Listen on all address

Add socks5 proxy
Netstack poc
2026-05-09 09:42:12 -04:00 · 2023-12-13 22:39:12 +01:00 · 2023-12-13 16:58:31 +01:00 · 2023-12-12 17:35:16 +01:00
189 changed files with 2429 additions and 7421 deletions
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.21-bullseye
+FROM golang:1.20-bullseye

 RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
    && apt-get -y install --no-install-recommends\
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -7,7 +7,7 @@
 	"features": {
 		"ghcr.io/devcontainers/features/docker-in-docker:2": {},
 		"ghcr.io/devcontainers/features/go:1": {
-			"version": "1.21"
+			"version": "1.20"
 		}
 	},
 	"workspaceFolder": "/workspaces/${localWorkspaceFolderBasename}",
--- a/.github/workflows/android-build-validation.yml
+++ b/.github/workflows/android-build-validation.yml
@@ -1,4 +1,4 @@
-name: Mobile build validation
+name: Android build validation

 on:
  push:
@@ -11,7 +11,7 @@ concurrency:
  cancel-in-progress: true

 jobs:
-  andrloid_build:
+  build:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
@@ -19,16 +19,9 @@ jobs:
      - name: Install Go
        uses: actions/setup-go@v4
        with:
-          go-version: "1.21.x"
+          go-version: "1.20.x"
      - name: Setup Android SDK
-        uses: android-actions/setup-android@v3
-        with:
-          cmdline-tools-version: 8512546
-      - name: Setup Java
-        uses: actions/setup-java@v3
-        with:
-          java-version: "11"
-          distribution: "adopt"
+        uses: android-actions/setup-android@v2
      - name: NDK Cache
        id: ndk-cache
        uses: actions/cache@v3
@@ -36,7 +29,7 @@ jobs:
          path: /usr/local/lib/android/sdk/ndk
          key: ndk-cache-23.1.7779620
      - name: Setup NDK
-        run: /usr/local/lib/android/sdk/cmdline-tools/7.0/bin/sdkmanager --install "ndk;23.1.7779620"
+        run: /usr/local/lib/android/sdk/tools/bin/sdkmanager --install "ndk;23.1.7779620"
      - name: install gomobile
        run: go install golang.org/x/mobile/cmd/gomobile@v0.0.0-20230531173138-3c911d8e3eda
      - name: gomobile init
@@ -45,21 +38,4 @@ jobs:
        run: PATH=$PATH:$(go env GOPATH) gomobile bind -o $GITHUB_WORKSPACE/netbird.aar -javapkg=io.netbird.gomobile -ldflags="-X golang.zx2c4.com/wireguard/ipc.socketDirectory=/data/data/io.netbird.client/cache/wireguard -X github.com/netbirdio/netbird/version.version=buildtest"  $GITHUB_WORKSPACE/client/android
        env:
          CGO_ENABLED: 0
-          ANDROID_NDK_HOME: /usr/local/lib/android/sdk/ndk/23.1.7779620
-  ios_build:
-    runs-on: macos-latest
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v3
-      - name: Install Go
-        uses: actions/setup-go@v4
-        with:
-          go-version: "1.21.x"
-      - name: install gomobile
-        run: go install golang.org/x/mobile/cmd/gomobile@v0.0.0-20230531173138-3c911d8e3eda
-      - name: gomobile init
-        run: gomobile init
-      - name: build iOS nebtird lib
-        run: PATH=$PATH:$(go env GOPATH) gomobile bind -target=ios -bundleid=io.netbird.framework -ldflags="-X github.com/netbirdio/netbird/version.version=buildtest" -o $GITHUB_WORKSPACE/NetBirdSDK.xcframework $GITHUB_WORKSPACE/client/ios/NetBirdSDK
-        env:
-          CGO_ENABLED: 0
+          ANDROID_NDK_HOME: /usr/local/lib/android/sdk/ndk/23.1.7779620
--- a/.github/workflows/golang-test-darwin.yml
+++ b/.github/workflows/golang-test-darwin.yml
@@ -20,7 +20,7 @@ jobs:
      - name: Install Go
        uses: actions/setup-go@v4
        with:
-          go-version: "1.21.x"
+          go-version: "1.20.x"
      - name: Checkout code
        uses: actions/checkout@v3

--- a/.github/workflows/golang-test-linux.yml
+++ b/.github/workflows/golang-test-linux.yml
@@ -21,7 +21,7 @@ jobs:
      - name: Install Go
        uses: actions/setup-go@v4
        with:
-          go-version: "1.21.x"
+          go-version: "1.20.x"


      - name: Cache Go modules
@@ -50,7 +50,7 @@ jobs:
      - name: Install Go
        uses: actions/setup-go@v4
        with:
-          go-version: "1.21.x"
+          go-version: "1.20.x"

      - name: Cache Go modules
        uses: actions/cache@v3
--- a/.github/workflows/golang-test-windows.yml
+++ b/.github/workflows/golang-test-windows.yml
@@ -23,13 +23,13 @@ jobs:
        uses: actions/setup-go@v4
        id: go
        with:
-          go-version: "1.21.x"
+          go-version: "1.20.x"

      - name: Download wintun
        uses: carlosperate/download-file-action@v2
        id: download-wintun
        with:
-          file-url: https://pkgs.netbird.io/wintun/wintun-0.14.1.zip
+          file-url: https://www.wintun.net/builds/wintun-0.14.1.zip
          file-name: wintun.zip
          location: ${{ env.downloadPath }}
          sha256: '07c256185d6ee3652e09fa55c0b673e2624b565e02c4b9091c79ca7d2f24ef51'
@@ -49,4 +49,4 @@ jobs:
        run: PsExec64 -s -w ${{ github.workspace }} cmd.exe /c "C:\hostedtoolcache\windows\go\${{ steps.go.outputs.go-version }}\x64\bin\go.exe test -timeout 5m -p 1 ./... > test-out.txt 2>&1"
      - name: test output
        if: ${{ always() }}
-        run: Get-Content test-out.txt
+        run: Get-Content test-out.txt
--- a/.github/workflows/golangci-lint.yml
+++ b/.github/workflows/golangci-lint.yml
@@ -1,7 +1,7 @@
 name: golangci-lint
 on: [pull_request]

-permissions:
+permissions: 
  contents: read
  pull-requests: read

@@ -36,7 +36,7 @@ jobs:
      - name: Install Go
        uses: actions/setup-go@v4
        with:
-          go-version: "1.21.x"
+          go-version: "1.20.x"
          cache: false
      - name: Install dependencies
        if: matrix.os == 'ubuntu-latest'
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -20,7 +20,7 @@ on:
      - 'client/ui/**'

 env:
-  SIGN_PIPE_VER: "v0.0.11"
+  SIGN_PIPE_VER: "v0.0.10"
  GORELEASER_VER: "v1.14.1"

 concurrency:
@@ -44,18 +44,15 @@ jobs:
        name: Set up Go
        uses: actions/setup-go@v4
        with:
-          go-version: "1.21"
-          cache: false
+          go-version: "1.20"
      -
        name: Cache Go modules
        uses: actions/cache@v3
        with:
-          path: |
-            ~/go/pkg/mod
-            ~/.cache/go-build
-          key: ${{ runner.os }}-go-releaser-${{ hashFiles('**/go.sum') }}
+          path: ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
          restore-keys: |
-            ${{ runner.os }}-go-releaser-
+            ${{ runner.os }}-go-
      -
        name: Install modules
        run: go mod tidy
@@ -120,17 +117,14 @@ jobs:
      - name: Set up Go
        uses: actions/setup-go@v4
        with:
-          go-version: "1.21"
-          cache: false
+          go-version: "1.20"
      - name: Cache Go modules
        uses: actions/cache@v3
        with:
-          path: | 
-            ~/go/pkg/mod
-            ~/.cache/go-build
-          key: ${{ runner.os }}-ui-go-releaser-${{ hashFiles('**/go.sum') }}
+          path: ~/go/pkg/mod
+          key: ${{ runner.os }}-ui-go-${{ hashFiles('**/go.sum') }}
          restore-keys: |
-            ${{ runner.os }}-ui-go-releaser-
+            ${{ runner.os }}-ui-go-

      - name: Install modules
        run: go mod tidy
@@ -175,18 +169,15 @@ jobs:
        name: Set up Go
        uses: actions/setup-go@v4
        with:
-          go-version: "1.21"
-          cache: false
+          go-version: "1.20"
      -
        name: Cache Go modules
        uses: actions/cache@v3
        with:
-          path: |
-            ~/go/pkg/mod
-            ~/.cache/go-build
-          key: ${{ runner.os }}-ui-go-releaser-darwin-${{ hashFiles('**/go.sum') }}
+          path: ~/go/pkg/mod
+          key: ${{ runner.os }}-ui-go-${{ hashFiles('**/go.sum') }}
          restore-keys: |
-            ${{ runner.os }}-ui-go-releaser-darwin-
+            ${{ runner.os }}-ui-go-
      -
        name: Install modules
        run: go mod tidy
--- a/.github/workflows/test-infrastructure-files.yml
+++ b/.github/workflows/test-infrastructure-files.yml
@@ -28,7 +28,7 @@ jobs:
      - name: Install Go
        uses: actions/setup-go@v4
        with:
-          go-version: "1.21.x"
+          go-version: "1.20.x"

      - name: Cache Go modules
        uses: actions/cache@v3
@@ -62,7 +62,7 @@ jobs:
          CI_NETBIRD_MGMT_IDP_SIGNKEY_REFRESH: false

      - name: check values
-        working-directory: infrastructure_files/artifacts
+        working-directory: infrastructure_files
        env:
          CI_NETBIRD_DOMAIN: localhost
          CI_NETBIRD_AUTH_CLIENT_ID: testing.client.id
@@ -87,10 +87,8 @@ jobs:
          CI_NETBIRD_SIGNAL_PORT: 12345
          CI_NETBIRD_STORE_CONFIG_ENGINE: "sqlite"
          CI_NETBIRD_MGMT_IDP_SIGNKEY_REFRESH: false
-          CI_NETBIRD_TURN_EXTERNAL_IP: "1.2.3.4"

        run: |
-          set -x
          grep AUTH_CLIENT_ID docker-compose.yml | grep $CI_NETBIRD_AUTH_CLIENT_ID
          grep AUTH_CLIENT_SECRET docker-compose.yml | grep $CI_NETBIRD_AUTH_CLIENT_SECRET
          grep AUTH_AUTHORITY docker-compose.yml | grep $CI_NETBIRD_AUTH_AUTHORITY
@@ -109,7 +107,7 @@ jobs:
          grep Engine management.json  | grep "$CI_NETBIRD_STORE_CONFIG_ENGINE"
          grep IdpSignKeyRefreshEnabled management.json | grep "$CI_NETBIRD_MGMT_IDP_SIGNKEY_REFRESH"
          grep UseIDToken management.json | grep false
-          grep -A 1 IdpManagerConfig management.json | grep ManagerType | grep $CI_NETBIRD_MGMT_IDP
+          grep -A 1 IdpManagerConfig management.json | grep ManagerType | grep $CI_NETBIRD_MGMT_IDP 
          grep -A 3 IdpManagerConfig management.json | grep -A 1 ClientConfig | grep Issuer | grep $CI_NETBIRD_AUTH_AUTHORITY
          grep -A 4 IdpManagerConfig management.json | grep -A 2 ClientConfig | grep TokenEndpoint | grep $CI_NETBIRD_AUTH_TOKEN_ENDPOINT
          grep -A 5 IdpManagerConfig management.json | grep -A 3 ClientConfig | grep ClientID | grep $CI_NETBIRD_IDP_MGMT_CLIENT_ID
@@ -122,7 +120,6 @@ jobs:
          grep -A 10 PKCEAuthorizationFlow management.json | grep -A 10 ProviderConfig | grep TokenEndpoint | grep $CI_NETBIRD_AUTH_TOKEN_ENDPOINT
          grep -A 10 PKCEAuthorizationFlow management.json | grep -A 10 ProviderConfig | grep Scope | grep "$CI_NETBIRD_AUTH_SUPPORTED_SCOPES"
          grep -A 10 PKCEAuthorizationFlow management.json | grep -A 10 ProviderConfig | grep -A 3 RedirectURLs | grep "http://localhost:53000"
-          grep "external-ip" turnserver.conf | grep $CI_NETBIRD_TURN_EXTERNAL_IP

      - name: Install modules
        run: go mod tidy
@@ -146,7 +143,7 @@ jobs:
          docker build -t netbirdio/signal:latest .

      - name: run docker compose up
-        working-directory: infrastructure_files/artifacts
+        working-directory: infrastructure_files
        run: |
          docker-compose up -d
          sleep 5
@@ -155,9 +152,9 @@ jobs:

      - name: test running containers
        run: |
-          count=$(docker compose ps --format json | jq '. | select(.Name | contains("artifacts")) | .State' | grep -c running)
+          count=$(docker compose ps --format json | jq '. | select(.Name | contains("infrastructure_files")) | .State' | grep -c running)
          test $count -eq 4
-        working-directory: infrastructure_files/artifacts
+        working-directory: infrastructure_files

  test-getting-started-script:
    runs-on: ubuntu-latest
@@ -178,11 +175,8 @@ jobs:
      - name: test management.json file gen
        run: test -f management.json
      - name: test turnserver.conf file gen
-        run: | 
-          set -x
-          test -f turnserver.conf
-          grep external-ip turnserver.conf
+        run: test -f turnserver.conf
      - name: test zitadel.env file gen
        run: test -f zitadel.env
      - name: test dashboard.env file gen
-        run: test -f dashboard.env
+        run: test -f dashboard.env
--- a/.gitignore
+++ b/.gitignore
@@ -6,20 +6,11 @@ bin/
 .env
 conf.json
 http-cmds.sh
-setup.env
-infrastructure_files/**/Caddyfile
-infrastructure_files/**/dashboard.env
-infrastructure_files/**/zitadel.env
-infrastructure_files/**/management.json
-infrastructure_files/**/management-*.json
-infrastructure_files/**/docker-compose.yml
-infrastructure_files/**/openid-configuration.json
-infrastructure_files/**/turnserver.conf
-infrastructure_files/**/management.json.bkp.**
-infrastructure_files/**/management-*.json.bkp.**
-infrastructure_files/**/docker-compose.yml.bkp.**
-infrastructure_files/**/openid-configuration.json.bkp.**
-infrastructure_files/**/turnserver.conf.bkp.**
+infrastructure_files/management.json
+infrastructure_files/management-*.json
+infrastructure_files/docker-compose.yml
+infrastructure_files/openid-configuration.json
+infrastructure_files/turnserver.conf
 management/management
 client/client
 client/client.exe
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -189,8 +189,6 @@ CGO_ENABLED=0 go build .

 > Windows clients have a Wireguard driver requirement. You can download the wintun driver from https://www.wintun.net/builds/wintun-0.14.1.zip, after decompressing, you can copy the file `windtun\bin\ARCH\wintun.dll` to the same path as your binary file or to `C:\Windows\System32\wintun.dll`.

-> To test the client GUI application on Windows machines with RDP or vituralized environments (e.g. virtualbox or cloud), you need to download and extract the opengl32.dll from https://fdossena.com/?p=mesa/index.frag next to the built application.
-
 To start NetBird the client in the foreground:

 ```
@@ -274,8 +272,6 @@ go test -exec sudo ./...
 ```
 > On Windows use a powershell with administrator privileges

-> Non-GTK environments will need the `libayatana-appindicator3-dev` (debian/ubuntu) package installed
-
 ## Checklist before submitting a PR
 As a critical network service and open-source project, we must enforce a few things before submitting the pull-requests:
 - Keep functions as simple as possible, with a single purpose
--- a/README.md
+++ b/README.md
@@ -48,17 +48,17 @@ https://user-images.githubusercontent.com/700848/197345890-2e2cded5-7b7a-436f-a4

 ### Key features

-| Connectivity                             	                                                                                      | Management                                 	                             | Automation                                    	                            | Platforms    	                        |
-|---------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------|----------------------------------------------------------------------------|---------------------------------------|
-| <ul><li> - \[x] Kernel WireGuard </ul></li>                   	                                                                 | <ul><li> - \[x] [Admin Web UI](https://github.com/netbirdio/dashboard) </ul></li>                           	      | <ul><li> - \[x] [Public API](https://docs.netbird.io/api) </ul></li>                                	     | <ul><li> - \[x] Linux </ul></li>    	 |
-| <ul><li> - \[x] Peer-to-peer connections </ul></li>             	                                                               | <ul><li> - \[x] Auto peer discovery and configuration </ul></li>  	      | <ul><li> - \[x] [Setup keys for bulk network provisioning](https://docs.netbird.io/how-to/register-machines-using-setup-keys) </ul></li>  	     | <ul><li> - \[x] Mac </ul></li>      	 |
-| <ul><li> - \[x] Peer-to-peer encryption </ul></li>              	                                                               | <ul><li> - \[x] [IdP integrations](https://docs.netbird.io/selfhosted/identity-providers) </ul></li>                       	      | <ul><li> - \[x] [Self-hosting quickstart script](https://docs.netbird.io/selfhosted/selfhosted-quickstart) </ul></li>              	 | <ul><li> - \[x] Windows </ul></li>  	 |
-| <ul><li> - \[x] Connection relay fallback </ul></li>            	                                                               | <ul><li> - \[x] [SSO & MFA support](https://docs.netbird.io/how-to/installation#running-net-bird-with-sso-login) </ul></li>                      	      | <ul><li> - \[x] IdP groups sync with JWT </ul></li> 	                      | <ul><li> - \[x] Android </ul></li>  	 |
-| <ul><li> - \[x] [Routes to external networks](https://docs.netbird.io/how-to/routing-traffic-to-private-networks) </ul></li>  	 | <ul><li> - \[x] [Access control - groups & rules](https://docs.netbird.io/how-to/manage-network-access) </ul></li>      	        | 	                                                                          | <ul><li> - \[x] iOS </ul></li>      	 |
-| <ul><li> - \[x] NAT traversal with BPF </ul></li>                                                                               | <ul><li> - \[x] [Private DNS](https://docs.netbird.io/how-to/manage-dns-in-your-network) </ul></li>                            	      | 	                                                                          | <ul><li> - \[x] Docker </ul></li>   	 |
-| <ul><li> - \[x] Post-quantum-secure connection through [Rosenpass](https://rosenpass.eu) </ul></li>                             | <ul><li> - \[x] [Multiuser support](https://docs.netbird.io/how-to/add-users-to-your-network) </ul></li>                      	      | 	                                                                          | <ul><li> - \[x] OpenWRT </ul></li>  	 |
-| 	                                                                                                                               | <ul><li> - \[x] [Activity logging](https://docs.netbird.io/how-to/monitor-system-and-network-activity) </ul></li>                       	      | 	                                                                          | 	                                     |
-| 	                                                                                                                               | <ul><li> - \[x] SSH access management </ul></li>                       	 | 	                                                                          | 	                                     |
+| Connectivity                             	                        | Management                                 	                             | Automation                                    	                            | Platforms    	                        |
+|-------------------------------------------------------------------|--------------------------------------------------------------------------|----------------------------------------------------------------------------|---------------------------------------|
+| <ul><li> - \[x] Kernel WireGuard </ul></li>                   	   | <ul><li> - \[x] [Admin Web UI](https://github.com/netbirdio/dashboard) </ul></li>                           	      | <ul><li> - \[x] [Public API](https://docs.netbird.io/api) </ul></li>                                	     | <ul><li> - \[x] Linux </ul></li>    	 |
+| <ul><li> - \[x] Peer-to-peer connections </ul></li>             	 | <ul><li> - \[x] Auto peer discovery and configuration </ul></li>  	      | <ul><li> - \[x] [Setup keys for bulk network provisioning](https://docs.netbird.io/how-to/register-machines-using-setup-keys) </ul></li>  	     | <ul><li> - \[x] Mac </ul></li>      	 |
+| <ul><li> - \[x] Peer-to-peer encryption </ul></li>              	 | <ul><li> - \[x] [IdP integrations](https://docs.netbird.io/selfhosted/identity-providers) </ul></li>                       	      | <ul><li> - \[x] [Self-hosting quickstart script](https://docs.netbird.io/selfhosted/selfhosted-quickstart) </ul></li>              	 | <ul><li> - \[x] Windows </ul></li>  	 |
+| <ul><li> - \[x] Connection relay fallback </ul></li>            	 | <ul><li> - \[x] [SSO & MFA support](https://docs.netbird.io/how-to/installation#running-net-bird-with-sso-login) </ul></li>                      	      | <ul><li> - \[x] IdP groups sync with JWT </ul></li> 	                      | <ul><li> - \[x] Android </ul></li>  	 |
+| <ul><li> - \[x] [Routes to external networks](https://docs.netbird.io/how-to/routing-traffic-to-private-networks) </ul></li>  	         | <ul><li> - \[x] [Access control - groups & rules](https://docs.netbird.io/how-to/manage-network-access) </ul></li>      	        | 	                                                                          | <ul><li> - \[ ] iOS </ul></li>      	 |
+| <ul><li> - \[x] NAT traversal with BPF </ul></li>                 | <ul><li> - \[x] [Private DNS](https://docs.netbird.io/how-to/manage-dns-in-your-network) </ul></li>                            	      | 	                                                                          | <ul><li> - \[x] Docker </ul></li>   	 |
+|                                                                   | <ul><li> - \[x] [Multiuser support](https://docs.netbird.io/how-to/add-users-to-your-network) </ul></li>                      	      | 	                                                                          | <ul><li> - \[x] OpenWRT </ul></li>  	 |
+| 	                                                                 | <ul><li> - \[x] [Activity logging](https://docs.netbird.io/how-to/monitor-system-and-network-activity) </ul></li>                       	      | 	                                                                          | 	                                     |
+| 	                                                                 | <ul><li> - \[x] SSH access management </ul></li>                       	 | 	                                                                          | 	                                     |


 ### Quickstart with NetBird Cloud
--- a/client/Dockerfile
+++ b/client/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.18.5
+FROM alpine:3
 RUN apk add --no-cache ca-certificates iptables ip6tables
 ENV NB_FOREGROUND_MODE=true
 ENTRYPOINT [ "/go/bin/netbird","up"]
--- a/client/cmd/login.go
+++ b/client/cmd/login.go
@@ -51,7 +51,7 @@ var loginCmd = &cobra.Command{
 				AdminURL:      adminURL,
 				ConfigPath:    configPath,
 			}
-			if rootCmd.PersistentFlags().Changed(preSharedKeyFlag) {
+			if preSharedKey != "" {
 				ic.PreSharedKey = &preSharedKey
 			}

@@ -60,7 +60,7 @@ var loginCmd = &cobra.Command{
 				return fmt.Errorf("get config file: %v", err)
 			}

-			config, _ = internal.UpdateOldManagementURL(ctx, config, configPath)
+			config, _ = internal.UpdateOldManagementPort(ctx, config, configPath)

 			err = foregroundLogin(ctx, cmd, config, setupKey)
 			if err != nil {
@@ -82,15 +82,12 @@ var loginCmd = &cobra.Command{

 		loginRequest := proto.LoginRequest{
 			SetupKey:             setupKey,
+			PreSharedKey:         preSharedKey,
 			ManagementUrl:        managementURL,
 			IsLinuxDesktopClient: isLinuxRunningDesktop(),
 			Hostname:             hostName,
 		}

-		if rootCmd.PersistentFlags().Changed(preSharedKeyFlag) {
-			loginRequest.OptionalPreSharedKey = &preSharedKey
-		}
-
 		var loginErr error

 		var loginResp *proto.LoginResponse
@@ -154,21 +151,13 @@ func foregroundLogin(ctx context.Context, cmd *cobra.Command, config *internal.C
 		jwtToken = tokenInfo.GetTokenToUse()
 	}

-	var lastError error
-
 	err = WithBackOff(func() error {
 		err := internal.Login(ctx, config, setupKey, jwtToken)
 		if s, ok := gstatus.FromError(err); ok && (s.Code() == codes.InvalidArgument || s.Code() == codes.PermissionDenied) {
-			lastError = err
 			return nil
 		}
 		return err
 	})
-
-	if lastError != nil {
-		return fmt.Errorf("login failed: %v", lastError)
-	}
-
 	if err != nil {
 		return fmt.Errorf("backoff cycle failed: %v", err)
 	}
--- a/client/cmd/root.go
+++ b/client/cmd/root.go
@@ -25,12 +25,8 @@ import (
 )

 const (
-	externalIPMapFlag   = "external-ip-map"
-	dnsResolverAddress  = "dns-resolver-address"
-	enableRosenpassFlag = "enable-rosenpass"
-	preSharedKeyFlag    = "preshared-key"
-	interfaceNameFlag   = "interface-name"
-	wireguardPortFlag   = "wireguard-port"
+	externalIPMapFlag  = "external-ip-map"
+	dnsResolverAddress = "dns-resolver-address"
 )

 var (
@@ -53,9 +49,6 @@ var (
 	preSharedKey            string
 	natExternalIPs          []string
 	customDNSAddress        string
-	rosenpassEnabled        bool
-	interfaceName           string
-	wireguardPort           uint16
 	rootCmd                 = &cobra.Command{
 		Use:          "netbird",
 		Short:        "",
@@ -101,7 +94,7 @@ func init() {
 	rootCmd.PersistentFlags().StringVarP(&logLevel, "log-level", "l", "info", "sets Netbird log level")
 	rootCmd.PersistentFlags().StringVar(&logFile, "log-file", defaultLogFile, "sets Netbird log path. If console is specified the log will be output to stdout")
 	rootCmd.PersistentFlags().StringVarP(&setupKey, "setup-key", "k", "", "Setup key obtained from the Management Service Dashboard (used to register peer)")
-	rootCmd.PersistentFlags().StringVar(&preSharedKey, preSharedKeyFlag, "", "Sets Wireguard PreSharedKey property. If set, then only peers that have the same key can communicate.")
+	rootCmd.PersistentFlags().StringVar(&preSharedKey, "preshared-key", "", "Sets Wireguard PreSharedKey property. If set, then only peers that have the same key can communicate.")
 	rootCmd.PersistentFlags().StringVarP(&hostName, "hostname", "n", "", "Sets a custom hostname for the device")
 	rootCmd.AddCommand(serviceCmd)
 	rootCmd.AddCommand(upCmd)
@@ -125,7 +118,6 @@ func init() {
 			`An empty string "" clears the previous configuration. `+
 			`E.g. --dns-resolver-address 127.0.0.1:5053 or --dns-resolver-address ""`,
 	)
-	upCmd.PersistentFlags().BoolVar(&rosenpassEnabled, enableRosenpassFlag, false, "[Experimental] Enable Rosenpass feature. If enabled, the connection will be post-quantum secured via Rosenpass.")
 }

 // SetupCloseHandler handles SIGTERM signal and exits with success
--- a/client/cmd/status.go
+++ b/client/cmd/status.go
@@ -22,18 +22,14 @@ import (
 )

 type peerStateDetailOutput struct {
-	FQDN                   string           `json:"fqdn" yaml:"fqdn"`
-	IP                     string           `json:"netbirdIp" yaml:"netbirdIp"`
-	PubKey                 string           `json:"publicKey" yaml:"publicKey"`
-	Status                 string           `json:"status" yaml:"status"`
-	LastStatusUpdate       time.Time        `json:"lastStatusUpdate" yaml:"lastStatusUpdate"`
-	ConnType               string           `json:"connectionType" yaml:"connectionType"`
-	Direct                 bool             `json:"direct" yaml:"direct"`
-	IceCandidateType       iceCandidateType `json:"iceCandidateType" yaml:"iceCandidateType"`
-	IceCandidateEndpoint   iceCandidateType `json:"iceCandidateEndpoint" yaml:"iceCandidateEndpoint"`
-	LastWireguardHandshake time.Time        `json:"lastWireguardHandshake" yaml:"lastWireguardHandshake"`
-	TransferReceived       int64            `json:"transferReceived" yaml:"transferReceived"`
-	TransferSent           int64            `json:"transferSent" yaml:"transferSent"`
+	FQDN             string           `json:"fqdn" yaml:"fqdn"`
+	IP               string           `json:"netbirdIp" yaml:"netbirdIp"`
+	PubKey           string           `json:"publicKey" yaml:"publicKey"`
+	Status           string           `json:"status" yaml:"status"`
+	LastStatusUpdate time.Time        `json:"lastStatusUpdate" yaml:"lastStatusUpdate"`
+	ConnType         string           `json:"connectionType" yaml:"connectionType"`
+	Direct           bool             `json:"direct" yaml:"direct"`
+	IceCandidateType iceCandidateType `json:"iceCandidateType" yaml:"iceCandidateType"`
 }

 type peersStateOutput struct {
@@ -45,25 +41,11 @@ type peersStateOutput struct {
 type signalStateOutput struct {
 	URL       string `json:"url" yaml:"url"`
 	Connected bool   `json:"connected" yaml:"connected"`
-	Error     string `json:"error" yaml:"error"`
 }

 type managementStateOutput struct {
 	URL       string `json:"url" yaml:"url"`
 	Connected bool   `json:"connected" yaml:"connected"`
-	Error     string `json:"error" yaml:"error"`
-}
-
-type relayStateOutputDetail struct {
-	URI       string `json:"uri" yaml:"uri"`
-	Available bool   `json:"available" yaml:"available"`
-	Error     string `json:"error" yaml:"error"`
-}
-
-type relayStateOutput struct {
-	Total     int                      `json:"total" yaml:"total"`
-	Available int                      `json:"available" yaml:"available"`
-	Details   []relayStateOutputDetail `json:"details" yaml:"details"`
 }

 type iceCandidateType struct {
@@ -77,7 +59,6 @@ type statusOutputOverview struct {
 	DaemonVersion   string                `json:"daemonVersion" yaml:"daemonVersion"`
 	ManagementState managementStateOutput `json:"management" yaml:"management"`
 	SignalState     signalStateOutput     `json:"signal" yaml:"signal"`
-	Relays          relayStateOutput      `json:"relays" yaml:"relays"`
 	IP              string                `json:"netbirdIp" yaml:"netbirdIp"`
 	PubKey          string                `json:"publicKey" yaml:"publicKey"`
 	KernelInterface bool                  `json:"usesKernelInterface" yaml:"usesKernelInterface"`
@@ -85,15 +66,13 @@ type statusOutputOverview struct {
 }

 var (
-	detailFlag           bool
-	ipv4Flag             bool
-	jsonFlag             bool
-	yamlFlag             bool
-	ipsFilter            []string
-	prefixNamesFilter    []string
-	statusFilter         string
-	ipsFilterMap         map[string]struct{}
-	prefixNamesFilterMap map[string]struct{}
+	detailFlag   bool
+	ipv4Flag     bool
+	jsonFlag     bool
+	yamlFlag     bool
+	ipsFilter    []string
+	statusFilter string
+	ipsFilterMap map[string]struct{}
 )

 var statusCmd = &cobra.Command{
@@ -104,14 +83,12 @@ var statusCmd = &cobra.Command{

 func init() {
 	ipsFilterMap = make(map[string]struct{})
-	prefixNamesFilterMap = make(map[string]struct{})
 	statusCmd.PersistentFlags().BoolVarP(&detailFlag, "detail", "d", false, "display detailed status information in human-readable format")
 	statusCmd.PersistentFlags().BoolVar(&jsonFlag, "json", false, "display detailed status information in json format")
 	statusCmd.PersistentFlags().BoolVar(&yamlFlag, "yaml", false, "display detailed status information in yaml format")
 	statusCmd.PersistentFlags().BoolVar(&ipv4Flag, "ipv4", false, "display only NetBird IPv4 of this peer, e.g., --ipv4 will output 100.64.0.33")
 	statusCmd.MarkFlagsMutuallyExclusive("detail", "json", "yaml", "ipv4")
 	statusCmd.PersistentFlags().StringSliceVar(&ipsFilter, "filter-by-ips", []string{}, "filters the detailed output by a list of one or more IPs, e.g., --filter-by-ips 100.64.0.100,100.64.0.200")
-	statusCmd.PersistentFlags().StringSliceVar(&prefixNamesFilter, "filter-by-names", []string{}, "filters the detailed output by a list of one or more peer FQDN or hostnames, e.g., --filter-by-names peer-a,peer-b.netbird.cloud")
 	statusCmd.PersistentFlags().StringVar(&statusFilter, "filter-by-status", "", "filters the detailed output by connection status(connected|disconnected), e.g., --filter-by-status connected")
 }

@@ -165,7 +142,7 @@ func statusFunc(cmd *cobra.Command, args []string) error {
 	case yamlFlag:
 		statusOutputString, err = parseToYAML(outputInformationHolder)
 	default:
-		statusOutputString = parseGeneralSummary(outputInformationHolder, false, false)
+		statusOutputString = parseGeneralSummary(outputInformationHolder, false)
 	}

 	if err != nil {
@@ -195,12 +172,8 @@ func getStatus(ctx context.Context, cmd *cobra.Command) (*proto.StatusResponse,
 }

 func parseFilters() error {
-
 	switch strings.ToLower(statusFilter) {
 	case "", "disconnected", "connected":
-		if strings.ToLower(statusFilter) != "" {
-			enableDetailFlagWhenFilterFlag()
-		}
 	default:
 		return fmt.Errorf("wrong status filter, should be one of connected|disconnected, got: %s", statusFilter)
 	}
@@ -212,26 +185,11 @@ func parseFilters() error {
 				return fmt.Errorf("got an invalid IP address in the filter: address %s, error %s", addr, err)
 			}
 			ipsFilterMap[addr] = struct{}{}
-			enableDetailFlagWhenFilterFlag()
 		}
 	}
-
-	if len(prefixNamesFilter) > 0 {
-		for _, name := range prefixNamesFilter {
-			prefixNamesFilterMap[strings.ToLower(name)] = struct{}{}
-		}
-		enableDetailFlagWhenFilterFlag()
-	}
-
 	return nil
 }

-func enableDetailFlagWhenFilterFlag() {
-	if !detailFlag && !jsonFlag && !yamlFlag {
-		detailFlag = true
-	}
-}
-
 func convertToStatusOutputOverview(resp *proto.StatusResponse) statusOutputOverview {
 	pbFullStatus := resp.GetFullStatus()

@@ -239,17 +197,14 @@ func convertToStatusOutputOverview(resp *proto.StatusResponse) statusOutputOverv
 	managementOverview := managementStateOutput{
 		URL:       managementState.GetURL(),
 		Connected: managementState.GetConnected(),
-		Error:     managementState.Error,
 	}

 	signalState := pbFullStatus.GetSignalState()
 	signalOverview := signalStateOutput{
 		URL:       signalState.GetURL(),
 		Connected: signalState.GetConnected(),
-		Error:     signalState.Error,
 	}

-	relayOverview := mapRelays(pbFullStatus.GetRelays())
 	peersOverview := mapPeers(resp.GetFullStatus().GetPeers())

 	overview := statusOutputOverview{
@@ -258,7 +213,6 @@ func convertToStatusOutputOverview(resp *proto.StatusResponse) statusOutputOverv
 		DaemonVersion:   resp.GetDaemonVersion(),
 		ManagementState: managementOverview,
 		SignalState:     signalOverview,
-		Relays:          relayOverview,
 		IP:              pbFullStatus.GetLocalPeerState().GetIP(),
 		PubKey:          pbFullStatus.GetLocalPeerState().GetPubKey(),
 		KernelInterface: pbFullStatus.GetLocalPeerState().GetKernelInterface(),
@@ -268,43 +222,12 @@ func convertToStatusOutputOverview(resp *proto.StatusResponse) statusOutputOverv
 	return overview
 }

-func mapRelays(relays []*proto.RelayState) relayStateOutput {
-	var relayStateDetail []relayStateOutputDetail
-
-	var relaysAvailable int
-	for _, relay := range relays {
-		available := relay.GetAvailable()
-		relayStateDetail = append(relayStateDetail,
-			relayStateOutputDetail{
-				URI:       relay.URI,
-				Available: available,
-				Error:     relay.GetError(),
-			},
-		)
-
-		if available {
-			relaysAvailable++
-		}
-	}
-
-	return relayStateOutput{
-		Total:     len(relays),
-		Available: relaysAvailable,
-		Details:   relayStateDetail,
-	}
-}
-
 func mapPeers(peers []*proto.PeerState) peersStateOutput {
 	var peersStateDetail []peerStateDetailOutput
 	localICE := ""
 	remoteICE := ""
-	localICEEndpoint := ""
-	remoteICEEndpoint := ""
 	connType := ""
 	peersConnected := 0
-	lastHandshake := time.Time{}
-	transferReceived := int64(0)
-	transferSent := int64(0)
 	for _, pbPeerState := range peers {
 		isPeerConnected := pbPeerState.ConnStatus == peer.StatusConnected.String()
 		if skipDetailByFilters(pbPeerState, isPeerConnected) {
@@ -315,15 +238,10 @@ func mapPeers(peers []*proto.PeerState) peersStateOutput {

 			localICE = pbPeerState.GetLocalIceCandidateType()
 			remoteICE = pbPeerState.GetRemoteIceCandidateType()
-			localICEEndpoint = pbPeerState.GetLocalIceCandidateEndpoint()
-			remoteICEEndpoint = pbPeerState.GetRemoteIceCandidateEndpoint()
 			connType = "P2P"
 			if pbPeerState.Relayed {
 				connType = "Relayed"
 			}
-			lastHandshake = pbPeerState.GetLastWireguardHandshake().AsTime().Local()
-			transferReceived = pbPeerState.GetBytesRx()
-			transferSent = pbPeerState.GetBytesTx()
 		}

 		timeLocal := pbPeerState.GetConnStatusUpdate().AsTime().Local()
@@ -338,14 +256,7 @@ func mapPeers(peers []*proto.PeerState) peersStateOutput {
 				Local:  localICE,
 				Remote: remoteICE,
 			},
-			IceCandidateEndpoint: iceCandidateType{
-				Local:  localICEEndpoint,
-				Remote: remoteICEEndpoint,
-			},
-			FQDN:                   pbPeerState.GetFqdn(),
-			LastWireguardHandshake: lastHandshake,
-			TransferReceived:       transferReceived,
-			TransferSent:           transferSent,
+			FQDN: pbPeerState.GetFqdn(),
 		}

 		peersStateDetail = append(peersStateDetail, peerState)
@@ -395,32 +306,22 @@ func parseToYAML(overview statusOutputOverview) (string, error) {
 	return string(yamlBytes), nil
 }

-func parseGeneralSummary(overview statusOutputOverview, showURL bool, showRelays bool) string {
+func parseGeneralSummary(overview statusOutputOverview, showURL bool) string {

-	var managementConnString string
+	managementConnString := "Disconnected"
 	if overview.ManagementState.Connected {
 		managementConnString = "Connected"
 		if showURL {
 			managementConnString = fmt.Sprintf("%s to %s", managementConnString, overview.ManagementState.URL)
 		}
-	} else {
-		managementConnString = "Disconnected"
-		if overview.ManagementState.Error != "" {
-			managementConnString = fmt.Sprintf("%s, reason: %s", managementConnString, overview.ManagementState.Error)
-		}
 	}

-	var signalConnString string
+	signalConnString := "Disconnected"
 	if overview.SignalState.Connected {
 		signalConnString = "Connected"
 		if showURL {
 			signalConnString = fmt.Sprintf("%s to %s", signalConnString, overview.SignalState.URL)
 		}
-	} else {
-		signalConnString = "Disconnected"
-		if overview.SignalState.Error != "" {
-			signalConnString = fmt.Sprintf("%s, reason: %s", signalConnString, overview.SignalState.Error)
-		}
 	}

 	interfaceTypeString := "Userspace"
@@ -432,23 +333,6 @@ func parseGeneralSummary(overview statusOutputOverview, showURL bool, showRelays
 		interfaceIP = "N/A"
 	}

-	var relayAvailableString string
-	if showRelays {
-		for _, relay := range overview.Relays.Details {
-			available := "Available"
-			reason := ""
-			if !relay.Available {
-				available = "Unavailable"
-				reason = fmt.Sprintf(", reason: %s", relay.Error)
-			}
-			relayAvailableString += fmt.Sprintf("\n  [%s] is %s%s", relay.URI, available, reason)
-
-		}
-	} else {
-
-		relayAvailableString = fmt.Sprintf("%d/%d Available", overview.Relays.Available, overview.Relays.Total)
-	}
-
 	peersCountString := fmt.Sprintf("%d/%d Connected", overview.Peers.Connected, overview.Peers.Total)

 	summary := fmt.Sprintf(
@@ -456,7 +340,6 @@ func parseGeneralSummary(overview statusOutputOverview, showURL bool, showRelays
 			"CLI version: %s\n"+
 			"Management: %s\n"+
 			"Signal: %s\n"+
-			"Relays: %s\n"+
 			"FQDN: %s\n"+
 			"NetBird IP: %s\n"+
 			"Interface type: %s\n"+
@@ -465,7 +348,6 @@ func parseGeneralSummary(overview statusOutputOverview, showURL bool, showRelays
 		version.NetbirdVersion(),
 		managementConnString,
 		signalConnString,
-		relayAvailableString,
 		overview.FQDN,
 		interfaceIP,
 		interfaceTypeString,
@@ -476,7 +358,7 @@ func parseGeneralSummary(overview statusOutputOverview, showURL bool, showRelays

 func parseToFullDetailSummary(overview statusOutputOverview) string {
 	parsedPeersString := parsePeers(overview.Peers)
-	summary := parseGeneralSummary(overview, true, true)
+	summary := parseGeneralSummary(overview, true)

 	return fmt.Sprintf(
 		"Peers detail:"+
@@ -504,25 +386,6 @@ func parsePeers(peers peersStateOutput) string {
 			remoteICE = peerState.IceCandidateType.Remote
 		}

-		localICEEndpoint := "-"
-		if peerState.IceCandidateEndpoint.Local != "" {
-			localICEEndpoint = peerState.IceCandidateEndpoint.Local
-		}
-
-		remoteICEEndpoint := "-"
-		if peerState.IceCandidateEndpoint.Remote != "" {
-			remoteICEEndpoint = peerState.IceCandidateEndpoint.Remote
-		}
-		lastStatusUpdate := "-"
-		if !peerState.LastStatusUpdate.IsZero() {
-			lastStatusUpdate = peerState.LastStatusUpdate.Format("2006-01-02 15:04:05")
-		}
-
-		lastWireguardHandshake := "-"
-		if !peerState.LastWireguardHandshake.IsZero() && peerState.LastWireguardHandshake != time.Unix(0, 0) {
-			lastWireguardHandshake = peerState.LastWireguardHandshake.Format("2006-01-02 15:04:05")
-		}
-
 		peerString := fmt.Sprintf(
 			"\n %s:\n"+
 				"  NetBird IP: %s\n"+
@@ -532,10 +395,7 @@ func parsePeers(peers peersStateOutput) string {
 				"  Connection type: %s\n"+
 				"  Direct: %t\n"+
 				"  ICE candidate (Local/Remote): %s/%s\n"+
-				"  ICE candidate endpoints (Local/Remote): %s/%s\n"+
-				"  Last connection update: %s\n"+
-				"  Last Wireguard handshake: %s\n"+
-				"  Transfer status (received/sent) %s/%s\n",
+				"  Last connection update: %s\n",
 			peerState.FQDN,
 			peerState.IP,
 			peerState.PubKey,
@@ -544,12 +404,7 @@ func parsePeers(peers peersStateOutput) string {
 			peerState.Direct,
 			localICE,
 			remoteICE,
-			localICEEndpoint,
-			remoteICEEndpoint,
-			lastStatusUpdate,
-			lastWireguardHandshake,
-			toIEC(peerState.TransferReceived),
-			toIEC(peerState.TransferSent),
+			peerState.LastStatusUpdate.Format("2006-01-02 15:04:05"),
 		)

 		peersString += peerString
@@ -560,7 +415,6 @@ func parsePeers(peers peersStateOutput) string {
 func skipDetailByFilters(peerState *proto.PeerState, isConnected bool) bool {
 	statusEval := false
 	ipEval := false
-	nameEval := false

 	if statusFilter != "" {
 		lowerStatusFilter := strings.ToLower(statusFilter)
@@ -577,29 +431,5 @@ func skipDetailByFilters(peerState *proto.PeerState, isConnected bool) bool {
 			ipEval = true
 		}
 	}
-
-	if len(prefixNamesFilter) > 0 {
-		for prefixNameFilter := range prefixNamesFilterMap {
-			if !strings.HasPrefix(peerState.Fqdn, prefixNameFilter) {
-				nameEval = true
-				break
-			}
-		}
-	}
-
-	return statusEval || ipEval || nameEval
-}
-
-func toIEC(b int64) string {
-	const unit = 1024
-	if b < unit {
-		return fmt.Sprintf("%d B", b)
-	}
-	div, exp := int64(unit), 0
-	for n := b / unit; n >= unit; n /= unit {
-		div *= unit
-		exp++
-	}
-	return fmt.Sprintf("%.1f %ciB",
-		float64(b)/float64(div), "KMGTPE"[exp])
+	return statusEval || ipEval
 }
--- a/client/cmd/status_test.go
+++ b/client/cmd/status_test.go
@@ -1,13 +1,10 @@
 package cmd

 import (
-	"bytes"
-	"encoding/json"
 	"testing"
 	"time"

 	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
 	"google.golang.org/protobuf/types/known/timestamppb"

 	"github.com/netbirdio/netbird/client/proto"
@@ -28,59 +25,35 @@ var resp = &proto.StatusResponse{
 	FullStatus: &proto.FullStatus{
 		Peers: []*proto.PeerState{
 			{
-				IP:                         "192.168.178.101",
-				PubKey:                     "Pubkey1",
-				Fqdn:                       "peer-1.awesome-domain.com",
-				ConnStatus:                 "Connected",
-				ConnStatusUpdate:           timestamppb.New(time.Date(2001, time.Month(1), 1, 1, 1, 1, 0, time.UTC)),
-				Relayed:                    false,
-				Direct:                     true,
-				LocalIceCandidateType:      "",
-				RemoteIceCandidateType:     "",
-				LocalIceCandidateEndpoint:  "",
-				RemoteIceCandidateEndpoint: "",
-				LastWireguardHandshake:     timestamppb.New(time.Date(2001, time.Month(1), 1, 1, 1, 2, 0, time.UTC)),
-				BytesRx:                    200,
-				BytesTx:                    100,
+				IP:                     "192.168.178.101",
+				PubKey:                 "Pubkey1",
+				Fqdn:                   "peer-1.awesome-domain.com",
+				ConnStatus:             "Connected",
+				ConnStatusUpdate:       timestamppb.New(time.Date(2001, time.Month(1), 1, 1, 1, 1, 0, time.UTC)),
+				Relayed:                false,
+				Direct:                 true,
+				LocalIceCandidateType:  "",
+				RemoteIceCandidateType: "",
 			},
 			{
-				IP:                         "192.168.178.102",
-				PubKey:                     "Pubkey2",
-				Fqdn:                       "peer-2.awesome-domain.com",
-				ConnStatus:                 "Connected",
-				ConnStatusUpdate:           timestamppb.New(time.Date(2002, time.Month(2), 2, 2, 2, 2, 0, time.UTC)),
-				Relayed:                    true,
-				Direct:                     false,
-				LocalIceCandidateType:      "relay",
-				RemoteIceCandidateType:     "prflx",
-				LocalIceCandidateEndpoint:  "10.0.0.1:10001",
-				RemoteIceCandidateEndpoint: "10.0.10.1:10002",
-				LastWireguardHandshake:     timestamppb.New(time.Date(2002, time.Month(2), 2, 2, 2, 3, 0, time.UTC)),
-				BytesRx:                    2000,
-				BytesTx:                    1000,
+				IP:                     "192.168.178.102",
+				PubKey:                 "Pubkey2",
+				Fqdn:                   "peer-2.awesome-domain.com",
+				ConnStatus:             "Connected",
+				ConnStatusUpdate:       timestamppb.New(time.Date(2002, time.Month(2), 2, 2, 2, 2, 0, time.UTC)),
+				Relayed:                true,
+				Direct:                 false,
+				LocalIceCandidateType:  "relay",
+				RemoteIceCandidateType: "prflx",
 			},
 		},
 		ManagementState: &proto.ManagementState{
 			URL:       "my-awesome-management.com:443",
 			Connected: true,
-			Error:     "",
 		},
 		SignalState: &proto.SignalState{
 			URL:       "my-awesome-signal.com:443",
 			Connected: true,
-			Error:     "",
-		},
-		Relays: []*proto.RelayState{
-			{
-				URI:       "stun:my-awesome-stun.com:3478",
-				Available: true,
-				Error:     "",
-			},
-			{
-				URI:       "turns:my-awesome-turn.com:443?transport=tcp",
-				Available: false,
-				Error:     "context: deadline exceeded",
-			},
 		},
 		LocalPeerState: &proto.LocalPeerState{
 			IP:              "192.168.178.100/16",
@@ -109,13 +82,6 @@ var overview = statusOutputOverview{
 					Local:  "",
 					Remote: "",
 				},
-				IceCandidateEndpoint: iceCandidateType{
-					Local:  "",
-					Remote: "",
-				},
-				LastWireguardHandshake: time.Date(2001, 1, 1, 1, 1, 2, 0, time.UTC),
-				TransferReceived:       200,
-				TransferSent:           100,
 			},
 			{
 				IP:               "192.168.178.102",
@@ -129,13 +95,6 @@ var overview = statusOutputOverview{
 					Local:  "relay",
 					Remote: "prflx",
 				},
-				IceCandidateEndpoint: iceCandidateType{
-					Local:  "10.0.0.1:10001",
-					Remote: "10.0.10.1:10002",
-				},
-				LastWireguardHandshake: time.Date(2002, 2, 2, 2, 2, 3, 0, time.UTC),
-				TransferReceived:       2000,
-				TransferSent:           1000,
 			},
 		},
 	},
@@ -144,28 +103,10 @@ var overview = statusOutputOverview{
 	ManagementState: managementStateOutput{
 		URL:       "my-awesome-management.com:443",
 		Connected: true,
-		Error:     "",
 	},
 	SignalState: signalStateOutput{
 		URL:       "my-awesome-signal.com:443",
 		Connected: true,
-		Error:     "",
-	},
-	Relays: relayStateOutput{
-		Total:     2,
-		Available: 1,
-		Details: []relayStateOutputDetail{
-			{
-				URI:       "stun:my-awesome-stun.com:3478",
-				Available: true,
-				Error:     "",
-			},
-			{
-				URI:       "turns:my-awesome-turn.com:443?transport=tcp",
-				Available: false,
-				Error:     "context: deadline exceeded",
-			},
-		},
 	},
 	IP:              "192.168.178.100/16",
 	PubKey:          "Some-Pub-Key",
@@ -204,163 +145,107 @@ func TestSortingOfPeers(t *testing.T) {
 }

 func TestParsingToJSON(t *testing.T) {
-	jsonString, _ := parseToJSON(overview)
+	json, _ := parseToJSON(overview)

 	//@formatter:off
-	expectedJSONString := `
-        {
-          "peers": {
-            "total": 2,
-            "connected": 2,
-            "details": [
-              {
-                "fqdn": "peer-1.awesome-domain.com",
-                "netbirdIp": "192.168.178.101",
-                "publicKey": "Pubkey1",
-                "status": "Connected",
-                "lastStatusUpdate": "2001-01-01T01:01:01Z",
-                "connectionType": "P2P",
-                "direct": true,
-                "iceCandidateType": {
-                  "local": "",
-                  "remote": ""
-                },
-                "iceCandidateEndpoint": {
-                  "local": "",
-                  "remote": ""
-                },
-                "lastWireguardHandshake": "2001-01-01T01:01:02Z",
-                "transferReceived": 200,
-                "transferSent": 100
-              },
-              {
-                "fqdn": "peer-2.awesome-domain.com",
-                "netbirdIp": "192.168.178.102",
-                "publicKey": "Pubkey2",
-                "status": "Connected",
-                "lastStatusUpdate": "2002-02-02T02:02:02Z",
-                "connectionType": "Relayed",
-                "direct": false,
-                "iceCandidateType": {
-                  "local": "relay",
-                  "remote": "prflx"
-                },
-                "iceCandidateEndpoint": {
-                  "local": "10.0.0.1:10001",
-                  "remote": "10.0.10.1:10002"
-                },
-                "lastWireguardHandshake": "2002-02-02T02:02:03Z",
-                "transferReceived": 2000,
-                "transferSent": 1000
-              }
-            ]
-          },
-          "cliVersion": "development",
-          "daemonVersion": "0.14.1",
-          "management": {
-            "url": "my-awesome-management.com:443",
-            "connected": true,
-            "error": ""
-          },
-          "signal": {
-            "url": "my-awesome-signal.com:443",
-            "connected": true,
-            "error": ""
-          },
-          "relays": {
-            "total": 2,
-            "available": 1,
-            "details": [
-              {
-                "uri": "stun:my-awesome-stun.com:3478",
-                "available": true,
-                "error": ""
-              },
-              {
-                "uri": "turns:my-awesome-turn.com:443?transport=tcp",
-                "available": false,
-                "error": "context: deadline exceeded"
-              }
-            ]
-          },
-          "netbirdIp": "192.168.178.100/16",
-          "publicKey": "Some-Pub-Key",
-          "usesKernelInterface": true,
-          "fqdn": "some-localhost.awesome-domain.com"
-        }`
+	expectedJSON := "{\"" +
+		"peers\":" +
+		"{" +
+		"\"total\":2," +
+		"\"connected\":2," +
+		"\"details\":" +
+		"[" +
+		"{" +
+		"\"fqdn\":\"peer-1.awesome-domain.com\"," +
+		"\"netbirdIp\":\"192.168.178.101\"," +
+		"\"publicKey\":\"Pubkey1\"," +
+		"\"status\":\"Connected\"," +
+		"\"lastStatusUpdate\":\"2001-01-01T01:01:01Z\"," +
+		"\"connectionType\":\"P2P\"," +
+		"\"direct\":true," +
+		"\"iceCandidateType\":" +
+		"{" +
+		"\"local\":\"\"," +
+		"\"remote\":\"\"" +
+		"}" +
+		"}," +
+		"{" +
+		"\"fqdn\":\"peer-2.awesome-domain.com\"," +
+		"\"netbirdIp\":\"192.168.178.102\"," +
+		"\"publicKey\":\"Pubkey2\"," +
+		"\"status\":\"Connected\"," +
+		"\"lastStatusUpdate\":\"2002-02-02T02:02:02Z\"," +
+		"\"connectionType\":\"Relayed\"," +
+		"\"direct\":false," +
+		"\"iceCandidateType\":" +
+		"{" +
+		"\"local\":\"relay\"," +
+		"\"remote\":\"prflx\"" +
+		"}" +
+		"}" +
+		"]" +
+		"}," +
+		"\"cliVersion\":\"development\"," +
+		"\"daemonVersion\":\"0.14.1\"," +
+		"\"management\":" +
+		"{" +
+		"\"url\":\"my-awesome-management.com:443\"," +
+		"\"connected\":true" +
+		"}," +
+		"\"signal\":" +
+		"{\"" +
+		"url\":\"my-awesome-signal.com:443\"," +
+		"\"connected\":true" +
+		"}," +
+		"\"netbirdIp\":\"192.168.178.100/16\"," +
+		"\"publicKey\":\"Some-Pub-Key\"," +
+		"\"usesKernelInterface\":true," +
+		"\"fqdn\":\"some-localhost.awesome-domain.com\"" +
+		"}"
 	// @formatter:on

-	var expectedJSON bytes.Buffer
-	require.NoError(t, json.Compact(&expectedJSON, []byte(expectedJSONString)))
-
-	assert.Equal(t, expectedJSON.String(), jsonString)
+	assert.Equal(t, expectedJSON, json)
 }

 func TestParsingToYAML(t *testing.T) {
 	yaml, _ := parseToYAML(overview)

-	expectedYAML :=
-		`peers:
-    total: 2
-    connected: 2
-    details:
-        - fqdn: peer-1.awesome-domain.com
-          netbirdIp: 192.168.178.101
-          publicKey: Pubkey1
-          status: Connected
-          lastStatusUpdate: 2001-01-01T01:01:01Z
-          connectionType: P2P
-          direct: true
-          iceCandidateType:
-            local: ""
-            remote: ""
-          iceCandidateEndpoint:
-            local: ""
-            remote: ""
-          lastWireguardHandshake: 2001-01-01T01:01:02Z
-          transferReceived: 200
-          transferSent: 100
-        - fqdn: peer-2.awesome-domain.com
-          netbirdIp: 192.168.178.102
-          publicKey: Pubkey2
-          status: Connected
-          lastStatusUpdate: 2002-02-02T02:02:02Z
-          connectionType: Relayed
-          direct: false
-          iceCandidateType:
-            local: relay
-            remote: prflx
-          iceCandidateEndpoint:
-            local: 10.0.0.1:10001
-            remote: 10.0.10.1:10002
-          lastWireguardHandshake: 2002-02-02T02:02:03Z
-          transferReceived: 2000
-          transferSent: 1000
-cliVersion: development
-daemonVersion: 0.14.1
-management:
-    url: my-awesome-management.com:443
-    connected: true
-    error: ""
-signal:
-    url: my-awesome-signal.com:443
-    connected: true
-    error: ""
-relays:
-    total: 2
-    available: 1
-    details:
-        - uri: stun:my-awesome-stun.com:3478
-          available: true
-          error: ""
-        - uri: turns:my-awesome-turn.com:443?transport=tcp
-          available: false
-          error: 'context: deadline exceeded'
-netbirdIp: 192.168.178.100/16
-publicKey: Some-Pub-Key
-usesKernelInterface: true
-fqdn: some-localhost.awesome-domain.com
-`
+	expectedYAML := "peers:\n" +
+		"    total: 2\n" +
+		"    connected: 2\n" +
+		"    details:\n" +
+		"        - fqdn: peer-1.awesome-domain.com\n" +
+		"          netbirdIp: 192.168.178.101\n" +
+		"          publicKey: Pubkey1\n" +
+		"          status: Connected\n" +
+		"          lastStatusUpdate: 2001-01-01T01:01:01Z\n" +
+		"          connectionType: P2P\n" +
+		"          direct: true\n" +
+		"          iceCandidateType:\n" +
+		"            local: \"\"\n" +
+		"            remote: \"\"\n" +
+		"        - fqdn: peer-2.awesome-domain.com\n" +
+		"          netbirdIp: 192.168.178.102\n" +
+		"          publicKey: Pubkey2\n" +
+		"          status: Connected\n" +
+		"          lastStatusUpdate: 2002-02-02T02:02:02Z\n" +
+		"          connectionType: Relayed\n" +
+		"          direct: false\n" +
+		"          iceCandidateType:\n" +
+		"            local: relay\n" +
+		"            remote: prflx\n" +
+		"cliVersion: development\n" +
+		"daemonVersion: 0.14.1\n" +
+		"management:\n" +
+		"    url: my-awesome-management.com:443\n" +
+		"    connected: true\n" +
+		"signal:\n" +
+		"    url: my-awesome-signal.com:443\n" +
+		"    connected: true\n" +
+		"netbirdIp: 192.168.178.100/16\n" +
+		"publicKey: Some-Pub-Key\n" +
+		"usesKernelInterface: true\n" +
+		"fqdn: some-localhost.awesome-domain.com\n"

 	assert.Equal(t, expectedYAML, yaml)
 }
@@ -368,64 +253,50 @@ fqdn: some-localhost.awesome-domain.com
 func TestParsingToDetail(t *testing.T) {
 	detail := parseToFullDetailSummary(overview)

-	expectedDetail :=
-		`Peers detail:
- peer-1.awesome-domain.com:
-  NetBird IP: 192.168.178.101
-  Public key: Pubkey1
-  Status: Connected
-  -- detail --
-  Connection type: P2P
-  Direct: true
-  ICE candidate (Local/Remote): -/-
-  ICE candidate endpoints (Local/Remote): -/-
-  Last connection update: 2001-01-01 01:01:01
-  Last Wireguard handshake: 2001-01-01 01:01:02
-  Transfer status (received/sent) 200 B/100 B
-
- peer-2.awesome-domain.com:
-  NetBird IP: 192.168.178.102
-  Public key: Pubkey2
-  Status: Connected
-  -- detail --
-  Connection type: Relayed
-  Direct: false
-  ICE candidate (Local/Remote): relay/prflx
-  ICE candidate endpoints (Local/Remote): 10.0.0.1:10001/10.0.10.1:10002
-  Last connection update: 2002-02-02 02:02:02
-  Last Wireguard handshake: 2002-02-02 02:02:03
-  Transfer status (received/sent) 2.0 KiB/1000 B
-
-Daemon version: 0.14.1
-CLI version: development
-Management: Connected to my-awesome-management.com:443
-Signal: Connected to my-awesome-signal.com:443
-Relays: 
-  [stun:my-awesome-stun.com:3478] is Available
-  [turns:my-awesome-turn.com:443?transport=tcp] is Unavailable, reason: context: deadline exceeded
-FQDN: some-localhost.awesome-domain.com
-NetBird IP: 192.168.178.100/16
-Interface type: Kernel
-Peers count: 2/2 Connected
-`
+	expectedDetail := "Peers detail:\n" +
+		" peer-1.awesome-domain.com:\n" +
+		"  NetBird IP: 192.168.178.101\n" +
+		"  Public key: Pubkey1\n" +
+		"  Status: Connected\n" +
+		"  -- detail --\n" +
+		"  Connection type: P2P\n" +
+		"  Direct: true\n" +
+		"  ICE candidate (Local/Remote): -/-\n" +
+		"  Last connection update: 2001-01-01 01:01:01\n" +
+		"\n" +
+		" peer-2.awesome-domain.com:\n" +
+		"  NetBird IP: 192.168.178.102\n" +
+		"  Public key: Pubkey2\n" +
+		"  Status: Connected\n" +
+		"  -- detail --\n" +
+		"  Connection type: Relayed\n" +
+		"  Direct: false\n" +
+		"  ICE candidate (Local/Remote): relay/prflx\n" +
+		"  Last connection update: 2002-02-02 02:02:02\n" +
+		"\n" +
+		"Daemon version: 0.14.1\n" +
+		"CLI version: development\n" +
+		"Management: Connected to my-awesome-management.com:443\n" +
+		"Signal: Connected to my-awesome-signal.com:443\n" +
+		"FQDN: some-localhost.awesome-domain.com\n" +
+		"NetBird IP: 192.168.178.100/16\n" +
+		"Interface type: Kernel\n" +
+		"Peers count: 2/2 Connected\n"

 	assert.Equal(t, expectedDetail, detail)
 }

 func TestParsingToShortVersion(t *testing.T) {
-	shortVersion := parseGeneralSummary(overview, false, false)
+	shortVersion := parseGeneralSummary(overview, false)

-	expectedString :=
-		`Daemon version: 0.14.1
-CLI version: development
-Management: Connected
-Signal: Connected
-Relays: 1/2 Available
-FQDN: some-localhost.awesome-domain.com
-NetBird IP: 192.168.178.100/16
-Interface type: Kernel
-Peers count: 2/2 Connected
-`
+	expectedString := "Daemon version: 0.14.1\n" +
+		"CLI version: development\n" +
+		"Management: Connected\n" +
+		"Signal: Connected\n" +
+		"FQDN: some-localhost.awesome-domain.com\n" +
+		"NetBird IP: 192.168.178.100/16\n" +
+		"Interface type: Kernel\n" +
+		"Peers count: 2/2 Connected\n"

 	assert.Equal(t, expectedString, shortVersion)
 }
--- a/client/cmd/up.go
+++ b/client/cmd/up.go
@@ -5,7 +5,6 @@ import (
 	"fmt"
 	"net"
 	"net/netip"
-	"runtime"
 	"strings"

 	log "github.com/sirupsen/logrus"
@@ -17,7 +16,6 @@ import (
 	"github.com/netbirdio/netbird/client/internal/peer"
 	"github.com/netbirdio/netbird/client/proto"
 	"github.com/netbirdio/netbird/client/system"
-	"github.com/netbirdio/netbird/iface"
 	"github.com/netbirdio/netbird/util"
 )

@@ -38,8 +36,6 @@ var (

 func init() {
 	upCmd.PersistentFlags().BoolVarP(&foregroundMode, "foreground-mode", "F", false, "start service in foreground")
-	upCmd.PersistentFlags().StringVar(&interfaceName, interfaceNameFlag, iface.WgInterfaceDefault, "Wireguard interface name")
-	upCmd.PersistentFlags().Uint16Var(&wireguardPort, wireguardPortFlag, iface.DefaultWgPort, "Wireguard interface listening port")
 }

 func upFunc(cmd *cobra.Command, args []string) error {
@@ -89,24 +85,7 @@ func runInForegroundMode(ctx context.Context, cmd *cobra.Command) error {
 		NATExternalIPs:   natExternalIPs,
 		CustomDNSAddress: customDNSAddressConverted,
 	}
-
-	if cmd.Flag(enableRosenpassFlag).Changed {
-		ic.RosenpassEnabled = &rosenpassEnabled
-	}
-
-	if cmd.Flag(interfaceNameFlag).Changed {
-		if err := parseInterfaceName(interfaceName); err != nil {
-			return err
-		}
-		ic.InterfaceName = &interfaceName
-	}
-
-	if cmd.Flag(wireguardPortFlag).Changed {
-		p := int(wireguardPort)
-		ic.WireguardPort = &p
-	}
-
-	if rootCmd.PersistentFlags().Changed(preSharedKeyFlag) {
+	if preSharedKey != "" {
 		ic.PreSharedKey = &preSharedKey
 	}

@@ -115,7 +94,7 @@ func runInForegroundMode(ctx context.Context, cmd *cobra.Command) error {
 		return fmt.Errorf("get config file: %v", err)
 	}

-	config, _ = internal.UpdateOldManagementURL(ctx, config, configPath)
+	config, _ = internal.UpdateOldManagementPort(ctx, config, configPath)

 	err = foregroundLogin(ctx, cmd, config, setupKey)
 	if err != nil {
@@ -163,6 +142,7 @@ func runInDaemonMode(ctx context.Context, cmd *cobra.Command) error {

 	loginRequest := proto.LoginRequest{
 		SetupKey:             setupKey,
+		PreSharedKey:         preSharedKey,
 		ManagementUrl:        managementURL,
 		AdminURL:             adminURL,
 		NatExternalIPs:       natExternalIPs,
@@ -172,26 +152,6 @@ func runInDaemonMode(ctx context.Context, cmd *cobra.Command) error {
 		Hostname:             hostName,
 	}

-	if rootCmd.PersistentFlags().Changed(preSharedKeyFlag) {
-		loginRequest.OptionalPreSharedKey = &preSharedKey
-	}
-
-	if cmd.Flag(enableRosenpassFlag).Changed {
-		loginRequest.RosenpassEnabled = &rosenpassEnabled
-	}
-
-	if cmd.Flag(interfaceNameFlag).Changed {
-		if err := parseInterfaceName(interfaceName); err != nil {
-			return err
-		}
-		loginRequest.InterfaceName = &interfaceName
-	}
-
-	if cmd.Flag(wireguardPortFlag).Changed {
-		wp := int64(wireguardPort)
-		loginRequest.WireguardPort = &wp
-	}
-
 	var loginErr error

 	var loginResp *proto.LoginResponse
@@ -263,18 +223,6 @@ func validateNATExternalIPs(list []string) error {
 	return nil
 }

-func parseInterfaceName(name string) error {
-	if runtime.GOOS != "darwin" {
-		return nil
-	}
-
-	if strings.HasPrefix(name, "utun") {
-		return nil
-	}
-
-	return fmt.Errorf("invalid interface name %s. Please use the prefix utun followed by a number on MacOS. e.g., utun1 or utun199", name)
-}
-
 func validateElement(element string) (int, error) {
 	if isValidIP(element) {
 		return ipInputType, nil
--- a/client/firewall/nftables/acl_linux.go
+++ b/client/firewall/nftables/acl_linux.go
@@ -58,7 +58,6 @@ type AclManager struct {
 type iFaceMapper interface {
 	Name() string
 	Address() iface.WGAddress
-	IsUserspaceBind() bool
 }

 func newAclManager(table *nftables.Table, wgIface iFaceMapper, routeingFwChainName string) (*AclManager, error) {
@@ -199,81 +198,6 @@ func (m *AclManager) DeleteRule(rule firewall.Rule) error {
 	return nil
 }

-// createDefaultAllowRules In case if the USP firewall manager can use the native firewall manager we must to create allow rules for
-// input and output chains
-func (m *AclManager) createDefaultAllowRules() error {
-	expIn := []expr.Any{
-		&expr.Payload{
-			DestRegister: 1,
-			Base:         expr.PayloadBaseNetworkHeader,
-			Offset:       12,
-			Len:          4,
-		},
-		// mask
-		&expr.Bitwise{
-			SourceRegister: 1,
-			DestRegister:   1,
-			Len:            4,
-			Mask:           []byte{0x00, 0x00, 0x00, 0x00},
-			Xor:            zeroXor,
-		},
-		// net address
-		&expr.Cmp{
-			Register: 1,
-			Data:     []byte{0x00, 0x00, 0x00, 0x00},
-		},
-		&expr.Verdict{
-			Kind: expr.VerdictAccept,
-		},
-	}
-
-	_ = m.rConn.InsertRule(&nftables.Rule{
-		Table:    m.workTable,
-		Chain:    m.chainInputRules,
-		Position: 0,
-		Exprs:    expIn,
-	})
-
-	expOut := []expr.Any{
-		&expr.Payload{
-			DestRegister: 1,
-			Base:         expr.PayloadBaseNetworkHeader,
-			Offset:       16,
-			Len:          4,
-		},
-		// mask
-		&expr.Bitwise{
-			SourceRegister: 1,
-			DestRegister:   1,
-			Len:            4,
-			Mask:           []byte{0x00, 0x00, 0x00, 0x00},
-			Xor:            zeroXor,
-		},
-		// net address
-		&expr.Cmp{
-			Register: 1,
-			Data:     []byte{0x00, 0x00, 0x00, 0x00},
-		},
-		&expr.Verdict{
-			Kind: expr.VerdictAccept,
-		},
-	}
-
-	_ = m.rConn.InsertRule(&nftables.Rule{
-		Table:    m.workTable,
-		Chain:    m.chainOutputRules,
-		Position: 0,
-		Exprs:    expOut,
-	})
-
-	err := m.rConn.Flush()
-	if err != nil {
-		log.Debugf("failed to create default allow rules: %s", err)
-		return err
-	}
-	return nil
-}
-
 // Flush rule/chain/set operations from the buffer
 //
 // Method also get all rules after flush and refreshes handle values in the rulesets
@@ -811,6 +735,7 @@ func (m *AclManager) createPreroutingMangle() *nftables.Chain {
 		Chain: chain,
 		Exprs: expressions,
 	})
+	chain = m.rConn.AddChain(chain)
 	return chain
 }

--- a/client/firewall/nftables/manager_linux.go
+++ b/client/firewall/nftables/manager_linux.go
@@ -106,19 +106,11 @@ func (m *Manager) RemoveRoutingRules(pair firewall.RouterPair) error {
 }

 // AllowNetbird allows netbird interface traffic
+// todo review this method usage
 func (m *Manager) AllowNetbird() error {
-	if !m.wgIface.IsUserspaceBind() {
-		return nil
-	}
-
 	m.mutex.Lock()
 	defer m.mutex.Unlock()

-	err := m.aclManager.createDefaultAllowRules()
-	if err != nil {
-		return fmt.Errorf("failed to create default allow rules: %v", err)
-	}
-
 	chains, err := m.rConn.ListChainsOfTableFamily(nftables.TableFamilyIPv4)
 	if err != nil {
 		return fmt.Errorf("list of chains: %w", err)
@@ -153,7 +145,6 @@ func (m *Manager) AllowNetbird() error {
 	if err != nil {
 		return fmt.Errorf("failed to flush allow input netbird rules: %v", err)
 	}
-
 	return nil
 }

--- a/client/firewall/nftables/manager_linux_test.go
+++ b/client/firewall/nftables/manager_linux_test.go
@@ -37,8 +37,6 @@ func (i *iFaceMock) Address() iface.WGAddress {
 	panic("AddressFunc is not set")
 }

-func (i *iFaceMock) IsUserspaceBind() bool { return false }
-
 func TestNftablesManager(t *testing.T) {
 	mock := &iFaceMock{
 		NameFunc: func() string {
--- a/client/installer.nsis
+++ b/client/installer.nsis
@@ -193,7 +193,6 @@ Sleep 3000
 Delete "$INSTDIR\${UI_APP_EXE}"
 Delete "$INSTDIR\${MAIN_APP_EXE}"
 Delete "$INSTDIR\wintun.dll"
-Delete "$INSTDIR\opengl32.dll"
 RmDir /r "$INSTDIR"

 SetShellVarContext all
--- a/client/internal/acl/manager_test.go
+++ b/client/internal/acl/manager_test.go
@@ -38,7 +38,7 @@ func TestDefaultManager(t *testing.T) {
 	defer ctrl.Finish()

 	ifaceMock := mocks.NewMockIFaceMapper(ctrl)
-	ifaceMock.EXPECT().IsUserspaceBind().Return(true).AnyTimes()
+	ifaceMock.EXPECT().IsUserspaceBind().Return(true)
 	ifaceMock.EXPECT().SetFilter(gomock.Any())
 	ip, network, err := net.ParseCIDR("172.0.0.1/32")
 	if err != nil {
@@ -331,7 +331,7 @@ func TestDefaultManagerEnableSSHRules(t *testing.T) {
 	defer ctrl.Finish()

 	ifaceMock := mocks.NewMockIFaceMapper(ctrl)
-	ifaceMock.EXPECT().IsUserspaceBind().Return(true).AnyTimes()
+	ifaceMock.EXPECT().IsUserspaceBind().Return(true)
 	ifaceMock.EXPECT().SetFilter(gomock.Any())
 	ip, network, err := net.ParseCIDR("172.0.0.1/32")
 	if err != nil {
--- a/client/internal/config.go
+++ b/client/internal/config.go
@@ -1,7 +1,6 @@
 package internal

 import (
-	"context"
 	"fmt"
 	"net/url"
 	"os"
@@ -13,19 +12,16 @@ import (

 	"github.com/netbirdio/netbird/client/ssh"
 	"github.com/netbirdio/netbird/iface"
-	mgm "github.com/netbirdio/netbird/management/client"
 	"github.com/netbirdio/netbird/util"
 )

 const (
-	// managementLegacyPortString is the port that was used before by the Management gRPC server.
+	// ManagementLegacyPort is the port that was used before by the Management gRPC server.
 	// It is used for backward compatibility now.
 	// NB: hardcoded from github.com/netbirdio/netbird/management/cmd to avoid import
-	managementLegacyPortString = "33073"
+	ManagementLegacyPort = 33073
 	// DefaultManagementURL points to the NetBird's cloud management endpoint
-	DefaultManagementURL = "https://api.netbird.io:443"
-	// oldDefaultManagementURL points to the NetBird's old cloud management endpoint
-	oldDefaultManagementURL = "https://api.wiretrustee.com:443"
+	DefaultManagementURL = "https://api.wiretrustee.com:443"
 	// DefaultAdminURL points to NetBird's cloud management console
 	DefaultAdminURL = "https://app.netbird.io:443"
 )
@@ -41,9 +37,6 @@ type ConfigInput struct {
 	PreSharedKey     *string
 	NATExternalIPs   []string
 	CustomDNSAddress []byte
-	RosenpassEnabled *bool
-	InterfaceName    *string
-	WireguardPort    *int
 }

 // Config Configuration type
@@ -57,11 +50,10 @@ type Config struct {
 	WgPort               int
 	IFaceBlackList       []string
 	DisableIPv6Discovery bool
-	RosenpassEnabled     bool
 	// SSHKey is a private SSH key in a PEM format
 	SSHKey string

-	// ExternalIP mappings, if different from the host interface IP
+	// ExternalIP mappings, if different than the host interface IP
 	//
 	//   External IP must not be behind a CGNAT and port-forwarding for incoming UDP packets from WgPort on ExternalIP
 	//   to WgPort on host interface IP must be present. This can take form of single port-forwarding rule, 1:1 DNAT
@@ -144,10 +136,11 @@ func createNewConfig(input ConfigInput) (*Config, error) {
 	if err != nil {
 		return nil, err
 	}
-
 	config := &Config{
 		SSHKey:               string(pem),
 		PrivateKey:           wgKey,
+		WgIface:              iface.WgInterfaceDefault,
+		WgPort:               iface.DefaultWgPort,
 		IFaceBlackList:       []string{},
 		DisableIPv6Discovery: false,
 		NATExternalIPs:       input.NATExternalIPs,
@@ -168,24 +161,10 @@ func createNewConfig(input ConfigInput) (*Config, error) {
 		config.ManagementURL = URL
 	}

-	config.WgPort = iface.DefaultWgPort
-	if input.WireguardPort != nil {
-		config.WgPort = *input.WireguardPort
-	}
-
-	config.WgIface = iface.WgInterfaceDefault
-	if input.InterfaceName != nil {
-		config.WgIface = *input.InterfaceName
-	}
-
 	if input.PreSharedKey != nil {
 		config.PreSharedKey = *input.PreSharedKey
 	}

-	if input.RosenpassEnabled != nil {
-		config.RosenpassEnabled = *input.RosenpassEnabled
-	}
-
 	defaultAdminURL, err := parseURL("Admin URL", DefaultAdminURL)
 	if err != nil {
 		return nil, err
@@ -236,9 +215,12 @@ func update(input ConfigInput) (*Config, error) {
 	}

 	if input.PreSharedKey != nil && config.PreSharedKey != *input.PreSharedKey {
-		log.Infof("new pre-shared key provided, replacing old key")
-		config.PreSharedKey = *input.PreSharedKey
-		refresh = true
+		if *input.PreSharedKey != "" {
+			log.Infof("new pre-shared key provides, updated to %s (old value %s)",
+				*input.PreSharedKey, config.PreSharedKey)
+			config.PreSharedKey = *input.PreSharedKey
+			refresh = true
+		}
 	}

 	if config.SSHKey == "" {
@@ -254,17 +236,6 @@ func update(input ConfigInput) (*Config, error) {
 		config.WgPort = iface.DefaultWgPort
 		refresh = true
 	}
-
-	if input.WireguardPort != nil {
-		config.WgPort = *input.WireguardPort
-		refresh = true
-	}
-
-	if input.InterfaceName != nil {
-		config.WgIface = *input.InterfaceName
-		refresh = true
-	}
-
 	if input.NATExternalIPs != nil && len(config.NATExternalIPs) != len(input.NATExternalIPs) {
 		config.NATExternalIPs = input.NATExternalIPs
 		refresh = true
@@ -275,11 +246,6 @@ func update(input ConfigInput) (*Config, error) {
 		refresh = true
 	}

-	if input.RosenpassEnabled != nil {
-		config.RosenpassEnabled = *input.RosenpassEnabled
-		refresh = true
-	}
-
 	if refresh {
 		// since we have new management URL, we need to update config file
 		if err := util.WriteJson(input.ConfigPath, config); err != nil {
@@ -339,86 +305,3 @@ func configFileIsExists(path string) bool {
 	_, err := os.Stat(path)
 	return !os.IsNotExist(err)
 }
-
-// UpdateOldManagementURL checks whether client can switch to the new Management URL with port 443 and the management domain.
-// If it can switch, then it updates the config and returns a new one. Otherwise, it returns the provided config.
-// The check is performed only for the NetBird's managed version.
-func UpdateOldManagementURL(ctx context.Context, config *Config, configPath string) (*Config, error) {
-
-	defaultManagementURL, err := parseURL("Management URL", DefaultManagementURL)
-	if err != nil {
-		return nil, err
-	}
-
-	parsedOldDefaultManagementURL, err := parseURL("Management URL", oldDefaultManagementURL)
-	if err != nil {
-		return nil, err
-	}
-
-	if config.ManagementURL.Hostname() != defaultManagementURL.Hostname() &&
-		config.ManagementURL.Hostname() != parsedOldDefaultManagementURL.Hostname() {
-		// only do the check for the NetBird's managed version
-		return config, nil
-	}
-
-	var mgmTlsEnabled bool
-	if config.ManagementURL.Scheme == "https" {
-		mgmTlsEnabled = true
-	}
-
-	if !mgmTlsEnabled {
-		// only do the check for HTTPs scheme (the hosted version of the Management service is always HTTPs)
-		return config, nil
-	}
-
-	if config.ManagementURL.Port() != managementLegacyPortString &&
-		config.ManagementURL.Hostname() == defaultManagementURL.Hostname() {
-		return config, nil
-	}
-
-	newURL, err := parseURL("Management URL", fmt.Sprintf("%s://%s:%d",
-		config.ManagementURL.Scheme, defaultManagementURL.Hostname(), 443))
-	if err != nil {
-		return nil, err
-	}
-	// here we check whether we could switch from the legacy 33073 port to the new 443
-	log.Infof("attempting to switch from the legacy Management URL %s to the new one %s",
-		config.ManagementURL.String(), newURL.String())
-	key, err := wgtypes.ParseKey(config.PrivateKey)
-	if err != nil {
-		log.Infof("couldn't switch to the new Management %s", newURL.String())
-		return config, err
-	}
-
-	client, err := mgm.NewClient(ctx, newURL.Host, key, mgmTlsEnabled)
-	if err != nil {
-		log.Infof("couldn't switch to the new Management %s", newURL.String())
-		return config, err
-	}
-	defer func() {
-		err = client.Close()
-		if err != nil {
-			log.Warnf("failed to close the Management service client %v", err)
-		}
-	}()
-
-	// gRPC check
-	_, err = client.GetServerPublicKey()
-	if err != nil {
-		log.Infof("couldn't switch to the new Management %s", newURL.String())
-		return nil, err
-	}
-
-	// everything is alright => update the config
-	newConfig, err := UpdateConfig(ConfigInput{
-		ManagementURL: newURL.String(),
-		ConfigPath:    configPath,
-	})
-	if err != nil {
-		log.Infof("couldn't switch to the new Management %s", newURL.String())
-		return config, fmt.Errorf("failed updating config file: %v", err)
-	}
-	log.Infof("successfully switched to the new Management URL: %s", newURL.String())
-
-	return newConfig, nil
-}
--- a/client/internal/config_test.go
+++ b/client/internal/config_test.go
@@ -1,16 +1,13 @@
 package internal

 import (
-	"context"
 	"errors"
 	"os"
 	"path/filepath"
 	"testing"

-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-
 	"github.com/netbirdio/netbird/util"
+	"github.com/stretchr/testify/assert"
 )

 func TestGetConfig(t *testing.T) {
@@ -63,7 +60,22 @@ func TestGetConfig(t *testing.T) {
 	assert.Equal(t, config.ManagementURL.String(), managementURL)
 	assert.Equal(t, config.PreSharedKey, preSharedKey)

-	// case 4: existing config, but new managementURL has been provided -> update config
+	// case 4: new empty pre-shared key config -> fetch it
+	newPreSharedKey := ""
+	config, err = UpdateOrCreateConfig(ConfigInput{
+		ManagementURL: managementURL,
+		AdminURL:      adminURL,
+		ConfigPath:    path,
+		PreSharedKey:  &newPreSharedKey,
+	})
+	if err != nil {
+		return
+	}
+
+	assert.Equal(t, config.ManagementURL.String(), managementURL)
+	assert.Equal(t, config.PreSharedKey, preSharedKey)
+
+	// case 5: existing config, but new managementURL has been provided -> update config
 	newManagementURL := "https://test.newManagement.url:33071"
 	config, err = UpdateOrCreateConfig(ConfigInput{
 		ManagementURL: newManagementURL,
@@ -122,60 +134,3 @@ func TestHiddenPreSharedKey(t *testing.T) {
 		})
 	}
 }
-
-func TestUpdateOldManagementURL(t *testing.T) {
-	tests := []struct {
-		name                  string
-		previousManagementURL string
-		expectedManagementURL string
-		fileShouldNotChange   bool
-	}{
-		{
-			name:                  "Update old management URL with legacy port",
-			previousManagementURL: "https://api.wiretrustee.com:33073",
-			expectedManagementURL: DefaultManagementURL,
-		},
-		{
-			name:                  "Update old management URL",
-			previousManagementURL: oldDefaultManagementURL,
-			expectedManagementURL: DefaultManagementURL,
-		},
-		{
-			name:                  "No update needed when management URL is up to date",
-			previousManagementURL: DefaultManagementURL,
-			expectedManagementURL: DefaultManagementURL,
-			fileShouldNotChange:   true,
-		},
-		{
-			name:                  "No update needed when not using cloud management",
-			previousManagementURL: "https://netbird.example.com:33073",
-			expectedManagementURL: "https://netbird.example.com:33073",
-			fileShouldNotChange:   true,
-		},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			tempDir := t.TempDir()
-			configPath := filepath.Join(tempDir, "config.json")
-			config, err := UpdateOrCreateConfig(ConfigInput{
-				ManagementURL: tt.previousManagementURL,
-				ConfigPath:    configPath,
-			})
-			require.NoError(t, err, "failed to create testing config")
-			previousStats, err := os.Stat(configPath)
-			require.NoError(t, err, "failed to create testing config stats")
-			resultConfig, err := UpdateOldManagementURL(context.TODO(), config, configPath)
-			require.NoError(t, err, "got error when updating old management url")
-			require.Equal(t, tt.expectedManagementURL, resultConfig.ManagementURL.String())
-			newStats, err := os.Stat(configPath)
-			require.NoError(t, err, "failed to create testing config stats")
-			switch tt.fileShouldNotChange {
-			case true:
-				require.Equal(t, previousStats.ModTime(), newStats.ModTime(), "file should not change")
-			case false:
-				require.NotEqual(t, previousStats.ModTime(), newStats.ModTime(), "file should have changed")
-			}
-		})
-	}
-}
--- a/client/internal/connect.go
+++ b/client/internal/connect.go
@@ -27,33 +27,11 @@ import (

 // RunClient with main logic.
 func RunClient(ctx context.Context, config *Config, statusRecorder *peer.Status) error {
-	return runClient(ctx, config, statusRecorder, MobileDependency{}, nil, nil, nil, nil)
-}
-
-// RunClientWithProbes runs the client's main logic with probes attached
-func RunClientWithProbes(
-	ctx context.Context,
-	config *Config,
-	statusRecorder *peer.Status,
-	mgmProbe *Probe,
-	signalProbe *Probe,
-	relayProbe *Probe,
-	wgProbe *Probe,
-) error {
-	return runClient(ctx, config, statusRecorder, MobileDependency{}, mgmProbe, signalProbe, relayProbe, wgProbe)
+	return runClient(ctx, config, statusRecorder, MobileDependency{})
 }

 // RunClientMobile with main logic on mobile system
-func RunClientMobile(
-	ctx context.Context,
-	config *Config,
-	statusRecorder *peer.Status,
-	tunAdapter iface.TunAdapter,
-	iFaceDiscover stdnet.ExternalIFaceDiscover,
-	networkChangeListener listener.NetworkChangeListener,
-	dnsAddresses []string,
-	dnsReadyListener dns.ReadyListener,
-) error {
+func RunClientMobile(ctx context.Context, config *Config, statusRecorder *peer.Status, tunAdapter iface.TunAdapter, iFaceDiscover stdnet.ExternalIFaceDiscover, networkChangeListener listener.NetworkChangeListener, dnsAddresses []string, dnsReadyListener dns.ReadyListener) error {
 	// in case of non Android os these variables will be nil
 	mobileDependency := MobileDependency{
 		TunAdapter:            tunAdapter,
@@ -62,35 +40,10 @@ func RunClientMobile(
 		HostDNSAddresses:      dnsAddresses,
 		DnsReadyListener:      dnsReadyListener,
 	}
-	return runClient(ctx, config, statusRecorder, mobileDependency, nil, nil, nil, nil)
+	return runClient(ctx, config, statusRecorder, mobileDependency)
 }

-func RunClientiOS(
-	ctx context.Context,
-	config *Config,
-	statusRecorder *peer.Status,
-	fileDescriptor int32,
-	networkChangeListener listener.NetworkChangeListener,
-	dnsManager dns.IosDnsManager,
-) error {
-	mobileDependency := MobileDependency{
-		FileDescriptor:        fileDescriptor,
-		NetworkChangeListener: networkChangeListener,
-		DnsManager:            dnsManager,
-	}
-	return runClient(ctx, config, statusRecorder, mobileDependency, nil, nil, nil, nil)
-}
-
-func runClient(
-	ctx context.Context,
-	config *Config,
-	statusRecorder *peer.Status,
-	mobileDependency MobileDependency,
-	mgmProbe *Probe,
-	signalProbe *Probe,
-	relayProbe *Probe,
-	wgProbe *Probe,
-) error {
+func runClient(ctx context.Context, config *Config, statusRecorder *peer.Status, mobileDependency MobileDependency) error {
 	log.Infof("starting NetBird client version %s", version.NetbirdVersion())

 	backOff := &backoff.ExponentialBackOff{
@@ -141,7 +94,7 @@ func runClient(

 		engineCtx, cancel := context.WithCancel(ctx)
 		defer func() {
-			statusRecorder.MarkManagementDisconnected(state.err)
+			statusRecorder.MarkManagementDisconnected()
 			statusRecorder.CleanLocalPeerState()
 			cancel()
 		}()
@@ -190,10 +143,8 @@ func runClient(

 		statusRecorder.UpdateSignalAddress(signalURL)

-		statusRecorder.MarkSignalDisconnected(nil)
-		defer func() {
-			statusRecorder.MarkSignalDisconnected(state.err)
-		}()
+		statusRecorder.MarkSignalDisconnected()
+		defer statusRecorder.MarkSignalDisconnected()

 		// with the global Wiretrustee config in hand connect (just a connection, no stream yet) Signal
 		signalClient, err := connectToSignal(engineCtx, loginResp.GetWiretrusteeConfig(), myPrivateKey)
@@ -221,7 +172,7 @@ func runClient(
 			return wrapErr(err)
 		}

-		engine := NewEngineWithProbes(engineCtx, cancel, signalClient, mgmClient, engineConfig, mobileDependency, statusRecorder, mgmProbe, signalProbe, relayProbe, wgProbe)
+		engine := NewEngine(engineCtx, cancel, signalClient, mgmClient, engineConfig, mobileDependency, statusRecorder)
 		err = engine.Start()
 		if err != nil {
 			log.Errorf("error while starting Netbird Connection Engine: %s", err)
@@ -275,7 +226,6 @@ func createEngineConfig(key wgtypes.Key, config *Config, peerConfig *mgmProto.Pe
 		SSHKey:               []byte(config.SSHKey),
 		NATExternalIPs:       config.NATExternalIPs,
 		CustomDNSAddress:     config.CustomDNSAddress,
-		RosenpassEnabled:     config.RosenpassEnabled,
 	}

 	if config.PreSharedKey != "" {
@@ -324,6 +274,83 @@ func loginToManagement(ctx context.Context, client mgm.Client, pubSSHKey []byte)
 	return loginResp, nil
 }

+// UpdateOldManagementPort checks whether client can switch to the new Management port 443.
+// If it can switch, then it updates the config and returns a new one. Otherwise, it returns the provided config.
+// The check is performed only for the NetBird's managed version.
+func UpdateOldManagementPort(ctx context.Context, config *Config, configPath string) (*Config, error) {
+
+	defaultManagementURL, err := parseURL("Management URL", DefaultManagementURL)
+	if err != nil {
+		return nil, err
+	}
+
+	if config.ManagementURL.Hostname() != defaultManagementURL.Hostname() {
+		// only do the check for the NetBird's managed version
+		return config, nil
+	}
+
+	var mgmTlsEnabled bool
+	if config.ManagementURL.Scheme == "https" {
+		mgmTlsEnabled = true
+	}
+
+	if !mgmTlsEnabled {
+		// only do the check for HTTPs scheme (the hosted version of the Management service is always HTTPs)
+		return config, nil
+	}
+
+	if mgmTlsEnabled && config.ManagementURL.Port() == fmt.Sprintf("%d", ManagementLegacyPort) {
+
+		newURL, err := parseURL("Management URL", fmt.Sprintf("%s://%s:%d",
+			config.ManagementURL.Scheme, config.ManagementURL.Hostname(), 443))
+		if err != nil {
+			return nil, err
+		}
+		// here we check whether we could switch from the legacy 33073 port to the new 443
+		log.Infof("attempting to switch from the legacy Management URL %s to the new one %s",
+			config.ManagementURL.String(), newURL.String())
+		key, err := wgtypes.ParseKey(config.PrivateKey)
+		if err != nil {
+			log.Infof("couldn't switch to the new Management %s", newURL.String())
+			return config, err
+		}
+
+		client, err := mgm.NewClient(ctx, newURL.Host, key, mgmTlsEnabled)
+		if err != nil {
+			log.Infof("couldn't switch to the new Management %s", newURL.String())
+			return config, err
+		}
+		defer func() {
+			err = client.Close()
+			if err != nil {
+				log.Warnf("failed to close the Management service client %v", err)
+			}
+		}()
+
+		// gRPC check
+		_, err = client.GetServerPublicKey()
+		if err != nil {
+			log.Infof("couldn't switch to the new Management %s", newURL.String())
+			return nil, err
+		}
+
+		// everything is alright => update the config
+		newConfig, err := UpdateConfig(ConfigInput{
+			ManagementURL: newURL.String(),
+			ConfigPath:    configPath,
+		})
+		if err != nil {
+			log.Infof("couldn't switch to the new Management %s", newURL.String())
+			return config, fmt.Errorf("failed updating config file: %v", err)
+		}
+		log.Infof("successfully switched to the new Management URL: %s", newURL.String())
+
+		return newConfig, nil
+	}
+
+	return config, nil
+}
+
 func statusRecorderToMgmConnStateNotifier(statusRecorder *peer.Status) mgm.ConnStateNotifier {
 	var sri interface{} = statusRecorder
 	mgmNotifier, _ := sri.(mgm.ConnStateNotifier)
--- a/client/internal/dns/file_linux.go
+++ b/client/internal/dns/file_linux.go
@@ -3,6 +3,7 @@
 package dns

 import (
+	"bufio"
 	"bytes"
 	"fmt"
 	"os"
@@ -23,29 +24,25 @@ const (
 )

 type fileConfigurator struct {
-	repair *repair
-
 	originalPerms os.FileMode
 }

 func newFileConfigurator() (hostManager, error) {
-	fc := &fileConfigurator{}
-	fc.repair = newRepair(defaultResolvConfPath, fc.updateConfig)
-	return fc, nil
+	return &fileConfigurator{}, nil
 }

 func (f *fileConfigurator) supportCustomPort() bool {
 	return false
 }

-func (f *fileConfigurator) applyDNSConfig(config HostDNSConfig) error {
+func (f *fileConfigurator) applyDNSConfig(config hostDNSConfig) error {
 	backupFileExist := false
 	_, err := os.Stat(fileDefaultResolvConfBackupLocation)
 	if err == nil {
 		backupFileExist = true
 	}

-	if !config.RouteAll {
+	if !config.routeAll {
 		if backupFileExist {
 			err = f.restore()
 			if err != nil {
@@ -62,35 +59,22 @@ func (f *fileConfigurator) applyDNSConfig(config HostDNSConfig) error {
 		}
 	}

-	nbSearchDomains := searchDomains(config)
-	nbNameserverIP := config.ServerIP
+	searchDomainList := searchDomains(config)

-	resolvConf, err := parseBackupResolvConf()
+	originalSearchDomains, nameServers, others, err := originalDNSConfigs(fileDefaultResolvConfBackupLocation)
 	if err != nil {
 		log.Error(err)
 	}

-	f.repair.stopWatchFileChanges()
-
-	err = f.updateConfig(nbSearchDomains, nbNameserverIP, resolvConf)
-	if err != nil {
-		return err
-	}
-	f.repair.watchFileChanges(nbSearchDomains, nbNameserverIP)
-	return nil
-}
-
-func (f *fileConfigurator) updateConfig(nbSearchDomains []string, nbNameserverIP string, cfg *resolvConf) error {
-	searchDomainList := mergeSearchDomains(nbSearchDomains, cfg.searchDomains)
-	nameServers := generateNsList(nbNameserverIP, cfg)
+	searchDomainList = mergeSearchDomains(searchDomainList, originalSearchDomains)

 	buf := prepareResolvConfContent(
 		searchDomainList,
-		nameServers,
-		cfg.others)
+		append([]string{config.serverIP}, nameServers...),
+		others)

 	log.Debugf("creating managed file %s", defaultResolvConfPath)
-	err := os.WriteFile(defaultResolvConfPath, buf.Bytes(), f.originalPerms)
+	err = os.WriteFile(defaultResolvConfPath, buf.Bytes(), f.originalPerms)
 	if err != nil {
 		restoreErr := f.restore()
 		if restoreErr != nil {
@@ -104,7 +88,6 @@ func (f *fileConfigurator) updateConfig(nbSearchDomains []string, nbNameserverIP
 }

 func (f *fileConfigurator) restoreHostDNS() error {
-	f.repair.stopWatchFileChanges()
 	return f.restore()
 }

@@ -132,18 +115,6 @@ func (f *fileConfigurator) restore() error {
 	return os.RemoveAll(fileDefaultResolvConfBackupLocation)
 }

-// generateNsList generates a list of nameservers from the config and adds the primary nameserver to the beginning of the list
-func generateNsList(nbNameserverIP string, cfg *resolvConf) []string {
-	ns := make([]string, 1, len(cfg.nameServers)+1)
-	ns[0] = nbNameserverIP
-	for _, cfgNs := range cfg.nameServers {
-		if nbNameserverIP != cfgNs {
-			ns = append(ns, cfgNs)
-		}
-	}
-	return ns
-}
-
 func prepareResolvConfContent(searchDomains, nameServers, others []string) bytes.Buffer {
 	var buf bytes.Buffer
 	buf.WriteString(fileGeneratedResolvConfContentHeaderNextLine)
@@ -167,19 +138,83 @@ func prepareResolvConfContent(searchDomains, nameServers, others []string) bytes
 	return buf
 }

-func searchDomains(config HostDNSConfig) []string {
+func searchDomains(config hostDNSConfig) []string {
 	listOfDomains := make([]string, 0)
-	for _, dConf := range config.Domains {
-		if dConf.MatchOnly || dConf.Disabled {
+	for _, dConf := range config.domains {
+		if dConf.matchOnly || dConf.disabled {
 			continue
 		}

-		listOfDomains = append(listOfDomains, dConf.Domain)
+		listOfDomains = append(listOfDomains, dConf.domain)
 	}
 	return listOfDomains
 }

-// merge search Domains lists and cut off the list if it is too long
+func originalDNSConfigs(resolvconfFile string) (searchDomains, nameServers, others []string, err error) {
+	file, err := os.Open(resolvconfFile)
+	if err != nil {
+		err = fmt.Errorf(`could not read existing resolv.conf`)
+		return
+	}
+	defer file.Close()
+
+	reader := bufio.NewReader(file)
+
+	for {
+		lineBytes, isPrefix, readErr := reader.ReadLine()
+		if readErr != nil {
+			break
+		}
+
+		if isPrefix {
+			err = fmt.Errorf(`resolv.conf line too long`)
+			return
+		}
+
+		line := strings.TrimSpace(string(lineBytes))
+
+		if strings.HasPrefix(line, "#") {
+			continue
+		}
+
+		if strings.HasPrefix(line, "domain") {
+			continue
+		}
+
+		if strings.HasPrefix(line, "options") && strings.Contains(line, "rotate") {
+			line = strings.ReplaceAll(line, "rotate", "")
+			splitLines := strings.Fields(line)
+			if len(splitLines) == 1 {
+				continue
+			}
+			line = strings.Join(splitLines, " ")
+		}
+
+		if strings.HasPrefix(line, "search") {
+			splitLines := strings.Fields(line)
+			if len(splitLines) < 2 {
+				continue
+			}
+
+			searchDomains = splitLines[1:]
+			continue
+		}
+
+		if strings.HasPrefix(line, "nameserver") {
+			splitLines := strings.Fields(line)
+			if len(splitLines) != 2 {
+				continue
+			}
+			nameServers = append(nameServers, splitLines[1])
+			continue
+		}
+
+		others = append(others, line)
+	}
+	return
+}
+
+// merge search domains lists and cut off the list if it is too long
 func mergeSearchDomains(searchDomains []string, originalSearchDomains []string) []string {
 	lineSize := len("search")
 	searchDomainsList := make([]string, 0, len(searchDomains)+len(originalSearchDomains))
@@ -190,27 +225,14 @@ func mergeSearchDomains(searchDomains []string, originalSearchDomains []string)
 	return searchDomainsList
 }

-// validateAndFillSearchDomains checks if the search Domains list is not too long and if the line is not too long
+// validateAndFillSearchDomains checks if the search domains list is not too long and if the line is not too long
 // extend s slice with vs elements
 // return with the number of characters in the searchDomains line
 func validateAndFillSearchDomains(initialLineChars int, s *[]string, vs []string) int {
 	for _, sd := range vs {
-		duplicated := false
-		for _, fs := range *s {
-			if fs == sd {
-				duplicated = true
-				break
-			}
-
-		}
-
-		if duplicated {
-			continue
-		}
-
 		tmpCharsNumber := initialLineChars + 1 + len(sd)
 		if tmpCharsNumber > fileMaxLineCharsLimit {
-			// lets log all skipped Domains
+			// lets log all skipped domains
 			log.Infof("search list line is larger than %d characters. Skipping append of %s domain", fileMaxLineCharsLimit, sd)
 			continue
 		}
@@ -218,13 +240,12 @@ func validateAndFillSearchDomains(initialLineChars int, s *[]string, vs []string
 		initialLineChars = tmpCharsNumber

 		if len(*s) >= fileMaxNumberOfSearchDomains {
-			// lets log all skipped Domains
+			// lets log all skipped domains
 			log.Infof("already appended %d domains to search list. Skipping append of %s domain", fileMaxNumberOfSearchDomains, sd)
 			continue
 		}
 		*s = append(*s, sd)
 	}
-
 	return initialLineChars
 }

@@ -245,18 +266,3 @@ func copyFile(src, dest string) error {
 	}
 	return nil
 }
-
-func isContains(subList []string, list []string) bool {
-	for _, sl := range subList {
-		var found bool
-		for _, l := range list {
-			if sl == l {
-				found = true
-			}
-		}
-		if !found {
-			return false
-		}
-	}
-	return true
-}
--- a/client/internal/dns/file_linux_test.go
+++ b/client/internal/dns/file_linux_test.go
@@ -1,5 +1,3 @@
-//go:build !android
-
 package dns

 import (
@@ -9,7 +7,7 @@ import (

 func Test_mergeSearchDomains(t *testing.T) {
 	searchDomains := []string{"a", "b"}
-	originDomains := []string{"c", "d"}
+	originDomains := []string{"a", "b"}
 	mergedDomains := mergeSearchDomains(searchDomains, originDomains)
 	if len(mergedDomains) != 4 {
 		t.Errorf("invalid len of result domains: %d, want: %d", len(mergedDomains), 4)
@@ -51,67 +49,6 @@ func Test_mergeSearchTooLongDomain(t *testing.T) {
 	}
 }

-func Test_isContains(t *testing.T) {
-	type args struct {
-		subList []string
-		list    []string
-	}
-	tests := []struct {
-		args args
-		want bool
-	}{
-		{
-			args: args{
-				subList: []string{"a", "b", "c"},
-				list:    []string{"a", "b", "c"},
-			},
-			want: true,
-		},
-		{
-			args: args{
-				subList: []string{"a"},
-				list:    []string{"a", "b", "c"},
-			},
-			want: true,
-		},
-		{
-			args: args{
-				subList: []string{"d"},
-				list:    []string{"a", "b", "c"},
-			},
-			want: false,
-		},
-		{
-			args: args{
-				subList: []string{"a"},
-				list:    []string{},
-			},
-			want: false,
-		},
-		{
-			args: args{
-				subList: []string{},
-				list:    []string{"b"},
-			},
-			want: true,
-		},
-		{
-			args: args{
-				subList: []string{},
-				list:    []string{},
-			},
-			want: true,
-		},
-	}
-	for _, tt := range tests {
-		t.Run("list check test", func(t *testing.T) {
-			if got := isContains(tt.args.subList, tt.args.list); got != tt.want {
-				t.Errorf("isContains() = %v, want %v", got, tt.want)
-			}
-		})
-	}
-}
-
 func getLongLine() string {
 	x := "search "
 	for {
--- a/client/internal/dns/file_parser_linux.go
+++ b/client/internal/dns/file_parser_linux.go
@@ -1,105 +0,0 @@
-//go:build !android
-
-package dns
-
-import (
-	"fmt"
-	"os"
-	"strings"
-
-	log "github.com/sirupsen/logrus"
-)
-
-const (
-	defaultResolvConfPath = "/etc/resolv.conf"
-)
-
-type resolvConf struct {
-	nameServers   []string
-	searchDomains []string
-	others        []string
-}
-
-func (r *resolvConf) String() string {
-	return fmt.Sprintf("search domains: %v, name servers: %v, others: %s", r.searchDomains, r.nameServers, r.others)
-}
-
-func parseDefaultResolvConf() (*resolvConf, error) {
-	return parseResolvConfFile(defaultResolvConfPath)
-}
-
-func parseBackupResolvConf() (*resolvConf, error) {
-	return parseResolvConfFile(fileDefaultResolvConfBackupLocation)
-}
-
-func parseResolvConfFile(resolvConfFile string) (*resolvConf, error) {
-	file, err := os.Open(resolvConfFile)
-	if err != nil {
-		return nil, fmt.Errorf("failed to open %s file: %w", resolvConfFile, err)
-	}
-	defer func() {
-		if err := file.Close(); err != nil {
-			log.Errorf("failed closing %s: %s", resolvConfFile, err)
-		}
-	}()
-
-	cur, err := os.ReadFile(resolvConfFile)
-	if err != nil {
-		return nil, fmt.Errorf("failed to read %s file: %w", resolvConfFile, err)
-	}
-
-	if len(cur) == 0 {
-		return nil, fmt.Errorf("file is empty")
-	}
-
-	rconf := &resolvConf{
-		searchDomains: make([]string, 0),
-		nameServers:   make([]string, 0),
-		others:        make([]string, 0),
-	}
-
-	for _, line := range strings.Split(string(cur), "\n") {
-		line = strings.TrimSpace(line)
-
-		if strings.HasPrefix(line, "#") {
-			continue
-		}
-
-		if strings.HasPrefix(line, "domain") {
-			continue
-		}
-
-		if strings.HasPrefix(line, "options") && strings.Contains(line, "rotate") {
-			line = strings.ReplaceAll(line, "rotate", "")
-			splitLines := strings.Fields(line)
-			if len(splitLines) == 1 {
-				continue
-			}
-			line = strings.Join(splitLines, " ")
-		}
-
-		if strings.HasPrefix(line, "search") {
-			splitLines := strings.Fields(line)
-			if len(splitLines) < 2 {
-				continue
-			}
-
-			rconf.searchDomains = splitLines[1:]
-			continue
-		}
-
-		if strings.HasPrefix(line, "nameserver") {
-			splitLines := strings.Fields(line)
-			if len(splitLines) != 2 {
-				continue
-			}
-			rconf.nameServers = append(rconf.nameServers, splitLines[1])
-			continue
-		}
-
-		if line != "" {
-			rconf.others = append(rconf.others, line)
-		}
-	}
-	return rconf, nil
-}
--- a/client/internal/dns/file_parser_linux_test.go
+++ b/client/internal/dns/file_parser_linux_test.go
@@ -1,149 +0,0 @@
-//go:build !android
-
-package dns
-
-import (
-	"fmt"
-	"os"
-	"testing"
-)
-
-func Test_parseResolvConf(t *testing.T) {
-	testCases := []struct {
-		input          string
-		expectedSearch []string
-		expectedNS     []string
-		expectedOther  []string
-	}{
-		{
-			input: `domain chello.hu
-search chello.hu
-nameserver 192.168.0.1
-`,
-			expectedSearch: []string{"chello.hu"},
-			expectedNS:     []string{"192.168.0.1"},
-			expectedOther:  []string{},
-		},
-		{
-			input: `# This is /run/systemd/resolve/resolv.conf managed by man:systemd-resolved(8).
-# Do not edit.
-#
-# This file might be symlinked as /etc/resolv.conf. If you're looking at
-# /etc/resolv.conf and seeing this text, you have followed the symlink.
-#
-# This is a dynamic resolv.conf file for connecting local clients directly to
-# all known uplink DNS servers. This file lists all configured search domains.
-#
-# Third party programs should typically not access this file directly, but only
-# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
-# different way, replace this symlink by a static file or a different symlink.
-#
-# See man:systemd-resolved.service(8) for details about the supported modes of
-# operation for /etc/resolv.conf.
-
-nameserver 192.168.2.1
-nameserver 100.81.99.197
-search netbird.cloud
-`,
-			expectedSearch: []string{"netbird.cloud"},
-			expectedNS:     []string{"192.168.2.1", "100.81.99.197"},
-			expectedOther:  []string{},
-		},
-		{
-			input: `# This is /run/systemd/resolve/resolv.conf managed by man:systemd-resolved(8).
-# Do not edit.
-#
-# This file might be symlinked as /etc/resolv.conf. If you're looking at
-# /etc/resolv.conf and seeing this text, you have followed the symlink.
-#
-# This is a dynamic resolv.conf file for connecting local clients directly to
-# all known uplink DNS servers. This file lists all configured search domains.
-#
-# Third party programs should typically not access this file directly, but only
-# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
-# different way, replace this symlink by a static file or a different symlink.
-#
-# See man:systemd-resolved.service(8) for details about the supported modes of
-# operation for /etc/resolv.conf.
-
-nameserver 192.168.2.1
-nameserver 100.81.99.197
-search netbird.cloud
-options debug
-`,
-			expectedSearch: []string{"netbird.cloud"},
-			expectedNS:     []string{"192.168.2.1", "100.81.99.197"},
-			expectedOther:  []string{"options debug"},
-		},
-		{
-			input: `# This is /run/systemd/resolve/resolv.conf managed by man:systemd-resolved(8).
-# Do not edit.
-#
-# This file might be symlinked as /etc/resolv.conf. If you're looking at
-# /etc/resolv.conf and seeing this text, you have followed the symlink.
-#
-# This is a dynamic resolv.conf file for connecting local clients directly to
-# all known uplink DNS servers. This file lists all configured search domains.
-#
-# Third party programs should typically not access this file directly, but only
-# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
-# different way, replace this symlink by a static file or a different symlink.
-#
-# See man:systemd-resolved.service(8) for details about the supported modes of
-# operation for /etc/resolv.conf.
-
-nameserver 192.168.2.1
-nameserver 100.81.99.197
-search netbird.cloud
-options debug
-options edns0 trust-ad
-`,
-			expectedSearch: []string{"netbird.cloud"},
-			expectedNS:     []string{"192.168.2.1", "100.81.99.197"},
-			expectedOther:  []string{"options debug", "options edns0 trust-ad"},
-		},
-	}
-
-	for _, testCase := range testCases {
-		testCase := testCase
-		t.Run("test", func(t *testing.T) {
-			t.Parallel()
-			tmpResolvConf := fmt.Sprintf("%s/%s", t.TempDir(), "resolv.conf")
-			err := os.WriteFile(tmpResolvConf, []byte(testCase.input), 0644)
-			if err != nil {
-				t.Fatal(err)
-			}
-			cfg, err := parseResolvConfFile(tmpResolvConf)
-			if err != nil {
-				t.Fatal(err)
-			}
-			ok := compareLists(cfg.searchDomains, testCase.expectedSearch)
-			if !ok {
-				t.Errorf("invalid parse result for search domains, expected: %v, got: %v", testCase.expectedSearch, cfg.searchDomains)
-			}
-
-			ok = compareLists(cfg.nameServers, testCase.expectedNS)
-			if !ok {
-				t.Errorf("invalid parse result for ns domains, expected: %v, got: %v", testCase.expectedNS, cfg.nameServers)
-			}
-
-			ok = compareLists(cfg.others, testCase.expectedOther)
-			if !ok {
-				t.Errorf("invalid parse result for others, expected: %v, got: %v", testCase.expectedOther, cfg.others)
-			}
-		})
-	}
-
-}
-
-func compareLists(search []string, search2 []string) bool {
-	if len(search) != len(search2) {
-		return false
-	}
-	for i, v := range search {
-		if v != search2[i] {
-			return false
-		}
-	}
-	return true
-}
--- a/client/internal/dns/file_repair_linux.go
+++ b/client/internal/dns/file_repair_linux.go
@@ -1,151 +0,0 @@
-//go:build !android
-
-package dns
-
-import (
-	"fmt"
-	"path"
-	"sync"
-
-	"github.com/fsnotify/fsnotify"
-	log "github.com/sirupsen/logrus"
-)
-
-var (
-	eventTypes = []fsnotify.Op{
-		fsnotify.Create,
-		fsnotify.Write,
-		fsnotify.Remove,
-		fsnotify.Rename,
-	}
-)
-
-type repairConfFn func([]string, string, *resolvConf) error
-
-type repair struct {
-	operationFile string
-	updateFn      repairConfFn
-	watchDir      string
-
-	inotify   *fsnotify.Watcher
-	inotifyWg sync.WaitGroup
-}
-
-func newRepair(operationFile string, updateFn repairConfFn) *repair {
-	return &repair{
-		operationFile: operationFile,
-		watchDir:      path.Dir(operationFile),
-		updateFn:      updateFn,
-	}
-}
-
-func (f *repair) watchFileChanges(nbSearchDomains []string, nbNameserverIP string) {
-	if f.inotify != nil {
-		return
-	}
-
-	log.Infof("start to watch resolv.conf")
-	inotify, err := fsnotify.NewWatcher()
-	if err != nil {
-		log.Errorf("failed to start inotify watcher for resolv.conf: %s", err)
-		return
-	}
-	f.inotify = inotify
-
-	f.inotifyWg.Add(1)
-	go func() {
-		defer f.inotifyWg.Done()
-		for event := range f.inotify.Events {
-			if !f.isEventRelevant(event) {
-				continue
-			}
-
-			log.Tracef("resolv.conf changed, check if it is broken")
-
-			rConf, err := parseResolvConfFile(f.operationFile)
-			if err != nil {
-				log.Warnf("failed to parse resolv conf: %s", err)
-				continue
-			}
-
-			log.Debugf("check resolv.conf parameters: %s", rConf)
-			if !isNbParamsMissing(nbSearchDomains, nbNameserverIP, rConf) {
-				log.Tracef("resolv.conf still correct, skip the update")
-				continue
-			}
-			log.Info("broken params in resolv.conf, repairing it...")
-
-			err = f.inotify.Remove(f.watchDir)
-			if err != nil {
-				log.Errorf("failed to rm inotify watch for resolv.conf: %s", err)
-			}
-
-			err = f.updateFn(nbSearchDomains, nbNameserverIP, rConf)
-			if err != nil {
-				log.Errorf("failed to repair resolv.conf: %v", err)
-			}
-
-			err = f.inotify.Add(f.watchDir)
-			if err != nil {
-				log.Errorf("failed to readd inotify watch for resolv.conf: %s", err)
-				return
-			}
-		}
-	}()
-
-	err = f.inotify.Add(f.watchDir)
-	if err != nil {
-		log.Errorf("failed to add inotify watch for resolv.conf: %s", err)
-		return
-	}
-}
-
-func (f *repair) stopWatchFileChanges() {
-	if f.inotify == nil {
-		return
-	}
-	err := f.inotify.Close()
-	if err != nil {
-		log.Warnf("failed to close resolv.conf inotify: %v", err)
-	}
-	f.inotifyWg.Wait()
-	f.inotify = nil
-}
-
-func (f *repair) isEventRelevant(event fsnotify.Event) bool {
-	var ok bool
-	for _, et := range eventTypes {
-		if event.Has(et) {
-			ok = true
-			break
-		}
-	}
-	if !ok {
-		return false
-	}
-
-	operationFileSymlink := fmt.Sprintf("%s~", f.operationFile)
-	if event.Name == f.operationFile || event.Name == operationFileSymlink {
-		return true
-	}
-	return false
-}
-
-// nbParamsAreMissing checks if the resolv.conf file contains all the parameters that NetBird needs
-// check the NetBird related nameserver IP at the first place
-// check the NetBird related search domains in the search domains list
-func isNbParamsMissing(nbSearchDomains []string, nbNameserverIP string, rConf *resolvConf) bool {
-	if !isContains(nbSearchDomains, rConf.searchDomains) {
-		return true
-	}
-
-	if len(rConf.nameServers) == 0 {
-		return true
-	}
-
-	if rConf.nameServers[0] != nbNameserverIP {
-		return true
-	}
-
-	return false
-}
--- a/client/internal/dns/file_repair_linux_test.go
+++ b/client/internal/dns/file_repair_linux_test.go
@@ -1,130 +0,0 @@
-//go:build !android
-
-package dns
-
-import (
-	"context"
-	"os"
-	"testing"
-	"time"
-
-	"github.com/netbirdio/netbird/util"
-)
-
-func TestMain(m *testing.M) {
-	_ = util.InitLog("debug", "console")
-	code := m.Run()
-	os.Exit(code)
-}
-
-func Test_newRepairtmp(t *testing.T) {
-	type args struct {
-		resolvConfContent  string
-		touchedConfContent string
-		wantChange         bool
-	}
-	tests := []args{
-		{
-			resolvConfContent: `
-nameserver 10.0.0.1
-nameserver 8.8.8.8
-searchdomain netbird.cloud something`,
-
-			touchedConfContent: `
-nameserver 8.8.8.8
-searchdomain netbird.cloud something`,
-			wantChange: true,
-		},
-		{
-			resolvConfContent: `
-nameserver 10.0.0.1
-nameserver 8.8.8.8
-searchdomain netbird.cloud something`,
-
-			touchedConfContent: `
-nameserver 10.0.0.1
-nameserver 8.8.8.8
-searchdomain netbird.cloud something somethingelse`,
-			wantChange: false,
-		},
-		{
-			resolvConfContent: `
-nameserver 10.0.0.1
-nameserver 8.8.8.8
-searchdomain netbird.cloud something`,
-
-			touchedConfContent: `
-nameserver 10.0.0.1
-searchdomain netbird.cloud something`,
-			wantChange: false,
-		},
-		{
-			resolvConfContent: `
-nameserver 10.0.0.1
-nameserver 8.8.8.8
-searchdomain netbird.cloud something`,
-
-			touchedConfContent: `
-searchdomain something`,
-			wantChange: true,
-		},
-		{
-			resolvConfContent: `
-nameserver 10.0.0.1
-nameserver 8.8.8.8
-searchdomain netbird.cloud something`,
-
-			touchedConfContent: `
-nameserver 10.0.0.1`,
-			wantChange: true,
-		},
-		{
-			resolvConfContent: `
-nameserver 10.0.0.1
-nameserver 8.8.8.8
-searchdomain netbird.cloud something`,
-
-			touchedConfContent: `
-nameserver 8.8.8.8`,
-			wantChange: true,
-		},
-	}
-
-	for _, tt := range tests {
-		tt := tt
-		t.Run("test", func(t *testing.T) {
-			t.Parallel()
-			workDir := t.TempDir()
-			operationFile := workDir + "/resolv.conf"
-			err := os.WriteFile(operationFile, []byte(tt.resolvConfContent), 0755)
-			if err != nil {
-				t.Fatalf("failed to write out resolv.conf: %s", err)
-			}
-
-			var changed bool
-			ctx, cancel := context.WithTimeout(context.Background(), time.Second)
-			updateFn := func([]string, string, *resolvConf) error {
-				changed = true
-				cancel()
-				return nil
-			}
-
-			r := newRepair(operationFile, updateFn)
-			r.watchFileChanges([]string{"netbird.cloud"}, "10.0.0.1")
-
-			err = os.WriteFile(operationFile, []byte(tt.touchedConfContent), 0755)
-			if err != nil {
-				t.Fatalf("failed to write out resolv.conf: %s", err)
-			}
-
-			<-ctx.Done()
-
-			r.stopWatchFileChanges()
-
-			if changed != tt.wantChange {
-				t.Errorf("unexpected result: want: %v, got: %v", tt.wantChange, changed)
-			}
-		})
-	}
-
-}
--- a/client/internal/dns/host.go
+++ b/client/internal/dns/host.go
@@ -8,31 +8,31 @@ import (
 )

 type hostManager interface {
-	applyDNSConfig(config HostDNSConfig) error
+	applyDNSConfig(config hostDNSConfig) error
 	restoreHostDNS() error
 	supportCustomPort() bool
 }

-type HostDNSConfig struct {
-	Domains    []DomainConfig `json:"domains"`
-	RouteAll   bool           `json:"routeAll"`
-	ServerIP   string         `json:"serverIP"`
-	ServerPort int            `json:"serverPort"`
+type hostDNSConfig struct {
+	domains    []domainConfig
+	routeAll   bool
+	serverIP   string
+	serverPort int
 }

-type DomainConfig struct {
-	Disabled  bool   `json:"disabled"`
-	Domain    string `json:"domain"`
-	MatchOnly bool   `json:"matchOnly"`
+type domainConfig struct {
+	disabled  bool
+	domain    string
+	matchOnly bool
 }

 type mockHostConfigurator struct {
-	applyDNSConfigFunc    func(config HostDNSConfig) error
+	applyDNSConfigFunc    func(config hostDNSConfig) error
 	restoreHostDNSFunc    func() error
 	supportCustomPortFunc func() bool
 }

-func (m *mockHostConfigurator) applyDNSConfig(config HostDNSConfig) error {
+func (m *mockHostConfigurator) applyDNSConfig(config hostDNSConfig) error {
 	if m.applyDNSConfigFunc != nil {
 		return m.applyDNSConfigFunc(config)
 	}
@@ -55,38 +55,38 @@ func (m *mockHostConfigurator) supportCustomPort() bool {

 func newNoopHostMocker() hostManager {
 	return &mockHostConfigurator{
-		applyDNSConfigFunc:    func(config HostDNSConfig) error { return nil },
+		applyDNSConfigFunc:    func(config hostDNSConfig) error { return nil },
 		restoreHostDNSFunc:    func() error { return nil },
 		supportCustomPortFunc: func() bool { return true },
 	}
 }

-func dnsConfigToHostDNSConfig(dnsConfig nbdns.Config, ip string, port int) HostDNSConfig {
-	config := HostDNSConfig{
-		RouteAll:   false,
-		ServerIP:   ip,
-		ServerPort: port,
+func dnsConfigToHostDNSConfig(dnsConfig nbdns.Config, ip string, port int) hostDNSConfig {
+	config := hostDNSConfig{
+		routeAll:   false,
+		serverIP:   ip,
+		serverPort: port,
 	}
 	for _, nsConfig := range dnsConfig.NameServerGroups {
 		if len(nsConfig.NameServers) == 0 {
 			continue
 		}
 		if nsConfig.Primary {
-			config.RouteAll = true
+			config.routeAll = true
 		}

 		for _, domain := range nsConfig.Domains {
-			config.Domains = append(config.Domains, DomainConfig{
-				Domain:    strings.TrimSuffix(domain, "."),
-				MatchOnly: !nsConfig.SearchDomainsEnabled,
+			config.domains = append(config.domains, domainConfig{
+				domain:    strings.TrimSuffix(domain, "."),
+				matchOnly: !nsConfig.SearchDomainsEnabled,
 			})
 		}
 	}

 	for _, customZone := range dnsConfig.CustomZones {
-		config.Domains = append(config.Domains, DomainConfig{
-			Domain:    strings.TrimSuffix(customZone.Domain, "."),
-			MatchOnly: false,
+		config.domains = append(config.domains, domainConfig{
+			domain:    strings.TrimSuffix(customZone.Domain, "."),
+			matchOnly: false,
 		})
 	}

--- a/client/internal/dns/host_android.go
+++ b/client/internal/dns/host_android.go
@@ -7,7 +7,7 @@ func newHostManager(wgInterface WGIface) (hostManager, error) {
 	return &androidHostManager{}, nil
 }

-func (a androidHostManager) applyDNSConfig(config HostDNSConfig) error {
+func (a androidHostManager) applyDNSConfig(config hostDNSConfig) error {
 	return nil
 }

--- a/client/internal/dns/host_darwin.go
+++ b/client/internal/dns/host_darwin.go
@@ -1,5 +1,3 @@
-//go:build !ios
-
 package dns

 import (
@@ -44,11 +42,11 @@ func (s *systemConfigurator) supportCustomPort() bool {
 	return true
 }

-func (s *systemConfigurator) applyDNSConfig(config HostDNSConfig) error {
+func (s *systemConfigurator) applyDNSConfig(config hostDNSConfig) error {
 	var err error

-	if config.RouteAll {
-		err = s.addDNSSetupForAll(config.ServerIP, config.ServerPort)
+	if config.routeAll {
+		err = s.addDNSSetupForAll(config.serverIP, config.serverPort)
 		if err != nil {
 			return err
 		}
@@ -58,7 +56,7 @@ func (s *systemConfigurator) applyDNSConfig(config HostDNSConfig) error {
 			return err
 		}
 		s.primaryServiceID = ""
-		log.Infof("removed %s:%d as main DNS resolver for this peer", config.ServerIP, config.ServerPort)
+		log.Infof("removed %s:%d as main DNS resolver for this peer", config.serverIP, config.serverPort)
 	}

 	var (
@@ -66,20 +64,20 @@ func (s *systemConfigurator) applyDNSConfig(config HostDNSConfig) error {
 		matchDomains  []string
 	)

-	for _, dConf := range config.Domains {
-		if dConf.Disabled {
+	for _, dConf := range config.domains {
+		if dConf.disabled {
 			continue
 		}
-		if dConf.MatchOnly {
-			matchDomains = append(matchDomains, dConf.Domain)
+		if dConf.matchOnly {
+			matchDomains = append(matchDomains, dConf.domain)
 			continue
 		}
-		searchDomains = append(searchDomains, dConf.Domain)
+		searchDomains = append(searchDomains, dConf.domain)
 	}

 	matchKey := getKeyWithInput(netbirdDNSStateKeyFormat, matchSuffix)
 	if len(matchDomains) != 0 {
-		err = s.addMatchDomains(matchKey, strings.Join(matchDomains, " "), config.ServerIP, config.ServerPort)
+		err = s.addMatchDomains(matchKey, strings.Join(matchDomains, " "), config.serverIP, config.serverPort)
 	} else {
 		log.Infof("removing match domains from the system")
 		err = s.removeKeyFromSystemConfig(matchKey)
@@ -90,7 +88,7 @@ func (s *systemConfigurator) applyDNSConfig(config HostDNSConfig) error {

 	searchKey := getKeyWithInput(netbirdDNSStateKeyFormat, searchSuffix)
 	if len(searchDomains) != 0 {
-		err = s.addSearchDomains(searchKey, strings.Join(searchDomains, " "), config.ServerIP, config.ServerPort)
+		err = s.addSearchDomains(searchKey, strings.Join(searchDomains, " "), config.serverIP, config.serverPort)
 	} else {
 		log.Infof("removing search domains from the system")
 		err = s.removeKeyFromSystemConfig(searchKey)
--- a/client/internal/dns/host_ios.go
+++ b/client/internal/dns/host_ios.go
@@ -1,37 +0,0 @@
-package dns
-
-import (
-	"encoding/json"
-
-	log "github.com/sirupsen/logrus"
-)
-
-type iosHostManager struct {
-	dnsManager IosDnsManager
-	config     HostDNSConfig
-}
-
-func newHostManager(dnsManager IosDnsManager) (hostManager, error) {
-	return &iosHostManager{
-		dnsManager: dnsManager,
-	}, nil
-}
-
-func (a iosHostManager) applyDNSConfig(config HostDNSConfig) error {
-	jsonData, err := json.Marshal(config)
-	if err != nil {
-		return err
-	}
-	jsonString := string(jsonData)
-	log.Debugf("Applying DNS settings: %s", jsonString)
-	a.dnsManager.ApplyDns(jsonString)
-	return nil
-}
-
-func (a iosHostManager) restoreHostDNS() error {
-	return nil
-}
-
-func (a iosHostManager) supportCustomPort() bool {
-	return false
-}
--- a/client/internal/dns/host_linux.go
+++ b/client/internal/dns/host_linux.go
@@ -11,6 +11,10 @@ import (
 	log "github.com/sirupsen/logrus"
 )

+const (
+	defaultResolvConfPath = "/etc/resolv.conf"
+)
+
 const (
 	netbirdManager osManagerType = iota
 	fileManager
@@ -81,11 +85,7 @@ func getOSDNSManagerType() (osManagerType, error) {
 			return networkManager, nil
 		}
 		if strings.Contains(text, "systemd-resolved") && isDbusListenerRunning(systemdResolvedDest, systemdDbusObjectNode) {
-			if checkStub() {
-				return systemdManager, nil
-			} else {
-				return fileManager, nil
-			}
+			return systemdManager, nil
 		}
 		if strings.Contains(text, "resolvconf") {
 			if isDbusListenerRunning(systemdResolvedDest, systemdDbusObjectNode) {
@@ -103,20 +103,3 @@ func getOSDNSManagerType() (osManagerType, error) {
 	}
 	return fileManager, nil
 }
-
-// checkStub checks if the stub resolver is disabled in systemd-resolved. If it is disabled, we fall back to file manager.
-func checkStub() bool {
-	rConf, err := parseDefaultResolvConf()
-	if err != nil {
-		log.Warnf("failed to parse resolv conf: %s", err)
-		return true
-	}
-
-	for _, ns := range rConf.nameServers {
-		if ns == "127.0.0.53" {
-			return true
-		}
-	}
-
-	return false
-}
--- a/client/internal/dns/host_windows.go
+++ b/client/internal/dns/host_windows.go
@@ -43,10 +43,10 @@ func (s *registryConfigurator) supportCustomPort() bool {
 	return false
 }

-func (r *registryConfigurator) applyDNSConfig(config HostDNSConfig) error {
+func (r *registryConfigurator) applyDNSConfig(config hostDNSConfig) error {
 	var err error
-	if config.RouteAll {
-		err = r.addDNSSetupForAll(config.ServerIP)
+	if config.routeAll {
+		err = r.addDNSSetupForAll(config.serverIP)
 		if err != nil {
 			return err
 		}
@@ -56,7 +56,7 @@ func (r *registryConfigurator) applyDNSConfig(config HostDNSConfig) error {
 			return err
 		}
 		r.routingAll = false
-		log.Infof("removed %s as main DNS forwarder for this peer", config.ServerIP)
+		log.Infof("removed %s as main DNS forwarder for this peer", config.serverIP)
 	}

 	var (
@@ -64,18 +64,18 @@ func (r *registryConfigurator) applyDNSConfig(config HostDNSConfig) error {
 		matchDomains  []string
 	)

-	for _, dConf := range config.Domains {
-		if dConf.Disabled {
+	for _, dConf := range config.domains {
+		if dConf.disabled {
 			continue
 		}
-		if !dConf.MatchOnly {
-			searchDomains = append(searchDomains, dConf.Domain)
+		if !dConf.matchOnly {
+			searchDomains = append(searchDomains, dConf.domain)
 		}
-		matchDomains = append(matchDomains, "."+dConf.Domain)
+		matchDomains = append(matchDomains, "."+dConf.domain)
 	}

 	if len(matchDomains) != 0 {
-		err = r.addDNSMatchPolicy(matchDomains, config.ServerIP)
+		err = r.addDNSMatchPolicy(matchDomains, config.serverIP)
 	} else {
 		err = removeRegistryKeyFromDNSPolicyConfig(dnsPolicyConfigMatchPath)
 	}
--- a/client/internal/dns/local.go
+++ b/client/internal/dns/local.go
@@ -71,5 +71,3 @@ func buildRecordKey(name string, class, qType uint16) string {
 	key := fmt.Sprintf("%s_%d_%d", name, class, qType)
 	return key
 }
-
-func (d *localResolver) probeAvailability() {}
--- a/client/internal/dns/local_test.go
+++ b/client/internal/dns/local_test.go
@@ -1,12 +1,10 @@
 package dns

 import (
+	"github.com/miekg/dns"
+	nbdns "github.com/netbirdio/netbird/dns"
 	"strings"
 	"testing"
-
-	"github.com/miekg/dns"
-
-	nbdns "github.com/netbirdio/netbird/dns"
 )

 func TestLocalResolver_ServeDNS(t *testing.T) {
--- a/client/internal/dns/mock_server.go
+++ b/client/internal/dns/mock_server.go
@@ -33,7 +33,7 @@ func (m *MockServer) DnsIP() string {
 }

 func (m *MockServer) OnUpdatedHostDNSServer(strings []string) {
-	// TODO implement me
+	//TODO implement me
 	panic("implement me")
 }

@@ -48,7 +48,3 @@ func (m *MockServer) UpdateDNSServer(serial uint64, update nbdns.Config) error {
 func (m *MockServer) SearchDomains() []string {
 	return make([]string, 0)
 }
-
-// ProbeAvailability mocks implementation of ProbeAvailability from the Server interface
-func (m *MockServer) ProbeAvailability() {
-}
--- a/client/internal/dns/network_manager_linux.go
+++ b/client/internal/dns/network_manager_linux.go
@@ -12,9 +12,8 @@ import (
 	"github.com/godbus/dbus/v5"
 	"github.com/hashicorp/go-version"
 	"github.com/miekg/dns"
-	log "github.com/sirupsen/logrus"
-
 	nbversion "github.com/netbirdio/netbird/version"
+	log "github.com/sirupsen/logrus"
 )

 const (
@@ -94,7 +93,7 @@ func (n *networkManagerDbusConfigurator) supportCustomPort() bool {
 	return false
 }

-func (n *networkManagerDbusConfigurator) applyDNSConfig(config HostDNSConfig) error {
+func (n *networkManagerDbusConfigurator) applyDNSConfig(config hostDNSConfig) error {
 	connSettings, configVersion, err := n.getAppliedConnectionSettings()
 	if err != nil {
 		return fmt.Errorf("got an error while retrieving the applied connection settings, error: %s", err)
@@ -102,7 +101,7 @@ func (n *networkManagerDbusConfigurator) applyDNSConfig(config HostDNSConfig) er

 	connSettings.cleanDeprecatedSettings()

-	dnsIP, err := netip.ParseAddr(config.ServerIP)
+	dnsIP, err := netip.ParseAddr(config.serverIP)
 	if err != nil {
 		return fmt.Errorf("unable to parse ip address, error: %s", err)
 	}
@@ -112,33 +111,33 @@ func (n *networkManagerDbusConfigurator) applyDNSConfig(config HostDNSConfig) er
 		searchDomains []string
 		matchDomains  []string
 	)
-	for _, dConf := range config.Domains {
-		if dConf.Disabled {
+	for _, dConf := range config.domains {
+		if dConf.disabled {
 			continue
 		}
-		if dConf.MatchOnly {
-			matchDomains = append(matchDomains, "~."+dns.Fqdn(dConf.Domain))
+		if dConf.matchOnly {
+			matchDomains = append(matchDomains, "~."+dns.Fqdn(dConf.domain))
 			continue
 		}
-		searchDomains = append(searchDomains, dns.Fqdn(dConf.Domain))
+		searchDomains = append(searchDomains, dns.Fqdn(dConf.domain))
 	}

 	newDomainList := append(searchDomains, matchDomains...) //nolint:gocritic

 	priority := networkManagerDbusSearchDomainOnlyPriority
 	switch {
-	case config.RouteAll:
+	case config.routeAll:
 		priority = networkManagerDbusPrimaryDNSPriority
 		newDomainList = append(newDomainList, "~.")
 		if !n.routingAll {
-			log.Infof("configured %s:%d as main DNS forwarder for this peer", config.ServerIP, config.ServerPort)
+			log.Infof("configured %s:%d as main DNS forwarder for this peer", config.serverIP, config.serverPort)
 		}
 	case len(matchDomains) > 0:
 		priority = networkManagerDbusWithMatchDomainPriority
 	}

 	if priority != networkManagerDbusPrimaryDNSPriority && n.routingAll {
-		log.Infof("removing %s:%d as main DNS forwarder for this peer", config.ServerIP, config.ServerPort)
+		log.Infof("removing %s:%d as main DNS forwarder for this peer", config.serverIP, config.serverPort)
 		n.routingAll = false
 	}

--- a/client/internal/dns/notifier.go
+++ b/client/internal/dns/notifier.go
@@ -52,6 +52,6 @@ func (n *notifier) notify() {
 	}

 	go func(l listener.NetworkChangeListener) {
-		l.OnNetworkChanged("")
+		l.OnNetworkChanged()
 	}(n.listener)
 }
--- a/client/internal/dns/resolvconf_linux.go
+++ b/client/internal/dns/resolvconf_linux.go
@@ -22,16 +22,16 @@ type resolvconf struct {

 // supported "openresolv" only
 func newResolvConfConfigurator(wgInterface WGIface) (hostManager, error) {
-	resolvConfEntries, err := parseDefaultResolvConf()
+	originalSearchDomains, nameServers, others, err := originalDNSConfigs("/etc/resolv.conf")
 	if err != nil {
 		log.Error(err)
 	}

 	return &resolvconf{
 		ifaceName:             wgInterface.Name(),
-		originalSearchDomains: resolvConfEntries.searchDomains,
-		originalNameServers:   resolvConfEntries.nameServers,
-		othersConfigs:         resolvConfEntries.others,
+		originalSearchDomains: originalSearchDomains,
+		originalNameServers:   nameServers,
+		othersConfigs:         others,
 	}, nil
 }

@@ -39,9 +39,9 @@ func (r *resolvconf) supportCustomPort() bool {
 	return false
 }

-func (r *resolvconf) applyDNSConfig(config HostDNSConfig) error {
+func (r *resolvconf) applyDNSConfig(config hostDNSConfig) error {
 	var err error
-	if !config.RouteAll {
+	if !config.routeAll {
 		err = r.restoreHostDNS()
 		if err != nil {
 			log.Error(err)
@@ -54,7 +54,7 @@ func (r *resolvconf) applyDNSConfig(config HostDNSConfig) error {

 	buf := prepareResolvConfContent(
 		searchDomainList,
-		append([]string{config.ServerIP}, r.originalNameServers...),
+		append([]string{config.serverIP}, r.originalNameServers...),
 		r.othersConfigs)

 	err = r.applyConfig(buf)
--- a/client/internal/dns/server.go
+++ b/client/internal/dns/server.go
@@ -19,11 +19,6 @@ type ReadyListener interface {
 	OnReady()
 }

-// IosDnsManager is a dns manager interface for iOS
-type IosDnsManager interface {
-	ApplyDns(string)
-}
-
 // Server is a dns server interface
 type Server interface {
 	Initialize() error
@@ -32,7 +27,6 @@ type Server interface {
 	UpdateDNSServer(serial uint64, update nbdns.Config) error
 	OnUpdatedHostDNSServer(strings []string)
 	SearchDomains() []string
-	ProbeAvailability()
 }

 type registeredHandlerMap map[string]handlerWithStop
@@ -49,7 +43,7 @@ type DefaultServer struct {
 	hostManager        hostManager
 	updateSerial       uint64
 	previousConfigHash uint64
-	currentConfig      HostDNSConfig
+	currentConfig      hostDNSConfig

 	// permanent related properties
 	permanent        bool
@@ -58,13 +52,11 @@ type DefaultServer struct {

 	// make sense on mobile only
 	searchDomainNotifier *notifier
-	iosDnsManager        IosDnsManager
 }

 type handlerWithStop interface {
 	dns.Handler
 	stop()
-	probeAvailability()
 }

 type muxUpdate struct {
@@ -107,13 +99,6 @@ func NewDefaultServerPermanentUpstream(ctx context.Context, wgInterface WGIface,
 	return ds
 }

-// NewDefaultServerIos returns a new dns server. It optimized for ios
-func NewDefaultServerIos(ctx context.Context, wgInterface WGIface, iosDnsManager IosDnsManager) *DefaultServer {
-	ds := newDefaultServer(ctx, wgInterface, newServiceViaMemory(wgInterface))
-	ds.iosDnsManager = iosDnsManager
-	return ds
-}
-
 func newDefaultServer(ctx context.Context, wgInterface WGIface, dnsService service) *DefaultServer {
 	ctx, stop := context.WithCancel(ctx)
 	defaultServer := &DefaultServer{
@@ -146,8 +131,8 @@ func (s *DefaultServer) Initialize() (err error) {
 		}
 	}

-	s.hostManager, err = s.initialize()
-	return err
+	s.hostManager, err = newHostManager(s.wgInterface)
+	return
 }

 // DnsIP returns the DNS resolver server IP address
@@ -238,28 +223,20 @@ func (s *DefaultServer) UpdateDNSServer(serial uint64, update nbdns.Config) erro
 func (s *DefaultServer) SearchDomains() []string {
 	var searchDomains []string

-	for _, dConf := range s.currentConfig.Domains {
-		if dConf.Disabled {
+	for _, dConf := range s.currentConfig.domains {
+		if dConf.disabled {
 			continue
 		}
-		if dConf.MatchOnly {
+		if dConf.matchOnly {
 			continue
 		}
-		searchDomains = append(searchDomains, dConf.Domain)
+		searchDomains = append(searchDomains, dConf.domain)
 	}
 	return searchDomains
 }

-// ProbeAvailability tests each upstream group's servers for availability
-// and deactivates the group if no server responds
-func (s *DefaultServer) ProbeAvailability() {
-	for _, mux := range s.dnsMuxMap {
-		mux.probeAvailability()
-	}
-}
-
 func (s *DefaultServer) applyConfiguration(update nbdns.Config) error {
-	// is the service should be Disabled, we stop the listener or fake resolver
+	// is the service should be disabled, we stop the listener or fake resolver
 	// and proceed with a regular update to clean up the handlers and records
 	if update.ServiceEnable {
 		_ = s.service.Listen()
@@ -285,7 +262,7 @@ func (s *DefaultServer) applyConfiguration(update nbdns.Config) error {
 	if s.service.RuntimePort() != defaultPort && !s.hostManager.supportCustomPort() {
 		log.Warnf("the DNS manager of this peer doesn't support custom port. Disabling primary DNS setup. " +
 			"Learn more at: https://docs.netbird.io/how-to/manage-dns-in-your-network#local-resolver")
-		hostUpdate.RouteAll = false
+		hostUpdate.routeAll = false
 	}

 	if err = s.hostManager.applyDNSConfig(hostUpdate); err != nil {
@@ -335,10 +312,7 @@ func (s *DefaultServer) buildUpstreamHandlerUpdate(nameServerGroups []*nbdns.Nam
 			continue
 		}

-		handler, err := newUpstreamResolver(s.ctx, s.wgInterface.Name(), s.wgInterface.Address().IP, s.wgInterface.Address().Network)
-		if err != nil {
-			return nil, fmt.Errorf("unable to create a new upstream resolver, error: %v", err)
-		}
+		handler := newUpstreamResolver(s.ctx)
 		for _, ns := range nsGroup.NameServers {
 			if ns.NSType != nbdns.UDPNameServerType {
 				log.Warnf("skipping nameserver %s with type %s, this peer supports only %s",
@@ -388,7 +362,6 @@ func (s *DefaultServer) buildUpstreamHandlerUpdate(nameServerGroups []*nbdns.Nam
 			})
 		}
 	}
-
 	return muxUpdates, nil
 }

@@ -472,14 +445,14 @@ func (s *DefaultServer) upstreamCallbacks(
 		}
 		if nsGroup.Primary {
 			removeIndex[nbdns.RootZone] = -1
-			s.currentConfig.RouteAll = false
+			s.currentConfig.routeAll = false
 		}

-		for i, item := range s.currentConfig.Domains {
-			if _, found := removeIndex[item.Domain]; found {
-				s.currentConfig.Domains[i].Disabled = true
-				s.service.DeregisterMux(item.Domain)
-				removeIndex[item.Domain] = i
+		for i, item := range s.currentConfig.domains {
+			if _, found := removeIndex[item.domain]; found {
+				s.currentConfig.domains[i].disabled = true
+				s.service.DeregisterMux(item.domain)
+				removeIndex[item.domain] = i
 			}
 		}
 		if err := s.hostManager.applyDNSConfig(s.currentConfig); err != nil {
@@ -491,10 +464,10 @@ func (s *DefaultServer) upstreamCallbacks(
 		defer s.mux.Unlock()

 		for domain, i := range removeIndex {
-			if i == -1 || i >= len(s.currentConfig.Domains) || s.currentConfig.Domains[i].Domain != domain {
+			if i == -1 || i >= len(s.currentConfig.domains) || s.currentConfig.domains[i].domain != domain {
 				continue
 			}
-			s.currentConfig.Domains[i].Disabled = false
+			s.currentConfig.domains[i].disabled = false
 			s.service.RegisterMux(domain, handler)
 		}

@@ -502,7 +475,7 @@ func (s *DefaultServer) upstreamCallbacks(
 		l.Debug("reactivate temporary disabled nameserver group")

 		if nsGroup.Primary {
-			s.currentConfig.RouteAll = true
+			s.currentConfig.routeAll = true
 		}
 		if err := s.hostManager.applyDNSConfig(s.currentConfig); err != nil {
 			l.WithError(err).Error("reactivate temporary disabled nameserver group, DNS update apply")
@@ -512,11 +485,7 @@ func (s *DefaultServer) upstreamCallbacks(
 }

 func (s *DefaultServer) addHostRootZone() {
-	handler, err := newUpstreamResolver(s.ctx, s.wgInterface.Name(), s.wgInterface.Address().IP, s.wgInterface.Address().Network)
-	if err != nil {
-		log.Errorf("unable to create a new upstream resolver, error: %v", err)
-		return
-	}
+	handler := newUpstreamResolver(s.ctx)
 	handler.upstreamServers = make([]string, len(s.hostsDnsList))
 	for n, ua := range s.hostsDnsList {
 		a, err := netip.ParseAddr(ua)
--- a/client/internal/dns/server_android.go
+++ b/client/internal/dns/server_android.go
@@ -1,5 +0,0 @@
-package dns
-
-func (s *DefaultServer) initialize() (manager hostManager, err error) {
-	return newHostManager(s.wgInterface)
-}
--- a/client/internal/dns/server_darwin.go
+++ b/client/internal/dns/server_darwin.go
@@ -1,7 +0,0 @@
-//go:build !ios
-
-package dns
-
-func (s *DefaultServer) initialize() (manager hostManager, err error) {
-	return newHostManager(s.wgInterface)
-}
--- a/client/internal/dns/server_ios.go
+++ b/client/internal/dns/server_ios.go
@@ -1,5 +0,0 @@
-package dns
-
-func (s *DefaultServer) initialize() (manager hostManager, err error) {
-	return newHostManager(s.iosDnsManager)
-}
--- a/client/internal/dns/server_linux.go
+++ b/client/internal/dns/server_linux.go
@@ -1,7 +0,0 @@
-//go:build !android
-
-package dns
-
-func (s *DefaultServer) initialize() (manager hostManager, err error) {
-	return newHostManager(s.wgInterface)
-}
--- a/client/internal/dns/server_test.go
+++ b/client/internal/dns/server_test.go
@@ -12,7 +12,6 @@ import (

 	"github.com/golang/mock/gomock"
 	log "github.com/sirupsen/logrus"
-	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"

 	"github.com/netbirdio/netbird/client/firewall/uspfilter"
 	"github.com/netbirdio/netbird/client/internal/stdnet"
@@ -59,10 +58,6 @@ func (w *mocWGIface) SetFilter(filter iface.PacketFilter) error {
 	return nil
 }

-func (w *mocWGIface) GetStats(_ string) (iface.WGStats, error) {
-	return iface.WGStats{}, nil
-}
-
 var zoneRecords = []nbdns.SimpleRecord{
 	{
 		Name:  "peera.netbird.cloud",
@@ -255,12 +250,11 @@ func TestUpdateDNSServer(t *testing.T) {

 	for n, testCase := range testCases {
 		t.Run(testCase.name, func(t *testing.T) {
-			privKey, _ := wgtypes.GenerateKey()
 			newNet, err := stdnet.NewNet(nil)
 			if err != nil {
 				t.Fatal(err)
 			}
-			wgIface, err := iface.NewWGIFace(fmt.Sprintf("utun230%d", n), fmt.Sprintf("100.66.100.%d/32", n+1), 33100, privKey.String(), iface.DefaultMTU, newNet, nil)
+			wgIface, err := iface.NewWGIFace(fmt.Sprintf("utun230%d", n), fmt.Sprintf("100.66.100.%d/32", n+1), iface.DefaultMTU, nil, newNet)
 			if err != nil {
 				t.Fatal(err)
 			}
@@ -337,8 +331,7 @@ func TestDNSFakeResolverHandleUpdates(t *testing.T) {
 		return
 	}

-	privKey, _ := wgtypes.GeneratePrivateKey()
-	wgIface, err := iface.NewWGIFace("utun2301", "100.66.100.1/32", 33100, privKey.String(), iface.DefaultMTU, newNet, nil)
+	wgIface, err := iface.NewWGIFace("utun2301", "100.66.100.1/32", iface.DefaultMTU, nil, newNet)
 	if err != nil {
 		t.Errorf("build interface wireguard: %v", err)
 		return
@@ -534,8 +527,8 @@ func TestDNSServerUpstreamDeactivateCallback(t *testing.T) {
 			registeredMap: make(registrationMap),
 		},
 		hostManager: hostManager,
-		currentConfig: HostDNSConfig{
-			Domains: []DomainConfig{
+		currentConfig: hostDNSConfig{
+			domains: []domainConfig{
 				{false, "domain0", false},
 				{false, "domain1", false},
 				{false, "domain2", false},
@@ -544,13 +537,13 @@ func TestDNSServerUpstreamDeactivateCallback(t *testing.T) {
 	}

 	var domainsUpdate string
-	hostManager.applyDNSConfigFunc = func(config HostDNSConfig) error {
+	hostManager.applyDNSConfigFunc = func(config hostDNSConfig) error {
 		domains := []string{}
-		for _, item := range config.Domains {
-			if item.Disabled {
+		for _, item := range config.domains {
+			if item.disabled {
 				continue
 			}
-			domains = append(domains, item.Domain)
+			domains = append(domains, item.domain)
 		}
 		domainsUpdate = strings.Join(domains, ",")
 		return nil
@@ -566,11 +559,11 @@ func TestDNSServerUpstreamDeactivateCallback(t *testing.T) {
 	deactivate()
 	expected := "domain0,domain2"
 	domains := []string{}
-	for _, item := range server.currentConfig.Domains {
-		if item.Disabled {
+	for _, item := range server.currentConfig.domains {
+		if item.disabled {
 			continue
 		}
-		domains = append(domains, item.Domain)
+		domains = append(domains, item.domain)
 	}
 	got := strings.Join(domains, ",")
 	if expected != got {
@@ -580,11 +573,11 @@ func TestDNSServerUpstreamDeactivateCallback(t *testing.T) {
 	reactivate()
 	expected = "domain0,domain1,domain2"
 	domains = []string{}
-	for _, item := range server.currentConfig.Domains {
-		if item.Disabled {
+	for _, item := range server.currentConfig.domains {
+		if item.disabled {
 			continue
 		}
-		domains = append(domains, item.Domain)
+		domains = append(domains, item.domain)
 	}
 	got = strings.Join(domains, ",")
 	if expected != got {
@@ -789,8 +782,7 @@ func createWgInterfaceWithBind(t *testing.T) (*iface.WGIface, error) {
 		return nil, err
 	}

-	privKey, _ := wgtypes.GeneratePrivateKey()
-	wgIface, err := iface.NewWGIFace("utun2301", "100.66.100.2/24", 33100, privKey.String(), iface.DefaultMTU, newNet, nil)
+	wgIface, err := iface.NewWGIFace("utun2301", "100.66.100.2/24", iface.DefaultMTU, nil, newNet)
 	if err != nil {
 		t.Fatalf("build interface wireguard: %v", err)
 		return nil, err
--- a/client/internal/dns/server_windows.go
+++ b/client/internal/dns/server_windows.go
@@ -1,5 +0,0 @@
-package dns
-
-func (s *DefaultServer) initialize() (manager hostManager, err error) {
-	return newHostManager(s.wgInterface)
-}
--- a/client/internal/dns/systemd_linux.go
+++ b/client/internal/dns/systemd_linux.go
@@ -81,8 +81,8 @@ func (s *systemdDbusConfigurator) supportCustomPort() bool {
 	return true
 }

-func (s *systemdDbusConfigurator) applyDNSConfig(config HostDNSConfig) error {
-	parsedIP, err := netip.ParseAddr(config.ServerIP)
+func (s *systemdDbusConfigurator) applyDNSConfig(config hostDNSConfig) error {
+	parsedIP, err := netip.ParseAddr(config.serverIP)
 	if err != nil {
 		return fmt.Errorf("unable to parse ip address, error: %s", err)
 	}
@@ -93,7 +93,7 @@ func (s *systemdDbusConfigurator) applyDNSConfig(config HostDNSConfig) error {
 	}
 	err = s.callLinkMethod(systemdDbusSetDNSMethodSuffix, []systemdDbusDNSInput{defaultLinkInput})
 	if err != nil {
-		return fmt.Errorf("setting the interface DNS server %s:%d failed with error: %s", config.ServerIP, config.ServerPort, err)
+		return fmt.Errorf("setting the interface DNS server %s:%d failed with error: %s", config.serverIP, config.serverPort, err)
 	}

 	var (
@@ -101,24 +101,24 @@ func (s *systemdDbusConfigurator) applyDNSConfig(config HostDNSConfig) error {
 		matchDomains  []string
 		domainsInput  []systemdDbusLinkDomainsInput
 	)
-	for _, dConf := range config.Domains {
-		if dConf.Disabled {
+	for _, dConf := range config.domains {
+		if dConf.disabled {
 			continue
 		}
 		domainsInput = append(domainsInput, systemdDbusLinkDomainsInput{
-			Domain:    dns.Fqdn(dConf.Domain),
-			MatchOnly: dConf.MatchOnly,
+			Domain:    dns.Fqdn(dConf.domain),
+			MatchOnly: dConf.matchOnly,
 		})

-		if dConf.MatchOnly {
-			matchDomains = append(matchDomains, dConf.Domain)
+		if dConf.matchOnly {
+			matchDomains = append(matchDomains, dConf.domain)
 			continue
 		}
-		searchDomains = append(searchDomains, dConf.Domain)
+		searchDomains = append(searchDomains, dConf.domain)
 	}

-	if config.RouteAll {
-		log.Infof("configured %s:%d as main DNS forwarder for this peer", config.ServerIP, config.ServerPort)
+	if config.routeAll {
+		log.Infof("configured %s:%d as main DNS forwarder for this peer", config.serverIP, config.serverPort)
 		err = s.callLinkMethod(systemdDbusSetDefaultRouteMethodSuffix, true)
 		if err != nil {
 			return fmt.Errorf("setting link as default dns router, failed with error: %s", err)
@@ -129,7 +129,7 @@ func (s *systemdDbusConfigurator) applyDNSConfig(config HostDNSConfig) error {
 		})
 		s.routingAll = true
 	} else if s.routingAll {
-		log.Infof("removing %s:%d as main DNS forwarder for this peer", config.ServerIP, config.ServerPort)
+		log.Infof("removing %s:%d as main DNS forwarder for this peer", config.serverIP, config.serverPort)
 	}

 	log.Infof("adding %d search domains and %d match domains. Search list: %s , Match list: %s", len(searchDomains), len(matchDomains), searchDomains, matchDomains)
--- a/client/internal/dns/upstream.go
+++ b/client/internal/dns/upstream.go
@@ -5,7 +5,6 @@ import (
 	"errors"
 	"fmt"
 	"net"
-	"runtime"
 	"sync"
 	"sync/atomic"
 	"time"
@@ -19,22 +18,13 @@ const (
 	failsTillDeact   = int32(5)
 	reactivatePeriod = 30 * time.Second
 	upstreamTimeout  = 15 * time.Second
-	probeTimeout     = 2 * time.Second
 )

-const testRecord = "."
-
 type upstreamClient interface {
-	exchange(upstream string, r *dns.Msg) (*dns.Msg, time.Duration, error)
-	exchangeContext(ctx context.Context, upstream string, r *dns.Msg) (*dns.Msg, time.Duration, error)
+	ExchangeContext(ctx context.Context, m *dns.Msg, a string) (r *dns.Msg, rtt time.Duration, err error)
 }

-type UpstreamResolver interface {
-	serveDNS(r *dns.Msg) (*dns.Msg, time.Duration, error)
-	upstreamExchange(upstream string, r *dns.Msg) (*dns.Msg, time.Duration, error)
-}
-
-type upstreamResolverBase struct {
+type upstreamResolver struct {
 	ctx              context.Context
 	cancel           context.CancelFunc
 	upstreamClient   upstreamClient
@@ -50,25 +40,25 @@ type upstreamResolverBase struct {
 	reactivate func()
 }

-func newUpstreamResolverBase(parentCTX context.Context) *upstreamResolverBase {
+func newUpstreamResolver(parentCTX context.Context) *upstreamResolver {
 	ctx, cancel := context.WithCancel(parentCTX)
-
-	return &upstreamResolverBase{
+	return &upstreamResolver{
 		ctx:              ctx,
 		cancel:           cancel,
+		upstreamClient:   &dns.Client{},
 		upstreamTimeout:  upstreamTimeout,
 		reactivatePeriod: reactivatePeriod,
 		failsTillDeact:   failsTillDeact,
 	}
 }

-func (u *upstreamResolverBase) stop() {
+func (u *upstreamResolver) stop() {
 	log.Debugf("stopping serving DNS for upstreams %s", u.upstreamServers)
 	u.cancel()
 }

 // ServeDNS handles a DNS request
-func (u *upstreamResolverBase) ServeDNS(w dns.ResponseWriter, r *dns.Msg) {
+func (u *upstreamResolver) ServeDNS(w dns.ResponseWriter, r *dns.Msg) {
 	defer u.checkUpstreamFails()

 	log.WithField("question", r.Question[0]).Trace("received an upstream question")
@@ -80,30 +70,20 @@ func (u *upstreamResolverBase) ServeDNS(w dns.ResponseWriter, r *dns.Msg) {
 	}

 	for _, upstream := range u.upstreamServers {
+		ctx, cancel := context.WithTimeout(u.ctx, u.upstreamTimeout)
+		rm, t, err := u.upstreamClient.ExchangeContext(ctx, r, upstream)

-		rm, t, err := u.upstreamClient.exchange(upstream, r)
+		cancel()

 		if err != nil {
-			if errors.Is(err, context.DeadlineExceeded) || isTimeout(err) {
+			if err == context.DeadlineExceeded || isTimeout(err) {
 				log.WithError(err).WithField("upstream", upstream).
 					Warn("got an error while connecting to upstream")
 				continue
 			}
 			u.failsCount.Add(1)
 			log.WithError(err).WithField("upstream", upstream).
-				Error("got other error while querying the upstream")
-			return
-		}
-
-		if rm == nil {
-			log.WithError(err).WithField("upstream", upstream).
-				Warn("no response from upstream")
-			return
-		}
-		// those checks need to be independent of each other due to memory address issues
-		if !rm.Response {
-			log.WithError(err).WithField("upstream", upstream).
-				Warn("no response from upstream")
+				Error("got an error while querying the upstream")
 			return
 		}

@@ -126,7 +106,7 @@ func (u *upstreamResolverBase) ServeDNS(w dns.ResponseWriter, r *dns.Msg) {
 // If fails count is greater that failsTillDeact, upstream resolving
 // will be disabled for reactivatePeriod, after that time period fails counter
 // will be reset and upstream will be reactivated.
-func (u *upstreamResolverBase) checkUpstreamFails() {
+func (u *upstreamResolver) checkUpstreamFails() {
 	u.mutex.Lock()
 	defer u.mutex.Unlock()

@@ -138,54 +118,15 @@ func (u *upstreamResolverBase) checkUpstreamFails() {
 	case <-u.ctx.Done():
 		return
 	default:
-	}
-
-	u.disable()
-}
-
-// probeAvailability tests all upstream servers simultaneously and
-// disables the resolver if none work
-func (u *upstreamResolverBase) probeAvailability() {
-	u.mutex.Lock()
-	defer u.mutex.Unlock()
-
-	select {
-	case <-u.ctx.Done():
-		return
-	default:
-	}
-
-	var success bool
-	var mu sync.Mutex
-	var wg sync.WaitGroup
-
-	for _, upstream := range u.upstreamServers {
-		upstream := upstream
-
-		wg.Add(1)
-		go func() {
-			defer wg.Done()
-			if err := u.testNameserver(upstream); err != nil {
-				log.Warnf("probing upstream nameserver %s: %s", upstream, err)
-				return
-			}
-
-			mu.Lock()
-			defer mu.Unlock()
-			success = true
-		}()
-	}
-
-	wg.Wait()
-
-	// didn't find a working upstream server, let's disable and try later
-	if !success {
-		u.disable()
+		log.Warnf("upstream resolving is disabled for %v", reactivatePeriod)
+		u.deactivate()
+		u.disabled = true
+		go u.waitUntilResponse()
 	}
 }

 // waitUntilResponse retries, in an exponential interval, querying the upstream servers until it gets a positive response
-func (u *upstreamResolverBase) waitUntilResponse() {
+func (u *upstreamResolver) waitUntilResponse() {
 	exponentialBackOff := &backoff.ExponentialBackOff{
 		InitialInterval:     500 * time.Millisecond,
 		RandomizationFactor: 0.5,
@@ -196,6 +137,8 @@ func (u *upstreamResolverBase) waitUntilResponse() {
 		Clock:               backoff.SystemClock,
 	}

+	r := new(dns.Msg).SetQuestion("netbird.io.", dns.TypeA)
+
 	operation := func() error {
 		select {
 		case <-u.ctx.Done():
@@ -203,16 +146,19 @@ func (u *upstreamResolverBase) waitUntilResponse() {
 		default:
 		}

+		var err error
 		for _, upstream := range u.upstreamServers {
-			if err := u.testNameserver(upstream); err != nil {
-				log.Tracef("upstream check for %s: %s", upstream, err)
-			} else {
-				// at least one upstream server is available, stop probing
+			ctx, cancel := context.WithTimeout(u.ctx, u.upstreamTimeout)
+			_, _, err = u.upstreamClient.ExchangeContext(ctx, r, upstream)
+
+			cancel()
+
+			if err == nil {
 				return nil
 			}
 		}

-		log.Tracef("checking connectivity with upstreams %s failed. Retrying in %s", u.upstreamServers, exponentialBackOff.NextBackOff())
+		log.Tracef("checking connectivity with upstreams %s failed with error: %s. Retrying in %s", err, u.upstreamServers, exponentialBackOff.NextBackOff())
 		return fmt.Errorf("got an error from upstream check call")
 	}

@@ -238,27 +184,3 @@ func isTimeout(err error) bool {
 	}
 	return false
 }
-
-func (u *upstreamResolverBase) disable() {
-	if u.disabled {
-		return
-	}
-
-	// todo test the deactivation logic, it seems to affect the client
-	if runtime.GOOS != "ios" {
-		log.Warnf("upstream resolving is Disabled for %v", reactivatePeriod)
-		u.deactivate()
-		u.disabled = true
-		go u.waitUntilResponse()
-	}
-}
-
-func (u *upstreamResolverBase) testNameserver(server string) error {
-	ctx, cancel := context.WithTimeout(u.ctx, probeTimeout)
-	defer cancel()
-
-	r := new(dns.Msg).SetQuestion(testRecord, dns.TypeSOA)
-
-	_, _, err := u.upstreamClient.exchangeContext(ctx, server, r)
-	return err
-}
--- a/client/internal/dns/upstream_ios.go
+++ b/client/internal/dns/upstream_ios.go
@@ -1,97 +0,0 @@
-//go:build ios
-
-package dns
-
-import (
-	"context"
-	"net"
-	"syscall"
-	"time"
-
-	"github.com/miekg/dns"
-	log "github.com/sirupsen/logrus"
-	"golang.org/x/sys/unix"
-)
-
-type upstreamResolverIOS struct {
-	*upstreamResolverBase
-	lIP    net.IP
-	lNet   *net.IPNet
-	iIndex int
-}
-
-func newUpstreamResolver(parentCTX context.Context, interfaceName string, ip net.IP, net *net.IPNet) (*upstreamResolverIOS, error) {
-	upstreamResolverBase := newUpstreamResolverBase(parentCTX)
-
-	index, err := getInterfaceIndex(interfaceName)
-	if err != nil {
-		log.Debugf("unable to get interface index for %s: %s", interfaceName, err)
-		return nil, err
-	}
-
-	ios := &upstreamResolverIOS{
-		upstreamResolverBase: upstreamResolverBase,
-		lIP:                  ip,
-		lNet:                 net,
-		iIndex:               index,
-	}
-	ios.upstreamClient = ios
-
-	return ios, nil
-}
-
-func (u *upstreamResolverIOS) exchange(upstream string, r *dns.Msg) (rm *dns.Msg, t time.Duration, err error) {
-	return u.exchangeContext(context.Background(), upstream, r)
-}
-
-func (u *upstreamResolverIOS) exchangeContext(ctx context.Context, upstream string, r *dns.Msg) (rm *dns.Msg, t time.Duration, err error) {
-	client := &dns.Client{}
-	upstreamHost, _, err := net.SplitHostPort(upstream)
-	if err != nil {
-		log.Errorf("error while parsing upstream host: %s", err)
-	}
-	upstreamIP := net.ParseIP(upstreamHost)
-	if u.lNet.Contains(upstreamIP) || net.IP.IsPrivate(upstreamIP) {
-		log.Debugf("using private client to query upstream: %s", upstream)
-		client = u.getClientPrivate()
-	}
-
-	return client.ExchangeContext(ctx, r, upstream)
-}
-
-// getClientPrivate returns a new DNS client bound to the local IP address of the Netbird interface
-// This method is needed for iOS
-func (u *upstreamResolverIOS) getClientPrivate() *dns.Client {
-	dialer := &net.Dialer{
-		LocalAddr: &net.UDPAddr{
-			IP:   u.lIP,
-			Port: 0, // Let the OS pick a free port
-		},
-		Timeout: upstreamTimeout,
-		Control: func(network, address string, c syscall.RawConn) error {
-			var operr error
-			fn := func(s uintptr) {
-				operr = unix.SetsockoptInt(int(s), unix.IPPROTO_IP, unix.IP_BOUND_IF, u.iIndex)
-			}
-
-			if err := c.Control(fn); err != nil {
-				return err
-			}
-
-			if operr != nil {
-				log.Errorf("error while setting socket option: %s", operr)
-			}
-
-			return operr
-		},
-	}
-	client := &dns.Client{
-		Dialer: dialer,
-	}
-	return client
-}
-
-func getInterfaceIndex(interfaceName string) (int, error) {
-	iface, err := net.InterfaceByName(interfaceName)
-	return iface.Index, err
-}
--- a/client/internal/dns/upstream_nonios.go
+++ b/client/internal/dns/upstream_nonios.go
@@ -1,36 +0,0 @@
-//go:build !ios
-
-package dns
-
-import (
-	"context"
-	"net"
-	"time"
-
-	"github.com/miekg/dns"
-)
-
-type upstreamResolverNonIOS struct {
-	*upstreamResolverBase
-}
-
-func newUpstreamResolver(parentCTX context.Context, interfaceName string, ip net.IP, net *net.IPNet) (*upstreamResolverNonIOS, error) {
-	upstreamResolverBase := newUpstreamResolverBase(parentCTX)
-	nonIOS := &upstreamResolverNonIOS{
-		upstreamResolverBase: upstreamResolverBase,
-	}
-	upstreamResolverBase.upstreamClient = nonIOS
-	return nonIOS, nil
-}
-
-func (u *upstreamResolverNonIOS) exchange(upstream string, r *dns.Msg) (rm *dns.Msg, t time.Duration, err error) {
-	// default upstream timeout
-	ctx, cancel := context.WithTimeout(u.ctx, u.upstreamTimeout)
-	defer cancel()
-	return u.exchangeContext(ctx, upstream, r)
-}
-
-func (u *upstreamResolverNonIOS) exchangeContext(ctx context.Context, upstream string, r *dns.Msg) (rm *dns.Msg, t time.Duration, err error) {
-	upstreamExchangeClient := &dns.Client{}
-	return upstreamExchangeClient.ExchangeContext(ctx, r, upstream)
-}
--- a/client/internal/dns/upstream_test.go
+++ b/client/internal/dns/upstream_test.go
@@ -2,7 +2,6 @@ package dns

 import (
 	"context"
-	"net"
 	"strings"
 	"testing"
 	"time"
@@ -50,6 +49,15 @@ func TestUpstreamResolver_ServeDNS(t *testing.T) {
 			timeout:             upstreamTimeout,
 			responseShouldBeNil: true,
 		},
+		//{
+		//	name:        "Should Resolve CNAME Record",
+		//	inputMSG:    new(dns.Msg).SetQuestion("one.one.one.one", dns.TypeCNAME),
+		//},
+		//{
+		//	name:                "Should Not Write When Not Found A Record",
+		//	inputMSG:            new(dns.Msg).SetQuestion("not.found.com", dns.TypeA),
+		//	responseShouldBeNil: true,
+		//},
 	}
 	// should resolve if first upstream times out
 	// should not write when both fails
@@ -58,7 +66,7 @@ func TestUpstreamResolver_ServeDNS(t *testing.T) {
 	for _, testCase := range testCases {
 		t.Run(testCase.name, func(t *testing.T) {
 			ctx, cancel := context.WithCancel(context.TODO())
-			resolver, _ := newUpstreamResolver(ctx, "", net.IP{}, &net.IPNet{})
+			resolver := newUpstreamResolver(ctx)
 			resolver.upstreamServers = testCase.InputServers
 			resolver.upstreamTimeout = testCase.timeout
 			if testCase.cancelCTX {
@@ -105,18 +113,13 @@ type mockUpstreamResolver struct {
 	err error
 }

-// Exchange mock implementation of Exchangefrom upstreamResolver
-func (c mockUpstreamResolver) exchange(upstream string, r *dns.Msg) (*dns.Msg, time.Duration, error) {
-	return c.exchangeContext(context.Background(), upstream, r)
-}
-
 // ExchangeContext mock implementation of ExchangeContext from upstreamResolver
-func (c mockUpstreamResolver) exchangeContext(_ context.Context, _ string, _ *dns.Msg) (*dns.Msg, time.Duration, error) {
+func (c mockUpstreamResolver) ExchangeContext(_ context.Context, _ *dns.Msg, _ string) (r *dns.Msg, rtt time.Duration, err error) {
 	return c.r, c.rtt, c.err
 }

 func TestUpstreamResolver_DeactivationReactivation(t *testing.T) {
-	resolver := &upstreamResolverBase{
+	resolver := &upstreamResolver{
 		ctx: context.TODO(),
 		upstreamClient: &mockUpstreamResolver{
 			err: nil,
@@ -153,7 +156,7 @@ func TestUpstreamResolver_DeactivationReactivation(t *testing.T) {
 	}

 	if !resolver.disabled {
-		t.Errorf("resolver should be Disabled")
+		t.Errorf("resolver should be disabled")
 		return
 	}

--- a/client/internal/dns/wgiface.go
+++ b/client/internal/dns/wgiface.go
@@ -11,5 +11,4 @@ type WGIface interface {
 	IsUserspaceBind() bool
 	GetFilter() iface.PacketFilter
 	GetDevice() *iface.DeviceWrapper
-	GetStats(peerKey string) (iface.WGStats, error)
 }
--- a/client/internal/dns/wgiface_windows.go
+++ b/client/internal/dns/wgiface_windows.go
@@ -9,6 +9,5 @@ type WGIface interface {
 	IsUserspaceBind() bool
 	GetFilter() iface.PacketFilter
 	GetDevice() *iface.DeviceWrapper
-	GetStats(peerKey string) (iface.WGStats, error)
 	GetInterfaceGUIDString() (string, error)
 }
--- a/client/internal/ebpf/ebpf/bpf_bpfeb.go
+++ b/client/internal/ebpf/ebpf/bpf_bpfeb.go
@@ -1,5 +1,6 @@
 // Code generated by bpf2go; DO NOT EDIT.
 //go:build arm64be || armbe || mips || mips64 || mips64p32 || ppc64 || s390 || s390x || sparc || sparc64
+// +build arm64be armbe mips mips64 mips64p32 ppc64 s390 s390x sparc sparc64

 package ebpf

--- a/client/internal/ebpf/ebpf/bpf_bpfeb.o
+++ b/client/internal/ebpf/ebpf/bpf_bpfeb.o
--- a/client/internal/ebpf/ebpf/bpf_bpfel.go
+++ b/client/internal/ebpf/ebpf/bpf_bpfel.go
@@ -1,5 +1,6 @@
 // Code generated by bpf2go; DO NOT EDIT.
-//go:build 386 || amd64 || amd64p32 || arm || arm64 || loong64 || mips64le || mips64p32le || mipsle || ppc64le || riscv64
+//go:build 386 || amd64 || amd64p32 || arm || arm64 || mips64le || mips64p32le || mipsle || ppc64le || riscv64
+// +build 386 amd64 amd64p32 arm arm64 mips64le mips64p32le mipsle ppc64le riscv64

 package ebpf

--- a/client/internal/ebpf/ebpf/bpf_bpfel.o
+++ b/client/internal/ebpf/ebpf/bpf_bpfel.o
--- a/client/internal/ebpf/ebpf/src/dns_fwd.c
+++ b/client/internal/ebpf/ebpf/src/dns_fwd.c
@@ -46,8 +46,8 @@ int xdp_dns_fwd(struct iphdr  *ip, struct udphdr *udp) {
        if(!read_settings()){
            return XDP_PASS;
        }
-        // bpf_printk("dns port: %d", ntohs(dns_port));
-        // bpf_printk("dns ip: %d", ntohl(dns_ip));
+        bpf_printk("dns port: %d", ntohs(dns_port));
+        bpf_printk("dns ip: %d", ntohl(dns_ip));
    }

    if (udp->dest == GENERAL_DNS_PORT && ip->daddr == dns_ip) {
@@ -61,4 +61,4 @@ int xdp_dns_fwd(struct iphdr  *ip, struct udphdr *udp) {
    }

    return XDP_PASS;
-}
+}
--- a/client/internal/ebpf/ebpf/src/prog.c
+++ b/client/internal/ebpf/ebpf/src/prog.c
@@ -8,6 +8,12 @@
 #include "dns_fwd.c"
 #include "wg_proxy.c"

+#define bpf_printk(fmt, ...)                                                   \
+  ({                                                                           \
+    char ____fmt[] = fmt;                                                      \
+    bpf_trace_printk(____fmt, sizeof(____fmt), ##__VA_ARGS__);                 \
+  })
+
 const __u16 flag_feature_wg_proxy = 0b01;
 const __u16 flag_feature_dns_fwd = 0b10;

@@ -57,4 +63,4 @@ int nb_xdp_prog(struct xdp_md *ctx) {
    }
    return XDP_PASS;
 }
-char _license[] SEC("license") = "GPL";
+char _license[] SEC("license") = "GPL";
--- a/client/internal/ebpf/ebpf/src/readme.md
+++ b/client/internal/ebpf/ebpf/src/readme.md
@@ -1,12 +0,0 @@
-# Debug
-
-
-The CONFIG_BPF_EVENTS kernel module is required for bpf_printk.
-Apply this code to use bpf_printk
-```
-#define bpf_printk(fmt, ...)                                                   \
-  ({                                                                           \
-    char ____fmt[] = fmt;                                                      \
-    bpf_trace_printk(____fmt, sizeof(____fmt), ##__VA_ARGS__);                 \
-  })
-```
--- a/client/internal/ebpf/ebpf/src/wg_proxy.c
+++ b/client/internal/ebpf/ebpf/src/wg_proxy.c
@@ -34,7 +34,7 @@ int xdp_wg_proxy(struct iphdr  *ip, struct udphdr *udp) {
        if (!read_port_settings()){
            return XDP_PASS;
        }
-        // bpf_printk("proxy port: %d, wg port: %d", proxy_port, wg_port);
+        bpf_printk("proxy port: %d, wg port: %d", proxy_port, wg_port);
    }

    // 2130706433 = 127.0.0.1
@@ -51,4 +51,4 @@ int xdp_wg_proxy(struct iphdr  *ip, struct udphdr *udp) {
    udp->dest = new_dst_port;
    udp->source = new_src_port;
 	return XDP_PASS;
-}
+}
--- a/client/internal/engine.go
+++ b/client/internal/engine.go
@@ -3,6 +3,7 @@ package internal
 import (
 	"context"
 	"fmt"
+	"io"
 	"math/rand"
 	"net"
 	"net/netip"
@@ -12,8 +13,7 @@ import (
 	"sync"
 	"time"

-	"github.com/pion/ice/v3"
-	"github.com/pion/stun/v2"
+	"github.com/pion/ice/v2"
 	log "github.com/sirupsen/logrus"
 	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"

@@ -22,8 +22,6 @@ import (
 	"github.com/netbirdio/netbird/client/internal/acl"
 	"github.com/netbirdio/netbird/client/internal/dns"
 	"github.com/netbirdio/netbird/client/internal/peer"
-	"github.com/netbirdio/netbird/client/internal/relay"
-	"github.com/netbirdio/netbird/client/internal/rosenpass"
 	"github.com/netbirdio/netbird/client/internal/routemanager"
 	"github.com/netbirdio/netbird/client/internal/wgproxy"
 	nbssh "github.com/netbirdio/netbird/client/ssh"
@@ -33,6 +31,7 @@ import (
 	mgm "github.com/netbirdio/netbird/management/client"
 	mgmProto "github.com/netbirdio/netbird/management/proto"
 	"github.com/netbirdio/netbird/route"
+	"github.com/netbirdio/netbird/sharedsock"
 	signal "github.com/netbirdio/netbird/signal/client"
 	sProto "github.com/netbirdio/netbird/signal/proto"
 	"github.com/netbirdio/netbird/util"
@@ -78,8 +77,6 @@ type EngineConfig struct {
 	NATExternalIPs []string

 	CustomDNSAddress string
-
-	RosenpassEnabled bool
 }

 // Engine is a mechanism responsible for reacting on Signal and Management stream events and managing connections to the remote peers.
@@ -90,8 +87,6 @@ type Engine struct {
 	mgmClient mgm.Client
 	// peerConns is a map that holds all the peers that are known to this peer
 	peerConns map[string]*peer.Conn
-	// rpManager is a Rosenpass manager
-	rpManager *rosenpass.Manager

 	// syncMsgMux is used to guarantee sequential Management Service message processing
 	syncMsgMux *sync.Mutex
@@ -100,9 +95,9 @@ type Engine struct {
 	mobileDep MobileDependency

 	// STUNs is a list of STUN servers used by ICE
-	STUNs []*stun.URI
+	STUNs []*ice.URL
 	// TURNs is a list of STUN servers used by ICE
-	TURNs []*stun.URI
+	TURNs []*ice.URL

 	cancel context.CancelFunc

@@ -111,7 +106,8 @@ type Engine struct {
 	wgInterface    *iface.WGIface
 	wgProxyFactory *wgproxy.Factory

-	udpMux *bind.UniversalUDPMuxDefault
+	udpMux     *bind.UniversalUDPMuxDefault
+	udpMuxConn io.Closer

 	// networkSerial is the latest CurrentSerial (state ID) of the network sent by the Management service
 	networkSerial uint64
@@ -126,11 +122,6 @@ type Engine struct {
 	acl          acl.Manager

 	dnsServer dns.Server
-
-	mgmProbe    *Probe
-	signalProbe *Probe
-	relayProbe  *Probe
-	wgProbe     *Probe
 }

 // Peer is an instance of the Connection Peer
@@ -141,43 +132,11 @@ type Peer struct {

 // NewEngine creates a new Connection Engine
 func NewEngine(
-	ctx context.Context,
-	cancel context.CancelFunc,
-	signalClient signal.Client,
-	mgmClient mgm.Client,
-	config *EngineConfig,
-	mobileDep MobileDependency,
-	statusRecorder *peer.Status,
+	ctx context.Context, cancel context.CancelFunc,
+	signalClient signal.Client, mgmClient mgm.Client,
+	config *EngineConfig, mobileDep MobileDependency, statusRecorder *peer.Status,
 ) *Engine {
-	return NewEngineWithProbes(
-		ctx,
-		cancel,
-		signalClient,
-		mgmClient,
-		config,
-		mobileDep,
-		statusRecorder,
-		nil,
-		nil,
-		nil,
-		nil,
-	)
-}

-// NewEngineWithProbes creates a new Connection Engine with probes attached
-func NewEngineWithProbes(
-	ctx context.Context,
-	cancel context.CancelFunc,
-	signalClient signal.Client,
-	mgmClient mgm.Client,
-	config *EngineConfig,
-	mobileDep MobileDependency,
-	statusRecorder *peer.Status,
-	mgmProbe *Probe,
-	signalProbe *Probe,
-	relayProbe *Probe,
-	wgProbe *Probe,
-) *Engine {
 	return &Engine{
 		ctx:            ctx,
 		cancel:         cancel,
@@ -187,16 +146,12 @@ func NewEngineWithProbes(
 		syncMsgMux:     &sync.Mutex{},
 		config:         config,
 		mobileDep:      mobileDep,
-		STUNs:          []*stun.URI{},
-		TURNs:          []*stun.URI{},
+		STUNs:          []*ice.URL{},
+		TURNs:          []*ice.URL{},
 		networkSerial:  0,
 		sshServerFunc:  nbssh.DefaultSSHServer,
 		statusRecorder: statusRecorder,
 		wgProxyFactory: wgproxy.NewFactory(config.WgPort),
-		mgmProbe:       mgmProbe,
-		signalProbe:    signalProbe,
-		relayProbe:     relayProbe,
-		wgProbe:        wgProbe,
 	}
 }

@@ -225,38 +180,56 @@ func (e *Engine) Start() error {
 	e.syncMsgMux.Lock()
 	defer e.syncMsgMux.Unlock()

-	wgIface, err := e.newWgIface()
+	wgIFaceName := e.config.WgIfaceName
+	wgAddr := e.config.WgAddr
+	myPrivateKey := e.config.WgPrivateKey
+	var err error
+	transportNet, err := e.newStdNet()
 	if err != nil {
-		log.Errorf("failed creating wireguard interface instance %s: [%s]", e.config.WgIfaceName, err.Error())
+		log.Errorf("failed to create pion's stdnet: %s", err)
+	}
+
+	e.wgInterface, err = iface.NewWGIFace(wgIFaceName, wgAddr, iface.DefaultMTU, e.mobileDep.TunAdapter, transportNet)
+	if err != nil {
+		log.Errorf("failed creating wireguard interface instance %s: [%s]", wgIFaceName, err.Error())
 		return err
 	}
-	e.wgInterface = wgIface

-	if e.config.RosenpassEnabled {
-		log.Infof("rosenpass is enabled")
-		e.rpManager, err = rosenpass.NewManager(e.config.PreSharedKey, e.config.WgIfaceName)
+	var routes []*route.Route
+
+	if runtime.GOOS == "android" {
+		var dnsConfig *nbdns.Config
+		routes, dnsConfig, err = e.readInitialSettings()
 		if err != nil {
 			return err
 		}
-		err := e.rpManager.Run()
+		if e.dnsServer == nil {
+			e.dnsServer = dns.NewDefaultServerPermanentUpstream(e.ctx, e.wgInterface, e.mobileDep.HostDNSAddresses, *dnsConfig, e.mobileDep.NetworkChangeListener)
+			go e.mobileDep.DnsReadyListener.OnReady()
+		}
+	} else if e.dnsServer == nil {
+		// todo fix custom address
+		e.dnsServer, err = dns.NewDefaultServer(e.ctx, e.wgInterface, e.config.CustomDNSAddress)
 		if err != nil {
+			e.close()
 			return err
 		}
 	}

-	initialRoutes, dnsServer, err := e.newDnsServer()
-	if err != nil {
-		e.close()
-		return err
-	}
-	e.dnsServer = dnsServer
-
-	e.routeManager = routemanager.NewManager(e.ctx, e.config.WgPrivateKey.PublicKey().String(), e.wgInterface, e.statusRecorder, initialRoutes)
+	e.routeManager = routemanager.NewManager(e.ctx, e.config.WgPrivateKey.PublicKey().String(), e.wgInterface, e.statusRecorder, routes)
 	e.routeManager.SetRouteChangeListener(e.mobileDep.NetworkChangeListener)

-	err = e.wgInterfaceCreate()
+	if runtime.GOOS == "android" {
+		err = e.wgInterface.CreateOnMobile(iface.MobileIFaceArguments{
+			Routes:        e.routeManager.InitialRouteRange(),
+			Dns:           e.dnsServer.DnsIP(),
+			SearchDomains: e.dnsServer.SearchDomains(),
+		})
+	} else {
+		err = e.wgInterface.Create()
+	}
 	if err != nil {
-		log.Errorf("failed creating tunnel interface %s: [%s]", e.config.WgIfaceName, err.Error())
+		log.Errorf("failed creating tunnel interface %s: [%s]", wgIFaceName, err.Error())
 		e.close()
 		return err
 	}
@@ -274,13 +247,33 @@ func (e *Engine) Start() error {
 		}
 	}

-	e.udpMux, err = e.wgInterface.Up()
+	err = e.wgInterface.Configure(myPrivateKey.String(), e.config.WgPort)
 	if err != nil {
-		log.Errorf("failed to pull up wgInterface [%s]: %s", e.wgInterface.Name(), err.Error())
+		log.Errorf("failed configuring Wireguard interface [%s]: %s", wgIFaceName, err.Error())
 		e.close()
 		return err
 	}

+	if e.wgInterface.IsUserspaceBind() {
+		iceBind := e.wgInterface.GetBind()
+		udpMux, err := iceBind.GetICEMux()
+		if err != nil {
+			e.close()
+			return err
+		}
+		e.udpMux = udpMux
+		log.Infof("using userspace bind mode %s", udpMux.LocalAddr().String())
+	} else {
+		rawSock, err := sharedsock.Listen(e.config.WgPort, sharedsock.NewIncomingSTUNFilter())
+		if err != nil {
+			return err
+		}
+		mux := bind.NewUniversalUDPMuxDefault(bind.UniversalUDPMuxParams{UDPConn: rawSock, Net: transportNet})
+		go mux.ReadFromConn(e.ctx)
+		e.udpMuxConn = rawSock
+		e.udpMux = mux
+	}
+
 	if e.firewall != nil {
 		e.acl = acl.NewDefaultManager(e.firewall)
 	}
@@ -293,7 +286,6 @@ func (e *Engine) Start() error {

 	e.receiveSignalEvents()
 	e.receiveManagementEvents()
-	e.receiveProbeEvents()

 	return nil
 }
@@ -423,8 +415,7 @@ func sendSignal(message *sProto.Message, s signal.Client) error {
 }

 // SignalOfferAnswer signals either an offer or an answer to remote peer
-func SignalOfferAnswer(offerAnswer peer.OfferAnswer, myKey wgtypes.Key, remoteKey wgtypes.Key, s signal.Client,
-	isAnswer bool) error {
+func SignalOfferAnswer(offerAnswer peer.OfferAnswer, myKey wgtypes.Key, remoteKey wgtypes.Key, s signal.Client, isAnswer bool) error {
 	var t sProto.Body_Type
 	if isAnswer {
 		t = sProto.Body_ANSWER
@@ -435,7 +426,7 @@ func SignalOfferAnswer(offerAnswer peer.OfferAnswer, myKey wgtypes.Key, remoteKe
 	msg, err := signal.MarshalCredential(myKey, offerAnswer.WgListenPort, remoteKey, &signal.Credential{
 		UFrag: offerAnswer.IceCredentials.UFrag,
 		Pwd:   offerAnswer.IceCredentials.Pwd,
-	}, t, offerAnswer.RosenpassPubKey, offerAnswer.RosenpassAddr)
+	}, t)
 	if err != nil {
 		return err
 	}
@@ -489,7 +480,7 @@ func (e *Engine) updateSSH(sshConf *mgmProto.SSHConfig) error {
 		}
 		// start SSH server if it wasn't running
 		if isNil(e.sshServer) {
-			// nil sshServer means it has not yet been started
+			//nil sshServer means it has not yet been started
 			var err error
 			e.sshServer, err = e.sshServerFunc(e.config.SSHKey,
 				fmt.Sprintf("%s:%d", e.wgInterface.Address().IP.String(), nbssh.DefaultSSHPort))
@@ -537,7 +528,7 @@ func (e *Engine) updateConfig(conf *mgmProto.PeerConfig) error {
 	if conf.GetSshConfig() != nil {
 		err := e.updateSSH(conf.GetSshConfig())
 		if err != nil {
-			log.Warnf("failed handling SSH server setup %v", err)
+			log.Warnf("failed handling SSH server setup %v", e)
 		}
 	}

@@ -555,7 +546,9 @@ func (e *Engine) updateConfig(conf *mgmProto.PeerConfig) error {
 // E.g. when a new peer has been registered and we are allowed to connect to it.
 func (e *Engine) receiveManagementEvents() {
 	go func() {
-		err := e.mgmClient.Sync(e.handleSync)
+		err := e.mgmClient.Sync(func(update *mgmProto.SyncResponse) error {
+			return e.handleSync(update)
+		})
 		if err != nil {
 			// happens if management is unavailable for a long time.
 			// We want to cancel the operation of the whole client
@@ -572,10 +565,10 @@ func (e *Engine) updateSTUNs(stuns []*mgmProto.HostConfig) error {
 	if len(stuns) == 0 {
 		return nil
 	}
-	var newSTUNs []*stun.URI
+	var newSTUNs []*ice.URL
 	log.Debugf("got STUNs update from Management Service, updating")
-	for _, s := range stuns {
-		url, err := stun.ParseURI(s.Uri)
+	for _, stun := range stuns {
+		url, err := ice.ParseURL(stun.Uri)
 		if err != nil {
 			return err
 		}
@@ -590,10 +583,10 @@ func (e *Engine) updateTURNs(turns []*mgmProto.ProtectedHostConfig) error {
 	if len(turns) == 0 {
 		return nil
 	}
-	var newTURNs []*stun.URI
+	var newTURNs []*ice.URL
 	log.Debugf("got TURNs update from Management Service, updating")
 	for _, turn := range turns {
-		url, err := stun.ParseURI(turn.HostConfig.Uri)
+		url, err := ice.ParseURL(turn.HostConfig.Uri)
 		if err != nil {
 			return err
 		}
@@ -682,15 +675,10 @@ func (e *Engine) updateNetworkMap(networkMap *mgmProto.NetworkMap) error {
 		log.Errorf("failed to update dns server, err: %v", err)
 	}

-	// Test received (upstream) servers for availability right away instead of upon usage.
-	// If no server of a server group responds this will disable the respective handler and retry later.
-	e.dnsServer.ProbeAvailability()
-
 	if e.acl != nil {
 		e.acl.ApplyFiltering(networkMap)
 	}
 	e.networkSerial = serial
-
 	return nil
 }

@@ -848,7 +836,7 @@ func (e *Engine) peerExists(peerKey string) bool {

 func (e *Engine) createPeerConn(pubKey string, allowedIPs string) (*peer.Conn, error) {
 	log.Debugf("creating peer connection %s", pubKey)
-	var stunTurn []*stun.URI
+	var stunTurn []*ice.URL
 	stunTurn = append(stunTurn, e.STUNs...)
 	stunTurn = append(stunTurn, e.TURNs...)

@@ -860,26 +848,6 @@ func (e *Engine) createPeerConn(pubKey string, allowedIPs string) (*peer.Conn, e
 		PreSharedKey: e.config.PreSharedKey,
 	}

-	if e.config.RosenpassEnabled {
-		lk := []byte(e.config.WgPrivateKey.PublicKey().String())
-		rk := []byte(wgConfig.RemoteKey)
-		var keyInput []byte
-		if string(lk) > string(rk) {
-			//nolint:gocritic
-			keyInput = append(lk[:16], rk[:16]...)
-		} else {
-			//nolint:gocritic
-			keyInput = append(rk[:16], lk[:16]...)
-		}
-
-		key, err := wgtypes.NewKey(keyInput)
-		if err != nil {
-			return nil, err
-		}
-
-		wgConfig.PreSharedKey = &key
-	}
-
 	// randomize connection timeout
 	timeout := time.Duration(rand.Intn(PeerConnectionTimeoutMax-PeerConnectionTimeoutMin)+PeerConnectionTimeoutMin) * time.Millisecond
 	config := peer.ConnConfig{
@@ -895,8 +863,6 @@ func (e *Engine) createPeerConn(pubKey string, allowedIPs string) (*peer.Conn, e
 		LocalWgPort:          e.config.WgPort,
 		NATExternalIPs:       e.parseNATExternalIPMappings(),
 		UserspaceBind:        e.wgInterface.IsUserspaceBind(),
-		RosenpassPubKey:      e.getRosenpassPubKey(),
-		RosenpassAddr:        e.getRosenpassAddr(),
 	}

 	peerConn, err := peer.NewConn(config, e.statusRecorder, e.wgProxyFactory, e.mobileDep.TunAdapter, e.mobileDep.IFaceDiscover)
@@ -928,12 +894,6 @@ func (e *Engine) createPeerConn(pubKey string, allowedIPs string) (*peer.Conn, e
 		return sendSignal(message, e.signal)
 	})

-	if e.rpManager != nil {
-
-		peerConn.SetOnConnected(e.rpManager.OnConnected)
-		peerConn.SetOnDisconnected(e.rpManager.OnDisconnected)
-	}
-
 	return peerConn, nil
 }

@@ -959,21 +919,13 @@ func (e *Engine) receiveSignalEvents() {

 				conn.RegisterProtoSupportMeta(msg.Body.GetFeaturesSupported())

-				var rosenpassPubKey []byte
-				rosenpassAddr := ""
-				if msg.GetBody().GetRosenpassConfig() != nil {
-					rosenpassPubKey = msg.GetBody().GetRosenpassConfig().GetRosenpassPubKey()
-					rosenpassAddr = msg.GetBody().GetRosenpassConfig().GetRosenpassServerAddr()
-				}
 				conn.OnRemoteOffer(peer.OfferAnswer{
 					IceCredentials: peer.IceCredentials{
 						UFrag: remoteCred.UFrag,
 						Pwd:   remoteCred.Pwd,
 					},
-					WgListenPort:    int(msg.GetBody().GetWgListenPort()),
-					Version:         msg.GetBody().GetNetBirdVersion(),
-					RosenpassPubKey: rosenpassPubKey,
-					RosenpassAddr:   rosenpassAddr,
+					WgListenPort: int(msg.GetBody().GetWgListenPort()),
+					Version:      msg.GetBody().GetNetBirdVersion(),
 				})
 			case sProto.Body_ANSWER:
 				remoteCred, err := signal.UnMarshalCredential(msg)
@@ -981,23 +933,15 @@ func (e *Engine) receiveSignalEvents() {
 					return err
 				}

-				conn.RegisterProtoSupportMeta(msg.GetBody().GetFeaturesSupported())
+				conn.RegisterProtoSupportMeta(msg.Body.GetFeaturesSupported())

-				var rosenpassPubKey []byte
-				rosenpassAddr := ""
-				if msg.GetBody().GetRosenpassConfig() != nil {
-					rosenpassPubKey = msg.GetBody().GetRosenpassConfig().GetRosenpassPubKey()
-					rosenpassAddr = msg.GetBody().GetRosenpassConfig().GetRosenpassServerAddr()
-				}
 				conn.OnRemoteAnswer(peer.OfferAnswer{
 					IceCredentials: peer.IceCredentials{
 						UFrag: remoteCred.UFrag,
 						Pwd:   remoteCred.Pwd,
 					},
-					WgListenPort:    int(msg.GetBody().GetWgListenPort()),
-					Version:         msg.GetBody().GetNetBirdVersion(),
-					RosenpassPubKey: rosenpassPubKey,
-					RosenpassAddr:   rosenpassAddr,
+					WgListenPort: int(msg.GetBody().GetWgListenPort()),
+					Version:      msg.GetBody().GetNetBirdVersion(),
 				})
 			case sProto.Body_CANDIDATE:
 				candidate, err := ice.UnmarshalCandidate(msg.GetBody().Payload)
@@ -1087,6 +1031,18 @@ func (e *Engine) close() {
 		}
 	}

+	if e.udpMux != nil {
+		if err := e.udpMux.Close(); err != nil {
+			log.Debugf("close udp mux: %v", err)
+		}
+	}
+
+	if e.udpMuxConn != nil {
+		if err := e.udpMuxConn.Close(); err != nil {
+			log.Debugf("close udp mux connection: %v", err)
+		}
+	}
+
 	if !isNil(e.sshServer) {
 		err := e.sshServer.Stop()
 		if err != nil {
@@ -1108,10 +1064,6 @@ func (e *Engine) close() {
 			log.Warnf("failed to reset firewall: %s", err)
 		}
 	}
-
-	if e.rpManager != nil {
-		_ = e.rpManager.Close()
-	}
 }

 func (e *Engine) readInitialSettings() ([]*route.Route, *nbdns.Config, error) {
@@ -1124,68 +1076,6 @@ func (e *Engine) readInitialSettings() ([]*route.Route, *nbdns.Config, error) {
 	return routes, &dnsCfg, nil
 }

-func (e *Engine) newWgIface() (*iface.WGIface, error) {
-	transportNet, err := e.newStdNet()
-	if err != nil {
-		log.Errorf("failed to create pion's stdnet: %s", err)
-	}
-
-	var mArgs *iface.MobileIFaceArguments
-	switch runtime.GOOS {
-	case "android":
-		mArgs = &iface.MobileIFaceArguments{
-			TunAdapter: e.mobileDep.TunAdapter,
-			TunFd:      int(e.mobileDep.FileDescriptor),
-		}
-	case "ios":
-		mArgs = &iface.MobileIFaceArguments{
-			TunFd: int(e.mobileDep.FileDescriptor),
-		}
-	default:
-	}
-
-	return iface.NewWGIFace(e.config.WgIfaceName, e.config.WgAddr, e.config.WgPort, e.config.WgPrivateKey.String(), iface.DefaultMTU, transportNet, mArgs)
-}
-
-func (e *Engine) wgInterfaceCreate() (err error) {
-	switch runtime.GOOS {
-	case "android":
-		err = e.wgInterface.CreateOnAndroid(e.routeManager.InitialRouteRange(), e.dnsServer.DnsIP(), e.dnsServer.SearchDomains())
-	case "ios":
-		e.mobileDep.NetworkChangeListener.SetInterfaceIP(e.config.WgAddr)
-		err = e.wgInterface.Create()
-	default:
-		err = e.wgInterface.Create()
-	}
-	return err
-}
-
-func (e *Engine) newDnsServer() ([]*route.Route, dns.Server, error) {
-	// due to tests where we are using a mocked version of the DNS server
-	if e.dnsServer != nil {
-		return nil, e.dnsServer, nil
-	}
-	switch runtime.GOOS {
-	case "android":
-		routes, dnsConfig, err := e.readInitialSettings()
-		if err != nil {
-			return nil, nil, err
-		}
-		dnsServer := dns.NewDefaultServerPermanentUpstream(e.ctx, e.wgInterface, e.mobileDep.HostDNSAddresses, *dnsConfig, e.mobileDep.NetworkChangeListener)
-		go e.mobileDep.DnsReadyListener.OnReady()
-		return routes, dnsServer, nil
-	case "ios":
-		dnsServer := dns.NewDefaultServerIos(e.ctx, e.wgInterface, e.mobileDep.DnsManager)
-		return nil, dnsServer, nil
-	default:
-		dnsServer, err := dns.NewDefaultServer(e.ctx, e.wgInterface, e.config.CustomDNSAddress)
-		if err != nil {
-			return nil, nil, err
-		}
-		return nil, dnsServer, nil
-	}
-}
-
 func findIPFromInterfaceName(ifaceName string) (net.IP, error) {
 	iface, err := net.InterfaceByName(ifaceName)
 	if err != nil {
@@ -1206,83 +1096,3 @@ func findIPFromInterface(iface *net.Interface) (net.IP, error) {
 	}
 	return nil, fmt.Errorf("interface %s don't have an ipv4 address", iface.Name)
 }
-
-func (e *Engine) getRosenpassPubKey() []byte {
-	if e.rpManager != nil {
-		return e.rpManager.GetPubKey()
-	}
-	return nil
-}
-
-func (e *Engine) getRosenpassAddr() string {
-	if e.rpManager != nil {
-		return e.rpManager.GetAddress().String()
-	}
-	return ""
-}
-
-func (e *Engine) receiveProbeEvents() {
-	if e.signalProbe != nil {
-		go e.signalProbe.Receive(e.ctx, func() bool {
-			healthy := e.signal.IsHealthy()
-			log.Debugf("received signal probe request, healthy: %t", healthy)
-			return healthy
-		})
-	}
-
-	if e.mgmProbe != nil {
-		go e.mgmProbe.Receive(e.ctx, func() bool {
-			healthy := e.mgmClient.IsHealthy()
-			log.Debugf("received management probe request, healthy: %t", healthy)
-			return healthy
-		})
-	}
-
-	if e.relayProbe != nil {
-		go e.relayProbe.Receive(e.ctx, func() bool {
-			healthy := true
-
-			results := append(e.probeSTUNs(), e.probeTURNs()...)
-			e.statusRecorder.UpdateRelayStates(results)
-
-			// A single failed server will result in a "failed" probe
-			for _, res := range results {
-				if res.Err != nil {
-					healthy = false
-					break
-				}
-			}
-
-			log.Debugf("received relay probe request, healthy: %t", healthy)
-			return healthy
-		})
-	}
-
-	if e.wgProbe != nil {
-		go e.wgProbe.Receive(e.ctx, func() bool {
-			log.Debug("received wg probe request")
-
-			for _, peer := range e.peerConns {
-				key := peer.GetKey()
-				wgStats, err := peer.GetConf().WgConfig.WgInterface.GetStats(key)
-				if err != nil {
-					log.Debugf("failed to get wg stats for peer %s: %s", key, err)
-				}
-				// wgStats could be zero value, in which case we just reset the stats
-				if err := e.statusRecorder.UpdateWireguardPeerState(key, wgStats); err != nil {
-					log.Debugf("failed to update wg stats for peer %s: %s", key, err)
-				}
-			}
-
-			return true
-		})
-	}
-}
-
-func (e *Engine) probeSTUNs() []relay.ProbeResult {
-	return relay.ProbeAll(e.ctx, relay.ProbeSTUN, e.STUNs)
-}
-
-func (e *Engine) probeTURNs() []relay.ProbeResult {
-	return relay.ProbeAll(e.ctx, relay.ProbeTURN, e.TURNs)
-}
--- a/client/internal/engine_test.go
+++ b/client/internal/engine_test.go
@@ -13,7 +13,7 @@ import (
 	"testing"
 	"time"

-	"github.com/pion/transport/v3/stdnet"
+	"github.com/pion/transport/v2/stdnet"
 	log "github.com/sirupsen/logrus"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -213,7 +213,7 @@ func TestEngine_UpdateNetworkMap(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	engine.wgInterface, err = iface.NewWGIFace("utun102", "100.64.0.1/24", engine.config.WgPort, key.String(), iface.DefaultMTU, newNet, nil)
+	engine.wgInterface, err = iface.NewWGIFace("utun102", "100.64.0.1/24", iface.DefaultMTU, nil, newNet)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -567,7 +567,7 @@ func TestEngine_UpdateNetworkMapWithRoutes(t *testing.T) {
 			if err != nil {
 				t.Fatal(err)
 			}
-			engine.wgInterface, err = iface.NewWGIFace(wgIfaceName, wgAddr, engine.config.WgPort, key.String(), iface.DefaultMTU, newNet, nil)
+			engine.wgInterface, err = iface.NewWGIFace(wgIfaceName, wgAddr, iface.DefaultMTU, nil, newNet)
 			assert.NoError(t, err, "shouldn't return error")
 			input := struct {
 				inputSerial uint64
@@ -736,7 +736,7 @@ func TestEngine_UpdateNetworkMapWithDNSUpdate(t *testing.T) {
 			if err != nil {
 				t.Fatal(err)
 			}
-			engine.wgInterface, err = iface.NewWGIFace(wgIfaceName, wgAddr, 33100, key.String(), iface.DefaultMTU, newNet, nil)
+			engine.wgInterface, err = iface.NewWGIFace(wgIfaceName, wgAddr, iface.DefaultMTU, nil, newNet)
 			assert.NoError(t, err, "shouldn't return error")

 			mockRouteManager := &routemanager.MockManager{
--- a/client/internal/listener/network_change.go
+++ b/client/internal/listener/network_change.go
@@ -3,6 +3,5 @@ package listener
 // NetworkChangeListener is a callback interface for mobile system
 type NetworkChangeListener interface {
 	// OnNetworkChanged invoke when network settings has been changed
-	OnNetworkChanged(string)
-	SetInterfaceIP(string)
+	OnNetworkChanged()
 }
--- a/client/internal/mobile_dependency.go
+++ b/client/internal/mobile_dependency.go
@@ -9,14 +9,9 @@ import (

 // MobileDependency collect all dependencies for mobile platform
 type MobileDependency struct {
-	// Android only
 	TunAdapter            iface.TunAdapter
 	IFaceDiscover         stdnet.ExternalIFaceDiscover
 	NetworkChangeListener listener.NetworkChangeListener
 	HostDNSAddresses      []string
 	DnsReadyListener      dns.ReadyListener
-
-	//	iOS only
-	DnsManager     dns.IosDnsManager
-	FileDescriptor int32
 }
--- a/client/internal/peer/conn.go
+++ b/client/internal/peer/conn.go
@@ -4,13 +4,11 @@ import (
 	"context"
 	"fmt"
 	"net"
-	"runtime"
 	"strings"
 	"sync"
 	"time"

-	"github.com/pion/ice/v3"
-	"github.com/pion/stun/v2"
+	"github.com/pion/ice/v2"
 	log "github.com/sirupsen/logrus"
 	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"

@@ -47,7 +45,7 @@ type ConnConfig struct {
 	LocalKey string

 	// StunTurn is a list of STUN and TURN URLs
-	StunTurn []*stun.URI
+	StunTurn []*ice.URL

 	// InterfaceBlackList is a list of machine interfaces that should be filtered out by ICE Candidate gathering
 	// (e.g. if eth0 is in the list, host candidate of this interface won't be used)
@@ -67,11 +65,6 @@ type ConnConfig struct {

 	// UsesBind indicates whether the WireGuard interface is userspace and uses bind.ICEBind
 	UserspaceBind bool
-
-	// RosenpassPubKey is this peer's Rosenpass public key
-	RosenpassPubKey []byte
-	// RosenpassPubKey is this peer's RosenpassAddr server address (IP:port)
-	RosenpassAddr string
 }

 // OfferAnswer represents a session establishment offer or answer
@@ -84,12 +77,6 @@ type OfferAnswer struct {

 	// Version of NetBird Agent
 	Version string
-	// RosenpassPubKey is the Rosenpass public key of the remote peer when receiving this message
-	// This value is the local Rosenpass server public key when sending the message
-	RosenpassPubKey []byte
-	// RosenpassAddr is the Rosenpass server address (IP:port) of the remote peer when receiving this message
-	// This value is the local Rosenpass server address when sending the message
-	RosenpassAddr string
 }

 // IceCredentials ICE protocol credentials struct
@@ -108,8 +95,6 @@ type Conn struct {
 	signalOffer       func(OfferAnswer) error
 	signalAnswer      func(OfferAnswer) error
 	sendSignalMessage func(message *sProto.Message) error
-	onConnected       func(remoteWireGuardKey string, remoteRosenpassPubKey []byte, wireGuardIP string, remoteRosenpassAddr string)
-	onDisconnected    func(remotePeer string, wgIP string)

 	// remoteOffersCh is a channel used to wait for remote credentials to proceed with the connection
 	remoteOffersCh chan OfferAnswer
@@ -156,7 +141,7 @@ func (conn *Conn) WgConfig() WgConfig {
 }

 // UpdateStunTurn update the turn and stun addresses
-func (conn *Conn) UpdateStunTurn(turnStun []*stun.URI) {
+func (conn *Conn) UpdateStunTurn(turnStun []*ice.URL) {
 	conn.config.StunTurn = turnStun
 }

@@ -240,10 +225,6 @@ func (conn *Conn) candidateTypes() []ice.CandidateType {
 	if hasICEForceRelayConn() {
 		return []ice.CandidateType{ice.CandidateTypeRelay}
 	}
-	// TODO: remove this once we have refactored userspace proxy into the bind package
-	if runtime.GOOS == "ios" {
-		return []ice.CandidateType{ice.CandidateTypeHost, ice.CandidateTypeServerReflexive}
-	}
 	return []ice.CandidateType{ice.CandidateTypeHost, ice.CandidateTypeServerReflexive, ice.CandidateTypeRelay}
 }

@@ -348,8 +329,7 @@ func (conn *Conn) Open() error {
 		remoteWgPort = remoteOfferAnswer.WgListenPort
 	}
 	// the ice connection has been established successfully so we are ready to start the proxy
-	remoteAddr, err := conn.configureConnection(remoteConn, remoteWgPort, remoteOfferAnswer.RosenpassPubKey,
-		remoteOfferAnswer.RosenpassAddr)
+	remoteAddr, err := conn.configureConnection(remoteConn, remoteWgPort)
 	if err != nil {
 		return err
 	}
@@ -372,7 +352,7 @@ func isRelayCandidate(candidate ice.Candidate) bool {
 }

 // configureConnection starts proxying traffic from/to local Wireguard and sets connection status to StatusConnected
-func (conn *Conn) configureConnection(remoteConn net.Conn, remoteWgPort int, remoteRosenpassPubKey []byte, remoteRosenpassAddr string) (net.Addr, error) {
+func (conn *Conn) configureConnection(remoteConn net.Conn, remoteWgPort int) (net.Addr, error) {
 	conn.mu.Lock()
 	defer conn.mu.Unlock()

@@ -390,7 +370,7 @@ func (conn *Conn) configureConnection(remoteConn net.Conn, remoteWgPort int, rem
 			return nil, err
 		}
 	} else {
-		// To support old version's with direct mode we attempt to punch an additional role with the remote WireGuard port
+		// To support old version's with direct mode we attempt to punch an additional role with the remote wireguard port
 		go conn.punchRemoteWGPort(pair, remoteWgPort)
 		endpoint = remoteConn.RemoteAddr()
 	}
@@ -408,14 +388,12 @@ func (conn *Conn) configureConnection(remoteConn net.Conn, remoteWgPort int, rem
 	conn.status = StatusConnected

 	peerState := State{
-		PubKey:                     conn.config.Key,
-		ConnStatus:                 conn.status,
-		ConnStatusUpdate:           time.Now(),
-		LocalIceCandidateType:      pair.Local.Type().String(),
-		RemoteIceCandidateType:     pair.Remote.Type().String(),
-		LocalIceCandidateEndpoint:  fmt.Sprintf("%s:%d", pair.Local.Address(), pair.Local.Port()),
-		RemoteIceCandidateEndpoint: fmt.Sprintf("%s:%d", pair.Remote.Address(), pair.Local.Port()),
-		Direct:                     !isRelayCandidate(pair.Local),
+		PubKey:                 conn.config.Key,
+		ConnStatus:             conn.status,
+		ConnStatusUpdate:       time.Now(),
+		LocalIceCandidateType:  pair.Local.Type().String(),
+		RemoteIceCandidateType: pair.Remote.Type().String(),
+		Direct:                 !isRelayCandidate(pair.Local),
 	}
 	if pair.Local.Type() == ice.CandidateTypeRelay || pair.Remote.Type() == ice.CandidateTypeRelay {
 		peerState.Relayed = true
@@ -426,15 +404,6 @@ func (conn *Conn) configureConnection(remoteConn net.Conn, remoteWgPort int, rem
 		log.Warnf("unable to save peer's state, got error: %v", err)
 	}

-	_, ipNet, err := net.ParseCIDR(conn.config.WgConfig.AllowedIps)
-	if err != nil {
-		return nil, err
-	}
-
-	if conn.onConnected != nil {
-		conn.onConnected(conn.config.Key, remoteRosenpassPubKey, ipNet.IP.String(), remoteRosenpassAddr)
-	}
-
 	return endpoint, nil
 }

@@ -485,10 +454,6 @@ func (conn *Conn) cleanup() error {
 		conn.notifyDisconnected = nil
 	}

-	if conn.status == StatusConnected && conn.onDisconnected != nil {
-		conn.onDisconnected(conn.config.WgConfig.RemoteKey, conn.config.WgConfig.AllowedIps)
-	}
-
 	conn.status = StatusDisconnected

 	peerState := State{
@@ -499,12 +464,9 @@ func (conn *Conn) cleanup() error {
 	err := conn.statusRecorder.UpdatePeerState(peerState)
 	if err != nil {
 		// pretty common error because by that time Engine can already remove the peer and status won't be available.
-		// todo rethink status updates
+		//todo rethink status updates
 		log.Debugf("error while updating peer's %s state, err: %v", conn.config.Key, err)
 	}
-	if err := conn.statusRecorder.UpdateWireguardPeerState(conn.config.Key, iface.WGStats{}); err != nil {
-		log.Debugf("failed to reset wireguard stats for peer %s: %s", conn.config.Key, err)
-	}

 	log.Debugf("cleaned up connection to peer %s", conn.config.Key)
 	if err1 != nil {
@@ -521,16 +483,6 @@ func (conn *Conn) SetSignalOffer(handler func(offer OfferAnswer) error) {
 	conn.signalOffer = handler
 }

-// SetOnConnected sets a handler function to be triggered by Conn when a new connection to a remote peer established
-func (conn *Conn) SetOnConnected(handler func(remoteWireGuardKey string, remoteRosenpassPubKey []byte, wireGuardIP string, remoteRosenpassAddr string)) {
-	conn.onConnected = handler
-}
-
-// SetOnDisconnected sets a handler function to be triggered by Conn when a connection to a remote disconnected
-func (conn *Conn) SetOnDisconnected(handler func(remotePeer string, wgIP string)) {
-	conn.onDisconnected = handler
-}
-
 // SetSignalAnswer sets a handler function to be triggered by Conn when a new connection answer has to be signalled to the remote peer
 func (conn *Conn) SetSignalAnswer(handler func(answer OfferAnswer) error) {
 	conn.signalAnswer = handler
@@ -585,11 +537,9 @@ func (conn *Conn) sendAnswer() error {

 	log.Debugf("sending answer to %s", conn.config.Key)
 	err = conn.signalAnswer(OfferAnswer{
-		IceCredentials:  IceCredentials{localUFrag, localPwd},
-		WgListenPort:    conn.config.LocalWgPort,
-		Version:         version.NetbirdVersion(),
-		RosenpassPubKey: conn.config.RosenpassPubKey,
-		RosenpassAddr:   conn.config.RosenpassAddr,
+		IceCredentials: IceCredentials{localUFrag, localPwd},
+		WgListenPort:   conn.config.LocalWgPort,
+		Version:        version.NetbirdVersion(),
 	})
 	if err != nil {
 		return err
@@ -608,11 +558,9 @@ func (conn *Conn) sendOffer() error {
 		return err
 	}
 	err = conn.signalOffer(OfferAnswer{
-		IceCredentials:  IceCredentials{localUFrag, localPwd},
-		WgListenPort:    conn.config.LocalWgPort,
-		Version:         version.NetbirdVersion(),
-		RosenpassPubKey: conn.config.RosenpassPubKey,
-		RosenpassAddr:   conn.config.RosenpassAddr,
+		IceCredentials: IceCredentials{localUFrag, localPwd},
+		WgListenPort:   conn.config.LocalWgPort,
+		Version:        version.NetbirdVersion(),
 	})
 	if err != nil {
 		return err
--- a/client/internal/peer/conn_test.go
+++ b/client/internal/peer/conn_test.go
@@ -6,7 +6,7 @@ import (
 	"time"

 	"github.com/magiconair/properties/assert"
-	"github.com/pion/stun/v2"
+	"github.com/pion/ice/v2"

 	"github.com/netbirdio/netbird/client/internal/stdnet"
 	"github.com/netbirdio/netbird/client/internal/wgproxy"
@@ -16,7 +16,7 @@ import (
 var connConf = ConnConfig{
 	Key:                "LLHf3Ma6z6mdLbriAJbqhX7+nM/B71lgw2+91q3LfhU=",
 	LocalKey:           "RRHf3Ma6z6mdLbriAJbqhX7+nM/B71lgw2+91q3LfhU=",
-	StunTurn:           []*stun.URI{},
+	StunTurn:           []*ice.URL{},
 	InterfaceBlackList: nil,
 	Timeout:            time.Second,
 	LocalWgPort:        51820,
--- a/client/internal/peer/status.go
+++ b/client/internal/peer/status.go
@@ -4,27 +4,19 @@ import (
 	"errors"
 	"sync"
 	"time"
-
-	"github.com/netbirdio/netbird/client/internal/relay"
-	"github.com/netbirdio/netbird/iface"
 )

 // State contains the latest state of a peer
 type State struct {
-	IP                         string
-	PubKey                     string
-	FQDN                       string
-	ConnStatus                 ConnStatus
-	ConnStatusUpdate           time.Time
-	Relayed                    bool
-	Direct                     bool
-	LocalIceCandidateType      string
-	RemoteIceCandidateType     string
-	LocalIceCandidateEndpoint  string
-	RemoteIceCandidateEndpoint string
-	LastWireguardHandshake     time.Time
-	BytesTx                    int64
-	BytesRx                    int64
+	IP                     string
+	PubKey                 string
+	FQDN                   string
+	ConnStatus             ConnStatus
+	ConnStatusUpdate       time.Time
+	Relayed                bool
+	Direct                 bool
+	LocalIceCandidateType  string
+	RemoteIceCandidateType string
 }

 // LocalPeerState contains the latest state of the local peer
@@ -39,14 +31,12 @@ type LocalPeerState struct {
 type SignalState struct {
 	URL       string
 	Connected bool
-	Error     error
 }

 // ManagementState contains the latest state of a management connection
 type ManagementState struct {
 	URL       string
 	Connected bool
-	Error     error
 }

 // FullStatus contains the full state held by the Status instance
@@ -55,19 +45,15 @@ type FullStatus struct {
 	ManagementState ManagementState
 	SignalState     SignalState
 	LocalPeerState  LocalPeerState
-	Relays          []relay.ProbeResult
 }

-// Status holds a state of peers, signal, management connections and relays
+// Status holds a state of peers, signal and management connections
 type Status struct {
 	mux             sync.Mutex
 	peers           map[string]State
 	changeNotify    map[string]chan struct{}
 	signalState     bool
-	signalError     error
 	managementState bool
-	managementError error
-	relayStates     []relay.ProbeResult
 	localPeer       LocalPeerState
 	offlinePeers    []State
 	mgmAddress      string
@@ -170,8 +156,6 @@ func (d *Status) UpdatePeerState(receivedState State) error {
 		peerState.Relayed = receivedState.Relayed
 		peerState.LocalIceCandidateType = receivedState.LocalIceCandidateType
 		peerState.RemoteIceCandidateType = receivedState.RemoteIceCandidateType
-		peerState.LocalIceCandidateEndpoint = receivedState.LocalIceCandidateEndpoint
-		peerState.RemoteIceCandidateEndpoint = receivedState.RemoteIceCandidateEndpoint
 	}

 	d.peers[receivedState.PubKey] = peerState
@@ -190,25 +174,6 @@ func (d *Status) UpdatePeerState(receivedState State) error {
 	return nil
 }

-// UpdateWireguardPeerState updates the wireguard bits of the peer state
-func (d *Status) UpdateWireguardPeerState(pubKey string, wgStats iface.WGStats) error {
-	d.mux.Lock()
-	defer d.mux.Unlock()
-
-	peerState, ok := d.peers[pubKey]
-	if !ok {
-		return errors.New("peer doesn't exist")
-	}
-
-	peerState.LastWireguardHandshake = wgStats.LastHandshake
-	peerState.BytesRx = wgStats.RxBytes
-	peerState.BytesTx = wgStats.TxBytes
-
-	d.peers[pubKey] = peerState
-
-	return nil
-}
-
 func shouldSkipNotify(received, curr State) bool {
 	switch {
 	case received.ConnStatus == StatusConnecting:
@@ -283,13 +248,12 @@ func (d *Status) CleanLocalPeerState() {
 }

 // MarkManagementDisconnected sets ManagementState to disconnected
-func (d *Status) MarkManagementDisconnected(err error) {
+func (d *Status) MarkManagementDisconnected() {
 	d.mux.Lock()
 	defer d.mux.Unlock()
 	defer d.onConnectionChanged()

 	d.managementState = false
-	d.managementError = err
 }

 // MarkManagementConnected sets ManagementState to connected
@@ -299,7 +263,6 @@ func (d *Status) MarkManagementConnected() {
 	defer d.onConnectionChanged()

 	d.managementState = true
-	d.managementError = nil
 }

 // UpdateSignalAddress update the address of the signal server
@@ -317,13 +280,12 @@ func (d *Status) UpdateManagementAddress(mgmAddress string) {
 }

 // MarkSignalDisconnected sets SignalState to disconnected
-func (d *Status) MarkSignalDisconnected(err error) {
+func (d *Status) MarkSignalDisconnected() {
 	d.mux.Lock()
 	defer d.mux.Unlock()
 	defer d.onConnectionChanged()

 	d.signalState = false
-	d.signalError = err
 }

 // MarkSignalConnected sets SignalState to connected
@@ -333,33 +295,6 @@ func (d *Status) MarkSignalConnected() {
 	defer d.onConnectionChanged()

 	d.signalState = true
-	d.signalError = nil
-}
-
-func (d *Status) UpdateRelayStates(relayResults []relay.ProbeResult) {
-	d.mux.Lock()
-	defer d.mux.Unlock()
-	d.relayStates = relayResults
-}
-
-func (d *Status) GetManagementState() ManagementState {
-	return ManagementState{
-		d.mgmAddress,
-		d.managementState,
-		d.managementError,
-	}
-}
-
-func (d *Status) GetSignalState() SignalState {
-	return SignalState{
-		d.signalAddress,
-		d.signalState,
-		d.signalError,
-	}
-}
-
-func (d *Status) GetRelayStates() []relay.ProbeResult {
-	return d.relayStates
 }

 // GetFullStatus gets full status
@@ -368,10 +303,15 @@ func (d *Status) GetFullStatus() FullStatus {
 	defer d.mux.Unlock()

 	fullStatus := FullStatus{
-		ManagementState: d.GetManagementState(),
-		SignalState:     d.GetSignalState(),
-		LocalPeerState:  d.localPeer,
-		Relays:          d.GetRelayStates(),
+		ManagementState: ManagementState{
+			d.mgmAddress,
+			d.managementState,
+		},
+		SignalState: SignalState{
+			d.signalAddress,
+			d.signalState,
+		},
+		LocalPeerState: d.localPeer,
 	}

 	for _, status := range d.peers {
--- a/client/internal/peer/status_test.go
+++ b/client/internal/peer/status_test.go
@@ -1,7 +1,6 @@
 package peer

 import (
-	"errors"
 	"testing"

 	"github.com/stretchr/testify/assert"
@@ -153,10 +152,9 @@ func TestUpdateSignalState(t *testing.T) {
 		name      string
 		connected bool
 		want      bool
-		err       error
 	}{
-		{"should mark as connected", true, true, nil},
-		{"should mark as disconnected", false, false, errors.New("test")},
+		{"should mark as connected", true, true},
+		{"should mark as disconnected", false, false},
 	}

 	status := NewRecorder("https://mgm")
@@ -167,10 +165,9 @@ func TestUpdateSignalState(t *testing.T) {
 			if test.connected {
 				status.MarkSignalConnected()
 			} else {
-				status.MarkSignalDisconnected(test.err)
+				status.MarkSignalDisconnected()
 			}
 			assert.Equal(t, test.want, status.signalState, "signal status should be equal")
-			assert.Equal(t, test.err, status.signalError)
 		})
 	}
 }
@@ -181,10 +178,9 @@ func TestUpdateManagementState(t *testing.T) {
 		name      string
 		connected bool
 		want      bool
-		err       error
 	}{
-		{"should mark as connected", true, true, nil},
-		{"should mark as disconnected", false, false, errors.New("test")},
+		{"should mark as connected", true, true},
+		{"should mark as disconnected", false, false},
 	}

 	status := NewRecorder(url)
@@ -194,10 +190,9 @@ func TestUpdateManagementState(t *testing.T) {
 			if test.connected {
 				status.MarkManagementConnected()
 			} else {
-				status.MarkManagementDisconnected(test.err)
+				status.MarkManagementDisconnected()
 			}
 			assert.Equal(t, test.want, status.managementState, "signalState status should be equal")
-			assert.Equal(t, test.err, status.managementError)
 		})
 	}
 }
--- a/client/internal/probe.go
+++ b/client/internal/probe.go
@@ -1,51 +0,0 @@
-package internal
-
-import "context"
-
-// Probe allows to run on-demand callbacks from different code locations.
-// Pass the probe to a receiving and a sending end. The receiving end starts listening
-// to requests with Receive and executes a callback when the sending end requests it
-// by calling Probe.
-type Probe struct {
-	request chan struct{}
-	result  chan bool
-	ready   bool
-}
-
-// NewProbe returns a new initialized probe.
-func NewProbe() *Probe {
-	return &Probe{
-		request: make(chan struct{}),
-		result:  make(chan bool),
-	}
-}
-
-// Probe requests the callback to be run and returns a bool indicating success.
-// It always returns true as long as the receiver is not ready.
-func (p *Probe) Probe() bool {
-	if !p.ready {
-		return true
-	}
-
-	p.request <- struct{}{}
-	return <-p.result
-}
-
-// Receive starts listening for probe requests. On such a request it runs the supplied
-// callback func which must return a bool indicating success.
-// Blocks until the passed context is cancelled.
-func (p *Probe) Receive(ctx context.Context, callback func() bool) {
-	p.ready = true
-	defer func() {
-		p.ready = false
-	}()
-
-	for {
-		select {
-		case <-ctx.Done():
-			return
-		case <-p.request:
-			p.result <- callback()
-		}
-	}
-}
--- a/client/internal/relay/relay.go
+++ b/client/internal/relay/relay.go
@@ -1,171 +0,0 @@
-package relay
-
-import (
-	"context"
-	"fmt"
-	"net"
-	"sync"
-	"time"
-
-	"github.com/pion/stun/v2"
-	"github.com/pion/turn/v3"
-	log "github.com/sirupsen/logrus"
-)
-
-// ProbeResult holds the info about the result of a relay probe request
-type ProbeResult struct {
-	URI  *stun.URI
-	Err  error
-	Addr string
-}
-
-// ProbeSTUN tries binding to the given STUN uri and acquiring an address
-func ProbeSTUN(ctx context.Context, uri *stun.URI) (addr string, probeErr error) {
-	defer func() {
-		if probeErr != nil {
-			log.Debugf("stun probe error from %s: %s", uri, probeErr)
-		}
-	}()
-
-	client, err := stun.DialURI(uri, &stun.DialConfig{})
-	if err != nil {
-		probeErr = fmt.Errorf("dial: %w", err)
-		return
-	}
-
-	defer func() {
-		if err := client.Close(); err != nil && probeErr == nil {
-			probeErr = fmt.Errorf("close: %w", err)
-		}
-	}()
-
-	done := make(chan struct{})
-	if err = client.Start(stun.MustBuild(stun.TransactionID, stun.BindingRequest), func(res stun.Event) {
-		if res.Error != nil {
-			probeErr = fmt.Errorf("request: %w", err)
-			return
-		}
-
-		var xorAddr stun.XORMappedAddress
-		if getErr := xorAddr.GetFrom(res.Message); getErr != nil {
-			probeErr = fmt.Errorf("get xor addr: %w", err)
-			return
-		}
-
-		log.Debugf("stun probe received address from %s: %s", uri, xorAddr)
-		addr = xorAddr.String()
-
-		done <- struct{}{}
-	}); err != nil {
-		probeErr = fmt.Errorf("client: %w", err)
-		return
-	}
-
-	select {
-	case <-ctx.Done():
-		probeErr = fmt.Errorf("stun request: %w", ctx.Err())
-		return
-	case <-done:
-	}
-
-	return addr, nil
-}
-
-// ProbeTURN tries allocating a session from the given TURN URI
-func ProbeTURN(ctx context.Context, uri *stun.URI) (addr string, probeErr error) {
-	defer func() {
-		if probeErr != nil {
-			log.Debugf("turn probe error from %s: %s", uri, probeErr)
-		}
-	}()
-
-	turnServerAddr := fmt.Sprintf("%s:%d", uri.Host, uri.Port)
-
-	var conn net.PacketConn
-	switch uri.Proto {
-	case stun.ProtoTypeUDP:
-		var err error
-		conn, err = net.ListenPacket("udp", "")
-		if err != nil {
-			probeErr = fmt.Errorf("listen: %w", err)
-			return
-		}
-	case stun.ProtoTypeTCP:
-		dialer := net.Dialer{}
-		tcpConn, err := dialer.DialContext(ctx, "tcp", turnServerAddr)
-		if err != nil {
-			probeErr = fmt.Errorf("dial: %w", err)
-			return
-		}
-		conn = turn.NewSTUNConn(tcpConn)
-	default:
-		probeErr = fmt.Errorf("conn: unknown proto: %s", uri.Proto)
-		return
-	}
-
-	defer func() {
-		if err := conn.Close(); err != nil && probeErr == nil {
-			probeErr = fmt.Errorf("conn close: %w", err)
-		}
-	}()
-
-	cfg := &turn.ClientConfig{
-		STUNServerAddr: turnServerAddr,
-		TURNServerAddr: turnServerAddr,
-		Conn:           conn,
-		Username:       uri.Username,
-		Password:       uri.Password,
-	}
-	client, err := turn.NewClient(cfg)
-	if err != nil {
-		probeErr = fmt.Errorf("create client: %w", err)
-		return
-	}
-	defer client.Close()
-
-	if err := client.Listen(); err != nil {
-		probeErr = fmt.Errorf("client listen: %w", err)
-		return
-	}
-
-	relayConn, err := client.Allocate()
-	if err != nil {
-		probeErr = fmt.Errorf("allocate: %w", err)
-		return
-	}
-	defer func() {
-		if err := relayConn.Close(); err != nil && probeErr == nil {
-			probeErr = fmt.Errorf("close relay conn: %w", err)
-		}
-	}()
-
-	log.Debugf("turn probe relay address from %s: %s", uri, relayConn.LocalAddr())
-
-	return relayConn.LocalAddr().String(), nil
-}
-
-// ProbeAll probes all given servers asynchronously and returns the results
-func ProbeAll(
-	ctx context.Context,
-	fn func(ctx context.Context, uri *stun.URI) (addr string, probeErr error),
-	relays []*stun.URI,
-) []ProbeResult {
-	results := make([]ProbeResult, len(relays))
-
-	var wg sync.WaitGroup
-	for i, uri := range relays {
-		ctx, cancel := context.WithTimeout(ctx, 1*time.Second)
-		defer cancel()
-
-		wg.Add(1)
-		go func(res *ProbeResult, stunURI *stun.URI) {
-			defer wg.Done()
-			res.URI = stunURI
-			res.Addr, res.Err = fn(ctx, stunURI)
-		}(&results[i], uri)
-	}
-
-	wg.Wait()
-
-	return results
-}
--- a/client/internal/rosenpass/manager.go
+++ b/client/internal/rosenpass/manager.go
@@ -1,204 +0,0 @@
-package rosenpass
-
-import (
-	"bytes"
-	"crypto/sha256"
-	"encoding/hex"
-	"fmt"
-	"log/slog"
-	"net"
-	"os"
-	"strconv"
-	"strings"
-	"sync"
-
-	rp "cunicu.li/go-rosenpass"
-	log "github.com/sirupsen/logrus"
-	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
-)
-
-func hashRosenpassKey(key []byte) string {
-	hasher := sha256.New()
-	hasher.Write(key)
-	return hex.EncodeToString(hasher.Sum(nil))
-}
-
-type Manager struct {
-	ifaceName    string
-	spk          []byte
-	ssk          []byte
-	rpKeyHash    string
-	preSharedKey *[32]byte
-	rpPeerIDs    map[string]*rp.PeerID
-	rpWgHandler  *NetbirdHandler
-	server       *rp.Server
-	lock         sync.Mutex
-	port         int
-}
-
-// NewManager creates a new Rosenpass manager
-func NewManager(preSharedKey *wgtypes.Key, wgIfaceName string) (*Manager, error) {
-	public, secret, err := rp.GenerateKeyPair()
-	if err != nil {
-		return nil, err
-	}
-
-	rpKeyHash := hashRosenpassKey(public)
-	log.Debugf("generated new rosenpass key pair with public key %s", rpKeyHash)
-	return &Manager{ifaceName: wgIfaceName, rpKeyHash: rpKeyHash, spk: public, ssk: secret, preSharedKey: (*[32]byte)(preSharedKey), rpPeerIDs: make(map[string]*rp.PeerID), lock: sync.Mutex{}}, nil
-}
-
-func (m *Manager) GetPubKey() []byte {
-	return m.spk
-}
-
-// GetAddress returns the address of the Rosenpass server
-func (m *Manager) GetAddress() *net.UDPAddr {
-	return &net.UDPAddr{Port: m.port}
-}
-
-// addPeer adds a new peer to the Rosenpass server
-func (m *Manager) addPeer(rosenpassPubKey []byte, rosenpassAddr string, wireGuardIP string, wireGuardPubKey string) error {
-	var err error
-	pcfg := rp.PeerConfig{PublicKey: rosenpassPubKey}
-	if m.preSharedKey != nil {
-		pcfg.PresharedKey = *m.preSharedKey
-	}
-	if bytes.Compare(m.spk, rosenpassPubKey) == 1 {
-		_, strPort, err := net.SplitHostPort(rosenpassAddr)
-		if err != nil {
-			return fmt.Errorf("failed to parse rosenpass address: %w", err)
-		}
-		peerAddr := fmt.Sprintf("%s:%s", wireGuardIP, strPort)
-		if pcfg.Endpoint, err = net.ResolveUDPAddr("udp", peerAddr); err != nil {
-			return fmt.Errorf("failed to resolve peer endpoint address: %w", err)
-		}
-	}
-	peerID, err := m.server.AddPeer(pcfg)
-	if err != nil {
-		return err
-	}
-
-	key, err := wgtypes.ParseKey(wireGuardPubKey)
-	if err != nil {
-		return err
-	}
-	m.rpWgHandler.AddPeer(peerID, m.ifaceName, rp.Key(key))
-	m.rpPeerIDs[wireGuardPubKey] = &peerID
-	return nil
-}
-
-// removePeer removes a peer from the Rosenpass server
-func (m *Manager) removePeer(wireGuardPubKey string) error {
-	err := m.server.RemovePeer(*m.rpPeerIDs[wireGuardPubKey])
-	if err != nil {
-		return err
-	}
-	m.rpWgHandler.RemovePeer(*m.rpPeerIDs[wireGuardPubKey])
-	return nil
-}
-
-func (m *Manager) generateConfig() (rp.Config, error) {
-	opts := &slog.HandlerOptions{
-		Level: slog.LevelDebug,
-	}
-	logger := slog.New(slog.NewTextHandler(os.Stdout, opts))
-	cfg := rp.Config{Logger: logger}
-
-	cfg.PublicKey = m.spk
-	cfg.SecretKey = m.ssk
-
-	cfg.Peers = []rp.PeerConfig{}
-	m.rpWgHandler, _ = NewNetbirdHandler(m.preSharedKey, m.ifaceName)
-
-	cfg.Handlers = []rp.Handler{m.rpWgHandler}
-
-	port, err := findRandomAvailableUDPPort()
-	if err != nil {
-		log.Errorf("could not determine a random port for rosenpass server. Error: %s", err)
-		return rp.Config{}, err
-	}
-
-	m.port = port
-
-	cfg.ListenAddrs = []*net.UDPAddr{m.GetAddress()}
-
-	return cfg, nil
-}
-
-func (m *Manager) OnDisconnected(peerKey string, wgIP string) {
-	m.lock.Lock()
-	defer m.lock.Unlock()
-
-	if _, ok := m.rpPeerIDs[peerKey]; !ok {
-		// if we didn't have this peer yet, just skip
-		return
-	}
-
-	err := m.removePeer(peerKey)
-	if err != nil {
-		log.Error("failed to remove rosenpass peer", err)
-	}
-
-	delete(m.rpPeerIDs, peerKey)
-}
-
-// Run starts the Rosenpass server
-func (m *Manager) Run() error {
-	conf, err := m.generateConfig()
-	if err != nil {
-		return err
-	}
-
-	m.server, err = rp.NewUDPServer(conf)
-	if err != nil {
-		return err
-	}
-
-	log.Infof("starting rosenpass server on port %d", m.port)
-
-	return m.server.Run()
-}
-
-// Close closes the Rosenpass server
-func (m *Manager) Close() error {
-	if m.server != nil {
-		err := m.server.Close()
-		if err != nil {
-			log.Errorf("failed closing local rosenpass server")
-		}
-		m.server = nil
-	}
-	return nil
-}
-
-// OnConnected is a handler function that is triggered when a connection to a remote peer establishes
-func (m *Manager) OnConnected(remoteWireGuardKey string, remoteRosenpassPubKey []byte, wireGuardIP string, remoteRosenpassAddr string) {
-	m.lock.Lock()
-	defer m.lock.Unlock()
-
-	if remoteRosenpassPubKey == nil {
-		log.Warnf("remote peer with public key %s does not support rosenpass", remoteWireGuardKey)
-		return
-	}
-
-	rpKeyHash := hashRosenpassKey(remoteRosenpassPubKey)
-	log.Debugf("received remote rosenpass key %s, my key %s", rpKeyHash, m.rpKeyHash)
-
-	err := m.addPeer(remoteRosenpassPubKey, remoteRosenpassAddr, wireGuardIP, remoteWireGuardKey)
-	if err != nil {
-		log.Errorf("failed to add rosenpass peer: %s", err)
-		return
-	}
-}
-
-func findRandomAvailableUDPPort() (int, error) {
-	conn, err := net.ListenUDP("udp", &net.UDPAddr{IP: net.IPv4zero, Port: 0})
-	if err != nil {
-		return 0, fmt.Errorf("could not find an available UDP port: %w", err)
-	}
-	defer conn.Close()
-
-	splitAddress := strings.Split(conn.LocalAddr().String(), ":")
-	return strconv.Atoi(splitAddress[len(splitAddress)-1])
-}
--- a/client/internal/rosenpass/netbird_handler.go
+++ b/client/internal/rosenpass/netbird_handler.go
@@ -1,126 +0,0 @@
-package rosenpass
-
-import (
-	"fmt"
-	"log/slog"
-
-	rp "cunicu.li/go-rosenpass"
-	log "github.com/sirupsen/logrus"
-
-	"golang.zx2c4.com/wireguard/wgctrl"
-	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
-)
-
-type wireGuardPeer struct {
-	Interface string
-	PublicKey rp.Key
-}
-
-type NetbirdHandler struct {
-	ifaceName    string
-	client       *wgctrl.Client
-	peers        map[rp.PeerID]wireGuardPeer
-	presharedKey [32]byte
-}
-
-func NewNetbirdHandler(preSharedKey *[32]byte, wgIfaceName string) (hdlr *NetbirdHandler, err error) {
-	hdlr = &NetbirdHandler{
-		ifaceName: wgIfaceName,
-		peers:     map[rp.PeerID]wireGuardPeer{},
-	}
-
-	if preSharedKey != nil {
-		hdlr.presharedKey = *preSharedKey
-	}
-
-	if hdlr.client, err = wgctrl.New(); err != nil {
-		return nil, fmt.Errorf("failed to creat WireGuard client: %w", err)
-	}
-
-	return hdlr, nil
-}
-
-func (h *NetbirdHandler) AddPeer(pid rp.PeerID, intf string, pk rp.Key) {
-	h.peers[pid] = wireGuardPeer{
-		Interface: intf,
-		PublicKey: pk,
-	}
-}
-
-func (h *NetbirdHandler) RemovePeer(pid rp.PeerID) {
-	delete(h.peers, pid)
-}
-
-func (h *NetbirdHandler) HandshakeCompleted(pid rp.PeerID, key rp.Key) {
-	log.Debug("Handshake complete")
-	h.outputKey(rp.KeyOutputReasonStale, pid, key)
-}
-
-func (h *NetbirdHandler) HandshakeExpired(pid rp.PeerID) {
-	key, _ := rp.GeneratePresharedKey()
-	log.Debug("Handshake expired")
-	h.outputKey(rp.KeyOutputReasonStale, pid, key)
-}
-
-func (h *NetbirdHandler) outputKey(_ rp.KeyOutputReason, pid rp.PeerID, psk rp.Key) {
-	wg, ok := h.peers[pid]
-	if !ok {
-		return
-	}
-
-	device, err := h.client.Device(h.ifaceName)
-	if err != nil {
-		log.Errorf("Failed to get WireGuard device: %v", err)
-		return
-	}
-	config := []wgtypes.PeerConfig{
-		{
-			UpdateOnly:   true,
-			PublicKey:    wgtypes.Key(wg.PublicKey),
-			PresharedKey: (*wgtypes.Key)(&psk),
-		},
-	}
-	for _, peer := range device.Peers {
-		if peer.PublicKey == wgtypes.Key(wg.PublicKey) {
-			if publicKeyEmpty(peer.PresharedKey) || peer.PresharedKey == h.presharedKey {
-				log.Debugf("Restart wireguard connection to peer %s", peer.PublicKey)
-				config = []wgtypes.PeerConfig{
-					{
-						PublicKey:    wgtypes.Key(wg.PublicKey),
-						PresharedKey: (*wgtypes.Key)(&psk),
-						Endpoint:     peer.Endpoint,
-						AllowedIPs:   peer.AllowedIPs,
-					},
-				}
-				err = h.client.ConfigureDevice(wg.Interface, wgtypes.Config{
-					Peers: []wgtypes.PeerConfig{
-						{
-							Remove:    true,
-							PublicKey: wgtypes.Key(wg.PublicKey),
-						},
-					},
-				})
-				if err != nil {
-					slog.Debug("Failed to remove peer")
-					return
-				}
-			}
-
-		}
-	}
-
-	if err = h.client.ConfigureDevice(wg.Interface, wgtypes.Config{
-		Peers: config,
-	}); err != nil {
-		log.Errorf("Failed to apply rosenpass key: %v", err)
-	}
-}
-
-func publicKeyEmpty(key wgtypes.Key) bool {
-	for _, b := range key {
-		if b != 0 {
-			return false
-		}
-	}
-	return true
-}
--- a/client/internal/routemanager/manager_test.go
+++ b/client/internal/routemanager/manager_test.go
@@ -7,8 +7,7 @@ import (
 	"runtime"
 	"testing"

-	"github.com/pion/transport/v3/stdnet"
-	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
+	"github.com/pion/transport/v2/stdnet"

 	"github.com/stretchr/testify/require"

@@ -400,12 +399,12 @@ func TestManagerUpdateRoutes(t *testing.T) {

 	for n, testCase := range testCases {
 		t.Run(testCase.name, func(t *testing.T) {
-			peerPrivateKey, _ := wgtypes.GeneratePrivateKey()
+
 			newNet, err := stdnet.NewNet()
 			if err != nil {
 				t.Fatal(err)
 			}
-			wgInterface, err := iface.NewWGIFace(fmt.Sprintf("utun43%d", n), "100.65.65.2/24", 33100, peerPrivateKey.String(), iface.DefaultMTU, newNet, nil)
+			wgInterface, err := iface.NewWGIFace(fmt.Sprintf("utun43%d", n), "100.65.65.2/24", iface.DefaultMTU, nil, newNet)
 			require.NoError(t, err, "should create testing WGIface interface")
 			defer wgInterface.Close()

--- a/client/internal/routemanager/notifier.go
+++ b/client/internal/routemanager/notifier.go
@@ -2,7 +2,6 @@ package routemanager

 import (
 	"sort"
-	"strings"
 	"sync"

 	"github.com/netbirdio/netbird/client/internal/listener"
@@ -45,12 +44,15 @@ func (n *notifier) onNewRoutes(idMap map[string][]*route.Route) {
 	}

 	sort.Strings(newNets)
-	if !n.hasDiff(n.initialRouteRangers, newNets) {
+	if !n.hasDiff(n.routeRangers, newNets) {
 		return
 	}

 	n.routeRangers = newNets

+	if !n.hasDiff(n.initialRouteRangers, newNets) {
+		return
+	}
 	n.notify()
 }

@@ -62,7 +64,7 @@ func (n *notifier) notify() {
 	}

 	go func(l listener.NetworkChangeListener) {
-		l.OnNetworkChanged(strings.Join(n.routeRangers, ","))
+		l.OnNetworkChanged()
 	}(n.listener)
 }

--- a/client/internal/routemanager/server_android.go
+++ b/client/internal/routemanager/server_android.go
@@ -1,5 +1,3 @@
-//go:build android
-
 package routemanager

 import (
--- a/client/internal/routemanager/systemops_ios.go
+++ b/client/internal/routemanager/systemops_ios.go
@@ -1,15 +0,0 @@
-//go:build ios
-
-package routemanager
-
-import (
-	"net/netip"
-)
-
-func addToRouteTableIfNoExists(prefix netip.Prefix, addr string) error {
-	return nil
-}
-
-func removeFromRouteTableIfNonSystem(prefix netip.Prefix, addr string) error {
-	return nil
-}
--- a/client/internal/routemanager/systemops_nonandroid.go
+++ b/client/internal/routemanager/systemops_nonandroid.go
@@ -1,4 +1,4 @@
-//go:build !android && !ios
+//go:build !android

 package routemanager

--- a/client/internal/routemanager/systemops_nonandroid_test.go
+++ b/client/internal/routemanager/systemops_nonandroid_test.go
@@ -11,10 +11,9 @@ import (
 	"strings"
 	"testing"

-	"github.com/pion/transport/v3/stdnet"
+	"github.com/pion/transport/v2/stdnet"
 	log "github.com/sirupsen/logrus"
 	"github.com/stretchr/testify/require"
-	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"

 	"github.com/netbirdio/netbird/iface"
 )
@@ -42,12 +41,11 @@ func TestAddRemoveRoutes(t *testing.T) {

 	for n, testCase := range testCases {
 		t.Run(testCase.name, func(t *testing.T) {
-			peerPrivateKey, _ := wgtypes.GeneratePrivateKey()
 			newNet, err := stdnet.NewNet()
 			if err != nil {
 				t.Fatal(err)
 			}
-			wgInterface, err := iface.NewWGIFace(fmt.Sprintf("utun53%d", n), "100.65.75.2/24", 33100, peerPrivateKey.String(), iface.DefaultMTU, newNet, nil)
+			wgInterface, err := iface.NewWGIFace(fmt.Sprintf("utun53%d", n), "100.65.75.2/24", iface.DefaultMTU, nil, newNet)
 			require.NoError(t, err, "should create testing WGIface interface")
 			defer wgInterface.Close()

@@ -177,12 +175,11 @@ func TestAddExistAndRemoveRouteNonAndroid(t *testing.T) {
 			log.SetOutput(os.Stderr)
 		}()
 		t.Run(testCase.name, func(t *testing.T) {
-			peerPrivateKey, _ := wgtypes.GeneratePrivateKey()
 			newNet, err := stdnet.NewNet()
 			if err != nil {
 				t.Fatal(err)
 			}
-			wgInterface, err := iface.NewWGIFace(fmt.Sprintf("utun53%d", n), "100.65.75.2/24", 33100, peerPrivateKey.String(), iface.DefaultMTU, newNet, nil)
+			wgInterface, err := iface.NewWGIFace(fmt.Sprintf("utun53%d", n), "100.65.75.2/24", iface.DefaultMTU, nil, newNet)
 			require.NoError(t, err, "should create testing WGIface interface")
 			defer wgInterface.Close()

--- a/client/internal/stdnet/discover.go
+++ b/client/internal/stdnet/discover.go
@@ -1,6 +1,6 @@
 package stdnet

-import "github.com/pion/transport/v3"
+import "github.com/pion/transport/v2"

 // ExternalIFaceDiscover provide an option for external services (mobile)
 // to collect network interface information
--- a/client/internal/stdnet/discover_mobile.go
+++ b/client/internal/stdnet/discover_mobile.go
@@ -5,7 +5,7 @@ import (
 	"net"
 	"strings"

-	"github.com/pion/transport/v3"
+	"github.com/pion/transport/v2"
 	log "github.com/sirupsen/logrus"
 )

--- a/client/internal/stdnet/discover_pion.go
+++ b/client/internal/stdnet/discover_pion.go
@@ -3,7 +3,7 @@ package stdnet
 import (
 	"net"

-	"github.com/pion/transport/v3"
+	"github.com/pion/transport/v2"
 )

 type pionDiscover struct {
--- a/client/internal/stdnet/stdnet.go
+++ b/client/internal/stdnet/stdnet.go
@@ -6,8 +6,8 @@ package stdnet
 import (
 	"fmt"

-	"github.com/pion/transport/v3"
-	"github.com/pion/transport/v3/stdnet"
+	"github.com/pion/transport/v2"
+	"github.com/pion/transport/v2/stdnet"
 )

 // Net is an implementation of the net.Net interface
--- a/client/ios/NetBirdSDK/client.go
+++ b/client/ios/NetBirdSDK/client.go
@@ -1,224 +0,0 @@
-package NetBirdSDK
-
-import (
-	"context"
-	"sync"
-	"time"
-
-	log "github.com/sirupsen/logrus"
-
-	"github.com/netbirdio/netbird/client/internal"
-	"github.com/netbirdio/netbird/client/internal/auth"
-	"github.com/netbirdio/netbird/client/internal/dns"
-	"github.com/netbirdio/netbird/client/internal/listener"
-	"github.com/netbirdio/netbird/client/internal/peer"
-	"github.com/netbirdio/netbird/client/system"
-	"github.com/netbirdio/netbird/formatter"
-)
-
-// ConnectionListener export internal Listener for mobile
-type ConnectionListener interface {
-	peer.Listener
-}
-
-// RouteListener export internal RouteListener for mobile
-type NetworkChangeListener interface {
-	listener.NetworkChangeListener
-}
-
-// DnsManager export internal dns Manager for mobile
-type DnsManager interface {
-	dns.IosDnsManager
-}
-
-// CustomLogger export internal CustomLogger for mobile
-type CustomLogger interface {
-	Debug(message string)
-	Info(message string)
-	Error(message string)
-}
-
-func init() {
-	formatter.SetLogcatFormatter(log.StandardLogger())
-}
-
-// Client struct manage the life circle of background service
-type Client struct {
-	cfgFile               string
-	recorder              *peer.Status
-	ctxCancel             context.CancelFunc
-	ctxCancelLock         *sync.Mutex
-	deviceName            string
-	osName                string
-	osVersion             string
-	networkChangeListener listener.NetworkChangeListener
-	onHostDnsFn           func([]string)
-	dnsManager            dns.IosDnsManager
-	loginComplete         bool
-}
-
-// NewClient instantiate a new Client
-func NewClient(cfgFile, deviceName string, osVersion string, osName string, networkChangeListener NetworkChangeListener, dnsManager DnsManager) *Client {
-	return &Client{
-		cfgFile:               cfgFile,
-		deviceName:            deviceName,
-		osName:                osName,
-		osVersion:             osVersion,
-		recorder:              peer.NewRecorder(""),
-		ctxCancelLock:         &sync.Mutex{},
-		networkChangeListener: networkChangeListener,
-		dnsManager:            dnsManager,
-	}
-}
-
-// Run start the internal client. It is a blocker function
-func (c *Client) Run(fd int32, interfaceName string) error {
-	log.Infof("Starting NetBird client")
-	log.Debugf("Tunnel uses interface: %s", interfaceName)
-	cfg, err := internal.UpdateOrCreateConfig(internal.ConfigInput{
-		ConfigPath: c.cfgFile,
-	})
-	if err != nil {
-		return err
-	}
-	c.recorder.UpdateManagementAddress(cfg.ManagementURL.String())
-
-	var ctx context.Context
-	//nolint
-	ctxWithValues := context.WithValue(context.Background(), system.DeviceNameCtxKey, c.deviceName)
-	//nolint
-	ctxWithValues = context.WithValue(ctxWithValues, system.OsNameCtxKey, c.osName)
-	//nolint
-	ctxWithValues = context.WithValue(ctxWithValues, system.OsVersionCtxKey, c.osVersion)
-	c.ctxCancelLock.Lock()
-	ctx, c.ctxCancel = context.WithCancel(ctxWithValues)
-	defer c.ctxCancel()
-	c.ctxCancelLock.Unlock()
-
-	auth := NewAuthWithConfig(ctx, cfg)
-	err = auth.Login()
-	if err != nil {
-		return err
-	}
-
-	log.Infof("Auth successful")
-	// todo do not throw error in case of cancelled context
-	ctx = internal.CtxInitState(ctx)
-	c.onHostDnsFn = func([]string) {}
-	cfg.WgIface = interfaceName
-	return internal.RunClientiOS(ctx, cfg, c.recorder, fd, c.networkChangeListener, c.dnsManager)
-}
-
-// Stop the internal client and free the resources
-func (c *Client) Stop() {
-	c.ctxCancelLock.Lock()
-	defer c.ctxCancelLock.Unlock()
-	if c.ctxCancel == nil {
-		return
-	}
-
-	c.ctxCancel()
-}
-
-// ÏSetTraceLogLevel configure the logger to trace level
-func (c *Client) SetTraceLogLevel() {
-	log.SetLevel(log.TraceLevel)
-}
-
-// getStatusDetails return with the list of the PeerInfos
-func (c *Client) GetStatusDetails() *StatusDetails {
-
-	fullStatus := c.recorder.GetFullStatus()
-
-	peerInfos := make([]PeerInfo, len(fullStatus.Peers))
-	for n, p := range fullStatus.Peers {
-		pi := PeerInfo{
-			p.IP,
-			p.FQDN,
-			p.ConnStatus.String(),
-		}
-		peerInfos[n] = pi
-	}
-	return &StatusDetails{items: peerInfos, fqdn: fullStatus.LocalPeerState.FQDN, ip: fullStatus.LocalPeerState.IP}
-}
-
-// SetConnectionListener set the network connection listener
-func (c *Client) SetConnectionListener(listener ConnectionListener) {
-	c.recorder.SetConnectionListener(listener)
-}
-
-// RemoveConnectionListener remove connection listener
-func (c *Client) RemoveConnectionListener() {
-	c.recorder.RemoveConnectionListener()
-}
-
-func (c *Client) IsLoginRequired() bool {
-	var ctx context.Context
-	//nolint
-	ctxWithValues := context.WithValue(context.Background(), system.DeviceNameCtxKey, c.deviceName)
-	//nolint
-	ctxWithValues = context.WithValue(ctxWithValues, system.OsNameCtxKey, c.osName)
-	//nolint
-	ctxWithValues = context.WithValue(ctxWithValues, system.OsVersionCtxKey, c.osVersion)
-	c.ctxCancelLock.Lock()
-	defer c.ctxCancelLock.Unlock()
-	ctx, c.ctxCancel = context.WithCancel(ctxWithValues)
-
-	cfg, _ := internal.UpdateOrCreateConfig(internal.ConfigInput{
-		ConfigPath: c.cfgFile,
-	})
-
-	needsLogin, _ := internal.IsLoginRequired(ctx, cfg.PrivateKey, cfg.ManagementURL, cfg.SSHKey)
-	return needsLogin
-}
-
-func (c *Client) LoginForMobile() string {
-	var ctx context.Context
-	//nolint
-	ctxWithValues := context.WithValue(context.Background(), system.DeviceNameCtxKey, c.deviceName)
-	//nolint
-	ctxWithValues = context.WithValue(ctxWithValues, system.OsNameCtxKey, c.osName)
-	//nolint
-	ctxWithValues = context.WithValue(ctxWithValues, system.OsVersionCtxKey, c.osVersion)
-	c.ctxCancelLock.Lock()
-	defer c.ctxCancelLock.Unlock()
-	ctx, c.ctxCancel = context.WithCancel(ctxWithValues)
-
-	cfg, _ := internal.UpdateOrCreateConfig(internal.ConfigInput{
-		ConfigPath: c.cfgFile,
-	})
-
-	oAuthFlow, err := auth.NewOAuthFlow(ctx, cfg, false)
-	if err != nil {
-		return err.Error()
-	}
-
-	flowInfo, err := oAuthFlow.RequestAuthInfo(context.TODO())
-	if err != nil {
-		return err.Error()
-	}
-
-	// This could cause a potential race condition with loading the extension which need to be handled on swift side
-	go func() {
-		waitTimeout := time.Duration(flowInfo.ExpiresIn) * time.Second
-		waitCTX, cancel := context.WithTimeout(ctx, waitTimeout)
-		defer cancel()
-		tokenInfo, err := oAuthFlow.WaitToken(waitCTX, flowInfo)
-		if err != nil {
-			return
-		}
-		jwtToken := tokenInfo.GetTokenToUse()
-		_ = internal.Login(ctx, cfg, "", jwtToken)
-		c.loginComplete = true
-	}()
-
-	return flowInfo.VerificationURIComplete
-}
-
-func (c *Client) IsLoginComplete() bool {
-	return c.loginComplete
-}
-
-func (c *Client) ClearLoginComplete() {
-	c.loginComplete = false
-}
--- a/client/ios/NetBirdSDK/gomobile.go
+++ b/client/ios/NetBirdSDK/gomobile.go
@@ -1,5 +0,0 @@
-package NetBirdSDK
-
-import _ "golang.org/x/mobile/bind"
-
-// to keep our CI/CD that checks go.mod and go.sum files happy, we need to import the package above
--- a/client/ios/NetBirdSDK/logger.go
+++ b/client/ios/NetBirdSDK/logger.go
@@ -1,10 +0,0 @@
-package NetBirdSDK
-
-import (
-	"github.com/netbirdio/netbird/util"
-)
-
-// InitializeLog initializes the log file.
-func InitializeLog(logLevel string, filePath string) error {
-	return util.InitLog(logLevel, filePath)
-}
--- a/client/ios/NetBirdSDK/login.go
+++ b/client/ios/NetBirdSDK/login.go
@@ -1,159 +0,0 @@
-package NetBirdSDK
-
-import (
-	"context"
-	"fmt"
-	"time"
-
-	"github.com/cenkalti/backoff/v4"
-	log "github.com/sirupsen/logrus"
-	"google.golang.org/grpc/codes"
-	gstatus "google.golang.org/grpc/status"
-
-	"github.com/netbirdio/netbird/client/cmd"
-	"github.com/netbirdio/netbird/client/internal"
-	"github.com/netbirdio/netbird/client/system"
-)
-
-// SSOListener is async listener for mobile framework
-type SSOListener interface {
-	OnSuccess(bool)
-	OnError(error)
-}
-
-// ErrListener is async listener for mobile framework
-type ErrListener interface {
-	OnSuccess()
-	OnError(error)
-}
-
-// URLOpener it is a callback interface. The Open function will be triggered if
-// the backend want to show an url for the user
-type URLOpener interface {
-	Open(string)
-}
-
-// Auth can register or login new client
-type Auth struct {
-	ctx     context.Context
-	config  *internal.Config
-	cfgPath string
-}
-
-// NewAuth instantiate Auth struct and validate the management URL
-func NewAuth(cfgPath string, mgmURL string) (*Auth, error) {
-	inputCfg := internal.ConfigInput{
-		ManagementURL: mgmURL,
-	}
-
-	cfg, err := internal.CreateInMemoryConfig(inputCfg)
-	if err != nil {
-		return nil, err
-	}
-
-	return &Auth{
-		ctx:     context.Background(),
-		config:  cfg,
-		cfgPath: cfgPath,
-	}, nil
-}
-
-// NewAuthWithConfig instantiate Auth based on existing config
-func NewAuthWithConfig(ctx context.Context, config *internal.Config) *Auth {
-	return &Auth{
-		ctx:    ctx,
-		config: config,
-	}
-}
-
-// SaveConfigIfSSOSupported test the connectivity with the management server by retrieving the server device flow info.
-// If it returns a flow info than save the configuration and return true. If it gets a codes.NotFound, it means that SSO
-// is not supported and returns false without saving the configuration. For other errors return false.
-func (a *Auth) SaveConfigIfSSOSupported() (bool, error) {
-	supportsSSO := true
-	err := a.withBackOff(a.ctx, func() (err error) {
-		_, err = internal.GetDeviceAuthorizationFlowInfo(a.ctx, a.config.PrivateKey, a.config.ManagementURL)
-		if s, ok := gstatus.FromError(err); ok && (s.Code() == codes.NotFound || s.Code() == codes.Unimplemented) {
-			_, err = internal.GetPKCEAuthorizationFlowInfo(a.ctx, a.config.PrivateKey, a.config.ManagementURL)
-			if s, ok := gstatus.FromError(err); ok && (s.Code() == codes.NotFound || s.Code() == codes.Unimplemented) {
-				supportsSSO = false
-				err = nil
-			}
-
-			return err
-		}
-
-		return err
-	})
-
-	if !supportsSSO {
-		return false, nil
-	}
-
-	if err != nil {
-		return false, fmt.Errorf("backoff cycle failed: %v", err)
-	}
-
-	err = internal.WriteOutConfig(a.cfgPath, a.config)
-	return true, err
-}
-
-// LoginWithSetupKeyAndSaveConfig test the connectivity with the management server with the setup key.
-func (a *Auth) LoginWithSetupKeyAndSaveConfig(setupKey string, deviceName string) error {
-	//nolint
-	ctxWithValues := context.WithValue(a.ctx, system.DeviceNameCtxKey, deviceName)
-
-	err := a.withBackOff(a.ctx, func() error {
-		backoffErr := internal.Login(ctxWithValues, a.config, setupKey, "")
-		if s, ok := gstatus.FromError(backoffErr); ok && (s.Code() == codes.PermissionDenied) {
-			// we got an answer from management, exit backoff earlier
-			return backoff.Permanent(backoffErr)
-		}
-		return backoffErr
-	})
-	if err != nil {
-		return fmt.Errorf("backoff cycle failed: %v", err)
-	}
-
-	return internal.WriteOutConfig(a.cfgPath, a.config)
-}
-
-func (a *Auth) Login() error {
-	var needsLogin bool
-
-	// check if we need to generate JWT token
-	err := a.withBackOff(a.ctx, func() (err error) {
-		needsLogin, err = internal.IsLoginRequired(a.ctx, a.config.PrivateKey, a.config.ManagementURL, a.config.SSHKey)
-		return
-	})
-	if err != nil {
-		return fmt.Errorf("backoff cycle failed: %v", err)
-	}
-
-	jwtToken := ""
-	if needsLogin {
-		return fmt.Errorf("Not authenticated")
-	}
-
-	err = a.withBackOff(a.ctx, func() error {
-		err := internal.Login(a.ctx, a.config, "", jwtToken)
-		if s, ok := gstatus.FromError(err); ok && (s.Code() == codes.InvalidArgument || s.Code() == codes.PermissionDenied) {
-			return nil
-		}
-		return err
-	})
-	if err != nil {
-		return fmt.Errorf("backoff cycle failed: %v", err)
-	}
-
-	return nil
-}
-
-func (a *Auth) withBackOff(ctx context.Context, bf func() error) error {
-	return backoff.RetryNotify(
-		bf,
-		backoff.WithContext(cmd.CLIBackOffSettings, ctx),
-		func(err error, duration time.Duration) {
-			log.Warnf("retrying Login to the Management service in %v due to error %v", duration, err)
-		})
-}
--- a/client/ios/NetBirdSDK/peer_notifier.go
+++ b/client/ios/NetBirdSDK/peer_notifier.go
@@ -1,50 +0,0 @@
-package NetBirdSDK
-
-// PeerInfo describe information about the peers. It designed for the UI usage
-type PeerInfo struct {
-	IP         string
-	FQDN       string
-	ConnStatus string // Todo replace to enum
-}
-
-// PeerInfoCollection made for Java layer to get non default types as collection
-type PeerInfoCollection interface {
-	Add(s string) PeerInfoCollection
-	Get(i int) string
-	Size() int
-	GetFQDN() string
-	GetIP() string
-}
-
-// StatusDetails is the implementation of the PeerInfoCollection
-type StatusDetails struct {
-	items []PeerInfo
-	fqdn  string
-	ip    string
-}
-
-// Add new PeerInfo to the collection
-func (array StatusDetails) Add(s PeerInfo) StatusDetails {
-	array.items = append(array.items, s)
-	return array
-}
-
-// Get return an element of the collection
-func (array StatusDetails) Get(i int) *PeerInfo {
-	return &array.items[i]
-}
-
-// Size return with the size of the collection
-func (array StatusDetails) Size() int {
-	return len(array.items)
-}
-
-// GetFQDN return with the FQDN of the local peer
-func (array StatusDetails) GetFQDN() string {
-	return array.fqdn
-}
-
-// GetIP return with the IP of the local peer
-func (array StatusDetails) GetIP() string {
-	return array.ip
-}
--- a/client/ios/NetBirdSDK/preferences.go
+++ b/client/ios/NetBirdSDK/preferences.go
@@ -1,78 +0,0 @@
-package NetBirdSDK
-
-import (
-	"github.com/netbirdio/netbird/client/internal"
-)
-
-// Preferences export a subset of the internal config for gomobile
-type Preferences struct {
-	configInput internal.ConfigInput
-}
-
-// NewPreferences create new Preferences instance
-func NewPreferences(configPath string) *Preferences {
-	ci := internal.ConfigInput{
-		ConfigPath: configPath,
-	}
-	return &Preferences{ci}
-}
-
-// GetManagementURL read url from config file
-func (p *Preferences) GetManagementURL() (string, error) {
-	if p.configInput.ManagementURL != "" {
-		return p.configInput.ManagementURL, nil
-	}
-
-	cfg, err := internal.ReadConfig(p.configInput.ConfigPath)
-	if err != nil {
-		return "", err
-	}
-	return cfg.ManagementURL.String(), err
-}
-
-// SetManagementURL store the given url and wait for commit
-func (p *Preferences) SetManagementURL(url string) {
-	p.configInput.ManagementURL = url
-}
-
-// GetAdminURL read url from config file
-func (p *Preferences) GetAdminURL() (string, error) {
-	if p.configInput.AdminURL != "" {
-		return p.configInput.AdminURL, nil
-	}
-
-	cfg, err := internal.ReadConfig(p.configInput.ConfigPath)
-	if err != nil {
-		return "", err
-	}
-	return cfg.AdminURL.String(), err
-}
-
-// SetAdminURL store the given url and wait for commit
-func (p *Preferences) SetAdminURL(url string) {
-	p.configInput.AdminURL = url
-}
-
-// GetPreSharedKey read preshared key from config file
-func (p *Preferences) GetPreSharedKey() (string, error) {
-	if p.configInput.PreSharedKey != nil {
-		return *p.configInput.PreSharedKey, nil
-	}
-
-	cfg, err := internal.ReadConfig(p.configInput.ConfigPath)
-	if err != nil {
-		return "", err
-	}
-	return cfg.PreSharedKey, err
-}
-
-// SetPreSharedKey store the given key and wait for commit
-func (p *Preferences) SetPreSharedKey(key string) {
-	p.configInput.PreSharedKey = &key
-}
-
-// Commit write out the changes into config file
-func (p *Preferences) Commit() error {
-	_, err := internal.UpdateOrCreateConfig(p.configInput)
-	return err
-}
--- a/client/ios/NetBirdSDK/preferences_test.go
+++ b/client/ios/NetBirdSDK/preferences_test.go
@@ -1,120 +0,0 @@
-package NetBirdSDK
-
-import (
-	"path/filepath"
-	"testing"
-
-	"github.com/netbirdio/netbird/client/internal"
-)
-
-func TestPreferences_DefaultValues(t *testing.T) {
-	cfgFile := filepath.Join(t.TempDir(), "netbird.json")
-	p := NewPreferences(cfgFile)
-	defaultVar, err := p.GetAdminURL()
-	if err != nil {
-		t.Fatalf("failed to read default value: %s", err)
-	}
-
-	if defaultVar != internal.DefaultAdminURL {
-		t.Errorf("invalid default admin url: %s", defaultVar)
-	}
-
-	defaultVar, err = p.GetManagementURL()
-	if err != nil {
-		t.Fatalf("failed to read default management URL: %s", err)
-	}
-
-	if defaultVar != internal.DefaultManagementURL {
-		t.Errorf("invalid default management url: %s", defaultVar)
-	}
-
-	var preSharedKey string
-	preSharedKey, err = p.GetPreSharedKey()
-	if err != nil {
-		t.Fatalf("failed to read default preshared key: %s", err)
-	}
-
-	if preSharedKey != "" {
-		t.Errorf("invalid preshared key: %s", preSharedKey)
-	}
-}
-
-func TestPreferences_ReadUncommitedValues(t *testing.T) {
-	exampleString := "exampleString"
-	cfgFile := filepath.Join(t.TempDir(), "netbird.json")
-	p := NewPreferences(cfgFile)
-
-	p.SetAdminURL(exampleString)
-	resp, err := p.GetAdminURL()
-	if err != nil {
-		t.Fatalf("failed to read admin url: %s", err)
-	}
-
-	if resp != exampleString {
-		t.Errorf("unexpected admin url: %s", resp)
-	}
-
-	p.SetManagementURL(exampleString)
-	resp, err = p.GetManagementURL()
-	if err != nil {
-		t.Fatalf("failed to read management url: %s", err)
-	}
-
-	if resp != exampleString {
-		t.Errorf("unexpected management url: %s", resp)
-	}
-
-	p.SetPreSharedKey(exampleString)
-	resp, err = p.GetPreSharedKey()
-	if err != nil {
-		t.Fatalf("failed to read preshared key: %s", err)
-	}
-
-	if resp != exampleString {
-		t.Errorf("unexpected preshared key: %s", resp)
-	}
-}
-
-func TestPreferences_Commit(t *testing.T) {
-	exampleURL := "https://myurl.com:443"
-	examplePresharedKey := "topsecret"
-	cfgFile := filepath.Join(t.TempDir(), "netbird.json")
-	p := NewPreferences(cfgFile)
-
-	p.SetAdminURL(exampleURL)
-	p.SetManagementURL(exampleURL)
-	p.SetPreSharedKey(examplePresharedKey)
-
-	err := p.Commit()
-	if err != nil {
-		t.Fatalf("failed to save changes: %s", err)
-	}
-
-	p = NewPreferences(cfgFile)
-	resp, err := p.GetAdminURL()
-	if err != nil {
-		t.Fatalf("failed to read admin url: %s", err)
-	}
-
-	if resp != exampleURL {
-		t.Errorf("unexpected admin url: %s", resp)
-	}
-
-	resp, err = p.GetManagementURL()
-	if err != nil {
-		t.Fatalf("failed to read management url: %s", err)
-	}
-
-	if resp != exampleURL {
-		t.Errorf("unexpected management url: %s", resp)
-	}
-
-	resp, err = p.GetPreSharedKey()
-	if err != nil {
-		t.Fatalf("failed to read preshared key: %s", err)
-	}
-
-	if resp != examplePresharedKey {
-		t.Errorf("unexpected preshared key: %s", resp)
-	}
-}
--- a/client/netbird.wxs
+++ b/client/netbird.wxs
@@ -20,7 +20,6 @@
 						<Shortcut Id="NetbirdStartMenuShortcut" Directory="StartMenuFolder" Name="NetBird" WorkingDirectory="NetbirdInstallDir" Icon="NetbirdIcon" />
 					</File>
 					<File ProcessorArchitecture="x64" Source=".\dist\netbird_windows_amd64\wintun.dll" />
-					<File ProcessorArchitecture="x64" Source=".\dist\netbird_windows_amd64\opengl32.dll" />

 					<ServiceInstall
                                     Id="NetBirdService"
--- a/client/proto/daemon.pb.go
+++ b/client/proto/daemon.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.26.0
-// 	protoc        v3.21.9
+// 	protoc        v4.23.4
 // source: daemon.proto

 package proto
@@ -29,10 +29,7 @@ type LoginRequest struct {

 	// setupKey wiretrustee setup key.
 	SetupKey string `protobuf:"bytes,1,opt,name=setupKey,proto3" json:"setupKey,omitempty"`
-	// This is the old PreSharedKey field which will be deprecated in favor of optionalPreSharedKey field that is defined as optional
-	// to allow clearing of preshared key while being able to persist in the config file.
-	//
-	// Deprecated: Do not use.
+	// preSharedKey for wireguard setup.
 	PreSharedKey string `protobuf:"bytes,2,opt,name=preSharedKey,proto3" json:"preSharedKey,omitempty"`
 	// managementUrl to authenticate.
 	ManagementUrl string `protobuf:"bytes,3,opt,name=managementUrl,proto3" json:"managementUrl,omitempty"`
@@ -43,14 +40,10 @@ type LoginRequest struct {
 	// cleanNATExternalIPs clean map list of external IPs.
 	// This is needed because the generated code
 	// omits initialized empty slices due to omitempty tags
-	CleanNATExternalIPs  bool    `protobuf:"varint,6,opt,name=cleanNATExternalIPs,proto3" json:"cleanNATExternalIPs,omitempty"`
-	CustomDNSAddress     []byte  `protobuf:"bytes,7,opt,name=customDNSAddress,proto3" json:"customDNSAddress,omitempty"`
-	IsLinuxDesktopClient bool    `protobuf:"varint,8,opt,name=isLinuxDesktopClient,proto3" json:"isLinuxDesktopClient,omitempty"`
-	Hostname             string  `protobuf:"bytes,9,opt,name=hostname,proto3" json:"hostname,omitempty"`
-	RosenpassEnabled     *bool   `protobuf:"varint,10,opt,name=rosenpassEnabled,proto3,oneof" json:"rosenpassEnabled,omitempty"`
-	InterfaceName        *string `protobuf:"bytes,11,opt,name=interfaceName,proto3,oneof" json:"interfaceName,omitempty"`
-	WireguardPort        *int64  `protobuf:"varint,12,opt,name=wireguardPort,proto3,oneof" json:"wireguardPort,omitempty"`
-	OptionalPreSharedKey *string `protobuf:"bytes,13,opt,name=optionalPreSharedKey,proto3,oneof" json:"optionalPreSharedKey,omitempty"`
+	CleanNATExternalIPs  bool   `protobuf:"varint,6,opt,name=cleanNATExternalIPs,proto3" json:"cleanNATExternalIPs,omitempty"`
+	CustomDNSAddress     []byte `protobuf:"bytes,7,opt,name=customDNSAddress,proto3" json:"customDNSAddress,omitempty"`
+	IsLinuxDesktopClient bool   `protobuf:"varint,8,opt,name=isLinuxDesktopClient,proto3" json:"isLinuxDesktopClient,omitempty"`
+	Hostname             string `protobuf:"bytes,9,opt,name=hostname,proto3" json:"hostname,omitempty"`
 }

 func (x *LoginRequest) Reset() {
@@ -92,7 +85,6 @@ func (x *LoginRequest) GetSetupKey() string {
 	return ""
 }

-// Deprecated: Do not use.
 func (x *LoginRequest) GetPreSharedKey() string {
 	if x != nil {
 		return x.PreSharedKey
@@ -149,34 +141,6 @@ func (x *LoginRequest) GetHostname() string {
 	return ""
 }

-func (x *LoginRequest) GetRosenpassEnabled() bool {
-	if x != nil && x.RosenpassEnabled != nil {
-		return *x.RosenpassEnabled
-	}
-	return false
-}
-
-func (x *LoginRequest) GetInterfaceName() string {
-	if x != nil && x.InterfaceName != nil {
-		return *x.InterfaceName
-	}
-	return ""
-}
-
-func (x *LoginRequest) GetWireguardPort() int64 {
-	if x != nil && x.WireguardPort != nil {
-		return *x.WireguardPort
-	}
-	return 0
-}
-
-func (x *LoginRequest) GetOptionalPreSharedKey() string {
-	if x != nil && x.OptionalPreSharedKey != nil {
-		return *x.OptionalPreSharedKey
-	}
-	return ""
-}
-
 type LoginResponse struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -733,20 +697,15 @@ type PeerState struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields

-	IP                         string                 `protobuf:"bytes,1,opt,name=IP,proto3" json:"IP,omitempty"`
-	PubKey                     string                 `protobuf:"bytes,2,opt,name=pubKey,proto3" json:"pubKey,omitempty"`
-	ConnStatus                 string                 `protobuf:"bytes,3,opt,name=connStatus,proto3" json:"connStatus,omitempty"`
-	ConnStatusUpdate           *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=connStatusUpdate,proto3" json:"connStatusUpdate,omitempty"`
-	Relayed                    bool                   `protobuf:"varint,5,opt,name=relayed,proto3" json:"relayed,omitempty"`
-	Direct                     bool                   `protobuf:"varint,6,opt,name=direct,proto3" json:"direct,omitempty"`
-	LocalIceCandidateType      string                 `protobuf:"bytes,7,opt,name=localIceCandidateType,proto3" json:"localIceCandidateType,omitempty"`
-	RemoteIceCandidateType     string                 `protobuf:"bytes,8,opt,name=remoteIceCandidateType,proto3" json:"remoteIceCandidateType,omitempty"`
-	Fqdn                       string                 `protobuf:"bytes,9,opt,name=fqdn,proto3" json:"fqdn,omitempty"`
-	LocalIceCandidateEndpoint  string                 `protobuf:"bytes,10,opt,name=localIceCandidateEndpoint,proto3" json:"localIceCandidateEndpoint,omitempty"`
-	RemoteIceCandidateEndpoint string                 `protobuf:"bytes,11,opt,name=remoteIceCandidateEndpoint,proto3" json:"remoteIceCandidateEndpoint,omitempty"`
-	LastWireguardHandshake     *timestamppb.Timestamp `protobuf:"bytes,12,opt,name=lastWireguardHandshake,proto3" json:"lastWireguardHandshake,omitempty"`
-	BytesRx                    int64                  `protobuf:"varint,13,opt,name=bytesRx,proto3" json:"bytesRx,omitempty"`
-	BytesTx                    int64                  `protobuf:"varint,14,opt,name=bytesTx,proto3" json:"bytesTx,omitempty"`
+	IP                     string                 `protobuf:"bytes,1,opt,name=IP,proto3" json:"IP,omitempty"`
+	PubKey                 string                 `protobuf:"bytes,2,opt,name=pubKey,proto3" json:"pubKey,omitempty"`
+	ConnStatus             string                 `protobuf:"bytes,3,opt,name=connStatus,proto3" json:"connStatus,omitempty"`
+	ConnStatusUpdate       *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=connStatusUpdate,proto3" json:"connStatusUpdate,omitempty"`
+	Relayed                bool                   `protobuf:"varint,5,opt,name=relayed,proto3" json:"relayed,omitempty"`
+	Direct                 bool                   `protobuf:"varint,6,opt,name=direct,proto3" json:"direct,omitempty"`
+	LocalIceCandidateType  string                 `protobuf:"bytes,7,opt,name=localIceCandidateType,proto3" json:"localIceCandidateType,omitempty"`
+	RemoteIceCandidateType string                 `protobuf:"bytes,8,opt,name=remoteIceCandidateType,proto3" json:"remoteIceCandidateType,omitempty"`
+	Fqdn                   string                 `protobuf:"bytes,9,opt,name=fqdn,proto3" json:"fqdn,omitempty"`
 }

 func (x *PeerState) Reset() {
@@ -844,41 +803,6 @@ func (x *PeerState) GetFqdn() string {
 	return ""
 }

-func (x *PeerState) GetLocalIceCandidateEndpoint() string {
-	if x != nil {
-		return x.LocalIceCandidateEndpoint
-	}
-	return ""
-}
-
-func (x *PeerState) GetRemoteIceCandidateEndpoint() string {
-	if x != nil {
-		return x.RemoteIceCandidateEndpoint
-	}
-	return ""
-}
-
-func (x *PeerState) GetLastWireguardHandshake() *timestamppb.Timestamp {
-	if x != nil {
-		return x.LastWireguardHandshake
-	}
-	return nil
-}
-
-func (x *PeerState) GetBytesRx() int64 {
-	if x != nil {
-		return x.BytesRx
-	}
-	return 0
-}
-
-func (x *PeerState) GetBytesTx() int64 {
-	if x != nil {
-		return x.BytesTx
-	}
-	return 0
-}
-
 // LocalPeerState contains the latest state of the local peer
 type LocalPeerState struct {
 	state         protoimpl.MessageState
@@ -959,7 +883,6 @@ type SignalState struct {

 	URL       string `protobuf:"bytes,1,opt,name=URL,proto3" json:"URL,omitempty"`
 	Connected bool   `protobuf:"varint,2,opt,name=connected,proto3" json:"connected,omitempty"`
-	Error     string `protobuf:"bytes,3,opt,name=error,proto3" json:"error,omitempty"`
 }

 func (x *SignalState) Reset() {
@@ -1008,13 +931,6 @@ func (x *SignalState) GetConnected() bool {
 	return false
 }

-func (x *SignalState) GetError() string {
-	if x != nil {
-		return x.Error
-	}
-	return ""
-}
-
 // ManagementState contains the latest state of a management connection
 type ManagementState struct {
 	state         protoimpl.MessageState
@@ -1023,7 +939,6 @@ type ManagementState struct {

 	URL       string `protobuf:"bytes,1,opt,name=URL,proto3" json:"URL,omitempty"`
 	Connected bool   `protobuf:"varint,2,opt,name=connected,proto3" json:"connected,omitempty"`
-	Error     string `protobuf:"bytes,3,opt,name=error,proto3" json:"error,omitempty"`
 }

 func (x *ManagementState) Reset() {
@@ -1072,77 +987,6 @@ func (x *ManagementState) GetConnected() bool {
 	return false
 }

-func (x *ManagementState) GetError() string {
-	if x != nil {
-		return x.Error
-	}
-	return ""
-}
-
-// RelayState contains the latest state of the relay
-type RelayState struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	URI       string `protobuf:"bytes,1,opt,name=URI,proto3" json:"URI,omitempty"`
-	Available bool   `protobuf:"varint,2,opt,name=available,proto3" json:"available,omitempty"`
-	Error     string `protobuf:"bytes,3,opt,name=error,proto3" json:"error,omitempty"`
-}
-
-func (x *RelayState) Reset() {
-	*x = RelayState{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_daemon_proto_msgTypes[16]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *RelayState) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*RelayState) ProtoMessage() {}
-
-func (x *RelayState) ProtoReflect() protoreflect.Message {
-	mi := &file_daemon_proto_msgTypes[16]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use RelayState.ProtoReflect.Descriptor instead.
-func (*RelayState) Descriptor() ([]byte, []int) {
-	return file_daemon_proto_rawDescGZIP(), []int{16}
-}
-
-func (x *RelayState) GetURI() string {
-	if x != nil {
-		return x.URI
-	}
-	return ""
-}
-
-func (x *RelayState) GetAvailable() bool {
-	if x != nil {
-		return x.Available
-	}
-	return false
-}
-
-func (x *RelayState) GetError() string {
-	if x != nil {
-		return x.Error
-	}
-	return ""
-}
-
 // FullStatus contains the full state held by the Status instance
 type FullStatus struct {
 	state         protoimpl.MessageState
@@ -1153,13 +997,12 @@ type FullStatus struct {
 	SignalState     *SignalState     `protobuf:"bytes,2,opt,name=signalState,proto3" json:"signalState,omitempty"`
 	LocalPeerState  *LocalPeerState  `protobuf:"bytes,3,opt,name=localPeerState,proto3" json:"localPeerState,omitempty"`
 	Peers           []*PeerState     `protobuf:"bytes,4,rep,name=peers,proto3" json:"peers,omitempty"`
-	Relays          []*RelayState    `protobuf:"bytes,5,rep,name=relays,proto3" json:"relays,omitempty"`
 }

 func (x *FullStatus) Reset() {
 	*x = FullStatus{}
 	if protoimpl.UnsafeEnabled {
-		mi := &file_daemon_proto_msgTypes[17]
+		mi := &file_daemon_proto_msgTypes[16]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		ms.StoreMessageInfo(mi)
 	}
@@ -1172,7 +1015,7 @@ func (x *FullStatus) String() string {
 func (*FullStatus) ProtoMessage() {}

 func (x *FullStatus) ProtoReflect() protoreflect.Message {
-	mi := &file_daemon_proto_msgTypes[17]
+	mi := &file_daemon_proto_msgTypes[16]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -1185,7 +1028,7 @@ func (x *FullStatus) ProtoReflect() protoreflect.Message {

 // Deprecated: Use FullStatus.ProtoReflect.Descriptor instead.
 func (*FullStatus) Descriptor() ([]byte, []int) {
-	return file_daemon_proto_rawDescGZIP(), []int{17}
+	return file_daemon_proto_rawDescGZIP(), []int{16}
 }

 func (x *FullStatus) GetManagementState() *ManagementState {
@@ -1216,13 +1059,6 @@ func (x *FullStatus) GetPeers() []*PeerState {
 	return nil
 }

-func (x *FullStatus) GetRelays() []*RelayState {
-	if x != nil {
-		return x.Relays
-	}
-	return nil
-}
-
 var File_daemon_proto protoreflect.FileDescriptor

 var file_daemon_proto_rawDesc = []byte{
@@ -1231,197 +1067,153 @@ var file_daemon_proto_rawDesc = []byte{
 	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74,
 	0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
 	0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74,
-	0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xfc, 0x04, 0x0a, 0x0c, 0x4c, 0x6f,
+	0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xe6, 0x02, 0x0a, 0x0c, 0x4c, 0x6f,
 	0x67, 0x69, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x65,
 	0x74, 0x75, 0x70, 0x4b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x73, 0x65,
-	0x74, 0x75, 0x70, 0x4b, 0x65, 0x79, 0x12, 0x26, 0x0a, 0x0c, 0x70, 0x72, 0x65, 0x53, 0x68, 0x61,
-	0x72, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x02, 0x18, 0x01,
-	0x52, 0x0c, 0x70, 0x72, 0x65, 0x53, 0x68, 0x61, 0x72, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x12, 0x24,
-	0x0a, 0x0d, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x55, 0x72, 0x6c, 0x18,
-	0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e,
-	0x74, 0x55, 0x72, 0x6c, 0x12, 0x1a, 0x0a, 0x08, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x55, 0x52, 0x4c,
-	0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x55, 0x52, 0x4c,
-	0x12, 0x26, 0x0a, 0x0e, 0x6e, 0x61, 0x74, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x49,
-	0x50, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0e, 0x6e, 0x61, 0x74, 0x45, 0x78, 0x74,
-	0x65, 0x72, 0x6e, 0x61, 0x6c, 0x49, 0x50, 0x73, 0x12, 0x30, 0x0a, 0x13, 0x63, 0x6c, 0x65, 0x61,
-	0x6e, 0x4e, 0x41, 0x54, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x49, 0x50, 0x73, 0x18,
-	0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x13, 0x63, 0x6c, 0x65, 0x61, 0x6e, 0x4e, 0x41, 0x54, 0x45,
-	0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x49, 0x50, 0x73, 0x12, 0x2a, 0x0a, 0x10, 0x63, 0x75,
-	0x73, 0x74, 0x6f, 0x6d, 0x44, 0x4e, 0x53, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x07,
-	0x20, 0x01, 0x28, 0x0c, 0x52, 0x10, 0x63, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x44, 0x4e, 0x53, 0x41,
-	0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x32, 0x0a, 0x14, 0x69, 0x73, 0x4c, 0x69, 0x6e, 0x75,
-	0x78, 0x44, 0x65, 0x73, 0x6b, 0x74, 0x6f, 0x70, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x18, 0x08,
-	0x20, 0x01, 0x28, 0x08, 0x52, 0x14, 0x69, 0x73, 0x4c, 0x69, 0x6e, 0x75, 0x78, 0x44, 0x65, 0x73,
-	0x6b, 0x74, 0x6f, 0x70, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x68, 0x6f,
-	0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x68, 0x6f,
-	0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x2f, 0x0a, 0x10, 0x72, 0x6f, 0x73, 0x65, 0x6e, 0x70,
-	0x61, 0x73, 0x73, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x08,
-	0x48, 0x00, 0x52, 0x10, 0x72, 0x6f, 0x73, 0x65, 0x6e, 0x70, 0x61, 0x73, 0x73, 0x45, 0x6e, 0x61,
-	0x62, 0x6c, 0x65, 0x64, 0x88, 0x01, 0x01, 0x12, 0x29, 0x0a, 0x0d, 0x69, 0x6e, 0x74, 0x65, 0x72,
-	0x66, 0x61, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x48, 0x01,
-	0x52, 0x0d, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x88,
-	0x01, 0x01, 0x12, 0x29, 0x0a, 0x0d, 0x77, 0x69, 0x72, 0x65, 0x67, 0x75, 0x61, 0x72, 0x64, 0x50,
-	0x6f, 0x72, 0x74, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x03, 0x48, 0x02, 0x52, 0x0d, 0x77, 0x69, 0x72,
-	0x65, 0x67, 0x75, 0x61, 0x72, 0x64, 0x50, 0x6f, 0x72, 0x74, 0x88, 0x01, 0x01, 0x12, 0x37, 0x0a,
-	0x14, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x50, 0x72, 0x65, 0x53, 0x68, 0x61, 0x72,
-	0x65, 0x64, 0x4b, 0x65, 0x79, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x48, 0x03, 0x52, 0x14, 0x6f,
-	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x50, 0x72, 0x65, 0x53, 0x68, 0x61, 0x72, 0x65, 0x64,
-	0x4b, 0x65, 0x79, 0x88, 0x01, 0x01, 0x42, 0x13, 0x0a, 0x11, 0x5f, 0x72, 0x6f, 0x73, 0x65, 0x6e,
-	0x70, 0x61, 0x73, 0x73, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x42, 0x10, 0x0a, 0x0e, 0x5f,
-	0x69, 0x6e, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x42, 0x10, 0x0a,
-	0x0e, 0x5f, 0x77, 0x69, 0x72, 0x65, 0x67, 0x75, 0x61, 0x72, 0x64, 0x50, 0x6f, 0x72, 0x74, 0x42,
-	0x17, 0x0a, 0x15, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x50, 0x72, 0x65, 0x53,
-	0x68, 0x61, 0x72, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x22, 0xb5, 0x01, 0x0a, 0x0d, 0x4c, 0x6f, 0x67,
-	0x69, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x6e, 0x65,
-	0x65, 0x64, 0x73, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x08, 0x52, 0x0d, 0x6e, 0x65, 0x65, 0x64, 0x73, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e,
-	0x12, 0x1a, 0x0a, 0x08, 0x75, 0x73, 0x65, 0x72, 0x43, 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x43, 0x6f, 0x64, 0x65, 0x12, 0x28, 0x0a, 0x0f,
-	0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x52, 0x49, 0x18,
-	0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x55, 0x52, 0x49, 0x12, 0x38, 0x0a, 0x17, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69,
-	0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x52, 0x49, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74,
-	0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x17, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x52, 0x49, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65,
-	0x22, 0x4d, 0x0a, 0x13, 0x57, 0x61, 0x69, 0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e,
-	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x75, 0x73, 0x65, 0x72, 0x43,
-	0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x43,
-	0x6f, 0x64, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x22,
-	0x16, 0x0a, 0x14, 0x57, 0x61, 0x69, 0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52,
-	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x0b, 0x0a, 0x09, 0x55, 0x70, 0x52, 0x65, 0x71,
-	0x75, 0x65, 0x73, 0x74, 0x22, 0x0c, 0x0a, 0x0a, 0x55, 0x70, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
-	0x73, 0x65, 0x22, 0x3d, 0x0a, 0x0d, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x71, 0x75,
-	0x65, 0x73, 0x74, 0x12, 0x2c, 0x0a, 0x11, 0x67, 0x65, 0x74, 0x46, 0x75, 0x6c, 0x6c, 0x50, 0x65,
-	0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x11,
-	0x67, 0x65, 0x74, 0x46, 0x75, 0x6c, 0x6c, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x75,
-	0x73, 0x22, 0x82, 0x01, 0x0a, 0x0e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x73, 0x70,
-	0x6f, 0x6e, 0x73, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x32, 0x0a, 0x0a,
-	0x66, 0x75, 0x6c, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x12, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x46, 0x75, 0x6c, 0x6c, 0x53, 0x74,
-	0x61, 0x74, 0x75, 0x73, 0x52, 0x0a, 0x66, 0x75, 0x6c, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73,
-	0x12, 0x24, 0x0a, 0x0d, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f,
-	0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x56,
-	0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x0d, 0x0a, 0x0b, 0x44, 0x6f, 0x77, 0x6e, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x0e, 0x0a, 0x0c, 0x44, 0x6f, 0x77, 0x6e, 0x52, 0x65, 0x73,
-	0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x12, 0x0a, 0x10, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66,
-	0x69, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0xb3, 0x01, 0x0a, 0x11, 0x47, 0x65,
-	0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12,
-	0x24, 0x0a, 0x0d, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x55, 0x72, 0x6c,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65,
-	0x6e, 0x74, 0x55, 0x72, 0x6c, 0x12, 0x1e, 0x0a, 0x0a, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x46,
-	0x69, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x63, 0x6f, 0x6e, 0x66, 0x69,
-	0x67, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x6c, 0x6f, 0x67, 0x46, 0x69, 0x6c, 0x65,
-	0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6c, 0x6f, 0x67, 0x46, 0x69, 0x6c, 0x65, 0x12,
-	0x22, 0x0a, 0x0c, 0x70, 0x72, 0x65, 0x53, 0x68, 0x61, 0x72, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x18,
-	0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x70, 0x72, 0x65, 0x53, 0x68, 0x61, 0x72, 0x65, 0x64,
-	0x4b, 0x65, 0x79, 0x12, 0x1a, 0x0a, 0x08, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x55, 0x52, 0x4c, 0x18,
-	0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x55, 0x52, 0x4c, 0x22,
-	0xd5, 0x04, 0x0a, 0x09, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x0e, 0x0a,
+	0x74, 0x75, 0x70, 0x4b, 0x65, 0x79, 0x12, 0x22, 0x0a, 0x0c, 0x70, 0x72, 0x65, 0x53, 0x68, 0x61,
+	0x72, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x70, 0x72,
+	0x65, 0x53, 0x68, 0x61, 0x72, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x12, 0x24, 0x0a, 0x0d, 0x6d, 0x61,
+	0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x55, 0x72, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x0d, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x55, 0x72, 0x6c,
+	0x12, 0x1a, 0x0a, 0x08, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x55, 0x52, 0x4c, 0x18, 0x04, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x08, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x55, 0x52, 0x4c, 0x12, 0x26, 0x0a, 0x0e,
+	0x6e, 0x61, 0x74, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x49, 0x50, 0x73, 0x18, 0x05,
+	0x20, 0x03, 0x28, 0x09, 0x52, 0x0e, 0x6e, 0x61, 0x74, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61,
+	0x6c, 0x49, 0x50, 0x73, 0x12, 0x30, 0x0a, 0x13, 0x63, 0x6c, 0x65, 0x61, 0x6e, 0x4e, 0x41, 0x54,
+	0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x49, 0x50, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28,
+	0x08, 0x52, 0x13, 0x63, 0x6c, 0x65, 0x61, 0x6e, 0x4e, 0x41, 0x54, 0x45, 0x78, 0x74, 0x65, 0x72,
+	0x6e, 0x61, 0x6c, 0x49, 0x50, 0x73, 0x12, 0x2a, 0x0a, 0x10, 0x63, 0x75, 0x73, 0x74, 0x6f, 0x6d,
+	0x44, 0x4e, 0x53, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0c,
+	0x52, 0x10, 0x63, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x44, 0x4e, 0x53, 0x41, 0x64, 0x64, 0x72, 0x65,
+	0x73, 0x73, 0x12, 0x32, 0x0a, 0x14, 0x69, 0x73, 0x4c, 0x69, 0x6e, 0x75, 0x78, 0x44, 0x65, 0x73,
+	0x6b, 0x74, 0x6f, 0x70, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, 0x08,
+	0x52, 0x14, 0x69, 0x73, 0x4c, 0x69, 0x6e, 0x75, 0x78, 0x44, 0x65, 0x73, 0x6b, 0x74, 0x6f, 0x70,
+	0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61,
+	0x6d, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61,
+	0x6d, 0x65, 0x22, 0xb5, 0x01, 0x0a, 0x0d, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70,
+	0x6f, 0x6e, 0x73, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x6e, 0x65, 0x65, 0x64, 0x73, 0x53, 0x53, 0x4f,
+	0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x6e, 0x65, 0x65,
+	0x64, 0x73, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x12, 0x1a, 0x0a, 0x08, 0x75, 0x73,
+	0x65, 0x72, 0x43, 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x75, 0x73,
+	0x65, 0x72, 0x43, 0x6f, 0x64, 0x65, 0x12, 0x28, 0x0a, 0x0f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69,
+	0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x52, 0x49, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x0f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x52, 0x49,
+	0x12, 0x38, 0x0a, 0x17, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x55, 0x52, 0x49, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x17, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55,
+	0x52, 0x49, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x22, 0x4d, 0x0a, 0x13, 0x57, 0x61,
+	0x69, 0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
+	0x74, 0x12, 0x1a, 0x0a, 0x08, 0x75, 0x73, 0x65, 0x72, 0x43, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x43, 0x6f, 0x64, 0x65, 0x12, 0x1a, 0x0a,
+	0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0x16, 0x0a, 0x14, 0x57, 0x61, 0x69,
+	0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
+	0x65, 0x22, 0x0b, 0x0a, 0x09, 0x55, 0x70, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x0c,
+	0x0a, 0x0a, 0x55, 0x70, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x3d, 0x0a, 0x0d,
+	0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x2c, 0x0a,
+	0x11, 0x67, 0x65, 0x74, 0x46, 0x75, 0x6c, 0x6c, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74,
+	0x75, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x11, 0x67, 0x65, 0x74, 0x46, 0x75, 0x6c,
+	0x6c, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x22, 0x82, 0x01, 0x0a, 0x0e,
+	0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x16,
+	0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06,
+	0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x32, 0x0a, 0x0a, 0x66, 0x75, 0x6c, 0x6c, 0x53, 0x74,
+	0x61, 0x74, 0x75, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x64, 0x61, 0x65,
+	0x6d, 0x6f, 0x6e, 0x2e, 0x46, 0x75, 0x6c, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x0a,
+	0x66, 0x75, 0x6c, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x24, 0x0a, 0x0d, 0x64, 0x61,
+	0x65, 0x6d, 0x6f, 0x6e, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x0d, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e,
+	0x22, 0x0d, 0x0a, 0x0b, 0x44, 0x6f, 0x77, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22,
+	0x0e, 0x0a, 0x0c, 0x44, 0x6f, 0x77, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22,
+	0x12, 0x0a, 0x10, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x71, 0x75,
+	0x65, 0x73, 0x74, 0x22, 0xb3, 0x01, 0x0a, 0x11, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x6d, 0x61, 0x6e,
+	0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x55, 0x72, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x0d, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x55, 0x72, 0x6c, 0x12,
+	0x1e, 0x0a, 0x0a, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x46, 0x69, 0x6c, 0x65, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x0a, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x46, 0x69, 0x6c, 0x65, 0x12,
+	0x18, 0x0a, 0x07, 0x6c, 0x6f, 0x67, 0x46, 0x69, 0x6c, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x07, 0x6c, 0x6f, 0x67, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x70, 0x72, 0x65,
+	0x53, 0x68, 0x61, 0x72, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x0c, 0x70, 0x72, 0x65, 0x53, 0x68, 0x61, 0x72, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x12, 0x1a, 0x0a,
+	0x08, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x55, 0x52, 0x4c, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x08, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x55, 0x52, 0x4c, 0x22, 0xcf, 0x02, 0x0a, 0x09, 0x50, 0x65,
+	0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x49, 0x50, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x02, 0x49, 0x50, 0x12, 0x16, 0x0a, 0x06, 0x70, 0x75, 0x62, 0x4b, 0x65,
+	0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x70, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x12,
+	0x1e, 0x0a, 0x0a, 0x63, 0x6f, 0x6e, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x03, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x0a, 0x63, 0x6f, 0x6e, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12,
+	0x46, 0x0a, 0x10, 0x63, 0x6f, 0x6e, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x55, 0x70, 0x64,
+	0x61, 0x74, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65,
+	0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x10, 0x63, 0x6f, 0x6e, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75,
+	0x73, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x72, 0x65, 0x6c, 0x61, 0x79,
+	0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x72, 0x65, 0x6c, 0x61, 0x79, 0x65,
+	0x64, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28,
+	0x08, 0x52, 0x06, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x12, 0x34, 0x0a, 0x15, 0x6c, 0x6f, 0x63,
+	0x61, 0x6c, 0x49, 0x63, 0x65, 0x43, 0x61, 0x6e, 0x64, 0x69, 0x64, 0x61, 0x74, 0x65, 0x54, 0x79,
+	0x70, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x15, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x49,
+	0x63, 0x65, 0x43, 0x61, 0x6e, 0x64, 0x69, 0x64, 0x61, 0x74, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12,
+	0x36, 0x0a, 0x16, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x49, 0x63, 0x65, 0x43, 0x61, 0x6e, 0x64,
+	0x69, 0x64, 0x61, 0x74, 0x65, 0x54, 0x79, 0x70, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x16, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x49, 0x63, 0x65, 0x43, 0x61, 0x6e, 0x64, 0x69, 0x64,
+	0x61, 0x74, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x71, 0x64, 0x6e, 0x18,
+	0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66, 0x71, 0x64, 0x6e, 0x22, 0x76, 0x0a, 0x0e, 0x4c,
+	0x6f, 0x63, 0x61, 0x6c, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x0e, 0x0a,
 	0x02, 0x49, 0x50, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x49, 0x50, 0x12, 0x16, 0x0a,
 	0x06, 0x70, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x70,
-	0x75, 0x62, 0x4b, 0x65, 0x79, 0x12, 0x1e, 0x0a, 0x0a, 0x63, 0x6f, 0x6e, 0x6e, 0x53, 0x74, 0x61,
-	0x74, 0x75, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x63, 0x6f, 0x6e, 0x6e, 0x53,
-	0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x46, 0x0a, 0x10, 0x63, 0x6f, 0x6e, 0x6e, 0x53, 0x74, 0x61,
-	0x74, 0x75, 0x73, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
-	0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x10, 0x63, 0x6f, 0x6e,
-	0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x12, 0x18, 0x0a,
-	0x07, 0x72, 0x65, 0x6c, 0x61, 0x79, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07,
-	0x72, 0x65, 0x6c, 0x61, 0x79, 0x65, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x69, 0x72, 0x65, 0x63,
-	0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x12,
-	0x34, 0x0a, 0x15, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x49, 0x63, 0x65, 0x43, 0x61, 0x6e, 0x64, 0x69,
-	0x64, 0x61, 0x74, 0x65, 0x54, 0x79, 0x70, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x15,
-	0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x49, 0x63, 0x65, 0x43, 0x61, 0x6e, 0x64, 0x69, 0x64, 0x61, 0x74,
-	0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x36, 0x0a, 0x16, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x49,
-	0x63, 0x65, 0x43, 0x61, 0x6e, 0x64, 0x69, 0x64, 0x61, 0x74, 0x65, 0x54, 0x79, 0x70, 0x65, 0x18,
-	0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x16, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x49, 0x63, 0x65,
-	0x43, 0x61, 0x6e, 0x64, 0x69, 0x64, 0x61, 0x74, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a,
-	0x04, 0x66, 0x71, 0x64, 0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66, 0x71, 0x64,
-	0x6e, 0x12, 0x3c, 0x0a, 0x19, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x49, 0x63, 0x65, 0x43, 0x61, 0x6e,
-	0x64, 0x69, 0x64, 0x61, 0x74, 0x65, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x0a,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x19, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x49, 0x63, 0x65, 0x43, 0x61,
-	0x6e, 0x64, 0x69, 0x64, 0x61, 0x74, 0x65, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x12,
-	0x3e, 0x0a, 0x1a, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x49, 0x63, 0x65, 0x43, 0x61, 0x6e, 0x64,
-	0x69, 0x64, 0x61, 0x74, 0x65, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x0b, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x1a, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x49, 0x63, 0x65, 0x43, 0x61,
-	0x6e, 0x64, 0x69, 0x64, 0x61, 0x74, 0x65, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x12,
-	0x52, 0x0a, 0x16, 0x6c, 0x61, 0x73, 0x74, 0x57, 0x69, 0x72, 0x65, 0x67, 0x75, 0x61, 0x72, 0x64,
-	0x48, 0x61, 0x6e, 0x64, 0x73, 0x68, 0x61, 0x6b, 0x65, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0b, 0x32,
-	0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
-	0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x16, 0x6c, 0x61, 0x73,
-	0x74, 0x57, 0x69, 0x72, 0x65, 0x67, 0x75, 0x61, 0x72, 0x64, 0x48, 0x61, 0x6e, 0x64, 0x73, 0x68,
-	0x61, 0x6b, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x62, 0x79, 0x74, 0x65, 0x73, 0x52, 0x78, 0x18, 0x0d,
-	0x20, 0x01, 0x28, 0x03, 0x52, 0x07, 0x62, 0x79, 0x74, 0x65, 0x73, 0x52, 0x78, 0x12, 0x18, 0x0a,
-	0x07, 0x62, 0x79, 0x74, 0x65, 0x73, 0x54, 0x78, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x03, 0x52, 0x07,
-	0x62, 0x79, 0x74, 0x65, 0x73, 0x54, 0x78, 0x22, 0x76, 0x0a, 0x0e, 0x4c, 0x6f, 0x63, 0x61, 0x6c,
-	0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x49, 0x50, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x49, 0x50, 0x12, 0x16, 0x0a, 0x06, 0x70, 0x75, 0x62,
-	0x4b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x70, 0x75, 0x62, 0x4b, 0x65,
-	0x79, 0x12, 0x28, 0x0a, 0x0f, 0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x49, 0x6e, 0x74, 0x65, 0x72,
-	0x66, 0x61, 0x63, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, 0x6b, 0x65, 0x72, 0x6e,
-	0x65, 0x6c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x66,
-	0x71, 0x64, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66, 0x71, 0x64, 0x6e, 0x22,
-	0x53, 0x0a, 0x0b, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x10,
-	0x0a, 0x03, 0x55, 0x52, 0x4c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x55, 0x52, 0x4c,
-	0x12, 0x1c, 0x0a, 0x09, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x65, 0x64, 0x18, 0x02, 0x20,
-	0x01, 0x28, 0x08, 0x52, 0x09, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x65, 0x64, 0x12, 0x14,
-	0x0a, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x65,
-	0x72, 0x72, 0x6f, 0x72, 0x22, 0x57, 0x0a, 0x0f, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65,
-	0x6e, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x55, 0x52, 0x4c, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x55, 0x52, 0x4c, 0x12, 0x1c, 0x0a, 0x09, 0x63, 0x6f, 0x6e,
-	0x6e, 0x65, 0x63, 0x74, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x63, 0x6f,
-	0x6e, 0x6e, 0x65, 0x63, 0x74, 0x65, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72,
-	0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x22, 0x52, 0x0a,
-	0x0a, 0x52, 0x65, 0x6c, 0x61, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x55,
-	0x52, 0x49, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x55, 0x52, 0x49, 0x12, 0x1c, 0x0a,
-	0x09, 0x61, 0x76, 0x61, 0x69, 0x6c, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08,
-	0x52, 0x09, 0x61, 0x76, 0x61, 0x69, 0x6c, 0x61, 0x62, 0x6c, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x65,
-	0x72, 0x72, 0x6f, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x65, 0x72, 0x72, 0x6f,
-	0x72, 0x22, 0x9b, 0x02, 0x0a, 0x0a, 0x46, 0x75, 0x6c, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73,
-	0x12, 0x41, 0x0a, 0x0f, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x53, 0x74,
-	0x61, 0x74, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x64, 0x61, 0x65, 0x6d,
-	0x6f, 0x6e, 0x2e, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x53, 0x74, 0x61,
-	0x74, 0x65, 0x52, 0x0f, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x53, 0x74,
-	0x61, 0x74, 0x65, 0x12, 0x35, 0x0a, 0x0b, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x53, 0x74, 0x61,
-	0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f,
-	0x6e, 0x2e, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0b, 0x73,
-	0x69, 0x67, 0x6e, 0x61, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x3e, 0x0a, 0x0e, 0x6c, 0x6f,
-	0x63, 0x61, 0x6c, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x18, 0x03, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x16, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x4c, 0x6f, 0x63, 0x61,
-	0x6c, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0e, 0x6c, 0x6f, 0x63, 0x61,
-	0x6c, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x27, 0x0a, 0x05, 0x70, 0x65,
-	0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x64, 0x61, 0x65, 0x6d,
-	0x6f, 0x6e, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x05, 0x70, 0x65,
-	0x65, 0x72, 0x73, 0x12, 0x2a, 0x0a, 0x06, 0x72, 0x65, 0x6c, 0x61, 0x79, 0x73, 0x18, 0x05, 0x20,
-	0x03, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x52, 0x65, 0x6c,
-	0x61, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x06, 0x72, 0x65, 0x6c, 0x61, 0x79, 0x73, 0x32,
-	0xf7, 0x02, 0x0a, 0x0d, 0x44, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63,
-	0x65, 0x12, 0x36, 0x0a, 0x05, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x12, 0x14, 0x2e, 0x64, 0x61, 0x65,
-	0x6d, 0x6f, 0x6e, 0x2e, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x1a, 0x15, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52,
-	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x4b, 0x0a, 0x0c, 0x57, 0x61, 0x69,
-	0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x12, 0x1b, 0x2e, 0x64, 0x61, 0x65, 0x6d,
-	0x6f, 0x6e, 0x2e, 0x57, 0x61, 0x69, 0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52,
-	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1c, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e,
-	0x57, 0x61, 0x69, 0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70,
-	0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x2d, 0x0a, 0x02, 0x55, 0x70, 0x12, 0x11, 0x2e, 0x64,
-	0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x55, 0x70, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
-	0x12, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x55, 0x70, 0x52, 0x65, 0x73, 0x70, 0x6f,
-	0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x39, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12,
-	0x15, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52,
-	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e,
-	0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00,
-	0x12, 0x33, 0x0a, 0x04, 0x44, 0x6f, 0x77, 0x6e, 0x12, 0x13, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f,
-	0x6e, 0x2e, 0x44, 0x6f, 0x77, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e,
-	0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x44, 0x6f, 0x77, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f,
-	0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x42, 0x0a, 0x09, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66,
-	0x69, 0x67, 0x12, 0x18, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x47, 0x65, 0x74, 0x43,
-	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x19, 0x2e, 0x64,
-	0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52,
-	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0x08, 0x5a, 0x06, 0x2f, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x75, 0x62, 0x4b, 0x65, 0x79, 0x12, 0x28, 0x0a, 0x0f, 0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x49,
+	0x6e, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f,
+	0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x12,
+	0x12, 0x0a, 0x04, 0x66, 0x71, 0x64, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66,
+	0x71, 0x64, 0x6e, 0x22, 0x3d, 0x0a, 0x0b, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x53, 0x74, 0x61,
+	0x74, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x55, 0x52, 0x4c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x03, 0x55, 0x52, 0x4c, 0x12, 0x1c, 0x0a, 0x09, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x65,
+	0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74,
+	0x65, 0x64, 0x22, 0x41, 0x0a, 0x0f, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e, 0x74,
+	0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x55, 0x52, 0x4c, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x03, 0x55, 0x52, 0x4c, 0x12, 0x1c, 0x0a, 0x09, 0x63, 0x6f, 0x6e, 0x6e, 0x65,
+	0x63, 0x74, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x63, 0x6f, 0x6e, 0x6e,
+	0x65, 0x63, 0x74, 0x65, 0x64, 0x22, 0xef, 0x01, 0x0a, 0x0a, 0x46, 0x75, 0x6c, 0x6c, 0x53, 0x74,
+	0x61, 0x74, 0x75, 0x73, 0x12, 0x41, 0x0a, 0x0f, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65,
+	0x6e, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e,
+	0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65, 0x6e,
+	0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0f, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x6d, 0x65,
+	0x6e, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x35, 0x0a, 0x0b, 0x73, 0x69, 0x67, 0x6e, 0x61,
+	0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x64,
+	0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x53, 0x74, 0x61, 0x74,
+	0x65, 0x52, 0x0b, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x3e,
+	0x0a, 0x0e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65,
+	0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e,
+	0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0e,
+	0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x27,
+	0x0a, 0x05, 0x70, 0x65, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x11, 0x2e,
+	0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65,
+	0x52, 0x05, 0x70, 0x65, 0x65, 0x72, 0x73, 0x32, 0xf7, 0x02, 0x0a, 0x0d, 0x44, 0x61, 0x65, 0x6d,
+	0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x36, 0x0a, 0x05, 0x4c, 0x6f, 0x67,
+	0x69, 0x6e, 0x12, 0x14, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x4c, 0x6f, 0x67, 0x69,
+	0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x15, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f,
+	0x6e, 0x2e, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22,
+	0x00, 0x12, 0x4b, 0x0a, 0x0c, 0x57, 0x61, 0x69, 0x74, 0x53, 0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69,
+	0x6e, 0x12, 0x1b, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x57, 0x61, 0x69, 0x74, 0x53,
+	0x53, 0x4f, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1c,
+	0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x57, 0x61, 0x69, 0x74, 0x53, 0x53, 0x4f, 0x4c,
+	0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x2d,
+	0x0a, 0x02, 0x55, 0x70, 0x12, 0x11, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x55, 0x70,
+	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e,
+	0x2e, 0x55, 0x70, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x39, 0x0a,
+	0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x15, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e,
+	0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16,
+	0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65,
+	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x33, 0x0a, 0x04, 0x44, 0x6f, 0x77, 0x6e,
+	0x12, 0x13, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x44, 0x6f, 0x77, 0x6e, 0x52, 0x65,
+	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x44,
+	0x6f, 0x77, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x42, 0x0a,
+	0x09, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x18, 0x2e, 0x64, 0x61, 0x65,
+	0x6d, 0x6f, 0x6e, 0x2e, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x71,
+	0x75, 0x65, 0x73, 0x74, 0x1a, 0x19, 0x2e, 0x64, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x2e, 0x47, 0x65,
+	0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22,
+	0x00, 0x42, 0x08, 0x5a, 0x06, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x33,
 }

 var (
@@ -1436,7 +1228,7 @@ func file_daemon_proto_rawDescGZIP() []byte {
 	return file_daemon_proto_rawDescData
 }

-var file_daemon_proto_msgTypes = make([]protoimpl.MessageInfo, 18)
+var file_daemon_proto_msgTypes = make([]protoimpl.MessageInfo, 17)
 var file_daemon_proto_goTypes = []interface{}{
 	(*LoginRequest)(nil),          // 0: daemon.LoginRequest
 	(*LoginResponse)(nil),         // 1: daemon.LoginResponse
@@ -1454,36 +1246,33 @@ var file_daemon_proto_goTypes = []interface{}{
 	(*LocalPeerState)(nil),        // 13: daemon.LocalPeerState
 	(*SignalState)(nil),           // 14: daemon.SignalState
 	(*ManagementState)(nil),       // 15: daemon.ManagementState
-	(*RelayState)(nil),            // 16: daemon.RelayState
-	(*FullStatus)(nil),            // 17: daemon.FullStatus
-	(*timestamppb.Timestamp)(nil), // 18: google.protobuf.Timestamp
+	(*FullStatus)(nil),            // 16: daemon.FullStatus
+	(*timestamppb.Timestamp)(nil), // 17: google.protobuf.Timestamp
 }
 var file_daemon_proto_depIdxs = []int32{
-	17, // 0: daemon.StatusResponse.fullStatus:type_name -> daemon.FullStatus
-	18, // 1: daemon.PeerState.connStatusUpdate:type_name -> google.protobuf.Timestamp
-	18, // 2: daemon.PeerState.lastWireguardHandshake:type_name -> google.protobuf.Timestamp
-	15, // 3: daemon.FullStatus.managementState:type_name -> daemon.ManagementState
-	14, // 4: daemon.FullStatus.signalState:type_name -> daemon.SignalState
-	13, // 5: daemon.FullStatus.localPeerState:type_name -> daemon.LocalPeerState
-	12, // 6: daemon.FullStatus.peers:type_name -> daemon.PeerState
-	16, // 7: daemon.FullStatus.relays:type_name -> daemon.RelayState
-	0,  // 8: daemon.DaemonService.Login:input_type -> daemon.LoginRequest
-	2,  // 9: daemon.DaemonService.WaitSSOLogin:input_type -> daemon.WaitSSOLoginRequest
-	4,  // 10: daemon.DaemonService.Up:input_type -> daemon.UpRequest
-	6,  // 11: daemon.DaemonService.Status:input_type -> daemon.StatusRequest
-	8,  // 12: daemon.DaemonService.Down:input_type -> daemon.DownRequest
-	10, // 13: daemon.DaemonService.GetConfig:input_type -> daemon.GetConfigRequest
-	1,  // 14: daemon.DaemonService.Login:output_type -> daemon.LoginResponse
-	3,  // 15: daemon.DaemonService.WaitSSOLogin:output_type -> daemon.WaitSSOLoginResponse
-	5,  // 16: daemon.DaemonService.Up:output_type -> daemon.UpResponse
-	7,  // 17: daemon.DaemonService.Status:output_type -> daemon.StatusResponse
-	9,  // 18: daemon.DaemonService.Down:output_type -> daemon.DownResponse
-	11, // 19: daemon.DaemonService.GetConfig:output_type -> daemon.GetConfigResponse
-	14, // [14:20] is the sub-list for method output_type
-	8,  // [8:14] is the sub-list for method input_type
-	8,  // [8:8] is the sub-list for extension type_name
-	8,  // [8:8] is the sub-list for extension extendee
-	0,  // [0:8] is the sub-list for field type_name
+	16, // 0: daemon.StatusResponse.fullStatus:type_name -> daemon.FullStatus
+	17, // 1: daemon.PeerState.connStatusUpdate:type_name -> google.protobuf.Timestamp
+	15, // 2: daemon.FullStatus.managementState:type_name -> daemon.ManagementState
+	14, // 3: daemon.FullStatus.signalState:type_name -> daemon.SignalState
+	13, // 4: daemon.FullStatus.localPeerState:type_name -> daemon.LocalPeerState
+	12, // 5: daemon.FullStatus.peers:type_name -> daemon.PeerState
+	0,  // 6: daemon.DaemonService.Login:input_type -> daemon.LoginRequest
+	2,  // 7: daemon.DaemonService.WaitSSOLogin:input_type -> daemon.WaitSSOLoginRequest
+	4,  // 8: daemon.DaemonService.Up:input_type -> daemon.UpRequest
+	6,  // 9: daemon.DaemonService.Status:input_type -> daemon.StatusRequest
+	8,  // 10: daemon.DaemonService.Down:input_type -> daemon.DownRequest
+	10, // 11: daemon.DaemonService.GetConfig:input_type -> daemon.GetConfigRequest
+	1,  // 12: daemon.DaemonService.Login:output_type -> daemon.LoginResponse
+	3,  // 13: daemon.DaemonService.WaitSSOLogin:output_type -> daemon.WaitSSOLoginResponse
+	5,  // 14: daemon.DaemonService.Up:output_type -> daemon.UpResponse
+	7,  // 15: daemon.DaemonService.Status:output_type -> daemon.StatusResponse
+	9,  // 16: daemon.DaemonService.Down:output_type -> daemon.DownResponse
+	11, // 17: daemon.DaemonService.GetConfig:output_type -> daemon.GetConfigResponse
+	12, // [12:18] is the sub-list for method output_type
+	6,  // [6:12] is the sub-list for method input_type
+	6,  // [6:6] is the sub-list for extension type_name
+	6,  // [6:6] is the sub-list for extension extendee
+	0,  // [0:6] is the sub-list for field type_name
 }

 func init() { file_daemon_proto_init() }
@@ -1685,18 +1474,6 @@ func file_daemon_proto_init() {
 			}
 		}
 		file_daemon_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*RelayState); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_daemon_proto_msgTypes[17].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*FullStatus); i {
 			case 0:
 				return &v.state
@@ -1709,14 +1486,13 @@ func file_daemon_proto_init() {
 			}
 		}
 	}
-	file_daemon_proto_msgTypes[0].OneofWrappers = []interface{}{}
 	type x struct{}
 	out := protoimpl.TypeBuilder{
 		File: protoimpl.DescBuilder{
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_daemon_proto_rawDesc,
 			NumEnums:      0,
-			NumMessages:   18,
+			NumMessages:   17,
 			NumExtensions: 0,
 			NumServices:   1,
 		},
--- a/client/proto/daemon.proto
+++ b/client/proto/daemon.proto
@@ -32,9 +32,8 @@ message LoginRequest {
  // setupKey wiretrustee setup key.
  string setupKey = 1;

-  // This is the old PreSharedKey field which will be deprecated in favor of optionalPreSharedKey field that is defined as optional
-  // to allow clearing of preshared key while being able to persist in the config file.
-  string preSharedKey = 2 [deprecated=true];
+  // preSharedKey for wireguard setup.
+  string preSharedKey = 2;

  // managementUrl to authenticate.
  string managementUrl = 3;
@@ -55,14 +54,6 @@ message LoginRequest {
  bool isLinuxDesktopClient = 8;

  string hostname = 9;
-
-  optional bool rosenpassEnabled = 10;
-
-  optional string interfaceName = 11;
-
-  optional int64 wireguardPort = 12;
-
-  optional string optionalPreSharedKey = 13;
 }

 message LoginResponse {
@@ -127,20 +118,15 @@ message PeerState {
  bool relayed = 5;
  bool direct = 6;
  string localIceCandidateType = 7;
-  string remoteIceCandidateType = 8;
+  string remoteIceCandidateType =8;
  string fqdn = 9;
-  string localIceCandidateEndpoint = 10;
-  string remoteIceCandidateEndpoint = 11;
-  google.protobuf.Timestamp lastWireguardHandshake = 12;
-  int64 bytesRx = 13;
-  int64 bytesTx = 14;
 }

 // LocalPeerState contains the latest state of the local peer
 message LocalPeerState {
  string IP = 1;
  string pubKey = 2;
-  bool  kernelInterface = 3;
+  bool  kernelInterface =3;
  string fqdn = 4;
 }

@@ -148,28 +134,17 @@ message LocalPeerState {
 message SignalState {
  string URL = 1;
  bool connected = 2;
-  string error = 3;
 }

 // ManagementState contains the latest state of a management connection
 message ManagementState {
  string URL = 1;
  bool connected = 2;
-  string error = 3;
 }
-
-// RelayState contains the latest state of the relay
-message RelayState {
-  string URI = 1;
-  bool available = 2;
-  string error = 3;
-}
-
 // FullStatus contains the full state held by the Status instance
 message FullStatus {
-  ManagementState managementState = 1;
-  SignalState     signalState = 2;
-  LocalPeerState  localPeerState = 3;
-  repeated PeerState peers = 4;
-  repeated RelayState relays = 5;
+    ManagementState managementState = 1;
+    SignalState     signalState = 2;
+    LocalPeerState  localPeerState = 3;
+    repeated PeerState peers = 4;
 }
--- a/client/proto/generate.sh
+++ b/client/proto/generate.sh
@@ -13,5 +13,5 @@ script_path=$(dirname $(realpath "$0"))
 cd "$script_path"
 go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.26
 go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@v1.1
-protoc -I ./ ./daemon.proto --go_out=../ --go-grpc_out=../ --experimental_allow_proto3_optional
+protoc -I ./ ./daemon.proto --go_out=../ --go-grpc_out=../
 cd "$old_pwd"
--- a/client/server/server.go
+++ b/client/server/server.go
@@ -21,8 +21,6 @@ import (
 	"github.com/netbirdio/netbird/version"
 )

-const probeThreshold = time.Second * 5
-
 // Server for service control.
 type Server struct {
 	rootCtx   context.Context
@@ -39,12 +37,6 @@ type Server struct {
 	proto.UnimplementedDaemonServiceServer

 	statusRecorder *peer.Status
-
-	mgmProbe    *internal.Probe
-	signalProbe *internal.Probe
-	relayProbe  *internal.Probe
-	wgProbe     *internal.Probe
-	lastProbe   time.Time
 }

 type oauthAuthFlow struct {
@@ -61,11 +53,7 @@ func New(ctx context.Context, configPath, logFile string) *Server {
 		latestConfigInput: internal.ConfigInput{
 			ConfigPath: configPath,
 		},
-		logFile:     logFile,
-		mgmProbe:    internal.NewProbe(),
-		signalProbe: internal.NewProbe(),
-		relayProbe:  internal.NewProbe(),
-		wgProbe:     internal.NewProbe(),
+		logFile: logFile,
 	}
 }

@@ -106,7 +94,7 @@ func (s *Server) Start() error {
 	}

 	// if configuration exists, we just start connections.
-	config, _ = internal.UpdateOldManagementURL(ctx, config, s.latestConfigInput.ConfigPath)
+	config, _ = internal.UpdateOldManagementPort(ctx, config, s.latestConfigInput.ConfigPath)

 	s.config = config

@@ -117,7 +105,7 @@ func (s *Server) Start() error {
 	}

 	go func() {
-		if err := internal.RunClientWithProbes(ctx, config, s.statusRecorder, s.mgmProbe, s.signalProbe, s.relayProbe, s.wgProbe); err != nil {
+		if err := internal.RunClient(ctx, config, s.statusRecorder); err != nil {
 			log.Errorf("init connections: %v", err)
 		}
 	}()
@@ -199,27 +187,9 @@ func (s *Server) Login(callerCtx context.Context, msg *proto.LoginRequest) (*pro
 		ctx = context.WithValue(ctx, system.DeviceNameCtxKey, msg.Hostname)
 	}

-	if msg.RosenpassEnabled != nil {
-		inputConfig.RosenpassEnabled = msg.RosenpassEnabled
-		s.latestConfigInput.RosenpassEnabled = msg.RosenpassEnabled
-	}
-
-	if msg.InterfaceName != nil {
-		inputConfig.InterfaceName = msg.InterfaceName
-		s.latestConfigInput.InterfaceName = msg.InterfaceName
-	}
-
-	if msg.WireguardPort != nil {
-		port := int(*msg.WireguardPort)
-		inputConfig.WireguardPort = &port
-		s.latestConfigInput.WireguardPort = &port
-	}
-
 	s.mutex.Unlock()

-	if msg.OptionalPreSharedKey != nil {
-		inputConfig.PreSharedKey = msg.OptionalPreSharedKey
-	}
+	inputConfig.PreSharedKey = &msg.PreSharedKey

 	config, err := internal.UpdateOrCreateConfig(inputConfig)
 	if err != nil {
@@ -227,7 +197,7 @@ func (s *Server) Login(callerCtx context.Context, msg *proto.LoginRequest) (*pro
 	}

 	if msg.ManagementUrl == "" {
-		config, _ = internal.UpdateOldManagementURL(ctx, config, s.latestConfigInput.ConfigPath)
+		config, _ = internal.UpdateOldManagementPort(ctx, config, s.latestConfigInput.ConfigPath)
 		s.config = config
 		s.latestConfigInput.ManagementURL = config.ManagementURL.String()
 	}
@@ -421,7 +391,7 @@ func (s *Server) Up(callerCtx context.Context, _ *proto.UpRequest) (*proto.UpRes
 	}

 	go func() {
-		if err := internal.RunClientWithProbes(ctx, s.config, s.statusRecorder, s.mgmProbe, s.signalProbe, s.relayProbe, s.wgProbe); err != nil {
+		if err := internal.RunClient(ctx, s.config, s.statusRecorder); err != nil {
 			log.Errorf("run client connection: %v", err)
 			return
 		}
@@ -445,7 +415,7 @@ func (s *Server) Down(_ context.Context, _ *proto.DownRequest) (*proto.DownRespo
 	return &proto.DownResponse{}, nil
 }

-// Status returns the daemon status
+// Status starts engine work in the daemon.
 func (s *Server) Status(
 	_ context.Context,
 	msg *proto.StatusRequest,
@@ -467,8 +437,6 @@ func (s *Server) Status(
 	}

 	if msg.GetFullPeerStatus {
-		s.runProbes()
-
 		fullStatus := s.statusRecorder.GetFullStatus()
 		pbFullStatus := toProtoFullStatus(fullStatus)
 		statusResponse.FullStatus = pbFullStatus
@@ -477,20 +445,6 @@ func (s *Server) Status(
 	return &statusResponse, nil
 }

-func (s *Server) runProbes() {
-	if time.Since(s.lastProbe) > probeThreshold {
-		managementHealthy := s.mgmProbe.Probe()
-		signalHealthy := s.signalProbe.Probe()
-		relayHealthy := s.relayProbe.Probe()
-		wgProbe := s.wgProbe.Probe()
-
-		// Update last time only if all probes were successful
-		if managementHealthy && signalHealthy && relayHealthy && wgProbe {
-			s.lastProbe = time.Now()
-		}
-	}
-}
-
 // GetConfig of the daemon.
 func (s *Server) GetConfig(_ context.Context, _ *proto.GetConfigRequest) (*proto.GetConfigResponse, error) {
 	s.mutex.Lock()
@@ -531,20 +485,13 @@ func toProtoFullStatus(fullStatus peer.FullStatus) *proto.FullStatus {
 		SignalState:     &proto.SignalState{},
 		LocalPeerState:  &proto.LocalPeerState{},
 		Peers:           []*proto.PeerState{},
-		Relays:          []*proto.RelayState{},
 	}

 	pbFullStatus.ManagementState.URL = fullStatus.ManagementState.URL
 	pbFullStatus.ManagementState.Connected = fullStatus.ManagementState.Connected
-	if err := fullStatus.ManagementState.Error; err != nil {
-		pbFullStatus.ManagementState.Error = err.Error()
-	}

 	pbFullStatus.SignalState.URL = fullStatus.SignalState.URL
 	pbFullStatus.SignalState.Connected = fullStatus.SignalState.Connected
-	if err := fullStatus.SignalState.Error; err != nil {
-		pbFullStatus.SignalState.Error = err.Error()
-	}

 	pbFullStatus.LocalPeerState.IP = fullStatus.LocalPeerState.IP
 	pbFullStatus.LocalPeerState.PubKey = fullStatus.LocalPeerState.PubKey
@@ -553,34 +500,17 @@ func toProtoFullStatus(fullStatus peer.FullStatus) *proto.FullStatus {

 	for _, peerState := range fullStatus.Peers {
 		pbPeerState := &proto.PeerState{
-			IP:                         peerState.IP,
-			PubKey:                     peerState.PubKey,
-			ConnStatus:                 peerState.ConnStatus.String(),
-			ConnStatusUpdate:           timestamppb.New(peerState.ConnStatusUpdate),
-			Relayed:                    peerState.Relayed,
-			Direct:                     peerState.Direct,
-			LocalIceCandidateType:      peerState.LocalIceCandidateType,
-			RemoteIceCandidateType:     peerState.RemoteIceCandidateType,
-			LocalIceCandidateEndpoint:  peerState.LocalIceCandidateEndpoint,
-			RemoteIceCandidateEndpoint: peerState.RemoteIceCandidateEndpoint,
-			Fqdn:                       peerState.FQDN,
-			LastWireguardHandshake:     timestamppb.New(peerState.LastWireguardHandshake),
-			BytesRx:                    peerState.BytesRx,
-			BytesTx:                    peerState.BytesTx,
+			IP:                     peerState.IP,
+			PubKey:                 peerState.PubKey,
+			ConnStatus:             peerState.ConnStatus.String(),
+			ConnStatusUpdate:       timestamppb.New(peerState.ConnStatusUpdate),
+			Relayed:                peerState.Relayed,
+			Direct:                 peerState.Direct,
+			LocalIceCandidateType:  peerState.LocalIceCandidateType,
+			RemoteIceCandidateType: peerState.RemoteIceCandidateType,
+			Fqdn:                   peerState.FQDN,
 		}
 		pbFullStatus.Peers = append(pbFullStatus.Peers, pbPeerState)
 	}
-
-	for _, relayState := range fullStatus.Relays {
-		pbRelayState := &proto.RelayState{
-			URI:       relayState.URI.String(),
-			Available: relayState.Err == nil,
-		}
-		if err := relayState.Err; err != nil {
-			pbRelayState.Error = err.Error()
-		}
-		pbFullStatus.Relays = append(pbFullStatus.Relays, pbRelayState)
-	}
-
 	return &pbFullStatus
 }
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Zoltan Papp	0c4c2a8cb2	Listen on all address	2023-12-13 22:39:12 +01:00
Zoltan Papp	9c6c944e46	Add socks5 proxy	2023-12-13 16:58:31 +01:00
Zoltan Papp	cec4232860	Netstack poc	2023-12-12 17:35:16 +01:00