changing stdErr to stdOut

Adding error handling in the server controller for:
Sudo package is not pre-installed for sudo users.
Server user or associated group is not listed in the sudoers file.
Server user password required

.github/workflows/deploy.yml

@@ -16,6 +16,10 @@ jobs:
       QT_VERSION: 6.6.2
       QIF_VERSION: 4.7
       PROD_AGW_PUBLIC_KEY: ${{ secrets.PROD_AGW_PUBLIC_KEY }}
+      PROD_S3_ENDPOINT: ${{ secrets.PROD_S3_ENDPOINT }}
+      DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }}
+      DEV_AGW_ENDPOINT: ${{ secrets.DEV_AGW_ENDPOINT }}
+      DEV_S3_ENDPOINT: ${{ secrets.DEV_S3_ENDPOINT }}
 
     steps:
     - name: 'Install Qt'
@@ -82,6 +86,10 @@ jobs:
       QIF_VERSION: 4.7
       BUILD_ARCH: 64
       PROD_AGW_PUBLIC_KEY: ${{ secrets.PROD_AGW_PUBLIC_KEY }}
+      PROD_S3_ENDPOINT: ${{ secrets.PROD_S3_ENDPOINT }}
+      DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }}
+      DEV_AGW_ENDPOINT: ${{ secrets.DEV_AGW_ENDPOINT }}
+      DEV_S3_ENDPOINT: ${{ secrets.DEV_S3_ENDPOINT }}
 
     steps:
     - name: 'Get sources'
@@ -144,6 +152,10 @@ jobs:
       CC: cc
       CXX: c++
       PROD_AGW_PUBLIC_KEY: ${{ secrets.PROD_AGW_PUBLIC_KEY }}
+      PROD_S3_ENDPOINT: ${{ secrets.PROD_S3_ENDPOINT }}
+      DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }}
+      DEV_AGW_ENDPOINT: ${{ secrets.DEV_AGW_ENDPOINT }}
+      DEV_S3_ENDPOINT: ${{ secrets.DEV_S3_ENDPOINT }}
 
     steps:
     - name: 'Setup xcode'
@@ -178,7 +190,7 @@ jobs:
     - name: 'Install go'
       uses: actions/setup-go@v5
       with:
-        go-version: '1.20'
+        go-version: '1.22.1'
         cache: false
 
     - name: 'Setup gomobile'
@@ -235,6 +247,10 @@ jobs:
       QT_VERSION: 6.4.3
       QIF_VERSION: 4.6
       PROD_AGW_PUBLIC_KEY: ${{ secrets.PROD_AGW_PUBLIC_KEY }}
+      PROD_S3_ENDPOINT: ${{ secrets.PROD_S3_ENDPOINT }}
+      DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }}
+      DEV_AGW_ENDPOINT: ${{ secrets.DEV_AGW_ENDPOINT }}
+      DEV_S3_ENDPOINT: ${{ secrets.DEV_S3_ENDPOINT }}
 
     steps:
     - name: 'Setup xcode'
@@ -297,24 +313,28 @@ jobs:
 
     env:
       ANDROID_BUILD_PLATFORM: android-34
-      QT_VERSION: 6.6.2
+      QT_VERSION: 6.7.3
       QT_MODULES: 'qtremoteobjects qt5compat qtimageformats qtshadertools'
       PROD_AGW_PUBLIC_KEY: ${{ secrets.PROD_AGW_PUBLIC_KEY }}
+      PROD_S3_ENDPOINT: ${{ secrets.PROD_S3_ENDPOINT }}
+      DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }}
+      DEV_AGW_ENDPOINT: ${{ secrets.DEV_AGW_ENDPOINT }}
+      DEV_S3_ENDPOINT: ${{ secrets.DEV_S3_ENDPOINT }}
 
     steps:
     - name: 'Install desktop Qt'
-      uses: jurplel/install-qt-action@v3
+      uses: jurplel/install-qt-action@v4
       with:
         version: ${{ env.QT_VERSION }}
         host: 'linux'
         target: 'desktop'
-        arch: 'gcc_64'
+        arch: 'linux_gcc_64'
         modules: ${{ env.QT_MODULES }}
         dir: ${{ runner.temp }}
         extra: '--external 7z --base ${{ env.QT_MIRROR }}'
 
     - name: 'Install android_x86_64 Qt'
-      uses: jurplel/install-qt-action@v3
+      uses: jurplel/install-qt-action@v4
       with:
         version: ${{ env.QT_VERSION }}
         host: 'linux'
@@ -325,7 +345,7 @@ jobs:
         extra: '--external 7z --base ${{ env.QT_MIRROR }}'
 
     - name: 'Install android_x86 Qt'
-      uses: jurplel/install-qt-action@v3
+      uses: jurplel/install-qt-action@v4
       with:
         version: ${{ env.QT_VERSION }}
         host: 'linux'
@@ -336,7 +356,7 @@ jobs:
         extra: '--external 7z --base ${{ env.QT_MIRROR }}'
 
     - name: 'Install android_armv7 Qt'
-      uses: jurplel/install-qt-action@v3
+      uses: jurplel/install-qt-action@v4
       with:
         version: ${{ env.QT_VERSION }}
         host: 'linux'
@@ -347,7 +367,7 @@ jobs:
         extra: '--external 7z --base ${{ env.QT_MIRROR }}'
 
     - name: 'Install android_arm64_v8a Qt'
-      uses: jurplel/install-qt-action@v3
+      uses: jurplel/install-qt-action@v4
       with:
         version: ${{ env.QT_VERSION }}
         host: 'linux'

.github/workflows/tag-deploy.yml

@@ -16,6 +16,10 @@ jobs:
       QT_VERSION: 6.4.1
       QIF_VERSION: 4.5
       PROD_AGW_PUBLIC_KEY: ${{ secrets.PROD_AGW_PUBLIC_KEY }}
+      PROD_S3_ENDPOINT: ${{ secrets.PROD_S3_ENDPOINT }}
+      DEV_AGW_PUBLIC_KEY: ${{ secrets.DEV_AGW_PUBLIC_KEY }}
+      DEV_AGW_ENDPOINT: ${{ secrets.DEV_AGW_ENDPOINT }}
+      DEV_S3_ENDPOINT: ${{ secrets.DEV_S3_ENDPOINT }}
 
     steps:
     - name: 'Install desktop Qt'

CMakeLists.txt

@@ -2,7 +2,7 @@ cmake_minimum_required(VERSION 3.25.0 FATAL_ERROR)
 
 set(PROJECT AmneziaVPN)
 
-project(${PROJECT} VERSION 4.7.0.0
+project(${PROJECT} VERSION 4.8.2.3
         DESCRIPTION "AmneziaVPN"
         HOMEPAGE_URL "https://amnezia.org/"
 )
@@ -11,7 +11,7 @@ string(TIMESTAMP CURRENT_DATE "%Y-%m-%d")
 set(RELEASE_DATE "${CURRENT_DATE}")
 
 set(APP_MAJOR_VERSION ${CMAKE_PROJECT_VERSION_MAJOR}.${CMAKE_PROJECT_VERSION_MINOR}.${CMAKE_PROJECT_VERSION_PATCH})
-set(APP_ANDROID_VERSION_CODE 57)
+set(APP_ANDROID_VERSION_CODE 2069)
 
 if(${CMAKE_SYSTEM_NAME} STREQUAL "Linux")
     set(MZ_PLATFORM_NAME "linux")

README.md

@@ -10,38 +10,36 @@ Amnezia is an open-source VPN client, with a key feature that enables you to dep
 
 <br>
 
-<a href="https://github.com/amnezia-vpn/amnezia-client/releases/download/4.6.0.3/AmneziaVPN_4.6.0.3_x64.exe"><img src="https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/win.png" width="150" style="max-width: 100%;"></a> 
-<a href="https://github.com/amnezia-vpn/amnezia-client/releases/download/4.6.0.3/AmneziaVPN_4.6.0.3.dmg"><img src="https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/mac.png" width="150" style="max-width: 100%;"></a> 
-<a href="https://github.com/amnezia-vpn/amnezia-client/releases/download/4.6.0.3/AmneziaVPN_Linux_4.6.0.3.tar.zip"><img src="https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/lin.png" width="150" style="max-width: 100%;"></a>
-<a href="https://github.com/amnezia-vpn/amnezia-client/releases/tag/4.6.0.3"><img src="https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/andr.png" width="150" style="max-width: 100%;"></a>
-
-<br>
-
+<a href="https://amnezia.org/downloads"><img src="https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/download.png" width="150" style="max-width: 100%;"></a>
 <a href="https://play.google.com/store/search?q=amnezia+vpn&c=apps"><img src="https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/play.png" width="150" style="max-width: 100%;"></a>
 <a href="https://apps.apple.com/us/app/amneziavpn/id1600529900"><img src="https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/apl.png" width="150" style="max-width: 100%;"></a>
 
+[Alternative download link (mirror)](https://storage.googleapis.com/kldscp/amnezia.org/downloads)
 
 [All releases](https://github.com/amnezia-vpn/amnezia-client/releases)
 
 <br>
 
+<a href="https://www.testiny.io"><img src="https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/testiny.png" height="28px"></a>
 
 ## Features
 
-- Very easy to use - enter your IP address, SSH login, and password, and Amnezia will automatically install VPN docker containers to your server and connect to the VPN.
-- OpenVPN, Shadowsocks, WireGuard, and IKEv2 protocols support.
-- Masking VPN with OpenVPN over Cloak plugin
-- Split tunneling support - add any sites to the client to enable VPN only for them (only for desktops)
+- Very easy to use - enter your IP address, SSH login, password and Amnezia will automatically install VPN docker containers to your server and connect to the VPN.
+- Classic VPN-protocols: OpenVPN, WireGuard and IKEv2 protocols.
+- Protocols with traffic Masking (Obfuscation): OpenVPN over [Cloak](https://github.com/cbeuw/Cloak) plugin, Shadowsocks (OpenVPN over Shadowsocks), [AmneziaWG](https://docs.amnezia.org/documentation/amnezia-wg/) and XRay.
+- Split tunneling support - add any sites to the client to enable VPN only for them or add Apps (only for Android and Desktop).
 - Windows, MacOS, Linux, Android, iOS releases.
+- Support for AmneziaWG protocol configuration on [Keenetic beta firmware](https://docs.keenetic.com/ua/air/kn-1611/en/6319-latest-development-release.html#UUID-186c4108-5afd-c10b-f38a-cdff6c17fab3_section-idm33192196168192-improved).
 
 ## Links
 
-- [https://amnezia.org](https://amnezia.org) - project website  
+- [https://amnezia.org](https://amnezia.org) - project website | [Alternative link (mirror)](https://storage.googleapis.com/kldscp/amnezia.org)
 - [https://www.reddit.com/r/AmneziaVPN](https://www.reddit.com/r/AmneziaVPN) - Reddit  
 - [https://t.me/amnezia_vpn_en](https://t.me/amnezia_vpn_en) - Telegram support channel (English) 
 - [https://t.me/amnezia_vpn_ir](https://t.me/amnezia_vpn_ir) - Telegram support channel (Farsi) 
 - [https://t.me/amnezia_vpn_mm](https://t.me/amnezia_vpn_mm) - Telegram support channel (Myanmar)  
-- [https://t.me/amnezia_vpn](https://t.me/amnezia_vpn) - Telegram support channel (Russian)  
+- [https://t.me/amnezia_vpn](https://t.me/amnezia_vpn) - Telegram support channel (Russian)
+- [https://vpnpay.io/en/amnezia-premium/](https://vpnpay.io/en/amnezia-premium/) - Amnezia Premium
 
 ## Tech
 

client/3rd/SingleApplication/singleapplication.cmake

@@ -1,25 +0,0 @@
-include_directories(${CMAKE_CURRENT_LIST_DIR})
-
-find_package(Qt6 REQUIRED COMPONENTS 
-    Core Network
-)
-set(LIBS ${LIBS} Qt6::Core Qt6::Network)
-
-
-set(HEADERS ${HEADERS}
-    ${CMAKE_CURRENT_LIST_DIR}/singleapplication.h 
-    ${CMAKE_CURRENT_LIST_DIR}/singleapplication_p.h
-)
-
-set(SOURCES ${SOURCES}
-    ${CMAKE_CURRENT_LIST_DIR}/singleapplication.cpp 
-    ${CMAKE_CURRENT_LIST_DIR}/singleapplication_p.cpp
-)
-
-if(WIN32)
-    if(MSVC)
-        set(LIBS ${LIBS} Advapi32.lib)
-    elseif ("${CMAKE_CXX_COMPILER_ID}" STREQUAL "GNU")
-        set(LIBS ${LIBS} advapi32)
-    endif()    
-endif()

client/3rd/SingleApplication/singleapplication.cpp

@@ -1,274 +0,0 @@
-// The MIT License (MIT)
-//
-// Copyright (c) Itay Grudev 2015 - 2020
-//
-// Permission is hereby granted, free of charge, to any person obtaining a copy
-// of this software and associated documentation files (the "Software"), to deal
-// in the Software without restriction, including without limitation the rights
-// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-// copies of the Software, and to permit persons to whom the Software is
-// furnished to do so, subject to the following conditions:
-//
-// The above copyright notice and this permission notice shall be included in
-// all copies or substantial portions of the Software.
-//
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-// THE SOFTWARE.
-
-#include <QtCore/QElapsedTimer>
-#include <QtCore/QByteArray>
-#include <QtCore/QSharedMemory>
-
-#include "singleapplication.h"
-#include "singleapplication_p.h"
-
-/**
- * @brief Constructor. Checks and fires up LocalServer or closes the program
- * if another instance already exists
- * @param argc
- * @param argv
- * @param allowSecondary Whether to enable secondary instance support
- * @param options Optional flags to toggle specific behaviour
- * @param timeout Maximum time blocking functions are allowed during app load
- */
-SingleApplication::SingleApplication( int &argc, char *argv[], bool allowSecondary, Options options, int timeout, const QString &userData )
-    : app_t( argc, argv ), d_ptr( new SingleApplicationPrivate( this ) )
-{
-    Q_D( SingleApplication );
-
-#if defined(Q_OS_ANDROID) || defined(Q_OS_IOS)
-    // On Android and iOS since the library is not supported fallback to
-    // standard QApplication behaviour by simply returning at this point.
-    qWarning() << "SingleApplication is not supported on Android and iOS systems.";
-    return;
-#endif
-
-    // Store the current mode of the program
-    d->options = options;
-
-    // Add any unique user data
-    if ( ! userData.isEmpty() )
-        d->addAppData( userData );
-
-    // Generating an application ID used for identifying the shared memory
-    // block and QLocalServer
-    d->genBlockServerName();
-
-    // To mitigate QSharedMemory issues with large amount of processes
-    // attempting to attach at the same time
-    SingleApplicationPrivate::randomSleep();
-
-#ifdef Q_OS_UNIX
-    // By explicitly attaching it and then deleting it we make sure that the
-    // memory is deleted even after the process has crashed on Unix.
-    d->memory = new QSharedMemory( d->blockServerName );
-    d->memory->attach();
-    delete d->memory;
-#endif
-    // Guarantee thread safe behaviour with a shared memory block.
-    d->memory = new QSharedMemory( d->blockServerName );
-
-    // Create a shared memory block
-    if( d->memory->create( sizeof( InstancesInfo ) )){
-        // Initialize the shared memory block
-        if( ! d->memory->lock() ){
-          qCritical() << "SingleApplication: Unable to lock memory block after create.";
-          abortSafely();
-        }
-        d->initializeMemoryBlock();
-    } else {
-        if( d->memory->error() == QSharedMemory::AlreadyExists ){
-          // Attempt to attach to the memory segment
-          if( ! d->memory->attach() ){
-              qCritical() << "SingleApplication: Unable to attach to shared memory block.";
-              abortSafely();
-          }
-          if( ! d->memory->lock() ){
-            qCritical() << "SingleApplication: Unable to lock memory block after attach.";
-            abortSafely();
-          }
-        } else {
-          qCritical() << "SingleApplication: Unable to create block.";
-          abortSafely();
-        }
-    }
-
-    auto *inst = static_cast<InstancesInfo*>( d->memory->data() );
-    QElapsedTimer time;
-    time.start();
-
-    // Make sure the shared memory block is initialised and in consistent state
-    while( true ){
-      // If the shared memory block's checksum is valid continue
-      if( d->blockChecksum() == inst->checksum ) break;
-
-      // If more than 5s have elapsed, assume the primary instance crashed and
-      // assume it's position
-      if( time.elapsed() > 5000 ){
-          qWarning() << "SingleApplication: Shared memory block has been in an inconsistent state from more than 5s. Assuming primary instance failure.";
-          d->initializeMemoryBlock();
-      }
-
-      // Otherwise wait for a random period and try again. The random sleep here
-      // limits the probability of a collision between two racing apps and
-      // allows the app to initialise faster
-      if( ! d->memory->unlock() ){
-        qDebug() << "SingleApplication: Unable to unlock memory for random wait.";
-        qDebug() << d->memory->errorString();
-      }
-      SingleApplicationPrivate::randomSleep();
-      if( ! d->memory->lock() ){
-        qCritical() << "SingleApplication: Unable to lock memory after random wait.";
-        abortSafely();
-      }
-    }
-
-    if( inst->primary == false ){
-        d->startPrimary();
-        if( ! d->memory->unlock() ){
-          qDebug() << "SingleApplication: Unable to unlock memory after primary start.";
-          qDebug() << d->memory->errorString();
-        }
-        return;
-    }
-
-    // Check if another instance can be started
-    if( allowSecondary ){
-        d->startSecondary();
-        if( d->options & Mode::SecondaryNotification ){
-            d->connectToPrimary( timeout, SingleApplicationPrivate::SecondaryInstance );
-        }
-        if( ! d->memory->unlock() ){
-          qDebug() << "SingleApplication: Unable to unlock memory after secondary start.";
-          qDebug() << d->memory->errorString();
-        }
-        return;
-    }
-
-    if( ! d->memory->unlock() ){
-      qDebug() << "SingleApplication: Unable to unlock memory at end of execution.";
-      qDebug() << d->memory->errorString();
-    }
-
-    d->connectToPrimary( timeout, SingleApplicationPrivate::NewInstance );
-
-    delete d;
-
-    ::exit( EXIT_SUCCESS );
-}
-
-SingleApplication::~SingleApplication()
-{
-    Q_D( SingleApplication );
-    delete d;
-}
-
-/**
- * Checks if the current application instance is primary.
- * @return Returns true if the instance is primary, false otherwise.
- */
-bool SingleApplication::isPrimary() const
-{
-    Q_D( const SingleApplication );
-    return d->server != nullptr;
-}
-
-/**
- * Checks if the current application instance is secondary.
- * @return Returns true if the instance is secondary, false otherwise.
- */
-bool SingleApplication::isSecondary() const
-{
-    Q_D( const SingleApplication );
-    return d->server == nullptr;
-}
-
-/**
- * Allows you to identify an instance by returning unique consecutive instance
- * ids. It is reset when the first (primary) instance of your app starts and
- * only incremented afterwards.
- * @return Returns a unique instance id.
- */
-quint32 SingleApplication::instanceId() const
-{
-    Q_D( const SingleApplication );
-    return d->instanceNumber;
-}
-
-/**
- * Returns the OS PID (Process Identifier) of the process running the primary
- * instance. Especially useful when SingleApplication is coupled with OS.
- * specific APIs.
- * @return Returns the primary instance PID.
- */
-qint64 SingleApplication::primaryPid() const
-{
-    Q_D( const SingleApplication );
-    return d->primaryPid();
-}
-
-/**
- * Returns the username the primary instance is running as.
- * @return Returns the username the primary instance is running as.
- */
-QString SingleApplication::primaryUser() const
-{
-    Q_D( const SingleApplication );
-    return d->primaryUser();
-}
-
-/**
- * Returns the username the current instance is running as.
- * @return Returns the username the current instance is running as.
- */
-QString SingleApplication::currentUser() const
-{
-    return SingleApplicationPrivate::getUsername();
-}
-
-/**
- * Sends message to the Primary Instance.
- * @param message The message to send.
- * @param timeout the maximum timeout in milliseconds for blocking functions.
- * @return true if the message was sent successfuly, false otherwise.
- */
-bool SingleApplication::sendMessage( const QByteArray &message, int timeout )
-{
-    Q_D( SingleApplication );
-
-    // Nobody to connect to
-    if( isPrimary() ) return false;
-
-    // Make sure the socket is connected
-    if( ! d->connectToPrimary( timeout,  SingleApplicationPrivate::Reconnect ) )
-      return false;
-
-    d->socket->write( message );
-    bool dataWritten = d->socket->waitForBytesWritten( timeout );
-    d->socket->flush();
-    return dataWritten;
-}
-
-/**
- * Cleans up the shared memory block and exits with a failure.
- * This function halts program execution.
- */
-void SingleApplication::abortSafely()
-{
-    Q_D( SingleApplication );
-
-    qCritical() << "SingleApplication: " << d->memory->error() << d->memory->errorString();
-    delete d;
-    ::exit( EXIT_FAILURE );
-}
-
-QStringList SingleApplication::userData() const
-{
-    Q_D( const SingleApplication );
-    return d->appData();
-}

client/3rd/SingleApplication/singleapplication.h

@@ -1,154 +0,0 @@
-// The MIT License (MIT)
-//
-// Copyright (c) Itay Grudev 2015 - 2018
-//
-// Permission is hereby granted, free of charge, to any person obtaining a copy
-// of this software and associated documentation files (the "Software"), to deal
-// in the Software without restriction, including without limitation the rights
-// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-// copies of the Software, and to permit persons to whom the Software is
-// furnished to do so, subject to the following conditions:
-//
-// The above copyright notice and this permission notice shall be included in
-// all copies or substantial portions of the Software.
-//
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-// THE SOFTWARE.
-
-#ifndef SINGLE_APPLICATION_H
-#define SINGLE_APPLICATION_H
-
-#include <QtCore/QtGlobal>
-#include <QtNetwork/QLocalSocket>
-
-#ifndef QAPPLICATION_CLASS
-  #define QAPPLICATION_CLASS QApplication
-#endif
-
-#include QT_STRINGIFY(QAPPLICATION_CLASS)
-
-class SingleApplicationPrivate;
-
-/**
- * @brief The SingleApplication class handles multiple instances of the same
- * Application
- * @see QCoreApplication
- */
-class SingleApplication : public QAPPLICATION_CLASS
-{
-    Q_OBJECT
-
-    using app_t = QAPPLICATION_CLASS;
-
-public:
-    /**
-     * @brief Mode of operation of SingleApplication.
-     * Whether the block should be user-wide or system-wide and whether the
-     * primary instance should be notified when a secondary instance had been
-     * started.
-     * @note Operating system can restrict the shared memory blocks to the same
-     * user, in which case the User/System modes will have no effect and the
-     * block will be user wide.
-     * @enum
-     */
-    enum Mode {
-        User                    = 1 << 0,
-        System                  = 1 << 1,
-        SecondaryNotification   = 1 << 2,
-        ExcludeAppVersion       = 1 << 3,
-        ExcludeAppPath          = 1 << 4
-    };
-    Q_DECLARE_FLAGS(Options, Mode)
-
-    /**
-     * @brief Intitializes a SingleApplication instance with argc command line
-     * arguments in argv
-     * @arg {int &} argc - Number of arguments in argv
-     * @arg {const char *[]} argv - Supplied command line arguments
-     * @arg {bool} allowSecondary - Whether to start the instance as secondary
-     * if there is already a primary instance.
-     * @arg {Mode} mode - Whether for the SingleApplication block to be applied
-     * User wide or System wide.
-     * @arg {int} timeout - Timeout to wait in milliseconds.
-     * @note argc and argv may be changed as Qt removes arguments that it
-     * recognizes
-     * @note Mode::SecondaryNotification only works if set on both the primary
-     * instance and the secondary instance.
-     * @note The timeout is just a hint for the maximum time of blocking
-     * operations. It does not guarantee that the SingleApplication
-     * initialisation will be completed in given time, though is a good hint.
-     * Usually 4*timeout would be the worst case (fail) scenario.
-     * @see See the corresponding QAPPLICATION_CLASS constructor for reference
-     */
-    explicit SingleApplication( int &argc, char *argv[], bool allowSecondary = false, Options options = Mode::User, int timeout = 1000, const QString &userData = {} );
-    ~SingleApplication() override;
-
-    /**
-     * @brief Returns if the instance is the primary instance
-     * @returns {bool}
-     */
-    bool isPrimary() const;
-
-    /**
-     * @brief Returns if the instance is a secondary instance
-     * @returns {bool}
-     */
-    bool isSecondary() const;
-
-    /**
-     * @brief Returns a unique identifier for the current instance
-     * @returns {qint32}
-     */
-    quint32 instanceId() const;
-
-    /**
-     * @brief Returns the process ID (PID) of the primary instance
-     * @returns {qint64}
-     */
-    qint64 primaryPid() const;
-
-    /**
-     * @brief Returns the username of the user running the primary instance
-     * @returns {QString}
-     */
-    QString primaryUser() const;
-
-    /**
-     * @brief Returns the username of the current user
-     * @returns {QString}
-     */
-    QString currentUser() const;
-
-    /**
-     * @brief Sends a message to the primary instance. Returns true on success.
-     * @param {int} timeout - Timeout for connecting
-     * @returns {bool}
-     * @note sendMessage() will return false if invoked from the primary
-     * instance.
-     */
-    bool sendMessage( const QByteArray &message, int timeout = 100 );
-
-    /**
-     * @brief Get the set user data.
-     * @returns {QStringList}
-     */
-    QStringList userData() const;
-
-Q_SIGNALS:
-    void instanceStarted();
-    void receivedMessage( quint32 instanceId, QByteArray message );
-
-private:
-    SingleApplicationPrivate *d_ptr;
-    Q_DECLARE_PRIVATE(SingleApplication)
-    void abortSafely();
-};
-
-Q_DECLARE_OPERATORS_FOR_FLAGS(SingleApplication::Options)
-
-#endif // SINGLE_APPLICATION_H

client/3rd/SingleApplication/singleapplication.pri

@@ -1,15 +0,0 @@
-QT += core network
-CONFIG += c++11
-
-HEADERS +=  \
-    $$PWD/singleapplication.h \
-    $$PWD/singleapplication_p.h
-SOURCES += $$PWD/singleapplication.cpp \
-    $$PWD/singleapplication_p.cpp
-
-INCLUDEPATH += $$PWD
-
-win32 {
-    msvc:LIBS += Advapi32.lib
-    gcc:LIBS += -ladvapi32
-}

client/3rd/SingleApplication/singleapplication_p.cpp

@@ -1,486 +0,0 @@
-// The MIT License (MIT)
-//
-// Copyright (c) Itay Grudev 2015 - 2020
-//
-// Permission is hereby granted, free of charge, to any person obtaining a copy
-// of this software and associated documentation files (the "Software"), to deal
-// in the Software without restriction, including without limitation the rights
-// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-// copies of the Software, and to permit persons to whom the Software is
-// furnished to do so, subject to the following conditions:
-//
-// The above copyright notice and this permission notice shall be included in
-// all copies or substantial portions of the Software.
-//
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-// THE SOFTWARE.
-
-//
-//  W A R N I N G !!!
-//  -----------------
-//
-// This file is not part of the SingleApplication API. It is used purely as an
-// implementation detail. This header file may change from version to
-// version without notice, or may even be removed.
-//
-
-#include <cstdlib>
-#include <cstddef>
-
-#include <QtCore/QDir>
-#include <QtCore/QThread>
-#include <QtCore/QByteArray>
-#include <QtCore/QDataStream>
-#include <QtCore/QElapsedTimer>
-#include <QtCore/QCryptographicHash>
-#include <QtNetwork/QLocalServer>
-#include <QtNetwork/QLocalSocket>
-
-#if QT_VERSION >= QT_VERSION_CHECK(5, 10, 0)
-#include <QtCore/QRandomGenerator>
-#else
-#include <QtCore/QDateTime>
-#endif
-
-#include "singleapplication.h"
-#include "singleapplication_p.h"
-
-#ifdef Q_OS_UNIX
-    #include <unistd.h>
-    #include <sys/types.h>
-    #include <pwd.h>
-#endif
-
-#ifdef Q_OS_WIN
-    #ifndef NOMINMAX
-        #define NOMINMAX 1
-    #endif
-    #include <windows.h>
-    #include <lmcons.h>
-#endif
-
-SingleApplicationPrivate::SingleApplicationPrivate( SingleApplication *q_ptr )
-    : q_ptr( q_ptr )
-{
-    server = nullptr;
-    socket = nullptr;
-    memory = nullptr;
-    instanceNumber = 0;
-}
-
-SingleApplicationPrivate::~SingleApplicationPrivate()
-{
-    if( socket != nullptr ){
-        socket->close();
-        delete socket;
-    }
-
-    if( memory != nullptr ){
-        memory->lock();
-        auto *inst = static_cast<InstancesInfo*>(memory->data());
-        if( server != nullptr ){
-            server->close();
-            delete server;
-            inst->primary = false;
-            inst->primaryPid = -1;
-            inst->primaryUser[0] =  '\0';
-            inst->checksum = blockChecksum();
-        }
-        memory->unlock();
-
-        delete memory;
-    }
-}
-
-QString SingleApplicationPrivate::getUsername()
-{
-#ifdef Q_OS_WIN
-      wchar_t username[UNLEN + 1];
-      // Specifies size of the buffer on input
-      DWORD usernameLength = UNLEN + 1;
-      if( GetUserNameW( username, &usernameLength ) )
-          return QString::fromWCharArray( username );
-#if QT_VERSION < QT_VERSION_CHECK(5, 10, 0)
-      return QString::fromLocal8Bit( qgetenv( "USERNAME" ) );
-#else
-      return qEnvironmentVariable( "USERNAME" );
-#endif
-#endif
-#ifdef Q_OS_UNIX
-      QString username;
-      uid_t uid = geteuid();
-      struct passwd *pw = getpwuid( uid );
-      if( pw )
-          username = QString::fromLocal8Bit( pw->pw_name );
-      if ( username.isEmpty() ){
-#if QT_VERSION < QT_VERSION_CHECK(5, 10, 0)
-          username = QString::fromLocal8Bit( qgetenv( "USER" ) );
-#else
-          username = qEnvironmentVariable( "USER" );
-#endif
-      }
-      return username;
-#endif
-}
-
-void SingleApplicationPrivate::genBlockServerName()
-{
-    QCryptographicHash appData( QCryptographicHash::Sha256 );
-    appData.addData( "SingleApplication", 17 );
-    appData.addData( SingleApplication::app_t::applicationName().toUtf8() );
-    appData.addData( SingleApplication::app_t::organizationName().toUtf8() );
-    appData.addData( SingleApplication::app_t::organizationDomain().toUtf8() );
-
-    if ( ! appDataList.isEmpty() )
-        appData.addData( appDataList.join( "" ).toUtf8() );
-
-    if( ! (options & SingleApplication::Mode::ExcludeAppVersion) ){
-        appData.addData( SingleApplication::app_t::applicationVersion().toUtf8() );
-    }
-
-    if( ! (options & SingleApplication::Mode::ExcludeAppPath) ){
-#ifdef Q_OS_WIN
-        appData.addData( SingleApplication::app_t::applicationFilePath().toLower().toUtf8() );
-#else
-        appData.addData( SingleApplication::app_t::applicationFilePath().toUtf8() );
-#endif
-    }
-
-    // User level block requires a user specific data in the hash
-    if( options & SingleApplication::Mode::User ){
-        appData.addData( getUsername().toUtf8() );
-    }
-
-    // Replace the backslash in RFC 2045 Base64 [a-zA-Z0-9+/=] to comply with
-    // server naming requirements.
-    blockServerName = appData.result().toBase64().replace("/", "_");
-}
-
-void SingleApplicationPrivate::initializeMemoryBlock() const
-{
-    auto *inst = static_cast<InstancesInfo*>( memory->data() );
-    inst->primary = false;
-    inst->secondary = 0;
-    inst->primaryPid = -1;
-    inst->primaryUser[0] =  '\0';
-    inst->checksum = blockChecksum();
-}
-
-void SingleApplicationPrivate::startPrimary()
-{
-    // Reset the number of connections
-    auto *inst = static_cast <InstancesInfo*>( memory->data() );
-
-    inst->primary = true;
-    inst->primaryPid = QCoreApplication::applicationPid();
-    qstrncpy( inst->primaryUser, getUsername().toUtf8().data(), sizeof(inst->primaryUser) );
-    inst->checksum = blockChecksum();
-    instanceNumber = 0;
-    // Successful creation means that no main process exists
-    // So we start a QLocalServer to listen for connections
-    QLocalServer::removeServer( blockServerName );
-    server = new QLocalServer();
-
-    // Restrict access to the socket according to the
-    // SingleApplication::Mode::User flag on User level or no restrictions
-    if( options & SingleApplication::Mode::User ){
-        server->setSocketOptions( QLocalServer::UserAccessOption );
-    } else {
-        server->setSocketOptions( QLocalServer::WorldAccessOption );
-    }
-
-    server->listen( blockServerName );
-    QObject::connect(
-        server,
-        &QLocalServer::newConnection,
-        this,
-        &SingleApplicationPrivate::slotConnectionEstablished
-    );
-}
-
-void SingleApplicationPrivate::startSecondary()
-{
-  auto *inst = static_cast <InstancesInfo*>( memory->data() );
-
-  inst->secondary += 1;
-  inst->checksum = blockChecksum();
-  instanceNumber = inst->secondary;
-}
-
-bool SingleApplicationPrivate::connectToPrimary( int msecs, ConnectionType connectionType )
-{
-    QElapsedTimer time;
-    time.start();
-
-    // Connect to the Local Server of the Primary Instance if not already
-    // connected.
-    if( socket == nullptr ){
-        socket = new QLocalSocket();
-    }
-
-    if( socket->state() == QLocalSocket::ConnectedState ) return true;
-
-    if( socket->state() != QLocalSocket::ConnectedState ){
-
-        while( true ){
-            randomSleep();
-
-          if( socket->state() != QLocalSocket::ConnectingState )
-            socket->connectToServer( blockServerName );
-
-          if( socket->state() == QLocalSocket::ConnectingState ){
-              socket->waitForConnected( static_cast<int>(msecs - time.elapsed()) );
-          }
-
-          // If connected break out of the loop
-          if( socket->state() == QLocalSocket::ConnectedState ) break;
-
-          // If elapsed time since start is longer than the method timeout return
-          if( time.elapsed() >= msecs ) return false;
-        }
-    }
-
-    // Initialisation message according to the SingleApplication protocol
-    QByteArray initMsg;
-    QDataStream writeStream(&initMsg, QIODevice::WriteOnly);
-
-#if (QT_VERSION >= QT_VERSION_CHECK(5, 6, 0))
-    writeStream.setVersion(QDataStream::Qt_5_6);
-#endif
-
-    writeStream << blockServerName.toLatin1();
-    writeStream << static_cast<quint8>(connectionType);
-    writeStream << instanceNumber;
-#if QT_VERSION >= QT_VERSION_CHECK(6, 0, 0)
-    quint16 checksum = qChecksum(QByteArray(initMsg, static_cast<quint32>(initMsg.length())));
-#else
-    quint16 checksum = qChecksum(initMsg.constData(), static_cast<quint32>(initMsg.length()));
-#endif
-    writeStream << checksum;
-
-    // The header indicates the message length that follows
-    QByteArray header;
-    QDataStream headerStream(&header, QIODevice::WriteOnly);
-
-#if (QT_VERSION >= QT_VERSION_CHECK(5, 6, 0))
-    headerStream.setVersion(QDataStream::Qt_5_6);
-#endif
-    headerStream << static_cast <quint64>( initMsg.length() );
-
-    socket->write( header );
-    socket->write( initMsg );
-    bool result = socket->waitForBytesWritten( static_cast<int>(msecs - time.elapsed()) );
-    socket->flush();
-    return result;
-}
-
-quint16 SingleApplicationPrivate::blockChecksum() const
-{
-#if QT_VERSION >= QT_VERSION_CHECK(6, 0, 0)
-    quint16 checksum = qChecksum(QByteArray(static_cast<const char*>(memory->constData()), offsetof(InstancesInfo, checksum)));
-#else
-    quint16 checksum = qChecksum(static_cast<const char*>(memory->constData()), offsetof(InstancesInfo, checksum));
-#endif
-    return checksum;
-}
-
-qint64 SingleApplicationPrivate::primaryPid() const
-{
-    qint64 pid;
-
-    memory->lock();
-    auto *inst = static_cast<InstancesInfo*>( memory->data() );
-    pid = inst->primaryPid;
-    memory->unlock();
-
-    return pid;
-}
-
-QString SingleApplicationPrivate::primaryUser() const
-{
-    QByteArray username;
-
-    memory->lock();
-    auto *inst = static_cast<InstancesInfo*>( memory->data() );
-    username = inst->primaryUser;
-    memory->unlock();
-
-    return QString::fromUtf8( username );
-}
-
-/**
- * @brief Executed when a connection has been made to the LocalServer
- */
-void SingleApplicationPrivate::slotConnectionEstablished()
-{
-    QLocalSocket *nextConnSocket = server->nextPendingConnection();
-    connectionMap.insert(nextConnSocket, ConnectionInfo());
-
-    QObject::connect(nextConnSocket, &QLocalSocket::aboutToClose,
-        [nextConnSocket, this](){
-            auto &info = connectionMap[nextConnSocket];
-            Q_EMIT this->slotClientConnectionClosed( nextConnSocket, info.instanceId );
-        }
-    );
-
-    QObject::connect(nextConnSocket, &QLocalSocket::disconnected, nextConnSocket, &QLocalSocket::deleteLater);
-
-    QObject::connect(nextConnSocket, &QLocalSocket::destroyed,
-        [nextConnSocket, this](){
-            connectionMap.remove(nextConnSocket);
-        }
-    );
-
-    QObject::connect(nextConnSocket, &QLocalSocket::readyRead,
-        [nextConnSocket, this](){
-            auto &info = connectionMap[nextConnSocket];
-            switch(info.stage){
-            case StageHeader:
-                readInitMessageHeader(nextConnSocket);
-                break;
-            case StageBody:
-                readInitMessageBody(nextConnSocket);
-                break;
-            case StageConnected:
-                Q_EMIT this->slotDataAvailable( nextConnSocket, info.instanceId );
-                break;
-            default:
-                break;
-            };
-        }
-    );
-}
-
-void SingleApplicationPrivate::readInitMessageHeader( QLocalSocket *sock )
-{
-    if (!connectionMap.contains( sock )){
-        return;
-    }
-
-    if( sock->bytesAvailable() < ( qint64 )sizeof( quint64 ) ){
-        return;
-    }
-
-    QDataStream headerStream( sock );
-
-#if (QT_VERSION >= QT_VERSION_CHECK(5, 6, 0))
-    headerStream.setVersion( QDataStream::Qt_5_6 );
-#endif
-
-    // Read the header to know the message length
-    quint64 msgLen = 0;
-    headerStream >> msgLen;
-    ConnectionInfo &info = connectionMap[sock];
-    info.stage = StageBody;
-    info.msgLen = msgLen;
-
-    if ( sock->bytesAvailable() >= (qint64) msgLen ){
-        readInitMessageBody( sock );
-    }
-}
-
-void SingleApplicationPrivate::readInitMessageBody( QLocalSocket *sock )
-{
-    Q_Q(SingleApplication);
-
-    if (!connectionMap.contains( sock )){
-        return;
-    }
-
-    ConnectionInfo &info = connectionMap[sock];
-    if( sock->bytesAvailable() < ( qint64 )info.msgLen ){
-        return;
-    }
-
-    // Read the message body
-    QByteArray msgBytes = sock->read(info.msgLen);
-    QDataStream readStream(msgBytes);
-
-#if (QT_VERSION >= QT_VERSION_CHECK(5, 6, 0))
-    readStream.setVersion( QDataStream::Qt_5_6 );
-#endif
-
-    // server name
-    QByteArray latin1Name;
-    readStream >> latin1Name;
-
-    // connection type
-    ConnectionType connectionType = InvalidConnection;
-    quint8 connTypeVal = InvalidConnection;
-    readStream >> connTypeVal;
-    connectionType = static_cast <ConnectionType>( connTypeVal );
-
-    // instance id
-    quint32 instanceId = 0;
-    readStream >> instanceId;
-
-    // checksum
-    quint16 msgChecksum = 0;
-    readStream >> msgChecksum;
-
-#if QT_VERSION >= QT_VERSION_CHECK(6, 0, 0)
-    const quint16 actualChecksum = qChecksum(QByteArray(msgBytes, static_cast<quint32>(msgBytes.length() - sizeof(quint16))));
-#else
-    const quint16 actualChecksum = qChecksum(msgBytes.constData(), static_cast<quint32>(msgBytes.length() - sizeof(quint16)));
-#endif
-
-    bool isValid = readStream.status() == QDataStream::Ok &&
-                   QLatin1String(latin1Name) == blockServerName &&
-                   msgChecksum == actualChecksum;
-
-    if( !isValid ){
-        sock->close();
-        return;
-    }
-
-    info.instanceId = instanceId;
-    info.stage = StageConnected;
-
-    if( connectionType == NewInstance ||
-        ( connectionType == SecondaryInstance &&
-          options & SingleApplication::Mode::SecondaryNotification ) )
-    {
-        Q_EMIT q->instanceStarted();
-    }
-
-    if (sock->bytesAvailable() > 0){
-        Q_EMIT this->slotDataAvailable( sock, instanceId );
-    }
-}
-
-void SingleApplicationPrivate::slotDataAvailable( QLocalSocket *dataSocket, quint32 instanceId )
-{
-    Q_Q(SingleApplication);
-    Q_EMIT q->receivedMessage( instanceId, dataSocket->readAll() );
-}
-
-void SingleApplicationPrivate::slotClientConnectionClosed( QLocalSocket *closedSocket, quint32 instanceId )
-{
-    if( closedSocket->bytesAvailable() > 0 )
-        Q_EMIT slotDataAvailable( closedSocket, instanceId  );
-}
-
-void SingleApplicationPrivate::randomSleep()
-{
-#if QT_VERSION >= QT_VERSION_CHECK( 5, 10, 0 )
-    QThread::msleep( QRandomGenerator::global()->bounded( 8u, 18u ));
-#else
-    qsrand( QDateTime::currentMSecsSinceEpoch() % std::numeric_limits<uint>::max() );
-    QThread::msleep( 8 + static_cast <unsigned long>( static_cast <float>( qrand() ) / RAND_MAX * 10 ));
-#endif
-}
-
-void SingleApplicationPrivate::addAppData(const QString &data)
-{
-    appDataList.push_back(data);
-}
-
-QStringList SingleApplicationPrivate::appData() const
-{
-    return appDataList;
-}

client/3rd/SingleApplication/singleapplication_p.h

@@ -1,104 +0,0 @@
-// The MIT License (MIT)
-//
-// Copyright (c) Itay Grudev 2015 - 2020
-//
-// Permission is hereby granted, free of charge, to any person obtaining a copy
-// of this software and associated documentation files (the "Software"), to deal
-// in the Software without restriction, including without limitation the rights
-// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-// copies of the Software, and to permit persons to whom the Software is
-// furnished to do so, subject to the following conditions:
-//
-// The above copyright notice and this permission notice shall be included in
-// all copies or substantial portions of the Software.
-//
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-// THE SOFTWARE.
-
-//
-//  W A R N I N G !!!
-//  -----------------
-//
-// This file is not part of the SingleApplication API. It is used purely as an
-// implementation detail. This header file may change from version to
-// version without notice, or may even be removed.
-//
-
-#ifndef SINGLEAPPLICATION_P_H
-#define SINGLEAPPLICATION_P_H
-
-#include <QtCore/QSharedMemory>
-#include <QtNetwork/QLocalServer>
-#include <QtNetwork/QLocalSocket>
-#include "singleapplication.h"
-
-struct InstancesInfo {
-    bool primary;
-    quint32 secondary;
-    qint64 primaryPid;
-    char primaryUser[128];
-    quint16 checksum; // Must be the last field
-};
-
-struct ConnectionInfo {
-    qint64 msgLen = 0;
-    quint32 instanceId = 0;
-    quint8 stage = 0;
-};
-
-class SingleApplicationPrivate : public QObject {
-Q_OBJECT
-public:
-    enum ConnectionType : quint8 {
-        InvalidConnection = 0,
-        NewInstance = 1,
-        SecondaryInstance = 2,
-        Reconnect = 3
-    };
-    enum ConnectionStage : quint8 {
-        StageHeader = 0,
-        StageBody = 1,
-        StageConnected = 2,
-    };
-    Q_DECLARE_PUBLIC(SingleApplication)
-
-    SingleApplicationPrivate( SingleApplication *q_ptr );
-    ~SingleApplicationPrivate() override;
-
-    static QString getUsername();
-    void genBlockServerName();
-    void initializeMemoryBlock() const;
-    void startPrimary();
-    void startSecondary();
-    bool connectToPrimary( int msecs, ConnectionType connectionType );
-    quint16 blockChecksum() const;
-    qint64 primaryPid() const;
-    QString primaryUser() const;
-    void readInitMessageHeader(QLocalSocket *socket);
-    void readInitMessageBody(QLocalSocket *socket);
-    static void randomSleep();
-    void addAppData(const QString &data);
-    QStringList appData() const;
-
-    SingleApplication *q_ptr;
-    QSharedMemory *memory;
-    QLocalSocket *socket;
-    QLocalServer *server;
-    quint32 instanceNumber;
-    QString blockServerName;
-    SingleApplication::Options options;
-    QMap<QLocalSocket*, ConnectionInfo> connectionMap;
-    QStringList appDataList;
-
-public Q_SLOTS:
-    void slotConnectionEstablished();
-    void slotDataAvailable( QLocalSocket*, quint32 );
-    void slotClientConnectionClosed( QLocalSocket*, quint32 );
-};
-
-#endif // SINGLEAPPLICATION_P_H

client/CMakeLists.txt

@@ -25,7 +25,11 @@ execute_process(
 add_definitions(-DGIT_COMMIT_HASH="${GIT_COMMIT_HASH}")
 
 add_definitions(-DPROD_AGW_PUBLIC_KEY="$ENV{PROD_AGW_PUBLIC_KEY}")
-add_definitions(-DPROD_PROXY_STORAGE_KEY="$ENV{PROD_PROXY_STORAGE_KEY}")
+add_definitions(-DPROD_S3_ENDPOINT="$ENV{PROD_S3_ENDPOINT}")
+
+add_definitions(-DDEV_AGW_PUBLIC_KEY="$ENV{DEV_AGW_PUBLIC_KEY}")
+add_definitions(-DDEV_AGW_ENDPOINT="$ENV{DEV_AGW_ENDPOINT}")
+add_definitions(-DDEV_S3_ENDPOINT="$ENV{DEV_S3_ENDPOINT}")
 
 if(IOS)
     set(PACKAGES ${PACKAGES} Multimedia)
@@ -58,6 +62,7 @@ qt_add_executable(${PROJECT} MANUAL_FINALIZATION)
 if(WIN32 OR (APPLE AND NOT IOS) OR (LINUX AND NOT ANDROID))
     qt_add_repc_replicas(${PROJECT} ${CMAKE_CURRENT_LIST_DIR}/../ipc/ipc_interface.rep)
     qt_add_repc_replicas(${PROJECT} ${CMAKE_CURRENT_LIST_DIR}/../ipc/ipc_process_interface.rep)
+    qt_add_repc_replicas(${PROJECT} ${CMAKE_CURRENT_LIST_DIR}/../ipc/ipc_process_tun2socks.rep)
 endif()
 
 qt6_add_resources(QRC ${QRC} ${CMAKE_CURRENT_LIST_DIR}/resources.qrc)
@@ -110,6 +115,7 @@ include(${CMAKE_CURRENT_LIST_DIR}/cmake/3rdparty.cmake)
 
 include_directories(
     ${CMAKE_CURRENT_LIST_DIR}/../ipc
+    ${CMAKE_CURRENT_LIST_DIR}/../common/logger
     ${CMAKE_CURRENT_LIST_DIR}
     ${CMAKE_CURRENT_BINARY_DIR}
 )
@@ -131,7 +137,6 @@ set(HEADERS ${HEADERS}
     ${CMAKE_CURRENT_LIST_DIR}/protocols/protocols_defs.h
     ${CMAKE_CURRENT_LIST_DIR}/protocols/qml_register_protocols.h
     ${CMAKE_CURRENT_LIST_DIR}/ui/pages.h
-    ${CMAKE_CURRENT_LIST_DIR}/ui/property_helper.h
     ${CMAKE_CURRENT_LIST_DIR}/ui/qautostart.h
     ${CMAKE_CURRENT_LIST_DIR}/protocols/vpnprotocol.h
     ${CMAKE_CURRENT_BINARY_DIR}/version.h
@@ -140,6 +145,7 @@ set(HEADERS ${HEADERS}
     ${CMAKE_CURRENT_LIST_DIR}/core/serialization/serialization.h
     ${CMAKE_CURRENT_LIST_DIR}/core/serialization/transfer.h
     ${CMAKE_CURRENT_LIST_DIR}/core/enums/apiEnums.h
+    ${CMAKE_CURRENT_LIST_DIR}/../common/logger/logger.h
 )
 
 # Mozilla headres
@@ -190,6 +196,7 @@ set(SOURCES ${SOURCES}
     ${CMAKE_CURRENT_LIST_DIR}/core/serialization/trojan.cpp
     ${CMAKE_CURRENT_LIST_DIR}/core/serialization/vmess.cpp
     ${CMAKE_CURRENT_LIST_DIR}/core/serialization/vmess_new.cpp
+    ${CMAKE_CURRENT_LIST_DIR}/../common/logger/logger.cpp
 )
 
 # Mozilla sources

client/amnezia_application.cpp

@@ -10,6 +10,8 @@
 #include <QTextDocument>
 #include <QTimer>
 #include <QTranslator>
+#include <QLocalSocket>
+#include <QLocalServer>
 
 #include "logger.h"
 #include "ui/models/installedAppsModel.h"
@@ -28,13 +30,7 @@
     #include <AmneziaVPN-Swift.h>
 #endif
 
-#if defined(Q_OS_ANDROID) || defined(Q_OS_IOS)
 AmneziaApplication::AmneziaApplication(int &argc, char *argv[]) : AMNEZIA_BASE_CLASS(argc, argv)
-#else
-AmneziaApplication::AmneziaApplication(int &argc, char *argv[], bool allowSecondary, SingleApplication::Options options, int timeout,
-                                       const QString &userData)
-    : SingleApplication(argc, argv, allowSecondary, options, timeout, userData)
-#endif
 {
     setQuitOnLastWindowClosed(false);
 
@@ -115,10 +111,11 @@ void AmneziaApplication::init()
         qFatal("Android controller initialization failed");
     }
 
-    connect(AndroidController::instance(), &AndroidController::importConfigFromOutside, [this](QString data) {
-        m_pageController->goToPageHome();
+    connect(AndroidController::instance(), &AndroidController::importConfigFromOutside, this, [this](QString data) {
+        emit m_pageController->goToPageHome();
         m_importController->extractConfigFromData(data);
-        m_pageController->goToPageViewConfig();
+        data.clear();
+        emit m_pageController->goToPageViewConfig();
     });
 
     m_engine->addImageProvider(QLatin1String("installedAppImage"), new InstalledAppsImageProvider);
@@ -126,16 +123,16 @@ void AmneziaApplication::init()
 
 #ifdef Q_OS_IOS
     IosController::Instance()->initialize();
-    connect(IosController::Instance(), &IosController::importConfigFromOutside, [this](QString data) {
-        m_pageController->goToPageHome();
+    connect(IosController::Instance(), &IosController::importConfigFromOutside, this, [this](QString data) {
+        emit m_pageController->goToPageHome();
         m_importController->extractConfigFromData(data);
-        m_pageController->goToPageViewConfig();
+        emit m_pageController->goToPageViewConfig();
     });
 
-    connect(IosController::Instance(), &IosController::importBackupFromOutside, [this](QString filePath) {
-        m_pageController->goToPageHome();
+    connect(IosController::Instance(), &IosController::importBackupFromOutside, this, [this](QString filePath) {
+        emit m_pageController->goToPageHome();
         m_pageController->goToPageSettingsBackup();
-        m_settingsController->importBackupFromOutside(filePath);
+        emit m_settingsController->importBackupFromOutside(filePath);
     });
 
     QTimer::singleShot(0, this, [this]() { AmneziaVPN::toggleScreenshots(m_settings->isScreenshotsEnabled()); });
@@ -164,7 +161,7 @@ void AmneziaApplication::init()
     bool enabled = m_settings->isSaveLogs();
 #ifndef Q_OS_ANDROID
     if (enabled) {
-        if (!Logger::init()) {
+        if (!Logger::init(false)) {
             qWarning() << "Initialization of debug subsystem failed";
         }
     }
@@ -180,16 +177,6 @@ void AmneziaApplication::init()
     m_pageController->showOnStartup();
 #endif
 
-        // TODO - fix
-#if !defined(Q_OS_ANDROID) && !defined(Q_OS_IOS)
-    if (isPrimary()) {
-        QObject::connect(this, &SingleApplication::instanceStarted, m_pageController.get(), [this]() {
-            qDebug() << "Secondary instance started, showing this window instead";
-            emit m_pageController->raiseMainWindow();
-        });
-    }
-#endif
-
 // Android TextArea clipboard workaround
 // Text from TextArea always has "text/html" mime-type:
 // /qt/6.6.1/Src/qtdeclarative/src/quick/items/qquicktextcontrol.cpp:1865
@@ -294,6 +281,24 @@ bool AmneziaApplication::parseCommands()
     return true;
 }
 
+#if !defined(Q_OS_ANDROID) && !defined(Q_OS_IOS)
+void AmneziaApplication::startLocalServer() {
+    const QString serverName("AmneziaVPNInstance");
+    QLocalServer::removeServer(serverName);
+
+    QLocalServer* server = new QLocalServer(this);
+    server->listen(serverName);
+
+    QObject::connect(server, &QLocalServer::newConnection, this, [server, this]() {
+        if (server) {
+            QLocalSocket* clientConnection = server->nextPendingConnection();
+            clientConnection->deleteLater();
+        }
+        emit m_pageController->raiseMainWindow();
+    });
+}
+#endif
+
 QQmlApplicationEngine *AmneziaApplication::qmlEngine() const
 {
     return m_engine;

client/amnezia_application.h

@@ -53,22 +53,14 @@
 #if defined(Q_OS_ANDROID) || defined(Q_OS_IOS)
     #define AMNEZIA_BASE_CLASS QGuiApplication
 #else
-    #define AMNEZIA_BASE_CLASS SingleApplication
-    #define QAPPLICATION_CLASS QApplication
-    #include "singleapplication.h"
+    #define AMNEZIA_BASE_CLASS QApplication
 #endif
 
 class AmneziaApplication : public AMNEZIA_BASE_CLASS
 {
     Q_OBJECT
 public:
-#if defined(Q_OS_ANDROID) || defined(Q_OS_IOS)
     AmneziaApplication(int &argc, char *argv[]);
-#else
-    AmneziaApplication(int &argc, char *argv[], bool allowSecondary = false,
-                       SingleApplication::Options options = SingleApplication::User, int timeout = 1000,
-                       const QString &userData = {});
-#endif
     virtual ~AmneziaApplication();
 
     void init();
@@ -78,6 +70,10 @@ public:
     void updateTranslator(const QLocale &locale);
     bool parseCommands();
 
+#if !defined(Q_OS_ANDROID) && !defined(Q_OS_IOS)
+    void startLocalServer();
+#endif
+
     QQmlApplicationEngine *qmlEngine() const;
     QNetworkAccessManager *manager() { return m_nam; }
 

client/android/AndroidManifest.xml

@@ -3,7 +3,6 @@
 <manifest
     xmlns:android="http://schemas.android.com/apk/res/android"
     xmlns:tools="http://schemas.android.com/tools"
-    package="org.amnezia.vpn"
     android:versionName="-- %%INSERT_VERSION_NAME%% --"
     android:versionCode="-- %%INSERT_VERSION_CODE%% --"
     android:installLocation="auto">
@@ -46,7 +45,7 @@
             android:configChanges="uiMode|screenSize|smallestScreenSize|screenLayout|orientation|density
                 |fontScale|layoutDirection|locale|keyboard|keyboardHidden|navigation|mcc|mnc"
             android:launchMode="singleInstance"
-            android:windowSoftInputMode="adjustResize"
+            android:windowSoftInputMode="stateUnchanged|adjustResize"
             android:exported="true">
 
             <intent-filter>
@@ -68,9 +67,6 @@
                 android:name="android.app.lib_name"
                 android:value="-- %%INSERT_APP_LIB_NAME%% --" />
 
-            <meta-data
-                android:name="android.app.extract_android_style"
-                android:value="minimal" />
         </activity>
 
         <activity
@@ -88,6 +84,13 @@
             android:exported="false"
             android:theme="@style/Translucent" />
 
+        <activity android:name=".AuthActivity"
+            android:excludeFromRecents="true"
+            android:launchMode="singleTask"
+            android:taskAffinity=""
+            android:exported="false"
+            android:theme="@style/Translucent" />
+
         <activity
             android:name=".ImportConfigActivity"
             android:excludeFromRecents="true"

client/android/awg/src/main/kotlin/Awg.kt

@@ -1,81 +1,21 @@
 package org.amnezia.vpn.protocol.awg
 
 import org.amnezia.vpn.protocol.wireguard.Wireguard
+import org.amnezia.vpn.protocol.wireguard.WireguardConfig
 import org.json.JSONObject
 
-/**
- *    Config example:
- *    {
- *        "protocol": "awg",
- *        "description": "Server 1",
- *        "dns1": "1.1.1.1",
- *        "dns2": "1.0.0.1",
- *        "hostName": "100.100.100.0",
- *        "splitTunnelSites": [
- *        ],
- *        "splitTunnelType": 0,
- *        "awg_config_data": {
- *            "H1": "969537490",
- *            "H2": "481688153",
- *            "H3": "2049399200",
- *            "H4": "52029755",
- *            "Jc": "3",
- *            "Jmax": "1000",
- *            "Jmin": "50",
- *            "S1": "49",
- *            "S2": "60",
- *            "client_ip": "10.8.1.1",
- *            "hostName": "100.100.100.0",
- *            "port": 12345,
- *            "client_pub_key": "clientPublicKeyBase64",
- *            "client_priv_key": "privateKeyBase64",
- *            "psk_key": "presharedKeyBase64",
- *            "server_pub_key": "publicKeyBase64",
- *            "config": "[Interface]
- *                       Address = 10.8.1.1/32
- *                       DNS = 1.1.1.1, 1.0.0.1
- *                       PrivateKey = privateKeyBase64
- *                       Jc = 3
- *                       Jmin = 50
- *                       Jmax = 1000
- *                       S1 = 49
- *                       S2 = 60
- *                       H1 = 969537490
- *                       H2 = 481688153
- *                       H3 = 2049399200
- *                       H4 = 52029755
- *
- *                       [Peer]
- *                       PublicKey = publicKeyBase64
- *                       PresharedKey = presharedKeyBase64
- *                       AllowedIPs = 0.0.0.0/0, ::/0
- *                       Endpoint = 100.100.100.0:12345
- *                       PersistentKeepalive = 25
- *                       "
- *        }
- *    }
- */
-
 class Awg : Wireguard() {
 
     override val ifName: String = "awg0"
 
-    override fun parseConfig(config: JSONObject): AwgConfig {
-        val configDataJson = config.getJSONObject("awg_config_data")
-        val configData = parseConfigData(configDataJson.getString("config"))
-        return AwgConfig.build {
-            configWireguard(configData, configDataJson)
+    override fun parseConfig(config: JSONObject): WireguardConfig {
+        val configData = config.getJSONObject("awg_config_data")
+        return WireguardConfig.build {
+            setUseProtocolExtension(true)
+            configExtensionParameters(configData)
+            configWireguard(config, configData)
             configSplitTunneling(config)
             configAppSplitTunneling(config)
-            configData["Jc"]?.let { setJc(it.toInt()) }
-            configData["Jmin"]?.let { setJmin(it.toInt()) }
-            configData["Jmax"]?.let { setJmax(it.toInt()) }
-            configData["S1"]?.let { setS1(it.toInt()) }
-            configData["S2"]?.let { setS2(it.toInt()) }
-            configData["H1"]?.let { setH1(it.toLong()) }
-            configData["H2"]?.let { setH2(it.toLong()) }
-            configData["H3"]?.let { setH3(it.toLong()) }
-            configData["H4"]?.let { setH4(it.toLong()) }
         }
     }
 }

client/android/awg/src/main/kotlin/AwgConfig.kt

@@ -1,108 +0,0 @@
-package org.amnezia.vpn.protocol.awg
-
-import org.amnezia.vpn.protocol.BadConfigException
-import org.amnezia.vpn.protocol.wireguard.WireguardConfig
-
-class AwgConfig private constructor(
-    wireguardConfigBuilder: WireguardConfig.Builder,
-    val jc: Int,
-    val jmin: Int,
-    val jmax: Int,
-    val s1: Int,
-    val s2: Int,
-    val h1: Long,
-    val h2: Long,
-    val h3: Long,
-    val h4: Long
-) : WireguardConfig(wireguardConfigBuilder) {
-
-    private constructor(builder: Builder) : this(
-        builder,
-        builder.jc,
-        builder.jmin,
-        builder.jmax,
-        builder.s1,
-        builder.s2,
-        builder.h1,
-        builder.h2,
-        builder.h3,
-        builder.h4
-    )
-
-    override fun appendDeviceLine(sb: StringBuilder) = with(sb) {
-        super.appendDeviceLine(this)
-        appendLine("jc=$jc")
-        appendLine("jmin=$jmin")
-        appendLine("jmax=$jmax")
-        appendLine("s1=$s1")
-        appendLine("s2=$s2")
-        appendLine("h1=$h1")
-        appendLine("h2=$h2")
-        appendLine("h3=$h3")
-        appendLine("h4=$h4")
-    }
-
-    class Builder : WireguardConfig.Builder() {
-
-        private var _jc: Int? = null
-        internal var jc: Int
-            get() = _jc ?: throw BadConfigException("AWG: parameter jc is undefined")
-            private set(value) { _jc = value }
-
-        private var _jmin: Int? = null
-        internal var jmin: Int
-            get() = _jmin ?: throw BadConfigException("AWG: parameter jmin is undefined")
-            private set(value) { _jmin = value }
-
-        private var _jmax: Int? = null
-        internal var jmax: Int
-            get() = _jmax ?: throw BadConfigException("AWG: parameter jmax is undefined")
-            private set(value) { _jmax = value }
-
-        private var _s1: Int? = null
-        internal var s1: Int
-            get() = _s1 ?: throw BadConfigException("AWG: parameter s1 is undefined")
-            private set(value) { _s1 = value }
-
-        private var _s2: Int? = null
-        internal var s2: Int
-            get() = _s2 ?: throw BadConfigException("AWG: parameter s2 is undefined")
-            private set(value) { _s2 = value }
-
-        private var _h1: Long? = null
-        internal var h1: Long
-            get() = _h1 ?: throw BadConfigException("AWG: parameter h1 is undefined")
-            private set(value) { _h1 = value }
-
-        private var _h2: Long? = null
-        internal var h2: Long
-            get() = _h2 ?: throw BadConfigException("AWG: parameter h2 is undefined")
-            private set(value) { _h2 = value }
-
-        private var _h3: Long? = null
-        internal var h3: Long
-            get() = _h3 ?: throw BadConfigException("AWG: parameter h3 is undefined")
-            private set(value) { _h3 = value }
-
-        private var _h4: Long? = null
-        internal var h4: Long
-            get() = _h4 ?: throw BadConfigException("AWG: parameter h4 is undefined")
-            private set(value) { _h4 = value }
-
-        fun setJc(jc: Int) = apply { this.jc = jc }
-        fun setJmin(jmin: Int) = apply { this.jmin = jmin }
-        fun setJmax(jmax: Int) = apply { this.jmax = jmax }
-        fun setS1(s1: Int) = apply { this.s1 = s1 }
-        fun setS2(s2: Int) = apply { this.s2 = s2 }
-        fun setH1(h1: Long) = apply { this.h1 = h1 }
-        fun setH2(h2: Long) = apply { this.h2 = h2 }
-        fun setH3(h3: Long) = apply { this.h3 = h3 }
-        fun setH4(h4: Long) = apply { this.h4 = h4 }
-
-        override fun build(): AwgConfig = configBuild().run { AwgConfig(this@Builder) }
-    }
-
-    companion object {
-        inline fun build(block: Builder.() -> Unit): AwgConfig = Builder().apply(block).build()
-    }
-}

client/android/build.gradle

@@ -3,3 +3,6 @@
 // android.bundle.enableUncompressedNativeLibs is deprecated
 // disable adding gradle property android.bundle.enableUncompressedNativeLibs by androiddeployqt
 useLegacyPackaging
+
+// package name for androiddeployqt
+namespace = "org.amnezia.vpn"

client/android/build.gradle.kts

@@ -115,9 +115,11 @@ dependencies {
     implementation(project(":xray"))
     implementation(libs.androidx.core)
     implementation(libs.androidx.activity)
+    implementation(libs.androidx.fragment)
     implementation(libs.kotlinx.coroutines)
     implementation(libs.kotlinx.serialization.protobuf)
     implementation(libs.bundles.androidx.camera)
     implementation(libs.google.mlkit)
     implementation(libs.androidx.datastore)
+    implementation(libs.androidx.biometric)
 }

client/android/cloak/src/main/kotlin/Cloak.kt

@@ -3,40 +3,16 @@ package org.amnezia.vpn.protocol.cloak
 import android.util.Base64
 import net.openvpn.ovpn3.ClientAPI_Config
 import org.amnezia.vpn.protocol.openvpn.OpenVpn
+import org.amnezia.vpn.util.LibraryLoader.loadSharedLibrary
 import org.json.JSONObject
 
-/**
- *    Config Example:
- *    {
- *     "protocol": "cloak",
- *     "description": "Server 1",
- *     "dns1": "1.1.1.1",
- *     "dns2": "1.0.0.1",
- *     "hostName": "100.100.100.0",
- *     "splitTunnelSites": [
- *     ],
- *     "splitTunnelType": 0,
- *     "openvpn_config_data": {
- *           "config": "openVpnConfig"
- *     }
- *     "cloak_config_data": {
- *          "BrowserSig": "chrome",
- *          "EncryptionMethod": "aes-gcm",
- *          "NumConn": 1,
- *          "ProxyMethod": "openvpn",
- *          "PublicKey": "PublicKey=",
- *          "RemoteHost": "100.100.100.0",
- *          "RemotePort": "443",
- *          "ServerName": "servername",
- *          "StreamTimeout": 300,
- *          "Transport": "direct",
- *          "UID": "UID="
- *     }
- * }
- */
-
 class Cloak : OpenVpn() {
 
+    override fun internalInit() {
+        super.internalInit()
+        if (!isInitialized) loadSharedLibrary(context, "ck-ovpn-plugin")
+    }
+
     override fun parseConfig(config: JSONObject): ClientAPI_Config {
         val openVpnConfig = ClientAPI_Config()
 

client/android/gradle.properties

@@ -33,7 +33,7 @@ android.library.defaults.buildfeatures.androidresources=false
 # For development copy and set local values for these parameters in local.properties
 #androidCompileSdkVersion=android-34
 #androidBuildToolsVersion=34.0.0
-#qtMinSdkVersion=24
+#qtMinSdkVersion=26
 #qtTargetSdkVersion=34
 #androidNdkVersion=26.1.10909125
 #qtTargetAbiList=x86_64

client/android/gradle/libs.versions.toml

@@ -1,24 +1,28 @@
 [versions]
-agp = "8.2.0"
-kotlin = "1.9.20"
-androidx-core = "1.12.0"
-androidx-activity = "1.8.1"
-androidx-annotation = "1.7.0"
-androidx-camera = "1.3.0"
+agp = "8.5.2"
+kotlin = "1.9.24"
+androidx-core = "1.13.1"
+androidx-activity = "1.9.1"
+androidx-annotation = "1.8.2"
+androidx-biometric = "1.2.0-alpha05"
+androidx-camera = "1.3.4"
+androidx-fragment = "1.8.2"
 androidx-security-crypto = "1.1.0-alpha06"
-androidx-datastore = "1.1.0-beta01"
-kotlinx-coroutines = "1.7.3"
+androidx-datastore = "1.1.1"
+kotlinx-coroutines = "1.8.1"
 kotlinx-serialization = "1.6.3"
-google-mlkit = "17.2.0"
+google-mlkit = "17.3.0"
 
 [libraries]
 androidx-core = { module = "androidx.core:core-ktx", version.ref = "androidx-core" }
 androidx-activity = { module = "androidx.activity:activity-ktx", version.ref = "androidx-activity" }
 androidx-annotation = { module = "androidx.annotation:annotation", version.ref = "androidx-annotation" }
+androidx-biometric = { module = "androidx.biometric:biometric-ktx", version.ref = "androidx-biometric" }
 androidx-camera-core = { module = "androidx.camera:camera-core", version.ref = "androidx-camera" }
 androidx-camera-camera2 = { module = "androidx.camera:camera-camera2", version.ref = "androidx-camera" }
 androidx-camera-lifecycle = { module = "androidx.camera:camera-lifecycle", version.ref = "androidx-camera" }
 androidx-camera-view = { module = "androidx.camera:camera-view", version.ref = "androidx-camera" }
+androidx-fragment = { module = "androidx.fragment:fragment-ktx", version.ref = "androidx-fragment" }
 androidx-security-crypto = { module = "androidx.security:security-crypto-ktx", version.ref = "androidx-security-crypto" }
 androidx-datastore = { module = "androidx.datastore:datastore-preferences", version.ref = "androidx-datastore" }
 kotlinx-coroutines = { module = "org.jetbrains.kotlinx:kotlinx-coroutines-android", version.ref = "kotlinx-coroutines" }

client/android/gradle/wrapper/gradle-wrapper.properties

@@ -1,7 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.5-bin.zip
-networkTimeout=10000
-validateDistributionUrl=true
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.10-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

client/android/gradlew

@@ -15,6 +15,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
+# SPDX-License-Identifier: Apache-2.0
+#
 
 ##############################################################################
 #
@@ -55,7 +57,7 @@
 #       Darwin, MinGW, and NonStop.
 #
 #   (3) This script is generated from the Groovy template
-#       https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
+#       https://github.com/gradle/gradle/blob/HEAD/platforms/jvm/plugins-application/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
 #       within the Gradle project.
 #
 #       You can find Gradle at https://github.com/gradle/gradle/.
@@ -84,7 +86,8 @@ done
 # shellcheck disable=SC2034
 APP_BASE_NAME=${0##*/}
 # Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
-APP_HOME=$( cd "${APP_HOME:-./}" > /dev/null && pwd -P ) || exit
+APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s
+' "$PWD" ) || exit
 
 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD=maximum

client/android/gradlew.bat

@@ -13,6 +13,8 @@
 @rem See the License for the specific language governing permissions and
 @rem limitations under the License.
 @rem
+@rem SPDX-License-Identifier: Apache-2.0
+@rem
 
 @if "%DEBUG%"=="" @echo off
 @rem ##########################################################################
@@ -43,11 +45,11 @@ set JAVA_EXE=java.exe
 %JAVA_EXE% -version >NUL 2>&1
 if %ERRORLEVEL% equ 0 goto execute
 
-echo.
-echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2
 
 goto fail
 
@@ -57,11 +59,11 @@ set JAVA_EXE=%JAVA_HOME%/bin/java.exe
 
 if exist "%JAVA_EXE%" goto execute
 
-echo.
-echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2
 
 goto fail
 

client/android/openvpn/src/main/kotlin/org/amnezia/vpn/protocol/openvpn/OpenVpn.kt

@@ -11,28 +11,12 @@ import org.amnezia.vpn.protocol.Protocol
 import org.amnezia.vpn.protocol.ProtocolState.DISCONNECTED
 import org.amnezia.vpn.protocol.Statistics
 import org.amnezia.vpn.protocol.VpnStartException
+import org.amnezia.vpn.util.LibraryLoader.loadSharedLibrary
 import org.amnezia.vpn.util.net.InetNetwork
 import org.amnezia.vpn.util.net.getLocalNetworks
 import org.amnezia.vpn.util.net.parseInetAddress
 import org.json.JSONObject
 
-/**
- *    Config Example:
- *    {
- *     "protocol": "openvpn",
- *     "description": "Server 1",
- *     "dns1": "1.1.1.1",
- *     "dns2": "1.0.0.1",
- *     "hostName": "100.100.100.0",
- *     "splitTunnelSites": [
- *     ],
- *     "splitTunnelType": 0,
- *     "openvpn_config_data": {
- *           "config": "openVpnConfig"
- *     }
- * }
- */
-
 open class OpenVpn : Protocol() {
 
     private var openVpnClient: OpenVpnClient? = null
@@ -51,14 +35,17 @@ open class OpenVpn : Protocol() {
         }
 
     override fun internalInit() {
-        if (!isInitialized) loadSharedLibrary(context, "ovpn3")
+        if (!isInitialized) {
+            loadSharedLibrary(context, "ovpn3")
+            loadSharedLibrary(context, "ovpnutil")
+        }
         if (this::scope.isInitialized) {
             scope.cancel()
         }
         scope = CoroutineScope(Dispatchers.IO)
     }
 
-    override fun startVpn(config: JSONObject, vpnBuilder: Builder, protect: (Int) -> Boolean) {
+    override suspend fun startVpn(config: JSONObject, vpnBuilder: Builder, protect: (Int) -> Boolean) {
         val configBuilder = OpenVpnConfig.Builder()
 
         openVpnClient = OpenVpnClient(

client/android/protocolApi/src/main/kotlin/Exceptions.kt

@@ -2,7 +2,6 @@ package org.amnezia.vpn.protocol
 
 sealed class ProtocolException(message: String? = null, cause: Throwable? = null) : Exception(message, cause)
 
-class LoadLibraryException(message: String? = null, cause: Throwable? = null) : ProtocolException(message, cause)
 class BadConfigException(message: String? = null, cause: Throwable? = null) : ProtocolException(message, cause)
 
 class VpnStartException(message: String? = null, cause: Throwable? = null) : ProtocolException(message, cause)

client/android/protocolApi/src/main/kotlin/Protocol.kt

@@ -1,6 +1,5 @@
 package org.amnezia.vpn.protocol
 
-import android.annotation.SuppressLint
 import android.content.Context
 import android.net.IpPrefix
 import android.net.VpnService
@@ -8,9 +7,6 @@ import android.net.VpnService.Builder
 import android.os.Build
 import android.system.OsConstants
 import androidx.annotation.RequiresApi
-import java.io.File
-import java.io.FileOutputStream
-import java.util.zip.ZipFile
 import kotlinx.coroutines.flow.MutableStateFlow
 import org.amnezia.vpn.util.Log
 import org.amnezia.vpn.util.net.InetNetwork
@@ -42,7 +38,7 @@ abstract class Protocol {
 
     protected abstract fun internalInit()
 
-    abstract fun startVpn(config: JSONObject, vpnBuilder: Builder, protect: (Int) -> Boolean)
+    abstract suspend fun startVpn(config: JSONObject, vpnBuilder: Builder, protect: (Int) -> Boolean)
 
     abstract fun stopVpn()
 
@@ -158,60 +154,6 @@ abstract class Protocol {
         if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q)
             vpnBuilder.setMetered(false)
     }
-
-    companion object {
-        private fun extractLibrary(context: Context, libraryName: String, destination: File): Boolean {
-            Log.d(TAG, "Extracting library: $libraryName")
-            val apks = hashSetOf<String>()
-            context.applicationInfo.run {
-                sourceDir?.let { apks += it }
-                splitSourceDirs?.let { apks += it }
-            }
-            for (abi in Build.SUPPORTED_ABIS) {
-                for (apk in apks) {
-                    ZipFile(File(apk), ZipFile.OPEN_READ).use { zipFile ->
-                        val mappedName = System.mapLibraryName(libraryName)
-                        val libraryZipPath = listOf("lib", abi, mappedName).joinToString(File.separator)
-                        val zipEntry = zipFile.getEntry(libraryZipPath)
-                        zipEntry?.let {
-                            Log.d(TAG, "Extracting apk:/$libraryZipPath to ${destination.absolutePath}")
-                            FileOutputStream(destination).use { outStream ->
-                                zipFile.getInputStream(zipEntry).use { inStream ->
-                                    inStream.copyTo(outStream, 32 * 1024)
-                                    outStream.fd.sync()
-                                }
-                            }
-                        }
-                        return true
-                    }
-                }
-            }
-            return false
-        }
-
-        @SuppressLint("UnsafeDynamicallyLoadedCode")
-        fun loadSharedLibrary(context: Context, libraryName: String) {
-            Log.d(TAG, "Loading library: $libraryName")
-            try {
-                System.loadLibrary(libraryName)
-                return
-            } catch (_: UnsatisfiedLinkError) {
-                Log.d(TAG, "Failed to load library, try to extract it from apk")
-            }
-            var tempFile: File? = null
-            try {
-                tempFile = File.createTempFile("lib", ".so", context.codeCacheDir)
-                if (extractLibrary(context, libraryName, tempFile)) {
-                    System.load(tempFile.absolutePath)
-                    return
-                }
-            } catch (e: Exception) {
-                throw LoadLibraryException("Failed to load library apk: $libraryName", e)
-            } finally {
-                tempFile?.delete()
-            }
-        }
-    }
 }
 
 private fun VpnService.Builder.addAddress(addr: InetNetwork) = addAddress(addr.address, addr.mask)

client/android/qt/build.gradle.kts

@@ -21,5 +21,5 @@ android {
 }
 
 dependencies {
-    implementation(fileTree(mapOf("dir" to "../libs", "include" to listOf("*.jar"))))
+    api(fileTree(mapOf("dir" to "../libs", "include" to listOf("*.jar"))))
 }

client/android/res/values/libs.xml

@@ -3,7 +3,6 @@
     <!-- DO NOT EDIT THIS: This file is populated automatically by the deployment tool. -->
 
     <array name="bundled_libs">
-        <!-- %%INSERT_EXTRA_LIBS%% -->
     </array>
 
     <array name="qt_libs">

client/android/res/values/styles.xml

@@ -1,6 +1,9 @@
 <?xml version="1.0" encoding="utf-8"?>
 <resources>
+    <color name="black">#FF0E0E11</color>
     <style name="NoActionBar">
+        <item name="android:windowBackground">@color/black</item>
+        <item name="android:colorBackground">@color/black</item>
         <item name="android:windowActionBar">false</item>
         <item name="android:windowNoTitle">true</item>
     </style>

client/android/settings.gradle.kts

@@ -22,7 +22,7 @@ dependencyResolutionManagement {
 includeBuild("./gradle/plugins")
 
 plugins {
-    id("com.android.settings") version "8.2.0"
+    id("com.android.settings") version "8.5.2"
     id("settings-property-delegate")
 }
 

client/android/src/org/amnezia/vpn/AmneziaActivity.kt

@@ -21,6 +21,7 @@ import android.os.Looper
 import android.os.Message
 import android.os.Messenger
 import android.provider.Settings
+import android.view.MotionEvent
 import android.view.WindowManager.LayoutParams
 import android.webkit.MimeTypeMap
 import android.widget.Toast
@@ -43,6 +44,7 @@ import kotlinx.coroutines.withContext
 import org.amnezia.vpn.protocol.getStatistics
 import org.amnezia.vpn.protocol.getStatus
 import org.amnezia.vpn.qt.QtAndroidController
+import org.amnezia.vpn.util.LibraryLoader.loadSharedLibrary
 import org.amnezia.vpn.util.Log
 import org.amnezia.vpn.util.Prefs
 import org.json.JSONException
@@ -157,7 +159,12 @@ class AmneziaActivity : QtActivity() {
      */
     override fun onCreate(savedInstanceState: Bundle?) {
         super.onCreate(savedInstanceState)
-        Log.d(TAG, "Create Amnezia activity: $intent")
+        Log.d(TAG, "Create Amnezia activity")
+        loadLibs()
+        window.apply {
+            addFlags(LayoutParams.FLAG_DRAWS_SYSTEM_BAR_BACKGROUNDS)
+            statusBarColor = getColor(R.color.black)
+        }
         mainScope = CoroutineScope(SupervisorJob() + Dispatchers.Main.immediate)
         val proto = mainScope.async(Dispatchers.IO) {
             VpnStateStore.getVpnState().vpnProto
@@ -175,6 +182,17 @@ class AmneziaActivity : QtActivity() {
         runBlocking { vpnProto = proto.await() }
     }
 
+    private fun loadLibs() {
+        listOf(
+            "rsapss",
+            "crypto_3",
+            "ssl_3",
+            "ssh"
+        ).forEach {
+            loadSharedLibrary(this.applicationContext, it)
+        }
+    }
+
     private fun registerBroadcastReceivers() {
         notificationStateReceiver = if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
             registerBroadcastReceiver(
@@ -183,7 +201,7 @@ class AmneziaActivity : QtActivity() {
                     NotificationManager.ACTION_APP_BLOCK_STATE_CHANGED
                 )
             ) {
-                Log.d(
+                Log.v(
                     TAG, "Notification state changed: ${it?.action}, blocked = " +
                         "${it?.getBooleanExtra(NotificationManager.EXTRA_BLOCKED_STATE, false)}"
                 )
@@ -197,7 +215,7 @@ class AmneziaActivity : QtActivity() {
 
     override fun onNewIntent(intent: Intent?) {
         super.onNewIntent(intent)
-        Log.d(TAG, "onNewIntent: $intent")
+        Log.v(TAG, "onNewIntent: $intent")
         intent?.let(::processIntent)
     }
 
@@ -386,7 +404,7 @@ class AmneziaActivity : QtActivity() {
     @MainThread
     private fun startVpn(vpnConfig: String) {
         getVpnProto(vpnConfig)?.let { proto ->
-            Log.d(TAG, "Proto from config: $proto, current proto: $vpnProto")
+            Log.v(TAG, "Proto from config: $proto, current proto: $vpnProto")
             if (isServiceConnected) {
                 if (proto.serviceClass == vpnProto?.serviceClass) {
                     vpnProto = proto
@@ -499,7 +517,7 @@ class AmneziaActivity : QtActivity() {
                 startActivityForResult(it, CREATE_FILE_ACTION_CODE, ActivityResultHandler(
                     onSuccess = {
                         it?.data?.let { uri ->
-                            Log.d(TAG, "Save file to $uri")
+                            Log.v(TAG, "Save file to $uri")
                             try {
                                 contentResolver.openOutputStream(uri)?.use { os ->
                                     os.bufferedWriter().use { it.write(data) }
@@ -548,7 +566,7 @@ class AmneziaActivity : QtActivity() {
                 startActivityForResult(it, OPEN_FILE_ACTION_CODE, ActivityResultHandler(
                     onAny = {
                         val uri = it?.data?.toString() ?: ""
-                        Log.d(TAG, "Open file: $uri")
+                        Log.v(TAG, "Open file: $uri")
                         mainScope.launch {
                             qtInitialized.await()
                             QtAndroidController.onFileOpened(uri)
@@ -610,6 +628,14 @@ class AmneziaActivity : QtActivity() {
         }
     }
 
+    @Suppress("unused")
+    fun setNavigationBarColor(color: Int) {
+        Log.v(TAG, "Change navigation bar color: ${"#%08X".format(color)}")
+        mainScope.launch {
+            window.navigationBarColor = color
+        }
+    }
+
     @Suppress("unused")
     fun minimizeApp() {
         Log.v(TAG, "Minimize application")
@@ -684,6 +710,77 @@ class AmneziaActivity : QtActivity() {
             .show()
     }
 
+    @Suppress("unused")
+    fun requestAuthentication() {
+        Log.v(TAG, "Request authentication")
+        mainScope.launch {
+            qtInitialized.await()
+            Intent(this@AmneziaActivity, AuthActivity::class.java).also {
+                startActivity(it)
+            }
+        }
+    }
+
+    // workaround for a bug in Qt that causes the mouse click event not to be handled
+    // also disable right-click, as it causes the application to crash
+    private var lastButtonState = 0
+    private fun MotionEvent.fixCopy(): MotionEvent = MotionEvent.obtain(
+        downTime,
+        eventTime,
+        action,
+        pointerCount,
+        (0 until pointerCount).map { i ->
+            MotionEvent.PointerProperties().apply {
+                getPointerProperties(i, this)
+            }
+        }.toTypedArray(),
+        (0 until pointerCount).map { i ->
+            MotionEvent.PointerCoords().apply {
+                getPointerCoords(i, this)
+            }
+        }.toTypedArray(),
+        metaState,
+        MotionEvent.BUTTON_PRIMARY,
+        xPrecision,
+        yPrecision,
+        deviceId,
+        edgeFlags,
+        source,
+        flags
+    )
+
+    private fun handleMouseEvent(ev: MotionEvent, superDispatch: (MotionEvent?) -> Boolean): Boolean {
+        when (ev.action) {
+            MotionEvent.ACTION_DOWN -> {
+                lastButtonState = ev.buttonState
+                if (ev.buttonState == MotionEvent.BUTTON_SECONDARY) return true
+            }
+
+            MotionEvent.ACTION_UP -> {
+                when (lastButtonState) {
+                    MotionEvent.BUTTON_SECONDARY -> return true
+                    MotionEvent.BUTTON_PRIMARY -> {
+                        val modEvent = ev.fixCopy()
+                        return superDispatch(modEvent).apply { modEvent.recycle() }
+                    }
+                }
+            }
+        }
+        return superDispatch(ev)
+    }
+
+    override fun dispatchTouchEvent(ev: MotionEvent?): Boolean {
+        if (ev != null && ev.getToolType(0) == MotionEvent.TOOL_TYPE_MOUSE) {
+            return handleMouseEvent(ev) { super.dispatchTouchEvent(it) }
+        }
+        return super.dispatchTouchEvent(ev)
+    }
+
+    override fun dispatchTrackballEvent(ev: MotionEvent?): Boolean {
+        ev?.let { return handleMouseEvent(ev) { super.dispatchTrackballEvent(it) }}
+        return super.dispatchTrackballEvent(ev)
+    }
+
     /**
      * Utils methods
      */

client/android/src/org/amnezia/vpn/AmneziaVpnService.kt

@@ -22,6 +22,7 @@ import androidx.annotation.MainThread
 import androidx.core.app.ServiceCompat
 import androidx.core.content.ContextCompat
 import androidx.core.content.getSystemService
+import java.net.UnknownHostException
 import java.util.concurrent.ConcurrentHashMap
 import kotlin.LazyThreadSafetyMode.NONE
 import kotlinx.coroutines.CoroutineExceptionHandler
@@ -31,6 +32,7 @@ import kotlinx.coroutines.Job
 import kotlinx.coroutines.SupervisorJob
 import kotlinx.coroutines.TimeoutCancellationException
 import kotlinx.coroutines.cancel
+import kotlinx.coroutines.cancelAndJoin
 import kotlinx.coroutines.delay
 import kotlinx.coroutines.flow.MutableStateFlow
 import kotlinx.coroutines.flow.drop
@@ -39,7 +41,6 @@ import kotlinx.coroutines.launch
 import kotlinx.coroutines.runBlocking
 import kotlinx.coroutines.withTimeout
 import org.amnezia.vpn.protocol.BadConfigException
-import org.amnezia.vpn.protocol.LoadLibraryException
 import org.amnezia.vpn.protocol.ProtocolState.CONNECTED
 import org.amnezia.vpn.protocol.ProtocolState.CONNECTING
 import org.amnezia.vpn.protocol.ProtocolState.DISCONNECTED
@@ -49,6 +50,7 @@ import org.amnezia.vpn.protocol.ProtocolState.UNKNOWN
 import org.amnezia.vpn.protocol.VpnException
 import org.amnezia.vpn.protocol.VpnStartException
 import org.amnezia.vpn.protocol.putStatus
+import org.amnezia.vpn.util.LoadLibraryException
 import org.amnezia.vpn.util.Log
 import org.amnezia.vpn.util.Prefs
 import org.amnezia.vpn.util.net.NetworkState
@@ -111,6 +113,10 @@ open class AmneziaVpnService : VpnService() {
         get() = clientMessengers.any { it.value.name == ACTIVITY_MESSENGER_NAME }
 
     private val connectionExceptionHandler = CoroutineExceptionHandler { _, e ->
+        connectionJob?.cancel()
+        connectionJob = null
+        disconnectionJob?.cancel()
+        disconnectionJob = null
         protocolState.value = DISCONNECTED
         when (e) {
             is IllegalArgumentException,
@@ -122,6 +128,8 @@ open class AmneziaVpnService : VpnService() {
 
             is LoadLibraryException -> onError("${e.message}. Caused: ${e.cause?.message}")
 
+            is UnknownHostException -> onError("Unknown host")
+
             else -> throw e
         }
     }
@@ -292,7 +300,7 @@ open class AmneziaVpnService : VpnService() {
             arrayOf(ACTION_CONNECT, ACTION_DISCONNECT), ContextCompat.RECEIVER_NOT_EXPORTED
         ) {
             it?.action?.let { action ->
-                Log.d(TAG, "Broadcast request received: $action")
+                Log.v(TAG, "Broadcast request received: $action")
                 when (action) {
                     ACTION_CONNECT -> connect()
                     ACTION_DISCONNECT -> disconnect()
@@ -309,7 +317,7 @@ open class AmneziaVpnService : VpnService() {
                 )
             ) {
                 val state = it?.getBooleanExtra(NotificationManager.EXTRA_BLOCKED_STATE, false)
-                Log.d(TAG, "Notification state changed: ${it?.action}, blocked = $state")
+                Log.v(TAG, "Notification state changed: ${it?.action}, blocked = $state")
                 if (state == false) {
                     enableNotification()
                 } else {
@@ -442,7 +450,7 @@ open class AmneziaVpnService : VpnService() {
             serviceNotification.isNotificationEnabled() &&
             getSystemService<PowerManager>()?.isInteractive != false
         ) {
-            Log.d(TAG, "Launch traffic stats update")
+            Log.v(TAG, "Launch traffic stats update")
             trafficStats.reset()
             startTrafficStatsUpdateJob()
         }
@@ -531,7 +539,7 @@ open class AmneziaVpnService : VpnService() {
         protocolState.value = DISCONNECTING
 
         disconnectionJob = connectionScope.launch {
-            connectionJob?.join()
+            connectionJob?.cancelAndJoin()
             connectionJob = null
 
             vpnProto?.protocol?.stopVpn()

client/android/src/org/amnezia/vpn/AuthActivity.kt

@@ -0,0 +1,97 @@
+package org.amnezia.vpn
+
+import android.os.Build
+import android.os.Bundle
+import androidx.biometric.BiometricManager
+import androidx.biometric.BiometricManager.Authenticators.BIOMETRIC_STRONG
+import androidx.biometric.BiometricManager.Authenticators.DEVICE_CREDENTIAL
+import androidx.biometric.BiometricPrompt
+import androidx.biometric.BiometricPrompt.AuthenticationResult
+import androidx.core.content.ContextCompat
+import androidx.fragment.app.FragmentActivity
+import org.amnezia.vpn.qt.QtAndroidController
+import org.amnezia.vpn.util.Log
+
+private const val TAG = "AuthActivity"
+
+private const val AUTHENTICATORS = BIOMETRIC_STRONG or DEVICE_CREDENTIAL
+
+class AuthActivity : FragmentActivity() {
+
+    override fun onCreate(savedInstanceState: Bundle?) {
+        super.onCreate(savedInstanceState)
+
+        val biometricManager = BiometricManager.from(applicationContext)
+        when (biometricManager.canAuthenticate(AUTHENTICATORS)) {
+            BiometricManager.BIOMETRIC_SUCCESS -> {
+                showBiometricPrompt(biometricManager)
+                return
+            }
+
+            BiometricManager.BIOMETRIC_STATUS_UNKNOWN -> {
+                Log.w(TAG, "Unknown biometric status")
+                showBiometricPrompt(biometricManager)
+                return
+            }
+
+            BiometricManager.BIOMETRIC_ERROR_UNSUPPORTED -> {
+                Log.e(TAG, "The specified options are incompatible with the current Android " +
+                    "version ${Build.VERSION.SDK_INT}")
+            }
+
+            BiometricManager.BIOMETRIC_ERROR_HW_UNAVAILABLE -> {
+                Log.w(TAG, "The hardware is unavailable")
+            }
+
+            BiometricManager.BIOMETRIC_ERROR_NONE_ENROLLED -> {
+                Log.w(TAG, "No biometric or device credential is enrolled")
+            }
+
+            BiometricManager.BIOMETRIC_ERROR_NO_HARDWARE -> {
+                Log.w(TAG, "There is no suitable hardware")
+            }
+
+            BiometricManager.BIOMETRIC_ERROR_SECURITY_UPDATE_REQUIRED -> {
+                Log.w(TAG, "A security vulnerability has been discovered with one or " +
+                    "more hardware sensors")
+            }
+        }
+        QtAndroidController.onAuthResult(true)
+        finish()
+    }
+
+    private fun showBiometricPrompt(biometricManager: BiometricManager) {
+        val executor = ContextCompat.getMainExecutor(applicationContext)
+        val biometricPrompt = BiometricPrompt(this, executor,
+            object : BiometricPrompt.AuthenticationCallback() {
+                override fun onAuthenticationSucceeded(result: AuthenticationResult) {
+                    super.onAuthenticationSucceeded(result)
+                    Log.v(TAG, "Authentication succeeded")
+                    QtAndroidController.onAuthResult(true)
+                    finish()
+                }
+
+                override fun onAuthenticationFailed() {
+                    super.onAuthenticationFailed()
+                    Log.w(TAG, "Authentication failed")
+                }
+
+                override fun onAuthenticationError(errorCode: Int, errString: CharSequence) {
+                    super.onAuthenticationError(errorCode, errString)
+                    Log.e(TAG, "Authentication error $errorCode: $errString")
+                    QtAndroidController.onAuthResult(false)
+                    finish()
+                }
+            })
+
+
+
+        val promptInfo = BiometricPrompt.PromptInfo.Builder()
+            .setAllowedAuthenticators(AUTHENTICATORS)
+            .setTitle("AmneziaVPN")
+            .setSubtitle(biometricManager.getStrings(AUTHENTICATORS)?.promptMessage)
+            .build()
+
+        biometricPrompt.authenticate(promptInfo)
+    }
+}

client/android/src/org/amnezia/vpn/AuthHelper.java

@@ -1,24 +0,0 @@
-package org.amnezia.vpn;
-
-import android.content.Context;
-import android.app.KeyguardManager;
-import android.content.Intent;
-import org.qtproject.qt.android.bindings.QtActivity;
-
-
-import static android.content.Context.KEYGUARD_SERVICE;
-
-public class AuthHelper extends QtActivity {
-
-   static final String TAG = "AuthHelper";
-  
-   public static Intent getAuthIntent(Context context) {
-   	KeyguardManager mKeyguardManager = (KeyguardManager)context.getSystemService(KEYGUARD_SERVICE);
-   	if (mKeyguardManager.isDeviceSecure()) {
-                return mKeyguardManager.createConfirmDeviceCredentialIntent(null, null);
-        } else {
-        	return null;
-        }     
-   }
-   
-}

client/android/src/org/amnezia/vpn/ImportConfigActivity.kt

@@ -29,20 +29,20 @@ class ImportConfigActivity : ComponentActivity() {
 
     override fun onCreate(savedInstanceState: Bundle?) {
         super.onCreate(savedInstanceState)
-        Log.d(TAG, "Create Import Config Activity: $intent")
+        Log.v(TAG, "Create Import Config Activity: $intent")
         intent?.let(::readConfig)
     }
 
-    override fun onNewIntent(intent: Intent?) {
+    override fun onNewIntent(intent: Intent) {
         super.onNewIntent(intent)
-        Log.d(TAG, "onNewIntent: $intent")
-        intent?.let(::readConfig)
+        Log.v(TAG, "onNewIntent: $intent")
+        intent.let(::readConfig)
     }
 
     private fun readConfig(intent: Intent) {
         when (intent.action) {
             ACTION_SEND -> {
-                Log.d(TAG, "Process SEND action, type: ${intent.type}")
+                Log.v(TAG, "Process SEND action, type: ${intent.type}")
                 when (intent.type) {
                     "application/octet-stream" -> {
                         intent.getUriCompat()?.let { uri ->
@@ -60,7 +60,7 @@ class ImportConfigActivity : ComponentActivity() {
             }
 
             ACTION_VIEW -> {
-                Log.d(TAG, "Process VIEW action, scheme: ${intent.scheme}")
+                Log.v(TAG, "Process VIEW action, scheme: ${intent.scheme}")
                 when (intent.scheme) {
                     "file", "content" -> {
                         intent.data?.let { uri ->

client/android/src/org/amnezia/vpn/ServiceNotification.kt

@@ -62,7 +62,7 @@ class ServiceNotification(private val context: Context) {
     fun buildNotification(serverName: String?, protocol: String?, state: ProtocolState): Notification {
         val speedString = if (state == CONNECTED) zeroSpeed else null
 
-        Log.d(TAG, "Build notification: $serverName, $state")
+        Log.v(TAG, "Build notification: $serverName, $state")
 
         return notificationBuilder
             .setSmallIcon(R.drawable.ic_amnezia_round)
@@ -88,17 +88,15 @@ class ServiceNotification(private val context: Context) {
     fun isNotificationEnabled(): Boolean {
         if (!context.isNotificationPermissionGranted()) return false
         if (!notificationManager.areNotificationsEnabled()) return false
-        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) {
-            return notificationManager.getNotificationChannel(NOTIFICATION_CHANNEL_ID)
-                ?.let { it.importance != NotificationManager.IMPORTANCE_NONE } ?: true
-        }
-        return true
+        return notificationManager.getNotificationChannel(NOTIFICATION_CHANNEL_ID)?.let {
+            it.importance != NotificationManager.IMPORTANCE_NONE
+        } ?: true
     }
 
     @SuppressLint("MissingPermission")
     fun updateNotification(serverName: String?, protocol: String?, state: ProtocolState) {
         if (context.isNotificationPermissionGranted()) {
-            Log.d(TAG, "Update notification: $serverName, $state")
+            Log.v(TAG, "Update notification: $serverName, $state")
             notificationManager.notify(NOTIFICATION_ID, buildNotification(serverName, protocol, state))
         }
     }

client/android/src/org/amnezia/vpn/qt/QtAndroidController.kt

@@ -25,5 +25,7 @@ object QtAndroidController {
 
     external fun onConfigImported(data: String)
 
+    external fun onAuthResult(result: Boolean)
+
     external fun decodeQrCode(data: String): Boolean
 }

client/android/utils/src/main/kotlin/JsonExt.kt

@@ -0,0 +1,9 @@
+package org.amnezia.vpn.util
+
+import org.json.JSONArray
+import org.json.JSONObject
+
+inline fun <reified T> JSONArray.asSequence(): Sequence<T> =
+    (0..<length()).asSequence().map { get(it) as T }
+
+fun JSONObject.optStringOrNull(name: String) = optString(name).ifEmpty { null }

client/android/utils/src/main/kotlin/LibraryLoader.kt

@@ -0,0 +1,66 @@
+package org.amnezia.vpn.util
+
+import android.annotation.SuppressLint
+import android.content.Context
+import android.os.Build
+import java.io.File
+import java.io.FileOutputStream
+import java.util.zip.ZipFile
+
+private const val TAG = "LibraryLoader"
+
+object LibraryLoader {
+    private fun extractLibrary(context: Context, libraryName: String, destination: File): Boolean {
+        Log.d(TAG, "Extracting library: $libraryName")
+        val apks = hashSetOf<String>()
+        context.applicationInfo.run {
+            sourceDir?.let { apks += it }
+            splitSourceDirs?.let { apks += it }
+        }
+        for (abi in Build.SUPPORTED_ABIS) {
+            for (apk in apks) {
+                ZipFile(File(apk), ZipFile.OPEN_READ).use { zipFile ->
+                    val mappedName = System.mapLibraryName(libraryName)
+                    val libraryZipPath = listOf("lib", abi, mappedName).joinToString(File.separator)
+                    val zipEntry = zipFile.getEntry(libraryZipPath)
+                    zipEntry?.let {
+                        Log.d(TAG, "Extracting apk:/$libraryZipPath to ${destination.absolutePath}")
+                        FileOutputStream(destination).use { outStream ->
+                            zipFile.getInputStream(zipEntry).use { inStream ->
+                                inStream.copyTo(outStream, 32 * 1024)
+                                outStream.fd.sync()
+                            }
+                        }
+                    }
+                    return true
+                }
+            }
+        }
+        return false
+    }
+
+    @SuppressLint("UnsafeDynamicallyLoadedCode")
+    fun loadSharedLibrary(context: Context, libraryName: String) {
+        Log.d(TAG, "Loading library: $libraryName")
+        try {
+            System.loadLibrary(libraryName)
+            return
+        } catch (_: UnsatisfiedLinkError) {
+            Log.w(TAG, "Failed to load library, try to extract it from apk")
+        }
+        var tempFile: File? = null
+        try {
+            tempFile = File.createTempFile("lib", ".so", context.codeCacheDir)
+            if (extractLibrary(context, libraryName, tempFile)) {
+                System.load(tempFile.absolutePath)
+                return
+            }
+        } catch (e: Exception) {
+            throw LoadLibraryException("Failed to load library apk: $libraryName", e)
+        } finally {
+            tempFile?.delete()
+        }
+    }
+}
+
+class LoadLibraryException(message: String? = null, cause: Throwable? = null) : Exception(message, cause)

client/android/utils/src/main/kotlin/Log.kt

@@ -1,8 +1,6 @@
 package org.amnezia.vpn.util
 
 import android.content.Context
-import android.icu.text.DateFormat
-import android.icu.text.SimpleDateFormat
 import android.os.Build
 import android.os.Process
 import java.io.File
@@ -12,8 +10,6 @@ import java.nio.channels.FileChannel
 import java.nio.channels.FileLock
 import java.time.LocalDateTime
 import java.time.format.DateTimeFormatter
-import java.util.Date
-import java.util.Locale
 import java.util.concurrent.locks.ReentrantLock
 import org.amnezia.vpn.util.Log.Priority.D
 import org.amnezia.vpn.util.Log.Priority.E
@@ -41,11 +37,7 @@ private const val LOG_MAX_FILE_SIZE = 1024 * 1024
  * |                   |              | create a report and/or terminate the process |
  */
 object Log {
-    private val dateTimeFormat: Any =
-        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) DateTimeFormatter.ofPattern(DATE_TIME_PATTERN)
-        else object : ThreadLocal<DateFormat>() {
-            override fun initialValue(): DateFormat = SimpleDateFormat(DATE_TIME_PATTERN, Locale.US)
-        }
+    private val dateTimeFormat: DateTimeFormatter = DateTimeFormatter.ofPattern(DATE_TIME_PATTERN)
 
     private lateinit var logDir: File
     private val logFile: File by lazy { File(logDir, LOG_FILE_NAME) }
@@ -143,12 +135,7 @@ object Log {
     }
 
     private fun formatLogMsg(tag: String, msg: String, priority: Priority): String {
-        val date = if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) {
-            LocalDateTime.now().format(dateTimeFormat as DateTimeFormatter)
-        } else {
-            @Suppress("UNCHECKED_CAST")
-            (dateTimeFormat as ThreadLocal<DateFormat>).get()?.format(Date())
-        }
+        val date = LocalDateTime.now().format(dateTimeFormat)
         return "$date ${Process.myPid()} ${Process.myTid()} $priority [${Thread.currentThread().name}] " +
             "$tag: $msg\n"
     }

client/android/utils/src/main/kotlin/net/NetworkState.kt

@@ -42,18 +42,12 @@ class NetworkState(
     private val networkCallback: NetworkCallback by lazy(NONE) {
         object : NetworkCallback() {
             override fun onAvailable(network: Network) {
-                Log.d(TAG, "onAvailable: $network")
+                Log.v(TAG, "onAvailable: $network")
             }
 
             override fun onCapabilitiesChanged(network: Network, networkCapabilities: NetworkCapabilities) {
-                Log.d(TAG, "onCapabilitiesChanged: $network, $networkCapabilities")
-                if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) {
-                    checkNetworkState(network, networkCapabilities)
-                } else {
-                    handler.post {
-                        checkNetworkState(network, networkCapabilities)
-                    }
-                }
+                Log.v(TAG, "onCapabilitiesChanged: $network, $networkCapabilities")
+                checkNetworkState(network, networkCapabilities)
             }
 
             private fun checkNetworkState(network: Network, networkCapabilities: NetworkCapabilities) {
@@ -73,11 +67,11 @@ class NetworkState(
             }
 
             override fun onBlockedStatusChanged(network: Network, blocked: Boolean) {
-                Log.d(TAG, "onBlockedStatusChanged: $network, $blocked")
+                Log.v(TAG, "onBlockedStatusChanged: $network, $blocked")
             }
 
             override fun onLost(network: Network) {
-                Log.d(TAG, "onLost: $network")
+                Log.v(TAG, "onLost: $network")
             }
         }
     }
@@ -87,8 +81,8 @@ class NetworkState(
         Log.d(TAG, "Bind network listener")
         if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.S) {
             connectivityManager.registerBestMatchingNetworkCallback(networkRequest, networkCallback, handler)
-        } else if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) {
-            val numberAttempts = 3
+        } else {
+            val numberAttempts = 300
             var attemptCount = 0
             while(true) {
                 try {
@@ -108,8 +102,6 @@ class NetworkState(
                     }
                 }
             }
-        } else {
-            connectivityManager.requestNetwork(networkRequest, networkCallback)
         }
         isListenerBound = true
     }

client/android/utils/src/main/kotlin/net/NetworkUtils.kt

@@ -35,7 +35,7 @@ fun getLocalNetworks(context: Context, ipv6: Boolean): List<InetNetwork> {
     return emptyList()
 }
 
-fun parseInetAddress(address: String): InetAddress = parseNumericAddressCompat(address)
+fun parseInetAddress(address: String): InetAddress = InetAddress.getByName(address)
 
 private val parseNumericAddressCompat: (String) -> InetAddress =
     if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q) {
@@ -60,7 +60,7 @@ private val parseNumericAddressCompat: (String) -> InetAddress =
 internal fun convertIpv6ToCanonicalForm(ipv6: String): String = ipv6
     .replace("((?:(?:^|:)0+\\b){2,}):?(?!\\S*\\b\\1:0+\\b)(\\S*)".toRegex(), "::$2")
 
-internal val InetAddress.ip: String
+val InetAddress.ip: String
     get() = if (this is Inet4Address) {
         hostAddress!!
     } else {

client/android/wireguard/src/main/kotlin/org/amnezia/vpn/protocol/wireguard/Wireguard.kt

@@ -1,54 +1,26 @@
 package org.amnezia.vpn.protocol.wireguard
 
 import android.net.VpnService.Builder
-import java.util.TreeMap
+import java.io.IOException
+import java.util.Locale
+import kotlinx.coroutines.Dispatchers
+import kotlinx.coroutines.delay
+import kotlinx.coroutines.withContext
 import org.amnezia.awg.GoBackend
 import org.amnezia.vpn.protocol.Protocol
 import org.amnezia.vpn.protocol.ProtocolState.CONNECTED
 import org.amnezia.vpn.protocol.ProtocolState.DISCONNECTED
 import org.amnezia.vpn.protocol.Statistics
 import org.amnezia.vpn.protocol.VpnStartException
+import org.amnezia.vpn.util.LibraryLoader.loadSharedLibrary
 import org.amnezia.vpn.util.Log
+import org.amnezia.vpn.util.asSequence
 import org.amnezia.vpn.util.net.InetEndpoint
 import org.amnezia.vpn.util.net.InetNetwork
 import org.amnezia.vpn.util.net.parseInetAddress
+import org.amnezia.vpn.util.optStringOrNull
 import org.json.JSONObject
 
-/**
- *    Config example:
- *    {
- *        "protocol": "wireguard",
- *        "description": "Server 1",
- *        "dns1": "1.1.1.1",
- *        "dns2": "1.0.0.1",
- *        "hostName": "100.100.100.0",
- *        "splitTunnelSites": [
- *        ],
- *        "splitTunnelType": 0,
- *        "wireguard_config_data": {
- *            "client_ip": "10.8.1.1",
- *            "hostName": "100.100.100.0",
- *            "port": 12345,
- *            "client_pub_key": "clientPublicKeyBase64",
- *            "client_priv_key": "privateKeyBase64",
- *            "psk_key": "presharedKeyBase64",
- *            "server_pub_key": "publicKeyBase64",
- *            "config": "[Interface]
- *                       Address = 10.8.1.1/32
- *                       DNS = 1.1.1.1, 1.0.0.1
- *                       PrivateKey = privateKeyBase64
- *
- *                       [Peer]
- *                       PublicKey = publicKeyBase64
- *                       PresharedKey = presharedKeyBase64
- *                       AllowedIPs = 0.0.0.0/0, ::/0
- *                       Endpoint = 100.100.100.0:12345
- *                       PersistentKeepalive = 25
- *                       "
- *        }
- *    }
- */
-
 private const val TAG = "Wireguard"
 
 open class Wireguard : Protocol() {
@@ -79,67 +51,105 @@ open class Wireguard : Protocol() {
         if (!isInitialized) loadSharedLibrary(context, "wg-go")
     }
 
-    override fun startVpn(config: JSONObject, vpnBuilder: Builder, protect: (Int) -> Boolean) {
+    override suspend fun startVpn(config: JSONObject, vpnBuilder: Builder, protect: (Int) -> Boolean) {
         val wireguardConfig = parseConfig(config)
+        val startTime = System.currentTimeMillis()
         start(wireguardConfig, vpnBuilder, protect)
+        waitForConnection(startTime)
         state.value = CONNECTED
     }
 
+    private suspend fun waitForConnection(startTime: Long) {
+        Log.d(TAG, "Waiting for connection")
+        withContext(Dispatchers.IO) {
+            val time = String.format(Locale.ROOT,"%.3f", startTime / 1000.0)
+            try {
+                delay(1000)
+                var log = getLogcat(time)
+                Log.v(TAG, "First waiting log: $log")
+                // check that there is a connection log,
+                // to avoid infinite connection
+                if (!log.contains("Attaching to interface")) {
+                    Log.w(TAG, "Logs do not contain a connection log")
+                    return@withContext
+                }
+                while (!log.contains("Received handshake response")) {
+                    delay(1000)
+                    log = getLogcat(time)
+                }
+            } catch (e: IOException) {
+                Log.e(TAG, "Failed to get logcat: $e")
+            }
+        }
+    }
+
+    private fun getLogcat(time: String): String =
+        ProcessBuilder("logcat", "--buffer=main", "--format=raw", "*:S AmneziaWG/awg0", "-t", time)
+            .redirectErrorStream(true)
+            .start()
+            .inputStream.reader().readText()
+
     protected open fun parseConfig(config: JSONObject): WireguardConfig {
-        val configDataJson = config.getJSONObject("wireguard_config_data")
-        val configData = parseConfigData(configDataJson.getString("config"))
+        val configData = config.getJSONObject("wireguard_config_data")
         return WireguardConfig.build {
-            configWireguard(configData, configDataJson)
+            configWireguard(config, configData)
             configSplitTunneling(config)
             configAppSplitTunneling(config)
         }
     }
 
-    protected fun WireguardConfig.Builder.configWireguard(configData: Map<String, String>, configDataJson: JSONObject) {
-        configData["Address"]?.split(",")?.map { address ->
+    protected fun WireguardConfig.Builder.configWireguard(config: JSONObject, configData: JSONObject) {
+        configData.getString("client_ip").split(",").map { address ->
             InetNetwork.parse(address.trim())
-        }?.forEach(::addAddress)
+        }.forEach(::addAddress)
 
-        configData["DNS"]?.split(",")?.map { dns ->
-            parseInetAddress(dns.trim())
-        }?.forEach(::addDnsServer)
+        config.optStringOrNull("dns1")?.let { dns ->
+            addDnsServer(parseInetAddress(dns.trim()))
+        }
+
+        config.optStringOrNull("dns2")?.let { dns ->
+            addDnsServer(parseInetAddress(dns.trim()))
+        }
 
         val defRoutes = hashSetOf(
             InetNetwork("0.0.0.0", 0),
             InetNetwork("::", 0)
         )
         val routes = hashSetOf<InetNetwork>()
-        configData["AllowedIPs"]?.split(",")?.map { route ->
+        configData.getJSONArray("allowed_ips").asSequence<String>().map { route ->
             InetNetwork.parse(route.trim())
-        }?.forEach(routes::add)
+        }.forEach(routes::add)
         // if the allowed IPs list contains at least one non-default route, disable global split tunneling
         if (routes.any { it !in defRoutes }) disableSplitTunneling()
         addRoutes(routes)
 
-        configDataJson.optString("mtu").let { mtu ->
-            if (mtu.isNotEmpty()) {
-                setMtu(mtu.toInt())
-            } else {
-                configData["MTU"]?.let { setMtu(it.toInt()) }
-            }
+        configData.optStringOrNull("mtu")?.let { setMtu(it.toInt()) }
+
+        val host = configData.getString("hostName").let { parseInetAddress(it.trim()) }
+        val port = configData.getInt("port")
+        setEndpoint(InetEndpoint(host, port))
+
+        if (configData.optBoolean("isObfuscationEnabled")) {
+            setUseProtocolExtension(true)
+            configExtensionParameters(configData)
         }
 
-        configData["Endpoint"]?.let { setEndpoint(InetEndpoint.parse(it)) }
-        configData["PersistentKeepalive"]?.let { setPersistentKeepalive(it.toInt()) }
-        configData["PrivateKey"]?.let { setPrivateKeyHex(it.base64ToHex()) }
-        configData["PublicKey"]?.let { setPublicKeyHex(it.base64ToHex()) }
-        configData["PresharedKey"]?.let { setPreSharedKeyHex(it.base64ToHex()) }
+        configData.optStringOrNull("persistent_keep_alive")?.let { setPersistentKeepalive(it.toInt()) }
+        configData.getString("client_priv_key").let { setPrivateKeyHex(it.base64ToHex()) }
+        configData.getString("server_pub_key").let { setPublicKeyHex(it.base64ToHex()) }
+        configData.optStringOrNull("psk_key")?.let { setPreSharedKeyHex(it.base64ToHex()) }
     }
 
-    protected fun parseConfigData(data: String): Map<String, String> {
-        val parsedData = TreeMap<String, String>(String.CASE_INSENSITIVE_ORDER)
-        data.lineSequence()
-            .filter { it.isNotEmpty() && !it.startsWith('[') }
-            .forEach { line ->
-                val attr = line.split("=", limit = 2)
-                parsedData[attr.first().trim()] = attr.last().trim()
-            }
-        return parsedData
+    protected fun WireguardConfig.Builder.configExtensionParameters(configData: JSONObject) {
+        configData.optStringOrNull("Jc")?.let { setJc(it.toInt()) }
+        configData.optStringOrNull("Jmin")?.let { setJmin(it.toInt()) }
+        configData.optStringOrNull("Jmax")?.let { setJmax(it.toInt()) }
+        configData.optStringOrNull("S1")?.let { setS1(it.toInt()) }
+        configData.optStringOrNull("S2")?.let { setS2(it.toInt()) }
+        configData.optStringOrNull("H1")?.let { setH1(it.toLong()) }
+        configData.optStringOrNull("H2")?.let { setH2(it.toLong()) }
+        configData.optStringOrNull("H3")?.let { setH3(it.toLong()) }
+        configData.optStringOrNull("H4")?.let { setH4(it.toLong()) }
     }
 
     private fun start(config: WireguardConfig, vpnBuilder: Builder, protect: (Int) -> Boolean) {

client/android/wireguard/src/main/kotlin/org/amnezia/vpn/protocol/wireguard/WireguardConfig.kt

@@ -1,6 +1,7 @@
 package org.amnezia.vpn.protocol.wireguard
 
 import android.util.Base64
+import org.amnezia.vpn.protocol.BadConfigException
 import org.amnezia.vpn.protocol.ProtocolConfig
 import org.amnezia.vpn.util.net.InetEndpoint
 
@@ -12,7 +13,17 @@ open class WireguardConfig protected constructor(
     val persistentKeepalive: Int,
     val publicKeyHex: String,
     val preSharedKeyHex: String?,
-    val privateKeyHex: String
+    val privateKeyHex: String,
+    val useProtocolExtension: Boolean,
+    val jc: Int?,
+    val jmin: Int?,
+    val jmax: Int?,
+    val s1: Int?,
+    val s2: Int?,
+    val h1: Long?,
+    val h2: Long?,
+    val h3: Long?,
+    val h4: Long?
 ) : ProtocolConfig(protocolConfigBuilder) {
 
     protected constructor(builder: Builder) : this(
@@ -21,7 +32,17 @@ open class WireguardConfig protected constructor(
         builder.persistentKeepalive,
         builder.publicKeyHex,
         builder.preSharedKeyHex,
-        builder.privateKeyHex
+        builder.privateKeyHex,
+        builder.useProtocolExtension,
+        builder.jc,
+        builder.jmin,
+        builder.jmax,
+        builder.s1,
+        builder.s2,
+        builder.h1,
+        builder.h2,
+        builder.h3,
+        builder.h4
     )
 
     fun toWgUserspaceString(): String = with(StringBuilder()) {
@@ -33,6 +54,30 @@ open class WireguardConfig protected constructor(
 
     open fun appendDeviceLine(sb: StringBuilder) = with(sb) {
         appendLine("private_key=$privateKeyHex")
+        if (useProtocolExtension) {
+            validateProtocolExtensionParameters()
+            appendLine("jc=$jc")
+            appendLine("jmin=$jmin")
+            appendLine("jmax=$jmax")
+            appendLine("s1=$s1")
+            appendLine("s2=$s2")
+            appendLine("h1=$h1")
+            appendLine("h2=$h2")
+            appendLine("h3=$h3")
+            appendLine("h4=$h4")
+        }
+    }
+
+    private fun validateProtocolExtensionParameters() {
+        if (jc == null) throw BadConfigException("Parameter jc is undefined")
+        if (jmin == null) throw BadConfigException("Parameter jmin is undefined")
+        if (jmax == null) throw BadConfigException("Parameter jmax is undefined")
+        if (s1 == null) throw BadConfigException("Parameter s1 is undefined")
+        if (s2 == null) throw BadConfigException("Parameter s2 is undefined")
+        if (h1 == null) throw BadConfigException("Parameter h1 is undefined")
+        if (h2 == null) throw BadConfigException("Parameter h2 is undefined")
+        if (h3 == null) throw BadConfigException("Parameter h3 is undefined")
+        if (h4 == null) throw BadConfigException("Parameter h4 is undefined")
     }
 
     open fun appendPeerLine(sb: StringBuilder) = with(sb) {
@@ -65,6 +110,18 @@ open class WireguardConfig protected constructor(
 
         override var mtu: Int = WIREGUARD_DEFAULT_MTU
 
+        internal var useProtocolExtension: Boolean = false
+
+        internal var jc: Int? = null
+        internal var jmin: Int? = null
+        internal var jmax: Int? = null
+        internal var s1: Int? = null
+        internal var s2: Int? = null
+        internal var h1: Long? = null
+        internal var h2: Long? = null
+        internal var h3: Long? = null
+        internal var h4: Long? = null
+
         fun setEndpoint(endpoint: InetEndpoint) = apply { this.endpoint = endpoint }
 
         fun setPersistentKeepalive(persistentKeepalive: Int) = apply { this.persistentKeepalive = persistentKeepalive }
@@ -75,6 +132,18 @@ open class WireguardConfig protected constructor(
 
         fun setPrivateKeyHex(privateKeyHex: String) = apply { this.privateKeyHex = privateKeyHex }
 
+        fun setUseProtocolExtension(useProtocolExtension: Boolean) = apply { this.useProtocolExtension = useProtocolExtension }
+
+        fun setJc(jc: Int) = apply { this.jc = jc }
+        fun setJmin(jmin: Int) = apply { this.jmin = jmin }
+        fun setJmax(jmax: Int) = apply { this.jmax = jmax }
+        fun setS1(s1: Int) = apply { this.s1 = s1 }
+        fun setS2(s2: Int) = apply { this.s2 = s2 }
+        fun setH1(h1: Long) = apply { this.h1 = h1 }
+        fun setH2(h2: Long) = apply { this.h2 = h2 }
+        fun setH3(h3: Long) = apply { this.h3 = h3 }
+        fun setH4(h4: Long) = apply { this.h4 = h4 }
+
         override fun build(): WireguardConfig = configBuild().run { WireguardConfig(this@Builder) }
     }
 

client/android/xray/src/main/kotlin/Xray.kt

@@ -17,72 +17,10 @@ import org.amnezia.vpn.protocol.xray.libXray.Logger
 import org.amnezia.vpn.protocol.xray.libXray.Tun2SocksConfig
 import org.amnezia.vpn.util.Log
 import org.amnezia.vpn.util.net.InetNetwork
+import org.amnezia.vpn.util.net.ip
 import org.amnezia.vpn.util.net.parseInetAddress
 import org.json.JSONObject
 
-/**
- *    Config example:
- * {
- *     "appSplitTunnelType": 0,
- *     "config_version": 0,
- *     "description": "Server 1",
- *     "dns1": "1.1.1.1",
- *     "dns2": "1.0.0.1",
- *     "hostName": "100.100.100.0",
- *     "protocol": "xray",
- *     "splitTunnelApps": [],
- *     "splitTunnelSites": [],
- *     "splitTunnelType": 0,
- *     "xray_config_data": {
- *         "inbounds": [
- *             {
- *                 "listen": "127.0.0.1",
- *                 "port": 8080,
- *                 "protocol": "socks",
- *                 "settings": {
- *                     "udp": true
- *                 }
- *             }
- *         ],
- *         "log": {
- *             "loglevel": "error"
- *         },
- *         "outbounds": [
- *             {
- *                 "protocol": "vless",
- *                 "settings": {
- *                     "vnext": [
- *                         {
- *                             "address": "100.100.100.0",
- *                             "port": 443,
- *                             "users": [
- *                                 {
- *                                     "encryption": "none",
- *                                     "flow": "xtls-rprx-vision",
- *                                     "id": "id"
- *                                 }
- *                             ]
- *                         }
- *                     ]
- *                 },
- *                 "streamSettings": {
- *                     "network": "tcp",
- *                     "realitySettings": {
- *                         "fingerprint": "chrome",
- *                         "publicKey": "publicKey",
- *                         "serverName": "google.com",
- *                         "shortId": "id",
- *                         "spiderX": ""
- *                     },
- *                     "security": "reality"
- *                 }
- *             }
- *         ]
- *     }
- * }
- *
- */
-
 private const val TAG = "Xray"
 private const val LIBXRAY_TAG = "libXray"
 
@@ -109,7 +47,7 @@ class Xray : Protocol() {
         }
     }
 
-    override fun startVpn(config: JSONObject, vpnBuilder: Builder, protect: (Int) -> Boolean) {
+    override suspend fun startVpn(config: JSONObject, vpnBuilder: Builder, protect: (Int) -> Boolean) {
         if (isRunning) {
             Log.w(TAG, "XRay already running")
             return
@@ -124,7 +62,15 @@ class Xray : Protocol() {
             .put("loglevel", "warning")
             .put("access", "none") // disable access log
 
-        start(xrayConfig, xrayJsonConfig.toString(), vpnBuilder, protect)
+        var xrayJsonConfigString = xrayJsonConfig.toString()
+        config.getString("hostName").let { hostName ->
+            val ipAddress = parseInetAddress(hostName).ip
+            if (hostName != ipAddress) {
+                xrayJsonConfigString = xrayJsonConfigString.replace(hostName, ipAddress)
+            }
+        }
+
+        start(xrayConfig, xrayJsonConfigString, vpnBuilder, protect)
         state.value = CONNECTED
         isRunning = true
     }
@@ -184,8 +130,8 @@ class Xray : Protocol() {
             LibXray.initXray(assetsPath)
             val geoDir = File(assetsPath, "geo").absolutePath
             val configPath = File(context.cacheDir, "config.json")
-            Log.d(TAG, "xray.location.asset: $geoDir")
-            Log.d(TAG, "config: $configPath")
+            Log.v(TAG, "xray.location.asset: $geoDir")
+            Log.v(TAG, "config: $configPath")
             try {
                 configPath.writeText(configJson)
             } catch (e: IOException) {

client/cmake/3rdparty.cmake

@@ -2,10 +2,6 @@ set(CLIENT_ROOT_DIR ${CMAKE_CURRENT_LIST_DIR}/..)
 
 set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_LIST_DIR}/Modules;${CMAKE_MODULE_PATH}")
 
-if(NOT IOS AND NOT ANDROID)
-   include(${CLIENT_ROOT_DIR}/3rd/SingleApplication/singleapplication.cmake)
-endif()
-
 add_subdirectory(${CLIENT_ROOT_DIR}/3rd/SortFilterProxyModel)
 set(LIBS ${LIBS} SortFilterProxyModel)
 include(${CLIENT_ROOT_DIR}/cmake/QSimpleCrypto.cmake)

client/cmake/android.cmake

@@ -1,6 +1,6 @@
 message("Client android ${CMAKE_ANDROID_ARCH_ABI} build")
 
-set(APP_ANDROID_MIN_SDK 24)
+set(APP_ANDROID_MIN_SDK 26)
 set(ANDROID_PLATFORM "android-${APP_ANDROID_MIN_SDK}" CACHE STRING
     "The minimum API level supported by the application or library" FORCE)
 
@@ -27,7 +27,6 @@ link_directories(${CMAKE_CURRENT_SOURCE_DIR}/platforms/android)
 set(HEADERS ${HEADERS}
     ${CMAKE_CURRENT_SOURCE_DIR}/platforms/android/android_controller.h
     ${CMAKE_CURRENT_SOURCE_DIR}/platforms/android/android_utils.h
-    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/android/authResultReceiver.h
     ${CMAKE_CURRENT_SOURCE_DIR}/protocols/android_vpnprotocol.h
     ${CMAKE_CURRENT_SOURCE_DIR}/core/installedAppsImageProvider.h
 )
@@ -35,7 +34,6 @@ set(HEADERS ${HEADERS}
 set(SOURCES ${SOURCES}
     ${CMAKE_CURRENT_SOURCE_DIR}/platforms/android/android_controller.cpp
     ${CMAKE_CURRENT_SOURCE_DIR}/platforms/android/android_utils.cpp
-    ${CMAKE_CURRENT_SOURCE_DIR}/platforms/android/authResultReceiver.cpp
     ${CMAKE_CURRENT_SOURCE_DIR}/protocols/android_vpnprotocol.cpp
     ${CMAKE_CURRENT_SOURCE_DIR}/core/installedAppsImageProvider.cpp
 )

client/configurators/wireguard_configurator.cpp

@@ -95,6 +95,18 @@ WireguardConfigurator::ConnectionData WireguardConfigurator::prepareWireguardCon
         stdOut.replace("/32", "");
         QStringList ips = stdOut.split("\n", Qt::SkipEmptyParts);
 
+        // remove extra IPs from each line for case when user manually edited the wg0.conf
+        // and added there more IPs for route his itnernal networks, like:
+        //     ...
+        //     AllowedIPs = 10.8.1.6/32, 192.168.1.0/24, 192.168.2.0/24, ...
+        //     ...
+        // without this code - next IP would be 1 if last item in 'ips' has format above
+        QStringList vpnIps;
+        for (const auto &ip : ips) {
+          vpnIps.append(ip.split(",", Qt::SkipEmptyParts).first().trimmed());
+        }
+        ips = vpnIps;
+
         // Calc next IP address
         if (ips.isEmpty()) {
             nextIpNumber = "2";
@@ -187,6 +199,10 @@ QString WireguardConfigurator::createConfig(const ServerCredentials &credentials
     jConfig[config_key::server_pub_key] = connData.serverPubKey;
     jConfig[config_key::mtu] = wireguarConfig.value(config_key::mtu).toString(protocols::wireguard::defaultMtu);
 
+    jConfig[config_key::persistent_keep_alive] = "25";
+    QJsonArray allowedIps { "0.0.0.0/0", "::/0" };
+    jConfig[config_key::allowed_ips] = allowedIps;
+
     jConfig[config_key::clientId] = connData.clientPubKey;
 
     return QJsonDocument(jConfig).toJson();

client/core/controllers/apiController.cpp

@@ -1,5 +1,8 @@
 #include "apiController.h"
 
+#include <algorithm>
+#include <random>
+
 #include <QEventLoop>
 #include <QNetworkAccessManager>
 #include <QNetworkReply>
@@ -9,8 +12,9 @@
 #include "QRsa.h"
 
 #include "amnezia_application.h"
-#include "core/enums/apiEnums.h"
 #include "configurators/wireguard_configurator.h"
+#include "core/enums/apiEnums.h"
+#include "utilities.h"
 #include "version.h"
 
 namespace
@@ -33,6 +37,7 @@ namespace
         constexpr char userCountryCode[] = "user_country_code";
         constexpr char serverCountryCode[] = "server_country_code";
         constexpr char serviceType[] = "service_type";
+        constexpr char serviceInfo[] = "service_info";
 
         constexpr char aesKey[] = "aes_key";
         constexpr char aesIv[] = "aes_iv";
@@ -40,9 +45,10 @@ namespace
 
         constexpr char apiPayload[] = "api_payload";
         constexpr char keyPayload[] = "key_payload";
-    }
 
-    const QStringList proxyStorageUrl = {""};
+        constexpr char apiConfig[] = "api_config";
+        constexpr char authData[] = "auth_data";
+    }
 
     ErrorCode checkErrors(const QList<QSslError> &sslErrors, QNetworkReply *reply)
     {
@@ -63,9 +69,32 @@ namespace
             return ErrorCode::ApiConfigDownloadError;
         }
     }
+
+    bool shouldBypassProxy(QNetworkReply *reply, const QByteArray &responseBody, bool checkEncryption, const QByteArray &key = "",
+                           const QByteArray &iv = "", const QByteArray &salt = "")
+    {
+        if (reply->error() == QNetworkReply::NetworkError::OperationCanceledError
+            || reply->error() == QNetworkReply::NetworkError::TimeoutError) {
+            qDebug() << "Timeout occurred";
+            return true;
+        } else if (responseBody.contains("html")) {
+            qDebug() << "The response contains an html tag";
+            return true;
+        } else if (checkEncryption) {
+            try {
+                QSimpleCrypto::QBlockCipher blockCipher;
+                static_cast<void>(blockCipher.decryptAesBlockCipher(responseBody, key, iv, "", salt));
+            } catch (...) {
+                qDebug() << "Failed to decrypt the data";
+                return true;
+            }
+        }
+        return false;
+    }
 }
 
-ApiController::ApiController(const QString &gatewayEndpoint, QObject *parent) : QObject(parent), m_gatewayEndpoint(gatewayEndpoint)
+ApiController::ApiController(const QString &gatewayEndpoint, bool isDevEnvironment, QObject *parent)
+    : QObject(parent), m_gatewayEndpoint(gatewayEndpoint), m_isDevEnvironment(isDevEnvironment)
 {
 }
 
@@ -93,8 +122,8 @@ void ApiController::fillServerConfig(const QString &protocol, const ApiControlle
         configStr.replace("$OPENVPN_PRIV_KEY", apiPayloadData.certRequest.privKey);
     } else if (protocol == configKey::awg) {
         configStr.replace("$WIREGUARD_CLIENT_PRIVATE_KEY", apiPayloadData.wireGuardClientPrivKey);
-        auto serverConfig = QJsonDocument::fromJson(configStr.toUtf8()).object();
-        auto containers = serverConfig.value(config_key::containers).toArray();
+        auto newServerConfig = QJsonDocument::fromJson(configStr.toUtf8()).object();
+        auto containers = newServerConfig.value(config_key::containers).toArray();
         if (containers.isEmpty()) {
             return; // todo process error
         }
@@ -113,25 +142,35 @@ void ApiController::fillServerConfig(const QString &protocol, const ApiControlle
         containerConfig[config_key::transportPacketMagicHeader] = protocolConfig.value(config_key::transportPacketMagicHeader);
         container[containerName] = containerConfig;
         containers.replace(0, container);
-        serverConfig[config_key::containers] = containers;
-        configStr = QString(QJsonDocument(serverConfig).toJson());
+        newServerConfig[config_key::containers] = containers;
+        configStr = QString(QJsonDocument(newServerConfig).toJson());
     }
 
-    QJsonObject apiConfig = QJsonDocument::fromJson(configStr.toUtf8()).object();
-    serverConfig[config_key::dns1] = apiConfig.value(config_key::dns1);
-    serverConfig[config_key::dns2] = apiConfig.value(config_key::dns2);
-    serverConfig[config_key::containers] = apiConfig.value(config_key::containers);
-    serverConfig[config_key::hostName] = apiConfig.value(config_key::hostName);
+    QJsonObject newServerConfig = QJsonDocument::fromJson(configStr.toUtf8()).object();
+    serverConfig[config_key::dns1] = newServerConfig.value(config_key::dns1);
+    serverConfig[config_key::dns2] = newServerConfig.value(config_key::dns2);
+    serverConfig[config_key::containers] = newServerConfig.value(config_key::containers);
+    serverConfig[config_key::hostName] = newServerConfig.value(config_key::hostName);
 
-    if (apiConfig.value(config_key::configVersion).toInt() == ApiConfigSources::AmneziaGateway) {
-        serverConfig[config_key::configVersion] = apiConfig.value(config_key::configVersion);
-        serverConfig[config_key::description] = apiConfig.value(config_key::description);
-        serverConfig[config_key::name] = apiConfig.value(config_key::name);
+    if (newServerConfig.value(config_key::configVersion).toInt() == ApiConfigSources::AmneziaGateway) {
+        serverConfig[config_key::configVersion] = newServerConfig.value(config_key::configVersion);
+        serverConfig[config_key::description] = newServerConfig.value(config_key::description);
+        serverConfig[config_key::name] = newServerConfig.value(config_key::name);
     }
 
-    auto defaultContainer = apiConfig.value(config_key::defaultContainer).toString();
+    auto defaultContainer = newServerConfig.value(config_key::defaultContainer).toString();
     serverConfig[config_key::defaultContainer] = defaultContainer;
 
+    QVariantMap map = serverConfig.value(configKey::apiConfig).toObject().toVariantMap();
+    map.insert(newServerConfig.value(configKey::apiConfig).toObject().toVariantMap());
+    auto apiConfig = QJsonObject::fromVariantMap(map);
+
+    if (newServerConfig.value(config_key::configVersion).toInt() == ApiConfigSources::AmneziaGateway) {
+        apiConfig.insert(configKey::serviceInfo, QJsonDocument::fromJson(apiResponseBody).object().value(configKey::serviceInfo).toObject());
+    }
+
+    serverConfig[configKey::apiConfig] = apiConfig;
+
     return;
 }
 
@@ -143,7 +182,16 @@ QStringList ApiController::getProxyUrls()
 
     QEventLoop wait;
     QList<QSslError> sslErrors;
-    QNetworkReply* reply;
+    QNetworkReply *reply;
+
+    QStringList proxyStorageUrl;
+    if (m_isDevEnvironment) {
+        proxyStorageUrl = QStringList { DEV_S3_ENDPOINT };
+    } else {
+        proxyStorageUrl = QStringList { PROD_S3_ENDPOINT };
+    }
+
+    QByteArray key = m_isDevEnvironment ? DEV_AGW_PUBLIC_KEY : PROD_AGW_PUBLIC_KEY;
 
     for (const auto &proxyStorageUrl : proxyStorageUrl) {
         request.setUrl(proxyStorageUrl);
@@ -165,11 +213,23 @@ QStringList ApiController::getProxyUrls()
     EVP_PKEY *privateKey = nullptr;
     QByteArray responseBody;
     try {
-        QByteArray key = PROD_PROXY_STORAGE_KEY;
-        QSimpleCrypto::QRsa rsa;
-        privateKey = rsa.getPrivateKeyFromByteArray(key, "");
-        responseBody = rsa.decrypt(encryptedResponseBody, privateKey, RSA_PKCS1_PADDING);
+        if (!m_isDevEnvironment) {
+            QCryptographicHash hash(QCryptographicHash::Sha512);
+            hash.addData(key);
+            QByteArray hashResult = hash.result().toHex();
+
+            QByteArray key = QByteArray::fromHex(hashResult.left(64));
+            QByteArray iv = QByteArray::fromHex(hashResult.mid(64, 32));
+
+            QByteArray ba = QByteArray::fromBase64(encryptedResponseBody);
+
+            QSimpleCrypto::QBlockCipher blockCipher;
+            responseBody = blockCipher.decryptAesBlockCipher(ba, key, iv);
+        } else {
+            responseBody = encryptedResponseBody;
+        }
     } catch (...) {
+        Utils::logException();
         qCritical() << "error loading private key from environment variables or decrypting payload";
         return {};
     }
@@ -281,7 +341,7 @@ ErrorCode ApiController::getServicesList(QByteArray &responseBody)
 
     request.setUrl(QString("%1v1/services").arg(m_gatewayEndpoint));
 
-    QNetworkReply* reply;
+    QNetworkReply *reply;
     reply = amnApp->manager()->get(request);
 
     QEventLoop wait;
@@ -291,37 +351,44 @@ ErrorCode ApiController::getServicesList(QByteArray &responseBody)
     connect(reply, &QNetworkReply::sslErrors, [this, &sslErrors](const QList<QSslError> &errors) { sslErrors = errors; });
     wait.exec();
 
-    if (reply->error() == QNetworkReply::NetworkError::TimeoutError || reply->error() == QNetworkReply::NetworkError::OperationCanceledError) {
+    responseBody = reply->readAll();
+
+    if (sslErrors.isEmpty() && shouldBypassProxy(reply, responseBody, false)) {
         m_proxyUrls = getProxyUrls();
+        std::random_device randomDevice;
+        std::mt19937 generator(randomDevice());
+        std::shuffle(m_proxyUrls.begin(), m_proxyUrls.end(), generator);
         for (const QString &proxyUrl : m_proxyUrls) {
+            qDebug() << "Go to the next endpoint";
             request.setUrl(QString("%1v1/services").arg(proxyUrl));
+            reply->deleteLater(); // delete the previous reply
             reply = amnApp->manager()->get(request);
 
             QObject::connect(reply, &QNetworkReply::finished, &wait, &QEventLoop::quit);
             connect(reply, &QNetworkReply::sslErrors, [this, &sslErrors](const QList<QSslError> &errors) { sslErrors = errors; });
             wait.exec();
-            if (reply->error() != QNetworkReply::NetworkError::TimeoutError && reply->error() != QNetworkReply::NetworkError::OperationCanceledError) {
+
+            responseBody = reply->readAll();
+            if (!sslErrors.isEmpty() || !shouldBypassProxy(reply, responseBody, false)) {
                 break;
             }
-            reply->deleteLater();
         }
     }
 
-    responseBody = reply->readAll();
     auto errorCode = checkErrors(sslErrors, reply);
     reply->deleteLater();
     return errorCode;
 }
 
 ErrorCode ApiController::getConfigForService(const QString &installationUuid, const QString &userCountryCode, const QString &serviceType,
-                                             const QString &protocol, const QString &serverCountryCode, QJsonObject &serverConfig)
+                                             const QString &protocol, const QString &serverCountryCode, const QJsonObject &authData,
+                                             QJsonObject &serverConfig)
 {
 #ifdef Q_OS_IOS
     IosController::Instance()->requestInetAccess();
     QThread::msleep(10);
 #endif
 
-    QNetworkAccessManager manager;
     QNetworkRequest request;
     request.setTransferTimeout(7000);
     request.setHeader(QNetworkRequest::ContentTypeHeader, "application/json");
@@ -337,6 +404,9 @@ ErrorCode ApiController::getConfigForService(const QString &installationUuid, co
     }
     apiPayload[configKey::serviceType] = serviceType;
     apiPayload[configKey::uuid] = installationUuid;
+    if (!authData.isEmpty()) {
+        apiPayload[configKey::authData] = authData;
+    }
 
     QSimpleCrypto::QBlockCipher blockCipher;
     QByteArray key = blockCipher.generatePrivateSalt(32);
@@ -355,10 +425,11 @@ ErrorCode ApiController::getConfigForService(const QString &installationUuid, co
 
         EVP_PKEY *publicKey = nullptr;
         try {
-            QByteArray key = PROD_AGW_PUBLIC_KEY;
+            QByteArray rsaKey = m_isDevEnvironment ? DEV_AGW_PUBLIC_KEY : PROD_AGW_PUBLIC_KEY;
             QSimpleCrypto::QRsa rsa;
-            publicKey = rsa.getPublicKeyFromByteArray(key);
+            publicKey = rsa.getPublicKeyFromByteArray(rsaKey);
         } catch (...) {
+            Utils::logException();
             qCritical() << "error loading public key from environment variables";
             return ErrorCode::ApiMissingAgwPublicKey;
         }
@@ -368,14 +439,16 @@ ErrorCode ApiController::getConfigForService(const QString &installationUuid, co
 
         encryptedApiPayload = blockCipher.encryptAesBlockCipher(QJsonDocument(apiPayload).toJson(), key, iv, "", salt);
     } catch (...) { // todo change error handling in QSimpleCrypto?
+        Utils::logException();
         qCritical() << "error when encrypting the request body";
+        return ErrorCode::ApiConfigDecryptionError;
     }
 
     QJsonObject requestBody;
     requestBody[configKey::keyPayload] = QString(encryptedKeyPayload.toBase64());
     requestBody[configKey::apiPayload] = QString(encryptedApiPayload.toBase64());
 
-    QNetworkReply* reply = manager.post(request, QJsonDocument(requestBody).toJson());
+    QNetworkReply *reply = amnApp->manager()->post(request, QJsonDocument(requestBody).toJson());
 
     QEventLoop wait;
     connect(reply, &QNetworkReply::finished, &wait, &QEventLoop::quit);
@@ -384,36 +457,43 @@ ErrorCode ApiController::getConfigForService(const QString &installationUuid, co
     connect(reply, &QNetworkReply::sslErrors, [this, &sslErrors](const QList<QSslError> &errors) { sslErrors = errors; });
     wait.exec();
 
-    if (reply->error() == QNetworkReply::NetworkError::TimeoutError || reply->error() == QNetworkReply::NetworkError::OperationCanceledError) {
-        if (m_proxyUrls.isEmpty()) {
-            m_proxyUrls = getProxyUrls();
-        }
+    auto encryptedResponseBody = reply->readAll();
+
+    if (sslErrors.isEmpty() && shouldBypassProxy(reply, encryptedResponseBody, true, key, iv, salt)) {
+        m_proxyUrls = getProxyUrls();
+        std::random_device randomDevice;
+        std::mt19937 generator(randomDevice());
+        std::shuffle(m_proxyUrls.begin(), m_proxyUrls.end(), generator);
         for (const QString &proxyUrl : m_proxyUrls) {
+            qDebug() << "Go to the next endpoint";
             request.setUrl(QString("%1v1/config").arg(proxyUrl));
-            reply = manager.post(request, QJsonDocument(requestBody).toJson());
+            reply->deleteLater(); // delete the previous reply
+            reply = amnApp->manager()->post(request, QJsonDocument(requestBody).toJson());
 
             QObject::connect(reply, &QNetworkReply::finished, &wait, &QEventLoop::quit);
             connect(reply, &QNetworkReply::sslErrors, [this, &sslErrors](const QList<QSslError> &errors) { sslErrors = errors; });
             wait.exec();
-            if (reply->error() != QNetworkReply::NetworkError::TimeoutError && reply->error() != QNetworkReply::NetworkError::OperationCanceledError) {
+
+            encryptedResponseBody = reply->readAll();
+            if (!sslErrors.isEmpty() || !shouldBypassProxy(reply, encryptedResponseBody, true, key, iv, salt)) {
                 break;
             }
-            reply->deleteLater();
         }
     }
 
     auto errorCode = checkErrors(sslErrors, reply);
+    reply->deleteLater();
     if (errorCode) {
         return errorCode;
     }
 
-    auto encryptedResponseBody = reply->readAll();
-    reply->deleteLater();
     try {
         auto responseBody = blockCipher.decryptAesBlockCipher(encryptedResponseBody, key, iv, "", salt);
         fillServerConfig(protocol, apiPayloadData, responseBody, serverConfig);
     } catch (...) { // todo change error handling in QSimpleCrypto?
+        Utils::logException();
         qCritical() << "error when decrypting the request body";
+        return ErrorCode::ApiConfigDecryptionError;
     }
 
     return errorCode;

client/core/controllers/apiController.h

@@ -14,14 +14,14 @@ class ApiController : public QObject
     Q_OBJECT
 
 public:
-    explicit ApiController(const QString &gatewayEndpoint, QObject *parent = nullptr);
+    explicit ApiController(const QString &gatewayEndpoint, bool isDevEnvironment, QObject *parent = nullptr);
 
 public slots:
     void updateServerConfigFromApi(const QString &installationUuid, const int serverIndex, QJsonObject serverConfig);
 
     ErrorCode getServicesList(QByteArray &responseBody);
     ErrorCode getConfigForService(const QString &installationUuid, const QString &userCountryCode, const QString &serviceType,
-                                  const QString &protocol, const QString &serverCountryCode, QJsonObject &serverConfig);
+                                  const QString &protocol, const QString &serverCountryCode, const QJsonObject &authData, QJsonObject &serverConfig);
 
 signals:
     void errorOccurred(ErrorCode errorCode);
@@ -44,6 +44,7 @@ private:
 
     QString m_gatewayEndpoint;
     QStringList m_proxyUrls;
+    bool m_isDevEnvironment = false;
 };
 
 #endif // APICONTROLLER_H

client/core/controllers/serverController.cpp

@@ -83,7 +83,6 @@ ErrorCode ServerController::runScript(const ServerCredentials &credentials, QStr
         }
 
         qDebug().noquote() << lineToExec;
-        Logger::appendSshLog("Run command:" + lineToExec);
 
         error = m_sshClient.executeCommand(lineToExec, cbReadStdOut, cbReadStdErr);
         if (error != ErrorCode::NoError) {
@@ -100,13 +99,13 @@ ErrorCode ServerController::runContainerScript(const ServerCredentials &credenti
                                                const std::function<ErrorCode(const QString &, libssh::Client &)> &cbReadStdErr)
 {
     QString fileName = "/opt/amnezia/" + Utils::getRandomString(16) + ".sh";
-    Logger::appendSshLog("Run container script for " + ContainerProps::containerToString(container) + ":\n" + script);
 
     ErrorCode e = uploadTextFileToContainer(container, credentials, script, fileName);
     if (e)
         return e;
 
-    QString runner = QString("sudo docker exec -i $CONTAINER_NAME %2 %1 ").arg(fileName, (container == DockerContainer::Socks5Proxy ? "sh" : "bash"));
+    QString runner =
+            QString("sudo docker exec -i $CONTAINER_NAME %2 %1 ").arg(fileName, (container == DockerContainer::Socks5Proxy ? "sh" : "bash"));
     e = runScript(credentials, replaceVars(runner, genVarsForScript(credentials, container)), cbReadStdOut, cbReadStdErr);
 
     QString remover = QString("sudo docker exec -i $CONTAINER_NAME rm %1 ").arg(fileName);
@@ -426,7 +425,7 @@ ErrorCode ServerController::buildContainerWorker(const ServerCredentials &creden
     if (errorCode)
         return errorCode;
 
-    errorCode = uploadFileToHost(credentials, amnezia::scriptData(ProtocolScriptType::dockerfile, container).toUtf8(),dockerFilePath);
+    errorCode = uploadFileToHost(credentials, amnezia::scriptData(ProtocolScriptType::dockerfile, container).toUtf8(), dockerFilePath);
 
     if (errorCode)
         return errorCode;
@@ -437,9 +436,10 @@ ErrorCode ServerController::buildContainerWorker(const ServerCredentials &creden
         return ErrorCode::NoError;
     };
 
-    errorCode = runScript(credentials,
-                  replaceVars(amnezia::scriptData(SharedScriptType::build_container), genVarsForScript(credentials, container, config)),
-                  cbReadStdOut);
+    errorCode =
+            runScript(credentials,
+                      replaceVars(amnezia::scriptData(SharedScriptType::build_container), genVarsForScript(credentials, container, config)),
+                      cbReadStdOut);
     if (errorCode)
         return errorCode;
 
@@ -621,13 +621,15 @@ ServerController::Vars ServerController::genVarsForScript(const ServerCredential
 
     // Socks5 proxy vars
     vars.append({ { "$SOCKS5_PROXY_PORT", socks5ProxyConfig.value(config_key::port).toString(protocols::socks5Proxy::defaultPort) } });
-    auto username =  socks5ProxyConfig.value(config_key:: userName).toString();
+    auto username = socks5ProxyConfig.value(config_key::userName).toString();
     auto password = socks5ProxyConfig.value(config_key::password).toString();
     QString socks5user = (!username.isEmpty() && !password.isEmpty()) ? QString("users %1:CL:%2").arg(username, password) : "";
-    vars.append({ { "$SOCKS5_USER",  socks5user } });
-    vars.append({ { "$SOCKS5_AUTH_TYPE",  socks5user.isEmpty() ? "none" : "strong" } });
+    vars.append({ { "$SOCKS5_USER", socks5user } });
+    vars.append({ { "$SOCKS5_AUTH_TYPE", socks5user.isEmpty() ? "none" : "strong" } });
 
-    QString serverIp = NetworkUtilities::getIPAddress(credentials.hostName);
+    QString serverIp = (container != DockerContainer::Awg && container != DockerContainer::WireGuard && container != DockerContainer::Xray)
+            ? NetworkUtilities::getIPAddress(credentials.hostName)
+            : credentials.hostName;
     if (!serverIp.isEmpty()) {
         vars.append({ { "$SERVER_IP_ADDRESS", serverIp } });
     } else {
@@ -713,7 +715,8 @@ ErrorCode ServerController::isServerPortBusy(const ServerCredentials &credential
         udpProtoScript.append("' | grep -i udp");
         tcpProtoScript.append(" | grep LISTEN");
 
-        ErrorCode errorCode = runScript(credentials, replaceVars(tcpProtoScript, genVarsForScript(credentials, container)), cbReadStdOut, cbReadStdErr);
+        ErrorCode errorCode =
+                runScript(credentials, replaceVars(tcpProtoScript, genVarsForScript(credentials, container)), cbReadStdOut, cbReadStdErr);
         if (errorCode != ErrorCode::NoError) {
             return errorCode;
         }
@@ -767,6 +770,12 @@ ErrorCode ServerController::isUserInSudo(const ServerCredentials &credentials, D
 
     if (!stdOut.contains("sudo"))
         return ErrorCode::ServerUserNotInSudo;
+    if (stdOut.contains("command not found"))
+        return ErrorCode::SudoPackageIsNotPreinstalled;
+    if (stdOut.contains("sudoers"))
+        return ErrorCode::ServerUserNotListedInSudoers;
+    if (stdOut.contains("password is required"))
+        return ErrorCode::ServerUserPasswordRequired;
 
     return error;
 }

client/core/controllers/vpnConfigurationController.cpp

@@ -100,7 +100,13 @@ QJsonObject VpnConfigurationsController::createVpnConfiguration(const QPair<QStr
         protocolConfigString = configurator->processConfigWithLocalSettings(dns, isApiConfig, protocolConfigString);
 
         QJsonObject vpnConfigData = QJsonDocument::fromJson(protocolConfigString.toUtf8()).object();
-        vpnConfigData = QJsonDocument::fromJson(protocolConfigString.toUtf8()).object();
+        if (container == DockerContainer::Awg || container == DockerContainer::WireGuard) {
+            // add mtu for old configs
+            if (vpnConfigData[config_key::mtu].toString().isEmpty()) {
+                vpnConfigData[config_key::mtu] = container == DockerContainer::Awg ? protocols::awg::defaultMtu : protocols::wireguard::defaultMtu;
+            }
+        }
+
         vpnConfiguration.insert(ProtocolProps::key_proto_config_data(proto), vpnConfigData);
     }
 

client/core/defs.h

@@ -56,6 +56,9 @@ namespace amnezia
         ServerCancelInstallation = 204,
         ServerUserNotInSudo = 205,
         ServerPacketManagerError = 206,
+        SudoPackageIsNotPreinstalled = 207,
+        ServerUserNotListedInSudoers = 208,
+        ServerUserPasswordRequired = 209,
 
         // Ssh connection errors
         SshRequestDeniedError = 300,
@@ -96,6 +99,7 @@ namespace amnezia
 
         // import and install errors
         ImportInvalidConfigError = 900,
+        ImportOpenConfigError = 901,
 
         // Android errors
         AndroidError = 1000,
@@ -107,6 +111,7 @@ namespace amnezia
         ApiConfigTimeoutError = 1103,
         ApiConfigSslError = 1104,
         ApiMissingAgwPublicKey = 1105,
+        ApiConfigDecryptionError = 1106,
 
         // QFile errors
         OpenError = 1200,

client/core/errorstrings.cpp

@@ -21,6 +21,9 @@ QString errorString(ErrorCode code) {
     case(ErrorCode::ServerCancelInstallation): errorMessage = QObject::tr("Installation canceled by user"); break;
     case(ErrorCode::ServerUserNotInSudo): errorMessage = QObject::tr("The user does not have permission to use sudo"); break;
     case(ErrorCode::ServerPacketManagerError): errorMessage = QObject::tr("Server error: Packet manager error"); break;
+    case(ErrorCode::SudoPackageIsNotPreinstalled): errorMessage = QObject::tr("The sudo package is not pre-installed"); break;
+    case(ErrorCode::ServerUserNotListedInSudoers): errorMessage = QObject::tr("The user is not listed in sudoers"); break;
+    case(ErrorCode::ServerUserPasswordRequired): errorMessage = QObject::tr("The user's password is required"); break;
 
     // Libssh errors
     case(ErrorCode::SshRequestDeniedError): errorMessage = QObject::tr("SSH request was denied"); break;
@@ -50,6 +53,7 @@ QString errorString(ErrorCode code) {
     case (ErrorCode::AddressPoolError): errorMessage = QObject::tr("VPN pool error: no available addresses"); break;
 
     case (ErrorCode::ImportInvalidConfigError): errorMessage = QObject::tr("The config does not contain any containers and credentials for connecting to the server"); break;
+    case (ErrorCode::ImportOpenConfigError): errorMessage = QObject::tr("Unable to open config file"); break;
 
     // Android errors
     case (ErrorCode::AndroidError): errorMessage = QObject::tr("VPN connection error"); break;
@@ -61,6 +65,7 @@ QString errorString(ErrorCode code) {
     case (ErrorCode::ApiConfigSslError): errorMessage = QObject::tr("SSL error occurred"); break;
     case (ErrorCode::ApiConfigTimeoutError): errorMessage = QObject::tr("Server response timeout on api request"); break;
     case (ErrorCode::ApiMissingAgwPublicKey): errorMessage = QObject::tr("Missing AGW public key"); break;
+    case (ErrorCode::ApiConfigDecryptionError): errorMessage = QObject::tr("Failed to decrypt response payload"); break;
       
     // QFile errors
     case(ErrorCode::OpenError): errorMessage = QObject::tr("QFile error: The file could not be opened"); break;

client/core/ipcclient.cpp

@@ -29,6 +29,12 @@ QSharedPointer<IpcInterfaceReplica> IpcClient::Interface()
     return Instance()->m_ipcClient;
 }
 
+QSharedPointer<IpcProcessTun2SocksReplica> IpcClient::InterfaceTun2Socks()
+{
+    if (!Instance()) return nullptr;
+    return Instance()->m_Tun2SocksClient;
+}
+
 bool IpcClient::init(IpcClient *instance)
 {
     m_instance = instance;
@@ -44,6 +50,12 @@ bool IpcClient::init(IpcClient *instance)
             qWarning() << "IpcClient replica is not connected!";
         }
 
+        Instance()->m_Tun2SocksClient.reset(Instance()->m_ClientNode.acquire<IpcProcessTun2SocksReplica>());
+        Instance()->m_Tun2SocksClient->waitForSource(1000);
+
+        if (!Instance()->m_Tun2SocksClient->isReplicaValid()) {
+            qWarning() << "IpcClient::m_Tun2SocksClient replica is not connected!";
+        }
     });
 
     connect(Instance()->m_localSocket, &QLocalSocket::disconnected, [instance](){
@@ -51,16 +63,16 @@ bool IpcClient::init(IpcClient *instance)
     });
 
     Instance()->m_localSocket->connectToServer(amnezia::getIpcServiceUrl());
-
     Instance()->m_localSocket->waitForConnected();
 
     if (!Instance()->m_ipcClient) {
         qDebug() << "IpcClient::init failed";
         return false;
     }
+
     qDebug() << "IpcClient::init succeed";
 
-    return Instance()->m_ipcClient->isReplicaValid();
+    return (Instance()->m_ipcClient->isReplicaValid() && Instance()->m_Tun2SocksClient->isReplicaValid());
 }
 
 QSharedPointer<PrivilegedProcess> IpcClient::CreatePrivilegedProcess()

client/core/ipcclient.h

@@ -6,6 +6,7 @@
 
 #include "ipc.h"
 #include "rep_ipc_interface_replica.h"
+#include "rep_ipc_process_tun2socks_replica.h"
 
 #include "privileged_process.h"
 
@@ -18,6 +19,7 @@ public:
    static IpcClient *Instance();
    static bool init(IpcClient *instance);
    static QSharedPointer<IpcInterfaceReplica> Interface();
+   static QSharedPointer<IpcProcessTun2SocksReplica> InterfaceTun2Socks();
    static QSharedPointer<PrivilegedProcess> CreatePrivilegedProcess();
 
    bool isSocketConnected() const;
@@ -28,8 +30,11 @@ private:
     ~IpcClient() override;
 
     QRemoteObjectNode m_ClientNode;
+    QRemoteObjectNode m_Tun2SocksNode;
     QSharedPointer<IpcInterfaceReplica> m_ipcClient;
     QPointer<QLocalSocket> m_localSocket;
+    QPointer<QLocalSocket> m_tun2socksSocket;
+    QSharedPointer<IpcProcessTun2SocksReplica> m_Tun2SocksClient;
 
     struct ProcessDescriptor {
         ProcessDescriptor () {

client/core/networkUtilities.cpp

@@ -109,7 +109,10 @@ QStringList NetworkUtilities::summarizeRoutes(const QStringList &ips, const QStr
 
 QString NetworkUtilities::getIPAddress(const QString &host)
 {
-    if (ipAddressRegExp().match(host).hasMatch()) {
+    QHostAddress address(host);
+    if (QAbstractSocket::IPv4Protocol == address.protocol()) {
+        return host;
+    } else if (QAbstractSocket::IPv6Protocol == address.protocol()) {
         return host;
     }
 

client/daemon/daemon.cpp

@@ -78,7 +78,7 @@ bool Daemon::activate(const InterfaceConfig& config) {
         return false;
       }
 
-      if (supportDnsUtils() && !dnsutils()->restoreResolvers()) {
+      if (!dnsutils()->restoreResolvers()) {
         return false;
       }
 
@@ -165,10 +165,6 @@ bool Daemon::activate(const InterfaceConfig& config) {
 }
 
 bool Daemon::maybeUpdateResolvers(const InterfaceConfig& config) {
-  if (!supportDnsUtils()) {
-    return true;
-  }
-
   if ((config.m_hopType == InterfaceConfig::MultiHopExit) ||
       (config.m_hopType == InterfaceConfig::SingleHop)) {
     QList<QHostAddress> resolvers;
@@ -423,13 +419,8 @@ bool Daemon::deactivate(bool emitSignals) {
   }
 
   // Cleanup DNS
-  if (supportDnsUtils() && !dnsutils()->restoreResolvers()) {
-    return false;
-  }
-
-  if (!wgutils()->interfaceExists()) {
-    logger.warning() << "Wireguard interface does not exist.";
-    return false;
+  if (!dnsutils()->restoreResolvers()) {
+    logger.warning() << "Failed to restore DNS resolvers.";
   }
 
   // Cleanup peers and routing
@@ -449,13 +440,9 @@ bool Daemon::deactivate(bool emitSignals) {
   }
   m_excludedAddrSet.clear();
 
-  // Delete the interface
-  if (!wgutils()->deleteInterface()) {
-    return false;
-  }
-
   m_connections.clear();
-  return true;
+  // Delete the interface
+  return wgutils()->deleteInterface();  
 }
 
 QString Daemon::logs() {

client/daemon/daemon.h

@@ -69,7 +69,6 @@ class Daemon : public QObject {
   virtual WireguardUtils* wgutils() const = 0;
   virtual bool supportIPUtils() const { return false; }
   virtual IPUtils* iputils() { return nullptr; }
-  virtual bool supportDnsUtils() const { return false; }
   virtual DnsUtils* dnsutils() { return nullptr; }
 
   static bool parseStringList(const QJsonObject& obj, const QString& name,

client/daemon/daemonlocalserverconnection.cpp

@@ -92,6 +92,17 @@ void DaemonLocalServerConnection::parseCommand(const QByteArray& data) {
 
   logger.debug() << "Command received:" << type;
 
+  // It is expected that sometimes the client will request backend logs
+  // before the first authentication. In these cases we just return empty
+  // logs.
+  if (type == "logs") {
+    QJsonObject obj;
+    obj.insert("type", "logs");
+    obj.insert("logs", "");
+    write(obj);
+    return;
+  }
+
   if (type == "activate") {
     InterfaceConfig config;
     if (!Daemon::parseConfig(obj, config)) {
@@ -115,8 +126,7 @@ void DaemonLocalServerConnection::parseCommand(const QByteArray& data) {
   if (type == "status") {
     QJsonObject obj = Daemon::instance()->getStatus();
     obj.insert("type", "status");
-    m_socket->write(QJsonDocument(obj).toJson(QJsonDocument::Compact));
-    m_socket->write("\n");
+    write(obj);
     return;
   }
 
@@ -124,8 +134,7 @@ void DaemonLocalServerConnection::parseCommand(const QByteArray& data) {
     QJsonObject obj;
     obj.insert("type", "logs");
     obj.insert("logs", Daemon::instance()->logs().replace("\n", "|"));
-    m_socket->write(QJsonDocument(obj).toJson(QJsonDocument::Compact));
-    m_socket->write("\n");
+    write(obj);
     return;
   }
 

client/logger.h

@@ -1,107 +0,0 @@
-#ifndef LOGGER_H
-#define LOGGER_H
-
-#include <QDebug>
-#include <QDir>
-#include <QFile>
-#include <QString>
-#include <QTextStream>
-
-#include "ui/property_helper.h"
-
-#include "mozilla/shared/loglevel.h"
-
-class Logger : public QObject
-{
-    Q_OBJECT
-    AUTO_PROPERTY(QString, sshLog)
-    AUTO_PROPERTY(QString, allLog)
-
-public:
-    static Logger& Instance();
-
-    static void appendSshLog(const QString &log);
-    static void appendAllLog(const QString &log);
-
-
-    static bool init();
-    static void deInit();
-    static bool setServiceLogsEnabled(bool enabled);
-    static bool openLogsFolder();
-    static bool openServiceLogsFolder();
-    static QString appLogFileNamePath();
-    static void clearLogs();
-    static void clearServiceLogs();
-    static void cleanUp();
-
-    static QString userLogsFilePath();
-    static QString getLogFile();
-
-    // compat with Mozilla logger
-    Logger(const QString &className) { m_className = className; }
-    const QString& className() const { return m_className; }
-
-    class Log {
-    public:
-        Log(Logger* logger, LogLevel level);
-        ~Log();
-
-        Log& operator<<(uint64_t t);
-        Log& operator<<(const char* t);
-        Log& operator<<(const QString& t);
-        Log& operator<<(const QStringList& t);
-        Log& operator<<(const QByteArray& t);
-        Log& operator<<(const QJsonObject& t);
-        Log& operator<<(QTextStreamFunction t);
-        Log& operator<<(const void* t);
-
-        // Q_ENUM
-        template <typename T>
-        typename std::enable_if<QtPrivate::IsQEnumHelper<T>::Value, Log&>::type
-        operator<<(T t) {
-            const QMetaObject* meta = qt_getEnumMetaObject(t);
-            const char* name = qt_getEnumName(t);
-            addMetaEnum(typename QFlags<T>::Int(t), meta, name);
-            return *this;
-        }
-
-    private:
-        void addMetaEnum(quint64 value, const QMetaObject* meta, const char* name);
-
-        Logger* m_logger;
-        LogLevel m_logLevel;
-
-        struct Data {
-            Data() : m_ts(&m_buffer, QIODevice::WriteOnly) {}
-
-            QString m_buffer;
-            QTextStream m_ts;
-        };
-
-        Data* m_data;
-    };
-
-    Log error();
-    Log warning();
-    Log info();
-    Log debug();
-    QString sensitive(const QString& input);
-
-private:
-    Logger() {}
-    Logger(Logger const &) = delete;
-    Logger& operator= (Logger const&) = delete;
-
-    static QString userLogsDir();
-
-    static QFile m_file;
-    static QTextStream m_textStream;
-    static QString m_logFileName;
-
-    friend void debugMessageHandler(QtMsgType type, const QMessageLogContext& context, const QString& msg);
-
-    // compat with Mozilla logger
-    QString m_className;
-};
-
-#endif // LOGGER_H

client/main.cpp

@@ -15,13 +15,24 @@
     #include "platforms/ios/QtAppDelegate-C-Interface.h"
 #endif
 
+#if !defined(Q_OS_ANDROID) && !defined(Q_OS_IOS)
+bool isAnotherInstanceRunning()
+{
+    QLocalSocket socket;
+    socket.connectToServer("AmneziaVPNInstance");
+    if (socket.waitForConnected(500)) {
+        qWarning() << "AmneziaVPN is already running";
+        return true;
+    }
+    return false;
+}
+#endif
+
 int main(int argc, char *argv[])
 {
     Migrations migrationsManager;
     migrationsManager.doMigrations();
 
-    QGuiApplication::setAttribute(Qt::AA_EnableHighDpiScaling, true);
-
 #ifdef Q_OS_WIN
     AllowSetForegroundWindow(ASFW_ANY);
 #endif
@@ -32,16 +43,14 @@ int main(int argc, char *argv[])
     qputenv("ANDROID_OPENSSL_SUFFIX", "_3");
 #endif
 
-#if defined(Q_OS_ANDROID) || defined(Q_OS_IOS)
     AmneziaApplication app(argc, argv);
-#else
-    AmneziaApplication app(argc, argv, true,
-                           SingleApplication::Mode::User | SingleApplication::Mode::SecondaryNotification);
 
-    if (!app.isPrimary()) {
+#if !defined(Q_OS_ANDROID) && !defined(Q_OS_IOS)
+    if (isAnotherInstanceRunning()) {
         QTimer::singleShot(1000, &app, [&]() { app.quit(); });
         return app.exec();
     }
+    app.startLocalServer();
 #endif
 
 // Allow to raise app window if secondary instance launched

client/mozilla/localsocketcontroller.cpp

@@ -34,8 +34,8 @@ LocalSocketController::LocalSocketController() {
   m_socket = new QLocalSocket(this);
   connect(m_socket, &QLocalSocket::connected, this,
           &LocalSocketController::daemonConnected);
-  connect(m_socket, &QLocalSocket::disconnected, this,
-          &LocalSocketController::disconnected);
+  connect(m_socket, &QLocalSocket::disconnected, this, 
+          [&] { errorOccurred(QLocalSocket::PeerClosedError); });
   connect(m_socket, &QLocalSocket::errorOccurred, this,
           &LocalSocketController::errorOccurred);
   connect(m_socket, &QLocalSocket::readyRead, this,
@@ -149,7 +149,7 @@ void LocalSocketController::activate(const QJsonObject &rawConfig) {
   QJsonArray jsAllowedIPAddesses;
 
   QJsonArray plainAllowedIP = wgConfig.value(amnezia::config_key::allowed_ips).toArray();
-  QJsonArray defaultAllowedIP = QJsonArray::fromStringList(QString("0.0.0.0/0, ::/0").split(","));
+  QJsonArray defaultAllowedIP = { "0.0.0.0/0", "::/0" };
 
   if (plainAllowedIP != defaultAllowedIP && !plainAllowedIP.isEmpty()) {
     // Use AllowedIP list from WG config because of higher priority

client/platforms/android/android_controller.cpp

@@ -98,6 +98,7 @@ bool AndroidController::initialize()
         {"onStatisticsUpdate", "(JJ)V", reinterpret_cast<void *>(onStatisticsUpdate)},
         {"onFileOpened", "(Ljava/lang/String;)V", reinterpret_cast<void *>(onFileOpened)},
         {"onConfigImported", "(Ljava/lang/String;)V", reinterpret_cast<void *>(onConfigImported)},
+        {"onAuthResult", "(Z)V", reinterpret_cast<void *>(onAuthResult)},
         {"decodeQrCode", "(Ljava/lang/String;)Z", reinterpret_cast<bool *>(decodeQrCode)}
     };
 
@@ -210,6 +211,11 @@ void AndroidController::setScreenshotsEnabled(bool enabled)
     callActivityMethod("setScreenshotsEnabled", "(Z)V", enabled);
 }
 
+void AndroidController::setNavigationBarColor(unsigned int color)
+{
+    callActivityMethod("setNavigationBarColor", "(I)V", color);
+}
+
 void AndroidController::minimizeApp()
 {
     callActivityMethod("minimizeApp", "()V");
@@ -265,6 +271,22 @@ void AndroidController::requestNotificationPermission()
     callActivityMethod("requestNotificationPermission", "()V");
 }
 
+bool AndroidController::requestAuthentication()
+{
+    QEventLoop wait;
+    bool result;
+    connect(this, &AndroidController::authenticationResult, this,
+            [&result, &wait](const bool &authResult){
+                qDebug() << "Android authentication result:" << authResult;
+                result = authResult;
+                wait.quit();
+            },
+            static_cast<Qt::ConnectionType>(Qt::QueuedConnection | Qt::SingleShotConnection));
+    callActivityMethod("requestAuthentication", "()V");
+    wait.exec();
+    return result;
+}
+
 // Moving log processing to the Android side
 jclass AndroidController::log;
 jmethodID AndroidController::logDebug;
@@ -462,6 +484,14 @@ void AndroidController::onConfigImported(JNIEnv *env, jobject thiz, jstring data
     emit AndroidController::instance()->configImported(AndroidUtils::convertJString(env, data));
 }
 
+// static
+void AndroidController::onAuthResult(JNIEnv *env, jobject thiz, jboolean result)
+{
+    Q_UNUSED(thiz);
+
+    emit AndroidController::instance()->authenticationResult(result);
+}
+
 // static
 bool AndroidController::decodeQrCode(JNIEnv *env, jobject thiz, jstring data)
 {

client/platforms/android/android_controller.h

@@ -41,11 +41,13 @@ public:
     void exportLogsFile(const QString &fileName);
     void clearLogs();
     void setScreenshotsEnabled(bool enabled);
+    void setNavigationBarColor(unsigned int color);
     void minimizeApp();
     QJsonArray getAppList();
     QPixmap getAppIcon(const QString &package, QSize *size, const QSize &requestedSize);
     bool isNotificationPermissionGranted();
     void requestNotificationPermission();
+    bool requestAuthentication();
 
     static bool initLogging();
     static void messageHandler(QtMsgType type, const QMessageLogContext &context, const QString &message);
@@ -63,6 +65,7 @@ signals:
     void configImported(QString config);
     void importConfigFromOutside(QString config);
     void initConnectionState(Vpn::ConnectionState state);
+    void authenticationResult(bool result);
 
 private:
     bool isWaitingStatus = true;
@@ -89,6 +92,7 @@ private:
     static void onStatisticsUpdate(JNIEnv *env, jobject thiz, jlong rxBytes, jlong txBytes);
     static void onConfigImported(JNIEnv *env, jobject thiz, jstring data);
     static void onFileOpened(JNIEnv *env, jobject thiz, jstring uri);
+    static void onAuthResult(JNIEnv *env, jobject thiz, jboolean result);
     static bool decodeQrCode(JNIEnv *env, jobject thiz, jstring data);
 
     template <typename Ret, typename ...Args>

client/platforms/android/authResultReceiver.cpp

@@ -1,16 +0,0 @@
-#include "authResultReceiver.h"
-
-AuthResultReceiver::AuthResultReceiver(QSharedPointer<AuthResultNotifier> &notifier) : m_notifier(notifier)
-{
-}
-
-void AuthResultReceiver::handleActivityResult(int receiverRequestCode, int resultCode, const QJniObject &data)
-{
-    qDebug() << "receiverRequestCode" << receiverRequestCode << "resultCode" << resultCode;
-
-    if (resultCode == -1) { // ResultOK
-        emit m_notifier->authSuccessful();
-    } else {
-        emit m_notifier->authFailed();
-    }
-}

client/platforms/android/authResultReceiver.h

@@ -1,32 +0,0 @@
-#ifndef AUTHRESULTRECEIVER_H
-#define AUTHRESULTRECEIVER_H
-
-#include <QJniObject>
-
-#include <private/qandroidextras_p.h>
-
-class AuthResultNotifier : public QObject
-{
-    Q_OBJECT
-
-public:
-    AuthResultNotifier(QObject *parent = nullptr) : QObject(parent) {};
-
-signals:
-    void authFailed();
-    void authSuccessful();
-};
-
-/* Auth result handler for Android */
-class AuthResultReceiver final : public QAndroidActivityResultReceiver
-{
-public:
-    AuthResultReceiver(QSharedPointer<AuthResultNotifier> &notifier);
-
-    void handleActivityResult(int receiverRequestCode, int resultCode, const QJniObject &data) override;
-
-private:
-    QSharedPointer<AuthResultNotifier> m_notifier;
-};
-
-#endif // AUTHRESULTRECEIVER_H

client/platforms/ios/ios_controller.mm

@@ -351,8 +351,6 @@ void IosController::vpnStatusDidChange(void *pNotification)
                                 }
                             }
                         }
-                    } else {
-                        qDebug() << "Disconnect error is absent";
                     }
                 }];
             } else {
@@ -501,6 +499,20 @@ bool IosController::setupWireGuard()
         wgConfig.insert(config_key::persistent_keep_alive, "25");
     }
 
+    if (config.contains(config_key::isObfuscationEnabled) && config.value(config_key::isObfuscationEnabled).toBool()) {
+        wgConfig.insert(config_key::initPacketMagicHeader, config[config_key::initPacketMagicHeader]);
+        wgConfig.insert(config_key::responsePacketMagicHeader, config[config_key::responsePacketMagicHeader]);
+        wgConfig.insert(config_key::underloadPacketMagicHeader, config[config_key::underloadPacketMagicHeader]);
+        wgConfig.insert(config_key::transportPacketMagicHeader, config[config_key::transportPacketMagicHeader]);
+
+        wgConfig.insert(config_key::initPacketJunkSize, config[config_key::initPacketJunkSize]);
+        wgConfig.insert(config_key::responsePacketJunkSize, config[config_key::responsePacketJunkSize]);
+
+        wgConfig.insert(config_key::junkPacketCount, config[config_key::junkPacketCount]);
+        wgConfig.insert(config_key::junkPacketMinSize, config[config_key::junkPacketMinSize]);
+        wgConfig.insert(config_key::junkPacketMaxSize, config[config_key::junkPacketMaxSize]);
+    }
+
     QJsonDocument wgConfigDoc(wgConfig);
     QString wgConfigDocStr(wgConfigDoc.toJson(QJsonDocument::Compact));
 
@@ -835,7 +847,7 @@ QString IosController::openFile() {
 
 void IosController::requestInetAccess() {
     NSURL *url = [NSURL URLWithString:@"http://captive.apple.com/generate_204"];
-    if (url) {
+    if (!url) {
         qDebug() << "IosController::requestInetAccess URL error";
         return;
     }
@@ -847,7 +859,6 @@ void IosController::requestInetAccess() {
         } else {
             NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *)response;
             QString responseBody = QString::fromUtf8((const char*)data.bytes, data.length);
-            qDebug() << "IosController::requestInetAccess server response:" << httpResponse.statusCode << "\n\n" <<responseBody;
         }
     }];
     [task resume];

client/platforms/linux/daemon/linuxdaemon.h

@@ -22,7 +22,6 @@ class LinuxDaemon final : public Daemon {
 
  protected:
   WireguardUtils* wgutils() const override { return m_wgutils; }
-  bool supportDnsUtils() const override { return true; }
   DnsUtils* dnsutils() override { return m_dnsutils; }
   bool supportIPUtils() const override { return true; }
   IPUtils* iputils() override { return m_iputils; }

client/platforms/macos/daemon/macosdaemon.h

@@ -21,7 +21,6 @@ class MacOSDaemon final : public Daemon {
 
  protected:
   WireguardUtils* wgutils() const override { return m_wgutils; }
-  bool supportDnsUtils() const override { return true; }
   DnsUtils* dnsutils() override { return m_dnsutils; }
   bool supportIPUtils() const override { return true; }
   IPUtils* iputils() override { return m_iputils; }

client/platforms/windows/daemon/windowsdaemon.h

@@ -26,7 +26,6 @@ class WindowsDaemon final : public Daemon {
  protected:
   bool run(Op op, const InterfaceConfig& config) override;
   WireguardUtils* wgutils() const override { return m_wgutils; }
-  bool supportDnsUtils() const override { return true; }
   DnsUtils* dnsutils() override { return m_dnsutils; }
 
  private:

client/platforms/windows/daemon/windowssplittunnel.cpp

@@ -502,7 +502,7 @@ QString WindowsSplitTunnel::convertPath(const QString& path) {
     // device should contain : for e.g C:
     return "";
   }
-  QByteArray buffer(2048, 0xFF);
+  QByteArray buffer(2048, 0xFFu);
   auto ok = QueryDosDeviceW(qUtf16Printable(driveLetter),
                             (wchar_t*)buffer.data(), buffer.size() / 2);
 

client/platforms/windows/daemon/wireguardutilswindows.cpp

@@ -248,7 +248,7 @@ bool WireguardUtilsWindows::updateRoutePrefix(const IPAddress& prefix) {
   }
   if (result != NO_ERROR) {
     logger.error() << "Failed to create route to"
-                   << logger.sensitive(prefix.toString())
+                   << prefix.toString()
                    << "result:" << result;
   }
   return result == NO_ERROR;
@@ -265,7 +265,7 @@ bool WireguardUtilsWindows::deleteRoutePrefix(const IPAddress& prefix) {
   }
   if (result != NO_ERROR) {
     logger.error() << "Failed to delete route to"
-                   << logger.sensitive(prefix.toString())
+                   << prefix.toString()
                    << "result:" << result;
   }
   return result == NO_ERROR;

client/platforms/windows/windowscommons.cpp

@@ -21,7 +21,7 @@
 #include "platforms/windows/windowsutils.h"
 
 constexpr const char* VPN_NAME = "AmneziaVPN";
-constexpr const char* WIREGUARD_DIR = "WireGuard";
+constexpr const char* WIREGUARD_DIR = "AmneziaWG";
 constexpr const char* DATA_DIR = "Data";
 
 namespace {

client/platforms/windows/windowsservicemanager.h

@@ -12,7 +12,7 @@
 #include "Winsvc.h"
 
 /**
- * @brief The WindowsServiceManager provides controll over the MozillaVPNBroker
+ * @brief The WindowsServiceManager provides control over the MozillaVPNBroker
  * service via SCM
  */
 class WindowsServiceManager : public QObject {

client/protocols/ikev2_vpn_protocol_windows.cpp

@@ -10,6 +10,7 @@
 #include "ikev2_vpn_protocol_windows.h"
 #include "utilities.h"
 
+
 static Ikev2Protocol* self = nullptr;
 static std::mutex rasDialFuncMutex;
 
@@ -80,10 +81,10 @@ void Ikev2Protocol::newConnectionStateEventReceived(UINT unMsg, tagRASCONNSTATE
     case RASCS_AuthNotify:
         //qDebug()<<__FUNCTION__ << __LINE__;
         if (dwError != 0) {
-            //qDebug() << "have error" << dwError;
+            qDebug() << "have error" << dwError;
             setConnectionState(Vpn::ConnectionState::Disconnected);
         } else {
-            //qDebug() << "RASCS_AuthNotify but no error" << dwError;
+            qDebug() << "RASCS_AuthNotify but no error" << dwError;
         }
         break;
     case RASCS_AuthRetry:
@@ -179,11 +180,13 @@ ErrorCode Ikev2Protocol::start()
     QByteArray cert = QByteArray::fromBase64(m_config[config_key::cert].toString().toUtf8());
     setConnectionState(Vpn::ConnectionState::Connecting);
 
-    QTemporaryFile certFile;
-    certFile.setAutoRemove(false);
-    certFile.open();
-    certFile.write(cert);
-    certFile.close();
+    QTemporaryFile * certFile = new QTemporaryFile;
+    certFile->setAutoRemove(false);
+    certFile->open();
+    QString m_filename = certFile->fileName();
+    certFile->write(cert);
+    certFile->close();
+    delete certFile;
 
     {
         auto certInstallProcess = IpcClient::CreatePrivilegedProcess();
@@ -193,19 +196,19 @@ ErrorCode Ikev2Protocol::start()
             return ErrorCode::AmneziaServiceConnectionFailed;
         }
 
-        certInstallProcess->waitForSource(1000);
+        certInstallProcess->waitForSource();
         if (!certInstallProcess->isInitialized()) {
             qWarning() << "IpcProcess replica is not connected!";
             setLastError(ErrorCode::AmneziaServiceConnectionFailed);
             return ErrorCode::AmneziaServiceConnectionFailed;
         }
         certInstallProcess->setProgram(PermittedProcess::CertUtil);
-        QStringList arguments({"-f" , "-importpfx",
-                               "-p", m_config[config_key::password].toString(),
-                               certFile.fileName(), "NoExport"
-                              });
-        certInstallProcess->setArguments(arguments);
 
+        QStringList arguments({"-f", "-importpfx", "-p", m_config[config_key::password].toString(),
+            QDir::toNativeSeparators(m_filename), "NoExport"
+        });
+
+        certInstallProcess->setArguments(arguments);
         certInstallProcess->start();
     }
     // /*
@@ -219,40 +222,40 @@ ErrorCode Ikev2Protocol::start()
     }
 
     {
-        {
-            if ( !create_new_vpn(tunnelName(), m_config[config_key::hostName].toString())){
-                qDebug() <<"Can't create the VPN connect";
-            }
-        }
-    }
+     {
+      if ( !create_new_vpn(tunnelName(), m_config[config_key::hostName].toString())){
+                                                                                    qDebug() <<"Can't create the VPN connect";
+}
+}
+}
 
-    {
-        auto adapterConfigProcess = new QProcess;
+{
+    QProcess adapterConfigProcess;
+    adapterConfigProcess.setProgram("powershell");
+    QString arguments = QString("-command \"Set-VpnConnectionIPsecConfiguration\" "
+                                "-ConnectionName '%1' "
+                                "-AuthenticationTransformConstants GCMAES128 "
+                                "-CipherTransformConstants GCMAES128 "
+                                "-EncryptionMethod AES256 "
+                                "-IntegrityCheckMethod SHA256 "
+                                "-PfsGroup None "
+                                "-DHGroup Group14 "
+                                "-PassThru -Force\"")
+                            .arg(tunnelName());
 
-        adapterConfigProcess->setProgram("powershell");
-        QString arguments = QString("-command \"Set-VpnConnectionIPsecConfiguration\" "
-                                    "-ConnectionName '%1' "
-                                    "-AuthenticationTransformConstants GCMAES128 "
-                                    "-CipherTransformConstants GCMAES128 "
-                                    "-EncryptionMethod AES256 "
-                                    "-IntegrityCheckMethod SHA256 "
-                                    "-PfsGroup None "
-                                    "-DHGroup Group14 "
-                                    "-PassThru -Force\"")
-                .arg(tunnelName());
-        adapterConfigProcess->setNativeArguments(arguments);
+    adapterConfigProcess.setNativeArguments(arguments);
 
-        adapterConfigProcess->start();
-        adapterConfigProcess->waitForFinished(5000);
+    adapterConfigProcess.start();
+    adapterConfigProcess.waitForFinished(5000);
+}
+//*/
+{
+    if (!connect_to_vpn(tunnelName())) {
+        qDebug()<<"We can't connect to VPN";
     }
-    //*/
-    {
-        if (!connect_to_vpn(tunnelName())) {
-            qDebug()<<"We can't connect to VPN";
-        }
-    }
-    //setConnectionState(Connecting);
-    return ErrorCode::NoError;
+}
+//setConnectionState(Connecting);
+return ErrorCode::NoError;
 }
 //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 bool Ikev2Protocol::create_new_vpn(const QString & vpn_name,
@@ -299,6 +302,7 @@ bool Ikev2Protocol::connect_to_vpn(const QString & vpn_name){
     auto ret = RasDial(NULL, NULL, &RasDialParams, 0,
                        &RasDialFuncCallback,
                        &hRasConn);
+
     if (ret == ERROR_SUCCESS){
         return true;
     }

client/protocols/openvpnprotocol.cpp

@@ -6,6 +6,7 @@
 #include <QTcpSocket>
 #include <QNetworkInterface>
 
+#include "core/networkUtilities.h"
 #include "logger.h"
 #include "openvpnprotocol.h"
 #include "utilities.h"
@@ -127,7 +128,6 @@ void OpenVpnProtocol::sendManagementCommand(const QString &command)
 
 uint OpenVpnProtocol::selectMgmtPort()
 {
-
     for (int i = 0; i < 100; ++i) {
         quint32 port = QRandomGenerator::global()->generate();
         port = (double)(65000 - 15001) * port / UINT32_MAX + 15001;
@@ -137,7 +137,6 @@ uint OpenVpnProtocol::selectMgmtPort()
         if (ok)
             return port;
     }
-
     return m_managementPort;
 }
 
@@ -343,7 +342,8 @@ void OpenVpnProtocol::updateVpnGateway(const QString &line)
                             }
                             m_configData.insert("vpnAdapterIndex", netInterfaces.at(i).index());
                             m_configData.insert("vpnGateway", m_vpnGateway);
-                            m_configData.insert("vpnServer", m_configData.value(amnezia::config_key::hostName).toString());
+                            m_configData.insert("vpnServer",
+                                                NetworkUtilities::getIPAddress(m_configData.value(amnezia::config_key::hostName).toString()));
                             IpcClient::Interface()->enablePeerTraffic(m_configData);
                         }
                     }
@@ -352,6 +352,8 @@ void OpenVpnProtocol::updateVpnGateway(const QString &line)
 #if defined(Q_OS_LINUX) || defined(Q_OS_MACOS)
                 // killSwitch toggle
                 if (QVariant(m_configData.value(config_key::killSwitchOption).toString()).toBool()) {
+                    m_configData.insert("vpnServer",
+                                        NetworkUtilities::getIPAddress(m_configData.value(amnezia::config_key::hostName).toString()));
                     IpcClient::Interface()->enableKillSwitch(m_configData, 0);
                 }
 #endif

client/protocols/protocols_defs.h

@@ -65,6 +65,7 @@ namespace amnezia
         constexpr char last_config[] = "last_config";
 
         constexpr char isThirdPartyConfig[] = "isThirdPartyConfig";
+        constexpr char isObfuscationEnabled[] = "isObfuscationEnabled";
 
         constexpr char junkPacketCount[] = "Jc";
         constexpr char junkPacketMinSize[] = "Jmin";

client/protocols/wireguardprotocol.cpp

@@ -4,9 +4,8 @@
 #include <QTcpSocket>
 #include <QThread>
 
-#include "logger.h"
-#include "utilities.h"
 #include "wireguardprotocol.h"
+#include "core/networkUtilities.h"
 
 #include "mozilla/localsocketcontroller.h"
 
@@ -37,6 +36,12 @@ void WireguardProtocol::stop()
 
 ErrorCode WireguardProtocol::startMzImpl()
 {
+    QString protocolName = m_rawConfig.value("protocol").toString();
+    QJsonObject vpnConfigData = m_rawConfig.value(protocolName + "_config_data").toObject();
+    vpnConfigData[config_key::hostName] = NetworkUtilities::getIPAddress(vpnConfigData.value(config_key::hostName).toString());
+    m_rawConfig.insert(protocolName + "_config_data", vpnConfigData);
+    m_rawConfig[config_key::hostName] = NetworkUtilities::getIPAddress(m_rawConfig[config_key::hostName].toString());
+
     m_impl->activate(m_rawConfig);
     return ErrorCode::NoError;
 }

client/protocols/xrayprotocol.cpp

@@ -17,6 +17,7 @@ XrayProtocol::XrayProtocol(const QJsonObject &configuration, QObject *parent):
     m_routeGateway = NetworkUtilities::getGatewayAndIface();
     m_vpnGateway = amnezia::protocols::xray::defaultLocalAddr;
     m_vpnLocalAddress = amnezia::protocols::xray::defaultLocalAddr;
+    m_t2sProcess = IpcClient::InterfaceTun2Socks();
 }
 
 XrayProtocol::~XrayProtocol()
@@ -43,7 +44,9 @@ ErrorCode XrayProtocol::start()
     m_xrayCfgFile.setAutoRemove(false);
 #endif
     m_xrayCfgFile.open();
-    m_xrayCfgFile.write(QJsonDocument(m_xrayConfig).toJson());
+    QString config = QJsonDocument(m_xrayConfig).toJson();
+    config.replace(m_remoteHost, m_remoteAddress);
+    m_xrayCfgFile.write(config.toUtf8());
     m_xrayCfgFile.close();
 
     QStringList args = QStringList() << "-c" << m_xrayCfgFile.fileName() << "-format=json";
@@ -63,7 +66,7 @@ ErrorCode XrayProtocol::start()
     });
 
     connect(&m_xrayProcess, QOverload<int, QProcess::ExitStatus>::of(&QProcess::finished), this, [this](int exitCode, QProcess::ExitStatus exitStatus) {
-        qDebug().noquote() << "XrayProtocol finished, exitCode, exiStatus" << exitCode << exitStatus;
+        qDebug().noquote() << "XrayProtocol finished, exitCode, exitStatus" << exitCode << exitStatus;
         setConnectionState(Vpn::ConnectionState::Disconnected);
         if (exitStatus != QProcess::NormalExit) {
             emit protocolError(amnezia::ErrorCode::XrayExecutableCrashed);
@@ -89,116 +92,80 @@ ErrorCode XrayProtocol::start()
 
 ErrorCode XrayProtocol::startTun2Sock()
 {
-    if (!QFileInfo::exists(Utils::tun2socksPath())) {
-        setLastError(ErrorCode::Tun2SockExecutableMissing);
-        return lastError();
-    }
-
-    m_t2sProcess = IpcClient::CreatePrivilegedProcess();
-
-    if (!m_t2sProcess) {
-        setLastError(ErrorCode::AmneziaServiceConnectionFailed);
-        return ErrorCode::AmneziaServiceConnectionFailed;
-    }
-
-    m_t2sProcess->waitForSource(1000);
-    if (!m_t2sProcess->isInitialized()) {
-        qWarning() << "IpcProcess replica is not connected!";
-        setLastError(ErrorCode::AmneziaServiceConnectionFailed);
-        return ErrorCode::AmneziaServiceConnectionFailed;
-    }
-
-    QString XrayConStr = "socks5://127.0.0.1:" + QString::number(m_localPort);
-
-    m_t2sProcess->setProgram(PermittedProcess::Tun2Socks);
-#ifdef Q_OS_WIN
-    m_configData.insert("inetAdapterIndex", NetworkUtilities::AdapterIndexTo(QHostAddress(m_remoteAddress)));
-    QStringList arguments({"-device", "tun://tun2", "-proxy", XrayConStr, "-tun-post-up",
-                           QString("cmd /c netsh interface ip set address name=\"tun2\" static %1 255.255.255.255").arg(amnezia::protocols::xray::defaultLocalAddr)});
-#endif
-#ifdef Q_OS_LINUX
-    QStringList arguments({"-device", "tun://tun2", "-proxy", XrayConStr});
-#endif
-#ifdef Q_OS_MAC
-    QStringList arguments({"-device", "utun22", "-proxy", XrayConStr});
-#endif
-    m_t2sProcess->setArguments(arguments);
-
-    qDebug() << arguments.join(" ");
-    connect(m_t2sProcess.data(), &PrivilegedProcess::errorOccurred,
-            [&](QProcess::ProcessError error) { qDebug() << "PrivilegedProcess errorOccurred" << error; });
-
-    connect(m_t2sProcess.data(), &PrivilegedProcess::stateChanged,
-            [&](QProcess::ProcessState newState) {
-                qDebug() << "PrivilegedProcess stateChanged" << newState;
-        if (newState == QProcess::Running)
-        {
-            setConnectionState(Vpn::ConnectionState::Connecting);
-            QList<QHostAddress> dnsAddr;
-            dnsAddr.push_back(QHostAddress(m_configData.value(config_key::dns1).toString()));
-            dnsAddr.push_back(QHostAddress(m_configData.value(config_key::dns2).toString()));
-
-#ifdef Q_OS_MACOS
-            QThread::msleep(5000);
-            IpcClient::Interface()->createTun("utun22", amnezia::protocols::xray::defaultLocalAddr);
-            IpcClient::Interface()->updateResolvers("utun22", dnsAddr);
-#endif
-#ifdef Q_OS_WINDOWS
-            QThread::msleep(15000);
-#endif
-#ifdef Q_OS_LINUX
-            QThread::msleep(1000);
-            IpcClient::Interface()->createTun("tun2", amnezia::protocols::xray::defaultLocalAddr);
-            IpcClient::Interface()->updateResolvers("tun2", dnsAddr);
-#endif
-#if defined(Q_OS_LINUX) || defined(Q_OS_MACOS)
-            // killSwitch toggle
-            if (QVariant(m_configData.value(config_key::killSwitchOption).toString()).toBool()) {
-                IpcClient::Interface()->enableKillSwitch(m_configData, 0);
-            }
-#endif
-            if (m_routeMode == 0) {
-                IpcClient::Interface()->routeAddList(m_vpnGateway, QStringList() << "0.0.0.0/1");
-                IpcClient::Interface()->routeAddList(m_vpnGateway, QStringList() << "128.0.0.0/1");
-                IpcClient::Interface()->routeAddList(m_routeGateway, QStringList() << m_remoteAddress);
-            }
-            IpcClient::Interface()->StopRoutingIpv6();
-#ifdef Q_OS_WIN
-            IpcClient::Interface()->updateResolvers("tun2", dnsAddr);
-            QList<QNetworkInterface> netInterfaces = QNetworkInterface::allInterfaces();
-            for (int i = 0; i < netInterfaces.size(); i++) {
-                for (int j=0; j < netInterfaces.at(i).addressEntries().size(); j++)
-                {
-                    // killSwitch toggle
-                    if (m_vpnLocalAddress == netInterfaces.at(i).addressEntries().at(j).ip().toString()) {
-                        if (QVariant(m_configData.value(config_key::killSwitchOption).toString()).toBool()) {
-                            IpcClient::Interface()->enableKillSwitch(QJsonObject(), netInterfaces.at(i).index());
-                        }
-                        m_configData.insert("vpnAdapterIndex", netInterfaces.at(i).index());
-                        m_configData.insert("vpnGateway", m_vpnGateway);
-                        m_configData.insert("vpnServer", m_remoteAddress);
-                        IpcClient::Interface()->enablePeerTraffic(m_configData);
-                    }
-                }
-            }
-#endif
-            setConnectionState(Vpn::ConnectionState::Connected);
-        }
-    });
-
-
-#if !defined(Q_OS_MACOS)
-    connect(m_t2sProcess.data(), &PrivilegedProcess::finished, this,
-            [&]() {
-                setConnectionState(Vpn::ConnectionState::Disconnected);
-                IpcClient::Interface()->deleteTun("tun2");
-                IpcClient::Interface()->StartRoutingIpv6();
-                IpcClient::Interface()->clearSavedRoutes();
-    });
-#endif
-
     m_t2sProcess->start();
 
+#ifdef Q_OS_WIN
+    m_configData.insert("inetAdapterIndex", NetworkUtilities::AdapterIndexTo(QHostAddress(m_remoteAddress)));
+#endif
+
+    connect(m_t2sProcess.data(), &IpcProcessTun2SocksReplica::stateChanged, this,
+            [&](QProcess::ProcessState newState) { qDebug() << "PrivilegedProcess stateChanged" << newState; });
+
+    connect(m_t2sProcess.data(), &IpcProcessTun2SocksReplica::setConnectionState, this,
+            [&](int vpnState) {
+                qDebug() << "PrivilegedProcess setConnectionState " << vpnState;
+                if (vpnState == Vpn::ConnectionState::Connected)
+                {
+                    setConnectionState(Vpn::ConnectionState::Connecting);
+                    QList<QHostAddress> dnsAddr;
+                    dnsAddr.push_back(QHostAddress(m_configData.value(config_key::dns1).toString()));
+                    dnsAddr.push_back(QHostAddress(m_configData.value(config_key::dns2).toString()));
+#ifdef Q_OS_WIN
+                    QThread::msleep(8000);
+#endif
+#ifdef Q_OS_MACOS
+                    QThread::msleep(5000);
+                    IpcClient::Interface()->createTun("utun22", amnezia::protocols::xray::defaultLocalAddr);
+                    IpcClient::Interface()->updateResolvers("utun22", dnsAddr);
+#endif
+#ifdef Q_OS_LINUX
+                    QThread::msleep(1000);
+                    IpcClient::Interface()->createTun("tun2", amnezia::protocols::xray::defaultLocalAddr);
+                    IpcClient::Interface()->updateResolvers("tun2", dnsAddr);
+#endif
+#if defined(Q_OS_LINUX) || defined(Q_OS_MACOS)
+                    // killSwitch toggle
+                    if (QVariant(m_configData.value(config_key::killSwitchOption).toString()).toBool()) {
+                        m_configData.insert("vpnServer", m_remoteAddress);
+                        IpcClient::Interface()->enableKillSwitch(m_configData, 0);
+                    }
+#endif
+                    if (m_routeMode == 0) {
+                        IpcClient::Interface()->routeAddList(m_vpnGateway, QStringList() << "0.0.0.0/1");
+                        IpcClient::Interface()->routeAddList(m_vpnGateway, QStringList() << "128.0.0.0/1");
+                        IpcClient::Interface()->routeAddList(m_routeGateway, QStringList() << m_remoteAddress);
+                    }
+                    IpcClient::Interface()->StopRoutingIpv6();
+#ifdef Q_OS_WIN
+                    IpcClient::Interface()->updateResolvers("tun2", dnsAddr);
+                    QList<QNetworkInterface> netInterfaces = QNetworkInterface::allInterfaces();
+                    for (int i = 0; i < netInterfaces.size(); i++) {
+                        for (int j = 0; j < netInterfaces.at(i).addressEntries().size(); j++)
+                        {
+                            // killSwitch toggle
+                            if (m_vpnLocalAddress == netInterfaces.at(i).addressEntries().at(j).ip().toString()) {
+                                if (QVariant(m_configData.value(config_key::killSwitchOption).toString()).toBool()) {
+                                    IpcClient::Interface()->enableKillSwitch(QJsonObject(), netInterfaces.at(i).index());
+                                }
+                                m_configData.insert("vpnAdapterIndex", netInterfaces.at(i).index());
+                                m_configData.insert("vpnGateway", m_vpnGateway);
+                                m_configData.insert("vpnServer", m_remoteAddress);
+                                IpcClient::Interface()->enablePeerTraffic(m_configData);
+                            }
+                        }
+                    }
+#endif
+                    setConnectionState(Vpn::ConnectionState::Connected);
+                }
+#if !defined(Q_OS_MACOS)
+                if (vpnState == Vpn::ConnectionState::Disconnected) {
+                    setConnectionState(Vpn::ConnectionState::Disconnected);
+                    IpcClient::Interface()->deleteTun("tun2");
+                    IpcClient::Interface()->StartRoutingIpv6();
+                    IpcClient::Interface()->clearSavedRoutes();
+                }
+#endif
+            });
 
     return ErrorCode::NoError;
 }
@@ -212,7 +179,7 @@ void XrayProtocol::stop()
     qDebug() << "XrayProtocol::stop()";
     m_xrayProcess.terminate();
     if (m_t2sProcess) {
-        m_t2sProcess->close();
+        m_t2sProcess->stop();
     }
 
 #ifdef Q_OS_WIN
@@ -238,7 +205,8 @@ void XrayProtocol::readXrayConfiguration(const QJsonObject &configuration)
     }
     m_xrayConfig = xrayConfiguration;
     m_localPort = QString(amnezia::protocols::xray::defaultLocalProxyPort).toInt();
-    m_remoteAddress = configuration.value(amnezia::config_key::hostName).toString();
+    m_remoteHost = configuration.value(amnezia::config_key::hostName).toString();
+    m_remoteAddress = NetworkUtilities::getIPAddress(m_remoteHost);
     m_routeMode = configuration.value(amnezia::config_key::splitTunnelType).toInt();
     m_primaryDNS = configuration.value(amnezia::config_key::dns1).toString();
     m_secondaryDNS = configuration.value(amnezia::config_key::dns2).toString();

client/protocols/xrayprotocol.h

@@ -26,6 +26,7 @@ private:
     static QString tun2SocksExecPath();
 private:
     int m_localPort;
+    QString m_remoteHost;
     QString m_remoteAddress;
     int m_routeMode;
     QJsonObject m_configData;
@@ -33,9 +34,10 @@ private:
     QString m_secondaryDNS;
 #ifndef Q_OS_IOS
     QProcess m_xrayProcess;
-    QSharedPointer<PrivilegedProcess> m_t2sProcess;
+    QSharedPointer<IpcProcessTun2SocksReplica> m_t2sProcess;
 #endif
     QTemporaryFile m_xrayCfgFile;
+
 };
 
 #endif // XRAYPROTOCOL_H

client/resources.qrc

@@ -199,6 +199,8 @@
         <file>server_scripts/socks5_proxy/Dockerfile</file>
         <file>server_scripts/socks5_proxy/configure_container.sh</file>
         <file>server_scripts/socks5_proxy/start.sh</file>
+        <file>ui/qml/Pages2/PageProtocolAwgClientSettings.qml</file>
+        <file>ui/qml/Pages2/PageProtocolWireGuardClientSettings.qml</file>
         <file>ui/qml/Pages2/PageSetupWizardApiServicesList.qml</file>
         <file>ui/qml/Pages2/PageSetupWizardApiServiceInfo.qml</file>
         <file>ui/qml/Controls2/CardWithIconsType.qml</file>

client/secure_qsettings.cpp

@@ -174,13 +174,25 @@ bool SecureQSettings::restoreAppConfig(const QByteArray &json)
 QByteArray SecureQSettings::encryptText(const QByteArray &value) const
 {
     QSimpleCrypto::QBlockCipher cipher;
-    return cipher.encryptAesBlockCipher(value, getEncKey(), getEncIv());
+    QByteArray result;
+    try {
+        result = cipher.encryptAesBlockCipher(value, getEncKey(), getEncIv());
+    } catch (...) { // todo change error handling in QSimpleCrypto?
+        qCritical() << "error when encrypting the settings value";
+    }
+    return result;
 }
 
 QByteArray SecureQSettings::decryptText(const QByteArray &ba) const
 {
     QSimpleCrypto::QBlockCipher cipher;
-    return cipher.decryptAesBlockCipher(ba, getEncKey(), getEncIv());
+    QByteArray result;
+    try {
+        result = cipher.decryptAesBlockCipher(ba, getEncKey(), getEncIv());
+    } catch (...) { // todo change error handling in QSimpleCrypto?
+        qCritical() << "error when decrypting the settings value";
+    }
+    return result;
 }
 
 bool SecureQSettings::encryptionRequired() const

client/server_scripts/check_user_in_sudo.sh

@@ -1,2 +1,3 @@
+echo $LC_MESSAGES | grep -qE "en_US.UTF-8|C.UTF-8" || export LC_MESSAGES=C.UTF-8;\
 CUR_USER=$(whoami);\
-groups $CUR_USER
+groups $CUR_USER | grep sudo && sudo -nu $CUR_USER sudo -n uname > /dev/null

client/server_scripts/xray/run_container.sh

@@ -13,5 +13,5 @@ sudo docker network connect amnezia-dns-net $CONTAINER_NAME
 sudo docker exec -i $CONTAINER_NAME bash -c 'mkdir -p /dev/net; if [ ! -c /dev/net/tun ]; then mknod /dev/net/tun c 10 200; fi'
 
 # Prevent to route packets outside of the container in case if server behind of the NAT
-sudo docker exec -i $CONTAINER_NAME sh -c "ifconfig eth0:0 $SERVER_IP_ADDRESS netmask 255.255.255.255 up"
+#sudo docker exec -i $CONTAINER_NAME sh -c "ifconfig eth0:0 $SERVER_IP_ADDRESS netmask 255.255.255.255 up"
 

client/server_scripts/xray/start.sh

@@ -3,7 +3,7 @@
 # This scripts copied from Amnezia client to Docker container to /opt/amnezia and launched every time container starts
 
 echo "Container startup"
-ifconfig eth0:0 $SERVER_IP_ADDRESS netmask 255.255.255.255 up
+#ifconfig eth0:0 $SERVER_IP_ADDRESS netmask 255.255.255.255 up
 
 iptables -A INPUT -i lo -j ACCEPT
 iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

client/settings.cpp

@@ -227,7 +227,7 @@ void Settings::setSaveLogs(bool enabled)
     if (!isSaveLogs()) {
         Logger::deInit();
     } else {
-        if (!Logger::init()) {
+        if (!Logger::init(false)) {
             qWarning() << "Initialization of debug subsystem failed";
         }
     }
@@ -519,7 +519,22 @@ void Settings::setGatewayEndpoint(const QString &endpoint)
     m_gatewayEndpoint = endpoint;
 }
 
+void Settings::setDevGatewayEndpoint()
+{
+    m_gatewayEndpoint = DEV_AGW_ENDPOINT;
+}
+
 QString Settings::getGatewayEndpoint()
 {
     return m_gatewayEndpoint;
 }
+
+bool Settings::isDevGatewayEnv()
+{
+    return m_isDevGatewayEnv;
+}
+
+void Settings::toggleDevGatewayEnv(bool enabled)
+{
+    m_isDevGatewayEnv = enabled;
+}

client/settings.h

@@ -183,7 +183,7 @@ public:
 
     bool isScreenshotsEnabled() const
     {
-        return value("Conf/screenshotsEnabled", false).toBool();
+        return value("Conf/screenshotsEnabled", true).toBool();
     }
     void setScreenshotsEnabled(bool enabled)
     {
@@ -217,7 +217,10 @@ public:
 
     void resetGatewayEndpoint();
     void setGatewayEndpoint(const QString &endpoint);
+    void setDevGatewayEndpoint();
     QString getGatewayEndpoint();
+    bool isDevGatewayEnv();
+    void toggleDevGatewayEnv(bool enabled);
 
 signals:
     void saveLogsChanged(bool enabled);
@@ -234,6 +237,7 @@ private:
     mutable SecureQSettings m_settings;
 
     QString m_gatewayEndpoint;
+    bool m_isDevGatewayEnv = false;
 };
 
 #endif // SETTINGS_H