Add User-Agent to CLI

Add User-Agent to CLI and Ui and pass to Management
2026-04-01 15:14:03 -04:00 · 2022-05-23 09:52:44 +02:00 · 2022-05-23 09:48:04 +02:00
63 changed files with 742 additions and 1393 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -9,7 +9,7 @@ on:
  pull_request:

 env:
-  SIGN_PIPE_VER: "v0.0.3"
+  SIGN_PIPE_VER: main

 jobs:
  release:
@@ -131,7 +131,7 @@ jobs:
        uses: benc-uk/workflow-dispatch@v1
        if: startsWith(github.ref, 'refs/tags/')
        with:
-          workflow: Sign darwin ui app with dispatch
+          workflow: Sign darwin ui app
          repo: netbirdio/sign-pipelines
          ref: ${{ env.SIGN_PIPE_VER }}
          token: ${{ secrets.SIGN_GITHUB_TOKEN }}
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -65,7 +65,7 @@ builds:
    goarch:
      - amd64
    ldflags:
-      - -s -w -X github.com/netbirdio/netbird/client/system.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.CommitDate}} -X main.builtBy=goreleaser
+      - -s -w -X github.com/netbirdio/netbird/client/ui/system.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.CommitDate}} -X main.builtBy=goreleaser
    mod_timestamp: '{{ .CommitTimestamp }}'

  - id: netbird-ui-windows
@@ -79,7 +79,7 @@ builds:
    goarch:
      - amd64
    ldflags:
-      - -s -w -X github.com/netbirdio/netbird/client/system.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.CommitDate}} -X main.builtBy=goreleaser
+      - -s -w -X github.com/netbirdio/netbird/client/ui/system.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.CommitDate}} -X main.builtBy=goreleaser
      - -H windowsgui
    mod_timestamp: '{{ .CommitTimestamp }}'

@@ -115,7 +115,6 @@ nfpms:
      - libayatana-appindicator3-1
      - libgtk-3-dev
      - libappindicator3-dev
-      - netbird

  - maintainer: Netbird <dev@netbird.io>
    description: Netbird client UI.
@@ -135,7 +134,6 @@ nfpms:
      - libayatana-appindicator3-1
      - libgtk-3-dev
      - libappindicator3-dev
-      - netbird

  - maintainer: Netbird <dev@netbird.io>
    description: Netbird client.
@@ -149,8 +147,6 @@ nfpms:

    replaces:
      - wiretrustee
-    conflicts:
-      - wiretrustee

    scripts:
      postinstall: "release_files/post_install.sh"
@@ -169,9 +165,6 @@ nfpms:
    replaces:
      - wiretrustee

-    conflicts:
-      - wiretrustee
-
    scripts:
      postinstall: "release_files/post_install.sh"
      preremove: "release_files/pre_remove.sh"
@@ -420,25 +413,22 @@ brews:
    homepage: https://netbird.io/
    license: "BSD3"
    test: |
-      system "#{bin}/{{ .ProjectName	}} version"
-    conflicts:
-      - wiretrustee
+      system "#{bin}/{{ .ProjectName	}} -h"

 uploads:
  - name: debian
    ids:
-    - netbird-deb
+    - deb
    - netbird-ui-deb
    mode: archive
    target: https://pkgs.wiretrustee.com/debian/pool/{{ .ArtifactName }};deb.distribution=stable;deb.component=main;deb.architecture={{ if .Arm }}armhf{{ else }}{{ .Arch }}{{ end }};deb.package=
    username: dev@wiretrustee.com
    method: PUT
-
  - name: yum
    ids:
-      - netbird-rpm
+      - rpm
      - netbird-ui-rpm
    mode: archive
    target: https://pkgs.wiretrustee.com/yum/{{ .Arch }}{{ if .Arm }}{{ .Arm }}{{ end }}
    username: dev@wiretrustee.com
-    method: PUT
+    method: PUT
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 <p align="center">
- <strong>:hatching_chick: New release! Beta Update May 2022</strong>.
-  <a href="https://github.com/netbirdio/netbird/releases/tag/v0.6.0">
+ <strong>Big News! Wiretrustee becomes Netbird</strong>.
+  <a href="https://netbird.io/blog/wiretrustee-becomes-netbird">
       Learn more
     </a>   
 </p>
@@ -18,7 +18,8 @@
     </a> 
     <a href="https://hub.docker.com/r/wiretrustee/wiretrustee/tags">
        <img src="https://img.shields.io/docker/pulls/wiretrustee/wiretrustee" />
-     </a> 
+     </a>  
+    <img src="https://badgen.net/badge/Open%20Source%3F/Yes%21/blue?icon=github" />
    <br>
    <a href="https://www.codacy.com/gh/wiretrustee/wiretrustee/dashboard?utm_source=github.com&amp;utm_medium=referral&amp;utm_content=wiretrustee/wiretrustee&amp;utm_campaign=Badge_Grade"><img src="https://app.codacy.com/project/badge/Grade/d366de2c9d8b4cf982da27f8f5831809"/></a>
     <a href="https://goreportcard.com/report/wiretrustee/wiretrustee">
@@ -34,7 +35,7 @@

 <p align="center">
 <strong>
-  Start using NetBird at <a href="https://app.netbird.io/">app.netbird.io</a>
+  Start using Netbird at <a href="https://app.netbird.io/">app.netbird.io</a>
  <br/>
  See <a href="https://netbird.io/docs/">Documentation</a>
  <br/>
@@ -46,69 +47,215 @@

 <br>

-**NetBird is an open-source VPN management platform built on top of WireGuard® making it easy to create secure private networks for your organization or home.**
+**Netbird is an open-source VPN platform built on top of WireGuard® making it easy to create secure private networks for your organization or home.**

 It requires zero configuration effort leaving behind the hassle of opening ports, complex firewall rules, VPN gateways, and so forth.

-NetBird creates an overlay peer-to-peer network connecting machines automatically regardless of their location (home, office, datacenter, container, cloud or edge environments) unifying virtual private network management experience.
-
-**Key features:**
-* Automatic IP allocation and management.
-* Automatic WireGuard peer (machine) discovery and configuration.
-* Encrypted peer-to-peer connections without a central VPN gateway.
+**Netbird automates Wireguard-based networks, offering a management layer with:**
+* Centralized Peer IP management with a UI dashboard.
+* Encrypted peer-to-peer connections without a centralized VPN gateway.
+* Automatic Peer discovery and configuration.
+* UDP hole punching to establish peer-to-peer connections behind NAT, firewall, and without a public static IP.
 * Connection relay fallback in case a peer-to-peer connection is not possible.
-* Network management layer with a neat Web UI panel ([separate repo](https://github.com/netbirdio/dashboard))
-* Desktop client applications for Linux, MacOS, and Windows.
-* Multiuser support - sharing network between multiple users.
-* SSO and MFA support. 
-* Multicloud and hybrid-cloud support.
-* Kernel WireGuard usage when possible.
-* Access Controls - groups & rules (coming soon).
-* Private DNS (coming soon).
-* Mobile clients (coming soon).
-* Network Activity Monitoring (coming soon).
+* Multitenancy (coming soon).
+* Client application SSO with MFA (coming soon).
+* Access Controls (coming soon).
+* Activity Monitoring (coming soon).
+* Private DNS (coming soon)

-### Secure peer-to-peer VPN with SSO and MFA in minutes
+### Secure peer-to-peer VPN in minutes
 <p float="left" align="middle">
  <img src="docs/media/peerA.gif" width="400"/> 
  <img src="docs/media/peerB.gif" width="400"/>
 </p>

-**Note**: The `main` branch may be in an *unstable or even broken state* during development. 
-For stable versions, see [releases](https://github.com/netbirdio/netbird/releases).
+**Note**: The `main` branch may be in an *unstable or even broken state* during development. For stable versions, see [releases](https://github.com/netbirdio/netbird).

-### Start using NetBird
-* Hosted version: [https://app.netbird.io/](https://app.netbird.io/).
-* See our documentation for [Quickstart Guide](https://netbird.io/docs/getting-started/quickstart).
-* If you are looking to self-host NetBird, check our [Self-Hosting Guide](https://netbird.io/docs/getting-started/self-hosting).
-* Step-by-step [Installation Guide](https://netbird.io/docs/getting-started/installation) for different platforms.
-* Web UI [repository](https://github.com/netbirdio/dashboard).
-* 5 min [demo video](https://youtu.be/Tu9tPsUWaY0) on YouTube.
+Hosted version: 
+[https://app.netbird.io/](https://app.netbird.io/). 
+
+[UI Dashboard Repo](https://github.com/netbirdio/dashboard)


-### A bit on NetBird internals
-* Every machine in the network runs [NetBird Agent (or Client)](client/) that manages WireGuard.
-* NetBird features [Management Service](management/) that holds network state, manages peer IPs, and distributes network updates to peers.
-* Every agent is connected to Management Service.
-* NetBird agent uses WebRTC ICE implemented in [pion/ice library](https://github.com/pion/ice) to discover connection candidates when establishing a peer-to-peer connection between machines.
-* Connection candidates are discovered with a help of [STUN](https://en.wikipedia.org/wiki/STUN) server. 
-* Agents negotiate a connection through [Signal Service](signal/) passing p2p encrypted messages.
-* Signal Service uses public WireGuard keys to route messages between peers.
-* Sometimes the NAT traversal is unsuccessful due to strict NATs (e.g. mobile carrier-grade NAT) and p2p connection isn't possible. When this occurs the system falls back to a relay server called [TURN](https://en.wikipedia.org/wiki/Traversal_Using_Relays_around_NAT), and a secure WireGuard tunnel is established via the TURN server. 
- 
-[Coturn](https://github.com/coturn/coturn) is the one that has been successfully used for STUN and TURN in NetBird setups.
+### A bit on Netbird internals
+* Netbird features a Management Service that offers peer IP management and network updates distribution (e.g. when a new peer joins the network).
+* Netbird uses WebRTC ICE implemented in [pion/ice library](https://github.com/pion/ice) to discover connection candidates when establishing a peer-to-peer connection between devices.
+* Peers negotiate connection through [Signal Service](signal/).
+* Signal Service uses public Wireguard keys to route messages between peers.
+  Contents of the messages sent between peers through the signaling server are encrypted with Wireguard keys, making it impossible to inspect them.
+* Occasionally, the NAT traversal is unsuccessful due to strict NATs (e.g. mobile carrier-grade NAT). When this occurs the system falls back to the relay server (TURN), and a secure Wireguard tunnel is established via the TURN server. [Coturn](https://github.com/coturn/coturn) is the one that has been successfully used for STUN and TURN in Netbird setups.

 <p float="left" align="middle">
  <img src="https://netbird.io/docs/img/architecture/high-level-dia.png" width="700"/>
 </p>

-See a complete [architecture overview](https://netbird.io/docs/overview/architecture) for details.

-### Roadmap
+### Product Roadmap
 - [Public Roadmap](https://github.com/netbirdio/netbird/projects/2)
+- [Public Roadmap Progress Tracking](https://github.com/netbirdio/netbird/projects/1)
+
+### Client Installation
+#### Linux
+
+**APT/Debian**
+1. Add the repository:
+    ```shell
+    sudo apt-get update
+    sudo apt-get install ca-certificates curl gnupg -y
+    curl -L https://pkgs.wiretrustee.com/debian/public.key | sudo apt-key add -
+    echo 'deb https://pkgs.wiretrustee.com/debian stable main' | sudo tee /etc/apt/sources.list.d/wiretrustee.list
+    ```
+2. Update APT's cache
+    ```shell
+    sudo apt-get update
+    ```
+3. Install the package
+    ```shell
+    # for CLI only
+    sudo apt-get install netbird
+    # for GUI package
+    sudo apt-get install netbird-ui
+    ```   
+**RPM/Red hat**
+1. Add the repository:
+    ```shell
+    cat <<EOF | sudo tee /etc/yum.repos.d/wiretrustee.repo
+    [Wiretrustee]
+    name=Wiretrustee
+    baseurl=https://pkgs.wiretrustee.com/yum/
+    enabled=1
+    gpgcheck=0
+    gpgkey=https://pkgs.wiretrustee.com/yum/repodata/repomd.xml.key
+    repo_gpgcheck=1
+    EOF
+    ```
+2. Install the package
+    ```shell
+    # for CLI only
+    sudo yum install netbird
+    # for GUI package
+    sudo yum install netbird-ui
+    ```
+#### MACOS
+**Brew install**
+1. Download and install Brew at https://brew.sh/
+2. Install the client
+  ```shell
+  # for CLI only
+  brew install netbirdio/tap/netbird
+  # for GUI package
+  brew install --cask netbirdio/tap/netbird-ui
+  ```
+3. As homebrew doesn't allow sudo exec, we need to install and start the client daemon:
+  ```shell
+  sudo netbird service install
+  sudo netbird service start
+  ```
+**Installation from binary (CLI only)**
+1. Checkout Netbird [releases](https://github.com/netbirdio/netbird/releases/latest)
+2. Download the latest release (**Switch VERSION to the latest**):
+  ```shell
+  curl -o ./netbird_<VERSION>_darwin_amd64.tar.gz https://github.com/netbirdio/netbird/releases/download/v<VERSION>/wiretrustee_<VERSION>_darwin_amd64.tar.gz
+  ```
+3. Decompress
+  ```shell
+  tar xcf ./netbird_<VERSION>_darwin_amd64.tar.gz
+  sudo mv netbird /usr/bin/netbird
+  chmod +x /usr/bin/netbird
+  ```
+  After that you may need to add /usr/bin in your PATH environment variable:
+  ````shell
+  export PATH=$PATH:/usr/bin
+  ````
+4. Install and run the service
+  ```shell
+  sudo netbird service install
+  sudo netbird service start
+  ```
+
+#### Windows
+1. Checkout Netbird [releases](https://github.com/netbirdio/netbird/releases/latest)
+2. Download the latest Windows release installer ```netbird_installer_<VERSION>_windows_amd64.exe``` (**Switch VERSION to the latest**):
+3. Proceed with installation steps
+4. This will install the client in the C:\\Program Files\\Netbird and add the client service
+5. After installing, you can follow the [Client Configuration](#Client-Configuration) steps.
+> To uninstall the client and service, you can use Add/Remove programs
+
+### Client Configuration
+If you installed the UI client, you can launch it and click on Connect
+> It will open your browser, and you will be prompt for email and password
+
+Simply run:
+```shell
+  netbird up
+```
+> It will open your browser, and you will be prompt for email and password
+
+Check connection status:
+```shell
+  netbird status
+```
+In case you are activating a server peer, you can use a setup-key as described in the steps below:
+
+
+1. Login to the Management Service. You need to have a `setup key` in hand (see ).
+
+For all systems:
+  ```shell
+  netbird up --setup-key <SETUP KEY>
+  ```
+
+For **Docker**, you can run with the following command:
+```shell
+docker run --network host --privileged --rm -d -e NB_SETUP_KEY=<SETUP KEY> -v netbird-client:/etc/netbird netbirdio/netbird:<TAG>
+```
+> TAG > 0.6.0 version
+
+Alternatively, if you are hosting your own Management Service provide `--management-url` property pointing to your Management Service:
+  ```shell
+  sudo netbird up --setup-key <SETUP KEY> --management-url http://localhost:33073
+  ```
+
+> You could also omit the `--setup-key` property. In this case, the tool will prompt for the key.
+
+2. Check connection status:
+```shell
+  netbird status
+```
+
+3. Check your IP:
+  For **MACOS** you will just start the service:
+  ````shell
+  sudo ifconfig utun100
+  ````   
+For **Linux** systems:
+  ```shell
+  ip addr show wt0
+  ```
+For **Windows** systems:
+  ```shell
+  netsh interface ip show config name="wt0"
+  ```
+
+4. Repeat on other machines.  
+
+### Troubleshooting
+1. If you are using self-hosted version and haven't specified `--management-url`, the client app will use the default URL
+   which is ```https://api.wiretrustee.com:33073```.
+
+2. If you have specified a wrong `--management-url` (e.g., just by mistake when self-hosting)
+    to override it you can do the following:
+
+    ```shell
+    netbird down
+    netbird up --management-url https://<CORRECT HOST:PORT>/
+    ```
+    
+    To override it see solution #1 above.
+
+### Running Dashboard, Management, Signal and Coturn
+See [Self-Hosting Guide](https://netbird.io/docs/getting-started/self-hosting)

-### Testimonials
-We use open-source technologies like [WireGuard®](https://www.wireguard.com/), [Pion ICE (WebRTC)](https://github.com/pion/ice), and [Coturn](https://github.com/coturn/coturn). We very much appreciate the work these guys are doing and we'd greatly appreciate if you could support them in any way (e.g. giving a star or a contribution).

 ### Legal
 [WireGuard](https://wireguard.com/) is a registered trademark of Jason A. Donenfeld.
--- a/client/Dockerfile
+++ b/client/Dockerfile
@@ -1,4 +1,4 @@
 FROM gcr.io/distroless/base:debug
 ENV WT_LOG_FILE=console
 ENTRYPOINT [ "/go/bin/netbird","up"]
-COPY netbird /go/bin/netbird
+COPY netbird /go/bin/netbird
--- a/client/cmd/down.go
+++ b/client/cmd/down.go
@@ -17,9 +17,12 @@ var downCmd = &cobra.Command{
 	RunE: func(cmd *cobra.Command, args []string) error {
 		SetFlagsFromEnvVars()

-		cmd.SetOut(cmd.OutOrStdout())
+		err := handleRebrand(cmd)
+		if err != nil {
+			return err
+		}

-		err := util.InitLog(logLevel, "console")
+		err = util.InitLog(logLevel, "console")
 		if err != nil {
 			log.Errorf("failed initializing log %v", err)
 			return err
--- a/client/cmd/login.go
+++ b/client/cmd/login.go
@@ -3,6 +3,7 @@ package cmd
 import (
 	"context"
 	"fmt"
+	"github.com/netbirdio/netbird/client/system"
 	"github.com/skratchdot/open-golang/open"
 	"google.golang.org/grpc/codes"
 	gstatus "google.golang.org/grpc/status"
@@ -22,9 +23,12 @@ var loginCmd = &cobra.Command{
 	RunE: func(cmd *cobra.Command, args []string) error {
 		SetFlagsFromEnvVars()

-		cmd.SetOut(cmd.OutOrStdout())
+		err := handleRebrand(cmd)
+		if err != nil {
+			return err
+		}

-		err := util.InitLog(logLevel, "console")
+		err = util.InitLog(logLevel, "console")
 		if err != nil {
 			return fmt.Errorf("failed initializing log %v", err)
 		}
@@ -33,11 +37,6 @@ var loginCmd = &cobra.Command{

 		// workaround to run without service
 		if logFile == "console" {
-			err = handleRebrand(cmd)
-			if err != nil {
-				return err
-			}
-
 			config, err := internal.GetConfig(managementURL, adminURL, configPath, preSharedKey)
 			if err != nil {
 				return fmt.Errorf("get config file: %v", err)
@@ -92,7 +91,7 @@ var loginCmd = &cobra.Command{
 		}

 		if loginResp.NeedsSSOLogin {
-			openURL(cmd, loginResp.VerificationURIComplete)
+			openURL(cmd, loginResp.VerificationURI, loginResp.VerificationURIComplete, loginResp.UserCode)

 			_, err = client.WaitSSOLogin(ctx, &proto.WaitSSOLoginRequest{UserCode: loginResp.UserCode})
 			if err != nil {
@@ -109,8 +108,11 @@ var loginCmd = &cobra.Command{
 func foregroundLogin(ctx context.Context, cmd *cobra.Command, config *internal.Config, setupKey string) error {
 	needsLogin := false

+	sysInfo := system.GetInfo()
+	sysInfo.Caller = system.NetBirdCLIUserAgent()
+
 	err := WithBackOff(func() error {
-		err := internal.Login(ctx, config, "", "")
+		err := internal.Login(ctx, config, "", "", sysInfo)
 		if s, ok := gstatus.FromError(err); ok && (s.Code() == codes.InvalidArgument || s.Code() == codes.PermissionDenied) {
 			needsLogin = true
 			return nil
@@ -131,7 +133,7 @@ func foregroundLogin(ctx context.Context, cmd *cobra.Command, config *internal.C
 	}

 	err = WithBackOff(func() error {
-		err := internal.Login(ctx, config, setupKey, jwtToken)
+		err := internal.Login(ctx, config, setupKey, jwtToken, sysInfo)
 		if s, ok := gstatus.FromError(err); ok && (s.Code() == codes.InvalidArgument || s.Code() == codes.PermissionDenied) {
 			return nil
 		}
@@ -175,7 +177,7 @@ func foregroundGetTokenInfo(ctx context.Context, cmd *cobra.Command, config *int
 		return nil, fmt.Errorf("getting a request device code failed: %v", err)
 	}

-	openURL(cmd, flowInfo.VerificationURIComplete)
+	openURL(cmd, flowInfo.VerificationURI, flowInfo.VerificationURIComplete, flowInfo.UserCode)

 	waitTimeout := time.Duration(flowInfo.ExpiresIn)
 	waitCTX, c := context.WithTimeout(context.TODO(), waitTimeout*time.Second)
@@ -189,12 +191,13 @@ func foregroundGetTokenInfo(ctx context.Context, cmd *cobra.Command, config *int
 	return &tokenInfo, nil
 }

-func openURL(cmd *cobra.Command, verificationURIComplete string) {
+func openURL(cmd *cobra.Command, verificationURI, verificationURIComplete, userCode string) {
 	err := open.Run(verificationURIComplete)
-	cmd.Printf("Please do the SSO login in your browser. \n" +
-		"If your browser didn't open automatically, use this URL to log in:\n\n" +
-		" " + verificationURIComplete + " \n\n")
 	if err != nil {
-		cmd.Printf("Alternatively, you may want to use a setup key, see:\n\n https://www.netbird.io/docs/overview/setup-keys\n")
+		cmd.Println("Unable to open the default browser.")
+		cmd.Println("If this is not an interactive shell, you may want to use the setup key, see https://www.netbird.io/docs/overview/setup-keys")
+		cmd.Printf("Otherwise, you can continue the login flow by accessing the url below:\n\t%s\n", verificationURI)
+		cmd.Printf("Use the access code: %s\n", userCode)
+		cmd.Println("Or press CTRL + C or COMMAND + C")
 	}
 }
--- a/client/cmd/root.go
+++ b/client/cmd/root.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"github.com/netbirdio/netbird/client/system"
 	"io"
 	"io/fs"
 	"io/ioutil"
@@ -156,6 +157,7 @@ func DialClientGRPCServer(ctx context.Context, addr string) (*grpc.ClientConn, e
 		strings.TrimPrefix(addr, "tcp://"),
 		grpc.WithTransportCredentials(insecure.NewCredentials()),
 		grpc.WithBlock(),
+		grpc.WithUserAgent(system.NetBirdCLIUserAgent()),
 	)
 }

--- a/client/cmd/service.go
+++ b/client/cmd/service.go
@@ -2,7 +2,6 @@ package cmd

 import (
 	"context"
-	"runtime"

 	"github.com/kardianos/service"
 	log "github.com/sirupsen/logrus"
@@ -24,12 +23,8 @@ func newProgram(ctx context.Context, cancel context.CancelFunc) *program {
 }

 func newSVCConfig() *service.Config {
-	name := "netbird"
-	if runtime.GOOS == "windows" {
-		name = "Netbird"
-	}
 	return &service.Config{
-		Name:        name,
+		Name:        "netbird",
 		DisplayName: "Netbird",
 		Description: "A WireGuard-based mesh network that connects your devices into a single private network.",
 	}
--- a/client/cmd/service_controller.go
+++ b/client/cmd/service_controller.go
@@ -20,7 +20,7 @@ import (

 func (p *program) Start(svc service.Service) error {
 	// Start should not block. Do the actual work async.
-	log.Info("starting Netbird service") //nolint
+	log.Info("starting service") //nolint
 	// in any case, even if configuration does not exists we run daemon to serve CLI gRPC API.
 	p.serv = grpc.NewServer()

@@ -86,8 +86,6 @@ var runCmd = &cobra.Command{
 	RunE: func(cmd *cobra.Command, args []string) error {
 		SetFlagsFromEnvVars()

-		cmd.SetOut(cmd.OutOrStdout())
-
 		err := handleRebrand(cmd)
 		if err != nil {
 			return err
@@ -120,8 +118,6 @@ var startCmd = &cobra.Command{
 	RunE: func(cmd *cobra.Command, args []string) error {
 		SetFlagsFromEnvVars()

-		cmd.SetOut(cmd.OutOrStdout())
-
 		err := handleRebrand(cmd)
 		if err != nil {
 			return err
@@ -155,8 +151,6 @@ var stopCmd = &cobra.Command{
 	RunE: func(cmd *cobra.Command, args []string) error {
 		SetFlagsFromEnvVars()

-		cmd.SetOut(cmd.OutOrStdout())
-
 		err := handleRebrand(cmd)
 		if err != nil {
 			return err
@@ -188,8 +182,6 @@ var restartCmd = &cobra.Command{
 	RunE: func(cmd *cobra.Command, args []string) error {
 		SetFlagsFromEnvVars()

-		cmd.SetOut(cmd.OutOrStdout())
-
 		err := handleRebrand(cmd)
 		if err != nil {
 			return err
--- a/client/cmd/service_installer.go
+++ b/client/cmd/service_installer.go
@@ -13,8 +13,6 @@ var installCmd = &cobra.Command{
 	RunE: func(cmd *cobra.Command, args []string) error {
 		SetFlagsFromEnvVars()

-		cmd.SetOut(cmd.OutOrStdout())
-
 		err := handleRebrand(cmd)
 		if err != nil {
 			return err
@@ -65,8 +63,6 @@ var uninstallCmd = &cobra.Command{
 	RunE: func(cmd *cobra.Command, args []string) error {
 		SetFlagsFromEnvVars()

-		cmd.SetOut(cmd.OutOrStdout())
-
 		err := handleRebrand(cmd)
 		if err != nil {
 			return err
--- a/client/cmd/status.go
+++ b/client/cmd/status.go
@@ -18,9 +18,12 @@ var statusCmd = &cobra.Command{
 	RunE: func(cmd *cobra.Command, args []string) error {
 		SetFlagsFromEnvVars()

-		cmd.SetOut(cmd.OutOrStdout())
+		err := handleRebrand(cmd)
+		if err != nil {
+			return err
+		}

-		err := util.InitLog(logLevel, "console")
+		err = util.InitLog(logLevel, "console")
 		if err != nil {
 			return fmt.Errorf("failed initializing log %v", err)
 		}
--- a/client/cmd/up.go
+++ b/client/cmd/up.go
@@ -6,7 +6,6 @@ import (
 	"github.com/netbirdio/netbird/client/internal"
 	"github.com/netbirdio/netbird/client/proto"
 	"github.com/netbirdio/netbird/util"
-	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 	"google.golang.org/grpc/codes"
 	gstatus "google.golang.org/grpc/status"
@@ -18,9 +17,12 @@ var upCmd = &cobra.Command{
 	RunE: func(cmd *cobra.Command, args []string) error {
 		SetFlagsFromEnvVars()

-		cmd.SetOut(cmd.OutOrStdout())
+		err := handleRebrand(cmd)
+		if err != nil {
+			return err
+		}

-		err := util.InitLog(logLevel, "console")
+		err = util.InitLog(logLevel, "console")
 		if err != nil {
 			return fmt.Errorf("failed initializing log %v", err)
 		}
@@ -29,11 +31,6 @@ var upCmd = &cobra.Command{

 		// workaround to run without service
 		if logFile == "console" {
-			err = handleRebrand(cmd)
-			if err != nil {
-				return err
-			}
-
 			config, err := internal.GetConfig(managementURL, adminURL, configPath, preSharedKey)
 			if err != nil {
 				return fmt.Errorf("get config file: %v", err)
@@ -56,13 +53,7 @@ var upCmd = &cobra.Command{
 				"If the daemon is not running please run: "+
 				"\nnetbird service install \nnetbird service start\n", err)
 		}
-		defer func() {
-			err := conn.Close()
-			if err != nil {
-				log.Warnf("failed closing dameon gRPC client connection %v", err)
-				return
-			}
-		}()
+		defer conn.Close()

 		client := proto.NewDaemonServiceClient(conn)

@@ -71,51 +62,50 @@ var upCmd = &cobra.Command{
 			return fmt.Errorf("unable to get daemon status: %v", err)
 		}

-		if status.Status == string(internal.StatusConnected) {
+		if status.Status == string(internal.StatusNeedsLogin) || status.Status == string(internal.StatusLoginFailed) {
+			loginRequest := proto.LoginRequest{
+				SetupKey:      setupKey,
+				PreSharedKey:  preSharedKey,
+				ManagementUrl: managementURL,
+			}
+
+			var loginErr error
+
+			var loginResp *proto.LoginResponse
+
+			err = WithBackOff(func() error {
+				var backOffErr error
+				loginResp, backOffErr = client.Login(ctx, &loginRequest)
+				if s, ok := gstatus.FromError(backOffErr); ok && (s.Code() == codes.InvalidArgument ||
+					s.Code() == codes.PermissionDenied ||
+					s.Code() == codes.NotFound ||
+					s.Code() == codes.Unimplemented) {
+					loginErr = backOffErr
+					return nil
+				}
+				return backOffErr
+			})
+			if err != nil {
+				return fmt.Errorf("login backoff cycle failed: %v", err)
+			}
+
+			if loginErr != nil {
+				return fmt.Errorf("login failed: %v", loginErr)
+			}
+
+			if loginResp.NeedsSSOLogin {
+				openURL(cmd, loginResp.VerificationURI, loginResp.VerificationURIComplete, loginResp.UserCode)
+
+				_, err = client.WaitSSOLogin(ctx, &proto.WaitSSOLoginRequest{UserCode: loginResp.UserCode})
+				if err != nil {
+					return fmt.Errorf("waiting sso login failed with: %v", err)
+				}
+			}
+		} else if status.Status != string(internal.StatusIdle) {
 			cmd.Println("Already connected")
 			return nil
 		}

-		loginRequest := proto.LoginRequest{
-			SetupKey:      setupKey,
-			PreSharedKey:  preSharedKey,
-			ManagementUrl: managementURL,
-		}
-
-		var loginErr error
-
-		var loginResp *proto.LoginResponse
-
-		err = WithBackOff(func() error {
-			var backOffErr error
-			loginResp, backOffErr = client.Login(ctx, &loginRequest)
-			if s, ok := gstatus.FromError(backOffErr); ok && (s.Code() == codes.InvalidArgument ||
-				s.Code() == codes.PermissionDenied ||
-				s.Code() == codes.NotFound ||
-				s.Code() == codes.Unimplemented) {
-				loginErr = backOffErr
-				return nil
-			}
-			return backOffErr
-		})
-		if err != nil {
-			return fmt.Errorf("login backoff cycle failed: %v", err)
-		}
-
-		if loginErr != nil {
-			return fmt.Errorf("login failed: %v", loginErr)
-		}
-
-		if loginResp.NeedsSSOLogin {
-
-			openURL(cmd, loginResp.VerificationURIComplete)
-
-			_, err = client.WaitSSOLogin(ctx, &proto.WaitSSOLoginRequest{UserCode: loginResp.UserCode})
-			if err != nil {
-				return fmt.Errorf("waiting sso login failed with: %v", err)
-			}
-		}
-
 		if _, err := client.Up(ctx, &proto.UpRequest{}); err != nil {
 			return fmt.Errorf("call service up method: %v", err)
 		}
--- a/client/cmd/version.go
+++ b/client/cmd/version.go
@@ -10,8 +10,7 @@ var (
 		Use:   "version",
 		Short: "prints Netbird version",
 		Run: func(cmd *cobra.Command, args []string) {
-			cmd.SetOut(cmd.OutOrStdout())
-			cmd.Println(system.NetbirdVersion())
+			cmd.Println(system.WiretrusteeVersion())
 		},
 	}
 )
--- a/client/installer.nsis
+++ b/client/installer.nsis
@@ -2,7 +2,7 @@
 !define COMP_NAME "Netbird"
 !define WEB_SITE "Netbird.io"
 !define VERSION $%APPVER%
-!define COPYRIGHT "Netbird Authors, 2022"
+!define COPYRIGHT "Netbird Authors, 2021"
 !define DESCRIPTION "A WireGuard®-based mesh network that connects your devices into a single private network"
 !define INSTALLER_NAME "netbird-installer.exe"
 !define MAIN_APP_EXE "Netbird"
@@ -51,13 +51,10 @@ ShowInstDetails Show
 !define MUI_UNICON "${ICON}"
 !define MUI_WELCOMEFINISHPAGE_BITMAP "${BANNER}"
 !define MUI_UNWELCOMEFINISHPAGE_BITMAP "${BANNER}"
-!define MUI_FINISHPAGE_RUN
-!define MUI_FINISHPAGE_RUN_TEXT "Start ${UI_APP_NAME}"
-!define MUI_FINISHPAGE_RUN_FUNCTION "LaunchLink"
+
 ######################################################################

 !include "MUI2.nsh"
-!include LogicLib.nsh

 !define MUI_ABORTWARNING
 !define MUI_UNABORTWARNING
@@ -82,66 +79,6 @@ ShowInstDetails Show

 ######################################################################

-Function GetAppFromCommand
-Exch $1
-Push $2
-StrCpy $2 $1 1 0
-StrCmp $2 '"' 0 done
-Push $3
-StrCpy $3 ""
-loop:
-    IntOp $3 $3 + 1
-    StrCpy $2 $1 1 $3
-    StrCmp $2 '' +2
-    StrCmp $2 '"' 0 loop
-    StrCpy $1 $1 $3
-    StrCpy $1 $1 "" 1 ; Remove starting quote
-Pop $3
-done:
-Pop $2
-Exch $1
-FunctionEnd
-!macro GetAppFromCommand in out
-Push "${in}"
-Call GetAppFromCommand
-Pop ${out}
-!macroend
-
-!macro UninstallPreviousNSIS UninstCommand CustomParameters
-Push $0
-Push $1
-Push $2
-Push '${CustomParameters}'
-Push '${UninstCommand}'
-Call GetAppFromCommand ; Remove quotes and parameters from UninstCommand
-Pop $0
-Pop $1
-GetFullPathName $2 "$0\.."
-ExecWait '"$0" $1 _?=$2'
-Delete "$0" ; Extra cleanup because we used _?=
-RMDir "$2"
-Pop $2
-Pop $1
-Pop $0
-!macroend
-
-Function .onInit
-
-ReadRegStr $R0 HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\Wiretrustee" "UninstallString"
-${If} $R0 != ""
-    MessageBox MB_YESNO|MB_ICONQUESTION "Wiretrustee is installed. We must remove it before installing Netbird. Procced?" IDNO noWTUninstOld
-    !insertmacro UninstallPreviousNSIS $R0 "/NoMsgBox"
-    noWTUninstOld:
-${EndIf}
-
-ReadRegStr $R0 HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\$(^NAME)" "UninstallString"
-${If} $R0 != ""
-    MessageBox MB_YESNO|MB_ICONQUESTION "$(^NAME) is already installed. Do you want to remove the previous version?" IDNO noUninstOld
-    !insertmacro UninstallPreviousNSIS $R0 "/NoMsgBox"
-    noUninstOld:
-${EndIf}
-FunctionEnd
-######################################################################
 Section -MainProgram
 	${INSTALL_TYPE}
 	SetOverwrite ifnewer
@@ -164,16 +101,19 @@ WriteRegStr ${REG_ROOT} "${UNINSTALL_PATH}"  "DisplayVersion" "${VERSION}"
 WriteRegStr ${REG_ROOT} "${UNINSTALL_PATH}"  "Publisher" "${COMP_NAME}"

 WriteRegStr ${REG_ROOT} "${UI_REG_APP_PATH}" "" "$INSTDIR\${UI_APP_EXE}"
+WriteRegStr ${REG_ROOT} "${UI_UNINSTALL_PATH}"  "DisplayName" "${UI_APP_NAME}"
+WriteRegStr ${REG_ROOT} "${UI_UNINSTALL_PATH}"  "UninstallString" "$INSTDIR\netbird_uninstall.exe"
+WriteRegStr ${REG_ROOT} "${UI_UNINSTALL_PATH}"  "DisplayIcon" "$INSTDIR\${UI_APP_EXE}"
+WriteRegStr ${REG_ROOT} "${UI_UNINSTALL_PATH}"  "DisplayVersion" "${VERSION}"
+WriteRegStr ${REG_ROOT} "${UI_UNINSTALL_PATH}"  "Publisher" "${COMP_NAME}"

 EnVar::SetHKLM
 EnVar::AddValueEx "path" "$INSTDIR"

-SetShellVarContext current
-CreateShortCut "$SMPROGRAMS\${APP_NAME}.lnk" "$INSTDIR\${UI_APP_EXE}"
-CreateShortCut "$DESKTOP\${APP_NAME}.lnk" "$INSTDIR\${UI_APP_EXE}"
-SetShellVarContext all
+CreateShortCut "${SMPROGRAMS}\${UI_APP_NAME}.lnk" "$INSTDIR\${UI_APP_EXE}"
+CreateShortCut "${DESKTOP}\${UI_APP_NAME}.lnk" "$INSTDIR\${UI_APP_EXE}"

-ExecWait '"$INSTDIR\${MAIN_APP_EXE}" service install'
+Exec '"$INSTDIR\${MAIN_APP_EXE}" service install'
 Exec '"$INSTDIR\${MAIN_APP_EXE}" service start'
 # sleep a bit for visibility
 Sleep 1000
@@ -184,29 +124,14 @@ SectionEnd
 Section Uninstall
 ${INSTALL_TYPE}

-ExecWait '"$INSTDIR\${MAIN_APP_EXE}" service stop'
+Exec '"$INSTDIR\${MAIN_APP_EXE}" service stop'
 Exec '"$INSTDIR\${MAIN_APP_EXE}" service uninstall'
-# kill ui client
-ExecWait `taskkill /im ${UI_APP_EXE}.exe`
 # wait the service uninstall take unblock the executable
 Sleep 3000
 RmDir /r "$INSTDIR"

-SetShellVarContext current
-Delete "$DESKTOP\${APP_NAME}.lnk"
-Delete "$SMPROGRAMS\${APP_NAME}.lnk"
-SetShellVarContext all
-
 DeleteRegKey ${REG_ROOT} "${REG_APP_PATH}"
 DeleteRegKey ${REG_ROOT} "${UNINSTALL_PATH}"
 EnVar::SetHKLM
 EnVar::DeleteValue "path" "$INSTDIR"
 SectionEnd
-
-
-Function LaunchLink
-SetShellVarContext current
-   SetOutPath $INSTDIR
-   ShellExecAsUser::ShellExecAsUser "" "$DESKTOP\${APP_NAME}.lnk"
-SetShellVarContext all
-FunctionEnd
--- a/client/internal/connect.go
+++ b/client/internal/connect.go
@@ -2,9 +2,8 @@ package internal

 import (
 	"context"
-	"time"
-
 	"github.com/netbirdio/netbird/client/system"
+	"time"

 	"github.com/netbirdio/netbird/iface"
 	mgm "github.com/netbirdio/netbird/management/client"
@@ -60,15 +59,11 @@ func RunClient(ctx context.Context, config *Config) error {
 			mgmTlsEnabled = true
 		}

-		engineCtx, cancel := context.WithCancel(ctx)
-		defer cancel()
-
 		// connect (just a connection, no stream yet) and login to Management Service to get an initial global Wiretrustee config
-		mgmClient, loginResp, err := connectToManagement(engineCtx, config.ManagementURL.Host, myPrivateKey, mgmTlsEnabled)
+		mgmClient, loginResp, err := connectToManagement(ctx, config.ManagementURL.Host, myPrivateKey, mgmTlsEnabled)
 		if err != nil {
-			log.Debug(err)
+			log.Warn(err)
 			if s, ok := status.FromError(err); ok && s.Code() == codes.PermissionDenied {
-				log.Info("peer registration required. Please run `netbird status` for details")
 				state.Set(StatusNeedsLogin)
 				return nil
 			}
@@ -76,7 +71,7 @@ func RunClient(ctx context.Context, config *Config) error {
 		}

 		// with the global Wiretrustee config in hand connect (just a connection, no stream yet) Signal
-		signalClient, err := connectToSignal(engineCtx, loginResp.GetWiretrusteeConfig(), myPrivateKey)
+		signalClient, err := connectToSignal(ctx, loginResp.GetWiretrusteeConfig(), myPrivateKey)
 		if err != nil {
 			log.Error(err)
 			return wrapErr(err)
@@ -90,17 +85,20 @@ func RunClient(ctx context.Context, config *Config) error {
 			return wrapErr(err)
 		}

-		engine := NewEngine(engineCtx, cancel, signalClient, mgmClient, engineConfig)
+		ctx, cancel := context.WithCancel(ctx)
+		defer cancel()
+
+		engine := NewEngine(ctx, cancel, signalClient, mgmClient, engineConfig)
 		err = engine.Start()
 		if err != nil {
-			log.Errorf("error while starting Netbird Connection Engine: %s", err)
+			log.Errorf("error while starting Wiretrustee Connection Engine: %s", err)
 			return wrapErr(err)
 		}

-		log.Print("Netbird engine started, my IP is: ", peerConfig.Address)
+		log.Print("Wiretrustee engine started, my IP is: ", peerConfig.Address)
 		state.Set(StatusConnected)

-		<-engineCtx.Done()
+		<-ctx.Done()

 		backOff.Reset()

@@ -121,7 +119,7 @@ func RunClient(ctx context.Context, config *Config) error {
 			return wrapErr(err)
 		}

-		log.Info("stopped Netbird client")
+		log.Info("stopped Wiretrustee client")

 		if _, err := state.Status(); err == ErrResetConnection {
 			return err
@@ -184,7 +182,7 @@ func connectToSignal(ctx context.Context, wtConfig *mgmProto.WiretrusteeConfig,

 // connectToManagement creates Management Services client, establishes a connection, logs-in and gets a global Wiretrustee config (signal, turn, stun hosts, etc)
 func connectToManagement(ctx context.Context, managementAddr string, ourPrivateKey wgtypes.Key, tlsEnabled bool) (*mgm.GrpcClient, *mgmProto.LoginResponse, error) {
-	log.Debugf("connecting to Management Service %s", managementAddr)
+	log.Debugf("connecting to management server %s", managementAddr)
 	client, err := mgm.NewClient(ctx, managementAddr, ourPrivateKey, tlsEnabled)
 	if err != nil {
 		return nil, nil, status.Errorf(codes.FailedPrecondition, "failed connecting to Management Service : %s", err)
@@ -196,10 +194,14 @@ func connectToManagement(ctx context.Context, managementAddr string, ourPrivateK
 		return nil, nil, status.Errorf(codes.FailedPrecondition, "failed while getting Management Service public key: %s", err)
 	}

-	sysInfo := system.GetInfo(ctx)
-	loginResp, err := client.Login(*serverPublicKey, sysInfo)
+	loginResp, err := client.Login(*serverPublicKey, system.GetInfo())
 	if err != nil {
-		return nil, nil, err
+		if s, ok := status.FromError(err); ok && s.Code() == codes.PermissionDenied {
+			log.Error("peer registration required. Please run wiretrustee login command first")
+			return nil, nil, err
+		} else {
+			return nil, nil, err
+		}
 	}

 	log.Debugf("peer logged in to Management Service %s", managementAddr)
--- a/client/internal/engine.go
+++ b/client/internal/engine.go
@@ -38,7 +38,7 @@ type EngineConfig struct {
 	WgPort      int
 	WgIfaceName string

-	// WgAddr is a Wireguard local address (Netbird Network IP)
+	// WgAddr is a Wireguard local address (Wiretrustee Network IP)
 	WgAddr string

 	// WgPrivateKey is a Wireguard private key of our peer (it MUST never leave the machine)
@@ -127,11 +127,11 @@ func (e *Engine) Stop() error {
 	// Removing peers happens in the conn.CLose() asynchronously
 	time.Sleep(500 * time.Millisecond)

-	log.Debugf("removing Netbird interface %s", e.config.WgIfaceName)
+	log.Debugf("removing Wiretrustee interface %s", e.config.WgIfaceName)
 	if e.wgInterface.Interface != nil {
 		err = e.wgInterface.Close()
 		if err != nil {
-			log.Errorf("failed closing Netbird interface %s %v", e.config.WgIfaceName, err)
+			log.Errorf("failed closing Wiretrustee interface %s %v", e.config.WgIfaceName, err)
 			return err
 		}
 	}
@@ -160,7 +160,7 @@ func (e *Engine) Stop() error {
 		}
 	}

-	log.Infof("stopped Netbird Engine")
+	log.Infof("stopped Wiretrustee Engine")

 	return nil
 }
--- a/client/internal/engine_test.go
+++ b/client/internal/engine_test.go
@@ -390,7 +390,7 @@ func createEngine(ctx context.Context, cancel context.CancelFunc, setupKey strin
 		return nil, err
 	}

-	info := system.GetInfo(ctx)
+	info := system.GetInfo()
 	resp, err := mgmtClient.Register(*publicKey, setupKey, "", info)
 	if err != nil {
 		return nil, err
--- a/client/internal/login.go
+++ b/client/internal/login.go
@@ -2,7 +2,6 @@ package internal

 import (
 	"context"
-
 	"github.com/google/uuid"
 	"github.com/netbirdio/netbird/client/system"
 	mgm "github.com/netbirdio/netbird/management/client"
@@ -13,7 +12,7 @@ import (
 	"google.golang.org/grpc/status"
 )

-func Login(ctx context.Context, config *Config, setupKey string, jwtToken string) error {
+func Login(ctx context.Context, config *Config, setupKey string, jwtToken string, sysInfo *system.Info) error {
 	// validate our peer's Wireguard PRIVATE key
 	myPrivateKey, err := wgtypes.ParseKey(config.PrivateKey)
 	if err != nil {
@@ -40,7 +39,7 @@ func Login(ctx context.Context, config *Config, setupKey string, jwtToken string
 		return err
 	}

-	_, err = loginPeer(ctx, *serverKey, mgmClient, setupKey, jwtToken)
+	_, err = loginPeer(*serverKey, mgmClient, setupKey, jwtToken, sysInfo)
 	if err != nil {
 		log.Errorf("failed logging-in peer on Management Service : %v", err)
 		return err
@@ -56,13 +55,12 @@ func Login(ctx context.Context, config *Config, setupKey string, jwtToken string
 }

 // loginPeer attempts to login to Management Service. If peer wasn't registered, tries the registration flow.
-func loginPeer(ctx context.Context, serverPublicKey wgtypes.Key, client *mgm.GrpcClient, setupKey string, jwtToken string) (*mgmProto.LoginResponse, error) {
-	sysInfo := system.GetInfo(ctx)
+func loginPeer(serverPublicKey wgtypes.Key, client *mgm.GrpcClient, setupKey string, jwtToken string, sysInfo *system.Info) (*mgmProto.LoginResponse, error) {
 	loginResp, err := client.Login(serverPublicKey, sysInfo)
 	if err != nil {
 		if s, ok := status.FromError(err); ok && s.Code() == codes.PermissionDenied {
 			log.Debugf("peer registration required")
-			return registerPeer(ctx, serverPublicKey, client, setupKey, jwtToken)
+			return registerPeer(serverPublicKey, client, setupKey, jwtToken)
 		} else {
 			return nil, err
 		}
@@ -75,14 +73,14 @@ func loginPeer(ctx context.Context, serverPublicKey wgtypes.Key, client *mgm.Grp

 // registerPeer checks whether setupKey was provided via cmd line and if not then it prompts user to enter a key.
 // Otherwise tries to register with the provided setupKey via command line.
-func registerPeer(ctx context.Context, serverPublicKey wgtypes.Key, client *mgm.GrpcClient, setupKey string, jwtToken string) (*mgmProto.LoginResponse, error) {
+func registerPeer(serverPublicKey wgtypes.Key, client *mgm.GrpcClient, setupKey string, jwtToken string) (*mgmProto.LoginResponse, error) {
 	validSetupKey, err := uuid.Parse(setupKey)
 	if err != nil && jwtToken == "" {
 		return nil, status.Errorf(codes.InvalidArgument, "invalid setup-key or no sso information provided, err: %v", err)
 	}

 	log.Debugf("sending peer registration request to Management Service")
-	info := system.GetInfo(ctx)
+	info := system.GetInfo()
 	loginResp, err := client.Register(serverPublicKey, validSetupKey.String(), jwtToken, info)
 	if err != nil {
 		log.Errorf("failed registering peer %v,%s", err, validSetupKey.String())
--- a/client/internal/oauth.go
+++ b/client/internal/oauth.go
@@ -16,7 +16,6 @@ type OAuthClient interface {
 	RequestDeviceCode(ctx context.Context) (DeviceAuthInfo, error)
 	RotateAccessToken(ctx context.Context, refreshToken string) (TokenInfo, error)
 	WaitToken(ctx context.Context, info DeviceAuthInfo) (TokenInfo, error)
-	GetClientID(ctx context.Context) string
 }

 // HTTPClient http client interface for API calls
@@ -105,11 +104,6 @@ func NewHostedDeviceFlow(audience string, clientID string, domain string) *Hoste
 	}
 }

-// GetClientID returns the provider client id
-func (h *Hosted) GetClientID(ctx context.Context) string {
-	return h.ClientID
-}
-
 // RequestDeviceCode requests a device code login flow information from Hosted
 func (h *Hosted) RequestDeviceCode(ctx context.Context) (DeviceAuthInfo, error) {
 	url := "https://" + h.Domain + "/oauth/device/code"
@@ -156,8 +150,7 @@ func (h *Hosted) RequestDeviceCode(ctx context.Context) (DeviceAuthInfo, error)
 // WaitToken waits user's login and authorize the app. Once the user's authorize
 // it retrieves the access token from Hosted's endpoint and validates it before returning
 func (h *Hosted) WaitToken(ctx context.Context, info DeviceAuthInfo) (TokenInfo, error) {
-	interval := time.Duration(info.Interval) * time.Second
-	ticker := time.NewTicker(interval)
+	ticker := time.NewTicker(time.Duration(info.Interval) * time.Second)
 	for {
 		select {
 		case <-ctx.Done():
@@ -188,12 +181,7 @@ func (h *Hosted) WaitToken(ctx context.Context, info DeviceAuthInfo) (TokenInfo,
 			if tokenResponse.Error != "" {
 				if tokenResponse.Error == "authorization_pending" {
 					continue
-				} else if tokenResponse.Error == "slow_down" {
-					interval = interval + (3 * time.Second)
-					ticker.Reset(interval)
-					continue
 				}
-
 				return TokenInfo{}, fmt.Errorf(tokenResponse.ErrorDescription)
 			}

--- a/client/server/server.go
+++ b/client/server/server.go
@@ -3,12 +3,12 @@ package server
 import (
 	"context"
 	"fmt"
-	"sync"
-	"time"
-
+	"github.com/netbirdio/netbird/client/system"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/metadata"
 	gstatus "google.golang.org/grpc/status"
+	"sync"
+	"time"

 	log "github.com/sirupsen/logrus"

@@ -26,20 +26,14 @@ type Server struct {
 	configPath    string
 	logFile       string

-	oauthAuthFlow oauthAuthFlow
+	oauthClient    internal.OAuthClient
+	deviceAuthInfo internal.DeviceAuthInfo

 	mutex  sync.Mutex
 	config *internal.Config
 	proto.UnimplementedDaemonServiceServer
 }

-type oauthAuthFlow struct {
-	expiresAt  time.Time
-	client     internal.OAuthClient
-	info       internal.DeviceAuthInfo
-	waitCancel context.CancelFunc
-}
-
 // New server instance constructor.
 func New(ctx context.Context, managementURL, adminURL, configPath, logFile string) *Server {
 	return &Server{
@@ -99,9 +93,9 @@ func (s *Server) Start() error {
 }

 // loginAttempt attempts to login using the provided information. it returns a status in case something fails
-func (s *Server) loginAttempt(ctx context.Context, setupKey, jwtToken string) (internal.StatusType, error) {
+func (s *Server) loginAttempt(ctx context.Context, setupKey, jwtToken string, sysInfo *system.Info) (internal.StatusType, error) {
 	var status internal.StatusType
-	err := internal.Login(ctx, s.config, setupKey, jwtToken)
+	err := internal.Login(ctx, s.config, setupKey, jwtToken, sysInfo)
 	if err != nil {
 		if s, ok := gstatus.FromError(err); ok && (s.Code() == codes.InvalidArgument || s.Code() == codes.PermissionDenied) {
 			log.Warnf("failed login: %v", err)
@@ -116,18 +110,12 @@ func (s *Server) loginAttempt(ctx context.Context, setupKey, jwtToken string) (i
 }

 // Login uses setup key to prepare configuration for the daemon.
-func (s *Server) Login(callerCtx context.Context, msg *proto.LoginRequest) (*proto.LoginResponse, error) {
+func (s *Server) Login(_ context.Context, msg *proto.LoginRequest) (*proto.LoginResponse, error) {
 	s.mutex.Lock()
 	if s.actCancel != nil {
 		s.actCancel()
 	}
 	ctx, cancel := context.WithCancel(s.rootCtx)
-
-	md, ok := metadata.FromIncomingContext(callerCtx)
-	if ok {
-		ctx = metadata.NewOutgoingContext(ctx, md)
-	}
-
 	s.actCancel = cancel
 	s.mutex.Unlock()

@@ -162,7 +150,13 @@ func (s *Server) Login(callerCtx context.Context, msg *proto.LoginRequest) (*pro
 	s.config = config
 	s.mutex.Unlock()

-	if _, err := s.loginAttempt(ctx, "", ""); err == nil {
+	sysInfo := system.GetInfo()
+	agent := extractUserAgent(ctx)
+	if agent != "" {
+		sysInfo.Caller = agent
+	}
+
+	if _, err := s.loginAttempt(ctx, "", "", sysInfo); err == nil {
 		state.Set(internal.StatusIdle)
 		return &proto.LoginResponse{}, nil
 	}
@@ -193,21 +187,6 @@ func (s *Server) Login(callerCtx context.Context, msg *proto.LoginRequest) (*pro
 			providerConfig.ProviderConfig.Domain,
 		)

-		if s.oauthAuthFlow.client != nil && s.oauthAuthFlow.client.GetClientID(ctx) == hostedClient.GetClientID(context.TODO()) {
-			if s.oauthAuthFlow.expiresAt.After(time.Now().Add(90 * time.Second)) {
-				log.Debugf("using previous device flow info")
-				return &proto.LoginResponse{
-					NeedsSSOLogin:           true,
-					VerificationURI:         s.oauthAuthFlow.info.VerificationURI,
-					VerificationURIComplete: s.oauthAuthFlow.info.VerificationURIComplete,
-					UserCode:                s.oauthAuthFlow.info.UserCode,
-				}, nil
-			} else {
-				log.Warnf("canceling previous waiting execution")
-				s.oauthAuthFlow.waitCancel()
-			}
-		}
-
 		deviceAuthInfo, err := hostedClient.RequestDeviceCode(context.TODO())
 		if err != nil {
 			log.Errorf("getting a request device code failed: %v", err)
@@ -215,9 +194,8 @@ func (s *Server) Login(callerCtx context.Context, msg *proto.LoginRequest) (*pro
 		}

 		s.mutex.Lock()
-		s.oauthAuthFlow.client = hostedClient
-		s.oauthAuthFlow.info = deviceAuthInfo
-		s.oauthAuthFlow.expiresAt = time.Now().Add(time.Duration(deviceAuthInfo.ExpiresIn) * time.Second)
+		s.oauthClient = hostedClient
+		s.deviceAuthInfo = deviceAuthInfo
 		s.mutex.Unlock()

 		state.Set(internal.StatusNeedsLogin)
@@ -230,7 +208,7 @@ func (s *Server) Login(callerCtx context.Context, msg *proto.LoginRequest) (*pro
 		}, nil
 	}

-	if loginStatus, err := s.loginAttempt(ctx, msg.SetupKey, ""); err != nil {
+	if loginStatus, err := s.loginAttempt(ctx, msg.SetupKey, "", sysInfo); err != nil {
 		state.Set(loginStatus)
 		return nil, err
 	}
@@ -240,22 +218,16 @@ func (s *Server) Login(callerCtx context.Context, msg *proto.LoginRequest) (*pro

 // WaitSSOLogin uses the userCode to validate the TokenInfo and
 // waits for the user to continue with the login on a browser
-func (s *Server) WaitSSOLogin(callerCtx context.Context, msg *proto.WaitSSOLoginRequest) (*proto.WaitSSOLoginResponse, error) {
+func (s *Server) WaitSSOLogin(_ context.Context, msg *proto.WaitSSOLoginRequest) (*proto.WaitSSOLoginResponse, error) {
 	s.mutex.Lock()
 	if s.actCancel != nil {
 		s.actCancel()
 	}
 	ctx, cancel := context.WithCancel(s.rootCtx)
-
-	md, ok := metadata.FromIncomingContext(callerCtx)
-	if ok {
-		ctx = metadata.NewOutgoingContext(ctx, md)
-	}
-
 	s.actCancel = cancel
 	s.mutex.Unlock()

-	if s.oauthAuthFlow.client == nil {
+	if s.oauthClient == nil {
 		return nil, gstatus.Errorf(codes.Internal, "oauth client is not initialized")
 	}

@@ -270,7 +242,7 @@ func (s *Server) WaitSSOLogin(callerCtx context.Context, msg *proto.WaitSSOLogin
 	state.Set(internal.StatusConnecting)

 	s.mutex.Lock()
-	deviceAuthInfo := s.oauthAuthFlow.info
+	deviceAuthInfo := s.deviceAuthInfo
 	s.mutex.Unlock()

 	if deviceAuthInfo.UserCode != msg.UserCode {
@@ -278,32 +250,24 @@ func (s *Server) WaitSSOLogin(callerCtx context.Context, msg *proto.WaitSSOLogin
 		return nil, gstatus.Errorf(codes.InvalidArgument, "sso user code is invalid")
 	}

-	if s.oauthAuthFlow.waitCancel != nil {
-		s.oauthAuthFlow.waitCancel()
-	}
-
-	waitTimeout := time.Until(s.oauthAuthFlow.expiresAt)
-	waitCTX, cancel := context.WithTimeout(ctx, waitTimeout)
+	waitTimeout := time.Duration(deviceAuthInfo.ExpiresIn)
+	waitCTX, cancel := context.WithTimeout(ctx, waitTimeout*time.Second)
 	defer cancel()

-	s.mutex.Lock()
-	s.oauthAuthFlow.waitCancel = cancel
-	s.mutex.Unlock()
-
-	tokenInfo, err := s.oauthAuthFlow.client.WaitToken(waitCTX, deviceAuthInfo)
+	tokenInfo, err := s.oauthClient.WaitToken(waitCTX, deviceAuthInfo)
 	if err != nil {
-		if err == context.Canceled {
-			return nil, nil
-		}
-		s.mutex.Lock()
-		s.oauthAuthFlow.expiresAt = time.Now()
-		s.mutex.Unlock()
 		state.Set(internal.StatusLoginFailed)
 		log.Errorf("waiting for browser login failed: %v", err)
 		return nil, err
 	}

-	if loginStatus, err := s.loginAttempt(ctx, "", tokenInfo.AccessToken); err != nil {
+	sysInfo := system.GetInfo()
+	agent := extractUserAgent(ctx)
+	if agent != "" {
+		sysInfo.Caller = agent
+	}
+
+	if loginStatus, err := s.loginAttempt(ctx, "", tokenInfo.AccessToken, sysInfo); err != nil {
 		state.Set(loginStatus)
 		return nil, err
 	}
@@ -312,7 +276,7 @@ func (s *Server) WaitSSOLogin(callerCtx context.Context, msg *proto.WaitSSOLogin
 }

 // Up starts engine work in the daemon.
-func (s *Server) Up(callerCtx context.Context, msg *proto.UpRequest) (*proto.UpResponse, error) {
+func (s *Server) Up(_ context.Context, msg *proto.UpRequest) (*proto.UpResponse, error) {
 	s.mutex.Lock()
 	defer s.mutex.Unlock()

@@ -334,12 +298,6 @@ func (s *Server) Up(callerCtx context.Context, msg *proto.UpRequest) (*proto.UpR
 		s.actCancel()
 	}
 	ctx, cancel := context.WithCancel(s.rootCtx)
-
-	md, ok := metadata.FromIncomingContext(callerCtx)
-	if ok {
-		ctx = metadata.NewOutgoingContext(ctx, md)
-	}
-
 	s.actCancel = cancel

 	if s.config == nil {
@@ -418,3 +376,14 @@ func (s *Server) GetConfig(ctx context.Context, msg *proto.GetConfigRequest) (*p
 		PreSharedKey:  preSharedKey,
 	}, nil
 }
+
+func extractUserAgent(ctx context.Context) string {
+	mD, ok := metadata.FromIncomingContext(ctx)
+	if ok {
+		agent, ok := mD["user-agent"]
+		if ok {
+			return agent[0]
+		}
+	}
+	return ""
+}
--- a/client/system/info.go
+++ b/client/system/info.go
@@ -1,11 +1,5 @@
 package system

-import (
-	"context"
-	"google.golang.org/grpc/metadata"
-	"strings"
-)
-
 // this is the wiretrustee version
 // will be replaced with the release version when using goreleaser
 var version = "development"
@@ -22,31 +16,18 @@ type Info struct {
 	Hostname           string
 	CPUs               int
 	WiretrusteeVersion string
-	UIVersion          string
+	Caller             string
+	CallerVersion      string
 }

-// NetbirdVersion returns the Netbird version
-func NetbirdVersion() string {
+func WiretrusteeVersion() string {
 	return version
 }

-// extractUserAgent extracts Netbird's agent (client) name and version from the outgoing context
-func extractUserAgent(ctx context.Context) string {
-	md, hasMeta := metadata.FromOutgoingContext(ctx)
-	if hasMeta {
-		agent, ok := md["user-agent"]
-		if ok {
-			nbAgent := strings.Split(agent[0], " ")[0]
-			if strings.HasPrefix(nbAgent, "netbird") {
-				return nbAgent
-			}
-			return ""
-		}
-	}
-	return ""
+func NetBirdDesktopUIUserAgent() string {
+	return "netbird-desktop-ui/" + WiretrusteeVersion()
 }

-// GetDesktopUIUserAgent returns the Desktop ui user agent
-func GetDesktopUIUserAgent() string {
-	return "netbird-desktop-ui/" + NetbirdVersion()
+func NetBirdCLIUserAgent() string {
+	return "netbird-cli/" + WiretrusteeVersion()
 }
--- a/client/system/info_darwin.go
+++ b/client/system/info_darwin.go
@@ -2,7 +2,6 @@ package system

 import (
 	"bytes"
-	"context"
 	"fmt"
 	"os"
 	"os/exec"
@@ -11,8 +10,7 @@ import (
 	"time"
 )

-// GetInfo retrieves and parses the system information
-func GetInfo(ctx context.Context) *Info {
+func GetInfo() *Info {
 	out := _getInfo()
 	for strings.Contains(out, "broken pipe") {
 		out = _getInfo()
@@ -23,9 +21,7 @@ func GetInfo(ctx context.Context) *Info {
 	osInfo := strings.Split(osStr, " ")
 	gio := &Info{Kernel: osInfo[0], OSVersion: osInfo[1], Core: osInfo[1], Platform: osInfo[2], OS: osInfo[0], GoOS: runtime.GOOS, CPUs: runtime.NumCPU()}
 	gio.Hostname, _ = os.Hostname()
-	gio.WiretrusteeVersion = NetbirdVersion()
-	gio.UIVersion = extractUserAgent(ctx)
-
+	gio.WiretrusteeVersion = WiretrusteeVersion()
 	return gio
 }

--- a/client/system/info_freebsd.go
+++ b/client/system/info_freebsd.go
@@ -2,7 +2,6 @@ package system

 import (
 	"bytes"
-	"context"
 	"fmt"
 	"os"
 	"os/exec"
@@ -11,8 +10,7 @@ import (
 	"time"
 )

-// GetInfo retrieves and parses the system information
-func GetInfo(ctx context.Context) *Info {
+func GetInfo() *Info {
 	out := _getInfo()
 	for strings.Contains(out, "broken pipe") {
 		out = _getInfo()
@@ -23,9 +21,7 @@ func GetInfo(ctx context.Context) *Info {
 	osInfo := strings.Split(osStr, " ")
 	gio := &Info{Kernel: osInfo[0], Core: osInfo[1], Platform: runtime.GOARCH, OS: osInfo[2], GoOS: runtime.GOOS, CPUs: runtime.NumCPU()}
 	gio.Hostname, _ = os.Hostname()
-	gio.WiretrusteeVersion = NetbirdVersion()
-	gio.UIVersion = extractUserAgent(ctx)
-
+	gio.WiretrusteeVersion = WiretrusteeVersion()
 	return gio
 }

--- a/client/system/info_linux.go
+++ b/client/system/info_linux.go
@@ -2,7 +2,6 @@ package system

 import (
 	"bytes"
-	"context"
 	"fmt"
 	"os"
 	"os/exec"
@@ -11,8 +10,7 @@ import (
 	"time"
 )

-// GetInfo retrieves and parses the system information
-func GetInfo(ctx context.Context) *Info {
+func GetInfo() *Info {
 	info := _getInfo()
 	for strings.Contains(info, "broken pipe") {
 		info = _getInfo()
@@ -46,8 +44,7 @@ func GetInfo(ctx context.Context) *Info {
 	}
 	gio := &Info{Kernel: osInfo[0], Core: osInfo[1], Platform: osInfo[2], OS: osName, OSVersion: osVer, GoOS: runtime.GOOS, CPUs: runtime.NumCPU()}
 	gio.Hostname, _ = os.Hostname()
-	gio.WiretrusteeVersion = NetbirdVersion()
-	gio.UIVersion = extractUserAgent(ctx)
+	gio.WiretrusteeVersion = WiretrusteeVersion()

 	return gio
 }
--- a/client/system/info_test.go
+++ b/client/system/info_test.go
@@ -1,26 +1,13 @@
 package system

 import (
-	"context"
 	"testing"

 	"github.com/stretchr/testify/assert"
-	"google.golang.org/grpc/metadata"
 )

-func Test_LocalWTVersion(t *testing.T) {
-	got := GetInfo(context.TODO())
+func Test_LocalVersion(t *testing.T) {
+	got := GetInfo()
 	want := "development"
 	assert.Equal(t, want, got.WiretrusteeVersion)
 }
-
-func Test_UIVersion(t *testing.T) {
-	ctx := context.Background()
-	want := "netbird-desktop-ui/development"
-	ctx = metadata.NewOutgoingContext(ctx, map[string][]string{
-		"user-agent": {want},
-	})
-
-	got := GetInfo(ctx)
-	assert.Equal(t, want, got.UIVersion)
-}
--- a/client/system/info_windows.go
+++ b/client/system/info_windows.go
@@ -2,15 +2,13 @@ package system

 import (
 	"bytes"
-	"context"
 	"os"
 	"os/exec"
 	"runtime"
 	"strings"
 )

-// GetInfo retrieves and parses the system information
-func GetInfo(ctx context.Context) *Info {
+func GetInfo() *Info {
 	cmd := exec.Command("cmd", "ver")
 	cmd.Stdin = strings.NewReader("some")
 	var out bytes.Buffer
@@ -33,8 +31,7 @@ func GetInfo(ctx context.Context) *Info {
 	}
 	gio := &Info{Kernel: "windows", OSVersion: ver, Core: ver, Platform: "unknown", OS: "windows", GoOS: runtime.GOOS, CPUs: runtime.NumCPU()}
 	gio.Hostname, _ = os.Hostname()
-	gio.WiretrusteeVersion = NetbirdVersion()
-	gio.UIVersion = extractUserAgent(ctx)
+	gio.WiretrusteeVersion = WiretrusteeVersion()

 	return gio
 }
--- a/client/testdata/store.json
+++ b/client/testdata/store.json
@@ -18,7 +18,7 @@
                "Id": "af1c8024-ha40-4ce2-9418-34653101fc3c",
                "Net": {
                    "IP": "100.64.0.0",
-                    "Mask": "//8AAA=="
+                    "Mask": "/8AAAA=="
                },
                "Dns": null
            },
--- a/client/ui/client_ui.go
+++ b/client/ui/client_ui.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"flag"
 	"fmt"
+	"github.com/cenkalti/backoff/v4"
 	"github.com/netbirdio/netbird/client/system"
 	"io/ioutil"
 	"os"
@@ -15,8 +16,6 @@ import (
 	"syscall"
 	"time"

-	"github.com/cenkalti/backoff/v4"
-
 	_ "embed"

 	"github.com/getlantern/systray"
@@ -90,7 +89,7 @@ type serviceClient struct {
 	icConnected    []byte
 	icDisconnected []byte

-	// systray menu items
+	// systray menu itmes
 	mStatus     *systray.MenuItem
 	mUp         *systray.MenuItem
 	mDown       *systray.MenuItem
@@ -177,7 +176,7 @@ func (s *serviceClient) getSettingsForm() *widget.Form {
 			if s.iPreSharedKey.Text != "" && s.iPreSharedKey.Text != "**********" {
 				// validate preSharedKey if it added
 				if _, err := wgtypes.ParseKey(s.iPreSharedKey.Text); err != nil {
-					dialog.ShowError(fmt.Errorf("Invalid Pre-shared Key Value"), s.wSettings)
+					dialog.ShowError(fmt.Errorf("invalid Pre-shared Key Value"), s.wSettings)
 					return
 				}
 			}
@@ -259,27 +258,36 @@ func (s *serviceClient) menuUpClick() error {
 		return err
 	}

-	err = s.login()
-	if err != nil {
-		log.Errorf("login failed with: %v", err)
-		return err
-	}
-
 	status, err := conn.Status(s.ctx, &proto.StatusRequest{})
 	if err != nil {
 		log.Errorf("get service status: %v", err)
 		return err
 	}

-	if status.Status == string(internal.StatusConnected) {
-		log.Warnf("already connected")
+	if status.Status == string(internal.StatusNeedsLogin) || status.Status == string(internal.StatusLoginFailed) {
+		err = s.login()
+		if err != nil {
+			log.Errorf("get service status: %v", err)
+			return err
+		}
+	}
+
+	status, err = conn.Status(s.ctx, &proto.StatusRequest{})
+	if err != nil {
+		log.Errorf("get service status: %v", err)
 		return err
 	}

+	if status.Status != string(internal.StatusIdle) {
+		log.Warnf("already connected")
+		return nil
+	}
+
 	if _, err := s.conn.Up(s.ctx, &proto.UpRequest{}); err != nil {
 		log.Errorf("up service: %v", err)
 		return err
 	}
+
 	return nil
 }

@@ -364,9 +372,6 @@ func (s *serviceClient) onTrayReady() {
 	systray.AddSeparator()
 	s.mSettings = systray.AddMenuItem("Settings", "Settings of the application")
 	systray.AddSeparator()
-	v := systray.AddMenuItem("v"+system.NetbirdVersion(), "Client Version: "+system.NetbirdVersion())
-	v.Disable()
-	systray.AddSeparator()
 	s.mQuit = systray.AddMenuItem("Quit", "Quit the client app")

 	go func() {
@@ -387,19 +392,15 @@ func (s *serviceClient) onTrayReady() {
 			case <-s.mAdminPanel.ClickedCh:
 				err = open.Run(s.adminURL)
 			case <-s.mUp.ClickedCh:
-				go func() {
-					err := s.menuUpClick()
-					if err != nil {
-						return
-					}
-				}()
+				s.mUp.Disable()
+				if err = s.menuUpClick(); err != nil {
+					s.mUp.Enable()
+				}
 			case <-s.mDown.ClickedCh:
-				go func() {
-					err := s.menuDownClick()
-					if err != nil {
-						return
-					}
-				}()
+				s.mDown.Disable()
+				if err = s.menuDownClick(); err != nil {
+					s.mDown.Enable()
+				}
 			case <-s.mSettings.ClickedCh:
 				s.mSettings.Disable()
 				go func() {
@@ -450,7 +451,7 @@ func (s *serviceClient) getSrvClient(timeout time.Duration) (proto.DaemonService
 		strings.TrimPrefix(s.addr, "tcp://"),
 		grpc.WithTransportCredentials(insecure.NewCredentials()),
 		grpc.WithBlock(),
-		grpc.WithUserAgent(system.GetDesktopUIUserAgent()),
+		grpc.WithUserAgent(system.NetBirdDesktopUIUserAgent()),
 	)
 	if err != nil {
 		return nil, fmt.Errorf("dial service: %w", err)
--- a/client/ui/netbird-ui.rb.tmpl
+++ b/client/ui/netbird-ui.rb.tmpl
@@ -17,22 +17,6 @@ cask "{{ $projectName }}" do

  depends_on formula: "netbird"

-  postflight do
-    set_permissions "/Applications/Netbird UI.app/installer.sh", '0755'
-    set_permissions "/Applications/Netbird UI.app/uninstaller.sh", '0755'
-  end
-
-  postflight do
-    system_command "#{appdir}/Netbird UI.app/installer.sh",
-                   args: ["#{version}"],
-                   sudo: true
-  end
-
-  uninstall_preflight do
-    system_command "#{appdir}/Netbird UI.app/uninstaller.sh",
-                   sudo: false
-  end
-
  name "Netbird UI"
  desc "Netbird UI Client"
  homepage "https://www.netbird.io/"
--- a/client/ui/netbird.desktop
+++ b/client/ui/netbird.desktop
@@ -1,5 +1,5 @@
 [Desktop Entry]
-Name=Netbird
+Name=Netbird Agent
 Exec=/usr/bin/netbird-ui
 Icon=netbird
 Type=Application
--- a/docs/media/peerA.gif
+++ b/docs/media/peerA.gif
--- a/docs/media/peerB.gif
+++ b/docs/media/peerB.gif
--- a/go.mod
+++ b/go.mod
@@ -29,7 +29,6 @@ require (

 require (
 	fyne.io/fyne/v2 v2.1.4
-	github.com/c-robinson/iplib v1.0.3
 	github.com/getlantern/systray v1.2.1
 	github.com/magiconair/properties v1.8.5
 	github.com/rs/xid v1.3.0
--- a/go.sum
+++ b/go.sum
@@ -70,8 +70,6 @@ github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
-github.com/c-robinson/iplib v1.0.3 h1:NG0UF0GoEsrC1/vyfX1Lx2Ss7CySWl3KqqXh3q4DdPU=
-github.com/c-robinson/iplib v1.0.3/go.mod h1:i3LuuFL1hRT5gFpBRnEydzw8R6yhGkF4szNDIbF8pgo=
 github.com/cenkalti/backoff/v4 v4.1.2 h1:6Yo7N8UP2K6LWZnW94DLVSSrbobcWdVzAYOisuDPIFo=
 github.com/cenkalti/backoff/v4 v4.1.2/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
--- a/iface/iface_linux.go
+++ b/iface/iface_linux.go
@@ -38,10 +38,9 @@ func WireguardModExists() bool {
 func (w *WGIface) Create() error {

 	if WireguardModExists() {
-		log.Info("using kernel WireGuard")
+		log.Debug("using kernel Wireguard module")
 		return w.CreateWithKernel()
 	} else {
-		log.Info("using userspace WireGuard")
 		return w.CreateWithUserspace()
 	}
 }
--- a/infrastructure_files/configure.sh
+++ b/infrastructure_files/configure.sh
@@ -12,7 +12,6 @@ fi
 if [[ $NETBIRD_DOMAIN == "localhost" || $NETBIRD_DOMAIN == "127.0.0.1" ]]
 then
  export NETBIRD_MGMT_API_ENDPOINT=http://$NETBIRD_DOMAIN:$NETBIRD_MGMT_API_PORT
-  export NETBIRD_MGMT_GRPC_API_ENDPOINT=http://$NETBIRD_DOMAIN:$NETBIRD_MGMT_GRPC_API_PORT
  unset NETBIRD_MGMT_API_CERT_FILE
  unset NETBIRD_MGMT_API_CERT_KEY_FILE
 fi
--- a/infrastructure_files/docker-compose.yml.tmpl
+++ b/infrastructure_files/docker-compose.yml.tmpl
@@ -12,7 +12,6 @@ services:
      - AUTH0_CLIENT_ID=$NETBIRD_AUTH0_CLIENT_ID
      - AUTH0_AUDIENCE=$NETBIRD_AUTH0_AUDIENCE
      - NETBIRD_MGMT_API_ENDPOINT=$NETBIRD_MGMT_API_ENDPOINT
-      - NETBIRD_MGMT_GRPC_API_ENDPOINT=$NETBIRD_MGMT_GRPC_API_ENDPOINT
      - NGINX_SSL_PORT=443
      - LETSENCRYPT_DOMAIN=$NETBIRD_DOMAIN
      - LETSENCRYPT_EMAIL=$NETBIRD_LETSENCRYPT_EMAIL
@@ -40,7 +39,7 @@ services:
      - $LETSENCRYPT_VOLUMENAME:/etc/letsencrypt:ro
      - ./management.json:/etc/netbird/management.json
    ports:
-      - $NETBIRD_MGMT_GRPC_API_PORT:33073 #gRPC port
+      - 33073:33073 #gRPC port
      - $NETBIRD_MGMT_API_PORT:33071 #API port
  #     # port and command for Let's Encrypt validation
  #      - 443:443
--- a/infrastructure_files/setup.env
+++ b/infrastructure_files/setup.env
@@ -19,12 +19,8 @@ NETBIRD_LETSENCRYPT_EMAIL=""

 # Management API port
 NETBIRD_MGMT_API_PORT=33071
-# Management GRPC API port
-NETBIRD_MGMT_GRPC_API_PORT=33073
 # Management API endpoint address, used by the Dashboard
 NETBIRD_MGMT_API_ENDPOINT=https://$NETBIRD_DOMAIN:$NETBIRD_MGMT_API_PORT
-# Management GRPC API endpoint address, used by the hosts to register
-NETBIRD_MGMT_GRPC_API_ENDPOINT=https://$NETBIRD_DOMAIN:NETBIRD_MGMT_GRPC_API_PORT
 # Management Certficate file path. These are generated by the Dashboard container
 NETBIRD_MGMT_API_CERT_FILE="/etc/letsencrypt/live/$NETBIRD_DOMAIN/fullchain.pem"
 # Management Certficate key file path.
@@ -54,8 +50,6 @@ export NETBIRD_AUTH0_AUDIENCE
 export NETBIRD_LETSENCRYPT_EMAIL
 export NETBIRD_MGMT_API_PORT
 export NETBIRD_MGMT_API_ENDPOINT
-export NETBIRD_MGMT_GRPC_API_PORT
-export NETBIRD_MGMT_GRPC_API_ENDPOINT
 export NETBIRD_MGMT_API_CERT_FILE
 export NETBIRD_MGMT_API_CERT_KEY_FILE
 export TURN_USER
--- a/management/client/client.go
+++ b/management/client/client.go
@@ -12,7 +12,7 @@ type Client interface {
 	io.Closer
 	Sync(msgHandler func(msg *proto.SyncResponse) error) error
 	GetServerPublicKey() (*wgtypes.Key, error)
-	Register(serverKey wgtypes.Key, setupKey string, jwtToken string, sysInfo *system.Info) (*proto.LoginResponse, error)
-	Login(serverKey wgtypes.Key, sysInfo *system.Info) (*proto.LoginResponse, error)
+	Register(serverKey wgtypes.Key, setupKey string, jwtToken string, info *system.Info) (*proto.LoginResponse, error)
+	Login(serverKey wgtypes.Key, info *system.Info) (*proto.LoginResponse, error)
 	GetDeviceAuthorizationFlow(serverKey wgtypes.Key) (*proto.DeviceAuthorizationFlow, error)
 }
--- a/management/client/client_test.go
+++ b/management/client/client_test.go
@@ -157,8 +157,7 @@ func TestClient_LoginUnregistered_ShouldThrow_401(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	sysInfo := system.GetInfo(context.TODO())
-	_, err = client.Login(*key, sysInfo)
+	_, err = client.Login(*key, nil)
 	if err == nil {
 		t.Error("expecting err on unregistered login, got nil")
 	}
@@ -185,7 +184,7 @@ func TestClient_LoginRegistered(t *testing.T) {
 	if err != nil {
 		t.Error(err)
 	}
-	info := system.GetInfo(context.TODO())
+	info := system.GetInfo()
 	resp, err := client.Register(*key, ValidKey, "", info)
 	if err != nil {
 		t.Error(err)
@@ -215,7 +214,7 @@ func TestClient_Sync(t *testing.T) {
 		t.Error(err)
 	}

-	info := system.GetInfo(context.TODO())
+	info := system.GetInfo()
 	_, err = client.Register(*serverKey, ValidKey, "", info)
 	if err != nil {
 		t.Error(err)
@@ -231,7 +230,7 @@ func TestClient_Sync(t *testing.T) {
 		t.Fatal(err)
 	}

-	info = system.GetInfo(context.TODO())
+	info = system.GetInfo()
 	_, err = remoteClient.Register(*serverKey, ValidKey, "", info)
 	if err != nil {
 		t.Fatal(err)
@@ -329,7 +328,7 @@ func Test_SystemMetaDataFromClient(t *testing.T) {
 		}, nil
 	}

-	info := system.GetInfo(context.TODO())
+	info := system.GetInfo()
 	_, err = testClient.Register(*key, ValidKey, "", info)
 	if err != nil {
 		t.Errorf("error while trying to register client: %v", err)
--- a/management/client/grpc.go
+++ b/management/client/grpc.go
@@ -4,8 +4,6 @@ import (
 	"context"
 	"crypto/tls"
 	"fmt"
-	"google.golang.org/grpc/codes"
-	gstatus "google.golang.org/grpc/status"
 	"io"
 	"time"

@@ -117,9 +115,6 @@ func (c *GrpcClient) Sync(msgHandler func(msg *proto.SyncResponse) error) error
 		// blocking until error
 		err = c.receiveEvents(stream, *serverPubKey, msgHandler)
 		if err != nil {
-			if s, ok := gstatus.FromError(err); ok && (s.Code() == codes.InvalidArgument || s.Code() == codes.PermissionDenied) {
-				return backoff.Permanent(err)
-			}
 			backOff.Reset()
 			return err
 		}
@@ -129,7 +124,7 @@ func (c *GrpcClient) Sync(msgHandler func(msg *proto.SyncResponse) error) error

 	err := backoff.Retry(operation, backOff)
 	if err != nil {
-		log.Warnf("exiting Management Service connection retry loop due to Permanent error: %s", err)
+		log.Warnf("exiting Management Service connection retry loop due to unrecoverable error: %s", err)
 		return err
 	}

@@ -233,13 +228,18 @@ func (c *GrpcClient) login(serverKey wgtypes.Key, req *proto.LoginRequest) (*pro
 // Register registers peer on Management Server. It actually calls a Login endpoint with a provided setup key
 // Takes care of encrypting and decrypting messages.
 // This method will also collect system info and send it with the request (e.g. hostname, os, etc)
-func (c *GrpcClient) Register(serverKey wgtypes.Key, setupKey string, jwtToken string, sysInfo *system.Info) (*proto.LoginResponse, error) {
-	return c.login(serverKey, &proto.LoginRequest{SetupKey: setupKey, Meta: infoToMetaData(sysInfo), JwtToken: jwtToken})
+func (c *GrpcClient) Register(serverKey wgtypes.Key, setupKey string, jwtToken string, info *system.Info) (*proto.LoginResponse, error) {
+	return c.login(serverKey,
+		&proto.LoginRequest{
+			SetupKey: setupKey,
+			Meta:     infoToMetaData(info),
+			JwtToken: jwtToken,
+		})
 }

 // Login attempts login to Management Server. Takes care of encrypting and decrypting messages.
-func (c *GrpcClient) Login(serverKey wgtypes.Key, sysInfo *system.Info) (*proto.LoginResponse, error) {
-	return c.login(serverKey, &proto.LoginRequest{Meta: infoToMetaData(sysInfo)})
+func (c *GrpcClient) Login(serverKey wgtypes.Key, info *system.Info) (*proto.LoginResponse, error) {
+	return c.login(serverKey, &proto.LoginRequest{Meta: infoToMetaData(info)})
 }

 // GetDeviceAuthorizationFlow returns a device authorization flow information.
@@ -288,6 +288,6 @@ func infoToMetaData(info *system.Info) *proto.PeerSystemMeta {
 		Platform:           info.Platform,
 		Kernel:             info.Kernel,
 		WiretrusteeVersion: info.WiretrusteeVersion,
-		UiVersion:          info.UIVersion,
+		Caller:             info.Caller,
 	}
 }
--- a/management/client/mock.go
+++ b/management/client/mock.go
@@ -11,7 +11,7 @@ type MockClient struct {
 	SyncFunc                       func(msgHandler func(msg *proto.SyncResponse) error) error
 	GetServerPublicKeyFunc         func() (*wgtypes.Key, error)
 	RegisterFunc                   func(serverKey wgtypes.Key, setupKey string, jwtToken string, info *system.Info) (*proto.LoginResponse, error)
-	LoginFunc                      func(serverKey wgtypes.Key, info *system.Info) (*proto.LoginResponse, error)
+	LoginFunc                      func(serverKey wgtypes.Key) (*proto.LoginResponse, error)
 	GetDeviceAuthorizationFlowFunc func(serverKey wgtypes.Key) (*proto.DeviceAuthorizationFlow, error)
 }

@@ -47,7 +47,7 @@ func (m *MockClient) Login(serverKey wgtypes.Key, info *system.Info) (*proto.Log
 	if m.LoginFunc == nil {
 		return nil, nil
 	}
-	return m.LoginFunc(serverKey, info)
+	return m.LoginFunc(serverKey)
 }

 func (m *MockClient) GetDeviceAuthorizationFlow(serverKey wgtypes.Key) (*proto.DeviceAuthorizationFlow, error) {
--- a/management/cmd/management.go
+++ b/management/cmd/management.go
@@ -30,6 +30,10 @@ import (

 var (
 	mgmtPort              int
+	defaultMgmtDataDir    string
+	defaultMgmtConfig     string
+	mgmtDataDir           string
+	mgmtConfig            string
 	mgmtLetsencryptDomain string
 	certFile              string
 	certKey               string
@@ -56,14 +60,33 @@ var (
 				log.Fatalf("failed initializing log %v", err)
 			}

-			err = handleRebrand(cmd)
-			if err != nil {
-				log.Fatalf("failed to migrate files %v", err)
+			if mgmtDataDir == "" {
+				oldPath := "/var/lib/wiretrustee"
+				if migrateToNetbird(oldPath, defaultMgmtDataDir) {
+					if err := cpDir(oldPath, defaultMgmtDataDir); err != nil {
+						log.Fatal(err)
+					}
+				}
 			}

-			config, err := loadMgmtConfig(mgmtConfig)
+			actualMgmtConfigPath := mgmtConfig
+			if mgmtConfig == "" {
+				oldPath := "/etc/wiretrustee/management.json"
+				if migrateToNetbird(oldPath, defaultMgmtConfig) {
+					if err := cpDir("/etc/wiretrustee/", defaultConfigPath); err != nil {
+						log.Fatal(err)
+					}
+
+					if err := cpFile(oldPath, defaultMgmtConfig); err != nil {
+						log.Fatal(err)
+					}
+				}
+				actualMgmtConfigPath = defaultMgmtConfig
+			}
+
+			config, err := loadMgmtConfig(actualMgmtConfigPath)
 			if err != nil {
-				log.Fatalf("failed reading provided config file: %s: %v", mgmtConfig, err)
+				log.Fatalf("failed reading provided config file: %s: %v", actualMgmtConfigPath, err)
 			}

 			if _, err = os.Stat(config.Datadir); os.IsNotExist(err) {
@@ -196,38 +219,6 @@ func loadTLSConfig(certFile string, certKey string) (*tls.Config, error) {
 	return config, nil
 }

-func handleRebrand(cmd *cobra.Command) error {
-	var err error
-	if logFile == defaultLogFile {
-		if migrateToNetbird(oldDefaultLogFile, defaultLogFile) {
-			cmd.Printf("will copy Log dir %s and its content to %s\n", oldDefaultLogDir, defaultLogDir)
-			err = cpDir(oldDefaultLogDir, defaultLogDir)
-			if err != nil {
-				return err
-			}
-		}
-	}
-	if mgmtConfig == defaultMgmtConfig {
-		if migrateToNetbird(oldDefaultMgmtConfig, defaultMgmtConfig) {
-			cmd.Printf("will copy Config dir %s and its content to %s\n", oldDefaultMgmtConfigDir, defaultMgmtConfigDir)
-			err = cpDir(oldDefaultMgmtConfigDir, defaultMgmtConfigDir)
-			if err != nil {
-				return err
-			}
-		}
-	}
-	if mgmtDataDir == defaultMgmtDataDir {
-		if migrateToNetbird(oldDefaultMgmtDataDir, defaultMgmtDataDir) {
-			cmd.Printf("will copy Config dir %s and its content to %s\n", oldDefaultMgmtDataDir, defaultMgmtDataDir)
-			err = cpDir(oldDefaultMgmtDataDir, defaultMgmtDataDir)
-			if err != nil {
-				return err
-			}
-		}
-	}
-	return nil
-}
-
 func cpFile(src, dst string) error {
 	var err error
 	var srcfd *os.File
@@ -314,3 +305,13 @@ func migrateToNetbird(oldPath, newPath string) bool {

 	return true
 }
+
+func init() {
+	mgmtCmd.Flags().IntVar(&mgmtPort, "port", 33073, "server port to listen on")
+	mgmtCmd.Flags().StringVar(&mgmtDataDir, "datadir", defaultMgmtDataDir, "server data directory location")
+	mgmtCmd.Flags().StringVar(&mgmtConfig, "config", defaultMgmtConfig, "Netbird config file location. Config params specified via command line (e.g. datadir) have a precedence over configuration from this file")
+	mgmtCmd.Flags().StringVar(&mgmtLetsencryptDomain, "letsencrypt-domain", "", "a domain to issue Let's Encrypt certificate for. Enables TLS using Let's Encrypt. Will fetch and renew certificate, and run the server with TLS")
+	mgmtCmd.Flags().StringVar(&certFile, "cert-file", "", "Location of your SSL certificate. Can be used when you have an existing certificate and don't want a new certificate be generated automatically. If letsencrypt-domain is specified this property has no effect")
+	mgmtCmd.Flags().StringVar(&certKey, "cert-key", "", "Location of your SSL certificate private key. Can be used when you have an existing certificate and don't want a new certificate be generated automatically. If letsencrypt-domain is specified this property has no effect")
+	rootCmd.MarkFlagRequired("config") //nolint
+}
--- a/management/cmd/root.go
+++ b/management/cmd/root.go
@@ -2,9 +2,11 @@ package cmd

 import (
 	"fmt"
-	"github.com/spf13/cobra"
 	"os"
 	"os/signal"
+	"runtime"
+
+	"github.com/spf13/cobra"
 )

 const (
@@ -13,20 +15,11 @@ const (
 )

 var (
-	defaultMgmtConfigDir    string
-	defaultMgmtDataDir      string
-	defaultMgmtConfig       string
-	defaultLogDir           string
-	defaultLogFile          string
-	oldDefaultMgmtConfigDir string
-	oldDefaultMgmtDataDir   string
-	oldDefaultMgmtConfig    string
-	oldDefaultLogDir        string
-	oldDefaultLogFile       string
-	mgmtDataDir             string
-	mgmtConfig              string
-	logLevel                string
-	logFile                 string
+	configPath        string
+	defaultConfigPath string
+	logLevel          string
+	defaultLogFile    string
+	logFile           string

 	rootCmd = &cobra.Command{
 		Use:   "netbird-mgmt",
@@ -47,27 +40,16 @@ func init() {
 	stopCh = make(chan int)

 	defaultMgmtDataDir = "/var/lib/netbird/"
-	defaultMgmtConfigDir = "/etc/netbird"
-	defaultLogDir = "/var/log/netbird"
+	defaultConfigPath = "/etc/netbird"
+	defaultMgmtConfig = defaultConfigPath + "/management.json"
+	defaultLogFile = "/var/log/netbird/management.log"

-	oldDefaultMgmtDataDir = "/var/lib/wiretrustee/"
-	oldDefaultMgmtConfigDir = "/etc/wiretrustee"
-	oldDefaultLogDir = "/var/log/wiretrustee"
-
-	defaultMgmtConfig = defaultMgmtConfigDir + "/management.json"
-	defaultLogFile = defaultLogDir + "/management.log"
-
-	oldDefaultMgmtConfig = oldDefaultMgmtConfigDir + "/management.json"
-	oldDefaultLogFile = oldDefaultLogDir + "/management.log"
-
-	mgmtCmd.Flags().IntVar(&mgmtPort, "port", 33073, "server port to listen on")
-	mgmtCmd.Flags().StringVar(&mgmtDataDir, "datadir", defaultMgmtDataDir, "server data directory location")
-	mgmtCmd.Flags().StringVar(&mgmtConfig, "config", defaultMgmtConfig, "Netbird config file location. Config params specified via command line (e.g. datadir) have a precedence over configuration from this file")
-	mgmtCmd.Flags().StringVar(&mgmtLetsencryptDomain, "letsencrypt-domain", "", "a domain to issue Let's Encrypt certificate for. Enables TLS using Let's Encrypt. Will fetch and renew certificate, and run the server with TLS")
-	mgmtCmd.Flags().StringVar(&certFile, "cert-file", "", "Location of your SSL certificate. Can be used when you have an existing certificate and don't want a new certificate be generated automatically. If letsencrypt-domain is specified this property has no effect")
-	mgmtCmd.Flags().StringVar(&certKey, "cert-key", "", "Location of your SSL certificate private key. Can be used when you have an existing certificate and don't want a new certificate be generated automatically. If letsencrypt-domain is specified this property has no effect")
-	rootCmd.MarkFlagRequired("config") //nolint
+	if runtime.GOOS == "windows" {
+		defaultConfigPath = os.Getenv("PROGRAMDATA") + "\\Netbird\\" + "management.json"
+		defaultLogFile = os.Getenv("PROGRAMDATA") + "\\Netbird\\" + "management.log"
+	}

+	rootCmd.PersistentFlags().StringVar(&configPath, "config", defaultConfigPath, "Netbird config file location to write new config to")
 	rootCmd.PersistentFlags().StringVar(&logLevel, "log-level", "info", "")
 	rootCmd.PersistentFlags().StringVar(&logFile, "log-file", defaultLogFile, "sets Netbird log path. If console is specified the the log will be output to stdout")
 	rootCmd.AddCommand(mgmtCmd)
--- a/management/proto/management.pb.go
+++ b/management/proto/management.pb.go
@@ -1,15 +1,15 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.26.0
-// 	protoc        v3.20.1
+// 	protoc        v3.12.4
 // source: management.proto

 package proto

 import (
+	timestamp "github.com/golang/protobuf/ptypes/timestamp"
 	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
 	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	timestamppb "google.golang.org/protobuf/types/known/timestamppb"
 	reflect "reflect"
 	sync "sync"
 )
@@ -387,7 +387,7 @@ type PeerSystemMeta struct {
 	Platform           string `protobuf:"bytes,5,opt,name=platform,proto3" json:"platform,omitempty"`
 	OS                 string `protobuf:"bytes,6,opt,name=OS,proto3" json:"OS,omitempty"`
 	WiretrusteeVersion string `protobuf:"bytes,7,opt,name=wiretrusteeVersion,proto3" json:"wiretrusteeVersion,omitempty"`
-	UiVersion          string `protobuf:"bytes,8,opt,name=uiVersion,proto3" json:"uiVersion,omitempty"`
+	Caller             string `protobuf:"bytes,8,opt,name=caller,proto3" json:"caller,omitempty"`
 }

 func (x *PeerSystemMeta) Reset() {
@@ -471,9 +471,9 @@ func (x *PeerSystemMeta) GetWiretrusteeVersion() string {
 	return ""
 }

-func (x *PeerSystemMeta) GetUiVersion() string {
+func (x *PeerSystemMeta) GetCaller() string {
 	if x != nil {
-		return x.UiVersion
+		return x.Caller
 	}
 	return ""
 }
@@ -543,7 +543,7 @@ type ServerKeyResponse struct {
 	// Server's Wireguard public key
 	Key string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
 	// Key expiration timestamp after which the key should be fetched again by the client
-	ExpiresAt *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=expiresAt,proto3" json:"expiresAt,omitempty"`
+	ExpiresAt *timestamp.Timestamp `protobuf:"bytes,2,opt,name=expiresAt,proto3" json:"expiresAt,omitempty"`
 	// Version of the Wiretrustee Management Service protocol
 	Version int32 `protobuf:"varint,3,opt,name=version,proto3" json:"version,omitempty"`
 }
@@ -587,7 +587,7 @@ func (x *ServerKeyResponse) GetKey() string {
 	return ""
 }

-func (x *ServerKeyResponse) GetExpiresAt() *timestamppb.Timestamp {
+func (x *ServerKeyResponse) GetExpiresAt() *timestamp.Timestamp {
 	if x != nil {
 		return x.ExpiresAt
 	}
@@ -1239,7 +1239,7 @@ var file_management_proto_rawDesc = []byte{
 	0x74, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x4d, 0x65, 0x74, 0x61,
 	0x52, 0x04, 0x6d, 0x65, 0x74, 0x61, 0x12, 0x1a, 0x0a, 0x08, 0x6a, 0x77, 0x74, 0x54, 0x6f, 0x6b,
 	0x65, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x6a, 0x77, 0x74, 0x54, 0x6f, 0x6b,
-	0x65, 0x6e, 0x22, 0xe6, 0x01, 0x0a, 0x0e, 0x50, 0x65, 0x65, 0x72, 0x53, 0x79, 0x73, 0x74, 0x65,
+	0x65, 0x6e, 0x22, 0xe0, 0x01, 0x0a, 0x0e, 0x50, 0x65, 0x65, 0x72, 0x53, 0x79, 0x73, 0x74, 0x65,
 	0x6d, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x1a, 0x0a, 0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d,
 	0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d,
 	0x65, 0x12, 0x12, 0x0a, 0x04, 0x67, 0x6f, 0x4f, 0x53, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
@@ -1251,124 +1251,124 @@ var file_management_proto_rawDesc = []byte{
 	0x02, 0x4f, 0x53, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x4f, 0x53, 0x12, 0x2e, 0x0a,
 	0x12, 0x77, 0x69, 0x72, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x65, 0x56, 0x65, 0x72, 0x73,
 	0x69, 0x6f, 0x6e, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x77, 0x69, 0x72, 0x65, 0x74,
-	0x72, 0x75, 0x73, 0x74, 0x65, 0x65, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x1c, 0x0a,
-	0x09, 0x75, 0x69, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x09, 0x75, 0x69, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x94, 0x01, 0x0a, 0x0d,
-	0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4b, 0x0a,
-	0x11, 0x77, 0x69, 0x72, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x65, 0x43, 0x6f, 0x6e, 0x66,
-	0x69, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67,
-	0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x57, 0x69, 0x72, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65,
-	0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x11, 0x77, 0x69, 0x72, 0x65, 0x74, 0x72, 0x75,
-	0x73, 0x74, 0x65, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x36, 0x0a, 0x0a, 0x70, 0x65,
-	0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16,
-	0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x50, 0x65, 0x65, 0x72,
-	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0a, 0x70, 0x65, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66,
-	0x69, 0x67, 0x22, 0x79, 0x0a, 0x11, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4b, 0x65, 0x79, 0x52,
-	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x38, 0x0a, 0x09, 0x65, 0x78, 0x70,
-	0x69, 0x72, 0x65, 0x73, 0x41, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67,
-	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54,
-	0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65,
-	0x73, 0x41, 0x74, 0x12, 0x18, 0x0a, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x03,
-	0x20, 0x01, 0x28, 0x05, 0x52, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x07, 0x0a,
-	0x05, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0xa8, 0x01, 0x0a, 0x11, 0x57, 0x69, 0x72, 0x65, 0x74,
-	0x72, 0x75, 0x73, 0x74, 0x65, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x2c, 0x0a, 0x05,
-	0x73, 0x74, 0x75, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x6d, 0x61,
+	0x72, 0x75, 0x73, 0x74, 0x65, 0x65, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a,
+	0x06, 0x63, 0x61, 0x6c, 0x6c, 0x65, 0x72, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x63,
+	0x61, 0x6c, 0x6c, 0x65, 0x72, 0x22, 0x94, 0x01, 0x0a, 0x0d, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52,
+	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4b, 0x0a, 0x11, 0x77, 0x69, 0x72, 0x65, 0x74,
+	0x72, 0x75, 0x73, 0x74, 0x65, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e,
+	0x57, 0x69, 0x72, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x52, 0x11, 0x77, 0x69, 0x72, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x65, 0x43, 0x6f,
+	0x6e, 0x66, 0x69, 0x67, 0x12, 0x36, 0x0a, 0x0a, 0x70, 0x65, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66,
+	0x69, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67,
+	0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+	0x52, 0x0a, 0x70, 0x65, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x22, 0x79, 0x0a, 0x11,
+	0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
+	0x65, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03,
+	0x6b, 0x65, 0x79, 0x12, 0x38, 0x0a, 0x09, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x41, 0x74,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61,
+	0x6d, 0x70, 0x52, 0x09, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x41, 0x74, 0x12, 0x18, 0x0a,
+	0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x07,
+	0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x07, 0x0a, 0x05, 0x45, 0x6d, 0x70, 0x74, 0x79,
+	0x22, 0xa8, 0x01, 0x0a, 0x11, 0x57, 0x69, 0x72, 0x65, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x65,
+	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x2c, 0x0a, 0x05, 0x73, 0x74, 0x75, 0x6e, 0x73, 0x18,
+	0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65,
+	0x6e, 0x74, 0x2e, 0x48, 0x6f, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x05, 0x73,
+	0x74, 0x75, 0x6e, 0x73, 0x12, 0x35, 0x0a, 0x05, 0x74, 0x75, 0x72, 0x6e, 0x73, 0x18, 0x02, 0x20,
+	0x03, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74,
+	0x2e, 0x50, 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x65, 0x64, 0x48, 0x6f, 0x73, 0x74, 0x43, 0x6f,
+	0x6e, 0x66, 0x69, 0x67, 0x52, 0x05, 0x74, 0x75, 0x72, 0x6e, 0x73, 0x12, 0x2e, 0x0a, 0x06, 0x73,
+	0x69, 0x67, 0x6e, 0x61, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x6d, 0x61,
 	0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x48, 0x6f, 0x73, 0x74, 0x43, 0x6f, 0x6e,
-	0x66, 0x69, 0x67, 0x52, 0x05, 0x73, 0x74, 0x75, 0x6e, 0x73, 0x12, 0x35, 0x0a, 0x05, 0x74, 0x75,
-	0x72, 0x6e, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x6d, 0x61, 0x6e, 0x61,
-	0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x50, 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x65, 0x64,
-	0x48, 0x6f, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x05, 0x74, 0x75, 0x72, 0x6e,
-	0x73, 0x12, 0x2e, 0x0a, 0x06, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28,
+	0x66, 0x69, 0x67, 0x52, 0x06, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x22, 0x98, 0x01, 0x0a, 0x0a,
+	0x48, 0x6f, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72,
+	0x69, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x69, 0x12, 0x3b, 0x0a, 0x08,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1f,
+	0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x48, 0x6f, 0x73, 0x74,
+	0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x52,
+	0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x22, 0x3b, 0x0a, 0x08, 0x50, 0x72, 0x6f,
+	0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x07, 0x0a, 0x03, 0x55, 0x44, 0x50, 0x10, 0x00, 0x12, 0x07,
+	0x0a, 0x03, 0x54, 0x43, 0x50, 0x10, 0x01, 0x12, 0x08, 0x0a, 0x04, 0x48, 0x54, 0x54, 0x50, 0x10,
+	0x02, 0x12, 0x09, 0x0a, 0x05, 0x48, 0x54, 0x54, 0x50, 0x53, 0x10, 0x03, 0x12, 0x08, 0x0a, 0x04,
+	0x44, 0x54, 0x4c, 0x53, 0x10, 0x04, 0x22, 0x7d, 0x0a, 0x13, 0x50, 0x72, 0x6f, 0x74, 0x65, 0x63,
+	0x74, 0x65, 0x64, 0x48, 0x6f, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x36, 0x0a,
+	0x0a, 0x68, 0x6f, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28,
 	0x0b, 0x32, 0x16, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x48,
-	0x6f, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06, 0x73, 0x69, 0x67, 0x6e, 0x61,
-	0x6c, 0x22, 0x98, 0x01, 0x0a, 0x0a, 0x48, 0x6f, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
-	0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x69, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75,
-	0x72, 0x69, 0x12, 0x3b, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x0e, 0x32, 0x1f, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e,
-	0x74, 0x2e, 0x48, 0x6f, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x50, 0x72, 0x6f,
-	0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x22,
-	0x3b, 0x0a, 0x08, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x07, 0x0a, 0x03, 0x55,
-	0x44, 0x50, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x54, 0x43, 0x50, 0x10, 0x01, 0x12, 0x08, 0x0a,
-	0x04, 0x48, 0x54, 0x54, 0x50, 0x10, 0x02, 0x12, 0x09, 0x0a, 0x05, 0x48, 0x54, 0x54, 0x50, 0x53,
-	0x10, 0x03, 0x12, 0x08, 0x0a, 0x04, 0x44, 0x54, 0x4c, 0x53, 0x10, 0x04, 0x22, 0x7d, 0x0a, 0x13,
-	0x50, 0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x65, 0x64, 0x48, 0x6f, 0x73, 0x74, 0x43, 0x6f, 0x6e,
-	0x66, 0x69, 0x67, 0x12, 0x36, 0x0a, 0x0a, 0x68, 0x6f, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69,
-	0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65,
-	0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x48, 0x6f, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52,
-	0x0a, 0x68, 0x6f, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x75,
-	0x73, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x75, 0x73, 0x65, 0x72, 0x12,
-	0x1a, 0x0a, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x22, 0x38, 0x0a, 0x0a, 0x50,
-	0x65, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x18, 0x0a, 0x07, 0x61, 0x64, 0x64,
-	0x72, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x61, 0x64, 0x64, 0x72,
-	0x65, 0x73, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x64, 0x6e, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
-	0x52, 0x03, 0x64, 0x6e, 0x73, 0x22, 0xcc, 0x01, 0x0a, 0x0a, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72,
-	0x6b, 0x4d, 0x61, 0x70, 0x12, 0x16, 0x0a, 0x06, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x04, 0x52, 0x06, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x36, 0x0a, 0x0a,
-	0x70, 0x65, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x16, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x50, 0x65,
-	0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0a, 0x70, 0x65, 0x65, 0x72, 0x43, 0x6f,
-	0x6e, 0x66, 0x69, 0x67, 0x12, 0x3e, 0x0a, 0x0b, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x50, 0x65,
-	0x65, 0x72, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x6d, 0x61, 0x6e, 0x61,
-	0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x50, 0x65, 0x65,
-	0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0b, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x50,
-	0x65, 0x65, 0x72, 0x73, 0x12, 0x2e, 0x0a, 0x12, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x50, 0x65,
-	0x65, 0x72, 0x73, 0x49, 0x73, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08,
-	0x52, 0x12, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x50, 0x65, 0x65, 0x72, 0x73, 0x49, 0x73, 0x45,
-	0x6d, 0x70, 0x74, 0x79, 0x22, 0x4e, 0x0a, 0x10, 0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x50, 0x65,
-	0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1a, 0x0a, 0x08, 0x77, 0x67, 0x50, 0x75,
-	0x62, 0x4b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x77, 0x67, 0x50, 0x75,
-	0x62, 0x4b, 0x65, 0x79, 0x12, 0x1e, 0x0a, 0x0a, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x49,
-	0x70, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65,
-	0x64, 0x49, 0x70, 0x73, 0x22, 0x20, 0x0a, 0x1e, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x41, 0x75,
-	0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x46, 0x6c, 0x6f, 0x77, 0x52,
-	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0xbf, 0x01, 0x0a, 0x17, 0x44, 0x65, 0x76, 0x69, 0x63,
-	0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x46, 0x6c,
-	0x6f, 0x77, 0x12, 0x48, 0x0a, 0x08, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x0e, 0x32, 0x2c, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e,
-	0x74, 0x2e, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x46, 0x6c, 0x6f, 0x77, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64,
-	0x65, 0x72, 0x52, 0x08, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x12, 0x42, 0x0a, 0x0e,
-	0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e,
-	0x74, 0x2e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
-	0x52, 0x0e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
-	0x22, 0x16, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x12, 0x0a, 0x0a, 0x06,
-	0x48, 0x4f, 0x53, 0x54, 0x45, 0x44, 0x10, 0x00, 0x22, 0x84, 0x01, 0x0a, 0x0e, 0x50, 0x72, 0x6f,
-	0x76, 0x69, 0x64, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1a, 0x0a, 0x08, 0x43,
-	0x6c, 0x69, 0x65, 0x6e, 0x74, 0x49, 0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x43,
-	0x6c, 0x69, 0x65, 0x6e, 0x74, 0x49, 0x44, 0x12, 0x22, 0x0a, 0x0c, 0x43, 0x6c, 0x69, 0x65, 0x6e,
-	0x74, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x43,
-	0x6c, 0x69, 0x65, 0x6e, 0x74, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x44,
-	0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x44, 0x6f, 0x6d,
-	0x61, 0x69, 0x6e, 0x12, 0x1a, 0x0a, 0x08, 0x41, 0x75, 0x64, 0x69, 0x65, 0x6e, 0x63, 0x65, 0x18,
-	0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x41, 0x75, 0x64, 0x69, 0x65, 0x6e, 0x63, 0x65, 0x32,
-	0xf7, 0x02, 0x0a, 0x11, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x53, 0x65,
-	0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x45, 0x0a, 0x05, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x12, 0x1c,
+	0x6f, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0a, 0x68, 0x6f, 0x73, 0x74, 0x43,
+	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x75, 0x73, 0x65, 0x72, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x04, 0x75, 0x73, 0x65, 0x72, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x61, 0x73,
+	0x73, 0x77, 0x6f, 0x72, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x61, 0x73,
+	0x73, 0x77, 0x6f, 0x72, 0x64, 0x22, 0x38, 0x0a, 0x0a, 0x50, 0x65, 0x65, 0x72, 0x43, 0x6f, 0x6e,
+	0x66, 0x69, 0x67, 0x12, 0x18, 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x10, 0x0a,
+	0x03, 0x64, 0x6e, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x64, 0x6e, 0x73, 0x22,
+	0xcc, 0x01, 0x0a, 0x0a, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x4d, 0x61, 0x70, 0x12, 0x16,
+	0x0a, 0x06, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x06,
+	0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x36, 0x0a, 0x0a, 0x70, 0x65, 0x65, 0x72, 0x43, 0x6f,
+	0x6e, 0x66, 0x69, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x6d, 0x61, 0x6e,
+	0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66,
+	0x69, 0x67, 0x52, 0x0a, 0x70, 0x65, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x3e,
+	0x0a, 0x0b, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x50, 0x65, 0x65, 0x72, 0x73, 0x18, 0x03, 0x20,
+	0x03, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74,
+	0x2e, 0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x50, 0x65, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x52, 0x0b, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x50, 0x65, 0x65, 0x72, 0x73, 0x12, 0x2e,
+	0x0a, 0x12, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x50, 0x65, 0x65, 0x72, 0x73, 0x49, 0x73, 0x45,
+	0x6d, 0x70, 0x74, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x12, 0x72, 0x65, 0x6d, 0x6f,
+	0x74, 0x65, 0x50, 0x65, 0x65, 0x72, 0x73, 0x49, 0x73, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x4e,
+	0x0a, 0x10, 0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x50, 0x65, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66,
+	0x69, 0x67, 0x12, 0x1a, 0x0a, 0x08, 0x77, 0x67, 0x50, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x77, 0x67, 0x50, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x12, 0x1e,
+	0x0a, 0x0a, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x49, 0x70, 0x73, 0x18, 0x02, 0x20, 0x03,
+	0x28, 0x09, 0x52, 0x0a, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x49, 0x70, 0x73, 0x22, 0x20,
+	0x0a, 0x1e, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x46, 0x6c, 0x6f, 0x77, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
+	0x22, 0xbf, 0x01, 0x0a, 0x17, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f,
+	0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x46, 0x6c, 0x6f, 0x77, 0x12, 0x48, 0x0a, 0x08,
+	0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2c,
+	0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x44, 0x65, 0x76, 0x69,
+	0x63, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x46,
+	0x6c, 0x6f, 0x77, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x08, 0x50, 0x72,
+	0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x12, 0x42, 0x0a, 0x0e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64,
+	0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a,
+	0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x50, 0x72, 0x6f, 0x76,
+	0x69, 0x64, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0e, 0x50, 0x72, 0x6f, 0x76,
+	0x69, 0x64, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x22, 0x16, 0x0a, 0x08, 0x70, 0x72,
+	0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x12, 0x0a, 0x0a, 0x06, 0x48, 0x4f, 0x53, 0x54, 0x45, 0x44,
+	0x10, 0x00, 0x22, 0x84, 0x01, 0x0a, 0x0e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x43,
+	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1a, 0x0a, 0x08, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x49,
+	0x44, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x49,
+	0x44, 0x12, 0x22, 0x0a, 0x0c, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x53, 0x65, 0x63, 0x72, 0x65,
+	0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x53,
+	0x65, 0x63, 0x72, 0x65, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18,
+	0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x1a, 0x0a,
+	0x08, 0x41, 0x75, 0x64, 0x69, 0x65, 0x6e, 0x63, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x08, 0x41, 0x75, 0x64, 0x69, 0x65, 0x6e, 0x63, 0x65, 0x32, 0xf7, 0x02, 0x0a, 0x11, 0x4d, 0x61,
+	0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12,
+	0x45, 0x0a, 0x05, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x12, 0x1c, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67,
+	0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x4d,
+	0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x1a, 0x1c, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d,
+	0x65, 0x6e, 0x74, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x4d, 0x65, 0x73,
+	0x73, 0x61, 0x67, 0x65, 0x22, 0x00, 0x12, 0x46, 0x0a, 0x04, 0x53, 0x79, 0x6e, 0x63, 0x12, 0x1c,
 	0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x6e, 0x63, 0x72,
 	0x79, 0x70, 0x74, 0x65, 0x64, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x1a, 0x1c, 0x2e, 0x6d,
 	0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70,
-	0x74, 0x65, 0x64, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x22, 0x00, 0x12, 0x46, 0x0a, 0x04,
-	0x53, 0x79, 0x6e, 0x63, 0x12, 0x1c, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e,
-	0x74, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x4d, 0x65, 0x73, 0x73, 0x61,
-	0x67, 0x65, 0x1a, 0x1c, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e,
-	0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65,
-	0x22, 0x00, 0x30, 0x01, 0x12, 0x42, 0x0a, 0x0c, 0x47, 0x65, 0x74, 0x53, 0x65, 0x72, 0x76, 0x65,
-	0x72, 0x4b, 0x65, 0x79, 0x12, 0x11, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e,
-	0x74, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x1a, 0x1d, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65,
-	0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4b, 0x65, 0x79, 0x52, 0x65,
-	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x33, 0x0a, 0x09, 0x69, 0x73, 0x48, 0x65,
-	0x61, 0x6c, 0x74, 0x68, 0x79, 0x12, 0x11, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65,
-	0x6e, 0x74, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x1a, 0x11, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67,
-	0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x5a, 0x0a,
-	0x1a, 0x47, 0x65, 0x74, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72,
-	0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x46, 0x6c, 0x6f, 0x77, 0x12, 0x1c, 0x2e, 0x6d, 0x61,
-	0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74,
-	0x65, 0x64, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x1a, 0x1c, 0x2e, 0x6d, 0x61, 0x6e, 0x61,
-	0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64,
-	0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x22, 0x00, 0x42, 0x08, 0x5a, 0x06, 0x2f, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x74, 0x65, 0x64, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x22, 0x00, 0x30, 0x01, 0x12, 0x42,
+	0x0a, 0x0c, 0x47, 0x65, 0x74, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4b, 0x65, 0x79, 0x12, 0x11,
+	0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x6d, 0x70, 0x74,
+	0x79, 0x1a, 0x1d, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x53,
+	0x65, 0x72, 0x76, 0x65, 0x72, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
+	0x22, 0x00, 0x12, 0x33, 0x0a, 0x09, 0x69, 0x73, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x79, 0x12,
+	0x11, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x6d, 0x70,
+	0x74, 0x79, 0x1a, 0x11, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x2e,
+	0x45, 0x6d, 0x70, 0x74, 0x79, 0x22, 0x00, 0x12, 0x5a, 0x0a, 0x1a, 0x47, 0x65, 0x74, 0x44, 0x65,
+	0x76, 0x69, 0x63, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x46, 0x6c, 0x6f, 0x77, 0x12, 0x1c, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65,
+	0x6e, 0x74, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x4d, 0x65, 0x73, 0x73,
+	0x61, 0x67, 0x65, 0x1a, 0x1c, 0x2e, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74,
+	0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67,
+	0x65, 0x22, 0x00, 0x42, 0x08, 0x5a, 0x06, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x33,
 }

 var (
@@ -1405,7 +1405,7 @@ var file_management_proto_goTypes = []interface{}{
 	(*DeviceAuthorizationFlowRequest)(nil), // 16: management.DeviceAuthorizationFlowRequest
 	(*DeviceAuthorizationFlow)(nil),        // 17: management.DeviceAuthorizationFlow
 	(*ProviderConfig)(nil),                 // 18: management.ProviderConfig
-	(*timestamppb.Timestamp)(nil),          // 19: google.protobuf.Timestamp
+	(*timestamp.Timestamp)(nil),            // 19: google.protobuf.Timestamp
 }
 var file_management_proto_depIdxs = []int32{
 	10, // 0: management.SyncResponse.wiretrusteeConfig:type_name -> management.WiretrusteeConfig
--- a/management/proto/management.proto
+++ b/management/proto/management.proto
@@ -82,7 +82,7 @@ message PeerSystemMeta {
  string platform = 5;
  string OS = 6;
  string wiretrusteeVersion = 7;
-  string uiVersion = 8;
+  string caller = 8;
 }

 message LoginResponse {
@@ -198,4 +198,4 @@ message ProviderConfig {
  string Domain =3;
  // An Audience for validation
  string Audience = 4;
-}
+}
--- a/management/server/account.go
+++ b/management/server/account.go
@@ -35,7 +35,6 @@ type AccountManager interface {
 	GetAccountById(accountId string) (*Account, error)
 	GetAccountByUserOrAccountId(userId, accountId, domain string) (*Account, error)
 	GetAccountWithAuthorizationClaims(claims jwtclaims.AuthorizationClaims) (*Account, error)
-	IsUserAdmin(claims jwtclaims.AuthorizationClaims) (bool, error)
 	AccountExists(accountId string) (*bool, error)
 	AddAccount(accountId, userId, domain string) (*Account, error)
 	GetPeer(peerKey string) (*Peer, error)
@@ -45,7 +44,6 @@ type AccountManager interface {
 	GetPeerByIP(accountId string, peerIP string) (*Peer, error)
 	GetNetworkMap(peerKey string) (*NetworkMap, error)
 	AddPeer(setupKey string, userId string, peer *Peer) (*Peer, error)
-	UpdatePeerMeta(peerKey string, meta PeerSystemMeta) error
 	GetUsersFromAccount(accountId string) ([]*UserInfo, error)
 	GetGroup(accountId, groupID string) (*Group, error)
 	SaveGroup(accountId string, group *Group) error
@@ -328,12 +326,11 @@ func (am *DefaultAccountManager) GetUsersFromAccount(accountID string) ([]*UserI

 	queriedUsers := make([]*idp.UserData, 0)
 	if !isNil(am.idpManager) {
-		queriedUsers, err = am.idpManager.GetAllUsers(accountID)
+		queriedUsers, err = am.idpManager.GetBatchedUserData(accountID)
 		if err != nil {
 			return nil, err
 		}
 	}
-	// TODO: we need to check whether we need to refresh our cache or not

 	userInfo := make([]*UserInfo, 0)

@@ -353,6 +350,7 @@ func (am *DefaultAccountManager) GetUsersFromAccount(accountID string) ([]*UserI
 	for _, queriedUser := range queriedUsers {
 		if localUser, contains := account.Users[queriedUser.ID]; contains {
 			userInfo = append(userInfo, mergeLocalAndQueryUser(*queriedUser, *localUser))
+			log.Debugf("Merged userinfo to send back; %v", userInfo)
 		}
 	}

--- a/management/server/account_test.go
+++ b/management/server/account_test.go
@@ -265,6 +265,10 @@ func TestAccountManager_AddAccount(t *testing.T) {
 	userId := "account_creator"
 	expectedPeersSize := 0
 	expectedSetupKeysSize := 2
+	expectedNetwork := net.IPNet{
+		IP:   net.IP{100, 64, 0, 0},
+		Mask: net.IPMask{255, 192, 0, 0},
+	}

 	account, err := manager.AddAccount(expectedId, userId, "")
 	if err != nil {
@@ -283,9 +287,8 @@ func TestAccountManager_AddAccount(t *testing.T) {
 		t.Errorf("expected account to have len(SetupKeys) = %v, got %v", expectedSetupKeysSize, len(account.SetupKeys))
 	}

-	ipNet := net.IPNet{IP: net.ParseIP("100.64.0.0"), Mask: net.IPMask{255, 192, 0, 0}}
-	if !ipNet.Contains(account.Network.Net.IP) {
-		t.Errorf("expected account's Network to be a subnet of %v, got %v", ipNet.String(), account.Network.Net.String())
+	if account.Network.Net.String() != expectedNetwork.String() {
+		t.Errorf("expected account to have Network = %v, got %v", expectedNetwork.String(), account.Network.Net.String())
 	}
 }

@@ -416,6 +419,7 @@ func TestAccountManager_AddPeer(t *testing.T) {
 		return
 	}
 	expectedPeerKey := key.PublicKey().String()
+	expectedPeerIP := "100.64.0.1"
 	expectedSetupKey := setupKey.Key

 	peer, err := manager.AddPeer(setupKey.Key, "", &Peer{
@@ -438,8 +442,8 @@ func TestAccountManager_AddPeer(t *testing.T) {
 		t.Errorf("expecting just added peer to have key = %s, got %s", expectedPeerKey, peer.Key)
 	}

-	if !account.Network.Net.Contains(peer.IP) {
-		t.Errorf("expecting just added peer's IP %s to be in a network range %s", peer.IP.String(), account.Network.Net.String())
+	if peer.IP.String() != expectedPeerIP {
+		t.Errorf("expecting just added peer to have IP = %s, got %s", expectedPeerIP, peer.IP.String())
 	}

 	if peer.SetupKey != expectedSetupKey {
@@ -478,6 +482,7 @@ func TestAccountManager_AddPeerWithUserID(t *testing.T) {
 		return
 	}
 	expectedPeerKey := key.PublicKey().String()
+	expectedPeerIP := "100.64.0.1"
 	expectedUserId := userId

 	peer, err := manager.AddPeer("", userId, &Peer{
@@ -500,8 +505,8 @@ func TestAccountManager_AddPeerWithUserID(t *testing.T) {
 		t.Errorf("expecting just added peer to have key = %s, got %s", expectedPeerKey, peer.Key)
 	}

-	if !account.Network.Net.Contains(peer.IP) {
-		t.Errorf("expecting just added peer's IP %s to be in a network range %s", peer.IP.String(), account.Network.Net.String())
+	if peer.IP.String() != expectedPeerIP {
+		t.Errorf("expecting just added peer to have IP = %s, got %s", expectedPeerIP, peer.IP.String())
 	}

 	if peer.UserID != expectedUserId {
@@ -591,82 +596,12 @@ func TestGetUsersFromAccount(t *testing.T) {
 	for _, userInfo := range userInfos {
 		id := userInfo.ID
 		assert.Equal(t, userInfo.ID, users[id].Id)
-		assert.Equal(t, userInfo.Role, string(users[id].Role))
+		assert.Equal(t, string(userInfo.Role), string(users[id].Role))
 		assert.Equal(t, userInfo.Name, "")
 		assert.Equal(t, userInfo.Email, "")
 	}
 }

-func TestAccountManager_UpdatePeerMeta(t *testing.T) {
-	manager, err := createManager(t)
-	if err != nil {
-		t.Fatal(err)
-		return
-	}
-
-	account, err := manager.AddAccount("test_account", "account_creator", "")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	var setupKey *SetupKey
-	for _, key := range account.SetupKeys {
-		setupKey = key
-	}
-
-	key, err := wgtypes.GeneratePrivateKey()
-	if err != nil {
-		t.Fatal(err)
-		return
-	}
-
-	peer, err := manager.AddPeer(setupKey.Key, "", &Peer{
-		Key: key.PublicKey().String(),
-		Meta: PeerSystemMeta{
-			Hostname:  "Hostname",
-			GoOS:      "GoOS",
-			Kernel:    "Kernel",
-			Core:      "Core",
-			Platform:  "Platform",
-			OS:        "OS",
-			WtVersion: "WtVersion",
-		},
-		Name: key.PublicKey().String(),
-	})
-	if err != nil {
-		t.Errorf("expecting peer to be added, got failure %v", err)
-		return
-	}
-
-	newMeta := PeerSystemMeta{
-		Hostname:  "new-Hostname",
-		GoOS:      "new-GoOS",
-		Kernel:    "new-Kernel",
-		Core:      "new-Core",
-		Platform:  "new-Platform",
-		OS:        "new-OS",
-		WtVersion: "new-WtVersion",
-	}
-	err = manager.UpdatePeerMeta(peer.Key, newMeta)
-	if err != nil {
-		t.Error(err)
-		return
-	}
-
-	p, err := manager.GetPeer(peer.Key)
-	if err != nil {
-		return
-	}
-
-	if err != nil {
-		t.Fatal(err)
-		return
-	}
-
-	assert.Equal(t, newMeta, p.Meta)
-
-}
-
 func createManager(t *testing.T) (*DefaultAccountManager, error) {
 	store, err := createStore(t)
 	if err != nil {
--- a/management/server/grpcserver.go
+++ b/management/server/grpcserver.go
@@ -187,7 +187,6 @@ func (s *Server) registerPeer(peerKey wgtypes.Key, req *proto.LoginRequest) (*Pe
 	if meta == nil {
 		return nil, status.Errorf(codes.InvalidArgument, "peer meta data was not provided")
 	}
-
 	peer, err := s.accountManager.AddPeer(reqSetupKey, userId, &Peer{
 		Key:  peerKey.String(),
 		Name: meta.GetHostname(),
@@ -199,15 +198,11 @@ func (s *Server) registerPeer(peerKey wgtypes.Key, req *proto.LoginRequest) (*Pe
 			Platform:  meta.GetPlatform(),
 			OS:        meta.GetOS(),
 			WtVersion: meta.GetWiretrusteeVersion(),
-			UIVersion: meta.GetUiVersion(),
 		},
 	})
 	if err != nil {
-		s, ok := status.FromError(err)
-		if ok {
-			if s.Code() == codes.FailedPrecondition || s.Code() == codes.OutOfRange {
-				return nil, err
-			}
+		if s, ok := status.FromError(err); ok && s.Code() == codes.FailedPrecondition {
+			return nil, err
 		}
 		return nil, status.Errorf(codes.NotFound, "provided setup key doesn't exists")
 	}
@@ -251,16 +246,15 @@ func (s *Server) Login(ctx context.Context, req *proto.EncryptedMessage) (*proto
 		return nil, status.Errorf(codes.InvalidArgument, "provided wgPubKey %s is invalid", req.WgPubKey)
 	}

-	loginReq := &proto.LoginRequest{}
-	err = encryption.DecryptMessage(peerKey, s.wgKey, req.Body, loginReq)
-	if err != nil {
-		return nil, status.Errorf(codes.InvalidArgument, "invalid request message")
-	}
-
 	peer, err := s.accountManager.GetPeer(peerKey.String())
 	if err != nil {
 		if errStatus, ok := status.FromError(err); ok && errStatus.Code() == codes.NotFound {
 			// peer doesn't exist -> check if setup key was provided
+			loginReq := &proto.LoginRequest{}
+			err = encryption.DecryptMessage(peerKey, s.wgKey, req.Body, loginReq)
+			if err != nil {
+				return nil, status.Errorf(codes.InvalidArgument, "invalid request message")
+			}
 			if loginReq.GetJwtToken() == "" && loginReq.GetSetupKey() == "" {
 				// absent setup key -> permission denied
 				return nil, status.Errorf(codes.PermissionDenied, "provided peer with the key wgPubKey %s is not registered and no setup key or jwt was provided", peerKey.String())
@@ -275,24 +269,8 @@ func (s *Server) Login(ctx context.Context, req *proto.EncryptedMessage) (*proto
 		} else {
 			return nil, status.Error(codes.Internal, "internal server error")
 		}
-	} else if loginReq.GetMeta() != nil {
-		// update peer's system meta data on Login
-		err = s.accountManager.UpdatePeerMeta(peerKey.String(), PeerSystemMeta{
-			Hostname:  loginReq.GetMeta().GetHostname(),
-			GoOS:      loginReq.GetMeta().GetGoOS(),
-			Kernel:    loginReq.GetMeta().GetKernel(),
-			Core:      loginReq.GetMeta().GetCore(),
-			Platform:  loginReq.GetMeta().GetPlatform(),
-			OS:        loginReq.GetMeta().GetOS(),
-			WtVersion: loginReq.GetMeta().GetWiretrusteeVersion(),
-			UIVersion: loginReq.GetMeta().GetUiVersion(),
-		},
-		)
-		if err != nil {
-			log.Errorf("failed updating peer system meta data %s", peerKey.String())
-			return nil, status.Error(codes.Internal, "internal server error")
-		}
 	}
+
 	// if peer has reached this point then it has logged in
 	loginResp := &proto.LoginResponse{
 		WiretrusteeConfig: toWiretrusteeConfig(s.config, nil),
@@ -368,7 +346,7 @@ func toWiretrusteeConfig(config *Config, turnCredentials *TURNCredentials) *prot

 func toPeerConfig(peer *Peer) *proto.PeerConfig {
 	return &proto.PeerConfig{
-		Address: peer.IP.String() + "/16", // todo make it explicit
+		Address: peer.IP.String() + "/24", // todo make it explicit
 	}
 }

--- a/management/server/http/middleware/access_control.go
+++ b/management/server/http/middleware/access_control.go
@@ -1,50 +0,0 @@
-package middleware
-
-import (
-	"fmt"
-	"net/http"
-
-	"github.com/netbirdio/netbird/management/server/jwtclaims"
-)
-
-type IsUserAdminFunc func(claims jwtclaims.AuthorizationClaims) (bool, error)
-
-// AccessControll middleware to restrict to make POST/PUT/DELETE requests by admin only
-type AccessControll struct {
-	jwtExtractor jwtclaims.ClaimsExtractor
-	isUserAdmin  IsUserAdminFunc
-	audience     string
-}
-
-// NewAccessControll instance constructor
-func NewAccessControll(audience string, isUserAdmin IsUserAdminFunc) *AccessControll {
-	return &AccessControll{
-		isUserAdmin:  isUserAdmin,
-		audience:     audience,
-		jwtExtractor: *jwtclaims.NewClaimsExtractor(nil),
-	}
-}
-
-// Handler method of the middleware which forbinneds all modify requests for non admin users
-func (a *AccessControll) Handler(h http.Handler) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		jwtClaims := a.jwtExtractor.ExtractClaimsFromRequestContext(r, a.audience)
-
-		ok, err := a.isUserAdmin(jwtClaims)
-		if err != nil {
-			http.Error(w, fmt.Sprintf("error get user from JWT: %v", err), http.StatusUnauthorized)
-			return
-
-		}
-
-		if !ok {
-			switch r.Method {
-			case http.MethodDelete, http.MethodPost, http.MethodPatch, http.MethodPut:
-				http.Error(w, "user is not admin", http.StatusForbidden)
-				return
-			}
-		}
-
-		h.ServeHTTP(w, r)
-	})
-}
--- a/management/server/http/server.go
+++ b/management/server/http/server.go
@@ -92,12 +92,8 @@ func (s *Server) Start() error {

 	corsMiddleware := cors.AllowAll()

-	acMiddleware := middleware.NewAccessControll(
-		s.config.AuthAudience,
-		s.accountManager.IsUserAdmin)
-
 	r := mux.NewRouter()
-	r.Use(jwtMiddleware.Handler, corsMiddleware.Handler, acMiddleware.Handler)
+	r.Use(jwtMiddleware.Handler, corsMiddleware.Handler)

 	groupsHandler := handler.NewGroups(s.accountManager, s.config.AuthAudience)
 	rulesHandler := handler.NewRules(s.accountManager, s.config.AuthAudience)
--- a/management/server/idp/auth0.go
+++ b/management/server/idp/auth0.go
@@ -1,9 +1,6 @@
 package idp

 import (
-	"bytes"
-	"compress/gzip"
-	"context"
 	"encoding/json"
 	"fmt"
 	"io"
@@ -21,11 +18,10 @@ import (

 // Auth0Manager auth0 manager client instance
 type Auth0Manager struct {
-	authIssuer             string
-	httpClient             ManagerHTTPClient
-	credentials            ManagerCredentials
-	helper                 ManagerHelper
-	cachedUsersByAccountId map[string][]Auth0Profile
+	authIssuer  string
+	httpClient  ManagerHTTPClient
+	credentials ManagerCredentials
+	helper      ManagerHelper
 }

 // Auth0ClientConfig auth0 manager client configurations
@@ -55,38 +51,6 @@ type Auth0Credentials struct {
 	mux          sync.Mutex
 }

-type Auth0Profile struct {
-	AccountId string `json:"wt_account_id"`
-	UserID    string `json:"user_id"`
-	Name      string `json:"name"`
-	Email     string `json:"email"`
-	CreatedAt string `json:"created_at"`
-	LastLogin string `json:"last_login"`
-}
-
-type UserExportJobResponse struct {
-	Type         string    `json:"type"`
-	Status       string    `json:"status"`
-	ConnectionId string    `json:"connection_id"`
-	Format       string    `json:"format"`
-	Limit        int       `json:"limit"`
-	Connection   string    `json:"connection"`
-	CreatedAt    time.Time `json:"created_at"`
-	Id           string    `json:"id"`
-}
-
-type ExportJobStatusResponse struct {
-	Type         string    `json:"type"`
-	Status       string    `json:"status"`
-	ConnectionId string    `json:"connection_id"`
-	Format       string    `json:"format"`
-	Limit        int       `json:"limit"`
-	Location     string    `json:"location"`
-	Connection   string    `json:"connection"`
-	CreatedAt    time.Time `json:"created_at"`
-	Id           string    `json:"id"`
-}
-
 // NewAuth0Manager creates a new instance of the Auth0Manager
 func NewAuth0Manager(config Auth0ClientConfig) (*Auth0Manager, error) {

@@ -117,13 +81,11 @@ func NewAuth0Manager(config Auth0ClientConfig) (*Auth0Manager, error) {
 		httpClient:   httpClient,
 		helper:       helper,
 	}
-
 	return &Auth0Manager{
-		authIssuer:             config.AuthIssuer,
-		credentials:            credentials,
-		httpClient:             httpClient,
-		helper:                 helper,
-		cachedUsersByAccountId: make(map[string][]Auth0Profile),
+		authIssuer:  config.AuthIssuer,
+		credentials: credentials,
+		httpClient:  httpClient,
+		helper:      helper,
 	}, nil
 }

@@ -224,198 +186,44 @@ func (c *Auth0Credentials) Authenticate() (JWTToken, error) {
 	return c.jwtToken, nil
 }

-// Gets all users from cache, if the cache exists
-// Otherwise we will initialize the cache with creating the export job on auth0
-func (am *Auth0Manager) GetAllUsers(accountId string) ([]*UserData, error) {
-	if len(am.cachedUsersByAccountId[accountId]) == 0 {
-		err := am.createExportUsersJob(accountId)
-		if err != nil {
-			log.Debugf("Couldn't cache users; %v", err)
-			return nil, err
-		}
+func batchRequestUsersUrl(authIssuer, accountId string, page int) (string, url.Values, error) {
+	u, err := url.Parse(authIssuer + "/api/v2/users")
+	if err != nil {
+		return "", nil, err
+	}
+	q := u.Query()
+	q.Set("page", strconv.Itoa(page))
+	q.Set("search_engine", "v3")
+	q.Set("q", "app_metadata.wt_account_id:"+accountId)
+	u.RawQuery = q.Encode()
+
+	return u.String(), q, nil
+}
+
+func requestByUserIdUrl(authIssuer, userId string) string {
+	return authIssuer + "/api/v2/users/" + userId
+}
+
+// GetBatchedUserData requests users in batches from Auth0
+func (am *Auth0Manager) GetBatchedUserData(accountId string) ([]*UserData, error) {
+	jwtToken, err := am.credentials.Authenticate()
+	if err != nil {
+		return nil, err
 	}

 	var list []*UserData

-	cachedUsers := am.cachedUsersByAccountId[accountId]
-	for _, val := range cachedUsers {
-		list = append(list, &UserData{
-			Name:  val.Name,
-			Email: val.Email,
-			ID:    val.UserID,
-		})
-	}
-
-	return list, nil
-}
-
-// This creates an export job on auth0 for all users.
-func (am *Auth0Manager) createExportUsersJob(accountId string) error {
-	jwtToken, err := am.credentials.Authenticate()
-	if err != nil {
-		return err
-	}
-
-	reqURL := am.authIssuer + "/api/v2/jobs/users-exports"
-
-	payloadString := fmt.Sprintf("{\"format\": \"json\"," +
-		"\"fields\": [{\"name\": \"created_at\"}, {\"name\": \"last_login\"},{\"name\": \"user_id\"}, {\"name\": \"email\"}, {\"name\": \"name\"}, {\"name\": \"app_metadata.wt_account_id\", \"export_as\": \"wt_account_id\"}]}")
-
-	payload := strings.NewReader(payloadString)
-
-	exportJobReq, err := http.NewRequest("POST", reqURL, payload)
-	if err != nil {
-		return err
-	}
-	exportJobReq.Header.Add("authorization", "Bearer "+jwtToken.AccessToken)
-	exportJobReq.Header.Add("content-type", "application/json")
-
-	jobResp, err := am.httpClient.Do(exportJobReq)
-	if err != nil {
-		log.Debugf("Couldn't get job response %v", err)
-		return err
-	}
-
-	defer func() {
-		err = jobResp.Body.Close()
-		if err != nil {
-			log.Errorf("error while closing update user app metadata response body: %v", err)
-		}
-	}()
-	if jobResp.StatusCode != 200 {
-		return fmt.Errorf("unable to update the appMetadata, statusCode %d", jobResp.StatusCode)
-	}
-
-	var exportJobResp UserExportJobResponse
-
-	body, err := ioutil.ReadAll(jobResp.Body)
-	if err != nil {
-		log.Debugf("Coudln't read export job response; %v", err)
-		return err
-	}
-
-	err = am.helper.Unmarshal(body, &exportJobResp)
-	if err != nil {
-		log.Debugf("Coudln't unmarshal export job response; %v", err)
-		return err
-	}
-
-	if exportJobResp.Id == "" {
-		return fmt.Errorf("couldn't get an batch id status %d, %s, response body: %v", jobResp.StatusCode, jobResp.Status, exportJobResp)
-	}
-
-	log.Debugf("batch id status %d, %s, response body: %v", jobResp.StatusCode, jobResp.Status, exportJobResp)
-
-	ctx, cancel := context.WithTimeout(context.TODO(), 90*time.Second)
-	defer cancel()
-
-	done, downloadLink, err := am.checkExportJobStatus(ctx, exportJobResp.Id)
-	if err != nil {
-		log.Debugf("Failed at getting status checks from exportJob; %v", err)
-		return err
-	}
-
-	if done {
-		err = am.cacheUsers(downloadLink)
-		if err != nil {
-			log.Debugf("Failed to cache users via download link; %v", err)
-		}
-	}
-
-	return nil
-}
-
-// Downloads the users from auth0 and caches it in memory
-// Users are only cached if they have an wt_account_id stored in auth0
-func (am *Auth0Manager) cacheUsers(location string) error {
-	body, err := doGetReq(am.httpClient, location, "")
-	if err != nil {
-		log.Debugf("Can't download cached users; %v", err)
-		return err
-	}
-
-	bodyReader := bytes.NewReader(body)
-
-	gzipReader, err := gzip.NewReader(bodyReader)
-	if err != nil {
-		return err
-	}
-
-	decoder := json.NewDecoder(gzipReader)
-
-	for decoder.More() {
-		profile := Auth0Profile{}
-		err = decoder.Decode(&profile)
-		if err != nil {
-			log.Errorf("Couldn't decode profile; %v", err)
-			return err
-		}
-		if profile.AccountId != "" {
-			am.cachedUsersByAccountId[profile.AccountId] = append(am.cachedUsersByAccountId[profile.AccountId], profile)
-		}
-	}
-
-	return nil
-}
-
-// This checks the status of the job created at CreateExportUsersJob.
-// If the status is "completed", then return the downloadLink
-func (am *Auth0Manager) checkExportJobStatus(ctx context.Context, jobId string) (bool, string, error) {
-	retry := time.NewTicker(time.Second)
-	for {
-		select {
-		case <-ctx.Done():
-			log.Debugf("Export job status stopped...\n")
-			return false, "", ctx.Err()
-		case <-retry.C:
-			jwtToken, err := am.credentials.Authenticate()
-			if err != nil {
-				return false, "", err
-			}
-
-			statusUrl := am.authIssuer + "/api/v2/jobs/" + jobId
-			body, err := doGetReq(am.httpClient, statusUrl, jwtToken.AccessToken)
-			if err != nil {
-				return false, "", err
-			}
-
-			var status ExportJobStatusResponse
-			err = am.helper.Unmarshal(body, &status)
-			if err != nil {
-				return false, "", err
-			}
-
-			log.Debugf("Current export job status is %v", status.Status)
-
-			if status.Status != "completed" {
-				continue
-			}
-
-			return true, status.Location, nil
-		}
-	}
-}
-
-// Invalidates old cache for Account and re-queries it from auth0
-func (am *Auth0Manager) forceUpdateUserCache(accountId string) error {
-	jwtToken, err := am.credentials.Authenticate()
-	if err != nil {
-		return err
-	}
-
-	var list []Auth0Profile
-
 	// https://auth0.com/docs/manage-users/user-search/retrieve-users-with-get-users-endpoint#limitations
 	// auth0 limitation of 1000 users via this endpoint
 	for page := 0; page < 20; page++ {
 		reqURL, query, err := batchRequestUsersUrl(am.authIssuer, accountId, page)
 		if err != nil {
-			return err
+			return nil, err
 		}

 		req, err := http.NewRequest(http.MethodGet, reqURL, strings.NewReader(query.Encode()))
 		if err != nil {
-			return err
+			return nil, err
 		}

 		req.Header.Add("authorization", "Bearer "+jwtToken.AccessToken)
@@ -423,42 +231,41 @@ func (am *Auth0Manager) forceUpdateUserCache(accountId string) error {

 		res, err := am.httpClient.Do(req)
 		if err != nil {
-			return err
+			return nil, err
 		}

 		body, err := io.ReadAll(res.Body)
 		if err != nil {
-			return err
+			return nil, err
 		}

-		var batch []Auth0Profile
+		var batch []UserData
 		err = json.Unmarshal(body, &batch)
 		if err != nil {
-			return err
+			return nil, err
 		}

 		log.Debugf("requested batch; %v", batch)

 		err = res.Body.Close()
 		if err != nil {
-			return err
+			return nil, err
 		}

 		if res.StatusCode != 200 {
-			return fmt.Errorf("unable to request UserData from auth0, statusCode %d", res.StatusCode)
+			return nil, fmt.Errorf("unable to request UserData from auth0, statusCode %d", res.StatusCode)
 		}

 		if len(batch) == 0 {
-			return nil
+			return list, nil
 		}

 		for user := range batch {
-			list = append(list, batch[user])
+			list = append(list, &batch[user])
 		}
 	}
-	am.cachedUsersByAccountId[accountId] = list

-	return nil
+	return list, nil
 }

 // GetUserDataByID requests user data from auth0 via ID
@@ -552,54 +359,3 @@ func (am *Auth0Manager) UpdateUserAppMetadata(userId string, appMetadata AppMeta

 	return nil
 }
-
-func batchRequestUsersUrl(authIssuer, accountId string, page int) (string, url.Values, error) {
-	u, err := url.Parse(authIssuer + "/api/v2/users")
-	if err != nil {
-		return "", nil, err
-	}
-	q := u.Query()
-	q.Set("page", strconv.Itoa(page))
-	q.Set("search_engine", "v3")
-	q.Set("q", "app_metadata.wt_account_id:"+accountId)
-	u.RawQuery = q.Encode()
-
-	return u.String(), q, nil
-}
-
-func requestByUserIdUrl(authIssuer, userId string) string {
-	return authIssuer + "/api/v2/users/" + userId
-}
-
-// Boilerplate implementation for Get Requests.
-func doGetReq(client ManagerHTTPClient, url, accessToken string) ([]byte, error) {
-	req, err := http.NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	if accessToken != "" {
-		req.Header.Add("authorization", "Bearer "+accessToken)
-	}
-
-	res, err := client.Do(req)
-	if err != nil {
-		return nil, err
-	}
-
-	defer func() {
-		err = res.Body.Close()
-		if err != nil {
-			log.Errorf("error while closing body for url %s: %v", url, err)
-		}
-	}()
-	if res.StatusCode != 200 {
-		return nil, fmt.Errorf("unable to get %s, statusCode %d", url, res.StatusCode)
-	}
-
-	body, err := ioutil.ReadAll(res.Body)
-	if err != nil {
-		return nil, err
-	}
-	return body, nil
-}
--- a/management/server/idp/idp.go
+++ b/management/server/idp/idp.go
@@ -11,7 +11,7 @@ import (
 type Manager interface {
 	UpdateUserAppMetadata(userId string, appMetadata AppMetadata) error
 	GetUserDataByID(userId string, appMetadata AppMetadata) (*UserData, error)
-	GetAllUsers(accountId string) ([]*UserData, error)
+	GetBatchedUserData(accountId string) ([]*UserData, error)
 }

 // Config an idp configuration struct to be loaded from management server's config file
--- a/management/server/management_proto_test.go
+++ b/management/server/management_proto_test.go
@@ -251,10 +251,8 @@ func Test_SyncProtocol(t *testing.T) {
 		t.Fatal("expecting SyncResponse to have NetworkMap with a non-nil PeerConfig")
 	}

-	expectedIPNet := net.IPNet{IP: net.ParseIP("100.64.0.0"), Mask: net.IPMask{255, 192, 0, 0}}
-	ip, _, _ := net.ParseCIDR(networkMap.GetPeerConfig().GetAddress())
-	if !expectedIPNet.Contains(ip) {
-		t.Fatalf("expecting SyncResponse to have NetworkMap with a PeerConfig having valid IP address %s", networkMap.GetPeerConfig().GetAddress())
+	if networkMap.GetPeerConfig().GetAddress() != "100.64.0.1/24" {
+		t.Fatal("expecting SyncResponse to have NetworkMap with a PeerConfig having valid Address")
 	}

 	if networkMap.GetSerial() <= 0 {
--- a/management/server/management_test.go
+++ b/management/server/management_test.go
@@ -107,6 +107,8 @@ var _ = Describe("Management service", func() {
 				err = encryption.DecryptMessage(serverPubKey, key, encryptedResponse.Body, resp)
 				Expect(err).NotTo(HaveOccurred())

+				Expect(resp.PeerConfig.Address).To(BeEquivalentTo("100.64.0.1/24"))
+
 				expectedSignalConfig := &mgmtProto.HostConfig{
 					Uri:      "signal.wiretrustee.com:10000",
 					Protocol: mgmtProto.HostConfig_HTTP,
@@ -306,10 +308,10 @@ var _ = Describe("Management service", func() {
 		})
 	})

-	Context("when there are 10 peers registered under one account", func() {
+	Context("when there are 50 peers registered under one account", func() {
 		Context("when there are 10 more peers registered under the same account", func() {
-			Specify("all of the 10 peers will get updates of 10 newly registered peers", func() {
-				initialPeers := 10
+			Specify("all of the 50 peers will get updates of 10 newly registered peers", func() {
+				initialPeers := 20
 				additionalPeers := 10

 				var peers []wgtypes.Key
@@ -365,7 +367,7 @@ var _ = Describe("Management service", func() {
 					key, _ := wgtypes.GenerateKey()
 					loginPeerWithValidSetupKey(serverPubKey, key, client)
 					rand.Seed(time.Now().UnixNano())
-					n := rand.Intn(200)
+					n := rand.Intn(500)
 					time.Sleep(time.Duration(n) * time.Millisecond)
 				}

--- a/management/server/mock_server/account_mock.go
+++ b/management/server/mock_server/account_mock.go
@@ -17,7 +17,6 @@ type MockAccountManager struct {
 	GetAccountByIdFunc                    func(accountId string) (*server.Account, error)
 	GetAccountByUserOrAccountIdFunc       func(userId, accountId, domain string) (*server.Account, error)
 	GetAccountWithAuthorizationClaimsFunc func(claims jwtclaims.AuthorizationClaims) (*server.Account, error)
-	IsUserAdminFunc                       func(claims jwtclaims.AuthorizationClaims) (bool, error)
 	AccountExistsFunc                     func(accountId string) (*bool, error)
 	AddAccountFunc                        func(accountId, userId, domain string) (*server.Account, error)
 	GetPeerFunc                           func(peerKey string) (*server.Peer, error)
@@ -39,7 +38,6 @@ type MockAccountManager struct {
 	DeleteRuleFunc                        func(accountID, ruleID string) error
 	ListRulesFunc                         func(accountID string) ([]*server.Rule, error)
 	GetUsersFromAccountFunc               func(accountID string) ([]*server.UserInfo, error)
-	UpdatePeerMetaFunc                    func(peerKey string, meta server.PeerSystemMeta) error
 }

 func (am *MockAccountManager) GetUsersFromAccount(accountID string) ([]*server.UserInfo, error) {
@@ -194,11 +192,7 @@ func (am *MockAccountManager) GetNetworkMap(peerKey string) (*server.NetworkMap,
 	return nil, status.Errorf(codes.Unimplemented, "method GetNetworkMap not implemented")
 }

-func (am *MockAccountManager) AddPeer(
-	setupKey string,
-	userId string,
-	peer *server.Peer,
-) (*server.Peer, error) {
+func (am *MockAccountManager) AddPeer(setupKey string, userId string, peer *server.Peer) (*server.Peer, error) {
 	if am.AddPeerFunc != nil {
 		return am.AddPeerFunc(setupKey, userId, peer)
 	}
@@ -281,17 +275,3 @@ func (am *MockAccountManager) ListRules(accountID string) ([]*server.Rule, error
 	}
 	return nil, status.Errorf(codes.Unimplemented, "method ListRules not implemented")
 }
-
-func (am *MockAccountManager) UpdatePeerMeta(peerKey string, meta server.PeerSystemMeta) error {
-	if am.UpdatePeerMetaFunc != nil {
-		return am.UpdatePeerMetaFunc(peerKey, meta)
-	}
-	return status.Errorf(codes.Unimplemented, "method UpdatePeerMetaFunc not implemented")
-}
-
-func (am *MockAccountManager) IsUserAdmin(claims jwtclaims.AuthorizationClaims) (bool, error) {
-	if am.IsUserAdminFunc != nil {
-		return am.IsUserAdminFunc(claims)
-	}
-	return false, status.Errorf(codes.Unimplemented, "method IsUserAdmin not implemented")
-}
--- a/management/server/network.go
+++ b/management/server/network.go
@@ -1,14 +1,16 @@
 package server

 import (
-	"github.com/c-robinson/iplib"
+	"encoding/binary"
+	"fmt"
 	"github.com/rs/xid"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
-	"math/rand"
 	"net"
 	"sync"
-	"time"
+)
+
+var (
+	upperIPv4 = []byte{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0xff, 255, 255, 255, 255}
+	upperIPv6 = []byte{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}
 )

 type NetworkMap struct {
@@ -28,19 +30,10 @@ type Network struct {
 }

 // NewNetwork creates a new Network initializing it with a Serial=0
-// It takes a random /16 subnet from 100.64.0.0/10 (64 different subnets)
 func NewNetwork() *Network {
-
-	n := iplib.NewNet4(net.ParseIP("100.64.0.0"), 10)
-	sub, _ := n.Subnet(16)
-
-	s := rand.NewSource(time.Now().Unix())
-	r := rand.New(s)
-	intn := r.Intn(len(sub))
-
 	return &Network{
 		Id:     xid.New().String(),
-		Net:    sub[intn].IPNet,
+		Net:    net.IPNet{IP: net.ParseIP("100.64.0.0"), Mask: net.IPMask{255, 192, 0, 0}},
 		Dns:    "",
 		Serial: 0}
 }
@@ -70,60 +63,51 @@ func (n *Network) Copy() *Network {

 // AllocatePeerIP pics an available IP from an net.IPNet.
 // This method considers already taken IPs and reuses IPs if there are gaps in takenIps
-// E.g. if ipNet=100.30.0.0/16 and takenIps=[100.30.0.1, 100.30.0.4] then the result would be 100.30.0.2 or 100.30.0.3
+// E.g. if ipNet=100.30.0.0/16 and takenIps=[100.30.0.1, 100.30.0.5] then the result would be 100.30.0.2
 func AllocatePeerIP(ipNet net.IPNet, takenIps []net.IP) (net.IP, error) {
-	takenIPMap := make(map[string]struct{})
-	takenIPMap[ipNet.IP.String()] = struct{}{}
+	takenIpMap := make(map[string]net.IP)
+	takenIpMap[ipNet.IP.String()] = ipNet.IP
 	for _, ip := range takenIps {
-		takenIPMap[ip.String()] = struct{}{}
+		takenIpMap[ip.String()] = ip
 	}
-
-	ips, _ := generateIPs(&ipNet, takenIPMap)
-
-	if len(ips) == 0 {
-		return nil, status.Errorf(codes.OutOfRange, "failed allocating new IP for the ipNet %s - network is out of IPs", ipNet.String())
-	}
-
-	// pick a random IP
-	s := rand.NewSource(time.Now().Unix())
-	r := rand.New(s)
-	intn := r.Intn(len(ips))
-
-	return ips[intn], nil
-}
-
-// generateIPs generates a list of all possible IPs of the given network excluding IPs specified in the exclusion list
-func generateIPs(ipNet *net.IPNet, exclusions map[string]struct{}) ([]net.IP, int) {
-
-	var ips []net.IP
-	for ip := ipNet.IP.Mask(ipNet.Mask); ipNet.Contains(ip); incIP(ip) {
-		if _, ok := exclusions[ip.String()]; !ok && ip[3] != 0 {
-			ips = append(ips, copyIP(ip))
+	for ip := ipNet.IP.Mask(ipNet.Mask); ipNet.Contains(ip); ip = GetNextIP(ip) {
+		if _, ok := takenIpMap[ip.String()]; !ok {
+			return ip, nil
 		}
 	}

-	// remove network address and broadcast address
-	lenIPs := len(ips)
-	switch {
-	case lenIPs < 2:
-		return ips, lenIPs
+	return nil, fmt.Errorf("failed allocating new IP for the ipNet %s and takenIps %s", ipNet.String(), takenIps)
+}

+// GetNextIP returns the next IP from the given IP address. If the given IP is
+// the last IP of a v4 or v6 range, the same IP is returned.
+// Credits to Cilium team.
+// Copyright 2017-2020 Authors of Cilium
+func GetNextIP(ip net.IP) net.IP {
+	if ip.Equal(upperIPv4) || ip.Equal(upperIPv6) {
+		return ip
+	}
+
+	nextIP := make(net.IP, len(ip))
+	switch len(ip) {
+	case net.IPv4len:
+		ipU32 := binary.BigEndian.Uint32(ip)
+		ipU32++
+		binary.BigEndian.PutUint32(nextIP, ipU32)
+		return nextIP
+	case net.IPv6len:
+		ipU64 := binary.BigEndian.Uint64(ip[net.IPv6len/2:])
+		ipU64++
+		binary.BigEndian.PutUint64(nextIP[net.IPv6len/2:], ipU64)
+		if ipU64 == 0 {
+			ipU64 = binary.BigEndian.Uint64(ip[:net.IPv6len/2])
+			ipU64++
+			binary.BigEndian.PutUint64(nextIP[:net.IPv6len/2], ipU64)
+		} else {
+			copy(nextIP[:net.IPv6len/2], ip[:net.IPv6len/2])
+		}
+		return nextIP
 	default:
-		return ips[1 : len(ips)-1], lenIPs - 2
-	}
-}
-
-func copyIP(ip net.IP) net.IP {
-	dup := make(net.IP, len(ip))
-	copy(dup, ip)
-	return dup
-}
-
-func incIP(ip net.IP) {
-	for j := len(ip) - 1; j >= 0; j-- {
-		ip[j]++
-		if ip[j] > 0 {
-			break
-		}
+		return ip
 	}
 }
--- a/management/server/network_test.go
+++ b/management/server/network_test.go
@@ -1,39 +0,0 @@
-package server
-
-import (
-	"github.com/stretchr/testify/assert"
-	"net"
-	"testing"
-)
-
-func TestNewNetwork(t *testing.T) {
-	network := NewNetwork()
-
-	// generated net should be a subnet of a larger 100.64.0.0/10 net
-	ipNet := net.IPNet{IP: net.ParseIP("100.64.0.0"), Mask: net.IPMask{255, 192, 0, 0}}
-	assert.Equal(t, ipNet.Contains(network.Net.IP), true)
-}
-
-func TestAllocatePeerIP(t *testing.T) {
-
-	ipNet := net.IPNet{IP: net.ParseIP("100.64.0.0"), Mask: net.IPMask{255, 255, 255, 0}}
-	var ips []net.IP
-	for i := 0; i < 253; i++ {
-		ip, err := AllocatePeerIP(ipNet, ips)
-		if err != nil {
-			t.Fatal(err)
-		}
-		ips = append(ips, ip)
-	}
-
-	assert.Len(t, ips, 253)
-
-	uniq := make(map[string]struct{})
-	for _, ip := range ips {
-		if _, ok := uniq[ip.String()]; !ok {
-			uniq[ip.String()] = struct{}{}
-		} else {
-			t.Errorf("found duplicate IP %s", ip.String())
-		}
-	}
-}
--- a/management/server/peer.go
+++ b/management/server/peer.go
@@ -1,12 +1,11 @@
 package server

 import (
+	log "github.com/sirupsen/logrus"
 	"net"
 	"strings"
 	"time"

-	log "github.com/sirupsen/logrus"
-
 	"github.com/netbirdio/netbird/management/proto"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
@@ -21,7 +20,6 @@ type PeerSystemMeta struct {
 	Platform  string
 	OS        string
 	WtVersion string
-	UIVersion string
 }

 type PeerStatus struct {
@@ -346,10 +344,7 @@ func (am *DefaultAccountManager) AddPeer(
 	}

 	network := account.Network
-	nextIp, err := AllocatePeerIP(network.Net, takenIps)
-	if err != nil {
-		return nil, err
-	}
+	nextIp, _ := AllocatePeerIP(network.Net, takenIps)

 	newPeer := &Peer{
 		Key:      peer.Key,
@@ -381,33 +376,3 @@ func (am *DefaultAccountManager) AddPeer(

 	return newPeer, nil
 }
-
-// UpdatePeerMeta updates peer's system metadata
-func (am *DefaultAccountManager) UpdatePeerMeta(peerKey string, meta PeerSystemMeta) error {
-	am.mux.Lock()
-	defer am.mux.Unlock()
-
-	peer, err := am.Store.GetPeer(peerKey)
-	if err != nil {
-		return err
-	}
-
-	account, err := am.Store.GetPeerAccount(peerKey)
-	if err != nil {
-		return err
-	}
-
-	peerCopy := peer.Copy()
-	// Avoid overwriting UIVersion if the update was triggered sole by the CLI client
-	if meta.UIVersion == "" {
-		meta.UIVersion = peerCopy.Meta.UIVersion
-	}
-
-	peerCopy.Meta = meta
-
-	err = am.Store.SavePeer(account.Id, peerCopy)
-	if err != nil {
-		return err
-	}
-	return nil
-}
--- a/management/server/testdata/store.json
+++ b/management/server/testdata/store.json
@@ -21,7 +21,7 @@
                "Id": "af1c8024-ha40-4ce2-9418-34653101fc3c",
                "Net": {
                    "IP": "100.64.0.0",
-                    "Mask": "//8AAA=="
+                    "Mask": "/8AAAA=="
                },
                "Dns": null
            },
--- a/management/server/user.go
+++ b/management/server/user.go
@@ -1,13 +1,10 @@
 package server

 import (
-	"fmt"
 	"strings"

 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
-
-	"github.com/netbirdio/netbird/management/server/jwtclaims"
 )

 const (
@@ -90,18 +87,3 @@ func (am *DefaultAccountManager) GetAccountByUser(userId string) (*Account, erro

 	return am.Store.GetUserAccount(userId)
 }
-
-// IsUserAdmin flag for current user authenticated by JWT token
-func (am *DefaultAccountManager) IsUserAdmin(claims jwtclaims.AuthorizationClaims) (bool, error) {
-	account, err := am.GetAccountWithAuthorizationClaims(claims)
-	if err != nil {
-		return false, fmt.Errorf("get account: %v", err)
-	}
-
-	user, ok := account.Users[claims.UserId]
-	if !ok {
-		return false, fmt.Errorf("no such user")
-	}
-
-	return user.Role == UserRoleAdmin, nil
-}
--- a/release_files/darwin-ui-installer.sh
+++ b/release_files/darwin-ui-installer.sh
@@ -1,33 +0,0 @@
-#!/bin/sh
-
-export PATH=$PATH:/usr/local/bin
-
-# check if wiretrustee is installed
-WT_BIN=$(which wiretrustee)
-if [ -n "$WT_BIN" ]
-then
-  echo "Stopping and uninstalling Wiretrustee daemon"
-  wiretrustee service stop || true
-  wiretrustee service uninstall || true
-fi
-# check if netbird is installed
-NB_BIN=$(which netbird)
-if [ -z "$NB_BIN" ]
-then
-  echo "Netbird daemon is not installed. Please run: brew install netbirdio/tap/netbird"
-  exit 1
-fi
-NB_UI_VERSION=$1
-NB_VERSION=$(netbird version)
-if [ "X-$NB_UI_VERSION" != "X-$NB_VERSION" ]
-then
-  echo "Netbird's daemon is running with a different version than the Netbird's UI:"
-  echo "Netbird UI Version: $NB_UI_VERSION"
-  echo "Netbird Daemon Version: $NB_VERSION"
-  echo "Please run: brew install netbirdio/tap/netbird"
-  echo "to update it"
-fi
-# start netbird daemon service
-echo "Starting Netbird daemon"
-netbird service install || true
-netbird service start || true
--- a/release_files/darwin-ui-uninstaller.sh
+++ b/release_files/darwin-ui-uninstaller.sh
@@ -1,14 +0,0 @@
-#!/bin/sh
-
-export PATH=$PATH:/usr/local/bin
-
-# check if netbird is installed
-NB_BIN=$(which netbird)
-if [ -z "$NB_BIN" ]
-then
-  exit 0
-fi
-# start netbird daemon service
-echo "netbird daemon service still running. You can uninstall it by running: "
-echo "sudo netbird service stop"
-echo "sudo netbird service uninstall"
Author	SHA1	Message	Date
braginini	5018f8dad3	Add User-Agent to CLI	2022-05-23 09:52:44 +02:00
braginini	a4fc3fca23	Add User-Agent to CLI and Ui and pass to Management	2022-05-23 09:48:04 +02:00