Remove unused wait group

Add parallel processing
Fix Linux implementation
2026-04-04 00:23:53 -04:00 · 2023-04-18 18:59:11 +02:00 · 2023-04-17 16:44:45 +02:00 · 2023-04-17 14:46:14 +02:00 · 2023-04-17 14:37:51 +02:00 · 2023-04-17 14:37:51 +02:00
127 changed files with 3215 additions and 5950 deletions
--- a/.github/workflows/golang-test-darwin.yml
+++ b/.github/workflows/golang-test-darwin.yml
@@ -17,7 +17,7 @@ jobs:
      - name: Install Go
        uses: actions/setup-go@v2
        with:
-          go-version: "1.20.x"
+          go-version: 1.19.x
      - name: Checkout code
        uses: actions/checkout@v2

--- a/.github/workflows/golang-test-linux.yml
+++ b/.github/workflows/golang-test-linux.yml
@@ -20,7 +20,7 @@ jobs:
      - name: Install Go
        uses: actions/setup-go@v2
        with:
-          go-version: "1.20.x"
+          go-version: 1.19.x


      - name: Cache Go modules
@@ -49,7 +49,7 @@ jobs:
      - name: Install Go
        uses: actions/setup-go@v2
        with:
-          go-version: "1.20.x"
+          go-version: 1.19.x


      - name: Cache Go modules
@@ -70,29 +70,22 @@ jobs:
        run: go mod tidy

      - name: Generate Iface Test bin
-        run: CGO_ENABLED=0 go test -c -o iface-testing.bin ./iface/
-
-      - name: Generate Shared Sock Test bin
-        run: CGO_ENABLED=0 go test -c -o sharedsock-testing.bin ./sharedsock
+        run: go test -c -o iface-testing.bin ./iface/

      - name: Generate RouteManager Test bin
-        run: CGO_ENABLED=0 go test -c -o routemanager-testing.bin ./client/internal/routemanager/...
+        run: go test -c -o routemanager-testing.bin ./client/internal/routemanager/...

      - name: Generate Engine Test bin
-        run: CGO_ENABLED=0 go test -c -o engine-testing.bin ./client/internal
+        run: go test -c -o engine-testing.bin ./client/internal

      - name: Generate Peer Test bin
-        run: CGO_ENABLED=0 go test -c -o peer-testing.bin ./client/internal/peer/...
+        run: go test -c -o peer-testing.bin ./client/internal/peer/...

      - run: chmod +x *testing.bin

-      - name: Run Shared Sock tests in docker
-        run: docker run -t --cap-add=NET_ADMIN --privileged --rm -v $PWD:/ci -w /ci/sharedsock --entrypoint /busybox/sh gcr.io/distroless/base:debug -c /ci/sharedsock-testing.bin -test.timeout 5m -test.parallel 1
-
      - name: Run Iface tests in docker
        run: docker run -t --cap-add=NET_ADMIN --privileged --rm -v $PWD:/ci -w /ci/iface --entrypoint /busybox/sh gcr.io/distroless/base:debug -c /ci/iface-testing.bin -test.timeout 5m -test.parallel 1

-
      - name: Run RouteManager tests in docker
        run: docker run -t --cap-add=NET_ADMIN --privileged --rm -v $PWD:/ci -w /ci/client/internal/routemanager --entrypoint /busybox/sh gcr.io/distroless/base:debug -c /ci/routemanager-testing.bin  -test.timeout 5m -test.parallel 1

@@ -100,4 +93,4 @@ jobs:
        run: docker run -t --cap-add=NET_ADMIN --privileged --rm -v $PWD:/ci -w /ci/client/internal --entrypoint /busybox/sh gcr.io/distroless/base:debug -c /ci/engine-testing.bin  -test.timeout 5m -test.parallel 1

      - name: Run Peer tests in docker
-        run: docker run -t --cap-add=NET_ADMIN --privileged --rm -v $PWD:/ci -w /ci/client/internal/peer  --entrypoint /busybox/sh gcr.io/distroless/base:debug -c /ci/peer-testing.bin  -test.timeout 5m -test.parallel 1
+        run: docker run -t --cap-add=NET_ADMIN --privileged --rm -v $PWD:/ci -w /ci/client/internal/peer  --entrypoint /busybox/sh gcr.io/distroless/base:debug -c /ci/peer-testing.bin  -test.timeout 5m -test.parallel 1
--- a/.github/workflows/golang-test-windows.yml
+++ b/.github/workflows/golang-test-windows.yml
@@ -23,7 +23,7 @@ jobs:
        uses: actions/setup-go@v4
        id: go
        with:
-          go-version: "1.20.x"
+          go-version: 1.19.x

      - name: Download wintun
        uses: carlosperate/download-file-action@v2
--- a/.github/workflows/golangci-lint.yml
+++ b/.github/workflows/golangci-lint.yml
@@ -12,7 +12,7 @@ jobs:
      - name: Install Go
        uses: actions/setup-go@v2
        with:
-          go-version: "1.20.x"
+          go-version: 1.19.x
      - name: Install dependencies
        run: sudo apt update && sudo apt install -y -q libgtk-3-dev libayatana-appindicator3-dev libgl1-mesa-dev xorg-dev
      - name: golangci-lint
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -9,7 +9,7 @@ on:
  pull_request:

 env:
-  SIGN_PIPE_VER: "v0.0.7"
+  SIGN_PIPE_VER: "v0.0.6"
  GORELEASER_VER: "v1.14.1"

 concurrency:
@@ -29,7 +29,7 @@ jobs:
        name: Set up Go
        uses: actions/setup-go@v2
        with:
-          go-version: "1.20"
+          go-version: 1.19
      -
        name: Cache Go modules
        uses: actions/cache@v1
@@ -100,7 +100,7 @@ jobs:
      - name: Set up Go
        uses: actions/setup-go@v2
        with:
-          go-version: "1.20"
+          go-version: 1.19
      - name: Cache Go modules
        uses: actions/cache@v1
        with:
@@ -150,7 +150,7 @@ jobs:
        name: Set up Go
        uses: actions/setup-go@v2
        with:
-          go-version: "1.20"
+          go-version: 1.19
      -
        name: Cache Go modules
        uses: actions/cache@v1
--- a/.github/workflows/test-docker-compose-linux.yml
+++ b/.github/workflows/test-docker-compose-linux.yml
@@ -23,7 +23,7 @@ jobs:
      - name: Install Go
        uses: actions/setup-go@v2
        with:
-          go-version: "1.20.x"
+          go-version: 1.19.x

      - name: Cache Go modules
        uses: actions/cache@v2
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -12,7 +12,11 @@ builds:
      - arm
      - amd64
      - arm64
+      - mips
      - 386
+    gomips:
+      - hardfloat
+      - softfloat
    ignore:
      - goos: windows
        goarch: arm64
@@ -26,26 +30,6 @@ builds:
    tags:
      - load_wgnt_from_rsrc

-  - id: netbird-static
-    dir: client
-    binary: netbird
-    env: [CGO_ENABLED=0]
-    goos:
-      - linux
-    goarch:
-      - mips
-      - mipsle
-      - mips64
-      - mips64le
-    gomips:
-      - hardfloat
-      - softfloat
-    ldflags:
-      - -s -w -X github.com/netbirdio/netbird/version.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.CommitDate}} -X main.builtBy=goreleaser
-    mod_timestamp: '{{ .CommitTimestamp }}'
-    tags:
-      - load_wgnt_from_rsrc
-
  - id: netbird-mgmt
    dir: management
    env:
@@ -83,7 +67,6 @@ builds:
 archives:
  - builds:
      - netbird
-      - netbird-static

 nfpms:

@@ -376,4 +359,4 @@ uploads:
    mode: archive
    target: https://pkgs.wiretrustee.com/yum/{{ .Arch }}{{ if .Arm }}{{ .Arm }}{{ end }}
    username: dev@wiretrustee.com
-    method: PUT
+    method: PUT
--- a/base62/base62.go
+++ b/base62/base62.go
@@ -1,59 +0,0 @@
-package base62
-
-import (
-	"fmt"
-	"math"
-	"strings"
-)
-
-const (
-	alphabet = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
-	base     = uint32(len(alphabet))
-)
-
-// Encode encodes a uint32 value to a base62 string.
-func Encode(num uint32) string {
-	if num == 0 {
-		return string(alphabet[0])
-	}
-
-	var encoded strings.Builder
-	remainder := uint32(0)
-
-	for num > 0 {
-		remainder = num % base
-		encoded.WriteByte(alphabet[remainder])
-		num /= base
-	}
-
-	// Reverse the encoded string
-	encodedString := encoded.String()
-	reversed := reverse(encodedString)
-	return reversed
-}
-
-// Decode decodes a base62 string to a uint32 value.
-func Decode(encoded string) (uint32, error) {
-	var decoded uint32
-	strLen := len(encoded)
-
-	for i, char := range encoded {
-		index := strings.IndexRune(alphabet, char)
-		if index < 0 {
-			return 0, fmt.Errorf("invalid character: %c", char)
-		}
-
-		decoded += uint32(index) * uint32(math.Pow(float64(base), float64(strLen-i-1)))
-	}
-
-	return decoded, nil
-}
-
-// Reverse a string.
-func reverse(s string) string {
-	runes := []rune(s)
-	for i, j := 0, len(runes)-1; i < j; i, j = i+1, j-1 {
-		runes[i], runes[j] = runes[j], runes[i]
-	}
-	return string(runes)
-}
--- a/base62/base62_test.go
+++ b/base62/base62_test.go
@@ -1,31 +0,0 @@
-package base62
-
-import (
-	"testing"
-)
-
-func TestEncodeDecode(t *testing.T) {
-	tests := []struct {
-		num uint32
-	}{
-		{0},
-		{1},
-		{42},
-		{12345},
-		{99999},
-		{123456789},
-	}
-
-	for _, tt := range tests {
-		encoded := Encode(tt.num)
-		decoded, err := Decode(encoded)
-
-		if err != nil {
-			t.Errorf("Decode error: %v", err)
-		}
-
-		if decoded != tt.num {
-			t.Errorf("Decode(%v) = %v, want %v", encoded, decoded, tt.num)
-		}
-	}
-}
--- a/client/cmd/login.go
+++ b/client/cmd/login.go
@@ -3,7 +3,6 @@ package cmd
 import (
 	"context"
 	"fmt"
-	"strings"
 	"time"

 	"github.com/skratchdot/open-golang/open"
@@ -16,7 +15,6 @@ import (

 	"github.com/netbirdio/netbird/client/internal"
 	"github.com/netbirdio/netbird/client/proto"
-	"github.com/netbirdio/netbird/client/system"
 )

 var loginCmd = &cobra.Command{
@@ -34,11 +32,6 @@ var loginCmd = &cobra.Command{

 		ctx := internal.CtxInitState(context.Background())

-		if hostName != "" {
-			// nolint
-			ctx = context.WithValue(ctx, system.DeviceNameCtxKey, hostName)
-		}
-
 		// workaround to run without service
 		if logFile == "console" {
 			err = handleRebrand(cmd)
@@ -46,16 +39,12 @@ var loginCmd = &cobra.Command{
 				return err
 			}

-			ic := internal.ConfigInput{
+			config, err := internal.UpdateOrCreateConfig(internal.ConfigInput{
 				ManagementURL: managementURL,
 				AdminURL:      adminURL,
 				ConfigPath:    configPath,
-			}
-			if preSharedKey != "" {
-				ic.PreSharedKey = &preSharedKey
-			}
-
-			config, err := internal.UpdateOrCreateConfig(ic)
+				PreSharedKey:  &preSharedKey,
+			})
 			if err != nil {
 				return fmt.Errorf("get config file: %v", err)
 			}
@@ -111,7 +100,7 @@ var loginCmd = &cobra.Command{
 		}

 		if loginResp.NeedsSSOLogin {
-			openURL(cmd, loginResp.VerificationURIComplete, loginResp.UserCode)
+			openURL(cmd, loginResp.VerificationURIComplete)

 			_, err = client.WaitSSOLogin(ctx, &proto.WaitSSOLoginRequest{UserCode: loginResp.UserCode})
 			if err != nil {
@@ -190,7 +179,7 @@ func foregroundGetTokenInfo(ctx context.Context, cmd *cobra.Command, config *int
 		return nil, fmt.Errorf("getting a request device code failed: %v", err)
 	}

-	openURL(cmd, flowInfo.VerificationURIComplete, flowInfo.UserCode)
+	openURL(cmd, flowInfo.VerificationURIComplete)

 	waitTimeout := time.Duration(flowInfo.ExpiresIn)
 	waitCTX, c := context.WithTimeout(context.TODO(), waitTimeout*time.Second)
@@ -204,16 +193,11 @@ func foregroundGetTokenInfo(ctx context.Context, cmd *cobra.Command, config *int
 	return &tokenInfo, nil
 }

-func openURL(cmd *cobra.Command, verificationURIComplete, userCode string) {
-	var codeMsg string
-	if !strings.Contains(verificationURIComplete, userCode) {
-		codeMsg = fmt.Sprintf("and enter the code %s to authenticate.", userCode)
-	}
-
+func openURL(cmd *cobra.Command, verificationURIComplete string) {
 	err := open.Run(verificationURIComplete)
 	cmd.Printf("Please do the SSO login in your browser. \n" +
 		"If your browser didn't open automatically, use this URL to log in:\n\n" +
-		" " + verificationURIComplete + " " + codeMsg + " \n\n")
+		" " + verificationURIComplete + " \n\n")
 	if err != nil {
 		cmd.Printf("Alternatively, you may want to use a setup key, see:\n\n https://www.netbird.io/docs/overview/setup-keys\n")
 	}
--- a/client/cmd/root.go
+++ b/client/cmd/root.go
@@ -45,7 +45,6 @@ var (
 	managementURL           string
 	adminURL                string
 	setupKey                string
-	hostName                string
 	preSharedKey            string
 	natExternalIPs          []string
 	customDNSAddress        string
@@ -95,7 +94,6 @@ func init() {
 	rootCmd.PersistentFlags().StringVar(&logFile, "log-file", defaultLogFile, "sets Netbird log path. If console is specified the the log will be output to stdout")
 	rootCmd.PersistentFlags().StringVarP(&setupKey, "setup-key", "k", "", "Setup key obtained from the Management Service Dashboard (used to register peer)")
 	rootCmd.PersistentFlags().StringVar(&preSharedKey, "preshared-key", "", "Sets Wireguard PreSharedKey property. If set, then only peers that have the same key can communicate.")
-	rootCmd.PersistentFlags().StringVarP(&hostName, "hostname", "n", "", "Sets a custom hostname for the device")
 	rootCmd.AddCommand(serviceCmd)
 	rootCmd.AddCommand(upCmd)
 	rootCmd.AddCommand(downCmd)
--- a/client/cmd/status.go
+++ b/client/cmd/status.go
@@ -249,7 +249,7 @@ func mapPeers(peers []*proto.PeerState) peersStateOutput {
 			IP:               pbPeerState.GetIP(),
 			PubKey:           pbPeerState.GetPubKey(),
 			Status:           pbPeerState.GetConnStatus(),
-			LastStatusUpdate: timeLocal,
+			LastStatusUpdate: timeLocal.UTC(),
 			ConnType:         connType,
 			Direct:           pbPeerState.GetDirect(),
 			IceCandidateType: iceCandidateType{
--- a/client/cmd/status_test.go
+++ b/client/cmd/status_test.go
@@ -11,15 +11,6 @@ import (
 	"github.com/netbirdio/netbird/version"
 )

-func init() {
-	loc, err := time.LoadLocation("UTC")
-	if err != nil {
-		panic(err)
-	}
-
-	time.Local = loc
-}
-
 var resp = &proto.StatusResponse{
 	Status: "Connected",
 	FullStatus: &proto.FullStatus{
--- a/client/cmd/testutil.go
+++ b/client/cmd/testutil.go
@@ -2,23 +2,21 @@ package cmd

 import (
 	"context"
+	"github.com/netbirdio/netbird/management/server/activity"
 	"net"
 	"path/filepath"
 	"testing"
 	"time"

-	"github.com/netbirdio/netbird/management/server/activity"
-
 	"github.com/netbirdio/netbird/util"

-	"google.golang.org/grpc"
-
 	clientProto "github.com/netbirdio/netbird/client/proto"
 	client "github.com/netbirdio/netbird/client/server"
 	mgmtProto "github.com/netbirdio/netbird/management/proto"
 	mgmt "github.com/netbirdio/netbird/management/server"
 	sigProto "github.com/netbirdio/netbird/signal/proto"
 	sig "github.com/netbirdio/netbird/signal/server"
+	"google.golang.org/grpc"
 )

 func startTestingServices(t *testing.T) string {
@@ -65,7 +63,7 @@ func startManagement(t *testing.T, config *mgmt.Config) (*grpc.Server, net.Liste
 		t.Fatal(err)
 	}
 	s := grpc.NewServer()
-	store, err := mgmt.NewFileStore(config.Datadir, nil)
+	store, err := mgmt.NewFileStore(config.Datadir)
 	if err != nil {
 		t.Fatal(err)
 	}
--- a/client/cmd/up.go
+++ b/client/cmd/up.go
@@ -15,7 +15,6 @@ import (
 	"github.com/netbirdio/netbird/client/internal"
 	"github.com/netbirdio/netbird/client/internal/peer"
 	"github.com/netbirdio/netbird/client/proto"
-	"github.com/netbirdio/netbird/client/system"
 	"github.com/netbirdio/netbird/util"
 )

@@ -56,11 +55,6 @@ func upFunc(cmd *cobra.Command, args []string) error {

 	ctx := internal.CtxInitState(cmd.Context())

-	if hostName != "" {
-		// nolint
-		ctx = context.WithValue(ctx, system.DeviceNameCtxKey, hostName)
-	}
-
 	if foregroundMode {
 		return runInForegroundMode(ctx, cmd)
 	}
@@ -78,18 +72,14 @@ func runInForegroundMode(ctx context.Context, cmd *cobra.Command) error {
 		return err
 	}

-	ic := internal.ConfigInput{
+	config, err := internal.UpdateOrCreateConfig(internal.ConfigInput{
 		ManagementURL:    managementURL,
 		AdminURL:         adminURL,
 		ConfigPath:       configPath,
+		PreSharedKey:     &preSharedKey,
 		NATExternalIPs:   natExternalIPs,
 		CustomDNSAddress: customDNSAddressConverted,
-	}
-	if preSharedKey != "" {
-		ic.PreSharedKey = &preSharedKey
-	}
-
-	config, err := internal.UpdateOrCreateConfig(ic)
+	})
 	if err != nil {
 		return fmt.Errorf("get config file: %v", err)
 	}
@@ -176,7 +166,7 @@ func runInDaemonMode(ctx context.Context, cmd *cobra.Command) error {

 	if loginResp.NeedsSSOLogin {

-		openURL(cmd, loginResp.VerificationURIComplete, loginResp.UserCode)
+		openURL(cmd, loginResp.VerificationURIComplete)

 		_, err = client.WaitSSOLogin(ctx, &proto.WaitSSOLoginRequest{UserCode: loginResp.UserCode})
 		if err != nil {
--- a/client/internal/dns/file_linux.go
+++ b/client/internal/dns/file_linux.go
@@ -32,10 +32,6 @@ func newFileConfigurator() (hostManager, error) {
 	return &fileConfigurator{}, nil
 }

-func (f *fileConfigurator) supportCustomPort() bool {
-	return false
-}
-
 func (f *fileConfigurator) applyDNSConfig(config hostDNSConfig) error {
 	backupFileExist := false
 	_, err := os.Stat(fileDefaultResolvConfBackupLocation)
--- a/client/internal/dns/host.go
+++ b/client/internal/dns/host.go
@@ -10,7 +10,6 @@ import (
 type hostManager interface {
 	applyDNSConfig(config hostDNSConfig) error
 	restoreHostDNS() error
-	supportCustomPort() bool
 }

 type hostDNSConfig struct {
@@ -27,9 +26,8 @@ type domainConfig struct {
 }

 type mockHostConfigurator struct {
-	applyDNSConfigFunc    func(config hostDNSConfig) error
-	restoreHostDNSFunc    func() error
-	supportCustomPortFunc func() bool
+	applyDNSConfigFunc func(config hostDNSConfig) error
+	restoreHostDNSFunc func() error
 }

 func (m *mockHostConfigurator) applyDNSConfig(config hostDNSConfig) error {
@@ -46,18 +44,10 @@ func (m *mockHostConfigurator) restoreHostDNS() error {
 	return fmt.Errorf("method restoreHostDNS is not implemented")
 }

-func (m *mockHostConfigurator) supportCustomPort() bool {
-	if m.supportCustomPortFunc != nil {
-		return m.supportCustomPortFunc()
-	}
-	return false
-}
-
 func newNoopHostMocker() hostManager {
 	return &mockHostConfigurator{
-		applyDNSConfigFunc:    func(config hostDNSConfig) error { return nil },
-		restoreHostDNSFunc:    func() error { return nil },
-		supportCustomPortFunc: func() bool { return true },
+		applyDNSConfigFunc: func(config hostDNSConfig) error { return nil },
+		restoreHostDNSFunc: func() error { return nil },
 	}
 }

--- a/client/internal/dns/host_darwin.go
+++ b/client/internal/dns/host_darwin.go
@@ -8,9 +8,8 @@ import (
 	"strconv"
 	"strings"

-	log "github.com/sirupsen/logrus"
-
 	"github.com/netbirdio/netbird/iface"
+	log "github.com/sirupsen/logrus"
 )

 const (
@@ -40,10 +39,6 @@ func newHostManager(_ *iface.WGIface) (hostManager, error) {
 	}, nil
 }

-func (s *systemConfigurator) supportCustomPort() bool {
-	return true
-}
-
 func (s *systemConfigurator) applyDNSConfig(config hostDNSConfig) error {
 	var err error

--- a/client/internal/dns/host_windows.go
+++ b/client/internal/dns/host_windows.go
@@ -4,10 +4,9 @@ import (
 	"fmt"
 	"strings"

+	"github.com/netbirdio/netbird/iface"
 	log "github.com/sirupsen/logrus"
 	"golang.org/x/sys/windows/registry"
-
-	"github.com/netbirdio/netbird/iface"
 )

 const (
@@ -43,10 +42,6 @@ func newHostManager(wgInterface *iface.WGIface) (hostManager, error) {
 	}, nil
 }

-func (s *registryConfigurator) supportCustomPort() bool {
-	return false
-}
-
 func (r *registryConfigurator) applyDNSConfig(config hostDNSConfig) error {
 	var err error
 	if config.routeAll {
--- a/client/internal/dns/local.go
+++ b/client/internal/dns/local.go
@@ -2,12 +2,10 @@ package dns

 import (
 	"fmt"
-	"sync"
-
 	"github.com/miekg/dns"
-	log "github.com/sirupsen/logrus"
-
 	nbdns "github.com/netbirdio/netbird/dns"
+	log "github.com/sirupsen/logrus"
+	"sync"
 )

 type registrationMap map[string]struct{}
@@ -17,9 +15,6 @@ type localResolver struct {
 	records       sync.Map
 }

-func (d *localResolver) stop() {
-}
-
 // ServeDNS handles a DNS request
 func (d *localResolver) ServeDNS(w dns.ResponseWriter, r *dns.Msg) {
 	log.Tracef("received question: %#v\n", r.Question[0])
--- a/client/internal/dns/network_manager_linux.go
+++ b/client/internal/dns/network_manager_linux.go
@@ -11,9 +11,8 @@ import (
 	"github.com/godbus/dbus/v5"
 	"github.com/hashicorp/go-version"
 	"github.com/miekg/dns"
-	log "github.com/sirupsen/logrus"
-
 	"github.com/netbirdio/netbird/iface"
+	log "github.com/sirupsen/logrus"
 )

 const (
@@ -89,10 +88,6 @@ func newNetworkManagerDbusConfigurator(wgInterface *iface.WGIface) (hostManager,
 	}, nil
 }

-func (n *networkManagerDbusConfigurator) supportCustomPort() bool {
-	return false
-}
-
 func (n *networkManagerDbusConfigurator) applyDNSConfig(config hostDNSConfig) error {
 	connSettings, configVersion, err := n.getAppliedConnectionSettings()
 	if err != nil {
--- a/client/internal/dns/resolvconf_linux.go
+++ b/client/internal/dns/resolvconf_linux.go
@@ -5,9 +5,8 @@ import (
 	"os/exec"
 	"strings"

-	log "github.com/sirupsen/logrus"
-
 	"github.com/netbirdio/netbird/iface"
+	log "github.com/sirupsen/logrus"
 )

 const resolvconfCommand = "resolvconf"
@@ -22,10 +21,6 @@ func newResolvConfConfigurator(wgInterface *iface.WGIface) (hostManager, error)
 	}, nil
 }

-func (r *resolvconf) supportCustomPort() bool {
-	return false
-}
-
 func (r *resolvconf) applyDNSConfig(config hostDNSConfig) error {
 	var err error
 	if !config.routeAll {
--- a/client/internal/dns/server_nonandroid.go
+++ b/client/internal/dns/server_nonandroid.go
@@ -13,10 +13,9 @@ import (

 	"github.com/miekg/dns"
 	"github.com/mitchellh/hashstructure/v2"
-	log "github.com/sirupsen/logrus"
-
 	nbdns "github.com/netbirdio/netbird/dns"
 	"github.com/netbirdio/netbird/iface"
+	log "github.com/sirupsen/logrus"
 )

 const (
@@ -26,16 +25,15 @@ const (
 	customIP    = "127.0.0.153"
 )

-type registeredHandlerMap map[string]handlerWithStop
-
 // DefaultServer dns server object
 type DefaultServer struct {
 	ctx                context.Context
 	ctxCancel          context.CancelFunc
+	upstreamCtxCancel  context.CancelFunc
 	mux                sync.Mutex
 	server             *dns.Server
 	dnsMux             *dns.ServeMux
-	dnsMuxMap          registeredHandlerMap
+	dnsMuxMap          registrationMap
 	localResolver      *localResolver
 	wgInterface        *iface.WGIface
 	hostManager        hostManager
@@ -48,14 +46,9 @@ type DefaultServer struct {
 	customAddress      *netip.AddrPort
 }

-type handlerWithStop interface {
-	dns.Handler
-	stop()
-}
-
 type muxUpdate struct {
 	domain  string
-	handler handlerWithStop
+	handler dns.Handler
 }

 // NewDefaultServer returns a new dns server
@@ -85,7 +78,7 @@ func NewDefaultServer(ctx context.Context, wgInterface *iface.WGIface, customAdd
 		ctxCancel: stop,
 		server:    dnsServer,
 		dnsMux:    mux,
-		dnsMuxMap: make(registeredHandlerMap),
+		dnsMuxMap: make(registrationMap),
 		localResolver: &localResolver{
 			registeredMap: make(registrationMap),
 		},
@@ -261,14 +254,7 @@ func (s *DefaultServer) applyConfiguration(update nbdns.Config) error {
 	s.updateLocalResolver(localRecords)
 	s.currentConfig = dnsConfigToHostDNSConfig(update, s.runtimeIP, s.runtimePort)

-	hostUpdate := s.currentConfig
-	if s.runtimePort != defaultPort && !s.hostManager.supportCustomPort() {
-		log.Warnf("the DNS manager of this peer doesn't support custom port. Disabling primary DNS setup. " +
-			"Learn more at: https://netbird.io/docs/how-to-guides/nameservers#local-resolver")
-		hostUpdate.routeAll = false
-	}
-
-	if err = s.hostManager.applyDNSConfig(hostUpdate); err != nil {
+	if err = s.hostManager.applyDNSConfig(s.currentConfig); err != nil {
 		log.Error(err)
 	}

@@ -303,6 +289,10 @@ func (s *DefaultServer) buildLocalHandlerUpdate(customZones []nbdns.CustomZone)
 }

 func (s *DefaultServer) buildUpstreamHandlerUpdate(nameServerGroups []*nbdns.NameServerGroup) ([]muxUpdate, error) {
+	// clean up the previous upstream resolver
+	if s.upstreamCtxCancel != nil {
+		s.upstreamCtxCancel()
+	}

 	var muxUpdates []muxUpdate
 	for _, nsGroup := range nameServerGroups {
@@ -311,7 +301,10 @@ func (s *DefaultServer) buildUpstreamHandlerUpdate(nameServerGroups []*nbdns.Nam
 			continue
 		}

-		handler := newUpstreamResolver(s.ctx)
+		var ctx context.Context
+		ctx, s.upstreamCtxCancel = context.WithCancel(s.ctx)
+
+		handler := newUpstreamResolver(ctx)
 		for _, ns := range nsGroup.NameServers {
 			if ns.NSType != nbdns.UDPNameServerType {
 				log.Warnf("skiping nameserver %s with type %s, this peer supports only %s",
@@ -322,7 +315,6 @@ func (s *DefaultServer) buildUpstreamHandlerUpdate(nameServerGroups []*nbdns.Nam
 		}

 		if len(handler.upstreamServers) == 0 {
-			handler.stop()
 			log.Errorf("received a nameserver group with an invalid nameserver list")
 			continue
 		}
@@ -346,13 +338,11 @@ func (s *DefaultServer) buildUpstreamHandlerUpdate(nameServerGroups []*nbdns.Nam
 		}

 		if len(nsGroup.Domains) == 0 {
-			handler.stop()
 			return nil, fmt.Errorf("received a non primary nameserver group with an empty domain list")
 		}

 		for _, domain := range nsGroup.Domains {
 			if domain == "" {
-				handler.stop()
 				return nil, fmt.Errorf("received a nameserver group with an empty domain element")
 			}
 			muxUpdates = append(muxUpdates, muxUpdate{
@@ -365,20 +355,16 @@ func (s *DefaultServer) buildUpstreamHandlerUpdate(nameServerGroups []*nbdns.Nam
 }

 func (s *DefaultServer) updateMux(muxUpdates []muxUpdate) {
-	muxUpdateMap := make(registeredHandlerMap)
+	muxUpdateMap := make(registrationMap)

 	for _, update := range muxUpdates {
 		s.registerMux(update.domain, update.handler)
-		muxUpdateMap[update.domain] = update.handler
-		if existingHandler, ok := s.dnsMuxMap[update.domain]; ok {
-			existingHandler.stop()
-		}
+		muxUpdateMap[update.domain] = struct{}{}
 	}

-	for key, existingHandler := range s.dnsMuxMap {
+	for key := range s.dnsMuxMap {
 		_, found := muxUpdateMap[key]
 		if !found {
-			existingHandler.stop()
 			s.deregisterMux(key)
 		}
 	}
--- a/client/internal/dns/server_test.go
+++ b/client/internal/dns/server_test.go
@@ -41,23 +41,21 @@ func TestUpdateDNSServer(t *testing.T) {
 		},
 	}

-	dummyHandler := &localResolver{}
-
 	testCases := []struct {
 		name                string
-		initUpstreamMap     registeredHandlerMap
+		initUpstreamMap     registrationMap
 		initLocalMap        registrationMap
 		initSerial          uint64
 		inputSerial         uint64
 		inputUpdate         nbdns.Config
 		shouldFail          bool
-		expectedUpstreamMap registeredHandlerMap
+		expectedUpstreamMap registrationMap
 		expectedLocalMap    registrationMap
 	}{
 		{
 			name:            "Initial Config Should Succeed",
 			initLocalMap:    make(registrationMap),
-			initUpstreamMap: make(registeredHandlerMap),
+			initUpstreamMap: make(registrationMap),
 			initSerial:      0,
 			inputSerial:     1,
 			inputUpdate: nbdns.Config{
@@ -79,13 +77,13 @@ func TestUpdateDNSServer(t *testing.T) {
 					},
 				},
 			},
-			expectedUpstreamMap: registeredHandlerMap{"netbird.io": dummyHandler, "netbird.cloud": dummyHandler, nbdns.RootZone: dummyHandler},
+			expectedUpstreamMap: registrationMap{"netbird.io": struct{}{}, "netbird.cloud": struct{}{}, nbdns.RootZone: struct{}{}},
 			expectedLocalMap:    registrationMap{buildRecordKey(zoneRecords[0].Name, 1, 1): struct{}{}},
 		},
 		{
 			name:            "New Config Should Succeed",
 			initLocalMap:    registrationMap{"netbird.cloud": struct{}{}},
-			initUpstreamMap: registeredHandlerMap{buildRecordKey(zoneRecords[0].Name, 1, 1): dummyHandler},
+			initUpstreamMap: registrationMap{buildRecordKey(zoneRecords[0].Name, 1, 1): struct{}{}},
 			initSerial:      0,
 			inputSerial:     1,
 			inputUpdate: nbdns.Config{
@@ -103,13 +101,13 @@ func TestUpdateDNSServer(t *testing.T) {
 					},
 				},
 			},
-			expectedUpstreamMap: registeredHandlerMap{"netbird.io": dummyHandler, "netbird.cloud": dummyHandler},
+			expectedUpstreamMap: registrationMap{"netbird.io": struct{}{}, "netbird.cloud": struct{}{}},
 			expectedLocalMap:    registrationMap{buildRecordKey(zoneRecords[0].Name, 1, 1): struct{}{}},
 		},
 		{
 			name:            "Smaller Config Serial Should Be Skipped",
 			initLocalMap:    make(registrationMap),
-			initUpstreamMap: make(registeredHandlerMap),
+			initUpstreamMap: make(registrationMap),
 			initSerial:      2,
 			inputSerial:     1,
 			shouldFail:      true,
@@ -117,7 +115,7 @@ func TestUpdateDNSServer(t *testing.T) {
 		{
 			name:            "Empty NS Group Domain Or Not Primary Element Should Fail",
 			initLocalMap:    make(registrationMap),
-			initUpstreamMap: make(registeredHandlerMap),
+			initUpstreamMap: make(registrationMap),
 			initSerial:      0,
 			inputSerial:     1,
 			inputUpdate: nbdns.Config{
@@ -139,7 +137,7 @@ func TestUpdateDNSServer(t *testing.T) {
 		{
 			name:            "Invalid NS Group Nameservers list Should Fail",
 			initLocalMap:    make(registrationMap),
-			initUpstreamMap: make(registeredHandlerMap),
+			initUpstreamMap: make(registrationMap),
 			initSerial:      0,
 			inputSerial:     1,
 			inputUpdate: nbdns.Config{
@@ -161,7 +159,7 @@ func TestUpdateDNSServer(t *testing.T) {
 		{
 			name:            "Invalid Custom Zone Records list Should Fail",
 			initLocalMap:    make(registrationMap),
-			initUpstreamMap: make(registeredHandlerMap),
+			initUpstreamMap: make(registrationMap),
 			initSerial:      0,
 			inputSerial:     1,
 			inputUpdate: nbdns.Config{
@@ -183,21 +181,21 @@ func TestUpdateDNSServer(t *testing.T) {
 		{
 			name:                "Empty Config Should Succeed and Clean Maps",
 			initLocalMap:        registrationMap{"netbird.cloud": struct{}{}},
-			initUpstreamMap:     registeredHandlerMap{zoneRecords[0].Name: dummyHandler},
+			initUpstreamMap:     registrationMap{zoneRecords[0].Name: struct{}{}},
 			initSerial:          0,
 			inputSerial:         1,
 			inputUpdate:         nbdns.Config{ServiceEnable: true},
-			expectedUpstreamMap: make(registeredHandlerMap),
+			expectedUpstreamMap: make(registrationMap),
 			expectedLocalMap:    make(registrationMap),
 		},
 		{
 			name:                "Disabled Service Should clean map",
 			initLocalMap:        registrationMap{"netbird.cloud": struct{}{}},
-			initUpstreamMap:     registeredHandlerMap{zoneRecords[0].Name: dummyHandler},
+			initUpstreamMap:     registrationMap{zoneRecords[0].Name: struct{}{}},
 			initSerial:          0,
 			inputSerial:         1,
 			inputUpdate:         nbdns.Config{ServiceEnable: false},
-			expectedUpstreamMap: make(registeredHandlerMap),
+			expectedUpstreamMap: make(registrationMap),
 			expectedLocalMap:    make(registrationMap),
 		},
 	}
@@ -433,7 +431,7 @@ func getDefaultServerWithNoHostManager(t *testing.T, addrPort string) *DefaultSe
 		ctxCancel: cancel,
 		server:    dnsServer,
 		dnsMux:    mux,
-		dnsMuxMap: make(registeredHandlerMap),
+		dnsMuxMap: make(registrationMap),
 		localResolver: &localResolver{
 			registeredMap: make(registrationMap),
 		},
--- a/client/internal/dns/systemd_linux.go
+++ b/client/internal/dns/systemd_linux.go
@@ -9,11 +9,10 @@ import (

 	"github.com/godbus/dbus/v5"
 	"github.com/miekg/dns"
-	log "github.com/sirupsen/logrus"
-	"golang.org/x/sys/unix"
-
 	nbdns "github.com/netbirdio/netbird/dns"
 	"github.com/netbirdio/netbird/iface"
+	log "github.com/sirupsen/logrus"
+	"golang.org/x/sys/unix"
 )

 const (
@@ -76,10 +75,6 @@ func newSystemdDbusConfigurator(wgInterface *iface.WGIface) (hostManager, error)
 	}, nil
 }

-func (s *systemdDbusConfigurator) supportCustomPort() bool {
-	return true
-}
-
 func (s *systemdDbusConfigurator) applyDNSConfig(config hostDNSConfig) error {
 	parsedIP, err := netip.ParseAddr(config.serverIP)
 	if err != nil {
--- a/client/internal/dns/upstream.go
+++ b/client/internal/dns/upstream.go
@@ -3,31 +3,24 @@ package dns
 import (
 	"context"
 	"errors"
-	"fmt"
 	"net"
 	"sync"
 	"sync/atomic"
 	"time"

-	"github.com/cenkalti/backoff/v4"
 	"github.com/miekg/dns"
 	log "github.com/sirupsen/logrus"
 )

 const (
-	failsTillDeact   = int32(5)
-	reactivatePeriod = 30 * time.Second
+	failsTillDeact   = int32(3)
+	reactivatePeriod = time.Minute
 	upstreamTimeout  = 15 * time.Second
 )

-type upstreamClient interface {
-	ExchangeContext(ctx context.Context, m *dns.Msg, a string) (r *dns.Msg, rtt time.Duration, err error)
-}
-
 type upstreamResolver struct {
 	ctx              context.Context
-	cancel           context.CancelFunc
-	upstreamClient   upstreamClient
+	upstreamClient   *dns.Client
 	upstreamServers  []string
 	disabled         bool
 	failsCount       atomic.Int32
@@ -40,11 +33,9 @@ type upstreamResolver struct {
 	reactivate func()
 }

-func newUpstreamResolver(parentCTX context.Context) *upstreamResolver {
-	ctx, cancel := context.WithCancel(parentCTX)
+func newUpstreamResolver(ctx context.Context) *upstreamResolver {
 	return &upstreamResolver{
 		ctx:              ctx,
-		cancel:           cancel,
 		upstreamClient:   &dns.Client{},
 		upstreamTimeout:  upstreamTimeout,
 		reactivatePeriod: reactivatePeriod,
@@ -52,11 +43,6 @@ func newUpstreamResolver(parentCTX context.Context) *upstreamResolver {
 	}
 }

-func (u *upstreamResolver) stop() {
-	log.Debugf("stoping serving DNS for upstreams %s", u.upstreamServers)
-	u.cancel()
-}
-
 // ServeDNS handles a DNS request
 func (u *upstreamResolver) ServeDNS(w dns.ResponseWriter, r *dns.Msg) {
 	defer u.checkUpstreamFails()
@@ -121,57 +107,28 @@ func (u *upstreamResolver) checkUpstreamFails() {
 		log.Warnf("upstream resolving is disabled for %v", reactivatePeriod)
 		u.deactivate()
 		u.disabled = true
-		go u.waitUntilResponse()
+		go u.waitUntilReactivation()
 	}
 }

-// waitUntilResponse retries, in an exponential interval, querying the upstream servers until it gets a positive response
-func (u *upstreamResolver) waitUntilResponse() {
-	exponentialBackOff := &backoff.ExponentialBackOff{
-		InitialInterval:     500 * time.Millisecond,
-		RandomizationFactor: 0.5,
-		Multiplier:          1.1,
-		MaxInterval:         u.reactivatePeriod,
-		MaxElapsedTime:      0,
-		Stop:                backoff.Stop,
-		Clock:               backoff.SystemClock,
-	}
-
-	r := new(dns.Msg).SetQuestion("netbird.io.", dns.TypeA)
-
-	operation := func() error {
-		select {
-		case <-u.ctx.Done():
-			return backoff.Permanent(fmt.Errorf("exiting upstream retry loop for upstreams %s: parent context has been canceled", u.upstreamServers))
-		default:
+// waitUntilReactivation reset fails counter and activates upstream resolving
+func (u *upstreamResolver) waitUntilReactivation() {
+	timer := time.NewTimer(u.reactivatePeriod)
+	defer func() {
+		if !timer.Stop() {
+			<-timer.C
 		}
+	}()

-		var err error
-		for _, upstream := range u.upstreamServers {
-			ctx, cancel := context.WithTimeout(u.ctx, u.upstreamTimeout)
-			_, _, err = u.upstreamClient.ExchangeContext(ctx, r, upstream)
-
-			cancel()
-
-			if err == nil {
-				return nil
-			}
-		}
-
-		log.Tracef("checking connectivity with upstreams %s failed with error: %s. Retrying in %s", err, u.upstreamServers, exponentialBackOff.NextBackOff())
-		return fmt.Errorf("got an error from upstream check call")
-	}
-
-	err := backoff.Retry(operation, exponentialBackOff)
-	if err != nil {
-		log.Warn(err)
+	select {
+	case <-u.ctx.Done():
 		return
+	case <-timer.C:
+		log.Info("upstream resolving is reactivated")
+		u.failsCount.Store(0)
+		u.reactivate()
+		u.disabled = false
 	}
-
-	log.Infof("upstreams %s are responsive again. Adding them back to system", u.upstreamServers)
-	u.failsCount.Store(0)
-	u.reactivate()
-	u.disabled = false
 }

 // isTimeout returns true if the given error is a network timeout error.
--- a/client/internal/dns/upstream_test.go
+++ b/client/internal/dns/upstream_test.go
@@ -2,11 +2,10 @@ package dns

 import (
 	"context"
+	"github.com/miekg/dns"
 	"strings"
 	"testing"
 	"time"
-
-	"github.com/miekg/dns"
 )

 func TestUpstreamResolver_ServeDNS(t *testing.T) {
@@ -107,29 +106,8 @@ func TestUpstreamResolver_ServeDNS(t *testing.T) {
 	}
 }

-type mockUpstreamResolver struct {
-	r   *dns.Msg
-	rtt time.Duration
-	err error
-}
-
-// ExchangeContext mock implementation of ExchangeContext from upstreamResolver
-func (c mockUpstreamResolver) ExchangeContext(_ context.Context, _ *dns.Msg, _ string) (r *dns.Msg, rtt time.Duration, err error) {
-	return c.r, c.rtt, c.err
-}
-
 func TestUpstreamResolver_DeactivationReactivation(t *testing.T) {
-	resolver := &upstreamResolver{
-		ctx: context.TODO(),
-		upstreamClient: &mockUpstreamResolver{
-			err: nil,
-			r:   new(dns.Msg),
-			rtt: time.Millisecond,
-		},
-		upstreamTimeout:  upstreamTimeout,
-		reactivatePeriod: reactivatePeriod,
-		failsTillDeact:   failsTillDeact,
-	}
+	resolver := newUpstreamResolver(context.TODO())
 	resolver.upstreamServers = []string{"0.0.0.0:-1"}
 	resolver.failsTillDeact = 0
 	resolver.reactivatePeriod = time.Microsecond * 100
--- a/client/internal/engine.go
+++ b/client/internal/engine.go
@@ -3,7 +3,6 @@ package internal
 import (
 	"context"
 	"fmt"
-	"io"
 	"math/rand"
 	"net"
 	"net/netip"
@@ -24,11 +23,9 @@ import (
 	nbssh "github.com/netbirdio/netbird/client/ssh"
 	nbdns "github.com/netbirdio/netbird/dns"
 	"github.com/netbirdio/netbird/iface"
-	"github.com/netbirdio/netbird/iface/bind"
 	mgm "github.com/netbirdio/netbird/management/client"
 	mgmProto "github.com/netbirdio/netbird/management/proto"
 	"github.com/netbirdio/netbird/route"
-	"github.com/netbirdio/netbird/sharedsock"
 	signal "github.com/netbirdio/netbird/signal/client"
 	sProto "github.com/netbirdio/netbird/signal/proto"
 	"github.com/netbirdio/netbird/util"
@@ -102,8 +99,10 @@ type Engine struct {

 	wgInterface *iface.WGIface

-	udpMux     *bind.UniversalUDPMuxDefault
-	udpMuxConn io.Closer
+	udpMux          ice.UDPMux
+	udpMuxSrflx     ice.UniversalUDPMux
+	udpMuxConn      *net.UDPConn
+	udpMuxConnSrflx *net.UDPConn

 	// networkSerial is the latest CurrentSerial (state ID) of the network sent by the Management service
 	networkSerial uint64
@@ -207,17 +206,33 @@ func (e *Engine) Start() error {
 			e.close()
 			return err
 		}
-		e.udpMux = udpMux
+		e.udpMux = udpMux.UDPMuxDefault
+		e.udpMuxSrflx = udpMux
 		log.Infof("using userspace bind mode %s", udpMux.LocalAddr().String())
 	} else {
-		rawSock, err := sharedsock.Listen(e.config.WgPort, sharedsock.NewIncomingSTUNFilter())
+		networkName := "udp"
+		if e.config.DisableIPv6Discovery {
+			networkName = "udp4"
+		}
+		e.udpMuxConn, err = net.ListenUDP(networkName, &net.UDPAddr{Port: e.config.UDPMuxPort})
 		if err != nil {
+			log.Errorf("failed listening on UDP port %d: [%s]", e.config.UDPMuxPort, err.Error())
+			e.close()
 			return err
 		}
-		mux := bind.NewUniversalUDPMuxDefault(bind.UniversalUDPMuxParams{UDPConn: rawSock, Net: transportNet})
-		go mux.ReadFromConn(e.ctx)
-		e.udpMuxConn = rawSock
-		e.udpMux = mux
+		udpMuxParams := ice.UDPMuxParams{
+			UDPConn: e.udpMuxConn,
+			Net:     transportNet,
+		}
+		e.udpMux = ice.NewUDPMuxDefault(udpMuxParams)
+
+		e.udpMuxConnSrflx, err = net.ListenUDP(networkName, &net.UDPAddr{Port: e.config.UDPMuxSrflxPort})
+		if err != nil {
+			log.Errorf("failed listening on UDP port %d: [%s]", e.config.UDPMuxSrflxPort, err.Error())
+			e.close()
+			return err
+		}
+		e.udpMuxSrflx = ice.NewUniversalUDPMuxDefault(ice.UniversalUDPMuxParams{UDPConn: e.udpMuxConnSrflx, Net: transportNet})
 	}

 	e.routeManager = routemanager.NewManager(e.ctx, e.config.WgPrivateKey.PublicKey().String(), e.wgInterface, e.statusRecorder)
@@ -379,6 +394,9 @@ func SignalOfferAnswer(offerAnswer peer.OfferAnswer, myKey wgtypes.Key, remoteKe
 		return err
 	}

+	// indicates message support in gRPC
+	msg.Body.FeaturesSupported = []uint32{signal.DirectCheck}
+
 	err = s.Send(msg)
 	if err != nil {
 		return err
@@ -806,8 +824,8 @@ func (e Engine) createPeerConn(pubKey string, allowedIPs string) (*peer.Conn, er
 		InterfaceBlackList:   e.config.IFaceBlackList,
 		DisableIPv6Discovery: e.config.DisableIPv6Discovery,
 		Timeout:              timeout,
-		UDPMux:               e.udpMux.UDPMuxDefault,
-		UDPMuxSrflx:          e.udpMux,
+		UDPMux:               e.udpMux,
+		UDPMuxSrflx:          e.udpMuxSrflx,
 		ProxyConfig:          proxyConfig,
 		LocalWgPort:          e.config.WgPort,
 		NATExternalIPs:       e.parseNATExternalIPMappings(),
@@ -900,6 +918,18 @@ func (e *Engine) receiveSignalEvents() {
 				}
 				conn.OnRemoteCandidate(candidate)
 			case sProto.Body_MODE:
+				protoMode := msg.GetBody().GetMode()
+				if protoMode == nil {
+					return fmt.Errorf("received an empty mode message")
+				}
+
+				err := conn.OnModeMessage(peer.ModeMessage{
+					Direct: protoMode.GetDirect(),
+				})
+				if err != nil {
+					log.Errorf("failed processing a mode message -> %s", err)
+					return err
+				}
 			}

 			return nil
@@ -990,6 +1020,12 @@ func (e *Engine) close() {
 		}
 	}

+	if e.udpMuxConnSrflx != nil {
+		if err := e.udpMuxConnSrflx.Close(); err != nil {
+			log.Debugf("close server reflexive udp mux connection: %v", err)
+		}
+	}
+
 	if !isNil(e.sshServer) {
 		err := e.sshServer.Stop()
 		if err != nil {
--- a/client/internal/engine_test.go
+++ b/client/internal/engine_test.go
@@ -3,6 +3,8 @@ package internal
 import (
 	"context"
 	"fmt"
+	"github.com/netbirdio/netbird/iface/bind"
+	"github.com/pion/transport/v2/stdnet"
 	"net"
 	"net/netip"
 	"os"
@@ -13,10 +15,6 @@ import (
 	"testing"
 	"time"

-	"github.com/pion/transport/v2/stdnet"
-
-	"github.com/netbirdio/netbird/iface/bind"
-
 	log "github.com/sirupsen/logrus"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -1041,7 +1039,7 @@ func startManagement(dataDir string) (*grpc.Server, string, error) {
 		return nil, "", err
 	}
 	s := grpc.NewServer(grpc.KeepaliveEnforcementPolicy(kaep), grpc.KeepaliveParams(kasp))
-	store, err := server.NewFileStore(config.Datadir, nil)
+	store, err := server.NewFileStore(config.Datadir)
 	if err != nil {
 		log.Fatalf("failed creating a store: %s: %v", config.Datadir, err)
 	}
--- a/client/internal/oauth.go
+++ b/client/internal/oauth.go
@@ -148,11 +148,6 @@ func (h *Hosted) RequestDeviceCode(ctx context.Context) (DeviceAuthInfo, error)
 		return DeviceAuthInfo{}, fmt.Errorf("unmarshaling response failed with error: %v", err)
 	}

-	// Fallback to the verification_uri if the IdP doesn't support verification_uri_complete
-	if deviceCode.VerificationURIComplete == "" {
-		deviceCode.VerificationURIComplete = deviceCode.VerificationURI
-	}
-
 	return deviceCode, err
 }

--- a/client/internal/peer/conn.go
+++ b/client/internal/peer/conn.go
@@ -4,8 +4,6 @@ import (
 	"context"
 	"fmt"
 	"net"
-	"os"
-	"strconv"
 	"strings"
 	"sync"
 	"time"
@@ -16,20 +14,11 @@ import (
 	"github.com/netbirdio/netbird/client/internal/proxy"
 	"github.com/netbirdio/netbird/client/internal/stdnet"
 	"github.com/netbirdio/netbird/iface"
-	"github.com/netbirdio/netbird/iface/bind"
 	signal "github.com/netbirdio/netbird/signal/client"
 	sProto "github.com/netbirdio/netbird/signal/proto"
 	"github.com/netbirdio/netbird/version"
 )

-const (
-	envICEKeepAliveIntervalSec   = "NB_ICE_KEEP_ALIVE_INTERVAL_SEC"
-	envICEDisconnectedTimeoutSec = "NB_ICE_DISCONNECTED_TIMEOUT_SEC"
-
-	iceKeepAliveDefault           = 4 * time.Second
-	iceDisconnectedTimeoutDefault = 6 * time.Second
-)
-
 // ConnConfig is a peer Connection configuration
 type ConnConfig struct {

@@ -160,22 +149,17 @@ func (conn *Conn) reCreateAgent() error {
 	if err != nil {
 		log.Errorf("failed to create pion's stdnet: %s", err)
 	}
-
-	iceKeepAlive, iceDisconnectedTimeout := readICEAgentConfigProperties()
-
 	agentConfig := &ice.AgentConfig{
-		MulticastDNSMode:    ice.MulticastDNSModeDisabled,
-		NetworkTypes:        []ice.NetworkType{ice.NetworkTypeUDP4, ice.NetworkTypeUDP6},
-		Urls:                conn.config.StunTurn,
-		CandidateTypes:      []ice.CandidateType{ice.CandidateTypeHost, ice.CandidateTypeServerReflexive, ice.CandidateTypeRelay},
-		FailedTimeout:       &failedTimeout,
-		InterfaceFilter:     stdnet.InterfaceFilter(conn.config.InterfaceBlackList),
-		UDPMux:              conn.config.UDPMux,
-		UDPMuxSrflx:         conn.config.UDPMuxSrflx,
-		NAT1To1IPs:          conn.config.NATExternalIPs,
-		Net:                 transportNet,
-		DisconnectedTimeout: &iceDisconnectedTimeout,
-		KeepaliveInterval:   &iceKeepAlive,
+		MulticastDNSMode: ice.MulticastDNSModeDisabled,
+		NetworkTypes:     []ice.NetworkType{ice.NetworkTypeUDP4, ice.NetworkTypeUDP6},
+		Urls:             conn.config.StunTurn,
+		CandidateTypes:   []ice.CandidateType{ice.CandidateTypeHost, ice.CandidateTypeServerReflexive, ice.CandidateTypeRelay},
+		FailedTimeout:    &failedTimeout,
+		InterfaceFilter:  stdnet.InterfaceFilter(conn.config.InterfaceBlackList),
+		UDPMux:           conn.config.UDPMux,
+		UDPMuxSrflx:      conn.config.UDPMuxSrflx,
+		NAT1To1IPs:       conn.config.NATExternalIPs,
+		Net:              transportNet,
 	}

 	if conn.config.DisableIPv6Discovery {
@@ -206,34 +190,6 @@ func (conn *Conn) reCreateAgent() error {
 	return nil
 }

-func readICEAgentConfigProperties() (time.Duration, time.Duration) {
-	iceKeepAlive := iceKeepAliveDefault
-	iceDisconnectedTimeout := iceDisconnectedTimeoutDefault
-
-	keepAliveEnv := os.Getenv(envICEKeepAliveIntervalSec)
-	if keepAliveEnv != "" {
-		log.Debugf("setting ICE keep alive interval to %s seconds", keepAliveEnv)
-		keepAliveEnvSec, err := strconv.Atoi(keepAliveEnv)
-		if err == nil {
-			iceKeepAlive = time.Duration(keepAliveEnvSec) * time.Second
-		} else {
-			log.Warnf("invalid value %s set for %s, using default %v", keepAliveEnv, envICEKeepAliveIntervalSec, iceKeepAlive)
-		}
-	}
-
-	disconnectedTimeoutEnv := os.Getenv(envICEDisconnectedTimeoutSec)
-	if disconnectedTimeoutEnv != "" {
-		log.Debugf("setting ICE disconnected timeout to %s seconds", disconnectedTimeoutEnv)
-		disconnectedTimeoutSec, err := strconv.Atoi(disconnectedTimeoutEnv)
-		if err == nil {
-			iceDisconnectedTimeout = time.Duration(disconnectedTimeoutSec) * time.Second
-		} else {
-			log.Warnf("invalid value %s set for %s, using default %v", disconnectedTimeoutEnv, envICEDisconnectedTimeoutSec, iceDisconnectedTimeout)
-		}
-	}
-	return iceKeepAlive, iceDisconnectedTimeout
-}
-
 // Open opens connection to the remote peer starting ICE candidate gathering process.
 // Blocks until connection has been closed or connection timeout.
 // ConnStatus will be set accordingly
@@ -359,10 +315,88 @@ func (conn *Conn) Open() error {
 	}
 }

+// useProxy determines whether a direct connection (without a go proxy) is possible
+//
+// There are 3 cases:
+//
+// * When neither candidate is from hard nat and one of the peers has a public IP
+//
+// * both peers are in the same private network
+//
+// * Local peer uses userspace interface with bind.ICEBind and is not relayed
+//
+// Please note, that this check happens when peers were already able to ping each other using ICE layer.
+func shouldUseProxy(pair *ice.CandidatePair, userspaceBind bool) bool {
+
+	if !isRelayCandidate(pair.Local) && userspaceBind {
+		log.Debugf("shouldn't use proxy because using Bind and the connection is not relayed")
+		return false
+	}
+
+	if !isHardNATCandidate(pair.Local) && isHostCandidateWithPublicIP(pair.Remote) {
+		log.Debugf("shouldn't use proxy because the local peer is not behind a hard NAT and the remote one has a public IP")
+		return false
+	}
+
+	if !isHardNATCandidate(pair.Remote) && isHostCandidateWithPublicIP(pair.Local) {
+		log.Debugf("shouldn't use proxy because the remote peer is not behind a hard NAT and the local one has a public IP")
+		return false
+	}
+
+	if isHostCandidateWithPrivateIP(pair.Local) && isHostCandidateWithPrivateIP(pair.Remote) && isSameNetworkPrefix(pair) {
+		log.Debugf("shouldn't use proxy because peers are in the same private /16 network")
+		return false
+	}
+
+	if (isPeerReflexiveCandidateWithPrivateIP(pair.Local) && isHostCandidateWithPrivateIP(pair.Remote) ||
+		isHostCandidateWithPrivateIP(pair.Local) && isPeerReflexiveCandidateWithPrivateIP(pair.Remote)) && isSameNetworkPrefix(pair) {
+		log.Debugf("shouldn't use proxy because peers are in the same private /16 network and one peer is peer reflexive")
+		return false
+	}
+
+	return true
+}
+
+func isSameNetworkPrefix(pair *ice.CandidatePair) bool {
+
+	localIP := net.ParseIP(pair.Local.Address())
+	remoteIP := net.ParseIP(pair.Remote.Address())
+	if localIP == nil || remoteIP == nil {
+		return false
+	}
+	// only consider /16 networks
+	mask := net.IPMask{255, 255, 0, 0}
+	return localIP.Mask(mask).Equal(remoteIP.Mask(mask))
+}
+
 func isRelayCandidate(candidate ice.Candidate) bool {
 	return candidate.Type() == ice.CandidateTypeRelay
 }

+func isHardNATCandidate(candidate ice.Candidate) bool {
+	return candidate.Type() == ice.CandidateTypeRelay || candidate.Type() == ice.CandidateTypePeerReflexive
+}
+
+func isHostCandidateWithPublicIP(candidate ice.Candidate) bool {
+	return candidate.Type() == ice.CandidateTypeHost && isPublicIP(candidate.Address())
+}
+
+func isHostCandidateWithPrivateIP(candidate ice.Candidate) bool {
+	return candidate.Type() == ice.CandidateTypeHost && !isPublicIP(candidate.Address())
+}
+
+func isPeerReflexiveCandidateWithPrivateIP(candidate ice.Candidate) bool {
+	return candidate.Type() == ice.CandidateTypePeerReflexive && !isPublicIP(candidate.Address())
+}
+
+func isPublicIP(address string) bool {
+	ip := net.ParseIP(address)
+	if ip == nil || ip.IsLoopback() || ip.IsLinkLocalUnicast() || ip.IsLinkLocalMulticast() || ip.IsPrivate() {
+		return false
+	}
+	return true
+}
+
 // startProxy starts proxying traffic from/to local Wireguard and sets connection status to StatusConnected
 func (conn *Conn) startProxy(remoteConn net.Conn, remoteWgPort int) error {
 	conn.mu.Lock()
@@ -375,7 +409,7 @@ func (conn *Conn) startProxy(remoteConn net.Conn, remoteWgPort int) error {
 	}

 	peerState := State{PubKey: conn.config.Key}
-	p := conn.getProxy(pair, remoteWgPort)
+	p := conn.getProxyWithMessageExchange(pair, remoteWgPort)
 	conn.proxy = p
 	err = p.Start(remoteConn)
 	if err != nil {
@@ -401,35 +435,62 @@ func (conn *Conn) startProxy(remoteConn net.Conn, remoteWgPort int) error {
 	return nil
 }

-// todo rename this method and the proxy package to something more appropriate
-func (conn *Conn) getProxy(pair *ice.CandidatePair, remoteWgPort int) proxy.Proxy {
-	if isRelayCandidate(pair.Local) {
-		return proxy.NewWireGuardProxy(conn.config.ProxyConfig)
+func (conn *Conn) getProxyWithMessageExchange(pair *ice.CandidatePair, remoteWgPort int) proxy.Proxy {
+	useProxy := shouldUseProxy(pair, conn.config.UserspaceBind)
+	localDirectMode := !useProxy
+	remoteDirectMode := localDirectMode
+
+	if conn.meta.protoSupport.DirectCheck {
+		go conn.sendLocalDirectMode(localDirectMode)
+		// will block until message received or timeout
+		remoteDirectMode = conn.receiveRemoteDirectMode()
 	}

-	// To support old version's with direct mode we attempt to punch an additional role with the remote wireguard port
-	go conn.punchRemoteWGPort(pair, remoteWgPort)
+	if conn.config.UserspaceBind && localDirectMode {
+		return proxy.NewNoProxy(conn.config.ProxyConfig)
+	}

-	return proxy.NewNoProxy(conn.config.ProxyConfig)
+	if localDirectMode && remoteDirectMode {
+		return proxy.NewDirectNoProxy(conn.config.ProxyConfig, remoteWgPort)
+	}
+
+	log.Debugf("falling back to local proxy mode with peer %s", conn.config.Key)
+	return proxy.NewWireGuardProxy(conn.config.ProxyConfig)
 }

-func (conn *Conn) punchRemoteWGPort(pair *ice.CandidatePair, remoteWgPort int) {
-	// wait local endpoint configuration
-	time.Sleep(time.Second)
-	addr, err := net.ResolveUDPAddr("udp", fmt.Sprintf("%s:%d", pair.Remote.Address(), remoteWgPort))
-	if err != nil {
-		log.Warnf("got an error while resolving the udp address, err: %s", err)
-		return
-	}
+func (conn *Conn) sendLocalDirectMode(localMode bool) {
+	// todo what happens when we couldn't deliver this message?
+	// we could retry, etc but there is no guarantee

-	mux, ok := conn.config.UDPMuxSrflx.(*bind.UniversalUDPMuxDefault)
-	if !ok {
-		log.Warn("invalid udp mux conversion")
-		return
-	}
-	_, err = mux.GetSharedConn().WriteTo([]byte{0x6e, 0x62}, addr)
+	err := conn.sendSignalMessage(&sProto.Message{
+		Key:       conn.config.LocalKey,
+		RemoteKey: conn.config.Key,
+		Body: &sProto.Body{
+			Type: sProto.Body_MODE,
+			Mode: &sProto.Mode{
+				Direct: &localMode,
+			},
+			NetBirdVersion: version.NetbirdVersion(),
+		},
+	})
 	if err != nil {
-		log.Warnf("got an error while sending the punch packet, err: %s", err)
+		log.Errorf("failed to send local proxy mode to remote peer %s, error: %s", conn.config.Key, err)
+	}
+}
+
+func (conn *Conn) receiveRemoteDirectMode() bool {
+	timeout := time.Second
+	timer := time.NewTimer(timeout)
+	defer timer.Stop()
+
+	select {
+	case receivedMSG := <-conn.remoteModeCh:
+		return receivedMSG.Direct
+	case <-timer.C:
+		// we didn't receive a message from remote so we assume that it supports the direct mode to keep the old behaviour
+		log.Debugf("timeout after %s while waiting for remote direct mode message from remote peer %s",
+			timeout, conn.config.Key)
+		return true
 	}
 }

@@ -653,6 +714,16 @@ func (conn *Conn) GetKey() string {
 	return conn.config.Key
 }

+// OnModeMessage unmarshall the payload message and send it to the mode message channel
+func (conn *Conn) OnModeMessage(message ModeMessage) error {
+	select {
+	case conn.remoteModeCh <- message:
+		return nil
+	default:
+		return fmt.Errorf("unable to process mode message: channel busy")
+	}
+}
+
 // RegisterProtoSupportMeta register supported proto message in the connection metadata
 func (conn *Conn) RegisterProtoSupportMeta(support []uint32) {
 	protoSupport := signal.ParseFeaturesSupported(support)
--- a/client/internal/peer/conn_test.go
+++ b/client/internal/peer/conn_test.go
@@ -9,9 +9,11 @@ import (

 	"github.com/magiconair/properties/assert"
 	"github.com/pion/ice/v2"
+	"golang.org/x/sync/errgroup"

 	"github.com/netbirdio/netbird/client/internal/proxy"
 	"github.com/netbirdio/netbird/iface"
+	sproto "github.com/netbirdio/netbird/signal/proto"
 )

 var connConf = ConnConfig{
@@ -168,3 +170,310 @@ func TestConn_Close(t *testing.T) {

 	wg.Wait()
 }
+
+type mockICECandidate struct {
+	ice.Candidate
+	AddressFunc func() string
+	TypeFunc    func() ice.CandidateType
+}
+
+// Address mocks and overwrite ice.Candidate Address method
+func (m *mockICECandidate) Address() string {
+	if m.AddressFunc != nil {
+		return m.AddressFunc()
+	}
+	return ""
+}
+
+// Type mocks and overwrite ice.Candidate Type method
+func (m *mockICECandidate) Type() ice.CandidateType {
+	if m.TypeFunc != nil {
+		return m.TypeFunc()
+	}
+	return ice.CandidateTypeUnspecified
+}
+
+func TestConn_ShouldUseProxy(t *testing.T) {
+	publicHostCandidate := &mockICECandidate{
+		AddressFunc: func() string {
+			return "8.8.8.8"
+		},
+		TypeFunc: func() ice.CandidateType {
+			return ice.CandidateTypeHost
+		},
+	}
+	privateHostCandidate := &mockICECandidate{
+		AddressFunc: func() string {
+			return "10.0.0.1"
+		},
+		TypeFunc: func() ice.CandidateType {
+			return ice.CandidateTypeHost
+		},
+	}
+
+	srflxCandidate := &mockICECandidate{
+		AddressFunc: func() string {
+			return "1.1.1.1"
+		},
+		TypeFunc: func() ice.CandidateType {
+			return ice.CandidateTypeServerReflexive
+		},
+	}
+
+	prflxCandidate := &mockICECandidate{
+		AddressFunc: func() string {
+			return "1.1.1.1"
+		},
+		TypeFunc: func() ice.CandidateType {
+			return ice.CandidateTypePeerReflexive
+		},
+	}
+
+	relayCandidate := &mockICECandidate{
+		AddressFunc: func() string {
+			return "1.1.1.1"
+		},
+		TypeFunc: func() ice.CandidateType {
+			return ice.CandidateTypeRelay
+		},
+	}
+
+	testCases := []struct {
+		name        string
+		candatePair *ice.CandidatePair
+		expected    bool
+	}{
+		{
+			name: "Use Proxy When Local Candidate Is Relay",
+			candatePair: &ice.CandidatePair{
+				Local:  relayCandidate,
+				Remote: privateHostCandidate,
+			},
+			expected: true,
+		},
+		{
+			name: "Use Proxy When Remote Candidate Is Relay",
+			candatePair: &ice.CandidatePair{
+				Local:  privateHostCandidate,
+				Remote: relayCandidate,
+			},
+			expected: true,
+		},
+		{
+			name: "Use Proxy When Local Candidate Is Peer Reflexive",
+			candatePair: &ice.CandidatePair{
+				Local:  prflxCandidate,
+				Remote: privateHostCandidate,
+			},
+			expected: true,
+		},
+		{
+			name: "Use Proxy When Remote Candidate Is Peer Reflexive",
+			candatePair: &ice.CandidatePair{
+				Local:  privateHostCandidate,
+				Remote: prflxCandidate,
+			},
+			expected: true,
+		},
+		{
+			name: "Don't Use Proxy When Local Candidate Is Public And Remote Is Private",
+			candatePair: &ice.CandidatePair{
+				Local:  publicHostCandidate,
+				Remote: privateHostCandidate,
+			},
+			expected: false,
+		},
+		{
+			name: "Don't Use Proxy When Remote Candidate Is Public And Local Is Private",
+			candatePair: &ice.CandidatePair{
+				Local:  privateHostCandidate,
+				Remote: publicHostCandidate,
+			},
+			expected: false,
+		},
+		{
+			name: "Don't Use Proxy When Local Candidate is Public And Remote Is Server Reflexive",
+			candatePair: &ice.CandidatePair{
+				Local:  publicHostCandidate,
+				Remote: srflxCandidate,
+			},
+			expected: false,
+		},
+		{
+			name: "Don't Use Proxy When Remote Candidate is Public And Local Is Server Reflexive",
+			candatePair: &ice.CandidatePair{
+				Local:  srflxCandidate,
+				Remote: publicHostCandidate,
+			},
+			expected: false,
+		},
+		{
+			name: "Don't Use Proxy When Both Candidates Are Public",
+			candatePair: &ice.CandidatePair{
+				Local:  publicHostCandidate,
+				Remote: publicHostCandidate,
+			},
+			expected: false,
+		},
+		{
+			name: "Don't Use Proxy When Both Candidates Are Private",
+			candatePair: &ice.CandidatePair{
+				Local:  privateHostCandidate,
+				Remote: privateHostCandidate,
+			},
+			expected: false,
+		},
+		{
+			name: "Don't Use Proxy When Both Candidates are in private network and one is peer reflexive",
+			candatePair: &ice.CandidatePair{
+				Local: &mockICECandidate{AddressFunc: func() string {
+					return "10.16.102.168"
+				},
+					TypeFunc: func() ice.CandidateType {
+						return ice.CandidateTypeHost
+					}},
+				Remote: &mockICECandidate{AddressFunc: func() string {
+					return "10.16.101.96"
+				},
+					TypeFunc: func() ice.CandidateType {
+						return ice.CandidateTypePeerReflexive
+					}},
+			},
+			expected: false,
+		},
+		{
+			name: "Should Use Proxy When Both Candidates are in private network and both are peer reflexive",
+			candatePair: &ice.CandidatePair{
+				Local: &mockICECandidate{AddressFunc: func() string {
+					return "10.16.102.168"
+				},
+					TypeFunc: func() ice.CandidateType {
+						return ice.CandidateTypePeerReflexive
+					}},
+				Remote: &mockICECandidate{AddressFunc: func() string {
+					return "10.16.101.96"
+				},
+					TypeFunc: func() ice.CandidateType {
+						return ice.CandidateTypePeerReflexive
+					}},
+			},
+			expected: true,
+		},
+	}
+
+	for _, testCase := range testCases {
+		t.Run(testCase.name, func(t *testing.T) {
+			result := shouldUseProxy(testCase.candatePair, false)
+			if result != testCase.expected {
+				t.Errorf("got a different result. Expected %t Got %t", testCase.expected, result)
+			}
+		})
+	}
+}
+
+func TestGetProxyWithMessageExchange(t *testing.T) {
+	publicHostCandidate := &mockICECandidate{
+		AddressFunc: func() string {
+			return "8.8.8.8"
+		},
+		TypeFunc: func() ice.CandidateType {
+			return ice.CandidateTypeHost
+		},
+	}
+	relayCandidate := &mockICECandidate{
+		AddressFunc: func() string {
+			return "1.1.1.1"
+		},
+		TypeFunc: func() ice.CandidateType {
+			return ice.CandidateTypeRelay
+		},
+	}
+
+	testCases := []struct {
+		name                   string
+		candatePair            *ice.CandidatePair
+		inputDirectModeSupport bool
+		inputRemoteModeMessage bool
+		expected               proxy.Type
+	}{
+		{
+			name: "Should Result In Using Wireguard Proxy When Local Eval Is Use Proxy",
+			candatePair: &ice.CandidatePair{
+				Local:  relayCandidate,
+				Remote: publicHostCandidate,
+			},
+			inputDirectModeSupport: true,
+			inputRemoteModeMessage: true,
+			expected:               proxy.TypeWireGuard,
+		},
+		{
+			name: "Should Result In Using Wireguard Proxy When Remote Eval Is Use Proxy",
+			candatePair: &ice.CandidatePair{
+				Local:  publicHostCandidate,
+				Remote: publicHostCandidate,
+			},
+			inputDirectModeSupport: true,
+			inputRemoteModeMessage: false,
+			expected:               proxy.TypeWireGuard,
+		},
+		{
+			name: "Should Result In Using Wireguard Proxy When Remote Direct Mode Support Is False And Local Eval Is Use Proxy",
+			candatePair: &ice.CandidatePair{
+				Local:  relayCandidate,
+				Remote: publicHostCandidate,
+			},
+			inputDirectModeSupport: false,
+			inputRemoteModeMessage: false,
+			expected:               proxy.TypeWireGuard,
+		},
+		{
+			name: "Should Result In Using Direct When Remote Direct Mode Support Is False And Local Eval Is No Use Proxy",
+			candatePair: &ice.CandidatePair{
+				Local:  publicHostCandidate,
+				Remote: publicHostCandidate,
+			},
+			inputDirectModeSupport: false,
+			inputRemoteModeMessage: false,
+			expected:               proxy.TypeDirectNoProxy,
+		},
+		{
+			name: "Should Result In Using Direct When Local And Remote Eval Is No Proxy",
+			candatePair: &ice.CandidatePair{
+				Local:  publicHostCandidate,
+				Remote: publicHostCandidate,
+			},
+			inputDirectModeSupport: true,
+			inputRemoteModeMessage: true,
+			expected:               proxy.TypeDirectNoProxy,
+		},
+	}
+	for _, testCase := range testCases {
+		t.Run(testCase.name, func(t *testing.T) {
+			g := errgroup.Group{}
+			conn, err := NewConn(connConf, nil, nil, nil)
+			if err != nil {
+				t.Fatal(err)
+			}
+			conn.meta.protoSupport.DirectCheck = testCase.inputDirectModeSupport
+			conn.SetSendSignalMessage(func(message *sproto.Message) error {
+				return nil
+			})
+
+			g.Go(func() error {
+				return conn.OnModeMessage(ModeMessage{
+					Direct: testCase.inputRemoteModeMessage,
+				})
+			})
+
+			resultProxy := conn.getProxyWithMessageExchange(testCase.candatePair, 1000)
+
+			err = g.Wait()
+			if err != nil {
+				t.Error(err)
+			}
+			if resultProxy.Type() != testCase.expected {
+				t.Errorf("result didn't match expected value: Expected: %s, Got: %s", testCase.expected, resultProxy.Type())
+			}
+		})
+	}
+}
--- a/client/internal/peer/status.go
+++ b/client/internal/peer/status.go
@@ -78,7 +78,6 @@ func (d *Status) ReplaceOfflinePeers(replacement []State) {
 	defer d.mux.Unlock()
 	d.offlinePeers = make([]State, len(replacement))
 	copy(d.offlinePeers, replacement)
-	d.notifyPeerListChanged()
 }

 // AddPeer adds peer to Daemon status map
@@ -309,7 +308,7 @@ func (d *Status) onConnectionChanged() {
 }

 func (d *Status) notifyPeerListChanged() {
-	d.notifier.peerListChanged(len(d.peers) + len(d.offlinePeers))
+	d.notifier.peerListChanged(len(d.peers))
 }

 func (d *Status) notifyAddressChanged() {
--- a/client/internal/proxy/direct.go
+++ b/client/internal/proxy/direct.go
@@ -0,0 +1,57 @@
+package proxy
+
+import (
+	log "github.com/sirupsen/logrus"
+	"net"
+)
+
+// DirectNoProxy is used when there is no need for a proxy between ICE and WireGuard.
+// This is possible in either of these cases:
+// - peers are in the same local network
+// - one of the peers has a public static IP (host)
+// DirectNoProxy will just update remote peer with a remote host and fixed WireGuard port (r.g. 51820).
+// In order DirectNoProxy to work, WireGuard port has to be fixed for the time being.
+type DirectNoProxy struct {
+	config Config
+	// RemoteWgListenPort is a WireGuard port of a remote peer.
+	// It is used instead of the hardcoded 51820 port.
+	RemoteWgListenPort int
+}
+
+// NewDirectNoProxy creates a new DirectNoProxy with a provided config and remote peer's WireGuard listen port
+func NewDirectNoProxy(config Config, remoteWgPort int) *DirectNoProxy {
+	return &DirectNoProxy{config: config, RemoteWgListenPort: remoteWgPort}
+}
+
+// Close removes peer from the WireGuard interface
+func (p *DirectNoProxy) Close() error {
+	err := p.config.WgInterface.RemovePeer(p.config.RemoteKey)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+// Start just updates WireGuard peer with the remote IP and default WireGuard port
+func (p *DirectNoProxy) Start(remoteConn net.Conn) error {
+
+	log.Debugf("using DirectNoProxy while connecting to peer %s", p.config.RemoteKey)
+	addr, err := net.ResolveUDPAddr("udp", remoteConn.RemoteAddr().String())
+	if err != nil {
+		return err
+	}
+	addr.Port = p.RemoteWgListenPort
+	err = p.config.WgInterface.UpdatePeer(p.config.RemoteKey, p.config.AllowedIps, DefaultWgKeepAlive,
+		addr, p.config.PreSharedKey)
+
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// Type returns the type of this proxy
+func (p *DirectNoProxy) Type() Type {
+	return TypeDirectNoProxy
+}
--- a/client/internal/routemanager/systemops_linux.go
+++ b/client/internal/routemanager/systemops_linux.go
@@ -62,16 +62,6 @@ func removeFromRouteTable(prefix netip.Prefix) error {
 }

 func enableIPForwarding() error {
-	bytes, err := os.ReadFile(ipv4ForwardingPath)
-	if err != nil {
-		return err
-	}
-
-	// check if it is already enabled
-	// see more: https://github.com/netbirdio/netbird/issues/872
-	if len(bytes) > 0 && bytes[0] == 49 {
-		return nil
-	}
-
-	return os.WriteFile(ipv4ForwardingPath, []byte("1"), 0644)
+	err := os.WriteFile(ipv4ForwardingPath, []byte("1"), 0644)
+	return err
 }
--- a/client/main.go
+++ b/client/main.go
@@ -1,9 +1,8 @@
 package main

 import (
-	"os"
-
 	"github.com/netbirdio/netbird/client/cmd"
+	"os"
 )

 func main() {
--- a/client/server/server.go
+++ b/client/server/server.go
@@ -236,9 +236,7 @@ func (s *Server) Login(callerCtx context.Context, msg *proto.LoginRequest) (*pro
 				}, nil
 			} else {
 				log.Warnf("canceling previous waiting execution")
-				if s.oauthAuthFlow.waitCancel != nil {
-					s.oauthAuthFlow.waitCancel()
-				}
+				s.oauthAuthFlow.waitCancel()
 			}
 		}

--- a/client/system/info.go
+++ b/client/system/info.go
@@ -43,15 +43,6 @@ func extractUserAgent(ctx context.Context) string {
 	return ""
 }

-// extractDeviceName extracts device name from context or returns the default system name
-func extractDeviceName(ctx context.Context, defaultName string) string {
-	v, ok := ctx.Value(DeviceNameCtxKey).(string)
-	if !ok {
-		return defaultName
-	}
-	return v
-}
-
 // GetDesktopUIUserAgent returns the Desktop ui user agent
 func GetDesktopUIUserAgent() string {
 	return "netbird-desktop-ui/" + version.NetbirdVersion()
--- a/client/system/info_android.go
+++ b/client/system/info_android.go
@@ -24,13 +24,21 @@ func GetInfo(ctx context.Context) *Info {
 	}

 	gio := &Info{Kernel: kernel, Core: osVersion(), Platform: "unknown", OS: "android", OSVersion: osVersion(), GoOS: runtime.GOOS, CPUs: runtime.NumCPU()}
-	gio.Hostname = extractDeviceName(ctx, "android")
+	gio.Hostname = extractDeviceName(ctx)
 	gio.WiretrusteeVersion = version.NetbirdVersion()
 	gio.UIVersion = extractUserAgent(ctx)

 	return gio
 }

+func extractDeviceName(ctx context.Context) string {
+	v, ok := ctx.Value(DeviceNameCtxKey).(string)
+	if !ok {
+		return "android"
+	}
+	return v
+}
+
 func uname() []string {
 	res := run("/system/bin/uname", "-a")
 	return strings.Split(res, " ")
--- a/client/system/info_darwin.go
+++ b/client/system/info_darwin.go
@@ -32,8 +32,7 @@ func GetInfo(ctx context.Context) *Info {
 		swVersion = []byte(release)
 	}
 	gio := &Info{Kernel: sysName, OSVersion: strings.TrimSpace(string(swVersion)), Core: release, Platform: machine, OS: sysName, GoOS: runtime.GOOS, CPUs: runtime.NumCPU()}
-	systemHostname, _ := os.Hostname()
-	gio.Hostname = extractDeviceName(ctx, systemHostname)
+	gio.Hostname, _ = os.Hostname()
 	gio.WiretrusteeVersion = version.NetbirdVersion()
 	gio.UIVersion = extractUserAgent(ctx)

--- a/client/system/info_freebsd.go
+++ b/client/system/info_freebsd.go
@@ -24,8 +24,7 @@ func GetInfo(ctx context.Context) *Info {
 	osStr = strings.Replace(osStr, "\r\n", "", -1)
 	osInfo := strings.Split(osStr, " ")
 	gio := &Info{Kernel: osInfo[0], Core: osInfo[1], Platform: runtime.GOARCH, OS: osInfo[2], GoOS: runtime.GOOS, CPUs: runtime.NumCPU()}
-	systemHostname, _ := os.Hostname()
-	gio.Hostname = extractDeviceName(ctx, systemHostname)
+	gio.Hostname, _ = os.Hostname()
 	gio.WiretrusteeVersion = version.NetbirdVersion()
 	gio.UIVersion = extractUserAgent(ctx)

--- a/client/system/info_linux.go
+++ b/client/system/info_linux.go
@@ -50,8 +50,7 @@ func GetInfo(ctx context.Context) *Info {
 		osName = osInfo[3]
 	}
 	gio := &Info{Kernel: osInfo[0], Core: osInfo[1], Platform: osInfo[2], OS: osName, OSVersion: osVer, GoOS: runtime.GOOS, CPUs: runtime.NumCPU()}
-	systemHostname, _ := os.Hostname()
-	gio.Hostname = extractDeviceName(ctx, systemHostname)
+	gio.Hostname, _ = os.Hostname()
 	gio.WiretrusteeVersion = version.NetbirdVersion()
 	gio.UIVersion = extractUserAgent(ctx)

--- a/client/system/info_test.go
+++ b/client/system/info_test.go
@@ -24,12 +24,3 @@ func Test_UIVersion(t *testing.T) {
 	got := GetInfo(ctx)
 	assert.Equal(t, want, got.UIVersion)
 }
-
-func Test_CustomHostname(t *testing.T) {
-	// nolint
-	ctx := context.WithValue(context.Background(), DeviceNameCtxKey, "custom-host")
-	want := "custom-host"
-
-	got := GetInfo(ctx)
-	assert.Equal(t, want, got.Hostname)
-}
--- a/client/system/info_windows.go
+++ b/client/system/info_windows.go
@@ -16,8 +16,7 @@ import (
 func GetInfo(ctx context.Context) *Info {
 	ver := getOSVersion()
 	gio := &Info{Kernel: "windows", OSVersion: ver, Core: ver, Platform: "unknown", OS: "windows", GoOS: runtime.GOOS, CPUs: runtime.NumCPU()}
-	systemHostname, _ := os.Hostname()
-	gio.Hostname = extractDeviceName(ctx, systemHostname)
+	gio.Hostname, _ = os.Hostname()
 	gio.WiretrusteeVersion = version.NetbirdVersion()
 	gio.UIVersion = extractUserAgent(ctx)

--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/netbirdio/netbird

-go 1.20
+go 1.19

 require (
 	github.com/cenkalti/backoff/v4 v4.1.3
@@ -19,15 +19,16 @@ require (
 	github.com/vishvananda/netlink v1.1.0
 	golang.org/x/crypto v0.7.0
 	golang.org/x/sys v0.6.0
-	golang.zx2c4.com/wireguard v0.0.0-20230223181233-21636207a675
+	golang.zx2c4.com/wireguard v0.0.0-20230310135217-9e2f38602202
 	golang.zx2c4.com/wireguard/wgctrl v0.0.0-20211215182854-7a385b3431de
-	golang.zx2c4.com/wireguard/windows v0.5.3
+	golang.zx2c4.com/wireguard/windows v0.5.1
 	google.golang.org/grpc v1.52.3
 	google.golang.org/protobuf v1.28.1
 	gopkg.in/natefinch/lumberjack.v2 v2.0.0
 )

 require (
+	codeberg.org/ac/base62 v0.0.0-20210305150220-e793b546833a
 	fyne.io/fyne/v2 v2.1.4
 	github.com/c-robinson/iplib v1.0.3
 	github.com/coreos/go-iptables v0.6.0
@@ -37,14 +38,12 @@ require (
 	github.com/gliderlabs/ssh v0.3.4
 	github.com/godbus/dbus/v5 v5.1.0
 	github.com/google/go-cmp v0.5.9
-	github.com/google/gopacket v1.1.19
 	github.com/google/nftables v0.0.0-20220808154552-2eca00135732
 	github.com/hashicorp/go-secure-stdlib/base62 v0.1.2
 	github.com/hashicorp/go-version v1.6.0
 	github.com/libp2p/go-netroute v0.2.0
 	github.com/magiconair/properties v1.8.5
 	github.com/mattn/go-sqlite3 v1.14.16
-	github.com/mdlayher/socket v0.4.0
 	github.com/miekg/dns v1.1.43
 	github.com/mitchellh/hashstructure/v2 v2.0.2
 	github.com/open-policy-agent/opa v0.49.0
@@ -56,7 +55,6 @@ require (
 	github.com/rs/xid v1.3.0
 	github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966
 	github.com/stretchr/testify v1.8.1
-	go.opentelemetry.io/otel v1.11.1
 	go.opentelemetry.io/otel/exporters/prometheus v0.33.0
 	go.opentelemetry.io/otel/metric v0.33.0
 	go.opentelemetry.io/otel/sdk/metric v0.33.0
@@ -68,7 +66,7 @@ require (
 )

 require (
-	github.com/BurntSushi/toml v1.2.1 // indirect
+	github.com/BurntSushi/toml v0.4.1 // indirect
 	github.com/OneOfOne/xxhash v1.2.8 // indirect
 	github.com/XiaoMi/pegasus-go-client v0.0.0-20210427083443-f3b6b08bc4c2 // indirect
 	github.com/agnivade/levenshtein v1.1.1 // indirect
@@ -95,12 +93,14 @@ require (
 	github.com/go-stack/stack v1.8.0 // indirect
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/goki/freetype v0.0.0-20181231101311-fa8a33aabaff // indirect
+	github.com/google/gopacket v1.1.19 // indirect
 	github.com/hashicorp/go-uuid v1.0.2 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
-	github.com/josharian/native v1.0.0 // indirect
+	github.com/josharian/native v0.0.0-20200817173448-b6b71def0850 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/mdlayher/genetlink v1.1.0 // indirect
-	github.com/mdlayher/netlink v1.7.1 // indirect
+	github.com/mdlayher/netlink v1.4.2 // indirect
+	github.com/mdlayher/socket v0.0.0-20211102153432-57e3fa563ecb // indirect
 	github.com/nxadm/tail v1.4.8 // indirect
 	github.com/oxtoacart/bpool v0.0.0-20190530202638-03653db5a59c // indirect
 	github.com/pegasus-kv/thrift v0.13.0 // indirect
@@ -119,18 +119,19 @@ require (
 	github.com/srwiley/oksvg v0.0.0-20200311192757-870daf9aa564 // indirect
 	github.com/srwiley/rasterx v0.0.0-20200120212402-85cb7272f5e9 // indirect
 	github.com/tchap/go-patricia/v2 v2.3.1 // indirect
-	github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74 // indirect
+	github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/yashtewari/glob-intersection v0.1.0 // indirect
 	github.com/yuin/goldmark v1.4.13 // indirect
+	go.opentelemetry.io/otel v1.11.1 // indirect
 	go.opentelemetry.io/otel/sdk v1.11.1 // indirect
 	go.opentelemetry.io/otel/trace v1.11.1 // indirect
 	golang.org/x/image v0.0.0-20200430140353-33d19683fad8 // indirect
 	golang.org/x/mod v0.8.0 // indirect
 	golang.org/x/text v0.8.0 // indirect
 	golang.org/x/tools v0.6.0 // indirect
-	golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 // indirect
+	golang.zx2c4.com/wintun v0.0.0-20211104114900-415007cec224 // indirect
 	google.golang.org/genproto v0.0.0-20221118155620-16455021b5e6 // indirect
 	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
 	gopkg.in/tomb.v2 v2.0.0-20161208151619-d5d1b5820637 // indirect
@@ -142,5 +143,3 @@ require (
 replace github.com/kardianos/service => github.com/netbirdio/service v0.0.0-20230215170314-b923b89432b0

 replace github.com/getlantern/systray => github.com/netbirdio/systray v0.0.0-20221012095658-dc8eda872c0c
-
-replace golang.zx2c4.com/wireguard => github.com/netbirdio/wireguard-go v0.0.0-20230524172305-5a498a82b33f
--- a/go.sum
+++ b/go.sum
@@ -1,4 +1,3 @@
-bazil.org/fuse v0.0.0-20200407214033-5883e5a4b512/go.mod h1:FbcW6z/2VytnFDhZfumh8Ss8zxHE6qpMP5sHTRe0EaM=
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
@@ -31,27 +30,17 @@ cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0Zeo
 cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
 cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
+codeberg.org/ac/base62 v0.0.0-20210305150220-e793b546833a h1:U6cY/g6VSiy59vuvnBU6J/eSir0qVg4BeTnCDLaX+20=
+codeberg.org/ac/base62 v0.0.0-20210305150220-e793b546833a/go.mod h1:ykEpkLT4JtH3I4Rb4gwkDsNLfgUg803qRDeIX88t3e8=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 fyne.io/fyne/v2 v2.1.4 h1:bt1+28++kAzRzPB0GM2EuSV4cnl8rXNX4cjfd8G06Rc=
 fyne.io/fyne/v2 v2.1.4/go.mod h1:p+E/Dh+wPW8JwR2DVcsZ9iXgR9ZKde80+Y+40Is54AQ=
-github.com/Azure/go-autorest/autorest v0.9.0/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI=
-github.com/Azure/go-autorest/autorest/adal v0.5.0/go.mod h1:8Z9fGy2MpX0PvDjB1pEgQTmVqjGhiHBW7RJJEciWzS0=
-github.com/Azure/go-autorest/autorest/date v0.1.0/go.mod h1:plvfp3oPSKwf2DNjlBjWF/7vwR+cUD/ELuzDCXwHUVA=
-github.com/Azure/go-autorest/autorest/mocks v0.1.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0=
-github.com/Azure/go-autorest/autorest/mocks v0.2.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0=
-github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc=
-github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbtp2fGCgRFtBroKn4Dk=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/BurntSushi/toml v0.4.1 h1:GaI7EiDXDRfa8VshkTj7Fym7ha+y8/XxIgD2okUIjLw=
 github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
-github.com/BurntSushi/toml v1.2.1 h1:9F2/+DoOYIOksmaJFPw1tGFy1eDnIJXg+UHjuD8lTak=
-github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/Kodeworks/golang-image-ico v0.0.0-20141118225523-73f0f4cfade9/go.mod h1:7uhhqiBaR4CpN0k9rMjOtjpcfGd6DG2m04zQxKnWQ0I=
-github.com/Microsoft/go-winio v0.4.16-0.20201130162521-d1ffc52c7331/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0=
-github.com/Microsoft/go-winio v0.5.1/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
-github.com/Microsoft/hcsshim v0.8.14/go.mod h1:NtVKoYxQuTLx6gEq0L96c9Ju4JbRJ4nY2ow3VK6a9Lg=
 github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
-github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/OneOfOne/xxhash v1.2.8 h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8=
 github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q=
 github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
@@ -71,12 +60,9 @@ github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk5
 github.com/allegro/bigcache/v3 v3.0.2 h1:AKZCw+5eAaVyNTBmI2fgyPVJhHkdWder3O9IrprcQfI=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
-github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig+0+Ap1h4unLjW6YQJpKZVmUzxsD4E/Q=
 github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE=
-github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
 github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
-github.com/bazelbuild/rules_go v0.30.0/go.mod h1:MC23Dc/wkXEyk3Wpq6lCqz0ZAYOZDw2DR5y3N1q2i7M=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@@ -86,60 +72,25 @@ github.com/bradfitz/gomemcache v0.0.0-20220106215444-fb4bf637b56d/go.mod h1:H0wQ
 github.com/bytecodealliance/wasmtime-go/v3 v3.0.2 h1:3uZCA/BLTIu+DqCfguByNMJa2HVHpXvjfy0Dy7g6fuA=
 github.com/c-robinson/iplib v1.0.3 h1:NG0UF0GoEsrC1/vyfX1Lx2Ss7CySWl3KqqXh3q4DdPU=
 github.com/c-robinson/iplib v1.0.3/go.mod h1:i3LuuFL1hRT5gFpBRnEydzw8R6yhGkF4szNDIbF8pgo=
-github.com/cenkalti/backoff v1.1.1-0.20190506075156-2146c9339422/go.mod h1:b6Nc7NRH5C4aCISLry0tLnTjcuTEvoiqcWDdsU0sOGM=
 github.com/cenkalti/backoff/v4 v4.1.0/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
 github.com/cenkalti/backoff/v4 v4.1.3 h1:cFAlzYUlVYDysBEH2T5hyJZMh3+5+WCBvSnK6Q8UtC4=
 github.com/cenkalti/backoff/v4 v4.1.3/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=
-github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE=
 github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
-github.com/cilium/ebpf v0.0.0-20200110133405-4032b1d8aae3/go.mod h1:MA5e5Lr8slmEg9bt0VpxxWqJlO4iwu3FBdHUzV7wQVg=
-github.com/cilium/ebpf v0.4.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs=
 github.com/cilium/ebpf v0.5.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs=
 github.com/cilium/ebpf v0.7.0/go.mod h1:/oI2+1shJiTGAMgl6/RgJr36Eo1jzrRcAWbcXO2usCA=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
-github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
-github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI=
-github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/containerd/cgroups v0.0.0-20200531161412-0dbf7f05ba59/go.mod h1:pA0z1pT8KYB3TCXK/ocprsh7MAkoW8bZVzPdih9snmM=
-github.com/containerd/cgroups v1.0.1/go.mod h1:0SJrPIenamHDcZhEcJMNBB85rHcUsw4f25ZfBiPYRkU=
-github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw=
-github.com/containerd/console v1.0.1/go.mod h1:XUsP6YE/mKtz6bxc+I8UiKKTP04qjQL4qcS3XoQ5xkw=
-github.com/containerd/containerd v1.3.2/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.4.12/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
-github.com/containerd/continuity v0.2.1/go.mod h1:wCYX+dRqZdImhGucXOqTQn05AhX6EUDaGEMUzTFFpLg=
-github.com/containerd/fifo v0.0.0-20190226154929-a9fb20d87448/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI=
-github.com/containerd/fifo v1.0.0/go.mod h1:ocF/ME1SX5b1AOlWi9r677YJmCPSwwWnQ9O123vzpE4=
-github.com/containerd/go-runc v0.0.0-20180907222934-5a6d9f37cfa3/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0=
-github.com/containerd/go-runc v1.0.0/go.mod h1:cNU0ZbCgCQVZK4lgG3P+9tn9/PaJNmoDXPpoJhDR+Ok=
-github.com/containerd/ttrpc v0.0.0-20190828154514-0e0f228740de/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o=
-github.com/containerd/ttrpc v1.0.2/go.mod h1:UAxOpgT9ziI0gJrmKvgcZivgxOp8iFPSk8httJEt98Y=
-github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd/go.mod h1:Cm3kwCdlkCfMSHURc+r6fwoGH6/F1hH3S4sg0rLFWPc=
-github.com/containerd/typeurl v1.0.2/go.mod h1:9trJWW2sRlGub4wZJRTW83VtbOLS6hwcDZXTn6oPz9s=
 github.com/coocood/freecache v1.2.1 h1:/v1CqMq45NFH9mp/Pt142reundeBM0dVUD3osQBeu/U=
-github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
-github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
 github.com/coreos/go-iptables v0.6.0 h1:is9qnZMPYjLd8LYqmm/qlE+wwEgJIkTYdhV3rfZo4jk=
 github.com/coreos/go-iptables v0.6.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q=
-github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
-github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/go-systemd/v22 v22.0.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk=
-github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk=
-github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
-github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
-github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
@@ -150,17 +101,13 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/dgraph-io/badger/v3 v3.2103.5 h1:ylPa6qzbjYRQMU6jokoj4wzcaweHylt//CH0AKt0akg=
 github.com/dgraph-io/ristretto v0.1.1 h1:6CWw5tJNgpegArSHpNHJKldNeq03FQCwYvfMVWajOK8=
-github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
-github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
 github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48 h1:fRzb/w+pyskVMQ+UbP35JkH8yB7MYb4q/qhBarqZE6g=
 github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48/go.mod h1:if7Fbed8SFyPtHLHbg49SI7NAdJiC5WIA09pe59rfAA=
-github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
 github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM=
 github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
 github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo=
-github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
 github.com/eko/gocache/v3 v3.1.1 h1:r3CBwLnqPkcK56h9Do2CWw1kZ4TeKK0wDE1Oo/YZnhs=
 github.com/eko/gocache/v3 v3.1.1/go.mod h1:UpP/LyHAioP/a/dizgl0MpgZ3A3CkS4NbG/mWkGTQ9M=
 github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
@@ -169,9 +116,6 @@ github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
-github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
@@ -247,15 +191,11 @@ github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/me
 github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
-github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk=
 github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
-github.com/gofrs/flock v0.8.0/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
-github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
 github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
-github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/goki/freetype v0.0.0-20181231101311-fa8a33aabaff h1:W71vTCKoxtdXgnm1ECDFkfQnpdqAO00zzGXLA5yaEX8=
@@ -265,7 +205,6 @@ github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzq
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/glog v1.0.0 h1:nfP3RFugxnNRyKgeWd4oI1nYvXpxrx8ck8ZrcizshdQ=
 github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -299,8 +238,6 @@ github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiu
 github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4=
-github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA=
 github.com/google/flatbuffers v1.12.1 h1:MVlul7pQNoDzWRLTw5imwYsl+usrS1TXG2H4jg6ImGw=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
@@ -310,7 +247,6 @@ github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
@@ -334,7 +270,6 @@ github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hf
 github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
-github.com/google/subcommands v1.0.2-0.20190508160503-636abe8753b8/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
@@ -342,22 +277,12 @@ github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY=
-github.com/googleapis/gnostic v0.4.0/go.mod h1:on+2t9HRStVgn95RSsFWFz+6Q0Snyqv1awfrALZdbtU=
 github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU=
 github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA=
-github.com/gophercloud/gophercloud v0.1.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8=
 github.com/gopherjs/gopherjs v0.0.0-20220410123724-9e86199038b0 h1:fWY+zXdWhvWndXqnMj4SyC/vi8sK508OjhGCtMzsA9M=
 github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
 github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
-github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
-github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
-github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
-github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
-github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
-github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
-github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA=
 github.com/hashicorp/go-secure-stdlib/base62 v0.1.2 h1:ET4pqyjiGmY09R5y+rSd70J2w45CtbWDNvGqWp/R3Ng=
 github.com/hashicorp/go-secure-stdlib/base62 v0.1.2/go.mod h1:EdWO6czbmthiwZ3/PUsDV+UD1D5IRU4ActiaWGwt0Yw=
 github.com/hashicorp/go-uuid v1.0.2 h1:cfejS+Tpcp13yd5nYHWDI6qVCny6wyX2Mt5SGur2IGE=
@@ -366,21 +291,16 @@ github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mO
 github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
-github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
 github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/jackmordaunt/icns v0.0.0-20181231085925-4f16af745526/go.mod h1:UQkeMHVoNcyXYq9otUupF7/h/2tmHlhrS2zw7ZVvUqc=
-github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
 github.com/josephspurrier/goversioninfo v0.0.0-20200309025242-14b0ab84c6ca/go.mod h1:eJTEwMjXb7kZ633hO3Ln9mBUCOjX2+FlTljvpl9SYdE=
+github.com/josharian/native v0.0.0-20200817173448-b6b71def0850 h1:uhL5Gw7BINiiPAo24A2sxkcDI0Jt/sqp1v5xQCniEFA=
 github.com/josharian/native v0.0.0-20200817173448-b6b71def0850/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w=
-github.com/josharian/native v1.0.0 h1:Ts/E8zCSEsG17dUqv7joXJFybuMLjQfWE04tsBODTxk=
-github.com/josharian/native v1.0.0/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w=
 github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
 github.com/jsimonetti/rtnetlink v0.0.0-20190606172950-9527aa82566a/go.mod h1:Oz+70psSo5OFh8DBl0Zv2ACw7Esh6pPUphlvZG9x7uw=
 github.com/jsimonetti/rtnetlink v0.0.0-20200117123717-f846d4f6c1f4/go.mod h1:WGuG/smIU4J/54PblvSbh+xvCZmpJnFgr3ds6Z55XMQ=
@@ -390,6 +310,7 @@ github.com/jsimonetti/rtnetlink v0.0.0-20201220180245-69540ac93943/go.mod h1:z4c
 github.com/jsimonetti/rtnetlink v0.0.0-20210122163228-8d122574c736/go.mod h1:ZXpIyOK59ZnN7J0BV99cZUPmsqDRZ3eq5X+st7u/oSA=
 github.com/jsimonetti/rtnetlink v0.0.0-20210212075122-66c871082f2b/go.mod h1:8w9Rh8m+aHZIG69YPGGem1i5VzoyRC8nw2kA8B+ik5U=
 github.com/jsimonetti/rtnetlink v0.0.0-20210525051524-4cc836578190/go.mod h1:NmKSdU4VGSiv1bMsdqNALI4RSvvjtz65tTMCnD05qLo=
+github.com/jsimonetti/rtnetlink v0.0.0-20211022192332-93da33804786 h1:N527AHMa793TP5z5GNAn/VLPzlc0ewzWdeP/25gDfgQ=
 github.com/jsimonetti/rtnetlink v0.0.0-20211022192332-93da33804786/go.mod h1:v4hqbTdfQngbVSZJVWUhGE/lbTFf9jb+ygmNUDQMuOs=
 github.com/json-iterator/go v0.0.0-20180612202835-f2b4162afba3/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
@@ -403,13 +324,11 @@ github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/X
 github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
 github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
-github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
 github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.13.6 h1:P76CopJELS0TiO2mebmnzgWaajssP/EszplttgQxcgc=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
@@ -417,7 +336,6 @@ github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfn
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/pty v1.1.4-0.20190131011033-7dc38fb350b1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
@@ -425,13 +343,11 @@ github.com/leodido/go-urn v1.1.0/go.mod h1:+cyI34gQWZcE1eQU7NVgKkkzdXDQHr1dBMtdA
 github.com/libp2p/go-netroute v0.2.0 h1:0FpsbsvuSnAhXFnCY0VLFbJOzaK0VnP0r1QT/o4nWRE=
 github.com/libp2p/go-netroute v0.2.0/go.mod h1:Vio7LTzZ+6hoT4CMZi5/6CpY3Snzh2vgZhWgxMNwlQI=
 github.com/lucor/goinfo v0.0.0-20210802170112-c078a2b0f08b/go.mod h1:PRq09yoB+Q2OJReAmwzKivcYyremnibWGbK7WfftHzc=
-github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
 github.com/magiconair/properties v1.8.5 h1:b6kJs+EmPFMYGkow9GiUyCyOvIwYetYJ3fSaWak/Gls=
 github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
 github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mattbaird/jsonpatch v0.0.0-20171005235357-81af80346b1a/go.mod h1:M1qoD/MqPgTZIk0EWKB38wE28ACRfVcn+cU08jyArI0=
 github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ=
 github.com/mattn/go-sqlite3 v1.14.16 h1:yOQRA0RpS5PFz/oikGwBEqvAWhWg5ufRz4ETLjwpU1Y=
 github.com/mattn/go-sqlite3 v1.14.16/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
@@ -439,6 +355,7 @@ github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5
 github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
 github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
 github.com/mdlayher/ethtool v0.0.0-20210210192532-2b88debcdd43/go.mod h1:+t7E0lkKfbBsebllff1xdTmyJt8lH37niI6kwFk9OTo=
+github.com/mdlayher/ethtool v0.0.0-20211028163843-288d040e9d60 h1:tHdB+hQRHU10CfcK0furo6rSNgZ38JT8uPh70c/pFD8=
 github.com/mdlayher/ethtool v0.0.0-20211028163843-288d040e9d60/go.mod h1:aYbhishWc4Ai3I2U4Gaa2n3kHWSwzme6EsG/46HRQbE=
 github.com/mdlayher/genetlink v1.0.0/go.mod h1:0rJ0h4itni50A86M2kHcgS85ttZazNt7a8H2a2cw0Gc=
 github.com/mdlayher/genetlink v1.1.0 h1:k2YQT3959rJOF7gOvhdfQ0lut7QMIZiuVlJANheoZ+E=
@@ -453,19 +370,16 @@ github.com/mdlayher/netlink v1.2.2-0.20210123213345-5cc92139ae3e/go.mod h1:bacnN
 github.com/mdlayher/netlink v1.3.0/go.mod h1:xK/BssKuwcRXHrtN04UBkwQ6dY9VviGGuriDdoPSWys=
 github.com/mdlayher/netlink v1.4.0/go.mod h1:dRJi5IABcZpBD2A3D0Mv/AiX8I9uDEu5oGkAVrekmf8=
 github.com/mdlayher/netlink v1.4.1/go.mod h1:e4/KuJ+s8UhfUpO9z00/fDZZmhSrs+oxyqAS9cNgn6Q=
+github.com/mdlayher/netlink v1.4.2 h1:3sbnJWe/LETovA7yRZIX3f9McVOWV3OySH6iIBxiFfI=
 github.com/mdlayher/netlink v1.4.2/go.mod h1:13VaingaArGUTUxFLf/iEovKxXji32JAtF858jZYEug=
-github.com/mdlayher/netlink v1.7.1 h1:FdUaT/e33HjEXagwELR8R3/KL1Fq5x3G5jgHLp/BTmg=
-github.com/mdlayher/netlink v1.7.1/go.mod h1:nKO5CSjE/DJjVhk/TNp6vCE1ktVxEA8VEh8drhZzxsQ=
 github.com/mdlayher/socket v0.0.0-20210307095302-262dc9984e00/go.mod h1:GAFlyu4/XV68LkQKYzKhIo/WW7j3Zi0YRAz/BOoanUc=
 github.com/mdlayher/socket v0.0.0-20211007213009-516dcbdf0267/go.mod h1:nFZ1EtZYK8Gi/k6QNu7z7CgO20i/4ExeQswwWuPmG/g=
+github.com/mdlayher/socket v0.0.0-20211102153432-57e3fa563ecb h1:2dC7L10LmTqlyMVzFJ00qM25lqESg9Z4u3GuEXN5iHY=
 github.com/mdlayher/socket v0.0.0-20211102153432-57e3fa563ecb/go.mod h1:nFZ1EtZYK8Gi/k6QNu7z7CgO20i/4ExeQswwWuPmG/g=
-github.com/mdlayher/socket v0.4.0 h1:280wsy40IC9M9q1uPGcLBwXpcTQDtoGwVt+BNoITxIw=
-github.com/mdlayher/socket v0.4.0/go.mod h1:xxFqz5GRCUN3UEOm9CZqEJsAbe1C8OwSK46NlmWuVoc=
 github.com/miekg/dns v1.1.43 h1:JKfpVSCB84vrAmHzyrsxB5NAr5kLoMXZArPSw7Qlgyg=
 github.com/miekg/dns v1.1.43/go.mod h1:+evo5L0630/F6ca/Z9+GAqzhjGyn8/c+TBaOyfEl0V4=
 github.com/mikioh/ipaddr v0.0.0-20190404000644-d465c8ab6721 h1:RlZweED6sbSArvlE924+mUcZuXKLBHA35U7LN621Bws=
 github.com/mikioh/ipaddr v0.0.0-20190404000644-d465c8ab6721/go.mod h1:Ickgr2WtCLZ2MDGd4Gr0geeCH5HybhRJbonOgQpvSxc=
-github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
 github.com/mitchellh/hashstructure/v2 v2.0.2 h1:vGKWl0YJqUNxE8d+h8f6NJLcCJrgbhC4NcD46KavDd4=
 github.com/mitchellh/hashstructure/v2 v2.0.2/go.mod h1:MG3aRVU/N29oo/V/IhBX8GR/zz4kQkprJgF2EVszyDE=
 github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
@@ -476,7 +390,6 @@ github.com/modern-go/reflect2 v0.0.0-20180320133207-05fbef0ca5da/go.mod h1:bx2lN
 github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
-github.com/mohae/deepcopy v0.0.0-20170308212314-bb9b5e7adda9/go.mod h1:TaXosZuwdSHYgviHp1DAtfrULt5eUgsSMsZf+YrPgl8=
 github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
@@ -485,17 +398,13 @@ github.com/netbirdio/service v0.0.0-20230215170314-b923b89432b0 h1:hirFRfx3grVA/
 github.com/netbirdio/service v0.0.0-20230215170314-b923b89432b0/go.mod h1:CIMRFEJVL+0DS1a3Nx06NaMn4Dz63Ng6O7dl0qH0zVM=
 github.com/netbirdio/systray v0.0.0-20221012095658-dc8eda872c0c h1:wK/s4nyZj/GF/kFJQjX6nqNfE0G3gcqd6hhnPCyp4sw=
 github.com/netbirdio/systray v0.0.0-20221012095658-dc8eda872c0c/go.mod h1:AecygODWIsBquJCJFop8MEQcJbWFfw/1yWbVabNgpCM=
-github.com/netbirdio/wireguard-go v0.0.0-20230524172305-5a498a82b33f h1:WQXGYCKPkNs1KusFTLieV73UVTNfZVyez4CFRvlOruM=
-github.com/netbirdio/wireguard-go v0.0.0-20230524172305-5a498a82b33f/go.mod h1:tqur9LnfstdR9ep2LaJT4lFUl0EjlHtge+gAjmsHUG4=
 github.com/nfnt/resize v0.0.0-20180221191011-83c6a9932646/go.mod h1:jpp1/29i3P1S/RLdc7JQKbRpFeM1dOBd8T9ki5s+AY8=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
 github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
 github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
-github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
 github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
 github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY=
@@ -505,7 +414,6 @@ github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042
 github.com/onsi/ginkgo/v2 v2.0.0 h1:CcuG/HvWNkkaqCUpJifQY8z7qEMBJya6aLPx6ftGyjQ=
 github.com/onsi/ginkgo/v2 v2.0.0/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c=
 github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
-github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
@@ -514,19 +422,12 @@ github.com/onsi/gomega v1.18.1 h1:M1GfJqGRrBrrGGsbxzV5dqM2U2ApXefZCQpkukxYRLE=
 github.com/onsi/gomega v1.18.1/go.mod h1:0q+aL8jAiMXy9hbwj2mr5GziHiwhAIQpFmmtT5hitRs=
 github.com/open-policy-agent/opa v0.49.0 h1:TIlpCT1B5FSm8Dqo/a4t23gKmHkQysC3+7W77F99P4k=
 github.com/open-policy-agent/opa v0.49.0/go.mod h1:WTLWtu498/QNTDkiHx76Xj7jaJUPvLJAPtdMkCcst0w=
-github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
-github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
-github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
-github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.0.3-0.20211123151946-c2389c3cb60a/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/oxtoacart/bpool v0.0.0-20190530202638-03653db5a59c h1:rp5dCmg/yLR3mgFuSOe4oEnDDmGLROTvMragMUXpTQw=
 github.com/oxtoacart/bpool v0.0.0-20190530202638-03653db5a59c/go.mod h1:X07ZCGwUbLaax7L0S3Tw4hpejzu63ZrrQiUe6W0hcy0=
 github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
 github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
 github.com/pegasus-kv/thrift v0.13.0 h1:4ESwaNoHImfbHa9RUGJiJZ4hrxorihZHk5aarYwY8d4=
 github.com/pegasus-kv/thrift v0.13.0/go.mod h1:Gl9NT/WHG6ABm6NsrbfE8LiJN0sAyneCrvB4qN4NPqQ=
-github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
-github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
 github.com/pion/dtls/v2 v2.2.6 h1:yXMxKr0Skd+Ub6A8UqXTRLSywskx93ooMRHsQUtd+Z4=
 github.com/pion/dtls/v2 v2.2.6/go.mod h1:t8fWJCIquY5rlQZwA2yWxUS1+OCrAdXrhVKXB5oD/wY=
 github.com/pion/ice/v2 v2.3.1 h1:FQCmUfZe2Jpe7LYStVBOP6z1DiSzbIateih3TztgTjc=
@@ -555,7 +456,6 @@ github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
-github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
 github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
 github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
@@ -568,29 +468,21 @@ github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:
 github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4=
 github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w=
-github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
-github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
 github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
 github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
 github.com/prometheus/common v0.37.0 h1:ccBbHCgIiT9uSoFY0vX8H3zsNR5eLt17/RQLUvn8pXE=
 github.com/prometheus/common v0.37.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA=
-github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
-github.com/prometheus/procfs v0.0.0-20190522114515-bc1a522cf7b1/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
 github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
 github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
 github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo=
 github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4=
-github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
 github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0 h1:MkV+77GLUNo5oJ0jf870itWm3D0Sjh7+Za9gazKc5LQ=
 github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
-github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
-github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8=
 github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
@@ -602,33 +494,24 @@ github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQD
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
-github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
-github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
-github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
 github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 h1:JIAuq3EEf9cgbU6AtGPK4CTG3Zf6CKMNqf0MHTggAUA=
 github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966/go.mod h1:sUM3LWHvSMaG192sy56D9F7CNvL7jUJVXoqM1QKLnog=
 github.com/smartystreets/assertions v1.13.0 h1:Dx1kYM01xsSqKPno3aqLnrwac2LetPvN23diwyr69Qs=
 github.com/smartystreets/goconvey v1.7.2 h1:9RBaZCeXEQ3UselpuwUQHltGVXvdwm6cv1hgR6gDIPg=
-github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
-github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
 github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
 github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
-github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w=
 github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU=
-github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=
 github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA=
 github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY=
-github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
 github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE=
 github.com/srwiley/oksvg v0.0.0-20200311192757-870daf9aa564 h1:HunZiaEKNGVdhTRQOVpMmj5MQnGnv+e8uZNu3xFLgyM=
 github.com/srwiley/oksvg v0.0.0-20200311192757-870daf9aa564/go.mod h1:afMbS0qvv1m5tfENCwnOdZGOF8RGR/FsZ7bvBxQGZG4=
 github.com/srwiley/rasterx v0.0.0-20200120212402-85cb7272f5e9 h1:m59mIOBO4kfcNCEzJNy71UkeF4XIx2EVmL9KLwDQdmM=
@@ -643,34 +526,24 @@ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXf
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
-github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
 github.com/tchap/go-patricia/v2 v2.3.1 h1:6rQp39lgIYZ+MHmdEq4xzuk1t7OdC35z/xm0BGhTkes=
 github.com/tchap/go-patricia/v2 v2.3.1/go.mod h1:VZRHKAb53DLaG+nA9EaYYiaEx6YztwDlLElMsnSHD4k=
-github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
-github.com/tv42/httpunix v0.0.0-20191220191345-2ba4b9c3382c/go.mod h1:hzIxponao9Kjc7aWznkXaL4U4TWaDSs8zcsY4Ka08nM=
-github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
 github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw=
 github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY=
-github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
 github.com/urfave/cli/v2 v2.3.0/go.mod h1:LJmUH05zAU44vOAcrfzZQKsZbVcdbOG8rtL3/XcUArI=
-github.com/vishvananda/netlink v1.0.1-0.20190930145447-2ec5bdc52b86/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk=
 github.com/vishvananda/netlink v1.1.0 h1:1iyaYNBLmP6L0220aDnYQpo1QEV4t4hJ+xEEhhJH8j0=
 github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE=
+github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7ZovXvuNyL3XQl8UFofeikI1NW1Gypu7k=
 github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU=
-github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74 h1:gga7acRE695APm9hlsSMoOoE65U4/TcqNj90mc69Rlg=
-github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
 github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo=
 github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
 github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=
 github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
-github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
-github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
 github.com/yashtewari/glob-intersection v0.1.0 h1:6gJvMYQlTDOL3dMsPF6J0+26vwX9MB8/1q3uAdhmTrg=
 github.com/yashtewari/glob-intersection v0.1.0/go.mod h1:LK7pIC3piUjovexikBbJ26Yml7g8xa5bsjfx2v1fwok=
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
@@ -683,14 +556,12 @@ github.com/yuin/goldmark v1.4.0/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1
 github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 github.com/yuin/goldmark v1.4.13 h1:fVcFKWvrslecOb/tg+Cc05dkeYx540o0FuFt3nUVDoE=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
-go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.23.0 h1:gqCw0LfLxScz8irSi8exQc7fyQ0fKQU/qnC/X8+V/1M=
-go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
 go.opentelemetry.io/otel v1.11.1 h1:4WLLAmcfkmDk2ukNXJyq3/kiz/3UzCaYq6PskJsaou4=
 go.opentelemetry.io/otel v1.11.1/go.mod h1:1nNhXBbWSD0nsL38H6btgnFN2k4i0sNLHNNMZMSbUGE=
 go.opentelemetry.io/otel/exporters/prometheus v0.33.0 h1:xXhPj7SLKWU5/Zd4Hxmd+X1C4jdmvc0Xy+kvjFx2z60=
@@ -703,23 +574,17 @@ go.opentelemetry.io/otel/sdk/metric v0.33.0 h1:oTqyWfksgKoJmbrs2q7O7ahkJzt+Ipeki
 go.opentelemetry.io/otel/sdk/metric v0.33.0/go.mod h1:xdypMeA21JBOvjjzDUtD0kzIcHO/SPez+a8HOzJPGp0=
 go.opentelemetry.io/otel/trace v1.11.1 h1:ofxdnzsNrGBYXbP7t7zpUK281+go5rF7dvdIZXF8gdQ=
 go.opentelemetry.io/otel/trace v1.11.1/go.mod h1:f/Q9G7vzk5u91PhbmKbg1Qn0rzH1LJ4vbPHFGkTPtOk=
-go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
-go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
-go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
-go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20190211182817-74369b46fc67/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211202192323-5770296d904e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU=
-golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
 golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -748,7 +613,6 @@ golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHl
 golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
 golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
 golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
 golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
@@ -759,7 +623,6 @@ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
-golang.org/x/mod v0.6.0-dev/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
@@ -768,14 +631,12 @@ golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73r
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
@@ -815,6 +676,7 @@ golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20210928044308-7d9f5e0b762b/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211020060615-d418f374d309/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20211111083644-e5c967477495/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211201190559-0a0e4e1bb54c/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211208012354-db4efeb81f4b/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
@@ -824,7 +686,6 @@ golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
 golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
-golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
@@ -834,7 +695,6 @@ golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4Iltr
 golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20211005180243-6b3c2da341f1/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -854,9 +714,7 @@ golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5h
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190209173611-3b5209105503/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190411185658-b44545bcd369/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -876,19 +734,14 @@ golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191010194322-b09406accb47/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191210023423-ac6580df4449/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200120151820-655fe14d7479/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -901,13 +754,11 @@ golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200916030750-2334cc1a136f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201009025420-dfb3f7c4e634/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201015000850-e3ed0017c211/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201118182958-a01c418693c7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201218084310-7d0127a74742/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210110051926-789bb1bd4061/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -933,6 +784,7 @@ golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211103235746-7861aae1554b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211110154304-99a53858aa08/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211205182925-97ca703d548d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211214234402-4825e8c3871d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -946,7 +798,6 @@ golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.5.1-0.20230222185716-a3b23cc77e89/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
@@ -973,8 +824,6 @@ golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac h1:7zkz7BUtwNFFqcowJ+RIgu2MaV/MapERkDIy+mwPyjs=
-golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -1025,7 +874,6 @@ golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
 golang.org/x/tools v0.1.8/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU=
-golang.org/x/tools v0.1.9/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
@@ -1033,12 +881,18 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 h1:B82qJJgjvYKsXS9jeunTOisW56dUokqW/FOteYJJ/yg=
-golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2/go.mod h1:deeaetjYA+DHMHg+sMSMI58GrEteJUUzzw7en6TJQcI=
+golang.zx2c4.com/go118/netip v0.0.0-20211111135330-a4a02eeacf9d/go.mod h1:5yyfuiqVIJ7t+3MqrpTQ+QqRkMWiESiyDvPNvKYCecg=
+golang.zx2c4.com/wintun v0.0.0-20211104114900-415007cec224 h1:Ug9qvr1myri/zFN6xL17LSCBGFDnphBBhzmILHsM5TY=
+golang.zx2c4.com/wintun v0.0.0-20211104114900-415007cec224/go.mod h1:deeaetjYA+DHMHg+sMSMI58GrEteJUUzzw7en6TJQcI=
+golang.zx2c4.com/wireguard v0.0.0-20211129173154-2dd424e2d808/go.mod h1:TjUWrnD5ATh7bFvmm/ALEJZQ4ivKbETb6pmyj1vUoNI=
+golang.zx2c4.com/wireguard v0.0.0-20230223181233-21636207a675 h1:/J/RVnr7ng4fWPRH3xa4WtBJ1Jp+Auu4YNLmGiPv5QU=
+golang.zx2c4.com/wireguard v0.0.0-20230223181233-21636207a675/go.mod h1:whfbyDBt09xhCYQWtO2+3UVjlaq6/9hDZrjg2ZE6SyA=
+golang.zx2c4.com/wireguard v0.0.0-20230310135217-9e2f38602202 h1:KcD4X7IcoRdQpr9NSQpQpn5S4rUMIQaCdF90FOEj6KY=
+golang.zx2c4.com/wireguard v0.0.0-20230310135217-9e2f38602202/go.mod h1:qc3aHNhM1Rc4hW2az896MjLVcxHvLbJ6LZc9MI7RTMY=
 golang.zx2c4.com/wireguard/wgctrl v0.0.0-20211215182854-7a385b3431de h1:qDZ+lyO5jC9RNJ7ANJA0GWXk3pSn0Fu5SlcAIlgw+6w=
 golang.zx2c4.com/wireguard/wgctrl v0.0.0-20211215182854-7a385b3431de/go.mod h1:Q2XNgour4QSkFj0BWCkVlW0HWJwQgNMsMahpSlI0Eno=
-golang.zx2c4.com/wireguard/windows v0.5.3 h1:On6j2Rpn3OEMXqBq00QEDC7bWSZrPIHKIus8eIuExIE=
-golang.zx2c4.com/wireguard/windows v0.5.3/go.mod h1:9TEe8TJmtwyQebdFwAkEWOPr3prrtqm+REGFifP60hI=
+golang.zx2c4.com/wireguard/windows v0.5.1 h1:OnYw96PF+CsIMrqWo5QP3Q59q5hY1rFErk/yN3cS+JQ=
+golang.zx2c4.com/wireguard/windows v0.5.1/go.mod h1:EApyTk/ZNrkbZjurHL1nleDYnsPpJYBO7LZEBCyDAHk=
 google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
 google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
 google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
@@ -1061,7 +915,6 @@ google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7
 google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
 google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
@@ -1075,7 +928,6 @@ google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvx
 google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
 google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
 google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200117163144-32f20d992d24/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
 google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
 google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA=
 google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
@@ -1086,7 +938,6 @@ google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfG
 google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
 google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
@@ -1094,15 +945,12 @@ google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6D
 google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210722135532-667f2b7c528f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48=
 google.golang.org/genproto v0.0.0-20221118155620-16455021b5e6 h1:a2S6M0+660BgMNl++4JPlcAO/CjkqYItDEZwkoDQK7c=
 google.golang.org/genproto v0.0.0-20221118155620-16455021b5e6/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
-google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
-google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
 google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
@@ -1111,11 +959,6 @@ google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKa
 google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
 google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
 google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
-google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
-google.golang.org/grpc v1.51.0-dev/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI=
 google.golang.org/grpc v1.52.3 h1:pf7sOysg4LdgBqduXveGKrcEwbStiK2rtfghdzlUYDQ=
 google.golang.org/grpc v1.52.3/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
@@ -1146,12 +989,10 @@ gopkg.in/go-playground/validator.v9 v9.29.1/go.mod h1:+c9/zcJMFNgbLvly1L1V+PpxWd
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/natefinch/lumberjack.v2 v2.0.0 h1:1Lc07Kr7qY4U2YPouBjpCLxpiyxIVoxqXgkXLknAOE8=
 gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
-gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
 gopkg.in/tomb.v2 v2.0.0-20161208151619-d5d1b5820637 h1:yiW+nvdHb9LVqSHQBXfZCieqV4fzYhNBql77zY0ykqs=
 gopkg.in/tomb.v2 v2.0.0-20161208151619-d5d1b5820637/go.mod h1:BHsqpu/nsuzkT5BpiH1EMZPLyqSMM8JbIavyFACoFNk=
-gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
@@ -1166,10 +1007,6 @@ gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
-gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g=
-gvisor.dev/gvisor v0.0.0-20221203005347-703fd9b7fbc0 h1:Wobr37noukisGxpKo5jAsLREcpj61RxrWYzD8uwveOY=
-gvisor.dev/gvisor v0.0.0-20221203005347-703fd9b7fbc0/go.mod h1:Dn5idtptoW1dIos9U6A2rpebLs/MtTwFacjKb8jLdQA=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@@ -1180,25 +1017,18 @@ honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9
 honnef.co/go/tools v0.2.1/go.mod h1:lPVVZ2BS5TfnjLyizF7o7hv7j9/L+8cZY2hLyjP9cGY=
 honnef.co/go/tools v0.2.2 h1:MNh1AVMyVX23VUHE2O27jm6lNj3vjO5DexS4A1xvnzk=
 honnef.co/go/tools v0.2.2/go.mod h1:lPVVZ2BS5TfnjLyizF7o7hv7j9/L+8cZY2hLyjP9cGY=
-k8s.io/api v0.16.13/go.mod h1:QWu8UWSTiuQZMMeYjwLs6ILu5O74qKSJ0c+4vrchDxs=
 k8s.io/apimachinery v0.0.0-20191123233150-4c4803ed55e3/go.mod h1:b9qmWdKlLuU9EBh+06BtLcSf/Mu89rWL33naRxs1uZg=
-k8s.io/apimachinery v0.16.13/go.mod h1:4HMHS3mDHtVttspuuhrJ1GGr/0S9B6iWYWZ57KnnZqQ=
-k8s.io/apimachinery v0.16.14-rc.0/go.mod h1:4HMHS3mDHtVttspuuhrJ1GGr/0S9B6iWYWZ57KnnZqQ=
 k8s.io/apimachinery v0.23.5 h1:Va7dwhp8wgkUPWsEXk6XglXWU4IKYLKNlv8VkX7SDM0=
 k8s.io/apimachinery v0.23.5/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM=
-k8s.io/client-go v0.16.13/go.mod h1:UKvVT4cajC2iN7DCjLgT0KVY/cbY6DGdUCyRiIfws5M=
 k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
 k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
 k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
-k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
 k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I=
 k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
 k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
 k8s.io/klog/v2 v2.30.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a/go.mod h1:1TqjTSzOxsLGIKfj0lK8EeCP7K1iUG65v09OM0/WG5E=
-k8s.io/kube-openapi v0.0.0-20200410163147-594e756bea31/go.mod h1:1TqjTSzOxsLGIKfj0lK8EeCP7K1iUG65v09OM0/WG5E=
 k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65/go.mod h1:sX9MT8g7NVZM5lVL/j8QyCCJe8YSMW30QvGZWaCIDIk=
-k8s.io/utils v0.0.0-20190801114015-581e00157fb1/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew=
 k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 k8s.io/utils v0.0.0-20211116205334-6203023598ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
--- a/iface/bind/bind.go
+++ b/iface/bind/bind.go
@@ -1,51 +1,297 @@
 package bind

 import (
+	"context"
+	"errors"
 	"fmt"
 	"net"
-	"runtime"
+	"net/netip"
+	"strconv"
 	"sync"
+	"syscall"

 	"github.com/pion/stun"
 	"github.com/pion/transport/v2"
 	log "github.com/sirupsen/logrus"
 	"golang.org/x/net/ipv4"
+	"golang.org/x/net/ipv6"
 	wgConn "golang.zx2c4.com/wireguard/conn"
 )

-type receiverCreator struct {
-	iceBind *ICEBind
-}
-
-func (rc receiverCreator) CreateIPv4ReceiverFn(msgPool *sync.Pool, pc *ipv4.PacketConn, conn *net.UDPConn) wgConn.ReceiveFunc {
-	return rc.iceBind.createIPv4ReceiverFn(msgPool, pc, conn)
-}
+var (
+	_ wgConn.Bind = (*ICEBind)(nil)
+)

+// ICEBind implements Bind for all platforms except Windows.
 type ICEBind struct {
-	*wgConn.StdNetBind
-
-	muUDPMux sync.Mutex
+	mu           sync.Mutex // protects following fields
+	ipv4         *net.UDPConn
+	ipv6         *net.UDPConn
+	blackhole4   bool
+	blackhole6   bool
+	ipv4PC       *ipv4.PacketConn
+	ipv6PC       *ipv6.PacketConn
+	batchSize    int
+	udpAddrPool  sync.Pool
+	ipv4MsgsPool sync.Pool
+	ipv6MsgsPool sync.Pool

+	// NetBird related variables
 	transportNet transport.Net
 	udpMux       *UniversalUDPMuxDefault
+	worker       *worker
 }

 func NewICEBind(transportNet transport.Net) *ICEBind {
-	ib := &ICEBind{
+	b := &ICEBind{
+		batchSize: wgConn.DefaultBatchSize,
+
+		udpAddrPool: sync.Pool{
+			New: func() any {
+				return &net.UDPAddr{
+					IP: make([]byte, 16),
+				}
+			},
+		},
+
+		ipv4MsgsPool: sync.Pool{
+			New: func() any {
+				msgs := make([]ipv4.Message, wgConn.DefaultBatchSize)
+				for i := range msgs {
+					msgs[i].Buffers = make(net.Buffers, 1)
+					msgs[i].OOB = make([]byte, srcControlSize)
+				}
+				return &msgs
+			},
+		},
+
+		ipv6MsgsPool: sync.Pool{
+			New: func() any {
+				msgs := make([]ipv6.Message, wgConn.DefaultBatchSize)
+				for i := range msgs {
+					msgs[i].Buffers = make(net.Buffers, 1)
+					msgs[i].OOB = make([]byte, srcControlSize)
+				}
+				return &msgs
+			},
+		},
 		transportNet: transportNet,
 	}
+	b.worker = newWorker(b.handlePkgs)
+	return b
+}

-	rc := receiverCreator{
-		ib,
+type StdNetEndpoint struct {
+	// AddrPort is the endpoint destination.
+	netip.AddrPort
+	// src is the current sticky source address and interface index, if supported.
+	src struct {
+		netip.Addr
+		ifidx int32
+	}
+}
+
+var (
+	_ wgConn.Bind     = (*ICEBind)(nil)
+	_ wgConn.Endpoint = &StdNetEndpoint{}
+)
+
+func (*ICEBind) ParseEndpoint(s string) (wgConn.Endpoint, error) {
+	e, err := netip.ParseAddrPort(s)
+	return asEndpoint(e), err
+}
+
+func (e *StdNetEndpoint) ClearSrc() {
+	e.src.ifidx = 0
+	e.src.Addr = netip.Addr{}
+}
+
+func (e *StdNetEndpoint) DstIP() netip.Addr {
+	return e.AddrPort.Addr()
+}
+
+func (e *StdNetEndpoint) SrcIP() netip.Addr {
+	return e.src.Addr
+}
+
+func (e *StdNetEndpoint) SrcIfidx() int32 {
+	return e.src.ifidx
+}
+
+func (e *StdNetEndpoint) DstToBytes() []byte {
+	b, _ := e.AddrPort.MarshalBinary()
+	return b
+}
+
+func (e *StdNetEndpoint) DstToString() string {
+	return e.AddrPort.String()
+}
+
+func (e *StdNetEndpoint) SrcToString() string {
+	return e.src.Addr.String()
+}
+
+func listenNet(network string, port int) (*net.UDPConn, int, error) {
+	conn, err := listenConfig().ListenPacket(context.Background(), network, ":"+strconv.Itoa(port))
+	if err != nil {
+		return nil, 0, err
+	}
+
+	// Retrieve port.
+	laddr := conn.LocalAddr()
+	uaddr, err := net.ResolveUDPAddr(
+		laddr.Network(),
+		laddr.String(),
+	)
+	if err != nil {
+		return nil, 0, err
+	}
+	return conn.(*net.UDPConn), uaddr.Port, nil
+}
+
+func (s *ICEBind) Open(uport uint16) ([]wgConn.ReceiveFunc, uint16, error) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	var err error
+	var tries int
+
+	if s.ipv4 != nil || s.ipv6 != nil {
+		return nil, 0, wgConn.ErrBindAlreadyOpen
+	}
+
+	// Attempt to open ipv4 and ipv6 listeners on the same port.
+	// If uport is 0, we can retry on failure.
+again:
+	port := int(uport)
+	var v4conn, v6conn *net.UDPConn
+
+	v4conn, port, err = listenNet("udp4", port)
+	if err != nil && !errors.Is(err, syscall.EAFNOSUPPORT) {
+		return nil, 0, err
+	}
+
+	// Listen on the same port as we're using for ipv4.
+	v6conn, port, err = listenNet("udp6", port)
+	if uport == 0 && errors.Is(err, syscall.EADDRINUSE) && tries < 100 {
+		v4conn.Close()
+		tries++
+		goto again
+	}
+	if err != nil && !errors.Is(err, syscall.EAFNOSUPPORT) {
+		v4conn.Close()
+		return nil, 0, err
+	}
+	var fns []wgConn.ReceiveFunc
+	if v4conn != nil {
+		fns = append(fns, s.receiveIPv4)
+		s.ipv4 = v4conn
+	}
+	if v6conn != nil {
+		fns = append(fns, s.receiveIPv6)
+		s.ipv6 = v6conn
+	}
+	if len(fns) == 0 {
+		return nil, 0, syscall.EAFNOSUPPORT
+	}
+
+	s.ipv4PC = ipv4.NewPacketConn(s.ipv4)
+	s.ipv6PC = ipv6.NewPacketConn(s.ipv6)
+
+	s.udpMux = NewUniversalUDPMuxDefault(UniversalUDPMuxParams{UDPConn: s.ipv4, Net: s.transportNet})
+	return fns, uint16(port), nil
+}
+
+func (s *ICEBind) receiveIPv4(buffs [][]byte, sizes []int, eps []wgConn.Endpoint) (n int, err error) {
+	msgs := s.ipv4MsgsPool.Get().(*[]ipv4.Message)
+	defer s.ipv4MsgsPool.Put(msgs)
+	for i := range buffs {
+		(*msgs)[i].Buffers[0] = buffs[i]
+	}
+	numMsgs, err := s.ipv4PC.ReadBatch(*msgs, 0)
+	if err != nil {
+		return 0, err
+	}
+
+	s.worker.doWork((*msgs)[:numMsgs], sizes, eps)
+	return numMsgs, nil
+}
+
+func (s *ICEBind) receiveIPv6(buffs [][]byte, sizes []int, eps []wgConn.Endpoint) (n int, err error) {
+	msgs := s.ipv6MsgsPool.Get().(*[]ipv6.Message)
+	defer s.ipv6MsgsPool.Put(msgs)
+	for i := range buffs {
+		(*msgs)[i].Buffers[0] = buffs[i]
+	}
+	numMsgs, err := s.ipv6PC.ReadBatch(*msgs, 0)
+	if err != nil {
+		return 0, err
+	}
+	for i := 0; i < numMsgs; i++ {
+		msg := &(*msgs)[i]
+		sizes[i] = msg.N
+		addrPort := msg.Addr.(*net.UDPAddr).AddrPort()
+		ep := asEndpoint(addrPort)
+		getSrcFromControl(msg.OOB, ep)
+		eps[i] = ep
+	}
+	return numMsgs, nil
+}
+
+func (s *ICEBind) BatchSize() int {
+	return s.batchSize
+}
+
+func (s *ICEBind) Close() error {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	var err1, err2 error
+	if s.ipv4 != nil {
+		err1 = s.ipv4.Close()
+		s.ipv4 = nil
+	}
+	if s.ipv6 != nil {
+		err2 = s.ipv6.Close()
+		s.ipv6 = nil
+	}
+	s.blackhole4 = false
+	s.blackhole6 = false
+	if err1 != nil {
+		return err1
+	}
+	return err2
+}
+
+func (s *ICEBind) Send(buffs [][]byte, endpoint wgConn.Endpoint) error {
+	s.mu.Lock()
+	blackhole := s.blackhole4
+	conn := s.ipv4
+	is6 := false
+	if endpoint.DstIP().Is6() {
+		blackhole = s.blackhole6
+		conn = s.ipv6
+		is6 = true
+	}
+	s.mu.Unlock()
+
+	if blackhole {
+		return nil
+	}
+	if conn == nil {
+		return syscall.EAFNOSUPPORT
+	}
+	if is6 {
+		return s.send6(s.ipv6PC, endpoint, buffs)
+	} else {
+		return s.send4(s.ipv4PC, endpoint, buffs)
 	}
-	ib.StdNetBind = wgConn.NewStdNetBindWithReceiverCreator(rc)
-	return ib
 }

 // GetICEMux returns the ICE UDPMux that was created and used by ICEBind
 func (s *ICEBind) GetICEMux() (*UniversalUDPMuxDefault, error) {
-	s.muUDPMux.Lock()
-	defer s.muUDPMux.Unlock()
+	s.mu.Lock()
+	defer s.mu.Unlock()
 	if s.udpMux == nil {
 		return nil, fmt.Errorf("ICEBind has not been initialized yet")
 	}
@@ -53,80 +299,121 @@ func (s *ICEBind) GetICEMux() (*UniversalUDPMuxDefault, error) {
 	return s.udpMux, nil
 }

-func (s *ICEBind) createIPv4ReceiverFn(ipv4MsgsPool *sync.Pool, pc *ipv4.PacketConn, conn *net.UDPConn) wgConn.ReceiveFunc {
-	s.muUDPMux.Lock()
-	defer s.muUDPMux.Unlock()
-
-	s.udpMux = NewUniversalUDPMuxDefault(
-		UniversalUDPMuxParams{
-			UDPConn: conn,
-			Net:     s.transportNet,
-		},
-	)
-	return func(bufs [][]byte, sizes []int, eps []wgConn.Endpoint) (n int, err error) {
-		msgs := ipv4MsgsPool.Get().(*[]ipv4.Message)
-		defer ipv4MsgsPool.Put(msgs)
-		for i := range bufs {
-			(*msgs)[i].Buffers[0] = bufs[i]
-		}
-		var numMsgs int
-		if runtime.GOOS == "linux" {
-			numMsgs, err = pc.ReadBatch(*msgs, 0)
-			if err != nil {
-				return 0, err
-			}
-		} else {
-			msg := &(*msgs)[0]
-			msg.N, msg.NN, _, msg.Addr, err = conn.ReadMsgUDP(msg.Buffers[0], msg.OOB)
-			if err != nil {
-				return 0, err
-			}
-			numMsgs = 1
-		}
-		for i := 0; i < numMsgs; i++ {
-			msg := &(*msgs)[i]
-
-			// todo: handle err
-			ok, _ := s.filterOutStunMessages(msg.Buffers, msg.N, msg.Addr)
-			if ok {
-				sizes[i] = 0
-			} else {
-				sizes[i] = msg.N
-			}
-
-			addrPort := msg.Addr.(*net.UDPAddr).AddrPort()
-			ep := &wgConn.StdNetEndpoint{AddrPort: addrPort} // TODO: remove allocation
-			wgConn.GetSrcFromControl(msg.OOB[:msg.NN], ep)
-			eps[i] = ep
-		}
-		return numMsgs, nil
+func (s *ICEBind) send4(conn *ipv4.PacketConn, ep wgConn.Endpoint, buffs [][]byte) error {
+	ua := s.udpAddrPool.Get().(*net.UDPAddr)
+	as4 := ep.DstIP().As4()
+	copy(ua.IP, as4[:])
+	ua.IP = ua.IP[:4]
+	ua.Port = int(ep.(*StdNetEndpoint).Port())
+	msgs := s.ipv4MsgsPool.Get().(*[]ipv4.Message)
+	for i, buff := range buffs {
+		(*msgs)[i].Buffers[0] = buff
+		(*msgs)[i].Addr = ua
+		setSrcControl(&(*msgs)[i].OOB, ep.(*StdNetEndpoint))
 	}
+	var (
+		n     int
+		err   error
+		start int
+	)
+	for {
+		n, err = conn.WriteBatch((*msgs)[start:len(buffs)], 0)
+		if err != nil || n == len((*msgs)[start:len(buffs)]) {
+			break
+		}
+		start += n
+	}
+	s.udpAddrPool.Put(ua)
+	s.ipv4MsgsPool.Put(msgs)
+	return err
+}
+
+func (s *ICEBind) send6(conn *ipv6.PacketConn, ep wgConn.Endpoint, buffs [][]byte) error {
+	ua := s.udpAddrPool.Get().(*net.UDPAddr)
+	as16 := ep.DstIP().As16()
+	copy(ua.IP, as16[:])
+	ua.IP = ua.IP[:16]
+	ua.Port = int(ep.(*StdNetEndpoint).Port())
+	msgs := s.ipv6MsgsPool.Get().(*[]ipv6.Message)
+	for i, buff := range buffs {
+		(*msgs)[i].Buffers[0] = buff
+		(*msgs)[i].Addr = ua
+		setSrcControl(&(*msgs)[i].OOB, ep.(*StdNetEndpoint))
+	}
+	var (
+		n     int
+		err   error
+		start int
+	)
+	for {
+		n, err = conn.WriteBatch((*msgs)[start:len(buffs)], 0)
+		if err != nil || n == len((*msgs)[start:len(buffs)]) {
+			break
+		}
+		start += n
+	}
+	s.udpAddrPool.Put(ua)
+	s.ipv6MsgsPool.Put(msgs)
+	return err
 }

 func (s *ICEBind) filterOutStunMessages(buffers [][]byte, n int, addr net.Addr) (bool, error) {
-	for i := range buffers {
-		if !stun.IsMessage(buffers[i]) {
+	for _, buffer := range buffers {
+		if !stun.IsMessage(buffer) {
 			continue
 		}

-		msg, err := s.parseSTUNMessage(buffers[i][:n])
+		msg, err := parseSTUNMessage(buffer[:n])
 		if err != nil {
-			buffers[i] = []byte{}
+			buffer = []byte{}
 			return true, err
 		}
-
 		muxErr := s.udpMux.HandleSTUNMessage(msg, addr)
 		if muxErr != nil {
-			log.Warnf("failed to handle STUN packet")
+			log.Warnf("failed to handle packet")
 		}
-
-		buffers[i] = []byte{}
+		buffer = []byte{}
 		return true, nil
 	}
 	return false, nil
 }

-func (s *ICEBind) parseSTUNMessage(raw []byte) (*stun.Message, error) {
+func (s *ICEBind) handlePkgs(msg *ipv4.Message) (int, *StdNetEndpoint) {
+	// todo: handle err
+	size := 0
+	ok, _ := s.filterOutStunMessages(msg.Buffers, msg.N, msg.Addr)
+	if !ok {
+		size = msg.N
+	}
+
+	addrPort := msg.Addr.(*net.UDPAddr).AddrPort()
+	ep := asEndpoint(addrPort)
+	getSrcFromControl(msg.OOB, ep)
+	return size, ep
+}
+
+// endpointPool contains a re-usable set of mapping from netip.AddrPort to Endpoint.
+// This exists to reduce allocations: Putting a netip.AddrPort in an Endpoint allocates,
+// but Endpoints are immutable, so we can re-use them.
+var endpointPool = sync.Pool{
+	New: func() any {
+		return make(map[netip.AddrPort]*StdNetEndpoint)
+	},
+}
+
+// asEndpoint returns an Endpoint containing ap.
+func asEndpoint(ap netip.AddrPort) *StdNetEndpoint {
+	m := endpointPool.Get().(map[netip.AddrPort]*StdNetEndpoint)
+	defer endpointPool.Put(m)
+	e, ok := m[ap]
+	if !ok {
+		e = &StdNetEndpoint{AddrPort: ap}
+		m[ap] = e
+	}
+	return e
+}
+
+func parseSTUNMessage(raw []byte) (*stun.Message, error) {
 	msg := &stun.Message{
 		Raw: raw,
 	}
--- a/iface/bind/controlfns.go
+++ b/iface/bind/controlfns.go
@@ -0,0 +1,36 @@
+/* SPDX-License-Identifier: MIT
+ *
+ * Copyright (C) 2017-2023 WireGuard LLC. All Rights Reserved.
+ */
+
+package bind
+
+import (
+	"net"
+	"syscall"
+)
+
+// controlFn is the callback function signature from net.ListenConfig.Control.
+// It is used to apply platform specific configuration to the socket prior to
+// bind.
+type controlFn func(network, address string, c syscall.RawConn) error
+
+// controlFns is a list of functions that are called from the listen config
+// that can apply socket options.
+var controlFns = []controlFn{}
+
+// listenConfig returns a net.ListenConfig that applies the controlFns to the
+// socket prior to bind. This is used to apply socket buffer sizing and packet
+// information OOB configuration for sticky sockets.
+func listenConfig() *net.ListenConfig {
+	return &net.ListenConfig{
+		Control: func(network, address string, c syscall.RawConn) error {
+			for _, fn := range controlFns {
+				if err := fn(network, address, c); err != nil {
+					return err
+				}
+			}
+			return nil
+		},
+	}
+}
--- a/iface/bind/controlfns_linux.go
+++ b/iface/bind/controlfns_linux.go
@@ -0,0 +1,41 @@
+/* SPDX-License-Identifier: MIT
+ *
+ * Copyright (C) 2017-2023 WireGuard LLC. All Rights Reserved.
+ */
+
+package bind
+
+import (
+	"fmt"
+	"syscall"
+
+	"golang.org/x/sys/unix"
+)
+
+func init() {
+	controlFns = append(controlFns,
+
+		// Enable receiving of the packet information (IP_PKTINFO for IPv4,
+		// IPV6_PKTINFO for IPv6) that is used to implement sticky socket support.
+		func(network, address string, c syscall.RawConn) error {
+			var err error
+			switch network {
+			case "udp4":
+				c.Control(func(fd uintptr) {
+					err = unix.SetsockoptInt(int(fd), unix.IPPROTO_IP, unix.IP_PKTINFO, 1)
+				})
+			case "udp6":
+				c.Control(func(fd uintptr) {
+					err = unix.SetsockoptInt(int(fd), unix.IPPROTO_IPV6, unix.IPV6_RECVPKTINFO, 1)
+					if err != nil {
+						return
+					}
+					err = unix.SetsockoptInt(int(fd), unix.IPPROTO_IPV6, unix.IPV6_V6ONLY, 1)
+				})
+			default:
+				err = fmt.Errorf("unhandled network: %s: %w", network, unix.EINVAL)
+			}
+			return err
+		},
+	)
+}
--- a/iface/bind/controlfns_unix.go
+++ b/iface/bind/controlfns_unix.go
@@ -0,0 +1,28 @@
+//go:build !windows && !linux && !js
+
+/* SPDX-License-Identifier: MIT
+ *
+ * Copyright (C) 2017-2023 WireGuard LLC. All Rights Reserved.
+ */
+
+package bind
+
+import (
+	"syscall"
+
+	"golang.org/x/sys/unix"
+)
+
+func init() {
+	controlFns = append(controlFns,
+		func(network, address string, c syscall.RawConn) error {
+			var err error
+			if network == "udp6" {
+				c.Control(func(fd uintptr) {
+					err = unix.SetsockoptInt(int(fd), unix.IPPROTO_IPV6, unix.IPV6_V6ONLY, 1)
+				})
+			}
+			return err
+		},
+	)
+}
--- a/iface/bind/mark_default.go
+++ b/iface/bind/mark_default.go
@@ -0,0 +1,12 @@
+//go:build !linux && !openbsd && !freebsd
+
+/* SPDX-License-Identifier: MIT
+ *
+ * Copyright (C) 2017-2023 WireGuard LLC. All Rights Reserved.
+ */
+
+package bind
+
+func (s *ICEBind) SetMark(mark uint32) error {
+	return nil
+}
--- a/iface/bind/mark_unix.go
+++ b/iface/bind/mark_unix.go
@@ -0,0 +1,65 @@
+//go:build linux || openbsd || freebsd
+
+/* SPDX-License-Identifier: MIT
+ *
+ * Copyright (C) 2017-2023 WireGuard LLC. All Rights Reserved.
+ */
+
+package bind
+
+import (
+	"runtime"
+
+	"golang.org/x/sys/unix"
+)
+
+var fwmarkIoctl int
+
+func init() {
+	switch runtime.GOOS {
+	case "linux", "android":
+		fwmarkIoctl = 36 /* unix.SO_MARK */
+	case "freebsd":
+		fwmarkIoctl = 0x1015 /* unix.SO_USER_COOKIE */
+	case "openbsd":
+		fwmarkIoctl = 0x1021 /* unix.SO_RTABLE */
+	}
+}
+
+func (s *ICEBind) SetMark(mark uint32) error {
+	var operr error
+	if fwmarkIoctl == 0 {
+		return nil
+	}
+	if s.ipv4 != nil {
+		fd, err := s.ipv4.SyscallConn()
+		if err != nil {
+			return err
+		}
+		err = fd.Control(func(fd uintptr) {
+			operr = unix.SetsockoptInt(int(fd), unix.SOL_SOCKET, fwmarkIoctl, int(mark))
+		})
+		if err == nil {
+			err = operr
+		}
+		if err != nil {
+			return err
+		}
+	}
+	if s.ipv6 != nil {
+		fd, err := s.ipv6.SyscallConn()
+		if err != nil {
+			return err
+		}
+		err = fd.Control(func(fd uintptr) {
+			operr = unix.SetsockoptInt(int(fd), unix.SOL_SOCKET, fwmarkIoctl, int(mark))
+		})
+		if err == nil {
+			err = operr
+		}
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
--- a/iface/bind/sticky_default.go
+++ b/iface/bind/sticky_default.go
@@ -0,0 +1,28 @@
+//go:build !linux
+// +build !linux
+
+/* SPDX-License-Identifier: MIT
+ *
+ * Copyright (C) 2017-2023 WireGuard LLC. All Rights Reserved.
+ */
+
+package bind
+
+import wgConn "golang.zx2c4.com/wireguard/conn"
+
+// TODO: macOS, FreeBSD and other BSDs likely do support this feature set, but
+// use alternatively named flags and need ports and require testing.
+
+// getSrcFromControl parses the control for PKTINFO and if found updates ep with
+// the source information found.
+func getSrcFromControl(control []byte, ep *wgConn.StdNetEndpoint) {
+}
+
+// setSrcControl parses the control for PKTINFO and if found updates ep with
+// the source information found.
+func setSrcControl(control *[]byte, ep *wgConn.StdNetEndpoint) {
+}
+
+// srcControlSize returns the recommended buffer size for pooling sticky control
+// data.
+const srcControlSize = 0
--- a/iface/bind/sticky_linux.go
+++ b/iface/bind/sticky_linux.go
@@ -0,0 +1,111 @@
+/* SPDX-License-Identifier: MIT
+ *
+ * Copyright (C) 2017-2023 WireGuard LLC. All Rights Reserved.
+ */
+
+package bind
+
+import (
+	"net/netip"
+	"unsafe"
+
+	"golang.org/x/sys/unix"
+)
+
+// getSrcFromControl parses the control for PKTINFO and if found updates ep with
+// the source information found.
+func getSrcFromControl(control []byte, ep *StdNetEndpoint) {
+	ep.ClearSrc()
+
+	var (
+		hdr  unix.Cmsghdr
+		data []byte
+		rem  []byte = control
+		err  error
+	)
+
+	for len(rem) > unix.SizeofCmsghdr {
+		hdr, data, rem, err = unix.ParseOneSocketControlMessage(control)
+		if err != nil {
+			return
+		}
+
+		if hdr.Level == unix.IPPROTO_IP &&
+			hdr.Type == unix.IP_PKTINFO {
+
+			info := pktInfoFromBuf[unix.Inet4Pktinfo](data)
+			ep.src.Addr = netip.AddrFrom4(info.Spec_dst)
+			ep.src.ifidx = info.Ifindex
+
+			return
+		}
+
+		if hdr.Level == unix.IPPROTO_IPV6 &&
+			hdr.Type == unix.IPV6_PKTINFO {
+
+			info := pktInfoFromBuf[unix.Inet6Pktinfo](data)
+			ep.src.Addr = netip.AddrFrom16(info.Addr)
+			ep.src.ifidx = int32(info.Ifindex)
+
+			return
+		}
+	}
+}
+
+// pktInfoFromBuf returns type T populated from the provided buf via copy(). It
+// panics if buf is of insufficient size.
+func pktInfoFromBuf[T unix.Inet4Pktinfo | unix.Inet6Pktinfo](buf []byte) (t T) {
+	size := int(unsafe.Sizeof(t))
+	if len(buf) < size {
+		panic("pktInfoFromBuf: buffer too small")
+	}
+	copy(unsafe.Slice((*byte)(unsafe.Pointer(&t)), size), buf)
+	return t
+}
+
+// setSrcControl parses the control for PKTINFO and if found updates ep with
+// the source information found.
+func setSrcControl(control *[]byte, ep *StdNetEndpoint) {
+	*control = (*control)[:cap(*control)]
+	if len(*control) < int(unsafe.Sizeof(unix.Cmsghdr{})) {
+		*control = (*control)[:0]
+		return
+	}
+
+	if ep.src.ifidx == 0 && !ep.SrcIP().IsValid() {
+		*control = (*control)[:0]
+		return
+	}
+
+	if len(*control) < srcControlSize {
+		*control = (*control)[:0]
+		return
+	}
+
+	hdr := (*unix.Cmsghdr)(unsafe.Pointer(&(*control)[0]))
+	if ep.SrcIP().Is4() {
+		hdr.Level = unix.IPPROTO_IP
+		hdr.Type = unix.IP_PKTINFO
+		hdr.SetLen(unix.CmsgLen(unix.SizeofInet4Pktinfo))
+
+		info := (*unix.Inet4Pktinfo)(unsafe.Pointer(&(*control)[unix.SizeofCmsghdr]))
+		info.Ifindex = ep.src.ifidx
+		if ep.SrcIP().IsValid() {
+			info.Spec_dst = ep.SrcIP().As4()
+		}
+	} else {
+		hdr.Level = unix.IPPROTO_IPV6
+		hdr.Type = unix.IPV6_PKTINFO
+		hdr.Len = unix.SizeofCmsghdr + unix.SizeofInet6Pktinfo
+
+		info := (*unix.Inet6Pktinfo)(unsafe.Pointer(&(*control)[unix.SizeofCmsghdr]))
+		info.Ifindex = uint32(ep.src.ifidx)
+		if ep.SrcIP().IsValid() {
+			info.Addr = ep.SrcIP().As16()
+		}
+	}
+
+	*control = (*control)[:hdr.Len]
+}
+
+var srcControlSize = unix.CmsgLen(unix.SizeofInet6Pktinfo)
--- a/iface/bind/sticky_linux_test.go
+++ b/iface/bind/sticky_linux_test.go
@@ -0,0 +1,207 @@
+//go:build linux
+// +build linux
+
+/* SPDX-License-Identifier: MIT
+ *
+ * Copyright (C) 2017-2023 WireGuard LLC. All Rights Reserved.
+ */
+
+package bind
+
+import (
+	"context"
+	"net"
+	"net/netip"
+	"runtime"
+	"testing"
+	"unsafe"
+
+	"golang.org/x/sys/unix"
+)
+
+func Test_setSrcControl(t *testing.T) {
+	t.Run("IPv4", func(t *testing.T) {
+		ep := &StdNetEndpoint{
+			AddrPort: netip.MustParseAddrPort("127.0.0.1:1234"),
+		}
+		ep.src.Addr = netip.MustParseAddr("127.0.0.1")
+		ep.src.ifidx = 5
+
+		control := make([]byte, srcControlSize)
+
+		setSrcControl(&control, ep)
+
+		hdr := (*unix.Cmsghdr)(unsafe.Pointer(&control[0]))
+		if hdr.Level != unix.IPPROTO_IP {
+			t.Errorf("unexpected level: %d", hdr.Level)
+		}
+		if hdr.Type != unix.IP_PKTINFO {
+			t.Errorf("unexpected type: %d", hdr.Type)
+		}
+		if hdr.Len != uint64(unix.CmsgLen(int(unsafe.Sizeof(unix.Inet4Pktinfo{})))) {
+			t.Errorf("unexpected length: %d", hdr.Len)
+		}
+		info := (*unix.Inet4Pktinfo)(unsafe.Pointer(&control[unix.CmsgLen(0)]))
+		if info.Spec_dst[0] != 127 || info.Spec_dst[1] != 0 || info.Spec_dst[2] != 0 || info.Spec_dst[3] != 1 {
+			t.Errorf("unexpected address: %v", info.Spec_dst)
+		}
+		if info.Ifindex != 5 {
+			t.Errorf("unexpected ifindex: %d", info.Ifindex)
+		}
+	})
+
+	t.Run("IPv6", func(t *testing.T) {
+		ep := &StdNetEndpoint{
+			AddrPort: netip.MustParseAddrPort("[::1]:1234"),
+		}
+		ep.src.Addr = netip.MustParseAddr("::1")
+		ep.src.ifidx = 5
+
+		control := make([]byte, srcControlSize)
+
+		setSrcControl(&control, ep)
+
+		hdr := (*unix.Cmsghdr)(unsafe.Pointer(&control[0]))
+		if hdr.Level != unix.IPPROTO_IPV6 {
+			t.Errorf("unexpected level: %d", hdr.Level)
+		}
+		if hdr.Type != unix.IPV6_PKTINFO {
+			t.Errorf("unexpected type: %d", hdr.Type)
+		}
+		if hdr.Len != uint64(unix.CmsgLen(int(unsafe.Sizeof(unix.Inet6Pktinfo{})))) {
+			t.Errorf("unexpected length: %d", hdr.Len)
+		}
+		info := (*unix.Inet6Pktinfo)(unsafe.Pointer(&control[unix.CmsgLen(0)]))
+		if info.Addr != ep.SrcIP().As16() {
+			t.Errorf("unexpected address: %v", info.Addr)
+		}
+		if info.Ifindex != 5 {
+			t.Errorf("unexpected ifindex: %d", info.Ifindex)
+		}
+	})
+
+	t.Run("ClearOnNoSrc", func(t *testing.T) {
+		control := make([]byte, srcControlSize)
+		hdr := (*unix.Cmsghdr)(unsafe.Pointer(&control[0]))
+		hdr.Level = 1
+		hdr.Type = 2
+		hdr.Len = 3
+
+		setSrcControl(&control, &StdNetEndpoint{})
+
+		if len(control) != 0 {
+			t.Errorf("unexpected control: %v", control)
+		}
+	})
+}
+
+func Test_getSrcFromControl(t *testing.T) {
+	t.Run("IPv4", func(t *testing.T) {
+		control := make([]byte, srcControlSize)
+		hdr := (*unix.Cmsghdr)(unsafe.Pointer(&control[0]))
+		hdr.Level = unix.IPPROTO_IP
+		hdr.Type = unix.IP_PKTINFO
+		hdr.Len = uint64(unix.CmsgLen(int(unsafe.Sizeof(unix.Inet4Pktinfo{}))))
+		info := (*unix.Inet4Pktinfo)(unsafe.Pointer(&control[unix.CmsgLen(0)]))
+		info.Spec_dst = [4]byte{127, 0, 0, 1}
+		info.Ifindex = 5
+
+		ep := &StdNetEndpoint{}
+		getSrcFromControl(control, ep)
+
+		if ep.src.Addr != netip.MustParseAddr("127.0.0.1") {
+			t.Errorf("unexpected address: %v", ep.src.Addr)
+		}
+		if ep.src.ifidx != 5 {
+			t.Errorf("unexpected ifindex: %d", ep.src.ifidx)
+		}
+	})
+	t.Run("IPv6", func(t *testing.T) {
+		control := make([]byte, srcControlSize)
+		hdr := (*unix.Cmsghdr)(unsafe.Pointer(&control[0]))
+		hdr.Level = unix.IPPROTO_IPV6
+		hdr.Type = unix.IPV6_PKTINFO
+		hdr.Len = uint64(unix.CmsgLen(int(unsafe.Sizeof(unix.Inet6Pktinfo{}))))
+		info := (*unix.Inet6Pktinfo)(unsafe.Pointer(&control[unix.CmsgLen(0)]))
+		info.Addr = [16]byte{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1}
+		info.Ifindex = 5
+
+		ep := &StdNetEndpoint{}
+		getSrcFromControl(control, ep)
+
+		if ep.SrcIP() != netip.MustParseAddr("::1") {
+			t.Errorf("unexpected address: %v", ep.SrcIP())
+		}
+		if ep.src.ifidx != 5 {
+			t.Errorf("unexpected ifindex: %d", ep.src.ifidx)
+		}
+	})
+	t.Run("ClearOnEmpty", func(t *testing.T) {
+		control := make([]byte, srcControlSize)
+		ep := &StdNetEndpoint{}
+		ep.src.Addr = netip.MustParseAddr("::1")
+		ep.src.ifidx = 5
+
+		getSrcFromControl(control, ep)
+		if ep.SrcIP().IsValid() {
+			t.Errorf("unexpected address: %v", ep.src.Addr)
+		}
+		if ep.src.ifidx != 0 {
+			t.Errorf("unexpected ifindex: %d", ep.src.ifidx)
+		}
+	})
+}
+
+func Test_listenConfig(t *testing.T) {
+	t.Run("IPv4", func(t *testing.T) {
+		conn, err := listenConfig().ListenPacket(context.Background(), "udp4", ":0")
+		if err != nil {
+			t.Fatal(err)
+		}
+		defer conn.Close()
+		sc, err := conn.(*net.UDPConn).SyscallConn()
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		if runtime.GOOS == "linux" {
+			var i int
+			sc.Control(func(fd uintptr) {
+				i, err = unix.GetsockoptInt(int(fd), unix.IPPROTO_IP, unix.IP_PKTINFO)
+			})
+			if err != nil {
+				t.Fatal(err)
+			}
+			if i != 1 {
+				t.Error("IP_PKTINFO not set!")
+			}
+		} else {
+			t.Logf("listenConfig() does not set IPV6_RECVPKTINFO on %s", runtime.GOOS)
+		}
+	})
+	t.Run("IPv6", func(t *testing.T) {
+		conn, err := listenConfig().ListenPacket(context.Background(), "udp6", ":0")
+		if err != nil {
+			t.Fatal(err)
+		}
+		sc, err := conn.(*net.UDPConn).SyscallConn()
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		if runtime.GOOS == "linux" {
+			var i int
+			sc.Control(func(fd uintptr) {
+				i, err = unix.GetsockoptInt(int(fd), unix.IPPROTO_IPV6, unix.IPV6_RECVPKTINFO)
+			})
+			if err != nil {
+				t.Fatal(err)
+			}
+			if i != 1 {
+				t.Error("IPV6_PKTINFO not set!")
+			}
+		} else {
+			t.Logf("listenConfig() does not set IPV6_RECVPKTINFO on %s", runtime.GOOS)
+		}
+	})
+}
--- a/iface/bind/udp_mux_universal.go
+++ b/iface/bind/udp_mux_universal.go
@@ -5,7 +5,6 @@ package bind
 */

 import (
-	"context"
 	"fmt"
 	"net"
 	"time"
@@ -69,39 +68,6 @@ func NewUniversalUDPMuxDefault(params UniversalUDPMuxParams) *UniversalUDPMuxDef
 	return m
 }

-// ReadFromConn reads from the m.params.UDPConn provided upon the creation. It expects STUN packets only, however, will
-// just ignore other packets printing an warning message.
-// It is a blocking method, consider running in a go routine.
-func (m *UniversalUDPMuxDefault) ReadFromConn(ctx context.Context) {
-	buf := make([]byte, 1500)
-	for {
-		select {
-		case <-ctx.Done():
-			log.Debugf("stopped reading from the UDPConn due to finished context")
-			return
-		default:
-			_, a, err := m.params.UDPConn.ReadFrom(buf)
-			if err != nil {
-				log.Errorf("error while reading packet %s", err)
-				continue
-			}
-			msg := &stun.Message{
-				Raw: buf,
-			}
-			err = msg.Decode()
-			if err != nil {
-				log.Warnf("error while parsing STUN message. The packet doesn't seem to be a STUN packet: %s", err)
-				continue
-			}
-
-			err = m.HandleSTUNMessage(msg, a)
-			if err != nil {
-				log.Errorf("error while handling STUn message: %s", err)
-			}
-		}
-	}
-}
-
 // udpConn is a wrapper around UDPMux conn that overrides ReadFrom and handles STUN/TURN packets
 type udpConn struct {
 	net.PacketConn
@@ -109,11 +75,6 @@ type udpConn struct {
 	logger logging.LeveledLogger
 }

-// GetSharedConn returns the shared udp conn
-func (m *UniversalUDPMuxDefault) GetSharedConn() net.PacketConn {
-	return m.params.UDPConn
-}
-
 // GetListenAddresses returns the listen addr of this UDP
 func (m *UniversalUDPMuxDefault) GetListenAddresses() []net.Addr {
 	return []net.Addr{m.LocalAddr()}
@@ -209,7 +170,7 @@ func (m *UniversalUDPMuxDefault) GetXORMappedAddr(serverAddr net.Addr, deadline

 	// otherwise, make a STUN request to discover the address
 	// or wait for already sent request to complete
-	waitAddrReceived, err := m.sendSTUN(serverAddr)
+	waitAddrReceived, err := m.sendStun(serverAddr)
 	if err != nil {
 		return nil, fmt.Errorf("%s: %s", "failed to send STUN packet", err)
 	}
@@ -218,31 +179,23 @@ func (m *UniversalUDPMuxDefault) GetXORMappedAddr(serverAddr net.Addr, deadline
 	select {
 	case <-waitAddrReceived:
 		// when channel closed, addr was obtained
-		var addr *stun.XORMappedAddress
 		m.mu.Lock()
-		// A very odd case that mappedAddr is nil.
-		// Can happen when the deadline property is larger than params.XORMappedAddrCacheTTL.
-		// Or when we don't receive a response to our m.sendSTUN request (the response is handled asynchronously) and
-		// the XORMapped expires meanwhile triggering a closure of the waitAddrReceived channel.
-		// We protect the code from panic here.
-		if mappedAddr, ok := m.xorMappedMap[serverAddr.String()]; ok {
-			addr = mappedAddr.addr
-		}
+		mappedAddr := *m.xorMappedMap[serverAddr.String()]
 		m.mu.Unlock()
-		if addr == nil {
+		if mappedAddr.addr == nil {
 			return nil, fmt.Errorf("no XOR address mapping")
 		}
-		return addr, nil
+		return mappedAddr.addr, nil
 	case <-time.After(deadline):
 		return nil, fmt.Errorf("timeout while waiting for XORMappedAddr")
 	}
 }

-// sendSTUN sends a STUN request via UDP conn.
+// sendStun sends a STUN request via UDP conn.
 //
 // The returned channel is closed when the STUN response has been received.
 // Method is safe for concurrent use.
-func (m *UniversalUDPMuxDefault) sendSTUN(serverAddr net.Addr) (chan struct{}, error) {
+func (m *UniversalUDPMuxDefault) sendStun(serverAddr net.Addr) (chan struct{}, error) {
 	m.mu.Lock()
 	defer m.mu.Unlock()

--- a/iface/bind/worker.go
+++ b/iface/bind/worker.go
@@ -0,0 +1,56 @@
+package bind
+
+import (
+	"runtime"
+
+	"golang.org/x/net/ipv4"
+	wgConn "golang.zx2c4.com/wireguard/conn"
+)
+
+// todo: add close function
+type worker struct {
+	jobOffer    chan int
+	numOfWorker int
+
+	jobFn func(msg *ipv4.Message) (int, *StdNetEndpoint)
+
+	messages []ipv4.Message
+	sizes    []int
+	eps      []wgConn.Endpoint
+}
+
+func newWorker(jobFn func(msg *ipv4.Message) (int, *StdNetEndpoint)) *worker {
+	w := &worker{
+		jobOffer:    make(chan int),
+		numOfWorker: runtime.NumCPU(),
+		jobFn:       jobFn,
+	}
+
+	w.populateWorkers()
+	return w
+}
+
+func (w *worker) doWork(messages []ipv4.Message, sizes []int, eps []wgConn.Endpoint) {
+	w.messages = messages
+	w.sizes = sizes
+	w.eps = eps
+
+	for i := 0; i < len(messages); i++ {
+		w.jobOffer <- i
+	}
+}
+
+func (w *worker) populateWorkers() {
+	for i := 0; i < w.numOfWorker; i++ {
+		go w.loop()
+	}
+}
+
+func (w *worker) loop() {
+	for {
+		select {
+		case msgPos := <-w.jobOffer:
+			w.sizes[msgPos], w.eps[msgPos] = w.jobFn(&w.messages[msgPos])
+		}
+	}
+}
--- a/iface/tun_android.go
+++ b/iface/tun_android.go
@@ -52,9 +52,7 @@ func (t *tunDevice) Create() error {

 	log.Debugf("attaching to interface %v", name)
 	t.device = device.NewDevice(tunDevice, t.iceBind, device.NewLogger(device.LogLevelSilent, "[wiretrustee] "))
-	// without this property mobile devices can discover remote endpoints if the configured one was wrong.
-	// this helps with support for the older NetBird clients that had a hardcoded direct mode
-	//t.device.DisableSomeRoamingForBrokenMobileSemantics()
+	t.device.DisableSomeRoamingForBrokenMobileSemantics()

 	err = t.device.Up()
 	if err != nil {
--- a/iface/tun_windows.go
+++ b/iface/tun_windows.go
@@ -3,11 +3,9 @@ package iface
 import (
 	"fmt"
 	"net"
-	"net/netip"

 	"github.com/pion/transport/v2"
 	log "github.com/sirupsen/logrus"
-	"golang.org/x/sys/windows"
 	"golang.zx2c4.com/wireguard/device"
 	"golang.zx2c4.com/wireguard/ipc"
 	"golang.zx2c4.com/wireguard/tun"
@@ -52,6 +50,7 @@ func (c *tunDevice) createWithUserspace() (NetInterface, error) {
 	if err != nil {
 		return nil, err
 	}
+
 	// We need to create a wireguard-go device and listen to configuration requests
 	tunDev := device.NewDevice(tunIface, c.iceBind, device.NewLogger(device.LogLevelSilent, "[netbird] "))
 	err = tunDev.Up()
@@ -60,22 +59,6 @@ func (c *tunDevice) createWithUserspace() (NetInterface, error) {
 		return nil, err
 	}

-	luid := winipcfg.LUID(tunIface.(*tun.NativeTun).LUID())
-
-	nbiface, err := luid.IPInterface(windows.AF_INET)
-	if err != nil {
-		_ = tunIface.Close()
-		return nil, fmt.Errorf("got error when getting ip interface %s", err)
-	}
-
-	nbiface.NLMTU = uint32(c.mtu)
-
-	err = nbiface.Set()
-	if err != nil {
-		_ = tunIface.Close()
-		return nil, fmt.Errorf("got error when getting setting the interface mtu: %s", err)
-	}
-
 	c.uapi, err = c.getUAPI(c.name)
 	if err != nil {
 		_ = tunIface.Close()
@@ -159,7 +142,7 @@ func (c *tunDevice) assignAddr() error {
 	tunDev := c.netInterface.(*tun.NativeTun)
 	luid := winipcfg.LUID(tunDev.LUID())
 	log.Debugf("adding address %s to interface: %s", c.address.IP, c.name)
-	return luid.SetIPAddresses([]netip.Prefix{netip.MustParsePrefix(c.address.String())})
+	return luid.SetIPAddresses([]net.IPNet{{c.address.IP, c.address.Network.Mask}})
 }

 // getUAPI returns a Listener
--- a/iface/wg_configurer_nonandroid.go
+++ b/iface/wg_configurer_nonandroid.go
@@ -202,7 +202,7 @@ func (c *wGConfigurer) configure(config wgtypes.Config) error {
 	if err != nil {
 		return err
 	}
-	log.Tracef("got Wireguard device %s", c.deviceName)
+	log.Debugf("got Wireguard device %s", c.deviceName)

 	return wg.ConfigureDevice(c.deviceName, config)
 }
--- a/management/client/client_test.go
+++ b/management/client/client_test.go
@@ -2,31 +2,28 @@ package client

 import (
 	"context"
+	"github.com/netbirdio/netbird/management/server/activity"
 	"net"
 	"path/filepath"
 	"sync"
 	"testing"
 	"time"

-	"github.com/netbirdio/netbird/management/server/activity"
-
 	"github.com/netbirdio/netbird/client/system"

-	log "github.com/sirupsen/logrus"
-	"github.com/stretchr/testify/assert"
-
 	"github.com/netbirdio/netbird/encryption"
 	"github.com/netbirdio/netbird/management/proto"
 	mgmtProto "github.com/netbirdio/netbird/management/proto"
 	mgmt "github.com/netbirdio/netbird/management/server"
 	"github.com/netbirdio/netbird/management/server/mock_server"
+	log "github.com/sirupsen/logrus"
+	"github.com/stretchr/testify/assert"

+	"github.com/netbirdio/netbird/util"
 	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
-
-	"github.com/netbirdio/netbird/util"
 )

 const ValidKey = "A2C8E62B-38F5-4553-B31E-DD66C696CEBB"
@@ -53,7 +50,7 @@ func startManagement(t *testing.T) (*grpc.Server, net.Listener) {
 		t.Fatal(err)
 	}
 	s := grpc.NewServer()
-	store, err := mgmt.NewFileStore(config.Datadir, nil)
+	store, err := mgmt.NewFileStore(config.Datadir)
 	if err != nil {
 		t.Fatal(err)
 	}
--- a/management/cmd/management.go
+++ b/management/cmd/management.go
@@ -80,7 +80,6 @@ var (
 			if err != nil {
 				return fmt.Errorf("failed reading provided config file: %s: %v", mgmtConfig, err)
 			}
-			config.HttpConfig.IdpSignKeyRefreshEnabled = idpSignKeyRefreshEnabled

 			tlsEnabled := false
 			if mgmtLetsencryptDomain != "" || (config.HttpConfig.CertFile != "" && config.HttpConfig.CertKey != "") {
@@ -121,6 +120,13 @@ var (
 					return fmt.Errorf("failed creating datadir: %s: %v", config.Datadir, err)
 				}
 			}
+
+			store, err := server.NewFileStore(config.Datadir)
+			if err != nil {
+				return fmt.Errorf("failed creating Store: %s: %v", config.Datadir, err)
+			}
+			peersUpdateManager := server.NewPeersUpdateManager()
+
 			appMetrics, err := telemetry.NewDefaultAppMetrics(cmd.Context())
 			if err != nil {
 				return err
@@ -129,11 +135,6 @@ var (
 			if err != nil {
 				return err
 			}
-			store, err := server.NewFileStore(config.Datadir, appMetrics)
-			if err != nil {
-				return fmt.Errorf("failed creating Store: %s: %v", config.Datadir, err)
-			}
-			peersUpdateManager := server.NewPeersUpdateManager()

 			var idpManager idp.Manager
 			if config.IdpManagerConfig != nil {
@@ -185,7 +186,6 @@ var (
 				config.HttpConfig.AuthIssuer,
 				config.GetAuthAudiences(),
 				config.HttpConfig.AuthKeysLocation,
-				config.HttpConfig.IdpSignKeyRefreshEnabled,
 			)
 			if err != nil {
 				return fmt.Errorf("failed creating JWT validator: %v", err)
@@ -394,12 +394,6 @@ func loadMgmtConfig(mgmtConfigPath string) (*server.Config, error) {
 		}
 		log.Infof("loaded OIDC configuration from the provided IDP configuration endpoint: %s", oidcEndpoint)

-		log.Infof("configuring IdpManagerConfig.OIDCConfig.Issuer with a new value %s,", oidcConfig.Issuer)
-		config.IdpManagerConfig.OIDCConfig.Issuer = strings.TrimRight(oidcConfig.Issuer, "/")
-
-		log.Infof("configuring IdpManagerConfig.OIDCConfig.TokenEndpoint with a new value %s,", oidcConfig.TokenEndpoint)
-		config.IdpManagerConfig.OIDCConfig.TokenEndpoint = oidcConfig.TokenEndpoint
-
 		log.Infof("overriding HttpConfig.AuthIssuer with a new value %s, previously configured value: %s",
 			oidcConfig.Issuer, config.HttpConfig.AuthIssuer)
 		config.HttpConfig.AuthIssuer = oidcConfig.Issuer
@@ -445,7 +439,7 @@ type OIDCConfigResponse struct {
 func fetchOIDCConfig(oidcEndpoint string) (OIDCConfigResponse, error) {
 	res, err := http.Get(oidcEndpoint)
 	if err != nil {
-		return OIDCConfigResponse{}, fmt.Errorf("failed fetching OIDC configuration from endpoint %s %v", oidcEndpoint, err)
+		return OIDCConfigResponse{}, fmt.Errorf("failed fetching OIDC configuration fro mendpoint %s %v", oidcEndpoint, err)
 	}

 	defer func() {
--- a/management/cmd/root.go
+++ b/management/cmd/root.go
@@ -16,14 +16,13 @@ const (
 )

 var (
-	dnsDomain                string
-	mgmtDataDir              string
-	mgmtConfig               string
-	logLevel                 string
-	logFile                  string
-	disableMetrics           bool
-	disableSingleAccMode     bool
-	idpSignKeyRefreshEnabled bool
+	dnsDomain            string
+	mgmtDataDir          string
+	mgmtConfig           string
+	logLevel             string
+	logFile              string
+	disableMetrics       bool
+	disableSingleAccMode bool

 	rootCmd = &cobra.Command{
 		Use:          "netbird-mgmt",
@@ -55,7 +54,6 @@ func init() {
 	mgmtCmd.Flags().StringVar(&certKey, "cert-key", "", "Location of your SSL certificate private key. Can be used when you have an existing certificate and don't want a new certificate be generated automatically. If letsencrypt-domain is specified this property has no effect")
 	mgmtCmd.Flags().BoolVar(&disableMetrics, "disable-anonymous-metrics", false, "disables push of anonymous usage metrics to NetBird")
 	mgmtCmd.Flags().StringVar(&dnsDomain, "dns-domain", defaultSingleAccModeDomain, fmt.Sprintf("Domain used for peer resolution. This is appended to the peer's name, e.g. pi-server. %s. Max lenght is 192 characters to allow appending to a peer name with up to 63 characters.", defaultSingleAccModeDomain))
-	mgmtCmd.Flags().BoolVar(&idpSignKeyRefreshEnabled, "idp-sign-key-refresh-enabled", false, "Enable cache headers evaluation to determine signing key rotation period. This will refresh the signing key upon expiry.")
 	rootCmd.MarkFlagRequired("config") //nolint

 	rootCmd.PersistentFlags().StringVar(&logLevel, "log-level", "info", "")
--- a/management/server/account.go
+++ b/management/server/account.go
@@ -15,13 +15,13 @@ import (
 	"sync"
 	"time"

+	"codeberg.org/ac/base62"
 	"github.com/eko/gocache/v3/cache"
 	cacheStore "github.com/eko/gocache/v3/store"
 	gocache "github.com/patrickmn/go-cache"
 	"github.com/rs/xid"
 	log "github.com/sirupsen/logrus"

-	"github.com/netbirdio/netbird/base62"
 	nbdns "github.com/netbirdio/netbird/dns"
 	"github.com/netbirdio/netbird/management/server/activity"
 	"github.com/netbirdio/netbird/management/server/idp"
@@ -49,16 +49,15 @@ type AccountManager interface {
 	CreateSetupKey(accountID string, keyName string, keyType SetupKeyType, expiresIn time.Duration,
 		autoGroups []string, usageLimit int, userID string) (*SetupKey, error)
 	SaveSetupKey(accountID string, key *SetupKey, userID string) (*SetupKey, error)
-	CreateUser(accountID, initiatorUserID string, key *UserInfo) (*UserInfo, error)
-	DeleteUser(accountID, initiatorUserID string, targetUserID string) error
+	CreateUser(accountID, userID string, key *UserInfo) (*UserInfo, error)
 	ListSetupKeys(accountID, userID string) ([]*SetupKey, error)
-	SaveUser(accountID, initiatorUserID string, update *User) (*UserInfo, error)
+	SaveUser(accountID, userID string, update *User) (*UserInfo, error)
 	GetSetupKey(accountID, userID, keyID string) (*SetupKey, error)
 	GetAccountByUserOrAccountID(userID, accountID, domain string) (*Account, error)
 	GetAccountFromToken(claims jwtclaims.AuthorizationClaims) (*Account, *User, error)
 	GetAccountFromPAT(pat string) (*Account, *User, *PersonalAccessToken, error)
 	MarkPATUsed(tokenID string) error
-	GetUser(claims jwtclaims.AuthorizationClaims) (*User, error)
+	IsUserAdmin(claims jwtclaims.AuthorizationClaims) (bool, error)
 	AccountExists(accountId string) (*bool, error)
 	GetPeerByKey(peerKey string) (*Peer, error)
 	GetPeers(accountID, userID string) ([]*Peer, error)
@@ -69,10 +68,10 @@ type AccountManager interface {
 	GetNetworkMap(peerID string) (*NetworkMap, error)
 	GetPeerNetwork(peerID string) (*Network, error)
 	AddPeer(setupKey, userID string, peer *Peer) (*Peer, *NetworkMap, error)
-	CreatePAT(accountID string, initiatorUserID string, targetUserID string, tokenName string, expiresIn int) (*PersonalAccessTokenGenerated, error)
-	DeletePAT(accountID string, initiatorUserID string, targetUserID string, tokenID string) error
-	GetPAT(accountID string, initiatorUserID string, targetUserID string, tokenID string) (*PersonalAccessToken, error)
-	GetAllPATs(accountID string, initiatorUserID string, targetUserID string) ([]*PersonalAccessToken, error)
+	CreatePAT(accountID string, executingUserID string, targetUserID string, tokenName string, expiresIn int) (*PersonalAccessTokenGenerated, error)
+	DeletePAT(accountID string, executingUserID string, targetUserID string, tokenID string) error
+	GetPAT(accountID string, executingUserID string, targetUserID string, tokenID string) (*PersonalAccessToken, error)
+	GetAllPATs(accountID string, executingUserID string, targetUserID string) ([]*PersonalAccessToken, error)
 	UpdatePeerSSHKey(peerID string, sshKey string) error
 	GetUsersFromAccount(accountID, userID string) ([]*UserInfo, error)
 	GetGroup(accountId, groupID string) (*Group, error)
@@ -172,14 +171,12 @@ type Account struct {
 }

 type UserInfo struct {
-	ID            string   `json:"id"`
-	Email         string   `json:"email"`
-	Name          string   `json:"name"`
-	Role          string   `json:"role"`
-	AutoGroups    []string `json:"auto_groups"`
-	Status        string   `json:"-"`
-	IsServiceUser bool     `json:"is_service_user"`
-	IsBlocked     bool     `json:"is_blocked"`
+	ID         string   `json:"id"`
+	Email      string   `json:"email"`
+	Name       string   `json:"name"`
+	Role       string   `json:"role"`
+	AutoGroups []string `json:"auto_groups"`
+	Status     string   `json:"-"`
 }

 // getRoutesToSync returns the enabled routes for the peer ID and the routes
@@ -903,9 +900,7 @@ func (am *DefaultAccountManager) lookupUserInCacheByEmail(email string, accountI
 func (am *DefaultAccountManager) lookupUserInCache(userID string, account *Account) (*idp.UserData, error) {
 	users := make(map[string]struct{}, len(account.Users))
 	for _, user := range account.Users {
-		if !user.IsServiceUser {
-			users[user.Id] = struct{}{}
-		}
+		users[user.Id] = struct{}{}
 	}
 	log.Debugf("looking up user %s of account %s in cache", userID, account.Id)
 	userData, err := am.lookupCache(users, account.Id)
@@ -1233,11 +1228,9 @@ func (am *DefaultAccountManager) GetAccountFromToken(claims jwtclaims.Authorizat
 		return nil, nil, status.Errorf(status.NotFound, "user %s not found", claims.UserId)
 	}

-	if !user.IsServiceUser {
-		err = am.redeemInvite(account, claims.UserId)
-		if err != nil {
-			return nil, nil, err
-		}
+	err = am.redeemInvite(account, claims.UserId)
+	if err != nil {
+		return nil, nil, err
 	}

 	return account, user, nil
--- a/management/server/account_test.go
+++ b/management/server/account_test.go
@@ -1869,7 +1869,7 @@ func createManager(t *testing.T) (*DefaultAccountManager, error) {

 func createStore(t *testing.T) (Store, error) {
 	dataDir := t.TempDir()
-	store, err := NewFileStore(dataDir, nil)
+	store, err := NewFileStore(dataDir)
 	if err != nil {
 		return nil, err
 	}
--- a/management/server/activity/codes.go
+++ b/management/server/activity/codes.go
@@ -87,14 +87,6 @@ const (
 	PersonalAccessTokenCreated
 	// PersonalAccessTokenDeleted indicates that a user deleted a personal access token
 	PersonalAccessTokenDeleted
-	// ServiceUserCreated indicates that a user created a service user
-	ServiceUserCreated
-	// ServiceUserDeleted indicates that a user deleted a service user
-	ServiceUserDeleted
-	// UserBlocked indicates that a user blocked another user
-	UserBlocked
-	// UserUnblocked indicates that a user unblocked another user
-	UserUnblocked
 )

 const (
@@ -184,14 +176,6 @@ const (
 	PersonalAccessTokenCreatedMessage string = "Personal access token created"
 	// PersonalAccessTokenDeletedMessage is a human-readable text message of the PersonalAccessTokenDeleted activity
 	PersonalAccessTokenDeletedMessage string = "Personal access token deleted"
-	// ServiceUserCreatedMessage is a human-readable text message of the ServiceUserCreated activity
-	ServiceUserCreatedMessage string = "Service user created"
-	// ServiceUserDeletedMessage is a human-readable text message of the ServiceUserDeleted activity
-	ServiceUserDeletedMessage string = "Service user deleted"
-	// UserBlockedMessage is a human-readable text message of the UserBlocked activity
-	UserBlockedMessage string = "User blocked"
-	// UserUnblockedMessage is a human-readable text message of the UserUnblocked activity
-	UserUnblockedMessage string = "User unblocked"
 )

 // Activity that triggered an Event
@@ -286,14 +270,6 @@ func (a Activity) Message() string {
 		return PersonalAccessTokenCreatedMessage
 	case PersonalAccessTokenDeleted:
 		return PersonalAccessTokenDeletedMessage
-	case ServiceUserCreated:
-		return ServiceUserCreatedMessage
-	case ServiceUserDeleted:
-		return ServiceUserDeletedMessage
-	case UserBlocked:
-		return UserBlockedMessage
-	case UserUnblocked:
-		return UserUnblockedMessage
 	default:
 		return "UNKNOWN_ACTIVITY"
 	}
@@ -312,10 +288,6 @@ func (a Activity) StringCode() string {
 		return "user.join"
 	case UserInvited:
 		return "user.invite"
-	case UserBlocked:
-		return "user.block"
-	case UserUnblocked:
-		return "user.unblock"
 	case AccountCreated:
 		return "account.create"
 	case RuleAdded:
@@ -392,10 +364,6 @@ func (a Activity) StringCode() string {
 		return "personal.access.token.create"
 	case PersonalAccessTokenDeleted:
 		return "personal.access.token.delete"
-	case ServiceUserCreated:
-		return "service.user.create"
-	case ServiceUserDeleted:
-		return "service.user.delete"
 	default:
 		return "UNKNOWN_ACTIVITY"
 	}
--- a/management/server/config.go
+++ b/management/server/config.go
@@ -80,8 +80,6 @@ type HttpServerConfig struct {
 	AuthKeysLocation string
 	// OIDCConfigEndpoint is the endpoint of an IDP manager to get OIDC configuration
 	OIDCConfigEndpoint string
-	// IdpSignKeyRefreshEnabled identifies the signing key is currently being rotated or not
-	IdpSignKeyRefreshEnabled bool
 }

 // Host represents a Wiretrustee host (e.g. STUN, TURN, Signal)
--- a/management/server/dns_test.go
+++ b/management/server/dns_test.go
@@ -1,12 +1,10 @@
 package server

 import (
-	"testing"
-
-	"github.com/stretchr/testify/require"
-
 	"github.com/netbirdio/netbird/management/server/activity"
 	"github.com/netbirdio/netbird/management/server/status"
+	"github.com/stretchr/testify/require"
+	"testing"
 )

 const (
@@ -192,7 +190,7 @@ func createDNSManager(t *testing.T) (*DefaultAccountManager, error) {

 func createDNSStore(t *testing.T) (Store, error) {
 	dataDir := t.TempDir()
-	store, err := NewFileStore(dataDir, nil)
+	store, err := NewFileStore(dataDir)
 	if err != nil {
 		return nil, err
 	}
--- a/management/server/file_store.go
+++ b/management/server/file_store.go
@@ -11,7 +11,6 @@ import (
 	log "github.com/sirupsen/logrus"

 	"github.com/netbirdio/netbird/management/server/status"
-	"github.com/netbirdio/netbird/management/server/telemetry"

 	"github.com/netbirdio/netbird/util"
 )
@@ -38,20 +37,13 @@ type FileStore struct {
 	// sync.Mutex indexed by accountID
 	accountLocks      sync.Map   `json:"-"`
 	globalAccountLock sync.Mutex `json:"-"`
-
-	metrics telemetry.AppMetrics `json:"-"`
 }

 type StoredAccount struct{}

 // NewFileStore restores a store from the file located in the datadir
-func NewFileStore(dataDir string, metrics telemetry.AppMetrics) (*FileStore, error) {
-	fs, err := restore(filepath.Join(dataDir, storeFileName))
-	if err != nil {
-		return nil, err
-	}
-	fs.metrics = metrics
-	return fs, nil
+func NewFileStore(dataDir string) (*FileStore, error) {
+	return restore(filepath.Join(dataDir, storeFileName))
 }

 // restore the state of the store from the file.
@@ -229,17 +221,7 @@ func restore(file string) (*FileStore, error) {
 // persist account data to a file
 // It is recommended to call it with locking FileStore.mux
 func (s *FileStore) persist(file string) error {
-	start := time.Now()
-	err := util.WriteJson(file, s)
-	if err != nil {
-		return err
-	}
-	took := time.Since(start)
-	if s.metrics != nil {
-		s.metrics.StoreMetrics().CountPersistenceDuration(took)
-	}
-	log.Debugf("took %d ms to persist the FileStore", took.Milliseconds())
-	return nil
+	return util.WriteJson(file, s)
 }

 // AcquireGlobalLock acquires global lock across all the accounts and returns a function that releases the lock
@@ -253,12 +235,6 @@ func (s *FileStore) AcquireGlobalLock() (unlock func()) {
 		log.Debugf("released global lock in %v", time.Since(start))
 	}

-	took := time.Since(start)
-	log.Debugf("took %v to acquire global lock", took)
-	if s.metrics != nil {
-		s.metrics.StoreMetrics().CountGlobalLockAcquisitionDuration(took)
-	}
-
 	return unlock
 }

--- a/management/server/file_store_test.go
+++ b/management/server/file_store_test.go
@@ -25,7 +25,7 @@ func TestStalePeerIndices(t *testing.T) {
 		t.Fatal(err)
 	}

-	store, err := NewFileStore(storeDir, nil)
+	store, err := NewFileStore(storeDir)
 	if err != nil {
 		return
 	}
@@ -172,7 +172,7 @@ func TestStore(t *testing.T) {
 		return
 	}

-	restored, err := NewFileStore(store.storeFile, nil)
+	restored, err := NewFileStore(store.storeFile)
 	if err != nil {
 		return
 	}
@@ -232,7 +232,7 @@ func TestRestore(t *testing.T) {
 		t.Fatal(err)
 	}

-	store, err := NewFileStore(storeDir, nil)
+	store, err := NewFileStore(storeDir)
 	if err != nil {
 		return
 	}
@@ -270,7 +270,7 @@ func TestRestorePolicies_Migration(t *testing.T) {
 		t.Fatal(err)
 	}

-	store, err := NewFileStore(storeDir, nil)
+	store, err := NewFileStore(storeDir)
 	if err != nil {
 		return
 	}
@@ -307,7 +307,7 @@ func TestGetAccountByPrivateDomain(t *testing.T) {
 		t.Fatal(err)
 	}

-	store, err := NewFileStore(storeDir, nil)
+	store, err := NewFileStore(storeDir)
 	if err != nil {
 		return
 	}
@@ -336,7 +336,7 @@ func TestFileStore_GetAccount(t *testing.T) {
 		t.Fatal(err)
 	}

-	store, err := NewFileStore(storeDir, nil)
+	store, err := NewFileStore(storeDir)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -378,7 +378,7 @@ func TestFileStore_GetTokenIDByHashedToken(t *testing.T) {
 		t.Fatal(err)
 	}

-	store, err := NewFileStore(storeDir, nil)
+	store, err := NewFileStore(storeDir)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -431,7 +431,7 @@ func TestFileStore_GetTokenIDByHashedToken_Failure(t *testing.T) {
 		t.Fatal(err)
 	}

-	store, err := NewFileStore(storeDir, nil)
+	store, err := NewFileStore(storeDir)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -456,7 +456,7 @@ func TestFileStore_GetUserByTokenID(t *testing.T) {
 		t.Fatal(err)
 	}

-	store, err := NewFileStore(storeDir, nil)
+	store, err := NewFileStore(storeDir)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -484,7 +484,7 @@ func TestFileStore_GetUserByTokenID_Failure(t *testing.T) {
 		t.Fatal(err)
 	}

-	store, err := NewFileStore(storeDir, nil)
+	store, err := NewFileStore(storeDir)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -503,7 +503,7 @@ func TestFileStore_SavePeerStatus(t *testing.T) {
 		t.Fatal(err)
 	}

-	store, err := NewFileStore(storeDir, nil)
+	store, err := NewFileStore(storeDir)
 	if err != nil {
 		return
 	}
@@ -548,7 +548,7 @@ func TestFileStore_SavePeerStatus(t *testing.T) {
 }

 func newStore(t *testing.T) *FileStore {
-	store, err := NewFileStore(t.TempDir(), nil)
+	store, err := NewFileStore(t.TempDir())
 	if err != nil {
 		t.Errorf("failed creating a new store")
 	}
--- a/management/server/grpcserver.go
+++ b/management/server/grpcserver.go
@@ -52,9 +52,7 @@ func NewServer(config *Config, accountManager AccountManager, peersUpdateManager
 		jwtValidator, err = jwtclaims.NewJWTValidator(
 			config.HttpConfig.AuthIssuer,
 			config.GetAuthAudiences(),
-			config.HttpConfig.AuthKeysLocation,
-			config.HttpConfig.IdpSignKeyRefreshEnabled,
-		)
+			config.HttpConfig.AuthKeysLocation)
 		if err != nil {
 			return nil, status.Errorf(codes.Internal, "unable to create new jwt middleware, err: %v", err)
 		}
@@ -114,7 +112,6 @@ func (s *GRPCServer) GetServerKey(ctx context.Context, req *proto.Empty) (*proto
 // Sync validates the existence of a connecting peer, sends an initial state (all available for the connecting peers) and
 // notifies the connected peer of any updates (e.g. new peers under the same account)
 func (s *GRPCServer) Sync(req *proto.EncryptedMessage, srv proto.ManagementService_SyncServer) error {
-	reqStart := time.Now()
 	if s.appMetrics != nil {
 		s.appMetrics.GRPCMetrics().CountSyncRequest()
 	}
@@ -149,11 +146,6 @@ func (s *GRPCServer) Sync(req *proto.EncryptedMessage, srv proto.ManagementServi
 	if s.config.TURNConfig.TimeBasedCredentials {
 		s.turnCredentialsManager.SetupRefresh(peer.ID)
 	}
-
-	if s.appMetrics != nil {
-		s.appMetrics.GRPCMetrics().CountSyncRequestDuration(time.Since(reqStart))
-	}
-
 	// keep a connection to the peer and send updates when available
 	for {
 		select {
@@ -268,12 +260,6 @@ func (s *GRPCServer) parseRequest(req *proto.EncryptedMessage, parsed pb.Message
 // In case it isn't, the endpoint checks whether setup key is provided within the request and tries to register a peer.
 // In case of the successful registration login is also successful
 func (s *GRPCServer) Login(ctx context.Context, req *proto.EncryptedMessage) (*proto.EncryptedMessage, error) {
-	reqStart := time.Now()
-	defer func() {
-		if s.appMetrics != nil {
-			s.appMetrics.GRPCMetrics().CountLoginRequestDuration(time.Since(reqStart))
-		}
-	}()
 	if s.appMetrics != nil {
 		s.appMetrics.GRPCMetrics().CountLoginRequest()
 	}
--- a/management/server/http/accounts_handler.go
+++ b/management/server/http/accounts_handler.go
@@ -59,13 +59,13 @@ func (h *AccountsHandler) UpdateAccount(w http.ResponseWriter, r *http.Request)
 	}

 	vars := mux.Vars(r)
-	accountID := vars["accountId"]
+	accountID := vars["id"]
 	if len(accountID) == 0 {
 		util.WriteError(status.Errorf(status.InvalidArgument, "invalid accountID ID"), w)
 		return
 	}

-	var req api.PutApiAccountsAccountIdJSONBody
+	var req api.PutApiAccountsIdJSONBody
 	err = json.NewDecoder(r.Body).Decode(&req)
 	if err != nil {
 		util.WriteErrorResponse("couldn't parse JSON request", http.StatusBadRequest, w)
--- a/management/server/http/accounts_handler_test.go
+++ b/management/server/http/accounts_handler_test.go
@@ -136,7 +136,7 @@ func TestAccounts_AccountsHandler(t *testing.T) {

 			router := mux.NewRouter()
 			router.HandleFunc("/api/accounts", handler.GetAllAccounts).Methods("GET")
-			router.HandleFunc("/api/accounts/{accountId}", handler.UpdateAccount).Methods("PUT")
+			router.HandleFunc("/api/accounts/{id}", handler.UpdateAccount).Methods("PUT")
 			router.ServeHTTP(recorder, req)

 			res := recorder.Result()
--- a/management/server/http/api/openapi.yml
+++ b/management/server/http/api/openapi.yml
--- a/management/server/http/api/types.gen.go
+++ b/management/server/http/api/types.gen.go
@@ -9,7 +9,6 @@ import (

 const (
 	BearerAuthScopes = "BearerAuth.Scopes"
-	TokenAuthScopes  = "TokenAuth.Scopes"
 )

 // Defines values for EventActivityCode.
@@ -30,8 +29,6 @@ const (
 	EventActivityCodePeerRename                               EventActivityCode = "peer.rename"
 	EventActivityCodePeerSshDisable                           EventActivityCode = "peer.ssh.disable"
 	EventActivityCodePeerSshEnable                            EventActivityCode = "peer.ssh.enable"
-	EventActivityCodePersonalAccessTokenCreate                EventActivityCode = "personal.access.token.create"
-	EventActivityCodePersonalAccessTokenDelete                EventActivityCode = "personal.access.token.delete"
 	EventActivityCodePolicyAdd                                EventActivityCode = "policy.add"
 	EventActivityCodePolicyDelete                             EventActivityCode = "policy.delete"
 	EventActivityCodePolicyUpdate                             EventActivityCode = "policy.update"
@@ -41,8 +38,6 @@ const (
 	EventActivityCodeRuleAdd                                  EventActivityCode = "rule.add"
 	EventActivityCodeRuleDelete                               EventActivityCode = "rule.delete"
 	EventActivityCodeRuleUpdate                               EventActivityCode = "rule.update"
-	EventActivityCodeServiceUserCreate                        EventActivityCode = "service.user.create"
-	EventActivityCodeServiceUserDelete                        EventActivityCode = "service.user.delete"
 	EventActivityCodeSetupkeyAdd                              EventActivityCode = "setupkey.add"
 	EventActivityCodeSetupkeyGroupAdd                         EventActivityCode = "setupkey.group.add"
 	EventActivityCodeSetupkeyGroupDelete                      EventActivityCode = "setupkey.group.delete"
@@ -50,7 +45,6 @@ const (
 	EventActivityCodeSetupkeyPeerAdd                          EventActivityCode = "setupkey.peer.add"
 	EventActivityCodeSetupkeyRevoke                           EventActivityCode = "setupkey.revoke"
 	EventActivityCodeSetupkeyUpdate                           EventActivityCode = "setupkey.update"
-	EventActivityCodeUserBlock                                EventActivityCode = "user.block"
 	EventActivityCodeUserGroupAdd                             EventActivityCode = "user.group.add"
 	EventActivityCodeUserGroupDelete                          EventActivityCode = "user.group.delete"
 	EventActivityCodeUserInvite                               EventActivityCode = "user.invite"
@@ -58,7 +52,19 @@ const (
 	EventActivityCodeUserPeerAdd                              EventActivityCode = "user.peer.add"
 	EventActivityCodeUserPeerDelete                           EventActivityCode = "user.peer.delete"
 	EventActivityCodeUserRoleUpdate                           EventActivityCode = "user.role.update"
-	EventActivityCodeUserUnblock                              EventActivityCode = "user.unblock"
+)
+
+// Defines values for GroupPatchOperationOp.
+const (
+	GroupPatchOperationOpAdd     GroupPatchOperationOp = "add"
+	GroupPatchOperationOpRemove  GroupPatchOperationOp = "remove"
+	GroupPatchOperationOpReplace GroupPatchOperationOp = "replace"
+)
+
+// Defines values for GroupPatchOperationPath.
+const (
+	GroupPatchOperationPathName  GroupPatchOperationPath = "name"
+	GroupPatchOperationPathPeers GroupPatchOperationPath = "peers"
 )

 // Defines values for NameserverNsType.
@@ -66,17 +72,61 @@ const (
 	NameserverNsTypeUdp NameserverNsType = "udp"
 )

+// Defines values for NameserverGroupPatchOperationOp.
+const (
+	NameserverGroupPatchOperationOpAdd     NameserverGroupPatchOperationOp = "add"
+	NameserverGroupPatchOperationOpRemove  NameserverGroupPatchOperationOp = "remove"
+	NameserverGroupPatchOperationOpReplace NameserverGroupPatchOperationOp = "replace"
+)
+
+// Defines values for NameserverGroupPatchOperationPath.
+const (
+	NameserverGroupPatchOperationPathDescription NameserverGroupPatchOperationPath = "description"
+	NameserverGroupPatchOperationPathDomains     NameserverGroupPatchOperationPath = "domains"
+	NameserverGroupPatchOperationPathEnabled     NameserverGroupPatchOperationPath = "enabled"
+	NameserverGroupPatchOperationPathGroups      NameserverGroupPatchOperationPath = "groups"
+	NameserverGroupPatchOperationPathName        NameserverGroupPatchOperationPath = "name"
+	NameserverGroupPatchOperationPathNameservers NameserverGroupPatchOperationPath = "nameservers"
+	NameserverGroupPatchOperationPathPrimary     NameserverGroupPatchOperationPath = "primary"
+)
+
+// Defines values for PatchMinimumOp.
+const (
+	PatchMinimumOpAdd     PatchMinimumOp = "add"
+	PatchMinimumOpRemove  PatchMinimumOp = "remove"
+	PatchMinimumOpReplace PatchMinimumOp = "replace"
+)
+
 // Defines values for PolicyRuleAction.
 const (
 	PolicyRuleActionAccept PolicyRuleAction = "accept"
 	PolicyRuleActionDrop   PolicyRuleAction = "drop"
 )

+// Defines values for RoutePatchOperationOp.
+const (
+	RoutePatchOperationOpAdd     RoutePatchOperationOp = "add"
+	RoutePatchOperationOpRemove  RoutePatchOperationOp = "remove"
+	RoutePatchOperationOpReplace RoutePatchOperationOp = "replace"
+)
+
+// Defines values for RoutePatchOperationPath.
+const (
+	RoutePatchOperationPathDescription RoutePatchOperationPath = "description"
+	RoutePatchOperationPathEnabled     RoutePatchOperationPath = "enabled"
+	RoutePatchOperationPathGroups      RoutePatchOperationPath = "groups"
+	RoutePatchOperationPathMasquerade  RoutePatchOperationPath = "masquerade"
+	RoutePatchOperationPathMetric      RoutePatchOperationPath = "metric"
+	RoutePatchOperationPathNetwork     RoutePatchOperationPath = "network"
+	RoutePatchOperationPathNetworkId   RoutePatchOperationPath = "network_id"
+	RoutePatchOperationPathPeer        RoutePatchOperationPath = "peer"
+)
+
 // Defines values for UserStatus.
 const (
-	UserStatusActive  UserStatus = "active"
-	UserStatusBlocked UserStatus = "blocked"
-	UserStatusInvited UserStatus = "invited"
+	UserStatusActive   UserStatus = "active"
+	UserStatusDisabled UserStatus = "disabled"
+	UserStatusInvited  UserStatus = "invited"
 )

 // Account defines model for Account.
@@ -155,15 +205,24 @@ type GroupMinimum struct {
 	PeersCount int `json:"peers_count"`
 }

-// GroupRequest defines model for GroupRequest.
-type GroupRequest struct {
-	// Name Group name identifier
-	Name string `json:"name"`
+// GroupPatchOperation defines model for GroupPatchOperation.
+type GroupPatchOperation struct {
+	// Op Patch operation type
+	Op GroupPatchOperationOp `json:"op"`

-	// Peers List of peers ids
-	Peers *[]string `json:"peers,omitempty"`
+	// Path Group field to update in form /<field>
+	Path GroupPatchOperationPath `json:"path"`
+
+	// Value Values to be applied
+	Value []string `json:"value"`
 }

+// GroupPatchOperationOp Patch operation type
+type GroupPatchOperationOp string
+
+// GroupPatchOperationPath Group field to update in form /<field>
+type GroupPatchOperationPath string
+
 // Nameserver defines model for Nameserver.
 type Nameserver struct {
 	// Ip Nameserver IP
@@ -206,6 +265,24 @@ type NameserverGroup struct {
 	Primary bool `json:"primary"`
 }

+// NameserverGroupPatchOperation defines model for NameserverGroupPatchOperation.
+type NameserverGroupPatchOperation struct {
+	// Op Patch operation type
+	Op NameserverGroupPatchOperationOp `json:"op"`
+
+	// Path Nameserver group field to update in form /<field>
+	Path NameserverGroupPatchOperationPath `json:"path"`
+
+	// Value Values to be applied
+	Value []string `json:"value"`
+}
+
+// NameserverGroupPatchOperationOp Patch operation type
+type NameserverGroupPatchOperationOp string
+
+// NameserverGroupPatchOperationPath Nameserver group field to update in form /<field>
+type NameserverGroupPatchOperationPath string
+
 // NameserverGroupRequest defines model for NameserverGroupRequest.
 type NameserverGroupRequest struct {
 	// Description Nameserver group  description
@@ -230,6 +307,18 @@ type NameserverGroupRequest struct {
 	Primary bool `json:"primary"`
 }

+// PatchMinimum defines model for PatchMinimum.
+type PatchMinimum struct {
+	// Op Patch operation type
+	Op PatchMinimumOp `json:"op"`
+
+	// Value Values to be applied
+	Value []string `json:"value"`
+}
+
+// PatchMinimumOp Patch operation type
+type PatchMinimumOp string
+
 // Peer defines model for Peer.
 type Peer struct {
 	// Connected Peer to Management connection status
@@ -290,13 +379,6 @@ type PeerMinimum struct {
 	Name string `json:"name"`
 }

-// PeerRequest defines model for PeerRequest.
-type PeerRequest struct {
-	LoginExpirationEnabled bool   `json:"login_expiration_enabled"`
-	Name                   string `json:"name"`
-	SshEnabled             bool   `json:"ssh_enabled"`
-}
-
 // PersonalAccessToken defines model for PersonalAccessToken.
 type PersonalAccessToken struct {
 	// CreatedAt Date the token was created
@@ -434,6 +516,24 @@ type Route struct {
 	Peer string `json:"peer"`
 }

+// RoutePatchOperation defines model for RoutePatchOperation.
+type RoutePatchOperation struct {
+	// Op Patch operation type
+	Op RoutePatchOperationOp `json:"op"`
+
+	// Path Route field to update in form /<field>
+	Path RoutePatchOperationPath `json:"path"`
+
+	// Value Values to be applied
+	Value []string `json:"value"`
+}
+
+// RoutePatchOperationOp Patch operation type
+type RoutePatchOperationOp string
+
+// RoutePatchOperationPath Route field to update in form /<field>
+type RoutePatchOperationPath string
+
 // RouteRequest defines model for RouteRequest.
 type RouteRequest struct {
 	// Description Route description
@@ -500,27 +600,6 @@ type RuleMinimum struct {
 	Name string `json:"name"`
 }

-// RuleRequest defines model for RuleRequest.
-type RuleRequest struct {
-	// Description Rule friendly description
-	Description string `json:"description"`
-
-	// Destinations List of destination groups
-	Destinations *[]string `json:"destinations,omitempty"`
-
-	// Disabled Rules status
-	Disabled bool `json:"disabled"`
-
-	// Flow Rule flow, currently, only "bidirect" for bi-directional traffic is accepted
-	Flow string `json:"flow"`
-
-	// Name Rule name identifier
-	Name string `json:"name"`
-
-	// Sources List of source groups
-	Sources *[]string `json:"sources,omitempty"`
-}
-
 // SetupKey defines model for SetupKey.
 type SetupKey struct {
 	// AutoGroups Setup key groups to auto-assign to peers registered with this key
@@ -595,15 +674,9 @@ type User struct {
 	// Id User ID
 	Id string `json:"id"`

-	// IsBlocked Is true if this user is blocked. Blocked users can't use the system
-	IsBlocked bool `json:"is_blocked"`
-
 	// IsCurrent Is true if authenticated user is the same as this user
 	IsCurrent *bool `json:"is_current,omitempty"`

-	// IsServiceUser Is true if this user is a service user
-	IsServiceUser *bool `json:"is_service_user,omitempty"`
-
 	// Name User's name from idp provider
 	Name string `json:"name"`

@@ -623,10 +696,7 @@ type UserCreateRequest struct {
 	AutoGroups []string `json:"auto_groups"`

 	// Email User's Email to send invite to
-	Email *string `json:"email,omitempty"`
-
-	// IsServiceUser Is true if this user is a service user
-	IsServiceUser bool `json:"is_service_user"`
+	Email string `json:"email"`

 	// Name User's full name
 	Name *string `json:"name,omitempty"`
@@ -640,74 +710,142 @@ type UserRequest struct {
 	// AutoGroups Groups to auto-assign to peers registered by this user
 	AutoGroups []string `json:"auto_groups"`

-	// IsBlocked If set to true then user is blocked and can't use the system
-	IsBlocked bool `json:"is_blocked"`
-
 	// Role User's NetBird account role
 	Role string `json:"role"`
 }

-// PutApiAccountsAccountIdJSONBody defines parameters for PutApiAccountsAccountId.
-type PutApiAccountsAccountIdJSONBody struct {
+// PutApiAccountsIdJSONBody defines parameters for PutApiAccountsId.
+type PutApiAccountsIdJSONBody struct {
 	Settings AccountSettings `json:"settings"`
 }

-// GetApiUsersParams defines parameters for GetApiUsers.
-type GetApiUsersParams struct {
-	// ServiceUser Filters users and returns either regular users or service users
-	ServiceUser *bool `form:"service_user,omitempty" json:"service_user,omitempty"`
+// PatchApiDnsNameserversIdJSONBody defines parameters for PatchApiDnsNameserversId.
+type PatchApiDnsNameserversIdJSONBody = []NameserverGroupPatchOperation
+
+// PostApiGroupsJSONBody defines parameters for PostApiGroups.
+type PostApiGroupsJSONBody struct {
+	Name  string    `json:"name"`
+	Peers *[]string `json:"peers,omitempty"`
 }

-// PutApiAccountsAccountIdJSONRequestBody defines body for PutApiAccountsAccountId for application/json ContentType.
-type PutApiAccountsAccountIdJSONRequestBody PutApiAccountsAccountIdJSONBody
+// PatchApiGroupsIdJSONBody defines parameters for PatchApiGroupsId.
+type PatchApiGroupsIdJSONBody = []GroupPatchOperation
+
+// PutApiGroupsIdJSONBody defines parameters for PutApiGroupsId.
+type PutApiGroupsIdJSONBody struct {
+	Name  *string   `json:"Name,omitempty"`
+	Peers *[]string `json:"Peers,omitempty"`
+}
+
+// PutApiPeersIdJSONBody defines parameters for PutApiPeersId.
+type PutApiPeersIdJSONBody struct {
+	LoginExpirationEnabled bool   `json:"login_expiration_enabled"`
+	Name                   string `json:"name"`
+	SshEnabled             bool   `json:"ssh_enabled"`
+}
+
+// PostApiPoliciesJSONBody defines parameters for PostApiPolicies.
+type PostApiPoliciesJSONBody = PolicyMinimum
+
+// PutApiPoliciesIdJSONBody defines parameters for PutApiPoliciesId.
+type PutApiPoliciesIdJSONBody = PolicyMinimum
+
+// PatchApiRoutesIdJSONBody defines parameters for PatchApiRoutesId.
+type PatchApiRoutesIdJSONBody = []RoutePatchOperation
+
+// PostApiRulesJSONBody defines parameters for PostApiRules.
+type PostApiRulesJSONBody struct {
+	// Description Rule friendly description
+	Description  string    `json:"description"`
+	Destinations *[]string `json:"destinations,omitempty"`
+
+	// Disabled Rules status
+	Disabled bool `json:"disabled"`
+
+	// Flow Rule flow, currently, only "bidirect" for bi-directional traffic is accepted
+	Flow string `json:"flow"`
+
+	// Name Rule name identifier
+	Name    string    `json:"name"`
+	Sources *[]string `json:"sources,omitempty"`
+}
+
+// PutApiRulesIdJSONBody defines parameters for PutApiRulesId.
+type PutApiRulesIdJSONBody struct {
+	// Description Rule friendly description
+	Description  string    `json:"description"`
+	Destinations *[]string `json:"destinations,omitempty"`
+
+	// Disabled Rules status
+	Disabled bool `json:"disabled"`
+
+	// Flow Rule flow, currently, only "bidirect" for bi-directional traffic is accepted
+	Flow string `json:"flow"`
+
+	// Name Rule name identifier
+	Name    string    `json:"name"`
+	Sources *[]string `json:"sources,omitempty"`
+}
+
+// PutApiAccountsIdJSONRequestBody defines body for PutApiAccountsId for application/json ContentType.
+type PutApiAccountsIdJSONRequestBody PutApiAccountsIdJSONBody

 // PostApiDnsNameserversJSONRequestBody defines body for PostApiDnsNameservers for application/json ContentType.
 type PostApiDnsNameserversJSONRequestBody = NameserverGroupRequest

-// PutApiDnsNameserversNsgroupIdJSONRequestBody defines body for PutApiDnsNameserversNsgroupId for application/json ContentType.
-type PutApiDnsNameserversNsgroupIdJSONRequestBody = NameserverGroupRequest
+// PatchApiDnsNameserversIdJSONRequestBody defines body for PatchApiDnsNameserversId for application/json ContentType.
+type PatchApiDnsNameserversIdJSONRequestBody = PatchApiDnsNameserversIdJSONBody
+
+// PutApiDnsNameserversIdJSONRequestBody defines body for PutApiDnsNameserversId for application/json ContentType.
+type PutApiDnsNameserversIdJSONRequestBody = NameserverGroupRequest

 // PutApiDnsSettingsJSONRequestBody defines body for PutApiDnsSettings for application/json ContentType.
 type PutApiDnsSettingsJSONRequestBody = DNSSettings

 // PostApiGroupsJSONRequestBody defines body for PostApiGroups for application/json ContentType.
-type PostApiGroupsJSONRequestBody = GroupRequest
+type PostApiGroupsJSONRequestBody PostApiGroupsJSONBody

-// PutApiGroupsGroupIdJSONRequestBody defines body for PutApiGroupsGroupId for application/json ContentType.
-type PutApiGroupsGroupIdJSONRequestBody = GroupRequest
+// PatchApiGroupsIdJSONRequestBody defines body for PatchApiGroupsId for application/json ContentType.
+type PatchApiGroupsIdJSONRequestBody = PatchApiGroupsIdJSONBody

-// PutApiPeersPeerIdJSONRequestBody defines body for PutApiPeersPeerId for application/json ContentType.
-type PutApiPeersPeerIdJSONRequestBody = PeerRequest
+// PutApiGroupsIdJSONRequestBody defines body for PutApiGroupsId for application/json ContentType.
+type PutApiGroupsIdJSONRequestBody PutApiGroupsIdJSONBody
+
+// PutApiPeersIdJSONRequestBody defines body for PutApiPeersId for application/json ContentType.
+type PutApiPeersIdJSONRequestBody PutApiPeersIdJSONBody

 // PostApiPoliciesJSONRequestBody defines body for PostApiPolicies for application/json ContentType.
-type PostApiPoliciesJSONRequestBody = PolicyMinimum
+type PostApiPoliciesJSONRequestBody = PostApiPoliciesJSONBody

-// PutApiPoliciesPolicyIdJSONRequestBody defines body for PutApiPoliciesPolicyId for application/json ContentType.
-type PutApiPoliciesPolicyIdJSONRequestBody = PolicyMinimum
+// PutApiPoliciesIdJSONRequestBody defines body for PutApiPoliciesId for application/json ContentType.
+type PutApiPoliciesIdJSONRequestBody = PutApiPoliciesIdJSONBody

 // PostApiRoutesJSONRequestBody defines body for PostApiRoutes for application/json ContentType.
 type PostApiRoutesJSONRequestBody = RouteRequest

-// PutApiRoutesRouteIdJSONRequestBody defines body for PutApiRoutesRouteId for application/json ContentType.
-type PutApiRoutesRouteIdJSONRequestBody = RouteRequest
+// PatchApiRoutesIdJSONRequestBody defines body for PatchApiRoutesId for application/json ContentType.
+type PatchApiRoutesIdJSONRequestBody = PatchApiRoutesIdJSONBody
+
+// PutApiRoutesIdJSONRequestBody defines body for PutApiRoutesId for application/json ContentType.
+type PutApiRoutesIdJSONRequestBody = RouteRequest

 // PostApiRulesJSONRequestBody defines body for PostApiRules for application/json ContentType.
-type PostApiRulesJSONRequestBody = RuleRequest
+type PostApiRulesJSONRequestBody PostApiRulesJSONBody

-// PutApiRulesRuleIdJSONRequestBody defines body for PutApiRulesRuleId for application/json ContentType.
-type PutApiRulesRuleIdJSONRequestBody = RuleRequest
+// PutApiRulesIdJSONRequestBody defines body for PutApiRulesId for application/json ContentType.
+type PutApiRulesIdJSONRequestBody PutApiRulesIdJSONBody

 // PostApiSetupKeysJSONRequestBody defines body for PostApiSetupKeys for application/json ContentType.
 type PostApiSetupKeysJSONRequestBody = SetupKeyRequest

-// PutApiSetupKeysKeyIdJSONRequestBody defines body for PutApiSetupKeysKeyId for application/json ContentType.
-type PutApiSetupKeysKeyIdJSONRequestBody = SetupKeyRequest
+// PutApiSetupKeysIdJSONRequestBody defines body for PutApiSetupKeysId for application/json ContentType.
+type PutApiSetupKeysIdJSONRequestBody = SetupKeyRequest

 // PostApiUsersJSONRequestBody defines body for PostApiUsers for application/json ContentType.
 type PostApiUsersJSONRequestBody = UserCreateRequest

-// PutApiUsersUserIdJSONRequestBody defines body for PutApiUsersUserId for application/json ContentType.
-type PutApiUsersUserIdJSONRequestBody = UserRequest
+// PutApiUsersIdJSONRequestBody defines body for PutApiUsersId for application/json ContentType.
+type PutApiUsersIdJSONRequestBody = UserRequest

 // PostApiUsersUserIdTokensJSONRequestBody defines body for PostApiUsersUserIdTokens for application/json ContentType.
 type PostApiUsersUserIdTokensJSONRequestBody = PersonalAccessTokenRequest
--- a/management/server/http/groups_handler.go
+++ b/management/server/http/groups_handler.go
@@ -62,7 +62,7 @@ func (h *GroupsHandler) UpdateGroup(w http.ResponseWriter, r *http.Request) {
 	}

 	vars := mux.Vars(r)
-	groupID, ok := vars["groupId"]
+	groupID, ok := vars["id"]
 	if !ok {
 		util.WriteError(status.Errorf(status.InvalidArgument, "group ID field is missing"), w)
 		return
@@ -88,14 +88,14 @@ func (h *GroupsHandler) UpdateGroup(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	var req api.PutApiGroupsGroupIdJSONRequestBody
+	var req api.PutApiGroupsIdJSONRequestBody
 	err = json.NewDecoder(r.Body).Decode(&req)
 	if err != nil {
 		util.WriteErrorResponse("couldn't parse JSON request", http.StatusBadRequest, w)
 		return
 	}

-	if req.Name == "" {
+	if *req.Name == "" {
 		util.WriteError(status.Errorf(status.InvalidArgument, "group name shouldn't be empty"), w)
 		return
 	}
@@ -108,7 +108,7 @@ func (h *GroupsHandler) UpdateGroup(w http.ResponseWriter, r *http.Request) {
 	}
 	group := server.Group{
 		ID:    groupID,
-		Name:  req.Name,
+		Name:  *req.Name,
 		Peers: peers,
 	}

@@ -121,6 +121,110 @@ func (h *GroupsHandler) UpdateGroup(w http.ResponseWriter, r *http.Request) {
 	util.WriteJSONObject(w, toGroupResponse(account, &group))
 }

+// PatchGroup handles patch updates to a group identified by a given ID
+func (h *GroupsHandler) PatchGroup(w http.ResponseWriter, r *http.Request) {
+	claims := h.claimsExtractor.FromRequestContext(r)
+	account, _, err := h.accountManager.GetAccountFromToken(claims)
+	if err != nil {
+		util.WriteError(err, w)
+		return
+	}
+
+	vars := mux.Vars(r)
+	groupID := vars["id"]
+	if len(groupID) == 0 {
+		util.WriteError(status.Errorf(status.InvalidArgument, "invalid group ID"), w)
+		return
+	}
+
+	_, ok := account.Groups[groupID]
+	if !ok {
+		util.WriteError(status.Errorf(status.NotFound, "couldn't find group ID %s", groupID), w)
+		return
+	}
+
+	allGroup, err := account.GetGroupAll()
+	if err != nil {
+		util.WriteError(err, w)
+		return
+	}
+
+	if allGroup.ID == groupID {
+		util.WriteError(status.Errorf(status.InvalidArgument, "updating group ALL is not allowed"), w)
+		return
+	}
+
+	var req api.PatchApiGroupsIdJSONRequestBody
+	err = json.NewDecoder(r.Body).Decode(&req)
+	if err != nil {
+		util.WriteErrorResponse("couldn't parse JSON request", http.StatusBadRequest, w)
+		return
+	}
+
+	if len(req) == 0 {
+		util.WriteError(status.Errorf(status.InvalidArgument, "no patch instruction received"), w)
+		return
+	}
+
+	var operations []server.GroupUpdateOperation
+
+	for _, patch := range req {
+		switch patch.Path {
+		case api.GroupPatchOperationPathName:
+			if patch.Op != api.GroupPatchOperationOpReplace {
+				util.WriteError(status.Errorf(status.InvalidArgument,
+					"name field only accepts replace operation, got %s", patch.Op), w)
+				return
+			}
+
+			if len(patch.Value) == 0 || patch.Value[0] == "" {
+				util.WriteError(status.Errorf(status.InvalidArgument, "group name shouldn't be empty"), w)
+				return
+			}
+
+			operations = append(operations, server.GroupUpdateOperation{
+				Type:   server.UpdateGroupName,
+				Values: patch.Value,
+			})
+		case api.GroupPatchOperationPathPeers:
+			switch patch.Op {
+			case api.GroupPatchOperationOpReplace:
+				peerKeys := peerIPsToKeys(account, &patch.Value)
+				operations = append(operations, server.GroupUpdateOperation{
+					Type:   server.UpdateGroupPeers,
+					Values: peerKeys,
+				})
+			case api.GroupPatchOperationOpRemove:
+				peerKeys := peerIPsToKeys(account, &patch.Value)
+				operations = append(operations, server.GroupUpdateOperation{
+					Type:   server.RemovePeersFromGroup,
+					Values: peerKeys,
+				})
+			case api.GroupPatchOperationOpAdd:
+				operations = append(operations, server.GroupUpdateOperation{
+					Type:   server.InsertPeersToGroup,
+					Values: patch.Value,
+				})
+			default:
+				util.WriteError(status.Errorf(status.InvalidArgument,
+					"invalid operation, \"%v\", for PeersHandler field", patch.Op), w)
+				return
+			}
+		default:
+			util.WriteError(status.Errorf(status.InvalidArgument, "invalid patch path"), w)
+			return
+		}
+	}
+
+	group, err := h.accountManager.UpdateGroup(account.Id, groupID, operations)
+	if err != nil {
+		util.WriteError(err, w)
+		return
+	}
+
+	util.WriteJSONObject(w, toGroupResponse(account, group))
+}
+
 // CreateGroup handles group creation request
 func (h *GroupsHandler) CreateGroup(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
@@ -173,7 +277,7 @@ func (h *GroupsHandler) DeleteGroup(w http.ResponseWriter, r *http.Request) {
 	}
 	aID := account.Id

-	groupID := mux.Vars(r)["groupId"]
+	groupID := mux.Vars(r)["id"]
 	if len(groupID) == 0 {
 		util.WriteError(status.Errorf(status.InvalidArgument, "invalid group ID"), w)
 		return
@@ -210,7 +314,7 @@ func (h *GroupsHandler) GetGroup(w http.ResponseWriter, r *http.Request) {

 	switch r.Method {
 	case http.MethodGet:
-		groupID := mux.Vars(r)["groupId"]
+		groupID := mux.Vars(r)["id"]
 		if len(groupID) == 0 {
 			util.WriteError(status.Errorf(status.InvalidArgument, "invalid group ID"), w)
 			return
@@ -231,6 +335,29 @@ func (h *GroupsHandler) GetGroup(w http.ResponseWriter, r *http.Request) {
 	}
 }

+func peerIPsToKeys(account *server.Account, peerIPs *[]string) []string {
+	var mappedPeerKeys []string
+	if peerIPs == nil {
+		return mappedPeerKeys
+	}
+
+	peersChecked := make(map[string]struct{})
+
+	for _, requestPeersIP := range *peerIPs {
+		_, ok := peersChecked[requestPeersIP]
+		if ok {
+			continue
+		}
+		peersChecked[requestPeersIP] = struct{}{}
+		for _, accountPeer := range account.Peers {
+			if accountPeer.IP.String() == requestPeersIP {
+				mappedPeerKeys = append(mappedPeerKeys, accountPeer.Key)
+			}
+		}
+	}
+	return mappedPeerKeys
+}
+
 func toGroupResponse(account *server.Account, group *server.Group) *api.Group {
 	cache := make(map[string]api.PeerMinimum)
 	gr := api.Group{
--- a/management/server/http/groups_handler_test.go
+++ b/management/server/http/groups_handler_test.go
@@ -136,7 +136,7 @@ func TestGetGroup(t *testing.T) {
 			req := httptest.NewRequest(tc.requestType, tc.requestPath, tc.requestBody)

 			router := mux.NewRouter()
-			router.HandleFunc("/api/groups/{groupId}", p.GetGroup).Methods("GET")
+			router.HandleFunc("/api/groups/{id}", p.GetGroup).Methods("GET")
 			router.ServeHTTP(recorder, req)

 			res := recorder.Result()
@@ -230,6 +230,53 @@ func TestWriteGroup(t *testing.T) {
 			expectedStatus: http.StatusUnprocessableEntity,
 			expectedBody:   false,
 		},
+		{
+			name:        "Write Group PATCH Name OK",
+			requestType: http.MethodPatch,
+			requestPath: "/api/groups/id-existed",
+			requestBody: bytes.NewBuffer(
+				[]byte(`[{"op":"replace","path":"name","value":["Default POSTed Group"]}]`)),
+			expectedStatus: http.StatusOK,
+			expectedGroup: &api.Group{
+				Id:   "id-existed",
+				Name: "Default POSTed Group",
+			},
+		},
+		{
+			name:        "Write Group PATCH Invalid Name OP",
+			requestType: http.MethodPatch,
+			requestPath: "/api/groups/id-existed",
+			requestBody: bytes.NewBuffer(
+				[]byte(`[{"op":"insert","path":"name","value":[""]}]`)),
+			expectedStatus: http.StatusUnprocessableEntity,
+			expectedBody:   false,
+		},
+		{
+			name:        "Write Group PATCH Invalid Name",
+			requestType: http.MethodPatch,
+			requestPath: "/api/groups/id-existed",
+			requestBody: bytes.NewBuffer(
+				[]byte(`[{"op":"replace","path":"name","value":[]}]`)),
+			expectedStatus: http.StatusUnprocessableEntity,
+			expectedBody:   false,
+		},
+		{
+			name:        "Write Group PATCH PeersHandler OK",
+			requestType: http.MethodPatch,
+			requestPath: "/api/groups/id-existed",
+			requestBody: bytes.NewBuffer(
+				[]byte(`[{"op":"replace","path":"peers","value":["100.100.100.100","200.200.200.200"]}]`)),
+			expectedStatus: http.StatusOK,
+			expectedBody:   true,
+			expectedGroup: &api.Group{
+				Id:         "id-existed",
+				PeersCount: 2,
+				Peers: []api.PeerMinimum{
+					{Id: "peer-A-ID"},
+					{Id: "peer-B-ID"},
+				},
+			},
+		},
 	}

 	adminUser := server.NewAdminUser("test_user")
@@ -242,7 +289,8 @@ func TestWriteGroup(t *testing.T) {

 			router := mux.NewRouter()
 			router.HandleFunc("/api/groups", p.CreateGroup).Methods("POST")
-			router.HandleFunc("/api/groups/{groupId}", p.UpdateGroup).Methods("PUT")
+			router.HandleFunc("/api/groups/{id}", p.UpdateGroup).Methods("PUT")
+			router.HandleFunc("/api/groups/{id}", p.PatchGroup).Methods("PATCH")
 			router.ServeHTTP(recorder, req)

 			res := recorder.Result()
--- a/management/server/http/handler.go
+++ b/management/server/http/handler.go
@@ -43,7 +43,7 @@ func APIHandler(accountManager s.AccountManager, jwtValidator jwtclaims.JWTValid
 	acMiddleware := middleware.NewAccessControl(
 		authCfg.Audience,
 		authCfg.UserIDClaim,
-		accountManager.GetUser)
+		accountManager.IsUserAdmin)

 	rootRouter := mux.NewRouter()
 	metricsMiddleware := appMetrics.HTTPMiddleware()
@@ -96,22 +96,21 @@ func APIHandler(accountManager s.AccountManager, jwtValidator jwtclaims.JWTValid

 func (apiHandler *apiHandler) addAccountsEndpoint() {
 	accountsHandler := NewAccountsHandler(apiHandler.AccountManager, apiHandler.AuthCfg)
-	apiHandler.Router.HandleFunc("/accounts/{accountId}", accountsHandler.UpdateAccount).Methods("PUT", "OPTIONS")
+	apiHandler.Router.HandleFunc("/accounts/{id}", accountsHandler.UpdateAccount).Methods("PUT", "OPTIONS")
 	apiHandler.Router.HandleFunc("/accounts", accountsHandler.GetAllAccounts).Methods("GET", "OPTIONS")
 }

 func (apiHandler *apiHandler) addPeersEndpoint() {
 	peersHandler := NewPeersHandler(apiHandler.AccountManager, apiHandler.AuthCfg)
 	apiHandler.Router.HandleFunc("/peers", peersHandler.GetAllPeers).Methods("GET", "OPTIONS")
-	apiHandler.Router.HandleFunc("/peers/{peerId}", peersHandler.HandlePeer).
+	apiHandler.Router.HandleFunc("/peers/{id}", peersHandler.HandlePeer).
 		Methods("GET", "PUT", "DELETE", "OPTIONS")
 }

 func (apiHandler *apiHandler) addUsersEndpoint() {
 	userHandler := NewUsersHandler(apiHandler.AccountManager, apiHandler.AuthCfg)
 	apiHandler.Router.HandleFunc("/users", userHandler.GetAllUsers).Methods("GET", "OPTIONS")
-	apiHandler.Router.HandleFunc("/users/{userId}", userHandler.UpdateUser).Methods("PUT", "OPTIONS")
-	apiHandler.Router.HandleFunc("/users/{userId}", userHandler.DeleteUser).Methods("DELETE", "OPTIONS")
+	apiHandler.Router.HandleFunc("/users/{id}", userHandler.UpdateUser).Methods("PUT", "OPTIONS")
 	apiHandler.Router.HandleFunc("/users", userHandler.CreateUser).Methods("POST", "OPTIONS")
 }

@@ -127,53 +126,56 @@ func (apiHandler *apiHandler) addSetupKeysEndpoint() {
 	keysHandler := NewSetupKeysHandler(apiHandler.AccountManager, apiHandler.AuthCfg)
 	apiHandler.Router.HandleFunc("/setup-keys", keysHandler.GetAllSetupKeys).Methods("GET", "OPTIONS")
 	apiHandler.Router.HandleFunc("/setup-keys", keysHandler.CreateSetupKey).Methods("POST", "OPTIONS")
-	apiHandler.Router.HandleFunc("/setup-keys/{keyId}", keysHandler.GetSetupKey).Methods("GET", "OPTIONS")
-	apiHandler.Router.HandleFunc("/setup-keys/{keyId}", keysHandler.UpdateSetupKey).Methods("PUT", "OPTIONS")
+	apiHandler.Router.HandleFunc("/setup-keys/{id}", keysHandler.GetSetupKey).Methods("GET", "OPTIONS")
+	apiHandler.Router.HandleFunc("/setup-keys/{id}", keysHandler.UpdateSetupKey).Methods("PUT", "OPTIONS")
 }

 func (apiHandler *apiHandler) addRulesEndpoint() {
 	rulesHandler := NewRulesHandler(apiHandler.AccountManager, apiHandler.AuthCfg)
 	apiHandler.Router.HandleFunc("/rules", rulesHandler.GetAllRules).Methods("GET", "OPTIONS")
 	apiHandler.Router.HandleFunc("/rules", rulesHandler.CreateRule).Methods("POST", "OPTIONS")
-	apiHandler.Router.HandleFunc("/rules/{ruleId}", rulesHandler.UpdateRule).Methods("PUT", "OPTIONS")
-	apiHandler.Router.HandleFunc("/rules/{ruleId}", rulesHandler.GetRule).Methods("GET", "OPTIONS")
-	apiHandler.Router.HandleFunc("/rules/{ruleId}", rulesHandler.DeleteRule).Methods("DELETE", "OPTIONS")
+	apiHandler.Router.HandleFunc("/rules/{id}", rulesHandler.UpdateRule).Methods("PUT", "OPTIONS")
+	apiHandler.Router.HandleFunc("/rules/{id}", rulesHandler.GetRule).Methods("GET", "OPTIONS")
+	apiHandler.Router.HandleFunc("/rules/{id}", rulesHandler.DeleteRule).Methods("DELETE", "OPTIONS")
 }

 func (apiHandler *apiHandler) addPoliciesEndpoint() {
 	policiesHandler := NewPoliciesHandler(apiHandler.AccountManager, apiHandler.AuthCfg)
 	apiHandler.Router.HandleFunc("/policies", policiesHandler.GetAllPolicies).Methods("GET", "OPTIONS")
 	apiHandler.Router.HandleFunc("/policies", policiesHandler.CreatePolicy).Methods("POST", "OPTIONS")
-	apiHandler.Router.HandleFunc("/policies/{policyId}", policiesHandler.UpdatePolicy).Methods("PUT", "OPTIONS")
-	apiHandler.Router.HandleFunc("/policies/{policyId}", policiesHandler.GetPolicy).Methods("GET", "OPTIONS")
-	apiHandler.Router.HandleFunc("/policies/{policyId}", policiesHandler.DeletePolicy).Methods("DELETE", "OPTIONS")
+	apiHandler.Router.HandleFunc("/policies/{id}", policiesHandler.UpdatePolicy).Methods("PUT", "OPTIONS")
+	apiHandler.Router.HandleFunc("/policies/{id}", policiesHandler.GetPolicy).Methods("GET", "OPTIONS")
+	apiHandler.Router.HandleFunc("/policies/{id}", policiesHandler.DeletePolicy).Methods("DELETE", "OPTIONS")
 }

 func (apiHandler *apiHandler) addGroupsEndpoint() {
 	groupsHandler := NewGroupsHandler(apiHandler.AccountManager, apiHandler.AuthCfg)
 	apiHandler.Router.HandleFunc("/groups", groupsHandler.GetAllGroups).Methods("GET", "OPTIONS")
 	apiHandler.Router.HandleFunc("/groups", groupsHandler.CreateGroup).Methods("POST", "OPTIONS")
-	apiHandler.Router.HandleFunc("/groups/{groupId}", groupsHandler.UpdateGroup).Methods("PUT", "OPTIONS")
-	apiHandler.Router.HandleFunc("/groups/{groupId}", groupsHandler.GetGroup).Methods("GET", "OPTIONS")
-	apiHandler.Router.HandleFunc("/groups/{groupId}", groupsHandler.DeleteGroup).Methods("DELETE", "OPTIONS")
+	apiHandler.Router.HandleFunc("/groups/{id}", groupsHandler.UpdateGroup).Methods("PUT", "OPTIONS")
+	apiHandler.Router.HandleFunc("/groups/{id}", groupsHandler.PatchGroup).Methods("PATCH", "OPTIONS")
+	apiHandler.Router.HandleFunc("/groups/{id}", groupsHandler.GetGroup).Methods("GET", "OPTIONS")
+	apiHandler.Router.HandleFunc("/groups/{id}", groupsHandler.DeleteGroup).Methods("DELETE", "OPTIONS")
 }

 func (apiHandler *apiHandler) addRoutesEndpoint() {
 	routesHandler := NewRoutesHandler(apiHandler.AccountManager, apiHandler.AuthCfg)
 	apiHandler.Router.HandleFunc("/routes", routesHandler.GetAllRoutes).Methods("GET", "OPTIONS")
 	apiHandler.Router.HandleFunc("/routes", routesHandler.CreateRoute).Methods("POST", "OPTIONS")
-	apiHandler.Router.HandleFunc("/routes/{routeId}", routesHandler.UpdateRoute).Methods("PUT", "OPTIONS")
-	apiHandler.Router.HandleFunc("/routes/{routeId}", routesHandler.GetRoute).Methods("GET", "OPTIONS")
-	apiHandler.Router.HandleFunc("/routes/{routeId}", routesHandler.DeleteRoute).Methods("DELETE", "OPTIONS")
+	apiHandler.Router.HandleFunc("/routes/{id}", routesHandler.UpdateRoute).Methods("PUT", "OPTIONS")
+	apiHandler.Router.HandleFunc("/routes/{id}", routesHandler.PatchRoute).Methods("PATCH", "OPTIONS")
+	apiHandler.Router.HandleFunc("/routes/{id}", routesHandler.GetRoute).Methods("GET", "OPTIONS")
+	apiHandler.Router.HandleFunc("/routes/{id}", routesHandler.DeleteRoute).Methods("DELETE", "OPTIONS")
 }

 func (apiHandler *apiHandler) addDNSNameserversEndpoint() {
 	nameserversHandler := NewNameserversHandler(apiHandler.AccountManager, apiHandler.AuthCfg)
 	apiHandler.Router.HandleFunc("/dns/nameservers", nameserversHandler.GetAllNameservers).Methods("GET", "OPTIONS")
 	apiHandler.Router.HandleFunc("/dns/nameservers", nameserversHandler.CreateNameserverGroup).Methods("POST", "OPTIONS")
-	apiHandler.Router.HandleFunc("/dns/nameservers/{nsgroupId}", nameserversHandler.UpdateNameserverGroup).Methods("PUT", "OPTIONS")
-	apiHandler.Router.HandleFunc("/dns/nameservers/{nsgroupId}", nameserversHandler.GetNameserverGroup).Methods("GET", "OPTIONS")
-	apiHandler.Router.HandleFunc("/dns/nameservers/{nsgroupId}", nameserversHandler.DeleteNameserverGroup).Methods("DELETE", "OPTIONS")
+	apiHandler.Router.HandleFunc("/dns/nameservers/{id}", nameserversHandler.UpdateNameserverGroup).Methods("PUT", "OPTIONS")
+	apiHandler.Router.HandleFunc("/dns/nameservers/{id}", nameserversHandler.PatchNameserverGroup).Methods("PATCH", "OPTIONS")
+	apiHandler.Router.HandleFunc("/dns/nameservers/{id}", nameserversHandler.GetNameserverGroup).Methods("GET", "OPTIONS")
+	apiHandler.Router.HandleFunc("/dns/nameservers/{id}", nameserversHandler.DeleteNameserverGroup).Methods("DELETE", "OPTIONS")
 }

 func (apiHandler *apiHandler) addDNSSettingEndpoint() {
--- a/management/server/http/middleware/access_control.go
+++ b/management/server/http/middleware/access_control.go
@@ -6,30 +6,28 @@ import (

 	log "github.com/sirupsen/logrus"

-	"github.com/netbirdio/netbird/management/server"
 	"github.com/netbirdio/netbird/management/server/http/util"
 	"github.com/netbirdio/netbird/management/server/status"

 	"github.com/netbirdio/netbird/management/server/jwtclaims"
 )

-// GetUser function defines a function to fetch user from Account by jwtclaims.AuthorizationClaims
-type GetUser func(claims jwtclaims.AuthorizationClaims) (*server.User, error)
+type IsUserAdminFunc func(claims jwtclaims.AuthorizationClaims) (bool, error)

 // AccessControl middleware to restrict to make POST/PUT/DELETE requests by admin only
 type AccessControl struct {
+	isUserAdmin   IsUserAdminFunc
 	claimsExtract jwtclaims.ClaimsExtractor
-	getUser       GetUser
 }

 // NewAccessControl instance constructor
-func NewAccessControl(audience, userIDClaim string, getUser GetUser) *AccessControl {
+func NewAccessControl(audience, userIDClaim string, isUserAdmin IsUserAdminFunc) *AccessControl {
 	return &AccessControl{
+		isUserAdmin: isUserAdmin,
 		claimsExtract: *jwtclaims.NewClaimsExtractor(
 			jwtclaims.WithAudience(audience),
 			jwtclaims.WithUserIDClaim(userIDClaim),
 		),
-		getUser: getUser,
 	}
 }

@@ -39,29 +37,23 @@ func (a *AccessControl) Handler(h http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		claims := a.claimsExtract.FromRequestContext(r)

-		user, err := a.getUser(claims)
+		ok, err := a.isUserAdmin(claims)
 		if err != nil {
 			util.WriteError(status.Errorf(status.Unauthorized, "invalid JWT"), w)
 			return
 		}
-
-		if user.IsBlocked() {
-			util.WriteError(status.Errorf(status.PermissionDenied, "the user has no access to the API or is blocked"), w)
-			return
-		}
-
-		if !user.IsAdmin() {
+		if !ok {
 			switch r.Method {
 			case http.MethodDelete, http.MethodPost, http.MethodPatch, http.MethodPut:

 				ok, err := regexp.MatchString(`^.*/api/users/.*/tokens.*$`, r.URL.Path)
 				if err != nil {
-					log.Debugf("regex failed")
+					log.Debugf("Regex failed")
 					util.WriteError(status.Errorf(status.Internal, ""), w)
 					return
 				}
 				if ok {
-					log.Debugf("valid Path")
+					log.Debugf("Valid Path")
 					h.ServeHTTP(w, r)
 					return
 				}
--- a/management/server/http/nameservers_handler.go
+++ b/management/server/http/nameservers_handler.go
@@ -99,13 +99,13 @@ func (h *NameserversHandler) UpdateNameserverGroup(w http.ResponseWriter, r *htt
 		return
 	}

-	nsGroupID := mux.Vars(r)["nsgroupId"]
+	nsGroupID := mux.Vars(r)["id"]
 	if len(nsGroupID) == 0 {
 		util.WriteError(status.Errorf(status.InvalidArgument, "invalid nameserver group ID"), w)
 		return
 	}

-	var req api.PutApiDnsNameserversNsgroupIdJSONRequestBody
+	var req api.PutApiDnsNameserversIdJSONRequestBody
 	err = json.NewDecoder(r.Body).Decode(&req)
 	if err != nil {
 		util.WriteErrorResponse("couldn't parse JSON request", http.StatusBadRequest, w)
@@ -140,6 +140,88 @@ func (h *NameserversHandler) UpdateNameserverGroup(w http.ResponseWriter, r *htt
 	util.WriteJSONObject(w, &resp)
 }

+// PatchNameserverGroup handles patch updates to a nameserver group identified by a given ID
+func (h *NameserversHandler) PatchNameserverGroup(w http.ResponseWriter, r *http.Request) {
+	claims := h.claimsExtractor.FromRequestContext(r)
+	account, user, err := h.accountManager.GetAccountFromToken(claims)
+	if err != nil {
+		util.WriteError(err, w)
+		return
+	}
+
+	nsGroupID := mux.Vars(r)["id"]
+	if len(nsGroupID) == 0 {
+		util.WriteError(status.Errorf(status.InvalidArgument, "invalid nameserver group ID"), w)
+		return
+	}
+
+	var req api.PatchApiDnsNameserversIdJSONRequestBody
+	err = json.NewDecoder(r.Body).Decode(&req)
+	if err != nil {
+		util.WriteErrorResponse("couldn't parse JSON request", http.StatusBadRequest, w)
+		return
+	}
+
+	var operations []server.NameServerGroupUpdateOperation
+	for _, patch := range req {
+		if patch.Op != api.NameserverGroupPatchOperationOpReplace {
+			util.WriteError(status.Errorf(status.InvalidArgument,
+				"nameserver groups only accepts replace operations, got %s", patch.Op), w)
+			return
+		}
+		switch patch.Path {
+		case api.NameserverGroupPatchOperationPathName:
+			operations = append(operations, server.NameServerGroupUpdateOperation{
+				Type:   server.UpdateNameServerGroupName,
+				Values: patch.Value,
+			})
+		case api.NameserverGroupPatchOperationPathDescription:
+			operations = append(operations, server.NameServerGroupUpdateOperation{
+				Type:   server.UpdateNameServerGroupDescription,
+				Values: patch.Value,
+			})
+		case api.NameserverGroupPatchOperationPathPrimary:
+			operations = append(operations, server.NameServerGroupUpdateOperation{
+				Type:   server.UpdateNameServerGroupPrimary,
+				Values: patch.Value,
+			})
+		case api.NameserverGroupPatchOperationPathDomains:
+			operations = append(operations, server.NameServerGroupUpdateOperation{
+				Type:   server.UpdateNameServerGroupDomains,
+				Values: patch.Value,
+			})
+		case api.NameserverGroupPatchOperationPathNameservers:
+			operations = append(operations, server.NameServerGroupUpdateOperation{
+				Type:   server.UpdateNameServerGroupNameServers,
+				Values: patch.Value,
+			})
+		case api.NameserverGroupPatchOperationPathGroups:
+			operations = append(operations, server.NameServerGroupUpdateOperation{
+				Type:   server.UpdateNameServerGroupGroups,
+				Values: patch.Value,
+			})
+		case api.NameserverGroupPatchOperationPathEnabled:
+			operations = append(operations, server.NameServerGroupUpdateOperation{
+				Type:   server.UpdateNameServerGroupEnabled,
+				Values: patch.Value,
+			})
+		default:
+			util.WriteError(status.Errorf(status.InvalidArgument, "invalid patch path"), w)
+			return
+		}
+	}
+
+	updatedNSGroup, err := h.accountManager.UpdateNameServerGroup(account.Id, nsGroupID, user.Id, operations)
+	if err != nil {
+		util.WriteError(err, w)
+		return
+	}
+
+	resp := toNameserverGroupResponse(updatedNSGroup)
+
+	util.WriteJSONObject(w, &resp)
+}
+
 // DeleteNameserverGroup handles nameserver group deletion request
 func (h *NameserversHandler) DeleteNameserverGroup(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
@@ -149,7 +231,7 @@ func (h *NameserversHandler) DeleteNameserverGroup(w http.ResponseWriter, r *htt
 		return
 	}

-	nsGroupID := mux.Vars(r)["nsgroupId"]
+	nsGroupID := mux.Vars(r)["id"]
 	if len(nsGroupID) == 0 {
 		util.WriteError(status.Errorf(status.InvalidArgument, "invalid nameserver group ID"), w)
 		return
@@ -174,7 +256,7 @@ func (h *NameserversHandler) GetNameserverGroup(w http.ResponseWriter, r *http.R
 		return
 	}

-	nsGroupID := mux.Vars(r)["nsgroupId"]
+	nsGroupID := mux.Vars(r)["id"]
 	if len(nsGroupID) == 0 {
 		util.WriteError(status.Errorf(status.InvalidArgument, "invalid nameserver group ID"), w)
 		return
--- a/management/server/http/nameservers_handler_test.go
+++ b/management/server/http/nameservers_handler_test.go
@@ -227,6 +227,31 @@ func TestNameserversHandlers(t *testing.T) {
 			expectedStatus: http.StatusUnprocessableEntity,
 			expectedBody:   false,
 		},
+		{
+			name:           "PATCH OK",
+			requestType:    http.MethodPatch,
+			requestPath:    "/api/dns/nameservers/" + existingNSGroupID,
+			requestBody:    bytes.NewBufferString("[{\"op\":\"replace\",\"path\":\"description\",\"value\":[\"NewDesc\"]}]"),
+			expectedStatus: http.StatusOK,
+			expectedBody:   true,
+			expectedNSGroup: &api.NameserverGroup{
+				Id:          existingNSGroupID,
+				Name:        baseExistingNSGroup.Name,
+				Description: "NewDesc",
+				Nameservers: toNameserverGroupResponse(baseExistingNSGroup).Nameservers,
+				Groups:      baseExistingNSGroup.Groups,
+				Enabled:     baseExistingNSGroup.Enabled,
+				Primary:     baseExistingNSGroup.Primary,
+			},
+		},
+		{
+			name:           "PATCH Invalid Nameserver Group OK",
+			requestType:    http.MethodPatch,
+			requestPath:    "/api/dns/nameservers/" + notFoundRouteID,
+			requestBody:    bytes.NewBufferString("[{\"op\":\"replace\",\"path\":\"description\",\"value\":[\"NewDesc\"]}]"),
+			expectedStatus: http.StatusNotFound,
+			expectedBody:   false,
+		},
 	}

 	p := initNameserversTestData()
@@ -237,10 +262,11 @@ func TestNameserversHandlers(t *testing.T) {
 			req := httptest.NewRequest(tc.requestType, tc.requestPath, tc.requestBody)

 			router := mux.NewRouter()
-			router.HandleFunc("/api/dns/nameservers/{nsgroupId}", p.GetNameserverGroup).Methods("GET")
+			router.HandleFunc("/api/dns/nameservers/{id}", p.GetNameserverGroup).Methods("GET")
 			router.HandleFunc("/api/dns/nameservers", p.CreateNameserverGroup).Methods("POST")
-			router.HandleFunc("/api/dns/nameservers/{nsgroupId}", p.DeleteNameserverGroup).Methods("DELETE")
-			router.HandleFunc("/api/dns/nameservers/{nsgroupId}", p.UpdateNameserverGroup).Methods("PUT")
+			router.HandleFunc("/api/dns/nameservers/{id}", p.DeleteNameserverGroup).Methods("DELETE")
+			router.HandleFunc("/api/dns/nameservers/{id}", p.UpdateNameserverGroup).Methods("PUT")
+			router.HandleFunc("/api/dns/nameservers/{id}", p.PatchNameserverGroup).Methods("PATCH")
 			router.ServeHTTP(recorder, req)

 			res := recorder.Result()
--- a/management/server/http/pat_handler_test.go
+++ b/management/server/http/pat_handler_test.go
@@ -63,7 +63,7 @@ var testAccount = &server.Account{
 func initPATTestData() *PATHandler {
 	return &PATHandler{
 		accountManager: &mock_server.MockAccountManager{
-			CreatePATFunc: func(accountID string, initiatorUserID string, targetUserID string, tokenName string, expiresIn int) (*server.PersonalAccessTokenGenerated, error) {
+			CreatePATFunc: func(accountID string, executingUserID string, targetUserID string, tokenName string, expiresIn int) (*server.PersonalAccessTokenGenerated, error) {
 				if accountID != existingAccountID {
 					return nil, status.Errorf(status.NotFound, "account with ID %s not found", accountID)
 				}
@@ -79,7 +79,7 @@ func initPATTestData() *PATHandler {
 			GetAccountFromTokenFunc: func(_ jwtclaims.AuthorizationClaims) (*server.Account, *server.User, error) {
 				return testAccount, testAccount.Users[existingUserID], nil
 			},
-			DeletePATFunc: func(accountID string, initiatorUserID string, targetUserID string, tokenID string) error {
+			DeletePATFunc: func(accountID string, executingUserID string, targetUserID string, tokenID string) error {
 				if accountID != existingAccountID {
 					return status.Errorf(status.NotFound, "account with ID %s not found", accountID)
 				}
@@ -91,7 +91,7 @@ func initPATTestData() *PATHandler {
 				}
 				return nil
 			},
-			GetPATFunc: func(accountID string, initiatorUserID string, targetUserID string, tokenID string) (*server.PersonalAccessToken, error) {
+			GetPATFunc: func(accountID string, executingUserID string, targetUserID string, tokenID string) (*server.PersonalAccessToken, error) {
 				if accountID != existingAccountID {
 					return nil, status.Errorf(status.NotFound, "account with ID %s not found", accountID)
 				}
@@ -103,7 +103,7 @@ func initPATTestData() *PATHandler {
 				}
 				return testAccount.Users[existingUserID].PATs[existingTokenID], nil
 			},
-			GetAllPATsFunc: func(accountID string, initiatorUserID string, targetUserID string) ([]*server.PersonalAccessToken, error) {
+			GetAllPATsFunc: func(accountID string, executingUserID string, targetUserID string) ([]*server.PersonalAccessToken, error) {
 				if accountID != existingAccountID {
 					return nil, status.Errorf(status.NotFound, "account with ID %s not found", accountID)
 				}
--- a/management/server/http/peers_handler.go
+++ b/management/server/http/peers_handler.go
@@ -42,7 +42,7 @@ func (h *PeersHandler) getPeer(account *server.Account, peerID, userID string, w
 }

 func (h *PeersHandler) updatePeer(account *server.Account, user *server.User, peerID string, w http.ResponseWriter, r *http.Request) {
-	req := &api.PeerRequest{}
+	req := &api.PutApiPeersIdJSONBody{}
 	err := json.NewDecoder(r.Body).Decode(&req)
 	if err != nil {
 		util.WriteErrorResponse("couldn't parse JSON request", http.StatusBadRequest, w)
@@ -78,7 +78,7 @@ func (h *PeersHandler) HandlePeer(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	vars := mux.Vars(r)
-	peerID := vars["peerId"]
+	peerID := vars["id"]
 	if len(peerID) == 0 {
 		util.WriteError(status.Errorf(status.InvalidArgument, "invalid peer ID"), w)
 		return
--- a/management/server/http/peers_handler_test.go
+++ b/management/server/http/peers_handler_test.go
@@ -146,8 +146,8 @@ func TestGetPeers(t *testing.T) {

 			router := mux.NewRouter()
 			router.HandleFunc("/api/peers/", p.GetAllPeers).Methods("GET")
-			router.HandleFunc("/api/peers/{peerId}", p.HandlePeer).Methods("GET")
-			router.HandleFunc("/api/peers/{peerId}", p.HandlePeer).Methods("PUT")
+			router.HandleFunc("/api/peers/{id}", p.HandlePeer).Methods("GET")
+			router.HandleFunc("/api/peers/{id}", p.HandlePeer).Methods("PUT")
 			router.ServeHTTP(recorder, req)

 			res := recorder.Result()
--- a/management/server/http/policies_handler.go
+++ b/management/server/http/policies_handler.go
@@ -60,7 +60,7 @@ func (h *Policies) UpdatePolicy(w http.ResponseWriter, r *http.Request) {
 	}

 	vars := mux.Vars(r)
-	policyID := vars["policyId"]
+	policyID := vars["id"]
 	if len(policyID) == 0 {
 		util.WriteError(status.Errorf(status.InvalidArgument, "invalid policy ID"), w)
 		return
@@ -78,7 +78,7 @@ func (h *Policies) UpdatePolicy(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	var req api.PutApiPoliciesPolicyIdJSONRequestBody
+	var req api.PutApiPoliciesIdJSONRequestBody
 	err = json.NewDecoder(r.Body).Decode(&req)
 	if err != nil {
 		util.WriteErrorResponse("couldn't parse JSON request", http.StatusBadRequest, w)
@@ -214,7 +214,7 @@ func (h *Policies) DeletePolicy(w http.ResponseWriter, r *http.Request) {
 	aID := account.Id

 	vars := mux.Vars(r)
-	policyID := vars["policyId"]
+	policyID := vars["id"]
 	if len(policyID) == 0 {
 		util.WriteError(status.Errorf(status.InvalidArgument, "invalid policy ID"), w)
 		return
@@ -240,7 +240,7 @@ func (h *Policies) GetPolicy(w http.ResponseWriter, r *http.Request) {
 	switch r.Method {
 	case http.MethodGet:
 		vars := mux.Vars(r)
-		policyID := vars["policyId"]
+		policyID := vars["id"]
 		if len(policyID) == 0 {
 			util.WriteError(status.Errorf(status.InvalidArgument, "invalid policy ID"), w)
 			return
--- a/management/server/http/routes_handler.go
+++ b/management/server/http/routes_handler.go
@@ -103,7 +103,7 @@ func (h *RoutesHandler) UpdateRoute(w http.ResponseWriter, r *http.Request) {
 	}

 	vars := mux.Vars(r)
-	routeID := vars["routeId"]
+	routeID := vars["id"]
 	if len(routeID) == 0 {
 		util.WriteError(status.Errorf(status.InvalidArgument, "invalid route ID"), w)
 		return
@@ -115,7 +115,7 @@ func (h *RoutesHandler) UpdateRoute(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	var req api.PutApiRoutesRouteIdJSONRequestBody
+	var req api.PutApiRoutesIdJSONRequestBody
 	err = json.NewDecoder(r.Body).Decode(&req)
 	if err != nil {
 		util.WriteErrorResponse("couldn't parse JSON request", http.StatusBadRequest, w)
@@ -159,6 +159,147 @@ func (h *RoutesHandler) UpdateRoute(w http.ResponseWriter, r *http.Request) {
 	util.WriteJSONObject(w, &resp)
 }

+// PatchRoute handles patch updates to a route identified by a given ID
+func (h *RoutesHandler) PatchRoute(w http.ResponseWriter, r *http.Request) {
+	claims := h.claimsExtractor.FromRequestContext(r)
+	account, user, err := h.accountManager.GetAccountFromToken(claims)
+	if err != nil {
+		util.WriteError(err, w)
+		return
+	}
+
+	vars := mux.Vars(r)
+	routeID := vars["id"]
+	if len(routeID) == 0 {
+		util.WriteError(status.Errorf(status.InvalidArgument, "invalid route ID"), w)
+		return
+	}
+
+	_, err = h.accountManager.GetRoute(account.Id, routeID, user.Id)
+	if err != nil {
+		util.WriteError(err, w)
+		return
+	}
+
+	var req api.PatchApiRoutesIdJSONRequestBody
+	err = json.NewDecoder(r.Body).Decode(&req)
+	if err != nil {
+		util.WriteErrorResponse("couldn't parse JSON request", http.StatusBadRequest, w)
+		return
+	}
+
+	if len(req) == 0 {
+		util.WriteError(status.Errorf(status.InvalidArgument, "no patch instruction received"), w)
+		return
+	}
+
+	var operations []server.RouteUpdateOperation
+
+	for _, patch := range req {
+		switch patch.Path {
+		case api.RoutePatchOperationPathNetwork:
+			if patch.Op != api.RoutePatchOperationOpReplace {
+				util.WriteError(status.Errorf(status.InvalidArgument,
+					"network field only accepts replace operation, got %s", patch.Op), w)
+				return
+			}
+			operations = append(operations, server.RouteUpdateOperation{
+				Type:   server.UpdateRouteNetwork,
+				Values: patch.Value,
+			})
+		case api.RoutePatchOperationPathDescription:
+			if patch.Op != api.RoutePatchOperationOpReplace {
+				util.WriteError(status.Errorf(status.InvalidArgument,
+					"description field only accepts replace operation, got %s", patch.Op), w)
+				return
+			}
+			operations = append(operations, server.RouteUpdateOperation{
+				Type:   server.UpdateRouteDescription,
+				Values: patch.Value,
+			})
+		case api.RoutePatchOperationPathNetworkId:
+			if patch.Op != api.RoutePatchOperationOpReplace {
+				util.WriteError(status.Errorf(status.InvalidArgument,
+					"network Identifier field only accepts replace operation, got %s", patch.Op), w)
+				return
+			}
+			operations = append(operations, server.RouteUpdateOperation{
+				Type:   server.UpdateRouteNetworkIdentifier,
+				Values: patch.Value,
+			})
+		case api.RoutePatchOperationPathPeer:
+			if patch.Op != api.RoutePatchOperationOpReplace {
+				util.WriteError(status.Errorf(status.InvalidArgument,
+					"peer field only accepts replace operation, got %s", patch.Op), w)
+				return
+			}
+			if len(patch.Value) > 1 {
+				util.WriteError(status.Errorf(status.InvalidArgument,
+					"value field only accepts 1 value, got %d", len(patch.Value)), w)
+				return
+			}
+			operations = append(operations, server.RouteUpdateOperation{
+				Type:   server.UpdateRoutePeer,
+				Values: patch.Value,
+			})
+		case api.RoutePatchOperationPathMetric:
+			if patch.Op != api.RoutePatchOperationOpReplace {
+				util.WriteError(status.Errorf(status.InvalidArgument,
+					"metric field only accepts replace operation, got %s", patch.Op), w)
+
+				return
+			}
+			operations = append(operations, server.RouteUpdateOperation{
+				Type:   server.UpdateRouteMetric,
+				Values: patch.Value,
+			})
+		case api.RoutePatchOperationPathMasquerade:
+			if patch.Op != api.RoutePatchOperationOpReplace {
+				util.WriteError(status.Errorf(status.InvalidArgument,
+					"masquerade field only accepts replace operation, got %s", patch.Op), w)
+				return
+			}
+			operations = append(operations, server.RouteUpdateOperation{
+				Type:   server.UpdateRouteMasquerade,
+				Values: patch.Value,
+			})
+		case api.RoutePatchOperationPathEnabled:
+			if patch.Op != api.RoutePatchOperationOpReplace {
+				util.WriteError(status.Errorf(status.InvalidArgument,
+					"enabled field only accepts replace operation, got %s", patch.Op), w)
+				return
+			}
+			operations = append(operations, server.RouteUpdateOperation{
+				Type:   server.UpdateRouteEnabled,
+				Values: patch.Value,
+			})
+		case api.RoutePatchOperationPathGroups:
+			if patch.Op != api.RoutePatchOperationOpReplace {
+				util.WriteError(status.Errorf(status.InvalidArgument,
+					"groups field only accepts replace operation, got %s", patch.Op), w)
+				return
+			}
+			operations = append(operations, server.RouteUpdateOperation{
+				Type:   server.UpdateRouteGroups,
+				Values: patch.Value,
+			})
+		default:
+			util.WriteError(status.Errorf(status.InvalidArgument, "invalid patch path"), w)
+			return
+		}
+	}
+
+	root, err := h.accountManager.UpdateRoute(account.Id, routeID, operations)
+	if err != nil {
+		util.WriteError(err, w)
+		return
+	}
+
+	resp := toRouteResponse(root)
+
+	util.WriteJSONObject(w, &resp)
+}
+
 // DeleteRoute handles route deletion request
 func (h *RoutesHandler) DeleteRoute(w http.ResponseWriter, r *http.Request) {
 	claims := h.claimsExtractor.FromRequestContext(r)
@@ -168,7 +309,7 @@ func (h *RoutesHandler) DeleteRoute(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	routeID := mux.Vars(r)["routeId"]
+	routeID := mux.Vars(r)["id"]
 	if len(routeID) == 0 {
 		util.WriteError(status.Errorf(status.InvalidArgument, "invalid route ID"), w)
 		return
@@ -192,7 +333,7 @@ func (h *RoutesHandler) GetRoute(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	routeID := mux.Vars(r)["routeId"]
+	routeID := mux.Vars(r)["id"]
 	if len(routeID) == 0 {
 		util.WriteError(status.Errorf(status.InvalidArgument, "invalid route ID"), w)
 		return
--- a/management/server/http/routes_handler_test.go
+++ b/management/server/http/routes_handler_test.go
@@ -288,6 +288,61 @@ func TestRoutesHandlers(t *testing.T) {
 			expectedStatus: http.StatusUnprocessableEntity,
 			expectedBody:   false,
 		},
+		{
+			name:           "PATCH Description OK",
+			requestType:    http.MethodPatch,
+			requestPath:    "/api/routes/" + existingRouteID,
+			requestBody:    bytes.NewBufferString("[{\"op\":\"replace\",\"path\":\"description\",\"value\":[\"NewDesc\"]}]"),
+			expectedStatus: http.StatusOK,
+			expectedBody:   true,
+			expectedRoute: &api.Route{
+				Id:          existingRouteID,
+				Description: "NewDesc",
+				NetworkId:   "awesomeNet",
+				Network:     baseExistingRoute.Network.String(),
+				NetworkType: route.IPv4NetworkString,
+				Masquerade:  baseExistingRoute.Masquerade,
+				Enabled:     baseExistingRoute.Enabled,
+				Metric:      baseExistingRoute.Metric,
+				Groups:      baseExistingRoute.Groups,
+			},
+		},
+		{
+			name:           "PATCH Peer OK",
+			requestType:    http.MethodPatch,
+			requestPath:    "/api/routes/" + existingRouteID,
+			requestBody:    bytes.NewBufferString(fmt.Sprintf("[{\"op\":\"replace\",\"path\":\"peer\",\"value\":[\"%s\"]}]", existingPeerID)),
+			expectedStatus: http.StatusOK,
+			expectedBody:   true,
+			expectedRoute: &api.Route{
+				Id:          existingRouteID,
+				Description: "NewDesc",
+				NetworkId:   "awesomeNet",
+				Network:     baseExistingRoute.Network.String(),
+				NetworkType: route.IPv4NetworkString,
+				Peer:        existingPeerID,
+				Masquerade:  baseExistingRoute.Masquerade,
+				Enabled:     baseExistingRoute.Enabled,
+				Metric:      baseExistingRoute.Metric,
+				Groups:      baseExistingRoute.Groups,
+			},
+		},
+		{
+			name:           "PATCH Not Found Peer",
+			requestType:    http.MethodPatch,
+			requestPath:    "/api/routes/" + existingRouteID,
+			requestBody:    bytes.NewBufferString(fmt.Sprintf("[{\"op\":\"replace\",\"path\":\"peer\",\"value\":[\"%s\"]}]", notFoundPeerID)),
+			expectedStatus: http.StatusUnprocessableEntity,
+			expectedBody:   false,
+		},
+		{
+			name:           "PATCH Not Found Route",
+			requestType:    http.MethodPatch,
+			requestPath:    "/api/routes/" + notFoundRouteID,
+			requestBody:    bytes.NewBufferString("[{\"op\":\"replace\",\"path\":\"network\",\"value\":[\"192.168.0.0/34\"]}]"),
+			expectedStatus: http.StatusNotFound,
+			expectedBody:   false,
+		},
 	}

 	p := initRoutesTestData()
@@ -298,10 +353,11 @@ func TestRoutesHandlers(t *testing.T) {
 			req := httptest.NewRequest(tc.requestType, tc.requestPath, tc.requestBody)

 			router := mux.NewRouter()
-			router.HandleFunc("/api/routes/{routeId}", p.GetRoute).Methods("GET")
-			router.HandleFunc("/api/routes/{routeId}", p.DeleteRoute).Methods("DELETE")
+			router.HandleFunc("/api/routes/{id}", p.GetRoute).Methods("GET")
+			router.HandleFunc("/api/routes/{id}", p.DeleteRoute).Methods("DELETE")
 			router.HandleFunc("/api/routes", p.CreateRoute).Methods("POST")
-			router.HandleFunc("/api/routes/{routeId}", p.UpdateRoute).Methods("PUT")
+			router.HandleFunc("/api/routes/{id}", p.UpdateRoute).Methods("PUT")
+			router.HandleFunc("/api/routes/{id}", p.PatchRoute).Methods("PATCH")
 			router.ServeHTTP(recorder, req)

 			res := recorder.Result()
--- a/management/server/http/rules_handler.go
+++ b/management/server/http/rules_handler.go
@@ -65,7 +65,7 @@ func (h *RulesHandler) UpdateRule(w http.ResponseWriter, r *http.Request) {
 	}

 	vars := mux.Vars(r)
-	ruleID := vars["ruleId"]
+	ruleID := vars["id"]
 	if len(ruleID) == 0 {
 		util.WriteError(status.Errorf(status.InvalidArgument, "invalid rule ID"), w)
 		return
@@ -77,7 +77,7 @@ func (h *RulesHandler) UpdateRule(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	var req api.PutApiRulesRuleIdJSONRequestBody
+	var req api.PutApiRulesIdJSONRequestBody
 	err = json.NewDecoder(r.Body).Decode(&req)
 	if err != nil {
 		util.WriteErrorResponse("couldn't parse JSON request", http.StatusBadRequest, w)
@@ -210,7 +210,7 @@ func (h *RulesHandler) DeleteRule(w http.ResponseWriter, r *http.Request) {
 	}
 	aID := account.Id

-	rID := mux.Vars(r)["ruleId"]
+	rID := mux.Vars(r)["id"]
 	if len(rID) == 0 {
 		util.WriteError(status.Errorf(status.InvalidArgument, "invalid rule ID"), w)
 		return
@@ -236,7 +236,7 @@ func (h *RulesHandler) GetRule(w http.ResponseWriter, r *http.Request) {

 	switch r.Method {
 	case http.MethodGet:
-		ruleID := mux.Vars(r)["ruleId"]
+		ruleID := mux.Vars(r)["id"]
 		if len(ruleID) == 0 {
 			util.WriteError(status.Errorf(status.InvalidArgument, "invalid rule ID"), w)
 			return
--- a/management/server/http/rules_handler_test.go
+++ b/management/server/http/rules_handler_test.go
@@ -133,7 +133,7 @@ func TestRulesGetRule(t *testing.T) {
 			req := httptest.NewRequest(tc.requestType, tc.requestPath, tc.requestBody)

 			router := mux.NewRouter()
-			router.HandleFunc("/api/rules/{ruleId}", p.GetRule).Methods("GET")
+			router.HandleFunc("/api/rules/{id}", p.GetRule).Methods("GET")
 			router.ServeHTTP(recorder, req)

 			res := recorder.Result()
@@ -235,7 +235,7 @@ func TestRulesWriteRule(t *testing.T) {

 			router := mux.NewRouter()
 			router.HandleFunc("/api/rules", p.CreateRule).Methods("POST")
-			router.HandleFunc("/api/rules/{ruleId}", p.UpdateRule).Methods("PUT")
+			router.HandleFunc("/api/rules/{id}", p.UpdateRule).Methods("PUT")
 			router.ServeHTTP(recorder, req)

 			res := recorder.Result()
--- a/management/server/http/setupkeys_handler.go
+++ b/management/server/http/setupkeys_handler.go
@@ -84,7 +84,7 @@ func (h *SetupKeysHandler) GetSetupKey(w http.ResponseWriter, r *http.Request) {
 	}

 	vars := mux.Vars(r)
-	keyID := vars["keyId"]
+	keyID := vars["id"]
 	if len(keyID) == 0 {
 		util.WriteError(status.Errorf(status.InvalidArgument, "invalid key ID"), w)
 		return
@@ -109,13 +109,13 @@ func (h *SetupKeysHandler) UpdateSetupKey(w http.ResponseWriter, r *http.Request
 	}

 	vars := mux.Vars(r)
-	keyID := vars["keyId"]
+	keyID := vars["id"]
 	if len(keyID) == 0 {
 		util.WriteError(status.Errorf(status.InvalidArgument, "invalid key ID"), w)
 		return
 	}

-	req := &api.PutApiSetupKeysKeyIdJSONRequestBody{}
+	req := &api.PutApiSetupKeysIdJSONRequestBody{}
 	err = json.NewDecoder(r.Body).Decode(&req)
 	if err != nil {
 		util.WriteErrorResponse("couldn't parse JSON request", http.StatusBadRequest, w)
--- a/management/server/http/setupkeys_handler_test.go
+++ b/management/server/http/setupkeys_handler_test.go
@@ -174,8 +174,8 @@ func TestSetupKeysHandlers(t *testing.T) {
 			router := mux.NewRouter()
 			router.HandleFunc("/api/setup-keys", handler.GetAllSetupKeys).Methods("GET", "OPTIONS")
 			router.HandleFunc("/api/setup-keys", handler.CreateSetupKey).Methods("POST", "OPTIONS")
-			router.HandleFunc("/api/setup-keys/{keyId}", handler.GetSetupKey).Methods("GET", "OPTIONS")
-			router.HandleFunc("/api/setup-keys/{keyId}", handler.UpdateSetupKey).Methods("PUT", "OPTIONS")
+			router.HandleFunc("/api/setup-keys/{id}", handler.GetSetupKey).Methods("GET", "OPTIONS")
+			router.HandleFunc("/api/setup-keys/{id}", handler.UpdateSetupKey).Methods("PUT", "OPTIONS")
 			router.ServeHTTP(recorder, req)

 			res := recorder.Result()
--- a/management/server/http/users_handler.go
+++ b/management/server/http/users_handler.go
@@ -3,10 +3,8 @@ package http
 import (
 	"encoding/json"
 	"net/http"
-	"strconv"

 	"github.com/gorilla/mux"
-	log "github.com/sirupsen/logrus"

 	"github.com/netbirdio/netbird/management/server/http/api"
 	"github.com/netbirdio/netbird/management/server/http/util"
@@ -48,24 +46,19 @@ func (h *UsersHandler) UpdateUser(w http.ResponseWriter, r *http.Request) {
 	}

 	vars := mux.Vars(r)
-	userID := vars["userId"]
+	userID := vars["id"]
 	if len(userID) == 0 {
 		util.WriteError(status.Errorf(status.InvalidArgument, "invalid user ID"), w)
 		return
 	}

-	req := &api.PutApiUsersUserIdJSONRequestBody{}
+	req := &api.PutApiUsersIdJSONRequestBody{}
 	err = json.NewDecoder(r.Body).Decode(&req)
 	if err != nil {
 		util.WriteErrorResponse("couldn't parse JSON request", http.StatusBadRequest, w)
 		return
 	}

-	if req.AutoGroups == nil {
-		util.WriteErrorResponse("auto_groups field can't be absent", http.StatusBadRequest, w)
-		return
-	}
-
 	userRole := server.StrRoleToUserRole(req.Role)
 	if userRole == server.UserRoleUnknown {
 		util.WriteError(status.Errorf(status.InvalidArgument, "invalid user role"), w)
@@ -76,9 +69,7 @@ func (h *UsersHandler) UpdateUser(w http.ResponseWriter, r *http.Request) {
 		Id:         userID,
 		Role:       userRole,
 		AutoGroups: req.AutoGroups,
-		Blocked:    req.IsBlocked,
 	})
-
 	if err != nil {
 		util.WriteError(err, w)
 		return
@@ -86,36 +77,6 @@ func (h *UsersHandler) UpdateUser(w http.ResponseWriter, r *http.Request) {
 	util.WriteJSONObject(w, toUserResponse(newUser, claims.UserId))
 }

-// DeleteUser is a DELETE request to delete a user (only works for service users right now)
-func (h *UsersHandler) DeleteUser(w http.ResponseWriter, r *http.Request) {
-	if r.Method != http.MethodDelete {
-		util.WriteErrorResponse("wrong HTTP method", http.StatusMethodNotAllowed, w)
-		return
-	}
-
-	claims := h.claimsExtractor.FromRequestContext(r)
-	account, user, err := h.accountManager.GetAccountFromToken(claims)
-	if err != nil {
-		util.WriteError(err, w)
-		return
-	}
-
-	vars := mux.Vars(r)
-	targetUserID := vars["userId"]
-	if len(targetUserID) == 0 {
-		util.WriteError(status.Errorf(status.InvalidArgument, "invalid user ID"), w)
-		return
-	}
-
-	err = h.accountManager.DeleteUser(account.Id, user.Id, targetUserID)
-	if err != nil {
-		util.WriteError(err, w)
-		return
-	}
-
-	util.WriteJSONObject(w, emptyObject{})
-}
-
 // CreateUser creates a User in the system with a status "invited" (effectively this is a user invite).
 func (h *UsersHandler) CreateUser(w http.ResponseWriter, r *http.Request) {
 	if r.Method != http.MethodPost {
@@ -142,17 +103,11 @@ func (h *UsersHandler) CreateUser(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	email := ""
-	if req.Email != nil {
-		email = *req.Email
-	}
-
 	newUser, err := h.accountManager.CreateUser(account.Id, user.Id, &server.UserInfo{
-		Email:         email,
-		Name:          *req.Name,
-		Role:          req.Role,
-		AutoGroups:    req.AutoGroups,
-		IsServiceUser: req.IsServiceUser,
+		Email:      req.Email,
+		Name:       *req.Name,
+		Role:       req.Role,
+		AutoGroups: req.AutoGroups,
 	})
 	if err != nil {
 		util.WriteError(err, w)
@@ -182,27 +137,9 @@ func (h *UsersHandler) GetAllUsers(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	serviceUser := r.URL.Query().Get("service_user")
-
-	log.Debugf("UserCount: %v", len(data))
-
 	users := make([]*api.User, 0)
 	for _, r := range data {
-		if serviceUser == "" {
-			users = append(users, toUserResponse(r, claims.UserId))
-			continue
-		}
-		includeServiceUser, err := strconv.ParseBool(serviceUser)
-		log.Debugf("Should include service user: %v", includeServiceUser)
-		if err != nil {
-			util.WriteError(status.Errorf(status.InvalidArgument, "invalid service_user query parameter"), w)
-			return
-		}
-		log.Debugf("User %v is service user: %v", r.Name, r.IsServiceUser)
-		if includeServiceUser == r.IsServiceUser {
-			log.Debugf("Found service user: %v", r.Name)
-			users = append(users, toUserResponse(r, claims.UserId))
-		}
+		users = append(users, toUserResponse(r, claims.UserId))
 	}

 	util.WriteJSONObject(w, users)
@@ -221,23 +158,17 @@ func toUserResponse(user *server.UserInfo, currenUserID string) *api.User {
 	case "invited":
 		userStatus = api.UserStatusInvited
 	default:
-		userStatus = api.UserStatusBlocked
-	}
-
-	if user.IsBlocked {
-		userStatus = api.UserStatusBlocked
+		userStatus = api.UserStatusDisabled
 	}

 	isCurrent := user.ID == currenUserID
 	return &api.User{
-		Id:            user.ID,
-		Name:          user.Name,
-		Email:         user.Email,
-		Role:          user.Role,
-		AutoGroups:    autoGroups,
-		Status:        userStatus,
-		IsCurrent:     &isCurrent,
-		IsServiceUser: &user.IsServiceUser,
-		IsBlocked:     user.IsBlocked,
+		Id:         user.ID,
+		Name:       user.Name,
+		Email:      user.Email,
+		Role:       user.Role,
+		AutoGroups: autoGroups,
+		Status:     userStatus,
+		IsCurrent:  &isCurrent,
 	}
 }
--- a/management/server/http/users_handler_test.go
+++ b/management/server/http/users_handler_test.go
@@ -1,110 +1,52 @@
 package http

 import (
-	"bytes"
 	"encoding/json"
-	"fmt"
 	"io"
 	"net/http"
 	"net/http/httptest"
 	"testing"

-	"github.com/gorilla/mux"
-	"github.com/stretchr/testify/assert"
+	"github.com/magiconair/properties/assert"

 	"github.com/netbirdio/netbird/management/server"
-	"github.com/netbirdio/netbird/management/server/http/api"
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
 	"github.com/netbirdio/netbird/management/server/mock_server"
-	"github.com/netbirdio/netbird/management/server/status"
 )

-const (
-	serviceUserID = "serviceUserID"
-	regularUserID = "regularUserID"
-)
-
-var usersTestAccount = &server.Account{
-	Id:     existingAccountID,
-	Domain: domain,
-	Users: map[string]*server.User{
-		existingUserID: {
-			Id:            existingUserID,
-			Role:          "admin",
-			IsServiceUser: false,
-			AutoGroups:    []string{"group_1"},
-		},
-		regularUserID: {
-			Id:            regularUserID,
-			Role:          "user",
-			IsServiceUser: false,
-			AutoGroups:    []string{"group_1"},
-		},
-		serviceUserID: {
-			Id:            serviceUserID,
-			Role:          "user",
-			IsServiceUser: true,
-			AutoGroups:    []string{"group_1"},
-		},
-	},
-}
-
-func initUsersTestData() *UsersHandler {
+func initUsers(user ...*server.User) *UsersHandler {
 	return &UsersHandler{
 		accountManager: &mock_server.MockAccountManager{
 			GetAccountFromTokenFunc: func(claims jwtclaims.AuthorizationClaims) (*server.Account, *server.User, error) {
-				return usersTestAccount, usersTestAccount.Users[claims.UserId], nil
+				users := make(map[string]*server.User, 0)
+				for _, u := range user {
+					users[u.Id] = u
+				}
+				return &server.Account{
+					Id:     "12345",
+					Domain: "netbird.io",
+					Users:  users,
+				}, users[claims.UserId], nil
 			},
 			GetUsersFromAccountFunc: func(accountID, userID string) ([]*server.UserInfo, error) {
 				users := make([]*server.UserInfo, 0)
-				for _, v := range usersTestAccount.Users {
+				for _, v := range user {
 					users = append(users, &server.UserInfo{
-						ID:            v.Id,
-						Role:          string(v.Role),
-						Name:          "",
-						Email:         "",
-						IsServiceUser: v.IsServiceUser,
+						ID:    v.Id,
+						Role:  string(v.Role),
+						Name:  "",
+						Email: "",
 					})
 				}
 				return users, nil
 			},
-			CreateUserFunc: func(accountID, userID string, key *server.UserInfo) (*server.UserInfo, error) {
-				if userID != existingUserID {
-					return nil, status.Errorf(status.NotFound, "user with ID %s does not exists", userID)
-				}
-				return key, nil
-			},
-			DeleteUserFunc: func(accountID string, initiatorUserID string, targetUserID string) error {
-				if targetUserID == notFoundUserID {
-					return status.Errorf(status.NotFound, "user with ID %s does not exists", targetUserID)
-				}
-				if !usersTestAccount.Users[targetUserID].IsServiceUser {
-					return status.Errorf(status.PermissionDenied, "user with ID %s is not a service user and can not be deleted", targetUserID)
-				}
-				return nil
-			},
-			SaveUserFunc: func(accountID, userID string, update *server.User) (*server.UserInfo, error) {
-				if update.Id == notFoundUserID {
-					return nil, status.Errorf(status.NotFound, "user with ID %s does not exists", update.Id)
-				}
-
-				if userID != existingUserID {
-					return nil, status.Errorf(status.NotFound, "user with ID %s does not exists", userID)
-				}
-
-				info, err := update.Copy().ToUserInfo(nil)
-				if err != nil {
-					return nil, err
-				}
-				return info, nil
-			},
 		},
 		claimsExtractor: jwtclaims.NewClaimsExtractor(
 			jwtclaims.WithFromRequestContext(func(r *http.Request) jwtclaims.AuthorizationClaims {
 				return jwtclaims.AuthorizationClaims{
-					UserId:    existingUserID,
-					Domain:    domain,
-					AccountId: existingAccountID,
+					UserId:    "1",
+					Domain:    "hotmail.com",
+					AccountId: "test_id",
 				}
 			}),
 		),
@@ -112,200 +54,8 @@ func initUsersTestData() *UsersHandler {
 }

 func TestGetUsers(t *testing.T) {
-	tt := []struct {
-		name            string
-		expectedStatus  int
-		requestType     string
-		requestPath     string
-		expectedUserIDs []string
-	}{
-		{name: "GetAllUsers", requestType: http.MethodGet, requestPath: "/api/users", expectedStatus: http.StatusOK, expectedUserIDs: []string{existingUserID, regularUserID, serviceUserID}},
-		{name: "GetOnlyServiceUsers", requestType: http.MethodGet, requestPath: "/api/users?service_user=true", expectedStatus: http.StatusOK, expectedUserIDs: []string{serviceUserID}},
-		{name: "GetOnlyRegularUsers", requestType: http.MethodGet, requestPath: "/api/users?service_user=false", expectedStatus: http.StatusOK, expectedUserIDs: []string{existingUserID, regularUserID}},
-	}
-
-	userHandler := initUsersTestData()
-
-	for _, tc := range tt {
-		t.Run(tc.name, func(t *testing.T) {
-			recorder := httptest.NewRecorder()
-			req := httptest.NewRequest(tc.requestType, tc.requestPath, nil)
-
-			userHandler.GetAllUsers(recorder, req)
-
-			res := recorder.Result()
-			defer res.Body.Close()
-
-			content, err := io.ReadAll(res.Body)
-			if err != nil {
-				t.Fatalf("I don't know what I expected; %v", err)
-			}
-
-			if status := recorder.Code; status != tc.expectedStatus {
-				t.Errorf("handler returned wrong status code: got %v want %v, content: %s",
-					status, tc.expectedStatus, string(content))
-				return
-			}
-
-			respBody := []*server.UserInfo{}
-			err = json.Unmarshal(content, &respBody)
-			if err != nil {
-				t.Fatalf("Sent content is not in correct json format; %v", err)
-			}
-
-			assert.Equal(t, len(respBody), len(tc.expectedUserIDs))
-			for _, v := range respBody {
-				assert.Contains(t, tc.expectedUserIDs, v.ID)
-				assert.Equal(t, v.ID, usersTestAccount.Users[v.ID].Id)
-				assert.Equal(t, v.Role, string(usersTestAccount.Users[v.ID].Role))
-				assert.Equal(t, v.IsServiceUser, usersTestAccount.Users[v.ID].IsServiceUser)
-			}
-		})
-	}
-}
-
-func TestUpdateUser(t *testing.T) {
-	tt := []struct {
-		name                  string
-		expectedStatusCode    int
-		requestType           string
-		requestPath           string
-		requestBody           io.Reader
-		expectedUserID        string
-		expectedRole          string
-		expectedStatus        string
-		expectedBlocked       bool
-		expectedIsServiceUser bool
-		expectedGroups        []string
-	}{
-		{
-			name:               "Update_Block_User",
-			requestType:        http.MethodPut,
-			requestPath:        "/api/users/" + regularUserID,
-			expectedStatusCode: http.StatusOK,
-			expectedUserID:     regularUserID,
-			expectedBlocked:    true,
-			expectedRole:       "user",
-			expectedStatus:     "blocked",
-			expectedGroups:     []string{"group_1"},
-			requestBody:        bytes.NewBufferString("{\"role\":\"user\",\"auto_groups\":[\"group_1\"],\"is_service_user\":false, \"is_blocked\": true}"),
-		},
-		{
-			name:               "Update_Change_Role_To_Admin",
-			requestType:        http.MethodPut,
-			requestPath:        "/api/users/" + regularUserID,
-			expectedStatusCode: http.StatusOK,
-			expectedUserID:     regularUserID,
-			expectedBlocked:    false,
-			expectedRole:       "admin",
-			expectedStatus:     "blocked",
-			expectedGroups:     []string{"group_1"},
-			requestBody:        bytes.NewBufferString("{\"role\":\"admin\",\"auto_groups\":[\"group_1\"],\"is_service_user\":false, \"is_blocked\": false}"),
-		},
-		{
-			name:               "Update_Groups",
-			requestType:        http.MethodPut,
-			requestPath:        "/api/users/" + regularUserID,
-			expectedStatusCode: http.StatusOK,
-			expectedUserID:     regularUserID,
-			expectedBlocked:    false,
-			expectedRole:       "admin",
-			expectedStatus:     "blocked",
-			expectedGroups:     []string{"group_2", "group_3"},
-			requestBody:        bytes.NewBufferString("{\"role\":\"admin\",\"auto_groups\":[\"group_3\", \"group_2\"],\"is_service_user\":false, \"is_blocked\": false}"),
-		},
-		{
-			name:               "Should_Fail_Because_AutoGroups_Is_Absent",
-			requestType:        http.MethodPut,
-			requestPath:        "/api/users/" + regularUserID,
-			expectedStatusCode: http.StatusBadRequest,
-			expectedUserID:     regularUserID,
-			expectedBlocked:    false,
-			expectedRole:       "admin",
-			expectedStatus:     "blocked",
-			expectedGroups:     []string{"group_2", "group_3"},
-			requestBody:        bytes.NewBufferString("{\"role\":\"admin\",\"is_service_user\":false, \"is_blocked\": false}"),
-		},
-	}
-
-	userHandler := initUsersTestData()
-
-	for _, tc := range tt {
-		t.Run(tc.name, func(t *testing.T) {
-			recorder := httptest.NewRecorder()
-			req := httptest.NewRequest(tc.requestType, tc.requestPath, tc.requestBody)
-
-			router := mux.NewRouter()
-			router.HandleFunc("/api/users/{userId}", userHandler.UpdateUser).Methods("PUT")
-			router.ServeHTTP(recorder, req)
-
-			res := recorder.Result()
-			defer res.Body.Close()
-
-			if status := recorder.Code; status != tc.expectedStatusCode {
-				t.Fatalf("handler returned wrong status code: got %v want %v",
-					status, http.StatusOK)
-			}
-
-			if tc.expectedStatusCode == 200 {
-
-				content, err := io.ReadAll(res.Body)
-				if err != nil {
-					t.Fatalf("I don't know what I expected; %v", err)
-				}
-
-				respBody := &api.User{}
-				err = json.Unmarshal(content, &respBody)
-				if err != nil {
-					t.Fatalf("response content is not in correct json format; %v", err)
-				}
-
-				assert.Equal(t, tc.expectedUserID, respBody.Id)
-				assert.Equal(t, tc.expectedRole, respBody.Role)
-				assert.Equal(t, tc.expectedIsServiceUser, *respBody.IsServiceUser)
-				assert.Equal(t, tc.expectedBlocked, respBody.IsBlocked)
-				assert.Len(t, respBody.AutoGroups, len(tc.expectedGroups))
-
-				for _, expectedGroup := range tc.expectedGroups {
-					exists := false
-					for _, actualGroup := range respBody.AutoGroups {
-						if expectedGroup == actualGroup {
-							exists = true
-						}
-					}
-					assert.True(t, exists, fmt.Sprintf("group %s not found in the response", expectedGroup))
-				}
-			}
-		})
-	}
-}
-
-func TestCreateUser(t *testing.T) {
-	name := "name"
-	email := "email"
-	serviceUserToAdd := api.UserCreateRequest{
-		AutoGroups:    []string{},
-		Email:         nil,
-		IsServiceUser: true,
-		Name:          &name,
-		Role:          "admin",
-	}
-	serviceUserString, err := json.Marshal(serviceUserToAdd)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	regularUserToAdd := api.UserCreateRequest{
-		AutoGroups:    []string{},
-		Email:         &email,
-		IsServiceUser: true,
-		Name:          &name,
-		Role:          "admin",
-	}
-	regularUserString, err := json.Marshal(regularUserToAdd)
-	if err != nil {
-		t.Fatal(err)
-	}
+	users := []*server.User{{Id: "1", Role: "admin"}, {Id: "2", Role: "user"}, {Id: "3", Role: "user"}}
+	userHandler := initUsers(users...)

 	tt := []struct {
 		name           string
@@ -315,79 +65,40 @@ func TestCreateUser(t *testing.T) {
 		requestBody    io.Reader
 		expectedResult []*server.User
 	}{
-		{name: "CreateServiceUser", requestType: http.MethodPost, requestPath: "/api/users", expectedStatus: http.StatusOK, requestBody: bytes.NewBuffer(serviceUserString)},
-		// right now creation is blocked in AC middleware, will be refactored in the future
-		{name: "CreateRegularUser", requestType: http.MethodPost, requestPath: "/api/users", expectedStatus: http.StatusOK, requestBody: bytes.NewBuffer(regularUserString)},
+		{name: "GetAllUsers", requestType: http.MethodGet, requestPath: "/api/users/", expectedStatus: http.StatusOK, expectedResult: users},
 	}

-	userHandler := initUsersTestData()
-
-	for _, tc := range tt {
-		t.Run(tc.name, func(t *testing.T) {
-			req := httptest.NewRequest(tc.requestType, tc.requestPath, tc.requestBody)
-			rr := httptest.NewRecorder()
-
-			userHandler.CreateUser(rr, req)
-
-			res := rr.Result()
-			defer res.Body.Close()
-
-			if status := rr.Code; status != tc.expectedStatus {
-				t.Fatalf("handler returned wrong status code: got %v want %v",
-					status, tc.expectedStatus)
-			}
-		})
-	}
-}
-
-func TestDeleteUser(t *testing.T) {
-	tt := []struct {
-		name           string
-		expectedStatus int
-		expectedBody   bool
-		requestType    string
-		requestPath    string
-		requestVars    map[string]string
-		requestBody    io.Reader
-	}{
-		{
-			name:           "Delete Regular User",
-			requestType:    http.MethodDelete,
-			requestPath:    "/api/users/" + regularUserID,
-			requestVars:    map[string]string{"userId": regularUserID},
-			expectedStatus: http.StatusForbidden,
-		},
-		{
-			name:           "Delete Service User",
-			requestType:    http.MethodDelete,
-			requestPath:    "/api/users/" + serviceUserID,
-			requestVars:    map[string]string{"userId": serviceUserID},
-			expectedStatus: http.StatusOK,
-		},
-		{
-			name:           "Delete Not Existing User",
-			requestType:    http.MethodDelete,
-			requestPath:    "/api/users/" + notFoundUserID,
-			requestVars:    map[string]string{"userId": notFoundUserID},
-			expectedStatus: http.StatusNotFound,
-		},
-	}
-
-	userHandler := initUsersTestData()
 	for _, tc := range tt {
 		t.Run(tc.name, func(t *testing.T) {
 			req := httptest.NewRequest(tc.requestType, tc.requestPath, nil)
-			req = mux.SetURLVars(req, tc.requestVars)
 			rr := httptest.NewRecorder()

-			userHandler.DeleteUser(rr, req)
+			userHandler.GetAllUsers(rr, req)

 			res := rr.Result()
 			defer res.Body.Close()

 			if status := rr.Code; status != tc.expectedStatus {
 				t.Fatalf("handler returned wrong status code: got %v want %v",
-					status, tc.expectedStatus)
+					status, http.StatusOK)
+			}
+
+			content, err := io.ReadAll(res.Body)
+			if err != nil {
+				t.Fatal(err)
+			}
+
+			respBody := []*server.UserInfo{}
+			err = json.Unmarshal(content, &respBody)
+			if err != nil {
+				t.Fatalf("Sent content is not in correct json format; %v", err)
+			}
+
+			if tc.expectedResult != nil {
+				for i, resp := range respBody {
+					assert.Equal(t, resp.ID, tc.expectedResult[i].Id)
+					assert.Equal(t, string(resp.Role), string(tc.expectedResult[i].Role))
+				}
 			}
 		})
 	}
--- a/management/server/idp/auth0.go
+++ b/management/server/idp/auth0.go
@@ -32,10 +32,10 @@ type Auth0Manager struct {
 // Auth0ClientConfig auth0 manager client configurations
 type Auth0ClientConfig struct {
 	Audience     string
-	AuthIssuer   string `json:"-"`
+	AuthIssuer   string
 	ClientID     string
 	ClientSecret string
-	GrantType    string `json:"-"`
+	GrantType    string
 }

 // auth0JWTRequest payload struct to request a JWT Token
@@ -110,8 +110,7 @@ type auth0Profile struct {
 }

 // NewAuth0Manager creates a new instance of the Auth0Manager
-func NewAuth0Manager(oidcConfig OIDCConfig, config Auth0ClientConfig,
-	appMetrics telemetry.AppMetrics) (*Auth0Manager, error) {
+func NewAuth0Manager(config Auth0ClientConfig, appMetrics telemetry.AppMetrics) (*Auth0Manager, error) {

 	httpTransport := http.DefaultTransport.(*http.Transport).Clone()
 	httpTransport.MaxIdleConns = 5
@@ -122,19 +121,17 @@ func NewAuth0Manager(oidcConfig OIDCConfig, config Auth0ClientConfig,
 	}

 	helper := JsonParser{}
-	config.AuthIssuer = oidcConfig.Issuer
-	config.GrantType = "client_credentials"

-	if config.ClientID == "" {
-		return nil, fmt.Errorf("auth0 IdP configuration is incomplete, clientID is missing")
+	if config.ClientID == "" || config.ClientSecret == "" || config.GrantType == "" || config.Audience == "" || config.AuthIssuer == "" {
+		return nil, fmt.Errorf("auth0 idp configuration is not complete")
 	}

-	if config.ClientSecret == "" {
-		return nil, fmt.Errorf("auth0 IdP configuration is incomplete, ClientSecret is missing")
+	if config.GrantType != "client_credentials" {
+		return nil, fmt.Errorf("auth0 idp configuration failed. Grant Type should be client_credentials")
 	}

-	if config.Audience == "" {
-		return nil, fmt.Errorf("auth0 IdP configuration is incomplete, Audience is missing")
+	if !strings.HasPrefix(strings.ToLower(config.AuthIssuer), "https://") {
+		return nil, fmt.Errorf("auth0 idp configuration failed. AuthIssuer should contain https://")
 	}

 	credentials := &Auth0Credentials{
--- a/management/server/idp/auth0_test.go
+++ b/management/server/idp/auth0_test.go
@@ -459,9 +459,26 @@ func TestNewAuth0Manager(t *testing.T) {
 	testCase3Config := defaultTestConfig
 	testCase3Config.AuthIssuer = "abc-auth0.eu.auth0.com"

-	for _, testCase := range []test{testCase1, testCase2} {
+	testCase3 := test{
+		name:                 "Wrong Auth Issuer Format",
+		inputConfig:          testCase3Config,
+		assertErrFunc:        require.Error,
+		assertErrFuncMessage: "should return error when wrong auth issuer format",
+	}
+
+	testCase4Config := defaultTestConfig
+	testCase4Config.GrantType = "spa"
+
+	testCase4 := test{
+		name:                 "Wrong Grant Type",
+		inputConfig:          testCase4Config,
+		assertErrFunc:        require.Error,
+		assertErrFuncMessage: "should return error when wrong grant type",
+	}
+
+	for _, testCase := range []test{testCase1, testCase2, testCase3, testCase4} {
 		t.Run(testCase.name, func(t *testing.T) {
-			_, err := NewAuth0Manager(OIDCConfig{}, testCase.inputConfig, &telemetry.MockAppMetrics{})
+			_, err := NewAuth0Manager(testCase.inputConfig, &telemetry.MockAppMetrics{})
 			testCase.assertErrFunc(t, err, testCase.assertErrFuncMessage)
 		})
 	}
--- a/management/server/idp/azure.go
+++ b/management/server/idp/azure.go
@@ -1,671 +0,0 @@
-package idp
-
-import (
-	"encoding/json"
-	"fmt"
-	"io"
-	"net/http"
-	"net/url"
-	"strings"
-	"sync"
-	"time"
-
-	"github.com/golang-jwt/jwt"
-	"github.com/netbirdio/netbird/management/server/telemetry"
-	log "github.com/sirupsen/logrus"
-)
-
-const (
-	// azure extension properties template
-	wtAccountIDTpl     = "extension_%s_wt_account_id"
-	wtPendingInviteTpl = "extension_%s_wt_pending_invite"
-
-	profileFields   = "id,displayName,mail,userPrincipalName"
-	extensionFields = "id,name,targetObjects"
-)
-
-// AzureManager azure manager client instance.
-type AzureManager struct {
-	ClientID         string
-	ObjectID         string
-	GraphAPIEndpoint string
-	httpClient       ManagerHTTPClient
-	credentials      ManagerCredentials
-	helper           ManagerHelper
-	appMetrics       telemetry.AppMetrics
-}
-
-// AzureClientConfig azure manager client configurations.
-type AzureClientConfig struct {
-	ClientID     string
-	ClientSecret string
-	ObjectID     string
-
-	GraphAPIEndpoint string `json:"-"`
-	TokenEndpoint    string `json:"-"`
-	GrantType        string `json:"-"`
-}
-
-// AzureCredentials azure authentication information.
-type AzureCredentials struct {
-	clientConfig AzureClientConfig
-	helper       ManagerHelper
-	httpClient   ManagerHTTPClient
-	jwtToken     JWTToken
-	mux          sync.Mutex
-	appMetrics   telemetry.AppMetrics
-}
-
-// azureProfile represents an azure user profile.
-type azureProfile map[string]any
-
-// passwordProfile represent authentication method for,
-// newly created user profile.
-type passwordProfile struct {
-	ForceChangePasswordNextSignIn bool   `json:"forceChangePasswordNextSignIn"`
-	Password                      string `json:"password"`
-}
-
-// azureExtension represent custom attribute,
-// that can be added to user objects in Azure Active Directory (AD).
-type azureExtension struct {
-	Name          string   `json:"name"`
-	DataType      string   `json:"dataType"`
-	TargetObjects []string `json:"targetObjects"`
-}
-
-// NewAzureManager creates a new instance of the AzureManager.
-func NewAzureManager(oidcConfig OIDCConfig, config AzureClientConfig,
-	appMetrics telemetry.AppMetrics) (*AzureManager, error) {
-	httpTransport := http.DefaultTransport.(*http.Transport).Clone()
-	httpTransport.MaxIdleConns = 5
-
-	httpClient := &http.Client{
-		Timeout:   10 * time.Second,
-		Transport: httpTransport,
-	}
-
-	helper := JsonParser{}
-	config.TokenEndpoint = oidcConfig.TokenEndpoint
-	config.GraphAPIEndpoint = "https://graph.microsoft.com"
-	config.GrantType = "client_credentials"
-
-	if config.ClientID == "" {
-		return nil, fmt.Errorf("azure IdP configuration is incomplete, clientID is missing")
-	}
-
-	if config.ClientSecret == "" {
-		return nil, fmt.Errorf("azure IdP configuration is incomplete, ClientSecret is missing")
-	}
-
-	if config.ObjectID == "" {
-		return nil, fmt.Errorf("azure IdP configuration is incomplete, ObjectID is missing")
-	}
-
-	credentials := &AzureCredentials{
-		clientConfig: config,
-		httpClient:   httpClient,
-		helper:       helper,
-		appMetrics:   appMetrics,
-	}
-
-	manager := &AzureManager{
-		ObjectID:         config.ObjectID,
-		ClientID:         config.ClientID,
-		GraphAPIEndpoint: config.GraphAPIEndpoint,
-		httpClient:       httpClient,
-		credentials:      credentials,
-		helper:           helper,
-		appMetrics:       appMetrics,
-	}
-
-	err := manager.configureAppMetadata()
-	if err != nil {
-		return nil, err
-	}
-
-	return manager, nil
-}
-
-// jwtStillValid returns true if the token still valid and have enough time to be used and get a response from azure.
-func (ac *AzureCredentials) jwtStillValid() bool {
-	return !ac.jwtToken.expiresInTime.IsZero() && time.Now().Add(5*time.Second).Before(ac.jwtToken.expiresInTime)
-}
-
-// requestJWTToken performs request to get jwt token.
-func (ac *AzureCredentials) requestJWTToken() (*http.Response, error) {
-	data := url.Values{}
-	data.Set("client_id", ac.clientConfig.ClientID)
-	data.Set("client_secret", ac.clientConfig.ClientSecret)
-	data.Set("grant_type", ac.clientConfig.GrantType)
-	data.Set("scope", "https://graph.microsoft.com/.default")
-
-	payload := strings.NewReader(data.Encode())
-	req, err := http.NewRequest(http.MethodPost, ac.clientConfig.TokenEndpoint, payload)
-	if err != nil {
-		return nil, err
-	}
-	req.Header.Add("content-type", "application/x-www-form-urlencoded")
-
-	log.Debug("requesting new jwt token for azure idp manager")
-
-	resp, err := ac.httpClient.Do(req)
-	if err != nil {
-		if ac.appMetrics != nil {
-			ac.appMetrics.IDPMetrics().CountRequestError()
-		}
-
-		return nil, err
-	}
-
-	if resp.StatusCode != http.StatusOK {
-		return nil, fmt.Errorf("unable to get azure token, statusCode %d", resp.StatusCode)
-	}
-
-	return resp, nil
-}
-
-// parseRequestJWTResponse parses jwt raw response body and extracts token and expires in seconds
-func (ac *AzureCredentials) parseRequestJWTResponse(rawBody io.ReadCloser) (JWTToken, error) {
-	jwtToken := JWTToken{}
-	body, err := io.ReadAll(rawBody)
-	if err != nil {
-		return jwtToken, err
-	}
-
-	err = ac.helper.Unmarshal(body, &jwtToken)
-	if err != nil {
-		return jwtToken, err
-	}
-
-	if jwtToken.ExpiresIn == 0 && jwtToken.AccessToken == "" {
-		return jwtToken, fmt.Errorf("error while reading response body, expires_in: %d and access_token: %s", jwtToken.ExpiresIn, jwtToken.AccessToken)
-	}
-
-	data, err := jwt.DecodeSegment(strings.Split(jwtToken.AccessToken, ".")[1])
-	if err != nil {
-		return jwtToken, err
-	}
-
-	// Exp maps into exp from jwt token
-	var IssuedAt struct{ Exp int64 }
-	err = ac.helper.Unmarshal(data, &IssuedAt)
-	if err != nil {
-		return jwtToken, err
-	}
-	jwtToken.expiresInTime = time.Unix(IssuedAt.Exp, 0)
-
-	return jwtToken, nil
-}
-
-// Authenticate retrieves access token to use the azure Management API.
-func (ac *AzureCredentials) Authenticate() (JWTToken, error) {
-	ac.mux.Lock()
-	defer ac.mux.Unlock()
-
-	if ac.appMetrics != nil {
-		ac.appMetrics.IDPMetrics().CountAuthenticate()
-	}
-
-	// reuse the token without requesting a new one if it is not expired,
-	// and if expiry time is sufficient time available to make a request.
-	if ac.jwtStillValid() {
-		return ac.jwtToken, nil
-	}
-
-	resp, err := ac.requestJWTToken()
-	if err != nil {
-		return ac.jwtToken, err
-	}
-	defer resp.Body.Close()
-
-	jwtToken, err := ac.parseRequestJWTResponse(resp.Body)
-	if err != nil {
-		return ac.jwtToken, err
-	}
-
-	ac.jwtToken = jwtToken
-
-	return ac.jwtToken, nil
-}
-
-// CreateUser creates a new user in azure AD Idp.
-func (am *AzureManager) CreateUser(email string, name string, accountID string) (*UserData, error) {
-	payload, err := buildAzureCreateUserRequestPayload(email, name, accountID, am.ClientID)
-	if err != nil {
-		return nil, err
-	}
-
-	body, err := am.post("users", payload)
-	if err != nil {
-		return nil, err
-	}
-
-	if am.appMetrics != nil {
-		am.appMetrics.IDPMetrics().CountCreateUser()
-	}
-
-	var profile azureProfile
-	err = am.helper.Unmarshal(body, &profile)
-	if err != nil {
-		return nil, err
-	}
-
-	wtAccountIDField := extensionName(wtAccountIDTpl, am.ClientID)
-	profile[wtAccountIDField] = accountID
-
-	wtPendingInviteField := extensionName(wtPendingInviteTpl, am.ClientID)
-	profile[wtPendingInviteField] = true
-
-	return profile.userData(am.ClientID), nil
-}
-
-// GetUserDataByID requests user data from keycloak via ID.
-func (am *AzureManager) GetUserDataByID(userID string, appMetadata AppMetadata) (*UserData, error) {
-	wtAccountIDField := extensionName(wtAccountIDTpl, am.ClientID)
-	wtPendingInviteField := extensionName(wtPendingInviteTpl, am.ClientID)
-	selectFields := strings.Join([]string{profileFields, wtAccountIDField, wtPendingInviteField}, ",")
-
-	q := url.Values{}
-	q.Add("$select", selectFields)
-
-	body, err := am.get("users/"+userID, q)
-	if err != nil {
-		return nil, err
-	}
-
-	if am.appMetrics != nil {
-		am.appMetrics.IDPMetrics().CountGetUserDataByID()
-	}
-
-	var profile azureProfile
-	err = am.helper.Unmarshal(body, &profile)
-	if err != nil {
-		return nil, err
-	}
-
-	return profile.userData(am.ClientID), nil
-}
-
-// GetUserByEmail searches users with a given email.
-// If no users have been found, this function returns an empty list.
-func (am *AzureManager) GetUserByEmail(email string) ([]*UserData, error) {
-	wtAccountIDField := extensionName(wtAccountIDTpl, am.ClientID)
-	wtPendingInviteField := extensionName(wtPendingInviteTpl, am.ClientID)
-	selectFields := strings.Join([]string{profileFields, wtAccountIDField, wtPendingInviteField}, ",")
-
-	q := url.Values{}
-	q.Add("$select", selectFields)
-
-	body, err := am.get("users/"+email, q)
-	if err != nil {
-		return nil, err
-	}
-
-	if am.appMetrics != nil {
-		am.appMetrics.IDPMetrics().CountGetUserByEmail()
-	}
-
-	var profile azureProfile
-	err = am.helper.Unmarshal(body, &profile)
-	if err != nil {
-		return nil, err
-	}
-
-	users := make([]*UserData, 0)
-	users = append(users, profile.userData(am.ClientID))
-
-	return users, nil
-}
-
-// GetAccount returns all the users for a given profile.
-func (am *AzureManager) GetAccount(accountID string) ([]*UserData, error) {
-	wtAccountIDField := extensionName(wtAccountIDTpl, am.ClientID)
-	wtPendingInviteField := extensionName(wtPendingInviteTpl, am.ClientID)
-	selectFields := strings.Join([]string{profileFields, wtAccountIDField, wtPendingInviteField}, ",")
-
-	q := url.Values{}
-	q.Add("$select", selectFields)
-	q.Add("$filter", fmt.Sprintf("%s eq '%s'", wtAccountIDField, accountID))
-
-	body, err := am.get("users", q)
-	if err != nil {
-		return nil, err
-	}
-
-	if am.appMetrics != nil {
-		am.appMetrics.IDPMetrics().CountGetAccount()
-	}
-
-	var profiles struct{ Value []azureProfile }
-	err = am.helper.Unmarshal(body, &profiles)
-	if err != nil {
-		return nil, err
-	}
-
-	users := make([]*UserData, 0)
-	for _, profile := range profiles.Value {
-		users = append(users, profile.userData(am.ClientID))
-	}
-
-	return users, nil
-}
-
-// GetAllAccounts gets all registered accounts with corresponding user data.
-// It returns a list of users indexed by accountID.
-func (am *AzureManager) GetAllAccounts() (map[string][]*UserData, error) {
-	wtAccountIDField := extensionName(wtAccountIDTpl, am.ClientID)
-	wtPendingInviteField := extensionName(wtPendingInviteTpl, am.ClientID)
-	selectFields := strings.Join([]string{profileFields, wtAccountIDField, wtPendingInviteField}, ",")
-
-	q := url.Values{}
-	q.Add("$select", selectFields)
-
-	body, err := am.get("users", q)
-	if err != nil {
-		return nil, err
-	}
-
-	if am.appMetrics != nil {
-		am.appMetrics.IDPMetrics().CountGetAllAccounts()
-	}
-
-	var profiles struct{ Value []azureProfile }
-	err = am.helper.Unmarshal(body, &profiles)
-	if err != nil {
-		return nil, err
-	}
-
-	indexedUsers := make(map[string][]*UserData)
-	for _, profile := range profiles.Value {
-		userData := profile.userData(am.ClientID)
-
-		accountID := userData.AppMetadata.WTAccountID
-		if accountID != "" {
-			if _, ok := indexedUsers[accountID]; !ok {
-				indexedUsers[accountID] = make([]*UserData, 0)
-			}
-			indexedUsers[accountID] = append(indexedUsers[accountID], userData)
-		}
-
-	}
-
-	return indexedUsers, nil
-}
-
-// UpdateUserAppMetadata updates user app metadata based on userID.
-func (am *AzureManager) UpdateUserAppMetadata(userID string, appMetadata AppMetadata) error {
-	jwtToken, err := am.credentials.Authenticate()
-	if err != nil {
-		return err
-	}
-
-	wtAccountIDField := extensionName(wtAccountIDTpl, am.ClientID)
-	wtPendingInviteField := extensionName(wtPendingInviteTpl, am.ClientID)
-
-	data, err := am.helper.Marshal(map[string]any{
-		wtAccountIDField:     appMetadata.WTAccountID,
-		wtPendingInviteField: appMetadata.WTPendingInvite,
-	})
-	if err != nil {
-		return err
-	}
-	payload := strings.NewReader(string(data))
-
-	reqURL := fmt.Sprintf("%s/users/%s", am.GraphAPIEndpoint, userID)
-	req, err := http.NewRequest(http.MethodPatch, reqURL, payload)
-	if err != nil {
-		return err
-	}
-	req.Header.Add("authorization", "Bearer "+jwtToken.AccessToken)
-	req.Header.Add("content-type", "application/json")
-
-	log.Debugf("updating idp metadata for user %s", userID)
-
-	resp, err := am.httpClient.Do(req)
-	if err != nil {
-		if am.appMetrics != nil {
-			am.appMetrics.IDPMetrics().CountRequestError()
-		}
-		return err
-	}
-	defer resp.Body.Close()
-
-	if am.appMetrics != nil {
-		am.appMetrics.IDPMetrics().CountUpdateUserAppMetadata()
-	}
-
-	if resp.StatusCode != http.StatusNoContent {
-		return fmt.Errorf("unable to update the appMetadata, statusCode %d", resp.StatusCode)
-	}
-
-	return nil
-}
-
-func (am *AzureManager) getUserExtensions() ([]azureExtension, error) {
-	q := url.Values{}
-	q.Add("$select", extensionFields)
-
-	resource := fmt.Sprintf("applications/%s/extensionProperties", am.ObjectID)
-	body, err := am.get(resource, q)
-	if err != nil {
-		return nil, err
-	}
-
-	var extensions struct{ Value []azureExtension }
-	err = am.helper.Unmarshal(body, &extensions)
-	if err != nil {
-		return nil, err
-	}
-
-	return extensions.Value, nil
-}
-
-func (am *AzureManager) createUserExtension(name string) (*azureExtension, error) {
-	extension := azureExtension{
-		Name:          name,
-		DataType:      "string",
-		TargetObjects: []string{"User"},
-	}
-
-	payload, err := am.helper.Marshal(extension)
-	if err != nil {
-		return nil, err
-	}
-
-	resource := fmt.Sprintf("applications/%s/extensionProperties", am.ObjectID)
-	body, err := am.post(resource, string(payload))
-	if err != nil {
-		return nil, err
-	}
-
-	var userExtension azureExtension
-	err = am.helper.Unmarshal(body, &userExtension)
-	if err != nil {
-		return nil, err
-	}
-
-	return &userExtension, nil
-}
-
-// configureAppMetadata sets up app metadata extensions if they do not exists.
-func (am *AzureManager) configureAppMetadata() error {
-	wtAccountIDField := extensionName(wtAccountIDTpl, am.ClientID)
-	wtPendingInviteField := extensionName(wtPendingInviteTpl, am.ClientID)
-
-	extensions, err := am.getUserExtensions()
-	if err != nil {
-		return err
-	}
-
-	// If the wt_account_id extension does not already exist, create it.
-	if !hasExtension(extensions, wtAccountIDField) {
-		_, err = am.createUserExtension(wtAccountID)
-		if err != nil {
-			return err
-		}
-	}
-
-	// If the wt_pending_invite extension does not already exist, create it.
-	if !hasExtension(extensions, wtPendingInviteField) {
-		_, err = am.createUserExtension(wtPendingInvite)
-		if err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-// get perform Get requests.
-func (am *AzureManager) get(resource string, q url.Values) ([]byte, error) {
-	jwtToken, err := am.credentials.Authenticate()
-	if err != nil {
-		return nil, err
-	}
-
-	reqURL := fmt.Sprintf("%s/%s?%s", am.GraphAPIEndpoint, resource, q.Encode())
-	req, err := http.NewRequest(http.MethodGet, reqURL, nil)
-	if err != nil {
-		return nil, err
-	}
-	req.Header.Add("authorization", "Bearer "+jwtToken.AccessToken)
-	req.Header.Add("content-type", "application/json")
-
-	resp, err := am.httpClient.Do(req)
-	if err != nil {
-		if am.appMetrics != nil {
-			am.appMetrics.IDPMetrics().CountRequestError()
-		}
-
-		return nil, err
-	}
-	defer resp.Body.Close()
-
-	if resp.StatusCode != http.StatusOK {
-		if am.appMetrics != nil {
-			am.appMetrics.IDPMetrics().CountRequestStatusError()
-		}
-
-		return nil, fmt.Errorf("unable to get %s, statusCode %d", reqURL, resp.StatusCode)
-	}
-
-	return io.ReadAll(resp.Body)
-}
-
-// post perform Post requests.
-func (am *AzureManager) post(resource string, body string) ([]byte, error) {
-	jwtToken, err := am.credentials.Authenticate()
-	if err != nil {
-		return nil, err
-	}
-
-	reqURL := fmt.Sprintf("%s/%s", am.GraphAPIEndpoint, resource)
-	req, err := http.NewRequest(http.MethodPost, reqURL, strings.NewReader(body))
-	if err != nil {
-		return nil, err
-	}
-	req.Header.Add("authorization", "Bearer "+jwtToken.AccessToken)
-	req.Header.Add("content-type", "application/json")
-
-	resp, err := am.httpClient.Do(req)
-	if err != nil {
-		if am.appMetrics != nil {
-			am.appMetrics.IDPMetrics().CountRequestError()
-		}
-
-		return nil, err
-	}
-	defer resp.Body.Close()
-
-	if resp.StatusCode != http.StatusCreated {
-		if am.appMetrics != nil {
-			am.appMetrics.IDPMetrics().CountRequestStatusError()
-		}
-
-		return nil, fmt.Errorf("unable to post %s, statusCode %d", reqURL, resp.StatusCode)
-	}
-
-	return io.ReadAll(resp.Body)
-}
-
-// userData construct user data from keycloak profile.
-func (ap azureProfile) userData(clientID string) *UserData {
-	id, ok := ap["id"].(string)
-	if !ok {
-		id = ""
-	}
-
-	email, ok := ap["userPrincipalName"].(string)
-	if !ok {
-		email = ""
-	}
-
-	name, ok := ap["displayName"].(string)
-	if !ok {
-		name = ""
-	}
-
-	accountIDField := extensionName(wtAccountIDTpl, clientID)
-	accountID, ok := ap[accountIDField].(string)
-	if !ok {
-		accountID = ""
-	}
-
-	pendingInviteField := extensionName(wtPendingInviteTpl, clientID)
-	pendingInvite, ok := ap[pendingInviteField].(bool)
-	if !ok {
-		pendingInvite = false
-	}
-
-	return &UserData{
-		Email: email,
-		Name:  name,
-		ID:    id,
-		AppMetadata: AppMetadata{
-			WTAccountID:     accountID,
-			WTPendingInvite: &pendingInvite,
-		},
-	}
-}
-
-func buildAzureCreateUserRequestPayload(email, name, accountID, clientID string) (string, error) {
-	wtAccountIDField := extensionName(wtAccountIDTpl, clientID)
-	wtPendingInviteField := extensionName(wtPendingInviteTpl, clientID)
-
-	req := &azureProfile{
-		"accountEnabled":    true,
-		"displayName":       name,
-		"mailNickName":      strings.Join(strings.Split(name, " "), ""),
-		"userPrincipalName": email,
-		"passwordProfile": passwordProfile{
-			ForceChangePasswordNextSignIn: true,
-			Password:                      GeneratePassword(8, 1, 1, 1),
-		},
-		wtAccountIDField:     accountID,
-		wtPendingInviteField: true,
-	}
-
-	str, err := json.Marshal(req)
-	if err != nil {
-		return "", err
-	}
-
-	return string(str), nil
-}
-
-func extensionName(extensionTpl, clientID string) string {
-	clientID = strings.ReplaceAll(clientID, "-", "")
-	return fmt.Sprintf(extensionTpl, clientID)
-}
-
-// hasExtension checks whether a given extension by name,
-// exists in an list of extensions.
-func hasExtension(extensions []azureExtension, name string) bool {
-	for _, ext := range extensions {
-		if ext.Name == name {
-			return true
-		}
-	}
-	return false
-}
--- a/management/server/idp/azure_test.go
+++ b/management/server/idp/azure_test.go
@@ -1,329 +0,0 @@
-package idp
-
-import (
-	"fmt"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-type mockAzureCredentials struct {
-	jwtToken JWTToken
-	err      error
-}
-
-func (mc *mockAzureCredentials) Authenticate() (JWTToken, error) {
-	return mc.jwtToken, mc.err
-}
-
-func TestAzureJwtStillValid(t *testing.T) {
-	type jwtStillValidTest struct {
-		name           string
-		inputTime      time.Time
-		expectedResult bool
-		message        string
-	}
-
-	jwtStillValidTestCase1 := jwtStillValidTest{
-		name:           "JWT still valid",
-		inputTime:      time.Now().Add(10 * time.Second),
-		expectedResult: true,
-		message:        "should be true",
-	}
-	jwtStillValidTestCase2 := jwtStillValidTest{
-		name:           "JWT is invalid",
-		inputTime:      time.Now(),
-		expectedResult: false,
-		message:        "should be false",
-	}
-
-	for _, testCase := range []jwtStillValidTest{jwtStillValidTestCase1, jwtStillValidTestCase2} {
-		t.Run(testCase.name, func(t *testing.T) {
-			config := AzureClientConfig{}
-
-			creds := AzureCredentials{
-				clientConfig: config,
-			}
-			creds.jwtToken.expiresInTime = testCase.inputTime
-
-			assert.Equalf(t, testCase.expectedResult, creds.jwtStillValid(), testCase.message)
-		})
-	}
-}
-
-func TestAzureAuthenticate(t *testing.T) {
-	type authenticateTest struct {
-		name                    string
-		inputCode               int
-		inputResBody            string
-		inputExpireToken        time.Time
-		helper                  ManagerHelper
-		expectedFuncExitErrDiff error
-		expectedCode            int
-		expectedToken           string
-	}
-	exp := 5
-	token := newTestJWT(t, exp)
-
-	authenticateTestCase1 := authenticateTest{
-		name:                    "Get Cached token",
-		inputExpireToken:        time.Now().Add(30 * time.Second),
-		helper:                  JsonParser{},
-		expectedFuncExitErrDiff: nil,
-		expectedCode:            200,
-		expectedToken:           "",
-	}
-
-	authenticateTestCase2 := authenticateTest{
-		name:          "Get Good JWT Response",
-		inputCode:     200,
-		inputResBody:  fmt.Sprintf("{\"access_token\":\"%s\",\"scope\":\"read:users\",\"expires_in\":%d,\"token_type\":\"Bearer\"}", token, exp),
-		helper:        JsonParser{},
-		expectedCode:  200,
-		expectedToken: token,
-	}
-
-	authenticateTestCase3 := authenticateTest{
-		name:                    "Get Bad Status Code",
-		inputCode:               400,
-		inputResBody:            "{}",
-		helper:                  JsonParser{},
-		expectedFuncExitErrDiff: fmt.Errorf("unable to get azure token, statusCode 400"),
-		expectedCode:            200,
-		expectedToken:           "",
-	}
-
-	for _, testCase := range []authenticateTest{authenticateTestCase1, authenticateTestCase2, authenticateTestCase3} {
-		t.Run(testCase.name, func(t *testing.T) {
-
-			jwtReqClient := mockHTTPClient{
-				resBody: testCase.inputResBody,
-				code:    testCase.inputCode,
-			}
-			config := AzureClientConfig{}
-
-			creds := AzureCredentials{
-				clientConfig: config,
-				httpClient:   &jwtReqClient,
-				helper:       testCase.helper,
-			}
-			creds.jwtToken.expiresInTime = testCase.inputExpireToken
-
-			_, err := creds.Authenticate()
-			if err != nil {
-				if testCase.expectedFuncExitErrDiff != nil {
-					assert.EqualError(t, err, testCase.expectedFuncExitErrDiff.Error(), "errors should be the same")
-				} else {
-					t.Fatal(err)
-				}
-			}
-
-			assert.Equalf(t, testCase.expectedToken, creds.jwtToken.AccessToken, "two tokens should be the same")
-		})
-	}
-}
-
-func TestAzureUpdateUserAppMetadata(t *testing.T) {
-	type updateUserAppMetadataTest struct {
-		name                 string
-		inputReqBody         string
-		expectedReqBody      string
-		appMetadata          AppMetadata
-		statusCode           int
-		helper               ManagerHelper
-		managerCreds         ManagerCredentials
-		assertErrFunc        assert.ErrorAssertionFunc
-		assertErrFuncMessage string
-	}
-
-	appMetadata := AppMetadata{WTAccountID: "ok"}
-
-	updateUserAppMetadataTestCase1 := updateUserAppMetadataTest{
-		name:            "Bad Authentication",
-		expectedReqBody: "",
-		appMetadata:     appMetadata,
-		statusCode:      400,
-		helper:          JsonParser{},
-		managerCreds: &mockAzureCredentials{
-			jwtToken: JWTToken{},
-			err:      fmt.Errorf("error"),
-		},
-		assertErrFunc:        assert.Error,
-		assertErrFuncMessage: "should return error",
-	}
-
-	updateUserAppMetadataTestCase2 := updateUserAppMetadataTest{
-		name:            "Bad Status Code",
-		expectedReqBody: fmt.Sprintf("{\"extension__wt_account_id\":\"%s\",\"extension__wt_pending_invite\":null}", appMetadata.WTAccountID),
-		appMetadata:     appMetadata,
-		statusCode:      400,
-		helper:          JsonParser{},
-		managerCreds: &mockAzureCredentials{
-			jwtToken: JWTToken{},
-		},
-		assertErrFunc:        assert.Error,
-		assertErrFuncMessage: "should return error",
-	}
-
-	updateUserAppMetadataTestCase3 := updateUserAppMetadataTest{
-		name:       "Bad Response Parsing",
-		statusCode: 400,
-		helper:     &mockJsonParser{marshalErrorString: "error"},
-		managerCreds: &mockAzureCredentials{
-			jwtToken: JWTToken{},
-		},
-		assertErrFunc:        assert.Error,
-		assertErrFuncMessage: "should return error",
-	}
-
-	updateUserAppMetadataTestCase4 := updateUserAppMetadataTest{
-		name:            "Good request",
-		expectedReqBody: fmt.Sprintf("{\"extension__wt_account_id\":\"%s\",\"extension__wt_pending_invite\":null}", appMetadata.WTAccountID),
-		appMetadata:     appMetadata,
-		statusCode:      204,
-		helper:          JsonParser{},
-		managerCreds: &mockAzureCredentials{
-			jwtToken: JWTToken{},
-		},
-		assertErrFunc:        assert.NoError,
-		assertErrFuncMessage: "shouldn't return error",
-	}
-
-	invite := true
-	updateUserAppMetadataTestCase5 := updateUserAppMetadataTest{
-		name:            "Update Pending Invite",
-		expectedReqBody: fmt.Sprintf("{\"extension__wt_account_id\":\"%s\",\"extension__wt_pending_invite\":true}", appMetadata.WTAccountID),
-		appMetadata: AppMetadata{
-			WTAccountID:     "ok",
-			WTPendingInvite: &invite,
-		},
-		statusCode: 204,
-		helper:     JsonParser{},
-		managerCreds: &mockAzureCredentials{
-			jwtToken: JWTToken{},
-		},
-		assertErrFunc:        assert.NoError,
-		assertErrFuncMessage: "shouldn't return error",
-	}
-
-	for _, testCase := range []updateUserAppMetadataTest{updateUserAppMetadataTestCase1, updateUserAppMetadataTestCase2,
-		updateUserAppMetadataTestCase3, updateUserAppMetadataTestCase4, updateUserAppMetadataTestCase5} {
-		t.Run(testCase.name, func(t *testing.T) {
-			reqClient := mockHTTPClient{
-				resBody: testCase.inputReqBody,
-				code:    testCase.statusCode,
-			}
-
-			manager := &AzureManager{
-				httpClient:  &reqClient,
-				credentials: testCase.managerCreds,
-				helper:      testCase.helper,
-			}
-
-			err := manager.UpdateUserAppMetadata("1", testCase.appMetadata)
-			testCase.assertErrFunc(t, err, testCase.assertErrFuncMessage)
-
-			assert.Equal(t, testCase.expectedReqBody, reqClient.reqBody, "request body should match")
-		})
-	}
-}
-
-func TestAzureProfile(t *testing.T) {
-	type azureProfileTest struct {
-		name             string
-		clientID         string
-		invite           bool
-		inputProfile     azureProfile
-		expectedUserData UserData
-	}
-
-	azureProfileTestCase1 := azureProfileTest{
-		name:     "Good Request",
-		clientID: "25d0b095-0484-40d2-9fd3-03f8f4abbb3c",
-		invite:   false,
-		inputProfile: azureProfile{
-			"id":                "test1",
-			"displayName":       "John Doe",
-			"userPrincipalName": "test1@test.com",
-			"extension_25d0b095048440d29fd303f8f4abbb3c_wt_account_id":     "1",
-			"extension_25d0b095048440d29fd303f8f4abbb3c_wt_pending_invite": false,
-		},
-		expectedUserData: UserData{
-			Email: "test1@test.com",
-			Name:  "John Doe",
-			ID:    "test1",
-			AppMetadata: AppMetadata{
-				WTAccountID: "1",
-			},
-		},
-	}
-
-	azureProfileTestCase2 := azureProfileTest{
-		name:     "Missing User ID",
-		clientID: "25d0b095-0484-40d2-9fd3-03f8f4abbb3c",
-		invite:   true,
-		inputProfile: azureProfile{
-			"displayName":       "John Doe",
-			"userPrincipalName": "test2@test.com",
-			"extension_25d0b095048440d29fd303f8f4abbb3c_wt_account_id":     "1",
-			"extension_25d0b095048440d29fd303f8f4abbb3c_wt_pending_invite": true,
-		},
-		expectedUserData: UserData{
-			Email: "test2@test.com",
-			Name:  "John Doe",
-			AppMetadata: AppMetadata{
-				WTAccountID: "1",
-			},
-		},
-	}
-
-	azureProfileTestCase3 := azureProfileTest{
-		name:     "Missing User Name",
-		clientID: "25d0b095-0484-40d2-9fd3-03f8f4abbb3c",
-		invite:   false,
-		inputProfile: azureProfile{
-			"id":                "test3",
-			"userPrincipalName": "test3@test.com",
-			"extension_25d0b095048440d29fd303f8f4abbb3c_wt_account_id":     "1",
-			"extension_25d0b095048440d29fd303f8f4abbb3c_wt_pending_invite": false,
-		},
-		expectedUserData: UserData{
-			ID:    "test3",
-			Email: "test3@test.com",
-			AppMetadata: AppMetadata{
-				WTAccountID: "1",
-			},
-		},
-	}
-
-	azureProfileTestCase4 := azureProfileTest{
-		name:     "Missing Extension Fields",
-		clientID: "25d0b095-0484-40d2-9fd3-03f8f4abbb3c",
-		invite:   false,
-		inputProfile: azureProfile{
-			"id":                "test4",
-			"displayName":       "John Doe",
-			"userPrincipalName": "test4@test.com",
-		},
-		expectedUserData: UserData{
-			ID:          "test4",
-			Name:        "John Doe",
-			Email:       "test4@test.com",
-			AppMetadata: AppMetadata{},
-		},
-	}
-
-	for _, testCase := range []azureProfileTest{azureProfileTestCase1, azureProfileTestCase2, azureProfileTestCase3, azureProfileTestCase4} {
-		t.Run(testCase.name, func(t *testing.T) {
-			testCase.expectedUserData.AppMetadata.WTPendingInvite = &testCase.invite
-			userData := testCase.inputProfile.userData(testCase.clientID)
-
-			assert.Equal(t, testCase.expectedUserData.ID, userData.ID, "User id should match")
-			assert.Equal(t, testCase.expectedUserData.Email, userData.Email, "User email should match")
-			assert.Equal(t, testCase.expectedUserData.Name, userData.Name, "User name should match")
-			assert.Equal(t, testCase.expectedUserData.AppMetadata.WTAccountID, userData.AppMetadata.WTAccountID, "Account id should match")
-			assert.Equal(t, testCase.expectedUserData.AppMetadata.WTPendingInvite, userData.AppMetadata.WTPendingInvite, "Pending invite should match")
-		})
-	}
-}
--- a/management/server/idp/idp.go
+++ b/management/server/idp/idp.go
@@ -19,21 +19,11 @@ type Manager interface {
 	GetUserByEmail(email string) ([]*UserData, error)
 }

-// OIDCConfig specifies configuration for OpenID Connect provider
-// These configurations are automatically loaded from the OIDC endpoint
-type OIDCConfig struct {
-	Issuer        string
-	TokenEndpoint string
-}
-
 // Config an idp configuration struct to be loaded from management server's config file
 type Config struct {
 	ManagerType               string
-	OIDCConfig                OIDCConfig `json:"-"`
 	Auth0ClientCredentials    Auth0ClientConfig
-	AzureClientCredentials    AzureClientConfig
 	KeycloakClientCredentials KeycloakClientConfig
-	ZitadelClientCredentials  ZitadelClientConfig
 }

 // ManagerCredentials interface that authenticates using the credential of each type of idp
@@ -82,13 +72,9 @@ func NewManager(config Config, appMetrics telemetry.AppMetrics) (Manager, error)
 	case "none", "":
 		return nil, nil
 	case "auth0":
-		return NewAuth0Manager(config.OIDCConfig, config.Auth0ClientCredentials, appMetrics)
-	case "azure":
-		return NewAzureManager(config.OIDCConfig, config.AzureClientCredentials, appMetrics)
+		return NewAuth0Manager(config.Auth0ClientCredentials, appMetrics)
 	case "keycloak":
-		return NewKeycloakManager(config.OIDCConfig, config.KeycloakClientCredentials, appMetrics)
-	case "zitadel":
-		return NewZitadelManager(config.OIDCConfig, config.ZitadelClientCredentials, appMetrics)
+		return NewKeycloakManager(config.KeycloakClientCredentials, appMetrics)
 	default:
 		return nil, fmt.Errorf("invalid manager type: %s", config.ManagerType)
 	}
--- a/management/server/idp/keycloak.go
+++ b/management/server/idp/keycloak.go
@@ -37,8 +37,8 @@ type KeycloakClientConfig struct {
 	ClientID      string
 	ClientSecret  string
 	AdminEndpoint string
-	TokenEndpoint string `json:"-"`
-	GrantType     string `json:"-"`
+	TokenEndpoint string
+	GrantType     string
 }

 // KeycloakCredentials keycloak authentication information.
@@ -82,8 +82,7 @@ type keycloakProfile struct {
 }

 // NewKeycloakManager creates a new instance of the KeycloakManager.
-func NewKeycloakManager(oidcConfig OIDCConfig, config KeycloakClientConfig,
-	appMetrics telemetry.AppMetrics) (*KeycloakManager, error) {
+func NewKeycloakManager(config KeycloakClientConfig, appMetrics telemetry.AppMetrics) (*KeycloakManager, error) {
 	httpTransport := http.DefaultTransport.(*http.Transport).Clone()
 	httpTransport.MaxIdleConns = 5

@@ -93,19 +92,13 @@ func NewKeycloakManager(oidcConfig OIDCConfig, config KeycloakClientConfig,
 	}

 	helper := JsonParser{}
-	config.TokenEndpoint = oidcConfig.TokenEndpoint
-	config.GrantType = "client_credentials"

-	if config.ClientID == "" {
-		return nil, fmt.Errorf("keycloak IdP configuration is incomplete, clientID is missing")
+	if config.ClientID == "" || config.ClientSecret == "" || config.GrantType == "" || config.AdminEndpoint == "" || config.TokenEndpoint == "" {
+		return nil, fmt.Errorf("keycloak idp configuration is not complete")
 	}

-	if config.ClientSecret == "" {
-		return nil, fmt.Errorf("keycloak IdP configuration is incomplete, ClientSecret is missing")
-	}
-
-	if config.AdminEndpoint == "" {
-		return nil, fmt.Errorf("keycloak IdP configuration is incomplete, AdminEndpoint is missing")
+	if config.GrantType != "client_credentials" {
+		return nil, fmt.Errorf("keycloak idp configuration failed. Grant Type should be client_credentials")
 	}

 	credentials := &KeycloakCredentials{
--- a/management/server/idp/keycloak_test.go
+++ b/management/server/idp/keycloak_test.go
@@ -46,19 +46,19 @@ func TestNewKeycloakManager(t *testing.T) {
 		assertErrFuncMessage: "should return error when field empty",
 	}

-	testCase3Config := defaultTestConfig
-	testCase3Config.ClientSecret = ""
+	testCase5Config := defaultTestConfig
+	testCase5Config.GrantType = "authorization_code"

-	testCase3 := test{
-		name:                 "Missing ClientSecret Configuration",
-		inputConfig:          testCase3Config,
+	testCase5 := test{
+		name:                 "Wrong GrantType",
+		inputConfig:          testCase5Config,
 		assertErrFunc:        require.Error,
-		assertErrFuncMessage: "should return error when field empty",
+		assertErrFuncMessage: "should return error when wrong grant type",
 	}

-	for _, testCase := range []test{testCase1, testCase2, testCase3} {
+	for _, testCase := range []test{testCase1, testCase2, testCase5} {
 		t.Run(testCase.name, func(t *testing.T) {
-			_, err := NewKeycloakManager(OIDCConfig{}, testCase.inputConfig, &telemetry.MockAppMetrics{})
+			_, err := NewKeycloakManager(testCase.inputConfig, &telemetry.MockAppMetrics{})
 			testCase.assertErrFunc(t, err, testCase.assertErrFuncMessage)
 		})
 	}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Zoltan Papp	940367e1c6	Remove unused wait group	2023-04-18 18:59:11 +02:00
Zoltan Papp	c80cb22cc0	Add parallel processing	2023-04-17 16:44:45 +02:00
Zoltan Papp	d0e51dfc11	Fix Linux implementation	2023-04-17 14:46:14 +02:00
Zoltan Papp	7e11842a5e	Fix unix implementation	2023-04-17 14:37:51 +02:00
pzoli	1bf3e6feec	Better pkg destroyer	2023-04-17 14:37:51 +02:00
pzoli	c392fe44e4	Handle STUN msg	2023-04-17 14:37:51 +02:00
pzoli	fef24b4a4d	Update ICEBind to the latest Bind version	2023-04-17 14:37:48 +02:00
Zoltan Papp	bb1efe68aa	Update wireguard version to 9e2f38602202	2023-04-17 14:37:28 +02:00