buildfix and naming

* feature: retrieving support info from gateway

* feature: added "external-premium" service-type

* chore: fixed external premium visability

.github/workflows/deploy.yml

@@ -10,7 +10,7 @@ env:
 
 jobs:
   Build-Linux-Ubuntu:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
 
     env:
       QT_VERSION: 6.6.2
@@ -190,7 +190,7 @@ jobs:
     - name: 'Install go'
       uses: actions/setup-go@v5
       with:
-        go-version: '1.22.1'
+        go-version: '1.24'
         cache: false
 
     - name: 'Setup gomobile'

.github/workflows/tag-upload.yml

@@ -1,64 +1,41 @@
 name: 'Upload a new version'
 
 on:
-  push:
-    tags:
-    - '[0-9]+.[0-9]+.[0-9]+.[0-9]+'
+  workflow_dispatch:
+    inputs:
+      RELEASE_VERSION:
+        description: 'Release version (e.g. 1.2.3.4)'
+        required: true
+        type: string
 
 jobs:
-  upload:
+  Upload-S3:
     runs-on: ubuntu-latest
-    name: upload
     steps:
-      - name: Checkout CMakeLists.txt
+      - name: Checkout
         uses: actions/checkout@v4
         with:
-          ref: ${{ github.ref_name }}
+          ref: ${{ inputs.RELEASE_VERSION }}
           sparse-checkout: |
             CMakeLists.txt
+            deploy/deploy_s3.sh
           sparse-checkout-cone-mode: false
 
       - name: Verify git tag
         run: |
-          GIT_TAG=${{ github.ref_name }}
+          TAG_NAME=${{ inputs.RELEASE_VERSION }}
           CMAKE_TAG=$(grep 'project.*VERSION' CMakeLists.txt | sed -E 's/.* ([0-9]+.[0-9]+.[0-9]+.[0-9]+)$/\1/')
-
-          if [[ "$GIT_TAG" == "$CMAKE_TAG" ]]; then
-            echo "Git tag ($GIT_TAG) and version in CMakeLists.txt ($CMAKE_TAG) are the same. Continuing..."
+          if [[ "$TAG_NAME" == "$CMAKE_TAG" ]]; then
+            echo "Git tag ($TAG_NAME) matches CMakeLists.txt version ($CMAKE_TAG)."
           else
-            echo "Git tag ($GIT_TAG) and version in CMakeLists.txt ($CMAKE_TAG) are not the same! Cancelling..."
+            echo "::error::Mismatch: Git tag ($TAG_NAME) != CMakeLists.txt version ($CMAKE_TAG). Exiting with error..."
             exit 1
           fi
 
-      - name: Download artifacts from the "${{ github.ref_name }}" tag
-        uses: robinraju/release-downloader@v1.8
+      - name: Setup Rclone
+        uses: AnimMouse/setup-rclone@v1
         with:
-          tag: ${{ github.ref_name }}
-          fileName: "AmneziaVPN_(Linux_|)${{ github.ref_name }}*"
-          out-file-path: ${{ github.ref_name }}
+          rclone_config: ${{ secrets.RCLONE_CONFIG }}
 
-      - name: Upload beta version
-        uses: jakejarvis/s3-sync-action@master
-        if: contains(github.event.base_ref, 'dev')
-        with:
-          args: --include "AmneziaVPN*" --delete
-        env:
-          AWS_S3_BUCKET: updates
-          AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_SECRET_ACCESS_KEY }}
-          AWS_S3_ENDPOINT: https://${{ vars.CF_ACCOUNT_ID }}.r2.cloudflarestorage.com
-          SOURCE_DIR: ${{ github.ref_name }}
-          DEST_DIR: beta/${{ github.ref_name }}
-
-      - name: Upload stable version
-        uses: jakejarvis/s3-sync-action@master
-        if: contains(github.event.base_ref, 'master')
-        with:
-          args: --include "AmneziaVPN*" --delete
-        env:
-          AWS_S3_BUCKET: updates
-          AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_SECRET_ACCESS_KEY }}
-          AWS_S3_ENDPOINT: https://${{ vars.CF_ACCOUNT_ID }}.r2.cloudflarestorage.com
-          SOURCE_DIR: ${{ github.ref_name }}
-          DEST_DIR: stable/${{ github.ref_name }}
+      - name: Send dist to S3
+        run: bash deploy/deploy_s3.sh ${{ inputs.RELEASE_VERSION }}

CMakeLists.txt

@@ -2,7 +2,7 @@ cmake_minimum_required(VERSION 3.25.0 FATAL_ERROR)
 
 set(PROJECT AmneziaVPN)
 
-project(${PROJECT} VERSION 4.8.4.3
+project(${PROJECT} VERSION 4.8.6.0
         DESCRIPTION "AmneziaVPN"
         HOMEPAGE_URL "https://amnezia.org/"
 )
@@ -11,7 +11,7 @@ string(TIMESTAMP CURRENT_DATE "%Y-%m-%d")
 set(RELEASE_DATE "${CURRENT_DATE}")
 
 set(APP_MAJOR_VERSION ${CMAKE_PROJECT_VERSION_MAJOR}.${CMAKE_PROJECT_VERSION_MINOR}.${CMAKE_PROJECT_VERSION_PATCH})
-set(APP_ANDROID_VERSION_CODE 2080)
+set(APP_ANDROID_VERSION_CODE 2083)
 
 if(${CMAKE_SYSTEM_NAME} STREQUAL "Linux")
     set(MZ_PLATFORM_NAME "linux")

README_RU.md

@@ -6,11 +6,11 @@
 [![Gitpod ready-to-code](https://img.shields.io/badge/Gitpod-ready--to--code-blue?logo=gitpod)](https://gitpod.io/#https://github.com/amnezia-vpn/amnezia-client)
 
 ### [English](https://github.com/amnezia-vpn/amnezia-client/blob/dev/README.md) | Русский
-[AmneziaVPN](https://amnezia.org) — это open sourse VPN-клиент, ключевая особенность которого заключается в возможности развернуть собственный VPN на вашем сервере.
+[AmneziaVPN](https://amnezia.org) — это open source VPN-клиент, ключевая особенность которого заключается в возможности развернуть собственный VPN на вашем сервере.
 
 [![Image](https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/uipic4.png)](https://amnezia.org)
 
-### [Сайт](https://amnezia.org) | [Зеркало на сайт](https://storage.googleapis.com/amnezia/amnezia.org) | [Документация](https://docs.amnezia.org) | [Решение проблем](https://docs.amnezia.org/troubleshooting)
+### [Сайт](https://amnezia.org) | [Зеркало сайта](https://storage.googleapis.com/amnezia/amnezia.org) | [Документация](https://docs.amnezia.org) | [Решение проблем](https://docs.amnezia.org/troubleshooting)
 
 > [!TIP]
 > Если [сайт Amnezia](https://amnezia.org) заблокирован в вашем регионе, вы можете воспользоваться [ссылкой на зеркало](https://storage.googleapis.com/amnezia/amnezia.org).
@@ -30,7 +30,7 @@
 - Классические VPN-протоколы: OpenVPN, WireGuard и IKEv2.
 - Протоколы с маскировкой трафика (обфускацией): OpenVPN с плагином [Cloak](https://github.com/cbeuw/Cloak), Shadowsocks (OpenVPN over Shadowsocks), [AmneziaWG](https://docs.amnezia.org/documentation/amnezia-wg/) and XRay.
 - Поддержка Split Tunneling — добавляйте любые сайты или приложения в список, чтобы включить VPN только для них.
-- Поддерживает платформы: Windows, MacOS, Linux, Android, iOS.
+- Поддерживает платформы: Windows, macOS, Linux, Android, iOS.
 - Поддержка конфигурации протокола AmneziaWG на [бета-прошивке Keenetic](https://docs.keenetic.com/ua/air/kn-1611/en/6319-latest-development-release.html#UUID-186c4108-5afd-c10b-f38a-cdff6c17fab3_section-idm33192196168192-improved).
 
 ## Ссылки
@@ -38,10 +38,10 @@
 - [https://amnezia.org](https://amnezia.org) - Веб-сайт проекта | [Альтернативная ссылка (зеркало)](https://storage.googleapis.com/kldscp/amnezia.org)
 - [https://docs.amnezia.org](https://docs.amnezia.org) - Документация
 - [https://www.reddit.com/r/AmneziaVPN](https://www.reddit.com/r/AmneziaVPN) - Reddit  
-- [https://t.me/amnezia_vpn_en](https://t.me/amnezia_vpn_en) - Канал поддржки в Telegram (Английский)
-- [https://t.me/amnezia_vpn_ir](https://t.me/amnezia_vpn_ir) - Канал поддржки в Telegram (Фарси)
-- [https://t.me/amnezia_vpn_mm](https://t.me/amnezia_vpn_mm) - Канал поддржки в Telegram (Мьянма) 
-- [https://t.me/amnezia_vpn](https://t.me/amnezia_vpn) - Канал поддржки в Telegram  (Русский)
+- [https://t.me/amnezia_vpn_en](https://t.me/amnezia_vpn_en) - Канал поддержки в Telegram (Английский)
+- [https://t.me/amnezia_vpn_ir](https://t.me/amnezia_vpn_ir) - Канал поддержки в Telegram (Фарси)
+- [https://t.me/amnezia_vpn_mm](https://t.me/amnezia_vpn_mm) - Канал поддержки в Telegram (Мьянма) 
+- [https://t.me/amnezia_vpn](https://t.me/amnezia_vpn) - Канал поддержки в Telegram  (Русский)
 - [https://vpnpay.io/en/amnezia-premium/](https://vpnpay.io/en/amnezia-premium/) - Amnezia Premium | [Зеркало](https://storage.googleapis.com/kldscp/vpnpay.io/ru/amnezia-premium\)
 
 ## Технологии
@@ -80,8 +80,8 @@ git submodule update --init --recursive
 Проверьте папку deploy для скриптов сборки.
 
 ### Как собрать iOS-приложение из исходного кода на MacOS
-1. Убедитесь, что у вас установлен XCode версии 14 или выше.
-2. Для генерации проекта XCode используется QT. Требуется версия QT 6.6.2. Установите QT для MacOS здесь или через QT Online Installer. Необходимые модули:
+1. Убедитесь, что у вас установлен Xcode версии 14 или выше.
+2. Для генерации проекта Xcode используется QT. Требуется версия QT 6.6.2. Установите QT для MacOS здесь или через QT Online Installer. Необходимые модули:
 - MacOS
 - iOS
 - Модуль совместимости с Qt 5
@@ -117,7 +117,7 @@ $QT_IOS_BIN/qt-cmake . -B build-ios -GXcode -DQT_HOST_PATH=$QT_MACOS_ROOT_DIR
 export PATH=$(PATH):/path/to/GOPATH/bin
 ```
 
-6. Откройте проект в XCode. Теперь вы можете тестировать, архивировать или публиковать приложение.
+6. Откройте проект в Xcode. Теперь вы можете тестировать, архивировать или публиковать приложение.
    
 Если сборка завершится с ошибкой:
 ```

client/CMakeLists.txt

@@ -31,10 +31,6 @@ add_definitions(-DDEV_AGW_PUBLIC_KEY="$ENV{DEV_AGW_PUBLIC_KEY}")
 add_definitions(-DDEV_AGW_ENDPOINT="$ENV{DEV_AGW_ENDPOINT}")
 add_definitions(-DDEV_S3_ENDPOINT="$ENV{DEV_S3_ENDPOINT}")
 
-if(IOS)
-    set(PACKAGES ${PACKAGES} Multimedia)
-endif()
-
 if(WIN32 OR (APPLE AND NOT IOS) OR (LINUX AND NOT ANDROID))
     set(PACKAGES ${PACKAGES} Widgets)
 endif()
@@ -48,10 +44,6 @@ set(LIBS ${LIBS}
     Qt6::Core5Compat Qt6::Concurrent
 )
 
-if(IOS)
-    set(LIBS ${LIBS} Qt6::Multimedia)
-endif()
-
 if(WIN32 OR (APPLE AND NOT IOS) OR (LINUX AND NOT ANDROID))
     set(LIBS ${LIBS} Qt6::Widgets)
 endif()

client/configurators/wireguard_configurator.cpp

@@ -3,6 +3,7 @@
 #include <QDebug>
 #include <QJsonDocument>
 #include <QProcess>
+#include <QRegularExpression>
 #include <QString>
 #include <QTemporaryDir>
 #include <QTemporaryFile>
@@ -19,13 +20,17 @@
 #include "settings.h"
 #include "utilities.h"
 
-WireguardConfigurator::WireguardConfigurator(std::shared_ptr<Settings> settings, const QSharedPointer<ServerController> &serverController,
-                                             bool isAwg, QObject *parent)
+WireguardConfigurator::WireguardConfigurator(std::shared_ptr<Settings> settings,
+                                             const QSharedPointer<ServerController> &serverController, bool isAwg,
+                                             QObject *parent)
     : ConfiguratorBase(settings, serverController, parent), m_isAwg(isAwg)
 {
-    m_serverConfigPath = m_isAwg ? amnezia::protocols::awg::serverConfigPath : amnezia::protocols::wireguard::serverConfigPath;
-    m_serverPublicKeyPath = m_isAwg ? amnezia::protocols::awg::serverPublicKeyPath : amnezia::protocols::wireguard::serverPublicKeyPath;
-    m_serverPskKeyPath = m_isAwg ? amnezia::protocols::awg::serverPskKeyPath : amnezia::protocols::wireguard::serverPskKeyPath;
+    m_serverConfigPath =
+            m_isAwg ? amnezia::protocols::awg::serverConfigPath : amnezia::protocols::wireguard::serverConfigPath;
+    m_serverPublicKeyPath =
+            m_isAwg ? amnezia::protocols::awg::serverPublicKeyPath : amnezia::protocols::wireguard::serverPublicKeyPath;
+    m_serverPskKeyPath =
+            m_isAwg ? amnezia::protocols::awg::serverPskKeyPath : amnezia::protocols::wireguard::serverPskKeyPath;
     m_configTemplate = m_isAwg ? ProtocolScriptType::awg_template : ProtocolScriptType::wireguard_template;
 
     m_protocolName = m_isAwg ? config_key::awg : config_key::wireguard;
@@ -63,9 +68,31 @@ WireguardConfigurator::ConnectionData WireguardConfigurator::genClientKeys()
     return connData;
 }
 
+QList<QHostAddress> WireguardConfigurator::getIpsFromConf(const QString &input)
+{
+    QRegularExpression regex("AllowedIPs = (\\d+\\.\\d+\\.\\d+\\.\\d+)");
+    QRegularExpressionMatchIterator matchIterator = regex.globalMatch(input);
+
+    QList<QHostAddress> ips;
+
+    while (matchIterator.hasNext()) {
+        QRegularExpressionMatch match = matchIterator.next();
+        const QString address_string { match.captured(1) };
+        const QHostAddress address { address_string };
+        if (address.isNull()) {
+            qWarning() << "Couldn't recognize the ip address: " << address_string;
+        } else {
+            ips << address;
+        }
+    }
+
+    return ips;
+}
+
 WireguardConfigurator::ConnectionData WireguardConfigurator::prepareWireguardConfig(const ServerCredentials &credentials,
                                                                                     DockerContainer container,
-                                                                                    const QJsonObject &containerConfig, ErrorCode &errorCode)
+                                                                                    const QJsonObject &containerConfig,
+                                                                                    ErrorCode &errorCode)
 {
     WireguardConfigurator::ConnectionData connData = WireguardConfigurator::genClientKeys();
     connData.host = credentials.hostName;
@@ -76,65 +103,45 @@ WireguardConfigurator::ConnectionData WireguardConfigurator::prepareWireguardCon
         return connData;
     }
 
-    // Get list of already created clients (only IP addresses)
-    QString nextIpNumber;
-    {
-        QString script = QString("cat %1 | grep AllowedIPs").arg(m_serverConfigPath);
-        QString stdOut;
-        auto cbReadStdOut = [&](const QString &data, libssh::Client &) {
-            stdOut += data + "\n";
-            return ErrorCode::NoError;
-        };
+    QString getIpsScript = QString("cat %1 | grep AllowedIPs").arg(m_serverConfigPath);
+    QString stdOut;
+    auto cbReadStdOut = [&](const QString &data, libssh::Client &) {
+        stdOut += data + "\n";
+        return ErrorCode::NoError;
+    };
 
-        errorCode = m_serverController->runContainerScript(credentials, container, script, cbReadStdOut);
-        if (errorCode != ErrorCode::NoError) {
-            return connData;
-        }
+    errorCode = m_serverController->runContainerScript(credentials, container, getIpsScript, cbReadStdOut);
+    if (errorCode != ErrorCode::NoError) {
+        return connData;
+    }
+    auto ips = getIpsFromConf(stdOut);
 
-        stdOut.replace("AllowedIPs = ", "");
-        stdOut.replace("/32", "");
-        QStringList ips = stdOut.split("\n", Qt::SkipEmptyParts);
-
-        // remove extra IPs from each line for case when user manually edited the wg0.conf
-        // and added there more IPs for route his itnernal networks, like:
-        //     ...
-        //     AllowedIPs = 10.8.1.6/32, 192.168.1.0/24, 192.168.2.0/24, ...
-        //     ...
-        // without this code - next IP would be 1 if last item in 'ips' has format above
-        QStringList vpnIps;
-        for (const auto &ip : ips) {
-          vpnIps.append(ip.split(",", Qt::SkipEmptyParts).first().trimmed());
-        }
-        ips = vpnIps;
-
-        // Calc next IP address
-        if (ips.isEmpty()) {
-            nextIpNumber = "2";
+    QHostAddress nextIp = [&] {
+        QHostAddress result;
+        QHostAddress lastIp;
+        if (ips.empty()) {
+            lastIp.setAddress(containerConfig.value(m_protocolName)
+                                      .toObject()
+                                      .value(config_key::subnet_address)
+                                      .toString(protocols::wireguard::defaultSubnetAddress));
         } else {
-            int next = ips.last().split(".").last().toInt() + 1;
-            if (next > 254) {
-                errorCode = ErrorCode::AddressPoolError;
-                return connData;
-            }
-            nextIpNumber = QString::number(next);
+            lastIp = ips.last();
         }
-    }
-
-    QString subnetIp = containerConfig.value(m_protocolName).toObject().value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress);
-    {
-        QStringList l = subnetIp.split(".", Qt::SkipEmptyParts);
-        if (l.isEmpty()) {
-            errorCode = ErrorCode::AddressPoolError;
-            return connData;
+        quint8 lastOctet = static_cast<quint8>(lastIp.toIPv4Address());
+        switch (lastOctet) {
+        case 254: result.setAddress(lastIp.toIPv4Address() + 3); break;
+        case 255: result.setAddress(lastIp.toIPv4Address() + 2); break;
+        default: result.setAddress(lastIp.toIPv4Address() + 1); break;
         }
-        l.removeLast();
-        l.append(nextIpNumber);
 
-        connData.clientIP = l.join(".");
-    }
+        return result;
+    }();
+
+    connData.clientIP = nextIp.toString();
 
     // Get keys
-    connData.serverPubKey = m_serverController->getTextFileFromContainer(container, credentials, m_serverPublicKeyPath, errorCode);
+    connData.serverPubKey =
+            m_serverController->getTextFileFromContainer(container, credentials, m_serverPublicKeyPath, errorCode);
     connData.serverPubKey.replace("\n", "");
     if (errorCode != ErrorCode::NoError) {
         return connData;
@@ -161,10 +168,12 @@ WireguardConfigurator::ConnectionData WireguardConfigurator::prepareWireguardCon
         return connData;
     }
 
-    QString script = QString("sudo docker exec -i $CONTAINER_NAME bash -c 'wg syncconf wg0 <(wg-quick strip %1)'").arg(m_serverConfigPath);
+    QString script = QString("sudo docker exec -i $CONTAINER_NAME bash -c 'wg syncconf wg0 <(wg-quick strip %1)'")
+                             .arg(m_serverConfigPath);
 
     errorCode = m_serverController->runScript(
-            credentials, m_serverController->replaceVars(script, m_serverController->genVarsForScript(credentials, container)));
+            credentials,
+            m_serverController->replaceVars(script, m_serverController->genVarsForScript(credentials, container)));
 
     return connData;
 }
@@ -173,8 +182,8 @@ QString WireguardConfigurator::createConfig(const ServerCredentials &credentials
                                             const QJsonObject &containerConfig, ErrorCode &errorCode)
 {
     QString scriptData = amnezia::scriptData(m_configTemplate, container);
-    QString config =
-            m_serverController->replaceVars(scriptData, m_serverController->genVarsForScript(credentials, container, containerConfig));
+    QString config = m_serverController->replaceVars(
+            scriptData, m_serverController->genVarsForScript(credentials, container, containerConfig));
 
     ConnectionData connData = prepareWireguardConfig(credentials, container, containerConfig, errorCode);
     if (errorCode != ErrorCode::NoError) {
@@ -208,16 +217,16 @@ QString WireguardConfigurator::createConfig(const ServerCredentials &credentials
     return QJsonDocument(jConfig).toJson();
 }
 
-QString WireguardConfigurator::processConfigWithLocalSettings(const QPair<QString, QString> &dns, const bool isApiConfig,
-                                                              QString &protocolConfigString)
+QString WireguardConfigurator::processConfigWithLocalSettings(const QPair<QString, QString> &dns,
+                                                              const bool isApiConfig, QString &protocolConfigString)
 {
     processConfigWithDnsSettings(dns, protocolConfigString);
 
     return protocolConfigString;
 }
 
-QString WireguardConfigurator::processConfigWithExportSettings(const QPair<QString, QString> &dns, const bool isApiConfig,
-                                                               QString &protocolConfigString)
+QString WireguardConfigurator::processConfigWithExportSettings(const QPair<QString, QString> &dns,
+                                                               const bool isApiConfig, QString &protocolConfigString)
 {
     processConfigWithDnsSettings(dns, protocolConfigString);
 

client/configurators/wireguard_configurator.h

@@ -1,6 +1,7 @@
 #ifndef WIREGUARD_CONFIGURATOR_H
 #define WIREGUARD_CONFIGURATOR_H
 
+#include <QHostAddress>
 #include <QObject>
 #include <QProcessEnvironment>
 
@@ -12,8 +13,8 @@ class WireguardConfigurator : public ConfiguratorBase
 {
     Q_OBJECT
 public:
-    WireguardConfigurator(std::shared_ptr<Settings> settings, const QSharedPointer<ServerController> &serverController, bool isAwg,
-                          QObject *parent = nullptr);
+    WireguardConfigurator(std::shared_ptr<Settings> settings, const QSharedPointer<ServerController> &serverController,
+                          bool isAwg, QObject *parent = nullptr);
 
     struct ConnectionData
     {
@@ -26,15 +27,18 @@ public:
         QString port;
     };
 
-    QString createConfig(const ServerCredentials &credentials, DockerContainer container, const QJsonObject &containerConfig,
-                         ErrorCode &errorCode);
+    QString createConfig(const ServerCredentials &credentials, DockerContainer container,
+                         const QJsonObject &containerConfig, ErrorCode &errorCode);
 
-    QString processConfigWithLocalSettings(const QPair<QString, QString> &dns, const bool isApiConfig, QString &protocolConfigString);
-    QString processConfigWithExportSettings(const QPair<QString, QString> &dns, const bool isApiConfig, QString &protocolConfigString);
+    QString processConfigWithLocalSettings(const QPair<QString, QString> &dns, const bool isApiConfig,
+                                           QString &protocolConfigString);
+    QString processConfigWithExportSettings(const QPair<QString, QString> &dns, const bool isApiConfig,
+                                            QString &protocolConfigString);
 
     static ConnectionData genClientKeys();
 
 private:
+    QList<QHostAddress> getIpsFromConf(const QString &input);
     ConnectionData prepareWireguardConfig(const ServerCredentials &credentials, DockerContainer container,
                                           const QJsonObject &containerConfig, ErrorCode &errorCode);
 

client/core/api/apiDefs.h

@@ -10,7 +10,8 @@ namespace apiDefs
         AmneziaFreeV3,
         AmneziaPremiumV1,
         AmneziaPremiumV2,
-        SelfHosted
+        SelfHosted,
+        ExternalPremium
     };
 
     enum ConfigSource {
@@ -43,6 +44,13 @@ namespace apiDefs
         constexpr QLatin1String maxDeviceCount("max_device_count");
         constexpr QLatin1String subscriptionEndDate("subscription_end_date");
         constexpr QLatin1String issuedConfigs("issued_configs");
+
+        constexpr QLatin1String supportInfo("support_info");
+        constexpr QLatin1String email("email");
+        constexpr QLatin1String billingEmail("billing_email");
+        constexpr QLatin1String website("website");
+        constexpr QLatin1String websiteName("website_name");
+        constexpr QLatin1String telegram("telegram");
     }
 
     const int requestTimeoutMsecs = 12 * 1000; // 12 secs

client/core/api/apiUtils.cpp

@@ -32,15 +32,17 @@ apiDefs::ConfigType apiUtils::getConfigType(const QJsonObject &serverConfigObjec
 
         constexpr QLatin1String servicePremium("amnezia-premium");
         constexpr QLatin1String serviceFree("amnezia-free");
+        constexpr QLatin1String serviceExternalPremium("external-premium");
 
         auto apiConfigObject = serverConfigObject.value(apiDefs::key::apiConfig).toObject();
-        auto stackType = apiConfigObject.value(apiDefs::key::stackType).toString();
         auto serviceType = apiConfigObject.value(apiDefs::key::serviceType).toString();
 
-        if (serviceType == servicePremium || stackType == stackPremium) {
+        if (serviceType == servicePremium) {
             return apiDefs::ConfigType::AmneziaPremiumV2;
-        } else if (serviceType == serviceFree || stackType == stackFree) {
+        } else if (serviceType == serviceFree) {
             return apiDefs::ConfigType::AmneziaFreeV3;
+        } else if (serviceType == serviceExternalPremium) {
+            return apiDefs::ConfigType::ExternalPremium;
         }
     }
     default: {
@@ -66,6 +68,7 @@ amnezia::ErrorCode apiUtils::checkNetworkReplyErrors(const QList<QSslError> &ssl
         return amnezia::ErrorCode::NoError;
     } else if (reply->error() == QNetworkReply::NetworkError::OperationCanceledError
                || reply->error() == QNetworkReply::NetworkError::TimeoutError) {
+        qDebug() << reply->error();
         return amnezia::ErrorCode::ApiConfigTimeoutError;
     } else {
         QString err = reply->errorString();
@@ -85,3 +88,10 @@ amnezia::ErrorCode apiUtils::checkNetworkReplyErrors(const QList<QSslError> &ssl
     qDebug() << "something went wrong";
     return amnezia::ErrorCode::InternalError;
 }
+
+bool apiUtils::isPremiumServer(const QJsonObject &serverConfigObject)
+{
+    static const QSet<apiDefs::ConfigType> premiumTypes = { apiDefs::ConfigType::AmneziaPremiumV1, apiDefs::ConfigType::AmneziaPremiumV2,
+                                                            apiDefs::ConfigType::ExternalPremium };
+    return premiumTypes.contains(getConfigType(serverConfigObject));
+}

client/core/api/apiUtils.h

@@ -13,6 +13,8 @@ namespace apiUtils
 
     bool isSubscriptionExpired(const QString &subscriptionEndDate);
 
+    bool isPremiumServer(const QJsonObject &serverConfigObject);
+
     apiDefs::ConfigType getConfigType(const QJsonObject &serverConfigObject);
     apiDefs::ConfigSource getConfigSource(const QJsonObject &serverConfigObject);
 

client/core/controllers/coreController.cpp

@@ -1,5 +1,6 @@
 #include "coreController.h"
 
+#include <QDirIterator>
 #include <QTranslator>
 
 #if defined(Q_OS_ANDROID)
@@ -47,6 +48,9 @@ void CoreController::initModels()
     m_sitesModel.reset(new SitesModel(m_settings, this));
     m_engine->rootContext()->setContextProperty("SitesModel", m_sitesModel.get());
 
+    m_allowedDnsModel.reset(new AllowedDnsModel(m_settings, this));
+    m_engine->rootContext()->setContextProperty("AllowedDnsModel", m_allowedDnsModel.get());
+
     m_appSplitTunnelingModel.reset(new AppSplitTunnelingModel(m_settings, this));
     m_engine->rootContext()->setContextProperty("AppSplitTunnelingModel", m_appSplitTunnelingModel.get());
 
@@ -129,6 +133,9 @@ void CoreController::initControllers()
     m_sitesController.reset(new SitesController(m_settings, m_vpnConnection, m_sitesModel));
     m_engine->rootContext()->setContextProperty("SitesController", m_sitesController.get());
 
+    m_allowedDnsController.reset(new AllowedDnsController(m_settings, m_allowedDnsModel));
+    m_engine->rootContext()->setContextProperty("AllowedDnsController", m_allowedDnsController.get());
+
     m_appSplitTunnelingController.reset(new AppSplitTunnelingController(m_settings, m_appSplitTunnelingModel));
     m_engine->rootContext()->setContextProperty("AppSplitTunnelingController", m_appSplitTunnelingController.get());
 
@@ -213,6 +220,7 @@ void CoreController::initSignalHandlers()
     initAutoConnectHandler();
     initAmneziaDnsToggledHandler();
     initPrepareConfigHandler();
+    initStrictKillSwitchHandler();
 }
 
 void CoreController::initNotificationHandler()
@@ -238,7 +246,23 @@ void CoreController::updateTranslator(const QLocale &locale)
         QCoreApplication::removeTranslator(m_translator.get());
     }
 
-    QString strFileName = QString(":/translations/amneziavpn") + QLatin1String("_") + locale.name() + ".qm";
+    QStringList availableTranslations;
+    QDirIterator it(":/translations", QStringList("amneziavpn_*.qm"), QDir::Files);
+    while (it.hasNext()) {
+        availableTranslations << it.next();
+    }
+
+    // This code allow to load translation for the language only, without country code
+    const QString lang = locale.name().split("_").first();
+    const QString translationFilePrefix = QString(":/translations/amneziavpn_") + lang;
+    QString strFileName = QString(":/translations/amneziavpn_%1.qm").arg(locale.name());
+    for (const QString &translation : availableTranslations) {
+        if (translation.contains(translationFilePrefix)) {
+            strFileName = translation;
+            break;
+        }
+    }
+
     if (m_translator->load(strFileName)) {
         if (QCoreApplication::installTranslator(m_translator.get())) {
             m_settings->setAppLanguage(locale);
@@ -339,6 +363,12 @@ void CoreController::initPrepareConfigHandler()
     });
 }
 
+void CoreController::initStrictKillSwitchHandler()
+{
+    connect(m_settingsController.get(), &SettingsController::strictKillSwitchEnabledChanged, 
+            m_vpnConnection.get(), &VpnConnection::onKillSwitchModeChanged);
+}
+
 QSharedPointer<PageController> CoreController::pageController() const
 {
     return m_pageController;

client/core/controllers/coreController.h

@@ -8,6 +8,7 @@
 #include "ui/controllers/api/apiConfigsController.h"
 #include "ui/controllers/api/apiSettingsController.h"
 #include "ui/controllers/appSplitTunnelingController.h"
+#include "ui/controllers/allowedDnsController.h"
 #include "ui/controllers/connectionController.h"
 #include "ui/controllers/exportController.h"
 #include "ui/controllers/focusController.h"
@@ -18,6 +19,7 @@
 #include "ui/controllers/sitesController.h"
 #include "ui/controllers/systemController.h"
 
+#include "ui/models/allowed_dns_model.h"
 #include "ui/models/containers_model.h"
 #include "ui/models/languageModel.h"
 #include "ui/models/protocols/cloakConfigModel.h"
@@ -80,6 +82,7 @@ private:
     void initAutoConnectHandler();
     void initAmneziaDnsToggledHandler();
     void initPrepareConfigHandler();
+    void initStrictKillSwitchHandler();
 
     QQmlApplicationEngine *m_engine {}; // TODO use parent child system here?
     std::shared_ptr<Settings> m_settings;
@@ -102,6 +105,7 @@ private:
     QScopedPointer<SitesController> m_sitesController;
     QScopedPointer<SystemController> m_systemController;
     QScopedPointer<AppSplitTunnelingController> m_appSplitTunnelingController;
+    QScopedPointer<AllowedDnsController> m_allowedDnsController;
 
     QScopedPointer<ApiSettingsController> m_apiSettingsController;
     QScopedPointer<ApiConfigsController> m_apiConfigsController;
@@ -112,6 +116,7 @@ private:
     QSharedPointer<LanguageModel> m_languageModel;
     QSharedPointer<ProtocolsModel> m_protocolsModel;
     QSharedPointer<SitesModel> m_sitesModel;
+    QSharedPointer<AllowedDnsModel> m_allowedDnsModel;
     QSharedPointer<AppSplitTunnelingModel> m_appSplitTunnelingModel;
     QSharedPointer<ClientManagementModel> m_clientManagementModel;
 

client/core/controllers/gatewayController.cpp

@@ -7,6 +7,7 @@
 #include <QJsonDocument>
 #include <QJsonObject>
 #include <QNetworkReply>
+#include <QUrl>
 
 #include "QBlockCipher.h"
 #include "QRsa.h"
@@ -14,6 +15,11 @@
 #include "amnezia_application.h"
 #include "core/api/apiUtils.h"
 #include "utilities.h"
+#include "core/networkUtilities.h"
+
+#ifdef AMNEZIA_DESKTOP
+    #include "core/ipcclient.h"
+#endif
 
 namespace
 {
@@ -26,6 +32,10 @@ namespace
         constexpr char apiPayload[] = "api_payload";
         constexpr char keyPayload[] = "key_payload";
     }
+
+    constexpr QLatin1String errorResponsePattern1("No active configuration found for");
+    constexpr QLatin1String errorResponsePattern2("No non-revoked public key found for");
+    constexpr QLatin1String errorResponsePattern3("Account not found.");
 }
 
 GatewayController::GatewayController(const QString &gatewayEndpoint, bool isDevEnvironment, int requestTimeoutMsecs, QObject *parent)
@@ -46,6 +56,17 @@ ErrorCode GatewayController::get(const QString &endpoint, QByteArray &responseBo
 
     request.setUrl(QString(endpoint).arg(m_gatewayEndpoint));
 
+    // bypass killSwitch exceptions for API-gateway
+#ifdef AMNEZIA_DESKTOP
+    {
+        QString host = QUrl(request.url()).host();
+        QString ip = NetworkUtilities::getIPAddress(host);
+        if (!ip.isEmpty()) {
+            IpcClient::Interface()->addKillSwitchAllowedRange(QStringList{ip});
+        }
+    }
+#endif
+
     QNetworkReply *reply;
     reply = amnApp->networkManager()->get(request);
 
@@ -97,6 +118,17 @@ ErrorCode GatewayController::post(const QString &endpoint, const QJsonObject api
 
     request.setUrl(endpoint.arg(m_gatewayEndpoint));
 
+    // bypass killSwitch exceptions for API-gateway
+#ifdef AMNEZIA_DESKTOP
+    {
+        QString host = QUrl(request.url()).host();
+        QString ip = NetworkUtilities::getIPAddress(host);
+        if (!ip.isEmpty()) {
+            IpcClient::Interface()->addKillSwitchAllowedRange(QStringList{ip});
+        }
+    }
+#endif
+
     QSimpleCrypto::QBlockCipher blockCipher;
     QByteArray key = blockCipher.generatePrivateSalt(32);
     QByteArray iv = blockCipher.generatePrivateSalt(32);
@@ -194,16 +226,16 @@ QStringList GatewayController::getProxyUrls()
     QList<QSslError> sslErrors;
     QNetworkReply *reply;
 
-    QStringList proxyStorageUrl;
+    QStringList proxyStorageUrls;
     if (m_isDevEnvironment) {
-        proxyStorageUrl = QStringList { DEV_S3_ENDPOINT };
+        proxyStorageUrls = QString(DEV_S3_ENDPOINT).split(", ");
     } else {
-        proxyStorageUrl = QStringList { PROD_S3_ENDPOINT };
+        proxyStorageUrls = QString(PROD_S3_ENDPOINT).split(", ");
     }
 
     QByteArray key = m_isDevEnvironment ? DEV_AGW_PUBLIC_KEY : PROD_AGW_PUBLIC_KEY;
 
-    for (const auto &proxyStorageUrl : proxyStorageUrl) {
+    for (const auto &proxyStorageUrl : proxyStorageUrls) {
         request.setUrl(proxyStorageUrl);
         reply = amnApp->networkManager()->get(request);
 
@@ -247,6 +279,9 @@ QStringList GatewayController::getProxyUrls()
             }
             return endpoints;
         } else {
+            apiUtils::checkNetworkReplyErrors(sslErrors, reply);
+            qDebug() << "go to the next storage endpoint";
+
             reply->deleteLater();
         }
     }
@@ -257,17 +292,29 @@ bool GatewayController::shouldBypassProxy(QNetworkReply *reply, const QByteArray
                                           const QByteArray &iv, const QByteArray &salt)
 {
     if (reply->error() == QNetworkReply::NetworkError::OperationCanceledError || reply->error() == QNetworkReply::NetworkError::TimeoutError) {
-        qDebug() << "Timeout occurred";
+        qDebug() << "timeout occurred";
+        qDebug() << reply->error();
         return true;
     } else if (responseBody.contains("html")) {
-        qDebug() << "The response contains an html tag";
+        qDebug() << "the response contains an html tag";
         return true;
-    } else if (reply->error() == QNetworkReply::NetworkError::NoError && checkEncryption) {
+    } else if (reply->error() == QNetworkReply::NetworkError::ContentNotFoundError) {
+        if (responseBody.contains(errorResponsePattern1) || responseBody.contains(errorResponsePattern2)
+            || responseBody.contains(errorResponsePattern3)) {
+            return false;
+        } else {
+            qDebug() << reply->error();
+            return true;
+        }
+    } else if (reply->error() != QNetworkReply::NetworkError::NoError) {
+        qDebug() << reply->error();
+        return true;
+    } else if (checkEncryption) {
         try {
             QSimpleCrypto::QBlockCipher blockCipher;
             static_cast<void>(blockCipher.decryptAesBlockCipher(responseBody, key, iv, "", salt));
         } catch (...) {
-            qDebug() << "Failed to decrypt the data";
+            qDebug() << "failed to decrypt the data";
             return true;
         }
     }
@@ -288,7 +335,7 @@ void GatewayController::bypassProxy(const QString &endpoint, QNetworkReply *repl
     QByteArray responseBody;
 
     for (const QString &proxyUrl : proxyUrls) {
-        qDebug() << "Go to the next endpoint";
+        qDebug() << "go to the next proxy endpoint";
         reply->deleteLater(); // delete the previous reply
         reply = requestFunction(endpoint.arg(proxyUrl));
 

client/core/controllers/serverController.cpp

@@ -709,7 +709,7 @@ ErrorCode ServerController::isServerPortBusy(const ServerCredentials &credential
     QString transportProto = containerConfig.value(config_key::transport_proto).toString(defaultTransportProto);
 
     // TODO reimplement with netstat
-    QString script = QString("which lsof &>/dev/null || true && sudo lsof -i -P -n 2>/dev/null | grep -E ':%1 ").arg(port);
+    QString script = QString("which lsof > /dev/null 2>&1 || true && sudo lsof -i -P -n 2>/dev/null | grep -E ':%1 ").arg(port);
     for (auto &port : fixedPorts) {
         script = script.append("|:%1").arg(port);
     }
@@ -757,10 +757,6 @@ ErrorCode ServerController::isServerPortBusy(const ServerCredentials &credential
 
 ErrorCode ServerController::isUserInSudo(const ServerCredentials &credentials, DockerContainer container)
 {
-    if (credentials.userName == "root") {
-        return ErrorCode::NoError;
-    }
-
     QString stdOut;
     auto cbReadStdOut = [&](const QString &data, libssh::Client &) {
         stdOut += data + "\n";
@@ -774,8 +770,16 @@ ErrorCode ServerController::isUserInSudo(const ServerCredentials &credentials, D
     const QString scriptData = amnezia::scriptData(SharedScriptType::check_user_in_sudo);
     ErrorCode error = runScript(credentials, replaceVars(scriptData, genVarsForScript(credentials)), cbReadStdOut, cbReadStdErr);
 
-    if (!stdOut.contains("sudo"))
+    if (credentials.userName != "root" && stdOut.contains("sudo:") && !stdOut.contains("uname:") && stdOut.contains("not found"))
+        return ErrorCode::ServerSudoPackageIsNotPreinstalled;
+    if (credentials.userName != "root" && !stdOut.contains("sudo") && !stdOut.contains("wheel"))
         return ErrorCode::ServerUserNotInSudo;
+    if (stdOut.contains("can't cd to") || stdOut.contains("Permission denied") || stdOut.contains("No such file or directory"))
+        return ErrorCode::ServerUserDirectoryNotAccessible;
+    if (stdOut.contains("sudoers") || stdOut.contains("is not allowed to run sudo on"))
+        return ErrorCode::ServerUserNotAllowedInSudoers;
+    if (stdOut.contains("password is required"))
+        return ErrorCode::ServerUserPasswordRequired;
 
     return error;
 }

client/core/defs.h

@@ -54,6 +54,10 @@ namespace amnezia
         ServerCancelInstallation = 204,
         ServerUserNotInSudo = 205,
         ServerPacketManagerError = 206,
+        ServerSudoPackageIsNotPreinstalled = 207,
+        ServerUserDirectoryNotAccessible = 208,
+        ServerUserNotAllowedInSudoers = 209,
+        ServerUserPasswordRequired = 210,
 
         // Ssh connection errors
         SshRequestDeniedError = 300,

client/core/errorstrings.cpp

@@ -20,8 +20,12 @@ QString errorString(ErrorCode code) {
     case(ErrorCode::ServerContainerMissingError): errorMessage = QObject::tr("Server error: Docker container missing"); break;
     case(ErrorCode::ServerDockerFailedError): errorMessage = QObject::tr("Server error: Docker failed"); break;
     case(ErrorCode::ServerCancelInstallation): errorMessage = QObject::tr("Installation canceled by user"); break;
-    case(ErrorCode::ServerUserNotInSudo): errorMessage = QObject::tr("The user does not have permission to use sudo"); break;
-    case(ErrorCode::ServerPacketManagerError): errorMessage = QObject::tr("Server error: Packet manager error"); break;
+    case(ErrorCode::ServerUserNotInSudo): errorMessage = QObject::tr("The user is not a member of the sudo group"); break;
+    case(ErrorCode::ServerPacketManagerError): errorMessage = QObject::tr("Server error: Package manager error"); break;
+    case(ErrorCode::ServerSudoPackageIsNotPreinstalled): errorMessage = QObject::tr("The sudo package is not pre-installed on the server"); break;
+    case(ErrorCode::ServerUserDirectoryNotAccessible): errorMessage = QObject::tr("The server user's home directory is not accessible"); break;
+    case(ErrorCode::ServerUserNotAllowedInSudoers): errorMessage = QObject::tr("Action not allowed in sudoers"); break;
+    case(ErrorCode::ServerUserPasswordRequired): errorMessage = QObject::tr("The user's password is required"); break;
 
     // Libssh errors
     case(ErrorCode::SshRequestDeniedError): errorMessage = QObject::tr("SSH request was denied"); break;

client/daemon/daemon.cpp

@@ -371,6 +371,9 @@ bool Daemon::parseConfig(const QJsonObject& obj, InterfaceConfig& config) {
   if (!parseStringList(obj, "vpnDisabledApps", config.m_vpnDisabledApps)) {
     return false;
   }
+  if (!parseStringList(obj, "allowedDnsServers", config.m_allowedDnsServers)) {
+    return false;
+  }
 
   config.m_killSwitchEnabled = QVariant(obj.value("killSwitchOption").toString()).toBool();
 

client/daemon/interfaceconfig.cpp

@@ -48,6 +48,13 @@ QJsonObject InterfaceConfig::toJson() const {
   }
   json.insert("excludedAddresses", jsExcludedAddresses);
 
+
+  QJsonArray jsAllowedDnsServers;
+  for (const QString& i : m_allowedDnsServers) {
+    jsAllowedDnsServers.append(QJsonValue(i));
+  }
+  json.insert("allowedDnsServers", jsAllowedDnsServers);
+
   QJsonArray disabledApps;
   for (const QString& i : m_vpnDisabledApps) {
     disabledApps.append(QJsonValue(i));

client/daemon/interfaceconfig.h

@@ -37,6 +37,7 @@ class InterfaceConfig {
   QList<IPAddress> m_allowedIPAddressRanges;
   QStringList m_excludedAddresses;
   QStringList m_vpnDisabledApps;
+  QStringList m_allowedDnsServers;
   bool m_killSwitchEnabled;
 #if defined(MZ_ANDROID) || defined(MZ_IOS)
   QString m_installationId;

client/mozilla/localsocketcontroller.cpp

@@ -123,6 +123,7 @@ void LocalSocketController::activate(const QJsonObject &rawConfig) {
 
   int appSplitTunnelType = rawConfig.value(amnezia::config_key::appSplitTunnelType).toInt();
   QJsonArray splitTunnelApps = rawConfig.value(amnezia::config_key::splitTunnelApps).toArray();
+  QJsonArray allowedDns = rawConfig.value(amnezia::config_key::allowedDnsServers).toArray();
 
   QJsonObject wgConfig = rawConfig.value(protocolName + "_config_data").toObject();
 
@@ -226,6 +227,8 @@ void LocalSocketController::activate(const QJsonObject &rawConfig) {
 
   json.insert("vpnDisabledApps", splitTunnelApps);
 
+  json.insert("allowedDnsServers", allowedDns);
+
   json.insert(amnezia::config_key::killSwitchOption, rawConfig.value(amnezia::config_key::killSwitchOption));
 
   if (protocolName == amnezia::config_key::awg) {

client/platforms/linux/daemon/linuxfirewall.cpp

@@ -455,9 +455,6 @@ void LinuxFirewall::updateDNSServers(const QStringList& servers)
 
 void LinuxFirewall::updateAllowNets(const QStringList& servers)
 {
-    static QStringList existingServers {};
-
-    existingServers = servers;
     execute(QStringLiteral("iptables -F %1.110.allowNets").arg(kAnchorName));
     for (const QString& rule : getAllowRule(servers))
         execute(QStringLiteral("iptables -A %1.110.allowNets %2").arg(kAnchorName, rule));

client/platforms/linux/daemon/wireguardutilslinux.cpp

@@ -17,6 +17,8 @@
 #include "leakdetector.h"
 #include "logger.h"
 
+#include "killswitch.h"
+
 constexpr const int WG_TUN_PROC_TIMEOUT = 5000;
 constexpr const char* WG_RUNTIME_DIR = "/var/run/amneziawg";
 
@@ -182,7 +184,7 @@ bool WireguardUtilsLinux::deleteInterface() {
     QFile::remove(wgRuntimeDir.filePath(QString(WG_INTERFACE) + ".name"));
 
     // double-check + ensure our firewall is installed and enabled
-    LinuxFirewall::uninstall();
+    KillSwitch::instance()->disableKillSwitch();
     return true;
 }
 

client/platforms/macos/daemon/wireguardutilsmacos.cpp

@@ -16,6 +16,8 @@
 #include "leakdetector.h"
 #include "logger.h"
 
+#include "killswitch.h"
+
 constexpr const int WG_TUN_PROC_TIMEOUT = 5000;
 constexpr const char* WG_RUNTIME_DIR = "/var/run/amneziawg";
 
@@ -180,7 +182,7 @@ bool WireguardUtilsMacos::deleteInterface() {
   QFile::remove(wgRuntimeDir.filePath(QString(WG_INTERFACE) + ".name"));
 
   // double-check + ensure our firewall is installed and enabled
-  MacOSFirewall::uninstall();
+  KillSwitch::instance()->disableKillSwitch();
 
   return true;
 }

client/platforms/windows/daemon/windowsfirewall.cpp

@@ -29,6 +29,8 @@
 #include "logger.h"
 #include "platforms/windows/windowsutils.h"
 
+#include "killswitch.h"
+
 #define IPV6_ADDRESS_SIZE 16
 
 // ID for the Firewall Sublayer
@@ -180,16 +182,29 @@ bool WindowsFirewall::enableInterface(int vpnAdapterIndex) {
     }                                                                     \
   }
 
-  logger.info() << "Enabling firewall Using Adapter:" << vpnAdapterIndex;
+  logger.info() << "Enabling Killswitch Using Adapter:" << vpnAdapterIndex;
+  if (vpnAdapterIndex < 0)
+  {
+    IPAddress allv4("0.0.0.0/0");
+    if (!blockTrafficTo(allv4, MED_WEIGHT,
+                        "Block Internet", "killswitch")) {
+        return false;
+    }
+    IPAddress allv6("::/0");
+    if (!blockTrafficTo(allv6, MED_WEIGHT,
+                        "Block Internet", "killswitch")) {
+      return false;
+    }
+  } else
   FW_OK(allowTrafficOfAdapter(vpnAdapterIndex, MED_WEIGHT,
-                              "Allow usage of VPN Adapter"));
+                                  "Allow usage of VPN Adapter"));
   FW_OK(allowDHCPTraffic(MED_WEIGHT, "Allow DHCP Traffic"));
-  FW_OK(allowHyperVTraffic(MED_WEIGHT, "Allow Hyper-V Traffic"));
+  FW_OK(allowHyperVTraffic(MAX_WEIGHT, "Allow Hyper-V Traffic"));
   FW_OK(allowTrafficForAppOnAll(getCurrentPath(), MAX_WEIGHT,
                                 "Allow all for AmneziaVPN.exe"));
   FW_OK(blockTrafficOnPort(53, MED_WEIGHT, "Block all DNS"));
-  FW_OK(
-      allowLoopbackTraffic(MED_WEIGHT, "Allow Loopback traffic on device %1"));
+  FW_OK(allowLoopbackTraffic(MED_WEIGHT,
+                             "Allow Loopback traffic on device %1"));
 
   logger.debug() << "Killswitch on! Rules:" << m_activeRules.length();
   return true;
@@ -226,6 +241,37 @@ bool WindowsFirewall::enableLanBypass(const QList<IPAddress>& ranges) {
   return true;
 }
 
+// Allow unprotected traffic sent to the following address ranges.
+bool WindowsFirewall::allowTrafficRange(const QStringList& ranges) {
+  // Start the firewall transaction
+  auto result = FwpmTransactionBegin(m_sessionHandle, NULL);
+  if (result != ERROR_SUCCESS) {
+    disableKillSwitch();
+    return false;
+  }
+  auto cleanup = qScopeGuard([&] {
+      FwpmTransactionAbort0(m_sessionHandle);
+      disableKillSwitch();
+  });
+
+  for (const QString& addr : ranges) {
+    logger.debug() << "Allow killswitch exclude: " << addr;
+    if (!allowTrafficTo(QHostAddress(addr), LOW_WEIGHT + 1, "Allow killswitch bypass traffic")) {
+      return false;
+    }
+  }
+
+  result = FwpmTransactionCommit0(m_sessionHandle);
+  if (result != ERROR_SUCCESS) {
+    logger.error() << "FwpmTransactionCommit0 failed with error:" << result;
+    return false;
+  }
+
+  cleanup.dismiss();
+  return true;
+}
+
+
 bool WindowsFirewall::enablePeerTraffic(const InterfaceConfig& config) {
   // Start the firewall transaction
   auto result = FwpmTransactionBegin(m_sessionHandle, NULL);
@@ -262,12 +308,20 @@ bool WindowsFirewall::enablePeerTraffic(const InterfaceConfig& config) {
     }
   }
 
+  for (const QString& dns : config.m_allowedDnsServers) {
+    logger.debug() << "Allow DNS: " << dns;
+    if (!allowTrafficTo(QHostAddress(dns), 53, HIGH_WEIGHT,
+                        "Allow DNS-Server", config.m_serverPublicKey)) {
+      return false;
+    }
+  }
+
   if (!config.m_excludedAddresses.empty()) {
     for (const QString& i : config.m_excludedAddresses) {
       logger.debug() << "excludedAddresses range: " << i;
 
       if (!allowTrafficTo(i, HIGH_WEIGHT,
-                               "Allow Ecxlude route", config.m_serverPublicKey)) {
+                          "Allow Ecxlude route", config.m_serverPublicKey)) {
         return false;
       }
     }
@@ -313,37 +367,41 @@ bool WindowsFirewall::disablePeerTraffic(const QString& pubkey) {
 }
 
 bool WindowsFirewall::disableKillSwitch() {
-  auto result = FwpmTransactionBegin(m_sessionHandle, NULL);
-  auto cleanup = qScopeGuard([&] {
+  return KillSwitch::instance()->disableKillSwitch();
+}
+
+bool WindowsFirewall::allowAllTraffic() {
+    auto result = FwpmTransactionBegin(m_sessionHandle, NULL);
+    auto cleanup = qScopeGuard([&] {
+        if (result != ERROR_SUCCESS) {
+            FwpmTransactionAbort0(m_sessionHandle);
+        }
+    });
     if (result != ERROR_SUCCESS) {
-      FwpmTransactionAbort0(m_sessionHandle);
+      logger.error() << "FwpmTransactionBegin0 failed. Return value:.\n"
+                     << result;
+      return false;
     }
-  });
-  if (result != ERROR_SUCCESS) {
-    logger.error() << "FwpmTransactionBegin0 failed. Return value:.\n"
-                   << result;
-    return false;
-  }
 
-  for (const auto& filterID : m_peerRules.values()) {
-    FwpmFilterDeleteById0(m_sessionHandle, filterID);
-  }
+    for (const auto& filterID : m_peerRules.values()) {
+      FwpmFilterDeleteById0(m_sessionHandle, filterID);
+    }
 
-  for (const auto& filterID : qAsConst(m_activeRules)) {
-    FwpmFilterDeleteById0(m_sessionHandle, filterID);
-  }
+    for (const auto& filterID : qAsConst(m_activeRules)) {
+      FwpmFilterDeleteById0(m_sessionHandle, filterID);
+    }
 
-  // Commit!
-  result = FwpmTransactionCommit0(m_sessionHandle);
-  if (result != ERROR_SUCCESS) {
-    logger.error() << "FwpmTransactionCommit0 failed. Return value:.\n"
-                   << result;
-    return false;
-  }
-  m_peerRules.clear();
-  m_activeRules.clear();
-  logger.debug() << "Firewall Disabled!";
-  return true;
+           // Commit!
+    result = FwpmTransactionCommit0(m_sessionHandle);
+    if (result != ERROR_SUCCESS) {
+      logger.error() << "FwpmTransactionCommit0 failed. Return value:.\n"
+                     << result;
+      return false;
+    }
+    m_peerRules.clear();
+    m_activeRules.clear();
+    logger.debug() << "Firewall Disabled!";
+    return true;
 }
 
 bool WindowsFirewall::allowTrafficForAppOnAll(const QString& exePath,

client/platforms/windows/daemon/windowsfirewall.h

@@ -43,6 +43,8 @@ class WindowsFirewall final : public QObject {
   bool enablePeerTraffic(const InterfaceConfig& config);
   bool disablePeerTraffic(const QString& pubkey);
   bool disableKillSwitch();
+  bool allowAllTraffic();
+  bool allowTrafficRange(const QStringList& ranges);
 
  private:
   static bool initSublayer();

client/protocols/openvpnprotocol.cpp

@@ -171,6 +171,11 @@ ErrorCode OpenVpnProtocol::start()
         return lastError();
     }
 
+#if defined(Q_OS_LINUX) || defined(Q_OS_MACOS)
+    IpcClient::Interface()->addKillSwitchAllowedRange(QStringList(NetworkUtilities::getIPAddress(
+            m_configData.value(amnezia::config_key::hostName).toString())));
+#endif
+
     // Detect default gateway
 #ifdef Q_OS_MAC
     QProcess p;

client/protocols/protocols_defs.h

@@ -95,6 +95,8 @@ namespace amnezia
         constexpr char splitTunnelApps[] = "splitTunnelApps";
         constexpr char appSplitTunnelType[] = "appSplitTunnelType";
 
+        constexpr char allowedDnsServers[] = "allowedDnsServers";
+
         constexpr char killSwitchOption[] = "killSwitchOption";
 
         constexpr char crc[] = "crc";

client/resources.qrc

@@ -129,6 +129,7 @@
         <file>ui/qml/Components/SettingsContainersListView.qml</file>
         <file>ui/qml/Components/ShareConnectionDrawer.qml</file>
         <file>ui/qml/Components/TransportProtoSelector.qml</file>
+        <file>ui/qml/Components/AddSitePanel.qml</file>
         <file>ui/qml/Config/GlobalConfig.qml</file>
         <file>ui/qml/Config/qmldir</file>
         <file>ui/qml/Controls2/BackButtonType.qml</file>
@@ -143,7 +144,9 @@
         <file>ui/qml/Controls2/DropDownType.qml</file>
         <file>ui/qml/Controls2/FlickableType.qml</file>
         <file>ui/qml/Controls2/Header2Type.qml</file>
-        <file>ui/qml/Controls2/HeaderType.qml</file>
+        <file>ui/qml/Controls2/BaseHeaderType.qml</file>
+        <file>ui/qml/Controls2/HeaderTypeWithButton.qml</file>
+        <file>ui/qml/Controls2/HeaderTypeWithSwitcher.qml</file>
         <file>ui/qml/Controls2/HorizontalRadioButton.qml</file>
         <file>ui/qml/Controls2/ImageButtonType.qml</file>
         <file>ui/qml/Controls2/LabelWithButtonType.qml</file>
@@ -199,6 +202,8 @@
         <file>ui/qml/Pages2/PageSettingsBackup.qml</file>
         <file>ui/qml/Pages2/PageSettingsConnection.qml</file>
         <file>ui/qml/Pages2/PageSettingsDns.qml</file>
+        <file>ui/qml/Pages2/PageSettingsKillSwitch.qml</file>
+        <file>ui/qml/Pages2/PageSettingsKillSwitchExceptions.qml</file>
         <file>ui/qml/Pages2/PageSettingsLogging.qml</file>
         <file>ui/qml/Pages2/PageSettingsServerData.qml</file>
         <file>ui/qml/Pages2/PageSettingsServerInfo.qml</file>

client/secure_qsettings.cpp

@@ -1,7 +1,7 @@
 #include "secure_qsettings.h"
 
-#include "QAead.h"
-#include "QBlockCipher.h"
+#include "../client/3rd/QSimpleCrypto/src/include/QAead.h"
+#include "../client/3rd/QSimpleCrypto/src/include/QBlockCipher.h"
 #include "utilities.h"
 #include <QDataStream>
 #include <QDebug>

client/secure_qsettings.h

@@ -6,7 +6,7 @@
 #include <QObject>
 #include <QSettings>
 
-#include "keychain.h"
+#include "../client/3rd/qtkeychain/qtkeychain/keychain.h"
 
 class SecureQSettings : public QObject
 {

client/server_scripts/check_user_in_sudo.sh

@@ -1,2 +1,13 @@
-CUR_USER=$(whoami);\
-groups $CUR_USER
+if which apt-get > /dev/null 2>&1; then pm=$(which apt-get); opt="--version";\
+elif which dnf > /dev/null 2>&1; then pm=$(which dnf); opt="--version";\
+elif which yum > /dev/null 2>&1; then pm=$(which yum); opt="--version";\
+elif which pacman > /dev/null 2>&1; then pm=$(which pacman); opt="--version";\
+else pm="uname"; opt="-a";\
+fi;\
+CUR_USER=$(whoami 2>/dev/null || echo $HOME | sed 's/.*\///');\
+echo $LANG | grep -qE '^(en_US.UTF-8|C.UTF-8|C)$' || export LC_ALL=C;\
+sudo -K;\
+cd ~;\
+if [ "$CUR_USER" = "root" ] || ( groups "$CUR_USER" | grep -E '\<(sudo|wheel)\>' ); then \
+  sudo -nu $CUR_USER $pm $opt > /dev/null; sudo -n $pm $opt > /dev/null;\
+fi

client/server_scripts/prepare_host.sh

@@ -1,4 +1,4 @@
-CUR_USER=$(whoami);\
+CUR_USER=$(whoami 2>/dev/null || echo $HOME | sed 's/.*\///');\
 sudo mkdir -p $DOCKERFILE_FOLDER;\
 sudo chown $CUR_USER $DOCKERFILE_FOLDER;\
 if ! sudo docker network ls | grep -q amnezia-dns-net; then sudo docker network create \

client/settings.cpp

@@ -443,6 +443,16 @@ void Settings::setKillSwitchEnabled(bool enabled)
     setValue("Conf/killSwitchEnabled", enabled);
 }
 
+bool Settings::isStrictKillSwitchEnabled() const
+{
+    return value("Conf/strictKillSwitchEnabled", false).toBool();
+}
+
+void Settings::setStrictKillSwitchEnabled(bool enabled)
+{
+    setValue("Conf/strictKillSwitchEnabled", enabled);
+}
+
 QString Settings::getInstallationUuid(const bool needCreate)
 {
     auto uuid = value("Conf/installationUuid", "").toString();
@@ -548,3 +558,13 @@ void Settings::disableHomeAdLabel()
 {
     setValue("Conf/homeAdLabelVisible", false);
 }
+
+QStringList Settings::allowedDnsServers() const
+{
+    return value("Conf/allowedDnsServers").toStringList();
+}
+
+void Settings::setAllowedDnsServers(const QStringList &servers)
+{
+    setValue("Conf/allowedDnsServers", servers);
+}

client/settings.h

@@ -213,6 +213,10 @@ public:
 
     bool isKillSwitchEnabled() const;
     void setKillSwitchEnabled(bool enabled);
+
+    bool isStrictKillSwitchEnabled() const;
+    void setStrictKillSwitchEnabled(bool enabled);
+
     QString getInstallationUuid(const bool needCreate);
 
     void resetGatewayEndpoint();
@@ -225,6 +229,9 @@ public:
     bool isHomeAdLabelVisible();
     void disableHomeAdLabel();
 
+    QStringList allowedDnsServers() const;
+    void setAllowedDnsServers(const QStringList &servers);
+
 signals:
     void saveLogsChanged(bool enabled);
     void screenshotsEnabledChanged(bool enabled);

client/ui/controllers/allowedDnsController.cpp

@@ -0,0 +1,101 @@
+#include "allowedDnsController.h"
+
+#include <QFile>
+#include <QStandardPaths>
+#include <QJsonDocument>
+#include <QJsonArray>
+#include <QJsonObject>
+
+#include "systemController.h"
+#include "core/networkUtilities.h"
+#include "core/defs.h"
+
+AllowedDnsController::AllowedDnsController(const std::shared_ptr<Settings> &settings,
+                                           const QSharedPointer<AllowedDnsModel> &allowedDnsModel,
+                                           QObject *parent)
+    : QObject(parent), m_settings(settings), m_allowedDnsModel(allowedDnsModel)
+{
+}
+
+void AllowedDnsController::addDns(QString ip)
+{
+    if (ip.isEmpty()) {
+        return;
+    }
+
+    if (!NetworkUtilities::ipAddressRegExp().match(ip).hasMatch()) {
+        emit errorOccurred(tr("The address does not look like a valid IP address"));
+        return;
+    }
+
+    if (m_allowedDnsModel->addDns(ip)) {
+        emit finished(tr("New DNS server added: %1").arg(ip));
+    } else {
+        emit errorOccurred(tr("DNS server already exists: %1").arg(ip));
+    }
+}
+
+void AllowedDnsController::removeDns(int index)
+{
+    auto modelIndex = m_allowedDnsModel->index(index);
+    auto ip = m_allowedDnsModel->data(modelIndex, AllowedDnsModel::Roles::IpRole).toString();
+    m_allowedDnsModel->removeDns(modelIndex);
+
+    emit finished(tr("DNS server removed: %1").arg(ip));
+}
+
+void AllowedDnsController::importDns(const QString &fileName, bool replaceExisting)
+{
+    QByteArray jsonData;
+    if (!SystemController::readFile(fileName, jsonData)) {
+        emit errorOccurred(tr("Can't open file: %1").arg(fileName));
+        return;
+    }
+
+    QJsonDocument jsonDocument = QJsonDocument::fromJson(jsonData);
+    if (jsonDocument.isNull()) {
+        emit errorOccurred(tr("Failed to parse JSON data from file: %1").arg(fileName));
+        return;
+    }
+
+    if (!jsonDocument.isArray()) {
+        emit errorOccurred(tr("The JSON data is not an array in file: %1").arg(fileName));
+        return;
+    }
+
+    auto jsonArray = jsonDocument.array();
+    QStringList dnsServers;
+
+    for (auto jsonValue : jsonArray) {
+        auto ip = jsonValue.toString();
+        
+        if (!NetworkUtilities::ipAddressRegExp().match(ip).hasMatch()) {
+            qDebug() << ip << " is not a valid IP address";
+            continue;
+        }
+        
+        dnsServers.append(ip);
+    }
+
+    m_allowedDnsModel->addDnsList(dnsServers, replaceExisting);
+
+    emit finished(tr("Import completed"));
+}
+
+void AllowedDnsController::exportDns(const QString &fileName)
+{
+    auto dnsServers = m_allowedDnsModel->getCurrentDnsServers();
+
+    QJsonArray jsonArray;
+
+    for (const auto &ip : dnsServers) {
+        jsonArray.append(ip);
+    }
+
+    QJsonDocument jsonDocument(jsonArray);
+    QByteArray jsonData = jsonDocument.toJson();
+
+    SystemController::saveFile(fileName, jsonData);
+
+    emit finished(tr("Export completed"));
+} 

client/ui/controllers/allowedDnsController.h

@@ -0,0 +1,35 @@
+#ifndef ALLOWEDDNSCONTROLLER_H
+#define ALLOWEDDNSCONTROLLER_H
+
+#include <QObject>
+
+#include "settings.h"
+#include "ui/models/allowed_dns_model.h"
+
+class AllowedDnsController : public QObject
+{
+    Q_OBJECT
+public:
+    explicit AllowedDnsController(const std::shared_ptr<Settings> &settings,
+                                  const QSharedPointer<AllowedDnsModel> &allowedDnsModel,
+                                  QObject *parent = nullptr);
+
+public slots:
+    void addDns(QString ip);
+    void removeDns(int index);
+
+    void importDns(const QString &fileName, bool replaceExisting);
+    void exportDns(const QString &fileName);
+
+signals:
+    void errorOccurred(const QString &errorMessage);
+    void finished(const QString &message);
+
+    void saveFile(const QString &fileName, const QString &data);
+
+private:
+    std::shared_ptr<Settings> m_settings;
+    QSharedPointer<AllowedDnsModel> m_allowedDnsModel;
+};
+
+#endif // ALLOWEDDNSCONTROLLER_H 

client/ui/controllers/api/apiConfigsController.cpp

@@ -19,7 +19,7 @@ namespace
         constexpr char cloak[] = "cloak";
         constexpr char awg[] = "awg";
 
-        constexpr char apiEdnpoint[] = "api_endpoint";
+        constexpr char apiEndpoint[] = "api_endpoint";
         constexpr char accessToken[] = "api_key";
         constexpr char certificate[] = "certificate";
         constexpr char publicKey[] = "public_key";
@@ -251,7 +251,6 @@ bool ApiConfigsController::updateServiceFromGateway(const int serverIndex, const
 
         newServerConfig.insert(configKey::apiConfig, newApiConfig);
         newServerConfig.insert(configKey::authData, authData);
-        // newServerConfig.insert(
 
         m_serversModel->editServer(newServerConfig, serverIndex);
         if (reloadServiceConfig) {
@@ -270,54 +269,37 @@ bool ApiConfigsController::updateServiceFromGateway(const int serverIndex, const
 
 bool ApiConfigsController::updateServiceFromTelegram(const int serverIndex)
 {
-    auto serverConfig = m_serversModel->getServerConfig(serverIndex);
-    auto installationUuid = m_settings->getInstallationUuid(true);
-
 #ifdef Q_OS_IOS
     IosController::Instance()->requestInetAccess();
     QThread::msleep(10);
 #endif
 
-    if (serverConfig.value(config_key::configVersion).toInt()) {
-        QNetworkRequest request;
-        request.setTransferTimeout(apiDefs::requestTimeoutMsecs);
-        request.setHeader(QNetworkRequest::ContentTypeHeader, "application/json");
-        request.setRawHeader("Authorization", "Api-Key " + serverConfig.value(configKey::accessToken).toString().toUtf8());
-        QString endpoint = serverConfig.value(configKey::apiEdnpoint).toString();
-        request.setUrl(endpoint);
+    GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs);
 
-        QString protocol = serverConfig.value(configKey::protocol).toString();
+    auto serverConfig = m_serversModel->getServerConfig(serverIndex);
+    auto installationUuid = m_settings->getInstallationUuid(true);
 
-        ApiPayloadData apiPayloadData = generateApiPayloadData(protocol);
+    QString serviceProtocol = serverConfig.value(configKey::protocol).toString();
+    ApiPayloadData apiPayloadData = generateApiPayloadData(serviceProtocol);
 
-        QJsonObject apiPayload = fillApiPayload(protocol, apiPayloadData);
-        apiPayload[configKey::uuid] = installationUuid;
+    QJsonObject apiPayload = fillApiPayload(serviceProtocol, apiPayloadData);
+    apiPayload[configKey::uuid] = installationUuid;
+    apiPayload[configKey::accessToken] = serverConfig.value(configKey::accessToken).toString();
+    apiPayload[configKey::apiEndpoint] = serverConfig.value(configKey::apiEndpoint).toString();
 
-        QByteArray requestBody = QJsonDocument(apiPayload).toJson();
+    QByteArray responseBody;
+    ErrorCode errorCode = gatewayController.post(QString("%1v1/proxy_config"), apiPayload, responseBody);
 
-        QNetworkReply *reply = amnApp->networkManager()->post(request, requestBody);
+    if (errorCode == ErrorCode::NoError) {
+        fillServerConfig(serviceProtocol, apiPayloadData, responseBody, serverConfig);
 
-        QEventLoop wait;
-        connect(reply, &QNetworkReply::finished, &wait, &QEventLoop::quit);
-
-        QList<QSslError> sslErrors;
-        connect(reply, &QNetworkReply::sslErrors, [this, &sslErrors](const QList<QSslError> &errors) { sslErrors = errors; });
-        wait.exec();
-
-        auto errorCode = apiUtils::checkNetworkReplyErrors(sslErrors, reply);
-        if (errorCode != ErrorCode::NoError) {
-            reply->deleteLater();
-            emit errorOccurred(errorCode);
-            return false;
-        }
-
-        auto apiResponseBody = reply->readAll();
-        reply->deleteLater();
-        fillServerConfig(protocol, apiPayloadData, apiResponseBody, serverConfig);
         m_serversModel->editServer(serverConfig, serverIndex);
         emit updateServerFromApiFinished();
+        return true;
+    } else {
+        emit errorOccurred(errorCode);
+        return false;
     }
-    return true;
 }
 
 bool ApiConfigsController::deactivateDevice()
@@ -328,7 +310,7 @@ bool ApiConfigsController::deactivateDevice()
     auto serverConfigObject = m_serversModel->getServerConfig(serverIndex);
     auto apiConfigObject = serverConfigObject.value(configKey::apiConfig).toObject();
 
-    if (apiUtils::getConfigType(serverConfigObject) != apiDefs::ConfigType::AmneziaPremiumV2) {
+    if (!apiUtils::isPremiumServer(serverConfigObject)) {
         return true;
     }
 
@@ -363,7 +345,7 @@ bool ApiConfigsController::deactivateExternalDevice(const QString &uuid, const Q
     auto serverConfigObject = m_serversModel->getServerConfig(serverIndex);
     auto apiConfigObject = serverConfigObject.value(configKey::apiConfig).toObject();
 
-    if (apiUtils::getConfigType(serverConfigObject) != apiDefs::ConfigType::AmneziaPremiumV2) {
+    if (!apiUtils::isPremiumServer(serverConfigObject)) {
         return true;
     }
 

client/ui/controllers/api/apiSettingsController.cpp

@@ -62,7 +62,7 @@ bool ApiSettingsController::getAccountInfo(bool reload)
 
     QByteArray responseBody;
 
-    if (apiUtils::getConfigType(serverConfig) == apiDefs::ConfigType::AmneziaPremiumV2) {
+    if (apiUtils::isPremiumServer(serverConfig)) {
         ErrorCode errorCode = gatewayController.post(QString("%1v1/account_info"), apiPayload, responseBody);
         if (errorCode != ErrorCode::NoError) {
             emit errorOccurred(errorCode);

client/ui/controllers/importController.cpp

@@ -27,8 +27,6 @@ namespace
     ConfigTypes checkConfigFormat(const QString &config)
     {
         const QString openVpnConfigPatternCli = "client";
-        const QString openVpnConfigPatternProto1 = "proto tcp";
-        const QString openVpnConfigPatternProto2 = "proto udp";
         const QString openVpnConfigPatternDriver1 = "dev tun";
         const QString openVpnConfigPatternDriver2 = "dev tap";
 
@@ -53,14 +51,13 @@ namespace
                    || (config.contains(amneziaConfigPatternHostName) && config.contains(amneziaConfigPatternUserName)
                        && config.contains(amneziaConfigPatternPassword))) {
             return ConfigTypes::Amnezia;
-        } else if (config.contains(openVpnConfigPatternCli)
-                   && (config.contains(openVpnConfigPatternProto1) || config.contains(openVpnConfigPatternProto2))
-                   && (config.contains(openVpnConfigPatternDriver1) || config.contains(openVpnConfigPatternDriver2))) {
-            return ConfigTypes::OpenVpn;
         } else if (config.contains(wireguardConfigPatternSectionInterface) && config.contains(wireguardConfigPatternSectionPeer)) {
             return ConfigTypes::WireGuard;
         } else if ((config.contains(xrayConfigPatternInbound)) && (config.contains(xrayConfigPatternOutbound))) {
             return ConfigTypes::Xray;
+        } else if (config.contains(openVpnConfigPatternCli)
+                   && (config.contains(openVpnConfigPatternDriver1) || config.contains(openVpnConfigPatternDriver2))) {
+            return ConfigTypes::OpenVpn;
         }
         return ConfigTypes::Invalid;
     }
@@ -97,6 +94,8 @@ bool ImportController::extractConfigFromFile(const QString &fileName)
 
 bool ImportController::extractConfigFromData(QString data)
 {
+    m_maliciousWarningText.clear();
+
     QString config = data;
     QString prefix;
     QString errormsg;
@@ -345,7 +344,7 @@ QJsonObject ImportController::extractOpenVpnConfig(const QString &data)
     arr.push_back(containers);
 
     QString hostName;
-    const static QRegularExpression hostNameRegExp("remote (.*) [0-9]*");
+    const static QRegularExpression hostNameRegExp("remote\\s+([^\\s]+)");
     QRegularExpressionMatch hostNameMatch = hostNameRegExp.match(data);
     if (hostNameMatch.hasMatch()) {
         hostName = hostNameMatch.captured(1);
@@ -661,6 +660,7 @@ void ImportController::checkForMaliciousStrings(const QJsonObject &serverConfig)
         if ((containerName == ContainerProps::containerToString(DockerContainer::OpenVpn))
             || (containerName == ContainerProps::containerToString(DockerContainer::Cloak))
             || (containerName == ContainerProps::containerToString(DockerContainer::ShadowSocks))) {
+
             QString protocolConfig =
                     containerConfig[ProtocolProps::protoToString(Proto::OpenVpn)].toObject()[config_key::last_config].toString();
             QString protocolConfigJson = QJsonDocument::fromJson(protocolConfig.toUtf8()).object()[config_key::config].toString();
@@ -682,8 +682,11 @@ void ImportController::checkForMaliciousStrings(const QJsonObject &serverConfig)
                 }
             }
 
+            m_maliciousWarningText = tr("This configuration contains an OpenVPN setup. OpenVPN configurations can include malicious "
+                                        "scripts, so only add it if you fully trust the provider of this config. ");
+
             if (maliciousStrings.size() >= dangerousTagsMaxCount) {
-                m_maliciousWarningText = tr("In the imported configuration, potentially dangerous lines were found:");
+                m_maliciousWarningText.push_back(tr("<br>In the imported configuration, potentially dangerous lines were found:"));
                 for (const auto &string : maliciousStrings) {
                     m_maliciousWarningText.push_back(QString("<br><i>%1</i>").arg(string));
                 }

client/ui/controllers/pageController.h

@@ -31,13 +31,15 @@ namespace PageLoader
         PageSettingsLogging,
         PageSettingsSplitTunneling,
         PageSettingsAppSplitTunneling,
+        PageSettingsKillSwitch,
         PageSettingsApiServerInfo,
         PageSettingsApiAvailableCountries,
         PageSettingsApiSupport,
         PageSettingsApiInstructions,
         PageSettingsApiNativeConfigs,
         PageSettingsApiDevices,
-
+        PageSettingsKillSwitchExceptions,
+        
         PageServiceSftpSettings,
         PageServiceTorWebsiteSettings,
         PageServiceDnsSettings,

client/ui/controllers/settingsController.cpp

@@ -245,6 +245,23 @@ bool SettingsController::isKillSwitchEnabled()
 void SettingsController::toggleKillSwitch(bool enable)
 {
     m_settings->setKillSwitchEnabled(enable);
+    emit killSwitchEnabledChanged();
+    if (enable == false) {
+        emit strictKillSwitchEnabledChanged(false);
+    } else {
+        emit strictKillSwitchEnabledChanged(isStrictKillSwitchEnabled());
+    }
+}
+
+bool SettingsController::isStrictKillSwitchEnabled()
+{
+    return m_settings->isStrictKillSwitchEnabled();
+}
+
+void SettingsController::toggleStrictKillSwitch(bool enable)
+{
+    m_settings->setStrictKillSwitchEnabled(enable);
+    emit strictKillSwitchEnabledChanged(enable);
 }
 
 bool SettingsController::isNotificationPermissionGranted()

client/ui/controllers/settingsController.h

@@ -24,6 +24,8 @@ public:
     Q_PROPERTY(QString secondaryDns READ getSecondaryDns WRITE setSecondaryDns NOTIFY secondaryDnsChanged)
     Q_PROPERTY(bool isLoggingEnabled READ isLoggingEnabled WRITE toggleLogging NOTIFY loggingStateChanged)
     Q_PROPERTY(bool isNotificationPermissionGranted READ isNotificationPermissionGranted NOTIFY onNotificationStateChanged)
+    Q_PROPERTY(bool isKillSwitchEnabled READ isKillSwitchEnabled WRITE toggleKillSwitch NOTIFY killSwitchEnabledChanged)
+    Q_PROPERTY(bool strictKillSwitchEnabled READ isStrictKillSwitchEnabled WRITE toggleStrictKillSwitch NOTIFY strictKillSwitchEnabledChanged)
 
     Q_PROPERTY(bool isDevModeEnabled READ isDevModeEnabled NOTIFY devModeEnabled)
     Q_PROPERTY(QString gatewayEndpoint READ getGatewayEndpoint WRITE setGatewayEndpoint NOTIFY gatewayEndpointChanged)
@@ -75,6 +77,9 @@ public slots:
     bool isKillSwitchEnabled();
     void toggleKillSwitch(bool enable);
 
+    bool isStrictKillSwitchEnabled();
+    void toggleStrictKillSwitch(bool enable);
+
     bool isNotificationPermissionGranted();
     void requestNotificationPermission();
 
@@ -98,6 +103,8 @@ signals:
     void primaryDnsChanged();
     void secondaryDnsChanged();
     void loggingStateChanged();
+    void killSwitchEnabledChanged();
+    void strictKillSwitchEnabledChanged(bool enabled);
 
     void restoreBackupFinished();
     void changeSettingsFinished(const QString &finishedMessage);

client/ui/controllers/sitesController.cpp

@@ -44,7 +44,6 @@ void SitesController::addSite(QString hostname)
             QMetaObject::invokeMethod(m_vpnConnection.get(), "addRoutes", Qt::QueuedConnection,
                                       Q_ARG(QStringList, QStringList() << hostname));
         }
-        QMetaObject::invokeMethod(m_vpnConnection.get(), "flushDns", Qt::QueuedConnection);
     };
 
     const auto &resolveCallback = [this, processSite](const QHostInfo &hostInfo) {
@@ -75,7 +74,6 @@ void SitesController::removeSite(int index)
 
     QMetaObject::invokeMethod(m_vpnConnection.get(), "deleteRoutes", Qt::QueuedConnection,
                               Q_ARG(QStringList, QStringList() << hostname));
-    QMetaObject::invokeMethod(m_vpnConnection.get(), "flushDns", Qt::QueuedConnection);
 
     emit finished(tr("Site removed: %1").arg(hostname));
 }
@@ -124,7 +122,6 @@ void SitesController::importSites(const QString &fileName, bool replaceExisting)
     m_sitesModel->addSites(sites, replaceExisting);
 
     QMetaObject::invokeMethod(m_vpnConnection.get(), "addRoutes", Qt::QueuedConnection, Q_ARG(QStringList, ips));
-    QMetaObject::invokeMethod(m_vpnConnection.get(), "flushDns", Qt::QueuedConnection);
 
     emit finished(tr("Import completed"));
 }

client/ui/models/allowed_dns_model.cpp

@@ -0,0 +1,86 @@
+#include "allowed_dns_model.h"
+
+AllowedDnsModel::AllowedDnsModel(std::shared_ptr<Settings> settings, QObject *parent)
+    : QAbstractListModel(parent), m_settings(settings)
+{
+    fillDnsServers();
+}
+
+int AllowedDnsModel::rowCount(const QModelIndex &parent) const
+{
+    Q_UNUSED(parent)
+    return m_dnsServers.size();
+}
+
+QVariant AllowedDnsModel::data(const QModelIndex &index, int role) const
+{
+    if (!index.isValid() || index.row() < 0 || index.row() >= static_cast<int>(rowCount()))
+        return QVariant();
+
+    switch (role) {
+    case IpRole:
+        return m_dnsServers.at(index.row());
+    default:
+        return QVariant();
+    }
+}
+
+bool AllowedDnsModel::addDns(const QString &ip)
+{
+    if (m_dnsServers.contains(ip)) {
+        return false;
+    }
+
+    beginInsertRows(QModelIndex(), rowCount(), rowCount());
+    m_dnsServers.append(ip);
+    m_settings->setAllowedDnsServers(m_dnsServers);
+    endInsertRows();
+    return true;
+}
+
+void AllowedDnsModel::addDnsList(const QStringList &dnsServers, bool replaceExisting)
+{
+    beginResetModel();
+    
+    if (replaceExisting) {
+        m_dnsServers.clear();
+    }
+    
+    for (const QString &ip : dnsServers) {
+        if (!m_dnsServers.contains(ip)) {
+            m_dnsServers.append(ip);
+        }
+    }
+    
+    m_settings->setAllowedDnsServers(m_dnsServers);
+    endResetModel();
+}
+
+void AllowedDnsModel::removeDns(QModelIndex index)
+{
+    if (!index.isValid() || index.row() >= m_dnsServers.size()) {
+        return;
+    }
+
+    beginRemoveRows(QModelIndex(), index.row(), index.row());
+    m_dnsServers.removeAt(index.row());
+    m_settings->setAllowedDnsServers(m_dnsServers);
+    endRemoveRows();
+}
+
+QStringList AllowedDnsModel::getCurrentDnsServers()
+{
+    return m_dnsServers;
+}
+
+QHash<int, QByteArray> AllowedDnsModel::roleNames() const
+{
+    QHash<int, QByteArray> roles;
+    roles[IpRole] = "ip";
+    return roles;
+}
+
+void AllowedDnsModel::fillDnsServers()
+{
+    m_dnsServers = m_settings->allowedDnsServers();
+}

client/ui/models/allowed_dns_model.h

@@ -0,0 +1,37 @@
+#ifndef ALLOWEDDNSMODEL_H
+#define ALLOWEDDNSMODEL_H
+
+#include <QAbstractListModel>
+#include "settings.h"
+
+class AllowedDnsModel : public QAbstractListModel
+{
+    Q_OBJECT
+
+public:
+    enum Roles {
+        IpRole = Qt::UserRole + 1
+    };
+
+    explicit AllowedDnsModel(std::shared_ptr<Settings> settings, QObject *parent = nullptr);
+
+    int rowCount(const QModelIndex &parent = QModelIndex()) const override;
+    QVariant data(const QModelIndex &index, int role = Qt::DisplayRole) const override;
+
+public slots:
+    bool addDns(const QString &ip);
+    void addDnsList(const QStringList &dnsServers, bool replaceExisting);
+    void removeDns(QModelIndex index);
+    QStringList getCurrentDnsServers();
+
+protected:
+    QHash<int, QByteArray> roleNames() const override;
+
+private:
+    void fillDnsServers();
+
+    std::shared_ptr<Settings> m_settings;
+    QStringList m_dnsServers;
+};
+
+#endif // ALLOWEDDNSMODEL_H

client/ui/models/api/apiAccountInfoModel.cpp

@@ -48,15 +48,19 @@ QVariant ApiAccountInfoModel::data(const QModelIndex &index, int role) const
     }
     case ServiceDescriptionRole: {
         if (m_accountInfoData.configType == apiDefs::ConfigType::AmneziaPremiumV2) {
-            return tr("Classic VPN for seamless work, downloading large files, and watching videos. Access all websites and online resources. "
+            return tr("Classic VPN for seamless work, downloading large files, and watching videos. Access all websites and online "
+                      "resources. "
                       "Speeds up to 200 Mbps");
         } else if (m_accountInfoData.configType == apiDefs::ConfigType::AmneziaFreeV3) {
             return tr("Free unlimited access to a basic set of websites such as Facebook, Instagram, Twitter (X), Discord, Telegram and "
                       "more. YouTube is not included in the free plan.");
+        } else {
+            return "";
         }
     }
     case IsComponentVisibleRole: {
-        return m_accountInfoData.configType == apiDefs::ConfigType::AmneziaPremiumV2;
+        return m_accountInfoData.configType == apiDefs::ConfigType::AmneziaPremiumV2
+                || m_accountInfoData.configType == apiDefs::ConfigType::ExternalPremium;
     }
     case HasExpiredWorkerRole: {
         for (int i = 0; i < m_issuedConfigsInfo.size(); i++) {
@@ -93,6 +97,8 @@ void ApiAccountInfoModel::updateModel(const QJsonObject &accountInfoObject, cons
 
     m_accountInfoData = accountInfoData;
 
+    m_supportInfo = accountInfoObject.value(apiDefs::key::supportInfo).toObject();
+
     endResetModel();
 }
 
@@ -121,12 +127,27 @@ QJsonArray ApiAccountInfoModel::getIssuedConfigsInfo()
 
 QString ApiAccountInfoModel::getTelegramBotLink()
 {
-    if (m_accountInfoData.configType == apiDefs::ConfigType::AmneziaFreeV3) {
-        return tr("amnezia_free_support_bot");
-    } else if (m_accountInfoData.configType == apiDefs::ConfigType::AmneziaPremiumV2) {
-        return tr("amnezia_premium_support_bot");
-    }
-    return "";
+    return m_supportInfo.value(apiDefs::key::telegram).toString();
+}
+
+QString ApiAccountInfoModel::getEmailLink()
+{
+    return m_supportInfo.value(apiDefs::key::email).toString();
+}
+
+QString ApiAccountInfoModel::getBillingEmailLink()
+{
+    return m_supportInfo.value(apiDefs::key::billingEmail).toString();
+}
+
+QString ApiAccountInfoModel::getSiteLink()
+{
+    return m_supportInfo.value(apiDefs::key::websiteName).toString();
+}
+
+QString ApiAccountInfoModel::getFullSiteLink()
+{
+    return m_supportInfo.value(apiDefs::key::website).toString();
 }
 
 QHash<int, QByteArray> ApiAccountInfoModel::roleNames() const

client/ui/models/api/apiAccountInfoModel.h

@@ -33,7 +33,12 @@ public slots:
 
     QJsonArray getAvailableCountries();
     QJsonArray getIssuedConfigsInfo();
+
     QString getTelegramBotLink();
+    QString getEmailLink();
+    QString getBillingEmailLink();
+    QString getSiteLink();
+    QString getFullSiteLink();
 
 protected:
     QHash<int, QByteArray> roleNames() const override;
@@ -51,6 +56,7 @@ private:
     AccountInfoData m_accountInfoData;
     QJsonArray m_availableCountries;
     QJsonArray m_issuedConfigsInfo;
+    QJsonObject m_supportInfo;
 };
 
 #endif // APIACCOUNTINFOMODEL_H

client/ui/models/api/apiServicesModel.cpp

@@ -65,8 +65,8 @@ QVariant ApiServicesModel::data(const QModelIndex &index, int role) const
     case CardDescriptionRole: {
         auto speed = apiServiceData.serviceInfo.speed;
         if (serviceType == serviceType::amneziaPremium) {
-            return tr("Amnezia Premium is VPN for comfortable work, downloading large files and watching videos in 8K resolution. "
-                      "Works for any sites with no restrictions. Speed up to %1 MBit/s. Unlimited traffic.")
+            return tr("Amnezia Premium is classic VPN for seamless work, downloading large files, and watching videos. "
+                      "Access all websites and online resources. Speeds up to %1 Mbps.")
                     .arg(speed);
         } else if (serviceType == serviceType::amneziaFree) {
             QString description = tr("AmneziaFree provides free unlimited access to a basic set of web sites, such as Facebook, Instagram, Twitter (X), Discord, Telegram, and others. YouTube is not included in the free plan.");
@@ -79,8 +79,8 @@ QVariant ApiServicesModel::data(const QModelIndex &index, int role) const
     }
     case ServiceDescriptionRole: {
         if (serviceType == serviceType::amneziaPremium) {
-            return tr("Amnezia Premium is VPN for comfortable work, downloading large files and watching videos in 8K resolution. "
-                      "Works for any sites with no restrictions.");
+            return tr("Amnezia Premium is classic VPN for for seamless work, downloading large files, and watching videos. "
+                      "Access all websites and online resources.");
         } else {
             return tr("AmneziaFree provides free unlimited access to a basic set of web sites, such as Facebook, Instagram, Twitter (X), Discord, Telegram, and others. YouTube is not included in the free plan.");
         }

client/ui/models/languageModel.cpp

@@ -1,13 +1,11 @@
 #include "languageModel.h"
 
-LanguageModel::LanguageModel(std::shared_ptr<Settings> settings, QObject *parent)
-    : m_settings(settings), QAbstractListModel(parent)
+LanguageModel::LanguageModel(std::shared_ptr<Settings> settings, QObject *parent) : m_settings(settings), QAbstractListModel(parent)
 {
     QMetaEnum metaEnum = QMetaEnum::fromType<LanguageSettings::AvailableLanguageEnum>();
     for (int i = 0; i < metaEnum.keyCount(); i++) {
-        m_availableLanguages.push_back(
-            LanguageModelData {getLocalLanguageName(static_cast<LanguageSettings::AvailableLanguageEnum>(i)),
-                              static_cast<LanguageSettings::AvailableLanguageEnum>(i) });
+        m_availableLanguages.push_back(LanguageModelData { getLocalLanguageName(static_cast<LanguageSettings::AvailableLanguageEnum>(i)),
+                                                           static_cast<LanguageSettings::AvailableLanguageEnum>(i) });
     }
 }
 
@@ -50,8 +48,7 @@ QString LanguageModel::getLocalLanguageName(const LanguageSettings::AvailableLan
     case LanguageSettings::AvailableLanguageEnum::Burmese: strLanguage = "မြန်မာဘာသာ"; break;
     case LanguageSettings::AvailableLanguageEnum::Urdu: strLanguage = "اُرْدُوْ"; break;
     case LanguageSettings::AvailableLanguageEnum::Hindi: strLanguage = "हिन्दी"; break;
-    default:
-        break;
+    default: break;
     }
 
     return strLanguage;
@@ -104,11 +101,12 @@ QString LanguageModel::getCurrentLanguageName()
     return m_availableLanguages[getCurrentLanguageIndex()].name;
 }
 
-QString LanguageModel::getCurrentSiteUrl()
+QString LanguageModel::getCurrentSiteUrl(const QString &path)
 {
     auto language = static_cast<LanguageSettings::AvailableLanguageEnum>(getCurrentLanguageIndex());
     switch (language) {
-    case LanguageSettings::AvailableLanguageEnum::Russian: return "https://storage.googleapis.com/amnezia/amnezia.org";
-    default: return "https://amnezia.org";
+    case LanguageSettings::AvailableLanguageEnum::Russian:
+        return "https://storage.googleapis.com/amnezia/amnezia.org" + (path.isEmpty() ? "" : (QString("?m-path=/%1").arg(path)));
+    default: return QString("https://amnezia.org") + (path.isEmpty() ? "" : (QString("/%1").arg(path)));
     }
 }

client/ui/models/languageModel.h

@@ -59,7 +59,7 @@ public slots:
     int getCurrentLanguageIndex();
     int getLineHeightAppend();
     QString getCurrentLanguageName();
-    QString getCurrentSiteUrl();
+    QString getCurrentSiteUrl(const QString &path = "");
 
 signals:
     void updateTranslations(const QLocale &locale);

client/ui/qml/Components/AdLabel.qml

@@ -29,7 +29,7 @@ Rectangle {
         cursorShape: Qt.PointingHandCursor
 
         onClicked: function() {
-            Qt.openUrlExternally(LanguageModel.getCurrentSiteUrl() + "/premium")
+            Qt.openUrlExternally(LanguageModel.getCurrentSiteUrl("premium"))
         }
     }
 
@@ -54,7 +54,7 @@ Rectangle {
             Layout.rightMargin: 10
             Layout.leftMargin: 10
 
-            text: qsTr("Amnezia Premium - for access to any website")
+            text: qsTr("Amnezia Premium - for access to all websites and online resources")
             color: AmneziaStyle.color.pearlGray
 
             lineHeight: 18

client/ui/qml/Components/AddSitePanel.qml

@@ -0,0 +1,73 @@
+import QtQuick
+import QtQuick.Controls
+import QtQuick.Layouts
+
+import Style 1.0
+import "../Controls2"
+import "../Controls2/TextTypes"
+
+Item {
+    id: root
+
+    property bool enabled: true
+    property string placeholderText: ""
+    property alias textField: searchField.textField
+
+    signal addClicked(string text)
+    signal moreClicked()
+
+    implicitWidth: 360
+    implicitHeight: 96
+
+    Rectangle {
+        id: background
+        anchors.fill: parent
+        color: "#0E0F12"
+        opacity: 0.85
+        z: -1
+    }
+
+    RowLayout {
+        id: addSiteButton
+
+        enabled: root.enabled
+        spacing: 2
+
+        anchors {
+            fill: parent
+            topMargin: 16
+            leftMargin: 16
+            rightMargin: 16
+            bottomMargin: 24
+        }
+
+        TextFieldWithHeaderType {
+            id: searchField
+
+            Layout.fillWidth: true
+            rightButtonClickedOnEnter: true
+
+            textField.placeholderText: root.placeholderText
+            buttonImageSource: "qrc:/images/controls/plus.svg"
+
+            clickedFunc: function() {
+                root.addClicked(textField.text)
+                textField.text = ""
+            }
+        }
+
+        ImageButtonType {
+            id: addSiteButtonImage
+            implicitWidth: 56
+            implicitHeight: 56
+
+            image: "qrc:/images/controls/more-vertical.svg"
+            imageColor: AmneziaStyle.color.paleGray
+
+            onClicked: root.moreClicked()
+
+            Keys.onReturnPressed: addSiteButtonImage.clicked()
+            Keys.onEnterPressed: addSiteButtonImage.clicked()
+        }
+    }
+} 

client/ui/qml/Controls2/BaseHeaderType.qml

@@ -0,0 +1,45 @@
+import QtQuick
+import QtQuick.Layouts
+
+import Style 1.0
+
+import "TextTypes"
+
+Item {
+    id: root
+
+    property string headerText
+    property int headerTextMaximumLineCount: 2
+    property int headerTextElide: Qt.ElideRight
+    property string descriptionText
+    property alias headerRow: headerRow
+
+    implicitWidth: content.implicitWidth
+    implicitHeight: content.implicitHeight
+
+    ColumnLayout {
+        id: content
+        anchors.fill: parent
+
+        RowLayout {
+            id: headerRow
+            
+            Header1TextType {
+                id: header
+                Layout.fillWidth: true
+                text: root.headerText
+                maximumLineCount: root.headerTextMaximumLineCount
+                elide: root.headerTextElide
+            }
+        }
+
+        ParagraphTextType {
+            id: description
+            Layout.topMargin: 16
+            Layout.fillWidth: true
+            text: root.descriptionText
+            color: AmneziaStyle.color.mutedGray
+            visible: root.descriptionText !== ""
+        }
+    }
+} 

client/ui/qml/Controls2/HeaderType.qml

@@ -1,86 +0,0 @@
-import QtQuick
-import QtQuick.Layouts
-
-import Style 1.0
-
-import "TextTypes"
-
-Item {
-    id: root
-
-    property string actionButtonImage
-    property var actionButtonFunction
-
-    property alias actionButton: headerActionButton
-
-    property string headerText
-    property int headerTextMaximumLineCount: 2
-    property int headerTextElide: Qt.ElideRight
-
-    property string descriptionText
-
-    implicitWidth: content.implicitWidth
-    implicitHeight: content.implicitHeight
-
-    ColumnLayout {
-        id: content
-        anchors.fill: parent
-
-        RowLayout {
-            Header1TextType {
-                id: header
-
-                Layout.fillWidth: true
-
-                text: root.headerText
-                maximumLineCount: root.headerTextMaximumLineCount
-                elide: root.headerTextElide
-            }
-
-            ImageButtonType {
-                id: headerActionButton
-
-                implicitWidth: 40
-                implicitHeight: 40
-
-                Layout.alignment: Qt.AlignRight
-
-                image: root.actionButtonImage
-                imageColor: AmneziaStyle.color.paleGray
-
-                visible: image ? true : false
-
-                onClicked: {
-                    if (actionButtonFunction && typeof actionButtonFunction === "function") {
-                        actionButtonFunction()
-                    }
-                }
-            }
-        }
-
-        ParagraphTextType {
-            id: description
-
-            Layout.topMargin: 16
-            Layout.fillWidth: true
-
-            text: root.descriptionText
-
-            color: AmneziaStyle.color.mutedGray
-
-            visible: root.descriptionText !== ""
-        }
-    }
-
-    Keys.onEnterPressed: {
-        if (actionButtonFunction && typeof actionButtonFunction === "function") {
-            actionButtonFunction()
-        }
-    }
-
-    Keys.onReturnPressed: {
-        if (actionButtonFunction && typeof actionButtonFunction === "function") {
-            actionButtonFunction()
-        }
-    }
-}

client/ui/qml/Controls2/HeaderTypeWithButton.qml

@@ -0,0 +1,44 @@
+import QtQuick
+import QtQuick.Layouts
+
+import Style 1.0
+
+BaseHeaderType {
+    id: root
+
+    property string actionButtonImage
+    property var actionButtonFunction
+    property alias actionButton: headerActionButton
+
+    Component.onCompleted: {
+        headerRow.children.push(headerActionButton)
+    }
+
+    ImageButtonType {
+        id: headerActionButton
+        implicitWidth: 40
+        implicitHeight: 40
+        Layout.alignment: Qt.AlignRight
+        image: root.actionButtonImage
+        imageColor: AmneziaStyle.color.paleGray
+        visible: image ? true : false
+
+        onClicked: {
+            if (actionButtonFunction && typeof actionButtonFunction === "function") {
+                actionButtonFunction()
+            }
+        }
+    }
+
+    Keys.onEnterPressed: {
+        if (actionButtonFunction && typeof actionButtonFunction === "function") {
+            actionButtonFunction()
+        }
+    }
+
+    Keys.onReturnPressed: {
+        if (actionButtonFunction && typeof actionButtonFunction === "function") {
+            actionButtonFunction()
+        }
+    }
+} 

client/ui/qml/Controls2/HeaderTypeWithSwitcher.qml

@@ -0,0 +1,28 @@
+import QtQuick
+import QtQuick.Layouts
+
+import Style 1.0
+
+BaseHeaderType {
+    id: root
+
+    property var switcherFunction
+    property bool showSwitcher: false
+    property alias switcher: headerSwitcher
+
+    Component.onCompleted: {
+        headerRow.children.push(headerSwitcher)
+    }
+
+    SwitcherType {
+        id: headerSwitcher
+        Layout.alignment: Qt.AlignRight
+        visible: root.showSwitcher
+
+        onToggled: {
+            if (switcherFunction && typeof switcherFunction === "function") {
+                switcherFunction(checked)
+            }
+        }
+    }
+} 

client/ui/qml/Controls2/VerticalRadioButton.qml

@@ -20,7 +20,11 @@ RadioButton {
     property string selectedColor: AmneziaStyle.color.transparent
 
     property string textColor: AmneziaStyle.color.paleGray
+    property string textDisabledColor: AmneziaStyle.color.mutedGray
     property string selectedTextColor: AmneziaStyle.color.goldenApricot
+    property string selectedTextDisabledColor: AmneziaStyle.color.burntOrange
+    property string descriptionColor: AmneziaStyle.color.mutedGray
+    property string descriptionDisabledColor: AmneziaStyle.color.charcoalGray
 
     property string borderFocusedColor: AmneziaStyle.color.paleGray
     property int borderFocusedWidth: 1
@@ -30,6 +34,12 @@ RadioButton {
 
     property bool isFocusable: true
 
+    
+    property string radioButtonInnerCirclePressedSource: "qrc:/images/controls/radio-button-inner-circle-pressed.png"
+    property string radioButtonInnerCircleSource: "qrc:/images/controls/radio-button-inner-circle.png"
+    property string radioButtonPressedSource: "qrc:/images/controls/radio-button-pressed.svg"
+    property string radioButtonDefaultSource: "qrc:/images/controls/radio-button.svg"
+
     Keys.onTabPressed: {
         FocusController.nextKeyTabItem()
     }
@@ -94,14 +104,15 @@ RadioButton {
                 if (showImage) {
                     return imageSource
                 } else if (root.pressed) {
-                    return "qrc:/images/controls/radio-button-inner-circle-pressed.png"
+                    return root.radioButtonInnerCirclePressedSource
                 } else if (root.checked) {
-                    return "qrc:/images/controls/radio-button-inner-circle.png"
+                    return root.radioButtonInnerCircleSource
                 }
 
                 return ""
             }
 
+            opacity: root.enabled ? 1.0 : 0.3
             anchors.centerIn: parent
 
             width: 24
@@ -113,12 +124,13 @@ RadioButton {
                 if (showImage) {
                     return ""
                 } else if (root.pressed || root.checked) {
-                    return "qrc:/images/controls/radio-button-pressed.svg"
+                    return root.radioButtonPressedSource
                 } else {
-                    return "qrc:/images/controls/radio-button.svg"
+                    return root.radioButtonDefaultSource
                 }
             }
 
+            opacity: root.enabled ? 1.0 : 0.3
             anchors.centerIn: parent
 
             width: 24
@@ -148,10 +160,11 @@ RadioButton {
                 elide: root.textElide
 
                 color: {
-                    if (root.checked) {
-                        return selectedTextColor
+                    if (root.enabled) {
+                        return root.checked ? selectedTextColor : textColor
+                    } else {
+                        return root.checked ? selectedTextDisabledColor : textDisabledColor
                     }
-                    return textColor
                 }
 
                 Layout.fillWidth: true
@@ -164,7 +177,7 @@ RadioButton {
             CaptionTextType {
                 id: description
 
-                color: AmneziaStyle.color.mutedGray
+                color: root.enabled ? root.descriptionColor : root.descriptionDisabledColor
                 text: root.descriptionText
 
                 visible: root.descriptionText !== ""

client/ui/qml/Pages2/PageDeinstalling.qml

@@ -56,7 +56,7 @@ PageType {
                         anchors.rightMargin: 16
                         anchors.leftMargin: 16
 
-                        HeaderType {
+                        BaseHeaderType {
                             Layout.fillWidth: true
                             Layout.topMargin: 20
 

client/ui/qml/Pages2/PageDevMenu.qml

@@ -39,7 +39,7 @@ PageType {
         header: ColumnLayout {
             width: listView.width
 
-            HeaderType {
+            BaseHeaderType {
                 id: header
 
                 Layout.fillWidth: true

client/ui/qml/Pages2/PageProtocolAwgClientSettings.qml

@@ -91,7 +91,7 @@ PageType {
 
                 spacing: 0
 
-                HeaderType {
+                BaseHeaderType {
                     Layout.fillWidth: true
 
                     headerText: qsTr("AmneziaWG settings")

client/ui/qml/Pages2/PageProtocolAwgSettings.qml

@@ -91,7 +91,7 @@ PageType {
 
                 spacing: 0
 
-                HeaderType {
+                BaseHeaderType {
                     Layout.fillWidth: true
 
                     headerText: qsTr("AmneziaWG settings")

client/ui/qml/Pages2/PageProtocolCloakSettings.qml

@@ -76,7 +76,7 @@ PageType {
 
                         spacing: 0
 
-                        HeaderType {
+                        BaseHeaderType {
                             Layout.fillWidth: true
 
                             headerText: qsTr("Cloak settings")

client/ui/qml/Pages2/PageProtocolOpenVpnSettings.qml

@@ -75,7 +75,7 @@ PageType {
 
                         spacing: 0
 
-                        HeaderType {
+                        BaseHeaderType {
                             Layout.fillWidth: true
 
                             headerText: qsTr("OpenVPN settings")

client/ui/qml/Pages2/PageProtocolRaw.qml

@@ -32,7 +32,7 @@ PageType {
             id: backButton
         }
 
-        HeaderType {
+        BaseHeaderType {
             Layout.fillWidth: true
             Layout.leftMargin: 16
             Layout.rightMargin: 16

client/ui/qml/Pages2/PageProtocolShadowSocksSettings.qml

@@ -78,7 +78,7 @@ PageType {
 
                         spacing: 0
 
-                        HeaderType {
+                        BaseHeaderType {
                             Layout.fillWidth: true
 
                             headerText: qsTr("Shadowsocks settings")

client/ui/qml/Pages2/PageProtocolWireGuardClientSettings.qml

@@ -85,7 +85,7 @@ PageType {
 
                         spacing: 0
 
-                        HeaderType {
+                        BaseHeaderType {
                             Layout.fillWidth: true
 
                             headerText: qsTr("WG settings")

client/ui/qml/Pages2/PageProtocolWireGuardSettings.qml

@@ -77,7 +77,7 @@ PageType {
 
                         spacing: 0
 
-                        HeaderType {
+                        BaseHeaderType {
                             Layout.fillWidth: true
                             headerText: qsTr("WG settings")
                         }

client/ui/qml/Pages2/PageProtocolXraySettings.qml

@@ -75,7 +75,7 @@ PageType {
 
                         spacing: 0
 
-                        HeaderType {
+                        BaseHeaderType {
                             Layout.fillWidth: true
                             headerText: qsTr("XRay settings")
                         }

client/ui/qml/Pages2/PageServiceDnsSettings.qml

@@ -43,7 +43,7 @@ PageType {
             anchors.left: parent.left
             anchors.right: parent.right
 
-            HeaderType {
+            BaseHeaderType {
                 id: header
 
                 Layout.fillWidth: true

client/ui/qml/Pages2/PageServiceSftpSettings.qml

@@ -85,7 +85,7 @@ PageType {
 
                         spacing: 0
 
-                        HeaderType {
+                        BaseHeaderType {
                             Layout.fillWidth: true
                             Layout.leftMargin: 16
                             Layout.rightMargin: 16

client/ui/qml/Pages2/PageServiceSocksProxySettings.qml

@@ -77,7 +77,7 @@ PageType {
 
                     spacing: 0
 
-                    HeaderType {
+                    BaseHeaderType {
                         Layout.fillWidth: true
                         Layout.leftMargin: 16
                         Layout.rightMargin: 16
@@ -217,7 +217,7 @@ PageType {
                                 }
                             }
 
-                            HeaderType {
+                            BaseHeaderType {
                                 Layout.fillWidth: true
 
                                 headerText: qsTr("SOCKS5 settings")

client/ui/qml/Pages2/PageServiceTorWebsiteSettings.qml

@@ -54,7 +54,7 @@ PageType {
 
             spacing: 0
 
-            HeaderType {
+            BaseHeaderType {
                 Layout.fillWidth: true
                 Layout.leftMargin: 16
                 Layout.rightMargin: 16

client/ui/qml/Pages2/PageSettings.qml

@@ -29,7 +29,7 @@ PageType {
 
             spacing: 0
 
-            HeaderType {
+            BaseHeaderType {
                 id: header
                 Layout.fillWidth: true
                 Layout.topMargin: 24

client/ui/qml/Pages2/PageSettingsAbout.qml

@@ -252,7 +252,7 @@ PageType {
                 text: qsTr("Privacy Policy")
 
                 clickedFunc: function() {
-                    Qt.openUrlExternally(LanguageModel.getCurrentSiteUrl() + "/policy")
+                    Qt.openUrlExternally(LanguageModel.getCurrentSiteUrl("policy"))
                 }
             }
         }

client/ui/qml/Pages2/PageSettingsApiAvailableCountries.qml

@@ -69,7 +69,7 @@ PageType {
                 Layout.topMargin: 20
             }
 
-            HeaderType {
+            HeaderTypeWithButton {
                 id: headerContent
                 objectName: "headerContent"
 

client/ui/qml/Pages2/PageSettingsApiDevices.qml

@@ -35,14 +35,14 @@ PageType {
                 id: backButton
             }
 
-            HeaderType {
+            BaseHeaderType {
                 id: header
 
                 Layout.fillWidth: true
                 Layout.rightMargin: 16
                 Layout.leftMargin: 16
 
-                headerText: qsTr("Active devices")
+                headerText: qsTr("Active Devices")
                 descriptionText: qsTr("Manage currently connected devices")
             }
 

client/ui/qml/Pages2/PageSettingsApiInstructions.qml

@@ -91,7 +91,7 @@ PageType {
                 id: backButton
             }
 
-            HeaderType {
+            BaseHeaderType {
                 id: header
 
                 Layout.fillWidth: true

client/ui/qml/Pages2/PageSettingsApiNativeConfigs.qml

@@ -38,14 +38,14 @@ PageType {
                 id: backButton
             }
 
-            HeaderType {
+            BaseHeaderType {
                 id: header
 
                 Layout.fillWidth: true
                 Layout.rightMargin: 16
                 Layout.leftMargin: 16
 
-                headerText: qsTr("Configuration files")
+                headerText: qsTr("Configuration Files")
                 descriptionText: qsTr("For router setup or the AmneziaWG app")
             }
         }

client/ui/qml/Pages2/PageSettingsApiServerInfo.qml

@@ -26,7 +26,7 @@ PageType {
     QtObject {
         id: statusObject
 
-        readonly property string title: qsTr("Subscription status")
+        readonly property string title: qsTr("Subscription Status")
         readonly property string contentKey: "subscriptionStatus"
         readonly property string objectImageSource: "qrc:/images/controls/info.svg"
     }
@@ -34,7 +34,7 @@ PageType {
     QtObject {
         id: endDateObject
 
-        readonly property string title: qsTr("Valid until")
+        readonly property string title: qsTr("Valid Until")
         readonly property string contentKey: "endDate"
         readonly property string objectImageSource: "qrc:/images/controls/history.svg"
     }
@@ -42,7 +42,7 @@ PageType {
     QtObject {
         id: deviceCountObject
 
-        readonly property string title: qsTr("Active connections")
+        readonly property string title: qsTr("Active Connections")
         readonly property string contentKey: "connectedDevices"
         readonly property string objectImageSource: "qrc:/images/controls/monitor.svg"
     }
@@ -93,7 +93,7 @@ PageType {
                 Layout.topMargin: 20
             }
 
-            HeaderType {
+            HeaderTypeWithButton {
                 id: headerContent
                 objectName: "headerContent"
 
@@ -183,7 +183,7 @@ PageType {
 
                 visible: false //footer.isVisibleForAmneziaFree
 
-                text: qsTr("Subscription key")
+                text: qsTr("Subscription Key")
                 rightImageSource: "qrc:/images/controls/chevron-right.svg"
 
                 clickedFunction: function() {
@@ -191,7 +191,7 @@ PageType {
 
                     shareConnectionDrawer.openTriggered()
                     shareConnectionDrawer.isSelfHostedConfig = false;
-                    shareConnectionDrawer.shareButtonText = qsTr("Save VPN key to file")
+                    shareConnectionDrawer.shareButtonText = qsTr("Save VPN key as a file")
                     shareConnectionDrawer.copyButtonText = qsTr("Copy VPN key")
 
 
@@ -213,7 +213,7 @@ PageType {
 
                 visible: footer.isVisibleForAmneziaFree
 
-                text: qsTr("Configuration files")
+                text: qsTr("Configuration Files")
 
                 descriptionText: qsTr("Manage configuration files")
                 rightImageSource: "qrc:/images/controls/chevron-right.svg"
@@ -233,7 +233,7 @@ PageType {
 
                 visible: footer.isVisibleForAmneziaFree
 
-                text: qsTr("Active devices")
+                text: qsTr("Active Devices")
 
                 descriptionText: qsTr("Manage currently connected devices")
                 rightImageSource: "qrc:/images/controls/chevron-right.svg"

client/ui/qml/Pages2/PageSettingsApiSupport.qml

@@ -27,25 +27,25 @@ PageType {
     QtObject {
         id: techSupport
 
-        readonly property string title: qsTr("Email Support")
-        readonly property string description: qsTr("support@amnezia.org")
-        readonly property string link: "mailto:support@amnezia.org"
+        readonly property string title: qsTr("Email")
+        readonly property string description: ApiAccountInfoModel.getEmailLink()
+        readonly property string link: "mailto:" + ApiAccountInfoModel.getEmailLink()
     }
 
     QtObject {
         id: paymentSupport
 
         readonly property string title: qsTr("Email Billing & Orders")
-        readonly property string description: qsTr("help@vpnpay.io")
-        readonly property string link: "mailto:help@vpnpay.io"
+        readonly property string description: ApiAccountInfoModel.getBillingEmailLink()
+        readonly property string link: "mailto:" + ApiAccountInfoModel.getBillingEmailLink()
     }
 
     QtObject {
         id: site
 
         readonly property string title: qsTr("Website")
-        readonly property string description: qsTr("amnezia.org")
-        readonly property string link: LanguageModel.getCurrentSiteUrl()
+        readonly property string description: ApiAccountInfoModel.getSiteLink()
+        readonly property string link: ApiAccountInfoModel.getFullSiteLink()
     }
 
     property list<QtObject> supportModel: [
@@ -71,7 +71,7 @@ PageType {
                 id: backButton
             }
 
-            HeaderType {
+            BaseHeaderType {
                 id: header
 
                 Layout.fillWidth: true

client/ui/qml/Pages2/PageSettingsAppSplitTunneling.qml

@@ -79,29 +79,22 @@ PageType {
             id: backButton
         }
 
-        RowLayout {
-            HeaderType {
-                Layout.fillWidth: true
-                Layout.leftMargin: 16
+        HeaderTypeWithSwitcher {
+            Layout.fillWidth: true
+            Layout.leftMargin: 16
+            Layout.rightMargin: 16
 
-                headerText: qsTr("App split tunneling")
+            headerText: qsTr("App split tunneling")
 
+            enabled: root.pageEnabled
+            showSwitcher: true
+            switcher {
+                checked: AppSplitTunnelingModel.isTunnelingEnabled
                 enabled: root.pageEnabled
             }
-
-            SwitcherType {
-                id: switcher
-
-                Layout.fillWidth: true
-                Layout.rightMargin: 16
-
-                enabled: root.pageEnabled
-
-                checked: AppSplitTunnelingModel.isTunnelingEnabled
-                onToggled: {                    
-                    AppSplitTunnelingModel.toggleSplitTunneling(checked)
-                    selector.text = root.routeModesModel[getRouteModesModelIndex()].name
-                }
+            switcherFunction: function(checked) {
+                AppSplitTunnelingModel.toggleSplitTunneling(checked)
+                selector.text = root.routeModesModel[getRouteModesModelIndex()].name
             }
         }
 

client/ui/qml/Pages2/PageSettingsApplication.qml

@@ -38,7 +38,7 @@ PageType {
 
             spacing: 0
 
-            HeaderType {
+            BaseHeaderType {
                 Layout.fillWidth: true
                 Layout.leftMargin: 16
                 Layout.rightMargin: 16

client/ui/qml/Pages2/PageSettingsBackup.qml

@@ -60,7 +60,7 @@ PageType {
 
             spacing: 16
 
-            HeaderType {
+            BaseHeaderType {
                 Layout.fillWidth: true
 
                 headerText: qsTr("Back up your configuration")

client/ui/qml/Pages2/PageSettingsConnection.qml

@@ -36,7 +36,7 @@ PageType {
             anchors.left: parent.left
             anchors.right: parent.right
 
-            HeaderType {
+            BaseHeaderType {
                 Layout.fillWidth: true
                 Layout.leftMargin: 16
                 Layout.rightMargin: 16
@@ -94,9 +94,7 @@ PageType {
                 }
             }
 
-            DividerType {
-                visible: root.isAppSplitTinnelingEnabled
-            }
+            DividerType {}
 
             LabelWithButtonType {
                 id: splitTunnelingButton2
@@ -119,29 +117,20 @@ PageType {
                 visible: root.isAppSplitTinnelingEnabled
             }
 
-            SwitcherType {
-                id: killSwitchSwitcher
+            LabelWithButtonType {
+                id: killSwitchButton
                 visible: !GC.isMobile()
 
                 Layout.fillWidth: true
-                Layout.margins: 16
 
                 text: qsTr("KillSwitch")
-                descriptionText: qsTr("Disables your internet if your encrypted VPN connection drops out for any reason.")
+                descriptionText: qsTr("Blocks network connections without VPN")
+                rightImageSource: "qrc:/images/controls/chevron-right.svg"
 
                 parentFlickable: fl
 
-                checked: SettingsController.isKillSwitchEnabled()
-                checkable: !ConnectionController.isConnected
-                onCheckedChanged: {
-                    if (checked !== SettingsController.isKillSwitchEnabled()) {
-                        SettingsController.toggleKillSwitch(checked)
-                    }
-                }
-                onClicked: {
-                    if (!checkable) {
-                        PageController.showNotificationMessage(qsTr("Cannot change killSwitch settings during active connection"))
-                    }
+                clickedFunction: function() {
+                    PageController.goToPage(PageEnum.PageSettingsKillSwitch)
                 }
             }
 

client/ui/qml/Pages2/PageSettingsDns.qml

@@ -50,7 +50,7 @@ PageType {
 
             spacing: 16
 
-            HeaderType {
+            BaseHeaderType {
                 Layout.fillWidth: true
 
                 headerText: qsTr("DNS servers")

client/ui/qml/Pages2/PageSettingsKillSwitch.qml

@@ -0,0 +1,123 @@
+import QtQuick
+import QtQuick.Controls
+import QtQuick.Layouts
+
+import PageEnum 1.0
+import Style 1.0
+
+import "./"
+import "../Controls2"
+import "../Config"
+
+PageType {
+    id: root
+
+    BackButtonType {
+        id: backButton
+        anchors.top: parent.top
+        anchors.left: parent.left
+        anchors.right: parent.right
+        anchors.topMargin: 20
+    }
+
+    FlickableType {
+        id: fl
+        anchors.top: backButton.bottom
+        anchors.bottom: parent.bottom
+        contentHeight: content.height
+
+        ColumnLayout {
+            id: content
+            anchors.top: parent.top
+            anchors.left: parent.left
+            anchors.right: parent.right
+
+            HeaderTypeWithSwitcher {
+                Layout.fillWidth: true
+                Layout.leftMargin: 16
+                Layout.rightMargin: 16
+
+                headerText: qsTr("KillSwitch")
+                descriptionText: qsTr("Enable to ensure network traffic goes through a secure VPN tunnel, preventing accidental exposure of your IP and DNS queries if the connection drops")
+
+                showSwitcher: true
+                switcher {
+                    checked: SettingsController.isKillSwitchEnabled
+                    enabled: !ConnectionController.isConnected
+                }
+                switcherFunction: function(checked) {
+                    if (!ConnectionController.isConnected) {
+                        SettingsController.isKillSwitchEnabled = checked
+                    } else {
+                        PageController.showNotificationMessage(qsTr("Cannot change killSwitch settings during active connection"))
+                        switcher.checked = SettingsController.isKillSwitchEnabled
+                    }
+                }
+            }
+
+            VerticalRadioButton {
+                id: softKillSwitch
+                Layout.fillWidth: true
+                Layout.topMargin: 32
+                Layout.leftMargin: 16
+                Layout.rightMargin: 16
+
+                enabled: SettingsController.isKillSwitchEnabled && !ConnectionController.isConnected
+                checked: !SettingsController.strictKillSwitchEnabled
+
+                text: qsTr("Soft KillSwitch")
+                descriptionText: qsTr("Internet connection is blocked if VPN connection drops accidentally")
+
+                onClicked: function() {
+                    SettingsController.strictKillSwitchEnabled = false
+                }
+            }
+
+            DividerType {}
+
+            VerticalRadioButton {
+                id: strictKillSwitch
+                Layout.fillWidth: true
+                Layout.leftMargin: 16
+                Layout.rightMargin: 16
+
+                enabled: SettingsController.isKillSwitchEnabled && !ConnectionController.isConnected
+                checked: SettingsController.strictKillSwitchEnabled
+
+                text: qsTr("Strict KillSwitch")
+                descriptionText: qsTr("Internet connection is blocked even if VPN was turned off manually or not started")
+
+                onClicked: function() {
+                    var headerText = qsTr("Just a little heads-up")
+                    var descriptionText = qsTr("If you disconnect from VPN or the VPN connection drops while the Strict Kill Switch is turned on, your internet access will be disabled. To restore it, connect to VPN, change the Kill Switch mode or turn the Kill Switch off.")
+                    var yesButtonText = qsTr("Continue")
+                    var noButtonText = qsTr("Cancel")
+
+                    var yesButtonFunction = function() {
+                        SettingsController.strictKillSwitchEnabled = true
+                    }
+                    var noButtonFunction = function() {
+                    }
+
+                    showQuestionDrawer(headerText, descriptionText, yesButtonText, noButtonText, yesButtonFunction, noButtonFunction)
+                }
+            }
+
+            DividerType {}
+            
+            LabelWithButtonType {
+                Layout.topMargin: 32
+                Layout.fillWidth: true
+
+                enabled: true
+                text: qsTr("DNS Exceptions")
+                descriptionText: qsTr("DNS servers from the list will remain accessible when Kill Switch is triggered")
+                rightImageSource: "qrc:/images/controls/chevron-right.svg"
+
+                clickedFunction: function() {
+                    PageController.goToPage(PageEnum.PageSettingsKillSwitchExceptions)
+                }
+            }
+        }
+    }
+} 

client/ui/qml/Pages2/PageSettingsKillSwitchExceptions.qml

@@ -0,0 +1,302 @@
+import QtQuick
+import QtQuick.Controls
+import QtQuick.Layouts
+import QtQuick.Dialogs
+
+import QtCore
+
+import SortFilterProxyModel 0.2
+
+import PageEnum 1.0
+import ProtocolEnum 1.0
+import ContainerProps 1.0
+import Style 1.0
+
+import "./"
+import "../Controls2"
+import "../Controls2/TextTypes"
+import "../Config"
+import "../Components"
+
+PageType {
+    id: root
+    
+    property bool pageEnabled: true
+
+    ColumnLayout {
+        id: header
+
+        anchors.top: parent.top
+        anchors.left: parent.left
+        anchors.right: parent.right
+
+        anchors.topMargin: 20
+
+        BackButtonType {
+            id: backButton
+        }
+
+        BaseHeaderType {
+            enabled: root.pageEnabled
+
+            Layout.fillWidth: true
+            Layout.leftMargin: 16
+
+            headerText: qsTr("DNS Exceptions")
+            descriptionText: qsTr("DNS servers from the list will remain accessible when Kill Switch is triggered")
+        }
+    }
+
+    ListView {
+        id: listView
+
+        anchors.top: header.bottom
+        anchors.topMargin: 16
+        anchors.bottom: parent.bottom
+
+        width: parent.width
+
+        enabled: root.pageEnabled
+
+        property bool isFocusable: true
+
+        cacheBuffer: 200
+        displayMarginBeginning: 40
+        displayMarginEnd: 40
+        
+        ScrollBar.vertical: ScrollBarType { }
+        
+        footer: Item {
+            width: listView.width
+            height: addSitePanel.height
+        }
+        
+        footerPositioning: ListView.InlineFooter
+
+        model: SortFilterProxyModel {
+            id: dnsFilterModel
+            sourceModel: AllowedDnsModel
+            filters: [
+                RegExpFilter {
+                    roleName: "ip"
+                    pattern: ".*" + addSitePanel.textField.text + ".*"
+                    caseSensitivity: Qt.CaseInsensitive
+                }
+            ]
+        }
+
+        clip: true
+
+        reuseItems: true
+
+        delegate: ColumnLayout {
+            id: delegateContent
+
+            width: listView.width
+
+            LabelWithButtonType {
+                id: site
+                Layout.fillWidth: true
+
+                text: ip
+                rightImageSource: "qrc:/images/controls/trash.svg"
+                rightImageColor: AmneziaStyle.color.paleGray
+
+                clickedFunction: function() {
+                    var headerText = qsTr("Delete ") + ip + "?"
+                    var yesButtonText = qsTr("Continue")
+                    var noButtonText = qsTr("Cancel")
+
+                    var yesButtonFunction = function() {
+                        AllowedDnsController.removeDns(dnsFilterModel.mapToSource(index))
+                        if (!GC.isMobile()) {
+                            site.rightButton.forceActiveFocus()
+                        }
+                    }
+                    var noButtonFunction = function() {
+                        if (!GC.isMobile()) {
+                            site.rightButton.forceActiveFocus()
+                        }
+                    }
+
+                    showQuestionDrawer(headerText, "", yesButtonText, noButtonText, yesButtonFunction, noButtonFunction)
+                }
+            }
+
+            DividerType {}
+        }
+    }
+
+    AddSitePanel {
+        id: addSitePanel
+        
+        anchors.bottom: parent.bottom
+        anchors.left: parent.left
+        anchors.right: parent.right
+        
+        enabled: root.pageEnabled
+        placeholderText: qsTr("IPv4 address")
+
+        onAddClicked: function(text) {
+            PageController.showBusyIndicator(true)
+            AllowedDnsController.addDns(text)
+            PageController.showBusyIndicator(false)
+        }
+
+        onMoreClicked: {
+            moreActionsDrawer.openTriggered()
+        }
+    }
+
+    DrawerType2 {
+        id: moreActionsDrawer
+
+        anchors.fill: parent
+        expandedHeight: parent.height * 0.4375
+
+        expandedStateContent: ColumnLayout {
+            id: moreActionsDrawerContent
+
+            anchors.top: parent.top
+            anchors.left: parent.left
+            anchors.right: parent.right
+
+            Header2Type {
+                Layout.fillWidth: true
+                Layout.margins: 16
+
+                headerText: qsTr("Import / Export addresses")
+            }
+
+            LabelWithButtonType {
+                id: importSitesButton
+                Layout.fillWidth: true
+
+                text: qsTr("Import")
+                rightImageSource: "qrc:/images/controls/chevron-right.svg"
+
+                clickedFunction: function() {
+                    importSitesDrawer.openTriggered()
+                }
+            }
+
+            DividerType {}
+
+            LabelWithButtonType {
+                id: exportSitesButton
+                Layout.fillWidth: true
+                text: qsTr("Save address list")
+
+                clickedFunction: function() {
+                    var fileName = ""
+                    if (GC.isMobile()) {
+                        fileName = "amnezia_killswitch_exceptions.json"
+                    } else {
+                        fileName = SystemController.getFileName(qsTr("Save addresses"),
+                                                                qsTr("Address files (*.json)"),
+                                                                StandardPaths.standardLocations(StandardPaths.DocumentsLocation) + "/amnezia_killswitch_exceptions",
+                                                                true,
+                                                                ".json")
+                    }
+                    if (fileName !== "") {
+                        PageController.showBusyIndicator(true)
+                        AllowedDnsController.exportDns(fileName)
+                        moreActionsDrawer.closeTriggered()
+                        PageController.showBusyIndicator(false)
+                    }
+                }
+            }
+
+            DividerType {}
+        }
+    }
+
+    DrawerType2 {
+        id: importSitesDrawer
+
+        anchors.fill: parent
+        expandedHeight: parent.height * 0.4375
+
+        expandedStateContent: Item {
+            implicitHeight: importSitesDrawer.expandedHeight
+
+            BackButtonType {
+                id: importSitesDrawerBackButton
+
+                anchors.top: parent.top
+                anchors.left: parent.left
+                anchors.right: parent.right
+                anchors.topMargin: 16
+
+                backButtonFunction: function() {
+                    importSitesDrawer.closeTriggered()
+                }
+            }
+
+            FlickableType {
+                anchors.top: importSitesDrawerBackButton.bottom
+                anchors.left: parent.left
+                anchors.right: parent.right
+                anchors.bottom: parent.bottom
+
+                contentHeight: importSitesDrawerContent.height
+
+                ColumnLayout {
+                    id: importSitesDrawerContent
+
+                    anchors.top: parent.top
+                    anchors.left: parent.left
+                    anchors.right: parent.right
+
+                    Header2Type {
+                        Layout.fillWidth: true
+                        Layout.margins: 16
+
+                        headerText: qsTr("Import address list")
+                    }
+
+                    LabelWithButtonType {
+                        id: importSitesButton2
+                        Layout.fillWidth: true
+
+                        text: qsTr("Replace address list")
+
+                        clickedFunction: function() {
+                            var fileName = SystemController.getFileName(qsTr("Open address file"),
+                                                                        qsTr("Address files (*.json)"))
+                            if (fileName !== "") {
+                                importSitesDrawerContent.importSites(fileName, true)
+                            }
+                        }
+                    }
+
+                    DividerType {}
+
+                    LabelWithButtonType {
+                        id: importSitesButton3
+                        Layout.fillWidth: true
+                        text: qsTr("Add imported addresses to existing ones")
+
+                        clickedFunction: function() {
+                            var fileName = SystemController.getFileName(qsTr("Open address file"),
+                                                                        qsTr("Address files (*.json)"))
+                            if (fileName !== "") {
+                                importSitesDrawerContent.importSites(fileName, false)
+                            }
+                        }
+                    }
+
+                    function importSites(fileName, replaceExistingSites) {
+                        PageController.showBusyIndicator(true)
+                        AllowedDnsController.importDns(fileName, replaceExistingSites)
+                        PageController.showBusyIndicator(false)
+                        importSitesDrawer.closeTriggered()
+                        moreActionsDrawer.closeTriggered()
+                    }
+
+                    DividerType {}
+                }
+            }
+        }
+    }
+}

client/ui/qml/Pages2/PageSettingsLogging.qml

@@ -40,7 +40,7 @@ PageType {
         header: ColumnLayout {
             width: listView.width
 
-            HeaderType {
+            BaseHeaderType {
                 Layout.fillWidth: true
                 Layout.leftMargin: 16
                 Layout.rightMargin: 16

client/ui/qml/Pages2/PageSettingsServerInfo.qml

@@ -71,7 +71,7 @@ PageType {
             objectName: "backButton"
         }
 
-        HeaderType {
+        HeaderTypeWithButton {
             id: headerContent
             objectName: "headerContent"
 

client/ui/qml/Pages2/PageSettingsServerProtocol.qml

@@ -34,7 +34,7 @@ PageType {
             id: backButton
         }
 
-        HeaderType {
+        BaseHeaderType {
             Layout.fillWidth: true
             Layout.leftMargin: 16
             Layout.rightMargin: 16

client/ui/qml/Pages2/PageSettingsServersList.qml

@@ -31,7 +31,7 @@ PageType {
             id: backButton
         }
 
-        HeaderType {
+        BaseHeaderType {
             Layout.fillWidth: true
             Layout.leftMargin: 16
             Layout.rightMargin: 16