Fix(auth0) caching Users by accountId

Merge remote-tracking branch 'origin' into users_cache
WIP idpmanager users_cache by accountId
2026-04-01 07:04:17 -04:00 · 2022-06-03 17:19:31 +02:00 · 2022-06-03 14:42:06 +02:00 · 2022-06-03 14:39:07 +02:00 · 2022-06-03 14:39:07 +02:00 · 2022-06-03 14:39:07 +02:00
161 changed files with 3246 additions and 16059 deletions
--- a/.github/workflows/golang-test-darwin.yml
+++ b/.github/workflows/golang-test-darwin.yml
@@ -1,14 +1,16 @@
 name: Test Code Darwin
 on: [push,pull_request]
-
 jobs:
  test:
+    strategy:
+      matrix:
+        go-version: [1.18.x]
    runs-on: macos-latest
    steps:
      - name: Install Go
        uses: actions/setup-go@v2
        with:
-          go-version: 1.18.x
+          go-version: ${{ matrix.go-version }}
      - name: Checkout code
        uses: actions/checkout@v2

@@ -24,4 +26,4 @@ jobs:
        run: go mod tidy

      - name: Test
-        run: go test -exec 'sudo --preserve-env=CI' -timeout 5m -p 1 ./...
+        run: go test -exec 'sudo --preserve-env=CI' -timeout 5m -p 1 ./...
--- a/.github/workflows/golang-test-linux.yml
+++ b/.github/workflows/golang-test-linux.yml
@@ -1,17 +1,16 @@
 name: Test Code Linux
 on: [push,pull_request]
-
 jobs:
  test:
    strategy:
      matrix:
-        arch: ['386','amd64']
+        go-version: [1.18.x]
    runs-on: ubuntu-latest
    steps:
      - name: Install Go
        uses: actions/setup-go@v2
        with:
-          go-version: 1.18.x
+          go-version: ${{ matrix.go-version }}


      - name: Cache Go modules
@@ -32,4 +31,4 @@ jobs:
        run: go mod tidy

      - name: Test
-        run: GOARCH=${{ matrix.arch }} go test -exec 'sudo --preserve-env=CI' -timeout 5m -p 1 ./...
+        run: go test -exec 'sudo --preserve-env=CI' -timeout 5m -p 1 ./...
--- a/.github/workflows/golang-test-windows.yml
+++ b/.github/workflows/golang-test-windows.yml
@@ -1,6 +1,5 @@
 name: Test Code Windows
 on: [push,pull_request]
-
 jobs:
  pre:
    runs-on: ubuntu-latest
@@ -18,8 +17,13 @@ jobs:

  test:
    needs: pre
+    strategy:
+      matrix:
+        go-version: [1.18.x]
    runs-on: windows-latest
    steps:
+      - name: disable defender
+        run: Set-MpPreference -DisableRealtimeMonitoring $true

      - name: Checkout code
        uses: actions/checkout@v2
@@ -27,22 +31,27 @@ jobs:
      - name: Install Go
        uses: actions/setup-go@v2
        with:
-          go-version: 1.18.x
+          go-version: ${{ matrix.go-version }}

      - uses: actions/cache@v2
        with:
          path: |
            %LocalAppData%\go-build
-            ~\go\pkg\mod
-            ~\AppData\Local\go-build
+            ~/go/pkg/mod
          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
          restore-keys: |
            ${{ runner.os }}-go-

+      - name: enable defender
+        run: Set-MpPreference -DisableRealtimeMonitoring $false
+
      - uses: actions/download-artifact@v2
        with:
          name: syso
          path: iface\

+#      - name: Install modules
+#        run: go mod tidy
+
      - name: Test
-        run: go test -tags=load_wgnt_from_rsrc -timeout 5m -p 1 ./...
+        run: go test -tags=load_wgnt_from_rsrc -timeout 5m -p 1 ./...
--- a/.github/workflows/golangci-lint.yml
+++ b/.github/workflows/golangci-lint.yml
@@ -6,16 +6,12 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
-      - name: Install Go
-        uses: actions/setup-go@v2
-        with:
-          go-version: 1.18.x
+
      - name: Install dependencies
        run: sudo apt update && sudo apt install -y -q libgtk-3-dev libappindicator3-dev libayatana-appindicator3-dev libgl1-mesa-dev xorg-dev
      - name: golangci-lint
        uses: golangci/golangci-lint-action@v2
        with:
-          #  SA1019: "io/ioutil" has been deprecated since Go 1.16
-          args: --timeout=6m -e SA1019
+          args: --timeout=6m


--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -10,7 +10,6 @@ on:

 env:
  SIGN_PIPE_VER: "v0.0.3"
-  GORELEASER_VER: "v1.6.3"

 jobs:
  release:
@@ -41,9 +40,6 @@ jobs:
      -
        name: Install modules
        run: go mod tidy
-      -
-        name: check git status
-        run: git --no-pager diff --exit-code
      -
        name: Set up QEMU
        uses: docker/setup-qemu-action@v1
@@ -58,75 +54,45 @@ jobs:
          username: netbirdio
          password: ${{ secrets.DOCKER_TOKEN }}

+      - name: Install dependencies
+        run: sudo apt update && sudo apt install -y -q libgtk-3-dev libappindicator3-dev libayatana-appindicator3-dev libgl1-mesa-dev xorg-dev gcc-mingw-w64-x86-64
+
+      - name: Install rsrc
+        run: go install github.com/akavel/rsrc@v0.10.2
+
+      - name: Generate windows rsrc
+        run: rsrc -arch amd64 -ico client/ui/netbird.ico -manifest client/ui/manifest.xml -o client/ui/resources_windows_amd64.syso
+
      -
        name: Run GoReleaser
        uses: goreleaser/goreleaser-action@v2
        with:
-          version: ${{ env.GORELEASER_VER }}
+          version: v1.6.3
          args: release --rm-dist
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          HOMEBREW_TAP_GITHUB_TOKEN: ${{ secrets.HOMEBREW_TAP_GITHUB_TOKEN }}
          UPLOAD_DEBIAN_SECRET: ${{ secrets.PKG_UPLOAD_SECRET }}
          UPLOAD_YUM_SECRET: ${{ secrets.PKG_UPLOAD_SECRET }}
+      -
+        name: Trigger Windows binaries sign pipeline
+        uses: benc-uk/workflow-dispatch@v1
+        if: startsWith(github.ref, 'refs/tags/')
+        with:
+          workflow: Sign windows bin and installer
+          repo: netbirdio/sign-pipelines
+          ref: ${{ env.SIGN_PIPE_VER }}
+          token: ${{ secrets.SIGN_GITHUB_TOKEN }}
+          inputs: '{ "tag": "${{ github.ref }}" }'
      -
        name: upload non tags for debug purposes
        uses: actions/upload-artifact@v2
        with:
-          name: release
+          name: build
          path: dist/
          retention-days: 3
-
+          
  release_ui:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v2
-        with:
-          fetch-depth: 0 # It is required for GoReleaser to work properly
-
-      - name: Set up Go
-        uses: actions/setup-go@v2
-        with:
-          go-version: 1.18
-      - name: Cache Go modules
-        uses: actions/cache@v1
-        with:
-          path: ~/go/pkg/mod
-          key: ${{ runner.os }}-ui-go-${{ hashFiles('**/go.sum') }}
-          restore-keys: |
-            ${{ runner.os }}-ui-go-
-
-      - name: Install modules
-        run: go mod tidy
-
-      - name: check git status
-        run: git --no-pager diff --exit-code
-
-      - name: Install dependencies
-        run: sudo apt update && sudo apt install -y -q libgtk-3-dev libappindicator3-dev libayatana-appindicator3-dev libgl1-mesa-dev xorg-dev gcc-mingw-w64-x86-64
-      - name: Install rsrc
-        run: go install github.com/akavel/rsrc@v0.10.2
-      - name: Generate windows rsrc
-        run: rsrc -arch amd64 -ico client/ui/netbird.ico -manifest client/ui/manifest.xml -o client/ui/resources_windows_amd64.syso
-      - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v2
-        with:
-          version: ${{ env.GORELEASER_VER }}
-          args: release --config .goreleaser_ui.yaml --rm-dist
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          HOMEBREW_TAP_GITHUB_TOKEN: ${{ secrets.HOMEBREW_TAP_GITHUB_TOKEN }}
-          UPLOAD_DEBIAN_SECRET: ${{ secrets.PKG_UPLOAD_SECRET }}
-          UPLOAD_YUM_SECRET: ${{ secrets.PKG_UPLOAD_SECRET }}
-      - name: upload non tags for debug purposes
-        uses: actions/upload-artifact@v2
-        with:
-          name: release-ui
-          path: dist/
-          retention-days: 3
-
-  release_ui_darwin:
    runs-on: macos-latest
    steps:
      -
@@ -144,9 +110,9 @@ jobs:
        uses: actions/cache@v1
        with:
          path: ~/go/pkg/mod
-          key: ${{ runner.os }}-ui-go-${{ hashFiles('**/go.sum') }}
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
          restore-keys: |
-            ${{ runner.os }}-ui-go-
+            ${{ runner.os }}-go-
      -
        name: Install modules
        run: go mod tidy
@@ -155,42 +121,26 @@ jobs:
        id: goreleaser
        uses: goreleaser/goreleaser-action@v2
        with:
-          version: ${{ env.GORELEASER_VER }}
+          version: v1.6.3
          args: release --config .goreleaser_ui_darwin.yaml --rm-dist
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
      -
-        name: upload non tags for debug purposes
-        uses: actions/upload-artifact@v2
-        with:
-          name: release-ui-darwin
-          path: dist/
-          retention-days: 3
-
-  trigger_windows_signer:
-    runs-on: ubuntu-latest
-    needs: [release,release_ui]
-    if: startsWith(github.ref, 'refs/tags/')
-    steps:
-      - name: Trigger Windows binaries sign pipeline
-        uses: benc-uk/workflow-dispatch@v1
-        with:
-          workflow: Sign windows bin and installer
-          repo: netbirdio/sign-pipelines
-          ref: ${{ env.SIGN_PIPE_VER }}
-          token: ${{ secrets.SIGN_GITHUB_TOKEN }}
-          inputs: '{ "tag": "${{ github.ref }}" }'
-
-  trigger_darwin_signer:
-    runs-on: ubuntu-latest
-    needs: release_ui_darwin
-    if: startsWith(github.ref, 'refs/tags/')
-    steps:
-      - name: Trigger Darwin App binaries sign pipeline
+        name: Trigger Darwin App binaries sign pipeline
        uses: benc-uk/workflow-dispatch@v1
+        if: startsWith(github.ref, 'refs/tags/')
        with:
          workflow: Sign darwin ui app with dispatch
          repo: netbirdio/sign-pipelines
          ref: ${{ env.SIGN_PIPE_VER }}
          token: ${{ secrets.SIGN_GITHUB_TOKEN }}
-          inputs: '{ "tag": "${{ github.ref }}" }'
+          inputs: '{ "tag": "${{ github.ref }}" }'
+
+      -
+        name: upload non tags for debug purposes
+        uses: actions/upload-artifact@v2
+        with:
+          name: build-ui-darwin
+          path: dist/
+          retention-days: 3
--- a/.github/workflows/test-docker-compose-linux.yml
+++ b/.github/workflows/test-docker-compose-linux.yml
@@ -1,72 +0,0 @@
-name: Test Docker Compose Linux
-on: [push,pull_request]
-
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Install jq
-        run: sudo apt-get install -y jq
-
-      - name: Install curl
-        run: sudo apt-get install -y curl
-
-      - name: Install Go
-        uses: actions/setup-go@v2
-        with:
-          go-version: 1.18.x
-
-      - name: Cache Go modules
-        uses: actions/cache@v2
-        with:
-          path: ~/go/pkg/mod
-          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
-          restore-keys: |
-            ${{ runner.os }}-go-
-
-      - name: Checkout code
-        uses: actions/checkout@v2
-
-      - name: cp setup.env
-        run: cp infrastructure_files/tests/setup.env infrastructure_files/
-
-      - name: run configure
-        working-directory: infrastructure_files
-        run: bash -x configure.sh
-        env:
-          CI_NETBIRD_AUTH_CLIENT_ID: ${{ secrets.CI_NETBIRD_AUTH_CLIENT_ID }}
-          CI_NETBIRD_AUTH_AUDIENCE: testing.ci
-          CI_NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT: https://example.eu.auth0.com/.well-known/openid-configuration
-          CI_NETBIRD_USE_AUTH0: true
-
-      - name: check values
-        working-directory: infrastructure_files
-        env:
-          CI_NETBIRD_AUTH_CLIENT_ID: ${{ secrets.CI_NETBIRD_AUTH_CLIENT_ID }}
-          CI_NETBIRD_AUTH_AUDIENCE: testing.ci
-          CI_NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT: https://example.eu.auth0.com/.well-known/openid-configuration
-          CI_NETBIRD_USE_AUTH0: true
-          CI_NETBIRD_AUTH_SUPPORTED_SCOPES: "openid profile email offline_access api email_verified"
-          CI_NETBIRD_AUTH_AUTHORITY: https://example.eu.auth0.com/
-          CI_NETBIRD_AUTH_JWT_CERTS: https://example.eu.auth0.com/.well-known/jwks.json
-          CI_NETBIRD_AUTH_TOKEN_ENDPOINT: https://example.eu.auth0.com/oauth/token
-          CI_NETBIRD_AUTH_DEVICE_AUTH_ENDPOINT: https://example.eu.auth0.com/oauth/device/code
-        run: |
-          grep AUTH_CLIENT_ID docker-compose.yml | grep $CI_NETBIRD_AUTH_CLIENT_ID
-          grep AUTH_AUTHORITY docker-compose.yml | grep $CI_NETBIRD_AUTH_AUTHORITY
-          grep AUTH_AUDIENCE docker-compose.yml | grep $CI_NETBIRD_AUTH_AUDIENCE
-          grep AUTH_SUPPORTED_SCOPES docker-compose.yml | grep "$CI_NETBIRD_AUTH_SUPPORTED_SCOPES"
-          grep USE_AUTH0 docker-compose.yml | grep $CI_NETBIRD_USE_AUTH0
-          grep NETBIRD_MGMT_API_ENDPOINT docker-compose.yml | grep "http://localhost:33073"  
-
-      - name: run docker compose up
-        working-directory: infrastructure_files
-        run: | 
-          docker-compose up -d
-          sleep 5
-
-      - name: test running containers
-        run: |
-          count=$(docker compose ps --format json | jq '.[] | select(.Project | contains("infrastructure_files")) | .State' | grep -c running)
-          test $count -eq 4
-        working-directory: infrastructure_files
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,4 @@
 .idea
-.run
 *.iml
 dist/
 bin/
@@ -10,4 +9,3 @@ infrastructure_files/management.json
 infrastructure_files/docker-compose.yml
 *.syso
 client/.distfiles/
-infrastructure_files/setup.env
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -13,7 +13,6 @@ builds:
      - amd64
      - arm64
      - mips
-      - 386
    gomips:
      - hardfloat
      - softfloat
@@ -22,8 +21,6 @@ builds:
        goarch: arm64
      - goos: windows
        goarch: arm
-      - goos: windows
-        goarch: 386
    ldflags:
      - -s -w -X github.com/netbirdio/netbird/client/system.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.CommitDate}} -X main.builtBy=goreleaser
    mod_timestamp: '{{ .CommitTimestamp }}'
@@ -58,12 +55,88 @@ builds:
      - -s -w -X main.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.CommitDate}} -X main.builtBy=goreleaser
    mod_timestamp: '{{ .CommitTimestamp }}'

+  - id: netbird-ui
+    dir: client/ui
+    binary: netbird-ui
+    env:
+      - CGO_ENABLED=1
+    goos:
+      - linux
+    goarch:
+      - amd64
+    ldflags:
+      - -s -w -X github.com/netbirdio/netbird/client/system.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.CommitDate}} -X main.builtBy=goreleaser
+    mod_timestamp: '{{ .CommitTimestamp }}'
+
+  - id: netbird-ui-windows
+    dir: client/ui
+    binary: netbird-ui
+    env:
+      - CGO_ENABLED=1
+      - CC=x86_64-w64-mingw32-gcc
+    goos:
+      - windows
+    goarch:
+      - amd64
+    ldflags:
+      - -s -w -X github.com/netbirdio/netbird/client/system.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.CommitDate}} -X main.builtBy=goreleaser
+      - -H windowsgui
+    mod_timestamp: '{{ .CommitTimestamp }}'
+
 archives:
  - builds:
      - netbird
+  - id: linux-arch
+    name_template: "{{ .ProjectName }}-ui-linux_{{ .Version }}_{{ .Os }}_{{ .Arch }}"
+    builds:
+      - netbird-ui
+  - id: windows-arch
+    name_template: "{{ .ProjectName }}-ui-windows_{{ .Version }}_{{ .Os }}_{{ .Arch }}"
+    builds:
+      - netbird-ui-windows

 nfpms:

+  - maintainer: Netbird <dev@netbird.io>
+    description: Netbird client UI.
+    homepage: https://netbird.io/
+    id: netbird-ui-deb
+    package_name: netbird-ui
+    builds:
+      - netbird-ui
+    formats:
+      - deb
+    contents:
+      - src: client/ui/netbird.desktop
+        dst: /usr/share/applications/netbird.desktop
+      - src: client/ui/disconnected.png
+        dst: /usr/share/pixmaps/netbird.png
+    dependencies:
+      - libayatana-appindicator3-1
+      - libgtk-3-dev
+      - libappindicator3-dev
+      - netbird
+
+  - maintainer: Netbird <dev@netbird.io>
+    description: Netbird client UI.
+    homepage: https://netbird.io/
+    id: netbird-ui-rpm
+    package_name: netbird-ui
+    builds:
+      - netbird-ui
+    formats:
+      - rpm
+    contents:
+      - src: client/ui/netbird.desktop
+        dst: /usr/share/applications/netbird.desktop
+      - src: client/ui/disconnected.png
+        dst: /usr/share/pixmaps/netbird.png
+    dependencies:
+      - libayatana-appindicator3-1
+      - libgtk-3-dev
+      - libappindicator3-dev
+      - netbird
+
  - maintainer: Netbird <dev@netbird.io>
    description: Netbird client.
    homepage: https://netbird.io/
@@ -355,6 +428,7 @@ uploads:
  - name: debian
    ids:
    - netbird-deb
+    - netbird-ui-deb
    mode: archive
    target: https://pkgs.wiretrustee.com/debian/pool/{{ .ArtifactName }};deb.distribution=stable;deb.component=main;deb.architecture={{ if .Arm }}armhf{{ else }}{{ .Arch }}{{ end }};deb.package=
    username: dev@wiretrustee.com
@@ -363,6 +437,7 @@ uploads:
  - name: yum
    ids:
      - netbird-rpm
+      - netbird-ui-rpm
    mode: archive
    target: https://pkgs.wiretrustee.com/yum/{{ .Arch }}{{ if .Arm }}{{ .Arm }}{{ end }}
    username: dev@wiretrustee.com
--- a/.goreleaser_ui.yaml
+++ b/.goreleaser_ui.yaml
@@ -1,98 +0,0 @@
-project_name: netbird-ui
-builds:
-  - id: netbird-ui
-    dir: client/ui
-    binary: netbird-ui
-    env:
-      - CGO_ENABLED=1
-    goos:
-      - linux
-    goarch:
-      - amd64
-    ldflags:
-      - -s -w -X github.com/netbirdio/netbird/client/system.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.CommitDate}} -X main.builtBy=goreleaser
-    mod_timestamp: '{{ .CommitTimestamp }}'
-
-  - id: netbird-ui-windows
-    dir: client/ui
-    binary: netbird-ui
-    env:
-      - CGO_ENABLED=1
-      - CC=x86_64-w64-mingw32-gcc
-    goos:
-      - windows
-    goarch:
-      - amd64
-    ldflags:
-      - -s -w -X github.com/netbirdio/netbird/client/system.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.CommitDate}} -X main.builtBy=goreleaser
-      - -H windowsgui
-    mod_timestamp: '{{ .CommitTimestamp }}'
-
-archives:
-  - id: linux-arch
-    name_template: "{{ .ProjectName }}-linux_{{ .Version }}_{{ .Os }}_{{ .Arch }}"
-    builds:
-      - netbird-ui
-  - id: windows-arch
-    name_template: "{{ .ProjectName }}-windows_{{ .Version }}_{{ .Os }}_{{ .Arch }}"
-    builds:
-      - netbird-ui-windows
-
-nfpms:
-
-  - maintainer: Netbird <dev@netbird.io>
-    description: Netbird client UI.
-    homepage: https://netbird.io/
-    id: netbird-ui-deb
-    package_name: netbird-ui
-    builds:
-      - netbird-ui
-    formats:
-      - deb
-    contents:
-      - src: client/ui/netbird.desktop
-        dst: /usr/share/applications/netbird.desktop
-      - src: client/ui/disconnected.png
-        dst: /usr/share/pixmaps/netbird.png
-    dependencies:
-      - libayatana-appindicator3-1
-      - libgtk-3-dev
-      - libappindicator3-dev
-      - netbird
-
-  - maintainer: Netbird <dev@netbird.io>
-    description: Netbird client UI.
-    homepage: https://netbird.io/
-    id: netbird-ui-rpm
-    package_name: netbird-ui
-    builds:
-      - netbird-ui
-    formats:
-      - rpm
-    contents:
-      - src: client/ui/netbird.desktop
-        dst: /usr/share/applications/netbird.desktop
-      - src: client/ui/disconnected.png
-        dst: /usr/share/pixmaps/netbird.png
-    dependencies:
-      - libayatana-appindicator3-1
-      - libgtk-3-dev
-      - libappindicator3-dev
-      - netbird
-
-uploads:
-  - name: debian
-    ids:
-    - netbird-ui-deb
-    mode: archive
-    target: https://pkgs.wiretrustee.com/debian/pool/{{ .ArtifactName }};deb.distribution=stable;deb.component=main;deb.architecture={{ if .Arm }}armhf{{ else }}{{ .Arch }}{{ end }};deb.package=
-    username: dev@wiretrustee.com
-    method: PUT
-
-  - name: yum
-    ids:
-      - netbird-ui-rpm
-    mode: archive
-    target: https://pkgs.wiretrustee.com/yum/{{ .Arch }}{{ if .Arm }}{{ .Arm }}{{ end }}
-    username: dev@wiretrustee.com
-    method: PUT
--- a/.goreleaser_ui_darwin.yaml
+++ b/.goreleaser_ui_darwin.yaml
@@ -14,7 +14,7 @@ builds:
      - hardfloat
      - softfloat
    ldflags:
-      - -s -w -X github.com/netbirdio/netbird/client/system.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.CommitDate}} -X main.builtBy=goreleaser
+      - -s -w -X github.com/netbirdio/netbird/client/ui/system.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.CommitDate}} -X main.builtBy=goreleaser
    mod_timestamp: '{{ .CommitTimestamp }}'
    tags:
      - load_wgnt_from_rsrc
@@ -23,7 +23,5 @@ archives:
  - builds:
      - netbird-ui-darwin

-checksum:
-  name_template: "{{ .ProjectName }}_darwin_checksums.txt"
 changelog:
  skip: true
--- a/README.md
+++ b/README.md
@@ -1,22 +1,32 @@
 <p align="center">
- <strong>:hatching_chick: New release! NetBird Easy SSH</strong>.
-  <a href="https://github.com/netbirdio/netbird/releases/tag/v0.8.0">
+ <strong>:hatching_chick: New release! Beta Update May 2022</strong>.
+  <a href="https://github.com/netbirdio/netbird/releases/tag/v0.6.0">
       Learn more
     </a>   
 </p>
+
 <br/>
 <div align="center">
+
 <p align="center">
  <img width="234" src="docs/media/logo-full.png"/>
 </p>
+
  <p>
     <a href="https://github.com/netbirdio/netbird/blob/main/LICENSE">
       <img src="https://img.shields.io/badge/license-BSD--3-blue" />
     </a> 
-   <a href="https://www.codacy.com/gh/netbirdio/netbird/dashboard?utm_source=github.com&amp;utm_medium=referral&amp;utm_content=netbirdio/netbird&amp;utm_campaign=Badge_Grade"><img src="https://app.codacy.com/project/badge/Grade/e3013d046aec44cdb7462c8673b00976"/></a>
+     <a href="https://hub.docker.com/r/wiretrustee/wiretrustee/tags">
+        <img src="https://img.shields.io/docker/pulls/wiretrustee/wiretrustee" />
+     </a> 
    <br>
-    <a href="https://join.slack.com/t/netbirdio/shared_invite/zt-vrahf41g-ik1v7fV8du6t0RwxSrJ96A">
-        <img src="https://img.shields.io/badge/slack-@netbird-red.svg?logo=slack"/>
+    <a href="https://www.codacy.com/gh/wiretrustee/wiretrustee/dashboard?utm_source=github.com&amp;utm_medium=referral&amp;utm_content=wiretrustee/wiretrustee&amp;utm_campaign=Badge_Grade"><img src="https://app.codacy.com/project/badge/Grade/d366de2c9d8b4cf982da27f8f5831809"/></a>
+     <a href="https://goreportcard.com/report/wiretrustee/wiretrustee">
+        <img src="https://goreportcard.com/badge/github.com/wiretrustee/wiretrustee?style=flat-square" />
+     </a>
+    <br>
+    <a href="https://join.slack.com/t/wiretrustee/shared_invite/zt-vrahf41g-ik1v7fV8du6t0RwxSrJ96A">
+        <img src="https://img.shields.io/badge/slack-@wiretrustee-red.svg?logo=slack"/>
     </a>    
  </p>
 </div>
@@ -28,7 +38,7 @@
  <br/>
  See <a href="https://netbird.io/docs/">Documentation</a>
  <br/>
-   Join our <a href="https://join.slack.com/t/netbirdio/shared_invite/zt-vrahf41g-ik1v7fV8du6t0RwxSrJ96A">Slack channel</a>
+   Join our <a href="https://join.slack.com/t/wiretrustee/shared_invite/zt-vrahf41g-ik1v7fV8du6t0RwxSrJ96A">Slack channel</a>
  <br/>
 
 </strong>
@@ -43,23 +53,20 @@ It requires zero configuration effort leaving behind the hassle of opening ports
 NetBird creates an overlay peer-to-peer network connecting machines automatically regardless of their location (home, office, datacenter, container, cloud or edge environments) unifying virtual private network management experience.

 **Key features:**
- \[x] Automatic IP allocation and network management with a Web UI ([separate repo](https://github.com/netbirdio/dashboard))
- \[x] Automatic WireGuard peer (machine) discovery and configuration.
- \[x] Encrypted peer-to-peer connections without a central VPN gateway.
- \[x] Connection relay fallback in case a peer-to-peer connection is not possible.
- \[x] Desktop client applications for Linux, MacOS, and Windows (systray).
- \[x] Multiuser support - sharing network between multiple users.
- \[x] SSO and MFA support. 
- \[x] Multicloud and hybrid-cloud support.
- \[x] Kernel WireGuard usage when possible.
- \[x] Access Controls - groups & rules.
- \[x] Remote SSH access without managing SSH keys.
- \[x] Network Routes.  
-
-**Coming soon:**
-  \[ ] Private DNS.
-  \[ ] Mobile clients.
-  \[ ] Network Activity Monitoring.
+* Automatic IP allocation and management.
+* Automatic WireGuard peer (machine) discovery and configuration.
+* Encrypted peer-to-peer connections without a central VPN gateway.
+* Connection relay fallback in case a peer-to-peer connection is not possible.
+* Network management layer with a neat Web UI panel ([separate repo](https://github.com/netbirdio/dashboard))
+* Desktop client applications for Linux, MacOS, and Windows.
+* Multiuser support - sharing network between multiple users.
+* SSO and MFA support. 
+* Multicloud and hybrid-cloud support.
+* Kernel WireGuard usage when possible.
+* Access Controls - groups & rules (coming soon).
+* Private DNS (coming soon).
+* Mobile clients (coming soon).
+* Network Activity Monitoring (coming soon).

 ### Secure peer-to-peer VPN with SSO and MFA in minutes
 <p float="left" align="middle">
@@ -71,21 +78,23 @@ NetBird creates an overlay peer-to-peer network connecting machines automaticall
 For stable versions, see [releases](https://github.com/netbirdio/netbird/releases).

 ### Start using NetBird
-  Hosted version: [https://app.netbird.io/](https://app.netbird.io/).
-  See our documentation for [Quickstart Guide](https://netbird.io/docs/getting-started/quickstart).
-  If you are looking to self-host NetBird, check our [Self-Hosting Guide](https://netbird.io/docs/getting-started/self-hosting).
-  Step-by-step [Installation Guide](https://netbird.io/docs/getting-started/installation) for different platforms.
-  Web UI [repository](https://github.com/netbirdio/dashboard).
-  5 min [demo video](https://youtu.be/Tu9tPsUWaY0) on YouTube.
+* Hosted version: [https://app.netbird.io/](https://app.netbird.io/).
+* See our documentation for [Quickstart Guide](https://netbird.io/docs/getting-started/quickstart).
+* If you are looking to self-host NetBird, check our [Self-Hosting Guide](https://netbird.io/docs/getting-started/self-hosting).
+* Step-by-step [Installation Guide](https://netbird.io/docs/getting-started/installation) for different platforms.
+* Web UI [repository](https://github.com/netbirdio/dashboard).
+* 5 min [demo video](https://youtu.be/Tu9tPsUWaY0) on YouTube.


 ### A bit on NetBird internals
-  Every machine in the network runs [NetBird Agent (or Client)](client/) that manages WireGuard.
-  Every agent connects to [Management Service](management/) that holds network state, manages peer IPs, and distributes network updates to agents (peers).
-  NetBird agent uses WebRTC ICE implemented in [pion/ice library](https://github.com/pion/ice) to discover connection candidates when establishing a peer-to-peer connection between machines.
-  Connection candidates are discovered with a help of [STUN](https://en.wikipedia.org/wiki/STUN) servers.
-  Agents negotiate a connection through [Signal Service](signal/) passing p2p encrypted messages with candidates.
-  Sometimes the NAT traversal is unsuccessful due to strict NATs (e.g. mobile carrier-grade NAT) and p2p connection isn't possible. When this occurs the system falls back to a relay server called [TURN](https://en.wikipedia.org/wiki/Traversal_Using_Relays_around_NAT), and a secure WireGuard tunnel is established via the TURN server. 
+* Every machine in the network runs [NetBird Agent (or Client)](client/) that manages WireGuard.
+* NetBird features [Management Service](management/) that holds network state, manages peer IPs, and distributes network updates to peers.
+* Every agent is connected to Management Service.
+* NetBird agent uses WebRTC ICE implemented in [pion/ice library](https://github.com/pion/ice) to discover connection candidates when establishing a peer-to-peer connection between machines.
+* Connection candidates are discovered with a help of [STUN](https://en.wikipedia.org/wiki/STUN) server. 
+* Agents negotiate a connection through [Signal Service](signal/) passing p2p encrypted messages.
+* Signal Service uses public WireGuard keys to route messages between peers.
+* Sometimes the NAT traversal is unsuccessful due to strict NATs (e.g. mobile carrier-grade NAT) and p2p connection isn't possible. When this occurs the system falls back to a relay server called [TURN](https://en.wikipedia.org/wiki/Traversal_Using_Relays_around_NAT), and a secure WireGuard tunnel is established via the TURN server. 
 
 [Coturn](https://github.com/coturn/coturn) is the one that has been successfully used for STUN and TURN in NetBird setups.

@@ -96,10 +105,7 @@ For stable versions, see [releases](https://github.com/netbirdio/netbird/release
 See a complete [architecture overview](https://netbird.io/docs/overview/architecture) for details.

 ### Roadmap
-  [Public Roadmap](https://github.com/netbirdio/netbird/projects/2)
-
-### Community projects
-  [NetBird on OpenWRT](https://github.com/messense/openwrt-netbird)
+- [Public Roadmap](https://github.com/netbirdio/netbird/projects/2)

 ### Testimonials
 We use open-source technologies like [WireGuard®](https://www.wireguard.com/), [Pion ICE (WebRTC)](https://github.com/pion/ice), and [Coturn](https://github.com/coturn/coturn). We very much appreciate the work these guys are doing and we'd greatly appreciate if you could support them in any way (e.g. giving a star or a contribution).
--- a/client/Dockerfile
+++ b/client/Dockerfile
@@ -1,7 +1,4 @@
 FROM gcr.io/distroless/base:debug
 ENV WT_LOG_FILE=console
-ENV PATH=/sbin:/usr/sbin:/bin:/usr/bin:/busybox
-SHELL ["/busybox/sh","-c"]
-RUN sed -i -E 's/(^root:.+)\/sbin\/nologin/\1\/busybox\/sh/g' /etc/passwd
 ENTRYPOINT [ "/go/bin/netbird","up"]
-COPY netbird /go/bin/netbird
+COPY netbird /go/bin/netbird
--- a/client/cmd/login.go
+++ b/client/cmd/login.go
@@ -43,8 +43,6 @@ var loginCmd = &cobra.Command{
 				return fmt.Errorf("get config file: %v", err)
 			}

-			config, _ = internal.UpdateOldManagementPort(ctx, config, configPath)
-
 			err = foregroundLogin(ctx, cmd, config, setupKey)
 			if err != nil {
 				return fmt.Errorf("foreground login failed: %v", err)
@@ -169,8 +167,7 @@ func foregroundGetTokenInfo(ctx context.Context, cmd *cobra.Command, config *int
 	hostedClient := internal.NewHostedDeviceFlow(
 		providerConfig.ProviderConfig.Audience,
 		providerConfig.ProviderConfig.ClientID,
-		providerConfig.ProviderConfig.TokenEndpoint,
-		providerConfig.ProviderConfig.DeviceAuthEndpoint,
+		providerConfig.ProviderConfig.Domain,
 	)

 	flowInfo, err := hostedClient.RequestDeviceCode(context.TODO())
--- a/client/cmd/root.go
+++ b/client/cmd/root.go
@@ -94,7 +94,6 @@ func init() {
 	rootCmd.AddCommand(statusCmd)
 	rootCmd.AddCommand(loginCmd)
 	rootCmd.AddCommand(versionCmd)
-	rootCmd.AddCommand(sshCmd)
 	serviceCmd.AddCommand(runCmd, startCmd, stopCmd, restartCmd) // service control commands are subcommands of service
 	serviceCmd.AddCommand(installCmd, uninstallCmd)              // service installer commands are subcommands of service
 }
--- a/client/cmd/ssh.go
+++ b/client/cmd/ssh.go
@@ -1,115 +0,0 @@
-package cmd
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"github.com/netbirdio/netbird/client/internal"
-	nbssh "github.com/netbirdio/netbird/client/ssh"
-	"github.com/netbirdio/netbird/util"
-	log "github.com/sirupsen/logrus"
-	"github.com/spf13/cobra"
-	"os"
-	"os/signal"
-	"strings"
-	"syscall"
-)
-
-var (
-	port int
-	user = "root"
-	host string
-)
-
-var sshCmd = &cobra.Command{
-	Use: "ssh",
-	Args: func(cmd *cobra.Command, args []string) error {
-		if len(args) < 1 {
-			return errors.New("requires a host argument")
-		}
-
-		split := strings.Split(args[0], "@")
-		if len(split) == 2 {
-			user = split[0]
-			host = split[1]
-		} else {
-			host = args[0]
-		}
-
-		return nil
-	},
-	Short: "connect to a remote SSH server",
-	RunE: func(cmd *cobra.Command, args []string) error {
-		SetFlagsFromEnvVars()
-
-		cmd.SetOut(cmd.OutOrStdout())
-
-		err := util.InitLog(logLevel, "console")
-		if err != nil {
-			return fmt.Errorf("failed initializing log %v", err)
-		}
-
-		if !util.IsAdmin() {
-			cmd.Printf("error: you must have Administrator privileges to run this command\n")
-			return nil
-		}
-
-		ctx := internal.CtxInitState(cmd.Context())
-
-		config, err := internal.ReadConfig("", "", configPath, nil)
-		if err != nil {
-			return err
-		}
-
-		sig := make(chan os.Signal, 1)
-		signal.Notify(sig, syscall.SIGTERM, syscall.SIGINT)
-		sshctx, cancel := context.WithCancel(ctx)
-
-		go func() {
-			// blocking
-			if err := runSSH(sshctx, host, []byte(config.SSHKey), cmd); err != nil {
-				log.Print(err)
-			}
-			cancel()
-		}()
-
-		select {
-		case <-sig:
-			cancel()
-		case <-sshctx.Done():
-		}
-
-		return nil
-	},
-}
-
-func runSSH(ctx context.Context, addr string, pemKey []byte, cmd *cobra.Command) error {
-	c, err := nbssh.DialWithKey(fmt.Sprintf("%s:%d", addr, port), user, pemKey)
-	if err != nil {
-		cmd.Printf("Error: %v\n", err)
-		cmd.Printf("Couldn't connect. " +
-			"You might be disconnected from the NetBird network, or the NetBird agent isn't running.\n" +
-			"Run the status command: \n\n" +
-			" netbird status\n\n" +
-			"It might also be that the SSH server is disabled on the agent you are trying to connect to.\n")
-		return nil
-	}
-	go func() {
-		<-ctx.Done()
-		err = c.Close()
-		if err != nil {
-			return
-		}
-	}()
-
-	err = c.OpenTerminal()
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func init() {
-	sshCmd.PersistentFlags().IntVarP(&port, "port", "p", nbssh.DefaultSSHPort, "Sets remote SSH port. Defaults to "+fmt.Sprint(nbssh.DefaultSSHPort))
-}
--- a/client/cmd/status.go
+++ b/client/cmd/status.go
@@ -3,24 +3,13 @@ package cmd
 import (
 	"context"
 	"fmt"
-	"github.com/netbirdio/netbird/client/internal"
-	"github.com/netbirdio/netbird/client/internal/peer"
-	"github.com/netbirdio/netbird/client/proto"
-	nbStatus "github.com/netbirdio/netbird/client/status"
-	"github.com/netbirdio/netbird/client/system"
 	"github.com/netbirdio/netbird/util"
+
 	"github.com/spf13/cobra"
 	"google.golang.org/grpc/status"
-	"net/netip"
-	"sort"
-	"strings"
-)

-var (
-	detailFlag   bool
-	ipsFilter    []string
-	statusFilter string
-	ipsFilterMap map[string]struct{}
+	"github.com/netbirdio/netbird/client/internal"
+	"github.com/netbirdio/netbird/client/proto"
 )

 var statusCmd = &cobra.Command{
@@ -31,12 +20,7 @@ var statusCmd = &cobra.Command{

 		cmd.SetOut(cmd.OutOrStdout())

-		err := parseFilters()
-		if err != nil {
-			return err
-		}
-
-		err = util.InitLog(logLevel, "console")
+		err := util.InitLog(logLevel, "console")
 		if err != nil {
 			return fmt.Errorf("failed initializing log %v", err)
 		}
@@ -51,251 +35,21 @@ var statusCmd = &cobra.Command{
 		}
 		defer conn.Close()

-		resp, err := proto.NewDaemonServiceClient(conn).Status(cmd.Context(), &proto.StatusRequest{GetFullPeerStatus: true})
+		resp, err := proto.NewDaemonServiceClient(conn).Status(cmd.Context(), &proto.StatusRequest{})
 		if err != nil {
 			return fmt.Errorf("status failed: %v", status.Convert(err).Message())
 		}

-		daemonStatus := fmt.Sprintf("Daemon status: %s\n", resp.GetStatus())
+		cmd.Printf("Status: %s\n\n", resp.GetStatus())
 		if resp.GetStatus() == string(internal.StatusNeedsLogin) || resp.GetStatus() == string(internal.StatusLoginFailed) {

-			cmd.Printf("%s\n"+
-				"Run UP command to log in with SSO (interactive login):\n\n"+
-				" netbird up \n\n"+
-				"If you are running a self-hosted version and no SSO provider has been configured in your Management Server,\n"+
-				"you can use a setup-key:\n\n netbird up --management-url <YOUR_MANAGEMENT_URL> --setup-key <YOUR_SETUP_KEY>\n\n"+
-				"More info: https://www.netbird.io/docs/overview/setup-keys\n\n",
-				daemonStatus,
-			)
-			return nil
+			cmd.Printf("Run UP command to log in with SSO (interactive login):\n\n" +
+				" netbird up \n\n" +
+				"If you are running a self-hosted version and no SSO provider has been configured in your Management Server,\n" +
+				"you can use a setup-key:\n\n netbird up --management-url <YOUR_MANAGEMENT_URL> --setup-key <YOUR_SETUP_KEY>\n\n" +
+				"More info: https://www.netbird.io/docs/overview/setup-keys\n\n")
 		}

-		pbFullStatus := resp.GetFullStatus()
-		fullStatus := fromProtoFullStatus(pbFullStatus)
-
-		cmd.Print(parseFullStatus(fullStatus, detailFlag, daemonStatus, resp.GetDaemonVersion()))
-
 		return nil
 	},
 }
-
-func init() {
-	ipsFilterMap = make(map[string]struct{})
-	statusCmd.PersistentFlags().BoolVarP(&detailFlag, "detail", "d", false, "display detailed status information")
-	statusCmd.PersistentFlags().StringSliceVar(&ipsFilter, "filter-by-ips", []string{}, "filters the detailed output by a list of one or more IPs, e.g. --filter-by-ips 100.64.0.100,100.64.0.200")
-	statusCmd.PersistentFlags().StringVar(&statusFilter, "filter-by-status", "", "filters the detailed output by connection status(connected|disconnected), e.g. --filter-by-status connected")
-}
-
-func parseFilters() error {
-	switch strings.ToLower(statusFilter) {
-	case "", "disconnected", "connected":
-	default:
-		return fmt.Errorf("wrong status filter, should be one of connected|disconnected, got: %s", statusFilter)
-	}
-
-	if len(ipsFilter) > 0 {
-		for _, addr := range ipsFilter {
-			_, err := netip.ParseAddr(addr)
-			if err != nil {
-				return fmt.Errorf("got an invalid IP address in the filter: address %s, error %s", addr, err)
-			}
-			ipsFilterMap[addr] = struct{}{}
-		}
-	}
-	return nil
-}
-
-func fromProtoFullStatus(pbFullStatus *proto.FullStatus) nbStatus.FullStatus {
-	var fullStatus nbStatus.FullStatus
-	managementState := pbFullStatus.GetManagementState()
-	fullStatus.ManagementState.URL = managementState.GetURL()
-	fullStatus.ManagementState.Connected = managementState.GetConnected()
-
-	signalState := pbFullStatus.GetSignalState()
-	fullStatus.SignalState.URL = signalState.GetURL()
-	fullStatus.SignalState.Connected = signalState.GetConnected()
-
-	localPeerState := pbFullStatus.GetLocalPeerState()
-	fullStatus.LocalPeerState.IP = localPeerState.GetIP()
-	fullStatus.LocalPeerState.PubKey = localPeerState.GetPubKey()
-	fullStatus.LocalPeerState.KernelInterface = localPeerState.GetKernelInterface()
-
-	var peersState []nbStatus.PeerState
-
-	for _, pbPeerState := range pbFullStatus.GetPeers() {
-		timeLocal := pbPeerState.GetConnStatusUpdate().AsTime().Local()
-		peerState := nbStatus.PeerState{
-			IP:                     pbPeerState.GetIP(),
-			PubKey:                 pbPeerState.GetPubKey(),
-			ConnStatus:             pbPeerState.GetConnStatus(),
-			ConnStatusUpdate:       timeLocal,
-			Relayed:                pbPeerState.GetRelayed(),
-			Direct:                 pbPeerState.GetDirect(),
-			LocalIceCandidateType:  pbPeerState.GetLocalIceCandidateType(),
-			RemoteIceCandidateType: pbPeerState.GetRemoteIceCandidateType(),
-		}
-		peersState = append(peersState, peerState)
-	}
-
-	fullStatus.Peers = peersState
-
-	return fullStatus
-}
-
-func parseFullStatus(fullStatus nbStatus.FullStatus, printDetail bool, daemonStatus string, daemonVersion string) string {
-	var (
-		managementStatusURL  = ""
-		signalStatusURL      = ""
-		managementConnString = "Disconnected"
-		signalConnString     = "Disconnected"
-		interfaceTypeString  = "Userspace"
-	)
-
-	if printDetail {
-		managementStatusURL = fmt.Sprintf(" to %s", fullStatus.ManagementState.URL)
-		signalStatusURL = fmt.Sprintf(" to %s", fullStatus.SignalState.URL)
-	}
-
-	if fullStatus.ManagementState.Connected {
-		managementConnString = "Connected"
-	}
-
-	if fullStatus.SignalState.Connected {
-		signalConnString = "Connected"
-	}
-
-	interfaceIP := fullStatus.LocalPeerState.IP
-
-	if fullStatus.LocalPeerState.KernelInterface {
-		interfaceTypeString = "Kernel"
-	} else if fullStatus.LocalPeerState.IP == "" {
-		interfaceTypeString = "N/A"
-		interfaceIP = "N/A"
-	}
-
-	parsedPeersString, peersConnected := parsePeers(fullStatus.Peers, printDetail)
-
-	peersCountString := fmt.Sprintf("%d/%d Connected", peersConnected, len(fullStatus.Peers))
-
-	summary := fmt.Sprintf(
-		"Daemon version: %s\n"+
-			"CLI version: %s\n"+
-			"%s"+ // daemon status
-			"Management: %s%s\n"+
-			"Signal:  %s%s\n"+
-			"NetBird IP: %s\n"+
-			"Interface type: %s\n"+
-			"Peers count: %s\n",
-		daemonVersion,
-		system.NetbirdVersion(),
-		daemonStatus,
-		managementConnString,
-		managementStatusURL,
-		signalConnString,
-		signalStatusURL,
-		interfaceIP,
-		interfaceTypeString,
-		peersCountString,
-	)
-
-	if printDetail {
-		return fmt.Sprintf(
-			"Peers detail:"+
-				"%s\n"+
-				"%s",
-			parsedPeersString,
-			summary,
-		)
-	}
-	return summary
-}
-
-func parsePeers(peers []nbStatus.PeerState, printDetail bool) (string, int) {
-	var (
-		peersString    = ""
-		peersConnected = 0
-	)
-
-	if len(peers) > 0 {
-		sort.SliceStable(peers, func(i, j int) bool {
-			iAddr, _ := netip.ParseAddr(peers[i].IP)
-			jAddr, _ := netip.ParseAddr(peers[j].IP)
-			return iAddr.Compare(jAddr) == -1
-		})
-	}
-
-	connectedStatusString := peer.StatusConnected.String()
-
-	for _, peerState := range peers {
-		peerConnectionStatus := false
-		if peerState.ConnStatus == connectedStatusString {
-			peersConnected = peersConnected + 1
-			peerConnectionStatus = true
-		}
-
-		if printDetail {
-
-			if skipDetailByFilters(peerState, peerConnectionStatus) {
-				continue
-			}
-
-			localICE := "-"
-			remoteICE := "-"
-			connType := "-"
-
-			if peerConnectionStatus {
-				localICE = peerState.LocalIceCandidateType
-				remoteICE = peerState.RemoteIceCandidateType
-				connType = "P2P"
-				if peerState.Relayed {
-					connType = "Relayed"
-				}
-			}
-
-			peerString := fmt.Sprintf(
-				"\n Peer:\n"+
-					"  NetBird IP: %s\n"+
-					"  Public key: %s\n"+
-					"  Status: %s\n"+
-					"  -- detail --\n"+
-					"  Connection type: %s\n"+
-					"  Direct: %t\n"+
-					"  ICE candidate (Local/Remote): %s/%s\n"+
-					"  Last connection update: %s\n",
-				peerState.IP,
-				peerState.PubKey,
-				peerState.ConnStatus,
-				connType,
-				peerState.Direct,
-				localICE,
-				remoteICE,
-				peerState.ConnStatusUpdate.Format("2006-01-02 15:04:05"),
-			)
-
-			peersString = peersString + peerString
-		}
-	}
-	return peersString, peersConnected
-}
-
-func skipDetailByFilters(peerState nbStatus.PeerState, isConnected bool) bool {
-	statusEval := false
-	ipEval := false
-
-	if statusFilter != "" {
-		lowerStatusFilter := strings.ToLower(statusFilter)
-		if lowerStatusFilter == "disconnected" && isConnected {
-			statusEval = true
-		} else if lowerStatusFilter == "connected" && !isConnected {
-			statusEval = true
-		}
-	}
-
-	if len(ipsFilter) > 0 {
-		_, ok := ipsFilterMap[peerState.IP]
-		if !ok {
-			ipEval = true
-		}
-	}
-	return statusEval || ipEval
-}
--- a/client/cmd/up.go
+++ b/client/cmd/up.go
@@ -5,7 +5,6 @@ import (
 	"fmt"
 	"github.com/netbirdio/netbird/client/internal"
 	"github.com/netbirdio/netbird/client/proto"
-	nbStatus "github.com/netbirdio/netbird/client/status"
 	"github.com/netbirdio/netbird/util"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
@@ -40,8 +39,6 @@ var upCmd = &cobra.Command{
 				return fmt.Errorf("get config file: %v", err)
 			}

-			config, _ = internal.UpdateOldManagementPort(ctx, config, configPath)
-
 			err = foregroundLogin(ctx, cmd, config, setupKey)
 			if err != nil {
 				return fmt.Errorf("foreground login failed: %v", err)
@@ -50,7 +47,7 @@ var upCmd = &cobra.Command{
 			var cancel context.CancelFunc
 			ctx, cancel = context.WithCancel(ctx)
 			SetupCloseHandler(ctx, cancel)
-			return internal.RunClient(ctx, config, nbStatus.NewRecorder())
+			return internal.RunClient(ctx, config)
 		}

 		conn, err := DialClientGRPCServer(ctx, daemonAddr)
--- a/client/internal/config.go
+++ b/client/internal/config.go
@@ -3,16 +3,16 @@ package internal
 import (
 	"context"
 	"fmt"
-	"github.com/netbirdio/netbird/client/ssh"
-	"github.com/netbirdio/netbird/iface"
 	mgm "github.com/netbirdio/netbird/management/client"
-	"github.com/netbirdio/netbird/util"
-	log "github.com/sirupsen/logrus"
-	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 	"net/url"
 	"os"
+
+	"github.com/netbirdio/netbird/iface"
+	"github.com/netbirdio/netbird/util"
+	log "github.com/sirupsen/logrus"
+	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
 )

 var managementURLDefault *url.URL
@@ -22,7 +22,7 @@ func ManagementURLDefault() *url.URL {
 }

 func init() {
-	managementURL, err := ParseURL("Management URL", "https://api.wiretrustee.com:443")
+	managementURL, err := parseURL("Management URL", "https://api.wiretrustee.com:33073")
 	if err != nil {
 		panic(err)
 	}
@@ -37,28 +37,15 @@ type Config struct {
 	ManagementURL  *url.URL
 	AdminURL       *url.URL
 	WgIface        string
-	WgPort         int
 	IFaceBlackList []string
-	// SSHKey is a private SSH key in a PEM format
-	SSHKey string
 }

 // createNewConfig creates a new config generating a new Wireguard key and saving to file
 func createNewConfig(managementURL, adminURL, configPath, preSharedKey string) (*Config, error) {
 	wgKey := generateKey()
-	pem, err := ssh.GeneratePrivateKey(ssh.ED25519)
-	if err != nil {
-		return nil, err
-	}
-	config := &Config{
-		SSHKey:         string(pem),
-		PrivateKey:     wgKey,
-		WgIface:        iface.WgInterfaceDefault,
-		WgPort:         iface.DefaultWgPort,
-		IFaceBlackList: []string{},
-	}
+	config := &Config{PrivateKey: wgKey, WgIface: iface.WgInterfaceDefault, IFaceBlackList: []string{}}
 	if managementURL != "" {
-		URL, err := ParseURL("Management URL", managementURL)
+		URL, err := parseURL("Management URL", managementURL)
 		if err != nil {
 			return nil, err
 		}
@@ -71,18 +58,9 @@ func createNewConfig(managementURL, adminURL, configPath, preSharedKey string) (
 		config.PreSharedKey = preSharedKey
 	}

-	if adminURL != "" {
-		newURL, err := ParseURL("Admin Panel URL", adminURL)
-		if err != nil {
-			return nil, err
-		}
-		config.AdminURL = newURL
-	}
+	config.IFaceBlackList = []string{iface.WgInterfaceDefault, "tun0"}

-	config.IFaceBlackList = []string{iface.WgInterfaceDefault, "wt", "utun", "tun0", "zt", "ZeroTier", "utun", "wg", "ts",
-		"Tailscale", "tailscale", "docker", "vet"}
-
-	err = util.WriteJson(configPath, config)
+	err := util.WriteJson(configPath, config)
 	if err != nil {
 		return nil, err
 	}
@@ -90,8 +68,7 @@ func createNewConfig(managementURL, adminURL, configPath, preSharedKey string) (
 	return config, nil
 }

-// ParseURL parses and validates management URL
-func ParseURL(serviceName, managementURL string) (*url.URL, error) {
+func parseURL(serviceName, managementURL string) (*url.URL, error) {
 	parsedMgmtURL, err := url.ParseRequestURI(managementURL)
 	if err != nil {
 		log.Errorf("failed parsing management URL %s: [%s]", managementURL, err.Error())
@@ -123,7 +100,7 @@ func ReadConfig(managementURL, adminURL, configPath string, preSharedKey *string
 	if managementURL != "" && config.ManagementURL.String() != managementURL {
 		log.Infof("new Management URL provided, updated to %s (old value %s)",
 			managementURL, config.ManagementURL)
-		newURL, err := ParseURL("Management URL", managementURL)
+		newURL, err := parseURL("Management URL", managementURL)
 		if err != nil {
 			return nil, err
 		}
@@ -134,7 +111,7 @@ func ReadConfig(managementURL, adminURL, configPath string, preSharedKey *string
 	if adminURL != "" && (config.AdminURL == nil || config.AdminURL.String() != adminURL) {
 		log.Infof("new Admin Panel URL provided, updated to %s (old value %s)",
 			adminURL, config.AdminURL)
-		newURL, err := ParseURL("Admin Panel URL", adminURL)
+		newURL, err := parseURL("Admin Panel URL", adminURL)
 		if err != nil {
 			return nil, err
 		}
@@ -148,19 +125,6 @@ func ReadConfig(managementURL, adminURL, configPath string, preSharedKey *string
 		config.PreSharedKey = *preSharedKey
 		refresh = true
 	}
-	if config.SSHKey == "" {
-		pem, err := ssh.GeneratePrivateKey(ssh.ED25519)
-		if err != nil {
-			return nil, err
-		}
-		config.SSHKey = string(pem)
-		refresh = true
-	}
-
-	if config.WgPort == 0 {
-		config.WgPort = iface.DefaultWgPort
-		refresh = true
-	}

 	if refresh {
 		// since we have new management URL, we need to update config file
@@ -209,14 +173,9 @@ type ProviderConfig struct {
 	// ClientSecret An IDP application client secret
 	ClientSecret string
 	// Domain An IDP API domain
-	// Deprecated. Use OIDCConfigEndpoint instead
 	Domain string
 	// Audience An Audience for to authorization validation
 	Audience string
-	// TokenEndpoint is the endpoint of an IDP manager where clients can obtain access token
-	TokenEndpoint string
-	// DeviceAuthEndpoint is the endpoint of an IDP manager where clients can obtain device authorization code
-	DeviceAuthEndpoint string
 }

 func GetDeviceAuthorizationFlowInfo(ctx context.Context, config *Config) (DeviceAuthorizationFlow, error) {
@@ -238,13 +197,7 @@ func GetDeviceAuthorizationFlowInfo(ctx context.Context, config *Config) (Device
 		log.Errorf("failed connecting to Management Service %s %v", config.ManagementURL.String(), err)
 		return DeviceAuthorizationFlow{}, err
 	}
-	log.Debugf("connected to the Management service %s", config.ManagementURL.String())
-	defer func() {
-		err = mgmClient.Close()
-		if err != nil {
-			log.Warnf("failed to close the Management service client %v", err)
-		}
-	}()
+	log.Debugf("connected to management Service %s", config.ManagementURL.String())

 	serverKey, err := mgmClient.GetServerPublicKey()
 	if err != nil {
@@ -263,16 +216,20 @@ func GetDeviceAuthorizationFlowInfo(ctx context.Context, config *Config) (Device
 		}
 	}

+	err = mgmClient.Close()
+	if err != nil {
+		log.Errorf("failed closing Management Service client: %v", err)
+		return DeviceAuthorizationFlow{}, err
+	}
+
 	return DeviceAuthorizationFlow{
 		Provider: protoDeviceAuthorizationFlow.Provider.String(),

 		ProviderConfig: ProviderConfig{
-			Audience:           protoDeviceAuthorizationFlow.GetProviderConfig().GetAudience(),
-			ClientID:           protoDeviceAuthorizationFlow.GetProviderConfig().GetClientID(),
-			ClientSecret:       protoDeviceAuthorizationFlow.GetProviderConfig().GetClientSecret(),
-			Domain:             protoDeviceAuthorizationFlow.GetProviderConfig().Domain,
-			TokenEndpoint:      protoDeviceAuthorizationFlow.GetProviderConfig().GetTokenEndpoint(),
-			DeviceAuthEndpoint: protoDeviceAuthorizationFlow.GetProviderConfig().GetDeviceAuthEndpoint(),
+			Audience:     protoDeviceAuthorizationFlow.ProviderConfig.Audience,
+			ClientID:     protoDeviceAuthorizationFlow.ProviderConfig.ClientID,
+			ClientSecret: protoDeviceAuthorizationFlow.ProviderConfig.ClientSecret,
+			Domain:       protoDeviceAuthorizationFlow.ProviderConfig.Domain,
 		},
 	}, nil
 }
--- a/client/internal/connect.go
+++ b/client/internal/connect.go
@@ -2,10 +2,6 @@ package internal

 import (
 	"context"
-	"fmt"
-	"github.com/netbirdio/netbird/client/ssh"
-	nbStatus "github.com/netbirdio/netbird/client/status"
-	"strings"
 	"time"

 	"github.com/netbirdio/netbird/client/system"
@@ -19,17 +15,17 @@ import (
 	"github.com/cenkalti/backoff/v4"
 	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
 	"google.golang.org/grpc/codes"
-	gstatus "google.golang.org/grpc/status"
+	"google.golang.org/grpc/status"
 )

 // RunClient with main logic.
-func RunClient(ctx context.Context, config *Config, statusRecorder *nbStatus.Status) error {
+func RunClient(ctx context.Context, config *Config) error {
 	backOff := &backoff.ExponentialBackOff{
 		InitialInterval:     time.Second,
-		RandomizationFactor: 1,
-		Multiplier:          1.7,
-		MaxInterval:         15 * time.Second,
-		MaxElapsedTime:      3 * 30 * 24 * time.Hour, // 3 months
+		RandomizationFactor: backoff.DefaultRandomizationFactor,
+		Multiplier:          backoff.DefaultMultiplier,
+		MaxInterval:         10 * time.Second,
+		MaxElapsedTime:      24 * 3 * time.Hour, // stop the client after 3 days trying (must be a huge problem, e.g permission denied)
 		Stop:                backoff.Stop,
 		Clock:               backoff.SystemClock,
 	}
@@ -43,25 +39,6 @@ func RunClient(ctx context.Context, config *Config, statusRecorder *nbStatus.Sta
 	}()

 	wrapErr := state.Wrap
-	myPrivateKey, err := wgtypes.ParseKey(config.PrivateKey)
-	if err != nil {
-		log.Errorf("failed parsing Wireguard key %s: [%s]", config.PrivateKey, err.Error())
-		return wrapErr(err)
-	}
-
-	var mgmTlsEnabled bool
-	if config.ManagementURL.Scheme == "https" {
-		mgmTlsEnabled = true
-	}
-
-	publicSSHKey, err := ssh.GeneratePublicKey([]byte(config.SSHKey))
-	if err != nil {
-		return err
-	}
-
-	managementURL := config.ManagementURL.String()
-	statusRecorder.MarkManagementDisconnected(managementURL)
-
 	operation := func() error {
 		// if context cancelled we not start new backoff cycle
 		select {
@@ -71,54 +48,32 @@ func RunClient(ctx context.Context, config *Config, statusRecorder *nbStatus.Sta
 		}

 		state.Set(StatusConnecting)
+		// validate our peer's Wireguard PRIVATE key
+		myPrivateKey, err := wgtypes.ParseKey(config.PrivateKey)
+		if err != nil {
+			log.Errorf("failed parsing Wireguard key %s: [%s]", config.PrivateKey, err.Error())
+			return wrapErr(err)
+		}
+
+		var mgmTlsEnabled bool
+		if config.ManagementURL.Scheme == "https" {
+			mgmTlsEnabled = true
+		}

 		engineCtx, cancel := context.WithCancel(ctx)
-		defer func() {
-			statusRecorder.MarkManagementDisconnected(managementURL)
-			statusRecorder.CleanLocalPeerState()
-			cancel()
-		}()
-
-		log.Debugf("conecting to the Management service %s", config.ManagementURL.Host)
-		mgmClient, err := mgm.NewClient(engineCtx, config.ManagementURL.Host, myPrivateKey, mgmTlsEnabled)
-		if err != nil {
-			return wrapErr(gstatus.Errorf(codes.FailedPrecondition, "failed connecting to Management Service : %s", err))
-		}
-		log.Debugf("connected to the Management service %s", config.ManagementURL.Host)
-		defer func() {
-			err = mgmClient.Close()
-			if err != nil {
-				log.Warnf("failed to close the Management service client %v", err)
-			}
-		}()
+		defer cancel()

 		// connect (just a connection, no stream yet) and login to Management Service to get an initial global Wiretrustee config
-		loginResp, err := loginToManagement(engineCtx, mgmClient, publicSSHKey)
+		mgmClient, loginResp, err := connectToManagement(engineCtx, config.ManagementURL.Host, myPrivateKey, mgmTlsEnabled)
 		if err != nil {
 			log.Debug(err)
-			if s, ok := gstatus.FromError(err); ok && (s.Code() == codes.PermissionDenied) {
+			if s, ok := status.FromError(err); ok && s.Code() == codes.PermissionDenied {
+				log.Info("peer registration required. Please run `netbird status` for details")
 				state.Set(StatusNeedsLogin)
-				return backoff.Permanent(wrapErr(err)) // unrecoverable error
+				return nil
 			}
 			return wrapErr(err)
 		}
-		statusRecorder.MarkManagementConnected(managementURL)
-
-		localPeerState := nbStatus.LocalPeerState{
-			IP:              loginResp.GetPeerConfig().GetAddress(),
-			PubKey:          myPrivateKey.PublicKey().String(),
-			KernelInterface: iface.WireguardModExists(),
-		}
-
-		statusRecorder.UpdateLocalPeerState(localPeerState)
-
-		signalURL := fmt.Sprintf("%s://%s",
-			strings.ToLower(loginResp.GetWiretrusteeConfig().GetSignal().GetProtocol().String()),
-			loginResp.GetWiretrusteeConfig().GetSignal().GetUri(),
-		)
-
-		statusRecorder.MarkSignalDisconnected(signalURL)
-		defer statusRecorder.MarkSignalDisconnected(signalURL)

 		// with the global Wiretrustee config in hand connect (just a connection, no stream yet) Signal
 		signalClient, err := connectToSignal(engineCtx, loginResp.GetWiretrusteeConfig(), myPrivateKey)
@@ -126,14 +81,6 @@ func RunClient(ctx context.Context, config *Config, statusRecorder *nbStatus.Sta
 			log.Error(err)
 			return wrapErr(err)
 		}
-		defer func() {
-			err = signalClient.Close()
-			if err != nil {
-				log.Warnf("failed closing Signal service client %v", err)
-			}
-		}()
-
-		statusRecorder.MarkSignalConnected(signalURL)

 		peerConfig := loginResp.GetPeerConfig()

@@ -143,7 +90,7 @@ func RunClient(ctx context.Context, config *Config, statusRecorder *nbStatus.Sta
 			return wrapErr(err)
 		}

-		engine := NewEngine(engineCtx, cancel, signalClient, mgmClient, engineConfig, statusRecorder)
+		engine := NewEngine(engineCtx, cancel, signalClient, mgmClient, engineConfig)
 		err = engine.Start()
 		if err != nil {
 			log.Errorf("error while starting Netbird Connection Engine: %s", err)
@@ -157,13 +104,24 @@ func RunClient(ctx context.Context, config *Config, statusRecorder *nbStatus.Sta

 		backOff.Reset()

+		err = mgmClient.Close()
+		if err != nil {
+			log.Errorf("failed closing Management Service client %v", err)
+			return wrapErr(err)
+		}
+		err = signalClient.Close()
+		if err != nil {
+			log.Errorf("failed closing Signal Service client %v", err)
+			return wrapErr(err)
+		}
+
 		err = engine.Stop()
 		if err != nil {
 			log.Errorf("failed stopping engine %v", err)
 			return wrapErr(err)
 		}

-		log.Info("stopped NetBird client")
+		log.Info("stopped Netbird client")

 		if _, err := state.Status(); err == ErrResetConnection {
 			return err
@@ -172,9 +130,9 @@ func RunClient(ctx context.Context, config *Config, statusRecorder *nbStatus.Sta
 		return nil
 	}

-	err = backoff.Retry(operation, backOff)
+	err := backoff.Retry(operation, backOff)
 	if err != nil {
-		log.Debugf("exiting client retry loop due to unrecoverable error: %s", err)
+		log.Errorf("exiting client retry loop due to unrecoverable error: %s", err)
 		return err
 	}
 	return nil
@@ -182,14 +140,17 @@ func RunClient(ctx context.Context, config *Config, statusRecorder *nbStatus.Sta

 // createEngineConfig converts configuration received from Management Service to EngineConfig
 func createEngineConfig(key wgtypes.Key, config *Config, peerConfig *mgmProto.PeerConfig) (*EngineConfig, error) {
+	iFaceBlackList := make(map[string]struct{})
+	for i := 0; i < len(config.IFaceBlackList); i += 2 {
+		iFaceBlackList[config.IFaceBlackList[i]] = struct{}{}
+	}

 	engineConf := &EngineConfig{
 		WgIfaceName:    config.WgIface,
 		WgAddr:         peerConfig.Address,
-		IFaceBlackList: config.IFaceBlackList,
+		IFaceBlackList: iFaceBlackList,
 		WgPrivateKey:   key,
-		WgPort:         config.WgPort,
-		SSHKey:         []byte(config.SSHKey),
+		WgPort:         iface.DefaultWgPort,
 	}

 	if config.PreSharedKey != "" {
@@ -215,99 +176,33 @@ func connectToSignal(ctx context.Context, wtConfig *mgmProto.WiretrusteeConfig,
 	signalClient, err := signal.NewClient(ctx, wtConfig.Signal.Uri, ourPrivateKey, sigTLSEnabled)
 	if err != nil {
 		log.Errorf("error while connecting to the Signal Exchange Service %s: %s", wtConfig.Signal.Uri, err)
-		return nil, gstatus.Errorf(codes.FailedPrecondition, "failed connecting to Signal Service : %s", err)
+		return nil, status.Errorf(codes.FailedPrecondition, "failed connecting to Signal Service : %s", err)
 	}

 	return signalClient, nil
 }

-// loginToManagement creates Management Services client, establishes a connection, logs-in and gets a global Wiretrustee config (signal, turn, stun hosts, etc)
-func loginToManagement(ctx context.Context, client mgm.Client, pubSSHKey []byte) (*mgmProto.LoginResponse, error) {
+// connectToManagement creates Management Services client, establishes a connection, logs-in and gets a global Wiretrustee config (signal, turn, stun hosts, etc)
+func connectToManagement(ctx context.Context, managementAddr string, ourPrivateKey wgtypes.Key, tlsEnabled bool) (*mgm.GrpcClient, *mgmProto.LoginResponse, error) {
+	log.Debugf("connecting to Management Service %s", managementAddr)
+	client, err := mgm.NewClient(ctx, managementAddr, ourPrivateKey, tlsEnabled)
+	if err != nil {
+		return nil, nil, status.Errorf(codes.FailedPrecondition, "failed connecting to Management Service : %s", err)
+	}
+	log.Debugf("connected to management server %s", managementAddr)

 	serverPublicKey, err := client.GetServerPublicKey()
 	if err != nil {
-		return nil, gstatus.Errorf(codes.FailedPrecondition, "failed while getting Management Service public key: %s", err)
+		return nil, nil, status.Errorf(codes.FailedPrecondition, "failed while getting Management Service public key: %s", err)
 	}

 	sysInfo := system.GetInfo(ctx)
-	loginResp, err := client.Login(*serverPublicKey, sysInfo, pubSSHKey)
+	loginResp, err := client.Login(*serverPublicKey, sysInfo)
 	if err != nil {
-		return nil, err
+		return nil, nil, err
 	}

-	return loginResp, nil
-}
-
-// ManagementLegacyPort is the port that was used before by the Management gRPC server.
-// It is used for backward compatibility now.
-// NB: hardcoded from github.com/netbirdio/netbird/management/cmd to avoid import
-const ManagementLegacyPort = 33073
-
-// UpdateOldManagementPort checks whether client can switch to the new Management port 443.
-// If it can switch, then it updates the config and returns a new one. Otherwise, it returns the provided config.
-// The check is performed only for the NetBird's managed version.
-func UpdateOldManagementPort(ctx context.Context, config *Config, configPath string) (*Config, error) {
-
-	if config.ManagementURL.Hostname() != ManagementURLDefault().Hostname() {
-		// only do the check for the NetBird's managed version
-		return config, nil
-	}
-
-	var mgmTlsEnabled bool
-	if config.ManagementURL.Scheme == "https" {
-		mgmTlsEnabled = true
-	}
-
-	if !mgmTlsEnabled {
-		// only do the check for HTTPs scheme (the hosted version of the Management service is always HTTPs)
-		return config, nil
-	}
-
-	if mgmTlsEnabled && config.ManagementURL.Port() == fmt.Sprintf("%d", ManagementLegacyPort) {
-
-		newURL, err := ParseURL("Management URL", fmt.Sprintf("%s://%s:%d",
-			config.ManagementURL.Scheme, config.ManagementURL.Hostname(), 443))
-		if err != nil {
-			return nil, err
-		}
-		// here we check whether we could switch from the legacy 33073 port to the new 443
-		log.Infof("attempting to switch from the legacy Management URL %s to the new one %s",
-			config.ManagementURL.String(), newURL.String())
-		key, err := wgtypes.ParseKey(config.PrivateKey)
-		if err != nil {
-			log.Infof("couldn't switch to the new Management %s", newURL.String())
-			return config, err
-		}
-
-		client, err := mgm.NewClient(ctx, newURL.Host, key, mgmTlsEnabled)
-		if err != nil {
-			log.Infof("couldn't switch to the new Management %s", newURL.String())
-			return config, err
-		}
-		defer func() {
-			err = client.Close()
-			if err != nil {
-				log.Warnf("failed to close the Management service client %v", err)
-			}
-		}()
-
-		// gRPC check
-		_, err = client.GetServerPublicKey()
-		if err != nil {
-			log.Infof("couldn't switch to the new Management %s", newURL.String())
-			return nil, err
-		}
-
-		// everything is alright => update the config
-		newConfig, err := ReadConfig(newURL.String(), "", configPath, nil)
-		if err != nil {
-			log.Infof("couldn't switch to the new Management %s", newURL.String())
-			return config, fmt.Errorf("failed updating config file: %v", err)
-		}
-		log.Infof("successfully switched to the new Management URL: %s", newURL.String())
-
-		return newConfig, nil
-	}
-
-	return config, nil
+	log.Debugf("peer logged in to Management Service %s", managementAddr)
+
+	return client, loginResp, nil
 }
--- a/client/internal/engine.go
+++ b/client/internal/engine.go
@@ -3,14 +3,8 @@ package internal
 import (
 	"context"
 	"fmt"
-	"github.com/netbirdio/netbird/client/internal/routemanager"
-	nbssh "github.com/netbirdio/netbird/client/ssh"
-	nbstatus "github.com/netbirdio/netbird/client/status"
-	"github.com/netbirdio/netbird/route"
 	"math/rand"
 	"net"
-	"reflect"
-	"runtime"
 	"strings"
 	"sync"
 	"time"
@@ -51,7 +45,7 @@ type EngineConfig struct {
 	WgPrivateKey wgtypes.Key

 	// IFaceBlackList is a list of network interfaces to ignore when discovering connection candidates (ICE related)
-	IFaceBlackList []string
+	IFaceBlackList map[string]struct{}

 	PreSharedKey *wgtypes.Key

@@ -60,9 +54,6 @@ type EngineConfig struct {

 	// UDPMuxSrflxPort default value 0 - the system will pick an available port
 	UDPMuxSrflxPort int
-
-	// SSHKey is a private SSH key in a PEM format
-	SSHKey []byte
 }

 // Engine is a mechanism responsible for reacting on Signal and Management stream events and managing connections to the remote peers.
@@ -87,7 +78,7 @@ type Engine struct {

 	ctx context.Context

-	wgInterface *iface.WGIface
+	wgInterface iface.WGIface

 	udpMux          ice.UDPMux
 	udpMuxSrflx     ice.UniversalUDPMux
@@ -96,13 +87,6 @@ type Engine struct {

 	// networkSerial is the latest CurrentSerial (state ID) of the network sent by the Management service
 	networkSerial uint64
-
-	sshServerFunc func(hostKeyPEM []byte, addr string) (nbssh.Server, error)
-	sshServer     nbssh.Server
-
-	statusRecorder *nbstatus.Status
-
-	routeManager routemanager.Manager
 }

 // Peer is an instance of the Connection Peer
@@ -114,22 +98,19 @@ type Peer struct {
 // NewEngine creates a new Connection Engine
 func NewEngine(
 	ctx context.Context, cancel context.CancelFunc,
-	signalClient signal.Client, mgmClient mgm.Client,
-	config *EngineConfig, statusRecorder *nbstatus.Status,
+	signalClient signal.Client, mgmClient mgm.Client, config *EngineConfig,
 ) *Engine {
 	return &Engine{
-		ctx:            ctx,
-		cancel:         cancel,
-		signal:         signalClient,
-		mgmClient:      mgmClient,
-		peerConns:      map[string]*peer.Conn{},
-		syncMsgMux:     &sync.Mutex{},
-		config:         config,
-		STUNs:          []*ice.URL{},
-		TURNs:          []*ice.URL{},
-		networkSerial:  0,
-		sshServerFunc:  nbssh.DefaultSSHServer,
-		statusRecorder: statusRecorder,
+		ctx:           ctx,
+		cancel:        cancel,
+		signal:        signalClient,
+		mgmClient:     mgmClient,
+		peerConns:     map[string]*peer.Conn{},
+		syncMsgMux:    &sync.Mutex{},
+		config:        config,
+		STUNs:         []*ice.URL{},
+		TURNs:         []*ice.URL{},
+		networkSerial: 0,
 	}
 }

@@ -179,17 +160,6 @@ func (e *Engine) Stop() error {
 		}
 	}

-	if !isNil(e.sshServer) {
-		err := e.sshServer.Stop()
-		if err != nil {
-			log.Warnf("failed stopping the SSH server: %v", err)
-		}
-	}
-
-	if e.routeManager != nil {
-		e.routeManager.Stop()
-	}
-
 	log.Infof("stopped Netbird Engine")

 	return nil
@@ -207,7 +177,7 @@ func (e *Engine) Start() error {
 	myPrivateKey := e.config.WgPrivateKey
 	var err error

-	e.wgInterface, err = iface.NewWGIFace(wgIfaceName, wgAddr, iface.DefaultMTU)
+	e.wgInterface, err = iface.NewWGIface(wgIfaceName, wgAddr, iface.DefaultMTU)
 	if err != nil {
 		log.Errorf("failed creating wireguard interface instance %s: [%s]", wgIfaceName, err.Error())
 		return err
@@ -240,47 +210,13 @@ func (e *Engine) Start() error {
 		return err
 	}

-	e.routeManager = routemanager.NewManager(e.ctx, e.config.WgPrivateKey.PublicKey().String(), e.wgInterface, e.statusRecorder)
-
 	e.receiveSignalEvents()
 	e.receiveManagementEvents()

 	return nil
 }

-// modifyPeers updates peers that have been modified (e.g. IP address has been changed).
-// It closes the existing connection, removes it from the peerConns map, and creates a new one.
-func (e *Engine) modifyPeers(peersUpdate []*mgmProto.RemotePeerConfig) error {
-
-	// first, check if peers have been modified
-	var modified []*mgmProto.RemotePeerConfig
-	for _, p := range peersUpdate {
-		if peerConn, ok := e.peerConns[p.GetWgPubKey()]; ok {
-			if peerConn.GetConf().ProxyConfig.AllowedIps != strings.Join(p.AllowedIps, ",") {
-				modified = append(modified, p)
-			}
-		}
-	}
-
-	// second, close all modified connections and remove them from the state map
-	for _, p := range modified {
-		err := e.removePeer(p.GetWgPubKey())
-		if err != nil {
-			return err
-		}
-	}
-	// third, add the peer connections again
-	for _, p := range modified {
-		err := e.addNewPeer(p)
-		if err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-// removePeers finds and removes peers that do not exist anymore in the network map received from the Management Service.
-// It also removes peers that have been modified (e.g. change of IP address). They will be added again in addPeers method.
+// removePeers finds and removes peers that do not exist anymore in the network map received from the Management Service
 func (e *Engine) removePeers(peersUpdate []*mgmProto.RemotePeerConfig) error {
 	currentPeers := make([]string, 0, len(e.peerConns))
 	for p := range e.peerConns {
@@ -315,21 +251,9 @@ func (e *Engine) removeAllPeers() error {
 	return nil
 }

-// removePeer closes an existing peer connection, removes a peer, and clears authorized key of the SSH server
+// removePeer closes an existing peer connection and removes a peer
 func (e *Engine) removePeer(peerKey string) error {
 	log.Debugf("removing peer from engine %s", peerKey)
-
-	if !isNil(e.sshServer) {
-		e.sshServer.RemoveAuthorizedKey(peerKey)
-	}
-
-	defer func() {
-		err := e.statusRecorder.RemovePeer(peerKey)
-		if err != nil {
-			log.Warnf("received error when removing peer %s from status recorder: %v", peerKey, err)
-		}
-	}()
-
 	conn, exists := e.peerConns[peerKey]
 	if exists {
 		delete(e.peerConns, peerKey)
@@ -392,14 +316,15 @@ func signalCandidate(candidate ice.Candidate, myKey wgtypes.Key, remoteKey wgtyp
 		},
 	})
 	if err != nil {
+		log.Errorf("failed signaling candidate to the remote peer %s %s", remoteKey.String(), err)
+		// todo ??
 		return err
 	}

 	return nil
 }

-// SignalOfferAnswer signals either an offer or an answer to remote peer
-func SignalOfferAnswer(offerAnswer peer.OfferAnswer, myKey wgtypes.Key, remoteKey wgtypes.Key, s signal.Client, isAnswer bool) error {
+func signalAuth(uFrag string, pwd string, myKey wgtypes.Key, remoteKey wgtypes.Key, s signal.Client, isAnswer bool) error {
 	var t sProto.Body_Type
 	if isAnswer {
 		t = sProto.Body_ANSWER
@@ -407,9 +332,9 @@ func SignalOfferAnswer(offerAnswer peer.OfferAnswer, myKey wgtypes.Key, remoteKe
 		t = sProto.Body_OFFER
 	}

-	msg, err := signal.MarshalCredential(myKey, offerAnswer.WgListenPort, remoteKey, &signal.Credential{
-		UFrag: offerAnswer.IceCredentials.UFrag,
-		Pwd:   offerAnswer.IceCredentials.Pwd,
+	msg, err := signal.MarshalCredential(myKey, remoteKey, &signal.Credential{
+		UFrag: uFrag,
+		Pwd:   pwd,
 	}, t)
 	if err != nil {
 		return err
@@ -451,75 +376,6 @@ func (e *Engine) handleSync(update *mgmProto.SyncResponse) error {
 	return nil
 }

-func isNil(server nbssh.Server) bool {
-	return server == nil || reflect.ValueOf(server).IsNil()
-}
-
-func (e *Engine) updateSSH(sshConf *mgmProto.SSHConfig) error {
-	if sshConf.GetSshEnabled() {
-		if runtime.GOOS == "windows" {
-			log.Warnf("running SSH server on Windows is not supported")
-			return nil
-		}
-		// start SSH server if it wasn't running
-		if isNil(e.sshServer) {
-			//nil sshServer means it has not yet been started
-			var err error
-			e.sshServer, err = e.sshServerFunc(e.config.SSHKey,
-				fmt.Sprintf("%s:%d", e.wgInterface.Address.IP.String(), nbssh.DefaultSSHPort))
-			if err != nil {
-				return err
-			}
-			go func() {
-				// blocking
-				err = e.sshServer.Start()
-				if err != nil {
-					// will throw error when we stop it even if it is a graceful stop
-					log.Debugf("stopped SSH server with error %v", err)
-				}
-				e.syncMsgMux.Lock()
-				defer e.syncMsgMux.Unlock()
-				e.sshServer = nil
-				log.Infof("stopped SSH server")
-			}()
-		} else {
-			log.Debugf("SSH server is already running")
-		}
-	} else {
-		// Disable SSH server request, so stop it if it was running
-		if !isNil(e.sshServer) {
-			err := e.sshServer.Stop()
-			if err != nil {
-				log.Warnf("failed to stop SSH server %v", err)
-			}
-			e.sshServer = nil
-		}
-	}
-	return nil
-}
-
-func (e *Engine) updateConfig(conf *mgmProto.PeerConfig) error {
-	if e.wgInterface.Address.String() != conf.Address {
-		oldAddr := e.wgInterface.Address.String()
-		log.Debugf("updating peer address from %s to %s", oldAddr, conf.Address)
-		err := e.wgInterface.UpdateAddr(conf.Address)
-		if err != nil {
-			return err
-		}
-		e.config.WgAddr = conf.Address
-		log.Infof("updated peer address from %s to %s", oldAddr, conf.Address)
-	}
-
-	if conf.GetSshConfig() != nil {
-		err := e.updateSSH(conf.GetSshConfig())
-		if err != nil {
-			log.Warnf("failed handling SSH server setup %v", e)
-		}
-	}
-
-	return nil
-}
-
 // receiveManagementEvents connects to the Management Service event stream to receive updates from the management service
 // E.g. when a new peer has been registered and we are allowed to connect to it.
 func (e *Engine) receiveManagementEvents() {
@@ -578,15 +434,6 @@ func (e *Engine) updateTURNs(turns []*mgmProto.ProtectedHostConfig) error {
 }

 func (e *Engine) updateNetworkMap(networkMap *mgmProto.NetworkMap) error {
-
-	// intentionally leave it before checking serial because for now it can happen that peer IP changed but serial didn't
-	if networkMap.GetPeerConfig() != nil {
-		err := e.updateConfig(networkMap.GetPeerConfig())
-		if err != nil {
-			return err
-		}
-	}
-
 	serial := networkMap.GetSerial()
 	if e.networkSerial > serial {
 		log.Debugf("received outdated NetworkMap with serial %d, ignoring", serial)
@@ -607,92 +454,36 @@ func (e *Engine) updateNetworkMap(networkMap *mgmProto.NetworkMap) error {
 			return err
 		}

-		err = e.modifyPeers(networkMap.GetRemotePeers())
-		if err != nil {
-			return err
-		}
-
 		err = e.addNewPeers(networkMap.GetRemotePeers())
 		if err != nil {
 			return err
 		}
-
-		// update SSHServer by adding remote peer SSH keys
-		if !isNil(e.sshServer) {
-			for _, config := range networkMap.GetRemotePeers() {
-				if config.GetSshConfig() != nil && config.GetSshConfig().GetSshPubKey() != nil {
-					err := e.sshServer.AddAuthorizedKey(config.WgPubKey, string(config.GetSshConfig().GetSshPubKey()))
-					if err != nil {
-						log.Warnf("failed adding authroized key to SSH DefaultServer %v", err)
-					}
-				}
-			}
-		}
-	}
-	protoRoutes := networkMap.GetRoutes()
-	if protoRoutes == nil {
-		protoRoutes = []*mgmProto.Route{}
-	}
-	err := e.routeManager.UpdateRoutes(serial, toRoutes(protoRoutes))
-	if err != nil {
-		log.Errorf("failed to update routes, err: %v", err)
 	}

 	e.networkSerial = serial
 	return nil
 }

-func toRoutes(protoRoutes []*mgmProto.Route) []*route.Route {
-	routes := make([]*route.Route, 0)
-	for _, protoRoute := range protoRoutes {
-		_, prefix, _ := route.ParseNetwork(protoRoute.Network)
-		convertedRoute := &route.Route{
-			ID:          protoRoute.ID,
-			Network:     prefix,
-			NetID:       protoRoute.NetID,
-			NetworkType: route.NetworkType(protoRoute.NetworkType),
-			Peer:        protoRoute.Peer,
-			Metric:      int(protoRoute.Metric),
-			Masquerade:  protoRoute.Masquerade,
-		}
-		routes = append(routes, convertedRoute)
-	}
-	return routes
-}
-
-// addNewPeers adds peers that were not know before but arrived from the Management service with the update
+// addNewPeers finds and adds peers that were not know before but arrived from the Management service with the update
 func (e *Engine) addNewPeers(peersUpdate []*mgmProto.RemotePeerConfig) error {
 	for _, p := range peersUpdate {
-		err := e.addNewPeer(p)
-		if err != nil {
-			return err
+		peerKey := p.GetWgPubKey()
+		peerIPs := p.GetAllowedIps()
+		if _, ok := e.peerConns[peerKey]; !ok {
+			conn, err := e.createPeerConn(peerKey, strings.Join(peerIPs, ","))
+			if err != nil {
+				return err
+			}
+			e.peerConns[peerKey] = conn
+
+			go e.connWorker(conn, peerKey)
 		}
+
 	}
 	return nil
 }

-// addNewPeer add peer if connection doesn't exist
-func (e *Engine) addNewPeer(peerConfig *mgmProto.RemotePeerConfig) error {
-	peerKey := peerConfig.GetWgPubKey()
-	peerIPs := peerConfig.GetAllowedIps()
-	if _, ok := e.peerConns[peerKey]; !ok {
-		conn, err := e.createPeerConn(peerKey, strings.Join(peerIPs, ","))
-		if err != nil {
-			return err
-		}
-		e.peerConns[peerKey] = conn
-
-		err = e.statusRecorder.AddPeer(peerKey)
-		if err != nil {
-			log.Warnf("error adding peer %s to status recorder, got error: %v", peerKey, err)
-		}
-
-		go e.connWorker(conn, peerKey)
-	}
-	return nil
-}
-
-func (e *Engine) connWorker(conn *peer.Conn, peerKey string) {
+func (e Engine) connWorker(conn *peer.Conn, peerKey string) {
 	for {

 		// randomize starting time a bit
@@ -711,22 +502,9 @@ func (e *Engine) connWorker(conn *peer.Conn, peerKey string) {
 			continue
 		}

-		// we might have received new STUN and TURN servers meanwhile, so update them
-		e.syncMsgMux.Lock()
-		conf := conn.GetConf()
-		conf.StunTurn = append(e.STUNs, e.TURNs...)
-		conn.UpdateConf(conf)
-		e.syncMsgMux.Unlock()
-
 		err := conn.Open()
 		if err != nil {
 			log.Debugf("connection to peer %s failed: %v", peerKey, err)
-			switch err.(type) {
-			case *peer.ConnectionClosedError:
-				// conn has been forced to close, so we exit the loop
-				return
-			default:
-			}
 		}
 	}
 }
@@ -739,11 +517,15 @@ func (e Engine) peerExists(peerKey string) bool {
 }

 func (e Engine) createPeerConn(pubKey string, allowedIPs string) (*peer.Conn, error) {
-	log.Debugf("creating peer connection %s", pubKey)
 	var stunTurn []*ice.URL
 	stunTurn = append(stunTurn, e.STUNs...)
 	stunTurn = append(stunTurn, e.TURNs...)

+	interfaceBlacklist := make([]string, 0, len(e.config.IFaceBlackList))
+	for k := range e.config.IFaceBlackList {
+		interfaceBlacklist = append(interfaceBlacklist, k)
+	}
+
 	proxyConfig := proxy.Config{
 		RemoteKey:    pubKey,
 		WgListenAddr: fmt.Sprintf("127.0.0.1:%d", e.config.WgPort),
@@ -758,15 +540,14 @@ func (e Engine) createPeerConn(pubKey string, allowedIPs string) (*peer.Conn, er
 		Key:                pubKey,
 		LocalKey:           e.config.WgPrivateKey.PublicKey().String(),
 		StunTurn:           stunTurn,
-		InterfaceBlackList: e.config.IFaceBlackList,
+		InterfaceBlackList: interfaceBlacklist,
 		Timeout:            timeout,
 		UDPMux:             e.udpMux,
 		UDPMuxSrflx:        e.udpMuxSrflx,
 		ProxyConfig:        proxyConfig,
-		LocalWgPort:        e.config.WgPort,
 	}

-	peerConn, err := peer.NewConn(config, e.statusRecorder)
+	peerConn, err := peer.NewConn(config)
 	if err != nil {
 		return nil, err
 	}
@@ -776,16 +557,16 @@ func (e Engine) createPeerConn(pubKey string, allowedIPs string) (*peer.Conn, er
 		return nil, err
 	}

-	signalOffer := func(offerAnswer peer.OfferAnswer) error {
-		return SignalOfferAnswer(offerAnswer, e.config.WgPrivateKey, wgPubKey, e.signal, false)
+	signalOffer := func(uFrag string, pwd string) error {
+		return signalAuth(uFrag, pwd, e.config.WgPrivateKey, wgPubKey, e.signal, false)
 	}

 	signalCandidate := func(candidate ice.Candidate) error {
 		return signalCandidate(candidate, e.config.WgPrivateKey, wgPubKey, e.signal)
 	}

-	signalAnswer := func(offerAnswer peer.OfferAnswer) error {
-		return SignalOfferAnswer(offerAnswer, e.config.WgPrivateKey, wgPubKey, e.signal, true)
+	signalAnswer := func(uFrag string, pwd string) error {
+		return signalAuth(uFrag, pwd, e.config.WgPrivateKey, wgPubKey, e.signal, true)
 	}

 	peerConn.SetSignalCandidate(signalCandidate)
@@ -814,26 +595,18 @@ func (e *Engine) receiveSignalEvents() {
 				if err != nil {
 					return err
 				}
-				conn.OnRemoteOffer(peer.OfferAnswer{
-					IceCredentials: peer.IceCredentials{
-						UFrag: remoteCred.UFrag,
-						Pwd:   remoteCred.Pwd,
-					},
-					WgListenPort: int(msg.GetBody().GetWgListenPort()),
-					Version:      msg.GetBody().GetNetBirdVersion(),
+				conn.OnRemoteOffer(peer.IceCredentials{
+					UFrag: remoteCred.UFrag,
+					Pwd:   remoteCred.Pwd,
 				})
 			case sProto.Body_ANSWER:
 				remoteCred, err := signal.UnMarshalCredential(msg)
 				if err != nil {
 					return err
 				}
-				conn.OnRemoteAnswer(peer.OfferAnswer{
-					IceCredentials: peer.IceCredentials{
-						UFrag: remoteCred.UFrag,
-						Pwd:   remoteCred.Pwd,
-					},
-					WgListenPort: int(msg.GetBody().GetWgListenPort()),
-					Version:      msg.GetBody().GetNetBirdVersion(),
+				conn.OnRemoteAnswer(peer.IceCredentials{
+					UFrag: remoteCred.UFrag,
+					Pwd:   remoteCred.Pwd,
 				})
 			case sProto.Body_CANDIDATE:
 				candidate, err := ice.UnmarshalCandidate(msg.GetBody().Payload)
--- a/client/internal/engine_test.go
+++ b/client/internal/engine_test.go
@@ -3,18 +3,10 @@ package internal
 import (
 	"context"
 	"fmt"
-	"github.com/netbirdio/netbird/client/internal/routemanager"
-	"github.com/netbirdio/netbird/client/ssh"
-	nbstatus "github.com/netbirdio/netbird/client/status"
-	"github.com/netbirdio/netbird/iface"
-	"github.com/netbirdio/netbird/route"
-	"github.com/stretchr/testify/assert"
 	"net"
-	"net/netip"
 	"os"
 	"path/filepath"
 	"runtime"
-	"strings"
 	"sync"
 	"testing"
 	"time"
@@ -47,140 +39,6 @@ var (
 	}
 )

-func TestEngine_SSH(t *testing.T) {
-
-	if runtime.GOOS == "windows" {
-		t.Skip("skipping TestEngine_SSH on Windows")
-	}
-
-	key, err := wgtypes.GeneratePrivateKey()
-	if err != nil {
-		t.Fatal(err)
-		return
-	}
-
-	ctx, cancel := context.WithCancel(context.Background())
-	defer cancel()
-
-	engine := NewEngine(ctx, cancel, &signal.MockClient{}, &mgmt.MockClient{}, &EngineConfig{
-		WgIfaceName:  "utun101",
-		WgAddr:       "100.64.0.1/24",
-		WgPrivateKey: key,
-		WgPort:       33100,
-	}, nbstatus.NewRecorder())
-
-	var sshKeysAdded []string
-	var sshPeersRemoved []string
-
-	sshCtx, cancel := context.WithCancel(context.Background())
-
-	engine.sshServerFunc = func(hostKeyPEM []byte, addr string) (ssh.Server, error) {
-		return &ssh.MockServer{
-			Ctx: sshCtx,
-			StopFunc: func() error {
-				cancel()
-				return nil
-			},
-			StartFunc: func() error {
-				<-ctx.Done()
-				return ctx.Err()
-			},
-			AddAuthorizedKeyFunc: func(peer, newKey string) error {
-				sshKeysAdded = append(sshKeysAdded, newKey)
-				return nil
-			},
-			RemoveAuthorizedKeyFunc: func(peer string) {
-				sshPeersRemoved = append(sshPeersRemoved, peer)
-			},
-		}, nil
-	}
-	err = engine.Start()
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	defer func() {
-		err := engine.Stop()
-		if err != nil {
-			return
-		}
-	}()
-
-	peerWithSSH := &mgmtProto.RemotePeerConfig{
-		WgPubKey:   "MNHf3Ma6z6mdLbriAJbqhX7+nM/B71lgw2+91q3LfhU=",
-		AllowedIps: []string{"100.64.0.21/24"},
-		SshConfig: &mgmtProto.SSHConfig{
-			SshPubKey: []byte("ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFATYCqaQw/9id1Qkq3n16JYhDhXraI6Pc1fgB8ynEfQ"),
-		},
-	}
-
-	// SSH server is not enabled so SSH config of a remote peer should be ignored
-	networkMap := &mgmtProto.NetworkMap{
-		Serial:             6,
-		PeerConfig:         nil,
-		RemotePeers:        []*mgmtProto.RemotePeerConfig{peerWithSSH},
-		RemotePeersIsEmpty: false,
-	}
-
-	err = engine.updateNetworkMap(networkMap)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	assert.Nil(t, engine.sshServer)
-
-	// SSH server is enabled, therefore SSH config should be applied
-	networkMap = &mgmtProto.NetworkMap{
-		Serial: 7,
-		PeerConfig: &mgmtProto.PeerConfig{Address: "100.64.0.1/24",
-			SshConfig: &mgmtProto.SSHConfig{SshEnabled: true}},
-		RemotePeers:        []*mgmtProto.RemotePeerConfig{peerWithSSH},
-		RemotePeersIsEmpty: false,
-	}
-
-	err = engine.updateNetworkMap(networkMap)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	time.Sleep(250 * time.Millisecond)
-	assert.NotNil(t, engine.sshServer)
-	assert.Contains(t, sshKeysAdded, "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFATYCqaQw/9id1Qkq3n16JYhDhXraI6Pc1fgB8ynEfQ")
-
-	// now remove peer
-	networkMap = &mgmtProto.NetworkMap{
-		Serial:             8,
-		RemotePeers:        []*mgmtProto.RemotePeerConfig{},
-		RemotePeersIsEmpty: false,
-	}
-
-	err = engine.updateNetworkMap(networkMap)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	//time.Sleep(250 * time.Millisecond)
-	assert.NotNil(t, engine.sshServer)
-	assert.Contains(t, sshPeersRemoved, "MNHf3Ma6z6mdLbriAJbqhX7+nM/B71lgw2+91q3LfhU=")
-
-	// now disable SSH server
-	networkMap = &mgmtProto.NetworkMap{
-		Serial: 9,
-		PeerConfig: &mgmtProto.PeerConfig{Address: "100.64.0.1/24",
-			SshConfig: &mgmtProto.SSHConfig{SshEnabled: false}},
-		RemotePeers:        []*mgmtProto.RemotePeerConfig{peerWithSSH},
-		RemotePeersIsEmpty: false,
-	}
-
-	err = engine.updateNetworkMap(networkMap)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	assert.Nil(t, engine.sshServer)
-
-}
-
 func TestEngine_UpdateNetworkMap(t *testing.T) {
 	// test setup
 	key, err := wgtypes.GeneratePrivateKey()
@@ -193,20 +51,18 @@ func TestEngine_UpdateNetworkMap(t *testing.T) {
 	defer cancel()

 	engine := NewEngine(ctx, cancel, &signal.MockClient{}, &mgmt.MockClient{}, &EngineConfig{
-		WgIfaceName:  "utun102",
+		WgIfaceName:  "utun100",
 		WgAddr:       "100.64.0.1/24",
 		WgPrivateKey: key,
 		WgPort:       33100,
-	}, nbstatus.NewRecorder())
-	engine.wgInterface, err = iface.NewWGIFace("utun102", "100.64.0.1/24", iface.DefaultMTU)
-	engine.routeManager = routemanager.NewManager(ctx, key.PublicKey().String(), engine.wgInterface, engine.statusRecorder)
+	})

 	type testCase struct {
 		name       string
 		networkMap *mgmtProto.NetworkMap

 		expectedLen    int
-		expectedPeers  []*mgmtProto.RemotePeerConfig
+		expectedPeers  []string
 		expectedSerial uint64
 	}

@@ -225,11 +81,6 @@ func TestEngine_UpdateNetworkMap(t *testing.T) {
 		AllowedIps: []string{"100.64.0.12/24"},
 	}

-	modifiedPeer3 := &mgmtProto.RemotePeerConfig{
-		WgPubKey:   "GGHf3Ma6z6mdLbriAJbqhX7+nM/B71lgw2+91q3LfhU=",
-		AllowedIps: []string{"100.64.0.20/24"},
-	}
-
 	case1 := testCase{
 		name: "input with a new peer to add",
 		networkMap: &mgmtProto.NetworkMap{
@@ -241,7 +92,7 @@ func TestEngine_UpdateNetworkMap(t *testing.T) {
 			RemotePeersIsEmpty: false,
 		},
 		expectedLen:    1,
-		expectedPeers:  []*mgmtProto.RemotePeerConfig{peer1},
+		expectedPeers:  []string{peer1.GetWgPubKey()},
 		expectedSerial: 1,
 	}

@@ -257,7 +108,7 @@ func TestEngine_UpdateNetworkMap(t *testing.T) {
 			RemotePeersIsEmpty: false,
 		},
 		expectedLen:    2,
-		expectedPeers:  []*mgmtProto.RemotePeerConfig{peer1, peer2},
+		expectedPeers:  []string{peer1.GetWgPubKey(), peer2.GetWgPubKey()},
 		expectedSerial: 2,
 	}

@@ -272,7 +123,7 @@ func TestEngine_UpdateNetworkMap(t *testing.T) {
 			RemotePeersIsEmpty: false,
 		},
 		expectedLen:    2,
-		expectedPeers:  []*mgmtProto.RemotePeerConfig{peer1, peer2},
+		expectedPeers:  []string{peer1.GetWgPubKey(), peer2.GetWgPubKey()},
 		expectedSerial: 2,
 	}

@@ -287,26 +138,11 @@ func TestEngine_UpdateNetworkMap(t *testing.T) {
 			RemotePeersIsEmpty: false,
 		},
 		expectedLen:    2,
-		expectedPeers:  []*mgmtProto.RemotePeerConfig{peer2, peer3},
+		expectedPeers:  []string{peer2.GetWgPubKey(), peer3.GetWgPubKey()},
 		expectedSerial: 4,
 	}

 	case5 := testCase{
-		name: "input with one peer to modify",
-		networkMap: &mgmtProto.NetworkMap{
-			Serial:     4,
-			PeerConfig: nil,
-			RemotePeers: []*mgmtProto.RemotePeerConfig{
-				modifiedPeer3, peer2,
-			},
-			RemotePeersIsEmpty: false,
-		},
-		expectedLen:    2,
-		expectedPeers:  []*mgmtProto.RemotePeerConfig{peer2, modifiedPeer3},
-		expectedSerial: 4,
-	}
-
-	case6 := testCase{
 		name: "input with all peers to remove",
 		networkMap: &mgmtProto.NetworkMap{
 			Serial:             5,
@@ -319,7 +155,7 @@ func TestEngine_UpdateNetworkMap(t *testing.T) {
 		expectedSerial: 5,
 	}

-	for _, c := range []testCase{case1, case2, case3, case4, case5, case6} {
+	for _, c := range []testCase{case1, case2, case3, case4, case5} {
 		t.Run(c.name, func(t *testing.T) {
 			err = engine.updateNetworkMap(c.networkMap)
 			if err != nil {
@@ -336,15 +172,9 @@ func TestEngine_UpdateNetworkMap(t *testing.T) {
 			}

 			for _, p := range c.expectedPeers {
-				conn, ok := engine.peerConns[p.GetWgPubKey()]
-				if !ok {
+				if _, ok := engine.peerConns[p]; !ok {
 					t.Errorf("expecting Engine.peerConns to contain peer %s", p)
 				}
-				expectedAllowedIPs := strings.Join(p.AllowedIps, ",")
-				if conn.GetConf().ProxyConfig.AllowedIps != expectedAllowedIPs {
-					t.Errorf("expecting peer %s to have AllowedIPs= %s, got %s", p.GetWgPubKey(),
-						expectedAllowedIPs, conn.GetConf().ProxyConfig.AllowedIps)
-				}
 			}
 		})
 	}
@@ -374,11 +204,11 @@ func TestEngine_Sync(t *testing.T) {
 	}

 	engine := NewEngine(ctx, cancel, &signal.MockClient{}, &mgmt.MockClient{SyncFunc: syncFunc}, &EngineConfig{
-		WgIfaceName:  "utun103",
+		WgIfaceName:  "utun100",
 		WgAddr:       "100.64.0.1/24",
 		WgPrivateKey: key,
 		WgPort:       33100,
-	}, nbstatus.NewRecorder())
+	})

 	defer func() {
 		err := engine.Stop()
@@ -430,142 +260,6 @@ func TestEngine_Sync(t *testing.T) {
 	}
 }

-func TestEngine_UpdateNetworkMapWithRoutes(t *testing.T) {
-	testCases := []struct {
-		name           string
-		inputErr       error
-		networkMap     *mgmtProto.NetworkMap
-		expectedLen    int
-		expectedRoutes []*route.Route
-		expectedSerial uint64
-	}{
-		{
-			name: "Routes Update Should Be Passed To Manager",
-			networkMap: &mgmtProto.NetworkMap{
-				Serial:             1,
-				PeerConfig:         nil,
-				RemotePeersIsEmpty: false,
-				Routes: []*mgmtProto.Route{
-					{
-						ID:          "a",
-						Network:     "192.168.0.0/24",
-						NetID:       "n1",
-						Peer:        "p1",
-						NetworkType: 1,
-						Masquerade:  false,
-					},
-					{
-						ID:          "b",
-						Network:     "192.168.1.0/24",
-						NetID:       "n2",
-						Peer:        "p1",
-						NetworkType: 1,
-						Masquerade:  false,
-					},
-				},
-			},
-			expectedLen: 2,
-			expectedRoutes: []*route.Route{
-				{
-					ID:          "a",
-					Network:     netip.MustParsePrefix("192.168.0.0/24"),
-					NetID:       "n1",
-					Peer:        "p1",
-					NetworkType: 1,
-					Masquerade:  false,
-				},
-				{
-					ID:          "b",
-					Network:     netip.MustParsePrefix("192.168.1.0/24"),
-					NetID:       "n2",
-					Peer:        "p1",
-					NetworkType: 1,
-					Masquerade:  false,
-				},
-			},
-			expectedSerial: 1,
-		},
-		{
-			name: "Empty Routes Update Should Be Passed",
-			networkMap: &mgmtProto.NetworkMap{
-				Serial:             1,
-				PeerConfig:         nil,
-				RemotePeersIsEmpty: false,
-				Routes:             nil,
-			},
-			expectedLen:    0,
-			expectedRoutes: []*route.Route{},
-			expectedSerial: 1,
-		},
-		{
-			name:     "Error Shouldn't Break Engine",
-			inputErr: fmt.Errorf("mocking error"),
-			networkMap: &mgmtProto.NetworkMap{
-				Serial:             1,
-				PeerConfig:         nil,
-				RemotePeersIsEmpty: false,
-				Routes:             nil,
-			},
-			expectedLen:    0,
-			expectedRoutes: []*route.Route{},
-			expectedSerial: 1,
-		},
-	}
-
-	for n, testCase := range testCases {
-		t.Run(testCase.name, func(t *testing.T) {
-			// test setup
-			key, err := wgtypes.GeneratePrivateKey()
-			if err != nil {
-				t.Fatal(err)
-				return
-			}
-
-			ctx, cancel := context.WithCancel(context.Background())
-			defer cancel()
-
-			wgIfaceName := fmt.Sprintf("utun%d", 104+n)
-			wgAddr := fmt.Sprintf("100.66.%d.1/24", n)
-
-			engine := NewEngine(ctx, cancel, &signal.MockClient{}, &mgmt.MockClient{}, &EngineConfig{
-				WgIfaceName:  wgIfaceName,
-				WgAddr:       wgAddr,
-				WgPrivateKey: key,
-				WgPort:       33100,
-			}, nbstatus.NewRecorder())
-			engine.wgInterface, err = iface.NewWGIFace(wgIfaceName, wgAddr, iface.DefaultMTU)
-			assert.NoError(t, err, "shouldn't return error")
-			input := struct {
-				inputSerial uint64
-				inputRoutes []*route.Route
-			}{}
-
-			mockRouteManager := &routemanager.MockManager{
-				UpdateRoutesFunc: func(updateSerial uint64, newRoutes []*route.Route) error {
-					input.inputSerial = updateSerial
-					input.inputRoutes = newRoutes
-					return testCase.inputErr
-				},
-			}
-
-			engine.routeManager = mockRouteManager
-
-			defer func() {
-				exitErr := engine.Stop()
-				if exitErr != nil {
-					return
-				}
-			}()
-
-			err = engine.updateNetworkMap(testCase.networkMap)
-			assert.NoError(t, err, "shouldn't return error")
-			assert.Equal(t, testCase.expectedSerial, input.inputSerial, "serial should match")
-			assert.Len(t, input.inputRoutes, testCase.expectedLen, "routes len should match")
-			assert.Equal(t, testCase.expectedRoutes, input.inputRoutes, "routes should match")
-		})
-	}
-}
-
 func TestEngine_MultiplePeers(t *testing.T) {
 	// log.SetLevel(log.DebugLevel)

@@ -697,7 +391,7 @@ func createEngine(ctx context.Context, cancel context.CancelFunc, setupKey strin
 	}

 	info := system.GetInfo(ctx)
-	resp, err := mgmtClient.Register(*publicKey, setupKey, "", info, nil)
+	resp, err := mgmtClient.Register(*publicKey, setupKey, "", info)
 	if err != nil {
 		return nil, err
 	}
@@ -717,7 +411,7 @@ func createEngine(ctx context.Context, cancel context.CancelFunc, setupKey strin
 		WgPort:       wgPort,
 	}

-	return NewEngine(ctx, cancel, signalClient, mgmtClient, conf, nbstatus.NewRecorder()), nil
+	return NewEngine(ctx, cancel, signalClient, mgmtClient, conf), nil
 }

 func startSignal(port int) (*grpc.Server, error) {
--- a/client/internal/login.go
+++ b/client/internal/login.go
@@ -2,8 +2,8 @@ package internal

 import (
 	"context"
+
 	"github.com/google/uuid"
-	"github.com/netbirdio/netbird/client/ssh"
 	"github.com/netbirdio/netbird/client/system"
 	mgm "github.com/netbirdio/netbird/management/client"
 	mgmProto "github.com/netbirdio/netbird/management/proto"
@@ -26,22 +26,13 @@ func Login(ctx context.Context, config *Config, setupKey string, jwtToken string
 		mgmTlsEnabled = true
 	}

-	log.Debugf("connecting to the Management service %s", config.ManagementURL.String())
+	log.Debugf("connecting to Management Service %s", config.ManagementURL.String())
 	mgmClient, err := mgm.NewClient(ctx, config.ManagementURL.Host, myPrivateKey, mgmTlsEnabled)
 	if err != nil {
-		log.Errorf("failed connecting to the Management service %s %v", config.ManagementURL.String(), err)
+		log.Errorf("failed connecting to Management Service %s %v", config.ManagementURL.String(), err)
 		return err
 	}
-	log.Debugf("connected to the Management service %s", config.ManagementURL.String())
-	defer func() {
-		err = mgmClient.Close()
-		if err != nil {
-			cStatus, ok := status.FromError(err)
-			if !ok || ok && cStatus.Code() != codes.Canceled {
-				log.Warnf("failed to close the Management service client, err: %v", err)
-			}
-		}
-	}()
+	log.Debugf("connected to management Service %s", config.ManagementURL.String())

 	serverKey, err := mgmClient.GetServerPublicKey()
 	if err != nil {
@@ -49,20 +40,15 @@ func Login(ctx context.Context, config *Config, setupKey string, jwtToken string
 		return err
 	}

-	pubSSHKey, err := ssh.GeneratePublicKey([]byte(config.SSHKey))
-	if err != nil {
-		return err
-	}
-	_, err = loginPeer(ctx, *serverKey, mgmClient, setupKey, jwtToken, pubSSHKey)
+	_, err = loginPeer(ctx, *serverKey, mgmClient, setupKey, jwtToken)
 	if err != nil {
 		log.Errorf("failed logging-in peer on Management Service : %v", err)
 		return err
 	}
-	log.Infof("peer has successfully logged-in to the Management service %s", config.ManagementURL.String())

 	err = mgmClient.Close()
 	if err != nil {
-		log.Errorf("failed to close the Management service client: %v", err)
+		log.Errorf("failed closing Management Service client: %v", err)
 		return err
 	}

@@ -70,24 +56,26 @@ func Login(ctx context.Context, config *Config, setupKey string, jwtToken string
 }

 // loginPeer attempts to login to Management Service. If peer wasn't registered, tries the registration flow.
-func loginPeer(ctx context.Context, serverPublicKey wgtypes.Key, client *mgm.GrpcClient, setupKey string, jwtToken string, pubSSHKey []byte) (*mgmProto.LoginResponse, error) {
+func loginPeer(ctx context.Context, serverPublicKey wgtypes.Key, client *mgm.GrpcClient, setupKey string, jwtToken string) (*mgmProto.LoginResponse, error) {
 	sysInfo := system.GetInfo(ctx)
-	loginResp, err := client.Login(serverPublicKey, sysInfo, pubSSHKey)
+	loginResp, err := client.Login(serverPublicKey, sysInfo)
 	if err != nil {
 		if s, ok := status.FromError(err); ok && s.Code() == codes.PermissionDenied {
 			log.Debugf("peer registration required")
-			return registerPeer(ctx, serverPublicKey, client, setupKey, jwtToken, pubSSHKey)
+			return registerPeer(ctx, serverPublicKey, client, setupKey, jwtToken)
 		} else {
 			return nil, err
 		}
 	}

+	log.Info("peer has successfully logged-in to Management Service")
+
 	return loginResp, nil
 }

 // registerPeer checks whether setupKey was provided via cmd line and if not then it prompts user to enter a key.
 // Otherwise tries to register with the provided setupKey via command line.
-func registerPeer(ctx context.Context, serverPublicKey wgtypes.Key, client *mgm.GrpcClient, setupKey string, jwtToken string, pubSSHKey []byte) (*mgmProto.LoginResponse, error) {
+func registerPeer(ctx context.Context, serverPublicKey wgtypes.Key, client *mgm.GrpcClient, setupKey string, jwtToken string) (*mgmProto.LoginResponse, error) {
 	validSetupKey, err := uuid.Parse(setupKey)
 	if err != nil && jwtToken == "" {
 		return nil, status.Errorf(codes.InvalidArgument, "invalid setup-key or no sso information provided, err: %v", err)
@@ -95,7 +83,7 @@ func registerPeer(ctx context.Context, serverPublicKey wgtypes.Key, client *mgm.

 	log.Debugf("sending peer registration request to Management Service")
 	info := system.GetInfo(ctx)
-	loginResp, err := client.Register(serverPublicKey, validSetupKey.String(), jwtToken, info, pubSSHKey)
+	loginResp, err := client.Register(serverPublicKey, validSetupKey.String(), jwtToken, info)
 	if err != nil {
 		log.Errorf("failed registering peer %v,%s", err, validSetupKey.String())
 		return nil, err
--- a/client/internal/oauth.go
+++ b/client/internal/oauth.go
@@ -5,10 +5,8 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
-	"io"
+	"io/ioutil"
 	"net/http"
-	"net/url"
-	"reflect"
 	"strings"
 	"time"
 )
@@ -16,6 +14,7 @@ import (
 // OAuthClient is a OAuth client interface for various idp providers
 type OAuthClient interface {
 	RequestDeviceCode(ctx context.Context) (DeviceAuthInfo, error)
+	RotateAccessToken(ctx context.Context, refreshToken string) (TokenInfo, error)
 	WaitToken(ctx context.Context, info DeviceAuthInfo) (TokenInfo, error)
 	GetClientID(ctx context.Context) string
 }
@@ -56,10 +55,8 @@ type Hosted struct {
 	Audience string
 	// Hosted Native application client id
 	ClientID string
-	// TokenEndpoint to request access token
-	TokenEndpoint string
-	// DeviceAuthEndpoint to request device authorization code
-	DeviceAuthEndpoint string
+	// Hosted domain
+	Domain string

 	HTTPClient HTTPClient
 }
@@ -87,11 +84,11 @@ type TokenRequestResponse struct {

 // Claims used when validating the access token
 type Claims struct {
-	Audience interface{} `json:"aud"`
+	Audience string `json:"aud"`
 }

 // NewHostedDeviceFlow returns an Hosted OAuth client
-func NewHostedDeviceFlow(audience string, clientID string, tokenEndpoint string, deviceAuthEndpoint string) *Hosted {
+func NewHostedDeviceFlow(audience string, clientID string, domain string) *Hosted {
 	httpTransport := http.DefaultTransport.(*http.Transport).Clone()
 	httpTransport.MaxIdleConns = 5

@@ -101,11 +98,10 @@ func NewHostedDeviceFlow(audience string, clientID string, tokenEndpoint string,
 	}

 	return &Hosted{
-		Audience:           audience,
-		ClientID:           clientID,
-		TokenEndpoint:      tokenEndpoint,
-		HTTPClient:         httpClient,
-		DeviceAuthEndpoint: deviceAuthEndpoint,
+		Audience:   audience,
+		ClientID:   clientID,
+		Domain:     domain,
+		HTTPClient: httpClient,
 	}
 }

@@ -116,15 +112,22 @@ func (h *Hosted) GetClientID(ctx context.Context) string {

 // RequestDeviceCode requests a device code login flow information from Hosted
 func (h *Hosted) RequestDeviceCode(ctx context.Context) (DeviceAuthInfo, error) {
-	form := url.Values{}
-	form.Add("client_id", h.ClientID)
-	form.Add("audience", h.Audience)
-	req, err := http.NewRequest("POST", h.DeviceAuthEndpoint,
-		strings.NewReader(form.Encode()))
+	url := "https://" + h.Domain + "/oauth/device/code"
+	codePayload := RequestDeviceCodePayload{
+		Audience: h.Audience,
+		ClientID: h.ClientID,
+	}
+	p, err := json.Marshal(codePayload)
+	if err != nil {
+		return DeviceAuthInfo{}, fmt.Errorf("parsing payload failed with error: %v", err)
+	}
+	payload := strings.NewReader(string(p))
+	req, err := http.NewRequest("POST", url, payload)
 	if err != nil {
 		return DeviceAuthInfo{}, fmt.Errorf("creating request failed with error: %v", err)
 	}
-	req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
+
+	req.Header.Add("content-type", "application/json")

 	res, err := h.HTTPClient.Do(req)
 	if err != nil {
@@ -132,7 +135,7 @@ func (h *Hosted) RequestDeviceCode(ctx context.Context) (DeviceAuthInfo, error)
 	}

 	defer res.Body.Close()
-	body, err := io.ReadAll(res.Body)
+	body, err := ioutil.ReadAll(res.Body)
 	if err != nil {
 		return DeviceAuthInfo{}, fmt.Errorf("reading body failed with error: %v", err)
 	}
@@ -150,48 +153,6 @@ func (h *Hosted) RequestDeviceCode(ctx context.Context) (DeviceAuthInfo, error)
 	return deviceCode, err
 }

-func (h *Hosted) requestToken(info DeviceAuthInfo) (TokenRequestResponse, error) {
-	form := url.Values{}
-	form.Add("client_id", h.ClientID)
-	form.Add("grant_type", HostedGrantType)
-	form.Add("device_code", info.DeviceCode)
-	req, err := http.NewRequest("POST", h.TokenEndpoint, strings.NewReader(form.Encode()))
-	if err != nil {
-		return TokenRequestResponse{}, fmt.Errorf("failed to create request access token: %v", err)
-	}
-
-	req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
-
-	res, err := h.HTTPClient.Do(req)
-	if err != nil {
-		return TokenRequestResponse{}, fmt.Errorf("failed to request access token with error: %v", err)
-	}
-
-	defer func() {
-		err := res.Body.Close()
-		if err != nil {
-			return
-		}
-	}()
-
-	body, err := io.ReadAll(res.Body)
-	if err != nil {
-		return TokenRequestResponse{}, fmt.Errorf("failed reading access token response body with error: %v", err)
-	}
-
-	if res.StatusCode > 499 {
-		return TokenRequestResponse{}, fmt.Errorf("access token response returned code: %s", string(body))
-	}
-
-	tokenResponse := TokenRequestResponse{}
-	err = json.Unmarshal(body, &tokenResponse)
-	if err != nil {
-		return TokenRequestResponse{}, fmt.Errorf("parsing token response failed with error: %v", err)
-	}
-
-	return tokenResponse, nil
-}
-
 // WaitToken waits user's login and authorize the app. Once the user's authorize
 // it retrieves the access token from Hosted's endpoint and validates it before returning
 func (h *Hosted) WaitToken(ctx context.Context, info DeviceAuthInfo) (TokenInfo, error) {
@@ -202,8 +163,24 @@ func (h *Hosted) WaitToken(ctx context.Context, info DeviceAuthInfo) (TokenInfo,
 		case <-ctx.Done():
 			return TokenInfo{}, ctx.Err()
 		case <-ticker.C:
+			url := "https://" + h.Domain + "/oauth/token"
+			tokenReqPayload := TokenRequestPayload{
+				GrantType:  HostedGrantType,
+				DeviceCode: info.DeviceCode,
+				ClientID:   h.ClientID,
+			}

-			tokenResponse, err := h.requestToken(info)
+			body, statusCode, err := requestToken(h.HTTPClient, url, tokenReqPayload)
+			if err != nil {
+				return TokenInfo{}, fmt.Errorf("wait for token: %v", err)
+			}
+
+			if statusCode > 499 {
+				return TokenInfo{}, fmt.Errorf("wait token code returned error: %s", string(body))
+			}
+
+			tokenResponse := TokenRequestResponse{}
+			err = json.Unmarshal(body, &tokenResponse)
 			if err != nil {
 				return TokenInfo{}, fmt.Errorf("parsing token response failed with error: %v", err)
 			}
@@ -237,6 +214,71 @@ func (h *Hosted) WaitToken(ctx context.Context, info DeviceAuthInfo) (TokenInfo,
 	}
 }

+// RotateAccessToken requests a new token using an existing refresh token
+func (h *Hosted) RotateAccessToken(ctx context.Context, refreshToken string) (TokenInfo, error) {
+	url := "https://" + h.Domain + "/oauth/token"
+	tokenReqPayload := TokenRequestPayload{
+		GrantType:    HostedRefreshGrant,
+		ClientID:     h.ClientID,
+		RefreshToken: refreshToken,
+	}
+
+	body, statusCode, err := requestToken(h.HTTPClient, url, tokenReqPayload)
+	if err != nil {
+		return TokenInfo{}, fmt.Errorf("rotate access token: %v", err)
+	}
+
+	if statusCode != 200 {
+		return TokenInfo{}, fmt.Errorf("rotating token returned error: %s", string(body))
+	}
+
+	tokenResponse := TokenRequestResponse{}
+	err = json.Unmarshal(body, &tokenResponse)
+	if err != nil {
+		return TokenInfo{}, fmt.Errorf("parsing token response failed with error: %v", err)
+	}
+
+	err = isValidAccessToken(tokenResponse.AccessToken, h.Audience)
+	if err != nil {
+		return TokenInfo{}, fmt.Errorf("validate access token failed with error: %v", err)
+	}
+
+	tokenInfo := TokenInfo{
+		AccessToken:  tokenResponse.AccessToken,
+		TokenType:    tokenResponse.TokenType,
+		RefreshToken: tokenResponse.RefreshToken,
+		IDToken:      tokenResponse.IDToken,
+		ExpiresIn:    tokenResponse.ExpiresIn,
+	}
+	return tokenInfo, err
+}
+
+func requestToken(client HTTPClient, url string, tokenReqPayload TokenRequestPayload) ([]byte, int, error) {
+	p, err := json.Marshal(tokenReqPayload)
+	if err != nil {
+		return nil, 0, fmt.Errorf("parsing token payload failed with error: %v", err)
+	}
+	payload := strings.NewReader(string(p))
+	req, err := http.NewRequest("POST", url, payload)
+	if err != nil {
+		return nil, 0, fmt.Errorf("creating token request failed with error: %v", err)
+	}
+
+	req.Header.Add("content-type", "application/json")
+
+	res, err := client.Do(req)
+	if err != nil {
+		return nil, 0, fmt.Errorf("doing token request failed with error: %v", err)
+	}
+
+	defer res.Body.Close()
+	body, err := ioutil.ReadAll(res.Body)
+	if err != nil {
+		return nil, 0, fmt.Errorf("reading token body failed with error: %v", err)
+	}
+	return body, res.StatusCode, nil
+}
+
 // isValidAccessToken is a simple validation of the access token
 func isValidAccessToken(token string, audience string) error {
 	if token == "" {
@@ -255,24 +297,9 @@ func isValidAccessToken(token string, audience string) error {
 		return err
 	}

-	if claims.Audience == nil {
-		return fmt.Errorf("required token field audience is absent")
+	if claims.Audience != audience {
+		return fmt.Errorf("invalid audience")
 	}

-	// Audience claim of JWT can be a string or an array of strings
-	typ := reflect.TypeOf(claims.Audience)
-	switch typ.Kind() {
-	case reflect.String:
-		if claims.Audience == audience {
-			return nil
-		}
-	case reflect.Slice:
-		for _, aud := range claims.Audience.([]interface{}) {
-			if audience == aud {
-				return nil
-			}
-		}
-	}
-
-	return fmt.Errorf("invalid JWT token audience field")
+	return nil
 }
--- a/client/internal/oauth_test.go
+++ b/client/internal/oauth_test.go
@@ -2,12 +2,12 @@ package internal

 import (
 	"context"
+	"encoding/json"
 	"fmt"
 	"github.com/golang-jwt/jwt"
 	"github.com/stretchr/testify/require"
-	"io"
+	"io/ioutil"
 	"net/http"
-	"net/url"
 	"strings"
 	"testing"
 	"time"
@@ -24,7 +24,7 @@ type mockHTTPClient struct {
 }

 func (c *mockHTTPClient) Do(req *http.Request) (*http.Response, error) {
-	body, err := io.ReadAll(req.Body)
+	body, err := ioutil.ReadAll(req.Body)
 	if err == nil {
 		c.reqBody = string(body)
 	}
@@ -33,13 +33,13 @@ func (c *mockHTTPClient) Do(req *http.Request) (*http.Response, error) {
 		c.count++
 		return &http.Response{
 			StatusCode: c.code,
-			Body:       io.NopCloser(strings.NewReader(c.countResBody)),
+			Body:       ioutil.NopCloser(strings.NewReader(c.countResBody)),
 		}, c.err
 	}

 	return &http.Response{
 		StatusCode: c.code,
-		Body:       io.NopCloser(strings.NewReader(c.resBody)),
+		Body:       ioutil.NopCloser(strings.NewReader(c.resBody)),
 	}, c.err
 }

@@ -54,19 +54,15 @@ func TestHosted_RequestDeviceCode(t *testing.T) {
 		testingFunc      require.ComparisonAssertionFunc
 		expectedOut      DeviceAuthInfo
 		expectedMSG      string
-		expectPayload    string
+		expectPayload    RequestDeviceCodePayload
 	}

-	expectedAudience := "ok"
-	expectedClientID := "bla"
-	form := url.Values{}
-	form.Add("audience", expectedAudience)
-	form.Add("client_id", expectedClientID)
-	expectPayload := form.Encode()
-
 	testCase1 := test{
-		name:           "Payload Is Valid",
-		expectPayload:  expectPayload,
+		name: "Payload Is Valid",
+		expectPayload: RequestDeviceCodePayload{
+			Audience: "ok",
+			ClientID: "bla",
+		},
 		inputReqCode:   200,
 		testingErrFunc: require.Error,
 		testingFunc:    require.EqualValues,
@@ -78,7 +74,6 @@ func TestHosted_RequestDeviceCode(t *testing.T) {
 		testingErrFunc:   require.Error,
 		expectedErrorMSG: "should return error",
 		testingFunc:      require.EqualValues,
-		expectPayload:    expectPayload,
 	}

 	testCase3 := test{
@@ -87,13 +82,15 @@ func TestHosted_RequestDeviceCode(t *testing.T) {
 		testingErrFunc:   require.Error,
 		expectedErrorMSG: "should return error",
 		testingFunc:      require.EqualValues,
-		expectPayload:    expectPayload,
 	}
 	testCase4Out := DeviceAuthInfo{ExpiresIn: 10}
 	testCase4 := test{
-		name:           "Got Device Code",
-		inputResBody:   fmt.Sprintf("{\"expires_in\":%d}", testCase4Out.ExpiresIn),
-		expectPayload:  expectPayload,
+		name:         "Got Device Code",
+		inputResBody: fmt.Sprintf("{\"expires_in\":%d}", testCase4Out.ExpiresIn),
+		expectPayload: RequestDeviceCodePayload{
+			Audience: "ok",
+			ClientID: "bla",
+		},
 		inputReqCode:   200,
 		testingErrFunc: require.NoError,
 		testingFunc:    require.EqualValues,
@@ -111,17 +108,18 @@ func TestHosted_RequestDeviceCode(t *testing.T) {
 			}

 			hosted := Hosted{
-				Audience:           expectedAudience,
-				ClientID:           expectedClientID,
-				TokenEndpoint:      "test.hosted.com/token",
-				DeviceAuthEndpoint: "test.hosted.com/device/auth",
-				HTTPClient:         &httpClient,
+				Audience:   testCase.expectPayload.Audience,
+				ClientID:   testCase.expectPayload.ClientID,
+				Domain:     "test.hosted.com",
+				HTTPClient: &httpClient,
 			}

 			authInfo, err := hosted.RequestDeviceCode(context.TODO())
 			testCase.testingErrFunc(t, err, testCase.expectedErrorMSG)

-			require.EqualValues(t, expectPayload, httpClient.reqBody, "payload should match")
+			payload, _ := json.Marshal(testCase.expectPayload)
+
+			require.EqualValues(t, string(payload), httpClient.reqBody, "payload should match")

 			testCase.testingFunc(t, testCase.expectedOut, authInfo, testCase.expectedMSG)

@@ -145,7 +143,7 @@ func TestHosted_WaitToken(t *testing.T) {
 		testingFunc       require.ComparisonAssertionFunc
 		expectedOut       TokenInfo
 		expectedMSG       string
-		expectPayload     string
+		expectPayload     TokenRequestPayload
 	}

 	defaultInfo := DeviceAuthInfo{
@@ -154,13 +152,11 @@ func TestHosted_WaitToken(t *testing.T) {
 		Interval:   1,
 	}

-	clientID := "test"
-
-	form := url.Values{}
-	form.Add("grant_type", HostedGrantType)
-	form.Add("device_code", defaultInfo.DeviceCode)
-	form.Add("client_id", clientID)
-	tokenReqPayload := form.Encode()
+	tokenReqPayload := TokenRequestPayload{
+		GrantType:  HostedGrantType,
+		DeviceCode: defaultInfo.DeviceCode,
+		ClientID:   "test",
+	}

 	testCase1 := test{
 		name:           "Payload Is Valid",
@@ -272,11 +268,10 @@ func TestHosted_WaitToken(t *testing.T) {
 			}

 			hosted := Hosted{
-				Audience:           testCase.inputAudience,
-				ClientID:           clientID,
-				TokenEndpoint:      "test.hosted.com/token",
-				DeviceAuthEndpoint: "test.hosted.com/device/auth",
-				HTTPClient:         &httpClient,
+				Audience:   testCase.inputAudience,
+				ClientID:   testCase.expectPayload.ClientID,
+				Domain:     "test.hosted.com",
+				HTTPClient: &httpClient,
 			}

 			ctx, cancel := context.WithTimeout(context.TODO(), testCase.inputTimeout)
@@ -284,7 +279,12 @@ func TestHosted_WaitToken(t *testing.T) {
 			tokenInfo, err := hosted.WaitToken(ctx, testCase.inputInfo)
 			testCase.testingErrFunc(t, err, testCase.expectedErrorMSG)

-			require.EqualValues(t, testCase.expectPayload, httpClient.reqBody, "payload should match")
+			var payload []byte
+			var emptyPayload TokenRequestPayload
+			if testCase.expectPayload != emptyPayload {
+				payload, _ = json.Marshal(testCase.expectPayload)
+			}
+			require.EqualValues(t, string(payload), httpClient.reqBody, "payload should match")

 			testCase.testingFunc(t, testCase.expectedOut, tokenInfo, testCase.expectedMSG)

@@ -293,3 +293,123 @@ func TestHosted_WaitToken(t *testing.T) {
 		})
 	}
 }
+
+func TestHosted_RotateAccessToken(t *testing.T) {
+	type test struct {
+		name             string
+		inputResBody     string
+		inputReqCode     int
+		inputReqError    error
+		inputMaxReqs     int
+		inputInfo        DeviceAuthInfo
+		inputAudience    string
+		testingErrFunc   require.ErrorAssertionFunc
+		expectedErrorMSG string
+		testingFunc      require.ComparisonAssertionFunc
+		expectedOut      TokenInfo
+		expectedMSG      string
+		expectPayload    TokenRequestPayload
+	}
+
+	defaultInfo := DeviceAuthInfo{
+		DeviceCode: "test",
+		ExpiresIn:  10,
+		Interval:   1,
+	}
+
+	tokenReqPayload := TokenRequestPayload{
+		GrantType:    HostedRefreshGrant,
+		ClientID:     "test",
+		RefreshToken: "refresh_test",
+	}
+
+	testCase1 := test{
+		name:           "Payload Is Valid",
+		inputInfo:      defaultInfo,
+		inputReqCode:   200,
+		testingErrFunc: require.Error,
+		testingFunc:    require.EqualValues,
+		expectPayload:  tokenReqPayload,
+	}
+
+	testCase2 := test{
+		name:             "Exit On Network Error",
+		inputInfo:        defaultInfo,
+		expectPayload:    tokenReqPayload,
+		inputReqError:    fmt.Errorf("error"),
+		testingErrFunc:   require.Error,
+		expectedErrorMSG: "should return error",
+		testingFunc:      require.EqualValues,
+	}
+
+	testCase3 := test{
+		name:             "Exit On Non 200 Status Code",
+		inputInfo:        defaultInfo,
+		inputReqCode:     401,
+		expectPayload:    tokenReqPayload,
+		testingErrFunc:   require.Error,
+		expectedErrorMSG: "should return error",
+		testingFunc:      require.EqualValues,
+	}
+
+	audience := "test"
+
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{"aud": audience})
+	var hmacSampleSecret []byte
+	tokenString, _ := token.SignedString(hmacSampleSecret)
+
+	testCase4 := test{
+		name:           "Exit On Invalid Audience",
+		inputInfo:      defaultInfo,
+		inputResBody:   fmt.Sprintf("{\"access_token\":\"%s\"}", tokenString),
+		inputReqCode:   200,
+		inputAudience:  "super test",
+		testingErrFunc: require.Error,
+		testingFunc:    require.EqualValues,
+		expectPayload:  tokenReqPayload,
+	}
+
+	testCase5 := test{
+		name:           "Received Token Info",
+		inputInfo:      defaultInfo,
+		inputResBody:   fmt.Sprintf("{\"access_token\":\"%s\"}", tokenString),
+		inputReqCode:   200,
+		inputAudience:  audience,
+		testingErrFunc: require.NoError,
+		testingFunc:    require.EqualValues,
+		expectPayload:  tokenReqPayload,
+		expectedOut:    TokenInfo{AccessToken: tokenString},
+	}
+
+	for _, testCase := range []test{testCase1, testCase2, testCase3, testCase4, testCase5} {
+		t.Run(testCase.name, func(t *testing.T) {
+
+			httpClient := mockHTTPClient{
+				resBody: testCase.inputResBody,
+				code:    testCase.inputReqCode,
+				err:     testCase.inputReqError,
+				MaxReqs: testCase.inputMaxReqs,
+			}
+
+			hosted := Hosted{
+				Audience:   testCase.inputAudience,
+				ClientID:   testCase.expectPayload.ClientID,
+				Domain:     "test.hosted.com",
+				HTTPClient: &httpClient,
+			}
+
+			tokenInfo, err := hosted.RotateAccessToken(context.TODO(), testCase.expectPayload.RefreshToken)
+			testCase.testingErrFunc(t, err, testCase.expectedErrorMSG)
+
+			var payload []byte
+			var emptyPayload TokenRequestPayload
+			if testCase.expectPayload != emptyPayload {
+				payload, _ = json.Marshal(testCase.expectPayload)
+			}
+			require.EqualValues(t, string(payload), httpClient.reqBody, "payload should match")
+
+			testCase.testingFunc(t, testCase.expectedOut, tokenInfo, testCase.expectedMSG)
+
+		})
+	}
+}
--- a/client/internal/peer/conn.go
+++ b/client/internal/peer/conn.go
@@ -2,12 +2,9 @@ package peer

 import (
 	"context"
-	nbStatus "github.com/netbirdio/netbird/client/status"
-	"github.com/netbirdio/netbird/client/system"
 	"github.com/netbirdio/netbird/iface"
 	"golang.zx2c4.com/wireguard/wgctrl"
 	"net"
-	"strings"
 	"sync"
 	"time"

@@ -37,20 +34,6 @@ type ConnConfig struct {

 	UDPMux      ice.UDPMux
 	UDPMuxSrflx ice.UniversalUDPMux
-
-	LocalWgPort int
-}
-
-// OfferAnswer represents a session establishment offer or answer
-type OfferAnswer struct {
-	IceCredentials IceCredentials
-	// WgListenPort is a remote WireGuard listen port.
-	// This field is used when establishing a direct WireGuard connection without any proxy.
-	// We can set the remote peer's endpoint with this port.
-	WgListenPort int
-
-	// Version of NetBird Agent
-	Version string
 }

 // IceCredentials ICE protocol credentials struct
@@ -66,13 +49,13 @@ type Conn struct {
 	// signalCandidate is a handler function to signal remote peer about local connection candidate
 	signalCandidate func(candidate ice.Candidate) error
 	// signalOffer is a handler function to signal remote peer our connection offer (credentials)
-	signalOffer  func(OfferAnswer) error
-	signalAnswer func(OfferAnswer) error
+	signalOffer  func(uFrag string, pwd string) error
+	signalAnswer func(uFrag string, pwd string) error

 	// remoteOffersCh is a channel used to wait for remote credentials to proceed with the connection
-	remoteOffersCh chan OfferAnswer
+	remoteOffersCh chan IceCredentials
 	// remoteAnswerCh is a channel used to wait for remote credentials answer (confirmation of our offer) to proceed with the connection
-	remoteAnswerCh     chan OfferAnswer
+	remoteAnswerCh     chan IceCredentials
 	closeCh            chan struct{}
 	ctx                context.Context
 	notifyDisconnected context.CancelFunc
@@ -80,57 +63,43 @@ type Conn struct {
 	agent  *ice.Agent
 	status ConnStatus

-	statusRecorder *nbStatus.Status
-
 	proxy proxy.Proxy
 }

-// GetConf returns the connection config
-func (conn *Conn) GetConf() ConnConfig {
-	return conn.config
-}
-
-// UpdateConf updates the connection config
-func (conn *Conn) UpdateConf(conf ConnConfig) {
-	conn.config = conf
-}
-
 // NewConn creates a new not opened Conn to the remote peer.
 // To establish a connection run Conn.Open
-func NewConn(config ConnConfig, statusRecorder *nbStatus.Status) (*Conn, error) {
+func NewConn(config ConnConfig) (*Conn, error) {
 	return &Conn{
 		config:         config,
 		mu:             sync.Mutex{},
 		status:         StatusDisconnected,
 		closeCh:        make(chan struct{}),
-		remoteOffersCh: make(chan OfferAnswer),
-		remoteAnswerCh: make(chan OfferAnswer),
-		statusRecorder: statusRecorder,
+		remoteOffersCh: make(chan IceCredentials),
+		remoteAnswerCh: make(chan IceCredentials),
 	}, nil
 }

-// interfaceFilter is a function passed to ICE Agent to filter out not allowed interfaces
-// to avoid building tunnel over them
+// interfaceFilter is a function passed to ICE Agent to filter out blacklisted interfaces
 func interfaceFilter(blackList []string) func(string) bool {
-
-	return func(iFace string) bool {
+	var blackListMap map[string]struct{}
+	if blackList != nil {
+		blackListMap = make(map[string]struct{})
 		for _, s := range blackList {
-			if strings.HasPrefix(iFace, s) {
-				log.Debugf("ignoring interface %s - it is not allowed", iFace)
-				return false
-			}
+			blackListMap[s] = struct{}{}
 		}
-		// look for unlisted WireGuard interfaces
+	}
+	return func(iFace string) bool {
+
+		_, ok := blackListMap[iFace]
+		if ok {
+			return false
+		}
+		// look for unlisted Wireguard interfaces
 		wg, err := wgctrl.New()
 		if err != nil {
 			log.Debugf("trying to create a wgctrl client failed with: %v", err)
 		}
-		defer func() {
-			err := wg.Close()
-			if err != nil {
-				return
-			}
-		}()
+		defer wg.Close()

 		_, err = wg.Device(iFace)
 		return err != nil
@@ -181,17 +150,6 @@ func (conn *Conn) reCreateAgent() error {
 func (conn *Conn) Open() error {
 	log.Debugf("trying to connect to peer %s", conn.config.Key)

-	peerState := nbStatus.PeerState{PubKey: conn.config.Key}
-
-	peerState.IP = strings.Split(conn.config.ProxyConfig.AllowedIps, "/")[0]
-	peerState.ConnStatusUpdate = time.Now()
-	peerState.ConnStatus = conn.status.String()
-
-	err := conn.statusRecorder.UpdatePeerState(peerState)
-	if err != nil {
-		log.Warnf("erro while updating the state of peer %s,err: %v", conn.config.Key, err)
-	}
-
 	defer func() {
 		err := conn.cleanup()
 		if err != nil {
@@ -200,7 +158,7 @@ func (conn *Conn) Open() error {
 		}
 	}()

-	err = conn.reCreateAgent()
+	err := conn.reCreateAgent()
 	if err != nil {
 		return err
 	}
@@ -215,15 +173,15 @@ func (conn *Conn) Open() error {
 	// Only continue once we got a connection confirmation from the remote peer.
 	// The connection timeout could have happened before a confirmation received from the remote.
 	// The connection could have also been closed externally (e.g. when we received an update from the management that peer shouldn't be connected)
-	var remoteOfferAnswer OfferAnswer
+	var remoteCredentials IceCredentials
 	select {
-	case remoteOfferAnswer = <-conn.remoteOffersCh:
+	case remoteCredentials = <-conn.remoteOffersCh:
 		// received confirmation from the remote peer -> ready to proceed
 		err = conn.sendAnswer()
 		if err != nil {
 			return err
 		}
-	case remoteOfferAnswer = <-conn.remoteAnswerCh:
+	case remoteCredentials = <-conn.remoteAnswerCh:
 	case <-time.After(conn.config.Timeout):
 		return NewConnectionTimeoutError(conn.config.Key, conn.config.Timeout)
 	case <-conn.closeCh:
@@ -231,8 +189,7 @@ func (conn *Conn) Open() error {
 		return NewConnectionClosedError(conn.config.Key)
 	}

-	log.Debugf("received connection confirmation from peer %s running version %s and with remote WireGuard listen port %d",
-		conn.config.Key, remoteOfferAnswer.Version, remoteOfferAnswer.WgListenPort)
+	log.Debugf("received connection confirmation from peer %s", conn.config.Key)

 	// at this point we received offer/answer and we are ready to gather candidates
 	conn.mu.Lock()
@@ -241,15 +198,6 @@ func (conn *Conn) Open() error {
 	defer conn.notifyDisconnected()
 	conn.mu.Unlock()

-	peerState = nbStatus.PeerState{PubKey: conn.config.Key}
-
-	peerState.ConnStatus = conn.status.String()
-	peerState.ConnStatusUpdate = time.Now()
-	err = conn.statusRecorder.UpdatePeerState(peerState)
-	if err != nil {
-		log.Warnf("erro while updating the state of peer %s,err: %v", conn.config.Key, err)
-	}
-
 	err = conn.agent.GatherCandidates()
 	if err != nil {
 		return err
@@ -261,21 +209,16 @@ func (conn *Conn) Open() error {
 	isControlling := conn.config.LocalKey > conn.config.Key
 	var remoteConn *ice.Conn
 	if isControlling {
-		remoteConn, err = conn.agent.Dial(conn.ctx, remoteOfferAnswer.IceCredentials.UFrag, remoteOfferAnswer.IceCredentials.Pwd)
+		remoteConn, err = conn.agent.Dial(conn.ctx, remoteCredentials.UFrag, remoteCredentials.Pwd)
 	} else {
-		remoteConn, err = conn.agent.Accept(conn.ctx, remoteOfferAnswer.IceCredentials.UFrag, remoteOfferAnswer.IceCredentials.Pwd)
+		remoteConn, err = conn.agent.Accept(conn.ctx, remoteCredentials.UFrag, remoteCredentials.Pwd)
 	}
 	if err != nil {
 		return err
 	}

-	// dynamically set remote WireGuard port is other side specified a different one from the default one
-	remoteWgPort := iface.DefaultWgPort
-	if remoteOfferAnswer.WgListenPort != 0 {
-		remoteWgPort = remoteOfferAnswer.WgListenPort
-	}
-	// the ice connection has been established successfully so we are ready to start the proxy
-	err = conn.startProxy(remoteConn, remoteWgPort)
+	// the connection has been established successfully so we are ready to start the proxy
+	err = conn.startProxy(remoteConn)
 	if err != nil {
 		return err
 	}
@@ -309,10 +252,6 @@ func shouldUseProxy(pair *ice.CandidatePair) bool {
 	remoteIsPublic := IsPublicIP(remoteIP)
 	myIsPublic := IsPublicIP(myIp)

-	if pair.Local.Type() == ice.CandidateTypeRelay || pair.Remote.Type() == ice.CandidateTypeRelay {
-		return true
-	}
-
 	//one of the hosts has a public IP
 	if remoteIsPublic && pair.Remote.Type() == ice.CandidateTypeHost {
 		return false
@@ -340,7 +279,7 @@ func IsPublicIP(ip net.IP) bool {
 }

 // startProxy starts proxying traffic from/to local Wireguard and sets connection status to StatusConnected
-func (conn *Conn) startProxy(remoteConn net.Conn, remoteWgPort int) error {
+func (conn *Conn) startProxy(remoteConn net.Conn) error {
 	conn.mu.Lock()
 	defer conn.mu.Unlock()

@@ -350,15 +289,12 @@ func (conn *Conn) startProxy(remoteConn net.Conn, remoteWgPort int) error {
 		return err
 	}

-	peerState := nbStatus.PeerState{PubKey: conn.config.Key}
 	useProxy := shouldUseProxy(pair)
 	var p proxy.Proxy
 	if useProxy {
 		p = proxy.NewWireguardProxy(conn.config.ProxyConfig)
-		peerState.Direct = false
 	} else {
-		p = proxy.NewNoProxy(conn.config.ProxyConfig, remoteWgPort)
-		peerState.Direct = true
+		p = proxy.NewNoProxy(conn.config.ProxyConfig)
 	}
 	conn.proxy = p
 	err = p.Start(remoteConn)
@@ -368,19 +304,6 @@ func (conn *Conn) startProxy(remoteConn net.Conn, remoteWgPort int) error {

 	conn.status = StatusConnected

-	peerState.ConnStatus = conn.status.String()
-	peerState.ConnStatusUpdate = time.Now()
-	peerState.LocalIceCandidateType = pair.Local.Type().String()
-	peerState.RemoteIceCandidateType = pair.Remote.Type().String()
-	if pair.Local.Type() == ice.CandidateTypeRelay || pair.Remote.Type() == ice.CandidateTypeRelay {
-		peerState.Relayed = true
-	}
-
-	err = conn.statusRecorder.UpdatePeerState(peerState)
-	if err != nil {
-		log.Warnf("unable to save peer's state, got error: %v", err)
-	}
-
 	return nil
 }

@@ -413,29 +336,18 @@ func (conn *Conn) cleanup() error {

 	conn.status = StatusDisconnected

-	peerState := nbStatus.PeerState{PubKey: conn.config.Key}
-	peerState.ConnStatus = conn.status.String()
-	peerState.ConnStatusUpdate = time.Now()
-
-	err := conn.statusRecorder.UpdatePeerState(peerState)
-	if err != nil {
-		// pretty common error because by that time Engine can already remove the peer and status won't be available.
-		//todo rethink status updates
-		log.Debugf("error while updating peer's %s state, err: %v", conn.config.Key, err)
-	}
-
 	log.Debugf("cleaned up connection to peer %s", conn.config.Key)

 	return nil
 }

 // SetSignalOffer sets a handler function to be triggered by Conn when a new connection offer has to be signalled to the remote peer
-func (conn *Conn) SetSignalOffer(handler func(offer OfferAnswer) error) {
+func (conn *Conn) SetSignalOffer(handler func(uFrag string, pwd string) error) {
 	conn.signalOffer = handler
 }

 // SetSignalAnswer sets a handler function to be triggered by Conn when a new connection answer has to be signalled to the remote peer
-func (conn *Conn) SetSignalAnswer(handler func(answer OfferAnswer) error) {
+func (conn *Conn) SetSignalAnswer(handler func(uFrag string, pwd string) error) {
 	conn.signalAnswer = handler
 }

@@ -448,7 +360,7 @@ func (conn *Conn) SetSignalCandidate(handler func(candidate ice.Candidate) error
 // and then signals them to the remote peer
 func (conn *Conn) onICECandidate(candidate ice.Candidate) {
 	if candidate != nil {
-		log.Debugf("discovered local candidate %s", candidate.String())
+		// log.Debugf("discovered local candidate %s", candidate.String())
 		go func() {
 			err := conn.signalCandidate(candidate)
 			if err != nil {
@@ -480,12 +392,8 @@ func (conn *Conn) sendAnswer() error {
 		return err
 	}

-	log.Debugf("sending answer to %s", conn.config.Key)
-	err = conn.signalAnswer(OfferAnswer{
-		IceCredentials: IceCredentials{localUFrag, localPwd},
-		WgListenPort:   conn.config.LocalWgPort,
-		Version:        system.NetbirdVersion(),
-	})
+	log.Debugf("sending asnwer to %s", conn.config.Key)
+	err = conn.signalAnswer(localUFrag, localPwd)
 	if err != nil {
 		return err
 	}
@@ -502,11 +410,7 @@ func (conn *Conn) sendOffer() error {
 	if err != nil {
 		return err
 	}
-	err = conn.signalOffer(OfferAnswer{
-		IceCredentials: IceCredentials{localUFrag, localPwd},
-		WgListenPort:   conn.config.LocalWgPort,
-		Version:        system.NetbirdVersion(),
-	})
+	err = conn.signalOffer(localUFrag, localPwd)
 	if err != nil {
 		return err
 	}
@@ -533,7 +437,7 @@ func (conn *Conn) Close() error {
 		// before conn.Open() another update from management arrives with peers: [1,2,3,4,5]
 		// engine adds a new Conn for 4 and 5
 		// therefore peer 4 has 2 Conn objects
-		log.Warnf("connection has been already closed or attempted closing not started coonection %s", conn.config.Key)
+		log.Warnf("closing not started coonection %s", conn.config.Key)
 		return NewConnectionAlreadyClosed(conn.config.Key)
 	}
 }
@@ -547,11 +451,11 @@ func (conn *Conn) Status() ConnStatus {

 // OnRemoteOffer handles an offer from the remote peer and returns true if the message was accepted, false otherwise
 // doesn't block, discards the message if connection wasn't ready
-func (conn *Conn) OnRemoteOffer(offer OfferAnswer) bool {
+func (conn *Conn) OnRemoteOffer(remoteAuth IceCredentials) bool {
 	log.Debugf("OnRemoteOffer from peer %s on status %s", conn.config.Key, conn.status.String())

 	select {
-	case conn.remoteOffersCh <- offer:
+	case conn.remoteOffersCh <- remoteAuth:
 		return true
 	default:
 		log.Debugf("OnRemoteOffer skipping message from peer %s on status %s because is not ready", conn.config.Key, conn.status.String())
@@ -562,11 +466,11 @@ func (conn *Conn) OnRemoteOffer(offer OfferAnswer) bool {

 // OnRemoteAnswer handles an offer from the remote peer and returns true if the message was accepted, false otherwise
 // doesn't block, discards the message if connection wasn't ready
-func (conn *Conn) OnRemoteAnswer(answer OfferAnswer) bool {
+func (conn *Conn) OnRemoteAnswer(remoteAuth IceCredentials) bool {
 	log.Debugf("OnRemoteAnswer from peer %s on status %s", conn.config.Key, conn.status.String())

 	select {
-	case conn.remoteAnswerCh <- answer:
+	case conn.remoteAnswerCh <- remoteAuth:
 		return true
 	default:
 		// connection might not be ready yet to receive so we ignore the message
--- a/client/internal/peer/conn_test.go
+++ b/client/internal/peer/conn_test.go
@@ -3,8 +3,6 @@ package peer
 import (
 	"github.com/magiconair/properties/assert"
 	"github.com/netbirdio/netbird/client/internal/proxy"
-	nbstatus "github.com/netbirdio/netbird/client/status"
-	"github.com/netbirdio/netbird/iface"
 	"github.com/pion/ice/v2"
 	"sync"
 	"testing"
@@ -18,23 +16,10 @@ var connConf = ConnConfig{
 	InterfaceBlackList: nil,
 	Timeout:            time.Second,
 	ProxyConfig:        proxy.Config{},
-	LocalWgPort:        51820,
-}
-
-func TestNewConn_interfaceFilter(t *testing.T) {
-	ignore := []string{iface.WgInterfaceDefault, "tun0", "zt", "ZeroTier", "utun", "wg", "ts",
-		"Tailscale", "tailscale"}
-
-	filter := interfaceFilter(ignore)
-
-	for _, s := range ignore {
-		assert.Equal(t, filter(s), false)
-	}
-
 }

 func TestConn_GetKey(t *testing.T) {
-	conn, err := NewConn(connConf, nil)
+	conn, err := NewConn(connConf)
 	if err != nil {
 		return
 	}
@@ -46,7 +31,7 @@ func TestConn_GetKey(t *testing.T) {

 func TestConn_OnRemoteOffer(t *testing.T) {

-	conn, err := NewConn(connConf, nbstatus.NewRecorder())
+	conn, err := NewConn(connConf)
 	if err != nil {
 		return
 	}
@@ -60,13 +45,9 @@ func TestConn_OnRemoteOffer(t *testing.T) {

 	go func() {
 		for {
-			accepted := conn.OnRemoteOffer(OfferAnswer{
-				IceCredentials: IceCredentials{
-					UFrag: "test",
-					Pwd:   "test",
-				},
-				WgListenPort: 0,
-				Version:      "",
+			accepted := conn.OnRemoteOffer(IceCredentials{
+				UFrag: "test",
+				Pwd:   "test",
 			})
 			if accepted {
 				wg.Done()
@@ -80,7 +61,7 @@ func TestConn_OnRemoteOffer(t *testing.T) {

 func TestConn_OnRemoteAnswer(t *testing.T) {

-	conn, err := NewConn(connConf, nbstatus.NewRecorder())
+	conn, err := NewConn(connConf)
 	if err != nil {
 		return
 	}
@@ -94,13 +75,9 @@ func TestConn_OnRemoteAnswer(t *testing.T) {

 	go func() {
 		for {
-			accepted := conn.OnRemoteAnswer(OfferAnswer{
-				IceCredentials: IceCredentials{
-					UFrag: "test",
-					Pwd:   "test",
-				},
-				WgListenPort: 0,
-				Version:      "",
+			accepted := conn.OnRemoteAnswer(IceCredentials{
+				UFrag: "test",
+				Pwd:   "test",
 			})
 			if accepted {
 				wg.Done()
@@ -113,7 +90,7 @@ func TestConn_OnRemoteAnswer(t *testing.T) {
 }
 func TestConn_Status(t *testing.T) {

-	conn, err := NewConn(connConf, nbstatus.NewRecorder())
+	conn, err := NewConn(connConf)
 	if err != nil {
 		return
 	}
@@ -140,7 +117,7 @@ func TestConn_Status(t *testing.T) {

 func TestConn_Close(t *testing.T) {

-	conn, err := NewConn(connConf, nbstatus.NewRecorder())
+	conn, err := NewConn(connConf)
 	if err != nil {
 		return
 	}
--- a/client/internal/peer/status.go
+++ b/client/internal/peer/status.go
@@ -7,11 +7,11 @@ type ConnStatus int
 func (s ConnStatus) String() string {
 	switch s {
 	case StatusConnecting:
-		return "Connecting"
+		return "StatusConnecting"
 	case StatusConnected:
-		return "Connected"
+		return "StatusConnected"
 	case StatusDisconnected:
-		return "Disconnected"
+		return "StatusDisconnected"
 	default:
 		log.Errorf("unknown status: %d", s)
 		return "INVALID_PEER_CONNECTION_STATUS"
@@ -19,7 +19,7 @@ func (s ConnStatus) String() string {
 }

 const (
-	StatusConnected ConnStatus = iota
+	StatusConnected = iota
 	StatusConnecting
 	StatusDisconnected
 )
--- a/client/internal/peer/status_test.go
+++ b/client/internal/peer/status_test.go
@@ -12,9 +12,9 @@ func TestConnStatus_String(t *testing.T) {
 		status ConnStatus
 		want   string
 	}{
-		{"StatusConnected", StatusConnected, "Connected"},
-		{"StatusDisconnected", StatusDisconnected, "Disconnected"},
-		{"StatusConnecting", StatusConnecting, "Connecting"},
+		{"StatusConnected", StatusConnected, "StatusConnected"},
+		{"StatusDisconnected", StatusDisconnected, "StatusDisconnected"},
+		{"StatusConnecting", StatusConnecting, "StatusConnecting"},
 	}

 	for _, table := range tables {
--- a/client/internal/proxy/noproxy.go
+++ b/client/internal/proxy/noproxy.go
@@ -1,6 +1,7 @@
 package proxy

 import (
+	"github.com/netbirdio/netbird/iface"
 	log "github.com/sirupsen/logrus"
 	"net"
 )
@@ -13,14 +14,10 @@ import (
 // In order NoProxy to work, Wireguard port has to be fixed for the time being.
 type NoProxy struct {
 	config Config
-	// RemoteWgListenPort is a WireGuard port of a remote peer.
-	// It is used instead of the hardcoded 51820 port.
-	RemoteWgListenPort int
 }

-// NewNoProxy creates a new NoProxy with a provided config and remote peer's WireGuard listen port
-func NewNoProxy(config Config, remoteWgPort int) *NoProxy {
-	return &NoProxy{config: config, RemoteWgListenPort: remoteWgPort}
+func NewNoProxy(config Config) *NoProxy {
+	return &NoProxy{config: config}
 }

 func (p *NoProxy) Close() error {
@@ -39,7 +36,7 @@ func (p *NoProxy) Start(remoteConn net.Conn) error {
 	if err != nil {
 		return err
 	}
-	addr.Port = p.RemoteWgListenPort
+	addr.Port = iface.DefaultWgPort
 	err = p.config.WgInterface.UpdatePeer(p.config.RemoteKey, p.config.AllowedIps, DefaultWgKeepAlive,
 		addr, p.config.PreSharedKey)

--- a/client/internal/proxy/proxy.go
+++ b/client/internal/proxy/proxy.go
@@ -21,7 +21,7 @@ const (
 type Config struct {
 	WgListenAddr string
 	RemoteKey    string
-	WgInterface  *iface.WGIface
+	WgInterface  iface.WGIface
 	AllowedIps   string
 	PreSharedKey *wgtypes.Key
 }
--- a/client/internal/routemanager/client.go
+++ b/client/internal/routemanager/client.go
@@ -1,285 +0,0 @@
-package routemanager
-
-import (
-	"context"
-	"fmt"
-	"github.com/netbirdio/netbird/client/internal/peer"
-	"github.com/netbirdio/netbird/client/status"
-	"github.com/netbirdio/netbird/iface"
-	"github.com/netbirdio/netbird/route"
-	log "github.com/sirupsen/logrus"
-	"net/netip"
-)
-
-type routerPeerStatus struct {
-	connected bool
-	relayed   bool
-	direct    bool
-}
-
-type routesUpdate struct {
-	updateSerial uint64
-	routes       []*route.Route
-}
-
-type clientNetwork struct {
-	ctx                 context.Context
-	stop                context.CancelFunc
-	statusRecorder      *status.Status
-	wgInterface         *iface.WGIface
-	routes              map[string]*route.Route
-	routeUpdate         chan routesUpdate
-	peerStateUpdate     chan struct{}
-	routePeersNotifiers map[string]chan struct{}
-	chosenRoute         *route.Route
-	network             netip.Prefix
-	updateSerial        uint64
-}
-
-func newClientNetworkWatcher(ctx context.Context, wgInterface *iface.WGIface, statusRecorder *status.Status, network netip.Prefix) *clientNetwork {
-	ctx, cancel := context.WithCancel(ctx)
-	client := &clientNetwork{
-		ctx:                 ctx,
-		stop:                cancel,
-		statusRecorder:      statusRecorder,
-		wgInterface:         wgInterface,
-		routes:              make(map[string]*route.Route),
-		routePeersNotifiers: make(map[string]chan struct{}),
-		routeUpdate:         make(chan routesUpdate),
-		peerStateUpdate:     make(chan struct{}),
-		network:             network,
-	}
-	return client
-}
-
-func getClientNetworkID(input *route.Route) string {
-	return input.NetID + "-" + input.Network.String()
-}
-
-func (c *clientNetwork) getRouterPeerStatuses() map[string]routerPeerStatus {
-	routePeerStatuses := make(map[string]routerPeerStatus)
-	for _, r := range c.routes {
-		peerStatus, err := c.statusRecorder.GetPeer(r.Peer)
-		if err != nil {
-			log.Debugf("couldn't fetch peer state: %v", err)
-			continue
-		}
-		routePeerStatuses[r.ID] = routerPeerStatus{
-			connected: peerStatus.ConnStatus == peer.StatusConnected.String(),
-			relayed:   peerStatus.Relayed,
-			direct:    peerStatus.Direct,
-		}
-	}
-	return routePeerStatuses
-}
-
-func (c *clientNetwork) getBestRouteFromStatuses(routePeerStatuses map[string]routerPeerStatus) string {
-	var chosen string
-	chosenScore := 0
-
-	currID := ""
-	if c.chosenRoute != nil {
-		currID = c.chosenRoute.ID
-	}
-
-	for _, r := range c.routes {
-		tempScore := 0
-		peerStatus, found := routePeerStatuses[r.ID]
-		if !found || !peerStatus.connected {
-			continue
-		}
-		if r.Metric < route.MaxMetric {
-			metricDiff := route.MaxMetric - r.Metric
-			tempScore = metricDiff * 10
-		}
-		if !peerStatus.relayed {
-			tempScore++
-		}
-		if !peerStatus.direct {
-			tempScore++
-		}
-		if tempScore > chosenScore || (tempScore == chosenScore && currID == r.ID) {
-			chosen = r.ID
-			chosenScore = tempScore
-		}
-	}
-
-	if chosen == "" {
-		var peers []string
-		for _, r := range c.routes {
-			peers = append(peers, r.Peer)
-		}
-		log.Warnf("no route was chosen for network %s because no peers from list %s were connected", c.network, peers)
-	} else if chosen != currID {
-		log.Infof("new chosen route is %s with peer %s with score %d", chosen, c.routes[chosen].Peer, chosenScore)
-	}
-
-	return chosen
-}
-
-func (c *clientNetwork) watchPeerStatusChanges(ctx context.Context, peerKey string, peerStateUpdate chan struct{}, closer chan struct{}) {
-	for {
-		select {
-		case <-ctx.Done():
-			return
-		case <-closer:
-			return
-		case <-c.statusRecorder.GetPeerStateChangeNotifier(peerKey):
-			state, err := c.statusRecorder.GetPeer(peerKey)
-			if err != nil || state.ConnStatus == peer.StatusConnecting.String() {
-				continue
-			}
-			peerStateUpdate <- struct{}{}
-			log.Debugf("triggered route state update for Peer %s, state: %s", peerKey, state.ConnStatus)
-		}
-	}
-}
-
-func (c *clientNetwork) startPeersStatusChangeWatcher() {
-	for _, r := range c.routes {
-		_, found := c.routePeersNotifiers[r.Peer]
-		if !found {
-			c.routePeersNotifiers[r.Peer] = make(chan struct{})
-			go c.watchPeerStatusChanges(c.ctx, r.Peer, c.peerStateUpdate, c.routePeersNotifiers[r.Peer])
-		}
-	}
-}
-
-func (c *clientNetwork) removeRouteFromWireguardPeer(peerKey string) error {
-	state, err := c.statusRecorder.GetPeer(peerKey)
-	if err != nil || state.ConnStatus != peer.StatusConnected.String() {
-		return nil
-	}
-
-	err = c.wgInterface.RemoveAllowedIP(peerKey, c.network.String())
-	if err != nil {
-		return fmt.Errorf("couldn't remove allowed IP %s removed for peer %s, err: %v",
-			c.network, c.chosenRoute.Peer, err)
-	}
-	return nil
-}
-
-func (c *clientNetwork) removeRouteFromPeerAndSystem() error {
-	if c.chosenRoute != nil {
-		err := c.removeRouteFromWireguardPeer(c.chosenRoute.Peer)
-		if err != nil {
-			return err
-		}
-		err = removeFromRouteTableIfNonSystem(c.network, c.wgInterface.GetAddress().IP.String())
-		if err != nil {
-			return fmt.Errorf("couldn't remove route %s from system, err: %v",
-				c.network, err)
-		}
-	}
-	return nil
-}
-
-func (c *clientNetwork) recalculateRouteAndUpdatePeerAndSystem() error {
-
-	var err error
-
-	routerPeerStatuses := c.getRouterPeerStatuses()
-
-	chosen := c.getBestRouteFromStatuses(routerPeerStatuses)
-	if chosen == "" {
-		err = c.removeRouteFromPeerAndSystem()
-		if err != nil {
-			return err
-		}
-
-		c.chosenRoute = nil
-
-		return nil
-	}
-
-	if c.chosenRoute != nil && c.chosenRoute.ID == chosen {
-		if c.chosenRoute.IsEqual(c.routes[chosen]) {
-			return nil
-		}
-	}
-
-	if c.chosenRoute != nil {
-		err = c.removeRouteFromWireguardPeer(c.chosenRoute.Peer)
-		if err != nil {
-			return err
-		}
-	} else {
-		err = addToRouteTableIfNoExists(c.network, c.wgInterface.GetAddress().IP.String())
-		if err != nil {
-			return fmt.Errorf("route %s couldn't be added for peer %s, err: %v",
-				c.network.String(), c.wgInterface.GetAddress().IP.String(), err)
-		}
-	}
-
-	c.chosenRoute = c.routes[chosen]
-	err = c.wgInterface.AddAllowedIP(c.chosenRoute.Peer, c.network.String())
-	if err != nil {
-		log.Errorf("couldn't add allowed IP %s added for peer %s, err: %v",
-			c.network, c.chosenRoute.Peer, err)
-	}
-
-	return nil
-}
-
-func (c *clientNetwork) sendUpdateToClientNetworkWatcher(update routesUpdate) {
-	go func() {
-		c.routeUpdate <- update
-	}()
-}
-
-func (c *clientNetwork) handleUpdate(update routesUpdate) {
-	updateMap := make(map[string]*route.Route)
-
-	for _, r := range update.routes {
-		updateMap[r.ID] = r
-	}
-
-	for id, r := range c.routes {
-		_, found := updateMap[id]
-		if !found {
-			close(c.routePeersNotifiers[r.Peer])
-			delete(c.routePeersNotifiers, r.Peer)
-		}
-	}
-
-	c.routes = updateMap
-}
-
-// peersStateAndUpdateWatcher is the main point of reacting on client network routing events.
-// All the processing related to the client network should be done here. Thread-safe.
-func (c *clientNetwork) peersStateAndUpdateWatcher() {
-	for {
-		select {
-		case <-c.ctx.Done():
-			log.Debugf("stopping watcher for network %s", c.network)
-			err := c.removeRouteFromPeerAndSystem()
-			if err != nil {
-				log.Error(err)
-			}
-			return
-		case <-c.peerStateUpdate:
-			err := c.recalculateRouteAndUpdatePeerAndSystem()
-			if err != nil {
-				log.Error(err)
-			}
-		case update := <-c.routeUpdate:
-			if update.updateSerial < c.updateSerial {
-				log.Warnf("received a routes update with smaller serial number, ignoring it")
-				continue
-			}
-
-			log.Debugf("received a new client network route update for %s", c.network)
-
-			c.handleUpdate(update)
-
-			c.updateSerial = update.updateSerial
-
-			err := c.recalculateRouteAndUpdatePeerAndSystem()
-			if err != nil {
-				log.Error(err)
-			}
-
-			c.startPeersStatusChangeWatcher()
-		}
-	}
-}
--- a/client/internal/routemanager/common_linux_test.go
+++ b/client/internal/routemanager/common_linux_test.go
@@ -1,75 +0,0 @@
-package routemanager
-
-var insertRuleTestCases = []struct {
-	name      string
-	inputPair routerPair
-	ipVersion string
-}{
-	{
-		name: "Insert Forwarding IPV4 Rule",
-		inputPair: routerPair{
-			ID:          "zxa",
-			source:      "100.100.100.1/32",
-			destination: "100.100.200.0/24",
-			masquerade:  false,
-		},
-		ipVersion: ipv4,
-	},
-	{
-		name: "Insert Forwarding And Nat IPV4 Rules",
-		inputPair: routerPair{
-			ID:          "zxa",
-			source:      "100.100.100.1/32",
-			destination: "100.100.200.0/24",
-			masquerade:  true,
-		},
-		ipVersion: ipv4,
-	},
-	{
-		name: "Insert Forwarding IPV6 Rule",
-		inputPair: routerPair{
-			ID:          "zxa",
-			source:      "fc00::1/128",
-			destination: "fc12::/64",
-			masquerade:  false,
-		},
-		ipVersion: ipv6,
-	},
-	{
-		name: "Insert Forwarding And Nat IPV6 Rules",
-		inputPair: routerPair{
-			ID:          "zxa",
-			source:      "fc00::1/128",
-			destination: "fc12::/64",
-			masquerade:  true,
-		},
-		ipVersion: ipv6,
-	},
-}
-
-var removeRuleTestCases = []struct {
-	name      string
-	inputPair routerPair
-	ipVersion string
-}{
-	{
-		name: "Remove Forwarding And Nat IPV4 Rules",
-		inputPair: routerPair{
-			ID:          "zxa",
-			source:      "100.100.100.1/32",
-			destination: "100.100.200.0/24",
-			masquerade:  true,
-		},
-		ipVersion: ipv4,
-	},
-	{
-		name: "Remove Forwarding And Nat IPV6 Rules",
-		inputPair: routerPair{
-			ID:          "zxa",
-			source:      "fc00::1/128",
-			destination: "fc12::/64",
-			masquerade:  true,
-		},
-		ipVersion: ipv6,
-	},
-}
--- a/client/internal/routemanager/firewall.go
+++ b/client/internal/routemanager/firewall.go
@@ -1,12 +0,0 @@
-package routemanager
-
-type firewallManager interface {
-	// RestoreOrCreateContainers restores or creates a firewall container set of rules, tables and default rules
-	RestoreOrCreateContainers() error
-	// InsertRoutingRules inserts a routing firewall rule
-	InsertRoutingRules(pair routerPair) error
-	// RemoveRoutingRules removes a routing firewall rule
-	RemoveRoutingRules(pair routerPair) error
-	// CleanRoutingRules cleans a firewall set of containers
-	CleanRoutingRules()
-}
--- a/client/internal/routemanager/firewall_linux.go
+++ b/client/internal/routemanager/firewall_linux.go
@@ -1,55 +0,0 @@
-package routemanager
-
-import (
-	"context"
-	"fmt"
-	"github.com/coreos/go-iptables/iptables"
-	log "github.com/sirupsen/logrus"
-)
-import "github.com/google/nftables"
-
-const (
-	ipv6Forwarding   = "netbird-rt-ipv6-forwarding"
-	ipv4Forwarding   = "netbird-rt-ipv4-forwarding"
-	ipv6Nat          = "netbird-rt-ipv6-nat"
-	ipv4Nat          = "netbird-rt-ipv4-nat"
-	natFormat        = "netbird-nat-%s"
-	forwardingFormat = "netbird-fwd-%s"
-	ipv6             = "ipv6"
-	ipv4             = "ipv4"
-)
-
-func genKey(format string, input string) string {
-	return fmt.Sprintf(format, input)
-}
-
-// NewFirewall if supported, returns an iptables manager, otherwise returns a nftables manager
-func NewFirewall(parentCTX context.Context) firewallManager {
-	ctx, cancel := context.WithCancel(parentCTX)
-
-	if isIptablesSupported() {
-		log.Debugf("iptables is supported")
-		ipv4Client, _ := iptables.NewWithProtocol(iptables.ProtocolIPv4)
-		ipv6Client, _ := iptables.NewWithProtocol(iptables.ProtocolIPv6)
-
-		return &iptablesManager{
-			ctx:        ctx,
-			stop:       cancel,
-			ipv4Client: ipv4Client,
-			ipv6Client: ipv6Client,
-			rules:      make(map[string]map[string][]string),
-		}
-	}
-
-	log.Debugf("iptables is not supported, using nftables")
-
-	manager := &nftablesManager{
-		ctx:    ctx,
-		stop:   cancel,
-		conn:   &nftables.Conn{},
-		chains: make(map[string]map[string]*nftables.Chain),
-		rules:  make(map[string]*nftables.Rule),
-	}
-
-	return manager
-}
--- a/client/internal/routemanager/firewall_nonlinux.go
+++ b/client/internal/routemanager/firewall_nonlinux.go
@@ -1,27 +0,0 @@
-//go:build !linux
-// +build !linux
-
-package routemanager
-
-import "context"
-
-type unimplementedFirewall struct{}
-
-func (unimplementedFirewall) RestoreOrCreateContainers() error {
-	return nil
-}
-func (unimplementedFirewall) InsertRoutingRules(pair routerPair) error {
-	return nil
-}
-func (unimplementedFirewall) RemoveRoutingRules(pair routerPair) error {
-	return nil
-}
-
-func (unimplementedFirewall) CleanRoutingRules() {
-	return
-}
-
-// NewFirewall returns an unimplemented Firewall manager
-func NewFirewall(parentCtx context.Context) firewallManager {
-	return unimplementedFirewall{}
-}
--- a/client/internal/routemanager/iptables_linux.go
+++ b/client/internal/routemanager/iptables_linux.go
@@ -1,403 +0,0 @@
-package routemanager
-
-import (
-	"context"
-	"fmt"
-	"github.com/coreos/go-iptables/iptables"
-	log "github.com/sirupsen/logrus"
-	"net/netip"
-	"os/exec"
-	"strings"
-	"sync"
-)
-
-func isIptablesSupported() bool {
-	_, err4 := exec.LookPath("iptables")
-	_, err6 := exec.LookPath("ip6tables")
-	return err4 == nil && err6 == nil
-}
-
-// constants needed to manage and create iptable rules
-const (
-	iptablesFilterTable            = "filter"
-	iptablesNatTable               = "nat"
-	iptablesForwardChain           = "FORWARD"
-	iptablesPostRoutingChain       = "POSTROUTING"
-	iptablesRoutingNatChain        = "NETBIRD-RT-NAT"
-	iptablesRoutingForwardingChain = "NETBIRD-RT-FWD"
-	routingFinalForwardJump        = "ACCEPT"
-	routingFinalNatJump            = "MASQUERADE"
-)
-
-// some presets for building nftable rules
-var (
-	iptablesDefaultForwardingRule        = []string{"-j", iptablesRoutingForwardingChain, "-m", "comment", "--comment"}
-	iptablesDefaultNetbirdForwardingRule = []string{"-j", "RETURN"}
-	iptablesDefaultNatRule               = []string{"-j", iptablesRoutingNatChain, "-m", "comment", "--comment"}
-	iptablesDefaultNetbirdNatRule        = []string{"-j", "RETURN"}
-)
-
-type iptablesManager struct {
-	ctx        context.Context
-	stop       context.CancelFunc
-	ipv4Client *iptables.IPTables
-	ipv6Client *iptables.IPTables
-	rules      map[string]map[string][]string
-	mux        sync.Mutex
-}
-
-// CleanRoutingRules cleans existing iptables resources that we created by the agent
-func (i *iptablesManager) CleanRoutingRules() {
-	i.mux.Lock()
-	defer i.mux.Unlock()
-
-	err := i.cleanJumpRules()
-	if err != nil {
-		log.Error(err)
-	}
-
-	log.Debug("flushing tables")
-	errMSGFormat := "iptables: failed cleaning %s chain %s,error: %v"
-	err = i.ipv4Client.ClearAndDeleteChain(iptablesFilterTable, iptablesRoutingForwardingChain)
-	if err != nil {
-		log.Errorf(errMSGFormat, ipv4, iptablesRoutingForwardingChain, err)
-	}
-
-	err = i.ipv4Client.ClearAndDeleteChain(iptablesNatTable, iptablesRoutingNatChain)
-	if err != nil {
-		log.Errorf(errMSGFormat, ipv4, iptablesRoutingNatChain, err)
-	}
-
-	err = i.ipv6Client.ClearAndDeleteChain(iptablesFilterTable, iptablesRoutingForwardingChain)
-	if err != nil {
-		log.Errorf(errMSGFormat, ipv6, iptablesRoutingForwardingChain, err)
-	}
-
-	err = i.ipv6Client.ClearAndDeleteChain(iptablesNatTable, iptablesRoutingNatChain)
-	if err != nil {
-		log.Errorf(errMSGFormat, ipv6, iptablesRoutingNatChain, err)
-	}
-
-	log.Info("done cleaning up iptables rules")
-}
-
-// RestoreOrCreateContainers restores existing iptables containers (chains and rules)
-// if they don't exist, we create them
-func (i *iptablesManager) RestoreOrCreateContainers() error {
-	i.mux.Lock()
-	defer i.mux.Unlock()
-
-	if i.rules[ipv4][ipv4Forwarding] != nil && i.rules[ipv6][ipv6Forwarding] != nil {
-		return nil
-	}
-
-	errMSGFormat := "iptables: failed creating %s chain %s,error: %v"
-
-	err := createChain(i.ipv4Client, iptablesFilterTable, iptablesRoutingForwardingChain)
-	if err != nil {
-		return fmt.Errorf(errMSGFormat, ipv4, iptablesRoutingForwardingChain, err)
-	}
-
-	err = createChain(i.ipv4Client, iptablesNatTable, iptablesRoutingNatChain)
-	if err != nil {
-		return fmt.Errorf(errMSGFormat, ipv4, iptablesRoutingNatChain, err)
-	}
-
-	err = createChain(i.ipv6Client, iptablesFilterTable, iptablesRoutingForwardingChain)
-	if err != nil {
-		return fmt.Errorf(errMSGFormat, ipv6, iptablesRoutingForwardingChain, err)
-	}
-
-	err = createChain(i.ipv6Client, iptablesNatTable, iptablesRoutingNatChain)
-	if err != nil {
-		return fmt.Errorf(errMSGFormat, ipv6, iptablesRoutingNatChain, err)
-	}
-
-	err = i.restoreRules(i.ipv4Client)
-	if err != nil {
-		return fmt.Errorf("iptables: error while restoring ipv4 rules: %v", err)
-	}
-
-	err = i.restoreRules(i.ipv6Client)
-	if err != nil {
-		return fmt.Errorf("iptables: error while restoring ipv6 rules: %v", err)
-	}
-
-	err = i.addJumpRules()
-	if err != nil {
-		return fmt.Errorf("iptables: error while creating jump rules: %v", err)
-	}
-
-	return nil
-}
-
-// addJumpRules create jump rules to send packets to NetBird chains
-func (i *iptablesManager) addJumpRules() error {
-	err := i.cleanJumpRules()
-	if err != nil {
-		return err
-	}
-	rule := append(iptablesDefaultForwardingRule, ipv4Forwarding)
-	err = i.ipv4Client.Insert(iptablesFilterTable, iptablesForwardChain, 1, rule...)
-	if err != nil {
-		return err
-	}
-
-	i.rules[ipv4][ipv4Forwarding] = rule
-
-	rule = append(iptablesDefaultNatRule, ipv4Nat)
-	err = i.ipv4Client.Insert(iptablesNatTable, iptablesPostRoutingChain, 1, rule...)
-	if err != nil {
-		return err
-	}
-	i.rules[ipv4][ipv4Nat] = rule
-
-	rule = append(iptablesDefaultForwardingRule, ipv6Forwarding)
-	err = i.ipv6Client.Insert(iptablesFilterTable, iptablesForwardChain, 1, rule...)
-	if err != nil {
-		return err
-	}
-	i.rules[ipv6][ipv6Forwarding] = rule
-
-	rule = append(iptablesDefaultNatRule, ipv6Nat)
-	err = i.ipv6Client.Insert(iptablesNatTable, iptablesPostRoutingChain, 1, rule...)
-	if err != nil {
-		return err
-	}
-	i.rules[ipv6][ipv6Nat] = rule
-
-	return nil
-}
-
-// cleanJumpRules cleans jump rules that was sending packets to NetBird chains
-func (i *iptablesManager) cleanJumpRules() error {
-	var err error
-	errMSGFormat := "iptables: failed cleaning rule from %s chain %s,err: %v"
-	rule, found := i.rules[ipv4][ipv4Forwarding]
-	if found {
-		log.Debugf("iptables: removing %s rule: %s ", ipv4, ipv4Forwarding)
-		err = i.ipv4Client.DeleteIfExists(iptablesFilterTable, iptablesForwardChain, rule...)
-		if err != nil {
-			return fmt.Errorf(errMSGFormat, ipv4, iptablesForwardChain, err)
-		}
-	}
-	rule, found = i.rules[ipv4][ipv4Nat]
-	if found {
-		log.Debugf("iptables: removing %s rule: %s ", ipv4, ipv4Nat)
-		err = i.ipv4Client.DeleteIfExists(iptablesNatTable, iptablesPostRoutingChain, rule...)
-		if err != nil {
-			return fmt.Errorf(errMSGFormat, ipv4, iptablesPostRoutingChain, err)
-		}
-	}
-	rule, found = i.rules[ipv6][ipv6Forwarding]
-	if found {
-		log.Debugf("iptables: removing %s rule: %s ", ipv6, ipv6Forwarding)
-		err = i.ipv6Client.DeleteIfExists(iptablesFilterTable, iptablesForwardChain, rule...)
-		if err != nil {
-			return fmt.Errorf(errMSGFormat, ipv6, iptablesForwardChain, err)
-		}
-	}
-	rule, found = i.rules[ipv6][ipv6Nat]
-	if found {
-		log.Debugf("iptables: removing %s rule: %s ", ipv6, ipv6Nat)
-		err = i.ipv6Client.DeleteIfExists(iptablesNatTable, iptablesPostRoutingChain, rule...)
-		if err != nil {
-			return fmt.Errorf(errMSGFormat, ipv6, iptablesPostRoutingChain, err)
-		}
-	}
-	return nil
-}
-
-func iptablesProtoToString(proto iptables.Protocol) string {
-	if proto == iptables.ProtocolIPv6 {
-		return ipv6
-	}
-	return ipv4
-}
-
-// restoreRules restores existing NetBird rules
-func (i *iptablesManager) restoreRules(iptablesClient *iptables.IPTables) error {
-	ipVersion := iptablesProtoToString(iptablesClient.Proto())
-
-	if i.rules[ipVersion] == nil {
-		i.rules[ipVersion] = make(map[string][]string)
-	}
-	table := iptablesFilterTable
-	for _, chain := range []string{iptablesForwardChain, iptablesRoutingForwardingChain} {
-		rules, err := iptablesClient.List(table, chain)
-		if err != nil {
-			return err
-		}
-		for _, ruleString := range rules {
-			rule := strings.Fields(ruleString)
-			id := getRuleRouteID(rule)
-			if id != "" {
-				i.rules[ipVersion][id] = rule[2:]
-			}
-		}
-	}
-
-	table = iptablesNatTable
-	for _, chain := range []string{iptablesPostRoutingChain, iptablesRoutingNatChain} {
-		rules, err := iptablesClient.List(table, chain)
-		if err != nil {
-			return err
-		}
-		for _, ruleString := range rules {
-			rule := strings.Fields(ruleString)
-			id := getRuleRouteID(rule)
-			if id != "" {
-				i.rules[ipVersion][id] = rule[2:]
-			}
-		}
-	}
-
-	return nil
-}
-
-// createChain create NetBird chains
-func createChain(iptables *iptables.IPTables, table, newChain string) error {
-	chains, err := iptables.ListChains(table)
-	if err != nil {
-		return fmt.Errorf("couldn't get %s %s table chains, error: %v", iptablesProtoToString(iptables.Proto()), table, err)
-	}
-
-	shouldCreateChain := true
-	for _, chain := range chains {
-		if chain == newChain {
-			shouldCreateChain = false
-		}
-	}
-
-	if shouldCreateChain {
-		err = iptables.NewChain(table, newChain)
-		if err != nil {
-			return fmt.Errorf("couldn't create %s chain %s in %s table, error: %v", iptablesProtoToString(iptables.Proto()), newChain, table, err)
-		}
-
-		if table == iptablesNatTable {
-			err = iptables.Append(table, newChain, iptablesDefaultNetbirdNatRule...)
-		} else {
-			err = iptables.Append(table, newChain, iptablesDefaultNetbirdForwardingRule...)
-		}
-		if err != nil {
-			return fmt.Errorf("couldn't create %s chain %s default rule, error: %v", iptablesProtoToString(iptables.Proto()), newChain, err)
-		}
-
-	}
-	return nil
-}
-
-// genRuleSpec generates rule specification with comment identifier
-func genRuleSpec(jump, id, source, destination string) []string {
-	return []string{"-s", source, "-d", destination, "-j", jump, "-m", "comment", "--comment", id}
-}
-
-// getRuleRouteID returns the rule ID if matches our prefix
-func getRuleRouteID(rule []string) string {
-	for i, flag := range rule {
-		if flag == "--comment" {
-			id := rule[i+1]
-			if strings.HasPrefix(id, "netbird-") {
-				return id
-			}
-		}
-	}
-	return ""
-}
-
-// InsertRoutingRules inserts an iptables rule pair to the forwarding chain and if enabled, to the nat chain
-func (i *iptablesManager) InsertRoutingRules(pair routerPair) error {
-	i.mux.Lock()
-	defer i.mux.Unlock()
-
-	var err error
-	prefix := netip.MustParsePrefix(pair.source)
-	ipVersion := ipv4
-	iptablesClient := i.ipv4Client
-	if prefix.Addr().Unmap().Is6() {
-		iptablesClient = i.ipv6Client
-		ipVersion = ipv6
-	}
-
-	forwardRuleKey := genKey(forwardingFormat, pair.ID)
-	forwardRule := genRuleSpec(routingFinalForwardJump, forwardRuleKey, pair.source, pair.destination)
-	existingRule, found := i.rules[ipVersion][forwardRuleKey]
-	if found {
-		err = iptablesClient.DeleteIfExists(iptablesFilterTable, iptablesRoutingForwardingChain, existingRule...)
-		if err != nil {
-			return fmt.Errorf("iptables: error while removing existing forwarding rule for %s: %v", pair.destination, err)
-		}
-		delete(i.rules[ipVersion], forwardRuleKey)
-	}
-	err = iptablesClient.Insert(iptablesFilterTable, iptablesRoutingForwardingChain, 1, forwardRule...)
-	if err != nil {
-		return fmt.Errorf("iptables: error while adding new forwarding rule for %s: %v", pair.destination, err)
-	}
-
-	i.rules[ipVersion][forwardRuleKey] = forwardRule
-
-	if !pair.masquerade {
-		return nil
-	}
-
-	natRuleKey := genKey(natFormat, pair.ID)
-	natRule := genRuleSpec(routingFinalNatJump, natRuleKey, pair.source, pair.destination)
-	existingRule, found = i.rules[ipVersion][natRuleKey]
-	if found {
-		err = iptablesClient.DeleteIfExists(iptablesNatTable, iptablesRoutingNatChain, existingRule...)
-		if err != nil {
-			return fmt.Errorf("iptables: error while removing existing nat rulefor %s: %v", pair.destination, err)
-		}
-		delete(i.rules[ipVersion], natRuleKey)
-	}
-	err = iptablesClient.Insert(iptablesNatTable, iptablesRoutingNatChain, 1, natRule...)
-	if err != nil {
-		return fmt.Errorf("iptables: error while adding new nat rulefor %s: %v", pair.destination, err)
-	}
-
-	i.rules[ipVersion][natRuleKey] = natRule
-
-	return nil
-}
-
-// RemoveRoutingRules removes an iptables rule pair from forwarding and nat chains
-func (i *iptablesManager) RemoveRoutingRules(pair routerPair) error {
-	i.mux.Lock()
-	defer i.mux.Unlock()
-
-	var err error
-	prefix := netip.MustParsePrefix(pair.source)
-	ipVersion := ipv4
-	iptablesClient := i.ipv4Client
-	if prefix.Addr().Unmap().Is6() {
-		iptablesClient = i.ipv6Client
-		ipVersion = ipv6
-	}
-
-	forwardRuleKey := genKey(forwardingFormat, pair.ID)
-	existingRule, found := i.rules[ipVersion][forwardRuleKey]
-	if found {
-		err = iptablesClient.DeleteIfExists(iptablesFilterTable, iptablesRoutingForwardingChain, existingRule...)
-		if err != nil {
-			return fmt.Errorf("iptables: error while removing existing forwarding rule for %s: %v", pair.destination, err)
-		}
-	}
-	delete(i.rules[ipVersion], forwardRuleKey)
-
-	if !pair.masquerade {
-		return nil
-	}
-
-	natRuleKey := genKey(natFormat, pair.ID)
-	existingRule, found = i.rules[ipVersion][natRuleKey]
-	if found {
-		err = iptablesClient.DeleteIfExists(iptablesNatTable, iptablesRoutingNatChain, existingRule...)
-		if err != nil {
-			return fmt.Errorf("iptables: error while removing existing nat rule for %s: %v", pair.destination, err)
-		}
-	}
-	delete(i.rules[ipVersion], natRuleKey)
-
-	return nil
-}
--- a/client/internal/routemanager/iptables_linux_test.go
+++ b/client/internal/routemanager/iptables_linux_test.go
@@ -1,247 +0,0 @@
-package routemanager
-
-import (
-	"context"
-	"github.com/coreos/go-iptables/iptables"
-	"github.com/stretchr/testify/require"
-	"testing"
-)
-
-func TestIptablesManager_RestoreOrCreateContainers(t *testing.T) {
-
-	if !isIptablesSupported() {
-		t.SkipNow()
-	}
-
-	ctx, cancel := context.WithCancel(context.TODO())
-	ipv4Client, _ := iptables.NewWithProtocol(iptables.ProtocolIPv4)
-	ipv6Client, _ := iptables.NewWithProtocol(iptables.ProtocolIPv6)
-
-	manager := &iptablesManager{
-		ctx:        ctx,
-		stop:       cancel,
-		ipv4Client: ipv4Client,
-		ipv6Client: ipv6Client,
-		rules:      make(map[string]map[string][]string),
-	}
-
-	defer manager.CleanRoutingRules()
-
-	err := manager.RestoreOrCreateContainers()
-	require.NoError(t, err, "shouldn't return error")
-
-	require.Len(t, manager.rules, 2, "should have created maps for ipv4 and ipv6")
-
-	require.Len(t, manager.rules[ipv4], 2, "should have created minimal rules for ipv4")
-
-	exists, err := ipv4Client.Exists(iptablesFilterTable, iptablesForwardChain, manager.rules[ipv4][ipv4Forwarding]...)
-	require.NoError(t, err, "should be able to query the iptables %s %s table and %s chain", ipv4, iptablesFilterTable, iptablesForwardChain)
-	require.True(t, exists, "forwarding rule should exist")
-
-	exists, err = ipv4Client.Exists(iptablesNatTable, iptablesPostRoutingChain, manager.rules[ipv4][ipv4Nat]...)
-	require.NoError(t, err, "should be able to query the iptables %s %s table and %s chain", ipv4, iptablesNatTable, iptablesPostRoutingChain)
-	require.True(t, exists, "postrouting rule should exist")
-
-	require.Len(t, manager.rules[ipv6], 2, "should have created minimal rules for ipv6")
-
-	exists, err = ipv6Client.Exists(iptablesFilterTable, iptablesForwardChain, manager.rules[ipv6][ipv6Forwarding]...)
-	require.NoError(t, err, "should be able to query the iptables %s %s table and %s chain", ipv6, iptablesFilterTable, iptablesForwardChain)
-	require.True(t, exists, "forwarding rule should exist")
-
-	exists, err = ipv6Client.Exists(iptablesNatTable, iptablesPostRoutingChain, manager.rules[ipv6][ipv6Nat]...)
-	require.NoError(t, err, "should be able to query the iptables %s %s table and %s chain", ipv6, iptablesNatTable, iptablesPostRoutingChain)
-	require.True(t, exists, "postrouting rule should exist")
-
-	pair := routerPair{
-		ID:          "abc",
-		source:      "100.100.100.1/32",
-		destination: "100.100.100.0/24",
-		masquerade:  true,
-	}
-	forward4RuleKey := genKey(forwardingFormat, pair.ID)
-	forward4Rule := genRuleSpec(routingFinalForwardJump, forward4RuleKey, pair.source, pair.destination)
-
-	err = ipv4Client.Insert(iptablesFilterTable, iptablesRoutingForwardingChain, 1, forward4Rule...)
-	require.NoError(t, err, "inserting rule should not return error")
-
-	nat4RuleKey := genKey(natFormat, pair.ID)
-	nat4Rule := genRuleSpec(routingFinalNatJump, nat4RuleKey, pair.source, pair.destination)
-
-	err = ipv4Client.Insert(iptablesNatTable, iptablesRoutingNatChain, 1, nat4Rule...)
-	require.NoError(t, err, "inserting rule should not return error")
-
-	pair = routerPair{
-		ID:          "abc",
-		source:      "fc00::1/128",
-		destination: "fc11::/64",
-		masquerade:  true,
-	}
-
-	forward6RuleKey := genKey(forwardingFormat, pair.ID)
-	forward6Rule := genRuleSpec(routingFinalForwardJump, forward6RuleKey, pair.source, pair.destination)
-
-	err = ipv6Client.Insert(iptablesFilterTable, iptablesRoutingForwardingChain, 1, forward6Rule...)
-	require.NoError(t, err, "inserting rule should not return error")
-
-	nat6RuleKey := genKey(natFormat, pair.ID)
-	nat6Rule := genRuleSpec(routingFinalNatJump, nat6RuleKey, pair.source, pair.destination)
-
-	err = ipv6Client.Insert(iptablesNatTable, iptablesRoutingNatChain, 1, nat6Rule...)
-	require.NoError(t, err, "inserting rule should not return error")
-
-	delete(manager.rules, ipv4)
-	delete(manager.rules, ipv6)
-
-	err = manager.RestoreOrCreateContainers()
-	require.NoError(t, err, "shouldn't return error")
-
-	require.Len(t, manager.rules[ipv4], 4, "should have restored all rules for ipv4")
-
-	foundRule, found := manager.rules[ipv4][forward4RuleKey]
-	require.True(t, found, "forwarding rule should exist in the map")
-	require.Equal(t, forward4Rule[:4], foundRule[:4], "stored forwarding rule should match")
-
-	foundRule, found = manager.rules[ipv4][nat4RuleKey]
-	require.True(t, found, "nat rule should exist in the map")
-	require.Equal(t, nat4Rule[:4], foundRule[:4], "stored nat rule should match")
-
-	require.Len(t, manager.rules[ipv6], 4, "should have restored all rules for ipv6")
-
-	foundRule, found = manager.rules[ipv6][forward6RuleKey]
-	require.True(t, found, "forwarding rule should exist in the map")
-	require.Equal(t, forward6Rule[:4], foundRule[:4], "stored forward rule should match")
-
-	foundRule, found = manager.rules[ipv6][nat6RuleKey]
-	require.True(t, found, "nat rule should exist in the map")
-	require.Equal(t, nat6Rule[:4], foundRule[:4], "stored nat rule should match")
-}
-
-func TestIptablesManager_InsertRoutingRules(t *testing.T) {
-
-	if !isIptablesSupported() {
-		t.SkipNow()
-	}
-
-	for _, testCase := range insertRuleTestCases {
-		t.Run(testCase.name, func(t *testing.T) {
-			ctx, cancel := context.WithCancel(context.TODO())
-			ipv4Client, _ := iptables.NewWithProtocol(iptables.ProtocolIPv4)
-			ipv6Client, _ := iptables.NewWithProtocol(iptables.ProtocolIPv6)
-			iptablesClient := ipv4Client
-			if testCase.ipVersion == ipv6 {
-				iptablesClient = ipv6Client
-			}
-
-			manager := &iptablesManager{
-				ctx:        ctx,
-				stop:       cancel,
-				ipv4Client: ipv4Client,
-				ipv6Client: ipv6Client,
-				rules:      make(map[string]map[string][]string),
-			}
-
-			defer manager.CleanRoutingRules()
-
-			err := manager.RestoreOrCreateContainers()
-			require.NoError(t, err, "shouldn't return error")
-
-			err = manager.InsertRoutingRules(testCase.inputPair)
-			require.NoError(t, err, "forwarding pair should be inserted")
-
-			forwardRuleKey := genKey(forwardingFormat, testCase.inputPair.ID)
-			forwardRule := genRuleSpec(routingFinalForwardJump, forwardRuleKey, testCase.inputPair.source, testCase.inputPair.destination)
-
-			exists, err := iptablesClient.Exists(iptablesFilterTable, iptablesRoutingForwardingChain, forwardRule...)
-			require.NoError(t, err, "should be able to query the iptables %s %s table and %s chain", testCase.ipVersion, iptablesFilterTable, iptablesRoutingForwardingChain)
-			require.True(t, exists, "forwarding rule should exist")
-
-			foundRule, found := manager.rules[testCase.ipVersion][forwardRuleKey]
-			require.True(t, found, "forwarding rule should exist in the manager map")
-			require.Equal(t, forwardRule[:4], foundRule[:4], "stored forwarding rule should match")
-
-			natRuleKey := genKey(natFormat, testCase.inputPair.ID)
-			natRule := genRuleSpec(routingFinalNatJump, natRuleKey, testCase.inputPair.source, testCase.inputPair.destination)
-
-			exists, err = iptablesClient.Exists(iptablesNatTable, iptablesRoutingNatChain, natRule...)
-			require.NoError(t, err, "should be able to query the iptables %s %s table and %s chain", testCase.ipVersion, iptablesNatTable, iptablesRoutingNatChain)
-			if testCase.inputPair.masquerade {
-				require.True(t, exists, "nat rule should be created")
-				foundNatRule, foundNat := manager.rules[testCase.ipVersion][natRuleKey]
-				require.True(t, foundNat, "nat rule should exist in the map")
-				require.Equal(t, natRule[:4], foundNatRule[:4], "stored nat rule should match")
-			} else {
-				require.False(t, exists, "nat rule should not be created")
-				_, foundNat := manager.rules[testCase.ipVersion][natRuleKey]
-				require.False(t, foundNat, "nat rule should exist in the map")
-			}
-		})
-	}
-}
-
-func TestIptablesManager_RemoveRoutingRules(t *testing.T) {
-
-	if !isIptablesSupported() {
-		t.SkipNow()
-	}
-
-	for _, testCase := range removeRuleTestCases {
-		t.Run(testCase.name, func(t *testing.T) {
-			ctx, cancel := context.WithCancel(context.TODO())
-			ipv4Client, _ := iptables.NewWithProtocol(iptables.ProtocolIPv4)
-			ipv6Client, _ := iptables.NewWithProtocol(iptables.ProtocolIPv6)
-			iptablesClient := ipv4Client
-			if testCase.ipVersion == ipv6 {
-				iptablesClient = ipv6Client
-			}
-
-			manager := &iptablesManager{
-				ctx:        ctx,
-				stop:       cancel,
-				ipv4Client: ipv4Client,
-				ipv6Client: ipv6Client,
-				rules:      make(map[string]map[string][]string),
-			}
-
-			defer manager.CleanRoutingRules()
-
-			err := manager.RestoreOrCreateContainers()
-			require.NoError(t, err, "shouldn't return error")
-
-			forwardRuleKey := genKey(forwardingFormat, testCase.inputPair.ID)
-			forwardRule := genRuleSpec(routingFinalForwardJump, forwardRuleKey, testCase.inputPair.source, testCase.inputPair.destination)
-
-			err = iptablesClient.Insert(iptablesFilterTable, iptablesRoutingForwardingChain, 1, forwardRule...)
-			require.NoError(t, err, "inserting rule should not return error")
-
-			natRuleKey := genKey(natFormat, testCase.inputPair.ID)
-			natRule := genRuleSpec(routingFinalNatJump, natRuleKey, testCase.inputPair.source, testCase.inputPair.destination)
-
-			err = iptablesClient.Insert(iptablesNatTable, iptablesRoutingNatChain, 1, natRule...)
-			require.NoError(t, err, "inserting rule should not return error")
-
-			delete(manager.rules, ipv4)
-			delete(manager.rules, ipv6)
-
-			err = manager.RestoreOrCreateContainers()
-			require.NoError(t, err, "shouldn't return error")
-
-			err = manager.RemoveRoutingRules(testCase.inputPair)
-			require.NoError(t, err, "shouldn't return error")
-
-			exists, err := iptablesClient.Exists(iptablesFilterTable, iptablesRoutingForwardingChain, forwardRule...)
-			require.NoError(t, err, "should be able to query the iptables %s %s table and %s chain", testCase.ipVersion, iptablesFilterTable, iptablesRoutingForwardingChain)
-			require.False(t, exists, "forwarding rule should not exist")
-
-			_, found := manager.rules[testCase.ipVersion][forwardRuleKey]
-			require.False(t, found, "forwarding rule should exist in the manager map")
-
-			exists, err = iptablesClient.Exists(iptablesNatTable, iptablesRoutingNatChain, natRule...)
-			require.NoError(t, err, "should be able to query the iptables %s %s table and %s chain", testCase.ipVersion, iptablesNatTable, iptablesRoutingNatChain)
-			require.False(t, exists, "nat rule should not exist")
-
-			_, found = manager.rules[testCase.ipVersion][natRuleKey]
-			require.False(t, found, "forwarding rule should exist in the manager map")
-
-		})
-	}
-}
--- a/client/internal/routemanager/manager.go
+++ b/client/internal/routemanager/manager.go
@@ -1,181 +0,0 @@
-package routemanager
-
-import (
-	"context"
-	"fmt"
-	"github.com/netbirdio/netbird/client/status"
-	"github.com/netbirdio/netbird/client/system"
-	"github.com/netbirdio/netbird/iface"
-	"github.com/netbirdio/netbird/route"
-	log "github.com/sirupsen/logrus"
-	"runtime"
-	"sync"
-)
-
-// Manager is a route manager interface
-type Manager interface {
-	UpdateRoutes(updateSerial uint64, newRoutes []*route.Route) error
-	Stop()
-}
-
-// DefaultManager is the default instance of a route manager
-type DefaultManager struct {
-	ctx            context.Context
-	stop           context.CancelFunc
-	mux            sync.Mutex
-	clientNetworks map[string]*clientNetwork
-	serverRoutes   map[string]*route.Route
-	serverRouter   *serverRouter
-	statusRecorder *status.Status
-	wgInterface    *iface.WGIface
-	pubKey         string
-}
-
-// NewManager returns a new route manager
-func NewManager(ctx context.Context, pubKey string, wgInterface *iface.WGIface, statusRecorder *status.Status) *DefaultManager {
-	mCTX, cancel := context.WithCancel(ctx)
-	return &DefaultManager{
-		ctx:            mCTX,
-		stop:           cancel,
-		clientNetworks: make(map[string]*clientNetwork),
-		serverRoutes:   make(map[string]*route.Route),
-		serverRouter: &serverRouter{
-			routes:                   make(map[string]*route.Route),
-			netForwardHistoryEnabled: isNetForwardHistoryEnabled(),
-			firewall:                 NewFirewall(ctx),
-		},
-		statusRecorder: statusRecorder,
-		wgInterface:    wgInterface,
-		pubKey:         pubKey,
-	}
-}
-
-// Stop stops the manager watchers and clean firewall rules
-func (m *DefaultManager) Stop() {
-	m.stop()
-	m.serverRouter.firewall.CleanRoutingRules()
-}
-
-func (m *DefaultManager) updateClientNetworks(updateSerial uint64, networks map[string][]*route.Route) {
-	// removing routes that do not exist as per the update from the Management service.
-	for id, client := range m.clientNetworks {
-		_, found := networks[id]
-		if !found {
-			log.Debugf("stopping client network watcher, %s", id)
-			client.stop()
-			delete(m.clientNetworks, id)
-		}
-	}
-
-	for id, routes := range networks {
-		clientNetworkWatcher, found := m.clientNetworks[id]
-		if !found {
-			clientNetworkWatcher = newClientNetworkWatcher(m.ctx, m.wgInterface, m.statusRecorder, routes[0].Network)
-			m.clientNetworks[id] = clientNetworkWatcher
-			go clientNetworkWatcher.peersStateAndUpdateWatcher()
-		}
-		update := routesUpdate{
-			updateSerial: updateSerial,
-			routes:       routes,
-		}
-
-		clientNetworkWatcher.sendUpdateToClientNetworkWatcher(update)
-	}
-}
-
-func (m *DefaultManager) updateServerRoutes(routesMap map[string]*route.Route) error {
-	serverRoutesToRemove := make([]string, 0)
-
-	if len(routesMap) > 0 {
-		err := m.serverRouter.firewall.RestoreOrCreateContainers()
-		if err != nil {
-			return fmt.Errorf("couldn't initialize firewall containers, got err: %v", err)
-		}
-	}
-
-	for routeID := range m.serverRoutes {
-		update, found := routesMap[routeID]
-		if !found || !update.IsEqual(m.serverRoutes[routeID]) {
-			serverRoutesToRemove = append(serverRoutesToRemove, routeID)
-			continue
-		}
-	}
-
-	for _, routeID := range serverRoutesToRemove {
-		oldRoute := m.serverRoutes[routeID]
-		err := m.removeFromServerNetwork(oldRoute)
-		if err != nil {
-			log.Errorf("unable to remove route id: %s, network %s, from server, got: %v",
-				oldRoute.ID, oldRoute.Network, err)
-		}
-		delete(m.serverRoutes, routeID)
-	}
-
-	for id, newRoute := range routesMap {
-		_, found := m.serverRoutes[id]
-		if found {
-			continue
-		}
-
-		err := m.addToServerNetwork(newRoute)
-		if err != nil {
-			log.Errorf("unable to add route %s from server, got: %v", newRoute.ID, err)
-			continue
-		}
-		m.serverRoutes[id] = newRoute
-	}
-
-	if len(m.serverRoutes) > 0 {
-		err := enableIPForwarding()
-		if err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-// UpdateRoutes compares received routes with existing routes and remove, update or add them to the client and server maps
-func (m *DefaultManager) UpdateRoutes(updateSerial uint64, newRoutes []*route.Route) error {
-	select {
-	case <-m.ctx.Done():
-		log.Infof("not updating routes as context is closed")
-		return m.ctx.Err()
-	default:
-		m.mux.Lock()
-		defer m.mux.Unlock()
-
-		newClientRoutesIDMap := make(map[string][]*route.Route)
-		newServerRoutesMap := make(map[string]*route.Route)
-
-		for _, newRoute := range newRoutes {
-			// only linux is supported for now
-			if newRoute.Peer == m.pubKey {
-				if runtime.GOOS != "linux" {
-					log.Warnf("received a route to manage, but agent doesn't support router mode on %s OS", runtime.GOOS)
-					continue
-				}
-				newServerRoutesMap[newRoute.ID] = newRoute
-			} else {
-				// if prefix is too small, lets assume is a possible default route which is not yet supported
-				// we skip this route management
-				if newRoute.Network.Bits() < 7 {
-					log.Errorf("this agent version: %s, doesn't support default routes, received %s, skiping this route",
-						system.NetbirdVersion(), newRoute.Network)
-					continue
-				}
-				clientNetworkID := getClientNetworkID(newRoute)
-				newClientRoutesIDMap[clientNetworkID] = append(newClientRoutesIDMap[clientNetworkID], newRoute)
-			}
-		}
-
-		m.updateClientNetworks(updateSerial, newClientRoutesIDMap)
-
-		err := m.updateServerRoutes(newServerRoutesMap)
-		if err != nil {
-			return err
-		}
-
-		return nil
-	}
-}
--- a/client/internal/routemanager/manager_test.go
+++ b/client/internal/routemanager/manager_test.go
@@ -1,370 +0,0 @@
-package routemanager
-
-import (
-	"context"
-	"fmt"
-	"github.com/netbirdio/netbird/client/status"
-	"github.com/netbirdio/netbird/iface"
-	"github.com/netbirdio/netbird/route"
-	"github.com/stretchr/testify/require"
-	"net/netip"
-	"runtime"
-	"testing"
-)
-
-// send 5 routes, one for server and 4 for clients, one normal and 2 HA and one small
-// if linux host, should have one for server in map
-// we should have 2 client manager
-// 2 ranges in our routing table
-
-const localPeerKey = "local"
-const remotePeerKey1 = "remote1"
-const remotePeerKey2 = "remote1"
-
-func TestManagerUpdateRoutes(t *testing.T) {
-	testCases := []struct {
-		name                          string
-		inputInitRoutes               []*route.Route
-		inputRoutes                   []*route.Route
-		inputSerial                   uint64
-		shouldCheckServerRoutes       bool
-		serverRoutesExpected          int
-		clientNetworkWatchersExpected int
-	}{
-		{
-			name:            "Should create 2 client networks",
-			inputInitRoutes: []*route.Route{},
-			inputRoutes: []*route.Route{
-				{
-					ID:          "a",
-					NetID:       "routeA",
-					Peer:        remotePeerKey1,
-					Network:     netip.MustParsePrefix("100.64.251.250/30"),
-					NetworkType: route.IPv4Network,
-					Metric:      9999,
-					Masquerade:  false,
-					Enabled:     true,
-				},
-				{
-					ID:          "b",
-					NetID:       "routeB",
-					Peer:        remotePeerKey1,
-					Network:     netip.MustParsePrefix("8.8.8.8/32"),
-					NetworkType: route.IPv4Network,
-					Metric:      9999,
-					Masquerade:  false,
-					Enabled:     true,
-				},
-			},
-			inputSerial:                   1,
-			clientNetworkWatchersExpected: 2,
-		},
-		{
-			name: "Should Create 2 Server Routes",
-			inputRoutes: []*route.Route{
-				{
-					ID:          "a",
-					NetID:       "routeA",
-					Peer:        localPeerKey,
-					Network:     netip.MustParsePrefix("100.64.252.250/30"),
-					NetworkType: route.IPv4Network,
-					Metric:      9999,
-					Masquerade:  false,
-					Enabled:     true,
-				},
-				{
-					ID:          "b",
-					NetID:       "routeB",
-					Peer:        localPeerKey,
-					Network:     netip.MustParsePrefix("8.8.8.9/32"),
-					NetworkType: route.IPv4Network,
-					Metric:      9999,
-					Masquerade:  false,
-					Enabled:     true,
-				},
-			},
-			inputSerial:                   1,
-			shouldCheckServerRoutes:       runtime.GOOS == "linux",
-			serverRoutesExpected:          2,
-			clientNetworkWatchersExpected: 0,
-		},
-		{
-			name: "Should Create 1 Route For Client And Server",
-			inputRoutes: []*route.Route{
-				{
-					ID:          "a",
-					NetID:       "routeA",
-					Peer:        localPeerKey,
-					Network:     netip.MustParsePrefix("100.64.30.250/30"),
-					NetworkType: route.IPv4Network,
-					Metric:      9999,
-					Masquerade:  false,
-					Enabled:     true,
-				},
-				{
-					ID:          "b",
-					NetID:       "routeB",
-					Peer:        remotePeerKey1,
-					Network:     netip.MustParsePrefix("8.8.9.9/32"),
-					NetworkType: route.IPv4Network,
-					Metric:      9999,
-					Masquerade:  false,
-					Enabled:     true,
-				},
-			},
-			inputSerial:                   1,
-			shouldCheckServerRoutes:       runtime.GOOS == "linux",
-			serverRoutesExpected:          1,
-			clientNetworkWatchersExpected: 1,
-		},
-		{
-			name: "Should Create 1 HA Route and 1 Standalone",
-			inputRoutes: []*route.Route{
-				{
-					ID:          "a",
-					NetID:       "routeA",
-					Peer:        remotePeerKey1,
-					Network:     netip.MustParsePrefix("8.8.20.0/24"),
-					NetworkType: route.IPv4Network,
-					Metric:      9999,
-					Masquerade:  false,
-					Enabled:     true,
-				},
-				{
-					ID:          "b",
-					NetID:       "routeA",
-					Peer:        remotePeerKey2,
-					Network:     netip.MustParsePrefix("8.8.20.0/24"),
-					NetworkType: route.IPv4Network,
-					Metric:      9999,
-					Masquerade:  false,
-					Enabled:     true,
-				},
-				{
-					ID:          "c",
-					NetID:       "routeB",
-					Peer:        remotePeerKey1,
-					Network:     netip.MustParsePrefix("8.8.9.9/32"),
-					NetworkType: route.IPv4Network,
-					Metric:      9999,
-					Masquerade:  false,
-					Enabled:     true,
-				},
-			},
-			inputSerial:                   1,
-			clientNetworkWatchersExpected: 2,
-		},
-		{
-			name: "No Small Client Route Should Be Added",
-			inputRoutes: []*route.Route{
-				{
-					ID:          "a",
-					NetID:       "routeA",
-					Peer:        remotePeerKey1,
-					Network:     netip.MustParsePrefix("0.0.0.0/0"),
-					NetworkType: route.IPv4Network,
-					Metric:      9999,
-					Masquerade:  false,
-					Enabled:     true,
-				},
-			},
-			inputSerial:                   1,
-			clientNetworkWatchersExpected: 0,
-		},
-		{
-			name: "No Server Routes Should Be Added To Non Linux",
-			inputRoutes: []*route.Route{
-				{
-					ID:          "a",
-					NetID:       "routeA",
-					Peer:        localPeerKey,
-					Network:     netip.MustParsePrefix("1.2.3.4/32"),
-					NetworkType: route.IPv4Network,
-					Metric:      9999,
-					Masquerade:  false,
-					Enabled:     true,
-				},
-			},
-			inputSerial:                   1,
-			shouldCheckServerRoutes:       runtime.GOOS != "linux",
-			serverRoutesExpected:          0,
-			clientNetworkWatchersExpected: 0,
-		},
-		{
-			name: "Remove 1 Client Route",
-			inputInitRoutes: []*route.Route{
-				{
-					ID:          "a",
-					NetID:       "routeA",
-					Peer:        remotePeerKey1,
-					Network:     netip.MustParsePrefix("100.64.251.250/30"),
-					NetworkType: route.IPv4Network,
-					Metric:      9999,
-					Masquerade:  false,
-					Enabled:     true,
-				},
-				{
-					ID:          "b",
-					NetID:       "routeB",
-					Peer:        remotePeerKey1,
-					Network:     netip.MustParsePrefix("8.8.8.8/32"),
-					NetworkType: route.IPv4Network,
-					Metric:      9999,
-					Masquerade:  false,
-					Enabled:     true,
-				},
-			},
-			inputRoutes: []*route.Route{
-				{
-					ID:          "a",
-					NetID:       "routeA",
-					Peer:        remotePeerKey1,
-					Network:     netip.MustParsePrefix("100.64.251.250/30"),
-					NetworkType: route.IPv4Network,
-					Metric:      9999,
-					Masquerade:  false,
-					Enabled:     true,
-				},
-			},
-			inputSerial:                   1,
-			clientNetworkWatchersExpected: 1,
-		},
-		{
-			name: "Update Route to HA",
-			inputInitRoutes: []*route.Route{
-				{
-					ID:          "a",
-					NetID:       "routeA",
-					Peer:        remotePeerKey1,
-					Network:     netip.MustParsePrefix("100.64.251.250/30"),
-					NetworkType: route.IPv4Network,
-					Metric:      9999,
-					Masquerade:  false,
-					Enabled:     true,
-				},
-				{
-					ID:          "b",
-					NetID:       "routeB",
-					Peer:        remotePeerKey1,
-					Network:     netip.MustParsePrefix("8.8.8.8/32"),
-					NetworkType: route.IPv4Network,
-					Metric:      9999,
-					Masquerade:  false,
-					Enabled:     true,
-				},
-			},
-			inputRoutes: []*route.Route{
-				{
-					ID:          "a",
-					NetID:       "routeA",
-					Peer:        remotePeerKey1,
-					Network:     netip.MustParsePrefix("100.64.251.250/30"),
-					NetworkType: route.IPv4Network,
-					Metric:      9999,
-					Masquerade:  false,
-					Enabled:     true,
-				},
-				{
-					ID:          "b",
-					NetID:       "routeA",
-					Peer:        remotePeerKey2,
-					Network:     netip.MustParsePrefix("100.64.251.250/30"),
-					NetworkType: route.IPv4Network,
-					Metric:      9999,
-					Masquerade:  false,
-					Enabled:     true,
-				},
-			},
-			inputSerial:                   1,
-			clientNetworkWatchersExpected: 1,
-		},
-		{
-			name: "Remove Client Routes",
-			inputInitRoutes: []*route.Route{
-				{
-					ID:          "a",
-					NetID:       "routeA",
-					Peer:        remotePeerKey1,
-					Network:     netip.MustParsePrefix("100.64.251.250/30"),
-					NetworkType: route.IPv4Network,
-					Metric:      9999,
-					Masquerade:  false,
-					Enabled:     true,
-				},
-				{
-					ID:          "b",
-					NetID:       "routeB",
-					Peer:        remotePeerKey1,
-					Network:     netip.MustParsePrefix("8.8.8.8/32"),
-					NetworkType: route.IPv4Network,
-					Metric:      9999,
-					Masquerade:  false,
-					Enabled:     true,
-				},
-			},
-			inputRoutes:                   []*route.Route{},
-			inputSerial:                   1,
-			clientNetworkWatchersExpected: 0,
-		},
-		{
-			name: "Remove All Routes",
-			inputInitRoutes: []*route.Route{
-				{
-					ID:          "a",
-					NetID:       "routeA",
-					Peer:        localPeerKey,
-					Network:     netip.MustParsePrefix("100.64.251.250/30"),
-					NetworkType: route.IPv4Network,
-					Metric:      9999,
-					Masquerade:  false,
-					Enabled:     true,
-				},
-				{
-					ID:          "b",
-					NetID:       "routeB",
-					Peer:        remotePeerKey1,
-					Network:     netip.MustParsePrefix("8.8.8.8/32"),
-					NetworkType: route.IPv4Network,
-					Metric:      9999,
-					Masquerade:  false,
-					Enabled:     true,
-				},
-			},
-			inputRoutes:                   []*route.Route{},
-			inputSerial:                   1,
-			shouldCheckServerRoutes:       true,
-			serverRoutesExpected:          0,
-			clientNetworkWatchersExpected: 0,
-		},
-	}
-
-	for n, testCase := range testCases {
-		t.Run(testCase.name, func(t *testing.T) {
-			wgInterface, err := iface.NewWGIFace(fmt.Sprintf("utun43%d", n), "100.65.65.2/24", iface.DefaultMTU)
-			require.NoError(t, err, "should create testing WGIface interface")
-			defer wgInterface.Close()
-
-			err = wgInterface.Create()
-			require.NoError(t, err, "should create testing wireguard interface")
-
-			statusRecorder := status.NewRecorder()
-			ctx := context.TODO()
-			routeManager := NewManager(ctx, localPeerKey, wgInterface, statusRecorder)
-			defer routeManager.Stop()
-
-			if len(testCase.inputInitRoutes) > 0 {
-				err = routeManager.UpdateRoutes(testCase.inputSerial, testCase.inputRoutes)
-				require.NoError(t, err, "should update routes with init routes")
-			}
-
-			err = routeManager.UpdateRoutes(testCase.inputSerial+uint64(len(testCase.inputInitRoutes)), testCase.inputRoutes)
-			require.NoError(t, err, "should update routes")
-
-			require.Len(t, routeManager.clientNetworks, testCase.clientNetworkWatchersExpected, "client networks size should match")
-
-			if testCase.shouldCheckServerRoutes {
-				require.Len(t, routeManager.serverRoutes, testCase.serverRoutesExpected, "server networks size should match")
-			}
-		})
-	}
-}
--- a/client/internal/routemanager/mock.go
+++ b/client/internal/routemanager/mock.go
@@ -1,27 +0,0 @@
-package routemanager
-
-import (
-	"fmt"
-	"github.com/netbirdio/netbird/route"
-)
-
-// MockManager is the mock instance of a route manager
-type MockManager struct {
-	UpdateRoutesFunc func(updateSerial uint64, newRoutes []*route.Route) error
-	StopFunc         func()
-}
-
-// UpdateRoutes mock implementation of UpdateRoutes from Manager interface
-func (m *MockManager) UpdateRoutes(updateSerial uint64, newRoutes []*route.Route) error {
-	if m.UpdateRoutesFunc != nil {
-		return m.UpdateRoutesFunc(updateSerial, newRoutes)
-	}
-	return fmt.Errorf("method UpdateRoutes is not implemented")
-}
-
-// Stop mock implementation of Stop from Manager interface
-func (m *MockManager) Stop() {
-	if m.StopFunc != nil {
-		m.StopFunc()
-	}
-}
--- a/client/internal/routemanager/nftables_linux.go
+++ b/client/internal/routemanager/nftables_linux.go
@@ -1,384 +0,0 @@
-package routemanager
-
-import (
-	"context"
-	"fmt"
-	"github.com/google/nftables/binaryutil"
-	"github.com/google/nftables/expr"
-	log "github.com/sirupsen/logrus"
-	"net"
-	"net/netip"
-	"sync"
-)
-import "github.com/google/nftables"
-
-//
-const (
-	nftablesTable                  = "netbird-rt"
-	nftablesRoutingForwardingChain = "netbird-rt-fwd"
-	nftablesRoutingNatChain        = "netbird-rt-nat"
-)
-
-// constants needed to create nftable rules
-const (
-	ipv4Len                  = 4
-	ipv4SrcOffset            = 12
-	ipv4DestOffset           = 16
-	ipv6Len                  = 16
-	ipv6SrcOffset            = 8
-	ipv6DestOffset           = 24
-	exprDirectionSource      = "source"
-	exprDirectionDestination = "destination"
-)
-
-// some presets for building nftable rules
-var (
-	zeroXor = binaryutil.NativeEndian.PutUint32(0)
-
-	zeroXor6 = append(binaryutil.NativeEndian.PutUint64(0), binaryutil.NativeEndian.PutUint64(0)...)
-
-	exprAllowRelatedEstablished = []expr.Any{
-		&expr.Ct{
-			Register:       1,
-			SourceRegister: false,
-			Key:            0,
-		},
-		&expr.Bitwise{
-			DestRegister:   1,
-			SourceRegister: 1,
-			Len:            4,
-			Mask:           []uint8{0x6, 0x0, 0x0, 0x0},
-			Xor:            zeroXor,
-		},
-		&expr.Cmp{
-			Register: 1,
-			Data:     binaryutil.NativeEndian.PutUint32(0),
-		},
-		&expr.Counter{},
-		&expr.Verdict{
-			Kind: expr.VerdictAccept,
-		},
-	}
-
-	exprCounterAccept = []expr.Any{
-		&expr.Counter{},
-		&expr.Verdict{
-			Kind: expr.VerdictAccept,
-		},
-	}
-)
-
-type nftablesManager struct {
-	ctx       context.Context
-	stop      context.CancelFunc
-	conn      *nftables.Conn
-	tableIPv4 *nftables.Table
-	tableIPv6 *nftables.Table
-	chains    map[string]map[string]*nftables.Chain
-	rules     map[string]*nftables.Rule
-	mux       sync.Mutex
-}
-
-// CleanRoutingRules cleans existing nftables rules from the system
-func (n *nftablesManager) CleanRoutingRules() {
-	n.mux.Lock()
-	defer n.mux.Unlock()
-	log.Debug("flushing tables")
-	n.conn.FlushTable(n.tableIPv6)
-	n.conn.FlushTable(n.tableIPv4)
-	log.Debugf("flushing tables result in: %v error", n.conn.Flush())
-}
-
-// RestoreOrCreateContainers restores existing nftables containers (tables and chains)
-// if they don't exist, we create them
-func (n *nftablesManager) RestoreOrCreateContainers() error {
-	n.mux.Lock()
-	defer n.mux.Unlock()
-
-	if n.tableIPv6 != nil && n.tableIPv4 != nil {
-		log.Debugf("nftables: containers already restored, skipping")
-		return nil
-	}
-
-	tables, err := n.conn.ListTables()
-	if err != nil {
-		return fmt.Errorf("nftables: unable to list tables: %v", err)
-	}
-
-	for _, table := range tables {
-		if table.Name == nftablesTable {
-			if table.Family == nftables.TableFamilyIPv4 {
-				n.tableIPv4 = table
-				continue
-			}
-			n.tableIPv6 = table
-		}
-	}
-
-	if n.tableIPv4 == nil {
-		n.tableIPv4 = n.conn.AddTable(&nftables.Table{
-			Name:   nftablesTable,
-			Family: nftables.TableFamilyIPv4,
-		})
-	}
-
-	if n.tableIPv6 == nil {
-		n.tableIPv6 = n.conn.AddTable(&nftables.Table{
-			Name:   nftablesTable,
-			Family: nftables.TableFamilyIPv6,
-		})
-	}
-
-	chains, err := n.conn.ListChains()
-	if err != nil {
-		return fmt.Errorf("nftables: unable to list chains: %v", err)
-	}
-
-	n.chains[ipv4] = make(map[string]*nftables.Chain)
-	n.chains[ipv6] = make(map[string]*nftables.Chain)
-
-	for _, chain := range chains {
-		switch {
-		case chain.Table.Name == nftablesTable && chain.Table.Family == nftables.TableFamilyIPv4:
-			n.chains[ipv4][chain.Name] = chain
-		case chain.Table.Name == nftablesTable && chain.Table.Family == nftables.TableFamilyIPv6:
-			n.chains[ipv6][chain.Name] = chain
-		}
-	}
-
-	if _, found := n.chains[ipv4][nftablesRoutingForwardingChain]; !found {
-		n.chains[ipv4][nftablesRoutingForwardingChain] = n.conn.AddChain(&nftables.Chain{
-			Name:     nftablesRoutingForwardingChain,
-			Table:    n.tableIPv4,
-			Hooknum:  nftables.ChainHookForward,
-			Priority: nftables.ChainPriorityNATDest + 1,
-			Type:     nftables.ChainTypeFilter,
-		})
-	}
-
-	if _, found := n.chains[ipv4][nftablesRoutingNatChain]; !found {
-		n.chains[ipv4][nftablesRoutingNatChain] = n.conn.AddChain(&nftables.Chain{
-			Name:     nftablesRoutingNatChain,
-			Table:    n.tableIPv4,
-			Hooknum:  nftables.ChainHookPostrouting,
-			Priority: nftables.ChainPriorityNATSource - 1,
-			Type:     nftables.ChainTypeNAT,
-		})
-	}
-
-	if _, found := n.chains[ipv6][nftablesRoutingForwardingChain]; !found {
-		n.chains[ipv6][nftablesRoutingForwardingChain] = n.conn.AddChain(&nftables.Chain{
-			Name:     nftablesRoutingForwardingChain,
-			Table:    n.tableIPv6,
-			Hooknum:  nftables.ChainHookForward,
-			Priority: nftables.ChainPriorityNATDest + 1,
-			Type:     nftables.ChainTypeFilter,
-		})
-	}
-
-	if _, found := n.chains[ipv6][nftablesRoutingNatChain]; !found {
-		n.chains[ipv6][nftablesRoutingNatChain] = n.conn.AddChain(&nftables.Chain{
-			Name:     nftablesRoutingNatChain,
-			Table:    n.tableIPv6,
-			Hooknum:  nftables.ChainHookPostrouting,
-			Priority: nftables.ChainPriorityNATSource - 1,
-			Type:     nftables.ChainTypeNAT,
-		})
-	}
-
-	err = n.refreshRulesMap()
-	if err != nil {
-		return err
-	}
-
-	n.checkOrCreateDefaultForwardingRules()
-	err = n.conn.Flush()
-	if err != nil {
-		return fmt.Errorf("nftables: unable to initialize table: %v", err)
-	}
-	return nil
-}
-
-// refreshRulesMap refreshes the rule map with the latest rules. this is useful to avoid
-// duplicates and to get missing attributes that we don't have when adding new rules
-func (n *nftablesManager) refreshRulesMap() error {
-	for _, registeredChains := range n.chains {
-		for _, chain := range registeredChains {
-			rules, err := n.conn.GetRules(chain.Table, chain)
-			if err != nil {
-				return fmt.Errorf("nftables: unable to list rules: %v", err)
-			}
-			for _, rule := range rules {
-				if len(rule.UserData) > 0 {
-					n.rules[string(rule.UserData)] = rule
-				}
-			}
-		}
-	}
-	return nil
-}
-
-// checkOrCreateDefaultForwardingRules checks if the default forwarding rules are enabled
-func (n *nftablesManager) checkOrCreateDefaultForwardingRules() {
-	_, foundIPv4 := n.rules[ipv4Forwarding]
-	if !foundIPv4 {
-		n.rules[ipv4Forwarding] = n.conn.AddRule(&nftables.Rule{
-			Table:    n.tableIPv4,
-			Chain:    n.chains[ipv4][nftablesRoutingForwardingChain],
-			Exprs:    exprAllowRelatedEstablished,
-			UserData: []byte(ipv4Forwarding),
-		})
-	}
-
-	_, foundIPv6 := n.rules[ipv6Forwarding]
-	if !foundIPv6 {
-		n.rules[ipv6Forwarding] = n.conn.AddRule(&nftables.Rule{
-			Table:    n.tableIPv6,
-			Chain:    n.chains[ipv6][nftablesRoutingForwardingChain],
-			Exprs:    exprAllowRelatedEstablished,
-			UserData: []byte(ipv6Forwarding),
-		})
-	}
-}
-
-// InsertRoutingRules inserts a nftable rule pair to the forwarding chain and if enabled, to the nat chain
-func (n *nftablesManager) InsertRoutingRules(pair routerPair) error {
-	n.mux.Lock()
-	defer n.mux.Unlock()
-
-	prefix := netip.MustParsePrefix(pair.source)
-
-	sourceExp := generateCIDRMatcherExpressions("source", pair.source)
-	destExp := generateCIDRMatcherExpressions("destination", pair.destination)
-
-	forwardExp := append(sourceExp, append(destExp, exprCounterAccept...)...)
-	fwdKey := genKey(forwardingFormat, pair.ID)
-	if prefix.Addr().Unmap().Is4() {
-		n.rules[fwdKey] = n.conn.InsertRule(&nftables.Rule{
-			Table:    n.tableIPv4,
-			Chain:    n.chains[ipv4][nftablesRoutingForwardingChain],
-			Exprs:    forwardExp,
-			UserData: []byte(fwdKey),
-		})
-	} else {
-		n.rules[fwdKey] = n.conn.InsertRule(&nftables.Rule{
-			Table:    n.tableIPv6,
-			Chain:    n.chains[ipv6][nftablesRoutingForwardingChain],
-			Exprs:    forwardExp,
-			UserData: []byte(fwdKey),
-		})
-	}
-
-	if pair.masquerade {
-		natExp := append(sourceExp, append(destExp, &expr.Counter{}, &expr.Masq{})...)
-		natKey := genKey(natFormat, pair.ID)
-
-		if prefix.Addr().Unmap().Is4() {
-			n.rules[natKey] = n.conn.InsertRule(&nftables.Rule{
-				Table:    n.tableIPv4,
-				Chain:    n.chains[ipv4][nftablesRoutingNatChain],
-				Exprs:    natExp,
-				UserData: []byte(natKey),
-			})
-		} else {
-			n.rules[natKey] = n.conn.InsertRule(&nftables.Rule{
-				Table:    n.tableIPv6,
-				Chain:    n.chains[ipv6][nftablesRoutingNatChain],
-				Exprs:    natExp,
-				UserData: []byte(natKey),
-			})
-		}
-	}
-
-	err := n.conn.Flush()
-	if err != nil {
-		return fmt.Errorf("nftables: unable to insert rules for %s: %v", pair.destination, err)
-	}
-	return nil
-}
-
-// RemoveRoutingRules removes a nftable rule pair from forwarding and nat chains
-func (n *nftablesManager) RemoveRoutingRules(pair routerPair) error {
-	n.mux.Lock()
-	defer n.mux.Unlock()
-
-	err := n.refreshRulesMap()
-	if err != nil {
-		return err
-	}
-
-	fwdKey := genKey(forwardingFormat, pair.ID)
-	natKey := genKey(natFormat, pair.ID)
-	fwdRule, found := n.rules[fwdKey]
-	if found {
-		err = n.conn.DelRule(fwdRule)
-		if err != nil {
-			return fmt.Errorf("nftables: unable to remove forwarding rule for %s: %v", pair.destination, err)
-		}
-		log.Debugf("nftables: removing forwarding rule for %s", pair.destination)
-		delete(n.rules, fwdKey)
-	}
-	natRule, found := n.rules[natKey]
-	if found {
-		err = n.conn.DelRule(natRule)
-		if err != nil {
-			return fmt.Errorf("nftables: unable to remove nat rule for %s: %v", pair.destination, err)
-		}
-		log.Debugf("nftables: removing nat rule for %s", pair.destination)
-		delete(n.rules, natKey)
-	}
-	err = n.conn.Flush()
-	if err != nil {
-		return fmt.Errorf("nftables: received error while applying rule removal for %s: %v", pair.destination, err)
-	}
-	log.Debugf("nftables: removed rules for %s", pair.destination)
-	return nil
-}
-
-// getPayloadDirectives get expression directives based on ip version and direction
-func getPayloadDirectives(direction string, isIPv4 bool, isIPv6 bool) (uint32, uint32, []byte) {
-	switch {
-	case direction == exprDirectionSource && isIPv4:
-		return ipv4SrcOffset, ipv4Len, zeroXor
-	case direction == exprDirectionDestination && isIPv4:
-		return ipv4DestOffset, ipv4Len, zeroXor
-	case direction == exprDirectionSource && isIPv6:
-		return ipv6SrcOffset, ipv6Len, zeroXor6
-	case direction == exprDirectionDestination && isIPv6:
-		return ipv6DestOffset, ipv6Len, zeroXor6
-	default:
-		panic("no matched payload directive")
-	}
-}
-
-// generateCIDRMatcherExpressions generates nftables expressions that matches a CIDR
-func generateCIDRMatcherExpressions(direction string, cidr string) []expr.Any {
-	ip, network, _ := net.ParseCIDR(cidr)
-	ipToAdd, _ := netip.AddrFromSlice(ip)
-	add := ipToAdd.Unmap()
-
-	offSet, packetLen, zeroXor := getPayloadDirectives(direction, add.Is4(), add.Is6())
-
-	return []expr.Any{
-		// fetch src add
-		&expr.Payload{
-			DestRegister: 1,
-			Base:         expr.PayloadBaseNetworkHeader,
-			Offset:       offSet,
-			Len:          packetLen,
-		},
-		// net mask
-		&expr.Bitwise{
-			DestRegister:   1,
-			SourceRegister: 1,
-			Len:            packetLen,
-			Mask:           network.Mask,
-			Xor:            zeroXor,
-		},
-		// net address
-		&expr.Cmp{
-			Register: 1,
-			Data:     add.AsSlice(),
-		},
-	}
-}
--- a/client/internal/routemanager/nftables_linux_test.go
+++ b/client/internal/routemanager/nftables_linux_test.go
@@ -1,270 +0,0 @@
-package routemanager
-
-import (
-	"context"
-	"github.com/google/nftables"
-	"github.com/google/nftables/expr"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-	"testing"
-)
-
-func TestNftablesManager_RestoreOrCreateContainers(t *testing.T) {
-
-	ctx, cancel := context.WithCancel(context.TODO())
-
-	manager := &nftablesManager{
-		ctx:    ctx,
-		stop:   cancel,
-		conn:   &nftables.Conn{},
-		chains: make(map[string]map[string]*nftables.Chain),
-		rules:  make(map[string]*nftables.Rule),
-	}
-
-	nftablesTestingClient := &nftables.Conn{}
-
-	defer manager.CleanRoutingRules()
-
-	err := manager.RestoreOrCreateContainers()
-	require.NoError(t, err, "shouldn't return error")
-
-	require.Len(t, manager.chains, 2, "should have created chains for ipv4 and ipv6")
-	require.Len(t, manager.chains[ipv4], 2, "should have created chains for ipv4")
-	require.Len(t, manager.chains[ipv4], 2, "should have created chains for ipv6")
-	require.Len(t, manager.rules, 2, "should have created rules for ipv4 and ipv6")
-
-	pair := routerPair{
-		ID:          "abc",
-		source:      "100.100.100.1/32",
-		destination: "100.100.100.0/24",
-		masquerade:  true,
-	}
-
-	sourceExp := generateCIDRMatcherExpressions("source", pair.source)
-	destExp := generateCIDRMatcherExpressions("destination", pair.destination)
-
-	forward4Exp := append(sourceExp, append(destExp, exprCounterAccept...)...)
-	forward4RuleKey := genKey(forwardingFormat, pair.ID)
-	inserted4Forwarding := nftablesTestingClient.InsertRule(&nftables.Rule{
-		Table:    manager.tableIPv4,
-		Chain:    manager.chains[ipv4][nftablesRoutingForwardingChain],
-		Exprs:    forward4Exp,
-		UserData: []byte(forward4RuleKey),
-	})
-
-	nat4Exp := append(sourceExp, append(destExp, &expr.Counter{}, &expr.Masq{})...)
-	nat4RuleKey := genKey(natFormat, pair.ID)
-
-	inserted4Nat := nftablesTestingClient.InsertRule(&nftables.Rule{
-		Table:    manager.tableIPv4,
-		Chain:    manager.chains[ipv4][nftablesRoutingNatChain],
-		Exprs:    nat4Exp,
-		UserData: []byte(nat4RuleKey),
-	})
-
-	err = nftablesTestingClient.Flush()
-	require.NoError(t, err, "shouldn't return error")
-
-	pair = routerPair{
-		ID:          "xyz",
-		source:      "fc00::1/128",
-		destination: "fc11::/64",
-		masquerade:  true,
-	}
-
-	sourceExp = generateCIDRMatcherExpressions("source", pair.source)
-	destExp = generateCIDRMatcherExpressions("destination", pair.destination)
-
-	forward6Exp := append(sourceExp, append(destExp, exprCounterAccept...)...)
-	forward6RuleKey := genKey(forwardingFormat, pair.ID)
-	inserted6Forwarding := nftablesTestingClient.InsertRule(&nftables.Rule{
-		Table:    manager.tableIPv6,
-		Chain:    manager.chains[ipv6][nftablesRoutingForwardingChain],
-		Exprs:    forward6Exp,
-		UserData: []byte(forward6RuleKey),
-	})
-
-	nat6Exp := append(sourceExp, append(destExp, &expr.Counter{}, &expr.Masq{})...)
-	nat6RuleKey := genKey(natFormat, pair.ID)
-
-	inserted6Nat := nftablesTestingClient.InsertRule(&nftables.Rule{
-		Table:    manager.tableIPv6,
-		Chain:    manager.chains[ipv6][nftablesRoutingNatChain],
-		Exprs:    nat6Exp,
-		UserData: []byte(nat6RuleKey),
-	})
-
-	err = nftablesTestingClient.Flush()
-	require.NoError(t, err, "shouldn't return error")
-
-	manager.tableIPv4 = nil
-	manager.tableIPv6 = nil
-
-	err = manager.RestoreOrCreateContainers()
-	require.NoError(t, err, "shouldn't return error")
-
-	require.Len(t, manager.chains, 2, "should have created chains for ipv4 and ipv6")
-	require.Len(t, manager.chains[ipv4], 2, "should have created chains for ipv4")
-	require.Len(t, manager.chains[ipv4], 2, "should have created chains for ipv6")
-	require.Len(t, manager.rules, 6, "should have restored all rules for ipv4 and ipv6")
-
-	foundRule, found := manager.rules[forward4RuleKey]
-	require.True(t, found, "forwarding rule should exist in the map")
-	assert.Equal(t, inserted4Forwarding.Exprs, foundRule.Exprs, "stored forwarding rule expressions should match")
-
-	foundRule, found = manager.rules[nat4RuleKey]
-	require.True(t, found, "nat rule should exist in the map")
-	// match len of output as nftables client doesn't return expressions with masquerade expression
-	assert.ElementsMatch(t, inserted4Nat.Exprs[:len(foundRule.Exprs)], foundRule.Exprs, "stored nat rule expressions should match")
-
-	foundRule, found = manager.rules[forward6RuleKey]
-	require.True(t, found, "forwarding rule should exist in the map")
-	assert.Equal(t, inserted6Forwarding.Exprs, foundRule.Exprs, "stored forward rule should match")
-
-	foundRule, found = manager.rules[nat6RuleKey]
-	require.True(t, found, "nat rule should exist in the map")
-	// match len of output as nftables client doesn't return expressions with masquerade expression
-	assert.ElementsMatch(t, inserted6Nat.Exprs[:len(foundRule.Exprs)], foundRule.Exprs, "stored nat rule should match")
-}
-
-func TestNftablesManager_InsertRoutingRules(t *testing.T) {
-
-	for _, testCase := range insertRuleTestCases {
-		t.Run(testCase.name, func(t *testing.T) {
-			ctx, cancel := context.WithCancel(context.TODO())
-
-			manager := &nftablesManager{
-				ctx:    ctx,
-				stop:   cancel,
-				conn:   &nftables.Conn{},
-				chains: make(map[string]map[string]*nftables.Chain),
-				rules:  make(map[string]*nftables.Rule),
-			}
-
-			nftablesTestingClient := &nftables.Conn{}
-
-			defer manager.CleanRoutingRules()
-
-			err := manager.RestoreOrCreateContainers()
-			require.NoError(t, err, "shouldn't return error")
-
-			err = manager.InsertRoutingRules(testCase.inputPair)
-			require.NoError(t, err, "forwarding pair should be inserted")
-
-			sourceExp := generateCIDRMatcherExpressions("source", testCase.inputPair.source)
-			destExp := generateCIDRMatcherExpressions("destination", testCase.inputPair.destination)
-			testingExpression := append(sourceExp, destExp...)
-			fwdRuleKey := genKey(forwardingFormat, testCase.inputPair.ID)
-
-			found := 0
-			for _, registeredChains := range manager.chains {
-				for _, chain := range registeredChains {
-					rules, err := nftablesTestingClient.GetRules(chain.Table, chain)
-					require.NoError(t, err, "should list rules for %s table and %s chain", chain.Table.Name, chain.Name)
-					for _, rule := range rules {
-						if len(rule.UserData) > 0 && string(rule.UserData) == fwdRuleKey {
-							require.ElementsMatchf(t, rule.Exprs[:len(testingExpression)], testingExpression, "forwarding rule elements should match")
-							found = 1
-						}
-					}
-				}
-			}
-
-			require.Equal(t, 1, found, "should find at least 1 rule to test")
-
-			if testCase.inputPair.masquerade {
-				natRuleKey := genKey(natFormat, testCase.inputPair.ID)
-				found := 0
-				for _, registeredChains := range manager.chains {
-					for _, chain := range registeredChains {
-						rules, err := nftablesTestingClient.GetRules(chain.Table, chain)
-						require.NoError(t, err, "should list rules for %s table and %s chain", chain.Table.Name, chain.Name)
-						for _, rule := range rules {
-							if len(rule.UserData) > 0 && string(rule.UserData) == natRuleKey {
-								require.ElementsMatchf(t, rule.Exprs[:len(testingExpression)], testingExpression, "nat rule elements should match")
-								found = 1
-							}
-						}
-					}
-				}
-				require.Equal(t, 1, found, "should find at least 1 rule to test")
-			}
-		})
-	}
-}
-
-func TestNftablesManager_RemoveRoutingRules(t *testing.T) {
-
-	for _, testCase := range removeRuleTestCases {
-		t.Run(testCase.name, func(t *testing.T) {
-			ctx, cancel := context.WithCancel(context.TODO())
-
-			manager := &nftablesManager{
-				ctx:    ctx,
-				stop:   cancel,
-				conn:   &nftables.Conn{},
-				chains: make(map[string]map[string]*nftables.Chain),
-				rules:  make(map[string]*nftables.Rule),
-			}
-
-			nftablesTestingClient := &nftables.Conn{}
-
-			defer manager.CleanRoutingRules()
-
-			err := manager.RestoreOrCreateContainers()
-			require.NoError(t, err, "shouldn't return error")
-
-			table := manager.tableIPv4
-			if testCase.ipVersion == ipv6 {
-				table = manager.tableIPv6
-			}
-
-			sourceExp := generateCIDRMatcherExpressions("source", testCase.inputPair.source)
-			destExp := generateCIDRMatcherExpressions("destination", testCase.inputPair.destination)
-
-			forwardExp := append(sourceExp, append(destExp, exprCounterAccept...)...)
-			forwardRuleKey := genKey(forwardingFormat, testCase.inputPair.ID)
-			insertedForwarding := nftablesTestingClient.InsertRule(&nftables.Rule{
-				Table:    table,
-				Chain:    manager.chains[testCase.ipVersion][nftablesRoutingForwardingChain],
-				Exprs:    forwardExp,
-				UserData: []byte(forwardRuleKey),
-			})
-
-			natExp := append(sourceExp, append(destExp, &expr.Counter{}, &expr.Masq{})...)
-			natRuleKey := genKey(natFormat, testCase.inputPair.ID)
-
-			insertedNat := nftablesTestingClient.InsertRule(&nftables.Rule{
-				Table:    table,
-				Chain:    manager.chains[testCase.ipVersion][nftablesRoutingNatChain],
-				Exprs:    natExp,
-				UserData: []byte(natRuleKey),
-			})
-
-			err = nftablesTestingClient.Flush()
-			require.NoError(t, err, "shouldn't return error")
-
-			manager.tableIPv4 = nil
-			manager.tableIPv6 = nil
-
-			err = manager.RestoreOrCreateContainers()
-			require.NoError(t, err, "shouldn't return error")
-
-			err = manager.RemoveRoutingRules(testCase.inputPair)
-			require.NoError(t, err, "shouldn't return error")
-
-			for _, registeredChains := range manager.chains {
-				for _, chain := range registeredChains {
-					rules, err := nftablesTestingClient.GetRules(chain.Table, chain)
-					require.NoError(t, err, "should list rules for %s table and %s chain", chain.Table.Name, chain.Name)
-					for _, rule := range rules {
-						if len(rule.UserData) > 0 {
-							require.NotEqual(t, insertedForwarding.UserData, rule.UserData, "forwarding rule should exist")
-							require.NotEqual(t, insertedNat.UserData, rule.UserData, "nat rule should exist")
-						}
-					}
-				}
-			}
-		})
-	}
-}
--- a/client/internal/routemanager/server.go
+++ b/client/internal/routemanager/server.go
@@ -1,67 +0,0 @@
-package routemanager
-
-import (
-	"github.com/netbirdio/netbird/route"
-	log "github.com/sirupsen/logrus"
-	"net/netip"
-	"sync"
-)
-
-type serverRouter struct {
-	routes map[string]*route.Route
-	// best effort to keep net forward configuration as it was
-	netForwardHistoryEnabled bool
-	mux                      sync.Mutex
-	firewall                 firewallManager
-}
-
-type routerPair struct {
-	ID          string
-	source      string
-	destination string
-	masquerade  bool
-}
-
-func routeToRouterPair(source string, route *route.Route) routerPair {
-	parsed := netip.MustParsePrefix(source).Masked()
-	return routerPair{
-		ID:          route.ID,
-		source:      parsed.String(),
-		destination: route.Network.Masked().String(),
-		masquerade:  route.Masquerade,
-	}
-}
-
-func (m *DefaultManager) removeFromServerNetwork(route *route.Route) error {
-	select {
-	case <-m.ctx.Done():
-		log.Infof("not removing from server network because context is done")
-		return m.ctx.Err()
-	default:
-		m.serverRouter.mux.Lock()
-		defer m.serverRouter.mux.Unlock()
-		err := m.serverRouter.firewall.RemoveRoutingRules(routeToRouterPair(m.wgInterface.Address.String(), route))
-		if err != nil {
-			return err
-		}
-		delete(m.serverRouter.routes, route.ID)
-		return nil
-	}
-}
-
-func (m *DefaultManager) addToServerNetwork(route *route.Route) error {
-	select {
-	case <-m.ctx.Done():
-		log.Infof("not adding to server network because context is done")
-		return m.ctx.Err()
-	default:
-		m.serverRouter.mux.Lock()
-		defer m.serverRouter.mux.Unlock()
-		err := m.serverRouter.firewall.InsertRoutingRules(routeToRouterPair(m.wgInterface.Address.String(), route))
-		if err != nil {
-			return err
-		}
-		m.serverRouter.routes[route.ID] = route
-		return nil
-	}
-}
--- a/client/internal/routemanager/systemops.go
+++ b/client/internal/routemanager/systemops.go
@@ -1,55 +0,0 @@
-package routemanager
-
-import (
-	"fmt"
-	"github.com/libp2p/go-netroute"
-	log "github.com/sirupsen/logrus"
-	"net"
-	"net/netip"
-)
-
-var errRouteNotFound = fmt.Errorf("route not found")
-
-func addToRouteTableIfNoExists(prefix netip.Prefix, addr string) error {
-	gateway, err := getExistingRIBRouteGateway(netip.MustParsePrefix("0.0.0.0/0"))
-	if err != nil && err != errRouteNotFound {
-		return err
-	}
-	prefixGateway, err := getExistingRIBRouteGateway(prefix)
-	if err != nil && err != errRouteNotFound {
-		return err
-	}
-
-	if prefixGateway != nil && !prefixGateway.Equal(gateway) {
-		log.Warnf("route for network %s already exist and is pointing to the gateway: %s, won't add another one", prefix, prefixGateway)
-		return nil
-	}
-	return addToRouteTable(prefix, addr)
-}
-
-func removeFromRouteTableIfNonSystem(prefix netip.Prefix, addr string) error {
-	addrIP := net.ParseIP(addr)
-	prefixGateway, err := getExistingRIBRouteGateway(prefix)
-	if err != nil {
-		return err
-	}
-	if prefixGateway != nil && !prefixGateway.Equal(addrIP) {
-		log.Warnf("route for network %s is pointing to a different gateway: %s, should be pointing to: %s, not removing", prefix, prefixGateway, addrIP)
-		return nil
-	}
-	return removeFromRouteTable(prefix)
-}
-
-func getExistingRIBRouteGateway(prefix netip.Prefix) (net.IP, error) {
-	r, err := netroute.New()
-	if err != nil {
-		return nil, err
-	}
-	_, _, localGatewayAddress, err := r.Route(prefix.Addr().AsSlice())
-	if err != nil {
-		log.Errorf("getting routes returned an error: %v", err)
-		return nil, errRouteNotFound
-	}
-
-	return localGatewayAddress, nil
-}
--- a/client/internal/routemanager/systemops_linux.go
+++ b/client/internal/routemanager/systemops_linux.go
@@ -1,73 +0,0 @@
-package routemanager
-
-import (
-	"github.com/vishvananda/netlink"
-	"io/ioutil"
-	"net"
-	"net/netip"
-)
-
-const ipv4ForwardingPath = "/proc/sys/net/ipv4/ip_forward"
-
-func addToRouteTable(prefix netip.Prefix, addr string) error {
-	_, ipNet, err := net.ParseCIDR(prefix.String())
-	if err != nil {
-		return err
-	}
-
-	addrMask := "/32"
-	if prefix.Addr().Unmap().Is6() {
-		addrMask = "/128"
-	}
-
-	ip, _, err := net.ParseCIDR(addr + addrMask)
-	if err != nil {
-		return err
-	}
-
-	route := &netlink.Route{
-		Scope: netlink.SCOPE_UNIVERSE,
-		Dst:   ipNet,
-		Gw:    ip,
-	}
-
-	err = netlink.RouteAdd(route)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func removeFromRouteTable(prefix netip.Prefix) error {
-	_, ipNet, err := net.ParseCIDR(prefix.String())
-	if err != nil {
-		return err
-	}
-
-	route := &netlink.Route{
-		Scope: netlink.SCOPE_UNIVERSE,
-		Dst:   ipNet,
-	}
-
-	err = netlink.RouteDel(route)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func enableIPForwarding() error {
-	err := ioutil.WriteFile(ipv4ForwardingPath, []byte("1"), 0644)
-	return err
-}
-
-func isNetForwardHistoryEnabled() bool {
-	out, err := ioutil.ReadFile(ipv4ForwardingPath)
-	if err != nil {
-		// todo
-		panic(err)
-	}
-	return string(out) == "1"
-}
--- a/client/internal/routemanager/systemops_nonlinux.go
+++ b/client/internal/routemanager/systemops_nonlinux.go
@@ -1,41 +0,0 @@
-//go:build !linux
-// +build !linux
-
-package routemanager
-
-import (
-	log "github.com/sirupsen/logrus"
-	"net/netip"
-	"os/exec"
-	"runtime"
-)
-
-func addToRouteTable(prefix netip.Prefix, addr string) error {
-	cmd := exec.Command("route", "add", prefix.String(), addr)
-	out, err := cmd.Output()
-	if err != nil {
-		return err
-	}
-	log.Debugf(string(out))
-	return nil
-}
-
-func removeFromRouteTable(prefix netip.Prefix) error {
-	cmd := exec.Command("route", "delete", prefix.String())
-	out, err := cmd.Output()
-	if err != nil {
-		return err
-	}
-	log.Debugf(string(out))
-	return nil
-}
-
-func enableIPForwarding() error {
-	log.Infof("enable IP forwarding is not implemented on %s", runtime.GOOS)
-	return nil
-}
-
-func isNetForwardHistoryEnabled() bool {
-	log.Infof("check netforwad history is not implemented on %s", runtime.GOOS)
-	return false
-}
--- a/client/internal/routemanager/systemops_test.go
+++ b/client/internal/routemanager/systemops_test.go
@@ -1,68 +0,0 @@
-package routemanager
-
-import (
-	"fmt"
-	"github.com/netbirdio/netbird/iface"
-	"github.com/stretchr/testify/require"
-	"net/netip"
-	"testing"
-)
-
-func TestAddRemoveRoutes(t *testing.T) {
-	testCases := []struct {
-		name                   string
-		prefix                 netip.Prefix
-		shouldRouteToWireguard bool
-		shouldBeRemoved        bool
-	}{
-		{
-			name:                   "Should Add And Remove Route",
-			prefix:                 netip.MustParsePrefix("100.66.120.0/24"),
-			shouldRouteToWireguard: true,
-			shouldBeRemoved:        true,
-		},
-		{
-			name:                   "Should Not Add Or Remove Route",
-			prefix:                 netip.MustParsePrefix("127.0.0.1/32"),
-			shouldRouteToWireguard: false,
-			shouldBeRemoved:        false,
-		},
-	}
-
-	for n, testCase := range testCases {
-		t.Run(testCase.name, func(t *testing.T) {
-			wgInterface, err := iface.NewWGIFace(fmt.Sprintf("utun53%d", n), "100.65.75.2/24", iface.DefaultMTU)
-			require.NoError(t, err, "should create testing WGIface interface")
-			defer wgInterface.Close()
-
-			err = wgInterface.Create()
-			require.NoError(t, err, "should create testing wireguard interface")
-
-			err = addToRouteTableIfNoExists(testCase.prefix, wgInterface.GetAddress().IP.String())
-			require.NoError(t, err, "should not return err")
-
-			prefixGateway, err := getExistingRIBRouteGateway(testCase.prefix)
-			require.NoError(t, err, "should not return err")
-			if testCase.shouldRouteToWireguard {
-				require.Equal(t, wgInterface.GetAddress().IP.String(), prefixGateway.String(), "route should point to wireguard interface IP")
-			} else {
-				require.NotEqual(t, wgInterface.GetAddress().IP.String(), prefixGateway.String(), "route should point to a different interface")
-			}
-
-			err = removeFromRouteTableIfNonSystem(testCase.prefix, wgInterface.GetAddress().IP.String())
-			require.NoError(t, err, "should not return err")
-
-			prefixGateway, err = getExistingRIBRouteGateway(testCase.prefix)
-			require.NoError(t, err, "should not return err")
-
-			internetGateway, err := getExistingRIBRouteGateway(netip.MustParsePrefix("0.0.0.0/0"))
-			require.NoError(t, err)
-
-			if testCase.shouldBeRemoved {
-				require.Equal(t, internetGateway, prefixGateway, "route should be pointing to default internet gateway")
-			} else {
-				require.NotEqual(t, internetGateway, prefixGateway, "route should be pointing to a different gateway than the internet gateway")
-			}
-		})
-	}
-}
--- a/client/main.go
+++ b/client/main.go
@@ -1,8 +1,9 @@
 package main

 import (
-	"github.com/netbirdio/netbird/client/cmd"
 	"os"
+
+	"github.com/netbirdio/netbird/client/cmd"
 )

 func main() {
--- a/client/proto/daemon.pb.go
+++ b/client/proto/daemon.pb.go
@@ -1,16 +1,15 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.26.0
-// 	protoc        v3.12.4
+// 	protoc        v3.19.4
 // source: daemon.proto

 package proto

 import (
-	_ "github.com/golang/protobuf/protoc-gen-go/descriptor"
-	timestamp "github.com/golang/protobuf/ptypes/timestamp"
 	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
 	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	_ "google.golang.org/protobuf/types/descriptorpb"
 	reflect "reflect"
 	sync "sync"
 )
@@ -333,8 +332,6 @@ type StatusRequest struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
-
-	GetFullPeerStatus bool `protobuf:"varint,1,opt,name=getFullPeerStatus,proto3" json:"getFullPeerStatus,omitempty"`
 }

 func (x *StatusRequest) Reset() {
@@ -369,23 +366,13 @@ func (*StatusRequest) Descriptor() ([]byte, []int) {
 	return file_daemon_proto_rawDescGZIP(), []int{6}
 }

-func (x *StatusRequest) GetGetFullPeerStatus() bool {
-	if x != nil {
-		return x.GetFullPeerStatus
-	}
-	return false
-}
-
 type StatusResponse struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields

 	// status of the server.
-	Status     string      `protobuf:"bytes,1,opt,name=status,proto3" json:"status,omitempty"`
-	FullStatus *FullStatus `protobuf:"bytes,2,opt,name=fullStatus,proto3" json:"fullStatus,omitempty"`
-	// NetBird daemon version
-	DaemonVersion string `protobuf:"bytes,3,opt,name=daemonVersion,proto3" json:"daemonVersion,omitempty"`
+	Status string `protobuf:"bytes,1,opt,name=status,proto3" json:"status,omitempty"`
 }

 func (x *StatusResponse) Reset() {
@@ -427,20 +414,6 @@ func (x *StatusResponse) GetStatus() string {
 	return ""
 }

-func (x *StatusResponse) GetFullStatus() *FullStatus {
-	if x != nil {
-		return x.FullStatus
-	}
-	return nil
-}
-
-func (x *StatusResponse) GetDaemonVersion() string {
-	if x != nil {
-		return x.DaemonVersion
-	}
-	return ""
-}
-
 type DownRequest struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -639,470 +612,58 @@ func (x *GetConfigResponse) GetAdminURL() string {
 	return ""
 }

-// PeerState contains the latest state of a peer
-type PeerState struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	IP                     string               `protobuf:"bytes,1,opt,name=IP,proto3" json:"IP,omitempty"`
-	PubKey                 string               `protobuf:"bytes,2,opt,name=pubKey,proto3" json:"pubKey,omitempty"`
-	ConnStatus             string               `protobuf:"bytes,3,opt,name=connStatus,proto3" json:"connStatus,omitempty"`
-	ConnStatusUpdate       *timestamp.Timestamp `protobuf:"bytes,4,opt,name=connStatusUpdate,proto3" json:"connStatusUpdate,omitempty"`
-	Relayed                bool                 `protobuf:"varint,5,opt,name=relayed,proto3" json:"relayed,omitempty"`
-	Direct                 bool                 `protobuf:"varint,6,opt,name=direct,proto3" json:"direct,omitempty"`
-	LocalIceCandidateType  string               `protobuf:"bytes,7,opt,name=localIceCandidateType,proto3" json:"localIceCandidateType,omitempty"`
-	RemoteIceCandidateType string               `protobuf:"bytes,8,opt,name=remoteIceCandidateType,proto3" json:"remoteIceCandidateType,omitempty"`
-}
-
-func (x *PeerState) Reset() {
-	*x = PeerState{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_daemon_proto_msgTypes[12]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *PeerState) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*PeerState) ProtoMessage() {}
-
-func (x *PeerState) ProtoReflect() protoreflect.Message {
-	mi := &file_daemon_proto_msgTypes[12]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use PeerState.ProtoReflect.Descriptor instead.
-func (*PeerState) Descriptor() ([]byte, []int) {
-	return file_daemon_proto_rawDescGZIP(), []int{12}
-}
-
-func (x *PeerState) GetIP() string {
-	if x != nil {
-		return x.IP
-	}
-	return ""
-}
-
-func (x *PeerState) GetPubKey() string {
-	if x != nil {
-		return x.PubKey
-	}
-	return ""
-}
-
-func (x *PeerState) GetConnStatus() string {
-	if x != nil {
-		return x.ConnStatus
-	}
-	return ""
-}
-
-func (x *PeerState) GetConnStatusUpdate() *timestamp.Timestamp {
-	if x != nil {
-		return x.ConnStatusUpdate
-	}
-	return nil
-}
-
-func (x *PeerState) GetRelayed() bool {
-	if x != nil {
-		return x.Relayed
-	}
-	return false
-}
-
-func (x *PeerState) GetDirect() bool {
-	if x != nil {
-		return x.Direct
-	}
-	return false
-}
-
-func (x *PeerState) GetLocalIceCandidateType() string {
-	if x != nil {
-		return x.LocalIceCandidateType
-	}
-	return ""
-}
-
-func (x *PeerState) GetRemoteIceCandidateType() string {
-	if x != nil {
-		return x.RemoteIceCandidateType
-	}
-	return ""
-}
-
-// LocalPeerState contains the latest state of the local peer
-type LocalPeerState struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	IP              string `protobuf:"bytes,1,opt,name=IP,proto3" json:"IP,omitempty"`
-	PubKey          string `protobuf:"bytes,2,opt,name=pubKey,proto3" json:"pubKey,omitempty"`
-	KernelInterface bool   `protobuf:"varint,3,opt,name=kernelInterface,proto3" json:"kernelInterface,omitempty"`
-}
-
-func (x *LocalPeerState) Reset() {
-	*x = LocalPeerState{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_daemon_proto_msgTypes[13]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *LocalPeerState) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*LocalPeerState) ProtoMessage() {}
-
-func (x *LocalPeerState) ProtoReflect() protoreflect.Message {
-	mi := &file_daemon_proto_msgTypes[13]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use LocalPeerState.ProtoReflect.Descriptor instead.
-func (*LocalPeerState) Descriptor() ([]byte, []int) {
-	return file_daemon_proto_rawDescGZIP(), []int{13}
-}
-
-func (x *LocalPeerState) GetIP() string {
-	if x != nil {
-		return x.IP
-	}
-	return ""
-}
-
-func (x *LocalPeerState) GetPubKey() string {
-	if x != nil {
-		return x.PubKey
-	}
-	return ""
-}
-
-func (x *LocalPeerState) GetKernelInterface() bool {
-	if x != nil {
-		return x.KernelInterface
-	}
-	return false
-}
-
-// SignalState contains the latest state of a signal connection
-type SignalState struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	URL       string `protobuf:"bytes,1,opt,name=URL,proto3" json:"URL,omitempty"`
-	Connected bool   `protobuf:"varint,2,opt,name=connected,proto3" json:"connected,omitempty"`
-}
-
-func (x *SignalState) Reset() {
-	*x = SignalState{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_daemon_proto_msgTypes[14]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *SignalState) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*SignalState) ProtoMessage() {}
-
-func (x *SignalState) ProtoReflect() protoreflect.Message {
-	mi := &file_daemon_proto_msgTypes[14]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use SignalState.ProtoReflect.Descriptor instead.
-func (*SignalState) Descriptor() ([]byte, []int) {
-	return file_daemon_proto_rawDescGZIP(), []int{14}
-}
-
-func (x *SignalState) GetURL() string {
-	if x != nil {
-		return x.URL
-	}
-	return ""
-}
-
-func (x *SignalState) GetConnected() bool {
-	if x != nil {
-		return x.Connected
-	}
-	return false
-}
-
-// ManagementState contains the latest state of a management connection
-type ManagementState struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	URL       string `protobuf:"bytes,1,opt,name=URL,proto3" json:"URL,omitempty"`
-	Connected bool   `protobuf:"varint,2,opt,name=connected,proto3" json:"connected,omitempty"`
-}
-
-func (x *ManagementState) Reset() {
-	*x = ManagementState{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_daemon_proto_msgTypes[15]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *ManagementState) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*ManagementState) ProtoMessage() {}
-
-func (x *ManagementState) ProtoReflect() protoreflect.Message {
-	mi := &file_daemon_proto_msgTypes[15]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use ManagementState.ProtoReflect.Descriptor instead.
-func (*ManagementState) Descriptor() ([]byte, []int) {
-	return file_daemon_proto_rawDescGZIP(), []int{15}
-}
-
-func (x *ManagementState) GetURL() string {
-	if x != nil {
-		return x.URL
-	}
-	return ""
-}
-
-func (x *ManagementState) GetConnected() bool {
-	if x != nil {
-		return x.Connected
-	}
-	return false
-}
-
-// FullStatus contains the full state held by the Status instance
-type FullStatus struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	ManagementState *ManagementState `protobuf:"bytes,1,opt,name=managementState,proto3" json:"managementState,omitempty"`
-	SignalState     *SignalState     `protobuf:"bytes,2,opt,name=signalState,proto3" json:"signalState,omitempty"`
-	LocalPeerState  *LocalPeerState  `protobuf:"bytes,3,opt,name=localPeerState,proto3" json:"localPeerState,omitempty"`
-	Peers           []*PeerState     `protobuf:"bytes,4,rep,name=peers,proto3" json:"peers,omitempty"`
-}
-
-func (x *FullStatus) Reset() {
-	*x = FullStatus{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_daemon_proto_msgTypes[16]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *FullStatus) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*FullStatus) ProtoMessage() {}
-
-func (x *FullStatus) ProtoReflect() protoreflect.Message {
-	mi := &file_daemon_proto_msgTypes[16]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use FullStatus.ProtoReflect.Descriptor instead.
-func (*FullStatus) Descriptor() ([]byte, []int) {
-	return file_daemon_proto_rawDescGZIP(), []int{16}
-}
-
-func (x *FullStatus) GetManagementState() *ManagementState {
-	if x != nil {
-		return x.ManagementState
-	}
-	return nil
-}
-
-func (x *FullStatus) GetSignalState() *SignalState {
-	if x != nil {
-		return x.SignalState
-	}
-	return nil
-}
-
-func (x *FullStatus) GetLocalPeerState() *LocalPeerState {
-	if x != nil {
-		return x.LocalPeerState
-	}
-	return nil
-}
-
-func (x *FullStatus) GetPeers() []*PeerState {
-	if x != nil {
-		return x.Peers
-	}
-	return nil
-}
-
 var File_daemon_proto protoreflect.FileDescriptor

 var file_daemon_proto_rawDesc = []byte{
 	0x0a, 0x0c, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x06,
 	0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x1a, 0x20, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70,
 	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74,
-	0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
-	0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74,
-	0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x90, 0x01, 0x0a, 0x0c, 0x4c, 0x6f,
-	0x67, 0x69, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x65,
-	0x74, 0x75, 0x70, 0x4b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x73, 0x65,
-	0x74, 0x75, 0x70, 0x4b, 0x65, 0x79, 0x12, 0x22, 0x0a, 0x0c, 0x70, 0x72, 0x65, 0x53, 0x68, 0x61,
-	0x72, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x70, 0x72,
-	0x65, 0x53, 0x68, 0x61, 0x72, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x12, 0x24, 0x0a, 0x0d, 0x6d, 0x61,
-	0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x55, 0x72, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x0d, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x55, 0x72, 0x6c,
-	0x12, 0x1a, 0x0a, 0x08, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x55, 0x52, 0x4c, 0x18, 0x04, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x08, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x55, 0x52, 0x4c, 0x22, 0xb5, 0x01, 0x0a,
-	0x0d, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x24,
-	0x0a, 0x0d, 0x6e, 0x65, 0x65, 0x64, 0x73, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x6e, 0x65, 0x65, 0x64, 0x73, 0x53, 0x53, 0x4f, 0x4c,
-	0x6f, 0x67, 0x69, 0x6e, 0x12, 0x1a, 0x0a, 0x08, 0x75, 0x73, 0x65, 0x72, 0x43, 0x6f, 0x64, 0x65,
-	0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x43, 0x6f, 0x64, 0x65,
-	0x12, 0x28, 0x0a, 0x0f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x55, 0x52, 0x49, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x76, 0x65, 0x72, 0x69, 0x66,
-	0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x52, 0x49, 0x12, 0x38, 0x0a, 0x17, 0x76, 0x65,
-	0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x52, 0x49, 0x43, 0x6f, 0x6d,
-	0x70, 0x6c, 0x65, 0x74, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x17, 0x76, 0x65, 0x72,
+	0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x90, 0x01, 0x0a, 0x0c, 0x4c, 0x6f, 0x67,
+	0x69, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x65, 0x74,
+	0x75, 0x70, 0x4b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x73, 0x65, 0x74,
+	0x75, 0x70, 0x4b, 0x65, 0x79, 0x12, 0x22, 0x0a, 0x0c, 0x70, 0x72, 0x65, 0x53, 0x68, 0x61, 0x72,
+	0x65, 0x64, 0x4b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x70, 0x72, 0x65,
+	0x53, 0x68, 0x61, 0x72, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x12, 0x24, 0x0a, 0x0d, 0x6d, 0x61, 0x6e,
+	0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x55, 0x72, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x0d, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x55, 0x72, 0x6c, 0x12,
+	0x1a, 0x0a, 0x08, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x55, 0x52, 0x4c, 0x18, 0x04, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x08, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x55, 0x52, 0x4c, 0x22, 0xb5, 0x01, 0x0a, 0x0d,
+	0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x24, 0x0a,
+	0x0d, 0x6e, 0x65, 0x65, 0x64, 0x73, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x6e, 0x65, 0x65, 0x64, 0x73, 0x53, 0x53, 0x4f, 0x4c, 0x6f,
+	0x67, 0x69, 0x6e, 0x12, 0x1a, 0x0a, 0x08, 0x75, 0x73, 0x65, 0x72, 0x43, 0x6f, 0x64, 0x65, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x43, 0x6f, 0x64, 0x65, 0x12,
+	0x28, 0x0a, 0x0f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55,
+	0x52, 0x49, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69,
+	0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x52, 0x49, 0x12, 0x38, 0x0a, 0x17, 0x76, 0x65, 0x72,
 	0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x52, 0x49, 0x43, 0x6f, 0x6d, 0x70,
-	0x6c, 0x65, 0x74, 0x65, 0x22, 0x31, 0x0a, 0x13, 0x57, 0x61, 0x69, 0x74, 0x53, 0x53, 0x4f, 0x4c,
-	0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x75,
-	0x73, 0x65, 0x72, 0x43, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x75,
-	0x73, 0x65, 0x72, 0x43, 0x6f, 0x64, 0x65, 0x22, 0x16, 0x0a, 0x14, 0x57, 0x61, 0x69, 0x74, 0x53,
-	0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22,
-	0x0b, 0x0a, 0x09, 0x55, 0x70, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x0c, 0x0a, 0x0a,
-	0x55, 0x70, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x3d, 0x0a, 0x0d, 0x53, 0x74,
-	0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x2c, 0x0a, 0x11, 0x67,
-	0x65, 0x74, 0x46, 0x75, 0x6c, 0x6c, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x11, 0x67, 0x65, 0x74, 0x46, 0x75, 0x6c, 0x6c, 0x50,
-	0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x22, 0x82, 0x01, 0x0a, 0x0e, 0x53, 0x74,
+	0x6c, 0x65, 0x74, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x17, 0x76, 0x65, 0x72, 0x69,
+	0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x52, 0x49, 0x43, 0x6f, 0x6d, 0x70, 0x6c,
+	0x65, 0x74, 0x65, 0x22, 0x31, 0x0a, 0x13, 0x57, 0x61, 0x69, 0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f,
+	0x67, 0x69, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x75, 0x73,
+	0x65, 0x72, 0x43, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x75, 0x73,
+	0x65, 0x72, 0x43, 0x6f, 0x64, 0x65, 0x22, 0x16, 0x0a, 0x14, 0x57, 0x61, 0x69, 0x74, 0x53, 0x53,
+	0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x0b,
+	0x0a, 0x09, 0x55, 0x70, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x0c, 0x0a, 0x0a, 0x55,
+	0x70, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x0f, 0x0a, 0x0d, 0x53, 0x74, 0x61,
+	0x74, 0x75, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x28, 0x0a, 0x0e, 0x53, 0x74,
 	0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x16, 0x0a, 0x06,
 	0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x74,
-	0x61, 0x74, 0x75, 0x73, 0x12, 0x32, 0x0a, 0x0a, 0x66, 0x75, 0x6c, 0x6c, 0x53, 0x74, 0x61, 0x74,
-	0x75, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f,
-	0x6e, 0x2e, 0x46, 0x75, 0x6c, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x0a, 0x66, 0x75,
-	0x6c, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x24, 0x0a, 0x0d, 0x64, 0x61, 0x65, 0x6d,
-	0x6f, 0x6e, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52,
-	0x0d, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x0d,
-	0x0a, 0x0b, 0x44, 0x6f, 0x77, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x0e, 0x0a,
-	0x0c, 0x44, 0x6f, 0x77, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x12, 0x0a,
-	0x10, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
-	0x74, 0x22, 0xb3, 0x01, 0x0a, 0x11, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52,
-	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x6d, 0x61, 0x6e, 0x61, 0x67,
-	0x65, 0x6d, 0x65, 0x6e, 0x74, 0x55, 0x72, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d,
-	0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x55, 0x72, 0x6c, 0x12, 0x1e, 0x0a,
-	0x0a, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x46, 0x69, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x0a, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x18, 0x0a,
-	0x07, 0x6c, 0x6f, 0x67, 0x46, 0x69, 0x6c, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07,
-	0x6c, 0x6f, 0x67, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x70, 0x72, 0x65, 0x53, 0x68,
-	0x61, 0x72, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x70,
-	0x72, 0x65, 0x53, 0x68, 0x61, 0x72, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x12, 0x1a, 0x0a, 0x08, 0x61,
-	0x64, 0x6d, 0x69, 0x6e, 0x55, 0x52, 0x4c, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x61,
-	0x64, 0x6d, 0x69, 0x6e, 0x55, 0x52, 0x4c, 0x22, 0xbb, 0x02, 0x0a, 0x09, 0x50, 0x65, 0x65, 0x72,
-	0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x49, 0x50, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x02, 0x49, 0x50, 0x12, 0x16, 0x0a, 0x06, 0x70, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x70, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x12, 0x1e, 0x0a,
-	0x0a, 0x63, 0x6f, 0x6e, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x0a, 0x63, 0x6f, 0x6e, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x46, 0x0a,
-	0x10, 0x63, 0x6f, 0x6e, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x55, 0x70, 0x64, 0x61, 0x74,
-	0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
-	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74,
-	0x61, 0x6d, 0x70, 0x52, 0x10, 0x63, 0x6f, 0x6e, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x55,
-	0x70, 0x64, 0x61, 0x74, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x72, 0x65, 0x6c, 0x61, 0x79, 0x65, 0x64,
-	0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x72, 0x65, 0x6c, 0x61, 0x79, 0x65, 0x64, 0x12,
-	0x16, 0x0a, 0x06, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52,
-	0x06, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x12, 0x34, 0x0a, 0x15, 0x6c, 0x6f, 0x63, 0x61, 0x6c,
-	0x49, 0x63, 0x65, 0x43, 0x61, 0x6e, 0x64, 0x69, 0x64, 0x61, 0x74, 0x65, 0x54, 0x79, 0x70, 0x65,
-	0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x15, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x49, 0x63, 0x65,
-	0x43, 0x61, 0x6e, 0x64, 0x69, 0x64, 0x61, 0x74, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x36, 0x0a,
-	0x16, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x49, 0x63, 0x65, 0x43, 0x61, 0x6e, 0x64, 0x69, 0x64,
-	0x61, 0x74, 0x65, 0x54, 0x79, 0x70, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x16, 0x72,
-	0x65, 0x6d, 0x6f, 0x74, 0x65, 0x49, 0x63, 0x65, 0x43, 0x61, 0x6e, 0x64, 0x69, 0x64, 0x61, 0x74,
-	0x65, 0x54, 0x79, 0x70, 0x65, 0x22, 0x62, 0x0a, 0x0e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x50, 0x65,
-	0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x49, 0x50, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x02, 0x49, 0x50, 0x12, 0x16, 0x0a, 0x06, 0x70, 0x75, 0x62, 0x4b, 0x65,
-	0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x70, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x12,
-	0x28, 0x0a, 0x0f, 0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x66, 0x61,
-	0x63, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, 0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c,
-	0x49, 0x6e, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x22, 0x3d, 0x0a, 0x0b, 0x53, 0x69, 0x67,
-	0x6e, 0x61, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x55, 0x52, 0x4c, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x55, 0x52, 0x4c, 0x12, 0x1c, 0x0a, 0x09, 0x63, 0x6f,
-	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x63,
-	0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x65, 0x64, 0x22, 0x41, 0x0a, 0x0f, 0x4d, 0x61, 0x6e, 0x61,
-	0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x55,
-	0x52, 0x4c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x55, 0x52, 0x4c, 0x12, 0x1c, 0x0a,
-	0x09, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08,
-	0x52, 0x09, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x65, 0x64, 0x22, 0xef, 0x01, 0x0a, 0x0a,
-	0x46, 0x75, 0x6c, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x41, 0x0a, 0x0f, 0x6d, 0x61,
-	0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x18, 0x01, 0x20,
-	0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x4d, 0x61, 0x6e,
-	0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0f, 0x6d, 0x61,
-	0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x35, 0x0a,
-	0x0b, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x13, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x53, 0x69, 0x67, 0x6e,
-	0x61, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0b, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x53,
-	0x74, 0x61, 0x74, 0x65, 0x12, 0x3e, 0x0a, 0x0e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x50, 0x65, 0x65,
-	0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x64,
-	0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x50, 0x65, 0x65, 0x72, 0x53,
-	0x74, 0x61, 0x74, 0x65, 0x52, 0x0e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x50, 0x65, 0x65, 0x72, 0x53,
-	0x74, 0x61, 0x74, 0x65, 0x12, 0x27, 0x0a, 0x05, 0x70, 0x65, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20,
-	0x03, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x50, 0x65, 0x65,
-	0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x05, 0x70, 0x65, 0x65, 0x72, 0x73, 0x32, 0xf7, 0x02,
+	0x61, 0x74, 0x75, 0x73, 0x22, 0x0d, 0x0a, 0x0b, 0x44, 0x6f, 0x77, 0x6e, 0x52, 0x65, 0x71, 0x75,
+	0x65, 0x73, 0x74, 0x22, 0x0e, 0x0a, 0x0c, 0x44, 0x6f, 0x77, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f,
+	0x6e, 0x73, 0x65, 0x22, 0x12, 0x0a, 0x10, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0xb3, 0x01, 0x0a, 0x11, 0x47, 0x65, 0x74, 0x43,
+	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x24, 0x0a,
+	0x0d, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x55, 0x72, 0x6c, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74,
+	0x55, 0x72, 0x6c, 0x12, 0x1e, 0x0a, 0x0a, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x46, 0x69, 0x6c,
+	0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x46,
+	0x69, 0x6c, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x6c, 0x6f, 0x67, 0x46, 0x69, 0x6c, 0x65, 0x18, 0x03,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6c, 0x6f, 0x67, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x22, 0x0a,
+	0x0c, 0x70, 0x72, 0x65, 0x53, 0x68, 0x61, 0x72, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x18, 0x04, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x0c, 0x70, 0x72, 0x65, 0x53, 0x68, 0x61, 0x72, 0x65, 0x64, 0x4b, 0x65,
+	0x79, 0x12, 0x1a, 0x0a, 0x08, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x55, 0x52, 0x4c, 0x18, 0x05, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x08, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x55, 0x52, 0x4c, 0x32, 0xf7, 0x02,
 	0x0a, 0x0d, 0x44, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12,
 	0x36, 0x0a, 0x05, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x12, 0x14, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f,
 	0x6e, 0x2e, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x15,
@@ -1142,7 +703,7 @@ func file_daemon_proto_rawDescGZIP() []byte {
 	return file_daemon_proto_rawDescData
 }

-var file_daemon_proto_msgTypes = make([]protoimpl.MessageInfo, 17)
+var file_daemon_proto_msgTypes = make([]protoimpl.MessageInfo, 12)
 var file_daemon_proto_goTypes = []interface{}{
 	(*LoginRequest)(nil),         // 0: daemon.LoginRequest
 	(*LoginResponse)(nil),        // 1: daemon.LoginResponse
@@ -1156,37 +717,25 @@ var file_daemon_proto_goTypes = []interface{}{
 	(*DownResponse)(nil),         // 9: daemon.DownResponse
 	(*GetConfigRequest)(nil),     // 10: daemon.GetConfigRequest
 	(*GetConfigResponse)(nil),    // 11: daemon.GetConfigResponse
-	(*PeerState)(nil),            // 12: daemon.PeerState
-	(*LocalPeerState)(nil),       // 13: daemon.LocalPeerState
-	(*SignalState)(nil),          // 14: daemon.SignalState
-	(*ManagementState)(nil),      // 15: daemon.ManagementState
-	(*FullStatus)(nil),           // 16: daemon.FullStatus
-	(*timestamp.Timestamp)(nil),  // 17: google.protobuf.Timestamp
 }
 var file_daemon_proto_depIdxs = []int32{
-	16, // 0: daemon.StatusResponse.fullStatus:type_name -> daemon.FullStatus
-	17, // 1: daemon.PeerState.connStatusUpdate:type_name -> google.protobuf.Timestamp
-	15, // 2: daemon.FullStatus.managementState:type_name -> daemon.ManagementState
-	14, // 3: daemon.FullStatus.signalState:type_name -> daemon.SignalState
-	13, // 4: daemon.FullStatus.localPeerState:type_name -> daemon.LocalPeerState
-	12, // 5: daemon.FullStatus.peers:type_name -> daemon.PeerState
-	0,  // 6: daemon.DaemonService.Login:input_type -> daemon.LoginRequest
-	2,  // 7: daemon.DaemonService.WaitSSOLogin:input_type -> daemon.WaitSSOLoginRequest
-	4,  // 8: daemon.DaemonService.Up:input_type -> daemon.UpRequest
-	6,  // 9: daemon.DaemonService.Status:input_type -> daemon.StatusRequest
-	8,  // 10: daemon.DaemonService.Down:input_type -> daemon.DownRequest
-	10, // 11: daemon.DaemonService.GetConfig:input_type -> daemon.GetConfigRequest
-	1,  // 12: daemon.DaemonService.Login:output_type -> daemon.LoginResponse
-	3,  // 13: daemon.DaemonService.WaitSSOLogin:output_type -> daemon.WaitSSOLoginResponse
-	5,  // 14: daemon.DaemonService.Up:output_type -> daemon.UpResponse
-	7,  // 15: daemon.DaemonService.Status:output_type -> daemon.StatusResponse
-	9,  // 16: daemon.DaemonService.Down:output_type -> daemon.DownResponse
-	11, // 17: daemon.DaemonService.GetConfig:output_type -> daemon.GetConfigResponse
-	12, // [12:18] is the sub-list for method output_type
-	6,  // [6:12] is the sub-list for method input_type
-	6,  // [6:6] is the sub-list for extension type_name
-	6,  // [6:6] is the sub-list for extension extendee
-	0,  // [0:6] is the sub-list for field type_name
+	0,  // 0: daemon.DaemonService.Login:input_type -> daemon.LoginRequest
+	2,  // 1: daemon.DaemonService.WaitSSOLogin:input_type -> daemon.WaitSSOLoginRequest
+	4,  // 2: daemon.DaemonService.Up:input_type -> daemon.UpRequest
+	6,  // 3: daemon.DaemonService.Status:input_type -> daemon.StatusRequest
+	8,  // 4: daemon.DaemonService.Down:input_type -> daemon.DownRequest
+	10, // 5: daemon.DaemonService.GetConfig:input_type -> daemon.GetConfigRequest
+	1,  // 6: daemon.DaemonService.Login:output_type -> daemon.LoginResponse
+	3,  // 7: daemon.DaemonService.WaitSSOLogin:output_type -> daemon.WaitSSOLoginResponse
+	5,  // 8: daemon.DaemonService.Up:output_type -> daemon.UpResponse
+	7,  // 9: daemon.DaemonService.Status:output_type -> daemon.StatusResponse
+	9,  // 10: daemon.DaemonService.Down:output_type -> daemon.DownResponse
+	11, // 11: daemon.DaemonService.GetConfig:output_type -> daemon.GetConfigResponse
+	6,  // [6:12] is the sub-list for method output_type
+	0,  // [0:6] is the sub-list for method input_type
+	0,  // [0:0] is the sub-list for extension type_name
+	0,  // [0:0] is the sub-list for extension extendee
+	0,  // [0:0] is the sub-list for field type_name
 }

 func init() { file_daemon_proto_init() }
@@ -1339,66 +888,6 @@ func file_daemon_proto_init() {
 				return nil
 			}
 		}
-		file_daemon_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*PeerState); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_daemon_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*LocalPeerState); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_daemon_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*SignalState); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_daemon_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ManagementState); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_daemon_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*FullStatus); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
 	}
 	type x struct{}
 	out := protoimpl.TypeBuilder{
@@ -1406,7 +895,7 @@ func file_daemon_proto_init() {
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_daemon_proto_rawDesc,
 			NumEnums:      0,
-			NumMessages:   17,
+			NumMessages:   12,
 			NumExtensions: 0,
 			NumServices:   1,
 		},
--- a/client/proto/daemon.proto
+++ b/client/proto/daemon.proto
@@ -1,7 +1,6 @@
 syntax = "proto3";

 import "google/protobuf/descriptor.proto";
-import "google/protobuf/timestamp.proto";

 option go_package = "/proto";

@@ -60,16 +59,11 @@ message UpRequest {}

 message UpResponse {}

-message StatusRequest{
-  bool getFullPeerStatus = 1;
-}
+message StatusRequest{}

 message StatusResponse{
  // status of the server.
  string status = 1;
-  FullStatus fullStatus = 2;
-  // NetBird daemon version
-  string daemonVersion = 3;
 }

 message DownRequest {}
@@ -94,41 +88,3 @@ message GetConfigResponse {
  // adminURL settings value.
  string adminURL = 5;
 }
-
-// PeerState contains the latest state of a peer
-message PeerState {
-  string IP = 1;
-  string pubKey = 2;
-  string connStatus = 3;
-  google.protobuf.Timestamp connStatusUpdate = 4;
-  bool relayed = 5;
-  bool direct = 6;
-  string localIceCandidateType = 7;
-  string remoteIceCandidateType =8;
-}
-
-// LocalPeerState contains the latest state of the local peer
-message LocalPeerState {
-  string IP = 1;
-  string pubKey = 2;
-  bool  kernelInterface =3;
-}
-
-// SignalState contains the latest state of a signal connection
-message SignalState {
-  string URL = 1;
-  bool connected = 2;
-}
-
-// ManagementState contains the latest state of a management connection
-message ManagementState {
-  string URL = 1;
-  bool connected = 2;
-}
-// FullStatus contains the full state held by the Status instance
-message FullStatus {
-    ManagementState managementState = 1;
-    SignalState     signalState = 2;
-    LocalPeerState  localPeerState = 3;
-    repeated PeerState peers = 4;
-}
--- a/client/server/server.go
+++ b/client/server/server.go
@@ -3,9 +3,6 @@ package server
 import (
 	"context"
 	"fmt"
-	nbStatus "github.com/netbirdio/netbird/client/status"
-	"github.com/netbirdio/netbird/client/system"
-	"google.golang.org/protobuf/types/known/timestamppb"
 	"sync"
 	"time"

@@ -34,8 +31,6 @@ type Server struct {
 	mutex  sync.Mutex
 	config *internal.Config
 	proto.UnimplementedDaemonServiceServer
-
-	statusRecorder *nbStatus.Status
 }

 type oauthAuthFlow struct {
@@ -57,8 +52,6 @@ func New(ctx context.Context, managementURL, adminURL, configPath, logFile strin
 }

 func (s *Server) Start() error {
-	s.mutex.Lock()
-	defer s.mutex.Unlock()
 	state := internal.CtxGetState(s.rootCtx)

 	// if current state contains any error, return it
@@ -93,16 +86,11 @@ func (s *Server) Start() error {
 	}

 	// if configuration exists, we just start connections.
-	config, _ = internal.UpdateOldManagementPort(ctx, config, s.configPath)

 	s.config = config

-	if s.statusRecorder == nil {
-		s.statusRecorder = nbStatus.NewRecorder()
-	}
-
 	go func() {
-		if err := internal.RunClient(ctx, config, s.statusRecorder); err != nil {
+		if err := internal.RunClient(ctx, config); err != nil {
 			log.Errorf("init connections: %v", err)
 		}
 	}()
@@ -170,12 +158,6 @@ func (s *Server) Login(callerCtx context.Context, msg *proto.LoginRequest) (*pro
 		return nil, err
 	}

-	if msg.ManagementUrl == "" {
-		config, _ = internal.UpdateOldManagementPort(ctx, config, s.configPath)
-		s.config = config
-		s.managementURL = config.ManagementURL.String()
-	}
-
 	s.mutex.Lock()
 	s.config = config
 	s.mutex.Unlock()
@@ -208,8 +190,7 @@ func (s *Server) Login(callerCtx context.Context, msg *proto.LoginRequest) (*pro
 		hostedClient := internal.NewHostedDeviceFlow(
 			providerConfig.ProviderConfig.Audience,
 			providerConfig.ProviderConfig.ClientID,
-			providerConfig.ProviderConfig.TokenEndpoint,
-			providerConfig.ProviderConfig.DeviceAuthEndpoint,
+			providerConfig.ProviderConfig.Domain,
 		)

 		if s.oauthAuthFlow.client != nil && s.oauthAuthFlow.client.GetClientID(ctx) == hostedClient.GetClientID(context.TODO()) {
@@ -322,10 +303,6 @@ func (s *Server) WaitSSOLogin(callerCtx context.Context, msg *proto.WaitSSOLogin
 		return nil, err
 	}

-	s.mutex.Lock()
-	s.oauthAuthFlow.expiresAt = time.Now()
-	s.mutex.Unlock()
-
 	if loginStatus, err := s.loginAttempt(ctx, "", tokenInfo.AccessToken); err != nil {
 		state.Set(loginStatus)
 		return nil, err
@@ -369,12 +346,8 @@ func (s *Server) Up(callerCtx context.Context, msg *proto.UpRequest) (*proto.UpR
 		return nil, fmt.Errorf("config is not defined, please call login command first")
 	}

-	if s.statusRecorder == nil {
-		s.statusRecorder = nbStatus.NewRecorder()
-	}
-
 	go func() {
-		if err := internal.RunClient(ctx, s.config, s.statusRecorder); err != nil {
+		if err := internal.RunClient(ctx, s.config); err != nil {
 			log.Errorf("run client connection: %v", state.Wrap(err))
 			return
 		}
@@ -398,7 +371,7 @@ func (s *Server) Down(ctx context.Context, msg *proto.DownRequest) (*proto.DownR

 // Status starts engine work in the daemon.
 func (s *Server) Status(
-	_ context.Context,
+	ctx context.Context,
 	msg *proto.StatusRequest,
 ) (*proto.StatusResponse, error) {
 	s.mutex.Lock()
@@ -409,19 +382,7 @@ func (s *Server) Status(
 		return nil, err
 	}

-	statusResponse := proto.StatusResponse{Status: string(status), DaemonVersion: system.NetbirdVersion()}
-
-	if s.statusRecorder == nil {
-		s.statusRecorder = nbStatus.NewRecorder()
-	}
-
-	if msg.GetFullPeerStatus {
-		fullStatus := s.statusRecorder.GetFullStatus()
-		pbFullStatus := toProtoFullStatus(fullStatus)
-		statusResponse.FullStatus = pbFullStatus
-	}
-
-	return &statusResponse, nil
+	return &proto.StatusResponse{Status: string(status)}, nil
 }

 // GetConfig of the daemon.
@@ -457,37 +418,3 @@ func (s *Server) GetConfig(ctx context.Context, msg *proto.GetConfigRequest) (*p
 		PreSharedKey:  preSharedKey,
 	}, nil
 }
-
-func toProtoFullStatus(fullStatus nbStatus.FullStatus) *proto.FullStatus {
-	pbFullStatus := proto.FullStatus{
-		ManagementState: &proto.ManagementState{},
-		SignalState:     &proto.SignalState{},
-		LocalPeerState:  &proto.LocalPeerState{},
-		Peers:           []*proto.PeerState{},
-	}
-
-	pbFullStatus.ManagementState.URL = fullStatus.ManagementState.URL
-	pbFullStatus.ManagementState.Connected = fullStatus.ManagementState.Connected
-
-	pbFullStatus.SignalState.URL = fullStatus.SignalState.URL
-	pbFullStatus.SignalState.Connected = fullStatus.SignalState.Connected
-
-	pbFullStatus.LocalPeerState.IP = fullStatus.LocalPeerState.IP
-	pbFullStatus.LocalPeerState.PubKey = fullStatus.LocalPeerState.PubKey
-	pbFullStatus.LocalPeerState.KernelInterface = fullStatus.LocalPeerState.KernelInterface
-
-	for _, peerState := range fullStatus.Peers {
-		pbPeerState := &proto.PeerState{
-			IP:                     peerState.IP,
-			PubKey:                 peerState.PubKey,
-			ConnStatus:             peerState.ConnStatus,
-			ConnStatusUpdate:       timestamppb.New(peerState.ConnStatusUpdate),
-			Relayed:                peerState.Relayed,
-			Direct:                 peerState.Direct,
-			LocalIceCandidateType:  peerState.LocalIceCandidateType,
-			RemoteIceCandidateType: peerState.RemoteIceCandidateType,
-		}
-		pbFullStatus.Peers = append(pbFullStatus.Peers, pbPeerState)
-	}
-	return &pbFullStatus
-}
--- a/client/ssh/client.go
+++ b/client/ssh/client.go
@@ -1,116 +0,0 @@
-package ssh
-
-import (
-	"fmt"
-	"golang.org/x/crypto/ssh"
-	"golang.org/x/term"
-	"net"
-	"os"
-	"time"
-)
-
-// Client wraps crypto/ssh Client to simplify usage
-type Client struct {
-	client *ssh.Client
-}
-
-// Close closes the wrapped SSH Client
-func (c *Client) Close() error {
-	return c.client.Close()
-}
-
-// OpenTerminal starts an interactive terminal session with the remote SSH server
-func (c *Client) OpenTerminal() error {
-	session, err := c.client.NewSession()
-	if err != nil {
-		return fmt.Errorf("failed to open new session: %v", err)
-	}
-	defer func() {
-		err := session.Close()
-		if err != nil {
-			return
-		}
-	}()
-
-	fd := int(os.Stdout.Fd())
-	state, err := term.MakeRaw(fd)
-	if err != nil {
-		return fmt.Errorf("failed to run raw terminal: %s", err)
-	}
-	defer func() {
-		err := term.Restore(fd, state)
-		if err != nil {
-			return
-		}
-	}()
-
-	w, h, err := term.GetSize(fd)
-	if err != nil {
-		return fmt.Errorf("terminal get size: %s", err)
-	}
-
-	modes := ssh.TerminalModes{
-		ssh.ECHO:          1,
-		ssh.TTY_OP_ISPEED: 14400,
-		ssh.TTY_OP_OSPEED: 14400,
-	}
-
-	terminal := os.Getenv("TERM")
-	if terminal == "" {
-		terminal = "xterm-256color"
-	}
-	if err := session.RequestPty(terminal, h, w, modes); err != nil {
-		return fmt.Errorf("failed requesting pty session with xterm: %s", err)
-	}
-
-	session.Stdout = os.Stdout
-	session.Stderr = os.Stderr
-	session.Stdin = os.Stdin
-
-	if err := session.Shell(); err != nil {
-		return fmt.Errorf("failed to start login shell on the remote host: %s", err)
-	}
-
-	if err := session.Wait(); err != nil {
-		if e, ok := err.(*ssh.ExitError); ok {
-			switch e.ExitStatus() {
-			case 130:
-				return nil
-			}
-		}
-		return fmt.Errorf("failed running SSH session: %s", err)
-	}
-
-	return nil
-}
-
-// DialWithKey connects to the remote SSH server with a provided private key file (PEM).
-func DialWithKey(addr, user string, privateKey []byte) (*Client, error) {
-
-	signer, err := ssh.ParsePrivateKey(privateKey)
-	if err != nil {
-		return nil, err
-	}
-
-	config := &ssh.ClientConfig{
-		User:    user,
-		Timeout: 5 * time.Second,
-		Auth: []ssh.AuthMethod{
-			ssh.PublicKeys(signer),
-		},
-		HostKeyCallback: ssh.HostKeyCallback(func(hostname string, remote net.Addr, key ssh.PublicKey) error { return nil }),
-	}
-
-	return Dial("tcp", addr, config)
-}
-
-// Dial connects to the remote SSH server.
-func Dial(network, addr string, config *ssh.ClientConfig) (*Client, error) {
-	client, err := ssh.Dial(network, addr, config)
-	if err != nil {
-		return nil, err
-	}
-	return &Client{
-		client: client,
-	}, nil
-}
--- a/client/ssh/login.go
+++ b/client/ssh/login.go
@@ -1,36 +0,0 @@
-package ssh
-
-import (
-	"fmt"
-	"github.com/netbirdio/netbird/util"
-	"net"
-	"net/netip"
-	"os/exec"
-	"runtime"
-)
-
-func getLoginCmd(user string, remoteAddr net.Addr) (loginPath string, args []string, err error) {
-	loginPath, err = exec.LookPath("login")
-	if err != nil {
-		return "", nil, err
-	}
-
-	addrPort, err := netip.ParseAddrPort(remoteAddr.String())
-	if err != nil {
-		return "", nil, err
-	}
-
-	if runtime.GOOS == "linux" {
-
-		if util.FileExists("/etc/arch-release") && !util.FileExists("/etc/pam.d/remote") {
-			// detect if Arch Linux
-			return loginPath, []string{"-f", user, "-p"}, nil
-		}
-
-		return loginPath, []string{"-f", user, "-h", addrPort.Addr().String(), "-p"}, nil
-	} else if runtime.GOOS == "darwin" {
-		return loginPath, []string{"-fp", "-h", addrPort.Addr().String(), user}, nil
-	}
-
-	return "", nil, fmt.Errorf("unsupported platform")
-}
--- a/client/ssh/lookup.go
+++ b/client/ssh/lookup.go
@@ -1,10 +0,0 @@
-//go:build !darwin
-// +build !darwin
-
-package ssh
-
-import "os/user"
-
-func userNameLookup(username string) (*user.User, error) {
-	return user.Lookup(username)
-}
--- a/client/ssh/lookup_darwin.go
+++ b/client/ssh/lookup_darwin.go
@@ -1,47 +0,0 @@
-//go:build darwin
-// +build darwin
-
-package ssh
-
-import (
-	"bytes"
-	"fmt"
-	"os/exec"
-	"os/user"
-	"strings"
-)
-
-func userNameLookup(username string) (*user.User, error) {
-	var userObject *user.User
-	userObject, err := user.Lookup(username)
-	if err != nil && err.Error() == user.UnknownUserError(username).Error() {
-		return idUserNameLookup(username)
-	} else if err != nil {
-		return nil, err
-	}
-
-	return userObject, nil
-}
-
-func idUserNameLookup(username string) (*user.User, error) {
-	cmd := exec.Command("id", "-P", username)
-	out, err := cmd.CombinedOutput()
-	if err != nil {
-		return nil, fmt.Errorf("error while retrieving user with id -P command, error: %v", err)
-	}
-	colon := ":"
-
-	if !bytes.Contains(out, []byte(username+colon)) {
-		return nil, fmt.Errorf("unable to find user in returned string")
-	}
-	// netbird:********:501:20::0:0:netbird:/Users/netbird:/bin/zsh
-	parts := strings.SplitN(string(out), colon, 10)
-	userObject := &user.User{
-		Username: parts[0],
-		Uid:      parts[2],
-		Gid:      parts[3],
-		Name:     parts[7],
-		HomeDir:  parts[8],
-	}
-	return userObject, nil
-}
--- a/client/ssh/server.go
+++ b/client/ssh/server.go
@@ -1,250 +0,0 @@
-package ssh
-
-import (
-	"fmt"
-	"github.com/creack/pty"
-	"github.com/gliderlabs/ssh"
-	log "github.com/sirupsen/logrus"
-	"io"
-	"net"
-	"os"
-	"os/exec"
-	"os/user"
-	"runtime"
-	"strings"
-	"sync"
-)
-
-// DefaultSSHPort is the default SSH port of the NetBird's embedded SSH server
-const DefaultSSHPort = 44338
-
-// DefaultSSHServer is a function that creates DefaultServer
-func DefaultSSHServer(hostKeyPEM []byte, addr string) (Server, error) {
-	return newDefaultServer(hostKeyPEM, addr)
-}
-
-// Server is an interface of SSH server
-type Server interface {
-	// Stop stops SSH server.
-	Stop() error
-	// Start starts SSH server. Blocking
-	Start() error
-	// RemoveAuthorizedKey removes SSH key of a given peer from the authorized keys
-	RemoveAuthorizedKey(peer string)
-	// AddAuthorizedKey add a given peer key to server authorized keys
-	AddAuthorizedKey(peer, newKey string) error
-}
-
-// DefaultServer is the embedded NetBird SSH server
-type DefaultServer struct {
-	listener net.Listener
-	// authorizedKeys is ssh pub key indexed by peer WireGuard public key
-	authorizedKeys map[string]ssh.PublicKey
-	mu             sync.Mutex
-	hostKeyPEM     []byte
-	sessions       []ssh.Session
-}
-
-// newDefaultServer creates new server with provided host key
-func newDefaultServer(hostKeyPEM []byte, addr string) (*DefaultServer, error) {
-	ln, err := net.Listen("tcp", addr)
-	if err != nil {
-		return nil, err
-	}
-	allowedKeys := make(map[string]ssh.PublicKey)
-	return &DefaultServer{listener: ln, mu: sync.Mutex{}, hostKeyPEM: hostKeyPEM, authorizedKeys: allowedKeys, sessions: make([]ssh.Session, 0)}, nil
-}
-
-// RemoveAuthorizedKey removes SSH key of a given peer from the authorized keys
-func (srv *DefaultServer) RemoveAuthorizedKey(peer string) {
-	srv.mu.Lock()
-	defer srv.mu.Unlock()
-
-	delete(srv.authorizedKeys, peer)
-}
-
-// AddAuthorizedKey add a given peer key to server authorized keys
-func (srv *DefaultServer) AddAuthorizedKey(peer, newKey string) error {
-	srv.mu.Lock()
-	defer srv.mu.Unlock()
-
-	parsedKey, _, _, _, err := ssh.ParseAuthorizedKey([]byte(newKey))
-	if err != nil {
-		return err
-	}
-
-	srv.authorizedKeys[peer] = parsedKey
-	return nil
-}
-
-// Stop stops SSH server.
-func (srv *DefaultServer) Stop() error {
-	srv.mu.Lock()
-	defer srv.mu.Unlock()
-	err := srv.listener.Close()
-	if err != nil {
-		return err
-	}
-	for _, session := range srv.sessions {
-		err := session.Close()
-		if err != nil {
-			log.Warnf("failed closing SSH session from %v", err)
-		}
-	}
-
-	return nil
-}
-
-func (srv *DefaultServer) publicKeyHandler(ctx ssh.Context, key ssh.PublicKey) bool {
-	srv.mu.Lock()
-	defer srv.mu.Unlock()
-
-	for _, allowed := range srv.authorizedKeys {
-		if ssh.KeysEqual(allowed, key) {
-			return true
-		}
-	}
-
-	return false
-}
-
-func prepareUserEnv(user *user.User, shell string) []string {
-	return []string{
-		fmt.Sprintf("SHELL=" + shell),
-		fmt.Sprintf("USER=" + user.Username),
-		fmt.Sprintf("HOME=" + user.HomeDir),
-	}
-}
-
-func acceptEnv(s string) bool {
-	split := strings.Split(s, "=")
-	if len(split) != 2 {
-		return false
-	}
-	return split[0] == "TERM" || split[0] == "LANG" || strings.HasPrefix(split[0], "LC_")
-}
-
-// sessionHandler handles SSH session post auth
-func (srv *DefaultServer) sessionHandler(session ssh.Session) {
-	srv.mu.Lock()
-	srv.sessions = append(srv.sessions, session)
-	srv.mu.Unlock()
-
-	defer func() {
-		err := session.Close()
-		if err != nil {
-			return
-		}
-	}()
-
-	localUser, err := userNameLookup(session.User())
-	if err != nil {
-		_, err = fmt.Fprintf(session, "remote SSH server couldn't find local user %s\n", session.User()) //nolint
-		err = session.Exit(1)
-		if err != nil {
-			return
-		}
-		log.Warnf("failed SSH session from %v, user %s", session.RemoteAddr(), session.User())
-		return
-	}
-
-	ptyReq, winCh, isPty := session.Pty()
-	if isPty {
-		loginCmd, loginArgs, err := getLoginCmd(localUser.Username, session.RemoteAddr())
-		if err != nil {
-			log.Warnf("failed logging-in user %s from remote IP %s", localUser.Username, session.RemoteAddr().String())
-			return
-		}
-		cmd := exec.Command(loginCmd, loginArgs...)
-		go func() {
-			<-session.Context().Done()
-			err := cmd.Process.Kill()
-			if err != nil {
-				return
-			}
-		}()
-		cmd.Dir = localUser.HomeDir
-		cmd.Env = append(cmd.Env, fmt.Sprintf("TERM=%s", ptyReq.Term))
-		cmd.Env = append(cmd.Env, prepareUserEnv(localUser, getUserShell(localUser.Uid))...)
-		for _, v := range session.Environ() {
-			if acceptEnv(v) {
-				cmd.Env = append(cmd.Env, v)
-			}
-		}
-
-		file, err := pty.Start(cmd)
-		if err != nil {
-			log.Errorf("failed starting SSH server %v", err)
-		}
-
-		go func() {
-			for win := range winCh {
-				setWinSize(file, win.Width, win.Height)
-			}
-		}()
-
-		srv.stdInOut(file, session)
-
-		err = cmd.Wait()
-		if err != nil {
-			return
-		}
-	} else {
-		_, err := io.WriteString(session, "only PTY is supported.\n")
-		if err != nil {
-			return
-		}
-		err = session.Exit(1)
-		if err != nil {
-			return
-		}
-	}
-}
-
-func (srv *DefaultServer) stdInOut(file *os.File, session ssh.Session) {
-	go func() {
-		// stdin
-		_, err := io.Copy(file, session)
-		if err != nil {
-			return
-		}
-	}()
-
-	go func() {
-		// stdout
-		_, err := io.Copy(session, file)
-		if err != nil {
-			return
-		}
-	}()
-}
-
-// Start starts SSH server. Blocking
-func (srv *DefaultServer) Start() error {
-	log.Infof("starting SSH server on addr: %s", srv.listener.Addr().String())
-
-	publicKeyOption := ssh.PublicKeyAuth(srv.publicKeyHandler)
-	hostKeyPEM := ssh.HostKeyPEM(srv.hostKeyPEM)
-	err := ssh.Serve(srv.listener, srv.sessionHandler, publicKeyOption, hostKeyPEM)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func getUserShell(userID string) string {
-	if runtime.GOOS == "linux" {
-		output, _ := exec.Command("getent", "passwd", userID).Output()
-		line := strings.SplitN(string(output), ":", 10)
-		if len(line) > 6 {
-			return strings.TrimSpace(line[6])
-		}
-	}
-
-	shell := os.Getenv("SHELL")
-	if shell == "" {
-		shell = "/bin/sh"
-	}
-	return shell
-}
--- a/client/ssh/server_mock.go
+++ b/client/ssh/server_mock.go
@@ -1,44 +0,0 @@
-package ssh
-
-import "context"
-
-// MockServer mocks ssh.Server
-type MockServer struct {
-	Ctx                     context.Context
-	StopFunc                func() error
-	StartFunc               func() error
-	AddAuthorizedKeyFunc    func(peer, newKey string) error
-	RemoveAuthorizedKeyFunc func(peer string)
-}
-
-// RemoveAuthorizedKey removes SSH key of a given peer from the authorized keys
-func (srv *MockServer) RemoveAuthorizedKey(peer string) {
-	if srv.RemoveAuthorizedKeyFunc == nil {
-		return
-	}
-	srv.RemoveAuthorizedKeyFunc(peer)
-}
-
-// AddAuthorizedKey add a given peer key to server authorized keys
-func (srv *MockServer) AddAuthorizedKey(peer, newKey string) error {
-	if srv.AddAuthorizedKeyFunc == nil {
-		return nil
-	}
-	return srv.AddAuthorizedKeyFunc(peer, newKey)
-}
-
-// Stop stops SSH server.
-func (srv *MockServer) Stop() error {
-	if srv.StopFunc == nil {
-		return nil
-	}
-	return srv.StopFunc()
-}
-
-// Start starts SSH server. Blocking
-func (srv *MockServer) Start() error {
-	if srv.StartFunc == nil {
-		return nil
-	}
-	return srv.StartFunc()
-}
--- a/client/ssh/server_test.go
+++ b/client/ssh/server_test.go
@@ -1,121 +0,0 @@
-package ssh
-
-import (
-	"fmt"
-	"github.com/stretchr/testify/assert"
-	"golang.org/x/crypto/ssh"
-	"strings"
-	"testing"
-)
-
-func TestServer_AddAuthorizedKey(t *testing.T) {
-	key, err := GeneratePrivateKey(ED25519)
-	if err != nil {
-		t.Fatal(err)
-	}
-	server, err := newDefaultServer(key, "localhost:")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	// add multiple keys
-	keys := map[string][]byte{}
-	for i := 0; i < 10; i++ {
-		peer := fmt.Sprintf("%s-%d", "remotePeer", i)
-		remotePrivKey, err := GeneratePrivateKey(ED25519)
-		if err != nil {
-			t.Fatal(err)
-		}
-		remotePubKey, err := GeneratePublicKey(remotePrivKey)
-		if err != nil {
-			t.Fatal(err)
-		}
-
-		err = server.AddAuthorizedKey(peer, string(remotePubKey))
-		if err != nil {
-			t.Error(err)
-		}
-		keys[peer] = remotePubKey
-	}
-
-	// make sure that all keys have been added
-	for peer, remotePubKey := range keys {
-		k, ok := server.authorizedKeys[peer]
-		assert.True(t, ok, "expecting remotePeer key to be found in authorizedKeys")
-
-		assert.Equal(t, string(remotePubKey), strings.TrimSpace(string(ssh.MarshalAuthorizedKey(k))))
-	}
-
-}
-
-func TestServer_RemoveAuthorizedKey(t *testing.T) {
-	key, err := GeneratePrivateKey(ED25519)
-	if err != nil {
-		t.Fatal(err)
-	}
-	server, err := newDefaultServer(key, "localhost:")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	remotePrivKey, err := GeneratePrivateKey(ED25519)
-	if err != nil {
-		t.Fatal(err)
-	}
-	remotePubKey, err := GeneratePublicKey(remotePrivKey)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	err = server.AddAuthorizedKey("remotePeer", string(remotePubKey))
-	if err != nil {
-		t.Error(err)
-	}
-
-	server.RemoveAuthorizedKey("remotePeer")
-
-	_, ok := server.authorizedKeys["remotePeer"]
-	assert.False(t, ok, "expecting remotePeer's SSH key to be removed")
-}
-
-func TestServer_PubKeyHandler(t *testing.T) {
-	key, err := GeneratePrivateKey(ED25519)
-	if err != nil {
-		t.Fatal(err)
-	}
-	server, err := newDefaultServer(key, "localhost:")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	var keys []ssh.PublicKey
-	for i := 0; i < 10; i++ {
-		peer := fmt.Sprintf("%s-%d", "remotePeer", i)
-		remotePrivKey, err := GeneratePrivateKey(ED25519)
-		if err != nil {
-			t.Fatal(err)
-		}
-		remotePubKey, err := GeneratePublicKey(remotePrivKey)
-		if err != nil {
-			t.Fatal(err)
-		}
-
-		remoteParsedPubKey, _, _, _, err := ssh.ParseAuthorizedKey(remotePubKey)
-		if err != nil {
-			t.Fatal(err)
-		}
-
-		err = server.AddAuthorizedKey(peer, string(remotePubKey))
-		if err != nil {
-			t.Error(err)
-		}
-		keys = append(keys, remoteParsedPubKey)
-	}
-
-	for _, key := range keys {
-		accepted := server.publicKeyHandler(nil, key)
-
-		assert.Truef(t, accepted, "expecting SSH connection to be accepted for a given SSH key %s", string(ssh.MarshalAuthorizedKey(key)))
-	}
-
-}
--- a/client/ssh/util.go
+++ b/client/ssh/util.go
@@ -1,86 +0,0 @@
-package ssh
-
-import (
-	"crypto"
-	"crypto/ecdsa"
-	"crypto/elliptic"
-	"crypto/rand"
-	"crypto/rsa"
-	"crypto/x509"
-	"encoding/pem"
-	"fmt"
-	"golang.org/x/crypto/ed25519"
-	gossh "golang.org/x/crypto/ssh"
-	"strings"
-)
-
-// KeyType is a type of SSH key
-type KeyType string
-
-// ED25519 is key of type ed25519
-const ED25519 KeyType = "ed25519"
-
-// ECDSA is key of type ecdsa
-const ECDSA KeyType = "ecdsa"
-
-// RSA is key of type rsa
-const RSA KeyType = "rsa"
-
-// RSAKeySize is a size of newly generated RSA key
-const RSAKeySize = 2048
-
-// GeneratePrivateKey creates RSA Private Key of specified byte size
-func GeneratePrivateKey(keyType KeyType) ([]byte, error) {
-
-	var key crypto.Signer
-	var err error
-	switch keyType {
-	case ED25519:
-		_, key, err = ed25519.GenerateKey(rand.Reader)
-	case ECDSA:
-		key, err = ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
-	case RSA:
-		key, err = rsa.GenerateKey(rand.Reader, RSAKeySize)
-	default:
-		return nil, fmt.Errorf("unsupported ket type %s", keyType)
-	}
-	if err != nil {
-		return nil, err
-	}
-
-	pemBytes, err := EncodePrivateKeyToPEM(key)
-	if err != nil {
-		return nil, err
-	}
-
-	return pemBytes, nil
-}
-
-// GeneratePublicKey returns the public part of the private key
-func GeneratePublicKey(key []byte) ([]byte, error) {
-	signer, err := gossh.ParsePrivateKey(key)
-	if err != nil {
-		return nil, err
-	}
-
-	strKey := strings.TrimSpace(string(gossh.MarshalAuthorizedKey(signer.PublicKey())))
-	return []byte(strKey), nil
-}
-
-// EncodePrivateKeyToPEM encodes Private Key from RSA to PEM format
-func EncodePrivateKeyToPEM(privateKey crypto.Signer) ([]byte, error) {
-	mk, err := x509.MarshalPKCS8PrivateKey(privateKey)
-	if err != nil {
-		return nil, err
-	}
-
-	// pem.Block
-	privBlock := pem.Block{
-		Type:  "PRIVATE KEY",
-		Bytes: mk,
-	}
-
-	// Private key in PEM format
-	privatePEM := pem.EncodeToMemory(&privBlock)
-	return privatePEM, nil
-}
--- a/client/ssh/window_unix.go
+++ b/client/ssh/window_unix.go
@@ -1,14 +0,0 @@
-//go:build linux || darwin
-
-package ssh
-
-import (
-	"os"
-	"syscall"
-	"unsafe"
-)
-
-func setWinSize(file *os.File, width, height int) {
-	syscall.Syscall(syscall.SYS_IOCTL, file.Fd(), uintptr(syscall.TIOCSWINSZ), //nolint
-		uintptr(unsafe.Pointer(&struct{ h, w, x, y uint16 }{uint16(height), uint16(width), 0, 0})))
-}
--- a/client/ssh/window_windows.go
+++ b/client/ssh/window_windows.go
@@ -1,9 +0,0 @@
-package ssh
-
-import (
-	"os"
-)
-
-func setWinSize(file *os.File, width, height int) {
-
-}
--- a/client/status/status.go
+++ b/client/status/status.go
@@ -1,223 +0,0 @@
-package status
-
-import (
-	"errors"
-	"sync"
-	"time"
-)
-
-// PeerState contains the latest state of a peer
-type PeerState struct {
-	IP                     string
-	PubKey                 string
-	ConnStatus             string
-	ConnStatusUpdate       time.Time
-	Relayed                bool
-	Direct                 bool
-	LocalIceCandidateType  string
-	RemoteIceCandidateType string
-}
-
-// LocalPeerState contains the latest state of the local peer
-type LocalPeerState struct {
-	IP              string
-	PubKey          string
-	KernelInterface bool
-}
-
-// SignalState contains the latest state of a signal connection
-type SignalState struct {
-	URL       string
-	Connected bool
-}
-
-// ManagementState contains the latest state of a management connection
-type ManagementState struct {
-	URL       string
-	Connected bool
-}
-
-// FullStatus contains the full state held by the Status instance
-type FullStatus struct {
-	Peers           []PeerState
-	ManagementState ManagementState
-	SignalState     SignalState
-	LocalPeerState  LocalPeerState
-}
-
-// Status holds a state of peers, signal and management connections
-type Status struct {
-	mux          sync.Mutex
-	peers        map[string]PeerState
-	changeNotify map[string]chan struct{}
-	signal       SignalState
-	management   ManagementState
-	localPeer    LocalPeerState
-}
-
-// NewRecorder returns a new Status instance
-func NewRecorder() *Status {
-	return &Status{
-		peers:        make(map[string]PeerState),
-		changeNotify: make(map[string]chan struct{}),
-	}
-}
-
-// AddPeer adds peer to Daemon status map
-func (d *Status) AddPeer(peerPubKey string) error {
-	d.mux.Lock()
-	defer d.mux.Unlock()
-
-	_, ok := d.peers[peerPubKey]
-	if ok {
-		return errors.New("peer already exist")
-	}
-	d.peers[peerPubKey] = PeerState{PubKey: peerPubKey}
-	return nil
-}
-
-// GetPeer adds peer to Daemon status map
-func (d *Status) GetPeer(peerPubKey string) (PeerState, error) {
-	d.mux.Lock()
-	defer d.mux.Unlock()
-
-	state, ok := d.peers[peerPubKey]
-	if !ok {
-		return PeerState{}, errors.New("peer not found")
-	}
-	return state, nil
-}
-
-// RemovePeer removes peer from Daemon status map
-func (d *Status) RemovePeer(peerPubKey string) error {
-	d.mux.Lock()
-	defer d.mux.Unlock()
-
-	_, ok := d.peers[peerPubKey]
-	if ok {
-		delete(d.peers, peerPubKey)
-		return nil
-	}
-
-	return errors.New("no peer with to remove")
-}
-
-// UpdatePeerState updates peer status
-func (d *Status) UpdatePeerState(receivedState PeerState) error {
-	d.mux.Lock()
-	defer d.mux.Unlock()
-
-	peerState, ok := d.peers[receivedState.PubKey]
-	if !ok {
-		return errors.New("peer doesn't exist")
-	}
-
-	if receivedState.IP != "" {
-		peerState.IP = receivedState.IP
-	}
-
-	if receivedState.ConnStatus != peerState.ConnStatus {
-		peerState.ConnStatus = receivedState.ConnStatus
-		peerState.ConnStatusUpdate = receivedState.ConnStatusUpdate
-		peerState.Direct = receivedState.Direct
-		peerState.Relayed = receivedState.Relayed
-		peerState.LocalIceCandidateType = receivedState.LocalIceCandidateType
-		peerState.RemoteIceCandidateType = receivedState.RemoteIceCandidateType
-	}
-
-	d.peers[receivedState.PubKey] = peerState
-
-	ch, found := d.changeNotify[receivedState.PubKey]
-	if found && ch != nil {
-		close(ch)
-		d.changeNotify[receivedState.PubKey] = nil
-	}
-
-	return nil
-}
-
-// GetPeerStateChangeNotifier returns a change notifier channel for a peer
-func (d *Status) GetPeerStateChangeNotifier(peer string) <-chan struct{} {
-	d.mux.Lock()
-	defer d.mux.Unlock()
-	ch, found := d.changeNotify[peer]
-	if !found || ch == nil {
-		ch = make(chan struct{})
-		d.changeNotify[peer] = ch
-	}
-	return ch
-}
-
-// UpdateLocalPeerState updates local peer status
-func (d *Status) UpdateLocalPeerState(localPeerState LocalPeerState) {
-	d.mux.Lock()
-	defer d.mux.Unlock()
-
-	d.localPeer = localPeerState
-}
-
-// CleanLocalPeerState cleans local peer status
-func (d *Status) CleanLocalPeerState() {
-	d.mux.Lock()
-	defer d.mux.Unlock()
-
-	d.localPeer = LocalPeerState{}
-}
-
-// MarkManagementDisconnected sets ManagementState to disconnected
-func (d *Status) MarkManagementDisconnected(managementURL string) {
-	d.mux.Lock()
-	defer d.mux.Unlock()
-	d.management = ManagementState{
-		URL:       managementURL,
-		Connected: false,
-	}
-}
-
-// MarkManagementConnected sets ManagementState to connected
-func (d *Status) MarkManagementConnected(managementURL string) {
-	d.mux.Lock()
-	defer d.mux.Unlock()
-	d.management = ManagementState{
-		URL:       managementURL,
-		Connected: true,
-	}
-}
-
-// MarkSignalDisconnected sets SignalState to disconnected
-func (d *Status) MarkSignalDisconnected(signalURL string) {
-	d.mux.Lock()
-	defer d.mux.Unlock()
-	d.signal = SignalState{
-		signalURL,
-		false,
-	}
-}
-
-// MarkSignalConnected sets SignalState to connected
-func (d *Status) MarkSignalConnected(signalURL string) {
-	d.mux.Lock()
-	defer d.mux.Unlock()
-	d.signal = SignalState{
-		signalURL,
-		true,
-	}
-}
-
-// GetFullStatus gets full status
-func (d *Status) GetFullStatus() FullStatus {
-	d.mux.Lock()
-	defer d.mux.Unlock()
-
-	fullStatus := FullStatus{
-		ManagementState: d.management,
-		SignalState:     d.signal,
-		LocalPeerState:  d.localPeer,
-	}
-
-	for _, status := range d.peers {
-		fullStatus.Peers = append(fullStatus.Peers, status)
-	}
-
-	return fullStatus
-}
--- a/client/status/status_test.go
+++ b/client/status/status_test.go
@@ -1,225 +0,0 @@
-package status
-
-import (
-	"github.com/stretchr/testify/assert"
-	"testing"
-)
-
-func TestAddPeer(t *testing.T) {
-	key := "abc"
-	status := NewRecorder()
-	err := status.AddPeer(key)
-	assert.NoError(t, err, "shouldn't return error")
-
-	_, exists := status.peers[key]
-	assert.True(t, exists, "value was found")
-
-	err = status.AddPeer(key)
-
-	assert.Error(t, err, "should return error on duplicate")
-}
-
-func TestGetPeer(t *testing.T) {
-	key := "abc"
-	status := NewRecorder()
-	err := status.AddPeer(key)
-	assert.NoError(t, err, "shouldn't return error")
-
-	peerStatus, err := status.GetPeer(key)
-	assert.NoError(t, err, "shouldn't return error on getting peer")
-
-	assert.Equal(t, key, peerStatus.PubKey, "retrieved public key should match")
-
-	_, err = status.GetPeer("non_existing_key")
-	assert.Error(t, err, "should return error when peer doesn't exist")
-}
-
-func TestUpdatePeerState(t *testing.T) {
-	key := "abc"
-	ip := "10.10.10.10"
-	status := NewRecorder()
-	peerState := PeerState{
-		PubKey: key,
-	}
-
-	status.peers[key] = peerState
-
-	peerState.IP = ip
-
-	err := status.UpdatePeerState(peerState)
-	assert.NoError(t, err, "shouldn't return error")
-
-	state, exists := status.peers[key]
-	assert.True(t, exists, "state should be found")
-	assert.Equal(t, ip, state.IP, "ip should be equal")
-}
-
-func TestGetPeerStateChangeNotifierLogic(t *testing.T) {
-	key := "abc"
-	ip := "10.10.10.10"
-	status := NewRecorder()
-	peerState := PeerState{
-		PubKey: key,
-	}
-
-	status.peers[key] = peerState
-
-	ch := status.GetPeerStateChangeNotifier(key)
-	assert.NotNil(t, ch, "channel shouldn't be nil")
-
-	peerState.IP = ip
-
-	err := status.UpdatePeerState(peerState)
-	assert.NoError(t, err, "shouldn't return error")
-
-	select {
-	case <-ch:
-	default:
-		t.Errorf("channel wasn't closed after update")
-	}
-}
-
-func TestRemovePeer(t *testing.T) {
-	key := "abc"
-	status := NewRecorder()
-	peerState := PeerState{
-		PubKey: key,
-	}
-
-	status.peers[key] = peerState
-
-	err := status.RemovePeer(key)
-	assert.NoError(t, err, "shouldn't return error")
-
-	_, exists := status.peers[key]
-	assert.False(t, exists, "state value shouldn't be found")
-
-	err = status.RemovePeer("not existing")
-	assert.Error(t, err, "should return error when peer doesn't exist")
-}
-
-func TestUpdateLocalPeerState(t *testing.T) {
-	localPeerState := LocalPeerState{
-		IP:              "10.10.10.10",
-		PubKey:          "abc",
-		KernelInterface: false,
-	}
-	status := NewRecorder()
-
-	status.UpdateLocalPeerState(localPeerState)
-
-	assert.Equal(t, localPeerState, status.localPeer, "local peer status should be equal")
-}
-
-func TestCleanLocalPeerState(t *testing.T) {
-	emptyLocalPeerState := LocalPeerState{}
-	localPeerState := LocalPeerState{
-		IP:              "10.10.10.10",
-		PubKey:          "abc",
-		KernelInterface: false,
-	}
-	status := NewRecorder()
-
-	status.localPeer = localPeerState
-
-	status.CleanLocalPeerState()
-
-	assert.Equal(t, emptyLocalPeerState, status.localPeer, "local peer status should be empty")
-}
-
-func TestUpdateSignalState(t *testing.T) {
-	url := "https://signal"
-	var tests = []struct {
-		name      string
-		connected bool
-		want      SignalState
-	}{
-		{"should mark as connected", true, SignalState{
-
-			URL:       url,
-			Connected: true,
-		}},
-		{"should mark as disconnected", false, SignalState{
-			URL:       url,
-			Connected: false,
-		}},
-	}
-
-	status := NewRecorder()
-
-	for _, test := range tests {
-		t.Run(test.name, func(t *testing.T) {
-			if test.connected {
-				status.MarkSignalConnected(url)
-			} else {
-				status.MarkSignalDisconnected(url)
-			}
-			assert.Equal(t, test.want, status.signal, "signal status should be equal")
-		})
-	}
-}
-
-func TestUpdateManagementState(t *testing.T) {
-	url := "https://management"
-	var tests = []struct {
-		name      string
-		connected bool
-		want      ManagementState
-	}{
-		{"should mark as connected", true, ManagementState{
-
-			URL:       url,
-			Connected: true,
-		}},
-		{"should mark as disconnected", false, ManagementState{
-			URL:       url,
-			Connected: false,
-		}},
-	}
-
-	status := NewRecorder()
-
-	for _, test := range tests {
-		t.Run(test.name, func(t *testing.T) {
-			if test.connected {
-				status.MarkManagementConnected(url)
-			} else {
-				status.MarkManagementDisconnected(url)
-			}
-			assert.Equal(t, test.want, status.management, "signal status should be equal")
-		})
-	}
-}
-
-func TestGetFullStatus(t *testing.T) {
-	key1 := "abc"
-	key2 := "def"
-	managementState := ManagementState{
-		URL:       "https://signal",
-		Connected: true,
-	}
-	signalState := SignalState{
-		URL:       "https://signal",
-		Connected: true,
-	}
-	peerState1 := PeerState{
-		PubKey: key1,
-	}
-
-	peerState2 := PeerState{
-		PubKey: key2,
-	}
-
-	status := NewRecorder()
-
-	status.management = managementState
-	status.signal = signalState
-	status.peers[key1] = peerState1
-	status.peers[key2] = peerState2
-
-	fullStatus := status.GetFullStatus()
-
-	assert.Equal(t, managementState, fullStatus.ManagementState, "management status should be equal")
-	assert.Equal(t, signalState, fullStatus.SignalState, "signal status should be equal")
-	assert.ElementsMatch(t, []PeerState{peerState1, peerState2}, fullStatus.Peers, "peers states should match")
-}
--- a/client/system/info_darwin.go
+++ b/client/system/info_darwin.go
@@ -4,25 +4,41 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"golang.org/x/sys/unix"
 	"os"
+	"os/exec"
 	"runtime"
+	"strings"
+	"time"
 )

 // GetInfo retrieves and parses the system information
 func GetInfo(ctx context.Context) *Info {
-	utsname := unix.Utsname{}
-	err := unix.Uname(&utsname)
-	if err != nil {
-		fmt.Println("getInfo:", err)
+	out := _getInfo()
+	for strings.Contains(out, "broken pipe") {
+		out = _getInfo()
+		time.Sleep(500 * time.Millisecond)
 	}
-	sysName := string(bytes.Split(utsname.Sysname[:], []byte{0})[0])
-	machine := string(bytes.Split(utsname.Machine[:], []byte{0})[0])
-	release := string(bytes.Split(utsname.Release[:], []byte{0})[0])
-	gio := &Info{Kernel: sysName, OSVersion: release, Core: release, Platform: machine, OS: sysName, GoOS: runtime.GOOS, CPUs: runtime.NumCPU()}
+	osStr := strings.Replace(out, "\n", "", -1)
+	osStr = strings.Replace(osStr, "\r\n", "", -1)
+	osInfo := strings.Split(osStr, " ")
+	gio := &Info{Kernel: osInfo[0], OSVersion: osInfo[1], Core: osInfo[1], Platform: osInfo[2], OS: osInfo[0], GoOS: runtime.GOOS, CPUs: runtime.NumCPU()}
 	gio.Hostname, _ = os.Hostname()
 	gio.WiretrusteeVersion = NetbirdVersion()
 	gio.UIVersion = extractUserAgent(ctx)

 	return gio
 }
+
+func _getInfo() string {
+	cmd := exec.Command("uname", "-srm")
+	cmd.Stdin = strings.NewReader("some input")
+	var out bytes.Buffer
+	var stderr bytes.Buffer
+	cmd.Stdout = &out
+	cmd.Stderr = &stderr
+	err := cmd.Run()
+	if err != nil {
+		fmt.Println("getInfo:", err)
+	}
+	return out.String()
+}
--- a/client/ui/client_ui.go
+++ b/client/ui/client_ui.go
@@ -1,7 +1,3 @@
-//go:build !(linux && 386)
-// +build !linux !386
-
-// skipping linux 32 bits build and tests
 package main

 import (
@@ -9,6 +5,7 @@ import (
 	"flag"
 	"fmt"
 	"github.com/netbirdio/netbird/client/system"
+	"io/ioutil"
 	"os"
 	"os/exec"
 	"path"
@@ -500,7 +497,7 @@ func (s *serviceClient) getSrvConfig() {
 // checkPIDFile exists and return error, or write new.
 func checkPIDFile() error {
 	pidFile := path.Join(os.TempDir(), "wiretrustee-ui.pid")
-	if piddata, err := os.ReadFile(pidFile); err == nil {
+	if piddata, err := ioutil.ReadFile(pidFile); err == nil {
 		if pid, err := strconv.Atoi(string(piddata)); err == nil {
 			if process, err := os.FindProcess(pid); err == nil {
 				if err := process.Signal(syscall.Signal(0)); err == nil {
@@ -510,5 +507,5 @@ func checkPIDFile() error {
 		}
 	}

-	return os.WriteFile(pidFile, []byte(fmt.Sprintf("%d", os.Getpid())), 0o664)
+	return ioutil.WriteFile(pidFile, []byte(fmt.Sprintf("%d", os.Getpid())), 0o664)
 }
--- a/docs/README.md
+++ b/docs/README.md
@@ -0,0 +1,104 @@
+### Table of contents
+
+* [About Netbird](#about-netbird)
+* [Why Wireguard with Netbird?](#why-wireguard-with-netbird)
+* [Netbird vs. Traditional VPN](#netbird-vs-traditional-vpn)
+* [High-level technology overview](#high-level-technology-overview)
+* [Getting started](#getting-started)
+
+### About Netbird
+
+Netbird is an open-source VPN platform built on top of [WireGuard®](https://www.wireguard.com/) making it easy to create secure private networks for your organization or home.
+
+It requires zero configuration effort leaving behind the hassle of opening ports, complex firewall rules, vpn gateways, and so forth.
+
+There is no centralized VPN server with Netbird - your computers, devices, machines, and servers connect to each other directly over a fast encrypted tunnel.
+
+It literally takes less than 5 minutes to provision a secure peer-to-peer VPN with Netbird. Check our [Quickstart Guide Video](https://www.youtube.com/watch?v=cWTsGUJAUaU) to see the setup in action.
+
+### Why Wireguard with Netbird?
+
+WireGuard is a modern and extremely fast VPN tunnel utilizing state-of-the-art [cryptography](https://www.wireguard.com/protocol/)
+and Netbird uses Wireguard to establish a secure tunnel between machines.
+
+Built with simplicity in mind, Wireguard ensures that traffic between two machines is encrypted and flowing, however, it requires a few things to be done beforehand.
+
+First, in order to connect, the machines have to be configured.
+On each machine, you need to generate private and public keys and prepare a WireGuard configuration file.
+The configuration also includes a private IP address that should be unique per machine.
+
+Secondly, to accept the incoming traffic, the machines have to trust each other.
+The generated public keys have to be pre-shared on the machines.
+This works similarly to SSH with its authorised_keys file.
+
+Lastly, the connectivity between the machines has to be ensured.
+To make machines reach one another, you are required to set a WireGuard endpoint property which indicates the IP address and port of the remote machine to connect to.
+On many occasions, machines are hidden behind firewalls and NAT devices,
+meaning that you may need to configure a port forwarding or open holes in your firewall to ensure the machines are reachable.
+
+The undertakings mentioned above might not be complicated if you have just a few machines, but the complexity grows as the number of machines increases.
+
+Netbird simplifies the setup by automatically generating private and public keys, assigning unique private IP addresses, and takes care of sharing public keys between the machines.
+It is worth mentioning that the private key never leaves the machine.
+So only the machine that owns the key can decrypt traffic addressed to it.
+The same applies also to the relayed traffic mentioned below.
+
+Furthermore, Netbird ensures connectivity by leveraging advanced [NAT traversal techniques](https://en.wikipedia.org/wiki/NAT_traversal)
+and removing the necessity of port forwarding, opening holes in the firewall, and having a public static IP address.  
+In cases when a direct peer-to-peer connection isn't possible, all traffic is relayed securely between peers.
+Netbird also monitors the connection health and restarts broken connections.
+
+There are a few more things that we are working on to make secure private networks simple. A few examples are ACLs, MFA and activity monitoring.
+
+Check out the WireGuard [Quick Start](https://www.wireguard.com/quickstart/) guide to learn more about configuring "plain" WireGuard without Netbird.
+
+### Netbird vs. Traditional VPN
+
+In the traditional VPN model, everything converges on a centralized, protected network where all the clients are connecting to a central VPN server.
+
+An increasing amount of connections can easily overload the VPN server.
+Even a short downtime of a server can cause expensive system disruptions, and a remote team's inability to work.
+
+Centralized VPNs imply all the traffic going through the central server causing network delays and increased traffic usage.
+
+Such systems require an experienced team to set up and maintain.
+Configuring firewalls, setting up NATs, SSO integration, and managing access control lists can be a nightmare.
+
+Traditional centralized VPNs are often compared to a [castle-and-moat](https://en.wikipedia.org/wiki/Moat) model
+in which once accessed, user is trusted and can access critical infrastructure and resources without any restrictions.
+
+Netbird decentralizes networks using direct point-to-point connections, as opposed to traditional models.
+Consequently, network performance is increased since traffic flows directly between the machines bypassing VPN servers or gateways.
+To achieve this, Netbird client applications employ signalling servers to find other machines and negotiate connections.
+These are similar to the signaling servers used in [WebRTC](https://developer.mozilla.org/en-US/docs/Web/API/WebRTC_API/Signaling_and_video_calling#the_signaling_server)
+
+Thanks to [NAT traversal techniques](https://en.wikipedia.org/wiki/NAT_traversal),
+outlined in the [Why not just Wireguard?](#why-wireguard-with-netbird) section above,
+Netbird installation doesn't require complex network and firewall configuration.
+It just works, minimising the maintenance effort.
+
+Finally, each machine or device in the Netbird network verifies incoming connections accepting only the trusted ones.
+This is ensured by Wireguard's [Crypto Routing concept](https://www.wireguard.com/#cryptokey-routing).
+
+### High-level technology overview
+In essence, Netbird is an open source platform consisting of a collection of systems, responsible for handling peer-to-peer connections, tunneling and network management (IP, keys, ACLs, etc).
+
+<p align="center">
+    <img src="media/high-level-dia.png" alt="high-level-dia" width="781"/>
+</p>
+
+Netbird uses open-source technologies like [WireGuard®](https://www.wireguard.com/), [Pion ICE (WebRTC)](https://github.com/pion/ice), [Coturn](https://github.com/coturn/coturn),
+and [software](https://github.com/netbirdio/netbird) developed by Netbird authors to make it all work together.
+
+To learn more about Netbird architecture, please refer to the [architecture section](../docs/architecture.md).
+
+### Getting Started
+
+There are 2 ways of getting started with Netbird:
+- use Cloud Managed version
+- self-hosting
+
+We recommend starting with the cloud managed version hosted at [app.netbird.io](https://app.netbird.io) - the quickest way to get familiar with the system.
+See [Quickstart Guide](../docs/quickstart.md) for instructions.
+
+If you don't want to use the managed version, check out our [Self-hosting Guide](../docs/self-hosting.md).
--- a/docs/architecture.md
+++ b/docs/architecture.md
@@ -0,0 +1,2 @@
+### Architecture
+TODO
--- a/docs/media/add-peer.png
+++ b/docs/media/add-peer.png
--- a/docs/media/auth.png
+++ b/docs/media/auth.png
--- a/docs/media/empty-peers.png
+++ b/docs/media/empty-peers.png
--- a/docs/media/high-level-dia.png
+++ b/docs/media/high-level-dia.png
--- a/docs/media/peers.gif
+++ b/docs/media/peers.gif
--- a/docs/media/peers.png
+++ b/docs/media/peers.png
--- a/docs/quickstart.md
+++ b/docs/quickstart.md
@@ -0,0 +1,41 @@
+## Quickstart guide (Cloud Managed version)
+Step-by-step video guide on YouTube:
+
+[![IMAGE ALT TEXT](https://img.youtube.com/vi/cWTsGUJAUaU/0.jpg)](https://youtu.be/cWTsGUJAUaU "Netbird - secure private network in less than 5 minutes")
+
+This guide describes how to create secure VPN and connect 2 machines peer-to-peer.
+
+One machine is a Raspberry Pi Compute Module 4 hosted at home (Peer A), and the other one is a regular Ubuntu server running in the Data Center (Peer B).
+Both machines are running Linux (Raspbian and Ubuntu respectively), but you could also use Mac or Windows operating systems.
+
+1. Sign-up at [https://app.netbird.io/](https://app.netbird.io/)
+
+    You can use your email and password to sign-up or any available social login option (e.g., GitHub account)
+    
+    <img src="media/auth.png" alt="auth" width="350"/>
+
+2. After a successful login you will be redirected to the ```Peers``` screen which is empty because you don't have any peers yet.
+   
+    Click ```Add peer``` to add a new machine.
+    
+    <img src="media/empty-peers.png" alt="empty-peers" width="700"/>
+    
+3.  Choose a setup key which will be used to associate your new machine with your account (in our case it is ```Default key```).
+
+    Choose your machine operating system (in our case it is ```Linux```) and proceed with the installation steps on the machine.
+
+    <img src="media/add-peer.png" alt="add-peer" width="700"/>    
+
+4. Repeat #3 for the 2nd machine.
+5. Return to ```Peers``` and you should notice 2 new machines with status ```Connected```
+   
+    <img src="media/peers.png" alt="peers" width="700"/>
+
+6. To test the connection you could try pinging devices:
+   
+    On Peer A:
+    ```ping 100.64.0.2```
+    
+    On Peer B:
+    ```ping 100.64.0.1```
+7. Done! You now have a secure peer-to-peer VPN configured.
--- a/docs/self-hosting.md
+++ b/docs/self-hosting.md
@@ -0,0 +1,106 @@
+### Self-hosting
+Netbird is an open-source platform that can be self-hosted on your servers.
+
+It relies on components developed by Netbird Authors [Management Service](https://github.com/netbirdio/netbird/tree/main/management), [Management UI Dashboard](https://github.com/netbirdio/dashboard), [Signal Service](https://github.com/netbirdio/netbird/tree/main/signal), 
+a 3rd party open-source STUN/TURN service [Coturn](https://github.com/coturn/coturn) and a 3rd party service [Auth0](https://auth0.com/).
+
+All the components can be self-hosted except for the Auth0 service.
+We chose Auth0 to "outsource" the user management part of the platform because we believe that implementing a proper user auth requires significant amount of time to make it right. 
+We focused on connectivity instead. It also offers an always free plan that should be ok for most users as its limits are high enough for most teams.
+
+If you would like to learn more about the architecture please refer to the [Netbird Architecture section](architecture.md).
+
+### Step-by-step video guide on YouTube:
+
+[![IMAGE ALT TEXT](https://img.youtube.com/vi/Ofpgx5WhT0k/0.jpg)](https://youtu.be/Ofpgx5WhT0k "Netbird Self-Hosting Guide")
+
+### Requirements
+
+- Virtual machine offered by any cloud provider (e.g., AWS, DigitalOcean, Hetzner, Google Cloud, Azure ...). 
+- Any Unix OS.
+- Docker Compose installed (see [Install Docker Compose](https://docs.docker.com/compose/install/)).
+- Domain name pointing to the public IP address of your server.
+- Netbird Open ports ```443, 33071, 33073, 10000``` (Dashboard, Management HTTP API, Management gRpc API, Signal gRpc) on your server. 
+- Coturn is used for relay using the STUN/TURN protocols. It requires a listening port, ```UDP 3478```,  and range of ports,```UDP 49152-65535```, for dynamic relay connections. These are set as defaults in [setup file](https://github.com/netbirdio/netbird/blob/main/infrastructure_files/setup.env#L34), but can be configured to your requirements. 
+- Maybe a cup of coffee or tea :)
+
+### Step-by-step guide
+
+For this tutorial we will be using domain ```test.netbird.io``` which points to our Ubuntu 20.04 machine hosted at Hetzner.
+
+1. Create Auth0 account at [auth0.com](https://auth0.com/).
+2. Login to your server, clone Netbird repository:
+   
+   ```bash 
+   git clone https://github.com/netbirdio/netbird.git netbird/
+   ```
+   
+   and switch to the ```netbird/infrastructure_files/``` folder that contains docker compose file:
+   
+   ```bash 
+   cd netbird/infrastructure_files/
+   ```
+3. Prepare configuration files.
+   
+   To simplify the setup we have prepared a script to substitute required properties in the [turnserver.conf.tmpl](../infrastructure_files/turnserver.conf.tmpl),[docker-compose.yml.tmpl](../infrastructure_files/docker-compose.yml.tmpl) and [management.json.tmpl](../infrastructure_files/management.json.tmpl) files.
+   
+   The [setup.env](../infrastructure_files/setup.env) file contains the following properties that have to be filled:
+   
+   ```bash
+   # Dashboard domain. e.g. app.mydomain.com
+   NETBIRD_DOMAIN=""
+   # e.g. dev-24vkclam.us.auth0.com
+   NETBIRD_AUTH0_DOMAIN=""
+   # e.g. 61u3JMXRO0oOevc7gCkZLCwePQvT4lL0
+   NETBIRD_AUTH0_CLIENT_ID=""
+   # e.g. https://app.mydomain.com/ or https://app.mydomain.com,
+   # Make sure you used the exact same value for Identifier
+   # you used when creating your Auth0 API
+   NETBIRD_AUTH0_AUDIENCE=""
+   # e.g. hello@mydomain.com
+   NETBIRD_LETSENCRYPT_EMAIL=""
+   ```
+   > Other options are available, but they are automatically updated.
+   
+   Please follow the steps to get the values. 
+
+4. Configure ```NETBIRD_AUTH0_DOMAIN``` ```NETBIRD_AUTH0_CLIENT_ID``` ```NETBIRD_AUTH0_AUDIENCE``` properties.          
+   
+   * To obtain these, please use [Auth0 React SDK Guide](https://auth0.com/docs/quickstart/spa/react/01-login#configure-auth0) up until "Install the Auth0 React SDK".
+   
+      :grey_exclamation: Use ```https://YOUR DOMAIN``` as ````Allowed Callback URLs````, ```Allowed Logout URLs```, ```Allowed Web Origins``` and ```Allowed Origins (CORS)```
+   * set the variables in the ```setup.env```
+5. Configure ```NETBIRD_AUTH0_AUDIENCE``` property. 
+   
+   * Check [Auth0 Golang API Guide](https://auth0.com/docs/quickstart/backend/golang) to obtain AuthAudience.
+   * set the property in the ```setup.env``` file.
+6. Configure ```NETBIRD_LETSENCRYPT_EMAIL``` property.
+   
+   This can be any email address. [Let's Encrypt](https://letsencrypt.org/) will create an account while generating a new certificate.    
+
+7. Make sure all the properties set in the ```setup.env``` file and run: 
+   
+    ```bash
+    ./configure.sh
+    ```
+   
+   This will export all the properties as environment variables and generate ```docker-compose.yml``` and ```management.json``` files substituting required variables.
+
+8. Run docker compose:
+
+   ```bash
+   docker-compose up -d
+   ```
+9. Optionally check the logs by running: 
+        
+    ```bash
+    docker-compose logs signal
+    docker-compose logs management
+    docker-compose logs coturn
+    docker-compose logs dashboard
+
+10. Once the server is running, you can access the dashboard by https://$NETBIRD_DOMAIN
+11. Adding a peer will require you to enter the management URL by following the steps in the page https://$NETBIRD_DOMAIN/add-peer and in the 3rd step:
+```shell
+sudo netbird up --setup-key <PASTE-SETUP-KEY> --management-url https://$NETBIRD_DOMAIN:33073
+```
--- a/encryption/letsencrypt.go
+++ b/encryption/letsencrypt.go
@@ -8,17 +8,17 @@ import (
 )

 // CreateCertManager wraps common logic of generating Let's encrypt certificate.
-func CreateCertManager(datadir string, letsencryptDomain string) (*autocert.Manager, error) {
+func CreateCertManager(datadir string, letsencryptDomain string) *autocert.Manager {
 	certDir := filepath.Join(datadir, "letsencrypt")

 	if _, err := os.Stat(certDir); os.IsNotExist(err) {
 		err = os.MkdirAll(certDir, os.ModeDir)
 		if err != nil {
-			return nil, err
+			log.Fatalf("failed creating Let's encrypt certdir: %s: %v", certDir, err)
 		}
 	}

-	log.Infof("running with LetsEncrypt (%s). Cert will be stored in %s", letsencryptDomain, certDir)
+	log.Infof("running with Let's encrypt with domain %s. Cert will be stored in %s", letsencryptDomain, certDir)

 	certManager := &autocert.Manager{
 		Prompt:     autocert.AcceptTOS,
@@ -26,5 +26,5 @@ func CreateCertManager(datadir string, letsencryptDomain string) (*autocert.Mana
 		HostPolicy: autocert.HostWhitelist(letsencryptDomain),
 	}

-	return certManager, nil
+	return certManager
 }
--- a/go.mod
+++ b/go.mod
@@ -3,58 +3,43 @@ module github.com/netbirdio/netbird
 go 1.18

 require (
-	github.com/cenkalti/backoff/v4 v4.1.3
+	github.com/cenkalti/backoff/v4 v4.1.2
 	github.com/golang-jwt/jwt v3.2.2+incompatible
 	github.com/golang/protobuf v1.5.2
 	github.com/google/uuid v1.3.0
 	github.com/gorilla/mux v1.8.0
 	github.com/kardianos/service v1.2.1-0.20210728001519-a323c3813bc7 //keep this version otherwise wiretrustee up command breaks
 	github.com/onsi/ginkgo v1.16.5
-	github.com/onsi/gomega v1.18.1
+	github.com/onsi/gomega v1.17.0
 	github.com/pion/ice/v2 v2.1.17
 	github.com/rs/cors v1.8.0
 	github.com/sirupsen/logrus v1.8.1
 	github.com/spf13/cobra v1.3.0
 	github.com/spf13/pflag v1.0.5
 	github.com/vishvananda/netlink v1.1.0
-	golang.org/x/crypto v0.0.0-20220513210258-46612604a0f9
-	golang.org/x/sys v0.0.0-20220622161953-175b2fd9d664
+	golang.org/x/crypto v0.0.0-20220131195533-30dcbda58838
+	golang.org/x/sys v0.0.0-20220204135822-1c1b9b1eba6a
 	golang.zx2c4.com/wireguard v0.0.0-20211209221555-9c9e7e272434
 	golang.zx2c4.com/wireguard/wgctrl v0.0.0-20211215182854-7a385b3431de
 	golang.zx2c4.com/wireguard/windows v0.5.1
 	google.golang.org/grpc v1.43.0
-	google.golang.org/protobuf v1.28.0
+	google.golang.org/protobuf v1.27.1
 	gopkg.in/natefinch/lumberjack.v2 v2.0.0
 )

 require (
 	fyne.io/fyne/v2 v2.1.4
 	github.com/c-robinson/iplib v1.0.3
-	github.com/coreos/go-iptables v0.6.0
-	github.com/creack/pty v1.1.18
-	github.com/eko/gocache/v2 v2.3.1
 	github.com/getlantern/systray v1.2.1
-	github.com/gliderlabs/ssh v0.3.4
-	github.com/google/nftables v0.0.0-20220808154552-2eca00135732
-	github.com/libp2p/go-netroute v0.2.0
 	github.com/magiconair/properties v1.8.5
-	github.com/patrickmn/go-cache v2.1.0+incompatible
 	github.com/rs/xid v1.3.0
 	github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966
-	github.com/stretchr/testify v1.7.1
-	golang.org/x/net v0.0.0-20220513224357-95641704303c
-	golang.org/x/term v0.0.0-20220526004731-065cf7ba2467
+	github.com/stretchr/testify v1.7.0
 )

 require (
 	github.com/BurntSushi/toml v0.4.1 // indirect
-	github.com/XiaoMi/pegasus-go-client v0.0.0-20210427083443-f3b6b08bc4c2 // indirect
-	github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be // indirect
-	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/bradfitz/gomemcache v0.0.0-20220106215444-fb4bf637b56d // indirect
-	github.com/cespare/xxhash/v2 v2.1.2 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
 	github.com/fredbi/uri v0.0.0-20181227131451-3dcfdacbaaf3 // indirect
 	github.com/fsnotify/fsnotify v1.5.1 // indirect
 	github.com/getlantern/context v0.0.0-20190109183933-c447772a6520 // indirect
@@ -65,21 +50,17 @@ require (
 	github.com/getlantern/ops v0.0.0-20190325191751-d70cb0d6f85f // indirect
 	github.com/go-gl/gl v0.0.0-20210813123233-e4099ee2221f // indirect
 	github.com/go-gl/glfw/v3.3/glfw v0.0.0-20211024062804-40e447a793be // indirect
-	github.com/go-redis/redis/v8 v8.11.5 // indirect
 	github.com/go-stack/stack v1.8.0 // indirect
 	github.com/godbus/dbus/v5 v5.0.4 // indirect
 	github.com/goki/freetype v0.0.0-20181231101311-fa8a33aabaff // indirect
-	github.com/google/go-cmp v0.5.7 // indirect
-	github.com/google/gopacket v1.1.19 // indirect
+	github.com/google/go-cmp v0.5.6 // indirect
 	github.com/inconshreveable/mousetrap v1.0.0 // indirect
 	github.com/josharian/native v0.0.0-20200817173448-b6b71def0850 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
 	github.com/mdlayher/genetlink v1.1.0 // indirect
 	github.com/mdlayher/netlink v1.4.2 // indirect
 	github.com/mdlayher/socket v0.0.0-20211102153432-57e3fa563ecb // indirect
 	github.com/nxadm/tail v1.4.8 // indirect
 	github.com/oxtoacart/bpool v0.0.0-20190530202638-03653db5a59c // indirect
-	github.com/pegasus-kv/thrift v0.13.0 // indirect
 	github.com/pion/dtls/v2 v2.1.2 // indirect
 	github.com/pion/logging v0.2.2 // indirect
 	github.com/pion/mdns v0.0.5 // indirect
@@ -89,34 +70,24 @@ require (
 	github.com/pion/turn/v2 v2.0.7 // indirect
 	github.com/pion/udp v0.1.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/prometheus/client_golang v1.12.2 // indirect
-	github.com/prometheus/client_model v0.2.0 // indirect
-	github.com/prometheus/common v0.33.0 // indirect
-	github.com/prometheus/procfs v0.7.3 // indirect
-	github.com/rogpeppe/go-internal v1.8.0 // indirect
-	github.com/spf13/cast v1.5.0 // indirect
 	github.com/srwiley/oksvg v0.0.0-20200311192757-870daf9aa564 // indirect
 	github.com/srwiley/rasterx v0.0.0-20200120212402-85cb7272f5e9 // indirect
 	github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df // indirect
 	github.com/yuin/goldmark v1.4.1 // indirect
 	golang.org/x/image v0.0.0-20200430140353-33d19683fad8 // indirect
-	golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 // indirect
-	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
+	golang.org/x/mod v0.5.1 // indirect
+	golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd // indirect
 	golang.org/x/text v0.3.8-0.20211105212822-18b340fc7af2 // indirect
-	golang.org/x/tools v0.1.10 // indirect
-	golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f // indirect
+	golang.org/x/tools v0.1.8 // indirect
+	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
 	golang.zx2c4.com/go118/netip v0.0.0-20211111135330-a4a02eeacf9d // indirect
 	golang.zx2c4.com/wintun v0.0.0-20211104114900-415007cec224 // indirect
 	google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa // indirect
-	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
+	gopkg.in/check.v1 v1.0.0-20200902074654-038fdea0a05b // indirect
 	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
-	gopkg.in/tomb.v2 v2.0.0-20161208151619-d5d1b5820637 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
 	honnef.co/go/tools v0.2.2 // indirect
-	k8s.io/apimachinery v0.23.5 // indirect
 )

 replace github.com/pion/ice/v2 => github.com/wiretrustee/ice/v2 v2.1.21-0.20220218121004-dc81faead4bb
-
-replace github.com/kardianos/service => github.com/netbirdio/service v0.0.0-20220905002524-6ac14ad5ea84
--- a/go.sum
+++ b/go.sum
@@ -54,47 +54,30 @@ github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbi
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
 github.com/Kodeworks/golang-image-ico v0.0.0-20141118225523-73f0f4cfade9/go.mod h1:7uhhqiBaR4CpN0k9rMjOtjpcfGd6DG2m04zQxKnWQ0I=
-github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
-github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
-github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
-github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
-github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
-github.com/XiaoMi/pegasus-go-client v0.0.0-20210427083443-f3b6b08bc4c2 h1:pami0oPhVosjOu/qRHepRmdjD6hGILF7DBr+qQZeP10=
-github.com/XiaoMi/pegasus-go-client v0.0.0-20210427083443-f3b6b08bc4c2/go.mod h1:jNIx5ykW1MroBuaTja9+VpglmaJOUzezumfhLlER3oY=
 github.com/akavel/rsrc v0.8.0/go.mod h1:uLoCtb9J+EyAqh+26kdrTgmzRBFPGOolLWKpdxkKq+c=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
-github.com/allegro/bigcache/v3 v3.0.2 h1:AKZCw+5eAaVyNTBmI2fgyPVJhHkdWder3O9IrprcQfI=
-github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
-github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
 github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
 github.com/armon/go-metrics v0.3.10/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
-github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
-github.com/bradfitz/gomemcache v0.0.0-20220106215444-fb4bf637b56d h1:pVrfxiGfwelyab6n21ZBkbkmbevaf+WvMIiR7sr97hw=
-github.com/bradfitz/gomemcache v0.0.0-20220106215444-fb4bf637b56d/go.mod h1:H0wQNHz2YrLsuXOZozoeDmnHXkNCRmMW0gwFWDfEZDA=
 github.com/c-robinson/iplib v1.0.3 h1:NG0UF0GoEsrC1/vyfX1Lx2Ss7CySWl3KqqXh3q4DdPU=
 github.com/c-robinson/iplib v1.0.3/go.mod h1:i3LuuFL1hRT5gFpBRnEydzw8R6yhGkF4szNDIbF8pgo=
-github.com/cenkalti/backoff/v4 v4.1.0/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
-github.com/cenkalti/backoff/v4 v4.1.3 h1:cFAlzYUlVYDysBEH2T5hyJZMh3+5+WCBvSnK6Q8UtC4=
-github.com/cenkalti/backoff/v4 v4.1.3/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
+github.com/cenkalti/backoff/v4 v4.1.2 h1:6Yo7N8UP2K6LWZnW94DLVSSrbobcWdVzAYOisuDPIFo=
+github.com/cenkalti/backoff/v4 v4.1.2/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE=
 github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
@@ -114,31 +97,13 @@ github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWH
 github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20211130200136-a8f946100490/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/coocood/freecache v1.2.1 h1:/v1CqMq45NFH9mp/Pt142reundeBM0dVUD3osQBeu/U=
-github.com/coreos/go-iptables v0.6.0 h1:is9qnZMPYjLd8LYqmm/qlE+wwEgJIkTYdhV3rfZo4jk=
-github.com/coreos/go-iptables v0.6.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q=
 github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
 github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
-github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
-github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
-github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
-github.com/davecgh/go-spew v0.0.0-20151105211317-5215b55f46b2/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/dgraph-io/ristretto v0.1.0 h1:Jv3CGQHp9OjuMBSne1485aDpUkTKEcUqF+jm/LuerPI=
-github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
-github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
-github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM=
-github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
-github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo=
-github.com/eko/gocache/v2 v2.3.1 h1:8MMkfqGJ0KIA9OXT0rXevcEIrU16oghrGDiIDJDFCa0=
-github.com/eko/gocache/v2 v2.3.1/go.mod h1:l2z8OmpZHL0CpuzDJtxm267eF3mZW1NqUsMj+sKrbUs=
-github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
-github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
-github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
@@ -150,22 +115,16 @@ github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.
 github.com/envoyproxy/go-control-plane v0.10.1/go.mod h1:AY7fTTXNdv/aJ2O5jwpxAPOWUZ7hQAEvzN5Pf27BkQQ=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/envoyproxy/protoc-gen-validate v0.6.2/go.mod h1:2t7qjJNvHPx8IjnBOzl9E9/baC+qXE/TeeyBRzgJDws=
-github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
-github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
 github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
 github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
-github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8vw=
-github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g=
 github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k=
-github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE=
 github.com/fredbi/uri v0.0.0-20181227131451-3dcfdacbaaf3 h1:FDqhDm7pcsLhhWl1QtD8vlzI4mm59llRvNzrFg6/LAA=
 github.com/fredbi/uri v0.0.0-20181227131451-3dcfdacbaaf3/go.mod h1:CzM2G82Q9BDUvMTGHnXf/6OExw/Dz2ivDj48nVg7Lg8=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/fsnotify/fsnotify v1.5.1 h1:mZcQUHVQUQWoPXXtuf9yuEXKudkV2sx1E06UadKWpgI=
 github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU=
-github.com/getkin/kin-openapi v0.76.0/go.mod h1:660oXbgy5JFMKreazJaQTw7o+X00qeSyhcnluiMv+Xg=
 github.com/getlantern/context v0.0.0-20190109183933-c447772a6520 h1:NRUJuo3v3WGC/g5YiyF790gut6oQr5f3FBI88Wv0dx4=
 github.com/getlantern/context v0.0.0-20190109183933-c447772a6520/go.mod h1:L+mq6/vvYHKjCX2oez0CgEAJmbq1fbb/oNJIWQkBybY=
 github.com/getlantern/errors v0.0.0-20190325191628-abdb3e3e36f7 h1:6uJ+sZ/e03gkbqZ0kUG6mfKoqDb4XMAzMIwlajq19So=
@@ -180,12 +139,9 @@ github.com/getlantern/ops v0.0.0-20190325191751-d70cb0d6f85f h1:wrYrQttPS8FHIRSl
 github.com/getlantern/ops v0.0.0-20190325191751-d70cb0d6f85f/go.mod h1:D5ao98qkA6pxftxoqzibIBBrLSUli+kYnJqrgBf9cIA=
 github.com/getlantern/systray v1.2.1 h1:udsC2k98v2hN359VTFShuQW6GGprRprw6kD6539JikI=
 github.com/getlantern/systray v1.2.1/go.mod h1:AecygODWIsBquJCJFop8MEQcJbWFfw/1yWbVabNgpCM=
-github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
 github.com/gin-gonic/gin v1.5.0/go.mod h1:Nd6IXA8m5kNZdNEHMBd93KT+mdY3+bewLgRvmCsR2Do=
-github.com/gliderlabs/ssh v0.3.4 h1:+AXBtim7MTKaLVPgvE+3mhewYRawNLTd+jEEz/wExZw=
-github.com/gliderlabs/ssh v0.3.4/go.mod h1:ZSS+CUoKHDrqVakTfTWUlKSr9MtMFkC4UvtQKD7O914=
 github.com/go-gl/gl v0.0.0-20210813123233-e4099ee2221f h1:s0O46d8fPwk9kU4k1jj76wBquMVETx7uveQD9MCIQoU=
 github.com/go-gl/gl v0.0.0-20210813123233-e4099ee2221f/go.mod h1:wjpnOv6ONl2SuJSxqCPVaPZibGFdSci9HFocT9qtVYM=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
@@ -195,43 +151,23 @@ github.com/go-gl/glfw/v3.3/glfw v0.0.0-20211024062804-40e447a793be h1:Z28GdQBfKO
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20211024062804-40e447a793be/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
-github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
-github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
-github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
-github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
-github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
-github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
-github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0=
-github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
-github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
-github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg=
-github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8=
-github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc=
-github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I=
-github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
 github.com/go-playground/locales v0.12.1/go.mod h1:IUMDtCfWo/w/mtMfIE/IG2K+Ey3ygWanZIBtBW0W2TM=
 github.com/go-playground/universal-translator v0.16.0/go.mod h1:1AnU7NaIRDWWzGEKwgtJRd2xk99HeFyHw3yid4rvQIY=
-github.com/go-redis/redis/v8 v8.11.5 h1:AcZZR7igkdvfVmQTPnu9WE37LRrO/YrBH5zWyjDC0oI=
-github.com/go-redis/redis/v8 v8.11.5/go.mod h1:gREzHqY1hg6oD9ngVRbLStwAWKhA0FEgq8Jd4h5lpwo=
 github.com/go-stack/stack v1.8.0 h1:5SgMzNM5HxrEjV0ww2lTmX6E2Izsfxas4+YHWRs3Lsk=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
 github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
 github.com/godbus/dbus/v5 v5.0.4 h1:9349emZab16e7zQvpmsbtjc18ykshndd8y2PG3sgJbA=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
-github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/goki/freetype v0.0.0-20181231101311-fa8a33aabaff h1:W71vTCKoxtdXgnm1ECDFkfQnpdqAO00zzGXLA5yaEX8=
 github.com/goki/freetype v0.0.0-20181231101311-fa8a33aabaff/go.mod h1:wfqRWLHRBsRgkp5dmbG56SA0DmVtwrF5N3oPdI8t+Aw=
 github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
 github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/glog v1.0.0 h1:nfP3RFugxnNRyKgeWd4oI1nYvXpxrx8ck8ZrcizshdQ=
-github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -244,9 +180,7 @@ github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt
 github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
 github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
 github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8=
-github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc=
 github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
-github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
@@ -279,20 +213,13 @@ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ=
 github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o=
-github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
-github.com/google/gofuzz v0.0.0-20161122191042-44d81051d367/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/gopacket v1.1.19 h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8=
-github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo/Vo+TKTo=
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
 github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
 github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
 github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk=
-github.com/google/nftables v0.0.0-20220808154552-2eca00135732 h1:csc7dT82JiSLvq4aMyQMIQDL7986NH6Wxf/QrvOj55A=
-github.com/google/nftables v0.0.0-20220808154552-2eca00135732/go.mod h1:b97ulCCFipUC+kSin+zygkvUVpx0vyIAwxXFdY3PlNc=
 github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
 github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
 github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
@@ -304,12 +231,10 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe
 github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
-github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
@@ -317,13 +242,8 @@ github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0=
 github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0eJc8R6ouapiM=
-github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY=
-github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU=
-github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA=
-github.com/gopherjs/gopherjs v0.0.0-20220410123724-9e86199038b0 h1:fWY+zXdWhvWndXqnMj4SyC/vi8sK508OjhGCtMzsA9M=
 github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
 github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
-github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
 github.com/hashicorp/consul/api v1.11.0/go.mod h1:XjsvQN+RJGWI2TWy1/kqaE16HrR2J/FWgkYjdZQsX9M=
 github.com/hashicorp/consul/sdk v0.8.0/go.mod h1:GBvyrGALthsZObzUGsfgHZQDXjg4lOjagTIwIR1vPms=
@@ -365,7 +285,6 @@ github.com/jackmordaunt/icns v0.0.0-20181231085925-4f16af745526/go.mod h1:UQkeMH
 github.com/josephspurrier/goversioninfo v0.0.0-20200309025242-14b0ab84c6ca/go.mod h1:eJTEwMjXb7kZ633hO3Ln9mBUCOjX2+FlTljvpl9SYdE=
 github.com/josharian/native v0.0.0-20200817173448-b6b71def0850 h1:uhL5Gw7BINiiPAo24A2sxkcDI0Jt/sqp1v5xQCniEFA=
 github.com/josharian/native v0.0.0-20200817173448-b6b71def0850/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w=
-github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
 github.com/jsimonetti/rtnetlink v0.0.0-20190606172950-9527aa82566a/go.mod h1:Oz+70psSo5OFh8DBl0Zv2ACw7Esh6pPUphlvZG9x7uw=
 github.com/jsimonetti/rtnetlink v0.0.0-20200117123717-f846d4f6c1f4/go.mod h1:WGuG/smIU4J/54PblvSbh+xvCZmpJnFgr3ds6Z55XMQ=
 github.com/jsimonetti/rtnetlink v0.0.0-20201009170750-9c6f07d100c1/go.mod h1:hqoO/u39cqLeBLebZ8fWdE96O7FxrAsRYhnVOdgHxok=
@@ -376,44 +295,32 @@ github.com/jsimonetti/rtnetlink v0.0.0-20210212075122-66c871082f2b/go.mod h1:8w9
 github.com/jsimonetti/rtnetlink v0.0.0-20210525051524-4cc836578190/go.mod h1:NmKSdU4VGSiv1bMsdqNALI4RSvvjtz65tTMCnD05qLo=
 github.com/jsimonetti/rtnetlink v0.0.0-20211022192332-93da33804786 h1:N527AHMa793TP5z5GNAn/VLPzlc0ewzWdeP/25gDfgQ=
 github.com/jsimonetti/rtnetlink v0.0.0-20211022192332-93da33804786/go.mod h1:v4hqbTdfQngbVSZJVWUhGE/lbTFf9jb+ygmNUDQMuOs=
-github.com/json-iterator/go v0.0.0-20180612202835-f2b4162afba3/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
-github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
-github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
-github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
+github.com/kardianos/service v1.2.1-0.20210728001519-a323c3813bc7 h1:oohm9Rk9JAxxmp2NLZa7Kebgz9h4+AJDcc64txg3dQ0=
+github.com/kardianos/service v1.2.1-0.20210728001519-a323c3813bc7/go.mod h1:CIMRFEJVL+0DS1a3Nx06NaMn4Dz63Ng6O7dl0qH0zVM=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
-github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
-github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/leodido/go-urn v1.1.0/go.mod h1:+cyI34gQWZcE1eQU7NVgKkkzdXDQHr1dBMtdAPozLkw=
-github.com/libp2p/go-netroute v0.2.0 h1:0FpsbsvuSnAhXFnCY0VLFbJOzaK0VnP0r1QT/o4nWRE=
-github.com/libp2p/go-netroute v0.2.0/go.mod h1:Vio7LTzZ+6hoT4CMZi5/6CpY3Snzh2vgZhWgxMNwlQI=
 github.com/lucor/goinfo v0.0.0-20210802170112-c078a2b0f08b/go.mod h1:PRq09yoB+Q2OJReAmwzKivcYyremnibWGbK7WfftHzc=
 github.com/lyft/protoc-gen-star v0.5.3/go.mod h1:V0xaHgaf5oCCqmcxYcWiDfTiKsZsRc87/1qhoTACD8w=
 github.com/magiconair/properties v1.8.5 h1:b6kJs+EmPFMYGkow9GiUyCyOvIwYetYJ3fSaWak/Gls=
 github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
-github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
 github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
 github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
@@ -426,7 +333,6 @@ github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcME
 github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE=
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
 github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
-github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
 github.com/mdlayher/ethtool v0.0.0-20210210192532-2b88debcdd43/go.mod h1:+t7E0lkKfbBsebllff1xdTmyJt8lH37niI6kwFk9OTo=
 github.com/mdlayher/ethtool v0.0.0-20211028163843-288d040e9d60 h1:tHdB+hQRHU10CfcK0furo6rSNgZ38JT8uPh70c/pFD8=
@@ -461,49 +367,31 @@ github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eI
 github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
 github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
 github.com/mitchellh/mapstructure v1.4.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
-github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/reflect2 v0.0.0-20180320133207-05fbef0ca5da/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
-github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
-github.com/netbirdio/service v0.0.0-20220905002524-6ac14ad5ea84 h1:u8kpzR9ld1uAeH/BAXsS0SfcnhooLWeO7UgHSBVPD9I=
-github.com/netbirdio/service v0.0.0-20220905002524-6ac14ad5ea84/go.mod h1:CIMRFEJVL+0DS1a3Nx06NaMn4Dz63Ng6O7dl0qH0zVM=
 github.com/nfnt/resize v0.0.0-20180221191011-83c6a9932646/go.mod h1:jpp1/29i3P1S/RLdc7JQKbRpFeM1dOBd8T9ki5s+AY8=
+github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
 github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
 github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
-github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
-github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY=
 github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0=
 github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
 github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
-github.com/onsi/ginkgo/v2 v2.0.0 h1:CcuG/HvWNkkaqCUpJifQY8z7qEMBJya6aLPx6ftGyjQ=
-github.com/onsi/ginkgo/v2 v2.0.0/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c=
-github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
-github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
+github.com/onsi/gomega v1.17.0 h1:9Luw4uT5HTjHTN8+aNcSThgH1vdXnmdJ8xIfZ4wyTRE=
 github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
-github.com/onsi/gomega v1.18.1 h1:M1GfJqGRrBrrGGsbxzV5dqM2U2ApXefZCQpkukxYRLE=
-github.com/onsi/gomega v1.18.1/go.mod h1:0q+aL8jAiMXy9hbwj2mr5GziHiwhAIQpFmmtT5hitRs=
 github.com/oxtoacart/bpool v0.0.0-20190530202638-03653db5a59c h1:rp5dCmg/yLR3mgFuSOe4oEnDDmGLROTvMragMUXpTQw=
 github.com/oxtoacart/bpool v0.0.0-20190530202638-03653db5a59c/go.mod h1:X07ZCGwUbLaax7L0S3Tw4hpejzu63ZrrQiUe6W0hcy0=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
-github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
-github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
-github.com/pegasus-kv/thrift v0.13.0 h1:4ESwaNoHImfbHa9RUGJiJZ4hrxorihZHk5aarYwY8d4=
-github.com/pegasus-kv/thrift v0.13.0/go.mod h1:Gl9NT/WHG6ABm6NsrbfE8LiJN0sAyneCrvB4qN4NPqQ=
 github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
 github.com/pion/dtls/v2 v2.1.2 h1:22Q1Jk9L++Yo7BIf9130MonNPfPVb+YgdYLeyQotuAA=
 github.com/pion/dtls/v2 v2.1.2/go.mod h1:o6+WvyLDAlXF7YiPB/RlskRoeK+/JtuaZa5emwQcWus=
@@ -522,13 +410,10 @@ github.com/pion/turn/v2 v2.0.7 h1:SZhc00WDovK6czaN1RSiHqbwANtIO6wfZQsU0m0KNE8=
 github.com/pion/turn/v2 v2.0.7/go.mod h1:+y7xl719J8bAEVpSXBXvTxStjJv3hbz9YFflvkpcGPw=
 github.com/pion/udp v0.1.1 h1:8UAPvyqmsxK8oOjloDk4wUt63TzFe9WEJkg5lChlj7o=
 github.com/pion/udp v0.1.1/go.mod h1:6AFo+CMdKQm7UiA0eUPA8/eVCTx8jBIITLZHc9DWX5M=
-github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI=
-github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
@@ -536,34 +421,17 @@ github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSg
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
 github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU=
-github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
-github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
-github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
-github.com/prometheus/client_golang v1.12.2 h1:51L9cDoUHVrXx4zWYlcLQIZ+d+VXHgqnYKkIuq4g/34=
-github.com/prometheus/client_golang v1.12.2/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M=
 github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4=
-github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
-github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
-github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
-github.com/prometheus/common v0.33.0 h1:rHgav/0a6+uYgGdNt3jwz8FNSesO/Hsang3O0T9A5SE=
-github.com/prometheus/common v0.33.0/go.mod h1:gB3sOl7P0TvJabZpLY5uQMpUqRCPPCyRLCZYc7JZTNE=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
-github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
-github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
-github.com/prometheus/procfs v0.7.3 h1:4jVXhlkAyzOScmCkXBTOLRLTz8EeU+eyjrwB/EPq0VU=
-github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8=
-github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
 github.com/rs/cors v1.8.0 h1:P2KMzcFwrPoSjkF1WLRPsp3UMLyql8L4v9hQpVeK5so=
 github.com/rs/cors v1.8.0/go.mod h1:EBwu+T5AvHOcXwvZIkQFjUN6s8Czyqw12GL/Y0tUyRM=
 github.com/rs/xid v1.3.0 h1:6NjYksEUlhurdVehpc7S7dk6DAmcKv8V9gG0FsVN2U4=
@@ -576,25 +444,18 @@ github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
-github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
 github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=
 github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 h1:JIAuq3EEf9cgbU6AtGPK4CTG3Zf6CKMNqf0MHTggAUA=
 github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966/go.mod h1:sUM3LWHvSMaG192sy56D9F7CNvL7jUJVXoqM1QKLnog=
-github.com/smartystreets/assertions v1.13.0 h1:Dx1kYM01xsSqKPno3aqLnrwac2LetPvN23diwyr69Qs=
-github.com/smartystreets/goconvey v1.7.2 h1:9RBaZCeXEQ3UselpuwUQHltGVXvdwm6cv1hgR6gDIPg=
 github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
 github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
-github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
 github.com/spf13/afero v1.3.3/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY520V4=
 github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I=
 github.com/spf13/cast v1.4.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
-github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w=
-github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU=
 github.com/spf13/cobra v1.3.0 h1:R7cSvGu+Vv+qX0gW5R/85dx2kmmJT5z5NM8ifdYjdn0=
 github.com/spf13/cobra v1.3.0/go.mod h1:BrRVncBjOJa/eUcVVm9CE+oC6as8k+VYr4NY7WCi9V4=
 github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
-github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
@@ -603,18 +464,15 @@ github.com/srwiley/oksvg v0.0.0-20200311192757-870daf9aa564 h1:HunZiaEKNGVdhTRQO
 github.com/srwiley/oksvg v0.0.0-20200311192757-870daf9aa564/go.mod h1:afMbS0qvv1m5tfENCwnOdZGOF8RGR/FsZ7bvBxQGZG4=
 github.com/srwiley/rasterx v0.0.0-20200120212402-85cb7272f5e9 h1:m59mIOBO4kfcNCEzJNy71UkeF4XIx2EVmL9KLwDQdmM=
 github.com/srwiley/rasterx v0.0.0-20200120212402-85cb7272f5e9/go.mod h1:mvWM0+15UqyrFKqdRjY6LuAVJR0HOVhJlEgZ5JWtSWU=
-github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v0.0.0-20151208002404-e3a8ff8ce365/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.1 h1:5TQK59W5E3v0r2duFAb7P95B6hEeOyEnHRa8MjYSMTY=
-github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
 github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
 github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw=
@@ -658,13 +516,11 @@ golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211202192323-5770296d904e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20220131195533-30dcbda58838 h1:71vQrMauZZhcTVK6KdYM+rklehEEwb3E+ZhaE5jrPrE=
 golang.org/x/crypto v0.0.0-20220131195533-30dcbda58838/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20220513210258-46612604a0f9 h1:NUzdAbFtCJSXU20AOXgeqaUwg8Ypg4MPYmL+d+rsB5c=
-golang.org/x/crypto v0.0.0-20220513210258-46612604a0f9/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -703,10 +559,8 @@ golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
+golang.org/x/mod v0.5.1 h1:OJxoQ/rynoF0dcCdI7cLPktw/hR2cueqYfjm43oqK38=
 golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
-golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 h1:kQgndtyPBW/JIYERgdxfwMYh3AVStj88WQTlNDi2a+o=
-golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY=
-golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -725,9 +579,7 @@ golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20191007182048-72f939374954/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20191105084925-a882066a44e0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
@@ -756,7 +608,6 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v
 golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8=
-golang.org/x/net v0.0.0-20210423184538-5f58ad60dda6/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
 golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
 golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
@@ -769,11 +620,8 @@ golang.org/x/net v0.0.0-20211111083644-e5c967477495/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211201190559-0a0e4e1bb54c/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211208012354-db4efeb81f4b/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk=
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220513224357-95641704303c h1:nF9mHSvoKBLkQNQhJZNsc66z2UzAMUbLGjC95CF3pU0=
-golang.org/x/net v0.0.0-20220513224357-95641704303c/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -791,7 +639,6 @@ golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20211005180243-6b3c2da341f1/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -802,9 +649,7 @@ golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -832,12 +677,10 @@ golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191010194322-b09406accb47/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -851,10 +694,7 @@ golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -879,11 +719,9 @@ golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210426080607-c94f62235c83/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210525143221-35b2ab0089ea/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -892,7 +730,6 @@ golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210816183151-1e6c022a8912/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -905,14 +742,10 @@ golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20211205182925-97ca703d548d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211214234402-4825e8c3871d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220622161953-175b2fd9d664 h1:wEZYwx+kK+KlZ0hpvP2Ls1Xr4+RWnlzGFwPP0aiDjIU=
-golang.org/x/sys v0.0.0-20220622161953-175b2fd9d664/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220204135822-1c1b9b1eba6a h1:ppl5mZgokTT8uPkmYOyEUmPTr3ypaKkg5eFOGrAmxxE=
+golang.org/x/sys v0.0.0-20220204135822-1c1b9b1eba6a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.0.0-20220526004731-065cf7ba2467 h1:CBpWXWQpIRjzmkkA+M7q9Fqnwd2mZr3AFqexg8YTfoM=
-golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -928,8 +761,6 @@ golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxb
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
@@ -964,7 +795,6 @@ golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjs
 golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
 golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
 golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
@@ -986,15 +816,13 @@ golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
+golang.org/x/tools v0.1.8 h1:P1HhGGuLW4aAclzjtmJdf0mJOjVUZUzOTqkAkWL+l6w=
 golang.org/x/tools v0.1.8/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU=
-golang.org/x/tools v0.1.10 h1:QjFRCZxdOhBJ/UNgnBZLbNV13DlbnK0quyivTnXJM20=
-golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f h1:GGU+dLjvlC3qDwqYgL6UgRmHXhOOgns0bZu2Ty5mm6U=
-golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.zx2c4.com/go118/netip v0.0.0-20211111135330-a4a02eeacf9d h1:9+v0G0naRhLPOJEeJOL6NuXTtAHHwmkyZlgQJ0XcQ8I=
 golang.zx2c4.com/go118/netip v0.0.0-20211111135330-a4a02eeacf9d/go.mod h1:5yyfuiqVIJ7t+3MqrpTQ+QqRkMWiESiyDvPNvKYCecg=
 golang.zx2c4.com/wintun v0.0.0-20211104114900-415007cec224 h1:Ug9qvr1myri/zFN6xL17LSCBGFDnphBBhzmILHsM5TY=
@@ -1076,7 +904,6 @@ google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6D
 google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
@@ -1152,28 +979,24 @@ google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGj
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.27.1 h1:SnqbnDw1V7RiZcXPx5MEeqPv2s79L9i7BJUlG/+RurQ=
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw=
-google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
-gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/check.v1 v1.0.0-20200902074654-038fdea0a05b h1:QRR6H1YWRnHb4Y/HeNFCTJLFVxaq6wH4YuVdsUOr75U=
+gopkg.in/check.v1 v1.0.0-20200902074654-038fdea0a05b/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
 gopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE=
 gopkg.in/go-playground/validator.v9 v9.29.1/go.mod h1:+c9/zcJMFNgbLvly1L1V+PpxWdVbfP1avr/N00E2vyQ=
-gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/ini.v1 v1.66.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/natefinch/lumberjack.v2 v2.0.0 h1:1Lc07Kr7qY4U2YPouBjpCLxpiyxIVoxqXgkXLknAOE8=
 gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
-gopkg.in/tomb.v2 v2.0.0-20161208151619-d5d1b5820637 h1:yiW+nvdHb9LVqSHQBXfZCieqV4fzYhNBql77zY0ykqs=
-gopkg.in/tomb.v2 v2.0.0-20161208151619-d5d1b5820637/go.mod h1:BHsqpu/nsuzkT5BpiH1EMZPLyqSMM8JbIavyFACoFNk=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
@@ -1184,7 +1007,6 @@ gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@@ -1197,26 +1019,6 @@ honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9
 honnef.co/go/tools v0.2.1/go.mod h1:lPVVZ2BS5TfnjLyizF7o7hv7j9/L+8cZY2hLyjP9cGY=
 honnef.co/go/tools v0.2.2 h1:MNh1AVMyVX23VUHE2O27jm6lNj3vjO5DexS4A1xvnzk=
 honnef.co/go/tools v0.2.2/go.mod h1:lPVVZ2BS5TfnjLyizF7o7hv7j9/L+8cZY2hLyjP9cGY=
-k8s.io/apimachinery v0.0.0-20191123233150-4c4803ed55e3/go.mod h1:b9qmWdKlLuU9EBh+06BtLcSf/Mu89rWL33naRxs1uZg=
-k8s.io/apimachinery v0.23.5 h1:Va7dwhp8wgkUPWsEXk6XglXWU4IKYLKNlv8VkX7SDM0=
-k8s.io/apimachinery v0.23.5/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM=
-k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
-k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
-k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
-k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I=
-k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
-k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
-k8s.io/klog/v2 v2.30.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
-k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a/go.mod h1:1TqjTSzOxsLGIKfj0lK8EeCP7K1iUG65v09OM0/WG5E=
-k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65/go.mod h1:sX9MT8g7NVZM5lVL/j8QyCCJe8YSMW30QvGZWaCIDIk=
-k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
-k8s.io/utils v0.0.0-20211116205334-6203023598ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
-sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6/go.mod h1:p4QtZmO4uMYipTQNzagwnNoseA6OxSUutVw05NhYDRs=
-sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e/go.mod h1:wWxsB5ozmmv/SG7nM11ayaAW51xMvak/t1r0CSlcokI=
-sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
-sigs.k8s.io/structured-merge-diff/v4 v4.2.1/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4=
-sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
-sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc=
--- a/iface/configuration.go
+++ b/iface/configuration.go
@@ -9,16 +9,6 @@ import (
 	"time"
 )

-// GetName returns the interface name
-func (w *WGIface) GetName() string {
-	return w.Name
-}
-
-// GetAddress returns the interface address
-func (w *WGIface) GetAddress() WGAddress {
-	return w.Address
-}
-
 // configureDevice configures the wireguard device
 func (w *WGIface) configureDevice(config wgtypes.Config) error {
 	wg, err := wgctrl.New()
@@ -40,8 +30,6 @@ func (w *WGIface) configureDevice(config wgtypes.Config) error {
 // Configure configures a Wireguard interface
 // The interface must exist before calling this method (e.g. call interface.Create() before)
 func (w *WGIface) Configure(privateKey string, port int) error {
-	w.mu.Lock()
-	defer w.mu.Unlock()

 	log.Debugf("configuring Wireguard interface %s", w.Name)

@@ -88,8 +76,6 @@ func (w *WGIface) GetListenPort() (*int, error) {
 // UpdatePeer updates existing Wireguard Peer or creates a new one if doesn't exist
 // Endpoint is optional
 func (w *WGIface) UpdatePeer(peerKey string, allowedIps string, keepAlive time.Duration, endpoint *net.UDPAddr, preSharedKey *wgtypes.Key) error {
-	w.mu.Lock()
-	defer w.mu.Unlock()

 	log.Debugf("updating interface %s peer %s: endpoint %s ", w.Name, peerKey, endpoint)

@@ -122,119 +108,8 @@ func (w *WGIface) UpdatePeer(peerKey string, allowedIps string, keepAlive time.D
 	return nil
 }

-// AddAllowedIP adds a prefix to the allowed IPs list of peer
-func (w *WGIface) AddAllowedIP(peerKey string, allowedIP string) error {
-	w.mu.Lock()
-	defer w.mu.Unlock()
-
-	log.Debugf("adding allowed IP to interface %s and peer %s: allowed IP %s ", w.Name, peerKey, allowedIP)
-
-	_, ipNet, err := net.ParseCIDR(allowedIP)
-	if err != nil {
-		return err
-	}
-
-	peerKeyParsed, err := wgtypes.ParseKey(peerKey)
-	if err != nil {
-		return err
-	}
-	peer := wgtypes.PeerConfig{
-		PublicKey:         peerKeyParsed,
-		UpdateOnly:        true,
-		ReplaceAllowedIPs: false,
-		AllowedIPs:        []net.IPNet{*ipNet},
-	}
-
-	config := wgtypes.Config{
-		Peers: []wgtypes.PeerConfig{peer},
-	}
-	err = w.configureDevice(config)
-	if err != nil {
-		return fmt.Errorf("received error \"%v\" while adding allowed Ip to peer on interface %s with settings: allowed ips %s", err, w.Name, allowedIP)
-	}
-	return nil
-}
-
-// RemoveAllowedIP removes a prefix from the allowed IPs list of peer
-func (w *WGIface) RemoveAllowedIP(peerKey string, allowedIP string) error {
-	w.mu.Lock()
-	defer w.mu.Unlock()
-
-	log.Debugf("removing allowed IP from interface %s and peer %s: allowed IP %s ", w.Name, peerKey, allowedIP)
-
-	_, ipNet, err := net.ParseCIDR(allowedIP)
-	if err != nil {
-		return err
-	}
-
-	peerKeyParsed, err := wgtypes.ParseKey(peerKey)
-	if err != nil {
-		return err
-	}
-
-	existingPeer, err := getPeer(w.Name, peerKey)
-	if err != nil {
-		return err
-	}
-
-	newAllowedIPs := existingPeer.AllowedIPs
-
-	for i, existingAllowedIP := range existingPeer.AllowedIPs {
-		if existingAllowedIP.String() == ipNet.String() {
-			newAllowedIPs = append(existingPeer.AllowedIPs[:i], existingPeer.AllowedIPs[i+1:]...)
-			break
-		}
-	}
-
-	if err != nil {
-		return err
-	}
-	peer := wgtypes.PeerConfig{
-		PublicKey:         peerKeyParsed,
-		UpdateOnly:        true,
-		ReplaceAllowedIPs: true,
-		AllowedIPs:        newAllowedIPs,
-	}
-
-	config := wgtypes.Config{
-		Peers: []wgtypes.PeerConfig{peer},
-	}
-	err = w.configureDevice(config)
-	if err != nil {
-		return fmt.Errorf("received error \"%v\" while removing allowed IP from peer on interface %s with settings: allowed ips %s", err, w.Name, allowedIP)
-	}
-	return nil
-}
-
-func getPeer(ifaceName, peerPubKey string) (wgtypes.Peer, error) {
-	wg, err := wgctrl.New()
-	if err != nil {
-		return wgtypes.Peer{}, err
-	}
-	defer func() {
-		err = wg.Close()
-		if err != nil {
-			log.Errorf("got error while closing wgctl: %v", err)
-		}
-	}()
-
-	wgDevice, err := wg.Device(ifaceName)
-	if err != nil {
-		return wgtypes.Peer{}, err
-	}
-	for _, peer := range wgDevice.Peers {
-		if peer.PublicKey.String() == peerPubKey {
-			return peer, nil
-		}
-	}
-	return wgtypes.Peer{}, fmt.Errorf("peer not found")
-}
-
 // RemovePeer removes a Wireguard Peer from the interface iface
 func (w *WGIface) RemovePeer(peerKey string) error {
-	w.mu.Lock()
-	defer w.mu.Unlock()
-
 	log.Debugf("Removing peer %s from interface %s ", peerKey, w.Name)

 	peerKeyParsed, err := wgtypes.ParseKey(peerKey)
--- a/iface/iface.go
+++ b/iface/iface.go
@@ -1,11 +1,10 @@
 package iface

 import (
-	"fmt"
+	"golang.zx2c4.com/wireguard/wgctrl"
 	"net"
 	"os"
 	"runtime"
-	"sync"
 )

 const (
@@ -20,7 +19,6 @@ type WGIface struct {
 	MTU       int
 	Address   WGAddress
 	Interface NetInterface
-	mu        sync.Mutex
 }

 // WGAddress Wireguard parsed address
@@ -29,22 +27,16 @@ type WGAddress struct {
 	Network *net.IPNet
 }

-func (addr *WGAddress) String() string {
-	maskSize, _ := addr.Network.Mask.Size()
-	return fmt.Sprintf("%s/%d", addr.IP.String(), maskSize)
-}
-
 // NetInterface represents a generic network tunnel interface
 type NetInterface interface {
 	Close() error
 }

-// NewWGIFace Creates a new Wireguard interface instance
-func NewWGIFace(iface string, address string, mtu int) (*WGIface, error) {
-	wgIface := &WGIface{
+// NewWGIface Creates a new Wireguard interface instance
+func NewWGIface(iface string, address string, mtu int) (WGIface, error) {
+	wgIface := WGIface{
 		Name: iface,
 		MTU:  mtu,
-		mu:   sync.Mutex{},
 	}

 	wgAddress, err := parseAddress(address)
@@ -57,6 +49,30 @@ func NewWGIFace(iface string, address string, mtu int) (*WGIface, error) {
 	return wgIface, nil
 }

+// Exists checks whether specified Wireguard device exists or not
+func Exists(iface string) (*bool, error) {
+	wg, err := wgctrl.New()
+	if err != nil {
+		return nil, err
+	}
+	defer wg.Close()
+
+	devices, err := wg.Devices()
+	if err != nil {
+		return nil, err
+	}
+
+	var exists bool
+	for _, d := range devices {
+		if d.Name == iface {
+			exists = true
+			return &exists, nil
+		}
+	}
+	exists = false
+	return &exists, nil
+}
+
 // parseAddress parse a string ("1.2.3.4/24") address to WG Address
 func parseAddress(address string) (WGAddress, error) {
 	ip, network, err := net.ParseCIDR(address)
@@ -69,10 +85,8 @@ func parseAddress(address string) (WGAddress, error) {
 	}, nil
 }

-// Close closes the tunnel interface
+// Closes the tunnel interface
 func (w *WGIface) Close() error {
-	w.mu.Lock()
-	defer w.mu.Unlock()

 	err := w.Interface.Close()
 	if err != nil {
--- a/iface/iface_darwin.go
+++ b/iface/iface_darwin.go
@@ -7,10 +7,7 @@ import (

 // Create Creates a new Wireguard interface, sets a given IP and brings it up.
 func (w *WGIface) Create() error {
-	w.mu.Lock()
-	defer w.mu.Unlock()
-
-	return w.createWithUserspace()
+	return w.CreateWithUserspace()
 }

 // assignAddr Adds IP address to the tunnel interface and network route based on the range provided
@@ -33,8 +30,3 @@ func (w *WGIface) assignAddr() error {

 	return nil
 }
-
-// WireguardModExists check if we can load wireguard mod (linux only)
-func WireguardModExists() bool {
-	return false
-}
--- a/iface/iface_linux.go
+++ b/iface/iface_linux.go
@@ -2,6 +2,7 @@ package iface

 import (
 	"errors"
+	"fmt"
 	"math"
 	"os"
 	"syscall"
@@ -14,7 +15,6 @@ type NativeLink struct {
 	Link *netlink.Link
 }

-// WireguardModExists check if we can load wireguard mod (linux only)
 func WireguardModExists() bool {
 	link := newWGLink("mustnotexist")

@@ -33,24 +33,22 @@ func WireguardModExists() bool {
 	return errors.Is(err, syscall.EINVAL)
 }

-// Create creates a new Wireguard interface, sets a given IP and brings it up.
+// Create Creates a new Wireguard interface, sets a given IP and brings it up.
 // Will reuse an existing one.
 func (w *WGIface) Create() error {
-	w.mu.Lock()
-	defer w.mu.Unlock()

 	if WireguardModExists() {
 		log.Info("using kernel WireGuard")
-		return w.createWithKernel()
+		return w.CreateWithKernel()
 	} else {
 		log.Info("using userspace WireGuard")
-		return w.createWithUserspace()
+		return w.CreateWithUserspace()
 	}
 }

-// createWithKernel Creates a new Wireguard interface using kernel Wireguard module.
+// CreateWithKernel Creates a new Wireguard interface using kernel Wireguard module.
 // Works for Linux and offers much better network performance
-func (w *WGIface) createWithKernel() error {
+func (w *WGIface) CreateWithKernel() error {

 	link := newWGLink(w.Name)

@@ -108,6 +106,10 @@ func (w *WGIface) createWithKernel() error {

 // assignAddr Adds IP address to the tunnel interface
 func (w *WGIface) assignAddr() error {
+
+	mask, _ := w.Address.Network.Mask.Size()
+	address := fmt.Sprintf("%s/%d", w.Address.IP.String(), mask)
+
 	link := newWGLink(w.Name)

 	//delete existing addresses
@@ -124,11 +126,11 @@ func (w *WGIface) assignAddr() error {
 		}
 	}

-	log.Debugf("adding address %s to interface: %s", w.Address.String(), w.Name)
-	addr, _ := netlink.ParseAddr(w.Address.String())
+	log.Debugf("adding address %s to interface: %s", address, w.Name)
+	addr, _ := netlink.ParseAddr(address)
 	err = netlink.AddrAdd(link, addr)
 	if os.IsExist(err) {
-		log.Infof("interface %s already has the address: %s", w.Name, w.Address.String())
+		log.Infof("interface %s already has the address: %s", w.Name, address)
 	} else if err != nil {
 		return err
 	}
--- a/iface/iface_test.go
+++ b/iface/iface_test.go
@@ -3,7 +3,6 @@ package iface
 import (
 	"fmt"
 	log "github.com/sirupsen/logrus"
-	"github.com/stretchr/testify/assert"
 	"golang.zx2c4.com/wireguard/wgctrl"
 	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
 	"net"
@@ -29,71 +28,11 @@ func init() {
 	peerPubKey = peerPrivateKey.PublicKey().String()
 }

-func TestWGIface_UpdateAddr(t *testing.T) {
-	ifaceName := fmt.Sprintf("utun%d", WgIntNumber+4)
-	addr := "100.64.0.1/8"
-	iface, err := NewWGIFace(ifaceName, addr, DefaultMTU)
-	if err != nil {
-		t.Fatal(err)
-	}
-	err = iface.Create()
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer func() {
-		err = iface.Close()
-		if err != nil {
-			t.Error(err)
-		}
-	}()
-	port, err := iface.GetListenPort()
-	if err != nil {
-		t.Fatal(err)
-	}
-	err = iface.Configure(key, *port)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	addrs, err := getIfaceAddrs(ifaceName)
-	if err != nil {
-		t.Error(err)
-	}
-	assert.Equal(t, addr, addrs[0].String())
-
-	//update WireGuard address
-	addr = "100.64.0.2/8"
-	err = iface.UpdateAddr(addr)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	addrs, err = getIfaceAddrs(ifaceName)
-	if err != nil {
-		t.Error(err)
-	}
-
-	assert.Equal(t, addr, addrs[0].String())
-
-}
-
-func getIfaceAddrs(ifaceName string) ([]net.Addr, error) {
-	ief, err := net.InterfaceByName(ifaceName)
-	if err != nil {
-		return nil, err
-	}
-	addrs, err := ief.Addrs()
-	if err != nil {
-		return nil, err
-	}
-	return addrs, nil
-}
-
 //
 func Test_CreateInterface(t *testing.T) {
 	ifaceName := fmt.Sprintf("utun%d", WgIntNumber+1)
 	wgIP := "10.99.99.1/32"
-	iface, err := NewWGIFace(ifaceName, wgIP, DefaultMTU)
+	iface, err := NewWGIface(ifaceName, wgIP, DefaultMTU)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -122,7 +61,7 @@ func Test_CreateInterface(t *testing.T) {
 func Test_Close(t *testing.T) {
 	ifaceName := fmt.Sprintf("utun%d", WgIntNumber+2)
 	wgIP := "10.99.99.2/32"
-	iface, err := NewWGIFace(ifaceName, wgIP, DefaultMTU)
+	iface, err := NewWGIface(ifaceName, wgIP, DefaultMTU)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -150,7 +89,7 @@ func Test_Close(t *testing.T) {
 func Test_ConfigureInterface(t *testing.T) {
 	ifaceName := fmt.Sprintf("utun%d", WgIntNumber+3)
 	wgIP := "10.99.99.5/30"
-	iface, err := NewWGIFace(ifaceName, wgIP, DefaultMTU)
+	iface, err := NewWGIface(ifaceName, wgIP, DefaultMTU)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -197,7 +136,7 @@ func Test_ConfigureInterface(t *testing.T) {
 func Test_UpdatePeer(t *testing.T) {
 	ifaceName := fmt.Sprintf("utun%d", WgIntNumber+4)
 	wgIP := "10.99.99.9/30"
-	iface, err := NewWGIFace(ifaceName, wgIP, DefaultMTU)
+	iface, err := NewWGIface(ifaceName, wgIP, DefaultMTU)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -229,7 +168,7 @@ func Test_UpdatePeer(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	peer, err := getPeer(ifaceName, peerPubKey)
+	peer, err := getPeer(ifaceName, peerPubKey, t)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -256,7 +195,7 @@ func Test_UpdatePeer(t *testing.T) {
 func Test_RemovePeer(t *testing.T) {
 	ifaceName := fmt.Sprintf("utun%d", WgIntNumber+4)
 	wgIP := "10.99.99.13/30"
-	iface, err := NewWGIFace(ifaceName, wgIP, DefaultMTU)
+	iface, err := NewWGIface(ifaceName, wgIP, DefaultMTU)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -289,7 +228,7 @@ func Test_RemovePeer(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	_, err = getPeer(ifaceName, peerPubKey)
+	_, err = getPeer(ifaceName, peerPubKey, t)
 	if err.Error() != "peer not found" {
 		t.Fatal(err)
 	}
@@ -308,7 +247,7 @@ func Test_ConnectPeers(t *testing.T) {

 	keepAlive := 1 * time.Second

-	iface1, err := NewWGIFace(peer1ifaceName, peer1wgIP, DefaultMTU)
+	iface1, err := NewWGIface(peer1ifaceName, peer1wgIP, DefaultMTU)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -325,7 +264,7 @@ func Test_ConnectPeers(t *testing.T) {
 		t.Fatal(err)
 	}

-	iface2, err := NewWGIFace(peer2ifaceName, peer2wgIP, DefaultMTU)
+	iface2, err := NewWGIface(peer2ifaceName, peer2wgIP, DefaultMTU)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -378,7 +317,7 @@ func Test_ConnectPeers(t *testing.T) {
 			t.Fatalf("waiting for peer handshake timeout after %s", timeout.String())
 		default:
 		}
-		peer, gpErr := getPeer(peer1ifaceName, peer2Key.PublicKey().String())
+		peer, gpErr := getPeer(peer1ifaceName, peer2Key.PublicKey().String(), t)
 		if gpErr != nil {
 			t.Fatal(gpErr)
 		}
@@ -389,3 +328,28 @@ func Test_ConnectPeers(t *testing.T) {
 	}

 }
+
+func getPeer(ifaceName, peerPubKey string, t *testing.T) (wgtypes.Peer, error) {
+	emptyPeer := wgtypes.Peer{}
+	wg, err := wgctrl.New()
+	if err != nil {
+		return emptyPeer, err
+	}
+	defer func() {
+		err = wg.Close()
+		if err != nil {
+			t.Error(err)
+		}
+	}()
+
+	wgDevice, err := wg.Device(ifaceName)
+	if err != nil {
+		return emptyPeer, err
+	}
+	for _, peer := range wgDevice.Peers {
+		if peer.PublicKey.String() == peerPubKey {
+			return peer, nil
+		}
+	}
+	return emptyPeer, fmt.Errorf("peer not found")
+}
--- a/iface/iface_unix.go
+++ b/iface/iface_unix.go
@@ -12,8 +12,8 @@ import (
 	"net"
 )

-// createWithUserspace Creates a new Wireguard interface, using wireguard-go userspace implementation
-func (w *WGIface) createWithUserspace() error {
+// CreateWithUserspace Creates a new Wireguard interface, using wireguard-go userspace implementation
+func (w *WGIface) CreateWithUserspace() error {

 	tunIface, err := tun.CreateTUN(w.Name, w.MTU)
 	if err != nil {
@@ -61,17 +61,3 @@ func getUAPI(iface string) (net.Listener, error) {
 	}
 	return ipc.UAPIListen(iface, tunSock)
 }
-
-// UpdateAddr updates address of the interface
-func (w *WGIface) UpdateAddr(newAddr string) error {
-	w.mu.Lock()
-	defer w.mu.Unlock()
-
-	addr, err := parseAddress(newAddr)
-	if err != nil {
-		return err
-	}
-
-	w.Address = addr
-	return w.assignAddr()
-}
--- a/iface/iface_windows.go
+++ b/iface/iface_windows.go
@@ -11,8 +11,6 @@ import (

 // Create Creates a new Wireguard interface, sets a given IP and brings it up.
 func (w *WGIface) Create() error {
-	w.mu.Lock()
-	defer w.mu.Unlock()

 	WintunStaticRequestedGUID, _ := windows.GenerateGUID()
 	adapter, err := driver.CreateAdapter(w.Name, "WireGuard", &WintunStaticRequestedGUID)
@@ -42,23 +40,3 @@ func (w *WGIface) assignAddr(luid winipcfg.LUID) error {

 	return nil
 }
-
-// UpdateAddr updates address of the interface
-func (w *WGIface) UpdateAddr(newAddr string) error {
-	w.mu.Lock()
-	defer w.mu.Unlock()
-
-	luid := w.Interface.(*driver.Adapter).LUID()
-	addr, err := parseAddress(newAddr)
-	if err != nil {
-		return err
-	}
-
-	w.Address = addr
-	return w.assignAddr(luid)
-}
-
-// WireguardModExists check if we can load wireguard mod (linux only)
-func WireguardModExists() bool {
-	return false
-}
--- a/infrastructure_files/configure.sh
+++ b/infrastructure_files/configure.sh
@@ -1,48 +1,10 @@
 #!/bin/bash

-if ! which curl > /dev/null 2>&1
-then
-    echo "This script uses curl fetch OpenID configuration from IDP."
-    echo "Please install curl and re-run the script https://curl.se/"
-    echo ""
-    exit 1
-fi
-
-if ! which jq > /dev/null 2>&1
-then
-    echo "This script uses jq to load OpenID configuration from IDP."
-    echo "Please install jq and re-run the script https://stedolan.github.io/jq/"
-    echo ""
-    exit 1
-fi
-
 source setup.env
-source base.setup.env
-
-if ! which envsubst > /dev/null 2>&1
-then
-  echo "envsubst is needed to run this script"
-  if [[ $(uname) == "Darwin" ]]
-  then
-    echo "you can install it with homebrew (https://brew.sh):"
-    echo "brew install gettext"
-  else
-    if which apt-get > /dev/null 2>&1
-    then
-      echo "you can install it by running"
-      echo "apt-get update && apt-get install gettext-base"
-    else
-      echo "you can install it by installing the package gettext with your package manager"
-    fi
-  fi
-  exit 1
-fi

 if [[ "x-$NETBIRD_DOMAIN" == "x-" ]]
 then
  echo NETBIRD_DOMAIN is not set, please update your setup.env file
-  echo If you are migrating from old versions, you migh need to update your variables prefixes from
-  echo WIRETRUSTEE_.. TO NETBIRD_
  exit 1
 fi

@@ -50,6 +12,7 @@ fi
 if [[ $NETBIRD_DOMAIN == "localhost" || $NETBIRD_DOMAIN == "127.0.0.1" ]]
 then
  export NETBIRD_MGMT_API_ENDPOINT=http://$NETBIRD_DOMAIN:$NETBIRD_MGMT_API_PORT
+  export NETBIRD_MGMT_GRPC_API_ENDPOINT=http://$NETBIRD_DOMAIN:$NETBIRD_MGMT_GRPC_API_PORT
  unset NETBIRD_MGMT_API_CERT_FILE
  unset NETBIRD_MGMT_API_CERT_KEY_FILE
 fi
@@ -79,49 +42,6 @@ export MGMT_VOLUMENAME
 export SIGNAL_VOLUMENAME
 export LETSENCRYPT_VOLUMENAME

-#backwards compatibility after migrating to generic OIDC with Auth0
-if [[ -z "${NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT}" ]]; then
-
-    if [[ -z "${NETBIRD_AUTH0_DOMAIN}" ]]; then
-       # not a backward compatible state
-       echo "NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT property must be set in the setup.env file"
-       exit 1
-    fi
-
-    echo "It seems like you provided an old setup.env file."
-    echo "Since the release of v0.8.10, we introduced a new set of properties."
-    echo "The script is backward compatible and will continue automatically."
-    echo "In the future versions it will be deprecated. Please refer to the documentation to learn about the changes http://netbird.io/docs/getting-started/self-hosting"
-
-    export NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT="https://${NETBIRD_AUTH0_DOMAIN}/.well-known/openid-configuration"
-    export NETBIRD_USE_AUTH0="true"
-    export NETBIRD_AUTH_AUDIENCE=${NETBIRD_AUTH0_AUDIENCE}
-    export NETBIRD_AUTH_CLIENT_ID=${NETBIRD_AUTH0_CLIENT_ID}
-fi
-
-echo "loading OpenID configuration from ${NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT} to the openid-configuration.json file"
-curl "${NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT}" -q -o openid-configuration.json
-
-export NETBIRD_AUTH_AUTHORITY=$( jq -r  '.issuer' openid-configuration.json )
-export NETBIRD_AUTH_JWT_CERTS=$( jq -r  '.jwks_uri' openid-configuration.json )
-export NETBIRD_AUTH_SUPPORTED_SCOPES=$( jq -r '.scopes_supported | join(" ")' openid-configuration.json )
-export NETBIRD_AUTH_TOKEN_ENDPOINT=$( jq -r  '.token_endpoint' openid-configuration.json )
-export NETBIRD_AUTH_DEVICE_AUTH_ENDPOINT=$( jq -r  '.device_authorization_endpoint' openid-configuration.json )
-
-if [ $NETBIRD_USE_AUTH0 == "true" ]
-then
-    export NETBIRD_AUTH_SUPPORTED_SCOPES="openid profile email offline_access api email_verified"
-else
-    export NETBIRD_AUTH_SUPPORTED_SCOPES="openid profile email offline_access api"
-fi
-
-if [[ ! -z "${NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID}" ]]; then
-    # user enabled Device Authorization Grant feature
-    export NETBIRD_AUTH_DEVICE_AUTH_PROVIDER="hosted"
-fi
-
-env | grep NETBIRD
-
 envsubst < docker-compose.yml.tmpl > docker-compose.yml
 envsubst < management.json.tmpl > management.json
 envsubst < turnserver.conf.tmpl > turnserver.conf
--- a/infrastructure_files/docker-compose.yml.tmpl
+++ b/infrastructure_files/docker-compose.yml.tmpl
@@ -8,13 +8,11 @@ services:
      - 80:80
      - 443:443
    environment:
-      - AUTH_AUDIENCE=$NETBIRD_AUTH_AUDIENCE
-      - AUTH_CLIENT_ID=$NETBIRD_AUTH_CLIENT_ID
-      - AUTH_AUTHORITY=$NETBIRD_AUTH_AUTHORITY
-      - USE_AUTH0=$NETBIRD_USE_AUTH0
-      - AUTH_SUPPORTED_SCOPES=$NETBIRD_AUTH_SUPPORTED_SCOPES
+      - AUTH0_DOMAIN=$NETBIRD_AUTH0_DOMAIN
+      - AUTH0_CLIENT_ID=$NETBIRD_AUTH0_CLIENT_ID
+      - AUTH0_AUDIENCE=$NETBIRD_AUTH0_AUDIENCE
      - NETBIRD_MGMT_API_ENDPOINT=$NETBIRD_MGMT_API_ENDPOINT
-      - NETBIRD_MGMT_GRPC_API_ENDPOINT=$NETBIRD_MGMT_API_ENDPOINT
+      - NETBIRD_MGMT_GRPC_API_ENDPOINT=$NETBIRD_MGMT_GRPC_API_ENDPOINT
      - NGINX_SSL_PORT=443
      - LETSENCRYPT_DOMAIN=$NETBIRD_DOMAIN
      - LETSENCRYPT_EMAIL=$NETBIRD_LETSENCRYPT_EMAIL
@@ -27,7 +25,7 @@ services:
    volumes:
      - $SIGNAL_VOLUMENAME:/var/lib/netbird
    ports:
-      - 10000:80
+      - 10000:10000
  #     # port and command for Let's Encrypt validation
  #      - 443:443
  #    command: ["--letsencrypt-domain", "$NETBIRD_DOMAIN", "--log-file", "console"]
@@ -42,11 +40,11 @@ services:
      - $LETSENCRYPT_VOLUMENAME:/etc/letsencrypt:ro
      - ./management.json:/etc/netbird/management.json
    ports:
-      - $NETBIRD_MGMT_API_PORT:443 #API port
-  #     # port and command for Let's Encrypt validation without dashboard container
-  #   - 443:443
+      - $NETBIRD_MGMT_GRPC_API_PORT:33073 #gRPC port
+      - $NETBIRD_MGMT_API_PORT:33071 #API port
+  #     # port and command for Let's Encrypt validation
+  #      - 443:443
  #    command: ["--letsencrypt-domain", "$NETBIRD_DOMAIN", "--log-file", "console"]
-    command: ["--port", "443", "--log-file", "console"]
  # Coturn
  coturn:
    image: coturn/coturn
@@ -60,4 +58,4 @@ services:
 volumes:
  $MGMT_VOLUMENAME:
  $SIGNAL_VOLUMENAME:
-  $LETSENCRYPT_VOLUMENAME:
+  $LETSENCRYPT_VOLUMENAME:
--- a/infrastructure_files/management.json.tmpl
+++ b/infrastructure_files/management.json.tmpl
@@ -29,24 +29,13 @@
    "Datadir": "",
    "HttpConfig": {
        "Address": "0.0.0.0:$NETBIRD_MGMT_API_PORT",
-        "AuthIssuer": "$NETBIRD_AUTH_AUTHORITY",
-        "AuthAudience": "$NETBIRD_AUTH_AUDIENCE",
-        "AuthKeysLocation": "$NETBIRD_AUTH_JWT_CERTS",
+        "AuthIssuer": "https://$NETBIRD_AUTH0_DOMAIN/",
+        "AuthAudience": "$NETBIRD_AUTH0_AUDIENCE",
+        "AuthKeysLocation": "https://$NETBIRD_AUTH0_DOMAIN/.well-known/jwks.json",
        "CertFile":"$NETBIRD_MGMT_API_CERT_FILE",
-        "CertKey":"$NETBIRD_MGMT_API_CERT_KEY_FILE",
-        "OIDCConfigEndpoint":"$NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT"
+        "CertKey":"$NETBIRD_MGMT_API_CERT_KEY_FILE"
    },
    "IdpManagerConfig": {
        "Manager": "none"
-     },
-    "DeviceAuthorizationFlow": {
-        "Provider": "$NETBIRD_AUTH_DEVICE_AUTH_PROVIDER",
-        "ProviderConfig": {
-          "Audience": "$NETBIRD_AUTH_AUDIENCE",
-          "Domain": "$NETBIRD_AUTH0_DOMAIN",
-          "ClientID": "$NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID",
-          "TokenEndpoint": "$NETBIRD_AUTH_TOKEN_ENDPOINT",
-          "DeviceAuthEndpoint": "$NETBIRD_AUTH_DEVICE_AUTH_ENDPOINT"
-         }
-    }
+     }
 }
--- a/infrastructure_files/base.setup.env
+++ b/infrastructure_files/base.setup.env
@@ -1,11 +1,30 @@
-## Most settings are being done automatically with the sourced variables from setup.env, but you can edit if you need some customization
+# Dashboard domain and auth0 configuration
+
+# Dashboard domain. e.g. app.mydomain.com
+NETBIRD_DOMAIN=""
+# e.g. dev-24vkclam.us.auth0.com
+NETBIRD_AUTH0_DOMAIN=""
+# e.g. 61u3JMXRO0oOevc7gCkZLCwePQvT4lL0
+NETBIRD_AUTH0_CLIENT_ID=""
+# e.g. https://app.mydomain.com/ or https://app.mydomain.com,
+# Make sure you used the exact same value for Identifier
+# you used when creating your Auth0 API
+NETBIRD_AUTH0_AUDIENCE=""
+# e.g. hello@mydomain.com
+NETBIRD_LETSENCRYPT_EMAIL=""
+
+## From this point, most settings are being done automatically, but you can edit if you need some customization

 # Management API

 # Management API port
-NETBIRD_MGMT_API_PORT=33073
+NETBIRD_MGMT_API_PORT=33071
+# Management GRPC API port
+NETBIRD_MGMT_GRPC_API_PORT=33073
 # Management API endpoint address, used by the Dashboard
 NETBIRD_MGMT_API_ENDPOINT=https://$NETBIRD_DOMAIN:$NETBIRD_MGMT_API_PORT
+# Management GRPC API endpoint address, used by the hosts to register
+NETBIRD_MGMT_GRPC_API_ENDPOINT=https://$NETBIRD_DOMAIN:NETBIRD_MGMT_GRPC_API_PORT
 # Management Certficate file path. These are generated by the Dashboard container
 NETBIRD_MGMT_API_CERT_FILE="/etc/letsencrypt/live/$NETBIRD_DOMAIN/fullchain.pem"
 # Management Certficate key file path.
@@ -27,24 +46,18 @@ MGMT_VOLUMESUFFIX="mgmt"
 SIGNAL_VOLUMESUFFIX="signal"
 LETSENCRYPT_VOLUMESUFFIX="letsencrypt"

-NETBIRD_AUTH_DEVICE_AUTH_PROVIDER="none"
-
 # exports
 export NETBIRD_DOMAIN
-export NETBIRD_AUTH_CLIENT_ID
-export NETBIRD_AUTH_AUDIENCE
-export NETBIRD_AUTH_AUTHORITY
-export NETBIRD_USE_AUTH0
-export NETBIRD_AUTH_SUPPORTED_SCOPES
-export NETBIRD_AUTH_JWT_CERTS
+export NETBIRD_AUTH0_DOMAIN
+export NETBIRD_AUTH0_CLIENT_ID
+export NETBIRD_AUTH0_AUDIENCE
 export NETBIRD_LETSENCRYPT_EMAIL
 export NETBIRD_MGMT_API_PORT
 export NETBIRD_MGMT_API_ENDPOINT
+export NETBIRD_MGMT_GRPC_API_PORT
+export NETBIRD_MGMT_GRPC_API_ENDPOINT
 export NETBIRD_MGMT_API_CERT_FILE
 export NETBIRD_MGMT_API_CERT_KEY_FILE
-export NETBIRD_AUTH_DEVICE_AUTH_PROVIDER
-export NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID
-export NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT
 export TURN_USER
 export TURN_PASSWORD
 export TURN_MIN_PORT
--- a/infrastructure_files/setup.env.example
+++ b/infrastructure_files/setup.env.example
@@ -1,15 +0,0 @@
-## example file, you can copy this file to setup.env and update its values
-##
-# Dashboard domain. e.g. app.mydomain.com
-NETBIRD_DOMAIN=""
-# OIDC configuration e.g., https://example.eu.auth0.com/.well-known/openid-configuration
-NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT=""
-NETBIRD_AUTH_AUDIENCE=""
-# e.g. netbird-client
-NETBIRD_AUTH_CLIENT_ID=""
-# indicates whether to use Auth0 or not: true or false
-NETBIRD_USE_AUTH0="false"
-NETBIRD_AUTH_DEVICE_AUTH_PROVIDER="none"
-NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID=""
-# e.g. hello@mydomain.com
-NETBIRD_LETSENCRYPT_EMAIL=""
--- a/infrastructure_files/tests/setup.env
+++ b/infrastructure_files/tests/setup.env
@@ -1,13 +0,0 @@
-## example file, you can copy this file to setup.env and update its values
-##
-# Dashboard domain. e.g. app.mydomain.com
-NETBIRD_DOMAIN="localhost"
-# e.g. https://dev-24vkclam.us.auth0.com/ or https://YOUR-KEYCLOAK-HOST:8080/realms/netbird
-NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT="https://example.eu.auth0.com/.well-known/openid-configuration"
-# e.g. netbird-client
-NETBIRD_AUTH_CLIENT_ID=$CI_NETBIRD_AUTH_CLIENT_ID
-# indicates whether to use Auth0 or not: true or false
-NETBIRD_USE_AUTH0=$CI_NETBIRD_USE_AUTH0
-NETBIRD_AUTH_AUDIENCE=$CI_NETBIRD_AUTH_AUDIENCE
-# e.g. hello@mydomain.com
-NETBIRD_LETSENCRYPT_EMAIL=""
--- a/management/client/client.go
+++ b/management/client/client.go
@@ -12,7 +12,7 @@ type Client interface {
 	io.Closer
 	Sync(msgHandler func(msg *proto.SyncResponse) error) error
 	GetServerPublicKey() (*wgtypes.Key, error)
-	Register(serverKey wgtypes.Key, setupKey string, jwtToken string, sysInfo *system.Info, sshKey []byte) (*proto.LoginResponse, error)
-	Login(serverKey wgtypes.Key, sysInfo *system.Info, sshKey []byte) (*proto.LoginResponse, error)
+	Register(serverKey wgtypes.Key, setupKey string, jwtToken string, sysInfo *system.Info) (*proto.LoginResponse, error)
+	Login(serverKey wgtypes.Key, sysInfo *system.Info) (*proto.LoginResponse, error)
 	GetDeviceAuthorizationFlow(serverKey wgtypes.Key) (*proto.DeviceAuthorizationFlow, error)
 }
--- a/management/client/client_test.go
+++ b/management/client/client_test.go
@@ -158,7 +158,7 @@ func TestClient_LoginUnregistered_ShouldThrow_401(t *testing.T) {
 		t.Fatal(err)
 	}
 	sysInfo := system.GetInfo(context.TODO())
-	_, err = client.Login(*key, sysInfo, nil)
+	_, err = client.Login(*key, sysInfo)
 	if err == nil {
 		t.Error("expecting err on unregistered login, got nil")
 	}
@@ -186,7 +186,7 @@ func TestClient_LoginRegistered(t *testing.T) {
 		t.Error(err)
 	}
 	info := system.GetInfo(context.TODO())
-	resp, err := client.Register(*key, ValidKey, "", info, nil)
+	resp, err := client.Register(*key, ValidKey, "", info)
 	if err != nil {
 		t.Error(err)
 	}
@@ -216,7 +216,7 @@ func TestClient_Sync(t *testing.T) {
 	}

 	info := system.GetInfo(context.TODO())
-	_, err = client.Register(*serverKey, ValidKey, "", info, nil)
+	_, err = client.Register(*serverKey, ValidKey, "", info)
 	if err != nil {
 		t.Error(err)
 	}
@@ -232,7 +232,7 @@ func TestClient_Sync(t *testing.T) {
 	}

 	info = system.GetInfo(context.TODO())
-	_, err = remoteClient.Register(*serverKey, ValidKey, "", info, nil)
+	_, err = remoteClient.Register(*serverKey, ValidKey, "", info)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -330,7 +330,7 @@ func Test_SystemMetaDataFromClient(t *testing.T) {
 	}

 	info := system.GetInfo(context.TODO())
-	_, err = testClient.Register(*key, ValidKey, "", info, nil)
+	_, err = testClient.Register(*key, ValidKey, "", info)
 	if err != nil {
 		t.Errorf("error while trying to register client: %v", err)
 	}
--- a/management/client/grpc.go
+++ b/management/client/grpc.go
@@ -37,7 +37,7 @@ func NewClient(ctx context.Context, addr string, ourPrivateKey wgtypes.Key, tlsE
 		transportOption = grpc.WithTransportCredentials(credentials.NewTLS(&tls.Config{}))
 	}

-	mgmCtx, cancel := context.WithTimeout(ctx, 5*time.Second)
+	mgmCtx, cancel := context.WithTimeout(ctx, time.Second*3)
 	defer cancel()
 	conn, err := grpc.DialContext(
 		mgmCtx,
@@ -72,10 +72,10 @@ func (c *GrpcClient) Close() error {
 func defaultBackoff(ctx context.Context) backoff.BackOff {
 	return backoff.WithContext(&backoff.ExponentialBackOff{
 		InitialInterval:     800 * time.Millisecond,
-		RandomizationFactor: 1,
-		Multiplier:          1.7,
+		RandomizationFactor: backoff.DefaultRandomizationFactor,
+		Multiplier:          backoff.DefaultMultiplier,
 		MaxInterval:         10 * time.Second,
-		MaxElapsedTime:      3 * 30 * 24 * time.Hour, // 3 months
+		MaxElapsedTime:      12 * time.Hour, // stop after 12 hours of trying, the error will be propagated to the general retry of the client
 		Stop:                backoff.Stop,
 		Clock:               backoff.SystemClock,
 	}, ctx)
@@ -95,26 +95,20 @@ func (c *GrpcClient) Sync(msgHandler func(msg *proto.SyncResponse) error) error
 	operation := func() error {
 		log.Debugf("management connection state %v", c.conn.GetState())

-		connState := c.conn.GetState()
-		if connState == connectivity.Shutdown {
-			return backoff.Permanent(fmt.Errorf("connection to management has been shut down"))
-		} else if !(connState == connectivity.Ready || connState == connectivity.Idle) {
-			c.conn.WaitForStateChange(c.ctx, connState)
-			return fmt.Errorf("connection to management is not ready and in %s state", connState)
+		if !c.ready() {
+			return fmt.Errorf("no connection to management")
 		}

+		// todo we already have it since we did the Login, maybe cache it locally?
 		serverPubKey, err := c.GetServerPublicKey()
 		if err != nil {
-			log.Debugf("failed getting Management Service public key: %s", err)
+			log.Errorf("failed getting Management Service public key: %s", err)
 			return err
 		}

 		stream, err := c.connectToStream(*serverPubKey)
 		if err != nil {
-			log.Debugf("failed to open Management Service stream: %s", err)
-			if s, ok := gstatus.FromError(err); ok && s.Code() == codes.PermissionDenied {
-				return backoff.Permanent(err) // unrecoverable error, propagate to the upper layer
-			}
+			log.Errorf("failed to open Management Service stream: %s", err)
 			return err
 		}

@@ -123,13 +117,10 @@ func (c *GrpcClient) Sync(msgHandler func(msg *proto.SyncResponse) error) error
 		// blocking until error
 		err = c.receiveEvents(stream, *serverPubKey, msgHandler)
 		if err != nil {
-			if s, ok := gstatus.FromError(err); ok && s.Code() == codes.PermissionDenied {
-				return backoff.Permanent(err) // unrecoverable error, propagate to the upper layer
+			if s, ok := gstatus.FromError(err); ok && (s.Code() == codes.InvalidArgument || s.Code() == codes.PermissionDenied) {
+				return backoff.Permanent(err)
 			}
-			// we need this reset because after a successful connection and a consequent error, backoff lib doesn't
-			// reset times and next try will start with a long delay
 			backOff.Reset()
-			log.Warnf("disconnected from the Management service but will retry silently. Reason: %v", err)
 			return err
 		}

@@ -138,7 +129,7 @@ func (c *GrpcClient) Sync(msgHandler func(msg *proto.SyncResponse) error) error

 	err := backoff.Retry(operation, backOff)
 	if err != nil {
-		log.Warnf("exiting the Management service connection retry loop due to the unrecoverable error: %s", err)
+		log.Warnf("exiting Management Service connection retry loop due to Permanent error: %s", err)
 		return err
 	}

@@ -165,11 +156,11 @@ func (c *GrpcClient) receiveEvents(stream proto.ManagementService_SyncClient, se
 	for {
 		update, err := stream.Recv()
 		if err == io.EOF {
-			log.Debugf("Management stream has been closed by server: %s", err)
+			log.Errorf("Management stream has been closed by server: %s", err)
 			return err
 		}
 		if err != nil {
-			log.Debugf("disconnected from Management Service sync stream: %v", err)
+			log.Warnf("disconnected from Management Service sync stream: %v", err)
 			return err
 		}

@@ -189,13 +180,13 @@ func (c *GrpcClient) receiveEvents(stream proto.ManagementService_SyncClient, se
 	}
 }

-// GetServerPublicKey returns server's WireGuard public key (used later for encrypting messages sent to the server)
+// GetServerPublicKey returns server Wireguard public key (used later for encrypting messages sent to the server)
 func (c *GrpcClient) GetServerPublicKey() (*wgtypes.Key, error) {
 	if !c.ready() {
 		return nil, fmt.Errorf("no connection to management")
 	}

-	mgmCtx, cancel := context.WithTimeout(c.ctx, 5*time.Second)
+	mgmCtx, cancel := context.WithTimeout(c.ctx, time.Second*2)
 	defer cancel()
 	resp, err := c.realClient.GetServerKey(mgmCtx, &proto.Empty{})
 	if err != nil {
@@ -219,7 +210,7 @@ func (c *GrpcClient) login(serverKey wgtypes.Key, req *proto.LoginRequest) (*pro
 		log.Errorf("failed to encrypt message: %s", err)
 		return nil, err
 	}
-	mgmCtx, cancel := context.WithTimeout(c.ctx, 5*time.Second)
+	mgmCtx, cancel := context.WithTimeout(c.ctx, time.Second*2)
 	defer cancel()
 	resp, err := c.realClient.Login(mgmCtx, &proto.EncryptedMessage{
 		WgPubKey: c.key.PublicKey().String(),
@@ -242,21 +233,13 @@ func (c *GrpcClient) login(serverKey wgtypes.Key, req *proto.LoginRequest) (*pro
 // Register registers peer on Management Server. It actually calls a Login endpoint with a provided setup key
 // Takes care of encrypting and decrypting messages.
 // This method will also collect system info and send it with the request (e.g. hostname, os, etc)
-func (c *GrpcClient) Register(serverKey wgtypes.Key, setupKey string, jwtToken string, sysInfo *system.Info, pubSSHKey []byte) (*proto.LoginResponse, error) {
-	keys := &proto.PeerKeys{
-		SshPubKey: pubSSHKey,
-		WgPubKey:  []byte(c.key.PublicKey().String()),
-	}
-	return c.login(serverKey, &proto.LoginRequest{SetupKey: setupKey, Meta: infoToMetaData(sysInfo), JwtToken: jwtToken, PeerKeys: keys})
+func (c *GrpcClient) Register(serverKey wgtypes.Key, setupKey string, jwtToken string, sysInfo *system.Info) (*proto.LoginResponse, error) {
+	return c.login(serverKey, &proto.LoginRequest{SetupKey: setupKey, Meta: infoToMetaData(sysInfo), JwtToken: jwtToken})
 }

 // Login attempts login to Management Server. Takes care of encrypting and decrypting messages.
-func (c *GrpcClient) Login(serverKey wgtypes.Key, sysInfo *system.Info, pubSSHKey []byte) (*proto.LoginResponse, error) {
-	keys := &proto.PeerKeys{
-		SshPubKey: pubSSHKey,
-		WgPubKey:  []byte(c.key.PublicKey().String()),
-	}
-	return c.login(serverKey, &proto.LoginRequest{Meta: infoToMetaData(sysInfo), PeerKeys: keys})
+func (c *GrpcClient) Login(serverKey wgtypes.Key, sysInfo *system.Info) (*proto.LoginResponse, error) {
+	return c.login(serverKey, &proto.LoginRequest{Meta: infoToMetaData(sysInfo)})
 }

 // GetDeviceAuthorizationFlow returns a device authorization flow information.
--- a/management/client/mock.go
+++ b/management/client/mock.go
@@ -10,8 +10,8 @@ type MockClient struct {
 	CloseFunc                      func() error
 	SyncFunc                       func(msgHandler func(msg *proto.SyncResponse) error) error
 	GetServerPublicKeyFunc         func() (*wgtypes.Key, error)
-	RegisterFunc                   func(serverKey wgtypes.Key, setupKey string, jwtToken string, info *system.Info, sshKey []byte) (*proto.LoginResponse, error)
-	LoginFunc                      func(serverKey wgtypes.Key, info *system.Info, sshKey []byte) (*proto.LoginResponse, error)
+	RegisterFunc                   func(serverKey wgtypes.Key, setupKey string, jwtToken string, info *system.Info) (*proto.LoginResponse, error)
+	LoginFunc                      func(serverKey wgtypes.Key, info *system.Info) (*proto.LoginResponse, error)
 	GetDeviceAuthorizationFlowFunc func(serverKey wgtypes.Key) (*proto.DeviceAuthorizationFlow, error)
 }

@@ -36,18 +36,18 @@ func (m *MockClient) GetServerPublicKey() (*wgtypes.Key, error) {
 	return m.GetServerPublicKeyFunc()
 }

-func (m *MockClient) Register(serverKey wgtypes.Key, setupKey string, jwtToken string, info *system.Info, sshKey []byte) (*proto.LoginResponse, error) {
+func (m *MockClient) Register(serverKey wgtypes.Key, setupKey string, jwtToken string, info *system.Info) (*proto.LoginResponse, error) {
 	if m.RegisterFunc == nil {
 		return nil, nil
 	}
-	return m.RegisterFunc(serverKey, setupKey, jwtToken, info, sshKey)
+	return m.RegisterFunc(serverKey, setupKey, jwtToken, info)
 }

-func (m *MockClient) Login(serverKey wgtypes.Key, info *system.Info, sshKey []byte) (*proto.LoginResponse, error) {
+func (m *MockClient) Login(serverKey wgtypes.Key, info *system.Info) (*proto.LoginResponse, error) {
 	if m.LoginFunc == nil {
 		return nil, nil
 	}
-	return m.LoginFunc(serverKey, info, sshKey)
+	return m.LoginFunc(serverKey, info)
 }

 func (m *MockClient) GetDeviceAuthorizationFlow(serverKey wgtypes.Key) (*proto.DeviceAuthorizationFlow, error) {
--- a/management/cmd/management.go
+++ b/management/cmd/management.go
@@ -1,26 +1,21 @@
 package cmd

 import (
+	"context"
 	"crypto/tls"
-	"encoding/json"
 	"errors"
 	"flag"
 	"fmt"
-	httpapi "github.com/netbirdio/netbird/management/server/http"
-	"golang.org/x/crypto/acme/autocert"
-	"golang.org/x/net/http2"
-	"golang.org/x/net/http2/h2c"
 	"io"
 	"io/fs"
+	"io/ioutil"
 	"net"
-	"net/http"
-	"net/url"
 	"os"
 	"path"
-	"strings"
 	"time"

 	"github.com/netbirdio/netbird/management/server"
+	"github.com/netbirdio/netbird/management/server/http"
 	"github.com/netbirdio/netbird/management/server/idp"
 	"github.com/netbirdio/netbird/util"

@@ -33,16 +28,11 @@ import (
 	"google.golang.org/grpc/keepalive"
 )

-// ManagementLegacyPort is the port that was used before by the Management gRPC server.
-// It is used for backward compatibility now.
-const ManagementLegacyPort = 33073
-
 var (
 	mgmtPort              int
 	mgmtLetsencryptDomain string
 	certFile              string
 	certKey               string
-	config                *server.Config

 	kaep = keepalive.EnforcementPolicy{
 		MinTime:             15 * time.Second,
@@ -58,55 +48,34 @@ var (

 	mgmtCmd = &cobra.Command{
 		Use:   "management",
-		Short: "start NetBird Management Server",
-		PreRunE: func(cmd *cobra.Command, args []string) error {
-			// detect whether user specified a port
-			userPort := cmd.Flag("port").Changed
-
-			var err error
-			config, err = loadMgmtConfig(mgmtConfig)
-			if err != nil {
-				return fmt.Errorf("failed reading provided config file: %s: %v", mgmtConfig, err)
-			}
-
-			tlsEnabled := false
-			if mgmtLetsencryptDomain != "" || (config.HttpConfig.CertFile != "" && config.HttpConfig.CertKey != "") {
-				tlsEnabled = true
-			}
-
-			if !userPort {
-				// different defaults for port when tls enabled/disabled
-				if tlsEnabled {
-					mgmtPort = 443
-				} else {
-					mgmtPort = 80
-				}
-			}
-
-			return nil
-		},
-		RunE: func(cmd *cobra.Command, args []string) error {
+		Short: "start Netbird Management Server",
+		Run: func(cmd *cobra.Command, args []string) {
 			flag.Parse()
 			err := util.InitLog(logLevel, logFile)
 			if err != nil {
-				return fmt.Errorf("failed initializing log %v", err)
+				log.Fatalf("failed initializing log %v", err)
 			}

 			err = handleRebrand(cmd)
 			if err != nil {
-				return fmt.Errorf("failed to migrate files %v", err)
+				log.Fatalf("failed to migrate files %v", err)
+			}
+
+			config, err := loadMgmtConfig(mgmtConfig)
+			if err != nil {
+				log.Fatalf("failed reading provided config file: %s: %v", mgmtConfig, err)
 			}

 			if _, err = os.Stat(config.Datadir); os.IsNotExist(err) {
 				err = os.MkdirAll(config.Datadir, os.ModeDir)
 				if err != nil {
-					return fmt.Errorf("failed creating datadir: %s: %v", config.Datadir, err)
+					log.Fatalf("failed creating datadir: %s: %v", config.Datadir, err)
 				}
 			}

 			store, err := server.NewStore(config.Datadir)
 			if err != nil {
-				return fmt.Errorf("failed creating Store: %s: %v", config.Datadir, err)
+				log.Fatalf("failed creating a store: %s: %v", config.Datadir, err)
 			}
 			peersUpdateManager := server.NewPeersUpdateManager()

@@ -114,180 +83,82 @@ var (
 			if config.IdpManagerConfig != nil {
 				idpManager, err = idp.NewManager(*config.IdpManagerConfig)
 				if err != nil {
-					return fmt.Errorf("failed retrieving a new idp manager with err: %v", err)
+					log.Fatalln("failed retrieving a new idp manager with err: ", err)
 				}
 			}

 			accountManager, err := server.BuildManager(store, peersUpdateManager, idpManager)
 			if err != nil {
-				return fmt.Errorf("failed to build default manager: %v", err)
+				log.Fatalln("failed build default manager: ", err)
 			}

-			turnManager := server.NewTimeBasedAuthSecretsManager(peersUpdateManager, config.TURNConfig)
+			var opts []grpc.ServerOption

-			gRPCOpts := []grpc.ServerOption{grpc.KeepaliveEnforcementPolicy(kaep), grpc.KeepaliveParams(kasp)}
-			var certManager *autocert.Manager
-			var tlsConfig *tls.Config
-			tlsEnabled := false
+			var httpServer *http.Server
 			if config.HttpConfig.LetsEncryptDomain != "" {
-				certManager, err = encryption.CreateCertManager(config.Datadir, config.HttpConfig.LetsEncryptDomain)
-				if err != nil {
-					return fmt.Errorf("failed creating LetsEncrypt cert manager: %v", err)
-				}
+				// automatically generate a new certificate with Let's Encrypt
+				certManager := encryption.CreateCertManager(config.Datadir, config.HttpConfig.LetsEncryptDomain)
 				transportCredentials := credentials.NewTLS(certManager.TLSConfig())
-				gRPCOpts = append(gRPCOpts, grpc.Creds(transportCredentials))
-				tlsEnabled = true
+				opts = append(opts, grpc.Creds(transportCredentials))
+
+				httpServer = http.NewHttpsServer(config.HttpConfig, certManager, accountManager)
 			} else if config.HttpConfig.CertFile != "" && config.HttpConfig.CertKey != "" {
-				tlsConfig, err = loadTLSConfig(config.HttpConfig.CertFile, config.HttpConfig.CertKey)
+				// use provided certificate
+				tlsConfig, err := loadTLSConfig(config.HttpConfig.CertFile, config.HttpConfig.CertKey)
 				if err != nil {
-					log.Errorf("cannot load TLS credentials: %v", err)
-					return err
+					log.Fatal("cannot load TLS credentials: ", err)
 				}
 				transportCredentials := credentials.NewTLS(tlsConfig)
-				gRPCOpts = append(gRPCOpts, grpc.Creds(transportCredentials))
-				tlsEnabled = true
-			}
-
-			httpAPIHandler, err := httpapi.APIHandler(accountManager,
-				config.HttpConfig.AuthIssuer, config.HttpConfig.AuthAudience, config.HttpConfig.AuthKeysLocation)
-			if err != nil {
-				return fmt.Errorf("failed creating HTTP API handler: %v", err)
-			}
-
-			gRPCAPIHandler := grpc.NewServer(gRPCOpts...)
-			srv, err := server.NewServer(config, accountManager, peersUpdateManager, turnManager)
-			if err != nil {
-				return fmt.Errorf("failed creating gRPC API handler: %v", err)
-			}
-			mgmtProto.RegisterManagementServiceServer(gRPCAPIHandler, srv)
-
-			var compatListener net.Listener
-			if mgmtPort != ManagementLegacyPort {
-				// The Management gRPC server was running on port 33073 previously. Old agents that are already connected to it
-				// are using port 33073. For compatibility purposes we keep running a 2nd gRPC server on port 33073.
-				compatListener, err = serveGRPC(gRPCAPIHandler, ManagementLegacyPort)
-				if err != nil {
-					return err
-				}
-				log.Infof("running gRPC backward compatibility server: %s", compatListener.Addr().String())
-			}
-
-			rootHandler := handlerFunc(gRPCAPIHandler, httpAPIHandler)
-			var listener net.Listener
-			if certManager != nil {
-				// a call to certManager.Listener() always creates a new listener so we do it once
-				cml := certManager.Listener()
-				if mgmtPort == 443 {
-					// CertManager, HTTP and gRPC API all on the same port
-					rootHandler = certManager.HTTPHandler(rootHandler)
-					listener = cml
-				} else {
-					listener, err = tls.Listen("tcp", fmt.Sprintf(":%d", mgmtPort), certManager.TLSConfig())
-					if err != nil {
-						return fmt.Errorf("failed creating TLS listener on port %d: %v", mgmtPort, err)
-					}
-					log.Infof("running HTTP server (LetsEncrypt challenge handler): %s", cml.Addr().String())
-					serveHTTP(cml, certManager.HTTPHandler(nil))
-				}
-			} else if tlsConfig != nil {
-				listener, err = tls.Listen("tcp", fmt.Sprintf(":%d", mgmtPort), tlsConfig)
-				if err != nil {
-					return fmt.Errorf("failed creating TLS listener on port %d: %v", mgmtPort, err)
-				}
+				opts = append(opts, grpc.Creds(transportCredentials))
+				httpServer = http.NewHttpsServerWithTLSConfig(config.HttpConfig, tlsConfig, accountManager)
 			} else {
-				listener, err = net.Listen("tcp", fmt.Sprintf(":%d", mgmtPort))
-				if err != nil {
-					return fmt.Errorf("failed creating TCP listener on port %d: %v", mgmtPort, err)
-				}
+				// start server without SSL
+				httpServer = http.NewHttpServer(config.HttpConfig, accountManager)
 			}

-			log.Infof("running HTTP server and gRPC server on the same port: %s", listener.Addr().String())
-			serveGRPCWithHTTP(listener, rootHandler, tlsEnabled)
+			opts = append(opts, grpc.KeepaliveEnforcementPolicy(kaep), grpc.KeepaliveParams(kasp))
+			grpcServer := grpc.NewServer(opts...)
+			turnManager := server.NewTimeBasedAuthSecretsManager(peersUpdateManager, config.TURNConfig)
+			server, err := server.NewServer(config, accountManager, peersUpdateManager, turnManager)
+			if err != nil {
+				log.Fatalf("failed creating new server: %v", err)
+			}
+			mgmtProto.RegisterManagementServiceServer(grpcServer, server)
+			log.Printf("started server: localhost:%v", mgmtPort)
+
+			lis, err := net.Listen("tcp", fmt.Sprintf(":%d", mgmtPort))
+			if err != nil {
+				log.Fatalf("failed to listen: %v", err)
+			}
+
+			go func() {
+				if err = grpcServer.Serve(lis); err != nil {
+					log.Fatalf("failed to serve gRpc server: %v", err)
+				}
+			}()
+
+			go func() {
+				err = httpServer.Start()
+				if err != nil {
+					log.Fatalf("failed to serve http server: %v", err)
+				}
+			}()

 			SetupCloseHandler()
-
 			<-stopCh
-			_ = listener.Close()
-			if certManager != nil {
-				_ = certManager.Listener().Close()
+			log.Println("Receive signal to stop running Management server")
+			ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+			defer cancel()
+			err = httpServer.Stop(ctx)
+			if err != nil {
+				log.Fatalf("failed stopping the http server %v", err)
 			}
-			gRPCAPIHandler.Stop()
-			log.Infof("stopped Management Service")

-			return nil
+			grpcServer.Stop()
 		},
 	}
 )

-func notifyStop(msg string) {
-	select {
-	case stopCh <- 1:
-		log.Error(msg)
-	default:
-		// stop has been already called, nothing to report
-	}
-}
-
-func serveGRPC(grpcServer *grpc.Server, port int) (net.Listener, error) {
-	listener, err := net.Listen("tcp", fmt.Sprintf(":%d", port))
-	if err != nil {
-		return nil, err
-	}
-	go func() {
-		err := grpcServer.Serve(listener)
-		if err != nil {
-			notifyStop(fmt.Sprintf("failed running gRPC server on port %d: %v", port, err))
-		}
-	}()
-	return listener, nil
-}
-
-func serveHTTP(httpListener net.Listener, handler http.Handler) {
-	go func() {
-		err := http.Serve(httpListener, handler)
-		if err != nil {
-			notifyStop(fmt.Sprintf("failed running HTTP server: %v", err))
-		}
-	}()
-}
-
-func serveGRPCWithHTTP(listener net.Listener, handler http.Handler, tlsEnabled bool) {
-	go func() {
-		var err error
-		if tlsEnabled {
-			err = http.Serve(listener, handler)
-		} else {
-			// the following magic is needed to support HTTP2 without TLS
-			// and still share a single port between gRPC and HTTP APIs
-			h1s := &http.Server{
-				Handler: h2c.NewHandler(handler, &http2.Server{}),
-			}
-			err = h1s.Serve(listener)
-		}
-
-		if err != nil {
-			select {
-			case stopCh <- 1:
-				log.Errorf("failed to serve HTTP and gRPC server: %v", err)
-			default:
-				// stop has been already called, nothing to report
-			}
-		}
-	}()
-}
-
-func handlerFunc(gRPCHandler *grpc.Server, httpHandler http.Handler) http.Handler {
-	return http.HandlerFunc(func(writer http.ResponseWriter, request *http.Request) {
-		grpcHeader := strings.HasPrefix(request.Header.Get("Content-Type"), "application/grpc") ||
-			strings.HasPrefix(request.Header.Get("Content-Type"), "application/grpc+proto")
-		if request.ProtoMajor == 2 && grpcHeader {
-			gRPCHandler.ServeHTTP(writer, request)
-		} else {
-			httpHandler.ServeHTTP(writer, request)
-		}
-	})
-}
-
 func loadMgmtConfig(mgmtConfigPath string) (*server.Config, error) {
 	config := &server.Config{}
 	_, err := util.ReadJson(mgmtConfigPath, config)
@@ -306,88 +177,9 @@ func loadMgmtConfig(mgmtConfigPath string) (*server.Config, error) {
 		config.HttpConfig.CertKey = certKey
 	}

-	oidcEndpoint := config.HttpConfig.OIDCConfigEndpoint
-	if oidcEndpoint != "" {
-		// if OIDCConfigEndpoint is specified, we can load DeviceAuthEndpoint and TokenEndpoint automatically
-		log.Infof("loading OIDC configuration from the provided IDP configuration endpoint %s", oidcEndpoint)
-		oidcConfig, err := fetchOIDCConfig(oidcEndpoint)
-		if err != nil {
-			return nil, err
-		}
-		log.Infof("loaded OIDC configuration from the provided IDP configuration endpoint: %s", oidcEndpoint)
-
-		log.Infof("overriding HttpConfig.AuthIssuer with a new value %s, previously configured value: %s",
-			oidcConfig.Issuer, config.HttpConfig.AuthIssuer)
-		config.HttpConfig.AuthIssuer = oidcConfig.Issuer
-
-		log.Infof("overriding HttpConfig.AuthKeysLocation (JWT certs) with a new value %s, previously configured value: %s",
-			oidcConfig.JwksURI, config.HttpConfig.AuthKeysLocation)
-		config.HttpConfig.AuthKeysLocation = oidcConfig.JwksURI
-
-		if !(config.DeviceAuthorizationFlow == nil || strings.ToLower(config.DeviceAuthorizationFlow.Provider) == string(server.NONE)) {
-			log.Infof("overriding DeviceAuthorizationFlow.TokenEndpoint with a new value: %s, previously configured value: %s",
-				oidcConfig.TokenEndpoint, config.DeviceAuthorizationFlow.ProviderConfig.TokenEndpoint)
-			config.DeviceAuthorizationFlow.ProviderConfig.TokenEndpoint = oidcConfig.TokenEndpoint
-			log.Infof("overriding DeviceAuthorizationFlow.DeviceAuthEndpoint with a new value: %s, previously configured value: %s",
-				oidcConfig.DeviceAuthEndpoint, config.DeviceAuthorizationFlow.ProviderConfig.DeviceAuthEndpoint)
-			config.DeviceAuthorizationFlow.ProviderConfig.DeviceAuthEndpoint = oidcConfig.DeviceAuthEndpoint
-
-			u, err := url.Parse(oidcEndpoint)
-			if err != nil {
-				return nil, err
-			}
-			log.Infof("overriding DeviceAuthorizationFlow.ProviderConfig.Domain with a new value: %s, previously configured value: %s",
-				u.Host, config.DeviceAuthorizationFlow.ProviderConfig.Domain)
-			config.DeviceAuthorizationFlow.ProviderConfig.Domain = u.Host
-		}
-	}
-
 	return config, err
 }

-// OIDCConfigResponse used for parsing OIDC config response
-type OIDCConfigResponse struct {
-	Issuer             string `json:"issuer"`
-	TokenEndpoint      string `json:"token_endpoint"`
-	DeviceAuthEndpoint string `json:"device_authorization_endpoint"`
-	JwksURI            string `json:"jwks_uri"`
-}
-
-// fetchOIDCConfig fetches OIDC configuration from the IDP
-func fetchOIDCConfig(oidcEndpoint string) (OIDCConfigResponse, error) {
-
-	res, err := http.Get(oidcEndpoint)
-	if err != nil {
-		return OIDCConfigResponse{}, fmt.Errorf("failed fetching OIDC configuration fro mendpoint %s %v", oidcEndpoint, err)
-	}
-
-	defer func() {
-		err := res.Body.Close()
-		if err != nil {
-			log.Debugf("failed closing response body %v", err)
-		}
-	}()
-
-	body, err := io.ReadAll(res.Body)
-	if err != nil {
-		return OIDCConfigResponse{}, fmt.Errorf("failed reading OIDC configuration response body: %v", err)
-	}
-
-	if res.StatusCode != 200 {
-		return OIDCConfigResponse{}, fmt.Errorf("OIDC configuration request returned status %d with response: %s",
-			res.StatusCode, string(body))
-	}
-
-	config := OIDCConfigResponse{}
-	err = json.Unmarshal(body, &config)
-	if err != nil {
-		return OIDCConfigResponse{}, fmt.Errorf("failed unmarshaling OIDC configuration response: %v", err)
-	}
-
-	return config, nil
-
-}
-
 func loadTLSConfig(certFile string, certKey string) (*tls.Config, error) {
 	// Load server's certificate and private key
 	serverCert, err := tls.LoadX509KeyPair(certFile, certKey)
@@ -399,9 +191,6 @@ func loadTLSConfig(certFile string, certKey string) (*tls.Config, error) {
 	config := &tls.Config{
 		Certificates: []tls.Certificate{serverCert},
 		ClientAuth:   tls.NoClientCert,
-		NextProtos: []string{
-			"h2", "http/1.1", // enable HTTP/2
-		},
 	}

 	return config, nil
@@ -474,7 +263,7 @@ func copySymLink(source, dest string) error {

 func cpDir(src string, dst string) error {
 	var err error
-	var fds []os.DirEntry
+	var fds []os.FileInfo
 	var srcinfo os.FileInfo

 	if srcinfo, err = os.Stat(src); err != nil {
@@ -485,7 +274,7 @@ func cpDir(src string, dst string) error {
 		return err
 	}

-	if fds, err = os.ReadDir(src); err != nil {
+	if fds, err = ioutil.ReadDir(src); err != nil {
 		return err
 	}
 	for _, fd := range fds {
--- a/management/cmd/root.go
+++ b/management/cmd/root.go
@@ -60,7 +60,7 @@ func init() {
 	oldDefaultMgmtConfig = oldDefaultMgmtConfigDir + "/management.json"
 	oldDefaultLogFile = oldDefaultLogDir + "/management.log"

-	mgmtCmd.Flags().IntVar(&mgmtPort, "port", 80, "server port to listen on (defaults to 443 if TLS is enabled, 80 otherwise")
+	mgmtCmd.Flags().IntVar(&mgmtPort, "port", 33073, "server port to listen on")
 	mgmtCmd.Flags().StringVar(&mgmtDataDir, "datadir", defaultMgmtDataDir, "server data directory location")
 	mgmtCmd.Flags().StringVar(&mgmtConfig, "config", defaultMgmtConfig, "Netbird config file location. Config params specified via command line (e.g. datadir) have a precedence over configuration from this file")
 	mgmtCmd.Flags().StringVar(&mgmtLetsencryptDomain, "letsencrypt-domain", "", "a domain to issue Let's Encrypt certificate for. Enables TLS using Let's Encrypt. Will fetch and renew certificate, and run the server with TLS")
--- a/management/proto/management.pb.go
+++ b/management/proto/management.pb.go
--- a/management/proto/management.proto
+++ b/management/proto/management.proto
@@ -71,21 +71,9 @@ message LoginRequest {
  PeerSystemMeta meta = 2;
  // SSO token (can be empty)
  string jwtToken = 3;
-  // Can be absent for now.
-  PeerKeys peerKeys = 4;
-
-}
-// PeerKeys is additional peer info like SSH pub key and WireGuard public key.
-// This message is sent on Login or register requests, or when a key rotation has to happen.
-message PeerKeys {
-
-  // sshPubKey represents a public SSH key of the peer. Can be absent.
-  bytes sshPubKey = 1;
-  // wgPubKey represents a public WireGuard key of the peer. Can be absent.
-  bytes wgPubKey = 2;
 }

-// PeerSystemMeta is machine meta data like OS and version.
+// Peer machine meta data
 message PeerSystemMeta {
  string hostname = 1;
  string goOS = 2;
@@ -155,9 +143,6 @@ message PeerConfig {
  string  address = 1;
  // Wiretrustee DNS server (a Wireguard DNS config)
  string dns = 2;
-
-  // SSHConfig of the peer.
-  SSHConfig sshConfig = 3;
 }

 // NetworkMap represents a network state of the peer with the corresponding configuration parameters to establish peer-to-peer connections
@@ -176,8 +161,6 @@ message NetworkMap {
  // Indicates whether remotePeers array is empty or not to bypass protobuf null and empty array equality.
  bool remotePeersIsEmpty = 4;

-  // List of routes to be applied
-  repeated Route Routes = 5;
 }

 // RemotePeerConfig represents a configuration of a remote peer.
@@ -189,22 +172,7 @@ message RemotePeerConfig {

  // Wireguard allowed IPs of a remote peer e.g. [10.30.30.1/32]
  repeated string allowedIps = 2;
-
-  // SSHConfig is a SSH config of the remote peer. SSHConfig.sshPubKey should be ignored because peer knows it's SSH key.
-  SSHConfig sshConfig = 3;
-
 }
-
-// SSHConfig represents SSH configurations of a peer.
-message SSHConfig {
-  // sshEnabled indicates whether a SSH server is enabled on this peer
-  bool sshEnabled = 1;
-
-  // sshPubKey is a SSH public key of a peer to be added to authorized_hosts.
-  // This property should be ignore if SSHConfig comes from PeerConfig.
-  bytes sshPubKey = 2;
-}
-
 // DeviceAuthorizationFlowRequest empty struct for future expansion
 message DeviceAuthorizationFlowRequest {}
 // DeviceAuthorizationFlow represents Device Authorization Flow information
@@ -227,23 +195,7 @@ message ProviderConfig {
  // An IDP application client secret
  string ClientSecret = 2;
  // An IDP API domain
-  // Deprecated. Use a DeviceAuthEndpoint and TokenEndpoint
-  string Domain = 3;
+  string Domain =3;
  // An Audience for validation
  string Audience = 4;
-  // DeviceAuthEndpoint is an endpoint to request device authentication code.
-  string DeviceAuthEndpoint = 5;
-  // TokenEndpoint is an endpoint to request auth token.
-  string TokenEndpoint = 6;
 }
-
-// Route represents a route.Route object
-message Route {
-  string ID = 1;
-  string Network = 2;
-  int64  NetworkType = 3;
-  string Peer = 4;
-  int64  Metric = 5;
-  bool   Masquerade = 6;
-  string NetID = 7;
-}
--- a/management/server/account.go
+++ b/management/server/account.go
@@ -1,65 +1,54 @@
 package server

 import (
-	"context"
 	"fmt"
-	"github.com/eko/gocache/v2/cache"
-	cacheStore "github.com/eko/gocache/v2/store"
+	"reflect"
+	"strings"
+	"sync"
+
 	"github.com/netbirdio/netbird/management/server/idp"
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
-	"github.com/netbirdio/netbird/route"
-	gocache "github.com/patrickmn/go-cache"
+	"github.com/netbirdio/netbird/util"
 	"github.com/rs/xid"
 	log "github.com/sirupsen/logrus"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
-	"math/rand"
-	"reflect"
-	"strings"
-	"sync"
-	"time"
 )

 const (
-	PublicCategory     = "public"
-	PrivateCategory    = "private"
-	UnknownCategory    = "unknown"
-	CacheExpirationMax = 7 * 24 * 3600 * time.Second // 7 days
-	CacheExpirationMin = 3 * 24 * 3600 * time.Second // 3 days
+	PublicCategory  = "public"
+	PrivateCategory = "private"
+	UnknownCategory = "unknown"
 )

 type AccountManager interface {
 	GetOrCreateAccountByUser(userId, domain string) (*Account, error)
 	GetAccountByUser(userId string) (*Account, error)
-	CreateSetupKey(
+	AddSetupKey(
 		accountId string,
 		keyName string,
 		keyType SetupKeyType,
-		expiresIn time.Duration,
-		autoGroups []string,
+		expiresIn *util.Duration,
 	) (*SetupKey, error)
-	SaveSetupKey(accountID string, key *SetupKey) (*SetupKey, error)
-	GetSetupKey(accountID, keyID string) (*SetupKey, error)
+	RevokeSetupKey(accountId string, keyId string) (*SetupKey, error)
+	RenameSetupKey(accountId string, keyId string, newName string) (*SetupKey, error)
 	GetAccountById(accountId string) (*Account, error)
 	GetAccountByUserOrAccountId(userId, accountId, domain string) (*Account, error)
 	GetAccountWithAuthorizationClaims(claims jwtclaims.AuthorizationClaims) (*Account, error)
 	IsUserAdmin(claims jwtclaims.AuthorizationClaims) (bool, error)
 	AccountExists(accountId string) (*bool, error)
+	AddAccount(accountId, userId, domain string) (*Account, error)
 	GetPeer(peerKey string) (*Peer, error)
 	MarkPeerConnected(peerKey string, connected bool) error
 	RenamePeer(accountId string, peerKey string, newName string) (*Peer, error)
 	DeletePeer(accountId string, peerKey string) (*Peer, error)
 	GetPeerByIP(accountId string, peerIP string) (*Peer, error)
-	UpdatePeer(accountID string, peer *Peer) (*Peer, error)
 	GetNetworkMap(peerKey string) (*NetworkMap, error)
-	GetPeerNetwork(peerKey string) (*Network, error)
 	AddPeer(setupKey string, userId string, peer *Peer) (*Peer, error)
 	UpdatePeerMeta(peerKey string, meta PeerSystemMeta) error
-	UpdatePeerSSHKey(peerKey string, sshKey string) error
 	GetUsersFromAccount(accountId string) ([]*UserInfo, error)
 	GetGroup(accountId, groupID string) (*Group, error)
 	SaveGroup(accountId string, group *Group) error
-	UpdateGroup(accountID string, groupID string, operations []GroupUpdateOperation) (*Group, error)
 	DeleteGroup(accountId, groupID string) error
 	ListGroups(accountId string) ([]*Group, error)
 	GroupAddPeer(accountId, groupID, peerKey string) error
@@ -67,16 +56,8 @@ type AccountManager interface {
 	GroupListPeers(accountId, groupID string) ([]*Peer, error)
 	GetRule(accountId, ruleID string) (*Rule, error)
 	SaveRule(accountID string, rule *Rule) error
-	UpdateRule(accountID string, ruleID string, operations []RuleUpdateOperation) (*Rule, error)
 	DeleteRule(accountId, ruleID string) error
 	ListRules(accountId string) ([]*Rule, error)
-	GetRoute(accountID, routeID string) (*route.Route, error)
-	CreateRoute(accountID string, prefix, peer, description, netID string, masquerade bool, metric int, enabled bool) (*route.Route, error)
-	SaveRoute(accountID string, route *route.Route) error
-	UpdateRoute(accountID string, routeID string, operations []RouteUpdateOperation) (*route.Route, error)
-	DeleteRoute(accountID, routeID string) error
-	ListRoutes(accountID string) ([]*route.Route, error)
-	ListSetupKeys(accountID string) ([]*SetupKey, error)
 }

 type DefaultAccountManager struct {
@@ -85,8 +66,6 @@ type DefaultAccountManager struct {
 	mux                sync.Mutex
 	peersUpdateManager *PeersUpdateManager
 	idpManager         idp.Manager
-	cacheManager       cache.CacheInterface
-	ctx                context.Context
 }

 // Account represents a unique account of the system
@@ -103,7 +82,6 @@ type Account struct {
 	Users                  map[string]*User
 	Groups                 map[string]*Group
 	Rules                  map[string]*Rule
-	Routes                 map[string]*route.Route
 }

 type UserInfo struct {
@@ -113,6 +91,12 @@ type UserInfo struct {
 	Role  string `json:"role"`
 }

+// NewAccount creates a new Account with a generated ID and generated default setup keys
+func NewAccount(userId, domain string) *Account {
+	accountId := xid.New().String()
+	return newAccountWithId(accountId, userId, domain)
+}
+
 func (a *Account) Copy() *Account {
 	peers := map[string]*Peer{}
 	for id, peer := range a.Peers {
@@ -164,86 +148,112 @@ func (a *Account) GetGroupAll() (*Group, error) {
 func BuildManager(
 	store Store, peersUpdateManager *PeersUpdateManager, idpManager idp.Manager,
 ) (*DefaultAccountManager, error) {
-	am := &DefaultAccountManager{
+	dam := &DefaultAccountManager{
 		Store:              store,
 		mux:                sync.Mutex{},
 		peersUpdateManager: peersUpdateManager,
 		idpManager:         idpManager,
-		ctx:                context.Background(),
 	}

-	// if account has not default group
-	// we create 'all' group and add all peers into it
-	// also we create default rule with source as destination
+	// if account has not default account
+	// we build 'all' group and add all peers into it
+	// also we create default rule with source an destination
+	// groups 'all'
 	for _, account := range store.GetAllAccounts() {
-		_, err := account.GetGroupAll()
-		if err != nil {
-			addAllGroup(account)
-			if err := store.SaveAccount(account); err != nil {
-				return nil, err
-			}
-		}
-	}
-
-	gocacheClient := gocache.New(CacheExpirationMax, 30*time.Minute)
-	gocacheStore := cacheStore.NewGoCache(gocacheClient, nil)
-
-	am.cacheManager = cache.NewLoadable(am.loadFromCache, cache.New(gocacheStore))
-
-	if !isNil(am.idpManager) {
-		go func() {
-			err := am.warmupIDPCache()
-			if err != nil {
-				log.Warnf("failed warming up cache due to error: %v", err)
-				//todo retry?
-				return
-			}
-		}()
-	}
-
-	return am, nil
-
-}
-
-// newAccount creates a new Account with a generated ID and generated default setup keys.
-// If ID is already in use (due to collision) we try one more time before returning error
-func (am *DefaultAccountManager) newAccount(userID, domain string) (*Account, error) {
-	for i := 0; i < 2; i++ {
-		accountId := xid.New().String()
-
-		_, err := am.Store.GetAccount(accountId)
-		statusErr, _ := status.FromError(err)
-		if err == nil {
-			log.Warnf("an account with ID already exists, retrying...")
-			continue
-		} else if statusErr.Code() == codes.NotFound {
-			return newAccountWithId(accountId, userID, domain), nil
-		} else {
+		dam.addAllGroup(account)
+		if err := store.SaveAccount(account); err != nil {
 			return nil, err
 		}
 	}

-	return nil, status.Errorf(codes.Internal, "error while creating new account")
+	return dam, nil
 }

-func (am *DefaultAccountManager) warmupIDPCache() error {
-	userData, err := am.idpManager.GetAllAccounts()
+// AddSetupKey generates a new setup key with a given name and type, and adds it to the specified account
+func (am *DefaultAccountManager) AddSetupKey(
+	accountId string,
+	keyName string,
+	keyType SetupKeyType,
+	expiresIn *util.Duration,
+) (*SetupKey, error) {
+	am.mux.Lock()
+	defer am.mux.Unlock()
+
+	keyDuration := DefaultSetupKeyDuration
+	if expiresIn != nil {
+		keyDuration = expiresIn.Duration
+	}
+
+	account, err := am.Store.GetAccount(accountId)
 	if err != nil {
-		return err
+		return nil, status.Errorf(codes.NotFound, "account not found")
 	}

-	for accountID, users := range userData {
-		rand.Seed(time.Now().UnixNano())
+	setupKey := GenerateSetupKey(keyName, keyType, keyDuration)
+	account.SetupKeys[setupKey.Key] = setupKey

-		r := rand.Intn(int(CacheExpirationMax.Milliseconds()-CacheExpirationMin.Milliseconds())) + int(CacheExpirationMin.Milliseconds())
-		expiration := time.Duration(r) * time.Millisecond
-		err = am.cacheManager.Set(am.ctx, accountID, users, &cacheStore.Options{Expiration: expiration})
-		if err != nil {
-			return err
-		}
+	err = am.Store.SaveAccount(account)
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed adding account key")
 	}
-	log.Infof("warmed up IDP cache with %d entries", len(userData))
-	return nil
+
+	return setupKey, nil
+}
+
+// RevokeSetupKey marks SetupKey as revoked - becomes not valid anymore
+func (am *DefaultAccountManager) RevokeSetupKey(accountId string, keyId string) (*SetupKey, error) {
+	am.mux.Lock()
+	defer am.mux.Unlock()
+
+	account, err := am.Store.GetAccount(accountId)
+	if err != nil {
+		return nil, status.Errorf(codes.NotFound, "account not found")
+	}
+
+	setupKey := getAccountSetupKeyById(account, keyId)
+	if setupKey == nil {
+		return nil, status.Errorf(codes.NotFound, "unknown setupKey %s", keyId)
+	}
+
+	keyCopy := setupKey.Copy()
+	keyCopy.Revoked = true
+	account.SetupKeys[keyCopy.Key] = keyCopy
+	err = am.Store.SaveAccount(account)
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed adding account key")
+	}
+
+	return keyCopy, nil
+}
+
+// RenameSetupKey renames existing setup key of the specified account.
+func (am *DefaultAccountManager) RenameSetupKey(
+	accountId string,
+	keyId string,
+	newName string,
+) (*SetupKey, error) {
+	am.mux.Lock()
+	defer am.mux.Unlock()
+
+	account, err := am.Store.GetAccount(accountId)
+	if err != nil {
+		return nil, status.Errorf(codes.NotFound, "account not found")
+	}
+
+	setupKey := getAccountSetupKeyById(account, keyId)
+	if setupKey == nil {
+		return nil, status.Errorf(codes.NotFound, "unknown setupKey %s", keyId)
+	}
+
+	keyCopy := setupKey.Copy()
+	keyCopy.Name = newName
+	account.SetupKeys[keyCopy.Key] = keyCopy
+	err = am.Store.SaveAccount(account)
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed adding account key")
+	}
+
+	return keyCopy, nil
 }

 // GetAccountById returns an existing account using its ID or error (NotFound) if doesn't exist
@@ -309,49 +319,6 @@ func mergeLocalAndQueryUser(queried idp.UserData, local User) *UserInfo {
 	}
 }

-func (am *DefaultAccountManager) loadFromCache(_ context.Context, accountID interface{}) (interface{}, error) {
-	return am.idpManager.GetAccount(fmt.Sprintf("%v", accountID))
-}
-
-func (am *DefaultAccountManager) lookupCache(accountUsers map[string]*User, accountID string) ([]*idp.UserData, error) {
-	data, err := am.cacheManager.Get(am.ctx, accountID)
-	if err != nil {
-		return nil, err
-	}
-
-	userData := data.([]*idp.UserData)
-
-	userDataMap := make(map[string]struct{})
-	for _, datum := range userData {
-		userDataMap[datum.ID] = struct{}{}
-	}
-
-	// check whether we need to reload the cache
-	// the accountUsers ID list is the source of truth and all the users should be in the cache
-	reload := len(accountUsers) != len(userData)
-	for user := range accountUsers {
-		if _, ok := userDataMap[user]; !ok {
-			reload = true
-		}
-	}
-
-	if reload {
-		// reload cache once avoiding loops
-		err := am.cacheManager.Delete(am.ctx, accountID)
-		if err != nil {
-			return nil, err
-		}
-		data, err = am.cacheManager.Get(am.ctx, accountID)
-		if err != nil {
-			return nil, err
-		}
-
-		userData = data.([]*idp.UserData)
-	}
-
-	return userData, err
-}
-
 // GetUsersFromAccount performs a batched request for users from IDP by account id
 func (am *DefaultAccountManager) GetUsersFromAccount(accountID string) ([]*UserInfo, error) {
 	account, err := am.GetAccountById(accountID)
@@ -361,11 +328,12 @@ func (am *DefaultAccountManager) GetUsersFromAccount(accountID string) ([]*UserI

 	queriedUsers := make([]*idp.UserData, 0)
 	if !isNil(am.idpManager) {
-		queriedUsers, err = am.lookupCache(account.Users, accountID)
+		queriedUsers, err = am.idpManager.GetAllUsers(accountID)
 		if err != nil {
 			return nil, err
 		}
 	}
+	// TODO: we need to check whether we need to refresh our cache or not

 	userInfo := make([]*UserInfo, 0)

@@ -385,7 +353,6 @@ func (am *DefaultAccountManager) GetUsersFromAccount(accountID string) ([]*UserI
 	for _, queriedUser := range queriedUsers {
 		if localUser, contains := account.Users[queriedUser.ID]; contains {
 			userInfo = append(userInfo, mergeLocalAndQueryUser(*queriedUser, *localUser))
-			log.Debugf("Merged userinfo to send back; %v", userInfo)
 		}
 	}

@@ -399,17 +366,8 @@ func (am *DefaultAccountManager) updateAccountDomainAttributes(
 	primaryDomain bool,
 ) error {
 	account.IsDomainPrimaryAccount = primaryDomain
-
-	lowerDomain := strings.ToLower(claims.Domain)
-	userObj := account.Users[claims.UserId]
-	if account.Domain != lowerDomain && userObj.Role == UserRoleAdmin {
-		account.Domain = lowerDomain
-	}
-	// prevent updating category for different domain until admin logs in
-	if account.Domain == lowerDomain {
-		account.DomainCategory = claims.DomainCategory
-	}
-
+	account.Domain = strings.ToLower(claims.Domain)
+	account.DomainCategory = claims.DomainCategory
 	err := am.Store.SaveAccount(account)
 	if err != nil {
 		return status.Errorf(codes.Internal, "failed saving updated account")
@@ -419,6 +377,7 @@ func (am *DefaultAccountManager) updateAccountDomainAttributes(

 // handleExistingUserAccount handles existing User accounts and update its domain attributes.
 //
+//
 // If there is no primary domain account yet, we set the account as primary for the domain. Otherwise,
 // we compare the account's ID with the domain account ID, and if they don't match, we set the account as
 // non-primary account for the domain. We don't merge accounts at this stage, because of cases when a domain
@@ -472,10 +431,8 @@ func (am *DefaultAccountManager) handleNewUserAccount(
 			return nil, status.Errorf(codes.Internal, "failed saving updated account")
 		}
 	} else {
-		account, err = am.newAccount(claims.UserId, lowerDomain)
-		if err != nil {
-			return nil, err
-		}
+		account = NewAccount(claims.UserId, lowerDomain)
+		account.Users[claims.UserId] = NewAdminUser(claims.UserId)
 		err = am.updateAccountDomainAttributes(account, claims, true)
 		if err != nil {
 			return nil, err
@@ -572,8 +529,29 @@ func (am *DefaultAccountManager) AccountExists(accountId string) (*bool, error)
 	return &res, nil
 }

-// addAllGroup to account object if it doesn't exists
-func addAllGroup(account *Account) {
+// AddAccount generates a new Account with a provided accountId and userId, saves to the Store
+func (am *DefaultAccountManager) AddAccount(accountId, userId, domain string) (*Account, error) {
+	am.mux.Lock()
+	defer am.mux.Unlock()
+
+	return am.createAccount(accountId, userId, domain)
+}
+
+func (am *DefaultAccountManager) createAccount(accountId, userId, domain string) (*Account, error) {
+	account := newAccountWithId(accountId, userId, domain)
+
+	am.addAllGroup(account)
+
+	err := am.Store.SaveAccount(account)
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed creating account")
+	}
+
+	return account, nil
+}
+
+// addAllGroup to account object it it doesn't exists
+func (am *DefaultAccountManager) addAllGroup(account *Account) {
 	if len(account.Groups) == 0 {
 		allGroup := &Group{
 			ID:   xid.New().String(),
@@ -586,9 +564,7 @@ func addAllGroup(account *Account) {

 		defaultRule := &Rule{
 			ID:          xid.New().String(),
-			Name:        DefaultRuleName,
-			Description: DefaultRuleDescription,
-			Disabled:    false,
+			Name:        "Default",
 			Source:      []string{allGroup.ID},
 			Destination: []string{allGroup.ID},
 		}
@@ -602,17 +578,16 @@ func newAccountWithId(accountId, userId, domain string) *Account {

 	setupKeys := make(map[string]*SetupKey)
 	defaultKey := GenerateDefaultSetupKey()
-	oneOffKey := GenerateSetupKey("One-off key", SetupKeyOneOff, DefaultSetupKeyDuration, []string{})
+	oneOffKey := GenerateSetupKey("One-off key", SetupKeyOneOff, DefaultSetupKeyDuration)
 	setupKeys[defaultKey.Key] = defaultKey
 	setupKeys[oneOffKey.Key] = oneOffKey
 	network := NewNetwork()
 	peers := make(map[string]*Peer)
 	users := make(map[string]*User)
-	routes := make(map[string]*route.Route)
-	users[userId] = NewAdminUser(userId)
+
 	log.Debugf("created new account %s with setup key %s", accountId, defaultKey.Key)

-	acc := &Account{
+	return &Account{
 		Id:        accountId,
 		SetupKeys: setupKeys,
 		Network:   network,
@@ -620,11 +595,16 @@ func newAccountWithId(accountId, userId, domain string) *Account {
 		Users:     users,
 		CreatedBy: userId,
 		Domain:    domain,
-		Routes:    routes,
 	}
+}

-	addAllGroup(acc)
-	return acc
+func getAccountSetupKeyById(acc *Account, keyId string) *SetupKey {
+	for _, k := range acc.SetupKeys {
+		if keyId == k.Id {
+			return k
+		}
+	}
+	return nil
 }

 func getAccountSetupKeyByKey(acc *Account, key string) *SetupKey {
@@ -635,19 +615,3 @@ func getAccountSetupKeyByKey(acc *Account, key string) *SetupKey {
 	}
 	return nil
 }
-
-func removeFromList(inputList []string, toRemove []string) []string {
-	toRemoveMap := make(map[string]struct{})
-	for _, item := range toRemove {
-		toRemoveMap[item] = struct{}{}
-	}
-
-	var resultList []string
-	for _, item := range inputList {
-		_, ok := toRemoveMap[item]
-		if !ok {
-			resultList = append(resultList, item)
-		}
-	}
-	return resultList
-}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
shatoboar	c86c620016	Fix(auth0) caching Users by accountId	2022-06-03 17:19:31 +02:00
shatoboar	1e444f58c1	Merge remote-tracking branch 'origin' into users_cache	2022-06-03 14:42:06 +02:00
shatoboar	f53990d6c1	WIP idpmanager users_cache by accountId	2022-06-03 14:39:07 +02:00
Misha Bragin	02a6ac44be	Handle Network out of range (#347 )	2022-06-03 14:39:07 +02:00
Misha Bragin	43e472c958	Update links in Start using NetBird (#346 ) * Update links in Start using NetBird * Update internals overview and co structure * Netbird to NetBird	2022-06-03 14:39:07 +02:00
shatoboar	cea5693512	Feat(auth0.go) Cache for users in idpmanager	2022-06-01 21:52:16 +02:00
shatoboar	49ec33504a	Implemented caching logic for auth0	2022-05-31 17:29:51 +02:00