml/Pages2/PageProtocolShadowSocksSettings.qml</file>
        <file>ui/qml/Pages2/PageProtocolCloakSettings.qml</file>
-        <file>ui/qml/Pages2/PageProtocolXraySettings.qml</file>        
+        <file>ui/qml/Pages2/PageProtocolXraySettings.qml</file>
        <file>ui/qml/Pages2/PageProtocolRaw.qml</file>
        <file>ui/qml/Pages2/PageSettingsLogging.qml</file>
        <file>ui/qml/Pages2/PageServiceSftpSettings.qml</file>
@@ -239,5 +228,13 @@
        <file>images/controls/alert-circle.svg</file>
        <file>images/controls/file-check-2.svg</file>
        <file>ui/qml/Controls2/WarningType.qml</file>
+        <file>fonts/pt-root-ui_vf.ttf</file>
+        <file>ui/qml/Modules/Style/qmldir</file>
+        <file>ui/qml/Modules/Style/AmneziaStyle.qml</file>
+        <file>ui/qml/Pages2/PageServiceSocksProxySettings.qml</file>
+        <file>server_scripts/socks5_proxy/run_container.sh</file>
+        <file>server_scripts/socks5_proxy/Dockerfile</file>
+        <file>server_scripts/socks5_proxy/configure_container.sh</file>
+        <file>server_scripts/socks5_proxy/start.sh</file>
    </qresource>
 </RCC>
--- a/client/server_scripts/socks5_proxy/Dockerfile
+++ b/client/server_scripts/socks5_proxy/Dockerfile
@@ -0,0 +1,10 @@
+FROM 3proxy/3proxy:latest
+
+LABEL maintainer="AmneziaVPN" 
+
+RUN mkdir -p /opt/amnezia
+RUN echo -e "#!/bin/bash\ntail -f /dev/null" > /opt/amnezia/start.sh
+RUN chmod a+x /opt/amnezia/start.sh
+
+ENTRYPOINT [ "/bin/sh", "/opt/amnezia/start.sh" ]
+CMD [ "" ]
--- a/client/server_scripts/socks5_proxy/configure_container.sh
+++ b/client/server_scripts/socks5_proxy/configure_container.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+echo -e "#!/bin/3proxy" > /usr/local/3proxy/conf/3proxy.cfg
+echo -e "config /usr/local/3proxy/conf/3proxy.cfg" >> /usr/local/3proxy/conf/3proxy.cfg
+echo -e "timeouts 1 5 30 60 180 1800 15 60" >> /usr/local/3proxy/conf/3proxy.cfg
+
+echo -e "$SOCKS5_USER" >> /usr/local/3proxy/conf/3proxy.cfg
+
+echo -e "log /usr/local/3proxy/logs/3proxy.log" >> /usr/local/3proxy/conf/3proxy.cfg
+echo -e "logformat \"-\\\"\"+_G{\"\"time_unix\"\":%t, \"\"proxy\"\":{\"\"type:\"\":\"\"%N\"\", \"\"port\"\":%p}, \"\"error\"\":{\"\"code\"\":\"\"%E\"\"}, \"\"auth\"\":{\"\"user\"\":\"\"%U\"\"}, \"\"client\"\":{\"\"ip\"\":\"\"%C\"\", \"\"port\"\":%c}, \"\"server\"\":{\"\"ip\"\":\"\"%R\"\", \"\"port\"\":%r}, \"\"bytes\"\":{\"\"sent\"\":%O, \"\"received\"\":%I}, \"\"request\"\":{\"\"hostname\"\":\"\"%n\"\"}, \"\"message\"\":\"\"%T\"\"}\"" >> /usr/local/3proxy/conf/3proxy.cfg
+echo -e "auth $SOCKS5_AUTH_TYPE" >> /usr/local/3proxy/conf/3proxy.cfg
+echo -e "socks -p$SOCKS5_PROXY_PORT" >> /usr/local/3proxy/conf/3proxy.cfg
--- a/client/server_scripts/socks5_proxy/run_container.sh
+++ b/client/server_scripts/socks5_proxy/run_container.sh
@@ -0,0 +1,5 @@
+sudo docker run -d \
+--restart always \
+-p $SOCKS5_PROXY_PORT:$SOCKS5_PROXY_PORT/tcp \
+--name $CONTAINER_NAME \
+$CONTAINER_NAME
--- a/client/server_scripts/socks5_proxy/start.sh
+++ b/client/server_scripts/socks5_proxy/start.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+# This scripts copied from Amnezia client to Docker container to /opt/amnezia and launched every time container starts
+
+echo "Container startup"
+
+/bin/3proxy /usr/local/3proxy/conf/3proxy.cfg
--- a/client/translations/amneziavpn_ar_EG.ts
+++ b/client/translations/amneziavpn_ar_EG.ts
--- a/client/translations/amneziavpn_fa_IR.ts
+++ b/client/translations/amneziavpn_fa_IR.ts
--- a/client/translations/amneziavpn_hi_IN.ts
+++ b/client/translations/amneziavpn_hi_IN.ts
--- a/client/translations/amneziavpn_my_MM.ts
+++ b/client/translations/amneziavpn_my_MM.ts
--- a/client/translations/amneziavpn_ru_RU.ts
+++ b/client/translations/amneziavpn_ru_RU.ts
--- a/client/translations/amneziavpn_uk_UA.ts
+++ b/client/translations/amneziavpn_uk_UA.ts
--- a/client/translations/amneziavpn_ur_PK.ts
+++ b/client/translations/amneziavpn_ur_PK.ts
--- a/client/translations/amneziavpn_zh_CN.ts
+++ b/client/translations/amneziavpn_zh_CN.ts
--- a/client/ui/controllers/connectionController.cpp
+++ b/client/ui/controllers/connectionController.cpp
@@ -123,7 +123,7 @@ void ConnectionController::onConnectionStateChanged(Vpn::ConnectionState state)
 void ConnectionController::onCurrentContainerUpdated()
 {
    if (m_isConnected || m_isConnectionInProgress) {
-        emit reconnectWithUpdatedContainer(tr("Settings updated successfully, Reconnnection..."));
+        emit reconnectWithUpdatedContainer(tr("Settings updated successfully, reconnnection..."));
        openConnection();
    } else {
        emit reconnectWithUpdatedContainer(tr("Settings updated successfully"));
--- a/client/ui/controllers/installController.cpp
+++ b/client/ui/controllers/installController.cpp
@@ -123,6 +123,9 @@ void InstallController::install(DockerContainer container, int port, TransportPr
            } else if (container == DockerContainer::Sftp) {
                containerConfig.insert(config_key::userName, protocols::sftp::defaultUserName);
                containerConfig.insert(config_key::password, Utils::getRandomString(10));
+            } else if (container == DockerContainer::Socks5Proxy) {
+                containerConfig.insert(config_key::userName, protocols::socks5Proxy::defaultUserName);
+                containerConfig.insert(config_key::password, Utils::getRandomString(10));
            }

            config.insert(config_key::container, ContainerProps::containerToString(container));
@@ -362,7 +365,7 @@ ErrorCode InstallController::getAlreadyInstalledContainers(const ServerCredentia
        if (containerInfo.isEmpty()) {
            continue;
        }
-        const static QRegularExpression containerAndPortRegExp("(amnezia[-a-z]*).*?:([0-9]*)->[0-9]*/(udp|tcp).*");
+        const static QRegularExpression containerAndPortRegExp("(amnezia[-a-z0-9]*).*?:([0-9]*)->[0-9]*/(udp|tcp).*");
        QRegularExpressionMatch containerAndPortMatch = containerAndPortRegExp.match(containerInfo);
        if (containerAndPortMatch.hasMatch()) {
            QString name = containerAndPortMatch.captured(1);
@@ -427,6 +430,20 @@ ErrorCode InstallController::getAlreadyInstalledContainers(const ServerCredentia

                        containerConfig.insert(config_key::userName, userName);
                        containerConfig.insert(config_key::password, password);
+                    } else if (protocol == Proto::Socks5Proxy) {
+                        QString proxyConfig = serverController->getTextFileFromContainer(container, credentials,
+                                                                                          protocols::socks5Proxy::proxyConfigPath, errorCode);
+
+                        const static QRegularExpression usernameAndPasswordRegExp("users (\\w+):CL:(\\w+)");
+                        QRegularExpressionMatch usernameAndPasswordMatch = usernameAndPasswordRegExp.match(proxyConfig);
+
+                        if (usernameAndPasswordMatch.hasMatch()) {
+                            QString userName = usernameAndPasswordMatch.captured(1);
+                            QString password = usernameAndPasswordMatch.captured(2);
+
+                            containerConfig.insert(config_key::userName, userName);
+                            containerConfig.insert(config_key::password, password);
+                        }
                    }

                    config.insert(config_key::container, ContainerProps::containerToString(container));
@@ -603,6 +620,10 @@ void InstallController::clearCachedProfile(QSharedPointer<ServerController> serv

    int serverIndex = m_serversModel->getProcessedServerIndex();
    DockerContainer container = static_cast<DockerContainer>(m_containersModel->getProcessedContainerIndex());
+    if (ContainerProps::containerService(container) == ServiceType::Other) {
+        return;
+    }
+
    QJsonObject containerConfig = m_containersModel->getContainerConfig(container);
    ServerCredentials serverCredentials =
            qvariant_cast<ServerCredentials>(m_serversModel->data(serverIndex, ServersModel::Roles::CredentialsRole));
--- a/client/ui/controllers/pageController.h
+++ b/client/ui/controllers/pageController.h
@@ -35,6 +35,7 @@ namespace PageLoader
        PageServiceSftpSettings,
        PageServiceTorWebsiteSettings,
        PageServiceDnsSettings,
+        PageServiceSocksProxySettings,

        PageSetupWizardStart,
        PageSetupWizardCredentials,
--- a/client/ui/models/clientManagementModel.cpp
+++ b/client/ui/models/clientManagementModel.cpp
@@ -281,7 +281,8 @@ ErrorCode ClientManagementModel::wgShow(const DockerContainer container, const S
        }
    };

-    for (int i = 0; i < peerList.size() && i < transferredDataList.size(); ++i) {
+    for (int i = 0; i < peerList.size() && i < transferredDataList.size() && i < latestHandshakeList.size(); ++i) {
+
        const auto transferredData = getStrValue(transferredDataList[i]).split(",");
        auto latestHandshake = getStrValue(latestHandshakeList[i]);
        auto serverBytesReceived = transferredData.front().trimmed();
--- a/client/ui/models/containers_model.cpp
+++ b/client/ui/models/containers_model.cpp
@@ -41,6 +41,7 @@ QVariant ContainersModel::data(const QModelIndex &index, int role) const
    case IsCurrentlyProcessedRole: return container == static_cast<DockerContainer>(m_processedContainerIndex);
    case IsSupportedRole: return ContainerProps::isSupportedByCurrentPlatform(container);
    case IsShareableRole: return ContainerProps::isShareable(container);
+    case InstallPageOrderRole: return ContainerProps::installPageOrder(container);
    }

    return QVariant();
@@ -112,5 +113,7 @@ QHash<int, QByteArray> ContainersModel::roleNames() const
    roles[IsCurrentlyProcessedRole] = "isCurrentlyProcessed";
    roles[IsSupportedRole] = "isSupported";
    roles[IsShareableRole] = "isShareable";
+
+    roles[InstallPageOrderRole] = "installPageOrder";
    return roles;
 }
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Mykola Baibuz	e08b62df40	Fix work wth PKCS12 TempFile	2024-08-20 22:46:51 +03:00
Mykola Baibuz	90912f9231	Fix Windows IPsec	2024-07-26 00:55:13 +03:00
pokamest	1754a82f67	iOS build fix	2024-07-22 15:29:48 +03:00
pokamest	3384008277	Merge pull request #899 from amnezia-vpn/bugfix/udp-for-ios bugfix for udp for ios	2024-07-22 14:40:24 +03:00
pokamest	af22115706	Merge pull request #896 from amnezia-vpn/bugfix/dns-for-xray-ios dns fix for xray(ios)	2024-07-22 14:39:44 +03:00
Nikita Titov	4b114fd3b6	Fix imgs and list in README (#900 ) * Fix imgs and list in README * Reorder download badges in README	2024-07-22 02:42:56 +03:00
Boris Verbitskii	a5564148f5	bugfix for udp for ios	2024-07-19 11:23:00 +07:00
KsZnak	196f7778fc	Im gs for readme (#898 ) Update README.md	2024-07-16 12:56:52 +01:00
Boris Verbitskii	de20add857	dns fix for xray(ios)	2024-07-16 16:39:39 +07:00
pokamest	c59216b58a	Merge pull request #880 from StrikerRUS/translation add artifact with translations and update Russian translation	2024-07-11 02:59:14 -07:00
Nethius	acf7fa261a	fixed qml warnings and hindi language warnings (#805 )	2024-07-11 10:36:24 +01:00
pokamest	c3eddc92bd	Merge pull request #889 from amnezia-vpn/feature/shadow-socks-by-xray-for-ios ssXray support for ios	2024-07-11 02:34:04 -07:00
Boris Verbitskii	18c74f4b02	add ssXray for ios	2024-07-09 14:56:39 +07:00
pokamest	3f90ee915d	Merge pull request #879 from amnezia-vpn/rename_open_over_ss Renaming OpenVPN over ShadowsSocks	2024-07-07 16:13:47 +01:00
Nethius	401ad0db0e	fixed wg/awg macos firewall rules for 0.0.0.0/0 (#883 ) * fixed wg/awg macos/linux firewall rules for 0.0.0.0/0	2024-07-07 14:56:38 +01:00
Vladyslav Miachkov	5945133d30	Create AmneziaStyle qml object (#830 )	2024-07-07 11:42:38 +01:00
Nethius	ff4fbde0b0	go to the home page after server installation (#878 )	2024-07-07 11:42:14 +01:00
albexk	74ae4f3e67	SSXray for Android (#885 )	2024-07-06 16:44:34 +01:00
pokamest	ae4b33d042	Merge pull request #884 from amnezia-vpn/fix/android-xray-config Fix logging configuration for XRay	2024-07-06 14:10:12 +01:00
albexk	53fa280037	Fix logging configuration for XRay	2024-07-05 18:42:53 +03:00
pokamest	8ecde90bc7	Update README.md, fix crlf	2024-07-04 21:04:56 +01:00
pokamest	34a583f272	Update README.md	2024-07-04 20:58:48 +01:00
StrikerRUS	5de4b8eeb8	add artifact with translations and update Russian translation	2024-07-04 19:32:50 +03:00
StrikerRUS	aae420e469	create translations artifact	2024-07-04 14:27:30 +03:00
pokamest	0612f70c06	Merge pull request #877 from amnezia-vpn/feature/reorder-containers-installing-list moved xray higher on the list of containers during installation	2024-07-03 14:06:56 +01:00
lunardunno	d0c82efa1c	rename OpenVPN over ShadowsSocks	2024-07-03 12:06:31 +04:00
vladimir.kuznetsov	cf8492240e	moved xray higher on the list of containers during installation	2024-07-02 22:00:28 +02:00
Boris Verbitckii	2bceb9f7ba	Xray and wg fix (#875 ) Xray support on iOS fixes	2024-07-01 17:27:53 +01:00
Iurii Egorov	760f935965	iOS Xray support (#864 ) Xray for ios	2024-06-30 10:19:38 +01:00
pokamest	eeeb2805c5	Merge pull request #872 from amnezia-vpn/bugfix/torsetup Fix TorWebsite setup in UI	2024-06-29 21:23:29 +01:00
Mykola Baibuz	9a592d67ad	Fix TorWebsite setup in UI	2024-06-28 22:47:22 +03:00
pokamest	ea6618b2f6	Merge pull request #863 from amnezia-vpn/bump Bump version to 4.6.0.1	2024-06-21 20:14:06 +01:00
albexk	7b092e73ad	Bump version to 4.6.0.1	2024-06-21 17:09:48 +03:00
pokamest	b2e25c42c7	Merge pull request #861 from amnezia-vpn/bugfix/xray-socks5-installing fixed runContainerScript() function	2024-06-21 10:37:30 +01:00
pokamest	c8dd38ac31	Merge pull request #862 from amnezia-vpn/bugfix/translations fixed ru translations file	2024-06-21 10:37:01 +01:00
vladimir.kuznetsov	563ee4703f	fixed ru translations file	2024-06-21 11:16:56 +03:00
vladimir.kuznetsov	beceed81de	fixed runContainerScript() function	2024-06-21 11:06:49 +03:00
pokamest	3bf96253db	Merge pull request #859 from StrikerRUS/StrikerRUS-patch-2 hotfix for typo introduced in #857	2024-06-20 08:02:28 +01:00
Nikita Titov	da2d0ec203	Update amneziavpn_ru_RU.ts	2024-06-20 01:15:55 +03:00
pokamest	008b858203	Merge pull request #857 from StrikerRUS/trans update Russian translation	2024-06-19 19:42:25 +01:00
pokamest	130fc8277d	Merge pull request #858 from amnezia-vpn/fdroid	2024-06-19 10:41:32 +01:00
albexk	468d3357b8	Update fdroid changelog	2024-06-19 12:10:38 +03:00
StrikerRUS	f1271da527	Merge branch 'dev' into trans	2024-06-19 02:31:04 +03:00
StrikerRUS	249a7c7ca3	update Russian translation	2024-06-19 02:14:22 +03:00
albexk	0094d0ebc4	Add build type for F-Droid	2024-06-18 22:49:05 +03:00
albexk	834b504dff	Android XRay (#840 ) * Add XRay module	2024-06-18 18:46:21 +01:00
pokamest	a516d0e757	Merge pull request #855 from amnezia-vpn/icons Update Android icons	2024-06-17 18:20:29 +01:00
albexk	afdfbdbc59	Update Android icons	2024-06-17 18:13:09 +03:00
pokamest	ef712b7054	Merge pull request #841 from amnezia-vpn/bugfix/api-awg-settings-display fixed display of awg config settings received from api	2024-06-10 12:36:08 +01:00
Nethius	c22f9ff08a	added ui for proxy container (#762 ) Added proxy container	2024-06-10 12:35:24 +01:00
vladimir.kuznetsov	04fb1825d5	fixed display of awg config settings received from api	2024-06-05 22:19:23 +02:00
pokamest	4f8f873682	Merge pull request #828 from amnezia-vpn/fix/hindi_file_extensions	2024-06-03 08:50:32 +01:00
pokamest	9fe75c6120	Merge pull request #831 from amnezia-vpn/bugfix/wg-show-possible-crash-fix	2024-06-03 08:49:26 +01:00
pokamest	bb7e8f46cb	Merge pull request #835 from amnezia-vpn/bugfix/has-split-tunneling	2024-06-03 08:44:04 +01:00
vladimir.kuznetsov	5db0c281ee	fixed isDefaultServerDefaultContainerHasSplitTunneling()	2024-05-30 12:42:53 +02:00
Vladyslav Miachkov	aac9bfcea6	Possible wg show crash fix	2024-05-27 18:58:36 +03:00
Mykola Baibuz	e6ee9085a2	Connection string support for XRay protocol (#777 ) * Connection string support for XRay protocol	2024-05-27 16:15:55 +01:00
lunardunno	d62ade58a5	update Hindi translation Fixed handling of file extensions in Hindi translation.	2024-05-27 12:05:53 +04:00