use dns.Client.Exchange

.devcontainer/Dockerfile

@@ -1,15 +0,0 @@
-FROM golang:1.20-bullseye
-
-RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
-    && apt-get -y install --no-install-recommends\
-        gettext-base=0.21-4 \ 
-        iptables=1.8.7-1 \
-        libgl1-mesa-dev=20.3.5-1 \
-        xorg-dev=1:7.7+22 \
-        libayatana-appindicator3-dev=0.5.5-2+deb11u2 \
-    && apt-get clean \
-    && rm -rf /var/lib/apt/lists/* \
-    && go install -v golang.org/x/tools/gopls@latest
-
-
-WORKDIR /app

.devcontainer/devcontainer.json

@@ -1,20 +0,0 @@
-{
-	"name": "NetBird",
-	"build": {
-		"context": "..",
-		"dockerfile": "Dockerfile"
-	},
-	"features": {
-		"ghcr.io/devcontainers/features/docker-in-docker:2": {},
-		"ghcr.io/devcontainers/features/go:1": {
-			"version": "1.20"
-		}
-	},
-	"workspaceFolder": "/workspaces/${localWorkspaceFolderBasename}",
-	"capAdd": [
-		"NET_ADMIN",
-		"SYS_ADMIN",
-		"SYS_RESOURCE"
-	],
-	"privileged": true
-}

.gitattributes

@@ -1 +0,0 @@
-*.go text eol=lf

.github/workflows/golang-test-darwin.yml

@@ -12,9 +12,6 @@ concurrency:
 
 jobs:
   test:
-    strategy:
-      matrix:
-        store: ['jsonfile', 'sqlite']
     runs-on: macos-latest
     steps:
       - name: Install Go
@@ -36,4 +33,4 @@ jobs:
         run: go mod tidy
 
       - name: Test
-        run: NETBIRD_STORE_ENGINE=${{ matrix.store }} go test -exec 'sudo --preserve-env=CI' -timeout 5m -p 1 ./...
+        run: go test -exec 'sudo --preserve-env=CI' -timeout 5m -p 1 ./...

.github/workflows/golang-test-linux.yml

@@ -15,7 +15,6 @@ jobs:
     strategy:
       matrix:
         arch: ['386','amd64']
-        store: ['jsonfile', 'sqlite']
     runs-on: ubuntu-latest
     steps:
       - name: Install Go
@@ -42,16 +41,17 @@ jobs:
         run: go mod tidy
 
       - name: Test
-        run: CGO_ENABLED=1 GOARCH=${{ matrix.arch }} NETBIRD_STORE_ENGINE=${{ matrix.store }} go test -exec 'sudo --preserve-env=CI' -timeout 5m -p 1 ./...
+        run: CGO_ENABLED=1 GOARCH=${{ matrix.arch }} go test -exec 'sudo --preserve-env=CI' -timeout 5m -p 1 ./...
 
   test_client_on_docker:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     steps:
       - name: Install Go
         uses: actions/setup-go@v4
         with:
           go-version: "1.20.x"
 
+
       - name: Cache Go modules
         uses: actions/cache@v3
         with:
@@ -64,7 +64,7 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Install dependencies
-        run: sudo apt update && sudo apt install -y -q libgtk-3-dev libayatana-appindicator3-dev libgl1-mesa-dev xorg-dev gcc-multilib
+        run: sudo apt update && sudo apt install -y -q libgtk-3-dev libayatana-appindicator3-dev libgl1-mesa-dev xorg-dev
 
       - name: Install modules
         run: go mod tidy
@@ -82,7 +82,7 @@ jobs:
         run: CGO_ENABLED=0 go test -c -o nftablesmanager-testing.bin ./client/firewall/nftables/...
 
       - name: Generate Engine Test bin
-        run: CGO_ENABLED=1 go test -c -o engine-testing.bin ./client/internal
+        run: CGO_ENABLED=0 go test -c -o engine-testing.bin ./client/internal
 
       - name: Generate Peer Test bin
         run: CGO_ENABLED=0 go test -c -o peer-testing.bin ./client/internal/peer/...
@@ -95,17 +95,15 @@ jobs:
       - name: Run Iface tests in docker
         run: docker run -t --cap-add=NET_ADMIN --privileged --rm -v $PWD:/ci -w /ci/iface --entrypoint /busybox/sh gcr.io/distroless/base:debug -c /ci/iface-testing.bin -test.timeout 5m -test.parallel 1
 
+
       - name: Run RouteManager tests in docker
         run: docker run -t --cap-add=NET_ADMIN --privileged --rm -v $PWD:/ci -w /ci/client/internal/routemanager --entrypoint /busybox/sh gcr.io/distroless/base:debug -c /ci/routemanager-testing.bin  -test.timeout 5m -test.parallel 1
 
       - name: Run nftables Manager tests in docker
         run: docker run -t --cap-add=NET_ADMIN --privileged --rm -v $PWD:/ci -w /ci/client/firewall --entrypoint /busybox/sh gcr.io/distroless/base:debug -c /ci/nftablesmanager-testing.bin  -test.timeout 5m -test.parallel 1
 
-      - name: Run Engine tests in docker with file store
-        run: docker run -t --cap-add=NET_ADMIN --privileged --rm -v $PWD:/ci -w /ci/client/internal -e NETBIRD_STORE_ENGINE="jsonfile" --entrypoint /busybox/sh gcr.io/distroless/base:debug -c /ci/engine-testing.bin  -test.timeout 5m -test.parallel 1
-      
-      - name: Run Engine tests in docker with sqlite store
-        run: docker run -t --cap-add=NET_ADMIN --privileged --rm -v $PWD:/ci -w /ci/client/internal -e NETBIRD_STORE_ENGINE="sqlite" --entrypoint /busybox/sh gcr.io/distroless/base:debug -c /ci/engine-testing.bin  -test.timeout 5m -test.parallel 1
+      - name: Run Engine tests in docker
+        run: docker run -t --cap-add=NET_ADMIN --privileged --rm -v $PWD:/ci -w /ci/client/internal --entrypoint /busybox/sh gcr.io/distroless/base:debug -c /ci/engine-testing.bin  -test.timeout 5m -test.parallel 1
 
       - name: Run Peer tests in docker
         run: docker run -t --cap-add=NET_ADMIN --privileged --rm -v $PWD:/ci -w /ci/client/internal/peer  --entrypoint /busybox/sh gcr.io/distroless/base:debug -c /ci/peer-testing.bin  -test.timeout 5m -test.parallel 1

.github/workflows/golang-test-windows.yml

@@ -39,9 +39,7 @@ jobs:
 
       - run: mv ${{ env.downloadPath }}/wintun/bin/amd64/wintun.dll 'C:\Windows\System32\'
 
-      - run: choco install -y sysinternals --ignore-checksums
-      - run: choco install -y mingw
-
+      - run: choco install -y sysinternals
       - run: PsExec64 -s -w ${{ github.workspace }} C:\hostedtoolcache\windows\go\${{ steps.go.outputs.go-version }}\x64\bin\go.exe env -w GOMODCACHE=C:\Users\runneradmin\go\pkg\mod
       - run: PsExec64 -s -w ${{ github.workspace }} C:\hostedtoolcache\windows\go\${{ steps.go.outputs.go-version }}\x64\bin\go.exe env -w GOCACHE=C:\Users\runneradmin\AppData\Local\go-build
 

.github/workflows/golangci-lint.yml

@@ -1,35 +1,12 @@
 name: golangci-lint
 on: [pull_request]
-
-permissions: 
-  contents: read
-  pull-requests: read
-
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}-${{ github.head_ref || github.actor_id }}
   cancel-in-progress: true
-
 jobs:
-  codespell:
-    name: codespell
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
-      - name: codespell
-        uses: codespell-project/actions-codespell@v2
-        with:
-          ignore_words_list: erro,clienta
-          skip: go.mod,go.sum
-          only_warn: 1
   golangci:
-    strategy:
-      fail-fast: false
-      matrix:
-        os: [macos-latest, windows-latest, ubuntu-latest]
     name: lint
-    runs-on: ${{ matrix.os }}
-    timeout-minutes: 15
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout code
         uses: actions/checkout@v3
@@ -37,12 +14,7 @@ jobs:
         uses: actions/setup-go@v4
         with:
           go-version: "1.20.x"
-          cache: false
       - name: Install dependencies
-        if: matrix.os == 'ubuntu-latest'
         run: sudo apt update && sudo apt install -y -q libgtk-3-dev libayatana-appindicator3-dev libgl1-mesa-dev xorg-dev
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@v3
-        with:
-          version: latest
-          args: --timeout=12m
+        uses: golangci/golangci-lint-action@v3

.github/workflows/release.yml

@@ -17,10 +17,9 @@ on:
       - 'release_files/**'
       - '**/Dockerfile'
       - '**/Dockerfile.*'
-      - 'client/ui/**'
 
 env:
-  SIGN_PIPE_VER: "v0.0.10"
+  SIGN_PIPE_VER: "v0.0.9"
   GORELEASER_VER: "v1.14.1"
 
 concurrency:

.github/workflows/test-infrastructure-files.yml

@@ -8,8 +8,6 @@ on:
     paths:
       - 'infrastructure_files/**'
       - '.github/workflows/test-infrastructure-files.yml'
-      - 'management/cmd/**'
-      - 'signal/cmd/**'
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}-${{ github.head_ref || github.actor_id }}
@@ -58,8 +56,6 @@ jobs:
           CI_NETBIRD_IDP_MGMT_CLIENT_ID: testing.client.id
           CI_NETBIRD_IDP_MGMT_CLIENT_SECRET: testing.client.secret
           CI_NETBIRD_AUTH_SUPPORTED_SCOPES: "openid profile email offline_access api email_verified"
-          CI_NETBIRD_STORE_CONFIG_ENGINE: "sqlite"
-          CI_NETBIRD_MGMT_IDP_SIGNKEY_REFRESH: false
 
       - name: check values
         working-directory: infrastructure_files
@@ -85,8 +81,6 @@ jobs:
           CI_NETBIRD_IDP_MGMT_CLIENT_ID: testing.client.id
           CI_NETBIRD_IDP_MGMT_CLIENT_SECRET: testing.client.secret
           CI_NETBIRD_SIGNAL_PORT: 12345
-          CI_NETBIRD_STORE_CONFIG_ENGINE: "sqlite"
-          CI_NETBIRD_MGMT_IDP_SIGNKEY_REFRESH: false
 
         run: |
           grep AUTH_CLIENT_ID docker-compose.yml | grep $CI_NETBIRD_AUTH_CLIENT_ID
@@ -103,9 +97,7 @@ jobs:
           grep NETBIRD_TOKEN_SOURCE docker-compose.yml | grep $CI_NETBIRD_TOKEN_SOURCE
           grep AuthUserIDClaim management.json | grep $CI_NETBIRD_AUTH_USER_ID_CLAIM
           grep -A 3 DeviceAuthorizationFlow management.json | grep -A 1 ProviderConfig | grep Audience | grep $CI_NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE
-          grep -A 3 DeviceAuthorizationFlow management.json | grep -A 1 ProviderConfig | grep Audience | grep $CI_NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE
-          grep Engine management.json  | grep "$CI_NETBIRD_STORE_CONFIG_ENGINE"
-          grep IdpSignKeyRefreshEnabled management.json | grep "$CI_NETBIRD_MGMT_IDP_SIGNKEY_REFRESH"
+          grep -A 8 DeviceAuthorizationFlow management.json | grep -A 6 ProviderConfig | grep Scope | grep "$CI_NETBIRD_AUTH_DEVICE_AUTH_SCOPE"
           grep UseIDToken management.json | grep false
           grep -A 1 IdpManagerConfig management.json | grep ManagerType | grep $CI_NETBIRD_MGMT_IDP 
           grep -A 3 IdpManagerConfig management.json | grep -A 1 ClientConfig | grep Issuer | grep $CI_NETBIRD_AUTH_AUTHORITY
@@ -113,13 +105,12 @@ jobs:
           grep -A 5 IdpManagerConfig management.json | grep -A 3 ClientConfig | grep ClientID | grep $CI_NETBIRD_IDP_MGMT_CLIENT_ID
           grep -A 6 IdpManagerConfig management.json | grep -A 4 ClientConfig | grep ClientSecret | grep $CI_NETBIRD_IDP_MGMT_CLIENT_SECRET
           grep -A 7 IdpManagerConfig management.json | grep -A 5 ClientConfig | grep GrantType | grep client_credentials
-          grep -A 10 PKCEAuthorizationFlow management.json | grep -A 10 ProviderConfig | grep Audience | grep $CI_NETBIRD_AUTH_AUDIENCE
-          grep -A 10 PKCEAuthorizationFlow management.json | grep -A 10 ProviderConfig | grep ClientID | grep $CI_NETBIRD_AUTH_CLIENT_ID
-          grep -A 10 PKCEAuthorizationFlow management.json | grep -A 10 ProviderConfig | grep ClientSecret | grep $CI_NETBIRD_AUTH_CLIENT_SECRET
-          grep -A 10 PKCEAuthorizationFlow management.json | grep -A 10 ProviderConfig | grep AuthorizationEndpoint | grep $CI_NETBIRD_AUTH_PKCE_AUTHORIZATION_ENDPOINT
-          grep -A 10 PKCEAuthorizationFlow management.json | grep -A 10 ProviderConfig | grep TokenEndpoint | grep $CI_NETBIRD_AUTH_TOKEN_ENDPOINT
-          grep -A 10 PKCEAuthorizationFlow management.json | grep -A 10 ProviderConfig | grep Scope | grep "$CI_NETBIRD_AUTH_SUPPORTED_SCOPES"
-          grep -A 10 PKCEAuthorizationFlow management.json | grep -A 10 ProviderConfig | grep -A 3 RedirectURLs | grep "http://localhost:53000"
+          grep -A 2 PKCEAuthorizationFlow management.json | grep -A 1 ProviderConfig | grep Audience | grep $CI_NETBIRD_AUTH_AUDIENCE
+          grep -A 3 PKCEAuthorizationFlow management.json | grep -A 2 ProviderConfig | grep ClientID | grep $CI_NETBIRD_AUTH_CLIENT_ID
+          grep -A 4 PKCEAuthorizationFlow management.json | grep -A 3 ProviderConfig | grep ClientSecret | grep $CI_NETBIRD_AUTH_CLIENT_SECRET
+          grep -A 5 PKCEAuthorizationFlow management.json | grep -A 4 ProviderConfig | grep AuthorizationEndpoint | grep $CI_NETBIRD_AUTH_PKCE_AUTHORIZATION_ENDPOINT
+          grep -A 6 PKCEAuthorizationFlow management.json | grep -A 5 ProviderConfig | grep TokenEndpoint | grep $CI_NETBIRD_AUTH_TOKEN_ENDPOINT
+          grep -A 7 PKCEAuthorizationFlow management.json | grep -A 6 ProviderConfig | grep Scope | grep "$CI_NETBIRD_AUTH_SUPPORTED_SCOPES"
 
       - name: Install modules
         run: go mod tidy

.gitignore

@@ -19,5 +19,4 @@ client/.distfiles/
 infrastructure_files/setup.env
 infrastructure_files/setup-*.env
 .vscode
-.DS_Store
-*.db
+.DS_Store

.golangci.yaml

@@ -12,50 +12,6 @@ linters-settings:
     # Default: false
     check-type-assertions: false
 
-  gosec:
-    includes:
-      - G101 # Look for hard coded credentials
-      #- G102 # Bind to all interfaces
-      - G103 # Audit the use of unsafe block
-      - G104 # Audit errors not checked
-      - G106 # Audit the use of ssh.InsecureIgnoreHostKey
-      #- G107 # Url provided to HTTP request as taint input
-      - G108 # Profiling endpoint automatically exposed on /debug/pprof
-      - G109 # Potential Integer overflow made by strconv.Atoi result conversion to int16/32
-      - G110 # Potential DoS vulnerability via decompression bomb
-      - G111 # Potential directory traversal
-      #- G112 # Potential slowloris attack
-      - G113 # Usage of Rat.SetString in math/big with an overflow (CVE-2022-23772)
-      #- G114 # Use of net/http serve function that has no support for setting timeouts
-      - G201 # SQL query construction using format string
-      - G202 # SQL query construction using string concatenation
-      - G203 # Use of unescaped data in HTML templates
-      #- G204 # Audit use of command execution
-      - G301 # Poor file permissions used when creating a directory
-      - G302 # Poor file permissions used with chmod
-      - G303 # Creating tempfile using a predictable path
-      - G304 # File path provided as taint input
-      - G305 # File traversal when extracting zip/tar archive
-      - G306 # Poor file permissions used when writing to a new file
-      - G307 # Poor file permissions used when creating a file with os.Create
-      #- G401 # Detect the usage of DES, RC4, MD5 or SHA1
-      #- G402 # Look for bad TLS connection settings
-      - G403 # Ensure minimum RSA key length of 2048 bits
-      #- G404 # Insecure random number source (rand)
-      #- G501 # Import blocklist: crypto/md5
-      - G502 # Import blocklist: crypto/des
-      - G503 # Import blocklist: crypto/rc4
-      - G504 # Import blocklist: net/http/cgi
-      #- G505 # Import blocklist: crypto/sha1
-      - G601 # Implicit memory aliasing of items from a range statement
-      - G602 # Slice access out of bounds
-
-  gocritic:
-    disabled-checks:
-      - commentFormatting
-      - captLocal
-      - deprecatedComment
-
   govet:
     # Enable all analyzers.
     # Default: false
@@ -63,12 +19,6 @@ linters-settings:
     enable:
       - nilness
 
-  tenv:
-    # The option `all` will run against whole test files (`_test.go`) regardless of method/function signatures.
-    # Otherwise, only methods that take `*testing.T`, `*testing.B`, and `testing.TB` as arguments are checked.
-    # Default: false
-    all: true
-
 linters:
   disable-all: true
   enable:
@@ -78,23 +28,13 @@ linters:
     - govet # reports suspicious constructs, such as Printf calls whose arguments do not align with the format string
     - ineffassign # detects when assignments to existing variables are not used
     - staticcheck # is a go vet on steroids, applying a ton of static analysis checks
-    - tenv # Tenv is analyzer that detects using os.Setenv instead of t.Setenv since Go1.17.
     - typecheck # like the front-end of a Go compiler, parses and type-checks Go code
     - unused # checks for unused constants, variables, functions and types
     ## disable by default but the have interesting results so lets add them
     - bodyclose # checks whether HTTP response body is closed successfully
-    - dupword # dupword checks for duplicate words in the source code
-    - durationcheck # durationcheck checks for two durations multiplied together
-    - forbidigo # forbidigo forbids identifiers
-    - gocritic # provides diagnostics that check for bugs, performance and style issues
-    - gosec # inspects source code for security problems
-    - mirror # mirror reports wrong mirror patterns of bytes/strings usage
-    - misspell # misspess finds commonly misspelled English words in comments
     - nilerr # finds the code that returns nil even if it checks that the error is not nil
     - nilnil # checks that there is no simultaneous return of nil error and an invalid value
-    - predeclared # predeclared finds code that shadows one of Go's predeclared identifiers
     - sqlclosecheck # checks that sql.Rows and sql.Stmt are closed
-    - thelper # thelper detects Go test helpers without t.Helper() call and checks the consistency of test helpers.
     - wastedassign # wastedassign finds wasted assignment statements
 issues:
   # Maximum count of issues with the same text.
@@ -103,21 +43,12 @@ issues:
   max-same-issues: 5
 
   exclude-rules:
-    # allow fmt
-    - path: management/cmd/root\.go
-      linters: forbidigo
-    - path: signal/cmd/root\.go
-      linters: forbidigo
-    - path: sharedsock/filter\.go
+    - path: sharedsock/filter.go
       linters:
       - unused
-    - path: client/firewall/iptables/rule\.go
+    - path: client/firewall/iptables/rule.go
       linters:
       - unused
-    - path: test\.go
+    - path: mock.go
       linters:
-      - mirror
-      - gosec
-    - path: mock\.go
-      linters:
-      - nilnil
+      - nilnil

.goreleaser_ui.yaml

@@ -54,7 +54,7 @@ nfpms:
     contents:
       - src: client/ui/netbird.desktop
         dst: /usr/share/applications/netbird.desktop
-      - src: client/ui/netbird-systemtray-default.png
+      - src: client/ui/disconnected.png
         dst: /usr/share/pixmaps/netbird.png
     dependencies:
       - netbird
@@ -71,7 +71,7 @@ nfpms:
     contents:
       - src: client/ui/netbird.desktop
         dst: /usr/share/applications/netbird.desktop
-      - src: client/ui/netbird-systemtray-default.png
+      - src: client/ui/disconnected.png
         dst: /usr/share/pixmaps/netbird.png
     dependencies:
       - netbird
@@ -91,4 +91,4 @@ uploads:
     mode: archive
     target: https://pkgs.wiretrustee.com/yum/{{ .Arch }}{{ if .Arm }}{{ .Arm }}{{ end }}
     username: dev@wiretrustee.com
-    method: PUT
+    method: PUT

CONTRIBUTING.md

@@ -23,6 +23,7 @@ If you haven't already, join our slack workspace [here](https://join.slack.com/t
         - [Test suite](#test-suite)
     - [Checklist before submitting a PR](#checklist-before-submitting-a-pr)
     - [Other project repositories](#other-project-repositories)
+    - [Checklist before submitting a new node](#checklist-before-submitting-a-new-node)
     - [Contributor License Agreement](#contributor-license-agreement)
 
 ## Code of conduct
@@ -69,7 +70,7 @@ dependencies are installed. Here is a short guide on how that can be done.
 
 ### Requirements
 
-#### Go 1.21
+#### Go 1.19
 
 Follow the installation guide from https://go.dev/
 
@@ -138,14 +139,15 @@ checked out and set up:
 ### Build and start
 #### Client
 
+> Windows clients have a Wireguard driver requirement. We provide a bash script that can be executed in WLS 2 with docker support [wireguard_nt.sh](/client/wireguard_nt.sh).
+
 To start NetBird, execute:
 ```
 cd client
-CGO_ENABLED=0 go build .
+# bash wireguard_nt.sh # if windows
+go build .
 ```
 
-> Windows clients have a Wireguard driver requirement. You can download the wintun driver from https://www.wintun.net/builds/wintun-0.14.1.zip, after decompressing, you can copy the file `windtun\bin\ARCH\wintun.dll` to the same path as your binary file or to `C:\Windows\System32\wintun.dll`.
-
 To start NetBird the client in the foreground:
 
 ```
@@ -183,42 +185,6 @@ To start NetBird the management service:
 ./management management --log-level debug --log-file console --config ./management.json
 ```
 
-#### Windows Netbird Installer
-Create dist directory
-```shell
-mkdir -p dist/netbird_windows_amd64
-```
-
-UI client
-```shell
-CC=x86_64-w64-mingw32-gcc CGO_ENABLED=1 GOOS=windows GOARCH=amd64 go build -o netbird-ui.exe -ldflags "-s -w -H windowsgui" ./client/ui
-mv netbird-ui.exe ./dist/netbird_windows_amd64/
-```
-
-Client
-```shell
-CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -o netbird.exe ./client/
-mv netbird.exe ./dist/netbird_windows_amd64/
-```
-> Windows clients have a Wireguard driver requirement. You can download the wintun driver from https://www.wintun.net/builds/wintun-0.14.1.zip, after decompressing, you can copy the file `windtun\bin\ARCH\wintun.dll` to `./dist/netbird_windows_amd64/`.
-
-NSIS compiler
-- [Windows-nsis]( https://nsis.sourceforge.io/Download)
-- [MacOS-makensis](https://formulae.brew.sh/formula/makensis#default)
-- [Linux-makensis](https://manpages.ubuntu.com/manpages/trusty/man1/makensis.1.html)
-
-NSIS Plugins. Download and move them to the NSIS plugins folder.
-- [EnVar](https://nsis.sourceforge.io/mediawiki/images/7/7f/EnVar_plugin.zip)
-- [ShellExecAsUser](https://nsis.sourceforge.io/mediawiki/images/6/68/ShellExecAsUser_amd64-Unicode.7z)
-
-Windows Installer
-```shell
-export APPVER=0.0.0.1
-makensis -V4 client/installer.nsis
-```
-
-The installer `netbird-installer.exe` will be created in root directory.
-
 ### Test suite
 
 The tests can be started via:
@@ -249,4 +215,4 @@ NetBird project is composed of 3 main repositories:
 
 That we do not have any potential problems later it is sadly necessary to sign a [Contributor License Agreement](CONTRIBUTOR_LICENSE_AGREEMENT.md). That can be done literally with the push of a button.
 
-A bot will automatically comment on the pull request once it got opened asking for the agreement to be signed. Before it did not get signed it is sadly not possible to merge it in.
+A bot will automatically comment on the pull request once it got opened asking for the agreement to be signed. Before it did not get signed it is sadly not possible to merge it in.

client/android/client.go

@@ -8,8 +8,8 @@ import (
 
 	"github.com/netbirdio/netbird/client/internal"
 	"github.com/netbirdio/netbird/client/internal/dns"
-	"github.com/netbirdio/netbird/client/internal/listener"
 	"github.com/netbirdio/netbird/client/internal/peer"
+	"github.com/netbirdio/netbird/client/internal/routemanager"
 	"github.com/netbirdio/netbird/client/internal/stdnet"
 	"github.com/netbirdio/netbird/client/system"
 	"github.com/netbirdio/netbird/formatter"
@@ -31,9 +31,9 @@ type IFaceDiscover interface {
 	stdnet.ExternalIFaceDiscover
 }
 
-// NetworkChangeListener export internal NetworkChangeListener for mobile
-type NetworkChangeListener interface {
-	listener.NetworkChangeListener
+// RouteListener export internal RouteListener for mobile
+type RouteListener interface {
+	routemanager.RouteListener
 }
 
 // DnsReadyListener export internal dns ReadyListener for mobile
@@ -47,26 +47,26 @@ func init() {
 
 // Client struct manage the life circle of background service
 type Client struct {
-	cfgFile               string
-	tunAdapter            iface.TunAdapter
-	iFaceDiscover         IFaceDiscover
-	recorder              *peer.Status
-	ctxCancel             context.CancelFunc
-	ctxCancelLock         *sync.Mutex
-	deviceName            string
-	networkChangeListener listener.NetworkChangeListener
+	cfgFile       string
+	tunAdapter    iface.TunAdapter
+	iFaceDiscover IFaceDiscover
+	recorder      *peer.Status
+	ctxCancel     context.CancelFunc
+	ctxCancelLock *sync.Mutex
+	deviceName    string
+	routeListener routemanager.RouteListener
 }
 
 // NewClient instantiate a new Client
-func NewClient(cfgFile, deviceName string, tunAdapter TunAdapter, iFaceDiscover IFaceDiscover, networkChangeListener NetworkChangeListener) *Client {
+func NewClient(cfgFile, deviceName string, tunAdapter TunAdapter, iFaceDiscover IFaceDiscover, routeListener RouteListener) *Client {
 	return &Client{
-		cfgFile:               cfgFile,
-		deviceName:            deviceName,
-		tunAdapter:            tunAdapter,
-		iFaceDiscover:         iFaceDiscover,
-		recorder:              peer.NewRecorder(""),
-		ctxCancelLock:         &sync.Mutex{},
-		networkChangeListener: networkChangeListener,
+		cfgFile:       cfgFile,
+		deviceName:    deviceName,
+		tunAdapter:    tunAdapter,
+		iFaceDiscover: iFaceDiscover,
+		recorder:      peer.NewRecorder(""),
+		ctxCancelLock: &sync.Mutex{},
+		routeListener: routeListener,
 	}
 }
 
@@ -96,7 +96,7 @@ func (c *Client) Run(urlOpener URLOpener, dns *DNSList, dnsReadyListener DnsRead
 
 	// todo do not throw error in case of cancelled context
 	ctx = internal.CtxInitState(ctx)
-	return internal.RunClientMobile(ctx, cfg, c.recorder, c.tunAdapter, c.iFaceDiscover, c.networkChangeListener, dns.items, dnsReadyListener)
+	return internal.RunClientMobile(ctx, cfg, c.recorder, c.tunAdapter, c.iFaceDiscover, c.routeListener, dns.items, dnsReadyListener)
 }
 
 // RunWithoutLogin we apply this type of run function when the backed has been started without UI (i.e. after reboot).
@@ -120,7 +120,7 @@ func (c *Client) RunWithoutLogin(dns *DNSList, dnsReadyListener DnsReadyListener
 
 	// todo do not throw error in case of cancelled context
 	ctx = internal.CtxInitState(ctx)
-	return internal.RunClientMobile(ctx, cfg, c.recorder, c.tunAdapter, c.iFaceDiscover, c.networkChangeListener, dns.items, dnsReadyListener)
+	return internal.RunClientMobile(ctx, cfg, c.recorder, c.tunAdapter, c.iFaceDiscover, c.routeListener, dns.items, dnsReadyListener)
 }
 
 // Stop the internal client and free the resources

client/android/login.go

@@ -205,8 +205,8 @@ func (a *Auth) foregroundGetTokenInfo(urlOpener URLOpener) (*auth.TokenInfo, err
 
 	go urlOpener.Open(flowInfo.VerificationURIComplete)
 
-	waitTimeout := time.Duration(flowInfo.ExpiresIn) * time.Second
-	waitCTX, cancel := context.WithTimeout(a.ctx, waitTimeout)
+	waitTimeout := time.Duration(flowInfo.ExpiresIn)
+	waitCTX, cancel := context.WithTimeout(a.ctx, waitTimeout*time.Second)
 	defer cancel()
 	tokenInfo, err := oAuthFlow.WaitToken(waitCTX, flowInfo)
 	if err != nil {

client/android/preferences_test.go

@@ -57,11 +57,11 @@ func TestPreferences_ReadUncommitedValues(t *testing.T) {
 	p.SetManagementURL(exampleString)
 	resp, err = p.GetManagementURL()
 	if err != nil {
-		t.Fatalf("failed to read management url: %s", err)
+		t.Fatalf("failed to read managmenet url: %s", err)
 	}
 
 	if resp != exampleString {
-		t.Errorf("unexpected management url: %s", resp)
+		t.Errorf("unexpected managemenet url: %s", resp)
 	}
 
 	p.SetPreSharedKey(exampleString)
@@ -102,11 +102,11 @@ func TestPreferences_Commit(t *testing.T) {
 
 	resp, err = p.GetManagementURL()
 	if err != nil {
-		t.Fatalf("failed to read management url: %s", err)
+		t.Fatalf("failed to read managmenet url: %s", err)
 	}
 
 	if resp != exampleURL {
-		t.Errorf("unexpected management url: %s", resp)
+		t.Errorf("unexpected managemenet url: %s", resp)
 	}
 
 	resp, err = p.GetPreSharedKey()

client/cmd/login.go

@@ -85,7 +85,6 @@ var loginCmd = &cobra.Command{
 			PreSharedKey:         preSharedKey,
 			ManagementUrl:        managementURL,
 			IsLinuxDesktopClient: isLinuxRunningDesktop(),
-			Hostname:             hostName,
 		}
 
 		var loginErr error
@@ -115,7 +114,7 @@ var loginCmd = &cobra.Command{
 		if loginResp.NeedsSSOLogin {
 			openURL(cmd, loginResp.VerificationURIComplete, loginResp.UserCode)
 
-			_, err = client.WaitSSOLogin(ctx, &proto.WaitSSOLoginRequest{UserCode: loginResp.UserCode, Hostname: hostName})
+			_, err = client.WaitSSOLogin(ctx, &proto.WaitSSOLoginRequest{UserCode: loginResp.UserCode})
 			if err != nil {
 				return fmt.Errorf("waiting sso login failed with: %v", err)
 			}
@@ -178,8 +177,8 @@ func foregroundGetTokenInfo(ctx context.Context, cmd *cobra.Command, config *int
 
 	openURL(cmd, flowInfo.VerificationURIComplete, flowInfo.UserCode)
 
-	waitTimeout := time.Duration(flowInfo.ExpiresIn) * time.Second
-	waitCTX, c := context.WithTimeout(context.TODO(), waitTimeout)
+	waitTimeout := time.Duration(flowInfo.ExpiresIn)
+	waitCTX, c := context.WithTimeout(context.TODO(), waitTimeout*time.Second)
 	defer c()
 
 	tokenInfo, err := oAuthFlow.WaitToken(waitCTX, flowInfo)

client/cmd/root.go

@@ -92,7 +92,7 @@ func init() {
 	rootCmd.PersistentFlags().StringVar(&adminURL, "admin-url", "", fmt.Sprintf("Admin Panel URL [http|https]://[host]:[port] (default \"%s\")", internal.DefaultAdminURL))
 	rootCmd.PersistentFlags().StringVarP(&configPath, "config", "c", defaultConfigPath, "Netbird config file location")
 	rootCmd.PersistentFlags().StringVarP(&logLevel, "log-level", "l", "info", "sets Netbird log level")
-	rootCmd.PersistentFlags().StringVar(&logFile, "log-file", defaultLogFile, "sets Netbird log path. If console is specified the log will be output to stdout")
+	rootCmd.PersistentFlags().StringVar(&logFile, "log-file", defaultLogFile, "sets Netbird log path. If console is specified the the log will be output to stdout")
 	rootCmd.PersistentFlags().StringVarP(&setupKey, "setup-key", "k", "", "Setup key obtained from the Management Service Dashboard (used to register peer)")
 	rootCmd.PersistentFlags().StringVar(&preSharedKey, "preshared-key", "", "Sets Wireguard PreSharedKey property. If set, then only peers that have the same key can communicate.")
 	rootCmd.PersistentFlags().StringVarP(&hostName, "hostname", "n", "", "Sets a custom hostname for the device")

client/cmd/status.go

@@ -234,7 +234,7 @@ func mapPeers(peers []*proto.PeerState) peersStateOutput {
 			continue
 		}
 		if isPeerConnected {
-			peersConnected++
+			peersConnected = peersConnected + 1
 
 			localICE = pbPeerState.GetLocalIceCandidateType()
 			remoteICE = pbPeerState.GetRemoteIceCandidateType()
@@ -407,7 +407,7 @@ func parsePeers(peers peersStateOutput) string {
 			peerState.LastStatusUpdate.Format("2006-01-02 15:04:05"),
 		)
 
-		peersString += peerString
+		peersString = peersString + peerString
 	}
 	return peersString
 }

client/cmd/testutil.go

@@ -22,7 +22,6 @@ import (
 )
 
 func startTestingServices(t *testing.T) string {
-	t.Helper()
 	config := &mgmt.Config{}
 	_, err := util.ReadJson("../testdata/management.json", config)
 	if err != nil {
@@ -45,7 +44,6 @@ func startTestingServices(t *testing.T) string {
 }
 
 func startSignal(t *testing.T) (*grpc.Server, net.Listener) {
-	t.Helper()
 	lis, err := net.Listen("tcp", ":0")
 	if err != nil {
 		t.Fatal(err)
@@ -62,18 +60,17 @@ func startSignal(t *testing.T) (*grpc.Server, net.Listener) {
 }
 
 func startManagement(t *testing.T, config *mgmt.Config) (*grpc.Server, net.Listener) {
-	t.Helper()
 	lis, err := net.Listen("tcp", ":0")
 	if err != nil {
 		t.Fatal(err)
 	}
 	s := grpc.NewServer()
-	store, err := mgmt.NewStoreFromJson(config.Datadir, nil)
+	store, err := mgmt.NewFileStore(config.Datadir, nil)
 	if err != nil {
 		t.Fatal(err)
 	}
 
-	peersUpdateManager := mgmt.NewPeersUpdateManager(nil)
+	peersUpdateManager := mgmt.NewPeersUpdateManager()
 	eventStore := &activity.InMemoryEventStore{}
 	if err != nil {
 		return nil, nil
@@ -101,7 +98,6 @@ func startManagement(t *testing.T, config *mgmt.Config) (*grpc.Server, net.Liste
 func startClientDaemon(
 	t *testing.T, ctx context.Context, managementURL, configPath string,
 ) (*grpc.Server, net.Listener) {
-	t.Helper()
 	lis, err := net.Listen("tcp", "127.0.0.1:0")
 	if err != nil {
 		t.Fatal(err)

client/cmd/up.go

@@ -123,7 +123,7 @@ func runInDaemonMode(ctx context.Context, cmd *cobra.Command) error {
 	defer func() {
 		err := conn.Close()
 		if err != nil {
-			log.Warnf("failed closing daemon gRPC client connection %v", err)
+			log.Warnf("failed closing dameon gRPC client connection %v", err)
 			return
 		}
 	}()
@@ -149,7 +149,6 @@ func runInDaemonMode(ctx context.Context, cmd *cobra.Command) error {
 		CleanNATExternalIPs:  natExternalIPs != nil && len(natExternalIPs) == 0,
 		CustomDNSAddress:     customDNSAddressConverted,
 		IsLinuxDesktopClient: isLinuxRunningDesktop(),
-		Hostname:             hostName,
 	}
 
 	var loginErr error
@@ -180,7 +179,7 @@ func runInDaemonMode(ctx context.Context, cmd *cobra.Command) error {
 
 		openURL(cmd, loginResp.VerificationURIComplete, loginResp.UserCode)
 
-		_, err = client.WaitSSOLogin(ctx, &proto.WaitSSOLoginRequest{UserCode: loginResp.UserCode, Hostname: hostName})
+		_, err = client.WaitSSOLogin(ctx, &proto.WaitSSOLoginRequest{UserCode: loginResp.UserCode})
 		if err != nil {
 			return fmt.Errorf("waiting sso login failed with: %v", err)
 		}
@@ -201,11 +200,11 @@ func validateNATExternalIPs(list []string) error {
 
 		subElements := strings.Split(element, "/")
 		if len(subElements) > 2 {
-			return fmt.Errorf("%s is not a valid input for %s. it should be formatted as \"String\" or \"String/String\"", element, externalIPMapFlag)
+			return fmt.Errorf("%s is not a valid input for %s. it should be formated as \"String\" or \"String/String\"", element, externalIPMapFlag)
 		}
 
 		if len(subElements) == 1 && !isValidIP(subElements[0]) {
-			return fmt.Errorf("%s is not a valid input for %s. it should be formatted as \"IP\" or \"IP/IP\", or \"IP/Interface Name\"", element, externalIPMapFlag)
+			return fmt.Errorf("%s is not a valid input for %s. it should be formated as \"IP\" or \"IP/IP\", or \"IP/Interface Name\"", element, externalIPMapFlag)
 		}
 
 		last := 0
@@ -260,7 +259,7 @@ func parseCustomDNSAddress(modified bool) ([]byte, error) {
 	var parsed []byte
 	if modified {
 		if !isValidAddrPort(customDNSAddress) {
-			return nil, fmt.Errorf("%s is invalid, it should be formatted as IP:Port string or as an empty string like \"\"", customDNSAddress)
+			return nil, fmt.Errorf("%s is invalid, it should be formated as IP:Port string or as an empty string like \"\"", customDNSAddress)
 		}
 		if customDNSAddress == "" && logFile != "console" {
 			parsed = []byte("empty")

client/firewall/iptables/manager_linux.go

@@ -192,7 +192,7 @@ func (m *Manager) AddFiltering(
 	}
 	if ipsetName != "" {
 		// ipset name is defined and it means that this rule was created
-		// for it, need to associate it with ruleset
+		// for it, need to assosiate it with ruleset
 		m.rulesets[ipsetName] = ruleset{
 			rule: rule,
 			ips:  map[string]string{rule.ip: ruleID},
@@ -236,7 +236,7 @@ func (m *Manager) DeleteRule(rule fw.Rule) error {
 		}
 
 		// we delete last IP from the set, that means we need to delete
-		// set itself and associated firewall rule too
+		// set itself and assosiated firewall rule too
 		delete(m.rulesets, r.ipsetName)
 
 		if err := ipset.Destroy(r.ipsetName); err != nil {
@@ -463,16 +463,14 @@ func (m *Manager) actionToStr(action fw.Action) string {
 }
 
 func (m *Manager) transformIPsetName(ipsetName string, sPort, dPort string) string {
-	switch {
-	case ipsetName == "":
+	if ipsetName == "" {
 		return ""
-	case sPort != "" && dPort != "":
+	} else if sPort != "" && dPort != "" {
 		return ipsetName + "-sport-dport"
-	case sPort != "":
+	} else if sPort != "" {
 		return ipsetName + "-sport"
-	case dPort != "":
+	} else if dPort != "" {
 		return ipsetName + "-dport"
-	default:
-		return ipsetName
 	}
+	return ipsetName
 }

client/firewall/iptables/manager_linux_test.go

@@ -206,7 +206,6 @@ func TestIptablesManagerIPSet(t *testing.T) {
 }
 
 func checkRuleSpecs(t *testing.T, ipv4Client *iptables.IPTables, chainName string, mustExists bool, rulespec ...string) {
-    t.Helper()
 	exists, err := ipv4Client.Exists("filter", chainName, rulespec...)
 	require.NoError(t, err, "failed to check rule")
 	require.Falsef(t, !exists && mustExists, "rule '%v' does not exist", rulespec)

client/firewall/nftables/manager_linux.go

@@ -754,7 +754,7 @@ func (m *Manager) AllowNetbird() error {
 	}
 
 	if chain == nil {
-		log.Debugf("chain INPUT not found. Skipping add allow netbird rule")
+		log.Debugf("chain INPUT not found. Skiping add allow netbird rule")
 		return nil
 	}
 
@@ -791,7 +791,7 @@ func (m *Manager) flushWithBackoff() (err error) {
 				return err
 			}
 			time.Sleep(backoffTime)
-			backoffTime *= 2
+			backoffTime = backoffTime * 2
 			continue
 		}
 		break

client/firewall/nftables/manager_linux_test.go

@@ -148,7 +148,7 @@ func TestNftablesManager(t *testing.T) {
 	// test expectations:
 	// 1) "accept extra routed traffic rule" for the interface
 	// 2) "drop all rule" for the interface
-	require.Len(t, rules, 2, "expected 2 rules after deletion")
+	require.Len(t, rules, 2, "expected 2 rules after deleteion")
 
 	err = manager.Reset()
 	require.NoError(t, err, "failed to reset")

client/firewall/uspfilter/allow_netbird_windows.go

@@ -1,19 +1,21 @@
 package uspfilter
 
 import (
+	"errors"
 	"fmt"
 	"os/exec"
+	"strings"
 	"syscall"
-
-	log "github.com/sirupsen/logrus"
 )
 
 type action string
 
 const (
-	addRule          action = "add"
-	deleteRule       action = "delete"
-	firewallRuleName        = "Netbird"
+	addRule    action = "add"
+	deleteRule action = "delete"
+
+	firewallRuleName     = "Netbird"
+	noRulesMatchCriteria = "No rules match the specified criteria"
 )
 
 // Reset firewall to the default state
@@ -24,14 +26,6 @@ func (m *Manager) Reset() error {
 	m.outgoingRules = make(map[string]RuleSet)
 	m.incomingRules = make(map[string]RuleSet)
 
-	if !isWindowsFirewallReachable() {
-		return nil
-	}
-
-	if !isFirewallRuleActive(firewallRuleName) {
-		return nil
-	}
-
 	if err := manageFirewallRule(firewallRuleName, deleteRule); err != nil {
 		return fmt.Errorf("couldn't remove windows firewall: %w", err)
 	}
@@ -41,13 +35,6 @@ func (m *Manager) Reset() error {
 
 // AllowNetbird allows netbird interface traffic
 func (m *Manager) AllowNetbird() error {
-	if !isWindowsFirewallReachable() {
-		return nil
-	}
-
-	if isFirewallRuleActive(firewallRuleName) {
-		return nil
-	}
 	return manageFirewallRule(firewallRuleName,
 		addRule,
 		"dir=in",
@@ -58,37 +45,47 @@ func (m *Manager) AllowNetbird() error {
 	)
 }
 
-func manageFirewallRule(ruleName string, action action, extraArgs ...string) error {
-
-	args := []string{"advfirewall", "firewall", string(action), "rule", "name=" + ruleName}
-	if action == addRule {
-		args = append(args, extraArgs...)
-	}
-
-	cmd := exec.Command("netsh", args...)
-	cmd.SysProcAttr = &syscall.SysProcAttr{HideWindow: true}
-	return cmd.Run()
-}
-
-func isWindowsFirewallReachable() bool {
-	args := []string{"advfirewall", "show", "allprofiles", "state"}
-	cmd := exec.Command("netsh", args...)
-	cmd.SysProcAttr = &syscall.SysProcAttr{HideWindow: true}
-
-	_, err := cmd.Output()
+func manageFirewallRule(ruleName string, action action, args ...string) error {
+	active, err := isFirewallRuleActive(ruleName)
 	if err != nil {
-		log.Infof("Windows firewall is not reachable, skipping default rule management. Using only user space rules. Error: %s", err)
-		return false
+		return err
 	}
 
-	return true
+	if (action == addRule && !active) || (action == deleteRule && active) {
+		baseArgs := []string{"advfirewall", "firewall", string(action), "rule", "name=" + ruleName}
+		args := append(baseArgs, args...)
+
+		cmd := exec.Command("netsh", args...)
+		cmd.SysProcAttr = &syscall.SysProcAttr{HideWindow: true}
+		return cmd.Run()
+	}
+
+	return nil
 }
 
-func isFirewallRuleActive(ruleName string) bool {
+func isFirewallRuleActive(ruleName string) (bool, error) {
 	args := []string{"advfirewall", "firewall", "show", "rule", "name=" + ruleName}
 
 	cmd := exec.Command("netsh", args...)
 	cmd.SysProcAttr = &syscall.SysProcAttr{HideWindow: true}
-	_, err := cmd.Output()
-	return err == nil
+	output, err := cmd.Output()
+	if err != nil {
+		var exitError *exec.ExitError
+		if errors.As(err, &exitError) {
+			// if the firewall rule is not active, we expect last exit code to be 1
+			exitStatus := exitError.Sys().(syscall.WaitStatus).ExitStatus()
+			if exitStatus == 1 {
+				if strings.Contains(string(output), noRulesMatchCriteria) {
+					return false, nil
+				}
+			}
+		}
+		return false, err
+	}
+
+	if strings.Contains(string(output), noRulesMatchCriteria) {
+		return false, nil
+	}
+
+	return true, nil
 }

client/firewall/uspfilter/uspfilter.go

@@ -32,7 +32,7 @@ type Manager struct {
 	wgNetwork     *net.IPNet
 	decoders      sync.Pool
 	wgIface       IFaceMapper
-	resetHook     func() error
+	resetHook func() error
 
 	mutex sync.RWMutex
 }
@@ -188,7 +188,7 @@ func (m *Manager) DropIncoming(packetData []byte) bool {
 	return m.dropFilter(packetData, m.incomingRules, true)
 }
 
-// dropFilter implements same logic for booth direction of the traffic
+// dropFilter imlements same logic for booth direction of the traffic
 func (m *Manager) dropFilter(packetData []byte, rules map[string]RuleSet, isIncomingPacket bool) bool {
 	m.mutex.RLock()
 	defer m.mutex.RUnlock()
@@ -355,16 +355,14 @@ func (m *Manager) RemovePacketHook(hookID string) error {
 	for _, arr := range m.incomingRules {
 		for _, r := range arr {
 			if r.id == hookID {
-				rule := r
-				return m.DeleteRule(&rule)
+				return m.DeleteRule(&r)
 			}
 		}
 	}
 	for _, arr := range m.outgoingRules {
 		for _, r := range arr {
 			if r.id == hookID {
-				rule := r
-				return m.DeleteRule(&rule)
+				return m.DeleteRule(&r)
 			}
 		}
 	}

client/installer.nsis

@@ -166,9 +166,10 @@ WriteRegStr ${REG_ROOT} "${UI_REG_APP_PATH}" "" "$INSTDIR\${UI_APP_EXE}"
 EnVar::SetHKLM
 EnVar::AddValueEx "path" "$INSTDIR"
 
-SetShellVarContext all
+SetShellVarContext current
 CreateShortCut "$SMPROGRAMS\${APP_NAME}.lnk" "$INSTDIR\${UI_APP_EXE}"
 CreateShortCut "$DESKTOP\${APP_NAME}.lnk" "$INSTDIR\${UI_APP_EXE}"
+SetShellVarContext all
 SectionEnd
 
 Section -Post
@@ -195,9 +196,10 @@ Delete "$INSTDIR\${MAIN_APP_EXE}"
 Delete "$INSTDIR\wintun.dll"
 RmDir /r "$INSTDIR"
 
-SetShellVarContext all
+SetShellVarContext current
 Delete "$DESKTOP\${APP_NAME}.lnk"
 Delete "$SMPROGRAMS\${APP_NAME}.lnk"
+SetShellVarContext all
 
 DeleteRegKey ${REG_ROOT} "${REG_APP_PATH}"
 DeleteRegKey ${REG_ROOT} "${UNINSTALL_PATH}"
@@ -207,7 +209,8 @@ SectionEnd
 
 
 Function LaunchLink
-SetShellVarContext all
+SetShellVarContext current
    SetOutPath $INSTDIR
    ShellExecAsUser::ShellExecAsUser "" "$DESKTOP\${APP_NAME}.lnk"
+SetShellVarContext all
 FunctionEnd

client/internal/acl/manager.go

@@ -53,7 +53,7 @@ func newDefaultManager(fm firewall.Manager) *DefaultManager {
 
 // ApplyFiltering firewall rules to the local firewall manager processed by ACL policy.
 //
-// If allowByDefault is true it appends allow ALL traffic rules to input and output chains.
+// If allowByDefault is ture it appends allow ALL traffic rules to input and output chains.
 func (d *DefaultManager) ApplyFiltering(networkMap *mgmProto.NetworkMap) {
 	d.mutex.Lock()
 	defer d.mutex.Unlock()
@@ -366,7 +366,7 @@ func (d *DefaultManager) squashAcceptRules(
 			protocols[r.Protocol] = map[string]int{}
 		}
 
-		// special case, when we receive this all network IP address
+		// special case, when we recieve this all network IP address
 		// it means that rules for that protocol was already optimized on the
 		// management side
 		if r.PeerIP == "0.0.0.0" {
@@ -393,7 +393,7 @@ func (d *DefaultManager) squashAcceptRules(
 	}
 
 	// order of squashing by protocol is important
-	// only for their first element ALL, it must be done first
+	// only for ther first element ALL, it must be done first
 	protocolOrders := []mgmProto.FirewallRuleProtocol{
 		mgmProto.FirewallRule_ALL,
 		mgmProto.FirewallRule_ICMP,

client/internal/acl/manager_create.go

@@ -20,7 +20,7 @@ func Create(iface IFaceMapper) (manager *DefaultManager, err error) {
 			return nil, err
 		}
 		if err := fm.AllowNetbird(); err != nil {
-			log.Warnf("failed to allow netbird interface traffic: %v", err)
+			log.Errorf("failed to allow netbird interface traffic: %v", err)
 		}
 		return newDefaultManager(fm), nil
 	}

client/internal/acl/manager_test.go

@@ -189,33 +189,31 @@ func TestDefaultManagerSquashRules(t *testing.T) {
 	}
 
 	r := rules[0]
-	switch {
-	case r.PeerIP != "0.0.0.0":
+	if r.PeerIP != "0.0.0.0" {
 		t.Errorf("IP should be 0.0.0.0, got: %v", r.PeerIP)
 		return
-	case r.Direction != mgmProto.FirewallRule_IN:
+	} else if r.Direction != mgmProto.FirewallRule_IN {
 		t.Errorf("direction should be IN, got: %v", r.Direction)
 		return
-	case r.Protocol != mgmProto.FirewallRule_ALL:
+	} else if r.Protocol != mgmProto.FirewallRule_ALL {
 		t.Errorf("protocol should be ALL, got: %v", r.Protocol)
 		return
-	case r.Action != mgmProto.FirewallRule_ACCEPT:
+	} else if r.Action != mgmProto.FirewallRule_ACCEPT {
 		t.Errorf("action should be ACCEPT, got: %v", r.Action)
 		return
 	}
 
 	r = rules[1]
-	switch {
-	case r.PeerIP != "0.0.0.0":
+	if r.PeerIP != "0.0.0.0" {
 		t.Errorf("IP should be 0.0.0.0, got: %v", r.PeerIP)
 		return
-	case r.Direction != mgmProto.FirewallRule_OUT:
+	} else if r.Direction != mgmProto.FirewallRule_OUT {
 		t.Errorf("direction should be OUT, got: %v", r.Direction)
 		return
-	case r.Protocol != mgmProto.FirewallRule_ALL:
+	} else if r.Protocol != mgmProto.FirewallRule_ALL {
 		t.Errorf("protocol should be ALL, got: %v", r.Protocol)
 		return
-	case r.Action != mgmProto.FirewallRule_ACCEPT:
+	} else if r.Action != mgmProto.FirewallRule_ACCEPT {
 		t.Errorf("action should be ACCEPT, got: %v", r.Action)
 		return
 	}
@@ -283,7 +281,7 @@ func TestDefaultManagerSquashRulesNoAffect(t *testing.T) {
 
 	manager := &DefaultManager{}
 	if rules, _ := manager.squashAcceptRules(networkMap); len(rules) != len(networkMap.FirewallRules) {
-		t.Errorf("we should get the same amount of rules as output, got %v", len(rules))
+		t.Errorf("we should got same amount of rules as intput, got %v", len(rules))
 	}
 }
 

client/internal/auth/device_flow.go

@@ -4,13 +4,12 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"github.com/netbirdio/netbird/client/internal"
 	"io"
 	"net/http"
 	"net/url"
 	"strings"
 	"time"
-
-	"github.com/netbirdio/netbird/client/internal"
 )
 
 // HostedGrantType grant type for device flow on Hosted
@@ -175,7 +174,7 @@ func (d *DeviceAuthorizationFlow) WaitToken(ctx context.Context, info AuthFlowIn
 				if tokenResponse.Error == "authorization_pending" {
 					continue
 				} else if tokenResponse.Error == "slow_down" {
-					interval += (3 * time.Second)
+					interval = interval + (3 * time.Second)
 					ticker.Reset(interval)
 					continue
 				}

client/internal/auth/oauth.go

@@ -92,15 +92,15 @@ func authenticateWithPKCEFlow(ctx context.Context, config *internal.Config) (OAu
 func authenticateWithDeviceCodeFlow(ctx context.Context, config *internal.Config) (OAuthFlow, error) {
 	deviceFlowInfo, err := internal.GetDeviceAuthorizationFlowInfo(ctx, config.PrivateKey, config.ManagementURL)
 	if err != nil {
-		switch s, ok := gstatus.FromError(err); {
-		case ok && s.Code() == codes.NotFound:
+		s, ok := gstatus.FromError(err)
+		if ok && s.Code() == codes.NotFound {
 			return nil, fmt.Errorf("no SSO provider returned from management. " +
 				"Please proceed with setting up this device using setup keys " +
 				"https://docs.netbird.io/how-to/register-machines-using-setup-keys")
-		case ok && s.Code() == codes.Unimplemented:
+		} else if ok && s.Code() == codes.Unimplemented {
 			return nil, fmt.Errorf("the management server, %s, does not support SSO providers, "+
 				"please update your server or use Setup Keys to login", config.ManagementURL)
-		default:
+		} else {
 			return nil, fmt.Errorf("getting device authorization flow info failed with error: %v", err)
 		}
 	}

client/internal/config.go

@@ -273,9 +273,9 @@ func parseURL(serviceName, serviceURL string) (*url.URL, error) {
 	if parsedMgmtURL.Port() == "" {
 		switch parsedMgmtURL.Scheme {
 		case "https":
-			parsedMgmtURL.Host += ":443"
+			parsedMgmtURL.Host = parsedMgmtURL.Host + ":443"
 		case "http":
-			parsedMgmtURL.Host += ":80"
+			parsedMgmtURL.Host = parsedMgmtURL.Host + ":80"
 		default:
 			log.Infof("unable to determine a default port for schema %s in URL %s", parsedMgmtURL.Scheme, serviceURL)
 		}

client/internal/connect.go

@@ -13,8 +13,8 @@ import (
 	gstatus "google.golang.org/grpc/status"
 
 	"github.com/netbirdio/netbird/client/internal/dns"
-	"github.com/netbirdio/netbird/client/internal/listener"
 	"github.com/netbirdio/netbird/client/internal/peer"
+	"github.com/netbirdio/netbird/client/internal/routemanager"
 	"github.com/netbirdio/netbird/client/internal/stdnet"
 	"github.com/netbirdio/netbird/client/ssh"
 	"github.com/netbirdio/netbird/client/system"
@@ -22,7 +22,6 @@ import (
 	mgm "github.com/netbirdio/netbird/management/client"
 	mgmProto "github.com/netbirdio/netbird/management/proto"
 	signal "github.com/netbirdio/netbird/signal/client"
-	"github.com/netbirdio/netbird/version"
 )
 
 // RunClient with main logic.
@@ -31,21 +30,29 @@ func RunClient(ctx context.Context, config *Config, statusRecorder *peer.Status)
 }
 
 // RunClientMobile with main logic on mobile system
-func RunClientMobile(ctx context.Context, config *Config, statusRecorder *peer.Status, tunAdapter iface.TunAdapter, iFaceDiscover stdnet.ExternalIFaceDiscover, networkChangeListener listener.NetworkChangeListener, dnsAddresses []string, dnsReadyListener dns.ReadyListener) error {
+func RunClientMobile(ctx context.Context, config *Config, statusRecorder *peer.Status, tunAdapter iface.TunAdapter, iFaceDiscover stdnet.ExternalIFaceDiscover, routeListener routemanager.RouteListener, dnsAddresses []string, dnsReadyListener dns.ReadyListener) error {
 	// in case of non Android os these variables will be nil
 	mobileDependency := MobileDependency{
-		TunAdapter:            tunAdapter,
-		IFaceDiscover:         iFaceDiscover,
-		NetworkChangeListener: networkChangeListener,
-		HostDNSAddresses:      dnsAddresses,
-		DnsReadyListener:      dnsReadyListener,
+		TunAdapter:       tunAdapter,
+		IFaceDiscover:    iFaceDiscover,
+		RouteListener:    routeListener,
+		HostDNSAddresses: dnsAddresses,
+		DnsReadyListener: dnsReadyListener,
+	}
+	return runClient(ctx, config, statusRecorder, mobileDependency)
+}
+
+func RunClientiOS(ctx context.Context, config *Config, statusRecorder *peer.Status, fileDescriptor int32, routeListener routemanager.RouteListener, dnsManager dns.IosDnsManager, interfaceName string) error {
+	mobileDependency := MobileDependency{
+		FileDescriptor: fileDescriptor,
+		InterfaceName:  interfaceName,
+		RouteListener:  routeListener,
+		DnsManager:     dnsManager,
 	}
 	return runClient(ctx, config, statusRecorder, mobileDependency)
 }
 
 func runClient(ctx context.Context, config *Config, statusRecorder *peer.Status, mobileDependency MobileDependency) error {
-	log.Infof("starting NetBird client version %s", version.NetbirdVersion())
-
 	backOff := &backoff.ExponentialBackOff{
 		InitialInterval:     time.Second,
 		RandomizationFactor: 1,
@@ -99,7 +106,7 @@ func runClient(ctx context.Context, config *Config, statusRecorder *peer.Status,
 			cancel()
 		}()
 
-		log.Debugf("connecting to the Management service %s", config.ManagementURL.Host)
+		log.Debugf("conecting to the Management service %s", config.ManagementURL.Host)
 		mgmClient, err := mgm.NewClient(engineCtx, config.ManagementURL.Host, myPrivateKey, mgmTlsEnabled)
 		if err != nil {
 			return wrapErr(gstatus.Errorf(codes.FailedPrecondition, "failed connecting to Management Service : %s", err))

client/internal/dns/file_linux.go

@@ -3,26 +3,30 @@
 package dns
 
 import (
-	"bufio"
 	"bytes"
 	"fmt"
 	"os"
-	"strings"
 
 	log "github.com/sirupsen/logrus"
 )
 
 const (
-	fileGeneratedResolvConfContentHeader         = "# Generated by NetBird"
-	fileGeneratedResolvConfContentHeaderNextLine = fileGeneratedResolvConfContentHeader + `
-# If needed you can restore the original file by copying back ` + fileDefaultResolvConfBackupLocation + "\n\n"
-
-	fileDefaultResolvConfBackupLocation = defaultResolvConfPath + ".original.netbird"
-
-	fileMaxLineCharsLimit        = 256
-	fileMaxNumberOfSearchDomains = 6
+	fileGeneratedResolvConfContentHeader      = "# Generated by NetBird"
+	fileGeneratedResolvConfSearchBeginContent = "search "
+	fileGeneratedResolvConfContentFormat      = fileGeneratedResolvConfContentHeader +
+		"\n# If needed you can restore the original file by copying back %s\n\nnameserver %s\n" +
+		fileGeneratedResolvConfSearchBeginContent + "%s\n\n" +
+		"%s\n"
 )
 
+const (
+	fileDefaultResolvConfBackupLocation = defaultResolvConfPath + ".original.netbird"
+	fileMaxLineCharsLimit               = 256
+	fileMaxNumberOfSearchDomains        = 6
+)
+
+var fileSearchLineBeginCharCount = len(fileGeneratedResolvConfSearchBeginContent)
+
 type fileConfigurator struct {
 	originalPerms os.FileMode
 }
@@ -35,7 +39,7 @@ func (f *fileConfigurator) supportCustomPort() bool {
 	return false
 }
 
-func (f *fileConfigurator) applyDNSConfig(config hostDNSConfig) error {
+func (f *fileConfigurator) applyDNSConfig(config HostDNSConfig) error {
 	backupFileExist := false
 	_, err := os.Stat(fileDefaultResolvConfBackupLocation)
 	if err == nil {
@@ -51,39 +55,58 @@ func (f *fileConfigurator) applyDNSConfig(config hostDNSConfig) error {
 		}
 		return fmt.Errorf("unable to configure DNS for this peer using file manager without a nameserver group with all domains configured")
 	}
-
-	if !backupFileExist {
-		err = f.backup()
-		if err != nil {
-			return fmt.Errorf("unable to backup the resolv.conf file")
+	managerType, err := getOSDNSManagerType()
+	if err != nil {
+		return err
+	}
+	switch managerType {
+	case fileManager, netbirdManager:
+		if !backupFileExist {
+			err = f.backup()
+			if err != nil {
+				return fmt.Errorf("unable to backup the resolv.conf file")
+			}
 		}
+	default:
+		// todo improve this and maybe restart DNS manager from scratch
+		return fmt.Errorf("something happened and file manager is not your prefered host dns configurator, restart the agent")
 	}
 
-	searchDomainList := searchDomains(config)
+	var searchDomains string
+	appendedDomains := 0
+	for _, dConf := range config.domains {
+		if dConf.matchOnly || dConf.disabled {
+			continue
+		}
+		if appendedDomains >= fileMaxNumberOfSearchDomains {
+			// lets log all skipped domains
+			log.Infof("already appended %d domains to search list. Skipping append of %s domain", fileMaxNumberOfSearchDomains, dConf.domain)
+			continue
+		}
+		if fileSearchLineBeginCharCount+len(searchDomains) > fileMaxLineCharsLimit {
+			// lets log all skipped domains
+			log.Infof("search list line is larger than %d characters. Skipping append of %s domain", fileMaxLineCharsLimit, dConf.domain)
+			continue
+		}
 
-	originalSearchDomains, nameServers, others, err := originalDNSConfigs(fileDefaultResolvConfBackupLocation)
-	if err != nil {
-		log.Error(err)
+		searchDomains += " " + dConf.domain
+		appendedDomains++
 	}
 
-	searchDomainList = mergeSearchDomains(searchDomainList, originalSearchDomains)
-
-	buf := prepareResolvConfContent(
-		searchDomainList,
-		append([]string{config.serverIP}, nameServers...),
-		others)
-
-	log.Debugf("creating managed file %s", defaultResolvConfPath)
-	err = os.WriteFile(defaultResolvConfPath, buf.Bytes(), f.originalPerms)
+	originalContent, err := os.ReadFile(fileDefaultResolvConfBackupLocation)
 	if err != nil {
-		restoreErr := f.restore()
-		if restoreErr != nil {
+		log.Errorf("Could not read existing resolv.conf")
+	}
+	content := fmt.Sprintf(fileGeneratedResolvConfContentFormat, fileDefaultResolvConfBackupLocation, config.serverIP, searchDomains, string(originalContent))
+	err = writeDNSConfig(content, defaultResolvConfPath, f.originalPerms)
+	if err != nil {
+		err = f.restore()
+		if err != nil {
 			log.Errorf("attempt to restore default file failed with error: %s", err)
 		}
-		return fmt.Errorf("got an creating resolver file %s. Error: %s", defaultResolvConfPath, err)
+		return err
 	}
-
-	log.Infof("created a NetBird managed %s file with your DNS settings. Added %d search domains. Search list: %s", defaultResolvConfPath, len(searchDomainList), searchDomainList)
+	log.Infof("created a NetBird managed %s file with your DNS settings. Added %d search domains. Search list: %s", defaultResolvConfPath, appendedDomains, searchDomains)
 	return nil
 }
 
@@ -115,138 +138,15 @@ func (f *fileConfigurator) restore() error {
 	return os.RemoveAll(fileDefaultResolvConfBackupLocation)
 }
 
-func prepareResolvConfContent(searchDomains, nameServers, others []string) bytes.Buffer {
+func writeDNSConfig(content, fileName string, permissions os.FileMode) error {
+	log.Debugf("creating managed file %s", fileName)
 	var buf bytes.Buffer
-	buf.WriteString(fileGeneratedResolvConfContentHeaderNextLine)
-
-	for _, cfgLine := range others {
-		buf.WriteString(cfgLine)
-		buf.WriteString("\n")
-	}
-
-	if len(searchDomains) > 0 {
-		buf.WriteString("search ")
-		buf.WriteString(strings.Join(searchDomains, " "))
-		buf.WriteString("\n")
-	}
-
-	for _, ns := range nameServers {
-		buf.WriteString("nameserver ")
-		buf.WriteString(ns)
-		buf.WriteString("\n")
-	}
-	return buf
-}
-
-func searchDomains(config hostDNSConfig) []string {
-	listOfDomains := make([]string, 0)
-	for _, dConf := range config.domains {
-		if dConf.matchOnly || dConf.disabled {
-			continue
-		}
-
-		listOfDomains = append(listOfDomains, dConf.domain)
-	}
-	return listOfDomains
-}
-
-func originalDNSConfigs(resolvconfFile string) (searchDomains, nameServers, others []string, err error) {
-	file, err := os.Open(resolvconfFile)
+	buf.WriteString(content)
+	err := os.WriteFile(fileName, buf.Bytes(), permissions)
 	if err != nil {
-		err = fmt.Errorf(`could not read existing resolv.conf`)
-		return
+		return fmt.Errorf("got an creating resolver file %s. Error: %s", fileName, err)
 	}
-	defer file.Close()
-
-	reader := bufio.NewReader(file)
-
-	for {
-		lineBytes, isPrefix, readErr := reader.ReadLine()
-		if readErr != nil {
-			break
-		}
-
-		if isPrefix {
-			err = fmt.Errorf(`resolv.conf line too long`)
-			return
-		}
-
-		line := strings.TrimSpace(string(lineBytes))
-
-		if strings.HasPrefix(line, "#") {
-			continue
-		}
-
-		if strings.HasPrefix(line, "domain") {
-			continue
-		}
-
-		if strings.HasPrefix(line, "options") && strings.Contains(line, "rotate") {
-			line = strings.ReplaceAll(line, "rotate", "")
-			splitLines := strings.Fields(line)
-			if len(splitLines) == 1 {
-				continue
-			}
-			line = strings.Join(splitLines, " ")
-		}
-
-		if strings.HasPrefix(line, "search") {
-			splitLines := strings.Fields(line)
-			if len(splitLines) < 2 {
-				continue
-			}
-
-			searchDomains = splitLines[1:]
-			continue
-		}
-
-		if strings.HasPrefix(line, "nameserver") {
-			splitLines := strings.Fields(line)
-			if len(splitLines) != 2 {
-				continue
-			}
-			nameServers = append(nameServers, splitLines[1])
-			continue
-		}
-
-		others = append(others, line)
-	}
-	return
-}
-
-// merge search domains lists and cut off the list if it is too long
-func mergeSearchDomains(searchDomains []string, originalSearchDomains []string) []string {
-	lineSize := len("search")
-	searchDomainsList := make([]string, 0, len(searchDomains)+len(originalSearchDomains))
-
-	lineSize = validateAndFillSearchDomains(lineSize, &searchDomainsList, searchDomains)
-	_ = validateAndFillSearchDomains(lineSize, &searchDomainsList, originalSearchDomains)
-
-	return searchDomainsList
-}
-
-// validateAndFillSearchDomains checks if the search domains list is not too long and if the line is not too long
-// extend s slice with vs elements
-// return with the number of characters in the searchDomains line
-func validateAndFillSearchDomains(initialLineChars int, s *[]string, vs []string) int {
-	for _, sd := range vs {
-		tmpCharsNumber := initialLineChars + 1 + len(sd)
-		if tmpCharsNumber > fileMaxLineCharsLimit {
-			// lets log all skipped domains
-			log.Infof("search list line is larger than %d characters. Skipping append of %s domain", fileMaxLineCharsLimit, sd)
-			continue
-		}
-
-		initialLineChars = tmpCharsNumber
-
-		if len(*s) >= fileMaxNumberOfSearchDomains {
-			// lets log all skipped domains
-			log.Infof("already appended %d domains to search list. Skipping append of %s domain", fileMaxNumberOfSearchDomains, sd)
-			continue
-		}
-		*s = append(*s, sd)
-	}
-	return initialLineChars
+	return nil
 }
 
 func copyFile(src, dest string) error {

client/internal/dns/file_linux_test.go

@@ -1,62 +0,0 @@
-package dns
-
-import (
-	"fmt"
-	"testing"
-)
-
-func Test_mergeSearchDomains(t *testing.T) {
-	searchDomains := []string{"a", "b"}
-	originDomains := []string{"a", "b"}
-	mergedDomains := mergeSearchDomains(searchDomains, originDomains)
-	if len(mergedDomains) != 4 {
-		t.Errorf("invalid len of result domains: %d, want: %d", len(mergedDomains), 4)
-	}
-}
-
-func Test_mergeSearchTooMuchDomains(t *testing.T) {
-	searchDomains := []string{"a", "b", "c", "d", "e", "f", "g"}
-	originDomains := []string{"h", "i"}
-	mergedDomains := mergeSearchDomains(searchDomains, originDomains)
-	if len(mergedDomains) != 6 {
-		t.Errorf("invalid len of result domains: %d, want: %d", len(mergedDomains), 6)
-	}
-}
-
-func Test_mergeSearchTooMuchDomainsInOrigin(t *testing.T) {
-	searchDomains := []string{"a", "b"}
-	originDomains := []string{"c", "d", "e", "f", "g"}
-	mergedDomains := mergeSearchDomains(searchDomains, originDomains)
-	if len(mergedDomains) != 6 {
-		t.Errorf("invalid len of result domains: %d, want: %d", len(mergedDomains), 6)
-	}
-}
-
-func Test_mergeSearchTooLongDomain(t *testing.T) {
-	searchDomains := []string{getLongLine()}
-	originDomains := []string{"b"}
-	mergedDomains := mergeSearchDomains(searchDomains, originDomains)
-	if len(mergedDomains) != 1 {
-		t.Errorf("invalid len of result domains: %d, want: %d", len(mergedDomains), 1)
-	}
-
-	searchDomains = []string{"b"}
-	originDomains = []string{getLongLine()}
-
-	mergedDomains = mergeSearchDomains(searchDomains, originDomains)
-	if len(mergedDomains) != 1 {
-		t.Errorf("invalid len of result domains: %d, want: %d", len(mergedDomains), 1)
-	}
-}
-
-func getLongLine() string {
-	x := "search "
-	for {
-		for i := 0; i <= 9; i++ {
-			if len(x) > fileMaxLineCharsLimit {
-				return x
-			}
-			x = fmt.Sprintf("%s%d", x, i)
-		}
-	}
-}

client/internal/dns/host.go

@@ -8,12 +8,12 @@ import (
 )
 
 type hostManager interface {
-	applyDNSConfig(config hostDNSConfig) error
+	applyDNSConfig(config HostDNSConfig) error
 	restoreHostDNS() error
 	supportCustomPort() bool
 }
 
-type hostDNSConfig struct {
+type HostDNSConfig struct {
 	domains    []domainConfig
 	routeAll   bool
 	serverIP   string
@@ -27,12 +27,12 @@ type domainConfig struct {
 }
 
 type mockHostConfigurator struct {
-	applyDNSConfigFunc    func(config hostDNSConfig) error
+	applyDNSConfigFunc    func(config HostDNSConfig) error
 	restoreHostDNSFunc    func() error
 	supportCustomPortFunc func() bool
 }
 
-func (m *mockHostConfigurator) applyDNSConfig(config hostDNSConfig) error {
+func (m *mockHostConfigurator) applyDNSConfig(config HostDNSConfig) error {
 	if m.applyDNSConfigFunc != nil {
 		return m.applyDNSConfigFunc(config)
 	}
@@ -55,14 +55,14 @@ func (m *mockHostConfigurator) supportCustomPort() bool {
 
 func newNoopHostMocker() hostManager {
 	return &mockHostConfigurator{
-		applyDNSConfigFunc:    func(config hostDNSConfig) error { return nil },
+		applyDNSConfigFunc:    func(config HostDNSConfig) error { return nil },
 		restoreHostDNSFunc:    func() error { return nil },
 		supportCustomPortFunc: func() bool { return true },
 	}
 }
 
-func dnsConfigToHostDNSConfig(dnsConfig nbdns.Config, ip string, port int) hostDNSConfig {
-	config := hostDNSConfig{
+func dnsConfigToHostDNSConfig(dnsConfig nbdns.Config, ip string, port int) HostDNSConfig {
+	config := HostDNSConfig{
 		routeAll:   false,
 		serverIP:   ip,
 		serverPort: port,
@@ -78,7 +78,7 @@ func dnsConfigToHostDNSConfig(dnsConfig nbdns.Config, ip string, port int) hostD
 		for _, domain := range nsConfig.Domains {
 			config.domains = append(config.domains, domainConfig{
 				domain:    strings.TrimSuffix(domain, "."),
-				matchOnly: !nsConfig.SearchDomainsEnabled,
+				matchOnly: true,
 			})
 		}
 	}

client/internal/dns/host_android.go

@@ -7,7 +7,7 @@ func newHostManager(wgInterface WGIface) (hostManager, error) {
 	return &androidHostManager{}, nil
 }
 
-func (a androidHostManager) applyDNSConfig(config hostDNSConfig) error {
+func (a androidHostManager) applyDNSConfig(config HostDNSConfig) error {
 	return nil
 }
 

client/internal/dns/host_darwin.go

@@ -1,3 +1,5 @@
+//go:build !ios
+
 package dns
 
 import (
@@ -42,7 +44,7 @@ func (s *systemConfigurator) supportCustomPort() bool {
 	return true
 }
 
-func (s *systemConfigurator) applyDNSConfig(config hostDNSConfig) error {
+func (s *systemConfigurator) applyDNSConfig(config HostDNSConfig) error {
 	var err error
 
 	if config.routeAll {

client/internal/dns/host_ios.go

@@ -0,0 +1,48 @@
+package dns
+
+import (
+	"strconv"
+	"strings"
+
+	log "github.com/sirupsen/logrus"
+)
+
+type iosHostManager struct {
+	dnsManager IosDnsManager
+	config     HostDNSConfig
+}
+
+func newHostManager(wgInterface WGIface, dnsManager IosDnsManager) (hostManager, error) {
+	return &iosHostManager{
+		dnsManager: dnsManager,
+	}, nil
+}
+
+func (a iosHostManager) applyDNSConfig(config HostDNSConfig) error {
+	var configAsString []string
+	configAsString = append(configAsString, config.serverIP)
+	configAsString = append(configAsString, strconv.Itoa(config.serverPort))
+	configAsString = append(configAsString, strconv.FormatBool(config.routeAll))
+	var domainConfigAsString []string
+	for _, domain := range config.domains {
+		var domainAsString []string
+		domainAsString = append(domainAsString, strconv.FormatBool(domain.disabled))
+		domainAsString = append(domainAsString, domain.domain)
+		domainAsString = append(domainAsString, strconv.FormatBool(domain.matchOnly))
+		domainConfigAsString = append(domainConfigAsString, strings.Join(domainAsString, "|"))
+	}
+	domainConfig := strings.Join(domainConfigAsString, ";")
+	configAsString = append(configAsString, domainConfig)
+	outputString := strings.Join(configAsString, ",")
+	log.Debug("applyDNSConfig: " + outputString)
+	a.dnsManager.ApplyDns(outputString)
+	return nil
+}
+
+func (a iosHostManager) restoreHostDNS() error {
+	return nil
+}
+
+func (a iosHostManager) supportCustomPort() bool {
+	return false
+}

client/internal/dns/host_windows.go

@@ -22,11 +22,13 @@ const (
 	interfaceConfigPath          = "SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces"
 	interfaceConfigNameServerKey = "NameServer"
 	interfaceConfigSearchListKey = "SearchList"
+	tcpipParametersPath          = "SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters"
 )
 
 type registryConfigurator struct {
-	guid       string
-	routingAll bool
+	guid                  string
+	routingAll            bool
+	existingSearchDomains []string
 }
 
 func newHostManager(wgInterface WGIface) (hostManager, error) {
@@ -43,7 +45,7 @@ func (s *registryConfigurator) supportCustomPort() bool {
 	return false
 }
 
-func (r *registryConfigurator) applyDNSConfig(config hostDNSConfig) error {
+func (r *registryConfigurator) applyDNSConfig(config HostDNSConfig) error {
 	var err error
 	if config.routeAll {
 		err = r.addDNSSetupForAll(config.serverIP)
@@ -146,11 +148,30 @@ func (r *registryConfigurator) restoreHostDNS() error {
 		log.Error(err)
 	}
 
-	return r.deleteInterfaceRegistryKeyProperty(interfaceConfigSearchListKey)
+	return r.updateSearchDomains([]string{})
 }
 
 func (r *registryConfigurator) updateSearchDomains(domains []string) error {
-	err := r.setInterfaceRegistryKeyStringValue(interfaceConfigSearchListKey, strings.Join(domains, ","))
+	value, err := getLocalMachineRegistryKeyStringValue(tcpipParametersPath, interfaceConfigSearchListKey)
+	if err != nil {
+		return fmt.Errorf("unable to get current search domains failed with error: %s", err)
+	}
+
+	valueList := strings.Split(value, ",")
+	setExisting := false
+	if len(r.existingSearchDomains) == 0 {
+		r.existingSearchDomains = valueList
+		setExisting = true
+	}
+
+	if len(domains) == 0 && setExisting {
+		log.Infof("added %d search domains to the registry. Domain list: %s", len(domains), domains)
+		return nil
+	}
+
+	newList := append(r.existingSearchDomains, domains...)
+
+	err = setLocalMachineRegistryKeyStringValue(tcpipParametersPath, interfaceConfigSearchListKey, strings.Join(newList, ","))
 	if err != nil {
 		return fmt.Errorf("adding search domain failed with error: %s", err)
 	}
@@ -214,3 +235,33 @@ func removeRegistryKeyFromDNSPolicyConfig(regKeyPath string) error {
 	}
 	return nil
 }
+
+func getLocalMachineRegistryKeyStringValue(keyPath, key string) (string, error) {
+	regKey, err := registry.OpenKey(registry.LOCAL_MACHINE, keyPath, registry.QUERY_VALUE)
+	if err != nil {
+		return "", fmt.Errorf("unable to open existing key from registry, key path: HKEY_LOCAL_MACHINE\\%s, error: %s", keyPath, err)
+	}
+	defer regKey.Close()
+
+	val, _, err := regKey.GetStringValue(key)
+	if err != nil {
+		return "", fmt.Errorf("getting %s value for key path HKEY_LOCAL_MACHINE\\%s failed with error: %s", key, keyPath, err)
+	}
+
+	return val, nil
+}
+
+func setLocalMachineRegistryKeyStringValue(keyPath, key, value string) error {
+	regKey, err := registry.OpenKey(registry.LOCAL_MACHINE, keyPath, registry.SET_VALUE)
+	if err != nil {
+		return fmt.Errorf("unable to open existing key from registry, key path: HKEY_LOCAL_MACHINE\\%s, error: %s", keyPath, err)
+	}
+	defer regKey.Close()
+
+	err = regKey.SetStringValue(key, value)
+	if err != nil {
+		return fmt.Errorf("setting %s value %s for key path HKEY_LOCAL_MACHINE\\%s failed with error: %s", key, value, keyPath, err)
+	}
+
+	return nil
+}

client/internal/dns/mockServer.go

@@ -2,7 +2,6 @@ package dns
 
 import (
 	"fmt"
-
 	nbdns "github.com/netbirdio/netbird/dns"
 )
 
@@ -44,7 +43,3 @@ func (m *MockServer) UpdateDNSServer(serial uint64, update nbdns.Config) error {
 	}
 	return fmt.Errorf("method UpdateDNSServer is not implemented")
 }
-
-func (m *MockServer) SearchDomains() []string {
-	return make([]string, 0)
-}

client/internal/dns/network_manager_linux.go

@@ -7,12 +7,12 @@ import (
 	"encoding/binary"
 	"fmt"
 	"net/netip"
+	"regexp"
 	"time"
 
 	"github.com/godbus/dbus/v5"
 	"github.com/hashicorp/go-version"
 	"github.com/miekg/dns"
-	nbversion "github.com/netbirdio/netbird/version"
 	log "github.com/sirupsen/logrus"
 )
 
@@ -93,7 +93,7 @@ func (n *networkManagerDbusConfigurator) supportCustomPort() bool {
 	return false
 }
 
-func (n *networkManagerDbusConfigurator) applyDNSConfig(config hostDNSConfig) error {
+func (n *networkManagerDbusConfigurator) applyDNSConfig(config HostDNSConfig) error {
 	connSettings, configVersion, err := n.getAppliedConnectionSettings()
 	if err != nil {
 		return fmt.Errorf("got an error while retrieving the applied connection settings, error: %s", err)
@@ -122,7 +122,7 @@ func (n *networkManagerDbusConfigurator) applyDNSConfig(config hostDNSConfig) er
 		searchDomains = append(searchDomains, dns.Fqdn(dConf.domain))
 	}
 
-	newDomainList := append(searchDomains, matchDomains...) //nolint:gocritic
+	newDomainList := append(searchDomains, matchDomains...)
 
 	priority := networkManagerDbusSearchDomainOnlyPriority
 	switch {
@@ -289,7 +289,12 @@ func isNetworkManagerSupportedVersion() bool {
 }
 
 func parseVersion(inputVersion string) (*version.Version, error) {
-	if inputVersion == "" || !nbversion.SemverRegexp.MatchString(inputVersion) {
+	reg, err := regexp.Compile(version.SemverRegexpRaw)
+	if err != nil {
+		return nil, err
+	}
+
+	if inputVersion == "" || !reg.MatchString(inputVersion) {
 		return nil, fmt.Errorf("couldn't parse the provided version: Not SemVer")
 	}
 

client/internal/dns/notifier.go

@@ -1,57 +0,0 @@
-package dns
-
-import (
-	"reflect"
-	"sort"
-	"sync"
-
-	"github.com/netbirdio/netbird/client/internal/listener"
-)
-
-type notifier struct {
-	listener      listener.NetworkChangeListener
-	listenerMux   sync.Mutex
-	searchDomains []string
-}
-
-func newNotifier(initialSearchDomains []string) *notifier {
-	sort.Strings(initialSearchDomains)
-	return &notifier{
-		searchDomains: initialSearchDomains,
-	}
-}
-
-func (n *notifier) setListener(listener listener.NetworkChangeListener) {
-	n.listenerMux.Lock()
-	defer n.listenerMux.Unlock()
-	n.listener = listener
-}
-
-func (n *notifier) onNewSearchDomains(searchDomains []string) {
-	sort.Strings(searchDomains)
-
-	if len(n.searchDomains) != len(searchDomains) {
-		n.searchDomains = searchDomains
-		n.notify()
-		return
-	}
-
-	if reflect.DeepEqual(n.searchDomains, searchDomains) {
-		return
-	}
-
-	n.searchDomains = searchDomains
-	n.notify()
-}
-
-func (n *notifier) notify() {
-	n.listenerMux.Lock()
-	defer n.listenerMux.Unlock()
-	if n.listener == nil {
-		return
-	}
-
-	go func(l listener.NetworkChangeListener) {
-		l.OnNetworkChanged()
-	}(n.listener)
-}

client/internal/dns/resolvconf_linux.go

@@ -3,9 +3,10 @@
 package dns
 
 import (
-	"bytes"
 	"fmt"
+	"os"
 	"os/exec"
+	"strings"
 
 	log "github.com/sirupsen/logrus"
 )
@@ -14,24 +15,11 @@ const resolvconfCommand = "resolvconf"
 
 type resolvconf struct {
 	ifaceName string
-
-	originalSearchDomains []string
-	originalNameServers   []string
-	othersConfigs         []string
 }
 
-// supported "openresolv" only
 func newResolvConfConfigurator(wgInterface WGIface) (hostManager, error) {
-	originalSearchDomains, nameServers, others, err := originalDNSConfigs("/etc/resolv.conf")
-	if err != nil {
-		log.Error(err)
-	}
-
 	return &resolvconf{
-		ifaceName:             wgInterface.Name(),
-		originalSearchDomains: originalSearchDomains,
-		originalNameServers:   nameServers,
-		othersConfigs:         others,
+		ifaceName: wgInterface.Name(),
 	}, nil
 }
 
@@ -39,7 +27,7 @@ func (r *resolvconf) supportCustomPort() bool {
 	return false
 }
 
-func (r *resolvconf) applyDNSConfig(config hostDNSConfig) error {
+func (r *resolvconf) applyDNSConfig(config HostDNSConfig) error {
 	var err error
 	if !config.routeAll {
 		err = r.restoreHostDNS()
@@ -49,20 +37,41 @@ func (r *resolvconf) applyDNSConfig(config hostDNSConfig) error {
 		return fmt.Errorf("unable to configure DNS for this peer using resolvconf manager without a nameserver group with all domains configured")
 	}
 
-	searchDomainList := searchDomains(config)
-	searchDomainList = mergeSearchDomains(searchDomainList, r.originalSearchDomains)
+	var searchDomains string
+	appendedDomains := 0
+	for _, dConf := range config.domains {
+		if dConf.matchOnly || dConf.disabled {
+			continue
+		}
 
-	buf := prepareResolvConfContent(
-		searchDomainList,
-		append([]string{config.serverIP}, r.originalNameServers...),
-		r.othersConfigs)
+		if appendedDomains >= fileMaxNumberOfSearchDomains {
+			// lets log all skipped domains
+			log.Infof("already appended %d domains to search list. Skipping append of %s domain", fileMaxNumberOfSearchDomains, dConf.domain)
+			continue
+		}
 
-	err = r.applyConfig(buf)
+		if fileSearchLineBeginCharCount+len(searchDomains) > fileMaxLineCharsLimit {
+			// lets log all skipped domains
+			log.Infof("search list line is larger than %d characters. Skipping append of %s domain", fileMaxLineCharsLimit, dConf.domain)
+			continue
+		}
+
+		searchDomains += " " + dConf.domain
+		appendedDomains++
+	}
+
+	originalContent, err := os.ReadFile(fileDefaultResolvConfBackupLocation)
+	if err != nil {
+		log.Errorf("Could not read existing resolv.conf")
+	}
+	content := fmt.Sprintf(fileGeneratedResolvConfContentFormat, fileDefaultResolvConfBackupLocation, config.serverIP, searchDomains, string(originalContent))
+
+	err = r.applyConfig(content)
 	if err != nil {
 		return err
 	}
 
-	log.Infof("added %d search domains. Search list: %s", len(searchDomainList), searchDomainList)
+	log.Infof("added %d search domains. Search list: %s", appendedDomains, searchDomains)
 	return nil
 }
 
@@ -75,12 +84,12 @@ func (r *resolvconf) restoreHostDNS() error {
 	return nil
 }
 
-func (r *resolvconf) applyConfig(content bytes.Buffer) error {
+func (r *resolvconf) applyConfig(content string) error {
 	cmd := exec.Command(resolvconfCommand, "-x", "-a", r.ifaceName)
-	cmd.Stdin = &content
+	cmd.Stdin = strings.NewReader(content)
 	_, err := cmd.Output()
 	if err != nil {
-		return fmt.Errorf("got an error while applying resolvconf configuration for %s interface, error: %s", r.ifaceName, err)
+		return fmt.Errorf("got an error while appying resolvconf configuration for %s interface, error: %s", r.ifaceName, err)
 	}
 	return nil
 }

client/internal/dns/server.go

@@ -4,13 +4,13 @@ import (
 	"context"
 	"fmt"
 	"net/netip"
+	"runtime"
 	"sync"
 
 	"github.com/miekg/dns"
 	"github.com/mitchellh/hashstructure/v2"
 	log "github.com/sirupsen/logrus"
 
-	"github.com/netbirdio/netbird/client/internal/listener"
 	nbdns "github.com/netbirdio/netbird/dns"
 )
 
@@ -19,14 +19,18 @@ type ReadyListener interface {
 	OnReady()
 }
 
+// IosDnsManager is a dns manager interface for iosß
+type IosDnsManager interface {
+	ApplyDns(string)
+}
+
 // Server is a dns server interface
 type Server interface {
-	Initialize() error
+	Initialize(manager IosDnsManager) error
 	Stop()
 	DnsIP() string
 	UpdateDNSServer(serial uint64, update nbdns.Config) error
 	OnUpdatedHostDNSServer(strings []string)
-	SearchDomains() []string
 }
 
 type registeredHandlerMap map[string]handlerWithStop
@@ -43,15 +47,15 @@ type DefaultServer struct {
 	hostManager        hostManager
 	updateSerial       uint64
 	previousConfigHash uint64
-	currentConfig      hostDNSConfig
+	currentConfig      HostDNSConfig
 
 	// permanent related properties
 	permanent        bool
 	hostsDnsList     []string
 	hostsDnsListLock sync.Mutex
 
-	// make sense on mobile only
-	searchDomainNotifier *notifier
+	interfaceName string
+	wgAddr        string
 }
 
 type handlerWithStop interface {
@@ -65,7 +69,7 @@ type muxUpdate struct {
 }
 
 // NewDefaultServer returns a new dns server
-func NewDefaultServer(ctx context.Context, wgInterface WGIface, customAddress string) (*DefaultServer, error) {
+func NewDefaultServer(ctx context.Context, wgInterface WGIface, customAddress string, interfaceName string, wgAddr string) (*DefaultServer, error) {
 	var addrPort *netip.AddrPort
 	if customAddress != "" {
 		parsedAddrPort, err := netip.ParseAddrPort(customAddress)
@@ -82,24 +86,21 @@ func NewDefaultServer(ctx context.Context, wgInterface WGIface, customAddress st
 		dnsService = newServiceViaListener(wgInterface, addrPort)
 	}
 
-	return newDefaultServer(ctx, wgInterface, dnsService), nil
+	return newDefaultServer(ctx, wgInterface, dnsService, interfaceName, wgAddr), nil
 }
 
 // NewDefaultServerPermanentUpstream returns a new dns server. It optimized for mobile systems
-func NewDefaultServerPermanentUpstream(ctx context.Context, wgInterface WGIface, hostsDnsList []string, config nbdns.Config, listener listener.NetworkChangeListener) *DefaultServer {
+func NewDefaultServerPermanentUpstream(ctx context.Context, wgInterface WGIface, hostsDnsList []string) *DefaultServer {
 	log.Debugf("host dns address list is: %v", hostsDnsList)
-	ds := newDefaultServer(ctx, wgInterface, newServiceViaMemory(wgInterface))
+	ds := newDefaultServer(ctx, wgInterface, newServiceViaMemory(wgInterface), "", "")
 	ds.permanent = true
 	ds.hostsDnsList = hostsDnsList
 	ds.addHostRootZone()
-	ds.currentConfig = dnsConfigToHostDNSConfig(config, ds.service.RuntimeIP(), ds.service.RuntimePort())
-	ds.searchDomainNotifier = newNotifier(ds.SearchDomains())
-	ds.searchDomainNotifier.setListener(listener)
 	setServerDns(ds)
 	return ds
 }
 
-func newDefaultServer(ctx context.Context, wgInterface WGIface, dnsService service) *DefaultServer {
+func newDefaultServer(ctx context.Context, wgInterface WGIface, dnsService service, interfaceName string, wgAddr string) *DefaultServer {
 	ctx, stop := context.WithCancel(ctx)
 	defaultServer := &DefaultServer{
 		ctx:       ctx,
@@ -109,14 +110,16 @@ func newDefaultServer(ctx context.Context, wgInterface WGIface, dnsService servi
 		localResolver: &localResolver{
 			registeredMap: make(registrationMap),
 		},
-		wgInterface: wgInterface,
+		wgInterface:   wgInterface,
+		interfaceName: interfaceName,
+		wgAddr:        wgAddr,
 	}
 
 	return defaultServer
 }
 
 // Initialize instantiate host manager and the dns service
-func (s *DefaultServer) Initialize() (err error) {
+func (s *DefaultServer) Initialize(manager IosDnsManager) (err error) {
 	s.mux.Lock()
 	defer s.mux.Unlock()
 
@@ -131,7 +134,11 @@ func (s *DefaultServer) Initialize() (err error) {
 		}
 	}
 
-	s.hostManager, err = newHostManager(s.wgInterface)
+	if runtime.GOOS == "ios" {
+		s.hostManager, err = newHostManager(nil, manager)
+	} else {
+		s.hostManager, err = newHostManager(s.wgInterface, nil)
+	}
 	return
 }
 
@@ -220,21 +227,6 @@ func (s *DefaultServer) UpdateDNSServer(serial uint64, update nbdns.Config) erro
 	}
 }
 
-func (s *DefaultServer) SearchDomains() []string {
-	var searchDomains []string
-
-	for _, dConf := range s.currentConfig.domains {
-		if dConf.disabled {
-			continue
-		}
-		if dConf.matchOnly {
-			continue
-		}
-		searchDomains = append(searchDomains, dConf.domain)
-	}
-	return searchDomains
-}
-
 func (s *DefaultServer) applyConfiguration(update nbdns.Config) error {
 	// is the service should be disabled, we stop the listener or fake resolver
 	// and proceed with a regular update to clean up the handlers and records
@@ -252,7 +244,7 @@ func (s *DefaultServer) applyConfiguration(update nbdns.Config) error {
 	if err != nil {
 		return fmt.Errorf("not applying dns update, error: %v", err)
 	}
-	muxUpdates := append(localMuxUpdates, upstreamMuxUpdates...) //nolint:gocritic
+	muxUpdates := append(localMuxUpdates, upstreamMuxUpdates...)
 
 	s.updateMux(muxUpdates)
 	s.updateLocalResolver(localRecords)
@@ -269,10 +261,6 @@ func (s *DefaultServer) applyConfiguration(update nbdns.Config) error {
 		log.Error(err)
 	}
 
-	if s.searchDomainNotifier != nil {
-		s.searchDomainNotifier.onNewSearchDomains(s.SearchDomains())
-	}
-
 	return nil
 }
 
@@ -312,10 +300,10 @@ func (s *DefaultServer) buildUpstreamHandlerUpdate(nameServerGroups []*nbdns.Nam
 			continue
 		}
 
-		handler := newUpstreamResolver(s.ctx)
+		handler := newUpstreamResolver(s.ctx, s.interfaceName, s.wgAddr)
 		for _, ns := range nsGroup.NameServers {
 			if ns.NSType != nbdns.UDPNameServerType {
-				log.Warnf("skipping nameserver %s with type %s, this peer supports only %s",
+				log.Warnf("skiping nameserver %s with type %s, this peer supports only %s",
 					ns.IP.String(), ns.NSType.String(), nbdns.UDPNameServerType.String())
 				continue
 			}
@@ -333,7 +321,7 @@ func (s *DefaultServer) buildUpstreamHandlerUpdate(nameServerGroups []*nbdns.Nam
 		// reapply DNS settings, but it not touch the original configuration and serial number
 		// because it is temporal deactivation until next try
 		//
-		// after some period defined by upstream it tries to reactivate self by calling this hook
+		// after some period defined by upstream it trys to reactivate self by calling this hook
 		// everything we need here is just to re-apply current configuration because it already
 		// contains this upstream settings (temporal deactivation not removed it)
 		handler.deactivate, handler.reactivate = s.upstreamCallbacks(nsGroup, handler)
@@ -485,21 +473,10 @@ func (s *DefaultServer) upstreamCallbacks(
 }
 
 func (s *DefaultServer) addHostRootZone() {
-	handler := newUpstreamResolver(s.ctx)
+	handler := newUpstreamResolver(s.ctx, s.interfaceName, s.wgAddr)
 	handler.upstreamServers = make([]string, len(s.hostsDnsList))
 	for n, ua := range s.hostsDnsList {
-		a, err := netip.ParseAddr(ua)
-		if err != nil {
-			log.Errorf("invalid upstream IP address: %s, error: %s", ua, err)
-			continue
-		}
-
-		ipString := ua
-		if !a.Is4() {
-			ipString = fmt.Sprintf("[%s]", ua)
-		}
-
-		handler.upstreamServers[n] = fmt.Sprintf("%s:53", ipString)
+		handler.upstreamServers[n] = fmt.Sprintf("%s:53", ua)
 	}
 	handler.deactivate = func() {}
 	handler.reactivate = func() {}

client/internal/dns/server_export_test.go

@@ -19,6 +19,6 @@ func TestGetServerDns(t *testing.T) {
 	}
 
 	if srvB != srv {
-		t.Errorf("mismatch dns instances")
+		t.Errorf("missmatch dns instances")
 	}
 }

client/internal/dns/server_test.go

@@ -322,9 +322,9 @@ func TestUpdateDNSServer(t *testing.T) {
 
 func TestDNSFakeResolverHandleUpdates(t *testing.T) {
 	ov := os.Getenv("NB_WG_KERNEL_DISABLED")
-	defer t.Setenv("NB_WG_KERNEL_DISABLED", ov)
+	defer os.Setenv("NB_WG_KERNEL_DISABLED", ov)
 
-	t.Setenv("NB_WG_KERNEL_DISABLED", "true")
+	_ = os.Setenv("NB_WG_KERNEL_DISABLED", "true")
 	newNet, err := stdnet.NewNet(nil)
 	if err != nil {
 		t.Errorf("create stdnet: %v", err)
@@ -339,7 +339,7 @@ func TestDNSFakeResolverHandleUpdates(t *testing.T) {
 
 	err = wgIface.Create()
 	if err != nil {
-		t.Errorf("create and init wireguard interface: %v", err)
+		t.Errorf("crate and init wireguard interface: %v", err)
 		return
 	}
 	defer func() {
@@ -527,7 +527,7 @@ func TestDNSServerUpstreamDeactivateCallback(t *testing.T) {
 			registeredMap: make(registrationMap),
 		},
 		hostManager: hostManager,
-		currentConfig: hostDNSConfig{
+		currentConfig: HostDNSConfig{
 			domains: []domainConfig{
 				{false, "domain0", false},
 				{false, "domain1", false},
@@ -537,7 +537,7 @@ func TestDNSServerUpstreamDeactivateCallback(t *testing.T) {
 	}
 
 	var domainsUpdate string
-	hostManager.applyDNSConfigFunc = func(config hostDNSConfig) error {
+	hostManager.applyDNSConfigFunc = func(config HostDNSConfig) error {
 		domains := []string{}
 		for _, item := range config.domains {
 			if item.disabled {
@@ -593,8 +593,7 @@ func TestDNSPermanent_updateHostDNS_emptyUpstream(t *testing.T) {
 	defer wgIFace.Close()
 
 	var dnsList []string
-	dnsConfig := nbdns.Config{}
-	dnsServer := NewDefaultServerPermanentUpstream(context.Background(), wgIFace, dnsList, dnsConfig, nil)
+	dnsServer := NewDefaultServerPermanentUpstream(context.Background(), wgIFace, dnsList)
 	err = dnsServer.Initialize()
 	if err != nil {
 		t.Errorf("failed to initialize DNS server: %v", err)
@@ -617,8 +616,8 @@ func TestDNSPermanent_updateUpstream(t *testing.T) {
 		t.Fatal("failed to initialize wg interface")
 	}
 	defer wgIFace.Close()
-	dnsConfig := nbdns.Config{}
-	dnsServer := NewDefaultServerPermanentUpstream(context.Background(), wgIFace, []string{"8.8.8.8"}, dnsConfig, nil)
+
+	dnsServer := NewDefaultServerPermanentUpstream(context.Background(), wgIFace, []string{"8.8.8.8"})
 	err = dnsServer.Initialize()
 	if err != nil {
 		t.Errorf("failed to initialize DNS server: %v", err)
@@ -709,8 +708,8 @@ func TestDNSPermanent_matchOnly(t *testing.T) {
 		t.Fatal("failed to initialize wg interface")
 	}
 	defer wgIFace.Close()
-	dnsConfig := nbdns.Config{}
-	dnsServer := NewDefaultServerPermanentUpstream(context.Background(), wgIFace, []string{"8.8.8.8"}, dnsConfig, nil)
+
+	dnsServer := NewDefaultServerPermanentUpstream(context.Background(), wgIFace, []string{"8.8.8.8"})
 	err = dnsServer.Initialize()
 	if err != nil {
 		t.Errorf("failed to initialize DNS server: %v", err)
@@ -771,11 +770,10 @@ func TestDNSPermanent_matchOnly(t *testing.T) {
 }
 
 func createWgInterfaceWithBind(t *testing.T) (*iface.WGIface, error) {
-	t.Helper()
 	ov := os.Getenv("NB_WG_KERNEL_DISABLED")
-	defer t.Setenv("NB_WG_KERNEL_DISABLED", ov)
+	defer os.Setenv("NB_WG_KERNEL_DISABLED", ov)
 
-	t.Setenv("NB_WG_KERNEL_DISABLED", "true")
+	_ = os.Setenv("NB_WG_KERNEL_DISABLED", "true")
 	newNet, err := stdnet.NewNet(nil)
 	if err != nil {
 		t.Fatalf("create stdnet: %v", err)
@@ -790,7 +788,7 @@ func createWgInterfaceWithBind(t *testing.T) (*iface.WGIface, error) {
 
 	err = wgIface.Create()
 	if err != nil {
-		t.Fatalf("create and init wireguard interface: %v", err)
+		t.Fatalf("crate and init wireguard interface: %v", err)
 		return nil, err
 	}
 

client/internal/dns/systemd_linux.go

@@ -81,7 +81,7 @@ func (s *systemdDbusConfigurator) supportCustomPort() bool {
 	return true
 }
 
-func (s *systemdDbusConfigurator) applyDNSConfig(config hostDNSConfig) error {
+func (s *systemdDbusConfigurator) applyDNSConfig(config HostDNSConfig) error {
 	parsedIP, err := netip.ParseAddr(config.serverIP)
 	if err != nil {
 		return fmt.Errorf("unable to parse ip address, error: %s", err)

client/internal/dns/upstream.go

@@ -5,13 +5,16 @@ import (
 	"errors"
 	"fmt"
 	"net"
+	"runtime"
 	"sync"
 	"sync/atomic"
+	"syscall"
 	"time"
 
 	"github.com/cenkalti/backoff/v4"
 	"github.com/miekg/dns"
 	log "github.com/sirupsen/logrus"
+	"golang.org/x/sys/unix"
 )
 
 const (
@@ -35,25 +38,95 @@ type upstreamResolver struct {
 	mutex            sync.Mutex
 	reactivatePeriod time.Duration
 	upstreamTimeout  time.Duration
+	lIP              net.IP
+	lName            string
+	iIndex           int
 
 	deactivate func()
 	reactivate func()
 }
 
-func newUpstreamResolver(parentCTX context.Context) *upstreamResolver {
+// func newUpstreamResolver(parentCTX context.Context) *upstreamResolver {
+// 	ctx, cancel := context.WithCancel(parentCTX)
+// 	return &upstreamResolver{
+// 		ctx:              ctx,
+// 		cancel:           cancel,
+// 		upstreamClient:   &dns.Client{},
+// 		upstreamTimeout:  upstreamTimeout,
+// 		reactivatePeriod: reactivatePeriod,
+// 		failsTillDeact:   failsTillDeact,
+// 	}
+// }
+
+func getInterfaceIndex(interfaceName string) (int, error) {
+	iface, err := net.InterfaceByName(interfaceName)
+	if err != nil {
+		log.Errorf("unable to get interface by name error: %s", err)
+		return 0, err
+	}
+
+	return iface.Index, nil
+}
+
+func newUpstreamResolver(parentCTX context.Context, interfaceName string, wgAddr string) *upstreamResolver {
 	ctx, cancel := context.WithCancel(parentCTX)
+
+	// Specify the local IP address you want to bind to
+	localIP, _, err := net.ParseCIDR(wgAddr) // Should be our interface IP
+	if err != nil {
+		log.Errorf("error while parsing CIDR: %s", err)
+	}
+	index, err := getInterfaceIndex(interfaceName)
+	log.Debugf("UpstreamResolver interface name: %s, index: %d, ip: %s", interfaceName, index, localIP)
+	if err != nil {
+		log.Debugf("unable to get interface index for %s: %s", interfaceName, err)
+	}
+	localIFaceIndex := index // Should be our interface index
+
 	return &upstreamResolver{
 		ctx:              ctx,
 		cancel:           cancel,
-		upstreamClient:   &dns.Client{},
 		upstreamTimeout:  upstreamTimeout,
 		reactivatePeriod: reactivatePeriod,
 		failsTillDeact:   failsTillDeact,
+		lIP:              localIP,
+		iIndex:           localIFaceIndex,
+		lName:            interfaceName,
 	}
 }
 
+func (u *upstreamResolver) getClient() *dns.Client {
+	dialer := &net.Dialer{
+		LocalAddr: &net.UDPAddr{
+			IP:   u.lIP,
+			Port: 0, // Let the OS pick a free port
+		},
+		Timeout: upstreamTimeout,
+		Control: func(network, address string, c syscall.RawConn) error {
+			var operr error
+			fn := func(s uintptr) {
+				operr = unix.SetsockoptInt(int(s), unix.IPPROTO_IP, unix.IP_BOUND_IF, u.iIndex)
+			}
+
+			if err := c.Control(fn); err != nil {
+				return err
+			}
+
+			if operr != nil {
+				log.Errorf("error while setting socket option: %s", operr)
+			}
+
+			return operr
+		},
+	}
+	client := &dns.Client{
+		Dialer: dialer,
+	}
+	return client
+}
+
 func (u *upstreamResolver) stop() {
-	log.Debugf("stopping serving DNS for upstreams %s", u.upstreamServers)
+	log.Debugf("stoping serving DNS for upstreams %s", u.upstreamServers)
 	u.cancel()
 }
 
@@ -61,7 +134,7 @@ func (u *upstreamResolver) stop() {
 func (u *upstreamResolver) ServeDNS(w dns.ResponseWriter, r *dns.Msg) {
 	defer u.checkUpstreamFails()
 
-	log.WithField("question", r.Question[0]).Trace("received an upstream question")
+	//log.WithField("question", r.Question[0]).Debug("received an upstream question")
 
 	select {
 	case <-u.ctx.Done():
@@ -70,10 +143,20 @@ func (u *upstreamResolver) ServeDNS(w dns.ResponseWriter, r *dns.Msg) {
 	}
 
 	for _, upstream := range u.upstreamServers {
-		ctx, cancel := context.WithTimeout(u.ctx, u.upstreamTimeout)
-		rm, t, err := u.upstreamClient.ExchangeContext(ctx, r, upstream)
-
-		cancel()
+		var (
+			err error
+			t   time.Duration
+			rm  *dns.Msg
+		)
+		upstreamExchangeClient := u.getClient()
+		if runtime.GOOS != "ios" {
+			ctx, cancel := context.WithTimeout(u.ctx, u.upstreamTimeout)
+			rm, t, err = upstreamExchangeClient.ExchangeContext(ctx, r, upstream)
+			cancel()
+		} else {
+			log.Debugf("ios upstream resolver: %s", upstream)
+			rm, t, err = upstreamExchangeClient.Exchange(r, upstream)
+		}
 
 		if err != nil {
 			if err == context.DeadlineExceeded || isTimeout(err) {
@@ -83,11 +166,11 @@ func (u *upstreamResolver) ServeDNS(w dns.ResponseWriter, r *dns.Msg) {
 			}
 			u.failsCount.Add(1)
 			log.WithError(err).WithField("upstream", upstream).
-				Error("got an error while querying the upstream")
+				Error("got other error while querying the upstream")
 			return
 		}
 
-		log.Tracef("took %s to query the upstream %s", t, upstream)
+		log.Debugf("took %s to query the upstream %s", t, upstream)
 
 		err = w.WriteMsg(rm)
 		if err != nil {
@@ -118,10 +201,11 @@ func (u *upstreamResolver) checkUpstreamFails() {
 	case <-u.ctx.Done():
 		return
 	default:
-		log.Warnf("upstream resolving is disabled for %v", reactivatePeriod)
-		u.deactivate()
-		u.disabled = true
-		go u.waitUntilResponse()
+		//todo test the deactivation logic, it seems to affect the client
+		//log.Warnf("upstream resolving is disabled for %v", reactivatePeriod)
+		//u.deactivate()
+		//u.disabled = true
+		//go u.waitUntilResponse()
 	}
 }
 

client/internal/ebpf/ebpf/manager_linux.go

@@ -50,7 +50,7 @@ func GetEbpfManagerInstance() manager.Manager {
 }
 
 func (tf *GeneralManager) setFeatureFlag(feature uint16) {
-	tf.featureFlags |= feature
+	tf.featureFlags = tf.featureFlags | feature
 }
 
 func (tf *GeneralManager) loadXdp() error {

client/internal/ebpf/ebpf/manager_linux_test.go

@@ -8,12 +8,12 @@ func TestManager_setFeatureFlag(t *testing.T) {
 	mgr := GeneralManager{}
 	mgr.setFeatureFlag(featureFlagWGProxy)
 	if mgr.featureFlags != 1 {
-		t.Errorf("invalid feature state")
+		t.Errorf("invalid faeture state")
 	}
 
 	mgr.setFeatureFlag(featureFlagDnsForwarder)
 	if mgr.featureFlags != 3 {
-		t.Errorf("invalid feature state")
+		t.Errorf("invalid faeture state")
 	}
 }
 
@@ -27,7 +27,7 @@ func TestManager_unsetFeatureFlag(t *testing.T) {
 		t.Errorf("unexpected error: %s", err)
 	}
 	if mgr.featureFlags != 2 {
-		t.Errorf("invalid feature state, expected: %d, got: %d", 2, mgr.featureFlags)
+		t.Errorf("invalid faeture state, expected: %d, got: %d", 2, mgr.featureFlags)
 	}
 
 	err = mgr.unsetFeatureFlag(featureFlagDnsForwarder)
@@ -35,6 +35,6 @@ func TestManager_unsetFeatureFlag(t *testing.T) {
 		t.Errorf("unexpected error: %s", err)
 	}
 	if mgr.featureFlags != 0 {
-		t.Errorf("invalid feature state, expected: %d, got: %d", 0, mgr.featureFlags)
+		t.Errorf("invalid faeture state, expected: %d, got: %d", 0, mgr.featureFlags)
 	}
 }

client/internal/engine.go

@@ -195,34 +195,40 @@ func (e *Engine) Start() error {
 	var routes []*route.Route
 
 	if runtime.GOOS == "android" {
-		var dnsConfig *nbdns.Config
-		routes, dnsConfig, err = e.readInitialSettings()
+		routes, err = e.readInitialSettings()
 		if err != nil {
 			return err
 		}
 		if e.dnsServer == nil {
-			e.dnsServer = dns.NewDefaultServerPermanentUpstream(e.ctx, e.wgInterface, e.mobileDep.HostDNSAddresses, *dnsConfig, e.mobileDep.NetworkChangeListener)
+			e.dnsServer = dns.NewDefaultServerPermanentUpstream(e.ctx, e.wgInterface, e.mobileDep.HostDNSAddresses)
 			go e.mobileDep.DnsReadyListener.OnReady()
 		}
-	} else if e.dnsServer == nil {
+	} else {
 		// todo fix custom address
-		e.dnsServer, err = dns.NewDefaultServer(e.ctx, e.wgInterface, e.config.CustomDNSAddress)
-		if err != nil {
-			e.close()
-			return err
+		if e.dnsServer == nil {
+			e.dnsServer, err = dns.NewDefaultServer(e.ctx, e.wgInterface, e.config.CustomDNSAddress, e.mobileDep.InterfaceName, wgAddr)
+			if err != nil {
+				e.close()
+				return err
+			}
 		}
 	}
 
+	log.Debugf("Initial routes contain %d routes", len(routes))
 	e.routeManager = routemanager.NewManager(e.ctx, e.config.WgPrivateKey.PublicKey().String(), e.wgInterface, e.statusRecorder, routes)
-	e.routeManager.SetRouteChangeListener(e.mobileDep.NetworkChangeListener)
+	e.mobileDep.RouteListener.SetInterfaceIP(wgAddr)
 
-	if runtime.GOOS == "android" {
-		err = e.wgInterface.CreateOnMobile(iface.MobileIFaceArguments{
-			Routes:        e.routeManager.InitialRouteRange(),
-			Dns:           e.dnsServer.DnsIP(),
-			SearchDomains: e.dnsServer.SearchDomains(),
+	e.routeManager.SetRouteChangeListener(e.mobileDep.RouteListener)
+
+	switch runtime.GOOS {
+	case "android":
+		err = e.wgInterface.CreateOnAndroid(iface.MobileIFaceArguments{
+			Routes: e.routeManager.InitialRouteRange(),
+			Dns:    e.dnsServer.DnsIP(),
 		})
-	} else {
+	case "ios":
+		err = e.wgInterface.CreateOniOS(e.mobileDep.FileDescriptor)
+	default:
 		err = e.wgInterface.Create()
 	}
 	if err != nil {
@@ -264,7 +270,11 @@ func (e *Engine) Start() error {
 		e.acl = acl
 	}
 
-	err = e.dnsServer.Initialize()
+	if runtime.GOOS == "ios" {
+		err = e.dnsServer.Initialize(e.mobileDep.DnsManager)
+	} else {
+		err = e.dnsServer.Initialize(nil)
+	}
 	if err != nil {
 		e.close()
 		return err
@@ -466,7 +476,7 @@ func (e *Engine) updateSSH(sshConf *mgmProto.SSHConfig) error {
 		}
 		// start SSH server if it wasn't running
 		if isNil(e.sshServer) {
-			//nil sshServer means it has not yet been started
+			// nil sshServer means it has not yet been started
 			var err error
 			e.sshServer, err = e.sshServerFunc(e.config.SSHKey,
 				fmt.Sprintf("%s:%d", e.wgInterface.Address().IP.String(), nbssh.DefaultSSHPort))
@@ -488,13 +498,15 @@ func (e *Engine) updateSSH(sshConf *mgmProto.SSHConfig) error {
 		} else {
 			log.Debugf("SSH server is already running")
 		}
-	} else if !isNil(e.sshServer) {
+	} else {
 		// Disable SSH server request, so stop it if it was running
-		err := e.sshServer.Stop()
-		if err != nil {
-			log.Warnf("failed to stop SSH server %v", err)
+		if !isNil(e.sshServer) {
+			err := e.sshServer.Stop()
+			if err != nil {
+				log.Warnf("failed to stop SSH server %v", err)
+			}
+			e.sshServer = nil
 		}
-		e.sshServer = nil
 	}
 	return nil
 }
@@ -636,7 +648,7 @@ func (e *Engine) updateNetworkMap(networkMap *mgmProto.NetworkMap) error {
 				if config.GetSshConfig() != nil && config.GetSshConfig().GetSshPubKey() != nil {
 					err := e.sshServer.AddAuthorizedKey(config.WgPubKey, string(config.GetSshConfig().GetSshPubKey()))
 					if err != nil {
-						log.Warnf("failed adding authorized key to SSH DefaultServer %v", err)
+						log.Warnf("failed adding authroized key to SSH DefaultServer %v", err)
 					}
 				}
 			}
@@ -712,9 +724,8 @@ func toDNSConfig(protoDNSConfig *mgmProto.DNSConfig) nbdns.Config {
 
 	for _, nsGroup := range protoDNSConfig.GetNameServerGroups() {
 		dnsNSGroup := &nbdns.NameServerGroup{
-			Primary:              nsGroup.GetPrimary(),
-			Domains:              nsGroup.GetDomains(),
-			SearchDomainsEnabled: nsGroup.GetSearchDomainsEnabled(),
+			Primary: nsGroup.GetPrimary(),
+			Domains: nsGroup.GetDomains(),
 		}
 		for _, ns := range nsGroup.GetNameServers() {
 			dnsNS := nbdns.NameServer{
@@ -1049,14 +1060,13 @@ func (e *Engine) close() {
 	}
 }
 
-func (e *Engine) readInitialSettings() ([]*route.Route, *nbdns.Config, error) {
+func (e *Engine) readInitialSettings() ([]*route.Route, error) {
 	netMap, err := e.mgmClient.GetNetworkMap()
 	if err != nil {
-		return nil, nil, err
+		return nil, err
 	}
 	routes := toRoutes(netMap.GetRoutes())
-	dnsCfg := toDNSConfig(netMap.GetDNSConfig())
-	return routes, &dnsCfg, nil
+	return routes, nil
 }
 
 func findIPFromInterfaceName(ifaceName string) (net.IP, error) {

client/internal/engine_test.go

@@ -869,7 +869,7 @@ loop:
 		case <-ticker.C:
 			totalConnected := 0
 			for _, engine := range engines {
-				totalConnected += getConnectedPeers(engine)
+				totalConnected = totalConnected + getConnectedPeers(engine)
 			}
 			if totalConnected == expectedConnected {
 				log.Infof("total connected=%d", totalConnected)
@@ -1039,12 +1039,11 @@ func startManagement(dataDir string) (*grpc.Server, string, error) {
 		return nil, "", err
 	}
 	s := grpc.NewServer(grpc.KeepaliveEnforcementPolicy(kaep), grpc.KeepaliveParams(kasp))
-	store, err := server.NewStoreFromJson(config.Datadir, nil)
+	store, err := server.NewFileStore(config.Datadir, nil)
 	if err != nil {
-		return nil, "", err
+		log.Fatalf("failed creating a store: %s: %v", config.Datadir, err)
 	}
-
-	peersUpdateManager := server.NewPeersUpdateManager(nil)
+	peersUpdateManager := server.NewPeersUpdateManager()
 	eventStore := &activity.InMemoryEventStore{}
 	if err != nil {
 		return nil, "", err

client/internal/listener/network_change.go

@@ -1,7 +0,0 @@
-package listener
-
-// NetworkChangeListener is a callback interface for mobile system
-type NetworkChangeListener interface {
-	// OnNetworkChanged invoke when network settings has been changed
-	OnNetworkChanged()
-}

client/internal/mobile_dependency.go

@@ -2,16 +2,19 @@ package internal
 
 import (
 	"github.com/netbirdio/netbird/client/internal/dns"
-	"github.com/netbirdio/netbird/client/internal/listener"
+	"github.com/netbirdio/netbird/client/internal/routemanager"
 	"github.com/netbirdio/netbird/client/internal/stdnet"
 	"github.com/netbirdio/netbird/iface"
 )
 
 // MobileDependency collect all dependencies for mobile platform
 type MobileDependency struct {
-	TunAdapter            iface.TunAdapter
-	IFaceDiscover         stdnet.ExternalIFaceDiscover
-	NetworkChangeListener listener.NetworkChangeListener
-	HostDNSAddresses      []string
-	DnsReadyListener      dns.ReadyListener
+	TunAdapter       iface.TunAdapter
+	IFaceDiscover    stdnet.ExternalIFaceDiscover
+	RouteListener    routemanager.RouteListener
+	HostDNSAddresses []string
+	DnsReadyListener dns.ReadyListener
+	DnsManager       dns.IosDnsManager
+	FileDescriptor   int32
+	InterfaceName    string
 }

client/internal/peer/conn.go

@@ -242,7 +242,7 @@ func (conn *Conn) Open() error {
 	}
 	err := conn.statusRecorder.UpdatePeerState(peerState)
 	if err != nil {
-		log.Warnf("error while updating the state of peer %s,err: %v", conn.config.Key, err)
+		log.Warnf("erro while updating the state of peer %s,err: %v", conn.config.Key, err)
 	}
 
 	defer func() {
@@ -301,7 +301,7 @@ func (conn *Conn) Open() error {
 	}
 	err = conn.statusRecorder.UpdatePeerState(peerState)
 	if err != nil {
-		log.Warnf("error while updating the state of peer %s,err: %v", conn.config.Key, err)
+		log.Warnf("erro while updating the state of peer %s,err: %v", conn.config.Key, err)
 	}
 
 	err = conn.agent.GatherCandidates()

client/internal/peer/status.go

@@ -174,13 +174,13 @@ func (d *Status) UpdatePeerState(receivedState State) error {
 	return nil
 }
 
-func shouldSkipNotify(received, curr State) bool {
+func shouldSkipNotify(new, curr State) bool {
 	switch {
-	case received.ConnStatus == StatusConnecting:
+	case new.ConnStatus == StatusConnecting:
 		return true
-	case received.ConnStatus == StatusDisconnected && curr.ConnStatus == StatusConnecting:
+	case new.ConnStatus == StatusDisconnected && curr.ConnStatus == StatusConnecting:
 		return true
-	case received.ConnStatus == StatusDisconnected && curr.ConnStatus == StatusDisconnected:
+	case new.ConnStatus == StatusDisconnected && curr.ConnStatus == StatusDisconnected:
 		return curr.IP != ""
 	default:
 		return false

client/internal/routemanager/client.go

@@ -12,8 +12,6 @@ import (
 	"github.com/netbirdio/netbird/route"
 )
 
-const minRangeBits = 7
-
 type routerPeerStatus struct {
 	connected bool
 	relayed   bool
@@ -121,7 +119,7 @@ func (c *clientNetwork) getBestRouteFromStatuses(routePeerStatuses map[string]ro
 		log.Warnf("the network %s has not been assigned a routing peer as no peers from the list %s are currently connected", c.network, peers)
 
 	} else if chosen != currID {
-		log.Infof("new chosen route is %s with peer %s with score %d for network %s", chosen, c.routes[chosen].Peer, chosenScore, c.network)
+		log.Infof("new chosen route is %s with peer %s with score %d", chosen, c.routes[chosen].Peer, chosenScore)
 	}
 
 	return chosen

client/internal/routemanager/firewall_ios.go

@@ -0,0 +1,31 @@
+//go:build ios
+
+package routemanager
+
+import (
+	"context"
+)
+
+// newFirewall returns a nil manager
+func newFirewall(context.Context) (firewallManager, error) {
+	return iOSFirewallManager{}, nil
+}
+
+type iOSFirewallManager struct {
+}
+
+func (i iOSFirewallManager) RestoreOrCreateContainers() error {
+	return nil
+}
+
+func (i iOSFirewallManager) InsertRoutingRules(pair routerPair) error {
+	return nil
+}
+
+func (i iOSFirewallManager) RemoveRoutingRules(pair routerPair) error {
+	return nil
+}
+
+func (i iOSFirewallManager) CleanRoutingRules() {
+	return
+}

client/internal/routemanager/firewall_nonlinux.go

@@ -1,5 +1,5 @@
-//go:build !linux
-// +build !linux
+//go:build !linux && !ios
+// +build !linux,!ios
 
 package routemanager
 

client/internal/routemanager/iptables_linux.go

@@ -173,7 +173,7 @@ func (i *iptablesManager) addJumpRules() error {
 		return err
 	}
 	if i.ipv4Client != nil {
-		rule := append(iptablesDefaultForwardingRule, ipv4Forwarding) //nolint:gocritic
+		rule := append(iptablesDefaultForwardingRule, ipv4Forwarding)
 
 		err = i.ipv4Client.Insert(iptablesFilterTable, iptablesForwardChain, 1, rule...)
 		if err != nil {
@@ -181,7 +181,7 @@ func (i *iptablesManager) addJumpRules() error {
 		}
 		i.rules[ipv4][ipv4Forwarding] = rule
 
-		rule = append(iptablesDefaultNatRule, ipv4Nat) //nolint:gocritic
+		rule = append(iptablesDefaultNatRule, ipv4Nat)
 		err = i.ipv4Client.Insert(iptablesNatTable, iptablesPostRoutingChain, 1, rule...)
 		if err != nil {
 			return err
@@ -190,14 +190,14 @@ func (i *iptablesManager) addJumpRules() error {
 	}
 
 	if i.ipv6Client != nil {
-		rule := append(iptablesDefaultForwardingRule, ipv6Forwarding) //nolint:gocritic
+		rule := append(iptablesDefaultForwardingRule, ipv6Forwarding)
 		err = i.ipv6Client.Insert(iptablesFilterTable, iptablesForwardChain, 1, rule...)
 		if err != nil {
 			return err
 		}
 		i.rules[ipv6][ipv6Forwarding] = rule
 
-		rule = append(iptablesDefaultNatRule, ipv6Nat) //nolint:gocritic
+		rule = append(iptablesDefaultNatRule, ipv6Nat)
 		err = i.ipv6Client.Insert(iptablesNatTable, iptablesPostRoutingChain, 1, rule...)
 		if err != nil {
 			return err

client/internal/routemanager/manager.go

@@ -7,7 +7,6 @@ import (
 
 	log "github.com/sirupsen/logrus"
 
-	"github.com/netbirdio/netbird/client/internal/listener"
 	"github.com/netbirdio/netbird/client/internal/peer"
 	"github.com/netbirdio/netbird/iface"
 	"github.com/netbirdio/netbird/route"
@@ -17,7 +16,7 @@ import (
 // Manager is a route manager interface
 type Manager interface {
 	UpdateRoutes(updateSerial uint64, newRoutes []*route.Route) error
-	SetRouteChangeListener(listener listener.NetworkChangeListener)
+	SetRouteChangeListener(listener RouteListener)
 	InitialRouteRange() []string
 	Stop()
 }
@@ -97,7 +96,7 @@ func (m *DefaultManager) UpdateRoutes(updateSerial uint64, newRoutes []*route.Ro
 }
 
 // SetRouteChangeListener set RouteListener for route change notifier
-func (m *DefaultManager) SetRouteChangeListener(listener listener.NetworkChangeListener) {
+func (m *DefaultManager) SetRouteChangeListener(listener RouteListener) {
 	m.notifier.setListener(listener)
 }
 
@@ -155,8 +154,8 @@ func (m *DefaultManager) classifiesRoutes(newRoutes []*route.Route) (map[string]
 		if !ownNetworkIDs[networkID] {
 			// if prefix is too small, lets assume is a possible default route which is not yet supported
 			// we skip this route management
-			if newRoute.Network.Bits() < minRangeBits {
-				log.Errorf("this agent version: %s, doesn't support default routes, received %s, skipping this route",
+			if newRoute.Network.Bits() < 7 {
+				log.Errorf("this agent version: %s, doesn't support default routes, received %s, skiping this route",
 					version.NetbirdVersion(), newRoute.Network)
 				continue
 			}

client/internal/routemanager/mock.go

@@ -4,7 +4,6 @@ import (
 	"context"
 	"fmt"
 
-	"github.com/netbirdio/netbird/client/internal/listener"
 	"github.com/netbirdio/netbird/iface"
 	"github.com/netbirdio/netbird/route"
 )
@@ -33,7 +32,7 @@ func (m *MockManager) Start(ctx context.Context, iface *iface.WGIface) {
 }
 
 // SetRouteChangeListener mock implementation of SetRouteChangeListener from Manager interface
-func (m *MockManager) SetRouteChangeListener(listener listener.NetworkChangeListener) {
+func (m *MockManager) SetRouteChangeListener(listener RouteListener) {
 
 }
 

client/internal/routemanager/nftables_linux.go

@@ -135,8 +135,7 @@ func (n *nftablesManager) RestoreOrCreateContainers() error {
 	}
 
 	for _, table := range tables {
-		if table.Name == "filter" && table.Family == nftables.TableFamilyIPv4 {
-			log.Debugf("nftables: found filter table for ipv4")
+		if table.Name == "filter" {
 			n.filterTable = table
 			continue
 		}
@@ -300,7 +299,7 @@ func (n *nftablesManager) acceptForwardRule(sourceNetwork string) error {
 	dst := generateCIDRMatcherExpressions("destination", "0.0.0.0/0")
 
 	var exprs []expr.Any
-	exprs = append(src, append(dst, &expr.Verdict{ //nolint:gocritic
+	exprs = append(src, append(dst, &expr.Verdict{
 		Kind: expr.VerdictAccept,
 	})...)
 
@@ -322,7 +321,7 @@ func (n *nftablesManager) acceptForwardRule(sourceNetwork string) error {
 	src = generateCIDRMatcherExpressions("source", "0.0.0.0/0")
 	dst = generateCIDRMatcherExpressions("destination", sourceNetwork)
 
-	exprs = append(src, append(dst, &expr.Verdict{ //nolint:gocritic
+	exprs = append(src, append(dst, &expr.Verdict{
 		Kind: expr.VerdictAccept,
 	})...)
 
@@ -421,9 +420,9 @@ func (n *nftablesManager) insertRoutingRule(format, chain string, pair routerPai
 
 	var expression []expr.Any
 	if isNat {
-		expression = append(sourceExp, append(destExp, &expr.Counter{}, &expr.Masq{})...) //nolint:gocritic
+		expression = append(sourceExp, append(destExp, &expr.Counter{}, &expr.Masq{})...)
 	} else {
-		expression = append(sourceExp, append(destExp, exprCounterAccept...)...) //nolint:gocritic
+		expression = append(sourceExp, append(destExp, exprCounterAccept...)...)
 	}
 
 	ruleKey := genKey(format, pair.ID)
@@ -487,7 +486,7 @@ func (n *nftablesManager) RemoveRoutingRules(pair routerPair) error {
 	if len(n.rules) == 2 && n.defaultForwardRules[0] != nil {
 		err := n.eraseDefaultForwardRule()
 		if err != nil {
-			log.Errorf("failed to delete default fwd rule: %s", err)
+			log.Errorf("failed to delte default fwd rule: %s", err)
 		}
 	}
 

client/internal/routemanager/nftables_linux_test.go

@@ -44,7 +44,7 @@ func TestNftablesManager_RestoreOrCreateContainers(t *testing.T) {
 	sourceExp := generateCIDRMatcherExpressions("source", pair.source)
 	destExp := generateCIDRMatcherExpressions("destination", pair.destination)
 
-	forward4Exp := append(sourceExp, append(destExp, exprCounterAccept...)...) //nolint:gocritic
+	forward4Exp := append(sourceExp, append(destExp, exprCounterAccept...)...)
 	forward4RuleKey := genKey(forwardingFormat, pair.ID)
 	inserted4Forwarding := nftablesTestingClient.InsertRule(&nftables.Rule{
 		Table:    manager.tableIPv4,
@@ -53,7 +53,7 @@ func TestNftablesManager_RestoreOrCreateContainers(t *testing.T) {
 		UserData: []byte(forward4RuleKey),
 	})
 
-	nat4Exp := append(sourceExp, append(destExp, &expr.Counter{}, &expr.Masq{})...) //nolint:gocritic
+	nat4Exp := append(sourceExp, append(destExp, &expr.Counter{}, &expr.Masq{})...)
 	nat4RuleKey := genKey(natFormat, pair.ID)
 
 	inserted4Nat := nftablesTestingClient.InsertRule(&nftables.Rule{
@@ -76,7 +76,7 @@ func TestNftablesManager_RestoreOrCreateContainers(t *testing.T) {
 	sourceExp = generateCIDRMatcherExpressions("source", pair.source)
 	destExp = generateCIDRMatcherExpressions("destination", pair.destination)
 
-	forward6Exp := append(sourceExp, append(destExp, exprCounterAccept...)...) //nolint:gocritic
+	forward6Exp := append(sourceExp, append(destExp, exprCounterAccept...)...)
 	forward6RuleKey := genKey(forwardingFormat, pair.ID)
 	inserted6Forwarding := nftablesTestingClient.InsertRule(&nftables.Rule{
 		Table:    manager.tableIPv6,
@@ -85,7 +85,7 @@ func TestNftablesManager_RestoreOrCreateContainers(t *testing.T) {
 		UserData: []byte(forward6RuleKey),
 	})
 
-	nat6Exp := append(sourceExp, append(destExp, &expr.Counter{}, &expr.Masq{})...) //nolint:gocritic
+	nat6Exp := append(sourceExp, append(destExp, &expr.Counter{}, &expr.Masq{})...)
 	nat6RuleKey := genKey(natFormat, pair.ID)
 
 	inserted6Nat := nftablesTestingClient.InsertRule(&nftables.Rule{
@@ -149,7 +149,7 @@ func TestNftablesManager_InsertRoutingRules(t *testing.T) {
 
 			sourceExp := generateCIDRMatcherExpressions("source", testCase.inputPair.source)
 			destExp := generateCIDRMatcherExpressions("destination", testCase.inputPair.destination)
-			testingExpression := append(sourceExp, destExp...) //nolint:gocritic
+			testingExpression := append(sourceExp, destExp...)
 			fwdRuleKey := genKey(forwardingFormat, testCase.inputPair.ID)
 
 			found := 0
@@ -188,7 +188,7 @@ func TestNftablesManager_InsertRoutingRules(t *testing.T) {
 
 			sourceExp = generateCIDRMatcherExpressions("source", getInPair(testCase.inputPair).source)
 			destExp = generateCIDRMatcherExpressions("destination", getInPair(testCase.inputPair).destination)
-			testingExpression = append(sourceExp, destExp...) //nolint:gocritic
+			testingExpression = append(sourceExp, destExp...)
 			inFwdRuleKey := genKey(inForwardingFormat, testCase.inputPair.ID)
 
 			found = 0
@@ -252,7 +252,7 @@ func TestNftablesManager_RemoveRoutingRules(t *testing.T) {
 			sourceExp := generateCIDRMatcherExpressions("source", testCase.inputPair.source)
 			destExp := generateCIDRMatcherExpressions("destination", testCase.inputPair.destination)
 
-			forwardExp := append(sourceExp, append(destExp, exprCounterAccept...)...) //nolint:gocritic
+			forwardExp := append(sourceExp, append(destExp, exprCounterAccept...)...)
 			forwardRuleKey := genKey(forwardingFormat, testCase.inputPair.ID)
 			insertedForwarding := nftablesTestingClient.InsertRule(&nftables.Rule{
 				Table:    table,
@@ -261,7 +261,7 @@ func TestNftablesManager_RemoveRoutingRules(t *testing.T) {
 				UserData: []byte(forwardRuleKey),
 			})
 
-			natExp := append(sourceExp, append(destExp, &expr.Counter{}, &expr.Masq{})...) //nolint:gocritic
+			natExp := append(sourceExp, append(destExp, &expr.Counter{}, &expr.Masq{})...)
 			natRuleKey := genKey(natFormat, testCase.inputPair.ID)
 
 			insertedNat := nftablesTestingClient.InsertRule(&nftables.Rule{
@@ -274,7 +274,7 @@ func TestNftablesManager_RemoveRoutingRules(t *testing.T) {
 			sourceExp = generateCIDRMatcherExpressions("source", getInPair(testCase.inputPair).source)
 			destExp = generateCIDRMatcherExpressions("destination", getInPair(testCase.inputPair).destination)
 
-			forwardExp = append(sourceExp, append(destExp, exprCounterAccept...)...) //nolint:gocritic
+			forwardExp = append(sourceExp, append(destExp, exprCounterAccept...)...)
 			inForwardRuleKey := genKey(inForwardingFormat, testCase.inputPair.ID)
 			insertedInForwarding := nftablesTestingClient.InsertRule(&nftables.Rule{
 				Table:    table,
@@ -283,7 +283,7 @@ func TestNftablesManager_RemoveRoutingRules(t *testing.T) {
 				UserData: []byte(inForwardRuleKey),
 			})
 
-			natExp = append(sourceExp, append(destExp, &expr.Counter{}, &expr.Masq{})...) //nolint:gocritic
+			natExp = append(sourceExp, append(destExp, &expr.Counter{}, &expr.Masq{})...)
 			inNatRuleKey := genKey(inNatFormat, testCase.inputPair.ID)
 
 			insertedInNat := nftablesTestingClient.InsertRule(&nftables.Rule{

client/internal/routemanager/notifier.go

@@ -2,28 +2,37 @@ package routemanager
 
 import (
 	"sort"
+	"strings"
 	"sync"
 
-	"github.com/netbirdio/netbird/client/internal/listener"
+	log "github.com/sirupsen/logrus"
+
 	"github.com/netbirdio/netbird/route"
 )
 
+// RouteListener is a callback interface for mobile system
+type RouteListener interface {
+	// OnNewRouteSetting invoke when new route setting has been arrived
+	OnNewRouteSetting(string)
+	SetInterfaceIP(string)
+}
+
 type notifier struct {
 	initialRouteRangers []string
 	routeRangers        []string
 
-	listener    listener.NetworkChangeListener
-	listenerMux sync.Mutex
+	routeListener    RouteListener
+	routeListenerMux sync.Mutex
 }
 
 func newNotifier() *notifier {
 	return &notifier{}
 }
 
-func (n *notifier) setListener(listener listener.NetworkChangeListener) {
-	n.listenerMux.Lock()
-	defer n.listenerMux.Unlock()
-	n.listener = listener
+func (n *notifier) setListener(listener RouteListener) {
+	n.routeListenerMux.Lock()
+	defer n.routeListenerMux.Unlock()
+	n.routeListener = listener
 }
 
 func (n *notifier) setInitialClientRoutes(clientRoutes []*route.Route) {
@@ -50,22 +59,20 @@ func (n *notifier) onNewRoutes(idMap map[string][]*route.Route) {
 
 	n.routeRangers = newNets
 
-	if !n.hasDiff(n.initialRouteRangers, newNets) {
-		return
-	}
 	n.notify()
 }
 
 func (n *notifier) notify() {
-	n.listenerMux.Lock()
-	defer n.listenerMux.Unlock()
-	if n.listener == nil {
+	n.routeListenerMux.Lock()
+	defer n.routeListenerMux.Unlock()
+	if n.routeListener == nil {
 		return
 	}
 
-	go func(l listener.NetworkChangeListener) {
-		l.OnNetworkChanged()
-	}(n.listener)
+	go func(l RouteListener) {
+		log.Debugf("notifying route listener with route ranges: %s", strings.Join(n.routeRangers, ","))
+		l.OnNewRouteSetting(strings.Join(n.routeRangers, ","))
+	}(n.routeListener)
 }
 
 func (n *notifier) hasDiff(a []string, b []string) bool {

client/internal/routemanager/server_android.go

@@ -1,3 +1,5 @@
+//go:build android
+
 package routemanager
 
 import (

client/internal/routemanager/systemops_bsd.go

@@ -27,24 +27,24 @@ const (
 	RTF_MULTICAST = 0x800000
 )
 
-func getRoutesFromTable() ([]netip.Prefix, error) {
+func existsInRouteTable(prefix netip.Prefix) (bool, error) {
 	tab, err := route.FetchRIB(syscall.AF_UNSPEC, route.RIBTypeRoute, 0)
 	if err != nil {
-		return nil, err
+		return false, err
 	}
 	msgs, err := route.ParseRIB(route.RIBTypeRoute, tab)
 	if err != nil {
-		return nil, err
+		return false, err
 	}
-	var prefixList []netip.Prefix
+
 	for _, msg := range msgs {
 		m := msg.(*route.RouteMessage)
 
 		if m.Version < 3 || m.Version > 5 {
-			return nil, fmt.Errorf("unexpected RIB message version: %d", m.Version)
+			return false, fmt.Errorf("unexpected RIB message version: %d", m.Version)
 		}
 		if m.Type != 4 /* RTM_GET */ {
-			return nil, fmt.Errorf("unexpected RIB message type: %d", m.Type)
+			return true, fmt.Errorf("unexpected RIB message type: %d", m.Type)
 		}
 
 		if m.Flags&RTF_UP == 0 ||
@@ -52,42 +52,31 @@ func getRoutesFromTable() ([]netip.Prefix, error) {
 			continue
 		}
 
-		addr, ok := toNetIPAddr(m.Addrs[0])
-		if !ok {
-			continue
+		dst, err := toIPAddr(m.Addrs[0])
+		if err != nil {
+			return true, fmt.Errorf("unexpected RIB destination: %v", err)
 		}
 
-		mask, ok := toNetIPMASK(m.Addrs[2])
-		if !ok {
-			continue
-		}
-		cidr, _ := mask.Size()
-
-		routePrefix := netip.PrefixFrom(addr, cidr)
-		if routePrefix.IsValid() {
-			prefixList = append(prefixList, routePrefix)
+		mask, _ := toIPAddr(m.Addrs[2])
+		cidr, _ := net.IPMask(mask.To4()).Size()
+		if dst.String() == prefix.Addr().String() && cidr == prefix.Bits() {
+			return true, nil
 		}
 	}
-	return prefixList, nil
+
+	return false, nil
 }
 
-func toNetIPAddr(a route.Addr) (netip.Addr, bool) {
+func toIPAddr(a route.Addr) (net.IP, error) {
 	switch t := a.(type) {
 	case *route.Inet4Addr:
 		ip := net.IPv4(t.IP[0], t.IP[1], t.IP[2], t.IP[3])
-		addr := netip.MustParseAddr(ip.String())
-		return addr, true
+		return ip, nil
+	case *route.Inet6Addr:
+		ip := make(net.IP, net.IPv6len)
+		copy(ip, t.IP[:])
+		return ip, nil
 	default:
-		return netip.Addr{}, false
-	}
-}
-
-func toNetIPMASK(a route.Addr) (net.IPMask, bool) {
-	switch t := a.(type) {
-	case *route.Inet4Addr:
-		mask := net.IPv4Mask(t.IP[0], t.IP[1], t.IP[2], t.IP[3])
-		return mask, true
-	default:
-		return nil, false
+		return net.IP{}, fmt.Errorf("unknown family: %v", t)
 	}
 }

client/internal/routemanager/systemops_ios.go

@@ -0,0 +1,15 @@
+//go:build ios
+
+package routemanager
+
+import (
+	"net/netip"
+)
+
+func addToRouteTableIfNoExists(prefix netip.Prefix, addr string) error {
+	return nil
+}
+
+func removeFromRouteTableIfNonSystem(prefix netip.Prefix, addr string) error {
+	return nil
+}

client/internal/routemanager/systemops_linux.go

@@ -60,26 +60,15 @@ func addToRouteTable(prefix netip.Prefix, addr string) error {
 	return nil
 }
 
-func removeFromRouteTable(prefix netip.Prefix, addr string) error {
+func removeFromRouteTable(prefix netip.Prefix) error {
 	_, ipNet, err := net.ParseCIDR(prefix.String())
 	if err != nil {
 		return err
 	}
 
-	addrMask := "/32"
-	if prefix.Addr().Unmap().Is6() {
-		addrMask = "/128"
-	}
-
-	ip, _, err := net.ParseCIDR(addr + addrMask)
-	if err != nil {
-		return err
-	}
-
 	route := &netlink.Route{
 		Scope: netlink.SCOPE_UNIVERSE,
 		Dst:   ipNet,
-		Gw:    ip,
 	}
 
 	err = netlink.RouteDel(route)
@@ -90,16 +79,15 @@ func removeFromRouteTable(prefix netip.Prefix, addr string) error {
 	return nil
 }
 
-func getRoutesFromTable() ([]netip.Prefix, error) {
+func existsInRouteTable(prefix netip.Prefix) (bool, error) {
 	tab, err := syscall.NetlinkRIB(syscall.RTM_GETROUTE, syscall.AF_UNSPEC)
 	if err != nil {
-		return nil, err
+		return true, err
 	}
 	msgs, err := syscall.ParseNetlinkMessage(tab)
 	if err != nil {
-		return nil, err
+		return true, err
 	}
-	var prefixList []netip.Prefix
 loop:
 	for _, m := range msgs {
 		switch m.Header.Type {
@@ -107,10 +95,9 @@ loop:
 			break loop
 		case syscall.RTM_NEWROUTE:
 			rt := (*routeInfoInMemory)(unsafe.Pointer(&m.Data[0]))
-			msg := m
-			attrs, err := syscall.ParseNetlinkRouteAttr(&msg)
+			attrs, err := syscall.ParseNetlinkRouteAttr(&m)
 			if err != nil {
-				return nil, err
+				return true, err
 			}
 			if rt.Family != syscall.AF_INET {
 				continue loop
@@ -118,21 +105,17 @@ loop:
 
 			for _, attr := range attrs {
 				if attr.Attr.Type == syscall.RTA_DST {
-					addr, ok := netip.AddrFromSlice(attr.Value)
-					if !ok {
-						continue
-					}
+					ip := net.IP(attr.Value)
 					mask := net.CIDRMask(int(rt.DstLen), len(attr.Value)*8)
 					cidr, _ := mask.Size()
-					routePrefix := netip.PrefixFrom(addr, cidr)
-					if routePrefix.IsValid() && routePrefix.Addr().Is4() {
-						prefixList = append(prefixList, routePrefix)
+					if ip.String() == prefix.Addr().String() && cidr == prefix.Bits() {
+						return true, nil
 					}
 				}
 			}
 		}
 	}
-	return prefixList, nil
+	return false, nil
 }
 
 func enableIPForwarding() error {
@@ -147,5 +130,5 @@ func enableIPForwarding() error {
 		return nil
 	}
 
-	return os.WriteFile(ipv4ForwardingPath, []byte("1"), 0644) //nolint:gosec
+	return os.WriteFile(ipv4ForwardingPath, []byte("1"), 0644)
 }

client/internal/routemanager/systemops_nonandroid.go

@@ -1,4 +1,4 @@
-//go:build !android
+//go:build !android && !ios
 
 package routemanager
 
@@ -14,6 +14,17 @@ import (
 var errRouteNotFound = fmt.Errorf("route not found")
 
 func addToRouteTableIfNoExists(prefix netip.Prefix, addr string) error {
+	defaultGateway, err := getExistingRIBRouteGateway(netip.MustParsePrefix("0.0.0.0/0"))
+	if err != nil && err != errRouteNotFound {
+		return err
+	}
+
+	gatewayIP := netip.MustParseAddr(defaultGateway.String())
+	if prefix.Contains(gatewayIP) {
+		log.Warnf("skipping adding a new route for network %s because it overlaps with the default gateway: %s", prefix, gatewayIP)
+		return nil
+	}
+
 	ok, err := existsInRouteTable(prefix)
 	if err != nil {
 		return err
@@ -23,82 +34,20 @@ func addToRouteTableIfNoExists(prefix netip.Prefix, addr string) error {
 		return nil
 	}
 
-	ok, err = isSubRange(prefix)
-	if err != nil {
-		return err
-	}
-
-	if ok {
-		err := addRouteForCurrentDefaultGateway(prefix)
-		if err != nil {
-			log.Warnf("unable to add route for current default gateway route. Will proceed without it. error: %s", err)
-		}
-	}
-
 	return addToRouteTable(prefix, addr)
 }
 
-func addRouteForCurrentDefaultGateway(prefix netip.Prefix) error {
-	defaultGateway, err := getExistingRIBRouteGateway(netip.MustParsePrefix("0.0.0.0/0"))
-	if err != nil && err != errRouteNotFound {
+func removeFromRouteTableIfNonSystem(prefix netip.Prefix, addr string) error {
+	addrIP := net.ParseIP(addr)
+	prefixGateway, err := getExistingRIBRouteGateway(prefix)
+	if err != nil {
 		return err
 	}
-
-	addr := netip.MustParseAddr(defaultGateway.String())
-
-	if !prefix.Contains(addr) {
-		log.Debugf("skipping adding a new route for gateway %s because it is not in the network %s", addr, prefix)
+	if prefixGateway != nil && !prefixGateway.Equal(addrIP) {
+		log.Warnf("route for network %s is pointing to a different gateway: %s, should be pointing to: %s, not removing", prefix, prefixGateway, addrIP)
 		return nil
 	}
-
-	gatewayPrefix := netip.PrefixFrom(addr, 32)
-
-	ok, err := existsInRouteTable(gatewayPrefix)
-	if err != nil {
-		return fmt.Errorf("unable to check if there is an existing route for gateway %s. error: %s", gatewayPrefix, err)
-	}
-
-	if ok {
-		log.Debugf("skipping adding a new route for gateway %s because it already exists", gatewayPrefix)
-		return nil
-	}
-
-	gatewayHop, err := getExistingRIBRouteGateway(gatewayPrefix)
-	if err != nil && err != errRouteNotFound {
-		return fmt.Errorf("unable to get the next hop for the default gateway address. error: %s", err)
-	}
-	log.Debugf("adding a new route for gateway %s with next hop %s", gatewayPrefix, gatewayHop)
-	return addToRouteTable(gatewayPrefix, gatewayHop.String())
-}
-
-func existsInRouteTable(prefix netip.Prefix) (bool, error) {
-	routes, err := getRoutesFromTable()
-	if err != nil {
-		return false, err
-	}
-	for _, tableRoute := range routes {
-		if tableRoute == prefix {
-			return true, nil
-		}
-	}
-	return false, nil
-}
-
-func isSubRange(prefix netip.Prefix) (bool, error) {
-	routes, err := getRoutesFromTable()
-	if err != nil {
-		return false, err
-	}
-	for _, tableRoute := range routes {
-		if tableRoute.Bits() > minRangeBits && tableRoute.Contains(prefix.Addr()) && tableRoute.Bits() < prefix.Bits() {
-			return true, nil
-		}
-	}
-	return false, nil
-}
-
-func removeFromRouteTableIfNonSystem(prefix netip.Prefix, addr string) error {
-	return removeFromRouteTable(prefix, addr)
+	return removeFromRouteTable(prefix)
 }
 
 func getExistingRIBRouteGateway(prefix netip.Prefix) (net.IP, error) {

client/internal/routemanager/systemops_nonandroid_test.go

@@ -24,13 +24,13 @@ func TestAddRemoveRoutes(t *testing.T) {
 		shouldBeRemoved        bool
 	}{
 		{
-			name:                   "Should Add And Remove Route 100.66.120.0/24",
+			name:                   "Should Add And Remove Route",
 			prefix:                 netip.MustParsePrefix("100.66.120.0/24"),
 			shouldRouteToWireguard: true,
 			shouldBeRemoved:        true,
 		},
 		{
-			name:                   "Should Not Add Or Remove Route 127.0.0.1/32",
+			name:                   "Should Not Add Or Remove Route",
 			prefix:                 netip.MustParsePrefix("127.0.0.1/32"),
 			shouldRouteToWireguard: false,
 			shouldBeRemoved:        false,
@@ -51,32 +51,29 @@ func TestAddRemoveRoutes(t *testing.T) {
 			require.NoError(t, err, "should create testing wireguard interface")
 
 			err = addToRouteTableIfNoExists(testCase.prefix, wgInterface.Address().IP.String())
-			require.NoError(t, err, "addToRouteTableIfNoExists should not return err")
+			require.NoError(t, err, "should not return err")
 
 			prefixGateway, err := getExistingRIBRouteGateway(testCase.prefix)
-			require.NoError(t, err, "getExistingRIBRouteGateway should not return err")
+			require.NoError(t, err, "should not return err")
 			if testCase.shouldRouteToWireguard {
 				require.Equal(t, wgInterface.Address().IP.String(), prefixGateway.String(), "route should point to wireguard interface IP")
 			} else {
 				require.NotEqual(t, wgInterface.Address().IP.String(), prefixGateway.String(), "route should point to a different interface")
 			}
-			exists, err := existsInRouteTable(testCase.prefix)
-			require.NoError(t, err, "existsInRouteTable should not return err")
-			if exists && testCase.shouldRouteToWireguard {
-				err = removeFromRouteTableIfNonSystem(testCase.prefix, wgInterface.Address().IP.String())
-				require.NoError(t, err, "removeFromRouteTableIfNonSystem should not return err")
 
-				prefixGateway, err = getExistingRIBRouteGateway(testCase.prefix)
-				require.NoError(t, err, "getExistingRIBRouteGateway should not return err")
+			err = removeFromRouteTableIfNonSystem(testCase.prefix, wgInterface.Address().IP.String())
+			require.NoError(t, err, "should not return err")
 
-				internetGateway, err := getExistingRIBRouteGateway(netip.MustParsePrefix("0.0.0.0/0"))
-				require.NoError(t, err)
+			prefixGateway, err = getExistingRIBRouteGateway(testCase.prefix)
+			require.NoError(t, err, "should not return err")
 
-				if testCase.shouldBeRemoved {
-					require.Equal(t, internetGateway, prefixGateway, "route should be pointing to default internet gateway")
-				} else {
-					require.NotEqual(t, internetGateway, prefixGateway, "route should be pointing to a different gateway than the internet gateway")
-				}
+			internetGateway, err := getExistingRIBRouteGateway(netip.MustParsePrefix("0.0.0.0/0"))
+			require.NoError(t, err)
+
+			if testCase.shouldBeRemoved {
+				require.Equal(t, internetGateway, prefixGateway, "route should be pointing to default internet gateway")
+			} else {
+				require.NotEqual(t, internetGateway, prefixGateway, "route should be pointing to a different gateway than the internet gateway")
 			}
 		})
 	}
@@ -126,7 +123,7 @@ func TestGetExistingRIBRouteGateway(t *testing.T) {
 
 func TestAddExistAndRemoveRouteNonAndroid(t *testing.T) {
 	defaultGateway, err := getExistingRIBRouteGateway(netip.MustParsePrefix("0.0.0.0/0"))
-	t.Log("defaultGateway: ", defaultGateway)
+	fmt.Println("defaultGateway: ", defaultGateway)
 	if err != nil {
 		t.Fatal("shouldn't return error when fetching the gateway: ", err)
 	}
@@ -210,7 +207,7 @@ func TestAddExistAndRemoveRouteNonAndroid(t *testing.T) {
 			// route should either not have been added or should have been removed
 			// In case of already existing route, it should not have been added (but still exist)
 			ok, err := existsInRouteTable(testCase.prefix)
-			t.Log("Buffer string: ", buf.String())
+			fmt.Println("Buffer string: ", buf.String())
 			require.NoError(t, err, "should not return err")
 			if !strings.Contains(buf.String(), "because it already exists") {
 				require.False(t, ok, "route should not exist")
@@ -218,66 +215,3 @@ func TestAddExistAndRemoveRouteNonAndroid(t *testing.T) {
 		})
 	}
 }
-
-func TestExistsInRouteTable(t *testing.T) {
-	addresses, err := net.InterfaceAddrs()
-	if err != nil {
-		t.Fatal("shouldn't return error when fetching interface addresses: ", err)
-	}
-
-	var addressPrefixes []netip.Prefix
-	for _, address := range addresses {
-		p := netip.MustParsePrefix(address.String())
-		if p.Addr().Is4() {
-			addressPrefixes = append(addressPrefixes, p.Masked())
-		}
-	}
-
-	for _, prefix := range addressPrefixes {
-		exists, err := existsInRouteTable(prefix)
-		if err != nil {
-			t.Fatal("shouldn't return error when checking if address exists in route table: ", err)
-		}
-		if !exists {
-			t.Fatalf("address %s should exist in route table", prefix)
-		}
-	}
-}
-
-func TestIsSubRange(t *testing.T) {
-	addresses, err := net.InterfaceAddrs()
-	if err != nil {
-		t.Fatal("shouldn't return error when fetching interface addresses: ", err)
-	}
-
-	var subRangeAddressPrefixes []netip.Prefix
-	var nonSubRangeAddressPrefixes []netip.Prefix
-	for _, address := range addresses {
-		p := netip.MustParsePrefix(address.String())
-		if !p.Addr().IsLoopback() && p.Addr().Is4() && p.Bits() < 32 {
-			p2 := netip.PrefixFrom(p.Masked().Addr(), p.Bits()+1)
-			subRangeAddressPrefixes = append(subRangeAddressPrefixes, p2)
-			nonSubRangeAddressPrefixes = append(nonSubRangeAddressPrefixes, p.Masked())
-		}
-	}
-
-	for _, prefix := range subRangeAddressPrefixes {
-		isSubRangePrefix, err := isSubRange(prefix)
-		if err != nil {
-			t.Fatal("shouldn't return error when checking if address is sub-range: ", err)
-		}
-		if !isSubRangePrefix {
-			t.Fatalf("address %s should be sub-range of an existing route in the table", prefix)
-		}
-	}
-
-	for _, prefix := range nonSubRangeAddressPrefixes {
-		isSubRangePrefix, err := isSubRange(prefix)
-		if err != nil {
-			t.Fatal("shouldn't return error when checking if address is sub-range: ", err)
-		}
-		if isSubRangePrefix {
-			t.Fatalf("address %s should not be sub-range of an existing route in the table", prefix)
-		}
-	}
-}

client/internal/routemanager/systemops_nonlinux.go

@@ -21,12 +21,8 @@ func addToRouteTable(prefix netip.Prefix, addr string) error {
 	return nil
 }
 
-func removeFromRouteTable(prefix netip.Prefix, addr string) error {
-	args := []string{"delete", prefix.String()}
-	if runtime.GOOS == "darwin" {
-		args = append(args, addr)
-	}
-	cmd := exec.Command("route", args...)
+func removeFromRouteTable(prefix netip.Prefix) error {
+	cmd := exec.Command("route", "delete", prefix.String())
 	out, err := cmd.Output()
 	if err != nil {
 		return err

client/internal/routemanager/systemops_windows.go

@@ -15,32 +15,23 @@ type Win32_IP4RouteTable struct {
 	Mask        string
 }
 
-func getRoutesFromTable() ([]netip.Prefix, error) {
+func existsInRouteTable(prefix netip.Prefix) (bool, error) {
 	var routes []Win32_IP4RouteTable
 	query := "SELECT Destination, Mask FROM Win32_IP4RouteTable"
 
 	err := wmi.Query(query, &routes)
 	if err != nil {
-		return nil, err
+		return true, err
 	}
 
-	var prefixList []netip.Prefix
 	for _, route := range routes {
-		addr, err := netip.ParseAddr(route.Destination)
-		if err != nil {
-			continue
-		}
-		maskSlice := net.ParseIP(route.Mask).To4()
-		if maskSlice == nil {
-			continue
-		}
-		mask := net.IPv4Mask(maskSlice[0], maskSlice[1], maskSlice[2], maskSlice[3])
+		ip := net.ParseIP(route.Mask)
+		ip = ip.To4()
+		mask := net.IPv4Mask(ip[0], ip[1], ip[2], ip[3])
 		cidr, _ := mask.Size()
-
-		routePrefix := netip.PrefixFrom(addr, cidr)
-		if routePrefix.IsValid() && routePrefix.Addr().Is4() {
-			prefixList = append(prefixList, routePrefix)
+		if route.Destination == prefix.Addr().String() && cidr == prefix.Bits() {
+			return true, nil
 		}
 	}
-	return prefixList, nil
+	return false, nil
 }

client/ios/NetBirdSDK/client.go

@@ -0,0 +1,200 @@
+package NetBirdSDK
+
+import (
+	"context"
+	"sync"
+	"time"
+
+	log "github.com/sirupsen/logrus"
+
+	"github.com/netbirdio/netbird/client/internal"
+	"github.com/netbirdio/netbird/client/internal/auth"
+	"github.com/netbirdio/netbird/client/internal/dns"
+	"github.com/netbirdio/netbird/client/internal/peer"
+	"github.com/netbirdio/netbird/client/internal/routemanager"
+	"github.com/netbirdio/netbird/client/system"
+	"github.com/netbirdio/netbird/formatter"
+)
+
+// RouteListener export internal RouteListener for mobile
+type RouteListener interface {
+	routemanager.RouteListener
+}
+
+// DnsManager export internal dns Manager for mobile
+type DnsManager interface {
+	dns.IosDnsManager
+}
+
+// CustomLogger export internal CustomLogger for mobile
+type CustomLogger interface {
+	Debug(message string)
+	Info(message string)
+	Error(message string)
+}
+
+func init() {
+	formatter.SetLogcatFormatter(log.StandardLogger())
+}
+
+// Client struct manage the life circle of background service
+type Client struct {
+	cfgFile       string
+	recorder      *peer.Status
+	ctxCancel     context.CancelFunc
+	ctxCancelLock *sync.Mutex
+	deviceName    string
+	osName        string
+	osVersion     string
+	routeListener routemanager.RouteListener
+	onHostDnsFn   func([]string)
+	dnsManager    dns.IosDnsManager
+	loginComplete bool
+}
+
+// NewClient instantiate a new Client
+func NewClient(cfgFile, deviceName string, osVersion string, osName string, routeListener RouteListener, dnsManager DnsManager) *Client {
+	return &Client{
+		cfgFile:       cfgFile,
+		deviceName:    deviceName,
+		osName:        osName,
+		osVersion:     osVersion,
+		recorder:      peer.NewRecorder(""),
+		ctxCancelLock: &sync.Mutex{},
+		routeListener: routeListener,
+		dnsManager:    dnsManager,
+	}
+}
+
+// Run start the internal client. It is a blocker function
+func (c *Client) Run(fd int32, interfaceName string) error {
+	log.Infof("Starting NetBird client")
+	log.Debugf("Tunnel uses interface: %s", interfaceName)
+	cfg, err := internal.UpdateOrCreateConfig(internal.ConfigInput{
+		ConfigPath: c.cfgFile,
+	})
+	if err != nil {
+		return err
+	}
+	c.recorder.UpdateManagementAddress(cfg.ManagementURL.String())
+
+	var ctx context.Context
+	//nolint
+	ctxWithValues := context.WithValue(context.Background(), system.DeviceNameCtxKey, c.deviceName)
+	ctxWithValues = context.WithValue(ctxWithValues, system.OsNameCtxKey, c.osName)
+	ctxWithValues = context.WithValue(ctxWithValues, system.OsVersionCtxKey, c.osVersion)
+	c.ctxCancelLock.Lock()
+	ctx, c.ctxCancel = context.WithCancel(ctxWithValues)
+	defer c.ctxCancel()
+	c.ctxCancelLock.Unlock()
+
+	auth := NewAuthWithConfig(ctx, cfg)
+	err = auth.Login()
+	if err != nil {
+		return err
+	}
+
+	log.Infof("Auth successful")
+	// todo do not throw error in case of cancelled context
+	ctx = internal.CtxInitState(ctx)
+	c.onHostDnsFn = func([]string) {}
+	return internal.RunClientiOS(ctx, cfg, c.recorder, fd, c.routeListener, c.dnsManager, interfaceName)
+}
+
+// Stop the internal client and free the resources
+func (c *Client) Stop() {
+	c.ctxCancelLock.Lock()
+	defer c.ctxCancelLock.Unlock()
+	if c.ctxCancel == nil {
+		return
+	}
+
+	c.ctxCancel()
+}
+
+// ÏSetTraceLogLevel configure the logger to trace level
+func (c *Client) SetTraceLogLevel() {
+	log.SetLevel(log.TraceLevel)
+}
+
+// getStatusDetails return with the list of the PeerInfos
+func (c *Client) GetStatusDetails() *StatusDetails {
+
+	fullStatus := c.recorder.GetFullStatus()
+
+	peerInfos := make([]PeerInfo, len(fullStatus.Peers))
+	for n, p := range fullStatus.Peers {
+		pi := PeerInfo{
+			p.IP,
+			p.FQDN,
+			p.ConnStatus.String(),
+		}
+		peerInfos[n] = pi
+	}
+	return &StatusDetails{items: peerInfos, fqdn: fullStatus.LocalPeerState.FQDN, ip: fullStatus.LocalPeerState.IP}
+}
+
+func (c *Client) GetManagementStatus() bool {
+	return c.recorder.GetFullStatus().ManagementState.Connected
+}
+
+func (c *Client) IsLoginRequired() bool {
+	var ctx context.Context
+	ctxWithValues := context.WithValue(context.Background(), system.DeviceNameCtxKey, c.deviceName)
+	c.ctxCancelLock.Lock()
+	defer c.ctxCancelLock.Unlock()
+	ctx, c.ctxCancel = context.WithCancel(ctxWithValues)
+
+	cfg, _ := internal.UpdateOrCreateConfig(internal.ConfigInput{
+		ConfigPath: c.cfgFile,
+	})
+
+	needsLogin, _ := internal.IsLoginRequired(ctx, cfg.PrivateKey, cfg.ManagementURL, cfg.SSHKey)
+	return needsLogin
+}
+
+func (c *Client) LoginForMobile() string {
+	var ctx context.Context
+	ctxWithValues := context.WithValue(context.Background(), system.DeviceNameCtxKey, c.deviceName)
+	c.ctxCancelLock.Lock()
+	defer c.ctxCancelLock.Unlock()
+	ctx, c.ctxCancel = context.WithCancel(ctxWithValues)
+
+	cfg, _ := internal.UpdateOrCreateConfig(internal.ConfigInput{
+		ConfigPath: c.cfgFile,
+	})
+
+	oAuthFlow, err := auth.NewOAuthFlow(ctx, cfg, false)
+	if err != nil {
+		return err.Error()
+	}
+
+	flowInfo, err := oAuthFlow.RequestAuthInfo(context.TODO())
+	if err != nil {
+		return err.Error()
+	}
+
+	// This could cause a potential race condition with loading the extension which need to be handled on swift side
+	go func() {
+		waitTimeout := time.Duration(flowInfo.ExpiresIn)
+		waitCTX, cancel := context.WithTimeout(ctx, waitTimeout*time.Second)
+		defer cancel()
+		tokenInfo, err := oAuthFlow.WaitToken(waitCTX, flowInfo)
+		if err != nil {
+			return
+		}
+		jwtToken := tokenInfo.GetTokenToUse()
+		_ = internal.Login(ctx, cfg, "", jwtToken)
+		c.loginComplete = true
+	}()
+
+	return flowInfo.VerificationURIComplete
+}
+
+func (c *Client) IsLoginComplete() bool {
+	return c.loginComplete
+}
+
+func (c *Client) ClearLoginComplete() {
+	c.loginComplete = false
+}

client/ios/NetBirdSDK/gomobile.go

@@ -0,0 +1,5 @@
+package NetBirdSDK
+
+import _ "golang.org/x/mobile/bind"
+
+// to keep our CI/CD that checks go.mod and go.sum files happy, we need to import the package above

client/ios/NetBirdSDK/logger.go

@@ -0,0 +1,16 @@
+package NetBirdSDK
+
+import (
+	"os"
+
+	"github.com/netbirdio/netbird/util"
+)
+
+var logFile *os.File
+
+// InitializeLog initializes the log file.
+func InitializeLog(logLevel string, filePath string) error {
+	var err error
+	err = util.InitLog(logLevel, filePath)
+	return err
+}

client/ios/NetBirdSDK/login.go

@@ -0,0 +1,184 @@
+package NetBirdSDK
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	"github.com/cenkalti/backoff/v4"
+	log "github.com/sirupsen/logrus"
+	"google.golang.org/grpc/codes"
+	gstatus "google.golang.org/grpc/status"
+
+	"github.com/netbirdio/netbird/client/cmd"
+	"github.com/netbirdio/netbird/client/internal"
+	"github.com/netbirdio/netbird/client/internal/auth"
+	"github.com/netbirdio/netbird/client/system"
+)
+
+// SSOListener is async listener for mobile framework
+type SSOListener interface {
+	OnSuccess(bool)
+	OnError(error)
+}
+
+// ErrListener is async listener for mobile framework
+type ErrListener interface {
+	OnSuccess()
+	OnError(error)
+}
+
+// URLOpener it is a callback interface. The Open function will be triggered if
+// the backend want to show an url for the user
+type URLOpener interface {
+	Open(string)
+}
+
+// Auth can register or login new client
+type Auth struct {
+	ctx     context.Context
+	config  *internal.Config
+	cfgPath string
+}
+
+// NewAuth instantiate Auth struct and validate the management URL
+func NewAuth(cfgPath string, mgmURL string) (*Auth, error) {
+	inputCfg := internal.ConfigInput{
+		ManagementURL: mgmURL,
+	}
+
+	cfg, err := internal.CreateInMemoryConfig(inputCfg)
+	if err != nil {
+		return nil, err
+	}
+
+	return &Auth{
+		ctx:     context.Background(),
+		config:  cfg,
+		cfgPath: cfgPath,
+	}, nil
+}
+
+// NewAuthWithConfig instantiate Auth based on existing config
+func NewAuthWithConfig(ctx context.Context, config *internal.Config) *Auth {
+	return &Auth{
+		ctx:    ctx,
+		config: config,
+	}
+}
+
+// SaveConfigIfSSOSupported test the connectivity with the management server by retrieving the server device flow info.
+// If it returns a flow info than save the configuration and return true. If it gets a codes.NotFound, it means that SSO
+// is not supported and returns false without saving the configuration. For other errors return false.
+func (a *Auth) SaveConfigIfSSOSupported() (bool, error) {
+	supportsSSO := true
+	err := a.withBackOff(a.ctx, func() (err error) {
+		_, err = internal.GetDeviceAuthorizationFlowInfo(a.ctx, a.config.PrivateKey, a.config.ManagementURL)
+		if s, ok := gstatus.FromError(err); ok && s.Code() == codes.NotFound {
+			_, err = internal.GetPKCEAuthorizationFlowInfo(a.ctx, a.config.PrivateKey, a.config.ManagementURL)
+			if s, ok := gstatus.FromError(err); ok && s.Code() == codes.NotFound {
+				supportsSSO = false
+				err = nil
+			}
+
+			return err
+		}
+
+		return err
+	})
+
+	if !supportsSSO {
+		return false, nil
+	}
+
+	if err != nil {
+		return false, fmt.Errorf("backoff cycle failed: %v", err)
+	}
+
+	err = internal.WriteOutConfig(a.cfgPath, a.config)
+	return true, err
+}
+
+// LoginWithSetupKeyAndSaveConfig test the connectivity with the management server with the setup key.
+func (a *Auth) LoginWithSetupKeyAndSaveConfig(setupKey string, deviceName string) error {
+	//nolint
+	ctxWithValues := context.WithValue(a.ctx, system.DeviceNameCtxKey, deviceName)
+
+	err := a.withBackOff(a.ctx, func() error {
+		backoffErr := internal.Login(ctxWithValues, a.config, setupKey, "")
+		if s, ok := gstatus.FromError(backoffErr); ok && (s.Code() == codes.PermissionDenied) {
+			// we got an answer from management, exit backoff earlier
+			return backoff.Permanent(backoffErr)
+		}
+		return backoffErr
+	})
+	if err != nil {
+		return fmt.Errorf("backoff cycle failed: %v", err)
+	}
+
+	return internal.WriteOutConfig(a.cfgPath, a.config)
+}
+
+func (a *Auth) Login() error {
+	var needsLogin bool
+
+	// check if we need to generate JWT token
+	err := a.withBackOff(a.ctx, func() (err error) {
+		needsLogin, err = internal.IsLoginRequired(a.ctx, a.config.PrivateKey, a.config.ManagementURL, a.config.SSHKey)
+		return
+	})
+	if err != nil {
+		return fmt.Errorf("backoff cycle failed: %v", err)
+	}
+
+	jwtToken := ""
+	if needsLogin {
+		return fmt.Errorf("Not authenticated")
+	}
+
+	err = a.withBackOff(a.ctx, func() error {
+		err := internal.Login(a.ctx, a.config, "", jwtToken)
+		if s, ok := gstatus.FromError(err); ok && (s.Code() == codes.InvalidArgument || s.Code() == codes.PermissionDenied) {
+			return nil
+		}
+		return err
+	})
+	if err != nil {
+		return fmt.Errorf("backoff cycle failed: %v", err)
+	}
+
+	return nil
+}
+
+func (a *Auth) foregroundGetTokenInfo(urlOpener URLOpener) (*auth.TokenInfo, error) {
+	oAuthFlow, err := auth.NewOAuthFlow(a.ctx, a.config, false)
+	if err != nil {
+		return nil, err
+	}
+
+	flowInfo, err := oAuthFlow.RequestAuthInfo(context.TODO())
+	if err != nil {
+		return nil, fmt.Errorf("getting a request OAuth flow info failed: %v", err)
+	}
+
+	go urlOpener.Open(flowInfo.VerificationURIComplete)
+
+	waitTimeout := time.Duration(flowInfo.ExpiresIn)
+	waitCTX, cancel := context.WithTimeout(a.ctx, waitTimeout*time.Second)
+	defer cancel()
+	tokenInfo, err := oAuthFlow.WaitToken(waitCTX, flowInfo)
+	if err != nil {
+		return nil, fmt.Errorf("waiting for browser login failed: %v", err)
+	}
+
+	return &tokenInfo, nil
+}
+
+func (a *Auth) withBackOff(ctx context.Context, bf func() error) error {
+	return backoff.RetryNotify(
+		bf,
+		backoff.WithContext(cmd.CLIBackOffSettings, ctx),
+		func(err error, duration time.Duration) {
+			log.Warnf("retrying Login to the Management service in %v due to error %v", duration, err)
+		})
+}

client/ios/NetBirdSDK/peer_notifier.go

@@ -0,0 +1,50 @@
+package NetBirdSDK
+
+// PeerInfo describe information about the peers. It designed for the UI usage
+type PeerInfo struct {
+	IP         string
+	FQDN       string
+	ConnStatus string // Todo replace to enum
+}
+
+// PeerInfoCollection made for Java layer to get non default types as collection
+type PeerInfoCollection interface {
+	Add(s string) PeerInfoCollection
+	Get(i int) string
+	Size() int
+	GetFQDN() string
+	GetIP() string
+}
+
+// StatusDetails is the implementation of the PeerInfoCollection
+type StatusDetails struct {
+	items []PeerInfo
+	fqdn  string
+	ip    string
+}
+
+// Add new PeerInfo to the collection
+func (array StatusDetails) Add(s PeerInfo) StatusDetails {
+	array.items = append(array.items, s)
+	return array
+}
+
+// Get return an element of the collection
+func (array StatusDetails) Get(i int) *PeerInfo {
+	return &array.items[i]
+}
+
+// Size return with the size of the collection
+func (array StatusDetails) Size() int {
+	return len(array.items)
+}
+
+// GetFQDN return with the FQDN of the local peer
+func (array StatusDetails) GetFQDN() string {
+	return array.fqdn
+}
+
+// GetIP return with the IP of the local peer
+func (array StatusDetails) GetIP() string {
+	return array.ip
+}

client/ios/NetBirdSDK/preferences.go

@@ -0,0 +1,78 @@
+package NetBirdSDK
+
+import (
+	"github.com/netbirdio/netbird/client/internal"
+)
+
+// Preferences export a subset of the internal config for gomobile
+type Preferences struct {
+	configInput internal.ConfigInput
+}
+
+// NewPreferences create new Preferences instance
+func NewPreferences(configPath string) *Preferences {
+	ci := internal.ConfigInput{
+		ConfigPath: configPath,
+	}
+	return &Preferences{ci}
+}
+
+// GetManagementURL read url from config file
+func (p *Preferences) GetManagementURL() (string, error) {
+	if p.configInput.ManagementURL != "" {
+		return p.configInput.ManagementURL, nil
+	}
+
+	cfg, err := internal.ReadConfig(p.configInput.ConfigPath)
+	if err != nil {
+		return "", err
+	}
+	return cfg.ManagementURL.String(), err
+}
+
+// SetManagementURL store the given url and wait for commit
+func (p *Preferences) SetManagementURL(url string) {
+	p.configInput.ManagementURL = url
+}
+
+// GetAdminURL read url from config file
+func (p *Preferences) GetAdminURL() (string, error) {
+	if p.configInput.AdminURL != "" {
+		return p.configInput.AdminURL, nil
+	}
+
+	cfg, err := internal.ReadConfig(p.configInput.ConfigPath)
+	if err != nil {
+		return "", err
+	}
+	return cfg.AdminURL.String(), err
+}
+
+// SetAdminURL store the given url and wait for commit
+func (p *Preferences) SetAdminURL(url string) {
+	p.configInput.AdminURL = url
+}
+
+// GetPreSharedKey read preshared key from config file
+func (p *Preferences) GetPreSharedKey() (string, error) {
+	if p.configInput.PreSharedKey != nil {
+		return *p.configInput.PreSharedKey, nil
+	}
+
+	cfg, err := internal.ReadConfig(p.configInput.ConfigPath)
+	if err != nil {
+		return "", err
+	}
+	return cfg.PreSharedKey, err
+}
+
+// SetPreSharedKey store the given key and wait for commit
+func (p *Preferences) SetPreSharedKey(key string) {
+	p.configInput.PreSharedKey = &key
+}
+
+// Commit write out the changes into config file
+func (p *Preferences) Commit() error {
+	_, err := internal.UpdateOrCreateConfig(p.configInput)
+	return err
+}

client/ios/NetBirdSDK/preferences_test.go

@@ -0,0 +1,120 @@
+package NetBirdSDK
+
+import (
+	"path/filepath"
+	"testing"
+
+	"github.com/netbirdio/netbird/client/internal"
+)
+
+func TestPreferences_DefaultValues(t *testing.T) {
+	cfgFile := filepath.Join(t.TempDir(), "netbird.json")
+	p := NewPreferences(cfgFile)
+	defaultVar, err := p.GetAdminURL()
+	if err != nil {
+		t.Fatalf("failed to read default value: %s", err)
+	}
+
+	if defaultVar != internal.DefaultAdminURL {
+		t.Errorf("invalid default admin url: %s", defaultVar)
+	}
+
+	defaultVar, err = p.GetManagementURL()
+	if err != nil {
+		t.Fatalf("failed to read default management URL: %s", err)
+	}
+
+	if defaultVar != internal.DefaultManagementURL {
+		t.Errorf("invalid default management url: %s", defaultVar)
+	}
+
+	var preSharedKey string
+	preSharedKey, err = p.GetPreSharedKey()
+	if err != nil {
+		t.Fatalf("failed to read default preshared key: %s", err)
+	}
+
+	if preSharedKey != "" {
+		t.Errorf("invalid preshared key: %s", preSharedKey)
+	}
+}
+
+func TestPreferences_ReadUncommitedValues(t *testing.T) {
+	exampleString := "exampleString"
+	cfgFile := filepath.Join(t.TempDir(), "netbird.json")
+	p := NewPreferences(cfgFile)
+
+	p.SetAdminURL(exampleString)
+	resp, err := p.GetAdminURL()
+	if err != nil {
+		t.Fatalf("failed to read admin url: %s", err)
+	}
+
+	if resp != exampleString {
+		t.Errorf("unexpected admin url: %s", resp)
+	}
+
+	p.SetManagementURL(exampleString)
+	resp, err = p.GetManagementURL()
+	if err != nil {
+		t.Fatalf("failed to read managmenet url: %s", err)
+	}
+
+	if resp != exampleString {
+		t.Errorf("unexpected managemenet url: %s", resp)
+	}
+
+	p.SetPreSharedKey(exampleString)
+	resp, err = p.GetPreSharedKey()
+	if err != nil {
+		t.Fatalf("failed to read preshared key: %s", err)
+	}
+
+	if resp != exampleString {
+		t.Errorf("unexpected preshared key: %s", resp)
+	}
+}
+
+func TestPreferences_Commit(t *testing.T) {
+	exampleURL := "https://myurl.com:443"
+	examplePresharedKey := "topsecret"
+	cfgFile := filepath.Join(t.TempDir(), "netbird.json")
+	p := NewPreferences(cfgFile)
+
+	p.SetAdminURL(exampleURL)
+	p.SetManagementURL(exampleURL)
+	p.SetPreSharedKey(examplePresharedKey)
+
+	err := p.Commit()
+	if err != nil {
+		t.Fatalf("failed to save changes: %s", err)
+	}
+
+	p = NewPreferences(cfgFile)
+	resp, err := p.GetAdminURL()
+	if err != nil {
+		t.Fatalf("failed to read admin url: %s", err)
+	}
+
+	if resp != exampleURL {
+		t.Errorf("unexpected admin url: %s", resp)
+	}
+
+	resp, err = p.GetManagementURL()
+	if err != nil {
+		t.Fatalf("failed to read managmenet url: %s", err)
+	}
+
+	if resp != exampleURL {
+		t.Errorf("unexpected managemenet url: %s", resp)
+	}
+
+	resp, err = p.GetPreSharedKey()
+	if err != nil {
+		t.Fatalf("failed to read preshared key: %s", err)
+	}
+
+	if resp != examplePresharedKey {
+		t.Errorf("unexpected preshared key: %s", resp)
+	}
+}

client/proto/daemon.pb.go

@@ -43,7 +43,6 @@ type LoginRequest struct {
 	CleanNATExternalIPs  bool   `protobuf:"varint,6,opt,name=cleanNATExternalIPs,proto3" json:"cleanNATExternalIPs,omitempty"`
 	CustomDNSAddress     []byte `protobuf:"bytes,7,opt,name=customDNSAddress,proto3" json:"customDNSAddress,omitempty"`
 	IsLinuxDesktopClient bool   `protobuf:"varint,8,opt,name=isLinuxDesktopClient,proto3" json:"isLinuxDesktopClient,omitempty"`
-	Hostname             string `protobuf:"bytes,9,opt,name=hostname,proto3" json:"hostname,omitempty"`
 }
 
 func (x *LoginRequest) Reset() {
@@ -134,13 +133,6 @@ func (x *LoginRequest) GetIsLinuxDesktopClient() bool {
 	return false
 }
 
-func (x *LoginRequest) GetHostname() string {
-	if x != nil {
-		return x.Hostname
-	}
-	return ""
-}
-
 type LoginResponse struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -218,7 +210,6 @@ type WaitSSOLoginRequest struct {
 	unknownFields protoimpl.UnknownFields
 
 	UserCode string `protobuf:"bytes,1,opt,name=userCode,proto3" json:"userCode,omitempty"`
-	Hostname string `protobuf:"bytes,2,opt,name=hostname,proto3" json:"hostname,omitempty"`
 }
 
 func (x *WaitSSOLoginRequest) Reset() {
@@ -260,13 +251,6 @@ func (x *WaitSSOLoginRequest) GetUserCode() string {
 	return ""
 }
 
-func (x *WaitSSOLoginRequest) GetHostname() string {
-	if x != nil {
-		return x.Hostname
-	}
-	return ""
-}
-
 type WaitSSOLoginResponse struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -1067,7 +1051,7 @@ var file_daemon_proto_rawDesc = []byte{
 	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74,
 	0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
 	0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74,
-	0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xe6, 0x02, 0x0a, 0x0c, 0x4c, 0x6f,
+	0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xca, 0x02, 0x0a, 0x0c, 0x4c, 0x6f,
 	0x67, 0x69, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x65,
 	0x74, 0x75, 0x70, 0x4b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x73, 0x65,
 	0x74, 0x75, 0x70, 0x4b, 0x65, 0x79, 0x12, 0x22, 0x0a, 0x0c, 0x70, 0x72, 0x65, 0x53, 0x68, 0x61,
@@ -1088,132 +1072,128 @@ var file_daemon_proto_rawDesc = []byte{
 	0x73, 0x73, 0x12, 0x32, 0x0a, 0x14, 0x69, 0x73, 0x4c, 0x69, 0x6e, 0x75, 0x78, 0x44, 0x65, 0x73,
 	0x6b, 0x74, 0x6f, 0x70, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, 0x08,
 	0x52, 0x14, 0x69, 0x73, 0x4c, 0x69, 0x6e, 0x75, 0x78, 0x44, 0x65, 0x73, 0x6b, 0x74, 0x6f, 0x70,
-	0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61,
-	0x6d, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61,
-	0x6d, 0x65, 0x22, 0xb5, 0x01, 0x0a, 0x0d, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70,
-	0x6f, 0x6e, 0x73, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x6e, 0x65, 0x65, 0x64, 0x73, 0x53, 0x53, 0x4f,
-	0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x6e, 0x65, 0x65,
-	0x64, 0x73, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x12, 0x1a, 0x0a, 0x08, 0x75, 0x73,
-	0x65, 0x72, 0x43, 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x75, 0x73,
-	0x65, 0x72, 0x43, 0x6f, 0x64, 0x65, 0x12, 0x28, 0x0a, 0x0f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69,
-	0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x52, 0x49, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x0f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x52, 0x49,
-	0x12, 0x38, 0x0a, 0x17, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x55, 0x52, 0x49, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x17, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55,
-	0x52, 0x49, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x22, 0x4d, 0x0a, 0x13, 0x57, 0x61,
-	0x69, 0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
-	0x74, 0x12, 0x1a, 0x0a, 0x08, 0x75, 0x73, 0x65, 0x72, 0x43, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x43, 0x6f, 0x64, 0x65, 0x12, 0x1a, 0x0a,
-	0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0x16, 0x0a, 0x14, 0x57, 0x61, 0x69,
-	0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
-	0x65, 0x22, 0x0b, 0x0a, 0x09, 0x55, 0x70, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x0c,
-	0x0a, 0x0a, 0x55, 0x70, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x3d, 0x0a, 0x0d,
-	0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x2c, 0x0a,
-	0x11, 0x67, 0x65, 0x74, 0x46, 0x75, 0x6c, 0x6c, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74,
-	0x75, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x11, 0x67, 0x65, 0x74, 0x46, 0x75, 0x6c,
-	0x6c, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x22, 0x82, 0x01, 0x0a, 0x0e,
-	0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x16,
-	0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06,
-	0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x32, 0x0a, 0x0a, 0x66, 0x75, 0x6c, 0x6c, 0x53, 0x74,
-	0x61, 0x74, 0x75, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x64, 0x61, 0x65,
-	0x6d, 0x6f, 0x6e, 0x2e, 0x46, 0x75, 0x6c, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x0a,
-	0x66, 0x75, 0x6c, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x24, 0x0a, 0x0d, 0x64, 0x61,
-	0x65, 0x6d, 0x6f, 0x6e, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x0d, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e,
-	0x22, 0x0d, 0x0a, 0x0b, 0x44, 0x6f, 0x77, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22,
-	0x0e, 0x0a, 0x0c, 0x44, 0x6f, 0x77, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22,
-	0x12, 0x0a, 0x10, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x71, 0x75,
-	0x65, 0x73, 0x74, 0x22, 0xb3, 0x01, 0x0a, 0x11, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69,
-	0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x6d, 0x61, 0x6e,
-	0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x55, 0x72, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x0d, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x55, 0x72, 0x6c, 0x12,
-	0x1e, 0x0a, 0x0a, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x46, 0x69, 0x6c, 0x65, 0x18, 0x02, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x0a, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x46, 0x69, 0x6c, 0x65, 0x12,
-	0x18, 0x0a, 0x07, 0x6c, 0x6f, 0x67, 0x46, 0x69, 0x6c, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x07, 0x6c, 0x6f, 0x67, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x70, 0x72, 0x65,
-	0x53, 0x68, 0x61, 0x72, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x0c, 0x70, 0x72, 0x65, 0x53, 0x68, 0x61, 0x72, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x12, 0x1a, 0x0a,
-	0x08, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x55, 0x52, 0x4c, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x08, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x55, 0x52, 0x4c, 0x22, 0xcf, 0x02, 0x0a, 0x09, 0x50, 0x65,
-	0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x49, 0x50, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x02, 0x49, 0x50, 0x12, 0x16, 0x0a, 0x06, 0x70, 0x75, 0x62, 0x4b, 0x65,
-	0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x70, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x12,
-	0x1e, 0x0a, 0x0a, 0x63, 0x6f, 0x6e, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x03, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x0a, 0x63, 0x6f, 0x6e, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12,
-	0x46, 0x0a, 0x10, 0x63, 0x6f, 0x6e, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x55, 0x70, 0x64,
-	0x61, 0x74, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
-	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65,
-	0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x10, 0x63, 0x6f, 0x6e, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75,
-	0x73, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x72, 0x65, 0x6c, 0x61, 0x79,
-	0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x72, 0x65, 0x6c, 0x61, 0x79, 0x65,
-	0x64, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28,
-	0x08, 0x52, 0x06, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x12, 0x34, 0x0a, 0x15, 0x6c, 0x6f, 0x63,
-	0x61, 0x6c, 0x49, 0x63, 0x65, 0x43, 0x61, 0x6e, 0x64, 0x69, 0x64, 0x61, 0x74, 0x65, 0x54, 0x79,
-	0x70, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x15, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x49,
+	0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x22, 0xb5, 0x01, 0x0a, 0x0d, 0x4c, 0x6f, 0x67, 0x69, 0x6e,
+	0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x6e, 0x65, 0x65, 0x64,
+	0x73, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52,
+	0x0d, 0x6e, 0x65, 0x65, 0x64, 0x73, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x12, 0x1a,
+	0x0a, 0x08, 0x75, 0x73, 0x65, 0x72, 0x43, 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x43, 0x6f, 0x64, 0x65, 0x12, 0x28, 0x0a, 0x0f, 0x76, 0x65,
+	0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x52, 0x49, 0x18, 0x03, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x0f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x55, 0x52, 0x49, 0x12, 0x38, 0x0a, 0x17, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x55, 0x52, 0x49, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x18,
+	0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x17, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
+	0x69, 0x6f, 0x6e, 0x55, 0x52, 0x49, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x22, 0x31,
+	0x0a, 0x13, 0x57, 0x61, 0x69, 0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65,
+	0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x75, 0x73, 0x65, 0x72, 0x43, 0x6f, 0x64,
+	0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x43, 0x6f, 0x64,
+	0x65, 0x22, 0x16, 0x0a, 0x14, 0x57, 0x61, 0x69, 0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69,
+	0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x0b, 0x0a, 0x09, 0x55, 0x70, 0x52,
+	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x0c, 0x0a, 0x0a, 0x55, 0x70, 0x52, 0x65, 0x73, 0x70,
+	0x6f, 0x6e, 0x73, 0x65, 0x22, 0x3d, 0x0a, 0x0d, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65,
+	0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x2c, 0x0a, 0x11, 0x67, 0x65, 0x74, 0x46, 0x75, 0x6c, 0x6c,
+	0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08,
+	0x52, 0x11, 0x67, 0x65, 0x74, 0x46, 0x75, 0x6c, 0x6c, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61,
+	0x74, 0x75, 0x73, 0x22, 0x82, 0x01, 0x0a, 0x0e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65,
+	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x32,
+	0x0a, 0x0a, 0x66, 0x75, 0x6c, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x12, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x46, 0x75, 0x6c, 0x6c,
+	0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x0a, 0x66, 0x75, 0x6c, 0x6c, 0x53, 0x74, 0x61, 0x74,
+	0x75, 0x73, 0x12, 0x24, 0x0a, 0x0d, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x56, 0x65, 0x72, 0x73,
+	0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x64, 0x61, 0x65, 0x6d, 0x6f,
+	0x6e, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x0d, 0x0a, 0x0b, 0x44, 0x6f, 0x77, 0x6e,
+	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x0e, 0x0a, 0x0c, 0x44, 0x6f, 0x77, 0x6e, 0x52,
+	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x12, 0x0a, 0x10, 0x47, 0x65, 0x74, 0x43, 0x6f,
+	0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0xb3, 0x01, 0x0a, 0x11,
+	0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
+	0x65, 0x12, 0x24, 0x0a, 0x0d, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x55,
+	0x72, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65,
+	0x6d, 0x65, 0x6e, 0x74, 0x55, 0x72, 0x6c, 0x12, 0x1e, 0x0a, 0x0a, 0x63, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x46, 0x69, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x63, 0x6f, 0x6e,
+	0x66, 0x69, 0x67, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x6c, 0x6f, 0x67, 0x46, 0x69,
+	0x6c, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6c, 0x6f, 0x67, 0x46, 0x69, 0x6c,
+	0x65, 0x12, 0x22, 0x0a, 0x0c, 0x70, 0x72, 0x65, 0x53, 0x68, 0x61, 0x72, 0x65, 0x64, 0x4b, 0x65,
+	0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x70, 0x72, 0x65, 0x53, 0x68, 0x61, 0x72,
+	0x65, 0x64, 0x4b, 0x65, 0x79, 0x12, 0x1a, 0x0a, 0x08, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x55, 0x52,
+	0x4c, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x55, 0x52,
+	0x4c, 0x22, 0xcf, 0x02, 0x0a, 0x09, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12,
+	0x0e, 0x0a, 0x02, 0x49, 0x50, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x49, 0x50, 0x12,
+	0x16, 0x0a, 0x06, 0x70, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x06, 0x70, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x12, 0x1e, 0x0a, 0x0a, 0x63, 0x6f, 0x6e, 0x6e, 0x53,
+	0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x63, 0x6f, 0x6e,
+	0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x46, 0x0a, 0x10, 0x63, 0x6f, 0x6e, 0x6e, 0x53,
+	0x74, 0x61, 0x74, 0x75, 0x73, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x10, 0x63,
+	0x6f, 0x6e, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x12,
+	0x18, 0x0a, 0x07, 0x72, 0x65, 0x6c, 0x61, 0x79, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08,
+	0x52, 0x07, 0x72, 0x65, 0x6c, 0x61, 0x79, 0x65, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x69, 0x72,
+	0x65, 0x63, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x64, 0x69, 0x72, 0x65, 0x63,
+	0x74, 0x12, 0x34, 0x0a, 0x15, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x49, 0x63, 0x65, 0x43, 0x61, 0x6e,
+	0x64, 0x69, 0x64, 0x61, 0x74, 0x65, 0x54, 0x79, 0x70, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x15, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x49, 0x63, 0x65, 0x43, 0x61, 0x6e, 0x64, 0x69, 0x64,
+	0x61, 0x74, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x36, 0x0a, 0x16, 0x72, 0x65, 0x6d, 0x6f, 0x74,
+	0x65, 0x49, 0x63, 0x65, 0x43, 0x61, 0x6e, 0x64, 0x69, 0x64, 0x61, 0x74, 0x65, 0x54, 0x79, 0x70,
+	0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x16, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x49,
 	0x63, 0x65, 0x43, 0x61, 0x6e, 0x64, 0x69, 0x64, 0x61, 0x74, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12,
-	0x36, 0x0a, 0x16, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x49, 0x63, 0x65, 0x43, 0x61, 0x6e, 0x64,
-	0x69, 0x64, 0x61, 0x74, 0x65, 0x54, 0x79, 0x70, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x16, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x49, 0x63, 0x65, 0x43, 0x61, 0x6e, 0x64, 0x69, 0x64,
-	0x61, 0x74, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x71, 0x64, 0x6e, 0x18,
-	0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66, 0x71, 0x64, 0x6e, 0x22, 0x76, 0x0a, 0x0e, 0x4c,
-	0x6f, 0x63, 0x61, 0x6c, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x0e, 0x0a,
-	0x02, 0x49, 0x50, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x49, 0x50, 0x12, 0x16, 0x0a,
-	0x06, 0x70, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x70,
-	0x75, 0x62, 0x4b, 0x65, 0x79, 0x12, 0x28, 0x0a, 0x0f, 0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x49,
-	0x6e, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f,
-	0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x12,
-	0x12, 0x0a, 0x04, 0x66, 0x71, 0x64, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66,
-	0x71, 0x64, 0x6e, 0x22, 0x3d, 0x0a, 0x0b, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x53, 0x74, 0x61,
-	0x74, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x55, 0x52, 0x4c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x03, 0x55, 0x52, 0x4c, 0x12, 0x1c, 0x0a, 0x09, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x65,
-	0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74,
-	0x65, 0x64, 0x22, 0x41, 0x0a, 0x0f, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74,
-	0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x55, 0x52, 0x4c, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x03, 0x55, 0x52, 0x4c, 0x12, 0x1c, 0x0a, 0x09, 0x63, 0x6f, 0x6e, 0x6e, 0x65,
-	0x63, 0x74, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x63, 0x6f, 0x6e, 0x6e,
-	0x65, 0x63, 0x74, 0x65, 0x64, 0x22, 0xef, 0x01, 0x0a, 0x0a, 0x46, 0x75, 0x6c, 0x6c, 0x53, 0x74,
-	0x61, 0x74, 0x75, 0x73, 0x12, 0x41, 0x0a, 0x0f, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65,
-	0x6e, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e,
-	0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e,
-	0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0f, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65,
-	0x6e, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x35, 0x0a, 0x0b, 0x73, 0x69, 0x67, 0x6e, 0x61,
-	0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x64,
-	0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x53, 0x74, 0x61, 0x74,
-	0x65, 0x52, 0x0b, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x3e,
-	0x0a, 0x0e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65,
-	0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e,
-	0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0e,
-	0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x27,
-	0x0a, 0x05, 0x70, 0x65, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x11, 0x2e,
-	0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65,
-	0x52, 0x05, 0x70, 0x65, 0x65, 0x72, 0x73, 0x32, 0xf7, 0x02, 0x0a, 0x0d, 0x44, 0x61, 0x65, 0x6d,
-	0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x36, 0x0a, 0x05, 0x4c, 0x6f, 0x67,
-	0x69, 0x6e, 0x12, 0x14, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x4c, 0x6f, 0x67, 0x69,
-	0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x15, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f,
-	0x6e, 0x2e, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22,
-	0x00, 0x12, 0x4b, 0x0a, 0x0c, 0x57, 0x61, 0x69, 0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69,
-	0x6e, 0x12, 0x1b, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x57, 0x61, 0x69, 0x74, 0x53,
-	0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1c,
-	0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x57, 0x61, 0x69, 0x74, 0x53, 0x53, 0x4f, 0x4c,
-	0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x2d,
-	0x0a, 0x02, 0x55, 0x70, 0x12, 0x11, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x55, 0x70,
-	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e,
-	0x2e, 0x55, 0x70, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x39, 0x0a,
-	0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x15, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e,
-	0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16,
-	0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65,
-	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x33, 0x0a, 0x04, 0x44, 0x6f, 0x77, 0x6e,
-	0x12, 0x13, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x44, 0x6f, 0x77, 0x6e, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x44,
-	0x6f, 0x77, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x42, 0x0a,
-	0x09, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x18, 0x2e, 0x64, 0x61, 0x65,
-	0x6d, 0x6f, 0x6e, 0x2e, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x71,
-	0x75, 0x65, 0x73, 0x74, 0x1a, 0x19, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x47, 0x65,
-	0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22,
-	0x00, 0x42, 0x08, 0x5a, 0x06, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x33,
+	0x12, 0x0a, 0x04, 0x66, 0x71, 0x64, 0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66,
+	0x71, 0x64, 0x6e, 0x22, 0x76, 0x0a, 0x0e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x50, 0x65, 0x65, 0x72,
+	0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x49, 0x50, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x02, 0x49, 0x50, 0x12, 0x16, 0x0a, 0x06, 0x70, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x70, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x12, 0x28, 0x0a,
+	0x0f, 0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65,
+	0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, 0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x49, 0x6e,
+	0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x71, 0x64, 0x6e, 0x18,
+	0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66, 0x71, 0x64, 0x6e, 0x22, 0x3d, 0x0a, 0x0b, 0x53,
+	0x69, 0x67, 0x6e, 0x61, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x55, 0x52,
+	0x4c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x55, 0x52, 0x4c, 0x12, 0x1c, 0x0a, 0x09,
+	0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52,
+	0x09, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x65, 0x64, 0x22, 0x41, 0x0a, 0x0f, 0x4d, 0x61,
+	0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x10, 0x0a,
+	0x03, 0x55, 0x52, 0x4c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x55, 0x52, 0x4c, 0x12,
+	0x1c, 0x0a, 0x09, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x08, 0x52, 0x09, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x65, 0x64, 0x22, 0xef, 0x01,
+	0x0a, 0x0a, 0x46, 0x75, 0x6c, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x41, 0x0a, 0x0f,
+	0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x4d,
+	0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0f,
+	0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12,
+	0x35, 0x0a, 0x0b, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x53, 0x69,
+	0x67, 0x6e, 0x61, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0b, 0x73, 0x69, 0x67, 0x6e, 0x61,
+	0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x3e, 0x0a, 0x0e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x50,
+	0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16,
+	0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x50, 0x65, 0x65,
+	0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x50, 0x65, 0x65,
+	0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x27, 0x0a, 0x05, 0x70, 0x65, 0x65, 0x72, 0x73, 0x18,
+	0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x50,
+	0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x05, 0x70, 0x65, 0x65, 0x72, 0x73, 0x32,
+	0xf7, 0x02, 0x0a, 0x0d, 0x44, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63,
+	0x65, 0x12, 0x36, 0x0a, 0x05, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x12, 0x14, 0x2e, 0x64, 0x61, 0x65,
+	0x6d, 0x6f, 0x6e, 0x2e, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
+	0x1a, 0x15, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52,
+	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x4b, 0x0a, 0x0c, 0x57, 0x61, 0x69,
+	0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x12, 0x1b, 0x2e, 0x64, 0x61, 0x65, 0x6d,
+	0x6f, 0x6e, 0x2e, 0x57, 0x61, 0x69, 0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52,
+	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1c, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e,
+	0x57, 0x61, 0x69, 0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70,
+	0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x2d, 0x0a, 0x02, 0x55, 0x70, 0x12, 0x11, 0x2e, 0x64,
+	0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x55, 0x70, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
+	0x12, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x55, 0x70, 0x52, 0x65, 0x73, 0x70, 0x6f,
+	0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x39, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12,
+	0x15, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52,
+	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e,
+	0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00,
+	0x12, 0x33, 0x0a, 0x04, 0x44, 0x6f, 0x77, 0x6e, 0x12, 0x13, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f,
+	0x6e, 0x2e, 0x44, 0x6f, 0x77, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e,
+	0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x44, 0x6f, 0x77, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f,
+	0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x42, 0x0a, 0x09, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66,
+	0x69, 0x67, 0x12, 0x18, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x47, 0x65, 0x74, 0x43,
+	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x19, 0x2e, 0x64,
+	0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52,
+	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0x08, 0x5a, 0x06, 0x2f, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (

client/proto/daemon.proto

@@ -52,8 +52,6 @@ message LoginRequest {
   bytes customDNSAddress = 7;
 
   bool isLinuxDesktopClient = 8;
-
-  string hostname = 9;
 }
 
 message LoginResponse {
@@ -65,7 +63,6 @@ message LoginResponse {
 
 message WaitSSOLoginRequest {
   string userCode = 1;
-  string hostname = 2;
 }
 
 message WaitSSOLoginResponse {}

client/server/server.go

@@ -7,7 +7,6 @@ import (
 	"time"
 
 	"github.com/netbirdio/netbird/client/internal/auth"
-	"github.com/netbirdio/netbird/client/system"
 
 	log "github.com/sirupsen/logrus"
 	"google.golang.org/grpc/codes"
@@ -182,11 +181,6 @@ func (s *Server) Login(callerCtx context.Context, msg *proto.LoginRequest) (*pro
 		s.latestConfigInput.CustomDNSAddress = []byte{}
 	}
 
-	if msg.Hostname != "" {
-		// nolint
-		ctx = context.WithValue(ctx, system.DeviceNameCtxKey, msg.Hostname)
-	}
-
 	s.mutex.Unlock()
 
 	inputConfig.PreSharedKey = &msg.PreSharedKey
@@ -281,11 +275,6 @@ func (s *Server) WaitSSOLogin(callerCtx context.Context, msg *proto.WaitSSOLogin
 		ctx = metadata.NewOutgoingContext(ctx, md)
 	}
 
-	if msg.Hostname != "" {
-		// nolint
-		ctx = context.WithValue(ctx, system.DeviceNameCtxKey, msg.Hostname)
-	}
-
 	s.actCancel = cancel
 	s.mutex.Unlock()
 

client/ssh/client.go

@@ -2,12 +2,11 @@ package ssh
 
 import (
 	"fmt"
+	"golang.org/x/crypto/ssh"
+	"golang.org/x/term"
 	"net"
 	"os"
 	"time"
-
-	"golang.org/x/crypto/ssh"
-	"golang.org/x/term"
 )
 
 // Client wraps crypto/ssh Client to simplify usage
@@ -74,7 +73,8 @@ func (c *Client) OpenTerminal() error {
 
 	if err := session.Wait(); err != nil {
 		if e, ok := err.(*ssh.ExitError); ok {
-			if e.ExitStatus() == 130 {
+			switch e.ExitStatus() {
+			case 130:
 				return nil
 			}
 		}

client/ssh/util.go

@@ -9,10 +9,9 @@ import (
 	"crypto/x509"
 	"encoding/pem"
 	"fmt"
-	"strings"
-
 	"golang.org/x/crypto/ed25519"
 	gossh "golang.org/x/crypto/ssh"
+	"strings"
 )
 
 // KeyType is a type of SSH key
@@ -43,7 +42,7 @@ func GeneratePrivateKey(keyType KeyType) ([]byte, error) {
 	case RSA:
 		key, err = rsa.GenerateKey(rand.Reader, RSAKeySize)
 	default:
-		return nil, fmt.Errorf("unsupported key type %s", keyType)
+		return nil, fmt.Errorf("unsupported ket type %s", keyType)
 	}
 	if err != nil {
 		return nil, err

client/system/info.go

@@ -12,6 +12,12 @@ import (
 // DeviceNameCtxKey context key for device name
 const DeviceNameCtxKey = "deviceName"
 
+// OsVersionCtxKey context key for operating system version
+const OsVersionCtxKey = "OsVersion"
+
+// OsNameCtxKey context key for operating system name
+const OsNameCtxKey = "OsName"
+
 // Info is an object that contains machine information
 // Most of the code is taken from https://github.com/matishsiao/goInfo
 type Info struct {
@@ -52,6 +58,24 @@ func extractDeviceName(ctx context.Context, defaultName string) string {
 	return v
 }
 
+// extractOsVersion extracts operating system version from context or returns the default
+func extractOsVersion(ctx context.Context, defaultName string) string {
+	v, ok := ctx.Value(OsVersionCtxKey).(string)
+	if !ok {
+		return defaultName
+	}
+	return v
+}
+
+// extractOsName extracts operating system name from context or returns the default
+func extractOsName(ctx context.Context, defaultName string) string {
+	v, ok := ctx.Value(OsNameCtxKey).(string)
+	if !ok {
+		return defaultName
+	}
+	return v
+}
+
 // GetDesktopUIUserAgent returns the Desktop ui user agent
 func GetDesktopUIUserAgent() string {
 	return "netbird-desktop-ui/" + version.NetbirdVersion()

client/system/info_darwin.go

@@ -1,8 +1,12 @@
+//go:build !ios
+// +build !ios
+
 package system
 
 import (
 	"bytes"
 	"context"
+	"fmt"
 	"os"
 	"os/exec"
 	"runtime"
@@ -20,7 +24,7 @@ func GetInfo(ctx context.Context) *Info {
 	utsname := unix.Utsname{}
 	err := unix.Uname(&utsname)
 	if err != nil {
-		log.Warnf("getInfo: %s", err)
+		fmt.Println("getInfo:", err)
 	}
 	sysName := string(bytes.Split(utsname.Sysname[:], []byte{0})[0])
 	machine := string(bytes.Split(utsname.Machine[:], []byte{0})[0])

client/system/info_ios.go

@@ -0,0 +1,27 @@
+//go:build ios
+// +build ios
+
+package system
+
+import (
+	"context"
+	"runtime"
+
+	"github.com/netbirdio/netbird/version"
+)
+
+// GetInfo retrieves and parses the system information
+func GetInfo(ctx context.Context) *Info {
+
+	// Convert fixed-size byte arrays to Go strings
+	sysName := extractOsName(ctx, "sysName")
+	swVersion := extractOsVersion(ctx, "swVersion")
+
+	gio := &Info{Kernel: sysName, OSVersion: swVersion, Core: swVersion, Platform: "unknown", OS: sysName, GoOS: runtime.GOOS, CPUs: runtime.NumCPU()}
+	// systemHostname, _ := os.Hostname()
+	gio.Hostname = extractDeviceName(ctx, "hostname")
+	gio.WiretrusteeVersion = version.NetbirdVersion()
+	gio.UIVersion = extractUserAgent(ctx)
+
+	return gio
+}

client/system/info_linux.go

@@ -6,14 +6,13 @@ package system
 import (
 	"bytes"
 	"context"
+	"fmt"
 	"os"
 	"os/exec"
 	"runtime"
 	"strings"
 	"time"
 
-	log "github.com/sirupsen/logrus"
-
 	"github.com/netbirdio/netbird/version"
 )
 
@@ -44,8 +43,8 @@ func GetInfo(ctx context.Context) *Info {
 		}
 	}
 
-	osStr := strings.ReplaceAll(info, "\n", "")
-	osStr = strings.ReplaceAll(osStr, "\r\n", "")
+	osStr := strings.Replace(info, "\n", "", -1)
+	osStr = strings.Replace(osStr, "\r\n", "", -1)
 	osInfo := strings.Split(osStr, " ")
 	if osName == "" {
 		osName = osInfo[3]
@@ -68,7 +67,7 @@ func _getInfo() string {
 	cmd.Stderr = &stderr
 	err := cmd.Run()
 	if err != nil {
-		log.Warnf("getInfo: %s", err)
+		fmt.Println("getInfo:", err)
 	}
 	return out.String()
 }
@@ -82,7 +81,7 @@ func _getReleaseInfo() string {
 	cmd.Stderr = &stderr
 	err := cmd.Run()
 	if err != nil {
-		log.Warnf("geucwReleaseInfo: %s", err)
+		fmt.Println("getReleaseInfo:", err)
 	}
 	return out.String()
 }

client/system/info_windows.go

@@ -5,24 +5,17 @@ import (
 	"fmt"
 	"os"
 	"runtime"
-	"strings"
 
 	log "github.com/sirupsen/logrus"
-	"github.com/yusufpapurcu/wmi"
 	"golang.org/x/sys/windows/registry"
 
 	"github.com/netbirdio/netbird/version"
 )
 
-type Win32_OperatingSystem struct {
-	Caption string
-}
-
 // GetInfo retrieves and parses the system information
 func GetInfo(ctx context.Context) *Info {
-	osName, osVersion := getOSNameAndVersion()
-	buildVersion := getBuildVersion()
-	gio := &Info{Kernel: "windows", OSVersion: osVersion, Core: buildVersion, Platform: "unknown", OS: osName, GoOS: runtime.GOOS, CPUs: runtime.NumCPU()}
+	ver := getOSVersion()
+	gio := &Info{Kernel: "windows", OSVersion: ver, Core: ver, Platform: "unknown", OS: "windows", GoOS: runtime.GOOS, CPUs: runtime.NumCPU()}
 	systemHostname, _ := os.Hostname()
 	gio.Hostname = extractDeviceName(ctx, systemHostname)
 	gio.WiretrusteeVersion = version.NetbirdVersion()
@@ -31,35 +24,7 @@ func GetInfo(ctx context.Context) *Info {
 	return gio
 }
 
-func getOSNameAndVersion() (string, string) {
-	var dst []Win32_OperatingSystem
-	query := wmi.CreateQuery(&dst, "")
-	err := wmi.Query(query, &dst)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	if len(dst) == 0 {
-		return "Windows", getBuildVersion()
-	}
-
-	split := strings.Split(dst[0].Caption, " ")
-
-	if len(split) < 3 {
-		return "Windows", getBuildVersion()
-	}
-
-	name := split[1]
-	version := split[2]
-	if split[2] == "Server" {
-		name = fmt.Sprintf("%s %s", split[1], split[2])
-		version = split[3]
-	}
-
-	return name, version
-}
-
-func getBuildVersion() string {
+func getOSVersion() string {
 	k, err := registry.OpenKey(registry.LOCAL_MACHINE, `SOFTWARE\Microsoft\Windows NT\CurrentVersion`, registry.QUERY_VALUE)
 	if err != nil {
 		log.Error(err)

client/ui/build-ui-linux.sh

@@ -1,5 +0,0 @@
-#!/bin/bash
-sudo apt update
-sudo apt remove gir1.2-appindicator3-0.1
-sudo apt install -y libayatana-appindicator3-dev
-go build

client/ui/client_ui.go

@@ -15,10 +15,8 @@ import (
 	"runtime"
 	"strconv"
 	"strings"
-	"sync"
 	"syscall"
 	"time"
-	"unicode"
 
 	"fyne.io/fyne/v2"
 	"fyne.io/fyne/v2/app"
@@ -69,37 +67,25 @@ func main() {
 		a.Run()
 	} else {
 		if err := checkPIDFile(); err != nil {
-			log.Errorf("check PID file: %v", err)
+			fmt.Println(err)
 			return
 		}
 		systray.Run(client.onTrayReady, client.onTrayExit)
 	}
 }
 
-//go:embed netbird-systemtray-connected.ico
+//go:embed connected.ico
 var iconConnectedICO []byte
 
-//go:embed netbird-systemtray-connected.png
+//go:embed connected.png
 var iconConnectedPNG []byte
 
-//go:embed netbird-systemtray-default.ico
+//go:embed disconnected.ico
 var iconDisconnectedICO []byte
 
-//go:embed netbird-systemtray-default.png
+//go:embed disconnected.png
 var iconDisconnectedPNG []byte
 
-//go:embed netbird-systemtray-update.ico
-var iconUpdateICO []byte
-
-//go:embed netbird-systemtray-update.png
-var iconUpdatePNG []byte
-
-//go:embed netbird-systemtray-update-cloud.ico
-var iconUpdateCloudICO []byte
-
-//go:embed netbird-systemtray-update-cloud.png
-var iconUpdateCloudPNG []byte
-
 type serviceClient struct {
 	ctx  context.Context
 	addr string
@@ -107,20 +93,14 @@ type serviceClient struct {
 
 	icConnected    []byte
 	icDisconnected []byte
-	icUpdate       []byte
-	icUpdateCloud  []byte
 
 	// systray menu items
-	mStatus        *systray.MenuItem
-	mUp            *systray.MenuItem
-	mDown          *systray.MenuItem
-	mAdminPanel    *systray.MenuItem
-	mSettings      *systray.MenuItem
-	mAbout         *systray.MenuItem
-	mVersionUI     *systray.MenuItem
-	mVersionDaemon *systray.MenuItem
-	mUpdate        *systray.MenuItem
-	mQuit          *systray.MenuItem
+	mStatus     *systray.MenuItem
+	mUp         *systray.MenuItem
+	mDown       *systray.MenuItem
+	mAdminPanel *systray.MenuItem
+	mSettings   *systray.MenuItem
+	mQuit       *systray.MenuItem
 
 	// application with main windows.
 	app          fyne.App
@@ -138,11 +118,6 @@ type serviceClient struct {
 	managementURL string
 	preSharedKey  string
 	adminURL      string
-
-	update               *version.Update
-	daemonVersion        string
-	updateIndicationLock sync.Mutex
-	isUpdateIconActive   bool
 }
 
 // newServiceClient instance constructor
@@ -155,20 +130,14 @@ func newServiceClient(addr string, a fyne.App, showSettings bool) *serviceClient
 		app:  a,
 
 		showSettings: showSettings,
-		update:       version.NewUpdate(),
 	}
 
 	if runtime.GOOS == "windows" {
 		s.icConnected = iconConnectedICO
 		s.icDisconnected = iconDisconnectedICO
-		s.icUpdate = iconUpdateICO
-		s.icUpdateCloud = iconUpdateCloudICO
-
 	} else {
 		s.icConnected = iconConnectedPNG
 		s.icDisconnected = iconDisconnectedPNG
-		s.icUpdate = iconUpdatePNG
-		s.icUpdateCloud = iconUpdateCloudPNG
 	}
 
 	if showSettings {
@@ -233,10 +202,9 @@ func (s *serviceClient) getSettingsForm() *widget.Form {
 				}
 
 				_, err = client.Login(s.ctx, &proto.LoginRequest{
-					ManagementUrl:        s.iMngURL.Text,
-					AdminURL:             s.iAdminURL.Text,
-					PreSharedKey:         s.iPreSharedKey.Text,
-					IsLinuxDesktopClient: runtime.GOOS == "linux",
+					ManagementUrl: s.iMngURL.Text,
+					AdminURL:      s.iAdminURL.Text,
+					PreSharedKey:  s.iPreSharedKey.Text,
 				})
 				if err != nil {
 					log.Errorf("login to management URL: %v", err)
@@ -265,9 +233,7 @@ func (s *serviceClient) login() error {
 		return err
 	}
 
-	loginResp, err := conn.Login(s.ctx, &proto.LoginRequest{
-		IsLinuxDesktopClient: runtime.GOOS == "linux",
-	})
+	loginResp, err := conn.Login(s.ctx, &proto.LoginRequest{})
 	if err != nil {
 		log.Errorf("login to management URL with: %v", err)
 		return err
@@ -359,53 +325,19 @@ func (s *serviceClient) updateStatus() error {
 			return err
 		}
 
-		s.updateIndicationLock.Lock()
-		defer s.updateIndicationLock.Unlock()
-
-		var systrayIconState bool
 		if status.Status == string(internal.StatusConnected) && !s.mUp.Disabled() {
-			if !s.isUpdateIconActive {
-				systray.SetIcon(s.icConnected)
-			}
+			systray.SetIcon(s.icConnected)
 			systray.SetTooltip("NetBird (Connected)")
 			s.mStatus.SetTitle("Connected")
 			s.mUp.Disable()
 			s.mDown.Enable()
-			systrayIconState = true
 		} else if status.Status != string(internal.StatusConnected) && s.mUp.Disabled() {
-			if !s.isUpdateIconActive {
-				systray.SetIcon(s.icDisconnected)
-			}
+			systray.SetIcon(s.icDisconnected)
 			systray.SetTooltip("NetBird (Disconnected)")
 			s.mStatus.SetTitle("Disconnected")
 			s.mDown.Disable()
 			s.mUp.Enable()
-			systrayIconState = false
 		}
-
-		// the updater struct notify by the upgrades available only, but if meanwhile the daemon has successfully
-		// updated must reset the mUpdate visibility state
-		if s.daemonVersion != status.DaemonVersion {
-			s.mUpdate.Hide()
-			s.daemonVersion = status.DaemonVersion
-
-			s.isUpdateIconActive = s.update.SetDaemonVersion(status.DaemonVersion)
-			if !s.isUpdateIconActive {
-				if systrayIconState {
-					systray.SetIcon(s.icConnected)
-					s.mAbout.SetIcon(s.icConnected)
-				} else {
-					systray.SetIcon(s.icDisconnected)
-					s.mAbout.SetIcon(s.icDisconnected)
-				}
-			}
-
-			daemonVersionTitle := normalizedVersion(s.daemonVersion)
-			s.mVersionDaemon.SetTitle(fmt.Sprintf("Daemon: %s", daemonVersionTitle))
-			s.mVersionDaemon.SetTooltip(fmt.Sprintf("Daemon version: %s", daemonVersionTitle))
-			s.mVersionDaemon.Show()
-		}
-
 		return nil
 	}, &backoff.ExponentialBackOff{
 		InitialInterval:     time.Second,
@@ -439,24 +371,11 @@ func (s *serviceClient) onTrayReady() {
 	systray.AddSeparator()
 	s.mSettings = systray.AddMenuItem("Settings", "Settings of the application")
 	systray.AddSeparator()
-
-	s.mAbout = systray.AddMenuItem("About", "About")
-	s.mAbout.SetIcon(s.icDisconnected)
-	versionString := normalizedVersion(version.NetbirdVersion())
-	s.mVersionUI = s.mAbout.AddSubMenuItem(fmt.Sprintf("GUI: %s", versionString), fmt.Sprintf("GUI Version: %s", versionString))
-	s.mVersionUI.Disable()
-
-	s.mVersionDaemon = s.mAbout.AddSubMenuItem("", "")
-	s.mVersionDaemon.Disable()
-	s.mVersionDaemon.Hide()
-
-	s.mUpdate = s.mAbout.AddSubMenuItem("Download latest version", "Download latest version")
-	s.mUpdate.Hide()
-
+	v := systray.AddMenuItem("v"+version.NetbirdVersion(), "Client Version: "+version.NetbirdVersion())
+	v.Disable()
 	systray.AddSeparator()
 	s.mQuit = systray.AddMenuItem("Quit", "Quit the client app")
 
-	s.update.SetOnUpdateListener(s.onUpdateAvailable)
 	go func() {
 		s.getSrvConfig()
 		for {
@@ -514,11 +433,6 @@ func (s *serviceClient) onTrayReady() {
 			case <-s.mQuit.ClickedCh:
 				systray.Quit()
 				return
-			case <-s.mUpdate.ClickedCh:
-				err := openURL(version.DownloadUrl())
-				if err != nil {
-					log.Errorf("%s", err)
-				}
 			}
 			if err != nil {
 				log.Errorf("process connection: %v", err)
@@ -527,14 +441,6 @@ func (s *serviceClient) onTrayReady() {
 	}()
 }
 
-func normalizedVersion(version string) string {
-	versionString := version
-	if unicode.IsDigit(rune(versionString[0])) {
-		versionString = fmt.Sprintf("v%s", versionString)
-	}
-	return versionString
-}
-
 func (s *serviceClient) onTrayExit() {}
 
 // getSrvClient connection to the service.
@@ -595,32 +501,6 @@ func (s *serviceClient) getSrvConfig() {
 	}
 }
 
-func (s *serviceClient) onUpdateAvailable() {
-	s.updateIndicationLock.Lock()
-	defer s.updateIndicationLock.Unlock()
-
-	s.mUpdate.Show()
-	s.mAbout.SetIcon(s.icUpdateCloud)
-
-	s.isUpdateIconActive = true
-	systray.SetIcon(s.icUpdate)
-}
-
-func openURL(url string) error {
-	var err error
-	switch runtime.GOOS {
-	case "windows":
-		err = exec.Command("rundll32", "url.dll,FileProtocolHandler", url).Start()
-	case "darwin":
-		err = exec.Command("open", url).Start()
-	case "linux":
-		err = exec.Command("xdg-open", url).Start()
-	default:
-		err = fmt.Errorf("unsupported platform")
-	}
-	return err
-}
-
 // checkPIDFile exists and return error, or write new.
 func checkPIDFile() error {
 	pidFile := path.Join(os.TempDir(), "wiretrustee-ui.pid")
@@ -634,5 +514,5 @@ func checkPIDFile() error {
 		}
 	}
 
-	return os.WriteFile(pidFile, []byte(fmt.Sprintf("%d", os.Getpid())), 0o664) //nolint:gosec
+	return os.WriteFile(pidFile, []byte(fmt.Sprintf("%d", os.Getpid())), 0o664)
 }