Open docs url according for Ukrainian language

change pretty product name to product type for api payload

.github/workflows/deploy.yml

@@ -14,8 +14,8 @@ jobs:
     runs-on: ubuntu-20.04
 
     env:
-      QT_VERSION: 6.5.1
-      QIF_VERSION: 4.6
+      QT_VERSION: 6.6.2
+      QIF_VERSION: 4.7
 
     steps:
     - name: 'Install Qt'
@@ -72,8 +72,8 @@ jobs:
     runs-on: windows-latest
 
     env:
-      QT_VERSION: 6.5.1
-      QIF_VERSION: 4.6
+      QT_VERSION: 6.6.2
+      QIF_VERSION: 4.7
       BUILD_ARCH: 64
 
     steps:
@@ -134,7 +134,7 @@ jobs:
     runs-on: macos-13
 
     env:
-      QT_VERSION: 6.5.2
+      QT_VERSION: 6.6.2
       CC: cc
       CXX: c++
 
@@ -233,7 +233,7 @@ jobs:
     - name: 'Setup xcode'
       uses: maxim-lobanov/setup-xcode@v1
       with:
-        xcode-version: '13.4'
+        xcode-version: '14.3.1'
 
     - name: 'Install Qt'
       uses: jurplel/install-qt-action@v3
@@ -245,10 +245,15 @@ jobs:
         modules: 'qtremoteobjects qt5compat qtshadertools'
         dir: ${{ runner.temp }}
         setup-python: 'true'
-        tools: 'tools_ifw'
         set-env: 'true'
         extra: '--external 7z --base ${{ env.QT_MIRROR }}'
 
+    - name: 'Install Qt Installer Framework ${{ env.QIF_VERSION }}'
+      run: |
+        mkdir -pv ${{ runner.temp }}/Qt/Tools/QtInstallerFramework
+        wget https://qt.amzsvc.com/tools/ifw/${{ env.QIF_VERSION }}.zip
+        unzip ${{ env.QIF_VERSION }}.zip -d ${{ runner.temp }}/Qt/Tools/QtInstallerFramework/
+
     - name: 'Get sources'
       uses: actions/checkout@v4
       with:
@@ -286,7 +291,7 @@ jobs:
 
     env:
       ANDROID_BUILD_PLATFORM: android-34
-      QT_VERSION: 6.6.1
+      QT_VERSION: 6.6.2
       QT_MODULES: 'qtremoteobjects qt5compat qtimageformats qtshadertools'
 
     steps:

.gitignore

@@ -131,3 +131,6 @@ client/3rd/ShadowSocks/ss_ios.xcconfig
 
 # UML generated pics
 out/
+
+# CMake files
+CMakeFiles/

CMakeLists.txt

@@ -2,7 +2,7 @@ cmake_minimum_required(VERSION 3.25.0 FATAL_ERROR)
 
 set(PROJECT AmneziaVPN)
 
-project(${PROJECT} VERSION 4.3.0.0
+project(${PROJECT} VERSION 4.5.3.0
         DESCRIPTION "AmneziaVPN"
         HOMEPAGE_URL "https://amnezia.org/"
 )
@@ -11,7 +11,7 @@ string(TIMESTAMP CURRENT_DATE "%Y-%m-%d")
 set(RELEASE_DATE "${CURRENT_DATE}")
 
 set(APP_MAJOR_VERSION ${CMAKE_PROJECT_VERSION_MAJOR}.${CMAKE_PROJECT_VERSION_MINOR}.${CMAKE_PROJECT_VERSION_PATCH})
-set(APP_ANDROID_VERSION_CODE 44)
+set(APP_ANDROID_VERSION_CODE 52)
 
 if(${CMAKE_SYSTEM_NAME} STREQUAL "Linux")
     set(MZ_PLATFORM_NAME "linux")

README.md

@@ -7,13 +7,15 @@
 Amnezia is an open-source VPN client, with a key feature that enables you to deploy your own VPN server on your server.
 
 ## Features
-- Very easy to use - enter your ip address, ssh login and password, and Amnezia will automatically install VPN docker containers to your server and connect to VPN.
-- OpenVPN, ShadowSocks, WireGuard, IKEv2 protocols support.
+
+- Very easy to use - enter your IP address, SSH login, and password, and Amnezia will automatically install VPN docker containers to your server and connect to the VPN.
+- OpenVPN, ShadowSocks, WireGuard, and IKEv2 protocols support.
 - Masking VPN with OpenVPN over Cloak plugin
-- Split tunneling support - add any sites to client to enable VPN only for them (only for desktops)
+- Split tunneling support - add any sites to the client to enable VPN only for them (only for desktops)
 - Windows, MacOS, Linux, Android, iOS releases.
 
 ## Links
+
 [https://amnezia.org](https://amnezia.org) - project website  
 [https://www.reddit.com/r/AmneziaVPN](https://www.reddit.com/r/AmneziaVPN) - Reddit  
 [https://t.me/amnezia_vpn_en](https://t.me/amnezia_vpn_en) - Telegram support channel (English)  
@@ -21,13 +23,13 @@ Amnezia is an open-source VPN client, with a key feature that enables you to dep
 
 ## Tech
 
-AmneziaVPN uses a number of open source projects to work:
+AmneziaVPN uses several open-source projects to work:
 
 - [OpenSSL](https://www.openssl.org/)
 - [OpenVPN](https://openvpn.net/)
 - [ShadowSocks](https://shadowsocks.org/)
 - [Qt](https://www.qt.io/)
-- [LibSsh](https://libssh.org) - forked form Qt Creator
+- [LibSsh](https://libssh.org) - forked from Qt Creator
 - and more...
 
 ## Checking out the source code
@@ -43,14 +45,15 @@ git submodule update --init --recursive
 Want to contribute? Welcome!
 
 ### Building sources and deployment
-Look deploy folder for build scripts. 
 
-### How to build iOS app from source code on MacOS
+Check deploy folder for build scripts. 
+
+### How to build an iOS app from source code on MacOS
 
 1. First, make sure you have [XCode](https://developer.apple.com/xcode/) installed, at least version 14 or higher.
 
-2. We use QT to generate the XCode project. we need QT version 6.6.1. Install QT for macos in [here](https://doc.qt.io/qt-6/macos.html) or [QT Online Installer](https://www.qt.io/download-open-source). Required modules:
-   - macOS
+2. We use QT to generate the XCode project. We need QT version 6.6.1. Install QT for MacOS [here](https://doc.qt.io/qt-6/macos.html) or [QT Online Installer](https://www.qt.io/download-open-source). Required modules:
+   - MacOS
    - iOS
    - Qt 5 Compatibility Module
    - Qt Shader Tools
@@ -59,18 +62,18 @@ Look deploy folder for build scripts.
      - Qt Multimedia
      - Qt Remote Objects 
 
-3. Install cmake is require. We recommend cmake version 3.25. You can install cmake in [here](https://cmake.org/download/)
+3. Install CMake if required. We recommend CMake version 3.25. You can install CMake [here](https://cmake.org/download/)
 
-4. You also need to install go >= v1.16. If you don't have it done already,
+4. You also need to install go >= v1.16. If you don't have it installed already,
 download go from the [official website](https://golang.org/dl/) or use Homebrew. 
-Latest version is recommended. Install gomobile
+The latest version is recommended. Install gomobile
 ```bash
 export PATH=$PATH:~/go/bin
 go install golang.org/x/mobile/cmd/gomobile@latest
 gomobile init
 ```
 
-5. Build project
+5. Build the project
 ```bash
 export QT_BIN_DIR="<PATH-TO-QT-FOLDER>/Qt/<QT-VERSION>/ios/bin"
 export QT_MACOS_ROOT_DIR="<PATH-TO-QT-FOLDER>/Qt/<QT-VERSION>/macos"
@@ -88,62 +91,63 @@ of the bin folder where gomobile was installed. Usually, it's in `GOPATH`.
 export PATH=$(PATH):/path/to/GOPATH/bin
 ```
 
-5. Open XCode project. You can then run/test/archive/ship the app.
+6. Open the XCode project. You can then run /test/archive/ship the app.
 
-If build fails with the following error
+If the build fails with the following error
 ```
 make: *** 
 [$(PROJECTDIR)/client/build/AmneziaVPN.build/Debug-iphoneos/wireguard-go-bridge/goroot/.prepared] 
 Error 1
 ```
-Add a user defined variable to both AmneziaVPN and WireGuardNetworkExtension targets' build settings with
+Add a user-defined variable to both AmneziaVPN and WireGuardNetworkExtension targets' build settings with
 key `PATH` and value `${PATH}/path/to/bin/folder/with/go/executable`, e.g. `${PATH}:/usr/local/go/bin`.
 
-if above error still persists on you M1 Mac, then most probably you need to install arch based cmake 
+if the above error persists on your M1 Mac, then most probably you need to install arch based CMake 
 ```
 arch -arm64 brew install cmake
 ```
 
-Build might fail with "source files not found" error the first time you try it, because modern XCode build system compiles
-dependencies in parallel, and some dependencies end up being built after the ones that
-require them. In this case simply restart the build.
+Build might fail with the "source files not found" error the first time you try it, because the modern XCode build system compiles dependencies in parallel, and some dependencies end up being built after the ones that
+require them. In this case, simply restart the build.
 
 ## How to build the Android app
-_tested on Mac OS_
+
+_Tested on Mac OS_
 
 The Android app has the following requirements:
 * JDK 11
 * Android platform SDK 33
-* cmake 3.25.0
+* CMake 3.25.0
 
-After you have installed QT, QT Creator and Android Studio installed, you need to configure QT Creator correctly. Click in the top menu bar on `QT Creator` -> `Preferences` -> `Devices` and select the tab `Android`. 
-    * set path to jdk 11
+After you have installed QT, QT Creator, and Android Studio, you need to configure QT Creator correctly. Click in the top menu bar on `QT Creator` -> `Preferences` -> `Devices` and select the tab `Android`. 
+    * set path to JDK 11
     * set path to Android SDK ($ANDROID_HOME)
 
-In case you get errors regarding missing SDK or 'sdkmanager not running', you cannot fix them by correcting the paths and you have some spare GBs on your disk, you can let QT Creator install all requirements by choosing an empty folder for `Android SDK location` and click on `Set Up SDK`. Be aware: This will install a second Android SDK and NDK on your machine! 
+In case you get errors regarding missing SDK or 'SDK manager not running', you cannot fix them by correcting the paths. If you have some spare GBs on your disk, you can let QT Creator install all requirements by choosing an empty folder for `Android SDK location` and clicking on `Set Up SDK`. Be aware: This will install a second Android SDK and NDK on your machine! 
+Double-check that the right CMake version is configured:  Click on `QT Creator` -> `Preferences` and click on the side menu on `Kits`. Under the center content view's `Kits` tab, you'll find an entry for `CMake Tool`. If the default selected CMake version is lower than 3.25.0, install on your system CMake >= 3.25.0 and choose `System CMake at <path>` from the drop-down list. If this entry is missing, you either have not installed CMake yet or QT Creator hasn't found the path to it. In that case, click in the preferences window on the side menu item `CMake`, then on the tab `Tools` in the center content view, and finally on the button `Add` to set the path to your installed CMake. 
+Please make sure that you have selected Android Platform SDK 33 for your project: click in the main view's side menu on `Projects`, and on the left, you'll see a section `Build & Run` showing different Android build targets. You can select any of them, Amnezia VPN's project setup is designed in a way that all Android targets will be built. Click on the targets submenu item `Build` and scroll in the center content view to `Build Steps`. Click on `Details` at the end of the headline `Build Android APK` (the `Details` button might be hidden in case the QT Creator Window is not running in full screen!). Here we are: Choose `android-33` as `Android Build Platform SDK`.
 
-Double check that the right cmake version is configured:  Click on `QT Creator` -> `Preferences` and click on the side menu on `Kits`. Under the center content view's `Kits` tab you'll find an entry `CMake Tool`. If the default selected CMake version is lower than 3.25.0, install on your system CMake >= 3.25.0 and choose `System CMake at <path>` from the drop down list. If this entry is missing, you either have not installed CMake yet or QT Creator hasn't found the path to it. In that case click in the preferences window on the side menu item `CMake`, then on the tab `Tools`in the center content view and finally on the Button `Add` to set the path to your installed CMake. 
-
-Please make sure that you have selected Android Platform SDK 33 for your project: click in the main view's side menu on on `Projects`, on the left you'll see a section `Build & Run` showing different Android build targets. You can select any of them, Amnezia VPN's project setup is designed in a way that always all Android targets will be build. Click on the targets submenu item `Build` and scroll in the center content view to `Build Steps`. Click on `Details` at the end of the headline `Build Android APK` (The `Details` button might be hidden in case QT Creator Window is not running in full screen!). Here we are: choose `android-33` as `Android Build platform SDK`.
-
-That's it you should be ready to compile the project from QT Creator!
+That's it! You should be ready to compile the project from QT Creator!
 
 ### Development flow
-After you've hit the build button, QT-Creator copies the whole project to a folder in the repositories parent directory. The folder should look something like `build-amnezia-client-Android_Qt_<version>_Clang_<architecture>-<BuildType>`.
-If you want to develop Amnezia VPNs Android components written in Kotlin, such as components using system APIs, you need to import the generated project in Android Studio with `build-amnezia-client-Android_Qt_<version>_Clang_<architecture>-<BuildType>/client/android-build` as the projects root directory. While you should be able to compile the generated project from Android Studio, you cannot work directly in the repository's Android project. So whenever you are confident with your work in the generated project, you'll need to copy and paste the affected files to the corresponding path in the repositories Android project so that you can add and commit your changes!
 
-You may face compiling issues in QT Creator after you've worked in Android Studio on the generated project. Just do a `./gradlew clean` in the generated project's root directory (`<path>/client/android-build/.`) and you should be good to continue.
+After you've hit the build button, QT-Creator copies the whole project to a folder in the repository parent directory. The folder should look something like `build-amnezia-client-Android_Qt_<version>_Clang_<architecture>-<BuildType>`.
+If you want to develop Amnezia VPNs Android components written in Kotlin, such as components using system APIs, you need to import the generated project in Android Studio with `build-amnezia-client-Android_Qt_<version>_Clang_<architecture>-<BuildType>/client/android-build` as the projects root directory. While you should be able to compile the generated project from Android Studio, you cannot work directly in the repository's Android project. So whenever you are confident with your work in the generated project, you'll need to copy and paste the affected files to the corresponding path in the repository's Android project so that you can add and commit your changes!
+
+You may face compiling issues in QT Creator after you've worked in Android Studio on the generated project. Just do a `./gradlew clean` in the generated project's root directory (`<path>/client/android-build/.`) and you should be good to go.
 
 ## License
-GPL v.3
+
+GPL v3.0
 
 ## Donate
+
 Bitcoin: bc1qn9rhsffuxwnhcuuu4qzrwp4upkrq94xnh8r26u  
 XMR: 48spms39jt1L2L5vyw2RQW6CXD6odUd4jFu19GZcDyKKQV9U88wsJVjSbL4CfRys37jVMdoaWVPSvezCQPhHXUW5UKLqUp3  
 payeer.com: P2561305  
 ko-fi.com: [https://ko-fi.com/amnezia_vpn](https://ko-fi.com/amnezia_vpn)  
 
+## Acknowledgments
 
-## etc
 This project is tested with BrowserStack.
 We express our gratitude to [BrowserStack](https://www.browserstack.com) for supporting our project.

client/3rd/QSimpleCrypto/include/QX509.h

@@ -72,7 +72,7 @@ namespace QSimpleCrypto
         /// \param notAfter - X509 end date.
         /// \return Returns OpenSSL X509 structure or nullptr, if error happened. Returned value must be cleaned up with 'X509_free' to avoid memory leak.
         ///
-        X509* generateSelfSignedCertificate(const RSA* rsa, const QMap<QByteArray, QByteArray>& additionalData,
+        X509* generateSelfSignedCertificate(RSA* rsa, const QMap<QByteArray, QByteArray>& additionalData,
             const QByteArray& certificateFileName = "", const EVP_MD* md = EVP_sha512(),
             const long& serialNumber = 1, const long& version = x509LastVersion,
             const long& notBefore = 0, const long& notAfter = oneYear);

client/3rd/QSimpleCrypto/sources/QX509.cpp

@@ -139,7 +139,7 @@ X509* QSimpleCrypto::QX509::verifyCertificate(X509* x509, X509_STORE* store)
 /// \param notAfter - X509 end date.
 /// \return Returns OpenSSL X509 structure or nullptr, if error happened. Returned value must be cleaned up with 'X509_free' to avoid memory leak.
 ///
-X509* QSimpleCrypto::QX509::generateSelfSignedCertificate(const RSA* rsa, const QMap<QByteArray, QByteArray>& additionalData,
+X509* QSimpleCrypto::QX509::generateSelfSignedCertificate(RSA* rsa, const QMap<QByteArray, QByteArray>& additionalData,
     const QByteArray& certificateFileName, const EVP_MD* md,
     const long& serialNumber, const long& version,
     const long& notBefore, const long& notAfter)

client/CMakeLists.txt

@@ -15,6 +15,15 @@ set(PACKAGES
     Core5Compat Concurrent LinguistTools
 )
 
+execute_process(
+  WORKING_DIRECTORY "${CMAKE_SOURCE_DIR}"
+  COMMAND git rev-parse --short HEAD
+  OUTPUT_VARIABLE GIT_COMMIT_HASH
+  OUTPUT_STRIP_TRAILING_WHITESPACE
+)
+
+add_definitions(-DGIT_COMMIT_HASH="${GIT_COMMIT_HASH}")
+
 if(IOS)
     set(PACKAGES ${PACKAGES} Multimedia)
 endif()
@@ -54,9 +63,14 @@ qt6_add_resources(QRC ${QRC} ${CMAKE_CURRENT_LIST_DIR}/resources.qrc)
 set(CMAKE_AUTORCC ON)
 
 set(AMNEZIAVPN_TS_FILES
-    ${CMAKE_CURRENT_LIST_DIR}/translations/amneziavpn_ru.ts
+    ${CMAKE_CURRENT_LIST_DIR}/translations/amneziavpn_ru_RU.ts
     ${CMAKE_CURRENT_LIST_DIR}/translations/amneziavpn_zh_CN.ts
     ${CMAKE_CURRENT_LIST_DIR}/translations/amneziavpn_fa_IR.ts
+    ${CMAKE_CURRENT_LIST_DIR}/translations/amneziavpn_ar_EG.ts
+    ${CMAKE_CURRENT_LIST_DIR}/translations/amneziavpn_my_MM.ts
+    ${CMAKE_CURRENT_LIST_DIR}/translations/amneziavpn_uk_UA.ts
+    ${CMAKE_CURRENT_LIST_DIR}/translations/amneziavpn_ur_PK.ts
+    ${CMAKE_CURRENT_LIST_DIR}/translations/amneziavpn_hi_IN.ts
 )
 
 file(GLOB_RECURSE AMNEZIAVPN_TS_SOURCES *.qrc *.cpp *.h *.ui)
@@ -108,16 +122,18 @@ set(HEADERS ${HEADERS}
     ${CMAKE_CURRENT_LIST_DIR}/core/errorstrings.h
     ${CMAKE_CURRENT_LIST_DIR}/core/scripts_registry.h
     ${CMAKE_CURRENT_LIST_DIR}/core/server_defs.h
+    ${CMAKE_CURRENT_LIST_DIR}/core/controllers/apiController.h
     ${CMAKE_CURRENT_LIST_DIR}/core/controllers/serverController.h
+    ${CMAKE_CURRENT_LIST_DIR}/core/controllers/vpnConfigurationController.h
     ${CMAKE_CURRENT_LIST_DIR}/protocols/protocols_defs.h
     ${CMAKE_CURRENT_LIST_DIR}/protocols/qml_register_protocols.h
-    ${CMAKE_CURRENT_LIST_DIR}/ui/notificationhandler.h
     ${CMAKE_CURRENT_LIST_DIR}/ui/pages.h
     ${CMAKE_CURRENT_LIST_DIR}/ui/property_helper.h
     ${CMAKE_CURRENT_LIST_DIR}/ui/qautostart.h
     ${CMAKE_CURRENT_LIST_DIR}/protocols/vpnprotocol.h
     ${CMAKE_CURRENT_BINARY_DIR}/version.h
     ${CMAKE_CURRENT_LIST_DIR}/core/sshclient.h
+    ${CMAKE_CURRENT_LIST_DIR}/core/networkUtilities.h
 )
 
 # Mozilla headres
@@ -135,11 +151,16 @@ include_directories(mozilla/models)
 
 if(NOT IOS)
     set(HEADERS ${HEADERS}
-        ${CMAKE_CURRENT_LIST_DIR}/platforms/ios/MobileUtils.h
         ${CMAKE_CURRENT_LIST_DIR}/platforms/ios/QRCodeReaderBase.h
     )
 endif()
 
+if(NOT ANDROID)
+    set(HEADERS ${HEADERS}
+        ${CMAKE_CURRENT_LIST_DIR}/ui/notificationhandler.h
+    )
+endif()
+
 set(SOURCES ${SOURCES}
     ${CMAKE_CURRENT_LIST_DIR}/migrations.cpp
     ${CMAKE_CURRENT_LIST_DIR}/amnezia_application.cpp
@@ -147,12 +168,14 @@ set(SOURCES ${SOURCES}
     ${CMAKE_CURRENT_LIST_DIR}/core/errorstrings.cpp
     ${CMAKE_CURRENT_LIST_DIR}/core/scripts_registry.cpp
     ${CMAKE_CURRENT_LIST_DIR}/core/server_defs.cpp
+    ${CMAKE_CURRENT_LIST_DIR}/core/controllers/apiController.cpp
     ${CMAKE_CURRENT_LIST_DIR}/core/controllers/serverController.cpp
+    ${CMAKE_CURRENT_LIST_DIR}/core/controllers/vpnConfigurationController.cpp
     ${CMAKE_CURRENT_LIST_DIR}/protocols/protocols_defs.cpp
-    ${CMAKE_CURRENT_LIST_DIR}/ui/notificationhandler.cpp
     ${CMAKE_CURRENT_LIST_DIR}/ui/qautostart.cpp
     ${CMAKE_CURRENT_LIST_DIR}/protocols/vpnprotocol.cpp
     ${CMAKE_CURRENT_LIST_DIR}/core/sshclient.cpp
+    ${CMAKE_CURRENT_LIST_DIR}/core/networkUtilities.cpp
 )
 
 # Mozilla sources
@@ -169,11 +192,16 @@ endif()
 
 if(NOT IOS)
     set(SOURCES ${SOURCES}
-        ${CMAKE_CURRENT_LIST_DIR}/platforms/ios/MobileUtils.cpp
         ${CMAKE_CURRENT_LIST_DIR}/platforms/ios/QRCodeReaderBase.cpp
     )
 endif()
 
+if(NOT ANDROID)
+    set(SOURCES ${SOURCES}
+        ${CMAKE_CURRENT_LIST_DIR}/ui/notificationhandler.cpp
+    )
+endif()
+
 file(GLOB COMMON_FILES_H CONFIGURE_DEPENDS ${CMAKE_CURRENT_LIST_DIR}/*.h)
 file(GLOB COMMON_FILES_CPP CONFIGURE_DEPENDS ${CMAKE_CURRENT_LIST_DIR}/*.cpp)
 
@@ -282,6 +310,7 @@ if(WIN32 OR (APPLE AND NOT IOS) OR (LINUX AND NOT ANDROID))
         ${CMAKE_CURRENT_LIST_DIR}/protocols/openvpnovercloakprotocol.h
         ${CMAKE_CURRENT_LIST_DIR}/protocols/shadowsocksvpnprotocol.h
         ${CMAKE_CURRENT_LIST_DIR}/protocols/wireguardprotocol.h
+        ${CMAKE_CURRENT_LIST_DIR}/protocols/xrayprotocol.h
         ${CMAKE_CURRENT_LIST_DIR}/protocols/awgprotocol.h
     )
 
@@ -293,6 +322,7 @@ if(WIN32 OR (APPLE AND NOT IOS) OR (LINUX AND NOT ANDROID))
         ${CMAKE_CURRENT_LIST_DIR}/protocols/openvpnovercloakprotocol.cpp
         ${CMAKE_CURRENT_LIST_DIR}/protocols/shadowsocksvpnprotocol.cpp
         ${CMAKE_CURRENT_LIST_DIR}/protocols/wireguardprotocol.cpp
+        ${CMAKE_CURRENT_LIST_DIR}/protocols/xrayprotocol.cpp
         ${CMAKE_CURRENT_LIST_DIR}/protocols/awgprotocol.cpp
     )
 endif()

client/amnezia_application.cpp

@@ -9,14 +9,15 @@
 #include <QTextDocument>
 #include <QTimer>
 #include <QTranslator>
-
 #include <QQuickItem>
 
 #include "logger.h"
+#include "ui/models/installedAppsModel.h"
 #include "version.h"
 
 #include "platforms/ios/QRCodeReaderBase.h"
 #if defined(Q_OS_ANDROID)
+    #include "core/installedAppsImageProvider.h"
     #include "platforms/android/android_controller.h"
 #endif
 
@@ -24,13 +25,14 @@
 
 #if defined(Q_OS_IOS)
     #include "platforms/ios/ios_controller.h"
+    #include <AmneziaVPN-Swift.h>
 #endif
 
 #if defined(Q_OS_ANDROID) || defined(Q_OS_IOS)
 AmneziaApplication::AmneziaApplication(int &argc, char *argv[]) : AMNEZIA_BASE_CLASS(argc, argv)
 #else
-AmneziaApplication::AmneziaApplication(int &argc, char *argv[], bool allowSecondary, SingleApplication::Options options,
-                                       int timeout, const QString &userData)
+AmneziaApplication::AmneziaApplication(int &argc, char *argv[], bool allowSecondary, SingleApplication::Options options, int timeout,
+                                       const QString &userData)
     : SingleApplication(argc, argv, allowSecondary, options, timeout, userData)
 #endif
 {
@@ -43,16 +45,17 @@ AmneziaApplication::AmneziaApplication(int &argc, char *argv[], bool allowSecond
         s.setValue("permFixed", true);
     }
 
-    QString configLoc1 = QStandardPaths::standardLocations(QStandardPaths::ConfigLocation).first() + "/"
-            + ORGANIZATION_NAME + "/" + APPLICATION_NAME + ".conf";
+    QString configLoc1 = QStandardPaths::standardLocations(QStandardPaths::ConfigLocation).first() + "/" + ORGANIZATION_NAME + "/"
+            + APPLICATION_NAME + ".conf";
     QFile::setPermissions(configLoc1, QFileDevice::ReadOwner | QFileDevice::WriteOwner);
 
-    QString configLoc2 = QStandardPaths::standardLocations(QStandardPaths::ConfigLocation).first() + "/"
-            + ORGANIZATION_NAME + "/" + APPLICATION_NAME + "/" + APPLICATION_NAME + ".conf";
+    QString configLoc2 = QStandardPaths::standardLocations(QStandardPaths::ConfigLocation).first() + "/" + ORGANIZATION_NAME + "/"
+            + APPLICATION_NAME + "/" + APPLICATION_NAME + ".conf";
     QFile::setPermissions(configLoc2, QFileDevice::ReadOwner | QFileDevice::WriteOwner);
 #endif
 
     m_settings = std::shared_ptr<Settings>(new Settings);
+    m_nam = new QNetworkAccessManager(this);
 }
 
 AmneziaApplication::~AmneziaApplication()
@@ -81,8 +84,7 @@ void AmneziaApplication::init()
 
     m_engine->rootContext()->setContextProperty("Debug", &Logger::Instance());
 
-    m_configurator = std::shared_ptr<VpnConfigurator>(new VpnConfigurator(m_settings, this));
-    m_vpnConnection.reset(new VpnConnection(m_settings, m_configurator));
+    m_vpnConnection.reset(new VpnConnection(m_settings));
     m_vpnConnection->moveToThread(&m_vpnConnectionThread);
     m_vpnConnectionThread.start();
 
@@ -97,12 +99,18 @@ void AmneziaApplication::init()
     AndroidController::instance()->setSaveLogs(m_settings->isSaveLogs());
     connect(m_settings.get(), &Settings::saveLogsChanged, AndroidController::instance(), &AndroidController::setSaveLogs);
 
-    connect(AndroidController::instance(), &AndroidController::initConnectionState, this,
-            [this](Vpn::ConnectionState state) {
-                m_connectionController->onConnectionStateChanged(state);
-                if (m_vpnConnection)
-                    m_vpnConnection->restoreConnection();
-            });
+    AndroidController::instance()->setScreenshotsEnabled(m_settings->isScreenshotsEnabled());
+    connect(m_settings.get(), &Settings::screenshotsEnabledChanged, AndroidController::instance(), &AndroidController::setScreenshotsEnabled);
+
+    connect(m_settings.get(), &Settings::serverRemoved, AndroidController::instance(), &AndroidController::resetLastServer);
+
+    connect(m_settings.get(), &Settings::settingsCleared, []() { AndroidController::instance()->resetLastServer(-1); });
+
+    connect(AndroidController::instance(), &AndroidController::initConnectionState, this, [this](Vpn::ConnectionState state) {
+        m_connectionController->onConnectionStateChanged(state);
+        if (m_vpnConnection)
+            m_vpnConnection->restoreConnection();
+    });
     if (!AndroidController::instance()->initialize()) {
         qFatal("Android controller initialization failed");
     }
@@ -112,6 +120,8 @@ void AmneziaApplication::init()
         m_importController->extractConfigFromData(data);
         m_pageController->goToPageViewConfig();
     });
+
+    m_engine->addImageProvider(QLatin1String("installedAppImage"), new InstalledAppsImageProvider);
 #endif
 
 #ifdef Q_OS_IOS
@@ -127,21 +137,25 @@ void AmneziaApplication::init()
         m_pageController->goToPageSettingsBackup();
         m_settingsController->importBackupFromOutside(filePath);
     });
+
+    QTimer::singleShot(0, this, [this]() { AmneziaVPN::toggleScreenshots(m_settings->isScreenshotsEnabled()); });
+
+    connect(m_settings.get(), &Settings::screenshotsEnabledChanged, [](bool enabled) { AmneziaVPN::toggleScreenshots(enabled); });
 #endif
 
+#ifndef Q_OS_ANDROID
     m_notificationHandler.reset(NotificationHandler::create(nullptr));
 
     connect(m_vpnConnection.get(), &VpnConnection::connectionStateChanged, m_notificationHandler.get(),
             &NotificationHandler::setConnectionState);
 
-    connect(m_notificationHandler.get(), &NotificationHandler::raiseRequested, m_pageController.get(),
-            &PageController::raiseMainWindow);
+    connect(m_notificationHandler.get(), &NotificationHandler::raiseRequested, m_pageController.get(), &PageController::raiseMainWindow);
     connect(m_notificationHandler.get(), &NotificationHandler::connectRequested, m_connectionController.get(),
-            &ConnectionController::openConnection);
+            static_cast<void (ConnectionController::*)()>(&ConnectionController::openConnection));
     connect(m_notificationHandler.get(), &NotificationHandler::disconnectRequested, m_connectionController.get(),
             &ConnectionController::closeConnection);
-    connect(this, &AmneziaApplication::translationsUpdated, m_notificationHandler.get(),
-            &NotificationHandler::onTranslationsUpdated);
+    connect(this, &AmneziaApplication::translationsUpdated, m_notificationHandler.get(), &NotificationHandler::onTranslationsUpdated);
+#endif
 
     m_engine->load(url);
     m_systemController->setQmlRoot(m_engine->rootObjects().value(0));
@@ -214,7 +228,8 @@ void AmneziaApplication::registerTypes()
     qmlRegisterSingletonType(QUrl("qrc:/ui/qml/Filters/ContainersModelFilters.qml"), "ContainersModelFilters", 1, 0,
                              "ContainersModelFilters");
 
-    //
+    qmlRegisterType<InstalledAppsModel>("InstalledAppsModel", 1, 0, "InstalledAppsModel");
+
     Vpn::declareQmlVpnConnectionStateEnum();
     PageLoader::declareQmlPageEnum();
 }
@@ -286,13 +301,15 @@ void AmneziaApplication::initModels()
     m_containersModel.reset(new ContainersModel(this));
     m_engine->rootContext()->setContextProperty("ContainersModel", m_containersModel.get());
 
+    m_defaultServerContainersModel.reset(new ContainersModel(this));
+    m_engine->rootContext()->setContextProperty("DefaultServerContainersModel", m_defaultServerContainersModel.get());
+
     m_serversModel.reset(new ServersModel(m_settings, this));
     m_engine->rootContext()->setContextProperty("ServersModel", m_serversModel.get());
-    connect(m_serversModel.get(), &ServersModel::containersUpdated, m_containersModel.get(),
+    connect(m_serversModel.get(), &ServersModel::containersUpdated, m_containersModel.get(), &ContainersModel::updateModel);
+    connect(m_serversModel.get(), &ServersModel::defaultServerContainersUpdated, m_defaultServerContainersModel.get(),
             &ContainersModel::updateModel);
-    connect(m_serversModel.get(), &ServersModel::defaultContainerChanged, m_containersModel.get(),
-            &ContainersModel::setDefaultContainer);
-    m_containersModel->setDefaultContainer(m_serversModel->getDefaultContainer()); // make better?
+    m_serversModel->resetModel();
 
     m_languageModel.reset(new LanguageModel(m_settings, this));
     m_engine->rootContext()->setContextProperty("LanguageModel", m_languageModel.get());
@@ -302,6 +319,9 @@ void AmneziaApplication::initModels()
     m_sitesModel.reset(new SitesModel(m_settings, this));
     m_engine->rootContext()->setContextProperty("SitesModel", m_sitesModel.get());
 
+    m_appSplitTunnelingModel.reset(new AppSplitTunnelingModel(m_settings, this));
+    m_engine->rootContext()->setContextProperty("AppSplitTunnelingModel", m_appSplitTunnelingModel.get());
+
     m_protocolsModel.reset(new ProtocolsModel(m_settings, this));
     m_engine->rootContext()->setContextProperty("ProtocolsModel", m_protocolsModel.get());
 
@@ -320,6 +340,9 @@ void AmneziaApplication::initModels()
     m_awgConfigModel.reset(new AwgConfigModel(this));
     m_engine->rootContext()->setContextProperty("AwgConfigModel", m_awgConfigModel.get());
 
+    m_xrayConfigModel.reset(new XrayConfigModel(this));
+    m_engine->rootContext()->setContextProperty("XrayConfigModel", m_xrayConfigModel.get());
+
 #ifdef Q_OS_WINDOWS
     m_ikev2ConfigModel.reset(new Ikev2ConfigModel(this));
     m_engine->rootContext()->setContextProperty("Ikev2ConfigModel", m_ikev2ConfigModel.get());
@@ -332,28 +355,33 @@ void AmneziaApplication::initModels()
     m_engine->rootContext()->setContextProperty("ClientManagementModel", m_clientManagementModel.get());
     connect(m_clientManagementModel.get(), &ClientManagementModel::adminConfigRevoked, m_serversModel.get(),
             &ServersModel::clearCachedProfile);
-
-    connect(m_configurator.get(), &VpnConfigurator::newVpnConfigCreated, this,
-            [this](const QString &clientId, const QString &clientName, const DockerContainer container,
-                   ServerCredentials credentials) {
-                m_serversModel->reloadContainerConfig();
-                m_clientManagementModel->appendClient(clientId, clientName, container, credentials);
-                emit m_configurator->clientModelUpdated();
-            });
 }
 
 void AmneziaApplication::initControllers()
 {
-    m_connectionController.reset(new ConnectionController(m_serversModel, m_containersModel, m_vpnConnection));
+    m_connectionController.reset(
+            new ConnectionController(m_serversModel, m_containersModel, m_clientManagementModel, m_vpnConnection, m_settings));
     m_engine->rootContext()->setContextProperty("ConnectionController", m_connectionController.get());
 
-    connect(this, &AmneziaApplication::translationsUpdated, m_connectionController.get(),
-            &ConnectionController::onTranslationsUpdated);
+    connect(m_connectionController.get(), qOverload<const QString &>(&ConnectionController::connectionErrorOccurred), this, [this](const QString &errorMessage) {
+        emit m_pageController->showErrorMessage(errorMessage);
+        emit m_vpnConnection->connectionStateChanged(Vpn::ConnectionState::Disconnected);
+    });
 
-    m_pageController.reset(new PageController(m_serversModel, m_settings));
+    connect(m_connectionController.get(), qOverload<ErrorCode>(&ConnectionController::connectionErrorOccurred), this, [this](ErrorCode errorCode) {
+      emit m_pageController->showErrorMessage(errorCode);
+      emit m_vpnConnection->connectionStateChanged(Vpn::ConnectionState::Disconnected);
+    });
+
+    connect(m_connectionController.get(), &ConnectionController::connectButtonClicked, m_connectionController.get(),
+            &ConnectionController::toggleConnection, Qt::QueuedConnection);
+
+    connect(this, &AmneziaApplication::translationsUpdated, m_connectionController.get(), &ConnectionController::onTranslationsUpdated);
+
+    m_pageController.reset(new PageController(m_serversModel, m_settings, m_languageModel));
     m_engine->rootContext()->setContextProperty("PageController", m_pageController.get());
 
-    m_installController.reset(new InstallController(m_serversModel, m_containersModel, m_protocolsModel, m_settings));
+    m_installController.reset(new InstallController(m_serversModel, m_containersModel, m_protocolsModel, m_clientManagementModel, m_settings));
     m_engine->rootContext()->setContextProperty("InstallController", m_installController.get());
     connect(m_installController.get(), &InstallController::passphraseRequestStarted, m_pageController.get(),
             &PageController::showPassphraseRequestDrawer);
@@ -365,30 +393,23 @@ void AmneziaApplication::initControllers()
     m_importController.reset(new ImportController(m_serversModel, m_containersModel, m_settings));
     m_engine->rootContext()->setContextProperty("ImportController", m_importController.get());
 
-    m_exportController.reset(new ExportController(m_serversModel, m_containersModel, m_clientManagementModel,
-                                                  m_settings, m_configurator));
+    m_exportController.reset(new ExportController(m_serversModel, m_containersModel, m_clientManagementModel, m_settings));
     m_engine->rootContext()->setContextProperty("ExportController", m_exportController.get());
 
     m_settingsController.reset(
-            new SettingsController(m_serversModel, m_containersModel, m_languageModel, m_sitesModel, m_settings));
+            new SettingsController(m_serversModel, m_containersModel, m_languageModel, m_sitesModel, m_appSplitTunnelingModel, m_settings));
     m_engine->rootContext()->setContextProperty("SettingsController", m_settingsController.get());
     if (m_settingsController->isAutoConnectEnabled() && m_serversModel->getDefaultServerIndex() >= 0) {
         QTimer::singleShot(1000, this, [this]() { m_connectionController->openConnection(); });
     }
-    connect(m_settingsController.get(), &SettingsController::amneziaDnsToggled, m_serversModel.get(),
-            &ServersModel::toggleAmneziaDns);
+    connect(m_settingsController.get(), &SettingsController::amneziaDnsToggled, m_serversModel.get(), &ServersModel::toggleAmneziaDns);
 
     m_sitesController.reset(new SitesController(m_settings, m_vpnConnection, m_sitesModel));
     m_engine->rootContext()->setContextProperty("SitesController", m_sitesController.get());
 
+    m_appSplitTunnelingController.reset(new AppSplitTunnelingController(m_settings, m_appSplitTunnelingModel));
+    m_engine->rootContext()->setContextProperty("AppSplitTunnelingController", m_appSplitTunnelingController.get());
+
     m_systemController.reset(new SystemController(m_settings));
     m_engine->rootContext()->setContextProperty("SystemController", m_systemController.get());
-
-    m_apiController.reset(new ApiController(m_serversModel, m_containersModel));
-    m_engine->rootContext()->setContextProperty("ApiController", m_apiController.get());
-    connect(m_apiController.get(), &ApiController::updateStarted, this,
-            [this]() { emit m_vpnConnection->connectionStateChanged(Vpn::ConnectionState::Connecting); });
-    connect(m_apiController.get(), &ApiController::errorOccurred, this,
-            [this]() { emit m_vpnConnection->connectionStateChanged(Vpn::ConnectionState::Disconnected); });
-    connect(m_apiController.get(), &ApiController::updateFinished, m_connectionController.get(), &ConnectionController::toggleConnection);
 }

client/amnezia_application.h

@@ -2,6 +2,7 @@
 #define AMNEZIA_APPLICATION_H
 
 #include <QCommandLineParser>
+#include <QNetworkAccessManager>
 #include <QQmlApplicationEngine>
 #include <QQmlContext>
 #include <QThread>
@@ -14,8 +15,6 @@
 #include "settings.h"
 #include "vpnconnection.h"
 
-#include "configurators/vpn_configurator.h"
-
 #include "ui/controllers/connectionController.h"
 #include "ui/controllers/exportController.h"
 #include "ui/controllers/importController.h"
@@ -24,11 +23,13 @@
 #include "ui/controllers/settingsController.h"
 #include "ui/controllers/sitesController.h"
 #include "ui/controllers/systemController.h"
-#include "ui/controllers/apiController.h"
+#include "ui/controllers/appSplitTunnelingController.h"
 #include "ui/models/containers_model.h"
 #include "ui/models/languageModel.h"
 #include "ui/models/protocols/cloakConfigModel.h"
-#include "ui/notificationhandler.h"
+#ifndef Q_OS_ANDROID
+    #include "ui/notificationhandler.h"
+#endif
 #ifdef Q_OS_WINDOWS
     #include "ui/models/protocols/ikev2ConfigModel.h"
 #endif
@@ -36,11 +37,13 @@
 #include "ui/models/protocols/openvpnConfigModel.h"
 #include "ui/models/protocols/shadowsocksConfigModel.h"
 #include "ui/models/protocols/wireguardConfigModel.h"
+#include "ui/models/protocols/xrayConfigModel.h"
 #include "ui/models/protocols_model.h"
 #include "ui/models/servers_model.h"
 #include "ui/models/services/sftpConfigModel.h"
 #include "ui/models/sites_model.h"
 #include "ui/models/clientManagementModel.h"
+#include "ui/models/appSplitTunnelingModel.h"
 
 #define amnApp (static_cast<AmneziaApplication *>(QCoreApplication::instance()))
 
@@ -73,6 +76,7 @@ public:
     bool parseCommands();
 
     QQmlApplicationEngine *qmlEngine() const;
+    QNetworkAccessManager *manager() { return m_nam; }
 
 signals:
     void translationsUpdated();
@@ -83,7 +87,6 @@ private:
 
     QQmlApplicationEngine *m_engine {};
     std::shared_ptr<Settings> m_settings;
-    std::shared_ptr<VpnConfigurator> m_configurator;
 
     QSharedPointer<ContainerProps> m_containerProps;
     QSharedPointer<ProtocolProps> m_protocolProps;
@@ -92,15 +95,18 @@ private:
     QCommandLineParser m_parser;
 
     QSharedPointer<ContainersModel> m_containersModel;
+    QSharedPointer<ContainersModel> m_defaultServerContainersModel;
     QSharedPointer<ServersModel> m_serversModel;
     QSharedPointer<LanguageModel> m_languageModel;
     QSharedPointer<ProtocolsModel> m_protocolsModel;
     QSharedPointer<SitesModel> m_sitesModel;
+    QSharedPointer<AppSplitTunnelingModel> m_appSplitTunnelingModel;
     QSharedPointer<ClientManagementModel> m_clientManagementModel;
 
     QScopedPointer<OpenVpnConfigModel> m_openVpnConfigModel;
     QScopedPointer<ShadowSocksConfigModel> m_shadowSocksConfigModel;
     QScopedPointer<CloakConfigModel> m_cloakConfigModel;
+    QScopedPointer<XrayConfigModel> m_xrayConfigModel;    
     QScopedPointer<WireGuardConfigModel> m_wireGuardConfigModel;
     QScopedPointer<AwgConfigModel> m_awgConfigModel;
 #ifdef Q_OS_WINDOWS
@@ -111,7 +117,9 @@ private:
 
     QSharedPointer<VpnConnection> m_vpnConnection;
     QThread m_vpnConnectionThread;
+#ifndef Q_OS_ANDROID
     QScopedPointer<NotificationHandler> m_notificationHandler;
+#endif
 
     QScopedPointer<ConnectionController> m_connectionController;
     QScopedPointer<PageController> m_pageController;
@@ -121,7 +129,9 @@ private:
     QScopedPointer<SettingsController> m_settingsController;
     QScopedPointer<SitesController> m_sitesController;
     QScopedPointer<SystemController> m_systemController;
-    QScopedPointer<ApiController> m_apiController;
+    QScopedPointer<AppSplitTunnelingController> m_appSplitTunnelingController;
+
+    QNetworkAccessManager *m_nam;
 };
 
 #endif // AMNEZIA_APPLICATION_H

client/android/AndroidManifest.xml

@@ -22,11 +22,9 @@
     <uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" android:maxSdkVersion="28" />
     <uses-permission android:name="android.permission.CAMERA" />
     <uses-permission android:name="android.permission.FOREGROUND_SERVICE" />
-    <uses-permission android:name="android.permission.FOREGROUND_SERVICE_SPECIAL_USE" />
+    <uses-permission android:name="android.permission.FOREGROUND_SERVICE_SYSTEM_EXEMPTED" />
     <uses-permission android:name="android.permission.POST_NOTIFICATIONS" />
-
-    <!-- Enable when VPN-per-app mode will be implemented -->
-    <!-- <uses-permission android:name="android.permission.QUERY_ALL_PACKAGES"/> -->
+    <uses-permission android:name="android.permission.QUERY_ALL_PACKAGES" tools:ignore="QueryAllPackagesPermission" />
 
     <application
         android:name=".AmneziaApplication"
@@ -56,6 +54,10 @@
                 <category android:name="android.intent.category.DEFAULT" />
             </intent-filter>
 
+            <intent-filter>
+                <action android:name="android.service.quicksettings.action.QS_TILE_PREFERENCES" />
+            </intent-filter>
+
             <meta-data
                 android:name="android.app.lib_name"
                 android:value="-- %%INSERT_APP_LIB_NAME%% --" />
@@ -137,14 +139,29 @@
             android:name=".AmneziaVpnService"
             android:process=":amneziaVpnService"
             android:permission="android.permission.BIND_VPN_SERVICE"
-            android:foregroundServiceType="specialUse"
-            android:exported="false">
+            android:foregroundServiceType="systemExempted"
+            android:exported="false"
+            tools:ignore="ForegroundServicePermission">
 
             <intent-filter>
                 <action android:name="android.net.VpnService" />
             </intent-filter>
+        </service>
 
-            <property android:name="android.app.PROPERTY_SPECIAL_USE_FGS_SUBTYPE" android:value="vpn" />
+        <service
+            android:name=".AmneziaTileService"
+            android:process=":amneziaTileService"
+            android:icon="@drawable/ic_amnezia_round"
+            android:permission="android.permission.BIND_QUICK_SETTINGS_TILE"
+            android:exported="true">
+
+            <intent-filter>
+                <action android:name="android.service.quicksettings.action.QS_TILE" />
+            </intent-filter>
+
+            <meta-data
+                android:name="android.service.quicksettings.TOGGLEABLE_TILE"
+                android:value="true" />
         </service>
 
         <provider

client/android/awg/src/main/kotlin/Awg.kt

@@ -64,8 +64,9 @@ class Awg : Wireguard() {
         val configDataJson = config.getJSONObject("awg_config_data")
         val configData = parseConfigData(configDataJson.getString("config"))
         return AwgConfig.build {
-            configWireguard(configData)
+            configWireguard(configData, configDataJson)
             configSplitTunneling(config)
+            configAppSplitTunneling(config)
             configData["Jc"]?.let { setJc(it.toInt()) }
             configData["Jmin"]?.let { setJmin(it.toInt()) }
             configData["Jmax"]?.let { setJmax(it.toInt()) }

client/android/build.gradle.kts

@@ -111,4 +111,5 @@ dependencies {
     implementation(libs.kotlinx.coroutines)
     implementation(libs.bundles.androidx.camera)
     implementation(libs.google.mlkit)
+    implementation(libs.androidx.datastore)
 }

client/android/cloak/src/main/kotlin/Cloak.kt

@@ -3,9 +3,6 @@ package org.amnezia.vpn.protocol.cloak
 import android.util.Base64
 import net.openvpn.ovpn3.ClientAPI_Config
 import org.amnezia.vpn.protocol.openvpn.OpenVpn
-import org.amnezia.vpn.protocol.openvpn.OpenVpnConfig
-import org.amnezia.vpn.util.net.InetNetwork
-import org.amnezia.vpn.util.net.parseInetAddress
 import org.json.JSONObject
 
 /**
@@ -54,13 +51,6 @@ class Cloak : OpenVpn() {
         return openVpnConfig
     }
 
-    override fun configPluggableTransport(configBuilder: OpenVpnConfig.Builder, config: JSONObject) {
-        // exclude remote server ip from vpn routes
-        val remoteServer = config.getString("hostName")
-        val remoteServerAddress = InetNetwork(parseInetAddress(remoteServer))
-        configBuilder.excludeRoute(remoteServerAddress)
-    }
-
     private fun checkCloakJson(cloakConfigJson: JSONObject): JSONObject {
         cloakConfigJson.put("NumConn", 1)
         cloakConfigJson.put("ProxyMethod", "openvpn")

client/android/gradle/libs.versions.toml

@@ -6,6 +6,7 @@ androidx-activity = "1.8.1"
 androidx-annotation = "1.7.0"
 androidx-camera = "1.3.0"
 androidx-security-crypto = "1.1.0-alpha06"
+androidx-datastore = "1.1.0-beta01"
 kotlinx-coroutines = "1.7.3"
 google-mlkit = "17.2.0"
 
@@ -18,6 +19,7 @@ androidx-camera-camera2 = { module = "androidx.camera:camera-camera2", version.r
 androidx-camera-lifecycle = { module = "androidx.camera:camera-lifecycle", version.ref = "androidx-camera" }
 androidx-camera-view = { module = "androidx.camera:camera-view", version.ref = "androidx-camera" }
 androidx-security-crypto = { module = "androidx.security:security-crypto-ktx", version.ref = "androidx-security-crypto" }
+androidx-datastore = { module = "androidx.datastore:datastore-preferences", version.ref = "androidx-datastore" }
 kotlinx-coroutines = { module = "org.jetbrains.kotlinx:kotlinx-coroutines-android", version.ref = "kotlinx-coroutines" }
 google-mlkit = { module = "com.google.mlkit:barcode-scanning", version.ref = "google-mlkit" }
 

client/android/openvpn/src/main/kotlin/org/amnezia/vpn/protocol/openvpn/OpenVpn.kt

@@ -13,7 +13,9 @@ import org.amnezia.vpn.protocol.ProtocolState
 import org.amnezia.vpn.protocol.ProtocolState.DISCONNECTED
 import org.amnezia.vpn.protocol.Statistics
 import org.amnezia.vpn.protocol.VpnStartException
+import org.amnezia.vpn.util.net.InetNetwork
 import org.amnezia.vpn.util.net.getLocalNetworks
+import org.amnezia.vpn.util.net.parseInetAddress
 import org.json.JSONObject
 
 /**
@@ -77,8 +79,15 @@ open class OpenVpn : Protocol() {
                 if (evalConfig.error) {
                     throw BadConfigException("OpenVPN config parse error: ${evalConfig.message}")
                 }
+
+                // exclude remote server ip from vpn routes
+                val remoteServer = config.getString("hostName")
+                val remoteServerAddress = InetNetwork(parseInetAddress(remoteServer))
+                configBuilder.excludeRoute(remoteServerAddress)
+
                 configPluggableTransport(configBuilder, config)
                 configBuilder.configSplitTunneling(config)
+                configBuilder.configAppSplitTunneling(config)
 
                 scope.launch {
                     val status = client.connect()

client/android/protocolApi/src/main/kotlin/Protocol.kt

@@ -64,6 +64,22 @@ abstract class Protocol {
         }
     }
 
+    protected fun ProtocolConfig.Builder.configAppSplitTunneling(config: JSONObject) {
+        val splitTunnelType = config.optInt("appSplitTunnelType")
+        if (splitTunnelType == SPLIT_TUNNEL_DISABLE) return
+        val splitTunnelApps = config.getJSONArray("splitTunnelApps")
+        val appHandlerFunc = when (splitTunnelType) {
+            SPLIT_TUNNEL_INCLUDE -> ::includeApplication
+            SPLIT_TUNNEL_EXCLUDE -> ::excludeApplication
+
+            else -> throw BadConfigException("Unexpected value of the 'appSplitTunnelType' parameter: $splitTunnelType")
+        }
+
+        for (i in 0 until splitTunnelApps.length()) {
+            appHandlerFunc(splitTunnelApps.getString(i))
+        }
+    }
+
     protected open fun buildVpnInterface(config: ProtocolConfig, vpnBuilder: Builder) {
         vpnBuilder.setSession(VPN_SESSION_NAME)
 
@@ -89,20 +105,27 @@ abstract class Protocol {
             vpnBuilder.addSearchDomain(it)
         }
 
-        for (addr in config.routes) {
-            Log.d(TAG, "addRoute: $addr")
-            vpnBuilder.addRoute(addr)
-        }
-
-        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.TIRAMISU) {
-            for (addr in config.excludedRoutes) {
-                Log.d(TAG, "excludeRoute: $addr")
-                vpnBuilder.excludeRoute(addr)
+        for ((inetNetwork, include) in config.routes) {
+            if (include) {
+                Log.d(TAG, "addRoute: $inetNetwork")
+                vpnBuilder.addRoute(inetNetwork)
+            } else {
+                if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.TIRAMISU) {
+                    Log.d(TAG, "excludeRoute: $inetNetwork")
+                    vpnBuilder.excludeRoute(inetNetwork)
+                } else {
+                    Log.e(TAG, "Trying to exclude route $inetNetwork on old Android")
+                }
             }
         }
 
+        for (app in config.includedApplications) {
+            Log.d(TAG, "addAllowedApplication")
+            vpnBuilder.addAllowedApplication(app)
+        }
+
         for (app in config.excludedApplications) {
-            Log.d(TAG, "addDisallowedApplication: $app")
+            Log.d(TAG, "addDisallowedApplication")
             vpnBuilder.addDisallowedApplication(app)
         }
 

client/android/protocolApi/src/main/kotlin/ProtocolConfig.kt

@@ -12,10 +12,10 @@ open class ProtocolConfig protected constructor(
     val addresses: Set<InetNetwork>,
     val dnsServers: Set<InetAddress>,
     val searchDomain: String?,
-    val routes: Set<InetNetwork>,
-    val excludedRoutes: Set<InetNetwork>,
+    val routes: Set<Route>,
     val includedAddresses: Set<InetNetwork>,
     val excludedAddresses: Set<InetNetwork>,
+    val includedApplications: Set<String>,
     val excludedApplications: Set<String>,
     val httpProxy: ProxyInfo?,
     val allowAllAF: Boolean,
@@ -28,9 +28,9 @@ open class ProtocolConfig protected constructor(
         builder.dnsServers,
         builder.searchDomain,
         builder.routes,
-        builder.excludedRoutes,
         builder.includedAddresses,
         builder.excludedAddresses,
+        builder.includedApplications,
         builder.excludedApplications,
         builder.httpProxy,
         builder.allowAllAF,
@@ -41,10 +41,10 @@ open class ProtocolConfig protected constructor(
     open class Builder(blockingMode: Boolean) {
         internal val addresses: MutableSet<InetNetwork> = hashSetOf()
         internal val dnsServers: MutableSet<InetAddress> = hashSetOf()
-        internal val routes: MutableSet<InetNetwork> = hashSetOf()
-        internal val excludedRoutes: MutableSet<InetNetwork> = hashSetOf()
+        internal val routes: MutableSet<Route> = mutableSetOf()
         internal val includedAddresses: MutableSet<InetNetwork> = hashSetOf()
         internal val excludedAddresses: MutableSet<InetNetwork> = hashSetOf()
+        internal val includedApplications: MutableSet<String> = hashSetOf()
         internal val excludedApplications: MutableSet<String> = hashSetOf()
 
         internal var searchDomain: String? = null
@@ -74,13 +74,21 @@ open class ProtocolConfig protected constructor(
 
         fun setSearchDomain(domain: String) = apply { this.searchDomain = domain }
 
-        fun addRoute(route: InetNetwork) = apply { this.routes += route }
-        fun addRoutes(routes: Collection<InetNetwork>) = apply { this.routes += routes }
-        fun removeRoute(route: InetNetwork) = apply { this.routes.remove(route) }
+        fun addRoute(route: InetNetwork) = apply { this.routes += Route(route, true) }
+        fun addRoutes(routes: Collection<InetNetwork>) = apply { this.routes += routes.map { Route(it, true) } }
+
+        fun excludeRoute(route: InetNetwork) = apply { this.routes += Route(route, false) }
+        fun excludeRoutes(routes: Collection<InetNetwork>) = apply { this.routes += routes.map { Route(it, false) } }
+
+        fun removeRoute(route: InetNetwork) = apply { this.routes.removeIf { it.inetNetwork == route } }
         fun clearRoutes() = apply { this.routes.clear() }
 
-        fun excludeRoute(route: InetNetwork) = apply { this.excludedRoutes += route }
-        fun excludeRoutes(routes: Collection<InetNetwork>) = apply { this.excludedRoutes += routes }
+        fun prependRoutes(block: Builder.() -> Unit) = apply {
+            val savedRoutes = mutableListOf<Route>().apply { addAll(routes) }
+            routes.clear()
+            block()
+            routes.addAll(savedRoutes)
+        }
 
         fun includeAddress(addr: InetNetwork) = apply { this.includedAddresses += addr }
         fun includeAddresses(addresses: Collection<InetNetwork>) = apply { this.includedAddresses += addresses }
@@ -88,6 +96,9 @@ open class ProtocolConfig protected constructor(
         fun excludeAddress(addr: InetNetwork) = apply { this.excludedAddresses += addr }
         fun excludeAddresses(addresses: Collection<InetNetwork>) = apply { this.excludedAddresses += addresses }
 
+        fun includeApplication(application: String) = apply { this.includedApplications += application }
+        fun includeApplications(applications: Collection<String>) = apply { this.includedApplications += applications }
+
         fun excludeApplication(application: String) = apply { this.excludedApplications += application }
         fun excludeApplications(applications: Collection<String>) = apply { this.excludedApplications += applications }
 
@@ -111,37 +122,46 @@ open class ProtocolConfig protected constructor(
                 // remove default routes, if any
                 removeRoute(InetNetwork("0.0.0.0", 0))
                 removeRoute(InetNetwork("::", 0))
-                if (Build.VERSION.SDK_INT < Build.VERSION_CODES.TIRAMISU) {
-                    // for older versions of Android, add the default route to the excluded routes
-                    // to correctly build the excluded subnets list later
-                    excludeRoute(InetNetwork("0.0.0.0", 0))
+                removeRoute(InetNetwork("2000::", 3))
+                prependRoutes {
+                    addRoutes(includedAddresses)
                 }
-                addRoutes(includedAddresses)
             } else if (excludedAddresses.isNotEmpty()) {
-                if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.TIRAMISU) {
-                    // default routes are required for split tunneling in newer versions of Android
+                prependRoutes {
                     addRoute(InetNetwork("0.0.0.0", 0))
-                    addRoute(InetNetwork("::", 0))
+                    addRoute(InetNetwork("2000::", 3))
+                    excludeRoutes(excludedAddresses)
                 }
-                excludeRoutes(excludedAddresses)
             }
         }
 
-        private fun processExcludedRoutes() {
-            if (Build.VERSION.SDK_INT < Build.VERSION_CODES.TIRAMISU && excludedRoutes.isNotEmpty()) {
-                // todo: rewrite, taking into account the current routes
-                // for older versions of Android, build a list of subnets without excluded routes
-                // and add them to routes
-                val ipRangeSet = IpRangeSet()
-                ipRangeSet.remove(IpRange("127.0.0.0", 8))
-                excludedRoutes.forEach {
-                    ipRangeSet.remove(IpRange(it))
+        private fun processRoutes() {
+            // replace ::/0 as it may cause LAN connection issues
+            val ipv6DefaultRoute = InetNetwork("::", 0)
+            if (routes.removeIf { it.include && it.inetNetwork == ipv6DefaultRoute }) {
+                prependRoutes {
+                    addRoute(InetNetwork("2000::", 3))
                 }
-                // remove default routes, if any
-                removeRoute(InetNetwork("0.0.0.0", 0))
-                removeRoute(InetNetwork("::", 0))
+            }
+            // for older versions of Android, build a list of subnets without excluded routes
+            // and add them to routes
+            if (Build.VERSION.SDK_INT < Build.VERSION_CODES.TIRAMISU && routes.any { !it.include }) {
+                val ipRangeSet = IpRangeSet()
+                routes.forEach {
+                    if (it.include) ipRangeSet.add(IpRange(it.inetNetwork))
+                    else ipRangeSet.remove(IpRange(it.inetNetwork))
+                }
+                ipRangeSet.remove(IpRange("127.0.0.0", 8))
+                ipRangeSet.remove(IpRange("::1", 128))
+                routes.clear()
                 ipRangeSet.subnets().forEach(::addRoute)
-                addRoute(InetNetwork("2000::", 3))
+            }
+            // filter ipv4 and ipv6 loopback addresses
+            val ipv6Loopback = InetNetwork("::1", 128)
+            routes.removeIf {
+                it.include &&
+                    if (it.inetNetwork.isIpv4) it.inetNetwork.address.address[0] == 127.toByte()
+                    else it.inetNetwork == ipv6Loopback
             }
         }
 
@@ -159,7 +179,7 @@ open class ProtocolConfig protected constructor(
 
         protected fun configBuild() {
             processSplitTunneling()
-            processExcludedRoutes()
+            processRoutes()
             validate()
         }
 
@@ -171,3 +191,5 @@ open class ProtocolConfig protected constructor(
             Builder(blockingMode).apply(block).build()
     }
 }
+
+data class Route(val inetNetwork: InetNetwork, val include: Boolean)

client/android/protocolApi/src/main/kotlin/ProtocolState.kt

@@ -2,9 +2,9 @@ package org.amnezia.vpn.protocol
 
 // keep synchronized with client/platforms/android/android_controller.h ConnectionState
 enum class ProtocolState {
+    DISCONNECTED,
     CONNECTED,
     CONNECTING,
-    DISCONNECTED,
     DISCONNECTING,
     RECONNECTING,
     UNKNOWN

client/android/protocolApi/src/main/kotlin/Status.kt

@@ -28,6 +28,10 @@ fun Bundle.putStatus(status: Status) {
     putInt(STATE_KEY, status.state.ordinal)
 }
 
+fun Bundle.putStatus(state: ProtocolState) {
+    putInt(STATE_KEY, state.ordinal)
+}
+
 fun Bundle.getStatus(): Status =
     Status.build {
         setState(ProtocolState.entries[getInt(STATE_KEY)])

client/android/res/values-ru/strings.xml

@@ -0,0 +1,26 @@
+<?xml version='1.0' encoding='utf-8'?>
+<resources>
+    <string name="disconnected">Не подключено</string>
+    <string name="connected">Подключено</string>
+    <string name="connecting">Подключение…</string>
+    <string name="disconnecting">Отключение…</string>
+    <string name="reconnecting">Переподключение…</string>
+    <string name="connect">Подключиться</string>
+    <string name="disconnect">Отключиться</string>
+    <string name="ok">ОК</string>
+    <string name="cancel">Отмена</string>
+    <string name="yes">Да</string>
+    <string name="no">Нет</string>
+
+    <string name="vpnGranted">VPN-подключение разрешено</string>
+    <string name="vpnSetupFailed">Ошибка настройки VPN</string>
+    <string name="vpnSetupFailedMessage">Чтобы подключиться к AmneziaVPN необходимо:\n\n- Разрешить приложению подключаться к сети VPN\n- Отключить функцию \"Постоянная VPN\" для всех остальных VPN-приложений в системных настройках VPN</string>
+    <string name="openVpnSettings">Открыть настройки VPN</string>
+
+    <string name="notificationChannelDescription">Уведомления сервиса AmneziaVPN</string>
+    <string name="notificationDialogTitle">Сервис AmneziaVPN</string>
+    <string name="notificationDialogMessage">Показывать статус VPN в строке состояния?</string>
+    <string name="notificationSettingsDialogTitle">Настройки уведомлений</string>
+    <string name="notificationSettingsDialogMessage">Для показа уведомлений необходимо включить уведомления в системных настройках</string>
+    <string name="openNotificationSettings">Открыть настройки уведомлений</string>
+</resources>

client/android/res/values/strings.xml

@@ -0,0 +1,26 @@
+<?xml version='1.0' encoding='utf-8'?>
+<resources>
+    <string name="disconnected">Not connected</string>
+    <string name="connected">Connected</string>
+    <string name="connecting">Connecting…</string>
+    <string name="disconnecting">Disconnecting…</string>
+    <string name="reconnecting">Reconnecting…</string>
+    <string name="connect">Connect</string>
+    <string name="disconnect">Disconnect</string>
+    <string name="ok">OK</string>
+    <string name="cancel">Cancel</string>
+    <string name="yes">Yes</string>
+    <string name="no">No</string>
+
+    <string name="vpnGranted">VPN permission granted</string>
+    <string name="vpnSetupFailed">VPN setup error</string>
+    <string name="vpnSetupFailedMessage">To connect to AmneziaVPN, please do the following:\n\n- Allow the app to set up a VPN connection\n- Disable Always-on VPN for any other VPN app in the VPN system settings</string>
+    <string name="openVpnSettings">Open VPN settings</string>
+
+    <string name="notificationChannelDescription">AmneziaVPN service notification</string>
+    <string name="notificationDialogTitle">AmneziaVPN service</string>
+    <string name="notificationDialogMessage">Show the VPN state in the status bar?</string>
+    <string name="notificationSettingsDialogTitle">Notification settings</string>
+    <string name="notificationSettingsDialogMessage">To show notifications, you must enable notifications in the system settings</string>
+    <string name="openNotificationSettings">Open notification settings</string>
+</resources>

client/android/src/org/amnezia/vpn/AmneziaActivity.kt

@@ -1,46 +1,59 @@
 package org.amnezia.vpn
 
+import android.Manifest
+import android.app.AlertDialog
+import android.app.NotificationManager
+import android.content.BroadcastReceiver
 import android.content.ComponentName
 import android.content.Intent
 import android.content.Intent.EXTRA_MIME_TYPES
 import android.content.Intent.FLAG_ACTIVITY_LAUNCHED_FROM_HISTORY
 import android.content.ServiceConnection
 import android.content.pm.PackageManager
-import android.net.Uri
+import android.graphics.Bitmap
 import android.net.VpnService
+import android.os.Build
 import android.os.Bundle
 import android.os.Handler
 import android.os.IBinder
 import android.os.Looper
 import android.os.Message
 import android.os.Messenger
+import android.provider.Settings
+import android.view.WindowManager.LayoutParams
 import android.webkit.MimeTypeMap
 import android.widget.Toast
 import androidx.annotation.MainThread
+import androidx.annotation.RequiresApi
 import androidx.core.content.ContextCompat
 import java.io.IOException
 import kotlin.LazyThreadSafetyMode.NONE
 import kotlin.text.RegexOption.IGNORE_CASE
+import AppListProvider
 import kotlinx.coroutines.CompletableDeferred
 import kotlinx.coroutines.CoroutineScope
 import kotlinx.coroutines.Dispatchers
 import kotlinx.coroutines.SupervisorJob
 import kotlinx.coroutines.cancel
-import kotlinx.coroutines.delay
 import kotlinx.coroutines.launch
-import org.amnezia.vpn.protocol.ProtocolState
+import kotlinx.coroutines.runBlocking
+import kotlinx.coroutines.withContext
 import org.amnezia.vpn.protocol.getStatistics
 import org.amnezia.vpn.protocol.getStatus
 import org.amnezia.vpn.qt.QtAndroidController
 import org.amnezia.vpn.util.Log
+import org.amnezia.vpn.util.Prefs
 import org.qtproject.qt.android.bindings.QtActivity
 
 private const val TAG = "AmneziaActivity"
+const val ACTIVITY_MESSENGER_NAME = "Activity"
 
 private const val CHECK_VPN_PERMISSION_ACTION_CODE = 1
 private const val CREATE_FILE_ACTION_CODE = 2
 private const val OPEN_FILE_ACTION_CODE = 3
-private const val BIND_SERVICE_TIMEOUT = 1000L
+private const val CHECK_NOTIFICATION_PERMISSION_ACTION_CODE = 4
+
+private const val PREFS_NOTIFICATION_PERMISSION_ASKED = "NOTIFICATION_PERMISSION_ASKED"
 
 class AmneziaActivity : QtActivity() {
 
@@ -49,8 +62,11 @@ class AmneziaActivity : QtActivity() {
     private var isWaitingStatus = true
     private var isServiceConnected = false
     private var isInBoundState = false
+    private var notificationStateReceiver: BroadcastReceiver? = null
     private lateinit var vpnServiceMessenger: IpcMessenger
-    private var tmpFileContentToSave: String = ""
+
+    private val actionResultHandlers = mutableMapOf<Int, ActivityResultHandler>()
+    private val permissionRequestHandlers = mutableMapOf<Int, PermissionRequestHandler>()
 
     private val vpnServiceEventHandler: Handler by lazy(NONE) {
         object : Handler(Looper.getMainLooper()) {
@@ -58,25 +74,17 @@ class AmneziaActivity : QtActivity() {
                 val event = msg.extractIpcMessage<ServiceEvent>()
                 Log.d(TAG, "Handle event: $event")
                 when (event) {
-                    ServiceEvent.CONNECTED -> {
-                        QtAndroidController.onVpnConnected()
-                    }
-
-                    ServiceEvent.DISCONNECTED -> {
-                        QtAndroidController.onVpnDisconnected()
-                        doUnbindService()
-                    }
-
-                    ServiceEvent.RECONNECTING -> {
-                        QtAndroidController.onVpnReconnecting()
+                    ServiceEvent.STATUS_CHANGED -> {
+                        msg.data?.getStatus()?.let { (state) ->
+                            Log.d(TAG, "Handle protocol state: $state")
+                            QtAndroidController.onVpnStateChanged(state.ordinal)
+                        }
                     }
 
                     ServiceEvent.STATUS -> {
                         if (isWaitingStatus) {
                             isWaitingStatus = false
-                            msg.data?.getStatus()?.let { (state) ->
-                                QtAndroidController.onStatus(state.ordinal)
-                            }
+                            msg.data?.getStatus()?.let { QtAndroidController.onStatus(it) }
                         }
                     }
 
@@ -87,7 +95,7 @@ class AmneziaActivity : QtActivity() {
                     }
 
                     ServiceEvent.ERROR -> {
-                        msg.data?.getString(ERROR_MSG)?.let { error ->
+                        msg.data?.getString(MSG_ERROR)?.let { error ->
                             Log.e(TAG, "From VpnService: $error")
                         }
                         // todo: add error reporting to Qt
@@ -109,14 +117,15 @@ class AmneziaActivity : QtActivity() {
                 // get a messenger from the service to send actions to the service
                 vpnServiceMessenger.set(Messenger(service))
                 // send a messenger to the service to process service events
-                vpnServiceMessenger.send {
-                    Action.REGISTER_CLIENT.packToMessage().apply {
-                        replyTo = activityMessenger
-                    }
-                }
+                vpnServiceMessenger.send(
+                    Action.REGISTER_CLIENT.packToMessage {
+                        putString(MSG_CLIENT_NAME, ACTIVITY_MESSENGER_NAME)
+                    },
+                    replyTo = activityMessenger
+                )
                 isServiceConnected = true
                 if (isWaitingStatus) {
-                    vpnServiceMessenger.send(Action.REQUEST_STATUS)
+                    vpnServiceMessenger.send(Action.REQUEST_STATUS, replyTo = activityMessenger)
                 }
             }
 
@@ -126,6 +135,7 @@ class AmneziaActivity : QtActivity() {
                 vpnServiceMessenger.reset()
                 isWaitingStatus = true
                 QtAndroidController.onServiceDisconnected()
+                doBindService()
             }
 
             override fun onBindingDied(name: ComponentName?) {
@@ -136,10 +146,6 @@ class AmneziaActivity : QtActivity() {
         }
     }
 
-    private data class CheckVpnPermissionCallbacks(val onSuccess: () -> Unit, val onFail: () -> Unit)
-
-    private var checkVpnPermissionCallbacks: CheckVpnPermissionCallbacks? = null
-
     /**
      * Activity overloaded methods
      */
@@ -148,12 +154,36 @@ class AmneziaActivity : QtActivity() {
         Log.d(TAG, "Create Amnezia activity: $intent")
         mainScope = CoroutineScope(SupervisorJob() + Dispatchers.Main.immediate)
         vpnServiceMessenger = IpcMessenger(
-            onDeadObjectException = ::doUnbindService,
-            messengerName = "VpnService"
+            "VpnService",
+            onDeadObjectException = {
+                doUnbindService()
+                doBindService()
+            }
         )
+        registerBroadcastReceivers()
         intent?.let(::processIntent)
     }
 
+    private fun registerBroadcastReceivers() {
+        notificationStateReceiver = if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
+            registerBroadcastReceiver(
+                arrayOf(
+                    NotificationManager.ACTION_NOTIFICATION_CHANNEL_BLOCK_STATE_CHANGED,
+                    NotificationManager.ACTION_APP_BLOCK_STATE_CHANGED
+                )
+            ) {
+                Log.d(
+                    TAG, "Notification state changed: ${it?.action}, blocked = " +
+                        "${it?.getBooleanExtra(NotificationManager.EXTRA_BLOCKED_STATE, false)}"
+                )
+                mainScope.launch {
+                    qtInitialized.await()
+                    QtAndroidController.onNotificationStateChanged()
+                }
+            }
+        } else null
+    }
+
     override fun onNewIntent(intent: Intent?) {
         super.onNewIntent(intent)
         Log.d(TAG, "onNewIntent: $intent")
@@ -191,50 +221,46 @@ class AmneziaActivity : QtActivity() {
 
     override fun onDestroy() {
         Log.d(TAG, "Destroy Amnezia activity")
+        unregisterBroadcastReceiver(notificationStateReceiver)
+        notificationStateReceiver = null
         mainScope.cancel()
         super.onDestroy()
     }
 
     override fun onActivityResult(requestCode: Int, resultCode: Int, data: Intent?) {
-        when (requestCode) {
-            CREATE_FILE_ACTION_CODE -> {
-                when (resultCode) {
-                    RESULT_OK -> {
-                        data?.data?.let { uri ->
-                            alterDocument(uri)
-                        }
-                    }
-                }
+        Log.d(TAG, "Process activity result, code: ${actionCodeToString(requestCode)}, " +
+                "resultCode: $resultCode, data: $data")
+        actionResultHandlers[requestCode]?.let { handler ->
+            when (resultCode) {
+                RESULT_OK -> handler.onSuccess(data)
+                else -> handler.onFail(data)
             }
+            handler.onAny(data)
+            actionResultHandlers.remove(requestCode)
+        } ?: super.onActivityResult(requestCode, resultCode, data)
+    }
 
-            OPEN_FILE_ACTION_CODE -> {
-                when (resultCode) {
-                    RESULT_OK -> data?.data?.toString() ?: ""
-                    else -> ""
-                }.let { uri ->
-                    QtAndroidController.onFileOpened(uri)
-                }
+    private fun startActivityForResult(intent: Intent, requestCode: Int, handler: ActivityResultHandler) {
+        actionResultHandlers[requestCode] = handler
+        startActivityForResult(intent, requestCode)
+    }
+
+    override fun onRequestPermissionsResult(requestCode: Int, permissions: Array<out String>, grantResults: IntArray) {
+        Log.d(TAG, "Process permission result, code: ${actionCodeToString(requestCode)}, " +
+                "permissions: ${permissions.contentToString()}, results: ${grantResults.contentToString()}")
+        permissionRequestHandlers[requestCode]?.let { handler ->
+            if (grantResults.isNotEmpty()) {
+                if (grantResults[0] == PackageManager.PERMISSION_GRANTED) handler.onSuccess()
+                else handler.onFail()
             }
+            handler.onAny()
+            permissionRequestHandlers.remove(requestCode)
+        } ?: super.onRequestPermissionsResult(requestCode, permissions, grantResults)
+    }
 
-            CHECK_VPN_PERMISSION_ACTION_CODE -> {
-                when (resultCode) {
-                    RESULT_OK -> {
-                        Log.d(TAG, "Vpn permission granted")
-                        Toast.makeText(this, "Vpn permission granted", Toast.LENGTH_LONG).show()
-                        checkVpnPermissionCallbacks?.run { onSuccess() }
-                    }
-
-                    else -> {
-                        Log.w(TAG, "Vpn permission denied, resultCode: $resultCode")
-                        Toast.makeText(this, "Vpn permission denied", Toast.LENGTH_LONG).show()
-                        checkVpnPermissionCallbacks?.run { onFail() }
-                    }
-                }
-                checkVpnPermissionCallbacks = null
-            }
-
-            else -> super.onActivityResult(requestCode, resultCode, data)
-        }
+    private fun requestPermission(permission: String, requestCode: Int, handler: PermissionRequestHandler) {
+        permissionRequestHandlers[requestCode] = handler
+        requestPermissions(arrayOf(permission), requestCode)
     }
 
     /**
@@ -244,10 +270,9 @@ class AmneziaActivity : QtActivity() {
     private fun doBindService() {
         Log.d(TAG, "Bind service")
         Intent(this, AmneziaVpnService::class.java).also {
-            bindService(it, serviceConnection, BIND_ABOVE_CLIENT)
+            bindService(it, serviceConnection, BIND_ABOVE_CLIENT and BIND_AUTO_CREATE)
         }
         isInBoundState = true
-        handleBindTimeout()
     }
 
     @MainThread
@@ -256,45 +281,86 @@ class AmneziaActivity : QtActivity() {
             Log.d(TAG, "Unbind service")
             isWaitingStatus = true
             QtAndroidController.onServiceDisconnected()
-            vpnServiceMessenger.reset()
             isServiceConnected = false
+            vpnServiceMessenger.send(Action.UNREGISTER_CLIENT, activityMessenger)
+            vpnServiceMessenger.reset()
             isInBoundState = false
             unbindService(serviceConnection)
         }
     }
 
-    private fun handleBindTimeout() {
-        mainScope.launch {
-            if (isWaitingStatus) {
-                delay(BIND_SERVICE_TIMEOUT)
-                if (isWaitingStatus && !isServiceConnected) {
-                    Log.d(TAG, "Bind timeout, reset connection status")
-                    isWaitingStatus = false
-                    QtAndroidController.onStatus(ProtocolState.DISCONNECTED.ordinal)
-                }
-            }
-        }
-    }
-
     /**
      * Methods of starting and stopping VpnService
      */
-    private fun checkVpnPermissionAndStart(vpnConfig: String) {
-        checkVpnPermission(
-            onSuccess = { startVpn(vpnConfig) },
-            onFail = QtAndroidController::onVpnPermissionRejected
-        )
+    @MainThread
+    private fun checkVpnPermission(onPermissionGranted: () -> Unit) {
+        Log.d(TAG, "Check VPN permission")
+        VpnService.prepare(applicationContext)?.let { intent ->
+            startActivityForResult(intent, CHECK_VPN_PERMISSION_ACTION_CODE, ActivityResultHandler(
+                onSuccess = {
+                    Log.d(TAG, "Vpn permission granted")
+                    Toast.makeText(this@AmneziaActivity, resources.getText(R.string.vpnGranted), Toast.LENGTH_LONG).show()
+                    onPermissionGranted()
+                },
+                onFail = {
+                    Log.w(TAG, "Vpn permission denied")
+                    showOnVpnPermissionRejectDialog()
+                    mainScope.launch {
+                        qtInitialized.await()
+                        QtAndroidController.onVpnPermissionRejected()
+                    }
+                }
+            ))
+        } ?: onPermissionGranted()
     }
 
-    @MainThread
-    private fun checkVpnPermission(onSuccess: () -> Unit, onFail: () -> Unit) {
-        Log.d(TAG, "Check VPN permission")
-        VpnService.prepare(applicationContext)?.let {
-            checkVpnPermissionCallbacks = CheckVpnPermissionCallbacks(onSuccess, onFail)
-            startActivityForResult(it, CHECK_VPN_PERMISSION_ACTION_CODE)
-            return
+    private fun showOnVpnPermissionRejectDialog() {
+        AlertDialog.Builder(this)
+            .setTitle(R.string.vpnSetupFailed)
+            .setMessage(R.string.vpnSetupFailedMessage)
+            .setNegativeButton(R.string.ok) { _, _ -> }
+            .setPositiveButton(R.string.openVpnSettings) { _, _ ->
+                startActivity(Intent(Settings.ACTION_VPN_SETTINGS))
+            }
+            .show()
+    }
+
+    private fun checkNotificationPermission(onChecked: () -> Unit) {
+        Log.d(TAG, "Check notification permission")
+        if (
+            !isNotificationPermissionGranted() &&
+            !Prefs.load<Boolean>(PREFS_NOTIFICATION_PERMISSION_ASKED)
+        ) {
+            showNotificationPermissionDialog(onChecked)
+        } else {
+            onChecked()
         }
-        onSuccess()
+    }
+
+    @RequiresApi(Build.VERSION_CODES.TIRAMISU)
+    private fun showNotificationPermissionDialog(onChecked: () -> Unit) {
+        AlertDialog.Builder(this)
+            .setTitle(R.string.notificationDialogTitle)
+            .setMessage(R.string.notificationDialogMessage)
+            .setNegativeButton(R.string.no) { _, _ ->
+                Prefs.save(PREFS_NOTIFICATION_PERMISSION_ASKED, true)
+                onChecked()
+            }
+            .setPositiveButton(R.string.yes) { _, _ ->
+                val saveAsked: () -> Unit = {
+                    Prefs.save(PREFS_NOTIFICATION_PERMISSION_ASKED, true)
+                }
+                requestPermission(
+                    Manifest.permission.POST_NOTIFICATIONS,
+                    CHECK_NOTIFICATION_PERMISSION_ACTION_CODE,
+                    PermissionRequestHandler(
+                        onSuccess = saveAsked,
+                        onFail = saveAsked,
+                        onAny = onChecked
+                    )
+                )
+            }
+            .show()
     }
 
     @MainThread
@@ -312,7 +378,7 @@ class AmneziaActivity : QtActivity() {
         Log.d(TAG, "Connect to VPN")
         vpnServiceMessenger.send {
             Action.CONNECT.packToMessage {
-                putString(VPN_CONFIG, vpnConfig)
+                putString(MSG_VPN_CONFIG, vpnConfig)
             }
         }
     }
@@ -320,30 +386,23 @@ class AmneziaActivity : QtActivity() {
     private fun startVpnService(vpnConfig: String) {
         Log.d(TAG, "Start VPN service")
         Intent(this, AmneziaVpnService::class.java).apply {
-            putExtra(VPN_CONFIG, vpnConfig)
+            putExtra(MSG_VPN_CONFIG, vpnConfig)
         }.also {
-            ContextCompat.startForegroundService(this, it)
+            try {
+                ContextCompat.startForegroundService(this, it)
+            } catch (e: SecurityException) {
+                Log.e(TAG, "Failed to start AmneziaVpnService: $e")
+                QtAndroidController.onServiceError()
+            }
         }
     }
 
+    @MainThread
     private fun disconnectFromVpn() {
         Log.d(TAG, "Disconnect from VPN")
         vpnServiceMessenger.send(Action.DISCONNECT)
     }
 
-    // saving file
-    private fun alterDocument(uri: Uri) {
-        try {
-            contentResolver.openOutputStream(uri)?.use { os ->
-                os.bufferedWriter().use { it.write(tmpFileContentToSave) }
-            }
-        } catch (e: IOException) {
-            e.printStackTrace()
-        }
-
-        tmpFileContentToSave = ""
-    }
-
     /**
      * Methods called by Qt
      */
@@ -357,7 +416,11 @@ class AmneziaActivity : QtActivity() {
     fun start(vpnConfig: String) {
         Log.v(TAG, "Start VPN")
         mainScope.launch {
-            checkVpnPermissionAndStart(vpnConfig)
+            checkVpnPermission {
+                checkNotificationPermission {
+                    startVpn(vpnConfig)
+                }
+            }
         }
     }
 
@@ -369,18 +432,46 @@ class AmneziaActivity : QtActivity() {
         }
     }
 
+    @Suppress("unused")
+    fun resetLastServer(index: Int) {
+        Log.v(TAG, "Reset server: $index")
+        mainScope.launch {
+            VpnStateStore.store {
+                if (index == -1 || it.serverIndex == index) {
+                    VpnState.defaultState
+                } else if (it.serverIndex > index) {
+                    it.copy(serverIndex = it.serverIndex - 1)
+                } else {
+                    it
+                }
+            }
+        }
+    }
+
     @Suppress("unused")
     fun saveFile(fileName: String, data: String) {
         Log.d(TAG, "Save file $fileName")
         mainScope.launch {
-            tmpFileContentToSave = data
-
             Intent(Intent.ACTION_CREATE_DOCUMENT).apply {
                 addCategory(Intent.CATEGORY_OPENABLE)
                 type = "text/*"
                 putExtra(Intent.EXTRA_TITLE, fileName)
             }.also {
-                startActivityForResult(it, CREATE_FILE_ACTION_CODE)
+                startActivityForResult(it, CREATE_FILE_ACTION_CODE, ActivityResultHandler(
+                    onSuccess = {
+                        it?.data?.let { uri ->
+                            Log.d(TAG, "Save file to $uri")
+                            try {
+                                contentResolver.openOutputStream(uri)?.use { os ->
+                                    os.bufferedWriter().use { it.write(data) }
+                                }
+                            } catch (e: IOException) {
+                                Log.e(TAG, "Failed to save file $uri: $e")
+                                // todo: send error to Qt
+                            }
+                        }
+                    }
+                ))
             }
         }
     }
@@ -388,38 +479,47 @@ class AmneziaActivity : QtActivity() {
     @Suppress("unused")
     fun openFile(filter: String?) {
         Log.v(TAG, "Open file with filter: $filter")
+        mainScope.launch {
+            val mimeTypes = if (!filter.isNullOrEmpty()) {
+                val extensionRegex = "\\*\\.([a-z0-9]+)".toRegex(IGNORE_CASE)
+                val mime = MimeTypeMap.getSingleton()
+                extensionRegex.findAll(filter).map {
+                    it.groups[1]?.value?.let { mime.getMimeTypeFromExtension(it) } ?: "*/*"
+                }.toSet()
+            } else emptySet()
 
-        val mimeTypes = if (!filter.isNullOrEmpty()) {
-            val extensionRegex = "\\*\\.[a-z .]+".toRegex(IGNORE_CASE)
-            val mime = MimeTypeMap.getSingleton()
-            extensionRegex.findAll(filter).map {
-                mime.getMimeTypeFromExtension(it.value.drop(2))
-            }.filterNotNull().toSet()
-        } else emptySet()
-
-        Intent(Intent.ACTION_OPEN_DOCUMENT).apply {
-            addCategory(Intent.CATEGORY_OPENABLE)
-            Log.v(TAG, "File mimyType filter: $mimeTypes")
-            when (mimeTypes.size) {
-                1 -> type = mimeTypes.first()
-
-                in 2..Int.MAX_VALUE -> {
+            Intent(Intent.ACTION_OPEN_DOCUMENT).apply {
+                addCategory(Intent.CATEGORY_OPENABLE)
+                Log.v(TAG, "File mimyType filter: $mimeTypes")
+                if ("*/*" in mimeTypes) {
                     type = "*/*"
-                    putExtra(EXTRA_MIME_TYPES, mimeTypes.toTypedArray())
+                } else {
+                    when (mimeTypes.size) {
+                        1 -> type = mimeTypes.first()
+
+                        in 2..Int.MAX_VALUE -> {
+                            type = "*/*"
+                            putExtra(EXTRA_MIME_TYPES, mimeTypes.toTypedArray())
+                        }
+
+                        else -> type = "*/*"
+                    }
                 }
-
-                else -> type = "*/*"
+            }.also {
+                startActivityForResult(it, OPEN_FILE_ACTION_CODE, ActivityResultHandler(
+                    onSuccess = {
+                        val uri = it?.data?.toString() ?: ""
+                        Log.d(TAG, "Open file: $uri")
+                        mainScope.launch {
+                            qtInitialized.await()
+                            QtAndroidController.onFileOpened(uri)
+                        }
+                    }
+                ))
             }
-        }.also {
-            startActivityForResult(it, OPEN_FILE_ACTION_CODE)
         }
     }
 
-    @Suppress("unused")
-    fun setNotificationText(title: String, message: String, timerSec: Int) {
-        Log.v(TAG, "Set notification text")
-    }
-
     @Suppress("unused")
     fun isCameraPresent(): Boolean = applicationContext.packageManager.hasSystemFeature(PackageManager.FEATURE_CAMERA)
 
@@ -433,12 +533,12 @@ class AmneziaActivity : QtActivity() {
 
     @Suppress("unused")
     fun setSaveLogs(enabled: Boolean) {
-        Log.d(TAG, "Set save logs: $enabled")
+        Log.v(TAG, "Set save logs: $enabled")
         mainScope.launch {
             Log.saveLogs = enabled
             vpnServiceMessenger.send {
                 Action.SET_SAVE_LOGS.packToMessage {
-                    putBoolean(SAVE_LOGS, enabled)
+                    putBoolean(MSG_SAVE_LOGS, enabled)
                 }
             }
         }
@@ -453,6 +553,117 @@ class AmneziaActivity : QtActivity() {
     @Suppress("unused")
     fun clearLogs() {
         Log.v(TAG, "Clear logs")
-        Log.clearLogs()
+        mainScope.launch {
+            Log.clearLogs()
+        }
+    }
+
+    @Suppress("unused")
+    fun setScreenshotsEnabled(enabled: Boolean) {
+        Log.v(TAG, "Set screenshots enabled: $enabled")
+        mainScope.launch {
+            val flag = if (enabled) 0 else LayoutParams.FLAG_SECURE
+            window.setFlags(flag, LayoutParams.FLAG_SECURE)
+        }
+    }
+
+    @Suppress("unused")
+    fun minimizeApp() {
+        Log.v(TAG, "Minimize application")
+        mainScope.launch {
+            moveTaskToBack(false)
+        }
+    }
+
+    @Suppress("unused")
+    fun getAppList(): String {
+        Log.v(TAG, "Get app list")
+        var appList = ""
+        runBlocking {
+            mainScope.launch {
+                withContext(Dispatchers.IO) {
+                    appList = AppListProvider.getAppList(packageManager, packageName)
+                }
+            }.join()
+        }
+        return appList
+    }
+
+    @Suppress("unused")
+    fun getAppIcon(packageName: String, width: Int, height: Int): Bitmap {
+        Log.v(TAG, "Get app icon")
+        return AppListProvider.getAppIcon(packageManager, packageName, width, height)
+    }
+
+    @Suppress("unused")
+    fun isNotificationPermissionGranted(): Boolean = applicationContext.isNotificationPermissionGranted()
+
+    @Suppress("unused")
+    fun requestNotificationPermission() {
+        val shouldShowPreRequest = shouldShowRequestPermissionRationale(Manifest.permission.POST_NOTIFICATIONS)
+        requestPermission(
+            Manifest.permission.POST_NOTIFICATIONS,
+            CHECK_NOTIFICATION_PERMISSION_ACTION_CODE,
+            PermissionRequestHandler(
+                onSuccess = {
+                    mainScope.launch {
+                        Prefs.save(PREFS_NOTIFICATION_PERMISSION_ASKED, true)
+                        vpnServiceMessenger.send(Action.NOTIFICATION_PERMISSION_GRANTED)
+                        qtInitialized.await()
+                        QtAndroidController.onNotificationStateChanged()
+                    }
+                },
+                onFail = {
+                    if (!Prefs.load<Boolean>(PREFS_NOTIFICATION_PERMISSION_ASKED)) {
+                        Prefs.save(PREFS_NOTIFICATION_PERMISSION_ASKED, true)
+                    } else {
+                        val shouldShowPostRequest =
+                            shouldShowRequestPermissionRationale(Manifest.permission.POST_NOTIFICATIONS)
+                        if (!shouldShowPreRequest && !shouldShowPostRequest) {
+                            showNotificationSettingsDialog()
+                        }
+                    }
+                }
+            )
+        )
+    }
+
+    private fun showNotificationSettingsDialog() {
+        AlertDialog.Builder(this)
+            .setTitle(R.string.notificationSettingsDialogTitle)
+            .setMessage(R.string.notificationSettingsDialogMessage)
+            .setNegativeButton(R.string.cancel) { _, _ -> }
+            .setPositiveButton(R.string.openNotificationSettings) { _, _ ->
+                startActivity(Intent(Settings.ACTION_APP_NOTIFICATION_SETTINGS).apply {
+                    putExtra(Settings.EXTRA_APP_PACKAGE, packageName)
+                })
+            }
+            .show()
+    }
+
+    /**
+     * Utils methods
+     */
+    companion object {
+        private fun actionCodeToString(actionCode: Int): String =
+            when (actionCode) {
+                CHECK_VPN_PERMISSION_ACTION_CODE -> "CHECK_VPN_PERMISSION"
+                CREATE_FILE_ACTION_CODE -> "CREATE_FILE"
+                OPEN_FILE_ACTION_CODE -> "OPEN_FILE"
+                CHECK_NOTIFICATION_PERMISSION_ACTION_CODE -> "CHECK_NOTIFICATION_PERMISSION"
+                else -> actionCode.toString()
+            }
     }
 }
+
+private class ActivityResultHandler(
+    val onSuccess: (data: Intent?) -> Unit = {},
+    val onFail: (data: Intent?) -> Unit = {},
+    val onAny: (data: Intent?) -> Unit = {}
+)
+
+private class PermissionRequestHandler(
+    val onSuccess: () -> Unit = {},
+    val onFail: () -> Unit = {},
+    val onAny: () -> Unit = {}
+)

client/android/src/org/amnezia/vpn/AmneziaApplication.kt

@@ -3,14 +3,11 @@ package org.amnezia.vpn
 import androidx.camera.camera2.Camera2Config
 import androidx.camera.core.CameraSelector
 import androidx.camera.core.CameraXConfig
-import androidx.core.app.NotificationChannelCompat.Builder
-import androidx.core.app.NotificationManagerCompat
 import org.amnezia.vpn.util.Log
 import org.amnezia.vpn.util.Prefs
 import org.qtproject.qt.android.bindings.QtApplication
 
 private const val TAG = "AmneziaApplication"
-const val NOTIFICATION_CHANNEL_ID: String = "org.amnezia.vpn.notification"
 
 class AmneziaApplication : QtApplication(), CameraXConfig.Provider {
 
@@ -18,8 +15,9 @@ class AmneziaApplication : QtApplication(), CameraXConfig.Provider {
         super.onCreate()
         Prefs.init(this)
         Log.init(this)
+        VpnStateStore.init(this)
         Log.d(TAG, "Create Amnezia application")
-        createNotificationChannel()
+        ServiceNotification.createNotificationChannel(this)
     }
 
     override fun getCameraXConfig(): CameraXConfig = CameraXConfig.Builder
@@ -27,14 +25,4 @@ class AmneziaApplication : QtApplication(), CameraXConfig.Provider {
         .setMinimumLoggingLevel(android.util.Log.ERROR)
         .setAvailableCamerasLimiter(CameraSelector.DEFAULT_BACK_CAMERA)
         .build()
-
-    private fun createNotificationChannel() {
-        NotificationManagerCompat.from(this).createNotificationChannel(
-            Builder(NOTIFICATION_CHANNEL_ID, NotificationManagerCompat.IMPORTANCE_LOW)
-                .setName("AmneziaVPN")
-                .setDescription("AmneziaVPN service notification")
-                .setShowBadge(false)
-                .build()
-        )
-    }
 }

client/android/src/org/amnezia/vpn/AmneziaContext.kt

@@ -0,0 +1,56 @@
+package org.amnezia.vpn
+
+import android.content.BroadcastReceiver
+import android.content.Context
+import android.content.Intent
+import android.content.IntentFilter
+import androidx.core.content.ContextCompat
+import androidx.core.content.ContextCompat.RegisterReceiverFlags
+import org.amnezia.vpn.protocol.ProtocolState
+import org.amnezia.vpn.protocol.ProtocolState.CONNECTED
+import org.amnezia.vpn.protocol.ProtocolState.CONNECTING
+import org.amnezia.vpn.protocol.ProtocolState.DISCONNECTED
+import org.amnezia.vpn.protocol.ProtocolState.DISCONNECTING
+import org.amnezia.vpn.protocol.ProtocolState.RECONNECTING
+import org.amnezia.vpn.protocol.ProtocolState.UNKNOWN
+
+fun Context.getString(state: ProtocolState): String =
+    getString(
+        when (state) {
+            DISCONNECTED, UNKNOWN -> R.string.disconnected
+            CONNECTED -> R.string.connected
+            CONNECTING -> R.string.connecting
+            DISCONNECTING -> R.string.disconnecting
+            RECONNECTING -> R.string.reconnecting
+        }
+    )
+
+fun Context.registerBroadcastReceiver(
+    action: String,
+    @RegisterReceiverFlags flags: Int = ContextCompat.RECEIVER_EXPORTED,
+    onReceive: (Intent?) -> Unit
+): BroadcastReceiver = registerBroadcastReceiver(arrayOf(action), flags, onReceive)
+
+fun Context.registerBroadcastReceiver(
+    actions: Array<String>,
+    @RegisterReceiverFlags flags: Int = ContextCompat.RECEIVER_EXPORTED,
+    onReceive: (Intent?) -> Unit
+): BroadcastReceiver =
+    object : BroadcastReceiver() {
+        override fun onReceive(context: Context?, intent: Intent?) {
+            onReceive(intent)
+        }
+    }.also {
+        ContextCompat.registerReceiver(
+            this,
+            it,
+            IntentFilter().apply {
+                actions.forEach(::addAction)
+            },
+            flags
+        )
+    }
+
+fun Context.unregisterBroadcastReceiver(receiver: BroadcastReceiver?) {
+    receiver?.let { this.unregisterReceiver(it) }
+}

client/android/src/org/amnezia/vpn/AmneziaTileService.kt

@@ -0,0 +1,272 @@
+package org.amnezia.vpn
+
+import android.annotation.SuppressLint
+import android.app.PendingIntent
+import android.content.ComponentName
+import android.content.Intent
+import android.content.ServiceConnection
+import android.net.VpnService
+import android.os.Build
+import android.os.IBinder
+import android.os.Messenger
+import android.service.quicksettings.Tile
+import android.service.quicksettings.TileService
+import androidx.core.content.ContextCompat
+import kotlin.LazyThreadSafetyMode.NONE
+import kotlinx.coroutines.CoroutineScope
+import kotlinx.coroutines.Job
+import kotlinx.coroutines.SupervisorJob
+import kotlinx.coroutines.cancel
+import kotlinx.coroutines.flow.collectLatest
+import kotlinx.coroutines.launch
+import org.amnezia.vpn.protocol.ProtocolState
+import org.amnezia.vpn.protocol.ProtocolState.CONNECTED
+import org.amnezia.vpn.protocol.ProtocolState.CONNECTING
+import org.amnezia.vpn.protocol.ProtocolState.DISCONNECTED
+import org.amnezia.vpn.protocol.ProtocolState.DISCONNECTING
+import org.amnezia.vpn.protocol.ProtocolState.RECONNECTING
+import org.amnezia.vpn.protocol.ProtocolState.UNKNOWN
+import org.amnezia.vpn.util.Log
+
+private const val TAG = "AmneziaTileService"
+private const val DEFAULT_TILE_LABEL = "AmneziaVPN"
+
+class AmneziaTileService : TileService() {
+
+    private lateinit var scope: CoroutineScope
+    private var vpnStateListeningJob: Job? = null
+    private lateinit var vpnServiceMessenger: IpcMessenger
+
+    @Volatile
+    private var isServiceConnected = false
+    private var isInBoundState = false
+    @Volatile
+    private var isVpnConfigExists = false
+
+    private val serviceConnection: ServiceConnection by lazy(NONE) {
+        object : ServiceConnection {
+            override fun onServiceConnected(name: ComponentName?, service: IBinder?) {
+                Log.d(TAG, "Service ${name?.flattenToString()} was connected")
+                vpnServiceMessenger.set(Messenger(service))
+                isServiceConnected = true
+            }
+
+            override fun onServiceDisconnected(name: ComponentName?) {
+                Log.w(TAG, "Service ${name?.flattenToString()} was unexpectedly disconnected")
+                isServiceConnected = false
+                vpnServiceMessenger.reset()
+                updateVpnState(DISCONNECTED)
+            }
+
+            override fun onBindingDied(name: ComponentName?) {
+                Log.w(TAG, "Binding to the ${name?.flattenToString()} unexpectedly died")
+                doUnbindService()
+                doBindService()
+            }
+        }
+    }
+
+    override fun onCreate() {
+        super.onCreate()
+        Log.d(TAG, "Create Amnezia Tile Service")
+        scope = CoroutineScope(SupervisorJob())
+        vpnServiceMessenger = IpcMessenger(
+            "VpnService",
+            onDeadObjectException = ::doUnbindService
+        )
+    }
+
+    override fun onDestroy() {
+        Log.d(TAG, "Destroy Amnezia Tile Service")
+        doUnbindService()
+        scope.cancel()
+        super.onDestroy()
+    }
+
+    // Workaround for some bugs
+    override fun onBind(intent: Intent?): IBinder? =
+        try {
+            super.onBind(intent)
+        } catch (e: Throwable) {
+            Log.e(TAG, "Failed to bind AmneziaTileService: $e")
+            null
+        }
+
+    override fun onStartListening() {
+        super.onStartListening()
+        Log.d(TAG, "Start listening")
+        if (AmneziaVpnService.isRunning(applicationContext)) {
+            Log.d(TAG, "Vpn service is running")
+            doBindService()
+        } else {
+            Log.d(TAG, "Vpn service is not running")
+            isServiceConnected = false
+            updateVpnState(DISCONNECTED)
+        }
+        vpnStateListeningJob = launchVpnStateListening()
+    }
+
+    override fun onStopListening() {
+        Log.d(TAG, "Stop listening")
+        vpnStateListeningJob?.cancel()
+        vpnStateListeningJob = null
+        doUnbindService()
+        super.onStopListening()
+    }
+
+    override fun onClick() {
+        Log.d(TAG, "onClick")
+        if (isLocked) {
+            unlockAndRun { onClickInternal() }
+        } else {
+            onClickInternal()
+        }
+    }
+
+    private fun onClickInternal() {
+        if (isVpnConfigExists) {
+            Log.d(TAG, "Change VPN state")
+            if (qsTile.state == Tile.STATE_INACTIVE) {
+                Log.d(TAG, "Start VPN")
+                updateVpnState(CONNECTING)
+                startVpn()
+            } else if (qsTile.state == Tile.STATE_ACTIVE) {
+                Log.d(TAG, "Stop vpn")
+                updateVpnState(DISCONNECTING)
+                stopVpn()
+            }
+        } else {
+            Log.d(TAG, "Start Activity")
+            Intent(this, AmneziaActivity::class.java).apply {
+                addFlags(Intent.FLAG_ACTIVITY_NEW_TASK)
+            }.also {
+                startActivityAndCollapseCompat(it)
+            }
+        }
+    }
+
+    private fun doBindService() {
+        Log.d(TAG, "Bind service")
+        Intent(this, AmneziaVpnService::class.java).also {
+            bindService(it, serviceConnection, BIND_ABOVE_CLIENT)
+        }
+        isInBoundState = true
+    }
+
+    private fun doUnbindService() {
+        if (isInBoundState) {
+            Log.d(TAG, "Unbind service")
+            isServiceConnected = false
+            vpnServiceMessenger.reset()
+            isInBoundState = false
+            unbindService(serviceConnection)
+        }
+    }
+
+    private fun startVpn() {
+        if (isServiceConnected) {
+            connectToVpn()
+        } else {
+            if (checkPermission()) {
+                startVpnService()
+                doBindService()
+            } else {
+                updateVpnState(DISCONNECTED)
+            }
+        }
+    }
+
+    private fun checkPermission() =
+        if (VpnService.prepare(applicationContext) != null) {
+            Intent(this, VpnRequestActivity::class.java).apply {
+                addFlags(Intent.FLAG_ACTIVITY_NEW_TASK)
+            }.also {
+                startActivityAndCollapseCompat(it)
+            }
+            false
+        } else {
+            true
+        }
+
+    private fun startVpnService() {
+        try {
+            ContextCompat.startForegroundService(
+                applicationContext,
+                Intent(this, AmneziaVpnService::class.java)
+            )
+        } catch (e: SecurityException) {
+            Log.e(TAG, "Failed to start AmneziaVpnService: $e")
+        }
+    }
+
+    private fun connectToVpn() = vpnServiceMessenger.send(Action.CONNECT)
+
+    private fun stopVpn() = vpnServiceMessenger.send(Action.DISCONNECT)
+
+    @SuppressLint("StartActivityAndCollapseDeprecated")
+    private fun startActivityAndCollapseCompat(intent: Intent) {
+        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.UPSIDE_DOWN_CAKE) {
+            startActivityAndCollapse(
+                PendingIntent.getActivity(
+                    applicationContext,
+                    0,
+                    intent,
+                    PendingIntent.FLAG_IMMUTABLE
+                )
+            )
+        } else {
+            @Suppress("DEPRECATION")
+            startActivityAndCollapse(intent)
+        }
+    }
+
+    private fun updateVpnState(state: ProtocolState) {
+        scope.launch {
+            VpnStateStore.store { it.copy(protocolState = state) }
+        }
+    }
+
+    private fun launchVpnStateListening() =
+        scope.launch { VpnStateStore.dataFlow().collectLatest(::updateTile) }
+
+    private fun updateTile(vpnState: VpnState) {
+        Log.d(TAG, "Update tile: $vpnState")
+        isVpnConfigExists = vpnState.serverName != null
+        val tile = qsTile ?: return
+        tile.apply {
+            label = vpnState.serverName ?: DEFAULT_TILE_LABEL
+            when (val protocolState = vpnState.protocolState) {
+                CONNECTED -> {
+                    state = Tile.STATE_ACTIVE
+                    subtitleCompat = null
+                }
+
+                DISCONNECTED, UNKNOWN -> {
+                    state = Tile.STATE_INACTIVE
+                    subtitleCompat = null
+                }
+
+                CONNECTING, DISCONNECTING, RECONNECTING -> {
+                    state = Tile.STATE_UNAVAILABLE
+                    subtitleCompat = getString(protocolState)
+                }
+            }
+            updateTile()
+        }
+        // double update to fix weird visual glitches
+        tile.updateTile()
+    }
+
+    private var Tile.subtitleCompat: CharSequence?
+        set(value) {
+            if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q) {
+                this.subtitle = value
+            }
+        }
+        get() {
+            if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q) {
+                return this.subtitle
+            }
+            return null
+        }
+}

client/android/src/org/amnezia/vpn/AmneziaVpnService.kt

@@ -1,10 +1,13 @@
 package org.amnezia.vpn
 
-import android.app.Notification
-import android.app.PendingIntent
+import android.app.ActivityManager
+import android.app.ActivityManager.RunningAppProcessInfo.IMPORTANCE_FOREGROUND_SERVICE
+import android.app.NotificationManager
+import android.content.BroadcastReceiver
+import android.content.Context
 import android.content.Intent
 import android.content.pm.ServiceInfo.FOREGROUND_SERVICE_TYPE_MANIFEST
-import android.content.pm.ServiceInfo.FOREGROUND_SERVICE_TYPE_SPECIAL_USE
+import android.content.pm.ServiceInfo.FOREGROUND_SERVICE_TYPE_SYSTEM_EXEMPTED
 import android.net.VpnService
 import android.os.Build
 import android.os.Handler
@@ -12,10 +15,13 @@ import android.os.IBinder
 import android.os.Looper
 import android.os.Message
 import android.os.Messenger
+import android.os.PowerManager
 import android.os.Process
 import androidx.annotation.MainThread
-import androidx.core.app.NotificationCompat
 import androidx.core.app.ServiceCompat
+import androidx.core.content.ContextCompat
+import androidx.core.content.getSystemService
+import java.util.concurrent.ConcurrentHashMap
 import kotlin.LazyThreadSafetyMode.NONE
 import kotlinx.coroutines.CoroutineExceptionHandler
 import kotlinx.coroutines.CoroutineScope
@@ -26,6 +32,7 @@ import kotlinx.coroutines.TimeoutCancellationException
 import kotlinx.coroutines.cancel
 import kotlinx.coroutines.delay
 import kotlinx.coroutines.flow.MutableStateFlow
+import kotlinx.coroutines.flow.drop
 import kotlinx.coroutines.flow.first
 import kotlinx.coroutines.launch
 import kotlinx.coroutines.runBlocking
@@ -39,32 +46,36 @@ import org.amnezia.vpn.protocol.ProtocolState.DISCONNECTED
 import org.amnezia.vpn.protocol.ProtocolState.DISCONNECTING
 import org.amnezia.vpn.protocol.ProtocolState.RECONNECTING
 import org.amnezia.vpn.protocol.ProtocolState.UNKNOWN
-import org.amnezia.vpn.protocol.Statistics
-import org.amnezia.vpn.protocol.Status
 import org.amnezia.vpn.protocol.VpnException
 import org.amnezia.vpn.protocol.VpnStartException
 import org.amnezia.vpn.protocol.awg.Awg
 import org.amnezia.vpn.protocol.cloak.Cloak
 import org.amnezia.vpn.protocol.openvpn.OpenVpn
-import org.amnezia.vpn.protocol.putStatistics
 import org.amnezia.vpn.protocol.putStatus
 import org.amnezia.vpn.protocol.wireguard.Wireguard
 import org.amnezia.vpn.util.Log
 import org.amnezia.vpn.util.Prefs
 import org.amnezia.vpn.util.net.NetworkState
+import org.amnezia.vpn.util.net.TrafficStats
 import org.json.JSONException
 import org.json.JSONObject
 
 private const val TAG = "AmneziaVpnService"
 
-const val VPN_CONFIG = "VPN_CONFIG"
-const val ERROR_MSG = "ERROR_MSG"
-const val SAVE_LOGS = "SAVE_LOGS"
+const val ACTION_DISCONNECT = "org.amnezia.vpn.action.disconnect"
+
+const val MSG_VPN_CONFIG = "VPN_CONFIG"
+const val MSG_ERROR = "ERROR"
+const val MSG_SAVE_LOGS = "SAVE_LOGS"
+const val MSG_CLIENT_NAME = "CLIENT_NAME"
 
 const val AFTER_PERMISSION_CHECK = "AFTER_PERMISSION_CHECK"
 private const val PREFS_CONFIG_KEY = "LAST_CONF"
-private const val NOTIFICATION_ID = 1337
-private const val STATISTICS_SENDING_TIMEOUT = 1000L
+private const val PREFS_SERVER_NAME = "LAST_SERVER_NAME"
+private const val PREFS_SERVER_INDEX = "LAST_SERVER_INDEX"
+private const val PROCESS_NAME = "org.amnezia.vpn:amneziaVpnService"
+// private const val STATISTICS_SENDING_TIMEOUT = 1000L
+private const val TRAFFIC_STATS_UPDATE_TIMEOUT = 1000L
 private const val DISCONNECT_TIMEOUT = 5000L
 private const val STOP_SERVICE_TIMEOUT = 5000L
 
@@ -76,6 +87,8 @@ class AmneziaVpnService : VpnService() {
     private var protocol: Protocol? = null
     private val protocolCache = mutableMapOf<String, Protocol>()
     private var protocolState = MutableStateFlow(UNKNOWN)
+    private var serverName: String? = null
+    private var serverIndex: Int = -1
 
     private val isConnected
         get() = protocolState.value == CONNECTED
@@ -88,9 +101,18 @@ class AmneziaVpnService : VpnService() {
 
     private var connectionJob: Job? = null
     private var disconnectionJob: Job? = null
-    private var statisticsSendingJob: Job? = null
-    private lateinit var clientMessenger: IpcMessenger
+    private var trafficStatsUpdateJob: Job? = null
+    // private var statisticsSendingJob: Job? = null
     private lateinit var networkState: NetworkState
+    private lateinit var trafficStats: TrafficStats
+    private var disconnectReceiver: BroadcastReceiver? = null
+    private var notificationStateReceiver: BroadcastReceiver? = null
+    private var screenOnReceiver: BroadcastReceiver? = null
+    private var screenOffReceiver: BroadcastReceiver? = null
+    private val clientMessengers = ConcurrentHashMap<Messenger, IpcMessenger>()
+
+    private val isActivityConnected
+        get() = clientMessengers.any { it.value.name == ACTIVITY_MESSENGER_NAME }
 
     private val connectionExceptionHandler = CoroutineExceptionHandler { _, e ->
         protocolState.value = DISCONNECTED
@@ -116,13 +138,22 @@ class AmneziaVpnService : VpnService() {
                 Log.d(TAG, "Handle action: $action")
                 when (action) {
                     Action.REGISTER_CLIENT -> {
-                        clientMessenger.set(msg.replyTo)
+                        val clientName = msg.data.getString(MSG_CLIENT_NAME)
+                        val messenger = IpcMessenger(msg.replyTo, clientName)
+                        clientMessengers[msg.replyTo] = messenger
+                        Log.d(TAG, "Messenger client '$clientName' was registered")
+                        // if (clientName == ACTIVITY_MESSENGER_NAME && isConnected) launchSendingStatistics()
+                    }
+
+                    Action.UNREGISTER_CLIENT -> {
+                        clientMessengers.remove(msg.replyTo)?.let {
+                            Log.d(TAG, "Messenger client '${it.name}' was unregistered")
+                            // if (it.name == ACTIVITY_MESSENGER_NAME) stopSendingStatistics()
+                        }
                     }
 
                     Action.CONNECT -> {
-                        val vpnConfig = msg.data.getString(VPN_CONFIG)
-                        Prefs.save(PREFS_CONFIG_KEY, vpnConfig)
-                        connect(vpnConfig)
+                        connect(msg.data.getString(MSG_VPN_CONFIG))
                     }
 
                     Action.DISCONNECT -> {
@@ -130,17 +161,21 @@ class AmneziaVpnService : VpnService() {
                     }
 
                     Action.REQUEST_STATUS -> {
-                        clientMessenger.send {
-                            ServiceEvent.STATUS.packToMessage {
-                                putStatus(Status.build {
-                                    setState(this@AmneziaVpnService.protocolState.value)
-                                })
+                        clientMessengers[msg.replyTo]?.let { clientMessenger ->
+                            clientMessenger.send {
+                                ServiceEvent.STATUS.packToMessage {
+                                    putStatus(this@AmneziaVpnService.protocolState.value)
+                                }
                             }
                         }
                     }
 
+                    Action.NOTIFICATION_PERMISSION_GRANTED -> {
+                        enableNotification()
+                    }
+
                     Action.SET_SAVE_LOGS -> {
-                        Log.saveLogs = msg.data.getBoolean(SAVE_LOGS)
+                        Log.saveLogs = msg.data.getBoolean(MSG_SAVE_LOGS)
                     }
                 }
             }
@@ -156,30 +191,12 @@ class AmneziaVpnService : VpnService() {
      */
     private val foregroundServiceTypeCompat
         get() = when {
-            Build.VERSION.SDK_INT >= Build.VERSION_CODES.UPSIDE_DOWN_CAKE -> FOREGROUND_SERVICE_TYPE_SPECIAL_USE
+            Build.VERSION.SDK_INT >= Build.VERSION_CODES.UPSIDE_DOWN_CAKE -> FOREGROUND_SERVICE_TYPE_SYSTEM_EXEMPTED
             Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q -> FOREGROUND_SERVICE_TYPE_MANIFEST
             else -> 0
         }
 
-    private val notification: Notification by lazy(NONE) {
-        NotificationCompat.Builder(this, NOTIFICATION_CHANNEL_ID)
-            .setSmallIcon(R.drawable.ic_amnezia_round)
-            .setShowWhen(false)
-            .setContentIntent(
-                PendingIntent.getActivity(
-                    this,
-                    0,
-                    Intent(this, AmneziaActivity::class.java),
-                    PendingIntent.FLAG_IMMUTABLE or PendingIntent.FLAG_UPDATE_CURRENT
-                )
-            )
-            .setOngoing(true)
-            .setPriority(NotificationCompat.PRIORITY_LOW)
-            .setCategory(NotificationCompat.CATEGORY_SERVICE)
-            .setVisibility(NotificationCompat.VISIBILITY_PUBLIC)
-            .setForegroundServiceBehavior(NotificationCompat.FOREGROUND_SERVICE_IMMEDIATE)
-            .build()
-    }
+    private val serviceNotification: ServiceNotification by lazy(NONE) { ServiceNotification(this) }
 
     /**
      * Service overloaded methods
@@ -189,29 +206,30 @@ class AmneziaVpnService : VpnService() {
         Log.d(TAG, "Create Amnezia VPN service")
         mainScope = CoroutineScope(SupervisorJob() + Dispatchers.Main.immediate)
         connectionScope = CoroutineScope(SupervisorJob() + Dispatchers.IO + connectionExceptionHandler)
-        clientMessenger = IpcMessenger(messengerName = "Client")
+        loadServerData()
         launchProtocolStateHandler()
         networkState = NetworkState(this, ::reconnect)
+        trafficStats = TrafficStats()
+        registerBroadcastReceivers()
     }
 
     override fun onStartCommand(intent: Intent?, flags: Int, startId: Int): Int {
-        val isAlwaysOnCompat =
-            if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q) isAlwaysOn
-            else intent?.component?.packageName != packageName
+        val isAlwaysOn = intent != null && intent.action == SERVICE_INTERFACE
 
-        if (isAlwaysOnCompat) {
+        if (isAlwaysOn) {
             Log.d(TAG, "Start service via Always-on")
-            connect(Prefs.load(PREFS_CONFIG_KEY))
+            connect()
         } else if (intent?.getBooleanExtra(AFTER_PERMISSION_CHECK, false) == true) {
             Log.d(TAG, "Start service after permission check")
-            connect(Prefs.load(PREFS_CONFIG_KEY))
+            connect()
         } else {
             Log.d(TAG, "Start service")
-            val vpnConfig = intent?.getStringExtra(VPN_CONFIG)
-            Prefs.save(PREFS_CONFIG_KEY, vpnConfig)
-            connect(vpnConfig)
+            connect(intent?.getStringExtra(MSG_VPN_CONFIG))
         }
-        ServiceCompat.startForeground(this, NOTIFICATION_ID, notification, foregroundServiceTypeCompat)
+        ServiceCompat.startForeground(
+            this, NOTIFICATION_ID, serviceNotification.buildNotification(serverName, protocolState.value),
+            foregroundServiceTypeCompat
+        )
         return START_REDELIVER_INTENT
     }
 
@@ -219,17 +237,16 @@ class AmneziaVpnService : VpnService() {
         Log.d(TAG, "onBind by $intent")
         if (intent?.action == SERVICE_INTERFACE) return super.onBind(intent)
         isServiceBound = true
-        if (isConnected) launchSendingStatistics()
         return vpnServiceMessenger.binder
     }
 
     override fun onUnbind(intent: Intent?): Boolean {
         Log.d(TAG, "onUnbind by $intent")
         if (intent?.action != SERVICE_INTERFACE) {
-            isServiceBound = false
-            stopSendingStatistics()
-            clientMessenger.reset()
-            if (isUnknown || isDisconnected) stopService()
+            if (clientMessengers.isEmpty()) {
+                isServiceBound = false
+                if (isUnknown || isDisconnected) stopService()
+            }
         }
         return true
     }
@@ -238,7 +255,6 @@ class AmneziaVpnService : VpnService() {
         Log.d(TAG, "onRebind by $intent")
         if (intent?.action != SERVICE_INTERFACE) {
             isServiceBound = true
-            if (isConnected) launchSendingStatistics()
         }
         super.onRebind(intent)
     }
@@ -253,6 +269,7 @@ class AmneziaVpnService : VpnService() {
 
     override fun onDestroy() {
         Log.d(TAG, "Destroy service")
+        unregisterBroadcastReceivers()
         runBlocking {
             disconnect()
             disconnectionJob?.join()
@@ -273,35 +290,105 @@ class AmneziaVpnService : VpnService() {
         stopSelf()
     }
 
+    private fun registerBroadcastReceivers() {
+        Log.d(TAG, "Register broadcast receivers")
+        disconnectReceiver = registerBroadcastReceiver(ACTION_DISCONNECT, ContextCompat.RECEIVER_NOT_EXPORTED) {
+            Log.d(TAG, "Broadcast request received: $ACTION_DISCONNECT")
+            disconnect()
+        }
+
+        notificationStateReceiver = if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
+            registerBroadcastReceiver(
+                arrayOf(
+                    NotificationManager.ACTION_NOTIFICATION_CHANNEL_BLOCK_STATE_CHANGED,
+                    NotificationManager.ACTION_APP_BLOCK_STATE_CHANGED
+                )
+            ) {
+                val state = it?.getBooleanExtra(NotificationManager.EXTRA_BLOCKED_STATE, false)
+                Log.d(TAG, "Notification state changed: ${it?.action}, blocked = $state")
+                if (state == false) {
+                    enableNotification()
+                } else {
+                    disableNotification()
+                }
+            }
+        } else null
+
+        registerScreenStateBroadcastReceivers()
+    }
+
+    private fun registerScreenStateBroadcastReceivers() {
+        if (serviceNotification.isNotificationEnabled()) {
+            Log.d(TAG, "Register screen state broadcast receivers")
+            screenOnReceiver = registerBroadcastReceiver(Intent.ACTION_SCREEN_ON) {
+                if (isConnected && serviceNotification.isNotificationEnabled()) startTrafficStatsUpdateJob()
+            }
+
+            screenOffReceiver = registerBroadcastReceiver(Intent.ACTION_SCREEN_OFF) {
+                stopTrafficStatsUpdateJob()
+            }
+        }
+    }
+
+    private fun unregisterScreenStateBroadcastReceivers() {
+        Log.d(TAG, "Unregister screen state broadcast receivers")
+        unregisterBroadcastReceiver(screenOnReceiver)
+        unregisterBroadcastReceiver(screenOffReceiver)
+        screenOnReceiver = null
+        screenOffReceiver = null
+    }
+
+    private fun unregisterBroadcastReceivers() {
+        Log.d(TAG, "Unregister broadcast receivers")
+        unregisterBroadcastReceiver(disconnectReceiver)
+        unregisterBroadcastReceiver(notificationStateReceiver)
+        unregisterScreenStateBroadcastReceivers()
+        disconnectReceiver = null
+        notificationStateReceiver = null
+    }
+
     /**
      * Methods responsible for processing VPN connection
      */
     private fun launchProtocolStateHandler() {
         mainScope.launch {
-            protocolState.collect { protocolState ->
+            // drop first default UNKNOWN state
+            protocolState.drop(1).collect { protocolState ->
                 Log.d(TAG, "Protocol state changed: $protocolState")
+
+                serviceNotification.updateNotification(serverName, protocolState)
+
+                clientMessengers.send {
+                    ServiceEvent.STATUS_CHANGED.packToMessage {
+                        putStatus(protocolState)
+                    }
+                }
+
+                VpnStateStore.store { VpnState(protocolState, serverName, serverIndex) }
+
                 when (protocolState) {
                     CONNECTED -> {
-                        clientMessenger.send(ServiceEvent.CONNECTED)
                         networkState.bindNetworkListener()
-                        if (isServiceBound) launchSendingStatistics()
+                        // if (isActivityConnected) launchSendingStatistics()
+                        launchTrafficStatsUpdate()
                     }
 
                     DISCONNECTED -> {
-                        clientMessenger.send(ServiceEvent.DISCONNECTED)
                         networkState.unbindNetworkListener()
-                        stopSendingStatistics()
+                        stopTrafficStatsUpdateJob()
+                        // stopSendingStatistics()
                         if (!isServiceBound) stopService()
                     }
 
                     DISCONNECTING -> {
                         networkState.unbindNetworkListener()
-                        stopSendingStatistics()
+                        stopTrafficStatsUpdateJob()
+                        // stopSendingStatistics()
                     }
 
                     RECONNECTING -> {
-                        clientMessenger.send(ServiceEvent.RECONNECTING)
-                        stopSendingStatistics()
+                        stopTrafficStatsUpdateJob()
+                        // stopSendingStatistics()
                     }
 
                     CONNECTING, UNKNOWN -> {}
@@ -310,9 +397,9 @@ class AmneziaVpnService : VpnService() {
         }
     }
 
-    @MainThread
+/*  @MainThread
     private fun launchSendingStatistics() {
-        /* if (isServiceBound && isConnected) {
+        if (isServiceBound && isConnected) {
             statisticsSendingJob = mainScope.launch {
                 while (true) {
                     clientMessenger.send {
@@ -323,16 +410,76 @@ class AmneziaVpnService : VpnService() {
                     delay(STATISTICS_SENDING_TIMEOUT)
                 }
             }
-        } */
+        }
     }
 
     @MainThread
     private fun stopSendingStatistics() {
         statisticsSendingJob?.cancel()
+    } */
+
+    @MainThread
+    private fun enableNotification() {
+        registerScreenStateBroadcastReceivers()
+        serviceNotification.updateNotification(serverName, protocolState.value)
+        launchTrafficStatsUpdate()
     }
 
     @MainThread
-    private fun connect(vpnConfig: String?) {
+    private fun disableNotification() {
+        unregisterScreenStateBroadcastReceivers()
+        stopTrafficStatsUpdateJob()
+    }
+
+    @MainThread
+    private fun launchTrafficStatsUpdate() {
+        stopTrafficStatsUpdateJob()
+        if (isConnected &&
+            serviceNotification.isNotificationEnabled() &&
+            getSystemService<PowerManager>()?.isInteractive != false
+        ) {
+            Log.d(TAG, "Launch traffic stats update")
+            trafficStats.reset()
+            startTrafficStatsUpdateJob()
+        }
+    }
+
+    @MainThread
+    private fun startTrafficStatsUpdateJob() {
+        if (trafficStatsUpdateJob == null && trafficStats.isSupported()) {
+            Log.d(TAG, "Start traffic stats update")
+            trafficStatsUpdateJob = mainScope.launch {
+                while (true) {
+                    trafficStats.getSpeed().let { speed ->
+                        if (isConnected) {
+                            serviceNotification.updateSpeed(speed)
+                        }
+                    }
+                    delay(TRAFFIC_STATS_UPDATE_TIMEOUT)
+                }
+            }
+        }
+    }
+
+    @MainThread
+    private fun stopTrafficStatsUpdateJob() {
+        Log.d(TAG, "Stop traffic stats update")
+        trafficStatsUpdateJob?.cancel()
+        trafficStatsUpdateJob = null
+    }
+
+    @MainThread
+    private fun connect(vpnConfig: String? = null) {
+        if (vpnConfig == null) {
+            connectToVpn(Prefs.load(PREFS_CONFIG_KEY))
+        } else {
+            Prefs.save(PREFS_CONFIG_KEY, vpnConfig)
+            connectToVpn(vpnConfig)
+        }
+    }
+
+    @MainThread
+    private fun connectToVpn(vpnConfig: String) {
         if (isConnected || protocolState.value == CONNECTING) return
 
         Log.d(TAG, "Start VPN connection")
@@ -340,6 +487,7 @@ class AmneziaVpnService : VpnService() {
         protocolState.value = CONNECTING
 
         val config = parseConfigToJson(vpnConfig)
+        saveServerData(config)
         if (config == null) {
             onError("Invalid VPN config")
             protocolState.value = DISCONNECTED
@@ -417,24 +565,40 @@ class AmneziaVpnService : VpnService() {
     private fun onError(msg: String) {
         Log.e(TAG, msg)
         mainScope.launch {
-            clientMessenger.send {
+            clientMessengers.send {
                 ServiceEvent.ERROR.packToMessage {
-                    putString(ERROR_MSG, msg)
+                    putString(MSG_ERROR, msg)
                 }
             }
         }
     }
 
-    private fun parseConfigToJson(vpnConfig: String?): JSONObject? =
-        try {
-            vpnConfig?.let {
-                JSONObject(it)
-            }
-        } catch (e: JSONException) {
-            onError("Invalid VPN config json format: ${e.message}")
+    private fun parseConfigToJson(vpnConfig: String): JSONObject? =
+        if (vpnConfig.isBlank()) {
             null
+        } else {
+            try {
+                JSONObject(vpnConfig)
+            } catch (e: JSONException) {
+                onError("Invalid VPN config json format: ${e.message}")
+                null
+            }
         }
 
+    private fun saveServerData(config: JSONObject?) {
+        serverName = config?.opt("description") as String?
+        serverIndex = config?.opt("serverIndex") as Int? ?: -1
+        Log.d(TAG, "Save server data: ($serverIndex, $serverName)")
+        Prefs.save(PREFS_SERVER_NAME, serverName)
+        Prefs.save(PREFS_SERVER_INDEX, serverIndex)
+    }
+
+    private fun loadServerData() {
+        serverName = Prefs.load<String>(PREFS_SERVER_NAME).ifBlank { null }
+        if (serverName != null) serverIndex = Prefs.load(PREFS_SERVER_INDEX)
+        Log.d(TAG, "Load server data: ($serverIndex, $serverName)")
+    }
+
     private fun checkPermission(): Boolean =
         if (prepare(applicationContext) != null) {
             Intent(this, VpnRequestActivity::class.java).apply {
@@ -446,4 +610,11 @@ class AmneziaVpnService : VpnService() {
         } else {
             true
         }
+
+    companion object {
+        fun isRunning(context: Context): Boolean =
+            context.getSystemService<ActivityManager>()!!.runningAppProcesses.any {
+                it.processName == PROCESS_NAME && it.importance <= IMPORTANCE_FOREGROUND_SERVICE
+            }
+    }
 }

client/android/src/org/amnezia/vpn/AppListProvider.kt

@@ -0,0 +1,73 @@
+import android.Manifest.permission.INTERNET
+import android.content.pm.ApplicationInfo
+import android.content.pm.PackageInfo
+import android.content.pm.PackageManager
+import android.content.pm.PackageManager.NameNotFoundException
+import android.graphics.Bitmap
+import android.graphics.Bitmap.Config.ARGB_8888
+import androidx.core.graphics.drawable.toBitmapOrNull
+import org.amnezia.vpn.util.Log
+import org.json.JSONArray
+import org.json.JSONObject
+
+private const val TAG = "AppListProvider"
+
+object AppListProvider {
+    fun getAppList(pm: PackageManager, selfPackageName: String): String {
+        val jsonArray = JSONArray()
+        pm.getPackagesHoldingPermissions(arrayOf(INTERNET), 0)
+            .filter { it.packageName != selfPackageName }
+            .map { App(it, pm) }
+            .sortedWith(App::compareTo)
+            .map(App::toJson)
+            .forEach(jsonArray::put)
+        return jsonArray.toString()
+    }
+
+    fun getAppIcon(pm: PackageManager, packageName: String, width: Int, height: Int): Bitmap {
+        val icon = try {
+            pm.getApplicationIcon(packageName)
+        } catch (e: NameNotFoundException) {
+            Log.e(TAG, "Package $packageName was not found: $e")
+            pm.defaultActivityIcon
+        }
+        val w: Int = if (width > 0) width else icon.intrinsicWidth
+        val h: Int = if (height > 0) height else icon.intrinsicHeight
+        return icon.toBitmapOrNull(w, h, ARGB_8888)
+            ?: Bitmap.createBitmap(w, h, ARGB_8888)
+    }
+}
+
+private class App(pi: PackageInfo, pm: PackageManager, ai: ApplicationInfo = pi.applicationInfo) : Comparable<App> {
+    val name: String?
+    val packageName: String = pi.packageName
+    val icon: Boolean = ai.icon != 0
+    val isLaunchable: Boolean = pm.getLaunchIntentForPackage(packageName) != null
+
+    init {
+        val name = ai.loadLabel(pm).toString()
+        this.name = if (name != packageName) name else null
+    }
+
+    override fun compareTo(other: App): Int {
+        val r = other.isLaunchable.compareTo(isLaunchable)
+        if (r != 0) return r
+        if (name != other.name) {
+            return when {
+                name == null -> 1
+                other.name == null -> -1
+                else -> String.CASE_INSENSITIVE_ORDER.compare(name, other.name)
+            }
+        }
+        return String.CASE_INSENSITIVE_ORDER.compare(packageName, other.packageName)
+    }
+
+    fun toJson(): JSONObject {
+        val jsonObject = JSONObject()
+        jsonObject.put("package", packageName)
+        jsonObject.put("name", name)
+        jsonObject.put("icon", icon)
+        jsonObject.put("launchable", isLaunchable)
+        return jsonObject
+    }
+}

client/android/src/org/amnezia/vpn/IpcMessage.kt

@@ -20,9 +20,7 @@ sealed interface IpcMessage {
 }
 
 enum class ServiceEvent : IpcMessage {
-    CONNECTED,
-    DISCONNECTED,
-    RECONNECTING,
+    STATUS_CHANGED,
     STATUS,
     STATISTICS_UPDATE,
     ERROR
@@ -30,9 +28,11 @@ enum class ServiceEvent : IpcMessage {
 
 enum class Action : IpcMessage {
     REGISTER_CLIENT,
+    UNREGISTER_CLIENT,
     CONNECT,
     DISCONNECT,
     REQUEST_STATUS,
+    NOTIFICATION_PERMISSION_GRANTED,
     SET_SAVE_LOGS
 }
 

client/android/src/org/amnezia/vpn/IpcMessenger.kt

@@ -9,11 +9,21 @@ import org.amnezia.vpn.util.Log
 private const val TAG = "IpcMessenger"
 
 class IpcMessenger(
+    messengerName: String? = null,
     private val onDeadObjectException: () -> Unit = {},
-    private val onRemoteException: () -> Unit = {},
-    private val messengerName: String = "Unknown"
+    private val onRemoteException: () -> Unit = {}
 ) {
     private var messenger: Messenger? = null
+    val name = messengerName ?: "Unknown"
+
+    constructor(
+        messenger: Messenger,
+        messengerName: String? = null,
+        onDeadObjectException: () -> Unit = {},
+        onRemoteException: () -> Unit = {}
+    ) : this(messengerName, onDeadObjectException, onRemoteException) {
+        this.messenger = messenger
+    }
 
     fun set(messenger: Messenger) {
         this.messenger = messenger
@@ -25,19 +35,29 @@ class IpcMessenger(
 
     fun send(msg: () -> Message) = messenger?.sendMsg(msg())
 
+    fun send(msg: Message, replyTo: Messenger) = messenger?.sendMsg(msg.apply { this.replyTo = replyTo })
+
     fun <T> send(msg: T)
         where T : Enum<T>, T : IpcMessage = messenger?.sendMsg(msg.packToMessage())
 
+    fun <T> send(msg: T, replyTo: Messenger)
+        where T : Enum<T>, T : IpcMessage = messenger?.sendMsg(msg.packToMessage().apply { this.replyTo = replyTo })
+
     private fun Messenger.sendMsg(msg: Message) {
         try {
             send(msg)
         } catch (e: DeadObjectException) {
-            Log.w(TAG, "$messengerName messenger is dead")
+            Log.w(TAG, "$name messenger is dead")
             messenger = null
             onDeadObjectException()
         } catch (e: RemoteException) {
-            Log.w(TAG, "Sending a message to the $messengerName messenger failed: ${e.message}")
+            Log.w(TAG, "Sending a message to the $name messenger failed: ${e.message}")
             onRemoteException()
         }
     }
 }
+
+fun Map<Messenger, IpcMessenger>.send(msg: () -> Message) = this.values.forEach { it.send(msg) }
+
+fun <T> Map<Messenger, IpcMessenger>.send(msg: T)
+    where T : Enum<T>, T : IpcMessage = this.values.forEach { it.send(msg) }

client/android/src/org/amnezia/vpn/PackageManagerHelper.java

@@ -1,189 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-package org.amnezia.vpn;
-
-import android.Manifest;
-import android.content.Context;
-import android.content.Intent;
-import android.content.pm.ApplicationInfo;
-import android.content.pm.PackageInfo;
-import android.content.pm.PackageManager;
-import android.content.pm.ResolveInfo;
-import android.graphics.Color;
-import android.graphics.drawable.ColorDrawable;
-import android.graphics.drawable.Drawable;
-import android.Manifest.permission;
-import android.net.Uri;
-import android.os.Build;
-import android.util.Log;
-import android.webkit.WebView;
-
-import org.json.JSONException;
-import org.json.JSONObject;
-
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.List;
-import java.util.regex.Pattern;
-
-// Gets used by /platforms/android/androidAppListProvider.cpp
-public class PackageManagerHelper {
-  final static String TAG = "PackageManagerHelper";
-  final static int MIN_CHROME_VERSION = 65;
-
-  final static List<String> CHROME_BROWSERS = Arrays.asList(
-      new String[] {"com.google.android.webview", "com.android.webview", "com.google.chrome"});
-
-  private static String getAllAppNames(Context ctx) {
-    JSONObject output = new JSONObject();
-    PackageManager pm = ctx.getPackageManager();
-    List<String> browsers = getBrowserIDs(pm);
-    List<PackageInfo> packs = pm.getInstalledPackages(PackageManager.GET_PERMISSIONS);
-    for (int i = 0; i < packs.size(); i++) {
-      PackageInfo p = packs.get(i);
-      // Do not add ourselves and System Apps to the list, unless it might be a browser
-      if ((!isSystemPackage(p,pm) || browsers.contains(p.packageName))
-          && !isSelf(p)) {
-        String appid = p.packageName;
-        String appName = p.applicationInfo.loadLabel(pm).toString();
-        try {
-          output.put(appid, appName);
-        } catch (JSONException e) {
-          e.printStackTrace();
-        }
-      }
-    }
-    return output.toString();
-  }
-
-  private static Drawable getAppIcon(Context ctx, String id) {
-    try {
-      return ctx.getPackageManager().getApplicationIcon(id);
-    } catch (PackageManager.NameNotFoundException e) {
-      e.printStackTrace();
-    }
-    return new ColorDrawable(Color.TRANSPARENT);
-  }
-
-  private static boolean isSystemPackage(PackageInfo pkgInfo, PackageManager pm) {
-    if( (pkgInfo.applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) == 0){
-      // no system app
-      return false;
-    }
-    // For Systems Packages there are Cases where we want to add it anyway:
-    // Has the use Internet permission (otherwise makes no sense)
-    // Had at least 1 update (this means it's probably on any AppStore)
-    // Has a a launch activity (has a ui and is not just a system service)
-
-    if(!usesInternet(pkgInfo)){
-      return true;
-    }
-    if(!hadUpdate(pkgInfo)){
-      return true;
-    }
-    if(pm.getLaunchIntentForPackage(pkgInfo.packageName) == null){
-      // If there is no way to launch this from a homescreen, def a sys package
-      return true;
-    }
-    return false;
-  }
-  private static boolean isSelf(PackageInfo pkgInfo) {
-    return pkgInfo.packageName.equals("org.amnezia.vpn")
-        || pkgInfo.packageName.equals("org.amnezia.vpn.debug");
-  }
-  private static boolean usesInternet(PackageInfo pkgInfo){
-    if(pkgInfo.requestedPermissions == null){
-      return false;
-    }
-    for(int i=0; i < pkgInfo.requestedPermissions.length; i++) {
-      String permission = pkgInfo.requestedPermissions[i];
-      if(Manifest.permission.INTERNET.equals(permission)){
-        return true;
-      }
-    }
-    return false;
-  }
-  private static boolean hadUpdate(PackageInfo pkgInfo){
-    return pkgInfo.lastUpdateTime > pkgInfo.firstInstallTime;
-  }
-
-  // Returns List of all Packages that can classify themselves as browsers
-  private static List<String> getBrowserIDs(PackageManager pm) {
-    Intent intent = new Intent(Intent.ACTION_VIEW, Uri.parse("https://www.amnezia.org/"));
-    intent.addCategory(Intent.CATEGORY_BROWSABLE);
-    // We've tried using PackageManager.MATCH_DEFAULT_ONLY flag and found that browsers that
-    // are not set as the default browser won't be matched even if they had CATEGORY_DEFAULT set
-    // in the intent filter
-
-    List<ResolveInfo> resolveInfos = pm.queryIntentActivities(intent, PackageManager.MATCH_ALL);
-    List<String> browsers = new ArrayList<String>();
-    for (int i = 0; i < resolveInfos.size(); i++) {
-      ResolveInfo info = resolveInfos.get(i);
-      String browserID = info.activityInfo.packageName;
-      browsers.add(browserID);
-    }
-    return browsers;
-  }
-
-  // Gets called in AndroidAuthenticationListener;
-  public static boolean isWebViewSupported(Context ctx) {
-    Log.v(TAG, "Checking if installed Webview is compatible with FxA");
-    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
-      // The default Webview is able do to FXA
-      return true;
-    }
-    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) {
-      PackageInfo pi = WebView.getCurrentWebViewPackage();
-      if (CHROME_BROWSERS.contains(pi.packageName)) {
-        return isSupportedChromeBrowser(pi);
-      }
-      return isNotAncientBrowser(pi);
-    }
-
-    // Before O the webview is hardcoded, but we dont know which package it is.
-    // Check if com.google.android.webview is installed
-    PackageManager pm = ctx.getPackageManager();
-    try {
-      PackageInfo pi = pm.getPackageInfo("com.google.android.webview", 0);
-      return isSupportedChromeBrowser(pi);
-    } catch (PackageManager.NameNotFoundException e) {
-    }
-    // Otherwise check com.android.webview
-    try {
-      PackageInfo pi = pm.getPackageInfo("com.android.webview", 0);
-      return isSupportedChromeBrowser(pi);
-    } catch (PackageManager.NameNotFoundException e) {
-    }
-    Log.e(TAG, "Android System WebView is not found");
-    // Giving up :(
-    return false;
-  }
-
-  private static boolean isSupportedChromeBrowser(PackageInfo pi) {
-    Log.d(TAG, "Checking Chrome Based Browser: " + pi.packageName);
-    Log.d(TAG, "version name: " + pi.versionName);
-    Log.d(TAG, "version code: " + pi.versionCode);
-    try {
-      String versionCode = pi.versionName.split(Pattern.quote(" "))[0];
-      String majorVersion = versionCode.split(Pattern.quote("."))[0];
-      int version = Integer.parseInt(majorVersion);
-      return version >= MIN_CHROME_VERSION;
-    } catch (Exception e) {
-      Log.e(TAG, "Failed to check Chrome Version Code " + pi.versionName);
-      return false;
-    }
-  }
-
-  private static boolean isNotAncientBrowser(PackageInfo pi) {
-    // Not a google chrome - So the version name is worthless
-    // Lets just make sure the WebView
-    // used is not ancient ==> Was updated in at least the last 365 days
-    Log.d(TAG, "Checking Chrome Based Browser: " + pi.packageName);
-    Log.d(TAG, "version name: " + pi.versionName);
-    Log.d(TAG, "version code: " + pi.versionCode);
-    double oneYearInMillis = 31536000000L;
-    return pi.lastUpdateTime > (System.currentTimeMillis() - oneYearInMillis);
-  }
-}

client/android/src/org/amnezia/vpn/ServiceNotification.kt

@@ -0,0 +1,180 @@
+package org.amnezia.vpn
+
+import android.Manifest.permission
+import android.annotation.SuppressLint
+import android.app.Notification
+import android.app.NotificationManager
+import android.app.PendingIntent
+import android.content.Context
+import android.content.Intent
+import android.content.pm.PackageManager
+import android.os.Build
+import androidx.core.app.NotificationChannelCompat.Builder
+import androidx.core.app.NotificationCompat
+import androidx.core.app.NotificationCompat.Action
+import androidx.core.app.NotificationManagerCompat
+import androidx.core.content.ContextCompat
+import org.amnezia.vpn.protocol.ProtocolState
+import org.amnezia.vpn.protocol.ProtocolState.CONNECTED
+import org.amnezia.vpn.protocol.ProtocolState.DISCONNECTED
+import org.amnezia.vpn.util.Log
+import org.amnezia.vpn.util.net.TrafficStats.TrafficData
+
+private const val TAG = "ServiceNotification"
+
+private const val OLD_NOTIFICATION_CHANNEL_ID: String = "org.amnezia.vpn.notification"
+private const val NOTIFICATION_CHANNEL_ID: String = "org.amnezia.vpn.notifications"
+const val NOTIFICATION_ID = 1337
+
+private const val GET_ACTIVITY_REQUEST_CODE = 0
+private const val CONNECT_REQUEST_CODE = 1
+private const val DISCONNECT_REQUEST_CODE = 2
+
+class ServiceNotification(private val context: Context) {
+
+    private val upDownSymbols = when (Build.BRAND) {
+        "Infinix" -> '˅' to '˄'
+        else -> '↓' to '↑'
+    }
+
+    private val notificationManager = NotificationManagerCompat.from(context)
+
+    private val notificationBuilder = NotificationCompat.Builder(context, NOTIFICATION_CHANNEL_ID)
+        .setShowWhen(false)
+        .setOngoing(true)
+        .setPriority(NotificationCompat.PRIORITY_DEFAULT)
+        .setVisibility(NotificationCompat.VISIBILITY_PUBLIC)
+        .setForegroundServiceBehavior(NotificationCompat.FOREGROUND_SERVICE_IMMEDIATE)
+        .setCategory(NotificationCompat.CATEGORY_SERVICE)
+        .setContentIntent(
+            PendingIntent.getActivity(
+                context,
+                GET_ACTIVITY_REQUEST_CODE,
+                Intent(context, AmneziaActivity::class.java),
+                PendingIntent.FLAG_IMMUTABLE or PendingIntent.FLAG_UPDATE_CURRENT
+            )
+        )
+
+    private val zeroSpeed: String = with(TrafficData.ZERO) {
+        formatSpeedString(rxString, txString)
+    }
+
+    fun buildNotification(serverName: String?, state: ProtocolState): Notification {
+        val speedString = if (state == CONNECTED) zeroSpeed else null
+
+        Log.d(TAG, "Build notification: $serverName, $state")
+
+        return notificationBuilder
+            .setSmallIcon(R.drawable.ic_amnezia_round)
+            .setContentTitle(serverName ?: "AmneziaVPN")
+            .setContentText(context.getString(state))
+            .setSubText(speedString)
+            .setWhen(System.currentTimeMillis())
+            .clearActions()
+            .apply {
+                getAction(state)?.let {
+                    addAction(it)
+                }
+            }
+            .build()
+    }
+
+    private fun buildNotification(speed: TrafficData): Notification =
+        notificationBuilder
+            .setWhen(System.currentTimeMillis())
+            .setSubText(getSpeedString(speed))
+            .build()
+
+    fun isNotificationEnabled(): Boolean {
+        if (!context.isNotificationPermissionGranted()) return false
+        if (!notificationManager.areNotificationsEnabled()) return false
+        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) {
+            return notificationManager.getNotificationChannel(NOTIFICATION_CHANNEL_ID)
+                ?.let { it.importance != NotificationManager.IMPORTANCE_NONE } ?: true
+        }
+        return true
+    }
+
+    @SuppressLint("MissingPermission")
+    fun updateNotification(serverName: String?, state: ProtocolState) {
+        if (context.isNotificationPermissionGranted()) {
+            Log.d(TAG, "Update notification: $serverName, $state")
+            notificationManager.notify(NOTIFICATION_ID, buildNotification(serverName, state))
+        }
+    }
+
+    @SuppressLint("MissingPermission")
+    fun updateSpeed(speed: TrafficData) {
+        if (context.isNotificationPermissionGranted()) {
+            notificationManager.notify(NOTIFICATION_ID, buildNotification(speed))
+        }
+    }
+
+    private fun getSpeedString(traffic: TrafficData) =
+        if (traffic == TrafficData.ZERO) zeroSpeed
+        else formatSpeedString(traffic.rxString, traffic.txString)
+
+    private fun formatSpeedString(rx: String, tx: String) = with(upDownSymbols) { "$first $rx  $second $tx" }
+
+    private fun getAction(state: ProtocolState): Action? {
+        return when (state) {
+            CONNECTED -> {
+                Action(
+                    0, context.getString(R.string.disconnect),
+                    PendingIntent.getBroadcast(
+                        context,
+                        DISCONNECT_REQUEST_CODE,
+                        Intent(ACTION_DISCONNECT).apply {
+                            setPackage("org.amnezia.vpn")
+                        },
+                        PendingIntent.FLAG_IMMUTABLE or PendingIntent.FLAG_UPDATE_CURRENT
+                    )
+                )
+            }
+
+            DISCONNECTED -> {
+                Action(
+                    0, context.getString(R.string.connect),
+                    createServicePendingIntent(
+                        context,
+                        CONNECT_REQUEST_CODE,
+                        Intent(context, AmneziaVpnService::class.java),
+                        PendingIntent.FLAG_IMMUTABLE or PendingIntent.FLAG_UPDATE_CURRENT
+                    )
+                )
+            }
+
+            else -> null
+        }
+    }
+
+    private val createServicePendingIntent: (Context, Int, Intent, Int) -> PendingIntent =
+        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) {
+            PendingIntent::getForegroundService
+        } else {
+            PendingIntent::getService
+        }
+
+    companion object {
+        fun createNotificationChannel(context: Context) {
+            with(NotificationManagerCompat.from(context)) {
+                deleteNotificationChannel(OLD_NOTIFICATION_CHANNEL_ID)
+                createNotificationChannel(
+                    Builder(NOTIFICATION_CHANNEL_ID, NotificationManagerCompat.IMPORTANCE_DEFAULT)
+                        .setShowBadge(false)
+                        .setSound(null, null)
+                        .setVibrationEnabled(false)
+                        .setLightsEnabled(false)
+                        .setName("AmneziaVPN")
+                        .setDescription(context.resources.getString(R.string.notificationChannelDescription))
+                        .build()
+                )
+            }
+        }
+    }
+}
+
+fun Context.isNotificationPermissionGranted(): Boolean =
+    Build.VERSION.SDK_INT < Build.VERSION_CODES.TIRAMISU ||
+        ContextCompat.checkSelfPermission(this, permission.POST_NOTIFICATIONS) ==
+        PackageManager.PERMISSION_GRANTED

client/android/src/org/amnezia/vpn/VpnRequestActivity.kt

@@ -1,12 +1,14 @@
 package org.amnezia.vpn
 
+import android.app.AlertDialog
 import android.app.KeyguardManager
 import android.content.BroadcastReceiver
-import android.content.Context
 import android.content.Intent
-import android.content.IntentFilter
+import android.content.res.Configuration.UI_MODE_NIGHT_MASK
+import android.content.res.Configuration.UI_MODE_NIGHT_YES
 import android.net.VpnService
 import android.os.Bundle
+import android.provider.Settings
 import android.widget.Toast
 import androidx.activity.ComponentActivity
 import androidx.activity.result.ActivityResult
@@ -29,11 +31,9 @@ class VpnRequestActivity : ComponentActivity() {
         val requestIntent = VpnService.prepare(applicationContext)
         if (requestIntent != null) {
             if (getSystemService<KeyguardManager>()!!.isKeyguardLocked) {
-                userPresentReceiver = object : BroadcastReceiver() {
-                    override fun onReceive(context: Context?, intent: Intent?) =
-                        requestLauncher.launch(requestIntent)
+                userPresentReceiver = registerBroadcastReceiver(Intent.ACTION_USER_PRESENT) {
+                    requestLauncher.launch(requestIntent)
                 }
-                registerReceiver(userPresentReceiver, IntentFilter(Intent.ACTION_USER_PRESENT))
             } else {
                 requestLauncher.launch(requestIntent)
             }
@@ -45,26 +45,49 @@ class VpnRequestActivity : ComponentActivity() {
     }
 
     override fun onDestroy() {
-        userPresentReceiver?.let {
-            unregisterReceiver(it)
-        }
+        unregisterBroadcastReceiver(userPresentReceiver)
+        userPresentReceiver = null
         super.onDestroy()
     }
 
     private fun checkRequestResult(result: ActivityResult) {
-        when (result.resultCode) {
-            RESULT_OK -> onPermissionGranted()
-            else -> Toast.makeText(this, "Vpn permission denied", Toast.LENGTH_LONG).show()
+        when (val resultCode = result.resultCode) {
+            RESULT_OK -> {
+                onPermissionGranted()
+                finish()
+            }
+
+            else -> {
+                Log.w(TAG, "Vpn permission denied, resultCode: $resultCode")
+                showOnVpnPermissionRejectDialog()
+            }
         }
-        finish()
     }
 
     private fun onPermissionGranted() {
-        Toast.makeText(this, "Vpn permission granted", Toast.LENGTH_LONG).show()
+        Toast.makeText(this, resources.getString(R.string.vpnGranted), Toast.LENGTH_LONG).show()
         Intent(applicationContext, AmneziaVpnService::class.java).apply {
             putExtra(AFTER_PERMISSION_CHECK, true)
         }.also {
             ContextCompat.startForegroundService(this, it)
         }
     }
+
+    private fun showOnVpnPermissionRejectDialog() {
+        AlertDialog.Builder(this, getDialogTheme())
+            .setTitle(R.string.vpnSetupFailed)
+            .setMessage(R.string.vpnSetupFailedMessage)
+            .setNegativeButton(R.string.ok) { _, _ -> }
+            .setPositiveButton(R.string.openVpnSettings) { _, _ ->
+                startActivity(Intent(Settings.ACTION_VPN_SETTINGS))
+            }
+            .setOnDismissListener { finish() }
+            .show()
+    }
+
+    private fun getDialogTheme(): Int =
+        if (resources.configuration.uiMode and UI_MODE_NIGHT_MASK == UI_MODE_NIGHT_YES)
+            android.R.style.Theme_DeviceDefault_Dialog_Alert
+        else
+            android.R.style.Theme_DeviceDefault_Light_Dialog_Alert
 }

client/android/src/org/amnezia/vpn/VpnState.kt

@@ -0,0 +1,80 @@
+package org.amnezia.vpn
+
+import android.app.Application
+import androidx.datastore.core.MultiProcessDataStoreFactory
+import androidx.datastore.core.Serializer
+import androidx.datastore.dataStoreFile
+import java.io.ByteArrayInputStream
+import java.io.ByteArrayOutputStream
+import java.io.InputStream
+import java.io.ObjectInputStream
+import java.io.ObjectOutputStream
+import java.io.OutputStream
+import java.io.Serializable
+import kotlinx.coroutines.Dispatchers
+import kotlinx.coroutines.flow.Flow
+import kotlinx.coroutines.withContext
+import org.amnezia.vpn.protocol.ProtocolState
+import org.amnezia.vpn.protocol.ProtocolState.DISCONNECTED
+import org.amnezia.vpn.util.Log
+
+private const val TAG = "VpnState"
+private const val STORE_FILE_NAME = "vpnState"
+
+data class VpnState(
+    val protocolState: ProtocolState,
+    val serverName: String? = null,
+    val serverIndex: Int = -1
+) : Serializable {
+    companion object {
+        private const val serialVersionUID: Long = -1760654961004181606
+        val defaultState: VpnState = VpnState(DISCONNECTED)
+    }
+}
+
+object VpnStateStore {
+    private lateinit var app: Application
+
+    private val dataStore = MultiProcessDataStoreFactory.create(
+        serializer = VpnStateSerializer(),
+        produceFile = { app.dataStoreFile(STORE_FILE_NAME) }
+    )
+
+    fun init(app: Application) {
+        Log.v(TAG, "Init VpnStateStore")
+        this.app = app
+    }
+
+    fun dataFlow(): Flow<VpnState> = dataStore.data
+
+    suspend fun store(f: (vpnState: VpnState) -> VpnState) {
+        try {
+            dataStore.updateData(f)
+        } catch (e : Exception) {
+            Log.e(TAG, "Failed to store VpnState: $e")
+        }
+    }
+}
+
+private class VpnStateSerializer : Serializer<VpnState> {
+    override val defaultValue: VpnState = VpnState.defaultState
+
+    override suspend fun readFrom(input: InputStream): VpnState {
+        return withContext(Dispatchers.IO) {
+            val bios = ByteArrayInputStream(input.readBytes())
+            ObjectInputStream(bios).use {
+                it.readObject() as VpnState
+            }
+        }
+    }
+
+    override suspend fun writeTo(t: VpnState, output: OutputStream) {
+        withContext(Dispatchers.IO) {
+            val baos = ByteArrayOutputStream()
+            ObjectOutputStream(baos).use {
+                it.writeObject(t)
+            }
+            output.write(baos.toByteArray())
+        }
+    }
+}

client/android/src/org/amnezia/vpn/qt/QtAndroidController.kt

@@ -1,18 +1,24 @@
 package org.amnezia.vpn.qt
 
+import org.amnezia.vpn.protocol.ProtocolState
+import org.amnezia.vpn.protocol.Status
+
 /**
  * JNI functions of the AndroidController class from android_controller.cpp,
  * called by events in the Android part of the client
  */
 object QtAndroidController {
+
+    fun onStatus(status: Status) = onStatus(status.state)
+    fun onStatus(protocolState: ProtocolState) = onStatus(protocolState.ordinal)
+
     external fun onStatus(stateCode: Int)
     external fun onServiceDisconnected()
     external fun onServiceError()
 
     external fun onVpnPermissionRejected()
-    external fun onVpnConnected()
-    external fun onVpnDisconnected()
-    external fun onVpnReconnecting()
+    external fun onNotificationStateChanged()
+    external fun onVpnStateChanged(stateCode: Int)
     external fun onStatisticsUpdate(rxBytes: Long, txBytes: Long)
 
     external fun onFileOpened(uri: String)

client/android/utils/build.gradle.kts

@@ -17,5 +17,7 @@ android {
 }
 
 dependencies {
+    implementation(libs.androidx.core)
+    implementation(libs.kotlinx.coroutines)
     implementation(libs.androidx.security.crypto)
 }

client/android/utils/src/main/kotlin/Log.kt

@@ -109,9 +109,11 @@ object Log {
         "${deviceInfo()}\n${readLogs()}\nLOGCAT:\n${getLogcat()}"
 
     fun clearLogs() {
-        withLock {
-            logFile.delete()
-            rotateLogFile.delete()
+        if (logDir.exists()) {
+            withLock {
+                logFile.delete()
+                rotateLogFile.delete()
+            }
         }
     }
 

client/android/utils/src/main/kotlin/net/InetEndpoint.kt

@@ -1,16 +1,21 @@
 package org.amnezia.vpn.util.net
 
+import java.net.Inet4Address
 import java.net.InetAddress
 
 data class InetEndpoint(val address: InetAddress, val port: Int) {
 
-    override fun toString(): String = "${address.hostAddress}:$port"
+    override fun toString(): String = if (address is Inet4Address) {
+        "${address.ip}:$port"
+    } else {
+        "[${address.ip}]:$port"
+    }
 
     companion object {
         fun parse(data: String): InetEndpoint {
-            val split = data.split(":")
-            val address = parseInetAddress(split.first())
-            val port = split.last().toInt()
+            val i = data.lastIndexOf(':')
+            val address = parseInetAddress(data.substring(0, i))
+            val port = data.substring(i + 1).toInt()
             return InetEndpoint(address, port)
         }
     }

client/android/utils/src/main/kotlin/net/InetNetwork.kt

@@ -9,7 +9,11 @@ data class InetNetwork(val address: InetAddress, val mask: Int) {
 
     constructor(address: InetAddress) : this(address, address.maxPrefixLength)
 
-    override fun toString(): String = "${address.hostAddress}/$mask"
+    val isIpv4: Boolean = address is Inet4Address
+    val isIpv6: Boolean
+        get() = !isIpv4
+
+    override fun toString(): String = "${address.ip}/$mask"
 
     companion object {
         fun parse(data: String): InetNetwork {

client/android/utils/src/main/kotlin/net/IpAddress.kt

@@ -3,12 +3,17 @@ package org.amnezia.vpn.util.net
 import java.net.InetAddress
 
 @OptIn(ExperimentalUnsignedTypes::class)
-class IpAddress private constructor(private val address: UByteArray) : Comparable<IpAddress> {
+internal class IpAddress private constructor(private val address: UByteArray) : Comparable<IpAddress> {
 
     val size: Int = address.size
     val lastIndex: Int = address.lastIndex
     val maxMask: Int = size * 8
 
+    @OptIn(ExperimentalStdlibApi::class)
+    val hexFormat: HexFormat by lazy {
+        HexFormat { number.removeLeadingZeros = true }
+    }
+
     constructor(inetAddress: InetAddress) : this(inetAddress.address.asUByteArray())
 
     constructor(ipAddress: String) : this(parseInetAddress(ipAddress))
@@ -43,6 +48,8 @@ class IpAddress private constructor(private val address: UByteArray) : Comparabl
         return copy
     }
 
+    fun isMinIp(): Boolean = address.all { it == 0x00u.toUByte() }
+
     fun isMaxIp(): Boolean = address.all { it == 0xffu.toUByte() }
 
     override fun compareTo(other: IpAddress): Int {
@@ -74,12 +81,14 @@ class IpAddress private constructor(private val address: UByteArray) : Comparabl
     private fun toIpv6String(): String {
         val sb = StringBuilder()
         var i = 0
+        var block: Int
         while (i < size) {
-            sb.append(address[i++].toHexString())
-            sb.append(address[i++].toHexString())
+            block = address[i++].toInt() shl 8
+            block += address[i++].toInt()
+            sb.append(block.toHexString(hexFormat))
             sb.append(':')
         }
         sb.deleteAt(sb.lastIndex)
-        return sb.toString()
+        return convertIpv6ToCanonicalForm(sb.toString())
     }
 }

client/android/utils/src/main/kotlin/net/IpRange.kt

@@ -2,14 +2,24 @@ package org.amnezia.vpn.util.net
 
 import java.net.InetAddress
 
-class IpRange(private val start: IpAddress, private val end: IpAddress) : Comparable<IpRange> {
+class IpRange internal constructor(
+    internal val start: IpAddress,
+    internal val end: IpAddress
+) : Comparable<IpRange> {
 
     init {
-        if (start > end) throw IllegalArgumentException("Start IP: $start is greater then end IP: $end")
+        if (start.size != end.size) {
+            throw IllegalArgumentException(
+                "Unable to create a range between IPv4 and IPv6 addresses (start IP: [$start], end IP: [$end])"
+            )
+        }
+        if (start > end) throw IllegalArgumentException("Start IP: [$start] is greater then end IP: [$end]")
     }
 
     private constructor(addresses: Pair<IpAddress, IpAddress>) : this(addresses.first, addresses.second)
 
+    internal constructor(ipAddress: IpAddress) : this(ipAddress, ipAddress)
+
     constructor(inetAddress: InetAddress, mask: Int) : this(from(inetAddress, mask))
 
     constructor(address: String, mask: Int) : this(parseInetAddress(address), mask)
@@ -22,6 +32,13 @@ class IpRange(private val start: IpAddress, private val end: IpAddress) : Compar
     private fun isIntersect(other: IpRange): Boolean =
         (start <= other.end) && (end >= other.start)
 
+    operator fun plus(other: IpRange): IpRange? {
+        if (start > other.end && !start.isMinIp() && start.dec() == other.end) return IpRange(other.start, end)
+        if (end < other.start && !end.isMaxIp() && end.inc() == other.start) return IpRange(start, other.end)
+        if (!isIntersect(other)) return null
+        return IpRange(minOf(start, other.start), maxOf(end, other.end))
+    }
+
     operator fun minus(other: IpRange): List<IpRange>? {
         if (this in other) return emptyList()
         if (!isIntersect(other)) return null
@@ -94,9 +111,7 @@ class IpRange(private val start: IpAddress, private val end: IpAddress) : Compar
         return result
     }
 
-    override fun toString(): String {
-        return "$start - $end"
-    }
+    override fun toString(): String = if (start == end) "<$start>" else "<$start - $end>"
 
     companion object {
         private fun from(inetAddress: InetAddress, mask: Int): Pair<IpAddress, IpAddress> {

client/android/utils/src/main/kotlin/net/IpRangeSet.kt

@@ -1,15 +1,35 @@
 package org.amnezia.vpn.util.net
 
-class IpRangeSet(ipRange: IpRange = IpRange("0.0.0.0", 0)) {
+class IpRangeSet {
 
-    private val ranges = sortedSetOf(ipRange)
+    private val ranges = sortedSetOf<IpRange>()
+
+    fun add(ipRange: IpRange) {
+        val iterator = ranges.iterator()
+        var rangeToAdd = ipRange
+        run {
+            while (iterator.hasNext()) {
+                val curRange = iterator.next()
+                if (rangeToAdd.end < curRange.start &&
+                    !rangeToAdd.end.isMaxIp() &&
+                    rangeToAdd.end.inc() != curRange.start) break
+                (curRange + rangeToAdd)?.let { resultRange ->
+                    if (resultRange == curRange) return@run
+                    iterator.remove()
+                    rangeToAdd = resultRange
+                }
+            }
+            ranges += rangeToAdd
+        }
+    }
 
     fun remove(ipRange: IpRange) {
         val iterator = ranges.iterator()
         val splitRanges = mutableListOf<IpRange>()
         while (iterator.hasNext()) {
-            val range = iterator.next()
-            (range - ipRange)?.let { resultRanges ->
+            val curRange = iterator.next()
+            if (ipRange.end < curRange.start) break
+            (curRange - ipRange)?.let { resultRanges ->
                 iterator.remove()
                 splitRanges += resultRanges
             }
@@ -17,10 +37,7 @@ class IpRangeSet(ipRange: IpRange = IpRange("0.0.0.0", 0)) {
         ranges += splitRanges
     }
 
-    fun subnets(): List<InetNetwork> =
-        ranges.map(IpRange::subnets).flatten()
+    fun subnets(): List<InetNetwork> = ranges.map(IpRange::subnets).flatten()
 
-    override fun toString(): String {
-        return ranges.toString()
-    }
+    override fun toString(): String = ranges.toString()
 }

client/android/utils/src/main/kotlin/net/NetworkState.kt

@@ -10,7 +10,9 @@ import android.net.NetworkCapabilities.NET_CAPABILITY_VALIDATED
 import android.net.NetworkRequest
 import android.os.Build
 import android.os.Handler
+import androidx.core.content.getSystemService
 import kotlin.LazyThreadSafetyMode.NONE
+import kotlinx.coroutines.delay
 import org.amnezia.vpn.util.Log
 
 private const val TAG = "NetworkState"
@@ -28,7 +30,7 @@ class NetworkState(
     }
 
     private val connectivityManager: ConnectivityManager by lazy(NONE) {
-        context.getSystemService(Context.CONNECTIVITY_SERVICE) as ConnectivityManager
+        context.getSystemService<ConnectivityManager>()!!
     }
 
     private val networkRequest: NetworkRequest by lazy(NONE) {
@@ -80,13 +82,24 @@ class NetworkState(
         }
     }
 
-    fun bindNetworkListener() {
+    suspend fun bindNetworkListener() {
         if (isListenerBound) return
         Log.d(TAG, "Bind network listener")
         if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.S) {
             connectivityManager.registerBestMatchingNetworkCallback(networkRequest, networkCallback, handler)
         } else if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) {
-            connectivityManager.requestNetwork(networkRequest, networkCallback, handler)
+            try {
+                connectivityManager.requestNetwork(networkRequest, networkCallback, handler)
+            } catch (e: SecurityException) {
+                Log.e(TAG, "Failed to bind network listener: $e")
+                // Android 11 bug: https://issuetracker.google.com/issues/175055271
+                if (e.message?.startsWith("Package android does not belong to") == true) {
+                    delay(1000)
+                    connectivityManager.requestNetwork(networkRequest, networkCallback, handler)
+                } else {
+                    throw e
+                }
+            }
         } else {
             connectivityManager.requestNetwork(networkRequest, networkCallback)
         }

client/android/utils/src/main/kotlin/net/NetworkUtils.kt

@@ -5,12 +5,14 @@ import android.net.ConnectivityManager
 import android.net.InetAddresses
 import android.net.NetworkCapabilities
 import android.os.Build
+import androidx.core.content.getSystemService
+import java.lang.reflect.InvocationTargetException
 import java.net.Inet4Address
 import java.net.Inet6Address
 import java.net.InetAddress
 
 fun getLocalNetworks(context: Context, ipv6: Boolean): List<InetNetwork> {
-    val connectivityManager = context.getSystemService(ConnectivityManager::class.java)
+    val connectivityManager = context.getSystemService<ConnectivityManager>()!!
     connectivityManager.activeNetwork?.let { network ->
         val netCapabilities = connectivityManager.getNetworkCapabilities(network)
         val linkProperties = connectivityManager.getLinkProperties(network)
@@ -39,8 +41,28 @@ private val parseNumericAddressCompat: (String) -> InetAddress =
     if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q) {
         InetAddresses::parseNumericAddress
     } else {
-        val m = InetAddress::class.java.getMethod("parseNumericAddress", String::class.java)
-        fun(address: String): InetAddress {
-            return m.invoke(null, address) as InetAddress
+        try {
+            val m = InetAddress::class.java.getMethod("parseNumericAddress", String::class.java)
+            fun(address: String): InetAddress {
+                try {
+                    return m.invoke(null, address) as InetAddress
+                } catch (e: InvocationTargetException) {
+                    throw e.cause ?: e
+                }
+            }
+        } catch (_: NoSuchMethodException) {
+            fun(address: String): InetAddress {
+                return InetAddress.getByName(address)
+            }
         }
     }
+
+internal fun convertIpv6ToCanonicalForm(ipv6: String): String = ipv6
+    .replace("((?:(?:^|:)0+\\b){2,}):?(?!\\S*\\b\\1:0+\\b)(\\S*)".toRegex(), "::$2")
+
+internal val InetAddress.ip: String
+    get() = if (this is Inet4Address) {
+        hostAddress!!
+    } else {
+        convertIpv6ToCanonicalForm(hostAddress!!)
+    }

client/android/utils/src/main/kotlin/net/TrafficStats.kt

@@ -0,0 +1,93 @@
+package org.amnezia.vpn.util.net
+
+import android.net.TrafficStats
+import android.os.Build
+import android.os.Process
+import android.os.SystemClock
+import kotlin.math.roundToLong
+
+private const val BYTE = 1L
+private const val KiB = BYTE shl 10
+private const val MiB = KiB shl 10
+private const val GiB = MiB shl 10
+private const val TiB = GiB shl 10
+
+class TrafficStats {
+
+    private var lastTrafficData = TrafficData.ZERO
+    private var lastTimestamp = 0L
+
+    private val getTrafficDataCompat: () -> TrafficData =
+        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.S) {
+            val iface = "tun0"
+            fun(): TrafficData {
+                return TrafficData(TrafficStats.getRxBytes(iface), TrafficStats.getTxBytes(iface))
+            }
+        } else {
+            val uid = Process.myUid()
+            fun(): TrafficData {
+                return TrafficData(TrafficStats.getUidRxBytes(uid), TrafficStats.getUidTxBytes(uid))
+            }
+        }
+
+    fun reset() {
+        lastTrafficData = getTrafficDataCompat()
+        lastTimestamp = SystemClock.elapsedRealtime()
+    }
+
+    fun isSupported(): Boolean =
+        lastTrafficData.rx != TrafficStats.UNSUPPORTED.toLong() && lastTrafficData.tx != TrafficStats.UNSUPPORTED.toLong()
+
+    fun getSpeed(): TrafficData {
+        val timestamp = SystemClock.elapsedRealtime()
+        val elapsedSeconds = (timestamp - lastTimestamp) / 1000.0
+        val trafficData = getTrafficDataCompat()
+        val speed = trafficData.diff(lastTrafficData, elapsedSeconds)
+        lastTrafficData = trafficData
+        lastTimestamp = timestamp
+        return speed
+    }
+
+    class TrafficData(val rx: Long, val tx: Long) {
+
+        private var _rxString: String? = null
+        val rxString: String
+            get() {
+                if (_rxString == null) _rxString = rx.speedToString()
+                return _rxString ?: throw AssertionError("Set to null by another thread")
+            }
+
+        private var _txString: String? = null
+        val txString: String
+            get() {
+                if (_txString == null) _txString = tx.speedToString()
+                return _txString ?: throw AssertionError("Set to null by another thread")
+            }
+
+        fun diff(other: TrafficData, elapsedSeconds: Double): TrafficData {
+            val rx = ((this.rx - other.rx) / elapsedSeconds).round()
+            val tx = ((this.tx - other.tx) / elapsedSeconds).round()
+            return if (rx == 0L && tx == 0L) ZERO else TrafficData(rx, tx)
+        }
+
+        private fun Double.round() = if (isNaN()) 0L else roundToLong()
+
+        private fun Long.speedToString() =
+            when {
+                this < KiB -> formatSize(this, BYTE, "B/s")
+                this < MiB -> formatSize(this, KiB, "KiB/s")
+                this < GiB -> formatSize(this, MiB, "MiB/s")
+                this < TiB -> formatSize(this, GiB, "GiB/s")
+                else -> formatSize(this, TiB, "TiB/s")
+            }
+
+        private fun formatSize(bytes: Long, divider: Long, unit: String): String {
+            val s = (bytes.toDouble() / divider * 100).roundToLong() / 100.0
+            return "${s.toString().removeSuffix(".0")} $unit"
+        }
+
+        companion object {
+            val ZERO: TrafficData = TrafficData(0L, 0L)
+        }
+    }
+}

client/android/wireguard/src/main/kotlin/com/wireguard/android/backend/GoBackend.kt

@@ -1,12 +0,0 @@
-package com.wireguard.android.backend
-
-// TODO: Refactor Amnezia wireguard project by changing the JNI method names
-//  to move this object to 'org.amnezia.vpn.protocol.wireguard.backend' package
-object GoBackend {
-    external fun wgGetConfig(handle: Int): String?
-    external fun wgGetSocketV4(handle: Int): Int
-    external fun wgGetSocketV6(handle: Int): Int
-    external fun wgTurnOff(handle: Int)
-    external fun wgTurnOn(ifName: String, tunFd: Int, settings: String): Int
-    external fun wgVersion(): String
-}

client/android/wireguard/src/main/kotlin/org/amnezia/awg/GoBackend.kt

@@ -0,0 +1,10 @@
+package org.amnezia.awg
+
+object GoBackend {
+    external fun awgGetConfig(handle: Int): String?
+    external fun awgGetSocketV4(handle: Int): Int
+    external fun awgGetSocketV6(handle: Int): Int
+    external fun awgTurnOff(handle: Int)
+    external fun awgTurnOn(ifName: String, tunFd: Int, settings: String): Int
+    external fun awgVersion(): String
+}

client/android/wireguard/src/main/kotlin/org/amnezia/vpn/protocol/wireguard/Wireguard.kt

@@ -3,8 +3,8 @@ package org.amnezia.vpn.protocol.wireguard
 import android.content.Context
 import android.net.VpnService.Builder
 import java.util.TreeMap
-import com.wireguard.android.backend.GoBackend
 import kotlinx.coroutines.flow.MutableStateFlow
+import org.amnezia.awg.GoBackend
 import org.amnezia.vpn.protocol.Protocol
 import org.amnezia.vpn.protocol.ProtocolState
 import org.amnezia.vpn.protocol.ProtocolState.CONNECTED
@@ -62,7 +62,7 @@ open class Wireguard : Protocol() {
     override val statistics: Statistics
         get() {
             if (tunnelHandle == -1) return Statistics.EMPTY_STATISTICS
-            val config = GoBackend.wgGetConfig(tunnelHandle) ?: return Statistics.EMPTY_STATISTICS
+            val config = GoBackend.awgGetConfig(tunnelHandle) ?: return Statistics.EMPTY_STATISTICS
             return Statistics.build {
                 var optsCount = 0
                 config.splitToSequence("\n").forEach { line ->
@@ -93,12 +93,13 @@ open class Wireguard : Protocol() {
         val configDataJson = config.getJSONObject("wireguard_config_data")
         val configData = parseConfigData(configDataJson.getString("config"))
         return WireguardConfig.build {
-            configWireguard(configData)
+            configWireguard(configData, configDataJson)
             configSplitTunneling(config)
+            configAppSplitTunneling(config)
         }
     }
 
-    protected fun WireguardConfig.Builder.configWireguard(configData: Map<String, String>) {
+    protected fun WireguardConfig.Builder.configWireguard(configData: Map<String, String>, configDataJson: JSONObject) {
         configData["Address"]?.split(",")?.map { address ->
             InetNetwork.parse(address.trim())
         }?.forEach(::addAddress)
@@ -119,7 +120,14 @@ open class Wireguard : Protocol() {
         if (routes.any { it !in defRoutes }) disableSplitTunneling()
         addRoutes(routes)
 
-        configData["MTU"]?.let { setMtu(it.toInt()) }
+        configDataJson.optString("mtu").let { mtu ->
+            if (mtu.isNotEmpty()) {
+                setMtu(mtu.toInt())
+            } else {
+                configData["MTU"]?.let { setMtu(it.toInt()) }
+            }
+        }
+
         configData["Endpoint"]?.let { setEndpoint(InetEndpoint.parse(it)) }
         configData["PersistentKeepalive"]?.let { setPersistentKeepalive(it.toInt()) }
         configData["PrivateKey"]?.let { setPrivateKeyHex(it.base64ToHex()) }
@@ -150,8 +158,8 @@ open class Wireguard : Protocol() {
             if (tunFd == null) {
                 throw VpnStartException("Create VPN interface: permission not granted or revoked")
             }
-            Log.v(TAG, "Wg-go backend ${GoBackend.wgVersion()}")
-            tunnelHandle = GoBackend.wgTurnOn(ifName, tunFd.detachFd(), config.toWgUserspaceString())
+            Log.i(TAG, "awg-go backend ${GoBackend.awgVersion()}")
+            tunnelHandle = GoBackend.awgTurnOn(ifName, tunFd.detachFd(), config.toWgUserspaceString())
         }
 
         if (tunnelHandle < 0) {
@@ -159,8 +167,8 @@ open class Wireguard : Protocol() {
             throw VpnStartException("Wireguard tunnel creation error")
         }
 
-        if (!protect(GoBackend.wgGetSocketV4(tunnelHandle)) || !protect(GoBackend.wgGetSocketV6(tunnelHandle))) {
-            GoBackend.wgTurnOff(tunnelHandle)
+        if (!protect(GoBackend.awgGetSocketV4(tunnelHandle)) || !protect(GoBackend.awgGetSocketV6(tunnelHandle))) {
+            GoBackend.awgTurnOff(tunnelHandle)
             tunnelHandle = -1
             throw VpnStartException("Protect VPN interface: permission not granted or revoked")
         }
@@ -173,7 +181,7 @@ open class Wireguard : Protocol() {
         }
         val handleToClose = tunnelHandle
         tunnelHandle = -1
-        GoBackend.wgTurnOff(handleToClose)
+        GoBackend.awgTurnOff(handleToClose)
         state.value = DISCONNECTED
     }
 

client/android/wireguard/src/main/kotlin/org/amnezia/vpn/protocol/wireguard/WireguardConfig.kt

@@ -37,8 +37,8 @@ open class WireguardConfig protected constructor(
 
     open fun appendPeerLine(sb: StringBuilder) = with(sb) {
         appendLine("public_key=$publicKeyHex")
-        routes.forEach { route ->
-            appendLine("allowed_ip=$route")
+        routes.filter { it.include }.forEach { route ->
+            appendLine("allowed_ip=${route.inetNetwork}")
         }
         appendLine("endpoint=$endpoint")
         if (persistentKeepalive != 0)

client/cmake/android.cmake

@@ -20,38 +20,35 @@ set(QT_ANDROID_MULTI_ABI_FORWARD_VARS "QT_NO_GLOBAL_APK_TARGET_PART_OF_ALL;CMAKE
 
 # We need to include qtprivate api's
 # As QAndroidBinder is not yet implemented with a public api
-set(LIBS ${LIBS} Qt6::CorePrivate)
+set(LIBS ${LIBS} Qt6::CorePrivate -ljnigraphics)
 
 link_directories(${CMAKE_CURRENT_SOURCE_DIR}/platforms/android)
 
 set(HEADERS ${HEADERS}
     ${CMAKE_CURRENT_SOURCE_DIR}/platforms/android/android_controller.h
-    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/android/android_notificationhandler.h
     ${CMAKE_CURRENT_SOURCE_DIR}/platforms/android/android_utils.h
     ${CMAKE_CURRENT_SOURCE_DIR}/platforms/android/authResultReceiver.h
     ${CMAKE_CURRENT_SOURCE_DIR}/protocols/android_vpnprotocol.h
+    ${CMAKE_CURRENT_SOURCE_DIR}/core/installedAppsImageProvider.h
 )
 
 set(SOURCES ${SOURCES}
     ${CMAKE_CURRENT_SOURCE_DIR}/platforms/android/android_controller.cpp
-    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/android/android_notificationhandler.cpp
     ${CMAKE_CURRENT_SOURCE_DIR}/platforms/android/android_utils.cpp
     ${CMAKE_CURRENT_SOURCE_DIR}/platforms/android/authResultReceiver.cpp
     ${CMAKE_CURRENT_SOURCE_DIR}/protocols/android_vpnprotocol.cpp
+    ${CMAKE_CURRENT_SOURCE_DIR}/core/installedAppsImageProvider.cpp
 )
 
 foreach(abi IN ITEMS ${QT_ANDROID_ABIS})
     set_property(TARGET ${PROJECT} PROPERTY QT_ANDROID_EXTRA_LIBS
-        ${CMAKE_CURRENT_SOURCE_DIR}/3rd-prebuilt/3rd-prebuilt/wireguard/android/${abi}/libwg.so
-        ${CMAKE_CURRENT_SOURCE_DIR}/3rd-prebuilt/3rd-prebuilt/wireguard/android/${abi}/libwg-go.so
-        ${CMAKE_CURRENT_SOURCE_DIR}/3rd-prebuilt/3rd-prebuilt/wireguard/android/${abi}/libwg-quick.so
-        ${CMAKE_CURRENT_SOURCE_DIR}/3rd-prebuilt/3rd-prebuilt/shadowsocks/android/${abi}/libredsocks.so
-        ${CMAKE_CURRENT_SOURCE_DIR}/3rd-prebuilt/3rd-prebuilt/shadowsocks/android/${abi}/libsslocal.so
-        ${CMAKE_CURRENT_SOURCE_DIR}/3rd-prebuilt/3rd-prebuilt/shadowsocks/android/${abi}/libtun2socks.so
+        ${CMAKE_CURRENT_SOURCE_DIR}/3rd-prebuilt/3rd-prebuilt/amneziawg/android/${abi}/libwg-go.so
         ${CMAKE_CURRENT_SOURCE_DIR}/3rd-prebuilt/3rd-prebuilt/openvpn/android/${abi}/libck-ovpn-plugin.so
         ${CMAKE_CURRENT_SOURCE_DIR}/3rd-prebuilt/3rd-prebuilt/openvpn/android/${abi}/libovpn3.so
         ${CMAKE_CURRENT_SOURCE_DIR}/3rd-prebuilt/3rd-prebuilt/openvpn/android/${abi}/libovpnutil.so
         ${CMAKE_CURRENT_SOURCE_DIR}/3rd-prebuilt/3rd-prebuilt/openvpn/android/${abi}/librsapss.so
+        ${CMAKE_CURRENT_SOURCE_DIR}/3rd-prebuilt/3rd-prebuilt/openssl/android/${abi}/libcrypto_3.so
+        ${CMAKE_CURRENT_SOURCE_DIR}/3rd-prebuilt/3rd-prebuilt/openssl/android/${abi}/libssl_3.so
         ${CMAKE_CURRENT_SOURCE_DIR}/3rd-prebuilt/3rd-prebuilt/libssh/android/${abi}/libssh.so
     )
 endforeach()

client/cmake/ios.cmake

@@ -46,7 +46,6 @@ set(SOURCES ${SOURCES}
     ${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/iosglue.mm
     ${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/QRCodeReaderBase.mm
     ${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/QtAppDelegate.mm
-    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/ios/MobileUtils.mm
 )
 
 
@@ -107,16 +106,20 @@ target_sources(${PROJECT} PRIVATE
     ${CLIENT_ROOT_DIR}/platforms/ios/LogController.swift
     ${CLIENT_ROOT_DIR}/platforms/ios/Log.swift
     ${CLIENT_ROOT_DIR}/platforms/ios/LogRecord.swift
+    ${CLIENT_ROOT_DIR}/platforms/ios/ScreenProtection.swift
+    ${CLIENT_ROOT_DIR}/platforms/ios/VPNCController.swift
 )
 
 target_sources(${PROJECT} PRIVATE
     ${CMAKE_CURRENT_SOURCE_DIR}/ios/app/AmneziaVPNLaunchScreen.storyboard
     ${CMAKE_CURRENT_SOURCE_DIR}/ios/app/Media.xcassets
+    ${CMAKE_CURRENT_SOURCE_DIR}/ios/app/PrivacyInfo.xcprivacy
 )
 
 set_property(TARGET ${PROJECT} APPEND PROPERTY RESOURCE
     ${CMAKE_CURRENT_SOURCE_DIR}/ios/app/AmneziaVPNLaunchScreen.storyboard
     ${CMAKE_CURRENT_SOURCE_DIR}/ios/app/Media.xcassets
+    ${CMAKE_CURRENT_SOURCE_DIR}/ios/app/PrivacyInfo.xcprivacy
 )
 
 add_subdirectory(ios/networkextension)

client/configurators/awg_configurator.cpp

@@ -3,17 +3,15 @@
 #include <QJsonDocument>
 #include <QJsonObject>
 
-#include "core/controllers/serverController.h"
-
-AwgConfigurator::AwgConfigurator(std::shared_ptr<Settings> settings, QObject *parent)
-    : WireguardConfigurator(settings, true, parent)
+AwgConfigurator::AwgConfigurator(std::shared_ptr<Settings> settings, const QSharedPointer<ServerController> &serverController, QObject *parent)
+    : WireguardConfigurator(settings, serverController, true, parent)
 {
 }
 
-QString AwgConfigurator::genAwgConfig(const ServerCredentials &credentials, DockerContainer container,
-                                      const QJsonObject &containerConfig, QString &clientId, ErrorCode *errorCode)
+QString AwgConfigurator::createConfig(const ServerCredentials &credentials, DockerContainer container, const QJsonObject &containerConfig,
+                                      ErrorCode &errorCode)
 {
-    QString config = WireguardConfigurator::genWireguardConfig(credentials, container, containerConfig, clientId, errorCode);
+    QString config = WireguardConfigurator::createConfig(credentials, container, containerConfig, errorCode);
 
     QJsonObject jsonConfig = QJsonDocument::fromJson(config.toUtf8()).object();
     QString awgConfig = jsonConfig.value(config_key::config).toString();
@@ -41,6 +39,8 @@ QString AwgConfigurator::genAwgConfig(const ServerCredentials &credentials, Dock
     jsonConfig[config_key::responsePacketMagicHeader] = configMap.value(config_key::responsePacketMagicHeader);
     jsonConfig[config_key::underloadPacketMagicHeader] = configMap.value(config_key::underloadPacketMagicHeader);
     jsonConfig[config_key::transportPacketMagicHeader] = configMap.value(config_key::transportPacketMagicHeader);
+    jsonConfig[config_key::mtu] =
+            containerConfig.value(ProtocolProps::protoToString(Proto::Awg)).toObject().value(config_key::mtu).toString(protocols::awg::defaultMtu);
 
     return QJsonDocument(jsonConfig).toJson();
 }

client/configurators/awg_configurator.h

@@ -9,10 +9,10 @@ class AwgConfigurator : public WireguardConfigurator
 {
     Q_OBJECT
 public:
-    AwgConfigurator(std::shared_ptr<Settings> settings, QObject *parent = nullptr);
+    AwgConfigurator(std::shared_ptr<Settings> settings, const QSharedPointer<ServerController> &serverController, QObject *parent = nullptr);
 
-    QString genAwgConfig(const ServerCredentials &credentials, DockerContainer container,
-                         const QJsonObject &containerConfig, QString &clientId, ErrorCode *errorCode = nullptr);
+    QString createConfig(const ServerCredentials &credentials, DockerContainer container,
+                         const QJsonObject &containerConfig, ErrorCode &errorCode);
 };
 
 #endif // AWGCONFIGURATOR_H

client/configurators/cloak_configurator.cpp

@@ -1,34 +1,33 @@
 #include "cloak_configurator.h"
 
 #include <QFile>
-#include <QJsonObject>
 #include <QJsonDocument>
+#include <QJsonObject>
 
-#include "core/controllers/serverController.h"
 #include "containers/containers_defs.h"
+#include "core/controllers/serverController.h"
 
-CloakConfigurator::CloakConfigurator(std::shared_ptr<Settings> settings, QObject *parent):
-    ConfiguratorBase(settings, parent)
+CloakConfigurator::CloakConfigurator(std::shared_ptr<Settings> settings, const QSharedPointer<ServerController> &serverController, QObject *parent)
+    : ConfiguratorBase(settings, serverController, parent)
 {
-
 }
 
-QString CloakConfigurator::genCloakConfig(const ServerCredentials &credentials,
-    DockerContainer container, const QJsonObject &containerConfig, ErrorCode *errorCode)
+QString CloakConfigurator::createConfig(const ServerCredentials &credentials, DockerContainer container, const QJsonObject &containerConfig,
+                                        ErrorCode &errorCode)
 {
-    ErrorCode e = ErrorCode::NoError;
-    ServerController serverController(m_settings);
-
-    QString cloakPublicKey = serverController.getTextFileFromContainer(container, credentials,
-        amnezia::protocols::cloak::ckPublicKeyPath, &e);
+    QString cloakPublicKey =
+            m_serverController->getTextFileFromContainer(container, credentials, amnezia::protocols::cloak::ckPublicKeyPath, errorCode);
     cloakPublicKey.replace("\n", "");
 
-    QString cloakBypassUid = serverController.getTextFileFromContainer(container, credentials,
-        amnezia::protocols::cloak::ckBypassUidKeyPath, &e);
+    if (errorCode != ErrorCode::NoError) {
+        return "";
+    }
+
+    QString cloakBypassUid =
+            m_serverController->getTextFileFromContainer(container, credentials, amnezia::protocols::cloak::ckBypassUidKeyPath, errorCode);
     cloakBypassUid.replace("\n", "");
 
-    if (e) {
-        if (errorCode) *errorCode = e;
+    if (errorCode != ErrorCode::NoError) {
         return "";
     }
 
@@ -45,9 +44,8 @@ QString CloakConfigurator::genCloakConfig(const ServerCredentials &credentials,
     config.insert("RemoteHost", credentials.hostName);
     config.insert("RemotePort", "$CLOAK_SERVER_PORT");
 
-    QString textCfg = serverController.replaceVars(QJsonDocument(config).toJson(),
-                                                   serverController.genVarsForScript(credentials, container, containerConfig));
+    QString textCfg = m_serverController->replaceVars(QJsonDocument(config).toJson(),
+                                                      m_serverController->genVarsForScript(credentials, container, containerConfig));
 
-    // qDebug().noquote() << textCfg;
     return textCfg;
 }

client/configurators/cloak_configurator.h

@@ -7,14 +7,14 @@
 
 using namespace amnezia;
 
-class CloakConfigurator : ConfiguratorBase
+class CloakConfigurator : public ConfiguratorBase
 {
     Q_OBJECT
 public:
-    CloakConfigurator(std::shared_ptr<Settings> settings, QObject *parent = nullptr);
+    CloakConfigurator(std::shared_ptr<Settings> settings, const QSharedPointer<ServerController> &serverController, QObject *parent = nullptr);
 
-    QString genCloakConfig(const ServerCredentials &credentials, DockerContainer container,
-        const QJsonObject &containerConfig, ErrorCode *errorCode = nullptr);
+    QString createConfig(const ServerCredentials &credentials, DockerContainer container,
+                         const QJsonObject &containerConfig, ErrorCode &errorCode);
 };
 
 #endif // CLOAK_CONFIGURATOR_H

client/configurators/configurator_base.cpp

@@ -1,8 +1,26 @@
 #include "configurator_base.h"
 
-ConfiguratorBase::ConfiguratorBase(std::shared_ptr<Settings> settings, QObject *parent)
-    : QObject{parent},
-      m_settings(settings)
+ConfiguratorBase::ConfiguratorBase(std::shared_ptr<Settings> settings, const QSharedPointer<ServerController> &serverController, QObject *parent)
+    : QObject { parent }, m_settings(settings), m_serverController(serverController)
 {
-
+}
+
+QString ConfiguratorBase::processConfigWithLocalSettings(const QPair<QString, QString> &dns, const bool isApiConfig,
+                                                         QString &protocolConfigString)
+{
+    processConfigWithDnsSettings(dns, protocolConfigString);
+    return protocolConfigString;
+}
+
+QString ConfiguratorBase::processConfigWithExportSettings(const QPair<QString, QString> &dns, const bool isApiConfig,
+                                                          QString &protocolConfigString)
+{
+    processConfigWithDnsSettings(dns, protocolConfigString);
+    return protocolConfigString;
+}
+
+void ConfiguratorBase::processConfigWithDnsSettings(const QPair<QString, QString> &dns, QString &protocolConfigString)
+{
+    protocolConfigString.replace("$PRIMARY_DNS", dns.first);
+    protocolConfigString.replace("$SECONDARY_DNS", dns.second);
 }

client/configurators/configurator_base.h

@@ -3,19 +3,31 @@
 
 #include <QObject>
 
-class Settings;
-
 #include "containers/containers_defs.h"
 #include "core/defs.h"
+#include "core/controllers/serverController.h"
+#include "settings.h"
 
 class ConfiguratorBase : public QObject
 {
     Q_OBJECT
 public:
-    explicit ConfiguratorBase(std::shared_ptr<Settings> settings, QObject *parent = nullptr);
+    explicit ConfiguratorBase(std::shared_ptr<Settings> settings, const QSharedPointer<ServerController> &serverController, QObject *parent = nullptr);
+
+    virtual QString createConfig(const ServerCredentials &credentials, DockerContainer container,
+                                 const QJsonObject &containerConfig, ErrorCode &errorCode) = 0;
+
+    virtual QString processConfigWithLocalSettings(const QPair<QString, QString> &dns, const bool isApiConfig,
+                                                   QString &protocolConfigString);
+    virtual QString processConfigWithExportSettings(const QPair<QString, QString> &dns, const bool isApiConfig,
+                                                    QString &protocolConfigString);
 
 protected:
+    void processConfigWithDnsSettings(const QPair<QString, QString> &dns, QString &protocolConfigString);
+
     std::shared_ptr<Settings> m_settings;
+    QSharedPointer<ServerController> m_serverController;
+
 };
 
 #endif // CONFIGURATORBASE_H

client/configurators/ikev2_configurator.cpp

@@ -9,18 +9,18 @@
 #include <QUuid>
 
 #include "containers/containers_defs.h"
+#include "core/controllers/serverController.h"
 #include "core/scripts_registry.h"
 #include "core/server_defs.h"
-#include "core/controllers/serverController.h"
 #include "utilities.h"
 
-Ikev2Configurator::Ikev2Configurator(std::shared_ptr<Settings> settings, QObject *parent)
-    : ConfiguratorBase(settings, parent)
+Ikev2Configurator::Ikev2Configurator(std::shared_ptr<Settings> settings, const QSharedPointer<ServerController> &serverController, QObject *parent)
+    : ConfiguratorBase(settings, serverController, parent)
 {
 }
 
-Ikev2Configurator::ConnectionData Ikev2Configurator::prepareIkev2Config(const ServerCredentials &credentials,
-                                                                        DockerContainer container, ErrorCode *errorCode)
+Ikev2Configurator::ConnectionData Ikev2Configurator::prepareIkev2Config(const ServerCredentials &credentials, DockerContainer container,
+                                                                        ErrorCode &errorCode)
 {
     Ikev2Configurator::ConnectionData connData;
     connData.host = credentials.hostName;
@@ -39,18 +39,14 @@ Ikev2Configurator::ConnectionData Ikev2Configurator::prepareIkev2Config(const Se
                                        "--extKeyUsage serverAuth,clientAuth -8 \"%1\"")
                                        .arg(connData.clientId);
 
-    ServerController serverController(m_settings);
-    ErrorCode e = serverController.runContainerScript(credentials, container, scriptCreateCert);
+    errorCode = m_serverController->runContainerScript(credentials, container, scriptCreateCert);
 
-    QString scriptExportCert = QString("pk12util -W \"%1\" -d sql:/etc/ipsec.d -n \"%2\" -o \"%3\"")
-                                       .arg(connData.password)
-                                       .arg(connData.clientId)
-                                       .arg(certFileName);
-    e = serverController.runContainerScript(credentials, container, scriptExportCert);
+    QString scriptExportCert =
+            QString("pk12util -W \"%1\" -d sql:/etc/ipsec.d -n \"%2\" -o \"%3\"").arg(connData.password).arg(connData.clientId).arg(certFileName);
+    errorCode = m_serverController->runContainerScript(credentials, container, scriptExportCert);
 
-    connData.clientCert = serverController.getTextFileFromContainer(container, credentials, certFileName, &e);
-    connData.caCert =
-            serverController.getTextFileFromContainer(container, credentials, "/etc/ipsec.d/ca_cert_base64.p12", &e);
+    connData.clientCert = m_serverController->getTextFileFromContainer(container, credentials, certFileName, errorCode);
+    connData.caCert = m_serverController->getTextFileFromContainer(container, credentials, "/etc/ipsec.d/ca_cert_base64.p12", errorCode);
 
     qDebug() << "Ikev2Configurator::ConnectionData client cert size:" << connData.clientCert.size();
     qDebug() << "Ikev2Configurator::ConnectionData ca cert size:" << connData.caCert.size();
@@ -58,13 +54,13 @@ Ikev2Configurator::ConnectionData Ikev2Configurator::prepareIkev2Config(const Se
     return connData;
 }
 
-QString Ikev2Configurator::genIkev2Config(const ServerCredentials &credentials, DockerContainer container,
-                                          const QJsonObject &containerConfig, ErrorCode *errorCode)
+QString Ikev2Configurator::createConfig(const ServerCredentials &credentials, DockerContainer container, const QJsonObject &containerConfig,
+                                        ErrorCode &errorCode)
 {
     Q_UNUSED(containerConfig)
 
     ConnectionData connData = prepareIkev2Config(credentials, container, errorCode);
-    if (errorCode && *errorCode) {
+    if (errorCode != ErrorCode::NoError) {
         return "";
     }
 

client/configurators/ikev2_configurator.h

@@ -7,11 +7,11 @@
 #include "configurator_base.h"
 #include "core/defs.h"
 
-class Ikev2Configurator : ConfiguratorBase
+class Ikev2Configurator : public ConfiguratorBase
 {
     Q_OBJECT
 public:
-    Ikev2Configurator(std::shared_ptr<Settings> settings, QObject *parent = nullptr);
+    Ikev2Configurator(std::shared_ptr<Settings> settings, const QSharedPointer<ServerController> &serverController, QObject *parent = nullptr);
 
     struct ConnectionData {
         QByteArray clientCert; // p12 client cert
@@ -21,15 +21,15 @@ public:
         QString host; // host ip
     };
 
-    QString genIkev2Config(const ServerCredentials &credentials, DockerContainer container,
-        const QJsonObject &containerConfig, ErrorCode *errorCode = nullptr);
+    QString createConfig(const ServerCredentials &credentials, DockerContainer container,
+                         const QJsonObject &containerConfig, ErrorCode &errorCode);
 
     QString genIkev2Config(const ConnectionData &connData);
     QString genMobileConfig(const ConnectionData &connData);
     QString genStrongSwanConfig(const ConnectionData &connData);
 
     ConnectionData prepareIkev2Config(const ServerCredentials &credentials,
-        DockerContainer container, ErrorCode *errorCode = nullptr);
+        DockerContainer container, ErrorCode &errorCode);
 };
 
 #endif // IKEV2_CONFIGURATOR_H

client/configurators/openvpn_configurator.cpp

@@ -14,9 +14,9 @@
 #endif
 
 #include "containers/containers_defs.h"
+#include "core/controllers/serverController.h"
 #include "core/scripts_registry.h"
 #include "core/server_defs.h"
-#include "core/controllers/serverController.h"
 #include "settings.h"
 #include "utilities.h"
 
@@ -24,74 +24,61 @@
 #include <openssl/rsa.h>
 #include <openssl/x509.h>
 
-OpenVpnConfigurator::OpenVpnConfigurator(std::shared_ptr<Settings> settings, QObject *parent)
-    : ConfiguratorBase(settings, parent)
+OpenVpnConfigurator::OpenVpnConfigurator(std::shared_ptr<Settings> settings, const QSharedPointer<ServerController> &serverController,
+                                         QObject *parent)
+    : ConfiguratorBase(settings, serverController, parent)
 {
 }
 
 OpenVpnConfigurator::ConnectionData OpenVpnConfigurator::prepareOpenVpnConfig(const ServerCredentials &credentials,
-                                                                              DockerContainer container,
-                                                                              ErrorCode *errorCode)
+                                                                              DockerContainer container, ErrorCode &errorCode)
 {
     OpenVpnConfigurator::ConnectionData connData = OpenVpnConfigurator::createCertRequest();
     connData.host = credentials.hostName;
 
     if (connData.privKey.isEmpty() || connData.request.isEmpty()) {
-        if (errorCode)
-            *errorCode = ErrorCode::OpenSslFailed;
+        errorCode = ErrorCode::OpenSslFailed;
         return connData;
     }
 
     QString reqFileName = QString("%1/%2.req").arg(amnezia::protocols::openvpn::clientsDirPath).arg(connData.clientId);
 
-    ServerController serverController(m_settings);
-    ErrorCode e = serverController.uploadTextFileToContainer(container, credentials, connData.request, reqFileName);
-    if (e) {
-        if (errorCode)
-            *errorCode = e;
+    errorCode = m_serverController->uploadTextFileToContainer(container, credentials, connData.request, reqFileName);
+    if (errorCode != ErrorCode::NoError) {
         return connData;
     }
 
-    e = signCert(container, credentials, connData.clientId);
-    if (e) {
-        if (errorCode)
-            *errorCode = e;
+    errorCode = signCert(container, credentials, connData.clientId);
+    if (errorCode != ErrorCode::NoError) {
         return connData;
     }
 
-    connData.caCert = serverController.getTextFileFromContainer(container, credentials,
-                                                                amnezia::protocols::openvpn::caCertPath, &e);
-    connData.clientCert = serverController.getTextFileFromContainer(
-            container, credentials,
-            QString("%1/%2.crt").arg(amnezia::protocols::openvpn::clientCertPath).arg(connData.clientId), &e);
+    connData.caCert =
+            m_serverController->getTextFileFromContainer(container, credentials, amnezia::protocols::openvpn::caCertPath, errorCode);
+    connData.clientCert = m_serverController->getTextFileFromContainer(
+            container, credentials, QString("%1/%2.crt").arg(amnezia::protocols::openvpn::clientCertPath).arg(connData.clientId), errorCode);
 
-    if (e) {
-        if (errorCode)
-            *errorCode = e;
+    if (errorCode != ErrorCode::NoError) {
         return connData;
     }
 
-    connData.taKey = serverController.getTextFileFromContainer(container, credentials,
-                                                               amnezia::protocols::openvpn::taKeyPath, &e);
+    connData.taKey = m_serverController->getTextFileFromContainer(container, credentials, amnezia::protocols::openvpn::taKeyPath, errorCode);
 
     if (connData.caCert.isEmpty() || connData.clientCert.isEmpty() || connData.taKey.isEmpty()) {
-        if (errorCode)
-            *errorCode = ErrorCode::SshSftpFailureError;
+        errorCode = ErrorCode::SshScpFailureError;
     }
 
     return connData;
 }
 
-QString OpenVpnConfigurator::genOpenVpnConfig(const ServerCredentials &credentials, DockerContainer container,
-                                              const QJsonObject &containerConfig, QString &clientId, ErrorCode *errorCode)
+QString OpenVpnConfigurator::createConfig(const ServerCredentials &credentials, DockerContainer container,
+                                          const QJsonObject &containerConfig, ErrorCode &errorCode)
 {
-    ServerController serverController(m_settings);
-    QString config =
-            serverController.replaceVars(amnezia::scriptData(ProtocolScriptType::openvpn_template, container),
-                                         serverController.genVarsForScript(credentials, container, containerConfig));
+    QString config = m_serverController->replaceVars(amnezia::scriptData(ProtocolScriptType::openvpn_template, container),
+                                                     m_serverController->genVarsForScript(credentials, container, containerConfig));
 
     ConnectionData connData = prepareOpenVpnConfig(credentials, container, errorCode);
-    if (errorCode && *errorCode) {
+    if (errorCode != ErrorCode::NoError) {
         return "";
     }
 
@@ -113,34 +100,35 @@ QString OpenVpnConfigurator::genOpenVpnConfig(const ServerCredentials &credentia
     QJsonObject jConfig;
     jConfig[config_key::config] = config;
 
-    clientId = connData.clientId;
+    jConfig[config_key::clientId] = connData.clientId;
 
     return QJsonDocument(jConfig).toJson();
 }
 
-QString OpenVpnConfigurator::processConfigWithLocalSettings(QString jsonConfig, const int serverIndex)
+QString OpenVpnConfigurator::processConfigWithLocalSettings(const QPair<QString, QString> &dns, const bool isApiConfig,
+                                                            QString &protocolConfigString)
 {
-    QJsonObject json = QJsonDocument::fromJson(jsonConfig.toUtf8()).object();
+    processConfigWithDnsSettings(dns, protocolConfigString);
+
+    QJsonObject json = QJsonDocument::fromJson(protocolConfigString.toUtf8()).object();
     QString config = json[config_key::config].toString();
 
-    if (!m_settings->server(serverIndex).value(config_key::configVersion).toInt()) {
+    if (!isApiConfig) {
         QRegularExpression regex("redirect-gateway.*");
         config.replace(regex, "");
-
-        if (m_settings->routeMode() == Settings::VpnAllSites) {
+        
+        if (!m_settings->isSitesSplitTunnelingEnabled()) {
             config.append("\nredirect-gateway def1 ipv6 bypass-dhcp\n");
             // Prevent ipv6 leak
             config.append("ifconfig-ipv6 fd15:53b6:dead::2/64  fd15:53b6:dead::1\n");
             config.append("block-ipv6\n");
-        }
-        if (m_settings->routeMode() == Settings::VpnOnlyForwardSites) {
+        } else if (m_settings->routeMode() == Settings::VpnOnlyForwardSites) {
 
             // no redirect-gateway
-        }
-        if (m_settings->routeMode() == Settings::VpnAllExceptSites) {
-    #ifndef Q_OS_ANDROID
+        } else if (m_settings->routeMode() == Settings::VpnAllExceptSites) {
+#ifndef Q_OS_ANDROID
             config.append("\nredirect-gateway ipv6 !ipv4 bypass-dhcp\n");
-    #endif
+#endif
             // Prevent ipv6 leak
             config.append("ifconfig-ipv6 fd15:53b6:dead::2/64  fd15:53b6:dead::1\n");
             config.append("block-ipv6\n");
@@ -164,9 +152,12 @@ QString OpenVpnConfigurator::processConfigWithLocalSettings(QString jsonConfig,
     return QJsonDocument(json).toJson();
 }
 
-QString OpenVpnConfigurator::processConfigWithExportSettings(QString jsonConfig)
+QString OpenVpnConfigurator::processConfigWithExportSettings(const QPair<QString, QString> &dns, const bool isApiConfig,
+                                                             QString &protocolConfigString)
 {
-    QJsonObject json = QJsonDocument::fromJson(jsonConfig.toUtf8()).object();
+    processConfigWithDnsSettings(dns, protocolConfigString);
+
+    QJsonObject json = QJsonDocument::fromJson(protocolConfigString.toUtf8()).object();
     QString config = json[config_key::config].toString();
 
     QRegularExpression regex("redirect-gateway.*");
@@ -198,12 +189,10 @@ ErrorCode OpenVpnConfigurator::signCert(DockerContainer container, const ServerC
                                   .arg(ContainerProps::containerToString(container))
                                   .arg(clientId);
 
-    ServerController serverController(m_settings);
     QStringList scriptList { script_import, script_sign };
-    QString script = serverController.replaceVars(scriptList.join("\n"),
-                                                  serverController.genVarsForScript(credentials, container));
+    QString script = m_serverController->replaceVars(scriptList.join("\n"), m_serverController->genVarsForScript(credentials, container));
 
-    return serverController.runScript(credentials, script);
+    return m_serverController->runScript(credentials, script);
 }
 
 OpenVpnConfigurator::ConnectionData OpenVpnConfigurator::createCertRequest()
@@ -237,8 +226,8 @@ OpenVpnConfigurator::ConnectionData OpenVpnConfigurator::createCertRequest()
 
     X509_NAME_add_entry_by_txt(x509_name, "C", MBSTRING_ASC, (unsigned char *)"ORG", -1, -1, 0);
     X509_NAME_add_entry_by_txt(x509_name, "O", MBSTRING_ASC, (unsigned char *)"", -1, -1, 0);
-    X509_NAME_add_entry_by_txt(x509_name, "CN", MBSTRING_ASC,
-                               reinterpret_cast<unsigned char const *>(clientIdUtf8.data()), clientIdUtf8.size(), -1, 0);
+    X509_NAME_add_entry_by_txt(x509_name, "CN", MBSTRING_ASC, reinterpret_cast<unsigned char const *>(clientIdUtf8.data()),
+                               clientIdUtf8.size(), -1, 0);
 
     // 4. set public key of x509 req
     ret = X509_REQ_set_pubkey(x509_req, pKey);

client/configurators/openvpn_configurator.h

@@ -7,37 +7,37 @@
 #include "configurator_base.h"
 #include "core/defs.h"
 
-class OpenVpnConfigurator : ConfiguratorBase
+class OpenVpnConfigurator : public ConfiguratorBase
 {
     Q_OBJECT
 public:
-    OpenVpnConfigurator(std::shared_ptr<Settings> settings, QObject *parent = nullptr);
+    OpenVpnConfigurator(std::shared_ptr<Settings> settings, const QSharedPointer<ServerController> &serverController, QObject *parent = nullptr);
 
-    struct ConnectionData {
+    struct ConnectionData
+    {
         QString clientId;
-        QString request; // certificate request
-        QString privKey; // client private key
+        QString request;    // certificate request
+        QString privKey;    // client private key
         QString clientCert; // client signed certificate
-        QString caCert; // server certificate
-        QString taKey; // tls-auth key
-        QString host; // host ip
+        QString caCert;     // server certificate
+        QString taKey;      // tls-auth key
+        QString host;       // host ip
     };
 
-    QString genOpenVpnConfig(const ServerCredentials &credentials, DockerContainer container,
-        const QJsonObject &containerConfig, QString &clientId, ErrorCode *errorCode = nullptr);
+    QString createConfig(const ServerCredentials &credentials, DockerContainer container,
+                         const QJsonObject &containerConfig, ErrorCode &errorCode);
 
-    QString processConfigWithLocalSettings(QString jsonConfig, const int serverIndex);
-    QString processConfigWithExportSettings(QString jsonConfig);
-
-    ErrorCode signCert(DockerContainer container,
-        const ServerCredentials &credentials, QString clientId);
+    QString processConfigWithLocalSettings(const QPair<QString, QString> &dns, const bool isApiConfig,
+                                           QString &protocolConfigString);
+    QString processConfigWithExportSettings(const QPair<QString, QString> &dns, const bool isApiConfig,
+                                            QString &protocolConfigString);
 
     static ConnectionData createCertRequest();
 
 private:
-    ConnectionData prepareOpenVpnConfig(const ServerCredentials &credentials,
-        DockerContainer container, ErrorCode *errorCode = nullptr);
-
+    ConnectionData prepareOpenVpnConfig(const ServerCredentials &credentials, DockerContainer container,
+                                        ErrorCode &errorCode);
+    ErrorCode signCert(DockerContainer container, const ServerCredentials &credentials, QString clientId);
 };
 
 #endif // OPENVPN_CONFIGURATOR_H

client/configurators/shadowsocks_configurator.cpp

@@ -1,30 +1,26 @@
 #include "shadowsocks_configurator.h"
 
 #include <QFile>
-#include <QJsonObject>
 #include <QJsonDocument>
+#include <QJsonObject>
 
 #include "containers/containers_defs.h"
 #include "core/controllers/serverController.h"
 
-ShadowSocksConfigurator::ShadowSocksConfigurator(std::shared_ptr<Settings> settings, QObject *parent):
-    ConfiguratorBase(settings, parent)
+ShadowSocksConfigurator::ShadowSocksConfigurator(std::shared_ptr<Settings> settings, const QSharedPointer<ServerController> &serverController,
+                                                 QObject *parent)
+    : ConfiguratorBase(settings, serverController, parent)
 {
-
 }
 
-QString ShadowSocksConfigurator::genShadowSocksConfig(const ServerCredentials &credentials,
-    DockerContainer container, const QJsonObject &containerConfig, ErrorCode *errorCode)
+QString ShadowSocksConfigurator::createConfig(const ServerCredentials &credentials, DockerContainer container,
+                                              const QJsonObject &containerConfig, ErrorCode &errorCode)
 {
-    ErrorCode e = ErrorCode::NoError;
-    ServerController serverController(m_settings);
-
-    QString ssKey = serverController.getTextFileFromContainer(container, credentials,
-                                                              amnezia::protocols::shadowsocks::ssKeyPath, &e);
+    QString ssKey =
+            m_serverController->getTextFileFromContainer(container, credentials, amnezia::protocols::shadowsocks::ssKeyPath, errorCode);
     ssKey.replace("\n", "");
 
-    if (e) {
-        if (errorCode) *errorCode = e;
+    if (errorCode != ErrorCode::NoError) {
         return "";
     }
 
@@ -36,10 +32,9 @@ QString ShadowSocksConfigurator::genShadowSocksConfig(const ServerCredentials &c
     config.insert("timeout", 60);
     config.insert("method", "$SHADOWSOCKS_CIPHER");
 
+    QString textCfg = m_serverController->replaceVars(QJsonDocument(config).toJson(),
+                                                      m_serverController->genVarsForScript(credentials, container, containerConfig));
 
-    QString textCfg = serverController.replaceVars(QJsonDocument(config).toJson(),
-                                                   serverController.genVarsForScript(credentials, container, containerConfig));
-
-    //qDebug().noquote() << textCfg;
+    // qDebug().noquote() << textCfg;
     return textCfg;
 }

client/configurators/shadowsocks_configurator.h

@@ -6,14 +6,14 @@
 #include "configurator_base.h"
 #include "core/defs.h"
 
-class ShadowSocksConfigurator : ConfiguratorBase
+class ShadowSocksConfigurator : public ConfiguratorBase
 {
     Q_OBJECT
 public:
-    ShadowSocksConfigurator(std::shared_ptr<Settings> settings, QObject *parent = nullptr);
+    ShadowSocksConfigurator(std::shared_ptr<Settings> settings, const QSharedPointer<ServerController> &serverController, QObject *parent = nullptr);
 
-    QString genShadowSocksConfig(const ServerCredentials &credentials, DockerContainer container,
-        const QJsonObject &containerConfig, ErrorCode *errorCode = nullptr);
+    QString createConfig(const ServerCredentials &credentials, DockerContainer container,
+                         const QJsonObject &containerConfig, ErrorCode &errorCode);
 };
 
 #endif // SHADOWSOCKS_CONFIGURATOR_H

client/configurators/ssh_configurator.cpp

@@ -17,8 +17,8 @@
 #include "core/server_defs.h"
 #include "utilities.h"
 
-SshConfigurator::SshConfigurator(std::shared_ptr<Settings> settings, QObject *parent)
-    : ConfiguratorBase(settings, parent)
+SshConfigurator::SshConfigurator(std::shared_ptr<Settings> settings, const QSharedPointer<ServerController> &serverController, QObject *parent)
+    : ConfiguratorBase(settings, serverController, parent)
 {
 }
 
@@ -82,8 +82,7 @@ void SshConfigurator::openSshTerminal(const ServerCredentials &credentials)
         //        p->setNativeArguments(QString("%1@%2")
         //            .arg(credentials.userName).arg(credentials.hostName).arg(credentials.secretData));
     } else {
-        p->setNativeArguments(
-                QString("%1@%2 -pw %3").arg(credentials.userName).arg(credentials.hostName).arg(credentials.secretData));
+        p->setNativeArguments(QString("%1@%2 -pw %3").arg(credentials.userName).arg(credentials.hostName).arg(credentials.secretData));
     }
     #else
     p->setProgram("/bin/bash");

client/configurators/ssh_configurator.h

@@ -11,7 +11,7 @@ class SshConfigurator : ConfiguratorBase
 {
     Q_OBJECT
 public:
-    SshConfigurator(std::shared_ptr<Settings> settings, QObject *parent = nullptr);
+    SshConfigurator(std::shared_ptr<Settings> settings, const QSharedPointer<ServerController> &serverController, QObject *parent = nullptr);
 
     QProcessEnvironment prepareEnv();
     QString convertOpenSShKey(const QString &key);

client/configurators/vpn_configurator.cpp

@@ -1,127 +0,0 @@
-#include "vpn_configurator.h"
-#include "cloak_configurator.h"
-#include "ikev2_configurator.h"
-#include "openvpn_configurator.h"
-#include "shadowsocks_configurator.h"
-#include "ssh_configurator.h"
-#include "wireguard_configurator.h"
-#include "awg_configurator.h"
-
-#include <QFile>
-#include <QJsonDocument>
-#include <QJsonObject>
-
-#include "containers/containers_defs.h"
-#include "settings.h"
-#include "utilities.h"
-
-VpnConfigurator::VpnConfigurator(std::shared_ptr<Settings> settings, QObject *parent)
-    : ConfiguratorBase(settings, parent)
-{
-    openVpnConfigurator = std::shared_ptr<OpenVpnConfigurator>(new OpenVpnConfigurator(settings, this));
-    shadowSocksConfigurator = std::shared_ptr<ShadowSocksConfigurator>(new ShadowSocksConfigurator(settings, this));
-    cloakConfigurator = std::shared_ptr<CloakConfigurator>(new CloakConfigurator(settings, this));
-    wireguardConfigurator = std::shared_ptr<WireguardConfigurator>(new WireguardConfigurator(settings, false, this));
-    ikev2Configurator = std::shared_ptr<Ikev2Configurator>(new Ikev2Configurator(settings, this));
-    sshConfigurator = std::shared_ptr<SshConfigurator>(new SshConfigurator(settings, this));
-    awgConfigurator = std::shared_ptr<AwgConfigurator>(new AwgConfigurator(settings, this));
-}
-
-QString VpnConfigurator::genVpnProtocolConfig(const ServerCredentials &credentials, DockerContainer container,
-                                              const QJsonObject &containerConfig, Proto proto, QString &clientId, ErrorCode *errorCode)
-{
-    switch (proto) {
-    case Proto::OpenVpn:
-        return openVpnConfigurator->genOpenVpnConfig(credentials, container, containerConfig, clientId, errorCode);
-
-    case Proto::ShadowSocks:
-        return shadowSocksConfigurator->genShadowSocksConfig(credentials, container, containerConfig, errorCode);
-
-    case Proto::Cloak: return cloakConfigurator->genCloakConfig(credentials, container, containerConfig, errorCode);
-
-    case Proto::WireGuard:
-        return wireguardConfigurator->genWireguardConfig(credentials, container, containerConfig, clientId, errorCode);
-
-    case Proto::Awg:
-        return awgConfigurator->genAwgConfig(credentials, container, containerConfig, clientId, errorCode);
-
-    case Proto::Ikev2: return ikev2Configurator->genIkev2Config(credentials, container, containerConfig, errorCode);
-
-    default: return "";
-    }
-}
-
-QPair<QString, QString> VpnConfigurator::getDnsForConfig(int serverIndex)
-{
-    QPair<QString, QString> dns;
-
-    bool useAmneziaDns = m_settings->useAmneziaDns();
-    const QJsonObject &server = m_settings->server(serverIndex);
-
-    dns.first = server.value(config_key::dns1).toString();
-    dns.second = server.value(config_key::dns2).toString();
-
-    if (dns.first.isEmpty() || !Utils::checkIPv4Format(dns.first)) {
-        if (useAmneziaDns && m_settings->containers(serverIndex).contains(DockerContainer::Dns)) {
-            dns.first = protocols::dns::amneziaDnsIp;
-        } else
-            dns.first = m_settings->primaryDns();
-    }
-    if (dns.second.isEmpty() || !Utils::checkIPv4Format(dns.second)) {
-        dns.second = m_settings->secondaryDns();
-    }
-
-    qDebug() << "VpnConfigurator::getDnsForConfig" << dns.first << dns.second;
-    return dns;
-}
-
-QString &VpnConfigurator::processConfigWithDnsSettings(int serverIndex, DockerContainer container, Proto proto,
-                                                       QString &config)
-{
-    auto dns = getDnsForConfig(serverIndex);
-
-    config.replace("$PRIMARY_DNS", dns.first);
-    config.replace("$SECONDARY_DNS", dns.second);
-
-    return config;
-}
-
-QString &VpnConfigurator::processConfigWithLocalSettings(int serverIndex, DockerContainer container, Proto proto,
-                                                         QString &config)
-{
-    processConfigWithDnsSettings(serverIndex, container, proto, config);
-
-    if (proto == Proto::OpenVpn) {
-        config = openVpnConfigurator->processConfigWithLocalSettings(config, serverIndex);
-    }
-    return config;
-}
-
-QString &VpnConfigurator::processConfigWithExportSettings(int serverIndex, DockerContainer container, Proto proto,
-                                                          QString &config)
-{
-    processConfigWithDnsSettings(serverIndex, container, proto, config);
-
-    if (proto == Proto::OpenVpn) {
-        config = openVpnConfigurator->processConfigWithExportSettings(config);
-    }
-    return config;
-}
-
-void VpnConfigurator::updateContainerConfigAfterInstallation(DockerContainer container, QJsonObject &containerConfig,
-                                                             const QString &stdOut)
-{
-    Proto mainProto = ContainerProps::defaultProtocol(container);
-
-    if (container == DockerContainer::TorWebSite) {
-        QJsonObject protocol = containerConfig.value(ProtocolProps::protoToString(mainProto)).toObject();
-
-        qDebug() << "amnezia-tor onions" << stdOut;
-
-        QString onion = stdOut;
-        onion.replace("\n", "");
-        protocol.insert(config_key::site, onion);
-
-        containerConfig.insert(ProtocolProps::protoToString(mainProto), protocol);
-    }
-}

client/configurators/vpn_configurator.h

@@ -1,52 +0,0 @@
-#ifndef VPN_CONFIGURATOR_H
-#define VPN_CONFIGURATOR_H
-
-#include <QObject>
-
-#include "configurator_base.h"
-#include "core/defs.h"
-
-class OpenVpnConfigurator;
-class ShadowSocksConfigurator;
-class CloakConfigurator;
-class WireguardConfigurator;
-class Ikev2Configurator;
-class SshConfigurator;
-class AwgConfigurator;
-
-// Retrieve connection settings from server
-class VpnConfigurator : public ConfiguratorBase
-{
-    Q_OBJECT
-public:
-    explicit VpnConfigurator(std::shared_ptr<Settings> settings, QObject *parent = nullptr);
-
-    QString genVpnProtocolConfig(const ServerCredentials &credentials, DockerContainer container,
-                                 const QJsonObject &containerConfig, Proto proto, QString &clientId,
-                                 ErrorCode *errorCode = nullptr);
-
-    QPair<QString, QString> getDnsForConfig(int serverIndex);
-    QString &processConfigWithDnsSettings(int serverIndex, DockerContainer container, Proto proto, QString &config);
-
-    QString &processConfigWithLocalSettings(int serverIndex, DockerContainer container, Proto proto, QString &config);
-    QString &processConfigWithExportSettings(int serverIndex, DockerContainer container, Proto proto, QString &config);
-
-    // workaround for containers which is not support normal configuration
-    void updateContainerConfigAfterInstallation(DockerContainer container, QJsonObject &containerConfig,
-                                                const QString &stdOut);
-
-    std::shared_ptr<OpenVpnConfigurator> openVpnConfigurator;
-    std::shared_ptr<ShadowSocksConfigurator> shadowSocksConfigurator;
-    std::shared_ptr<CloakConfigurator> cloakConfigurator;
-    std::shared_ptr<WireguardConfigurator> wireguardConfigurator;
-    std::shared_ptr<Ikev2Configurator> ikev2Configurator;
-    std::shared_ptr<SshConfigurator> sshConfigurator;
-    std::shared_ptr<AwgConfigurator> awgConfigurator;
-
-signals:
-    void newVpnConfigCreated(const QString &clientId, const QString &clientName, const DockerContainer container,
-                             ServerCredentials credentials);
-    void clientModelUpdated();
-};
-
-#endif // VPN_CONFIGURATOR_H

client/configurators/wireguard_configurator.cpp

@@ -13,23 +13,20 @@
 #include <openssl/x509.h>
 
 #include "containers/containers_defs.h"
+#include "core/controllers/serverController.h"
 #include "core/scripts_registry.h"
 #include "core/server_defs.h"
-#include "core/controllers/serverController.h"
 #include "settings.h"
 #include "utilities.h"
 
-WireguardConfigurator::WireguardConfigurator(std::shared_ptr<Settings> settings, bool isAwg, QObject *parent)
-    : ConfiguratorBase(settings, parent), m_isAwg(isAwg)
+WireguardConfigurator::WireguardConfigurator(std::shared_ptr<Settings> settings, const QSharedPointer<ServerController> &serverController,
+                                             bool isAwg, QObject *parent)
+    : ConfiguratorBase(settings, serverController, parent), m_isAwg(isAwg)
 {
-    m_serverConfigPath = m_isAwg ? amnezia::protocols::awg::serverConfigPath
-                                              : amnezia::protocols::wireguard::serverConfigPath;
-    m_serverPublicKeyPath = m_isAwg ? amnezia::protocols::awg::serverPublicKeyPath
-                                                 : amnezia::protocols::wireguard::serverPublicKeyPath;
-    m_serverPskKeyPath = m_isAwg ? amnezia::protocols::awg::serverPskKeyPath
-                                              : amnezia::protocols::wireguard::serverPskKeyPath;
-    m_configTemplate = m_isAwg ? ProtocolScriptType::awg_template
-                                            : ProtocolScriptType::wireguard_template;
+    m_serverConfigPath = m_isAwg ? amnezia::protocols::awg::serverConfigPath : amnezia::protocols::wireguard::serverConfigPath;
+    m_serverPublicKeyPath = m_isAwg ? amnezia::protocols::awg::serverPublicKeyPath : amnezia::protocols::wireguard::serverPublicKeyPath;
+    m_serverPskKeyPath = m_isAwg ? amnezia::protocols::awg::serverPskKeyPath : amnezia::protocols::wireguard::serverPskKeyPath;
+    m_configTemplate = m_isAwg ? ProtocolScriptType::awg_template : ProtocolScriptType::wireguard_template;
 
     m_protocolName = m_isAwg ? config_key::awg : config_key::wireguard;
     m_defaultPort = m_isAwg ? protocols::wireguard::defaultPort : protocols::awg::defaultPort;
@@ -68,22 +65,17 @@ WireguardConfigurator::ConnectionData WireguardConfigurator::genClientKeys()
 
 WireguardConfigurator::ConnectionData WireguardConfigurator::prepareWireguardConfig(const ServerCredentials &credentials,
                                                                                     DockerContainer container,
-                                                                                    const QJsonObject &containerConfig,
-                                                                                    ErrorCode *errorCode)
+                                                                                    const QJsonObject &containerConfig, ErrorCode &errorCode)
 {
     WireguardConfigurator::ConnectionData connData = WireguardConfigurator::genClientKeys();
     connData.host = credentials.hostName;
     connData.port = containerConfig.value(m_protocolName).toObject().value(config_key::port).toString(m_defaultPort);
 
     if (connData.clientPrivKey.isEmpty() || connData.clientPubKey.isEmpty()) {
-        if (errorCode)
-            *errorCode = ErrorCode::InternalError;
+        errorCode = ErrorCode::InternalError;
         return connData;
     }
 
-    ErrorCode e = ErrorCode::NoError;
-    ServerController serverController(m_settings);
-
     // Get list of already created clients (only IP addresses)
     QString nextIpNumber;
     {
@@ -94,9 +86,8 @@ WireguardConfigurator::ConnectionData WireguardConfigurator::prepareWireguardCon
             return ErrorCode::NoError;
         };
 
-        e = serverController.runContainerScript(credentials, container, script, cbReadStdOut);
-        if (errorCode && e) {
-            *errorCode = e;
+        errorCode = m_serverController->runContainerScript(credentials, container, script, cbReadStdOut);
+        if (errorCode != ErrorCode::NoError) {
             return connData;
         }
 
@@ -110,21 +101,18 @@ WireguardConfigurator::ConnectionData WireguardConfigurator::prepareWireguardCon
         } else {
             int next = ips.last().split(".").last().toInt() + 1;
             if (next > 254) {
-                if (errorCode)
-                    *errorCode = ErrorCode::AddressPoolError;
+                errorCode = ErrorCode::AddressPoolError;
                 return connData;
             }
             nextIpNumber = QString::number(next);
         }
     }
 
-    QString subnetIp =
-            containerConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress);
+    QString subnetIp = containerConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress);
     {
         QStringList l = subnetIp.split(".", Qt::SkipEmptyParts);
         if (l.isEmpty()) {
-            if (errorCode)
-                *errorCode = ErrorCode::AddressPoolError;
+            errorCode = ErrorCode::AddressPoolError;
             return connData;
         }
         l.removeLast();
@@ -134,20 +122,16 @@ WireguardConfigurator::ConnectionData WireguardConfigurator::prepareWireguardCon
     }
 
     // Get keys
-    connData.serverPubKey = serverController.getTextFileFromContainer(container, credentials, m_serverPublicKeyPath, &e);
+    connData.serverPubKey = m_serverController->getTextFileFromContainer(container, credentials, m_serverPublicKeyPath, errorCode);
     connData.serverPubKey.replace("\n", "");
-    if (e) {
-        if (errorCode)
-            *errorCode = e;
+    if (errorCode != ErrorCode::NoError) {
         return connData;
     }
 
-    connData.pskKey = serverController.getTextFileFromContainer(container, credentials, m_serverPskKeyPath, &e);
+    connData.pskKey = m_serverController->getTextFileFromContainer(container, credentials, m_serverPskKeyPath, errorCode);
     connData.pskKey.replace("\n", "");
 
-    if (e) {
-        if (errorCode)
-            *errorCode = e;
+    if (errorCode != ErrorCode::NoError) {
         return connData;
     }
 
@@ -158,34 +142,30 @@ WireguardConfigurator::ConnectionData WireguardConfigurator::prepareWireguardCon
                                  "AllowedIPs = %3/32\n\n")
                                  .arg(connData.clientPubKey, connData.pskKey, connData.clientIP);
 
-    e = serverController.uploadTextFileToContainer(container, credentials, configPart, m_serverConfigPath,
-                                                   libssh::SftpOverwriteMode::SftpAppendToExisting);
+    errorCode = m_serverController->uploadTextFileToContainer(container, credentials, configPart, m_serverConfigPath,
+                                                              libssh::ScpOverwriteMode::ScpAppendToExisting);
 
-    if (e) {
-        if (errorCode)
-            *errorCode = e;
+    if (errorCode != ErrorCode::NoError) {
         return connData;
     }
 
-    QString script = QString("sudo docker exec -i $CONTAINER_NAME bash -c 'wg syncconf wg0 <(wg-quick strip %1)'")
-                             .arg(m_serverConfigPath);
+    QString script = QString("sudo docker exec -i $CONTAINER_NAME bash -c 'wg syncconf wg0 <(wg-quick strip %1)'").arg(m_serverConfigPath);
 
-    e = serverController.runScript(
-            credentials, serverController.replaceVars(script, serverController.genVarsForScript(credentials, container)));
+    errorCode = m_serverController->runScript(
+            credentials, m_serverController->replaceVars(script, m_serverController->genVarsForScript(credentials, container)));
 
     return connData;
 }
 
-QString WireguardConfigurator::genWireguardConfig(const ServerCredentials &credentials, DockerContainer container,
-                                                  const QJsonObject &containerConfig, QString &clientId, ErrorCode *errorCode)
+QString WireguardConfigurator::createConfig(const ServerCredentials &credentials, DockerContainer container,
+                                            const QJsonObject &containerConfig, ErrorCode &errorCode)
 {
-    ServerController serverController(m_settings);
     QString scriptData = amnezia::scriptData(m_configTemplate, container);
-    QString config = serverController.replaceVars(
-            scriptData, serverController.genVarsForScript(credentials, container, containerConfig));
+    QString config =
+            m_serverController->replaceVars(scriptData, m_serverController->genVarsForScript(credentials, container, containerConfig));
 
     ConnectionData connData = prepareWireguardConfig(credentials, container, containerConfig, errorCode);
-    if (errorCode && *errorCode) {
+    if (errorCode != ErrorCode::NoError) {
         return "";
     }
 
@@ -194,6 +174,7 @@ QString WireguardConfigurator::genWireguardConfig(const ServerCredentials &crede
     config.replace("$WIREGUARD_SERVER_PUBLIC_KEY", connData.serverPubKey);
     config.replace("$WIREGUARD_PSK", connData.pskKey);
 
+    const QJsonObject &wireguarConfig = containerConfig.value(ProtocolProps::protoToString(Proto::WireGuard)).toObject();
     QJsonObject jConfig;
     jConfig[config_key::config] = config;
 
@@ -204,28 +185,25 @@ QString WireguardConfigurator::genWireguardConfig(const ServerCredentials &crede
     jConfig[config_key::client_pub_key] = connData.clientPubKey;
     jConfig[config_key::psk_key] = connData.pskKey;
     jConfig[config_key::server_pub_key] = connData.serverPubKey;
+    jConfig[config_key::mtu] = wireguarConfig.value(config_key::mtu).toString(protocols::wireguard::defaultMtu);
 
-    clientId = connData.clientPubKey;
+    jConfig[config_key::clientId] = connData.clientPubKey;
 
     return QJsonDocument(jConfig).toJson();
 }
 
-QString WireguardConfigurator::processConfigWithLocalSettings(QString config)
+QString WireguardConfigurator::processConfigWithLocalSettings(const QPair<QString, QString> &dns, const bool isApiConfig,
+                                                              QString &protocolConfigString)
 {
-    // TODO replace DNS if it already set
-    config.replace("$PRIMARY_DNS", m_settings->primaryDns());
-    config.replace("$SECONDARY_DNS", m_settings->secondaryDns());
+    processConfigWithDnsSettings(dns, protocolConfigString);
 
-    QJsonObject jConfig;
-    jConfig[config_key::config] = config;
-
-    return QJsonDocument(jConfig).toJson();
+    return protocolConfigString;
 }
 
-QString WireguardConfigurator::processConfigWithExportSettings(QString config)
+QString WireguardConfigurator::processConfigWithExportSettings(const QPair<QString, QString> &dns, const bool isApiConfig,
+                                                               QString &protocolConfigString)
 {
-    config.replace("$PRIMARY_DNS", m_settings->primaryDns());
-    config.replace("$SECONDARY_DNS", m_settings->secondaryDns());
+    processConfigWithDnsSettings(dns, protocolConfigString);
 
-    return config;
+    return protocolConfigString;
 }

client/configurators/wireguard_configurator.h

@@ -12,7 +12,8 @@ class WireguardConfigurator : public ConfiguratorBase
 {
     Q_OBJECT
 public:
-    WireguardConfigurator(std::shared_ptr<Settings> settings, bool isAwg, QObject *parent = nullptr);
+    WireguardConfigurator(std::shared_ptr<Settings> settings, const QSharedPointer<ServerController> &serverController, bool isAwg,
+                          QObject *parent = nullptr);
 
     struct ConnectionData
     {
@@ -25,18 +26,18 @@ public:
         QString port;
     };
 
-    QString genWireguardConfig(const ServerCredentials &credentials, DockerContainer container,
-                               const QJsonObject &containerConfig, QString &clientId, ErrorCode *errorCode = nullptr);
+    QString createConfig(const ServerCredentials &credentials, DockerContainer container, const QJsonObject &containerConfig,
+                         ErrorCode &errorCode);
 
-    QString processConfigWithLocalSettings(QString config);
-    QString processConfigWithExportSettings(QString config);
+    QString processConfigWithLocalSettings(const QPair<QString, QString> &dns, const bool isApiConfig, QString &protocolConfigString);
+    QString processConfigWithExportSettings(const QPair<QString, QString> &dns, const bool isApiConfig, QString &protocolConfigString);
 
     static ConnectionData genClientKeys();
 
 private:
     ConnectionData prepareWireguardConfig(const ServerCredentials &credentials, DockerContainer container,
-                                          const QJsonObject &containerConfig, ErrorCode *errorCode = nullptr);
-    
+                                          const QJsonObject &containerConfig, ErrorCode &errorCode);
+
     bool m_isAwg;
     QString m_serverConfigPath;
     QString m_serverPublicKeyPath;

client/configurators/xray_configurator.cpp

@@ -0,0 +1,42 @@
+#include "xray_configurator.h"
+
+#include <QFile>
+#include <QJsonDocument>
+#include <QJsonObject>
+
+#include "containers/containers_defs.h"
+#include "core/controllers/serverController.h"
+#include "core/scripts_registry.h"
+
+XrayConfigurator::XrayConfigurator(std::shared_ptr<Settings> settings, const QSharedPointer<ServerController> &serverController, QObject *parent)
+    : ConfiguratorBase(settings, serverController, parent)
+{
+}
+
+QString XrayConfigurator::createConfig(const ServerCredentials &credentials, DockerContainer container, const QJsonObject &containerConfig,
+                                       ErrorCode &errorCode)
+{
+    QString config = m_serverController->replaceVars(amnezia::scriptData(ProtocolScriptType::xray_template, container),
+                                                     m_serverController->genVarsForScript(credentials, container, containerConfig));
+
+    QString xrayPublicKey =
+            m_serverController->getTextFileFromContainer(container, credentials, amnezia::protocols::xray::PublicKeyPath, errorCode);
+    xrayPublicKey.replace("\n", "");
+
+    QString xrayUuid = m_serverController->getTextFileFromContainer(container, credentials, amnezia::protocols::xray::uuidPath, errorCode);
+    xrayUuid.replace("\n", "");
+
+    QString xrayShortId =
+            m_serverController->getTextFileFromContainer(container, credentials, amnezia::protocols::xray::shortidPath, errorCode);
+    xrayShortId.replace("\n", "");
+
+    if (errorCode != ErrorCode::NoError) {
+        return "";
+    }
+
+    config.replace("$XRAY_CLIENT_ID", xrayUuid);
+    config.replace("$XRAY_PUBLIC_KEY", xrayPublicKey);
+    config.replace("$XRAY_SHORT_ID", xrayShortId);
+
+    return config;
+}

client/configurators/xray_configurator.h

@@ -0,0 +1,19 @@
+#ifndef XRAY_CONFIGURATOR_H
+#define XRAY_CONFIGURATOR_H
+
+#include <QObject>
+
+#include "configurator_base.h"
+#include "core/defs.h"
+
+class XrayConfigurator : public ConfiguratorBase
+{
+    Q_OBJECT
+public:
+    XrayConfigurator(std::shared_ptr<Settings> settings, const QSharedPointer<ServerController> &serverController, QObject *parent = nullptr);
+
+    QString createConfig(const ServerCredentials &credentials, DockerContainer container, const QJsonObject &containerConfig,
+                         ErrorCode &errorCode);
+};
+
+#endif // XRAY_CONFIGURATOR_H

client/containers/containers_defs.cpp

@@ -1,5 +1,8 @@
 #include "containers_defs.h"
 
+#include "QJsonObject"
+#include "QJsonDocument"
+
 QDebug operator<<(QDebug debug, const amnezia::DockerContainer &c)
 {
     QDebugStateSaver saver(debug);
@@ -58,6 +61,8 @@ QVector<amnezia::Proto> ContainerProps::protocolsForContainer(amnezia::DockerCon
 
     case DockerContainer::Ipsec: return { Proto::Ikev2 /*, Protocol::L2tp */ };
 
+    case DockerContainer::Xray: return { Proto::Xray };
+
     case DockerContainer::Dns: return { Proto::Dns };
 
     case DockerContainer::Sftp: return { Proto::Sftp };
@@ -85,6 +90,7 @@ QMap<DockerContainer, QString> ContainerProps::containerHumanNames()
              { DockerContainer::Cloak, "OpenVPN over Cloak" },
              { DockerContainer::WireGuard, "WireGuard" },
              { DockerContainer::Awg, "AmneziaWG" },
+             { DockerContainer::Xray, "XRay" },
              { DockerContainer::Ipsec, QObject::tr("IPsec") },
 
              { DockerContainer::TorWebSite, QObject::tr("Website in Tor network") },
@@ -111,6 +117,9 @@ QMap<DockerContainer, QString> ContainerProps::containerDescriptions()
                QObject::tr("AmneziaWG - Special protocol from Amnezia, based on WireGuard. It's fast like WireGuard, "
                            "but very resistant to blockages. "
                            "Recommended for regions with high levels of censorship.") },
+             { DockerContainer::Xray,
+               QObject::tr("XRay with REALITY - Suitable for countries with the highest level of internet censorship. "
+                           "Traffic masking as web traffic at the TLS level, and protection against detection by active probing methods.") },
              { DockerContainer::Ipsec,
                QObject::tr("IKEv2 -  Modern stable protocol, a bit faster than others, restores connection after "
                            "signal loss. It has native support on the latest versions of Android and iOS.") },
@@ -199,6 +208,17 @@ QMap<DockerContainer, QString> ContainerProps::containerDetailedDescriptions()
                       "* Minimum number of settings\n"
                       "* Not recognised by DPI analysis systems, resistant to blocking\n"
                       "* Works over UDP network protocol.") },
+        { DockerContainer::Xray,
+          QObject::tr("The REALITY protocol, a pioneering development by the creators of XRay, "
+                      "is specifically designed to counteract the highest levels of internet censorship through its novel approach to evasion.\n"
+                      "It uniquely identifies censors during the TLS handshake phase, seamlessly operating as a proxy for legitimate clients while diverting censors to genuine websites like google.com, "
+                      "thus presenting an authentic TLS certificate and data. \n"
+                      "This advanced capability differentiates REALITY from similar technologies by its ability to disguise web traffic as coming from random, "
+                      "legitimate sites without the need for specific configurations. \n"
+                      "Unlike older protocols such as VMess, VLESS, and the XTLS-Vision transport, "
+                      "REALITY's innovative \"friend or foe\" recognition at the TLS handshake enhances security and circumvents detection by sophisticated DPI systems employing active probing techniques. "
+                      "This makes REALITY a robust solution for maintaining internet freedom in environments with stringent censorship.")
+        },
         { DockerContainer::Ipsec,
           QObject::tr("IKEv2, paired with the IPSec encryption layer, stands as a modern and stable VPN protocol.\n"
                       "One of its distinguishing features is its ability to swiftly switch between networks and devices, "
@@ -213,7 +233,11 @@ QMap<DockerContainer, QString> ContainerProps::containerDetailedDescriptions()
 
         { DockerContainer::TorWebSite, QObject::tr("Website in Tor network") },
         { DockerContainer::Dns, QObject::tr("DNS Service") },
-        { DockerContainer::Sftp, QObject::tr("Sftp file sharing service - is secure FTP service") }
+        { DockerContainer::Sftp,
+          QObject::tr("After installation, Amnezia will create a\n\n file storage on your server. "
+                      "You will be able to access it using\n FileZilla or other SFTP clients, "
+                      "as well as mount the disk on your device to access\n it directly from your device.\n\n"
+                      "For more detailed information, you can\n find it in the support section under \"Create SFTP file storage.\" ") }
     };
 }
 
@@ -231,6 +255,7 @@ Proto ContainerProps::defaultProtocol(DockerContainer c)
     case DockerContainer::ShadowSocks: return Proto::ShadowSocks;
     case DockerContainer::WireGuard: return Proto::WireGuard;
     case DockerContainer::Awg: return Proto::Awg;
+    case DockerContainer::Xray: return Proto::Xray;
     case DockerContainer::Ipsec: return Proto::Ikev2;
 
     case DockerContainer::TorWebSite: return Proto::TorWebSite;
@@ -274,7 +299,6 @@ bool ContainerProps::isSupportedByCurrentPlatform(DockerContainer c)
 
 #elif defined(Q_OS_LINUX)
     switch (c) {
-    case DockerContainer::WireGuard: return true;
     case DockerContainer::Ipsec: return false;
     default: return true;
     }
@@ -297,7 +321,7 @@ bool ContainerProps::isEasySetupContainer(DockerContainer container)
     switch (container) {
     case DockerContainer::WireGuard: return true;
     case DockerContainer::Awg: return true;
-    case DockerContainer::Cloak: return true;
+    // case DockerContainer::Cloak: return true;
     default: return false;
     }
 }
@@ -306,8 +330,8 @@ QString ContainerProps::easySetupHeader(DockerContainer container)
 {
     switch (container) {
     case DockerContainer::WireGuard: return tr("Low");
-    case DockerContainer::Awg: return tr("Medium or High");
-    case DockerContainer::Cloak: return tr("Extreme");
+    case DockerContainer::Awg: return tr("High");
+    // case DockerContainer::Cloak: return tr("Extreme");
     default: return "";
     }
 }
@@ -317,8 +341,8 @@ QString ContainerProps::easySetupDescription(DockerContainer container)
     switch (container) {
     case DockerContainer::WireGuard: return tr("I just want to increase the level of my privacy.");
     case DockerContainer::Awg: return tr("I want to bypass censorship. This option recommended in most cases.");
-    case DockerContainer::Cloak:
-        return tr("Most VPN protocols are blocked. Recommended if other options are not working.");
+    // case DockerContainer::Cloak:
+    //     return tr("Most VPN protocols are blocked. Recommended if other options are not working.");
     default: return "";
     }
 }
@@ -328,7 +352,7 @@ int ContainerProps::easySetupOrder(DockerContainer container)
     switch (container) {
     case DockerContainer::WireGuard: return 3;
     case DockerContainer::Awg: return 2;
-    case DockerContainer::Cloak: return 1;
+    // case DockerContainer::Cloak: return 1;
     default: return 0;
     }
 }
@@ -342,3 +366,13 @@ bool ContainerProps::isShareable(DockerContainer container)
     default: return true;
     }
 }
+
+QJsonObject ContainerProps::getProtocolConfigFromContainer(const Proto protocol, const QJsonObject &containerConfig)
+{
+    QString protocolConfigString = containerConfig.value(ProtocolProps::protoToString(protocol))
+                                           .toObject()
+                                           .value(config_key::last_config)
+                                           .toString();
+
+    return QJsonDocument::fromJson(protocolConfigString.toUtf8()).object();
+}

client/containers/containers_defs.h

@@ -22,6 +22,7 @@ namespace amnezia
             Cloak,
             ShadowSocks,
             Ipsec,
+            Xray,
 
             // non-vpn
             TorWebSite,
@@ -67,6 +68,8 @@ namespace amnezia
         static int easySetupOrder(amnezia::DockerContainer container);
 
         static bool isShareable(amnezia::DockerContainer container);
+
+        static QJsonObject getProtocolConfigFromContainer(const amnezia::Proto protocol, const QJsonObject &containerConfig);
     };
 
     static void declareQmlContainerEnum()

client/core/controllers/apiController.cpp

@@ -0,0 +1,158 @@
+#include "apiController.h"
+
+#include <QEventLoop>
+#include <QNetworkAccessManager>
+#include <QNetworkReply>
+#include <QtConcurrent>
+
+#include "amnezia_application.h"
+#include "configurators/wireguard_configurator.h"
+#include "version.h"
+
+namespace
+{
+    namespace configKey
+    {
+        constexpr char cloak[] = "cloak";
+        constexpr char awg[] = "awg";
+
+        constexpr char apiEdnpoint[] = "api_endpoint";
+        constexpr char accessToken[] = "api_key";
+        constexpr char certificate[] = "certificate";
+        constexpr char publicKey[] = "public_key";
+        constexpr char protocol[] = "protocol";
+
+        constexpr char uuid[] = "installation_uuid";
+        constexpr char osVersion[] = "os_version";
+        constexpr char appVersion[] = "app_version";
+    }
+}
+
+ApiController::ApiController(QObject *parent) : QObject(parent)
+{
+}
+
+void ApiController::processApiConfig(const QString &protocol, const ApiController::ApiPayloadData &apiPayloadData, QString &config)
+{
+    if (protocol == configKey::cloak) {
+        config.replace("<key>", "<key>\n");
+        config.replace("$OPENVPN_PRIV_KEY", apiPayloadData.certRequest.privKey);
+        return;
+    } else if (protocol == configKey::awg) {
+        config.replace("$WIREGUARD_CLIENT_PRIVATE_KEY", apiPayloadData.wireGuardClientPrivKey);
+    }
+    return;
+}
+
+ApiController::ApiPayloadData ApiController::generateApiPayloadData(const QString &protocol)
+{
+    ApiController::ApiPayloadData apiPayload;
+    if (protocol == configKey::cloak) {
+        apiPayload.certRequest = OpenVpnConfigurator::createCertRequest();
+    } else if (protocol == configKey::awg) {
+        auto connData = WireguardConfigurator::genClientKeys();
+        apiPayload.wireGuardClientPubKey = connData.clientPubKey;
+        apiPayload.wireGuardClientPrivKey = connData.clientPrivKey;
+    }
+    return apiPayload;
+}
+
+QJsonObject ApiController::fillApiPayload(const QString &protocol, const ApiController::ApiPayloadData &apiPayloadData)
+{
+    QJsonObject obj;
+    if (protocol == configKey::cloak) {
+        obj[configKey::certificate] = apiPayloadData.certRequest.request;
+    } else if (protocol == configKey::awg) {
+        obj[configKey::publicKey] = apiPayloadData.wireGuardClientPubKey;
+    }
+
+    obj[configKey::osVersion] = QSysInfo::productType();
+    obj[configKey::appVersion] = QString(APP_VERSION);
+
+    return obj;
+}
+
+void ApiController::updateServerConfigFromApi(const QString &installationUuid, const int serverIndex, QJsonObject serverConfig)
+{
+#ifdef Q_OS_IOS
+    IosController::Instance()->requestInetAccess();
+    QThread::msleep(10);
+#endif
+
+    auto containerConfig = serverConfig.value(config_key::containers).toArray();
+
+    if (serverConfig.value(config_key::configVersion).toInt()) {
+        QNetworkRequest request;
+        request.setTransferTimeout(7000);
+        request.setHeader(QNetworkRequest::ContentTypeHeader, "application/json");
+        request.setRawHeader("Authorization", "Api-Key " + serverConfig.value(configKey::accessToken).toString().toUtf8());
+        QString endpoint = serverConfig.value(configKey::apiEdnpoint).toString();
+        request.setUrl(endpoint);
+
+        QString protocol = serverConfig.value(configKey::protocol).toString();
+
+        ApiPayloadData apiPayloadData = generateApiPayloadData(protocol);
+
+        QJsonObject apiPayload = fillApiPayload(protocol, apiPayloadData);
+        apiPayload[configKey::uuid] = installationUuid;
+
+        QByteArray requestBody = QJsonDocument(apiPayload).toJson();
+
+        QNetworkReply *reply = amnApp->manager()->post(request, requestBody); // ??
+
+        QObject::connect(reply, &QNetworkReply::finished, [this, reply, protocol, apiPayloadData, serverIndex, serverConfig]() mutable {
+            if (reply->error() == QNetworkReply::NoError) {
+                QString contents = QString::fromUtf8(reply->readAll());
+                QString data = QJsonDocument::fromJson(contents.toUtf8()).object().value(config_key::config).toString();
+
+                data.replace("vpn://", "");
+                QByteArray ba = QByteArray::fromBase64(data.toUtf8(), QByteArray::Base64UrlEncoding | QByteArray::OmitTrailingEquals);
+
+                if (ba.isEmpty()) {
+                    emit errorOccurred(ErrorCode::ApiConfigEmptyError);
+                    return;
+                }
+
+                QByteArray ba_uncompressed = qUncompress(ba);
+                if (!ba_uncompressed.isEmpty()) {
+                    ba = ba_uncompressed;
+                }
+
+                QString configStr = ba;
+                processApiConfig(protocol, apiPayloadData, configStr);
+
+                QJsonObject apiConfig = QJsonDocument::fromJson(configStr.toUtf8()).object();
+                serverConfig[config_key::dns1] = apiConfig.value(config_key::dns1);
+                serverConfig[config_key::dns2] = apiConfig.value(config_key::dns2);
+                serverConfig[config_key::containers] = apiConfig.value(config_key::containers);
+                serverConfig[config_key::hostName] = apiConfig.value(config_key::hostName);
+
+                auto defaultContainer = apiConfig.value(config_key::defaultContainer).toString();
+                serverConfig[config_key::defaultContainer] = defaultContainer;
+
+                emit configUpdated(true, serverConfig, serverIndex);
+            } else {
+                if (reply->error() == QNetworkReply::NetworkError::OperationCanceledError
+                    || reply->error() == QNetworkReply::NetworkError::TimeoutError) {
+                    emit errorOccurred(ErrorCode::ApiConfigTimeoutError);
+                } else {
+                    QString err = reply->errorString();
+                    qDebug() << QString::fromUtf8(reply->readAll());
+                    qDebug() << reply->error();
+                    qDebug() << err;
+                    qDebug() << reply->attribute(QNetworkRequest::HttpStatusCodeAttribute);
+                    emit errorOccurred(ErrorCode::ApiConfigDownloadError);
+                }
+            }
+
+            reply->deleteLater();
+        });
+
+        QObject::connect(reply, &QNetworkReply::errorOccurred,
+                         [this, reply](QNetworkReply::NetworkError error) { qDebug() << reply->errorString() << error; });
+        connect(reply, &QNetworkReply::sslErrors, [this, reply](const QList<QSslError> &errors) {
+            qDebug().noquote() << errors;
+            emit errorOccurred(ErrorCode::ApiConfigSslError);
+        });
+    }
+}

client/core/controllers/apiController.h

@@ -4,29 +4,28 @@
 #include <QObject>
 
 #include "configurators/openvpn_configurator.h"
-#include "ui/models/containers_model.h"
-#include "ui/models/servers_model.h"
+
+#ifdef Q_OS_IOS
+    #include "platforms/ios/ios_controller.h"
+#endif
 
 class ApiController : public QObject
 {
     Q_OBJECT
 
 public:
-    explicit ApiController(const QSharedPointer<ServersModel> &serversModel,
-                           const QSharedPointer<ContainersModel> &containersModel, QObject *parent = nullptr);
+    explicit ApiController(QObject *parent = nullptr);
 
 public slots:
-    void updateServerConfigFromApi();
-
-    void clearApiConfig();
+    void updateServerConfigFromApi(const QString &installationUuid, const int serverIndex, QJsonObject serverConfig);
 
 signals:
-    void updateStarted();
-    void updateFinished(bool isConfigUpdateStarted);
-    void errorOccurred(const QString &errorMessage);
+    void errorOccurred(ErrorCode errorCode);
+    void configUpdated(const bool updateConfig, const QJsonObject &config, const int serverIndex);
 
 private:
-    struct ApiPayloadData {
+    struct ApiPayloadData
+    {
         OpenVpnConfigurator::ConnectionData certRequest;
 
         QString wireGuardClientPrivKey;
@@ -36,9 +35,6 @@ private:
     ApiPayloadData generateApiPayloadData(const QString &protocol);
     QJsonObject fillApiPayload(const QString &protocol, const ApiController::ApiPayloadData &apiPayloadData);
     void processApiConfig(const QString &protocol, const ApiController::ApiPayloadData &apiPayloadData, QString &config);
-
-    QSharedPointer<ServersModel> m_serversModel;
-    QSharedPointer<ContainersModel> m_containersModel;
 };
 
 #endif // APICONTROLLER_H

client/core/controllers/serverController.cpp

@@ -23,13 +23,13 @@
 #include <thread>
 
 #include "containers/containers_defs.h"
-#include "logger.h"
+#include "core/networkUtilities.h"
 #include "core/scripts_registry.h"
 #include "core/server_defs.h"
+#include "logger.h"
 #include "settings.h"
 #include "utilities.h"
-
-#include <configurators/vpn_configurator.h>
+#include "vpnConfigurationController.h"
 
 namespace
 {
@@ -95,10 +95,9 @@ ErrorCode ServerController::runScript(const ServerCredentials &credentials, QStr
     return ErrorCode::NoError;
 }
 
-ErrorCode
-ServerController::runContainerScript(const ServerCredentials &credentials, DockerContainer container, QString script,
-                                     const std::function<ErrorCode(const QString &, libssh::Client &)> &cbReadStdOut,
-                                     const std::function<ErrorCode(const QString &, libssh::Client &)> &cbReadStdErr)
+ErrorCode ServerController::runContainerScript(const ServerCredentials &credentials, DockerContainer container, QString script,
+                                               const std::function<ErrorCode(const QString &, libssh::Client &)> &cbReadStdOut,
+                                               const std::function<ErrorCode(const QString &, libssh::Client &)> &cbReadStdErr)
 {
     QString fileName = "/opt/amnezia/" + Utils::getRandomString(16) + ".sh";
     Logger::appendSshLog("Run container script for " + ContainerProps::containerToString(container) + ":\n" + script);
@@ -116,9 +115,8 @@ ServerController::runContainerScript(const ServerCredentials &credentials, Docke
     return e;
 }
 
-ErrorCode ServerController::uploadTextFileToContainer(DockerContainer container, const ServerCredentials &credentials,
-                                                      const QString &file, const QString &path,
-                                                      libssh::SftpOverwriteMode overwriteMode)
+ErrorCode ServerController::uploadTextFileToContainer(DockerContainer container, const ServerCredentials &credentials, const QString &file,
+                                                      const QString &path, libssh::ScpOverwriteMode overwriteMode)
 {
     ErrorCode e = ErrorCode::NoError;
     QString tmpFileName = QString("/tmp/%1.tmp").arg(Utils::getRandomString(16));
@@ -139,7 +137,7 @@ ErrorCode ServerController::uploadTextFileToContainer(DockerContainer container,
     if (e)
         return e;
 
-    if (overwriteMode == libssh::SftpOverwriteMode::SftpOverwriteExisting) {
+    if (overwriteMode == libssh::ScpOverwriteMode::ScpOverwriteExisting) {
         e = runScript(credentials,
                       replaceVars(QString("sudo docker cp %1 $CONTAINER_NAME:/%2").arg(tmpFileName).arg(path),
                                   genVarsForScript(credentials, container)),
@@ -147,7 +145,7 @@ ErrorCode ServerController::uploadTextFileToContainer(DockerContainer container,
 
         if (e)
             return e;
-    } else if (overwriteMode == libssh::SftpOverwriteMode::SftpAppendToExisting) {
+    } else if (overwriteMode == libssh::ScpOverwriteMode::ScpAppendToExisting) {
         e = runScript(credentials,
                       replaceVars(QString("sudo docker cp %1 $CONTAINER_NAME:/%2").arg(tmpFileName).arg(tmpFileName),
                                   genVarsForScript(credentials, container)),
@@ -156,12 +154,10 @@ ErrorCode ServerController::uploadTextFileToContainer(DockerContainer container,
         if (e)
             return e;
 
-        e = runScript(
-                credentials,
-                replaceVars(
-                        QString("sudo docker exec -i $CONTAINER_NAME sh -c \"cat %1 >> %2\"").arg(tmpFileName).arg(path),
-                        genVarsForScript(credentials, container)),
-                cbReadStd, cbReadStd);
+        e = runScript(credentials,
+                      replaceVars(QString("sudo docker exec -i $CONTAINER_NAME sh -c \"cat %1 >> %2\"").arg(tmpFileName).arg(path),
+                                  genVarsForScript(credentials, container)),
+                      cbReadStd, cbReadStd);
 
         if (e)
             return e;
@@ -172,21 +168,17 @@ ErrorCode ServerController::uploadTextFileToContainer(DockerContainer container,
         return ErrorCode::ServerContainerMissingError;
     }
 
-    runScript(credentials, 
-              replaceVars(QString("sudo shred -u %1").arg(tmpFileName), genVarsForScript(credentials, container)));
+    runScript(credentials, replaceVars(QString("sudo shred -u %1").arg(tmpFileName), genVarsForScript(credentials, container)));
     return e;
 }
 
-QByteArray ServerController::getTextFileFromContainer(DockerContainer container, const ServerCredentials &credentials,
-                                                      const QString &path, ErrorCode *errorCode)
+QByteArray ServerController::getTextFileFromContainer(DockerContainer container, const ServerCredentials &credentials, const QString &path,
+                                                      ErrorCode &errorCode)
 {
 
-    if (errorCode)
-        *errorCode = ErrorCode::NoError;
+    errorCode = ErrorCode::NoError;
 
-    QString script = QString("sudo docker exec -i %1 sh -c \"xxd -p \'%2\'\"")
-                             .arg(ContainerProps::containerToString(container))
-                             .arg(path);
+    QString script = QString("sudo docker exec -i %1 sh -c \"xxd -p \'%2\'\"").arg(ContainerProps::containerToString(container)).arg(path);
 
     QString stdOut;
     auto cbReadStdOut = [&](const QString &data, libssh::Client &) {
@@ -194,12 +186,12 @@ QByteArray ServerController::getTextFileFromContainer(DockerContainer container,
         return ErrorCode::NoError;
     };
 
-    *errorCode = runScript(credentials, script, cbReadStdOut);
+    errorCode = runScript(credentials, script, cbReadStdOut);
     return QByteArray::fromHex(stdOut.toUtf8());
 }
 
-ErrorCode ServerController::uploadFileToHost(const ServerCredentials &credentials, const QByteArray &data,
-                                             const QString &remotePath, libssh::SftpOverwriteMode overwriteMode)
+ErrorCode ServerController::uploadFileToHost(const ServerCredentials &credentials, const QByteArray &data, const QString &remotePath,
+                                             libssh::ScpOverwriteMode overwriteMode)
 {
     auto error = m_sshClient.connectToHost(credentials);
     if (error != ErrorCode::NoError) {
@@ -211,13 +203,7 @@ ErrorCode ServerController::uploadFileToHost(const ServerCredentials &credential
     localFile.write(data);
     localFile.close();
 
-#ifdef Q_OS_WINDOWS
-    error = m_sshClient.sftpFileCopy(overwriteMode, localFile.fileName().toLocal8Bit().toStdString(), remotePath.toStdString(),
-                                     "non_desc");
-#else
-    error = m_sshClient.sftpFileCopy(overwriteMode, localFile.fileName().toStdString(), remotePath.toStdString(),
-                                     "non_desc");
-#endif
+    error = m_sshClient.scpFileCopy(overwriteMode, localFile.fileName(), remotePath, "non_desc");
 
     if (error != ErrorCode::NoError) {
         return error;
@@ -251,12 +237,10 @@ ErrorCode ServerController::removeAllContainers(const ServerCredentials &credent
 ErrorCode ServerController::removeContainer(const ServerCredentials &credentials, DockerContainer container)
 {
     return runScript(credentials,
-                     replaceVars(amnezia::scriptData(SharedScriptType::remove_container),
-                                 genVarsForScript(credentials, container)));
+                     replaceVars(amnezia::scriptData(SharedScriptType::remove_container), genVarsForScript(credentials, container)));
 }
 
-ErrorCode ServerController::setupContainer(const ServerCredentials &credentials, DockerContainer container,
-                                           QJsonObject &config, bool isUpdate)
+ErrorCode ServerController::setupContainer(const ServerCredentials &credentials, DockerContainer container, QJsonObject &config, bool isUpdate)
 {
     qDebug().noquote() << "ServerController::setupContainer" << ContainerProps::containerToString(container);
     ErrorCode e = ErrorCode::NoError;
@@ -316,12 +300,11 @@ ErrorCode ServerController::setupContainer(const ServerCredentials &credentials,
     return startupContainerWorker(credentials, container, config);
 }
 
-ErrorCode ServerController::updateContainer(const ServerCredentials &credentials, DockerContainer container,
-                                            const QJsonObject &oldConfig, QJsonObject &newConfig)
+ErrorCode ServerController::updateContainer(const ServerCredentials &credentials, DockerContainer container, const QJsonObject &oldConfig,
+                                            QJsonObject &newConfig)
 {
     bool reinstallRequired = isReinstallContainerRequired(container, oldConfig, newConfig);
-    qDebug() << "ServerController::updateContainer for container" << container << "reinstall required is"
-             << reinstallRequired;
+    qDebug() << "ServerController::updateContainer for container" << container << "reinstall required is" << reinstallRequired;
 
     if (reinstallRequired) {
         return setupContainer(credentials, container, newConfig, true);
@@ -334,8 +317,7 @@ ErrorCode ServerController::updateContainer(const ServerCredentials &credentials
     }
 }
 
-bool ServerController::isReinstallContainerRequired(DockerContainer container, const QJsonObject &oldConfig,
-                                                    const QJsonObject &newConfig)
+bool ServerController::isReinstallContainerRequired(DockerContainer container, const QJsonObject &oldConfig, const QJsonObject &newConfig)
 {
     Proto mainProto = ContainerProps::defaultProtocol(container);
 
@@ -365,7 +347,33 @@ bool ServerController::isReinstallContainerRequired(DockerContainer container, c
     }
 
     if (container == DockerContainer::Awg) {
-        return true;
+        if ((oldProtoConfig.value(config_key::port).toString(protocols::awg::defaultPort)
+             != newProtoConfig.value(config_key::port).toString(protocols::awg::defaultPort))
+            || (oldProtoConfig.value(config_key::junkPacketCount).toString(protocols::awg::defaultJunkPacketCount)
+                != newProtoConfig.value(config_key::junkPacketCount).toString(protocols::awg::defaultJunkPacketCount))
+            || (oldProtoConfig.value(config_key::junkPacketMinSize).toString(protocols::awg::defaultJunkPacketMinSize)
+                != newProtoConfig.value(config_key::junkPacketMinSize).toString(protocols::awg::defaultJunkPacketMinSize))
+            || (oldProtoConfig.value(config_key::junkPacketMaxSize).toString(protocols::awg::defaultJunkPacketMaxSize)
+                != newProtoConfig.value(config_key::junkPacketMaxSize).toString(protocols::awg::defaultJunkPacketMaxSize))
+            || (oldProtoConfig.value(config_key::initPacketJunkSize).toString(protocols::awg::defaultInitPacketJunkSize)
+                != newProtoConfig.value(config_key::initPacketJunkSize).toString(protocols::awg::defaultInitPacketJunkSize))
+            || (oldProtoConfig.value(config_key::responsePacketJunkSize).toString(protocols::awg::defaultResponsePacketJunkSize)
+                != newProtoConfig.value(config_key::responsePacketJunkSize).toString(protocols::awg::defaultResponsePacketJunkSize))
+            || (oldProtoConfig.value(config_key::initPacketMagicHeader).toString(protocols::awg::defaultInitPacketMagicHeader)
+                != newProtoConfig.value(config_key::initPacketMagicHeader).toString(protocols::awg::defaultInitPacketMagicHeader))
+            || (oldProtoConfig.value(config_key::responsePacketMagicHeader).toString(protocols::awg::defaultResponsePacketMagicHeader)
+                != newProtoConfig.value(config_key::responsePacketMagicHeader).toString(protocols::awg::defaultResponsePacketMagicHeader))
+            || (oldProtoConfig.value(config_key::underloadPacketMagicHeader).toString(protocols::awg::defaultUnderloadPacketMagicHeader)
+                != newProtoConfig.value(config_key::underloadPacketMagicHeader).toString(protocols::awg::defaultUnderloadPacketMagicHeader))
+            || (oldProtoConfig.value(config_key::transportPacketMagicHeader).toString(protocols::awg::defaultTransportPacketMagicHeader)
+                != newProtoConfig.value(config_key::transportPacketMagicHeader).toString(protocols::awg::defaultTransportPacketMagicHeader)))
+            return true;
+    }
+
+    if (container == DockerContainer::WireGuard) {
+        if (oldProtoConfig.value(config_key::port).toString(protocols::wireguard::defaultPort)
+            != newProtoConfig.value(config_key::port).toString(protocols::wireguard::defaultPort))
+            return true;
     }
 
     return false;
@@ -388,8 +396,7 @@ ErrorCode ServerController::installDockerWorker(const ServerCredentials &credent
     };
 
     ErrorCode error =
-            runScript(credentials,
-                      replaceVars(amnezia::scriptData(SharedScriptType::install_docker), genVarsForScript(credentials)),
+            runScript(credentials, replaceVars(amnezia::scriptData(SharedScriptType::install_docker), genVarsForScript(credentials)),
                       cbReadStdOut, cbReadStdErr);
 
     qDebug().noquote() << "ServerController::installDockerWorker" << stdOut;
@@ -401,17 +408,13 @@ ErrorCode ServerController::installDockerWorker(const ServerCredentials &credent
     return error;
 }
 
-ErrorCode ServerController::prepareHostWorker(const ServerCredentials &credentials, DockerContainer container,
-                                              const QJsonObject &config)
+ErrorCode ServerController::prepareHostWorker(const ServerCredentials &credentials, DockerContainer container, const QJsonObject &config)
 {
     // create folder on host
-    return runScript(
-            credentials,
-            replaceVars(amnezia::scriptData(SharedScriptType::prepare_host), genVarsForScript(credentials, container)));
+    return runScript(credentials, replaceVars(amnezia::scriptData(SharedScriptType::prepare_host), genVarsForScript(credentials, container)));
 }
 
-ErrorCode ServerController::buildContainerWorker(const ServerCredentials &credentials, DockerContainer container,
-                                                 const QJsonObject &config)
+ErrorCode ServerController::buildContainerWorker(const ServerCredentials &credentials, DockerContainer container, const QJsonObject &config)
 {
     ErrorCode e = uploadFileToHost(credentials, amnezia::scriptData(ProtocolScriptType::dockerfile, container).toUtf8(),
                                    amnezia::server::getDockerfileFolder(container) + "/Dockerfile");
@@ -424,13 +427,9 @@ ErrorCode ServerController::buildContainerWorker(const ServerCredentials &creden
         stdOut += data + "\n";
         return ErrorCode::NoError;
     };
-    //    auto cbReadStdErr = [&](const QString &data, QSharedPointer<QSsh::SshRemoteProcess> proc) {
-    //        stdOut += data + "\n";
-    //    };
 
     e = runScript(credentials,
-                  replaceVars(amnezia::scriptData(SharedScriptType::build_container),
-                              genVarsForScript(credentials, container, config)),
+                  replaceVars(amnezia::scriptData(SharedScriptType::build_container), genVarsForScript(credentials, container, config)),
                   cbReadStdOut);
     if (e)
         return e;
@@ -438,17 +437,13 @@ ErrorCode ServerController::buildContainerWorker(const ServerCredentials &creden
     return e;
 }
 
-ErrorCode ServerController::runContainerWorker(const ServerCredentials &credentials, DockerContainer container,
-                                               QJsonObject &config)
+ErrorCode ServerController::runContainerWorker(const ServerCredentials &credentials, DockerContainer container, QJsonObject &config)
 {
     QString stdOut;
     auto cbReadStdOut = [&](const QString &data, libssh::Client &) {
         stdOut += data + "\n";
         return ErrorCode::NoError;
     };
-    // auto cbReadStdErr = [&](const QString &data, QSharedPointer<QSsh::SshRemoteProcess> proc) {
-    //     stdOut += data + "\n";
-    // };
 
     ErrorCode e = runScript(credentials,
                             replaceVars(amnezia::scriptData(ProtocolScriptType::run_container, container),
@@ -465,8 +460,7 @@ ErrorCode ServerController::runContainerWorker(const ServerCredentials &credenti
     return e;
 }
 
-ErrorCode ServerController::configureContainerWorker(const ServerCredentials &credentials, DockerContainer container,
-                                                     QJsonObject &config)
+ErrorCode ServerController::configureContainerWorker(const ServerCredentials &credentials, DockerContainer container, QJsonObject &config)
 {
     QString stdOut;
     auto cbReadStdOut = [&](const QString &data, libssh::Client &) {
@@ -483,13 +477,12 @@ ErrorCode ServerController::configureContainerWorker(const ServerCredentials &cr
                                                  genVarsForScript(credentials, container, config)),
                                      cbReadStdOut, cbReadStdErr);
 
-    m_configurator->updateContainerConfigAfterInstallation(container, config, stdOut);
+    VpnConfigurationsController::updateContainerConfigAfterInstallation(container, config, stdOut);
 
     return e;
 }
 
-ErrorCode ServerController::startupContainerWorker(const ServerCredentials &credentials, DockerContainer container,
-                                                   const QJsonObject &config)
+ErrorCode ServerController::startupContainerWorker(const ServerCredentials &credentials, DockerContainer container, const QJsonObject &config)
 {
     QString script = amnezia::scriptData(ProtocolScriptType::container_startup, container);
 
@@ -497,8 +490,7 @@ ErrorCode ServerController::startupContainerWorker(const ServerCredentials &cred
         return ErrorCode::NoError;
     }
 
-    ErrorCode e = uploadTextFileToContainer(container, credentials,
-                                            replaceVars(script, genVarsForScript(credentials, container, config)),
+    ErrorCode e = uploadTextFileToContainer(container, credentials, replaceVars(script, genVarsForScript(credentials, container, config)),
                                             "/opt/amnezia/start.sh");
     if (e)
         return e;
@@ -509,14 +501,15 @@ ErrorCode ServerController::startupContainerWorker(const ServerCredentials &cred
                                  genVarsForScript(credentials, container, config)));
 }
 
-ServerController::Vars ServerController::genVarsForScript(const ServerCredentials &credentials,
-                                                          DockerContainer container, const QJsonObject &config)
+ServerController::Vars ServerController::genVarsForScript(const ServerCredentials &credentials, DockerContainer container,
+                                                          const QJsonObject &config)
 {
     const QJsonObject &openvpnConfig = config.value(ProtocolProps::protoToString(Proto::OpenVpn)).toObject();
     const QJsonObject &cloakConfig = config.value(ProtocolProps::protoToString(Proto::Cloak)).toObject();
     const QJsonObject &ssConfig = config.value(ProtocolProps::protoToString(Proto::ShadowSocks)).toObject();
     const QJsonObject &wireguarConfig = config.value(ProtocolProps::protoToString(Proto::WireGuard)).toObject();
     const QJsonObject &amneziaWireguarConfig = config.value(ProtocolProps::protoToString(Proto::Awg)).toObject();
+    const QJsonObject &xrayConfig = config.value(ProtocolProps::protoToString(Proto::Xray)).toObject();
     const QJsonObject &sftpConfig = config.value(ProtocolProps::protoToString(Proto::Sftp)).toObject();
 
     Vars vars;
@@ -524,24 +517,19 @@ ServerController::Vars ServerController::genVarsForScript(const ServerCredential
     vars.append({ { "$REMOTE_HOST", credentials.hostName } });
 
     // OpenVPN vars
-    vars.append(
-            { { "$OPENVPN_SUBNET_IP",
-                openvpnConfig.value(config_key::subnet_address).toString(protocols::openvpn::defaultSubnetAddress) } });
-    vars.append({ { "$OPENVPN_SUBNET_CIDR",
-                    openvpnConfig.value(config_key::subnet_cidr).toString(protocols::openvpn::defaultSubnetCidr) } });
-    vars.append({ { "$OPENVPN_SUBNET_MASK",
-                    openvpnConfig.value(config_key::subnet_mask).toString(protocols::openvpn::defaultSubnetMask) } });
+    vars.append({ { "$OPENVPN_SUBNET_IP",
+                    openvpnConfig.value(config_key::subnet_address).toString(protocols::openvpn::defaultSubnetAddress) } });
+    vars.append({ { "$OPENVPN_SUBNET_CIDR", openvpnConfig.value(config_key::subnet_cidr).toString(protocols::openvpn::defaultSubnetCidr) } });
+    vars.append({ { "$OPENVPN_SUBNET_MASK", openvpnConfig.value(config_key::subnet_mask).toString(protocols::openvpn::defaultSubnetMask) } });
 
     vars.append({ { "$OPENVPN_PORT", openvpnConfig.value(config_key::port).toString(protocols::openvpn::defaultPort) } });
-    vars.append(
-            { { "$OPENVPN_TRANSPORT_PROTO",
-                openvpnConfig.value(config_key::transport_proto).toString(protocols::openvpn::defaultTransportProto) } });
+    vars.append({ { "$OPENVPN_TRANSPORT_PROTO",
+                    openvpnConfig.value(config_key::transport_proto).toString(protocols::openvpn::defaultTransportProto) } });
 
     bool isNcpDisabled = openvpnConfig.value(config_key::ncp_disable).toBool(protocols::openvpn::defaultNcpDisable);
     vars.append({ { "$OPENVPN_NCP_DISABLE", isNcpDisabled ? protocols::openvpn::ncpDisableString : "" } });
 
-    vars.append({ { "$OPENVPN_CIPHER",
-                    openvpnConfig.value(config_key::cipher).toString(protocols::openvpn::defaultCipher) } });
+    vars.append({ { "$OPENVPN_CIPHER", openvpnConfig.value(config_key::cipher).toString(protocols::openvpn::defaultCipher) } });
     vars.append({ { "$OPENVPN_HASH", openvpnConfig.value(config_key::hash).toString(protocols::openvpn::defaultHash) } });
 
     bool isTlsAuth = openvpnConfig.value(config_key::tls_auth).toBool(protocols::openvpn::defaultTlsAuth);
@@ -552,39 +540,35 @@ ServerController::Vars ServerController::genVarsForScript(const ServerCredential
     }
 
     vars.append({ { "$OPENVPN_ADDITIONAL_CLIENT_CONFIG",
-                    openvpnConfig.value(config_key::additional_client_config)
-                            .toString(protocols::openvpn::defaultAdditionalClientConfig) } });
+                    openvpnConfig.value(config_key::additional_client_config).toString(protocols::openvpn::defaultAdditionalClientConfig) } });
     vars.append({ { "$OPENVPN_ADDITIONAL_SERVER_CONFIG",
-                    openvpnConfig.value(config_key::additional_server_config)
-                            .toString(protocols::openvpn::defaultAdditionalServerConfig) } });
+                    openvpnConfig.value(config_key::additional_server_config).toString(protocols::openvpn::defaultAdditionalServerConfig) } });
 
     // ShadowSocks vars
-    vars.append({ { "$SHADOWSOCKS_SERVER_PORT",
-                    ssConfig.value(config_key::port).toString(protocols::shadowsocks::defaultPort) } });
+    vars.append({ { "$SHADOWSOCKS_SERVER_PORT", ssConfig.value(config_key::port).toString(protocols::shadowsocks::defaultPort) } });
     vars.append({ { "$SHADOWSOCKS_LOCAL_PORT",
                     ssConfig.value(config_key::local_port).toString(protocols::shadowsocks::defaultLocalProxyPort) } });
-    vars.append({ { "$SHADOWSOCKS_CIPHER",
-                    ssConfig.value(config_key::cipher).toString(protocols::shadowsocks::defaultCipher) } });
+    vars.append({ { "$SHADOWSOCKS_CIPHER", ssConfig.value(config_key::cipher).toString(protocols::shadowsocks::defaultCipher) } });
 
     vars.append({ { "$CONTAINER_NAME", ContainerProps::containerToString(container) } });
     vars.append({ { "$DOCKERFILE_FOLDER", "/opt/amnezia/" + ContainerProps::containerToString(container) } });
 
     // Cloak vars
     vars.append({ { "$CLOAK_SERVER_PORT", cloakConfig.value(config_key::port).toString(protocols::cloak::defaultPort) } });
-    vars.append({ { "$FAKE_WEB_SITE_ADDRESS",
-                    cloakConfig.value(config_key::site).toString(protocols::cloak::defaultRedirSite) } });
+    vars.append({ { "$FAKE_WEB_SITE_ADDRESS", cloakConfig.value(config_key::site).toString(protocols::cloak::defaultRedirSite) } });
+
+    // Xray vars
+    vars.append({ { "$XRAY_SITE_NAME", xrayConfig.value(config_key::site).toString(protocols::xray::defaultSite) } });
 
     // Wireguard vars
-    vars.append(
-            { { "$WIREGUARD_SUBNET_IP",
-                wireguarConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress) } });
+    vars.append({ { "$WIREGUARD_SUBNET_IP",
+                    wireguarConfig.value(config_key::subnet_address).toString(protocols::wireguard::defaultSubnetAddress) } });
     vars.append({ { "$WIREGUARD_SUBNET_CIDR",
                     wireguarConfig.value(config_key::subnet_cidr).toString(protocols::wireguard::defaultSubnetCidr) } });
     vars.append({ { "$WIREGUARD_SUBNET_MASK",
                     wireguarConfig.value(config_key::subnet_mask).toString(protocols::wireguard::defaultSubnetMask) } });
 
-    vars.append({ { "$WIREGUARD_SERVER_PORT",
-                    wireguarConfig.value(config_key::port).toString(protocols::wireguard::defaultPort) } });
+    vars.append({ { "$WIREGUARD_SERVER_PORT", wireguarConfig.value(config_key::port).toString(protocols::wireguard::defaultPort) } });
 
     // IPsec vars
     vars.append({ { "$IPSEC_VPN_L2TP_NET", "192.168.42.0/24" } });
@@ -607,32 +591,24 @@ ServerController::Vars ServerController::genVarsForScript(const ServerCredential
     vars.append({ { "$SECONDARY_SERVER_DNS", m_settings->secondaryDns() } });
 
     // Sftp vars
-    vars.append(
-            { { "$SFTP_PORT",
-                sftpConfig.value(config_key::port).toString(QString::number(ProtocolProps::defaultPort(Proto::Sftp))) } });
+    vars.append({ { "$SFTP_PORT", sftpConfig.value(config_key::port).toString(QString::number(ProtocolProps::defaultPort(Proto::Sftp))) } });
     vars.append({ { "$SFTP_USER", sftpConfig.value(config_key::userName).toString() } });
     vars.append({ { "$SFTP_PASSWORD", sftpConfig.value(config_key::password).toString() } });
 
     // Amnezia wireguard vars
-    vars.append({ { "$AWG_SERVER_PORT",
-                    amneziaWireguarConfig.value(config_key::port).toString(protocols::awg::defaultPort) } });
+    vars.append({ { "$AWG_SERVER_PORT", amneziaWireguarConfig.value(config_key::port).toString(protocols::awg::defaultPort) } });
 
     vars.append({ { "$JUNK_PACKET_COUNT", amneziaWireguarConfig.value(config_key::junkPacketCount).toString() } });
     vars.append({ { "$JUNK_PACKET_MIN_SIZE", amneziaWireguarConfig.value(config_key::junkPacketMinSize).toString() } });
     vars.append({ { "$JUNK_PACKET_MAX_SIZE", amneziaWireguarConfig.value(config_key::junkPacketMaxSize).toString() } });
     vars.append({ { "$INIT_PACKET_JUNK_SIZE", amneziaWireguarConfig.value(config_key::initPacketJunkSize).toString() } });
-    vars.append({ { "$RESPONSE_PACKET_JUNK_SIZE",
-                    amneziaWireguarConfig.value(config_key::responsePacketJunkSize).toString() } });
-    vars.append({ { "$INIT_PACKET_MAGIC_HEADER",
-                    amneziaWireguarConfig.value(config_key::initPacketMagicHeader).toString() } });
-    vars.append({ { "$RESPONSE_PACKET_MAGIC_HEADER",
-                    amneziaWireguarConfig.value(config_key::responsePacketMagicHeader).toString() } });
-    vars.append({ { "$UNDERLOAD_PACKET_MAGIC_HEADER",
-                    amneziaWireguarConfig.value(config_key::underloadPacketMagicHeader).toString() } });
-    vars.append({ { "$TRANSPORT_PACKET_MAGIC_HEADER",
-                    amneziaWireguarConfig.value(config_key::transportPacketMagicHeader).toString() } });
+    vars.append({ { "$RESPONSE_PACKET_JUNK_SIZE", amneziaWireguarConfig.value(config_key::responsePacketJunkSize).toString() } });
+    vars.append({ { "$INIT_PACKET_MAGIC_HEADER", amneziaWireguarConfig.value(config_key::initPacketMagicHeader).toString() } });
+    vars.append({ { "$RESPONSE_PACKET_MAGIC_HEADER", amneziaWireguarConfig.value(config_key::responsePacketMagicHeader).toString() } });
+    vars.append({ { "$UNDERLOAD_PACKET_MAGIC_HEADER", amneziaWireguarConfig.value(config_key::underloadPacketMagicHeader).toString() } });
+    vars.append({ { "$TRANSPORT_PACKET_MAGIC_HEADER", amneziaWireguarConfig.value(config_key::transportPacketMagicHeader).toString() } });
 
-    QString serverIp = Utils::getIPAddress(credentials.hostName);
+    QString serverIp = NetworkUtilities::getIPAddress(credentials.hostName);
     if (!serverIp.isEmpty()) {
         vars.append({ { "$SERVER_IP_ADDRESS", serverIp } });
     } else {
@@ -642,7 +618,7 @@ ServerController::Vars ServerController::genVarsForScript(const ServerCredential
     return vars;
 }
 
-QString ServerController::checkSshConnection(const ServerCredentials &credentials, ErrorCode *errorCode)
+QString ServerController::checkSshConnection(const ServerCredentials &credentials, ErrorCode &errorCode)
 {
     QString stdOut;
     auto cbReadStdOut = [&](const QString &data, libssh::Client &) {
@@ -654,11 +630,7 @@ QString ServerController::checkSshConnection(const ServerCredentials &credential
         return ErrorCode::NoError;
     };
 
-    ErrorCode e =
-            runScript(credentials, amnezia::scriptData(SharedScriptType::check_connection), cbReadStdOut, cbReadStdErr);
-
-    if (errorCode)
-        *errorCode = e;
+    errorCode = runScript(credentials, amnezia::scriptData(SharedScriptType::check_connection), cbReadStdOut, cbReadStdErr);
 
     return stdOut;
 }
@@ -670,9 +642,7 @@ void ServerController::cancelInstallation()
 
 ErrorCode ServerController::setupServerFirewall(const ServerCredentials &credentials)
 {
-    return runScript(
-            credentials,
-            replaceVars(amnezia::scriptData(SharedScriptType::setup_host_firewall), genVarsForScript(credentials)));
+    return runScript(credentials, replaceVars(amnezia::scriptData(SharedScriptType::setup_host_firewall), genVarsForScript(credentials)));
 }
 
 QString ServerController::replaceVars(const QString &script, const Vars &vars)
@@ -684,8 +654,7 @@ QString ServerController::replaceVars(const QString &script, const Vars &vars)
     return s;
 }
 
-ErrorCode ServerController::isServerPortBusy(const ServerCredentials &credentials, DockerContainer container,
-                                             const QJsonObject &config)
+ErrorCode ServerController::isServerPortBusy(const ServerCredentials &credentials, DockerContainer container, const QJsonObject &config)
 {
     if (container == DockerContainer::Dns) {
         return ErrorCode::NoError;
@@ -708,15 +677,12 @@ ErrorCode ServerController::isServerPortBusy(const ServerCredentials &credential
     QStringList fixedPorts = ContainerProps::fixedPortsForContainer(container);
 
     QString defaultPort("%1");
-    QString port =
-            containerConfig.value(config_key::port).toString(defaultPort.arg(ProtocolProps::defaultPort(protocol)));
-    QString defaultTransportProto =
-            ProtocolProps::transportProtoToString(ProtocolProps::defaultTransportProto(protocol), protocol);
+    QString port = containerConfig.value(config_key::port).toString(defaultPort.arg(ProtocolProps::defaultPort(protocol)));
+    QString defaultTransportProto = ProtocolProps::transportProtoToString(ProtocolProps::defaultTransportProto(protocol), protocol);
     QString transportProto = containerConfig.value(config_key::transport_proto).toString(defaultTransportProto);
 
     // TODO reimplement with netstat
-    QString script =
-            QString("which lsof &>/dev/null || true && sudo lsof -i -P -n 2>/dev/null | grep -E ':%1 ").arg(port);
+    QString script = QString("which lsof &>/dev/null || true && sudo lsof -i -P -n 2>/dev/null | grep -E ':%1 ").arg(port);
     for (auto &port : fixedPorts) {
         script = script.append("|:%1").arg(port);
     }
@@ -726,8 +692,7 @@ ErrorCode ServerController::isServerPortBusy(const ServerCredentials &credential
         script = script.append(" | grep LISTEN");
     }
 
-    ErrorCode errorCode = runScript(credentials, replaceVars(script, genVarsForScript(credentials, container)),
-                                    cbReadStdOut, cbReadStdErr);
+    ErrorCode errorCode = runScript(credentials, replaceVars(script, genVarsForScript(credentials, container)), cbReadStdOut, cbReadStdErr);
     if (errorCode != ErrorCode::NoError) {
         return errorCode;
     }
@@ -755,8 +720,7 @@ ErrorCode ServerController::isUserInSudo(const ServerCredentials &credentials, D
     };
 
     const QString scriptData = amnezia::scriptData(SharedScriptType::check_user_in_sudo);
-    ErrorCode error =
-            runScript(credentials, replaceVars(scriptData, genVarsForScript(credentials)), cbReadStdOut, cbReadStdErr);
+    ErrorCode error = runScript(credentials, replaceVars(scriptData, genVarsForScript(credentials)), cbReadStdOut, cbReadStdErr);
 
     if (!stdOut.contains("sudo"))
         return ErrorCode::ServerUserNotInSudo;
@@ -786,9 +750,7 @@ ErrorCode ServerController::isServerDpkgBusy(const ServerCredentials &credential
                 return ErrorCode::ServerCancelInstallation;
             }
             stdOut.clear();
-            runScript(credentials,
-                      replaceVars(amnezia::scriptData(SharedScriptType::check_server_is_busy),
-                                  genVarsForScript(credentials)),
+            runScript(credentials, replaceVars(amnezia::scriptData(SharedScriptType::check_server_is_busy), genVarsForScript(credentials)),
                       cbReadStdOut, cbReadStdErr);
 
             if (stdOut.contains("Packet manager not found"))
@@ -819,147 +781,6 @@ ErrorCode ServerController::isServerDpkgBusy(const ServerCredentials &credential
     return future.result();
 }
 
-ErrorCode ServerController::getAlreadyInstalledContainers(const ServerCredentials &credentials,
-                                                          QMap<DockerContainer, QJsonObject> &installedContainers)
-{
-    QString stdOut;
-    auto cbReadStdOut = [&](const QString &data, libssh::Client &) {
-        stdOut += data + "\n";
-        return ErrorCode::NoError;
-    };
-    auto cbReadStdErr = [&](const QString &data, libssh::Client &) {
-        stdOut += data + "\n";
-        return ErrorCode::NoError;
-    };
-
-    QString script = QString("sudo docker ps --format '{{.Names}} {{.Ports}}'");
-
-    ErrorCode errorCode = runScript(credentials, script, cbReadStdOut, cbReadStdErr);
-    if (errorCode != ErrorCode::NoError) {
-        return errorCode;
-    }
-
-    auto containersInfo = stdOut.split("\n");
-    for (auto &containerInfo : containersInfo) {
-        if (containerInfo.isEmpty()) {
-            continue;
-        }
-        const static QRegularExpression containerAndPortRegExp("(amnezia[-a-z]*).*?:([0-9]*)->[0-9]*/(udp|tcp).*");
-        QRegularExpressionMatch containerAndPortMatch = containerAndPortRegExp.match(containerInfo);
-        if (containerAndPortMatch.hasMatch()) {
-            QString name = containerAndPortMatch.captured(1);
-            QString port = containerAndPortMatch.captured(2);
-            QString transportProto = containerAndPortMatch.captured(3);
-            DockerContainer container = ContainerProps::containerFromString(name);
-
-            QJsonObject config;
-            Proto mainProto = ContainerProps::defaultProtocol(container);
-            for (auto protocol : ContainerProps::protocolsForContainer(container)) {
-                QJsonObject containerConfig;
-                if (protocol == mainProto) {
-                    containerConfig.insert(config_key::port, port);
-                    containerConfig.insert(config_key::transport_proto, transportProto);
-
-                    if (protocol == Proto::Awg) {
-                        QString serverConfig = getTextFileFromContainer(container, credentials, protocols::awg::serverConfigPath, &errorCode);
-
-                        QMap<QString, QString> serverConfigMap;
-                        auto serverConfigLines = serverConfig.split("\n");
-                        for (auto &line : serverConfigLines) {
-                            auto trimmedLine = line.trimmed();
-                            if (trimmedLine.startsWith("[") && trimmedLine.endsWith("]")) {
-                                continue;
-                            } else {
-                                QStringList parts = trimmedLine.split(" = ");
-                                if (parts.count() == 2) {
-                                    serverConfigMap.insert(parts[0].trimmed(), parts[1].trimmed());
-                                }
-                            }
-                        }
-
-                        containerConfig[config_key::junkPacketCount] = serverConfigMap.value(config_key::junkPacketCount);
-                        containerConfig[config_key::junkPacketMinSize] = serverConfigMap.value(config_key::junkPacketMinSize);
-                        containerConfig[config_key::junkPacketMaxSize] = serverConfigMap.value(config_key::junkPacketMaxSize);
-                        containerConfig[config_key::initPacketJunkSize] = serverConfigMap.value(config_key::initPacketJunkSize);
-                        containerConfig[config_key::responsePacketJunkSize] = serverConfigMap.value(config_key::responsePacketJunkSize);
-                        containerConfig[config_key::initPacketMagicHeader] = serverConfigMap.value(config_key::initPacketMagicHeader);
-                        containerConfig[config_key::responsePacketMagicHeader] = serverConfigMap.value(config_key::responsePacketMagicHeader);
-                        containerConfig[config_key::underloadPacketMagicHeader] = serverConfigMap.value(config_key::underloadPacketMagicHeader);
-                        containerConfig[config_key::transportPacketMagicHeader] = serverConfigMap.value(config_key::transportPacketMagicHeader);
-                    } else if (protocol == Proto::Sftp) {
-                        stdOut.clear();
-                        script = QString("sudo docker inspect --format '{{.Config.Cmd}}' %1").arg(name);
-
-                        ErrorCode errorCode = runScript(credentials, script, cbReadStdOut, cbReadStdErr);
-                        if (errorCode != ErrorCode::NoError) {
-                            return errorCode;
-                        }
-
-                        auto sftpInfo = stdOut.split(":");
-                        if (sftpInfo.size() < 2) {
-                            logger.error() << "Key parameters for the sftp container are missing";
-                            continue;
-                        }
-                        auto userName = sftpInfo.at(0);
-                        userName = userName.remove(0, 1);
-                        auto password = sftpInfo.at(1);
-
-                        containerConfig.insert(config_key::userName, userName);
-                        containerConfig.insert(config_key::password, password);
-                    }
-
-                    config.insert(config_key::container, ContainerProps::containerToString(container));
-                }
-                config.insert(ProtocolProps::protoToString(protocol), containerConfig);
-            }
-            installedContainers.insert(container, config);
-        }
-        const static QRegularExpression torOrDnsRegExp("(amnezia-(?:torwebsite|dns)).*?([0-9]*)/(udp|tcp).*");
-        QRegularExpressionMatch torOrDnsRegMatch = torOrDnsRegExp.match(containerInfo);
-        if (torOrDnsRegMatch.hasMatch()) {
-            QString name = torOrDnsRegMatch.captured(1);
-            QString port = torOrDnsRegMatch.captured(2);
-            QString transportProto = torOrDnsRegMatch.captured(3);
-            DockerContainer container = ContainerProps::containerFromString(name);
-
-            QJsonObject config;
-            Proto mainProto = ContainerProps::defaultProtocol(container);
-            for (auto protocol : ContainerProps::protocolsForContainer(container)) {
-                QJsonObject containerConfig;
-                if (protocol == mainProto) {
-                    containerConfig.insert(config_key::port, port);
-                    containerConfig.insert(config_key::transport_proto, transportProto);
-
-                    if (protocol == Proto::TorWebSite) {
-                        stdOut.clear();
-                        script = QString("sudo docker exec -i %1 sh -c 'cat /var/lib/tor/hidden_service/hostname'").arg(name);
-
-                        ErrorCode errorCode = runScript(credentials, script, cbReadStdOut, cbReadStdErr);
-                        if (errorCode != ErrorCode::NoError) {
-                            return errorCode;
-                        }
-
-                        if (stdOut.isEmpty()) {
-                            logger.error() << "Key parameters for the tor container are missing";
-                            continue;
-                        }
-
-                        QString onion = stdOut;
-                        onion.replace("\n", "");
-                        containerConfig.insert(config_key::site, onion);
-                    }
-
-                    config.insert(config_key::container, ContainerProps::containerToString(container));
-                }
-                config.insert(ProtocolProps::protoToString(protocol), containerConfig);
-            }
-            installedContainers.insert(container, config);
-        }
-    }
-
-    return ErrorCode::NoError;
-}
-
 ErrorCode ServerController::getDecryptedPrivateKey(const ServerCredentials &credentials, QString &decryptedPrivateKey,
                                                    const std::function<QString()> &callback)
 {

client/core/controllers/serverController.h

@@ -25,22 +25,18 @@ public:
     ErrorCode rebootServer(const ServerCredentials &credentials);
     ErrorCode removeAllContainers(const ServerCredentials &credentials);
     ErrorCode removeContainer(const ServerCredentials &credentials, DockerContainer container);
-    ErrorCode setupContainer(const ServerCredentials &credentials, DockerContainer container, QJsonObject &config,
-                             bool isUpdate = false);
-    ErrorCode updateContainer(const ServerCredentials &credentials, DockerContainer container,
-                              const QJsonObject &oldConfig, QJsonObject &newConfig);
-
-    ErrorCode getAlreadyInstalledContainers(const ServerCredentials &credentials,
-                                            QMap<DockerContainer, QJsonObject> &installedContainers);
+    ErrorCode setupContainer(const ServerCredentials &credentials, DockerContainer container, QJsonObject &config, bool isUpdate = false);
+    ErrorCode updateContainer(const ServerCredentials &credentials, DockerContainer container, const QJsonObject &oldConfig,
+                              QJsonObject &newConfig);
 
     ErrorCode startupContainerWorker(const ServerCredentials &credentials, DockerContainer container,
                                      const QJsonObject &config = QJsonObject());
 
-    ErrorCode uploadTextFileToContainer(
-            DockerContainer container, const ServerCredentials &credentials, const QString &file, const QString &path,
-            libssh::SftpOverwriteMode overwriteMode = libssh::SftpOverwriteMode::SftpOverwriteExisting);
-    QByteArray getTextFileFromContainer(DockerContainer container, const ServerCredentials &credentials,
-                                        const QString &path, ErrorCode *errorCode = nullptr);
+    ErrorCode uploadTextFileToContainer(DockerContainer container, const ServerCredentials &credentials, const QString &file,
+                                        const QString &path,
+                                        libssh::ScpOverwriteMode overwriteMode = libssh::ScpOverwriteMode::ScpOverwriteExisting);
+    QByteArray getTextFileFromContainer(DockerContainer container, const ServerCredentials &credentials, const QString &path,
+                                        ErrorCode &errorCode);
 
     QString replaceVars(const QString &script, const Vars &vars);
     Vars genVarsForScript(const ServerCredentials &credentials, DockerContainer container = DockerContainer::None,
@@ -50,12 +46,11 @@ public:
                         const std::function<ErrorCode(const QString &, libssh::Client &)> &cbReadStdOut = nullptr,
                         const std::function<ErrorCode(const QString &, libssh::Client &)> &cbReadStdErr = nullptr);
 
-    ErrorCode
-    runContainerScript(const ServerCredentials &credentials, DockerContainer container, QString script,
-                       const std::function<ErrorCode(const QString &, libssh::Client &)> &cbReadStdOut = nullptr,
-                       const std::function<ErrorCode(const QString &, libssh::Client &)> &cbReadStdErr = nullptr);
+    ErrorCode runContainerScript(const ServerCredentials &credentials, DockerContainer container, QString script,
+                                 const std::function<ErrorCode(const QString &, libssh::Client &)> &cbReadStdOut = nullptr,
+                                 const std::function<ErrorCode(const QString &, libssh::Client &)> &cbReadStdErr = nullptr);
 
-    QString checkSshConnection(const ServerCredentials &credentials, ErrorCode *errorCode = nullptr);
+    QString checkSshConnection(const ServerCredentials &credentials, ErrorCode &errorCode);
 
     void cancelInstallation();
 
@@ -64,23 +59,19 @@ public:
 
 private:
     ErrorCode installDockerWorker(const ServerCredentials &credentials, DockerContainer container);
-    ErrorCode prepareHostWorker(const ServerCredentials &credentials, DockerContainer container,
-                                const QJsonObject &config = QJsonObject());
+    ErrorCode prepareHostWorker(const ServerCredentials &credentials, DockerContainer container, const QJsonObject &config = QJsonObject());
     ErrorCode buildContainerWorker(const ServerCredentials &credentials, DockerContainer container,
                                    const QJsonObject &config = QJsonObject());
     ErrorCode runContainerWorker(const ServerCredentials &credentials, DockerContainer container, QJsonObject &config);
-    ErrorCode configureContainerWorker(const ServerCredentials &credentials, DockerContainer container,
-                                       QJsonObject &config);
+    ErrorCode configureContainerWorker(const ServerCredentials &credentials, DockerContainer container, QJsonObject &config);
 
-    ErrorCode isServerPortBusy(const ServerCredentials &credentials, DockerContainer container,
-                               const QJsonObject &config);
-    bool isReinstallContainerRequired(DockerContainer container, const QJsonObject &oldConfig,
-                                      const QJsonObject &newConfig);
+    ErrorCode isServerPortBusy(const ServerCredentials &credentials, DockerContainer container, const QJsonObject &config);
+    bool isReinstallContainerRequired(DockerContainer container, const QJsonObject &oldConfig, const QJsonObject &newConfig);
     ErrorCode isUserInSudo(const ServerCredentials &credentials, DockerContainer container);
     ErrorCode isServerDpkgBusy(const ServerCredentials &credentials, DockerContainer container);
 
     ErrorCode uploadFileToHost(const ServerCredentials &credentials, const QByteArray &data, const QString &remotePath,
-                               libssh::SftpOverwriteMode overwriteMode = libssh::SftpOverwriteMode::SftpOverwriteExisting);
+                               libssh::ScpOverwriteMode overwriteMode = libssh::ScpOverwriteMode::ScpOverwriteExisting);
 
     ErrorCode setupServerFirewall(const ServerCredentials &credentials);
 

client/core/controllers/vpnConfigurationController.cpp

@@ -0,0 +1,138 @@
+#include "vpnConfigurationController.h"
+
+#include "configurators/awg_configurator.h"
+#include "configurators/cloak_configurator.h"
+#include "configurators/ikev2_configurator.h"
+#include "configurators/openvpn_configurator.h"
+#include "configurators/shadowsocks_configurator.h"
+#include "configurators/wireguard_configurator.h"
+#include "configurators/xray_configurator.h"
+
+VpnConfigurationsController::VpnConfigurationsController(const std::shared_ptr<Settings> &settings,
+                                                         QSharedPointer<ServerController> serverController, QObject *parent)
+    : QObject { parent }, m_settings(settings), m_serverController(serverController)
+{
+}
+
+QScopedPointer<ConfiguratorBase> VpnConfigurationsController::createConfigurator(const Proto protocol)
+{
+    switch (protocol) {
+    case Proto::OpenVpn: return QScopedPointer<ConfiguratorBase>(new OpenVpnConfigurator(m_settings, m_serverController));
+    case Proto::ShadowSocks: return QScopedPointer<ConfiguratorBase>(new ShadowSocksConfigurator(m_settings, m_serverController));
+    case Proto::Cloak: return QScopedPointer<ConfiguratorBase>(new CloakConfigurator(m_settings, m_serverController));
+    case Proto::WireGuard: return QScopedPointer<ConfiguratorBase>(new WireguardConfigurator(m_settings, m_serverController, false));
+    case Proto::Awg: return QScopedPointer<ConfiguratorBase>(new AwgConfigurator(m_settings, m_serverController));
+    case Proto::Ikev2: return QScopedPointer<ConfiguratorBase>(new Ikev2Configurator(m_settings, m_serverController));
+    case Proto::Xray: return QScopedPointer<ConfiguratorBase>(new XrayConfigurator(m_settings, m_serverController));
+    default: return QScopedPointer<ConfiguratorBase>();
+    }
+}
+
+ErrorCode VpnConfigurationsController::createProtocolConfigForContainer(const ServerCredentials &credentials,
+                                                                        const DockerContainer container, QJsonObject &containerConfig)
+{
+    ErrorCode errorCode = ErrorCode::NoError;
+
+    if (ContainerProps::containerService(container) == ServiceType::Other) {
+        return errorCode;
+    }
+
+    for (Proto protocol : ContainerProps::protocolsForContainer(container)) {
+        QJsonObject protocolConfig = containerConfig.value(ProtocolProps::protoToString(protocol)).toObject();
+
+        auto configurator = createConfigurator(protocol);
+        QString protocolConfigString = configurator->createConfig(credentials, container, containerConfig, errorCode);
+        if (errorCode != ErrorCode::NoError) {
+            return errorCode;
+        }
+
+        protocolConfig.insert(config_key::last_config, protocolConfigString);
+        containerConfig.insert(ProtocolProps::protoToString(protocol), protocolConfig);
+    }
+
+    return errorCode;
+}
+
+ErrorCode VpnConfigurationsController::createProtocolConfigString(const bool isApiConfig, const QPair<QString, QString> &dns,
+                                                                  const ServerCredentials &credentials, const DockerContainer container,
+                                                                  const QJsonObject &containerConfig, const Proto protocol,
+                                                                  QString &protocolConfigString)
+{
+    ErrorCode errorCode = ErrorCode::NoError;
+
+    if (ContainerProps::containerService(container) == ServiceType::Other) {
+        return errorCode;
+    }
+
+    auto configurator = createConfigurator(protocol);
+
+    protocolConfigString = configurator->createConfig(credentials, container, containerConfig, errorCode);
+    if (errorCode != ErrorCode::NoError) {
+        return errorCode;
+    }
+    protocolConfigString = configurator->processConfigWithExportSettings(dns, isApiConfig, protocolConfigString);
+
+    return errorCode;
+}
+
+QJsonObject VpnConfigurationsController::createVpnConfiguration(const QPair<QString, QString> &dns, const QJsonObject &serverConfig,
+                                                                const QJsonObject &containerConfig, const DockerContainer container,
+                                                                ErrorCode &errorCode)
+{
+    QJsonObject vpnConfiguration {};
+
+    if (ContainerProps::containerService(container) == ServiceType::Other) {
+        return vpnConfiguration;
+    }
+
+    bool isApiConfig = serverConfig.value(config_key::configVersion).toInt();
+
+    for (ProtocolEnumNS::Proto proto : ContainerProps::protocolsForContainer(container)) {
+        if (isApiConfig && container == DockerContainer::Cloak && proto == ProtocolEnumNS::Proto::ShadowSocks) {
+            continue;
+        }
+
+        QString protocolConfigString =
+                containerConfig.value(ProtocolProps::protoToString(proto)).toObject().value(config_key::last_config).toString();
+
+        auto configurator = createConfigurator(proto);
+        protocolConfigString = configurator->processConfigWithLocalSettings(dns, isApiConfig, protocolConfigString);
+
+        QJsonObject vpnConfigData = QJsonDocument::fromJson(protocolConfigString.toUtf8()).object();
+        vpnConfigData = QJsonDocument::fromJson(protocolConfigString.toUtf8()).object();
+        vpnConfiguration.insert(ProtocolProps::key_proto_config_data(proto), vpnConfigData);
+    }
+
+    Proto proto = ContainerProps::defaultProtocol(container);
+    vpnConfiguration[config_key::vpnproto] = ProtocolProps::protoToString(proto);
+
+    vpnConfiguration[config_key::dns1] = dns.first;
+    vpnConfiguration[config_key::dns2] = dns.second;
+
+    vpnConfiguration[config_key::hostName] = serverConfig.value(config_key::hostName).toString();
+    vpnConfiguration[config_key::description] = serverConfig.value(config_key::description).toString();
+
+    vpnConfiguration[config_key::configVersion] = serverConfig.value(config_key::configVersion).toInt();
+    // TODO: try to get hostName, port, description for 3rd party configs
+    // vpnConfiguration[config_key::port] = ...;
+
+    return vpnConfiguration;
+}
+
+void VpnConfigurationsController::updateContainerConfigAfterInstallation(const DockerContainer container, QJsonObject &containerConfig,
+                                                                         const QString &stdOut)
+{
+    Proto mainProto = ContainerProps::defaultProtocol(container);
+
+    if (container == DockerContainer::TorWebSite) {
+        QJsonObject protocol = containerConfig.value(ProtocolProps::protoToString(mainProto)).toObject();
+
+        qDebug() << "amnezia-tor onions" << stdOut;
+
+        QString onion = stdOut;
+        onion.replace("\n", "");
+        protocol.insert(config_key::site, onion);
+
+        containerConfig.insert(ProtocolProps::protoToString(mainProto), protocol);
+    }
+}

client/core/controllers/vpnConfigurationController.h

@@ -0,0 +1,36 @@
+#ifndef VPNCONFIGIRATIONSCONTROLLER_H
+#define VPNCONFIGIRATIONSCONTROLLER_H
+
+#include <QObject>
+
+#include "configurators/configurator_base.h"
+#include "containers/containers_defs.h"
+#include "core/defs.h"
+#include "settings.h"
+
+class VpnConfigurationsController : public QObject
+{
+    Q_OBJECT
+public:
+    explicit VpnConfigurationsController(const std::shared_ptr<Settings> &settings, QSharedPointer<ServerController> serverController, QObject *parent = nullptr);
+
+public slots:
+    ErrorCode createProtocolConfigForContainer(const ServerCredentials &credentials, const DockerContainer container,
+                                               QJsonObject &containerConfig);
+    ErrorCode createProtocolConfigString(const bool isApiConfig, const QPair<QString, QString> &dns, const ServerCredentials &credentials,
+                                         const DockerContainer container, const QJsonObject &containerConfig, const Proto protocol,
+                                         QString &protocolConfigString);
+    QJsonObject createVpnConfiguration(const QPair<QString, QString> &dns, const QJsonObject &serverConfig,
+                                       const QJsonObject &containerConfig, const DockerContainer container, ErrorCode &errorCode);
+
+    static void updateContainerConfigAfterInstallation(const DockerContainer container, QJsonObject &containerConfig, const QString &stdOut);
+signals:
+
+private:
+    QScopedPointer<ConfiguratorBase> createConfigurator(const Proto protocol);
+
+    std::shared_ptr<Settings> m_settings;
+    QSharedPointer<ServerController> m_serverController;
+};
+
+#endif // VPNCONFIGIRATIONSCONTROLLER_H

client/core/defs.h

@@ -22,12 +22,31 @@ namespace amnezia
         }
     };
 
-    enum ErrorCode {
+    struct InstalledAppInfo {
+        QString appName;
+        QString packageName;
+        QString appPath;
+
+        bool operator==(const InstalledAppInfo& other) const {
+            if (!packageName.isEmpty()) {
+                return packageName == other.packageName;
+            } else {
+                return appPath == other.appPath;
+            }
+        }
+    };
+
+    namespace error_code_ns
+    {
+      Q_NAMESPACE
+      // TODO: change to enum class
+      enum ErrorCode {
         // General error codes
         NoError = 0,
         UnknownError = 100,
         InternalError = 101,
         NotImplementedError = 102,
+        AmneziaServiceNotRunning = 103,
 
         // Server errors
         ServerCheckFailed = 200,
@@ -46,25 +65,12 @@ namespace amnezia
         SshPrivateKeyFormatError = 304,
         SshTimeoutError = 305,
 
-        // Ssh sftp errors
-        SshSftpEofError = 400,
-        SshSftpNoSuchFileError = 401,
-        SshSftpPermissionDeniedError = 402,
-        SshSftpFailureError = 403,
-        SshSftpBadMessageError = 404,
-        SshSftpNoConnectionError = 405,
-        SshSftpConnectionLostError = 406,
-        SshSftpOpUnsupportedError = 407,
-        SshSftpInvalidHandleError = 408,
-        SshSftpNoSuchPathError = 409,
-        SshSftpFileAlreadyExistsError = 410,
-        SshSftpWriteProtectError = 411,
-        SshSftpNoMediaError = 412,
+        // Ssh scp errors
+        SshScpFailureError = 400,
 
         // Local errors
         OpenVpnConfigMissing = 500,
         OpenVpnManagementServerError = 501,
-        ConfigMissing = 502,
 
         // Distro errors
         OpenVpnExecutableMissing = 600,
@@ -72,6 +78,8 @@ namespace amnezia
         CloakExecutableMissing = 602,
         AmneziaServiceConnectionFailed = 603,
         ExecutableMissing = 604,
+        XrayExecutableMissing = 605,
+        Tun2SockExecutableMissing = 606,
 
         // VPN errors
         OpenVpnAdaptersInUseError = 700,
@@ -83,6 +91,8 @@ namespace amnezia
         OpenSslFailed = 800,
         ShadowSocksExecutableCrashed = 801,
         CloakExecutableCrashed = 802,
+        XrayExecutableCrashed = 803,
+        Tun2SockExecutableCrashed = 804,
 
         // import and install errors
         ImportInvalidConfigError = 900,
@@ -92,8 +102,23 @@ namespace amnezia
 
         // Api errors
         ApiConfigDownloadError = 1100,
-        ApiConfigAlreadyAdded = 1101
-    };
+        ApiConfigAlreadyAdded = 1101,
+        ApiConfigEmptyError = 1102,
+        ApiConfigTimeoutError = 1103,
+        ApiConfigSslError = 1104,
+
+        // QFile errors
+        OpenError = 1200,
+        ReadError = 1201,
+        PermissionsError = 1202,
+        UnspecifiedError = 1203,
+        FatalError = 1204,
+        AbortError = 1205
+      };
+      Q_ENUM_NS(ErrorCode)
+    }
+
+    using ErrorCode = error_code_ns::ErrorCode;
 
 } // namespace amnezia
 

client/core/errorstrings.cpp

@@ -8,67 +8,68 @@ QString errorString(ErrorCode code) {
     switch (code) {
 
     // General error codes
-    case(NoError): errorMessage = QObject::tr("No error"); break;
-    case(UnknownError): errorMessage = QObject::tr("Unknown Error"); break;
-    case(NotImplementedError): errorMessage = QObject::tr("Function not implemented"); break;
+    case(ErrorCode::NoError): errorMessage = QObject::tr("No error"); break;
+    case(ErrorCode::UnknownError): errorMessage = QObject::tr("Unknown Error"); break;
+    case(ErrorCode::NotImplementedError): errorMessage = QObject::tr("Function not implemented"); break;
+    case(ErrorCode::AmneziaServiceNotRunning): errorMessage = QObject::tr("Background service is not running"); break;
 
     // Server errors
-    case(ServerCheckFailed): errorMessage = QObject::tr("Server check failed"); break;
-    case(ServerPortAlreadyAllocatedError): errorMessage = QObject::tr("Server port already used. Check for another software"); break;
-    case(ServerContainerMissingError): errorMessage = QObject::tr("Server error: Docker container missing"); break;
-    case(ServerDockerFailedError): errorMessage = QObject::tr("Server error: Docker failed"); break;
-    case(ServerCancelInstallation): errorMessage = QObject::tr("Installation canceled by user"); break;
-    case(ServerUserNotInSudo): errorMessage = QObject::tr("The user does not have permission to use sudo"); break;
+    case(ErrorCode::ServerCheckFailed): errorMessage = QObject::tr("Server check failed"); break;
+    case(ErrorCode::ServerPortAlreadyAllocatedError): errorMessage = QObject::tr("Server port already used. Check for another software"); break;
+    case(ErrorCode::ServerContainerMissingError): errorMessage = QObject::tr("Server error: Docker container missing"); break;
+    case(ErrorCode::ServerDockerFailedError): errorMessage = QObject::tr("Server error: Docker failed"); break;
+    case(ErrorCode::ServerCancelInstallation): errorMessage = QObject::tr("Installation canceled by user"); break;
+    case(ErrorCode::ServerUserNotInSudo): errorMessage = QObject::tr("The user does not have permission to use sudo"); break;
+    case(ErrorCode::ServerPacketManagerError): errorMessage = QObject::tr("Server error: Packet manager error"); break;
 
     // Libssh errors
-    case(SshRequestDeniedError): errorMessage = QObject::tr("Ssh request was denied"); break;
-    case(SshInterruptedError): errorMessage = QObject::tr("Ssh request was interrupted"); break;
-    case(SshInternalError): errorMessage = QObject::tr("Ssh internal error"); break;
-    case(SshPrivateKeyError): errorMessage = QObject::tr("Invalid private key or invalid passphrase entered"); break;
-    case(SshPrivateKeyFormatError): errorMessage = QObject::tr("The selected private key format is not supported, use openssh ED25519 key types or PEM key types"); break;
-    case(SshTimeoutError): errorMessage = QObject::tr("Timeout connecting to server"); break;
+    case(ErrorCode::SshRequestDeniedError): errorMessage = QObject::tr("Ssh request was denied"); break;
+    case(ErrorCode::SshInterruptedError): errorMessage = QObject::tr("Ssh request was interrupted"); break;
+    case(ErrorCode::SshInternalError): errorMessage = QObject::tr("Ssh internal error"); break;
+    case(ErrorCode::SshPrivateKeyError): errorMessage = QObject::tr("Invalid private key or invalid passphrase entered"); break;
+    case(ErrorCode::SshPrivateKeyFormatError): errorMessage = QObject::tr("The selected private key format is not supported, use openssh ED25519 key types or PEM key types"); break;
+    case(ErrorCode::SshTimeoutError): errorMessage = QObject::tr("Timeout connecting to server"); break;
 
-    // Libssh sftp errors
-    case(SshSftpEofError): errorMessage = QObject::tr("Sftp error: End-of-file encountered"); break;
-    case(SshSftpNoSuchFileError): errorMessage = QObject::tr("Sftp error: File does not exist"); break;
-    case(SshSftpPermissionDeniedError): errorMessage = QObject::tr("Sftp error: Permission denied"); break;
-    case(SshSftpFailureError): errorMessage = QObject::tr("Sftp error: Generic failure"); break;
-    case(SshSftpBadMessageError): errorMessage = QObject::tr("Sftp error: Garbage received from server"); break;
-    case(SshSftpNoConnectionError): errorMessage = QObject::tr("Sftp error: No connection has been set up"); break;
-    case(SshSftpConnectionLostError): errorMessage = QObject::tr("Sftp error: There was a connection, but we lost it"); break;
-    case(SshSftpOpUnsupportedError): errorMessage = QObject::tr("Sftp error: Operation not supported by libssh yet"); break;
-    case(SshSftpInvalidHandleError): errorMessage = QObject::tr("Sftp error: Invalid file handle"); break;
-    case(SshSftpNoSuchPathError): errorMessage = QObject::tr("Sftp error: No such file or directory path exists"); break;
-    case(SshSftpFileAlreadyExistsError): errorMessage = QObject::tr("Sftp error: An attempt to create an already existing file or directory has been made"); break;
-    case(SshSftpWriteProtectError): errorMessage = QObject::tr("Sftp error: Write-protected filesystem"); break;
-    case(SshSftpNoMediaError): errorMessage = QObject::tr("Sftp error: No media was in remote drive"); break;
+    // Ssh scp errors
+    case(ErrorCode::SshScpFailureError): errorMessage = QObject::tr("Scp error: Generic failure"); break;
 
     // Local errors
-    case (OpenVpnConfigMissing): errorMessage = QObject::tr("OpenVPN config missing"); break;
-    case (OpenVpnManagementServerError): errorMessage = QObject::tr("OpenVPN management server error"); break;
+    case (ErrorCode::OpenVpnConfigMissing): errorMessage = QObject::tr("OpenVPN config missing"); break;
+    case (ErrorCode::OpenVpnManagementServerError): errorMessage = QObject::tr("OpenVPN management server error"); break;
 
     // Distro errors
-    case (OpenVpnExecutableMissing): errorMessage = QObject::tr("OpenVPN executable missing"); break;
-    case (ShadowSocksExecutableMissing): errorMessage = QObject::tr("ShadowSocks (ss-local) executable missing"); break;
-    case (CloakExecutableMissing): errorMessage = QObject::tr("Cloak (ck-client) executable missing"); break;
-    case (AmneziaServiceConnectionFailed): errorMessage = QObject::tr("Amnezia helper service error"); break;
-    case (OpenSslFailed): errorMessage = QObject::tr("OpenSSL failed"); break;
+    case (ErrorCode::OpenVpnExecutableMissing): errorMessage = QObject::tr("OpenVPN executable missing"); break;
+    case (ErrorCode::ShadowSocksExecutableMissing): errorMessage = QObject::tr("ShadowSocks (ss-local) executable missing"); break;
+    case (ErrorCode::CloakExecutableMissing): errorMessage = QObject::tr("Cloak (ck-client) executable missing"); break;
+    case (ErrorCode::AmneziaServiceConnectionFailed): errorMessage = QObject::tr("Amnezia helper service error"); break;
+    case (ErrorCode::OpenSslFailed): errorMessage = QObject::tr("OpenSSL failed"); break;
 
     // VPN errors
-    case (OpenVpnAdaptersInUseError): errorMessage = QObject::tr("Can't connect: another VPN connection is active"); break;
-    case (OpenVpnTapAdapterError): errorMessage = QObject::tr("Can't setup OpenVPN TAP network adapter"); break;
-    case (AddressPoolError): errorMessage = QObject::tr("VPN pool error: no available addresses"); break;
+    case (ErrorCode::OpenVpnAdaptersInUseError): errorMessage = QObject::tr("Can't connect: another VPN connection is active"); break;
+    case (ErrorCode::OpenVpnTapAdapterError): errorMessage = QObject::tr("Can't setup OpenVPN TAP network adapter"); break;
+    case (ErrorCode::AddressPoolError): errorMessage = QObject::tr("VPN pool error: no available addresses"); break;
 
-    case (ImportInvalidConfigError): errorMessage = QObject::tr("The config does not contain any containers and credentials for connecting to the server"); break;
+    case (ErrorCode::ImportInvalidConfigError): errorMessage = QObject::tr("The config does not contain any containers and credentials for connecting to the server"); break;
 
     // Android errors
-    case (AndroidError): errorMessage = QObject::tr("VPN connection error"); break;
+    case (ErrorCode::AndroidError): errorMessage = QObject::tr("VPN connection error"); break;
 
     // Api errors
-    case (ApiConfigDownloadError): errorMessage = QObject::tr("Error when retrieving configuration from API"); break;
-    case (ApiConfigAlreadyAdded): errorMessage = QObject::tr("This config has already been added to the application"); break;
+    case (ErrorCode::ApiConfigDownloadError): errorMessage = QObject::tr("Error when retrieving configuration from API"); break;
+    case (ErrorCode::ApiConfigAlreadyAdded): errorMessage = QObject::tr("This config has already been added to the application"); break;
+    case (ErrorCode::ApiConfigEmptyError): errorMessage = QObject::tr("In the response from the server, an empty config was received"); break;
+    case (ErrorCode::ApiConfigSslError): errorMessage = QObject::tr("SSL error occurred"); break;
+    case (ErrorCode::ApiConfigTimeoutError): errorMessage = QObject::tr("Server response timeout on api request"); break;
+      
+    // QFile errors
+    case(ErrorCode::OpenError): errorMessage = QObject::tr("QFile error: The file could not be opened"); break;
+    case(ErrorCode::ReadError): errorMessage = QObject::tr("QFile error: An error occurred when reading from the file"); break;
+    case(ErrorCode::PermissionsError): errorMessage = QObject::tr("QFile error: The file could not be accessed"); break;
+    case(ErrorCode::UnspecifiedError): errorMessage =  QObject::tr("QFile error: An unspecified error occurred"); break;
+    case(ErrorCode::FatalError): errorMessage =  QObject::tr("QFile error: A fatal error occurred"); break;
+    case(ErrorCode::AbortError): errorMessage =  QObject::tr("QFile error: The operation was aborted"); break;
 
-    case(InternalError):
+    case(ErrorCode::InternalError):
     default:
         errorMessage = QObject::tr("Internal error"); break;
     }

client/core/installedAppsImageProvider.cpp

@@ -0,0 +1,12 @@
+#include "installedAppsImageProvider.h"
+
+#include "platforms/android/android_controller.h"
+
+InstalledAppsImageProvider::InstalledAppsImageProvider() : QQuickImageProvider(QQuickImageProvider::Pixmap)
+{
+}
+
+QPixmap InstalledAppsImageProvider::requestPixmap(const QString &id, QSize *size, const QSize &requestedSize)
+{
+    return AndroidController::instance()->getAppIcon(id, size, requestedSize);
+}

client/core/installedAppsImageProvider.h

@@ -0,0 +1,15 @@
+#ifndef INSTALLEDAPPSIMAGEPROVIDER_H
+#define INSTALLEDAPPSIMAGEPROVIDER_H
+
+#include <QObject>
+#include <QQuickImageProvider>
+
+class InstalledAppsImageProvider : public QQuickImageProvider
+{
+public:
+    InstalledAppsImageProvider();
+
+    QPixmap requestPixmap(const QString &id, QSize *size, const QSize &requestedSize) override;
+};
+
+#endif // INSTALLEDAPPSIMAGEPROVIDER_H

client/core/ipcclient.cpp

@@ -71,7 +71,7 @@ QSharedPointer<PrivilegedProcess> IpcClient::CreatePrivilegedProcess()
     }
 
     QRemoteObjectPendingReply<int> futureResult = Instance()->m_ipcClient->createPrivilegedProcess();
-    futureResult.waitForFinished(1000);
+    futureResult.waitForFinished(5000);
 
     int pid = futureResult.returnValue();
 

client/core/networkUtilities.cpp

@@ -0,0 +1,462 @@
+#include "networkUtilities.h"
+
+#ifdef Q_OS_WIN
+    #include <windows.h>
+    #include <Ipexport.h>
+    #include <Ws2tcpip.h>
+    #include <ws2ipdef.h>
+    #include <stdint.h>
+    #include <Iphlpapi.h>
+    #include <Iptypes.h>
+    #include <WinSock2.h>
+    #include <winsock.h>
+    #include <QNetworkInterface>
+    #include "qendian.h"
+#endif
+#ifdef Q_OS_LINUX
+    #include <arpa/inet.h>
+    #include <linux/netlink.h>
+    #include <linux/rtnetlink.h>
+    #include <net/if.h>
+    #include <sys/ioctl.h>
+    #include <sys/socket.h>
+    #include <unistd.h>
+#endif
+#if defined(Q_OS_MAC) && !defined(Q_OS_IOS)
+    #include <sys/param.h>
+    #include <sys/sysctl.h>
+    #include <sys/socket.h>
+    #include <netinet/in.h>
+    #include <arpa/inet.h>
+    #include <net/route.h>
+#endif
+
+#include <QHostAddress>
+#include <QHostInfo>
+
+QRegularExpression NetworkUtilities::ipAddressRegExp()
+{
+    return QRegularExpression("^((25[0-5]|(2[0-4]|1[0-9]|[1-9]|)[0-9])(\\.(?!$)|$)){4}$");
+}
+
+QRegularExpression NetworkUtilities::ipAddressPortRegExp()
+{
+    return QRegularExpression("^(?:(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])\\.){3}"
+                              "(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])(\\:[0-9]{1,5}){0,1}$");
+}
+
+QRegExp NetworkUtilities::ipAddressWithSubnetRegExp()
+{
+    return QRegExp("(?:(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])\\.){3}"
+                   "(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])(\\/[0-9]{1,2}){0,1}");
+}
+
+QRegExp NetworkUtilities::ipNetwork24RegExp()
+{
+    return QRegExp("^(?:(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])\\.){3}"
+                   "0$");
+}
+
+QRegExp NetworkUtilities::ipPortRegExp()
+{
+    return QRegExp("^()([1-9]|[1-5]?[0-9]{2,4}|6[1-4][0-9]{3}|65[1-4][0-9]{2}|655[1-2][0-9]|6553[1-5])$");
+}
+
+QRegExp NetworkUtilities::domainRegExp()
+{
+    return QRegExp("(((?!\\-))(xn\\-\\-)?[a-z0-9\\-_]{0,61}[a-z0-9]{1,1}\\.)*(xn\\-\\-)?([a-z0-9\\-]{1,61}|[a-z0-"
+                   "9\\-]{1,30})\\.[a-z]{2,}");
+}
+
+QString NetworkUtilities::netMaskFromIpWithSubnet(const QString ip)
+{
+    if (!ip.contains("/"))
+        return "255.255.255.255";
+
+    bool ok;
+    int prefix = ip.split("/").at(1).toInt(&ok);
+    if (!ok)
+        return "255.255.255.255";
+
+    unsigned long mask = (0xFFFFFFFF << (32 - prefix)) & 0xFFFFFFFF;
+
+    return QString("%1.%2.%3.%4").arg(mask >> 24).arg((mask >> 16) & 0xFF).arg((mask >> 8) & 0xFF).arg(mask & 0xFF);
+}
+
+QString NetworkUtilities::ipAddressFromIpWithSubnet(const QString ip)
+{
+    if (ip.count(".") != 3)
+        return "";
+    return ip.split("/").first();
+}
+
+QStringList NetworkUtilities::summarizeRoutes(const QStringList &ips, const QString cidr)
+{
+    //    QMap<int, int>
+    //    QHostAddress
+
+           //    QMap<QString, QStringList> subnets; // <"a.b", <list subnets>>
+
+           //    for (const QString &ip : ips) {
+           //        if (ip.count(".") != 3) continue;
+
+           //        const QStringList &parts = ip.split(".");
+           //        subnets[parts.at(0) + "." + parts.at(1)].append(ip);
+           //    }
+
+    return QStringList();
+}
+
+QString NetworkUtilities::getIPAddress(const QString &host)
+{
+    if (ipAddressRegExp().match(host).hasMatch()) {
+        return host;
+    }
+
+    QList<QHostAddress> addresses = QHostInfo::fromName(host).addresses();
+    if (!addresses.isEmpty()) {
+        return addresses.first().toString();
+    }
+    qDebug() << "Unable to resolve address for " << host;
+    return "";
+}
+
+QString NetworkUtilities::getStringBetween(const QString &s, const QString &a, const QString &b)
+{
+    int ap = s.indexOf(a), bp = s.indexOf(b, ap + a.length());
+    if (ap < 0 || bp < 0)
+        return QString();
+    ap += a.length();
+    if (bp - ap <= 0)
+        return QString();
+    return s.mid(ap, bp - ap).trimmed();
+}
+
+bool NetworkUtilities::checkIPv4Format(const QString &ip)
+{
+    if (ip.isEmpty())
+        return false;
+    int count = ip.count(".");
+    if (count != 3)
+        return false;
+
+    QHostAddress addr(ip);
+    return (addr.protocol() == QAbstractSocket::NetworkLayerProtocol::IPv4Protocol);
+}
+
+bool NetworkUtilities::checkIpSubnetFormat(const QString &ip)
+{
+    if (!ip.contains("/"))
+        return checkIPv4Format(ip);
+
+    QStringList parts = ip.split("/");
+    if (parts.size() != 2)
+        return false;
+
+    bool ok;
+    int subnet = parts.at(1).toInt(&ok);
+    if (subnet >= 0 && subnet <= 32 && ok)
+        return checkIPv4Format(parts.at(0));
+    else
+        return false;
+}
+
+// static
+int NetworkUtilities::AdapterIndexTo(const QHostAddress& dst) {
+#ifdef Q_OS_WIN
+    qDebug() << "Getting Current Internet Adapter that routes to"
+             << dst.toString();
+    quint32_be ipBigEndian;
+    quint32 ip = dst.toIPv4Address();
+    qToBigEndian(ip, &ipBigEndian);
+    _MIB_IPFORWARDROW routeInfo;
+    auto result = GetBestRoute(ipBigEndian, 0, &routeInfo);
+    if (result != NO_ERROR) {
+        return -1;
+    }
+    auto adapter =
+        QNetworkInterface::interfaceFromIndex(routeInfo.dwForwardIfIndex);
+    qDebug() << "Internet Adapter:" << adapter.name();
+    return routeInfo.dwForwardIfIndex;
+#endif
+    return 0;
+}
+
+#ifdef Q_OS_WIN
+DWORD GetAdaptersAddressesWrapper(const ULONG Family,
+                                  const ULONG Flags,
+                                  const PVOID Reserved,
+                                  _Out_ PIP_ADAPTER_ADDRESSES& pAdapterAddresses) {
+    DWORD dwRetVal = 0;
+    int iter = 0;
+    constexpr int max_iter = 3;
+    ULONG AdapterAddressesLen = 15000;
+    do {
+        // xassert2(pAdapterAddresses == nullptr);
+        pAdapterAddresses = (IP_ADAPTER_ADDRESSES*)malloc(AdapterAddressesLen);
+        if (pAdapterAddresses == nullptr) {
+            qDebug() << "can not malloc" << AdapterAddressesLen << "bytes";
+            return ERROR_OUTOFMEMORY;
+        }
+
+        dwRetVal = GetAdaptersAddresses(Family, Flags, NULL, pAdapterAddresses, &AdapterAddressesLen);
+
+        if (dwRetVal == ERROR_BUFFER_OVERFLOW) {
+            free(pAdapterAddresses);
+            pAdapterAddresses = nullptr;
+        } else {
+            break;
+        }
+
+        iter++;
+    } while ((dwRetVal == ERROR_BUFFER_OVERFLOW) && (iter < max_iter));
+
+    if (dwRetVal != NO_ERROR) {
+        qDebug() << "Family: " << Family << ", Flags: " << Flags << " AdapterAddressesLen: " << AdapterAddressesLen <<
+                ", dwRetVal:" << dwRetVal << ", iter: " << iter;
+        if (pAdapterAddresses) {
+            free(pAdapterAddresses);
+            pAdapterAddresses = nullptr;
+        }
+    }
+
+    return dwRetVal;
+}
+#endif
+
+QString NetworkUtilities::getGatewayAndIface()
+{
+#ifdef Q_OS_WIN
+    constexpr int BUFF_LEN = 100;
+    char buff[BUFF_LEN] = {'\0'};
+    QString result;
+
+    PIP_ADAPTER_ADDRESSES pAdapterAddresses = nullptr;
+    DWORD dwRetVal =
+            GetAdaptersAddressesWrapper(AF_INET, GAA_FLAG_INCLUDE_GATEWAYS, NULL, pAdapterAddresses);
+
+    if (dwRetVal != NO_ERROR) {
+        qDebug() << "ipv4 stack detect GetAdaptersAddresses failed.";
+        return "";
+    }
+
+    PIP_ADAPTER_ADDRESSES pCurAddress = pAdapterAddresses;
+    while (pCurAddress) {
+        PIP_ADAPTER_GATEWAY_ADDRESS_LH gateway = pCurAddress->FirstGatewayAddress;
+        if (gateway) {
+            SOCKET_ADDRESS gateway_address = gateway->Address;
+            if (gateway->Address.lpSockaddr->sa_family == AF_INET) {
+                sockaddr_in* sa_in = (sockaddr_in*)gateway->Address.lpSockaddr;
+                QString gw = inet_ntop(AF_INET, &(sa_in->sin_addr), buff, BUFF_LEN);
+                qDebug() <<  "gateway IPV4:" << gw;
+                struct sockaddr_in addr;
+                if (inet_pton(AF_INET, buff, &addr.sin_addr) == 1) {
+                    qDebug() <<  "this is true v4 !";
+                    result = gw;
+                }
+            }
+        }
+        pCurAddress = pCurAddress->Next;
+    }
+
+    free(pAdapterAddresses);
+    return result;
+#endif
+#ifdef Q_OS_LINUX
+    constexpr int BUFFER_SIZE = 100;
+    int     received_bytes = 0, msg_len = 0, route_attribute_len = 0;
+    int     sock = -1, msgseq = 0;
+    struct  nlmsghdr *nlh, *nlmsg;
+    struct  rtmsg *route_entry;
+    // This struct contain route attributes (route type)
+    struct  rtattr *route_attribute;
+    char    gateway_address[INET_ADDRSTRLEN], interface[IF_NAMESIZE];
+    char    msgbuf[BUFFER_SIZE], buffer[BUFFER_SIZE];
+    char    *ptr = buffer;
+    struct timeval tv;
+
+    if ((sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE)) < 0) {
+        perror("socket failed");
+        return "";
+    }
+
+    memset(msgbuf, 0, sizeof(msgbuf));
+    memset(gateway_address, 0, sizeof(gateway_address));
+    memset(interface, 0, sizeof(interface));
+    memset(buffer, 0, sizeof(buffer));
+
+    /* point the header and the msg structure pointers into the buffer */
+    nlmsg = (struct nlmsghdr *)msgbuf;
+
+    /* Fill in the nlmsg header*/
+    nlmsg->nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg));
+    nlmsg->nlmsg_type = RTM_GETROUTE; // Get the routes from kernel routing table .
+    nlmsg->nlmsg_flags = NLM_F_DUMP | NLM_F_REQUEST; // The message is a request for dump.
+    nlmsg->nlmsg_seq = msgseq++; // Sequence of the message packet.
+    nlmsg->nlmsg_pid = getpid(); // PID of process sending the request.
+
+    /* 1 Sec Timeout to avoid stall */
+    tv.tv_sec = 1;
+    setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, (struct timeval *)&tv, sizeof(struct timeval));
+    /* send msg */
+    if (send(sock, nlmsg, nlmsg->nlmsg_len, 0) < 0) {
+        perror("send failed");
+        return "";
+    }
+
+    /* receive response */
+    do
+    {
+        received_bytes = recv(sock, ptr, sizeof(buffer) - msg_len, 0);
+        if (received_bytes < 0) {
+            perror("Error in recv");
+            return "";
+        }
+
+        nlh = (struct nlmsghdr *) ptr;
+
+        /* Check if the header is valid */
+        if((NLMSG_OK(nlmsg, received_bytes) == 0) ||
+            (nlmsg->nlmsg_type == NLMSG_ERROR))
+        {
+            perror("Error in received packet");
+            return "";
+        }
+
+        /* If we received all data break */
+        if (nlh->nlmsg_type == NLMSG_DONE)
+            break;
+        else {
+            ptr += received_bytes;
+            msg_len += received_bytes;
+        }
+
+        /* Break if its not a multi part message */
+        if ((nlmsg->nlmsg_flags & NLM_F_MULTI) == 0)
+            break;
+    }
+    while ((nlmsg->nlmsg_seq != msgseq) || (nlmsg->nlmsg_pid != getpid()));
+
+    /* parse response */
+    for ( ; NLMSG_OK(nlh, received_bytes); nlh = NLMSG_NEXT(nlh, received_bytes))
+    {
+        /* Get the route data */
+        route_entry = (struct rtmsg *) NLMSG_DATA(nlh);
+
+        /* We are just interested in main routing table */
+        if (route_entry->rtm_table != RT_TABLE_MAIN)
+            continue;
+
+        route_attribute = (struct rtattr *) RTM_RTA(route_entry);
+        route_attribute_len = RTM_PAYLOAD(nlh);
+
+        /* Loop through all attributes */
+        for ( ; RTA_OK(route_attribute, route_attribute_len);
+             route_attribute = RTA_NEXT(route_attribute, route_attribute_len))
+        {
+            switch(route_attribute->rta_type) {
+            case RTA_OIF:
+                if_indextoname(*(int *)RTA_DATA(route_attribute), interface);
+                break;
+            case RTA_GATEWAY:
+                inet_ntop(AF_INET, RTA_DATA(route_attribute),
+                          gateway_address, sizeof(gateway_address));
+                break;
+            default:
+                break;
+            }
+        }
+
+        if ((*gateway_address) && (*interface)) {
+            qDebug() << "Gateway " << gateway_address << " for interface " << interface;
+            break;
+        }
+    }
+    close(sock);
+    return gateway_address;
+#endif
+#if defined(Q_OS_MAC) && !defined(Q_OS_IOS)
+    QString gateway;
+    int mib[] = {CTL_NET, PF_ROUTE, 0, 0, NET_RT_FLAGS, RTF_GATEWAY};
+    int afinet_type[] = {AF_INET, AF_INET6};
+
+    for (int ip_type = 0; ip_type <= 1; ip_type++)
+    {
+        mib[3] = afinet_type[ip_type];
+
+        size_t needed = 0;
+        if (sysctl(mib, sizeof(mib) / sizeof(int), nullptr, &needed, nullptr, 0) < 0)
+            return "";
+
+        char* buf;
+        if ((buf = new char[needed]) == 0)
+            return "";
+
+        if (sysctl(mib, sizeof(mib) / sizeof(int), buf, &needed, nullptr, 0) < 0)
+        {
+            qDebug() << "sysctl: net.route.0.0.dump";
+            delete[] buf;
+            return gateway;
+        }
+
+        struct rt_msghdr* rt;
+        for (char* p = buf; p < buf + needed; p += rt->rtm_msglen)
+        {
+            rt = reinterpret_cast<struct rt_msghdr*>(p);
+            struct sockaddr* sa = reinterpret_cast<struct sockaddr*>(rt + 1);
+            struct sockaddr* sa_tab[RTAX_MAX];
+            for (int i = 0; i < RTAX_MAX; i++)
+            {
+                if (rt->rtm_addrs & (1 << i))
+                {
+                    sa_tab[i] = sa;
+                    sa = reinterpret_cast<struct sockaddr*>(
+                            reinterpret_cast<char*>(sa) +
+                            ((sa->sa_len) > 0 ? (1 + (((sa->sa_len) - 1) | (sizeof(long) - 1))) : sizeof(long)));
+                }
+                else
+                {
+                    sa_tab[i] = nullptr;
+                }
+            }
+
+            if (((rt->rtm_addrs & (RTA_DST | RTA_GATEWAY)) == (RTA_DST | RTA_GATEWAY)) &&
+                sa_tab[RTAX_DST]->sa_family == afinet_type[ip_type] &&
+                sa_tab[RTAX_GATEWAY]->sa_family == afinet_type[ip_type])
+            {
+                if (afinet_type[ip_type] == AF_INET)
+                {
+                    if ((reinterpret_cast<struct sockaddr_in*>(sa_tab[RTAX_DST]))->sin_addr.s_addr == 0)
+                    {
+                        char dstStr4[INET_ADDRSTRLEN];
+                        char srcStr4[INET_ADDRSTRLEN];
+                        memcpy(srcStr4,
+                               &(reinterpret_cast<struct sockaddr_in*>(sa_tab[RTAX_GATEWAY]))->sin_addr,
+                               sizeof(struct in_addr));
+                        if (inet_ntop(AF_INET, srcStr4, dstStr4, INET_ADDRSTRLEN) != nullptr)
+                            gateway = dstStr4;
+                        break;
+                    }
+                }
+                else if (afinet_type[ip_type] == AF_INET6)
+                {
+                    if ((reinterpret_cast<struct sockaddr_in*>(sa_tab[RTAX_DST]))->sin_addr.s_addr == 0)
+                    {
+                        char dstStr6[INET6_ADDRSTRLEN];
+                        char srcStr6[INET6_ADDRSTRLEN];
+                        memcpy(srcStr6,
+                               &(reinterpret_cast<struct sockaddr_in6*>(sa_tab[RTAX_GATEWAY]))->sin6_addr,
+                               sizeof(struct in6_addr));
+                        if (inet_ntop(AF_INET6, srcStr6, dstStr6, INET6_ADDRSTRLEN) != nullptr)
+                            gateway = dstStr6;
+                        break;
+                    }
+                }
+            }
+        }
+        free(buf);
+    }
+
+    return gateway;
+#endif
+}

client/core/networkUtilities.h

@@ -0,0 +1,36 @@
+#ifndef NETWORKUTILITIES_H
+#define NETWORKUTILITIES_H
+
+#include <QRegularExpression>
+#include <QRegExp>
+#include <QString>
+#include <QHostAddress>
+
+
+class NetworkUtilities : public QObject
+{
+    Q_OBJECT
+public:
+    static QString getIPAddress(const QString &host);
+    static QString getStringBetween(const QString &s, const QString &a, const QString &b);
+    static bool checkIPv4Format(const QString &ip);
+    static bool checkIpSubnetFormat(const QString &ip);
+    static QString getGatewayAndIface();
+    // Returns the Interface Index that could Route to dst
+    static int AdapterIndexTo(const QHostAddress& dst);
+
+    static QRegularExpression ipAddressRegExp();
+    static QRegularExpression ipAddressPortRegExp();
+    static QRegExp ipAddressWithSubnetRegExp();
+    static QRegExp ipNetwork24RegExp();
+    static QRegExp ipPortRegExp();
+    static QRegExp domainRegExp();
+
+    static QString netMaskFromIpWithSubnet(const QString ip);
+    static QString ipAddressFromIpWithSubnet(const QString ip);
+
+    static QStringList summarizeRoutes(const QStringList &ips, const QString cidr);
+
+};
+
+#endif // NETWORKUTILITIES_H

client/core/scripts_registry.cpp

@@ -13,11 +13,12 @@ QString amnezia::scriptFolder(amnezia::DockerContainer container)
     case DockerContainer::WireGuard: return QLatin1String("wireguard");
     case DockerContainer::Awg: return QLatin1String("awg");
     case DockerContainer::Ipsec: return QLatin1String("ipsec");
+    case DockerContainer::Xray: return QLatin1String("xray");
 
     case DockerContainer::TorWebSite: return QLatin1String("website_tor");
     case DockerContainer::Dns: return QLatin1String("dns");
     case DockerContainer::Sftp: return QLatin1String("sftp");
-    default: return "";
+    default: return QString();
     }
 }
 
@@ -47,6 +48,7 @@ QString amnezia::scriptName(ProtocolScriptType type)
     case ProtocolScriptType::openvpn_template: return QLatin1String("template.ovpn");
     case ProtocolScriptType::wireguard_template: return QLatin1String("template.conf");
     case ProtocolScriptType::awg_template: return QLatin1String("template.conf");
+    case ProtocolScriptType::xray_template: return QLatin1String("template.json");
     default: return QString();
     }
 }

client/core/scripts_registry.h

@@ -27,7 +27,8 @@ enum ProtocolScriptType {
     container_startup,
     openvpn_template,
     wireguard_template,
-    awg_template
+    awg_template,
+    xray_template
 };
 
 

client/core/sshclient.cpp

@@ -10,16 +10,10 @@ const uint32_t S_IRWXU = 0644;
 #endif
 
 namespace libssh {
-    const QString libsshTimeoutError = "Timeout connecting to";
+    constexpr auto libsshTimeoutError{"Timeout connecting to"};
 
     std::function<QString()> Client::m_passphraseCallback;
 
-    Client::Client(QObject *parent) : QObject(parent)
-    { }
-
-    Client::~Client()
-    { }
-
     int Client::callback(const char *prompt, char *buf, size_t len, int echo, int verify, void *userdata)
     {
         auto passphrase = m_passphraseCallback();
@@ -29,6 +23,13 @@ namespace libssh {
 
     ErrorCode Client::connectToHost(const ServerCredentials &credentials)
     {
+        if (m_session != nullptr) {
+            if (!ssh_is_connected(m_session)) {
+                ssh_free(m_session);
+                m_session = nullptr;
+            }
+        }
+
         if (m_session == nullptr) {
             m_session = ssh_new();
 
@@ -171,13 +172,13 @@ namespace libssh {
                     return ErrorCode::NoError;
                 };
 
-                auto error = readOutput(false);
-                if (error != ErrorCode::NoError) {
-                    return error;
+                auto errorCode = readOutput(false);
+                if (errorCode != ErrorCode::NoError) {
+                    return errorCode;
                 }
-                error = readOutput(true);
-                if (error != ErrorCode::NoError) {
-                    return error;
+                errorCode = readOutput(true);
+                if (errorCode != ErrorCode::NoError) {
+                    return errorCode;
                 }
             } else {
                 return closeChannel();
@@ -222,102 +223,79 @@ namespace libssh {
         return fromLibsshErrorCode();
     }
 
-    ErrorCode Client::sftpFileCopy(const SftpOverwriteMode overwriteMode, const std::string& localPath, const std::string& remotePath, const std::string& fileDesc)
+    ErrorCode Client::scpFileCopy(const ScpOverwriteMode overwriteMode, const QString& localPath, const QString& remotePath, const QString &fileDesc)
     {
-        m_sftpSession = sftp_new(m_session);
+        m_scpSession = ssh_scp_new(m_session, SSH_SCP_WRITE, remotePath.toStdString().c_str());
 
-        if (m_sftpSession == nullptr) {
-            return closeSftpSession();
+        if (m_scpSession == nullptr) {
+            return fromLibsshErrorCode();
         }
 
-        int result = sftp_init(m_sftpSession);
-
-        if (result != SSH_OK) {
-            return closeSftpSession();
+        if (ssh_scp_init(m_scpSession) != SSH_OK) {
+            auto errorCode = fromLibsshErrorCode();
+            closeScpSession();
+            return errorCode;
         }
 
         QFutureWatcher<ErrorCode> watcher;
-        connect(&watcher, &QFutureWatcher<ErrorCode>::finished, this, &Client::sftpFileCopyFinished);
-
+        connect(&watcher, &QFutureWatcher<ErrorCode>::finished, this, &Client::scpFileCopyFinished);
         QFuture<ErrorCode> future = QtConcurrent::run([this, overwriteMode, &localPath, &remotePath, &fileDesc]() {
-            int accessType = O_WRONLY | O_CREAT | overwriteMode;
-            sftp_file file;
-            const size_t bufferSize = 16384;
-            char buffer[bufferSize];
+            const int accessType = O_WRONLY | O_CREAT | overwriteMode;
+            const int localFileSize = QFileInfo(localPath).size();
 
-            file = sftp_open(m_sftpSession, remotePath.c_str(), accessType, S_IRWXU);
-
-            if (file == nullptr) {
-                return closeSftpSession();
+            int result = ssh_scp_push_file(m_scpSession, remotePath.toStdString().c_str(), localFileSize, accessType);
+            if (result != SSH_OK) {
+                return fromLibsshErrorCode();
             }
 
-            int localFileSize = std::filesystem::file_size(localPath);
-            int chunksCount = localFileSize / (bufferSize);
+            QFile fin(localPath);
 
-            std::ifstream fin(localPath, std::ios::binary | std::ios::in);
+            if (fin.open(QIODevice::ReadOnly)) {
+                constexpr size_t bufferSize = 16384;
+                int transferred = 0;
+                int currentChunkSize = bufferSize;
 
-            if (fin.is_open()) {
-                for (int currentChunkId = 0; currentChunkId < chunksCount; currentChunkId++) {
-                    fin.read(buffer, bufferSize);
+                while (transferred < localFileSize) {
 
-                    int bytesWritten = sftp_write(file, buffer, bufferSize);
-
-                    std::string chunk(buffer, bufferSize);
-
-                    if (bytesWritten != bufferSize) {
-                        fin.close();
-                        sftp_close(file);
-                        return closeSftpSession();
+                    // Last Chunk
+                    if ((localFileSize - transferred) < bufferSize) {
+                        currentChunkSize = localFileSize % bufferSize;
                     }
-                }
 
-                int lastChunkSize = localFileSize % (bufferSize);
-
-                if (lastChunkSize != 0) {
-                    fin.read(buffer, lastChunkSize);
-
-                    std::string chunk(buffer, lastChunkSize);
-
-                    int bytesWritten = sftp_write(file, buffer, lastChunkSize);
-
-                    if (bytesWritten != lastChunkSize) {
-                        fin.close();
-                        sftp_close(file);
-                        return closeSftpSession();
+                    QByteArray chunk = fin.read(currentChunkSize);
+                    if (chunk.size() != currentChunkSize) {
+                        return fromFileErrorCode(fin.error());
                     }
+
+                    result = ssh_scp_write(m_scpSession, chunk.data(), chunk.size());
+                    if (result != SSH_OK) {
+                        return fromLibsshErrorCode();
+                    }
+
+                    transferred += currentChunkSize;
                 }
             } else {
-                sftp_close(file);
-                return closeSftpSession();
+                return fromFileErrorCode(fin.error());
             }
 
-            fin.close();
-
-            int result = sftp_close(file);
-            if (result != SSH_OK) {
-                return closeSftpSession();
-            }
-
-            return closeSftpSession();
+            return ErrorCode::NoError;
         });
         watcher.setFuture(future);
 
         QEventLoop wait;
-        QObject::connect(this, &Client::sftpFileCopyFinished, &wait, &QEventLoop::quit);
+        QObject::connect(this, &Client::scpFileCopyFinished, &wait, &QEventLoop::quit);
         wait.exec();
 
+        closeScpSession();
         return watcher.result();
     }
 
-    ErrorCode Client::closeSftpSession()
+    void Client::closeScpSession()
     {
-        auto errorCode = fromLibsshSftpErrorCode(sftp_get_error(m_sftpSession));
-        if (m_sftpSession != nullptr) {
-            sftp_free(m_sftpSession);
-            m_sftpSession = nullptr;
+        if (m_scpSession != nullptr) {
+            ssh_scp_free(m_scpSession);
+            m_scpSession = nullptr;
         }
-        qCritical() << ssh_get_error(m_session);
-        return errorCode;
     }
 
     ErrorCode Client::fromLibsshErrorCode()
@@ -339,24 +317,17 @@ namespace libssh {
         default: return ErrorCode::SshInternalError;
         }
     }
-    ErrorCode Client::fromLibsshSftpErrorCode(int errorCode)
+
+    ErrorCode Client::fromFileErrorCode(QFileDevice::FileError fileError)
     {
-        switch (errorCode) {
-        case(SSH_FX_OK): return ErrorCode::NoError;
-        case(SSH_FX_EOF): return ErrorCode::SshSftpEofError;
-        case(SSH_FX_NO_SUCH_FILE): return ErrorCode::SshSftpNoSuchFileError;
-        case(SSH_FX_PERMISSION_DENIED): return ErrorCode::SshSftpPermissionDeniedError;
-        case(SSH_FX_FAILURE): return ErrorCode::SshSftpFailureError;
-        case(SSH_FX_BAD_MESSAGE): return ErrorCode::SshSftpBadMessageError;
-        case(SSH_FX_NO_CONNECTION): return ErrorCode::SshSftpNoConnectionError;
-        case(SSH_FX_CONNECTION_LOST): return ErrorCode::SshSftpConnectionLostError;
-        case(SSH_FX_OP_UNSUPPORTED): return ErrorCode::SshSftpOpUnsupportedError;
-        case(SSH_FX_INVALID_HANDLE): return ErrorCode::SshSftpInvalidHandleError;
-        case(SSH_FX_NO_SUCH_PATH): return ErrorCode::SshSftpNoSuchPathError;
-        case(SSH_FX_FILE_ALREADY_EXISTS): return ErrorCode::SshSftpFileAlreadyExistsError;
-        case(SSH_FX_WRITE_PROTECT): return ErrorCode::SshSftpWriteProtectError;
-        case(SSH_FX_NO_MEDIA): return ErrorCode::SshSftpNoMediaError;
-        default: return ErrorCode::SshSftpFailureError;
+        switch (fileError) {
+        case QFileDevice::NoError: return ErrorCode::NoError;
+        case QFileDevice::ReadError: return ErrorCode::ReadError;
+        case QFileDevice::OpenError: return ErrorCode::OpenError;
+        case QFileDevice::PermissionsError: return ErrorCode::PermissionsError;
+        case QFileDevice::FatalError: return ErrorCode::FatalError;
+        case QFileDevice::AbortError: return ErrorCode::AbortError;
+        default: return ErrorCode::UnspecifiedError;
         }
     }
 

client/core/sshclient.h

@@ -2,29 +2,29 @@
 #define SSHCLIENT_H
 
 #include <QObject>
+#include <QFile>
 
 #include <fcntl.h>
 
 #include <libssh/libssh.h>
-#include <libssh/sftp.h>
 
 #include "defs.h"
 
 using namespace amnezia;
 
 namespace libssh {
-    enum SftpOverwriteMode {
+    enum ScpOverwriteMode {
         /*! Overwrite any existing files */
-        SftpOverwriteExisting = O_TRUNC,
+        ScpOverwriteExisting = O_TRUNC,
         /*! Append new content if the file already exists */
-        SftpAppendToExisting = O_APPEND
+        ScpAppendToExisting = O_APPEND
     };
     class Client : public QObject
     {
         Q_OBJECT
     public:
-        Client(QObject *parent = nullptr);
-        ~Client();
+        Client() = default;
+        ~Client() = default;
 
         ErrorCode connectToHost(const ServerCredentials &credentials);
         void disconnectFromHost();
@@ -32,26 +32,26 @@ namespace libssh {
                                  const std::function<ErrorCode (const QString &, Client &)> &cbReadStdOut,
                                  const std::function<ErrorCode (const QString &, Client &)> &cbReadStdErr);
         ErrorCode writeResponse(const QString &data);
-        ErrorCode sftpFileCopy(const SftpOverwriteMode overwriteMode,
-                               const std::string& localPath,
-                               const std::string& remotePath,
-                               const std::string& fileDesc);
+        ErrorCode scpFileCopy(const ScpOverwriteMode overwriteMode,
+                               const QString &localPath,
+                               const QString &remotePath,
+                               const QString &fileDesc);
         ErrorCode getDecryptedPrivateKey(const ServerCredentials &credentials, QString &decryptedPrivateKey, const std::function<QString()> &passphraseCallback);
     private:
         ErrorCode closeChannel();
-        ErrorCode closeSftpSession();
+        void closeScpSession();
         ErrorCode fromLibsshErrorCode();
-        ErrorCode fromLibsshSftpErrorCode(int errorCode);
+        ErrorCode fromFileErrorCode(QFileDevice::FileError fileError);
         static int callback(const char *prompt, char *buf, size_t len, int echo, int verify, void *userdata);
 
         ssh_session m_session = nullptr;
         ssh_channel m_channel = nullptr;
-        sftp_session m_sftpSession = nullptr;
+        ssh_scp m_scpSession = nullptr;
 
         static std::function<QString()> m_passphraseCallback;
     signals:
         void writeToChannelFinished();
-        void sftpFileCopyFinished();
+        void scpFileCopyFinished();
     };
 }
 

client/daemon/daemon.cpp

@@ -248,9 +248,23 @@ bool Daemon::parseConfig(const QJsonObject& obj, InterfaceConfig& config) {
 
   GETVALUE("privateKey", config.m_privateKey, String);
   GETVALUE("serverPublicKey", config.m_serverPublicKey, String);
-  GETVALUE("serverPskKey", config.m_serverPskKey, String);
   GETVALUE("serverPort", config.m_serverPort, Double);
 
+  config.m_serverPskKey = obj.value("serverPskKey").toString();
+
+  if (!obj.contains("deviceMTU") || obj.value("deviceMTU").toString().toInt() == 0)
+  {
+    config.m_deviceMTU = 1420;
+  } else {
+    config.m_deviceMTU = obj.value("deviceMTU").toString().toInt();
+#ifdef Q_OS_WINDOWS
+// For Windows min MTU value is 1280 (the smallest MTU legal with IPv6).
+    if (config.m_deviceMTU < 1280) {
+      config.m_deviceMTU = 1280;
+    }
+#endif
+  }
+
   config.m_deviceIpv4Address = obj.value("deviceIpv4Address").toString();
   config.m_deviceIpv6Address = obj.value("deviceIpv6Address").toString();
   if (config.m_deviceIpv4Address.isNull() &&
@@ -360,19 +374,33 @@ bool Daemon::parseConfig(const QJsonObject& obj, InterfaceConfig& config) {
     return false;
   }
 
-  if (!obj.value("Jc").isNull() && !obj.value("Jmin").isNull() 
-  && !obj.value("Jmax").isNull() && !obj.value("S1").isNull() 
-  && !obj.value("S2").isNull() && !obj.value("H1").isNull() 
-  && !obj.value("H2").isNull() && !obj.value("H3").isNull() 
-  && !obj.value("H4").isNull()) {
+  config.m_killSwitchEnabled = QVariant(obj.value("killSwitchOption").toString()).toBool();
+
+  if (!obj.value("Jc").isNull()) {
     config.m_junkPacketCount = obj.value("Jc").toString();
+  }
+  if (!obj.value("Jmin").isNull()) {
     config.m_junkPacketMinSize = obj.value("Jmin").toString();
+  }
+  if (!obj.value("Jmax").isNull()) {
     config.m_junkPacketMaxSize = obj.value("Jmax").toString();
+  }
+  if (!obj.value("S1").isNull()) {
     config.m_initPacketJunkSize = obj.value("S1").toString();
+  }
+  if (!obj.value("S2").isNull()) {
     config.m_responsePacketJunkSize = obj.value("S2").toString();
+  }
+  if (!obj.value("H1").isNull()) {
     config.m_initPacketMagicHeader = obj.value("H1").toString();
+  }
+  if (!obj.value("H2").isNull()) {
     config.m_responsePacketMagicHeader = obj.value("H2").toString();
+  }
+  if (!obj.value("H3").isNull()) {
     config.m_underloadPacketMagicHeader = obj.value("H3").toString();
+  }
+  if (!obj.value("H4").isNull()) {
     config.m_transportPacketMagicHeader = obj.value("H4").toString();
   }
 

client/daemon/daemon.h

@@ -35,8 +35,10 @@ class Daemon : public QObject {
   virtual QJsonObject getStatus();
 
   // Callback before any Activating measure is done
-  virtual void prepareActivation(const InterfaceConfig& config){
-      Q_UNUSED(config)};
+  virtual void prepareActivation(const InterfaceConfig& config, int inetAdapterIndex = 0) {
+      Q_UNUSED(config)  };
+  virtual void activateSplitTunnel(const InterfaceConfig& config, int vpnAdapterIndex = 0) {
+      Q_UNUSED(config)  };
 
   QString logs();
   void cleanLogs();

client/daemon/interfaceconfig.cpp

@@ -23,6 +23,7 @@ QJsonObject InterfaceConfig::toJson() const {
   json.insert("serverIpv4AddrIn", QJsonValue(m_serverIpv4AddrIn));
   json.insert("serverIpv6AddrIn", QJsonValue(m_serverIpv6AddrIn));
   json.insert("serverPort", QJsonValue((double)m_serverPort));
+  json.insert("deviceMTU", QJsonValue(m_deviceMTU));
   if ((m_hopType == InterfaceConfig::MultiHopExit) ||
       (m_hopType == InterfaceConfig::SingleHop)) {
     json.insert("serverIpv4Gateway", QJsonValue(m_serverIpv4Gateway));
@@ -85,8 +86,13 @@ QString InterfaceConfig::toWgConf(const QMap<QString, QString>& extra) const {
   if (addresses.isEmpty()) {
     return "";
   }
+
   out << "Address = " << addresses.join(", ") << "\n";
 
+  if (m_deviceMTU) {
+    out << "MTU = " << m_deviceMTU << "\n";
+  }
+
   if (!m_dnsServer.isNull()) {
     QStringList dnsServers(m_dnsServer);
     // If the DNS is not the Gateway, it's a user defined DNS

client/daemon/interfaceconfig.h

@@ -33,9 +33,11 @@ class InterfaceConfig {
   QString m_serverIpv6AddrIn;
   QString m_dnsServer;
   int m_serverPort = 0;
+  int m_deviceMTU = 1420;
   QList<IPAddress> m_allowedIPAddressRanges;
   QStringList m_excludedAddresses;
   QStringList m_vpnDisabledApps;
+  bool m_killSwitchEnabled;
 #if defined(MZ_ANDROID) || defined(MZ_IOS)
   QString m_installationId;
 #endif

client/images/controls/alert-circle.svg

@@ -0,0 +1,5 @@
+<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M12 22C17.5228 22 22 17.5228 22 12C22 6.47715 17.5228 2 12 2C6.47715 2 2 6.47715 2 12C2 17.5228 6.47715 22 12 22Z" stroke="#D7D8DB" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M12 8V12" stroke="#D7D8DB" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M12 16H12.01" stroke="#D7D8DB" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+</svg>

client/images/controls/file-check-2.svg

@@ -0,0 +1,5 @@
+<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M4 22H18C18.5304 22 19.0391 21.7893 19.4142 21.4142C19.7893 21.0391 20 20.5304 20 20V7.5L14.5 2H6C5.46957 2 4.96086 2.21071 4.58579 2.58579C4.21071 2.96086 4 3.46957 4 4V8" stroke="#D7D8DB" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M14 2V8H20" stroke="#D7D8DB" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M3 15L5 17L9 13" stroke="#D7D8DB" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+</svg>

client/images/controls/split-tunneling.svg

@@ -0,0 +1,6 @@
+<svg width="19" height="18" viewBox="0 0 19 18" fill="none" xmlns="http://www.w3.org/2000/svg">
+<rect x="0.5" width="18" height="18" rx="5" fill="white"/>
+<path d="M8.49219 13.5L8.49219 9.44141L14.0191 4.99484" stroke="#0E0E11" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M4.47363 5.49805L6.98828 8.0127" stroke="#0E0E11" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M14.4727 9.5L14.4727 4.5033L9.50195 4.5033" stroke="#0E0E11" stroke-linecap="round" stroke-linejoin="round"/>
+</svg>

client/ios/app/Info.plist.in

@@ -51,6 +51,13 @@
 	<true/>
 	<key>NSCameraUsageDescription</key>
 	<string>Amnezia VPN needs access to the camera for reading QR-codes.</string>
+	<key>NSAppTransportSecurity</key>
+	<dict>
+		<key>NSAllowsArbitraryLoads</key>
+		<false/>
+		<key>NSAllowsLocalNetworking</key>
+		<true/>
+	</dict>
 	<key>CFBundleIcons</key>
         <dict/>
         <key>CFBundleIcons~ipad</key>