clean build file

moved xray higher on the list of containers during installation

.gitignore

@@ -9,6 +9,8 @@ deploy/build_32/*
 deploy/build_64/*
 winbuild*.bat
 .cache/
+client/3rd-prebuilt/
+client/3rd/OpenVPNAdapter/
 
 
 # Qt-es
@@ -133,4 +135,4 @@ client/3rd/ShadowSocks/ss_ios.xcconfig
 out/
 
 # CMake files
-CMakeFiles/
+CMakeFiles/

CMakeLists.txt

@@ -31,14 +31,9 @@ set(QT_BUILD_TOOLS_WHEN_CROSS_COMPILING ON)
 set(CMAKE_CXX_STANDARD 17)
 set(CMAKE_CXX_STANDARD_REQUIRED ON)
 
-if(APPLE AND NOT IOS)
-    set(CMAKE_OSX_ARCHITECTURES "x86_64")
-endif()
+
+set(CMAKE_OSX_ARCHITECTURES "x86_64")
+
 
 add_subdirectory(client)
 
-if(NOT IOS AND NOT ANDROID)
-    add_subdirectory(service)
-
-    include(${CMAKE_SOURCE_DIR}/deploy/installer/config.cmake)
-endif()

Release.entitlements

@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>com.apple.developer.networking.networkextension</key>
+	<array>
+		<string>packet-tunnel-provider</string>
+	</array>
+	<key>com.apple.security.app-sandbox</key>
+	<true/>
+	<key>com.apple.security.application-groups</key>
+	<array>
+		<string>group.org.amnezia.AmneziaVPN</string>
+	</array>
+	<key>com.apple.security.network.client</key>
+	<true/>
+	<key>com.apple.security.network.server</key>
+	<true/>
+	<key>keychain-access-groups</key>
+	<array>
+		<string>$(AppIdentifierPrefix)org.amnezia.AmneziaVPN.network-extension</string>
+	</array>
+</dict>
+</plist>

client/CMakeLists.txt

@@ -3,6 +3,7 @@ cmake_minimum_required(VERSION 3.25.0 FATAL_ERROR)
 set(PROJECT AmneziaVPN)
 project(${PROJECT})
 
+set(MACOX 1)
 
 set_property(GLOBAL PROPERTY USE_FOLDERS ON)
 set_property(GLOBAL PROPERTY AUTOGEN_TARGETS_FOLDER "Autogen")
@@ -24,11 +25,11 @@ execute_process(
 
 add_definitions(-DGIT_COMMIT_HASH="${GIT_COMMIT_HASH}")
 
-if(IOS)
+if(IOS OR MACOX)
     set(PACKAGES ${PACKAGES} Multimedia)
 endif()
 
-if(WIN32 OR (APPLE AND NOT IOS) OR (LINUX AND NOT ANDROID))
+if(WIN32 OR (MACOX AND NOT IOS) OR (LINUX AND NOT ANDROID))
     set(PACKAGES ${PACKAGES} Widgets)
 endif()
 
@@ -41,18 +42,18 @@ set(LIBS ${LIBS}
     Qt6::Core5Compat Qt6::Concurrent
 )
 
-if(IOS)
+if(IOS OR MACOX)
     set(LIBS ${LIBS} Qt6::Multimedia)
 endif()
 
-if(WIN32 OR (APPLE AND NOT IOS) OR (LINUX AND NOT ANDROID))
+if(WIN32 OR (MACOX AND NOT IOS) OR (LINUX AND NOT ANDROID))
     set(LIBS ${LIBS} Qt6::Widgets)
 endif()
 
 qt_standard_project_setup()
 qt_add_executable(${PROJECT} MANUAL_FINALIZATION)
 
-if(WIN32 OR (APPLE AND NOT IOS) OR (LINUX AND NOT ANDROID))
+if(WIN32 OR (MACOX AND NOT IOS) OR (LINUX AND NOT ANDROID))
     qt_add_repc_replicas(${PROJECT} ${CMAKE_CURRENT_LIST_DIR}/../ipc/ipc_interface.rep)
     qt_add_repc_replicas(${PROJECT} ${CMAKE_CURRENT_LIST_DIR}/../ipc/ipc_process_interface.rep)
 endif()
@@ -61,7 +62,7 @@ qt6_add_resources(QRC ${QRC} ${CMAKE_CURRENT_LIST_DIR}/resources.qrc)
 
 # -- i18n begin
 set(CMAKE_AUTORCC ON)
-
+# module language
 set(AMNEZIAVPN_TS_FILES
     ${CMAKE_CURRENT_LIST_DIR}/translations/amneziavpn_ru_RU.ts
     ${CMAKE_CURRENT_LIST_DIR}/translations/amneziavpn_zh_CN.ts
@@ -89,10 +90,16 @@ qt6_add_resources(QRC ${I18NQRC} ${CMAKE_CURRENT_BINARY_DIR}/translations.qrc)
 # -- i18n end
 
 if(IOS)
+    message("Client >> Cmake build OpenVPN: iOS")
     execute_process(COMMAND bash ${CMAKE_CURRENT_LIST_DIR}/ios/scripts/openvpn.sh args
         WORKING_DIRECTORY ${CMAKE_CURRENT_LIST_DIR})
 endif()
 
+if(MACOX)
+    message("Client >> Cmake build OpenVPN: OSX build")
+    execute_process(COMMAND bash ${CMAKE_CURRENT_LIST_DIR}/macos/scripts/openvpn.sh args
+        WORKING_DIRECTORY ${CMAKE_CURRENT_LIST_DIR})
+
 set(IS_CI ${CI})
 if(IS_CI)
     message("Detected CI env")
@@ -102,7 +109,7 @@ if(IS_CI)
     endif()
 endif()
 
-
+message("Client >> Cmake build 3rdparty")
 include(${CMAKE_CURRENT_LIST_DIR}/cmake/3rdparty.cmake)
 
 include_directories(
@@ -151,7 +158,7 @@ include_directories(mozilla)
 include_directories(mozilla/shared)
 include_directories(mozilla/models)
 
-if(NOT IOS)
+if(NOT IOS OR NOT MACOX)
     set(HEADERS ${HEADERS}
         ${CMAKE_CURRENT_LIST_DIR}/platforms/ios/QRCodeReaderBase.h
     )
@@ -200,7 +207,7 @@ if(CMAKE_BUILD_TYPE STREQUAL "Debug")
     target_compile_definitions(${PROJECT} PRIVATE "MZ_DEBUG")
 endif()
 
-if(NOT IOS)
+if(NOT IOS OR NOT MACOX)
     set(SOURCES ${SOURCES}
         ${CMAKE_CURRENT_LIST_DIR}/platforms/ios/QRCodeReaderBase.cpp
     )
@@ -280,7 +287,7 @@ if(WIN32)
     set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} /SUBSYSTEM:WINDOWS /ENTRY:mainCRTStartup")
 endif()
 
-if(APPLE)
+if(MACOX)
     cmake_policy(SET CMP0099 OLD)
     cmake_policy(SET CMP0114 NEW)
 
@@ -308,7 +315,8 @@ if(LINUX AND NOT ANDROID)
     link_directories(${CMAKE_CURRENT_LIST_DIR}/platforms/linux)
 endif()
 
-if(WIN32 OR (APPLE AND NOT IOS) OR (LINUX AND NOT ANDROID))
+# if(WIN32 OR (MACOX AND NOT IOS) OR (LINUX AND NOT ANDROID))
+if(WIN32 OR (LINUX AND NOT ANDROID))
     message("Client desktop build")
     add_compile_definitions(AMNEZIA_DESKTOP)
 
@@ -341,12 +349,15 @@ if(ANDROID)
     include(cmake/android.cmake)
 endif()
 
-if(IOS)
+if(IOS) # only for iOS or OSX
+    message("Client >> Cmake: iOS build")
     include(cmake/ios.cmake)
-    include(cmake/ios-arch-fixup.cmake)
-elseif(APPLE AND NOT IOS)
-    include(cmake/osxtools.cmake)
+    #include(cmake/ios-arch-fixup.cmake)
+elseif(MACOX AND NOT IOS) # all version
+    message("Client >> Cmake: OSX build")
     include(cmake/macos.cmake)
+    # include(cmake/osxtools.cmake)
+    # include(cmake/macos.cmake)
 endif()
 
 target_link_libraries(${PROJECT} PRIVATE ${LIBS})
@@ -361,11 +372,11 @@ if(WIN32)
     endif()
 elseif(LINUX)
     set(DEPLOY_PLATFORM_PATH "linux/client")
-elseif(APPLE AND NOT IOS)
-    set(DEPLOY_PLATFORM_PATH "macos")
+# elseif(MACOX AND NOT IOS)
+#     set(DEPLOY_PLATFORM_PATH "macos")
 endif()
 
-if(NOT IOS AND NOT ANDROID)
+if(NOT IOS AND NOT ANDROID AND NOT MACOX)
     add_custom_command(
         TARGET ${PROJECT} POST_BUILD
         COMMAND ${CMAKE_COMMAND} -E $<IF:$<CONFIG:Debug>,copy_directory,true>
@@ -384,4 +395,30 @@ if(NOT IOS AND NOT ANDROID)
 endif()
 
 target_sources(${PROJECT} PRIVATE ${SOURCES} ${HEADERS} ${RESOURCES} ${QRC} ${I18NQRC})
+# set(IOS 0)
+# Sao chép QtConcurrent.framework vào thư mục Frameworks
+add_custom_command(TARGET ${PROJECT} POST_BUILD
+    COMMAND ${CMAKE_COMMAND} -E make_directory
+    "$<TARGET_BUNDLE_DIR:AmneziaVPN>/Contents/Frameworks"
+    COMMAND ${CMAKE_COMMAND} -E copy_directory
+    "/Users/macbook/Qt/6.8.0/macos/lib/QtConcurrent.framework"
+    "$<TARGET_BUNDLE_DIR:AmneziaVPN>/Contents/Frameworks/QtConcurrent.framework"
+)
+
+# Triển khai ứng dụng với macdeployqt và ký mã (nếu cần)
+add_custom_command(TARGET ${PROJECT} POST_BUILD
+    COMMAND ${QT_BIN_DIR_DETECTED}/macdeployqt $<TARGET_BUNDLE_DIR:AmneziaVPN> -appstore-compliant -qmldir=${CMAKE_CURRENT_SOURCE_DIR}
+)
+
+# Nếu ở chế độ Release, ký mã gói ứng dụng
+if(CMAKE_BUILD_TYPE STREQUAL "Release")
+    SET(SIGN_CMD codesign --deep --force --sign 'MACOX Distribution: Privacy Technologies OU \(X7UJ388FXK\)' --timestamp --options runtime $<TARGET_BUNDLE_DIR:AmneziaVPN>)
+    message("Manual signing bundle...")
+    message(${SIGN_CMD})
+
+    add_custom_command(TARGET ${PROJECT} POST_BUILD
+        COMMAND ${SIGN_CMD}
+    )
+endif()
+
 qt_finalize_target(${PROJECT})

client/amnezia_application.cpp

@@ -217,7 +217,7 @@ void AmneziaApplication::registerTypes()
     declareQmlProtocolEnum();
     declareQmlContainerEnum();
 
-    qmlRegisterType<QRCodeReader>("QRCodeReader", 1, 0, "QRCodeReader");
+   // qmlRegisterType<QRCodeReader>("QRCodeReader", 1, 0, "QRCodeReader");
 
     m_containerProps.reset(new ContainerProps());
     qmlRegisterSingletonInstance("ContainerProps", 1, 0, "ContainerProps", m_containerProps.get());

client/amnezia_application.h

@@ -1,6 +1,8 @@
 #ifndef AMNEZIA_APPLICATION_H
 #define AMNEZIA_APPLICATION_H
 
+#define Q_OS_IOS 1
+
 #include <QCommandLineParser>
 #include <QNetworkAccessManager>
 #include <QQmlApplicationEngine>

client/cmake/3rdparty.cmake

@@ -38,12 +38,12 @@ elseif(APPLE AND NOT IOS)
     set(OPENSSL_LIB_SSL_PATH "${OPENSSL_ROOT_DIR}/macos/lib/libssl.a")
     set(OPENSSL_LIB_CRYPTO_PATH "${OPENSSL_ROOT_DIR}/macos/lib/libcrypto.a")
 elseif(IOS)
-    set(LIBSSH_INCLUDE_DIR "${LIBSSH_ROOT_DIR}/ios/arm64")
-    set(LIBSSH_LIB_PATH "${LIBSSH_ROOT_DIR}/ios/arm64/libssh.a")
-    set(ZLIB_LIB_PATH "${LIBSSH_ROOT_DIR}/ios/arm64/libz.a")
-    set(OPENSSL_INCLUDE_DIR "${OPENSSL_ROOT_DIR}/ios/iphone/include")
-    set(OPENSSL_LIB_SSL_PATH "${OPENSSL_ROOT_DIR}/ios/iphone/lib/libssl.a")
-    set(OPENSSL_LIB_CRYPTO_PATH "${OPENSSL_ROOT_DIR}/ios/iphone/lib/libcrypto.a")
+    set(LIBSSH_INCLUDE_DIR "${LIBSSH_ROOT_DIR}/macos/x86_64")
+    set(LIBSSH_LIB_PATH "${LIBSSH_ROOT_DIR}/macos/x86_64/libssh.a")
+    set(ZLIB_LIB_PATH "${LIBSSH_ROOT_DIR}/macos/x86_64/libz.a")
+    set(OPENSSL_INCLUDE_DIR "${OPENSSL_ROOT_DIR}/macos/include")
+    set(OPENSSL_LIB_SSL_PATH "${OPENSSL_ROOT_DIR}/macos/lib/libssl.a")
+    set(OPENSSL_LIB_CRYPTO_PATH "${OPENSSL_ROOT_DIR}/macos/lib/libcrypto.a")
 elseif(ANDROID)
     set(abi ${CMAKE_ANDROID_ARCH_ABI})
     set(LIBSSH_INCLUDE_DIR "${LIBSSH_ROOT_DIR}/android/${abi}")

client/cmake/apple.cmake

@@ -0,0 +1,197 @@
+message("Client ==> iOS build")
+
+# Đường dẫn tới thư mục chứa HevSocks5Tunnel.xcframework
+set(HEV_SOCKS5_TUNNEL_PATH "${CMAKE_CURRENT_SOURCE_DIR}/3rd-prebuilt/3rd-prebuilt/xray")
+
+# Đường dẫn tới thư viện .a
+set(HEV_SOCKS5_TUNNEL_LIB "${HEV_SOCKS5_TUNNEL_PATH}/ios/libhev-socks5-tunnel.a")
+
+# Đường dẫn tới tệp header
+set(HEV_SOCKS5_TUNNEL_INCLUDE_DIR "${HEV_SOCKS5_TUNNEL_PATH}/ios/Headers")
+
+# Thêm tệp header vào include directories
+target_include_directories(${PROJECT} PRIVATE ${HEV_SOCKS5_TUNNEL_INCLUDE_DIR})
+
+# Liên kết thư viện tĩnh vào mục tiêu (target) của bạn
+target_link_libraries(${PROJECT} PRIVATE ${HEV_SOCKS5_TUNNEL_LIB})
+
+set_target_properties(${PROJECT} PROPERTIES MACOSX_BUNDLE TRUE)
+set(CMAKE_OSX_ARCHITECTURES "x86_64" CACHE INTERNAL "" FORCE)
+set(CMAKE_OSX_DEPLOYMENT_TARGET 10.15)
+
+set(APPLE_PROJECT_VERSION ${CMAKE_PROJECT_VERSION_MAJOR}.${CMAKE_PROJECT_VERSION_MINOR}.${CMAKE_PROJECT_VERSION_PATCH})
+
+
+enable_language(OBJC)
+# enable_language(OBJCXX)
+enable_language(Swift)
+
+find_package(Qt6 REQUIRED COMPONENTS ShaderTools)
+set(LIBS ${LIBS} Qt6::ShaderTools)
+
+find_library(FW_AUTHENTICATIONSERVICES AuthenticationServices)
+#find_library(FW_UIKIT UIKit)
+find_library(FW_AVFOUNDATION AVFoundation)
+find_library(FW_FOUNDATION Foundation)
+find_library(FW_STOREKIT StoreKit)
+find_library(FW_USERNOTIFICATIONS UserNotifications)
+find_library(FW_NETWORKEXTENSION NetworkExtension)
+
+set(LIBS ${LIBS}
+    ${FW_AUTHENTICATIONSERVICES}
+#    ${FW_UIKIT}
+    ${FW_AVFOUNDATION}
+    ${FW_FOUNDATION}
+    ${FW_STOREKIT}
+    ${FW_USERNOTIFICATIONS}
+    ${FW_NETWORKEXTENSION}
+)
+
+
+set(HEADERS ${HEADERS}
+    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/ios_controller.h
+    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/ios_controller_wrapper.h
+    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/iosnotificationhandler.h
+    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/QtAppDelegate.h
+    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/QtAppDelegate-C-Interface.h
+)
+set_source_files_properties(${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/ios_controller.h PROPERTIES OBJECTIVE_CPP_HEADER TRUE)
+
+
+set(SOURCES ${SOURCES}
+    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/ios_controller.mm
+    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/ios_controller_wrapper.mm
+    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/iosnotificationhandler.mm
+    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/iosglue.mm
+    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/QRCodeReaderBase.mm
+    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/QtAppDelegate.mm
+)
+
+set(ICON_FILE ${CMAKE_CURRENT_SOURCE_DIR}/images/app.icns)
+set(MACOSX_BUNDLE_ICON_FILE app.icns)
+set_source_files_properties(${ICON_FILE} PROPERTIES MACOSX_PACKAGE_LOCATION Resources)
+set(SOURCES ${SOURCES} ${ICON_FILE})
+
+# set(HEADERS ${HEADERS}
+#     ${CMAKE_CURRENT_SOURCE_DIR}/ui/macos_util.h
+# )
+
+# set(SOURCES ${SOURCES}
+#     ${CMAKE_CURRENT_SOURCE_DIR}/ui/macos_util.mm
+# )
+
+
+target_include_directories(${PROJECT} PRIVATE ${Qt6Gui_PRIVATE_INCLUDE_DIRS})
+
+
+set_target_properties(${PROJECT} PROPERTIES
+    XCODE_LINK_BUILD_PHASE_MODE KNOWN_LOCATION
+    MACOSX_BUNDLE_INFO_PLIST ${CMAKE_CURRENT_SOURCE_DIR}/ios/app/Info.plist.in
+    #MACOSX_BUNDLE_ICON_FILE "AppIcon"
+    MACOSX_BUNDLE_INFO_STRING "AmneziaVPN"
+    MACOSX_BUNDLE_BUNDLE_NAME "AmneziaVPN"
+    MACOSX_BUNDLE_BUNDLE_VERSION "${CMAKE_PROJECT_VERSION_TWEAK}"
+    MACOSX_BUNDLE_LONG_VERSION_STRING "${APPLE_PROJECT_VERSION}-${CMAKE_PROJECT_VERSION_TWEAK}"
+    MACOSX_BUNDLE_SHORT_VERSION_STRING "${APPLE_PROJECT_VERSION}"
+    XCODE_ATTRIBUTE_PRODUCT_BUNDLE_IDENTIFIER "${BUILD_OSX_APP_IDENTIFIER}"
+    XCODE_ATTRIBUTE_CODE_SIGN_ENTITLEMENTS "${CMAKE_CURRENT_SOURCE_DIR}/ios/app/main.entitlements"
+    XCODE_ATTRIBUTE_MARKETING_VERSION "${APPLE_PROJECT_VERSION}"
+    XCODE_ATTRIBUTE_CURRENT_PROJECT_VERSION "${CMAKE_PROJECT_VERSION_TWEAK}"
+    XCODE_ATTRIBUTE_PRODUCT_NAME "AmneziaVPN"
+    XCODE_ATTRIBUTE_BUNDLE_INFO_STRING "AmneziaVPN"
+    XCODE_GENERATE_SCHEME TRUE
+    XCODE_ATTRIBUTE_ENABLE_BITCODE "NO"
+    #XCODE_ATTRIBUTE_ASSETCATALOG_COMPILER_APPICON_NAME "AppIcon"
+    XCODE_ATTRIBUTE_TARGETED_DEVICE_FAMILY "1,2"
+    XCODE_EMBED_FRAMEWORKS_CODE_SIGN_ON_COPY "NO"
+    XCODE_EMBED_FRAMEWORKS_REMOVE_HEADERS_ON_COPY "YES"
+
+    XCODE_LINK_BUILD_PHASE_MODE KNOWN_LOCATION
+    XCODE_ATTRIBUTE_LD_RUNPATH_SEARCH_PATHS "@executable_path/../Frameworks"
+    XCODE_EMBED_APP_EXTENSIONS networkextension
+
+    XCODE_ATTRIBUTE_CODE_SIGN_STYLE Automatic
+    #XCODE_ATTRIBUTE_CODE_SIGN_STYLE Manual
+
+    #XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY "Apple Distribution: Privacy Technologies OU (X7UJ388FXK)"
+    #XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY[variant=Debug] "Apple Development"
+
+
+    #XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER "Mac AppStore AmneziaVPN"
+    #XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER[variant=Debug] "Mac AppStore AmneziaVPN"
+
+)
+set_target_properties(${PROJECT} PROPERTIES
+    XCODE_ATTRIBUTE_SWIFT_VERSION "5.0"
+    XCODE_ATTRIBUTE_CLANG_ENABLE_MODULES "YES"
+    XCODE_ATTRIBUTE_SWIFT_PRECOMPILE_BRIDGING_HEADER "NO"
+    XCODE_ATTRIBUTE_SWIFT_OBJC_INTERFACE_HEADER_NAME "AmneziaVPN-Swift.h"
+    XCODE_ATTRIBUTE_SWIFT_OBJC_INTEROP_MODE "objcxx"
+)
+set_target_properties(${PROJECT} PROPERTIES
+    XCODE_ATTRIBUTE_DEVELOPMENT_TEAM "X7UJ388FXK"
+)
+target_include_directories(${PROJECT} PRIVATE ${CMAKE_CURRENT_LIST_DIR})
+target_compile_options(${PROJECT} PRIVATE
+    -DGROUP_ID=\"${BUILD_IOS_GROUP_IDENTIFIER}\"
+    -DVPN_NE_BUNDLEID=\"${BUILD_OSX_APP_IDENTIFIER}.network-extension\"
+)
+
+set(WG_APPLE_SOURCE_DIR ${CMAKE_CURRENT_SOURCE_DIR}/3rd/amneziawg-apple/Sources)
+
+target_sources(${PROJECT} PRIVATE
+#    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/iosvpnprotocol.swift
+    ${WG_APPLE_SOURCE_DIR}/WireGuardKitC/x25519.c
+    ${CLIENT_ROOT_DIR}/platforms/ios/LogController.swift
+    ${CLIENT_ROOT_DIR}/platforms/ios/Log.swift
+    ${CLIENT_ROOT_DIR}/platforms/ios/LogRecord.swift
+    ${CLIENT_ROOT_DIR}/platforms/ios/ScreenProtection.swift
+    ${CLIENT_ROOT_DIR}/platforms/ios/VPNCController.swift
+)
+
+target_sources(${PROJECT} PRIVATE
+    #${CMAKE_CURRENT_SOURCE_DIR}/ios/app/AmneziaVPNLaunchScreen.storyboard
+    ${CMAKE_CURRENT_SOURCE_DIR}/ios/app/Media.xcassets
+    ${CMAKE_CURRENT_SOURCE_DIR}/ios/app/PrivacyInfo.xcprivacy
+)
+
+set_property(TARGET ${PROJECT} APPEND PROPERTY RESOURCE
+    #${CMAKE_CURRENT_SOURCE_DIR}/ios/app/AmneziaVPNLaunchScreen.storyboard
+    ${CMAKE_CURRENT_SOURCE_DIR}/ios/app/Media.xcassets
+    ${CMAKE_CURRENT_SOURCE_DIR}/ios/app/PrivacyInfo.xcprivacy
+)
+
+message("Client ==> build networkextension")
+add_subdirectory(macos/networkextension)
+add_dependencies(${PROJECT} networkextension)
+
+set_property(TARGET ${PROJECT} PROPERTY XCODE_EMBED_FRAMEWORKS
+    "${CMAKE_CURRENT_SOURCE_DIR}/3rd/OpenVPNAdapter/build/Release-macos/OpenVPNAdapter.framework"
+)
+
+
+
+set(CMAKE_XCODE_ATTRIBUTE_FRAMEWORK_SEARCH_PATHS ${CMAKE_CURRENT_SOURCE_DIR}/3rd/OpenVPNAdapter/build/Release-macos)
+target_link_libraries("networkextension" PRIVATE "${CMAKE_CURRENT_SOURCE_DIR}/3rd/OpenVPNAdapter/build/Release-macos/OpenVPNAdapter.framework")
+
+get_target_property(QtCore_location Qt6::Core LOCATION)
+message("QtCore_location")
+message(${QtCore_location})
+
+get_filename_component(QT_BIN_DIR_DETECTED "${QtCore_location}/../../../../../bin" ABSOLUTE)
+
+
+# add_custom_command(TARGET ${PROJECT} POST_BUILD
+#     COMMAND ${QT_BIN_DIR_DETECTED}/macdeployqt $<TARGET_BUNDLE_DIR:AmneziaVPN> -appstore-compliant -qmldir=${CMAKE_CURRENT_SOURCE_DIR}
+# )
+
+# if(CMAKE_BUILD_TYPE STREQUAL "Release")
+#     SET(SIGN_CMD codesign --deep --force --sign 'Apple Distribution: Privacy Technologies OU \(X7UJ388FXK\)' --timestamp --options runtime $<TARGET_BUNDLE_DIR:AmneziaVPN>)
+#     message("Manual signing bundle...")
+#     message(${SIGN_CMD})
+
+
+#     add_custom_command(TARGET ${PROJECT} POST_BUILD
+#         COMMAND ${SIGN_CMD}
+#     )
+# endif()

client/cmake/ios-arch-fixup.cmake

@@ -37,7 +37,7 @@ while(IOS_TARGETS)
     ## I just want to say it's amazing this doesn't explode with syntax errors.
     message("Patching architectures for ${TARGET_NAME}")
     set_target_properties(${TARGET_NAME} PROPERTIES
-        XCODE_ATTRIBUTE_ARCHS[sdk=iphoneos*] "arm64"
+        XCODE_ATTRIBUTE_ARCHS[sdk=macosx*] "x86_64"
         XCODE_ATTRIBUTE_ARCHS[sdk=iphonesimulator*] "x86_64"
     )
 endwhile()

client/cmake/ios.cmake

@@ -1,17 +1,21 @@
-message("Client iOS build")
-set(CMAKE_OSX_DEPLOYMENT_TARGET 13.0)
+message("Client ==> iOS build")
+
+set_target_properties(${PROJECT} PROPERTIES MACOSX_BUNDLE TRUE)
+set(CMAKE_OSX_ARCHITECTURES "x86_64" CACHE INTERNAL "" FORCE)
+set(CMAKE_OSX_DEPLOYMENT_TARGET 10.15)
+
 set(APPLE_PROJECT_VERSION ${CMAKE_PROJECT_VERSION_MAJOR}.${CMAKE_PROJECT_VERSION_MINOR}.${CMAKE_PROJECT_VERSION_PATCH})
 
 
 enable_language(OBJC)
-enable_language(OBJCXX)
+# enable_language(OBJCXX)
 enable_language(Swift)
 
 find_package(Qt6 REQUIRED COMPONENTS ShaderTools)
 set(LIBS ${LIBS} Qt6::ShaderTools)
 
 find_library(FW_AUTHENTICATIONSERVICES AuthenticationServices)
-find_library(FW_UIKIT UIKit)
+#find_library(FW_UIKIT UIKit)
 find_library(FW_AVFOUNDATION AVFoundation)
 find_library(FW_FOUNDATION Foundation)
 find_library(FW_STOREKIT StoreKit)
@@ -20,7 +24,7 @@ find_library(FW_NETWORKEXTENSION NetworkExtension)
 
 set(LIBS ${LIBS}
     ${FW_AUTHENTICATIONSERVICES}
-    ${FW_UIKIT}
+#    ${FW_UIKIT}
     ${FW_AVFOUNDATION}
     ${FW_FOUNDATION}
     ${FW_STOREKIT}
@@ -48,6 +52,19 @@ set(SOURCES ${SOURCES}
     ${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/QtAppDelegate.mm
 )
 
+set(ICON_FILE ${CMAKE_CURRENT_SOURCE_DIR}/images/app.icns)
+set(MACOSX_BUNDLE_ICON_FILE app.icns)
+set_source_files_properties(${ICON_FILE} PROPERTIES MACOSX_PACKAGE_LOCATION Resources)
+set(SOURCES ${SOURCES} ${ICON_FILE})
+
+# set(HEADERS ${HEADERS}
+#     ${CMAKE_CURRENT_SOURCE_DIR}/ui/macos_util.h
+# )
+
+# set(SOURCES ${SOURCES}
+#     ${CMAKE_CURRENT_SOURCE_DIR}/ui/macos_util.mm
+# )
+
 
 target_include_directories(${PROJECT} PRIVATE ${Qt6Gui_PRIVATE_INCLUDE_DIRS})
 
@@ -55,10 +72,9 @@ target_include_directories(${PROJECT} PRIVATE ${Qt6Gui_PRIVATE_INCLUDE_DIRS})
 set_target_properties(${PROJECT} PROPERTIES
     XCODE_LINK_BUILD_PHASE_MODE KNOWN_LOCATION
     MACOSX_BUNDLE_INFO_PLIST ${CMAKE_CURRENT_SOURCE_DIR}/ios/app/Info.plist.in
-    MACOSX_BUNDLE_ICON_FILE "AppIcon"
+    #MACOSX_BUNDLE_ICON_FILE "AppIcon"
     MACOSX_BUNDLE_INFO_STRING "AmneziaVPN"
     MACOSX_BUNDLE_BUNDLE_NAME "AmneziaVPN"
-    MACOSX_BUNDLE_GUI_IDENTIFIER "${BUILD_IOS_APP_IDENTIFIER}"
     MACOSX_BUNDLE_BUNDLE_VERSION "${CMAKE_PROJECT_VERSION_TWEAK}"
     MACOSX_BUNDLE_LONG_VERSION_STRING "${APPLE_PROJECT_VERSION}-${CMAKE_PROJECT_VERSION_TWEAK}"
     MACOSX_BUNDLE_SHORT_VERSION_STRING "${APPLE_PROJECT_VERSION}"
@@ -70,17 +86,25 @@ set_target_properties(${PROJECT} PROPERTIES
     XCODE_ATTRIBUTE_BUNDLE_INFO_STRING "AmneziaVPN"
     XCODE_GENERATE_SCHEME TRUE
     XCODE_ATTRIBUTE_ENABLE_BITCODE "NO"
-    XCODE_ATTRIBUTE_ASSETCATALOG_COMPILER_APPICON_NAME "AppIcon"
+    #XCODE_ATTRIBUTE_ASSETCATALOG_COMPILER_APPICON_NAME "AppIcon"
     XCODE_ATTRIBUTE_TARGETED_DEVICE_FAMILY "1,2"
-    XCODE_EMBED_FRAMEWORKS_CODE_SIGN_ON_COPY ON
+    XCODE_EMBED_FRAMEWORKS_CODE_SIGN_ON_COPY "NO"
+    XCODE_EMBED_FRAMEWORKS_REMOVE_HEADERS_ON_COPY "YES"
+
     XCODE_LINK_BUILD_PHASE_MODE KNOWN_LOCATION
-    XCODE_ATTRIBUTE_LD_RUNPATH_SEARCH_PATHS "@executable_path/Frameworks"
+    XCODE_ATTRIBUTE_LD_RUNPATH_SEARCH_PATHS "@executable_path/../Frameworks"
     XCODE_EMBED_APP_EXTENSIONS networkextension
-    XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY "Apple Distribution"
-    XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY[variant=Debug] "Apple Development"
-    XCODE_ATTRIBUTE_CODE_SIGN_STYLE Manual
-    XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER "match AppStore org.amnezia.AmneziaVPN"
-    XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER[variant=Debug] "match Development org.amnezia.AmneziaVPN"
+
+    XCODE_ATTRIBUTE_CODE_SIGN_STYLE Automatic
+    #XCODE_ATTRIBUTE_CODE_SIGN_STYLE Manual
+
+    #XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY "Apple Distribution: Privacy Technologies OU (X7UJ388FXK)"
+    #XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY[variant=Debug] "Apple Development"
+
+
+    #XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER "Mac AppStore AmneziaVPN"
+    #XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER[variant=Debug] "Mac AppStore AmneziaVPN"
+
 )
 set_target_properties(${PROJECT} PROPERTIES
     XCODE_ATTRIBUTE_SWIFT_VERSION "5.0"
@@ -111,13 +135,13 @@ target_sources(${PROJECT} PRIVATE
 )
 
 target_sources(${PROJECT} PRIVATE
-    ${CMAKE_CURRENT_SOURCE_DIR}/ios/app/AmneziaVPNLaunchScreen.storyboard
+    #${CMAKE_CURRENT_SOURCE_DIR}/ios/app/AmneziaVPNLaunchScreen.storyboard
     ${CMAKE_CURRENT_SOURCE_DIR}/ios/app/Media.xcassets
     ${CMAKE_CURRENT_SOURCE_DIR}/ios/app/PrivacyInfo.xcprivacy
 )
 
 set_property(TARGET ${PROJECT} APPEND PROPERTY RESOURCE
-    ${CMAKE_CURRENT_SOURCE_DIR}/ios/app/AmneziaVPNLaunchScreen.storyboard
+    #${CMAKE_CURRENT_SOURCE_DIR}/ios/app/AmneziaVPNLaunchScreen.storyboard
     ${CMAKE_CURRENT_SOURCE_DIR}/ios/app/Media.xcassets
     ${CMAKE_CURRENT_SOURCE_DIR}/ios/app/PrivacyInfo.xcprivacy
 )
@@ -129,6 +153,29 @@ set_property(TARGET ${PROJECT} PROPERTY XCODE_EMBED_FRAMEWORKS
     "${CMAKE_CURRENT_SOURCE_DIR}/3rd/OpenVPNAdapter/build/Release-iphoneos/OpenVPNAdapter.framework"
 )
 
+
+
 set(CMAKE_XCODE_ATTRIBUTE_FRAMEWORK_SEARCH_PATHS ${CMAKE_CURRENT_SOURCE_DIR}/3rd/OpenVPNAdapter/build/Release-iphoneos)
 target_link_libraries("networkextension" PRIVATE "${CMAKE_CURRENT_SOURCE_DIR}/3rd/OpenVPNAdapter/build/Release-iphoneos/OpenVPNAdapter.framework")
 
+get_target_property(QtCore_location Qt6::Core LOCATION)
+message("QtCore_location")
+message(${QtCore_location})
+
+get_filename_component(QT_BIN_DIR_DETECTED "${QtCore_location}/../../../../../bin" ABSOLUTE)
+
+
+# add_custom_command(TARGET ${PROJECT} POST_BUILD
+#     COMMAND ${QT_BIN_DIR_DETECTED}/macdeployqt $<TARGET_BUNDLE_DIR:AmneziaVPN> -appstore-compliant -qmldir=${CMAKE_CURRENT_SOURCE_DIR}
+# )
+
+# if(CMAKE_BUILD_TYPE STREQUAL "Release")
+#     SET(SIGN_CMD codesign --deep --force --sign 'Apple Distribution: Privacy Technologies OU \(X7UJ388FXK\)' --timestamp --options runtime $<TARGET_BUNDLE_DIR:AmneziaVPN>)
+#     message("Manual signing bundle...")
+#     message(${SIGN_CMD})
+
+
+#     add_custom_command(TARGET ${PROJECT} POST_BUILD
+#         COMMAND ${SIGN_CMD}
+#     )
+# endif()

client/cmake/macos.cmake

@@ -1,34 +1,55 @@
-message("MAC build")
-
-find_library(FW_SYSTEMCONFIG SystemConfiguration)
-find_library(FW_SERVICEMGMT ServiceManagement)
-find_library(FW_SECURITY Security)
-find_library(FW_COREWLAN CoreWLAN)
-find_library(FW_NETWORK Network)
-find_library(FW_USER_NOTIFICATIONS UserNotifications)
-find_library(FW_NETWORK_EXTENSION NetworkExtension)
-
-set(LIBS ${LIBS}
-    ${FW_SYSTEMCONFIG}
-    ${FW_SERVICEMGMT}
-    ${FW_SECURITY}
-    ${FW_COREWLAN}
-    ${FW_NETWORK}
-    ${FW_USERNOTIFICATIONS}
-    ${FW_NETWORK_EXTENSION}
-)
+message("Client ==> iOS build")
 
 set_target_properties(${PROJECT} PROPERTIES MACOSX_BUNDLE TRUE)
 set(CMAKE_OSX_ARCHITECTURES "x86_64" CACHE INTERNAL "" FORCE)
 set(CMAKE_OSX_DEPLOYMENT_TARGET 10.15)
 
+set(APPLE_PROJECT_VERSION ${CMAKE_PROJECT_VERSION_MAJOR}.${CMAKE_PROJECT_VERSION_MINOR}.${CMAKE_PROJECT_VERSION_PATCH})
 
-set(HEADERS ${HEADERS}
-    ${CMAKE_CURRENT_SOURCE_DIR}/ui/macos_util.h
+
+enable_language(OBJC)
+# enable_language(OBJCXX)
+enable_language(Swift)
+
+find_package(Qt6 REQUIRED COMPONENTS ShaderTools)
+set(LIBS ${LIBS} Qt6::ShaderTools)
+
+find_library(FW_AUTHENTICATIONSERVICES AuthenticationServices)
+#find_library(FW_UIKIT UIKit)
+find_library(FW_AVFOUNDATION AVFoundation)
+find_library(FW_FOUNDATION Foundation)
+find_library(FW_STOREKIT StoreKit)
+find_library(FW_USERNOTIFICATIONS UserNotifications)
+find_library(FW_NETWORKEXTENSION NetworkExtension)
+
+set(LIBS ${LIBS}
+    ${FW_AUTHENTICATIONSERVICES}
+#    ${FW_UIKIT}
+    ${FW_AVFOUNDATION}
+    ${FW_FOUNDATION}
+    ${FW_STOREKIT}
+    ${FW_USERNOTIFICATIONS}
+    ${FW_NETWORKEXTENSION}
 )
 
+
+set(HEADERS ${HEADERS}
+    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/macos/ios_controller.h
+    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/macos/ios_controller_wrapper.h
+    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/macos/iosnotificationhandler.h
+    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/macos/QtAppDelegate.h
+    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/macos/QtAppDelegate-C-Interface.h
+)
+set_source_files_properties(${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/ios_controller.h PROPERTIES OBJECTIVE_CPP_HEADER TRUE)
+
+
 set(SOURCES ${SOURCES}
-    ${CMAKE_CURRENT_SOURCE_DIR}/ui/macos_util.mm
+    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/macos/ios_controller.mm
+    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/macos/ios_controller_wrapper.mm
+    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/macos/iosnotificationhandler.mm
+    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/macos/iosglue.mm
+    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/macos/QRCodeReaderBase.mm
+    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/macos/QtAppDelegate.mm
 )
 
 set(ICON_FILE ${CMAKE_CURRENT_SOURCE_DIR}/images/app.icns)
@@ -36,17 +57,125 @@ set(MACOSX_BUNDLE_ICON_FILE app.icns)
 set_source_files_properties(${ICON_FILE} PROPERTIES MACOSX_PACKAGE_LOCATION Resources)
 set(SOURCES ${SOURCES} ${ICON_FILE})
 
+# set(HEADERS ${HEADERS}
+#     ${CMAKE_CURRENT_SOURCE_DIR}/ui/macos_util.h
+# )
+
+# set(SOURCES ${SOURCES}
+#     ${CMAKE_CURRENT_SOURCE_DIR}/ui/macos_util.mm
+# )
+
+
+target_include_directories(${PROJECT} PRIVATE ${Qt6Gui_PRIVATE_INCLUDE_DIRS})
+
+
+set_target_properties(${PROJECT} PROPERTIES
+    XCODE_LINK_BUILD_PHASE_MODE KNOWN_LOCATION
+    MACOSX_BUNDLE_INFO_PLIST ${CMAKE_CURRENT_SOURCE_DIR}/macos/app/Info.plist.in
+    #MACOSX_BUNDLE_ICON_FILE "AppIcon"
+    MACOSX_BUNDLE_INFO_STRING "AmneziaVPN"
+    MACOSX_BUNDLE_BUNDLE_NAME "AmneziaVPN"
+    MACOSX_BUNDLE_BUNDLE_VERSION "${CMAKE_PROJECT_VERSION_TWEAK}"
+    MACOSX_BUNDLE_LONG_VERSION_STRING "${APPLE_PROJECT_VERSION}-${CMAKE_PROJECT_VERSION_TWEAK}"
+    MACOSX_BUNDLE_SHORT_VERSION_STRING "${APPLE_PROJECT_VERSION}"
+    XCODE_ATTRIBUTE_PRODUCT_BUNDLE_IDENTIFIER "${BUILD_OSX_APP_IDENTIFIER}"
+    XCODE_ATTRIBUTE_CODE_SIGN_ENTITLEMENTS "${CMAKE_CURRENT_SOURCE_DIR}/macos/app/main.entitlements"
+    XCODE_ATTRIBUTE_MARKETING_VERSION "${APPLE_PROJECT_VERSION}"
+    XCODE_ATTRIBUTE_CURRENT_PROJECT_VERSION "${CMAKE_PROJECT_VERSION_TWEAK}"
+    XCODE_ATTRIBUTE_PRODUCT_NAME "AmneziaVPN"
+    XCODE_ATTRIBUTE_BUNDLE_INFO_STRING "AmneziaVPN"
+    XCODE_GENERATE_SCHEME TRUE
+    XCODE_ATTRIBUTE_ENABLE_BITCODE "NO"
+    #XCODE_ATTRIBUTE_ASSETCATALOG_COMPILER_APPICON_NAME "AppIcon"
+    XCODE_ATTRIBUTE_TARGETED_DEVICE_FAMILY "1,2"
+    XCODE_EMBED_FRAMEWORKS_CODE_SIGN_ON_COPY "NO"
+    XCODE_EMBED_FRAMEWORKS_REMOVE_HEADERS_ON_COPY "YES"
+
+    XCODE_LINK_BUILD_PHASE_MODE KNOWN_LOCATION
+    XCODE_ATTRIBUTE_LD_RUNPATH_SEARCH_PATHS "@executable_path/../Frameworks"
+    XCODE_EMBED_APP_EXTENSIONS networkextension
+
+    XCODE_ATTRIBUTE_CODE_SIGN_STYLE Automatic
+    #XCODE_ATTRIBUTE_CODE_SIGN_STYLE Manual
+
+    #XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY "Apple Distribution: Privacy Technologies OU (X7UJ388FXK)"
+    #XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY[variant=Debug] "Apple Development"
+
+
+    #XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER "Mac AppStore AmneziaVPN"
+    #XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER[variant=Debug] "Mac AppStore AmneziaVPN"
+
+)
+set_target_properties(${PROJECT} PROPERTIES
+    XCODE_ATTRIBUTE_SWIFT_VERSION "5.0"
+    XCODE_ATTRIBUTE_CLANG_ENABLE_MODULES "YES"
+    XCODE_ATTRIBUTE_SWIFT_PRECOMPILE_BRIDGING_HEADER "NO"
+    XCODE_ATTRIBUTE_SWIFT_OBJC_INTERFACE_HEADER_NAME "AmneziaVPN-Swift.h"
+    XCODE_ATTRIBUTE_SWIFT_OBJC_INTEROP_MODE "objcxx"
+)
+set_target_properties(${PROJECT} PROPERTIES
+    XCODE_ATTRIBUTE_DEVELOPMENT_TEAM "X7UJ388FXK"
+)
+target_include_directories(${PROJECT} PRIVATE ${CMAKE_CURRENT_LIST_DIR})
 target_compile_options(${PROJECT} PRIVATE
     -DGROUP_ID=\"${BUILD_IOS_GROUP_IDENTIFIER}\"
     -DVPN_NE_BUNDLEID=\"${BUILD_IOS_APP_IDENTIFIER}.network-extension\"
 )
 
-# Get SDK path
-execute_process(
-    COMMAND sh -c "xcrun --sdk macosx --show-sdk-path"
-    OUTPUT_VARIABLE OSX_SDK_PATH
-    OUTPUT_STRIP_TRAILING_WHITESPACE
+set(WG_APPLE_SOURCE_DIR ${CMAKE_CURRENT_SOURCE_DIR}/3rd/amneziawg-apple/Sources)
+
+target_sources(${PROJECT} PRIVATE
+#    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/iosvpnprotocol.swift
+    ${WG_APPLE_SOURCE_DIR}/WireGuardKitC/x25519.c
+    ${CLIENT_ROOT_DIR}/platforms/macos/LogController.swift
+    ${CLIENT_ROOT_DIR}/platforms/macos/Log.swift
+    ${CLIENT_ROOT_DIR}/platforms/macos/LogRecord.swift
+    ${CLIENT_ROOT_DIR}/platforms/macos/ScreenProtection.swift
+    ${CLIENT_ROOT_DIR}/platforms/macos/VPNCController.swift
 )
-message("OSX_SDK_PATH is: ${OSX_SDK_PATH}")
+
+target_sources(${PROJECT} PRIVATE
+    # ${CMAKE_CURRENT_SOURCE_DIR}/macos/app/AmneziaVPNLaunchScreen.storyboard
+    ${CMAKE_CURRENT_SOURCE_DIR}/macos/app/Media.xcassets
+    ${CMAKE_CURRENT_SOURCE_DIR}/macos/app/PrivacyInfo.xcprivacy
+)
+
+set_property(TARGET ${PROJECT} APPEND PROPERTY RESOURCE
+    # ${CMAKE_CURRENT_SOURCE_DIR}/macos/app/AmneziaVPNLaunchScreen.storyboard
+    ${CMAKE_CURRENT_SOURCE_DIR}/macos/app/Media.xcassets
+    ${CMAKE_CURRENT_SOURCE_DIR}/macos/app/PrivacyInfo.xcprivacy
+)
+
+add_subdirectory(macos/networkextension)
+add_dependencies(${PROJECT} networkextension)
+
+# set_property(TARGET ${PROJECT} PROPERTY XCODE_EMBED_FRAMEWORKS
+#     "${CMAKE_CURRENT_SOURCE_DIR}/3rd/OpenVPNAdapter/build/Release-macos/OpenVPNAdapter.framework"
+# )
 
 
+
+# set(CMAKE_XCODE_ATTRIBUTE_FRAMEWORK_SEARCH_PATHS ${CMAKE_CURRENT_SOURCE_DIR}/3rd/OpenVPNAdapter/build/Release-macos)
+# target_link_libraries("networkextension" PRIVATE "${CMAKE_CURRENT_SOURCE_DIR}/3rd/OpenVPNAdapter/build/Release-macos/OpenVPNAdapter.framework")
+
+get_target_property(QtCore_location Qt6::Core LOCATION)
+message("QtCore_location")
+message(${QtCore_location})
+
+get_filename_component(QT_BIN_DIR_DETECTED "${QtCore_location}/../../../../../bin" ABSOLUTE)
+
+
+# add_custom_command(TARGET ${PROJECT} POST_BUILD
+#     COMMAND ${QT_BIN_DIR_DETECTED}/macdeployqt $<TARGET_BUNDLE_DIR:AmneziaVPN> -appstore-compliant -qmldir=${CMAKE_CURRENT_SOURCE_DIR}
+# )
+
+# if(CMAKE_BUILD_TYPE STREQUAL "Release")
+#     SET(SIGN_CMD codesign --deep --force --sign 'Apple Distribution: Privacy Technologies OU \(X7UJ388FXK\)' --timestamp --options runtime $<TARGET_BUNDLE_DIR:AmneziaVPN>)
+#     message("Manual signing bundle...")
+#     message(${SIGN_CMD})
+
+
+#     add_custom_command(TARGET ${PROJECT} POST_BUILD
+#         COMMAND ${SIGN_CMD}
+#     )
+# endif()

client/configurators/openvpn_configurator.cpp

@@ -1,5 +1,7 @@
 #include "openvpn_configurator.h"
 
+#define Q_OS_IOS 1
+
 #include <QDebug>
 #include <QJsonDocument>
 #include <QJsonObject>

client/configurators/ssh_configurator.cpp

@@ -1,5 +1,7 @@
 #include "ssh_configurator.h"
 
+#define Q_OS_IOS 1
+
 #include <QDebug>
 #include <QObject>
 #include <QProcess>
@@ -101,8 +103,8 @@ QProcessEnvironment SshConfigurator::prepareEnv()
     pathEnvVar.clear();
     pathEnvVar.prepend(QDir::toNativeSeparators(QApplication::applicationDirPath()) + "\\cygwin;");
     pathEnvVar.prepend(QDir::toNativeSeparators(QApplication::applicationDirPath()) + "\\openvpn;");
-#elif defined(Q_OS_MACX)
-    pathEnvVar.prepend(QDir::toNativeSeparators(QApplication::applicationDirPath()) + "/Contents/MacOS");
+//#elif defined(Q_OS_MACX)
+//    pathEnvVar.prepend(QDir::toNativeSeparators(QApplication::applicationDirPath()) + "/Contents/MacOS");
 #endif
 
     env.insert("PATH", pathEnvVar);

client/containers/containers_defs.cpp

@@ -285,6 +285,7 @@ bool ContainerProps::isSupportedByCurrentPlatform(DockerContainer c)
     case DockerContainer::WireGuard: return true;
     case DockerContainer::OpenVpn: return true;
     case DockerContainer::Awg: return true;
+    case DockerContainer::Xray: return true;
     case DockerContainer::Cloak:
         return true;
         //    case DockerContainer::ShadowSocks: return true;
@@ -388,3 +389,18 @@ QJsonObject ContainerProps::getProtocolConfigFromContainer(const Proto protocol,
 
     return QJsonDocument::fromJson(protocolConfigString.toUtf8()).object();
 }
+
+int ContainerProps::installPageOrder(DockerContainer container)
+{
+    switch (container) {
+    case DockerContainer::OpenVpn: return 4;
+    case DockerContainer::Cloak: return 5;
+    case DockerContainer::ShadowSocks: return 6;
+    case DockerContainer::WireGuard: return 2;
+    case DockerContainer::Awg: return 1;
+    case DockerContainer::Xray: return 3;
+    case DockerContainer::Ipsec: return 7;
+    case DockerContainer::SSXray: return 8;
+    default: return 0;
+    }
+}

client/containers/containers_defs.h

@@ -72,6 +72,8 @@ namespace amnezia
         static bool isShareable(amnezia::DockerContainer container);
 
         static QJsonObject getProtocolConfigFromContainer(const amnezia::Proto protocol, const QJsonObject &containerConfig);
+
+        static int installPageOrder(amnezia::DockerContainer container);
     };
 
     static void declareQmlContainerEnum()

client/core/controllers/apiController.cpp

@@ -1,3 +1,5 @@
+#define Q_OS_IOS 1
+
 #include "apiController.h"
 
 #include <QEventLoop>

client/core/ipcclient.h

@@ -5,10 +5,12 @@
 #include <QObject>
 
 #include "ipc.h"
-#include "rep_ipc_interface_replica.h"
+//#include "rep_ipc_interface_replica.h"
 
 #include "privileged_process.h"
 
+/*
+
 class IpcClient : public QObject
 {
     Q_OBJECT
@@ -46,6 +48,6 @@ private:
     bool m_isSocketConnected {false};
 
     static IpcClient *m_instance;
-};
+}; */
 
 #endif // IPCCLIENT_H

client/core/privileged_process.h

@@ -3,21 +3,21 @@
 
 #include <QObject>
 
-#include "rep_ipc_process_interface_replica.h"
+// #include "rep_ipc_process_interface_replica.h"
 // This class is dangerous - instance of this class casted from base class,
 // so it support only functions
 // Do not add any members into it
 //
-class PrivilegedProcess : public IpcProcessInterfaceReplica
-{
-    Q_OBJECT
-public:
-    PrivilegedProcess();
-    ~PrivilegedProcess() override;
+//class PrivilegedProcess : public IpcProcessInterfaceReplica
+//{
+//    Q_OBJECT
+//public:
+//    PrivilegedProcess();
+//    ~PrivilegedProcess() override;
 
-    void waitForFinished(int msecs);
+//    void waitForFinished(int msecs);
 
-};
+//};
 
 #endif // PRIVILEGED_PROCESS_H
 

client/ios/app/Info.plist.in

@@ -11,7 +11,7 @@
 	<key>CFBundleExecutable</key>
 	<string>${MACOSX_BUNDLE_EXECUTABLE_NAME}</string>
 	<key>CFBundleIdentifier</key>
-	<string>${MACOSX_BUNDLE_GUI_IDENTIFIER}</string>
+	<string>org.amnezia.AmneziaVPN</string>
 	<key>CFBundleInfoDictionaryVersion</key>
 	<string>6.0</string>
 	<key>CFBundleName</key>
@@ -24,23 +24,10 @@
 	<string>${MACOSX_BUNDLE_BUNDLE_VERSION}</string>
 	<key>NSHumanReadableCopyright</key>
 	<string>${MACOSX_BUNDLE_COPYRIGHT}</string>
+	<key>LSApplicationCategoryType</key>
+	<string>public.app-category.utilities</string>
 	<key>ITSAppUsesNonExemptEncryption</key>
 	<false/>
-	<key>LSRequiresIPhoneOS</key>
-	<true/>
-	<key>LSSupportsOpeningDocumentsInPlace</key>
-	<false/>
-	<key>UILaunchStoryboardName</key>
-	<string>AmneziaVPNLaunchScreen</string>
-	<key>UIRequiredDeviceCapabilities</key>
-	<array/>
-	<key>UIRequiresFullScreen</key>
-	<true/>
-	<key>UISupportedInterfaceOrientations</key>
-	<array>
-		<string>UIInterfaceOrientationPortraitUpsideDown</string>
-		<string>UIInterfaceOrientationPortrait</string>
-	</array>
 	<key>UISupportedInterfaceOrientations~ipad</key>
 	<array/>
 	<key>UIUserInterfaceStyle</key>

client/ios/app/main.entitlements

@@ -2,19 +2,29 @@
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <dict>
+	<key>com.apple.application-identifier</key>
+	<string>X7UJ388FXK.org.amnezia.AmneziaVPN</string>
 	<key>com.apple.developer.networking.networkextension</key>
 	<array>
 		<string>packet-tunnel-provider</string>
 	</array>
+	<key>com.apple.developer.team-identifier</key>
+	<string>X7UJ388FXK</string>
+	<key>com.apple.security.app-sandbox</key>
+	<true/>
 	<key>com.apple.security.application-groups</key>
 	<array>
 		<string>group.org.amnezia.AmneziaVPN</string>
 	</array>
 	<key>com.apple.security.files.user-selected.read-write</key>
 	<true/>
+	<key>com.apple.security.network.client</key>
+	<true/>
+	<key>com.apple.security.network.server</key>
+	<true/>
 	<key>keychain-access-groups</key>
 	<array>
-		<string>$(AppIdentifierPrefix)group.org.amnezia.AmneziaVPN</string>
+		<string>$(AppIdentifierPrefix)org.amnezia.AmneziaVPN</string>
 	</array>
 </dict>
 </plist>

client/ios/networkextension/AmneziaVPNNetworkExtension.entitlements

@@ -2,17 +2,27 @@
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <dict>
+	<key>com.apple.application-identifier</key>
+	<string>X7UJ388FXK.org.amnezia.AmneziaVPN.network-extension</string>
 	<key>com.apple.developer.networking.networkextension</key>
 	<array>
 		<string>packet-tunnel-provider</string>
 	</array>
+	<key>com.apple.developer.team-identifier</key>
+	<string>X7UJ388FXK</string>
+	<key>com.apple.security.app-sandbox</key>
+	<true/>
 	<key>com.apple.security.application-groups</key>
 	<array>
 		<string>group.org.amnezia.AmneziaVPN</string>
 	</array>
+	<key>com.apple.security.network.client</key>
+	<true/>
+	<key>com.apple.security.network.server</key>
+	<true/>
 	<key>keychain-access-groups</key>
 	<array>
-		<string>$(AppIdentifierPrefix)group.org.amnezia.AmneziaVPN</string>
+		<string>$(AppIdentifierPrefix)org.amnezia.AmneziaVPN.network-extension</string>
 	</array>
 </dict>
 </plist>

client/ios/networkextension/CMakeLists.txt

@@ -1,21 +1,24 @@
 enable_language(Swift)
-
+message("Client message >> iOS build >> networkextension")
 set(CLIENT_ROOT_DIR ${CMAKE_CURRENT_LIST_DIR}/../..)
 
 add_executable(networkextension)
+
+configure_file(
+    ${CMAKE_CURRENT_LIST_DIR}/Info.plist.in
+    ${CMAKE_CURRENT_BINARY_DIR}/Info.plist
+)
+
 set_target_properties(networkextension PROPERTIES
     XCODE_PRODUCT_TYPE com.apple.product-type.app-extension
     BUNDLE_EXTENSION appex
 
-    MACOSX_BUNDLE_INFO_PLIST ${CMAKE_CURRENT_SOURCE_DIR}/Info.plist.in
-    MACOSX_BUNDLE_INFO_STRING "AmneziaVPNNetworkExtension"
-    MACOSX_BUNDLE_BUNDLE_NAME "AmneziaVPNNetworkExtension"
-    MACOSX_BUNDLE_GUI_IDENTIFIER "${BUILD_IOS_APP_IDENTIFIER}.network-extension"
-    MACOSX_BUNDLE_BUNDLE_VERSION "${CMAKE_PROJECT_VERSION_TWEAK}"
-    MACOSX_BUNDLE_LONG_VERSION_STRING "${APPLE_PROJECT_VERSION}-${CMAKE_PROJECT_VERSION_TWEAK}"
+    #MACOSX_BUNDLE_INFO_PLIST ${CMAKE_CURRENT_BINARY_DIR}/Info.plist
+
     MACOSX_BUNDLE_SHORT_VERSION_STRING "${APPLE_PROJECT_VERSION}"
 
     XCODE_ATTRIBUTE_PRODUCT_BUNDLE_IDENTIFIER "${BUILD_IOS_APP_IDENTIFIER}.network-extension"
+    XCODE_ATTRIBUTE_PRODUCT_BUNDLE_NAME "${BUILD_IOS_APP_IDENTIFIER}.network-extension"
     XCODE_ATTRIBUTE_CODE_SIGN_ENTITLEMENTS ${CMAKE_CURRENT_SOURCE_DIR}/AmneziaVPNNetworkExtension.entitlements
     XCODE_ATTRIBUTE_MARKETING_VERSION "${APP_MAJOR_VERSION}"
     XCODE_ATTRIBUTE_CURRENT_PROJECT_VERSION "${BUILD_ID}"
@@ -27,14 +30,41 @@ set_target_properties(networkextension PROPERTIES
 
     XCODE_ATTRIBUTE_LD_RUNPATH_SEARCH_PATHS "@executable_path/../../Frameworks"
 
-    XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY "Apple Distribution"
-    XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY[variant=Debug] "Apple Development"
+    # XCODE_ATTRIBUTE_CODE_SIGN_STYLE Automatic
+    # #XCODE_ATTRIBUTE_CODE_SIGN_STYLE Manual
 
-    XCODE_ATTRIBUTE_CODE_SIGN_STYLE Manual
-    XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER "match AppStore org.amnezia.AmneziaVPN.network-extension"
-    XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER[variant=Debug] "match Development org.amnezia.AmneziaVPN.network-extension"
+    # #XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY "Apple Distribution: Privacy Technologies OU (X7UJ388FXK)"
+    # #XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY[variant=Debug] "Apple Development"
+
+
+    # #XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER "Mac AppStore AmneziaVPN.network-extension"
+    # #XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER[variant=Debug] "Mac AppStore AmneziaVPN.network-extension"
+
+    XCODE_ATTRIBUTE_INFOPLIST_FILE "${CMAKE_CURRENT_BINARY_DIR}/Info.plist"
+    XCODE_ATTRIBUTE_LD_RUNPATH_SEARCH_PATHS "@executable_path/../../../../Frameworks @loader_path/../../../../Frameworks"
 )
 
+if(CMAKE_BUILD_TYPE STREQUAL "Debug")
+    set_target_properties(networkextension PROPERTIES
+        XCODE_ATTRIBUTE_CODE_SIGN_STYLE Automatic
+    )
+endif()
+
+if(CMAKE_BUILD_TYPE STREQUAL "Release")
+    set_target_properties(networkextension PROPERTIES
+        XCODE_ATTRIBUTE_CODE_SIGN_STYLE Automatic
+        #XCODE_ATTRIBUTE_CODE_SIGN_STYLE Manual
+
+        #XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY "Apple Distribution: Privacy Technologies OU (X7UJ388FXK)"
+        #XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY[variant=Debug] "Apple Development"
+
+
+        #XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER "Mac AppStore AmneziaVPN.network-extension"
+        #XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER[variant=Debug] "Mac AppStore AmneziaVPN.network-extension"
+    )
+endif()
+
+
 set_target_properties(networkextension PROPERTIES
     XCODE_ATTRIBUTE_SWIFT_VERSION "5.0"
     XCODE_ATTRIBUTE_CLANG_ENABLE_MODULES "YES"
@@ -50,16 +80,58 @@ set_target_properties("networkextension" PROPERTIES
 find_library(FW_ASSETS_LIBRARY AssetsLibrary)
 find_library(FW_MOBILE_CORE MobileCoreServices)
 find_library(FW_UI_KIT UIKit)
+find_library(FW_LIBRESOLV libresolv.9.tbd)
 
-target_link_libraries(networkextension PRIVATE ${FW_ASSETS_LIBRARY})
-target_link_libraries(networkextension PRIVATE ${FW_MOBILE_CORE})
-target_link_libraries(networkextension PRIVATE ${FW_UI_KIT})
+# set(OpenVPNAdapter_DIR "${CLIENT_ROOT_DIR}/3rd/")
+
+# find_library(OPENVPN_ADAPTER_LIBRARY OpenVPNAdapter PATHS ${OpenVPNAdapter_DIR})
+# target_link_libraries(networkextension PRIVATE ${OPENVPN_ADAPTER_LIBRARY})
+
+# add_custom_command(TARGET networkextension PRE_BUILD
+#     COMMAND ${CMAKE_COMMAND} -E make_directory $<TARGET_FILE_DIR:networkextension>/../Frameworks
+# )
+
+
+# add_custom_command(TARGET networkextension POST_BUILD
+#     COMMAND ${CMAKE_COMMAND} -E echo "Copying ${OPENVPN_ADAPTER_LIBRARY} to $<TARGET_FILE_DIR:networkextension>/../Frameworks/"
+#     COMMAND ${CMAKE_COMMAND} -E copy_if_different
+#     ${OPENVPN_ADAPTER_LIBRARY}
+#     $<TARGET_FILE_DIR:networkextension>/../Frameworks/
+#     COMMAND ${CMAKE_COMMAND} -E echo "Copy complete"
+# )
+
+
+
+
+# Set the root directory
+set(CLIENT_ROOT_DIR ${CMAKE_CURRENT_LIST_DIR}/../..)
+
+# Embedding the framework using CLIENT_ROOT_DIR
+set_property(TARGET networkextension PROPERTY XCODE_EMBED_FRAMEWORKS
+    "${CLIENT_ROOT_DIR}/3rd/OpenVPNAdapter/build/Release-macos/OpenVPNAdapter.framework"
+)
+
+# Setting the framework search paths using CLIENT_ROOT_DIR
+set(CMAKE_XCODE_ATTRIBUTE_FRAMEWORK_SEARCH_PATHS "${CLIENT_ROOT_DIR}/3rd/OpenVPNAdapter/build/Release-macos")
+
+# Linking the framework using CLIENT_ROOT_DIR
+target_link_libraries("networkextension" PRIVATE "${CLIENT_ROOT_DIR}/3rd/OpenVPNAdapter/build/Release-macos/OpenVPNAdapter.framework")
+
+
+
+#target_link_libraries(networkextension PRIVATE ${FW_ASSETS_LIBRARY})
+#target_link_libraries(networkextension PRIVATE ${FW_MOBILE_CORE})
+#target_link_libraries(networkextension PRIVATE ${FW_UI_KIT})
+target_link_libraries(networkextension PRIVATE ${FW_LIBRESOLV})
 
 target_compile_options(networkextension PRIVATE -DGROUP_ID=\"${BUILD_IOS_GROUP_IDENTIFIER}\")
 target_compile_options(networkextension PRIVATE -DNETWORK_EXTENSION=1)
 
 set(WG_APPLE_SOURCE_DIR ${CLIENT_ROOT_DIR}/3rd/amneziawg-apple/Sources)
 
+message("WG_APPLE_SOURCE_DIR is: ${WG_APPLE_SOURCE_DIR}")
+message("CLIENT_ROOT_DIR is: ${CLIENT_ROOT_DIR}")
+
 target_sources(networkextension PRIVATE
     ${WG_APPLE_SOURCE_DIR}/WireGuardKit/WireGuardAdapter.swift
     ${WG_APPLE_SOURCE_DIR}/WireGuardKit/PacketTunnelSettingsGenerator.swift
@@ -80,12 +152,14 @@ target_sources(networkextension PRIVATE
     ${WG_APPLE_SOURCE_DIR}/WireGuardKit/Array+ConcurrentMap.swift
     ${WG_APPLE_SOURCE_DIR}/WireGuardKit/IPAddress+AddrInfo.swift
     ${WG_APPLE_SOURCE_DIR}/WireGuardKit/PrivateKey.swift
+    ${CLIENT_ROOT_DIR}/platforms/ios/HevSocksTunnel.swift
     ${CLIENT_ROOT_DIR}/platforms/ios/NELogController.swift
     ${CLIENT_ROOT_DIR}/platforms/ios/Log.swift
     ${CLIENT_ROOT_DIR}/platforms/ios/LogRecord.swift
     ${CLIENT_ROOT_DIR}/platforms/ios/PacketTunnelProvider.swift
     ${CLIENT_ROOT_DIR}/platforms/ios/PacketTunnelProvider+WireGuard.swift
     ${CLIENT_ROOT_DIR}/platforms/ios/PacketTunnelProvider+OpenVPN.swift
+    ${CLIENT_ROOT_DIR}/platforms/ios/PacketTunnelProvider+Xray.swift
     ${CLIENT_ROOT_DIR}/platforms/ios/WGConfig.swift
     ${CLIENT_ROOT_DIR}/platforms/ios/iosglue.mm
 )
@@ -114,3 +188,11 @@ target_include_directories(networkextension PRIVATE ${CLIENT_ROOT_DIR})
 target_include_directories(networkextension PRIVATE ${CMAKE_CURRENT_BINARY_DIR})
 
 target_link_libraries(networkextension PRIVATE ${CLIENT_ROOT_DIR}/3rd-prebuilt/3rd-prebuilt/wireguard/ios/arm64/libwg-go.a)
+
+# Print the root directory for debugging purposes
+message("---------")
+message(${CLIENT_ROOT_DIR})
+message(${CLIENT_ROOT_DIR}/3rd-prebuilt/3rd-prebuilt/xray/HevSocks5Tunnel.xcframework/macos-arm64_x86_64/libhev-socks5-tunnel.a)
+target_link_libraries("networkextension" PRIVATE "${CLIENT_ROOT_DIR}/3rd-prebuilt/3rd-prebuilt/xray/HevSocks5Tunnel.xcframework/macos-arm64_x86_64/libhev-socks5-tunnel.a")
+
+target_include_directories(networkextension PRIVATE ${CLIENT_ROOT_DIR}/3rd-prebuilt/3rd-prebuilt/xray/HevSocks5Tunnel.xcframework/macos-arm64_x86_64/Headers)

client/ios/networkextension/Info.plist.in

@@ -5,20 +5,20 @@
 	<key>CFBundleDevelopmentRegion</key>
 	<string>en</string>
 	<key>CFBundleExecutable</key>
-	<string>${MACOSX_BUNDLE_EXECUTABLE_NAME}</string>
+	<string>AmneziaVPNNetworkExtension</string>
 
 	<key>CFBundleIdentifier</key>
-	<string>${MACOSX_BUNDLE_GUI_IDENTIFIER}</string>
+	<string>${BUILD_IOS_APP_IDENTIFIER}.network-extension</string>
 	<key>CFBundleInfoDictionaryVersion</key>
 	<string>6.0</string>
 	<key>CFBundleName</key>
-	<string>${MACOSX_BUNDLE_BUNDLE_NAME}</string>
+	<string>AmneziaVPNNetworkExtension</string>
 	<key>CFBundlePackageType</key>
 	<string>$(PRODUCT_BUNDLE_PACKAGE_TYPE)</string>
 	<key>CFBundleShortVersionString</key>
-	<string>${MACOSX_BUNDLE_SHORT_VERSION_STRING}</string>
+	<string>${APPLE_PROJECT_VERSION}</string>
 	<key>CFBundleVersion</key>
-	<string>${MACOSX_BUNDLE_BUNDLE_VERSION}</string>
+	<string>${CMAKE_PROJECT_VERSION_TWEAK}</string>
 
 	<key>ITSAppUsesNonExemptEncryption</key>
 	<false/>
@@ -27,7 +27,7 @@
 	<string>${CMAKE_OSX_DEPLOYMENT_TARGET}</string>
 
 	<key>CFBundleDisplayName</key>
-	<string>${MACOSX_BUNDLE_INFO_STRING}</string>
+	<string>AmneziaVPNNetworkExtension</string>
 
 	<key>NSExtension</key>
 	<dict>
@@ -38,9 +38,9 @@
 	</dict>
 
 	<key>com.wireguard.ios.app_group_id</key>
-	<string>group.${BUILD_IOS_APP_IDENTIFIER}</string>
+	<string>group.org.amnezia.AmneziaVPN</string>
 
 	<key>com.wireguard.macos.app_group_id</key>
-	<string>${BUILD_VPN_DEVELOPMENT_TEAM}.group.${BUILD_OSX_APP_IDENTIFIER}</string>
+	<string>${BUILD_VPN_DEVELOPMENT_TEAM}.group.org.amnezia.AmneziaVPN</string>
 </dict>
-</plist>
+</plist>

client/ios/networkextension/WireGuardNetworkExtension-Bridging-Header.h

@@ -19,3 +19,8 @@ bool key_from_hex(uint8_t key[WG_KEY_LEN], const char* hex);
 bool key_eq(const uint8_t key1[WG_KEY_LEN], const uint8_t key2[WG_KEY_LEN]);
 
 void write_msg_to_log(const char* tag, const char* msg);
+
+// Khai báo hàm C để Swift có thể sử dụng
+void hev_socks5_tunnel_quit(void);
+// Updated function definition in C
+int hev_socks5_tunnel_main(const char* configFile, int fd);

client/ios/scripts/openvpn.sh

@@ -2,18 +2,28 @@ XCODEBUILD="/usr/bin/xcodebuild"
 WORKINGDIR=`pwd`
 PATCH="/usr/bin/patch"
 
-  cat $WORKINGDIR/3rd/OpenVPNAdapter/Configuration/Project.xcconfig > $WORKINGDIR/3rd/OpenVPNAdapter/Configuration/amnezia.xcconfig
-  cat << EOF >> $WORKINGDIR/3rd/OpenVPNAdapter/Configuration/amnezia.xcconfig
-  PROJECT_TEMP_DIR = $WORKINGDIR/3rd/OpenVPNAdapter/build/OpenVPNAdapter.build
-  CONFIGURATION_BUILD_DIR = $WORKINGDIR/3rd/OpenVPNAdapter/build/Release-iphoneos
-  BUILT_PRODUCTS_DIR = $WORKINGDIR/3rd/OpenVPNAdapter/build/Release-iphoneos
+# Copy the Project.xcconfig settings to amnezia.xcconfig
+cat $WORKINGDIR/3rd/OpenVPNAdapter/Configuration/Project.xcconfig > $WORKINGDIR/3rd/OpenVPNAdapter/Configuration/amnezia.xcconfig
+
+# Append macOS-specific build directory configurations to amnezia.xcconfig
+cat << EOF >> $WORKINGDIR/3rd/OpenVPNAdapter/Configuration/amnezia.xcconfig
+PROJECT_TEMP_DIR = $WORKINGDIR/3rd/OpenVPNAdapter/build/OpenVPNAdapter.build
+CONFIGURATION_BUILD_DIR = $WORKINGDIR/3rd/OpenVPNAdapter/build/Release-macos
+BUILT_PRODUCTS_DIR = $WORKINGDIR/3rd/OpenVPNAdapter/build/Release-macos
 EOF
 
+# Fetch the current macOS SDK version dynamically
+MACOSX_SDK=macosx15.0
+cd 3rd/OpenVPNAdapter
 
-  cd 3rd/OpenVPNAdapter
-  if $XCODEBUILD -scheme OpenVPNAdapter -configuration Release -xcconfig Configuration/amnezia.xcconfig -sdk iphoneos -destination 'generic/platform=iOS' -project OpenVPNAdapter.xcodeproj ; then
-    echo "OpenVPNAdapter built successfully"
-  else
-    echo "OpenVPNAdapter build failed"
-  fi
-  cd ../../
+# Build for macOS using the correct SDK and destination
+if $XCODEBUILD -scheme OpenVPNAdapter -configuration Release -xcconfig Configuration/amnezia.xcconfig -sdk $MACOSX_SDK -destination 'generic/platform=macOS' -project OpenVPNAdapter.xcodeproj ; then
+  echo "OpenVPNAdapter built successfully for macOS"
+else
+  echo "OpenVPNAdapter macOS build failed ..."
+fi
+
+# Remove CodeSignature if needed for macOS
+rm -rf ./build/Release-macos/OpenVPNAdapter.framework/Versions/A/_CodeSignature
+
+cd ../../

client/macos/app/AmneziaVPNLaunchScreen.storyboard

@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<document type="com.apple.InterfaceBuilder3.CocoaTouch.Storyboard.XIB" version="3.0" toolsVersion="17506" targetRuntime="iOS.CocoaTouch" propertyAccessControl="none" useAutolayout="YES" launchScreen="YES" useTraitCollections="YES" useSafeAreas="YES" colorMatched="YES" initialViewController="01J-lp-oVM">
+    <device id="ipad12_9rounded" orientation="portrait" layout="fullscreen" appearance="light"/>
+    <dependencies>
+        <deployment identifier="iOS"/>
+        <plugIn identifier="com.apple.InterfaceBuilder.IBCocoaTouchPlugin" version="17505"/>
+        <capability name="Safe area layout guides" minToolsVersion="9.0"/>
+        <capability name="documents saved in the Xcode 8 format" minToolsVersion="8.0"/>
+    </dependencies>
+    <scenes>
+        <!--View Controller-->
+        <scene sceneID="EHf-IW-A2E">
+            <objects>
+                <viewController id="01J-lp-oVM" sceneMemberID="viewController">
+                    <view key="view" contentMode="scaleToFill" id="gZ9-gc-3t5">
+                        <rect key="frame" x="0.0" y="0.0" width="1024" height="1366"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMaxY="YES"/>
+                        <subviews>
+                            <imageView clipsSubviews="YES" userInteractionEnabled="NO" contentMode="scaleAspectFit" horizontalHuggingPriority="251" verticalHuggingPriority="251" image="launch.png" translatesAutoresizingMaskIntoConstraints="NO" id="q5g-aV-39U">
+                                <rect key="frame" x="467" y="638" width="90" height="90"/>
+                                <constraints>
+                                    <constraint firstAttribute="width" constant="90" id="VFp-nz-h8O"/>
+                                    <constraint firstAttribute="height" constant="90" id="ZUg-Ud-mgE"/>
+                                </constraints>
+                            </imageView>
+                        </subviews>
+                        <viewLayoutGuide key="safeArea" id="Whf-X3-AA4"/>
+                        <color key="backgroundColor" white="0.0" alpha="1" colorSpace="custom" customColorSpace="genericGamma22GrayColorSpace"/>
+                        <constraints>
+                            <constraint firstItem="q5g-aV-39U" firstAttribute="centerX" secondItem="gZ9-gc-3t5" secondAttribute="centerX" id="Ayw-bo-LVF"/>
+                            <constraint firstItem="q5g-aV-39U" firstAttribute="centerY" secondItem="gZ9-gc-3t5" secondAttribute="centerY" id="YHd-Kc-J0u"/>
+                        </constraints>
+                    </view>
+                </viewController>
+                <placeholder placeholderIdentifier="IBFirstResponder" id="iYj-Kq-Ea1" userLabel="First Responder" sceneMemberID="firstResponder"/>
+            </objects>
+            <point key="canvasLocation" x="53" y="375"/>
+        </scene>
+    </scenes>
+    <resources>
+        <image name="launch.png" width="1024" height="1024"/>
+    </resources>
+</document>

client/macos/app/Info.plist.in

@@ -0,0 +1,165 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>CFBundleAllowMixedLocalizations</key>
+	<true/>
+	<key>CFBundleDevelopmentRegion</key>
+	<string>en</string>
+	<key>CFBundleDisplayName</key>
+	<string>${QT_INTERNAL_DOLLAR_VAR}{PRODUCT_NAME}</string>
+	<key>CFBundleExecutable</key>
+	<string>${MACOSX_BUNDLE_EXECUTABLE_NAME}</string>
+	<key>CFBundleIdentifier</key>
+	<string>org.amnezia.AmneziaVPN</string>
+	<key>CFBundleInfoDictionaryVersion</key>
+	<string>6.0</string>
+	<key>CFBundleName</key>
+	<string>${MACOSX_BUNDLE_BUNDLE_NAME}</string>
+	<key>CFBundlePackageType</key>
+	<string>APPL</string>
+	<key>CFBundleShortVersionString</key>
+	<string>${MACOSX_BUNDLE_SHORT_VERSION_STRING}</string>
+	<key>CFBundleVersion</key>
+	<string>${MACOSX_BUNDLE_BUNDLE_VERSION}</string>
+	<key>NSHumanReadableCopyright</key>
+	<string>${MACOSX_BUNDLE_COPYRIGHT}</string>
+	<key>LSApplicationCategoryType</key>
+	<string>public.app-category.utilities</string>
+	<key>ITSAppUsesNonExemptEncryption</key>
+	<false/>
+	<key>UISupportedInterfaceOrientations~ipad</key>
+	<array/>
+	<key>UIUserInterfaceStyle</key>
+	<string>Light</string>
+	<key>com.wireguard.ios.app_group_id</key>
+	<string>group.org.amnezia.AmneziaVPN</string>
+	<key>UIViewControllerBasedStatusBarAppearance</key>
+	<true/>
+	<key>NSCameraUsageDescription</key>
+	<string>Amnezia VPN needs access to the camera for reading QR-codes.</string>
+	<key>NSAppTransportSecurity</key>
+	<dict>
+		<key>NSAllowsArbitraryLoads</key>
+		<false/>
+		<key>NSAllowsLocalNetworking</key>
+		<true/>
+	</dict>
+	<key>CFBundleIcons</key>
+        <dict/>
+        <key>CFBundleIcons~ipad</key>
+        <dict/>
+	<key>UTImportedTypeDeclarations</key>
+	<array>
+		<dict>
+			<key>UTTypeConformsTo</key>
+			<array>
+				<string>public.data</string>
+			</array>
+			<key>UTTypeDescription</key>
+			<string>Amnezia VPN config</string>
+			<key>UTTypeIconFiles</key>
+			<array/>
+			<key>UTTypeIdentifier</key>
+			<string>org.amnezia.AmneziaVPN.amnezia-config</string>
+			<key>UTTypeTagSpecification</key>
+			<dict>
+				<key>public.filename-extension</key>
+				<array>
+					<string>vpn</string>
+				</array>
+				<key>public.mime-type</key>
+				<array>
+					<string>text/plain</string>
+				</array>
+			</dict>
+		</dict>
+                <dict>
+                        <key>UTTypeConformsTo</key>
+                        <array>
+                                <string>public.data</string>
+                        </array>
+                        <key>UTTypeDescription</key>
+                        <string>WireGuard config</string>
+                        <key>UTTypeIconFiles</key>
+                        <array/>
+                        <key>UTTypeIdentifier</key>
+                        <string>org.amnezia.AmneziaVPN.wireguard-config</string>
+                        <key>UTTypeTagSpecification</key>
+                        <dict>
+                                <key>public.filename-extension</key>
+                                <array>
+                                        <string>conf</string>
+                                        <string>cfg</string>
+                                </array>
+                                <key>public.mime-type</key>
+                                <array>
+                                        <string>text/plain</string>
+                                </array>
+                        </dict>
+                </dict>
+                <dict>
+                        <key>UTTypeConformsTo</key>
+                        <array>
+                                <string>public.data</string>
+                        </array>
+                        <key>UTTypeDescription</key>
+                        <string>OpenVPN config</string>
+                        <key>UTTypeIconFiles</key>
+                        <array/>
+                        <key>UTTypeIdentifier</key>
+                        <string>org.amnezia.AmneziaVPN.openvpn-config</string>
+                        <key>UTTypeTagSpecification</key>
+                        <dict>
+                                <key>public.filename-extension</key>
+                                <array>
+                                        <string>ovpn</string>
+                                </array>
+                                <key>public.mime-type</key>
+                                <array>
+                                        <string>text/plain</string>
+                                </array>
+                        </dict>
+                </dict>
+                <dict>
+                        <key>UTTypeConformsTo</key>
+                        <array>
+                                <string>public.data</string>
+                        </array>
+                        <key>UTTypeDescription</key>
+                        <string>AmneziaVPN backup file</string>
+                        <key>UTTypeIconFiles</key>
+                        <array/>
+                        <key>UTTypeIdentifier</key>
+                        <string>org.amnezia.AmneziaVPN.backup-config</string>
+                        <key>UTTypeTagSpecification</key>
+                        <dict>
+                                <key>public.filename-extension</key>
+                                <array>
+                                        <string>backup</string>
+                                </array>
+                                <key>public.mime-type</key>
+                                <array>
+                                        <string>text/plain</string>
+                                </array>
+                        </dict>
+                </dict>
+	</array>
+        <key>CFBundleDocumentTypes</key>
+        <array>
+                <dict>
+                        <key>CFBundleTypeName</key>
+                        <string>Amnezia VPN config</string>
+                        <key>LSHandlerRank</key>
+                        <string>Alternate</string>
+                        <key>LSItemContentTypes</key>
+                        <array>
+                                <string>org.amnezia.AmneziaVPN.amnezia-config</string>
+                                <string>org.amnezia.AmneziaVPN.wireguard-config</string>
+                                <string>org.amnezia.AmneziaVPN.openvpn-config</string>
+                                <string>org.amnezia.AmneziaVPN.backup-config</string>
+                        </array>
+                </dict>
+        </array>
+</dict>
+</plist>

client/macos/app/Media.xcassets/AppIcon.appiconset/Contents.json

@@ -0,0 +1,290 @@
+{
+  "images" : [
+    {
+      "filename" : "40.png",
+      "idiom" : "iphone",
+      "scale" : "2x",
+      "size" : "20x20"
+    },
+    {
+      "filename" : "60.png",
+      "idiom" : "iphone",
+      "scale" : "3x",
+      "size" : "20x20"
+    },
+    {
+      "filename" : "29.png",
+      "idiom" : "iphone",
+      "scale" : "1x",
+      "size" : "29x29"
+    },
+    {
+      "filename" : "58.png",
+      "idiom" : "iphone",
+      "scale" : "2x",
+      "size" : "29x29"
+    },
+    {
+      "filename" : "87.png",
+      "idiom" : "iphone",
+      "scale" : "3x",
+      "size" : "29x29"
+    },
+    {
+      "filename" : "80.png",
+      "idiom" : "iphone",
+      "scale" : "2x",
+      "size" : "40x40"
+    },
+    {
+      "filename" : "120.png",
+      "idiom" : "iphone",
+      "scale" : "3x",
+      "size" : "40x40"
+    },
+    {
+      "filename" : "57.png",
+      "idiom" : "iphone",
+      "scale" : "1x",
+      "size" : "57x57"
+    },
+    {
+      "filename" : "114.png",
+      "idiom" : "iphone",
+      "scale" : "2x",
+      "size" : "57x57"
+    },
+    {
+      "filename" : "120.png",
+      "idiom" : "iphone",
+      "scale" : "2x",
+      "size" : "60x60"
+    },
+    {
+      "filename" : "180.png",
+      "idiom" : "iphone",
+      "scale" : "3x",
+      "size" : "60x60"
+    },
+    {
+      "filename" : "20.png",
+      "idiom" : "ipad",
+      "scale" : "1x",
+      "size" : "20x20"
+    },
+    {
+      "filename" : "40.png",
+      "idiom" : "ipad",
+      "scale" : "2x",
+      "size" : "20x20"
+    },
+    {
+      "filename" : "29.png",
+      "idiom" : "ipad",
+      "scale" : "1x",
+      "size" : "29x29"
+    },
+    {
+      "filename" : "58.png",
+      "idiom" : "ipad",
+      "scale" : "2x",
+      "size" : "29x29"
+    },
+    {
+      "filename" : "40.png",
+      "idiom" : "ipad",
+      "scale" : "1x",
+      "size" : "40x40"
+    },
+    {
+      "filename" : "80.png",
+      "idiom" : "ipad",
+      "scale" : "2x",
+      "size" : "40x40"
+    },
+    {
+      "filename" : "50.png",
+      "idiom" : "ipad",
+      "scale" : "1x",
+      "size" : "50x50"
+    },
+    {
+      "filename" : "100.png",
+      "idiom" : "ipad",
+      "scale" : "2x",
+      "size" : "50x50"
+    },
+    {
+      "filename" : "72.png",
+      "idiom" : "ipad",
+      "scale" : "1x",
+      "size" : "72x72"
+    },
+    {
+      "filename" : "144.png",
+      "idiom" : "ipad",
+      "scale" : "2x",
+      "size" : "72x72"
+    },
+    {
+      "filename" : "76.png",
+      "idiom" : "ipad",
+      "scale" : "1x",
+      "size" : "76x76"
+    },
+    {
+      "filename" : "152.png",
+      "idiom" : "ipad",
+      "scale" : "2x",
+      "size" : "76x76"
+    },
+    {
+      "filename" : "167.png",
+      "idiom" : "ipad",
+      "scale" : "2x",
+      "size" : "83.5x83.5"
+    },
+    {
+      "filename" : "1024.png",
+      "idiom" : "ios-marketing",
+      "scale" : "1x",
+      "size" : "1024x1024"
+    },
+    {
+      "idiom" : "watch",
+      "role" : "notificationCenter",
+      "scale" : "2x",
+      "size" : "24x24",
+      "subtype" : "38mm"
+    },
+    {
+      "idiom" : "watch",
+      "role" : "notificationCenter",
+      "scale" : "2x",
+      "size" : "27.5x27.5",
+      "subtype" : "42mm"
+    },
+    {
+      "idiom" : "watch",
+      "role" : "companionSettings",
+      "scale" : "2x",
+      "size" : "29x29"
+    },
+    {
+      "idiom" : "watch",
+      "role" : "companionSettings",
+      "scale" : "3x",
+      "size" : "29x29"
+    },
+    {
+      "idiom" : "watch",
+      "role" : "notificationCenter",
+      "scale" : "2x",
+      "size" : "33x33",
+      "subtype" : "45mm"
+    },
+    {
+      "idiom" : "watch",
+      "role" : "appLauncher",
+      "scale" : "2x",
+      "size" : "40x40",
+      "subtype" : "38mm"
+    },
+    {
+      "idiom" : "watch",
+      "role" : "appLauncher",
+      "scale" : "2x",
+      "size" : "44x44",
+      "subtype" : "40mm"
+    },
+    {
+      "idiom" : "watch",
+      "role" : "appLauncher",
+      "scale" : "2x",
+      "size" : "46x46",
+      "subtype" : "41mm"
+    },
+    {
+      "idiom" : "watch",
+      "role" : "appLauncher",
+      "scale" : "2x",
+      "size" : "50x50",
+      "subtype" : "44mm"
+    },
+    {
+      "idiom" : "watch",
+      "role" : "appLauncher",
+      "scale" : "2x",
+      "size" : "51x51",
+      "subtype" : "45mm"
+    },
+    {
+      "idiom" : "watch",
+      "role" : "appLauncher",
+      "scale" : "2x",
+      "size" : "54x54",
+      "subtype" : "49mm"
+    },
+    {
+      "idiom" : "watch",
+      "role" : "quickLook",
+      "scale" : "2x",
+      "size" : "86x86",
+      "subtype" : "38mm"
+    },
+    {
+      "idiom" : "watch",
+      "role" : "quickLook",
+      "scale" : "2x",
+      "size" : "98x98",
+      "subtype" : "42mm"
+    },
+    {
+      "idiom" : "watch",
+      "role" : "quickLook",
+      "scale" : "2x",
+      "size" : "108x108",
+      "subtype" : "44mm"
+    },
+    {
+      "idiom" : "watch",
+      "role" : "quickLook",
+      "scale" : "2x",
+      "size" : "117x117",
+      "subtype" : "45mm"
+    },
+    {
+      "idiom" : "watch",
+      "role" : "quickLook",
+      "scale" : "2x",
+      "size" : "129x129",
+      "subtype" : "49mm"
+    },
+    {
+      "idiom" : "watch-marketing",
+      "scale" : "1x",
+      "size" : "1024x1024"
+    },
+    {
+      "idiom" : "car",
+      "scale" : "2x",
+      "size" : "60"
+    },
+    {
+      "idiom" : "car",
+      "scale" : "3x",
+      "size" : "60"
+    },
+    {
+      "idiom" : "watch",
+      "role" : "longLook",
+      "scale" : "2x",
+      "size" : "44x44",
+      "subtype" : "42mm"
+    }
+  ],
+  "info" : {
+    "author" : "xcode",
+    "version" : 1
+  }
+}

client/macos/app/Media.xcassets/Contents.json

@@ -0,0 +1,6 @@
+{
+  "info" : {
+    "author" : "xcode",
+    "version" : 1
+  }
+}

client/macos/app/PrivacyInfo.xcprivacy

@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>NSPrivacyAccessedAPITypes</key>
+	<array>
+		<dict>
+			<key>NSPrivacyAccessedAPIType</key>
+			<string>NSPrivacyAccessedAPICategoryFileTimestamp</string>
+			<key>NSPrivacyAccessedAPITypeReasons</key>
+			<array>
+				<string>C617.1</string>
+			</array>
+		</dict>
+		<dict>
+			<key>NSPrivacyAccessedAPIType</key>
+			<string>NSPrivacyAccessedAPICategoryUserDefaults</string>
+			<key>NSPrivacyAccessedAPITypeReasons</key>
+			<array>
+				<string>1C8F.1</string>
+			</array>
+		</dict>
+		<dict>
+			<key>NSPrivacyAccessedAPIType</key>
+			<string>NSPrivacyAccessedAPICategorySystemBootTime</string>
+			<key>NSPrivacyAccessedAPITypeReasons</key>
+			<array>
+				<string>35F9.1</string>
+			</array>
+		</dict>
+	</array>
+</dict>
+</plist>

client/macos/app/main.entitlements

@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>com.apple.application-identifier</key>
+	<string>X7UJ388FXK.org.amnezia.AmneziaVPN</string>
+	<key>com.apple.developer.networking.networkextension</key>
+	<array>
+		<string>packet-tunnel-provider</string>
+	</array>
+	<key>com.apple.developer.team-identifier</key>
+	<string>X7UJ388FXK</string>
+	<key>com.apple.security.app-sandbox</key>
+	<true/>
+	<key>com.apple.security.application-groups</key>
+	<array>
+		<string>group.org.amnezia.AmneziaVPN</string>
+	</array>
+	<key>com.apple.security.files.user-selected.read-write</key>
+	<true/>
+	<key>com.apple.security.network.client</key>
+	<true/>
+	<key>com.apple.security.network.server</key>
+	<true/>
+	<key>keychain-access-groups</key>
+	<array>
+		<string>$(AppIdentifierPrefix)org.amnezia.AmneziaVPN</string>
+	</array>
+</dict>
+</plist>

client/macos/networkextension/AmneziaVPNNetworkExtension.entitlements

@@ -3,40 +3,26 @@
 <plist version="1.0">
 <dict>
 	<key>com.apple.application-identifier</key>
-	<string>$(DEVELOPMENT_TEAM).$(NETEXT_ID_MACOS)</string>
-
+	<string>X7UJ388FXK.org.amnezia.AmneziaVPN.network-extension</string>
 	<key>com.apple.developer.networking.networkextension</key>
 	<array>
 		<string>packet-tunnel-provider</string>
 	</array>
-
-	<key>keychain-access-groups</key>
-	<array>
-		<string>$(DEVELOPMENT_TEAM).*</string>
-	</array>
-
 	<key>com.apple.developer.team-identifier</key>
-	<string>$(DEVELOPMENT_TEAM)</string>
-
-	<key>com.apple.developer.system-extension.install</key>
-	<true/>
-
+	<string>X7UJ388FXK</string>
 	<key>com.apple.security.app-sandbox</key>
 	<true/>
-
 	<key>com.apple.security.application-groups</key>
 	<array>
-		<string>$(DEVELOPMENT_TEAM).$(GROUP_ID_MACOS)</string>
+		<string>group.org.amnezia.AmneziaVPN</string>
 	</array>
-
 	<key>com.apple.security.network.client</key>
 	<true/>
-
 	<key>com.apple.security.network.server</key>
 	<true/>
-	<key>com.apple.security.app-sandbox</key>
-	<true/>
-	<key>com.apple.private.network.socket-delegate</key>
-	<true/>
+	<key>keychain-access-groups</key>
+	<array>
+		<string>$(AppIdentifierPrefix)org.amnezia.AmneziaVPN.network-extension</string>
+	</array>
 </dict>
 </plist>

client/macos/networkextension/AmneziaVPNNetworkExtension.entitlements.bk

@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>com.apple.application-identifier</key>
+	<string>$(DEVELOPMENT_TEAM).$(NETEXT_ID_MACOS)</string>
+	<key>com.apple.security.app-sandbox</key>
+	<true/>
+	<key>com.apple.security.network.client</key>
+	<true/>
+	<key>com.apple.security.network.server</key>
+	<true/>
+	<key>com.apple.developer.networking.networkextension</key>
+	<array>
+		<string>packet-tunnel-provider</string>
+	</array>
+
+	<key>keychain-access-groups</key>
+	<array>
+		<string>$(DEVELOPMENT_TEAM).*</string>
+	</array>
+
+	<key>com.apple.developer.team-identifier</key>
+	<string>$(DEVELOPMENT_TEAM)</string>
+
+	<key>com.apple.developer.system-extension.install</key>
+	<true/>
+
+	<key>com.apple.security.app-sandbox</key>
+	<true/>
+
+	<key>com.apple.security.application-groups</key>
+	<array>
+		<string>$(DEVELOPMENT_TEAM).$(GROUP_ID_MACOS)</string>
+	</array>
+
+	<key>com.apple.security.network.client</key>
+	<true/>
+
+	<key>com.apple.security.network.server</key>
+	<true/>
+	<key>com.apple.security.app-sandbox</key>
+	<true/>
+	<key>com.apple.private.network.socket-delegate</key>
+	<true/>
+</dict>
+</plist>

client/macos/networkextension/CMakeLists.txt

@@ -0,0 +1,198 @@
+enable_language(Swift)
+message("Client message >> macos build >> networkextension")
+set(CLIENT_ROOT_DIR ${CMAKE_CURRENT_LIST_DIR}/../..)
+
+add_executable(networkextension)
+
+configure_file(
+    ${CMAKE_CURRENT_LIST_DIR}/Info.plist.in
+    ${CMAKE_CURRENT_BINARY_DIR}/Info.plist
+)
+
+set_target_properties(networkextension PROPERTIES
+    XCODE_PRODUCT_TYPE com.apple.product-type.app-extension
+    BUNDLE_EXTENSION appex
+
+    #MACOSX_BUNDLE_INFO_PLIST ${CMAKE_CURRENT_BINARY_DIR}/Info.plist
+
+    MACOSX_BUNDLE_SHORT_VERSION_STRING "${APPLE_PROJECT_VERSION}"
+
+    XCODE_ATTRIBUTE_PRODUCT_BUNDLE_IDENTIFIER "${BUILD_OSX_APP_IDENTIFIER}.network-extension"
+    XCODE_ATTRIBUTE_PRODUCT_BUNDLE_NAME "${BUILD_OSX_APP_IDENTIFIER}.network-extension"
+    XCODE_ATTRIBUTE_CODE_SIGN_ENTITLEMENTS ${CMAKE_CURRENT_SOURCE_DIR}/AmneziaVPNNetworkExtension.entitlements
+    XCODE_ATTRIBUTE_MARKETING_VERSION "${APP_MAJOR_VERSION}"
+    XCODE_ATTRIBUTE_CURRENT_PROJECT_VERSION "${BUILD_ID}"
+    XCODE_ATTRIBUTE_PRODUCT_NAME "AmneziaVPNNetworkExtension"
+
+    XCODE_ATTRIBUTE_APPLICATION_EXTENSION_API_ONLY "YES"
+    XCODE_ATTRIBUTE_ENABLE_BITCODE "NO"
+    XCODE_ATTRIBUTE_TARGETED_DEVICE_FAMILY "1,2"
+
+    XCODE_ATTRIBUTE_LD_RUNPATH_SEARCH_PATHS "@executable_path/../../Frameworks"
+
+    # XCODE_ATTRIBUTE_CODE_SIGN_STYLE Automatic
+    # #XCODE_ATTRIBUTE_CODE_SIGN_STYLE Manual
+
+    # #XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY "Apple Distribution: Privacy Technologies OU (X7UJ388FXK)"
+    # #XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY[variant=Debug] "Apple Development"
+
+
+    # #XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER "Mac AppStore AmneziaVPN.network-extension"
+    # #XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER[variant=Debug] "Mac AppStore AmneziaVPN.network-extension"
+
+    XCODE_ATTRIBUTE_INFOPLIST_FILE "${CMAKE_CURRENT_BINARY_DIR}/Info.plist"
+    XCODE_ATTRIBUTE_LD_RUNPATH_SEARCH_PATHS "@executable_path/../../../../Frameworks @loader_path/../../../../Frameworks"
+)
+
+if(CMAKE_BUILD_TYPE STREQUAL "Debug")
+    set_target_properties(networkextension PROPERTIES
+        XCODE_ATTRIBUTE_CODE_SIGN_STYLE Automatic
+    )
+endif()
+
+if(CMAKE_BUILD_TYPE STREQUAL "Release")
+    set_target_properties(networkextension PROPERTIES
+        XCODE_ATTRIBUTE_CODE_SIGN_STYLE Automatic
+        #XCODE_ATTRIBUTE_CODE_SIGN_STYLE Manual
+
+        #XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY "Apple Distribution: Privacy Technologies OU (X7UJ388FXK)"
+        #XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY[variant=Debug] "Apple Development"
+
+
+        #XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER "Mac AppStore AmneziaVPN.network-extension"
+        #XCODE_ATTRIBUTE_PROVISIONING_PROFILE_SPECIFIER[variant=Debug] "Mac AppStore AmneziaVPN.network-extension"
+    )
+endif()
+
+
+set_target_properties(networkextension PROPERTIES
+    XCODE_ATTRIBUTE_SWIFT_VERSION "5.0"
+    XCODE_ATTRIBUTE_CLANG_ENABLE_MODULES "YES"
+    XCODE_ATTRIBUTE_SWIFT_OBJC_BRIDGING_HEADER "${CMAKE_CURRENT_SOURCE_DIR}/WireGuardNetworkExtension-Bridging-Header.h"
+    XCODE_ATTRIBUTE_SWIFT_OPTIMIZATION_LEVEL "-Onone"
+    XCODE_ATTRIBUTE_SWIFT_PRECOMPILE_BRIDGING_HEADER "NO"
+)
+
+set_target_properties("networkextension" PROPERTIES
+    XCODE_ATTRIBUTE_DEVELOPMENT_TEAM "X7UJ388FXK"
+)
+
+find_library(FW_ASSETS_LIBRARY AssetsLibrary)
+find_library(FW_MOBILE_CORE MobileCoreServices)
+find_library(FW_UI_KIT UIKit)
+find_library(FW_LIBRESOLV libresolv.9.tbd)
+
+# set(OpenVPNAdapter_DIR "${CLIENT_ROOT_DIR}/3rd/")
+
+# find_library(OPENVPN_ADAPTER_LIBRARY OpenVPNAdapter PATHS ${OpenVPNAdapter_DIR})
+# target_link_libraries(networkextension PRIVATE ${OPENVPN_ADAPTER_LIBRARY})
+
+# add_custom_command(TARGET networkextension PRE_BUILD
+#     COMMAND ${CMAKE_COMMAND} -E make_directory $<TARGET_FILE_DIR:networkextension>/../Frameworks
+# )
+
+
+# add_custom_command(TARGET networkextension POST_BUILD
+#     COMMAND ${CMAKE_COMMAND} -E echo "Copying ${OPENVPN_ADAPTER_LIBRARY} to $<TARGET_FILE_DIR:networkextension>/../Frameworks/"
+#     COMMAND ${CMAKE_COMMAND} -E copy_if_different
+#     ${OPENVPN_ADAPTER_LIBRARY}
+#     $<TARGET_FILE_DIR:networkextension>/../Frameworks/
+#     COMMAND ${CMAKE_COMMAND} -E echo "Copy complete"
+# )
+
+
+
+
+# Set the root directory
+set(CLIENT_ROOT_DIR ${CMAKE_CURRENT_LIST_DIR}/../..)
+
+# Embedding the framework using CLIENT_ROOT_DIR
+set_property(TARGET networkextension PROPERTY XCODE_EMBED_FRAMEWORKS
+    "${CLIENT_ROOT_DIR}/3rd/OpenVPNAdapter/build/Release-macos/OpenVPNAdapter.framework"
+)
+
+# Setting the framework search paths using CLIENT_ROOT_DIR
+set(CMAKE_XCODE_ATTRIBUTE_FRAMEWORK_SEARCH_PATHS "${CLIENT_ROOT_DIR}/3rd/OpenVPNAdapter/build/Release-macos")
+
+# Linking the framework using CLIENT_ROOT_DIR
+target_link_libraries("networkextension" PRIVATE "${CLIENT_ROOT_DIR}/3rd/OpenVPNAdapter/build/Release-macos/OpenVPNAdapter.framework")
+
+
+
+#target_link_libraries(networkextension PRIVATE ${FW_ASSETS_LIBRARY})
+#target_link_libraries(networkextension PRIVATE ${FW_MOBILE_CORE})
+#target_link_libraries(networkextension PRIVATE ${FW_UI_KIT})
+target_link_libraries(networkextension PRIVATE ${FW_LIBRESOLV})
+
+target_compile_options(networkextension PRIVATE -DGROUP_ID=\"${BUILD_IOS_GROUP_IDENTIFIER}\")
+target_compile_options(networkextension PRIVATE -DNETWORK_EXTENSION=1)
+
+set(WG_APPLE_SOURCE_DIR ${CLIENT_ROOT_DIR}/3rd/amneziawg-apple/Sources)
+
+message("WG_APPLE_SOURCE_DIR is: ${WG_APPLE_SOURCE_DIR}")
+message("CLIENT_ROOT_DIR is: ${CLIENT_ROOT_DIR}")
+
+target_sources(networkextension PRIVATE
+    ${WG_APPLE_SOURCE_DIR}/WireGuardKit/WireGuardAdapter.swift
+    ${WG_APPLE_SOURCE_DIR}/WireGuardKit/PacketTunnelSettingsGenerator.swift
+    ${WG_APPLE_SOURCE_DIR}/WireGuardKit/DNSResolver.swift
+    ${WG_APPLE_SOURCE_DIR}/WireGuardNetworkExtension/ErrorNotifier.swift
+    ${WG_APPLE_SOURCE_DIR}/Shared/Keychain.swift
+    ${WG_APPLE_SOURCE_DIR}/Shared/Model/TunnelConfiguration+WgQuickConfig.swift
+    ${WG_APPLE_SOURCE_DIR}/Shared/Model/NETunnelProviderProtocol+Extension.swift
+    ${WG_APPLE_SOURCE_DIR}/Shared/Model/String+ArrayConversion.swift
+    ${WG_APPLE_SOURCE_DIR}/WireGuardKit/TunnelConfiguration.swift
+    ${WG_APPLE_SOURCE_DIR}/WireGuardKit/IPAddressRange.swift
+    ${WG_APPLE_SOURCE_DIR}/WireGuardKit/Endpoint.swift
+    ${WG_APPLE_SOURCE_DIR}/WireGuardKit/DNSServer.swift
+    ${WG_APPLE_SOURCE_DIR}/WireGuardKit/InterfaceConfiguration.swift
+    ${WG_APPLE_SOURCE_DIR}/WireGuardKit/PeerConfiguration.swift
+    ${WG_APPLE_SOURCE_DIR}/Shared/FileManager+Extension.swift
+    ${WG_APPLE_SOURCE_DIR}/WireGuardKitC/x25519.c
+    ${WG_APPLE_SOURCE_DIR}/WireGuardKit/Array+ConcurrentMap.swift
+    ${WG_APPLE_SOURCE_DIR}/WireGuardKit/IPAddress+AddrInfo.swift
+    ${WG_APPLE_SOURCE_DIR}/WireGuardKit/PrivateKey.swift
+    ${CLIENT_ROOT_DIR}/platforms/macos/HevSocksTunnel.swift
+    ${CLIENT_ROOT_DIR}/platforms/macos/NELogController.swift
+    ${CLIENT_ROOT_DIR}/platforms/macos/Log.swift
+    ${CLIENT_ROOT_DIR}/platforms/macos/LogRecord.swift
+    ${CLIENT_ROOT_DIR}/platforms/macos/PacketTunnelProvider.swift
+    ${CLIENT_ROOT_DIR}/platforms/macos/PacketTunnelProvider+WireGuard.swift
+    ${CLIENT_ROOT_DIR}/platforms/macos/PacketTunnelProvider+OpenVPN.swift
+    ${CLIENT_ROOT_DIR}/platforms/macos/PacketTunnelProvider+Xray.swift
+    ${CLIENT_ROOT_DIR}/platforms/macos/WGConfig.swift
+    ${CLIENT_ROOT_DIR}/platforms/macos/iosglue.mm
+)
+
+target_sources(networkextension PRIVATE
+    ${CMAKE_CURRENT_SOURCE_DIR}/PrivacyInfo.xcprivacy
+)
+
+set_property(TARGET networkextension APPEND PROPERTY RESOURCE
+    ${CMAKE_CURRENT_SOURCE_DIR}/PrivacyInfo.xcprivacy
+)
+
+## Build wireguard-go-version.h
+execute_process(
+    COMMAND go list -m golang.zx2c4.com/wireguard
+    WORKING_DIRECTORY ${CLIENT_ROOT_DIR}/3rd/wireguard-apple/Sources/WireGuardKitGo
+    OUTPUT_VARIABLE WG_VERSION_FULL
+)
+string(REGEX REPLACE ".*v\([0-9.]*\).*" "\\1" WG_VERSION_STRING 1.1.1)
+configure_file(${CMAKE_CURRENT_SOURCE_DIR}/wireguard-go-version.h.in
+               ${CMAKE_CURRENT_BINARY_DIR}/wireguard-go-version.h)
+target_sources(networkextension PRIVATE
+    ${CMAKE_CURRENT_BINARY_DIR}/wireguard-go-version.h)
+
+target_include_directories(networkextension PRIVATE ${CLIENT_ROOT_DIR})
+target_include_directories(networkextension PRIVATE ${CMAKE_CURRENT_BINARY_DIR})
+
+target_link_libraries(networkextension PRIVATE ${CLIENT_ROOT_DIR}/3rd-prebuilt/3rd-prebuilt/wireguard/ios/arm64/libwg-go.a)
+
+# Print the root directory for debugging purposes
+# message("---------")
+# message(${CLIENT_ROOT_DIR})
+# message(${CLIENT_ROOT_DIR}/3rd-prebuilt/3rd-prebuilt/xray/HevSocks5Tunnel.xcframework/macos-arm64_x86_64/libhev-socks5-tunnel.a)
+target_link_libraries("networkextension" PRIVATE "${CLIENT_ROOT_DIR}/3rd-prebuilt/3rd-prebuilt/xray/HevSocks5Tunnel.xcframework/macos-arm64_x86_64/libhev-socks5-tunnel.a")
+
+target_include_directories(networkextension PRIVATE ${CLIENT_ROOT_DIR}/3rd-prebuilt/3rd-prebuilt/xray/HevSocks5Tunnel.xcframework/macos-arm64_x86_64/Headers)

client/macos/networkextension/Info.plist

@@ -3,27 +3,32 @@
 <plist version="1.0">
 <dict>
 	<key>CFBundleDevelopmentRegion</key>
-	<string>$(DEVELOPMENT_LANGUAGE)</string>
-	<key>CFBundleDisplayName</key>
-	<string>AmneziaVPNNetworkExtension</string>
+	<string>en</string>
 	<key>CFBundleExecutable</key>
-	<string>$(EXECUTABLE_NAME)</string>
+	<string>AmneziaVPNNetworkExtension</string>
+
 	<key>CFBundleIdentifier</key>
-	<string>$(PRODUCT_BUNDLE_IDENTIFIER)</string>
+	<string>${BUILD_IOS_APP_IDENTIFIER}.network-extension</string>
 	<key>CFBundleInfoDictionaryVersion</key>
 	<string>6.0</string>
 	<key>CFBundleName</key>
-	<string>$(PRODUCT_NAME)</string>
+	<string>AmneziaVPNNetworkExtension</string>
 	<key>CFBundlePackageType</key>
 	<string>$(PRODUCT_BUNDLE_PACKAGE_TYPE)</string>
 	<key>CFBundleShortVersionString</key>
-	<string>$(MARKETING_VERSION)</string>
+	<string>${APPLE_PROJECT_VERSION}</string>
 	<key>CFBundleVersion</key>
-	<string>$(CURRENT_PROJECT_VERSION)</string>
+	<string>${CMAKE_PROJECT_VERSION_TWEAK}</string>
+
 	<key>ITSAppUsesNonExemptEncryption</key>
 	<false/>
+
 	<key>LSMinimumSystemVersion</key>
-	<string>$(MACOSX_DEPLOYMENT_TARGET)</string>
+	<string>${CMAKE_OSX_DEPLOYMENT_TARGET}</string>
+
+	<key>CFBundleDisplayName</key>
+	<string>AmneziaVPNNetworkExtension</string>
+
 	<key>NSExtension</key>
 	<dict>
 		<key>NSExtensionPointIdentifier</key>
@@ -31,5 +36,11 @@
 		<key>NSExtensionPrincipalClass</key>
 		<string>$(PRODUCT_MODULE_NAME).PacketTunnelProvider</string>
 	</dict>
+
+	<key>com.wireguard.ios.app_group_id</key>
+	<string>group.org.amnezia.AmneziaVPN</string>
+
+	<key>com.wireguard.macos.app_group_id</key>
+	<string>${BUILD_VPN_DEVELOPMENT_TEAM}.group.org.amnezia.AmneziaVPN</string>
 </dict>
 </plist>

client/macos/networkextension/Info.plist.bk

@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>CFBundleDevelopmentRegion</key>
+	<string>$(DEVELOPMENT_LANGUAGE)</string>
+	<key>CFBundleDisplayName</key>
+	<string>AmneziaVPNNetworkExtension</string>
+	<key>CFBundleExecutable</key>
+	<string>$(EXECUTABLE_NAME)</string>
+	<key>CFBundleIdentifier</key>
+	<string>$(PRODUCT_BUNDLE_IDENTIFIER)</string>
+	<key>CFBundleInfoDictionaryVersion</key>
+	<string>6.0</string>
+	<key>CFBundleName</key>
+	<string>$(PRODUCT_NAME)</string>
+	<key>CFBundlePackageType</key>
+	<string>$(PRODUCT_BUNDLE_PACKAGE_TYPE)</string>
+	<key>CFBundleShortVersionString</key>
+	<string>$(MARKETING_VERSION)</string>
+	<key>CFBundleVersion</key>
+	<string>$(CURRENT_PROJECT_VERSION)</string>
+	<key>ITSAppUsesNonExemptEncryption</key>
+	<false/>
+	<key>LSMinimumSystemVersion</key>
+	<string>$(MACOSX_DEPLOYMENT_TARGET)</string>
+	<key>NSExtension</key>
+	<dict>
+		<key>NSExtensionPointIdentifier</key>
+		<string>com.apple.networkextension.packet-tunnel</string>
+		<key>NSExtensionPrincipalClass</key>
+		<string>$(PRODUCT_MODULE_NAME).PacketTunnelProvider</string>
+	</dict>
+</dict>
+</plist>

client/macos/networkextension/Info.plist.in

@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>CFBundleDevelopmentRegion</key>
+	<string>en</string>
+	<key>CFBundleExecutable</key>
+	<string>AmneziaVPNNetworkExtension</string>
+
+	<key>CFBundleIdentifier</key>
+	<string>${BUILD_IOS_APP_IDENTIFIER}.network-extension</string>
+	<key>CFBundleInfoDictionaryVersion</key>
+	<string>6.0</string>
+	<key>CFBundleName</key>
+	<string>AmneziaVPNNetworkExtension</string>
+	<key>CFBundlePackageType</key>
+	<string>$(PRODUCT_BUNDLE_PACKAGE_TYPE)</string>
+	<key>CFBundleShortVersionString</key>
+	<string>${APPLE_PROJECT_VERSION}</string>
+	<key>CFBundleVersion</key>
+	<string>${CMAKE_PROJECT_VERSION_TWEAK}</string>
+
+	<key>ITSAppUsesNonExemptEncryption</key>
+	<false/>
+
+	<key>LSMinimumSystemVersion</key>
+	<string>${CMAKE_OSX_DEPLOYMENT_TARGET}</string>
+
+	<key>CFBundleDisplayName</key>
+	<string>AmneziaVPNNetworkExtension</string>
+
+	<key>NSExtension</key>
+	<dict>
+		<key>NSExtensionPointIdentifier</key>
+		<string>com.apple.networkextension.packet-tunnel</string>
+		<key>NSExtensionPrincipalClass</key>
+		<string>$(PRODUCT_MODULE_NAME).PacketTunnelProvider</string>
+	</dict>
+
+	<key>com.wireguard.ios.app_group_id</key>
+	<string>group.org.amnezia.AmneziaVPN</string>
+
+	<key>com.wireguard.macos.app_group_id</key>
+	<string>${BUILD_VPN_DEVELOPMENT_TEAM}.group.org.amnezia.AmneziaVPN</string>
+</dict>
+</plist>

client/macos/networkextension/PrivacyInfo.xcprivacy

@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>NSPrivacyAccessedAPITypes</key>
+	<array>
+		<dict>
+			<key>NSPrivacyAccessedAPIType</key>
+			<string>NSPrivacyAccessedAPICategoryUserDefaults</string>
+			<key>NSPrivacyAccessedAPITypeReasons</key>
+			<array>
+				<string>1C8F.1</string>
+			</array>
+		</dict>
+		<dict>
+			<key>NSPrivacyAccessedAPIType</key>
+			<string>NSPrivacyAccessedAPICategoryFileTimestamp</string>
+			<key>NSPrivacyAccessedAPITypeReasons</key>
+			<array>
+				<string>C617.1</string>
+			</array>
+		</dict>
+	</array>
+</dict>
+</plist>

client/macos/networkextension/WireGuardNetworkExtension-Bridging-Header.h

@@ -1,10 +1,6 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "macos/gobridge/wireguard.h"
 #include "wireguard-go-version.h"
-#include "3rd/awg-apple/Sources/WireGuardKitC/WireGuardKitC.h"
+#include "3rd/amneziawg-apple/Sources/WireGuardKitGo/wireguard.h"
+#include "3rd/amneziawg-apple/Sources/WireGuardKitC/WireGuardKitC.h"
 
 #include <stdbool.h>
 #include <stdint.h>

client/macos/networkextension/WireGuardNetworkExtension-Bridging-Header.h.bk

@@ -0,0 +1,25 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "macos/gobridge/wireguard.h"
+#include "wireguard-go-version.h"
+#include "3rd/awg-apple/Sources/WireGuardKitC/WireGuardKitC.h"
+
+#include <stdbool.h>
+#include <stdint.h>
+
+#define WG_KEY_LEN (32)
+#define WG_KEY_LEN_BASE64 (45)
+#define WG_KEY_LEN_HEX (65)
+
+void key_to_base64(char base64[WG_KEY_LEN_BASE64],
+                   const uint8_t key[WG_KEY_LEN]);
+bool key_from_base64(uint8_t key[WG_KEY_LEN], const char* base64);
+
+void key_to_hex(char hex[WG_KEY_LEN_HEX], const uint8_t key[WG_KEY_LEN]);
+bool key_from_hex(uint8_t key[WG_KEY_LEN], const char* hex);
+
+bool key_eq(const uint8_t key1[WG_KEY_LEN], const uint8_t key2[WG_KEY_LEN]);
+
+void write_msg_to_log(const char* tag, const char* msg);

client/macos/networkextension/wireguard-go-version.h.in

@@ -0,0 +1,3 @@
+#ifndef WIREGUARD_GO_VERSION
+#define WIREGUARD_GO_VERSION "@WG_VERSION_STRING@"
+#endif // WIREGUARD_GO_VERSION

client/macos/scripts/clangwrap.sh

@@ -0,0 +1,14 @@
+#!/bin/sh
+
+# go/clangwrap.sh
+
+SDK_PATH=`xcrun --sdk $SDK --show-sdk-path`
+CLANG=`xcrun --sdk $SDK --find clang`
+
+if [ "$GOARCH" == "amd64" ]; then
+    CARCH="x86_64"
+elif [ "$GOARCH" == "arm64" ]; then
+    CARCH="arm64"
+fi
+
+exec $CLANG -arch $CARCH -isysroot $SDK_PATH -mios-version-min=10.0 "$@"

client/macos/scripts/openvpn.sh

@@ -0,0 +1,29 @@
+XCODEBUILD="/usr/bin/xcodebuild"
+WORKINGDIR=`pwd`
+PATCH="/usr/bin/patch"
+
+# Copy the Project.xcconfig settings to amnezia.xcconfig
+cat $WORKINGDIR/3rd/OpenVPNAdapter/Configuration/Project.xcconfig > $WORKINGDIR/3rd/OpenVPNAdapter/Configuration/amnezia.xcconfig
+
+# Append macOS-specific build directory configurations to amnezia.xcconfig
+cat << EOF >> $WORKINGDIR/3rd/OpenVPNAdapter/Configuration/amnezia.xcconfig
+PROJECT_TEMP_DIR = $WORKINGDIR/3rd/OpenVPNAdapter/build/OpenVPNAdapter.build
+CONFIGURATION_BUILD_DIR = $WORKINGDIR/3rd/OpenVPNAdapter/build/Release-macos
+BUILT_PRODUCTS_DIR = $WORKINGDIR/3rd/OpenVPNAdapter/build/Release-macos
+EOF
+
+# Fetch the current macOS SDK version dynamically
+MACOSX_SDK=macosx15.0
+cd 3rd/OpenVPNAdapter
+
+# Build for macOS using the correct SDK and destination
+if $XCODEBUILD -scheme OpenVPNAdapter -configuration Release -xcconfig Configuration/amnezia.xcconfig -sdk $MACOSX_SDK -destination 'generic/platform=macOS' -project OpenVPNAdapter.xcodeproj ; then
+  echo "OpenVPNAdapter built successfully for macOS"
+else
+  echo "OpenVPNAdapter macOS build failed ..."
+fi
+
+# Remove CodeSignature if needed for macOS
+rm -rf ./build/Release-macos/OpenVPNAdapter.framework/Versions/A/_CodeSignature
+
+cd ../../

client/platforms/ios/HevSocksTunnel.swift

@@ -0,0 +1,74 @@
+import Darwin
+import SystemConfiguration
+
+public enum Socks5Tunnel {
+
+    private static var tunnelFileDescriptor: Int32? {
+        var ctlInfo = ctl_info()
+        withUnsafeMutablePointer(to: &ctlInfo.ctl_name) {
+            $0.withMemoryRebound(to: CChar.self, capacity: MemoryLayout.size(ofValue: $0.pointee)) {
+                _ = strcpy($0, "com.apple.net.utun_control") // strcpy comes from Darwin
+            }
+        }
+        for fd: Int32 in 0...1024 {
+            var addr = sockaddr_ctl()
+            var ret: Int32 = -1
+            var len = socklen_t(MemoryLayout.size(ofValue: addr)) // socklen_t comes from Darwin
+            withUnsafeMutablePointer(to: &addr) {
+                $0.withMemoryRebound(to: sockaddr.self, capacity: 1) { // sockaddr from Darwin
+                    ret = getpeername(fd, $0, &len) // getpeername from Darwin
+                }
+            }
+            if ret != 0 || addr.sc_family != AF_SYSTEM { // AF_SYSTEM from Darwin
+                continue
+            }
+            if ctlInfo.ctl_id == 0 {
+                ret = ioctl(fd, CTLIOCGINFO, &ctlInfo) // ioctl from Darwin
+                if ret != 0 {
+                    continue
+                }
+            }
+            if addr.sc_id == ctlInfo.ctl_id {
+                return fd
+            }
+        }
+        return nil
+    }
+
+    private static var interfaceName: String? {
+        guard let tunnelFileDescriptor = self.tunnelFileDescriptor else {
+            return nil
+        }
+        var buffer = [UInt8](repeating: 0, count: Int(IFNAMSIZ)) // IFNAMSIZ from Darwin
+        return buffer.withUnsafeMutableBufferPointer { mutableBufferPointer in
+            guard let baseAddress = mutableBufferPointer.baseAddress else {
+                return nil
+            }
+            var ifnameSize = socklen_t(IFNAMSIZ) // socklen_t and IFNAMSIZ from Darwin
+            let result = getsockopt(
+                tunnelFileDescriptor,
+                2 /* SYSPROTO_CONTROL */,
+                2 /* UTUN_OPT_IFNAME */,
+                baseAddress,
+                &ifnameSize
+            )
+            if result == 0 {
+                return String(cString: baseAddress)
+            } else {
+                return nil
+            }
+        }
+    }
+
+    @discardableResult
+    public static func run(withConfig filePath: String) -> Int32 {
+        guard let fileDescriptor = self.tunnelFileDescriptor else {
+            fatalError("Get tunnel file descriptor failed.")
+        }
+        return hev_socks5_tunnel_main(filePath.cString(using: .utf8), fileDescriptor)
+    }
+
+    public static func quit() {
+        hev_socks5_tunnel_quit()
+    }
+}

client/platforms/ios/NELogController.swift

@@ -13,6 +13,10 @@ public func ovpnLog(_ type: OSLogType, title: String = "", message: String) {
     neLog(type, title: "OVPN: \(title)", message: message)
 }
 
+public func xrayLog(_ type: OSLogType, title: String = "", message: String) {
+    neLog(type, title: "XRAY: \(title)", message: message)
+}
+
 public func neLog(_ type: OSLogType, title: String = "", message: String) {
     Log.log(type, title: "NE: \(title)", message: message)
 }

client/platforms/ios/PacketTunnelProvider+Xray.swift

@@ -0,0 +1,166 @@
+import Foundation
+import NetworkExtension
+import WireGuardKitGo
+
+enum XrayErrors: Error {
+    case noXrayConfig
+    case cantSaveXrayConfig
+    case cantParseListenAndPort
+    case cantSaveHevSocksConfig
+}
+
+extension Constants {
+    static let cachesDirectory: URL = {
+        if let cachesDirectoryURL = FileManager.default.urls(for: .cachesDirectory,
+                                                             in: .userDomainMask).first {
+            return cachesDirectoryURL
+        } else {
+            fatalError("Unable to retrieve caches directory.")
+        }
+    }()
+}
+
+extension PacketTunnelProvider {
+    func startXray(completionHandler: @escaping (Error?) -> Void) {
+
+        // Xray configuration
+        guard let protocolConfiguration = self.protocolConfiguration as? NETunnelProviderProtocol,
+              let providerConfiguration = protocolConfiguration.providerConfiguration,
+              let xrayConfigData = providerConfiguration[Constants.xrayConfigKey] as? Data else {
+            xrayLog(.error, message: "Can't get xray configuration")
+            completionHandler(XrayErrors.noXrayConfig)
+            return
+        }
+
+        // Tunnel settings
+        let ipv6Enabled = true
+        let hideVPNIcon = false
+
+        let settings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: "254.1.1.1")
+        settings.mtu = 9000
+
+        settings.ipv4Settings = {
+            let settings = NEIPv4Settings(addresses: ["198.18.0.1"], subnetMasks: ["255.255.0.0"])
+            settings.includedRoutes = [NEIPv4Route.default()]
+            return settings
+        }()
+
+        settings.ipv6Settings = {
+            guard ipv6Enabled else {
+                return nil
+            }
+            let settings = NEIPv6Settings(addresses: ["fd6e:a81b:704f:1211::1"], networkPrefixLengths: [64])
+            settings.includedRoutes = [NEIPv6Route.default()]
+            if hideVPNIcon {
+                settings.excludedRoutes = [NEIPv6Route(destinationAddress: "::", networkPrefixLength: 128)]
+            }
+            return settings
+        }()
+
+        let dns = ["8.8.4.4","1.1.1.1"]
+        settings.dnsSettings = NEDNSSettings(servers: dns)
+
+        do {
+            let port = 10808
+            let address = "::1"
+
+            let jsonDict = try JSONSerialization.jsonObject(with: xrayConfigData,
+                                                            options: []) as? [String: Any]
+
+            guard var jsonDict else {
+                xrayLog(.error, message: "Can't parse address and port for hevSocks")
+                completionHandler(XrayErrors.cantParseListenAndPort)
+                return
+            }
+
+            if var inboundsArray = jsonDict["inbounds"] as? [[String: Any]], !inboundsArray.isEmpty {
+                inboundsArray[0]["port"] = port
+                inboundsArray[0]["listen"] = address
+                jsonDict["inbounds"] = inboundsArray
+            }
+
+            let updatedData = try JSONSerialization.data(withJSONObject: jsonDict, options: [])
+
+            setTunnelNetworkSettings(settings) { [weak self] error in
+                if let error {
+                    completionHandler(error)
+                    return
+                }
+
+                // Launch xray
+                self?.setupAndStartXray(configData: updatedData) { xrayError in
+                    if let xrayError {
+                        completionHandler(xrayError)
+                        return
+                    }
+
+                    // Launch hevSocks
+                    self?.setupAndRunTun2socks(configData: updatedData,
+                                               address: address,
+                                               port: port,
+                                               completionHandler: completionHandler)
+                }
+            }
+        } catch {
+            completionHandler(error)
+            return
+        }
+    }
+
+    func stopXray(completionHandler: () -> Void) {
+        Socks5Tunnel.quit()
+        LibXrayStopXray()
+        completionHandler()
+    }
+
+    private func setupAndStartXray(configData: Data,
+                                   completionHandler: @escaping (Error?) -> Void) {
+        let path = Constants.cachesDirectory.appendingPathComponent("config.json", isDirectory: false).path
+        guard FileManager.default.createFile(atPath: path, contents: configData) else {
+            xrayLog(.error, message: "Can't save xray configuration")
+            completionHandler(XrayErrors.cantSaveXrayConfig)
+            return
+        }
+
+        LibXrayRunXray(nil,
+                       path,
+                       Int64.max)
+
+        completionHandler(nil)
+        xrayLog(.info, message: "Xray started")
+    }
+
+    private func setupAndRunTun2socks(configData: Data,
+                                      address: String,
+                                      port: Int,
+                                      completionHandler: @escaping (Error?) -> Void) {
+        let config = """
+        tunnel:
+          mtu: 9000
+        socks5:
+          port: \(port)
+          address: \(address)
+          udp: 'udp'
+        misc:
+          task-stack-size: 20480
+          connect-timeout: 5000
+          read-write-timeout: 60000
+          log-file: stderr
+          log-level: error
+          limit-nofile: 65535
+        """
+
+        let configurationFilePath = Constants.cachesDirectory.appendingPathComponent("config.yml", isDirectory: false).path
+        guard FileManager.default.createFile(atPath: configurationFilePath, contents: config.data(using: .utf8)!) else {
+            xrayLog(.info, message: "Cant save hevSocks configuration")
+            completionHandler(XrayErrors.cantSaveHevSocksConfig)
+            return
+        }
+
+        DispatchQueue.global().async {
+            xrayLog(.info, message: "Hev socks started")
+            completionHandler(nil)
+            Socks5Tunnel.run(withConfig: configurationFilePath)
+        }
+    }
+}

client/platforms/ios/PacketTunnelProvider.swift

@@ -5,7 +5,8 @@ import Darwin
 import OpenVPNAdapter
 
 enum TunnelProtoType: String {
-  case wireguard, openvpn
+  case wireguard, openvpn, xray
+
 }
 
 struct Constants {
@@ -13,6 +14,7 @@ struct Constants {
   static let processQueueName = "org.amnezia.process-packets"
   static let kActivationAttemptId = "activationAttemptId"
   static let ovpnConfigKey = "ovpn"
+  static let xrayConfigKey = "xray"
   static let wireGuardConfigKey = "wireguard"
   static let loggerTag = "NET"
   
@@ -91,6 +93,8 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
                 protoType = .openvpn
             } else if (providerConfiguration?[Constants.wireGuardConfigKey] as? Data) != nil {
                 protoType = .wireguard
+            } else if (providerConfiguration?[Constants.xrayConfigKey] as? Data) != nil {
+                protoType = .xray
             }
         }
 
@@ -107,6 +111,9 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
                            completionHandler: completionHandler)
         case .openvpn:
             startOpenVPN(completionHandler: completionHandler)
+        case .xray:
+            startXray(completionHandler: completionHandler)
+
         }
     }
 
@@ -124,6 +131,8 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
         case .openvpn:
             stopOpenVPN(with: reason,
                         completionHandler: completionHandler)
+        case .xray:
+            stopXray(completionHandler: completionHandler)
         }
     }
   
@@ -138,6 +147,8 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
             handleWireguardStatusMessage(messageData, completionHandler: completionHandler)
         case .openvpn:
             handleOpenVPNStatusMessage(messageData, completionHandler: completionHandler)
+        case .xray:
+            break;
         }
     }
   

client/platforms/ios/QRCodeReaderBase.h

@@ -8,14 +8,6 @@ class QRCodeReader: public QObject {
     Q_OBJECT
 
 public:
-    QRCodeReader();
-
-    QRect cameraSize();
-
-public slots:
-    void startReading();
-    void stopReading();
-    void setCameraSize(QRect value);
 
 signals:
     void codeReaded(QString code);

client/platforms/ios/QRCodeReaderBase.mm

@@ -1,12 +1,12 @@
 #include "QRCodeReaderBase.h"
 
-#import <UIKit/UIKit.h>
+//#import <UIKit/UIKit.h>
 #import <AVFoundation/AVFoundation.h>
 
-@interface QRCodeReaderImpl : UIViewController
-@end
+//@interface QRCodeReaderImpl : UIViewController
+//@end
 
-@interface QRCodeReaderImpl () <AVCaptureMetadataOutputObjectsDelegate>
+/*@interface QRCodeReaderImpl () <AVCaptureMetadataOutputObjectsDelegate>
 @property (nonatomic) QRCodeReader* qrCodeReader;
 @property (nonatomic, strong) AVCaptureSession *captureSession;
 @property (nonatomic, strong) AVCaptureVideoPreviewLayer *videoPreviewPlayer;
@@ -15,15 +15,15 @@
 
 @implementation QRCodeReaderImpl
 
-- (void)viewDidLoad {
-    [super viewDidLoad];
+//- (void)viewDidLoad {
+//    [super viewDidLoad];
 
-    _captureSession = nil;
-}
+//    _captureSession = nil;
+//}
 
-- (void)setQrCodeReader: (QRCodeReader*)value {
-    _qrCodeReader = value;
-}
+//- (void)setQrCodeReader: (QRCodeReader*)value {
+//    _qrCodeReader = value;
+//}
 
 - (BOOL)startReading {
     NSError *error;
@@ -49,7 +49,7 @@
 
     _videoPreviewPlayer = [[AVCaptureVideoPreviewLayer alloc] initWithSession: _captureSession];
     
-    CGFloat statusBarHeight = [UIApplication sharedApplication].statusBarFrame.size.height;
+    //CGFloat statusBarHeight = [UIApplication sharedApplication].statusBarFrame.size.height;
 
     QRect cameraRect = _qrCodeReader->cameraSize();
     CGRect cameraCGRect = CGRectMake(cameraRect.x(),
@@ -60,7 +60,7 @@
     [_videoPreviewPlayer setVideoGravity: AVLayerVideoGravityResizeAspectFill];
     [_videoPreviewPlayer setFrame: cameraCGRect];
 
-    CALayer* layer = [UIApplication sharedApplication].keyWindow.layer;
+   // CALayer* layer = [UIApplication sharedApplication].keyWindow.layer;
     [layer addSublayer: _videoPreviewPlayer];
 
     [_captureSession startRunning];
@@ -107,4 +107,4 @@ void QRCodeReader::startReading() {
 
 void QRCodeReader::stopReading() {
     [m_qrCodeReader stopReading];
-}
+}*/

client/platforms/ios/QtAppDelegate.h

@@ -1,4 +1,4 @@
-#import <UIKit/UIKit.h>
+//#import <UIKit/UIKit.h>
 
 @interface QIOSApplicationDelegate
 @end

client/platforms/ios/QtAppDelegate.mm

@@ -6,7 +6,7 @@
 
 @implementation QIOSApplicationDelegate (AmneziaVPNDelegate)
 
-- (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions
+/*- (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions
 {
     [application setMinimumBackgroundFetchInterval: UIApplicationBackgroundFetchIntervalMinimum];
     // Override point for customization after application launch.
@@ -56,6 +56,6 @@
         return YES;
     }
     return NO;
-}
+}*/
 
 @end

client/platforms/ios/ScreenProtection.swift

@@ -1,87 +1,10 @@
-import UIKit
+//import UIKit
 
 public func toggleScreenshots(_ isEnabled: Bool) {
-  let window = UIApplication.shared.keyWindows.first!
-
-  if isEnabled {
-    ScreenProtection.shared.disable(for: window.rootViewController!.view)
-  } else {
-    ScreenProtection.shared.enable(for: window.rootViewController!.view)
-  }
-}
-
-extension UIApplication {
-  var keyWindows: [UIWindow] {
-    connectedScenes
-      .compactMap {
-        if #available(iOS 15.0, *) {
-          ($0 as? UIWindowScene)?.keyWindow
-        } else {
-          ($0 as? UIWindowScene)?.windows.first { $0.isKeyWindow }
-        }
-      }
-  }
+  
 }
 
 class ScreenProtection {
-  public static let shared = ScreenProtection()
 
-  var pairs = [ProtectionPair]()
 
-  private var blurView: UIVisualEffectView?
-  private var recordingObservation: NSKeyValueObservation?
-
-  public func enable(for view: UIView) {
-    DispatchQueue.main.asyncAfter(deadline: .now() + 1.0) {
-      view.subviews.forEach {
-        self.pairs.append(ProtectionPair(from: $0))
-      }
-    }
-  }
-
-  public func disable(for view: UIView) {
-    DispatchQueue.main.asyncAfter(deadline: .now() + 1.0) {
-      self.pairs.forEach {
-        $0.removeProtection()
-      }
-
-      self.pairs.removeAll()
-    }
-  }
-}
-
-struct ProtectionPair {
-  let textField: UITextField
-  let layer: CALayer
-
-  init(from view: UIView) {
-    let secureTextField = UITextField()
-    secureTextField.backgroundColor = .clear
-    secureTextField.translatesAutoresizingMaskIntoConstraints = false
-    secureTextField.isSecureTextEntry = true
-
-    view.insertSubview(secureTextField, at: 0)
-    secureTextField.isUserInteractionEnabled = false
-
-    view.layer.superlayer?.addSublayer(secureTextField.layer)
-    secureTextField.layer.sublayers?.last?.addSublayer(view.layer)
-
-    secureTextField.topAnchor.constraint(equalTo: view.topAnchor, constant: 0).isActive = true
-    secureTextField.bottomAnchor.constraint(equalTo: view.bottomAnchor, constant: 0).isActive = true
-    secureTextField.leadingAnchor.constraint(equalTo: view.leadingAnchor, constant: 0).isActive = true
-    secureTextField.trailingAnchor.constraint(equalTo: view.trailingAnchor, constant: 0).isActive = true
-
-    self.init(textField: secureTextField, layer: view.layer)
-  }
-
-  init(textField: UITextField, layer: CALayer) {
-    self.textField = textField
-    self.layer = layer
-  }
-
-  func removeProtection() {
-    textField.superview?.superview?.layer.addSublayer(layer)
-    textField.layer.removeFromSuperlayer()
-    textField.removeFromSuperview()
-  }
 }

client/platforms/ios/WGConfig.swift

@@ -13,7 +13,7 @@ struct WGConfig: Decodable {
   let clientIP: String
   let clientPrivateKey: String
   let serverPublicKey: String
-  let presharedKey: String
+  let presharedKey: String?
   var allowedIPs: [String]
   var persistentKeepAlive: String
   let splitTunnelType: Int
@@ -65,7 +65,7 @@ struct WGConfig: Decodable {
     \(settings)
     [Peer]
     PublicKey = \(serverPublicKey)
-    PresharedKey = \(presharedKey)
+    \(presharedKey == nil ? "" : "PresharedKey = \(presharedKey!)")
     AllowedIPs = \(allowedIPs.joined(separator: ", "))
     Endpoint = \(hostName):\(port)
     PersistentKeepalive = \(persistentKeepAlive)

client/platforms/ios/ios_controller.h

@@ -72,9 +72,11 @@ private:
     bool setupCloak();
     bool setupWireGuard();
     bool setupAwg();
+    bool setupXray();
 
     bool startOpenVPN(const QString &config);
     bool startWireGuard(const QString &jsonConfig);
+    bool startXray(const QString &jsonConfig);
 
     void startTunnel();
 

client/platforms/ios/ios_controller.mm

@@ -11,6 +11,8 @@
 #include "../protocols/vpnprotocol.h"
 #import "ios_controller_wrapper.h"
 
+#include <Security/Security.h>
+
 const char* Action::start = "start";
 const char* Action::restart = "restart";
 const char* Action::stop = "stop";
@@ -27,14 +29,34 @@ const char* MessageKey::isOnDemand = "is-on-demand";
 const char* MessageKey::SplitTunnelType = "SplitTunnelType";
 const char* MessageKey::SplitTunnelSites = "SplitTunnelSites";
 
-static UIViewController* getViewController() {
-    NSArray *windows = [[UIApplication sharedApplication]windows];
-    for (UIWindow *window in windows) {
-        if (window.isKeyWindow) {
-            return window.rootViewController;
-        }
+//static UIViewController* getViewController() {
+//    NSArray *windows = [[UIApplication sharedApplication]windows];
+//    for (UIWindow *window in windows) {
+//        if (window.isKeyWindow) {
+//            return window.rootViewController;
+//        }
+//    }
+//    return nil;
+//}
+
+OSStatus requestAuthorization() {
+    AuthorizationRef authRef;
+    OSStatus status = AuthorizationCreate(NULL, kAuthorizationEmptyEnvironment, kAuthorizationFlagDefaults, &authRef);
+    if (status != errAuthorizationSuccess) {
+        qDebug() << "Authorization failed with status:" << status;
+        return status;
     }
-    return nil;
+
+    AuthorizationItem authItem = {kAuthorizationRightExecute, 0, NULL, 0};
+    AuthorizationRights authRights = {1, &authItem};
+    AuthorizationFlags flags = kAuthorizationFlagDefaults | kAuthorizationFlagInteractionAllowed | kAuthorizationFlagExtendRights;
+
+    status = AuthorizationCopyRights(authRef, &authRights, NULL, flags, NULL);
+    if (status != errAuthorizationSuccess) {
+        qDebug() << "Authorization rights copy failed with status:" << status;
+    }
+
+    return status;
 }
 
 Vpn::ConnectionState iosStatusToState(NEVPNStatus status) {
@@ -84,6 +106,11 @@ IosController* IosController::Instance() {
 
 bool IosController::initialize()
 {
+    if (requestAuthorization() != errAuthorizationSuccess) {
+        emit connectionStateChanged(Vpn::ConnectionState::Error);
+        return false;
+    }
+    
     __block bool ok = true;
     [NETunnelProviderManager loadAllFromPreferencesWithCompletionHandler:^(NSArray<NETunnelProviderManager *> * _Nullable managers, NSError * _Nullable error) {
         @try {
@@ -216,6 +243,9 @@ bool IosController::connectVpn(amnezia::Proto proto, const QJsonObject& configur
     if (proto == amnezia::Proto::Awg) {
         return setupAwg();
     }
+    if (proto == amnezia::Proto::Xray) {
+        return setupXray();
+    }
 
     return false;
 }
@@ -501,6 +531,15 @@ bool IosController::setupWireGuard()
     return startWireGuard(wgConfigDocStr);
 }
 
+bool IosController::setupXray()
+{
+    QJsonObject config = m_rawConfig[ProtocolProps::key_proto_config_data(amnezia::Proto::Xray)].toObject();
+    QJsonDocument xrayConfigDoc(config);
+    QString xrayConfigStr(xrayConfigDoc.toJson(QJsonDocument::Compact));
+
+    return startXray(xrayConfigStr);
+}
+
 bool IosController::setupAwg()
 {
     QJsonObject config = m_rawConfig[ProtocolProps::key_proto_config_data(amnezia::Proto::Awg)].toObject();
@@ -590,6 +629,20 @@ bool IosController::startWireGuard(const QString &config)
     startTunnel();
 }
 
+bool IosController::startXray(const QString &config)
+{
+    qDebug() << "IosController::startXray";
+
+    NETunnelProviderProtocol *tunnelProtocol = [[NETunnelProviderProtocol alloc] init];
+    tunnelProtocol.providerBundleIdentifier = [NSString stringWithUTF8String:VPN_NE_BUNDLEID];
+    tunnelProtocol.providerConfiguration = @{@"xray": [[NSString stringWithUTF8String:config.toStdString().c_str()] dataUsingEncoding:NSUTF8StringEncoding]};
+    tunnelProtocol.serverAddress = m_serverAddress;
+
+    m_currentTunnel.protocolConfiguration = tunnelProtocol;
+
+    startTunnel();
+}
+
 void IosController::startTunnel()
 {
     NSString *protocolName = @"Unknown";
@@ -722,24 +775,24 @@ bool IosController::shareText(const QStringList& filesToSend) {
         [sharingItems addObject:logFileUrl];
     }
 
-    UIViewController *qtController = getViewController();
-    if (!qtController) return;
+  //  UIViewController *qtController = getViewController();
+  //  if (!qtController) return;
 
-    UIActivityViewController *activityController = [[UIActivityViewController alloc] initWithActivityItems:sharingItems applicationActivities:nil];
+  //  UIActivityViewController *activityController = [[UIActivityViewController alloc] initWithActivityItems:sharingItems applicationActivities:nil];
     
     __block bool isAccepted = false;
     
-    [activityController setCompletionWithItemsHandler:^(NSString *activityType, BOOL completed, NSArray *returnedItems, NSError *activityError) {
-        isAccepted = completed;
-        emit finished();
-    }];
+ //   [activityController setCompletionWithItemsHandler:^(NSString *activityType, BOOL completed, NSArray *returnedItems, NSError *activityError) {
+ //       isAccepted = completed;
+ //       emit finished();
+ //   }];
 
-    [qtController presentViewController:activityController animated:YES completion:nil];
-    UIPopoverPresentationController *popController = activityController.popoverPresentationController;
-    if (popController) {
-        popController.sourceView = qtController.view;
-        popController.sourceRect = CGRectMake(100, 100, 100, 100);
-    }
+//    [qtController presentViewController:activityController animated:YES completion:nil];
+//    UIPopoverPresentationController *popController = activityController.popoverPresentationController;
+//    if (popController) {
+//        popController.sourceView = qtController.view;
+//        popController.sourceRect = CGRectMake(100, 100, 100, 100);
+//    }
     
     QEventLoop wait;
     QObject::connect(this, &IosController::finished, &wait, &QEventLoop::quit);
@@ -749,26 +802,26 @@ bool IosController::shareText(const QStringList& filesToSend) {
 }
 
 QString IosController::openFile() {
-    UIDocumentPickerViewController *documentPicker = [[UIDocumentPickerViewController alloc] initWithDocumentTypes:@[@"public.item"] inMode:UIDocumentPickerModeOpen];
+ //   UIDocumentPickerViewController *documentPicker = [[UIDocumentPickerViewController alloc] initWithDocumentTypes:@[@"public.item"] inMode:UIDocumentPickerModeOpen];
 
-    DocumentPickerDelegate *documentPickerDelegate = [[DocumentPickerDelegate alloc] init];
-    documentPicker.delegate = documentPickerDelegate;
+ //   DocumentPickerDelegate *documentPickerDelegate = [[DocumentPickerDelegate alloc] init];
+ //   documentPicker.delegate = documentPickerDelegate;
 
-    UIViewController *qtController = getViewController();
-    if (!qtController) return;
+ //   UIViewController *qtController = getViewController();
+ //  if (!qtController) return;
 
-    [qtController presentViewController:documentPicker animated:YES completion:nil];
+ //   [qtController presentViewController:documentPicker animated:YES completion:nil];
     
     __block QString filePath;
 
-    documentPickerDelegate.documentPickerClosedCallback = ^(NSString *path) {
-        if (path) {
-            filePath = QString::fromUtf8(path.UTF8String);
-        } else {
-            filePath = QString();
-        }
-        emit finished();
-    };
+ //   documentPickerDelegate.documentPickerClosedCallback = ^(NSString *path) {
+ //       if (path) {
+ //           filePath = QString::fromUtf8(path.UTF8String);
+ //       } else {
+ //           filePath = QString();
+ //       }
+ //       emit finished();
+ //   };
 
     QEventLoop wait;
     QObject::connect(this, &IosController::finished, &wait, &QEventLoop::quit);

client/platforms/ios/ios_controller_wrapper.h

@@ -1,7 +1,7 @@
 #import <NetworkExtension/NetworkExtension.h>
 #import <NetworkExtension/NETunnelProviderSession.h>
 #import <Foundation/Foundation.h>
-#include <UIKit/UIKit.h>
+//#include <UIKit/UIKit.h>
 #include <Security/Security.h>
 
 class IosController;
@@ -18,8 +18,8 @@ class IosController;
 
 typedef void (^DocumentPickerClosedCallback)(NSString *path);
 
-@interface DocumentPickerDelegate : NSObject <UIDocumentPickerDelegate>
+//@interface DocumentPickerDelegate : NSObject <UIDocumentPickerDelegate>
 
-@property (nonatomic, copy) DocumentPickerClosedCallback documentPickerClosedCallback;
+//@property (nonatomic, copy) DocumentPickerClosedCallback documentPickerClosedCallback;
 
-@end
+//@end

client/platforms/ios/ios_controller_wrapper.mm

@@ -26,20 +26,20 @@
 
 @end
 
-@implementation DocumentPickerDelegate 
+//@implementation DocumentPickerDelegate
 
-- (void)documentPicker:(UIDocumentPickerViewController *)controller didPickDocumentsAtURLs:(NSArray<NSURL *> *)urls {
-    for (NSURL *url in urls) {
-        if (self.documentPickerClosedCallback) {
-            self.documentPickerClosedCallback([url path]);
-        }
-    }
-}
+//- (void)documentPicker:(UIDocumentPickerViewController *)controller didPickDocumentsAtURLs:(NSArray<NSURL *> *)urls {
+//    for (NSURL *url in urls) {
+//        if (self.documentPickerClosedCallback) {
+//            self.documentPickerClosedCallback([url path]);
+//        }
+//    }
+//}
     
-- (void)documentPickerWasCancelled:(UIDocumentPickerViewController *)controller {
-    if (self.documentPickerClosedCallback) {
-        self.documentPickerClosedCallback(nil);
-    }
-}
+//- (void)documentPickerWasCancelled:(UIDocumentPickerViewController *)controller {
+//    if (self.documentPickerClosedCallback) {
+//        self.documentPickerClosedCallback(nil);
+//    }
+//}
 
-@end
+//@end

client/platforms/ios/iosnotificationhandler.mm

@@ -6,8 +6,9 @@
 
 #import <UserNotifications/UserNotifications.h>
 #import <Foundation/Foundation.h>
-#import <UIKit/UIKit.h>
+//#import <UIKit/UIKit.h>
 
+/*
 @interface IOSNotificationDelegate
     : UIResponder <UIApplicationDelegate, UNUserNotificationCenterDelegate> {
   IOSNotificationHandler* m_iosNotificationHandler;
@@ -86,4 +87,4 @@ void IOSNotificationHandler::notify(NotificationHandler::Message type, const QSt
                NSLog(@"Local Notification failed");
              }
            }];
-}
+}*/

client/platforms/macos/HevSocksTunnel.swift

@@ -0,0 +1,74 @@
+import Darwin
+import SystemConfiguration
+
+public enum Socks5Tunnel {
+
+    private static var tunnelFileDescriptor: Int32? {
+        var ctlInfo = ctl_info()
+        withUnsafeMutablePointer(to: &ctlInfo.ctl_name) {
+            $0.withMemoryRebound(to: CChar.self, capacity: MemoryLayout.size(ofValue: $0.pointee)) {
+                _ = strcpy($0, "com.apple.net.utun_control") // strcpy comes from Darwin
+            }
+        }
+        for fd: Int32 in 0...1024 {
+            var addr = sockaddr_ctl()
+            var ret: Int32 = -1
+            var len = socklen_t(MemoryLayout.size(ofValue: addr)) // socklen_t comes from Darwin
+            withUnsafeMutablePointer(to: &addr) {
+                $0.withMemoryRebound(to: sockaddr.self, capacity: 1) { // sockaddr from Darwin
+                    ret = getpeername(fd, $0, &len) // getpeername from Darwin
+                }
+            }
+            if ret != 0 || addr.sc_family != AF_SYSTEM { // AF_SYSTEM from Darwin
+                continue
+            }
+            if ctlInfo.ctl_id == 0 {
+                ret = ioctl(fd, CTLIOCGINFO, &ctlInfo) // ioctl from Darwin
+                if ret != 0 {
+                    continue
+                }
+            }
+            if addr.sc_id == ctlInfo.ctl_id {
+                return fd
+            }
+        }
+        return nil
+    }
+
+    private static var interfaceName: String? {
+        guard let tunnelFileDescriptor = self.tunnelFileDescriptor else {
+            return nil
+        }
+        var buffer = [UInt8](repeating: 0, count: Int(IFNAMSIZ)) // IFNAMSIZ from Darwin
+        return buffer.withUnsafeMutableBufferPointer { mutableBufferPointer in
+            guard let baseAddress = mutableBufferPointer.baseAddress else {
+                return nil
+            }
+            var ifnameSize = socklen_t(IFNAMSIZ) // socklen_t and IFNAMSIZ from Darwin
+            let result = getsockopt(
+                tunnelFileDescriptor,
+                2 /* SYSPROTO_CONTROL */,
+                2 /* UTUN_OPT_IFNAME */,
+                baseAddress,
+                &ifnameSize
+            )
+            if result == 0 {
+                return String(cString: baseAddress)
+            } else {
+                return nil
+            }
+        }
+    }
+
+    @discardableResult
+    public static func run(withConfig filePath: String) -> Int32 {
+        guard let fileDescriptor = self.tunnelFileDescriptor else {
+            fatalError("Get tunnel file descriptor failed.")
+        }
+        return hev_socks5_tunnel_main(filePath.cString(using: .utf8), fileDescriptor)
+    }
+
+    public static func quit() {
+        hev_socks5_tunnel_quit()
+    }
+}

client/platforms/macos/Log.swift

@@ -0,0 +1,122 @@
+import Foundation
+import os.log
+
+struct Log {
+  static let osLog = Logger()
+
+  private static let IsLoggingEnabledKey = "IsLoggingEnabled"
+  static var isLoggingEnabled: Bool {
+    get {
+      sharedUserDefaults.bool(forKey: IsLoggingEnabledKey)
+    }
+    set {
+      sharedUserDefaults.setValue(newValue, forKey: IsLoggingEnabledKey)
+    }
+  }
+
+  private static let appGroupID = "group.org.amnezia.AmneziaVPN"
+
+  static let appLogURL = {
+    let sharedContainerURL = FileManager.default.containerURL(forSecurityApplicationGroupIdentifier: appGroupID)!
+    return sharedContainerURL.appendingPathComponent("app.log", isDirectory: false)
+  }()
+
+  static let neLogURL = {
+    let sharedContainerURL = FileManager.default.containerURL(forSecurityApplicationGroupIdentifier: appGroupID)!
+    return sharedContainerURL.appendingPathComponent("ne.log", isDirectory: false)
+  }()
+
+  private static var sharedUserDefaults = {
+    UserDefaults(suiteName: appGroupID)!
+  }()
+
+  static let dateFormatter: DateFormatter = {
+    let dateFormatter = DateFormatter()
+    dateFormatter.dateFormat = "yyyy-MM-dd HH:mm:ss"
+    return dateFormatter
+  }()
+
+  var records = [Record]()
+
+  var lastRecordDate = Date.distantPast
+
+  init() {
+    self.records = []
+  }
+
+  init(_ str: String) {
+    records = str.split(whereSeparator: \.isNewline)
+      .map {
+        if let record = Record(String($0)) {
+          lastRecordDate = record.date
+          return record
+        } else {
+          return Record(date: lastRecordDate, level: .error, message: "LOG: \($0)")
+        }
+      }
+  }
+
+  init?(at url: URL) {
+    if !FileManager.default.fileExists(atPath: url.path) {
+      guard (try? "".data(using: .utf8)?.write(to: url)) != nil else { return nil }
+    }
+
+    guard let fileHandle = try? FileHandle(forUpdating: url) else { return nil }
+
+    defer { fileHandle.closeFile() }
+
+    guard
+      let data = try? fileHandle.readToEnd(),
+      let str = String(data: data, encoding: .utf8) else {
+      return nil
+    }
+
+    self.init(str)
+  }
+
+  static func log(_ type: OSLogType, title: String = "", message: String, url: URL = neLogURL) {
+    NSLog("\(title) \(message)")
+
+    guard isLoggingEnabled else { return }
+
+    osLog.log(level: type, "\(title) \(message)")
+
+    let date = Date()
+    let level = Record.Level(from: type)
+    let messages = message.split(whereSeparator: \.isNewline)
+
+    for index in 0..<messages.count {
+      let message = String(messages[index])
+
+      if index != 0 && message.first != " " {
+        Record(date: date, level: level, message: "\(title)  \(message)").save(at: url)
+      } else {
+        Record(date: date, level: level, message: "\(title)\(message)").save(at: url)
+      }
+    }
+  }
+
+  static func clear(at url: URL) {
+    if FileManager.default.fileExists(atPath: url.path) {
+      guard let fileHandle = try? FileHandle(forUpdating: url) else { return }
+
+      defer { fileHandle.closeFile() }
+
+      try? fileHandle.truncate(atOffset: 0)
+    }
+  }
+}
+
+extension Log: CustomStringConvertible {
+  var description: String {
+    records
+      .map {
+        $0.description
+      }
+      .joined(separator: "\n")
+  }
+}
+
+func log(_ type: OSLogType, title: String = "", message: String) {
+  Log.log(type, title: "App: \(title)", message: message, url: Log.appLogURL)
+}

client/platforms/macos/LogController.swift

@@ -0,0 +1,33 @@
+import Foundation
+
+public func swiftUpdateLogData(_ qtString: std.string) -> std.string {
+  let qtLog = Log(String(describing: qtString))
+  var log = qtLog
+
+  if let appLog = Log(at: Log.appLogURL) {
+    appLog.records.forEach {
+      log.records.append($0)
+    }
+  }
+
+  if let neLog = Log(at: Log.neLogURL) {
+    neLog.records.forEach {
+      log.records.append($0)
+    }
+  }
+
+  log.records.sort {
+    $0.date < $1.date
+  }
+
+  return std.string(log.description)
+}
+
+public func swiftDeleteLog() {
+  Log.clear(at: Log.appLogURL)
+  Log.clear(at: Log.neLogURL)
+}
+
+public func toggleLogging(_ isEnabled: Bool) {
+  Log.isLoggingEnabled = isEnabled
+}

client/platforms/macos/LogRecord.swift

@@ -0,0 +1,103 @@
+import Foundation
+import os.log
+
+extension Log {
+  struct Record {
+    let date: Date
+    let level: Level
+    let message: String
+
+    init?(_ str: String) {
+      let dateStr = String(str.prefix(19))
+      guard let date = Log.dateFormatter.date(from: dateStr) else { return nil }
+
+      let str = str.dropFirst(20)
+
+      guard let endIndex = str.firstIndex(of: " ") else { return nil }
+      let levelStr = String(str[str.startIndex..<endIndex])
+      guard let level = Level(rawValue: levelStr) else { return nil }
+
+      let messageStartIndex = str.index(after: endIndex)
+      let message = String(str[messageStartIndex..<str.endIndex])
+
+      self.init(date: date, level: level, message: message)
+    }
+
+    init(date: Date, level: Level, message: String) {
+      self.date = date
+      self.level = level
+      self.message = message
+    }
+
+    func save(at url: URL) {
+      osLog.log(level: level.osLogType, "\(message)")
+
+      guard let data = "\n\(description)".data(using: .utf8) else { return }
+
+      if !FileManager.default.fileExists(atPath: url.path) {
+        guard (try? "".data(using: .utf8)?.write(to: url)) != nil else { return }
+      }
+
+      guard let fileHandle = try? FileHandle(forUpdating: url) else { return }
+
+      defer { fileHandle.closeFile() }
+
+      guard (try? fileHandle.seekToEnd()) != nil else { return }
+      try? fileHandle.write(contentsOf: data)
+    }
+  }
+}
+
+extension Log.Record: CustomStringConvertible {
+  var description: String {
+    "\(Log.dateFormatter.string(from: date)) \(level.rawValue) \(message)"
+  }
+}
+
+extension Log.Record {
+  enum Level: String {
+    case debug
+    case warning
+    case error
+    case critical
+    case fatal
+    case info
+    case system // critical
+
+    init(from osLogType: OSLogType) {
+      switch osLogType {
+      case .default:
+        self = .info
+      case .info:
+        self = .info
+      case .debug:
+        self = .debug
+      case .error:
+        self = .error
+      case .fault:
+        self = .fatal
+      default:
+        self = .info
+      }
+    }
+
+    var osLogType: OSLogType {
+      switch self {
+      case .info:
+        return .info
+      case .debug:
+        return .debug
+      case .error:
+        return .error
+      case .fatal:
+        return .fault
+      case .warning:
+        return .info
+      case .critical:
+        return .fault
+      case .system:
+        return .fault
+      }
+    }
+  }
+}

client/platforms/macos/NELogController.swift

@@ -0,0 +1,22 @@
+import Foundation
+import os.log
+
+public func wg_log(_ type: OSLogType, title: String = "", staticMessage: StaticString) {
+    neLog(type, title: "WG: \(title)", message: "\(staticMessage)")
+}
+
+public func wg_log(_ type: OSLogType, title: String = "", message: String) {
+    neLog(type, title: "WG: \(title)", message: message)
+}
+
+public func ovpnLog(_ type: OSLogType, title: String = "", message: String) {
+    neLog(type, title: "OVPN: \(title)", message: message)
+}
+
+public func xrayLog(_ type: OSLogType, title: String = "", message: String) {
+    neLog(type, title: "XRAY: \(title)", message: message)
+}
+
+public func neLog(_ type: OSLogType, title: String = "", message: String) {
+    Log.log(type, title: "NE: \(title)", message: message)
+}

client/platforms/macos/PacketTunnelProvider+OpenVPN.swift

@@ -0,0 +1,234 @@
+import Foundation
+import NetworkExtension
+import OpenVPNAdapter
+
+struct OpenVPNConfig: Decodable {
+    let config: String
+    let splitTunnelType: Int
+    let splitTunnelSites: [String]
+
+    var str: String {
+        "splitTunnelType: \(splitTunnelType) splitTunnelSites: \(splitTunnelSites) config: \(config)"
+    }
+}
+
+extension PacketTunnelProvider {
+    func startOpenVPN(completionHandler: @escaping (Error?) -> Void) {
+        guard let protocolConfiguration = self.protocolConfiguration as? NETunnelProviderProtocol,
+              let providerConfiguration = protocolConfiguration.providerConfiguration,
+              let openVPNConfigData = providerConfiguration[Constants.ovpnConfigKey] as? Data else {
+            ovpnLog(.error, message: "Can't start")
+            return
+        }
+
+        do {
+            let openVPNConfig = try JSONDecoder().decode(OpenVPNConfig.self, from: openVPNConfigData)
+            ovpnLog(.info, title: "config: ", message: openVPNConfig.str)
+            let ovpnConfiguration = Data(openVPNConfig.config.utf8)
+            setupAndlaunchOpenVPN(withConfig: ovpnConfiguration, completionHandler: completionHandler)
+        } catch {
+            ovpnLog(.error, message: "Can't parse config: \(error.localizedDescription)")
+
+            if let underlyingError = (error as NSError).userInfo[NSUnderlyingErrorKey] as? NSError {
+                ovpnLog(.error, message: "Can't parse config: \(underlyingError.localizedDescription)")
+            }
+
+            return
+        }
+    }
+
+    private func setupAndlaunchOpenVPN(withConfig ovpnConfiguration: Data,
+                                       withShadowSocks viaSS: Bool = false,
+                                       completionHandler: @escaping (Error?) -> Void) {
+        ovpnLog(.info, message: "Setup and launch")
+
+        let str = String(decoding: ovpnConfiguration, as: UTF8.self)
+
+        let configuration = OpenVPNConfiguration()
+        configuration.fileContent = ovpnConfiguration
+        if str.contains("cloak") {
+            configuration.setPTCloak()
+        }
+
+        let evaluation: OpenVPNConfigurationEvaluation?
+        do {
+            ovpnAdapter = OpenVPNAdapter()
+            ovpnAdapter?.delegate = self
+            evaluation = try ovpnAdapter?.apply(configuration: configuration)
+
+        } catch {
+            completionHandler(error)
+            return
+        }
+
+        if evaluation?.autologin == false {
+            ovpnLog(.info, message: "Implement login with user credentials")
+        }
+
+        vpnReachability.startTracking { [weak self] status in
+            guard status == .reachableViaWiFi else { return }
+            self?.ovpnAdapter?.reconnect(afterTimeInterval: 5)
+        }
+
+        startHandler = completionHandler
+        ovpnAdapter?.connect(using: packetFlow)
+    }
+    
+    func handleOpenVPNStatusMessage(_ messageData: Data, completionHandler: ((Data?) -> Void)? = nil) {
+        guard let completionHandler = completionHandler else { return }
+        let bytesin = ovpnAdapter?.transportStatistics.bytesIn
+        let bytesout = ovpnAdapter?.transportStatistics.bytesOut
+
+        guard let bytesin, let bytesout else {
+            completionHandler(nil)
+            return
+        }
+
+        let response: [String: Any] = [
+            "rx_bytes": bytesin,
+            "tx_bytes": bytesout
+        ]
+
+        completionHandler(try? JSONSerialization.data(withJSONObject: response, options: []))
+    }
+
+    func stopOpenVPN(with reason: NEProviderStopReason, completionHandler: @escaping () -> Void) {
+        ovpnLog(.info, message: "Stopping tunnel: reason: \(reason.description)")
+
+        stopHandler = completionHandler
+        if vpnReachability.isTracking {
+            vpnReachability.stopTracking()
+        }
+        ovpnAdapter?.disconnect()
+    }
+}
+
+extension PacketTunnelProvider: OpenVPNAdapterDelegate {
+    // OpenVPNAdapter calls this delegate method to configure a VPN tunnel.
+    // `completionHandler` callback requires an object conforming to `OpenVPNAdapterPacketFlow`
+    // protocol if the tunnel is configured without errors. Otherwise send nil.
+    // `OpenVPNAdapterPacketFlow` method signatures are similar to `NEPacketTunnelFlow` so
+    // you can just extend that class to adopt `OpenVPNAdapterPacketFlow` protocol and
+    // send `self.packetFlow` to `completionHandler` callback.
+    func openVPNAdapter(
+        _ openVPNAdapter: OpenVPNAdapter,
+        configureTunnelWithNetworkSettings networkSettings: NEPacketTunnelNetworkSettings?,
+        completionHandler: @escaping (Error?) -> Void
+    ) {
+        // In order to direct all DNS queries first to the VPN DNS servers before the primary DNS servers
+        // send empty string to NEDNSSettings.matchDomains
+        networkSettings?.dnsSettings?.matchDomains = [""]
+
+        if splitTunnelType == 1 {
+            var ipv4IncludedRoutes = [NEIPv4Route]()
+
+            guard let splitTunnelSites else {
+                completionHandler(NSError(domain: "Split tunnel sited not setted up", code: 0))
+                return
+            }
+
+            for allowedIPString in splitTunnelSites {
+                if let allowedIP = IPAddressRange(from: allowedIPString) {
+                    ipv4IncludedRoutes.append(NEIPv4Route(
+                        destinationAddress: "\(allowedIP.address)",
+                        subnetMask: "\(allowedIP.subnetMask())"))
+                }
+            }
+
+            networkSettings?.ipv4Settings?.includedRoutes = ipv4IncludedRoutes
+        } else {
+            if splitTunnelType == 2 {
+                var ipv4ExcludedRoutes = [NEIPv4Route]()
+                var ipv4IncludedRoutes = [NEIPv4Route]()
+                var ipv6IncludedRoutes = [NEIPv6Route]()
+
+                guard let splitTunnelSites else {
+                    completionHandler(NSError(domain: "Split tunnel sited not setted up", code: 0))
+                    return
+                }
+
+                for excludeIPString in splitTunnelSites {
+                    if let excludeIP = IPAddressRange(from: excludeIPString) {
+                        ipv4ExcludedRoutes.append(NEIPv4Route(
+                            destinationAddress: "\(excludeIP.address)",
+                            subnetMask: "\(excludeIP.subnetMask())"))
+                    }
+                }
+
+                if let allIPv4 = IPAddressRange(from: "0.0.0.0/0") {
+                    ipv4IncludedRoutes.append(NEIPv4Route(
+                        destinationAddress: "\(allIPv4.address)",
+                        subnetMask: "\(allIPv4.subnetMask())"))
+                }
+                if let allIPv6 = IPAddressRange(from: "::/0") {
+                    ipv6IncludedRoutes.append(NEIPv6Route(
+                        destinationAddress: "\(allIPv6.address)",
+                        networkPrefixLength: NSNumber(value: allIPv6.networkPrefixLength)))
+                }
+                networkSettings?.ipv4Settings?.includedRoutes = ipv4IncludedRoutes
+                networkSettings?.ipv6Settings?.includedRoutes = ipv6IncludedRoutes
+                networkSettings?.ipv4Settings?.excludedRoutes = ipv4ExcludedRoutes
+            }
+        }
+
+        // Set the network settings for the current tunneling session.
+        setTunnelNetworkSettings(networkSettings, completionHandler: completionHandler)
+    }
+
+    // Process events returned by the OpenVPN library
+    func openVPNAdapter(
+        _ openVPNAdapter: OpenVPNAdapter,
+        handleEvent event: OpenVPNAdapterEvent,
+        message: String?) {
+            switch event {
+            case .connected:
+                if reasserting {
+                    reasserting = false
+                }
+
+                guard let startHandler = startHandler else { return }
+
+                startHandler(nil)
+                self.startHandler = nil
+            case .disconnected:
+                guard let stopHandler = stopHandler else { return }
+
+                if vpnReachability.isTracking {
+                    vpnReachability.stopTracking()
+                }
+
+                stopHandler()
+                self.stopHandler = nil
+            case .reconnecting:
+                reasserting = true
+            default:
+                break
+            }
+        }
+
+    // Handle errors thrown by the OpenVPN library
+    func openVPNAdapter(_ openVPNAdapter: OpenVPNAdapter, handleError error: Error) {
+        // Handle only fatal errors
+        guard let fatal = (error as NSError).userInfo[OpenVPNAdapterErrorFatalKey] as? Bool,
+              fatal == true else { return }
+
+        if vpnReachability.isTracking {
+            vpnReachability.stopTracking()
+        }
+
+        if let startHandler {
+            startHandler(error)
+            self.startHandler = nil
+        } else {
+            cancelTunnelWithError(error)
+        }
+    }
+
+    // Use this method to process any log message returned by OpenVPN library.
+    func openVPNAdapter(_ openVPNAdapter: OpenVPNAdapter, handleLogMessage logMessage: String) {
+        // Handle log messages
+        ovpnLog(.info, message: logMessage)
+    }
+}
+
+extension NEPacketTunnelFlow: OpenVPNAdapterPacketFlow {}

client/platforms/macos/PacketTunnelProvider+WireGuard.swift

@@ -0,0 +1,187 @@
+import Foundation
+import NetworkExtension
+
+extension PacketTunnelProvider {
+    func startWireguard(activationAttemptId: String?,
+                        errorNotifier: ErrorNotifier,
+                        completionHandler: @escaping (Error?) -> Void) {
+        guard let protocolConfiguration = self.protocolConfiguration as? NETunnelProviderProtocol,
+              let providerConfiguration = protocolConfiguration.providerConfiguration,
+              let wgConfigData: Data = providerConfiguration[Constants.wireGuardConfigKey] as? Data else {
+            wg_log(.error, message: "Can't start, config missing")
+            completionHandler(nil)
+            return
+        }
+
+        do {
+            let wgConfig = try JSONDecoder().decode(WGConfig.self, from: wgConfigData)
+            let wgConfigStr = wgConfig.str
+            wg_log(.info, title: "config: ", message: wgConfig.redux)
+
+            let tunnelConfiguration = try TunnelConfiguration(fromWgQuickConfig: wgConfigStr)
+
+            if tunnelConfiguration.peers.first!.allowedIPs
+                .map({ $0.stringRepresentation })
+                .joined(separator: ", ") == "0.0.0.0/0, ::/0" {
+                if wgConfig.splitTunnelType == 1 {
+                    for index in tunnelConfiguration.peers.indices {
+                        tunnelConfiguration.peers[index].allowedIPs.removeAll()
+                        var allowedIPs = [IPAddressRange]()
+
+                        for allowedIPString in wgConfig.splitTunnelSites {
+                            if let allowedIP = IPAddressRange(from: allowedIPString) {
+                                allowedIPs.append(allowedIP)
+                            }
+                        }
+
+                        tunnelConfiguration.peers[index].allowedIPs = allowedIPs
+                    }
+                } else if wgConfig.splitTunnelType == 2 {
+                    for index in tunnelConfiguration.peers.indices {
+                        var excludeIPs = [IPAddressRange]()
+
+                        for excludeIPString in wgConfig.splitTunnelSites {
+                            if let excludeIP = IPAddressRange(from: excludeIPString) {
+                                excludeIPs.append(excludeIP)
+                            }
+                        }
+
+                        tunnelConfiguration.peers[index].excludeIPs = excludeIPs
+                    }
+                }
+            }
+
+            wg_log(.info, message: "Starting tunnel from the " +
+                   (activationAttemptId == nil ? "OS directly, rather than the app" : "app"))
+
+            // Start the tunnel
+            wgAdapter = WireGuardAdapter(with: self) { logLevel, message in
+                wg_log(logLevel.osLogLevel, message: message)
+            }
+
+            wgAdapter?.start(tunnelConfiguration: tunnelConfiguration) { [weak self] adapterError in
+                guard let adapterError else {
+                    let interfaceName = self?.wgAdapter?.interfaceName ?? "unknown"
+                    wg_log(.info, message: "Tunnel interface is \(interfaceName)")
+                    completionHandler(nil)
+                    return
+                }
+
+                switch adapterError {
+                case .cannotLocateTunnelFileDescriptor:
+                    wg_log(.error, staticMessage: "Starting tunnel failed: could not determine file descriptor")
+                    errorNotifier.notify(PacketTunnelProviderError.couldNotDetermineFileDescriptor)
+                    completionHandler(PacketTunnelProviderError.couldNotDetermineFileDescriptor)
+                case .dnsResolution(let dnsErrors):
+                    let hostnamesWithDnsResolutionFailure = dnsErrors.map { $0.address }
+                        .joined(separator: ", ")
+                    wg_log(.error, message:
+                            "DNS resolution failed for the following hostnames: \(hostnamesWithDnsResolutionFailure)")
+                    errorNotifier.notify(PacketTunnelProviderError.dnsResolutionFailure)
+                    completionHandler(PacketTunnelProviderError.dnsResolutionFailure)
+                case .setNetworkSettings(let error):
+                    wg_log(.error, message:
+                            "Starting tunnel failed with setTunnelNetworkSettings returning \(error.localizedDescription)")
+                    errorNotifier.notify(PacketTunnelProviderError.couldNotSetNetworkSettings)
+                    completionHandler(PacketTunnelProviderError.couldNotSetNetworkSettings)
+                case .startWireGuardBackend(let errorCode):
+                    wg_log(.error, message: "Starting tunnel failed with wgTurnOn returning \(errorCode)")
+                    errorNotifier.notify(PacketTunnelProviderError.couldNotStartBackend)
+                    completionHandler(PacketTunnelProviderError.couldNotStartBackend)
+                case .invalidState:
+                    fatalError()
+                }
+            }
+        } catch {
+            wg_log(.error, message: "Can't parse WG config: \(error.localizedDescription)")
+            completionHandler(nil)
+            return
+        }
+    }
+
+    func handleWireguardStatusMessage(_ messageData: Data, completionHandler: ((Data?) -> Void)? = nil) {
+        guard let completionHandler = completionHandler else { return }
+        wgAdapter?.getRuntimeConfiguration { settings in
+            let components = settings!.components(separatedBy: "\n")
+
+            var settingsDictionary: [String: String] = [:]
+            for component in components {
+                let pair = component.components(separatedBy: "=")
+                if pair.count == 2 {
+                    settingsDictionary[pair[0]] = pair[1]
+                }
+            }
+
+            let response: [String: Any] = [
+                "rx_bytes": settingsDictionary["rx_bytes"] ?? "0",
+                "tx_bytes": settingsDictionary["tx_bytes"] ?? "0"
+            ]
+
+            completionHandler(try? JSONSerialization.data(withJSONObject: response, options: []))
+        }
+    }
+
+    private func handleWireguardAppMessage(_ messageData: Data, completionHandler: ((Data?) -> Void)? = nil) {
+        guard let completionHandler = completionHandler else { return }
+        if messageData.count == 1 && messageData[0] == 0 {
+            wgAdapter?.getRuntimeConfiguration { settings in
+                var data: Data?
+                if let settings {
+                    data = settings.data(using: .utf8)!
+                }
+                completionHandler(data)
+            }
+        } else if messageData.count >= 1 {
+            // Updates the tunnel configuration and responds with the active configuration
+            wg_log(.info, message: "Switching tunnel configuration")
+            guard let configString = String(data: messageData, encoding: .utf8)
+            else {
+                completionHandler(nil)
+                return
+            }
+
+            do {
+                let tunnelConfiguration = try TunnelConfiguration(fromWgQuickConfig: configString)
+                wgAdapter?.update(tunnelConfiguration: tunnelConfiguration) { [weak self] error in
+                    if let error {
+                        wg_log(.error, message: "Failed to switch tunnel configuration: \(error.localizedDescription)")
+                        completionHandler(nil)
+                        return
+                    }
+
+                    self?.wgAdapter?.getRuntimeConfiguration { settings in
+                        var data: Data?
+                        if let settings {
+                            data = settings.data(using: .utf8)!
+                        }
+                        completionHandler(data)
+                    }
+                }
+            } catch {
+                completionHandler(nil)
+            }
+        } else {
+            completionHandler(nil)
+        }
+    }
+
+    func stopWireguard(with reason: NEProviderStopReason, completionHandler: @escaping () -> Void) {
+        wg_log(.info, message: "Stopping tunnel: reason: \(reason.description)")
+
+        wgAdapter?.stop { error in
+            ErrorNotifier.removeLastErrorFile()
+
+            if let error {
+                wg_log(.error, message: "Failed to stop WireGuard adapter: \(error.localizedDescription)")
+            }
+            completionHandler()
+
+#if os(macOS)
+            // HACK: This is a filthy hack to work around Apple bug 32073323 (dup'd by us as 47526107).
+            // Remove it when they finally fix this upstream and the fix has been rolled out to
+            // sufficient quantities of users.
+            exit(0)
+#endif
+        }
+    }
+}

client/platforms/macos/PacketTunnelProvider+Xray.swift

@@ -0,0 +1,166 @@
+import Foundation
+import NetworkExtension
+import WireGuardKitGo
+
+enum XrayErrors: Error {
+    case noXrayConfig
+    case cantSaveXrayConfig
+    case cantParseListenAndPort
+    case cantSaveHevSocksConfig
+}
+
+extension Constants {
+    static let cachesDirectory: URL = {
+        if let cachesDirectoryURL = FileManager.default.urls(for: .cachesDirectory,
+                                                             in: .userDomainMask).first {
+            return cachesDirectoryURL
+        } else {
+            fatalError("Unable to retrieve caches directory.")
+        }
+    }()
+}
+
+extension PacketTunnelProvider {
+    func startXray(completionHandler: @escaping (Error?) -> Void) {
+
+        // Xray configuration
+        guard let protocolConfiguration = self.protocolConfiguration as? NETunnelProviderProtocol,
+              let providerConfiguration = protocolConfiguration.providerConfiguration,
+              let xrayConfigData = providerConfiguration[Constants.xrayConfigKey] as? Data else {
+            xrayLog(.error, message: "Can't get xray configuration")
+            completionHandler(XrayErrors.noXrayConfig)
+            return
+        }
+
+        // Tunnel settings
+        let ipv6Enabled = true
+        let hideVPNIcon = false
+
+        let settings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: "254.1.1.1")
+        settings.mtu = 9000
+
+        settings.ipv4Settings = {
+            let settings = NEIPv4Settings(addresses: ["198.18.0.1"], subnetMasks: ["255.255.0.0"])
+            settings.includedRoutes = [NEIPv4Route.default()]
+            return settings
+        }()
+
+        settings.ipv6Settings = {
+            guard ipv6Enabled else {
+                return nil
+            }
+            let settings = NEIPv6Settings(addresses: ["fd6e:a81b:704f:1211::1"], networkPrefixLengths: [64])
+            settings.includedRoutes = [NEIPv6Route.default()]
+            if hideVPNIcon {
+                settings.excludedRoutes = [NEIPv6Route(destinationAddress: "::", networkPrefixLength: 128)]
+            }
+            return settings
+        }()
+
+        let dns = ["8.8.4.4","1.1.1.1"]
+        settings.dnsSettings = NEDNSSettings(servers: dns)
+
+        do {
+            let port = 10808
+            let address = "::1"
+
+            let jsonDict = try JSONSerialization.jsonObject(with: xrayConfigData,
+                                                            options: []) as? [String: Any]
+
+            guard var jsonDict else {
+                xrayLog(.error, message: "Can't parse address and port for hevSocks")
+                completionHandler(XrayErrors.cantParseListenAndPort)
+                return
+            }
+
+            if var inboundsArray = jsonDict["inbounds"] as? [[String: Any]], !inboundsArray.isEmpty {
+                inboundsArray[0]["port"] = port
+                inboundsArray[0]["listen"] = address
+                jsonDict["inbounds"] = inboundsArray
+            }
+
+            let updatedData = try JSONSerialization.data(withJSONObject: jsonDict, options: [])
+
+            setTunnelNetworkSettings(settings) { [weak self] error in
+                if let error {
+                    completionHandler(error)
+                    return
+                }
+
+                // Launch xray
+                self?.setupAndStartXray(configData: updatedData) { xrayError in
+                    if let xrayError {
+                        completionHandler(xrayError)
+                        return
+                    }
+
+                    // Launch hevSocks
+                    self?.setupAndRunTun2socks(configData: updatedData,
+                                               address: address,
+                                               port: port,
+                                               completionHandler: completionHandler)
+                }
+            }
+        } catch {
+            completionHandler(error)
+            return
+        }
+    }
+
+    func stopXray(completionHandler: () -> Void) {
+        Socks5Tunnel.quit()
+        LibXrayStopXray()
+        completionHandler()
+    }
+
+    private func setupAndStartXray(configData: Data,
+                                   completionHandler: @escaping (Error?) -> Void) {
+        let path = Constants.cachesDirectory.appendingPathComponent("config.json", isDirectory: false).path
+        guard FileManager.default.createFile(atPath: path, contents: configData) else {
+            xrayLog(.error, message: "Can't save xray configuration")
+            completionHandler(XrayErrors.cantSaveXrayConfig)
+            return
+        }
+
+        LibXrayRunXray(nil,
+                       path,
+                       Int64.max)
+
+        completionHandler(nil)
+        xrayLog(.info, message: "Xray started")
+    }
+
+    private func setupAndRunTun2socks(configData: Data,
+                                      address: String,
+                                      port: Int,
+                                      completionHandler: @escaping (Error?) -> Void) {
+        let config = """
+        tunnel:
+          mtu: 9000
+        socks5:
+          port: \(port)
+          address: \(address)
+          udp: 'udp'
+        misc:
+          task-stack-size: 20480
+          connect-timeout: 5000
+          read-write-timeout: 60000
+          log-file: stderr
+          log-level: error
+          limit-nofile: 65535
+        """
+
+        let configurationFilePath = Constants.cachesDirectory.appendingPathComponent("config.yml", isDirectory: false).path
+        guard FileManager.default.createFile(atPath: configurationFilePath, contents: config.data(using: .utf8)!) else {
+            xrayLog(.info, message: "Cant save hevSocks configuration")
+            completionHandler(XrayErrors.cantSaveHevSocksConfig)
+            return
+        }
+
+        DispatchQueue.global().async {
+            xrayLog(.info, message: "Hev socks started")
+            completionHandler(nil)
+            Socks5Tunnel.run(withConfig: configurationFilePath)
+        }
+    }
+}

client/platforms/macos/PacketTunnelProvider.swift

@@ -0,0 +1,234 @@
+import Foundation
+import NetworkExtension
+import os
+import Darwin
+import OpenVPNAdapter
+
+enum TunnelProtoType: String {
+  case wireguard, openvpn, xray
+
+}
+
+struct Constants {
+  static let kDefaultPathKey = "defaultPath"
+  static let processQueueName = "org.amnezia.process-packets"
+  static let kActivationAttemptId = "activationAttemptId"
+  static let ovpnConfigKey = "ovpn"
+  static let xrayConfigKey = "xray"
+  static let wireGuardConfigKey = "wireguard"
+  static let loggerTag = "NET"
+  
+  static let kActionStart = "start"
+  static let kActionRestart = "restart"
+  static let kActionStop = "stop"
+  static let kActionGetTunnelId = "getTunnelId"
+  static let kActionStatus = "status"
+  static let kActionIsServerReachable = "isServerReachable"
+  static let kMessageKeyAction = "action"
+  static let kMessageKeyTunnelId = "tunnelId"
+  static let kMessageKeyConfig = "config"
+  static let kMessageKeyErrorCode = "errorCode"
+  static let kMessageKeyHost = "host"
+  static let kMessageKeyPort = "port"
+  static let kMessageKeyOnDemand = "is-on-demand"
+  static let kMessageKeySplitTunnelType = "SplitTunnelType"
+  static let kMessageKeySplitTunnelSites = "SplitTunnelSites"
+}
+
+class PacketTunnelProvider: NEPacketTunnelProvider {
+    var wgAdapter: WireGuardAdapter?
+    var ovpnAdapter: OpenVPNAdapter?
+
+    var splitTunnelType: Int?
+    var splitTunnelSites: [String]?
+
+    let vpnReachability = OpenVPNReachability()
+
+    var startHandler: ((Error?) -> Void)?
+    var stopHandler: (() -> Void)?
+    var protoType: TunnelProtoType?
+
+  override func handleAppMessage(_ messageData: Data, completionHandler: ((Data?) -> Void)? = nil) {
+      guard let message = String(data: messageData, encoding: .utf8) else {
+          if let completionHandler {
+              completionHandler(nil)
+          }
+          return
+      }
+
+      neLog(.info, title: "App said: ", message: message)
+
+      guard let message = try? JSONSerialization.jsonObject(with: messageData, options: []) as? [String: Any] else {
+          neLog(.error, message: "Failed to serialize message from app")
+          return
+      }
+
+      guard let completionHandler else {
+          neLog(.error, message: "Missing message completion handler")
+          return
+      }
+
+      guard let action = message[Constants.kMessageKeyAction] as? String else {
+          neLog(.error, message: "Missing action key in app message")
+          completionHandler(nil)
+          return
+      }
+
+      if action == Constants.kActionStatus {
+          handleStatusAppMessage(messageData,
+                                 completionHandler: completionHandler)
+      }
+  }
+
+    override func startTunnel(options: [String : NSObject]? = nil,
+                              completionHandler: @escaping ((any Error)?) -> Void) {
+        let activationAttemptId = options?[Constants.kActivationAttemptId] as? String
+        let errorNotifier = ErrorNotifier(activationAttemptId: activationAttemptId)
+
+        neLog(.info, message: "Start tunnel")
+
+        if let protocolConfiguration = protocolConfiguration as? NETunnelProviderProtocol {
+            let providerConfiguration = protocolConfiguration.providerConfiguration
+            if (providerConfiguration?[Constants.ovpnConfigKey] as? Data) != nil {
+                protoType = .openvpn
+            } else if (providerConfiguration?[Constants.wireGuardConfigKey] as? Data) != nil {
+                protoType = .wireguard
+            } else if (providerConfiguration?[Constants.xrayConfigKey] as? Data) != nil {
+                protoType = .xray
+            }
+        }
+
+        guard let protoType else {
+            let error = NSError(domain: "Protocol is not selected", code: 0)
+            completionHandler(error)
+            return
+        }
+
+        switch protoType {
+        case .wireguard:
+            startWireguard(activationAttemptId: activationAttemptId,
+                           errorNotifier: errorNotifier,
+                           completionHandler: completionHandler)
+        case .openvpn:
+            startOpenVPN(completionHandler: completionHandler)
+        case .xray:
+            startXray(completionHandler: completionHandler)
+
+        }
+    }
+
+  
+    override func stopTunnel(with reason: NEProviderStopReason, completionHandler: @escaping () -> Void) {
+        guard let protoType else {
+            completionHandler()
+            return
+        }
+
+        switch protoType {
+        case .wireguard:
+            stopWireguard(with: reason,
+                          completionHandler: completionHandler)
+        case .openvpn:
+            stopOpenVPN(with: reason,
+                        completionHandler: completionHandler)
+        case .xray:
+            stopXray(completionHandler: completionHandler)
+        }
+    }
+  
+    func handleStatusAppMessage(_ messageData: Data, completionHandler: ((Data?) -> Void)? = nil) {
+        guard let protoType else {
+            completionHandler?(nil)
+            return
+        }
+
+        switch protoType {
+        case .wireguard:
+            handleWireguardStatusMessage(messageData, completionHandler: completionHandler)
+        case .openvpn:
+            handleOpenVPNStatusMessage(messageData, completionHandler: completionHandler)
+        case .xray:
+            break;
+        }
+    }
+  
+    // MARK: Network observing methods
+    override func observeValue(forKeyPath keyPath: String?,
+                               of object: Any?,
+                               change: [NSKeyValueChangeKey: Any]?,
+                               context: UnsafeMutableRawPointer?) {
+        guard Constants.kDefaultPathKey != keyPath else { return }
+        // Since iOS 11, we have observed that this KVO event fires repeatedly when connecting over Wifi,
+        // even though the underlying network has not changed (i.e. `isEqualToPath` returns false),
+        // leading to "wakeup crashes" due to excessive network activity. Guard against false positives by
+        // comparing the paths' string description, which includes properties not exposed by the class
+        guard let lastPath: NWPath = change?[.oldKey] as? NWPath,
+              let defPath = defaultPath,
+              lastPath != defPath || lastPath.description != defPath.description else {
+            return
+        }
+        DispatchQueue.main.async { [weak self] in
+            guard let self, self.defaultPath != nil else { return }
+            self.handle(networkChange: self.defaultPath!) { _ in }
+        }
+    }
+  
+    private func handle(networkChange changePath: NWPath, completion: @escaping (Error?) -> Void) {
+        wg_log(.info, message: "Tunnel restarted.")
+        startTunnel(options: nil, completionHandler: completion)
+    }
+}
+
+extension WireGuardLogLevel {
+  var osLogLevel: OSLogType {
+    switch self {
+    case .verbose:
+      return .debug
+    case .error:
+      return .error
+    }
+  }
+}
+
+extension NEProviderStopReason: CustomStringConvertible {
+  public var description: String {
+    switch self {
+    case .none:
+      return "No specific reason"
+    case .userInitiated:
+      return "The user stopped the NE"
+    case .providerFailed:
+      return "The NE failed to function correctly"
+    case .noNetworkAvailable:
+      return "No network connectivity is currently available"
+    case .unrecoverableNetworkChange:
+      return "The device’s network connectivity changed"
+    case .providerDisabled:
+      return "The NE was disabled"
+    case .authenticationCanceled:
+      return "The authentication process was canceled"
+    case .configurationFailed:
+      return "The VPNC is invalid"
+    case .idleTimeout:
+      return "The session timed out"
+    case .configurationDisabled:
+      return "The VPNC was disabled"
+    case .configurationRemoved:
+      return "The VPNC was removed"
+    case .superceded:
+      return "VPNC was superceded by a higher-priority VPNC"
+    case .userLogout:
+      return "The user logged out"
+    case .userSwitch:
+      return "The current console user changed"
+    case .connectionFailed:
+      return "The connection failed"
+    case .sleep:
+      return "A stop reason indicating the VPNC enabled disconnect on sleep and the device went to sleep"
+    case .appUpdate:
+      return "appUpdat"
+    @unknown default:
+      return "@unknown default"
+    }
+  }
+}

client/platforms/macos/QRCodeReaderBase.cpp

@@ -0,0 +1,14 @@
+#include "QRCodeReaderBase.h"
+
+QRCodeReader::QRCodeReader()
+{
+
+}
+
+QRect QRCodeReader::cameraSize() {
+    return QRect();
+}
+
+void QRCodeReader::startReading() {}
+void QRCodeReader::stopReading() {}
+void QRCodeReader::setCameraSize(QRect) {}

client/platforms/macos/QRCodeReaderBase.h

@@ -0,0 +1,20 @@
+#ifndef QRCODEREADERBASE_H
+#define QRCODEREADERBASE_H
+
+#include <QObject>
+#include <QRect>
+
+class QRCodeReader: public QObject {
+    Q_OBJECT
+
+public:
+
+signals:
+    void codeReaded(QString code);
+    
+private:
+    void* m_qrCodeReader;
+    QRect m_cameraSize;
+};
+
+#endif // QRCODEREADERBASE_H

client/platforms/macos/QRCodeReaderBase.mm

@@ -0,0 +1,110 @@
+#include "QRCodeReaderBase.h"
+
+//#import <UIKit/UIKit.h>
+#import <AVFoundation/AVFoundation.h>
+
+//@interface QRCodeReaderImpl : UIViewController
+//@end
+
+/*@interface QRCodeReaderImpl () <AVCaptureMetadataOutputObjectsDelegate>
+@property (nonatomic) QRCodeReader* qrCodeReader;
+@property (nonatomic, strong) AVCaptureSession *captureSession;
+@property (nonatomic, strong) AVCaptureVideoPreviewLayer *videoPreviewPlayer;
+@end
+
+
+@implementation QRCodeReaderImpl
+
+//- (void)viewDidLoad {
+//    [super viewDidLoad];
+
+//    _captureSession = nil;
+//}
+
+//- (void)setQrCodeReader: (QRCodeReader*)value {
+//    _qrCodeReader = value;
+//}
+
+- (BOOL)startReading {
+    NSError *error;
+
+    AVCaptureDevice *captureDevice = [AVCaptureDevice defaultDeviceWithMediaType: AVMediaTypeVideo];
+    AVCaptureDeviceInput *deviceInput = [AVCaptureDeviceInput deviceInputWithDevice: captureDevice error: &error];
+
+    if(!deviceInput) {
+        NSLog(@"Error %@", error.localizedDescription);
+        return NO;
+    }
+
+    _captureSession = [[AVCaptureSession alloc]init];
+    [_captureSession addInput:deviceInput];
+
+    AVCaptureMetadataOutput *capturedMetadataOutput = [[AVCaptureMetadataOutput alloc] init];
+    [_captureSession addOutput:capturedMetadataOutput];
+
+    dispatch_queue_t dispatchQueue;
+    dispatchQueue = dispatch_queue_create("myQueue", NULL);
+    [capturedMetadataOutput setMetadataObjectsDelegate: self queue: dispatchQueue];
+    [capturedMetadataOutput setMetadataObjectTypes: [NSArray arrayWithObject:AVMetadataObjectTypeQRCode]];
+
+    _videoPreviewPlayer = [[AVCaptureVideoPreviewLayer alloc] initWithSession: _captureSession];
+    
+    //CGFloat statusBarHeight = [UIApplication sharedApplication].statusBarFrame.size.height;
+
+    QRect cameraRect = _qrCodeReader->cameraSize();
+    CGRect cameraCGRect = CGRectMake(cameraRect.x(),
+                                     cameraRect.y() + statusBarHeight,
+                                     cameraRect.width(),
+                                     cameraRect.height());
+
+    [_videoPreviewPlayer setVideoGravity: AVLayerVideoGravityResizeAspectFill];
+    [_videoPreviewPlayer setFrame: cameraCGRect];
+
+   // CALayer* layer = [UIApplication sharedApplication].keyWindow.layer;
+    [layer addSublayer: _videoPreviewPlayer];
+
+    [_captureSession startRunning];
+
+    return YES;
+}
+
+- (void)stopReading {
+    [_captureSession stopRunning];
+    _captureSession = nil;
+
+    [_videoPreviewPlayer removeFromSuperlayer];
+}
+
+- (void)captureOutput:(AVCaptureOutput *)output didOutputMetadataObjects:(NSArray<__kindof AVMetadataObject *> *)metadataObjects fromConnection:(AVCaptureConnection *)connection {
+
+    if (metadataObjects != nil && metadataObjects.count > 0) {
+        AVMetadataMachineReadableCodeObject *metadataObject = [metadataObjects objectAtIndex:0];
+
+        if ([[metadataObject type] isEqualToString: AVMetadataObjectTypeQRCode]) {
+            _qrCodeReader->emit codeReaded([metadataObject stringValue].UTF8String);
+        }
+    }
+}
+
+@end
+
+QRCodeReader::QRCodeReader() {
+    m_qrCodeReader = [[QRCodeReaderImpl alloc] init];
+    [m_qrCodeReader setQrCodeReader: this];
+}
+
+QRect QRCodeReader::cameraSize() {
+    return m_cameraSize;
+}
+
+void QRCodeReader::setCameraSize(QRect value) {
+    m_cameraSize = value;
+}
+
+void QRCodeReader::startReading() {
+    [m_qrCodeReader startReading];
+}
+
+void QRCodeReader::stopReading() {
+    [m_qrCodeReader stopReading];
+}*/

client/platforms/macos/QtAppDelegate-C-Interface.h

@@ -0,0 +1,6 @@
+#ifndef QTAPPDELEGATECINTERFACE_H
+#define QTAPPDELEGATECINTERFACE_H
+
+void QtAppDelegateInitialize();
+
+#endif // QTAPPDELEGATECINTERFACE_H

client/platforms/macos/QtAppDelegate.h

@@ -0,0 +1,7 @@
+//#import <UIKit/UIKit.h>
+
+@interface QIOSApplicationDelegate
+@end
+
+@interface QIOSApplicationDelegate (AmneziaVPNDelegate)
+@end

client/platforms/macos/QtAppDelegate.mm

@@ -0,0 +1,61 @@
+#import "QtAppDelegate.h"
+#import "ios_controller.h"
+
+#include <QFile>
+
+
+@implementation QIOSApplicationDelegate (AmneziaVPNDelegate)
+
+/*- (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions
+{
+    [application setMinimumBackgroundFetchInterval: UIApplicationBackgroundFetchIntervalMinimum];
+    // Override point for customization after application launch.
+    NSLog(@"Application didFinishLaunchingWithOptions");
+    return YES;
+}
+
+- (void)applicationDidEnterBackground:(UIApplication *)application
+{
+    // Use this method to release shared resources, save user data, invalidate timers, and store enough application state information to restore your application to its current state in case it is terminated later.
+    // If your application supports background execution, this method is called instead of applicationWillTerminate: when the user quits.
+    NSLog(@"In the background");
+}
+
+- (void)applicationWillEnterForeground:(UIApplication *)application
+{
+    // Called as part of the transition from the background to the inactive state; here you can undo many of the changes made on entering the background.
+    NSLog(@"In the foreground");
+}
+
+-(void)application:(UIApplication *)application performFetchWithCompletionHandler:(void (^)(UIBackgroundFetchResult))completionHandler {
+    // We will add content here soon.
+    NSLog(@"In the completionHandler");
+}
+
+- (BOOL)application:(UIApplication *)app
+            openURL:(NSURL *)url
+            options:(NSDictionary<UIApplicationOpenURLOptionsKey, id> *)options {
+    if (url.fileURL) {
+        QString filePath(url.path.UTF8String);
+        if (filePath.isEmpty()) return NO;
+
+        dispatch_after(dispatch_time(DISPATCH_TIME_NOW, 1 * NSEC_PER_SEC), dispatch_get_main_queue(), ^{
+            NSLog(@"Application openURL: %@", url);
+
+            if (filePath.contains("backup")) {
+                IosController::Instance()->importBackupFromOutside(filePath);
+            } else {
+                QFile file(filePath);
+                bool isOpenFile = file.open(QIODevice::ReadOnly);
+                QByteArray data = file.readAll();
+
+                IosController::Instance()->importConfigFromOutside(QString(data));
+            }
+        });
+
+        return YES;
+    }
+    return NO;
+}*/
+
+@end

client/platforms/macos/ScreenProtection.swift

@@ -0,0 +1,10 @@
+//import UIKit
+
+public func toggleScreenshots(_ isEnabled: Bool) {
+  
+}
+
+class ScreenProtection {
+
+
+}

client/platforms/macos/VPNCController.swift

@@ -0,0 +1,50 @@
+import Foundation
+import NetworkExtension
+
+public func removeVPNC(_ vpncName: std.string) {
+  let vpncName = String(describing: vpncName)
+
+  Task {
+    await getManagers()?.first { manager in
+      if let name = manager.localizedDescription, name == vpncName {
+        Task {
+          await remove(manager)
+        }
+
+        return true
+      } else {
+        return false
+      }
+    }
+  }
+}
+
+public func clearSettings() {
+  Task {
+    await getManagers()?.forEach { manager in
+      Task {
+        await remove(manager)
+      }
+    }
+  }
+}
+
+func getManagers() async -> [NETunnelProviderManager]? {
+  do {
+    return try await NETunnelProviderManager.loadAllFromPreferences()
+  } catch {
+    log(.error, title: "VPNC: ", message: "loadAllFromPreferences error: \(error.localizedDescription)")
+    return nil
+  }
+}
+
+func remove(_ manager: NETunnelProviderManager) async {
+  let vpncName = manager.localizedDescription ?? "Unknown"
+  do {
+    try await manager.removeFromPreferences()
+    try await manager.loadFromPreferences()
+    log(.info, title: "VPNC: ", message: "Remove \(vpncName)")
+  } catch {
+    log(.error, title: "VPNC: ", message: "Failed to remove \(vpncName) (\(error.localizedDescription))")
+  }
+}

client/platforms/macos/WGConfig.swift

@@ -0,0 +1,94 @@
+import Foundation
+
+struct WGConfig: Decodable {
+  let initPacketMagicHeader, responsePacketMagicHeader: String?
+  let underloadPacketMagicHeader, transportPacketMagicHeader: String?
+  let junkPacketCount, junkPacketMinSize, junkPacketMaxSize: String?
+  let initPacketJunkSize, responsePacketJunkSize: String?
+  let dns1: String
+  let dns2: String
+  let mtu: String
+  let hostName: String
+  let port: Int
+  let clientIP: String
+  let clientPrivateKey: String
+  let serverPublicKey: String
+  let presharedKey: String?
+  var allowedIPs: [String]
+  var persistentKeepAlive: String
+  let splitTunnelType: Int
+  let splitTunnelSites: [String]
+
+  enum CodingKeys: String, CodingKey {
+    case initPacketMagicHeader = "H1", responsePacketMagicHeader = "H2"
+    case underloadPacketMagicHeader = "H3", transportPacketMagicHeader = "H4"
+    case junkPacketCount = "Jc", junkPacketMinSize = "Jmin", junkPacketMaxSize = "Jmax"
+    case initPacketJunkSize = "S1", responsePacketJunkSize = "S2"
+    case dns1
+    case dns2
+    case mtu
+    case hostName
+    case port
+    case clientIP = "client_ip"
+    case clientPrivateKey = "client_priv_key"
+    case serverPublicKey = "server_pub_key"
+    case presharedKey = "psk_key"
+    case allowedIPs = "allowed_ips"
+    case persistentKeepAlive = "persistent_keep_alive"
+    case splitTunnelType
+    case splitTunnelSites
+  }
+
+  var settings: String {
+    junkPacketCount == nil ? "" :
+    """
+    Jc = \(junkPacketCount!)
+    Jmin = \(junkPacketMinSize!)
+    Jmax = \(junkPacketMaxSize!)
+    S1 = \(initPacketJunkSize!)
+    S2 = \(responsePacketJunkSize!)
+    H1 = \(initPacketMagicHeader!)
+    H2 = \(responsePacketMagicHeader!)
+    H3 = \(underloadPacketMagicHeader!)
+    H4 = \(transportPacketMagicHeader!)
+
+    """
+  }
+
+  var str: String {
+    """
+    [Interface]
+    Address = \(clientIP)
+    DNS = \(dns1), \(dns2)
+    MTU = \(mtu)
+    PrivateKey = \(clientPrivateKey)
+    \(settings)
+    [Peer]
+    PublicKey = \(serverPublicKey)
+    \(presharedKey == nil ? "" : "PresharedKey = \(presharedKey!)")
+    AllowedIPs = \(allowedIPs.joined(separator: ", "))
+    Endpoint = \(hostName):\(port)
+    PersistentKeepalive = \(persistentKeepAlive)
+    """
+  }
+
+  var redux: String {
+    """
+    [Interface]
+    Address = \(clientIP)
+    DNS = \(dns1), \(dns2)
+    MTU = \(mtu)
+    PrivateKey = ***
+    \(settings)
+    [Peer]
+    PublicKey = ***
+    PresharedKey = ***
+    AllowedIPs = \(allowedIPs.joined(separator: ", "))
+    Endpoint = \(hostName):\(port)
+    PersistentKeepalive = \(persistentKeepAlive)
+
+    SplitTunnelType = \(splitTunnelType)
+    SplitTunnelSites = \(splitTunnelSites.joined(separator: ", "))
+    """
+  }
+}

client/platforms/macos/WireGuard-Bridging-Header.h

@@ -0,0 +1,28 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "3rd/amneziawg-apple/Sources/WireGuardKitC/WireGuardKitC.h"
+
+#include <stdbool.h>
+#include <stdint.h>
+
+#define WG_KEY_LEN (32)
+#define WG_KEY_LEN_BASE64 (45)
+#define WG_KEY_LEN_HEX (65)
+
+void key_to_base64(char base64[WG_KEY_LEN_BASE64],
+                   const uint8_t key[WG_KEY_LEN]);
+bool key_from_base64(uint8_t key[WG_KEY_LEN], const char* base64);
+
+void key_to_hex(char hex[WG_KEY_LEN_HEX], const uint8_t key[WG_KEY_LEN]);
+bool key_from_hex(uint8_t key[WG_KEY_LEN], const char* hex);
+
+bool key_eq(const uint8_t key1[WG_KEY_LEN], const uint8_t key2[WG_KEY_LEN]);
+
+void write_msg_to_log(const char* tag, const char* msg);
+
+#import "TargetConditionals.h"
+#if TARGET_OS_OSX
+#  include <libproc.h>
+#endif