limit response to 200 and output Link header

2 minutes timeout and info log level
Increase HTTP timeout for Keycloak and meassure totalUsersCount call
2026-04-01 23:23:54 -04:00 · 2023-12-14 17:56:09 +01:00 · 2023-12-14 16:23:25 +01:00 · 2023-12-14 13:37:06 +01:00
509 changed files with 11042 additions and 40856 deletions
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.21-bullseye
+FROM golang:1.20-bullseye

 RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
    && apt-get -y install --no-install-recommends\
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -7,7 +7,7 @@
 	"features": {
 		"ghcr.io/devcontainers/features/docker-in-docker:2": {},
 		"ghcr.io/devcontainers/features/go:1": {
-			"version": "1.21"
+			"version": "1.20"
 		}
 	},
 	"workspaceFolder": "/workspaces/${localWorkspaceFolderBasename}",
--- a/.github/ISSUE_TEMPLATE/bug-issue-report.md
+++ b/.github/ISSUE_TEMPLATE/bug-issue-report.md
@@ -2,17 +2,15 @@
 name: Bug/Issue report
 about: Create a report to help us improve
 title: ''
-labels: ['triage-needed']
+labels: ''
 assignees: ''

 ---

 **Describe the problem**
-
 A clear and concise description of what the problem is.

 **To Reproduce**
-
 Steps to reproduce the behavior:
 1. Go to '...'
 2. Click on '....'
@@ -20,25 +18,13 @@ Steps to reproduce the behavior:
 4. See error

 **Expected behavior**
-
 A clear and concise description of what you expected to happen.

-**Are you using NetBird Cloud?**
-
-Please specify whether you use NetBird Cloud or self-host NetBird's control plane.
-
-**NetBird version**
-
-`netbird version`
-
 **NetBird status -d output:**
-
-If applicable, add the `netbird status -d' command output.
+If applicable, add the output of the `netbird status -d` command

 **Screenshots**
-
 If applicable, add screenshots to help explain your problem.

 **Additional context**
-
 Add any other context about the problem here.
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -2,7 +2,7 @@
 name: Feature request
 about: Suggest an idea for this project
 title: ''
-labels: ['feature-request']
+labels: ''
 assignees: ''

 ---
--- a/.github/workflows/android-build-validation.yml
+++ b/.github/workflows/android-build-validation.yml
@@ -0,0 +1,41 @@
+name: Android build validation
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}-${{ github.head_ref || github.actor_id }}
+  cancel-in-progress: true
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Install Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: "1.20.x"
+      - name: Setup Android SDK
+        uses: android-actions/setup-android@v2
+      - name: NDK Cache
+        id: ndk-cache
+        uses: actions/cache@v3
+        with:
+          path: /usr/local/lib/android/sdk/ndk
+          key: ndk-cache-23.1.7779620
+      - name: Setup NDK
+        run: /usr/local/lib/android/sdk/tools/bin/sdkmanager --install "ndk;23.1.7779620"
+      - name: install gomobile
+        run: go install golang.org/x/mobile/cmd/gomobile@v0.0.0-20230531173138-3c911d8e3eda
+      - name: gomobile init
+        run: gomobile init
+      - name: build android nebtird lib
+        run: PATH=$PATH:$(go env GOPATH) gomobile bind -o $GITHUB_WORKSPACE/netbird.aar -javapkg=io.netbird.gomobile -ldflags="-X golang.zx2c4.com/wireguard/ipc.socketDirectory=/data/data/io.netbird.client/cache/wireguard -X github.com/netbirdio/netbird/version.version=buildtest"  $GITHUB_WORKSPACE/client/android
+        env:
+          CGO_ENABLED: 0
+          ANDROID_NDK_HOME: /usr/local/lib/android/sdk/ndk/23.1.7779620
--- a/.github/workflows/golang-test-darwin.yml
+++ b/.github/workflows/golang-test-darwin.yml
@@ -14,13 +14,13 @@ jobs:
  test:
    strategy:
      matrix:
-        store: ['sqlite']
+        store: ['jsonfile', 'sqlite']
    runs-on: macos-latest
    steps:
      - name: Install Go
        uses: actions/setup-go@v4
        with:
-          go-version: "1.21.x"
+          go-version: "1.20.x"
      - name: Checkout code
        uses: actions/checkout@v3

@@ -32,14 +32,8 @@ jobs:
          restore-keys: |
            macos-go-

-      - name: Install libpcap
-        run: brew install libpcap
-
      - name: Install modules
        run: go mod tidy

-      - name: check git status
-        run: git --no-pager diff --exit-code
-
      - name: Test
-        run: NETBIRD_STORE_ENGINE=${{ matrix.store }} go test -exec 'sudo --preserve-env=CI,NETBIRD_STORE_ENGINE' -timeout 5m -p 1 ./...
+        run: NETBIRD_STORE_ENGINE=${{ matrix.store }} go test -exec 'sudo --preserve-env=CI' -timeout 5m -p 1 ./...
--- a/.github/workflows/golang-test-freebsd.yml
+++ b/.github/workflows/golang-test-freebsd.yml
@@ -1,39 +0,0 @@
-
-name: Test Code FreeBSD
-
-on:
-  push:
-    branches:
-      - main
-  pull_request:
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}-${{ github.head_ref || github.actor_id }}
-  cancel-in-progress: true
-
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - name: Test in FreeBSD
-        id: test
-        uses: vmactions/freebsd-vm@v1
-        with:
-          usesh: true
-          prepare: |
-            pkg install -y curl
-            pkg install -y git
-
-          run: |
-            set -x
-            curl -o go.tar.gz https://go.dev/dl/go1.21.11.freebsd-amd64.tar.gz -L
-            tar zxf go.tar.gz
-            mv go /usr/local/go
-            ln -s /usr/local/go/bin/go /usr/local/bin/go
-            go mod tidy
-            go test -timeout 5m -p 1 ./iface/...
-            go test -timeout 5m -p 1 ./client/... 
-            cd client
-            go build .
-            cd ..
--- a/.github/workflows/golang-test-linux.yml
+++ b/.github/workflows/golang-test-linux.yml
@@ -14,14 +14,14 @@ jobs:
  test:
    strategy:
      matrix:
-        arch: [ '386','amd64' ]
-        store: [ 'sqlite', 'postgres']
+        arch: ['386','amd64']
+        store: ['jsonfile', 'sqlite']
    runs-on: ubuntu-latest
    steps:
      - name: Install Go
        uses: actions/setup-go@v4
        with:
-          go-version: "1.21.x"
+          go-version: "1.20.x"


      - name: Cache Go modules
@@ -36,20 +36,13 @@ jobs:
        uses: actions/checkout@v3

      - name: Install dependencies
-        run: sudo apt update && sudo apt install -y -q libgtk-3-dev libayatana-appindicator3-dev libgl1-mesa-dev xorg-dev gcc-multilib libpcap-dev
-
-      - name: Install 32-bit libpcap
-        if: matrix.arch == '386'
-        run: sudo dpkg --add-architecture i386 && sudo apt update && sudo apt-get install -y libpcap0.8-dev:i386
+        run: sudo apt update && sudo apt install -y -q libgtk-3-dev libayatana-appindicator3-dev libgl1-mesa-dev xorg-dev gcc-multilib

      - name: Install modules
        run: go mod tidy

-      - name: check git status
-        run: git --no-pager diff --exit-code
-
      - name: Test
-        run: CGO_ENABLED=1 GOARCH=${{ matrix.arch }} NETBIRD_STORE_ENGINE=${{ matrix.store }} go test -exec 'sudo --preserve-env=CI,NETBIRD_STORE_ENGINE' -timeout 5m -p 1 ./...
+        run: CGO_ENABLED=1 GOARCH=${{ matrix.arch }} NETBIRD_STORE_ENGINE=${{ matrix.store }} go test -exec 'sudo --preserve-env=CI' -timeout 5m -p 1 ./...

  test_client_on_docker:
    runs-on: ubuntu-20.04
@@ -57,7 +50,7 @@ jobs:
      - name: Install Go
        uses: actions/setup-go@v4
        with:
-          go-version: "1.21.x"
+          go-version: "1.20.x"

      - name: Cache Go modules
        uses: actions/cache@v3
@@ -71,14 +64,11 @@ jobs:
        uses: actions/checkout@v3

      - name: Install dependencies
-        run: sudo apt update && sudo apt install -y -q libgtk-3-dev libayatana-appindicator3-dev libgl1-mesa-dev xorg-dev gcc-multilib libpcap-dev
+        run: sudo apt update && sudo apt install -y -q libgtk-3-dev libayatana-appindicator3-dev libgl1-mesa-dev xorg-dev gcc-multilib

      - name: Install modules
        run: go mod tidy

-      - name: check git status
-        run: git --no-pager diff --exit-code
-
      - name: Generate Iface Test bin
        run: CGO_ENABLED=0 go test -c -o iface-testing.bin ./iface/

@@ -86,10 +76,7 @@ jobs:
        run: CGO_ENABLED=0 go test -c -o sharedsock-testing.bin ./sharedsock

      - name: Generate RouteManager Test bin
-        run: CGO_ENABLED=0 go test -c -o routemanager-testing.bin  ./client/internal/routemanager
-
-      - name: Generate SystemOps Test bin
-        run: CGO_ENABLED=1 go test -c -o systemops-testing.bin -tags netgo -ldflags '-w -extldflags "-static -ldbus-1 -lpcap"' ./client/internal/routemanager/systemops
+        run: CGO_ENABLED=0 go test -c -o routemanager-testing.bin ./client/internal/routemanager/...

      - name: Generate nftables Manager Test bin
        run: CGO_ENABLED=0 go test -c -o nftablesmanager-testing.bin ./client/firewall/nftables/...
@@ -111,15 +98,12 @@ jobs:
      - name: Run RouteManager tests in docker
        run: docker run -t --cap-add=NET_ADMIN --privileged --rm -v $PWD:/ci -w /ci/client/internal/routemanager --entrypoint /busybox/sh gcr.io/distroless/base:debug -c /ci/routemanager-testing.bin  -test.timeout 5m -test.parallel 1

-      - name: Run SystemOps tests in docker
-        run: docker run -t --cap-add=NET_ADMIN --privileged --rm -v $PWD:/ci -w /ci/client/internal/routemanager/systemops --entrypoint /busybox/sh gcr.io/distroless/base:debug -c /ci/systemops-testing.bin  -test.timeout 5m -test.parallel 1
-
      - name: Run nftables Manager tests in docker
        run: docker run -t --cap-add=NET_ADMIN --privileged --rm -v $PWD:/ci -w /ci/client/firewall --entrypoint /busybox/sh gcr.io/distroless/base:debug -c /ci/nftablesmanager-testing.bin  -test.timeout 5m -test.parallel 1

      - name: Run Engine tests in docker with file store
        run: docker run -t --cap-add=NET_ADMIN --privileged --rm -v $PWD:/ci -w /ci/client/internal -e NETBIRD_STORE_ENGINE="jsonfile" --entrypoint /busybox/sh gcr.io/distroless/base:debug -c /ci/engine-testing.bin  -test.timeout 5m -test.parallel 1
-
+      
      - name: Run Engine tests in docker with sqlite store
        run: docker run -t --cap-add=NET_ADMIN --privileged --rm -v $PWD:/ci -w /ci/client/internal -e NETBIRD_STORE_ENGINE="sqlite" --entrypoint /busybox/sh gcr.io/distroless/base:debug -c /ci/engine-testing.bin  -test.timeout 5m -test.parallel 1

--- a/.github/workflows/golang-test-windows.yml
+++ b/.github/workflows/golang-test-windows.yml
@@ -23,13 +23,13 @@ jobs:
        uses: actions/setup-go@v4
        id: go
        with:
-          go-version: "1.21.x"
+          go-version: "1.20.x"

      - name: Download wintun
        uses: carlosperate/download-file-action@v2
        id: download-wintun
        with:
-          file-url: https://pkgs.netbird.io/wintun/wintun-0.14.1.zip
+          file-url: https://www.wintun.net/builds/wintun-0.14.1.zip
          file-name: wintun.zip
          location: ${{ env.downloadPath }}
          sha256: '07c256185d6ee3652e09fa55c0b673e2624b565e02c4b9091c79ca7d2f24ef51'
@@ -46,7 +46,7 @@ jobs:
      - run: PsExec64 -s -w ${{ github.workspace }} C:\hostedtoolcache\windows\go\${{ steps.go.outputs.go-version }}\x64\bin\go.exe env -w GOCACHE=C:\Users\runneradmin\AppData\Local\go-build

      - name: test
-        run: PsExec64 -s -w ${{ github.workspace }} cmd.exe /c "C:\hostedtoolcache\windows\go\${{ steps.go.outputs.go-version }}\x64\bin\go.exe test -timeout 10m -p 1 ./... > test-out.txt 2>&1"
+        run: PsExec64 -s -w ${{ github.workspace }} cmd.exe /c "C:\hostedtoolcache\windows\go\${{ steps.go.outputs.go-version }}\x64\bin\go.exe test -timeout 5m -p 1 ./... > test-out.txt 2>&1"
      - name: test output
        if: ${{ always() }}
-        run: Get-Content test-out.txt
+        run: Get-Content test-out.txt
--- a/.github/workflows/golangci-lint.yml
+++ b/.github/workflows/golangci-lint.yml
@@ -1,7 +1,7 @@
 name: golangci-lint
 on: [pull_request]

-permissions:
+permissions: 
  contents: read
  pull-requests: read

@@ -19,7 +19,7 @@ jobs:
      - name: codespell
        uses: codespell-project/actions-codespell@v2
        with:
-          ignore_words_list: erro,clienta,hastable,
+          ignore_words_list: erro,clienta
          skip: go.mod,go.sum
          only_warn: 1
  golangci:
@@ -33,18 +33,14 @@ jobs:
    steps:
      - name: Checkout code
        uses: actions/checkout@v3
-      - name: Check for duplicate constants
-        if: matrix.os == 'ubuntu-latest'
-        run: |
-          ! awk '/const \(/,/)/{print $0}' management/server/activity/codes.go | grep -o '= [0-9]*' | sort | uniq -d | grep .
      - name: Install Go
        uses: actions/setup-go@v4
        with:
-          go-version: "1.21.x"
+          go-version: "1.20.x"
          cache: false
      - name: Install dependencies
        if: matrix.os == 'ubuntu-latest'
-        run: sudo apt update && sudo apt install -y -q libgtk-3-dev libayatana-appindicator3-dev libgl1-mesa-dev xorg-dev libpcap-dev
+        run: sudo apt update && sudo apt install -y -q libgtk-3-dev libayatana-appindicator3-dev libgl1-mesa-dev xorg-dev
      - name: golangci-lint
        uses: golangci/golangci-lint-action@v3
        with:
--- a/.github/workflows/mobile-build-validation.yml
+++ b/.github/workflows/mobile-build-validation.yml
@@ -1,65 +0,0 @@
-name: Mobile build validation
-
-on:
-  push:
-    branches:
-      - main
-  pull_request:
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}-${{ github.head_ref || github.actor_id }}
-  cancel-in-progress: true
-
-jobs:
-  android_build:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v3
-      - name: Install Go
-        uses: actions/setup-go@v4
-        with:
-          go-version: "1.21.x"
-      - name: Setup Android SDK
-        uses: android-actions/setup-android@v3
-        with:
-          cmdline-tools-version: 8512546
-      - name: Setup Java
-        uses: actions/setup-java@v3
-        with:
-          java-version: "11"
-          distribution: "adopt"
-      - name: NDK Cache
-        id: ndk-cache
-        uses: actions/cache@v3
-        with:
-          path: /usr/local/lib/android/sdk/ndk
-          key: ndk-cache-23.1.7779620
-      - name: Setup NDK
-        run: /usr/local/lib/android/sdk/cmdline-tools/7.0/bin/sdkmanager --install "ndk;23.1.7779620"
-      - name: install gomobile
-        run: go install golang.org/x/mobile/cmd/gomobile@v0.0.0-20240404231514-09dbf07665ed
-      - name: gomobile init
-        run: gomobile init
-      - name: build android netbird lib
-        run: PATH=$PATH:$(go env GOPATH) gomobile bind -o $GITHUB_WORKSPACE/netbird.aar -javapkg=io.netbird.gomobile -ldflags="-X golang.zx2c4.com/wireguard/ipc.socketDirectory=/data/data/io.netbird.client/cache/wireguard -X github.com/netbirdio/netbird/version.version=buildtest"  $GITHUB_WORKSPACE/client/android
-        env:
-          CGO_ENABLED: 0
-          ANDROID_NDK_HOME: /usr/local/lib/android/sdk/ndk/23.1.7779620
-  ios_build:
-    runs-on: macos-latest
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v3
-      - name: Install Go
-        uses: actions/setup-go@v4
-        with:
-          go-version: "1.21.x"
-      - name: install gomobile
-        run: go install golang.org/x/mobile/cmd/gomobile@v0.0.0-20240404231514-09dbf07665ed
-      - name: gomobile init
-        run: gomobile init
-      - name: build iOS netbird lib
-        run: PATH=$PATH:$(go env GOPATH) gomobile bind -target=ios -bundleid=io.netbird.framework -ldflags="-X github.com/netbirdio/netbird/version.version=buildtest" -o ./NetBirdSDK.xcframework ./client/ios/NetBirdSDK
-        env:
-          CGO_ENABLED: 0
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -7,10 +7,20 @@ on:
    branches:
      - main
  pull_request:
-
+    paths:
+      - 'go.mod'
+      - 'go.sum'
+      - '.goreleaser.yml'
+      - '.goreleaser_ui.yaml'
+      - '.goreleaser_ui_darwin.yaml'
+      - '.github/workflows/release.yml'
+      - 'release_files/**'
+      - '**/Dockerfile'
+      - '**/Dockerfile.*'
+      - 'client/ui/**'

 env:
-  SIGN_PIPE_VER: "v0.0.11"
+  SIGN_PIPE_VER: "v0.0.10"
  GORELEASER_VER: "v1.14.1"

 concurrency:
@@ -34,18 +44,15 @@ jobs:
        name: Set up Go
        uses: actions/setup-go@v4
        with:
-          go-version: "1.21"
-          cache: false
+          go-version: "1.20"
      -
        name: Cache Go modules
        uses: actions/cache@v3
        with:
-          path: |
-            ~/go/pkg/mod
-            ~/.cache/go-build
-          key: ${{ runner.os }}-go-releaser-${{ hashFiles('**/go.sum') }}
+          path: ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
          restore-keys: |
-            ${{ runner.os }}-go-releaser-
+            ${{ runner.os }}-go-
      -
        name: Install modules
        run: go mod tidy
@@ -96,27 +103,6 @@ jobs:
          name: release
          path: dist/
          retention-days: 3
-      -
-        name: upload linux packages
-        uses: actions/upload-artifact@v3
-        with:
-          name: linux-packages
-          path: dist/netbird_linux**
-          retention-days: 3
-      -
-        name: upload windows packages
-        uses: actions/upload-artifact@v3
-        with:
-          name: windows-packages
-          path: dist/netbird_windows**
-          retention-days: 3
-      -
-        name: upload macos packages
-        uses: actions/upload-artifact@v3
-        with:
-          name: macos-packages
-          path: dist/netbird_darwin**
-          retention-days: 3

  release_ui:
    runs-on: ubuntu-latest
@@ -131,17 +117,14 @@ jobs:
      - name: Set up Go
        uses: actions/setup-go@v4
        with:
-          go-version: "1.21"
-          cache: false
+          go-version: "1.20"
      - name: Cache Go modules
        uses: actions/cache@v3
        with:
-          path: | 
-            ~/go/pkg/mod
-            ~/.cache/go-build
-          key: ${{ runner.os }}-ui-go-releaser-${{ hashFiles('**/go.sum') }}
+          path: ~/go/pkg/mod
+          key: ${{ runner.os }}-ui-go-${{ hashFiles('**/go.sum') }}
          restore-keys: |
-            ${{ runner.os }}-ui-go-releaser-
+            ${{ runner.os }}-ui-go-

      - name: Install modules
        run: go mod tidy
@@ -173,7 +156,7 @@ jobs:
          retention-days: 3

  release_ui_darwin:
-    runs-on: macos-latest
+    runs-on: macos-11
    steps:
      - if: ${{ !startsWith(github.ref, 'refs/tags/v') }}
        run: echo "flags=--snapshot" >> $GITHUB_ENV
@@ -186,24 +169,18 @@ jobs:
        name: Set up Go
        uses: actions/setup-go@v4
        with:
-          go-version: "1.21"
-          cache: false
+          go-version: "1.20"
      -
        name: Cache Go modules
        uses: actions/cache@v3
        with:
-          path: |
-            ~/go/pkg/mod
-            ~/.cache/go-build
-          key: ${{ runner.os }}-ui-go-releaser-darwin-${{ hashFiles('**/go.sum') }}
+          path: ~/go/pkg/mod
+          key: ${{ runner.os }}-ui-go-${{ hashFiles('**/go.sum') }}
          restore-keys: |
-            ${{ runner.os }}-ui-go-releaser-darwin-
+            ${{ runner.os }}-ui-go-
      -
        name: Install modules
        run: go mod tidy
-      - 
-        name: check git status
-        run: git --no-pager diff --exit-code
      -
        name: Run GoReleaser
        id: goreleaser
--- a/.github/workflows/test-infrastructure-files.yml
+++ b/.github/workflows/test-infrastructure-files.yml
@@ -28,7 +28,7 @@ jobs:
      - name: Install Go
        uses: actions/setup-go@v4
        with:
-          go-version: "1.21.x"
+          go-version: "1.20.x"

      - name: Cache Go modules
        uses: actions/cache@v3
@@ -62,7 +62,7 @@ jobs:
          CI_NETBIRD_MGMT_IDP_SIGNKEY_REFRESH: false

      - name: check values
-        working-directory: infrastructure_files/artifacts
+        working-directory: infrastructure_files
        env:
          CI_NETBIRD_DOMAIN: localhost
          CI_NETBIRD_AUTH_CLIENT_ID: testing.client.id
@@ -87,10 +87,8 @@ jobs:
          CI_NETBIRD_SIGNAL_PORT: 12345
          CI_NETBIRD_STORE_CONFIG_ENGINE: "sqlite"
          CI_NETBIRD_MGMT_IDP_SIGNKEY_REFRESH: false
-          CI_NETBIRD_TURN_EXTERNAL_IP: "1.2.3.4"

        run: |
-          set -x
          grep AUTH_CLIENT_ID docker-compose.yml | grep $CI_NETBIRD_AUTH_CLIENT_ID
          grep AUTH_CLIENT_SECRET docker-compose.yml | grep $CI_NETBIRD_AUTH_CLIENT_SECRET
          grep AUTH_AUTHORITY docker-compose.yml | grep $CI_NETBIRD_AUTH_AUTHORITY
@@ -109,7 +107,7 @@ jobs:
          grep Engine management.json  | grep "$CI_NETBIRD_STORE_CONFIG_ENGINE"
          grep IdpSignKeyRefreshEnabled management.json | grep "$CI_NETBIRD_MGMT_IDP_SIGNKEY_REFRESH"
          grep UseIDToken management.json | grep false
-          grep -A 1 IdpManagerConfig management.json | grep ManagerType | grep $CI_NETBIRD_MGMT_IDP
+          grep -A 1 IdpManagerConfig management.json | grep ManagerType | grep $CI_NETBIRD_MGMT_IDP 
          grep -A 3 IdpManagerConfig management.json | grep -A 1 ClientConfig | grep Issuer | grep $CI_NETBIRD_AUTH_AUTHORITY
          grep -A 4 IdpManagerConfig management.json | grep -A 2 ClientConfig | grep TokenEndpoint | grep $CI_NETBIRD_AUTH_TOKEN_ENDPOINT
          grep -A 5 IdpManagerConfig management.json | grep -A 3 ClientConfig | grep ClientID | grep $CI_NETBIRD_IDP_MGMT_CLIENT_ID
@@ -122,14 +120,10 @@ jobs:
          grep -A 10 PKCEAuthorizationFlow management.json | grep -A 10 ProviderConfig | grep TokenEndpoint | grep $CI_NETBIRD_AUTH_TOKEN_ENDPOINT
          grep -A 10 PKCEAuthorizationFlow management.json | grep -A 10 ProviderConfig | grep Scope | grep "$CI_NETBIRD_AUTH_SUPPORTED_SCOPES"
          grep -A 10 PKCEAuthorizationFlow management.json | grep -A 10 ProviderConfig | grep -A 3 RedirectURLs | grep "http://localhost:53000"
-          grep "external-ip" turnserver.conf | grep $CI_NETBIRD_TURN_EXTERNAL_IP

      - name: Install modules
        run: go mod tidy

-      - name: check git status
-        run: git --no-pager diff --exit-code
-
      - name: Build management binary
        working-directory: management
        run: CGO_ENABLED=1 go build -o netbird-mgmt main.go
@@ -149,7 +143,7 @@ jobs:
          docker build -t netbirdio/signal:latest .

      - name: run docker compose up
-        working-directory: infrastructure_files/artifacts
+        working-directory: infrastructure_files
        run: |
          docker-compose up -d
          sleep 5
@@ -158,16 +152,9 @@ jobs:

      - name: test running containers
        run: |
-          count=$(docker compose ps --format json | jq '. | select(.Name | contains("artifacts")) | .State' | grep -c running)
+          count=$(docker compose ps --format json | jq '. | select(.Name | contains("infrastructure_files")) | .State' | grep -c running)
          test $count -eq 4
-        working-directory: infrastructure_files/artifacts
-
-      - name: test geolocation databases
-        working-directory: infrastructure_files/artifacts
-        run: |
-          sleep 30
-          docker compose exec management ls -l /var/lib/netbird/ | grep -i GeoLite2-City.mmdb
-          docker compose exec management ls -l /var/lib/netbird/ | grep -i geonames.db
+        working-directory: infrastructure_files

  test-getting-started-script:
    runs-on: ubuntu-latest
@@ -178,79 +165,18 @@ jobs:
      - name: Checkout code
        uses: actions/checkout@v3

-      - name: run script with Zitadel PostgreSQL
+      - name: run script
        run: NETBIRD_DOMAIN=use-ip bash -x infrastructure_files/getting-started-with-zitadel.sh

-      - name: test Caddy file gen postgres
+      - name: test Caddy file gen
        run: test -f Caddyfile
-
-      - name: test docker-compose file gen postgres
+      - name: test docker-compose file gen
        run: test -f docker-compose.yml
-
-      - name: test management.json file gen postgres
+      - name: test management.json file gen
        run: test -f management.json
-
-      - name: test turnserver.conf file gen postgres
-        run: | 
-          set -x
-          test -f turnserver.conf
-          grep external-ip turnserver.conf
-
-      - name: test zitadel.env file gen postgres
+      - name: test turnserver.conf file gen
+        run: test -f turnserver.conf
+      - name: test zitadel.env file gen
        run: test -f zitadel.env
-
-      - name: test dashboard.env file gen postgres
-        run: test -f dashboard.env
-
-      - name: test zdb.env file gen postgres
-        run: test -f zdb.env
-
-      - name: Postgres run cleanup
-        run: |
-          docker-compose down --volumes --rmi all
-          rm -rf docker-compose.yml Caddyfile zitadel.env dashboard.env machinekey/zitadel-admin-sa.token turnserver.conf management.json zdb.env
-
-      - name: run script with Zitadel CockroachDB
-        run: bash -x infrastructure_files/getting-started-with-zitadel.sh
-        env:
-          NETBIRD_DOMAIN: use-ip
-          ZITADEL_DATABASE: cockroach
-
-      - name: test Caddy file gen CockroachDB
-        run: test -f Caddyfile
-
-      - name: test docker-compose file gen CockroachDB
-        run: test -f docker-compose.yml
-
-      - name: test management.json file gen CockroachDB
-        run: test -f management.json
-
-      - name: test turnserver.conf file gen CockroachDB
-        run: | 
-          set -x
-          test -f turnserver.conf
-          grep external-ip turnserver.conf
-
-      - name: test zitadel.env file gen CockroachDB
-        run: test -f zitadel.env
-
-      - name: test dashboard.env file gen CockroachDB
-        run: test -f dashboard.env
-
-  test-download-geolite2-script:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Install jq
-        run: sudo apt-get update && sudo apt-get install -y unzip sqlite3
-
-      - name: Checkout code
-        uses: actions/checkout@v3
-
-      - name: test script
-        run: bash -x infrastructure_files/download-geolite2.sh
-
-      - name: test mmdb file exists
-        run: test -f GeoLite2-City.mmdb
-
-      - name: test geonames file exists
-        run: test -f geonames.db
+      - name: test dashboard.env file gen
+        run: test -f dashboard.env
--- a/.gitignore
+++ b/.gitignore
@@ -6,20 +6,11 @@ bin/
 .env
 conf.json
 http-cmds.sh
-setup.env
-infrastructure_files/**/Caddyfile
-infrastructure_files/**/dashboard.env
-infrastructure_files/**/zitadel.env
-infrastructure_files/**/management.json
-infrastructure_files/**/management-*.json
-infrastructure_files/**/docker-compose.yml
-infrastructure_files/**/openid-configuration.json
-infrastructure_files/**/turnserver.conf
-infrastructure_files/**/management.json.bkp.**
-infrastructure_files/**/management-*.json.bkp.**
-infrastructure_files/**/docker-compose.yml.bkp.**
-infrastructure_files/**/openid-configuration.json.bkp.**
-infrastructure_files/**/turnserver.conf.bkp.**
+infrastructure_files/management.json
+infrastructure_files/management-*.json
+infrastructure_files/docker-compose.yml
+infrastructure_files/openid-configuration.json
+infrastructure_files/turnserver.conf
 management/management
 client/client
 client/client.exe
@@ -29,4 +20,4 @@ infrastructure_files/setup.env
 infrastructure_files/setup-*.env
 .vscode
 .DS_Store
-GeoLite2-City*
+*.db
--- a/.golangci.yaml
+++ b/.golangci.yaml
@@ -63,14 +63,6 @@ linters-settings:
    enable:
      - nilness

-  revive:
-    rules:
-      - name: exported
-        severity: warning
-        disabled: false
-        arguments:
-          - "checkPrivateReceivers"
-          - "sayRepetitiveInsteadOfStutters"
  tenv:
    # The option `all` will run against whole test files (`_test.go`) regardless of method/function signatures.
    # Otherwise, only methods that take `*testing.T`, `*testing.B`, and `testing.TB` as arguments are checked.
@@ -101,7 +93,6 @@ linters:
    - nilerr # finds the code that returns nil even if it checks that the error is not nil
    - nilnil # checks that there is no simultaneous return of nil error and an invalid value
    - predeclared # predeclared finds code that shadows one of Go's predeclared identifiers
-    - revive # Fast, configurable, extensible, flexible, and beautiful linter for Go. Drop-in replacement of golint.
    - sqlclosecheck # checks that sql.Rows and sql.Stmt are closed
    - thelper # thelper detects Go test helpers without t.Helper() call and checks the consistency of test helpers.
    - wastedassign # wastedassign finds wasted assignment statements
@@ -130,10 +121,3 @@ issues:
    - path: mock\.go
      linters:
      - nilnil
-    # Exclude specific deprecation warnings for grpc methods
-    - linters:
-       - staticcheck
-      text: "grpc.DialContext is deprecated"
-    - linters:
-        - staticcheck
-      text: "grpc.WithBlock is deprecated"
--- a/.goreleaser_ui.yaml
+++ b/.goreleaser_ui.yaml
@@ -54,7 +54,7 @@ nfpms:
    contents:
      - src: client/ui/netbird.desktop
        dst: /usr/share/applications/netbird.desktop
-      - src: client/ui/netbird-systemtray-connected.png
+      - src: client/ui/netbird-systemtray-default.png
        dst: /usr/share/pixmaps/netbird.png
    dependencies:
      - netbird
@@ -71,7 +71,7 @@ nfpms:
    contents:
      - src: client/ui/netbird.desktop
        dst: /usr/share/applications/netbird.desktop
-      - src: client/ui/netbird-systemtray-connected.png
+      - src: client/ui/netbird-systemtray-default.png
        dst: /usr/share/pixmaps/netbird.png
    dependencies:
      - netbird
--- a/.goreleaser_ui_darwin.yaml
+++ b/.goreleaser_ui_darwin.yaml
@@ -3,10 +3,8 @@ builds:
  - id: netbird-ui-darwin
    dir: client/ui
    binary: netbird-ui
-    env:
-      - CGO_ENABLED=1
-      - MACOSX_DEPLOYMENT_TARGET=11.0
-      - MACOS_DEPLOYMENT_TARGET=11.0
+    env: [CGO_ENABLED=1]
+
    goos:
      - darwin
    goarch:
--- a/CODE_OF_CONDUCT.md
+++ b/CODE_OF_CONDUCT.md
@@ -5,7 +5,7 @@
 We as members, contributors, and leaders pledge to make participation in our
 community a harassment-free experience for everyone, regardless of age, body
 size, visible or invisible disability, ethnicity, sex characteristics, gender
-identity and expression, level of experience, education, socioeconomic status,
+identity and expression, level of experience, education, socio-economic status,
 nationality, personal appearance, race, caste, color, religion, or sexual
 identity and orientation.

--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -189,8 +189,6 @@ CGO_ENABLED=0 go build .

 > Windows clients have a Wireguard driver requirement. You can download the wintun driver from https://www.wintun.net/builds/wintun-0.14.1.zip, after decompressing, you can copy the file `windtun\bin\ARCH\wintun.dll` to the same path as your binary file or to `C:\Windows\System32\wintun.dll`.

-> To test the client GUI application on Windows machines with RDP or vituralized environments (e.g. virtualbox or cloud), you need to download and extract the opengl32.dll from https://fdossena.com/?p=mesa/index.frag next to the built application.
-
 To start NetBird the client in the foreground:

 ```
@@ -274,8 +272,6 @@ go test -exec sudo ./...
 ```
 > On Windows use a powershell with administrator privileges

-> Non-GTK environments will need the `libayatana-appindicator3-dev` (debian/ubuntu) package installed
-
 ## Checklist before submitting a PR
 As a critical network service and open-source project, we must enforce a few things before submitting the pull-requests:
 - Keep functions as simple as possible, with a single purpose
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 <p align="center">
- <strong>:hatching_chick: New Release! Device Posture Checks.</strong>
-  <a href="https://docs.netbird.io/how-to/manage-posture-checks">
+ <strong>:hatching_chick: New Release! Self-hosting in under 5 min.</strong>
+  <a href="https://github.com/netbirdio/netbird#quickstart-with-self-hosted-netbird">
       Learn more
     </a>   
 </p>
@@ -40,26 +40,27 @@

 **Connect.** NetBird creates a WireGuard-based overlay network that automatically connects your machines over an encrypted tunnel, leaving behind the hassle of opening ports, complex firewall rules, VPN gateways, and so forth.

-**Secure.** NetBird enables secure remote access by applying granular access policies while allowing you to manage them intuitively from a single place. Works universally on any infrastructure.
+**Secure.** NetBird enables secure remote access by applying granular access policies, while allowing you to manage them intuitively from a single place. Works universally on any infrastructure.

-### Open-Source Network Security in a Single Platform
-
-
-![netbird_2](https://github.com/netbirdio/netbird/assets/700848/46bc3b73-508d-4a0e-bb9a-f465d68646ab)
+### Secure peer-to-peer VPN with SSO and MFA in minutes

+https://user-images.githubusercontent.com/700848/197345890-2e2cded5-7b7a-436f-a444-94e80dd24f46.mov

 ### Key features

-| Connectivity                                                                                                                 | Management                                                                                               | Security                                                                                                                              | Automation                                                                                                                               | Platforms                                                                               |
-|------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------|
-| <ul><li> - \[x] Kernel WireGuard </ul></li>                                                                                  | <ul><li> - \[x] [Admin Web UI](https://github.com/netbirdio/dashboard) </ul></li>                        | <ul><li> - \[x] [SSO & MFA support](https://docs.netbird.io/how-to/installation#running-net-bird-with-sso-login) </ul></li>           | <ul><li> - \[x] [Public API](https://docs.netbird.io/api) </ul></li>                                                                     | <ul><li> - \[x] Linux </ul></li>                                                        |
-| <ul><li> - \[x] Peer-to-peer connections </ul></li>                                                                          | <ul><li> - \[x] Auto peer discovery and configuration </ul></li>                                         | <ul><li> - \[x] [Access control - groups & rules](https://docs.netbird.io/how-to/manage-network-access) </ul></li>                    | <ul><li> - \[x] [Setup keys for bulk network provisioning](https://docs.netbird.io/how-to/register-machines-using-setup-keys) </ul></li> | <ul><li> - \[x] Mac </ul></li>                                                          |
-| <ul><li> - \[x] Connection relay fallback </ul></li>                                                                         | <ul><li> - \[x] [IdP integrations](https://docs.netbird.io/selfhosted/identity-providers) </ul></li>     | <ul><li> - \[x] [Activity logging](https://docs.netbird.io/how-to/monitor-system-and-network-activity) </ul></li>                     | <ul><li> - \[x] [Self-hosting quickstart script](https://docs.netbird.io/selfhosted/selfhosted-quickstart) </ul></li>                    | <ul><li> - \[x] Windows </ul></li>                                                      |
-| <ul><li> - \[x] [Routes to external networks](https://docs.netbird.io/how-to/routing-traffic-to-private-networks) </ul></li> | <ul><li> - \[x] [Private DNS](https://docs.netbird.io/how-to/manage-dns-in-your-network) </ul></li>      | <ul><li> - \[x] [Device posture checks](https://docs.netbird.io/how-to/manage-posture-checks) </ul></li>                              | <ul><li> - \[x] IdP groups sync with JWT </ul></li>                                                                                      | <ul><li> - \[x] Android </ul></li>                                                      |
-| <ul><li> - \[x] NAT traversal with BPF </ul></li>                                                                            | <ul><li> - \[x] [Multiuser support](https://docs.netbird.io/how-to/add-users-to-your-network) </ul></li> | <ul><li> -  \[x] Peer-to-peer encryption </ul></li>                                                                                   |                                                                                                                                          | <ul><li> - \[x] iOS </ul></li>                                                          |
-|                                                                                                                              |                                                                                                          | <ul><li> - \[x] [Quantum-resistance with Rosenpass](https://netbird.io/knowledge-hub/the-first-quantum-resistant-mesh-vpn) </ul></li> |                                                                                                                                          | <ul><li> - \[x] OpenWRT </ul></li>                                                      |
-|                                                                                                                              |                                                                                                          | <ui><li> - \[x] [Periodic re-authentication](https://docs.netbird.io/how-to/enforce-periodic-user-authentication)</ul></li>           |                                                                                                                                          | <ul><li> - \[x] [Serverless](https://docs.netbird.io/how-to/netbird-on-faas) </ul></li> |
-|                                                                                                                              |                                                                                                          |                                                                                                                                       |                                                                                                                                          | <ul><li> - \[x] Docker </ul></li>                                                       |
+| Connectivity                             	                        | Management                                 	                             | Automation                                    	                            | Platforms    	                        |
+|-------------------------------------------------------------------|--------------------------------------------------------------------------|----------------------------------------------------------------------------|---------------------------------------|
+| <ul><li> - \[x] Kernel WireGuard </ul></li>                   	   | <ul><li> - \[x] [Admin Web UI](https://github.com/netbirdio/dashboard) </ul></li>                           	      | <ul><li> - \[x] [Public API](https://docs.netbird.io/api) </ul></li>                                	     | <ul><li> - \[x] Linux </ul></li>    	 |
+| <ul><li> - \[x] Peer-to-peer connections </ul></li>             	 | <ul><li> - \[x] Auto peer discovery and configuration </ul></li>  	      | <ul><li> - \[x] [Setup keys for bulk network provisioning](https://docs.netbird.io/how-to/register-machines-using-setup-keys) </ul></li>  	     | <ul><li> - \[x] Mac </ul></li>      	 |
+| <ul><li> - \[x] Peer-to-peer encryption </ul></li>              	 | <ul><li> - \[x] [IdP integrations](https://docs.netbird.io/selfhosted/identity-providers) </ul></li>                       	      | <ul><li> - \[x] [Self-hosting quickstart script](https://docs.netbird.io/selfhosted/selfhosted-quickstart) </ul></li>              	 | <ul><li> - \[x] Windows </ul></li>  	 |
+| <ul><li> - \[x] Connection relay fallback </ul></li>            	 | <ul><li> - \[x] [SSO & MFA support](https://docs.netbird.io/how-to/installation#running-net-bird-with-sso-login) </ul></li>                      	      | <ul><li> - \[x] IdP groups sync with JWT </ul></li> 	                      | <ul><li> - \[x] Android </ul></li>  	 |
+| <ul><li> - \[x] [Routes to external networks](https://docs.netbird.io/how-to/routing-traffic-to-private-networks) </ul></li>  	         | <ul><li> - \[x] [Access control - groups & rules](https://docs.netbird.io/how-to/manage-network-access) </ul></li>      	        | 	                                                                          | <ul><li> - \[ ] iOS </ul></li>      	 |
+| <ul><li> - \[x] NAT traversal with BPF </ul></li>                 | <ul><li> - \[x] [Private DNS](https://docs.netbird.io/how-to/manage-dns-in-your-network) </ul></li>                            	      | 	                                                                          | <ul><li> - \[x] Docker </ul></li>   	 |
+|                                                                   | <ul><li> - \[x] [Multiuser support](https://docs.netbird.io/how-to/add-users-to-your-network) </ul></li>                      	      | 	                                                                          | <ul><li> - \[x] OpenWRT </ul></li>  	 |
+| 	                                                                 | <ul><li> - \[x] [Activity logging](https://docs.netbird.io/how-to/monitor-system-and-network-activity) </ul></li>                       	      | 	                                                                          | 	                                     |
+| 	                                                                 | <ul><li> - \[x] SSH access management </ul></li>                       	 | 	                                                                          | 	                                     |
+
+
 ### Quickstart with NetBird Cloud

 - Download and install NetBird at [https://app.netbird.io/install](https://app.netbird.io/install)
@@ -78,7 +79,7 @@ Follow the [Advanced guide with a custom identity provider](https://docs.netbird
 - **Public domain** name pointing to the VM.

 **Software requirements:**
- Docker installed on the VM with the docker-compose plugin ([Docker installation guide](https://docs.docker.com/engine/install/)) or docker with docker-compose in version 2 or higher.
+- Docker installed on the VM with the docker compose plugin ([Docker installation guide](https://docs.docker.com/engine/install/)) or docker with docker-compose in version 2 or higher.
 - [jq](https://jqlang.github.io/jq/) installed. In most distributions
  Usually available in the official repositories and can be installed with `sudo apt install jq` or `sudo yum install jq`
 - [curl](https://curl.se/) installed.
@@ -95,9 +96,9 @@ export NETBIRD_DOMAIN=netbird.example.com; curl -fsSL https://github.com/netbird
 -  Every machine in the network runs [NetBird Agent (or Client)](client/) that manages WireGuard.
 -  Every agent connects to [Management Service](management/) that holds network state, manages peer IPs, and distributes network updates to agents (peers).
 -  NetBird agent uses WebRTC ICE implemented in [pion/ice library](https://github.com/pion/ice) to discover connection candidates when establishing a peer-to-peer connection between machines.
-  Connection candidates are discovered with the help of [STUN](https://en.wikipedia.org/wiki/STUN) servers.
+-  Connection candidates are discovered with a help of [STUN](https://en.wikipedia.org/wiki/STUN) servers.
 -  Agents negotiate a connection through [Signal Service](signal/) passing p2p encrypted messages with candidates.
-  Sometimes the NAT traversal is unsuccessful due to strict NATs (e.g. mobile carrier-grade NAT) and a p2p connection isn't possible. When this occurs the system falls back to a relay server called [TURN](https://en.wikipedia.org/wiki/Traversal_Using_Relays_around_NAT), and a secure WireGuard tunnel is established via the TURN server. 
+-  Sometimes the NAT traversal is unsuccessful due to strict NATs (e.g. mobile carrier-grade NAT) and p2p connection isn't possible. When this occurs the system falls back to a relay server called [TURN](https://en.wikipedia.org/wiki/Traversal_Using_Relays_around_NAT), and a secure WireGuard tunnel is established via the TURN server. 
 
 [Coturn](https://github.com/coturn/coturn) is the one that has been successfully used for STUN and TURN in NetBird setups.

@@ -108,8 +109,8 @@ export NETBIRD_DOMAIN=netbird.example.com; curl -fsSL https://github.com/netbird
 See a complete [architecture overview](https://docs.netbird.io/about-netbird/how-netbird-works#architecture) for details.

 ### Community projects
+-  [NetBird on OpenWRT](https://github.com/messense/openwrt-netbird)
 -  [NetBird installer script](https://github.com/physk/netbird-installer)
-  [NetBird ansible collection by Dominion Solutions](https://galaxy.ansible.com/ui/repo/published/dominion_solutions/netbird/)

 **Note**: The `main` branch may be in an *unstable or even broken state* during development.
 For stable versions, see [releases](https://github.com/netbirdio/netbird/releases).
@@ -121,7 +122,7 @@ In November 2022, NetBird joined the [StartUpSecure program](https://www.forschu
 ![CISPA_Logo_BLACK_EN_RZ_RGB (1)](https://user-images.githubusercontent.com/700848/203091324-c6d311a0-22b5-4b05-a288-91cbc6cdcc46.png)

 ### Testimonials
-We use open-source technologies like [WireGuard®](https://www.wireguard.com/), [Pion ICE (WebRTC)](https://github.com/pion/ice), [Coturn](https://github.com/coturn/coturn), and [Rosenpass](https://rosenpass.eu). We very much appreciate the work these guys are doing and we'd greatly appreciate if you could support them in any way (e.g., by giving a star or a contribution).
+We use open-source technologies like [WireGuard®](https://www.wireguard.com/), [Pion ICE (WebRTC)](https://github.com/pion/ice), [Coturn](https://github.com/coturn/coturn), and [Rosenpass](https://rosenpass.eu). We very much appreciate the work these guys are doing and we'd greatly appreciate if you could support them in any way (e.g. giving a star or a contribution).

 ### Legal
 _WireGuard_ and the _WireGuard_ logo are [registered trademarks](https://www.wireguard.com/trademark-policy/) of Jason A. Donenfeld.
--- a/client/Dockerfile
+++ b/client/Dockerfile
@@ -1,5 +1,5 @@
-FROM alpine:3.19
+FROM alpine:3
 RUN apk add --no-cache ca-certificates iptables ip6tables
 ENV NB_FOREGROUND_MODE=true
-ENTRYPOINT [ "/usr/local/bin/netbird","up"]
-COPY netbird /usr/local/bin/netbird
+ENTRYPOINT [ "/go/bin/netbird","up"]
+COPY netbird /go/bin/netbird
--- a/client/android/client.go
+++ b/client/android/client.go
@@ -1,5 +1,3 @@
-//go:build android
-
 package android

 import (
@@ -16,7 +14,6 @@ import (
 	"github.com/netbirdio/netbird/client/system"
 	"github.com/netbirdio/netbird/formatter"
 	"github.com/netbirdio/netbird/iface"
-	"github.com/netbirdio/netbird/util/net"
 )

 // ConnectionListener export internal Listener for mobile
@@ -57,17 +54,14 @@ type Client struct {
 	ctxCancel             context.CancelFunc
 	ctxCancelLock         *sync.Mutex
 	deviceName            string
-	uiVersion             string
 	networkChangeListener listener.NetworkChangeListener
 }

 // NewClient instantiate a new Client
-func NewClient(cfgFile, deviceName string, uiVersion string, tunAdapter TunAdapter, iFaceDiscover IFaceDiscover, networkChangeListener NetworkChangeListener) *Client {
-	net.SetAndroidProtectSocketFn(tunAdapter.ProtectSocket)
+func NewClient(cfgFile, deviceName string, tunAdapter TunAdapter, iFaceDiscover IFaceDiscover, networkChangeListener NetworkChangeListener) *Client {
 	return &Client{
 		cfgFile:               cfgFile,
 		deviceName:            deviceName,
-		uiVersion:             uiVersion,
 		tunAdapter:            tunAdapter,
 		iFaceDiscover:         iFaceDiscover,
 		recorder:              peer.NewRecorder(""),
@@ -85,14 +79,10 @@ func (c *Client) Run(urlOpener URLOpener, dns *DNSList, dnsReadyListener DnsRead
 		return err
 	}
 	c.recorder.UpdateManagementAddress(cfg.ManagementURL.String())
-	c.recorder.UpdateRosenpass(cfg.RosenpassEnabled, cfg.RosenpassPermissive)

 	var ctx context.Context
 	//nolint
 	ctxWithValues := context.WithValue(context.Background(), system.DeviceNameCtxKey, c.deviceName)
-	//nolint
-	ctxWithValues = context.WithValue(ctxWithValues, system.UiVersionCtxKey, c.uiVersion)
-
 	c.ctxCancelLock.Lock()
 	ctx, c.ctxCancel = context.WithCancel(ctxWithValues)
 	defer c.ctxCancel()
@@ -106,8 +96,7 @@ func (c *Client) Run(urlOpener URLOpener, dns *DNSList, dnsReadyListener DnsRead

 	// todo do not throw error in case of cancelled context
 	ctx = internal.CtxInitState(ctx)
-	connectClient := internal.NewConnectClient(ctx, cfg, c.recorder)
-	return connectClient.RunOnAndroid(c.tunAdapter, c.iFaceDiscover, c.networkChangeListener, dns.items, dnsReadyListener)
+	return internal.RunClientMobile(ctx, cfg, c.recorder, c.tunAdapter, c.iFaceDiscover, c.networkChangeListener, dns.items, dnsReadyListener)
 }

 // RunWithoutLogin we apply this type of run function when the backed has been started without UI (i.e. after reboot).
@@ -120,7 +109,6 @@ func (c *Client) RunWithoutLogin(dns *DNSList, dnsReadyListener DnsReadyListener
 		return err
 	}
 	c.recorder.UpdateManagementAddress(cfg.ManagementURL.String())
-	c.recorder.UpdateRosenpass(cfg.RosenpassEnabled, cfg.RosenpassPermissive)

 	var ctx context.Context
 	//nolint
@@ -132,8 +120,7 @@ func (c *Client) RunWithoutLogin(dns *DNSList, dnsReadyListener DnsReadyListener

 	// todo do not throw error in case of cancelled context
 	ctx = internal.CtxInitState(ctx)
-	connectClient := internal.NewConnectClient(ctx, cfg, c.recorder)
-	return connectClient.RunOnAndroid(c.tunAdapter, c.iFaceDiscover, c.networkChangeListener, dns.items, dnsReadyListener)
+	return internal.RunClientMobile(ctx, cfg, c.recorder, c.tunAdapter, c.iFaceDiscover, c.networkChangeListener, dns.items, dnsReadyListener)
 }

 // Stop the internal client and free the resources
@@ -152,11 +139,6 @@ func (c *Client) SetTraceLogLevel() {
 	log.SetLevel(log.TraceLevel)
 }

-// SetInfoLogLevel configure the logger to info level
-func (c *Client) SetInfoLogLevel() {
-	log.SetLevel(log.InfoLevel)
-}
-
 // PeersList return with the list of the PeerInfos
 func (c *Client) PeersList() *PeerInfoArray {

--- a/client/anonymize/anonymize.go
+++ b/client/anonymize/anonymize.go
@@ -1,212 +0,0 @@
-package anonymize
-
-import (
-	"crypto/rand"
-	"fmt"
-	"math/big"
-	"net"
-	"net/netip"
-	"net/url"
-	"regexp"
-	"slices"
-	"strings"
-)
-
-type Anonymizer struct {
-	ipAnonymizer     map[netip.Addr]netip.Addr
-	domainAnonymizer map[string]string
-	currentAnonIPv4  netip.Addr
-	currentAnonIPv6  netip.Addr
-	startAnonIPv4    netip.Addr
-	startAnonIPv6    netip.Addr
-}
-
-func DefaultAddresses() (netip.Addr, netip.Addr) {
-	// 192.51.100.0, 100::
-	return netip.AddrFrom4([4]byte{198, 51, 100, 0}), netip.AddrFrom16([16]byte{0x01})
-}
-
-func NewAnonymizer(startIPv4, startIPv6 netip.Addr) *Anonymizer {
-	return &Anonymizer{
-		ipAnonymizer:     map[netip.Addr]netip.Addr{},
-		domainAnonymizer: map[string]string{},
-		currentAnonIPv4:  startIPv4,
-		currentAnonIPv6:  startIPv6,
-		startAnonIPv4:    startIPv4,
-		startAnonIPv6:    startIPv6,
-	}
-}
-
-func (a *Anonymizer) AnonymizeIP(ip netip.Addr) netip.Addr {
-	if ip.IsLoopback() ||
-		ip.IsLinkLocalUnicast() ||
-		ip.IsLinkLocalMulticast() ||
-		ip.IsInterfaceLocalMulticast() ||
-		ip.IsPrivate() ||
-		ip.IsUnspecified() ||
-		ip.IsMulticast() ||
-		isWellKnown(ip) ||
-		a.isInAnonymizedRange(ip) {
-
-		return ip
-	}
-
-	if _, ok := a.ipAnonymizer[ip]; !ok {
-		if ip.Is4() {
-			a.ipAnonymizer[ip] = a.currentAnonIPv4
-			a.currentAnonIPv4 = a.currentAnonIPv4.Next()
-		} else {
-			a.ipAnonymizer[ip] = a.currentAnonIPv6
-			a.currentAnonIPv6 = a.currentAnonIPv6.Next()
-		}
-	}
-	return a.ipAnonymizer[ip]
-}
-
-// isInAnonymizedRange checks if an IP is within the range of already assigned anonymized IPs
-func (a *Anonymizer) isInAnonymizedRange(ip netip.Addr) bool {
-	if ip.Is4() && ip.Compare(a.startAnonIPv4) >= 0 && ip.Compare(a.currentAnonIPv4) <= 0 {
-		return true
-	} else if !ip.Is4() && ip.Compare(a.startAnonIPv6) >= 0 && ip.Compare(a.currentAnonIPv6) <= 0 {
-		return true
-	}
-	return false
-}
-
-func (a *Anonymizer) AnonymizeIPString(ip string) string {
-	addr, err := netip.ParseAddr(ip)
-	if err != nil {
-		return ip
-	}
-
-	return a.AnonymizeIP(addr).String()
-}
-
-func (a *Anonymizer) AnonymizeDomain(domain string) string {
-	if strings.HasSuffix(domain, "netbird.io") ||
-		strings.HasSuffix(domain, "netbird.selfhosted") ||
-		strings.HasSuffix(domain, "netbird.cloud") ||
-		strings.HasSuffix(domain, "netbird.stage") ||
-		strings.HasSuffix(domain, ".domain") {
-		return domain
-	}
-
-	parts := strings.Split(domain, ".")
-	if len(parts) < 2 {
-		return domain
-	}
-
-	baseDomain := parts[len(parts)-2] + "." + parts[len(parts)-1]
-
-	anonymized, ok := a.domainAnonymizer[baseDomain]
-	if !ok {
-		anonymizedBase := "anon-" + generateRandomString(5) + ".domain"
-		a.domainAnonymizer[baseDomain] = anonymizedBase
-		anonymized = anonymizedBase
-	}
-
-	return strings.Replace(domain, baseDomain, anonymized, 1)
-}
-
-func (a *Anonymizer) AnonymizeURI(uri string) string {
-	u, err := url.Parse(uri)
-	if err != nil {
-		return uri
-	}
-
-	var anonymizedHost string
-	if u.Opaque != "" {
-		host, port, err := net.SplitHostPort(u.Opaque)
-		if err == nil {
-			anonymizedHost = fmt.Sprintf("%s:%s", a.AnonymizeDomain(host), port)
-		} else {
-			anonymizedHost = a.AnonymizeDomain(u.Opaque)
-		}
-		u.Opaque = anonymizedHost
-	} else if u.Host != "" {
-		host, port, err := net.SplitHostPort(u.Host)
-		if err == nil {
-			anonymizedHost = fmt.Sprintf("%s:%s", a.AnonymizeDomain(host), port)
-		} else {
-			anonymizedHost = a.AnonymizeDomain(u.Host)
-		}
-		u.Host = anonymizedHost
-	}
-	return u.String()
-}
-
-func (a *Anonymizer) AnonymizeString(str string) string {
-	ipv4Regex := regexp.MustCompile(`\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b`)
-	ipv6Regex := regexp.MustCompile(`\b([0-9a-fA-F:]+:+[0-9a-fA-F]{0,4})(?:%[0-9a-zA-Z]+)?(?:\/[0-9]{1,3})?(?::[0-9]{1,5})?\b`)
-
-	str = ipv4Regex.ReplaceAllStringFunc(str, a.AnonymizeIPString)
-	str = ipv6Regex.ReplaceAllStringFunc(str, a.AnonymizeIPString)
-
-	for domain, anonDomain := range a.domainAnonymizer {
-		str = strings.ReplaceAll(str, domain, anonDomain)
-	}
-
-	str = a.AnonymizeSchemeURI(str)
-	str = a.AnonymizeDNSLogLine(str)
-
-	return str
-}
-
-// AnonymizeSchemeURI finds and anonymizes URIs with stun, stuns, turn, and turns schemes.
-func (a *Anonymizer) AnonymizeSchemeURI(text string) string {
-	re := regexp.MustCompile(`(?i)\b(stuns?:|turns?:|https?://)\S+\b`)
-
-	return re.ReplaceAllStringFunc(text, a.AnonymizeURI)
-}
-
-// AnonymizeDNSLogLine anonymizes domain names in DNS log entries by replacing them with a random string.
-func (a *Anonymizer) AnonymizeDNSLogLine(logEntry string) string {
-	domainPattern := `dns\.Question{Name:"([^"]+)",`
-	domainRegex := regexp.MustCompile(domainPattern)
-
-	return domainRegex.ReplaceAllStringFunc(logEntry, func(match string) string {
-		parts := strings.Split(match, `"`)
-		if len(parts) >= 2 {
-			domain := parts[1]
-			if strings.HasSuffix(domain, ".domain") {
-				return match
-			}
-			randomDomain := generateRandomString(10) + ".domain"
-			return strings.Replace(match, domain, randomDomain, 1)
-		}
-		return match
-	})
-}
-
-func isWellKnown(addr netip.Addr) bool {
-	wellKnown := []string{
-		"8.8.8.8", "8.8.4.4", // Google DNS IPv4
-		"2001:4860:4860::8888", "2001:4860:4860::8844", // Google DNS IPv6
-		"1.1.1.1", "1.0.0.1", // Cloudflare DNS IPv4
-		"2606:4700:4700::1111", "2606:4700:4700::1001", // Cloudflare DNS IPv6
-		"9.9.9.9", "149.112.112.112", // Quad9 DNS IPv4
-		"2620:fe::fe", "2620:fe::9", // Quad9 DNS IPv6
-	}
-
-	if slices.Contains(wellKnown, addr.String()) {
-		return true
-	}
-
-	cgnatRangeStart := netip.AddrFrom4([4]byte{100, 64, 0, 0})
-	cgnatRange := netip.PrefixFrom(cgnatRangeStart, 10)
-
-	return cgnatRange.Contains(addr)
-}
-
-func generateRandomString(length int) string {
-	const letters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
-	result := make([]byte, length)
-	for i := range result {
-		num, err := rand.Int(rand.Reader, big.NewInt(int64(len(letters))))
-		if err != nil {
-			continue
-		}
-		result[i] = letters[num.Int64()]
-	}
-	return string(result)
-}
--- a/client/anonymize/anonymize_test.go
+++ b/client/anonymize/anonymize_test.go
@@ -1,223 +0,0 @@
-package anonymize_test
-
-import (
-	"net/netip"
-	"regexp"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-
-	"github.com/netbirdio/netbird/client/anonymize"
-)
-
-func TestAnonymizeIP(t *testing.T) {
-	startIPv4 := netip.MustParseAddr("198.51.100.0")
-	startIPv6 := netip.MustParseAddr("100::")
-	anonymizer := anonymize.NewAnonymizer(startIPv4, startIPv6)
-
-	tests := []struct {
-		name   string
-		ip     string
-		expect string
-	}{
-		{"Well known", "8.8.8.8", "8.8.8.8"},
-		{"First Public IPv4", "1.2.3.4", "198.51.100.0"},
-		{"Second Public IPv4", "4.3.2.1", "198.51.100.1"},
-		{"Repeated IPv4", "1.2.3.4", "198.51.100.0"},
-		{"Private IPv4", "192.168.1.1", "192.168.1.1"},
-		{"First Public IPv6", "2607:f8b0:4005:805::200e", "100::"},
-		{"Second Public IPv6", "a::b", "100::1"},
-		{"Repeated IPv6", "2607:f8b0:4005:805::200e", "100::"},
-		{"Private IPv6", "fe80::1", "fe80::1"},
-		{"In Range IPv4", "198.51.100.2", "198.51.100.2"},
-	}
-
-	for _, tc := range tests {
-		t.Run(tc.name, func(t *testing.T) {
-			ip := netip.MustParseAddr(tc.ip)
-			anonymizedIP := anonymizer.AnonymizeIP(ip)
-			if anonymizedIP.String() != tc.expect {
-				t.Errorf("%s: expected %s, got %s", tc.name, tc.expect, anonymizedIP)
-			}
-		})
-	}
-}
-
-func TestAnonymizeDNSLogLine(t *testing.T) {
-	anonymizer := anonymize.NewAnonymizer(netip.Addr{}, netip.Addr{})
-	testLog := `2024-04-23T20:01:11+02:00 TRAC client/internal/dns/local.go:25: received question: dns.Question{Name:"example.com", Qtype:0x1c, Qclass:0x1}`
-
-	result := anonymizer.AnonymizeDNSLogLine(testLog)
-	require.NotEqual(t, testLog, result)
-	assert.NotContains(t, result, "example.com")
-}
-
-func TestAnonymizeDomain(t *testing.T) {
-	anonymizer := anonymize.NewAnonymizer(netip.Addr{}, netip.Addr{})
-	tests := []struct {
-		name            string
-		domain          string
-		expectPattern   string
-		shouldAnonymize bool
-	}{
-		{
-			"General Domain",
-			"example.com",
-			`^anon-[a-zA-Z0-9]+\.domain$`,
-			true,
-		},
-		{
-			"Subdomain",
-			"sub.example.com",
-			`^sub\.anon-[a-zA-Z0-9]+\.domain$`,
-			true,
-		},
-		{
-			"Protected Domain",
-			"netbird.io",
-			`^netbird\.io$`,
-			false,
-		},
-	}
-
-	for _, tc := range tests {
-		t.Run(tc.name, func(t *testing.T) {
-			result := anonymizer.AnonymizeDomain(tc.domain)
-			if tc.shouldAnonymize {
-				assert.Regexp(t, tc.expectPattern, result, "The anonymized domain should match the expected pattern")
-				assert.NotContains(t, result, tc.domain, "The original domain should not be present in the result")
-			} else {
-				assert.Equal(t, tc.domain, result, "Protected domains should not be anonymized")
-			}
-		})
-	}
-}
-
-func TestAnonymizeURI(t *testing.T) {
-	anonymizer := anonymize.NewAnonymizer(netip.Addr{}, netip.Addr{})
-	tests := []struct {
-		name  string
-		uri   string
-		regex string
-	}{
-		{
-			"HTTP URI with Port",
-			"http://example.com:80/path",
-			`^http://anon-[a-zA-Z0-9]+\.domain:80/path$`,
-		},
-		{
-			"HTTP URI without Port",
-			"http://example.com/path",
-			`^http://anon-[a-zA-Z0-9]+\.domain/path$`,
-		},
-		{
-			"Opaque URI with Port",
-			"stun:example.com:80?transport=udp",
-			`^stun:anon-[a-zA-Z0-9]+\.domain:80\?transport=udp$`,
-		},
-		{
-			"Opaque URI without Port",
-			"stun:example.com?transport=udp",
-			`^stun:anon-[a-zA-Z0-9]+\.domain\?transport=udp$`,
-		},
-	}
-
-	for _, tc := range tests {
-		t.Run(tc.name, func(t *testing.T) {
-			result := anonymizer.AnonymizeURI(tc.uri)
-			assert.Regexp(t, regexp.MustCompile(tc.regex), result, "URI should match expected pattern")
-			require.NotContains(t, result, "example.com", "Original domain should not be present")
-		})
-	}
-}
-
-func TestAnonymizeSchemeURI(t *testing.T) {
-	anonymizer := anonymize.NewAnonymizer(netip.Addr{}, netip.Addr{})
-	tests := []struct {
-		name   string
-		input  string
-		expect string
-	}{
-		{"STUN URI in text", "Connection made via stun:example.com", `Connection made via stun:anon-[a-zA-Z0-9]+\.domain`},
-		{"TURN URI in log", "Failed attempt turn:some.example.com:3478?transport=tcp: retrying", `Failed attempt turn:some.anon-[a-zA-Z0-9]+\.domain:3478\?transport=tcp: retrying`},
-		{"HTTPS URI in message", "Visit https://example.com for more", `Visit https://anon-[a-zA-Z0-9]+\.domain for more`},
-	}
-
-	for _, tc := range tests {
-		t.Run(tc.name, func(t *testing.T) {
-			result := anonymizer.AnonymizeSchemeURI(tc.input)
-			assert.Regexp(t, tc.expect, result, "The anonymized output should match expected pattern")
-			require.NotContains(t, result, "example.com", "Original domain should not be present")
-		})
-	}
-}
-
-func TestAnonymizString_MemorizedDomain(t *testing.T) {
-	anonymizer := anonymize.NewAnonymizer(netip.Addr{}, netip.Addr{})
-	domain := "example.com"
-	anonymizedDomain := anonymizer.AnonymizeDomain(domain)
-
-	sampleString := "This is a test string including the domain example.com which should be anonymized."
-
-	firstPassResult := anonymizer.AnonymizeString(sampleString)
-	secondPassResult := anonymizer.AnonymizeString(firstPassResult)
-
-	assert.Contains(t, firstPassResult, anonymizedDomain, "The domain should be anonymized in the first pass")
-	assert.NotContains(t, firstPassResult, domain, "The original domain should not appear in the first pass output")
-
-	assert.Equal(t, firstPassResult, secondPassResult, "The second pass should not further anonymize the string")
-}
-
-func TestAnonymizeString_DoubleURI(t *testing.T) {
-	anonymizer := anonymize.NewAnonymizer(netip.Addr{}, netip.Addr{})
-	domain := "example.com"
-	anonymizedDomain := anonymizer.AnonymizeDomain(domain)
-
-	sampleString := "Check out our site at https://example.com for more info."
-
-	firstPassResult := anonymizer.AnonymizeString(sampleString)
-	secondPassResult := anonymizer.AnonymizeString(firstPassResult)
-
-	assert.Contains(t, firstPassResult, "https://"+anonymizedDomain, "The URI should be anonymized in the first pass")
-	assert.NotContains(t, firstPassResult, "https://example.com", "The original URI should not appear in the first pass output")
-
-	assert.Equal(t, firstPassResult, secondPassResult, "The second pass should not further anonymize the URI")
-}
-
-func TestAnonymizeString_IPAddresses(t *testing.T) {
-	anonymizer := anonymize.NewAnonymizer(anonymize.DefaultAddresses())
-	tests := []struct {
-		name   string
-		input  string
-		expect string
-	}{
-		{
-			name:   "IPv4 Address",
-			input:  "Error occurred at IP 122.138.1.1",
-			expect: "Error occurred at IP 198.51.100.0",
-		},
-		{
-			name:   "IPv6 Address",
-			input:  "Access attempted from 2001:db8::ff00:42",
-			expect: "Access attempted from 100::",
-		},
-		{
-			name:   "IPv6 Address with Port",
-			input:  "Access attempted from [2001:db8::ff00:42]:8080",
-			expect: "Access attempted from [100::]:8080",
-		},
-		{
-			name:   "Both IPv4 and IPv6",
-			input:  "IPv4: 142.108.0.1 and IPv6: 2001:db8::ff00:43",
-			expect: "IPv4: 198.51.100.1 and IPv6: 100::1",
-		},
-	}
-
-	for _, tc := range tests {
-		t.Run(tc.name, func(t *testing.T) {
-			result := anonymizer.AnonymizeString(tc.input)
-			assert.Equal(t, tc.expect, result, "IP addresses should be anonymized correctly")
-		})
-	}
-}
--- a/client/cmd/debug.go
+++ b/client/cmd/debug.go
@@ -1,255 +0,0 @@
-package cmd
-
-import (
-	"context"
-	"fmt"
-	"time"
-
-	"github.com/spf13/cobra"
-	"google.golang.org/grpc/status"
-
-	"github.com/netbirdio/netbird/client/internal"
-	"github.com/netbirdio/netbird/client/proto"
-	"github.com/netbirdio/netbird/client/server"
-)
-
-var debugCmd = &cobra.Command{
-	Use:   "debug",
-	Short: "Debugging commands",
-	Long:  "Provides commands for debugging and logging control within the Netbird daemon.",
-}
-
-var debugBundleCmd = &cobra.Command{
-	Use:     "bundle",
-	Example: "  netbird debug bundle",
-	Short:   "Create a debug bundle",
-	Long:    "Generates a compressed archive of the daemon's logs and status for debugging purposes.",
-	RunE:    debugBundle,
-}
-
-var logCmd = &cobra.Command{
-	Use:   "log",
-	Short: "Manage logging for the Netbird daemon",
-	Long:  `Commands to manage logging settings for the Netbird daemon, including ICE, gRPC, and general log levels.`,
-}
-
-var logLevelCmd = &cobra.Command{
-	Use:   "level <level>",
-	Short: "Set the logging level for this session",
-	Long: `Sets the logging level for the current session. This setting is temporary and will revert to the default on daemon restart.
-Available log levels are:
-  panic:   for panic level, highest level of severity
-  fatal:   for fatal level errors that cause the program to exit
-  error:   for error conditions
-  warn:    for warning conditions
-  info:    for informational messages
-  debug:   for debug-level messages
-  trace:   for trace-level messages, which include more fine-grained information than debug`,
-	Args: cobra.ExactArgs(1),
-	RunE: setLogLevel,
-}
-
-var forCmd = &cobra.Command{
-	Use:     "for <time>",
-	Short:   "Run debug logs for a specified duration and create a debug bundle",
-	Long:    `Sets the logging level to trace, runs for the specified duration, and then generates a debug bundle.`,
-	Example: "  netbird debug for 5m",
-	Args:    cobra.ExactArgs(1),
-	RunE:    runForDuration,
-}
-
-func debugBundle(cmd *cobra.Command, _ []string) error {
-	conn, err := getClient(cmd)
-	if err != nil {
-		return err
-	}
-	defer conn.Close()
-
-	client := proto.NewDaemonServiceClient(conn)
-	resp, err := client.DebugBundle(cmd.Context(), &proto.DebugBundleRequest{
-		Anonymize: anonymizeFlag,
-		Status:    getStatusOutput(cmd),
-	})
-	if err != nil {
-		return fmt.Errorf("failed to bundle debug: %v", status.Convert(err).Message())
-	}
-
-	cmd.Println(resp.GetPath())
-
-	return nil
-}
-
-func setLogLevel(cmd *cobra.Command, args []string) error {
-	conn, err := getClient(cmd)
-	if err != nil {
-		return err
-	}
-	defer conn.Close()
-
-	client := proto.NewDaemonServiceClient(conn)
-	level := server.ParseLogLevel(args[0])
-	if level == proto.LogLevel_UNKNOWN {
-		return fmt.Errorf("unknown log level: %s. Available levels are: panic, fatal, error, warn, info, debug, trace\n", args[0])
-	}
-
-	_, err = client.SetLogLevel(cmd.Context(), &proto.SetLogLevelRequest{
-		Level: level,
-	})
-	if err != nil {
-		return fmt.Errorf("failed to set log level: %v", status.Convert(err).Message())
-	}
-
-	cmd.Println("Log level set successfully to", args[0])
-	return nil
-}
-
-func runForDuration(cmd *cobra.Command, args []string) error {
-	duration, err := time.ParseDuration(args[0])
-	if err != nil {
-		return fmt.Errorf("invalid duration format: %v", err)
-	}
-
-	conn, err := getClient(cmd)
-	if err != nil {
-		return err
-	}
-	defer conn.Close()
-
-	client := proto.NewDaemonServiceClient(conn)
-
-	stat, err := client.Status(cmd.Context(), &proto.StatusRequest{})
-	if err != nil {
-		return fmt.Errorf("failed to get status: %v", status.Convert(err).Message())
-	}
-
-	restoreUp := stat.Status == string(internal.StatusConnected) || stat.Status == string(internal.StatusConnecting)
-
-	initialLogLevel, err := client.GetLogLevel(cmd.Context(), &proto.GetLogLevelRequest{})
-	if err != nil {
-		return fmt.Errorf("failed to get log level: %v", status.Convert(err).Message())
-	}
-
-	if _, err := client.Down(cmd.Context(), &proto.DownRequest{}); err != nil {
-		return fmt.Errorf("failed to down: %v", status.Convert(err).Message())
-	}
-	cmd.Println("Netbird down")
-
-	initialLevelTrace := initialLogLevel.GetLevel() >= proto.LogLevel_TRACE
-	if !initialLevelTrace {
-		_, err = client.SetLogLevel(cmd.Context(), &proto.SetLogLevelRequest{
-			Level: proto.LogLevel_TRACE,
-		})
-		if err != nil {
-			return fmt.Errorf("failed to set log level to TRACE: %v", status.Convert(err).Message())
-		}
-		cmd.Println("Log level set to trace.")
-	}
-
-	time.Sleep(1 * time.Second)
-
-	if _, err := client.Up(cmd.Context(), &proto.UpRequest{}); err != nil {
-		return fmt.Errorf("failed to up: %v", status.Convert(err).Message())
-	}
-	cmd.Println("Netbird up")
-
-	time.Sleep(3 * time.Second)
-
-	headerPostUp := fmt.Sprintf("----- Netbird post-up - Timestamp: %s", time.Now().Format(time.RFC3339))
-	statusOutput := fmt.Sprintf("%s\n%s", headerPostUp, getStatusOutput(cmd))
-
-	if waitErr := waitForDurationOrCancel(cmd.Context(), duration, cmd); waitErr != nil {
-		return waitErr
-	}
-	cmd.Println("\nDuration completed")
-
-	headerPreDown := fmt.Sprintf("----- Netbird pre-down - Timestamp: %s - Duration: %s", time.Now().Format(time.RFC3339), duration)
-	statusOutput = fmt.Sprintf("%s\n%s\n%s", statusOutput, headerPreDown, getStatusOutput(cmd))
-
-	if _, err := client.Down(cmd.Context(), &proto.DownRequest{}); err != nil {
-		return fmt.Errorf("failed to down: %v", status.Convert(err).Message())
-	}
-	cmd.Println("Netbird down")
-
-	time.Sleep(1 * time.Second)
-
-	if restoreUp {
-		if _, err := client.Up(cmd.Context(), &proto.UpRequest{}); err != nil {
-			return fmt.Errorf("failed to up: %v", status.Convert(err).Message())
-		}
-		cmd.Println("Netbird up")
-	}
-
-	if !initialLevelTrace {
-		if _, err := client.SetLogLevel(cmd.Context(), &proto.SetLogLevelRequest{Level: initialLogLevel.GetLevel()}); err != nil {
-			return fmt.Errorf("failed to restore log level: %v", status.Convert(err).Message())
-		}
-		cmd.Println("Log level restored to", initialLogLevel.GetLevel())
-	}
-
-	cmd.Println("Creating debug bundle...")
-
-	resp, err := client.DebugBundle(cmd.Context(), &proto.DebugBundleRequest{
-		Anonymize: anonymizeFlag,
-		Status:    statusOutput,
-	})
-	if err != nil {
-		return fmt.Errorf("failed to bundle debug: %v", status.Convert(err).Message())
-	}
-
-	cmd.Println(resp.GetPath())
-
-	return nil
-}
-
-func getStatusOutput(cmd *cobra.Command) string {
-	var statusOutputString string
-	statusResp, err := getStatus(cmd.Context())
-	if err != nil {
-		cmd.PrintErrf("Failed to get status: %v\n", err)
-	} else {
-		statusOutputString = parseToFullDetailSummary(convertToStatusOutputOverview(statusResp))
-	}
-	return statusOutputString
-}
-
-func waitForDurationOrCancel(ctx context.Context, duration time.Duration, cmd *cobra.Command) error {
-	ticker := time.NewTicker(1 * time.Second)
-	defer ticker.Stop()
-
-	startTime := time.Now()
-
-	done := make(chan struct{})
-	go func() {
-		defer close(done)
-		for {
-			select {
-			case <-ctx.Done():
-				return
-			case <-ticker.C:
-				elapsed := time.Since(startTime)
-				if elapsed >= duration {
-					return
-				}
-				remaining := duration - elapsed
-				cmd.Printf("\rRemaining time: %s", formatDuration(remaining))
-			}
-		}
-	}()
-
-	select {
-	case <-ctx.Done():
-		return ctx.Err()
-	case <-done:
-		return nil
-	}
-}
-
-func formatDuration(d time.Duration) string {
-	d = d.Round(time.Second)
-	h := d / time.Hour
-	d %= time.Hour
-	m := d / time.Minute
-	d %= time.Minute
-	s := d / time.Second
-	return fmt.Sprintf("%02d:%02d:%02d", h, m, s)
-}
--- a/client/cmd/down.go
+++ b/client/cmd/down.go
@@ -2,9 +2,8 @@ package cmd

 import (
 	"context"
-	"time"
-
 	"github.com/netbirdio/netbird/util"
+	"time"

 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
--- a/client/cmd/login.go
+++ b/client/cmd/login.go
@@ -60,7 +60,7 @@ var loginCmd = &cobra.Command{
 				return fmt.Errorf("get config file: %v", err)
 			}

-			config, _ = internal.UpdateOldManagementURL(ctx, config, configPath)
+			config, _ = internal.UpdateOldManagementPort(ctx, config, configPath)

 			err = foregroundLogin(ctx, cmd, config, setupKey)
 			if err != nil {
@@ -82,15 +82,12 @@ var loginCmd = &cobra.Command{

 		loginRequest := proto.LoginRequest{
 			SetupKey:             setupKey,
+			PreSharedKey:         preSharedKey,
 			ManagementUrl:        managementURL,
 			IsLinuxDesktopClient: isLinuxRunningDesktop(),
 			Hostname:             hostName,
 		}

-		if rootCmd.PersistentFlags().Changed(preSharedKeyFlag) {
-			loginRequest.OptionalPreSharedKey = &preSharedKey
-		}
-
 		var loginErr error

 		var loginResp *proto.LoginResponse
--- a/client/cmd/root.go
+++ b/client/cmd/root.go
@@ -25,18 +25,9 @@ import (
 )

 const (
-	externalIPMapFlag       = "external-ip-map"
-	dnsResolverAddress      = "dns-resolver-address"
-	enableRosenpassFlag     = "enable-rosenpass"
-	rosenpassPermissiveFlag = "rosenpass-permissive"
-	preSharedKeyFlag        = "preshared-key"
-	interfaceNameFlag       = "interface-name"
-	wireguardPortFlag       = "wireguard-port"
-	networkMonitorFlag      = "network-monitor"
-	disableAutoConnectFlag  = "disable-auto-connect"
-	serverSSHAllowedFlag    = "allow-server-ssh"
-	extraIFaceBlackListFlag = "extra-iface-blacklist"
-	dnsRouteIntervalFlag    = "dns-router-interval"
+	externalIPMapFlag  = "external-ip-map"
+	preSharedKeyFlag   = "preshared-key"
+	dnsResolverAddress = "dns-resolver-address"
 )

 var (
@@ -59,19 +50,7 @@ var (
 	preSharedKey            string
 	natExternalIPs          []string
 	customDNSAddress        string
-	rosenpassEnabled        bool
-	rosenpassPermissive     bool
-	serverSSHAllowed        bool
-	interfaceName           string
-	wireguardPort           uint16
-	networkMonitor          bool
-	serviceName             string
-	autoConnectDisabled     bool
-	extraIFaceBlackList     []string
-	anonymizeFlag           bool
-	dnsRouteInterval        time.Duration
-
-	rootCmd = &cobra.Command{
+	rootCmd                 = &cobra.Command{
 		Use:          "netbird",
 		Short:        "",
 		Long:         "",
@@ -109,24 +88,15 @@ func init() {
 	if runtime.GOOS == "windows" {
 		defaultDaemonAddr = "tcp://127.0.0.1:41731"
 	}
-
-	defaultServiceName := "netbird"
-	if runtime.GOOS == "windows" {
-		defaultServiceName = "Netbird"
-	}
-
 	rootCmd.PersistentFlags().StringVar(&daemonAddr, "daemon-addr", defaultDaemonAddr, "Daemon service address to serve CLI requests [unix|tcp]://[path|host:port]")
 	rootCmd.PersistentFlags().StringVarP(&managementURL, "management-url", "m", "", fmt.Sprintf("Management Service URL [http|https]://[host]:[port] (default \"%s\")", internal.DefaultManagementURL))
 	rootCmd.PersistentFlags().StringVar(&adminURL, "admin-url", "", fmt.Sprintf("Admin Panel URL [http|https]://[host]:[port] (default \"%s\")", internal.DefaultAdminURL))
-	rootCmd.PersistentFlags().StringVarP(&serviceName, "service", "s", defaultServiceName, "Netbird system service name")
 	rootCmd.PersistentFlags().StringVarP(&configPath, "config", "c", defaultConfigPath, "Netbird config file location")
 	rootCmd.PersistentFlags().StringVarP(&logLevel, "log-level", "l", "info", "sets Netbird log level")
 	rootCmd.PersistentFlags().StringVar(&logFile, "log-file", defaultLogFile, "sets Netbird log path. If console is specified the log will be output to stdout")
 	rootCmd.PersistentFlags().StringVarP(&setupKey, "setup-key", "k", "", "Setup key obtained from the Management Service Dashboard (used to register peer)")
 	rootCmd.PersistentFlags().StringVar(&preSharedKey, preSharedKeyFlag, "", "Sets Wireguard PreSharedKey property. If set, then only peers that have the same key can communicate.")
 	rootCmd.PersistentFlags().StringVarP(&hostName, "hostname", "n", "", "Sets a custom hostname for the device")
-	rootCmd.PersistentFlags().BoolVarP(&anonymizeFlag, "anonymize", "A", false, "anonymize IP addresses and non-netbird.io domains in logs and status output")
-
 	rootCmd.AddCommand(serviceCmd)
 	rootCmd.AddCommand(upCmd)
 	rootCmd.AddCommand(downCmd)
@@ -134,20 +104,8 @@ func init() {
 	rootCmd.AddCommand(loginCmd)
 	rootCmd.AddCommand(versionCmd)
 	rootCmd.AddCommand(sshCmd)
-	rootCmd.AddCommand(routesCmd)
-	rootCmd.AddCommand(debugCmd)
-
 	serviceCmd.AddCommand(runCmd, startCmd, stopCmd, restartCmd) // service control commands are subcommands of service
 	serviceCmd.AddCommand(installCmd, uninstallCmd)              // service installer commands are subcommands of service
-
-	routesCmd.AddCommand(routesListCmd)
-	routesCmd.AddCommand(routesSelectCmd, routesDeselectCmd)
-
-	debugCmd.AddCommand(debugBundleCmd)
-	debugCmd.AddCommand(logCmd)
-	logCmd.AddCommand(logLevelCmd)
-	debugCmd.AddCommand(forCmd)
-
 	upCmd.PersistentFlags().StringSliceVar(&natExternalIPs, externalIPMapFlag, nil,
 		`Sets external IPs maps between local addresses and interfaces.`+
 			`You can specify a comma-separated list with a single IP and IP/IP or IP/Interface Name. `+
@@ -161,10 +119,6 @@ func init() {
 			`An empty string "" clears the previous configuration. `+
 			`E.g. --dns-resolver-address 127.0.0.1:5053 or --dns-resolver-address ""`,
 	)
-	upCmd.PersistentFlags().BoolVar(&rosenpassEnabled, enableRosenpassFlag, false, "[Experimental] Enable Rosenpass feature. If enabled, the connection will be post-quantum secured via Rosenpass.")
-	upCmd.PersistentFlags().BoolVar(&rosenpassPermissive, rosenpassPermissiveFlag, false, "[Experimental] Enable Rosenpass in permissive mode to allow this peer to accept WireGuard connections without requiring Rosenpass functionality from peers that do not have Rosenpass enabled.")
-	upCmd.PersistentFlags().BoolVar(&serverSSHAllowed, serverSSHAllowedFlag, false, "Allow SSH server on peer. If enabled, the SSH server will be permitted")
-	upCmd.PersistentFlags().BoolVar(&autoConnectDisabled, disableAutoConnectFlag, false, "Disables auto-connect feature. If enabled, then the client won't connect automatically when the service starts.")
 }

 // SetupCloseHandler handles SIGTERM signal and exits with success
@@ -215,7 +169,7 @@ func FlagNameToEnvVar(cmdFlag string, prefix string) string {
 	return prefix + upper
 }

-// DialClientGRPCServer returns client connection to the daemon server.
+// DialClientGRPCServer returns client connection to the dameno server.
 func DialClientGRPCServer(ctx context.Context, addr string) (*grpc.ClientConn, error) {
 	ctx, cancel := context.WithTimeout(ctx, time.Second*3)
 	defer cancel()
@@ -355,17 +309,3 @@ func migrateToNetbird(oldPath, newPath string) bool {

 	return true
 }
-
-func getClient(cmd *cobra.Command) (*grpc.ClientConn, error) {
-	SetFlagsFromEnvVars(rootCmd)
-	cmd.SetOut(cmd.OutOrStdout())
-
-	conn, err := DialClientGRPCServer(cmd.Context(), daemonAddr)
-	if err != nil {
-		return nil, fmt.Errorf("failed to connect to daemon error: %v\n"+
-			"If the daemon is not running please run: "+
-			"\nnetbird service install \nnetbird service start\n", err)
-	}
-
-	return conn, nil
-}
--- a/client/cmd/route.go
+++ b/client/cmd/route.go
@@ -1,174 +0,0 @@
-package cmd
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/spf13/cobra"
-	"google.golang.org/grpc/status"
-
-	"github.com/netbirdio/netbird/client/proto"
-)
-
-var appendFlag bool
-
-var routesCmd = &cobra.Command{
-	Use:   "routes",
-	Short: "Manage network routes",
-	Long:  `Commands to list, select, or deselect network routes.`,
-}
-
-var routesListCmd = &cobra.Command{
-	Use:     "list",
-	Aliases: []string{"ls"},
-	Short:   "List routes",
-	Example: "  netbird routes list",
-	Long:    "List all available network routes.",
-	RunE:    routesList,
-}
-
-var routesSelectCmd = &cobra.Command{
-	Use:     "select route...|all",
-	Short:   "Select routes",
-	Long:    "Select a list of routes by identifiers or 'all' to clear all selections and to accept all (including new) routes.\nDefault mode is replace, use -a to append to already selected routes.",
-	Example: "  netbird routes select all\n  netbird routes select route1 route2\n  netbird routes select -a route3",
-	Args:    cobra.MinimumNArgs(1),
-	RunE:    routesSelect,
-}
-
-var routesDeselectCmd = &cobra.Command{
-	Use:     "deselect route...|all",
-	Short:   "Deselect routes",
-	Long:    "Deselect previously selected routes by identifiers or 'all' to disable accepting any routes.",
-	Example: "  netbird routes deselect all\n  netbird routes deselect route1 route2",
-	Args:    cobra.MinimumNArgs(1),
-	RunE:    routesDeselect,
-}
-
-func init() {
-	routesSelectCmd.PersistentFlags().BoolVarP(&appendFlag, "append", "a", false, "Append to current route selection instead of replacing")
-}
-
-func routesList(cmd *cobra.Command, _ []string) error {
-	conn, err := getClient(cmd)
-	if err != nil {
-		return err
-	}
-	defer conn.Close()
-
-	client := proto.NewDaemonServiceClient(conn)
-	resp, err := client.ListRoutes(cmd.Context(), &proto.ListRoutesRequest{})
-	if err != nil {
-		return fmt.Errorf("failed to list routes: %v", status.Convert(err).Message())
-	}
-
-	if len(resp.Routes) == 0 {
-		cmd.Println("No routes available.")
-		return nil
-	}
-
-	printRoutes(cmd, resp)
-
-	return nil
-}
-
-func printRoutes(cmd *cobra.Command, resp *proto.ListRoutesResponse) {
-	cmd.Println("Available Routes:")
-	for _, route := range resp.Routes {
-		printRoute(cmd, route)
-	}
-}
-
-func printRoute(cmd *cobra.Command, route *proto.Route) {
-	selectedStatus := getSelectedStatus(route)
-	domains := route.GetDomains()
-
-	if len(domains) > 0 {
-		printDomainRoute(cmd, route, domains, selectedStatus)
-	} else {
-		printNetworkRoute(cmd, route, selectedStatus)
-	}
-}
-
-func getSelectedStatus(route *proto.Route) string {
-	if route.GetSelected() {
-		return "Selected"
-	}
-	return "Not Selected"
-}
-
-func printDomainRoute(cmd *cobra.Command, route *proto.Route, domains []string, selectedStatus string) {
-	cmd.Printf("\n  - ID: %s\n    Domains: %s\n    Status: %s\n", route.GetID(), strings.Join(domains, ", "), selectedStatus)
-	resolvedIPs := route.GetResolvedIPs()
-
-	if len(resolvedIPs) > 0 {
-		printResolvedIPs(cmd, domains, resolvedIPs)
-	} else {
-		cmd.Printf("    Resolved IPs: -\n")
-	}
-}
-
-func printNetworkRoute(cmd *cobra.Command, route *proto.Route, selectedStatus string) {
-	cmd.Printf("\n  - ID: %s\n    Network: %s\n    Status: %s\n", route.GetID(), route.GetNetwork(), selectedStatus)
-}
-
-func printResolvedIPs(cmd *cobra.Command, domains []string, resolvedIPs map[string]*proto.IPList) {
-	cmd.Printf("    Resolved IPs:\n")
-	for _, domain := range domains {
-		if ipList, exists := resolvedIPs[domain]; exists {
-			cmd.Printf("      [%s]: %s\n", domain, strings.Join(ipList.GetIps(), ", "))
-		}
-	}
-}
-
-func routesSelect(cmd *cobra.Command, args []string) error {
-	conn, err := getClient(cmd)
-	if err != nil {
-		return err
-	}
-	defer conn.Close()
-
-	client := proto.NewDaemonServiceClient(conn)
-	req := &proto.SelectRoutesRequest{
-		RouteIDs: args,
-	}
-
-	if len(args) == 1 && args[0] == "all" {
-		req.All = true
-	} else if appendFlag {
-		req.Append = true
-	}
-
-	if _, err := client.SelectRoutes(cmd.Context(), req); err != nil {
-		return fmt.Errorf("failed to select routes: %v", status.Convert(err).Message())
-	}
-
-	cmd.Println("Routes selected successfully.")
-
-	return nil
-}
-
-func routesDeselect(cmd *cobra.Command, args []string) error {
-	conn, err := getClient(cmd)
-	if err != nil {
-		return err
-	}
-	defer conn.Close()
-
-	client := proto.NewDaemonServiceClient(conn)
-	req := &proto.SelectRoutesRequest{
-		RouteIDs: args,
-	}
-
-	if len(args) == 1 && args[0] == "all" {
-		req.All = true
-	}
-
-	if _, err := client.DeselectRoutes(cmd.Context(), req); err != nil {
-		return fmt.Errorf("failed to deselect routes: %v", status.Convert(err).Message())
-	}
-
-	cmd.Println("Routes deselected successfully.")
-
-	return nil
-}
--- a/client/cmd/service.go
+++ b/client/cmd/service.go
@@ -2,6 +2,8 @@ package cmd

 import (
 	"context"
+	"runtime"
+
 	"github.com/kardianos/service"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
@@ -22,8 +24,12 @@ func newProgram(ctx context.Context, cancel context.CancelFunc) *program {
 }

 func newSVCConfig() *service.Config {
+	name := "netbird"
+	if runtime.GOOS == "windows" {
+		name = "Netbird"
+	}
 	return &service.Config{
-		Name:        serviceName,
+		Name:        name,
 		DisplayName: "Netbird",
 		Description: "A WireGuard-based mesh network that connects your devices into a single private network.",
 		Option:      make(service.KeyValue),
--- a/client/cmd/service_controller.go
+++ b/client/cmd/service_controller.go
@@ -11,12 +11,11 @@ import (
 	"github.com/kardianos/service"
 	log "github.com/sirupsen/logrus"

-	"github.com/spf13/cobra"
-	"google.golang.org/grpc"
-
 	"github.com/netbirdio/netbird/client/proto"
 	"github.com/netbirdio/netbird/client/server"
 	"github.com/netbirdio/netbird/util"
+	"github.com/spf13/cobra"
+	"google.golang.org/grpc"
 )

 func (p *program) Start(svc service.Service) error {
@@ -110,6 +109,7 @@ var runCmd = &cobra.Command{
 		if err != nil {
 			return err
 		}
+		cmd.Printf("Netbird service is running")
 		return nil
 	},
 }
--- a/client/cmd/service_installer.go
+++ b/client/cmd/service_installer.go
@@ -64,10 +64,6 @@ var installCmd = &cobra.Command{
 			}
 		}

-		if runtime.GOOS == "windows" {
-			svcConfig.Option["OnFailure"] = "restart"
-		}
-
 		ctx, cancel := context.WithCancel(cmd.Context())

 		s, err := newSVC(newProgram(ctx, cancel), svcConfig)
@@ -81,7 +77,6 @@ var installCmd = &cobra.Command{
 			cmd.PrintErrln(err)
 			return err
 		}
-
 		cmd.Println("Netbird service has been installed")
 		return nil
 	},
@@ -111,7 +106,7 @@ var uninstallCmd = &cobra.Command{
 		if err != nil {
 			return err
 		}
-		cmd.Println("Netbird service has been uninstalled")
+		cmd.Println("Netbird has been uninstalled")
 		return nil
 	},
 }
--- a/client/cmd/ssh.go
+++ b/client/cmd/ssh.go
@@ -24,7 +24,7 @@ var (
 )

 var sshCmd = &cobra.Command{
-	Use: "ssh [user@]host",
+	Use: "ssh",
 	Args: func(cmd *cobra.Command, args []string) error {
 		if len(args) < 1 {
 			return errors.New("requires a host argument")
@@ -94,7 +94,7 @@ func runSSH(ctx context.Context, addr string, pemKey []byte, cmd *cobra.Command)
 	if err != nil {
 		cmd.Printf("Error: %v\n", err)
 		cmd.Printf("Couldn't connect. Please check the connection status or if the ssh server is enabled on the other peer" +
-			"\nYou can verify the connection by running:\n\n" +
+			"You can verify the connection by running:\n\n" +
 			" netbird status\n\n")
 		return err
 	}
--- a/client/cmd/status.go
+++ b/client/cmd/status.go
@@ -6,8 +6,6 @@ import (
 	"fmt"
 	"net"
 	"net/netip"
-	"os"
-	"runtime"
 	"sort"
 	"strings"
 	"time"
@@ -16,7 +14,6 @@ import (
 	"google.golang.org/grpc/status"
 	"gopkg.in/yaml.v3"

-	"github.com/netbirdio/netbird/client/anonymize"
 	"github.com/netbirdio/netbird/client/internal"
 	"github.com/netbirdio/netbird/client/internal/peer"
 	"github.com/netbirdio/netbird/client/proto"
@@ -25,21 +22,14 @@ import (
 )

 type peerStateDetailOutput struct {
-	FQDN                   string           `json:"fqdn" yaml:"fqdn"`
-	IP                     string           `json:"netbirdIp" yaml:"netbirdIp"`
-	PubKey                 string           `json:"publicKey" yaml:"publicKey"`
-	Status                 string           `json:"status" yaml:"status"`
-	LastStatusUpdate       time.Time        `json:"lastStatusUpdate" yaml:"lastStatusUpdate"`
-	ConnType               string           `json:"connectionType" yaml:"connectionType"`
-	Direct                 bool             `json:"direct" yaml:"direct"`
-	IceCandidateType       iceCandidateType `json:"iceCandidateType" yaml:"iceCandidateType"`
-	IceCandidateEndpoint   iceCandidateType `json:"iceCandidateEndpoint" yaml:"iceCandidateEndpoint"`
-	LastWireguardHandshake time.Time        `json:"lastWireguardHandshake" yaml:"lastWireguardHandshake"`
-	TransferReceived       int64            `json:"transferReceived" yaml:"transferReceived"`
-	TransferSent           int64            `json:"transferSent" yaml:"transferSent"`
-	Latency                time.Duration    `json:"latency" yaml:"latency"`
-	RosenpassEnabled       bool             `json:"quantumResistance" yaml:"quantumResistance"`
-	Routes                 []string         `json:"routes" yaml:"routes"`
+	FQDN             string           `json:"fqdn" yaml:"fqdn"`
+	IP               string           `json:"netbirdIp" yaml:"netbirdIp"`
+	PubKey           string           `json:"publicKey" yaml:"publicKey"`
+	Status           string           `json:"status" yaml:"status"`
+	LastStatusUpdate time.Time        `json:"lastStatusUpdate" yaml:"lastStatusUpdate"`
+	ConnType         string           `json:"connectionType" yaml:"connectionType"`
+	Direct           bool             `json:"direct" yaml:"direct"`
+	IceCandidateType iceCandidateType `json:"iceCandidateType" yaml:"iceCandidateType"`
 }

 type peersStateOutput struct {
@@ -51,25 +41,11 @@ type peersStateOutput struct {
 type signalStateOutput struct {
 	URL       string `json:"url" yaml:"url"`
 	Connected bool   `json:"connected" yaml:"connected"`
-	Error     string `json:"error" yaml:"error"`
 }

 type managementStateOutput struct {
 	URL       string `json:"url" yaml:"url"`
 	Connected bool   `json:"connected" yaml:"connected"`
-	Error     string `json:"error" yaml:"error"`
-}
-
-type relayStateOutputDetail struct {
-	URI       string `json:"uri" yaml:"uri"`
-	Available bool   `json:"available" yaml:"available"`
-	Error     string `json:"error" yaml:"error"`
-}
-
-type relayStateOutput struct {
-	Total     int                      `json:"total" yaml:"total"`
-	Available int                      `json:"available" yaml:"available"`
-	Details   []relayStateOutputDetail `json:"details" yaml:"details"`
 }

 type iceCandidateType struct {
@@ -77,28 +53,16 @@ type iceCandidateType struct {
 	Remote string `json:"remote" yaml:"remote"`
 }

-type nsServerGroupStateOutput struct {
-	Servers []string `json:"servers" yaml:"servers"`
-	Domains []string `json:"domains" yaml:"domains"`
-	Enabled bool     `json:"enabled" yaml:"enabled"`
-	Error   string   `json:"error" yaml:"error"`
-}
-
 type statusOutputOverview struct {
-	Peers               peersStateOutput           `json:"peers" yaml:"peers"`
-	CliVersion          string                     `json:"cliVersion" yaml:"cliVersion"`
-	DaemonVersion       string                     `json:"daemonVersion" yaml:"daemonVersion"`
-	ManagementState     managementStateOutput      `json:"management" yaml:"management"`
-	SignalState         signalStateOutput          `json:"signal" yaml:"signal"`
-	Relays              relayStateOutput           `json:"relays" yaml:"relays"`
-	IP                  string                     `json:"netbirdIp" yaml:"netbirdIp"`
-	PubKey              string                     `json:"publicKey" yaml:"publicKey"`
-	KernelInterface     bool                       `json:"usesKernelInterface" yaml:"usesKernelInterface"`
-	FQDN                string                     `json:"fqdn" yaml:"fqdn"`
-	RosenpassEnabled    bool                       `json:"quantumResistance" yaml:"quantumResistance"`
-	RosenpassPermissive bool                       `json:"quantumResistancePermissive" yaml:"quantumResistancePermissive"`
-	Routes              []string                   `json:"routes" yaml:"routes"`
-	NSServerGroups      []nsServerGroupStateOutput `json:"dnsServers" yaml:"dnsServers"`
+	Peers           peersStateOutput      `json:"peers" yaml:"peers"`
+	CliVersion      string                `json:"cliVersion" yaml:"cliVersion"`
+	DaemonVersion   string                `json:"daemonVersion" yaml:"daemonVersion"`
+	ManagementState managementStateOutput `json:"management" yaml:"management"`
+	SignalState     signalStateOutput     `json:"signal" yaml:"signal"`
+	IP              string                `json:"netbirdIp" yaml:"netbirdIp"`
+	PubKey          string                `json:"publicKey" yaml:"publicKey"`
+	KernelInterface bool                  `json:"usesKernelInterface" yaml:"usesKernelInterface"`
+	FQDN            string                `json:"fqdn" yaml:"fqdn"`
 }

 var (
@@ -147,9 +111,9 @@ func statusFunc(cmd *cobra.Command, args []string) error {
 		return fmt.Errorf("failed initializing log %v", err)
 	}

-	ctx := internal.CtxInitState(cmd.Context())
+	ctx := internal.CtxInitState(context.Background())

-	resp, err := getStatus(ctx)
+	resp, err := getStatus(ctx, cmd)
 	if err != nil {
 		return err
 	}
@@ -182,7 +146,7 @@ func statusFunc(cmd *cobra.Command, args []string) error {
 	case yamlFlag:
 		statusOutputString, err = parseToYAML(outputInformationHolder)
 	default:
-		statusOutputString = parseGeneralSummary(outputInformationHolder, false, false, false)
+		statusOutputString = parseGeneralSummary(outputInformationHolder, false)
 	}

 	if err != nil {
@@ -194,7 +158,7 @@ func statusFunc(cmd *cobra.Command, args []string) error {
 	return nil
 }

-func getStatus(ctx context.Context) (*proto.StatusResponse, error) {
+func getStatus(ctx context.Context, cmd *cobra.Command) (*proto.StatusResponse, error) {
 	conn, err := DialClientGRPCServer(ctx, daemonAddr)
 	if err != nil {
 		return nil, fmt.Errorf("failed to connect to daemon error: %v\n"+
@@ -203,7 +167,7 @@ func getStatus(ctx context.Context) (*proto.StatusResponse, error) {
 	}
 	defer conn.Close()

-	resp, err := proto.NewDaemonServiceClient(conn).Status(ctx, &proto.StatusRequest{GetFullPeerStatus: true})
+	resp, err := proto.NewDaemonServiceClient(conn).Status(cmd.Context(), &proto.StatusRequest{GetFullPeerStatus: true})
 	if err != nil {
 		return nil, fmt.Errorf("status failed: %v", status.Convert(err).Message())
 	}
@@ -256,94 +220,37 @@ func convertToStatusOutputOverview(resp *proto.StatusResponse) statusOutputOverv
 	managementOverview := managementStateOutput{
 		URL:       managementState.GetURL(),
 		Connected: managementState.GetConnected(),
-		Error:     managementState.Error,
 	}

 	signalState := pbFullStatus.GetSignalState()
 	signalOverview := signalStateOutput{
 		URL:       signalState.GetURL(),
 		Connected: signalState.GetConnected(),
-		Error:     signalState.Error,
 	}

-	relayOverview := mapRelays(pbFullStatus.GetRelays())
 	peersOverview := mapPeers(resp.GetFullStatus().GetPeers())

 	overview := statusOutputOverview{
-		Peers:               peersOverview,
-		CliVersion:          version.NetbirdVersion(),
-		DaemonVersion:       resp.GetDaemonVersion(),
-		ManagementState:     managementOverview,
-		SignalState:         signalOverview,
-		Relays:              relayOverview,
-		IP:                  pbFullStatus.GetLocalPeerState().GetIP(),
-		PubKey:              pbFullStatus.GetLocalPeerState().GetPubKey(),
-		KernelInterface:     pbFullStatus.GetLocalPeerState().GetKernelInterface(),
-		FQDN:                pbFullStatus.GetLocalPeerState().GetFqdn(),
-		RosenpassEnabled:    pbFullStatus.GetLocalPeerState().GetRosenpassEnabled(),
-		RosenpassPermissive: pbFullStatus.GetLocalPeerState().GetRosenpassPermissive(),
-		Routes:              pbFullStatus.GetLocalPeerState().GetRoutes(),
-		NSServerGroups:      mapNSGroups(pbFullStatus.GetDnsServers()),
-	}
-
-	if anonymizeFlag {
-		anonymizer := anonymize.NewAnonymizer(anonymize.DefaultAddresses())
-		anonymizeOverview(anonymizer, &overview)
+		Peers:           peersOverview,
+		CliVersion:      version.NetbirdVersion(),
+		DaemonVersion:   resp.GetDaemonVersion(),
+		ManagementState: managementOverview,
+		SignalState:     signalOverview,
+		IP:              pbFullStatus.GetLocalPeerState().GetIP(),
+		PubKey:          pbFullStatus.GetLocalPeerState().GetPubKey(),
+		KernelInterface: pbFullStatus.GetLocalPeerState().GetKernelInterface(),
+		FQDN:            pbFullStatus.GetLocalPeerState().GetFqdn(),
 	}

 	return overview
 }

-func mapRelays(relays []*proto.RelayState) relayStateOutput {
-	var relayStateDetail []relayStateOutputDetail
-
-	var relaysAvailable int
-	for _, relay := range relays {
-		available := relay.GetAvailable()
-		relayStateDetail = append(relayStateDetail,
-			relayStateOutputDetail{
-				URI:       relay.URI,
-				Available: available,
-				Error:     relay.GetError(),
-			},
-		)
-
-		if available {
-			relaysAvailable++
-		}
-	}
-
-	return relayStateOutput{
-		Total:     len(relays),
-		Available: relaysAvailable,
-		Details:   relayStateDetail,
-	}
-}
-
-func mapNSGroups(servers []*proto.NSGroupState) []nsServerGroupStateOutput {
-	mappedNSGroups := make([]nsServerGroupStateOutput, 0, len(servers))
-	for _, pbNsGroupServer := range servers {
-		mappedNSGroups = append(mappedNSGroups, nsServerGroupStateOutput{
-			Servers: pbNsGroupServer.GetServers(),
-			Domains: pbNsGroupServer.GetDomains(),
-			Enabled: pbNsGroupServer.GetEnabled(),
-			Error:   pbNsGroupServer.GetError(),
-		})
-	}
-	return mappedNSGroups
-}
-
 func mapPeers(peers []*proto.PeerState) peersStateOutput {
 	var peersStateDetail []peerStateDetailOutput
 	localICE := ""
 	remoteICE := ""
-	localICEEndpoint := ""
-	remoteICEEndpoint := ""
 	connType := ""
 	peersConnected := 0
-	lastHandshake := time.Time{}
-	transferReceived := int64(0)
-	transferSent := int64(0)
 	for _, pbPeerState := range peers {
 		isPeerConnected := pbPeerState.ConnStatus == peer.StatusConnected.String()
 		if skipDetailByFilters(pbPeerState, isPeerConnected) {
@@ -354,15 +261,10 @@ func mapPeers(peers []*proto.PeerState) peersStateOutput {

 			localICE = pbPeerState.GetLocalIceCandidateType()
 			remoteICE = pbPeerState.GetRemoteIceCandidateType()
-			localICEEndpoint = pbPeerState.GetLocalIceCandidateEndpoint()
-			remoteICEEndpoint = pbPeerState.GetRemoteIceCandidateEndpoint()
 			connType = "P2P"
 			if pbPeerState.Relayed {
 				connType = "Relayed"
 			}
-			lastHandshake = pbPeerState.GetLastWireguardHandshake().AsTime().Local()
-			transferReceived = pbPeerState.GetBytesRx()
-			transferSent = pbPeerState.GetBytesTx()
 		}

 		timeLocal := pbPeerState.GetConnStatusUpdate().AsTime().Local()
@@ -377,17 +279,7 @@ func mapPeers(peers []*proto.PeerState) peersStateOutput {
 				Local:  localICE,
 				Remote: remoteICE,
 			},
-			IceCandidateEndpoint: iceCandidateType{
-				Local:  localICEEndpoint,
-				Remote: remoteICEEndpoint,
-			},
-			FQDN:                   pbPeerState.GetFqdn(),
-			LastWireguardHandshake: lastHandshake,
-			TransferReceived:       transferReceived,
-			TransferSent:           transferSent,
-			Latency:                pbPeerState.GetLatency().AsDuration(),
-			RosenpassEnabled:       pbPeerState.GetRosenpassEnabled(),
-			Routes:                 pbPeerState.GetRoutes(),
+			FQDN: pbPeerState.GetFqdn(),
 		}

 		peersStateDetail = append(peersStateDetail, peerState)
@@ -437,31 +329,22 @@ func parseToYAML(overview statusOutputOverview) (string, error) {
 	return string(yamlBytes), nil
 }

-func parseGeneralSummary(overview statusOutputOverview, showURL bool, showRelays bool, showNameServers bool) string {
-	var managementConnString string
+func parseGeneralSummary(overview statusOutputOverview, showURL bool) string {
+
+	managementConnString := "Disconnected"
 	if overview.ManagementState.Connected {
 		managementConnString = "Connected"
 		if showURL {
 			managementConnString = fmt.Sprintf("%s to %s", managementConnString, overview.ManagementState.URL)
 		}
-	} else {
-		managementConnString = "Disconnected"
-		if overview.ManagementState.Error != "" {
-			managementConnString = fmt.Sprintf("%s, reason: %s", managementConnString, overview.ManagementState.Error)
-		}
 	}

-	var signalConnString string
+	signalConnString := "Disconnected"
 	if overview.SignalState.Connected {
 		signalConnString = "Connected"
 		if showURL {
 			signalConnString = fmt.Sprintf("%s to %s", signalConnString, overview.SignalState.URL)
 		}
-	} else {
-		signalConnString = "Disconnected"
-		if overview.SignalState.Error != "" {
-			signalConnString = fmt.Sprintf("%s, reason: %s", signalConnString, overview.SignalState.Error)
-		}
 	}

 	interfaceTypeString := "Userspace"
@@ -473,107 +356,32 @@ func parseGeneralSummary(overview statusOutputOverview, showURL bool, showRelays
 		interfaceIP = "N/A"
 	}

-	var relaysString string
-	if showRelays {
-		for _, relay := range overview.Relays.Details {
-			available := "Available"
-			reason := ""
-			if !relay.Available {
-				available = "Unavailable"
-				reason = fmt.Sprintf(", reason: %s", relay.Error)
-			}
-			relaysString += fmt.Sprintf("\n  [%s] is %s%s", relay.URI, available, reason)
-		}
-	} else {
-		relaysString = fmt.Sprintf("%d/%d Available", overview.Relays.Available, overview.Relays.Total)
-	}
-
-	routes := "-"
-	if len(overview.Routes) > 0 {
-		sort.Strings(overview.Routes)
-		routes = strings.Join(overview.Routes, ", ")
-	}
-
-	var dnsServersString string
-	if showNameServers {
-		for _, nsServerGroup := range overview.NSServerGroups {
-			enabled := "Available"
-			if !nsServerGroup.Enabled {
-				enabled = "Unavailable"
-			}
-			errorString := ""
-			if nsServerGroup.Error != "" {
-				errorString = fmt.Sprintf(", reason: %s", nsServerGroup.Error)
-				errorString = strings.TrimSpace(errorString)
-			}
-
-			domainsString := strings.Join(nsServerGroup.Domains, ", ")
-			if domainsString == "" {
-				domainsString = "." // Show "." for the default zone
-			}
-			dnsServersString += fmt.Sprintf(
-				"\n  [%s] for [%s] is %s%s",
-				strings.Join(nsServerGroup.Servers, ", "),
-				domainsString,
-				enabled,
-				errorString,
-			)
-		}
-	} else {
-		dnsServersString = fmt.Sprintf("%d/%d Available", countEnabled(overview.NSServerGroups), len(overview.NSServerGroups))
-	}
-
-	rosenpassEnabledStatus := "false"
-	if overview.RosenpassEnabled {
-		rosenpassEnabledStatus = "true"
-		if overview.RosenpassPermissive {
-			rosenpassEnabledStatus = "true (permissive)" //nolint:gosec
-		}
-	}
-
 	peersCountString := fmt.Sprintf("%d/%d Connected", overview.Peers.Connected, overview.Peers.Total)

-	goos := runtime.GOOS
-	goarch := runtime.GOARCH
-	goarm := ""
-	if goarch == "arm" {
-		goarm = fmt.Sprintf(" (ARMv%s)", os.Getenv("GOARM"))
-	}
-
 	summary := fmt.Sprintf(
-		"OS: %s\n"+
-			"Daemon version: %s\n"+
+		"Daemon version: %s\n"+
 			"CLI version: %s\n"+
 			"Management: %s\n"+
 			"Signal: %s\n"+
-			"Relays: %s\n"+
-			"Nameservers: %s\n"+
 			"FQDN: %s\n"+
 			"NetBird IP: %s\n"+
 			"Interface type: %s\n"+
-			"Quantum resistance: %s\n"+
-			"Routes: %s\n"+
 			"Peers count: %s\n",
-		fmt.Sprintf("%s/%s%s", goos, goarch, goarm),
 		overview.DaemonVersion,
 		version.NetbirdVersion(),
 		managementConnString,
 		signalConnString,
-		relaysString,
-		dnsServersString,
 		overview.FQDN,
 		interfaceIP,
 		interfaceTypeString,
-		rosenpassEnabledStatus,
-		routes,
 		peersCountString,
 	)
 	return summary
 }

 func parseToFullDetailSummary(overview statusOutputOverview) string {
-	parsedPeersString := parsePeers(overview.Peers, overview.RosenpassEnabled, overview.RosenpassPermissive)
-	summary := parseGeneralSummary(overview, true, true, true)
+	parsedPeersString := parsePeers(overview.Peers)
+	summary := parseGeneralSummary(overview, true)

 	return fmt.Sprintf(
 		"Peers detail:"+
@@ -584,7 +392,7 @@ func parseToFullDetailSummary(overview statusOutputOverview) string {
 	)
 }

-func parsePeers(peers peersStateOutput, rosenpassEnabled, rosenpassPermissive bool) string {
+func parsePeers(peers peersStateOutput) string {
 	var (
 		peersString = ""
 	)
@@ -601,39 +409,6 @@ func parsePeers(peers peersStateOutput, rosenpassEnabled, rosenpassPermissive bo
 			remoteICE = peerState.IceCandidateType.Remote
 		}

-		localICEEndpoint := "-"
-		if peerState.IceCandidateEndpoint.Local != "" {
-			localICEEndpoint = peerState.IceCandidateEndpoint.Local
-		}
-
-		remoteICEEndpoint := "-"
-		if peerState.IceCandidateEndpoint.Remote != "" {
-			remoteICEEndpoint = peerState.IceCandidateEndpoint.Remote
-		}
-
-		rosenpassEnabledStatus := "false"
-		if rosenpassEnabled {
-			if peerState.RosenpassEnabled {
-				rosenpassEnabledStatus = "true"
-			} else {
-				if rosenpassPermissive {
-					rosenpassEnabledStatus = "false (remote didn't enable quantum resistance)"
-				} else {
-					rosenpassEnabledStatus = "false (connection won't work without a permissive mode)"
-				}
-			}
-		} else {
-			if peerState.RosenpassEnabled {
-				rosenpassEnabledStatus = "false (connection might not work without a remote permissive mode)"
-			}
-		}
-
-		routes := "-"
-		if len(peerState.Routes) > 0 {
-			sort.Strings(peerState.Routes)
-			routes = strings.Join(peerState.Routes, ", ")
-		}
-
 		peerString := fmt.Sprintf(
 			"\n %s:\n"+
 				"  NetBird IP: %s\n"+
@@ -643,13 +418,7 @@ func parsePeers(peers peersStateOutput, rosenpassEnabled, rosenpassPermissive bo
 				"  Connection type: %s\n"+
 				"  Direct: %t\n"+
 				"  ICE candidate (Local/Remote): %s/%s\n"+
-				"  ICE candidate endpoints (Local/Remote): %s/%s\n"+
-				"  Last connection update: %s\n"+
-				"  Last WireGuard handshake: %s\n"+
-				"  Transfer status (received/sent) %s/%s\n"+
-				"  Quantum resistance: %s\n"+
-				"  Routes: %s\n"+
-				"  Latency: %s\n",
+				"  Last connection update: %s\n",
 			peerState.FQDN,
 			peerState.IP,
 			peerState.PubKey,
@@ -658,15 +427,7 @@ func parsePeers(peers peersStateOutput, rosenpassEnabled, rosenpassPermissive bo
 			peerState.Direct,
 			localICE,
 			remoteICE,
-			localICEEndpoint,
-			remoteICEEndpoint,
-			timeAgo(peerState.LastStatusUpdate),
-			timeAgo(peerState.LastWireguardHandshake),
-			toIEC(peerState.TransferReceived),
-			toIEC(peerState.TransferSent),
-			rosenpassEnabledStatus,
-			routes,
-			peerState.Latency.String(),
+			peerState.LastStatusUpdate.Format("2006-01-02 15:04:05"),
 		)

 		peersString += peerString
@@ -706,158 +467,3 @@ func skipDetailByFilters(peerState *proto.PeerState, isConnected bool) bool {

 	return statusEval || ipEval || nameEval
 }
-
-func toIEC(b int64) string {
-	const unit = 1024
-	if b < unit {
-		return fmt.Sprintf("%d B", b)
-	}
-	div, exp := int64(unit), 0
-	for n := b / unit; n >= unit; n /= unit {
-		div *= unit
-		exp++
-	}
-	return fmt.Sprintf("%.1f %ciB",
-		float64(b)/float64(div), "KMGTPE"[exp])
-}
-
-func countEnabled(dnsServers []nsServerGroupStateOutput) int {
-	count := 0
-	for _, server := range dnsServers {
-		if server.Enabled {
-			count++
-		}
-	}
-	return count
-}
-
-// timeAgo returns a string representing the duration since the provided time in a human-readable format.
-func timeAgo(t time.Time) string {
-	if t.IsZero() || t.Equal(time.Unix(0, 0)) {
-		return "-"
-	}
-	duration := time.Since(t)
-	switch {
-	case duration < time.Second:
-		return "Now"
-	case duration < time.Minute:
-		seconds := int(duration.Seconds())
-		if seconds == 1 {
-			return "1 second ago"
-		}
-		return fmt.Sprintf("%d seconds ago", seconds)
-	case duration < time.Hour:
-		minutes := int(duration.Minutes())
-		seconds := int(duration.Seconds()) % 60
-		if minutes == 1 {
-			if seconds == 1 {
-				return "1 minute, 1 second ago"
-			} else if seconds > 0 {
-				return fmt.Sprintf("1 minute, %d seconds ago", seconds)
-			}
-			return "1 minute ago"
-		}
-		if seconds > 0 {
-			return fmt.Sprintf("%d minutes, %d seconds ago", minutes, seconds)
-		}
-		return fmt.Sprintf("%d minutes ago", minutes)
-	case duration < 24*time.Hour:
-		hours := int(duration.Hours())
-		minutes := int(duration.Minutes()) % 60
-		if hours == 1 {
-			if minutes == 1 {
-				return "1 hour, 1 minute ago"
-			} else if minutes > 0 {
-				return fmt.Sprintf("1 hour, %d minutes ago", minutes)
-			}
-			return "1 hour ago"
-		}
-		if minutes > 0 {
-			return fmt.Sprintf("%d hours, %d minutes ago", hours, minutes)
-		}
-		return fmt.Sprintf("%d hours ago", hours)
-	}
-
-	days := int(duration.Hours()) / 24
-	hours := int(duration.Hours()) % 24
-	if days == 1 {
-		if hours == 1 {
-			return "1 day, 1 hour ago"
-		} else if hours > 0 {
-			return fmt.Sprintf("1 day, %d hours ago", hours)
-		}
-		return "1 day ago"
-	}
-	if hours > 0 {
-		return fmt.Sprintf("%d days, %d hours ago", days, hours)
-	}
-	return fmt.Sprintf("%d days ago", days)
-}
-
-func anonymizePeerDetail(a *anonymize.Anonymizer, peer *peerStateDetailOutput) {
-	peer.FQDN = a.AnonymizeDomain(peer.FQDN)
-	if localIP, port, err := net.SplitHostPort(peer.IceCandidateEndpoint.Local); err == nil {
-		peer.IceCandidateEndpoint.Local = fmt.Sprintf("%s:%s", a.AnonymizeIPString(localIP), port)
-	}
-	if remoteIP, port, err := net.SplitHostPort(peer.IceCandidateEndpoint.Remote); err == nil {
-		peer.IceCandidateEndpoint.Remote = fmt.Sprintf("%s:%s", a.AnonymizeIPString(remoteIP), port)
-	}
-	for i, route := range peer.Routes {
-		peer.Routes[i] = a.AnonymizeIPString(route)
-	}
-
-	for i, route := range peer.Routes {
-		peer.Routes[i] = anonymizeRoute(a, route)
-	}
-}
-
-func anonymizeOverview(a *anonymize.Anonymizer, overview *statusOutputOverview) {
-	for i, peer := range overview.Peers.Details {
-		peer := peer
-		anonymizePeerDetail(a, &peer)
-		overview.Peers.Details[i] = peer
-	}
-
-	overview.ManagementState.URL = a.AnonymizeURI(overview.ManagementState.URL)
-	overview.ManagementState.Error = a.AnonymizeString(overview.ManagementState.Error)
-	overview.SignalState.URL = a.AnonymizeURI(overview.SignalState.URL)
-	overview.SignalState.Error = a.AnonymizeString(overview.SignalState.Error)
-
-	overview.IP = a.AnonymizeIPString(overview.IP)
-	for i, detail := range overview.Relays.Details {
-		detail.URI = a.AnonymizeURI(detail.URI)
-		detail.Error = a.AnonymizeString(detail.Error)
-		overview.Relays.Details[i] = detail
-	}
-
-	for i, nsGroup := range overview.NSServerGroups {
-		for j, domain := range nsGroup.Domains {
-			overview.NSServerGroups[i].Domains[j] = a.AnonymizeDomain(domain)
-		}
-		for j, ns := range nsGroup.Servers {
-			host, port, err := net.SplitHostPort(ns)
-			if err == nil {
-				overview.NSServerGroups[i].Servers[j] = fmt.Sprintf("%s:%s", a.AnonymizeIPString(host), port)
-			}
-		}
-	}
-
-	for i, route := range overview.Routes {
-		overview.Routes[i] = anonymizeRoute(a, route)
-	}
-
-	overview.FQDN = a.AnonymizeDomain(overview.FQDN)
-}
-
-func anonymizeRoute(a *anonymize.Anonymizer, route string) string {
-	prefix, err := netip.ParsePrefix(route)
-	if err == nil {
-		ip := a.AnonymizeIPString(prefix.Addr().String())
-		return fmt.Sprintf("%s/%d", ip, prefix.Bits())
-	}
-	domains := strings.Split(route, ", ")
-	for i, domain := range domains {
-		domains[i] = a.AnonymizeDomain(domain)
-	}
-	return strings.Join(domains, ", ")
-}
--- a/client/cmd/status_test.go
+++ b/client/cmd/status_test.go
@@ -1,16 +1,10 @@
 package cmd

 import (
-	"bytes"
-	"encoding/json"
-	"fmt"
-	"runtime"
 	"testing"
 	"time"

 	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-	"google.golang.org/protobuf/types/known/durationpb"
 	"google.golang.org/protobuf/types/known/timestamppb"

 	"github.com/netbirdio/netbird/client/proto"
@@ -31,95 +25,41 @@ var resp = &proto.StatusResponse{
 	FullStatus: &proto.FullStatus{
 		Peers: []*proto.PeerState{
 			{
-				IP:                         "192.168.178.101",
-				PubKey:                     "Pubkey1",
-				Fqdn:                       "peer-1.awesome-domain.com",
-				ConnStatus:                 "Connected",
-				ConnStatusUpdate:           timestamppb.New(time.Date(2001, time.Month(1), 1, 1, 1, 1, 0, time.UTC)),
-				Relayed:                    false,
-				Direct:                     true,
-				LocalIceCandidateType:      "",
-				RemoteIceCandidateType:     "",
-				LocalIceCandidateEndpoint:  "",
-				RemoteIceCandidateEndpoint: "",
-				LastWireguardHandshake:     timestamppb.New(time.Date(2001, time.Month(1), 1, 1, 1, 2, 0, time.UTC)),
-				BytesRx:                    200,
-				BytesTx:                    100,
-				Routes: []string{
-					"10.1.0.0/24",
-				},
-				Latency: durationpb.New(time.Duration(10000000)),
+				IP:                     "192.168.178.101",
+				PubKey:                 "Pubkey1",
+				Fqdn:                   "peer-1.awesome-domain.com",
+				ConnStatus:             "Connected",
+				ConnStatusUpdate:       timestamppb.New(time.Date(2001, time.Month(1), 1, 1, 1, 1, 0, time.UTC)),
+				Relayed:                false,
+				Direct:                 true,
+				LocalIceCandidateType:  "",
+				RemoteIceCandidateType: "",
 			},
 			{
-				IP:                         "192.168.178.102",
-				PubKey:                     "Pubkey2",
-				Fqdn:                       "peer-2.awesome-domain.com",
-				ConnStatus:                 "Connected",
-				ConnStatusUpdate:           timestamppb.New(time.Date(2002, time.Month(2), 2, 2, 2, 2, 0, time.UTC)),
-				Relayed:                    true,
-				Direct:                     false,
-				LocalIceCandidateType:      "relay",
-				RemoteIceCandidateType:     "prflx",
-				LocalIceCandidateEndpoint:  "10.0.0.1:10001",
-				RemoteIceCandidateEndpoint: "10.0.10.1:10002",
-				LastWireguardHandshake:     timestamppb.New(time.Date(2002, time.Month(2), 2, 2, 2, 3, 0, time.UTC)),
-				BytesRx:                    2000,
-				BytesTx:                    1000,
-				Latency:                    durationpb.New(time.Duration(10000000)),
+				IP:                     "192.168.178.102",
+				PubKey:                 "Pubkey2",
+				Fqdn:                   "peer-2.awesome-domain.com",
+				ConnStatus:             "Connected",
+				ConnStatusUpdate:       timestamppb.New(time.Date(2002, time.Month(2), 2, 2, 2, 2, 0, time.UTC)),
+				Relayed:                true,
+				Direct:                 false,
+				LocalIceCandidateType:  "relay",
+				RemoteIceCandidateType: "prflx",
 			},
 		},
 		ManagementState: &proto.ManagementState{
 			URL:       "my-awesome-management.com:443",
 			Connected: true,
-			Error:     "",
 		},
 		SignalState: &proto.SignalState{
 			URL:       "my-awesome-signal.com:443",
 			Connected: true,
-			Error:     "",
-		},
-		Relays: []*proto.RelayState{
-			{
-				URI:       "stun:my-awesome-stun.com:3478",
-				Available: true,
-				Error:     "",
-			},
-			{
-				URI:       "turns:my-awesome-turn.com:443?transport=tcp",
-				Available: false,
-				Error:     "context: deadline exceeded",
-			},
 		},
 		LocalPeerState: &proto.LocalPeerState{
 			IP:              "192.168.178.100/16",
 			PubKey:          "Some-Pub-Key",
 			KernelInterface: true,
 			Fqdn:            "some-localhost.awesome-domain.com",
-			Routes: []string{
-				"10.10.0.0/24",
-			},
-		},
-		DnsServers: []*proto.NSGroupState{
-			{
-				Servers: []string{
-					"8.8.8.8:53",
-				},
-				Domains: nil,
-				Enabled: true,
-				Error:   "",
-			},
-			{
-				Servers: []string{
-					"1.1.1.1:53",
-					"2.2.2.2:53",
-				},
-				Domains: []string{
-					"example.com",
-					"example.net",
-				},
-				Enabled: false,
-				Error:   "timeout",
-			},
 		},
 	},
 	DaemonVersion: "0.14.1",
@@ -142,17 +82,6 @@ var overview = statusOutputOverview{
 					Local:  "",
 					Remote: "",
 				},
-				IceCandidateEndpoint: iceCandidateType{
-					Local:  "",
-					Remote: "",
-				},
-				LastWireguardHandshake: time.Date(2001, 1, 1, 1, 1, 2, 0, time.UTC),
-				TransferReceived:       200,
-				TransferSent:           100,
-				Routes: []string{
-					"10.1.0.0/24",
-				},
-				Latency: time.Duration(10000000),
 			},
 			{
 				IP:               "192.168.178.102",
@@ -166,14 +95,6 @@ var overview = statusOutputOverview{
 					Local:  "relay",
 					Remote: "prflx",
 				},
-				IceCandidateEndpoint: iceCandidateType{
-					Local:  "10.0.0.1:10001",
-					Remote: "10.0.10.1:10002",
-				},
-				LastWireguardHandshake: time.Date(2002, 2, 2, 2, 2, 3, 0, time.UTC),
-				TransferReceived:       2000,
-				TransferSent:           1000,
-				Latency:                time.Duration(10000000),
 			},
 		},
 	},
@@ -182,58 +103,15 @@ var overview = statusOutputOverview{
 	ManagementState: managementStateOutput{
 		URL:       "my-awesome-management.com:443",
 		Connected: true,
-		Error:     "",
 	},
 	SignalState: signalStateOutput{
 		URL:       "my-awesome-signal.com:443",
 		Connected: true,
-		Error:     "",
-	},
-	Relays: relayStateOutput{
-		Total:     2,
-		Available: 1,
-		Details: []relayStateOutputDetail{
-			{
-				URI:       "stun:my-awesome-stun.com:3478",
-				Available: true,
-				Error:     "",
-			},
-			{
-				URI:       "turns:my-awesome-turn.com:443?transport=tcp",
-				Available: false,
-				Error:     "context: deadline exceeded",
-			},
-		},
 	},
 	IP:              "192.168.178.100/16",
 	PubKey:          "Some-Pub-Key",
 	KernelInterface: true,
 	FQDN:            "some-localhost.awesome-domain.com",
-	NSServerGroups: []nsServerGroupStateOutput{
-		{
-			Servers: []string{
-				"8.8.8.8:53",
-			},
-			Domains: nil,
-			Enabled: true,
-			Error:   "",
-		},
-		{
-			Servers: []string{
-				"1.1.1.1:53",
-				"2.2.2.2:53",
-			},
-			Domains: []string{
-				"example.com",
-				"example.net",
-			},
-			Enabled: false,
-			Error:   "timeout",
-		},
-	},
-	Routes: []string{
-		"10.10.0.0/24",
-	},
 }

 func TestConversionFromFullStatusToOutputOverview(t *testing.T) {
@@ -267,309 +145,158 @@ func TestSortingOfPeers(t *testing.T) {
 }

 func TestParsingToJSON(t *testing.T) {
-	jsonString, _ := parseToJSON(overview)
+	json, _ := parseToJSON(overview)

 	//@formatter:off
-	expectedJSONString := `
-        {
-          "peers": {
-            "total": 2,
-            "connected": 2,
-            "details": [
-              {
-                "fqdn": "peer-1.awesome-domain.com",
-                "netbirdIp": "192.168.178.101",
-                "publicKey": "Pubkey1",
-                "status": "Connected",
-                "lastStatusUpdate": "2001-01-01T01:01:01Z",
-                "connectionType": "P2P",
-                "direct": true,
-                "iceCandidateType": {
-                  "local": "",
-                  "remote": ""
-                },
-                "iceCandidateEndpoint": {
-                  "local": "",
-                  "remote": ""
-                },
-                "lastWireguardHandshake": "2001-01-01T01:01:02Z",
-                "transferReceived": 200,
-                "transferSent": 100,
-				"latency": 10000000,
-                "quantumResistance": false,
-                "routes": [
-                  "10.1.0.0/24"
-                ]
-              },
-              {
-                "fqdn": "peer-2.awesome-domain.com",
-                "netbirdIp": "192.168.178.102",
-                "publicKey": "Pubkey2",
-                "status": "Connected",
-                "lastStatusUpdate": "2002-02-02T02:02:02Z",
-                "connectionType": "Relayed",
-                "direct": false,
-                "iceCandidateType": {
-                  "local": "relay",
-                  "remote": "prflx"
-                },
-                "iceCandidateEndpoint": {
-                  "local": "10.0.0.1:10001",
-                  "remote": "10.0.10.1:10002"
-                },
-                "lastWireguardHandshake": "2002-02-02T02:02:03Z",
-                "transferReceived": 2000,
-                "transferSent": 1000,
-				"latency": 10000000,
-                "quantumResistance": false,
-                "routes": null
-              }
-            ]
-          },
-          "cliVersion": "development",
-          "daemonVersion": "0.14.1",
-          "management": {
-            "url": "my-awesome-management.com:443",
-            "connected": true,
-            "error": ""
-          },
-          "signal": {
-            "url": "my-awesome-signal.com:443",
-            "connected": true,
-            "error": ""
-          },
-          "relays": {
-            "total": 2,
-            "available": 1,
-            "details": [
-              {
-                "uri": "stun:my-awesome-stun.com:3478",
-                "available": true,
-                "error": ""
-              },
-              {
-                "uri": "turns:my-awesome-turn.com:443?transport=tcp",
-                "available": false,
-                "error": "context: deadline exceeded"
-              }
-            ]
-          },
-          "netbirdIp": "192.168.178.100/16",
-          "publicKey": "Some-Pub-Key",
-          "usesKernelInterface": true,
-          "fqdn": "some-localhost.awesome-domain.com",
-          "quantumResistance": false,
-          "quantumResistancePermissive": false,
-          "routes": [
-            "10.10.0.0/24"
-          ],
-          "dnsServers": [
-            {
-              "servers": [
-                "8.8.8.8:53"
-              ],
-              "domains": null,
-              "enabled": true,
-              "error": ""
-            },
-            {
-              "servers": [
-                "1.1.1.1:53",
-                "2.2.2.2:53"
-              ],
-              "domains": [
-                "example.com",
-                "example.net"
-              ],
-              "enabled": false,
-              "error": "timeout"
-            }
-          ]
-        }`
+	expectedJSON := "{\"" +
+		"peers\":" +
+		"{" +
+		"\"total\":2," +
+		"\"connected\":2," +
+		"\"details\":" +
+		"[" +
+		"{" +
+		"\"fqdn\":\"peer-1.awesome-domain.com\"," +
+		"\"netbirdIp\":\"192.168.178.101\"," +
+		"\"publicKey\":\"Pubkey1\"," +
+		"\"status\":\"Connected\"," +
+		"\"lastStatusUpdate\":\"2001-01-01T01:01:01Z\"," +
+		"\"connectionType\":\"P2P\"," +
+		"\"direct\":true," +
+		"\"iceCandidateType\":" +
+		"{" +
+		"\"local\":\"\"," +
+		"\"remote\":\"\"" +
+		"}" +
+		"}," +
+		"{" +
+		"\"fqdn\":\"peer-2.awesome-domain.com\"," +
+		"\"netbirdIp\":\"192.168.178.102\"," +
+		"\"publicKey\":\"Pubkey2\"," +
+		"\"status\":\"Connected\"," +
+		"\"lastStatusUpdate\":\"2002-02-02T02:02:02Z\"," +
+		"\"connectionType\":\"Relayed\"," +
+		"\"direct\":false," +
+		"\"iceCandidateType\":" +
+		"{" +
+		"\"local\":\"relay\"," +
+		"\"remote\":\"prflx\"" +
+		"}" +
+		"}" +
+		"]" +
+		"}," +
+		"\"cliVersion\":\"development\"," +
+		"\"daemonVersion\":\"0.14.1\"," +
+		"\"management\":" +
+		"{" +
+		"\"url\":\"my-awesome-management.com:443\"," +
+		"\"connected\":true" +
+		"}," +
+		"\"signal\":" +
+		"{\"" +
+		"url\":\"my-awesome-signal.com:443\"," +
+		"\"connected\":true" +
+		"}," +
+		"\"netbirdIp\":\"192.168.178.100/16\"," +
+		"\"publicKey\":\"Some-Pub-Key\"," +
+		"\"usesKernelInterface\":true," +
+		"\"fqdn\":\"some-localhost.awesome-domain.com\"" +
+		"}"
 	// @formatter:on

-	var expectedJSON bytes.Buffer
-	require.NoError(t, json.Compact(&expectedJSON, []byte(expectedJSONString)))
-
-	assert.Equal(t, expectedJSON.String(), jsonString)
+	assert.Equal(t, expectedJSON, json)
 }

 func TestParsingToYAML(t *testing.T) {
 	yaml, _ := parseToYAML(overview)

-	expectedYAML :=
-		`peers:
-    total: 2
-    connected: 2
-    details:
-        - fqdn: peer-1.awesome-domain.com
-          netbirdIp: 192.168.178.101
-          publicKey: Pubkey1
-          status: Connected
-          lastStatusUpdate: 2001-01-01T01:01:01Z
-          connectionType: P2P
-          direct: true
-          iceCandidateType:
-            local: ""
-            remote: ""
-          iceCandidateEndpoint:
-            local: ""
-            remote: ""
-          lastWireguardHandshake: 2001-01-01T01:01:02Z
-          transferReceived: 200
-          transferSent: 100
-          latency: 10ms
-          quantumResistance: false
-          routes:
-            - 10.1.0.0/24
-        - fqdn: peer-2.awesome-domain.com
-          netbirdIp: 192.168.178.102
-          publicKey: Pubkey2
-          status: Connected
-          lastStatusUpdate: 2002-02-02T02:02:02Z
-          connectionType: Relayed
-          direct: false
-          iceCandidateType:
-            local: relay
-            remote: prflx
-          iceCandidateEndpoint:
-            local: 10.0.0.1:10001
-            remote: 10.0.10.1:10002
-          lastWireguardHandshake: 2002-02-02T02:02:03Z
-          transferReceived: 2000
-          transferSent: 1000
-          latency: 10ms
-          quantumResistance: false
-          routes: []
-cliVersion: development
-daemonVersion: 0.14.1
-management:
-    url: my-awesome-management.com:443
-    connected: true
-    error: ""
-signal:
-    url: my-awesome-signal.com:443
-    connected: true
-    error: ""
-relays:
-    total: 2
-    available: 1
-    details:
-        - uri: stun:my-awesome-stun.com:3478
-          available: true
-          error: ""
-        - uri: turns:my-awesome-turn.com:443?transport=tcp
-          available: false
-          error: 'context: deadline exceeded'
-netbirdIp: 192.168.178.100/16
-publicKey: Some-Pub-Key
-usesKernelInterface: true
-fqdn: some-localhost.awesome-domain.com
-quantumResistance: false
-quantumResistancePermissive: false
-routes:
-    - 10.10.0.0/24
-dnsServers:
-    - servers:
-        - 8.8.8.8:53
-      domains: []
-      enabled: true
-      error: ""
-    - servers:
-        - 1.1.1.1:53
-        - 2.2.2.2:53
-      domains:
-        - example.com
-        - example.net
-      enabled: false
-      error: timeout
-`
+	expectedYAML := "peers:\n" +
+		"    total: 2\n" +
+		"    connected: 2\n" +
+		"    details:\n" +
+		"        - fqdn: peer-1.awesome-domain.com\n" +
+		"          netbirdIp: 192.168.178.101\n" +
+		"          publicKey: Pubkey1\n" +
+		"          status: Connected\n" +
+		"          lastStatusUpdate: 2001-01-01T01:01:01Z\n" +
+		"          connectionType: P2P\n" +
+		"          direct: true\n" +
+		"          iceCandidateType:\n" +
+		"            local: \"\"\n" +
+		"            remote: \"\"\n" +
+		"        - fqdn: peer-2.awesome-domain.com\n" +
+		"          netbirdIp: 192.168.178.102\n" +
+		"          publicKey: Pubkey2\n" +
+		"          status: Connected\n" +
+		"          lastStatusUpdate: 2002-02-02T02:02:02Z\n" +
+		"          connectionType: Relayed\n" +
+		"          direct: false\n" +
+		"          iceCandidateType:\n" +
+		"            local: relay\n" +
+		"            remote: prflx\n" +
+		"cliVersion: development\n" +
+		"daemonVersion: 0.14.1\n" +
+		"management:\n" +
+		"    url: my-awesome-management.com:443\n" +
+		"    connected: true\n" +
+		"signal:\n" +
+		"    url: my-awesome-signal.com:443\n" +
+		"    connected: true\n" +
+		"netbirdIp: 192.168.178.100/16\n" +
+		"publicKey: Some-Pub-Key\n" +
+		"usesKernelInterface: true\n" +
+		"fqdn: some-localhost.awesome-domain.com\n"

 	assert.Equal(t, expectedYAML, yaml)
 }

 func TestParsingToDetail(t *testing.T) {
-	// Calculate time ago based on the fixture dates
-	lastConnectionUpdate1 := timeAgo(overview.Peers.Details[0].LastStatusUpdate)
-	lastHandshake1 := timeAgo(overview.Peers.Details[0].LastWireguardHandshake)
-	lastConnectionUpdate2 := timeAgo(overview.Peers.Details[1].LastStatusUpdate)
-	lastHandshake2 := timeAgo(overview.Peers.Details[1].LastWireguardHandshake)
-
 	detail := parseToFullDetailSummary(overview)

-	expectedDetail := fmt.Sprintf(
-		`Peers detail:
- peer-1.awesome-domain.com:
-  NetBird IP: 192.168.178.101
-  Public key: Pubkey1
-  Status: Connected
-  -- detail --
-  Connection type: P2P
-  Direct: true
-  ICE candidate (Local/Remote): -/-
-  ICE candidate endpoints (Local/Remote): -/-
-  Last connection update: %s
-  Last WireGuard handshake: %s
-  Transfer status (received/sent) 200 B/100 B
-  Quantum resistance: false
-  Routes: 10.1.0.0/24
-  Latency: 10ms
-
- peer-2.awesome-domain.com:
-  NetBird IP: 192.168.178.102
-  Public key: Pubkey2
-  Status: Connected
-  -- detail --
-  Connection type: Relayed
-  Direct: false
-  ICE candidate (Local/Remote): relay/prflx
-  ICE candidate endpoints (Local/Remote): 10.0.0.1:10001/10.0.10.1:10002
-  Last connection update: %s
-  Last WireGuard handshake: %s
-  Transfer status (received/sent) 2.0 KiB/1000 B
-  Quantum resistance: false
-  Routes: -
-  Latency: 10ms
-
-OS: %s/%s
-Daemon version: 0.14.1
-CLI version: %s
-Management: Connected to my-awesome-management.com:443
-Signal: Connected to my-awesome-signal.com:443
-Relays: 
-  [stun:my-awesome-stun.com:3478] is Available
-  [turns:my-awesome-turn.com:443?transport=tcp] is Unavailable, reason: context: deadline exceeded
-Nameservers: 
-  [8.8.8.8:53] for [.] is Available
-  [1.1.1.1:53, 2.2.2.2:53] for [example.com, example.net] is Unavailable, reason: timeout
-FQDN: some-localhost.awesome-domain.com
-NetBird IP: 192.168.178.100/16
-Interface type: Kernel
-Quantum resistance: false
-Routes: 10.10.0.0/24
-Peers count: 2/2 Connected
-`, lastConnectionUpdate1, lastHandshake1, lastConnectionUpdate2, lastHandshake2, runtime.GOOS, runtime.GOARCH, overview.CliVersion)
+	expectedDetail := "Peers detail:\n" +
+		" peer-1.awesome-domain.com:\n" +
+		"  NetBird IP: 192.168.178.101\n" +
+		"  Public key: Pubkey1\n" +
+		"  Status: Connected\n" +
+		"  -- detail --\n" +
+		"  Connection type: P2P\n" +
+		"  Direct: true\n" +
+		"  ICE candidate (Local/Remote): -/-\n" +
+		"  Last connection update: 2001-01-01 01:01:01\n" +
+		"\n" +
+		" peer-2.awesome-domain.com:\n" +
+		"  NetBird IP: 192.168.178.102\n" +
+		"  Public key: Pubkey2\n" +
+		"  Status: Connected\n" +
+		"  -- detail --\n" +
+		"  Connection type: Relayed\n" +
+		"  Direct: false\n" +
+		"  ICE candidate (Local/Remote): relay/prflx\n" +
+		"  Last connection update: 2002-02-02 02:02:02\n" +
+		"\n" +
+		"Daemon version: 0.14.1\n" +
+		"CLI version: development\n" +
+		"Management: Connected to my-awesome-management.com:443\n" +
+		"Signal: Connected to my-awesome-signal.com:443\n" +
+		"FQDN: some-localhost.awesome-domain.com\n" +
+		"NetBird IP: 192.168.178.100/16\n" +
+		"Interface type: Kernel\n" +
+		"Peers count: 2/2 Connected\n"

 	assert.Equal(t, expectedDetail, detail)
 }

 func TestParsingToShortVersion(t *testing.T) {
-	shortVersion := parseGeneralSummary(overview, false, false, false)
+	shortVersion := parseGeneralSummary(overview, false)

-	expectedString := fmt.Sprintf("OS: %s/%s", runtime.GOOS, runtime.GOARCH) + `
-Daemon version: 0.14.1
-CLI version: development
-Management: Connected
-Signal: Connected
-Relays: 1/2 Available
-Nameservers: 1/2 Available
-FQDN: some-localhost.awesome-domain.com
-NetBird IP: 192.168.178.100/16
-Interface type: Kernel
-Quantum resistance: false
-Routes: 10.10.0.0/24
-Peers count: 2/2 Connected
-`
+	expectedString := "Daemon version: 0.14.1\n" +
+		"CLI version: development\n" +
+		"Management: Connected\n" +
+		"Signal: Connected\n" +
+		"FQDN: some-localhost.awesome-domain.com\n" +
+		"NetBird IP: 192.168.178.100/16\n" +
+		"Interface type: Kernel\n" +
+		"Peers count: 2/2 Connected\n"

 	assert.Equal(t, expectedString, shortVersion)
 }
@@ -581,31 +308,3 @@ func TestParsingOfIP(t *testing.T) {

 	assert.Equal(t, "192.168.178.123\n", parsedIP)
 }
-
-func TestTimeAgo(t *testing.T) {
-	now := time.Now()
-
-	cases := []struct {
-		name     string
-		input    time.Time
-		expected string
-	}{
-		{"Now", now, "Now"},
-		{"Seconds ago", now.Add(-10 * time.Second), "10 seconds ago"},
-		{"One minute ago", now.Add(-1 * time.Minute), "1 minute ago"},
-		{"Minutes and seconds ago", now.Add(-(1*time.Minute + 30*time.Second)), "1 minute, 30 seconds ago"},
-		{"One hour ago", now.Add(-1 * time.Hour), "1 hour ago"},
-		{"Hours and minutes ago", now.Add(-(2*time.Hour + 15*time.Minute)), "2 hours, 15 minutes ago"},
-		{"One day ago", now.Add(-24 * time.Hour), "1 day ago"},
-		{"Multiple days ago", now.Add(-(72*time.Hour + 20*time.Minute)), "3 days ago"},
-		{"Zero time", time.Time{}, "-"},
-		{"Unix zero time", time.Unix(0, 0), "-"},
-	}
-
-	for _, tc := range cases {
-		t.Run(tc.name, func(t *testing.T) {
-			result := timeAgo(tc.input)
-			assert.Equal(t, tc.expected, result, "Failed %s", tc.name)
-		})
-	}
-}
--- a/client/cmd/testutil_test.go
+++ b/client/cmd/testutil_test.go
@@ -7,17 +7,12 @@ import (
 	"testing"
 	"time"

-	"github.com/stretchr/testify/require"
-	"go.opentelemetry.io/otel"
-
 	"github.com/netbirdio/netbird/management/server/activity"

 	"github.com/netbirdio/netbird/util"

 	"google.golang.org/grpc"

-	"github.com/netbirdio/management-integrations/integrations"
-
 	clientProto "github.com/netbirdio/netbird/client/proto"
 	client "github.com/netbirdio/netbird/client/server"
 	mgmtProto "github.com/netbirdio/netbird/management/proto"
@@ -56,10 +51,7 @@ func startSignal(t *testing.T) (*grpc.Server, net.Listener) {
 		t.Fatal(err)
 	}
 	s := grpc.NewServer()
-	srv, err := sig.NewServer(otel.Meter(""))
-	require.NoError(t, err)
-
-	sigProto.RegisterSignalExchangeServer(s, srv)
+	sigProto.RegisterSignalExchangeServer(s, sig.NewServer())
 	go func() {
 		if err := s.Serve(lis); err != nil {
 			panic(err)
@@ -76,24 +68,23 @@ func startManagement(t *testing.T, config *mgmt.Config) (*grpc.Server, net.Liste
 		t.Fatal(err)
 	}
 	s := grpc.NewServer()
-	store, cleanUp, err := mgmt.NewTestStoreFromJson(context.Background(), config.Datadir)
+	store, err := mgmt.NewStoreFromJson(config.Datadir, nil)
 	if err != nil {
 		t.Fatal(err)
 	}
-	t.Cleanup(cleanUp)

 	peersUpdateManager := mgmt.NewPeersUpdateManager(nil)
 	eventStore := &activity.InMemoryEventStore{}
 	if err != nil {
 		return nil, nil
 	}
-	iv, _ := integrations.NewIntegratedValidator(context.Background(), eventStore)
-	accountManager, err := mgmt.BuildManager(context.Background(), store, peersUpdateManager, nil, "", "netbird.selfhosted", eventStore, nil, false, iv)
+	accountManager, err := mgmt.BuildManager(store, peersUpdateManager, nil, "", "",
+		eventStore, false)
 	if err != nil {
 		t.Fatal(err)
 	}
 	turnManager := mgmt.NewTimeBasedAuthSecretsManager(peersUpdateManager, config.TURNConfig)
-	mgmtServer, err := mgmt.NewServer(context.Background(), config, accountManager, peersUpdateManager, turnManager, nil, nil)
+	mgmtServer, err := mgmt.NewServer(config, accountManager, peersUpdateManager, turnManager, nil, nil)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -108,7 +99,7 @@ func startManagement(t *testing.T, config *mgmt.Config) (*grpc.Server, net.Liste
 }

 func startClientDaemon(
-	t *testing.T, ctx context.Context, _, configPath string,
+	t *testing.T, ctx context.Context, managementURL, configPath string,
 ) (*grpc.Server, net.Listener) {
 	t.Helper()
 	lis, err := net.Listen("tcp", "127.0.0.1:0")
--- a/client/cmd/up.go
+++ b/client/cmd/up.go
@@ -5,21 +5,17 @@ import (
 	"fmt"
 	"net"
 	"net/netip"
-	"runtime"
 	"strings"
-	"time"

 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 	"google.golang.org/grpc/codes"
 	gstatus "google.golang.org/grpc/status"
-	"google.golang.org/protobuf/types/known/durationpb"

 	"github.com/netbirdio/netbird/client/internal"
 	"github.com/netbirdio/netbird/client/internal/peer"
 	"github.com/netbirdio/netbird/client/proto"
 	"github.com/netbirdio/netbird/client/system"
-	"github.com/netbirdio/netbird/iface"
 	"github.com/netbirdio/netbird/util"
 )

@@ -40,14 +36,6 @@ var (

 func init() {
 	upCmd.PersistentFlags().BoolVarP(&foregroundMode, "foreground-mode", "F", false, "start service in foreground")
-	upCmd.PersistentFlags().StringVar(&interfaceName, interfaceNameFlag, iface.WgInterfaceDefault, "Wireguard interface name")
-	upCmd.PersistentFlags().Uint16Var(&wireguardPort, wireguardPortFlag, iface.DefaultWgPort, "Wireguard interface listening port")
-	upCmd.PersistentFlags().BoolVarP(&networkMonitor, networkMonitorFlag, "N", networkMonitor,
-		`Manage network monitoring. Defaults to true on Windows and macOS, false on Linux. `+
-			`E.g. --network-monitor=false to disable or --network-monitor=true to enable.`,
-	)
-	upCmd.PersistentFlags().StringSliceVar(&extraIFaceBlackList, extraIFaceBlackListFlag, nil, "Extra list of default interfaces to ignore for listening")
-	upCmd.PersistentFlags().DurationVar(&dnsRouteInterval, dnsRouteIntervalFlag, time.Minute, "DNS route update interval")
 }

 func upFunc(cmd *cobra.Command, args []string) error {
@@ -91,68 +79,23 @@ func runInForegroundMode(ctx context.Context, cmd *cobra.Command) error {
 	}

 	ic := internal.ConfigInput{
-		ManagementURL:       managementURL,
-		AdminURL:            adminURL,
-		ConfigPath:          configPath,
-		NATExternalIPs:      natExternalIPs,
-		CustomDNSAddress:    customDNSAddressConverted,
-		ExtraIFaceBlackList: extraIFaceBlackList,
-	}
-
-	if cmd.Flag(enableRosenpassFlag).Changed {
-		ic.RosenpassEnabled = &rosenpassEnabled
-	}
-
-	if cmd.Flag(rosenpassPermissiveFlag).Changed {
-		ic.RosenpassPermissive = &rosenpassPermissive
-	}
-
-	if cmd.Flag(serverSSHAllowedFlag).Changed {
-		ic.ServerSSHAllowed = &serverSSHAllowed
-	}
-
-	if cmd.Flag(interfaceNameFlag).Changed {
-		if err := parseInterfaceName(interfaceName); err != nil {
-			return err
-		}
-		ic.InterfaceName = &interfaceName
-	}
-
-	if cmd.Flag(wireguardPortFlag).Changed {
-		p := int(wireguardPort)
-		ic.WireguardPort = &p
-	}
-
-	if cmd.Flag(networkMonitorFlag).Changed {
-		ic.NetworkMonitor = &networkMonitor
+		ManagementURL:    managementURL,
+		AdminURL:         adminURL,
+		ConfigPath:       configPath,
+		NATExternalIPs:   natExternalIPs,
+		CustomDNSAddress: customDNSAddressConverted,
 	}

 	if rootCmd.PersistentFlags().Changed(preSharedKeyFlag) {
 		ic.PreSharedKey = &preSharedKey
 	}

-	if cmd.Flag(disableAutoConnectFlag).Changed {
-		ic.DisableAutoConnect = &autoConnectDisabled
-
-		if autoConnectDisabled {
-			cmd.Println("Autoconnect has been disabled. The client won't connect automatically when the service starts.")
-		}
-
-		if !autoConnectDisabled {
-			cmd.Println("Autoconnect has been enabled. The client will connect automatically when the service starts.")
-		}
-	}
-
-	if cmd.Flag(dnsRouteIntervalFlag).Changed {
-		ic.DNSRouteInterval = &dnsRouteInterval
-	}
-
 	config, err := internal.UpdateOrCreateConfig(ic)
 	if err != nil {
 		return fmt.Errorf("get config file: %v", err)
 	}

-	config, _ = internal.UpdateOldManagementURL(ctx, config, configPath)
+	config, _ = internal.UpdateOldManagementPort(ctx, config, configPath)

 	err = foregroundLogin(ctx, cmd, config, setupKey)
 	if err != nil {
@@ -162,12 +105,11 @@ func runInForegroundMode(ctx context.Context, cmd *cobra.Command) error {
 	var cancel context.CancelFunc
 	ctx, cancel = context.WithCancel(ctx)
 	SetupCloseHandler(ctx, cancel)
-
-	connectClient := internal.NewConnectClient(ctx, config, peer.NewRecorder(config.ManagementURL.String()))
-	return connectClient.Run()
+	return internal.RunClient(ctx, config, peer.NewRecorder(config.ManagementURL.String()))
 }

 func runInDaemonMode(ctx context.Context, cmd *cobra.Command) error {
+
 	customDNSAddressConverted, err := parseCustomDNSAddress(cmd.Flag(dnsResolverAddress).Changed)
 	if err != nil {
 		return err
@@ -201,6 +143,7 @@ func runInDaemonMode(ctx context.Context, cmd *cobra.Command) error {

 	loginRequest := proto.LoginRequest{
 		SetupKey:             setupKey,
+		PreSharedKey:         preSharedKey,
 		ManagementUrl:        managementURL,
 		AdminURL:             adminURL,
 		NatExternalIPs:       natExternalIPs,
@@ -208,47 +151,6 @@ func runInDaemonMode(ctx context.Context, cmd *cobra.Command) error {
 		CustomDNSAddress:     customDNSAddressConverted,
 		IsLinuxDesktopClient: isLinuxRunningDesktop(),
 		Hostname:             hostName,
-		ExtraIFaceBlacklist:  extraIFaceBlackList,
-	}
-
-	if rootCmd.PersistentFlags().Changed(preSharedKeyFlag) {
-		loginRequest.OptionalPreSharedKey = &preSharedKey
-	}
-
-	if cmd.Flag(enableRosenpassFlag).Changed {
-		loginRequest.RosenpassEnabled = &rosenpassEnabled
-	}
-
-	if cmd.Flag(rosenpassPermissiveFlag).Changed {
-		loginRequest.RosenpassPermissive = &rosenpassPermissive
-	}
-
-	if cmd.Flag(serverSSHAllowedFlag).Changed {
-		loginRequest.ServerSSHAllowed = &serverSSHAllowed
-	}
-
-	if cmd.Flag(disableAutoConnectFlag).Changed {
-		loginRequest.DisableAutoConnect = &autoConnectDisabled
-	}
-
-	if cmd.Flag(interfaceNameFlag).Changed {
-		if err := parseInterfaceName(interfaceName); err != nil {
-			return err
-		}
-		loginRequest.InterfaceName = &interfaceName
-	}
-
-	if cmd.Flag(wireguardPortFlag).Changed {
-		wp := int64(wireguardPort)
-		loginRequest.WireguardPort = &wp
-	}
-
-	if cmd.Flag(networkMonitorFlag).Changed {
-		loginRequest.NetworkMonitor = &networkMonitor
-	}
-
-	if cmd.Flag(dnsRouteIntervalFlag).Changed {
-		loginRequest.DnsRouteInterval = durationpb.New(dnsRouteInterval)
 	}

 	var loginErr error
@@ -322,18 +224,6 @@ func validateNATExternalIPs(list []string) error {
 	return nil
 }

-func parseInterfaceName(name string) error {
-	if runtime.GOOS != "darwin" {
-		return nil
-	}
-
-	if strings.HasPrefix(name, "utun") {
-		return nil
-	}
-
-	return fmt.Errorf("invalid interface name %s. Please use the prefix utun followed by a number on MacOS. e.g., utun1 or utun199", name)
-}
-
 func validateElement(element string) (int, error) {
 	if isValidIP(element) {
 		return ipInputType, nil
--- a/client/errors/errors.go
+++ b/client/errors/errors.go
@@ -1,30 +0,0 @@
-package errors
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/hashicorp/go-multierror"
-)
-
-func formatError(es []error) string {
-	if len(es) == 0 {
-		return fmt.Sprintf("0 error occurred:\n\t* %s", es[0])
-	}
-
-	points := make([]string, len(es))
-	for i, err := range es {
-		points[i] = fmt.Sprintf("* %s", err)
-	}
-
-	return fmt.Sprintf(
-		"%d errors occurred:\n\t%s",
-		len(es), strings.Join(points, "\n\t"))
-}
-
-func FormatErrorOrNil(err *multierror.Error) error {
-	if err != nil {
-		err.ErrorFormat = formatError
-	}
-	return err.ErrorOrNil()
-}
--- a/client/firewall/create_linux.go
+++ b/client/firewall/create_linux.go
@@ -42,20 +42,20 @@ func NewFirewall(context context.Context, iface IFaceMapper) (firewall.Manager,

 	switch check() {
 	case IPTABLES:
-		log.Info("creating an iptables firewall manager")
+		log.Debug("creating an iptables firewall manager")
 		fm, errFw = nbiptables.Create(context, iface)
 		if errFw != nil {
 			log.Errorf("failed to create iptables manager: %s", errFw)
 		}
 	case NFTABLES:
-		log.Info("creating an nftables firewall manager")
+		log.Debug("creating an nftables firewall manager")
 		fm, errFw = nbnftables.Create(context, iface)
 		if errFw != nil {
 			log.Errorf("failed to create nftables manager: %s", errFw)
 		}
 	default:
 		errFw = fmt.Errorf("no firewall manager found")
-		log.Info("no firewall manager found, trying to use userspace packet filtering firewall")
+		log.Debug("no firewall manager found, try to use userspace packet filtering firewall")
 	}

 	if iface.IsUserspaceBind() {
@@ -85,58 +85,16 @@ func NewFirewall(context context.Context, iface IFaceMapper) (firewall.Manager,

 // check returns the firewall type based on common lib checks. It returns UNKNOWN if no firewall is found.
 func check() FWType {
-	useIPTABLES := false
-	var iptablesChains []string
-	ip, err := iptables.NewWithProtocol(iptables.ProtocolIPv4)
-	if err == nil && isIptablesClientAvailable(ip) {
-		major, minor, _ := ip.GetIptablesVersion()
-		// use iptables when its version is lower than 1.8.0 which doesn't work well with our nftables manager
-		if major < 1 || (major == 1 && minor < 8) {
-			return IPTABLES
-		}
-
-		useIPTABLES = true
-
-		iptablesChains, err = ip.ListChains("filter")
-		if err != nil {
-			log.Errorf("failed to list iptables chains: %s", err)
-			useIPTABLES = false
-		}
-	}
-
 	nf := nftables.Conn{}
-	if chains, err := nf.ListChains(); err == nil && os.Getenv(SKIP_NFTABLES_ENV) != "true" {
-		if !useIPTABLES {
-			return NFTABLES
-		}
-
-		// search for chains where table is filter
-		// if we find one, we assume that nftables manager can be used with iptables
-		for _, chain := range chains {
-			if chain.Table.Name == "filter" {
-				return NFTABLES
-			}
-		}
-
-		// check tables for the following constraints:
-		// 1. there is no chain in nftables for the filter table and there is at least one chain in iptables, we assume that nftables manager can not be used
-		// 2. there is no tables or more than one table, we assume that nftables manager can be used
-		// 3. there is only one table and its name is filter, we assume that nftables manager can not be used, since there was no chain in it
-		// 4. if we find an error we log and continue with iptables check
-		nbTablesList, err := nf.ListTables()
-		switch {
-		case err == nil && len(iptablesChains) > 0:
-			return IPTABLES
-		case err == nil && len(nbTablesList) != 1:
-			return NFTABLES
-		case err == nil && len(nbTablesList) == 1 && nbTablesList[0].Name == "filter":
-			return IPTABLES
-		case err != nil:
-			log.Errorf("failed to list nftables tables on fw manager discovery: %s", err)
-		}
+	if _, err := nf.ListChains(); err == nil && os.Getenv(SKIP_NFTABLES_ENV) != "true" {
+		return NFTABLES
 	}

-	if useIPTABLES {
+	ip, err := iptables.NewWithProtocol(iptables.ProtocolIPv4)
+	if err != nil {
+		return UNKNOWN
+	}
+	if isIptablesClientAvailable(ip) {
 		return IPTABLES
 	}

--- a/client/firewall/iptables/router_linux.go
+++ b/client/firewall/iptables/router_linux.go
@@ -74,12 +74,12 @@ func (i *routerManager) InsertRoutingRules(pair firewall.RouterPair) error {
 		return nil
 	}

-	err = i.addNATRule(firewall.NatFormat, tableNat, chainRTNAT, routingFinalNatJump, pair)
+	err = i.insertRoutingRule(firewall.NatFormat, tableNat, chainRTNAT, routingFinalNatJump, pair)
 	if err != nil {
 		return err
 	}

-	err = i.addNATRule(firewall.InNatFormat, tableNat, chainRTNAT, routingFinalNatJump, firewall.GetInPair(pair))
+	err = i.insertRoutingRule(firewall.InNatFormat, tableNat, chainRTNAT, routingFinalNatJump, firewall.GetInPair(pair))
 	if err != nil {
 		return err
 	}
@@ -87,12 +87,12 @@ func (i *routerManager) InsertRoutingRules(pair firewall.RouterPair) error {
 	return nil
 }

-// insertRoutingRule inserts an iptables rule
+// insertRoutingRule inserts an iptable rule
 func (i *routerManager) insertRoutingRule(keyFormat, table, chain, jump string, pair firewall.RouterPair) error {
 	var err error

 	ruleKey := firewall.GenKey(keyFormat, pair.ID)
-	rule := genRuleSpec(jump, pair.Source, pair.Destination)
+	rule := genRuleSpec(jump, ruleKey, pair.Source, pair.Destination)
 	existingRule, found := i.rules[ruleKey]
 	if found {
 		err = i.iptablesClient.DeleteIfExists(table, chain, existingRule...)
@@ -101,7 +101,6 @@ func (i *routerManager) insertRoutingRule(keyFormat, table, chain, jump string,
 		}
 		delete(i.rules, ruleKey)
 	}
-
 	err = i.iptablesClient.Insert(table, chain, 1, rule...)
 	if err != nil {
 		return fmt.Errorf("error while adding new %s rule for %s: %v", getIptablesRuleType(table), pair.Destination, err)
@@ -318,13 +317,6 @@ func (i *routerManager) createChain(table, newChain string) error {
 			return fmt.Errorf("couldn't create chain %s in %s table, error: %v", newChain, table, err)
 		}

-		// Add the loopback return rule to the NAT chain
-		loopbackRule := []string{"-o", "lo", "-j", "RETURN"}
-		err = i.iptablesClient.Insert(table, newChain, 1, loopbackRule...)
-		if err != nil {
-			return fmt.Errorf("failed to add loopback return rule to %s: %v", chainRTNAT, err)
-		}
-
 		err = i.iptablesClient.Append(table, newChain, "-j", "RETURN")
 		if err != nil {
 			return fmt.Errorf("couldn't create chain %s default rule, error: %v", newChain, err)
@@ -334,33 +326,9 @@ func (i *routerManager) createChain(table, newChain string) error {
 	return nil
 }

-// addNATRule appends an iptables rule pair to the nat chain
-func (i *routerManager) addNATRule(keyFormat, table, chain, jump string, pair firewall.RouterPair) error {
-	ruleKey := firewall.GenKey(keyFormat, pair.ID)
-	rule := genRuleSpec(jump, pair.Source, pair.Destination)
-	existingRule, found := i.rules[ruleKey]
-	if found {
-		err := i.iptablesClient.DeleteIfExists(table, chain, existingRule...)
-		if err != nil {
-			return fmt.Errorf("error while removing existing NAT rule for %s: %v", pair.Destination, err)
-		}
-		delete(i.rules, ruleKey)
-	}
-
-	// inserting after loopback ignore rule
-	err := i.iptablesClient.Insert(table, chain, 2, rule...)
-	if err != nil {
-		return fmt.Errorf("error while appending new NAT rule for %s: %v", pair.Destination, err)
-	}
-
-	i.rules[ruleKey] = rule
-
-	return nil
-}
-
-// genRuleSpec generates rule specification
-func genRuleSpec(jump, source, destination string) []string {
-	return []string{"-s", source, "-d", destination, "-j", jump}
+// genRuleSpec generates rule specification with comment identifier
+func genRuleSpec(jump, id, source, destination string) []string {
+	return []string{"-s", source, "-d", destination, "-j", jump, "-m", "comment", "--comment", id}
 }

 func getIptablesRuleType(table string) string {
--- a/client/firewall/iptables/router_linux_test.go
+++ b/client/firewall/iptables/router_linux_test.go
@@ -51,12 +51,14 @@ func TestIptablesManager_RestoreOrCreateContainers(t *testing.T) {
 		Destination: "100.100.100.0/24",
 		Masquerade:  true,
 	}
-	forward4Rule := genRuleSpec(routingFinalForwardJump, pair.Source, pair.Destination)
+	forward4RuleKey := firewall.GenKey(firewall.ForwardingFormat, pair.ID)
+	forward4Rule := genRuleSpec(routingFinalForwardJump, forward4RuleKey, pair.Source, pair.Destination)

 	err = manager.iptablesClient.Insert(tableFilter, chainRTFWD, 1, forward4Rule...)
 	require.NoError(t, err, "inserting rule should not return error")

-	nat4Rule := genRuleSpec(routingFinalNatJump, pair.Source, pair.Destination)
+	nat4RuleKey := firewall.GenKey(firewall.NatFormat, pair.ID)
+	nat4Rule := genRuleSpec(routingFinalNatJump, nat4RuleKey, pair.Source, pair.Destination)

 	err = manager.iptablesClient.Insert(tableNat, chainRTNAT, 1, nat4Rule...)
 	require.NoError(t, err, "inserting rule should not return error")
@@ -90,7 +92,7 @@ func TestIptablesManager_InsertRoutingRules(t *testing.T) {
 			require.NoError(t, err, "forwarding pair should be inserted")

 			forwardRuleKey := firewall.GenKey(firewall.ForwardingFormat, testCase.InputPair.ID)
-			forwardRule := genRuleSpec(routingFinalForwardJump, testCase.InputPair.Source, testCase.InputPair.Destination)
+			forwardRule := genRuleSpec(routingFinalForwardJump, forwardRuleKey, testCase.InputPair.Source, testCase.InputPair.Destination)

 			exists, err := iptablesClient.Exists(tableFilter, chainRTFWD, forwardRule...)
 			require.NoError(t, err, "should be able to query the iptables %s table and %s chain", tableFilter, chainRTFWD)
@@ -101,7 +103,7 @@ func TestIptablesManager_InsertRoutingRules(t *testing.T) {
 			require.Equal(t, forwardRule[:4], foundRule[:4], "stored forwarding rule should match")

 			inForwardRuleKey := firewall.GenKey(firewall.InForwardingFormat, testCase.InputPair.ID)
-			inForwardRule := genRuleSpec(routingFinalForwardJump, firewall.GetInPair(testCase.InputPair).Source, firewall.GetInPair(testCase.InputPair).Destination)
+			inForwardRule := genRuleSpec(routingFinalForwardJump, inForwardRuleKey, firewall.GetInPair(testCase.InputPair).Source, firewall.GetInPair(testCase.InputPair).Destination)

 			exists, err = iptablesClient.Exists(tableFilter, chainRTFWD, inForwardRule...)
 			require.NoError(t, err, "should be able to query the iptables %s table and %s chain", tableFilter, chainRTFWD)
@@ -112,7 +114,7 @@ func TestIptablesManager_InsertRoutingRules(t *testing.T) {
 			require.Equal(t, inForwardRule[:4], foundRule[:4], "stored income forwarding rule should match")

 			natRuleKey := firewall.GenKey(firewall.NatFormat, testCase.InputPair.ID)
-			natRule := genRuleSpec(routingFinalNatJump, testCase.InputPair.Source, testCase.InputPair.Destination)
+			natRule := genRuleSpec(routingFinalNatJump, natRuleKey, testCase.InputPair.Source, testCase.InputPair.Destination)

 			exists, err = iptablesClient.Exists(tableNat, chainRTNAT, natRule...)
 			require.NoError(t, err, "should be able to query the iptables %s table and %s chain", tableNat, chainRTNAT)
@@ -128,7 +130,7 @@ func TestIptablesManager_InsertRoutingRules(t *testing.T) {
 			}

 			inNatRuleKey := firewall.GenKey(firewall.InNatFormat, testCase.InputPair.ID)
-			inNatRule := genRuleSpec(routingFinalNatJump, firewall.GetInPair(testCase.InputPair).Source, firewall.GetInPair(testCase.InputPair).Destination)
+			inNatRule := genRuleSpec(routingFinalNatJump, inNatRuleKey, firewall.GetInPair(testCase.InputPair).Source, firewall.GetInPair(testCase.InputPair).Destination)

 			exists, err = iptablesClient.Exists(tableNat, chainRTNAT, inNatRule...)
 			require.NoError(t, err, "should be able to query the iptables %s table and %s chain", tableNat, chainRTNAT)
@@ -165,25 +167,25 @@ func TestIptablesManager_RemoveRoutingRules(t *testing.T) {
 			require.NoError(t, err, "shouldn't return error")

 			forwardRuleKey := firewall.GenKey(firewall.ForwardingFormat, testCase.InputPair.ID)
-			forwardRule := genRuleSpec(routingFinalForwardJump, testCase.InputPair.Source, testCase.InputPair.Destination)
+			forwardRule := genRuleSpec(routingFinalForwardJump, forwardRuleKey, testCase.InputPair.Source, testCase.InputPair.Destination)

 			err = iptablesClient.Insert(tableFilter, chainRTFWD, 1, forwardRule...)
 			require.NoError(t, err, "inserting rule should not return error")

 			inForwardRuleKey := firewall.GenKey(firewall.InForwardingFormat, testCase.InputPair.ID)
-			inForwardRule := genRuleSpec(routingFinalForwardJump, firewall.GetInPair(testCase.InputPair).Source, firewall.GetInPair(testCase.InputPair).Destination)
+			inForwardRule := genRuleSpec(routingFinalForwardJump, inForwardRuleKey, firewall.GetInPair(testCase.InputPair).Source, firewall.GetInPair(testCase.InputPair).Destination)

 			err = iptablesClient.Insert(tableFilter, chainRTFWD, 1, inForwardRule...)
 			require.NoError(t, err, "inserting rule should not return error")

 			natRuleKey := firewall.GenKey(firewall.NatFormat, testCase.InputPair.ID)
-			natRule := genRuleSpec(routingFinalNatJump, testCase.InputPair.Source, testCase.InputPair.Destination)
+			natRule := genRuleSpec(routingFinalNatJump, natRuleKey, testCase.InputPair.Source, testCase.InputPair.Destination)

 			err = iptablesClient.Insert(tableNat, chainRTNAT, 1, natRule...)
 			require.NoError(t, err, "inserting rule should not return error")

 			inNatRuleKey := firewall.GenKey(firewall.InNatFormat, testCase.InputPair.ID)
-			inNatRule := genRuleSpec(routingFinalNatJump, firewall.GetInPair(testCase.InputPair).Source, firewall.GetInPair(testCase.InputPair).Destination)
+			inNatRule := genRuleSpec(routingFinalNatJump, inNatRuleKey, firewall.GetInPair(testCase.InputPair).Source, firewall.GetInPair(testCase.InputPair).Destination)

 			err = iptablesClient.Insert(tableNat, chainRTNAT, 1, inNatRule...)
 			require.NoError(t, err, "inserting rule should not return error")
--- a/client/firewall/nftables/acl_linux.go
+++ b/client/firewall/nftables/acl_linux.go
@@ -58,7 +58,6 @@ type AclManager struct {
 type iFaceMapper interface {
 	Name() string
 	Address() iface.WGAddress
-	IsUserspaceBind() bool
 }

 func newAclManager(table *nftables.Table, wgIface iFaceMapper, routeingFwChainName string) (*AclManager, error) {
@@ -199,81 +198,6 @@ func (m *AclManager) DeleteRule(rule firewall.Rule) error {
 	return nil
 }

-// createDefaultAllowRules In case if the USP firewall manager can use the native firewall manager we must to create allow rules for
-// input and output chains
-func (m *AclManager) createDefaultAllowRules() error {
-	expIn := []expr.Any{
-		&expr.Payload{
-			DestRegister: 1,
-			Base:         expr.PayloadBaseNetworkHeader,
-			Offset:       12,
-			Len:          4,
-		},
-		// mask
-		&expr.Bitwise{
-			SourceRegister: 1,
-			DestRegister:   1,
-			Len:            4,
-			Mask:           []byte{0x00, 0x00, 0x00, 0x00},
-			Xor:            zeroXor,
-		},
-		// net address
-		&expr.Cmp{
-			Register: 1,
-			Data:     []byte{0x00, 0x00, 0x00, 0x00},
-		},
-		&expr.Verdict{
-			Kind: expr.VerdictAccept,
-		},
-	}
-
-	_ = m.rConn.InsertRule(&nftables.Rule{
-		Table:    m.workTable,
-		Chain:    m.chainInputRules,
-		Position: 0,
-		Exprs:    expIn,
-	})
-
-	expOut := []expr.Any{
-		&expr.Payload{
-			DestRegister: 1,
-			Base:         expr.PayloadBaseNetworkHeader,
-			Offset:       16,
-			Len:          4,
-		},
-		// mask
-		&expr.Bitwise{
-			SourceRegister: 1,
-			DestRegister:   1,
-			Len:            4,
-			Mask:           []byte{0x00, 0x00, 0x00, 0x00},
-			Xor:            zeroXor,
-		},
-		// net address
-		&expr.Cmp{
-			Register: 1,
-			Data:     []byte{0x00, 0x00, 0x00, 0x00},
-		},
-		&expr.Verdict{
-			Kind: expr.VerdictAccept,
-		},
-	}
-
-	_ = m.rConn.InsertRule(&nftables.Rule{
-		Table:    m.workTable,
-		Chain:    m.chainOutputRules,
-		Position: 0,
-		Exprs:    expOut,
-	})
-
-	err := m.rConn.Flush()
-	if err != nil {
-		log.Debugf("failed to create default allow rules: %s", err)
-		return err
-	}
-	return nil
-}
-
 // Flush rule/chain/set operations from the buffer
 //
 // Method also get all rules after flush and refreshes handle values in the rulesets
@@ -811,6 +735,7 @@ func (m *AclManager) createPreroutingMangle() *nftables.Chain {
 		Chain: chain,
 		Exprs: expressions,
 	})
+	chain = m.rConn.AddChain(chain)
 	return chain
 }

--- a/client/firewall/nftables/manager_linux.go
+++ b/client/firewall/nftables/manager_linux.go
@@ -95,7 +95,7 @@ func (m *Manager) InsertRoutingRules(pair firewall.RouterPair) error {
 	m.mutex.Lock()
 	defer m.mutex.Unlock()

-	return m.router.AddRoutingRules(pair)
+	return m.router.InsertRoutingRules(pair)
 }

 func (m *Manager) RemoveRoutingRules(pair firewall.RouterPair) error {
@@ -106,19 +106,11 @@ func (m *Manager) RemoveRoutingRules(pair firewall.RouterPair) error {
 }

 // AllowNetbird allows netbird interface traffic
+// todo review this method usage
 func (m *Manager) AllowNetbird() error {
-	if !m.wgIface.IsUserspaceBind() {
-		return nil
-	}
-
 	m.mutex.Lock()
 	defer m.mutex.Unlock()

-	err := m.aclManager.createDefaultAllowRules()
-	if err != nil {
-		return fmt.Errorf("failed to create default allow rules: %v", err)
-	}
-
 	chains, err := m.rConn.ListChainsOfTableFamily(nftables.TableFamilyIPv4)
 	if err != nil {
 		return fmt.Errorf("list of chains: %w", err)
@@ -153,7 +145,6 @@ func (m *Manager) AllowNetbird() error {
 	if err != nil {
 		return fmt.Errorf("failed to flush allow input netbird rules: %v", err)
 	}
-
 	return nil
 }

--- a/client/firewall/nftables/manager_linux_test.go
+++ b/client/firewall/nftables/manager_linux_test.go
@@ -37,8 +37,6 @@ func (i *iFaceMock) Address() iface.WGAddress {
 	panic("AddressFunc is not set")
 }

-func (i *iFaceMock) IsUserspaceBind() bool { return false }
-
 func TestNftablesManager(t *testing.T) {
 	mock := &iFaceMock{
 		NameFunc: func() string {
--- a/client/firewall/nftables/route_linux.go
+++ b/client/firewall/nftables/route_linux.go
@@ -22,8 +22,6 @@ const (

 	userDataAcceptForwardRuleSrc = "frwacceptsrc"
 	userDataAcceptForwardRuleDst = "frwacceptdst"
-
-	loopbackInterface = "lo\x00"
 )

 // some presets for building nftable rules
@@ -128,22 +126,6 @@ func (r *router) createContainers() error {
 		Type:     nftables.ChainTypeNAT,
 	})

-	// Add RETURN rule for loopback interface
-	loRule := &nftables.Rule{
-		Table: r.workTable,
-		Chain: r.chains[chainNameRoutingNat],
-		Exprs: []expr.Any{
-			&expr.Meta{Key: expr.MetaKeyOIFNAME, Register: 1},
-			&expr.Cmp{
-				Op:       expr.CmpOpEq,
-				Register: 1,
-				Data:     []byte(loopbackInterface),
-			},
-			&expr.Verdict{Kind: expr.VerdictReturn},
-		},
-	}
-	r.conn.InsertRule(loRule)
-
 	err := r.refreshRulesMap()
 	if err != nil {
 		log.Errorf("failed to clean up rules from FORWARD chain: %s", err)
@@ -156,28 +138,28 @@ func (r *router) createContainers() error {
 	return nil
 }

-// AddRoutingRules appends a nftable rule pair to the forwarding chain and if enabled, to the nat chain
-func (r *router) AddRoutingRules(pair manager.RouterPair) error {
+// InsertRoutingRules inserts a nftable rule pair to the forwarding chain and if enabled, to the nat chain
+func (r *router) InsertRoutingRules(pair manager.RouterPair) error {
 	err := r.refreshRulesMap()
 	if err != nil {
 		return err
 	}

-	err = r.addRoutingRule(manager.ForwardingFormat, chainNameRouteingFw, pair, false)
+	err = r.insertRoutingRule(manager.ForwardingFormat, chainNameRouteingFw, pair, false)
 	if err != nil {
 		return err
 	}
-	err = r.addRoutingRule(manager.InForwardingFormat, chainNameRouteingFw, manager.GetInPair(pair), false)
+	err = r.insertRoutingRule(manager.InForwardingFormat, chainNameRouteingFw, manager.GetInPair(pair), false)
 	if err != nil {
 		return err
 	}

 	if pair.Masquerade {
-		err = r.addRoutingRule(manager.NatFormat, chainNameRoutingNat, pair, true)
+		err = r.insertRoutingRule(manager.NatFormat, chainNameRoutingNat, pair, true)
 		if err != nil {
 			return err
 		}
-		err = r.addRoutingRule(manager.InNatFormat, chainNameRoutingNat, manager.GetInPair(pair), true)
+		err = r.insertRoutingRule(manager.InNatFormat, chainNameRoutingNat, manager.GetInPair(pair), true)
 		if err != nil {
 			return err
 		}
@@ -195,8 +177,8 @@ func (r *router) AddRoutingRules(pair manager.RouterPair) error {
 	return nil
 }

-// addRoutingRule inserts a nftable rule to the conn client flush queue
-func (r *router) addRoutingRule(format, chainName string, pair manager.RouterPair, isNat bool) error {
+// insertRoutingRule inserts a nftable rule to the conn client flush queue
+func (r *router) insertRoutingRule(format, chainName string, pair manager.RouterPair, isNat bool) error {
 	sourceExp := generateCIDRMatcherExpressions(true, pair.Source)
 	destExp := generateCIDRMatcherExpressions(false, pair.Destination)

@@ -217,7 +199,7 @@ func (r *router) addRoutingRule(format, chainName string, pair manager.RouterPai
 		}
 	}

-	r.rules[ruleKey] = r.conn.AddRule(&nftables.Rule{
+	r.rules[ruleKey] = r.conn.InsertRule(&nftables.Rule{
 		Table:    r.workTable,
 		Chain:    r.chains[chainName],
 		Exprs:    expression,
--- a/client/firewall/nftables/router_linux_test.go
+++ b/client/firewall/nftables/router_linux_test.go
@@ -47,7 +47,7 @@ func TestNftablesManager_InsertRoutingRules(t *testing.T) {

 			require.NoError(t, err, "shouldn't return error")

-			err = manager.AddRoutingRules(testCase.InputPair)
+			err = manager.InsertRoutingRules(testCase.InputPair)
 			defer func() {
 				_ = manager.RemoveRoutingRules(testCase.InputPair)
 			}()
--- a/client/firewall/uspfilter/allow_netbird_windows.go
+++ b/client/firewall/uspfilter/allow_netbird_windows.go
@@ -64,18 +64,15 @@ func manageFirewallRule(ruleName string, action action, extraArgs ...string) err
 	if action == addRule {
 		args = append(args, extraArgs...)
 	}
-	netshCmd := GetSystem32Command("netsh")
-	cmd := exec.Command(netshCmd, args...)
+
+	cmd := exec.Command("netsh", args...)
 	cmd.SysProcAttr = &syscall.SysProcAttr{HideWindow: true}
 	return cmd.Run()
 }

 func isWindowsFirewallReachable() bool {
 	args := []string{"advfirewall", "show", "allprofiles", "state"}
-
-	netshCmd := GetSystem32Command("netsh")
-
-	cmd := exec.Command(netshCmd, args...)
+	cmd := exec.Command("netsh", args...)
 	cmd.SysProcAttr = &syscall.SysProcAttr{HideWindow: true}

 	_, err := cmd.Output()
@@ -90,23 +87,8 @@ func isWindowsFirewallReachable() bool {
 func isFirewallRuleActive(ruleName string) bool {
 	args := []string{"advfirewall", "firewall", "show", "rule", "name=" + ruleName}

-	netshCmd := GetSystem32Command("netsh")
-
-	cmd := exec.Command(netshCmd, args...)
+	cmd := exec.Command("netsh", args...)
 	cmd.SysProcAttr = &syscall.SysProcAttr{HideWindow: true}
 	_, err := cmd.Output()
 	return err == nil
 }
-
-// GetSystem32Command checks if a command can be found in the system path and returns it. In case it can't find it
-// in the path it will return the full path of a command assuming C:\windows\system32 as the base path.
-func GetSystem32Command(command string) string {
-	_, err := exec.LookPath(command)
-	if err == nil {
-		return command
-	}
-
-	log.Tracef("Command %s not found in PATH, using C:\\windows\\system32\\%s.exe path", command, command)
-
-	return "C:\\windows\\system32\\" + command + ".exe"
-}
--- a/client/installer.nsis
+++ b/client/installer.nsis
@@ -193,7 +193,6 @@ Sleep 3000
 Delete "$INSTDIR\${UI_APP_EXE}"
 Delete "$INSTDIR\${MAIN_APP_EXE}"
 Delete "$INSTDIR\wintun.dll"
-Delete "$INSTDIR\opengl32.dll"
 RmDir /r "$INSTDIR"

 SetShellVarContext all
--- a/client/internal/acl/manager_test.go
+++ b/client/internal/acl/manager_test.go
@@ -38,7 +38,7 @@ func TestDefaultManager(t *testing.T) {
 	defer ctrl.Finish()

 	ifaceMock := mocks.NewMockIFaceMapper(ctrl)
-	ifaceMock.EXPECT().IsUserspaceBind().Return(true).AnyTimes()
+	ifaceMock.EXPECT().IsUserspaceBind().Return(true)
 	ifaceMock.EXPECT().SetFilter(gomock.Any())
 	ip, network, err := net.ParseCIDR("172.0.0.1/32")
 	if err != nil {
@@ -331,7 +331,7 @@ func TestDefaultManagerEnableSSHRules(t *testing.T) {
 	defer ctrl.Finish()

 	ifaceMock := mocks.NewMockIFaceMapper(ctrl)
-	ifaceMock.EXPECT().IsUserspaceBind().Return(true).AnyTimes()
+	ifaceMock.EXPECT().IsUserspaceBind().Return(true)
 	ifaceMock.EXPECT().SetFilter(gomock.Any())
 	ip, network, err := net.ParseCIDR("172.0.0.1/32")
 	if err != nil {
--- a/client/internal/auth/oauth.go
+++ b/client/internal/auth/oauth.go
@@ -26,7 +26,7 @@ type HTTPClient interface {
 }

 // AuthFlowInfo holds information for the OAuth 2.0  authorization flow
-type AuthFlowInfo struct { //nolint:revive
+type AuthFlowInfo struct {
 	DeviceCode              string `json:"device_code"`
 	UserCode                string `json:"user_code"`
 	VerificationURI         string `json:"verification_uri"`
--- a/client/internal/config.go
+++ b/client/internal/config.go
@@ -1,62 +1,42 @@
 package internal

 import (
-	"context"
 	"fmt"
 	"net/url"
 	"os"
-	"reflect"
-	"runtime"
-	"strings"
-	"time"

 	log "github.com/sirupsen/logrus"
 	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"

-	"github.com/netbirdio/netbird/client/internal/routemanager/dynamic"
 	"github.com/netbirdio/netbird/client/ssh"
 	"github.com/netbirdio/netbird/iface"
-	mgm "github.com/netbirdio/netbird/management/client"
 	"github.com/netbirdio/netbird/util"
 )

 const (
-	// managementLegacyPortString is the port that was used before by the Management gRPC server.
+	// ManagementLegacyPort is the port that was used before by the Management gRPC server.
 	// It is used for backward compatibility now.
 	// NB: hardcoded from github.com/netbirdio/netbird/management/cmd to avoid import
-	managementLegacyPortString = "33073"
+	ManagementLegacyPort = 33073
 	// DefaultManagementURL points to the NetBird's cloud management endpoint
-	DefaultManagementURL = "https://api.netbird.io:443"
-	// oldDefaultManagementURL points to the NetBird's old cloud management endpoint
-	oldDefaultManagementURL = "https://api.wiretrustee.com:443"
+	DefaultManagementURL = "https://api.wiretrustee.com:443"
 	// DefaultAdminURL points to NetBird's cloud management console
 	DefaultAdminURL = "https://app.netbird.io:443"
 )

-var defaultInterfaceBlacklist = []string{
-	iface.WgInterfaceDefault, "wt", "utun", "tun0", "zt", "ZeroTier", "wg", "ts",
-	"Tailscale", "tailscale", "docker", "veth", "br-", "lo",
-}
+var defaultInterfaceBlacklist = []string{iface.WgInterfaceDefault, "wt", "utun", "tun0", "zt", "ZeroTier", "wg", "ts",
+	"Tailscale", "tailscale", "docker", "veth", "br-", "lo"}

 // ConfigInput carries configuration changes to the client
 type ConfigInput struct {
-	ManagementURL       string
-	AdminURL            string
-	ConfigPath          string
-	PreSharedKey        *string
-	ServerSSHAllowed    *bool
-	NATExternalIPs      []string
-	CustomDNSAddress    []byte
-	RosenpassEnabled    *bool
-	RosenpassPermissive *bool
-	InterfaceName       *string
-	WireguardPort       *int
-	NetworkMonitor      *bool
-	DisableAutoConnect  *bool
-	ExtraIFaceBlackList []string
-	DNSRouteInterval    *time.Duration
+	ManagementURL    string
+	AdminURL         string
+	ConfigPath       string
+	PreSharedKey     *string
+	NATExternalIPs   []string
+	CustomDNSAddress []byte
 }

 // Config Configuration type
@@ -68,16 +48,12 @@ type Config struct {
 	AdminURL             *url.URL
 	WgIface              string
 	WgPort               int
-	NetworkMonitor       *bool
 	IFaceBlackList       []string
 	DisableIPv6Discovery bool
-	RosenpassEnabled     bool
-	RosenpassPermissive  bool
-	ServerSSHAllowed     *bool
 	// SSHKey is a private SSH key in a PEM format
 	SSHKey string

-	// ExternalIP mappings, if different from the host interface IP
+	// ExternalIP mappings, if different than the host interface IP
 	//
 	//   External IP must not be behind a CGNAT and port-forwarding for incoming UDP packets from WgPort on ExternalIP
 	//   to WgPort on host interface IP must be present. This can take form of single port-forwarding rule, 1:1 DNAT
@@ -95,13 +71,6 @@ type Config struct {
 	NATExternalIPs []string
 	// CustomDNSAddress sets the DNS resolver listening address in format ip:port
 	CustomDNSAddress string
-
-	// DisableAutoConnect determines whether the client should not start with the service
-	// it's set to false by default due to backwards compatibility
-	DisableAutoConnect bool
-
-	// DNSRouteInterval is the interval in which the DNS routes are updated
-	DNSRouteInterval time.Duration
 }

 // ReadConfig read config file and return with Config. If it is not exists create a new with default values
@@ -111,15 +80,6 @@ func ReadConfig(configPath string) (*Config, error) {
 		if _, err := util.ReadJson(configPath, config); err != nil {
 			return nil, err
 		}
-		// initialize through apply() without changes
-		if changed, err := config.apply(ConfigInput{}); err != nil {
-			return nil, err
-		} else if changed {
-			if err = WriteOutConfig(configPath, config); err != nil {
-				return nil, err
-			}
-		}
-
 		return config, nil
 	}

@@ -171,15 +131,55 @@ func WriteOutConfig(path string, config *Config) error {

 // createNewConfig creates a new config generating a new Wireguard key and saving to file
 func createNewConfig(input ConfigInput) (*Config, error) {
+	wgKey := generateKey()
+	pem, err := ssh.GeneratePrivateKey(ssh.ED25519)
+	if err != nil {
+		return nil, err
+	}
 	config := &Config{
-		// defaults to false only for new (post 0.26) configurations
-		ServerSSHAllowed: util.False(),
+		SSHKey:               string(pem),
+		PrivateKey:           wgKey,
+		WgIface:              iface.WgInterfaceDefault,
+		WgPort:               iface.DefaultWgPort,
+		IFaceBlackList:       []string{},
+		DisableIPv6Discovery: false,
+		NATExternalIPs:       input.NATExternalIPs,
+		CustomDNSAddress:     string(input.CustomDNSAddress),
 	}

-	if _, err := config.apply(input); err != nil {
+	defaultManagementURL, err := parseURL("Management URL", DefaultManagementURL)
+	if err != nil {
 		return nil, err
 	}

+	config.ManagementURL = defaultManagementURL
+	if input.ManagementURL != "" {
+		URL, err := parseURL("Management URL", input.ManagementURL)
+		if err != nil {
+			return nil, err
+		}
+		config.ManagementURL = URL
+	}
+
+	if input.PreSharedKey != nil {
+		config.PreSharedKey = *input.PreSharedKey
+	}
+
+	defaultAdminURL, err := parseURL("Admin URL", DefaultAdminURL)
+	if err != nil {
+		return nil, err
+	}
+
+	config.AdminURL = defaultAdminURL
+	if input.AdminURL != "" {
+		newURL, err := parseURL("Admin Panel URL", input.AdminURL)
+		if err != nil {
+			return nil, err
+		}
+		config.AdminURL = newURL
+	}
+
+	config.IFaceBlackList = defaultInterfaceBlacklist
 	return config, nil
 }

@@ -190,12 +190,61 @@ func update(input ConfigInput) (*Config, error) {
 		return nil, err
 	}

-	updated, err := config.apply(input)
-	if err != nil {
-		return nil, err
+	refresh := false
+
+	if input.ManagementURL != "" && config.ManagementURL.String() != input.ManagementURL {
+		log.Infof("new Management URL provided, updated to %s (old value %s)",
+			input.ManagementURL, config.ManagementURL)
+		newURL, err := parseURL("Management URL", input.ManagementURL)
+		if err != nil {
+			return nil, err
+		}
+		config.ManagementURL = newURL
+		refresh = true
 	}

-	if updated {
+	if input.AdminURL != "" && (config.AdminURL == nil || config.AdminURL.String() != input.AdminURL) {
+		log.Infof("new Admin Panel URL provided, updated to %s (old value %s)",
+			input.AdminURL, config.AdminURL)
+		newURL, err := parseURL("Admin Panel URL", input.AdminURL)
+		if err != nil {
+			return nil, err
+		}
+		config.AdminURL = newURL
+		refresh = true
+	}
+
+	if input.PreSharedKey != nil && config.PreSharedKey != *input.PreSharedKey {
+		log.Infof("new pre-shared key provided, replacing old key")
+		config.PreSharedKey = *input.PreSharedKey
+		refresh = true
+	}
+
+	if config.SSHKey == "" {
+		pem, err := ssh.GeneratePrivateKey(ssh.ED25519)
+		if err != nil {
+			return nil, err
+		}
+		config.SSHKey = string(pem)
+		refresh = true
+	}
+
+	if config.WgPort == 0 {
+		config.WgPort = iface.DefaultWgPort
+		refresh = true
+	}
+	if input.NATExternalIPs != nil && len(config.NATExternalIPs) != len(input.NATExternalIPs) {
+		config.NATExternalIPs = input.NATExternalIPs
+		refresh = true
+	}
+
+	if input.CustomDNSAddress != nil {
+		config.CustomDNSAddress = string(input.CustomDNSAddress)
+		refresh = true
+	}
+
+	if refresh {
+		// since we have new management URL, we need to update config file
 		if err := util.WriteJson(input.ConfigPath, config); err != nil {
 			return nil, err
 		}
@@ -204,190 +253,6 @@ func update(input ConfigInput) (*Config, error) {
 	return config, nil
 }

-func (config *Config) apply(input ConfigInput) (updated bool, err error) {
-	if config.ManagementURL == nil {
-		log.Infof("using default Management URL %s", DefaultManagementURL)
-		config.ManagementURL, err = parseURL("Management URL", DefaultManagementURL)
-		if err != nil {
-			return false, err
-		}
-	}
-	if input.ManagementURL != "" && input.ManagementURL != config.ManagementURL.String() {
-		log.Infof("new Management URL provided, updated to %#v (old value %#v)",
-			input.ManagementURL, config.ManagementURL.String())
-		URL, err := parseURL("Management URL", input.ManagementURL)
-		if err != nil {
-			return false, err
-		}
-		config.ManagementURL = URL
-		updated = true
-	} else if config.ManagementURL == nil {
-		log.Infof("using default Management URL %s", DefaultManagementURL)
-		config.ManagementURL, err = parseURL("Management URL", DefaultManagementURL)
-		if err != nil {
-			return false, err
-		}
-	}
-
-	if config.AdminURL == nil {
-		log.Infof("using default Admin URL %s", DefaultManagementURL)
-		config.AdminURL, err = parseURL("Admin URL", DefaultAdminURL)
-		if err != nil {
-			return false, err
-		}
-	}
-	if input.AdminURL != "" && input.AdminURL != config.AdminURL.String() {
-		log.Infof("new Admin Panel URL provided, updated to %#v (old value %#v)",
-			input.AdminURL, config.AdminURL.String())
-		newURL, err := parseURL("Admin Panel URL", input.AdminURL)
-		if err != nil {
-			return updated, err
-		}
-		config.AdminURL = newURL
-		updated = true
-	}
-
-	if config.PrivateKey == "" {
-		log.Infof("generated new Wireguard key")
-		config.PrivateKey = generateKey()
-		updated = true
-	}
-
-	if config.SSHKey == "" {
-		log.Infof("generated new SSH key")
-		pem, err := ssh.GeneratePrivateKey(ssh.ED25519)
-		if err != nil {
-			return false, err
-		}
-		config.SSHKey = string(pem)
-		updated = true
-	}
-
-	if input.WireguardPort != nil && *input.WireguardPort != config.WgPort {
-		log.Infof("updating Wireguard port %d (old value %d)",
-			*input.WireguardPort, config.WgPort)
-		config.WgPort = *input.WireguardPort
-		updated = true
-	} else if config.WgPort == 0 {
-		config.WgPort = iface.DefaultWgPort
-		log.Infof("using default Wireguard port %d", config.WgPort)
-		updated = true
-	}
-
-	if input.InterfaceName != nil && *input.InterfaceName != config.WgIface {
-		log.Infof("updating Wireguard interface %#v (old value %#v)",
-			*input.InterfaceName, config.WgIface)
-		config.WgIface = *input.InterfaceName
-		updated = true
-	} else if config.WgIface == "" {
-		config.WgIface = iface.WgInterfaceDefault
-		log.Infof("using default Wireguard interface %s", config.WgIface)
-		updated = true
-	}
-
-	if input.NATExternalIPs != nil && !reflect.DeepEqual(config.NATExternalIPs, input.NATExternalIPs) {
-		log.Infof("updating NAT External IP [ %s ] (old value: [ %s ])",
-			strings.Join(input.NATExternalIPs, " "),
-			strings.Join(config.NATExternalIPs, " "))
-		config.NATExternalIPs = input.NATExternalIPs
-		updated = true
-	}
-
-	if input.PreSharedKey != nil && *input.PreSharedKey != config.PreSharedKey {
-		log.Infof("new pre-shared key provided, replacing old key")
-		config.PreSharedKey = *input.PreSharedKey
-		updated = true
-	}
-
-	if input.RosenpassEnabled != nil && *input.RosenpassEnabled != config.RosenpassEnabled {
-		log.Infof("switching Rosenpass to %t", *input.RosenpassEnabled)
-		config.RosenpassEnabled = *input.RosenpassEnabled
-		updated = true
-	}
-
-	if input.RosenpassPermissive != nil && *input.RosenpassPermissive != config.RosenpassPermissive {
-		log.Infof("switching Rosenpass permissive to %t", *input.RosenpassPermissive)
-		config.RosenpassPermissive = *input.RosenpassPermissive
-		updated = true
-	}
-
-	if input.NetworkMonitor != nil && input.NetworkMonitor != config.NetworkMonitor {
-		log.Infof("switching Network Monitor to %t", *input.NetworkMonitor)
-		config.NetworkMonitor = input.NetworkMonitor
-		updated = true
-	}
-
-	if config.NetworkMonitor == nil {
-		// enable network monitoring by default on windows and darwin clients
-		if runtime.GOOS == "windows" || runtime.GOOS == "darwin" {
-			enabled := true
-			config.NetworkMonitor = &enabled
-			updated = true
-		}
-	}
-
-	if input.CustomDNSAddress != nil && string(input.CustomDNSAddress) != config.CustomDNSAddress {
-		log.Infof("updating custom DNS address %#v (old value %#v)",
-			string(input.CustomDNSAddress), config.CustomDNSAddress)
-		config.CustomDNSAddress = string(input.CustomDNSAddress)
-		updated = true
-	}
-
-	if len(config.IFaceBlackList) == 0 {
-		log.Infof("filling in interface blacklist with defaults: [ %s ]",
-			strings.Join(defaultInterfaceBlacklist, " "))
-		config.IFaceBlackList = append(config.IFaceBlackList, defaultInterfaceBlacklist...)
-		updated = true
-	}
-
-	if len(input.ExtraIFaceBlackList) > 0 {
-		for _, iFace := range util.SliceDiff(input.ExtraIFaceBlackList, config.IFaceBlackList) {
-			log.Infof("adding new entry to interface blacklist: %s", iFace)
-			config.IFaceBlackList = append(config.IFaceBlackList, iFace)
-			updated = true
-		}
-	}
-
-	if input.DisableAutoConnect != nil && *input.DisableAutoConnect != config.DisableAutoConnect {
-		if *input.DisableAutoConnect {
-			log.Infof("turning off automatic connection on startup")
-		} else {
-			log.Infof("enabling automatic connection on startup")
-		}
-		config.DisableAutoConnect = *input.DisableAutoConnect
-		updated = true
-	}
-
-	if input.ServerSSHAllowed != nil && *input.ServerSSHAllowed != *config.ServerSSHAllowed {
-		if *input.ServerSSHAllowed {
-			log.Infof("enabling SSH server")
-		} else {
-			log.Infof("disabling SSH server")
-		}
-		config.ServerSSHAllowed = input.ServerSSHAllowed
-		updated = true
-	} else if config.ServerSSHAllowed == nil {
-		// enables SSH for configs from old versions to preserve backwards compatibility
-		log.Infof("falling back to enabled SSH server for pre-existing configuration")
-		config.ServerSSHAllowed = util.True()
-		updated = true
-	}
-
-	if input.DNSRouteInterval != nil && *input.DNSRouteInterval != config.DNSRouteInterval {
-		log.Infof("updating DNS route interval to %s (old value %s)",
-			input.DNSRouteInterval.String(), config.DNSRouteInterval.String())
-		config.DNSRouteInterval = *input.DNSRouteInterval
-		updated = true
-	} else if config.DNSRouteInterval == 0 {
-		config.DNSRouteInterval = dynamic.DefaultInterval
-		log.Infof("using default DNS route interval %s", config.DNSRouteInterval)
-		updated = true
-
-	}
-
-	return updated, nil
-}
-
 // parseURL parses and validates a service URL
 func parseURL(serviceName, serviceURL string) (*url.URL, error) {
 	parsedMgmtURL, err := url.ParseRequestURI(serviceURL)
@@ -437,85 +302,3 @@ func configFileIsExists(path string) bool {
 	_, err := os.Stat(path)
 	return !os.IsNotExist(err)
 }
-
-// UpdateOldManagementURL checks whether client can switch to the new Management URL with port 443 and the management domain.
-// If it can switch, then it updates the config and returns a new one. Otherwise, it returns the provided config.
-// The check is performed only for the NetBird's managed version.
-func UpdateOldManagementURL(ctx context.Context, config *Config, configPath string) (*Config, error) {
-	defaultManagementURL, err := parseURL("Management URL", DefaultManagementURL)
-	if err != nil {
-		return nil, err
-	}
-
-	parsedOldDefaultManagementURL, err := parseURL("Management URL", oldDefaultManagementURL)
-	if err != nil {
-		return nil, err
-	}
-
-	if config.ManagementURL.Hostname() != defaultManagementURL.Hostname() &&
-		config.ManagementURL.Hostname() != parsedOldDefaultManagementURL.Hostname() {
-		// only do the check for the NetBird's managed version
-		return config, nil
-	}
-
-	var mgmTlsEnabled bool
-	if config.ManagementURL.Scheme == "https" {
-		mgmTlsEnabled = true
-	}
-
-	if !mgmTlsEnabled {
-		// only do the check for HTTPs scheme (the hosted version of the Management service is always HTTPs)
-		return config, nil
-	}
-
-	if config.ManagementURL.Port() != managementLegacyPortString &&
-		config.ManagementURL.Hostname() == defaultManagementURL.Hostname() {
-		return config, nil
-	}
-
-	newURL, err := parseURL("Management URL", fmt.Sprintf("%s://%s:%d",
-		config.ManagementURL.Scheme, defaultManagementURL.Hostname(), 443))
-	if err != nil {
-		return nil, err
-	}
-	// here we check whether we could switch from the legacy 33073 port to the new 443
-	log.Infof("attempting to switch from the legacy Management URL %s to the new one %s",
-		config.ManagementURL.String(), newURL.String())
-	key, err := wgtypes.ParseKey(config.PrivateKey)
-	if err != nil {
-		log.Infof("couldn't switch to the new Management %s", newURL.String())
-		return config, err
-	}
-
-	client, err := mgm.NewClient(ctx, newURL.Host, key, mgmTlsEnabled)
-	if err != nil {
-		log.Infof("couldn't switch to the new Management %s", newURL.String())
-		return config, err
-	}
-	defer func() {
-		err = client.Close()
-		if err != nil {
-			log.Warnf("failed to close the Management service client %v", err)
-		}
-	}()
-
-	// gRPC check
-	_, err = client.GetServerPublicKey()
-	if err != nil {
-		log.Infof("couldn't switch to the new Management %s", newURL.String())
-		return nil, err
-	}
-
-	// everything is alright => update the config
-	newConfig, err := UpdateConfig(ConfigInput{
-		ManagementURL: newURL.String(),
-		ConfigPath:    configPath,
-	})
-	if err != nil {
-		log.Infof("couldn't switch to the new Management %s", newURL.String())
-		return config, fmt.Errorf("failed updating config file: %v", err)
-	}
-	log.Infof("successfully switched to the new Management URL: %s", newURL.String())
-
-	return newConfig, nil
-}
--- a/client/internal/config_test.go
+++ b/client/internal/config_test.go
@@ -1,14 +1,12 @@
 package internal

 import (
-	"context"
 	"errors"
 	"os"
 	"path/filepath"
 	"testing"

 	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"

 	"github.com/netbirdio/netbird/util"
 )
@@ -18,6 +16,7 @@ func TestGetConfig(t *testing.T) {
 	config, err := UpdateOrCreateConfig(ConfigInput{
 		ConfigPath: filepath.Join(t.TempDir(), "config.json"),
 	})
+
 	if err != nil {
 		return
 	}
@@ -85,26 +84,6 @@ func TestGetConfig(t *testing.T) {
 	assert.Equal(t, readConf.(*Config).ManagementURL.String(), newManagementURL)
 }

-func TestExtraIFaceBlackList(t *testing.T) {
-	extraIFaceBlackList := []string{"eth1"}
-	path := filepath.Join(t.TempDir(), "config.json")
-	config, err := UpdateOrCreateConfig(ConfigInput{
-		ConfigPath:          path,
-		ExtraIFaceBlackList: extraIFaceBlackList,
-	})
-	if err != nil {
-		return
-	}
-
-	assert.Contains(t, config.IFaceBlackList, "eth1")
-	readConf, err := util.ReadJson(path, config)
-	if err != nil {
-		return
-	}
-
-	assert.Contains(t, readConf.(*Config).IFaceBlackList, "eth1")
-}
-
 func TestHiddenPreSharedKey(t *testing.T) {
 	hidden := "**********"
 	samplePreSharedKey := "mysecretpresharedkey"
@@ -130,6 +109,7 @@ func TestHiddenPreSharedKey(t *testing.T) {
 				ConfigPath:   cfgFile,
 				PreSharedKey: tt.preSharedKey,
 			})
+
 			if err != nil {
 				t.Fatalf("failed to get cfg: %s", err)
 			}
@@ -140,60 +120,3 @@ func TestHiddenPreSharedKey(t *testing.T) {
 		})
 	}
 }
-
-func TestUpdateOldManagementURL(t *testing.T) {
-	tests := []struct {
-		name                  string
-		previousManagementURL string
-		expectedManagementURL string
-		fileShouldNotChange   bool
-	}{
-		{
-			name:                  "Update old management URL with legacy port",
-			previousManagementURL: "https://api.wiretrustee.com:33073",
-			expectedManagementURL: DefaultManagementURL,
-		},
-		{
-			name:                  "Update old management URL",
-			previousManagementURL: oldDefaultManagementURL,
-			expectedManagementURL: DefaultManagementURL,
-		},
-		{
-			name:                  "No update needed when management URL is up to date",
-			previousManagementURL: DefaultManagementURL,
-			expectedManagementURL: DefaultManagementURL,
-			fileShouldNotChange:   true,
-		},
-		{
-			name:                  "No update needed when not using cloud management",
-			previousManagementURL: "https://netbird.example.com:33073",
-			expectedManagementURL: "https://netbird.example.com:33073",
-			fileShouldNotChange:   true,
-		},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			tempDir := t.TempDir()
-			configPath := filepath.Join(tempDir, "config.json")
-			config, err := UpdateOrCreateConfig(ConfigInput{
-				ManagementURL: tt.previousManagementURL,
-				ConfigPath:    configPath,
-			})
-			require.NoError(t, err, "failed to create testing config")
-			previousStats, err := os.Stat(configPath)
-			require.NoError(t, err, "failed to create testing config stats")
-			resultConfig, err := UpdateOldManagementURL(context.TODO(), config, configPath)
-			require.NoError(t, err, "got error when updating old management url")
-			require.Equal(t, tt.expectedManagementURL, resultConfig.ManagementURL.String())
-			newStats, err := os.Stat(configPath)
-			require.NoError(t, err, "failed to create testing config stats")
-			switch tt.fileShouldNotChange {
-			case true:
-				require.Equal(t, previousStats.ModTime(), newStats.ModTime(), "file should not change")
-			case false:
-				require.NotEqual(t, previousStats.ModTime(), newStats.ModTime(), "file should have changed")
-			}
-		})
-	}
-}
--- a/client/internal/connect.go
+++ b/client/internal/connect.go
@@ -2,13 +2,8 @@ package internal

 import (
 	"context"
-	"errors"
 	"fmt"
-	"net"
-	"runtime"
-	"runtime/debug"
 	"strings"
-	"sync"
 	"time"

 	"github.com/cenkalti/backoff/v4"
@@ -27,55 +22,16 @@ import (
 	mgm "github.com/netbirdio/netbird/management/client"
 	mgmProto "github.com/netbirdio/netbird/management/proto"
 	signal "github.com/netbirdio/netbird/signal/client"
-	"github.com/netbirdio/netbird/util"
 	"github.com/netbirdio/netbird/version"
 )

-type ConnectClient struct {
-	ctx            context.Context
-	config         *Config
-	statusRecorder *peer.Status
-	engine         *Engine
-	engineMutex    sync.Mutex
+// RunClient with main logic.
+func RunClient(ctx context.Context, config *Config, statusRecorder *peer.Status) error {
+	return runClient(ctx, config, statusRecorder, MobileDependency{})
 }

-func NewConnectClient(
-	ctx context.Context,
-	config *Config,
-	statusRecorder *peer.Status,
-
-) *ConnectClient {
-	return &ConnectClient{
-		ctx:            ctx,
-		config:         config,
-		statusRecorder: statusRecorder,
-		engineMutex:    sync.Mutex{},
-	}
-}
-
-// Run with main logic.
-func (c *ConnectClient) Run() error {
-	return c.run(MobileDependency{}, nil, nil, nil, nil)
-}
-
-// RunWithProbes runs the client's main logic with probes attached
-func (c *ConnectClient) RunWithProbes(
-	mgmProbe *Probe,
-	signalProbe *Probe,
-	relayProbe *Probe,
-	wgProbe *Probe,
-) error {
-	return c.run(MobileDependency{}, mgmProbe, signalProbe, relayProbe, wgProbe)
-}
-
-// RunOnAndroid with main logic on mobile system
-func (c *ConnectClient) RunOnAndroid(
-	tunAdapter iface.TunAdapter,
-	iFaceDiscover stdnet.ExternalIFaceDiscover,
-	networkChangeListener listener.NetworkChangeListener,
-	dnsAddresses []string,
-	dnsReadyListener dns.ReadyListener,
-) error {
+// RunClientMobile with main logic on mobile system
+func RunClientMobile(ctx context.Context, config *Config, statusRecorder *peer.Status, tunAdapter iface.TunAdapter, iFaceDiscover stdnet.ExternalIFaceDiscover, networkChangeListener listener.NetworkChangeListener, dnsAddresses []string, dnsReadyListener dns.ReadyListener) error {
 	// in case of non Android os these variables will be nil
 	mobileDependency := MobileDependency{
 		TunAdapter:            tunAdapter,
@@ -84,45 +40,11 @@ func (c *ConnectClient) RunOnAndroid(
 		HostDNSAddresses:      dnsAddresses,
 		DnsReadyListener:      dnsReadyListener,
 	}
-	return c.run(mobileDependency, nil, nil, nil, nil)
+	return runClient(ctx, config, statusRecorder, mobileDependency)
 }

-func (c *ConnectClient) RunOniOS(
-	fileDescriptor int32,
-	networkChangeListener listener.NetworkChangeListener,
-	dnsManager dns.IosDnsManager,
-) error {
-	// Set GC percent to 5% to reduce memory usage as iOS only allows 50MB of memory for the extension.
-	debug.SetGCPercent(5)
-
-	mobileDependency := MobileDependency{
-		FileDescriptor:        fileDescriptor,
-		NetworkChangeListener: networkChangeListener,
-		DnsManager:            dnsManager,
-	}
-	return c.run(mobileDependency, nil, nil, nil, nil)
-}
-
-func (c *ConnectClient) run(
-	mobileDependency MobileDependency,
-	mgmProbe *Probe,
-	signalProbe *Probe,
-	relayProbe *Probe,
-	wgProbe *Probe,
-) error {
-	defer func() {
-		if r := recover(); r != nil {
-			log.Panicf("Panic occurred: %v, stack trace: %s", r, string(debug.Stack()))
-		}
-	}()
-
-	log.Infof("starting NetBird client version %s on %s/%s", version.NetbirdVersion(), runtime.GOOS, runtime.GOARCH)
-
-	// Check if client was not shut down in a clean way and restore DNS config if required.
-	// Otherwise, we might not be able to connect to the management server to retrieve new config.
-	if err := dns.CheckUncleanShutdown(c.config.WgIface); err != nil {
-		log.Errorf("checking unclean shutdown error: %s", err)
-	}
+func runClient(ctx context.Context, config *Config, statusRecorder *peer.Status, mobileDependency MobileDependency) error {
+	log.Infof("starting NetBird client version %s", version.NetbirdVersion())

 	backOff := &backoff.ExponentialBackOff{
 		InitialInterval:     time.Second,
@@ -134,7 +56,7 @@ func (c *ConnectClient) run(
 		Clock:               backoff.SystemClock,
 	}

-	state := CtxGetState(c.ctx)
+	state := CtxGetState(ctx)
 	defer func() {
 		s, err := state.Status()
 		if err != nil || s != StatusNeedsLogin {
@@ -143,49 +65,49 @@ func (c *ConnectClient) run(
 	}()

 	wrapErr := state.Wrap
-	myPrivateKey, err := wgtypes.ParseKey(c.config.PrivateKey)
+	myPrivateKey, err := wgtypes.ParseKey(config.PrivateKey)
 	if err != nil {
-		log.Errorf("failed parsing Wireguard key %s: [%s]", c.config.PrivateKey, err.Error())
+		log.Errorf("failed parsing Wireguard key %s: [%s]", config.PrivateKey, err.Error())
 		return wrapErr(err)
 	}

 	var mgmTlsEnabled bool
-	if c.config.ManagementURL.Scheme == "https" {
+	if config.ManagementURL.Scheme == "https" {
 		mgmTlsEnabled = true
 	}

-	publicSSHKey, err := ssh.GeneratePublicKey([]byte(c.config.SSHKey))
+	publicSSHKey, err := ssh.GeneratePublicKey([]byte(config.SSHKey))
 	if err != nil {
 		return err
 	}

-	defer c.statusRecorder.ClientStop()
+	defer statusRecorder.ClientStop()
 	operation := func() error {
 		// if context cancelled we not start new backoff cycle
 		select {
-		case <-c.ctx.Done():
+		case <-ctx.Done():
 			return nil
 		default:
 		}

 		state.Set(StatusConnecting)

-		engineCtx, cancel := context.WithCancel(c.ctx)
+		engineCtx, cancel := context.WithCancel(ctx)
 		defer func() {
-			c.statusRecorder.MarkManagementDisconnected(state.err)
-			c.statusRecorder.CleanLocalPeerState()
+			statusRecorder.MarkManagementDisconnected()
+			statusRecorder.CleanLocalPeerState()
 			cancel()
 		}()

-		log.Debugf("connecting to the Management service %s", c.config.ManagementURL.Host)
-		mgmClient, err := mgm.NewClient(engineCtx, c.config.ManagementURL.Host, myPrivateKey, mgmTlsEnabled)
+		log.Debugf("connecting to the Management service %s", config.ManagementURL.Host)
+		mgmClient, err := mgm.NewClient(engineCtx, config.ManagementURL.Host, myPrivateKey, mgmTlsEnabled)
 		if err != nil {
 			return wrapErr(gstatus.Errorf(codes.FailedPrecondition, "failed connecting to Management Service : %s", err))
 		}
-		mgmNotifier := statusRecorderToMgmConnStateNotifier(c.statusRecorder)
+		mgmNotifier := statusRecorderToMgmConnStateNotifier(statusRecorder)
 		mgmClient.SetConnStateListener(mgmNotifier)

-		log.Debugf("connected to the Management service %s", c.config.ManagementURL.Host)
+		log.Debugf("connected to the Management service %s", config.ManagementURL.Host)
 		defer func() {
 			err = mgmClient.Close()
 			if err != nil {
@@ -203,7 +125,7 @@ func (c *ConnectClient) run(
 			}
 			return wrapErr(err)
 		}
-		c.statusRecorder.MarkManagementConnected()
+		statusRecorder.MarkManagementConnected()

 		localPeerState := peer.LocalPeerState{
 			IP:              loginResp.GetPeerConfig().GetAddress(),
@@ -212,19 +134,17 @@ func (c *ConnectClient) run(
 			FQDN:            loginResp.GetPeerConfig().GetFqdn(),
 		}

-		c.statusRecorder.UpdateLocalPeerState(localPeerState)
+		statusRecorder.UpdateLocalPeerState(localPeerState)

 		signalURL := fmt.Sprintf("%s://%s",
 			strings.ToLower(loginResp.GetWiretrusteeConfig().GetSignal().GetProtocol().String()),
 			loginResp.GetWiretrusteeConfig().GetSignal().GetUri(),
 		)

-		c.statusRecorder.UpdateSignalAddress(signalURL)
+		statusRecorder.UpdateSignalAddress(signalURL)

-		c.statusRecorder.MarkSignalDisconnected(nil)
-		defer func() {
-			c.statusRecorder.MarkSignalDisconnected(state.err)
-		}()
+		statusRecorder.MarkSignalDisconnected()
+		defer statusRecorder.MarkSignalDisconnected()

 		// with the global Wiretrustee config in hand connect (just a connection, no stream yet) Signal
 		signalClient, err := connectToSignal(engineCtx, loginResp.GetWiretrusteeConfig(), myPrivateKey)
@@ -239,40 +159,35 @@ func (c *ConnectClient) run(
 			}
 		}()

-		signalNotifier := statusRecorderToSignalConnStateNotifier(c.statusRecorder)
+		signalNotifier := statusRecorderToSignalConnStateNotifier(statusRecorder)
 		signalClient.SetConnStateListener(signalNotifier)

-		c.statusRecorder.MarkSignalConnected()
+		statusRecorder.MarkSignalConnected()

 		peerConfig := loginResp.GetPeerConfig()

-		engineConfig, err := createEngineConfig(myPrivateKey, c.config, peerConfig)
+		engineConfig, err := createEngineConfig(myPrivateKey, config, peerConfig)
 		if err != nil {
 			log.Error(err)
 			return wrapErr(err)
 		}

-		checks := loginResp.GetChecks()
-
-		c.engineMutex.Lock()
-		c.engine = NewEngineWithProbes(engineCtx, cancel, signalClient, mgmClient, engineConfig, mobileDependency, c.statusRecorder, mgmProbe, signalProbe, relayProbe, wgProbe, checks)
-		c.engineMutex.Unlock()
-
-		err = c.engine.Start()
+		engine := NewEngine(engineCtx, cancel, signalClient, mgmClient, engineConfig, mobileDependency, statusRecorder)
+		err = engine.Start()
 		if err != nil {
 			log.Errorf("error while starting Netbird Connection Engine: %s", err)
 			return wrapErr(err)
 		}

-		log.Infof("Netbird engine started, the IP is: %s", peerConfig.GetAddress())
+		log.Print("Netbird engine started, my IP is: ", peerConfig.Address)
 		state.Set(StatusConnected)

 		<-engineCtx.Done()
-		c.statusRecorder.ClientTeardown()
+		statusRecorder.ClientTeardown()

 		backOff.Reset()

-		err = c.engine.Stop()
+		err = engine.Stop()
 		if err != nil {
 			log.Errorf("failed stopping engine %v", err)
 			return wrapErr(err)
@@ -280,14 +195,14 @@ func (c *ConnectClient) run(

 		log.Info("stopped NetBird client")

-		if _, err := state.Status(); errors.Is(err, ErrResetConnection) {
+		if _, err := state.Status(); err == ErrResetConnection {
 			return err
 		}

 		return nil
 	}

-	c.statusRecorder.ClientStart()
+	statusRecorder.ClientStart()
 	err = backoff.Retry(operation, backOff)
 	if err != nil {
 		log.Debugf("exiting client retry loop due to unrecoverable error: %s", err)
@@ -299,20 +214,8 @@ func (c *ConnectClient) run(
 	return nil
 }

-func (c *ConnectClient) Engine() *Engine {
-	var e *Engine
-	c.engineMutex.Lock()
-	e = c.engine
-	c.engineMutex.Unlock()
-	return e
-}
-
 // createEngineConfig converts configuration received from Management Service to EngineConfig
 func createEngineConfig(key wgtypes.Key, config *Config, peerConfig *mgmProto.PeerConfig) (*EngineConfig, error) {
-	nm := false
-	if config.NetworkMonitor != nil {
-		nm = *config.NetworkMonitor
-	}
 	engineConf := &EngineConfig{
 		WgIfaceName:          config.WgIface,
 		WgAddr:               peerConfig.Address,
@@ -320,14 +223,9 @@ func createEngineConfig(key wgtypes.Key, config *Config, peerConfig *mgmProto.Pe
 		DisableIPv6Discovery: config.DisableIPv6Discovery,
 		WgPrivateKey:         key,
 		WgPort:               config.WgPort,
-		NetworkMonitor:       nm,
 		SSHKey:               []byte(config.SSHKey),
 		NATExternalIPs:       config.NATExternalIPs,
 		CustomDNSAddress:     config.CustomDNSAddress,
-		RosenpassEnabled:     config.RosenpassEnabled,
-		RosenpassPermissive:  config.RosenpassPermissive,
-		ServerSSHAllowed:     util.ReturnBoolWithDefaultTrue(config.ServerSSHAllowed),
-		DNSRouteInterval:     config.DNSRouteInterval,
 	}

 	if config.PreSharedKey != "" {
@@ -338,15 +236,6 @@ func createEngineConfig(key wgtypes.Key, config *Config, peerConfig *mgmProto.Pe
 		engineConf.PreSharedKey = &preSharedKey
 	}

-	port, err := freePort(config.WgPort)
-	if err != nil {
-		return nil, err
-	}
-	if port != config.WgPort {
-		log.Infof("using %d as wireguard port: %d is in use", port, config.WgPort)
-	}
-	engineConf.WgPort = port
-
 	return engineConf, nil
 }

@@ -385,6 +274,83 @@ func loginToManagement(ctx context.Context, client mgm.Client, pubSSHKey []byte)
 	return loginResp, nil
 }

+// UpdateOldManagementPort checks whether client can switch to the new Management port 443.
+// If it can switch, then it updates the config and returns a new one. Otherwise, it returns the provided config.
+// The check is performed only for the NetBird's managed version.
+func UpdateOldManagementPort(ctx context.Context, config *Config, configPath string) (*Config, error) {
+
+	defaultManagementURL, err := parseURL("Management URL", DefaultManagementURL)
+	if err != nil {
+		return nil, err
+	}
+
+	if config.ManagementURL.Hostname() != defaultManagementURL.Hostname() {
+		// only do the check for the NetBird's managed version
+		return config, nil
+	}
+
+	var mgmTlsEnabled bool
+	if config.ManagementURL.Scheme == "https" {
+		mgmTlsEnabled = true
+	}
+
+	if !mgmTlsEnabled {
+		// only do the check for HTTPs scheme (the hosted version of the Management service is always HTTPs)
+		return config, nil
+	}
+
+	if mgmTlsEnabled && config.ManagementURL.Port() == fmt.Sprintf("%d", ManagementLegacyPort) {
+
+		newURL, err := parseURL("Management URL", fmt.Sprintf("%s://%s:%d",
+			config.ManagementURL.Scheme, config.ManagementURL.Hostname(), 443))
+		if err != nil {
+			return nil, err
+		}
+		// here we check whether we could switch from the legacy 33073 port to the new 443
+		log.Infof("attempting to switch from the legacy Management URL %s to the new one %s",
+			config.ManagementURL.String(), newURL.String())
+		key, err := wgtypes.ParseKey(config.PrivateKey)
+		if err != nil {
+			log.Infof("couldn't switch to the new Management %s", newURL.String())
+			return config, err
+		}
+
+		client, err := mgm.NewClient(ctx, newURL.Host, key, mgmTlsEnabled)
+		if err != nil {
+			log.Infof("couldn't switch to the new Management %s", newURL.String())
+			return config, err
+		}
+		defer func() {
+			err = client.Close()
+			if err != nil {
+				log.Warnf("failed to close the Management service client %v", err)
+			}
+		}()
+
+		// gRPC check
+		_, err = client.GetServerPublicKey()
+		if err != nil {
+			log.Infof("couldn't switch to the new Management %s", newURL.String())
+			return nil, err
+		}
+
+		// everything is alright => update the config
+		newConfig, err := UpdateConfig(ConfigInput{
+			ManagementURL: newURL.String(),
+			ConfigPath:    configPath,
+		})
+		if err != nil {
+			log.Infof("couldn't switch to the new Management %s", newURL.String())
+			return config, fmt.Errorf("failed updating config file: %v", err)
+		}
+		log.Infof("successfully switched to the new Management URL: %s", newURL.String())
+
+		return newConfig, nil
+	}
+
+	return config, nil
+}
+
 func statusRecorderToMgmConnStateNotifier(statusRecorder *peer.Status) mgm.ConnStateNotifier {
 	var sri interface{} = statusRecorder
 	mgmNotifier, _ := sri.(mgm.ConnStateNotifier)
@@ -396,20 +362,3 @@ func statusRecorderToSignalConnStateNotifier(statusRecorder *peer.Status) signal
 	notifier, _ := sri.(signal.ConnStateNotifier)
 	return notifier
 }
-
-func freePort(start int) (int, error) {
-	addr := net.UDPAddr{}
-	if start == 0 {
-		start = iface.DefaultWgPort
-	}
-	for x := start; x <= 65535; x++ {
-		addr.Port = x
-		conn, err := net.ListenUDP("udp", &addr)
-		if err != nil {
-			continue
-		}
-		conn.Close()
-		return x, nil
-	}
-	return 0, errors.New("no free ports")
-}
--- a/client/internal/connect_test.go
+++ b/client/internal/connect_test.go
@@ -1,57 +0,0 @@
-package internal
-
-import (
-	"net"
-	"testing"
-)
-
-func Test_freePort(t *testing.T) {
-	tests := []struct {
-		name    string
-		port    int
-		want    int
-		wantErr bool
-	}{
-		{
-			name:    "available",
-			port:    51820,
-			want:    51820,
-			wantErr: false,
-		},
-		{
-			name:    "notavailable",
-			port:    51830,
-			want:    51831,
-			wantErr: false,
-		},
-		{
-			name:    "noports",
-			port:    65535,
-			want:    0,
-			wantErr: true,
-		},
-	}
-	for _, tt := range tests {
-
-		c1, err := net.ListenUDP("udp", &net.UDPAddr{Port: 51830})
-		if err != nil {
-			t.Errorf("freePort error = %v", err)
-		}
-		c2, err := net.ListenUDP("udp", &net.UDPAddr{Port: 65535})
-		if err != nil {
-			t.Errorf("freePort error = %v", err)
-		}
-		t.Run(tt.name, func(t *testing.T) {
-			got, err := freePort(tt.port)
-			if (err != nil) != tt.wantErr {
-				t.Errorf("freePort() error = %v, wantErr %v", err, tt.wantErr)
-				return
-			}
-			if got != tt.want {
-				t.Errorf("freePort() = %v, want %v", got, tt.want)
-			}
-		})
-		c1.Close()
-		c2.Close()
-	}
-}
--- a/client/internal/dns/consts_freebsd.go
+++ b/client/internal/dns/consts_freebsd.go
@@ -1,6 +0,0 @@
-package dns
-
-const (
-	fileUncleanShutdownResolvConfLocation  = "/var/db/netbird/resolv.conf"
-	fileUncleanShutdownManagerTypeLocation = "/var/db/netbird/manager"
-)
--- a/client/internal/dns/consts_linux.go
+++ b/client/internal/dns/consts_linux.go
@@ -1,8 +0,0 @@
-//go:build !android
-
-package dns
-
-const (
-	fileUncleanShutdownResolvConfLocation  = "/var/lib/netbird/resolv.conf"
-	fileUncleanShutdownManagerTypeLocation = "/var/lib/netbird/manager"
-)
--- a/client/internal/dns/dbus_linux.go
+++ b/client/internal/dns/dbus_linux.go
@@ -1,14 +1,12 @@
-//go:build (linux && !android) || freebsd
+//go:build !android

 package dns

 import (
 	"context"
-	"fmt"
-	"time"
-
 	"github.com/godbus/dbus/v5"
 	log "github.com/sirupsen/logrus"
+	"time"
 )

 const dbusDefaultFlag = 0
@@ -16,7 +14,6 @@ const dbusDefaultFlag = 0
 func isDbusListenerRunning(dest string, path dbus.ObjectPath) bool {
 	obj, closeConn, err := getDbusObject(dest, path)
 	if err != nil {
-		log.Tracef("error getting dbus object: %s", err)
 		return false
 	}
 	defer closeConn()
@@ -24,18 +21,14 @@ func isDbusListenerRunning(dest string, path dbus.ObjectPath) bool {
 	ctx, cancel := context.WithTimeout(context.TODO(), 5*time.Second)
 	defer cancel()

-	if err = obj.CallWithContext(ctx, "org.freedesktop.DBus.Peer.Ping", 0).Store(); err != nil {
-		log.Tracef("error calling dbus: %s", err)
-		return false
-	}
-
-	return true
+	err = obj.CallWithContext(ctx, "org.freedesktop.DBus.Peer.Ping", 0).Store()
+	return err == nil
 }

 func getDbusObject(dest string, path dbus.ObjectPath) (dbus.BusObject, func(), error) {
 	conn, err := dbus.SystemBus()
 	if err != nil {
-		return nil, nil, fmt.Errorf("get dbus: %w", err)
+		return nil, nil, err
 	}
 	obj := conn.Object(dest, path)

--- a/client/internal/dns/file_linux.go
+++ b/client/internal/dns/file_linux.go
@@ -0,0 +1,268 @@
+//go:build !android
+
+package dns
+
+import (
+	"bufio"
+	"bytes"
+	"fmt"
+	"os"
+	"strings"
+
+	log "github.com/sirupsen/logrus"
+)
+
+const (
+	fileGeneratedResolvConfContentHeader         = "# Generated by NetBird"
+	fileGeneratedResolvConfContentHeaderNextLine = fileGeneratedResolvConfContentHeader + `
+# If needed you can restore the original file by copying back ` + fileDefaultResolvConfBackupLocation + "\n\n"
+
+	fileDefaultResolvConfBackupLocation = defaultResolvConfPath + ".original.netbird"
+
+	fileMaxLineCharsLimit        = 256
+	fileMaxNumberOfSearchDomains = 6
+)
+
+type fileConfigurator struct {
+	originalPerms os.FileMode
+}
+
+func newFileConfigurator() (hostManager, error) {
+	return &fileConfigurator{}, nil
+}
+
+func (f *fileConfigurator) supportCustomPort() bool {
+	return false
+}
+
+func (f *fileConfigurator) applyDNSConfig(config hostDNSConfig) error {
+	backupFileExist := false
+	_, err := os.Stat(fileDefaultResolvConfBackupLocation)
+	if err == nil {
+		backupFileExist = true
+	}
+
+	if !config.routeAll {
+		if backupFileExist {
+			err = f.restore()
+			if err != nil {
+				return fmt.Errorf("unable to configure DNS for this peer using file manager without a Primary nameserver group. Restoring the original file return err: %s", err)
+			}
+		}
+		return fmt.Errorf("unable to configure DNS for this peer using file manager without a nameserver group with all domains configured")
+	}
+
+	if !backupFileExist {
+		err = f.backup()
+		if err != nil {
+			return fmt.Errorf("unable to backup the resolv.conf file")
+		}
+	}
+
+	searchDomainList := searchDomains(config)
+
+	originalSearchDomains, nameServers, others, err := originalDNSConfigs(fileDefaultResolvConfBackupLocation)
+	if err != nil {
+		log.Error(err)
+	}
+
+	searchDomainList = mergeSearchDomains(searchDomainList, originalSearchDomains)
+
+	buf := prepareResolvConfContent(
+		searchDomainList,
+		append([]string{config.serverIP}, nameServers...),
+		others)
+
+	log.Debugf("creating managed file %s", defaultResolvConfPath)
+	err = os.WriteFile(defaultResolvConfPath, buf.Bytes(), f.originalPerms)
+	if err != nil {
+		restoreErr := f.restore()
+		if restoreErr != nil {
+			log.Errorf("attempt to restore default file failed with error: %s", err)
+		}
+		return fmt.Errorf("got an creating resolver file %s. Error: %s", defaultResolvConfPath, err)
+	}
+
+	log.Infof("created a NetBird managed %s file with your DNS settings. Added %d search domains. Search list: %s", defaultResolvConfPath, len(searchDomainList), searchDomainList)
+	return nil
+}
+
+func (f *fileConfigurator) restoreHostDNS() error {
+	return f.restore()
+}
+
+func (f *fileConfigurator) backup() error {
+	stats, err := os.Stat(defaultResolvConfPath)
+	if err != nil {
+		return fmt.Errorf("got an error while checking stats for %s file. Error: %s", defaultResolvConfPath, err)
+	}
+
+	f.originalPerms = stats.Mode()
+
+	err = copyFile(defaultResolvConfPath, fileDefaultResolvConfBackupLocation)
+	if err != nil {
+		return fmt.Errorf("got error while backing up the %s file. Error: %s", defaultResolvConfPath, err)
+	}
+	return nil
+}
+
+func (f *fileConfigurator) restore() error {
+	err := copyFile(fileDefaultResolvConfBackupLocation, defaultResolvConfPath)
+	if err != nil {
+		return fmt.Errorf("got error while restoring the %s file from %s. Error: %s", defaultResolvConfPath, fileDefaultResolvConfBackupLocation, err)
+	}
+
+	return os.RemoveAll(fileDefaultResolvConfBackupLocation)
+}
+
+func prepareResolvConfContent(searchDomains, nameServers, others []string) bytes.Buffer {
+	var buf bytes.Buffer
+	buf.WriteString(fileGeneratedResolvConfContentHeaderNextLine)
+
+	for _, cfgLine := range others {
+		buf.WriteString(cfgLine)
+		buf.WriteString("\n")
+	}
+
+	if len(searchDomains) > 0 {
+		buf.WriteString("search ")
+		buf.WriteString(strings.Join(searchDomains, " "))
+		buf.WriteString("\n")
+	}
+
+	for _, ns := range nameServers {
+		buf.WriteString("nameserver ")
+		buf.WriteString(ns)
+		buf.WriteString("\n")
+	}
+	return buf
+}
+
+func searchDomains(config hostDNSConfig) []string {
+	listOfDomains := make([]string, 0)
+	for _, dConf := range config.domains {
+		if dConf.matchOnly || dConf.disabled {
+			continue
+		}
+
+		listOfDomains = append(listOfDomains, dConf.domain)
+	}
+	return listOfDomains
+}
+
+func originalDNSConfigs(resolvconfFile string) (searchDomains, nameServers, others []string, err error) {
+	file, err := os.Open(resolvconfFile)
+	if err != nil {
+		err = fmt.Errorf(`could not read existing resolv.conf`)
+		return
+	}
+	defer file.Close()
+
+	reader := bufio.NewReader(file)
+
+	for {
+		lineBytes, isPrefix, readErr := reader.ReadLine()
+		if readErr != nil {
+			break
+		}
+
+		if isPrefix {
+			err = fmt.Errorf(`resolv.conf line too long`)
+			return
+		}
+
+		line := strings.TrimSpace(string(lineBytes))
+
+		if strings.HasPrefix(line, "#") {
+			continue
+		}
+
+		if strings.HasPrefix(line, "domain") {
+			continue
+		}
+
+		if strings.HasPrefix(line, "options") && strings.Contains(line, "rotate") {
+			line = strings.ReplaceAll(line, "rotate", "")
+			splitLines := strings.Fields(line)
+			if len(splitLines) == 1 {
+				continue
+			}
+			line = strings.Join(splitLines, " ")
+		}
+
+		if strings.HasPrefix(line, "search") {
+			splitLines := strings.Fields(line)
+			if len(splitLines) < 2 {
+				continue
+			}
+
+			searchDomains = splitLines[1:]
+			continue
+		}
+
+		if strings.HasPrefix(line, "nameserver") {
+			splitLines := strings.Fields(line)
+			if len(splitLines) != 2 {
+				continue
+			}
+			nameServers = append(nameServers, splitLines[1])
+			continue
+		}
+
+		others = append(others, line)
+	}
+	return
+}
+
+// merge search domains lists and cut off the list if it is too long
+func mergeSearchDomains(searchDomains []string, originalSearchDomains []string) []string {
+	lineSize := len("search")
+	searchDomainsList := make([]string, 0, len(searchDomains)+len(originalSearchDomains))
+
+	lineSize = validateAndFillSearchDomains(lineSize, &searchDomainsList, searchDomains)
+	_ = validateAndFillSearchDomains(lineSize, &searchDomainsList, originalSearchDomains)
+
+	return searchDomainsList
+}
+
+// validateAndFillSearchDomains checks if the search domains list is not too long and if the line is not too long
+// extend s slice with vs elements
+// return with the number of characters in the searchDomains line
+func validateAndFillSearchDomains(initialLineChars int, s *[]string, vs []string) int {
+	for _, sd := range vs {
+		tmpCharsNumber := initialLineChars + 1 + len(sd)
+		if tmpCharsNumber > fileMaxLineCharsLimit {
+			// lets log all skipped domains
+			log.Infof("search list line is larger than %d characters. Skipping append of %s domain", fileMaxLineCharsLimit, sd)
+			continue
+		}
+
+		initialLineChars = tmpCharsNumber
+
+		if len(*s) >= fileMaxNumberOfSearchDomains {
+			// lets log all skipped domains
+			log.Infof("already appended %d domains to search list. Skipping append of %s domain", fileMaxNumberOfSearchDomains, sd)
+			continue
+		}
+		*s = append(*s, sd)
+	}
+	return initialLineChars
+}
+
+func copyFile(src, dest string) error {
+	stats, err := os.Stat(src)
+	if err != nil {
+		return fmt.Errorf("got an error while checking stats for %s file when copying it. Error: %s", src, err)
+	}
+
+	bytesRead, err := os.ReadFile(src)
+	if err != nil {
+		return fmt.Errorf("got an error while reading the file %s file for copy. Error: %s", src, err)
+	}
+
+	err = os.WriteFile(dest, bytesRead, stats.Mode())
+	if err != nil {
+		return fmt.Errorf("got an writing the destination file %s for copy. Error: %s", dest, err)
+	}
+	return nil
+}
--- a/client/internal/dns/file_linux_test.go
+++ b/client/internal/dns/file_linux_test.go
@@ -1,5 +1,3 @@
-//go:build (linux && !android) || freebsd
-
 package dns

 import (
@@ -9,7 +7,7 @@ import (

 func Test_mergeSearchDomains(t *testing.T) {
 	searchDomains := []string{"a", "b"}
-	originDomains := []string{"c", "d"}
+	originDomains := []string{"a", "b"}
 	mergedDomains := mergeSearchDomains(searchDomains, originDomains)
 	if len(mergedDomains) != 4 {
 		t.Errorf("invalid len of result domains: %d, want: %d", len(mergedDomains), 4)
@@ -51,67 +49,6 @@ func Test_mergeSearchTooLongDomain(t *testing.T) {
 	}
 }

-func Test_isContains(t *testing.T) {
-	type args struct {
-		subList []string
-		list    []string
-	}
-	tests := []struct {
-		args args
-		want bool
-	}{
-		{
-			args: args{
-				subList: []string{"a", "b", "c"},
-				list:    []string{"a", "b", "c"},
-			},
-			want: true,
-		},
-		{
-			args: args{
-				subList: []string{"a"},
-				list:    []string{"a", "b", "c"},
-			},
-			want: true,
-		},
-		{
-			args: args{
-				subList: []string{"d"},
-				list:    []string{"a", "b", "c"},
-			},
-			want: false,
-		},
-		{
-			args: args{
-				subList: []string{"a"},
-				list:    []string{},
-			},
-			want: false,
-		},
-		{
-			args: args{
-				subList: []string{},
-				list:    []string{"b"},
-			},
-			want: true,
-		},
-		{
-			args: args{
-				subList: []string{},
-				list:    []string{},
-			},
-			want: true,
-		},
-	}
-	for _, tt := range tests {
-		t.Run("list check test", func(t *testing.T) {
-			if got := isContains(tt.args.subList, tt.args.list); got != tt.want {
-				t.Errorf("isContains() = %v, want %v", got, tt.want)
-			}
-		})
-	}
-}
-
 func getLongLine() string {
 	x := "search "
 	for {
--- a/client/internal/dns/file_parser_unix.go
+++ b/client/internal/dns/file_parser_unix.go
@@ -1,168 +0,0 @@
-//go:build (linux && !android) || freebsd
-
-package dns
-
-import (
-	"fmt"
-	"os"
-	"regexp"
-	"strings"
-
-	log "github.com/sirupsen/logrus"
-)
-
-const (
-	defaultResolvConfPath = "/etc/resolv.conf"
-)
-
-var timeoutRegex = regexp.MustCompile(`timeout:\d+`)
-var attemptsRegex = regexp.MustCompile(`attempts:\d+`)
-
-type resolvConf struct {
-	nameServers   []string
-	searchDomains []string
-	others        []string
-}
-
-func (r *resolvConf) String() string {
-	return fmt.Sprintf("search domains: %v, name servers: %v, others: %s", r.searchDomains, r.nameServers, r.others)
-}
-
-func parseDefaultResolvConf() (*resolvConf, error) {
-	return parseResolvConfFile(defaultResolvConfPath)
-}
-
-func parseBackupResolvConf() (*resolvConf, error) {
-	return parseResolvConfFile(fileDefaultResolvConfBackupLocation)
-}
-
-func parseResolvConfFile(resolvConfFile string) (*resolvConf, error) {
-	rconf := &resolvConf{
-		searchDomains: make([]string, 0),
-		nameServers:   make([]string, 0),
-		others:        make([]string, 0),
-	}
-
-	file, err := os.Open(resolvConfFile)
-	if err != nil {
-		return rconf, fmt.Errorf("failed to open %s file: %w", resolvConfFile, err)
-	}
-	defer func() {
-		if err := file.Close(); err != nil {
-			log.Errorf("failed closing %s: %s", resolvConfFile, err)
-		}
-	}()
-
-	cur, err := os.ReadFile(resolvConfFile)
-	if err != nil {
-		return rconf, fmt.Errorf("failed to read %s file: %w", resolvConfFile, err)
-	}
-
-	if len(cur) == 0 {
-		return rconf, fmt.Errorf("file is empty")
-	}
-
-	for _, line := range strings.Split(string(cur), "\n") {
-		line = strings.TrimSpace(line)
-
-		if strings.HasPrefix(line, "#") {
-			continue
-		}
-
-		if strings.HasPrefix(line, "domain") {
-			continue
-		}
-
-		if strings.HasPrefix(line, "options") && strings.Contains(line, "rotate") {
-			line = strings.ReplaceAll(line, "rotate", "")
-			splitLines := strings.Fields(line)
-			if len(splitLines) == 1 {
-				continue
-			}
-			line = strings.Join(splitLines, " ")
-		}
-
-		if strings.HasPrefix(line, "search") {
-			splitLines := strings.Fields(line)
-			if len(splitLines) < 2 {
-				continue
-			}
-
-			rconf.searchDomains = splitLines[1:]
-			continue
-		}
-
-		if strings.HasPrefix(line, "nameserver") {
-			splitLines := strings.Fields(line)
-			if len(splitLines) != 2 {
-				continue
-			}
-			rconf.nameServers = append(rconf.nameServers, splitLines[1])
-			continue
-		}
-
-		if line != "" {
-			rconf.others = append(rconf.others, line)
-		}
-	}
-	return rconf, nil
-}
-
-// prepareOptionsWithTimeout appends timeout to existing options if it doesn't exist,
-// otherwise it adds a new option with timeout and attempts.
-func prepareOptionsWithTimeout(input []string, timeout int, attempts int) []string {
-	configs := make([]string, len(input))
-	copy(configs, input)
-
-	for i, config := range configs {
-		if strings.HasPrefix(config, "options") {
-			config = strings.ReplaceAll(config, "rotate", "")
-			config = strings.Join(strings.Fields(config), " ")
-
-			if strings.Contains(config, "timeout:") {
-				config = timeoutRegex.ReplaceAllString(config, fmt.Sprintf("timeout:%d", timeout))
-			} else {
-				config = strings.Replace(config, "options ", fmt.Sprintf("options timeout:%d ", timeout), 1)
-			}
-
-			if strings.Contains(config, "attempts:") {
-				config = attemptsRegex.ReplaceAllString(config, fmt.Sprintf("attempts:%d", attempts))
-			} else {
-				config = strings.Replace(config, "options ", fmt.Sprintf("options attempts:%d ", attempts), 1)
-			}
-
-			configs[i] = config
-			return configs
-		}
-	}
-
-	return append(configs, fmt.Sprintf("options timeout:%d attempts:%d", timeout, attempts))
-}
-
-// removeFirstNbNameserver removes the given nameserver from the given file if it is in the first position
-// and writes the file back to the original location
-func removeFirstNbNameserver(filename, nameserverIP string) error {
-	resolvConf, err := parseResolvConfFile(filename)
-	if err != nil {
-		return fmt.Errorf("parse backup resolv.conf: %w", err)
-	}
-	content, err := os.ReadFile(filename)
-	if err != nil {
-		return fmt.Errorf("read %s: %w", filename, err)
-	}
-
-	if len(resolvConf.nameServers) > 1 && resolvConf.nameServers[0] == nameserverIP {
-		newContent := strings.Replace(string(content), fmt.Sprintf("nameserver %s\n", nameserverIP), "", 1)
-
-		stat, err := os.Stat(filename)
-		if err != nil {
-			return fmt.Errorf("stat %s: %w", filename, err)
-		}
-		if err := os.WriteFile(filename, []byte(newContent), stat.Mode()); err != nil {
-			return fmt.Errorf("write %s: %w", filename, err)
-		}
-
-	}
-
-	return nil
-}
--- a/client/internal/dns/file_parser_unix_test.go
+++ b/client/internal/dns/file_parser_unix_test.go
@@ -1,304 +0,0 @@
-//go:build (linux && !android) || freebsd
-
-package dns
-
-import (
-	"os"
-	"path/filepath"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func Test_parseResolvConf(t *testing.T) {
-	testCases := []struct {
-		input          string
-		expectedSearch []string
-		expectedNS     []string
-		expectedOther  []string
-	}{
-		{
-			input: `domain example.org
-search example.org
-nameserver 192.168.0.1
-`,
-			expectedSearch: []string{"example.org"},
-			expectedNS:     []string{"192.168.0.1"},
-			expectedOther:  []string{},
-		},
-		{
-			input: `# This is /run/systemd/resolve/resolv.conf managed by man:systemd-resolved(8).
-# Do not edit.
-#
-# This file might be symlinked as /etc/resolv.conf. If you're looking at
-# /etc/resolv.conf and seeing this text, you have followed the symlink.
-#
-# This is a dynamic resolv.conf file for connecting local clients directly to
-# all known uplink DNS servers. This file lists all configured search domains.
-#
-# Third party programs should typically not access this file directly, but only
-# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
-# different way, replace this symlink by a static file or a different symlink.
-#
-# See man:systemd-resolved.service(8) for details about the supported modes of
-# operation for /etc/resolv.conf.
-
-nameserver 192.168.2.1
-nameserver 100.81.99.197
-search netbird.cloud
-`,
-			expectedSearch: []string{"netbird.cloud"},
-			expectedNS:     []string{"192.168.2.1", "100.81.99.197"},
-			expectedOther:  []string{},
-		},
-		{
-			input: `# This is /run/systemd/resolve/resolv.conf managed by man:systemd-resolved(8).
-# Do not edit.
-#
-# This file might be symlinked as /etc/resolv.conf. If you're looking at
-# /etc/resolv.conf and seeing this text, you have followed the symlink.
-#
-# This is a dynamic resolv.conf file for connecting local clients directly to
-# all known uplink DNS servers. This file lists all configured search domains.
-#
-# Third party programs should typically not access this file directly, but only
-# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
-# different way, replace this symlink by a static file or a different symlink.
-#
-# See man:systemd-resolved.service(8) for details about the supported modes of
-# operation for /etc/resolv.conf.
-
-nameserver 192.168.2.1
-nameserver 100.81.99.197
-search netbird.cloud
-options debug
-`,
-			expectedSearch: []string{"netbird.cloud"},
-			expectedNS:     []string{"192.168.2.1", "100.81.99.197"},
-			expectedOther:  []string{"options debug"},
-		},
-	}
-
-	for _, testCase := range testCases {
-		testCase := testCase
-		t.Run("test", func(t *testing.T) {
-			t.Parallel()
-			tmpResolvConf := filepath.Join(t.TempDir(), "resolv.conf")
-			err := os.WriteFile(tmpResolvConf, []byte(testCase.input), 0644)
-			if err != nil {
-				t.Fatal(err)
-			}
-			cfg, err := parseResolvConfFile(tmpResolvConf)
-			if err != nil {
-				t.Fatal(err)
-			}
-			ok := compareLists(cfg.searchDomains, testCase.expectedSearch)
-			if !ok {
-				t.Errorf("invalid parse result for search domains, expected: %v, got: %v", testCase.expectedSearch, cfg.searchDomains)
-			}
-
-			ok = compareLists(cfg.nameServers, testCase.expectedNS)
-			if !ok {
-				t.Errorf("invalid parse result for ns domains, expected: %v, got: %v", testCase.expectedNS, cfg.nameServers)
-			}
-
-			ok = compareLists(cfg.others, testCase.expectedOther)
-			if !ok {
-				t.Errorf("invalid parse result for others, expected: %v, got: %v", testCase.expectedOther, cfg.others)
-			}
-		})
-	}
-
-}
-
-func compareLists(search []string, search2 []string) bool {
-	if len(search) != len(search2) {
-		return false
-	}
-	for i, v := range search {
-		if v != search2[i] {
-			return false
-		}
-	}
-	return true
-}
-
-func Test_emptyFile(t *testing.T) {
-	cfg, err := parseResolvConfFile("/tmp/nothing")
-	if err == nil {
-		t.Errorf("expected error, got nil")
-	}
-	if len(cfg.others) != 0 || len(cfg.searchDomains) != 0 || len(cfg.nameServers) != 0 {
-		t.Errorf("expected empty config, got %v", cfg)
-	}
-}
-
-func Test_symlink(t *testing.T) {
-	input := `# This is /run/systemd/resolve/resolv.conf managed by man:systemd-resolved(8).
-# Do not edit.
-#
-# This file might be symlinked as /etc/resolv.conf. If you're looking at
-# /etc/resolv.conf and seeing this text, you have followed the symlink.
-#
-# This is a dynamic resolv.conf file for connecting local clients directly to
-# all known uplink DNS servers. This file lists all configured search domains.
-#
-# Third party programs should typically not access this file directly, but only
-# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
-# different way, replace this symlink by a static file or a different symlink.
-#
-# See man:systemd-resolved.service(8) for details about the supported modes of
-# operation for /etc/resolv.conf.
-
-nameserver 192.168.0.1
-`
-
-	tmpResolvConf := filepath.Join(t.TempDir(), "resolv.conf")
-	err := os.WriteFile(tmpResolvConf, []byte(input), 0644)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	tmpLink := filepath.Join(t.TempDir(), "symlink")
-	err = os.Symlink(tmpResolvConf, tmpLink)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	cfg, err := parseResolvConfFile(tmpLink)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if len(cfg.nameServers) != 1 {
-		t.Errorf("unexpected resolv.conf content: %v", cfg)
-	}
-}
-
-func TestPrepareOptionsWithTimeout(t *testing.T) {
-	tests := []struct {
-		name     string
-		others   []string
-		timeout  int
-		attempts int
-		expected []string
-	}{
-		{
-			name:     "Append new options with timeout and attempts",
-			others:   []string{"some config"},
-			timeout:  2,
-			attempts: 2,
-			expected: []string{"some config", "options timeout:2 attempts:2"},
-		},
-		{
-			name:     "Modify existing options to exclude rotate and include timeout and attempts",
-			others:   []string{"some config", "options rotate someother"},
-			timeout:  3,
-			attempts: 2,
-			expected: []string{"some config", "options attempts:2 timeout:3 someother"},
-		},
-		{
-			name:     "Existing options with timeout and attempts are updated",
-			others:   []string{"some config", "options timeout:4 attempts:3"},
-			timeout:  5,
-			attempts: 4,
-			expected: []string{"some config", "options timeout:5 attempts:4"},
-		},
-		{
-			name:     "Modify existing options, add missing attempts before timeout",
-			others:   []string{"some config", "options timeout:4"},
-			timeout:  4,
-			attempts: 3,
-			expected: []string{"some config", "options attempts:3 timeout:4"},
-		},
-	}
-
-	for _, tc := range tests {
-		t.Run(tc.name, func(t *testing.T) {
-			result := prepareOptionsWithTimeout(tc.others, tc.timeout, tc.attempts)
-			assert.Equal(t, tc.expected, result)
-		})
-	}
-}
-
-func TestRemoveFirstNbNameserver(t *testing.T) {
-	testCases := []struct {
-		name       string
-		content    string
-		ipToRemove string
-		expected   string
-	}{
-		{
-			name: "Unrelated nameservers with comments and options",
-			content: `# This is a comment
-options rotate
-nameserver 1.1.1.1
-# Another comment
-nameserver 8.8.4.4
-search example.com`,
-			ipToRemove: "9.9.9.9",
-			expected: `# This is a comment
-options rotate
-nameserver 1.1.1.1
-# Another comment
-nameserver 8.8.4.4
-search example.com`,
-		},
-		{
-			name: "First nameserver matches",
-			content: `search example.com
-nameserver 9.9.9.9
-# oof, a comment
-nameserver 8.8.4.4
-options attempts:5`,
-			ipToRemove: "9.9.9.9",
-			expected: `search example.com
-# oof, a comment
-nameserver 8.8.4.4
-options attempts:5`,
-		},
-		{
-			name: "Target IP not the first nameserver",
-			// nolint:dupword
-			content: `# Comment about the first nameserver
-nameserver 8.8.4.4
-# Comment before our target
-nameserver 9.9.9.9
-options timeout:2`,
-			ipToRemove: "9.9.9.9",
-			// nolint:dupword
-			expected: `# Comment about the first nameserver
-nameserver 8.8.4.4
-# Comment before our target
-nameserver 9.9.9.9
-options timeout:2`,
-		},
-		{
-			name: "Only nameserver matches",
-			content: `options debug
-nameserver 9.9.9.9
-search localdomain`,
-			ipToRemove: "9.9.9.9",
-			expected: `options debug
-nameserver 9.9.9.9
-search localdomain`,
-		},
-	}
-
-	for _, tc := range testCases {
-		t.Run(tc.name, func(t *testing.T) {
-			tempDir := t.TempDir()
-			tempFile := filepath.Join(tempDir, "resolv.conf")
-			err := os.WriteFile(tempFile, []byte(tc.content), 0644)
-			assert.NoError(t, err)
-
-			err = removeFirstNbNameserver(tempFile, tc.ipToRemove)
-			assert.NoError(t, err)
-
-			content, err := os.ReadFile(tempFile)
-			assert.NoError(t, err)
-
-			assert.Equal(t, tc.expected, string(content), "The resulting content should match the expected output.")
-		})
-	}
-}
--- a/client/internal/dns/file_repair_unix.go
+++ b/client/internal/dns/file_repair_unix.go
@@ -1,159 +0,0 @@
-//go:build (linux && !android) || freebsd
-
-package dns
-
-import (
-	"path"
-	"path/filepath"
-	"sync"
-
-	"github.com/fsnotify/fsnotify"
-	log "github.com/sirupsen/logrus"
-)
-
-var (
-	eventTypes = []fsnotify.Op{
-		fsnotify.Create,
-		fsnotify.Write,
-		fsnotify.Remove,
-		fsnotify.Rename,
-	}
-)
-
-type repairConfFn func([]string, string, *resolvConf) error
-
-type repair struct {
-	operationFile string
-	updateFn      repairConfFn
-	watchDir      string
-
-	inotify   *fsnotify.Watcher
-	inotifyWg sync.WaitGroup
-}
-
-func newRepair(operationFile string, updateFn repairConfFn) *repair {
-	targetFile := targetFile(operationFile)
-	return &repair{
-		operationFile: targetFile,
-		watchDir:      path.Dir(targetFile),
-		updateFn:      updateFn,
-	}
-}
-
-func (f *repair) watchFileChanges(nbSearchDomains []string, nbNameserverIP string) {
-	if f.inotify != nil {
-		return
-	}
-
-	log.Infof("start to watch resolv.conf: %s", f.operationFile)
-	inotify, err := fsnotify.NewWatcher()
-	if err != nil {
-		log.Errorf("failed to start inotify watcher for resolv.conf: %s", err)
-		return
-	}
-	f.inotify = inotify
-
-	f.inotifyWg.Add(1)
-	go func() {
-		defer f.inotifyWg.Done()
-		for event := range f.inotify.Events {
-			if !f.isEventRelevant(event) {
-				continue
-			}
-
-			log.Tracef("%s changed, check if it is broken", f.operationFile)
-
-			rConf, err := parseResolvConfFile(f.operationFile)
-			if err != nil {
-				log.Warnf("failed to parse resolv conf: %s", err)
-				continue
-			}
-
-			log.Debugf("check resolv.conf parameters: %s", rConf)
-			if !isNbParamsMissing(nbSearchDomains, nbNameserverIP, rConf) {
-				log.Tracef("resolv.conf still correct, skip the update")
-				continue
-			}
-			log.Info("broken params in resolv.conf, repairing it...")
-
-			err = f.inotify.Remove(f.watchDir)
-			if err != nil {
-				log.Errorf("failed to rm inotify watch for resolv.conf: %s", err)
-			}
-
-			err = f.updateFn(nbSearchDomains, nbNameserverIP, rConf)
-			if err != nil {
-				log.Errorf("failed to repair resolv.conf: %v", err)
-			}
-
-			err = f.inotify.Add(f.watchDir)
-			if err != nil {
-				log.Errorf("failed to re-add inotify watch for resolv.conf: %s", err)
-				return
-			}
-		}
-	}()
-
-	err = f.inotify.Add(f.watchDir)
-	if err != nil {
-		log.Errorf("failed to add inotify watch for resolv.conf: %s", err)
-		return
-	}
-}
-
-func (f *repair) stopWatchFileChanges() {
-	if f.inotify == nil {
-		return
-	}
-	err := f.inotify.Close()
-	if err != nil {
-		log.Warnf("failed to close resolv.conf inotify: %v", err)
-	}
-	f.inotifyWg.Wait()
-	f.inotify = nil
-}
-
-func (f *repair) isEventRelevant(event fsnotify.Event) bool {
-	var ok bool
-	for _, et := range eventTypes {
-		if event.Has(et) {
-			ok = true
-			break
-		}
-	}
-	if !ok {
-		return false
-	}
-
-	if event.Name == f.operationFile {
-		return true
-	}
-	return false
-}
-
-// nbParamsAreMissing checks if the resolv.conf file contains all the parameters that NetBird needs
-// check the NetBird related nameserver IP at the first place
-// check the NetBird related search domains in the search domains list
-func isNbParamsMissing(nbSearchDomains []string, nbNameserverIP string, rConf *resolvConf) bool {
-	if !isContains(nbSearchDomains, rConf.searchDomains) {
-		return true
-	}
-
-	if len(rConf.nameServers) == 0 {
-		return true
-	}
-
-	if rConf.nameServers[0] != nbNameserverIP {
-		return true
-	}
-
-	return false
-}
-
-func targetFile(filename string) string {
-	target, err := filepath.EvalSymlinks(filename)
-	if err != nil {
-		log.Errorf("evarl err: %s", err)
-	}
-	return target
-}
--- a/client/internal/dns/file_repair_unix_test.go
+++ b/client/internal/dns/file_repair_unix_test.go
@@ -1,175 +0,0 @@
-//go:build (linux && !android) || freebsd
-
-package dns
-
-import (
-	"context"
-	"os"
-	"path/filepath"
-	"testing"
-	"time"
-
-	"github.com/netbirdio/netbird/util"
-)
-
-func TestMain(m *testing.M) {
-	_ = util.InitLog("debug", "console")
-	code := m.Run()
-	os.Exit(code)
-}
-
-func Test_newRepairtmp(t *testing.T) {
-	type args struct {
-		resolvConfContent  string
-		touchedConfContent string
-		wantChange         bool
-	}
-	tests := []args{
-		{
-			resolvConfContent: `
-nameserver 10.0.0.1
-nameserver 8.8.8.8
-searchdomain netbird.cloud something`,
-
-			touchedConfContent: `
-nameserver 8.8.8.8
-searchdomain netbird.cloud something`,
-			wantChange: true,
-		},
-		{
-			resolvConfContent: `
-nameserver 10.0.0.1
-nameserver 8.8.8.8
-searchdomain netbird.cloud something`,
-
-			touchedConfContent: `
-nameserver 10.0.0.1
-nameserver 8.8.8.8
-searchdomain netbird.cloud something somethingelse`,
-			wantChange: false,
-		},
-		{
-			resolvConfContent: `
-nameserver 10.0.0.1
-nameserver 8.8.8.8
-searchdomain netbird.cloud something`,
-
-			touchedConfContent: `
-nameserver 10.0.0.1
-searchdomain netbird.cloud something`,
-			wantChange: false,
-		},
-		{
-			resolvConfContent: `
-nameserver 10.0.0.1
-nameserver 8.8.8.8
-searchdomain netbird.cloud something`,
-
-			touchedConfContent: `
-searchdomain something`,
-			wantChange: true,
-		},
-		{
-			resolvConfContent: `
-nameserver 10.0.0.1
-nameserver 8.8.8.8
-searchdomain netbird.cloud something`,
-
-			touchedConfContent: `
-nameserver 10.0.0.1`,
-			wantChange: true,
-		},
-		{
-			resolvConfContent: `
-nameserver 10.0.0.1
-nameserver 8.8.8.8
-searchdomain netbird.cloud something`,
-
-			touchedConfContent: `
-nameserver 8.8.8.8`,
-			wantChange: true,
-		},
-	}
-
-	for _, tt := range tests {
-		tt := tt
-		t.Run("test", func(t *testing.T) {
-			t.Parallel()
-			workDir := t.TempDir()
-			operationFile := workDir + "/resolv.conf"
-			err := os.WriteFile(operationFile, []byte(tt.resolvConfContent), 0755)
-			if err != nil {
-				t.Fatalf("failed to write out resolv.conf: %s", err)
-			}
-
-			var changed bool
-			ctx, cancel := context.WithTimeout(context.Background(), time.Second)
-			updateFn := func([]string, string, *resolvConf) error {
-				changed = true
-				cancel()
-				return nil
-			}
-
-			r := newRepair(operationFile, updateFn)
-			r.watchFileChanges([]string{"netbird.cloud"}, "10.0.0.1")
-
-			err = os.WriteFile(operationFile, []byte(tt.touchedConfContent), 0755)
-			if err != nil {
-				t.Fatalf("failed to write out resolv.conf: %s", err)
-			}
-
-			<-ctx.Done()
-
-			r.stopWatchFileChanges()
-
-			if changed != tt.wantChange {
-				t.Errorf("unexpected result: want: %v, got: %v", tt.wantChange, changed)
-			}
-		})
-	}
-}
-
-func Test_newRepairSymlink(t *testing.T) {
-	resolvConfContent := `
-nameserver 10.0.0.1
-nameserver 8.8.8.8
-searchdomain netbird.cloud something`
-
-	modifyContent := `nameserver 8.8.8.8`
-
-	tmpResolvConf := filepath.Join(t.TempDir(), "resolv.conf")
-	err := os.WriteFile(tmpResolvConf, []byte(resolvConfContent), 0644)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	tmpLink := filepath.Join(t.TempDir(), "symlink")
-	err = os.Symlink(tmpResolvConf, tmpLink)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	var changed bool
-	ctx, cancel := context.WithTimeout(context.Background(), time.Second)
-	updateFn := func([]string, string, *resolvConf) error {
-		changed = true
-		cancel()
-		return nil
-	}
-
-	r := newRepair(tmpLink, updateFn)
-	r.watchFileChanges([]string{"netbird.cloud"}, "10.0.0.1")
-
-	err = os.WriteFile(tmpLink, []byte(modifyContent), 0755)
-	if err != nil {
-		t.Fatalf("failed to write out resolv.conf: %s", err)
-	}
-
-	<-ctx.Done()
-
-	r.stopWatchFileChanges()
-
-	if changed != true {
-		t.Errorf("unexpected result: want: %v, got: %v", true, false)
-	}
-}
--- a/client/internal/dns/file_unix.go
+++ b/client/internal/dns/file_unix.go
@@ -1,329 +0,0 @@
-//go:build (linux && !android) || freebsd
-
-package dns
-
-import (
-	"bytes"
-	"fmt"
-	"net/netip"
-	"os"
-	"strings"
-	"time"
-
-	log "github.com/sirupsen/logrus"
-)
-
-const (
-	fileGeneratedResolvConfContentHeader         = "# Generated by NetBird"
-	fileGeneratedResolvConfContentHeaderNextLine = fileGeneratedResolvConfContentHeader + `
-# If needed you can restore the original file by copying back ` + fileDefaultResolvConfBackupLocation + "\n\n"
-
-	fileDefaultResolvConfBackupLocation = defaultResolvConfPath + ".original.netbird"
-
-	fileMaxLineCharsLimit        = 256
-	fileMaxNumberOfSearchDomains = 6
-)
-
-const (
-	dnsFailoverTimeout  = 4 * time.Second
-	dnsFailoverAttempts = 1
-)
-
-type fileConfigurator struct {
-	repair *repair
-
-	originalPerms  os.FileMode
-	nbNameserverIP string
-}
-
-func newFileConfigurator() (hostManager, error) {
-	fc := &fileConfigurator{}
-	fc.repair = newRepair(defaultResolvConfPath, fc.updateConfig)
-	return fc, nil
-}
-
-func (f *fileConfigurator) supportCustomPort() bool {
-	return false
-}
-
-func (f *fileConfigurator) applyDNSConfig(config HostDNSConfig) error {
-	backupFileExist := f.isBackupFileExist()
-	if !config.RouteAll {
-		if backupFileExist {
-			f.repair.stopWatchFileChanges()
-			err := f.restore()
-			if err != nil {
-				return fmt.Errorf("restoring the original resolv.conf file return err: %w", err)
-			}
-		}
-		return fmt.Errorf("unable to configure DNS for this peer using file manager without a nameserver group with all domains configured")
-	}
-
-	if !backupFileExist {
-		err := f.backup()
-		if err != nil {
-			return fmt.Errorf("unable to backup the resolv.conf file: %w", err)
-		}
-	}
-
-	nbSearchDomains := searchDomains(config)
-	f.nbNameserverIP = config.ServerIP
-
-	resolvConf, err := parseBackupResolvConf()
-	if err != nil {
-		log.Errorf("could not read original search domains from %s: %s", fileDefaultResolvConfBackupLocation, err)
-	}
-
-	f.repair.stopWatchFileChanges()
-
-	err = f.updateConfig(nbSearchDomains, f.nbNameserverIP, resolvConf)
-	if err != nil {
-		return err
-	}
-	f.repair.watchFileChanges(nbSearchDomains, f.nbNameserverIP)
-	return nil
-}
-
-func (f *fileConfigurator) updateConfig(nbSearchDomains []string, nbNameserverIP string, cfg *resolvConf) error {
-	searchDomainList := mergeSearchDomains(nbSearchDomains, cfg.searchDomains)
-	nameServers := generateNsList(nbNameserverIP, cfg)
-
-	options := prepareOptionsWithTimeout(cfg.others, int(dnsFailoverTimeout.Seconds()), dnsFailoverAttempts)
-	buf := prepareResolvConfContent(
-		searchDomainList,
-		nameServers,
-		options)
-
-	log.Debugf("creating managed file %s", defaultResolvConfPath)
-	err := os.WriteFile(defaultResolvConfPath, buf.Bytes(), f.originalPerms)
-	if err != nil {
-		restoreErr := f.restore()
-		if restoreErr != nil {
-			log.Errorf("attempt to restore default file failed with error: %s", err)
-		}
-		return fmt.Errorf("creating resolver file %s. Error: %w", defaultResolvConfPath, err)
-	}
-
-	log.Infof("created a NetBird managed %s file with the DNS settings. Added %d search domains. Search list: %s", defaultResolvConfPath, len(searchDomainList), searchDomainList)
-
-	// create another backup for unclean shutdown detection right after overwriting the original resolv.conf
-	if err := createUncleanShutdownIndicator(fileDefaultResolvConfBackupLocation, fileManager, nbNameserverIP); err != nil {
-		log.Errorf("failed to create unclean shutdown resolv.conf backup: %s", err)
-	}
-
-	return nil
-}
-
-func (f *fileConfigurator) restoreHostDNS() error {
-	f.repair.stopWatchFileChanges()
-	return f.restore()
-}
-
-func (f *fileConfigurator) backup() error {
-	stats, err := os.Stat(defaultResolvConfPath)
-	if err != nil {
-		return fmt.Errorf("checking stats for %s file. Error: %w", defaultResolvConfPath, err)
-	}
-
-	f.originalPerms = stats.Mode()
-
-	err = copyFile(defaultResolvConfPath, fileDefaultResolvConfBackupLocation)
-	if err != nil {
-		return fmt.Errorf("backing up %s: %w", defaultResolvConfPath, err)
-	}
-	return nil
-}
-
-func (f *fileConfigurator) restore() error {
-	err := removeFirstNbNameserver(fileDefaultResolvConfBackupLocation, f.nbNameserverIP)
-	if err != nil {
-		log.Errorf("Failed to remove netbird nameserver from %s on backup restore: %s", fileDefaultResolvConfBackupLocation, err)
-	}
-
-	err = copyFile(fileDefaultResolvConfBackupLocation, defaultResolvConfPath)
-	if err != nil {
-		return fmt.Errorf("restoring %s from %s: %w", defaultResolvConfPath, fileDefaultResolvConfBackupLocation, err)
-	}
-
-	if err := removeUncleanShutdownIndicator(); err != nil {
-		log.Errorf("failed to remove unclean shutdown resolv.conf backup: %s", err)
-	}
-
-	return os.RemoveAll(fileDefaultResolvConfBackupLocation)
-}
-
-func (f *fileConfigurator) restoreUncleanShutdownDNS(storedDNSAddress *netip.Addr) error {
-	resolvConf, err := parseDefaultResolvConf()
-	if err != nil {
-		return fmt.Errorf("parse current resolv.conf: %w", err)
-	}
-
-	// no current nameservers set -> restore
-	if len(resolvConf.nameServers) == 0 {
-		return restoreResolvConfFile()
-	}
-
-	currentDNSAddress, err := netip.ParseAddr(resolvConf.nameServers[0])
-	// not a valid first nameserver -> restore
-	if err != nil {
-		log.Errorf("restoring unclean shutdown: parse dns address %s failed: %s", resolvConf.nameServers[0], err)
-		return restoreResolvConfFile()
-	}
-
-	// current address is still netbird's non-available dns address -> restore
-	// comparing parsed addresses only, to remove ambiguity
-	if currentDNSAddress.String() == storedDNSAddress.String() {
-		return restoreResolvConfFile()
-	}
-
-	log.Info("restoring unclean shutdown: first current nameserver differs from saved nameserver pre-netbird: not restoring")
-	return nil
-}
-
-func (f *fileConfigurator) isBackupFileExist() bool {
-	_, err := os.Stat(fileDefaultResolvConfBackupLocation)
-	return err == nil
-}
-
-func restoreResolvConfFile() error {
-	log.Debugf("restoring unclean shutdown: restoring %s from %s", defaultResolvConfPath, fileUncleanShutdownResolvConfLocation)
-
-	if err := copyFile(fileUncleanShutdownResolvConfLocation, defaultResolvConfPath); err != nil {
-		return fmt.Errorf("restoring %s from %s: %w", defaultResolvConfPath, fileUncleanShutdownResolvConfLocation, err)
-	}
-
-	if err := removeUncleanShutdownIndicator(); err != nil {
-		log.Errorf("failed to remove unclean shutdown resolv.conf file: %s", err)
-	}
-
-	return nil
-}
-
-// generateNsList generates a list of nameservers from the config and adds the primary nameserver to the beginning of the list
-func generateNsList(nbNameserverIP string, cfg *resolvConf) []string {
-	ns := make([]string, 1, len(cfg.nameServers)+1)
-	ns[0] = nbNameserverIP
-	for _, cfgNs := range cfg.nameServers {
-		if nbNameserverIP != cfgNs {
-			ns = append(ns, cfgNs)
-		}
-	}
-	return ns
-}
-
-func prepareResolvConfContent(searchDomains, nameServers, others []string) bytes.Buffer {
-	var buf bytes.Buffer
-	buf.WriteString(fileGeneratedResolvConfContentHeaderNextLine)
-
-	for _, cfgLine := range others {
-		buf.WriteString(cfgLine)
-		buf.WriteString("\n")
-	}
-
-	if len(searchDomains) > 0 {
-		buf.WriteString("search ")
-		buf.WriteString(strings.Join(searchDomains, " "))
-		buf.WriteString("\n")
-	}
-
-	for _, ns := range nameServers {
-		buf.WriteString("nameserver ")
-		buf.WriteString(ns)
-		buf.WriteString("\n")
-	}
-	return buf
-}
-
-func searchDomains(config HostDNSConfig) []string {
-	listOfDomains := make([]string, 0)
-	for _, dConf := range config.Domains {
-		if dConf.MatchOnly || dConf.Disabled {
-			continue
-		}
-
-		listOfDomains = append(listOfDomains, dConf.Domain)
-	}
-	return listOfDomains
-}
-
-// merge search Domains lists and cut off the list if it is too long
-func mergeSearchDomains(searchDomains []string, originalSearchDomains []string) []string {
-	lineSize := len("search")
-	searchDomainsList := make([]string, 0, len(searchDomains)+len(originalSearchDomains))
-
-	lineSize = validateAndFillSearchDomains(lineSize, &searchDomainsList, searchDomains)
-	_ = validateAndFillSearchDomains(lineSize, &searchDomainsList, originalSearchDomains)
-
-	return searchDomainsList
-}
-
-// validateAndFillSearchDomains checks if the search Domains list is not too long and if the line is not too long
-// extend s slice with vs elements
-// return with the number of characters in the searchDomains line
-func validateAndFillSearchDomains(initialLineChars int, s *[]string, vs []string) int {
-	for _, sd := range vs {
-		duplicated := false
-		for _, fs := range *s {
-			if fs == sd {
-				duplicated = true
-				break
-			}
-
-		}
-
-		if duplicated {
-			continue
-		}
-
-		tmpCharsNumber := initialLineChars + 1 + len(sd)
-		if tmpCharsNumber > fileMaxLineCharsLimit {
-			// lets log all skipped Domains
-			log.Infof("search list line is larger than %d characters. Skipping append of %s domain", fileMaxLineCharsLimit, sd)
-			continue
-		}
-
-		initialLineChars = tmpCharsNumber
-
-		if len(*s) >= fileMaxNumberOfSearchDomains {
-			// lets log all skipped Domains
-			log.Infof("already appended %d domains to search list. Skipping append of %s domain", fileMaxNumberOfSearchDomains, sd)
-			continue
-		}
-		*s = append(*s, sd)
-	}
-
-	return initialLineChars
-}
-
-func copyFile(src, dest string) error {
-	stats, err := os.Stat(src)
-	if err != nil {
-		return fmt.Errorf("checking stats for %s file when copying it. Error: %s", src, err)
-	}
-
-	bytesRead, err := os.ReadFile(src)
-	if err != nil {
-		return fmt.Errorf("reading the file %s file for copy. Error: %s", src, err)
-	}
-
-	err = os.WriteFile(dest, bytesRead, stats.Mode())
-	if err != nil {
-		return fmt.Errorf("writing the destination file %s for copy. Error: %s", dest, err)
-	}
-	return nil
-}
-
-func isContains(subList []string, list []string) bool {
-	for _, sl := range subList {
-		var found bool
-		for _, l := range list {
-			if sl == l {
-				found = true
-			}
-		}
-		if !found {
-			return false
-		}
-	}
-	return true
-}
--- a/client/internal/dns/host.go
+++ b/client/internal/dns/host.go
@@ -2,40 +2,37 @@ package dns

 import (
 	"fmt"
-	"net/netip"
 	"strings"

 	nbdns "github.com/netbirdio/netbird/dns"
 )

 type hostManager interface {
-	applyDNSConfig(config HostDNSConfig) error
+	applyDNSConfig(config hostDNSConfig) error
 	restoreHostDNS() error
 	supportCustomPort() bool
-	restoreUncleanShutdownDNS(storedDNSAddress *netip.Addr) error
 }

-type HostDNSConfig struct {
-	Domains    []DomainConfig `json:"domains"`
-	RouteAll   bool           `json:"routeAll"`
-	ServerIP   string         `json:"serverIP"`
-	ServerPort int            `json:"serverPort"`
+type hostDNSConfig struct {
+	domains    []domainConfig
+	routeAll   bool
+	serverIP   string
+	serverPort int
 }

-type DomainConfig struct {
-	Disabled  bool   `json:"disabled"`
-	Domain    string `json:"domain"`
-	MatchOnly bool   `json:"matchOnly"`
+type domainConfig struct {
+	disabled  bool
+	domain    string
+	matchOnly bool
 }

 type mockHostConfigurator struct {
-	applyDNSConfigFunc            func(config HostDNSConfig) error
-	restoreHostDNSFunc            func() error
-	supportCustomPortFunc         func() bool
-	restoreUncleanShutdownDNSFunc func(*netip.Addr) error
+	applyDNSConfigFunc    func(config hostDNSConfig) error
+	restoreHostDNSFunc    func() error
+	supportCustomPortFunc func() bool
 }

-func (m *mockHostConfigurator) applyDNSConfig(config HostDNSConfig) error {
+func (m *mockHostConfigurator) applyDNSConfig(config hostDNSConfig) error {
 	if m.applyDNSConfigFunc != nil {
 		return m.applyDNSConfigFunc(config)
 	}
@@ -56,48 +53,40 @@ func (m *mockHostConfigurator) supportCustomPort() bool {
 	return false
 }

-func (m *mockHostConfigurator) restoreUncleanShutdownDNS(storedDNSAddress *netip.Addr) error {
-	if m.restoreUncleanShutdownDNSFunc != nil {
-		return m.restoreUncleanShutdownDNSFunc(storedDNSAddress)
-	}
-	return fmt.Errorf("method restoreUncleanShutdownDNS is not implemented")
-}
-
 func newNoopHostMocker() hostManager {
 	return &mockHostConfigurator{
-		applyDNSConfigFunc:            func(config HostDNSConfig) error { return nil },
-		restoreHostDNSFunc:            func() error { return nil },
-		supportCustomPortFunc:         func() bool { return true },
-		restoreUncleanShutdownDNSFunc: func(*netip.Addr) error { return nil },
+		applyDNSConfigFunc:    func(config hostDNSConfig) error { return nil },
+		restoreHostDNSFunc:    func() error { return nil },
+		supportCustomPortFunc: func() bool { return true },
 	}
 }

-func dnsConfigToHostDNSConfig(dnsConfig nbdns.Config, ip string, port int) HostDNSConfig {
-	config := HostDNSConfig{
-		RouteAll:   false,
-		ServerIP:   ip,
-		ServerPort: port,
+func dnsConfigToHostDNSConfig(dnsConfig nbdns.Config, ip string, port int) hostDNSConfig {
+	config := hostDNSConfig{
+		routeAll:   false,
+		serverIP:   ip,
+		serverPort: port,
 	}
 	for _, nsConfig := range dnsConfig.NameServerGroups {
 		if len(nsConfig.NameServers) == 0 {
 			continue
 		}
 		if nsConfig.Primary {
-			config.RouteAll = true
+			config.routeAll = true
 		}

 		for _, domain := range nsConfig.Domains {
-			config.Domains = append(config.Domains, DomainConfig{
-				Domain:    strings.TrimSuffix(domain, "."),
-				MatchOnly: !nsConfig.SearchDomainsEnabled,
+			config.domains = append(config.domains, domainConfig{
+				domain:    strings.TrimSuffix(domain, "."),
+				matchOnly: !nsConfig.SearchDomainsEnabled,
 			})
 		}
 	}

 	for _, customZone := range dnsConfig.CustomZones {
-		config.Domains = append(config.Domains, DomainConfig{
-			Domain:    strings.TrimSuffix(customZone.Domain, "."),
-			MatchOnly: false,
+		config.domains = append(config.domains, domainConfig{
+			domain:    strings.TrimSuffix(customZone.Domain, "."),
+			matchOnly: false,
 		})
 	}

--- a/client/internal/dns/host_android.go
+++ b/client/internal/dns/host_android.go
@@ -1,15 +1,13 @@
 package dns

-import "net/netip"
-
 type androidHostManager struct {
 }

-func newHostManager() (hostManager, error) {
+func newHostManager(wgInterface WGIface) (hostManager, error) {
 	return &androidHostManager{}, nil
 }

-func (a androidHostManager) applyDNSConfig(config HostDNSConfig) error {
+func (a androidHostManager) applyDNSConfig(config hostDNSConfig) error {
 	return nil
 }

@@ -20,7 +18,3 @@ func (a androidHostManager) restoreHostDNS() error {
 func (a androidHostManager) supportCustomPort() bool {
 	return false
 }
-
-func (a androidHostManager) restoreUncleanShutdownDNS(*netip.Addr) error {
-	return nil
-}
--- a/client/internal/dns/host_darwin.go
+++ b/client/internal/dns/host_darwin.go
@@ -1,13 +1,9 @@
-//go:build !ios
-
 package dns

 import (
 	"bufio"
 	"bytes"
 	"fmt"
-	"io"
-	"net/netip"
 	"os/exec"
 	"strconv"
 	"strings"
@@ -36,7 +32,7 @@ type systemConfigurator struct {
 	createdKeys      map[string]struct{}
 }

-func newHostManager() (hostManager, error) {
+func newHostManager(_ WGIface) (hostManager, error) {
 	return &systemConfigurator{
 		createdKeys: make(map[string]struct{}),
 	}, nil
@@ -46,26 +42,21 @@ func (s *systemConfigurator) supportCustomPort() bool {
 	return true
 }

-func (s *systemConfigurator) applyDNSConfig(config HostDNSConfig) error {
+func (s *systemConfigurator) applyDNSConfig(config hostDNSConfig) error {
 	var err error

-	if config.RouteAll {
-		err = s.addDNSSetupForAll(config.ServerIP, config.ServerPort)
+	if config.routeAll {
+		err = s.addDNSSetupForAll(config.serverIP, config.serverPort)
 		if err != nil {
-			return fmt.Errorf("add dns setup for all: %w", err)
+			return err
 		}
 	} else if s.primaryServiceID != "" {
 		err = s.removeKeyFromSystemConfig(getKeyWithInput(primaryServiceSetupKeyFormat, s.primaryServiceID))
 		if err != nil {
-			return fmt.Errorf("remote key from system config: %w", err)
+			return err
 		}
 		s.primaryServiceID = ""
-		log.Infof("removed %s:%d as main DNS resolver for this peer", config.ServerIP, config.ServerPort)
-	}
-
-	// create a file for unclean shutdown detection
-	if err := createUncleanShutdownIndicator(); err != nil {
-		log.Errorf("failed to create unclean shutdown file: %s", err)
+		log.Infof("removed %s:%d as main DNS resolver for this peer", config.serverIP, config.serverPort)
 	}

 	var (
@@ -73,37 +64,37 @@ func (s *systemConfigurator) applyDNSConfig(config HostDNSConfig) error {
 		matchDomains  []string
 	)

-	for _, dConf := range config.Domains {
-		if dConf.Disabled {
+	for _, dConf := range config.domains {
+		if dConf.disabled {
 			continue
 		}
-		if dConf.MatchOnly {
-			matchDomains = append(matchDomains, dConf.Domain)
+		if dConf.matchOnly {
+			matchDomains = append(matchDomains, dConf.domain)
 			continue
 		}
-		searchDomains = append(searchDomains, dConf.Domain)
+		searchDomains = append(searchDomains, dConf.domain)
 	}

 	matchKey := getKeyWithInput(netbirdDNSStateKeyFormat, matchSuffix)
 	if len(matchDomains) != 0 {
-		err = s.addMatchDomains(matchKey, strings.Join(matchDomains, " "), config.ServerIP, config.ServerPort)
+		err = s.addMatchDomains(matchKey, strings.Join(matchDomains, " "), config.serverIP, config.serverPort)
 	} else {
 		log.Infof("removing match domains from the system")
 		err = s.removeKeyFromSystemConfig(matchKey)
 	}
 	if err != nil {
-		return fmt.Errorf("add match domains: %w", err)
+		return err
 	}

 	searchKey := getKeyWithInput(netbirdDNSStateKeyFormat, searchSuffix)
 	if len(searchDomains) != 0 {
-		err = s.addSearchDomains(searchKey, strings.Join(searchDomains, " "), config.ServerIP, config.ServerPort)
+		err = s.addSearchDomains(searchKey, strings.Join(searchDomains, " "), config.serverIP, config.serverPort)
 	} else {
 		log.Infof("removing search domains from the system")
 		err = s.removeKeyFromSystemConfig(searchKey)
 	}
 	if err != nil {
-		return fmt.Errorf("add search domains: %w", err)
+		return err
 	}

 	return nil
@@ -126,11 +117,7 @@ func (s *systemConfigurator) restoreHostDNS() error {
 	_, err := runSystemConfigCommand(wrapCommand(lines))
 	if err != nil {
 		log.Errorf("got an error while cleaning the system configuration: %s", err)
-		return fmt.Errorf("clean system: %w", err)
-	}
-
-	if err := removeUncleanShutdownIndicator(); err != nil {
-		log.Errorf("failed to remove unclean shutdown file: %s", err)
+		return err
 	}

 	return nil
@@ -140,7 +127,7 @@ func (s *systemConfigurator) removeKeyFromSystemConfig(key string) error {
 	line := buildRemoveKeyOperation(key)
 	_, err := runSystemConfigCommand(wrapCommand(line))
 	if err != nil {
-		return fmt.Errorf("remove key: %w", err)
+		return err
 	}

 	delete(s.createdKeys, key)
@@ -151,7 +138,7 @@ func (s *systemConfigurator) removeKeyFromSystemConfig(key string) error {
 func (s *systemConfigurator) addSearchDomains(key, domains string, ip string, port int) error {
 	err := s.addDNSState(key, domains, ip, port, true)
 	if err != nil {
-		return fmt.Errorf("add dns state: %w", err)
+		return err
 	}

 	log.Infof("added %d search domains to the state. Domain list: %s", len(strings.Split(domains, " ")), domains)
@@ -164,7 +151,7 @@ func (s *systemConfigurator) addSearchDomains(key, domains string, ip string, po
 func (s *systemConfigurator) addMatchDomains(key, domains, dnsServer string, port int) error {
 	err := s.addDNSState(key, domains, dnsServer, port, false)
 	if err != nil {
-		return fmt.Errorf("add dns state: %w", err)
+		return err
 	}

 	log.Infof("added %d match domains to the state. Domain list: %s", len(strings.Split(domains, " ")), domains)
@@ -189,37 +176,33 @@ func (s *systemConfigurator) addDNSState(state, domains, dnsServer string, port

 	_, err := runSystemConfigCommand(stdinCommands)
 	if err != nil {
-		return fmt.Errorf("applying state for domains %s, error: %w", domains, err)
+		return fmt.Errorf("got error while applying state for domains %s, error: %s", domains, err)
 	}
 	return nil
 }

 func (s *systemConfigurator) addDNSSetupForAll(dnsServer string, port int) error {
-	primaryServiceKey, existingNameserver, err := s.getPrimaryService()
-	if err != nil || primaryServiceKey == "" {
-		return fmt.Errorf("couldn't find the primary service key: %w", err)
+	primaryServiceKey, existingNameserver := s.getPrimaryService()
+	if primaryServiceKey == "" {
+		return fmt.Errorf("couldn't find the primary service key")
 	}
-
-	err = s.addDNSSetup(getKeyWithInput(primaryServiceSetupKeyFormat, primaryServiceKey), dnsServer, port, existingNameserver)
+	err := s.addDNSSetup(getKeyWithInput(primaryServiceSetupKeyFormat, primaryServiceKey), dnsServer, port, existingNameserver)
 	if err != nil {
-		return fmt.Errorf("add dns setup: %w", err)
+		return err
 	}
-
 	log.Infof("configured %s:%d as main DNS resolver for this peer", dnsServer, port)
 	s.primaryServiceID = primaryServiceKey
-
 	return nil
 }

-func (s *systemConfigurator) getPrimaryService() (string, string, error) {
+func (s *systemConfigurator) getPrimaryService() (string, string) {
 	line := buildCommandLine("show", globalIPv4State, "")
 	stdinCommands := wrapCommand(line)
-
 	b, err := runSystemConfigCommand(stdinCommands)
 	if err != nil {
-		return "", "", fmt.Errorf("sending the command: %w", err)
+		log.Error("got error while sending the command: ", err)
+		return "", ""
 	}
-
 	scanner := bufio.NewScanner(bytes.NewReader(b))
 	primaryService := ""
 	router := ""
@@ -232,11 +215,7 @@ func (s *systemConfigurator) getPrimaryService() (string, string, error) {
 			router = strings.TrimSpace(strings.Split(text, ":")[1])
 		}
 	}
-	if err := scanner.Err(); err != nil && err != io.EOF {
-		return primaryService, router, fmt.Errorf("scan: %w", err)
-	}
-
-	return primaryService, router, nil
+	return primaryService, router
 }

 func (s *systemConfigurator) addDNSSetup(setupKey, dnsServer string, port int, existingDNSServer string) error {
@@ -247,14 +226,7 @@ func (s *systemConfigurator) addDNSSetup(setupKey, dnsServer string, port int, e
 	stdinCommands := wrapCommand(addDomainCommand)
 	_, err := runSystemConfigCommand(stdinCommands)
 	if err != nil {
-		return fmt.Errorf("applying dns setup, error: %w", err)
-	}
-	return nil
-}
-
-func (s *systemConfigurator) restoreUncleanShutdownDNS(*netip.Addr) error {
-	if err := s.restoreHostDNS(); err != nil {
-		return fmt.Errorf("restoring dns via scutil: %w", err)
+		return fmt.Errorf("got error while applying dns setup, error: %s", err)
 	}
 	return nil
 }
@@ -292,7 +264,7 @@ func runSystemConfigCommand(command string) ([]byte, error) {
 	cmd.Stdin = strings.NewReader(command)
 	out, err := cmd.Output()
 	if err != nil {
-		return nil, fmt.Errorf("running system configuration command: \"%s\", error: %w", command, err)
+		return nil, fmt.Errorf("got error while running system configuration command: \"%s\", error: %s", command, err)
 	}
 	return out, nil
 }
--- a/client/internal/dns/host_ios.go
+++ b/client/internal/dns/host_ios.go
@@ -1,43 +0,0 @@
-package dns
-
-import (
-	"encoding/json"
-	"fmt"
-	"net/netip"
-
-	log "github.com/sirupsen/logrus"
-)
-
-type iosHostManager struct {
-	dnsManager IosDnsManager
-	config     HostDNSConfig
-}
-
-func newHostManager(dnsManager IosDnsManager) (hostManager, error) {
-	return &iosHostManager{
-		dnsManager: dnsManager,
-	}, nil
-}
-
-func (a iosHostManager) applyDNSConfig(config HostDNSConfig) error {
-	jsonData, err := json.Marshal(config)
-	if err != nil {
-		return fmt.Errorf("marshal: %w", err)
-	}
-	jsonString := string(jsonData)
-	log.Debugf("Applying DNS settings: %s", jsonString)
-	a.dnsManager.ApplyDns(jsonString)
-	return nil
-}
-
-func (a iosHostManager) restoreHostDNS() error {
-	return nil
-}
-
-func (a iosHostManager) supportCustomPort() bool {
-	return false
-}
-
-func (a iosHostManager) restoreUncleanShutdownDNS(*netip.Addr) error {
-	return nil
-}
--- a/client/internal/dns/host_linux.go
+++ b/client/internal/dns/host_linux.go
@@ -0,0 +1,105 @@
+//go:build !android
+
+package dns
+
+import (
+	"bufio"
+	"fmt"
+	"os"
+	"strings"
+
+	log "github.com/sirupsen/logrus"
+)
+
+const (
+	defaultResolvConfPath = "/etc/resolv.conf"
+)
+
+const (
+	netbirdManager osManagerType = iota
+	fileManager
+	networkManager
+	systemdManager
+	resolvConfManager
+)
+
+type osManagerType int
+
+func (t osManagerType) String() string {
+	switch t {
+	case netbirdManager:
+		return "netbird"
+	case fileManager:
+		return "file"
+	case networkManager:
+		return "networkManager"
+	case systemdManager:
+		return "systemd"
+	case resolvConfManager:
+		return "resolvconf"
+	default:
+		return "unknown"
+	}
+}
+
+func newHostManager(wgInterface WGIface) (hostManager, error) {
+	osManager, err := getOSDNSManagerType()
+	if err != nil {
+		return nil, err
+	}
+
+	log.Debugf("discovered mode is: %s", osManager)
+	switch osManager {
+	case networkManager:
+		return newNetworkManagerDbusConfigurator(wgInterface)
+	case systemdManager:
+		return newSystemdDbusConfigurator(wgInterface)
+	case resolvConfManager:
+		return newResolvConfConfigurator(wgInterface)
+	default:
+		return newFileConfigurator()
+	}
+}
+
+func getOSDNSManagerType() (osManagerType, error) {
+
+	file, err := os.Open(defaultResolvConfPath)
+	if err != nil {
+		return 0, fmt.Errorf("unable to open %s for checking owner, got error: %s", defaultResolvConfPath, err)
+	}
+	defer file.Close()
+
+	scanner := bufio.NewScanner(file)
+	for scanner.Scan() {
+		text := scanner.Text()
+		if len(text) == 0 {
+			continue
+		}
+		if text[0] != '#' {
+			return fileManager, nil
+		}
+		if strings.Contains(text, fileGeneratedResolvConfContentHeader) {
+			return netbirdManager, nil
+		}
+		if strings.Contains(text, "NetworkManager") && isDbusListenerRunning(networkManagerDest, networkManagerDbusObjectNode) && isNetworkManagerSupported() {
+			return networkManager, nil
+		}
+		if strings.Contains(text, "systemd-resolved") && isDbusListenerRunning(systemdResolvedDest, systemdDbusObjectNode) {
+			return systemdManager, nil
+		}
+		if strings.Contains(text, "resolvconf") {
+			if isDbusListenerRunning(systemdResolvedDest, systemdDbusObjectNode) {
+				var value string
+				err = getSystemdDbusProperty(systemdDbusResolvConfModeProperty, &value)
+				if err == nil {
+					if value == systemdDbusResolvConfModeForeign {
+						return systemdManager, nil
+					}
+				}
+				log.Errorf("got an error while checking systemd resolv conf mode, error: %s", err)
+			}
+			return resolvConfManager, nil
+		}
+	}
+	return fileManager, nil
+}
--- a/client/internal/dns/host_unix.go
+++ b/client/internal/dns/host_unix.go
@@ -1,148 +0,0 @@
-//go:build (linux && !android) || freebsd
-
-package dns
-
-import (
-	"bufio"
-	"errors"
-	"fmt"
-	"io"
-	"os"
-	"strings"
-
-	log "github.com/sirupsen/logrus"
-)
-
-const (
-	netbirdManager osManagerType = iota
-	fileManager
-	networkManager
-	systemdManager
-	resolvConfManager
-)
-
-var ErrUnknownOsManagerType = errors.New("unknown os manager type")
-
-type osManagerType int
-
-func newOsManagerType(osManager string) (osManagerType, error) {
-	switch osManager {
-	case "netbird":
-		return fileManager, nil
-	case "file":
-		return netbirdManager, nil
-	case "networkManager":
-		return networkManager, nil
-	case "systemd":
-		return systemdManager, nil
-	case "resolvconf":
-		return resolvConfManager, nil
-	default:
-		return 0, ErrUnknownOsManagerType
-	}
-}
-
-func (t osManagerType) String() string {
-	switch t {
-	case netbirdManager:
-		return "netbird"
-	case fileManager:
-		return "file"
-	case networkManager:
-		return "networkManager"
-	case systemdManager:
-		return "systemd"
-	case resolvConfManager:
-		return "resolvconf"
-	default:
-		return "unknown"
-	}
-}
-
-func newHostManager(wgInterface string) (hostManager, error) {
-	osManager, err := getOSDNSManagerType()
-	if err != nil {
-		return nil, err
-	}
-
-	log.Infof("System DNS manager discovered: %s", osManager)
-	return newHostManagerFromType(wgInterface, osManager)
-}
-
-func newHostManagerFromType(wgInterface string, osManager osManagerType) (hostManager, error) {
-	switch osManager {
-	case networkManager:
-		return newNetworkManagerDbusConfigurator(wgInterface)
-	case systemdManager:
-		return newSystemdDbusConfigurator(wgInterface)
-	case resolvConfManager:
-		return newResolvConfConfigurator(wgInterface)
-	default:
-		return newFileConfigurator()
-	}
-}
-
-func getOSDNSManagerType() (osManagerType, error) {
-	file, err := os.Open(defaultResolvConfPath)
-	if err != nil {
-		return 0, fmt.Errorf("unable to open %s for checking owner, got error: %w", defaultResolvConfPath, err)
-	}
-	defer func() {
-		if err := file.Close(); err != nil {
-			log.Errorf("close file %s: %s", defaultResolvConfPath, err)
-		}
-	}()
-
-	scanner := bufio.NewScanner(file)
-	for scanner.Scan() {
-		text := scanner.Text()
-		if len(text) == 0 {
-			continue
-		}
-		if text[0] != '#' {
-			return fileManager, nil
-		}
-		if strings.Contains(text, fileGeneratedResolvConfContentHeader) {
-			return netbirdManager, nil
-		}
-		if strings.Contains(text, "NetworkManager") && isDbusListenerRunning(networkManagerDest, networkManagerDbusObjectNode) && isNetworkManagerSupported() {
-			return networkManager, nil
-		}
-		if strings.Contains(text, "systemd-resolved") && isSystemdResolvedRunning() {
-			if checkStub() {
-				return systemdManager, nil
-			} else {
-				return fileManager, nil
-			}
-		}
-		if strings.Contains(text, "resolvconf") {
-			if isSystemdResolveConfMode() {
-				return systemdManager, nil
-			}
-
-			return resolvConfManager, nil
-		}
-	}
-	if err := scanner.Err(); err != nil && err != io.EOF {
-		return 0, fmt.Errorf("scan: %w", err)
-	}
-
-	return fileManager, nil
-}
-
-// checkStub checks if the stub resolver is disabled in systemd-resolved. If it is disabled, we fall back to file manager.
-func checkStub() bool {
-	rConf, err := parseDefaultResolvConf()
-	if err != nil {
-		log.Warnf("failed to parse resolv conf: %s", err)
-		return true
-	}
-
-	for _, ns := range rConf.nameServers {
-		if ns == "127.0.0.53" {
-			return true
-		}
-	}
-
-	return false
-}
--- a/client/internal/dns/host_windows.go
+++ b/client/internal/dns/host_windows.go
@@ -2,8 +2,6 @@ package dns

 import (
 	"fmt"
-	"io"
-	"net/netip"
 	"strings"

 	log "github.com/sirupsen/logrus"
@@ -11,7 +9,7 @@ import (
 )

 const (
-	dnsPolicyConfigMatchPath            = `SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DnsPolicyConfig\NetBird-Match`
+	dnsPolicyConfigMatchPath            = "SYSTEM\\CurrentControlSet\\Services\\Dnscache\\Parameters\\DnsPolicyConfig\\NetBird-Match"
 	dnsPolicyConfigVersionKey           = "Version"
 	dnsPolicyConfigVersionValue         = 2
 	dnsPolicyConfigNameKey              = "Name"
@@ -21,7 +19,7 @@ const (
 )

 const (
-	interfaceConfigPath          = `SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces`
+	interfaceConfigPath          = "SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces"
 	interfaceConfigNameServerKey = "NameServer"
 	interfaceConfigSearchListKey = "SearchList"
 )
@@ -36,38 +34,29 @@ func newHostManager(wgInterface WGIface) (hostManager, error) {
 	if err != nil {
 		return nil, err
 	}
-	return newHostManagerWithGuid(guid)
-}
-
-func newHostManagerWithGuid(guid string) (hostManager, error) {
 	return &registryConfigurator{
 		guid: guid,
 	}, nil
 }

-func (r *registryConfigurator) supportCustomPort() bool {
+func (s *registryConfigurator) supportCustomPort() bool {
 	return false
 }

-func (r *registryConfigurator) applyDNSConfig(config HostDNSConfig) error {
+func (r *registryConfigurator) applyDNSConfig(config hostDNSConfig) error {
 	var err error
-	if config.RouteAll {
-		err = r.addDNSSetupForAll(config.ServerIP)
+	if config.routeAll {
+		err = r.addDNSSetupForAll(config.serverIP)
 		if err != nil {
-			return fmt.Errorf("add dns setup: %w", err)
+			return err
 		}
 	} else if r.routingAll {
 		err = r.deleteInterfaceRegistryKeyProperty(interfaceConfigNameServerKey)
 		if err != nil {
-			return fmt.Errorf("delete interface registry key property: %w", err)
+			return err
 		}
 		r.routingAll = false
-		log.Infof("removed %s as main DNS forwarder for this peer", config.ServerIP)
-	}
-
-	// create a file for unclean shutdown detection
-	if err := createUncleanShutdownIndicator(r.guid); err != nil {
-		log.Errorf("failed to create unclean shutdown file: %s", err)
+		log.Infof("removed %s as main DNS forwarder for this peer", config.serverIP)
 	}

 	var (
@@ -75,28 +64,28 @@ func (r *registryConfigurator) applyDNSConfig(config HostDNSConfig) error {
 		matchDomains  []string
 	)

-	for _, dConf := range config.Domains {
-		if dConf.Disabled {
+	for _, dConf := range config.domains {
+		if dConf.disabled {
 			continue
 		}
-		if !dConf.MatchOnly {
-			searchDomains = append(searchDomains, dConf.Domain)
+		if !dConf.matchOnly {
+			searchDomains = append(searchDomains, dConf.domain)
 		}
-		matchDomains = append(matchDomains, "."+dConf.Domain)
+		matchDomains = append(matchDomains, "."+dConf.domain)
 	}

 	if len(matchDomains) != 0 {
-		err = r.addDNSMatchPolicy(matchDomains, config.ServerIP)
+		err = r.addDNSMatchPolicy(matchDomains, config.serverIP)
 	} else {
 		err = removeRegistryKeyFromDNSPolicyConfig(dnsPolicyConfigMatchPath)
 	}
 	if err != nil {
-		return fmt.Errorf("add dns match policy: %w", err)
+		return err
 	}

 	err = r.updateSearchDomains(searchDomains)
 	if err != nil {
-		return fmt.Errorf("update search domains: %w", err)
+		return err
 	}

 	return nil
@@ -105,7 +94,7 @@ func (r *registryConfigurator) applyDNSConfig(config HostDNSConfig) error {
 func (r *registryConfigurator) addDNSSetupForAll(ip string) error {
 	err := r.setInterfaceRegistryKeyStringValue(interfaceConfigNameServerKey, ip)
 	if err != nil {
-		return fmt.Errorf("adding dns setup for all failed with error: %w", err)
+		return fmt.Errorf("adding dns setup for all failed with error: %s", err)
 	}
 	r.routingAll = true
 	log.Infof("configured %s:53 as main DNS forwarder for this peer", ip)
@@ -117,33 +106,33 @@ func (r *registryConfigurator) addDNSMatchPolicy(domains []string, ip string) er
 	if err == nil {
 		err = registry.DeleteKey(registry.LOCAL_MACHINE, dnsPolicyConfigMatchPath)
 		if err != nil {
-			return fmt.Errorf("unable to remove existing key from registry, key: HKEY_LOCAL_MACHINE\\%s, error: %w", dnsPolicyConfigMatchPath, err)
+			return fmt.Errorf("unable to remove existing key from registry, key: HKEY_LOCAL_MACHINE\\%s, error: %s", dnsPolicyConfigMatchPath, err)
 		}
 	}

 	regKey, _, err := registry.CreateKey(registry.LOCAL_MACHINE, dnsPolicyConfigMatchPath, registry.SET_VALUE)
 	if err != nil {
-		return fmt.Errorf("unable to create registry key, key: HKEY_LOCAL_MACHINE\\%s, error: %w", dnsPolicyConfigMatchPath, err)
+		return fmt.Errorf("unable to create registry key, key: HKEY_LOCAL_MACHINE\\%s, error: %s", dnsPolicyConfigMatchPath, err)
 	}

 	err = regKey.SetDWordValue(dnsPolicyConfigVersionKey, dnsPolicyConfigVersionValue)
 	if err != nil {
-		return fmt.Errorf("unable to set registry value for %s, error: %w", dnsPolicyConfigVersionKey, err)
+		return fmt.Errorf("unable to set registry value for %s, error: %s", dnsPolicyConfigVersionKey, err)
 	}

 	err = regKey.SetStringsValue(dnsPolicyConfigNameKey, domains)
 	if err != nil {
-		return fmt.Errorf("unable to set registry value for %s, error: %w", dnsPolicyConfigNameKey, err)
+		return fmt.Errorf("unable to set registry value for %s, error: %s", dnsPolicyConfigNameKey, err)
 	}

 	err = regKey.SetStringValue(dnsPolicyConfigGenericDNSServersKey, ip)
 	if err != nil {
-		return fmt.Errorf("unable to set registry value for %s, error: %w", dnsPolicyConfigGenericDNSServersKey, err)
+		return fmt.Errorf("unable to set registry value for %s, error: %s", dnsPolicyConfigGenericDNSServersKey, err)
 	}

 	err = regKey.SetDWordValue(dnsPolicyConfigConfigOptionsKey, dnsPolicyConfigConfigOptionsValue)
 	if err != nil {
-		return fmt.Errorf("unable to set registry value for %s, error: %w", dnsPolicyConfigConfigOptionsKey, err)
+		return fmt.Errorf("unable to set registry value for %s, error: %s", dnsPolicyConfigConfigOptionsKey, err)
 	}

 	log.Infof("added %d match domains to the state. Domain list: %s", len(domains), domains)
@@ -152,25 +141,18 @@ func (r *registryConfigurator) addDNSMatchPolicy(domains []string, ip string) er
 }

 func (r *registryConfigurator) restoreHostDNS() error {
-	if err := removeRegistryKeyFromDNSPolicyConfig(dnsPolicyConfigMatchPath); err != nil {
-		log.Errorf("remove registry key from dns policy config: %s", err)
+	err := removeRegistryKeyFromDNSPolicyConfig(dnsPolicyConfigMatchPath)
+	if err != nil {
+		log.Error(err)
 	}

-	if err := r.deleteInterfaceRegistryKeyProperty(interfaceConfigSearchListKey); err != nil {
-		return fmt.Errorf("remove interface registry key: %w", err)
-	}
-
-	if err := removeUncleanShutdownIndicator(); err != nil {
-		log.Errorf("failed to remove unclean shutdown file: %s", err)
-	}
-
-	return nil
+	return r.deleteInterfaceRegistryKeyProperty(interfaceConfigSearchListKey)
 }

 func (r *registryConfigurator) updateSearchDomains(domains []string) error {
 	err := r.setInterfaceRegistryKeyStringValue(interfaceConfigSearchListKey, strings.Join(domains, ","))
 	if err != nil {
-		return fmt.Errorf("adding search domain failed with error: %w", err)
+		return fmt.Errorf("adding search domain failed with error: %s", err)
 	}

 	log.Infof("updated the search domains in the registry with %d domains. Domain list: %s", len(domains), domains)
@@ -181,13 +163,13 @@ func (r *registryConfigurator) updateSearchDomains(domains []string) error {
 func (r *registryConfigurator) setInterfaceRegistryKeyStringValue(key, value string) error {
 	regKey, err := r.getInterfaceRegistryKey()
 	if err != nil {
-		return fmt.Errorf("get interface registry key: %w", err)
+		return err
 	}
-	defer closer(regKey)
+	defer regKey.Close()

 	err = regKey.SetStringValue(key, value)
 	if err != nil {
-		return fmt.Errorf("applying key %s with value \"%s\" for interface failed with error: %w", key, value, err)
+		return fmt.Errorf("applying key %s with value \"%s\" for interface failed with error: %s", key, value, err)
 	}

 	return nil
@@ -196,13 +178,13 @@ func (r *registryConfigurator) setInterfaceRegistryKeyStringValue(key, value str
 func (r *registryConfigurator) deleteInterfaceRegistryKeyProperty(propertyKey string) error {
 	regKey, err := r.getInterfaceRegistryKey()
 	if err != nil {
-		return fmt.Errorf("get interface registry key: %w", err)
+		return err
 	}
-	defer closer(regKey)
+	defer regKey.Close()

 	err = regKey.DeleteValue(propertyKey)
 	if err != nil {
-		return fmt.Errorf("deleting registry key %s for interface failed with error: %w", propertyKey, err)
+		return fmt.Errorf("deleting registry key %s for interface failed with error: %s", propertyKey, err)
 	}

 	return nil
@@ -215,33 +197,20 @@ func (r *registryConfigurator) getInterfaceRegistryKey() (registry.Key, error) {

 	regKey, err := registry.OpenKey(registry.LOCAL_MACHINE, regKeyPath, registry.SET_VALUE)
 	if err != nil {
-		return regKey, fmt.Errorf("unable to open the interface registry key, key: HKEY_LOCAL_MACHINE\\%s, error: %w", regKeyPath, err)
+		return regKey, fmt.Errorf("unable to open the interface registry key, key: HKEY_LOCAL_MACHINE\\%s, error: %s", regKeyPath, err)
 	}

 	return regKey, nil
 }

-func (r *registryConfigurator) restoreUncleanShutdownDNS(*netip.Addr) error {
-	if err := r.restoreHostDNS(); err != nil {
-		return fmt.Errorf("restoring dns via registry: %w", err)
-	}
-	return nil
-}
-
 func removeRegistryKeyFromDNSPolicyConfig(regKeyPath string) error {
 	k, err := registry.OpenKey(registry.LOCAL_MACHINE, regKeyPath, registry.QUERY_VALUE)
 	if err == nil {
-		defer closer(k)
+		k.Close()
 		err = registry.DeleteKey(registry.LOCAL_MACHINE, regKeyPath)
 		if err != nil {
-			return fmt.Errorf("unable to remove existing key from registry, key: HKEY_LOCAL_MACHINE\\%s, error: %w", regKeyPath, err)
+			return fmt.Errorf("unable to remove existing key from registry, key: HKEY_LOCAL_MACHINE\\%s, error: %s", regKeyPath, err)
 		}
 	}
 	return nil
 }
-
-func closer(closer io.Closer) {
-	if err := closer.Close(); err != nil {
-		log.Errorf("failed to close: %s", err)
-	}
-}
--- a/client/internal/dns/hosts_dns_holder.go
+++ b/client/internal/dns/hosts_dns_holder.go
@@ -1,63 +0,0 @@
-package dns
-
-import (
-	"fmt"
-	"net/netip"
-	"sync"
-
-	log "github.com/sirupsen/logrus"
-)
-
-type hostsDNSHolder struct {
-	unprotectedDNSList map[string]struct{}
-	mutex              sync.RWMutex
-}
-
-func newHostsDNSHolder() *hostsDNSHolder {
-	return &hostsDNSHolder{
-		unprotectedDNSList: make(map[string]struct{}),
-	}
-}
-
-func (h *hostsDNSHolder) set(list []string) {
-	h.mutex.Lock()
-	h.unprotectedDNSList = make(map[string]struct{})
-	for _, dns := range list {
-		dnsAddr, err := h.normalizeAddress(dns)
-		if err != nil {
-			continue
-		}
-		h.unprotectedDNSList[dnsAddr] = struct{}{}
-	}
-	h.mutex.Unlock()
-}
-
-func (h *hostsDNSHolder) get() map[string]struct{} {
-	h.mutex.RLock()
-	l := h.unprotectedDNSList
-	h.mutex.RUnlock()
-	return l
-}
-
-//nolint:unused
-func (h *hostsDNSHolder) isContain(upstream string) bool {
-	h.mutex.RLock()
-	defer h.mutex.RUnlock()
-
-	_, ok := h.unprotectedDNSList[upstream]
-	return ok
-}
-
-func (h *hostsDNSHolder) normalizeAddress(addr string) (string, error) {
-	a, err := netip.ParseAddr(addr)
-	if err != nil {
-		log.Errorf("invalid upstream IP address: %s, error: %s", addr, err)
-		return "", err
-	}
-
-	if a.Is4() {
-		return fmt.Sprintf("%s:53", addr), nil
-	} else {
-		return fmt.Sprintf("[%s]:53", addr), nil
-	}
-}
--- a/client/internal/dns/local.go
+++ b/client/internal/dns/local.go
@@ -31,8 +31,6 @@ func (d *localResolver) ServeDNS(w dns.ResponseWriter, r *dns.Msg) {
 	response := d.lookupRecord(r)
 	if response != nil {
 		replyMessage.Answer = append(replyMessage.Answer, response)
-	} else {
-		replyMessage.Rcode = dns.RcodeNameError
 	}

 	err := w.WriteMsg(replyMessage)
@@ -54,7 +52,7 @@ func (d *localResolver) lookupRecord(r *dns.Msg) dns.RR {
 func (d *localResolver) registerRecord(record nbdns.SimpleRecord) error {
 	fullRecord, err := dns.NewRR(record.String())
 	if err != nil {
-		return fmt.Errorf("register record: %w", err)
+		return err
 	}

 	fullRecord.Header().Rdlength = record.Len()
@@ -73,5 +71,3 @@ func buildRecordKey(name string, class, qType uint16) string {
 	key := fmt.Sprintf("%s_%d_%d", name, class, qType)
 	return key
 }
-
-func (d *localResolver) probeAvailability() {}
--- a/client/internal/dns/local_test.go
+++ b/client/internal/dns/local_test.go
@@ -1,12 +1,10 @@
 package dns

 import (
+	"github.com/miekg/dns"
+	nbdns "github.com/netbirdio/netbird/dns"
 	"strings"
 	"testing"
-
-	"github.com/miekg/dns"
-
-	nbdns "github.com/netbirdio/netbird/dns"
 )

 func TestLocalResolver_ServeDNS(t *testing.T) {
--- a/client/internal/dns/mock_server.go
+++ b/client/internal/dns/mock_server.go
@@ -33,7 +33,7 @@ func (m *MockServer) DnsIP() string {
 }

 func (m *MockServer) OnUpdatedHostDNSServer(strings []string) {
-	// TODO implement me
+	//TODO implement me
 	panic("implement me")
 }

@@ -48,7 +48,3 @@ func (m *MockServer) UpdateDNSServer(serial uint64, update nbdns.Config) error {
 func (m *MockServer) SearchDomains() []string {
 	return make([]string, 0)
 }
-
-// ProbeAvailability mocks implementation of ProbeAvailability from the Server interface
-func (m *MockServer) ProbeAvailability() {
-}
--- a/client/internal/dns/network_manager_linux.go
+++ b/client/internal/dns/network_manager_linux.go
@@ -1,22 +1,19 @@
-//go:build (linux && !android) || freebsd
+//go:build !android

 package dns

 import (
 	"context"
 	"encoding/binary"
-	"errors"
 	"fmt"
 	"net/netip"
-	"strings"
 	"time"

 	"github.com/godbus/dbus/v5"
 	"github.com/hashicorp/go-version"
 	"github.com/miekg/dns"
-	log "github.com/sirupsen/logrus"
-
 	nbversion "github.com/netbirdio/netbird/version"
+	log "github.com/sirupsen/logrus"
 )

 const (
@@ -43,13 +40,9 @@ const (
 	networkManagerDbusPrimaryDNSPriority       int32 = -500
 	networkManagerDbusWithMatchDomainPriority  int32 = 0
 	networkManagerDbusSearchDomainOnlyPriority int32 = 50
+	supportedNetworkManagerVersionConstraint         = ">= 1.16, < 1.28"
 )

-var supportedNetworkManagerVersionConstraints = []string{
-	">= 1.16, < 1.27",
-	">= 1.44, < 1.45",
-}
-
 type networkManagerDbusConfigurator struct {
 	dbusLinkObject dbus.ObjectPath
 	routingAll     bool
@@ -77,19 +70,19 @@ func (s networkManagerConnSettings) cleanDeprecatedSettings() {
 	}
 }

-func newNetworkManagerDbusConfigurator(wgInterface string) (hostManager, error) {
+func newNetworkManagerDbusConfigurator(wgInterface WGIface) (hostManager, error) {
 	obj, closeConn, err := getDbusObject(networkManagerDest, networkManagerDbusObjectNode)
 	if err != nil {
-		return nil, fmt.Errorf("get nm dbus: %w", err)
+		return nil, err
 	}
 	defer closeConn()
 	var s string
-	err = obj.Call(networkManagerDbusGetDeviceByIPIfaceMethod, dbusDefaultFlag, wgInterface).Store(&s)
+	err = obj.Call(networkManagerDbusGetDeviceByIPIfaceMethod, dbusDefaultFlag, wgInterface.Name()).Store(&s)
 	if err != nil {
-		return nil, fmt.Errorf("call: %w", err)
+		return nil, err
 	}

-	log.Debugf("got network manager dbus Link Object: %s from net interface %s", s, wgInterface)
+	log.Debugf("got network manager dbus Link Object: %s from net interface %s", s, wgInterface.Name())

 	return &networkManagerDbusConfigurator{
 		dbusLinkObject: dbus.ObjectPath(s),
@@ -100,17 +93,17 @@ func (n *networkManagerDbusConfigurator) supportCustomPort() bool {
 	return false
 }

-func (n *networkManagerDbusConfigurator) applyDNSConfig(config HostDNSConfig) error {
+func (n *networkManagerDbusConfigurator) applyDNSConfig(config hostDNSConfig) error {
 	connSettings, configVersion, err := n.getAppliedConnectionSettings()
 	if err != nil {
-		return fmt.Errorf("retrieving the applied connection settings, error: %w", err)
+		return fmt.Errorf("got an error while retrieving the applied connection settings, error: %s", err)
 	}

 	connSettings.cleanDeprecatedSettings()

-	dnsIP, err := netip.ParseAddr(config.ServerIP)
+	dnsIP, err := netip.ParseAddr(config.serverIP)
 	if err != nil {
-		return fmt.Errorf("unable to parse ip address, error: %w", err)
+		return fmt.Errorf("unable to parse ip address, error: %s", err)
 	}
 	convDNSIP := binary.LittleEndian.Uint32(dnsIP.AsSlice())
 	connSettings[networkManagerDbusIPv4Key][networkManagerDbusDNSKey] = dbus.MakeVariant([]uint32{convDNSIP})
@@ -118,70 +111,56 @@ func (n *networkManagerDbusConfigurator) applyDNSConfig(config HostDNSConfig) er
 		searchDomains []string
 		matchDomains  []string
 	)
-	for _, dConf := range config.Domains {
-		if dConf.Disabled {
+	for _, dConf := range config.domains {
+		if dConf.disabled {
 			continue
 		}
-		if dConf.MatchOnly {
-			matchDomains = append(matchDomains, "~."+dns.Fqdn(dConf.Domain))
+		if dConf.matchOnly {
+			matchDomains = append(matchDomains, "~."+dns.Fqdn(dConf.domain))
 			continue
 		}
-		searchDomains = append(searchDomains, dns.Fqdn(dConf.Domain))
+		searchDomains = append(searchDomains, dns.Fqdn(dConf.domain))
 	}

 	newDomainList := append(searchDomains, matchDomains...) //nolint:gocritic

 	priority := networkManagerDbusSearchDomainOnlyPriority
 	switch {
-	case config.RouteAll:
+	case config.routeAll:
 		priority = networkManagerDbusPrimaryDNSPriority
 		newDomainList = append(newDomainList, "~.")
 		if !n.routingAll {
-			log.Infof("configured %s:%d as main DNS forwarder for this peer", config.ServerIP, config.ServerPort)
+			log.Infof("configured %s:%d as main DNS forwarder for this peer", config.serverIP, config.serverPort)
 		}
 	case len(matchDomains) > 0:
 		priority = networkManagerDbusWithMatchDomainPriority
 	}

 	if priority != networkManagerDbusPrimaryDNSPriority && n.routingAll {
-		log.Infof("removing %s:%d as main DNS forwarder for this peer", config.ServerIP, config.ServerPort)
+		log.Infof("removing %s:%d as main DNS forwarder for this peer", config.serverIP, config.serverPort)
 		n.routingAll = false
 	}

 	connSettings[networkManagerDbusIPv4Key][networkManagerDbusDNSPriorityKey] = dbus.MakeVariant(priority)
 	connSettings[networkManagerDbusIPv4Key][networkManagerDbusDNSSearchKey] = dbus.MakeVariant(newDomainList)

-	// create a backup for unclean shutdown detection before adding domains, as these might end up in the resolv.conf file.
-	// The file content itself is not important for network-manager restoration
-	if err := createUncleanShutdownIndicator(defaultResolvConfPath, networkManager, dnsIP.String()); err != nil {
-		log.Errorf("failed to create unclean shutdown resolv.conf backup: %s", err)
-	}
-
 	log.Infof("adding %d search domains and %d match domains. Search list: %s , Match list: %s", len(searchDomains), len(matchDomains), searchDomains, matchDomains)
 	err = n.reApplyConnectionSettings(connSettings, configVersion)
 	if err != nil {
-		return fmt.Errorf("reapplying the connection with new settings, error: %w", err)
+		return fmt.Errorf("got an error while reapplying the connection with new settings, error: %s", err)
 	}
 	return nil
 }

 func (n *networkManagerDbusConfigurator) restoreHostDNS() error {
 	// once the interface is gone network manager cleans all config associated with it
-	if err := n.deleteConnectionSettings(); err != nil {
-		return fmt.Errorf("delete connection settings: %w", err)
-	}
-
-	if err := removeUncleanShutdownIndicator(); err != nil {
-		log.Errorf("failed to remove unclean shutdown resolv.conf backup: %s", err)
-	}
-
-	return nil
+	return n.deleteConnectionSettings()
 }

 func (n *networkManagerDbusConfigurator) getAppliedConnectionSettings() (networkManagerConnSettings, networkManagerConfigVersion, error) {
 	obj, closeConn, err := getDbusObject(networkManagerDest, n.dbusLinkObject)
 	if err != nil {
-		return nil, 0, fmt.Errorf("attempting to retrieve the applied connection settings, err: %w", err)
+		return nil, 0, fmt.Errorf("got error while attempting to retrieve the applied connection settings, err: %s", err)
 	}
 	defer closeConn()

@@ -196,7 +175,7 @@ func (n *networkManagerDbusConfigurator) getAppliedConnectionSettings() (network
 	err = obj.CallWithContext(ctx, networkManagerDbusDeviceGetAppliedConnectionMethod, dbusDefaultFlag,
 		networkManagerDbusDefaultBehaviorFlag).Store(&connSettings, &configVersion)
 	if err != nil {
-		return nil, 0, fmt.Errorf("calling GetAppliedConnection method with context, err: %w", err)
+		return nil, 0, fmt.Errorf("got error while calling GetAppliedConnection method with context, err: %s", err)
 	}

 	return connSettings, configVersion, nil
@@ -205,7 +184,7 @@ func (n *networkManagerDbusConfigurator) getAppliedConnectionSettings() (network
 func (n *networkManagerDbusConfigurator) reApplyConnectionSettings(connSettings networkManagerConnSettings, configVersion networkManagerConfigVersion) error {
 	obj, closeConn, err := getDbusObject(networkManagerDest, n.dbusLinkObject)
 	if err != nil {
-		return fmt.Errorf("attempting to retrieve the applied connection settings, err: %w", err)
+		return fmt.Errorf("got error while attempting to retrieve the applied connection settings, err: %s", err)
 	}
 	defer closeConn()

@@ -215,7 +194,7 @@ func (n *networkManagerDbusConfigurator) reApplyConnectionSettings(connSettings
 	err = obj.CallWithContext(ctx, networkManagerDbusDeviceReapplyMethod, dbusDefaultFlag,
 		connSettings, configVersion, networkManagerDbusDefaultBehaviorFlag).Store()
 	if err != nil {
-		return fmt.Errorf("calling ReApply method with context, err: %w", err)
+		return fmt.Errorf("got error while calling ReApply method with context, err: %s", err)
 	}

 	return nil
@@ -224,34 +203,21 @@ func (n *networkManagerDbusConfigurator) reApplyConnectionSettings(connSettings
 func (n *networkManagerDbusConfigurator) deleteConnectionSettings() error {
 	obj, closeConn, err := getDbusObject(networkManagerDest, n.dbusLinkObject)
 	if err != nil {
-		return fmt.Errorf("attempting to retrieve the applied connection settings, err: %w", err)
+		return fmt.Errorf("got error while attempting to retrieve the applied connection settings, err: %s", err)
 	}
 	defer closeConn()

 	ctx, cancel := context.WithTimeout(context.TODO(), 5*time.Second)
 	defer cancel()

-	// this call is required to remove the device for DNS cleanup, even if it fails
 	err = obj.CallWithContext(ctx, networkManagerDbusDeviceDeleteMethod, dbusDefaultFlag).Store()
 	if err != nil {
-		var dbusErr dbus.Error
-		if errors.As(err, &dbusErr) && dbusErr.Name == dbus.ErrMsgUnknownMethod.Name {
-			// interface is gone already
-			return nil
-		}
-		return fmt.Errorf("calling delete method with context, err: %s", err)
+		return fmt.Errorf("got error while calling delete method with context, err: %s", err)
 	}

 	return nil
 }

-func (n *networkManagerDbusConfigurator) restoreUncleanShutdownDNS(*netip.Addr) error {
-	if err := n.restoreHostDNS(); err != nil {
-		return fmt.Errorf("restoring dns via network-manager: %w", err)
-	}
-	return nil
-}
-
 func isNetworkManagerSupported() bool {
 	return isNetworkManagerSupportedVersion() && isNetworkManagerSupportedMode()
 }
@@ -283,13 +249,13 @@ func isNetworkManagerSupportedMode() bool {
 func getNetworkManagerDNSProperty(property string, store any) error {
 	obj, closeConn, err := getDbusObject(networkManagerDest, networkManagerDbusDNSManagerObjectNode)
 	if err != nil {
-		return fmt.Errorf("attempting to retrieve the network manager dns manager object, error: %w", err)
+		return fmt.Errorf("got error while attempting to retrieve the network manager dns manager object, error: %s", err)
 	}
 	defer closeConn()

 	v, e := obj.GetProperty(property)
 	if e != nil {
-		return fmt.Errorf("getting property %s: %w", property, e)
+		return fmt.Errorf("got an error getting property %s: %v", property, e)
 	}

 	return v.Store(store)
@@ -311,26 +277,15 @@ func isNetworkManagerSupportedVersion() bool {
 	}
 	versionValue, err := parseVersion(value.Value().(string))
 	if err != nil {
-		log.Errorf("nm: parse version: %s", err)
 		return false
 	}

-	var supported bool
-	for _, constraint := range supportedNetworkManagerVersionConstraints {
-		constr, err := version.NewConstraint(constraint)
-		if err != nil {
-			log.Errorf("nm: create constraint: %s", err)
-			return false
-		}
-
-		if met := constr.Check(versionValue); met {
-			supported = true
-			break
-		}
+	constraints, err := version.NewConstraint(supportedNetworkManagerVersionConstraint)
+	if err != nil {
+		return false
 	}

-	log.Debugf("network manager constraints [%s] met: %t", strings.Join(supportedNetworkManagerVersionConstraints, " | "), supported)
-	return supported
+	return constraints.Check(versionValue)
 }

 func parseVersion(inputVersion string) (*version.Version, error) {
--- a/client/internal/dns/notifier.go
+++ b/client/internal/dns/notifier.go
@@ -52,6 +52,6 @@ func (n *notifier) notify() {
 	}

 	go func(l listener.NetworkChangeListener) {
-		l.OnNetworkChanged("")
+		l.OnNetworkChanged()
 	}(n.listener)
 }
--- a/client/internal/dns/resolvconf_linux.go
+++ b/client/internal/dns/resolvconf_linux.go
@@ -0,0 +1,86 @@
+//go:build !android
+
+package dns
+
+import (
+	"bytes"
+	"fmt"
+	"os/exec"
+
+	log "github.com/sirupsen/logrus"
+)
+
+const resolvconfCommand = "resolvconf"
+
+type resolvconf struct {
+	ifaceName string
+
+	originalSearchDomains []string
+	originalNameServers   []string
+	othersConfigs         []string
+}
+
+// supported "openresolv" only
+func newResolvConfConfigurator(wgInterface WGIface) (hostManager, error) {
+	originalSearchDomains, nameServers, others, err := originalDNSConfigs("/etc/resolv.conf")
+	if err != nil {
+		log.Error(err)
+	}
+
+	return &resolvconf{
+		ifaceName:             wgInterface.Name(),
+		originalSearchDomains: originalSearchDomains,
+		originalNameServers:   nameServers,
+		othersConfigs:         others,
+	}, nil
+}
+
+func (r *resolvconf) supportCustomPort() bool {
+	return false
+}
+
+func (r *resolvconf) applyDNSConfig(config hostDNSConfig) error {
+	var err error
+	if !config.routeAll {
+		err = r.restoreHostDNS()
+		if err != nil {
+			log.Error(err)
+		}
+		return fmt.Errorf("unable to configure DNS for this peer using resolvconf manager without a nameserver group with all domains configured")
+	}
+
+	searchDomainList := searchDomains(config)
+	searchDomainList = mergeSearchDomains(searchDomainList, r.originalSearchDomains)
+
+	buf := prepareResolvConfContent(
+		searchDomainList,
+		append([]string{config.serverIP}, r.originalNameServers...),
+		r.othersConfigs)
+
+	err = r.applyConfig(buf)
+	if err != nil {
+		return err
+	}
+
+	log.Infof("added %d search domains. Search list: %s", len(searchDomainList), searchDomainList)
+	return nil
+}
+
+func (r *resolvconf) restoreHostDNS() error {
+	cmd := exec.Command(resolvconfCommand, "-f", "-d", r.ifaceName)
+	_, err := cmd.Output()
+	if err != nil {
+		return fmt.Errorf("got an error while removing resolvconf configuration for %s interface, error: %s", r.ifaceName, err)
+	}
+	return nil
+}
+
+func (r *resolvconf) applyConfig(content bytes.Buffer) error {
+	cmd := exec.Command(resolvconfCommand, "-x", "-a", r.ifaceName)
+	cmd.Stdin = &content
+	_, err := cmd.Output()
+	if err != nil {
+		return fmt.Errorf("got an error while applying resolvconf configuration for %s interface, error: %s", r.ifaceName, err)
+	}
+	return nil
+}
--- a/client/internal/dns/resolvconf_unix.go
+++ b/client/internal/dns/resolvconf_unix.go
@@ -1,108 +0,0 @@
-//go:build (linux && !android) || freebsd
-
-package dns
-
-import (
-	"bytes"
-	"fmt"
-	"net/netip"
-	"os/exec"
-
-	log "github.com/sirupsen/logrus"
-)
-
-const resolvconfCommand = "resolvconf"
-
-type resolvconf struct {
-	ifaceName string
-
-	originalSearchDomains []string
-	originalNameServers   []string
-	othersConfigs         []string
-}
-
-// supported "openresolv" only
-func newResolvConfConfigurator(wgInterface string) (hostManager, error) {
-	resolvConfEntries, err := parseDefaultResolvConf()
-	if err != nil {
-		log.Errorf("could not read original search domains from %s: %s", defaultResolvConfPath, err)
-	}
-
-	return &resolvconf{
-		ifaceName:             wgInterface,
-		originalSearchDomains: resolvConfEntries.searchDomains,
-		originalNameServers:   resolvConfEntries.nameServers,
-		othersConfigs:         resolvConfEntries.others,
-	}, nil
-}
-
-func (r *resolvconf) supportCustomPort() bool {
-	return false
-}
-
-func (r *resolvconf) applyDNSConfig(config HostDNSConfig) error {
-	var err error
-	if !config.RouteAll {
-		err = r.restoreHostDNS()
-		if err != nil {
-			log.Errorf("restore host dns: %s", err)
-		}
-		return fmt.Errorf("unable to configure DNS for this peer using resolvconf manager without a nameserver group with all domains configured")
-	}
-
-	searchDomainList := searchDomains(config)
-	searchDomainList = mergeSearchDomains(searchDomainList, r.originalSearchDomains)
-
-	options := prepareOptionsWithTimeout(r.othersConfigs, int(dnsFailoverTimeout.Seconds()), dnsFailoverAttempts)
-
-	buf := prepareResolvConfContent(
-		searchDomainList,
-		append([]string{config.ServerIP}, r.originalNameServers...),
-		options)
-
-	// create a backup for unclean shutdown detection before the resolv.conf is changed
-	if err := createUncleanShutdownIndicator(defaultResolvConfPath, resolvConfManager, config.ServerIP); err != nil {
-		log.Errorf("failed to create unclean shutdown resolv.conf backup: %s", err)
-	}
-
-	err = r.applyConfig(buf)
-	if err != nil {
-		return fmt.Errorf("apply config: %w", err)
-	}
-
-	log.Infof("added %d search domains. Search list: %s", len(searchDomainList), searchDomainList)
-	return nil
-}
-
-func (r *resolvconf) restoreHostDNS() error {
-	// openresolv only, debian resolvconf doesn't support "-f"
-	cmd := exec.Command(resolvconfCommand, "-f", "-d", r.ifaceName)
-	_, err := cmd.Output()
-	if err != nil {
-		return fmt.Errorf("removing resolvconf configuration for %s interface, error: %w", r.ifaceName, err)
-	}
-
-	if err := removeUncleanShutdownIndicator(); err != nil {
-		log.Errorf("failed to remove unclean shutdown resolv.conf backup: %s", err)
-	}
-
-	return nil
-}
-
-func (r *resolvconf) applyConfig(content bytes.Buffer) error {
-	// openresolv only, debian resolvconf doesn't support "-x"
-	cmd := exec.Command(resolvconfCommand, "-x", "-a", r.ifaceName)
-	cmd.Stdin = &content
-	_, err := cmd.Output()
-	if err != nil {
-		return fmt.Errorf("applying resolvconf configuration for %s interface, error: %w", r.ifaceName, err)
-	}
-	return nil
-}
-
-func (r *resolvconf) restoreUncleanShutdownDNS(*netip.Addr) error {
-	if err := r.restoreHostDNS(); err != nil {
-		return fmt.Errorf("restoring dns for interface %s: %w", r.ifaceName, err)
-	}
-	return nil
-}
--- a/client/internal/dns/response_writer.go
+++ b/client/internal/dns/response_writer.go
@@ -31,13 +31,10 @@ func (r *responseWriter) RemoteAddr() net.Addr {
 func (r *responseWriter) WriteMsg(msg *dns.Msg) error {
 	buff, err := msg.Pack()
 	if err != nil {
-		return fmt.Errorf("pack: %w", err)
+		return err
 	}
-
-	if _, err := r.Write(buff); err != nil {
-		return fmt.Errorf("write: %w", err)
-	}
-	return nil
+	_, err = r.Write(buff)
+	return err
 }

 // Write writes a raw buffer back to the client.
--- a/client/internal/dns/server.go
+++ b/client/internal/dns/server.go
@@ -4,8 +4,6 @@ import (
 	"context"
 	"fmt"
 	"net/netip"
-	"runtime"
-	"strings"
 	"sync"

 	"github.com/miekg/dns"
@@ -13,7 +11,6 @@ import (
 	log "github.com/sirupsen/logrus"

 	"github.com/netbirdio/netbird/client/internal/listener"
-	"github.com/netbirdio/netbird/client/internal/peer"
 	nbdns "github.com/netbirdio/netbird/dns"
 )

@@ -22,11 +19,6 @@ type ReadyListener interface {
 	OnReady()
 }

-// IosDnsManager is a dns manager interface for iOS
-type IosDnsManager interface {
-	ApplyDns(string)
-}
-
 // Server is a dns server interface
 type Server interface {
 	Initialize() error
@@ -35,7 +27,6 @@ type Server interface {
 	UpdateDNSServer(serial uint64, update nbdns.Config) error
 	OnUpdatedHostDNSServer(strings []string)
 	SearchDomains() []string
-	ProbeAvailability()
 }

 type registeredHandlerMap map[string]handlerWithStop
@@ -52,23 +43,20 @@ type DefaultServer struct {
 	hostManager        hostManager
 	updateSerial       uint64
 	previousConfigHash uint64
-	currentConfig      HostDNSConfig
+	currentConfig      hostDNSConfig

 	// permanent related properties
-	permanent      bool
-	hostsDNSHolder *hostsDNSHolder
+	permanent        bool
+	hostsDnsList     []string
+	hostsDnsListLock sync.Mutex

 	// make sense on mobile only
 	searchDomainNotifier *notifier
-	iosDnsManager        IosDnsManager
-
-	statusRecorder *peer.Status
 }

 type handlerWithStop interface {
 	dns.Handler
 	stop()
-	probeAvailability()
 }

 type muxUpdate struct {
@@ -77,12 +65,7 @@ type muxUpdate struct {
 }

 // NewDefaultServer returns a new dns server
-func NewDefaultServer(
-	ctx context.Context,
-	wgInterface WGIface,
-	customAddress string,
-	statusRecorder *peer.Status,
-) (*DefaultServer, error) {
+func NewDefaultServer(ctx context.Context, wgInterface WGIface, customAddress string) (*DefaultServer, error) {
 	var addrPort *netip.AddrPort
 	if customAddress != "" {
 		parsedAddrPort, err := netip.ParseAddrPort(customAddress)
@@ -99,22 +82,15 @@ func NewDefaultServer(
 		dnsService = newServiceViaListener(wgInterface, addrPort)
 	}

-	return newDefaultServer(ctx, wgInterface, dnsService, statusRecorder), nil
+	return newDefaultServer(ctx, wgInterface, dnsService), nil
 }

 // NewDefaultServerPermanentUpstream returns a new dns server. It optimized for mobile systems
-func NewDefaultServerPermanentUpstream(
-	ctx context.Context,
-	wgInterface WGIface,
-	hostsDnsList []string,
-	config nbdns.Config,
-	listener listener.NetworkChangeListener,
-	statusRecorder *peer.Status,
-) *DefaultServer {
+func NewDefaultServerPermanentUpstream(ctx context.Context, wgInterface WGIface, hostsDnsList []string, config nbdns.Config, listener listener.NetworkChangeListener) *DefaultServer {
 	log.Debugf("host dns address list is: %v", hostsDnsList)
-	ds := newDefaultServer(ctx, wgInterface, newServiceViaMemory(wgInterface), statusRecorder)
-	ds.hostsDNSHolder.set(hostsDnsList)
+	ds := newDefaultServer(ctx, wgInterface, newServiceViaMemory(wgInterface))
 	ds.permanent = true
+	ds.hostsDnsList = hostsDnsList
 	ds.addHostRootZone()
 	ds.currentConfig = dnsConfigToHostDNSConfig(config, ds.service.RuntimeIP(), ds.service.RuntimePort())
 	ds.searchDomainNotifier = newNotifier(ds.SearchDomains())
@@ -123,19 +99,7 @@ func NewDefaultServerPermanentUpstream(
 	return ds
 }

-// NewDefaultServerIos returns a new dns server. It optimized for ios
-func NewDefaultServerIos(
-	ctx context.Context,
-	wgInterface WGIface,
-	iosDnsManager IosDnsManager,
-	statusRecorder *peer.Status,
-) *DefaultServer {
-	ds := newDefaultServer(ctx, wgInterface, newServiceViaMemory(wgInterface), statusRecorder)
-	ds.iosDnsManager = iosDnsManager
-	return ds
-}
-
-func newDefaultServer(ctx context.Context, wgInterface WGIface, dnsService service, statusRecorder *peer.Status) *DefaultServer {
+func newDefaultServer(ctx context.Context, wgInterface WGIface, dnsService service) *DefaultServer {
 	ctx, stop := context.WithCancel(ctx)
 	defaultServer := &DefaultServer{
 		ctx:       ctx,
@@ -145,9 +109,7 @@ func newDefaultServer(ctx context.Context, wgInterface WGIface, dnsService servi
 		localResolver: &localResolver{
 			registeredMap: make(registrationMap),
 		},
-		wgInterface:    wgInterface,
-		statusRecorder: statusRecorder,
-		hostsDNSHolder: newHostsDNSHolder(),
+		wgInterface: wgInterface,
 	}

 	return defaultServer
@@ -165,15 +127,12 @@ func (s *DefaultServer) Initialize() (err error) {
 	if s.permanent {
 		err = s.service.Listen()
 		if err != nil {
-			return fmt.Errorf("service listen: %w", err)
+			return err
 		}
 	}

-	s.hostManager, err = s.initialize()
-	if err != nil {
-		return fmt.Errorf("initialize: %w", err)
-	}
-	return nil
+	s.hostManager, err = newHostManager(s.wgInterface)
+	return
 }

 // DnsIP returns the DNS resolver server IP address
@@ -203,8 +162,10 @@ func (s *DefaultServer) Stop() {
 // OnUpdatedHostDNSServer update the DNS servers addresses for root zones
 // It will be applied if the mgm server do not enforce DNS settings for root zone
 func (s *DefaultServer) OnUpdatedHostDNSServer(hostsDnsList []string) {
-	s.hostsDNSHolder.set(hostsDnsList)
+	s.hostsDnsListLock.Lock()
+	defer s.hostsDnsListLock.Unlock()

+	s.hostsDnsList = hostsDnsList
 	_, ok := s.dnsMuxMap[nbdns.RootZone]
 	if ok {
 		log.Debugf("on new host DNS config but skip to apply it")
@@ -249,7 +210,7 @@ func (s *DefaultServer) UpdateDNSServer(serial uint64, update nbdns.Config) erro
 		}

 		if err := s.applyConfiguration(update); err != nil {
-			return fmt.Errorf("apply configuration: %w", err)
+			return err
 		}

 		s.updateSerial = serial
@@ -262,34 +223,20 @@ func (s *DefaultServer) UpdateDNSServer(serial uint64, update nbdns.Config) erro
 func (s *DefaultServer) SearchDomains() []string {
 	var searchDomains []string

-	for _, dConf := range s.currentConfig.Domains {
-		if dConf.Disabled {
+	for _, dConf := range s.currentConfig.domains {
+		if dConf.disabled {
 			continue
 		}
-		if dConf.MatchOnly {
+		if dConf.matchOnly {
 			continue
 		}
-		searchDomains = append(searchDomains, dConf.Domain)
+		searchDomains = append(searchDomains, dConf.domain)
 	}
 	return searchDomains
 }

-// ProbeAvailability tests each upstream group's servers for availability
-// and deactivates the group if no server responds
-func (s *DefaultServer) ProbeAvailability() {
-	var wg sync.WaitGroup
-	for _, mux := range s.dnsMuxMap {
-		wg.Add(1)
-		go func(mux handlerWithStop) {
-			defer wg.Done()
-			mux.probeAvailability()
-		}(mux)
-	}
-	wg.Wait()
-}
-
 func (s *DefaultServer) applyConfiguration(update nbdns.Config) error {
-	// is the service should be Disabled, we stop the listener or fake resolver
+	// is the service should be disabled, we stop the listener or fake resolver
 	// and proceed with a regular update to clean up the handlers and records
 	if update.ServiceEnable {
 		_ = s.service.Listen()
@@ -315,7 +262,7 @@ func (s *DefaultServer) applyConfiguration(update nbdns.Config) error {
 	if s.service.RuntimePort() != defaultPort && !s.hostManager.supportCustomPort() {
 		log.Warnf("the DNS manager of this peer doesn't support custom port. Disabling primary DNS setup. " +
 			"Learn more at: https://docs.netbird.io/how-to/manage-dns-in-your-network#local-resolver")
-		hostUpdate.RouteAll = false
+		hostUpdate.routeAll = false
 	}

 	if err = s.hostManager.applyDNSConfig(hostUpdate); err != nil {
@@ -326,8 +273,6 @@ func (s *DefaultServer) applyConfiguration(update nbdns.Config) error {
 		s.searchDomainNotifier.onNewSearchDomains(s.SearchDomains())
 	}

-	s.updateNSGroupStates(update.NameServerGroups)
-
 	return nil
 }

@@ -367,17 +312,7 @@ func (s *DefaultServer) buildUpstreamHandlerUpdate(nameServerGroups []*nbdns.Nam
 			continue
 		}

-		handler, err := newUpstreamResolver(
-			s.ctx,
-			s.wgInterface.Name(),
-			s.wgInterface.Address().IP,
-			s.wgInterface.Address().Network,
-			s.statusRecorder,
-			s.hostsDNSHolder,
-		)
-		if err != nil {
-			return nil, fmt.Errorf("unable to create a new upstream resolver, error: %v", err)
-		}
+		handler := newUpstreamResolver(s.ctx)
 		for _, ns := range nsGroup.NameServers {
 			if ns.NSType != nbdns.UDPNameServerType {
 				log.Warnf("skipping nameserver %s with type %s, this peer supports only %s",
@@ -427,7 +362,6 @@ func (s *DefaultServer) buildUpstreamHandlerUpdate(nameServerGroups []*nbdns.Nam
 			})
 		}
 	}
-
 	return muxUpdates, nil
 }

@@ -452,7 +386,9 @@ func (s *DefaultServer) updateMux(muxUpdates []muxUpdate) {
 		_, found := muxUpdateMap[key]
 		if !found {
 			if !isContainRootUpdate && key == nbdns.RootZone {
+				s.hostsDnsListLock.Lock()
 				s.addHostRootZone()
+				s.hostsDnsListLock.Unlock()
 				existingHandler.stop()
 			} else {
 				existingHandler.stop()
@@ -494,14 +430,14 @@ func getNSHostPort(ns nbdns.NameServer) string {
 func (s *DefaultServer) upstreamCallbacks(
 	nsGroup *nbdns.NameServerGroup,
 	handler dns.Handler,
-) (deactivate func(error), reactivate func()) {
+) (deactivate func(), reactivate func()) {
 	var removeIndex map[string]int
-	deactivate = func(err error) {
+	deactivate = func() {
 		s.mux.Lock()
 		defer s.mux.Unlock()

 		l := log.WithField("nameservers", nsGroup.NameServers)
-		l.Info("Temporarily deactivating nameservers group due to timeout")
+		l.Info("temporary deactivate nameservers group due timeout")

 		removeIndex = make(map[string]int)
 		for _, domain := range nsGroup.Domains {
@@ -509,38 +445,29 @@ func (s *DefaultServer) upstreamCallbacks(
 		}
 		if nsGroup.Primary {
 			removeIndex[nbdns.RootZone] = -1
-			s.currentConfig.RouteAll = false
-			s.service.DeregisterMux(nbdns.RootZone)
+			s.currentConfig.routeAll = false
 		}

-		for i, item := range s.currentConfig.Domains {
-			if _, found := removeIndex[item.Domain]; found {
-				s.currentConfig.Domains[i].Disabled = true
-				s.service.DeregisterMux(item.Domain)
-				removeIndex[item.Domain] = i
+		for i, item := range s.currentConfig.domains {
+			if _, found := removeIndex[item.domain]; found {
+				s.currentConfig.domains[i].disabled = true
+				s.service.DeregisterMux(item.domain)
+				removeIndex[item.domain] = i
 			}
 		}
-
 		if err := s.hostManager.applyDNSConfig(s.currentConfig); err != nil {
-			l.Errorf("Failed to apply nameserver deactivation on the host: %v", err)
+			l.WithError(err).Error("fail to apply nameserver deactivation on the host")
 		}
-
-		if runtime.GOOS == "android" && nsGroup.Primary && len(s.hostsDNSHolder.get()) > 0 {
-			s.addHostRootZone()
-		}
-
-		s.updateNSState(nsGroup, err, false)
-
 	}
 	reactivate = func() {
 		s.mux.Lock()
 		defer s.mux.Unlock()

 		for domain, i := range removeIndex {
-			if i == -1 || i >= len(s.currentConfig.Domains) || s.currentConfig.Domains[i].Domain != domain {
+			if i == -1 || i >= len(s.currentConfig.domains) || s.currentConfig.domains[i].domain != domain {
 				continue
 			}
-			s.currentConfig.Domains[i].Disabled = false
+			s.currentConfig.domains[i].disabled = false
 			s.service.RegisterMux(domain, handler)
 		}

@@ -548,80 +475,33 @@ func (s *DefaultServer) upstreamCallbacks(
 		l.Debug("reactivate temporary disabled nameserver group")

 		if nsGroup.Primary {
-			s.currentConfig.RouteAll = true
-			s.service.RegisterMux(nbdns.RootZone, handler)
+			s.currentConfig.routeAll = true
 		}
 		if err := s.hostManager.applyDNSConfig(s.currentConfig); err != nil {
 			l.WithError(err).Error("reactivate temporary disabled nameserver group, DNS update apply")
 		}
-
-		s.updateNSState(nsGroup, nil, true)
 	}
 	return
 }

 func (s *DefaultServer) addHostRootZone() {
-	handler, err := newUpstreamResolver(
-		s.ctx,
-		s.wgInterface.Name(),
-		s.wgInterface.Address().IP,
-		s.wgInterface.Address().Network,
-		s.statusRecorder,
-		s.hostsDNSHolder,
-	)
-	if err != nil {
-		log.Errorf("unable to create a new upstream resolver, error: %v", err)
-		return
-	}
+	handler := newUpstreamResolver(s.ctx)
+	handler.upstreamServers = make([]string, len(s.hostsDnsList))
+	for n, ua := range s.hostsDnsList {
+		a, err := netip.ParseAddr(ua)
+		if err != nil {
+			log.Errorf("invalid upstream IP address: %s, error: %s", ua, err)
+			continue
+		}

-	handler.upstreamServers = make([]string, 0)
-	for k := range s.hostsDNSHolder.get() {
-		handler.upstreamServers = append(handler.upstreamServers, k)
+		ipString := ua
+		if !a.Is4() {
+			ipString = fmt.Sprintf("[%s]", ua)
+		}
+
+		handler.upstreamServers[n] = fmt.Sprintf("%s:53", ipString)
 	}
-	handler.deactivate = func(error) {}
+	handler.deactivate = func() {}
 	handler.reactivate = func() {}
 	s.service.RegisterMux(nbdns.RootZone, handler)
 }
-
-func (s *DefaultServer) updateNSGroupStates(groups []*nbdns.NameServerGroup) {
-	var states []peer.NSGroupState
-
-	for _, group := range groups {
-		var servers []string
-		for _, ns := range group.NameServers {
-			servers = append(servers, fmt.Sprintf("%s:%d", ns.IP, ns.Port))
-		}
-
-		state := peer.NSGroupState{
-			ID:      generateGroupKey(group),
-			Servers: servers,
-			Domains: group.Domains,
-			// The probe will determine the state, default enabled
-			Enabled: true,
-			Error:   nil,
-		}
-		states = append(states, state)
-	}
-	s.statusRecorder.UpdateDNSStates(states)
-}
-
-func (s *DefaultServer) updateNSState(nsGroup *nbdns.NameServerGroup, err error, enabled bool) {
-	states := s.statusRecorder.GetDNSStates()
-	id := generateGroupKey(nsGroup)
-	for i, state := range states {
-		if state.ID == id {
-			states[i].Enabled = enabled
-			states[i].Error = err
-			break
-		}
-	}
-	s.statusRecorder.UpdateDNSStates(states)
-}
-
-func generateGroupKey(nsGroup *nbdns.NameServerGroup) string {
-	var servers []string
-	for _, ns := range nsGroup.NameServers {
-		servers = append(servers, fmt.Sprintf("%s:%d", ns.IP, ns.Port))
-	}
-	return fmt.Sprintf("%s_%s_%s", nsGroup.ID, nsGroup.Name, strings.Join(servers, ","))
-}
--- a/client/internal/dns/server_android.go
+++ b/client/internal/dns/server_android.go
@@ -1,5 +0,0 @@
-package dns
-
-func (s *DefaultServer) initialize() (manager hostManager, err error) {
-	return newHostManager()
-}
--- a/client/internal/dns/server_darwin.go
+++ b/client/internal/dns/server_darwin.go
@@ -1,7 +0,0 @@
-//go:build !ios
-
-package dns
-
-func (s *DefaultServer) initialize() (manager hostManager, err error) {
-	return newHostManager()
-}
--- a/client/internal/dns/server_ios.go
+++ b/client/internal/dns/server_ios.go
@@ -1,5 +0,0 @@
-package dns
-
-func (s *DefaultServer) initialize() (manager hostManager, err error) {
-	return newHostManager(s.iosDnsManager)
-}
--- a/client/internal/dns/server_test.go
+++ b/client/internal/dns/server_test.go
@@ -12,10 +12,8 @@ import (

 	"github.com/golang/mock/gomock"
 	log "github.com/sirupsen/logrus"
-	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"

 	"github.com/netbirdio/netbird/client/firewall/uspfilter"
-	"github.com/netbirdio/netbird/client/internal/peer"
 	"github.com/netbirdio/netbird/client/internal/stdnet"
 	nbdns "github.com/netbirdio/netbird/dns"
 	"github.com/netbirdio/netbird/formatter"
@@ -39,10 +37,6 @@ func (w *mocWGIface) Address() iface.WGAddress {
 	}
 }

-func (w *mocWGIface) ToInterface() *net.Interface {
-	panic("implement me")
-}
-
 func (w *mocWGIface) GetFilter() iface.PacketFilter {
 	return w.filter
 }
@@ -64,10 +58,6 @@ func (w *mocWGIface) SetFilter(filter iface.PacketFilter) error {
 	return nil
 }

-func (w *mocWGIface) GetStats(_ string) (iface.WGStats, error) {
-	return iface.WGStats{}, nil
-}
-
 var zoneRecords = []nbdns.SimpleRecord{
 	{
 		Name:  "peera.netbird.cloud",
@@ -260,12 +250,11 @@ func TestUpdateDNSServer(t *testing.T) {

 	for n, testCase := range testCases {
 		t.Run(testCase.name, func(t *testing.T) {
-			privKey, _ := wgtypes.GenerateKey()
 			newNet, err := stdnet.NewNet(nil)
 			if err != nil {
 				t.Fatal(err)
 			}
-			wgIface, err := iface.NewWGIFace(fmt.Sprintf("utun230%d", n), fmt.Sprintf("100.66.100.%d/32", n+1), 33100, privKey.String(), iface.DefaultMTU, newNet, nil, nil)
+			wgIface, err := iface.NewWGIFace(fmt.Sprintf("utun230%d", n), fmt.Sprintf("100.66.100.%d/32", n+1), iface.DefaultMTU, nil, newNet)
 			if err != nil {
 				t.Fatal(err)
 			}
@@ -279,7 +268,7 @@ func TestUpdateDNSServer(t *testing.T) {
 					t.Log(err)
 				}
 			}()
-			dnsServer, err := NewDefaultServer(context.Background(), wgIface, "", &peer.Status{})
+			dnsServer, err := NewDefaultServer(context.Background(), wgIface, "")
 			if err != nil {
 				t.Fatal(err)
 			}
@@ -342,8 +331,7 @@ func TestDNSFakeResolverHandleUpdates(t *testing.T) {
 		return
 	}

-	privKey, _ := wgtypes.GeneratePrivateKey()
-	wgIface, err := iface.NewWGIFace("utun2301", "100.66.100.1/32", 33100, privKey.String(), iface.DefaultMTU, newNet, nil, nil)
+	wgIface, err := iface.NewWGIFace("utun2301", "100.66.100.1/32", iface.DefaultMTU, nil, newNet)
 	if err != nil {
 		t.Errorf("build interface wireguard: %v", err)
 		return
@@ -380,7 +368,7 @@ func TestDNSFakeResolverHandleUpdates(t *testing.T) {
 		return
 	}

-	dnsServer, err := NewDefaultServer(context.Background(), wgIface, "", &peer.Status{})
+	dnsServer, err := NewDefaultServer(context.Background(), wgIface, "")
 	if err != nil {
 		t.Errorf("create DNS server: %v", err)
 		return
@@ -475,7 +463,7 @@ func TestDNSServerStartStop(t *testing.T) {

 	for _, testCase := range testCases {
 		t.Run(testCase.name, func(t *testing.T) {
-			dnsServer, err := NewDefaultServer(context.Background(), &mocWGIface{}, testCase.addrPort, &peer.Status{})
+			dnsServer, err := NewDefaultServer(context.Background(), &mocWGIface{}, testCase.addrPort)
 			if err != nil {
 				t.Fatalf("%v", err)
 			}
@@ -539,24 +527,23 @@ func TestDNSServerUpstreamDeactivateCallback(t *testing.T) {
 			registeredMap: make(registrationMap),
 		},
 		hostManager: hostManager,
-		currentConfig: HostDNSConfig{
-			Domains: []DomainConfig{
+		currentConfig: hostDNSConfig{
+			domains: []domainConfig{
 				{false, "domain0", false},
 				{false, "domain1", false},
 				{false, "domain2", false},
 			},
 		},
-		statusRecorder: &peer.Status{},
 	}

 	var domainsUpdate string
-	hostManager.applyDNSConfigFunc = func(config HostDNSConfig) error {
+	hostManager.applyDNSConfigFunc = func(config hostDNSConfig) error {
 		domains := []string{}
-		for _, item := range config.Domains {
-			if item.Disabled {
+		for _, item := range config.domains {
+			if item.disabled {
 				continue
 			}
-			domains = append(domains, item.Domain)
+			domains = append(domains, item.domain)
 		}
 		domainsUpdate = strings.Join(domains, ",")
 		return nil
@@ -569,14 +556,14 @@ func TestDNSServerUpstreamDeactivateCallback(t *testing.T) {
 		},
 	}, nil)

-	deactivate(nil)
+	deactivate()
 	expected := "domain0,domain2"
 	domains := []string{}
-	for _, item := range server.currentConfig.Domains {
-		if item.Disabled {
+	for _, item := range server.currentConfig.domains {
+		if item.disabled {
 			continue
 		}
-		domains = append(domains, item.Domain)
+		domains = append(domains, item.domain)
 	}
 	got := strings.Join(domains, ",")
 	if expected != got {
@@ -586,11 +573,11 @@ func TestDNSServerUpstreamDeactivateCallback(t *testing.T) {
 	reactivate()
 	expected = "domain0,domain1,domain2"
 	domains = []string{}
-	for _, item := range server.currentConfig.Domains {
-		if item.Disabled {
+	for _, item := range server.currentConfig.domains {
+		if item.disabled {
 			continue
 		}
-		domains = append(domains, item.Domain)
+		domains = append(domains, item.domain)
 	}
 	got = strings.Join(domains, ",")
 	if expected != got {
@@ -607,7 +594,7 @@ func TestDNSPermanent_updateHostDNS_emptyUpstream(t *testing.T) {

 	var dnsList []string
 	dnsConfig := nbdns.Config{}
-	dnsServer := NewDefaultServerPermanentUpstream(context.Background(), wgIFace, dnsList, dnsConfig, nil, &peer.Status{})
+	dnsServer := NewDefaultServerPermanentUpstream(context.Background(), wgIFace, dnsList, dnsConfig, nil)
 	err = dnsServer.Initialize()
 	if err != nil {
 		t.Errorf("failed to initialize DNS server: %v", err)
@@ -631,7 +618,7 @@ func TestDNSPermanent_updateUpstream(t *testing.T) {
 	}
 	defer wgIFace.Close()
 	dnsConfig := nbdns.Config{}
-	dnsServer := NewDefaultServerPermanentUpstream(context.Background(), wgIFace, []string{"8.8.8.8"}, dnsConfig, nil, &peer.Status{})
+	dnsServer := NewDefaultServerPermanentUpstream(context.Background(), wgIFace, []string{"8.8.8.8"}, dnsConfig, nil)
 	err = dnsServer.Initialize()
 	if err != nil {
 		t.Errorf("failed to initialize DNS server: %v", err)
@@ -723,7 +710,7 @@ func TestDNSPermanent_matchOnly(t *testing.T) {
 	}
 	defer wgIFace.Close()
 	dnsConfig := nbdns.Config{}
-	dnsServer := NewDefaultServerPermanentUpstream(context.Background(), wgIFace, []string{"8.8.8.8"}, dnsConfig, nil, &peer.Status{})
+	dnsServer := NewDefaultServerPermanentUpstream(context.Background(), wgIFace, []string{"8.8.8.8"}, dnsConfig, nil)
 	err = dnsServer.Initialize()
 	if err != nil {
 		t.Errorf("failed to initialize DNS server: %v", err)
@@ -754,11 +741,6 @@ func TestDNSPermanent_matchOnly(t *testing.T) {
 						NSType: nbdns.UDPNameServerType,
 						Port:   53,
 					},
-					{
-						IP:     netip.MustParseAddr("9.9.9.9"),
-						NSType: nbdns.UDPNameServerType,
-						Port:   53,
-					},
 				},
 				Domains: []string{"customdomain.com"},
 				Primary: false,
@@ -800,8 +782,7 @@ func createWgInterfaceWithBind(t *testing.T) (*iface.WGIface, error) {
 		return nil, err
 	}

-	privKey, _ := wgtypes.GeneratePrivateKey()
-	wgIface, err := iface.NewWGIFace("utun2301", "100.66.100.2/24", 33100, privKey.String(), iface.DefaultMTU, newNet, nil, nil)
+	wgIface, err := iface.NewWGIFace("utun2301", "100.66.100.2/24", iface.DefaultMTU, nil, newNet)
 	if err != nil {
 		t.Fatalf("build interface wireguard: %v", err)
 		return nil, err
--- a/client/internal/dns/server_unix.go
+++ b/client/internal/dns/server_unix.go
@@ -1,7 +0,0 @@
-//go:build (linux && !android) || freebsd
-
-package dns
-
-func (s *DefaultServer) initialize() (manager hostManager, err error) {
-	return newHostManager(s.wgInterface.Name())
-}
--- a/client/internal/dns/server_windows.go
+++ b/client/internal/dns/server_windows.go
@@ -1,5 +0,0 @@
-package dns
-
-func (s *DefaultServer) initialize() (manager hostManager, err error) {
-	return newHostManager(s.wgInterface)
-}
--- a/client/internal/dns/service_listener.go
+++ b/client/internal/dns/service_listener.go
@@ -28,7 +28,7 @@ type serviceViaListener struct {
 	customAddr        *netip.AddrPort
 	server            *dns.Server
 	listenIP          string
-	listenPort        uint16
+	listenPort        int
 	listenerIsRunning bool
 	listenerFlagLock  sync.Mutex
 	ebpfService       ebpfMgr.Manager
@@ -63,9 +63,18 @@ func (s *serviceViaListener) Listen() error {
 	s.listenIP, s.listenPort, err = s.evalListenAddress()
 	if err != nil {
 		log.Errorf("failed to eval runtime address: %s", err)
-		return fmt.Errorf("eval listen address: %w", err)
+		return err
 	}
 	s.server.Addr = fmt.Sprintf("%s:%d", s.listenIP, s.listenPort)
+
+	if s.shouldApplyPortFwd() {
+		s.ebpfService = ebpf.GetEbpfManagerInstance()
+		err = s.ebpfService.LoadDNSFwd(s.listenIP, s.listenPort)
+		if err != nil {
+			log.Warnf("failed to load DNS port forwarder, custom port may not work well on some Linux operating systems: %s", err)
+			s.ebpfService = nil
+		}
+	}
 	log.Debugf("starting dns on %s", s.server.Addr)
 	go func() {
 		s.setListenerStatus(true)
@@ -119,7 +128,7 @@ func (s *serviceViaListener) RuntimePort() int {
 	if s.ebpfService != nil {
 		return defaultPort
 	} else {
-		return int(s.listenPort)
+		return s.listenPort
 	}
 }

@@ -131,112 +140,54 @@ func (s *serviceViaListener) setListenerStatus(running bool) {
 	s.listenerIsRunning = running
 }

-// evalListenAddress figure out the listen address for the DNS server
-// first check the 53 port availability on WG interface or lo, if not success
-// pick a random port on WG interface for eBPF, if not success
-// check the 5053 port availability on WG interface or lo without eBPF usage,
-func (s *serviceViaListener) evalListenAddress() (string, uint16, error) {
-	if s.customAddr != nil {
-		return s.customAddr.Addr().String(), s.customAddr.Port(), nil
-	}
-
-	ip, ok := s.testFreePort(defaultPort)
-	if ok {
-		return ip, defaultPort, nil
-	}
-
-	ebpfSrv, port, ok := s.tryToUseeBPF()
-	if ok {
-		s.ebpfService = ebpfSrv
-		return s.wgInterface.Address().IP.String(), port, nil
-	}
-
-	ip, ok = s.testFreePort(customPort)
-	if ok {
-		return ip, customPort, nil
-	}
-
-	return "", 0, fmt.Errorf("failed to find a free port for DNS server")
-}
-
-func (s *serviceViaListener) testFreePort(port int) (string, bool) {
-	var ips []string
+func (s *serviceViaListener) getFirstListenerAvailable() (string, int, error) {
+	ips := []string{defaultIP, customIP}
 	if runtime.GOOS != "darwin" {
-		ips = []string{s.wgInterface.Address().IP.String(), defaultIP, customIP}
-	} else {
-		ips = []string{defaultIP, customIP}
+		ips = append([]string{s.wgInterface.Address().IP.String()}, ips...)
 	}
-
-	for _, ip := range ips {
-		if !s.tryToBind(ip, port) {
-			continue
+	ports := []int{defaultPort, customPort}
+	for _, port := range ports {
+		for _, ip := range ips {
+			addrString := fmt.Sprintf("%s:%d", ip, port)
+			udpAddr := net.UDPAddrFromAddrPort(netip.MustParseAddrPort(addrString))
+			probeListener, err := net.ListenUDP("udp", udpAddr)
+			if err == nil {
+				err = probeListener.Close()
+				if err != nil {
+					log.Errorf("got an error closing the probe listener, error: %s", err)
+				}
+				return ip, port, nil
+			}
+			log.Warnf("binding dns on %s is not available, error: %s", addrString, err)
 		}
-
-		return ip, true
 	}
-	return "", false
+	return "", 0, fmt.Errorf("unable to find an unused ip and port combination. IPs tested: %v and ports %v", ips, ports)
 }

-func (s *serviceViaListener) tryToBind(ip string, port int) bool {
-	addrString := fmt.Sprintf("%s:%d", ip, port)
-	udpAddr := net.UDPAddrFromAddrPort(netip.MustParseAddrPort(addrString))
-	probeListener, err := net.ListenUDP("udp", udpAddr)
-	if err != nil {
-		log.Warnf("binding dns on %s is not available, error: %s", addrString, err)
+func (s *serviceViaListener) evalListenAddress() (string, int, error) {
+	if s.customAddr != nil {
+		return s.customAddr.Addr().String(), int(s.customAddr.Port()), nil
+	}
+
+	return s.getFirstListenerAvailable()
+}
+
+// shouldApplyPortFwd decides whether to apply eBPF program to capture DNS traffic on port 53.
+// This is needed because on some operating systems if we start a DNS server not on a default port 53, the domain name
+// resolution won't work.
+// So, in case we are running on Linux and picked a non-default port (53) we should fall back to the eBPF solution that will capture
+// traffic on port 53 and forward it to a local DNS server running on 5053.
+func (s *serviceViaListener) shouldApplyPortFwd() bool {
+	if runtime.GOOS != "linux" {
 		return false
 	}

-	err = probeListener.Close()
-	if err != nil {
-		log.Errorf("got an error closing the probe listener, error: %s", err)
+	if s.customAddr != nil {
+		return false
+	}
+
+	if s.listenPort == defaultPort {
+		return false
 	}
 	return true
 }
-
-// tryToUseeBPF decides whether to apply eBPF program to capture DNS traffic on port 53.
-// This is needed because on some operating systems if we start a DNS server not on a default port 53,
-// the domain name  resolution won't work. So, in case we are running on Linux and picked a free
-// port we should fall back to the eBPF solution that will capture traffic on port 53 and forward
-// it to a local DNS server running on the chosen port.
-func (s *serviceViaListener) tryToUseeBPF() (ebpfMgr.Manager, uint16, bool) {
-	if runtime.GOOS != "linux" {
-		return nil, 0, false
-	}
-
-	port, err := s.generateFreePort() //nolint:staticcheck,unused
-	if err != nil {
-		log.Warnf("failed to generate a free port for eBPF DNS forwarder server: %s", err)
-		return nil, 0, false
-	}
-
-	ebpfSrv := ebpf.GetEbpfManagerInstance()
-	err = ebpfSrv.LoadDNSFwd(s.wgInterface.Address().IP.String(), int(port))
-	if err != nil {
-		log.Warnf("failed to load DNS forwarder eBPF program, error: %s", err)
-		return nil, 0, false
-	}
-
-	return ebpfSrv, port, true
-}
-
-func (s *serviceViaListener) generateFreePort() (uint16, error) {
-	ok := s.tryToBind(s.wgInterface.Address().IP.String(), customPort)
-	if ok {
-		return customPort, nil
-	}
-
-	udpAddr := net.UDPAddrFromAddrPort(netip.MustParseAddrPort("0.0.0.0:0"))
-	probeListener, err := net.ListenUDP("udp", udpAddr)
-	if err != nil {
-		log.Debugf("failed to bind random port for DNS: %s", err)
-		return 0, err
-	}
-
-	addrPort := netip.MustParseAddrPort(probeListener.LocalAddr().String()) // might panic if address is incorrect
-	err = probeListener.Close()
-	if err != nil {
-		log.Debugf("failed to free up DNS port: %s", err)
-		return 0, err
-	}
-	return addrPort.Port(), nil
-}
--- a/client/internal/dns/service_memory.go
+++ b/client/internal/dns/service_memory.go
@@ -44,7 +44,7 @@ func (s *serviceViaMemory) Listen() error {
 	var err error
 	s.udpFilterHookID, err = s.filterDNSTraffic()
 	if err != nil {
-		return fmt.Errorf("filter dns traffice: %w", err)
+		return err
 	}
 	s.listenerIsRunning = true

--- a/client/internal/dns/systemd_freebsd.go
+++ b/client/internal/dns/systemd_freebsd.go
@@ -1,20 +0,0 @@
-package dns
-
-import (
-	"errors"
-	"fmt"
-)
-
-var errNotImplemented = errors.New("not implemented")
-
-func newSystemdDbusConfigurator(wgInterface string) (hostManager, error) {
-	return nil, fmt.Errorf("systemd dns management: %w on freebsd", errNotImplemented)
-}
-
-func isSystemdResolvedRunning() bool {
-	return false
-}
-
-func isSystemdResolveConfMode() bool {
-	return false
-}
--- a/client/internal/dns/systemd_linux.go
+++ b/client/internal/dns/systemd_linux.go
@@ -4,7 +4,6 @@ package dns

 import (
 	"context"
-	"errors"
 	"fmt"
 	"net"
 	"net/netip"
@@ -31,8 +30,6 @@ const (
 	systemdDbusSetDefaultRouteMethodSuffix = systemdDbusLinkInterface + ".SetDefaultRoute"
 	systemdDbusSetDomainsMethodSuffix      = systemdDbusLinkInterface + ".SetDomains"
 	systemdDbusResolvConfModeForeign       = "foreign"
-
-	dbusErrorUnknownObject = "org.freedesktop.DBus.Error.UnknownObject"
 )

 type systemdDbusConfigurator struct {
@@ -55,22 +52,22 @@ type systemdDbusLinkDomainsInput struct {
 	MatchOnly bool
 }

-func newSystemdDbusConfigurator(wgInterface string) (hostManager, error) {
-	iface, err := net.InterfaceByName(wgInterface)
+func newSystemdDbusConfigurator(wgInterface WGIface) (hostManager, error) {
+	iface, err := net.InterfaceByName(wgInterface.Name())
 	if err != nil {
-		return nil, fmt.Errorf("get interface: %w", err)
+		return nil, err
 	}

 	obj, closeConn, err := getDbusObject(systemdResolvedDest, systemdDbusObjectNode)
 	if err != nil {
-		return nil, fmt.Errorf("get dbus resolved dest: %w", err)
+		return nil, err
 	}
 	defer closeConn()

 	var s string
 	err = obj.Call(systemdDbusGetLinkMethod, dbusDefaultFlag, iface.Index).Store(&s)
 	if err != nil {
-		return nil, fmt.Errorf("get dbus link method: %w", err)
+		return nil, err
 	}

 	log.Debugf("got dbus Link interface: %s from net interface %s and index %d", s, iface.Name, iface.Index)
@@ -84,10 +81,10 @@ func (s *systemdDbusConfigurator) supportCustomPort() bool {
 	return true
 }

-func (s *systemdDbusConfigurator) applyDNSConfig(config HostDNSConfig) error {
-	parsedIP, err := netip.ParseAddr(config.ServerIP)
+func (s *systemdDbusConfigurator) applyDNSConfig(config hostDNSConfig) error {
+	parsedIP, err := netip.ParseAddr(config.serverIP)
 	if err != nil {
-		return fmt.Errorf("unable to parse ip address, error: %w", err)
+		return fmt.Errorf("unable to parse ip address, error: %s", err)
 	}
 	ipAs4 := parsedIP.As4()
 	defaultLinkInput := systemdDbusDNSInput{
@@ -96,7 +93,7 @@ func (s *systemdDbusConfigurator) applyDNSConfig(config HostDNSConfig) error {
 	}
 	err = s.callLinkMethod(systemdDbusSetDNSMethodSuffix, []systemdDbusDNSInput{defaultLinkInput})
 	if err != nil {
-		return fmt.Errorf("setting the interface DNS server %s:%d failed with error: %w", config.ServerIP, config.ServerPort, err)
+		return fmt.Errorf("setting the interface DNS server %s:%d failed with error: %s", config.serverIP, config.serverPort, err)
 	}

 	var (
@@ -104,27 +101,27 @@ func (s *systemdDbusConfigurator) applyDNSConfig(config HostDNSConfig) error {
 		matchDomains  []string
 		domainsInput  []systemdDbusLinkDomainsInput
 	)
-	for _, dConf := range config.Domains {
-		if dConf.Disabled {
+	for _, dConf := range config.domains {
+		if dConf.disabled {
 			continue
 		}
 		domainsInput = append(domainsInput, systemdDbusLinkDomainsInput{
-			Domain:    dns.Fqdn(dConf.Domain),
-			MatchOnly: dConf.MatchOnly,
+			Domain:    dns.Fqdn(dConf.domain),
+			MatchOnly: dConf.matchOnly,
 		})

-		if dConf.MatchOnly {
-			matchDomains = append(matchDomains, dConf.Domain)
+		if dConf.matchOnly {
+			matchDomains = append(matchDomains, dConf.domain)
 			continue
 		}
-		searchDomains = append(searchDomains, dConf.Domain)
+		searchDomains = append(searchDomains, dConf.domain)
 	}

-	if config.RouteAll {
-		log.Infof("configured %s:%d as main DNS forwarder for this peer", config.ServerIP, config.ServerPort)
+	if config.routeAll {
+		log.Infof("configured %s:%d as main DNS forwarder for this peer", config.serverIP, config.serverPort)
 		err = s.callLinkMethod(systemdDbusSetDefaultRouteMethodSuffix, true)
 		if err != nil {
-			return fmt.Errorf("setting link as default dns router, failed with error: %w", err)
+			return fmt.Errorf("setting link as default dns router, failed with error: %s", err)
 		}
 		domainsInput = append(domainsInput, systemdDbusLinkDomainsInput{
 			Domain:    nbdns.RootZone,
@@ -132,13 +129,7 @@ func (s *systemdDbusConfigurator) applyDNSConfig(config HostDNSConfig) error {
 		})
 		s.routingAll = true
 	} else if s.routingAll {
-		log.Infof("removing %s:%d as main DNS forwarder for this peer", config.ServerIP, config.ServerPort)
-	}
-
-	// create a backup for unclean shutdown detection before adding domains, as these might end up in the resolv.conf file.
-	// The file content itself is not important for systemd restoration
-	if err := createUncleanShutdownIndicator(defaultResolvConfPath, systemdManager, parsedIP.String()); err != nil {
-		log.Errorf("failed to create unclean shutdown resolv.conf backup: %s", err)
+		log.Infof("removing %s:%d as main DNS forwarder for this peer", config.serverIP, config.serverPort)
 	}

 	log.Infof("adding %d search domains and %d match domains. Search list: %s , Match list: %s", len(searchDomains), len(matchDomains), searchDomains, matchDomains)
@@ -152,7 +143,7 @@ func (s *systemdDbusConfigurator) applyDNSConfig(config HostDNSConfig) error {
 func (s *systemdDbusConfigurator) setDomainsForInterface(domainsInput []systemdDbusLinkDomainsInput) error {
 	err := s.callLinkMethod(systemdDbusSetDomainsMethodSuffix, domainsInput)
 	if err != nil {
-		return fmt.Errorf("setting domains configuration failed with error: %w", err)
+		return fmt.Errorf("setting domains configuration failed with error: %s", err)
 	}
 	return s.flushCaches()
 }
@@ -162,29 +153,17 @@ func (s *systemdDbusConfigurator) restoreHostDNS() error {
 	if !isDbusListenerRunning(systemdResolvedDest, s.dbusLinkObject) {
 		return nil
 	}
-
-	// this call is required for DNS cleanup, even if it fails
 	err := s.callLinkMethod(systemdDbusRevertMethodSuffix, nil)
 	if err != nil {
-		var dbusErr dbus.Error
-		if errors.As(err, &dbusErr) && dbusErr.Name == dbusErrorUnknownObject {
-			// interface is gone already
-			return nil
-		}
-		return fmt.Errorf("unable to revert link configuration, got error: %w", err)
+		return fmt.Errorf("unable to revert link configuration, got error: %s", err)
 	}
-
-	if err := removeUncleanShutdownIndicator(); err != nil {
-		log.Errorf("failed to remove unclean shutdown resolv.conf backup: %s", err)
-	}
-
 	return s.flushCaches()
 }

 func (s *systemdDbusConfigurator) flushCaches() error {
 	obj, closeConn, err := getDbusObject(systemdResolvedDest, systemdDbusObjectNode)
 	if err != nil {
-		return fmt.Errorf("attempting to retrieve the object %s, err: %w", systemdDbusObjectNode, err)
+		return fmt.Errorf("got error while attempting to retrieve the object %s, err: %s", systemdDbusObjectNode, err)
 	}
 	defer closeConn()
 	ctx, cancel := context.WithTimeout(context.TODO(), 5*time.Second)
@@ -192,7 +171,7 @@ func (s *systemdDbusConfigurator) flushCaches() error {

 	err = obj.CallWithContext(ctx, systemdDbusFlushCachesMethod, dbusDefaultFlag).Store()
 	if err != nil {
-		return fmt.Errorf("calling the FlushCaches method with context, err: %w", err)
+		return fmt.Errorf("got error while calling the FlushCaches method with context, err: %s", err)
 	}

 	return nil
@@ -201,7 +180,7 @@ func (s *systemdDbusConfigurator) flushCaches() error {
 func (s *systemdDbusConfigurator) callLinkMethod(method string, value any) error {
 	obj, closeConn, err := getDbusObject(systemdResolvedDest, s.dbusLinkObject)
 	if err != nil {
-		return fmt.Errorf("attempting to retrieve the object, err: %w", err)
+		return fmt.Errorf("got error while attempting to retrieve the object, err: %s", err)
 	}
 	defer closeConn()

@@ -215,52 +194,23 @@ func (s *systemdDbusConfigurator) callLinkMethod(method string, value any) error
 	}

 	if err != nil {
-		return fmt.Errorf("calling command with context, err: %w", err)
+		return fmt.Errorf("got error while calling command with context, err: %s", err)
 	}

 	return nil
 }

-func (s *systemdDbusConfigurator) restoreUncleanShutdownDNS(*netip.Addr) error {
-	if err := s.restoreHostDNS(); err != nil {
-		return fmt.Errorf("restoring dns via systemd: %w", err)
-	}
-	return nil
-}
-
 func getSystemdDbusProperty(property string, store any) error {
 	obj, closeConn, err := getDbusObject(systemdResolvedDest, systemdDbusObjectNode)
 	if err != nil {
-		return fmt.Errorf("attempting to retrieve the systemd dns manager object, error: %w", err)
+		return fmt.Errorf("got error while attempting to retrieve the systemd dns manager object, error: %s", err)
 	}
 	defer closeConn()

 	v, e := obj.GetProperty(property)
 	if e != nil {
-		return fmt.Errorf("getting property %s: %w", property, e)
+		return fmt.Errorf("got an error getting property %s: %v", property, e)
 	}

 	return v.Store(store)
 }
-
-func isSystemdResolvedRunning() bool {
-	return isDbusListenerRunning(systemdResolvedDest, systemdDbusObjectNode)
-}
-
-func isSystemdResolveConfMode() bool {
-	if !isDbusListenerRunning(systemdResolvedDest, systemdDbusObjectNode) {
-		return false
-	}
-
-	var value string
-	if err := getSystemdDbusProperty(systemdDbusResolvConfModeProperty, &value); err != nil {
-		log.Errorf("got an error while checking systemd resolv conf mode, error: %s", err)
-		return false
-	}
-
-	if value == systemdDbusResolvConfModeForeign {
-		return true
-	}
-
-	return false
-}
--- a/client/internal/dns/unclean_shutdown_android.go
+++ b/client/internal/dns/unclean_shutdown_android.go
@@ -1,5 +0,0 @@
-package dns
-
-func CheckUncleanShutdown(string) error {
-	return nil
-}
--- a/client/internal/dns/unclean_shutdown_darwin.go
+++ b/client/internal/dns/unclean_shutdown_darwin.go
@@ -1,59 +0,0 @@
-//go:build !ios
-
-package dns
-
-import (
-	"errors"
-	"fmt"
-	"io/fs"
-	"os"
-	"path/filepath"
-
-	log "github.com/sirupsen/logrus"
-)
-
-const fileUncleanShutdownFileLocation = "/var/lib/netbird/unclean_shutdown_dns"
-
-func CheckUncleanShutdown(string) error {
-	if _, err := os.Stat(fileUncleanShutdownFileLocation); err != nil {
-		if errors.Is(err, fs.ErrNotExist) {
-			// no file -> clean shutdown
-			return nil
-		} else {
-			return fmt.Errorf("state: %w", err)
-		}
-	}
-
-	log.Warnf("detected unclean shutdown, file %s exists. Restoring unclean shutdown dns settings.", fileUncleanShutdownFileLocation)
-
-	manager, err := newHostManager()
-	if err != nil {
-		return fmt.Errorf("create host manager: %w", err)
-	}
-
-	if err := manager.restoreUncleanShutdownDNS(nil); err != nil {
-		return fmt.Errorf("restore unclean shutdown backup: %w", err)
-	}
-
-	return nil
-}
-
-func createUncleanShutdownIndicator() error {
-	dir := filepath.Dir(fileUncleanShutdownFileLocation)
-	if err := os.MkdirAll(dir, os.FileMode(0755)); err != nil {
-		return fmt.Errorf("create dir %s: %w", dir, err)
-	}
-
-	if err := os.WriteFile(fileUncleanShutdownFileLocation, nil, 0644); err != nil { //nolint:gosec
-		return fmt.Errorf("create %s: %w", fileUncleanShutdownFileLocation, err)
-	}
-
-	return nil
-}
-
-func removeUncleanShutdownIndicator() error {
-	if err := os.Remove(fileUncleanShutdownFileLocation); err != nil && !errors.Is(err, fs.ErrNotExist) {
-		return fmt.Errorf("remove %s: %w", fileUncleanShutdownFileLocation, err)
-	}
-	return nil
-}
--- a/client/internal/dns/unclean_shutdown_ios.go
+++ b/client/internal/dns/unclean_shutdown_ios.go
@@ -1,5 +0,0 @@
-package dns
-
-func CheckUncleanShutdown(string) error {
-	return nil
-}
--- a/client/internal/dns/unclean_shutdown_unix.go
+++ b/client/internal/dns/unclean_shutdown_unix.go
@@ -1,91 +0,0 @@
-//go:build (linux && !android) || freebsd
-
-package dns
-
-import (
-	"errors"
-	"fmt"
-	"io/fs"
-	"net/netip"
-	"os"
-	"path/filepath"
-	"strings"
-
-	log "github.com/sirupsen/logrus"
-)
-
-func CheckUncleanShutdown(wgIface string) error {
-	if _, err := os.Stat(fileUncleanShutdownResolvConfLocation); err != nil {
-		if errors.Is(err, fs.ErrNotExist) {
-			// no file -> clean shutdown
-			return nil
-		} else {
-			return fmt.Errorf("state: %w", err)
-		}
-	}
-
-	log.Warnf("detected unclean shutdown, file %s exists", fileUncleanShutdownResolvConfLocation)
-
-	managerData, err := os.ReadFile(fileUncleanShutdownManagerTypeLocation)
-	if err != nil {
-		return fmt.Errorf("read %s: %w", fileUncleanShutdownManagerTypeLocation, err)
-	}
-
-	managerFields := strings.Split(string(managerData), ",")
-	if len(managerFields) < 2 {
-		return errors.New("split manager data: insufficient number of fields")
-	}
-	osManagerTypeStr, dnsAddressStr := managerFields[0], managerFields[1]
-
-	dnsAddress, err := netip.ParseAddr(dnsAddressStr)
-	if err != nil {
-		return fmt.Errorf("parse dns address %s failed: %w", dnsAddressStr, err)
-	}
-
-	log.Warnf("restoring unclean shutdown dns settings via previously detected manager: %s", osManagerTypeStr)
-
-	// determine os manager type, so we can invoke the respective restore action
-	osManagerType, err := newOsManagerType(osManagerTypeStr)
-	if err != nil {
-		return fmt.Errorf("detect previous host manager: %w", err)
-	}
-
-	manager, err := newHostManagerFromType(wgIface, osManagerType)
-	if err != nil {
-		return fmt.Errorf("create previous host manager: %w", err)
-	}
-
-	if err := manager.restoreUncleanShutdownDNS(&dnsAddress); err != nil {
-		return fmt.Errorf("restore unclean shutdown backup: %w", err)
-	}
-
-	return nil
-}
-
-func createUncleanShutdownIndicator(sourcePath string, managerType osManagerType, dnsAddress string) error {
-	dir := filepath.Dir(fileUncleanShutdownResolvConfLocation)
-	if err := os.MkdirAll(dir, os.FileMode(0755)); err != nil {
-		return fmt.Errorf("create dir %s: %w", dir, err)
-	}
-
-	if err := copyFile(sourcePath, fileUncleanShutdownResolvConfLocation); err != nil {
-		return fmt.Errorf("create %s: %w", sourcePath, err)
-	}
-
-	managerData := fmt.Sprintf("%s,%s", managerType, dnsAddress)
-
-	if err := os.WriteFile(fileUncleanShutdownManagerTypeLocation, []byte(managerData), 0644); err != nil { //nolint:gosec
-		return fmt.Errorf("create %s: %w", fileUncleanShutdownManagerTypeLocation, err)
-	}
-	return nil
-}
-
-func removeUncleanShutdownIndicator() error {
-	if err := os.Remove(fileUncleanShutdownResolvConfLocation); err != nil && !errors.Is(err, fs.ErrNotExist) {
-		return fmt.Errorf("remove %s: %w", fileUncleanShutdownResolvConfLocation, err)
-	}
-	if err := os.Remove(fileUncleanShutdownManagerTypeLocation); err != nil && !errors.Is(err, fs.ErrNotExist) {
-		return fmt.Errorf("remove %s: %w", fileUncleanShutdownManagerTypeLocation, err)
-	}
-	return nil
-}
--- a/client/internal/dns/unclean_shutdown_windows.go
+++ b/client/internal/dns/unclean_shutdown_windows.go
@@ -1,75 +0,0 @@
-package dns
-
-import (
-	"errors"
-	"fmt"
-	"io/fs"
-	"os"
-	"path/filepath"
-
-	"github.com/sirupsen/logrus"
-)
-
-const (
-	netbirdProgramDataLocation = "Netbird"
-	fileUncleanShutdownFile    = "unclean_shutdown_dns.txt"
-)
-
-func CheckUncleanShutdown(string) error {
-	file := getUncleanShutdownFile()
-
-	if _, err := os.Stat(file); err != nil {
-		if errors.Is(err, fs.ErrNotExist) {
-			// no file -> clean shutdown
-			return nil
-		} else {
-			return fmt.Errorf("state: %w", err)
-		}
-	}
-
-	logrus.Warnf("detected unclean shutdown, file %s exists. Restoring unclean shutdown dns settings.", file)
-
-	guid, err := os.ReadFile(file)
-	if err != nil {
-		return fmt.Errorf("read %s: %w", file, err)
-	}
-
-	manager, err := newHostManagerWithGuid(string(guid))
-	if err != nil {
-		return fmt.Errorf("create host manager: %w", err)
-	}
-
-	if err := manager.restoreUncleanShutdownDNS(nil); err != nil {
-		return fmt.Errorf("restore unclean shutdown backup: %w", err)
-	}
-
-	return nil
-}
-
-func createUncleanShutdownIndicator(guid string) error {
-	file := getUncleanShutdownFile()
-
-	dir := filepath.Dir(file)
-	if err := os.MkdirAll(dir, os.FileMode(0755)); err != nil {
-		return fmt.Errorf("create dir %s: %w", dir, err)
-	}
-
-	if err := os.WriteFile(file, []byte(guid), 0600); err != nil {
-		return fmt.Errorf("create %s: %w", file, err)
-	}
-
-	return nil
-}
-
-func removeUncleanShutdownIndicator() error {
-	file := getUncleanShutdownFile()
-
-	if err := os.Remove(file); err != nil && !errors.Is(err, fs.ErrNotExist) {
-		return fmt.Errorf("remove %s: %w", file, err)
-	}
-	return nil
-}
-
-func getUncleanShutdownFile() string {
-	return filepath.Join(os.Getenv("PROGRAMDATA"), netbirdProgramDataLocation, fileUncleanShutdownFile)
-}
--- a/client/internal/dns/upstream.go
+++ b/client/internal/dns/upstream.go
@@ -10,32 +10,21 @@ import (
 	"time"

 	"github.com/cenkalti/backoff/v4"
-	"github.com/hashicorp/go-multierror"
 	"github.com/miekg/dns"
 	log "github.com/sirupsen/logrus"
-
-	"github.com/netbirdio/netbird/client/internal/peer"
 )

 const (
 	failsTillDeact   = int32(5)
 	reactivatePeriod = 30 * time.Second
 	upstreamTimeout  = 15 * time.Second
-	probeTimeout     = 2 * time.Second
 )

-const testRecord = "."
-
 type upstreamClient interface {
-	exchange(ctx context.Context, upstream string, r *dns.Msg) (*dns.Msg, time.Duration, error)
+	ExchangeContext(ctx context.Context, m *dns.Msg, a string) (r *dns.Msg, rtt time.Duration, err error)
 }

-type UpstreamResolver interface {
-	serveDNS(r *dns.Msg) (*dns.Msg, time.Duration, error)
-	upstreamExchange(upstream string, r *dns.Msg) (*dns.Msg, time.Duration, error)
-}
-
-type upstreamResolverBase struct {
+type upstreamResolver struct {
 	ctx              context.Context
 	cancel           context.CancelFunc
 	upstreamClient   upstreamClient
@@ -47,42 +36,32 @@ type upstreamResolverBase struct {
 	reactivatePeriod time.Duration
 	upstreamTimeout  time.Duration

-	deactivate     func(error)
-	reactivate     func()
-	statusRecorder *peer.Status
+	deactivate func()
+	reactivate func()
 }

-func newUpstreamResolverBase(ctx context.Context, statusRecorder *peer.Status) *upstreamResolverBase {
-	ctx, cancel := context.WithCancel(ctx)
-
-	return &upstreamResolverBase{
+func newUpstreamResolver(parentCTX context.Context) *upstreamResolver {
+	ctx, cancel := context.WithCancel(parentCTX)
+	return &upstreamResolver{
 		ctx:              ctx,
 		cancel:           cancel,
+		upstreamClient:   &dns.Client{},
 		upstreamTimeout:  upstreamTimeout,
 		reactivatePeriod: reactivatePeriod,
 		failsTillDeact:   failsTillDeact,
-		statusRecorder:   statusRecorder,
 	}
 }

-func (u *upstreamResolverBase) stop() {
+func (u *upstreamResolver) stop() {
 	log.Debugf("stopping serving DNS for upstreams %s", u.upstreamServers)
 	u.cancel()
 }

 // ServeDNS handles a DNS request
-func (u *upstreamResolverBase) ServeDNS(w dns.ResponseWriter, r *dns.Msg) {
-	var err error
-	defer func() {
-		u.checkUpstreamFails(err)
-	}()
+func (u *upstreamResolver) ServeDNS(w dns.ResponseWriter, r *dns.Msg) {
+	defer u.checkUpstreamFails()

 	log.WithField("question", r.Question[0]).Trace("received an upstream question")
-	// set the AuthenticatedData flag and the EDNS0 buffer size to 4096 bytes to support larger dns records
-	if r.Extra == nil {
-		r.SetEdns0(4096, false)
-		r.MsgHdr.AuthenticatedData = true
-	}

 	select {
 	case <-u.ctx.Done():
@@ -91,36 +70,20 @@ func (u *upstreamResolverBase) ServeDNS(w dns.ResponseWriter, r *dns.Msg) {
 	}

 	for _, upstream := range u.upstreamServers {
-		var rm *dns.Msg
-		var t time.Duration
+		ctx, cancel := context.WithTimeout(u.ctx, u.upstreamTimeout)
+		rm, t, err := u.upstreamClient.ExchangeContext(ctx, r, upstream)

-		func() {
-			ctx, cancel := context.WithTimeout(u.ctx, u.upstreamTimeout)
-			defer cancel()
-			rm, t, err = u.upstreamClient.exchange(ctx, upstream, r)
-		}()
+		cancel()

 		if err != nil {
-			if errors.Is(err, context.DeadlineExceeded) || isTimeout(err) {
+			if err == context.DeadlineExceeded || isTimeout(err) {
 				log.WithError(err).WithField("upstream", upstream).
 					Warn("got an error while connecting to upstream")
 				continue
 			}
 			u.failsCount.Add(1)
 			log.WithError(err).WithField("upstream", upstream).
-				Error("got other error while querying the upstream")
-			return
-		}
-
-		if rm == nil {
-			log.WithError(err).WithField("upstream", upstream).
-				Warn("no response from upstream")
-			return
-		}
-		// those checks need to be independent of each other due to memory address issues
-		if !rm.Response {
-			log.WithError(err).WithField("upstream", upstream).
-				Warn("no response from upstream")
+				Error("got an error while querying the upstream")
 			return
 		}

@@ -143,7 +106,7 @@ func (u *upstreamResolverBase) ServeDNS(w dns.ResponseWriter, r *dns.Msg) {
 // If fails count is greater that failsTillDeact, upstream resolving
 // will be disabled for reactivatePeriod, after that time period fails counter
 // will be reset and upstream will be reactivated.
-func (u *upstreamResolverBase) checkUpstreamFails(err error) {
+func (u *upstreamResolver) checkUpstreamFails() {
 	u.mutex.Lock()
 	defer u.mutex.Unlock()

@@ -155,57 +118,15 @@ func (u *upstreamResolverBase) checkUpstreamFails(err error) {
 	case <-u.ctx.Done():
 		return
 	default:
-	}
-
-	u.disable(err)
-}
-
-// probeAvailability tests all upstream servers simultaneously and
-// disables the resolver if none work
-func (u *upstreamResolverBase) probeAvailability() {
-	u.mutex.Lock()
-	defer u.mutex.Unlock()
-
-	select {
-	case <-u.ctx.Done():
-		return
-	default:
-	}
-
-	var success bool
-	var mu sync.Mutex
-	var wg sync.WaitGroup
-
-	var errors *multierror.Error
-	for _, upstream := range u.upstreamServers {
-		upstream := upstream
-
-		wg.Add(1)
-		go func() {
-			defer wg.Done()
-			err := u.testNameserver(upstream)
-			if err != nil {
-				errors = multierror.Append(errors, err)
-				log.Warnf("probing upstream nameserver %s: %s", upstream, err)
-				return
-			}
-
-			mu.Lock()
-			defer mu.Unlock()
-			success = true
-		}()
-	}
-
-	wg.Wait()
-
-	// didn't find a working upstream server, let's disable and try later
-	if !success {
-		u.disable(errors.ErrorOrNil())
+		log.Warnf("upstream resolving is disabled for %v", reactivatePeriod)
+		u.deactivate()
+		u.disabled = true
+		go u.waitUntilResponse()
 	}
 }

 // waitUntilResponse retries, in an exponential interval, querying the upstream servers until it gets a positive response
-func (u *upstreamResolverBase) waitUntilResponse() {
+func (u *upstreamResolver) waitUntilResponse() {
 	exponentialBackOff := &backoff.ExponentialBackOff{
 		InitialInterval:     500 * time.Millisecond,
 		RandomizationFactor: 0.5,
@@ -216,6 +137,8 @@ func (u *upstreamResolverBase) waitUntilResponse() {
 		Clock:               backoff.SystemClock,
 	}

+	r := new(dns.Msg).SetQuestion("netbird.io.", dns.TypeA)
+
 	operation := func() error {
 		select {
 		case <-u.ctx.Done():
@@ -223,17 +146,20 @@ func (u *upstreamResolverBase) waitUntilResponse() {
 		default:
 		}

+		var err error
 		for _, upstream := range u.upstreamServers {
-			if err := u.testNameserver(upstream); err != nil {
-				log.Tracef("upstream check for %s: %s", upstream, err)
-			} else {
-				// at least one upstream server is available, stop probing
+			ctx, cancel := context.WithTimeout(u.ctx, u.upstreamTimeout)
+			_, _, err = u.upstreamClient.ExchangeContext(ctx, r, upstream)
+
+			cancel()
+
+			if err == nil {
 				return nil
 			}
 		}

-		log.Tracef("checking connectivity with upstreams %s failed. Retrying in %s", u.upstreamServers, exponentialBackOff.NextBackOff())
-		return fmt.Errorf("upstream check call error")
+		log.Tracef("checking connectivity with upstreams %s failed with error: %s. Retrying in %s", err, u.upstreamServers, exponentialBackOff.NextBackOff())
+		return fmt.Errorf("got an error from upstream check call")
 	}

 	err := backoff.Retry(operation, exponentialBackOff)
@@ -258,24 +184,3 @@ func isTimeout(err error) bool {
 	}
 	return false
 }
-
-func (u *upstreamResolverBase) disable(err error) {
-	if u.disabled {
-		return
-	}
-
-	log.Warnf("Upstream resolving is Disabled for %v", reactivatePeriod)
-	u.deactivate(err)
-	u.disabled = true
-	go u.waitUntilResponse()
-}
-
-func (u *upstreamResolverBase) testNameserver(server string) error {
-	ctx, cancel := context.WithTimeout(u.ctx, probeTimeout)
-	defer cancel()
-
-	r := new(dns.Msg).SetQuestion(testRecord, dns.TypeSOA)
-
-	_, _, err := u.upstreamClient.exchange(ctx, server, r)
-	return err
-}
--- a/client/internal/dns/upstream_android.go
+++ b/client/internal/dns/upstream_android.go
@@ -1,84 +0,0 @@
-package dns
-
-import (
-	"context"
-	"net"
-	"syscall"
-	"time"
-
-	"github.com/miekg/dns"
-
-	"github.com/netbirdio/netbird/client/internal/peer"
-	nbnet "github.com/netbirdio/netbird/util/net"
-)
-
-type upstreamResolver struct {
-	*upstreamResolverBase
-	hostsDNSHolder *hostsDNSHolder
-}
-
-// newUpstreamResolver in Android we need to distinguish the DNS servers to available through VPN or outside of VPN
-// In case if the assigned DNS address is available only in the protected network then the resolver will time out at the
-// first time, and we need to wait for a while to start to use again the proper DNS resolver.
-func newUpstreamResolver(
-	ctx context.Context,
-	_ string,
-	_ net.IP,
-	_ *net.IPNet,
-	statusRecorder *peer.Status,
-	hostsDNSHolder *hostsDNSHolder,
-) (*upstreamResolver, error) {
-	upstreamResolverBase := newUpstreamResolverBase(ctx, statusRecorder)
-	c := &upstreamResolver{
-		upstreamResolverBase: upstreamResolverBase,
-		hostsDNSHolder:       hostsDNSHolder,
-	}
-	upstreamResolverBase.upstreamClient = c
-	return c, nil
-}
-
-// exchange in case of Android if the upstream is a local resolver then we do not need to mark the socket as protected.
-// In other case the DNS resolvation goes through the VPN, so we need to force to use the
-func (u *upstreamResolver) exchange(ctx context.Context, upstream string, r *dns.Msg) (rm *dns.Msg, t time.Duration, err error) {
-	if u.isLocalResolver(upstream) {
-		return u.exchangeWithoutVPN(ctx, upstream, r)
-	} else {
-		return u.exchangeWithinVPN(ctx, upstream, r)
-	}
-}
-
-func (u *upstreamResolver) exchangeWithinVPN(ctx context.Context, upstream string, r *dns.Msg) (rm *dns.Msg, t time.Duration, err error) {
-	upstreamExchangeClient := &dns.Client{}
-	return upstreamExchangeClient.ExchangeContext(ctx, r, upstream)
-}
-
-// exchangeWithoutVPN protect the UDP socket by Android SDK to avoid to goes through the VPN
-func (u *upstreamResolver) exchangeWithoutVPN(ctx context.Context, upstream string, r *dns.Msg) (rm *dns.Msg, t time.Duration, err error) {
-	timeout := upstreamTimeout
-	if deadline, ok := ctx.Deadline(); ok {
-		timeout = time.Until(deadline)
-	}
-	dialTimeout := timeout
-
-	nbDialer := nbnet.NewDialer()
-
-	dialer := &net.Dialer{
-		Control: func(network, address string, c syscall.RawConn) error {
-			return nbDialer.Control(network, address, c)
-		},
-		Timeout: dialTimeout,
-	}
-
-	upstreamExchangeClient := &dns.Client{
-		Dialer: dialer,
-	}
-
-	return upstreamExchangeClient.Exchange(r, upstream)
-}
-
-func (u *upstreamResolver) isLocalResolver(upstream string) bool {
-	if u.hostsDNSHolder.isContain(upstream) {
-		return true
-	}
-	return false
-}
--- a/client/internal/dns/upstream_general.go
+++ b/client/internal/dns/upstream_general.go
@@ -1,38 +0,0 @@
-//go:build !android && !ios
-
-package dns
-
-import (
-	"context"
-	"net"
-	"time"
-
-	"github.com/miekg/dns"
-
-	"github.com/netbirdio/netbird/client/internal/peer"
-)
-
-type upstreamResolver struct {
-	*upstreamResolverBase
-}
-
-func newUpstreamResolver(
-	ctx context.Context,
-	_ string,
-	_ net.IP,
-	_ *net.IPNet,
-	statusRecorder *peer.Status,
-	_ *hostsDNSHolder,
-) (*upstreamResolver, error) {
-	upstreamResolverBase := newUpstreamResolverBase(ctx, statusRecorder)
-	nonIOS := &upstreamResolver{
-		upstreamResolverBase: upstreamResolverBase,
-	}
-	upstreamResolverBase.upstreamClient = nonIOS
-	return nonIOS, nil
-}
-
-func (u *upstreamResolver) exchange(ctx context.Context, upstream string, r *dns.Msg) (rm *dns.Msg, t time.Duration, err error) {
-	upstreamExchangeClient := &dns.Client{}
-	return upstreamExchangeClient.ExchangeContext(ctx, r, upstream)
-}
--- a/client/internal/dns/upstream_ios.go
+++ b/client/internal/dns/upstream_ios.go
@@ -1,110 +0,0 @@
-//go:build ios
-
-package dns
-
-import (
-	"context"
-	"net"
-	"syscall"
-	"time"
-
-	"github.com/miekg/dns"
-	log "github.com/sirupsen/logrus"
-	"golang.org/x/sys/unix"
-
-	"github.com/netbirdio/netbird/client/internal/peer"
-)
-
-type upstreamResolverIOS struct {
-	*upstreamResolverBase
-	lIP    net.IP
-	lNet   *net.IPNet
-	iIndex int
-}
-
-func newUpstreamResolver(
-	ctx context.Context,
-	interfaceName string,
-	ip net.IP,
-	net *net.IPNet,
-	statusRecorder *peer.Status,
-	_ *hostsDNSHolder,
-) (*upstreamResolverIOS, error) {
-	upstreamResolverBase := newUpstreamResolverBase(ctx, statusRecorder)
-
-	index, err := getInterfaceIndex(interfaceName)
-	if err != nil {
-		log.Debugf("unable to get interface index for %s: %s", interfaceName, err)
-		return nil, err
-	}
-
-	ios := &upstreamResolverIOS{
-		upstreamResolverBase: upstreamResolverBase,
-		lIP:                  ip,
-		lNet:                 net,
-		iIndex:               index,
-	}
-	ios.upstreamClient = ios
-
-	return ios, nil
-}
-
-func (u *upstreamResolverIOS) exchange(ctx context.Context, upstream string, r *dns.Msg) (rm *dns.Msg, t time.Duration, err error) {
-	client := &dns.Client{}
-	upstreamHost, _, err := net.SplitHostPort(upstream)
-	if err != nil {
-		log.Errorf("error while parsing upstream host: %s", err)
-	}
-
-	timeout := upstreamTimeout
-	if deadline, ok := ctx.Deadline(); ok {
-		timeout = time.Until(deadline)
-	}
-	client.DialTimeout = timeout
-
-	upstreamIP := net.ParseIP(upstreamHost)
-	if u.lNet.Contains(upstreamIP) || net.IP.IsPrivate(upstreamIP) {
-		log.Debugf("using private client to query upstream: %s", upstream)
-		client = u.getClientPrivate(timeout)
-	}
-
-	// Cannot use client.ExchangeContext because it overwrites our Dialer
-	return client.Exchange(r, upstream)
-}
-
-// getClientPrivate returns a new DNS client bound to the local IP address of the Netbird interface
-// This method is needed for iOS
-func (u *upstreamResolverIOS) getClientPrivate(dialTimeout time.Duration) *dns.Client {
-	dialer := &net.Dialer{
-		LocalAddr: &net.UDPAddr{
-			IP:   u.lIP,
-			Port: 0, // Let the OS pick a free port
-		},
-		Timeout: dialTimeout,
-		Control: func(network, address string, c syscall.RawConn) error {
-			var operr error
-			fn := func(s uintptr) {
-				operr = unix.SetsockoptInt(int(s), unix.IPPROTO_IP, unix.IP_BOUND_IF, u.iIndex)
-			}
-
-			if err := c.Control(fn); err != nil {
-				return err
-			}
-
-			if operr != nil {
-				log.Errorf("error while setting socket option: %s", operr)
-			}
-
-			return operr
-		},
-	}
-	client := &dns.Client{
-		Dialer: dialer,
-	}
-	return client
-}
-
-func getInterfaceIndex(interfaceName string) (int, error) {
-	iface, err := net.InterfaceByName(interfaceName)
-	return iface.Index, err
-}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Maycon Santos	0cf6ece217	limit response to 200 and output Link header	2023-12-14 17:56:09 +01:00
Maycon Santos	86340fb684	2 minutes timeout and info log level	2023-12-14 16:23:25 +01:00
Yury Gargay	52e86cabc3	Increase HTTP timeout for Keycloak and meassure totalUsersCount call	2023-12-14 13:37:06 +01:00